OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 syntax = "proto2"; | 5 syntax = "proto2"; |
6 | 6 |
7 option optimize_for = LITE_RUNTIME; | 7 option optimize_for = LITE_RUNTIME; |
8 | 8 |
9 package enterprise_management; | 9 package enterprise_management; |
10 | 10 |
(...skipping 23 matching lines...) Expand all Loading... |
34 optional string machine_id = 3; | 34 optional string machine_id = 3; |
35 | 35 |
36 // Machine model name, such as "ZGA", "Cr-48", "Nexus One". If the | 36 // Machine model name, such as "ZGA", "Cr-48", "Nexus One". If the |
37 // model name is not available, client SHOULD send generic name like | 37 // model name is not available, client SHOULD send generic name like |
38 // "Android", or "Chrome OS". | 38 // "Android", or "Chrome OS". |
39 optional string machine_model = 4; | 39 optional string machine_model = 4; |
40 } | 40 } |
41 | 41 |
42 // Response from server to device register request. | 42 // Response from server to device register request. |
43 message DeviceRegisterResponse { | 43 message DeviceRegisterResponse { |
44 // Device mangement token for this registration. This token MUST be | 44 // Device management token for this registration. This token MUST be |
45 // part of HTTP Authorization header for all future requests from | 45 // part of HTTP Authorization header for all future requests from |
46 // device to server. | 46 // device to server. |
47 required string device_management_token = 1; | 47 required string device_management_token = 1; |
48 | 48 |
49 // Device display name. By default, server generates the name in | 49 // Device display name. By default, server generates the name in |
50 // the format of "Machine Model - Machine Id". However, domain | 50 // the format of "Machine Model - Machine Id". However, domain |
51 // admin can update it using CPanel, so do NOT treat it as constant. | 51 // admin can update it using CPanel, so do NOT treat it as constant. |
52 optional string machine_name = 2; | 52 optional string machine_name = 2; |
53 } | 53 } |
54 | 54 |
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
120 optional int64 timestamp = 2; | 120 optional int64 timestamp = 2; |
121 | 121 |
122 // The DM token that was used by the client in the HTTP POST header | 122 // The DM token that was used by the client in the HTTP POST header |
123 // for authenticating the request. It is included here again so that | 123 // for authenticating the request. It is included here again so that |
124 // the client can verify that the response is meant for him (and not | 124 // the client can verify that the response is meant for him (and not |
125 // issued by a replay or man-in-the-middle attack). | 125 // issued by a replay or man-in-the-middle attack). |
126 optional string request_token = 3; | 126 optional string request_token = 3; |
127 | 127 |
128 // The serialized value of the actual policy protobuf. This can be | 128 // The serialized value of the actual policy protobuf. This can be |
129 // deserialized to an instance of, for example, ChromeSettingsProto | 129 // deserialized to an instance of, for example, ChromeSettingsProto |
130 // or ChromeUserSettingsProto. | 130 // or ChromeDeviceSettingsProto. |
131 optional bytes policy_value = 4; | 131 optional bytes policy_value = 4; |
132 | 132 |
133 // The device display name assigned by the server. It is only | 133 // The device display name assigned by the server. It is only |
134 // filled if the display name is available. | 134 // filled if the display name is available. |
135 // | 135 // |
136 // The display name of the machine as generated by the server or set | 136 // The display name of the machine as generated by the server or set |
137 // by the Administrator in the CPanel GUI. This is the same thing as | 137 // by the Administrator in the CPanel GUI. This is the same thing as |
138 // |machine_name| in DeviceRegisterResponse but it might have | 138 // |machine_name| in DeviceRegisterResponse but it might have |
139 // changed since then. | 139 // changed since then. |
140 optional string machine_name = 5; | 140 optional string machine_name = 5; |
