/
profile.go
149 lines (123 loc) · 5.04 KB
/
profile.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
package enroll
import (
"time"
"github.com/google/uuid"
)
type Payload struct {
PayloadType string `json:"type" db:"type"`
PayloadVersion int `json:"version" db:"version"`
PayloadIdentifier string `json:"identifier" db:"identifier"`
PayloadUUID string `json:"uuid" db:"uuid"`
PayloadDisplayName string `json:"displayname" db:"displayname"`
PayloadDescription string `json:"description,omitempty" db:"description"`
PayloadOrganization string `json:"organization,omitempty" db:"organization"`
PayloadScope string `json:"scope" db:"scope" plist:",omitempty"`
PayloadContent interface{} `json:"content,omitempty" plist:"PayloadContent,omitempty"`
}
type Profile struct {
PayloadContent []interface{} `json:"content,omitempty" db:"content"`
PayloadDescription string `json:"description,omitempty" db:"description"`
PayloadDisplayName string `json:"displayname,omitempty" db:"displayname"`
PayloadExpirationDate *time.Time `json:"expiration_date,omitempty" db:"expiration_date" plist:",omitempty"`
PayloadIdentifier string `json:"identifier" db:"identifier"`
PayloadOrganization string `json:"organization,omitempty" db:"organization"`
PayloadUUID string `json:"uuid" db:"uuid"`
PayloadRemovalDisallowed bool `json:"removal_disallowed" db:"removal_disallowed" plist:",omitempty"`
PayloadType string `json:"type" db:"type"`
PayloadVersion int `json:"version" db:"version"`
PayloadScope string `json:"scope" db:"scope" plist:",omitempty"`
RemovalDate *time.Time `json:"removal_date" db:"removal_date" plist:"-" plist:",omitempty"`
DurationUntilRemoval float32 `json:"duration_until_removal" db:"duration_until_removal" plist:",omitempty"`
ConsentText map[string]string `json:"consent_text" db:"consent_text" plist:",omitempty"`
}
func NewProfile() *Profile {
payloadUuid := uuid.New()
return &Profile{
PayloadVersion: 1,
PayloadType: "Configuration",
PayloadUUID: payloadUuid.String(),
}
}
func NewPayload(payloadType string) *Payload {
payloadUuid := uuid.New()
return &Payload{
PayloadVersion: 1,
PayloadType: payloadType,
PayloadUUID: payloadUuid.String(),
}
}
type SCEPPayloadContent struct {
CAFingerprint []byte `plist:"CAFingerprint,omitempty"` // NSData
Challenge string `plist:"Challenge,omitempty"`
Keysize int
KeyType string `plist:"Key Type"`
KeyUsage int `plist:"Key Usage"`
Name string
Subject [][][]string `plist:"Subject,omitempty"`
URL string
}
// AccessRights define the management rights of the MDM server over the device.
// May not be zero. If 2 is specified, 1 must also be specified. If 128 is specified, 64 must also be specified.
type AccessRights int
const (
// Allow inspection of installed configuration profiles.
ProfileInspection AccessRights = 1 << iota
// Allow installation and removal of configuration profiles.
ProfileInstallAndRemoval
// Allow device lock and passcode removal.
DeviceLock
// Allow device erase.
DeviceErase
// Allow query of Device Information (device capacity, serial number).
DeviceInformationQuery
// Allow query of Network Information (phone/SIM numbers, MAC addresses).
NetworkInformationQuery
// Allow inspection of installed provisioning profiles.
ProvisioningProfileInspection
// Allow installation and removal of provisioning profiles.
ProvisioningProfileInstallAndRemoval
// Allow inspection of installed applications.
ApplicationInspection
// Allow restriction-related queries.
RestrictionQuery
// Allow security-related queries.
SecurityQuery
// Allow manipulation of settings.
// Availability: Available in iOS 5.0 and later. Available in macOS 10.9 for certain commands.
SettingsManipulation
// Allow app management.
// Availability: Available in iOS 5.0 and later. Available in macOS 10.9 for certain commands.
AppManagement
)
func allRights() AccessRights {
return ProfileInspection |
ProfileInstallAndRemoval |
DeviceLock |
DeviceErase |
DeviceInformationQuery |
NetworkInformationQuery |
ProvisioningProfileInspection |
ProvisioningProfileInstallAndRemoval |
ApplicationInspection |
RestrictionQuery |
SecurityQuery |
SettingsManipulation |
AppManagement
}
// TODO: Actually this is one of those non-nested payloads that doesnt respect the PayloadContent key.
type MDMPayloadContent struct {
Payload
AccessRights AccessRights
CheckInURL string
CheckOutWhenRemoved bool
IdentityCertificateUUID string
ServerCapabilities []string `plist:"ServerCapabilities,omitempty"`
SignMessage bool `plist:"SignMessage,omitempty"`
ServerURL string
Topic string
}
type ProfileServicePayload struct {
URL string
Challenge string `plist:",omitempty"`
DeviceAttributes []string
}