6 files changed, 32 insertions, 25 deletions
diff --git a/auth.c b/auth.c
index 6ee6116df..8b2942956 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.119 2016/12/15 21:29:05 dtucker Exp $ */
+/* $OpenBSD: auth.c,v 1.120 2017/05/17 01:24:17 djm Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 *
@@ -635,6 +635,7 @@ getpwnamallow(const char *user)
        ci->user = user;
        parse_server_match_config(&options, ci);
+        log_change_level(options.log_level);
 #if defined(_AIX) && defined(HAVE_SETAUTHDB)
        aix_setauthdb(user);
diff --git a/log.c b/log.c
index d0f86cf6f..99450dd12 100644
--- a/log.c
+++ b/log.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: log.c,v 1.49 2017/03/10 03:15:58 djm Exp $ */
+/* $OpenBSD: log.c,v 1.50 2017/05/17 01:24:17 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -256,18 +256,7 @@ log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr)
        argv0 = av0;
-        switch (level) {
+        if (log_change_level(level) != 0) {
-        case SYSLOG_LEVEL_QUIET:
-        case SYSLOG_LEVEL_FATAL:
-        case SYSLOG_LEVEL_ERROR:
-        case SYSLOG_LEVEL_INFO:
-        case SYSLOG_LEVEL_VERBOSE:
-        case SYSLOG_LEVEL_DEBUG1:
-        case SYSLOG_LEVEL_DEBUG2:
-        case SYSLOG_LEVEL_DEBUG3:
-                log_level = level;
-                break;
-        default:
                fprintf(stderr, "Unrecognized internal syslog level code %d\n",
                    (int) level);
                exit(1);
@@ -340,13 +329,27 @@ log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr)
 #endif
 }
-void
+int
 log_change_level(LogLevel new_log_level)
 {
        /* no-op if log_init has not been called */
        if (argv0 == NULL)
-                return;
+                return 0;
-        log_init(argv0, new_log_level, log_facility, log_on_stderr);
+        switch (new_log_level) {
+        case SYSLOG_LEVEL_QUIET:
+        case SYSLOG_LEVEL_FATAL:
+        case SYSLOG_LEVEL_ERROR:
+        case SYSLOG_LEVEL_INFO:
+        case SYSLOG_LEVEL_VERBOSE:
+        case SYSLOG_LEVEL_DEBUG1:
+        case SYSLOG_LEVEL_DEBUG2:
+        case SYSLOG_LEVEL_DEBUG3:
+                log_level = new_log_level;
+                return 0;
+        default:
+                return -1;
+        }
 }
 int
diff --git a/log.h b/log.h
index 434b7c81a..78221046c 100644
--- a/log.h
+++ b/log.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: log.h,v 1.21 2016/07/15 05:01:58 dtucker Exp $ */
+/* $OpenBSD: log.h,v 1.22 2017/05/17 01:24:17 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -49,7 +49,7 @@ typedef enum {
 typedef void (log_handler_fn)(LogLevel, const char *, void *);
 void     log_init(char *, LogLevel, SyslogFacility, int);
-void     log_change_level(LogLevel);
+int      log_change_level(LogLevel);
 int      log_is_on_stderr(void);
 void     log_redirect_stderr_to(const char *);
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 64ff92885..f2eec5a77 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.c,v 1.89 2016/08/13 17:47:41 markus Exp $ */
+/* $OpenBSD: monitor_wrap.c,v 1.90 2017/05/17 01:24:17 djm Exp $ */
 /*
 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -295,6 +295,7 @@ out:
 #undef M_CP_STRARRAYOPT
