[people/amarx/ipfire-3.x.git] / openssh / patches / openssh-6.7p1-sftp-force-permission.patch

diff -up openssh-6.8p1/sftp-server.8.sftp-force-mode openssh-6.8p1/sftp-server.8
--- openssh-6.8p1/sftp-server.8.sftp-force-mode	2015-03-17 06:49:20.000000000 +0100
+++ openssh-6.8p1/sftp-server.8	2015-03-18 13:18:05.898306477 +0100
@@ -38,6 +38,7 @@
 .Op Fl P Ar blacklisted_requests
 .Op Fl p Ar whitelisted_requests
 .Op Fl u Ar umask
+.Op Fl m Ar force_file_perms
 .Ek
 .Nm
 .Fl Q Ar protocol_feature
@@ -138,6 +139,10 @@ Sets an explicit
 .Xr umask 2
 to be applied to newly-created files and directories, instead of the
 user's default mask.
+.It Fl m Ar force_file_perms
+Sets explicit file permissions to be applied to newly-created files instead
+of the default or client requested mode.  Numeric values include:
+777, 755, 750, 666, 644, 640, etc.  Option -u is ineffective if -m is set.
 .El
 .Pp
 On some systems,
diff -up openssh-6.8p1/sftp-server.c.sftp-force-mode openssh-6.8p1/sftp-server.c
--- openssh-6.8p1/sftp-server.c.sftp-force-mode	2015-03-18 13:18:05.883306513 +0100
+++ openssh-6.8p1/sftp-server.c	2015-03-18 13:18:36.697232193 +0100
@@ -70,6 +70,10 @@ struct sshbuf *oqueue;
 /* Version of client */
 static u_int version;
 
+/* Force file permissions */
+int permforce = 0;
+long permforcemode;
+
 /* SSH2_FXP_INIT received */
 static int init_done;
 
@@ -693,6 +697,10 @@ process_open(u_int32_t id)
 	debug3("request %u: open flags %d", id, pflags);
 	flags = flags_from_portable(pflags);
 	mode = (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a.perm : 0666;
+	if (permforce == 1) {   /* Force perm if -m is set */
+		mode = permforcemode;
+		(void)umask(0); /* so umask does not interfere		 */
+	}	
 	logit("open \"%s\" flags %s mode 0%o",
 	    name, string_from_portable(pflags), mode);
 	if (readonly &&
@@ -1495,7 +1503,7 @@ sftp_server_usage(void)
 	fprintf(stderr,
 	    "usage: %s [-ehR] [-d start_directory] [-f log_facility] "
 	    "[-l log_level]\n\t[-P blacklisted_requests] "
-	    "[-p whitelisted_requests] [-u umask]\n"
+	    "[-p whitelisted_requests] [-u umask] [-m force_file_perms]\n"
 	    "       %s -Q protocol_feature\n",
 	    __progname, __progname);
 	exit(1);
@@ -1520,7 +1528,7 @@ sftp_server_main(int argc, char **argv,
 	pw = pwcopy(user_pw);
 
