BMC/OpenBmc/bmcweb.git - A do everything Redfish, KVM, GUI, and DBus webserver for OpenBMC (mirror)

Age	Commit message (Collapse)	Author	Files	Lines
2024-03-28	Add misc-include-cleaner	Ed Tanous	1	-0/+4
	And fix the includes that are wrong. Note, there is a very large ignore list included in the .clang-tidy configcfile. These are things that clang-tidy doesn't yet handle well, like knowing about a details include. Change-Id: Ie3744f2c8cba68a8700b406449d6c2018a736952 Signed-off-by: Ed Tanous <ed@tanous.net>
2023-12-09	mutual-tls: Add support for Meta certificates	Marco Kawajiri	1	-0/+49
	Meta Inc's client certificates use an internal Subject CN format which AFAIK is specific to Meta and don't adhere to a known standard: Subject: CN = <type>:<entity>/<hostname> Commit adds the `mutual-tls-common-name-parsing=meta` option to, on Meta builds, parse the Subject CN field and map either the <entity> to a local user. The <type> field determines what kind of client identity the cert represents. Only type="user" is supported for now with <entity> being the unixname of a Meta employee. For example, the Subject CN string below maps to a local BMC user named "kawmarco": Subject CN = "user:kawmarco/dev123.facebook.com" Tested: Unit tests, built and tested on romulus using the script below: https://gist.github.com/kawmarco/87170a8250020023d913ed5f7ed5c01f Flags used in meta-ibm/meta-romulus/conf/layer.conf : ``` -Dbmcweb-logging='enabled' -Dmutual-tls-common-name-parsing='meta' ``` Change-Id: I35ee9b92d163ce56815a5bd9cce5296ba1a44eef Signed-off-by: Marco Kawajiri <kawajiri@meta.com>