authorization

package
v2.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 8, 2024 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Overview

Package authorization facilitates communication with Intel® AMT devices to manage access control list (ACL) entries.

Additional Notes:

1) Realms 'AuditLogRealm' (20) and 'ACLRealm' (21) are supported only in Intel AMT Release 4.0 and later releases.

2) Realm 'DTRealm' (23) is supported only in 'ME 5.1' and Intel AMT Release 5.1 and later releases.

3) All the methods of 'AMT_AuthorizationService' except for 'Get' are not supported in Remote Connectivity Service provisioning mode

Index

Constants

View Source 
const (
	AMT_AuthorizationService  string = "AMT_AuthorizationService"
	EnumerateUserAclEntries   string = "EnumerateUserAclEntries"
	GetUserAclEntryEx         string = "GetUserAclEntryEx"
	UpdateUserAclEntryEx      string = "UpdateUserAclEntryEx"
	RemoveUserAclEntry        string = "RemoveUserAclEntry"
	GetAdminAclEntry          string = "GetAdminAclEntry"
	GetAdminAclEntryStatus    string = "GetAdminAclEntryStatus"
	GetAdminNetAclEntryStatus string = "GetAdminNetAclEntryStatus"
	SetAclEnabledState        string = "SetAclEnabledState"
	GetAclEnabledState        string = "GetAclEnabledState"
	SetAdminAclEntryEx        string = "SetAdminAclEntryEx"
	AddUserAclEntryEx         string = "AddUserAclEntryEx"
)

INPUTS Constants

Variables

This section is empty.

Functions

This section is empty.

Types

type AccessPermission 

type AccessPermission int

ValueMap={0, 1, 2}

Values={LocalAccessPermission, NetworkAccessPermission, AnyAccessPermission} 

const (
	AccessPermissionLocalAccessOnly AccessPermission = iota
	AccessPermissionNetworkAccessOnly
	AccessPermissionLocalAndNetworkAccess
)

type AddUserAclEntry 

type AddUserAclEntry struct {
	XMLName          xml.Name         `xml:"h:AddUserAclEntryEx_INPUT"`
	H                string           `xml:"xmlns:h,attr"`
	Handle           int              `xml:"h:Handle,omitempty"`              // Contains a creation handle.
	DigestUsername   string           `xml:"h:DigestUsername"`                // Username for access control. Contains 7-bit ASCII characters. String length is limited to 16 characters. Username cannot be an empty string.
	DigestPassword   string           `xml:"h:DigestPassword"`                // An MD5 Hash of these parameters concatenated together (Username + ":" + DigestRealm + ":" + Password). The DigestRealm is a field in AMT_GeneralSettings
	AccessPermission AccessPermission `xml:"h:AccessPermission"`              // Indicates whether the User is allowed to access Intel® AMT from the Network or Local Interfaces. Note: this definition is restricted by the Default Interface Access Permissions of each Realm.
	Realms           []RealmValues    `xml:"h:Realms>h:RealmValue,omitempty"` // Array of interface names the ACL entry is allowed to access.
	KerberosUserSid  string           `xml:"h:KerberosUserSid"`               // Descriptor for user (SID) which is authenticated using the Kerberos Authentication. Byte array, specifying the Security Identifier (SID) according to the Kerberos specification. Current requirements imply that SID should be not smaller than 1 byte length and no longer than 28 bytes. SID length should also be a multiplicand of 4.
}

