1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Copyright (c) University of Cambridge 1995 - 2018 */
6 /* See the file NOTICE for conditions of use and distribution. */
8 /* Functions for writing log files. The code for maintaining datestamped
9 log files was originally contributed by Tony Sheen. */
14 #define LOG_NAME_SIZE 256
15 #define MAX_SYSLOG_LEN 870
17 #define LOG_MODE_FILE 1
18 #define LOG_MODE_SYSLOG 2
20 enum { lt_main, lt_reject, lt_panic, lt_debug };
22 static uschar *log_names[] = { US"main", US"reject", US"panic", US"debug" };
26 /*************************************************
27 * Local static variables *
28 *************************************************/
30 static uschar mainlog_name[LOG_NAME_SIZE];
31 static uschar rejectlog_name[LOG_NAME_SIZE];
32 static uschar debuglog_name[LOG_NAME_SIZE];
34 static uschar *mainlog_datestamp = NULL;
35 static uschar *rejectlog_datestamp = NULL;
37 static int mainlogfd = -1;
38 static int rejectlogfd = -1;
39 static ino_t mainlog_inode = 0;
40 static ino_t rejectlog_inode = 0;
42 static uschar *panic_save_buffer = NULL;
43 static BOOL panic_recurseflag = FALSE;
45 static BOOL syslog_open = FALSE;
46 static BOOL path_inspected = FALSE;
47 static int logging_mode = LOG_MODE_FILE;
48 static uschar *file_path = US"";
50 static size_t pid_position[2];
53 /* These should be kept in-step with the private delivery error
54 number definitions in macros.h */
56 static const uschar * exim_errstrings[] = {
79 US"Exim-imposed quota",
81 US"Delivery filter process failure",
82 US"Delivery add/remove header failure",
83 US"Delivery write incomplete error",
84 US"Some expansion failed",
85 US"Failed to get gid",
86 US"Failed to get uid",
87 US"Unset or non-existent transport",
88 US"MBX length mismatch",
89 US"Lookup failed routing or in smtp tpt",
90 US"Can't match format in appendfile",
91 US"Creation outside home in appendfile",
92 US"Can't check a list; lookup defer",
94 US"Failed to start TLS session",
95 US"Mandatory TLS session not started",
96 US"Failed to chown a file",
97 US"Failed to create a pipe",
99 US"When required by client",
100 US"Used internally in smtp transport",
101 US"RCPT gave 4xx error",
102 US"MAIL gave 4xx error",
103 US"DATA gave 4xx error",
104 US"Negotiation failed for proxy configured host",
105 US"Authenticator 'other' failure",
106 US"target not supporting SMTPUTF8",
109 US"Not time for routing",
110 US"Not time for local delivery",
111 US"Not time for any remote host",
112 US"Local-only delivery",
113 US"Domain in queue_domains",
114 US"Transport concurrency limit",
118 /************************************************/
122 return err < 0 ? exim_errstrings[-err] : CUS strerror(err);
125 /*************************************************
127 *************************************************/
129 /* The given string is split into sections according to length, or at embedded
130 newlines, and syslogged as a numbered sequence if it is overlong or if there is
131 more than one line. However, if we are running in the test harness, do not do
132 anything. (The test harness doesn't use syslog - for obvious reasons - but we
133 can get here if there is a failure to open the panic log.)
136 priority syslog priority
137 s the string to be written
143 write_syslog(int priority, const uschar *s)
148 if (running_in_test_harness) return;
150 if (!syslog_pid && LOGGING(pid))
151 s = string_sprintf("%.*s%s", (int)pid_position[0], s, s + pid_position[1]);
152 if (!syslog_timestamp)
154 len = log_timezone ? 26 : 20;
155 if (LOGGING(millisec)) len += 4;
164 # ifdef SYSLOG_LOG_PID
165 openlog(CS syslog_processname, LOG_PID|LOG_CONS, syslog_facility);
167 openlog(CS syslog_processname, LOG_CONS, syslog_facility);
173 /* First do a scan through the message in order to determine how many lines
174 it is going to end up as. Then rescan to output it. */
176 for (pass = 0; pass < 2; pass++)
180 const uschar * ss = s;
181 for (i = 1, tlen = len; tlen > 0; i++)
184 uschar *nlptr = Ustrchr(ss, '\n');
185 if (nlptr != NULL) plen = nlptr - ss;
186 #ifndef SYSLOG_LONG_LINES
187 if (plen > MAX_SYSLOG_LEN) plen = MAX_SYSLOG_LEN;
190 if (ss[plen] == '\n') tlen--; /* chars left */
192 if (pass == 0) linecount++; else
195 syslog(priority, "%.*s", plen, ss);
197 syslog(priority, "[%d%c%d] %.*s", i,
198 ss[plen] == '\n' && tlen != 0 ? '\\' : '/',
199 linecount, plen, ss);
202 if (*ss == '\n') ss++;
209 /*************************************************
211 *************************************************/
213 /* This is called when Exim is dying as a result of something going wrong in
214 the logging, or after a log call with LOG_PANIC_DIE set. Optionally write a
215 message to debug_file or a stderr file, if they exist. Then, if in the middle
216 of accepting a message, throw it away tidily by calling receive_bomb_out();
217 this will attempt to send an SMTP response if appropriate. Passing NULL as the
218 first argument stops it trying to run the NOTQUIT ACL (which might try further
219 logging and thus cause problems). Otherwise, try to close down an outstanding
223 s1 Error message to write to debug_file and/or stderr and syslog
224 s2 Error message for any SMTP call that is in progress
225 Returns: The function does not return
229 die(uschar *s1, uschar *s2)
233 write_syslog(LOG_CRIT, s1);
234 if (debug_file) debug_printf("%s\n", s1);
235 if (log_stderr && log_stderr != debug_file)
236 fprintf(log_stderr, "%s\n", s1);
238 if (receive_call_bombout) receive_bomb_out(NULL, s2); /* does not return */
239 if (smtp_input) smtp_closedown(s2);
240 exim_exit(EXIT_FAILURE, NULL);
245 /*************************************************
246 * Create a log file *
247 *************************************************/
249 /* This function is called to create and open a log file. It may be called in a
250 subprocess when the original process is root.
