Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / bmcweb / 3ce3688aa391659bd9a17baa703aa9eeeb014e24^! / . / meson.options
commit3ce3688aa391659bd9a17baa703aa9eeeb014e24[log] [tgz]
authorEd Tanous <ed@tanous.net>Sun Jun 09 10:58:16 2024 -0700
committerEd Tanous <ed@tanous.net>Thu Jul 11 17:00:00 2024 +0000
tree68f5fdc9a365f52be0168a3208f919355898fd27
parentac1e1246464e28fe4313ba936a6b8f64ec65bb12 [diff] [blame]
Mutual TLS parsing change at runtime

Redfish AccountService[1] defines methods for selecting how to map a
certificate CommonName attribute to a user.  These are intended to be a
patch parameter.

This commit implements the Redfish defined schemas;  The parsing mode is
stored in the bmcweb persistent configuration file as an integer enum,
with Mapping to the Redfish schema.

To handle OEM specific parsing modes, an enum value of 100+ is defined
to allow the additional OEM parameters.  Unfortunately, Redfish doesn't
have a way to represent these today, so those modes are currently not
selectable at runtime.

Now that things are runtime selectable, this obsoletes the option
mutual-tls-common-name-parsing, as it is not longer required at compile
time.

Tested:
GET /redfish/v1/AccountService

returns MultiFactorAuth/ClientCertificate/CertificateMappingAttribute

PATCH /redfish/v1/AccountService
```
{"MultiFactorAuth": {"ClientCertificate": {"CertificateMappingAttribute":"CommonName"}}}
```

Returns 200

[1] https://github.com/DMTF/Redfish-Publications/blob/5b217908b5378b24e4f390c063427d7a707cd308/csdl/AccountService_v1.xml#L1631

Change-Id: I67db0dfa5245a9da973320aab666d12dbd9229e4
Signed-off-by: Ed Tanous <ed@tanous.net>

diff --git a/meson.options b/meson.options
index 205ce71..f1adf15 100644
--- a/meson.options
+++ b/meson.options

@@ -191,20 +191,25 @@
 )
 
 option(
-    'mutual-tls-common-name-parsing',
+    'mutual-tls-common-name-parsing-default',
     type: 'combo',
-    choices: ['username', 'meta'],
-    value: 'username',
-    description: '''Sets logic to map the Subject Common Name field to a user
-                    in client TLS certificates.
-                    - username: Use the Subject CN field as a BMC username
-                                (default)
-                    - meta:     Parses the Subject CN in the format used by
+    choices: ['CommonName', 'Whole', 'UserPrincipalName', 'Meta'],
+    description: '''
+        Parses the Subject CN in the format used by
                                 Meta Inc (see mutual_tls_meta.cpp for details)
                     ''',
 )
 
 option(
+    'meta-tls-common-name-parsing',
+    type: 'feature',
+    description: '''
+        Allows parsing the Subject CN TLS certificate in the format used by
+                                Meta Inc (see mutual_tls_meta.cpp for details)
+    ''',
+)
+
+option(
     'ibm-management-console',
     type: 'feature',
     value: 'disabled',