1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Copyright (c) University of Cambridge 1995 - 2016 */
6 /* See the file NOTICE for conditions of use and distribution. */
8 /* Functions for writing log files. The code for maintaining datestamped
9 log files was originally contributed by Tony Sheen. */
14 #define LOG_NAME_SIZE 256
15 #define MAX_SYSLOG_LEN 870
17 #define LOG_MODE_FILE 1
18 #define LOG_MODE_SYSLOG 2
20 enum { lt_main, lt_reject, lt_panic, lt_debug };
22 static uschar *log_names[] = { US"main", US"reject", US"panic", US"debug" };
26 /*************************************************
27 * Local static variables *
28 *************************************************/
30 static uschar mainlog_name[LOG_NAME_SIZE];
31 static uschar rejectlog_name[LOG_NAME_SIZE];
32 static uschar debuglog_name[LOG_NAME_SIZE];
34 static uschar *mainlog_datestamp = NULL;
35 static uschar *rejectlog_datestamp = NULL;
37 static int mainlogfd = -1;
38 static int rejectlogfd = -1;
39 static ino_t mainlog_inode = 0;
40 static ino_t rejectlog_inode = 0;
42 static uschar *panic_save_buffer = NULL;
43 static BOOL panic_recurseflag = FALSE;
45 static BOOL syslog_open = FALSE;
46 static BOOL path_inspected = FALSE;
47 static int logging_mode = LOG_MODE_FILE;
48 static uschar *file_path = US"";
50 static size_t pid_position[2];
53 /* These should be kept in-step with the private delivery error
54 number definitions in macros.h */
56 static const uschar * exim_errstrings[] = {
79 US"Exim-imposed quota",
81 US"Delivery filter process failure",
82 US"Delivery add/remove header failure",
83 US"Delivery write incomplete error",
84 US"Some expansion failed",
85 US"Failed to get gid",
86 US"Failed to get uid",
87 US"Unset or non-existent transport",
88 US"MBX length mismatch",
89 US"Lookup failed routing or in smtp tpt",
90 US"Can't match format in appendfile",
91 US"Creation outside home in appendfile",
92 US"Can't check a list; lookup defer",
94 US"Failed to start TLS session",
95 US"Mandatory TLS session not started",
96 US"Failed to chown a file",
97 US"Failed to create a pipe",
99 US"When required by client",
100 US"Used internally in smtp transport",
101 US"RCPT gave 4xx error",
102 US"MAIL gave 4xx error",
103 US"DATA gave 4xx error",
104 US"Negotiation failed for proxy configured host",
105 US"Authenticator 'other' failure",
106 US"target not supporting SMTPUTF8",
109 US"Not time for routing",
110 US"Not time for local delivery",
111 US"Not time for any remote host",
112 US"Local-only delivery",
113 US"Domain in queue_domains",
114 US"Transport concurrency limit",
118 /************************************************/
122 return err < 0 ? exim_errstrings[-err] : CUS strerror(err);
125 /*************************************************
127 *************************************************/
129 /* The given string is split into sections according to length, or at embedded
130 newlines, and syslogged as a numbered sequence if it is overlong or if there is
131 more than one line. However, if we are running in the test harness, do not do
132 anything. (The test harness doesn't use syslog - for obvious reasons - but we
133 can get here if there is a failure to open the panic log.)
136 priority syslog priority
137 s the string to be written, the string may be modified!
143 write_syslog(int priority, uschar *s)
148 if (running_in_test_harness) return;
150 if (!syslog_timestamp) s += log_timezone ? 26 : 20;
151 if (!syslog_pid && LOGGING(pid))
152 memmove(s + pid_position[0], s + pid_position[1], pid_position[1] - pid_position[0]);
159 #ifdef SYSLOG_LOG_PID
160 openlog(CS syslog_processname, LOG_PID|LOG_CONS, syslog_facility);
162 openlog(CS syslog_processname, LOG_CONS, syslog_facility);
168 /* First do a scan through the message in order to determine how many lines
169 it is going to end up as. Then rescan to output it. */
171 for (pass = 0; pass < 2; pass++)
176 for (i = 1, tlen = len; tlen > 0; i++)
179 uschar *nlptr = Ustrchr(ss, '\n');
180 if (nlptr != NULL) plen = nlptr - ss;
181 #ifndef SYSLOG_LONG_LINES
182 if (plen > MAX_SYSLOG_LEN) plen = MAX_SYSLOG_LEN;
185 if (ss[plen] == '\n') tlen--; /* chars left */
187 if (pass == 0) linecount++; else
190 syslog(priority, "%.*s", plen, ss);
192 syslog(priority, "[%d%c%d] %.*s", i,
193 (ss[plen] == '\n' && tlen != 0)? '\\' : '/',
194 linecount, plen, ss);
197 if (*ss == '\n') ss++;
204 /*************************************************
206 *************************************************/
208 /* This is called when Exim is dying as a result of something going wrong in
209 the logging, or after a log call with LOG_PANIC_DIE set. Optionally write a
210 message to debug_file or a stderr file, if they exist. Then, if in the middle
211 of accepting a message, throw it away tidily by calling receive_bomb_out();
212 this will attempt to send an SMTP response if appropriate. Passing NULL as the
213 first argument stops it trying to run the NOTQUIT ACL (which might try further
214 logging and thus cause problems). Otherwise, try to close down an outstanding
218 s1 Error message to write to debug_file and/or stderr and syslog
219 s2 Error message for any SMTP call that is in progress
220 Returns: The function does not return
224 die(uschar *s1, uschar *s2)
228 write_syslog(LOG_CRIT, s1);
229 if (debug_file) debug_printf("%s\n", s1);
230 if (log_stderr != NULL && log_stderr != debug_file)
231 fprintf(log_stderr, "%s\n", s1);
233 if (receive_call_bombout) receive_bomb_out(NULL, s2); /* does not return */
234 if (smtp_input) smtp_closedown(s2);
235 exim_exit(EXIT_FAILURE);
240 /*************************************************
241 * Create a log file *
242 *************************************************/
244 /* This function is called to create and open a log file. It may be called in a
245 subprocess when the original process is root.
