//----------------------------------------------------------------------------
//
// Copyright (c) Intel Corporation, 2011 - 2014 All Rights Reserved.
//
// File: SecurityAdminApi.cs
//
// Contents: Api code for an Intel(R) Active Management Technology
// (Intel® AMT) Security Administration.
//
// Notes: This file demonstrates the usage of Intel® AMT Security
// Administration using WS-Management interface.
// This file contains routines to manipulate Security Administration
// capabilities of the Intel® AMT by the WS-Management interface.
//
//----------------------------------------------------------------------------
using System;
using Intel.Management.Wsman;
using System.Security.Cryptography;
using Common.Utils;
namespace SecurityAdmin
{
public class SecurityAdminApi : Connection.Connection_setup
{
#region CONSTANTS
// Provisioning Mode Types
private enum ProvisioningModeTypes
{
ProvisioningModeCurrent = 0,
ProvisioningModeEnterprise,
ProvisioningModeSmallBusiness,
}
// AMT_RedirectionService states
public enum RedirectionServiceStates : int
{
NON = 32768,
IDER,
SOL,
IDER_SOL,
}
// AMT_AuthorizationService
private const int ANY_ACCESS_PERMISSION = 2;
private const int PT_ADMIN_REALM = 3;
public string ADD_NEW_USER_NAME = "someUser7";
public string ADD_NEW_USER_PASSWORD = "Abcefg`12";
public string UPDATE_USER_NAME = "someOtherUser2";
public string UPDATE_USER_PASSWORD = "Abcefg`13";
private const int MAX_LINE_LEN = 1024;
private const int MAX_USERNAME_LENGTH = 16;
private const int MIN_PASSWORD = 8;
private const int MAX_PASSWORD = 32;
private const int PT_STATUS_SUCCEESS = 0;
private const int PT_STATUS_MAX_LIMIT_REACHED = 23;
private const int PT_STATUS_INVALID_NAME = 12;
// AMT_WebUIService
private const int WEBUI_SERVICE_ENABLED = 2;
private static readonly string[] KVM_ENABLED_STATE_STRINGS = {"Unknown", "Other", "Enabled", "Disabled",
"Shutting Down", "Not Applicable",
"Enabled but Offline", "In Test", "Deferred",
"Quiesce", "Starting"};
private const string FIRST_VERSION_SUPPORTING_KVM = "6.0.0";
#endregion CONSTANTS
#region CONSTRUCTORS
// Inheriting Connection details from Connection_setup class.
// Convert password to secure string to comply with wsman dll which supports passwords in SecureString
// format only.
public SecurityAdminApi(string ip, string username, string pwd, bool krb, MpsManager proxy, bool acceptSelfSignedCertificate = false)
: base(ip, username, pwd.ConvertToSecureString(), krb, proxy, acceptSelfSignedCertificate)
{
}
// Convert password to secure string to comply with wsman dll which supports passwords in SecureString
// format only.
public SecurityAdminApi(string ip, string username, string pwd, string secure, bool krb, MpsManager proxy, bool acceptSelfSignedCertificate = false)
: base(ip, username, pwd.ConvertToSecureString(), secure, krb, proxy, acceptSelfSignedCertificate)
{
}
#endregion CONSTRUCTORS
#region PRIVATE_FUNCTIONS
///
/// Display a warning message about changing the admin, and get response.
/// If an non-administrator user wants to change the AdminACL settings,
/// (s)he must get a warning message.
///
/// true, if the user wants to go ahead
private static bool ChangeAdminUserWarning()
{
Console.WriteLine("WARNING:\n\tYou are about to manipulate the AdminACL entry");
Console.WriteLine("\tthrough a non administrator account.");
Console.WriteLine("\tThis will permanently alter the current AdminACL settings.");
Console.Write("Do you wish to continue?(y/n):\n> ");
while (true)
{
string ans = Console.ReadLine();
ans = ans.ToLower();
if ((!ans.Equals("y") && (!ans.Equals("n"))))
{
Console.Write("Illegal choice. Input again(y/n)> ");
continue;
}
if (ans.Equals("y"))
return true;
if (ans.Equals("n"))
{
Console.WriteLine("Aborting.");
return false;
}
}
}
///
/// Checks if the password is valid.
