// Copyright (c) 2007-2010, Intel Corporation. All rights reserved. [Version ( "6.0.0" ), Description ( "Describes the Authorization Service, which is responsible for " "Access Control management in the Intel(R) AMT subsystem." )] class AMT_AuthorizationService : CIM_Service { [Description ( "Indicates whether http digest authentication allows using qop=\"auth\"" ), ValueMap { "0", "1"}, Values { "Auth only disabled", "Auth only enabled"}] uint32 AllowHttpQopAuthOnly; [Description ( "Adds a user entry to the Intel(R) AMT device." ), ValueMap { "0", "1", "12", "16", "23", "38", "2054", "2055", "2065", "2075" }, Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR", "PT_STATUS_INVALID_NAME", "PT_STATUS_NOT_PERMITTED", "PT_STATUS_MAX_LIMIT_REACHED", "PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED", "PT_STATUS_INVALID_PASSWORD", "PT_STATUS_INVALID_REALM", "PT_STATUS_MAX_KERB_DOMAIN_REACHED", "PT_STATUS_AUDIT_FAIL" }] uint32 AddUserAclEntryEx( [IN, Description ( "Username for access control. Contains 7-bit ASCII " "characters. String length is limited to 16 " "characters. Username cannot be an empty string." ), MaxLen ( 16 )] string DigestUsername, [IN, Description ( "An MD5 Hash of these parameters concatenated " "together (Username + \":\" + DigestRealm + \":\" + " "Password). The DigestRealm is a field in " "AMT_GeneralSettings" ), OctetString] uint8 DigestPassword[], [IN, Description ( "Descriptor for user (SID) which is authenticated " "using the Kerberos Authentication. Byte array, " "specifying the Security Identifier (SID) according " "to the Kerberos specification. Current " "requirements imply that SID should be not smaller " "than 1 byte length and no longer than 28 bytes. " "SID length should also be a multiplicand of 4." ), OctetString] uint8 KerberosUserSid[28], [Required, IN, Description ( "Indicates whether the User is allowed to access " "Intel(R) AMT from the Network or Local Interfaces. " "Note: this definition is restricted by the Default " "Interface Access Permissions of each Realm." ), ValueMap { "0", "1", "2" }, Values { "LocalAccessPermission", "NetworkAccessPermission", "AnyAccessPermission" }] uint32 AccessPermission, [IN, Description ( "Array of interface names the ACL entry is allowed to access." ), ValueMap { "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12", "13", "14", "15", "16", "17", "18", "19", "20", "21", "22", "23", "24", ".." }, Values { "InvalidRealm", "ReservedRealm0", "RedirectionRealm", "PTAdministrationRealm", "HardwareAssetRealm", "RemoteControlRealm", "StorageRealm", "EventManagerRealm", "StorageAdminRealm", "AgentPresenceLocalRealm", "AgentPresenceRemoteRealm", "CircuitBreakerRealm", "NetworkTimeRealm", "GeneralInfoRealm", "FirmwareUpdateRealm", "EITRealm", "LocalUN", "EndpointAccessControlRealm", "EndpointAccessControlAdminRealm", "EventLogReaderRealm", "AuditLogRealm", "ACLRealm", "ReservedRealm1", "ReservedRealm2", "LocalSystemRealm", "Reserved" }] uint32 Realms[32], [OUT, Description ( "Contains a creation handle." )] uint32 Handle); [Description ( "Enumerates entries in the User Access Control List (ACL)." ), ValueMap { "0", "1", "35" }, Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR", "PT_STATUS_INVALID_INDEX" }] uint32 EnumerateUserAclEntries( [Required, IN, Description ( "Indicates the first ACL entry to retrieve. To " "enumerate the entire list, an application sends " "this message with StartIndex set to 1." )] uint32 StartIndex, [OUT, Description ( "Contains the total number of entries in the User ACL." )] uint32 TotalCount, [OUT, Description ( "Contains the number of entries in the returned list." )] uint32 HandlesCount, [OUT, Description ( "Contains a list of HandleCount entry handles." )] uint32 Handles[50]); [Description ( "Reads a user entry from the Intel(R) AMT device. Note: " "confidential information, such as password (hash) is " "omitted or zeroed in the