250 The file name has been build in a working buffer, so it is permissible to
251 overwrite it temporarily if it is necessary to create the directory.
253 Returns: a file descriptor, or < 0 on failure (errno set)
257 log_create(uschar *name)
263 O_CREAT|O_APPEND|O_WRONLY, LOG_MODE);
265 /* If creation failed, attempt to build a log directory in case that is the
268 if (fd < 0 && errno == ENOENT)
271 uschar *lastslash = Ustrrchr(name, '/');
273 created = directory_make(NULL, name, LOG_DIRECTORY_MODE, FALSE);
274 DEBUG(D_any) debug_printf("%s log directory %s\n",
275 created ? "created" : "failed to create", name);
277 if (created) fd = Uopen(name,
281 O_CREAT|O_APPEND|O_WRONLY, LOG_MODE);
289 /*************************************************
290 * Create a log file as the exim user *
291 *************************************************/
293 /* This function is called when we are root to spawn an exim:exim subprocess
294 in which we can create a log file. It must be signal-safe since it is called
295 by the usr1_handler().
300 Returns: a file descriptor, or < 0 on failure (errno set)
304 log_create_as_exim(uschar *name)
310 /* In the subprocess, change uid/gid and do the creation. Return 0 from the
311 subprocess on success. If we don't check for setuid failures, then the file
312 can be created as root, so vulnerabilities which cause setuid to fail mean
313 that the Exim user can use symlinks to cause a file to be opened/created as
314 root. We always open for append, so can't nuke existing content but it would
315 still be Rather Bad. */
319 if (setgid(exim_gid) < 0)
320 die(US"exim: setgid for log-file creation failed, aborting",
321 US"Unexpected log failure, please try later");
322 if (setuid(exim_uid) < 0)
323 die(US"exim: setuid for log-file creation failed, aborting",
324 US"Unexpected log failure, please try later");
325 _exit((log_create(name) < 0)? 1 : 0);
328 /* If we created a subprocess, wait for it. If it succeeded, try the open. */
330 while (pid > 0 && waitpid(pid, &status, 0) != pid);
331 if (status == 0) fd = Uopen(name,
335 O_APPEND|O_WRONLY, LOG_MODE);
337 /* If we failed to create a subprocess, we are in a bad way. We return
338 with fd still < 0, and errno set, letting the caller handle the error. */
346 /*************************************************
348 *************************************************/
350 /* This function opens one of a number of logs, creating the log directory if
351 it does not exist. This may be called recursively on failure, in order to open
354 The directory is in the static variable file_path. This is static so that it
355 the work of sorting out the path is done just once per Exim process.
357 Exim is normally configured to avoid running as root wherever possible, the log
358 files must be owned by the non-privileged exim user. To ensure this, first try
359 an open without O_CREAT - most of the time this will succeed. If it fails, try
360 to create the file; if running as root, this must be done in a subprocess to
364 fd where to return the resulting file descriptor
365 type lt_main, lt_reject, lt_panic, or lt_debug
366 tag optional tag to include in the name (only hooked up for debug)
372 open_log(int *fd, int type, uschar *tag)
376 uschar buffer[LOG_NAME_SIZE];
378 /* The names of the log files are controlled by file_path. The panic log is
379 written to the same directory as the main and reject logs, but its name does
380 not have a datestamp. The use of datestamps is indicated by %D/%M in file_path.