(...skipping 142 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
283 // device should re-send status report data in the next policy request. The | 283 // device should re-send status report data in the next policy request. The |
284 // device should re-send report data if policy request fails, even if | 284 // device should re-send report data if policy request fails, even if |
285 // SessionStatusReportResponse contains no error code. | 285 // SessionStatusReportResponse contains no error code. |
286 message SessionStatusReportResponse { | 286 message SessionStatusReportResponse { |
287 optional int32 error_code = 1; | 287 optional int32 error_code = 1; |
288 | 288 |
289 // Human readable error message for customer support purpose. | 289 // Human readable error message for customer support purpose. |
290 optional string error_message = 2; | 290 optional string error_message = 2; |
291 } | 291 } |
292 | 292 |
| 293 // Request from device to server to determine whether the device should |
| 294 // go through enterprise enrollment. Unlike the other requests, this request is |
| 295 // not authenticated. |
| 296 message DeviceAutoEnrollmentRequest { |
| 297 // SHA-256 hash of the device's serial number, mod |modulus|. |
| 298 // Should always be present. |
| 299 optional int64 remainder = 1; |
| 300 |
| 301 // Modulus of the hash used by the client. Should always be present. |
| 302 optional int64 modulus = 2; |
| 303 } |
| 304 |
| 305 // Response from server to auto-enrollment detection request. |
| 306 message DeviceAutoEnrollmentResponse { |
| 307 // If this field is present, the other fields are ignored and the client |
| 308 // should send a new DeviceAutoEnrollmentRequest with a new |remainder| |
| 309 // computed using this new |modulus|. If this field is empty, the client's |
| 310 // request was accepted. |
| 311 optional int64 modulus = 1; |
| 312 |
| 313 // List of hashes in the client's hash bucket. If the client's hash matches |
| 314 // any in this list, the client device should do enterprise enrollment. |
| 315 // If it matches none, enrollment should be optional. |
| 316 // Each entry has exactly 256 bits (32 bytes). |
| 317 repeated bytes hashes = 2; |
| 318 } |
| 319 |
293 // Request from the DMAgent on the device to the DMServer. This is | 320 // Request from the DMAgent on the device to the DMServer. This is |
294 // container for all requests from device to server. The overall HTTP | 321 // container for all requests from device to server. The overall HTTP |
295 // request MUST be in the following format: | 322 // request MUST be in the following format: |
296 // | 323 // |
297 // * HTTP method is POST | 324 // * HTTP method is POST |
298 // * Data mime type is application/x-protobuffer | 325 // * Data mime type is application/x-protobuffer |
299 // * HTTP parameters are (all required, all case sensitive): | 326 // * HTTP parameters are (all required, all case sensitive): |
300 // * request: MUST BE one of register/unregister/policy/ping/status | 327 // * request: MUST BE one of |
| 328 // * register |
| 329 // * unregister |
| 330 // * policy |
| 331 // * ping |
| 332 // * status |
| 333 // * enterprise_check |
| 334 // |
301 // * devicetype: MUST BE "1" for Android or "2" for Chrome OS. | 335 // * devicetype: MUST BE "1" for Android or "2" for Chrome OS. |
302 // * apptype: MUST BE Android or Chrome. | 336 // * apptype: MUST BE Android or Chrome. |
303 // * deviceid: MUST BE no more than 64-char in [\x21-\x7E]. | 337 // * deviceid: MUST BE no more than 64-char in [\x21-\x7E]. |
304 // * agent: MUST BE no more than 64-char long. | 338 // * agent: MUST BE no more than 64-char long. |
305 // * HTTP Authorization header MUST be in the following formats: | 339 // * HTTP Authorization header MUST be in the following formats: |
306 // * For register and ping requests | 340 // * For register and ping requests, using Gaia authentication: |
307 // Authorization: GoogleLogin auth=<auth cookie for Mobile Sync> | 341 // Authorization: GoogleLogin auth=<auth cookie for Mobile Sync> |
308 // | 342 // |