255 The file name has been build in a working buffer, so it is permissible to
256 overwrite it temporarily if it is necessary to create the directory.
258 Returns: a file descriptor, or < 0 on failure (errno set)
262 log_create(uschar *name)
268 O_CREAT|O_APPEND|O_WRONLY, LOG_MODE);
270 /* If creation failed, attempt to build a log directory in case that is the
273 if (fd < 0 && errno == ENOENT)
276 uschar *lastslash = Ustrrchr(name, '/');
278 created = directory_make(NULL, name, LOG_DIRECTORY_MODE, FALSE);
279 DEBUG(D_any) debug_printf("%s log directory %s\n",
280 created ? "created" : "failed to create", name);
282 if (created) fd = Uopen(name,
286 O_CREAT|O_APPEND|O_WRONLY, LOG_MODE);
294 /*************************************************
295 * Create a log file as the exim user *
296 *************************************************/
298 /* This function is called when we are root to spawn an exim:exim subprocess
299 in which we can create a log file. It must be signal-safe since it is called
300 by the usr1_handler().
305 Returns: a file descriptor, or < 0 on failure (errno set)
309 log_create_as_exim(uschar *name)
315 /* In the subprocess, change uid/gid and do the creation. Return 0 from the
316 subprocess on success. If we don't check for setuid failures, then the file
317 can be created as root, so vulnerabilities which cause setuid to fail mean
318 that the Exim user can use symlinks to cause a file to be opened/created as
319 root. We always open for append, so can't nuke existing content but it would
320 still be Rather Bad. */
324 if (setgid(exim_gid) < 0)
325 die(US"exim: setgid for log-file creation failed, aborting",
326 US"Unexpected log failure, please try later");
327 if (setuid(exim_uid) < 0)
328 die(US"exim: setuid for log-file creation failed, aborting",
329 US"Unexpected log failure, please try later");
330 _exit((log_create(name) < 0)? 1 : 0);
333 /* If we created a subprocess, wait for it. If it succeeded, try the open. */
335 while (pid > 0 && waitpid(pid, &status, 0) != pid);
336 if (status == 0) fd = Uopen(name,
340 O_APPEND|O_WRONLY, LOG_MODE);
342 /* If we failed to create a subprocess, we are in a bad way. We return
343 with fd still < 0, and errno set, letting the caller handle the error. */
351 /*************************************************
353 *************************************************/
355 /* This function opens one of a number of logs, creating the log directory if
356 it does not exist. This may be called recursively on failure, in order to open
359 The directory is in the static variable file_path. This is static so that it
360 the work of sorting out the path is done just once per Exim process.
362 Exim is normally configured to avoid running as root wherever possible, the log
363 files must be owned by the non-privileged exim user. To ensure this, first try
364 an open without O_CREAT - most of the time this will succeed. If it fails, try
365 to create the file; if running as root, this must be done in a subprocess to
369 fd where to return the resulting file descriptor
370 type lt_main, lt_reject, lt_panic, or lt_debug
371 tag optional tag to include in the name (only hooked up for debug)
377 open_log(int *fd, int type, uschar *tag)
381 uschar buffer[LOG_NAME_SIZE];
383 /* The names of the log files are controlled by file_path. The panic log is
384 written to the same directory as the main and reject logs, but its name does
385 not have a datestamp. The use of datestamps is indicated by %D/%M in file_path.
386 When opening the panic log, if %D or %M is present, we remove the datestamp
387 from the generated name; if it is at the start, remove a following
388 non-alphanumeric character as well; otherwise, remove a preceding
389 non-alphanumeric character. This is definitely kludgy, but it sort of does what
390 people want, I hope. */
392 ok = string_format(buffer, sizeof(buffer), CS file_path, log_names[type]);
394 /* Save the name of the mainlog for rollover processing. Without a datestamp,
395 it gets statted to see if it has been cycled. With a datestamp, the datestamp
396 will be compared. The static slot for saving it is the same size as buffer,
397 and the text has been checked above to fit, so this use of strcpy() is OK. */
399 if (type == lt_main && string_datestamp_offset >= 0)
401 Ustrcpy(mainlog_name, buffer);
402 mainlog_datestamp = mainlog_name + string_datestamp_offset;
405 /* Ditto for the reject log */
407 else if (type == lt_reject && string_datestamp_offset >= 0)
409 Ustrcpy(rejectlog_name, buffer);
410 rejectlog_datestamp = rejectlog_name + string_datestamp_offset;
413 /* and deal with the debug log (which keeps the datestamp, but does not
416 else if (type == lt_debug)
418 Ustrcpy(debuglog_name, buffer);
421 /* this won't change the offset of the datestamp */
422 ok2 = string_format(buffer, sizeof(buffer), "%s%s",
425 Ustrcpy(debuglog_name, buffer);
429 /* Remove any datestamp if this is the panic log. This is rare, so there's no
430 need to optimize getting the datestamp length. We remove one non-alphanumeric
431 char afterwards if at the start, otherwise one before. */
433 else if (string_datestamp_offset >= 0)
435 uschar * from = buffer + string_datestamp_offset;
436 uschar * to = from + string_datestamp_length;
438 if (from == buffer || from[-1] == '/')
440 if (!isalnum(*to)) to++;
443 if (!isalnum(from[-1])) from--;
445 /* This copy is ok, because we know that to is a substring of from. But
446 due to overlap we must use memmove() not Ustrcpy(). */
447 memmove(from, to, Ustrlen(to)+1);
450 /* If the file name is too long, it is an unrecoverable disaster */
453 die(US"exim: log file path too long: aborting",
454 US"Logging failure; please try later");
456 /* We now have the file name. Try to open an existing file. After a successful
457 open, arrange for automatic closure on exec(), and then return. */
463 O_APPEND|O_WRONLY, LOG_MODE);
468 (void)fcntl(*fd, F_SETFD, fcntl(*fd, F_GETFD) | FD_CLOEXEC);
473 /* Open was not successful: try creating the file. If this is a root process,
474 we must do the creating in a subprocess set to exim:exim in order to ensure
475 that the file is created with the right ownership. Otherwise, there can be a
476 race if another Exim process is trying to write to the log at the same time.
477 The use of SIGUSR1 by the exiwhat utility can provoke a lot of simultaneous
482 /* If we are already running as the Exim user (even if that user is root),
483 we can go ahead and create in the current process. */
485 if (euid == exim_uid) *fd = log_create(buffer);
487 /* Otherwise, if we are root, do the creation in an exim:exim subprocess. If we
488 are neither exim nor root, creation is not attempted. */
490 else if (euid == root_uid) *fd = log_create_as_exim(buffer);
492 /* If we now have an open file, set the close-on-exec flag and return. */
497 (void)fcntl(*fd, F_SETFD, fcntl(*fd, F_GETFD) | FD_CLOEXEC);
502 /* Creation failed. There are some circumstances in which we get here when
503 the effective uid is not root or exim, which is the problem. (For example, a
504 non-setuid binary with log_arguments set, called in certain ways.) Rather than
505 just bombing out, force the log to stderr and carry on if stderr is available.
508 if (euid != root_uid && euid != exim_uid && log_stderr != NULL)
510 *fd = fileno(log_stderr);
514 /* Otherwise this is a disaster. This call is deliberately ONLY to the panic
515 log. If possible, save a copy of the original line that was being logged. If we
516 are recursing (can't open the panic log either), the pointer will already be
519 if (!panic_save_buffer)
520 if ((panic_save_buffer = US malloc(LOG_BUFFER_SIZE)))
521 memcpy(panic_save_buffer, log_buffer, LOG_BUFFER_SIZE);
523 log_write(0, LOG_PANIC_DIE, "Cannot open %s log file \"%s\": %s: "
524 "euid=%d egid=%d", log_names[type], buffer, strerror(errno), euid, getegid());
532 if (type == lt_debug) unlink(CS debuglog_name);
537 /*************************************************
538 * Add configuration file info to log line *
539 *************************************************/
541 /* This is put in a function because it's needed twice (once for debugging,
545 ptr pointer to the end of the line we are building
548 Returns: updated pointer
552 log_config_info(uschar *ptr, int flags)
554 Ustrcpy(ptr, "Exim configuration error");
557 if ((flags & (LOG_CONFIG_FOR & ~LOG_CONFIG)) != 0)
559 Ustrcpy(ptr, " for ");
563 if ((flags & (LOG_CONFIG_IN & ~LOG_CONFIG)) != 0)
564 ptr += sprintf(CS ptr, " in line %d of %s", config_lineno, config_filename);
566 Ustrcpy(ptr, ":\n ");
571 /*************************************************
572 * A write() operation failed *
573 *************************************************/
575 /* This function is called when write() fails on anything other than the panic
576 log, which can happen if a disk gets full or a file gets too large or whatever.