        copy_set_server_options(&options, newopts, 1);
+        log_change_level(options.log_level);
        free(newopts);
        buffer_free(&m);
diff --git a/servconf.c b/servconf.c
index 73f2c2b18..a112798e4 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
-/* $OpenBSD: servconf.c,v 1.307 2017/04/27 13:40:05 jsg Exp $ */
+/* $OpenBSD: servconf.c,v 1.308 2017/05/17 01:24:17 djm Exp $ */
 /*
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
@@ -449,7 +449,7 @@ static struct {
        { "keyregenerationinterval", sDeprecated, SSHCFG_GLOBAL },
        { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL },
        { "syslogfacility", sLogFacility, SSHCFG_GLOBAL },
-        { "loglevel", sLogLevel, SSHCFG_GLOBAL },
+        { "loglevel", sLogLevel, SSHCFG_ALL },
        { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL },
        { "rhostsrsaauthentication", sDeprecated, SSHCFG_ALL },
        { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL },
@@ -1345,7 +1345,7 @@ process_server_config_line(ServerOptions *options, char *line,
                if (value == SYSLOG_LEVEL_NOT_SET)
                        fatal("%.200s line %d: unsupported log level '%s'",
                            filename, linenum, arg ? arg : "<NONE>");
-                if (*log_level_ptr == -1)
+                if (*activep && *log_level_ptr == -1)
                        *log_level_ptr = (LogLevel) value;
                break;
@@ -1989,6 +1989,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
        M_CP_INTOPT(ip_qos_bulk);
        M_CP_INTOPT(rekey_limit);
        M_CP_INTOPT(rekey_interval);
+        M_CP_INTOPT(log_level);
        /*
         * The bind_mask is a mode_t that may be unsigned, so we can't use
diff --git a/sshd_config.5 b/sshd_config.5
index 7ccf6fd4e..7b4cb1d9a 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.244 2017/05/07 23:12:57 djm Exp $
+.\" $OpenBSD: sshd_config.5,v 1.245 2017/05/17 01:24:17 djm Exp $
-.Dd $Mdocdate: May 7 2017 $
+.Dd $Mdocdate: May 17 2017 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -1066,6 +1066,7 @@ Available keywords are
 .Cm IPQoS ,
 .Cm KbdInteractiveAuthentication ,
 .Cm KerberosAuthentication ,
+.Cm LogLevel ,
 .Cm MaxAuthTries ,
 .Cm MaxSessions ,
 .Cm PasswordAuthentication ,

diff --git a/auth.c b/auth.c index 6ee6116df..8b2942956 100644 --- a/auth.c +++ b/auth.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: auth.c,v 1.119 2016/12/15 21:29:05 dtucker Exp $ */	1	/* $OpenBSD: auth.c,v 1.120 2017/05/17 01:24:17 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000 Markus Friedl. All rights reserved.
4	*	4	*
@@ -635,6 +635,7 @@ getpwnamallow(const char *user)
635		635
636	ci->user = user;	636	ci->user = user;
637	parse_server_match_config(&options, ci);	637	parse_server_match_config(&options, ci);
		638	log_change_level(options.log_level);
638		639
639	#if defined(_AIX) && defined(HAVE_SETAUTHDB)	640	#if defined(_AIX) && defined(HAVE_SETAUTHDB)
640	aix_setauthdb(user);	641	aix_setauthdb(user);


diff --git a/log.c b/log.c index d0f86cf6f..99450dd12 100644 --- a/log.c +++ b/log.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: log.c,v 1.49 2017/03/10 03:15:58 djm Exp $ */	1	/* $OpenBSD: log.c,v 1.50 2017/05/17 01:24:17 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -256,18 +256,7 @@ log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr)
