1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
//! Put auditing options which have been configured on the device.
//!
//! <https://developers.yubico.com/YubiHSM2/Commands/Put_Option.html>
use super::{Command, Response};
use audit::*;
use serialization::serialize;
use session::{Session, SessionError};
use {Adapter, CommandType};
/// Configure the audit policy settings for a particular command, e.g. auditing
/// should be `On`, `Off`, or `Fix` (i.e. fixed permanently on)
pub fn put_command_audit_option<A>(
session: &mut Session<A>,
command: CommandType,
audit_option: AuditOption,
) -> Result<(), SessionError>
where
A: Adapter,
{
session.send_command(PutOptionCommand {
tag: AuditTag::Command,
length: 2,
value: serialize(&AuditCommand(command, audit_option))?,
})?;
Ok(())
}
/// Put the forced auditing global option: when enabled, the device will
/// refuse operations if the [log store] becomes full.
///
/// Options are `On`, `Off`, or `Fix` (i.e. fixed permanently on)
///
/// [log store]: https://developers.yubico.com/YubiHSM2/Concepts/Logs.html
pub fn put_force_audit_option<A: Adapter>(
session: &mut Session<A>,
option: AuditOption,
) -> Result<(), SessionError> {
session.send_command(PutOptionCommand {
tag: AuditTag::Force,
length: 1,
value: vec![option.to_u8()],
})?;
Ok(())
}
/// Request parameters for `command::put_option`
#[derive(Serialize, Deserialize, Debug)]
pub(crate) struct PutOptionCommand {
/// Tag byte for `Force` vs `Command` options
pub tag: AuditTag,
/// Length of the option-specific data
pub length: u16,
/// Option specific data
pub value: Vec<u8>,
}
impl Command for PutOptionCommand {
type ResponseType = PutOptionResponse;
}
/// Response from `command::put_option`
#[derive(Serialize, Deserialize, Debug)]
pub(crate) struct PutOptionResponse {}
impl Response for PutOptionResponse {
const COMMAND_TYPE: CommandType = CommandType::PutOption;
}