577 We try to save the relevant message in the panic_save buffer before crashing
580 The potential invoker should probably not call us for EINTR -1 writes. But
581 otherwise, short writes are bad as we don't do non-blocking writes to fds
582 subject to flow control. (If we do, that's new and the logic of this should
586 name the name of the log being written
587 length the string length being written
588 rc the return value from write()
590 Returns: does not return
594 log_write_failed(uschar *name, int length, int rc)
596 int save_errno = errno;
598 if (!panic_save_buffer)
599 if ((panic_save_buffer = US malloc(LOG_BUFFER_SIZE)))
600 memcpy(panic_save_buffer, log_buffer, LOG_BUFFER_SIZE);
602 log_write(0, LOG_PANIC_DIE, "failed to write to %s: length=%d result=%d "
603 "errno=%d (%s)", name, length, rc, save_errno,
604 (save_errno == 0)? "write incomplete" : strerror(save_errno));
610 /*************************************************
611 * Write to an fd, retrying after signals *
612 *************************************************/
614 /* Basic write to fd for logs, handling EINTR.
617 fd the fd to write to
618 buf the string to write
619 length the string length being written
622 length actually written, persisting an errno from write()
625 write_to_fd_buf(int fd, const uschar *buf, size_t length)
628 size_t total_written = 0;
629 const uschar *p = buf;
630 size_t left = length;
634 wrote = write(fd, p, left);
635 if (wrote == (ssize_t)-1)
637 if (errno == EINTR) continue;
640 total_written += wrote;
649 return total_written;
657 int sep = ':'; /* Fixed separator - outside use */
659 const uschar *tt = US LOG_FILE_PATH;
660 while ((t = string_nextinlist(&tt, &sep, log_buffer, LOG_BUFFER_SIZE)))
662 if (Ustrcmp(t, "syslog") == 0 || t[0] == 0) continue;
663 file_path = string_copy(t);
672 if (mainlogfd < 0) return;
673 (void)close(mainlogfd);
678 /*************************************************
679 * Write message to log file *
680 *************************************************/
682 /* Exim can be configured to log to local files, or use syslog, or both. This
683 is controlled by the setting of log_file_path. The following cases are
686 log_file_path = "" write files in the spool/log directory
687 log_file_path = "xxx" write files in the xxx directory
688 log_file_path = "syslog" write to syslog
689 log_file_path = "syslog : xxx" write to syslog and to files (any order)
691 The message always gets '\n' added on the end of it, since more than one
692 process may be writing to the log at once and we don't want intermingling to
693 happen in the middle of lines. To be absolutely sure of this we write the data
694 into a private buffer and then put it out in a single write() call.
696 The flags determine which log(s) the message is written to, or for syslogging,
697 which priority to use, and in the case of the panic log, whether the process
698 should die afterwards.
700 The variable really_exim is TRUE only when exim is running in privileged state
701 (i.e. not with a changed configuration or with testing options such as -brw).
702 If it is not, don't try to write to the log because permission will probably be
705 Avoid actually writing to the logs when exim is called with -bv or -bt to
706 test an address, but take other actions, such as panicking.
708 In Exim proper, the buffer for building the message is got at start-up, so that
709 nothing gets done if it can't be got. However, some functions that are also
710 used in utilities occasionally obey log_write calls in error situations, and it
711 is simplest to put a single malloc() here rather than put one in each utility.
712 Malloc is used directly because the store functions may call log_write().
714 If a message_id exists, we include it after the timestamp.
717 selector write to main log or LOG_INFO only if this value is zero, or if
718 its bit is set in log_selector[0]
719 flags each bit indicates some independent action:
720 LOG_SENDER add raw sender to the message
721 LOG_RECIPIENTS add raw recipients list to message
722 LOG_CONFIG add "Exim configuration error"
723 LOG_CONFIG_FOR add " for " instead of ":\n "
724 LOG_CONFIG_IN add " in line x[ of file y]"
725 LOG_MAIN write to main log or syslog LOG_INFO
726 LOG_REJECT write to reject log or syslog LOG_NOTICE
727 LOG_PANIC write to panic log or syslog LOG_ALERT
728 LOG_PANIC_DIE write to panic log or LOG_ALERT and then crash
729 format a printf() format
730 ... arguments for format
736 log_write(unsigned int selector, int flags, const char *format, ...)
