When there is more than one username mapping for the cloud identity user, GCPW falls back to

new account creation irrespective of whether both those user mappings exist on the device. We should instead fallback to new user creation only if we have multiple valid user mappings on the device. Bug: 1137547 Change-Id: I9924a3b07235a05472f35998fb5be869c43d83c1 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2465584 Commit-Queue: Rakesh Soma <rakeshsoma@google.com> Reviewed-by: Yusuf Sengul <yusufsn@google.com> Cr-Commit-Position: refs/heads/master@{#816695}

When there is more than one username mapping for the cloud identity user, GCPW falls back to
new account creation irrespective of whether both those user mappings exist on the device. We should instead fallback to new user creation only if we have multiple valid user mappings on the device. Bug: 1137547 Change-Id: I9924a3b07235a05472f35998fb5be869c43d83c1 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2465584 Commit-Queue: Rakesh Soma <rakeshsoma@google.com> Reviewed-by: Yusuf Sengul <yusufsn@google.com> Cr-Commit-Position: refs/heads/master@{#816695}
042c5e67 · Rakesh Soma · Commit Bot · 7540893b · 042c5e67 · 042c5e67
Commit 042c5e67 authored Oct 13, 2020 by Rakesh Soma Committed by Commit Bot Oct 13, 2020
2 changed files
--- a/chrome/credential_provider/gaiacp/gaia_credential_base.cc
+++ b/chrome/credential_provider/gaiacp/gaia_credential_base.cc
@@ -247,9 +247,11 @@ HRESULT GetUserAndDomainInfo(
    BSTR* error_text) {
  base::string16 user_name;
  base::string16 domain_name;
+  OSUserManager* os_user_manager = OSUserManager::Get();
+  DCHECK(os_user_manager);
  bool is_ad_user =
-      OSUserManager::Get()->IsDeviceDomainJoined() && !sam_account_name.empty();
+      os_user_manager->IsDeviceDomainJoined() && !sam_account_name.empty();
  // Login via existing AD account mapping when the device is domain joined if
  // the AD account mapping is available.
  if (is_ad_user) {
@@ -302,6 +304,14 @@ HRESULT GetUserAndDomainInfo(
      re2::RE2::FullMatch(local_account_name, "un:([^,]+)(?:,sn:([^,]+))?",
                          &username, &serial_number);
+      // Only collect those user names that exist on the windows device.
+      base::string16 existing_sid;
+      HRESULT hr = os_user_manager->GetUserSID(
+          OSUserManager::GetLocalDomain().c_str(),
+          base::UTF8ToUTF16(username).c_str(), &existing_sid);
+      if (FAILED(hr))
+        continue;
      LOGFN(VERBOSE) << "RE2 username : " << username;
      LOGFN(VERBOSE) << "RE2 serial_number : " << serial_number;
@@ -334,8 +344,6 @@ HRESULT GetUserAndDomainInfo(
    domain_name = OSUserManager::GetLocalDomain();
  }
-  OSUserManager* os_user_manager = OSUserManager::Get();
-  DCHECK(os_user_manager);
  LOGFN(VERBOSE) << "Get user sid for user " << user_name << " and domain name "
                 << domain_name;
  HRESULT hr = os_user_manager->GetUserSID(domain_name.c_str(),

--- a/chrome/credential_provider/gaiacp/gaia_credential_base_unittests.cc
+++ b/chrome/credential_provider/gaiacp/gaia_credential_base_unittests.cc