From bfc5f3dd3d971467363fb8307d4ff1028c56d7ce Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jpandre@users.sourceforge.net>
Date: Mon, 23 Jun 2014 11:20:21 +0200
Subject: [PATCH] Fixed processing umask when Posix ACLs are compiled in but
 not enabled

When Posix ACLs are used, the umask is ignored and the initial permissions
of created files are taken for the parent directory. However the umask
should still be used when the Posix ACLs are not enabled in the mount
options.
---
 include/ntfs-3g/acls.h |  3 +++
 libntfs-3g/acls.c      | 39 +++++++++++++++++++++++++++++++++++++++
 libntfs-3g/security.c  | 19 +++++++++++++++----
 src/lowntfs-3g.c       |  1 +
 src/ntfs-3g.c          |  1 +
 5 files changed, 59 insertions(+), 4 deletions(-)

diff --git a/include/ntfs-3g/acls.h b/include/ntfs-3g/acls.h
index 4b083886..38d2cd64 100644
--- a/include/ntfs-3g/acls.h
+++ b/include/ntfs-3g/acls.h
@@ -170,6 +170,9 @@ int ntfs_merge_mode_posix(struct POSIX_SECURITY *pxdesc, mode_t mode);
 struct POSIX_SECURITY *ntfs_build_inherited_posix(
 		const struct POSIX_SECURITY *pxdesc, mode_t mode,
 		mode_t umask, BOOL isdir);
+struct POSIX_SECURITY *ntfs_build_basic_posix(
+		const struct POSIX_SECURITY *pxdesc, mode_t mode,
+		mode_t umask, BOOL isdir);
 struct POSIX_SECURITY *ntfs_replace_acl(const struct POSIX_SECURITY *oldpxdesc,
 		const struct POSIX_ACL *newacl, int count, BOOL deflt);
 struct POSIX_SECURITY *ntfs_build_permissions_posix(
diff --git a/libntfs-3g/acls.c b/libntfs-3g/acls.c
index 0de025f2..422e75b9 100644
--- a/libntfs-3g/acls.c
+++ b/libntfs-3g/acls.c
@@ -1303,6 +1303,45 @@ struct POSIX_SECURITY *ntfs_replace_acl(const struct POSIX_SECURITY *oldpxdesc,
 	return (newpxdesc);
 }
 
+struct POSIX_SECURITY *ntfs_build_basic_posix(
+		const struct POSIX_SECURITY *pxdesc __attribute__((unused)),
+		mode_t mode, mode_t mask, BOOL isdir __attribute__((unused)))
+{
+	struct POSIX_SECURITY *pydesc;
+	struct POSIX_ACE *pyace;
+
+	pydesc = (struct POSIX_SECURITY*)malloc(
+		sizeof(struct POSIX_SECURITY) + 3*sizeof(struct POSIX_ACE));
+	if (pydesc) {
+			/*
+			 * Copy inherited tags and adapt perms
+			 * Use requested mode, ignoring umask
+			 * (not possible with older versions of fuse)
+			 */
+		pyace = &pydesc->acl.ace[0];
+		pyace->tag = POSIX_ACL_USER_OBJ;
+		pyace->perms = ((mode & ~mask) >> 6) & 7;
+		pyace->id = -1;
+		pyace = &pydesc->acl.ace[1];
+		pyace->tag = POSIX_ACL_GROUP_OBJ;
+		pyace->perms = ((mode & ~mask) >> 3) & 7;
+		pyace->id = -1;
+		pyace = &pydesc->acl.ace[2];
+		pyace->tag = POSIX_ACL_OTHER;
+		pyace->perms = (mode & ~mask) & 7;
+		pyace->id = -1;
+		pydesc->mode = mode;
+		pydesc->tagsset = POSIX_ACL_USER_OBJ
+				| POSIX_ACL_GROUP_OBJ
+				| POSIX_ACL_OTHER;
+		pydesc->acccnt = 3;
+		pydesc->defcnt = 0;
+		pydesc->firstdef = 6;
+	} else
+		errno = ENOMEM;
+	return (pydesc);
+}
+
 /*
  *		Build an inherited Posix descriptor from parent
  *	descriptor (if any) restricted to creation mode
diff --git a/libntfs-3g/security.c b/libntfs-3g/security.c
index 58bbb27e..11b74601 100644
--- a/libntfs-3g/security.c
+++ b/libntfs-3g/security.c
@@ -2503,8 +2503,12 @@ static struct POSIX_SECURITY *inherit_posix(struct SECURITY_CONTEXT *scx,
 		gid = cached->gid;
 		pxdesc = cached->pxdesc;
 		if (pxdesc) {
-			pydesc = ntfs_build_inherited_posix(pxdesc,mode,
-					scx->umask,isdir);
+			if (scx->vol->secure_flags & (1 << SECURITY_ACL))
+				pydesc = ntfs_build_inherited_posix(pxdesc,
+					mode, scx->umask, isdir);
+			else
+				pydesc = ntfs_build_basic_posix(pxdesc,
+					mode, scx->umask, isdir);
 		}
 	} else {
 		securattr = getsecurityattr(scx->vol, dir_ni);
@@ -2548,8 +2552,15 @@ static struct POSIX_SECURITY *inherit_posix(struct SECURITY_CONTEXT *scx,
 					enter_cache(scx, dir_ni, uid,
 							gid, pxdesc);
 				}
-				pydesc = ntfs_build_inherited_posix(pxdesc,
-					mode, scx->umask, isdir);
+				if (scx->vol->secure_flags
+							& (1 << SECURITY_ACL))
+					pydesc = ntfs_build_inherited_posix(
+						pxdesc, mode,
+						scx->umask, isdir);
+				else
+					pydesc = ntfs_build_basic_posix(
+						pxdesc, mode,
+						scx->umask, isdir);
 				free(pxdesc);
 			}
 			free(securattr);
diff --git a/src/lowntfs-3g.c b/src/lowntfs-3g.c
index 04a239c5..273ff34a 100644
--- a/src/lowntfs-3g.c
+++ b/src/lowntfs-3g.c
@@ -2698,6 +2698,7 @@ static ntfs_inode *ntfs_check_access_xattr(fuse_req_t req,
 	if (((!ntfs_fuse_fill_security_context(req, security)
 		|| (ctx->secure_flags
 		    & ((1 << SECURITY_DEFAULT) | (1 << SECURITY_RAW))))
+		|| !(ctx->secure_flags & (1 << SECURITY_ACL))
 		|| (setting && ctx->inherit))
 	    && foracl) {
 		if (ctx->silent)
diff --git a/src/ntfs-3g.c b/src/ntfs-3g.c
index 558d2577..94bb1383 100644
--- a/src/ntfs-3g.c
+++ b/src/ntfs-3g.c
@@ -2536,6 +2536,7 @@ static ntfs_inode *ntfs_check_access_xattr(struct SECURITY_CONTEXT *security,
 		if (((!ntfs_fuse_fill_security_context(security)
 			|| (ctx->secure_flags
 			    & ((1 << SECURITY_DEFAULT) | (1 << SECURITY_RAW))))
+			|| !(ctx->secure_flags & (1 << SECURITY_ACL))
 			|| (setting && ctx->inherit))
 		    && foracl) {
 			if (ctx->silent)