1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Copyright (c) University of Cambridge 1995 - 2018 */
6 /* See the file NOTICE for conditions of use and distribution. */
9 /* Functions for handling string expansion. */
14 /* Recursively called function */
16 static uschar *expand_string_internal(const uschar *, BOOL, const uschar **, BOOL, BOOL, BOOL *);
17 static int_eximarith_t expanded_string_integer(const uschar *, BOOL);
20 # ifndef SUPPORT_CRYPTEQ
21 # define SUPPORT_CRYPTEQ
26 # include "lookups/ldap.h"
29 #ifdef SUPPORT_CRYPTEQ
34 extern char* crypt16(char*, char*);
38 /* The handling of crypt16() is a mess. I will record below the analysis of the
39 mess that was sent to me. We decided, however, to make changing this very low
40 priority, because in practice people are moving away from the crypt()
41 algorithms nowadays, so it doesn't seem worth it.
44 There is an algorithm named "crypt16" in Ultrix and Tru64. It crypts
45 the first 8 characters of the password using a 20-round version of crypt
46 (standard crypt does 25 rounds). It then crypts the next 8 characters,
47 or an empty block if the password is less than 9 characters, using a
48 20-round version of crypt and the same salt as was used for the first
49 block. Characters after the first 16 are ignored. It always generates
50 a 16-byte hash, which is expressed together with the salt as a string
51 of 24 base 64 digits. Here are some links to peruse:
53 http://cvs.pld.org.pl/pam/pamcrypt/crypt16.c?rev=1.2
54 http://seclists.org/bugtraq/1999/Mar/0076.html
56 There's a different algorithm named "bigcrypt" in HP-UX, Digital Unix,
57 and OSF/1. This is the same as the standard crypt if given a password
58 of 8 characters or less. If given more, it first does the same as crypt
59 using the first 8 characters, then crypts the next 8 (the 9th to 16th)
60 using as salt the first two base 64 digits from the first hash block.
61 If the password is more than 16 characters then it crypts the 17th to 24th
62 characters using as salt the first two base 64 digits from the second hash
63 block. And so on: I've seen references to it cutting off the password at
64 40 characters (5 blocks), 80 (10 blocks), or 128 (16 blocks). Some links:
66 http://cvs.pld.org.pl/pam/pamcrypt/bigcrypt.c?rev=1.2
67 http://seclists.org/bugtraq/1999/Mar/0109.html
68 http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/HTML/AA-Q0R2D-
69 TET1_html/sec.c222.html#no_id_208
71 Exim has something it calls "crypt16". It will either use a native
72 crypt16 or its own implementation. A native crypt16 will presumably
73 be the one that I called "crypt16" above. The internal "crypt16"
74 function, however, is a two-block-maximum implementation of what I called
75 "bigcrypt". The documentation matches the internal code.
77 I suspect that whoever did the "crypt16" stuff for Exim didn't realise
78 that crypt16 and bigcrypt were different things.
80 Exim uses the LDAP-style scheme identifier "{crypt16}" to refer
81 to whatever it is using under that name. This unfortunately sets a
82 precedent for using "{crypt16}" to identify two incompatible algorithms
83 whose output can't be distinguished. With "{crypt16}" thus rendered
84 ambiguous, I suggest you deprecate it and invent two new identifiers
85 for the two algorithms.
87 Both crypt16 and bigcrypt are very poor algorithms, btw. Hashing parts
88 of the password separately means they can be cracked separately, so
89 the double-length hash only doubles the cracking effort instead of
90 squaring it. I recommend salted SHA-1 ({SSHA}), or the Blowfish-based
97 /*************************************************
98 * Local statics and tables *
99 *************************************************/
101 /* Table of item names, and corresponding switch numbers. The names must be in
102 alphabetical order. */
104 static uschar *item_table[] = {
166 /* Tables of operator names, and corresponding switch numbers. The names must be
167 in alphabetical order. There are two tables, because underscore is used in some
168 cases to introduce arguments, whereas for other it is part of the name. This is
169 an historical mis-design. */
171 static uschar *op_table_underscore[] = {
174 US"quote_local_part",
179 ,US"utf8_domain_from_alabel",
180 US"utf8_domain_to_alabel",
181 US"utf8_localpart_from_alabel",
182 US"utf8_localpart_to_alabel"
189 EOP_QUOTE_LOCAL_PART,
194 ,EOP_UTF8_DOMAIN_FROM_ALABEL,
195 EOP_UTF8_DOMAIN_TO_ALABEL,
196 EOP_UTF8_LOCALPART_FROM_ALABEL,
197 EOP_UTF8_LOCALPART_TO_ALABEL
201 static uschar *op_table_main[] = {
248 EOP_ADDRESS = nelem(op_table_underscore),
294 /* Table of condition names, and corresponding switch numbers. The names must
295 be in alphabetical order. */
297 static uschar *cond_table[] = {
301 US"==", /* Backward compatibility */
338 US"match_local_part",
363 ECOND_FIRST_DELIVERY,
388 ECOND_MATCH_LOCAL_PART,
398 /* Types of table entry */
401 vtype_int, /* value is address of int */
402 vtype_filter_int, /* ditto, but recognized only when filtering */
403 vtype_ino, /* value is address of ino_t (not always an int) */
404 vtype_uid, /* value is address of uid_t (not always an int) */
405 vtype_gid, /* value is address of gid_t (not always an int) */
406 vtype_bool, /* value is address of bool */
407 vtype_stringptr, /* value is address of pointer to string */
408 vtype_msgbody, /* as stringptr, but read when first required */
409 vtype_msgbody_end, /* ditto, the end of the message */
410 vtype_msgheaders, /* the message's headers, processed */
411 vtype_msgheaders_raw, /* the message's headers, unprocessed */
412 vtype_localpart, /* extract local part from string */
413 vtype_domain, /* extract domain from string */
414 vtype_string_func, /* value is string returned by given function */
415 vtype_todbsdin, /* value not used; generate BSD inbox tod */
416 vtype_tode, /* value not used; generate tod in epoch format */
417 vtype_todel, /* value not used; generate tod in epoch/usec format */
418 vtype_todf, /* value not used; generate full tod */
419 vtype_todl, /* value not used; generate log tod */
420 vtype_todlf, /* value not used; generate log file datestamp tod */
421 vtype_todzone, /* value not used; generate time zone only */
422 vtype_todzulu, /* value not used; generate zulu tod */
423 vtype_reply, /* value not used; get reply from headers */
424 vtype_pid, /* value not used; result is pid */
425 vtype_host_lookup, /* value not used; get host name */
426 vtype_load_avg, /* value not used; result is int from os_getloadavg */
427 vtype_pspace, /* partition space; value is T/F for spool/log */
428 vtype_pinodes, /* partition inodes; value is T/F for spool/log */
429 vtype_cert /* SSL certificate */
431 ,vtype_dkim /* Lookup of value in DKIM signature */
435 /* Type for main variable table */
443 /* Type for entries pointing to address/length pairs. Not currently
451 static uschar * fn_recipients(void);
453 /* This table must be kept in alphabetical order. */
455 static var_entry var_table[] = {
456 /* WARNING: Do not invent variables whose names start acl_c or acl_m because
457 they will be confused with user-creatable ACL variables. */
458 { "acl_arg1", vtype_stringptr, &acl_arg[0] },
459 { "acl_arg2", vtype_stringptr, &acl_arg[1] },
460 { "acl_arg3", vtype_stringptr, &acl_arg[2] },
461 { "acl_arg4", vtype_stringptr, &acl_arg[3] },
462 { "acl_arg5", vtype_stringptr, &acl_arg[4] },
463 { "acl_arg6", vtype_stringptr, &acl_arg[5] },
464 { "acl_arg7", vtype_stringptr, &acl_arg[6] },
465 { "acl_arg8", vtype_stringptr, &acl_arg[7] },
466 { "acl_arg9", vtype_stringptr, &acl_arg[8] },
467 { "acl_narg", vtype_int, &acl_narg },
468 { "acl_verify_message", vtype_stringptr, &acl_verify_message },
469 { "address_data", vtype_stringptr, &deliver_address_data },
470 { "address_file", vtype_stringptr, &address_file },
471 { "address_pipe", vtype_stringptr, &address_pipe },
472 #ifdef EXPERIMENTAL_ARC
473 { "arc_domains", vtype_string_func, &fn_arc_domains },
474 { "arc_oldest_pass", vtype_int, &arc_oldest_pass },
475 { "arc_state", vtype_stringptr, &arc_state },
476 { "arc_state_reason", vtype_stringptr, &arc_state_reason },
478 { "authenticated_fail_id",vtype_stringptr, &authenticated_fail_id },
479 { "authenticated_id", vtype_stringptr, &authenticated_id },
480 { "authenticated_sender",vtype_stringptr, &authenticated_sender },
481 { "authentication_failed",vtype_int, &authentication_failed },
482 #ifdef WITH_CONTENT_SCAN
483 { "av_failed", vtype_int, &av_failed },
485 #ifdef EXPERIMENTAL_BRIGHTMAIL
486 { "bmi_alt_location", vtype_stringptr, &bmi_alt_location },
487 { "bmi_base64_tracker_verdict", vtype_stringptr, &bmi_base64_tracker_verdict },
488 { "bmi_base64_verdict", vtype_stringptr, &bmi_base64_verdict },
489 { "bmi_deliver", vtype_int, &bmi_deliver },
491 { "body_linecount", vtype_int, &body_linecount },
492 { "body_zerocount", vtype_int, &body_zerocount },
493 { "bounce_recipient", vtype_stringptr, &bounce_recipient },
494 { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit },
495 { "caller_gid", vtype_gid, &real_gid },
496 { "caller_uid", vtype_uid, &real_uid },
497 { "callout_address", vtype_stringptr, &callout_address },
498 { "compile_date", vtype_stringptr, &version_date },
499 { "compile_number", vtype_stringptr, &version_cnumber },
500 { "config_dir", vtype_stringptr, &config_main_directory },
501 { "config_file", vtype_stringptr, &config_main_filename },
502 { "csa_status", vtype_stringptr, &csa_status },
503 #ifdef EXPERIMENTAL_DCC
504 { "dcc_header", vtype_stringptr, &dcc_header },
505 { "dcc_result", vtype_stringptr, &dcc_result },
508 { "dkim_algo", vtype_dkim, (void *)DKIM_ALGO },
509 { "dkim_bodylength", vtype_dkim, (void *)DKIM_BODYLENGTH },
510 { "dkim_canon_body", vtype_dkim, (void *)DKIM_CANON_BODY },
511 { "dkim_canon_headers", vtype_dkim, (void *)DKIM_CANON_HEADERS },
512 { "dkim_copiedheaders", vtype_dkim, (void *)DKIM_COPIEDHEADERS },
513 { "dkim_created", vtype_dkim, (void *)DKIM_CREATED },
514 { "dkim_cur_signer", vtype_stringptr, &dkim_cur_signer },
515 { "dkim_domain", vtype_stringptr, &dkim_signing_domain },
516 { "dkim_expires", vtype_dkim, (void *)DKIM_EXPIRES },
517 { "dkim_headernames", vtype_dkim, (void *)DKIM_HEADERNAMES },
518 { "dkim_identity", vtype_dkim, (void *)DKIM_IDENTITY },
519 { "dkim_key_granularity",vtype_dkim, (void *)DKIM_KEY_GRANULARITY },
520 { "dkim_key_length", vtype_int, &dkim_key_length },
521 { "dkim_key_nosubdomains",vtype_dkim, (void *)DKIM_NOSUBDOMAINS },
522 { "dkim_key_notes", vtype_dkim, (void *)DKIM_KEY_NOTES },
523 { "dkim_key_srvtype", vtype_dkim, (void *)DKIM_KEY_SRVTYPE },
524 { "dkim_key_testing", vtype_dkim, (void *)DKIM_KEY_TESTING },
525 { "dkim_selector", vtype_stringptr, &dkim_signing_selector },
526 { "dkim_signers", vtype_stringptr, &dkim_signers },
527 { "dkim_verify_reason", vtype_stringptr, &dkim_verify_reason },
528 { "dkim_verify_status", vtype_stringptr, &dkim_verify_status },
530 #ifdef EXPERIMENTAL_DMARC
531 { "dmarc_domain_policy", vtype_stringptr, &dmarc_domain_policy },
532 { "dmarc_status", vtype_stringptr, &dmarc_status },
533 { "dmarc_status_text", vtype_stringptr, &dmarc_status_text },
534 { "dmarc_used_domain", vtype_stringptr, &dmarc_used_domain },
536 { "dnslist_domain", vtype_stringptr, &dnslist_domain },
537 { "dnslist_matched", vtype_stringptr, &dnslist_matched },
538 { "dnslist_text", vtype_stringptr, &dnslist_text },
539 { "dnslist_value", vtype_stringptr, &dnslist_value },
540 { "domain", vtype_stringptr, &deliver_domain },
541 { "domain_data", vtype_stringptr, &deliver_domain_data },
542 #ifndef DISABLE_EVENT
543 { "event_data", vtype_stringptr, &event_data },
545 /*XXX want to use generic vars for as many of these as possible*/
546 { "event_defer_errno", vtype_int, &event_defer_errno },
548 { "event_name", vtype_stringptr, &event_name },
550 { "exim_gid", vtype_gid, &exim_gid },
551 { "exim_path", vtype_stringptr, &exim_path },
552 { "exim_uid", vtype_uid, &exim_uid },
553 { "exim_version", vtype_stringptr, &version_string },
554 { "headers_added", vtype_string_func, &fn_hdrs_added },
555 { "home", vtype_stringptr, &deliver_home },
556 { "host", vtype_stringptr, &deliver_host },
557 { "host_address", vtype_stringptr, &deliver_host_address },
558 { "host_data", vtype_stringptr, &host_data },
559 { "host_lookup_deferred",vtype_int, &host_lookup_deferred },
560 { "host_lookup_failed", vtype_int, &host_lookup_failed },
561 { "host_port", vtype_int, &deliver_host_port },
562 { "initial_cwd", vtype_stringptr, &initial_cwd },
563 { "inode", vtype_ino, &deliver_inode },
564 { "interface_address", vtype_stringptr, &interface_address },
565 { "interface_port", vtype_int, &interface_port },
566 { "item", vtype_stringptr, &iterate_item },
568 { "ldap_dn", vtype_stringptr, &eldap_dn },
570 { "load_average", vtype_load_avg, NULL },
571 { "local_part", vtype_stringptr, &deliver_localpart },
572 { "local_part_data", vtype_stringptr, &deliver_localpart_data },
573 { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix },
574 { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
575 #ifdef HAVE_LOCAL_SCAN
576 { "local_scan_data", vtype_stringptr, &local_scan_data },
578 { "local_user_gid", vtype_gid, &local_user_gid },
579 { "local_user_uid", vtype_uid, &local_user_uid },
580 { "localhost_number", vtype_int, &host_number },
581 { "log_inodes", vtype_pinodes, (void *)FALSE },
582 { "log_space", vtype_pspace, (void *)FALSE },
583 { "lookup_dnssec_authenticated",vtype_stringptr,&lookup_dnssec_authenticated},
584 { "mailstore_basename", vtype_stringptr, &mailstore_basename },
585 #ifdef WITH_CONTENT_SCAN
586 { "malware_name", vtype_stringptr, &malware_name },
588 { "max_received_linelength", vtype_int, &max_received_linelength },
589 { "message_age", vtype_int, &message_age },
590 { "message_body", vtype_msgbody, &message_body },
591 { "message_body_end", vtype_msgbody_end, &message_body_end },
592 { "message_body_size", vtype_int, &message_body_size },
593 { "message_exim_id", vtype_stringptr, &message_id },
594 { "message_headers", vtype_msgheaders, NULL },
595 { "message_headers_raw", vtype_msgheaders_raw, NULL },
596 { "message_id", vtype_stringptr, &message_id },
597 { "message_linecount", vtype_int, &message_linecount },
598 { "message_size", vtype_int, &message_size },
600 { "message_smtputf8", vtype_bool, &message_smtputf8 },
602 #ifdef WITH_CONTENT_SCAN
603 { "mime_anomaly_level", vtype_int, &mime_anomaly_level },
604 { "mime_anomaly_text", vtype_stringptr, &mime_anomaly_text },
605 { "mime_boundary", vtype_stringptr, &mime_boundary },
606 { "mime_charset", vtype_stringptr, &mime_charset },
607 { "mime_content_description", vtype_stringptr, &mime_content_description },
608 { "mime_content_disposition", vtype_stringptr, &mime_content_disposition },
609 { "mime_content_id", vtype_stringptr, &mime_content_id },
610 { "mime_content_size", vtype_int, &mime_content_size },
611 { "mime_content_transfer_encoding",vtype_stringptr, &mime_content_transfer_encoding },
612 { "mime_content_type", vtype_stringptr, &mime_content_type },
613 { "mime_decoded_filename", vtype_stringptr, &mime_decoded_filename },
614 { "mime_filename", vtype_stringptr, &mime_filename },
615 { "mime_is_coverletter", vtype_int, &mime_is_coverletter },
616 { "mime_is_multipart", vtype_int, &mime_is_multipart },
617 { "mime_is_rfc822", vtype_int, &mime_is_rfc822 },
618 { "mime_part_count", vtype_int, &mime_part_count },
620 { "n0", vtype_filter_int, &filter_n[0] },
621 { "n1", vtype_filter_int, &filter_n[1] },
622 { "n2", vtype_filter_int, &filter_n[2] },
623 { "n3", vtype_filter_int, &filter_n[3] },
624 { "n4", vtype_filter_int, &filter_n[4] },
625 { "n5", vtype_filter_int, &filter_n[5] },
626 { "n6", vtype_filter_int, &filter_n[6] },
627 { "n7", vtype_filter_int, &filter_n[7] },
628 { "n8", vtype_filter_int, &filter_n[8] },
629 { "n9", vtype_filter_int, &filter_n[9] },
630 { "original_domain", vtype_stringptr, &deliver_domain_orig },
631 { "original_local_part", vtype_stringptr, &deliver_localpart_orig },
632 { "originator_gid", vtype_gid, &originator_gid },
633 { "originator_uid", vtype_uid, &originator_uid },
634 { "parent_domain", vtype_stringptr, &deliver_domain_parent },
635 { "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
636 { "pid", vtype_pid, NULL },
638 { "prdr_requested", vtype_bool, &prdr_requested },
640 { "primary_hostname", vtype_stringptr, &primary_hostname },
641 #if defined(SUPPORT_PROXY) || defined(SUPPORT_SOCKS)
642 { "proxy_external_address",vtype_stringptr, &proxy_external_address },
643 { "proxy_external_port", vtype_int, &proxy_external_port },
644 { "proxy_local_address", vtype_stringptr, &proxy_local_address },
645 { "proxy_local_port", vtype_int, &proxy_local_port },
646 { "proxy_session", vtype_bool, &proxy_session },
648 { "prvscheck_address", vtype_stringptr, &prvscheck_address },
649 { "prvscheck_keynum", vtype_stringptr, &prvscheck_keynum },
650 { "prvscheck_result", vtype_stringptr, &prvscheck_result },
651 { "qualify_domain", vtype_stringptr, &qualify_domain_sender },
652 { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
653 { "queue_name", vtype_stringptr, &queue_name },
654 { "rcpt_count", vtype_int, &rcpt_count },
655 { "rcpt_defer_count", vtype_int, &rcpt_defer_count },
656 { "rcpt_fail_count", vtype_int, &rcpt_fail_count },
657 { "received_count", vtype_int, &received_count },
658 { "received_for", vtype_stringptr, &received_for },
659 { "received_ip_address", vtype_stringptr, &interface_address },
660 { "received_port", vtype_int, &interface_port },
661 { "received_protocol", vtype_stringptr, &received_protocol },
662 { "received_time", vtype_int, &received_time.tv_sec },
663 { "recipient_data", vtype_stringptr, &recipient_data },
664 { "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
665 { "recipients", vtype_string_func, &fn_recipients },
666 { "recipients_count", vtype_int, &recipients_count },
667 #ifdef WITH_CONTENT_SCAN
668 { "regex_match_string", vtype_stringptr, ®ex_match_string },
670 { "reply_address", vtype_reply, NULL },
671 { "return_path", vtype_stringptr, &return_path },
672 { "return_size_limit", vtype_int, &bounce_return_size_limit },
673 { "router_name", vtype_stringptr, &router_name },
674 { "runrc", vtype_int, &runrc },
675 { "self_hostname", vtype_stringptr, &self_hostname },
676 { "sender_address", vtype_stringptr, &sender_address },
677 { "sender_address_data", vtype_stringptr, &sender_address_data },
678 { "sender_address_domain", vtype_domain, &sender_address },
679 { "sender_address_local_part", vtype_localpart, &sender_address },
680 { "sender_data", vtype_stringptr, &sender_data },
681 { "sender_fullhost", vtype_stringptr, &sender_fullhost },
682 { "sender_helo_dnssec", vtype_bool, &sender_helo_dnssec },
683 { "sender_helo_name", vtype_stringptr, &sender_helo_name },
684 { "sender_host_address", vtype_stringptr, &sender_host_address },
685 { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
686 { "sender_host_dnssec", vtype_bool, &sender_host_dnssec },
687 { "sender_host_name", vtype_host_lookup, NULL },
688 { "sender_host_port", vtype_int, &sender_host_port },
689 { "sender_ident", vtype_stringptr, &sender_ident },
690 { "sender_rate", vtype_stringptr, &sender_rate },
691 { "sender_rate_limit", vtype_stringptr, &sender_rate_limit },
692 { "sender_rate_period", vtype_stringptr, &sender_rate_period },
693 { "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
694 { "sender_verify_failure",vtype_stringptr, &sender_verify_failure },
695 { "sending_ip_address", vtype_stringptr, &sending_ip_address },
696 { "sending_port", vtype_int, &sending_port },
697 { "smtp_active_hostname", vtype_stringptr, &smtp_active_hostname },
698 { "smtp_command", vtype_stringptr, &smtp_cmd_buffer },
699 { "smtp_command_argument", vtype_stringptr, &smtp_cmd_argument },
700 { "smtp_command_history", vtype_string_func, &smtp_cmd_hist },
701 { "smtp_count_at_connection_start", vtype_int, &smtp_accept_count },
702 { "smtp_notquit_reason", vtype_stringptr, &smtp_notquit_reason },
703 { "sn0", vtype_filter_int, &filter_sn[0] },
704 { "sn1", vtype_filter_int, &filter_sn[1] },
705 { "sn2", vtype_filter_int, &filter_sn[2] },
706 { "sn3", vtype_filter_int, &filter_sn[3] },
707 { "sn4", vtype_filter_int, &filter_sn[4] },
708 { "sn5", vtype_filter_int, &filter_sn[5] },
709 { "sn6", vtype_filter_int, &filter_sn[6] },
710 { "sn7", vtype_filter_int, &filter_sn[7] },
711 { "sn8", vtype_filter_int, &filter_sn[8] },
712 { "sn9", vtype_filter_int, &filter_sn[9] },
713 #ifdef WITH_CONTENT_SCAN
714 { "spam_action", vtype_stringptr, &spam_action },
715 { "spam_bar", vtype_stringptr, &spam_bar },
716 { "spam_report", vtype_stringptr, &spam_report },
717 { "spam_score", vtype_stringptr, &spam_score },
718 { "spam_score_int", vtype_stringptr, &spam_score_int },
721 { "spf_guess", vtype_stringptr, &spf_guess },
722 { "spf_header_comment", vtype_stringptr, &spf_header_comment },
723 { "spf_received", vtype_stringptr, &spf_received },
724 { "spf_result", vtype_stringptr, &spf_result },
725 { "spf_result_guessed", vtype_bool, &spf_result_guessed },
726 { "spf_smtp_comment", vtype_stringptr, &spf_smtp_comment },
728 { "spool_directory", vtype_stringptr, &spool_directory },
729 { "spool_inodes", vtype_pinodes, (void *)TRUE },
730 { "spool_space", vtype_pspace, (void *)TRUE },
731 #ifdef EXPERIMENTAL_SRS
732 { "srs_db_address", vtype_stringptr, &srs_db_address },
733 { "srs_db_key", vtype_stringptr, &srs_db_key },
734 { "srs_orig_recipient", vtype_stringptr, &srs_orig_recipient },
735 { "srs_orig_sender", vtype_stringptr, &srs_orig_sender },
736 { "srs_recipient", vtype_stringptr, &srs_recipient },
737 { "srs_status", vtype_stringptr, &srs_status },
739 { "thisaddress", vtype_stringptr, &filter_thisaddress },
741 /* The non-(in,out) variables are now deprecated */
742 { "tls_bits", vtype_int, &tls_in.bits },
743 { "tls_certificate_verified", vtype_int, &tls_in.certificate_verified },
744 { "tls_cipher", vtype_stringptr, &tls_in.cipher },
746 { "tls_in_bits", vtype_int, &tls_in.bits },
747 { "tls_in_certificate_verified", vtype_int, &tls_in.certificate_verified },
748 { "tls_in_cipher", vtype_stringptr, &tls_in.cipher },
749 { "tls_in_cipher_std", vtype_stringptr, &tls_in.cipher_stdname },
750 { "tls_in_ocsp", vtype_int, &tls_in.ocsp },
751 { "tls_in_ourcert", vtype_cert, &tls_in.ourcert },
752 { "tls_in_peercert", vtype_cert, &tls_in.peercert },
753 { "tls_in_peerdn", vtype_stringptr, &tls_in.peerdn },
754 #if defined(SUPPORT_TLS)
755 { "tls_in_sni", vtype_stringptr, &tls_in.sni },
757 { "tls_out_bits", vtype_int, &tls_out.bits },
758 { "tls_out_certificate_verified", vtype_int,&tls_out.certificate_verified },
759 { "tls_out_cipher", vtype_stringptr, &tls_out.cipher },
760 { "tls_out_cipher_std", vtype_stringptr, &tls_out.cipher_stdname },
762 { "tls_out_dane", vtype_bool, &tls_out.dane_verified },
764 { "tls_out_ocsp", vtype_int, &tls_out.ocsp },
765 { "tls_out_ourcert", vtype_cert, &tls_out.ourcert },
766 { "tls_out_peercert", vtype_cert, &tls_out.peercert },
767 { "tls_out_peerdn", vtype_stringptr, &tls_out.peerdn },
768 #if defined(SUPPORT_TLS)
769 { "tls_out_sni", vtype_stringptr, &tls_out.sni },
772 { "tls_out_tlsa_usage", vtype_int, &tls_out.tlsa_usage },
775 { "tls_peerdn", vtype_stringptr, &tls_in.peerdn }, /* mind the alphabetical order! */
776 #if defined(SUPPORT_TLS)
777 { "tls_sni", vtype_stringptr, &tls_in.sni }, /* mind the alphabetical order! */
780 { "tod_bsdinbox", vtype_todbsdin, NULL },
781 { "tod_epoch", vtype_tode, NULL },
782 { "tod_epoch_l", vtype_todel, NULL },
783 { "tod_full", vtype_todf, NULL },
784 { "tod_log", vtype_todl, NULL },
785 { "tod_logfile", vtype_todlf, NULL },
786 { "tod_zone", vtype_todzone, NULL },
787 { "tod_zulu", vtype_todzulu, NULL },
788 { "transport_name", vtype_stringptr, &transport_name },
789 { "value", vtype_stringptr, &lookup_value },
790 { "verify_mode", vtype_stringptr, &verify_mode },
791 { "version_number", vtype_stringptr, &version_string },
792 { "warn_message_delay", vtype_stringptr, &warnmsg_delay },
793 { "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
794 { "warn_message_recipients",vtype_stringptr,&warnmsg_recipients },
795 { "warnmsg_delay", vtype_stringptr, &warnmsg_delay },
796 { "warnmsg_recipient", vtype_stringptr, &warnmsg_recipients },
797 { "warnmsg_recipients", vtype_stringptr, &warnmsg_recipients }
800 static int var_table_size = nelem(var_table);
801 static uschar var_buffer[256];
802 static BOOL malformed_header;
804 /* For textual hashes */
806 static const char *hashcodes = "abcdefghijklmnopqrtsuvwxyz"
807 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
810 enum { HMAC_MD5, HMAC_SHA1 };
812 /* For numeric hashes */
814 static unsigned int prime[] = {
815 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
816 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
817 73, 79, 83, 89, 97, 101, 103, 107, 109, 113};
819 /* For printing modes in symbolic form */
821 static uschar *mtable_normal[] =
822 { US"---", US"--x", US"-w-", US"-wx", US"r--", US"r-x", US"rw-", US"rwx" };
824 static uschar *mtable_setid[] =
825 { US"--S", US"--s", US"-wS", US"-ws", US"r-S", US"r-s", US"rwS", US"rws" };
827 static uschar *mtable_sticky[] =
828 { US"--T", US"--t", US"-wT", US"-wt", US"r-T", US"r-t", US"rwT", US"rwt" };
830 /* flags for find_header() */
831 #define FH_EXISTS_ONLY BIT(0)
832 #define FH_WANT_RAW BIT(1)
833 #define FH_WANT_LIST BIT(2)
836 /*************************************************
837 * Tables for UTF-8 support *
838 *************************************************/
840 /* Table of the number of extra characters, indexed by the first character
841 masked with 0x3f. The highest number for a valid UTF-8 character is in fact
844 static uschar utf8_table1[] = {
845 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
846 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
847 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
848 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
850 /* These are the masks for the data bits in the first byte of a character,
851 indexed by the number of additional bytes. */
853 static int utf8_table2[] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
855 /* Get the next UTF-8 character, advancing the pointer. */
857 #define GETUTF8INC(c, ptr) \
859 if ((c & 0xc0) == 0xc0) \
861 int a = utf8_table1[c & 0x3f]; /* Number of additional bytes */ \
863 c = (c & utf8_table2[a]) << s; \
867 c |= (*ptr++ & 0x3f) << s; \
873 static uschar * base32_chars = US"abcdefghijklmnopqrstuvwxyz234567";
875 /*************************************************
876 * Binary chop search on a table *
877 *************************************************/
879 /* This is used for matching expansion items and operators.
