Google Git
Sign in
chromium / chromium / src.git / 9bb4fadf58d274bc27e9ea5c90e191868a86d96d
commit9bb4fadf58d274bc27e9ea5c90e191868a86d96d[log] [tgz]
authorLutz Justen <ljusten@chromium.org>Tue Jun 25 07:27:07 2019
committerCommit Bot <commit-bot@chromium.org>Tue Jun 25 07:27:07 2019
tree68492def0f857b7a001d2e138585b25f017101d2
parent7ff3dc006e7f7d1bd2a07ed9bedf9f6192745949 [diff]
Handle password placeholder in KerberosAccounts policy

If ${PASSWORD} is present in KerberosAccounts, store the login password
in the kernel keyring. The Kerberos system daemon will then grab the
password to authenticate to a Kerberos account.

Also moves the call to InitializePrimaryProfileServices to an earlier
place. The KerberosCredentialsManager, which is created there, has to be
created when the login password is still stored in the user context, so
that UserSessionManager has a chance to send it to the session manager
(see SaveLoginPassword). However, the call happened when the password
was already cleared, see user_context_.ClearSecrets() in
FinalizePrepareProfile.

BUG=chromium:952240
TEST=Manually tested on device (enabled KerberosEnabled policy, set
      ${PASSWORD} as password for an account in KerberosAccounts, changed
      Gaia password to patch Kerberos password, logged in, verified in
      chrome:settings/kerberosAccounts that the ticket was valid.

Change-Id: I3d82b293c3d236b03928cd5cd75edbea6c8999a1
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1656570
Reviewed-by: Colin Blundell <blundell@chromium.org>
Reviewed-by: Steven Bennetts <stevenjb@chromium.org>
Reviewed-by: Pavol Marko <pmarko@chromium.org>
Reviewed-by: Xiyuan Xia <xiyuan@chromium.org>
Reviewed-by: May Lippert <maybelle@chromium.org>
Commit-Queue: Lutz Justen <ljusten@chromium.org>
Cr-Commit-Position: refs/heads/master@{#671983}
13 files changed
tree: 68492def0f857b7a001d2e138585b25f017101d2
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. build/
  6. build_overrides/
  7. buildtools/
  8. cc/
  9. chrome/
  10. chromecast/
  11. chromeos/
  12. cloud_print/
  13. components/
  14. content/
  15. courgette/
  16. crypto/
  17. dbus/
  18. device/
  19. docs/
  20. extensions/
  21. fuchsia/
  22. gin/
  23. google_apis/
  24. google_update/
  25. gpu/
  26. headless/
  27. infra/
  28. ios/
  29. ipc/
  30. jingle/
  31. media/
  32. mojo/
  33. native_client_sdk/
  34. net/
  35. pdf/
  36. ppapi/
  37. printing/
  38. remoting/
  39. rlz/
  40. sandbox/
  41. services/
  42. skia/
  43. sql/
  44. storage/
  45. styleguide/
  46. testing/
  47. third_party/
  48. tools/
  49. ui/
  50. url/
  51. .clang-format
  52. .eslintrc.js
  53. .git-blame-ignore-revs
  54. .gitattributes
  55. .gitignore
  56. .gn
  57. .vpython
  58. AUTHORS
  59. BUILD.gn
  60. CODE_OF_CONDUCT.md
  61. codereview.settings
  62. DEPS
  63. ENG_REVIEW_OWNERS
  64. LICENSE
  65. LICENSE.chromium_os
  66. OWNERS
  67. PRESUBMIT.py
  68. PRESUBMIT_test.py
  69. PRESUBMIT_test_mocks.py
  70. README.md
  71. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .