Bugzilla – Attachment 2872 Details for
Bug 1844
Explicit file permissions enhancement to sftp-server
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch with proper umask restore
force-perm.patch (text/plain), 3.16 KB, created by
Jakub Jelen
on 2016-09-09 01:14:31 AEST
(
hide
)
Description:
patch with proper umask restore
Filename:
MIME Type:
Creator:
Jakub Jelen
Created:
2016-09-09 01:14:31 AEST
Size:
3.16 KB
patch
obsolete
>diff --git a/sftp-server.8 b/sftp-server.8 >index c117398..8b50f53 100644 >--- a/sftp-server.8 >+++ b/sftp-server.8 >@@ -38,6 +38,7 @@ > .Op Fl P Ar blacklisted_requests > .Op Fl p Ar whitelisted_requests > .Op Fl u Ar umask >+.Op Fl m Ar force_file_perms > .Ek > .Nm > .Fl Q Ar protocol_feature >@@ -138,6 +139,10 @@ Sets an explicit > .Xr umask 2 > to be applied to newly-created files and directories, instead of the > user's default mask. >+.It Fl m Ar force_file_perms >+Sets explicit file permissions to be applied to newly-created files instead >+of the default or client requested mode. Numeric values include: >+777, 755, 750, 666, 644, 640, etc. Option -u is ineffective if -m is set. > .El > .Pp > On some systems, >diff --git a/sftp-server.c b/sftp-server.c >index 646286a..cfca7cb 100644 >--- a/sftp-server.c >+++ b/sftp-server.c >@@ -66,6 +66,10 @@ struct sshbuf *oqueue; > /* Version of client */ > static u_int version; > >+/* Force file permissions */ >+int permforce = 0; >+long permforcemode; >+ > /* SSH2_FXP_INIT received */ > static int init_done; > >@@ -680,6 +684,7 @@ process_open(u_int32_t id) > Attrib a; > char *name; > int r, handle, fd, flags, mode, status = SSH2_FX_FAILURE; >+ mode_t old_umask = 0; > > if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 || > (r = sshbuf_get_u32(iqueue, &pflags)) != 0 || /* portable flags */ >@@ -689,6 +694,10 @@ process_open(u_int32_t id) > debug3("request %u: open flags %d", id, pflags); > flags = flags_from_portable(pflags); > mode = (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a.perm : 0666; >+ if (permforce == 1) { /* Force perm if -m is set */ >+ mode = permforcemode; >+ old_umask = umask(0); /* so umask does not interfere */ >+ } > logit("open \"%s\" flags %s mode 0%o", > name, string_from_portable(pflags), mode); > if (readonly && >@@ -710,6 +719,8 @@ process_open(u_int32_t id) > } > } > } >+ if (permforce == 1) >+ (void) umask(old_umask); /* restore umask to something sane */ > if (status != SSH2_FX_OK) > send_status(id, status); > free(name); >@@ -1491,7 +1502,7 @@ sftp_server_usage(void) > fprintf(stderr, > "usage: %s [-ehR] [-d start_directory] [-f log_facility] " > "[-l log_level]\n\t[-P blacklisted_requests] " >- "[-p whitelisted_requests] [-u umask]\n" >+ "[-p whitelisted_requests] [-u umask] [-m force_file_perms]\n" > " %s -Q protocol_feature\n", > __progname, __progname); > exit(1); >@@ -1517,7 +1528,7 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) > pw = pwcopy(user_pw); > > while (!skipargs && (ch = getopt(argc, argv, >- "d:f:l:P:p:Q:u:cehR")) != -1) { >+ "d:f:l:P:p:Q:u:m:cehR")) != -1) { > switch (ch) { > case 'Q': > if (strcasecmp(optarg, "requests") != 0) { >@@ -1577,6 +1588,15 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) > fatal("Invalid umask \"%s\"", optarg); > (void)umask((mode_t)mask); > break; >+ case 'm': >+ /* Force permissions on file received via sftp */ >+ permforce = 1; >+ permforcemode = strtol(optarg, &cp, 8); >+ if (permforcemode < 0 || permforcemode > 0777 || >+ *cp != '\0' || (permforcemode == 0 && >+ errno != 0)) >+ fatal("Invalid file mode \"%s\"", optarg); >+ break; > case 'h': > default: > sftp_server_usage();
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2872">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1844
:
1973
|
2547
|
2872
|
3096
|
3098