lvfengfree/serverRoom
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
serverRoom/amt-sdk-20-0-0-1/WS-ManagementCSModule/Src/WSMAN MOFs/AMT_AuthorizationService.mof

326 lines
15 KiB
Plaintext
Raw Blame History

// Copyright (c) 2007-2010, Intel Corporation. All rights reserved.
[Version ( "6.0.0" ),
Description (
"Describes the Authorization Service, which is responsible for "
"Access Control management in the Intel(R) AMT subsystem." )]
class AMT_AuthorizationService : CIM_Service {
[Description (
"Indicates whether http digest authentication allows using qop=\"auth\"" ),
ValueMap { "0", "1"},
Values { "Auth only disabled", "Auth only enabled"}]
uint32 AllowHttpQopAuthOnly;
[Description ( "Adds a user entry to the Intel(R) AMT device." ),
ValueMap { "0", "1", "12", "16", "23", "38", "2054", "2055",
"2065", "2075" },
Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR",
"PT_STATUS_INVALID_NAME", "PT_STATUS_NOT_PERMITTED",
"PT_STATUS_MAX_LIMIT_REACHED",
"PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED",
"PT_STATUS_INVALID_PASSWORD", "PT_STATUS_INVALID_REALM",
"PT_STATUS_MAX_KERB_DOMAIN_REACHED", "PT_STATUS_AUDIT_FAIL" }]
uint32 AddUserAclEntryEx(
[IN, Description (
"Username for access control. Contains 7-bit ASCII "
"characters. String length is limited to 16 "
"characters. Username cannot be an empty string." ),
MaxLen ( 16 )]
string DigestUsername,
[IN, Description (
"An MD5 Hash of these parameters concatenated "
"together (Username + \":\" + DigestRealm + \":\" + "
"Password). The DigestRealm is a field in "
"AMT_GeneralSettings" ),
OctetString]
uint8 DigestPassword[],
[IN, Description (
"Descriptor for user (SID) which is authenticated "
"using the Kerberos Authentication. Byte array, "
"specifying the Security Identifier (SID) according "
"to the Kerberos specification. Current "
"requirements imply that SID should be not smaller "
"than 1 byte length and no longer than 28 bytes. "
"SID length should also be a multiplicand of 4." ),
OctetString]
uint8 KerberosUserSid[28],
[Required, IN, Description (
"Indicates whether the User is allowed to access "
"Intel(R) AMT from the Network or Local Interfaces. "
"Note: this definition is restricted by the Default "
"Interface Access Permissions of each Realm." ),
ValueMap { "0", "1", "2" },
Values { "LocalAccessPermission",
"NetworkAccessPermission", "AnyAccessPermission" }]
uint32 AccessPermission,
[IN, Description (
"Array of interface names the ACL entry is allowed to access."
),
ValueMap { "0", "1", "2", "3", "4", "5", "6", "7", "8", "9",
"10", "11", "12", "13", "14", "15", "16", "17",
"18", "19", "20", "21", "22", "23", "24", ".." },
Values { "InvalidRealm", "ReservedRealm0", "RedirectionRealm",
"PTAdministrationRealm", "HardwareAssetRealm",
"RemoteControlRealm", "StorageRealm",
"EventManagerRealm", "StorageAdminRealm",
"AgentPresenceLocalRealm",
"AgentPresenceRemoteRealm", "CircuitBreakerRealm",
"NetworkTimeRealm", "GeneralInfoRealm",
"FirmwareUpdateRealm", "EITRealm", "LocalUN",
"EndpointAccessControlRealm",
"EndpointAccessControlAdminRealm",
"EventLogReaderRealm", "AuditLogRealm", "ACLRealm",
"ReservedRealm1", "ReservedRealm2", "LocalSystemRealm",
"Reserved" }]
uint32 Realms[32],
[OUT, Description ( "Contains a creation handle." )]
uint32 Handle);
[Description (
"Enumerates entries in the User Access Control List (ACL)." ),
ValueMap { "0", "1", "35" },
Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR",
"PT_STATUS_INVALID_INDEX" }]
uint32 EnumerateUserAclEntries(
[Required, IN, Description (
"Indicates the first ACL entry to retrieve. To "
"enumerate the entire list, an application sends "
"this message with StartIndex set to 1." )]
uint32 StartIndex,
[OUT, Description (
"Contains the total number of entries in the User ACL."
)]
uint32 TotalCount,
[OUT, Description (
"Contains the number of entries in the returned list."
