int xsasl_cyrus_server_first(XSASL_SERVER *xp, const char *sasl_method,
const char *init_response, VSTRING *reply)
{
const char *myname = "xsasl_cyrus_server_first";
XSASL_CYRUS_SERVER *server = (XSASL_CYRUS_SERVER *) xp;
char *dec_buffer;
unsigned dec_length;
unsigned reply_len;
unsigned serveroutlen;
int sasl_status;
SERVEROUT_TYPE serverout = 0;
int xsasl_status;
#if SASL_VERSION_MAJOR < 2
const char *errstr = 0;
#endif
#define IFELSE(e1,e2,e3) ((e1) ? (e2) : (e3))
if (msg_verbose)
msg_info("%s: sasl_method %s%s%s", myname, sasl_method,
IFELSE(init_response, ", init_response ", ""),
IFELSE(init_response, init_response, ""));
/*
* SASL authentication protocol start-up. Process any initial client
* response that was sent along in the AUTH command.
*/
if (init_response) {
reply_len = strlen(init_response);
VSTRING_RESET(server->decoded); /* Fix 200512 */
VSTRING_SPACE(server->decoded, reply_len);
if ((sasl_status = SASL_DECODE64(init_response, reply_len,
dec_buffer = STR(server->decoded),
vstring_avail(server->decoded),
&dec_length)) != SASL_OK) {
vstring_strcpy(reply, xsasl_cyrus_strerror(sasl_status));
return (XSASL_AUTH_FORM);
}
if (msg_verbose)
msg_info("%s: decoded initial response %s", myname, dec_buffer);
} else {
dec_buffer = 0;
dec_length = 0;
}
sasl_status = SASL_SERVER_START(server->sasl_conn, sasl_method, dec_buffer,
dec_length, &serverout,
&serveroutlen, &errstr);
xsasl_status = xsasl_cyrus_server_auth_response(sasl_status, serverout,
serveroutlen, reply);
#if SASL_VERSION_MAJOR < 2
/* SASL version 1 doesn't free memory that it allocates. */
free(serverout);
#endif
return (xsasl_status);
}
static ssize_t read_buf(VSTREAM *fp, VSTRING *buf)
{
ssize_t len;
VSTRING_RESET(buf);
len = vstream_fread(fp, STR(buf), vstring_avail(buf));
VSTRING_AT_OFFSET(buf, len); /* XXX */
VSTRING_TERMINATE(buf);
return (len);
}
const char *psc_expand_lookup(const char *name, int unused_mode,
char *context)
{
PSC_STATE *state = (PSC_STATE *) context;
time_t now;
struct tm *lt;
if (state->expand_buf == 0)
state->expand_buf = vstring_alloc(10);
if (msg_verbose > 1)
msg_info("psc_expand_lookup: ${%s}", name);
#define STREQ(x,y) (*(x) == *(y) && strcmp((x), (y)) == 0)
#define STREQN(x,y,n) (*(x) == *(y) && strncmp((x), (y), (n)) == 0)
#define CONST_LEN(x) (sizeof(x) - 1)
/*
* Don't query main.cf parameters, as the result of expansion could
* reveal system-internal information in server replies.
*
* XXX: This said, multiple servers may be behind a single client-visible
* name or IP address, and each may generate its own logs. Therefore, it
* may be useful to expose the replying MTA id (myhostname) in the
* contact footer, to identify the right logs. So while we don't expose
* the raw configuration dictionary, we do expose "$myhostname" as
* expanded in var_myhostname.
*
* Return NULL only for non-existent names.
