diff --git a/include/error-i.h b/include/error-i.h
index bd5dccdf5c40db519139b384a71cddbbda9a6346..70e4ead56041469ed07b8ec38fa513760cb96a3b 100644
--- a/include/error-i.h
+++ b/include/error-i.h
@@ -34,10 +34,7 @@ extern "C"
ERROR_PLUGIN_NOT_EXIST = 0x00100,
// Accounts
- ERROR_ACCOUNTS_USER_NOT_FOUND_1 = 0x50000,
- ERROR_ACCOUNTS_USER_NOT_FOUND_2,
- ERROR_ACCOUNTS_USER_NOT_FOUND_3,
- ERROR_ACCOUNTS_USER_NOT_FOUND_4,
+ ERROR_ACCOUNTS_USER_NOT_FOUND = 0x50000,
ERROR_ACCOUNTS_ALREADY_LOGIN,
ERROR_ACCOUNTS_USER_ALREADY_EXIST,
ERROR_ACCOUNTS_UNKNOWN_ACCOUNT_TYPE,
@@ -73,6 +70,7 @@ extern "C"
ERROR_ACCOUNTS_USER_MODIFYING_PASSWORD,
ERROR_ACCOUNTS_USER_MODIFY_PASSWORD_FAILED,
ERROR_ACCOUNTS_USRE_CURRENT_PASSWORD_DISMATCH,
+ ERROR_ACCOUNTS_USER_HOME_PERMISSION_ERROR,
// Groups
ERROR_GROUPS_GROUP_NOT_FOUND_1 = 0x60000,
diff --git a/lib/base/error.cpp b/lib/base/error.cpp
index 6230408dfdb81d5031e12d5746c4aa94581737a5..929c672b887725c7218367f4ad560a0eb68bcbc8 100644
--- a/lib/base/error.cpp
+++ b/lib/base/error.cpp
@@ -37,10 +37,7 @@ QString CCError::getErrorDesc(CCErrorCode errorCode, bool attachErrorCode)
case CCErrorCode::ERROR_PLUGIN_NOT_EXIST:
errorDesc = tr("The plugin doesn't exist.");
break;
- case CCErrorCode::ERROR_ACCOUNTS_USER_NOT_FOUND_1:
- case CCErrorCode::ERROR_ACCOUNTS_USER_NOT_FOUND_2:
- case CCErrorCode::ERROR_ACCOUNTS_USER_NOT_FOUND_3:
- case CCErrorCode::ERROR_ACCOUNTS_USER_NOT_FOUND_4:
+ case CCErrorCode::ERROR_ACCOUNTS_USER_NOT_FOUND:
errorDesc = tr("No user found.");
break;
case CCErrorCode::ERROR_ACCOUNTS_ALREADY_LOGIN:
@@ -113,6 +110,9 @@ QString CCError::getErrorDesc(CCErrorCode errorCode, bool attachErrorCode)
case CCErrorCode::ERROR_ACCOUNTS_USRE_CURRENT_PASSWORD_DISMATCH:
errorDesc = tr("The current password is dismatch.");
break;
+ case CCErrorCode::ERROR_ACCOUNTS_USER_HOME_PERMISSION_ERROR:
+ errorDesc = tr("The home directory permission is error.");
+ break;
case CCErrorCode::ERROR_GROUPS_GROUP_NOT_FOUND_1:
case CCErrorCode::ERROR_GROUPS_GROUP_NOT_FOUND_2:
case CCErrorCode::ERROR_GROUPS_GROUP_NOT_FOUND_3:
diff --git a/plugins/accounts/accounts-manager.cpp b/plugins/accounts/accounts-manager.cpp
index 3c5fe1a22293fd2b0caeb3da1519bc55570bc0e9..d1a6fad2bf519e450b7debdaf46a64ac1814df4c 100644
--- a/plugins/accounts/accounts-manager.cpp
+++ b/plugins/accounts/accounts-manager.cpp
@@ -162,7 +162,7 @@ QDBusObjectPath AccountsManager::FindUserById(qulonglong uid)
}
else
{
- DBUS_ERROR_REPLY(CCErrorCode::ERROR_ACCOUNTS_USER_NOT_FOUND_1);
+ DBUS_ERROR_REPLY(CCErrorCode::ERROR_ACCOUNTS_USER_NOT_FOUND);
}
return QDBusObjectPath();
}
@@ -177,7 +177,7 @@ QDBusObjectPath AccountsManager::FindUserByName(const QString &name)
}
else
{
- DBUS_ERROR_REPLY(CCErrorCode::ERROR_ACCOUNTS_USER_NOT_FOUND_2);
