From 694c437b00e300c138382ab8679723d7f10e68e8 Mon Sep 17 00:00:00 2001
From: Alexey Melnichuk <alexeymelnichuck@gmail.com>
Date: Thu, 8 Apr 2021 23:57:15 +0300
Subject: fs.win32: Do not revoke permission from the current user (#1256)

* Fix. Do not revoke permission from the current user

* Do not quote FS commands

* hotfix: remove stray character

Co-authored-by: Hisham Muhammad <hisham@gobolinux.org>
---
 src/luarocks/fs/win32/tools.lua | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

(limited to 'src')

diff --git a/src/luarocks/fs/win32/tools.lua b/src/luarocks/fs/win32/tools.lua
index d6202ab9..88f87c2f 100644
--- a/src/luarocks/fs/win32/tools.lua
+++ b/src/luarocks/fs/win32/tools.lua
@@ -204,11 +204,17 @@ end
 --- Helper function for fs.set_permissions
 -- @return table: an array of all system users
 local function get_system_users()
+   local exclude = {
+      [""]              = true,
+      ["Name"]          = true,
+      ["\128\164\172\168\173\168\225\226\224\160\226\174\224"] = true, -- Administrator in cp866
+      ["Administrator"] = true,
+   }
    local result = {}
    local fd = assert(io.popen("wmic UserAccount get name"))
    for user in fd:lines() do
       user = user:gsub("%s+$", "")
-      if user ~= "" and user ~= "Name" and user ~= "Administrator" then
+      if not exclude[user] then
          table.insert(result, user)
       end
    end
@@ -238,16 +244,19 @@ function tools.set_permissions(filename, mode, scope)
       if not ok then
          return false, "Could not take ownership of the given file"
       end
+      local username = os.getenv('USERNAME')
       -- Grant the current user the proper rights
-      ok = fs.execute_quiet(vars.ICACLS .. " " .. fs.Q(filename) .. " /inheritance:d /grant:r \"%USERNAME%\":" .. perms)
+      ok = fs.execute_quiet(vars.ICACLS .. " " .. fs.Q(filename) .. " /inheritance:d /grant:r " .. fs.Q(username) .. ":" .. perms)
       if not ok then
          return false, "Failed setting permission " .. mode .. " for " .. scope
       end
       -- Finally, remove all the other users from the ACL in order to deny them access to the file
       for _, user in pairs(get_system_users()) do
-         local ok = fs.execute_quiet(vars.ICACLS .. " " .. fs.Q(filename) .. " /remove " .. fs.Q(user))
-         if not ok then
-            return false, "Failed setting permission " .. mode .. " for " .. scope
+         if username ~= user then
+            local ok = fs.execute_quiet(vars.ICACLS .. " " .. fs.Q(filename) .. " /remove " .. fs.Q(user))
+            if not ok then
+               return false, "Failed setting permission " .. mode .. " for " .. scope
+            end
          end
       end
    elseif scope == "all" then
@@ -262,12 +271,12 @@ function tools.set_permissions(filename, mode, scope)
 
       local ok
       -- Grant permissions available to all users
-      ok = fs.execute_quiet(vars.ICACLS .. " " .. fs.Q(filename) .. " /inheritance:d /grant:r *S-1-1-0:" .. others_perms)
+      ok = fs.execute_quiet(vars.ICACLS .. " " .. fs.Q(filename) .. " /inheritance:d /grant:r Everyone:" .. others_perms)
       if not ok then
          return false, "Failed setting permission " .. mode .. " for " .. scope
       end
       -- Grant permissions available only to the current user
-      ok = fs.execute_quiet(vars.ICACLS .. " " .. fs.Q(filename) .. " /inheritance:d /grant \"%USERNAME%\":" .. my_perms)
+      ok = fs.execute_quiet(vars.ICACLS .. " " .. fs.Q(filename) .. " /inheritance:d /grant %USERNAME%:" .. my_perms)
       if not ok then
          return false, "Failed setting permission " .. mode .. " for " .. scope
       end
-- 
cgit v1.2.3-55-g6feb