INPUTS Request Types

type AuthorizationOccurrence 

type AuthorizationOccurrence struct {
	XMLName                 xml.Name       `xml:"AMT_AuthorizationService"`
	AllowHttpQopAuthOnly    int            `xml:"AllowHttpQopAuthOnly"`    // Indicates whether using the http "quality of protection" (qop) directive with value auth is allowed
	CreationClassName       string         `xml:"CreationClassName"`       // CreationClassName indicates the name of the class or the subclass that is used in the creation of an instance. When used with the other key properties of this class, this property allows all instances of this class and its subclasses to be uniquely identified. In Intel AMT Release 6.0 and later releases value is 'AMT_AuthorizationService'
	ElementName             string         `xml:"ElementName"`             // A user-friendly name for the object. This property allows each instance to define a user-friendly name in addition to its key properties, identity data, and description information.  Note that the Name property of ManagedSystemElement is also defined as a user-friendly name. But, it is often subclassed to be a Key. It is not reasonable that the same property can convey both identity and a user-friendly name, without inconsistencies. Where Name exists and is not a Key (such as for instances of LogicalDevice), the same information can be present in both the Name and ElementName properties. Note that if there is an associated instance of CIM_EnabledLogicalElementCapabilities, restrictions on this properties may exist as defined in ElementNameMask and MaxElementNameLen properties defined in that class.
	EnabledState            EnabledState   `xml:"EnabledState"`            // EnabledState is an integer enumeration that indicates the enabled and disabled states of an element.
	Name                    string         `xml:"Name"`                    // The Name property uniquely identifies the Service and provides an indication of the functionality that is managed. This functionality is described in more detail in the Description property of the object.  In Intel AMT Release 6.0 and later releases value is 'Intel® AMT Authorization Service'
	RequestedState          RequestedState `xml:"RequestedState"`          // RequestedState is an integer enumeration that indicates the last requested or desired state for the element, irrespective of the mechanism through which it was requested.
	SystemCreationClassName string         `xml:"SystemCreationClassName"` // The CreationClassName of the scoping System. In Intel AMT Release 6.0 and later releases value is 'CIM_ComputerSystem'
	SystemName              string         `xml:"SystemName"`              // The Name of the scoping System.  In Intel AMT Release 6.0 and later releases value is 'Intel® AMT'
}

OUTPUTS Response Types

type AuthorizationService 

type AuthorizationService struct {
	// contains filtered or unexported fields
}

func NewServiceWithClient 

func NewServiceWithClient(wsmanMessageCreator *message.WSManMessageCreator, client client.WSMan) AuthorizationService

Instantiates a new Authorization service

func (AuthorizationService) Enumerate 

func (as AuthorizationService) Enumerate() (response Response, err error)

Enumerate returns an enumeration context which is used in a subsequent Pull call

func (AuthorizationService) EnumerateUserAclEntries 

func (as AuthorizationService) EnumerateUserAclEntries(startIndex int) (response Response, err error)

EnumerateUserAclEntries enumerates entries in the User Access Control List (ACL).

func (AuthorizationService) Get 

func (as AuthorizationService) Get() (response Response, err error)

Get retrieves the representation of the instance

func (AuthorizationService) GetAclEnabledState 

func (as AuthorizationService) GetAclEnabledState(handle int) (response Response, err error)

Gets the state of a user ACL entry (enabled/disabled)

func (AuthorizationService) GetAdminAclEntry 

func (as AuthorizationService) GetAdminAclEntry() (response Response, err error)

Returns the username attribute of the Admin ACL

func (AuthorizationService) GetAdminAclEntryStatus 

func (as AuthorizationService) GetAdminAclEntryStatus() (response Response, err error)

Reads the Admin ACL Entry status from Intel® AMT. The return state changes as a function of the admin password.

func (AuthorizationService) GetAdminNetAclEntryStatus 

func (as AuthorizationService) GetAdminNetAclEntryStatus() (response Response, err error)

Reads the remote Admin ACL Entry status from Intel® AMT. The return state changes as a function of the remote admin password.

func (AuthorizationService) GetUserAclEntryEx 

func (as AuthorizationService) GetUserAclEntryEx(handle int) (response Response, err error)

Reads a user entry from the Intel® AMT device. Note: confidential information, such as password (hash) is omitted or zeroed in the response.

func (AuthorizationService) Pull 

func (as AuthorizationService) Pull(enumerationContext string) (response Response, err error)

Pull returns the instances of this class. An enumeration context provided by the Enumerate call is used as input.

func (AuthorizationService) RemoveUserAclEntry 

func (as AuthorizationService) RemoveUserAclEntry(handle int) (response Response, err error)

Removes an entry from the User Access Control List (ACL), given a handle.

func (AuthorizationService) SetAclEnabledState 

func (as AuthorizationService) SetAclEnabledState(handle int, enabled bool) (response Response, err error)

Enables or disables a user ACL entry. Disabling ACL entries is useful when accounts that cannot be removed (system accounts - starting with $$) are required to be disabled.

func (AuthorizationService) SetAdminAclEntryEx added in v2.2.1 

func (as AuthorizationService) SetAdminAclEntryEx(username, digestPassword string) (response Response, err error)

Updates an Admin entry in the Intel® AMT device.

type Body 

type Body struct {
	XMLName           xml.Name `xml:"Body"`
	GetResponse       AuthorizationOccurrence
	EnumerateResponse common.EnumerateResponse
	PullResponse      PullResponse
	SetAdminResponse  SetAdminAclEntryEx_OUTPUT
}

OUTPUTS Response Types

type EnabledState 

type EnabledState int

EnabledState is an integer enumeration that indicates the enabled and disabled states of an element. 

