diff options
| author | Alexey Melnichuk <alexeymelnichuck@gmail.com> | 2021-04-08 23:57:15 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-04-08 17:57:15 -0300 |
| commit | 694c437b00e300c138382ab8679723d7f10e68e8 (patch) | |
| tree | c37382277c5d0571e536181707adbc195c11978d | |
| parent | 81b28e34e02c3464dc2357bf3b6958f82d3ae823 (diff) | |
| download | luarocks-694c437b00e300c138382ab8679723d7f10e68e8.tar.gz luarocks-694c437b00e300c138382ab8679723d7f10e68e8.tar.bz2 luarocks-694c437b00e300c138382ab8679723d7f10e68e8.zip | |
fs.win32: Do not revoke permission from the current user (#1256)
* Fix. Do not revoke permission from the current user
* Do not quote FS commands
* hotfix: remove stray character
Co-authored-by: Hisham Muhammad <hisham@gobolinux.org>
| -rw-r--r-- | src/luarocks/fs/win32/tools.lua | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/src/luarocks/fs/win32/tools.lua b/src/luarocks/fs/win32/tools.lua index d6202ab9..88f87c2f 100644 --- a/src/luarocks/fs/win32/tools.lua +++ b/src/luarocks/fs/win32/tools.lua | |||
| @@ -204,11 +204,17 @@ end | |||
| 204 | --- Helper function for fs.set_permissions | 204 | --- Helper function for fs.set_permissions |
| 205 | -- @return table: an array of all system users | 205 | -- @return table: an array of all system users |
| 206 | local function get_system_users() | 206 | local function get_system_users() |
| 207 | local exclude = { | ||
| 208 | [""] = true, | ||
| 209 | ["Name"] = true, | ||
| 210 | ["\128\164\172\168\173\168\225\226\224\160\226\174\224"] = true, -- Administrator in cp866 | ||
| 211 | ["Administrator"] = true, | ||
| 212 | } | ||
| 207 | local result = {} | 213 | local result = {} |
| 208 | local fd = assert(io.popen("wmic UserAccount get name")) | 214 | local fd = assert(io.popen("wmic UserAccount get name")) |
| 209 | for user in fd:lines() do | 215 | for user in fd:lines() do |
| 210 | user = user:gsub("%s+$", "") | 216 | user = user:gsub("%s+$", "") |
| 211 | if user ~= "" and user ~= "Name" and user ~= "Administrator" then | 217 | if not exclude[user] then |
| 212 | table.insert(result, user) | 218 | table.insert(result, user) |
| 213 | end | 219 | end |
| 214 | end | 220 | end |
| @@ -238,16 +244,19 @@ function tools.set_permissions(filename, mode, scope) | |||
| 238 | if not ok then | 244 | if not ok then |
| 239 | return false, "Could not take ownership of the given file" | 245 | return false, "Could not take ownership of the given file" |
| 240 | end | 246 | end |
| 247 | local username = os.getenv('USERNAME') | ||
| 241 | -- Grant the current user the proper rights | 248 | -- Grant the current user the proper rights |
| 242 | ok = fs.execute_quiet(vars.ICACLS .. " " .. fs.Q(filename) .. " /inheritance:d /grant:r \"%USERNAME%\":" .. perms) | 249 | ok = fs.execute_quiet(vars.ICACLS .. " " .. fs.Q(filename) .. " /inheritance:d /grant:r " .. fs.Q(username) .. ":" .. perms) |
| 243 | if not ok then | 250 | if not ok then |
| 244 | return false, "Failed setting permission " .. mode .. " for " .. scope | 251 | return false, "Failed setting permission " .. mode .. " for " .. scope |
| 245 | end | 252 | end |
| 246 | -- Finally, remove all the other users from the ACL in order to deny them access to the file | 253 | -- Finally, remove all the other users from the ACL in order to deny them access to the file |
| 247 | for _, user in pairs(get_system_users()) do | 254 | for _, user in pairs(get_system_users()) do |
| 248 | local ok = fs.execute_quiet(vars.ICACLS .. " " .. fs.Q(filename) .. " /remove " .. fs.Q(user)) | 255 | if username ~= user then |
| 249 | if not ok then | 256 | local ok = fs.execute_quiet(vars.ICACLS .. " " .. fs.Q(filename) .. " /remove " .. fs.Q(user)) |
| 250 | return false, "Failed setting permission " .. mode .. " for " .. scope | 257 | if not ok then |
| 258 | return false, "Failed setting permission " .. mode .. " for " .. scope | ||
| 259 | end | ||
| 251 | end | 260 | end |
| 252 | end | 261 | end |
| 253 | elseif scope == "all" then | 262 | elseif scope == "all" then |
| @@ -262,12 +271,12 @@ function tools.set_permissions(filename, mode, scope) | |||
| 262 | 271 | ||
| 263 | local ok | 272 | local ok |
| 264 | -- Grant permissions available to all users | 273 | -- Grant permissions available to all users |
| 265 | ok = fs.execute_quiet(vars.ICACLS .. " " .. fs.Q(filename) .. " /inheritance:d /grant:r *S-1-1-0:" .. others_perms) | 274 | ok = fs.execute_quiet(vars.ICACLS .. " " .. fs.Q(filename) .. " /inheritance:d /grant:r Everyone:" .. others_perms) |
| 266 | if not ok then | 275 | if not ok then |
| 267 | return false, "Failed setting permission " .. mode .. " for " .. scope | 276 | return false, "Failed setting permission " .. mode .. " for " .. scope |
| 268 | end | 277 | end |
| 269 | -- Grant permissions available only to the current user | 278 | -- Grant permissions available only to the current user |
| 270 | ok = fs.execute_quiet(vars.ICACLS .. " " .. fs.Q(filename) .. " /inheritance:d /grant \"%USERNAME%\":" .. my_perms) | 279 | ok = fs.execute_quiet(vars.ICACLS .. " " .. fs.Q(filename) .. " /inheritance:d /grant %USERNAME%:" .. my_perms) |
| 271 | if not ok then | 280 | if not ok then |
| 272 | return false, "Failed setting permission " .. mode .. " for " .. scope | 281 | return false, "Failed setting permission " .. mode .. " for " .. scope |
| 273 | end | 282 | end |