381 When opening the panic log, if %D or %M is present, we remove the datestamp
382 from the generated name; if it is at the start, remove a following
383 non-alphanumeric character as well; otherwise, remove a preceding
384 non-alphanumeric character. This is definitely kludgy, but it sort of does what
385 people want, I hope. */
387 ok = string_format(buffer, sizeof(buffer), CS file_path, log_names[type]);
389 /* Save the name of the mainlog for rollover processing. Without a datestamp,
390 it gets statted to see if it has been cycled. With a datestamp, the datestamp
391 will be compared. The static slot for saving it is the same size as buffer,
392 and the text has been checked above to fit, so this use of strcpy() is OK. */
394 if (type == lt_main && string_datestamp_offset >= 0)
396 Ustrcpy(mainlog_name, buffer);
397 mainlog_datestamp = mainlog_name + string_datestamp_offset;
400 /* Ditto for the reject log */
402 else if (type == lt_reject && string_datestamp_offset >= 0)
404 Ustrcpy(rejectlog_name, buffer);
405 rejectlog_datestamp = rejectlog_name + string_datestamp_offset;
408 /* and deal with the debug log (which keeps the datestamp, but does not
411 else if (type == lt_debug)
413 Ustrcpy(debuglog_name, buffer);
416 /* this won't change the offset of the datestamp */
417 ok2 = string_format(buffer, sizeof(buffer), "%s%s",
420 Ustrcpy(debuglog_name, buffer);
424 /* Remove any datestamp if this is the panic log. This is rare, so there's no
425 need to optimize getting the datestamp length. We remove one non-alphanumeric
426 char afterwards if at the start, otherwise one before. */
428 else if (string_datestamp_offset >= 0)
430 uschar *from = buffer + string_datestamp_offset;
431 uschar *to = from + string_datestamp_length;
432 if (from == buffer || from[-1] == '/')
434 if (!isalnum(*to)) to++;
438 if (!isalnum(from[-1])) from--;
441 /* This strcpy is ok, because we know that to is a substring of from. */
446 /* If the file name is too long, it is an unrecoverable disaster */
449 die(US"exim: log file path too long: aborting",
450 US"Logging failure; please try later");
452 /* We now have the file name. Try to open an existing file. After a successful
453 open, arrange for automatic closure on exec(), and then return. */
459 O_APPEND|O_WRONLY, LOG_MODE);
464 (void)fcntl(*fd, F_SETFD, fcntl(*fd, F_GETFD) | FD_CLOEXEC);
469 /* Open was not successful: try creating the file. If this is a root process,
470 we must do the creating in a subprocess set to exim:exim in order to ensure
471 that the file is created with the right ownership. Otherwise, there can be a
472 race if another Exim process is trying to write to the log at the same time.
473 The use of SIGUSR1 by the exiwhat utility can provoke a lot of simultaneous
478 /* If we are already running as the Exim user (even if that user is root),
479 we can go ahead and create in the current process. */
481 if (euid == exim_uid) *fd = log_create(buffer);
483 /* Otherwise, if we are root, do the creation in an exim:exim subprocess. If we
484 are neither exim nor root, creation is not attempted. */
486 else if (euid == root_uid) *fd = log_create_as_exim(buffer);
488 /* If we now have an open file, set the close-on-exec flag and return. */
493 (void)fcntl(*fd, F_SETFD, fcntl(*fd, F_GETFD) | FD_CLOEXEC);
498 /* Creation failed. There are some circumstances in which we get here when
499 the effective uid is not root or exim, which is the problem. (For example, a
500 non-setuid binary with log_arguments set, called in certain ways.) Rather than
501 just bombing out, force the log to stderr and carry on if stderr is available.
504 if (euid != root_uid && euid != exim_uid && log_stderr != NULL)
506 *fd = fileno(log_stderr);
510 /* Otherwise this is a disaster. This call is deliberately ONLY to the panic
511 log. If possible, save a copy of the original line that was being logged. If we
512 are recursing (can't open the panic log either), the pointer will already be
515 if (!panic_save_buffer)
516 if ((panic_save_buffer = US malloc(LOG_BUFFER_SIZE)))
517 memcpy(panic_save_buffer, log_buffer, LOG_BUFFER_SIZE);
519 log_write(0, LOG_PANIC_DIE, "Cannot open %s log file \"%s\": %s: "
520 "euid=%d egid=%d", log_names[type], buffer, strerror(errno), euid, getegid());
528 if (type == lt_debug) unlink(CS debuglog_name);
533 /*************************************************
534 * Add configuration file info to log line *
535 *************************************************/
537 /* This is put in a function because it's needed twice (once for debugging,
541 ptr pointer to the end of the line we are building
544 Returns: updated pointer
548 log_config_info(uschar *ptr, int flags)
550 Ustrcpy(ptr, "Exim configuration error");
553 if ((flags & (LOG_CONFIG_FOR & ~LOG_CONFIG)) != 0)
555 Ustrcpy(ptr, " for ");
559 if ((flags & (LOG_CONFIG_IN & ~LOG_CONFIG)) != 0)
560 ptr += sprintf(CS ptr, " in line %d of %s", config_lineno, config_filename);
562 Ustrcpy(ptr, ":\n ");
567 /*************************************************
568 * A write() operation failed *
569 *************************************************/
571 /* This function is called when write() fails on anything other than the panic
572 log, which can happen if a disk gets full or a file gets too large or whatever.
