authpolicy/proto/authpolicy_containers.proto - mirrors/cros/chromiumos/platform2 - Git at Google

 syntax = "proto2";

 option optimize_for = LITE_RUNTIME;

 package authpolicy.protos;

 // Active directory information entered during domain join.
 message ActiveDirectoryConfig {
   optional string machine_name = 1;
   optional string realm = 3;
 }

 // Information about a GPO parsed from net ads gpo list. |name| is the 16-byte
 // guid (e.g. {12345678-90AB-...}). |basepath| and |directory| are created from
 // the first and the last part of the GPO's 'filesyspath' value in the net
 // output, e.g. if filesyspath is
 // \\example.com\SysVol\example.com\Policies\{12345678-90AB-CDEF-1234-567890ABCDEF},
 // then |basepath| is 'example.com/SysVol' and |directory| is
 // example.com\Policies\{12345678-90AB-CDEF-1234-567890ABCDEF}.
 message GpoEntry {
   optional string name = 1;
   optional string basepath = 2;
   optional string directory = 3;
 }

 // List of GPOs on server. Agnostic of policy scope (user/machine); GPOs can
 // contain both user and machine policy.
 message GpoList {
   repeated GpoEntry entries = 1;
 }

 // Local file paths of downloaded GPO files.
 message FilePathList {
   repeated string entries = 1;
 }

 // Selected data from net ads info. |dc_name| is the name of the domain
 // controller and |kdc_ip| is the IPv4 or IPv6 address of the key distribution
 // center.
 message RealmInfo {
   optional string dc_name = 1;
   optional string kdc_ip = 2;
 }

 // Validity and renewal lifetimes of a Kerberos ticket-granting-ticket.
 message TgtLifetime {
   // Number of seconds the TGT is still valid and can be used to query service
   // tickets.
   optional int64 validity_seconds = 1;

   // Number of seconds until the TGT cannot be renewed again. Zero in case the
   // TGT cannot be renewed. Otherwise, not smaller than |validity_seconds|.
   // Note that this is just an upper bound on total validity time. Renewal must
   // still happen within the validity lifetime.
   optional int64 renewal_seconds = 2;
 }

 // Debug flags.
 message DebugFlags {
   // Disable seccomp filters.
   optional bool disable_seccomp = 1;
   // Log seccomp filter failures.
   optional bool log_seccomp = 2;
   // Enable kinit trace logs. Only shown if log_command_output is set as well.
   optional bool trace_kinit = 3;
   // Log policy values read from GPO.
   optional bool log_policy_values = 4;
   // Log command line and exit code in ProcessExecutor.
   optional bool log_commands = 5;
   // Log stdout and stderr in ProcessExecutor no matter whether the command
   // succeeded or not.
   optional bool log_command_output = 6;
   // Log stdout and stderr in ProcessExecutor if the command failed.
   optional bool log_command_output_on_error = 7;
   // Log list of filtered, broken and valid GPOs.
   optional bool log_gpo = 8;
   // Log configuration data (netbios name, kdc ip etc.).
   optional bool log_config = 9;
   // Log level for Samba net commands. Only shown if log_command_output is set
   // as well.
   optional string net_log_level = 10 [default = "0"];
 }
	syntax = "proto2";

	option optimize_for = LITE_RUNTIME;

	package authpolicy.protos;

	// Active directory information entered during domain join.
	message ActiveDirectoryConfig {
	optional string machine_name = 1;
	optional string realm = 3;
	}

	// Information about a GPO parsed from net ads gpo list. \|name\| is the 16-byte
	// guid (e.g. {12345678-90AB-...}). \|basepath\| and \|directory\| are created from
	// the first and the last part of the GPO's 'filesyspath' value in the net
	// output, e.g. if filesyspath is
	// \\example.com\SysVol\example.com\Policies\{12345678-90AB-CDEF-1234-567890ABCDEF},
	// then \|basepath\| is 'example.com/SysVol' and \|directory\| is
	// example.com\Policies\{12345678-90AB-CDEF-1234-567890ABCDEF}.
	message GpoEntry {
	optional string name = 1;
	optional string basepath = 2;
	optional string directory = 3;
	}

	// List of GPOs on server. Agnostic of policy scope (user/machine); GPOs can
	// contain both user and machine policy.
	message GpoList {
	repeated GpoEntry entries = 1;
	}

	// Local file paths of downloaded GPO files.
	message FilePathList {
	repeated string entries = 1;
	}

	// Selected data from net ads info. \|dc_name\| is the name of the domain
	// controller and \|kdc_ip\| is the IPv4 or IPv6 address of the key distribution
	// center.
	message RealmInfo {
	optional string dc_name = 1;
	optional string kdc_ip = 2;
	}

	// Validity and renewal lifetimes of a Kerberos ticket-granting-ticket.
	message TgtLifetime {
	// Number of seconds the TGT is still valid and can be used to query service
	// tickets.
	optional int64 validity_seconds = 1;

	// Number of seconds until the TGT cannot be renewed again. Zero in case the
	// TGT cannot be renewed. Otherwise, not smaller than \|validity_seconds\|.
	// Note that this is just an upper bound on total validity time. Renewal must
	// still happen within the validity lifetime.
	optional int64 renewal_seconds = 2;
	}

	// Debug flags.
	message DebugFlags {
	// Disable seccomp filters.
	optional bool disable_seccomp = 1;
	// Log seccomp filter failures.
	optional bool log_seccomp = 2;
	// Enable kinit trace logs. Only shown if log_command_output is set as well.
	optional bool trace_kinit = 3;
	// Log policy values read from GPO.
	optional bool log_policy_values = 4;
	// Log command line and exit code in ProcessExecutor.
	optional bool log_commands = 5;
	// Log stdout and stderr in ProcessExecutor no matter whether the command
	// succeeded or not.
	optional bool log_command_output = 6;
	// Log stdout and stderr in ProcessExecutor if the command failed.
	optional bool log_command_output_on_error = 7;
	// Log list of filtered, broken and valid GPOs.
	optional bool log_gpo = 8;
	// Log configuration data (netbios name, kdc ip etc.).
	optional bool log_config = 9;
	// Log level for Samba net commands. Only shown if log_command_output is set
	// as well.
	optional string net_log_level = 10 [default = "0"];
	}