const (
	EnabledStateUnknown EnabledState = iota
	EnabledStateOther
	EnabledStateEnabled
	EnabledStateDisabled
	EnabledStateShuttingDown
	EnabledStateNotApplicable
	EnabledStateEnabledButOffline
	EnabledStateInTest
	EnabledStateDeferred
	EnabledStateQuiesce
	EnabledStateStarting
)

func (EnabledState) String added in v2.2.4 

func (e EnabledState) String() string

String returns the string representation of an EnabledState value

type EnumerateUserAclEntries_INPUT 

type EnumerateUserAclEntries_INPUT struct {
	XMLName    xml.Name `xml:"h:EnumerateUserAclEntries_INPUT"`
	H          string   `xml:"xmlns:h,attr"`
	StartIndex int      `xml:"h:StartIndex"` // Indicates the first ACL entry to retrieve. To enumerate the entire list, an application sends this message with StartIndex set to 1.
}

INPUTS Request Types

type GetAclEnabledState_INPUT 

type GetAclEnabledState_INPUT struct {
	XMLName xml.Name `xml:"h:GetAclEnabledState_INPUT"`
	H       string   `xml:"xmlns:h,attr"`
	Handle  int      `xml:"h:Handle"` // Specifies the ACL entry to fetch.
}

INPUTS Request Types

type GetUserAclEntryEx_INPUT 

type GetUserAclEntryEx_INPUT struct {
	XMLName xml.Name `xml:"h:GetUserAclEntryEx_INPUT"`
	H       string   `xml:"xmlns:h,attr"`
	Handle  int      `xml:"h:Handle"` // Specifies the ACL entry to fetch.
}

INPUTS Request Types

type PullResponse 

type PullResponse struct {
	XMLName                      xml.Name                  `xml:"PullResponse"`
	AuthorizationOccurrenceItems []AuthorizationOccurrence `xml:"Items>AMT_AuthorizationService"`
}

OUTPUTS Response Types

type RealmValues 

type RealmValues int

ValueMap={0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, ..}

Values={InvalidRealm, ReservedRealm0, RedirectionRealm, PTAdministrationRealm, HardwareAssetRealm, RemoteControlRealm, StorageRealm, EventManagerRealm, StorageAdminRealm, AgentPresenceLocalRealm, AgentPresenceRemoteRealm, CircuitBreakerRealm, NetworkTimeRealm, GeneralInfoRealm, FirmwareUpdateRealm, EITRealm, LocalUN, EndpointAccessControlRealm, EndpointAccessControlAdminRealm, EventLogReaderRealm, AuditLogRealm, ACLRealm, ReservedRealm1, ReservedRealm2, LocalSystemRealm, Reserved} 

const (
	RealmValuesInvalidRealm RealmValues = iota
	RealmValuesReservedRealm0
	RealmValuesRedirectionRealm
	RealmValuesPTAdministrationRealm
	RealmValuesHardwareAssetRealm
	RealmValuesRemoteControlRealm
	RealmValuesStorageRealm
	RealmValuesEventManagerRealm
	RealmValuesStorageAdminRealm
	RealmValuesAgentPresenceLocalRealm
	RealmValuesAgentPresenceRemoteRealm
	RealmValuesCircuitBreakerRealm
	RealmValuesNetworkTimeRealm
	RealmValuesGeneralInfoRealm
	RealmValuesFirmwareUpdateRealm
	RealmValuesEITRealm
	RealmValuesLocalUN
	RealmValuesEndpointAccessControlRealm
	RealmValuesEndpointAccessControlAdminRealm
	RealmValuesEventLogReaderRealm
	RealmValuesAuditLogRealm
	RealmValuesACLRealm
	RealmValuesReservedRealm1
	RealmValuesReservedRealm2
	RealmValuesLocalSystemRealm
)

type RemoveUserAclEntry_INPUT 

type RemoveUserAclEntry_INPUT struct {
	XMLName xml.Name `xml:"h:RemoveUserAclEntry_INPUT"`
	H       string   `xml:"xmlns:h,attr"`
	Handle  int      `xml:"h:Handle"` // Specifies the ACL entry to be removed.
}

INPUTS Request Types

type RequestedState 

type RequestedState int

RequestedState is an integer enumeration that indicates the last requested or desired state for the element, irrespective of the mechanism through which it was requested. 