///
/// the input password
private void TestPassword(string pwd)
{
if (pwd.Length < MIN_PASSWORD)
{
throw new Exception("Error: The password must be at least 8 characters long. Aborting.");
}
if (pwd.Length > MAX_PASSWORD)
{
throw new Exception("Error: The password must comprise of at most 32 characters. Aborting.");
}
// Variables to determine the password strength.
bool digit = false, symbol = false, upper = false, lower = false;
for (int i = 0; i < pwd.Length; i++)
{
if ((pwd[i] == ':') ||
(pwd[i] == '"') ||
(pwd[i] == ',') ||
(pwd[i] < 0x20) ||
(pwd[i] > 0x7E))
{
throw new Exception("Error: The given password contains an invalid charachter. Aborting.");
}
// Lower case abc
if (pwd[i] >= 'a' && pwd[i] <= 'z')
lower = true;
// Upper case ABC
else if (pwd[i] >= 'A' && pwd[i] <= 'Z')
upper = true;
// Numeric
else if (pwd[i] >= '0' && pwd[i] <= '9')
digit = true;
// 7 bit ASCII non alpha numeric
else if (pwd[i] != '_' && pwd[i] != ' ')
symbol = true;
}//End: For
if (!(symbol && digit && upper && lower))
{
throw new Exception("Error: The given password is not strong. Aborting.");
}
}
///
/// Checks if the username is valid.
///
/// the input Username
private void TestUsername(string name)
{
if (name.Length == 0)
{
throw new Exception("Error: The username cannot be an empty string. Aborting.");
}
if (name.Length > MAX_USERNAME_LENGTH)
{
throw new Exception("Error: The username length must not exceed 16 characters. Aborting.");
}
for (int i = 0; i < name.Length; i++)
if (((int)name[i] <= 0x20 || // Space
(int)name[i] > 0x7E) || // ~
(int)name[i] == ':' ||
(int)name[i] == ',' ||
(int)name[i] == '<' ||
(int)name[i] == '>' ||
(int)name[i] == '&' ||
(int)name[i] == '"')
{
throw new Exception("Error: The given username is not valid. Aborting.");
}
}
///
/// Gets user input.
///
/// user input
/// output message - the request for the user
private void GetString(out string input, string msg)
{
Console.Write(msg);
while (true)
{
input = Console.ReadLine();
if (input.Length > MAX_LINE_LEN)
Console.Write("Input too long. Enter again:\n> ");
else
break;
}
}
///
/// Computes the hashed password using the username password and DigestRealm.
///
/// username
/// password
/// this variable will contain the result
/// DigestRealm
private void ComputeDigestPassword(string user, string pass, out byte[] digestPass, string digestRealm)
{
string concat = user + ":" + digestRealm + ":" + pass;
byte[] hashPass = System.Text.Encoding.UTF8.GetBytes(concat);
using (MD5CryptoServiceProvider MyCryptoService = new MD5CryptoServiceProvider())
{
digestPass = MyCryptoService.ComputeHash(hashPass);
if (digestPass == null)
throw new Exception("Failed to get DigestRealm. Aborting.");
}
}
///
/// Checks that the new settings took place.
///
/// bool, true if using a verbose mode
/// IWSManClient, temporary WSManClient
private void GetNewAdminAclEntry(bool verbose)
{
Console.WriteLine("Verify new Admin ACL settings:");
Console.Write("\nCalling function GetAdminAclEntry... ");
string userName;
GetAdminAclEntry(out userName, verbose);
}
#endregion
#region PUBLIC_FUNCTIONS
public void RunAPITest(bool verbose)
{
GetCoreVersion(verbose);
GetSecuritySettings(verbose);
GetAdminAclName(verbose);
ManipulateUserSettings(verbose);
}
///
/// Gets and updates the admin user settings.