882 name the name that is being sought
883 table the table to search
884 table_size the number of items in the table
886 Returns: the offset in the table, or -1
890 chop_match(uschar *name, uschar **table, int table_size)
892 uschar **bot = table;
893 uschar **top = table + table_size;
897 uschar **mid = bot + (top - bot)/2;
898 int c = Ustrcmp(name, *mid);
899 if (c == 0) return mid - table;
900 if (c > 0) bot = mid + 1; else top = mid;
908 /*************************************************
909 * Check a condition string *
910 *************************************************/
912 /* This function is called to expand a string, and test the result for a "true"
913 or "false" value. Failure of the expansion yields FALSE; logged unless it was a
914 forced fail or lookup defer.
916 We used to release all store used, but this is not not safe due
917 to ${dlfunc } and ${acl }. In any case expand_string_internal()
918 is reasonably careful to release what it can.
920 The actual false-value tests should be replicated for ECOND_BOOL_LAX.
923 condition the condition string
924 m1 text to be incorporated in panic error
927 Returns: TRUE if condition is met, FALSE if not
931 expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
934 uschar *ss = expand_string(condition);
937 if (!f.expand_string_forcedfail && !f.search_find_defer)
938 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" "
939 "for %s %s: %s", condition, m1, m2, expand_string_message);
942 rc = ss[0] != 0 && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
943 strcmpic(ss, US"false") != 0;
950 /*************************************************
951 * Pseudo-random number generation *
952 *************************************************/
954 /* Pseudo-random number generation. The result is not "expected" to be
955 cryptographically strong but not so weak that someone will shoot themselves
956 in the foot using it as a nonce in some email header scheme or whatever
957 weirdness they'll twist this into. The result should ideally handle fork().
959 However, if we're stuck unable to provide this, then we'll fall back to
960 appallingly bad randomness.
962 If SUPPORT_TLS is defined then this will not be used except as an emergency
967 Returns a random number in range [0, max-1]
971 # define vaguely_random_number vaguely_random_number_fallback
974 vaguely_random_number(int max)
977 # undef vaguely_random_number
979 static pid_t pid = 0;
982 if ((p2 = getpid()) != pid)
987 #ifdef HAVE_ARC4RANDOM
988 /* cryptographically strong randomness, common on *BSD platforms, not
989 so much elsewhere. Alas. */
990 # ifndef NOT_HAVE_ARC4RANDOM_STIR
993 #elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
994 # ifdef HAVE_SRANDOMDEV
995 /* uses random(4) for seeding */
1000 gettimeofday(&tv, NULL);
1001 srandom(tv.tv_sec | tv.tv_usec | getpid());
1005 /* Poor randomness and no seeding here */
1012 #ifdef HAVE_ARC4RANDOM
1013 return arc4random() % max;
1014 #elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
1015 return random() % max;
1017 /* This one returns a 16-bit number, definitely not crypto-strong */
1018 return random_number(max);
1025 /*************************************************
1026 * Pick out a name from a string *
1027 *************************************************/
1029 /* If the name is too long, it is silently truncated.
1032 name points to a buffer into which to put the name
1033 max is the length of the buffer
1034 s points to the first alphabetic character of the name
1035 extras chars other than alphanumerics to permit
1037 Returns: pointer to the first character after the name
1039 Note: The test for *s != 0 in the while loop is necessary because
1040 Ustrchr() yields non-NULL if the character is zero (which is not something
1043 static const uschar *
1044 read_name(uschar *name, int max, const uschar *s, uschar *extras)
1047 while (*s != 0 && (isalnum(*s) || Ustrchr(extras, *s) != NULL))
1049 if (ptr < max-1) name[ptr++] = *s;
1058 /*************************************************
1059 * Pick out the rest of a header name *
1060 *************************************************/
1062 /* A variable name starting $header_ (or just $h_ for those who like
1063 abbreviations) might not be the complete header name because headers can
1064 contain any printing characters in their names, except ':'. This function is
1065 called to read the rest of the name, chop h[eader]_ off the front, and put ':'
1066 on the end, if the name was terminated by white space.
1069 name points to a buffer in which the name read so far exists
1070 max is the length of the buffer
1071 s points to the first character after the name so far, i.e. the
1072 first non-alphameric character after $header_xxxxx
1074 Returns: a pointer to the first character after the header name
1077 static const uschar *
1078 read_header_name(uschar *name, int max, const uschar *s)
1080 int prelen = Ustrchr(name, '_') - name + 1;
1081 int ptr = Ustrlen(name) - prelen;
1082 if (ptr > 0) memmove(name, name+prelen, ptr);
1083 while (mac_isgraph(*s) && *s != ':')
1085 if (ptr < max-1) name[ptr++] = *s;
1096 /*************************************************
1097 * Pick out a number from a string *
1098 *************************************************/
1101 n points to an integer into which to put the number
1102 s points to the first digit of the number
1104 Returns: a pointer to the character after the last digit
1106 /*XXX consider expanding to int_eximarith_t. But the test for
1107 "overbig numbers" in 0002 still needs to overflow it. */
1110 read_number(int *n, uschar *s)
1113 while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
1117 static const uschar *
1118 read_cnumber(int *n, const uschar *s)
1121 while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
1127 /*************************************************
1128 * Extract keyed subfield from a string *
1129 *************************************************/
1131 /* The yield is in dynamic store; NULL means that the key was not found.
1134 key points to the name of the key
1135 s points to the string from which to extract the subfield
1137 Returns: NULL if the subfield was not found, or
1138 a pointer to the subfield's data
1142 expand_getkeyed(uschar * key, const uschar * s)
1144 int length = Ustrlen(key);
1145 while (isspace(*s)) s++;
1147 /* Loop to search for the key */
1153 const uschar * dkey = s;
1155 while (*s && *s != '=' && !isspace(*s)) s++;
1156 dkeylength = s - dkey;
1157 while (isspace(*s)) s++;
1158 if (*s == '=') while (isspace((*(++s))));
1160 data = string_dequote(&s);
1161 if (length == dkeylength && strncmpic(key, dkey, length) == 0)
1164 while (isspace(*s)) s++;
1173 find_var_ent(uschar * name)
1176 int last = var_table_size;
1178 while (last > first)
1180 int middle = (first + last)/2;
1181 int c = Ustrcmp(name, var_table[middle].name);
1183 if (c > 0) { first = middle + 1; continue; }
1184 if (c < 0) { last = middle; continue; }
1185 return &var_table[middle];
1190 /*************************************************
1191 * Extract numbered subfield from string *
1192 *************************************************/
1194 /* Extracts a numbered field from a string that is divided by tokens - for
1195 example a line from /etc/passwd is divided by colon characters. First field is
1196 numbered one. Negative arguments count from the right. Zero returns the whole
1197 string. Returns NULL if there are insufficient tokens in the string
1200 Modifies final argument - this is a dynamically generated string, so that's OK.
1203 field number of field to be extracted,
1204 first field = 1, whole string = 0, last field = -1
1205 separators characters that are used to break string into tokens
1206 s points to the string from which to extract the subfield
1208 Returns: NULL if the field was not found,
1209 a pointer to the field's data inside s (modified to add 0)
1213 expand_gettokened (int field, uschar *separators, uschar *s)
1218 uschar *fieldtext = NULL;
1220 if (field == 0) return s;
1222 /* Break the line up into fields in place; for field > 0 we stop when we have
1223 done the number of fields we want. For field < 0 we continue till the end of
1224 the string, counting the number of fields. */
1226 count = (field > 0)? field : INT_MAX;
1232 /* Previous field was the last one in the string. For a positive field
1233 number, this means there are not enough fields. For a negative field number,
1234 check that there are enough, and scan back to find the one that is wanted. */
1238 if (field > 0 || (-field) > (INT_MAX - count - 1)) return NULL;
1239 if ((-field) == (INT_MAX - count - 1)) return s;
1243 while (ss[-1] != 0) ss--;
1249 /* Previous field was not last in the string; save its start and put a
1253 len = Ustrcspn(ss, separators);
1264 expand_getlistele(int field, const uschar * list)
1266 const uschar * tlist = list;
1272 for (field++; string_nextinlist(&tlist, &sep, &dummy, 1); ) field++;
1275 if (field == 0) return NULL;
1276 while (--field > 0 && (string_nextinlist(&list, &sep, &dummy, 1))) ;
1277 return string_nextinlist(&list, &sep, NULL, 0);
1281 /* Certificate fields, by name. Worry about by-OID later */
1282 /* Names are chosen to not have common prefixes */
1289 uschar * (*getfn)(void * cert, uschar * mod);
1291 static certfield certfields[] =
1292 { /* linear search; no special order */
1293 { US"version", 7, &tls_cert_version },
1294 { US"serial_number", 13, &tls_cert_serial_number },
1295 { US"subject", 7, &tls_cert_subject },
1296 { US"notbefore", 9, &tls_cert_not_before },
1297 { US"notafter", 8, &tls_cert_not_after },
1298 { US"issuer", 6, &tls_cert_issuer },
1299 { US"signature", 9, &tls_cert_signature },
1300 { US"sig_algorithm", 13, &tls_cert_signature_algorithm },
1301 { US"subj_altname", 12, &tls_cert_subject_altname },
1302 { US"ocsp_uri", 8, &tls_cert_ocsp_uri },
1303 { US"crl_uri", 7, &tls_cert_crl_uri },
1307 expand_getcertele(uschar * field, uschar * certvar)
1311 if (!(vp = find_var_ent(certvar)))
1313 expand_string_message =
1314 string_sprintf("no variable named \"%s\"", certvar);
1315 return NULL; /* Unknown variable name */
1317 /* NB this stops us passing certs around in variable. Might
1318 want to do that in future */
1319 if (vp->type != vtype_cert)
1321 expand_string_message =
1322 string_sprintf("\"%s\" is not a certificate", certvar);
1323 return NULL; /* Unknown variable name */
1325 if (!*(void **)vp->value)
1328 if (*field >= '0' && *field <= '9')
1329 return tls_cert_ext_by_oid(*(void **)vp->value, field, 0);
1331 for (certfield * cp = certfields;
1332 cp < certfields + nelem(certfields);
1334 if (Ustrncmp(cp->name, field, cp->namelen) == 0)
1336 uschar * modifier = *(field += cp->namelen) == ','
1338 return (*cp->getfn)( *(void **)vp->value, modifier );
1341 expand_string_message =
1342 string_sprintf("bad field selector \"%s\" for certextract", field);
1345 #endif /*SUPPORT_TLS*/
1347 /*************************************************
1348 * Extract a substring from a string *
1349 *************************************************/
1351 /* Perform the ${substr or ${length expansion operations.
1354 subject the input string
1355 value1 the offset from the start of the input string to the start of
1356 the output string; if negative, count from the right.
1357 value2 the length of the output string, or negative (-1) for unset
1358 if value1 is positive, unset means "all after"
1359 if value1 is negative, unset means "all before"
1360 len set to the length of the returned string
1362 Returns: pointer to the output string, or NULL if there is an error
1366 extract_substr(uschar *subject, int value1, int value2, int *len)
1368 int sublen = Ustrlen(subject);
1370 if (value1 < 0) /* count from right */
1374 /* If the position is before the start, skip to the start, and adjust the
1375 length. If the length ends up negative, the substring is null because nothing
1376 can precede. This falls out naturally when the length is unset, meaning "all
1382 if (value2 < 0) value2 = 0;
1386 /* Otherwise an unset length => characters before value1 */
1388 else if (value2 < 0)
1395 /* For a non-negative offset, if the starting position is past the end of the
1396 string, the result will be the null string. Otherwise, an unset length means
1397 "rest"; just set it to the maximum - it will be cut down below if necessary. */
1401 if (value1 > sublen)
1406 else if (value2 < 0) value2 = sublen;
1409 /* Cut the length down to the maximum possible for the offset value, and get
1410 the required characters. */
1412 if (value1 + value2 > sublen) value2 = sublen - value1;
1414 return subject + value1;
1420 /*************************************************
1421 * Old-style hash of a string *
1422 *************************************************/
1424 /* Perform the ${hash expansion operation.
1427 subject the input string (an expanded substring)
1428 value1 the length of the output string; if greater or equal to the
1429 length of the input string, the input string is returned
1430 value2 the number of hash characters to use, or 26 if negative
1431 len set to the length of the returned string
1433 Returns: pointer to the output string, or NULL if there is an error
1437 compute_hash(uschar *subject, int value1, int value2, int *len)
1439 int sublen = Ustrlen(subject);
1441 if (value2 < 0) value2 = 26;
1442 else if (value2 > Ustrlen(hashcodes))
1444 expand_string_message =
1445 string_sprintf("hash count \"%d\" too big", value2);
1449 /* Calculate the hash text. We know it is shorter than the original string, so
1450 can safely place it in subject[] (we know that subject is always itself an
1451 expanded substring). */
1453 if (value1 < sublen)
1458 while ((c = (subject[j])) != 0)
1460 int shift = (c + j++) & 7;
1461 subject[i] ^= (c << shift) | (c >> (8-shift));
1462 if (++i >= value1) i = 0;
1464 for (i = 0; i < value1; i++)
1465 subject[i] = hashcodes[(subject[i]) % value2];
1467 else value1 = sublen;
1476 /*************************************************
1477 * Numeric hash of a string *
1478 *************************************************/
1480 /* Perform the ${nhash expansion operation. The first characters of the
1481 string are treated as most important, and get the highest prime numbers.
1484 subject the input string
1485 value1 the maximum value of the first part of the result
1486 value2 the maximum value of the second part of the result,
1487 or negative to produce only a one-part result
1488 len set to the length of the returned string
1490 Returns: pointer to the output string, or NULL if there is an error.
1494 compute_nhash (uschar *subject, int value1, int value2, int *len)
1496 uschar *s = subject;
1498 unsigned long int total = 0; /* no overflow */
1502 if (i == 0) i = nelem(prime) - 1;
1503 total += prime[i--] * (unsigned int)(*s++);
1506 /* If value2 is unset, just compute one number */
1509 s = string_sprintf("%lu", total % value1);
1511 /* Otherwise do a div/mod hash */
1515 total = total % (value1 * value2);
1516 s = string_sprintf("%lu/%lu", total/value2, total % value2);
1527 /*************************************************
1528 * Find the value of a header or headers *
1529 *************************************************/
1531 /* Multiple instances of the same header get concatenated, and this function
1532 can also return a concatenation of all the header lines. When concatenating
1533 specific headers that contain lists of addresses, a comma is inserted between
1534 them. Otherwise we use a straight concatenation. Because some messages can have
1535 pathologically large number of lines, there is a limit on the length that is
1539 name the name of the header, without the leading $header_ or $h_,
1540 or NULL if a concatenation of all headers is required
1541 newsize return the size of memory block that was obtained; may be NULL
1542 if exists_only is TRUE
1543 flags FH_EXISTS_ONLY
1544 set if called from a def: test; don't need to build a string;
1545 just return a string that is not "" and not "0" if the header
1548 set if called for $rh_ or $rheader_ items; no processing,
1549 other than concatenating, will be done on the header. Also used
1550 for $message_headers_raw.
1552 Double colon chars in the content, and replace newline with
1553 colon between each element when concatenating; returning a
1554 colon-sep list (elements might contain newlines)
1555 charset name of charset to translate MIME words to; used only if
1556 want_raw is false; if NULL, no translation is done (this is
1557 used for $bh_ and $bheader_)
1559 Returns: NULL if the header does not exist, else a pointer to a new
1564 find_header(uschar *name, int *newsize, unsigned flags, uschar *charset)
1567 int len = name ? Ustrlen(name) : 0;
1571 for (header_line * h = header_list; h; h = h->next)
1572 if (h->type != htype_old && h->text) /* NULL => Received: placeholder */
1573 if (!name || (len <= h->slen && strncmpic(name, h->text, len) == 0))
1578 if (flags & FH_EXISTS_ONLY)
1579 return US"1"; /* don't need actual string */
1582 s = h->text + len; /* text to insert */
1583 if (!(flags & FH_WANT_RAW)) /* unless wanted raw, */
1584 while (isspace(*s)) s++; /* remove leading white space */
1585 t = h->text + h->slen; /* end-point */
1587 /* Unless wanted raw, remove trailing whitespace, including the
1590 if (flags & FH_WANT_LIST)
1591 while (t > s && t[-1] == '\n') t--;
1592 else if (!(flags & FH_WANT_RAW))
1594 while (t > s && isspace(t[-1])) t--;
1596 /* Set comma if handling a single header and it's one of those
1597 that contains an address list, except when asked for raw headers. Only
1598 need to do this once. */
1600 if (name && !comma && Ustrchr("BCFRST", h->type)) comma = TRUE;
1603 /* Trim the header roughly if we're approaching limits */
1605 if ((g ? g->ptr : 0) + inc > header_insert_maxlen)
1606 inc = header_insert_maxlen - (g ? g->ptr : 0);
1608 /* For raw just copy the data; for a list, add the data as a colon-sep
1609 list-element; for comma-list add as an unchecked comma,newline sep
1610 list-elemment; for other nonraw add as an unchecked newline-sep list (we
1611 stripped trailing WS above including the newline). We ignore the potential
1612 expansion due to colon-doubling, just leaving the loop if the limit is met
1615 if (flags & FH_WANT_LIST)
1616 g = string_append_listele_n(g, ':', s, (unsigned)inc);
1617 else if (flags & FH_WANT_RAW)
1619 g = string_catn(g, s, (unsigned)inc);
1620 (void) string_from_gstring(g);
1624 g = string_append2_listele_n(g, US",\n", s, (unsigned)inc);
1626 g = string_append2_listele_n(g, US"\n", s, (unsigned)inc);
1628 if (g && g->ptr >= header_insert_maxlen) break;
1631 if (!found) return NULL; /* No header found */
1632 if (!g) return US"";
1634 /* That's all we do for raw header expansion. */
1637 if (flags & FH_WANT_RAW)
1640 /* Otherwise do RFC 2047 decoding, translating the charset if requested.
1641 The rfc2047_decode2() function can return an error with decoded data if the
1642 charset translation fails. If decoding fails, it returns NULL. */
1646 uschar *decoded, *error;
1648 decoded = rfc2047_decode2(g->s, check_rfc2047_length, charset, '?', NULL,
1652 DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
1653 " input was: %s\n", error, g->s);
1655 return decoded ? decoded : g->s;
1662 /* Append a "local" element to an Authentication-Results: header
1663 if this was a non-smtp message.
1667 authres_local(gstring * g, const uschar * sysname)
1669 if (!f.authentication_local)
1671 g = string_append(g, 3, US";\n\tlocal=pass (non-smtp, ", sysname, US")");
1672 if (authenticated_id) g = string_append(g, 2, " u=", authenticated_id);
1677 /* Append an "iprev" element to an Authentication-Results: header
1678 if we have attempted to get the calling host's name.
1682 authres_iprev(gstring * g)
1684 if (sender_host_name)
1685 g = string_append(g, 3, US";\n\tiprev=pass (", sender_host_name, US")");
1686 else if (host_lookup_deferred)
1687 g = string_catn(g, US";\n\tiprev=temperror", 19);
1688 else if (host_lookup_failed)
1689 g = string_catn(g, US";\n\tiprev=fail", 13);
1693 if (sender_host_address)
1694 g = string_append(g, 2, US" smtp.remote-ip=", sender_host_address);
1700 /*************************************************
1701 * Return list of recipients *
1702 *************************************************/
1703 /* A recipients list is available only during system message filtering,
1704 during ACL processing after DATA, and while expanding pipe commands
1705 generated from a system filter, but not elsewhere. */
1713 if (!f.enable_dollar_recipients) return NULL;
1715 for (int i = 0; i < recipients_count; i++)
1717 s = recipients_list[i].address;
1718 g = string_append2_listele_n(g, US", ", s, Ustrlen(s));
1720 return g ? g->s : NULL;
1724 /*************************************************
1725 * Find value of a variable *
1726 *************************************************/
1728 /* The table of variables is kept in alphabetic order, so we can search it
1729 using a binary chop. The "choplen" variable is nothing to do with the binary
1733 name the name of the variable being sought
1734 exists_only TRUE if this is a def: test; passed on to find_header()
1735 skipping TRUE => skip any processing evaluation; this is not the same as
1736 exists_only because def: may test for values that are first
1738 newsize pointer to an int which is initially zero; if the answer is in
1739 a new memory buffer, *newsize is set to its size
1741 Returns: NULL if the variable does not exist, or
1742 a pointer to the variable's contents, or
1743 something non-NULL if exists_only is TRUE
1747 find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
1754 /* Handle ACL variables, whose names are of the form acl_cxxx or acl_mxxx.
1755 Originally, xxx had to be a number in the range 0-9 (later 0-19), but from
1756 release 4.64 onwards arbitrary names are permitted, as long as the first 5
1757 characters are acl_c or acl_m and the sixth is either a digit or an underscore
1758 (this gave backwards compatibility at the changeover). There may be built-in
1759 variables whose names start acl_ but they should never start in this way. This
1760 slightly messy specification is a consequence of the history, needless to say.
