Updated dmserver protobuf to include autoenrollment messages.

chrome/browser/policy/proto/device_management_backend.proto

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 syntax = "proto2";
 
 option optimize_for = LITE_RUNTIME;
 
 package enterprise_management;
 
@@ skipping 23 matching lines @@
   optional string machine_id = 3;
 
   // Machine model name, such as "ZGA", "Cr-48", "Nexus One".  If the
   // model name is not available, client SHOULD send generic name like
   // "Android", or "Chrome OS".
   optional string machine_model = 4;
 }
 
 // Response from server to device register request.
 message DeviceRegisterResponse {
-  // Device mangement token for this registration.  This token MUST be
+  // Device management token for this registration.  This token MUST be
   // part of HTTP Authorization header for all future requests from
   // device to server.
   required string device_management_token = 1;
 
   // Device display name.  By default, server generates the name in
   // the format of "Machine Model - Machine Id".  However, domain
   // admin can update it using CPanel, so do NOT treat it as constant.
   optional string machine_name = 2;
 }
 
@@ skipping 59 matching lines @@
   optional int64 timestamp = 2;
 
   // The DM token that was used by the client in the HTTP POST header
   // for authenticating the request. It is included here again so that
   // the client can verify that the response is meant for him (and not
   // issued by a replay or man-in-the-middle attack).
   optional string request_token = 3;
 
   // The serialized value of the actual policy protobuf.  This can be
   // deserialized to an instance of, for example, ChromeSettingsProto
-  // or ChromeUserSettingsProto.
+  // or ChromeDeviceSettingsProto.
   optional bytes policy_value = 4;
 
   // The device display name assigned by the server.  It is only
   // filled if the display name is available.
   //
   // The display name of the machine as generated by the server or set
   // by the Administrator in the CPanel GUI. This is the same thing as
   // |machine_name| in DeviceRegisterResponse but it might have
   // changed since then.
   optional string machine_name = 5;
@@ skipping 21 matching lines @@
     UNMANAGED = 1;
   }
   optional AssociationState state = 9 [default = ACTIVE];
 }
 
 message PolicyFetchResponse {
   // Since a single policy request may ask for multiple policies, we
   // provide separate error code for each individual policy fetch.
 
   // We will use standard HTTP Status Code as error code.
-  optional int32  error_code = 1;
+  optional int32 error_code = 1;
 
   // Human readable error message for customer support purpose.
   optional string error_message = 2;
 
   // This is a serialized |PolicyData| protobuf (defined above).
   optional bytes policy_data = 3;
 
   // Signature of the policy data above.
   optional bytes policy_data_signature = 4;
 
@@ skipping 21 matching lines @@
   // request multiple policies for better performance.
   repeated PolicyFetchRequest request = 3;
 }
 
 // Response from server to device for reading policies.
 message DevicePolicyResponse {
   // The policy fetch response.
   repeated PolicyFetchResponse response = 3;
 }
 
+// Request from device to server to determine whether the device is eligible
+// for enterprise enrollment. Unlike the other requests, this request is not
+// authenticated.
+message DeviceAutoEnrollmentRequest {
+  // SHA-256 hash of the device's serial number, mod 2^|modulus|.
+  // Only the lower |modulus| bits are valid, and the size in bytes is
+  // ceil(modulus/8). The first byte has the highest order bits, and the last
+  // byte has the lower bits.
+  required bytes hash = 1;
+
+  // Exponent of the power-of-2 modulus. Indicates the number of valid bits in
+  // |hash|, up to 256.
+  required int32 modulus = 2;
+}
+
+// Response from server to auto-enrollment detection request.
+message DeviceAutoEnrollmentResponse {
+  // If this field is present, all the other fields are empty and the client
+  // should send a new DeviceAutoEnrollmentRequest with a new |hash| computed
+  // using this new |modulus|. If this field is empty, the client's request
+  // was accepted.
+  optional int32 modulus = 1;
+
+  // List of hashes in the client's hash bucket. If the client's hash matches
+  // any in this list, the client device should do enterprise enrollment.
+  // If it matches none, enrollment should be optional.
+  // Each entry has exactly 256 bits (32 bytes).
+  // This field is only valid if the |modulus| field is not set.
+  repeated bytes hashes = 2;
+}
+
 // Request from the DMAgent on the device to the DMServer.  This is
 // container for all requests from device to server.  The overall HTTP
 // request MUST be in the following format:
 //
 // * HTTP method is POST
 // * Data mime type is application/x-protobuffer
 // * HTTP parameters are (all required, all case sensitive):
-//   * request: MUST BE one of register/unregister/policy/ping
+//   * request: MUST BE one of register/unregister/policy/ping/autoenrollment
 //   * devicetype: MUST BE "1" for Android or "2" for Chrome OS.
 //   * apptype: MUST BE Android or Chrome.
 //   * deviceid: MUST BE no more than 64-char in [\x21-\x7E].
 //   * agent: MUST BE no more than 64-char long.
 // * HTTP Authorization header MUST be in the following formats:
 //   * For register and ping requests
 //     Authorization: GoogleLogin auth=<auth cookie for Mobile Sync>
 //
 //   * For unregister and policy requests
 //      Authorization: GoogleDMToken token=<dm token from register>
 //
+//   * For autoenrollment requests the Authorization header isn't used.
+//
 //   * OAuth is NOT supported yet.
 message DeviceManagementRequest {
   // Register request.
   optional DeviceRegisterRequest register_request = 1;
 
   // Unregister request.
   optional DeviceUnregisterRequest unregister_request = 2;
 
   // Policy request.
   optional DevicePolicyRequest policy_request = 3;
+
+  // Update status.
+  //optional DeviceStatusReportRequest device_status_report_request = 4;
+  //optional SessionStatusReportRequest session_status_report_request = 5;

[Joao da Silva, 2011/11/16 14:36:06]

These comments are placeholders for the field IDs that are already assigned but
haven't been merged to this proto yet. They won't be included in the final patch
set.

+
+  // Auto-enrollment detection.
+  optional DeviceAutoEnrollmentRequest device_auto_enrollment_request = 6;
 }
 
 // Response from server to device.
 //
 // The server uses the following numbers as HTTP status codes
 // to report top-level errors.
 //
 // 200 OK: valid response is returned to client.
 // 400 Bad Request: invalid argument.
 // 401 Unauthorized: invalid auth cookie or DM token.
@@ skipping 10 matching lines @@
   optional string error_message = 2;
 
   // Register response
   optional DeviceRegisterResponse register_response = 3;
 
   // Unregister response
   optional DeviceUnregisterResponse unregister_response = 4;
 
   // Policy response.
   optional DevicePolicyResponse policy_response = 5;
+
+  // Device status report response.
+  //optional DeviceStatusReportResponse device_status_report_response = 6;
+
+  // Session status report response.
+  //optional SessionStatusReportResponse session_status_report_response = 7;

[Joao da Silva, 2011/11/16 14:36:06]

These comments are placeholders for the field IDs that are already assigned but
haven't been merged to this proto yet. They won't be included in the final patch
set.

+
+  // Auto-enrollment detection response.
+  optional DeviceAutoEnrollmentResponse device_auto_enrollment_response = 8;
 }