///
/// Use verbose mode
public void ManipulateAdminSettings(bool verbose)
{
string userName = string.Empty;
GetAdminAclEntry(out userName, verbose);
// Check if the user name is the admin user.
// If it is not- check whether the user wants to change the admin's details permanently.
bool userIsAdmin = userName.Equals(wsmanClient.Username);
bool continueResponse = true;
if (!userIsAdmin)
continueResponse = ChangeAdminUserWarning();
if (!continueResponse)
return;
// User wants to continue.
// Read and check the user name.
string user = string.Empty;
GetString(out user, "New Admin Username: ");
TestUsername(user);
// Read and check the password.
string pass = string.Empty;
GetString(out pass, "New Admin Password: ");
TestPassword(pass);
string digestRealm = GetDigestRealm();
SetAdminAclEntry(user, pass, digestRealm);
Console.WriteLine("The Admin ACL password changed to: {0}", pass);
string oldUser = wsmanClient.Username;
// Convert password from secure string to comply with wsman dll which supports passwords in SecureString
// format only.
string oldPass = wsmanClient.Password.ConvertToString();
wsmanClient.Username = user;
// Convert password to secure string to comply with wsman dll which supports passwords in SecureString
// format only.
wsmanClient.Password = pass.ConvertToSecureString();
GetNewAdminAclEntry(verbose);
//Restore only if user is the admin, otherwise the changes are permanent
if (userIsAdmin)
{
// Restore the original Admin username and password settings
RestoreAdminAclEntry(oldUser, oldPass, digestRealm);
Console.WriteLine("The Admin ACL password changed to: {0}", oldPass);
Console.WriteLine("\nVerify restored Admin ACL settings:");
wsmanClient.Username = oldUser;
// Convert password to secure string to comply with wsman dll which supports passwords in SecureString
// format only.
wsmanClient.Password = oldPass.ConvertToSecureString();
GetAdminAclEntry(out userName, verbose);
}
}
///
/// Adds, gets, updates, and removes a user's Access Control List (ACL) entry.
///
/// bool, true if using a verbose mode
public void ManipulateUserSettings(bool verbose)
{
// Enumerate ACL entries.
EnumerateUserAclEntries(verbose);
string digestRealm = GetDigestRealm();
// Add an ACL entry.
AddUserAclEntryEx(out var handle, digestRealm);
// Get an ACL entry.
GetUserAclEntryEx(handle, verbose);
// Update an ACL entry.
UpdateUserAclEntry(handle, digestRealm);
Console.WriteLine("Verify updated user ACL settings:");
GetUserAclEntryEx(handle, verbose);
// Remove an ACL entry.
RemoveUserAclEntry(handle);
}
///
/// Gets the core version.
///
/// Use verbose mode
/// The CoreVersion
public IWsmanItem GetCoreVersion(bool verbose)
{
Console.Write("Getting the Core version... ");
IManagedReference softwareIdentityRef = wsmanClient.NewReference("SELECT * FROM CIM_SoftwareIdentity WHERE InstanceID='AMT FW Core Version'");
IManagedInstance softwareIdentityInstance = softwareIdentityRef.Get();
IWsmanItem version = softwareIdentityInstance.GetProperty("VersionString");
Console.WriteLine("Success.");
if (verbose)
{
Console.WriteLine("Intel(r) AMT FW Core Version: {0}\n", version);
}
return version;
}
///
/// Restores the previous Admin ACL settings.
///
/// the current username
/// the current password
/// the DigestRealm
public void RestoreAdminAclEntry(string user, string pass, string digestRealm)
{
Console.WriteLine("\nRestoring previous Admin ACL settings:");
SetAdminAclEntry(user, pass, digestRealm);
}
///
/// Sets the Admin ACL Entry.
