Class: AMT::Service::SecurityAdministration

Inherits:
Basic
  • Object
show all
Defined in:
lib/amt/service/security_administration.rb,
lib/amt/service/security_administration/structures.rb

Overview

AMT Service for managing security control and data structures.

The following service methods are currently not implemented:

  • set_kerberos_options, get_kerberos_options, set_tls_psk, get_pki_capabilities

  • All methods specified unter 7.1.3 Certificate Management

  • All methods specified under 7.1.5 Environment Detection & VPN Connectivity

  • All methods specified under 7.1.6 User Notification

  • All methods specified under 7.1.7 Provisioning

Defined Under Namespace

Classes: AccessPermission, CoreVersion, EnabledInterface, GlobalPowerPolicy, Interface, ProvisioningMode, TlsAuthentication, User, UserAclEntryEx, UserAclRealm

Instance Attribute Summary

Attributes inherited from Basic

#host, #port

Instance Method Summary collapse

Methods inherited from Basic

#initialize, #soap_call

Constructor Details

This class inherits a constructor from AMT::Service::Basic

Instance Method Details

#add_user_acl_entry_ex(entry) ⇒ Object

Add a user entry to the AMT device and return the handle to it.

entry

An instance of UserAclEntryEx containing the information about the user that should be added.

Supported by AMT 2.0 and later.



192
193
194
195
196
197
198
 
# File 'lib/amt/service/security_administration.rb', line 192

def add_user_acl_entry_ex(entry)
  soap_call("AddUserAclEntryEx") do |msg|
    msg.add('ns:EntryEx') {|msge| add_user_acl_entry_ex_to_message(entry, msge)}
  end.process do |node|
    node.xpath('./ns:Handle/text()').to_i
  end
end

#commit_changesObject

Commit the pending configuration commands.

Commands that require calling this method have been documented. Also note that pending changes may cause a restart sequence of the AMT, so you need to wait a bit before issuing the next command.

Supported by AMT 1.0 and later.



120
121
122
 
# File 'lib/amt/service/security_administration.rb', line 120

def commit_changes
  soap_call("CommitChanges").process
end

#enumerate_power_packagesObject

Return the guids for all power packages supported by the AMT device.

Supported by AMT 2.5 and later.



359
360
361
362
363
 
# File 'lib/amt/service/security_administration.rb', line 359

def enumerate_power_packages
  soap_call("EnumeratePowerPackages").process do |node|
    node.xpath('./ns:PolicyGUID/text()').collect {|uuid| AMT::Utility.binary_to_uuid(uuid.to_s.unpack('m*').first)}
  end
end

#enumerate_user_acl_entries(start_index = 1) ⇒ Object

Enumerate the handles of User ACLs. An array is returned of which the first entry is the total number of handles available and the second one an array of returned handles.

start_index

The index indicating the first User ACL handle to be returned.

Note: this method does not return all handles at once. See the official documentation for *more information.

Supported by AMT 1.0 and later.



234
235
236
237
238
239
240
241
242
 
# File 'lib/amt/service/security_administration.rb', line 234

def enumerate_user_acl_entries(start_index = 1)
  soap_call("EnumerateUserAclEntries") do |msg|
    msg.add('ns:StartIndex', start_index)
  end.process do |node|
    tc = node.xpath('./ns:TotalCount/text()').to_i
    handles = node.xpath('./ns:Handles/ns:Handle/text()').collect {|h| h.to_i}
    [tc, handles]
  end
end

#get_acl_enabled_state(handle) ⇒ Object

Return the enabled/disabled state of an user ACL entry as boolean value.

handle

Specifies the ACL entry for which the state should be returned.

Supported by AMT 3.0 and later.



347
348
349
350
351
352
353
 
# File 'lib/amt/service/security_administration.rb', line 347

def get_acl_enabled_state(handle)
  soap_call("GetAclEnabledState") do |msg|
    msg.add('ns:Handle', handle)
  end.process do |node|
    node.xpath('./ns:Enabled/text()').to_boolean
  end
end

#get_active_power_packageObject

Return the GUID of the currently active power package.

Supported by AMT 2.5 and later.