1762 If an ACL variable does not exist, treat it as empty, unless strict_acl_vars is
1763 set, in which case give an error. */
1765 if ((Ustrncmp(name, "acl_c", 5) == 0 || Ustrncmp(name, "acl_m", 5) == 0) &&
1769 tree_search((name[4] == 'c')? acl_var_c : acl_var_m, name + 4);
1770 return node ? node->data.ptr : strict_acl_vars ? NULL : US"";
1773 /* Handle $auth<n> variables. */
1775 if (Ustrncmp(name, "auth", 4) == 0)
1778 int n = Ustrtoul(name + 4, &endptr, 10);
1779 if (*endptr == 0 && n != 0 && n <= AUTH_VARS)
1780 return !auth_vars[n-1] ? US"" : auth_vars[n-1];
1782 else if (Ustrncmp(name, "regex", 5) == 0)
1785 int n = Ustrtoul(name + 5, &endptr, 10);
1786 if (*endptr == 0 && n != 0 && n <= REGEX_VARS)
1787 return !regex_vars[n-1] ? US"" : regex_vars[n-1];
1790 /* For all other variables, search the table */
1792 if (!(vp = find_var_ent(name)))
1793 return NULL; /* Unknown variable name */
1795 /* Found an existing variable. If in skipping state, the value isn't needed,
1796 and we want to avoid processing (such as looking up the host name). */
1804 case vtype_filter_int:
1805 if (!f.filter_running) return NULL;
1809 sprintf(CS var_buffer, "%d", *(int *)(val)); /* Integer */
1813 sprintf(CS var_buffer, "%ld", (long int)(*(ino_t *)(val))); /* Inode */
1817 sprintf(CS var_buffer, "%ld", (long int)(*(gid_t *)(val))); /* gid */
1821 sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(val))); /* uid */
1825 sprintf(CS var_buffer, "%s", *(BOOL *)(val) ? "yes" : "no"); /* bool */
1828 case vtype_stringptr: /* Pointer to string */
1829 return (s = *((uschar **)(val))) ? s : US"";
1832 sprintf(CS var_buffer, "%d", (int)getpid()); /* pid */
1835 case vtype_load_avg:
1836 sprintf(CS var_buffer, "%d", OS_GETLOADAVG()); /* load_average */
1839 case vtype_host_lookup: /* Lookup if not done so */
1840 if ( !sender_host_name && sender_host_address
1841 && !host_lookup_failed && host_name_lookup() == OK)
1842 host_build_sender_fullhost();
1843 return sender_host_name ? sender_host_name : US"";
1845 case vtype_localpart: /* Get local part from address */
1846 s = *((uschar **)(val));
1847 if (s == NULL) return US"";
1848 domain = Ustrrchr(s, '@');
1849 if (domain == NULL) return s;
1850 if (domain - s > sizeof(var_buffer) - 1)
1851 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than " SIZE_T_FMT
1852 " in string expansion", sizeof(var_buffer));
1853 Ustrncpy(var_buffer, s, domain - s);
1854 var_buffer[domain - s] = 0;
1857 case vtype_domain: /* Get domain from address */
1858 s = *((uschar **)(val));
1859 if (s == NULL) return US"";
1860 domain = Ustrrchr(s, '@');
1861 return (domain == NULL)? US"" : domain + 1;
1863 case vtype_msgheaders:
1864 return find_header(NULL, newsize, exists_only ? FH_EXISTS_ONLY : 0, NULL);
1866 case vtype_msgheaders_raw:
1867 return find_header(NULL, newsize,
1868 exists_only ? FH_EXISTS_ONLY|FH_WANT_RAW : FH_WANT_RAW, NULL);
1870 case vtype_msgbody: /* Pointer to msgbody string */
1871 case vtype_msgbody_end: /* Ditto, the end of the msg */
1872 ss = (uschar **)(val);
1873 if (!*ss && deliver_datafile >= 0) /* Read body when needed */
1876 off_t start_offset = SPOOL_DATA_START_OFFSET;
1877 int len = message_body_visible;
1878 if (len > message_size) len = message_size;
1879 *ss = body = store_malloc(len+1);
1881 if (vp->type == vtype_msgbody_end)
1883 struct stat statbuf;
1884 if (fstat(deliver_datafile, &statbuf) == 0)
1886 start_offset = statbuf.st_size - len;
1887 if (start_offset < SPOOL_DATA_START_OFFSET)
1888 start_offset = SPOOL_DATA_START_OFFSET;
1891 if (lseek(deliver_datafile, start_offset, SEEK_SET) < 0)
1892 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "deliver_datafile lseek: %s",
1894 len = read(deliver_datafile, body, len);
1898 if (message_body_newlines) /* Separate loops for efficiency */
1900 { if (body[--len] == 0) body[len] = ' '; }
1903 { if (body[--len] == '\n' || body[len] == 0) body[len] = ' '; }
1906 return *ss ? *ss : US"";
1908 case vtype_todbsdin: /* BSD inbox time of day */
1909 return tod_stamp(tod_bsdin);
1911 case vtype_tode: /* Unix epoch time of day */
1912 return tod_stamp(tod_epoch);
1914 case vtype_todel: /* Unix epoch/usec time of day */
1915 return tod_stamp(tod_epoch_l);
1917 case vtype_todf: /* Full time of day */
1918 return tod_stamp(tod_full);
1920 case vtype_todl: /* Log format time of day */
1921 return tod_stamp(tod_log_bare); /* (without timezone) */
1923 case vtype_todzone: /* Time zone offset only */
1924 return tod_stamp(tod_zone);
1926 case vtype_todzulu: /* Zulu time */
1927 return tod_stamp(tod_zulu);
1929 case vtype_todlf: /* Log file datestamp tod */
1930 return tod_stamp(tod_log_datestamp_daily);
1932 case vtype_reply: /* Get reply address */
1933 s = find_header(US"reply-to:", newsize,
1934 exists_only ? FH_EXISTS_ONLY|FH_WANT_RAW : FH_WANT_RAW,
1936 if (s) while (isspace(*s)) s++;
1939 *newsize = 0; /* For the *s==0 case */
1940 s = find_header(US"from:", newsize,
1941 exists_only ? FH_EXISTS_ONLY|FH_WANT_RAW : FH_WANT_RAW,
1947 while (isspace(*s)) s++;
1948 for (t = s; *t != 0; t++) if (*t == '\n') *t = ' ';
1949 while (t > s && isspace(t[-1])) t--;
1952 return s ? s : US"";
1954 case vtype_string_func:
1956 uschar * (*fn)() = val;
1963 sprintf(CS var_buffer, PR_EXIM_ARITH,
1964 receive_statvfs(val == (void *)TRUE, &inodes));
1971 (void) receive_statvfs(val == (void *)TRUE, &inodes);
1972 sprintf(CS var_buffer, "%d", inodes);
1977 return *(void **)val ? US"<cert>" : US"";
1979 #ifndef DISABLE_DKIM
1981 return dkim_exim_expand_query((int)(long)val);
1986 return NULL; /* Unknown variable. Silences static checkers. */
1993 modify_variable(uschar *name, void * value)
1996 if ((vp = find_var_ent(name))) vp->value = value;
1997 return; /* Unknown variable name, fail silently */
2005 /*************************************************
2006 * Read and expand substrings *
2007 *************************************************/
2009 /* This function is called to read and expand argument substrings for various
2010 expansion items. Some have a minimum requirement that is less than the maximum;
2011 in these cases, the first non-present one is set to NULL.
2014 sub points to vector of pointers to set
2015 n maximum number of substrings
2017 sptr points to current string pointer
2018 skipping the skipping flag
2019 check_end if TRUE, check for final '}'
2020 name name of item, for error message
2021 resetok if not NULL, pointer to flag - write FALSE if unsafe to reset
2024 Returns: 0 OK; string pointer updated
2025 1 curly bracketing error (too few arguments)
2026 2 too many arguments (only if check_end is set); message set
2027 3 other error (expansion failure)
2031 read_subs(uschar **sub, int n, int m, const uschar **sptr, BOOL skipping,
2032 BOOL check_end, uschar *name, BOOL *resetok)
2034 const uschar *s = *sptr;
2036 while (isspace(*s)) s++;
2037 for (int i = 0; i < n; i++)
2043 expand_string_message = string_sprintf("Not enough arguments for '%s' "
2044 "(min is %d)", name, m);
2050 if (!(sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, resetok)))
2052 if (*s++ != '}') return 1;
2053 while (isspace(*s)) s++;
2055 if (check_end && *s++ != '}')
2059 expand_string_message = string_sprintf("Too many arguments for '%s' "
2060 "(max is %d)", name, n);
2063 expand_string_message = string_sprintf("missing '}' after '%s'", name);
2074 /*************************************************
2075 * Elaborate message for bad variable *
2076 *************************************************/
2078 /* For the "unknown variable" message, take a look at the variable's name, and
2079 give additional information about possible ACL variables. The extra information
2080 is added on to expand_string_message.
2082 Argument: the name of the variable
2087 check_variable_error_message(uschar *name)
2089 if (Ustrncmp(name, "acl_", 4) == 0)
2090 expand_string_message = string_sprintf("%s (%s)", expand_string_message,
2091 (name[4] == 'c' || name[4] == 'm')?
2093 US"6th character of a user-defined ACL variable must be a digit or underscore" :
2094 US"strict_acl_vars is set" /* Syntax is OK, it has to be this */
2096 US"user-defined ACL variables must start acl_c or acl_m");
2102 Load args from sub array to globals, and call acl_check().
2103 Sub array will be corrupted on return.
2105 Returns: OK access is granted by an ACCEPT verb
2106 DISCARD access is (apparently) granted by a DISCARD verb
2107 FAIL access is denied
2108 FAIL_DROP access is denied; drop the connection
2109 DEFER can't tell at the moment
2113 eval_acl(uschar ** sub, int nsub, uschar ** user_msgp)
2116 int sav_narg = acl_narg;
2118 uschar * dummy_logmsg;
2119 extern int acl_where;
2121 if(--nsub > nelem(acl_arg)) nsub = nelem(acl_arg);
2122 for (i = 0; i < nsub && sub[i+1]; i++)
2124 uschar * tmp = acl_arg[i];
2125 acl_arg[i] = sub[i+1]; /* place callers args in the globals */
2126 sub[i+1] = tmp; /* stash the old args using our caller's storage */
2131 sub[i+1] = acl_arg[i];
2132 acl_arg[i++] = NULL;
2136 debug_printf_indent("expanding: acl: %s arg: %s%s\n",
2138 acl_narg>0 ? acl_arg[0] : US"<none>",
2139 acl_narg>1 ? " +more" : "");
2141 ret = acl_eval(acl_where, sub[0], user_msgp, &dummy_logmsg);
2143 for (i = 0; i < nsub; i++)
2144 acl_arg[i] = sub[i+1]; /* restore old args */
2145 acl_narg = sav_narg;
2153 /* Return pointer to dewrapped string, with enclosing specified chars removed.
2154 The given string is modified on return. Leading whitespace is skipped while
2155 looking for the opening wrap character, then the rest is scanned for the trailing
2156 (non-escaped) wrap character. A backslash in the string will act as an escape.
2158 A nul is written over the trailing wrap, and a pointer to the char after the
2159 leading wrap is returned.
2162 s String for de-wrapping
2163 wrap Two-char string, the first being the opener, second the closer wrapping
2166 Pointer to de-wrapped string, or NULL on error (with expand_string_message set).
2170 dewrap(uschar * s, const uschar * wrap)
2174 BOOL quotesmode = wrap[0] == wrap[1];
2176 while (isspace(*p)) p++;
2184 if (*p == '\\') p++;
2185 else if (!quotesmode && *p == wrap[-1]) depth++;
2186 else if (*p == *wrap)
2197 expand_string_message = string_sprintf("missing '%c'", *wrap);
2202 /* Pull off the leading array or object element, returning
2203 a copy in an allocated string. Update the list pointer.
2205 The element may itself be an abject or array.
2206 Return NULL when the list is empty.
2210 json_nextinlist(const uschar ** list)
2212 unsigned array_depth = 0, object_depth = 0;
2213 const uschar * s = *list, * item;
2215 while (isspace(*s)) s++;
2218 *s && (*s != ',' || array_depth != 0 || object_depth != 0);
2222 case '[': array_depth++; break;
2223 case ']': array_depth--; break;
2224 case '{': object_depth++; break;
2225 case '}': object_depth--; break;
2227 *list = *s ? s+1 : s;
2228 if (item == s) return NULL;
2229 item = string_copyn(item, s - item);
2230 DEBUG(D_expand) debug_printf_indent(" json ele: '%s'\n", item);
2236 /*************************************************
2237 * Read and evaluate a condition *
2238 *************************************************/
2242 s points to the start of the condition text
2243 resetok points to a BOOL which is written false if it is unsafe to
2244 free memory. Certain condition types (acl) may have side-effect
2245 allocation which must be preserved.
2246 yield points to a BOOL to hold the result of the condition test;
2247 if NULL, we are just reading through a condition that is
2248 part of an "or" combination to check syntax, or in a state
2249 where the answer isn't required
2251 Returns: a pointer to the first character after the condition, or
2255 static const uschar *
2256 eval_condition(const uschar *s, BOOL *resetok, BOOL *yield)
2258 BOOL testfor = TRUE;
2259 BOOL tempcond, combined_cond;
2261 BOOL sub2_honour_dollar = TRUE;
2262 BOOL is_forany, is_json, is_jsons;
2263 int rc, cond_type, roffset;
2264 int_eximarith_t num[2];
2265 struct stat statbuf;
2267 const uschar *sub[10];
2270 const uschar *rerror;
2274 while (isspace(*s)) s++;
2275 if (*s == '!') { testfor = !testfor; s++; } else break;
2278 /* Numeric comparisons are symbolic */
2280 if (*s == '=' || *s == '>' || *s == '<')
2292 /* All other conditions are named */
2294 else s = read_name(name, 256, s, US"_");
2296 /* If we haven't read a name, it means some non-alpha character is first. */
2300 expand_string_message = string_sprintf("condition name expected, "
2301 "but found \"%.16s\"", s);
2305 /* Find which condition we are dealing with, and switch on it */
2307 cond_type = chop_match(name, cond_table, nelem(cond_table));
2310 /* def: tests for a non-empty variable, or for the existence of a header. If
2311 yield == NULL we are in a skipping state, and don't care about the answer. */
2319 expand_string_message = US"\":\" expected after \"def\"";
2323 s = read_name(name, 256, s+1, US"_");
2325 /* Test for a header's existence. If the name contains a closing brace
2326 character, this may be a user error where the terminating colon has been
2327 omitted. Set a flag to adjust a subsequent error message in this case. */
2329 if ( ( *(t = name) == 'h'
2330 || (*t == 'r' || *t == 'l' || *t == 'b') && *++t == 'h'
2332 && (*++t == '_' || Ustrncmp(t, "eader_", 6) == 0)
2335 s = read_header_name(name, 256, s);
2336 /* {-for-text-editors */
2337 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
2339 (find_header(name, NULL, FH_EXISTS_ONLY, NULL) != NULL) == testfor;
2342 /* Test for a variable's having a non-empty value. A non-existent variable
2343 causes an expansion failure. */
2347 if (!(t = find_variable(name, TRUE, yield == NULL, NULL)))
2349 expand_string_message = (name[0] == 0)?
2350 string_sprintf("variable name omitted after \"def:\"") :
2351 string_sprintf("unknown variable \"%s\" after \"def:\"", name);
2352 check_variable_error_message(name);
2355 if (yield) *yield = (t[0] != 0) == testfor;
2362 /* first_delivery tests for first delivery attempt */
2364 case ECOND_FIRST_DELIVERY:
2365 if (yield != NULL) *yield = f.deliver_firsttime == testfor;
2369 /* queue_running tests for any process started by a queue runner */
2371 case ECOND_QUEUE_RUNNING:
2372 if (yield != NULL) *yield = (queue_run_pid != (pid_t)0) == testfor;
2376 /* exists: tests for file existence
2377 isip: tests for any IP address
2378 isip4: tests for an IPv4 address
2379 isip6: tests for an IPv6 address
2380 pam: does PAM authentication
2381 radius: does RADIUS authentication
2382 ldapauth: does LDAP authentication
2383 pwcheck: does Cyrus SASL pwcheck authentication
2392 case ECOND_LDAPAUTH:
2395 while (isspace(*s)) s++;
2396 if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2398 sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL, TRUE, resetok);
2399 if (sub[0] == NULL) return NULL;
2400 /* {-for-text-editors */
2401 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2403 if (yield == NULL) return s; /* No need to run the test if skipping */
2408 if ((expand_forbid & RDO_EXISTS) != 0)
2410 expand_string_message = US"File existence tests are not permitted";
2413 *yield = (Ustat(sub[0], &statbuf) == 0) == testfor;
2419 rc = string_is_ip_address(sub[0], NULL);
2420 *yield = ((cond_type == ECOND_ISIP)? (rc != 0) :
2421 (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
2424 /* Various authentication tests - all optionally compiled */
2428 rc = auth_call_pam(sub[0], &expand_string_message);
2431 goto COND_FAILED_NOT_COMPILED;
2432 #endif /* SUPPORT_PAM */
2435 #ifdef RADIUS_CONFIG_FILE
2436 rc = auth_call_radius(sub[0], &expand_string_message);
2439 goto COND_FAILED_NOT_COMPILED;
2440 #endif /* RADIUS_CONFIG_FILE */
2442 case ECOND_LDAPAUTH:
2445 /* Just to keep the interface the same */
2447 int old_pool = store_pool;
2448 store_pool = POOL_SEARCH;
2449 rc = eldapauth_find((void *)(-1), NULL, sub[0], Ustrlen(sub[0]), NULL,
2450 &expand_string_message, &do_cache);
2451 store_pool = old_pool;
2455 goto COND_FAILED_NOT_COMPILED;
2456 #endif /* LOOKUP_LDAP */
2459 #ifdef CYRUS_PWCHECK_SOCKET
2460 rc = auth_call_pwcheck(sub[0], &expand_string_message);
2463 goto COND_FAILED_NOT_COMPILED;
2464 #endif /* CYRUS_PWCHECK_SOCKET */
2466 #if defined(SUPPORT_PAM) || defined(RADIUS_CONFIG_FILE) || \
2467 defined(LOOKUP_LDAP) || defined(CYRUS_PWCHECK_SOCKET)
2469 if (rc == ERROR || rc == DEFER) return NULL;
2470 *yield = (rc == OK) == testfor;
2476 /* call ACL (in a conditional context). Accept true, deny false.
2477 Defer is a forced-fail. Anything set by message= goes to $value.
2478 Up to ten parameters are used; we use the braces round the name+args
2479 like the saslauthd condition does, to permit a variable number of args.
2480 See also the expansion-item version EITEM_ACL and the traditional
2481 acl modifier ACLC_ACL.
2482 Since the ACL may allocate new global variables, tell our caller to not
2487 /* ${if acl {{name}{arg1}{arg2}...} {yes}{no}} */
2493 while (isspace(*s)) s++;
2494 if (*s++ != '{') goto COND_FAILED_CURLY_START; /*}*/
2496 switch(read_subs(sub, nelem(sub), 1,
2497 &s, yield == NULL, TRUE, US"acl", resetok))
2499 case 1: expand_string_message = US"too few arguments or bracketing "
2502 case 3: return NULL;
2507 *resetok = FALSE; /* eval_acl() might allocate; do not reclaim */
2508 switch(eval_acl(sub, nelem(sub), &user_msg))
2513 lookup_value = NULL;
2515 lookup_value = string_copy(user_msg);
2516 *yield = cond == testfor;
2520 f.expand_string_forcedfail = TRUE;
2523 expand_string_message = string_sprintf("error from acl \"%s\"", sub[0]);
2531 /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
2533 ${if saslauthd {{username}{password}{service}{realm}} {yes}{no}}
2535 However, the last two are optional. That is why the whole set is enclosed
2536 in their own set of braces. */
2538 case ECOND_SASLAUTHD:
2539 #ifndef CYRUS_SASLAUTHD_SOCKET
2540 goto COND_FAILED_NOT_COMPILED;
2544 while (isspace(*s)) s++;
2545 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2546 switch(read_subs(sub, nelem(sub), 2, &s, yield == NULL, TRUE, US"saslauthd",
2549 case 1: expand_string_message = US"too few arguments or bracketing "
2550 "error for saslauthd";
2552 case 3: return NULL;
2554 if (sub[2] == NULL) sub[3] = NULL; /* realm if no service */
2557 int rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
2558 &expand_string_message);
2559 if (rc == ERROR || rc == DEFER) return NULL;
2560 *yield = (rc == OK) == testfor;
2564 #endif /* CYRUS_SASLAUTHD_SOCKET */
2567 /* symbolic operators for numeric and string comparison, and a number of
2568 other operators, all requiring two arguments.
2570 crypteq: encrypts plaintext and compares against an encrypted text,
2571 using crypt(), crypt16(), MD5 or SHA-1
2572 inlist/inlisti: checks if first argument is in the list of the second
2573 match: does a regular expression match and sets up the numerical
2574 variables if it succeeds
2575 match_address: matches in an address list
2576 match_domain: matches in a domain list
2577 match_ip: matches a host list that is restricted to IP addresses
2578 match_local_part: matches in a local part list
2581 case ECOND_MATCH_ADDRESS:
2582 case ECOND_MATCH_DOMAIN:
2583 case ECOND_MATCH_IP:
2584 case ECOND_MATCH_LOCAL_PART:
2585 #ifndef EXPAND_LISTMATCH_RHS
2586 sub2_honour_dollar = FALSE;
2595 case ECOND_NUM_L: /* Numerical comparisons */
2602 case ECOND_STR_LT: /* String comparisons */
2613 for (int i = 0; i < 2; i++)
2615 /* Sometimes, we don't expand substrings; too many insecure configurations
2616 created using match_address{}{} and friends, where the second param
2617 includes information from untrustworthy sources. */
2618 BOOL honour_dollar = TRUE;
2619 if ((i > 0) && !sub2_honour_dollar)
2620 honour_dollar = FALSE;
2622 while (isspace(*s)) s++;
2625 if (i == 0) goto COND_FAILED_CURLY_START;
2626 expand_string_message = string_sprintf("missing 2nd string in {} "
2627 "after \"%s\"", name);
2630 if (!(sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL,
2631 honour_dollar, resetok)))
2633 DEBUG(D_expand) if (i == 1 && !sub2_honour_dollar && Ustrchr(sub[1], '$'))
2634 debug_printf_indent("WARNING: the second arg is NOT expanded,"
2635 " for security reasons\n");
2636 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2638 /* Convert to numerical if required; we know that the names of all the
2639 conditions that compare numbers do not start with a letter. This just saves
2640 checking for them individually. */
2642 if (!isalpha(name[0]) && yield != NULL)
2647 debug_printf_indent("empty string cast to zero for numerical comparison\n");
2651 num[i] = expanded_string_integer(sub[i], FALSE);
2652 if (expand_string_message != NULL) return NULL;
2656 /* Result not required */
2658 if (yield == NULL) return s;
2660 /* Do an appropriate comparison */
2666 tempcond = (num[0] == num[1]);
2670 tempcond = (num[0] > num[1]);
2674 tempcond = (num[0] >= num[1]);
2678 tempcond = (num[0] < num[1]);
2682 tempcond = (num[0] <= num[1]);
2686 tempcond = (Ustrcmp(sub[0], sub[1]) < 0);
2690 tempcond = (strcmpic(sub[0], sub[1]) < 0);
2694 tempcond = (Ustrcmp(sub[0], sub[1]) <= 0);
2698 tempcond = (strcmpic(sub[0], sub[1]) <= 0);
2702 tempcond = (Ustrcmp(sub[0], sub[1]) == 0);
2706 tempcond = (strcmpic(sub[0], sub[1]) == 0);
2710 tempcond = (Ustrcmp(sub[0], sub[1]) > 0);
2714 tempcond = (strcmpic(sub[0], sub[1]) > 0);
2718 tempcond = (Ustrcmp(sub[0], sub[1]) >= 0);
2722 tempcond = (strcmpic(sub[0], sub[1]) >= 0);
2725 case ECOND_MATCH: /* Regular expression match */
2726 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
2730 expand_string_message = string_sprintf("regular expression error in "
2731 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
2734 tempcond = regex_match_and_setup(re, sub[0], 0, -1);
2737 case ECOND_MATCH_ADDRESS: /* Match in an address list */
2738 rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL);
2739 goto MATCHED_SOMETHING;
2741 case ECOND_MATCH_DOMAIN: /* Match in a domain list */
2742 rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
2743 MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
2744 goto MATCHED_SOMETHING;
2746 case ECOND_MATCH_IP: /* Match IP address in a host list */
2747 if (sub[0][0] != 0 && string_is_ip_address(sub[0], NULL) == 0)
2749 expand_string_message = string_sprintf("\"%s\" is not an IP address",
2755 unsigned int *nullcache = NULL;
2756 check_host_block cb;
2758 cb.host_name = US"";
2759 cb.host_address = sub[0];
2761 /* If the host address starts off ::ffff: it is an IPv6 address in
2762 IPv4-compatible mode. Find the IPv4 part for checking against IPv4
2765 cb.host_ipv4 = (Ustrncmp(cb.host_address, "::ffff:", 7) == 0)?
2766 cb.host_address + 7 : cb.host_address;
2768 rc = match_check_list(
2769 &sub[1], /* the list */
2770 0, /* separator character */
2771 &hostlist_anchor, /* anchor pointer */
2772 &nullcache, /* cache pointer */
2773 check_host, /* function for testing */
2774 &cb, /* argument for function */
2775 MCL_HOST, /* type of check */
2776 sub[0], /* text for debugging */
2777 NULL); /* where to pass back data */
2779 goto MATCHED_SOMETHING;
2781 case ECOND_MATCH_LOCAL_PART:
2782 rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
2783 MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
2798 expand_string_message = string_sprintf("unable to complete match "
2799 "against \"%s\": %s", sub[1], search_error_message);
2805 /* Various "encrypted" comparisons. If the second string starts with
2806 "{" then an encryption type is given. Default to crypt() or crypt16()
2807 (build-time choice). */
2808 /* }-for-text-editors */
2811 #ifndef SUPPORT_CRYPTEQ
2812 goto COND_FAILED_NOT_COMPILED;
2814 if (strncmpic(sub[1], US"{md5}", 5) == 0)
2816 int sublen = Ustrlen(sub[1]+5);
2821 md5_end(&base, sub[0], Ustrlen(sub[0]), digest);
2823 /* If the length that we are comparing against is 24, the MD5 digest
2824 is expressed as a base64 string. This is the way LDAP does it. However,
2825 some other software uses a straightforward hex representation. We assume
2826 this if the length is 32. Other lengths fail. */
2830 uschar *coded = b64encode(CUS digest, 16);
2831 DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
2832 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2833 tempcond = (Ustrcmp(coded, sub[1]+5) == 0);
2835 else if (sublen == 32)
2838 for (int i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2840 DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
2841 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2842 tempcond = (strcmpic(coded, sub[1]+5) == 0);
2846 DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
2847 "fail\n crypted=%s\n", sub[1]+5);
2852 else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
2854 int sublen = Ustrlen(sub[1]+6);
2859 sha1_end(&h, sub[0], Ustrlen(sub[0]), digest);
2861 /* If the length that we are comparing against is 28, assume the SHA1
2862 digest is expressed as a base64 string. If the length is 40, assume a
2863 straightforward hex representation. Other lengths fail. */
2867 uschar *coded = b64encode(CUS digest, 20);
2868 DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
2869 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2870 tempcond = (Ustrcmp(coded, sub[1]+6) == 0);
2872 else if (sublen == 40)
2875 for (int i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2877 DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
2878 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2879 tempcond = (strcmpic(coded, sub[1]+6) == 0);
2883 DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
2884 "fail\n crypted=%s\n", sub[1]+6);
2889 else /* {crypt} or {crypt16} and non-{ at start */
2890 /* }-for-text-editors */
2895 if (strncmpic(sub[1], US"{crypt}", 7) == 0)
2900 else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
2905 else if (sub[1][0] == '{') /* }-for-text-editors */
2907 expand_string_message = string_sprintf("unknown encryption mechanism "
2908 "in \"%s\"", sub[1]);
2914 case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
2915 case 1: coded = US crypt(CS sub[0], CS sub[1]); break;
2916 default: coded = US crypt16(CS sub[0], CS sub[1]); break;
2920 #define XSTR(s) STR(s)
2921 DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
2922 " subject=%s\n crypted=%s\n",
2923 which == 0 ? XSTR(DEFAULT_CRYPT) : which == 1 ? "crypt" : "crypt16",
2928 /* If the encrypted string contains fewer than two characters (for the
2929 salt), force failure. Otherwise we get false positives: with an empty
2930 string the yield of crypt() is an empty string! */
2933 tempcond = Ustrlen(sub[1]) < 2 ? FALSE : Ustrcmp(coded, sub[1]) == 0;
2934 else if (errno == EINVAL)
2938 expand_string_message = string_sprintf("crypt error: %s\n",
2939 US strerror(errno));
2944 #endif /* SUPPORT_CRYPTEQ */
2949 const uschar * list = sub[1];
2951 uschar *save_iterate_item = iterate_item;
2952 int (*compare)(const uschar *, const uschar *);
2954 DEBUG(D_expand) debug_printf_indent("condition: %s item: %s\n", name, sub[0]);
2957 compare = cond_type == ECOND_INLISTI
2958 ? strcmpic : (int (*)(const uschar *, const uschar *)) strcmp;
2960 while ((iterate_item = string_nextinlist(&list, &sep, NULL, 0)))
2962 DEBUG(D_expand) debug_printf_indent(" compare %s\n", iterate_item);
2963 if (compare(sub[0], iterate_item) == 0)
2969 iterate_item = save_iterate_item;
2972 } /* Switch for comparison conditions */
2974 *yield = tempcond == testfor;
2975 return s; /* End of comparison conditions */
2978 /* and/or: computes logical and/or of several conditions */
2982 subcondptr = (yield == NULL)? NULL : &tempcond;
2983 combined_cond = (cond_type == ECOND_AND);
2985 while (isspace(*s)) s++;
2986 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2990 while (isspace(*s)) s++;
2991 /* {-for-text-editors */
2992 if (*s == '}') break;
2993 if (*s != '{') /* }-for-text-editors */
2995 expand_string_message = string_sprintf("each subcondition "
2996 "inside an \"%s{...}\" condition must be in its own {}", name);
3000 if (!(s = eval_condition(s+1, resetok, subcondptr)))
3002 expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
3003 expand_string_message, name);
3006 while (isspace(*s)) s++;
3008 /* {-for-text-editors */
3011 /* {-for-text-editors */
3012 expand_string_message = string_sprintf("missing } at end of condition "
3013 "inside \"%s\" group", name);
3019 if (cond_type == ECOND_AND)
3021 combined_cond &= tempcond;
3022 if (!combined_cond) subcondptr = NULL; /* once false, don't */
3023 } /* evaluate any more */
3026 combined_cond |= tempcond;
3027 if (combined_cond) subcondptr = NULL; /* once true, don't */
3028 } /* evaluate any more */
3032 if (yield != NULL) *yield = (combined_cond == testfor);
3036 /* forall/forany: iterates a condition with different values */
3038 case ECOND_FORALL: is_forany = FALSE; is_json = FALSE; is_jsons = FALSE; goto FORMANY;
3039 case ECOND_FORANY: is_forany = TRUE; is_json = FALSE; is_jsons = FALSE; goto FORMANY;
3040 case ECOND_FORALL_JSON: is_forany = FALSE; is_json = TRUE; is_jsons = FALSE; goto FORMANY;
3041 case ECOND_FORANY_JSON: is_forany = TRUE; is_json = TRUE; is_jsons = FALSE; goto FORMANY;
3042 case ECOND_FORALL_JSONS: is_forany = FALSE; is_json = TRUE; is_jsons = TRUE; goto FORMANY;
3043 case ECOND_FORANY_JSONS: is_forany = TRUE; is_json = TRUE; is_jsons = TRUE; goto FORMANY;
3047 const uschar * list;
3049 uschar *save_iterate_item = iterate_item;
3051 DEBUG(D_expand) debug_printf_indent("condition: %s\n", name);
3053 while (isspace(*s)) s++;
3054 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
3055 sub[0] = expand_string_internal(s, TRUE, &s, (yield == NULL), TRUE, resetok);
3056 if (sub[0] == NULL) return NULL;
3057 /* {-for-text-editors */
3058 if (*s++ != '}') goto COND_FAILED_CURLY_END;
3060 while (isspace(*s)) s++;
3061 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
3065 /* Call eval_condition once, with result discarded (as if scanning a
3066 "false" part). This allows us to find the end of the condition, because if
3067 the list it empty, we won't actually evaluate the condition for real. */
3069 if (!(s = eval_condition(sub[1], resetok, NULL)))
3071 expand_string_message = string_sprintf("%s inside \"%s\" condition",
3072 expand_string_message, name);
3075 while (isspace(*s)) s++;
3077 /* {-for-text-editors */
3080 /* {-for-text-editors */
3081 expand_string_message = string_sprintf("missing } at end of condition "
3082 "inside \"%s\"", name);
3086 if (yield) *yield = !testfor;
3088 if (is_json) list = dewrap(string_copy(list), US"[]");
3089 while ((iterate_item = is_json
3090 ? json_nextinlist(&list) : string_nextinlist(&list, &sep, NULL, 0)))
3093 if (!(iterate_item = dewrap(iterate_item, US"\"\"")))
3095 expand_string_message =
3096 string_sprintf("%s wrapping string result for extract jsons",
3097 expand_string_message);
3098 iterate_item = save_iterate_item;
3102 DEBUG(D_expand) debug_printf_indent("%s: $item = \"%s\"\n", name, iterate_item);
3103 if (!eval_condition(sub[1], resetok, &tempcond))
3105 expand_string_message = string_sprintf("%s inside \"%s\" condition",
3106 expand_string_message, name);
3107 iterate_item = save_iterate_item;
3110 DEBUG(D_expand) debug_printf_indent("%s: condition evaluated to %s\n", name,
3111 tempcond? "true":"false");
3113 if (yield) *yield = (tempcond == testfor);
3114 if (tempcond == is_forany) break;
3117 iterate_item = save_iterate_item;
3122 /* The bool{} expansion condition maps a string to boolean.
