1. Add default_realm into krb5.conf 2. Handle kinit output: kinit <user@realm> Password for <user@realm> Password expired. You must change it now. Enter new password: Enter it again:
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/system_api/+/05cee9da77790110786e6211f75c49d0c7e26ae8 commit 05cee9da77790110786e6211f75c49d0c7e26ae8 Author: Lutz Justen <ljusten@chromium.org> Date: Fri Dec 23 15:32:38 2016 authpolicy: Update error enum Also combine all 4 error enum types into one enum for simplicity. Keep the old enums for now until they are removed from Chrome. BUG= chromium:676648 TEST=Compiles, tested with custom test code, ran unit test. Change-Id: I0402bf0ce341cb03b3156a6aedb1028522cecc28 Reviewed-on: https://chromium-review.googlesource.com/422769 Commit-Ready: Roman Sorokin <rsorokin@chromium.org> Tested-by: Lutz Justen <ljusten@chromium.org> Tested-by: Roman Sorokin <rsorokin@chromium.org> Reviewed-by: Roman Sorokin <rsorokin@chromium.org> [modify] https://crrev.com/05cee9da77790110786e6211f75c49d0c7e26ae8/dbus/authpolicy/dbus-constants.h
Mixed up bug numbers. CL https://chromium-review.googlesource.com/423068 in bug 676379 actually refers to this bug.
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/3eed85255526dbcbf11289c682eac670c0edc4e1 commit 3eed85255526dbcbf11289c682eac670c0edc4e1 Author: Lutz Justen <ljusten@chromium.org> Date: Fri Dec 23 14:03:44 2016 authpolicy: Switch error handling over to enums Uses an enum defined in dbus-constants.h instead of const char* error codes because they are easier to send over D-Bus. Combines all 4 error enum types into one enum for simplicity. Removes brillo error pointer code as it's not necessary anymore. BUG= chromium:676648 TEST=Compiles, tested with custom test code, ran unit test. Change-Id: If666306028be39ac35869f10f4344580889d0bed Reviewed-on: https://chromium-review.googlesource.com/422324 Commit-Ready: Roman Sorokin <rsorokin@chromium.org> Tested-by: Lutz Justen <ljusten@chromium.org> Reviewed-by: Roman Sorokin <rsorokin@chromium.org> [modify] https://crrev.com/3eed85255526dbcbf11289c682eac670c0edc4e1/authpolicy/policy/preg_policy_encoder.cc [modify] https://crrev.com/3eed85255526dbcbf11289c682eac670c0edc4e1/authpolicy/authpolicy.gyp [modify] https://crrev.com/3eed85255526dbcbf11289c682eac670c0edc4e1/authpolicy/policy/policy_encoder_helper.h [modify] https://crrev.com/3eed85255526dbcbf11289c682eac670c0edc4e1/authpolicy/samba_interface_internal.cc [modify] https://crrev.com/3eed85255526dbcbf11289c682eac670c0edc4e1/authpolicy/samba_interface.cc [modify] https://crrev.com/3eed85255526dbcbf11289c682eac670c0edc4e1/authpolicy/authpolicy.h [modify] https://crrev.com/3eed85255526dbcbf11289c682eac670c0edc4e1/authpolicy/dbus_bindings/org.chromium.AuthPolicy.xml [modify] https://crrev.com/3eed85255526dbcbf11289c682eac670c0edc4e1/authpolicy/policy/user_policy_encoder.h [modify] https://crrev.com/3eed85255526dbcbf11289c682eac670c0edc4e1/authpolicy/samba_interface_internal.h [modify] https://crrev.com/3eed85255526dbcbf11289c682eac670c0edc4e1/authpolicy/authpolicy_parser_main.cc [modify] https://crrev.com/3eed85255526dbcbf11289c682eac670c0edc4e1/authpolicy/policy/preg_parser.cc [modify] https://crrev.com/3eed85255526dbcbf11289c682eac670c0edc4e1/authpolicy/samba_interface.h [modify] https://crrev.com/3eed85255526dbcbf11289c682eac670c0edc4e1/authpolicy/policy/preg_policy_encoder.h [modify] https://crrev.com/3eed85255526dbcbf11289c682eac670c0edc4e1/authpolicy/authpolicy.cc [modify] https://crrev.com/3eed85255526dbcbf11289c682eac670c0edc4e1/authpolicy/samba_interface_internal_unittest.cc [delete] https://crrev.com/c383421d4cfa86fff71fef68ad339273772572e2/authpolicy/errors.h [modify] https://crrev.com/3eed85255526dbcbf11289c682eac670c0edc4e1/authpolicy/policy/policy_encoder_helper.cc [delete] https://crrev.com/c383421d4cfa86fff71fef68ad339273772572e2/authpolicy/errors.cc [modify] https://crrev.com/3eed85255526dbcbf11289c682eac670c0edc4e1/authpolicy/policy/preg_parser.h
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/2c8a6810cef9f8f53cf261ada0d65c1da64b988d commit 2c8a6810cef9f8f53cf261ada0d65c1da64b988d Author: Lutz Justen <ljusten@chromium.org> Date: Mon Jan 02 14:11:06 2017 authpolicy: Fix kinit seccomp filter kinit failed in case of an expired password because of a seccomp failure. This CL adds the missing syscall. BUG= chromium:676648 TEST=Tested handling an expired password Change-Id: Ife657e29470ed6e7bc5fb693588a60bd53a1b841 Reviewed-on: https://chromium-review.googlesource.com/422266 Commit-Ready: Lutz Justen <ljusten@chromium.org> Tested-by: Lutz Justen <ljusten@chromium.org> Reviewed-by: Roman Sorokin <rsorokin@chromium.org> [modify] https://crrev.com/2c8a6810cef9f8f53cf261ada0d65c1da64b988d/authpolicy/seccomp_filters/kinit-seccomp.policy [modify] https://crrev.com/2c8a6810cef9f8f53cf261ada0d65c1da64b988d/authpolicy/etc/init/authpolicyd.conf
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/4ee8257dbb8ad5b8772be1e6d8a13a6fb4d2f605 commit 4ee8257dbb8ad5b8772be1e6d8a13a6fb4d2f605 Author: Lutz Justen <ljusten@chromium.org> Date: Mon Jan 02 14:16:11 2017 authpolicy: Improve error messaging for expired passwords When the password is expired and kinit fails after asking for the old and twice the new password, authpolicy reports "password expired" as error, even though the error might be different (e.g. a seccomp failure as in my test case). This CL fixes this. BUG= chromium:676648 TEST=Tested the case that failed before and it works fine now Change-Id: Ie19c853cf7010e0fbdfc28dfcd5f3db34194bda9 Reviewed-on: https://chromium-review.googlesource.com/424396 Commit-Ready: Lutz Justen <ljusten@chromium.org> Tested-by: Lutz Justen <ljusten@chromium.org> Reviewed-by: Roman Sorokin <rsorokin@chromium.org> [modify] https://crrev.com/4ee8257dbb8ad5b8772be1e6d8a13a6fb4d2f605/authpolicy/samba_interface.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/system_api/+/cfd6a017a568cfd1c53ff64da62e01ae04ed5f93 commit cfd6a017a568cfd1c53ff64da62e01ae04ed5f93 Author: Roman Sorokin <rsorokin@chromium.org> Date: Wed Jan 11 12:03:34 2017 Remove unused authpolicy enums BUG= chromium:676648 TEST=none Change-Id: If8f1994a843991d0ad7826abbeb8b94fbab1dc6d Reviewed-on: https://chromium-review.googlesource.com/427158 Commit-Ready: Roman Sorokin <rsorokin@chromium.org> Tested-by: Roman Sorokin <rsorokin@chromium.org> Reviewed-by: Lutz Justen <ljusten@chromium.org> Reviewed-by: Dan Erat <derat@chromium.org> [modify] https://crrev.com/cfd6a017a568cfd1c53ff64da62e01ae04ed5f93/dbus/authpolicy/dbus-constants.h
bulk Verify of Chromad V1 bugs
Comment 1 by rsorokin@chromium.org
, Dec 22 2016