New issue
Advanced search Search tips

Issue 752905 link

Starred by 2 users
Status: Verified
Owner:
rsorokin@chromium.org
Closed: Aug 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug



Sign in to add a comment

Authpolicyd should restart when auth fails

Project Member Reported by ljusten@chromium.org, Aug 7 2017 
On the first auth screen, immediately after domain join, authpolicyd doesn't get restarted when a user enters different user names.

Repro:
- Join domain as usual
- On the user auth screen (blue background), enter a valid user and a bad password
- On the same screen, enter another valid user and a proper password

Authpolicy will crash with
Check failed: user_account_id_key_.empty() || user_account_id_key_ == account_id_key. Multi-user not supported#012/usr/lib64/libbase-core-395517.so(base::debug::StackTrace::StackTrace()+0x13) [0x78afed2b5ba3]#012

meaning that it was called with two different users. On the other auth screens, authpolicyd already gets restarted properly.

Comment 1 by rsorokin@chromium.org, Aug 8 2017

Status: Started (was: Assigned)
Project Member

Comment 2 by bugdroid1@chromium.org, Aug 9 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/46d2ab06b03d8a32bf0c7e8b1e39856b7263810f

commit 46d2ab06b03d8a32bf0c7e8b1e39856b7263810f
Author: Roman Sorokin <rsorokin@chromium.org>
Date: Wed Aug 09 08:32:37 2017

Chromad: Restart authpolicyd on auth fail.

Makes sure state is cleared and nothing would leak from one user to
another.
Also shows error message in case unexpected error occurred during user auth.

Bug:  752905 
Cq-Include-Trybots: master.tryserver.chromium.linux:closure_compilation
Change-Id: Iacc03156055a0b29d66552343c1fecb16f83198e
Reviewed-on: https://chromium-review.googlesource.com/603691
Reviewed-by: Xiyuan Xia <xiyuan@chromium.org>
Commit-Queue: Roman Sorokin <rsorokin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#492905}
[modify] https://crrev.com/46d2ab06b03d8a32bf0c7e8b1e39856b7263810f/chrome/app/chromeos_strings.grdp
[modify] https://crrev.com/46d2ab06b03d8a32bf0c7e8b1e39856b7263810f/chrome/browser/resources/chromeos/login/screen_gaia_signin.js
[modify] https://crrev.com/46d2ab06b03d8a32bf0c7e8b1e39856b7263810f/chrome/browser/ui/webui/chromeos/login/gaia_screen_handler.cc

Comment 3 by rsorokin@chromium.org, Aug 9 2017

Status: Fixed (was: Started)

Comment 4 by ibezmenov@chromium.org, Apr 18 2018

Status: Verified (was: Fixed)
Verified fixed. Authpolicyd restarts when auth fails:

2018-04-18T21:40:30.712709+00:00 INFO authpolicyd[3054]: #033[41;1;97mReceived 'AuthenticateUser' request#033[0m
2018-04-18T21:40:35.876116+00:00 INFO authpolicyd[3054]: libminijail[2]: child process 64 exited with status 1
2018-04-18T21:40:35.876225+00:00 ERR authpolicyd[3054]: kinit failed - bad password
2018-04-18T21:40:35.876271+00:00 INFO authpolicyd[3054]: Firing signal UserKerberosFilesChanged
2018-04-18T21:40:35.876346+00:00 INFO authpolicyd[3054]: AuthenticateUser failed with code 5
2018-04-18T21:40:35.876589+00:00 INFO authpolicyd[3054]: All 1 calls to StoreUnsignedPolicyEx succeeded.
2018-04-18T21:40:35.878801+00:00 INFO authpolicyd[3054]: authpolicyd stopping with exit code 0
2018-04-18T21:40:35.953820+00:00 INFO authpolicyd[3999]: libminijail[2]: mount / -> / type ''
2018-04-18T21:40:35.953942+00:00 INFO authpolicyd[3999]: libminijail[2]: mount /dev -> /dev type ''
2018-04-18T21:40:35.953995+00:00 INFO authpolicyd[3999]: libminijail[2]: mount /sys -> /sys type ''
2018-04-18T21:40:35.954044+00:00 INFO authpolicyd[3999]: libminijail[2]: mount /run -> /run type ''
2018-04-18T21:40:35.954091+00:00 INFO authpolicyd[3999]: libminijail[2]: mount /var -> /var type ''
2018-04-18T21:40:35.954137+00:00 INFO authpolicyd[3999]: libminijail[2]: mount /run/authpolicyd -> /run/authpolicyd type ''
2018-04-18T21:40:35.954184+00:00 INFO authpolicyd[3999]: libminijail[2]: mount /var/lib/authpolicyd -> /var/lib/authpolicyd type ''
2018-04-18T21:40:35.954242+00:00 INFO authpolicyd[3999]: libminijail[2]: mount /var/lib/metrics -> /var/lib/metrics type ''
2018-04-18T21:40:35.960050+00:00 INFO authpolicyd[3999]: Install attributes locked to Active Directory mode.
2018-04-18T21:40:35.960155+00:00 INFO authpolicyd[3999]: authpolicyd starting
2018-04-18T21:40:35.961647+00:00 INFO authpolicyd[3999]: Read configuration file '/var/lib/authpolicyd/config.dat'
2018-04-18T21:40:35.962064+00:00 INFO authpolicyd[3999]: Running scheduled machine password age check
2018-04-18T21:40:41.058855+00:00 INFO authpolicyd[3999]: No need to change machine password (29 days left)
2018-04-18T21:42:38.875402+00:00 INFO authpolicyd[3999]: #033[41;1;97mReceived 'AuthenticateUser' request#033[0m
2018-04-18T21:42:47.225970+00:00 INFO authpolicyd[3999]: Firing signal UserKerberosFilesChanged
2018-04-18T21:42:53.007283+00:00 INFO authpolicyd[3999]: TGT RENEWAL - Scheduling renewal in 7h 59m 55s (valid for 9h 59m 54s, renewable for 167h 59m 53s)
2018-04-18T21:42:53.007328+00:00 INFO authpolicyd[3999]: AuthenticateUser succeeded
2018-04-18T21:42:54.720172+00:00 INFO authpolicyd[3999]: #033[41;1;97mReceived 'GetUserStatus' request#033[0m
2018-04-18T21:43:04.023294+00:00 INFO authpolicyd[3999]: GetUserStatus succeeded
2018-04-18T21:43:04.023569+00:00 INFO authpolicyd[3999]: #033[41;1;97mReceived 'GetUserKerberosFiles' request#033[0m
2018-04-18T21:43:04.023688+00:00 INFO authpolicyd[3999]: GetUserKerberosFiles succeeded
2018-04-18T21:43:04.024106+00:00 INFO authpolicyd[3999]: #033[41;1;97mReceived 'RefreshUserPolicy' request#033[0m
2018-04-18T21:43:08.824379+00:00 INFO authpolicyd[3999]: Getting user GPO list for user account
2018-04-18T21:43:17.933304+00:00 INFO authpolicyd[3999]: User policy fetch and parsing succeeded
2018-04-18T21:43:17.934428+00:00 INFO authpolicyd[3999]: All 1 calls to StoreUnsignedPolicyEx succeeded.

Chrome OS: 10575.4.0
Chrome: 67.0.3396.8
Device: Paine

Sign in to add a comment