Google Git
Sign in
chromium / chromium / src / chrome / browser / policy / proto / ce71e6da63bcfdfb67e1a322bd291fd8be800bcd / . / device_management_backend.proto
blob: 1a857b62f9d8b529fdca22b0d31e9e200ea51220 [file] [log] [blame]
// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
syntax = "proto2";
import "cloud_policy.proto";
option optimize_for = LITE_RUNTIME;
package enterprise_management;
// Protocol buffers for the obsolete protocol:
// -------------------------------------------
// GenericValue, GenericNamedValue, GenericSetting, DevicePolicySetting,
// DevicePolicySettingRequest, DevicePolicyRequest, DevicePolicyResponse
// TODO(gfeher): Remove these when both Chrome and DMServer is switched to
// using the new protocol.
// Generic value container.
message GenericValue {
enum ValueType {
VALUE_TYPE_BOOL = 1;
VALUE_TYPE_INT64 = 2;
VALUE_TYPE_STRING = 3;
VALUE_TYPE_DOUBLE = 4;
VALUE_TYPE_BYTES = 5;
VALUE_TYPE_BOOL_ARRAY = 6;
VALUE_TYPE_INT64_ARRAY = 7;
VALUE_TYPE_STRING_ARRAY = 8;
VALUE_TYPE_DOUBLE_ARRAY = 9;
}
optional ValueType value_type = 1 [default = VALUE_TYPE_STRING];
// basic value types
optional bool bool_value = 2;
optional int64 int64_value = 3;
optional string string_value = 4;
optional double double_value = 5;
optional bytes bytes_value = 6;
repeated bool bool_array = 7;
repeated int64 int64_array = 8;
repeated string string_array = 9;
repeated double double_array = 10;
}
// Generic name value pair container.
message GenericNamedValue {
required string name = 1;
optional GenericValue value = 2;
}
// A setting is a set of generic name value pairs.
message GenericSetting {
repeated GenericNamedValue named_value = 1;
}
// Identify a single device policy setting key/value pair.
message DevicePolicySetting {
// key of the policy setting
required string policy_key = 1;
// value of the setting
optional GenericSetting policy_value = 2;
// watermark for setting value.
optional string watermark = 3;
}
// Request for a setting or with optional watermark on client side.
message DevicePolicySettingRequest {
// setting key
required string key = 1;
// watermark last read from server if available.
optional string watermark = 2;
}
// Request from device to server to read device policies.
message DevicePolicyRequest {
// identify request scope: CrOS settings or other type of settings.
optional string policy_scope = 1;
// identify key to the settings: proxy etc.
repeated DevicePolicySettingRequest setting_request = 2;
}
// Response from server to agent for reading policies.
message DevicePolicyResponse {
// the result of the settings.
repeated DevicePolicySetting setting = 1;
}
// Request from device to server to register device. The response will include
// a device token that can be used to query policies.
message DeviceRegisterRequest {
// reregister device without erasing server state.
// it can be used to refresh dmtoken etc.
optional bool reregister = 1;
}
// Response from server to device register request.
message DeviceRegisterResponse {
// device mangement toke for this registration.
required string device_management_token = 1;
}
// Protocol buffers for the new protocol:
// --------------------------------------
// Request from device to server to get policies for an unregistered user.
// These are actually "meta-policies", that control the rules for the user
// about enrolling for real policies.
message InitialPolicyRequest {
}
message InitialPolicySettings {
enum EnrollmentRule {
// The user must enroll its device for policies.
MANAGED = 1;
// The users's device is not automatically enrolled for policies, but the
// user may choose to try to enroll it.
UNMANAGED = 2;
}
optional EnrollmentRule enrollment_rule = 1;
}
// Response from server to device containing the policies available before
// registration.
message InitialPolicyResponse {
optional InitialPolicySettings settings = 1;
}
// Request from device to server to unregister device management token.
message DeviceUnregisterRequest {
}
// Response from server to unregister request.
message DeviceUnregisterResponse {
}
// Request from device to server to register device. The response will include
// a device token that can be used to query policies.
message CloudRegisterRequest {
enum Type {
// Requesting token for user policies.
USER = 1;
// Requesting token for device policies.
DEVICE = 2;
}
optional Type type = 1;
// Unique identifier of the machine. Only set if type == DEVICE.