744 /* If panic_recurseflag is set, we have failed to open the panic log. This is
745 the ultimate disaster. First try to write the message to a debug file and/or
746 stderr and also to syslog. If panic_save_buffer is not NULL, it contains the
747 original log line that caused the problem. Afterwards, expire. */
749 if (panic_recurseflag)
751 uschar *extra = panic_save_buffer ? panic_save_buffer : US"";
752 if (debug_file) debug_printf("%s%s", extra, log_buffer);
753 if (log_stderr && log_stderr != debug_file)
754 fprintf(log_stderr, "%s%s", extra, log_buffer);
755 if (*extra) write_syslog(LOG_CRIT, extra);
756 write_syslog(LOG_CRIT, log_buffer);
757 die(US"exim: could not open panic log - aborting: see message(s) above",
758 US"Unexpected log failure, please try later");
761 /* Ensure we have a buffer (see comment above); this should never be obeyed
762 when running Exim proper, only when running utilities. */
765 if (!(log_buffer = US malloc(LOG_BUFFER_SIZE)))
767 fprintf(stderr, "exim: failed to get store for log buffer\n");
768 exim_exit(EXIT_FAILURE, NULL);
771 /* If we haven't already done so, inspect the setting of log_file_path to
772 determine whether to log to files and/or to syslog. Bits in logging_mode
773 control this, and for file logging, the path must end up in file_path. This
774 variable must be in permanent store because it may be required again later in
779 BOOL multiple = FALSE;
780 int old_pool = store_pool;
782 store_pool = POOL_PERM;
784 /* If nothing has been set, don't waste effort... the default values for the
785 statics are file_path="" and logging_mode = LOG_MODE_FILE. */
789 int sep = ':'; /* Fixed separator - outside use */
791 const uschar *ss = log_file_path;
794 while ((s = string_nextinlist(&ss, &sep, log_buffer, LOG_BUFFER_SIZE)))
796 if (Ustrcmp(s, "syslog") == 0)
797 logging_mode |= LOG_MODE_SYSLOG;
798 else if (logging_mode & LOG_MODE_FILE)
802 logging_mode |= LOG_MODE_FILE;
804 /* If a non-empty path is given, use it */
807 file_path = string_copy(s);
809 /* If the path is empty, we want to use the first non-empty, non-
810 syslog item in LOG_FILE_PATH, if there is one, since the value of
811 log_file_path may have been set at runtime. If there is no such item,
812 use the ultimate default in the spool directory. */
815 set_file_path(); /* Empty item in log_file_path */
816 } /* First non-syslog item in log_file_path */
817 } /* Scan of log_file_path */
820 /* If no modes have been selected, it is a major disaster */
822 if (logging_mode == 0)
823 die(US"Neither syslog nor file logging set in log_file_path",
824 US"Unexpected logging failure");
826 /* Set up the ultimate default if necessary. Then revert to the old store
827 pool, and record that we've sorted out the path. */
829 if (logging_mode & LOG_MODE_FILE && !file_path[0])
830 file_path = string_sprintf("%s/log/%%slog", spool_directory);
831 store_pool = old_pool;
832 path_inspected = TRUE;
834 /* If more than one file path was given, log a complaint. This recursive call
835 should work since we have now set up the routing. */
838 log_write(0, LOG_MAIN|LOG_PANIC,
839 "More than one path given in log_file_path: using %s", file_path);
842 /* If debugging, show all log entries, but don't show headers. Do it all
843 in one go so that it doesn't get split when multi-processing. */
850 Ustrcpy(ptr, "LOG:");
853 /* Show the selector that was passed into the call. */
855 for (i = 0; i < log_options_count; i++)
857 unsigned int bitnum = log_options[i].bit;
858 if (bitnum < BITWORDSIZE && selector == BIT(bitnum))
861 Ustrcpy(ptr, log_options[i].name);
866 ptr += sprintf(CS ptr, "%s%s%s%s\n ",
867 flags & LOG_MAIN ? " MAIN" : "",
868 flags & LOG_PANIC ? " PANIC" : "",
869 (flags & LOG_PANIC_DIE) == LOG_PANIC_DIE ? " DIE" : "",
870 flags & LOG_REJECT ? " REJECT" : "");
872 if (flags & LOG_CONFIG) ptr = log_config_info(ptr, flags);
874 va_start(ap, format);
875 if (!string_vformat(ptr, LOG_BUFFER_SIZE - (ptr-log_buffer)-1, format, ap))
876 Ustrcpy(ptr, "**** log string overflowed log buffer ****");
881 debug_printf("%s", log_buffer);
884 /* If no log file is specified, we are in a mess. */
886 if (!(flags & (LOG_MAIN|LOG_PANIC|LOG_REJECT)))
887 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "log_write called with no log "
890 /* There are some weird circumstances in which logging is disabled. */
894 DEBUG(D_any) debug_printf("log writing disabled\n");
898 /* Handle disabled reject log */
900 if (!write_rejectlog) flags &= ~LOG_REJECT;
902 /* Create the main message in the log buffer. Do not include the message id
903 when called by a utility. */
906 ptr += sprintf(CS ptr, "%s ", tod_stamp(tod_log));
910 if (!syslog_pid) pid_position[0] = ptr - log_buffer; /* remember begin … */
911 ptr += sprintf(CS ptr, "[%d] ", (int)getpid());
912 if (!syslog_pid) pid_position[1] = ptr - log_buffer; /* … and end+1 of the PID */
915 if (really_exim && message_id[0] != 0)
916 ptr += sprintf(CS ptr, "%s ", message_id);
918 if (flags & LOG_CONFIG) ptr = log_config_info(ptr, flags);
920 va_start(ap, format);
921 if (!string_vformat(ptr, LOG_BUFFER_SIZE - (ptr-log_buffer)-1, format, ap))
922 Ustrcpy(ptr, "**** log string overflowed log buffer ****\n");
926 /* Add the raw, unrewritten, sender to the message if required. This is done
927 this way because it kind of fits with LOG_RECIPIENTS. */
929 if ( flags & LOG_SENDER
930 && ptr < log_buffer + LOG_BUFFER_SIZE - 10 - Ustrlen(raw_sender))
931 ptr += sprintf(CS ptr, " from <%s>", raw_sender);
933 /* Add list of recipients to the message if required; the raw list,
934 before rewriting, was saved in raw_recipients. There may be none, if an ACL
935 discarded them all. */
937 if ( flags & LOG_RECIPIENTS
938 && ptr < log_buffer + LOG_BUFFER_SIZE - 6
939 && raw_recipients_count > 0)
942 ptr += sprintf(CS ptr, " for");
943 for (i = 0; i < raw_recipients_count; i++)
945 uschar * s = raw_recipients[i];
946 if (log_buffer + LOG_BUFFER_SIZE - ptr < Ustrlen(s) + 3) break;
947 ptr += sprintf(CS ptr, " %s", s);
951 ptr += sprintf(CS ptr, "\n");
952 length = ptr - log_buffer;
954 /* Handle loggable errors when running a utility, or when address testing.