3123 The values supported should match those supported by the ACL condition
3124 (acl.c, ACLC_CONDITION) so that we keep to a minimum the different ideas
3125 of true/false. Note that Router "condition" rules have a different
3126 interpretation, where general data can be used and only a few values
3128 Note that readconf.c boolean matching, for boolean configuration options,
3129 only matches true/yes/false/no.
3130 The bool_lax{} condition matches the Router logic, which is much more
3133 case ECOND_BOOL_LAX:
3139 BOOL boolvalue = FALSE;
3140 while (isspace(*s)) s++;
3141 if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
3142 ourname = cond_type == ECOND_BOOL_LAX ? US"bool_lax" : US"bool";
3143 switch(read_subs(sub_arg, 1, 1, &s, yield == NULL, FALSE, ourname, resetok))
3145 case 1: expand_string_message = string_sprintf(
3146 "too few arguments or bracketing error for %s",
3150 case 3: return NULL;
3153 while (isspace(*t)) t++;
3157 /* trailing whitespace: seems like a good idea to ignore it too */
3159 while (isspace(*t2)) t2--;
3160 if (t2 != (t + len))
3167 debug_printf_indent("considering %s: %s\n", ourname, len ? t : US"<empty>");
3168 /* logic for the lax case from expand_check_condition(), which also does
3169 expands, and the logic is both short and stable enough that there should
3170 be no maintenance burden from replicating it. */
3174 ? Ustrspn(t+1, "0123456789") == len-1
3175 : Ustrspn(t, "0123456789") == len)
3177 boolvalue = (Uatoi(t) == 0) ? FALSE : TRUE;
3178 /* expand_check_condition only does a literal string "0" check */
3179 if ((cond_type == ECOND_BOOL_LAX) && (len > 1))
3182 else if (strcmpic(t, US"true") == 0 || strcmpic(t, US"yes") == 0)
3184 else if (strcmpic(t, US"false") == 0 || strcmpic(t, US"no") == 0)
3186 else if (cond_type == ECOND_BOOL_LAX)
3190 expand_string_message = string_sprintf("unrecognised boolean "
3194 DEBUG(D_expand) debug_printf_indent("%s: condition evaluated to %s\n", ourname,
3195 boolvalue? "true":"false");
3196 if (yield != NULL) *yield = (boolvalue == testfor);
3200 /* Unknown condition */
3203 expand_string_message = string_sprintf("unknown condition \"%s\"", name);
3205 } /* End switch on condition type */
3207 /* Missing braces at start and end of data */
3209 COND_FAILED_CURLY_START:
3210 expand_string_message = string_sprintf("missing { after \"%s\"", name);
3213 COND_FAILED_CURLY_END:
3214 expand_string_message = string_sprintf("missing } at end of \"%s\" condition",
3218 /* A condition requires code that is not compiled */
3220 #if !defined(SUPPORT_PAM) || !defined(RADIUS_CONFIG_FILE) || \
3221 !defined(LOOKUP_LDAP) || !defined(CYRUS_PWCHECK_SOCKET) || \
3222 !defined(SUPPORT_CRYPTEQ) || !defined(CYRUS_SASLAUTHD_SOCKET)
3223 COND_FAILED_NOT_COMPILED:
3224 expand_string_message = string_sprintf("support for \"%s\" not compiled",
3233 /*************************************************
3234 * Save numerical variables *
3235 *************************************************/
3237 /* This function is called from items such as "if" that want to preserve and
3238 restore the numbered variables.
3241 save_expand_string points to an array of pointers to set
3242 save_expand_nlength points to an array of ints for the lengths
3244 Returns: the value of expand max to save
3248 save_expand_strings(uschar **save_expand_nstring, int *save_expand_nlength)
3250 for (int i = 0; i <= expand_nmax; i++)
3252 save_expand_nstring[i] = expand_nstring[i];
3253 save_expand_nlength[i] = expand_nlength[i];
3260 /*************************************************
3261 * Restore numerical variables *
3262 *************************************************/
3264 /* This function restored saved values of numerical strings.
3267 save_expand_nmax the number of strings to restore
3268 save_expand_string points to an array of pointers
3269 save_expand_nlength points to an array of ints
3275 restore_expand_strings(int save_expand_nmax, uschar **save_expand_nstring,
3276 int *save_expand_nlength)
3278 expand_nmax = save_expand_nmax;
3279 for (int i = 0; i <= expand_nmax; i++)
3281 expand_nstring[i] = save_expand_nstring[i];
3282 expand_nlength[i] = save_expand_nlength[i];
3290 /*************************************************
3291 * Handle yes/no substrings *
3292 *************************************************/
3294 /* This function is used by ${if}, ${lookup} and ${extract} to handle the
3295 alternative substrings that depend on whether or not the condition was true,
3296 or the lookup or extraction succeeded. The substrings always have to be
3297 expanded, to check their syntax, but "skipping" is set when the result is not
3298 needed - this avoids unnecessary nested lookups.
3301 skipping TRUE if we were skipping when this item was reached
3302 yes TRUE if the first string is to be used, else use the second
3303 save_lookup a value to put back into lookup_value before the 2nd expansion
3304 sptr points to the input string pointer
3305 yieldptr points to the output growable-string pointer
3306 type "lookup", "if", "extract", "run", "env", "listextract" or
3307 "certextract" for error message
3308 resetok if not NULL, pointer to flag - write FALSE if unsafe to reset
3311 Returns: 0 OK; lookup_value has been reset to save_lookup
3313 2 expansion failed because of bracketing error
3317 process_yesno(BOOL skipping, BOOL yes, uschar *save_lookup, const uschar **sptr,
3318 gstring ** yieldptr, uschar *type, BOOL *resetok)
3321 const uschar *s = *sptr; /* Local value */
3322 uschar *sub1, *sub2;
3323 const uschar * errwhere;
3325 /* If there are no following strings, we substitute the contents of $value for
3326 lookups and for extractions in the success case. For the ${if item, the string
3327 "true" is substituted. In the fail case, nothing is substituted for all three
3330 while (isspace(*s)) s++;
3335 if (yes && !skipping)
3336 *yieldptr = string_catn(*yieldptr, US"true", 4);
3340 if (yes && lookup_value && !skipping)
3341 *yieldptr = string_cat(*yieldptr, lookup_value);
3342 lookup_value = save_lookup;
3348 /* The first following string must be braced. */
3352 errwhere = US"'yes' part did not start with '{'";
3356 /* Expand the first substring. Forced failures are noticed only if we actually
3357 want this string. Set skipping in the call in the fail case (this will always
3358 be the case if we were already skipping). */
3360 sub1 = expand_string_internal(s, TRUE, &s, !yes, TRUE, resetok);
3361 if (sub1 == NULL && (yes || !f.expand_string_forcedfail)) goto FAILED;
3362 f.expand_string_forcedfail = FALSE;
3365 errwhere = US"'yes' part did not end with '}'";
3369 /* If we want the first string, add it to the output */
3372 *yieldptr = string_cat(*yieldptr, sub1);
3374 /* If this is called from a lookup/env or a (cert)extract, we want to restore
3375 $value to what it was at the start of the item, so that it has this value
3376 during the second string expansion. For the call from "if" or "run" to this
3377 function, save_lookup is set to lookup_value, so that this statement does
3380 lookup_value = save_lookup;
3382 /* There now follows either another substring, or "fail", or nothing. This
3383 time, forced failures are noticed only if we want the second string. We must
3384 set skipping in the nested call if we don't want this string, or if we were
3385 already skipping. */
3387 while (isspace(*s)) s++;
3390 sub2 = expand_string_internal(s+1, TRUE, &s, yes || skipping, TRUE, resetok);
3391 if (sub2 == NULL && (!yes || !f.expand_string_forcedfail)) goto FAILED;
3392 f.expand_string_forcedfail = FALSE;
3395 errwhere = US"'no' part did not start with '{'";
3399 /* If we want the second string, add it to the output */
3402 *yieldptr = string_cat(*yieldptr, sub2);
3405 /* If there is no second string, but the word "fail" is present when the use of
3406 the second string is wanted, set a flag indicating it was a forced failure
3407 rather than a syntactic error. Swallow the terminating } in case this is nested
3408 inside another lookup or if or extract. */
3413 /* deconst cast ok here as source is s anyway */
3414 s = US read_name(name, sizeof(name), s, US"_");
3415 if (Ustrcmp(name, "fail") == 0)
3417 if (!yes && !skipping)
3419 while (isspace(*s)) s++;
3422 errwhere = US"did not close with '}' after forcedfail";
3425 expand_string_message =
3426 string_sprintf("\"%s\" failed and \"fail\" requested", type);
3427 f.expand_string_forcedfail = TRUE;
3433 expand_string_message =
3434 string_sprintf("syntax error in \"%s\" item - \"fail\" expected", type);
3439 /* All we have to do now is to check on the final closing brace. */
3441 while (isspace(*s)) s++;
3444 errwhere = US"did not close with '}'";
3450 /* Update the input pointer value before returning */
3455 /* Get here if there is a bracketing failure */
3456 expand_string_message = string_sprintf(
3457 "curly-bracket problem in conditional yes/no parsing: %s\n"
3458 " remaining string is '%s'", errwhere, --s);
3463 /* Get here for other failures */
3471 /*************************************************
3472 * Handle MD5 or SHA-1 computation for HMAC *
3473 *************************************************/
3475 /* These are some wrapping functions that enable the HMAC code to be a bit
3476 cleaner. A good compiler will spot the tail recursion.
3479 type HMAC_MD5 or HMAC_SHA1
3480 remaining are as for the cryptographic hash functions
3486 chash_start(int type, void *base)
3488 if (type == HMAC_MD5)
3489 md5_start((md5 *)base);
3491 sha1_start((hctx *)base);
3495 chash_mid(int type, void *base, uschar *string)
3497 if (type == HMAC_MD5)
3498 md5_mid((md5 *)base, string);
3500 sha1_mid((hctx *)base, string);
3504 chash_end(int type, void *base, uschar *string, int length, uschar *digest)
3506 if (type == HMAC_MD5)
3507 md5_end((md5 *)base, string, length, digest);
3509 sha1_end((hctx *)base, string, length, digest);
3516 /********************************************************
3517 * prvs: Get last three digits of days since Jan 1, 1970 *
3518 ********************************************************/
3520 /* This is needed to implement the "prvs" BATV reverse
3523 Argument: integer "days" offset to add or substract to
3524 or from the current number of days.
3526 Returns: pointer to string containing the last three
3527 digits of the number of days since Jan 1, 1970,
3528 modified by the offset argument, NULL if there
3529 was an error in the conversion.
3534 prvs_daystamp(int day_offset)
3536 uschar *days = store_get(32); /* Need at least 24 for cases */
3537 (void)string_format(days, 32, TIME_T_FMT, /* where TIME_T_FMT is %lld */
3538 (time(NULL) + day_offset*86400)/86400);
3539 return (Ustrlen(days) >= 3) ? &days[Ustrlen(days)-3] : US"100";
3544 /********************************************************
3545 * prvs: perform HMAC-SHA1 computation of prvs bits *
3546 ********************************************************/
3548 /* This is needed to implement the "prvs" BATV reverse
3552 address RFC2821 Address to use
3553 key The key to use (must be less than 64 characters
3555 key_num Single-digit key number to use. Defaults to
3558 Returns: pointer to string containing the first three
3559 bytes of the final hash in hex format, NULL if
3560 there was an error in the process.
3564 prvs_hmac_sha1(uschar *address, uschar *key, uschar *key_num, uschar *daystamp)
3566 gstring * hash_source;
3569 uschar innerhash[20];
3570 uschar finalhash[20];
3571 uschar innerkey[64];
3572 uschar outerkey[64];
3573 uschar *finalhash_hex = store_get(40);
3575 if (key_num == NULL)
3578 if (Ustrlen(key) > 64)
3581 hash_source = string_catn(NULL, key_num, 1);
3582 hash_source = string_catn(hash_source, daystamp, 3);
3583 hash_source = string_cat(hash_source, address);
3584 (void) string_from_gstring(hash_source);
3587 debug_printf_indent("prvs: hash source is '%s'\n", hash_source->s);
3589 memset(innerkey, 0x36, 64);
3590 memset(outerkey, 0x5c, 64);
3592 for (int i = 0; i < Ustrlen(key); i++)
3594 innerkey[i] ^= key[i];
3595 outerkey[i] ^= key[i];
3598 chash_start(HMAC_SHA1, &h);
3599 chash_mid(HMAC_SHA1, &h, innerkey);
3600 chash_end(HMAC_SHA1, &h, hash_source->s, hash_source->ptr, innerhash);
3602 chash_start(HMAC_SHA1, &h);
3603 chash_mid(HMAC_SHA1, &h, outerkey);
3604 chash_end(HMAC_SHA1, &h, innerhash, 20, finalhash);
3607 for (int i = 0; i < 3; i++)
3609 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
3610 *p++ = hex_digits[finalhash[i] & 0x0f];
3614 return finalhash_hex;
3620 /*************************************************
3621 * Join a file onto the output string *
3622 *************************************************/
3624 /* This is used for readfile/readsock and after a run expansion.
3625 It joins the contents of a file onto the output string, globally replacing
3626 newlines with a given string (optionally).
3630 yield pointer to the expandable string struct
3631 eol newline replacement string, or NULL
3633 Returns: new pointer for expandable string, terminated if non-null
3637 cat_file(FILE *f, gstring *yield, uschar *eol)
3639 uschar buffer[1024];
3641 while (Ufgets(buffer, sizeof(buffer), f))
3643 int len = Ustrlen(buffer);
3644 if (eol && buffer[len-1] == '\n') len--;
3645 yield = string_catn(yield, buffer, len);
3646 if (eol && buffer[len])
3647 yield = string_cat(yield, eol);
3650 (void) string_from_gstring(yield);
3657 cat_file_tls(void * tls_ctx, gstring * yield, uschar * eol)
3660 uschar buffer[1024];
3662 /*XXX could we read direct into a pre-grown string? */
3664 while ((rc = tls_read(tls_ctx, buffer, sizeof(buffer))) > 0)
3665 for (uschar * s = buffer; rc--; s++)
3666 yield = eol && *s == '\n'
3667 ? string_cat(yield, eol) : string_catn(yield, s, 1);
3669 /* We assume that all errors, and any returns of zero bytes,
3670 are actually EOF. */
3672 (void) string_from_gstring(yield);
3678 /*************************************************
3679 * Evaluate numeric expression *
3680 *************************************************/
3682 /* This is a set of mutually recursive functions that evaluate an arithmetic
3683 expression involving + - * / % & | ^ ~ << >> and parentheses. The only one of
3684 these functions that is called from elsewhere is eval_expr, whose interface is:
3687 sptr pointer to the pointer to the string - gets updated
3688 decimal TRUE if numbers are to be assumed decimal
3689 error pointer to where to put an error message - must be NULL on input
3690 endket TRUE if ')' must terminate - FALSE for external call
3692 Returns: on success: the value of the expression, with *error still NULL
3693 on failure: an undefined value, with *error = a message
3696 static int_eximarith_t eval_op_or(uschar **, BOOL, uschar **);
3699 static int_eximarith_t
3700 eval_expr(uschar **sptr, BOOL decimal, uschar **error, BOOL endket)
3703 int_eximarith_t x = eval_op_or(&s, decimal, error);
3709 *error = US"expecting closing parenthesis";
3711 while (isspace(*(++s)));
3713 else if (*s != 0) *error = US"expecting operator";
3720 static int_eximarith_t
3721 eval_number(uschar **sptr, BOOL decimal, uschar **error)
3726 while (isspace(*s)) s++;
3731 (void)sscanf(CS s, (decimal? SC_EXIM_DEC "%n" : SC_EXIM_ARITH "%n"), &n, &count);
3733 switch (tolower(*s))
3736 case 'k': n *= 1024; s++; break;
3737 case 'm': n *= 1024*1024; s++; break;
3738 case 'g': n *= 1024*1024*1024; s++; break;
3740 while (isspace (*s)) s++;
3745 n = eval_expr(&s, decimal, error, 1);
3749 *error = US"expecting number or opening parenthesis";
3757 static int_eximarith_t
3758 eval_op_unary(uschar **sptr, BOOL decimal, uschar **error)
3762 while (isspace(*s)) s++;
3763 if (*s == '+' || *s == '-' || *s == '~')
3766 x = eval_op_unary(&s, decimal, error);
3767 if (op == '-') x = -x;
3768 else if (op == '~') x = ~x;
3772 x = eval_number(&s, decimal, error);
3779 static int_eximarith_t
3780 eval_op_mult(uschar **sptr, BOOL decimal, uschar **error)
3783 int_eximarith_t x = eval_op_unary(&s, decimal, error);
3786 while (*s == '*' || *s == '/' || *s == '%')
3789 int_eximarith_t y = eval_op_unary(&s, decimal, error);
3790 if (*error != NULL) break;
3791 /* SIGFPE both on div/mod by zero and on INT_MIN / -1, which would give
3792 * a value of INT_MAX+1. Note that INT_MIN * -1 gives INT_MIN for me, which
3793 * is a bug somewhere in [gcc 4.2.1, FreeBSD, amd64]. In fact, -N*-M where
3794 * -N*M is INT_MIN will yield INT_MIN.
3795 * Since we don't support floating point, this is somewhat simpler.
3796 * Ideally, we'd return an error, but since we overflow for all other
3797 * arithmetic, consistency suggests otherwise, but what's the correct value
3798 * to use? There is none.
3799 * The C standard guarantees overflow for unsigned arithmetic but signed
3800 * overflow invokes undefined behaviour; in practice, this is overflow
3801 * except for converting INT_MIN to INT_MAX+1. We also can't guarantee
3802 * that long/longlong larger than int are available, or we could just work
3803 * with larger types. We should consider whether to guarantee 32bit eval
3804 * and 64-bit working variables, with errors returned. For now ...
3805 * So, the only SIGFPEs occur with a non-shrinking div/mod, thus -1; we
3806 * can just let the other invalid results occur otherwise, as they have
3807 * until now. For this one case, we can coerce.
3809 if (y == -1 && x == EXIM_ARITH_MIN && op != '*')
3812 debug_printf("Integer exception dodging: " PR_EXIM_ARITH "%c-1 coerced to " PR_EXIM_ARITH "\n",
3813 EXIM_ARITH_MIN, op, EXIM_ARITH_MAX);
3823 *error = (op == '/') ? US"divide by zero" : US"modulo by zero";
3839 static int_eximarith_t
3840 eval_op_sum(uschar **sptr, BOOL decimal, uschar **error)
3843 int_eximarith_t x = eval_op_mult(&s, decimal, error);
3846 while (*s == '+' || *s == '-')
3849 int_eximarith_t y = eval_op_mult(&s, decimal, error);
3851 if ( (x >= EXIM_ARITH_MAX/2 && x >= EXIM_ARITH_MAX/2)
3852 || (x <= -(EXIM_ARITH_MAX/2) && y <= -(EXIM_ARITH_MAX/2)))
3853 { /* over-conservative check */
3855 ? US"overflow in sum" : US"overflow in difference";
3858 if (op == '+') x += y; else x -= y;
3866 static int_eximarith_t
3867 eval_op_shift(uschar **sptr, BOOL decimal, uschar **error)
3870 int_eximarith_t x = eval_op_sum(&s, decimal, error);
3873 while ((*s == '<' || *s == '>') && s[1] == s[0])
3878 y = eval_op_sum(&s, decimal, error);
3879 if (*error != NULL) break;
3880 if (op == '<') x <<= y; else x >>= y;
3888 static int_eximarith_t
3889 eval_op_and(uschar **sptr, BOOL decimal, uschar **error)
3892 int_eximarith_t x = eval_op_shift(&s, decimal, error);
3899 y = eval_op_shift(&s, decimal, error);
3900 if (*error != NULL) break;
3909 static int_eximarith_t
3910 eval_op_xor(uschar **sptr, BOOL decimal, uschar **error)
3913 int_eximarith_t x = eval_op_and(&s, decimal, error);
3920 y = eval_op_and(&s, decimal, error);
3921 if (*error != NULL) break;
3930 static int_eximarith_t
3931 eval_op_or(uschar **sptr, BOOL decimal, uschar **error)
3934 int_eximarith_t x = eval_op_xor(&s, decimal, error);
3941 y = eval_op_xor(&s, decimal, error);
3942 if (*error != NULL) break;
3952 /*************************************************
3954 *************************************************/
3956 /* Returns either an unchanged string, or the expanded string in stacking pool
3957 store. Interpreted sequences are:
3959 \... normal escaping rules
3960 $name substitutes the variable
3962 ${op:string} operates on the expanded string value
3963 ${item{arg1}{arg2}...} expands the args and then does the business
3964 some literal args are not enclosed in {}
3966 There are now far too many operators and item types to make it worth listing
3967 them here in detail any more.
3969 We use an internal routine recursively to handle embedded substrings. The
3970 external function follows. The yield is NULL if the expansion failed, and there
3971 are two cases: if something collapsed syntactically, or if "fail" was given
3972 as the action on a lookup failure. These can be distinguished by looking at the
3973 variable expand_string_forcedfail, which is TRUE in the latter case.
3975 The skipping flag is set true when expanding a substring that isn't actually
3976 going to be used (after "if" or "lookup") and it prevents lookups from
3977 happening lower down.
3979 Store usage: At start, a store block of the length of the input plus 64
3980 is obtained. This is expanded as necessary by string_cat(), which might have to
3981 get a new block, or might be able to expand the original. At the end of the
3982 function we can release any store above that portion of the yield block that
3983 was actually used. In many cases this will be optimal.
3985 However: if the first item in the expansion is a variable name or header name,
3986 we reset the store before processing it; if the result is in fresh store, we
3987 use that without copying. This is helpful for expanding strings like
3988 $message_headers which can get very long.
3990 There's a problem if a ${dlfunc item has side-effects that cause allocation,
3991 since resetting the store at the end of the expansion will free store that was
3992 allocated by the plugin code as well as the slop after the expanded string. So
3993 we skip any resets if ${dlfunc } has been used. The same applies for ${acl }
3994 and, given the acl condition, ${if }. This is an unfortunate consequence of
3995 string expansion becoming too powerful.
3998 string the string to be expanded
3999 ket_ends true if expansion is to stop at }
4000 left if not NULL, a pointer to the first character after the
4001 expansion is placed here (typically used with ket_ends)
4002 skipping TRUE for recursive calls when the value isn't actually going
4003 to be used (to allow for optimisation)
4004 honour_dollar TRUE if $ is to be expanded,
4005 FALSE if it's just another character
4006 resetok_p if not NULL, pointer to flag - write FALSE if unsafe to reset
4009 Returns: NULL if expansion fails:
4010 expand_string_forcedfail is set TRUE if failure was forced
4011 expand_string_message contains a textual error message
4012 a pointer to the expanded string on success
4016 expand_string_internal(const uschar *string, BOOL ket_ends, const uschar **left,
4017 BOOL skipping, BOOL honour_dollar, BOOL *resetok_p)
4019 gstring * yield = string_get(Ustrlen(string) + 64);
4021 const uschar *s = string;
4022 uschar *save_expand_nstring[EXPAND_MAXN+1];
4023 int save_expand_nlength[EXPAND_MAXN+1];
4024 BOOL resetok = TRUE;
4029 debug_printf_indent("/%s: %s\n",
4030 skipping ? "---scanning" : "considering", string);
4032 debug_printf_indent(UTF8_DOWN_RIGHT "%s: %s\n",
4034 ? UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ "scanning"
4038 f.expand_string_forcedfail = FALSE;
4039 expand_string_message = US"";
4046 /* \ escapes the next character, which must exist, or else
4047 the expansion fails. There's a special escape, \N, which causes
4048 copying of the subject verbatim up to the next \N. Otherwise,
4049 the escapes are the standard set. */
4055 expand_string_message = US"\\ at end of string";
4061 const uschar * t = s + 2;
4062 for (s = t; *s != 0; s++) if (*s == '\\' && s[1] == 'N') break;
4063 yield = string_catn(yield, t, s - t);
4064 if (*s != 0) s += 2;
4070 ch[0] = string_interpret_escape(&s);
4072 yield = string_catn(yield, ch, 1);
4079 /* Anything other than $ is just copied verbatim, unless we are
4080 looking for a terminating } character. */
4083 if (ket_ends && *s == '}') break;
4085 if (*s != '$' || !honour_dollar)
4087 yield = string_catn(yield, s++, 1);
4091 /* No { after the $ - must be a plain name or a number for string
4092 match variable. There has to be a fudge for variables that are the
4093 names of header fields preceded by "$header_" because header field
4094 names can contain any printing characters except space and colon.
