admin/reference/_security_policy_8idl_source.html

/**

 * @file   SecurityPolicy.idl

 * @brief  Set options for security policy.

 *

 * @author Vaclav Bystricky

 *

 * @copyright Copyright &copy; 2017 Kerio Technologies s.r.o.

 */


#import <kerio/web/idl/SharedStructures.idl>


module kerio {

module jsonapi {

module admin {


enum SecurityPolicyMode {

   SPNoRestrictions,       ///< No restriction

   SPAuthenticationRequired,  ///< Require secure authentication

   SPEncryptionRequired    ///< Require encrypted connection

};


typedef sequence<kerio::web::OptionalString> AuthenticationMethodList;


struct AntiHammeringOptions {

   boolean isEnabled;         ///< Enable/disable Anti-Hammering

   long failedLoginsToBlock;  ///< Count of failed logins within minute to start blocking

   long minutesToBlock;    ///< Minutes to keep blocking IP

   kerio::web::OptionalEntity exceptionIpGroup;       ///< switchable custom white list IP group

};


struct SecurityPolicyOptions {

   SecurityPolicyMode mode;

   kerio::web::OptionalEntity authenticationExceptionGroup; ///< Is used if mode == SPAuthenticationRequired

    kerio::web::OptionalEntity encryptionExceptionGroup;    ///< Is used if mode == SPEncryptionRequired

   AuthenticationMethodList authenticationMethods; ///< List of authenticatin methods and its status. In any set operation, all methods should be present in list. Methods which are not specified are reset to 'enabled'.

   boolean allowNtlmForKerberosUsers;     ///< Allow NTLM authentication for users with Kerberos� authentication (for Active Directory� users)


   boolean enableLockout;     ///< Enable/disable account lockout feature

   long failedLoginsToLock;   ///< Count of failed logins to lock user account

   long minutesToUnlock;      ///< Minutes to unlock locked account


   AntiHammeringOptions antiHammering; ///< Anti-Hammering settings

};


interface SecurityPolicy {

   /**

    * Obtain Security Policy options.

    *

    * @param options - current security options

    */

   void get(out SecurityPolicyOptions options);


   /**

    * Set Security Policy options.

    *

    * @param options - options to be updated

    */

   void set(in SecurityPolicyOptions options);


   /**

    * Unlock all locked accounts immediately.

    */

   void unlockAllAccounts();

};


}; }; };//end of namespace