Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1152)

Side by Side Diff: chrome/browser/policy/proto/device_management_backend.proto

Issue 6409040: New policy protobuf protocol. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: address comments Created 9 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 syntax = "proto2"; 5 syntax = "proto2";
6 6
7 import "cloud_policy.proto"; 7 import "cloud_policy.proto";
8 8
9 option optimize_for = LITE_RUNTIME; 9 option optimize_for = LITE_RUNTIME;
10 10
(...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after
81 // identify key to the settings: proxy etc. 81 // identify key to the settings: proxy etc.
82 repeated DevicePolicySettingRequest setting_request = 2; 82 repeated DevicePolicySettingRequest setting_request = 2;
83 } 83 }
84 84
85 // Response from server to agent for reading policies. 85 // Response from server to agent for reading policies.
86 message DevicePolicyResponse { 86 message DevicePolicyResponse {
87 // the result of the settings. 87 // the result of the settings.
88 repeated DevicePolicySetting setting = 1; 88 repeated DevicePolicySetting setting = 1;
89 } 89 }
90 90
91 // Protocol buffers for the new protocol: 91 // Request from device to server to register device. The response will include
92 // -------------------------------------- 92 // a device token that can be used to query policies.
93
94 // Request from device to server to query if the authenticated user is in a
95 // managed domain.
96 message ManagedCheckRequest {
97 }
98
99 // Response from server to device indicating if the authenticated user is in a
100 // managed domain.
101 message ManagedCheckResponse {
102 enum Mode {
103 // The device must be enrolled for policies.
104 MANAGED = 1;
105 // The device is not automatically enrolled for policies, but the user
106 // may choose to try to enroll it.
107 UNMANAGED = 2;
108 }
109
110 optional Mode mode = 1;
111 }
112
113 // Request from device to server to register device.
114 message DeviceRegisterRequest { 93 message DeviceRegisterRequest {
115 // reregister device without erasing server state. 94 // reregister device without erasing server state.
116 // it can be used to refresh dmtoken etc. 95 // it can be used to refresh dmtoken etc.
117 optional bool reregister = 1; 96 optional bool reregister = 1;
118 } 97 }
119 98
120 // Response from server to device register request. 99 // Response from server to device register request.
121 message DeviceRegisterResponse { 100 message DeviceRegisterResponse {
122 // device mangement toke for this registration. 101 // device mangement toke for this registration.
123 required string device_management_token = 1; 102 required string device_management_token = 1;
124
125 // The name of the device, assigned by the server.
126 optional string device_name = 2;
127 } 103 }
128 104
129 // Request from device to server to unregister device. 105 // Protocol buffers for the new protocol:
106 // --------------------------------------
107
108 // Request from device to server to get policies for an unregistered user.
109 // These are actually "meta-policies", that control the rules for the user
110 // about enrolling for real policies.
111 message InitialPolicyRequest {
112 }
113
114 message InitialPolicySettings {
115 enum EnrollmentRule {
116 // The user must enroll its device for policies.
117 MANAGED = 1;
118 // The users's device is not automatically enrolled for policies, but the
119 // user may choose to try to enroll it.
120 UNMANAGED = 2;
121 }
122
123 optional EnrollmentRule enrollment_rule = 1;
124 }
125
126 // Response from server to device containing the policies available before
127 // registration.
128 message InitialPolicyResponse {
129 optional InitialPolicySettings settings = 1;
130 }
131
132 // Request from device to server to unregister device management token.
130 message DeviceUnregisterRequest { 133 message DeviceUnregisterRequest {
131 } 134 }
132 135
133 // Response from server to device unregister request. 136 // Response from server to unregister request.
134 message DeviceUnregisterResponse { 137 message DeviceUnregisterResponse {
135 } 138 }
136 139
140 // Request from device to server to register device. The response will include
141 // a device token that can be used to query policies.
142 message CloudRegisterRequest {
143 enum Type {
144 // Requesting token for user policies.
145 USER = 1;
146 // Requesting token for device policies.
147 DEVICE = 2;
148 }
149 optional Type type = 1;
150 // Unique identifier of the machine. Only set if type == DEVICE.
151 // This won't be sent in later requests, the machine can be identified
152 // by its device token.
153 optional string machine_id = 2;
154 }
155
156 // Response from server to device register request.
157 message CloudRegisterResponse {
158 // Token for this registration.
159 required string device_management_token = 1;
160
161 // The name of the requesting device, assigned by the server.
