authpolicy/proto/authpolicy_containers.proto - chromiumos/platform2 - Git at Google

 syntax = "proto2";

 option optimize_for = LITE_RUNTIME;

 package authpolicy.protos;

 // Active directory information entered during domain join.
 message ActiveDirectoryConfig {
   // Computer name from domain join operation.
   optional string machine_name = 1;
   reserved 2;
   // Realm where the computer was joined to.
   optional string realm = 3;
 }

 // Information about a GPO parsed from net ads gpo list. |name| is the 16-byte
 // guid (e.g. {12345678-90AB-...}). |share| and |directory| are created from
 // the first and the last part of the GPO's 'filesyspath' value in the net
 // output, e.g. if filesyspath is
 // \\example.com\SysVol\example.com\Policies\{12345678-90AB-CDEF-1234-567890ABCDEF},
 // then |share| is 'SysVol' and |directory| is
 // example.com\Policies\{12345678-90AB-CDEF-1234-567890ABCDEF}. |version| is the
 // user or machine version of the GPO, depending on the policy scope.
 message GpoEntry {
   optional string name = 1;
   optional string share = 2;
   optional string directory = 3;
   optional uint32 version = 4;
 }

 // List of GPOs on server. Agnostic of policy scope (user/machine); GPOs can
 // contain both user and machine policy.
 message GpoList {
   repeated GpoEntry entries = 1;
 }

 // Local file paths of downloaded GPO files.
 message FilePathList {
   repeated string entries = 1;
 }

 // Validity and renewal lifetimes of a Kerberos ticket-granting-ticket.
 message TgtLifetime {
   // Number of seconds the TGT is still valid and can be used to query service
   // tickets.
   optional int64 validity_seconds = 1;

   // Number of seconds until the TGT cannot be renewed again. Zero in case the
   // TGT cannot be renewed. Otherwise, not smaller than |validity_seconds|.
   // Note that this is just an upper bound on total validity time. Renewal must
   // still happen within the validity lifetime.
   optional int64 renewal_seconds = 2;
 }

 // Data returned from net ads info.
 message ServerInfo {
   // Key distribution center IP address.
   optional string kdc_ip = 1;
   // Server time in base::Time's internal time representation.
   optional int64 server_time = 2;
 }

 // Debug flags.
 message DebugFlags {
   // Disable seccomp filters.
   optional bool disable_seccomp = 1;
   // Log seccomp filter failures.
   optional bool log_seccomp = 2;
   // Enable krb5 trace logs. Only shown if log_command_output is set as well.
   optional bool trace_krb5 = 3;
   // Log policy values read from GPO.
   optional bool log_policy_values = 4;
   // Log command line and exit code in ProcessExecutor.
   optional bool log_commands = 5;
   // Log stdout and stderr in ProcessExecutor no matter whether the command
   // succeeded or not.
   optional bool log_command_output = 6;
   // Log stdout and stderr in ProcessExecutor if the command failed.
   optional bool log_command_output_on_error = 7;
   // Log list of filtered, broken and valid GPOs.
   optional bool log_gpo = 8;
   // Log level for Samba net commands. Only shown if log_command_output is set
   // as well.
   optional string net_log_level = 10 [default = "0"];
   // Disable the log anonymizer.
   optional bool disable_anonymizer = 11;
   // Log results of GetUserStatus.
   optional bool log_status = 12;
 }

 // Container for policy for extensions.
 message ExtensionPolicy {
   // Extension ID, e.g. gihmafigllmhbppdfjnfecimiohcljba.
   optional string id = 1;

   // Extension policy json data.
   optional string json_data = 2;
 }

 // Policy loaded and parsed from GPO.
 message GpoPolicyData {
   // User or device policy, depending on which GPOs were loaded. User and device
   // GPOs are serialized CloudPolicySettings and ChromeDeviceSettingsProto
   // protos, respectively.
   optional string user_or_device_policy = 1;

   // Extension policy can be both in user and device GPOs.
   repeated ExtensionPolicy extension_policies = 2;
 }

 // Backup data for Kerberos ticket manager state.
 message TgtState {
   // Realm used to acquire the ticket-granting-ticket.
   optional string realm = 1;
   // Key distribution center (KDC) IP address.
   optional string kdc_ip = 2;
   // User principal (user@REALM).
   optional string principal = 3;
   // Kerberos credential cache.
   optional string krb5cc = 4;
 }

 // Backup data for user authentication state. Stored on the user's Cryptohome.
 message UserBackupData {
   // Kerberos ticket manager state.
   optional TgtState tgt_state = 1;
   // Timestamp of last password change on server.
   optional uint64 pwd_last_set = 2;
   // User sAMAccountName.
   optional string user_name = 3;
   // Is the user affiliated with the machine's domain?
   optional bool is_user_affiliated = 4;
   // Realm part of user login "user@realm".
   optional string user_realm = 5;
 }
	syntax = "proto2";

	option optimize_for = LITE_RUNTIME;

	package authpolicy.protos;