309 // * For unregister, policy and status requests | 343 // * For unregister, policy and status requests: |
310 // Authorization: GoogleDMToken token=<dm token from register> | 344 // Authorization: GoogleDMToken token=<dm token from register> |
311 // | 345 // |
312 // * OAuth is NOT supported yet. | 346 // * The Authorization header isn't used for enterprise_check requests, nor |
| 347 // for register requests using OAuth. In the latter case, the OAuth token is |
| 348 // passed in the "oauth" parameter. |
313 // | 349 // |
314 // DeviceManagementRequest should only contain one request which matches the | 350 // DeviceManagementRequest should only contain one request which matches the |
315 // HTTP query parameter - request, as listed below. Other requests within the | 351 // HTTP query parameter - request, as listed below. Other requests within the |
316 // container will be ignored. | 352 // container will be ignored. |
317 // ping: policy_request | 353 // ping: policy_request |
318 // register: register_request | 354 // register: register_request |
319 // unregister: unregister_request | 355 // unregister: unregister_request |
320 // policy: policy_request | 356 // policy: policy_request |
321 // status: status_report_request | 357 // status: status_report_request |
322 // | 358 // |
323 // | 359 // |
324 message DeviceManagementRequest { | 360 message DeviceManagementRequest { |
325 // Register request. | 361 // Register request. |
326 optional DeviceRegisterRequest register_request = 1; | 362 optional DeviceRegisterRequest register_request = 1; |
327 | 363 |
328 // Unregister request. | 364 // Unregister request. |
329 optional DeviceUnregisterRequest unregister_request = 2; | 365 optional DeviceUnregisterRequest unregister_request = 2; |
330 | 366 |
331 // Policy request. | 367 // Policy request. |
332 optional DevicePolicyRequest policy_request = 3; | 368 optional DevicePolicyRequest policy_request = 3; |
333 | 369 |
334 // Update status. | 370 // Update status. |
335 optional DeviceStatusReportRequest device_status_report_request = 4; | 371 optional DeviceStatusReportRequest device_status_report_request = 4; |
336 optional SessionStatusReportRequest session_status_report_request = 5; | 372 optional SessionStatusReportRequest session_status_report_request = 5; |
| 373 |
| 374 // Auto-enrollment detection. |
| 375 optional DeviceAutoEnrollmentRequest auto_enrollment_request = 6; |
337 } | 376 } |
338 | 377 |
339 // Response from server to device. | 378 // Response from server to device. |
340 // | 379 // |
341 // The server uses the following numbers as HTTP status codes | 380 // The server uses the following numbers as HTTP status codes |
342 // to report top-level errors. | 381 // to report top-level errors. |
343 // | 382 // |
344 // 200 OK: valid response is returned to client. | 383 // 200 OK: valid response is returned to client. |
345 // 400 Bad Request: invalid argument. | 384 // 400 Bad Request: invalid argument. |
346 // 401 Unauthorized: invalid auth cookie or DM token. | 385 // 401 Unauthorized: invalid auth cookie or DM token. |
(...skipping 16 matching lines...) Expand all Loading... |
363 optional DeviceUnregisterResponse unregister_response = 4; | 402 optional DeviceUnregisterResponse unregister_response = 4; |
364 | 403 |
365 // Policy response. | 404 // Policy response. |
366 optional DevicePolicyResponse policy_response = 5; | 405 optional DevicePolicyResponse policy_response = 5; |
367 | 406 |
368 // Device status report response. | 407 // Device status report response. |
369 optional DeviceStatusReportResponse device_status_report_response = 6; | 408 optional DeviceStatusReportResponse device_status_report_response = 6; |
370 | 409 |
371 // Session status report response. | 410 // Session status report response. |
372 optional SessionStatusReportResponse session_status_report_response = 7; | 411 optional SessionStatusReportResponse session_status_report_response = 7; |
| 412 |
| 413 // Auto-enrollment detection response. |
| 414 optional DeviceAutoEnrollmentResponse auto_enrollment_response = 8; |
373 } | 415 } |
OLD | NEW |