| // Copyright 2019 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| module smbfs.mojom; |
| |
| import "smbfs/mojom/file_path.mojom"; |
| import "smbfs/mojom/ip_address.mojom"; |
| |
| // This file is shared between Chrome and Chrome OS. |
| // In Chrome, this file is located at: |
| // //chromeos/components/smbfs/mojom/smbfs.mojom |
| // In Chrome OS, this file is located at: |
| // //platform2/smbfs/mojom/smbfs.mojom |
| |
| // Name used to identify the bootstrap message pipe. To be used with |
| // mojo::{Incoming,Outgoing}Invitation. |
| const string kBootstrapPipeName = "smbfs-bootstrap"; |
| |
| // Implemented by SmbFs, used from Chrome. |
| interface SmbFsBootstrap { |
| // Connect to an SMB share. This method must only be called once. |
| MountShare(MountOptions options, SmbFsDelegate delegate) => |
| (MountError error, SmbFs? smbfs); |
| }; |
| |
| // Implemented by SmbFs, used from Chrome. |
| interface SmbFs { |
| // Deletes any credentials stored for this share mount. |
| RemoveSavedCredentials() => (bool success); |
| |
| // Recursively delete |path|, which is the absolute path (within the SMB |
| // share, ie. /dir_a/file_b) of a file or directory. |
| DeleteRecursively(FilePath path) => (DeleteRecursivelyError error); |
| }; |
| |
| // Implemented by Chrome, used from SmbFs. |
| interface SmbFsDelegate { |
| // Request authentication credentials. This request is made when accessing a |
| // share fails with an authentication error. If null is returned, this |
| // indicates the request was dismissed by the user. |
| RequestCredentials() => (Credentials? credentials); |
| }; |
| |
| enum MountError { |
| // Success. |
| kOk = 0, |
| |
| // Generic code for uncategorized errors. |
| kUnknown = 1, |
| |
| // Mount timeout. |
| kTimeout = 2, |
| |
| // Share URL is invalid. |
| kInvalidUrl = 3, |
| |
| // An invalid combination of mount options was specified, or required |
| // options were missing. |
| kInvalidOptions = 4, |
| |
| // Share not found. |
| kNotFound = 5, |
| |
| // Share access denied (i.e. username/password error). |
| kAccessDenied = 6, |
| |
| // Invalid protocol (i.e. SMB1). |
| kInvalidProtocol = 7, |
| }; |
| |
| enum DeleteRecursivelyError { |
| // Success. |
| kOk = 0, |
| |
| // Generic code for uncategorized errors. |
| kUnknown = 1, |
| |
| // The specified path for deletion was not found. |
| kPathNotFound = 2, |
| |
| // A file or directory within the tree could not be deleted. |
| kFailedToDeleteNode = 3, |
| |
| // A directory within the tree could not be listed. |
| kFailedToListDirectory = 4, |
| |
| // A recursive delete is already in progress. |
| kOperationInProgress = 5, |
| }; |
| |
| struct Password { |
| // The Samba client library uses an "fstring" type to obtain the password, |
| // which is limited to 256 bytes (See source3/include/includes.h in the Samba |
| // sources). Subtract one to account for a null terminator. |
| const int32 kMaxLength = 255; |
| |
| // File descriptor of pipe containing password. |
| handle fd; |
| // Length of password stored in |fd|. |
| int32 length; |
| }; |
| |
| struct KerberosConfig { |
| enum Source { |
| // Obtain credentials for Active Directory from authpolicyd. |
| kActiveDirectory = 0, |
| |
| // Obtain credentials from kerberosd. |
| kKerberos = 1, |
| }; |
| // Source of kerberos credentials. |
| Source source; |
| |
| // Kerberos identity. Will be account GUID for Active Directory, and |
| // principal name for non-AD kerberos. |
| string identity; |
| }; |
| |
| struct CredentialStorageOptions { |
| const int32 kMinSaltLength = 16; |
| |
| // Username hash of the mounting profile. |
| string account_hash; |
| |
| // A vector of random bytes to use to obfuscate the password being stored. |
| // Must be at least |kMinSaltLength| bytes in length and generated by a |
| // strong random byte generator. |
| array<uint8> salt; |
| }; |
| |
| struct MountOptions { |
| // Full share path. Must be in the form "smb://hostname/sharename", and must |
| // have the hostname as entered by the user and NOT resolved to an IP address |
| // (unless the user entered an IP address as the hostname). |
| string share_path; |
| |
| // Resolved IP address of the share's hostname. |
| IPAddress? resolved_host; |
| |
| // Authentication parameters. |
| string username; |
| string workgroup; |
| // Password is passed using an fd to avoid having the password in addressable |
| // memory while being transferred over IPC. This also allows the password to |
| // be stored using libpasswordprovider on the Chrome OS side. |
| Password? password; |
| KerberosConfig? kerberos_config; |
| |
| // Allow NTLM authentication. |
| bool allow_ntlm = false; |
| |
| // Skip attempting to connect to the share, and instead unconditionally mount |
| // the share. |
| bool skip_connect = false; |
| |
| // Options for saving password to the daemon store. If present, the password |
| // will be saved or restored based on whether the |password| field is present. |
| [MinVersion=1] CredentialStorageOptions? credential_storage_options; |
| }; |
| |
| struct Credentials { |
| string username; |
| string workgroup; |
| Password? password; |
| }; |