New issue
Advanced search Search tips

Issue 896391 link

Starred by 3 users
Status: Fixed
Owner:
tienmai@chromium.org
Closed: Dec 12
Cc:
rogerta@chromium.org
tienmai@chromium.org
nicolaso@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 3
Type: Bug



Sign in to add a comment

Find a solution for user used to execute credential provider login stub

Project Member Reported by tienmai@chromium.org, Oct 17 
When the credential provider runs the login stub application, it needs to create a new user 'gaia' with limited access to perform the actual signin procress. It is possible that this user name will already be used on machines where the GCPW is deployed so it might be worth looking into making the username generation for this account more robust.

Possible solutions include:
- Create a new user each time the GCPW is executed
- Check for a valid unused user name and store that into the secure storage area along with the PW for the username
- Use a more obfuscated name where the possibility that another username will clash is less likely.

We will also probably want to perform some checks on the final user that is generated to ensure it has the correct permissions (e.g. not admin)

Comment 1 by georgesak@google.com, Oct 22

Cc: rogerta@chromium.org tienmai@chromium.org
Labels: Enterprise-Triaged

Comment 2 by rogerta@chromium.org, Oct 24

Labels: Hotlist-Enterprise-Fixit
Status: Available (was: Untriaged)

Comment 3 by nicolaso@chromium.org, Dec 10

Cc: nicolaso@chromium.org

Comment 4 by tienmai@google.com, Dec 10

Owner: tienmai@chromium.org
Status: Started (was: Available)
Project Member

Comment 5 by bugdroid1@chromium.org, Dec 12 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f5482df0cedc84955584b74a0c82ecbc1a6aed63

commit f5482df0cedc84955584b74a0c82ecbc1a6aed63
Author: Tien Mai <tienmai@chromium.org>
Date: Wed Dec 12 17:30:06 2018

Try to find first unused 'gaia' username when installing GCPW.

- The GCPW installer will now try to find the first 'gaia' user name that is not
used in order to create the account used to run the GLS for GCPW.
- Once a username is determined it will stored in the LSA for fetching when needed.
- Added a maximum number of attempts for finding a valid username.

Bug:  896391 
Change-Id: Iad7da2dc011ba76bee0cb3b2fdcf4f1195c425a1
Reviewed-on: https://chromium-review.googlesource.com/c/1370718
Commit-Queue: Tien Mai <tienmai@chromium.org>
Reviewed-by: Roger Tawa <rogerta@chromium.org>
Cr-Commit-Position: refs/heads/master@{#615940}
[modify] https://crrev.com/f5482df0cedc84955584b74a0c82ecbc1a6aed63/chrome/credential_provider/common/gcp_strings.cc
[modify] https://crrev.com/f5482df0cedc84955584b74a0c82ecbc1a6aed63/chrome/credential_provider/common/gcp_strings.h
[modify] https://crrev.com/f5482df0cedc84955584b74a0c82ecbc1a6aed63/chrome/credential_provider/gaiacp/dllmain.cc
[modify] https://crrev.com/f5482df0cedc84955584b74a0c82ecbc1a6aed63/chrome/credential_provider/gaiacp/gaia_credential_base.cc
[modify] https://crrev.com/f5482df0cedc84955584b74a0c82ecbc1a6aed63/chrome/credential_provider/gaiacp/gaia_credential_base_unittests.cc
[modify] https://crrev.com/f5482df0cedc84955584b74a0c82ecbc1a6aed63/chrome/credential_provider/gaiacp/gcp_utils.h
[modify] https://crrev.com/f5482df0cedc84955584b74a0c82ecbc1a6aed63/chrome/credential_provider/gaiacp/os_process_manager.cc
[modify] https://crrev.com/f5482df0cedc84955584b74a0c82ecbc1a6aed63/chrome/credential_provider/gaiacp/os_process_manager.h
[modify] https://crrev.com/f5482df0cedc84955584b74a0c82ecbc1a6aed63/chrome/credential_provider/gaiacp/os_user_manager.cc
[modify] https://crrev.com/f5482df0cedc84955584b74a0c82ecbc1a6aed63/chrome/credential_provider/gaiacp/os_user_manager.h
[modify] https://crrev.com/f5482df0cedc84955584b74a0c82ecbc1a6aed63/chrome/credential_provider/test/gcp_setup_unittests.cc

Comment 6 by tienmai@google.com, Dec 12

Status: Fixed (was: Started)

Sign in to add a comment