From 9b987fb9235be3d10bb42ce7f048d8eb6b1c62a9 Mon Sep 17 00:00:00 2001
From: jpandre <jpandre>
Date: Wed, 25 Nov 2009 14:15:52 +0000
Subject: [PATCH] Disabled ownership checking when permissions are disabled

---
 libntfs-3g/security.c | 68 +++++++++++++++++++++++++------------------
 1 file changed, 40 insertions(+), 28 deletions(-)

diff --git a/libntfs-3g/security.c b/libntfs-3g/security.c
index 8c4e69be..f7a87e53 100644
--- a/libntfs-3g/security.c
+++ b/libntfs-3g/security.c
@@ -2862,36 +2862,48 @@ BOOL ntfs_allowed_as_owner(struct SECURITY_CONTEXT *scx,
 	BOOL gotowner;
 	int allowed;
 
-	gotowner = FALSE; /* default */
 	processuid = scx->uid;
-		/* get the owner, either from cache or from old attribute  */
-	cached = fetch_cache(scx, ni);
-	if (cached) {
-		uid = cached->uid;
-		gotowner = TRUE;
-	} else {
-		oldattr = getsecurityattr(scx->vol,path, ni);
-		if (oldattr) {
-#if OWNERFROMACL
-			usid = ntfs_acl_owner(oldattr);
-#else
-			const SECURITY_DESCRIPTOR_RELATIVE *phead;
-
-			phead = (const SECURITY_DESCRIPTOR_RELATIVE*)oldattr;
-			usid = (const SID*)&oldattr[le32_to_cpu(phead->owner)];
-#endif
-			uid = ntfs_find_user(scx->mapping[MAPUSERS],usid);
-			gotowner = TRUE;
-			free(oldattr);
-		}
-	}
-	allowed = FALSE;
-	if (gotowner) {
 /* TODO : use CAP_FOWNER process capability */
-		if (!processuid || (processuid == uid))
-			allowed = TRUE;
-		else
-			errno = EPERM;
+	/*
+	 * Always allow for root
+	 * Also always allow if no mapping has been defined
+	 */
+	if (!scx->mapping[MAPUSERS] || !processuid)
+		allowed = TRUE;
+	else {
+		gotowner = FALSE; /* default */
+		/* get the owner, either from cache or from old attribute  */
+		cached = fetch_cache(scx, ni);
+		if (cached) {
+			uid = cached->uid;
+			gotowner = TRUE;
+		} else {
+			oldattr = getsecurityattr(scx->vol,path, ni);
+			if (oldattr) {
+#if OWNERFROMACL
+				usid = ntfs_acl_owner(oldattr);
+#else
+				const SECURITY_DESCRIPTOR_RELATIVE *phead;
+
+				phead = (const SECURITY_DESCRIPTOR_RELATIVE*)
+								oldattr;
+				usid = (const SID*)&oldattr
+						[le32_to_cpu(phead->owner)];
+#endif
+				uid = ntfs_find_user(scx->mapping[MAPUSERS],
+						usid);
+				gotowner = TRUE;
+				free(oldattr);
+			}
+		}
+		allowed = FALSE;
+		if (gotowner) {
+/* TODO : use CAP_FOWNER process capability */
+			if (!processuid || (processuid == uid))
+				allowed = TRUE;
+			else
+				errno = EPERM;
+		}
 	}
 	return (allowed);
 }