+ DBUS_ERROR_REPLY(CCErrorCode::ERROR_ACCOUNTS_USER_NOT_FOUND);
}
return QDBusObjectPath();
}
@@ -205,7 +205,7 @@ void AccountsManager::createUserAuthenticated(const QDBusMessage &message,
if (pwent)
{
- DBUS_ERROR_REPLY_AND_RET(CCErrorCode::ERROR_ACCOUNTS_USER_ALREADY_EXIST);
+ DBUS_ERROR_DELAY_REPLY_AND_RET(CCErrorCode::ERROR_ACCOUNTS_USER_ALREADY_EXIST);
}
KLOG_INFO(accounts) << "Create user" << name;
@@ -221,7 +221,7 @@ void AccountsManager::createUserAuthenticated(const QDBusMessage &message,
break;
default:
{
- DBUS_ERROR_REPLY_AND_RET(CCErrorCode::ERROR_ACCOUNTS_UNKNOWN_ACCOUNT_TYPE);
+ DBUS_ERROR_DELAY_REPLY_AND_RET(CCErrorCode::ERROR_ACCOUNTS_UNKNOWN_ACCOUNT_TYPE);
}
break;
}
@@ -235,6 +235,15 @@ void AccountsManager::createUserAuthenticated(const QDBusMessage &message,
SPAWN_WITH_DBUS_MESSAGE(message, program, arguments);
auto user = findAndCreateUserByName(name);
+
+ // 如果创建用户时,用户HOME目录已经存在但权限错误,则禁止创建该用户
+ if (!user->checkDirPermissionAsHome(user->getHomeDirectory()))
+ {
+ KLOG_INFO(accounts) << "Home directory permission error.";
+ deleteUserAuthenticated(message, user->getUID(), false);
+ DBUS_ERROR_DELAY_REPLY_AND_RET(CCErrorCode::ERROR_ACCOUNTS_USER_HOME_PERMISSION_ERROR);
+ }
+
if (user)
{
user->setSystemAccount(false);
@@ -243,7 +252,7 @@ void AccountsManager::createUserAuthenticated(const QDBusMessage &message,
}
else
{
- DBUS_ERROR_REPLY(CCErrorCode::ERROR_ACCOUNTS_USER_NOT_FOUND_3);
+ DBUS_ERROR_DELAY_REPLY(CCErrorCode::ERROR_ACCOUNTS_USER_NOT_FOUND);
}
return;
@@ -255,14 +264,14 @@ void AccountsManager::deleteUserAuthenticated(const QDBusMessage &message,
{
if (uid == 0)
{
- DBUS_ERROR_REPLY_AND_RET(CCErrorCode::ERROR_ACCOUNTS_DELETE_ROOT_USER);
+ DBUS_ERROR_DELAY_REPLY_AND_RET(CCErrorCode::ERROR_ACCOUNTS_DELETE_ROOT_USER);
}
auto user = findAndCreateUserByID(uid);
if (!user)
{
- DBUS_ERROR_REPLY_AND_RET(CCErrorCode::ERROR_ACCOUNTS_USER_NOT_FOUND_4);
+ DBUS_ERROR_DELAY_REPLY_AND_RET(CCErrorCode::ERROR_ACCOUNTS_USER_NOT_FOUND);
}
KLOG_INFO(accounts) << "Delete user" << user->getUserName();
diff --git a/plugins/accounts/user.cpp b/plugins/accounts/user.cpp
index a25074916faf3dec676adb699687cbf55a028a81..b1feb3ad17ae035a3e1880fca52163815be003f9 100644
--- a/plugins/accounts/user.cpp
+++ b/plugins/accounts/user.cpp
@@ -243,6 +243,11 @@ void User::setEmailAuthenticated(const QDBusMessage &message, const QString &ema
void User::setHomeDirectoryAuthenticated(const QDBusMessage &message, const QString &homeDirectory)
{
+ if (!checkDirPermissionAsHome(homeDirectory))
+ {
+ DBUS_ERROR_DELAY_REPLY_AND_RET(CCErrorCode::ERROR_ACCOUNTS_USER_HOME_PERMISSION_ERROR);
+ }
+
// getHomeDirectory()或者homeDirectory可能以/结尾,也可能不以/结尾,因此这里统一去掉以/结尾后再进行比较
if (QDir(getHomeDirectory()).absolutePath() != QDir(homeDirectory).absolutePath())
{