573 We try to save the relevant message in the panic_save buffer before crashing
576 The potential invoker should probably not call us for EINTR -1 writes. But
577 otherwise, short writes are bad as we don't do non-blocking writes to fds
578 subject to flow control. (If we do, that's new and the logic of this should
582 name the name of the log being written
583 length the string length being written
584 rc the return value from write()
586 Returns: does not return
590 log_write_failed(uschar *name, int length, int rc)
592 int save_errno = errno;
594 if (!panic_save_buffer)
595 if ((panic_save_buffer = US malloc(LOG_BUFFER_SIZE)))
596 memcpy(panic_save_buffer, log_buffer, LOG_BUFFER_SIZE);
598 log_write(0, LOG_PANIC_DIE, "failed to write to %s: length=%d result=%d "
599 "errno=%d (%s)", name, length, rc, save_errno,
600 (save_errno == 0)? "write incomplete" : strerror(save_errno));
606 /*************************************************
607 * Write to an fd, retrying after signals *
608 *************************************************/
610 /* Basic write to fd for logs, handling EINTR.
613 fd the fd to write to
614 buf the string to write
615 length the string length being written
618 length actually written, persisting an errno from write()
621 write_to_fd_buf(int fd, const uschar *buf, size_t length)
624 size_t total_written = 0;
625 const uschar *p = buf;
626 size_t left = length;
630 wrote = write(fd, p, left);
631 if (wrote == (ssize_t)-1)
633 if (errno == EINTR) continue;
636 total_written += wrote;
645 return total_written;
653 int sep = ':'; /* Fixed separator - outside use */
655 const uschar *tt = US LOG_FILE_PATH;
656 while ((t = string_nextinlist(&tt, &sep, log_buffer, LOG_BUFFER_SIZE)))
658 if (Ustrcmp(t, "syslog") == 0 || t[0] == 0) continue;
659 file_path = string_copy(t);
668 if (mainlogfd < 0) return;
669 (void)close(mainlogfd);
674 /*************************************************
675 * Write message to log file *
676 *************************************************/
678 /* Exim can be configured to log to local files, or use syslog, or both. This
679 is controlled by the setting of log_file_path. The following cases are
682 log_file_path = "" write files in the spool/log directory
683 log_file_path = "xxx" write files in the xxx directory
684 log_file_path = "syslog" write to syslog
685 log_file_path = "syslog : xxx" write to syslog and to files (any order)
687 The message always gets '\n' added on the end of it, since more than one
688 process may be writing to the log at once and we don't want intermingling to
689 happen in the middle of lines. To be absolutely sure of this we write the data
690 into a private buffer and then put it out in a single write() call.
692 The flags determine which log(s) the message is written to, or for syslogging,
693 which priority to use, and in the case of the panic log, whether the process
694 should die afterwards.
696 The variable really_exim is TRUE only when exim is running in privileged state
697 (i.e. not with a changed configuration or with testing options such as -brw).
698 If it is not, don't try to write to the log because permission will probably be
701 Avoid actually writing to the logs when exim is called with -bv or -bt to
702 test an address, but take other actions, such as panicking.
704 In Exim proper, the buffer for building the message is got at start-up, so that
705 nothing gets done if it can't be got. However, some functions that are also
706 used in utilities occasionally obey log_write calls in error situations, and it
707 is simplest to put a single malloc() here rather than put one in each utility.
708 Malloc is used directly because the store functions may call log_write().
710 If a message_id exists, we include it after the timestamp.
713 selector write to main log or LOG_INFO only if this value is zero, or if
714 its bit is set in log_selector[0]
715 flags each bit indicates some independent action:
716 LOG_SENDER add raw sender to the message
717 LOG_RECIPIENTS add raw recipients list to message
718 LOG_CONFIG add "Exim configuration error"
719 LOG_CONFIG_FOR add " for " instead of ":\n "
720 LOG_CONFIG_IN add " in line x[ of file y]"
721 LOG_MAIN write to main log or syslog LOG_INFO
722 LOG_REJECT write to reject log or syslog LOG_NOTICE
723 LOG_PANIC write to panic log or syslog LOG_ALERT
724 LOG_PANIC_DIE write to panic log or LOG_ALERT and then crash
725 format a printf() format
726 ... arguments for format
732 log_write(unsigned int selector, int flags, const char *format, ...)
