Documentation ¶
Index ¶
- Constants
- func MakeGetEnrollEndpoint(s Service) endpoint.Endpoint
- func MakeOTAEnrollEndpoint(s Service) endpoint.Endpoint
- func MakeOTAPhase2Phase3Endpoint(s Service, scepDepot *boltdepot.Depot) endpoint.Endpoint
- type AccessRights
- type Endpoints
- type HTTPHandlers
- type MDMPayloadContent
- type Payload
- type Profile
- type ProfileServicePayload
- type SCEPPayloadContent
- type Service
- type TopicProvider
Constants ¶
View Source
const ( EnrollmentProfileId string = "com.github.micromdm.micromdm.enroll" OTAProfileId string = "com.github.micromdm.micromdm.ota" )
Variables ¶
This section is empty.
Functions ¶
func MakeGetEnrollEndpoint ¶
func MakeOTAEnrollEndpoint ¶
Types ¶
type AccessRights ¶
type AccessRights int
AccessRights define the management rights of the MDM server over the device. May not be zero. If 2 is specified, 1 must also be specified. If 128 is specified, 64 must also be specified.
const ( // Allow inspection of installed configuration profiles. ProfileInspection AccessRights = 1 << iota // Allow installation and removal of configuration profiles. ProfileInstallAndRemoval // Allow device lock and passcode removal. DeviceLock // Allow device erase. DeviceErase // Allow query of Device Information (device capacity, serial number). DeviceInformationQuery // Allow query of Network Information (phone/SIM numbers, MAC addresses). NetworkInformationQuery // Allow inspection of installed provisioning profiles. ProvisioningProfileInspection // Allow installation and removal of provisioning profiles. ProvisioningProfileInstallAndRemoval // Allow inspection of installed applications. ApplicationInspection // Allow restriction-related queries. RestrictionQuery // Allow security-related queries. SecurityQuery // Allow manipulation of settings. // Availability: Available in iOS 5.0 and later. Available in macOS 10.9 for certain commands. SettingsManipulation // Allow app management. // Availability: Available in iOS 5.0 and later. Available in macOS 10.9 for certain commands. AppManagement )
type Endpoints ¶
type HTTPHandlers ¶
type HTTPHandlers struct { EnrollHandler http.Handler OTAEnrollHandler http.Handler // In Apple's Over-the-Air design Phases 2 and 3 happen over the same URL. // The differentiator is which certificate signed the CMS POST body. OTAPhase2Phase3Handler http.Handler }
func MakeHTTPHandlers ¶
func MakeHTTPHandlers(ctx context.Context, endpoints Endpoints, opts ...httptransport.ServerOption) HTTPHandlers
type MDMPayloadContent ¶
type MDMPayloadContent struct { Payload AccessRights AccessRights CheckInURL string CheckOutWhenRemoved bool IdentityCertificateUUID string ServerCapabilities []string `plist:"ServerCapabilities,omitempty"` SignMessage bool `plist:"SignMessage,omitempty"` ServerURL string Topic string }
TODO: Actually this is one of those non-nested payloads that doesnt respect the PayloadContent key.
type Payload ¶
type Payload struct { PayloadType string `json:"type" db:"type"` PayloadVersion int `json:"version" db:"version"` PayloadIdentifier string `json:"identifier" db:"identifier"` PayloadUUID string `json:"uuid" db:"uuid"` PayloadDisplayName string `json:"displayname" db:"displayname"` PayloadDescription string `json:"description,omitempty" db:"description"` PayloadOrganization string `json:"organization,omitempty" db:"organization"` PayloadScope string `json:"scope" db:"scope" plist:",omitempty"` PayloadContent interface{} `json:"content,omitempty" plist:"PayloadContent,omitempty"` }
func NewPayload ¶
type Profile ¶
type Profile struct { PayloadContent []interface{} `json:"content,omitempty" db:"content"` PayloadDescription string `json:"description,omitempty" db:"description"` PayloadDisplayName string `json:"displayname,omitempty" db:"displayname"` PayloadExpirationDate *time.Time `json:"expiration_date,omitempty" db:"expiration_date" plist:",omitempty"` PayloadIdentifier string `json:"identifier" db:"identifier"` PayloadOrganization string `json:"organization,omitempty" db:"organization"` PayloadUUID string `json:"uuid" db:"uuid"` PayloadRemovalDisallowed bool `json:"removal_disallowed" db:"removal_disallowed" plist:",omitempty"` PayloadType string `json:"type" db:"type"` PayloadVersion int `json:"version" db:"version"` PayloadScope string `json:"scope" db:"scope" plist:",omitempty"` RemovalDate *time.Time `json:"removal_date" db:"removal_date" plist:"-" plist:",omitempty"` DurationUntilRemoval float32 `json:"duration_until_removal" db:"duration_until_removal" plist:",omitempty"` ConsentText map[string]string `json:"consent_text" db:"consent_text" plist:",omitempty"` }
func NewProfile ¶
func NewProfile() *Profile
type ProfileServicePayload ¶
type SCEPPayloadContent ¶
type Service ¶
type Service interface { Enroll(ctx context.Context) (profile.Mobileconfig, error) OTAEnroll(ctx context.Context) (profile.Mobileconfig, error) OTAPhase2(ctx context.Context) (profile.Mobileconfig, error) OTAPhase3(ctx context.Context) (profile.Mobileconfig, error) }
func NewService ¶
func NewService(topic TopicProvider, sub pubsub.Subscriber, caCertPath, scepURL, scepChallenge, url, tlsCertPath, scepSubject string, profileDB profile.Store) (Service, error)
type TopicProvider ¶
Click to show internal directories.
Click to hide internal directories.