DescriptionFix device policy recovery on CrOS login
If the device policy file cannot be loaded on login, the device enters
a state where it allows login process to proceed only if the user logging
in is the owner. To be able to successfully determine if the user is
owner, parallel authenticator has to wait until the certificates
are loaded by CertLoader. The problem is that the CertLoader starts
loading the certificates _after_ the user actually logs in. So if the
authenticator actually waited for the owner status to be resolved, the
login would hang.
This CL adds another state to LoginState::LoggedInState enum (SAFE_MODE)
in which CertLoader will be allowed to start loading the certificates.
When the authenticator detects the policy file corruption, it changes
login state to SAFE MODE (which triggers the certificate loading) and
waits for the DeviceSettingsService to determine whether the current user
is the owner.
Also, removed LoginState::GetLoggedInState. Replaced it's pre-existing
usages with LoginState::IsUserLoggedIn; and added
LoginState::IsInSafeMode to be used here.
BUG=285450
TEST=
1. manually remove device policy file
2. try logging in to a non-owner account -> should fail
3. try logging in to the owner account -> should succeed
4. try logging in to a non-owner account again -> should succeed
Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=223168
Patch Set 1 #Patch Set 2 : . #Patch Set 3 : . #Patch Set 4 : . #Patch Set 5 : . #Patch Set 6 : rebase #Patch Set 7 : . #Patch Set 8 : . #Patch Set 9 : . #Patch Set 10 : . #Patch Set 11 : . #
Total comments: 6
Patch Set 12 : . #Patch Set 13 : rebase #Patch Set 14 : . #Patch Set 15 : . #Messages
Total messages: 9 (0 generated)
|