Enable limiting authority certificates amount.
This patch enables check about authority certificates amount limit
and disallows to install new certificate in case limit violation.
Tested: Tests were performed manually by trying to install dozen
authority certificates over RedFish.
Signed-off-by: Zbigniew Lukwinski <zbigniew.lukwinski@linux.intel.com>
Change-Id: Iea83f05e7b6b0ad3e32bc3f2aba710de863b6d34
diff --git a/certs_manager.cpp b/certs_manager.cpp
index 76ce09f..e1774b6 100644
--- a/certs_manager.cpp
+++ b/certs_manager.cpp
@@ -118,6 +118,11 @@
{
elog<NotAllowed>(Reason("Certificate already exist"));
}
+ else if (certType == phosphor::certs::AUTHORITY &&
+ installedCerts.size() >= AUTHORITY_CERTIFICATES_LIMIT)
+ {
+ elog<NotAllowed>(Reason("Certificates limit reached"));
+ }
auto certObjectPath = objectPath + '/' + std::to_string(certIdCounter++);
diff --git a/configure.ac b/configure.ac
index 81888b3..8942815 100644
--- a/configure.ac
+++ b/configure.ac
@@ -132,6 +132,10 @@
AS_IF([test "x$RSA_PRIV_KEY_FILE_NAME" == "x"], [RSA_PRIV_KEY_FILE_NAME=".rsaprivkey.pem"])
AC_DEFINE_UNQUOTED([RSA_PRIV_KEY_FILE_NAME], ["$RSA_PRIV_KEY_FILE_NAME"], [The rsa private key file])
+AC_ARG_VAR(AUTHORITY_CERTIFICATES_LIMIT, [Authority certificates limit.])
+AS_IF([test "x$AUTHORITY_CERTIFICATES_LIMIT" == "x"], [AUTHORITY_CERTIFICATES_LIMIT=10])
+AC_DEFINE_UNQUOTED([AUTHORITY_CERTIFICATES_LIMIT], [$AUTHORITY_CERTIFICATES_LIMIT], [Authority certificates limit])
+
# Create configured output
AC_CONFIG_FILES([Makefile test/Makefile])
AC_OUTPUT