	// Active directory information entered during domain join.
	message ActiveDirectoryConfig {
	// Computer name from domain join operation.
	optional string machine_name = 1;
	reserved 2;
	// Realm where the computer was joined to.
	optional string realm = 3;
	}

	// Information about a GPO parsed from net ads gpo list. \|name\| is the 16-byte
	// guid (e.g. {12345678-90AB-...}). \|share\| and \|directory\| are created from
	// the first and the last part of the GPO's 'filesyspath' value in the net
	// output, e.g. if filesyspath is
	// \\example.com\SysVol\example.com\Policies\{12345678-90AB-CDEF-1234-567890ABCDEF},
	// then \|share\| is 'SysVol' and \|directory\| is
	// example.com\Policies\{12345678-90AB-CDEF-1234-567890ABCDEF}. \|version\| is the
	// user or machine version of the GPO, depending on the policy scope.
	message GpoEntry {
	optional string name = 1;
	optional string share = 2;
	optional string directory = 3;
	optional uint32 version = 4;
	}

	// List of GPOs on server. Agnostic of policy scope (user/machine); GPOs can
	// contain both user and machine policy.
	message GpoList {
	repeated GpoEntry entries = 1;
	}

	// Local file paths of downloaded GPO files.
	message FilePathList {
	repeated string entries = 1;
	}

	// Validity and renewal lifetimes of a Kerberos ticket-granting-ticket.
	message TgtLifetime {
	// Number of seconds the TGT is still valid and can be used to query service
	// tickets.
	optional int64 validity_seconds = 1;

	// Number of seconds until the TGT cannot be renewed again. Zero in case the
	// TGT cannot be renewed. Otherwise, not smaller than \|validity_seconds\|.
	// Note that this is just an upper bound on total validity time. Renewal must
	// still happen within the validity lifetime.
	optional int64 renewal_seconds = 2;
	}

	// Data returned from net ads info.
	message ServerInfo {
	// Key distribution center IP address.
	optional string kdc_ip = 1;
	// Server time in base::Time's internal time representation.
	optional int64 server_time = 2;
	}

	// Debug flags.
	message DebugFlags {
	// Disable seccomp filters.
	optional bool disable_seccomp = 1;
	// Log seccomp filter failures.
	optional bool log_seccomp = 2;
	// Enable krb5 trace logs. Only shown if log_command_output is set as well.
	optional bool trace_krb5 = 3;
	// Log policy values read from GPO.
	optional bool log_policy_values = 4;
	// Log command line and exit code in ProcessExecutor.
	optional bool log_commands = 5;
	// Log stdout and stderr in ProcessExecutor no matter whether the command
	// succeeded or not.
	optional bool log_command_output = 6;
	// Log stdout and stderr in ProcessExecutor if the command failed.
	optional bool log_command_output_on_error = 7;
	// Log list of filtered, broken and valid GPOs.
	optional bool log_gpo = 8;
	// Log level for Samba net commands. Only shown if log_command_output is set
	// as well.
	optional string net_log_level = 10 [default = "0"];
	// Disable the log anonymizer.
	optional bool disable_anonymizer = 11;
	// Log results of GetUserStatus.
	optional bool log_status = 12;
	}

	// Container for policy for extensions.
	message ExtensionPolicy {
	// Extension ID, e.g. gihmafigllmhbppdfjnfecimiohcljba.
	optional string id = 1;

	// Extension policy json data.
	optional string json_data = 2;
	}

	// Policy loaded and parsed from GPO.
	message GpoPolicyData {
	// User or device policy, depending on which GPOs were loaded. User and device
	// GPOs are serialized CloudPolicySettings and ChromeDeviceSettingsProto
	// protos, respectively.
	optional string user_or_device_policy = 1;

	// Extension policy can be both in user and device GPOs.
	repeated ExtensionPolicy extension_policies = 2;
	}

	// Backup data for Kerberos ticket manager state.
	message TgtState {
	// Realm used to acquire the ticket-granting-ticket.
	optional string realm = 1;
	// Key distribution center (KDC) IP address.
	optional string kdc_ip = 2;
	// User principal (user@REALM).
	optional string principal = 3;
	// Kerberos credential cache.
	optional string krb5cc = 4;
	}

	// Backup data for user authentication state. Stored on the user's Cryptohome.
	message UserBackupData {
	// Kerberos ticket manager state.
	optional TgtState tgt_state = 1;
	// Timestamp of last password change on server.
	optional uint64 pwd_last_set = 2;
	// User sAMAccountName.
	optional string user_name = 3;
	// Is the user affiliated with the machine's domain?
	optional bool is_user_affiliated = 4;
	// Realm part of user login "user@realm".
	optional string user_realm = 5;
	}