Revert 75106 - New policy protobuf protocol.
(Second attempt to land http://codereview.chromium.org/6409040/)
- cloud_policy.proto autogenerated from policy_templats.json
- C++ method decoding the protobuf also autogenerated from policy_templates.json
- changed policy fetching mechanism to fetch new-style policy protobufs
BUG=68309, chromium-os:11253, chromium-os:11255
TEST=CloudPolicyCacheTest.*; also manual test against python testserver
Review URL: http://codereview.chromium.org/6523058
TBR=jkummerow@chromium.org
git-svn-id: http://src.chromium.org/svn/trunk/src/chrome/browser/policy/proto@75115 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
diff --git a/cloud_policy.proto b/cloud_policy.proto
new file mode 100644
index 0000000..82a1135
--- /dev/null
+++ b/cloud_policy.proto
@@ -0,0 +1,221 @@
+//
+// DO NOT MODIFY THIS FILE DIRECTLY!
+// ITS IS GENERATED BY generate_policy_source.py
+// FROM policy_templates.json
+//
+
+syntax = "proto2";
+
+option optimize_for = LITE_RUNTIME;
+
+package enterprise_management;
+
+// PBs for individual settings.
+
+message PolicyOptions {
+ enum PolicyMode {
+ // The user may choose to override the given settings.
+ RECOMMENDED = 1;
+ // The given settings are applied regardless of user choice.
+ MANDATORY = 2;
+ }
+ optional PolicyMode mode = 1;
+}
+
+message HomepageProto {
+ optional PolicyOptions policy_options = 1;
+ optional string HomepageLocation = 2;
+ optional bool HomepageIsNewTabPage = 3;
+}
+
+message ApplicationLocaleValueProto {
+ optional PolicyOptions policy_options = 1;
+ optional string ApplicationLocaleValue = 2;
+}
+
+message AlternateErrorPagesEnabledProto {
+ optional PolicyOptions policy_options = 1;
+ optional bool AlternateErrorPagesEnabled = 2;
+}
+
+message SearchSuggestEnabledProto {
+ optional PolicyOptions policy_options = 1;
+ optional bool SearchSuggestEnabled = 2;
+}
+
+message DnsPrefetchingEnabledProto {
+ optional PolicyOptions policy_options = 1;
+ optional bool DnsPrefetchingEnabled = 2;
+}
+
+message DisableSpdyProto {
+ optional PolicyOptions policy_options = 1;
+ optional bool DisableSpdy = 2;
+}
+
+message JavascriptEnabledProto {
+ optional PolicyOptions policy_options = 1;
+ optional bool JavascriptEnabled = 2;
+}
+
+message SavingBrowserHistoryDisabledProto {
+ optional PolicyOptions policy_options = 1;
+ optional bool SavingBrowserHistoryDisabled = 2;
+}
+
+message PrintingEnabledProto {
+ optional PolicyOptions policy_options = 1;
+ optional bool PrintingEnabled = 2;
+}
+
+message SafeBrowsingEnabledProto {
+ optional PolicyOptions policy_options = 1;
+ optional bool SafeBrowsingEnabled = 2;
+}
+
+message MetricsReportingEnabledProto {
+ optional PolicyOptions policy_options = 1;
+ optional bool MetricsReportingEnabled = 2;
+}
+
+message PasswordManagerProto {
+ optional PolicyOptions policy_options = 1;
+ optional bool PasswordManagerEnabled = 2;
+ optional bool PasswordManagerAllowShowPasswords = 3;
+}
+
+message AutoFillEnabledProto {
+ optional PolicyOptions policy_options = 1;
+ optional bool AutoFillEnabled = 2;
+}
+
+message DisabledPluginsProto {