740 /* If panic_recurseflag is set, we have failed to open the panic log. This is
741 the ultimate disaster. First try to write the message to a debug file and/or
742 stderr and also to syslog. If panic_save_buffer is not NULL, it contains the
743 original log line that caused the problem. Afterwards, expire. */
745 if (panic_recurseflag)
747 uschar *extra = (panic_save_buffer == NULL)? US"" : panic_save_buffer;
748 if (debug_file != NULL) debug_printf("%s%s", extra, log_buffer);
749 if (log_stderr != NULL && log_stderr != debug_file)
750 fprintf(log_stderr, "%s%s", extra, log_buffer);
751 if (*extra != 0) write_syslog(LOG_CRIT, extra);
752 write_syslog(LOG_CRIT, log_buffer);
753 die(US"exim: could not open panic log - aborting: see message(s) above",
754 US"Unexpected log failure, please try later");
757 /* Ensure we have a buffer (see comment above); this should never be obeyed
758 when running Exim proper, only when running utilities. */
761 if (!(log_buffer = US malloc(LOG_BUFFER_SIZE)))
763 fprintf(stderr, "exim: failed to get store for log buffer\n");
764 exim_exit(EXIT_FAILURE);
767 /* If we haven't already done so, inspect the setting of log_file_path to
768 determine whether to log to files and/or to syslog. Bits in logging_mode
769 control this, and for file logging, the path must end up in file_path. This
770 variable must be in permanent store because it may be required again later in
775 BOOL multiple = FALSE;
776 int old_pool = store_pool;
778 store_pool = POOL_PERM;
780 /* If nothing has been set, don't waste effort... the default values for the
781 statics are file_path="" and logging_mode = LOG_MODE_FILE. */
785 int sep = ':'; /* Fixed separator - outside use */
787 const uschar *ss = log_file_path;
789 while ((s = string_nextinlist(&ss, &sep, log_buffer, LOG_BUFFER_SIZE)))
791 if (Ustrcmp(s, "syslog") == 0)
792 logging_mode |= LOG_MODE_SYSLOG;
793 else if ((logging_mode & LOG_MODE_FILE) != 0) multiple = TRUE;
796 logging_mode |= LOG_MODE_FILE;
798 /* If a non-empty path is given, use it */
801 file_path = string_copy(s);
803 /* If the path is empty, we want to use the first non-empty, non-
804 syslog item in LOG_FILE_PATH, if there is one, since the value of
805 log_file_path may have been set at runtime. If there is no such item,
806 use the ultimate default in the spool directory. */
809 set_file_path(); /* Empty item in log_file_path */
810 } /* First non-syslog item in log_file_path */
811 } /* Scan of log_file_path */
814 /* If no modes have been selected, it is a major disaster */
816 if (logging_mode == 0)
817 die(US"Neither syslog nor file logging set in log_file_path",
818 US"Unexpected logging failure");
820 /* Set up the ultimate default if necessary. Then revert to the old store
821 pool, and record that we've sorted out the path. */
823 if ((logging_mode & LOG_MODE_FILE) != 0 && file_path[0] == 0)
824 file_path = string_sprintf("%s/log/%%slog", spool_directory);
825 store_pool = old_pool;
826 path_inspected = TRUE;
828 /* If more than one file path was given, log a complaint. This recursive call
829 should work since we have now set up the routing. */
832 log_write(0, LOG_MAIN|LOG_PANIC,
833 "More than one path given in log_file_path: using %s", file_path);
836 /* If debugging, show all log entries, but don't show headers. Do it all
837 in one go so that it doesn't get split when multi-processing. */
844 Ustrcpy(ptr, "LOG:");
847 /* Show the selector that was passed into the call. */
849 for (i = 0; i < log_options_count; i++)
851 unsigned int bitnum = log_options[i].bit;
852 if (bitnum < BITWORDSIZE && selector == BIT(bitnum))
855 Ustrcpy(ptr, log_options[i].name);
860 sprintf(CS ptr, "%s%s%s%s\n ",
861 ((flags & LOG_MAIN) != 0)? " MAIN" : "",
862 ((flags & LOG_PANIC) != 0)? " PANIC" : "",
863 ((flags & LOG_PANIC_DIE) == LOG_PANIC_DIE)? " DIE" : "",
864 ((flags & LOG_REJECT) != 0)? " REJECT" : "");
867 if ((flags & LOG_CONFIG) != 0) ptr = log_config_info(ptr, flags);
869 va_start(ap, format);
870 if (!string_vformat(ptr, LOG_BUFFER_SIZE - (ptr-log_buffer)-1, format, ap))
871 Ustrcpy(ptr, "**** log string overflowed log buffer ****");
876 debug_printf("%s", log_buffer);
879 /* If no log file is specified, we are in a mess. */
881 if ((flags & (LOG_MAIN|LOG_PANIC|LOG_REJECT)) == 0)
882 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "log_write called with no log "
885 /* There are some weird circumstances in which logging is disabled. */
889 DEBUG(D_any) debug_printf("log writing disabled\n");
893 /* Handle disabled reject log */
895 if (!write_rejectlog) flags &= ~LOG_REJECT;
897 /* Create the main message in the log buffer. Do not include the message id
898 when called by a utility. */
901 ptr += sprintf(CS ptr, "%s ", tod_stamp(tod_log));
905 if (!syslog_pid) pid_position[0] = ptr - log_buffer; /* remember begin … */
906 ptr += sprintf(CS ptr, "[%d] ", (int)getpid());
907 if (!syslog_pid) pid_position[1] = ptr - log_buffer; /* … and end+1 of the PID */
910 if (really_exim && message_id[0] != 0)
911 ptr += sprintf(CS ptr, "%s ", message_id);
913 if ((flags & LOG_CONFIG) != 0) ptr = log_config_info(ptr, flags);
915 va_start(ap, format);
916 if (!string_vformat(ptr, LOG_BUFFER_SIZE - (ptr-log_buffer)-1, format, ap))
917 Ustrcpy(ptr, "**** log string overflowed log buffer ****\n");
921 /* Add the raw, unrewritten, sender to the message if required. This is done
922 this way because it kind of fits with LOG_RECIPIENTS. */
924 if ((flags & LOG_SENDER) != 0 &&
925 ptr < log_buffer + LOG_BUFFER_SIZE - 10 - Ustrlen(raw_sender))
926 ptr += sprintf(CS ptr, " from <%s>", raw_sender);
928 /* Add list of recipients to the message if required; the raw list,
929 before rewriting, was saved in raw_recipients. There may be none, if an ACL
930 discarded them all. */
932 if ((flags & LOG_RECIPIENTS) != 0 && ptr < log_buffer + LOG_BUFFER_SIZE - 6 &&
933 raw_recipients_count > 0)
936 ptr += sprintf(CS ptr, " for");
937 for (i = 0; i < raw_recipients_count; i++)
939 uschar * s = raw_recipients[i];
940 if (log_buffer + LOG_BUFFER_SIZE - ptr < Ustrlen(s) + 3) break;
941 ptr += sprintf(CS ptr, " %s", s);
945 ptr += sprintf(CS ptr, "\n");
946 length = ptr - log_buffer;
948 /* Handle loggable errors when running a utility, or when address testing.
