1 // Copyright 2017 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 syntax = "proto2"; 6 7 option optimize_for = LITE_RUNTIME; 8 9 package authpolicy; 10 11 // D-Bus call error codes. These values are written to logs. New enum values can 12 // be added, but existing enums must never be renumbered or deleted and reused. 13 enum ErrorType { 14 // Everything is A-OK! 15 ERROR_NONE = 0; 16 // Unspecified error. 17 ERROR_UNKNOWN = 1; 18 // Unspecified D-Bus error. 19 ERROR_DBUS_FAILURE = 2; 20 // Badly formatted user principal name. 21 ERROR_PARSE_UPN_FAILED = 3; 22 // Auth failed because of bad user name. 23 ERROR_BAD_USER_NAME = 4; 24 // Auth failed because of bad password. 25 ERROR_BAD_PASSWORD = 5; 26 // Auth failed because of expired password. 27 ERROR_PASSWORD_EXPIRED = 6; 28 // Auth failed because of bad realm or network. 29 ERROR_CANNOT_RESOLVE_KDC = 7; 30 // kinit exited with unspecified error. 31 ERROR_KINIT_FAILED = 8; 32 // net exited with unspecified error. 33 ERROR_NET_FAILED = 9; 34 // smdclient exited with unspecified error. 35 ERROR_SMBCLIENT_FAILED = 10; 36 // authpolicy_parser exited with unknown error. 37 ERROR_PARSE_FAILED = 11; 38 // Parsing GPOs failed. 39 ERROR_PARSE_PREG_FAILED = 12; 40 // GPO data is bad. 41 ERROR_BAD_GPOS = 13; 42 // Some local IO operation failed. 43 ERROR_LOCAL_IO = 14; 44 // Machine is not joined to AD domain yet. 45 ERROR_NOT_JOINED = 15; 46 // User is not logged in yet. 47 ERROR_NOT_LOGGED_IN = 16; 48 // Failed to send policy to Session Manager. 49 ERROR_STORE_POLICY_FAILED = 17; 50 // User doesn't have the right to join machines to the domain. 51 ERROR_JOIN_ACCESS_DENIED = 18; 52 // General network problem. 53 ERROR_NETWORK_PROBLEM = 19; 54 // Machine name contains restricted characters. 55 ERROR_INVALID_MACHINE_NAME = 20; 56 // Machine name too long. 57 ERROR_MACHINE_NAME_TOO_LONG = 21; 58 // User joined maximum number of machines to the domain. 59 ERROR_USER_HIT_JOIN_QUOTA = 22; 60 // Kinit or smbclient failed to contact Key Distribution Center. 61 ERROR_CONTACTING_KDC_FAILED = 23; 62 // Kerberos credentials cache not found. 63 ERROR_NO_CREDENTIALS_CACHE_FOUND = 24; 64 // Kerberos ticket expired while renewing credentials. 65 ERROR_KERBEROS_TICKET_EXPIRED = 25; 66 // Klist exited with unspecified error. 67 ERROR_KLIST_FAILED = 26; 68 // Kinit failed because of bad machine name. 69 ERROR_BAD_MACHINE_NAME = 27; 70 // Should be the last. 71 ERROR_COUNT = 28; 72 } 73 74 // Message sent to Chromium by authpolicy service as a response of a successful 75 // AuthenticateUser call. Contains information about authenticated user fetched 76 // from Active Directory server with "net ads search ...". 77 message ActiveDirectoryAccountInfo { 78 // Unique id of the user account. Taken from the objectGUID property of the 79 // Active Directory user account information. 80 optional string account_id = 1; 81 // Display name of the user. Taken from the displayName property of the Active 82 // account information. 83 optional string display_name = 2; 84 // Given name of the user. AKA first name. Taken from the givenName property 85 // of the Active Directory user account information. 86 optional string given_name = 3; 87 // Logon name of the user (without @realm). Taken from the sAMAccountName 88 // property of the Active Directory user account information. 89 optional string sam_account_name = 4; 90 // Timestamp when the password was last set, see 91 // https://msdn.microsoft.com/en-us/library/ms679430(v=vs.85).aspx. Taken from 92 // the pwdLastSet property of the Active Directory user account information. 93 // Used in authpolicyd only, unused in Chrome. 94 optional uint64 pwd_last_set = 5; 95 // User account control flags, see 96 // https://msdn.microsoft.com/en-us/library/ms680832(v=vs.85).aspx. Taken from 97 // the userAccountControl property of the Active Directory user account 98 // information. Used in authpolicyd only, unused in Chrome. 99 optional uint32 user_account_control = 6; 100 // Common name of the user, e.g. "John Doe [jdoe]". Taken from the commonName 101 // property of the Active Directory user account information. 102 optional string common_name = 7; 103 // Next ID to use: 8 104 } 105 106 // Message sent to Chromium by authpolicy service as a response to a successful 107 // GetUserStatus call. 108 message ActiveDirectoryUserStatus { 109 // Ticket-granting-ticket status. 110 enum TgtStatus { 111 TGT_VALID = 0; // Ticket is still valid. 112 TGT_EXPIRED = 1; // Ticket expired. 113 TGT_NOT_FOUND = 2; // Kerberos credentials cache not found. 114 // Next ID to use: 3 115 } 116 117 // Whether the password has to be changed or sync'ed with cryptohome. 118 enum PasswordStatus { 119 PASSWORD_VALID = 0; // Valid as far as we can tell. 120 PASSWORD_EXPIRED = 1; // User has to enter a new password on next logon. 121 PASSWORD_CHANGED = 2; // Changed on server, possibly from other client. 122 // Next ID to use: 3 123 } 124 125 // User's account information, see above. 126 optional ActiveDirectoryAccountInfo account_info = 1; 127 // Status of the user's ticket-granting-ticket (TGT). 128 optional TgtStatus tgt_status = 2; 129 // Status of the user's password. 130 optional PasswordStatus password_status = 3; 131 // Last error returned from AuthenticateUser D-Bus call. 132 optional ErrorType last_auth_error = 4; 133 // Next ID to use: 5 134 } 135
