blob: a07278b11ae0f0bbcfcebc1e4c3d44a2ec756406 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
// Copyright 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
syntax = "proto2";
option optimize_for = LITE_RUNTIME;
package authpolicy;
// D-Bus call error codes. These values are written to logs. New enum values can
// be added, but existing enums must never be renumbered or deleted and reused.
enum ErrorType {
// Everything is A-OK!
ERROR_NONE = 0;
// Unspecified error.
ERROR_UNKNOWN = 1;
// Unspecified D-Bus error.
ERROR_DBUS_FAILURE = 2;
// Badly formatted user principal name.
ERROR_PARSE_UPN_FAILED = 3;
// Auth failed because of bad user name.
ERROR_BAD_USER_NAME = 4;
// Auth failed because of bad password.
ERROR_BAD_PASSWORD = 5;
// Auth failed because of expired password.
ERROR_PASSWORD_EXPIRED = 6;
// Auth failed because of bad realm or network.
ERROR_CANNOT_RESOLVE_KDC = 7;
// kinit exited with unspecified error.
ERROR_KINIT_FAILED = 8;
// net exited with unspecified error.
ERROR_NET_FAILED = 9;
// smdclient exited with unspecified error.
ERROR_SMBCLIENT_FAILED = 10;
// authpolicy_parser exited with unknown error.
ERROR_PARSE_FAILED = 11;
// Parsing GPOs failed.
ERROR_PARSE_PREG_FAILED = 12;
// GPO data is bad.
ERROR_BAD_GPOS = 13;
// Some local IO operation failed.
ERROR_LOCAL_IO = 14;
// Machine is not joined to AD domain yet.
ERROR_NOT_JOINED = 15;
// User is not logged in yet.
ERROR_NOT_LOGGED_IN = 16;
// Failed to send policy to Session Manager.
ERROR_STORE_POLICY_FAILED = 17;
// User doesn't have the right to join machines to the domain.
ERROR_JOIN_ACCESS_DENIED = 18;
// General network problem.
ERROR_NETWORK_PROBLEM = 19;
// Machine name contains restricted characters.
ERROR_INVALID_MACHINE_NAME = 20;
// Machine name too long.
ERROR_MACHINE_NAME_TOO_LONG = 21;
// User joined maximum number of machines to the domain.
ERROR_USER_HIT_JOIN_QUOTA = 22;
// Kinit or smbclient failed to contact Key Distribution Center.
ERROR_CONTACTING_KDC_FAILED = 23;
// Kerberos credentials cache not found.
ERROR_NO_CREDENTIALS_CACHE_FOUND = 24;
// Kerberos ticket expired while renewing credentials.
ERROR_KERBEROS_TICKET_EXPIRED = 25;
// Klist exited with unspecified error.
ERROR_KLIST_FAILED = 26;
// Kinit failed because of bad machine name.
ERROR_BAD_MACHINE_NAME = 27;
// Should be the last.
ERROR_COUNT = 28;
}
// Message sent to Chromium by authpolicy service as a response of a successful
// AuthenticateUser call. Contains information about authenticated user fetched
// from Active Directory server with "net ads search ...".
message ActiveDirectoryAccountInfo {
// Unique id of the user account. Taken from the objectGUID property of the
// Active Directory user account information.
optional string account_id = 1;
// Display name of the user. Taken from the displayName property of the Active
// account information.
optional string display_name = 2;
// Given name of the user. AKA first name. Taken from the givenName property
// of the Active Directory user account information.
optional string given_name = 3;
// Logon name of the user (without @realm). Taken from the sAMAccountName
// property of the Active Directory user account information.
optional string sam_account_name = 4;
// Timestamp when the password was last set, see
// https://msdn.microsoft.com/en-us/library/ms679430(v=vs.85).aspx. Taken from
// the pwdLastSet property of the Active Directory user account information.
// Used in authpolicyd only, unused in Chrome.
optional uint64 pwd_last_set = 5;
// User account control flags, see
// https://msdn.microsoft.com/en-us/library/ms680832(v=vs.85).aspx. Taken from
// the userAccountControl property of the Active Directory user account
// information. Used in authpolicyd only, unused in Chrome.
optional uint32 user_account_control = 6;
// Next ID to use: 7
}
// Message sent to Chromium by authpolicy service as a response to a successful
// GetUserStatus call.
message ActiveDirectoryUserStatus {
// Ticket-granting-ticket status.
enum TgtStatus {
TGT_VALID = 0; // Ticket is still valid.
TGT_EXPIRED = 1; // Ticket expired.
TGT_NOT_FOUND = 2; // Kerberos credentials cache not found.
// Next ID to use: 3
}
// Whether the password has to be changed or sync'ed with cryptohome.
enum PasswordStatus {
PASSWORD_VALID = 0; // Valid as far as we can tell.
PASSWORD_EXPIRED = 1; // User has to enter a new password on next logon.
PASSWORD_CHANGED = 2; // Changed on server, possibly from other client.
// Next ID to use: 3
}
// User's account information, see above.
optional ActiveDirectoryAccountInfo account_info = 1;
// Status of the user's ticket-granting-ticket (TGT).
optional TgtStatus tgt_status = 2;
// Status of the user's password.
optional PasswordStatus password_status = 3;
// Last error returned from AuthenticateUser D-Bus call.
optional ErrorType last_auth_error = 4;
// Next ID to use: 5
}
|
