• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1// Copyright 2017 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5syntax = "proto2";
6
7option optimize_for = LITE_RUNTIME;
8
9package authpolicy;
10
11// D-Bus call error codes. These values are written to logs. New enum values can
12// be added, but existing enums must never be renumbered or deleted and reused.
13enum ErrorType {
14  // Everything is A-OK!
15  ERROR_NONE = 0;
16  // Unspecified error.
17  ERROR_UNKNOWN = 1;
18  // Unspecified D-Bus error.
19  ERROR_DBUS_FAILURE = 2;
20  // Badly formatted user principal name.
21  ERROR_PARSE_UPN_FAILED = 3;
22  // Auth failed because of bad user name.
23  ERROR_BAD_USER_NAME = 4;
24  // Auth failed because of bad password.
25  ERROR_BAD_PASSWORD = 5;
26  // Auth failed because of expired password.
27  ERROR_PASSWORD_EXPIRED = 6;
28  // Auth failed because of bad realm or network.
29  ERROR_CANNOT_RESOLVE_KDC = 7;
30  // kinit exited with unspecified error.
31  ERROR_KINIT_FAILED = 8;
32  // net exited with unspecified error.
33  ERROR_NET_FAILED = 9;
34  // smdclient exited with unspecified error.
35  ERROR_SMBCLIENT_FAILED = 10;
36  // authpolicy_parser exited with unknown error.
37  ERROR_PARSE_FAILED = 11;
38  // Parsing GPOs failed.
39  ERROR_PARSE_PREG_FAILED = 12;
40  // GPO data is bad.
41  ERROR_BAD_GPOS = 13;
42  // Some local IO operation failed.
43  ERROR_LOCAL_IO = 14;
44  // Machine is not joined to AD domain yet.
45  ERROR_NOT_JOINED = 15;
46  // User is not logged in yet.
47  ERROR_NOT_LOGGED_IN = 16;
48  // Failed to send policy to Session Manager.
49  ERROR_STORE_POLICY_FAILED = 17;
50  // User doesn't have the right to join machines to the domain.
51  ERROR_JOIN_ACCESS_DENIED = 18;
52  // General network problem.
53  ERROR_NETWORK_PROBLEM = 19;
54  // Machine name contains restricted characters.
55  ERROR_INVALID_MACHINE_NAME = 20;
56  // Machine name too long.
57  ERROR_MACHINE_NAME_TOO_LONG = 21;
58  // User joined maximum number of machines to the domain.
59  ERROR_USER_HIT_JOIN_QUOTA = 22;
60  // Kinit or smbclient failed to contact Key Distribution Center.
61  ERROR_CONTACTING_KDC_FAILED = 23;
62  // Kerberos credentials cache not found.
63  ERROR_NO_CREDENTIALS_CACHE_FOUND = 24;
64  // Kerberos ticket expired while renewing credentials.
65  ERROR_KERBEROS_TICKET_EXPIRED = 25;
66  // Klist exited with unspecified error.
67  ERROR_KLIST_FAILED = 26;
68  // Kinit failed because of bad machine name.
69  ERROR_BAD_MACHINE_NAME = 27;
70  // Should be the last.
71  ERROR_COUNT = 28;
72}
73
74// Message sent to Chromium by authpolicy service as a response of a successful
75// AuthenticateUser call. Contains information about authenticated user fetched
76// from Active Directory server with "net ads search ...".
77message ActiveDirectoryAccountInfo {
78  // Unique id of the user account. Taken from the objectGUID property of the
79  // Active Directory user account information.
80  optional string account_id = 1;
81  // Display name of the user. Taken from the displayName property of the Active
82  // account information.
83  optional string display_name = 2;
84  // Given name of the user. AKA first name. Taken from the givenName property
85  // of the Active Directory user account information.
86  optional string given_name = 3;
87  // Logon name of the user (without @realm). Taken from the sAMAccountName
88  // property of the Active Directory user account information.
89  optional string sam_account_name = 4;
90  // Timestamp when the password was last set, see
91  // https://msdn.microsoft.com/en-us/library/ms679430(v=vs.85).aspx. Taken from
92  // the pwdLastSet property of the Active Directory user account information.
93  // Used in authpolicyd only, unused in Chrome.
94  optional uint64 pwd_last_set = 5;
95  // User account control flags, see
96  // https://msdn.microsoft.com/en-us/library/ms680832(v=vs.85).aspx. Taken from
97  // the userAccountControl property of the Active Directory user account
98  // information. Used in authpolicyd only, unused in Chrome.
99  optional uint32 user_account_control = 6;
100  // Common name of the user, e.g. "John Doe [jdoe]". Taken from the commonName
101  // property of the Active Directory user account information.
102  optional string common_name = 7;
103  // Next ID to use: 8
104}
105
106// Message sent to Chromium by authpolicy service as a response to a successful
107// GetUserStatus call.
108message ActiveDirectoryUserStatus {
109  // Ticket-granting-ticket status.
110  enum TgtStatus {
111    TGT_VALID = 0;      // Ticket is still valid.
112    TGT_EXPIRED = 1;    // Ticket expired.
113    TGT_NOT_FOUND = 2;  // Kerberos credentials cache not found.
114    // Next ID to use: 3
115  }
116
117  // Whether the password has to be changed or sync'ed with cryptohome.
118  enum PasswordStatus {
119    PASSWORD_VALID = 0;    // Valid as far as we can tell.
120    PASSWORD_EXPIRED = 1;  // User has to enter a new password on next logon.
121    PASSWORD_CHANGED = 2;  // Changed on server, possibly from other client.
122    // Next ID to use: 3
123  }
124
125  // User's account information, see above.
126  optional ActiveDirectoryAccountInfo account_info = 1;
127  // Status of the user's ticket-granting-ticket (TGT).
128  optional TgtStatus tgt_status = 2;
129  // Status of the user's password.
130  optional PasswordStatus password_status = 3;
131  // Last error returned from AuthenticateUser D-Bus call.
132  optional ErrorType last_auth_error = 4;
133  // Next ID to use: 5
134}
135