949 Write to log_stderr unless debugging (when it will already have been written),
950 or unless there is no log_stderr (expn called from daemon, for example). */
952 if (!really_exim || log_testing_mode)
954 if (debug_selector == 0 && log_stderr != NULL &&
955 (selector == 0 || (selector & log_selector[0]) != 0))
958 fprintf(log_stderr, "LOG: %s", CS(log_buffer + 20)); /* no timestamp */
960 fprintf(log_stderr, "%s", CS log_buffer);
962 if ((flags & LOG_PANIC_DIE) == LOG_PANIC_DIE) exim_exit(EXIT_FAILURE);
966 /* Handle the main log. We know that either syslog or file logging (or both) is
967 set up. A real file gets left open during reception or delivery once it has
968 been opened, but we don't want to keep on writing to it for too long after it
969 has been renamed. Therefore, do a stat() and see if the inode has changed, and
972 if ( flags & LOG_MAIN
973 && (!selector || selector & log_selector[0]))
975 if ( logging_mode & LOG_MODE_SYSLOG
976 && (syslog_duplication || !(flags & (LOG_REJECT|LOG_PANIC))))
977 write_syslog(LOG_INFO, log_buffer);
979 if (logging_mode & LOG_MODE_FILE)
983 /* Check for a change to the mainlog file name when datestamping is in
984 operation. This happens at midnight, at which point we want to roll over
985 the file. Closing it has the desired effect. */
987 if (mainlog_datestamp)
989 uschar *nowstamp = tod_stamp(string_datestamp_type);
990 if (Ustrncmp (mainlog_datestamp, nowstamp, Ustrlen(nowstamp)) != 0)
992 (void)close(mainlogfd); /* Close the file */
993 mainlogfd = -1; /* Clear the file descriptor */
994 mainlog_inode = 0; /* Unset the inode */
995 mainlog_datestamp = NULL; /* Clear the datestamp */
999 /* Otherwise, we want to check whether the file has been renamed by a
1000 cycling script. This could be "if else", but for safety's sake, leave it as
1001 "if" so that renaming the log starts a new file even when datestamping is
1005 if (Ustat(mainlog_name, &statbuf) < 0 || statbuf.st_ino != mainlog_inode)
1008 /* If the log is closed, open it. Then write the line. */
1012 open_log(&mainlogfd, lt_main, NULL); /* No return on error */
1013 if (fstat(mainlogfd, &statbuf) >= 0) mainlog_inode = statbuf.st_ino;
1016 /* Failing to write to the log is disastrous */
1018 written_len = write_to_fd_buf(mainlogfd, log_buffer, length);
1019 if (written_len != length)
1021 log_write_failed(US"main log", length, written_len);
1022 /* That function does not return */
1027 /* Handle the log for rejected messages. This can be globally disabled, in
1028 which case the flags are altered above. If there are any header lines (i.e. if
1029 the rejection is happening after the DATA phase), log the recipients and the
1032 if ((flags & LOG_REJECT) != 0)
1036 if (header_list != NULL && LOGGING(rejected_header))
1038 if (recipients_count > 0)
1042 /* List the sender */
1044 string_format(ptr, LOG_BUFFER_SIZE - (ptr-log_buffer),
1045 "Envelope-from: <%s>\n", sender_address);
1048 /* List up to 5 recipients */
1050 string_format(ptr, LOG_BUFFER_SIZE - (ptr-log_buffer),
1051 "Envelope-to: <%s>\n", recipients_list[0].address);
1054 for (i = 1; i < recipients_count && i < 5; i++)
1056 string_format(ptr, LOG_BUFFER_SIZE - (ptr-log_buffer), " <%s>\n",
1057 recipients_list[i].address);
1061 if (i < recipients_count)
1063 (void)string_format(ptr, LOG_BUFFER_SIZE - (ptr-log_buffer),
1069 /* A header with a NULL text is an unfilled in Received: header */
1071 for (h = header_list; h; h = h->next) if (h->text)
1073 BOOL fitted = string_format(ptr, LOG_BUFFER_SIZE - (ptr-log_buffer),
1074 "%c %s", h->type, h->text);
1076 if (!fitted) /* Buffer is full; truncate */
1078 ptr -= 100; /* For message and separator */
1079 if (ptr[-1] == '\n') ptr--;
1080 Ustrcpy(ptr, "\n*** truncated ***\n");
1086 length = ptr - log_buffer;
1089 /* Write to syslog or to a log file */
1091 if ((logging_mode & LOG_MODE_SYSLOG) != 0 &&
1092 (syslog_duplication || (flags & LOG_PANIC) == 0))
1093 write_syslog(LOG_NOTICE, log_buffer);
1095 /* Check for a change to the rejectlog file name when datestamping is in
1096 operation. This happens at midnight, at which point we want to roll over
1097 the file. Closing it has the desired effect. */
1099 if ((logging_mode & LOG_MODE_FILE) != 0)
1101 struct stat statbuf;
1103 if (rejectlog_datestamp)