+ optional PolicyOptions policy_options = 1;
+ repeated string DisabledPlugins = 2;
+}
+
+message SyncDisabledProto {
+ optional PolicyOptions policy_options = 1;
+ optional bool SyncDisabled = 2;
+}
+
+message ProxyProto {
+ optional PolicyOptions policy_options = 1;
+ optional string ProxyMode = 2;
+ optional int64 ProxyServerMode = 3;
+ optional string ProxyServer = 4;
+ optional string ProxyPacUrl = 5;
+ optional string ProxyBypassList = 6;
+}
+
+message HTTPAuthenticationProto {
+ optional PolicyOptions policy_options = 1;
+ optional string AuthSchemes = 2;
+ optional bool DisableAuthNegotiateCnameLookup = 3;
+ optional bool EnableAuthNegotiatePort = 4;
+ optional string AuthServerWhitelist = 5;
+ optional string AuthNegotiateDelegateWhitelist = 6;
+ optional string GSSAPILibraryName = 7;
+}
+
+message ExtensionsProto {
+ optional PolicyOptions policy_options = 1;
+ repeated string ExtensionInstallBlacklist = 2;
+ repeated string ExtensionInstallWhitelist = 3;
+ repeated string ExtensionInstallForcelist = 4;
+}
+
+message ShowHomeButtonProto {
+ optional PolicyOptions policy_options = 1;
+ optional bool ShowHomeButton = 2;
+}
+
+message DeveloperToolsDisabledProto {
+ optional PolicyOptions policy_options = 1;
+ optional bool DeveloperToolsDisabled = 2;
+}
+
+message RestoreOnStartupGroupProto {
+ optional PolicyOptions policy_options = 1;
+ optional int64 RestoreOnStartup = 2;
+ repeated string RestoreOnStartupURLs = 3;
+}
+
+message DefaultSearchProviderProto {
+ optional PolicyOptions policy_options = 1;
+ optional bool DefaultSearchProviderEnabled = 2;
+ optional string DefaultSearchProviderName = 3;
+ optional string DefaultSearchProviderKeyword = 4;
+ optional string DefaultSearchProviderSearchURL = 5;
+ optional string DefaultSearchProviderSuggestURL = 6;
+ optional string DefaultSearchProviderInstantURL = 7;
+ optional string DefaultSearchProviderIconURL = 8;
+ repeated string DefaultSearchProviderEncodings = 9;
+}
+
+message ContentSettingsProto {
+ optional PolicyOptions policy_options = 1;
+ optional int64 DefaultCookiesSetting = 2;
+ optional int64 DefaultImagesSetting = 3;
+ optional int64 DefaultJavaScriptSetting = 4;
+ optional int64 DefaultPluginsSetting = 5;
+ optional int64 DefaultPopupsSetting = 6;
+ optional int64 DefaultNotificationSetting = 7;
+ optional int64 DefaultGeolocationSetting = 8;
+}
+
+message Disable3DAPIsProto {
+ optional PolicyOptions policy_options = 1;
+ optional bool Disable3DAPIs = 2;
+}
+
+message ChromeFrameRendererSettingsProto {
+ optional PolicyOptions policy_options = 1;
+ optional int64 ChromeFrameRendererSettings = 2;
+ repeated string RenderInChromeFrameList = 3;
+ repeated string RenderInHostList = 4;
+}
+
+message ChromeFrameContentTypesProto {
+ optional PolicyOptions policy_options = 1;
+ repeated string ChromeFrameContentTypes = 2;
+}
+
+message ChromeOsLockOnIdleSuspendProto {
+ optional PolicyOptions policy_options = 1;
+ optional bool ChromeOsLockOnIdleSuspend = 2;
+}
+
+
+// --------------------------------------------------
+// Wrapper PB for DMServer -> ChromeOS communication.
+
+message CloudPolicySettings {
+ optional HomepageProto Homepage = 1;
+ optional ApplicationLocaleValueProto ApplicationLocaleValue = 2;
+ optional AlternateErrorPagesEnabledProto AlternateErrorPagesEnabled = 3;
+ optional SearchSuggestEnabledProto SearchSuggestEnabled = 4;
+ optional DnsPrefetchingEnabledProto DnsPrefetchingEnabled = 5;
+ optional DisableSpdyProto DisableSpdy = 6;
+ optional JavascriptEnabledProto JavascriptEnabled = 7;
+ optional SavingBrowserHistoryDisabledProto SavingBrowserHistoryDisabled = 8;
+ optional PrintingEnabledProto PrintingEnabled = 9;
+ optional SafeBrowsingEnabledProto SafeBrowsingEnabled = 10;
+ optional MetricsReportingEnabledProto MetricsReportingEnabled = 11;
+ optional PasswordManagerProto PasswordManager = 12;
+ optional AutoFillEnabledProto AutoFillEnabled = 13;
+ optional DisabledPluginsProto DisabledPlugins = 14;
+ optional SyncDisabledProto SyncDisabled = 15;
+ optional ProxyProto Proxy = 16;
+ optional HTTPAuthenticationProto HTTPAuthentication = 17;
+ optional ExtensionsProto Extensions = 18;
+ optional ShowHomeButtonProto ShowHomeButton = 19;
+ optional DeveloperToolsDisabledProto DeveloperToolsDisabled = 20;
+ optional RestoreOnStartupGroupProto RestoreOnStartupGroup = 21;
+ optional DefaultSearchProviderProto DefaultSearchProvider = 22;
+ optional ContentSettingsProto ContentSettings = 23;
+ optional Disable3DAPIsProto Disable3DAPIs = 24;
+ optional ChromeFrameRendererSettingsProto ChromeFrameRendererSettings = 25;
+ optional ChromeFrameContentTypesProto ChromeFrameContentTypes = 26;
+ optional ChromeOsLockOnIdleSuspendProto ChromeOsLockOnIdleSuspend = 27;
+}
diff --git a/device_management_backend.proto b/device_management_backend.proto
index 1a857b6..3187f6b 100644
--- a/device_management_backend.proto
+++ b/device_management_backend.proto
@@ -88,8 +88,29 @@
repeated DevicePolicySetting setting = 1;
}
-// Request from device to server to register device. The response will include
-// a device token that can be used to query policies.
+// Protocol buffers for the new protocol:
+// --------------------------------------
+
+// Request from device to server to query if the authenticated user is in a
+// managed domain.
+message ManagedCheckRequest {
+}
+
+// Response from server to device indicating if the authenticated user is in a
+// managed domain.
+message ManagedCheckResponse {
+ enum Mode {
+ // The device must be enrolled for policies.
+ MANAGED = 1;
+ // The device is not automatically enrolled for policies, but the user
+ // may choose to try to enroll it.
+ UNMANAGED = 2;
+ }
+
+ optional Mode mode = 1;
+}
+
+// Request from device to server to register device.
message DeviceRegisterRequest {
// reregister device without erasing server state.
// it can be used to refresh dmtoken etc.
@@ -100,82 +121,29 @@
message DeviceRegisterResponse {
// device mangement toke for this registration.
required string device_management_token = 1;
+
+ // The name of the device, assigned by the server.
+ optional string device_name = 2;
}
-// Protocol buffers for the new protocol:
-// --------------------------------------
-
-// Request from device to server to get policies for an unregistered user.
-// These are actually "meta-policies", that control the rules for the user
-// about enrolling for real policies.
-message InitialPolicyRequest {
-}
-
-message InitialPolicySettings {
- enum EnrollmentRule {
- // The user must enroll its device for policies.
- MANAGED = 1;
- // The users's device is not automatically enrolled for policies, but the
- // user may choose to try to enroll it.
- UNMANAGED = 2;
- }
-
- optional EnrollmentRule enrollment_rule = 1;
-}
-
-// Response from server to device containing the policies available before
-// registration.
-message InitialPolicyResponse {
- optional InitialPolicySettings settings = 1;
-}
-
-// Request from device to server to unregister device management token.
+// Request from device to server to unregister device.
message DeviceUnregisterRequest {
}
-// Response from server to unregister request.
+// Response from server to device unregister request.
message DeviceUnregisterResponse {
}
-// Request from device to server to register device. The response will include
-// a device token that can be used to query policies.
-message CloudRegisterRequest {
- enum Type {
- // Requesting token for user policies.
- USER = 1;
- // Requesting token for device policies.
- DEVICE = 2;
- }
- optional Type type = 1;
- // Unique identifier of the machine. Only set if type == DEVICE.
- // This won't be sent in later requests, the machine can be identified
- // by its device token.
