| syntax = "proto2"; |
| |
| option optimize_for = LITE_RUNTIME; |
| |
| package authpolicy.protos; |
| |
| // Active directory information entered during domain join. |
| message ActiveDirectoryConfig { |
| optional string machine_name = 1; |
| optional string realm = 3; |
| } |
| |
| // Information about a GPO parsed from net ads gpo list. |name| is the 16-byte |
| // guid (e.g. {12345678-90AB-...}). |basepath| and |directory| are created from |
| // the first and the last part of the GPO's 'filesyspath' value in the net |
| // output, e.g. if filesyspath is |
| // \\example.com\SysVol\example.com\Policies\{12345678-90AB-CDEF-1234-567890ABCDEF}, |
| // then |basepath| is 'example.com/SysVol' and |directory| is |
| // example.com\Policies\{12345678-90AB-CDEF-1234-567890ABCDEF}. |
| message GpoEntry { |
| optional string name = 1; |
| optional string basepath = 2; |
| optional string directory = 3; |
| } |
| |
| // List of GPOs on server. Agnostic of policy scope (user/machine); GPOs can |
| // contain both user and machine policy. |
| message GpoList { |
| repeated GpoEntry entries = 1; |
| } |
| |
| // Local file paths of downloaded GPO files. |
| message FilePathList { |
| repeated string entries = 1; |
| } |
| |
| // Selected data from net ads info. |dc_name| is the name of the domain |
| // controller and |kdc_ip| is the IPv4 or IPv6 address of the key distribution |
| // center. |
| message RealmInfo { |
| optional string dc_name = 1; |
| optional string kdc_ip = 2; |
| } |
| |
| // Validity and renewal lifetimes of a Kerberos ticket-granting-ticket. |
| message TgtLifetime { |
| // Number of seconds the TGT is still valid and can be used to query service |
| // tickets. |
| optional int64 validity_seconds = 1; |
| |
| // Number of seconds until the TGT cannot be renewed again. Zero in case the |
| // TGT cannot be renewed. Otherwise, not smaller than |validity_seconds|. |
| // Note that this is just an upper bound on total validity time. Renewal must |
| // still happen within the validity lifetime. |
| optional int64 renewal_seconds = 2; |
| } |
| |
| // Debug flags. |
| message DebugFlags { |
| // Disable seccomp filters. |
| optional bool disable_seccomp = 1; |
| // Log seccomp filter failures. |
| optional bool log_seccomp = 2; |
| // Enable kinit trace logs. Only shown if log_command_output is set as well. |
| optional bool trace_kinit = 3; |
| // Log policy values read from GPO. |
| optional bool log_policy_values = 4; |
| // Log command line and exit code in ProcessExecutor. |
| optional bool log_commands = 5; |
| // Log stdout and stderr in ProcessExecutor no matter whether the command |
| // succeeded or not. |
| optional bool log_command_output = 6; |
| // Log stdout and stderr in ProcessExecutor if the command failed. |
| optional bool log_command_output_on_error = 7; |
| // Log list of filtered, broken and valid GPOs. |
| optional bool log_gpo = 8; |
| // Log level for Samba net commands. Only shown if log_command_output is set |
| // as well. |
| optional string net_log_level = 10 [default = "0"]; |
| } |
| |
| // Container for policy for extensions. |
| message ExtensionPolicy { |
| // Extension ID, e.g. gihmafigllmhbppdfjnfecimiohcljba. |
| optional string id = 1; |
| |
| // Extension policy json data. |
| optional string json_data = 2; |
| } |
| |
| // Policy loaded and parsed from GPO. |
| message GpoPolicyData { |
| // User or device policy, depending on which GPOs were loaded. User and device |
| // GPOs are serialized CloudPolicySettings and ChromeDeviceSettingsProto |
| // protos, respectively. |
| optional string user_or_device_policy = 1; |
| |
| // Extension policy can be both in user and device GPOs. |
| repeated ExtensionPolicy extension_policies = 2; |
| } |