*/
if (STREQ(name, MAIL_ATTR_SERVER_NAME)) {
return (var_myhostname);
} else if (STREQ(name, MAIL_ATTR_ACT_CLIENT_ADDR)) {
return (state->smtp_client_addr);
} else if (STREQ(name, MAIL_ATTR_ACT_CLIENT_PORT)) {
return (state->smtp_client_port);
} if (STREQ(name, MAIL_ATTR_LOCALTIME)) {
if (time(&now) == (time_t) - 1)
msg_fatal("time lookup failed: %m");
lt = localtime(&now);
VSTRING_RESET(state->expand_buf);
do {
VSTRING_SPACE(state->expand_buf, 100);
} while (strftime(STR(state->expand_buf),
vstring_avail(state->expand_buf),
"%b %d %H:%M:%S", lt) == 0);
return (STR(state->expand_buf));
} else {
msg_warn("unknown macro name \"%s\" in expansion request", name);
return (0);
}
}
static int xsasl_cyrus_server_next(XSASL_SERVER *xp, const char *request,
VSTRING *reply)
{
const char *myname = "xsasl_cyrus_server_next";
XSASL_CYRUS_SERVER *server = (XSASL_CYRUS_SERVER *) xp;
unsigned dec_length;
unsigned request_len;
unsigned serveroutlen;
int sasl_status;
SERVEROUT_TYPE serverout = 0;
int xsasl_status;
#if SASL_VERSION_MAJOR < 2
const char *errstr = 0;
#endif
request_len = strlen(request);
VSTRING_RESET(server->decoded); /* Fix 200512 */
VSTRING_SPACE(server->decoded, request_len);
if ((sasl_status = SASL_DECODE64(request, request_len,
STR(server->decoded),
vstring_avail(server->decoded),
&dec_length)) != SASL_OK) {
vstring_strcpy(reply, xsasl_cyrus_strerror(sasl_status));
return (XSASL_AUTH_FORM);
}
if (msg_verbose)
msg_info("%s: decoded response: %.*s",
myname, (int) dec_length, STR(server->decoded));
sasl_status = SASL_SERVER_STEP(server->sasl_conn, STR(server->decoded),
dec_length, &serverout,
&serveroutlen, &errstr);
xsasl_status = xsasl_cyrus_server_auth_response(sasl_status, serverout,
serveroutlen, reply);
#if SASL_VERSION_MAJOR < 2
/* SASL version 1 doesn't free memory that it allocates. */
free(serverout);
#endif
return (xsasl_status);
}
static int xsasl_cyrus_server_auth_response(int sasl_status,
SERVEROUT_TYPE serverout,
unsigned serveroutlen,
VSTRING *reply)
{
const char *myname = "xsasl_cyrus_server_auth_response";
unsigned enc_length;
unsigned enc_length_out;
/*
* Encode the server first/next non-error response; otherwise return the
* unencoded error text that corresponds to the SASL error status.
*
* Regarding the hairy expression below: output from sasl_encode64() comes
* in multiples of four bytes for each triple of input bytes, plus four
* bytes for any incomplete last triple, plus one byte for the null
* terminator.
*/
if (sasl_status == SASL_OK) {
vstring_strcpy(reply, "");
return (XSASL_AUTH_DONE);
} else if (sasl_status == SASL_CONTINUE) {
if (msg_verbose)
msg_info("%s: uncoded server challenge: %.*s",
myname, (int) serveroutlen, serverout);
enc_length = ((serveroutlen + 2) / 3) * 4 + 1;
VSTRING_RESET(reply); /* Fix 200512 */
VSTRING_SPACE(reply, enc_length);
if ((sasl_status = sasl_encode64(serverout, serveroutlen,
STR(reply), vstring_avail(reply),
&enc_length_out)) != SASL_OK)
msg_panic("%s: sasl_encode64 botch: %s",
myname, xsasl_cyrus_strerror(sasl_status));
return (XSASL_AUTH_MORE);
} else {
if (sasl_status == SASL_NOUSER) /* privacy */
sasl_status = SASL_BADAUTH;
vstring_strcpy(reply, xsasl_cyrus_strerror(sasl_status));
return (XSASL_AUTH_FAIL);
}
}
static int xsasl_cyrus_client_next(XSASL_CLIENT *xp, const char *server_reply,
VSTRING *client_reply)
{
const char *myname = "xsasl_cyrus_client_next";
XSASL_CYRUS_CLIENT *client = (XSASL_CYRUS_CLIENT *) xp;
unsigned enc_length;
unsigned enc_length_out;
CLIENTOUT_TYPE clientout;
unsigned clientoutlen;
unsigned serverinlen;
int sasl_status;
/*
* Process a server challenge.