///
/// user name to set
/// user password to compute digest password
/// digest realm to compute digest password
public void SetAdminAclEntry(string user, string pass, string digestRealm)
{
Console.Write("\nCalling function SetAdminAclEntry... ");
byte[] digestPassword;
ComputeDigestPassword(user, pass, out digestPassword, digestRealm);
IManagedReference authorizationServiceRef = wsmanClient.NewReference("SELECT * FROM AMT_AuthorizationService WHERE Name='Intel(r) AMT Authorization Service'");
IManagedInstance inputObject = authorizationServiceRef.CreateMethodInput("SetAdminAclEntryEx");
inputObject.SetProperty("Username", user);
inputObject.SetProperty("DigestPassword", Convert.ToBase64String(digestPassword));
IManagedInstance outputObject = authorizationServiceRef.InvokeMethod(inputObject);
IWsmanItem returnValue = outputObject.GetProperty("ReturnValue");
if (uint.Parse(returnValue.ToString()) != PT_STATUS_SUCCEESS)
throw new Exception("Failed to invoke SetAdminAclEntry. PT_STATUS = " + returnValue);
Console.WriteLine("Success.");
}
///
/// Gets the Admin ACL Entry in order to get the user name.
///
/// this variable will contain the username
/// The WSMan connection object
/// bool, true if using a verbose mode
public void GetAdminAclEntry(out string userName, bool verbose)
{
IManagedReference authorizationServiceRef = wsmanClient.NewReference("SELECT * FROM AMT_AuthorizationService WHERE Name='Intel(r) AMT Authorization Service'");
IManagedInstance inputObject = authorizationServiceRef.CreateMethodInput("GetAdminAclEntry");
IManagedInstance outputObject = authorizationServiceRef.InvokeMethod(inputObject);
IWsmanItem returnValue = outputObject.GetProperty("ReturnValue");
if (ushort.Parse(returnValue.ToString()) == PT_STATUS_SUCCEESS)
{
userName = outputObject.GetProperty("Username").ToString();
if (verbose)
Console.WriteLine("Admin ACL username is: {0} \n", userName);
}
else
{
throw new Exception("Failed to invoke GetAdminAclEntry. Return Value = " + returnValue);
}
}
///
/// Removes a user ACL Entry.
///
/// the AclEntry handle
public void RemoveUserAclEntry(uint handle)
{
Console.Write("\nCalling function RemoveUserAclEntry... ");
IManagedReference authorizationServiceRef = wsmanClient.NewReference("SELECT * FROM AMT_AuthorizationService WHERE Name='Intel(r) AMT Authorization Service'");
IManagedInstance inputObject = authorizationServiceRef.CreateMethodInput("RemoveUserAclEntry");
inputObject.SetProperty("Handle", handle.ToString());
IManagedInstance outputObject = authorizationServiceRef.InvokeMethod(inputObject);
IWsmanItem returnValue = outputObject.GetProperty("ReturnValue");
if (uint.Parse(returnValue.ToString()) != PT_STATUS_SUCCEESS)
throw new Exception("Failed to invoke RemoveUserAclEntry. Return Value = " + returnValue);
Console.WriteLine("Success.\n");
}
///
/// Updates User ACL Entry.
///
/// the AclEntry handle
/// use this value to build new password
/// The updated user ACL entry
public IManagedInstance UpdateUserAclEntry(uint handle, string digestRealm)
{
Console.Write("\nCalling function UpdateUserAclEntry... ");
byte[] digestPass;
ComputeDigestPassword(ADD_NEW_USER_NAME, ADD_NEW_USER_PASSWORD, out digestPass, digestRealm);
IManagedReference authorizationServiceRef = wsmanClient.NewReference("SELECT * FROM AMT_AuthorizationService WHERE Name='Intel(r) AMT Authorization Service'");
IManagedInstance inputObject = authorizationServiceRef.CreateMethodInput("UpdateUserAclEntryEx");
inputObject.SetProperty("Handle", handle.ToString());
inputObject.SetProperty("DigestUsername", UPDATE_USER_NAME);
inputObject.SetProperty("DigestPassword", Convert.ToBase64String(digestPass));
inputObject.SetProperty("AccessPermission", ANY_ACCESS_PERMISSION.ToString()); // 2 = any access permission.