162 optional string machine_name = 2;
163 }
164
137 message CloudPolicyRequest { 165 message CloudPolicyRequest {
138 // Identify request scope: chromeos/device for device policies, chromeos/user 166 // Identify request scope: chromeos/device for device policies, chromeos/user
139 // for user policies. 167 // for user policies. Only those policy scopes will be served, that are
168 // allowed by the type choice in CloudRegisterRequest.
140 optional string policy_scope = 1; 169 optional string policy_scope = 1;
141 // The device token of the owner of the device sending the request. In cases 170
142 // the request was sent by the device owner or device policies were 171 // The token used to query device policies on the device sending the request.
143 // requested, this is the same as the token used for authentication. 172 // Note, that the token used for actual authentication is sent in an HTTP
144 // Otherwise (if the user policy is requested for someone else than the device 173 // header. These two tokens are the same if this request is for querying
145 // owner) this token is different from the token used for authentication. 174 // device policies and they differ if this request is for querying user
146 optional string device_token = 2; 175 // policies. In the second case, the server can use device_policy_token to
176 // identify the device and determine if the user is allowed to get policies
177 // on the given device.
178 optional string device_policy_token = 2;
147 } 179 }
148 180
149 // Response from server to device for reading policies. 181 // Response from server to device for reading policies.
150 message CloudPolicyResponse { 182 message CloudPolicyResponse {
151 // Serialized SignedCloudPolicyResponse. 183 // Serialized SignedCloudPolicyResponse.
152 optional bytes signed_response = 1; 184 optional bytes signed_response = 1;
153 // RSA signature of the SHA1 hash of the above data. 185 // RSA signature of the SHA1 hash of the above data.
154 optional bytes signature = 2; 186 optional bytes signature = 2;
155 // The chain of DER-encoded X.509 certificates of the server's signing key. 187 // The chain of DER-encoded X.509 certificates of the server's signing key.
156 // The first element should be the certificate whose private key was used 188 // The first element should be the certificate whose private key was used
(...skipping 12 matching lines...) Expand all
169 // CloudPolicySettings is defined in cloud_policy.proto (which is 201 // CloudPolicySettings is defined in cloud_policy.proto (which is
170 // auto-generated from chrome/app/policy_templates.json). 202 // auto-generated from chrome/app/policy_templates.json).
171 optional CloudPolicySettings settings = 4; 203 optional CloudPolicySettings settings = 4;
172 } 204 }
173 205
174 // Request from the DMAgent on the device to the DMServer. 206 // Request from the DMAgent on the device to the DMServer.
175 // This is container for all requests from client. 207 // This is container for all requests from client.
176 // 208 //
177 // Http Query parameters: 209 // Http Query parameters:
178 // Query parameters contain the following information in each request: 210 // Query parameters contain the following information in each request:
179 // request: register/unregister/policy/cloud_policy/managed_check etc. 211 // request: register/unregister/policy/cloud_policy/cloud_register/
212 // initial_policy
180 // devicetype: CrOS/Android/Iphone etc. 213 // devicetype: CrOS/Android/Iphone etc.
181 // apptype: CrOS/AndroidDM etc. 214 // apptype: CrOS/AndroidDM etc.
182 // deviceid: unique id that identify the device.
183 // agent: identify agent on device. 215 // agent: identify agent on device.
184 // 216 //
185 // Authorization: 217 // Authorization:
186 // 1. If request is managed_check, client must pass in GoogleLogin auth 218 // 1. If request is initial_policy, client must pass in GoogleLogin
187 // cookie in Authorization header: 219 // auth cookie in Authorization header:
188 // Authorization: GoogleLogin auth=<auth cookie> 220 // Authorization: GoogleLogin auth=<auth cookie>
189 // This is the only case when the deviceid query parameter is set to empty. 221 // The response will contain settings that a user can get without
190 // The response will contain a flag indicating if the user is in a managed 222 // registration. Currently the only such setting is a flag indicating if the
191 // domain or not. (We don't want to expose device ids of users not in 223 // user is in a managed domain or not. (We don't want to expose device ids of
192 // managed domains.) 224 // users not in managed domains.)
193 // 2. If request is register_request, client must pass in GoogleLogin auth 225 // 2. If request is register_request, client must pass in GoogleLogin auth
194 // cookie in Authorization header: 226 // cookie in Authorization header:
195 // Authorization: GoogleLogin auth=<auth cookie> 227 // Authorization: GoogleLogin auth=<auth cookie>
196 // The response will contain an unique DMToken for future requests. 228 // The response will contain an unique DMToken for future requests.