*/
serverinlen = strlen(server_reply);
VSTRING_RESET(client->decoded); /* Fix 200512 */
VSTRING_SPACE(client->decoded, serverinlen);
if ((sasl_status = SASL_DECODE64(server_reply, serverinlen,
STR(client->decoded),
vstring_avail(client->decoded),
&enc_length)) != SASL_OK) {
vstring_strcpy(client_reply, xsasl_cyrus_strerror(sasl_status));
return (XSASL_AUTH_FORM);
}
if (msg_verbose)
msg_info("%s: decoded challenge: %.*s",
myname, (int) enc_length, STR(client->decoded));
sasl_status = sasl_client_step(client->sasl_conn, STR(client->decoded),
enc_length, NO_SASL_INTERACTION,
&clientout, &clientoutlen);
if (sasl_status != SASL_OK && sasl_status != SASL_CONTINUE) {
vstring_strcpy(client_reply, xsasl_cyrus_strerror(sasl_status));
return (XSASL_AUTH_FAIL);
}
/*
* Send a client response.
*/
if (clientoutlen > 0) {
if (msg_verbose)
msg_info("%s: uncoded client response %.*s",
myname, (int) clientoutlen, clientout);
enc_length = ENCODE64_LENGTH(clientoutlen) + 1;
VSTRING_RESET(client_reply); /* Fix 200512 */
VSTRING_SPACE(client_reply, enc_length);
if ((sasl_status = sasl_encode64(clientout, clientoutlen,
STR(client_reply),
vstring_avail(client_reply),
&enc_length_out)) != SASL_OK)
msg_panic("%s: sasl_encode64 botch: %s",
myname, xsasl_cyrus_strerror(sasl_status));
#if SASL_VERSION_MAJOR < 2
/* SASL version 1 doesn't free memory that it allocates. */
free(clientout);
#endif
} else {
/* XXX Can't happen. */
vstring_strcpy(client_reply, "");
}
return (XSASL_AUTH_OK);
}
static int xsasl_cyrus_client_first(XSASL_CLIENT *xp,
const char *mechanism_list,
const char *username,
const char *password,
const char **mechanism,
VSTRING *init_resp)
{
const char *myname = "xsasl_cyrus_client_first";
XSASL_CYRUS_CLIENT *client = (XSASL_CYRUS_CLIENT *) xp;
unsigned enc_length;
unsigned enc_length_out;
CLIENTOUT_TYPE clientout;
unsigned clientoutlen;
int sasl_status;
#define NO_SASL_SECRET 0
#define NO_SASL_INTERACTION 0
/*
* Save the username and password for the call-backs.
*/
if (client->username)
myfree(client->username);
client->username = mystrdup(username);
if (client->password)
myfree(client->password);
client->password = mystrdup(password);
/*
* Start the client side authentication protocol.
*/
sasl_status = SASL_CLIENT_START((sasl_conn_t *) client->sasl_conn,
mechanism_list,
NO_SASL_SECRET, NO_SASL_INTERACTION,
&clientout, &clientoutlen, mechanism);
if (sasl_status != SASL_OK && sasl_status != SASL_CONTINUE) {
vstring_strcpy(init_resp, xsasl_cyrus_strerror(sasl_status));
return (XSASL_AUTH_FAIL);
}
/*
* Generate the AUTH command and the optional initial client response.
* sasl_encode64() produces four bytes for each complete or incomplete
* triple of input bytes. Allocate an extra byte for string termination.
*/
#define ENCODE64_LENGTH(n) ((((n) + 2) / 3) * 4)
if (clientoutlen > 0) {
if (msg_verbose) {
escape(client->decoded, clientout, clientoutlen);
msg_info("%s: uncoded initial reply: %s",
myname, STR(client->decoded));
}
enc_length = ENCODE64_LENGTH(clientoutlen) + 1;
VSTRING_RESET(init_resp); /* Fix 200512 */
VSTRING_SPACE(init_resp, enc_length);
if ((sasl_status = sasl_encode64(clientout, clientoutlen,
STR(init_resp),
vstring_avail(init_resp),
&enc_length_out)) != SASL_OK)
msg_panic("%s: sasl_encode64 botch: %s",
myname, xsasl_cyrus_strerror(sasl_status));
VSTRING_AT_OFFSET(init_resp, enc_length_out); /* XXX */
#if SASL_VERSION_MAJOR < 2
/* SASL version 1 doesn't free memory that it allocates. */
free(clientout);
#endif
} else {
vstring_strcpy(init_resp, "");
}
return (XSASL_AUTH_OK);
}
char *casefoldx(int flags, VSTRING *dest, const char *src, ssize_t len)
{
size_t old_len;
#ifdef NO_EAI
/*
* ASCII mode only.