inputObject.AddProperty("Realms", PT_ADMIN_REALM.ToString());
IManagedInstance outputObject = authorizationServiceRef.InvokeMethod(inputObject);
IWsmanItem returnValue = outputObject.GetProperty("ReturnValue");
if (uint.Parse(returnValue.ToString()) != PT_STATUS_SUCCEESS)
throw new Exception("Failed to invoke UpdateUserAclEntry. Return Value = " + returnValue);
Console.WriteLine("Success.\n");
return outputObject;
}
///
/// Gets the User ACL Entry.
///
/// the AclEntry handle
/// bool, true if using a verbose mode
/// A User ACL Entry
public IManagedInstance GetUserAclEntryEx(uint handle, bool verbose)
{
Console.Write("\nCalling function GetUserAclEntryEx... ");
IManagedReference authorizationServiceRef = wsmanClient.NewReference("SELECT * FROM AMT_AuthorizationService WHERE Name='Intel(r) AMT Authorization Service'");
IManagedInstance inputObject = authorizationServiceRef.CreateMethodInput("GetUserAclEntryEx");
inputObject.SetProperty("Handle", handle.ToString());
IManagedInstance outputObject = authorizationServiceRef.InvokeMethod(inputObject);
IWsmanItem returnValue = outputObject.GetProperty("ReturnValue");
if (uint.Parse(returnValue.ToString()) != PT_STATUS_SUCCEESS)
throw new Exception("Failed to GetAdminAclEntry. Return value = " + returnValue);
Console.WriteLine("Success.");
IWsmanItem digestUsername = outputObject.GetProperty("DigestUsername");
IWsmanItem accessPermission = outputObject.GetProperty("AccessPermission");
IWsmanItem Realms = outputObject.GetProperty("Realms");
if (verbose)
{
Console.WriteLine("DigestUsername: {0}", digestUsername);
Console.WriteLine("AccessPermission: {0}", accessPermission);
if (Realms != null)
{
foreach (IWsmanItem realm in Realms)
{
Console.WriteLine("Realms: {0}", realm);
}
}
}
return outputObject;
}
///
/// Adds a user ACL Entry.
///
/// the AclEntry handle
/// use this value to build new password
public void AddUserAclEntryEx(out uint handle, string digestRealm)
{
Console.Write("\nCalling function AddUserAclEntryEx... ");
IManagedReference authorizationServiceRef = wsmanClient.NewReference("SELECT * FROM AMT_AuthorizationService WHERE Name='Intel(r) AMT Authorization Service'");
IManagedInstance inputObject = authorizationServiceRef.CreateMethodInput("AddUserAclEntryEx");
byte[] digestPassword;
ComputeDigestPassword(ADD_NEW_USER_NAME, ADD_NEW_USER_PASSWORD, out digestPassword, digestRealm);
inputObject.SetProperty("DigestUsername", ADD_NEW_USER_NAME);
inputObject.SetProperty("DigestPassword", Convert.ToBase64String(digestPassword));
inputObject.SetProperty("AccessPermission", ANY_ACCESS_PERMISSION.ToString()); // 2 = any access permission.
inputObject.AddProperty("Realms", PT_ADMIN_REALM.ToString());
IManagedInstance outputObject = authorizationServiceRef.InvokeMethod(inputObject);
IWsmanItem returnValue = outputObject.GetProperty("ReturnValue");
if (uint.Parse(returnValue.ToString()) == PT_STATUS_SUCCEESS)
{
Console.WriteLine("Success.");
handle = uint.Parse(outputObject.GetProperty("Handle").ToString());
}
else
{
string error = "Failed to invoke AddUserAclEntryEx. ";
if (uint.Parse(returnValue.ToString()) == PT_STATUS_MAX_LIMIT_REACHED)
error += "Machine reached maximum users allowed.";
else
if (uint.Parse(returnValue.ToString()) == PT_STATUS_INVALID_NAME)
error += "The specified DigestUsername already exists.";
else
error += ("Return Value = " + returnValue);
throw new Exception(error);
}
}
///
/// Enumerates the User ACL Entries.