4095 For those that don't like typing this much, "$h_" is a synonym for
4096 "$header_". A non-existent header yields a NULL value; nothing is
4099 if (isalpha((*(++s))))
4106 s = read_name(name, sizeof(name), s, US"_");
4108 /* If this is the first thing to be expanded, release the pre-allocated
4112 g = store_get(sizeof(gstring));
4113 else if (yield->ptr == 0)
4115 if (resetok) store_reset(yield);
4117 g = store_get(sizeof(gstring)); /* alloc _before_ calling find_variable() */
4122 if ( ( *(t = name) == 'h'
4123 || (*t == 'r' || *t == 'l' || *t == 'b') && *++t == 'h'
4125 && (*++t == '_' || Ustrncmp(t, "eader_", 6) == 0)
4128 unsigned flags = *name == 'r' ? FH_WANT_RAW
4129 : *name == 'l' ? FH_WANT_RAW|FH_WANT_LIST
4131 uschar * charset = *name == 'b' ? NULL : headers_charset;
4133 s = read_header_name(name, sizeof(name), s);
4134 value = find_header(name, &newsize, flags, charset);
4136 /* If we didn't find the header, and the header contains a closing brace
4137 character, this may be a user error where the terminating colon
4138 has been omitted. Set a flag to adjust the error message in this case.
4139 But there is no error here - nothing gets inserted. */
4143 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
4150 else if (!(value = find_variable(name, FALSE, skipping, &newsize)))
4152 expand_string_message =
4153 string_sprintf("unknown variable name \"%s\"", name);
4154 check_variable_error_message(name);
4158 /* If the data is known to be in a new buffer, newsize will be set to the
4159 size of that buffer. If this is the first thing in an expansion string,
4160 yield will be NULL; just point it at the new store instead of copying. Many
4161 expansion strings contain just one reference, so this is a useful
4162 optimization, especially for humungous headers. We need to use a gstring
4163 structure that is not allocated after that new-buffer, else a later store
4164 reset in the middle of the buffer will make it inaccessible. */
4166 len = Ustrlen(value);
4167 if (!yield && newsize != 0)
4170 yield->size = newsize;
4175 yield = string_catn(yield, value, len);
4183 s = read_cnumber(&n, s);
4184 if (n >= 0 && n <= expand_nmax)
4185 yield = string_catn(yield, expand_nstring[n], expand_nlength[n]);
4189 /* Otherwise, if there's no '{' after $ it's an error. */ /*}*/
4191 if (*s != '{') /*}*/
4193 expand_string_message = US"$ not followed by letter, digit, or {"; /*}*/
4197 /* After { there can be various things, but they all start with
4198 an initial word, except for a number for a string match variable. */
4200 if (isdigit((*(++s))))
4203 s = read_cnumber(&n, s); /*{*/
4206 expand_string_message = US"} expected after number";
4209 if (n >= 0 && n <= expand_nmax)
4210 yield = string_catn(yield, expand_nstring[n], expand_nlength[n]);
4216 expand_string_message = US"letter or digit expected after ${"; /*}*/
4220 /* Allow "-" in names to cater for substrings with negative
4221 arguments. Since we are checking for known names after { this is
4224 s = read_name(name, sizeof(name), s, US"_-");
4225 item_type = chop_match(name, item_table, nelem(item_table));
4229 /* Call an ACL from an expansion. We feed data in via $acl_arg1 - $acl_arg9.
4230 If the ACL returns accept or reject we return content set by "message ="
4231 There is currently no limit on recursion; this would have us call
4232 acl_check_internal() directly and get a current level from somewhere.
4233 See also the acl expansion condition ECOND_ACL and the traditional
4234 acl modifier ACLC_ACL.
4235 Assume that the function has side-effects on the store that must be preserved.
4239 /* ${acl {name} {arg1}{arg2}...} */
4241 uschar *sub[10]; /* name + arg1-arg9 (which must match number of acl_arg[]) */
4244 switch(read_subs(sub, nelem(sub), 1, &s, skipping, TRUE, US"acl",
4247 case 1: goto EXPAND_FAILED_CURLY;
4249 case 3: goto EXPAND_FAILED;
4251 if (skipping) continue;
4254 switch(eval_acl(sub, nelem(sub), &user_msg))
4259 debug_printf_indent("acl expansion yield: %s\n", user_msg);
4261 yield = string_cat(yield, user_msg);
4265 f.expand_string_forcedfail = TRUE;
4268 expand_string_message = string_sprintf("error from acl \"%s\"", sub[0]);
4273 case EITEM_AUTHRESULTS:
4274 /* ${authresults {mysystemname}} */
4278 switch(read_subs(sub_arg, nelem(sub_arg), 1, &s, skipping, TRUE, name,
4281 case 1: goto EXPAND_FAILED_CURLY;
4283 case 3: goto EXPAND_FAILED;
4286 yield = string_append(yield, 3,
4287 US"Authentication-Results: ", sub_arg[0], US"; none");
4290 yield = authres_local(yield, sub_arg[0]);
4291 yield = authres_iprev(yield);
4292 yield = authres_smtpauth(yield);
4294 yield = authres_spf(yield);
4296 #ifndef DISABLE_DKIM
4297 yield = authres_dkim(yield);
4299 #ifdef EXPERIMENTAL_DMARC
4300 yield = authres_dmarc(yield);
4302 #ifdef EXPERIMENTAL_ARC
4303 yield = authres_arc(yield);
4308 /* Handle conditionals - preserve the values of the numerical expansion
4309 variables in case they get changed by a regular expression match in the
4310 condition. If not, they retain their external settings. At the end
4311 of this "if" section, they get restored to their previous values. */
4316 const uschar *next_s;
4317 int save_expand_nmax =
4318 save_expand_strings(save_expand_nstring, save_expand_nlength);
4320 while (isspace(*s)) s++;
4321 next_s = eval_condition(s, &resetok, skipping ? NULL : &cond);
4322 if (next_s == NULL) goto EXPAND_FAILED; /* message already set */
4327 debug_printf_indent("|--condition: %.*s\n", (int)(next_s - s), s);
4328 debug_printf_indent("|-----result: %s\n", cond ? "true" : "false");
4332 debug_printf_indent(UTF8_VERT_RIGHT UTF8_HORIZ UTF8_HORIZ
4333 "condition: %.*s\n",
4334 (int)(next_s - s), s);
4335 debug_printf_indent(UTF8_VERT_RIGHT UTF8_HORIZ UTF8_HORIZ
4336 UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ
4338 cond ? "true" : "false");
4343 /* The handling of "yes" and "no" result strings is now in a separate
4344 function that is also used by ${lookup} and ${extract} and ${run}. */
4346 switch(process_yesno(
4347 skipping, /* were previously skipping */
4348 cond, /* success/failure indicator */
4349 lookup_value, /* value to reset for string2 */
4350 &s, /* input pointer */
4351 &yield, /* output pointer */
4352 US"if", /* condition type */
4355 case 1: goto EXPAND_FAILED; /* when all is well, the */
4356 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
4359 /* Restore external setting of expansion variables for continuation
4362 restore_expand_strings(save_expand_nmax, save_expand_nstring,
4363 save_expand_nlength);
4368 case EITEM_IMAPFOLDER:
4369 { /* ${imapfolder {name}{sep]{specials}} */
4373 switch(read_subs(sub_arg, nelem(sub_arg), 1, &s, skipping, TRUE, name,
4376 case 1: goto EXPAND_FAILED_CURLY;
4378 case 3: goto EXPAND_FAILED;
4381 if (sub_arg[1] == NULL) /* One argument */
4383 sub_arg[1] = US"/"; /* default separator */
4386 else if (Ustrlen(sub_arg[1]) != 1)
4388 expand_string_message =
4390 "IMAP folder separator must be one character, found \"%s\"",
4397 if (!(encoded = imap_utf7_encode(sub_arg[0], headers_charset,
4398 sub_arg[1][0], sub_arg[2], &expand_string_message)))
4400 yield = string_cat(yield, encoded);
4406 /* Handle database lookups unless locked out. If "skipping" is TRUE, we are
4407 expanding an internal string that isn't actually going to be used. All we
4408 need to do is check the syntax, so don't do a lookup at all. Preserve the
4409 values of the numerical expansion variables in case they get changed by a
4410 partial lookup. If not, they retain their external settings. At the end
4411 of this "lookup" section, they get restored to their previous values. */
4415 int stype, partial, affixlen, starflags;
4416 int expand_setup = 0;
4418 uschar *key, *filename;
4419 const uschar *affix;
4420 uschar *save_lookup_value = lookup_value;
4421 int save_expand_nmax =
4422 save_expand_strings(save_expand_nstring, save_expand_nlength);
4424 if ((expand_forbid & RDO_LOOKUP) != 0)
4426 expand_string_message = US"lookup expansions are not permitted";
4430 /* Get the key we are to look up for single-key+file style lookups.
4431 Otherwise set the key NULL pro-tem. */
4433 while (isspace(*s)) s++;
4434 if (*s == '{') /*}*/
4436 key = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
4437 if (!key) goto EXPAND_FAILED; /*{{*/
4440 expand_string_message = US"missing '}' after lookup key";
4441 goto EXPAND_FAILED_CURLY;
4443 while (isspace(*s)) s++;
4447 /* Find out the type of database */
4451 expand_string_message = US"missing lookup type";
4455 /* The type is a string that may contain special characters of various
4456 kinds. Allow everything except space or { to appear; the actual content
4457 is checked by search_findtype_partial. */ /*}*/
4459 while (*s != 0 && *s != '{' && !isspace(*s)) /*}*/
4461 if (nameptr < sizeof(name) - 1) name[nameptr++] = *s;
4465 while (isspace(*s)) s++;
4467 /* Now check for the individual search type and any partial or default
4468 options. Only those types that are actually in the binary are valid. */
4470 stype = search_findtype_partial(name, &partial, &affix, &affixlen,
4474 expand_string_message = search_error_message;
4478 /* Check that a key was provided for those lookup types that need it,
4479 and was not supplied for those that use the query style. */
4481 if (!mac_islookup(stype, lookup_querystyle|lookup_absfilequery))
4485 expand_string_message = string_sprintf("missing {key} for single-"
4486 "key \"%s\" lookup", name);
4494 expand_string_message = string_sprintf("a single key was given for "
4495 "lookup type \"%s\", which is not a single-key lookup type", name);
4500 /* Get the next string in brackets and expand it. It is the file name for
4501 single-key+file lookups, and the whole query otherwise. In the case of
4502 queries that also require a file name (e.g. sqlite), the file name comes
4507 expand_string_message = US"missing '{' for lookup file-or-query arg";
4508 goto EXPAND_FAILED_CURLY;
4510 filename = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
4511 if (filename == NULL) goto EXPAND_FAILED;
4514 expand_string_message = US"missing '}' closing lookup file-or-query arg";
4515 goto EXPAND_FAILED_CURLY;
4517 while (isspace(*s)) s++;
4519 /* If this isn't a single-key+file lookup, re-arrange the variables
4520 to be appropriate for the search_ functions. For query-style lookups,
4521 there is just a "key", and no file name. For the special query-style +
4522 file types, the query (i.e. "key") starts with a file name. */
4526 while (isspace(*filename)) filename++;
4529 if (mac_islookup(stype, lookup_querystyle))
4533 if (*filename != '/')
4535 expand_string_message = string_sprintf(
4536 "absolute file name expected for \"%s\" lookup", name);
4539 while (*key != 0 && !isspace(*key)) key++;
4540 if (*key != 0) *key++ = 0;
4544 /* If skipping, don't do the next bit - just lookup_value == NULL, as if
4545 the entry was not found. Note that there is no search_close() function.
4546 Files are left open in case of re-use. At suitable places in higher logic,
4547 search_tidyup() is called to tidy all open files. This can save opening
4548 the same file several times. However, files may also get closed when
4549 others are opened, if too many are open at once. The rule is that a
4550 handle should not be used after a second search_open().
4552 Request that a partial search sets up $1 and maybe $2 by passing
4553 expand_setup containing zero. If its value changes, reset expand_nmax,
4554 since new variables will have been set. Note that at the end of this
4555 "lookup" section, the old numeric variables are restored. */
4558 lookup_value = NULL;
4561 void *handle = search_open(filename, stype, 0, NULL, NULL);
4564 expand_string_message = search_error_message;
4567 lookup_value = search_find(handle, filename, key, partial, affix,
4568 affixlen, starflags, &expand_setup);
4569 if (f.search_find_defer)
4571 expand_string_message =
4572 string_sprintf("lookup of \"%s\" gave DEFER: %s",
4573 string_printing2(key, FALSE), search_error_message);
4576 if (expand_setup > 0) expand_nmax = expand_setup;
4579 /* The handling of "yes" and "no" result strings is now in a separate
4580 function that is also used by ${if} and ${extract}. */
4582 switch(process_yesno(
4583 skipping, /* were previously skipping */
4584 lookup_value != NULL, /* success/failure indicator */
4585 save_lookup_value, /* value to reset for string2 */
4586 &s, /* input pointer */
4587 &yield, /* output pointer */
4588 US"lookup", /* condition type */
4591 case 1: goto EXPAND_FAILED; /* when all is well, the */
4592 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
4595 /* Restore external setting of expansion variables for carrying on
4596 at this level, and continue. */
4598 restore_expand_strings(save_expand_nmax, save_expand_nstring,
4599 save_expand_nlength);
4603 /* If Perl support is configured, handle calling embedded perl subroutines,
4604 unless locked out at this time. Syntax is ${perl{sub}} or ${perl{sub}{arg}}
4605 or ${perl{sub}{arg1}{arg2}} or up to a maximum of EXIM_PERL_MAX_ARGS
4606 arguments (defined below). */
4608 #define EXIM_PERL_MAX_ARGS 8
4612 expand_string_message = US"\"${perl\" encountered, but this facility " /*}*/
4613 "is not included in this binary";
4616 #else /* EXIM_PERL */
4618 uschar *sub_arg[EXIM_PERL_MAX_ARGS + 2];
4621 if ((expand_forbid & RDO_PERL) != 0)
4623 expand_string_message = US"Perl calls are not permitted";
4627 switch(read_subs(sub_arg, EXIM_PERL_MAX_ARGS + 1, 1, &s, skipping, TRUE,
4628 US"perl", &resetok))
4630 case 1: goto EXPAND_FAILED_CURLY;
4632 case 3: goto EXPAND_FAILED;
4635 /* If skipping, we don't actually do anything */
4637 if (skipping) continue;
4639 /* Start the interpreter if necessary */
4641 if (!opt_perl_started)
4644 if (opt_perl_startup == NULL)
4646 expand_string_message = US"A setting of perl_startup is needed when "
4647 "using the Perl interpreter";
4650 DEBUG(D_any) debug_printf("Starting Perl interpreter\n");
4651 initerror = init_perl(opt_perl_startup);
4652 if (initerror != NULL)
4654 expand_string_message =
4655 string_sprintf("error in perl_startup code: %s\n", initerror);
4658 opt_perl_started = TRUE;
4661 /* Call the function */
4663 sub_arg[EXIM_PERL_MAX_ARGS + 1] = NULL;
4664 new_yield = call_perl_cat(yield, &expand_string_message,
4665 sub_arg[0], sub_arg + 1);
4667 /* NULL yield indicates failure; if the message pointer has been set to
4668 NULL, the yield was undef, indicating a forced failure. Otherwise the
4669 message will indicate some kind of Perl error. */
4671 if (new_yield == NULL)
4673 if (expand_string_message == NULL)
4675 expand_string_message =
4676 string_sprintf("Perl subroutine \"%s\" returned undef to force "
4677 "failure", sub_arg[0]);
4678 f.expand_string_forcedfail = TRUE;
4683 /* Yield succeeded. Ensure forcedfail is unset, just in case it got
4684 set during a callback from Perl. */
4686 f.expand_string_forcedfail = FALSE;
4690 #endif /* EXIM_PERL */
4692 /* Transform email address to "prvs" scheme to use
4693 as BATV-signed return path */
4700 switch(read_subs(sub_arg, 3, 2, &s, skipping, TRUE, US"prvs", &resetok))
4702 case 1: goto EXPAND_FAILED_CURLY;
4704 case 3: goto EXPAND_FAILED;
4707 /* If skipping, we don't actually do anything */
4708 if (skipping) continue;
4710 /* sub_arg[0] is the address */
4711 if ( !(domain = Ustrrchr(sub_arg[0],'@'))
4712 || domain == sub_arg[0] || Ustrlen(domain) == 1)
4714 expand_string_message = US"prvs first argument must be a qualified email address";
4718 /* Calculate the hash. The third argument must be a single-digit
4719 key number, or unset. */
4722 && (!isdigit(sub_arg[2][0]) || sub_arg[2][1] != 0))
4724 expand_string_message = US"prvs third argument must be a single digit";
4728 p = prvs_hmac_sha1(sub_arg[0], sub_arg[1], sub_arg[2], prvs_daystamp(7));
4731 expand_string_message = US"prvs hmac-sha1 conversion failed";
4735 /* Now separate the domain from the local part */
4738 yield = string_catn(yield, US"prvs=", 5);
4739 yield = string_catn(yield, sub_arg[2] ? sub_arg[2] : US"0", 1);
4740 yield = string_catn(yield, prvs_daystamp(7), 3);
4741 yield = string_catn(yield, p, 6);
4742 yield = string_catn(yield, US"=", 1);
4743 yield = string_cat (yield, sub_arg[0]);
4744 yield = string_catn(yield, US"@", 1);
4745 yield = string_cat (yield, domain);
4750 /* Check a prvs-encoded address for validity */
4752 case EITEM_PRVSCHECK:
4759 /* TF: Ugliness: We want to expand parameter 1 first, then set
4760 up expansion variables that are used in the expansion of
4761 parameter 2. So we clone the string for the first
4762 expansion, where we only expand parameter 1.
4764 PH: Actually, that isn't necessary. The read_subs() function is
4765 designed to work this way for the ${if and ${lookup expansions. I've
4769 /* Reset expansion variables */
4770 prvscheck_result = NULL;
4771 prvscheck_address = NULL;
4772 prvscheck_keynum = NULL;
4774 switch(read_subs(sub_arg, 1, 1, &s, skipping, FALSE, US"prvs", &resetok))
4776 case 1: goto EXPAND_FAILED_CURLY;
4778 case 3: goto EXPAND_FAILED;
4781 re = regex_must_compile(US"^prvs\\=([0-9])([0-9]{3})([A-F0-9]{6})\\=(.+)\\@(.+)$",
4784 if (regex_match_and_setup(re,sub_arg[0],0,-1))
4786 uschar *local_part = string_copyn(expand_nstring[4],expand_nlength[4]);
4787 uschar *key_num = string_copyn(expand_nstring[1],expand_nlength[1]);
4788 uschar *daystamp = string_copyn(expand_nstring[2],expand_nlength[2]);
4789 uschar *hash = string_copyn(expand_nstring[3],expand_nlength[3]);
4790 uschar *domain = string_copyn(expand_nstring[5],expand_nlength[5]);
4792 DEBUG(D_expand) debug_printf_indent("prvscheck localpart: %s\n", local_part);
4793 DEBUG(D_expand) debug_printf_indent("prvscheck key number: %s\n", key_num);
4794 DEBUG(D_expand) debug_printf_indent("prvscheck daystamp: %s\n", daystamp);
4795 DEBUG(D_expand) debug_printf_indent("prvscheck hash: %s\n", hash);
4796 DEBUG(D_expand) debug_printf_indent("prvscheck domain: %s\n", domain);
4798 /* Set up expansion variables */
4799 g = string_cat (NULL, local_part);
4800 g = string_catn(g, US"@", 1);
4801 g = string_cat (g, domain);
4802 prvscheck_address = string_from_gstring(g);
4803 prvscheck_keynum = string_copy(key_num);
4805 /* Now expand the second argument */
4806 switch(read_subs(sub_arg, 1, 1, &s, skipping, FALSE, US"prvs", &resetok))
4808 case 1: goto EXPAND_FAILED_CURLY;
4810 case 3: goto EXPAND_FAILED;
4813 /* Now we have the key and can check the address. */
4815 p = prvs_hmac_sha1(prvscheck_address, sub_arg[0], prvscheck_keynum,
4820 expand_string_message = US"hmac-sha1 conversion failed";
4824 DEBUG(D_expand) debug_printf_indent("prvscheck: received hash is %s\n", hash);
4825 DEBUG(D_expand) debug_printf_indent("prvscheck: own hash is %s\n", p);
4827 if (Ustrcmp(p,hash) == 0)
4829 /* Success, valid BATV address. Now check the expiry date. */
4830 uschar *now = prvs_daystamp(0);
4831 unsigned int inow = 0,iexpire = 1;
4833 (void)sscanf(CS now,"%u",&inow);
4834 (void)sscanf(CS daystamp,"%u",&iexpire);
4836 /* When "iexpire" is < 7, a "flip" has occurred.
4837 Adjust "inow" accordingly. */
4838 if ( (iexpire < 7) && (inow >= 993) ) inow = 0;
4840 if (iexpire >= inow)
4842 prvscheck_result = US"1";
4843 DEBUG(D_expand) debug_printf_indent("prvscheck: success, $pvrs_result set to 1\n");
4847 prvscheck_result = NULL;
4848 DEBUG(D_expand) debug_printf_indent("prvscheck: signature expired, $pvrs_result unset\n");
4853 prvscheck_result = NULL;
4854 DEBUG(D_expand) debug_printf_indent("prvscheck: hash failure, $pvrs_result unset\n");
4857 /* Now expand the final argument. We leave this till now so that
4858 it can include $prvscheck_result. */
4860 switch(read_subs(sub_arg, 1, 0, &s, skipping, TRUE, US"prvs", &resetok))
4862 case 1: goto EXPAND_FAILED_CURLY;
4864 case 3: goto EXPAND_FAILED;
4867 yield = string_cat(yield,
4868 !sub_arg[0] || !*sub_arg[0] ? prvscheck_address : sub_arg[0]);
4870 /* Reset the "internal" variables afterwards, because they are in
4871 dynamic store that will be reclaimed if the expansion succeeded. */
4873 prvscheck_address = NULL;
4874 prvscheck_keynum = NULL;
4877 /* Does not look like a prvs encoded address, return the empty string.