*/
if (len < 0)
len = strlen(src);
if ((flags & CASEF_FLAG_APPEND) == 0)
VSTRING_RESET(dest);
old_len = VSTRING_LEN(dest);
vstring_strncat(dest, src, len);
lowercase(STR(dest) + old_len);
return (STR(dest));
#else
/*
* Unicode mode.
*/
const char myname[] = "casefold";
static VSTRING *fold_buf = 0;
static UCaseMap *csm = 0;
UErrorCode error;
ssize_t space_needed;
int n;
/*
* Handle special cases.
*/
if (len < 0)
len = strlen(src);
if (dest == 0)
dest = (fold_buf != 0 ? fold_buf : (fold_buf = vstring_alloc(100)));
if ((flags & CASEF_FLAG_APPEND) == 0)
VSTRING_RESET(dest);
old_len = VSTRING_LEN(dest);
/*
* All-ASCII input, or ASCII mode only.
*/
if ((flags & CASEF_FLAG_UTF8) == 0 || allascii(src)) {
vstring_strncat(dest, src, len);
lowercase(STR(dest) + old_len);
return (STR(dest));
}
/*
* ICU 4.8 ucasemap_utf8FoldCase() does not complain about UTF-8 syntax
* errors. XXX Based on source-code review we conclude that non-UTF-8
* bytes are copied verbatim, and experiments confirm this. Given that
* this behavior is intentional, we assume that it will stay that way.
*/
#if 0
if (valid_utf8_string(src, len) == 0) {
if (err)
*err = "malformed UTF-8 or invalid codepoint";
return (0);
}
#endif
/*
* One-time initialization. With ICU 4.8 this works while chrooted.
*/
if (csm == 0) {
error = U_ZERO_ERROR;
csm = ucasemap_open("en_US", U_FOLD_CASE_DEFAULT, &error);
if (U_SUCCESS(error) == 0)
msg_fatal("ucasemap_open error: %s", u_errorName(error));
}
/*
* Fold the input, adjusting the buffer size if needed. Safety: don't
* loop forever.
*
* Note: the requested amount of space for casemapped output (as reported
* with space_needed below) does not include storage for the null
* terminator. The terminator is written only when the output buffer is
* large enough. This is why we overallocate space when the output does
* not fit. But if the output fits exactly, then the ouput will be
* unterminated, and we have to terminate the output ourselves.
*/
for (n = 0; n < 3; n++) {
error = U_ZERO_ERROR;
space_needed = ucasemap_utf8FoldCase(csm, STR(dest) + old_len,
vstring_avail(dest), src, len, &error);
if (U_SUCCESS(error)) {
VSTRING_AT_OFFSET(dest, old_len + space_needed);
if (vstring_avail(dest) == 0) /* exact fit, no terminator */
VSTRING_TERMINATE(dest); /* add terminator */
break;
} else if (error == U_BUFFER_OVERFLOW_ERROR) {
VSTRING_SPACE(dest, space_needed + 1); /* for terminator */
} else {
msg_fatal("%s: conversion error for \"%s\": %s",
myname, src, u_errorName(error));
}
}
return (STR(dest));
#endif /* NO_EAI */
}
static int ial_siocgif(INET_ADDR_LIST *addr_list,
INET_ADDR_LIST *mask_list,
int af)
{
const char *myname = "inet_addr_local[siocgif]";
struct in_addr addr;
struct ifconf ifc;
struct ifreq *ifr;
struct ifreq *ifr_mask;
struct ifreq *the_end;
int sock;
VSTRING *buf;
/*
* Get the network interface list. XXX The socket API appears to have no
* function that returns the number of network interfaces, so we have to
* guess how much space is needed to store the result.
*
* On BSD-derived systems, ioctl SIOCGIFCONF returns as much information as
* possible, leaving it up to the application to repeat the request with
* a larger buffer if the result caused a tight fit.
*
* Other systems, such as Solaris 2.5, generate an EINVAL error when the
* buffer is too small for the entire result. Workaround: ignore EINVAL
* errors and repeat the request with a larger buffer. The downside is
* that the program can run out of memory due to a non-memory problem,
* making it more difficult than necessary to diagnose the real problem.