@@ -609,6 +614,34 @@ void User::removeCacheFile()
QFile::remove(iconFilePath);
}
+bool User::checkDirPermissionAsHome(const QString &path)
+{
+ QFileInfo dirInfo(path);
+
+ // 判断home目录是否存在
+ if (!dirInfo.isDir())
+ {
+ KLOG_WARNING(accounts) << path << "is not directory.";
+ return false;
+ }
+
+ // 检测home目录权限
+ if (!dirInfo.permission(QFile::ReadUser | QFile::WriteUser | QFile::ExeUser))
+ {
+ KLOG_WARNING(accounts) << "Permission is not correct. It should be read/write/execute for user.";
+ return false;
+ }
+
+ // 获取home目录的uid
+ if (dirInfo.ownerId() != getUID())
+ {
+ KLOG_WARNING(accounts) << "The owner of " << path << " is not " << getUserName();
+ return false;
+ }
+
+ return true;
+}
+
#define GET_SETTINGS_PROPERTY(property) \
QString User::get##property() \
{ \
diff --git a/plugins/accounts/user.h b/plugins/accounts/user.h
index 5e4e4e64e991fbf4d5d055ec6e75e4a5fbf2636c..3cc637e86e96d986b41564c0d5fc8ad6edc3bbc2 100644
--- a/plugins/accounts/user.h
+++ b/plugins/accounts/user.h
@@ -47,6 +47,8 @@ public:
void updateFromPasswdShadow(PasswdShadow passwd_shadow);
// 移除缓存文件
void removeCacheFile();
+ // 检查path是否具备家目录权限
+ bool checkDirPermissionAsHome(const QString &path);
public: // PROPERTIES
Q_PROPERTY(int account_type READ getAccountType WRITE setAccountType)
diff --git a/translations/kiran-cc-daemon-kbase.zh_CN.ts b/translations/kiran-cc-daemon-kbase.zh_CN.ts
index b857bc08b6e2048e67c580c3d615bde06e71529a..c4fc77fbb4cd81259ae6e6bf00c1ab0316bcbd40 100644
--- a/translations/kiran-cc-daemon-kbase.zh_CN.ts
+++ b/translations/kiran-cc-daemon-kbase.zh_CN.ts
@@ -19,128 +19,133 @@
插件不存在。
-
+
No user found.
没有发现用户。
-
+
The user is already logined in, Please log off the user before deleting it.
用户已经登录,请注销该用户后再删除。
-
+
The user already exists.
用户已存在。
-
+
Unknown account type.
未知的用户类型。
-
+
Can't update password file.
不能更新password文件。
-
+
Invalid command syntax.
命令语法无效。
-
+
Invalid argument to option.
命令参数无效。
-
+
UID already in use.
UID已在使用中。
-
+
Passwd file contains errors.
Passwd文件存在错误。
-
+
Specified user/group doesn't exist.
指定的用户/组不存在。
-
+
User to modify is logged in.
要修改的用户已登录。
-
+
Username already in use.
用户名已经在使用中。
-
+
Can't update group file.
不能更新group文件。
-
+
Insufficient space to move home dir.
空间不足,无法移动主目录。
-
+
Can't create/remove/move home directory.
不能创建/删除/移动主目录。
-
+
Can't update SELinux user mapping.
无法更新SELinux用户映射。
-
+
Can't update the subordinate uid file.
无法更新下级uid文件。
-
+
Can't update the subordinate gid file.
无法更新下级gid文件。
-
+
Refuse to delete root user.
禁止删除root用户。
-
+
Refuse to delete three authority user.
禁止删除三权用户。
-
+
User is locked.
用户被锁定。
-
+
A user is modifying the password.
有用户正在修改密码。
-
+
%1
%1
-
+
The current password is dismatch.
当前密码不匹配。
+
+
+ The home directory permission is error.
+ 家目录权限错误。
+
No group found.