Updated dmserver protobuf to include autoenrollment messages.

chrome/browser/policy/proto/device_management_backend.proto

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 syntax = "proto2";
 
 option optimize_for = LITE_RUNTIME;
 
 package enterprise_management;
 
@@ skipping 23 matching lines @@
   optional string machine_id = 3;
 
   // Machine model name, such as "ZGA", "Cr-48", "Nexus One".  If the
   // model name is not available, client SHOULD send generic name like
   // "Android", or "Chrome OS".
   optional string machine_model = 4;
 }
 
 // Response from server to device register request.
 message DeviceRegisterResponse {
-  // Device mangement token for this registration.  This token MUST be
+  // Device management token for this registration.  This token MUST be
   // part of HTTP Authorization header for all future requests from
   // device to server.
   required string device_management_token = 1;
 
   // Device display name.  By default, server generates the name in
   // the format of "Machine Model - Machine Id".  However, domain
   // admin can update it using CPanel, so do NOT treat it as constant.
   optional string machine_name = 2;
 }
 
@@ skipping 65 matching lines @@
   optional int64 timestamp = 2;
 
   // The DM token that was used by the client in the HTTP POST header
   // for authenticating the request. It is included here again so that
   // the client can verify that the response is meant for him (and not
   // issued by a replay or man-in-the-middle attack).
   optional string request_token = 3;
 
   // The serialized value of the actual policy protobuf.  This can be
   // deserialized to an instance of, for example, ChromeSettingsProto
-  // or ChromeUserSettingsProto.
+  // or ChromeDeviceSettingsProto.
   optional bytes policy_value = 4;
 
   // The device display name assigned by the server.  It is only
   // filled if the display name is available.
   //
   // The display name of the machine as generated by the server or set
   // by the Administrator in the CPanel GUI. This is the same thing as
   // |machine_name| in DeviceRegisterResponse but it might have
   // changed since then.
   optional string machine_name = 5;
@@ skipping 142 matching lines @@
 // device should re-send status report data in the next policy request.  The
 // device should re-send report data if policy request fails, even if
 // SessionStatusReportResponse contains no error code.
 message SessionStatusReportResponse {
   optional int32 error_code = 1;
 
   // Human readable error message for customer support purpose.
   optional string error_message = 2;
 }
 
+// Request from device to server to determine whether the device should
+// go through enterprise enrollment. Unlike the other requests, this request is
+// not authenticated.
+message DeviceAutoEnrollmentRequest {
+  // SHA-256 hash of the device's serial number, mod |modulus|.
+  // Should always be present.
+  optional int64 remainder = 1;
+
+  // Modulus of the hash used by the client. Should always be present.
+  optional int64 modulus = 2;
+}
+
+// Response from server to auto-enrollment detection request.
+message DeviceAutoEnrollmentResponse {
+  // If this field is present, the other fields are ignored and the client
+  // should send a new DeviceAutoEnrollmentRequest with a new |remainder|
+  // computed using this new |modulus|. If this field is empty, the client's
+  // request was accepted.
+  optional int64 modulus = 1;
+
+  // List of hashes in the client's hash bucket. If the client's hash matches
+  // any in this list, the client device should do enterprise enrollment.
+  // If it matches none, enrollment should be optional.
+  // Each entry has exactly 256 bits (32 bytes).
+  repeated bytes hashes = 2;
+}
+
 // Request from the DMAgent on the device to the DMServer.  This is
 // container for all requests from device to server.  The overall HTTP
 // request MUST be in the following format:
 //
 // * HTTP method is POST
 // * Data mime type is application/x-protobuffer
 // * HTTP parameters are (all required, all case sensitive):
-//   * request: MUST BE one of register/unregister/policy/ping/status
+//   * request: MUST BE one of
+//     * register
+//     * unregister
+//     * policy
+//     * ping
+//     * status
+//     * enterprise_check
+//
 //   * devicetype: MUST BE "1" for Android or "2" for Chrome OS.
 //   * apptype: MUST BE Android or Chrome.
 //   * deviceid: MUST BE no more than 64-char in [\x21-\x7E].
 //   * agent: MUST BE no more than 64-char long.
 // * HTTP Authorization header MUST be in the following formats:
-//   * For register and ping requests
+//   * For register and ping requests, using Gaia authentication:
 //     Authorization: GoogleLogin auth=<auth cookie for Mobile Sync>
 //
-//   * For unregister, policy and status requests
+//   * For unregister, policy and status requests:
 //      Authorization: GoogleDMToken token=<dm token from register>
 //
-//   * OAuth is NOT supported yet.
+//   * The Authorization header isn't used for enterprise_check requests, nor
+//     for register requests using OAuth. In the latter case, the OAuth token is
+//     passed in the "oauth" parameter.
 //
 // DeviceManagementRequest should only contain one request which matches the
 // HTTP query parameter - request, as listed below. Other requests within the
 // container will be ignored.
 //   ping: policy_request
 //   register: register_request
 //   unregister: unregister_request
 //   policy: policy_request
 //   status: status_report_request
 //
 //
 message DeviceManagementRequest {
   // Register request.
   optional DeviceRegisterRequest register_request = 1;
 
   // Unregister request.
   optional DeviceUnregisterRequest unregister_request = 2;
 
   // Policy request.
   optional DevicePolicyRequest policy_request = 3;
 
   // Update status.
   optional DeviceStatusReportRequest device_status_report_request = 4;
   optional SessionStatusReportRequest session_status_report_request = 5;
+
+  // Auto-enrollment detection.
+  optional DeviceAutoEnrollmentRequest auto_enrollment_request = 6;
 }
 
 // Response from server to device.
 //
 // The server uses the following numbers as HTTP status codes
 // to report top-level errors.
 //
 // 200 OK: valid response is returned to client.
 // 400 Bad Request: invalid argument.
 // 401 Unauthorized: invalid auth cookie or DM token.
@@ skipping 16 matching lines @@
   optional DeviceUnregisterResponse unregister_response = 4;
 
   // Policy response.
   optional DevicePolicyResponse policy_response = 5;
 
   // Device status report response.
   optional DeviceStatusReportResponse device_status_report_response = 6;
 
   // Session status report response.
   optional SessionStatusReportResponse session_status_report_response = 7;
+
+  // Auto-enrollment detection response.
+  optional DeviceAutoEnrollmentResponse auto_enrollment_response = 8;
 }