1105 uschar *nowstamp = tod_stamp(string_datestamp_type);
1106 if (Ustrncmp (rejectlog_datestamp, nowstamp, Ustrlen(nowstamp)) != 0)
1108 (void)close(rejectlogfd); /* Close the file */
1109 rejectlogfd = -1; /* Clear the file descriptor */
1110 rejectlog_inode = 0; /* Unset the inode */
1111 rejectlog_datestamp = NULL; /* Clear the datestamp */
1115 /* Otherwise, we want to check whether the file has been renamed by a
1116 cycling script. This could be "if else", but for safety's sake, leave it as
1117 "if" so that renaming the log starts a new file even when datestamping is
1120 if (rejectlogfd >= 0)
1122 if (Ustat(rejectlog_name, &statbuf) < 0 ||
1123 statbuf.st_ino != rejectlog_inode)
1125 (void)close(rejectlogfd);
1127 rejectlog_inode = 0;
1131 /* Open the file if necessary, and write the data */
1133 if (rejectlogfd < 0)
1135 open_log(&rejectlogfd, lt_reject, NULL); /* No return on error */
1136 if (fstat(rejectlogfd, &statbuf) >= 0) rejectlog_inode = statbuf.st_ino;
1139 written_len = write_to_fd_buf(rejectlogfd, log_buffer, length);
1140 if (written_len != length)
1142 log_write_failed(US"reject log", length, written_len);
1143 /* That function does not return */
1149 /* Handle the panic log, which is not kept open like the others. If it fails to
1150 open, there will be a recursive call to log_write(). We detect this above and
1151 attempt to write to the system log as a last-ditch try at telling somebody. In
1152 all cases except mua_wrapper, try to write to log_stderr. */
1154 if ((flags & LOG_PANIC) != 0)
1156 if (log_stderr != NULL && log_stderr != debug_file && !mua_wrapper)
1157 fprintf(log_stderr, "%s", CS log_buffer);
1159 if ((logging_mode & LOG_MODE_SYSLOG) != 0)
1160 write_syslog(LOG_ALERT, log_buffer);
1162 /* If this panic logging was caused by a failure to open the main log,
1163 the original log line is in panic_save_buffer. Make an attempt to write it. */
1165 if ((logging_mode & LOG_MODE_FILE) != 0)
1167 panic_recurseflag = TRUE;
1168 open_log(&paniclogfd, lt_panic, NULL); /* Won't return on failure */
1169 panic_recurseflag = FALSE;
1171 if (panic_save_buffer != NULL)
1173 int i = write(paniclogfd, panic_save_buffer, Ustrlen(panic_save_buffer));
1174 i = i; /* compiler quietening */
1177 written_len = write_to_fd_buf(paniclogfd, log_buffer, length);
1178 if (written_len != length)
1180 int save_errno = errno;
1181 write_syslog(LOG_CRIT, log_buffer);
1182 sprintf(CS log_buffer, "write failed on panic log: length=%d result=%d "
1183 "errno=%d (%s)", length, (int)written_len, save_errno, strerror(save_errno));
1184 write_syslog(LOG_CRIT, log_buffer);
1185 flags |= LOG_PANIC_DIE;
1188 (void)close(paniclogfd);
1191 /* Give up if the DIE flag is set */
1193 if ((flags & LOG_PANIC_DIE) != LOG_PANIC)
1194 die(NULL, US"Unexpected failure, please try later");
1200 /*************************************************
1201 * Close any open log files *
1202 *************************************************/
1208 { (void)close(mainlogfd); mainlogfd = -1; }
1209 if (rejectlogfd >= 0)
1210 { (void)close(rejectlogfd); rejectlogfd = -1; }
1212 syslog_open = FALSE;
1217 /*************************************************
1218 * Multi-bit set or clear *
1219 *************************************************/
1221 /* These functions take a list of bit indexes (terminated by -1) and
1222 clear or set the corresponding bits in the selector.
1225 selector address of the bit string
1226 selsize number of words in the bit string
1227 bits list of bits to set
1231 bits_clear(unsigned int *selector, size_t selsize, int *bits)
1233 for(; *bits != -1; ++bits)
1234 BIT_CLEAR(selector, selsize, *bits);
1238 bits_set(unsigned int *selector, size_t selsize, int *bits)
1240 for(; *bits != -1; ++bits)
1241 BIT_SET(selector, selsize, *bits);
1246 /*************************************************
1247 * Decode bit settings for log/debug *
1248 *************************************************/
1250 /* This function decodes a string containing bit settings in the form of +name
1251 and/or -name sequences, and sets/unsets bits in a bit string accordingly. It
1252 also recognizes a numeric setting of the form =<number>, but this is not
1253 intended for user use. It's an easy way for Exim to pass the debug settings
1254 when it is re-exec'ed.
