// Copyright 2019 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
module smbfs.mojom;
import "chromeos/ash/components/smbfs/mojom/file_path.mojom";
import "chromeos/ash/components/smbfs/mojom/ip_address.mojom";
// This file is shared between Chrome and Chrome OS.
// In Chrome, this file is located at:
// //chromeos/ash/components/smbfs/mojom/smbfs.mojom
// In Chrome OS, this file is located at:
// //platform2/smbfs/mojom/smbfs.mojom
// Name used to identify the bootstrap message pipe. To be used with
// mojo::{Incoming,Outgoing}Invitation.
const string kBootstrapPipeName = "smbfs-bootstrap";
// Implemented by SmbFs, used from Chrome.
interface SmbFsBootstrap {
// Connect to an SMB share. This method must only be called once.
MountShare(MountOptions options, pending_remote<SmbFsDelegate> delegate) =>
(MountError error, pending_remote<SmbFs>? smbfs);
};
// Implemented by SmbFs, used from Chrome.
interface SmbFs {
// Deletes any credentials stored for this share mount.
RemoveSavedCredentials() => (bool success);
// Recursively delete |path|, which is the absolute path (within the SMB
// share, ie. /dir_a/file_b) of a file or directory.
DeleteRecursively(FilePath path) => (DeleteRecursivelyError error);
};
// Implemented by Chrome, used from SmbFs.
interface SmbFsDelegate {
// Request authentication credentials. This request is made when accessing a
// share fails with an authentication error. If null is returned, this
// indicates the request was dismissed by the user.
RequestCredentials() => (Credentials? credentials);
};
enum MountError {
// Success.
kOk = 0,
// Generic code for uncategorized errors.
kUnknown = 1,
// Mount timeout.
kTimeout = 2,
// Share URL is invalid.
kInvalidUrl = 3,
// An invalid combination of mount options was specified, or required
// options were missing.
kInvalidOptions = 4,
// Share not found.
kNotFound = 5,
// Share access denied (i.e. username/password error).
kAccessDenied = 6,
// Invalid protocol (i.e. SMB1).
kInvalidProtocol = 7,
};
enum DeleteRecursivelyError {
// Success.
kOk = 0,
// Generic code for uncategorized errors.
kUnknown = 1,
// The specified path for deletion was not found.
kPathNotFound = 2,
// A file or directory within the tree could not be deleted.
kFailedToDeleteNode = 3,
// A directory within the tree could not be listed.
kFailedToListDirectory = 4,
// A recursive delete is already in progress.
kOperationInProgress = 5,
};
struct Password {
// The Samba client library uses an "fstring" type to obtain the password,
// which is limited to 256 bytes (See source3/include/includes.h in the Samba
// sources). Subtract one to account for a null terminator.
const int32 kMaxLength = 255;
// File descriptor of pipe containing password.
handle fd;
// Length of password stored in |fd|.
int32 length;
};
struct KerberosConfig {
enum Source {
// Obtain credentials for Active Directory from authpolicyd.
kActiveDirectory = 0,
// Obtain credentials from kerberosd.
kKerberos = 1,
};
// Source of kerberos credentials.
Source source;
// Kerberos identity. Will be account GUID for Active Directory, and
// principal name for non-AD kerberos.
string identity;
};
struct CredentialStorageOptions {
const int32 kMinSaltLength = 16;
// Username hash of the mounting profile.
string account_hash;
// A vector of random bytes to use to obfuscate the password being stored.
// Must be at least |kMinSaltLength| bytes in length and generated by a
// strong random byte generator.
array<uint8> salt;
};
struct MountOptions {
// Full share path. Must be in the form "smb://hostname/sharename", and must
// have the hostname as entered by the user and NOT resolved to an IP address
// (unless the user entered an IP address as the hostname).
string share_path;
// Resolved IP address of the share's hostname.
IPAddress? resolved_host;
// Authentication parameters.
string username;
string workgroup;
// Password is passed using an fd to avoid having the password in addressable
// memory while being transferred over IPC. This also allows the password to
// be stored using libpasswordprovider on the Chrome OS side.
Password? password;
KerberosConfig? kerberos_config;
// Allow NTLM authentication.
bool allow_ntlm = false;
// Skip attempting to connect to the share, and instead unconditionally mount
// the share.
bool skip_connect = false;
// Options for saving password to the daemon store. If present, the password
// will be saved or restored based on whether the |password| field is present.
[MinVersion=1] CredentialStorageOptions? credential_storage_options;
};
struct Credentials {
string username;
string workgroup;
Password? password;
};
Codebase Browser
chromium