256		256
257	argv0 = av0;	257	argv0 = av0;
258		258
259	switch (level) {	259	if (log_change_level(level) != 0) {
260	case SYSLOG_LEVEL_QUIET:
261	case SYSLOG_LEVEL_FATAL:
262	case SYSLOG_LEVEL_ERROR:
263	case SYSLOG_LEVEL_INFO:
264	case SYSLOG_LEVEL_VERBOSE:
265	case SYSLOG_LEVEL_DEBUG1:
266	case SYSLOG_LEVEL_DEBUG2:
267	case SYSLOG_LEVEL_DEBUG3:
268	log_level = level;
269	break;
270	default:
271	fprintf(stderr, "Unrecognized internal syslog level code %d\n",	260	fprintf(stderr, "Unrecognized internal syslog level code %d\n",
272	(int) level);	261	(int) level);
273	exit(1);	262	exit(1);
@@ -340,13 +329,27 @@ log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr)
340	#endif	329	#endif
341	}	330	}
342		331
343	void	332	int
344	log_change_level(LogLevel new_log_level)	333	log_change_level(LogLevel new_log_level)
345	{	334	{
346	/* no-op if log_init has not been called */	335	/* no-op if log_init has not been called */
347	if (argv0 == NULL)	336	if (argv0 == NULL)
348	return;	337	return 0;
349	log_init(argv0, new_log_level, log_facility, log_on_stderr);	338
		339	switch (new_log_level) {
		340	case SYSLOG_LEVEL_QUIET:
		341	case SYSLOG_LEVEL_FATAL:
		342	case SYSLOG_LEVEL_ERROR:
		343	case SYSLOG_LEVEL_INFO:
		344	case SYSLOG_LEVEL_VERBOSE:
		345	case SYSLOG_LEVEL_DEBUG1:
		346	case SYSLOG_LEVEL_DEBUG2:
		347	case SYSLOG_LEVEL_DEBUG3:
		348	log_level = new_log_level;
		349	return 0;
		350	default:
		351	return -1;
		352	}
350	}	353	}
351		354
352	int	355	int


diff --git a/log.h b/log.h index 434b7c81a..78221046c 100644 --- a/log.h +++ b/log.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: log.h,v 1.21 2016/07/15 05:01:58 dtucker Exp $ */	1	/* $OpenBSD: log.h,v 1.22 2017/05/17 01:24:17 djm Exp $ */
2		2
3	/*	3	/*
4	* Author: Tatu Ylonen <ylo@cs.hut.fi>	4	* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -49,7 +49,7 @@ typedef enum {
49	typedef void (log_handler_fn)(LogLevel, const char , void );	49	typedef void (log_handler_fn)(LogLevel, const char , void );
50		50
51	void log_init(char *, LogLevel, SyslogFacility, int);	51	void log_init(char *, LogLevel, SyslogFacility, int);
52	void log_change_level(LogLevel);	52	int log_change_level(LogLevel);
53	int log_is_on_stderr(void);	53	int log_is_on_stderr(void);
54	void log_redirect_stderr_to(const char *);	54	void log_redirect_stderr_to(const char *);
55		55


diff --git a/monitor_wrap.c b/monitor_wrap.c index 64ff92885..f2eec5a77 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: monitor_wrap.c,v 1.89 2016/08/13 17:47:41 markus Exp $ */	1	/* $OpenBSD: monitor_wrap.c,v 1.90 2017/05/17 01:24:17 djm Exp $ */
2	/*	2	/*
3	* Copyright 2002 Niels Provos <provos@citi.umich.edu>	3	* Copyright 2002 Niels Provos <provos@citi.umich.edu>
4	* Copyright 2002 Markus Friedl <markus@openbsd.org>	4	* Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -295,6 +295,7 @@ out:
295	#undef M_CP_STRARRAYOPT	295	#undef M_CP_STRARRAYOPT
296		296
297	copy_set_server_options(&options, newopts, 1);	297	copy_set_server_options(&options, newopts, 1);
		298	log_change_level(options.log_level);
