Bug 973

Created attachment 769 [details]
reinit log after receiving config after reexec

I think I see the problem: when reexec is enabled, log_init() is called before
recv_rexec_state() and load_server_config(), so the log will be pointing to
whatever the default is.

Please try this patch.

Created attachment 770 [details]
reinit log after reexec, take 2

Please try this one instead, it should also work when the log params are left
unset.

I tried both the patches but still the log messages of tcp wrapper are not 
written to configured syslog file. 

What platform (and version) are you seeing the problem on ?

OpenSSH Version : 3.9p1
Platform :  Fedora core 2
kernel : 2.6.5-1.358

Which message is missing?  Is it this one:
sshd: refused connect from [foo] ?

I have these two entries in /etc/syslog.conf
local7.info                                             /var/log/ssh.log
*.info;mail.none;authpriv.none;cron.none;local7.none    /var/log/messages

The message "sshd: refused connect from [foo]" appears in /var/log/messages but
not in /var/log/ssh.log.

But when sshd is run with -r option the message goes to /var/log/ssh.log alone

What do you have SyslogFacility and LogLevel set to in sshd_config? 

my /etc/sshd_config file has
SyslogFacility LOCAL7
LogLevel INFO

Created attachment 772 [details]
reinit log after reexec, take 3

OK, I think I have it: log_init doesn't get called correctly at the point
refuse() is called, so the messages get sent to the wrong place.

Please try this patch.	If it works I'll dig out my ouija board and try to
determine how it's supposed to work when reexec is enabled :-)

I tried the patch 3, but still the problem persists. 

Created attachment 773 [details]
force log_init to reopen syslog

Sigh.  OK, new theory: although log_init has been called, openlog() hasn't so
when libwrap calls syslog it still points to the default settings.

Since the log functions do openlog/closelog, logging *anything* means that it
will be pointing at the right place afterward (which meant that the debugging I
added while working on it that made the problem go away, not the alleged fixes.
 A neato Heisenbug).

Hopefully this patch will finally nail it; I mean, at some point I have to run
out of wrong ideas, right :-?

Great. This patch worked. 

*** Bug 948 has been marked as a duplicate of this bug. ***

It appears that OpenBSD's libwrap (or, more likely, its syslog libraries) are
not fooled so easily.  The refuse message always goes to the default log
(/var/log/messages on my box) and not to sshd's SyslogFacility, regardless of
whether or not reexec is invoked and/or messages are logged before the refuse.

I suspect it boils down to what the OS does in this case:

openlog(..., int facility);
syslog(..., "message1");
closelog();
syslog(..., "message2");

It appears that on OpenBSD, message1 will go to different places if the facility
is set.  On other platforms, message2 will end up wherever message1 went (as you
saw).

The upshot is that if we're going to do something about it, it ought to be
-Portable only (new patch to follow).

Created attachment 786 [details]
force reopen of syslog (fixed for openlog_r too)

Force reopen of syslog, which should mean that behaviour should at least be
consistent on all platforms regardless of whether or not reexec is enabled. 
OK?

Patch #786 committed.  Thanks for the report.

With the release of OpenSSH 4.0, these bugs are now closed. For details, see:
http://www.openssh.com/txt/release-4.0