369
370
371
372
373
 
# File 'lib/amt/service/security_administration.rb', line 369

def get_active_power_package
  soap_call("GetActivePowerPackage").process do |node|
    AMT::Utility.binary_to_uuid(node.xpath('./ns:PolicyGUID/text()').to_s.unpack('m*').first)
  end
end

#get_admin_acl_entryObject

Return the username of the Admin ACL entry.

Supported by AMT 1.0 and later.



311
312
313
314
315
 
# File 'lib/amt/service/security_administration.rb', line 311

def get_admin_acl_entry
  soap_call("GetAdminAclEntry").process do |node|
    node.xpath('./ns:Username/text()').to_s
  end
end

#get_core_versionObject

Return the core version of the AMT device as an instance of CoreVersion.

Supported by AMT 1.0 and later.



136
137
138
139
140
 
# File 'lib/amt/service/security_administration.rb', line 136

def get_core_version
  soap_call("GetCoreVersion").process do |node|
    CoreVersion.new(*node.xpath('./ns:Version/text()').to_s.scan(/^(\d+)\.(\d+)\.(\d+)$/).first)
  end
end

#get_credential_cache_stateObject

Return whether the credential cache for Kerberos is enabled.

Supported by AMT 3.2 and later.



38
39
40
41
42
 
# File 'lib/amt/service/security_administration.rb', line 38

def get_credential_cache_state
  soap_call("GetCredentialCacheState").process do |node|
    node.xpath('./ns:Enabled/text()').to_boolean
  end
end

#get_digest_realmObject

Return the digest authentication realm of the AMT device (RFC 2617).

Supported by AMT 2.0 and later.



321
322
323
324
325
 
# File 'lib/amt/service/security_administration.rb', line 321

def get_digest_realm
  soap_call("GetDigestRealm").process do |node|
    node.xpath('./ns:DigestRealm/text()').to_s
  end
end

#get_enabled_interfacesObject

Return the enabled interfaces of the AMT device as array of EnabledInterface instances. Interfaces that are not in the array are disabled.

See #set_enabled_interfaces for a list of possible interface names.

Supported by AMT 2.0 and later.



67
68
69
70
71
 
# File 'lib/amt/service/security_administration.rb', line 67

def get_enabled_interfaces
  soap_call("GetEnabledInterfaces").process do |node|
    node.xpath('./ns:EnabledInterfaces/text()').collect {|n| EnabledInterface.for(n.to_s)}
  end
end

#get_global_power_policyObject

Get current global power policy as instance of GlobalPowerPolicy.

Supported by AMT 2.5 and later.



419
420
421
422
423
 
# File 'lib/amt/service/security_administration.rb', line 419

def get_global_power_policy
  soap_call("GetGlobalPowerPolicy").process do |node|
    GlobalPowerPolicy.new(node.xpath('./ns:GlobalPowerPolicy/ns:IdleWakeTimeout/text()').to_i)
  end
end

#get_power_package(power_package) ⇒ Object

Return the policy descriptor string associated with a power package.

power_package

A power package GUID string.

Supported by AMT 2.5 and later.



381
382
383
384
385
386
387
 
# File 'lib/amt/service/security_administration.rb', line 381

def get_power_package(power_package)
  soap_call("GetPowerPackage") do |msg|
    msg.add('ns:PolicyGUID', [AMT::Utility.uuid_to_binary(power_package)].pack('m*'))
  end.process do |node|
    node.xpath('./ns:PolicyDescriptor/text()').to_s
  end
end

#get_provisioning_modeObject

Return the current provisiong mode of the AMT device as Symbol (one of the PROVISIONING_MODE keys).

Supported by AMT 1.0 and later.



168
169
170
171
172
 
# File 'lib/amt/service/security_administration.rb', line 168

def get_provisioning_mode
  soap_call("GetProvisioningMode").process do |node|
    ProvisioningMode.for(node.xpath('./ns:ProvisioningMode/text()').to_i)
  end
end

#get_tls_optionsObject

Return the currently used authentication modes of TLS as a hash containing associations from Interface types to TlsAuthentication types. Interface types that are not returned should be treated as in NoAuth mode.

Supported by AMT 2.0 and later.



101
102
103
104
105
106
107
108
109
110
 
# File 'lib/amt/service/security_administration.rb', line 101

def get_tls_options
  soap_call("GetTlsOptions").process do |node|
    ifaces = {}
    node.xpath('./ns:TlsOptions').each do |tnode|
      ifaces[Interface.for(tnode.xpath('./ns:Interface/text()').to_s)] =
        TlsAuthentication.for(tnode.xpath('./ns:TlsAuthentication/text()').to_s)
    end
    ifaces
  end
end

#get_unprovisioning_blocking_componentsObject

Return the components that blocked the last full or partial unprovisioning request as array of Symbols.

Supported by AMT 4.0 and later.



179
180
181
182
183
 
# File 'lib/amt/service/security_administration.rb', line 179

def get_unprovisioning_blocking_components
  soap_call("GetUnprovisioningBlockingComponents").process do |node|
    (node.xpath('./ns:Components/text()').to_i & 1 == 1 ? [:audit_log] : [])
  end
end

#get_user_acl_entry_ex(handle) ⇒ Object

Return a user ACL entry from the AMT device as instance of UserAclEntryEx.

handle

Specifies the ACL entry to read.

Supported by AMT 2.0 and later.



250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
 
# File 'lib/amt/service/security_administration.rb', line 250

def get_user_acl_entry_ex(handle)
  soap_call("GetUserAclEntryEx") do |msg|
    msg.add('ns:Handle', handle)
  end.process do |node|
    node = node.xpath('./ns:EntryEx')
    entry = UserAclEntryEx.new
    if !(krb = node.xpath('./ns:KerberosUser/ns:Sid/text()')).empty?
      entry.user = krb.to_s
    else
      entry.user = User.new(node.xpath('./ns:DigestUser/ns:Username/text()').to_s)
    end
    entry.access_permission = AccessPermission.for(node.xpath('./ns:AccessPermission/text()').to_s)
    entry.realms = node.xpath('./ns:Realms/ns:Realm/text()').collect {|r| UserAclRealm.for(r.to_i)}
    entry
  end
end

#partial_unprovision(mode) ⇒ Object

Put the AMT device into a partially-unprovisioned state.

Supported by AMT 2.0 and later.



159
160
161
 
# File 'lib/amt/service/security_administration.rb', line 159

def partial_unprovision(mode)
  soap_call("PartialUnprovision").process
end

#remove_user_acl_entry(handle) ⇒ Object

Remove the user ACL entry identified by handle from the AMT device.

handle

Specifies the ACL entry to remove.

Supported by AMT 1.0 and later.



288
289
290
291
292
 
# File 'lib/amt/service/security_administration.rb', line 288

def remove_user_acl_entry(handle)
  soap_call("RemoveUserAclEntry") do |msg|
    msg.add('ns:Handle', handle)
  end.process
end

#reset_flash_wear_out_protectionObject

Reset the wear-out protection to the initial state for all protected flash sectors.

Supported by AMT 1.0 and later.



128
129
130
 
# File 'lib/amt/service/security_administration.rb', line 128

def reset_flash_wear_out_protection
  soap_call("ResetFlashWearOutProtection").process
end

#set_acl_enabled_state(handle, enabled) ⇒ Object

Enable or disable an user ACL entry.

handle

Specifies the ACL entry that should be enabled or disabled.

enabled

If set to true, then the ACL entry will be enabled, else disabled.

Supported by AMT 3.0 and later.



334
335
336
337
338
339
 
# File 'lib/amt/service/security_administration.rb', line 334

def set_acl_enabled_state(handle, enabled)
  soap_call("SetAclEnabledState") do |msg|
    msg.add('ns:Handle', handle)
    msg.add('ns:Enabled', enabled)
  end.process
end

#set_active_power_package(power_package) ⇒ Object

Set the active power package to the one defined by the power package GUID.

power_package

A power package GUID string.

Supported by AMT 2.5 and later.



395
396
397
398
399
 
# File 'lib/amt/service/security_administration.rb', line 395

def set_active_power_package(power_package)
  soap_call("SetActivePowerPackage") do |msg|
    msg.add('ns:PolicyGUID', [AMT::Utility.uuid_to_binary(power_package)].pack('m*'))
  end.process
end

#set_admin_acl_entry_ex(entry) ⇒ Object

Update the Admin ACL entry in the AMT device.

entry

An instance of User.

Supported by AMT 2.0 and later.



301
302
303
304
305
 
# File 'lib/amt/service/security_administration.rb', line 301

def set_admin_acl_entry_ex(entry)
  soap_call("SetAdminAclEntryEx") do |msg|
    msg.add('ns:EntryEx') {|ex| add_user_to_message(entry, ex)}
  end.process
end

#set_credential_cache_state(enabled) ⇒ Object

Set the state of credential caching for Kerberos.

enabled

If set to true, then the credential cache will be enabled, else disabled.

Supported by AMT 3.2 and later.



28
29
30
31
32
 
# File 'lib/amt/service/security_administration.rb', line 28

def set_credential_cache_state(enabled)
  soap_call("SetCredentialCacheState") do |msg|
    msg.add('ns:Enabled', enabled)
  end.process
end

#set_enabled_interfaces(interfaces) ⇒ Object

Enable or disable various features or interfaces of the AMT device.

interfaces

An array of EnabledInterface instances that should be enabled. Interfaces that are not specified will be disabled.

Supported by AMT 2.0 and later.



51
52
53
54
55
56
57
58
 
# File 'lib/amt/service/security_administration.rb', line 51

def set_enabled_interfaces(interfaces)
  soap_call("SetEnabledInterfaces") do |msg|
    interfaces.each do |iface|
      raise ArgumentError, "interface name #{iface} is not valid" unless EnabledInterface.for(iface)
      msg.add('ns:EnabledInterfaces', EnabledInterface.for(iface).value)
    end
  end.process
end

#set_global_power_policy(power_policy) ⇒ Object

Set power policy options that apply independent of the selected power package.

power_policy

The power policy to use (instance of GlobalPowerPolicy).

Supported by AMT 2.5 and later.



407
408
409
410
411
412
413
 
# File 'lib/amt/service/security_administration.rb', line 407

def set_global_power_policy(power_policy)
  soap_call("SetGlobalPowerPolicy") do |msg|
    msg.add('ns:GlobalPowerPolicy') do |gpp|
      gpp.add('ns:IdleWakeTimeout', power_policy.idle_wake_timeout)
    end
  end.process
end

#set_tls_options(tls_options) ⇒ Object

Set various TLS modes such as enablement and authentication for network interfaces.

tls_options

A hash containing associations from Interface types to TlsAuthentication types. Interfaces that are not specified will operate in NoAuth mode.

Note: You also need to call #commit_changes for the changes to actually take effect.

Supported by AMT 2.0 and later.



82
83
84
85
86
87
88
89
90
91
92
93
 
# File 'lib/amt/service/security_administration.rb', line 82

def set_tls_options(tls_options)
  soap_call("SetTlsOptions") do |msg|
    tls_options.each do |it, at|
      raise ArgumentError, "interface type #{it} is not valid" unless Interface.for(it)
      raise ArgumentError, "authentication type #{at} is not valid" unless TlsAuthentication.for(at)
      msg.add('ns:TlsOptions') do |tmsg|
        tmsg.add('ns:Interface', Interface.for(it).value)
        tmsg.add('ns:TlsAuthentication', TlsAuthentication.for(at).value)
      end
    end
  end.process
end

#unprovision(mode) ⇒ Object

Unprovision the AMT device to default factory settings.

mode

The provisioning mode the device should enter after completing the command (instance of ProvisioningMode).

Supported by AMT 1.0 and later.



149
150
151
152
153
 
# File 'lib/amt/service/security_administration.rb', line 149

def unprovision(mode)
  soap_call("Unprovision") do |msg|
    msg.add('ns:ProvisioningMode', ProvisioningMode.for(mode).value)
  end.process
end

#update_user_acl_entry_ex(handle, entry) ⇒ Object

Update a user entry in the AMT device.

handle

Specifies the ACL entry to update.

entry

An instance of UserAclEntryEx containing the information about the user that should be updated.

Supported by AMT 2.0 and later.



275
276
277
278
279
280
 
# File 'lib/amt/service/security_administration.rb', line 275

def update_user_acl_entry_ex(handle, entry)
  soap_call("UpdateUserAclEntryEx") do |msg|
    msg.add('ns:Handle', handle)
    msg.add('ns:EntryEx') {|msge| add_user_acl_entry_ex_to_message(entry, msge)}
  end.process
end