4878 We need to make sure all subs are expanded first, so as to skip over
4881 switch(read_subs(sub_arg, 2, 1, &s, skipping, TRUE, US"prvs", &resetok))
4883 case 1: goto EXPAND_FAILED_CURLY;
4885 case 3: goto EXPAND_FAILED;
4891 /* Handle "readfile" to insert an entire file */
4893 case EITEM_READFILE:
4898 if ((expand_forbid & RDO_READFILE) != 0)
4900 expand_string_message = US"file insertions are not permitted";
4904 switch(read_subs(sub_arg, 2, 1, &s, skipping, TRUE, US"readfile", &resetok))
4906 case 1: goto EXPAND_FAILED_CURLY;
4908 case 3: goto EXPAND_FAILED;
4911 /* If skipping, we don't actually do anything */
4913 if (skipping) continue;
4915 /* Open the file and read it */
4917 if (!(f = Ufopen(sub_arg[0], "rb")))
4919 expand_string_message = string_open_failed(errno, "%s", sub_arg[0]);
4923 yield = cat_file(f, yield, sub_arg[1]);
4928 /* Handle "readsocket" to insert data from a socket, either
4929 Inet or Unix domain */
4931 case EITEM_READSOCK:
4933 client_conn_ctx cctx;
4935 int save_ptr = yield->ptr;
4938 uschar * sub_arg[4];
4939 uschar * server_name = NULL;
4941 BOOL do_shutdown = TRUE;
4942 BOOL do_tls = FALSE; /* Only set under SUPPORT_TLS */
4945 if (expand_forbid & RDO_READSOCK)
4947 expand_string_message = US"socket insertions are not permitted";
4951 /* Read up to 4 arguments, but don't do the end of item check afterwards,
4952 because there may be a string for expansion on failure. */
4954 switch(read_subs(sub_arg, 4, 2, &s, skipping, FALSE, US"readsocket", &resetok))
4956 case 1: goto EXPAND_FAILED_CURLY;
4957 case 2: /* Won't occur: no end check */
4958 case 3: goto EXPAND_FAILED;
4961 /* Grab the request string, if any */
4963 reqstr.data = sub_arg[1];
4964 reqstr.len = Ustrlen(sub_arg[1]);
4966 /* Sort out timeout, if given. The second arg is a list with the first element
4967 being a time value. Any more are options of form "name=value". Currently the
4968 only option recognised is "shutdown". */
4972 const uschar * list = sub_arg[2];
4976 item = string_nextinlist(&list, &sep, NULL, 0);
4977 if ((timeout = readconf_readtime(item, 0, FALSE)) < 0)
4979 expand_string_message = string_sprintf("bad time value %s", item);
4983 while ((item = string_nextinlist(&list, &sep, NULL, 0)))
4984 if (Ustrncmp(item, US"shutdown=", 9) == 0)
4985 { if (Ustrcmp(item + 9, US"no") == 0) do_shutdown = FALSE; }
4987 else if (Ustrncmp(item, US"tls=", 4) == 0)
4988 { if (Ustrcmp(item + 9, US"no") != 0) do_tls = TRUE; }
4992 sub_arg[3] = NULL; /* No eol if no timeout */
4994 /* If skipping, we don't actually do anything. Otherwise, arrange to
4995 connect to either an IP or a Unix socket. */
4999 /* Handle an IP (internet) domain */
5001 if (Ustrncmp(sub_arg[0], "inet:", 5) == 0)
5006 server_name = sub_arg[0] + 5;
5007 port_name = Ustrrchr(server_name, ':');
5009 /* Sort out the port */
5013 expand_string_message =
5014 string_sprintf("missing port for readsocket %s", sub_arg[0]);
5017 *port_name++ = 0; /* Terminate server name */
5019 if (isdigit(*port_name))
5022 port = Ustrtol(port_name, &end, 0);
5023 if (end != port_name + Ustrlen(port_name))
5025 expand_string_message =
5026 string_sprintf("invalid port number %s", port_name);
5032 struct servent *service_info = getservbyname(CS port_name, "tcp");
5035 expand_string_message = string_sprintf("unknown port \"%s\"",
5039 port = ntohs(service_info->s_port);
5042 /*XXX we trust that the request is idempotent. Hmm. */
5043 cctx.sock = ip_connectedsocket(SOCK_STREAM, server_name, port, port,
5044 timeout, &host, &expand_string_message,
5045 do_tls ? NULL : &reqstr);
5046 callout_address = NULL;
5053 /* Handle a Unix domain socket */
5057 struct sockaddr_un sockun; /* don't call this "sun" ! */
5060 if ((cctx.sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
5062 expand_string_message = string_sprintf("failed to create socket: %s",
5067 sockun.sun_family = AF_UNIX;
5068 sprintf(sockun.sun_path, "%.*s", (int)(sizeof(sockun.sun_path)-1),
5070 server_name = US sockun.sun_path;
5072 sigalrm_seen = FALSE;
5074 rc = connect(cctx.sock, (struct sockaddr *)(&sockun), sizeof(sockun));
5078 expand_string_message = US "socket connect timed out";
5083 expand_string_message = string_sprintf("failed to connect to socket "
5084 "%s: %s", sub_arg[0], strerror(errno));
5087 host.name = server_name;
5088 host.address = US"";
5091 DEBUG(D_expand) debug_printf_indent("connected to socket %s\n", sub_arg[0]);
5096 smtp_connect_args conn_args = {.host = &host };
5097 tls_support tls_dummy = {.sni=NULL};
5100 if (!tls_client_start(&cctx, &conn_args, NULL, &tls_dummy, &errstr))
5102 expand_string_message = string_sprintf("TLS connect failed: %s", errstr);
5108 /* Allow sequencing of test actions */
5109 if (f.running_in_test_harness) millisleep(100);
5111 /* Write the request string, if not empty or already done */
5115 DEBUG(D_expand) debug_printf_indent("writing \"%s\" to socket\n",
5119 do_tls ? tls_write(cctx.tls_ctx, reqstr.data, reqstr.len, FALSE) :
5121 write(cctx.sock, reqstr.data, reqstr.len)) != reqstr.len)
5123 expand_string_message = string_sprintf("request write to socket "
5124 "failed: %s", strerror(errno));
5129 /* Shut down the sending side of the socket. This helps some servers to
5130 recognise that it is their turn to do some work. Just in case some
5131 system doesn't have this function, make it conditional. */
5134 if (!do_tls && do_shutdown) shutdown(cctx.sock, SHUT_WR);
5137 if (f.running_in_test_harness) millisleep(100);
5139 /* Now we need to read from the socket, under a timeout. The function
5140 that reads a file can be used. */
5143 fp = fdopen(cctx.sock, "rb");
5144 sigalrm_seen = FALSE;
5148 do_tls ? cat_file_tls(cctx.tls_ctx, yield, sub_arg[3]) :
5150 cat_file(fp, yield, sub_arg[3]);
5156 tls_close(cctx.tls_ctx, TRUE);
5163 /* After a timeout, we restore the pointer in the result, that is,
5164 make sure we add nothing from the socket. */
5168 yield->ptr = save_ptr;
5169 expand_string_message = US "socket read timed out";
5174 /* The whole thing has worked (or we were skipping). If there is a
5175 failure string following, we need to skip it. */
5179 if (expand_string_internal(s+1, TRUE, &s, TRUE, TRUE, &resetok) == NULL)
5183 expand_string_message = US"missing '}' closing failstring for readsocket";
5184 goto EXPAND_FAILED_CURLY;
5186 while (isspace(*s)) s++;
5192 expand_string_message = US"missing '}' closing readsocket";
5193 goto EXPAND_FAILED_CURLY;
5197 /* Come here on failure to create socket, connect socket, write to the
5198 socket, or timeout on reading. If another substring follows, expand and
5199 use it. Otherwise, those conditions give expand errors. */
5202 if (*s != '{') goto EXPAND_FAILED;
5203 DEBUG(D_any) debug_printf("%s\n", expand_string_message);
5204 if (!(arg = expand_string_internal(s+1, TRUE, &s, FALSE, TRUE, &resetok)))
5206 yield = string_cat(yield, arg);
5209 expand_string_message = US"missing '}' closing failstring for readsocket";
5210 goto EXPAND_FAILED_CURLY;
5212 while (isspace(*s)) s++;
5216 /* Handle "run" to execute a program. */
5222 const uschar **argv;
5226 if ((expand_forbid & RDO_RUN) != 0)
5228 expand_string_message = US"running a command is not permitted";
5232 while (isspace(*s)) s++;
5235 expand_string_message = US"missing '{' for command arg of run";
5236 goto EXPAND_FAILED_CURLY;
5238 arg = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
5239 if (arg == NULL) goto EXPAND_FAILED;
5240 while (isspace(*s)) s++;
5243 expand_string_message = US"missing '}' closing command arg of run";
5244 goto EXPAND_FAILED_CURLY;
5247 if (skipping) /* Just pretend it worked when we're skipping */
5250 lookup_value = NULL;
5254 if (!transport_set_up_command(&argv, /* anchor for arg list */
5255 arg, /* raw command */
5256 FALSE, /* don't expand the arguments */
5257 0, /* not relevant when... */
5258 NULL, /* no transporting address */
5259 US"${run} expansion", /* for error messages */
5260 &expand_string_message)) /* where to put error message */
5263 /* Create the child process, making it a group leader. */
5265 if ((pid = child_open(USS argv, NULL, 0077, &fd_in, &fd_out, TRUE)) < 0)
5267 expand_string_message =
5268 string_sprintf("couldn't create child process: %s", strerror(errno));
5272 /* Nothing is written to the standard input. */
5276 /* Read the pipe to get the command's output into $value (which is kept
5277 in lookup_value). Read during execution, so that if the output exceeds
5278 the OS pipe buffer limit, we don't block forever. Remember to not release
5279 memory just allocated for $value. */
5282 f = fdopen(fd_out, "rb");
5283 sigalrm_seen = FALSE;
5285 lookup_value = string_from_gstring(cat_file(f, NULL, NULL));
5289 /* Wait for the process to finish, applying the timeout, and inspect its
5290 return code for serious disasters. Simple non-zero returns are passed on.
5293 if (sigalrm_seen || (runrc = child_close(pid, 30)) < 0)
5295 if (sigalrm_seen || runrc == -256)
5297 expand_string_message = string_sprintf("command timed out");
5298 killpg(pid, SIGKILL); /* Kill the whole process group */
5301 else if (runrc == -257)
5302 expand_string_message = string_sprintf("wait() failed: %s",
5306 expand_string_message = string_sprintf("command killed by signal %d",
5313 /* Process the yes/no strings; $value may be useful in both cases */
5315 switch(process_yesno(
5316 skipping, /* were previously skipping */
5317 runrc == 0, /* success/failure indicator */
5318 lookup_value, /* value to reset for string2 */
5319 &s, /* input pointer */
5320 &yield, /* output pointer */
5321 US"run", /* condition type */
5324 case 1: goto EXPAND_FAILED; /* when all is well, the */
5325 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
5331 /* Handle character translation for "tr" */
5335 int oldptr = yield->ptr;
5339 switch(read_subs(sub, 3, 3, &s, skipping, TRUE, US"tr", &resetok))
5341 case 1: goto EXPAND_FAILED_CURLY;
5343 case 3: goto EXPAND_FAILED;
5346 yield = string_cat(yield, sub[0]);
5347 o2m = Ustrlen(sub[2]) - 1;
5349 if (o2m >= 0) for (; oldptr < yield->ptr; oldptr++)
5351 uschar *m = Ustrrchr(sub[1], yield->s[oldptr]);
5355 yield->s[oldptr] = sub[2][(o < o2m)? o : o2m];
5362 /* Handle "hash", "length", "nhash", and "substr" when they are given with
5363 expanded arguments. */
5372 int val[2] = { 0, -1 };
5375 /* "length" takes only 2 arguments whereas the others take 2 or 3.
5376 Ensure that sub[2] is set in the ${length } case. */
5379 switch(read_subs(sub, (item_type == EITEM_LENGTH)? 2:3, 2, &s, skipping,
5380 TRUE, name, &resetok))
5382 case 1: goto EXPAND_FAILED_CURLY;
5384 case 3: goto EXPAND_FAILED;
5387 /* Juggle the arguments if there are only two of them: always move the
5388 string to the last position and make ${length{n}{str}} equivalent to
5389 ${substr{0}{n}{str}}. See the defaults for val[] above. */
5395 if (item_type == EITEM_LENGTH)
5402 for (int i = 0; i < 2; i++) if (sub[i])
5404 val[i] = (int)Ustrtol(sub[i], &ret, 10);
5405 if (*ret != 0 || (i != 0 && val[i] < 0))
5407 expand_string_message = string_sprintf("\"%s\" is not a%s number "
5408 "(in \"%s\" expansion)", sub[i], (i != 0)? " positive" : "", name);
5414 (item_type == EITEM_HASH)?
5415 compute_hash(sub[2], val[0], val[1], &len) :
5416 (item_type == EITEM_NHASH)?
5417 compute_nhash(sub[2], val[0], val[1], &len) :
5418 extract_substr(sub[2], val[0], val[1], &len);
5420 if (ret == NULL) goto EXPAND_FAILED;
5421 yield = string_catn(yield, ret, len);
5425 /* Handle HMAC computation: ${hmac{<algorithm>}{<secret>}{<text>}}
5426 This code originally contributed by Steve Haslam. It currently supports
5427 the use of MD5 and SHA-1 hashes.
5429 We need some workspace that is large enough to handle all the supported
5430 hash types. Use macros to set the sizes rather than be too elaborate. */
5432 #define MAX_HASHLEN 20
5433 #define MAX_HASHBLOCKLEN 64
5442 int hashlen; /* Number of octets for the hash algorithm's output */
5443 int hashblocklen; /* Number of octets the hash algorithm processes */
5445 unsigned int keylen;
5447 uschar keyhash[MAX_HASHLEN];
5448 uschar innerhash[MAX_HASHLEN];
5449 uschar finalhash[MAX_HASHLEN];
5450 uschar finalhash_hex[2*MAX_HASHLEN];
5451 uschar innerkey[MAX_HASHBLOCKLEN];
5452 uschar outerkey[MAX_HASHBLOCKLEN];
5454 switch (read_subs(sub, 3, 3, &s, skipping, TRUE, name, &resetok))
5456 case 1: goto EXPAND_FAILED_CURLY;
5458 case 3: goto EXPAND_FAILED;
5463 if (Ustrcmp(sub[0], "md5") == 0)
5466 use_base = &md5_base;
5470 else if (Ustrcmp(sub[0], "sha1") == 0)
5473 use_base = &sha1_ctx;
5479 expand_string_message =
5480 string_sprintf("hmac algorithm \"%s\" is not recognised", sub[0]);
5485 keylen = Ustrlen(keyptr);
5487 /* If the key is longer than the hash block length, then hash the key
5490 if (keylen > hashblocklen)
5492 chash_start(type, use_base);
5493 chash_end(type, use_base, keyptr, keylen, keyhash);
5498 /* Now make the inner and outer key values */
5500 memset(innerkey, 0x36, hashblocklen);
5501 memset(outerkey, 0x5c, hashblocklen);
5503 for (int i = 0; i < keylen; i++)
5505 innerkey[i] ^= keyptr[i];
5506 outerkey[i] ^= keyptr[i];
5509 /* Now do the hashes */
5511 chash_start(type, use_base);
5512 chash_mid(type, use_base, innerkey);
5513 chash_end(type, use_base, sub[2], Ustrlen(sub[2]), innerhash);
5515 chash_start(type, use_base);
5516 chash_mid(type, use_base, outerkey);
5517 chash_end(type, use_base, innerhash, hashlen, finalhash);
5519 /* Encode the final hash as a hex string */
5522 for (int i = 0; i < hashlen; i++)
5524 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
5525 *p++ = hex_digits[finalhash[i] & 0x0f];
5528 DEBUG(D_any) debug_printf("HMAC[%s](%.*s,%s)=%.*s\n",
5529 sub[0], (int)keylen, keyptr, sub[2], hashlen*2, finalhash_hex);
5531 yield = string_catn(yield, finalhash_hex, hashlen*2);
5536 /* Handle global substitution for "sg" - like Perl's s/xxx/yyy/g operator.
5537 We have to save the numerical variables and restore them afterwards. */
5542 int moffset, moffsetextra, slen;
5545 const uschar *rerror;
5548 int save_expand_nmax =
5549 save_expand_strings(save_expand_nstring, save_expand_nlength);
5551 switch(read_subs(sub, 3, 3, &s, skipping, TRUE, US"sg", &resetok))
5553 case 1: goto EXPAND_FAILED_CURLY;
5555 case 3: goto EXPAND_FAILED;
5558 /* Compile the regular expression */
5560 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
5565 expand_string_message = string_sprintf("regular expression error in "
5566 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
5570 /* Now run a loop to do the substitutions as often as necessary. It ends
5571 when there are no more matches. Take care over matches of the null string;
5572 do the same thing as Perl does. */
5575 slen = Ustrlen(sub[0]);
5576 moffset = moffsetextra = 0;
5581 int ovector[3*(EXPAND_MAXN+1)];
5582 int n = pcre_exec(re, NULL, CS subject, slen, moffset + moffsetextra,
5583 PCRE_EOPT | emptyopt, ovector, nelem(ovector));
5586 /* No match - if we previously set PCRE_NOTEMPTY after a null match, this
5587 is not necessarily the end. We want to repeat the match from one
5588 character further along, but leaving the basic offset the same (for
5589 copying below). We can't be at the end of the string - that was checked
5590 before setting PCRE_NOTEMPTY. If PCRE_NOTEMPTY is not set, we are
5591 finished; copy the remaining string and end the loop. */
5601 yield = string_catn(yield, subject+moffset, slen-moffset);
5605 /* Match - set up for expanding the replacement. */
5607 if (n == 0) n = EXPAND_MAXN + 1;
5609 for (int nn = 0; nn < n*2; nn += 2)
5611 expand_nstring[expand_nmax] = subject + ovector[nn];
5612 expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn];
5616 /* Copy the characters before the match, plus the expanded insertion. */
5618 yield = string_catn(yield, subject + moffset, ovector[0] - moffset);
5619 insert = expand_string(sub[2]);
5620 if (insert == NULL) goto EXPAND_FAILED;
5621 yield = string_cat(yield, insert);
5623 moffset = ovector[1];
5627 /* If we have matched an empty string, first check to see if we are at
5628 the end of the subject. If so, the loop is over. Otherwise, mimic
5629 what Perl's /g options does. This turns out to be rather cunning. First
5630 we set PCRE_NOTEMPTY and PCRE_ANCHORED and try the match a non-empty
5631 string at the same point. If this fails (picked up above) we advance to
5632 the next character. */
5634 if (ovector[0] == ovector[1])
5636 if (ovector[0] == slen) break;
5637 emptyopt = PCRE_NOTEMPTY | PCRE_ANCHORED;
5641 /* All done - restore numerical variables. */
5643 restore_expand_strings(save_expand_nmax, save_expand_nstring,
5644 save_expand_nlength);
5648 /* Handle keyed and numbered substring extraction. If the first argument
5649 consists entirely of digits, then a numerical extraction is assumed. */
5653 int field_number = 1;
5654 BOOL field_number_set = FALSE;
5655 uschar *save_lookup_value = lookup_value;
5657 int save_expand_nmax =
5658 save_expand_strings(save_expand_nstring, save_expand_nlength);
5660 /* On reflection the original behaviour of extract-json for a string
5661 result, leaving it quoted, was a mistake. But it was already published,
5662 hence the addition of jsons. In a future major version, make json
5663 work like josons, and withdraw jsons. */
5665 enum {extract_basic, extract_json, extract_jsons} fmt = extract_basic;
5667 while (isspace(*s)) s++;
5669 /* Check for a format-variant specifier */
5671 if (*s != '{') /*}*/
5672 if (Ustrncmp(s, "json", 4) == 0)
5673 if (*(s += 4) == 's')
5674 {fmt = extract_jsons; s++;}
5678 /* While skipping we cannot rely on the data for expansions being
5679 available (eg. $item) hence cannot decide on numeric vs. keyed.
5680 Read a maximum of 5 arguments (including the yes/no) */
5684 for (int j = 5; j > 0 && *s == '{'; j--) /*'}'*/
5686 if (!expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok))
5687 goto EXPAND_FAILED; /*'{'*/
5690 expand_string_message = US"missing '{' for arg of extract";
5691 goto EXPAND_FAILED_CURLY;
5693 while (isspace(*s)) s++;
5695 if ( Ustrncmp(s, "fail", 4) == 0 /*'{'*/
5696 && (s[4] == '}' || s[4] == ' ' || s[4] == '\t' || !s[4])
5700 while (isspace(*s)) s++;
5704 expand_string_message = US"missing '}' closing extract";
5705 goto EXPAND_FAILED_CURLY;
5709 else for (int i = 0, j = 2; i < j; i++) /* Read the proper number of arguments */
5711 while (isspace(*s)) s++;
5712 if (*s == '{') /*'}'*/
5714 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
5715 if (sub[i] == NULL) goto EXPAND_FAILED; /*'{'*/
5718 expand_string_message = string_sprintf(
5719 "missing '}' closing arg %d of extract", i+1);
5720 goto EXPAND_FAILED_CURLY;
5723 /* After removal of leading and trailing white space, the first
5724 argument must not be empty; if it consists entirely of digits
5725 (optionally preceded by a minus sign), this is a numerical
5726 extraction, and we expect 3 arguments (normal) or 2 (json). */
5734 while (isspace(*p)) p++;
5738 while (len > 0 && isspace(p[len-1])) len--;
5743 expand_string_message = US"first argument of \"extract\" must "
5753 while (*p != 0 && isdigit(*p)) x = x * 10 + *p++ - '0';
5757 if (fmt == extract_basic) j = 3; /* Need 3 args */
5758 field_number_set = TRUE;
5764 expand_string_message = string_sprintf(
5765 "missing '{' for arg %d of extract", i+1);
5766 goto EXPAND_FAILED_CURLY;
5770 /* Extract either the numbered or the keyed substring into $value. If
5771 skipping, just pretend the extraction failed. */
5774 lookup_value = NULL;
5778 lookup_value = field_number_set
5779 ? expand_gettokened(field_number, sub[1], sub[2])
5780 : expand_getkeyed(sub[0], sub[1]);
5787 const uschar * list;
5789 /* Array: Bracket-enclosed and comma-separated.
5790 Object: Brace-enclosed, comma-sep list of name:value pairs */
5792 if (!(s = dewrap(sub[1], field_number_set ? US"[]" : US"{}")))
5794 expand_string_message =
5795 string_sprintf("%s wrapping %s for extract json",
5796 expand_string_message,
5797 field_number_set ? "array" : "object");
5798 goto EXPAND_FAILED_CURLY;
5802 if (field_number_set)
5804 if (field_number <= 0)
5806 expand_string_message = US"first argument of \"extract\" must "
5807 "be greater than zero";
5810 while (field_number > 0 && (item = json_nextinlist(&list)))
5812 if ((lookup_value = s = item))
5815 while (--s >= lookup_value && isspace(*s)) *s = '\0';
5820 lookup_value = NULL;
5821 while ((item = json_nextinlist(&list)))
5823 /* Item is: string name-sep value. string is quoted.
5824 Dequote the string and compare with the search key. */
5826 if (!(item = dewrap(item, US"\"\"")))
5828 expand_string_message =
5829 string_sprintf("%s wrapping string key for extract json",
5830 expand_string_message);
5831 goto EXPAND_FAILED_CURLY;
5833 if (Ustrcmp(item, sub[0]) == 0) /*XXX should be a UTF8-compare */
5835 s = item + Ustrlen(item) + 1;
5836 while (isspace(*s)) s++;
5839 expand_string_message = string_sprintf(
5840 "missing object value-separator for extract json");
5841 goto EXPAND_FAILED_CURLY;
5844 while (isspace(*s)) s++;
5852 if ( fmt == extract_jsons
5854 && !(lookup_value = dewrap(lookup_value, US"\"\"")))
5856 expand_string_message =
5857 string_sprintf("%s wrapping string result for extract jsons",
5858 expand_string_message);
5859 goto EXPAND_FAILED_CURLY;
5864 /* If no string follows, $value gets substituted; otherwise there can
5865 be yes/no strings, as for lookup or if. */
5867 switch(process_yesno(
5868 skipping, /* were previously skipping */
5869 lookup_value != NULL, /* success/failure indicator */
5870 save_lookup_value, /* value to reset for string2 */
5871 &s, /* input pointer */
5872 &yield, /* output pointer */
5873 US"extract", /* condition type */
5876 case 1: goto EXPAND_FAILED; /* when all is well, the */
5877 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
5880 /* All done - restore numerical variables. */
5882 restore_expand_strings(save_expand_nmax, save_expand_nstring,
5883 save_expand_nlength);
5888 /* return the Nth item from a list */
5890 case EITEM_LISTEXTRACT:
5892 int field_number = 1;
5893 uschar *save_lookup_value = lookup_value;
5895 int save_expand_nmax =
5896 save_expand_strings(save_expand_nstring, save_expand_nlength);
5898 /* Read the field & list arguments */
5900 for (int i = 0; i < 2; i++)
5902 while (isspace(*s)) s++;
5903 if (*s != '{') /*'}'*/
5905 expand_string_message = string_sprintf(
5906 "missing '{' for arg %d of listextract", i+1);
5907 goto EXPAND_FAILED_CURLY;
5910 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
5911 if (!sub[i]) goto EXPAND_FAILED; /*{*/
5914 expand_string_message = string_sprintf(
5915 "missing '}' closing arg %d of listextract", i+1);
5916 goto EXPAND_FAILED_CURLY;
5919 /* After removal of leading and trailing white space, the first
5920 argument must be numeric and nonempty. */
5928 while (isspace(*p)) p++;
5932 while (len > 0 && isspace(p[len-1])) len--;
5935 if (!*p && !skipping)
5937 expand_string_message = US"first argument of \"listextract\" must "
5947 while (*p && isdigit(*p)) x = x * 10 + *p++ - '0';
5950 expand_string_message = US"first argument of \"listextract\" must "
5958 /* Extract the numbered element into $value. If
5959 skipping, just pretend the extraction failed. */
5961 lookup_value = skipping ? NULL : expand_getlistele(field_number, sub[1]);
5963 /* If no string follows, $value gets substituted; otherwise there can
5964 be yes/no strings, as for lookup or if. */
5966 switch(process_yesno(
5967 skipping, /* were previously skipping */
5968 lookup_value != NULL, /* success/failure indicator */
5969 save_lookup_value, /* value to reset for string2 */
5970 &s, /* input pointer */
5971 &yield, /* output pointer */
5972 US"listextract", /* condition type */
5975 case 1: goto EXPAND_FAILED; /* when all is well, the */
5976 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
5979 /* All done - restore numerical variables. */
5981 restore_expand_strings(save_expand_nmax, save_expand_nstring,
5982 save_expand_nlength);
5988 case EITEM_CERTEXTRACT:
5990 uschar *save_lookup_value = lookup_value;
5992 int save_expand_nmax =
5993 save_expand_strings(save_expand_nstring, save_expand_nlength);
5995 /* Read the field argument */
5996 while (isspace(*s)) s++;
5997 if (*s != '{') /*}*/
5999 expand_string_message = US"missing '{' for field arg of certextract";
6000 goto EXPAND_FAILED_CURLY;
6002 sub[0] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
6003 if (!sub[0]) goto EXPAND_FAILED; /*{*/
6006 expand_string_message = US"missing '}' closing field arg of certextract";
6007 goto EXPAND_FAILED_CURLY;
6009 /* strip spaces fore & aft */
6014 while (isspace(*p)) p++;
6018 while (len > 0 && isspace(p[len-1])) len--;
6022 /* inspect the cert argument */
6023 while (isspace(*s)) s++;
6024 if (*s != '{') /*}*/
6026 expand_string_message = US"missing '{' for cert variable arg of certextract";
6027 goto EXPAND_FAILED_CURLY;
6031 expand_string_message = US"second argument of \"certextract\" must "
6032 "be a certificate variable";
6035 sub[1] = expand_string_internal(s+1, TRUE, &s, skipping, FALSE, &resetok);
6036 if (!sub[1]) goto EXPAND_FAILED; /*{*/
6039 expand_string_message = US"missing '}' closing cert variable arg of certextract";
6040 goto EXPAND_FAILED_CURLY;
6044 lookup_value = NULL;
6047 lookup_value = expand_getcertele(sub[0], sub[1]);
6048 if (*expand_string_message) goto EXPAND_FAILED;
6050 switch(process_yesno(
6051 skipping, /* were previously skipping */
6052 lookup_value != NULL, /* success/failure indicator */
6053 save_lookup_value, /* value to reset for string2 */
6054 &s, /* input pointer */
6055 &yield, /* output pointer */
6056 US"certextract", /* condition type */
6059 case 1: goto EXPAND_FAILED; /* when all is well, the */
6060 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
6063 restore_expand_strings(save_expand_nmax, save_expand_nstring,
6064 save_expand_nlength);
6067 #endif /*SUPPORT_TLS*/
6069 /* Handle list operations */
6076 int save_ptr = yield->ptr;
6077 uschar outsep[2] = { '\0', '\0' };
6078 const uschar *list, *expr, *temp;
6079 uschar *save_iterate_item = iterate_item;
6080 uschar *save_lookup_value = lookup_value;
6082 while (isspace(*s)) s++;
6085 expand_string_message =
6086 string_sprintf("missing '{' for first arg of %s", name);
6087 goto EXPAND_FAILED_CURLY;