- optional string machine_id = 2;
-}
-
-// Response from server to device register request.
-message CloudRegisterResponse {
- // Token for this registration.
- required string device_management_token = 1;
-
- // The name of the requesting device, assigned by the server.
- optional string machine_name = 2;
-}
-
message CloudPolicyRequest {
// Identify request scope: chromeos/device for device policies, chromeos/user
- // for user policies. Only those policy scopes will be served, that are
- // allowed by the type choice in CloudRegisterRequest.
+ // for user policies.
optional string policy_scope = 1;
-
- // The token used to query device policies on the device sending the request.
- // Note, that the token used for actual authentication is sent in an HTTP
- // header. These two tokens are the same if this request is for querying
- // device policies and they differ if this request is for querying user
- // policies. In the second case, the server can use device_policy_token to
- // identify the device and determine if the user is allowed to get policies
- // on the given device.
- optional string device_policy_token = 2;
+ // The device token of the owner of the device sending the request. In cases
+ // the request was sent by the device owner or device policies were
+ // requested, this is the same as the token used for authentication.
+ // Otherwise (if the user policy is requested for someone else than the device
+ // owner) this token is different from the token used for authentication.
+ optional string device_token = 2;
}
// Response from server to device for reading policies.
@@ -208,20 +176,20 @@
//
// Http Query parameters:
// Query parameters contain the following information in each request:
-// request: register/unregister/policy/cloud_policy/cloud_register/
-// initial_policy
+// request: register/unregister/policy/cloud_policy/managed_check etc.
// devicetype: CrOS/Android/Iphone etc.
// apptype: CrOS/AndroidDM etc.
+// deviceid: unique id that identify the device.
// agent: identify agent on device.
//
// Authorization:
-// 1. If request is initial_policy, client must pass in GoogleLogin
-// auth cookie in Authorization header:
+// 1. If request is managed_check, client must pass in GoogleLogin auth
+// cookie in Authorization header:
// Authorization: GoogleLogin auth=<auth cookie>
-// The response will contain settings that a user can get without
-// registration. Currently the only such setting is a flag indicating if the
-// user is in a managed domain or not. (We don't want to expose device ids of
-// users not in managed domains.)
+// This is the only case when the deviceid query parameter is set to empty.
+// The response will contain a flag indicating if the user is in a managed
+// domain or not. (We don't want to expose device ids of users not in
+// managed domains.)
// 2. If request is register_request, client must pass in GoogleLogin auth
// cookie in Authorization header:
// Authorization: GoogleLogin auth=<auth cookie>
@@ -232,7 +200,7 @@
// Authorization: GoogleDMToken token=<google dm token>
//
message DeviceManagementRequest {
- // Register request (old protocol).
+ // Register request.
optional DeviceRegisterRequest register_request = 1;
// Unregister request.
@@ -244,11 +212,8 @@
// Data request (new protocol).
optional CloudPolicyRequest cloud_policy_request = 4;
- // Request for initial (before registration) policies.
- optional InitialPolicyRequest initial_policy_request = 5;
-
- // Register request (new protocol).
- optional CloudRegisterRequest cloud_register_request = 6;
+ // Request to check if a user is managed or not.
+ optional ManagedCheckRequest managed_check_request = 5;
}
// Response from server to device.
@@ -276,7 +241,7 @@
// Error message.
optional string error_message = 2;
- // Register response (old protocol).
+ // Register response
optional DeviceRegisterResponse register_response = 3;
// Unregister response
@@ -288,9 +253,6 @@
// Policy response (new protocol).
optional CloudPolicyResponse cloud_policy_response = 6;
- // Response to initial (before registration) policy request.
- optional InitialPolicyResponse initial_policy_response = 7;
-
- // Register response (new protocol).
- optional CloudRegisterResponse cloud_register_response = 8;
+ // Response to managed check request.
+ optional ManagedCheckResponse managed_check_response = 7;
}
\ No newline at end of file
diff --git a/device_management_local.proto b/device_management_local.proto
index 45c2994..a991551 100644
--- a/device_management_local.proto
+++ b/device_management_local.proto
@@ -10,18 +10,14 @@
import "device_management_backend.proto";
-// Wrapper around CloudPolicyResponse/DevicePolicyResponse for caching on disk.