955 Write to log_stderr unless debugging (when it will already have been written),
956 or unless there is no log_stderr (expn called from daemon, for example). */
958 if (!really_exim || log_testing_mode)
962 && (selector == 0 || (selector & log_selector[0]) != 0)
965 fprintf(log_stderr, "LOG: %s", CS(log_buffer + 20)); /* no timestamp */
967 fprintf(log_stderr, "%s", CS log_buffer);
969 if ((flags & LOG_PANIC_DIE) == LOG_PANIC_DIE) exim_exit(EXIT_FAILURE, US"");
973 /* Handle the main log. We know that either syslog or file logging (or both) is
974 set up. A real file gets left open during reception or delivery once it has
975 been opened, but we don't want to keep on writing to it for too long after it
976 has been renamed. Therefore, do a stat() and see if the inode has changed, and
979 if ( flags & LOG_MAIN
980 && (!selector || selector & log_selector[0]))
982 if ( logging_mode & LOG_MODE_SYSLOG
983 && (syslog_duplication || !(flags & (LOG_REJECT|LOG_PANIC))))
984 write_syslog(LOG_INFO, log_buffer);
986 if (logging_mode & LOG_MODE_FILE)
990 /* Check for a change to the mainlog file name when datestamping is in
991 operation. This happens at midnight, at which point we want to roll over
992 the file. Closing it has the desired effect. */
994 if (mainlog_datestamp)
996 uschar *nowstamp = tod_stamp(string_datestamp_type);
997 if (Ustrncmp (mainlog_datestamp, nowstamp, Ustrlen(nowstamp)) != 0)
999 (void)close(mainlogfd); /* Close the file */
1000 mainlogfd = -1; /* Clear the file descriptor */
1001 mainlog_inode = 0; /* Unset the inode */
1002 mainlog_datestamp = NULL; /* Clear the datestamp */
1006 /* Otherwise, we want to check whether the file has been renamed by a
1007 cycling script. This could be "if else", but for safety's sake, leave it as
1008 "if" so that renaming the log starts a new file even when datestamping is
1012 if (Ustat(mainlog_name, &statbuf) < 0 || statbuf.st_ino != mainlog_inode)
1015 /* If the log is closed, open it. Then write the line. */
1019 open_log(&mainlogfd, lt_main, NULL); /* No return on error */
1020 if (fstat(mainlogfd, &statbuf) >= 0) mainlog_inode = statbuf.st_ino;
1023 /* Failing to write to the log is disastrous */
1025 written_len = write_to_fd_buf(mainlogfd, log_buffer, length);
1026 if (written_len != length)
1028 log_write_failed(US"main log", length, written_len);
1029 /* That function does not return */
1034 /* Handle the log for rejected messages. This can be globally disabled, in
1035 which case the flags are altered above. If there are any header lines (i.e. if
1036 the rejection is happening after the DATA phase), log the recipients and the
1039 if (flags & LOG_REJECT)
1043 if (header_list && LOGGING(rejected_header))
1045 if (recipients_count > 0)
1049 /* List the sender */
1051 string_format(ptr, LOG_BUFFER_SIZE - (ptr-log_buffer),
1052 "Envelope-from: <%s>\n", sender_address);
1055 /* List up to 5 recipients */
1057 string_format(ptr, LOG_BUFFER_SIZE - (ptr-log_buffer),
1058 "Envelope-to: <%s>\n", recipients_list[0].address);
1061 for (i = 1; i < recipients_count && i < 5; i++)
1063 string_format(ptr, LOG_BUFFER_SIZE - (ptr-log_buffer), " <%s>\n",
1064 recipients_list[i].address);
1068 if (i < recipients_count)
1070 (void)string_format(ptr, LOG_BUFFER_SIZE - (ptr-log_buffer),
1076 /* A header with a NULL text is an unfilled in Received: header */
1078 for (h = header_list; h; h = h->next) if (h->text)
1080 BOOL fitted = string_format(ptr, LOG_BUFFER_SIZE - (ptr-log_buffer),
1081 "%c %s", h->type, h->text);
1083 if (!fitted) /* Buffer is full; truncate */
1085 ptr -= 100; /* For message and separator */
1086 if (ptr[-1] == '\n') ptr--;
1087 Ustrcpy(ptr, "\n*** truncated ***\n");
1093 length = ptr - log_buffer;
1096 /* Write to syslog or to a log file */
1098 if ( logging_mode & LOG_MODE_SYSLOG
1099 && (syslog_duplication || !(flags & LOG_PANIC)))
1100 write_syslog(LOG_NOTICE, log_buffer);
1102 /* Check for a change to the rejectlog file name when datestamping is in
1103 operation. This happens at midnight, at which point we want to roll over
1104 the file. Closing it has the desired effect. */
1106 if (logging_mode & LOG_MODE_FILE)
1108 struct stat statbuf;
1110 if (rejectlog_datestamp)
