${PASSWORD} variable for OpenNetworkConfiguration is broken for existing users on views login |
|||||||
Issue descriptionIt works for a new logins, but not for existing users.
,
Jul 23
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/486c5190d713578300a045583d29273deb191fdb commit 486c5190d713578300a045583d29273deb191fdb Author: May Lippert <maybelle@chromium.org> Date: Mon Jul 23 23:35:17 2018 Save plaintext password as a separate password key in UserContext. This fixes an issue where an existing user's passwords are not saved in the UserContext if views-based login is used. This in turn meant that the user's password would not be saved in the kernel keyring in cases where the ${PASSWORD} variable is used in the OpenNetworkConfiguration policy. BUG= chromium:866566 TEST=run unit tests, run autotests Change-Id: I2d43ebfb6869d8d333e61505d1987081076fc3da Reviewed-on: https://chromium-review.googlesource.com/1147207 Reviewed-by: Jacob Dufault <jdufault@chromium.org> Commit-Queue: May Lippert <maybelle@chromium.org> Cr-Commit-Position: refs/heads/master@{#577318} [modify] https://crrev.com/486c5190d713578300a045583d29273deb191fdb/chrome/browser/chromeos/login/ui/login_display_host_mojo.cc
,
Jul 24
,
Jul 24
,
Jul 25
Your change meets the bar and is auto-approved for M69. Please go ahead and merge the CL to branch 3497 manually. Please contact milestone owner if you have questions. Owners: amineer@(Android), kariahda@(iOS), cindyb@(ChromeOS), govind@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 26
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/233fefa1491ba60fc2c091eeb345dda872031767 commit 233fefa1491ba60fc2c091eeb345dda872031767 Author: May Lippert <maybelle@chromium.org> Date: Thu Jul 26 00:09:42 2018 Save plaintext password as a separate password key in UserContext. This fixes an issue where an existing user's passwords are not saved in the UserContext if views-based login is used. This in turn meant that the user's password would not be saved in the kernel keyring in cases where the ${PASSWORD} variable is used in the OpenNetworkConfiguration policy. BUG= chromium:866566 TEST=run unit tests, run autotests Change-Id: I2d43ebfb6869d8d333e61505d1987081076fc3da Reviewed-on: https://chromium-review.googlesource.com/1147207 Reviewed-by: Jacob Dufault <jdufault@chromium.org> Commit-Queue: May Lippert <maybelle@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#577318}(cherry picked from commit 486c5190d713578300a045583d29273deb191fdb) Reviewed-on: https://chromium-review.googlesource.com/1150256 Reviewed-by: May Lippert <maybelle@chromium.org> Cr-Commit-Position: refs/branch-heads/3497@{#96} Cr-Branched-From: 271eaf50594eb818c9295dc78d364aea18c82ea8-refs/heads/master@{#576753} [modify] https://crrev.com/233fefa1491ba60fc2c091eeb345dda872031767/chrome/browser/chromeos/login/ui/login_display_host_mojo.cc
,
Jul 27
,
Aug 3
Hi May, Could you please provide steps to verify the fix. Thanks.!
,
Aug 3
The process is the same as in this bug: https://bugs.chromium.org/p/chromium/issues/detail?id=796293 Except the views-based login needs to be used instead of old webui login.
,
Aug 8
Google Chrome: 70.0.3511.0 Platform:10950.0.0 coral
Observation:
Configured Network policy via cpanel is pushed to the DUT.
DeviceOpenNetworkConfiguration :
{
"GlobalNetworkConfiguration": {
"AllowOnlyPolicyNetworksToAutoconnect": false,
"AllowOnlyPolicyNetworksToConnect": false
},
"NetworkConfigurations": [ {
"GUID": "{463ae4b2-174e-4191-84b5-9b65521ce871}",
"Name": "TESTWIFI",
"ProxySettings": {
"Type": "Direct"
},
"Type": "WiFi",
"WiFi": {
"AutoConnect": false,
"EAP": {
"Identity": "${LOGIN_ID}",
"Inner": "Automatic",
"Outer": "PEAP",
"Password": "${PASSWORD}",
"Recommended": [ "AnonymousIdentity", "Identity", "Password" ],
"SaveCredentials": true,
"UseSystemCAs": true
},
"HiddenSSID": false,
"SSID": "Test",
"Security": "WPA-EAP"
}
} ]
}
Closing the bug as verified,please re-open if this is still seen. Thanks.!
,
Aug 8
@chchakrapani - have you verified that the user's password is actually saved in the keyring? You can check this by dumping the keyring file (cat /proc/keys) and looking for the "password" key. The number after the "password" key has to be equal to the user's password length. Preferably, an EAP network should be set up to actually verify that the login password is used to authenticate the user, but I'm confident that the connection part works since there were no changes made to it so it's not critical to test that part.
,
Aug 9
Sure,I will check the keyring file as well.
,
Aug 14
Google Chrome: 69.0.3497.35 Platform:10895.21.0 Santa
Observation:
1. Configured Network policy via cpanel is pushed to the DUT.
2. " user password 9 " shown for cat /proc/keys (attached screenshot)
OpenNetworkConfiguration:
{
"GUID": "{ba636ac4-ab7d-4234-8584-8ec6dff00fbe}",
"Name": "USERWIFITEST",
"ProxySettings": {
"Type": "Direct"
},
"Type": "WiFi",
"WiFi": {
"AutoConnect": false,
"EAP": {
"Identity": "${LOGIN_ID}",
"Inner": "Automatic",
"Outer": "PEAP",
"Password": "${PASSWORD}",
"Recommended": [ "AnonymousIdentity", "Identity", "Password" ],
"SaveCredentials": true,
"UseSystemCAs": true
},
"HiddenSSID": false,
"SSID": "USERWIFITEST",
"Security": "WPA-EAP"
}
}
|
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by maybelle@chromium.org
, Jul 23