)]
uint32 HandlesCount,
[OUT, Description (
"Contains a list of HandleCount entry handles." )]
uint32 Handles[50]);
[Description (
"Reads a user entry from the Intel(R) AMT device. Note: "
"confidential information, such as password (hash) is "
"omitted or zeroed in the response." ),
ValueMap { "0", "1", "2053" },
Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR",
"PT_STATUS_INVALID_HANDLE" }]
uint32 GetUserAclEntryEx(
[Required, IN, Description (
"Specifies the ACL entry to fetch." )]
uint32 Handle,
[OUT, Description ( "Username for access control." ),
MaxLen ( 16 )]
string DigestUsername,
[OUT, Description (
"Confidential information, such as password (hash) "
"is omitted from the response." ),
Octetstring]
uint8 DigestPassword[],
[OUT, Description (
"Descriptor for user (SID) which is authenticated "
"using the Kerberos Authentication. Byte array, "
"specifying the Security Identifier (SID) according "
"to the Kerberos specification." ),
OctetString]
uint8 KerberosUserSid[28],
[OUT, Description (
"Indicates whether the User is allowed to access "
"Intel(R) AMT from the Network or Local Interfaces. "
"Note: this definition is restricted by the Default "
"Interface Access Permissions of each Realm." ),
ValueMap { "0", "1", "2" },
Values { "LocalAccessPermission",
"NetworkAccessPermission", "AnyAccessPermission" }]
uint32 AccessPermission,
[OUT, Description (
"Array of interface names the ACL entry is allowed to access."
),
ValueMap { "0", "1", "2", "3", "4", "5", "6", "7", "8",
"9", "10", "11", "12", "13", "14", "15", "16", "17",
"18", "19", "20", "21", "22", "23", "24", ".." },
Values { "InvalidRealm", "ReservedRealm0",
"RedirectionRealm", "PTAdministrationRealm",
"HardwareAssetRealm", "RemoteControlRealm",
"StorageRealm", "EventManagerRealm",
"StorageAdminRealm", "AgentPresenceLocalRealm",
"AgentPresenceRemoteRealm", "CircuitBreakerRealm",
"NetworkTimeRealm", "GeneralInfoRealm",
"FirmwareUpdateRealm", "EITRealm", "LocalUN",
"EndpointAccessControlRealm",
"EndpointAccessControlAdminRealm",
"EventLogReaderRealm", "AuditLogRealm", "ACLRealm",
"ReservedRealm1", "ReservedRealm2", "LocalSystemRealm",
"Reserved" }]
uint32 Realms[32]);
[Description (
"Updates a user entry in the Intel(R) AMT device." ),
ValueMap { "0", "1", "12", "16", "38", "2053", "2054",
"2055", "2065", "2075" },
Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR",
"PT_STATUS_INVALID_NAME", "PT_STATUS_NOT_PERMITTED",
"PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED",
"PT_STATUS_INVALID_HANDLE", "PT_STATUS_INVALID_PASSWORD",
"PT_STATUS_INVALID_REALM",
"PT_STATUS_MAX_KERB_DOMAIN_REACHED", "PT_STATUS_AUDIT_FAIL" }]
uint32 UpdateUserAclEntryEx(
[Required, IN, Description (
"Creation handle to a User ACL entry." )]
uint32 Handle,
[IN, Description (
"Username for access control. Contains 7-bit ASCII "
"characters. String length is limited to 16 "
"characters. Username cannot be an empty string." ),
MaxLen ( 16 )]
string DigestUsername,
[IN, Description (
"An MD5 Hash of these parameters concatenated "
"together (Username + \":\" + DigestRealm + \":\" + "
"Password). The DigestRealm is a field in "
"AMT_GeneralSettings" ),
OctetString]
uint8 DigestPassword[],
[IN, Description (
"Descriptor for user (SID) which is authenticated "
"using the Kerberos Authentication. Byte array, "
"specifying the Security Identifier (SID) according "
"to the Kerberos specification. Current "
"requirements imply that SID should be not smaller "
"than 1 byte length and no longer than 28 bytes. "
"SID length should also be a multiplicand of 4." ),
OctetString]
uint8 KerberosUserSid[28],
[Required, IN, Description (
"Indicates whether the User is allowed to access "
"Intel(R) AMT from the Network or Local Interfaces. "
"Note: this definition is restricted by the Default "
"Interface Access Permissions of each Realm." ),
ValueMap { "0", "1", "2" },
Values { "LocalAccessPermission",
"NetworkAccessPermission", "AnyAccessPermission" }]
uint32 AccessPermission,
[IN, Description (
"Array of interface names the ACL entry is allowed to access."
