mutual-tls: Add support for Meta certificates
Meta Inc's client certificates use an internal Subject CN format
which AFAIK is specific to Meta and don't adhere to a known standard:
Subject: CN = <type>:<entity>/<hostname>
Commit adds the `mutual-tls-common-name-parsing=meta` option to, on
Meta builds, parse the Subject CN field and map either the <entity>
to a local user.
The <type> field determines what kind of client identity the cert
represents. Only type="user" is supported for now with <entity> being
the unixname of a Meta employee. For example, the Subject CN string
below maps to a local BMC user named "kawmarco":
Subject CN = "user:kawmarco/dev123.facebook.com"
Tested: Unit tests, built and tested on romulus using the script below:
https://gist.github.com/kawmarco/87170a8250020023d913ed5f7ed5c01f
Flags used in meta-ibm/meta-romulus/conf/layer.conf :
```
-Dbmcweb-logging='enabled'
-Dmutual-tls-common-name-parsing='meta'
```
Change-Id: I35ee9b92d163ce56815a5bd9cce5296ba1a44eef
Signed-off-by: Marco Kawajiri <kawajiri@meta.com>
diff --git a/meson_options.txt b/meson_options.txt
index 017c16b..584ca70 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -185,6 +185,20 @@
)
option(
+ 'mutual-tls-common-name-parsing',
+ type: 'combo',
+ choices: ['username', 'meta'],
+ value: 'username',
+ description: '''Sets logic to map the Subject Common Name field to a user
+ in client TLS certificates.
+ - username: Use the Subject CN field as a BMC username
+ (default)
+ - meta: Parses the Subject CN in the format used by
+ Meta Inc (see mutual_tls_meta.cpp for details)
+ '''
+)
+
+option(
'ibm-management-console',
type: 'feature',
value: 'disabled',