openssh/openssh-7.7p1-sftp_force_permissions.patch

Index: openssh-8.4p1/sftp-server.8
===================================================================
--- openssh-8.4p1.orig/sftp-server.8
+++ openssh-8.4p1/sftp-server.8
@@ -38,6 +38,7 @@
 .Op Fl P Ar denied_requests
 .Op Fl p Ar allowed_requests
 .Op Fl u Ar umask
+.Op Fl m Ar force_file_dir_perms
 .Ek
 .Nm
 .Fl Q Ar protocol_feature
@@ -138,6 +139,10 @@ Sets an explicit
 .Xr umask 2
 to be applied to newly-created files and directories, instead of the
 user's default mask.
+.It Fl m Ar force_file_dir_perms
+Sets explicit permissions to be applied to newly-created files and directories
+instead of the default or client requested mode.  Numeric values include:
+777, 755, 750, 666, 644, 640, etc.  Option -u is ineffective if -m is set.
 .El
 .Pp
 On some systems,
Index: openssh-8.4p1/sftp-server.c
===================================================================
--- openssh-8.4p1.orig/sftp-server.c
+++ openssh-8.4p1/sftp-server.c
@@ -69,6 +69,10 @@ struct sshbuf *oqueue;
 /* Version of client */
 static u_int version;
 
+/* Force file and directory permissions */
+int permforce = 0;
+long permforcemode;
+
 /* SSH2_FXP_INIT received */
 static int init_done;
 
@@ -687,6 +691,7 @@ process_open(u_int32_t id)
 	Attrib a;
 	char *name;
 	int r, handle, fd, flags, mode, status = SSH2_FX_FAILURE;
+	mode_t old_umask = 0;
 
 	if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 ||
 	    (r = sshbuf_get_u32(iqueue, &pflags)) != 0 || /* portable flags */
@@ -696,6 +701,10 @@ process_open(u_int32_t id)
 	debug3("request %u: open flags %d", id, pflags);
 	flags = flags_from_portable(pflags);
 	mode = (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a.perm : 0666;
+	if (permforce == 1) {   /* Force perm if -m is set */
+		mode = permforcemode;
+		old_umask = umask(0); /* so umask does not interfere */
+	}
 	logit("open \"%s\" flags %s mode 0%o",
 	    name, string_from_portable(pflags), mode);
 	if (readonly &&
@@ -717,6 +726,8 @@ process_open(u_int32_t id)
 			}
 		}
 	}
+	if (permforce == 1)
+		(void) umask(old_umask); /* restore umask to something sane */
 	if (status != SSH2_FX_OK)
 		send_status(id, status);
 	free(name);
@@ -1131,6 +1142,7 @@ process_mkdir(u_int32_t id)
 	Attrib a;
 	char *name;
 	int r, mode, status = SSH2_FX_FAILURE;
+	mode_t old_umask = 0;
 
 	if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 ||
 	    (r = decode_attrib(iqueue, &a)) != 0)
@@ -1138,9 +1150,16 @@ process_mkdir(u_int32_t id)
 
 	mode = (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ?
 	    a.perm & 07777 : 0777;
+	if (permforce == 1) {   /* Force perm if -m is set */
+		mode = permforcemode;
+		old_umask = umask(0); /* so umask does not interfere */
+	}
+
 	debug3("request %u: mkdir", id);
 	logit("mkdir name \"%s\" mode 0%o", name, mode);
 	r = mkdir(name, mode);
+        if (permforce == 1)
+                (void) umask(old_umask); /* restore umask to something sane */
 	status = (r == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
 	send_status(id, status);
 	free(name);
@@ -1560,7 +1579,7 @@ sftp_server_usage(void)
 	fprintf(stderr,
 	    "usage: %s [-ehR] [-d start_directory] [-f log_facility] "
 	    "[-l log_level]\n\t[-P denied_requests] "
-	    "[-p allowed_requests] [-u umask]\n"
+	    "[-p allowed_requests] [-u umask] [-m force_file_dir_perms]\n"
 	    "       %s -Q protocol_feature\n",
 	    __progname, __progname);
 	exit(1);
@@ -1588,7 +1607,7 @@ sftp_server_main(int argc, char **argv,
 	pw = pwcopy(user_pw);
 
 	while (!skipargs && (ch = getopt(argc, argv,
-	    "d:f:l:P:p:Q:u:cehR")) != -1) {
+	    "d:f:l:P:p:Q:u:m:cehR")) != -1) {
 		switch (ch) {
 		case 'Q':
 			if (strcasecmp(optarg, "requests") != 0) {
@@ -1650,6 +1669,15 @@ sftp_server_main(int argc, char **argv,
 				fatal("Invalid umask \"%s\"", optarg);
 			(void)umask((mode_t)mask);
 			break;
+		case 'm':
+			/* Force permissions on file and directory received via sftp */
+			permforce = 1;
+			permforcemode = strtol(optarg, &cp, 8);
+			if (permforcemode < 0 || permforcemode > 0777 ||
+			    *cp != '\0' || (permforcemode == 0 &&
+			    errno != 0))
+				fatal("Invalid file mode \"%s\"", optarg);
+			break;
 		case 'h':
 		default:
 			sftp_server_usage();