Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-certificate-manager / 667286e4f7dc31a9ab786307092919901adccbb5
commit667286e4f7dc31a9ab786307092919901adccbb5[log] [tgz]
authorMarri Devender Rao <devenrao@in.ibm.com>Tue Oct 29 03:22:46 2019 -0500
committerJayanth Othayoth <ojayanth@in.ibm.com>Mon Nov 11 07:16:23 2019 +0000
tree15c694a9848e4fc000905b011610ca6904cec83a
parenta3bb38fb26716fadbe65ac234776e5e86409a121 [diff]
Allow only root user to access certificates

This change is to cater allowing only root user to read/write
certificates.

Users with ReadOnly and Callback privilege will not be allowed to
access the certificate folder

At present setting 700 permission for the certificate folder.

Tested:
1) Verified ldap certificate at /etc/nslcd/certs is not accessible
to read only users.
2) Verified https certificate at /etc/ssl/certs/https is not
accessible to read only users
3) verfied authority certificate at /etc/ssl/certs/ is not accessible
to read only users.

Change-Id: I20acb1bf449f64282c6b692bd7063dcdedbd311d
Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>
1 file changed
tree: 15c694a9848e4fc000905b011610ca6904cec83a
  1. test/
  2. .clang-format
  3. .gitignore
  4. argument.cpp
  5. argument.hpp
  6. bootstrap.sh
  7. certificate.cpp
  8. certificate.hpp
  9. certs_manager.cpp
  10. certs_manager.hpp
  11. configure.ac
  12. csr.cpp
  13. csr.hpp
  14. LICENSE
  15. mainapp.cpp
  16. MAINTAINERS
  17. Makefile.am
  18. README.md
  19. watch.cpp
  20. watch.hpp
README.md

phosphor-certificate-manager

Certificate management allows to replace the existing certificate and private key file with another (possibly CA signed) Certificate key file. Certificate management allows the user to install both the server and client certificates.

To Build

To build this package, do the following steps:

    1. ./bootstrap.sh
    2. ./configure ${CONFIGURE_FLAGS}
    3. make

To clean the repository run `./bootstrap.sh clean`.