6090 list = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok);
6091 if (list == NULL) goto EXPAND_FAILED;
6094 expand_string_message =
6095 string_sprintf("missing '}' closing first arg of %s", name);
6096 goto EXPAND_FAILED_CURLY;
6099 if (item_type == EITEM_REDUCE)
6102 while (isspace(*s)) s++;
6105 expand_string_message = US"missing '{' for second arg of reduce";
6106 goto EXPAND_FAILED_CURLY;
6108 t = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok);
6109 if (!t) goto EXPAND_FAILED;
6113 expand_string_message = US"missing '}' closing second arg of reduce";
6114 goto EXPAND_FAILED_CURLY;
6118 while (isspace(*s)) s++;
6121 expand_string_message =
6122 string_sprintf("missing '{' for last arg of %s", name);
6123 goto EXPAND_FAILED_CURLY;
6128 /* For EITEM_FILTER, call eval_condition once, with result discarded (as
6129 if scanning a "false" part). This allows us to find the end of the
6130 condition, because if the list is empty, we won't actually evaluate the
6131 condition for real. For EITEM_MAP and EITEM_REDUCE, do the same, using
6132 the normal internal expansion function. */
6134 if (item_type == EITEM_FILTER)
6136 temp = eval_condition(expr, &resetok, NULL);
6137 if (temp != NULL) s = temp;
6140 temp = expand_string_internal(s, TRUE, &s, TRUE, TRUE, &resetok);
6144 expand_string_message = string_sprintf("%s inside \"%s\" item",
6145 expand_string_message, name);
6149 while (isspace(*s)) s++;
6152 expand_string_message = string_sprintf("missing } at end of condition "
6153 "or expression inside \"%s\"; could be an unquoted } in the content",
6158 while (isspace(*s)) s++; /*{*/
6161 expand_string_message = string_sprintf("missing } at end of \"%s\"",
6166 /* If we are skipping, we can now just move on to the next item. When
6167 processing for real, we perform the iteration. */
6169 if (skipping) continue;
6170 while ((iterate_item = string_nextinlist(&list, &sep, NULL, 0)))
6172 *outsep = (uschar)sep; /* Separator as a string */
6174 DEBUG(D_expand) debug_printf_indent("%s: $item = '%s' $value = '%s'\n",
6175 name, iterate_item, lookup_value);
6177 if (item_type == EITEM_FILTER)
6180 if (eval_condition(expr, &resetok, &condresult) == NULL)
6182 iterate_item = save_iterate_item;
6183 lookup_value = save_lookup_value;
6184 expand_string_message = string_sprintf("%s inside \"%s\" condition",
6185 expand_string_message, name);
6188 DEBUG(D_expand) debug_printf_indent("%s: condition is %s\n", name,
6189 condresult? "true":"false");
6191 temp = iterate_item; /* TRUE => include this item */
6193 continue; /* FALSE => skip this item */
6196 /* EITEM_MAP and EITEM_REDUCE */
6200 uschar * t = expand_string_internal(expr, TRUE, NULL, skipping, TRUE, &resetok);
6204 iterate_item = save_iterate_item;
6205 expand_string_message = string_sprintf("%s inside \"%s\" item",
6206 expand_string_message, name);
6209 if (item_type == EITEM_REDUCE)
6211 lookup_value = t; /* Update the value of $value */
6212 continue; /* and continue the iteration */
6216 /* We reach here for FILTER if the condition is true, always for MAP,
6217 and never for REDUCE. The value in "temp" is to be added to the output
6218 list that is being created, ensuring that any occurrences of the
6219 separator character are doubled. Unless we are dealing with the first
6220 item of the output list, add in a space if the new item begins with the
6221 separator character, or is an empty string. */
6223 if (yield->ptr != save_ptr && (temp[0] == *outsep || temp[0] == 0))
6224 yield = string_catn(yield, US" ", 1);
6226 /* Add the string in "temp" to the output list that we are building,
6227 This is done in chunks by searching for the separator character. */
6231 size_t seglen = Ustrcspn(temp, outsep);
6233 yield = string_catn(yield, temp, seglen + 1);
6235 /* If we got to the end of the string we output one character
6236 too many; backup and end the loop. Otherwise arrange to double the
6239 if (temp[seglen] == '\0') { yield->ptr--; break; }
6240 yield = string_catn(yield, outsep, 1);
6244 /* Output a separator after the string: we will remove the redundant
6245 final one at the end. */
6247 yield = string_catn(yield, outsep, 1);
6248 } /* End of iteration over the list loop */
6250 /* REDUCE has generated no output above: output the final value of
6253 if (item_type == EITEM_REDUCE)
6255 yield = string_cat(yield, lookup_value);
6256 lookup_value = save_lookup_value; /* Restore $value */
6259 /* FILTER and MAP generate lists: if they have generated anything, remove
6260 the redundant final separator. Even though an empty item at the end of a
6261 list does not count, this is tidier. */
6263 else if (yield->ptr != save_ptr) yield->ptr--;
6265 /* Restore preserved $item */
6267 iterate_item = save_iterate_item;
6274 const uschar *srclist, *cmp, *xtract;
6276 const uschar *dstlist = NULL, *dstkeylist = NULL;
6278 uschar *save_iterate_item = iterate_item;
6280 while (isspace(*s)) s++;
6283 expand_string_message = US"missing '{' for list arg of sort";
6284 goto EXPAND_FAILED_CURLY;
6287 srclist = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok);
6288 if (!srclist) goto EXPAND_FAILED;
6291 expand_string_message = US"missing '}' closing list arg of sort";
6292 goto EXPAND_FAILED_CURLY;
6295 while (isspace(*s)) s++;
6298 expand_string_message = US"missing '{' for comparator arg of sort";
6299 goto EXPAND_FAILED_CURLY;
6302 cmp = expand_string_internal(s, TRUE, &s, skipping, FALSE, &resetok);
6303 if (!cmp) goto EXPAND_FAILED;
6306 expand_string_message = US"missing '}' closing comparator arg of sort";
6307 goto EXPAND_FAILED_CURLY;
6310 while (isspace(*s)) s++;
6313 expand_string_message = US"missing '{' for extractor arg of sort";
6314 goto EXPAND_FAILED_CURLY;
6318 tmp = expand_string_internal(s, TRUE, &s, TRUE, TRUE, &resetok);
6319 if (!tmp) goto EXPAND_FAILED;
6320 xtract = string_copyn(xtract, s - xtract);
6324 expand_string_message = US"missing '}' closing extractor arg of sort";
6325 goto EXPAND_FAILED_CURLY;
6330 expand_string_message = US"missing } at end of \"sort\"";
6334 if (skipping) continue;
6336 while ((srcitem = string_nextinlist(&srclist, &sep, NULL, 0)))
6339 gstring * newlist = NULL;
6340 gstring * newkeylist = NULL;
6343 DEBUG(D_expand) debug_printf_indent("%s: $item = \"%s\"\n", name, srcitem);
6345 /* extract field for comparisons */
6346 iterate_item = srcitem;
6347 if ( !(srcfield = expand_string_internal(xtract, FALSE, NULL, FALSE,
6351 expand_string_message = string_sprintf(
6352 "field-extract in sort: \"%s\"", xtract);
6356 /* Insertion sort */
6358 /* copy output list until new-item < list-item */
6359 while ((dstitem = string_nextinlist(&dstlist, &sep, NULL, 0)))
6365 /* field for comparison */
6366 if (!(dstfield = string_nextinlist(&dstkeylist, &sep, NULL, 0)))
6369 /* build and run condition string */
6370 expr = string_sprintf("%s{%s}{%s}", cmp, srcfield, dstfield);
6372 DEBUG(D_expand) debug_printf_indent("%s: cond = \"%s\"\n", name, expr);
6373 if (!eval_condition(expr, &resetok, &before))
6375 expand_string_message = string_sprintf("comparison in sort: %s",
6382 /* New-item sorts before this dst-item. Append new-item,
6383 then dst-item, then remainder of dst list. */
6385 newlist = string_append_listele(newlist, sep, srcitem);
6386 newkeylist = string_append_listele(newkeylist, sep, srcfield);
6389 newlist = string_append_listele(newlist, sep, dstitem);
6390 newkeylist = string_append_listele(newkeylist, sep, dstfield);
6392 while ((dstitem = string_nextinlist(&dstlist, &sep, NULL, 0)))
6394 if (!(dstfield = string_nextinlist(&dstkeylist, &sep, NULL, 0)))
6396 newlist = string_append_listele(newlist, sep, dstitem);
6397 newkeylist = string_append_listele(newkeylist, sep, dstfield);
6403 newlist = string_append_listele(newlist, sep, dstitem);
6404 newkeylist = string_append_listele(newkeylist, sep, dstfield);
6407 /* If we ran out of dstlist without consuming srcitem, append it */
6410 newlist = string_append_listele(newlist, sep, srcitem);
6411 newkeylist = string_append_listele(newkeylist, sep, srcfield);
6414 dstlist = newlist->s;
6415 dstkeylist = newkeylist->s;
6417 DEBUG(D_expand) debug_printf_indent("%s: dstlist = \"%s\"\n", name, dstlist);
6418 DEBUG(D_expand) debug_printf_indent("%s: dstkeylist = \"%s\"\n", name, dstkeylist);
6422 yield = string_cat(yield, dstlist);
6424 /* Restore preserved $item */
6425 iterate_item = save_iterate_item;
6429 expand_string_message = US"Internal error in sort (list mismatch)";
6434 /* If ${dlfunc } support is configured, handle calling dynamically-loaded
6435 functions, unless locked out at this time. Syntax is ${dlfunc{file}{func}}
6436 or ${dlfunc{file}{func}{arg}} or ${dlfunc{file}{func}{arg1}{arg2}} or up to
6437 a maximum of EXPAND_DLFUNC_MAX_ARGS arguments (defined below). */
6439 #define EXPAND_DLFUNC_MAX_ARGS 8
6442 #ifndef EXPAND_DLFUNC
6443 expand_string_message = US"\"${dlfunc\" encountered, but this facility " /*}*/
6444 "is not included in this binary";
6447 #else /* EXPAND_DLFUNC */
6450 exim_dlfunc_t *func;
6453 uschar *argv[EXPAND_DLFUNC_MAX_ARGS + 3];
6455 if ((expand_forbid & RDO_DLFUNC) != 0)
6457 expand_string_message =
6458 US"dynamically-loaded functions are not permitted";
6462 switch(read_subs(argv, EXPAND_DLFUNC_MAX_ARGS + 2, 2, &s, skipping,
6463 TRUE, US"dlfunc", &resetok))
6465 case 1: goto EXPAND_FAILED_CURLY;
6467 case 3: goto EXPAND_FAILED;
6470 /* If skipping, we don't actually do anything */
6472 if (skipping) continue;
6474 /* Look up the dynamically loaded object handle in the tree. If it isn't
6475 found, dlopen() the file and put the handle in the tree for next time. */
6477 if (!(t = tree_search(dlobj_anchor, argv[0])))
6479 void *handle = dlopen(CS argv[0], RTLD_LAZY);
6482 expand_string_message = string_sprintf("dlopen \"%s\" failed: %s",
6483 argv[0], dlerror());
6484 log_write(0, LOG_MAIN|LOG_PANIC, "%s", expand_string_message);
6487 t = store_get_perm(sizeof(tree_node) + Ustrlen(argv[0]));
6488 Ustrcpy(t->name, argv[0]);
6489 t->data.ptr = handle;
6490 (void)tree_insertnode(&dlobj_anchor, t);
6493 /* Having obtained the dynamically loaded object handle, look up the
6494 function pointer. */
6496 func = (exim_dlfunc_t *)dlsym(t->data.ptr, CS argv[1]);
6499 expand_string_message = string_sprintf("dlsym \"%s\" in \"%s\" failed: "
6500 "%s", argv[1], argv[0], dlerror());
6501 log_write(0, LOG_MAIN|LOG_PANIC, "%s", expand_string_message);
6505 /* Call the function and work out what to do with the result. If it
6506 returns OK, we have a replacement string; if it returns DEFER then
6507 expansion has failed in a non-forced manner; if it returns FAIL then
6508 failure was forced; if it returns ERROR or any other value there's a
6509 problem, so panic slightly. In any case, assume that the function has
6510 side-effects on the store that must be preserved. */
6514 for (argc = 0; argv[argc] != NULL; argc++);
6515 status = func(&result, argc - 2, &argv[2]);
6518 if (result == NULL) result = US"";
6519 yield = string_cat(yield, result);
6524 expand_string_message = result == NULL ? US"(no message)" : result;
6525 if(status == FAIL_FORCED) f.expand_string_forcedfail = TRUE;
6526 else if(status != FAIL)
6527 log_write(0, LOG_MAIN|LOG_PANIC, "dlfunc{%s}{%s} failed (%d): %s",
6528 argv[0], argv[1], status, expand_string_message);
6532 #endif /* EXPAND_DLFUNC */
6534 case EITEM_ENV: /* ${env {name} {val_if_found} {val_if_unfound}} */
6537 uschar *save_lookup_value = lookup_value;
6539 while (isspace(*s)) s++;
6540 if (*s != '{') /*}*/
6543 key = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
6544 if (!key) goto EXPAND_FAILED; /*{*/
6547 expand_string_message = US"missing '{' for name arg of env";
6548 goto EXPAND_FAILED_CURLY;
6551 lookup_value = US getenv(CS key);
6553 switch(process_yesno(
6554 skipping, /* were previously skipping */
6555 lookup_value != NULL, /* success/failure indicator */
6556 save_lookup_value, /* value to reset for string2 */
6557 &s, /* input pointer */
6558 &yield, /* output pointer */
6559 US"env", /* condition type */
6562 case 1: goto EXPAND_FAILED; /* when all is well, the */
6563 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
6567 } /* EITEM_* switch */
6569 /* Control reaches here if the name is not recognized as one of the more
6570 complicated expansion items. Check for the "operator" syntax (name terminated
6571 by a colon). Some of the operators have arguments, separated by _ from the
6580 var_entry *vp = NULL;
6583 /* Owing to an historical mis-design, an underscore may be part of the
6584 operator name, or it may introduce arguments. We therefore first scan the
6585 table of names that contain underscores. If there is no match, we cut off
6586 the arguments and then scan the main table. */
6588 if ((c = chop_match(name, op_table_underscore,
6589 nelem(op_table_underscore))) < 0)
6591 arg = Ustrchr(name, '_');
6592 if (arg != NULL) *arg = 0;
6593 c = chop_match(name, op_table_main, nelem(op_table_main));
6594 if (c >= 0) c += nelem(op_table_underscore);
6595 if (arg != NULL) *arg++ = '_'; /* Put back for error messages */
6598 /* Deal specially with operators that might take a certificate variable
6599 as we do not want to do the usual expansion. For most, expand the string.*/
6609 const uschar * s1 = s;
6610 sub = expand_string_internal(s+2, TRUE, &s1, skipping,
6612 if (!sub) goto EXPAND_FAILED; /*{*/
6615 expand_string_message =
6616 string_sprintf("missing '}' closing cert arg of %s", name);
6617 goto EXPAND_FAILED_CURLY;
6619 if ((vp = find_var_ent(sub)) && vp->type == vtype_cert)
6629 sub = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
6630 if (!sub) goto EXPAND_FAILED;
6635 /* If we are skipping, we don't need to perform the operation at all.
6636 This matters for operations like "mask", because the data may not be
6637 in the correct format when skipping. For example, the expression may test
6638 for the existence of $sender_host_address before trying to mask it. For
6639 other operations, doing them may not fail, but it is a waste of time. */
6641 if (skipping && c >= 0) continue;
6643 /* Otherwise, switch on the operator type */
6650 unsigned long int n = Ustrtoul(sub, &t, 10);
6655 expand_string_message = string_sprintf("argument for base32 "
6656 "operator is \"%s\", which is not a decimal number", sub);
6660 g = string_catn(g, &base32_chars[n & 0x1f], 1);
6662 if (g) while (g->ptr > 0) yield = string_catn(yield, &g->s[--g->ptr], 1);
6669 unsigned long int n = 0;
6673 uschar * t = Ustrchr(base32_chars, *tt++);
6676 expand_string_message = string_sprintf("argument for base32d "
6677 "operator is \"%s\", which is not a base 32 number", sub);
6680 n = n * 32 + (t - base32_chars);
6682 s = string_sprintf("%ld", n);
6683 yield = string_cat(yield, s);
6690 unsigned long int n = Ustrtoul(sub, &t, 10);
6693 expand_string_message = string_sprintf("argument for base62 "
6694 "operator is \"%s\", which is not a decimal number", sub);
6697 t = string_base62(n);
6698 yield = string_cat(yield, t);
6702 /* Note that for Darwin and Cygwin, BASE_62 actually has the value 36 */
6707 unsigned long int n = 0;
6710 uschar *t = Ustrchr(base62_chars, *tt++);
6713 expand_string_message = string_sprintf("argument for base62d "
6714 "operator is \"%s\", which is not a base %d number", sub,
6718 n = n * BASE_62 + (t - base62_chars);
6720 yield = string_fmt_append(yield, "%ld", n);
6726 uschar *expanded = expand_string_internal(sub, FALSE, NULL, skipping, TRUE, &resetok);
6727 if (expanded == NULL)
6729 expand_string_message =
6730 string_sprintf("internal expansion of \"%s\" failed: %s", sub,
6731 expand_string_message);
6734 yield = string_cat(yield, expanded);
6741 uschar *t = sub - 1;
6742 while (*(++t) != 0) { *t = tolower(*t); count++; }
6743 yield = string_catn(yield, sub, count);
6750 uschar *t = sub - 1;
6751 while (*(++t) != 0) { *t = toupper(*t); count++; }
6752 yield = string_catn(yield, sub, count);
6758 if (vp && *(void **)vp->value)
6760 uschar * cp = tls_cert_fprt_md5(*(void **)vp->value);
6761 yield = string_cat(yield, cp);
6769 md5_end(&base, sub, Ustrlen(sub), digest);
6770 for (int j = 0; j < 16; j++)
6771 yield = string_fmt_append(yield, "%02x", digest[j]);
6777 if (vp && *(void **)vp->value)
6779 uschar * cp = tls_cert_fprt_sha1(*(void **)vp->value);
6780 yield = string_cat(yield, cp);
6788 sha1_end(&h, sub, Ustrlen(sub), digest);
6789 for (int j = 0; j < 20; j++)
6790 yield = string_fmt_append(yield, "%02X", digest[j]);
6795 #ifdef EXIM_HAVE_SHA2
6796 if (vp && *(void **)vp->value)
6798 uschar * cp = tls_cert_fprt_sha256(*(void **)vp->value);
6799 yield = string_cat(yield, cp);
6806 if (!exim_sha_init(&h, HASH_SHA2_256))
6808 expand_string_message = US"unrecognised sha256 variant";
6811 exim_sha_update(&h, sub, Ustrlen(sub));
6812 exim_sha_finish(&h, &b);
6814 yield = string_fmt_append(yield, "%02X", *b.data++);
6817 expand_string_message = US"sha256 only supported with TLS";
6822 #ifdef EXIM_HAVE_SHA3
6826 hashmethod m = !arg ? HASH_SHA3_256
6827 : Ustrcmp(arg, "224") == 0 ? HASH_SHA3_224
6828 : Ustrcmp(arg, "256") == 0 ? HASH_SHA3_256
6829 : Ustrcmp(arg, "384") == 0 ? HASH_SHA3_384
6830 : Ustrcmp(arg, "512") == 0 ? HASH_SHA3_512
6833 if (m == HASH_BADTYPE || !exim_sha_init(&h, m))
6835 expand_string_message = US"unrecognised sha3 variant";
6839 exim_sha_update(&h, sub, Ustrlen(sub));
6840 exim_sha_finish(&h, &b);
6842 yield = string_fmt_append(yield, "%02X", *b.data++);
6846 expand_string_message = US"sha3 only supported with GnuTLS 3.5.0 + or OpenSSL 1.1.1 +";
6850 /* Convert hex encoding to base64 encoding */
6860 for (enc = sub; *enc; enc++)
6862 if (!isxdigit(*enc))
6864 expand_string_message = string_sprintf("\"%s\" is not a hex "
6873 expand_string_message = string_sprintf("\"%s\" contains an odd "
6874 "number of characters", sub);
6878 while ((c = *in++) != 0)
6880 if (isdigit(c)) c -= '0';
6881 else c = toupper(c) - 'A' + 10;
6891 enc = b64encode(CUS sub, out - sub);
6892 yield = string_cat(yield, enc);
6896 /* Convert octets outside 0x21..0x7E to \xXX form */
6900 uschar *t = sub - 1;
6903 if (*t < 0x21 || 0x7E < *t)
6904 yield = string_fmt_append(yield, "\\x%02x", *t);
6906 yield = string_catn(yield, t, 1);
6911 /* count the number of list elements */
6919 while (string_nextinlist(CUSS &sub, &sep, buffer, sizeof(buffer)) != NULL) cnt++;
6920 yield = string_fmt_append(yield, "%d", cnt);
6924 /* expand a named list given the name */
6925 /* handles nested named lists; requotes as colon-sep list */
6929 tree_node *t = NULL;
6930 const uschar * list;
6933 uschar * suffix = US"";
6934 BOOL needsep = FALSE;
6937 if (*sub == '+') sub++;
6938 if (arg == NULL) /* no-argument version */
6940 if (!(t = tree_search(addresslist_anchor, sub)) &&
6941 !(t = tree_search(domainlist_anchor, sub)) &&
6942 !(t = tree_search(hostlist_anchor, sub)))
6943 t = tree_search(localpartlist_anchor, sub);
6945 else switch(*arg) /* specific list-type version */
6947 case 'a': t = tree_search(addresslist_anchor, sub); suffix = US"_a"; break;
6948 case 'd': t = tree_search(domainlist_anchor, sub); suffix = US"_d"; break;
6949 case 'h': t = tree_search(hostlist_anchor, sub); suffix = US"_h"; break;
6950 case 'l': t = tree_search(localpartlist_anchor, sub); suffix = US"_l"; break;
6952 expand_string_message = string_sprintf("bad suffix on \"list\" operator");
6958 expand_string_message = string_sprintf("\"%s\" is not a %snamed list",
6960 : *arg=='a'?"address "
6961 : *arg=='d'?"domain "
6963 : *arg=='l'?"localpart "
6968 list = ((namedlist_block *)(t->data.ptr))->string;
6970 while ((item = string_nextinlist(&list, &sep, buffer, sizeof(buffer))))
6972 uschar * buf = US" : ";
6974 yield = string_catn(yield, buf, 3);
6978 if (*item == '+') /* list item is itself a named list */
6980 uschar * sub = string_sprintf("${listnamed%s:%s}", suffix, item);
6981 item = expand_string_internal(sub, FALSE, NULL, FALSE, TRUE, &resetok);
6983 else if (sep != ':') /* item from non-colon-sep list, re-quote for colon list-separator */
6987 tok[0] = sep; tok[1] = ':'; tok[2] = 0;
6988 while ((cp= strpbrk(CCS item, tok)))
6990 yield = string_catn(yield, item, cp - CS item);
6991 if (*cp++ == ':') /* colon in a non-colon-sep list item, needs doubling */
6993 yield = string_catn(yield, US"::", 2);
6996 else /* sep in item; should already be doubled; emit once */
6998 yield = string_catn(yield, US tok, 1);
6999 if (*cp == sep) cp++;
7004 yield = string_cat(yield, item);
7009 /* mask applies a mask to an IP address; for example the result of
7010 ${mask:131.111.10.206/28} is 131.111.10.192/28. */
7017 int mask, maskoffset;
7018 int type = string_is_ip_address(sub, &maskoffset);
7023 expand_string_message = string_sprintf("\"%s\" is not an IP address",
7028 if (maskoffset == 0)
7030 expand_string_message = string_sprintf("missing mask value in \"%s\"",
7035 mask = Ustrtol(sub + maskoffset + 1, &endptr, 10);
7037 if (*endptr != 0 || mask < 0 || mask > ((type == 4)? 32 : 128))
7039 expand_string_message = string_sprintf("mask value too big in \"%s\"",
7044 /* Convert the address to binary integer(s) and apply the mask */
7046 sub[maskoffset] = 0;
7047 count = host_aton(sub, binary);
7048 host_mask(count, binary, mask);
7050 /* Convert to masked textual format and add to output. */
7052 yield = string_catn(yield, buffer,
7053 host_nmtoa(count, binary, mask, buffer, '.'));
7058 case EOP_IPV6DENORM:
7060 int type = string_is_ip_address(sub, NULL);
7067 (void) host_aton(sub, binary);
7070 case 4: /* convert to IPv4-mapped IPv6 */
7071 binary[0] = binary[1] = 0;
7072 binary[2] = 0x0000ffff;
7073 (void) host_aton(sub, binary+3);
7077 expand_string_message =
7078 string_sprintf("\"%s\" is not an IP address", sub);
7082 yield = string_catn(yield, buffer, c == EOP_IPV6NORM
7083 ? ipv6_nmtoa(binary, buffer)
7084 : host_nmtoa(4, binary, -1, buffer, ':')
7090 case EOP_LOCAL_PART:
7094 int start, end, domain;
7095 uschar * t = parse_extract_address(sub, &error, &start, &end, &domain,
7098 yield = c == EOP_DOMAIN
7099 ? string_cat(yield, t + domain)
7100 : c == EOP_LOCAL_PART && domain > 0
7101 ? string_catn(yield, t, domain - 1 )
7102 : string_cat(yield, t);
7108 uschar outsep[2] = { ':', '\0' };
7109 uschar *address, *error;
7110 int save_ptr = yield->ptr;
7111 int start, end, domain; /* Not really used */
7113 while (isspace(*sub)) sub++;
7115 if (*outsep = *++sub) ++sub;
7118 expand_string_message = string_sprintf("output separator "
7119 "missing in expanding ${addresses:%s}", --sub);
7122 f.parse_allow_group = TRUE;
7126 uschar * p = parse_find_address_end(sub, FALSE);
7127 uschar saveend = *p;
7129 address = parse_extract_address(sub, &error, &start, &end, &domain,
7133 /* Add the address to the output list that we are building. This is
7134 done in chunks by searching for the separator character. At the
7135 start, unless we are dealing with the first address of the output
7136 list, add in a space if the new address begins with the separator
7137 character, or is an empty string. */
7141 if (yield->ptr != save_ptr && address[0] == *outsep)
7142 yield = string_catn(yield, US" ", 1);
7146 size_t seglen = Ustrcspn(address, outsep);
7147 yield = string_catn(yield, address, seglen + 1);
7149 /* If we got to the end of the string we output one character
7152 if (address[seglen] == '\0') { yield->ptr--; break; }
7153 yield = string_catn(yield, outsep, 1);
7154 address += seglen + 1;
7157 /* Output a separator after the string: we will remove the
7158 redundant final one at the end. */
7160 yield = string_catn(yield, outsep, 1);
7163 if (saveend == '\0') break;
7167 /* If we have generated anything, remove the redundant final
7170 if (yield->ptr != save_ptr) yield->ptr--;
7171 f.parse_allow_group = FALSE;
7176 /* quote puts a string in quotes if it is empty or contains anything
7177 other than alphamerics, underscore, dot, or hyphen.
7179 quote_local_part puts a string in quotes if RFC 2821/2822 requires it to
7180 be quoted in order to be a valid local part.
7182 In both cases, newlines and carriage returns are converted into \n and \r
7186 case EOP_QUOTE_LOCAL_PART:
7189 BOOL needs_quote = (*sub == 0); /* TRUE for empty string */
7190 uschar *t = sub - 1;
7194 while (!needs_quote && *(++t) != 0)
7195 needs_quote = !isalnum(*t) && !strchr("_-.", *t);
7197 else /* EOP_QUOTE_LOCAL_PART */
7199 while (!needs_quote && *(++t) != 0)
7200 needs_quote = !isalnum(*t) &&
7201 strchr("!#$%&'*+-/=?^_`{|}~", *t) == NULL &&
7202 (*t != '.' || t == sub || t[1] == 0);
7207 yield = string_catn(yield, US"\"", 1);
7212 yield = string_catn(yield, US"\\n", 2);
7213 else if (*t == '\r')
7214 yield = string_catn(yield, US"\\r", 2);
7217 if (*t == '\\' || *t == '"')
7218 yield = string_catn(yield, US"\\", 1);
7219 yield = string_catn(yield, t, 1);
7222 yield = string_catn(yield, US"\"", 1);
7224 else yield = string_cat(yield, sub);
7228 /* quote_lookuptype does lookup-specific quoting */
7233 uschar *opt = Ustrchr(arg, '_');
7235 if (opt != NULL) *opt++ = 0;
7237 n = search_findtype(arg, Ustrlen(arg));
7240 expand_string_message = search_error_message;
7244 if (lookup_list[n]->quote != NULL)
7245 sub = (lookup_list[n]->quote)(sub, opt);
7246 else if (opt != NULL) sub = NULL;
7250 expand_string_message = string_sprintf(
7251 "\"%s\" unrecognized after \"${quote_%s\"",
7256 yield = string_cat(yield, sub);
7260 /* rx quote sticks in \ before any non-alphameric character so that
7261 the insertion works in a regular expression. */
7265 uschar *t = sub - 1;
7269 yield = string_catn(yield, US"\\", 1);
7270 yield = string_catn(yield, t, 1);
7275 /* RFC 2047 encodes, assuming headers_charset (default ISO 8859-1) as
7276 prescribed by the RFC, if there are characters that need to be encoded */
7280 uschar buffer[2048];
7281 yield = string_cat(yield,
7282 parse_quote_2047(sub, Ustrlen(sub), headers_charset,
7283 buffer, sizeof(buffer), FALSE));
7287 /* RFC 2047 decode */
7293 uschar *decoded = rfc2047_decode(sub, check_rfc2047_length,
7294 headers_charset, '?', &len, &error);
7297 expand_string_message = error;
7300 yield = string_catn(yield, decoded, len);
7304 /* from_utf8 converts UTF-8 to 8859-1, turning non-existent chars into
7314 if (c > 255) c = '_';
7316 yield = string_catn(yield, buff, 1);
7321 /* replace illegal UTF-8 sequences by replacement character */
7323 #define UTF8_REPLACEMENT_CHAR US"?"
