Create an OEM Intel IPMI whitelist filter
This is a derivative of the upstream whitelist filter that also tracks
the host state as part of the filtering information.
In addition, the filter understands per-channel filtering, so a command
can be filtered out on a per-channel basis.
Tested: With the upstream filter disabled, and this filter enabled, run
several checks:
1) execute a command prior to host POST completete over kcs (OK)
2) execute a command after host POST complete (denied)
3) execute a command filtered on a lan interface
4) execute a command whitelisted on a lan interface
Change-Id: I9b6755f4bf2c9b9e30de0289f1fed68b3709dea0
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 46cb8e8..f484d47 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -88,13 +88,22 @@
find_package (OpenSSL REQUIRED)
include_directories (SYSTEM ${OPENSSL_INCLUDE_DIR})
+include_directories (SYSTEM ${CMAKE_BINARY_DIR})
+add_custom_command(OUTPUT include/ipmi-whitelist.hpp
+ COMMAND ./generate-whitelist.py
+ ARGS ipmi-whitelist.conf ${CMAKE_BINARY_DIR}/ipmi-whitelist.hpp
+ MAIN_DEPENDENCY ipmi-whitelist.conf
+ DEPENDS generate-whitelist.py
+ WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
+
add_library (zinteloemcmds
SHARED src/oemcommands.cpp src/sensorcommands.cpp
src/storagecommands.cpp src/multinodecommands.cpp
src/firmware-update.cpp src/appcommands.cpp src/smbioshandler.cpp
src/smbiosmdrv2handler.cpp src/manufacturingcommands.cpp
src/bmccontrolservices.cpp src/bridgingcommands.cpp
- src/ipmi_to_redfish_hooks.cpp src/chassiscommands.cpp)
+ src/ipmi_to_redfish_hooks.cpp src/chassiscommands.cpp
+ src/whitelist-filter.cpp include/ipmi-whitelist.hpp)
set_target_properties (zinteloemcmds PROPERTIES VERSION "0.1.0")
set_target_properties (zinteloemcmds PROPERTIES SOVERSION "0")
target_link_libraries (zinteloemcmds stdc++fs)