Make PreSigninPolicyFetcher works without policy keys for chromad |
|||||||
Issue descriptionChromad doesn't have policy keys, and PreSigninPolicyFetcher logic is not made for that use case: https://cs.chromium.org/chromium/src/chrome/browser/chromeos/policy/pre_signin_policy_fetcher.cc?rcl=a77261a2b7367519e13a15880c5ab6174c1bbf1b&l=155 [3841:3841:1006/052537.816963:ERROR:pre_signin_policy_fetcher.cc(156)] No cached policy key loaded. [3841:3841:1006/052537.817082:VERBOSE1:existing_user_controller.cc(269)] Policy pre-fetch: User policy could not be fetched. [3841:3841:1006/052537.817125:VERBOSE1:existing_user_controller.cc(1061)] Migration action (active_directory_user=1): 3 This no problem currently, because the only policy we use PreSigninPolicyFetcher for is EcryptfsMigrationStrategy, which we don't expect the chromad test users to set (and the default value for missing policy is sensible for chromad since https://chromium-review.googlesource.com/c/chromium/src/+/700640). It still makes sense to make PreSigninPolicyFetcher work correctly with chromad. The plan is to pass active_directory_user=true/false or similar, and allow skipping policy key verification if the account is an AD account. Don't forget to check how this is implemented in the main policy code (*PolicyStore probably) to use the same variable names etc.
,
Oct 9 2017
Re: Comment #1: @yanglee - This should really only affect Chrome OS, as it's about pre-fetching the user cloud policy before starting a Chrome OS user session. Any specific reason why you believe the labels Linux,Mac,Windows should apply?
,
Oct 9 2017
,
Oct 9 2017
,
Oct 19 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/b128377786aa91858e0f740e75c34201d1bec5e0 commit b128377786aa91858e0f740e75c34201d1bec5e0 Author: Pavol Marko <pmarko@chromium.org> Date: Thu Oct 19 07:02:35 2017 Add support for Active Directory to PreSigninPolicyFetcher Support Active Directory policy in PreSigninPolicyFetcher: Don't require a policy verification key for Active Directory. Active Directory provided policy is not signed with any verification key. BUG= 772372 TEST=unit_tests --gtest_filter=PreSigninPolicyFetcherTest* Change-Id: I671713f890d1de0444f3fd462de061d8f18e373c Reviewed-on: https://chromium-review.googlesource.com/707240 Commit-Queue: Pavol Marko <pmarko@chromium.org> Reviewed-by: Achuith Bhandarkar <achuith@chromium.org> Reviewed-by: Lutz Justen <ljusten@chromium.org> Cr-Commit-Position: refs/heads/master@{#510023} [modify] https://crrev.com/b128377786aa91858e0f740e75c34201d1bec5e0/chrome/browser/chromeos/login/existing_user_controller.cc [modify] https://crrev.com/b128377786aa91858e0f740e75c34201d1bec5e0/chrome/browser/chromeos/policy/pre_signin_policy_fetcher.cc [modify] https://crrev.com/b128377786aa91858e0f740e75c34201d1bec5e0/chrome/browser/chromeos/policy/pre_signin_policy_fetcher.h [modify] https://crrev.com/b128377786aa91858e0f740e75c34201d1bec5e0/chrome/browser/chromeos/policy/pre_signin_policy_fetcher_unittest.cc
,
Oct 19 2017
,
Oct 19 2017
Verification: Regression test for b/67361763 should be sufficient.
,
Jan 22 2018
,
Jan 23 2018
,
Apr 5 2018
Verified no issue signing in chromead on M67.0.3383.0 10547.0.0 dev paine. |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by yanglee@chromium.org
, Oct 6 2017