7327 int seq_len = 0, index = 0;
7329 long codepoint = -1;
7331 uschar seq_buff[4]; /* accumulate utf-8 here */
7340 if ((c & 0xc0) != 0x80)
7341 /* wrong continuation byte; invalidate all bytes */
7342 complete = 1; /* error */
7345 codepoint = (codepoint << 6) | (c & 0x3f);
7346 seq_buff[index++] = c;
7347 if (--bytes_left == 0) /* codepoint complete */
7348 if(codepoint > 0x10FFFF) /* is it too large? */
7349 complete = -1; /* error (RFC3629 limit) */
7351 { /* finished; output utf-8 sequence */
7352 yield = string_catn(yield, seq_buff, seq_len);
7357 else /* no bytes left: new sequence */
7359 if((c & 0x80) == 0) /* 1-byte sequence, US-ASCII, keep it */
7361 yield = string_catn(yield, &c, 1);
7364 if((c & 0xe0) == 0xc0) /* 2-byte sequence */
7366 if(c == 0xc0 || c == 0xc1) /* 0xc0 and 0xc1 are illegal */
7371 codepoint = c & 0x1f;
7374 else if((c & 0xf0) == 0xe0) /* 3-byte sequence */
7377 codepoint = c & 0x0f;
7379 else if((c & 0xf8) == 0xf0) /* 4-byte sequence */
7382 codepoint = c & 0x07;
7384 else /* invalid or too long (RFC3629 allows only 4 bytes) */
7387 seq_buff[index++] = c;
7388 seq_len = bytes_left + 1;
7389 } /* if(bytes_left) */
7393 bytes_left = index = 0;
7394 yield = string_catn(yield, UTF8_REPLACEMENT_CHAR, 1);
7396 if ((complete == 1) && ((c & 0x80) == 0))
7397 /* ASCII character follows incomplete sequence */
7398 yield = string_catn(yield, &c, 1);
7400 /* If given a sequence truncated mid-character, we also want to report ?
7401 * Eg, ${length_1:フィル} is one byte, not one character, so we expect
7402 * ${utf8clean:${length_1:フィル}} to yield '?' */
7403 if (bytes_left != 0)
7405 yield = string_catn(yield, UTF8_REPLACEMENT_CHAR, 1);
7411 case EOP_UTF8_DOMAIN_TO_ALABEL:
7413 uschar * error = NULL;
7414 uschar * s = string_domain_utf8_to_alabel(sub, &error);
7417 expand_string_message = string_sprintf(
7418 "error converting utf8 (%s) to alabel: %s",
7419 string_printing(sub), error);
7422 yield = string_cat(yield, s);
7426 case EOP_UTF8_DOMAIN_FROM_ALABEL:
7428 uschar * error = NULL;
7429 uschar * s = string_domain_alabel_to_utf8(sub, &error);
7432 expand_string_message = string_sprintf(
7433 "error converting alabel (%s) to utf8: %s",
7434 string_printing(sub), error);
7437 yield = string_cat(yield, s);
7441 case EOP_UTF8_LOCALPART_TO_ALABEL:
7443 uschar * error = NULL;
7444 uschar * s = string_localpart_utf8_to_alabel(sub, &error);
7447 expand_string_message = string_sprintf(
7448 "error converting utf8 (%s) to alabel: %s",
7449 string_printing(sub), error);
7452 yield = string_cat(yield, s);
7453 DEBUG(D_expand) debug_printf_indent("yield: '%s'\n", yield->s);
7457 case EOP_UTF8_LOCALPART_FROM_ALABEL:
7459 uschar * error = NULL;
7460 uschar * s = string_localpart_alabel_to_utf8(sub, &error);
7463 expand_string_message = string_sprintf(
7464 "error converting alabel (%s) to utf8: %s",
7465 string_printing(sub), error);
7468 yield = string_cat(yield, s);
7471 #endif /* EXPERIMENTAL_INTERNATIONAL */
7473 /* escape turns all non-printing characters into escape sequences. */
7477 const uschar * t = string_printing(sub);
7478 yield = string_cat(yield, t);
7482 case EOP_ESCAPE8BIT:
7486 for (const uschar * s = sub; (c = *s); s++)
7487 yield = c < 127 && c != '\\'
7488 ? string_catn(yield, s, 1)
7489 : string_fmt_append(yield, "\\%03o", c);
7493 /* Handle numeric expression evaluation */
7498 uschar *save_sub = sub;
7499 uschar *error = NULL;
7500 int_eximarith_t n = eval_expr(&sub, (c == EOP_EVAL10), &error, FALSE);
7503 expand_string_message = string_sprintf("error in expression "
7504 "evaluation: %s (after processing \"%.*s\")", error,
7505 (int)(sub-save_sub), save_sub);
7508 yield = string_fmt_append(yield, PR_EXIM_ARITH, n);
7512 /* Handle time period formatting */
7516 int n = readconf_readtime(sub, 0, FALSE);
7519 expand_string_message = string_sprintf("string \"%s\" is not an "
7520 "Exim time interval in \"%s\" operator", sub, name);
7523 yield = string_fmt_append(yield, "%d", n);
7527 case EOP_TIME_INTERVAL:
7530 uschar *t = read_number(&n, sub);
7531 if (*t != 0) /* Not A Number*/
7533 expand_string_message = string_sprintf("string \"%s\" is not a "
7534 "positive number in \"%s\" operator", sub, name);
7537 t = readconf_printtime(n);
7538 yield = string_cat(yield, t);
7542 /* Convert string to base64 encoding */
7548 uschar * s = vp && *(void **)vp->value
7549 ? tls_cert_der_b64(*(void **)vp->value)
7550 : b64encode(CUS sub, Ustrlen(sub));
7552 uschar * s = b64encode(CUS sub, Ustrlen(sub));
7554 yield = string_cat(yield, s);
7561 int len = b64decode(sub, &s);
7564 expand_string_message = string_sprintf("string \"%s\" is not "
7565 "well-formed for \"%s\" operator", sub, name);
7568 yield = string_cat(yield, s);
7572 /* strlen returns the length of the string */
7575 yield = string_fmt_append(yield, "%d", Ustrlen(sub));
7578 /* length_n or l_n takes just the first n characters or the whole string,
7579 whichever is the shorter;
7581 substr_m_n, and s_m_n take n characters from offset m; negative m take
7582 from the end; l_n is synonymous with s_0_n. If n is omitted in substr it
7583 takes the rest, either to the right or to the left.
7585 hash_n or h_n makes a hash of length n from the string, yielding n
7586 characters from the set a-z; hash_n_m makes a hash of length n, but
7587 uses m characters from the set a-zA-Z0-9.
7589 nhash_n returns a single number between 0 and n-1 (in text form), while
7590 nhash_n_m returns a div/mod hash as two numbers "a/b". The first lies
7591 between 0 and n-1 and the second between 0 and m-1. */
7611 expand_string_message = string_sprintf("missing values after %s",
7616 /* "length" has only one argument, effectively being synonymous with
7619 if (c == EOP_LENGTH || c == EOP_L)
7625 /* The others have one or two arguments; for "substr" the first may be
7626 negative. The second being negative means "not supplied". */
7631 if (name[0] == 's' && *arg == '-') { sign = -1; arg++; }
7634 /* Read up to two numbers, separated by underscores */
7639 if (arg != ret && *arg == '_' && pn == &value1)
7643 if (arg[1] != 0) arg++;
7645 else if (!isdigit(*arg))
7647 expand_string_message =
7648 string_sprintf("non-digit after underscore in \"%s\"", name);
7651 else *pn = (*pn)*10 + *arg++ - '0';
7655 /* Perform the required operation */
7658 (c == EOP_HASH || c == EOP_H)?
7659 compute_hash(sub, value1, value2, &len) :
7660 (c == EOP_NHASH || c == EOP_NH)?
7661 compute_nhash(sub, value1, value2, &len) :
7662 extract_substr(sub, value1, value2, &len);
7664 if (ret == NULL) goto EXPAND_FAILED;
7665 yield = string_catn(yield, ret, len);
7674 uschar **modetable[3];
7678 if (expand_forbid & RDO_EXISTS)
7680 expand_string_message = US"Use of the stat() expansion is not permitted";
7684 if (stat(CS sub, &st) < 0)
7686 expand_string_message = string_sprintf("stat(%s) failed: %s",
7687 sub, strerror(errno));
7691 switch (mode & S_IFMT)
7693 case S_IFIFO: smode[0] = 'p'; break;
7694 case S_IFCHR: smode[0] = 'c'; break;
7695 case S_IFDIR: smode[0] = 'd'; break;
7696 case S_IFBLK: smode[0] = 'b'; break;
7697 case S_IFREG: smode[0] = '-'; break;
7698 default: smode[0] = '?'; break;
7701 modetable[0] = ((mode & 01000) == 0)? mtable_normal : mtable_sticky;
7702 modetable[1] = ((mode & 02000) == 0)? mtable_normal : mtable_setid;
7703 modetable[2] = ((mode & 04000) == 0)? mtable_normal : mtable_setid;
7705 for (int i = 0; i < 3; i++)
7707 memcpy(CS(smode + 7 - i*3), CS(modetable[i][mode & 7]), 3);
7712 yield = string_fmt_append(yield,
7713 "mode=%04lo smode=%s inode=%ld device=%ld links=%ld "
7714 "uid=%ld gid=%ld size=" OFF_T_FMT " atime=%ld mtime=%ld ctime=%ld",
7715 (long)(st.st_mode & 077777), smode, (long)st.st_ino,
7716 (long)st.st_dev, (long)st.st_nlink, (long)st.st_uid,
7717 (long)st.st_gid, st.st_size, (long)st.st_atime,
7718 (long)st.st_mtime, (long)st.st_ctime);
7722 /* vaguely random number less than N */
7726 int_eximarith_t max = expanded_string_integer(sub, TRUE);
7728 if (expand_string_message)
7730 yield = string_fmt_append(yield, "%d", vaguely_random_number((int)max));
7734 /* Reverse IP, including IPv6 to dotted-nibble */
7736 case EOP_REVERSE_IP:
7738 int family, maskptr;
7739 uschar reversed[128];
7741 family = string_is_ip_address(sub, &maskptr);
7744 expand_string_message = string_sprintf(
7745 "reverse_ip() not given an IP address [%s]", sub);
7748 invert_address(reversed, sub);
7749 yield = string_cat(yield, reversed);
7753 /* Unknown operator */
7756 expand_string_message =
7757 string_sprintf("unknown expansion operator \"%s\"", name);
7762 /* Handle a plain name. If this is the first thing in the expansion, release
7763 the pre-allocated buffer. If the result data is known to be in a new buffer,
7764 newsize will be set to the size of that buffer, and we can just point at that
7765 store instead of copying. Many expansion strings contain just one reference,
7766 so this is a useful optimization, especially for humungous headers
7767 ($message_headers). */
7776 g = store_get(sizeof(gstring));
7777 else if (yield->ptr == 0)
7779 if (resetok) store_reset(yield);
7781 g = store_get(sizeof(gstring)); /* alloc _before_ calling find_variable() */
7783 if (!(value = find_variable(name, FALSE, skipping, &newsize)))
7785 expand_string_message =
7786 string_sprintf("unknown variable in \"${%s}\"", name);
7787 check_variable_error_message(name);
7790 len = Ustrlen(value);
7791 if (!yield && newsize)
7794 yield->size = newsize;
7799 yield = string_catn(yield, value, len);
7803 /* Else there's something wrong */
7805 expand_string_message =
7806 string_sprintf("\"${%s\" is not a known operator (or a } is missing "
7807 "in a variable reference)", name);
7811 /* If we hit the end of the string when ket_ends is set, there is a missing
7812 terminating brace. */
7814 if (ket_ends && *s == 0)
7816 expand_string_message = malformed_header
7817 ? US"missing } at end of string - could be header name not terminated by colon"
7818 : US"missing } at end of string";
7822 /* Expansion succeeded; yield may still be NULL here if nothing was actually
7823 added to the string. If so, set up an empty string. Add a terminating zero. If
7824 left != NULL, return a pointer to the terminator. */
7827 yield = string_get(1);
7828 (void) string_from_gstring(yield);
7829 if (left) *left = s;
7831 /* Any stacking store that was used above the final string is no longer needed.
7832 In many cases the final string will be the first one that was got and so there
7833 will be optimal store usage. */
7835 if (resetok) store_reset(yield->s + (yield->size = yield->ptr + 1));
7836 else if (resetok_p) *resetok_p = FALSE;
7841 debug_printf_indent("|--expanding: %.*s\n", (int)(s - string), string);
7842 debug_printf_indent("%sresult: %s\n",
7843 skipping ? "|-----" : "\\_____", yield->s);
7845 debug_printf_indent("\\___skipping: result is not used\n");
7849 debug_printf_indent(UTF8_VERT_RIGHT UTF8_HORIZ UTF8_HORIZ
7850 "expanding: %.*s\n",
7851 (int)(s - string), string);
7852 debug_printf_indent("%s"
7853 UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ
7855 skipping ? UTF8_VERT_RIGHT : UTF8_UP_RIGHT,
7858 debug_printf_indent(UTF8_UP_RIGHT UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ
7859 "skipping: result is not used\n");
7864 /* This is the failure exit: easiest to program with a goto. We still need
7865 to update the pointer to the terminator, for cases of nested calls with "fail".
7868 EXPAND_FAILED_CURLY:
7869 if (malformed_header)
7870 expand_string_message =
7871 US"missing or misplaced { or } - could be header name not terminated by colon";
7873 else if (!expand_string_message || !*expand_string_message)
7874 expand_string_message = US"missing or misplaced { or }";
7876 /* At one point, Exim reset the store to yield (if yield was not NULL), but
7877 that is a bad idea, because expand_string_message is in dynamic store. */
7880 if (left) *left = s;
7884 debug_printf_indent("|failed to expand: %s\n", string);
7885 debug_printf_indent("%serror message: %s\n",
7886 f.expand_string_forcedfail ? "|---" : "\\___", expand_string_message);
7887 if (f.expand_string_forcedfail)
7888 debug_printf_indent("\\failure was forced\n");
7892 debug_printf_indent(UTF8_VERT_RIGHT "failed to expand: %s\n",
7894 debug_printf_indent("%s" UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ
7895 "error message: %s\n",
7896 f.expand_string_forcedfail ? UTF8_VERT_RIGHT : UTF8_UP_RIGHT,
7897 expand_string_message);
7898 if (f.expand_string_forcedfail)
7899 debug_printf_indent(UTF8_UP_RIGHT "failure was forced\n");
7901 if (resetok_p && !resetok) *resetok_p = FALSE;
7907 /* This is the external function call. Do a quick check for any expansion
7908 metacharacters, and if there are none, just return the input string.
7910 Argument: the string to be expanded
7911 Returns: the expanded string, or NULL if expansion failed; if failure was
7912 due to a lookup deferring, search_find_defer will be TRUE
7916 expand_cstring(const uschar * string)
7918 if (Ustrpbrk(string, "$\\") != NULL)
7920 int old_pool = store_pool;
7923 f.search_find_defer = FALSE;
7924 malformed_header = FALSE;
7925 store_pool = POOL_MAIN;
7926 s = expand_string_internal(string, FALSE, NULL, FALSE, TRUE, NULL);
7927 store_pool = old_pool;
7935 expand_string(uschar * string)
7937 return US expand_cstring(CUS string);
7944 /*************************************************
7946 *************************************************/
7948 /* Now and again we want to expand a string and be sure that the result is in a
7949 new bit of store. This function does that.
7950 Since we know it has been copied, the de-const cast is safe.
7952 Argument: the string to be expanded
7953 Returns: the expanded string, always in a new bit of store, or NULL
7957 expand_string_copy(const uschar *string)
7959 const uschar *yield = expand_cstring(string);
7960 if (yield == string) yield = string_copy(string);
7966 /*************************************************
7967 * Expand and interpret as an integer *
7968 *************************************************/
7970 /* Expand a string, and convert the result into an integer.
7973 string the string to be expanded
7974 isplus TRUE if a non-negative number is expected
7976 Returns: the integer value, or
7977 -1 for an expansion error ) in both cases, message in
7978 -2 for an integer interpretation error ) expand_string_message
7979 expand_string_message is set NULL for an OK integer
7983 expand_string_integer(uschar *string, BOOL isplus)
7985 return expanded_string_integer(expand_string(string), isplus);
7989 /*************************************************
7990 * Interpret string as an integer *
7991 *************************************************/
7993 /* Convert a string (that has already been expanded) into an integer.
7995 This function is used inside the expansion code.
7998 s the string to be expanded
7999 isplus TRUE if a non-negative number is expected
8001 Returns: the integer value, or
8002 -1 if string is NULL (which implies an expansion error)
8003 -2 for an integer interpretation error
8004 expand_string_message is set NULL for an OK integer
8007 static int_eximarith_t
8008 expanded_string_integer(const uschar *s, BOOL isplus)
8010 int_eximarith_t value;
8011 uschar *msg = US"invalid integer \"%s\"";
8014 /* If expansion failed, expand_string_message will be set. */
8016 if (s == NULL) return -1;
8018 /* On an overflow, strtol() returns LONG_MAX or LONG_MIN, and sets errno
8019 to ERANGE. When there isn't an overflow, errno is not changed, at least on some
8020 systems, so we set it zero ourselves. */
8023 expand_string_message = NULL; /* Indicates no error */
8025 /* Before Exim 4.64, strings consisting entirely of whitespace compared
8026 equal to 0. Unfortunately, people actually relied upon that, so preserve
8027 the behaviour explicitly. Stripping leading whitespace is a harmless
8028 noop change since strtol skips it anyway (provided that there is a number
8032 while (isspace(*s)) ++s;
8036 debug_printf_indent("treating blank string as number 0\n");
8041 value = strtoll(CS s, CSS &endptr, 10);
8045 msg = US"integer expected but \"%s\" found";
8047 else if (value < 0 && isplus)
8049 msg = US"non-negative integer expected but \"%s\" found";
8053 switch (tolower(*endptr))
8058 if (value > EXIM_ARITH_MAX/1024 || value < EXIM_ARITH_MIN/1024) errno = ERANGE;
8063 if (value > EXIM_ARITH_MAX/(1024*1024) || value < EXIM_ARITH_MIN/(1024*1024)) errno = ERANGE;
8064 else value *= 1024*1024;
8068 if (value > EXIM_ARITH_MAX/(1024*1024*1024) || value < EXIM_ARITH_MIN/(1024*1024*1024)) errno = ERANGE;
8069 else value *= 1024*1024*1024;
8073 if (errno == ERANGE)
8074 msg = US"absolute value of integer \"%s\" is too large (overflow)";
8077 while (isspace(*endptr)) endptr++;
8078 if (*endptr == 0) return value;
8082 expand_string_message = string_sprintf(CS msg, s);
8087 /* These values are usually fixed boolean values, but they are permitted to be
8091 addr address being routed
8092 mtype the module type
8093 mname the module name
8094 dbg_opt debug selectors
8095 oname the option name
8096 bvalue the router's boolean value
8097 svalue the router's string value
8098 rvalue where to put the returned value
8100 Returns: OK value placed in rvalue
8101 DEFER expansion failed
8105 exp_bool(address_item *addr,
8106 uschar *mtype, uschar *mname, unsigned dbg_opt,
8107 uschar *oname, BOOL bvalue,
8108 uschar *svalue, BOOL *rvalue)
8111 if (svalue == NULL) { *rvalue = bvalue; return OK; }
8113 expanded = expand_string(svalue);
8114 if (expanded == NULL)
8116 if (f.expand_string_forcedfail)
8118 DEBUG(dbg_opt) debug_printf("expansion of \"%s\" forced failure\n", oname);
8122 addr->message = string_sprintf("failed to expand \"%s\" in %s %s: %s",
8123 oname, mname, mtype, expand_string_message);
8124 DEBUG(dbg_opt) debug_printf("%s\n", addr->message);
8128 DEBUG(dbg_opt) debug_printf("expansion of \"%s\" yields \"%s\"\n", oname,
8131 if (strcmpic(expanded, US"true") == 0 || strcmpic(expanded, US"yes") == 0)
8133 else if (strcmpic(expanded, US"false") == 0 || strcmpic(expanded, US"no") == 0)
8137 addr->message = string_sprintf("\"%s\" is not a valid value for the "
8138 "\"%s\" option in the %s %s", expanded, oname, mname, mtype);
8147 /* Avoid potentially exposing a password in a string about to be logged */
8150 expand_hide_passwords(uschar * s)
8152 return ( ( Ustrstr(s, "failed to expand") != NULL
8153 || Ustrstr(s, "expansion of ") != NULL
8155 && ( Ustrstr(s, "mysql") != NULL
8156 || Ustrstr(s, "pgsql") != NULL
8157 || Ustrstr(s, "redis") != NULL
8158 || Ustrstr(s, "sqlite") != NULL
8159 || Ustrstr(s, "ldap:") != NULL
8160 || Ustrstr(s, "ldaps:") != NULL
8161 || Ustrstr(s, "ldapi:") != NULL
8162 || Ustrstr(s, "ldapdn:") != NULL
8163 || Ustrstr(s, "ldapm:") != NULL
8165 ? US"Temporary internal error" : s;
8169 /* Read given named file into big_buffer. Use for keying material etc.
8170 The content will have an ascii NUL appended.
8175 Return: pointer to buffer, or NULL on error.
8179 expand_file_big_buffer(const uschar * filename)
8181 int fd, off = 0, len;
8183 if ((fd = open(CS filename, O_RDONLY)) < 0)
8185 log_write(0, LOG_MAIN | LOG_PANIC, "unable to open file for reading: %s",
8192 if ((len = read(fd, big_buffer + off, big_buffer_size - 2 - off)) < 0)
8195 log_write(0, LOG_MAIN|LOG_PANIC, "unable to read file: %s", filename);
8203 big_buffer[off] = '\0';
8209 /*************************************************
8210 * Error-checking for testsuite *
8211 *************************************************/
8213 uschar * region_start;
8214 uschar * region_end;
8215 const uschar *var_name;
8216 const uschar *var_data;
8220 assert_variable_notin(uschar * var_name, uschar * var_data, void * ctx)
8223 if (var_data >= e->region_start && var_data < e->region_end)
8225 e->var_name = CUS var_name;
8226 e->var_data = CUS var_data;
8231 assert_no_variables(void * ptr, int len, const char * filename, int linenumber)
8233 err_ctx e = { .region_start = ptr, .region_end = US ptr + len,
8234 .var_name = NULL, .var_data = NULL };
8236 /* check acl_ variables */
8237 tree_walk(acl_var_c, assert_variable_notin, &e);
8238 tree_walk(acl_var_m, assert_variable_notin, &e);
8240 /* check auth<n> variables */
8241 for (int i = 0; i < AUTH_VARS; i++) if (auth_vars[i])
8242 assert_variable_notin(US"auth<n>", auth_vars[i], &e);
8244 /* check regex<n> variables */
8245 for (int i = 0; i < REGEX_VARS; i++) if (regex_vars[i])
8246 assert_variable_notin(US"regex<n>", regex_vars[i], &e);
8248 /* check known-name variables */
8249 for (var_entry * v = var_table; v < var_table + var_table_size; v++)
8250 if (v->type == vtype_stringptr)
8251 assert_variable_notin(US v->name, *(USS v->value), &e);
8253 /* check dns and address trees */
8254 tree_walk(tree_dns_fails, assert_variable_notin, &e);
8255 tree_walk(tree_duplicates, assert_variable_notin, &e);
8256 tree_walk(tree_nonrecipients, assert_variable_notin, &e);
8257 tree_walk(tree_unusable, assert_variable_notin, &e);
8260 log_write(0, LOG_MAIN|LOG_PANIC_DIE,
8261 "live variable '%s' destroyed by reset_store at %s:%d\n- value '%.64s'",
8262 e.var_name, filename, linenumber, e.var_data);
8267 /*************************************************
8268 **************************************************
8269 * Stand-alone test program *
8270 **************************************************
8271 *************************************************/
8277 regex_match_and_setup(const pcre *re, uschar *subject, int options, int setup)
8279 int ovector[3*(EXPAND_MAXN+1)];
8280 int n = pcre_exec(re, NULL, subject, Ustrlen(subject), 0, PCRE_EOPT|options,
8281 ovector, nelem(ovector));
8282 BOOL yield = n >= 0;
8283 if (n == 0) n = EXPAND_MAXN + 1;
8286 expand_nmax = setup < 0 ? 0 : setup + 1;
8287 for (int nn = setup < 0 ? 0 : 2; nn < n*2; nn += 2)
8289 expand_nstring[expand_nmax] = subject + ovector[nn];
8290 expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn];
8298 int main(int argc, uschar **argv)
8300 uschar buffer[1024];
8302 debug_selector = D_v;
8303 debug_file = stderr;
8304 debug_fd = fileno(debug_file);
8305 big_buffer = malloc(big_buffer_size);
8307 for (int i = 1; i < argc; i++)
8309 if (argv[i][0] == '+')
8311 debug_trace_memory = 2;
8314 if (isdigit(argv[i][0]))
8315 debug_selector = Ustrtol(argv[i], NULL, 0);
8317 if (Ustrspn(argv[i], "abcdefghijklmnopqrtsuvwxyz0123456789-.:/") ==
8321 eldap_default_servers = argv[i];
8324 mysql_servers = argv[i];
8327 pgsql_servers = argv[i];
8330 redis_servers = argv[i];
8334 else opt_perl_startup = argv[i];
8338 printf("Testing string expansion: debug_level = %d\n\n", debug_level);
8340 expand_nstring[1] = US"string 1....";
8341 expand_nlength[1] = 8;
8345 if (opt_perl_startup != NULL)
8348 printf("Starting Perl interpreter\n");
8349 errstr = init_perl(opt_perl_startup);
8352 printf("** error in perl_startup code: %s\n", errstr);
8353 return EXIT_FAILURE;
8356 #endif /* EXIM_PERL */
8358 while (fgets(buffer, sizeof(buffer), stdin) != NULL)
8360 void *reset_point = store_get(0);
8361 uschar *yield = expand_string(buffer);
8364 printf("%s\n", yield);
8365 store_reset(reset_point);
8369 if (f.search_find_defer) printf("search_find deferred\n");
8370 printf("Failed: %s\n", expand_string_message);
8371 if (f.expand_string_forcedfail) printf("Forced failure\n");
8385 /* End of expand.c */
git://git.exim.org / users / jgh / exim.git / blob