197 // Depending on domain policy, the request may need admin approval before 229 // Depending on domain policy, the request may need admin approval before
198 // DMToken is issued. 230 // DMToken is issued.
199 // 3. For other requests, client must pass in DMToken in Authorization header: 231 // 3. For other requests, client must pass in DMToken in Authorization header:
200 // Authorization: GoogleDMToken token=<google dm token> 232 // Authorization: GoogleDMToken token=<google dm token>
201 // 233 //
202 message DeviceManagementRequest { 234 message DeviceManagementRequest {
203 // Register request. 235 // Register request (old protocol).
204 optional DeviceRegisterRequest register_request = 1; 236 optional DeviceRegisterRequest register_request = 1;
205 237
206 // Unregister request. 238 // Unregister request.
207 optional DeviceUnregisterRequest unregister_request = 2; 239 optional DeviceUnregisterRequest unregister_request = 2;
208 240
209 // Data request. 241 // Data request.
210 optional DevicePolicyRequest policy_request = 3; 242 optional DevicePolicyRequest policy_request = 3;
211 243
212 // Data request (new protocol). 244 // Data request (new protocol).
213 optional CloudPolicyRequest cloud_policy_request = 4; 245 optional CloudPolicyRequest cloud_policy_request = 4;
214 246
215 // Request to check if a user is managed or not. 247 // Request for initial (before registration) policies.
216 optional ManagedCheckRequest managed_check_request = 5; 248 optional InitialPolicyRequest initial_policy_request = 5;
249
250 // Register request (new protocol).
251 optional CloudRegisterRequest cloud_register_request = 6;
217 } 252 }
218 253
219 // Response from server to device. 254 // Response from server to device.
220 message DeviceManagementResponse { 255 message DeviceManagementResponse {
221 // Error code to client. 256 // Error code to client.
222 enum ErrorCode { 257 enum ErrorCode {
223 SUCCESS = 0; 258 SUCCESS = 0;
224 // Returned for register request when device management is not supported 259 // Returned for register request when device management is not supported
225 // for the domain. 260 // for the domain.
226 DEVICE_MANAGEMENT_NOT_SUPPORTED = 1; 261 DEVICE_MANAGEMENT_NOT_SUPPORTED = 1;
227 // Returned when the device is not found. 262 // Returned when the device is not found.
228 DEVICE_NOT_FOUND = 2; 263 DEVICE_NOT_FOUND = 2;
229 // Returned when passed in device management token doesn't match the token 264 // Returned when passed in device management token doesn't match the token
230 // on server side. 265 // on server side.
231 DEVICE_MANAGEMENT_TOKEN_INVALID = 3; 266 DEVICE_MANAGEMENT_TOKEN_INVALID = 3;
232 // Returned when device registration is pending approval (if required). 267 // Returned when device registration is pending approval (if required).
233 ACTIVATION_PENDING = 4; 268 ACTIVATION_PENDING = 4;
234 // Returned when the policy is not found. 269 // Returned when the policy is not found.
235 POLICY_NOT_FOUND = 5; 270 POLICY_NOT_FOUND = 5;
236 } 271 }
237 272
238 // Error code for this request. 273 // Error code for this request.
239 required ErrorCode error = 1; 274 required ErrorCode error = 1;
240 275
241 // Error message. 276 // Error message.
242 optional string error_message = 2; 277 optional string error_message = 2;
243 278
244 // Register response 279 // Register response (old protocol).
245 optional DeviceRegisterResponse register_response = 3; 280 optional DeviceRegisterResponse register_response = 3;
246 281
247 // Unregister response 282 // Unregister response
248 optional DeviceUnregisterResponse unregister_response = 4; 283 optional DeviceUnregisterResponse unregister_response = 4;
249 284
250 // Policy response. 285 // Policy response.
251 optional DevicePolicyResponse policy_response = 5; 286 optional DevicePolicyResponse policy_response = 5;
252 287
253 // Policy response (new protocol). 288 // Policy response (new protocol).
254 optional CloudPolicyResponse cloud_policy_response = 6; 289 optional CloudPolicyResponse cloud_policy_response = 6;
255 290
256 // Response to managed check request. 291 // Response to initial (before registration) policy request.
257 optional ManagedCheckResponse managed_check_response = 7; 292 optional InitialPolicyResponse initial_policy_response = 7;
293
294 // Register response (new protocol).
295 optional CloudRegisterResponse cloud_register_response = 8;
258 } 296 }
OLDNEW
« no previous file with comments | « chrome/browser/policy/proto/cloud_policy.proto ('k') | chrome/browser/policy/proto/device_management_local.proto » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698