298	free(newopts);	299	free(newopts);
299		300
300	buffer_free(&m);	301	buffer_free(&m);


diff --git a/servconf.c b/servconf.c index 73f2c2b18..a112798e4 100644 --- a/servconf.c +++ b/servconf.c
@@ -1,5 +1,5 @@
1		1
2	/* $OpenBSD: servconf.c,v 1.307 2017/04/27 13:40:05 jsg Exp $ */	2	/* $OpenBSD: servconf.c,v 1.308 2017/05/17 01:24:17 djm Exp $ */
3	/*	3	/*
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5	* All rights reserved	5	* All rights reserved
@@ -449,7 +449,7 @@ static struct {
449	{ "keyregenerationinterval", sDeprecated, SSHCFG_GLOBAL },	449	{ "keyregenerationinterval", sDeprecated, SSHCFG_GLOBAL },
450	{ "permitrootlogin", sPermitRootLogin, SSHCFG_ALL },	450	{ "permitrootlogin", sPermitRootLogin, SSHCFG_ALL },
451	{ "syslogfacility", sLogFacility, SSHCFG_GLOBAL },	451	{ "syslogfacility", sLogFacility, SSHCFG_GLOBAL },
452	{ "loglevel", sLogLevel, SSHCFG_GLOBAL },	452	{ "loglevel", sLogLevel, SSHCFG_ALL },
453	{ "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL },	453	{ "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL },
454	{ "rhostsrsaauthentication", sDeprecated, SSHCFG_ALL },	454	{ "rhostsrsaauthentication", sDeprecated, SSHCFG_ALL },
455	{ "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL },	455	{ "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL },
@@ -1345,7 +1345,7 @@ process_server_config_line(ServerOptions options, char line,
1345	if (value == SYSLOG_LEVEL_NOT_SET)	1345	if (value == SYSLOG_LEVEL_NOT_SET)
1346	fatal("%.200s line %d: unsupported log level '%s'",	1346	fatal("%.200s line %d: unsupported log level '%s'",
1347	filename, linenum, arg ? arg : "<NONE>");	1347	filename, linenum, arg ? arg : "<NONE>");
1348	if (*log_level_ptr == -1)	1348	if (activep && log_level_ptr == -1)
1349	*log_level_ptr = (LogLevel) value;	1349	*log_level_ptr = (LogLevel) value;
1350	break;	1350	break;
1351		1351
@@ -1989,6 +1989,7 @@ copy_set_server_options(ServerOptions dst, ServerOptions src, int preauth)
1989	M_CP_INTOPT(ip_qos_bulk);	1989	M_CP_INTOPT(ip_qos_bulk);
1990	M_CP_INTOPT(rekey_limit);	1990	M_CP_INTOPT(rekey_limit);
1991	M_CP_INTOPT(rekey_interval);	1991	M_CP_INTOPT(rekey_interval);
		1992	M_CP_INTOPT(log_level);
1992		1993
1993	/*	1994	/*
1994	* The bind_mask is a mode_t that may be unsigned, so we can't use	1995	* The bind_mask is a mode_t that may be unsigned, so we can't use


diff --git a/sshd_config.5 b/sshd_config.5 index 7ccf6fd4e..7b4cb1d9a 100644 --- a/sshd_config.5 +++ b/sshd_config.5
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: sshd_config.5,v 1.244 2017/05/07 23:12:57 djm Exp $	36	.\" $OpenBSD: sshd_config.5,v 1.245 2017/05/17 01:24:17 djm Exp $
37	.Dd $Mdocdate: May 7 2017 $	37	.Dd $Mdocdate: May 17 2017 $
38	.Dt SSHD_CONFIG 5	38	.Dt SSHD_CONFIG 5
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -1066,6 +1066,7 @@ Available keywords are
1066	.Cm IPQoS ,	1066	.Cm IPQoS ,
1067	.Cm KbdInteractiveAuthentication ,	1067	.Cm KbdInteractiveAuthentication ,
1068	.Cm KerberosAuthentication ,	1068	.Cm KerberosAuthentication ,
		1069	.Cm LogLevel ,
1069	.Cm MaxAuthTries ,	1070	.Cm MaxAuthTries ,
1070	.Cm MaxSessions ,	1071	.Cm MaxSessions ,
1071	.Cm PasswordAuthentication ,	1072	.Cm PasswordAuthentication ,