The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b05203cfe2ada9cad8e0540867e84680469a6dcc

commit b05203cfe2ada9cad8e0540867e84680469a6dcc
Author: Lutz Justen <ljusten@chromium.org>
Date: Tue Jan 16 21:11:11 2018

Handle missing data in GetUserStatus calls

Applies to the GetUserStatus D-Bus call to the authpolicy daemon for
Active Directory managed devices. Due to a change of how GetUserStatus
works (see CL:868017), account_info() and password_status() are not set
if the user's Kerberos ticket (TGT) is invalid (account_info() is
queried using the TGT to authenticate and password_status() is derived
from that). This CL handles that on the Chrome side.

BUG= chromium:802233 
TEST=Trybots
     Manual testing on the device
     Tested that changing the username on the server works smoothly.

Change-Id: I04bc4950c69a73da13e31a71b75f310938b5ae1e
Reviewed-on: https://chromium-review.googlesource.com/868432
Reviewed-by: Roman Sorokin <rsorokin@chromium.org>
Reviewed-by: Xiyuan Xia <xiyuan@chromium.org>
Commit-Queue: Lutz Justen <ljusten@chromium.org>
Cr-Commit-Position: refs/heads/master@{#529501}
[modify] https://crrev.com/b05203cfe2ada9cad8e0540867e84680469a6dcc/chrome/browser/chromeos/authpolicy/auth_policy_credentials_manager.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/8502ec46deb2e63afac55b45c8c639c5da25e960

commit 8502ec46deb2e63afac55b45c8c639c5da25e960
Author: Lutz Justen <ljusten@chromium.org>
Date: Fri Jan 19 01:40:29 2018

authpolicy: Use user credentials for net ads search

We do net ads search to query user properties using machine credentials
for authentication. This causes issues for cross-domain authentication
(user domain != machine domain). This CL switches net ads search to use
user credentials.

As a result, AuthenticateUser cannot determine the user's sAMAccountName
based on objectGUID anymore before getting the user TGT. This causes the
authentication to fail when the username changes on the server. In
practice, the user will be forced to do an online authentication and
they have to enter their new username. Chrome automatically merges the
two profiles.

Similarly, GetUserStatus requires the user's TGT now. If it's not
present or invalid, the account_info and password_status fields cannot
be determined and are left unset. Chrome can handle this smoothly,
though, by popping up a notification when the TGT is invalid not valid.

BUG= chromium:793849 , chromium:802233 
TEST=cros_run_unit_tests --board=amd64-generic --packages authpolicy
     Manual testing on the device
     Tested that changing the username on the server works smoothly.

Change-Id: I4dc02399d5ff30234c000b1689ae6e2e8b999ba4
Reviewed-on: https://chromium-review.googlesource.com/868017
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Lutz Justen <ljusten@chromium.org>
Reviewed-by: Roman Sorokin <rsorokin@chromium.org>

[modify] https://crrev.com/8502ec46deb2e63afac55b45c8c639c5da25e960/authpolicy/authpolicy_unittest.cc
[modify] https://crrev.com/8502ec46deb2e63afac55b45c8c639c5da25e960/authpolicy/samba_interface.cc
[modify] https://crrev.com/8502ec46deb2e63afac55b45c8c639c5da25e960/authpolicy/samba_interface.h