Attachment #1973 for bug #1844

Lines 34-39 Link Here

(-)openssh.orig/sftp-server.8 (+5 lines)
34	.Op Fl f Ar log_facility	34	.Op Fl f Ar log_facility
35	.Op Fl l Ar log_level	35	.Op Fl l Ar log_level
36	.Op Fl u Ar umask	36	.Op Fl u Ar umask
		37	.Op Fl m Ar force_file_permissions
37	.Sh DESCRIPTION	38	.Sh DESCRIPTION
38	.Nm	39	.Nm
39	is a program that speaks the server side of SFTP protocol	40	is a program that speaks the server side of SFTP protocol
Lines 92-97 Link Here
92	.Xr umask 2	93	.Xr umask 2
93	to be applied to newly-created files and directories, instead of the	94	to be applied to newly-created files and directories, instead of the
94	user's default mask.	95	user's default mask.
		96	.It Fl m Ar force_file_permissions
		97	Sets explicit file permissions to be applied to newly-created files instead
		98	of the default or client requested mode. Numeric values include:
		99	777, 755, 750, 666, 644, 640, etc. Option -u is ineffective if -m is set.
95	.El	100	.El
96	.Pp	101	.Pp
97	For logging to work,	102	For logging to work,

Lines 64-69 Link Here

(-)openssh.orig/sftp-server.c (-3 / +20 lines)
64	/* Disable writes */	64	/* Disable writes */
65	int readonly;	65	int readonly;
66		66
		67	/* Force file permissions */
		68	int permforce = 0;
		69	long permforcemode;
		70
67	/* portable attributes, etc. */	71	/* portable attributes, etc. */
68		72
69	typedef struct Stat Stat;	73	typedef struct Stat Stat;
Lines 548-553 Link Here
548	a = get_attrib();	552	a = get_attrib();
549	flags = flags_from_portable(pflags);	553	flags = flags_from_portable(pflags);
550	mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666;	554	mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666;
		555	if (permforce == 1) { /* Force perm if -m is set */
		556	mode = permforcemode;
		557	(void)umask(0); /* so umask does not interfere */
		558	}
551	logit("open \"%s\" flags %s mode 0%o",	559	logit("open \"%s\" flags %s mode 0%o",
552	name, string_from_portable(pflags), mode);	560	name, string_from_portable(pflags), mode);
553	if (readonly &&	561	if (readonly &&
Lines 1362-1369 Link Here
1362	extern char *__progname;	1370	extern char *__progname;
1363		1371
1364	fprintf(stderr,	1372	fprintf(stderr,
1365	"usage: %s [-ehR] [-f log_facility] [-l log_level] [-u umask]\n",	1373	"usage: %s [-ehR] [-f log_facility] [-l log_level] [-u umask]\n"
1366	__progname);	1374	" [-m force_file_permissions]\n", __progname);
1367	exit(1);	1375	exit(1);
1368	}	1376	}
1369		1377
Lines 1382-1388 Link Here
1382		1390
1383	log_init(__progname, log_level, log_facility, log_stderr);	1391	log_init(__progname, log_level, log_facility, log_stderr);
1384		1392
1385	while (!skipargs && (ch = getopt(argc, argv, "f:l:u:cehR")) != -1) {	1393	while (!skipargs && (ch = getopt(argc, argv, "f:l:u:m:cehR")) != -1) {
1386	switch (ch) {	1394	switch (ch) {
1387	case 'R':	1395	case 'R':
1388	readonly = 1;	1396	readonly = 1;
Lines 1415-1420 Link Here
1415	fatal("Invalid umask \"%s\"", optarg);	1423	fatal("Invalid umask \"%s\"", optarg);
1416	(void)umask((mode_t)mask);	1424	(void)umask((mode_t)mask);
1417	break;	1425	break;
		1426	case 'm':
		1427	/* Force permissions on file received via sftp */
		1428	permforce = 1;
		1429	permforcemode = strtol(optarg, &cp, 8);
		1430	if (permforcemode < 0 \|\| permforcemode > 0777 \|\|
		1431	*cp != '\0' \|\| (permforcemode == 0 &&
		1432	errno != 0))
		1433	fatal("Invalid file mode \"%s\"", optarg);
		1434	break;
1418	case 'h':	1435	case 'h':
1419	default:	1436	default:
1420	sftp_server_usage();	1437	sftp_server_usage();

Return to bug 1844