1112 uschar *nowstamp = tod_stamp(string_datestamp_type);
1113 if (Ustrncmp (rejectlog_datestamp, nowstamp, Ustrlen(nowstamp)) != 0)
1115 (void)close(rejectlogfd); /* Close the file */
1116 rejectlogfd = -1; /* Clear the file descriptor */
1117 rejectlog_inode = 0; /* Unset the inode */
1118 rejectlog_datestamp = NULL; /* Clear the datestamp */
1122 /* Otherwise, we want to check whether the file has been renamed by a
1123 cycling script. This could be "if else", but for safety's sake, leave it as
1124 "if" so that renaming the log starts a new file even when datestamping is
1127 if (rejectlogfd >= 0)
1128 if (Ustat(rejectlog_name, &statbuf) < 0 ||
1129 statbuf.st_ino != rejectlog_inode)
1131 (void)close(rejectlogfd);
1133 rejectlog_inode = 0;
1136 /* Open the file if necessary, and write the data */
1138 if (rejectlogfd < 0)
1140 open_log(&rejectlogfd, lt_reject, NULL); /* No return on error */
1141 if (fstat(rejectlogfd, &statbuf) >= 0) rejectlog_inode = statbuf.st_ino;
1144 written_len = write_to_fd_buf(rejectlogfd, log_buffer, length);
1145 if (written_len != length)
1147 log_write_failed(US"reject log", length, written_len);
1148 /* That function does not return */
1154 /* Handle the panic log, which is not kept open like the others. If it fails to
1155 open, there will be a recursive call to log_write(). We detect this above and
1156 attempt to write to the system log as a last-ditch try at telling somebody. In
1157 all cases except mua_wrapper, try to write to log_stderr. */
1159 if (flags & LOG_PANIC)
1161 if (log_stderr && log_stderr != debug_file && !mua_wrapper)
1162 fprintf(log_stderr, "%s", CS log_buffer);
1164 if (logging_mode & LOG_MODE_SYSLOG)
1165 write_syslog(LOG_ALERT, log_buffer);
1167 /* If this panic logging was caused by a failure to open the main log,
1168 the original log line is in panic_save_buffer. Make an attempt to write it. */
1170 if (logging_mode & LOG_MODE_FILE)
1172 panic_recurseflag = TRUE;
1173 open_log(&paniclogfd, lt_panic, NULL); /* Won't return on failure */
1174 panic_recurseflag = FALSE;
1176 if (panic_save_buffer)
1178 int i = write(paniclogfd, panic_save_buffer, Ustrlen(panic_save_buffer));
1179 i = i; /* compiler quietening */
1182 written_len = write_to_fd_buf(paniclogfd, log_buffer, length);
1183 if (written_len != length)
1185 int save_errno = errno;
1186 write_syslog(LOG_CRIT, log_buffer);
1187 sprintf(CS log_buffer, "write failed on panic log: length=%d result=%d "
1188 "errno=%d (%s)", length, (int)written_len, save_errno, strerror(save_errno));
1189 write_syslog(LOG_CRIT, log_buffer);
1190 flags |= LOG_PANIC_DIE;
1193 (void)close(paniclogfd);
1196 /* Give up if the DIE flag is set */
1198 if ((flags & LOG_PANIC_DIE) != LOG_PANIC)
1199 die(NULL, US"Unexpected failure, please try later");
1205 /*************************************************
1206 * Close any open log files *
1207 *************************************************/
1213 { (void)close(mainlogfd); mainlogfd = -1; }
1214 if (rejectlogfd >= 0)
1215 { (void)close(rejectlogfd); rejectlogfd = -1; }
1217 syslog_open = FALSE;
1222 /*************************************************
1223 * Multi-bit set or clear *
1224 *************************************************/
1226 /* These functions take a list of bit indexes (terminated by -1) and
1227 clear or set the corresponding bits in the selector.
1230 selector address of the bit string
1231 selsize number of words in the bit string
1232 bits list of bits to set
1236 bits_clear(unsigned int *selector, size_t selsize, int *bits)
1238 for(; *bits != -1; ++bits)
1239 BIT_CLEAR(selector, selsize, *bits);
1243 bits_set(unsigned int *selector, size_t selsize, int *bits)
1245 for(; *bits != -1; ++bits)
1246 BIT_SET(selector, selsize, *bits);
1251 /*************************************************
1252 * Decode bit settings for log/debug *
1253 *************************************************/
1255 /* This function decodes a string containing bit settings in the form of +name
1256 and/or -name sequences, and sets/unsets bits in a bit string accordingly. It
1257 also recognizes a numeric setting of the form =<number>, but this is not
1258 intended for user use. It's an easy way for Exim to pass the debug settings
1259 when it is re-exec'ed.