1256 The option table is a list of names and bit indexes. The index -1
1257 means "set all bits, except for those listed in notall". The notall
1258 list is terminated by -1.
1260 The action taken for bad values varies depending upon why we're here.
1261 For log messages, or if the debugging is triggered from config, then we write
1262 to the log on the way out. For debug setting triggered from the command-line,
1263 we treat it as an unknown option: error message to stderr and die.
1266 selector address of the bit string
1267 selsize number of words in the bit string
1268 notall list of bits to exclude from "all"
1269 string the configured string
1270 options the table of option names
1272 which "log" or "debug"
1273 flags DEBUG_FROM_CONFIG
1275 Returns: nothing on success - bomb out on failure
1279 decode_bits(unsigned int *selector, size_t selsize, int *notall,
1280 uschar *string, bit_table *options, int count, uschar *which, int flags)
1283 if (string == NULL) return;
1287 char *end; /* Not uschar */
1288 memset(selector, 0, sizeof(*selector)*selsize);
1289 *selector = strtoul(CS string+1, &end, 0);
1290 if (*end == 0) return;
1291 errmsg = string_sprintf("malformed numeric %s_selector setting: %s", which,
1296 /* Handle symbolic setting */
1303 bit_table *start, *end;
1305 while (isspace(*string)) string++;
1306 if (*string == 0) return;
1308 if (*string != '+' && *string != '-')
1310 errmsg = string_sprintf("malformed %s_selector setting: "
1311 "+ or - expected but found \"%s\"", which, string);
1315 adding = *string++ == '+';
1317 while (isalnum(*string) || *string == '_') string++;
1321 end = options + count;
1325 bit_table *middle = start + (end - start)/2;
1326 int c = Ustrncmp(s, middle->name, len);
1329 if (middle->name[len] != 0) c = -1; else
1331 unsigned int bit = middle->bit;
1337 memset(selector, -1, sizeof(*selector)*selsize);
1338 bits_clear(selector, selsize, notall);
1341 memset(selector, 0, sizeof(*selector)*selsize);
1344 BIT_SET(selector, selsize, bit);
1346 BIT_CLEAR(selector, selsize, bit);
1348 break; /* Out of loop to match selector name */
1351 if (c < 0) end = middle; else start = middle + 1;
1352 } /* Loop to match selector name */
1356 errmsg = string_sprintf("unknown %s_selector setting: %c%.*s", which,
1357 adding? '+' : '-', len, s);
1360 } /* Loop for selector names */
1362 /* Handle disasters */
1365 if (Ustrcmp(which, "debug") == 0)
1367 if (flags & DEBUG_FROM_CONFIG)
1369 log_write(0, LOG_CONFIG|LOG_PANIC, "%s", errmsg);
1372 fprintf(stderr, "exim: %s\n", errmsg);
1375 else log_write(0, LOG_CONFIG|LOG_PANIC_DIE, "%s", errmsg);
1380 /*************************************************
1381 * Activate a debug logfile (late) *
1382 *************************************************/
1384 /* Normally, debugging is activated from the command-line; it may be useful
1385 within the configuration to activate debugging later, based on certain
1386 conditions. If debugging is already in progress, we return early, no action
1387 taken (besides debug-logging that we wanted debug-logging).
1389 Failures in options are not fatal but will result in paniclog entries for the
1392 The first use of this is in ACL logic, "control = debug/tag=foo/opts=+expand"
1393 which can be combined with conditions, etc, to activate extra logging only
1394 for certain sources. The second use is inetd wait mode debug preservation. */
1397 debug_logging_activate(uschar *tag_name, uschar *opts)
1403 debug_printf("DEBUGGING ACTIVATED FROM WITHIN CONFIG.\n"
1404 "DEBUG: Tag=\"%s\" opts=\"%s\"\n", tag_name, opts ? opts : US"");
1408 if (tag_name != NULL && (Ustrchr(tag_name, '/') != NULL))
1410 log_write(0, LOG_MAIN|LOG_PANIC, "debug tag may not contain a '/' in: %s",
1415 debug_selector = D_default;
1417 decode_bits(&debug_selector, 1, debug_notall, opts,
1418 debug_options, debug_options_count, US"debug", DEBUG_FROM_CONFIG);
1420 /* When activating from a transport process we may never have logged at all
1421 resulting in certain setup not having been done. Hack this for now so we
1422 do not segfault; note that nondefault log locations will not work */
1424 if (!*file_path) set_file_path();
1426 open_log(&fd, lt_debug, tag_name);
1429 debug_file = fdopen(fd, "w");
1431 log_write(0, LOG_MAIN|LOG_PANIC, "unable to open debug log");
1436 debug_logging_stop(void)
1438 if (!debug_file || !debuglog_name[0]) return;
1443 unlink_log(lt_debug);