 	while (!skipargs && (ch = getopt(argc, argv,
-	    "d:f:l:P:p:Q:u:cehR")) != -1) {
+	    "d:f:l:P:p:Q:u:m:cehR")) != -1) {
 		switch (ch) {
 		case 'Q':
 			if (strcasecmp(optarg, "requests") != 0) {
@@ -1580,6 +1588,15 @@ sftp_server_main(int argc, char **argv,
 				fatal("Invalid umask \"%s\"", optarg);
 			(void)umask((mode_t)mask);
 			break;
+		case 'm':
+			/* Force permissions on file received via sftp */
+			permforce = 1;
+			permforcemode = strtol(optarg, &cp, 8);
+			if (permforcemode < 0 || permforcemode > 0777 ||
+			    *cp != '\0' || (permforcemode == 0 &&
+			    errno != 0))
+				fatal("Invalid file mode \"%s\"", optarg);
+			break;
 		case 'h':
 		default:
 			sftp_server_usage();
Commit	Line	Data
17d728c8 SS	1	diff -up openssh-6.8p1/sftp-server.8.sftp-force-mode openssh-6.8p1/sftp-server.8
	2	--- openssh-6.8p1/sftp-server.8.sftp-force-mode 2015-03-17 06:49:20.000000000 +0100
	3	+++ openssh-6.8p1/sftp-server.8 2015-03-18 13:18:05.898306477 +0100
	4	@@ -38,6 +38,7 @@
	5	.Op Fl P Ar blacklisted_requests
	6	.Op Fl p Ar whitelisted_requests
	7	.Op Fl u Ar umask
	8	+.Op Fl m Ar force_file_perms
	9	.Ek
	10	.Nm
	11	.Fl Q Ar protocol_feature
	12	@@ -138,6 +139,10 @@ Sets an explicit
	13	.Xr umask 2
	14	to be applied to newly-created files and directories, instead of the
	15	user's default mask.
	16	+.It Fl m Ar force_file_perms
	17	+Sets explicit file permissions to be applied to newly-created files instead
	18	+of the default or client requested mode. Numeric values include:
	19	+777, 755, 750, 666, 644, 640, etc. Option -u is ineffective if -m is set.
	20	.El
	21	.Pp
	22	On some systems,
	23	diff -up openssh-6.8p1/sftp-server.c.sftp-force-mode openssh-6.8p1/sftp-server.c
	24	--- openssh-6.8p1/sftp-server.c.sftp-force-mode 2015-03-18 13:18:05.883306513 +0100
	25	+++ openssh-6.8p1/sftp-server.c 2015-03-18 13:18:36.697232193 +0100
	26	@@ -70,6 +70,10 @@ struct sshbuf *oqueue;
	27	/* Version of client */
	28	static u_int version;
	29
	30	+/* Force file permissions */
	31	+int permforce = 0;
	32	+long permforcemode;
	33	+
	34	/* SSH2_FXP_INIT received */
	35	static int init_done;
	36
	37	@@ -693,6 +697,10 @@ process_open(u_int32_t id)
	38	debug3("request %u: open flags %d", id, pflags);
	39	flags = flags_from_portable(pflags);
	40	mode = (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a.perm : 0666;
	41	+ if (permforce == 1) { /* Force perm if -m is set */
	42	+ mode = permforcemode;
	43	+ (void)umask(0); /* so umask does not interfere */
	44	+ }
	45	logit("open \"%s\" flags %s mode 0%o",
	46	name, string_from_portable(pflags), mode);
	47	if (readonly &&
	48	@@ -1495,7 +1503,7 @@ sftp_server_usage(void)
	49	fprintf(stderr,
	50	"usage: %s [-ehR] [-d start_directory] [-f log_facility] "
	51	"[-l log_level]\n\t[-P blacklisted_requests] "
	52	- "[-p whitelisted_requests] [-u umask]\n"
	53	+ "[-p whitelisted_requests] [-u umask] [-m force_file_perms]\n"
	54	" %s -Q protocol_feature\n",
	55	__progname, __progname);
	56	exit(1);
	57	@@ -1520,7 +1528,7 @@ sftp_server_main(int argc, char **argv,
	58	pw = pwcopy(user_pw);
	59
	60	while (!skipargs && (ch = getopt(argc, argv,
	61	- "d:f:l:P:p:Q:u:cehR")) != -1) {
	62	+ "d:f:l:P:p:Q:u:m:cehR")) != -1) {
	63	switch (ch) {
	64	case 'Q':
65	if (strcasecmp(optarg, "requests") != 0) {
66	@@ -1580,6 +1588,15 @@ sftp_server_main(int argc, char **argv,
67	fatal("Invalid umask \"%s\"", optarg);
68	(void)umask((mode_t)mask);
69	break;
70	+ case 'm':
71	+ /* Force permissions on file received via sftp */
72	+ permforce = 1;
73	+ permforcemode = strtol(optarg, &cp, 8);
74	+ if (permforcemode < 0 \|\| permforcemode > 0777 \|\|
75	+ *cp != '\0' \|\| (permforcemode == 0 &&
76	+ errno != 0))
77	+ fatal("Invalid file mode \"%s\"", optarg);
78	+ break;
79	case 'h':
80	default:
81	sftp_server_usage();