response." ), ValueMap { "0", "1", "2053" }, Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR", "PT_STATUS_INVALID_HANDLE" }] uint32 GetUserAclEntryEx( [Required, IN, Description ( "Specifies the ACL entry to fetch." )] uint32 Handle, [OUT, Description ( "Username for access control." ), MaxLen ( 16 )] string DigestUsername, [OUT, Description ( "Confidential information, such as password (hash) " "is omitted from the response." ), Octetstring] uint8 DigestPassword[], [OUT, Description ( "Descriptor for user (SID) which is authenticated " "using the Kerberos Authentication. Byte array, " "specifying the Security Identifier (SID) according " "to the Kerberos specification." ), OctetString] uint8 KerberosUserSid[28], [OUT, Description ( "Indicates whether the User is allowed to access " "Intel(R) AMT from the Network or Local Interfaces. " "Note: this definition is restricted by the Default " "Interface Access Permissions of each Realm." ), ValueMap { "0", "1", "2" }, Values { "LocalAccessPermission", "NetworkAccessPermission", "AnyAccessPermission" }] uint32 AccessPermission, [OUT, Description ( "Array of interface names the ACL entry is allowed to access." ), ValueMap { "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12", "13", "14", "15", "16", "17", "18", "19", "20", "21", "22", "23", "24", ".." }, Values { "InvalidRealm", "ReservedRealm0", "RedirectionRealm", "PTAdministrationRealm", "HardwareAssetRealm", "RemoteControlRealm", "StorageRealm", "EventManagerRealm", "StorageAdminRealm", "AgentPresenceLocalRealm", "AgentPresenceRemoteRealm", "CircuitBreakerRealm", "NetworkTimeRealm", "GeneralInfoRealm", "FirmwareUpdateRealm", "EITRealm", "LocalUN", "EndpointAccessControlRealm", "EndpointAccessControlAdminRealm", "EventLogReaderRealm", "AuditLogRealm", "ACLRealm", "ReservedRealm1", "ReservedRealm2", "LocalSystemRealm", "Reserved" }] uint32 Realms[32]); [Description ( "Updates a user entry in the Intel(R) AMT device." ), ValueMap { "0", "1", "12", "16", "38", "2053", "2054", "2055", "2065", "2075" }, Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR", "PT_STATUS_INVALID_NAME", "PT_STATUS_NOT_PERMITTED", "PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED", "PT_STATUS_INVALID_HANDLE", "PT_STATUS_INVALID_PASSWORD", "PT_STATUS_INVALID_REALM", "PT_STATUS_MAX_KERB_DOMAIN_REACHED", "PT_STATUS_AUDIT_FAIL" }] uint32 UpdateUserAclEntryEx( [Required, IN, Description ( "Creation handle to a User ACL entry." )] uint32 Handle, [IN, Description ( "Username for access control. Contains 7-bit ASCII " "characters. String length is limited to 16 " "characters. Username cannot be an empty string." ), MaxLen ( 16 )] string DigestUsername, [IN, Description ( "An MD5 Hash of these parameters concatenated " "together (Username + \":\" + DigestRealm + \":\" + " "Password). The DigestRealm is a field in " "AMT_GeneralSettings" ), OctetString] uint8 DigestPassword[], [IN, Description ( "Descriptor for user (SID) which is authenticated " "using the Kerberos Authentication. Byte array, " "specifying the Security Identifier (SID) according " "to the Kerberos specification. Current " "requirements imply that SID should be not smaller " "than 1 byte length and no longer than 28 bytes. " "SID length should also be a multiplicand of 4." ), OctetString] uint8 KerberosUserSid[28], [Required, IN, Description ( "Indicates whether the User is allowed to access " "Intel(R) AMT from the Network or Local Interfaces. " "Note: this definition is restricted by the Default " "Interface Access Permissions of each Realm." ), ValueMap { "0", "1", "2" }, Values { "LocalAccessPermission", "NetworkAccessPermission", "AnyAccessPermission" }] uint32 AccessPermission, [IN, Description ( "Array of interface names the ACL entry is allowed to access." ), ValueMap { "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12", "13", "14", "15", "16", "17", "18", "19", "20", "21", "22", "23", "24", ".." }, Values { "InvalidRealm", "ReservedRealm0", "RedirectionRealm", "PTAdministrationRealm", "HardwareAssetRealm", "RemoteControlRealm", "StorageRealm", "EventManagerRealm", "StorageAdminRealm", "AgentPresenceLocalRealm", "AgentPresenceRemoteRealm", "CircuitBreakerRealm", "NetworkTimeRealm", "GeneralInfoRealm", "FirmwareUpdateRealm", "EITRealm", "LocalUN", "EndpointAccessControlRealm", "EndpointAccessControlAdminRealm", "EventLogReaderRealm", "AuditLogRealm", "ACLRealm", "ReservedRealm1", "ReservedRealm2", "LocalSystemRealm", "Reserved" }] uint32 Realms[32]); [Description ( "Removes an entry from the User Access Control List " "(ACL), given a handle." ), ValueMap { "0", "1", "16", "2053", "2075" }, Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR", "PT_STATUS_NOT_PERMITTED", "PT_STATUS_INVALID_HANDLE", "PT_STATUS_AUDIT_FAIL" }] uint32 RemoveUserAclEntry( [Required, IN, Description ( "Specifies the ACL entry to be removed." )] uint32 Handle); [Description ( "Updates an Admin entry in the Intel(R) AMT device." ), ValueMap { "0", "1", "12", "38", "2054", "2075" }, Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR", "PT_STATUS_INVALID_NAME", "PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED", "PT_STATUS_INVALID_PASSWORD", "PT_STATUS_AUDIT_FAIL" }] uint32 SetAdminAclEntryEx( [Required, IN, Description ( "Username for access control. Contains 7-bit ASCII " "characters. String length is limited to 16 " "characters. Username cannot be an empty string." ), MaxLen ( 16 )] string Username, [Required, IN, Description ( "An MD5 Hash of these parameters concatenated " "together (Username + \":\" + DigestRealm + \":\" + " "Password). The DigestRealm is a field in " "AMT_GeneralSettings" ), OctetString] uint8 DigestPassword[]); [Description ( "Returns the username attribute of the Admin ACL." ), ValueMap { "0", "1" }, Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR" }] uint32 GetAdminAclEntry( [OUT, Description ( "Contains the username of the Admin ACL." ), MaxLen ( 16 )] string Username); [Description ( "Reads the Admin ACL Entry status from Intel(R) AMT. The " "return state changes as a function of the admin " "password." ), ValueMap { "0", "1" }, Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR" }] uint32 GetAdminAclEntryStatus( [OUT, Description ( "TRUE if the admin ACL entry (admin password) was " "never changed by the user. Otherwise, the " "parameter is FALSE." )] boolean IsDefault); [Description ( "Reads the remote Admin ACL Entry status from Intel(R) " "AMT. The return state changes as a function of the " "remote admin password." ), ValueMap { "0", "1" }, Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR" }] uint32 GetAdminNetAclEntryStatus( [OUT, Description ( "TRUE if the remote admin ACL entry (remote admin " "password) was never changed by the user. " "Otherwise, the parameter is FALSE." )] boolean IsDefault); [Description ( "Enables or disables a user ACL entry.Disabling ACL " "entries is useful when accounts that cannot be removed " "(system accounts - starting with $$) are required to be " "disabled." ), ValueMap { "0", "1", "16", "38", "2053", "2075" }, Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR", "PT_STATUS_NOT_PERMITTED", "PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED", "PT_STATUS_INVALID_HANDLE", "PT_STATUS_AUDIT_FAIL" }] uint32 SetAclEnabledState( [Required, IN, Description ( "Specifies the ACL entry to update" )] uint32 Handle, [Required, IN, Description ( "Specifies the state of the ACL entry" )] boolean Enabled); [Description ( "Gets the state of a user ACL entry (enabled/disabled)" ), ValueMap { "0", "1", "2053" }, Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR", "PT_STATUS_INVALID_HANDLE" }] uint32 GetAclEnabledState( [Required, IN, Description ( "Specifies the ACL entry" )] uint32 Handle, [Required, OUT, Description ( "Specifies the state of the ACL entry" )] boolean Enabled); };