),
ValueMap { "0", "1", "2", "3", "4", "5", "6", "7", "8", "9",
"10", "11", "12", "13", "14", "15", "16", "17",
"18", "19", "20", "21", "22", "23", "24", ".." },
Values { "InvalidRealm", "ReservedRealm0", "RedirectionRealm",
"PTAdministrationRealm", "HardwareAssetRealm",
"RemoteControlRealm", "StorageRealm",
"EventManagerRealm", "StorageAdminRealm",
"AgentPresenceLocalRealm",
"AgentPresenceRemoteRealm", "CircuitBreakerRealm",
"NetworkTimeRealm", "GeneralInfoRealm",
"FirmwareUpdateRealm", "EITRealm", "LocalUN",
"EndpointAccessControlRealm",
"EndpointAccessControlAdminRealm",
"EventLogReaderRealm", "AuditLogRealm", "ACLRealm",
"ReservedRealm1", "ReservedRealm2", "LocalSystemRealm",
"Reserved" }]
uint32 Realms[32]);
[Description (
"Removes an entry from the User Access Control List "
"(ACL), given a handle." ),
ValueMap { "0", "1", "16", "2053", "2075" },
Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR",
"PT_STATUS_NOT_PERMITTED", "PT_STATUS_INVALID_HANDLE",
"PT_STATUS_AUDIT_FAIL" }]
uint32 RemoveUserAclEntry(
[Required, IN, Description (
"Specifies the ACL entry to be removed." )]
uint32 Handle);
[Description (
"Updates an Admin entry in the Intel(R) AMT device." ),
ValueMap { "0", "1", "12", "38", "2054", "2075" },
Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR",
"PT_STATUS_INVALID_NAME",
"PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED",
"PT_STATUS_INVALID_PASSWORD", "PT_STATUS_AUDIT_FAIL" }]
uint32 SetAdminAclEntryEx(
[Required, IN, Description (
"Username for access control. Contains 7-bit ASCII "
"characters. String length is limited to 16 "
"characters. Username cannot be an empty string." ),
MaxLen ( 16 )]
string Username,
[Required, IN, Description (
"An MD5 Hash of these parameters concatenated "
"together (Username + \":\" + DigestRealm + \":\" + "
"Password). The DigestRealm is a field in "
"AMT_GeneralSettings" ),
OctetString]
uint8 DigestPassword[]);
[Description (
"Returns the username attribute of the Admin ACL." ),
ValueMap { "0", "1" },
Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR" }]
uint32 GetAdminAclEntry(
[OUT, Description (
"Contains the username of the Admin ACL." ),
MaxLen ( 16 )]
string Username);
[Description (
"Reads the Admin ACL Entry status from Intel(R) AMT. The "
"return state changes as a function of the admin "
"password." ),
ValueMap { "0", "1" },
Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR" }]
uint32 GetAdminAclEntryStatus(
[OUT, Description (
"TRUE if the admin ACL entry (admin password) was "
"never changed by the user. Otherwise, the "
"parameter is FALSE." )]
boolean IsDefault);
[Description (
"Reads the remote Admin ACL Entry status from Intel(R) "
"AMT. The return state changes as a function of the "
"remote admin password." ),
ValueMap { "0", "1" },
Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR" }]
uint32 GetAdminNetAclEntryStatus(
[OUT, Description (
"TRUE if the remote admin ACL entry (remote admin "
"password) was never changed by the user. "
"Otherwise, the parameter is FALSE." )]
boolean IsDefault);
[Description (
"Enables or disables a user ACL entry.Disabling ACL "
"entries is useful when accounts that cannot be removed "
"(system accounts - starting with $$) are required to be "
"disabled." ),
ValueMap { "0", "1", "16", "38", "2053", "2075" },
Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR",
"PT_STATUS_NOT_PERMITTED",
"PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED",
"PT_STATUS_INVALID_HANDLE", "PT_STATUS_AUDIT_FAIL" }]
uint32 SetAclEnabledState(
[Required, IN, Description (
"Specifies the ACL entry to update" )]
uint32 Handle,
[Required, IN, Description (
"Specifies the state of the ACL entry" )]
boolean Enabled);
[Description (
"Gets the state of a user ACL entry (enabled/disabled)" ),
ValueMap { "0", "1", "2053" },
Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR",
"PT_STATUS_INVALID_HANDLE" }]
uint32 GetAclEnabledState(
[Required, IN, Description ( "Specifies the ACL entry" )]
uint32 Handle,
[Required, OUT, Description (
"Specifies the state of the ACL entry" )]
boolean Enabled);
};
Reference in New Issue View Git Blame Copy Permalink