///
/// bool, true if using a verbose mode
/// All user ACL entries handles
public IWsmanItem EnumerateUserAclEntries(bool verbose)
{
Console.Write("\nCalling function EnumerateUserAclEntries... ");
IManagedReference authorizationServiceRef = wsmanClient.NewReference("SELECT * FROM AMT_AuthorizationService WHERE Name='Intel(r) AMT Authorization Service'");
IManagedInstance inputObject = authorizationServiceRef.CreateMethodInput("EnumerateUserAclEntries");
inputObject.SetProperty("StartIndex", "1");
IManagedInstance outputObject = authorizationServiceRef.InvokeMethod(inputObject);
IWsmanItem returnValue = outputObject.GetProperty("ReturnValue");
if (uint.Parse(returnValue.ToString()) == 0)
{
Console.WriteLine("Success.");
IWsmanItem totalCount = outputObject.GetProperty("TotalCount");
IWsmanItem handlesCount = outputObject.GetProperty("HandlesCount");
IWsmanItem handles = outputObject.GetProperty("Handles");
if (verbose)
{
foreach (IWsmanItem handle in handles)
{
Console.WriteLine("\tHandle: {0}", handle);
}
}
return handles;
}
throw new Exception("Failed to invoke EnumerateUserAclEntries. Return Value = " + returnValue);
}
///
/// Gets the various security settings.
///
/// Use verbose mode
public void GetSecuritySettings(bool verbose)
{
GetProvisioningMode(verbose);
GetKerberosOptions(verbose);
GetEnabledInterfaces(verbose);
}
///
/// Displays the WebUI state and the redirection states.
///
/// bool, true if using a verbose mode
public void GetEnabledInterfaces(bool verbose)
{
GetWebUIState(verbose);
GetRedirectionState(verbose);
}
///
/// Gets the redirection states.
///
/// Use verbose mode.
/// The redirection states
public IWsmanItem GetRedirectionState(bool verbose)
{
Console.Write("\nGet AMT_RedirectionService... ");
IManagedReference redirectionServiceRef = wsmanClient.NewReference("SELECT * FROM AMT_RedirectionService WHERE Name='Intel(r) AMT Redirection Service'");
IManagedInstance redirectionServiceInstance = redirectionServiceRef.Get();
IWsmanItem redirectionEnabledState = redirectionServiceInstance.GetProperty("EnabledState");
Console.WriteLine("Success.");
if (verbose)
{
Console.Write("\tRedirectionService EnabledState: ");
switch (int.Parse(redirectionEnabledState.ToString()))
{
case (int)RedirectionServiceStates.NON:
Console.WriteLine("Disable IDER and SOL");
break;
case (int)RedirectionServiceStates.IDER:
Console.WriteLine("Enable IDER and Disable SOL");
break;
case (int)RedirectionServiceStates.SOL:
Console.WriteLine("Disable IDER and Enable SOL");
break;
case (int)RedirectionServiceStates.IDER_SOL:
Console.WriteLine("Enable IDER and SOL");
break;
default:
Console.WriteLine("Unknown state");
break;
}
}
return redirectionEnabledState;
}
///
/// Gets the WebUI state.
///
/// Use verbose mode.
/// The WebUI state
public IWsmanItem GetWebUIState(bool verbose)
{
Console.Write("\nGet AMT_WebUIService... ");
IManagedReference webUIServiceRef = wsmanClient.NewReference("SELECT * FROM AMT_WebUIService WHERE Name='Intel(r) AMT Web Browser UI Service'");
IManagedInstance webUIServiceInstance = webUIServiceRef.Get();
IWsmanItem webUIEnabledState = webUIServiceInstance.GetProperty("EnabledState");
Console.WriteLine("Success.");
if (verbose)
{
Console.WriteLine("\tWebUI state: {0}",
(uint.Parse(webUIEnabledState.ToString()) == WEBUI_SERVICE_ENABLED) ? "Enabled." : "Disabled.");
}
return webUIEnabledState;
}
///
/// Displays the Kerberos option.
