enroll

package
v1.3.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 11, 2018 License: MIT Imports: 23 Imported by: 0

Documentation

Index

Constants

View Source
const (
	EnrollmentProfileId string = "com.github.micromdm.micromdm.enroll"
	OTAProfileId        string = "com.github.micromdm.micromdm.ota"
)

Variables

This section is empty.

Functions

func MakeGetEnrollEndpoint

func MakeGetEnrollEndpoint(s Service) endpoint.Endpoint

func MakeOTAEnrollEndpoint

func MakeOTAEnrollEndpoint(s Service) endpoint.Endpoint

func MakeOTAPhase2Phase3Endpoint

func MakeOTAPhase2Phase3Endpoint(s Service, scepDepot *boltdepot.Depot) endpoint.Endpoint

Types

type AccessRights

type AccessRights int

AccessRights define the management rights of the MDM server over the device. May not be zero. If 2 is specified, 1 must also be specified. If 128 is specified, 64 must also be specified.

const (
	// Allow inspection of installed configuration profiles.
	ProfileInspection AccessRights = 1 << iota

	// Allow installation and removal of configuration profiles.
	ProfileInstallAndRemoval

	// Allow device lock and passcode removal.
	DeviceLock

	// Allow device erase.
	DeviceErase

	// Allow query of Device Information (device capacity, serial number).
	DeviceInformationQuery

	// 	Allow query of Network Information (phone/SIM numbers, MAC addresses).
	NetworkInformationQuery

	// Allow inspection of installed provisioning profiles.
	ProvisioningProfileInspection

	//  Allow installation and removal of provisioning profiles.
	ProvisioningProfileInstallAndRemoval

	// Allow inspection of installed applications.
	ApplicationInspection

	// Allow restriction-related queries.
	RestrictionQuery

	// Allow security-related queries.
	SecurityQuery

	// Allow manipulation of settings.
	// Availability: Available in iOS 5.0 and later. Available in macOS 10.9 for certain commands.
	SettingsManipulation

	// Allow app management.
	// Availability: Available in iOS 5.0 and later. Available in macOS 10.9 for certain commands.
	AppManagement
)

type Endpoints

type Endpoints struct {
	GetEnrollEndpoint       endpoint.Endpoint
	OTAEnrollEndpoint       endpoint.Endpoint
	OTAPhase2Phase3Endpoint endpoint.Endpoint
}

func MakeServerEndpoints

func MakeServerEndpoints(s Service, scepDepot *boltdepot.Depot) Endpoints

type HTTPHandlers

type HTTPHandlers struct {
	EnrollHandler    http.Handler
	OTAEnrollHandler http.Handler

	// In Apple's Over-the-Air design Phases 2 and 3 happen over the same URL.
	// The differentiator is which certificate signed the CMS POST body.
	OTAPhase2Phase3Handler http.Handler
}

func MakeHTTPHandlers

func MakeHTTPHandlers(ctx context.Context, endpoints Endpoints, opts ...httptransport.ServerOption) HTTPHandlers

type MDMPayloadContent

type MDMPayloadContent struct {
	Payload
	AccessRights            AccessRights
	CheckInURL              string
	CheckOutWhenRemoved     bool
	IdentityCertificateUUID string
	ServerCapabilities      []string `plist:"ServerCapabilities,omitempty"`
	SignMessage             bool     `plist:"SignMessage,omitempty"`
	ServerURL               string
	Topic                   string
}

TODO: Actually this is one of those non-nested payloads that doesnt respect the PayloadContent key.

type Payload

type Payload struct {
	PayloadType         string      `json:"type" db:"type"`
	PayloadVersion      int         `json:"version" db:"version"`
	PayloadIdentifier   string      `json:"identifier" db:"identifier"`
	PayloadUUID         string      `json:"uuid" db:"uuid"`
	PayloadDisplayName  string      `json:"displayname" db:"displayname"`
	PayloadDescription  string      `json:"description,omitempty" db:"description"`
	PayloadOrganization string      `json:"organization,omitempty" db:"organization"`
	PayloadScope        string      `json:"scope" db:"scope" plist:",omitempty"`
	PayloadContent      interface{} `json:"content,omitempty" plist:"PayloadContent,omitempty"`
}

func NewPayload

func NewPayload(payloadType string) *Payload

type Profile

type Profile struct {
	PayloadContent           []interface{}     `json:"content,omitempty" db:"content"`
	PayloadDescription       string            `json:"description,omitempty" db:"description"`
	PayloadDisplayName       string            `json:"displayname,omitempty" db:"displayname"`
	PayloadExpirationDate    *time.Time        `json:"expiration_date,omitempty" db:"expiration_date" plist:",omitempty"`
	PayloadIdentifier        string            `json:"identifier" db:"identifier"`
	PayloadOrganization      string            `json:"organization,omitempty" db:"organization"`
	PayloadUUID              string            `json:"uuid" db:"uuid"`
	PayloadRemovalDisallowed bool              `json:"removal_disallowed" db:"removal_disallowed" plist:",omitempty"`
	PayloadType              string            `json:"type" db:"type"`
	PayloadVersion           int               `json:"version" db:"version"`
	PayloadScope             string            `json:"scope" db:"scope" plist:",omitempty"`
	RemovalDate              *time.Time        `json:"removal_date" db:"removal_date" plist:"-" plist:",omitempty"`
	DurationUntilRemoval     float32           `json:"duration_until_removal" db:"duration_until_removal" plist:",omitempty"`
	ConsentText              map[string]string `json:"consent_text" db:"consent_text" plist:",omitempty"`
}

func NewProfile

func NewProfile() *Profile

type ProfileServicePayload

type ProfileServicePayload struct {
	URL              string
	Challenge        string `plist:",omitempty"`
	DeviceAttributes []string
}

type SCEPPayloadContent

type SCEPPayloadContent struct {
	CAFingerprint []byte `plist:"CAFingerprint,omitempty"` // NSData
	Challenge     string `plist:"Challenge,omitempty"`
	Keysize       int
	KeyType       string `plist:"Key Type"`
	KeyUsage      int    `plist:"Key Usage"`
	Name          string
	Subject       [][][]string `plist:"Subject,omitempty"`
	URL           string
}

type Service

type Service interface {
	Enroll(ctx context.Context) (profile.Mobileconfig, error)
	OTAEnroll(ctx context.Context) (profile.Mobileconfig, error)
	OTAPhase2(ctx context.Context) (profile.Mobileconfig, error)
	OTAPhase3(ctx context.Context) (profile.Mobileconfig, error)
}

func NewService

func NewService(topic TopicProvider, sub pubsub.Subscriber, caCertPath, scepURL, scepChallenge, url, tlsCertPath, scepSubject string, profileDB profile.Store) (Service, error)

type TopicProvider

type TopicProvider interface {
	PushTopic() (string, error)
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL