-
Notifications
You must be signed in to change notification settings - Fork 0
/
securityPolicy.go
65 lines (56 loc) · 3.19 KB
/
securityPolicy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
package connect
import "encoding/json"
type SecurityPolicyMode string
const (
SPNoRestrictions SecurityPolicyMode = "SPNoRestrictions" // No restriction
SPAuthenticationRequired SecurityPolicyMode = "SPAuthenticationRequired" // Require secure authentication
SPEncryptionRequired SecurityPolicyMode = "SPEncryptionRequired" // Require encrypted connection
)
type AuthenticationMethodList []OptionalString
type AntiHammeringOptions struct {
IsEnabled bool `json:"isEnabled"` // Enable/disable Anti-Hammering
FailedLoginsToBlock int `json:"failedLoginsToBlock"` // Count of failed logins within minute to start blocking
MinutesToBlock int `json:"minutesToBlock"` // Minutes to keep blocking IP
ExceptionIpGroup OptionalEntity `json:"exceptionIpGroup"` // switchable custom white list IP group
}
type SecurityPolicyOptions struct {
Mode SecurityPolicyMode `json:"mode"`
AuthenticationExceptionGroup OptionalEntity `json:"authenticationExceptionGroup"` // Is used if mode == SPAuthenticationRequired
EncryptionExceptionGroup OptionalEntity `json:"encryptionExceptionGroup"` // Is used if mode == SPEncryptionRequired
AuthenticationMethods AuthenticationMethodList `json:"authenticationMethods"` // List of authentication methods and its status. In any set operation, all methods should be present in list. Methods which are not specified are reset to 'enabled'.
AllowNtlmForKerberosUsers bool `json:"allowNtlmForKerberosUsers"` // Allow NTLM authentication for users with Kerberos� authentication (for Active Directory� users)
EnableLockout bool `json:"enableLockout"` // Enable/disable account lockout feature
FailedLoginsToLock int `json:"failedLoginsToLock"` // Count of failed logins to lock user account
MinutesToUnlock int `json:"minutesToUnlock"` // Minutes to unlock locked account
AntiHammering AntiHammeringOptions `json:"antiHammering"` // Anti-Hammering settings
}
// SecurityPolicyGet - Obtain Security Policy options.
// Return
// options - current security options
func (s *ServerConnection) SecurityPolicyGet() (*SecurityPolicyOptions, error) {
data, err := s.CallRaw("SecurityPolicy.get", nil)
if err != nil {
return nil, err
}
options := struct {
Result struct {
Options SecurityPolicyOptions `json:"options"`
} `json:"result"`
}{}
err = json.Unmarshal(data, &options)
return &options.Result.Options, err
}
// SecurityPolicySet - Set Security Policy options.
// options - options to be updated
func (s *ServerConnection) SecurityPolicySet(options SecurityPolicyOptions) error {
params := struct {
Options SecurityPolicyOptions `json:"options"`
}{options}
_, err := s.CallRaw("SecurityPolicy.set", params)
return err
}
// SecurityPolicyUnlockAllAccounts - Unlock all locked accounts immediately.
func (s *ServerConnection) SecurityPolicyUnlockAllAccounts() error {
_, err := s.CallRaw("SecurityPolicy.unlockAllAccounts", nil)
return err
}