authpolicy: Fix machine pw check spitting out bogus data when network is not up |
|||
Issue descriptionSee attached screenshot. Here's what happened: - Authpolicyd fires machine pw check on startup - Network wasn't up - Call to net ads workgroup fails (and hence subsequently getting the server time fails as well) - Password check spits out bogus data (pw valid for 150000 days)
,
Apr 3 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/916578087ef00fd20bcc836edc1c55107d925701 commit 916578087ef00fd20bcc836edc1c55107d925701 Author: Lutz Justen <ljusten@chromium.org> Date: Tue Apr 03 19:50:48 2018 authpolicy: Fix machine password check bogus logs The machine password check ignores the return value of UpdateAccountData (see SambaInterface::CheckMachinePasswordChange()). Thus, if network is down, the method doesn't have the correct server time, which will likely result in printing some bogus data (password valid for 150000 days, see bug). This CL fixes this and adds WARN_UNUSED_RESULT to all methods returning ErrorType, which should prevent similar issues in the future. BUG= chromium:825000 TEST=Unit tests; Join device, authenticate, shut down, restart, check if logs contain bogus data. Change-Id: I5cf7d3aea3391acec8343c8d072317848aa71a63 Reviewed-on: https://chromium-review.googlesource.com/976901 Commit-Ready: Lutz Justen <ljusten@chromium.org> Tested-by: Lutz Justen <ljusten@chromium.org> Reviewed-by: Roman Sorokin <rsorokin@chromium.org> [modify] https://crrev.com/916578087ef00fd20bcc836edc1c55107d925701/authpolicy/authpolicy_unittest.cc [modify] https://crrev.com/916578087ef00fd20bcc836edc1c55107d925701/authpolicy/authpolicy.h [modify] https://crrev.com/916578087ef00fd20bcc836edc1c55107d925701/authpolicy/samba_interface.cc [modify] https://crrev.com/916578087ef00fd20bcc836edc1c55107d925701/authpolicy/tgt_manager.cc [modify] https://crrev.com/916578087ef00fd20bcc836edc1c55107d925701/authpolicy/tgt_manager.h [modify] https://crrev.com/916578087ef00fd20bcc836edc1c55107d925701/authpolicy/samba_interface.h [modify] https://crrev.com/916578087ef00fd20bcc836edc1c55107d925701/authpolicy/authpolicy.cc
,
Apr 5 2018
,
Apr 9 2018
Verified fixed, no bogus data in authpolicy.log when network is down: 2018-04-09T18:54:15.486165+00:00 INFO authpolicyd[18727]: authpolicyd starting 2018-04-09T18:54:15.488181+00:00 INFO authpolicyd[18727]: Read configuration file '/var/lib/authpolicyd/config.dat' 2018-04-09T18:54:15.489283+00:00 INFO authpolicyd[18727]: Running scheduled machine password age check 2018-04-09T18:54:15.608981+00:00 INFO authpolicyd[18727]: libminijail[2]: child process 3 exited with status 255 2018-04-09T18:54:15.609161+00:00 ERR authpolicyd[18727]: net ads workgroup failed: network problem 2018-04-09T18:54:15.609180+00:00 ERR authpolicyd[18727]: Machine password check failed with error 19 2018-04-09T18:54:15.785103+00:00 INFO authpolicyd[18727]: #033[41;1;97mReceived 'RefreshDevicePolicy' request#033[0m 2018-04-09T18:54:15.920081+00:00 INFO authpolicyd[18727]: libminijail[2]: child process 5 exited with status 255 2018-04-09T18:54:15.920292+00:00 ERR authpolicyd[18727]: net ads workgroup failed: network problem 2018-04-09T18:54:15.920318+00:00 INFO authpolicyd[18727]: Device policy fetch and parsing failed with code 19 Chrome OS: 10559.0.0 Chrome: 67.0.3390.0 Device: Santa |
|||
►
Sign in to add a comment |
|||
Comment 1 by ljusten@chromium.org
, Mar 23 2018