New issue
Advanced search Search tips

Issue 856556 link

Starred by 1 user

Issue metadata

Status: Verified
Owner:
Closed: Nov 26
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug

Blocked on:
issue 738433



Sign in to add a comment

Authenticate user should not block other calls

Project Member Reported by rsorokin@chromium.org, Jun 26 2018

Issue description

Right now if the device is offline it retries authentication for 10 secs. This should block e.g. RefreshUserPolicy call (which would fail, but that's ok)
 
Blockedon: 738433
Let's wait until Kerberos ticket backup lands. Otherwise, the issue in  crbug.com/846725  will crop back up again.
Project Member

Comment 2 by bugdroid1@chromium.org, Nov 23

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/bc6f4f865e1fe7943d39044c2f77d19607670e75

commit bc6f4f865e1fe7943d39044c2f77d19607670e75
Author: Lutz Justen <ljusten@chromium.org>
Date: Fri Nov 23 03:07:58 2018

authpolicy: Remove auth retry

Removes retries of AuthenticateUser requests in case of network errors.
Those caused a 10 second delay when when a user tried to log in offline.

Auth retries solved a problem when a user logged in while the network
was reconnecting. In this case, the Kerberos ticket cannot be fetched
without retries. After a few seconds in the session, when the network is
available, GetUserStatus() succeeds and show a popup asking the user to
relog since there's no Kerberos ticket.

However, in the meantime we can restore Kerberos tickets from backup
(see chromium:738433), so that the popup won't show up, at least not
for ~10 hours.

In the long run, we'll have to address the issue of reconnecting
networks during login. As a workaround, a user can enforce an online
logon by entering their password wrong a couple of times.

BUG= chromium:856556 
TEST=cros_workon_make --board=amd64-generic --test authpolicy
     Went through repro steps of chromium:846725 and made sure it didn't
     regress.

Change-Id: Ib7579f48e1053bd9f10589b72f528ef6d7155e74
Reviewed-on: https://chromium-review.googlesource.com/1340619
Commit-Ready: Lutz Justen <ljusten@chromium.org>
Tested-by: Lutz Justen <ljusten@chromium.org>
Reviewed-by: Roman Sorokin <rsorokin@chromium.org>

[modify] https://crrev.com/bc6f4f865e1fe7943d39044c2f77d19607670e75/authpolicy/authpolicy_unittest.cc
[modify] https://crrev.com/bc6f4f865e1fe7943d39044c2f77d19607670e75/authpolicy/samba_interface.h
[modify] https://crrev.com/bc6f4f865e1fe7943d39044c2f77d19607670e75/authpolicy/samba_interface.cc
[modify] https://crrev.com/bc6f4f865e1fe7943d39044c2f77d19607670e75/authpolicy/authpolicy_parser_main.cc

Status: Fixed (was: Assigned)
To verify:
- Get an Active Directory managed Chrome OS device
- Log in with some user
- Log out again
- Unplug the network and log in again.
It should NOT take 10 seconds to log in. It should be much quicker.

Also check repro steps of  https://crbug.com/846725  to make sure it didn't regress.
Status: Verified (was: Fixed)
Verified fixed, no retries of AuthenticateUser requests in case of network errors (offline login). The offline login takes less than 10 seconds (actually very quick).

localhost /var/log # grep -i authen authpolicy.log 
2018-11-28T11:23:54.648250-08:00 INFO authpolicyd[8789]: #033[107;1;30mReceived 'AuthenticateUser' request#033[0m
2018-11-28T11:24:06.539360-08:00 INFO authpolicyd[8789]: #033[42;1;97mAuthenticateUser succeeded#033[0m
2018-11-28T12:25:05.288074-08:00 INFO authpolicyd[13112]: #033[107;1;30mReceived 'AuthenticateUser' request#033[0m
2018-11-28T12:25:05.380341-08:00 INFO authpolicyd[13112]: #033[41;1;97mAuthenticateUser failed with code 19#033[0m
2018-11-28T12:25:05.380552-08:00 ERR authpolicyd[13112]: User not logged in. Did AuthenticateUser() fail?
2018-11-28T13:27:46.499757-08:00 INFO authpolicyd[16257]: #033[107;1;30mReceived 'AuthenticateUser' request#033[0m
2018-11-28T13:27:46.587932-08:00 INFO authpolicyd[16257]: #033[41;1;97mAuthenticateUser failed with code 19#033[0m
2018-11-28T15:04:42.988176-08:00 INFO authpolicyd[20146]: #033[107;1;30mReceived 'AuthenticateUser' request#033[0m
2018-11-28T15:04:43.071313-08:00 INFO authpolicyd[20146]: #033[41;1;97mAuthenticateUser failed with code 19#033[0m
2018-11-28T15:04:45.007541-08:00 ERR authpolicyd[20146]: User not logged in. Did AuthenticateUser() fail?
localhost /var/log # 

Also checked  crbug.com/846725  and  crbug.com/738433 , no notification asking to re-login.

Chrome OS: 11307.0.0
Chrome: 72.0.3623.3
Device Nautilus

Sign in to add a comment