-message CachedCloudPolicyResponse {
+// Wrapper around DevicePolicyResponse for caching on disk.
+message CachedDevicePolicyResponse {
// The DevicePolicyResponse wrapped by this message.
- optional DevicePolicyResponse device_policy = 1;
- // Timestamp noting when the |unmanaged| flag was set. The data format is
- // a unix timestamp. When caching (deprecated) DevicePolicyResponses, this
- // timestamp also notes when the response was cached.
+ optional DevicePolicyResponse policy = 1;
+ // Timestamp noting when this policy was cached.
optional uint64 timestamp = 2;
// Flag that is set to true if this device is not managed.
optional bool unmanaged = 3;
- // The CloudPolicyResponse wrapped by this message.
- optional CloudPolicyResponse cloud_policy = 4;
}
// Encapsulates a device ID and the associated device token.
diff --git a/device_management_proto.gyp b/device_management_proto.gyp
new file mode 100644
index 0000000..ede0251
--- /dev/null
+++ b/device_management_proto.gyp
@@ -0,0 +1,81 @@
+# Copyright (c) 2010 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+{
+ 'variables': {
+ 'chromium_code': 1,
+ 'protoc_out_dir': '<(SHARED_INTERMEDIATE_DIR)/protoc_out',
+ },
+ 'targets': [
+ {
+ # Protobuf compiler / generate rule for the device management protocol.
+ 'target_name': 'device_management_proto',
+ 'type': 'none',
+ 'sources': [
+ 'cloud_policy.proto',
+ 'device_management_backend.proto',
+ 'device_management_local.proto',
+ ],
+ 'rules': [
+ {
+ 'rule_name': 'genproto',
+ 'extension': 'proto',
+ 'inputs': [
+ '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)protoc<(EXECUTABLE_SUFFIX)',
+ ],
+ 'variables': {
+ # The protoc compiler requires a proto_path argument with the
+ # directory containing the .proto file. There's no generator
+ # variable that corresponds to this, so fake it.
+ 'rule_input_relpath': 'chrome/browser/policy/proto',
+ },
+ 'outputs': [
+ '<(PRODUCT_DIR)/pyproto/device_management_pb/<(RULE_INPUT_ROOT)_pb2.py',
+ '<(protoc_out_dir)/<(rule_input_relpath)/<(RULE_INPUT_ROOT).pb.h',
+ '<(protoc_out_dir)/<(rule_input_relpath)/<(RULE_INPUT_ROOT).pb.cc',
+ ],
+ 'action': [
+ '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)protoc<(EXECUTABLE_SUFFIX)',
+ '--proto_path=.',
+ './<(RULE_INPUT_ROOT)<(RULE_INPUT_EXT)',
+ '--cpp_out=<(protoc_out_dir)/<(rule_input_relpath)',
+ '--python_out=<(PRODUCT_DIR)/pyproto/device_management_pb',
+ ],
+ 'message': 'Generating C++ and Python code from <(RULE_INPUT_PATH)',
+ },
+ ],
+ 'dependencies': [
+ '../../../../third_party/protobuf/protobuf.gyp:protoc#host',
+ ],
+ 'direct_dependent_settings': {
+ 'include_dirs': [
+ '<(protoc_out_dir)',
+ ]
+ },
+ },
+ {
+ 'target_name': 'device_management_proto_cpp',
+ 'type': 'none',
+ 'export_dependent_settings': [
+ '../../../../third_party/protobuf/protobuf.gyp:protobuf_lite',
+ 'device_management_proto',
+ ],
+ 'dependencies': [
+ '../../../../third_party/protobuf/protobuf.gyp:protobuf_lite',
+ 'device_management_proto',
+ ],
+ 'direct_dependent_settings': {
+ 'include_dirs': [
+ '<(protoc_out_dir)',
+ ]
+ },
+ },
+ ],
+}
+
+# Local Variables:
+# tab-width:2
+# indent-tabs-mode:nil
+# End:
+# vim: set expandtab tabstop=2 shiftwidth=2:
