Documentation
¶
Index ¶
- Constants
- func MakeGetEnrollEndpoint(s Service) endpoint.Endpoint
- func MakeOTAEnrollEndpoint(s Service) endpoint.Endpoint
- func MakeOTAPhase2Phase3Endpoint(s Service, scepDepot *boltdepot.Depot) endpoint.Endpoint
- type AccessRights
- type Endpoints
- type HTTPHandlers
- type MDMPayloadContent
- type Payload
- type Profile
- type ProfileServicePayload
- type SCEPPayloadContent
- type Service
- type TopicProvider
Constants ¶
View Source
const ( EnrollmentProfileId string = "com.github.micromdm.micromdm.enroll" OTAProfileId string = "com.github.micromdm.micromdm.ota" )
Variables ¶
This section is empty.
Functions ¶
func MakeGetEnrollEndpoint ¶
func MakeOTAEnrollEndpoint ¶
Types ¶
type AccessRights ¶
type AccessRights int
AccessRights define the management rights of the MDM server over the device. May not be zero. If 2 is specified, 1 must also be specified. If 128 is specified, 64 must also be specified.
const ( // Allow inspection of installed configuration profiles. ProfileInspection AccessRights = 1 << iota // Allow installation and removal of configuration profiles. ProfileInstallAndRemoval // Allow device lock and passcode removal. DeviceLock // Allow device erase. DeviceErase // Allow query of Device Information (device capacity, serial number). DeviceInformationQuery // Allow query of Network Information (phone/SIM numbers, MAC addresses). NetworkInformationQuery // Allow inspection of installed provisioning profiles. ProvisioningProfileInspection // Allow installation and removal of provisioning profiles. ProvisioningProfileInstallAndRemoval // Allow inspection of installed applications. ApplicationInspection // Allow restriction-related queries. RestrictionQuery // Allow security-related queries. SecurityQuery // Allow manipulation of settings. // Availability: Available in iOS 5.0 and later. Available in macOS 10.9 for certain commands. SettingsManipulation // Allow app management. // Availability: Available in iOS 5.0 and later. Available in macOS 10.9 for certain commands. AppManagement )
type Endpoints ¶
type HTTPHandlers ¶
type HTTPHandlers struct {
EnrollHandler http.Handler
OTAEnrollHandler http.Handler
// In Apple's Over-the-Air design Phases 2 and 3 happen over the same URL.
// The differentiator is which certificate signed the CMS POST body.
OTAPhase2Phase3Handler http.Handler
}
func MakeHTTPHandlers ¶
func MakeHTTPHandlers(ctx context.Context, endpoints Endpoints, opts ...httptransport.ServerOption) HTTPHandlers
type MDMPayloadContent ¶
type MDMPayloadContent struct {
Payload
AccessRights AccessRights
CheckInURL string
CheckOutWhenRemoved bool
IdentityCertificateUUID string
ServerCapabilities []string `plist:"ServerCapabilities,omitempty"`
SignMessage bool `plist:"SignMessage,omitempty"`
ServerURL string
Topic string
}
TODO: Actually this is one of those non-nested payloads that doesnt respect the PayloadContent key.
type Payload ¶
type Payload struct {
PayloadType string `json:"type" db:"type"`
PayloadVersion int `json:"version" db:"version"`
PayloadIdentifier string `json:"identifier" db:"identifier"`
PayloadUUID string `json:"uuid" db:"uuid"`
PayloadDisplayName string `json:"displayname" db:"displayname"`
PayloadDescription string `json:"description,omitempty" db:"description"`
PayloadOrganization string `json:"organization,omitempty" db:"organization"`
PayloadScope string `json:"scope" db:"scope" plist:",omitempty"`
PayloadContent interface{} `json:"content,omitempty" plist:"PayloadContent,omitempty"`
}
func NewPayload ¶
type Profile ¶
type Profile struct {
PayloadContent []interface{} `json:"content,omitempty" db:"content"`
PayloadDescription string `json:"description,omitempty" db:"description"`
PayloadDisplayName string `json:"displayname,omitempty" db:"displayname"`
PayloadExpirationDate *time.Time `json:"expiration_date,omitempty" db:"expiration_date" plist:",omitempty"`
PayloadIdentifier string `json:"identifier" db:"identifier"`
PayloadOrganization string `json:"organization,omitempty" db:"organization"`
PayloadUUID string `json:"uuid" db:"uuid"`
PayloadRemovalDisallowed bool `json:"removal_disallowed" db:"removal_disallowed" plist:",omitempty"`
PayloadType string `json:"type" db:"type"`
PayloadVersion int `json:"version" db:"version"`
PayloadScope string `json:"scope" db:"scope" plist:",omitempty"`
RemovalDate *time.Time `json:"removal_date" db:"removal_date" plist:"-" plist:",omitempty"`
DurationUntilRemoval float32 `json:"duration_until_removal" db:"duration_until_removal" plist:",omitempty"`
ConsentText map[string]string `json:"consent_text" db:"consent_text" plist:",omitempty"`
}
func NewProfile ¶
func NewProfile() *Profile
type ProfileServicePayload ¶
type SCEPPayloadContent ¶
type Service ¶
type Service interface {
Enroll(ctx context.Context) (profile.Mobileconfig, error)
OTAEnroll(ctx context.Context) (profile.Mobileconfig, error)
OTAPhase2(ctx context.Context) (profile.Mobileconfig, error)
OTAPhase3(ctx context.Context) (profile.Mobileconfig, error)
}
func NewService ¶
func NewService(topic TopicProvider, sub pubsub.Subscriber, caCertPath, scepURL, scepChallenge, url, tlsCertPath, scepSubject string, profileDB profile.Store) (Service, error)
type TopicProvider ¶
Source Files
Click to show internal directories.
Click to hide internal directories.