device_management_backend.proto revision 72a454cd3513ac24fbdd0e0cb9ad70b86a99b801
1// Copyright (c) 2011 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5syntax = "proto2"; 6 7import "cloud_policy.proto"; 8 9option optimize_for = LITE_RUNTIME; 10 11package enterprise_management; 12 13// Protocol buffers for the obsolete protocol: 14// ------------------------------------------- 15// GenericValue, GenericNamedValue, GenericSetting, DevicePolicySetting, 16// DevicePolicySettingRequest, DevicePolicyRequest, DevicePolicyResponse 17// TODO(gfeher): Remove these when both Chrome and DMServer is switched to 18// using the new protocol. 19 20// Generic value container. 21message GenericValue { 22 enum ValueType { 23 VALUE_TYPE_BOOL = 1; 24 VALUE_TYPE_INT64 = 2; 25 VALUE_TYPE_STRING = 3; 26 VALUE_TYPE_DOUBLE = 4; 27 VALUE_TYPE_BYTES = 5; 28 VALUE_TYPE_BOOL_ARRAY = 6; 29 VALUE_TYPE_INT64_ARRAY = 7; 30 VALUE_TYPE_STRING_ARRAY = 8; 31 VALUE_TYPE_DOUBLE_ARRAY = 9; 32 } 33 34 optional ValueType value_type = 1 [default = VALUE_TYPE_STRING]; 35 36 // basic value types 37 optional bool bool_value = 2; 38 optional int64 int64_value = 3; 39 optional string string_value = 4; 40 optional double double_value = 5; 41 optional bytes bytes_value = 6; 42 repeated bool bool_array = 7; 43 repeated int64 int64_array = 8; 44 repeated string string_array = 9; 45 repeated double double_array = 10; 46} 47 48// Generic name value pair container. 49message GenericNamedValue { 50 required string name = 1; 51 optional GenericValue value = 2; 52} 53 54// A setting is a set of generic name value pairs. 55message GenericSetting { 56 repeated GenericNamedValue named_value = 1; 57} 58 59// Identify a single device policy setting key/value pair. 60message DevicePolicySetting { 61 // key of the policy setting 62 required string policy_key = 1; 63 // value of the setting 64 optional GenericSetting policy_value = 2; 65 // watermark for setting value. 66 optional string watermark = 3; 67} 68 69// Request for a setting or with optional watermark on client side. 70message DevicePolicySettingRequest { 71 // setting key 72 required string key = 1; 73 // watermark last read from server if available. 74 optional string watermark = 2; 75} 76 77// Request from device to server to read device policies. 78message DevicePolicyRequest { 79 // identify request scope: CrOS settings or other type of settings. 80 optional string policy_scope = 1; 81 // identify key to the settings: proxy etc. 82 repeated DevicePolicySettingRequest setting_request = 2; 83} 84 85// Response from server to agent for reading policies. 86message DevicePolicyResponse { 87 // the result of the settings. 88 repeated DevicePolicySetting setting = 1; 89} 90 91// Protocol buffers for the new protocol: 92// -------------------------------------- 93 94// Request from device to server to query if the authenticated user is in a 95// managed domain. 96message ManagedCheckRequest { 97} 98 99// Response from server to device indicating if the authenticated user is in a 100// managed domain. 101message ManagedCheckResponse { 102 enum Mode { 103 // The device must be enrolled for policies. 104 MANAGED = 1; 105 // The device is not automatically enrolled for policies, but the user 106 // may choose to try to enroll it. 107 UNMANAGED = 2; 108 } 109 110 optional Mode mode = 1; 111} 112 113// Request from device to server to register device. 114message DeviceRegisterRequest { 115 // reregister device without erasing server state. 116 // it can be used to refresh dmtoken etc. 117 optional bool reregister = 1; 118} 119 120// Response from server to device register request. 121message DeviceRegisterResponse { 122 // device mangement toke for this registration. 123 required string device_management_token = 1; 124 125 // The name of the device, assigned by the server. 126 optional string device_name = 2; 127} 128 129// Request from device to server to unregister device. 130message DeviceUnregisterRequest { 131} 132 133// Response from server to device unregister request. 134message DeviceUnregisterResponse { 135} 136 137message CloudPolicyRequest { 138 // Identify request scope: chromeos/device for device policies, chromeos/user 139 // for user policies. 140 optional string policy_scope = 1; 141 // The device token of the owner of the device sending the request. In cases 142 // the request was sent by the device owner or device policies were 143 // requested, this is the same as the token used for authentication. 144 // Otherwise (if the user policy is requested for someone else than the device 145 // owner) this token is different from the token used for authentication. 146 optional string device_token = 2; 147} 148 149// Response from server to device for reading policies. 150message CloudPolicyResponse { 151 // Serialized SignedCloudPolicyResponse. 152 optional bytes signed_response = 1; 153 // RSA signature of the SHA1 hash of the above data. 154 optional bytes signature = 2; 155 // The chain of DER-encoded X.509 certificates of the server's signing key. 156 // The first element should be the certificate whose private key was used 157 // for signing the response, and each of the following certificates signs the 158 // previous one. 159 repeated bytes certificate_chain = 3; 160} 161message SignedCloudPolicyResponse { 162 // The following two are necessary against replay attacks. 163 // |timestamp| is a unix timestamp (seconds since 1970). 164 optional int64 timestamp = 1; 165 // The token that was used for the request. 166 optional string request_token = 2; 167 // The name of the device, assigned by the server. 168 optional string device_name = 3; 169 // CloudPolicySettings is defined in cloud_policy.proto (which is 170 // auto-generated from chrome/app/policy_templates.json). 171 optional CloudPolicySettings settings = 4; 172} 173 174// Request from the DMAgent on the device to the DMServer. 175// This is container for all requests from client. 176// 177// Http Query parameters: 178// Query parameters contain the following information in each request: 179// request: register/unregister/policy/cloud_policy/managed_check etc. 180// devicetype: CrOS/Android/Iphone etc. 181// apptype: CrOS/AndroidDM etc. 182// deviceid: unique id that identify the device. 183// agent: identify agent on device. 184// 185// Authorization: 186// 1. If request is managed_check, client must pass in GoogleLogin auth 187// cookie in Authorization header: 188// Authorization: GoogleLogin auth=<auth cookie> 189// This is the only case when the deviceid query parameter is set to empty. 190// The response will contain a flag indicating if the user is in a managed 191// domain or not. (We don't want to expose device ids of users not in 192// managed domains.) 193// 2. If request is register_request, client must pass in GoogleLogin auth 194// cookie in Authorization header: 195// Authorization: GoogleLogin auth=<auth cookie> 196// The response will contain an unique DMToken for future requests. 197// Depending on domain policy, the request may need admin approval before 198// DMToken is issued. 199// 3. For other requests, client must pass in DMToken in Authorization header: 200// Authorization: GoogleDMToken token=<google dm token> 201// 202message DeviceManagementRequest { 203 // Register request. 204 optional DeviceRegisterRequest register_request = 1; 205 206 // Unregister request. 207 optional DeviceUnregisterRequest unregister_request = 2; 208 209 // Data request. 210 optional DevicePolicyRequest policy_request = 3; 211 212 // Data request (new protocol). 213 optional CloudPolicyRequest cloud_policy_request = 4; 214 215 // Request to check if a user is managed or not. 216 optional ManagedCheckRequest managed_check_request = 5; 217} 218 219// Response from server to device. 220message DeviceManagementResponse { 221 // Error code to client. 222 enum ErrorCode { 223 SUCCESS = 0; 224 // Returned for register request when device management is not supported 225 // for the domain. 226 DEVICE_MANAGEMENT_NOT_SUPPORTED = 1; 227 // Returned when the device is not found. 228 DEVICE_NOT_FOUND = 2; 229 // Returned when passed in device management token doesn't match the token 230 // on server side. 231 DEVICE_MANAGEMENT_TOKEN_INVALID = 3; 232 // Returned when device registration is pending approval (if required). 233 ACTIVATION_PENDING = 4; 234 // Returned when the policy is not found. 235 POLICY_NOT_FOUND = 5; 236 } 237 238 // Error code for this request. 239 required ErrorCode error = 1; 240 241 // Error message. 242 optional string error_message = 2; 243 244 // Register response 245 optional DeviceRegisterResponse register_response = 3; 246 247 // Unregister response 248 optional DeviceUnregisterResponse unregister_response = 4; 249 250 // Policy response. 251 optional DevicePolicyResponse policy_response = 5; 252 253 // Policy response (new protocol). 254 optional CloudPolicyResponse cloud_policy_response = 6; 255 256 // Response to managed check request. 257 optional ManagedCheckResponse managed_check_response = 7; 258}