From 21cd04b1251866aed553cd535e2d129362f11aa2 Mon Sep 17 00:00:00 2001
From: Hisham <hisham@gobolinux.org>
Date: Fri, 6 Jan 2017 17:30:38 -0200
Subject: Check ownership of cache directory and emit a warning. This prevents
 `sudo luarocks` to take over ownership of the user's ~/.cache/luarocks
 directory.

---
 src/luarocks/cfg.lua           |  6 ++++--
 src/luarocks/command_line.lua  | 12 +++++++++++-
 src/luarocks/fs/lua.lua        | 16 +++++++++++++---
 src/luarocks/fs/unix.lua       |  4 ++++
 src/luarocks/fs/unix/tools.lua |  7 +++++--
 src/luarocks/fs/win32.lua      | 11 ++++++++++-
 6 files changed, 47 insertions(+), 9 deletions(-)

(limited to 'src')

diff --git a/src/luarocks/cfg.lua b/src/luarocks/cfg.lua
index 1141acf6..858a87fe 100644
--- a/src/luarocks/cfg.lua
+++ b/src/luarocks/cfg.lua
@@ -409,7 +409,8 @@ local defaults = {
       SEVENZ = "7z",
 
       RSYNCFLAGS = "--exclude=.git -Oavz",
-      STATFLAG = "-c '%a'",
+      STATPERMFLAG = "-c '%a'",
+      STATOWNERFLAG = "-c '%U'",
       CURLNOCERTFLAG = "",
       WGETNOCERTFLAG = "",
    },
@@ -577,7 +578,8 @@ end
 
 if cfg.platforms.bsd then
    defaults.variables.MAKE = "gmake"
-   defaults.variables.STATFLAG = "-f '%OLp'"
+   defaults.variables.STATPERMFLAG = "-f '%OLp'"
+   defaults.variables.STATOWNERFLAG = "-f '%Su'"
 end
 
 if cfg.platforms.macosx then
diff --git a/src/luarocks/command_line.lua b/src/luarocks/command_line.lua
index ecf3a61b..1ad99e7f 100644
--- a/src/luarocks/command_line.lua
+++ b/src/luarocks/command_line.lua
@@ -178,9 +178,19 @@ function command_line.run_command(...)
       end
    end
 
-   if not fs.current_dir() or fs.current_dir() == "" then
+   if (not fs.current_dir()) or fs.current_dir() == "" then
       die("Current directory does not exist. Please run LuaRocks from an existing directory.")
    end
+
+   if fs.attributes(cfg.local_cache, "owner") ~= fs.current_user() or
+      fs.attributes(dir.dir_name(cfg.local_cache), "owner") ~= fs.current_user() then
+      util.warning("The directory '" .. cfg.local_cache .. "' or its parent directory "..
+                   "is not owned by the current user and the cache has been disabled. "..
+                   "Please check the permissions and owner of that directory. "..
+                   "If executing pip with sudo, you may want sudo's -H flag.")
+      cfg.local_cache = fs.make_temp_dir("local_cache")
+      util.schedule_function(fs.delete, cfg.local_cache)
+   end
    
    if commands[command] then
       local cmd = require(commands[command])
diff --git a/src/luarocks/fs/lua.lua b/src/luarocks/fs/lua.lua
index 90b51ce4..097f800f 100644
--- a/src/luarocks/fs/lua.lua
+++ b/src/luarocks/fs/lua.lua
@@ -293,7 +293,7 @@ function fs_lua.copy(src, dest, perms)
    if destmode == "directory" then
       dest = dir.path(dest, dir.base_name(src))
    end
-   if not perms then perms = fs.get_permissions(src) end
+   if not perms then perms = fs.attributes(src, "permissions") end
    local src_h, err = io.open(src, "rb")
    if not src_h then return nil, err end
    local dest_h, err = io.open(dest, "w+b")
@@ -758,8 +758,18 @@ function fs_lua.chmod(file, mode)
    return err == 0
 end
 
-function fs_lua.get_permissions(file)
-   return posix.stat(file, "mode")
+function fs_lua.attributes(file, attrtype)
+   if attrtype == "permissions" then
+      return posix.stat(file, "mode")
+   elseif attrtype == "owner" then
+      return posix.getpwuid(posix.stat(file, "uid")).pw_name
+   else
+      return ""
+   end
+end
+
+function fs_lua.current_user()
+   return posix.getpwuid(posix.geteuid()).pw_name
 end
 
 --- Create a temporary directory.
diff --git a/src/luarocks/fs/unix.lua b/src/luarocks/fs/unix.lua
index e2bdc7b8..5c51bad5 100644
--- a/src/luarocks/fs/unix.lua
+++ b/src/luarocks/fs/unix.lua
@@ -132,4 +132,8 @@ function unix.tmpname()
    return os.tmpname()
 end
 
+function unix.current_user()
+   return os.getenv("USER")
+end
+
 return unix
diff --git a/src/luarocks/fs/unix/tools.lua b/src/luarocks/fs/unix/tools.lua
index d0802725..21cc8a19 100644
--- a/src/luarocks/fs/unix/tools.lua
+++ b/src/luarocks/fs/unix/tools.lua
@@ -200,8 +200,11 @@ function tools.unpack_archive(archive)
    return true
 end
 
-function tools.get_permissions(filename)
-   local pipe = io.popen(vars.STAT.." "..vars.STATFLAG.." "..fs.Q(filename))
+function tools.attributes(filename, attrtype)
+   local flag = ((attrtype == "permissions") and vars.STATPERMFLAG)
+             or ((attrtype == "owner") and vars.STATOWNERFLAG)
+   if not flag then return "" end
+   local pipe = io.popen(vars.STAT.." "..flag.." "..fs.Q(filename))
    local ret = pipe:read("*l")
    pipe:close()
    return ret
diff --git a/src/luarocks/fs/win32.lua b/src/luarocks/fs/win32.lua
index cfc28d35..406ee8ce 100644
--- a/src/luarocks/fs/win32.lua
+++ b/src/luarocks/fs/win32.lua
@@ -191,7 +191,12 @@ function win32.chmod(filename, mode)
    return true
 end
 
-function win32.get_permissions(filename)
+function win32.attributes(filename, attrtype)
+   if attrtype == "permissions" then
+      return "" -- FIXME
+   elseif attrtype == "owner" then
+      return os.getenv("USERNAME") -- FIXME popen_read('powershell -Command "& {(get-acl '..filename..').owner}"'):gsub("^[^\\]*\\", "")
+   end
    return ""
 end
 
@@ -263,4 +268,8 @@ function win32.tmpname()
    return os.getenv("TMP")..os.tmpname()
 end
 
+function win32.current_user()
+   return os.getenv("USERNAME")
+end
+
 return win32
-- 
cgit v1.2.3-55-g6feb