const (
	RequestedStateUnknown RequestedState = iota
	RequestedStateEnabled
	RequestedStateDisabled
	RequestedStateShutDown
	RequestedStateNoChange
	RequestedStateOffline
	RequestedStateTest
	RequestedStateDeferred
	RequestedStateQuiesce
	RequestedStateReboot
	RequestedStateReset
	RequestedStateNotApplicable
)

func (RequestedState) String added in v2.2.4 

func (r RequestedState) String() string

String returns the string representation of a RequestedState value

type Response 

type Response struct {
	*client.Message
	XMLName xml.Name       `xml:"Envelope"`
	Header  message.Header `xml:"Header"`
	Body    Body           `xml:"Body"`
}

OUTPUTS Response Types

func (*Response) JSON 

func (r *Response) JSON() string

JSON marshals the type into JSON format

func (*Response) YAML 

func (r *Response) YAML() string

YAML marshals the type into YAML format

type ReturnValue added in v2.2.4 

type ReturnValue int

ReturnValue is an integer enumeration that indicates the success or failure of an operation. 

const (
	PTStatusSuccess                 ReturnValue = 0
	PTStatusInternalError           ReturnValue = 1
	PTStatusInvalidName             ReturnValue = 12
	PTStatusNotPermitted            ReturnValue = 16
	PTStatusMaxLimitReached         ReturnValue = 23
	PTStatusInvalidIndex            ReturnValue = 35
	PTStatusFlashWriteLimitExceeded ReturnValue = 38
	PTStatusInvalidHandle           ReturnValue = 2053
	PTStatusInvalidPassword         ReturnValue = 2054
	PTStatusInvalidRealm            ReturnValue = 2055
	AMTStatusDuplicate              ReturnValue = 2058
	PTStatusMaxKerbDomainReached    ReturnValue = 2065
	PTStatusAuditFail               ReturnValue = 2075
)

func (ReturnValue) String added in v2.2.4 

func (r ReturnValue) String() string

String returns the string representation of the return value

type SetAclEnabledState_INPUT 

type SetAclEnabledState_INPUT struct {
	XMLName xml.Name `xml:"h:SetAclEnabledState_INPUT"`
	H       string   `xml:"xmlns:h,attr"`
	Handle  int      `xml:"h:Handle"`  // Specifies the ACL entry to update
	Enabled bool     `xml:"h:Enabled"` // Specifies the state of the ACL entry
}

INPUTS Request Types

type SetAdminAclEntryEx_INPUT added in v2.2.1 

type SetAdminAclEntryEx_INPUT struct {
	XMLName        xml.Name `xml:"h:SetAdminAclEntryEx_INPUT"`
	H              string   `xml:"xmlns:h,attr"`
	Username       string   `xml:"h:Username"`       // Username for access control. Contains 7-bit ASCII characters. String length is limited to 16 characters. Username cannot be an empty string.
	DigestPassword string   `xml:"h:DigestPassword"` // An MD5 Hash of these parameters concatenated together (Username + ":" + DigestRealm + ":" + Password). The DigestRealm is a field in AMT_GeneralSettings
}

INPUTS Request Types

type SetAdminAclEntryEx_OUTPUT added in v2.2.1 

type SetAdminAclEntryEx_OUTPUT struct {
	ReturnValue ReturnValue `xml:"ReturnValue"`
}

OUTPUTS Response Types

type UpdateUserAclEntry 

type UpdateUserAclEntry struct {
	XMLName          xml.Name         `xml:"h:UpdateUserAclEntry_INPUT"`
	H                string           `xml:"xmlns:h,attr"`
	Handle           int              `xml:"h:Handle,omitempty"`              // Contains a creation handle.
	DigestUsername   string           `xml:"h:DigestUsername"`                // Username for access control. Contains 7-bit ASCII characters. String length is limited to 16 characters. Username cannot be an empty string.
	DigestPassword   string           `xml:"h:DigestPassword"`                // An MD5 Hash of these parameters concatenated together (Username + ":" + DigestRealm + ":" + Password). The DigestRealm is a field in AMT_GeneralSettings
	AccessPermission AccessPermission `xml:"h:AccessPermission"`              // Indicates whether the User is allowed to access Intel® AMT from the Network or Local Interfaces. Note: this definition is restricted by the Default Interface Access Permissions of each Realm.
	Realms           []RealmValues    `xml:"h:Realms>h:RealmValue,omitempty"` // Array of interface names the ACL entry is allowed to access.
	KerberosUserSid  string           `xml:"h:KerberosUserSid"`               // Descriptor for user (SID) which is authenticated using the Kerberos Authentication. Byte array, specifying the Security Identifier (SID) according to the Kerberos specification. Current requirements imply that SID should be not smaller than 1 byte length and no longer than 28 bytes. SID length should also be a multiplicand of 4.
}

INPUTS Request Types

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.