From 0c9744587e73f25c6a5d96c833ca8108a2ea27e3 Mon Sep 17 00:00:00 2001
From: jpandre <jpandre>
Date: Wed, 7 Nov 2007 09:22:42 +0000
Subject: [PATCH] Deny rmdir from protected directory

---
 src/ntfs-3g.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/ntfs-3g.c b/src/ntfs-3g.c
index 2df0e21a..b17868bf 100644
--- a/src/ntfs-3g.c
+++ b/src/ntfs-3g.c
@@ -1225,6 +1225,7 @@ static int ntfs_fuse_rm(const char *org_path)
 	ntfschar *uname = NULL;
 	ntfs_inode *dir_ni = NULL, *ni;
 	char *path;
+	struct SECURITY_CONTEXT security;
 	int res = 0, uname_len;
 
 	path = strdup(org_path);
@@ -1251,9 +1252,15 @@ static int ntfs_fuse_rm(const char *org_path)
 		res = -errno;
 		goto exit;
 	}
-	/* Delete object. */
-	if (ntfs_delete(ni, dir_ni, uname, uname_len))
-		res = -errno;
+		/* JPA deny unlinking if directory is not writable and executable */
+	if (!ntfs_fuse_fill_security_context(&security)
+           || ntfs_allowed_access(&security, path, dir_ni,
+                        S_IEXEC + S_IWRITE + S_ISVTX)) {
+		/* Delete object. */
+		if (ntfs_delete(ni, dir_ni, uname, uname_len))
+			res = -errno;
+	} else
+		res = -EACCES;
 	ni = NULL;
 exit:
 	if (ni && ntfs_inode_close(ni))