New SFTP extension: enable privileges on the server...

[Joseph Galbraith <galb%vandyke.com@localhost>]

In some operating systems (Windows NT, VMS I think, not sure
about the big mainframe OSes), a user can have the right to
certain privileges, but most explicitly activate the privilege
in order to use it.

Two such privilege under Windows NT are the Backup privilege
and the Restore privilege.

In order to make SFTP a more useful protocol, I propose
adding the following extension:

       byte    SSH_FXP_EXTENDED
       uint32  request-id
       string  "enable-privilege" / "disable-privilege"
       boolean require-all
       string  priv-list[]

priv-list strings are either implementation dependent,
or from the following list.

MS privileges as defined in the PSDK:

  'ms-priv-name'@microsoft.ietf.org

Standard privileges:
  BACKUP@
    Right to read any file or directory, bypassing
    read access control checks.

  RESTORE@
    Right to create / write any file or directory,
    bypassing access control checks.

I'm not sure if there are any other privileges that
should be standard?

If the server doesn't support a given privilege,
the user implicitly doesn't have the right to
enable it.

If 'require-all' flag is specified and any of the
privileges could not be enabled, or if none of the
privileges could not be enabled, the server MUST
disable an privileges that were enabled and send
an appropriate error code.  (SSH_FX_PERMISSION_DENIED
if the user doesn't have the right to enable
the requested privileges.)

If the 'require-all' flag is not set, and some
of the privileges were enabled, the server
responds with:

       byte   SSH_FXP_EXTENDED_REPLY
       uint32 request-id
       string enabled-privileges[]

Because of it's security sensitive nature, implementations
SHOULD provide a site specific means of enabling or
disabling it.  It SHOULD be disabled by default.

What do people think?  If I need to I can do this
one as a @vandyke.com if / when we get ready to
support it.

Thanks,

Joseph