1261 The option table is a list of names and bit indexes. The index -1
1262 means "set all bits, except for those listed in notall". The notall
1263 list is terminated by -1.
1265 The action taken for bad values varies depending upon why we're here.
1266 For log messages, or if the debugging is triggered from config, then we write
1267 to the log on the way out. For debug setting triggered from the command-line,
1268 we treat it as an unknown option: error message to stderr and die.
1271 selector address of the bit string
1272 selsize number of words in the bit string
1273 notall list of bits to exclude from "all"
1274 string the configured string
1275 options the table of option names
1277 which "log" or "debug"
1278 flags DEBUG_FROM_CONFIG
1280 Returns: nothing on success - bomb out on failure
1284 decode_bits(unsigned int *selector, size_t selsize, int *notall,
1285 uschar *string, bit_table *options, int count, uschar *which, int flags)
1288 if (string == NULL) return;
1292 char *end; /* Not uschar */
1293 memset(selector, 0, sizeof(*selector)*selsize);
1294 *selector = strtoul(CS string+1, &end, 0);
1295 if (*end == 0) return;
1296 errmsg = string_sprintf("malformed numeric %s_selector setting: %s", which,
1301 /* Handle symbolic setting */
1308 bit_table *start, *end;
1310 while (isspace(*string)) string++;
1311 if (*string == 0) return;
1313 if (*string != '+' && *string != '-')
1315 errmsg = string_sprintf("malformed %s_selector setting: "
1316 "+ or - expected but found \"%s\"", which, string);
1320 adding = *string++ == '+';
1322 while (isalnum(*string) || *string == '_') string++;
1326 end = options + count;
1330 bit_table *middle = start + (end - start)/2;
1331 int c = Ustrncmp(s, middle->name, len);
1334 if (middle->name[len] != 0) c = -1; else
1336 unsigned int bit = middle->bit;
1342 memset(selector, -1, sizeof(*selector)*selsize);
1343 bits_clear(selector, selsize, notall);
1346 memset(selector, 0, sizeof(*selector)*selsize);
1349 BIT_SET(selector, selsize, bit);
1351 BIT_CLEAR(selector, selsize, bit);
1353 break; /* Out of loop to match selector name */
1356 if (c < 0) end = middle; else start = middle + 1;
1357 } /* Loop to match selector name */
1361 errmsg = string_sprintf("unknown %s_selector setting: %c%.*s", which,
1362 adding? '+' : '-', len, s);
1365 } /* Loop for selector names */
1367 /* Handle disasters */
1370 if (Ustrcmp(which, "debug") == 0)
1372 if (flags & DEBUG_FROM_CONFIG)
1374 log_write(0, LOG_CONFIG|LOG_PANIC, "%s", errmsg);
1377 fprintf(stderr, "exim: %s\n", errmsg);
1380 else log_write(0, LOG_CONFIG|LOG_PANIC_DIE, "%s", errmsg);
1385 /*************************************************
1386 * Activate a debug logfile (late) *
1387 *************************************************/
1389 /* Normally, debugging is activated from the command-line; it may be useful
1390 within the configuration to activate debugging later, based on certain
1391 conditions. If debugging is already in progress, we return early, no action
1392 taken (besides debug-logging that we wanted debug-logging).
1394 Failures in options are not fatal but will result in paniclog entries for the
1397 The first use of this is in ACL logic, "control = debug/tag=foo/opts=+expand"
1398 which can be combined with conditions, etc, to activate extra logging only
1399 for certain sources. The second use is inetd wait mode debug preservation. */
1402 debug_logging_activate(uschar *tag_name, uschar *opts)
1408 debug_printf("DEBUGGING ACTIVATED FROM WITHIN CONFIG.\n"
1409 "DEBUG: Tag=\"%s\" opts=\"%s\"\n", tag_name, opts ? opts : US"");
1413 if (tag_name != NULL && (Ustrchr(tag_name, '/') != NULL))
1415 log_write(0, LOG_MAIN|LOG_PANIC, "debug tag may not contain a '/' in: %s",
1420 debug_selector = D_default;
1422 decode_bits(&debug_selector, 1, debug_notall, opts,
1423 debug_options, debug_options_count, US"debug", DEBUG_FROM_CONFIG);
1425 /* When activating from a transport process we may never have logged at all
1426 resulting in certain setup not having been done. Hack this for now so we
1427 do not segfault; note that nondefault log locations will not work */
1429 if (!*file_path) set_file_path();
1431 open_log(&fd, lt_debug, tag_name);
1434 debug_file = fdopen(fd, "w");
1436 log_write(0, LOG_MAIN|LOG_PANIC, "unable to open debug log");
1441 debug_logging_stop(void)
1443 if (!debug_file || !debuglog_name[0]) return;
1448 unlink_log(lt_debug);