///
/// bool, true if using a verbose mode
public void GetKerberosOptions(bool verbose)
{
Console.Write("\nCalling function GetKerberosOptions... ");
IManagedReference kerberosSettingsDataRef = wsmanClient.NewReference("SELECT * FROM AMT_KerberosSettingData WHERE InstanceID='Intel (r) AMT: Kerberos Settings'");
IManagedInstance kerberosSettingsDataInstance = kerberosSettingsDataRef.Get();
IWsmanItem realmName = kerberosSettingsDataInstance.GetProperty("RealmName");
IWsmanItem keyVersion = kerberosSettingsDataInstance.GetProperty("KeyVersion");
IWsmanItem encryptionAlgorithm = kerberosSettingsDataInstance.GetProperty("EncryptionAlgorithm");
IWsmanItem krbEnabled = kerberosSettingsDataInstance.GetProperty("KrbEnabled");
Console.WriteLine("Success.");
if (krbEnabled.ToString().CompareTo("true") == 0)
{
if (verbose)
{
Console.WriteLine("Kerberos Options: ");
if (!realmName.IsNull)
Console.WriteLine("Kerberos Realm Name: {0}", realmName);
if (!keyVersion.IsNull)
Console.WriteLine("Kerberos Key Version: {0}", keyVersion);
if (!encryptionAlgorithm.IsNull)
Console.WriteLine("Kerberos Encryption: {0}", encryptionAlgorithm);
}
}
else
{
Console.WriteLine("Kerberos is not enabled.");
}
}
///
/// Displays the provisioning mode.
///
/// bool, true if using a verbose mode
public void GetProvisioningMode(bool verbose)
{
Console.Write("\nCalling function GetProvisioningMode... ");
IManagedReference setupAndConfigurationServiceRef = wsmanClient.NewReference("SELECT * FROM AMT_SetupAndConfigurationService WHERE Name='Intel(r) AMT Setup and Configuration Service'");
IManagedInstance setupAndConfigurationServiceInstance = setupAndConfigurationServiceRef.Get();
IWsmanItem provisioningMode = setupAndConfigurationServiceInstance.GetProperty("ProvisioningMode");
// Getting the Setup And Configuration Service.
Console.WriteLine("Success.");
if (verbose)
{
Console.Write("Current Provisioning Mode: ");
switch (int.Parse(provisioningMode.ToString()))
{
case (byte)ProvisioningModeTypes.ProvisioningModeCurrent:
Console.WriteLine("The current provisioning mode is based on the Flash image settings");
break;
case (byte)ProvisioningModeTypes.ProvisioningModeEnterprise:
Console.WriteLine("Enterprise provisioning mode");
break;
case (byte)ProvisioningModeTypes.ProvisioningModeSmallBusiness:
Console.WriteLine("Small business provisioning mode");
break;
default:
Console.WriteLine("Unknown provisioning mode.");
break;
}
}
}
///
/// Gets the Admin ACL name.
///
/// bool, true if using a verbose mode
public void GetAdminAclName(bool verbose)
{
string user;
GetAdminAclEntry(out user, verbose);
}
///
/// Gets the digest realm.
///
/// The DigestRealm
public string GetDigestRealm()
{
IManagedReference generalSettingsRef = wsmanClient.NewReference("SELECT * FROM AMT_GeneralSettings WHERE InstanceID='Intel(r) AMT: General Settings'");
IManagedInstance generalSettingsInstance = generalSettingsRef.Get();
IWsmanItem digestRealm = generalSettingsInstance.GetProperty("DigestRealm");
return digestRealm.ToString();
}
#endregion
}
}