// This won't be sent in later requests, the machine can be identified
// by its device token.
optional string machine_id = 2;
}
// Response from server to device register request.
message CloudRegisterResponse {
// Token for this registration.
required string device_management_token = 1;
// The name of the requesting device, assigned by the server.
optional string machine_name = 2;
}
message CloudPolicyRequest {
// Identify request scope: chromeos/device for device policies, chromeos/user
// for user policies. Only those policy scopes will be served, that are
// allowed by the type choice in CloudRegisterRequest.
optional string policy_scope = 1;
// The token used to query device policies on the device sending the request.
// Note, that the token used for actual authentication is sent in an HTTP
// header. These two tokens are the same if this request is for querying
// device policies and they differ if this request is for querying user
// policies. In the second case, the server can use device_policy_token to
// identify the device and determine if the user is allowed to get policies
// on the given device.
optional string device_policy_token = 2;
}
// Response from server to device for reading policies.
message CloudPolicyResponse {
// Serialized SignedCloudPolicyResponse.
optional bytes signed_response = 1;
// RSA signature of the SHA1 hash of the above data.
optional bytes signature = 2;
// The chain of DER-encoded X.509 certificates of the server's signing key.
// The first element should be the certificate whose private key was used
// for signing the response, and each of the following certificates signs the
// previous one.
repeated bytes certificate_chain = 3;
}
message SignedCloudPolicyResponse {
// The following two are necessary against replay attacks.
// |timestamp| is a unix timestamp (seconds since 1970).
optional int64 timestamp = 1;
// The token that was used for the request.
optional string request_token = 2;
// The name of the device, assigned by the server.
optional string device_name = 3;
// CloudPolicySettings is defined in cloud_policy.proto (which is
// auto-generated from chrome/app/policy_templates.json).
optional CloudPolicySettings settings = 4;
}
// Request from the DMAgent on the device to the DMServer.
// This is container for all requests from client.
//
// Http Query parameters:
// Query parameters contain the following information in each request:
// request: register/unregister/policy/cloud_policy/cloud_register/
// initial_policy
// devicetype: CrOS/Android/Iphone etc.
// apptype: CrOS/AndroidDM etc.
// agent: identify agent on device.
//
// Authorization:
// 1. If request is initial_policy, client must pass in GoogleLogin
// auth cookie in Authorization header:
// Authorization: GoogleLogin auth=<auth cookie>
// The response will contain settings that a user can get without
// registration. Currently the only such setting is a flag indicating if the
// user is in a managed domain or not. (We don't want to expose device ids of
// users not in managed domains.)
// 2. If request is register_request, client must pass in GoogleLogin auth
// cookie in Authorization header:
// Authorization: GoogleLogin auth=<auth cookie>
// The response will contain an unique DMToken for future requests.
// Depending on domain policy, the request may need admin approval before
// DMToken is issued.
// 3. For other requests, client must pass in DMToken in Authorization header:
// Authorization: GoogleDMToken token=<google dm token>
//
message DeviceManagementRequest {
// Register request (old protocol).
optional DeviceRegisterRequest register_request = 1;
// Unregister request.
optional DeviceUnregisterRequest unregister_request = 2;
// Data request.
optional DevicePolicyRequest policy_request = 3;
// Data request (new protocol).
optional CloudPolicyRequest cloud_policy_request = 4;
// Request for initial (before registration) policies.
optional InitialPolicyRequest initial_policy_request = 5;
// Register request (new protocol).
optional CloudRegisterRequest cloud_register_request = 6;
}
// Response from server to device.
message DeviceManagementResponse {
// Error code to client.
enum ErrorCode {
SUCCESS = 0;
// Returned for register request when device management is not supported
// for the domain.
DEVICE_MANAGEMENT_NOT_SUPPORTED = 1;
// Returned when the device is not found.
DEVICE_NOT_FOUND = 2;
// Returned when passed in device management token doesn't match the token
// on server side.
DEVICE_MANAGEMENT_TOKEN_INVALID = 3;
// Returned when device registration is pending approval (if required).
ACTIVATION_PENDING = 4;
// Returned when the policy is not found.
POLICY_NOT_FOUND = 5;
}
// Error code for this request.
required ErrorCode error = 1;
// Error message.
optional string error_message = 2;
// Register response (old protocol).
optional DeviceRegisterResponse register_response = 3;
// Unregister response
optional DeviceUnregisterResponse unregister_response = 4;
// Policy response.
optional DevicePolicyResponse policy_response = 5;
// Policy response (new protocol).
optional CloudPolicyResponse cloud_policy_response = 6;
// Response to initial (before registration) policy request.
optional InitialPolicyResponse initial_policy_response = 7;
// Register response (new protocol).
optional CloudRegisterResponse cloud_register_response = 8;
}