Handle accounts list from KerberosClient responses on KerberosCredentialsManager

Update KerberosCredentialsManager to use the list of remaining accounts from RemoveAccount() and ClearAccounts() methods from KerberosClient. This way, the active principal can be validated synchronously without calling the KerberosClient again. Bug: 952251 Change-Id: I64a9016595a91f6241653b0c7e43f6fae7cb634a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1916900 Commit-Queue: Felipe Andrade <fsandrade@chromium.org> Reviewed-by: Lutz Justen <ljusten@chromium.org> Cr-Commit-Position: refs/heads/master@{#718090}

Handle accounts list from KerberosClient responses on KerberosCredentialsManager
Update KerberosCredentialsManager to use the list of remaining accounts from RemoveAccount() and ClearAccounts() methods from KerberosClient. This way, the active principal can be validated synchronously without calling the KerberosClient again. Bug: 952251 Change-Id: I64a9016595a91f6241653b0c7e43f6fae7cb634a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1916900 Commit-Queue: Felipe Andrade <fsandrade@chromium.org> Reviewed-by: Lutz Justen <ljusten@chromium.org> Cr-Commit-Position: refs/heads/master@{#718090}
95098dc2 · Felipe Andrade · Commit Bot · 4870dfc9 · 95098dc2 · 95098dc2
Commit 95098dc2 authored Nov 22, 2019 by Felipe Andrade Committed by Commit Bot Nov 22, 2019
2 changed files
--- a/chrome/browser/chromeos/kerberos/kerberos_credentials_manager.cc
+++ b/chrome/browser/chromeos/kerberos/kerberos_credentials_manager.cc
@@ -500,7 +500,7 @@ void KerberosCredentialsManager::OnRemoveAccount(
  if (Succeeded(response.error())) {
    // Reassign active principal if it got deleted.
    if (GetActivePrincipalName() == principal_name)
-      ValidateActivePrincipal();
+      ValidateActivePrincipal(response.accounts());

    // Express our condolence to the observers.
    NotifyAccountsChanged();
@@ -532,7 +532,7 @@ void KerberosCredentialsManager::OnClearAccounts(
        case kerberos::CLEAR_ONLY_MANAGED_ACCOUNTS:
        case kerberos::CLEAR_ONLY_UNMANAGED_ACCOUNTS:
          // Check if the active account was wiped and if so, replace it.
-          ValidateActivePrincipal();
+          ValidateActivePrincipal(response.accounts());
          break;

        case kerberos::CLEAR_ONLY_UNMANAGED_REMEMBERED_PASSWORDS:
@@ -560,7 +560,7 @@ void KerberosCredentialsManager::OnListAccounts(
    const kerberos::ListAccountsResponse& response) {
  LogError("ListAccounts", response.error());
  // Lazily validate principal here while we're at it.
-  DoValidateActivePrincipal(response);
+  ValidateActivePrincipal(response.accounts());
  std::move(callback).Run(response);
 }

@@ -727,25 +727,18 @@ void KerberosCredentialsManager::ClearActivePrincipalName() {
  kerberos_files_handler_.DeleteFiles();
 }

-void KerberosCredentialsManager::ValidateActivePrincipal() {
-  kerberos::ListAccountsRequest request;
-  KerberosClient::Get()->ListAccounts(
-      request,
-      base::BindOnce(&KerberosCredentialsManager::DoValidateActivePrincipal,
-                     weak_factory_.GetWeakPtr()));
-}
-
-void KerberosCredentialsManager::DoValidateActivePrincipal(
-    const kerberos::ListAccountsResponse& response) {
+void KerberosCredentialsManager::ValidateActivePrincipal(
+    const RepeatedAccountField& accounts) {
  const std::string& active_principal = GetActivePrincipalName();
  bool found = false;
-  for (int n = 0; n < response.accounts_size() && !found; ++n)
-    found |= response.accounts(n).principal_name() == active_principal;
+
+  for (const kerberos::Account& account : accounts)
+    found |= account.principal_name() == active_principal;

  if (!found) {
    VLOG(1) << "Active principal got removed. Restoring.";
-    if (response.accounts_size() > 0)
-      SetActivePrincipalName(response.accounts(0).principal_name());
+    if (accounts.size() > 0)
+      SetActivePrincipalName(accounts.Get(0).principal_name());
    else
      ClearActivePrincipalName();
  }

--- a/chrome/browser/chromeos/kerberos/kerberos_credentials_manager.h
+++ b/chrome/browser/chromeos/kerberos/kerberos_credentials_manager.h
@@ -149,6 +149,8 @@ class KerberosCredentialsManager : public policy::PolicyService::Observer {

 private:
  friend class KerberosAddAccountRunner;
+  using RepeatedAccountField =
+      google::protobuf::RepeatedPtrField<kerberos::Account>;

  // Callback on KerberosAddAccountRunner::Done.
  void OnAddAccountRunnerDone(KerberosAddAccountRunner* runner,
@@ -205,15 +207,11 @@ class KerberosCredentialsManager : public policy::PolicyService::Observer {
  void SetActivePrincipalName(const std::string& principal_name);
  void ClearActivePrincipalName();

-  // Gets the current account list and calls DoValidateActivePrincipal().
-  void ValidateActivePrincipal();
-
-  // Checks whether the active principal is contained in the given |response|.
+  // Checks whether the active principal is contained in the given |accounts|.
  // If not, resets it to the first principal or clears it if the list is empty.
-  // It's not expected that this ever triggers, but it provides a fail safe if
-  // the active principal should ever break for whatever reason.
-  void DoValidateActivePrincipal(
-      const kerberos::ListAccountsResponse& response);
+  // It's expected to trigger if the active account is removed by
+  // |RemoveAccount()| or |ClearAccounts()|.
+  void ValidateActivePrincipal(const RepeatedAccountField& accounts);

  // Notification shown when the Kerberos ticket is about to expire.
  void ShowTicketExpiryNotification();