*/
sock = ial_socket(af);
if (sock < 0)
return (0);
buf = vstring_alloc(1024);
for (;;) {
ifc.ifc_len = vstring_avail(buf);
ifc.ifc_buf = vstring_str(buf);
if (ioctl(sock, SIOCGIFCONF, (char *) &ifc) < 0) {
if (errno != EINVAL)
msg_fatal("%s: ioctl SIOCGIFCONF: %m", myname);
} else if (ifc.ifc_len < vstring_avail(buf) / 2)
break;
VSTRING_SPACE(buf, vstring_avail(buf) * 2);
}
the_end = (struct ifreq *) (ifc.ifc_buf + ifc.ifc_len);
for (ifr = ifc.ifc_req; ifr < the_end;) {
if (ifr->ifr_addr.sa_family != af) {
ifr = NEXT_INTERFACE(ifr);
continue;
}
if (af == AF_INET) {
addr = ((struct sockaddr_in *) & ifr->ifr_addr)->sin_addr;
if (addr.s_addr != INADDR_ANY) {
inet_addr_list_append(addr_list, &ifr->ifr_addr);
if (mask_list) {
ifr_mask = (struct ifreq *) mymalloc(IFREQ_SIZE(ifr));
memcpy((void *) ifr_mask, (void *) ifr, IFREQ_SIZE(ifr));
if (ioctl(sock, SIOCGIFNETMASK, ifr_mask) < 0)
msg_fatal("%s: ioctl SIOCGIFNETMASK: %m", myname);
/*
* Note that this SIOCGIFNETMASK has truly screwed up the
* contents of sa_len/sa_family. We must fix this
* manually to have correct addresses. --dcs
*/
ifr_mask->ifr_addr.sa_family = af;
#ifdef HAS_SA_LEN
ifr_mask->ifr_addr.sa_len = sizeof(struct sockaddr_in);
#endif
inet_addr_list_append(mask_list, &ifr_mask->ifr_addr);
myfree((void *) ifr_mask);
}
}
}
#ifdef HAS_IPV6
else if (af == AF_INET6) {
struct sockaddr *sa;
sa = SOCK_ADDR_PTR(&ifr->ifr_addr);
if (!(IN6_IS_ADDR_UNSPECIFIED(&SOCK_ADDR_IN6_ADDR(sa)))) {
inet_addr_list_append(addr_list, sa);
if (mask_list) {
/* XXX Assume /128 for everything */
struct sockaddr_in6 mask6;
mask6 = *SOCK_ADDR_IN6_PTR(sa);
memset((void *) &mask6.sin6_addr, ~0,
sizeof(mask6.sin6_addr));
inet_addr_list_append(mask_list, SOCK_ADDR_PTR(&mask6));
}
}
}
#endif
ifr = NEXT_INTERFACE(ifr);
}
vstring_free(buf);
(void) close(sock);
return (0);
}
static int ial_siocglif(INET_ADDR_LIST *addr_list,
INET_ADDR_LIST *mask_list,
int af)
{
const char *myname = "inet_addr_local[siocglif]";
struct lifconf lifc;
struct lifreq *lifr;
struct lifreq *lifr_mask;
struct lifreq *the_end;
struct sockaddr *sa;
int sock;
VSTRING *buf;
/*
* See also comments in ial_siocgif()
*/
if (af != AF_INET && af != AF_INET6)
msg_fatal("%s: address family was %d, must be AF_INET (%d) or "
"AF_INET6 (%d)", myname, af, AF_INET, AF_INET6);
sock = ial_socket(af);
if (sock < 0)
return (0);
buf = vstring_alloc(1024);
for (;;) {
memset(&lifc, 0, sizeof(lifc));
lifc.lifc_family = AF_UNSPEC; /* XXX Why??? */
lifc.lifc_len = vstring_avail(buf);
lifc.lifc_buf = vstring_str(buf);
if (ioctl(sock, SIOCGLIFCONF, (char *) &lifc) < 0) {
if (errno != EINVAL)
msg_fatal("%s: ioctl SIOCGLIFCONF: %m", myname);
} else if (lifc.lifc_len < vstring_avail(buf) / 2)
break;
VSTRING_SPACE(buf, vstring_avail(buf) * 2);
}
the_end = (struct lifreq *) (lifc.lifc_buf + lifc.lifc_len);
for (lifr = lifc.lifc_req; lifr < the_end;) {
sa = (struct sockaddr *) &lifr->lifr_addr;
if (sa->sa_family != af) {
lifr = NEXT_INTERFACE(lifr);
continue;
}
if (af == AF_INET) {
if (SOCK_ADDR_IN_ADDR(sa).s_addr == INADDR_ANY) {
lifr = NEXT_INTERFACE(lifr);
continue;
}
#ifdef HAS_IPV6
} else if (af == AF_INET6) {
if (IN6_IS_ADDR_UNSPECIFIED(&SOCK_ADDR_IN6_ADDR(sa))) {
lifr = NEXT_INTERFACE(lifr);
continue;
}
}
#endif
inet_addr_list_append(addr_list, sa);
if (mask_list) {
lifr_mask = (struct lifreq *) mymalloc(sizeof(struct lifreq));
memcpy((void *) lifr_mask, (void *) lifr, sizeof(struct lifreq));
if (ioctl(sock, SIOCGLIFNETMASK, lifr_mask) < 0)
msg_fatal("%s: ioctl(SIOCGLIFNETMASK): %m", myname);
/* XXX: Check whether sa_len/family are honoured --dcs */
inet_addr_list_append(mask_list,
(struct sockaddr *) &lifr_mask->lifr_addr);
myfree((void *) lifr_mask);
}
lifr = NEXT_INTERFACE(lifr);
}
vstring_free(buf);
(void) close(sock);
return (0);
}
const char *mail_date(time_t when)
{
static VSTRING *vp;
struct tm *lt;
struct tm gmt;
int gmtoff;
/*
* As if strftime() isn't expensive enough, we're dynamically adjusting
* the size for the result, so we won't be surprised by long names etc.
*/
if (vp == 0)
vp = vstring_alloc(100);
else
VSTRING_RESET(vp);
/*
* POSIX does not require that struct tm has a tm_gmtoff field, so we
* must compute the time offset from UTC by hand.
*
* Starting with the difference in hours/minutes between 24-hour clocks,
* adjust for differences in years, in yeardays, and in (leap) seconds.
*
* Assume 0..23 hours in a day, 0..59 minutes in an hour. The library spec
* has changed: we can no longer assume that there are 0..59 seconds in a
* minute.
*/
gmt = *gmtime(&when);
lt = localtime(&when);
gmtoff = (lt->tm_hour - gmt.tm_hour) * HOUR_MIN + lt->tm_min - gmt.tm_min;
if (lt->tm_year < gmt.tm_year)
gmtoff -= DAY_MIN;
else if (lt->tm_year > gmt.tm_year)
gmtoff += DAY_MIN;
else if (lt->tm_yday < gmt.tm_yday)
gmtoff -= DAY_MIN;
else if (lt->tm_yday > gmt.tm_yday)
gmtoff += DAY_MIN;
if (lt->tm_sec <= gmt.tm_sec - MIN_SEC)
gmtoff -= 1;
else if (lt->tm_sec >= gmt.tm_sec + MIN_SEC)
gmtoff += 1;
/*
* First, format the date and wall-clock time. XXX The %e format (day of
* month, leading zero replaced by blank) isn't in my POSIX book, but
* many vendors seem to support it.
*/
#ifdef MISSING_STRFTIME_E
#define STRFTIME_FMT "%a, %d %b %Y %H:%M:%S "
#else
#define STRFTIME_FMT "%a, %e %b %Y %H:%M:%S "
#endif
while (strftime(vstring_end(vp), vstring_avail(vp), STRFTIME_FMT, lt) == 0)
VSTRING_SPACE(vp, 100);
VSTRING_SKIP(vp);
/*
* Then, add the UTC offset.
*/
if (gmtoff < -DAY_MIN || gmtoff > DAY_MIN)
msg_panic("UTC time offset %d is larger than one day", gmtoff);
vstring_sprintf_append(vp, "%+03d%02d", (int) (gmtoff / HOUR_MIN),
(int) (abs(gmtoff) % HOUR_MIN));
/*
* Finally, add the time zone name.
*/
while (strftime(vstring_end(vp), vstring_avail(vp), " (%Z)", lt) == 0)
VSTRING_SPACE(vp, vstring_avail(vp) + 100);
VSTRING_SKIP(vp);
return (vstring_str(vp));
}
