[mirror_edk2.git] / EmulatorPkg / Library / RedfishPlatformCredentialLib / RedfishPlatformCredentialLib.c

/** @file\r
  EmulaotPkg RedfishPlatformCredentialLib instance\r
\r
  (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>\r
\r
  SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
#include <Uefi.h>\r
#include <Library/BaseMemoryLib.h>\r
#include <Library/BaseLib.h>\r
#include <Library/DebugLib.h>\r
#include <Library/MemoryAllocationLib.h>\r
#include <Library/UefiLib.h>\r
\r
#include <Protocol/EdkIIRedfishCredential.h>\r
\r
#include <Guid/GlobalVariable.h>\r
#include <Guid/ImageAuthentication.h>\r
\r
BOOLEAN  mSecureBootDisabled = FALSE;\r
BOOLEAN  mStopRedfishService = FALSE;\r
\r
EFI_STATUS\r
EFIAPI\r
LibStopRedfishService (\r
  IN EDKII_REDFISH_CREDENTIAL_PROTOCOL           *This,\r
  IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE  ServiceStopType\r
  );\r
\r
/**\r
  Return the credential for accessing to Redfish servcice.\r
\r
  @param[out]  AuthMethod     The authentication method.\r
  @param[out]  UserId         User ID.\r
  @param[out]  Password       USer password.\r
\r
  @retval EFI_SUCCESS              Get the authentication information successfully.\r
  @retval EFI_OUT_OF_RESOURCES     There are not enough memory resources.\r
\r
**/\r
EFI_STATUS\r
GetRedfishCredential (\r
  OUT EDKII_REDFISH_AUTH_METHOD  *AuthMethod,\r
  OUT CHAR8                      **UserId,\r
  OUT CHAR8                      **Password\r
  )\r
{\r
  UINTN  UserIdSize;\r
  UINTN  PasswordSize;\r
\r
  //\r
  // AuthMethod set to HTTP Basic authentication.\r
  //\r
  *AuthMethod = AuthMethodHttpBasic;\r
\r
  //\r
  // User ID and Password.\r
  //\r
  UserIdSize   = AsciiStrSize ((CHAR8 *)PcdGetPtr (PcdRedfishServieUserId));\r
  PasswordSize = AsciiStrSize ((CHAR8 *)PcdGetPtr (PcdRedfishServiePassword));\r
  if ((UserIdSize == 0) || (PasswordSize == 0)) {\r
    DEBUG ((DEBUG_ERROR, "Incorrect string of UserID or Password for REdfish service.\n"));\r
    return EFI_INVALID_PARAMETER;\r
  }\r
\r
  *UserId = AllocateZeroPool (UserIdSize);\r
  if (*UserId == NULL) {\r
    return EFI_OUT_OF_RESOURCES;\r
  }\r
\r
  CopyMem (*UserId, (CHAR8 *)PcdGetPtr (PcdRedfishServieUserId), UserIdSize);\r
\r
  *Password = AllocateZeroPool (PasswordSize);\r
  if (*Password == NULL) {\r
    FreePool (*UserId);\r
    return EFI_OUT_OF_RESOURCES;\r
  }\r
\r
  CopyMem (*Password, (CHAR8 *)PcdGetPtr (PcdRedfishServiePassword), PasswordSize);\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  Retrieve platform's Redfish authentication information.\r
\r
  This functions returns the Redfish authentication method together with the user Id and\r
  password.\r
  - For AuthMethodNone, the UserId and Password could be used for HTTP header authentication\r
    as defined by RFC7235.\r
  - For AuthMethodRedfishSession, the UserId and Password could be used for Redfish\r
    session login as defined by  Redfish API specification (DSP0266).\r
\r
  Callers are responsible for and freeing the returned string storage.\r
\r
  @param[in]   This                Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.\r
  @param[out]  AuthMethod          Type of Redfish authentication method.\r
  @param[out]  UserId              The pointer to store the returned UserId string.\r
  @param[out]  Password            The pointer to store the returned Password string.\r
\r
  @retval EFI_SUCCESS              Get the authentication information successfully.\r
  @retval EFI_ACCESS_DENIED        SecureBoot is disabled after EndOfDxe.\r
  @retval EFI_INVALID_PARAMETER    This or AuthMethod or UserId or Password is NULL.\r
  @retval EFI_OUT_OF_RESOURCES     There are not enough memory resources.\r
  @retval EFI_UNSUPPORTED          Unsupported authentication method is found.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
LibCredentialGetAuthInfo (\r
  IN  EDKII_REDFISH_CREDENTIAL_PROTOCOL  *This,\r
  OUT EDKII_REDFISH_AUTH_METHOD          *AuthMethod,\r
  OUT CHAR8                              **UserId,\r
  OUT CHAR8                              **Password\r
  )\r
{\r
  EFI_STATUS  Status;\r
\r
  if ((This == NULL) || (AuthMethod == NULL) || (UserId == NULL) || (Password == NULL)) {\r
    return EFI_INVALID_PARAMETER;\r
  }\r
\r
  if (mStopRedfishService) {\r
    return EFI_ACCESS_DENIED;\r
  }\r
\r
  if (mSecureBootDisabled) {\r
    Status = LibStopRedfishService (This, ServiceStopTypeSecureBootDisabled);\r
    if (EFI_ERROR (Status) && (Status != EFI_UNSUPPORTED)) {\r
      DEBUG ((DEBUG_ERROR, "SecureBoot has been disabled, but failed to stop RedfishService - %r\n", Status));\r
      return Status;\r
    }\r
  }\r
\r
  Status = GetRedfishCredential (\r
             AuthMethod,\r
             UserId,\r
             Password\r
             );\r
\r
  return Status;\r
}\r
\r
/**\r
  Notify the Redfish service to stop provide configuration service to this platform.\r
\r
  This function should be called when the platfrom is about to leave the safe environment.\r
  It will notify the Redfish service provider to abort all logined session, and prohibit\r
  further login with original auth info. GetAuthInfo() will return EFI_UNSUPPORTED once this\r
  function is returned.\r
\r
  @param[in]   This                Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.\r
  @param[in]   ServiceStopType     Reason of stopping Redfish service.\r
\r
  @retval EFI_SUCCESS              Service has been stoped successfully.\r
  @retval EFI_INVALID_PARAMETER    This is NULL or given the worng ServiceStopType.\r
  @retval EFI_UNSUPPORTED          Not support to stop Redfish service.\r
  @retval Others                   Some error happened.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
LibStopRedfishService (\r
  IN EDKII_REDFISH_CREDENTIAL_PROTOCOL           *This,\r
  IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE  ServiceStopType\r
  )\r
{\r
  EFI_STATUS  Status;\r
  UINT8       *SecureBootVar;\r
\r
  if (ServiceStopType >= ServiceStopTypeMax) {\r
    return EFI_INVALID_PARAMETER;\r
  }\r
\r
  if (ServiceStopType == ServiceStopTypeSecureBootDisabled) {\r
    //\r
    // Check platform PCD to determine the action for stopping\r
    // Redfish service due to secure boot is disabled.\r
    //\r
    if (!PcdGetBool (PcdRedfishServieStopIfSecureBootDisabled)) {\r
      return EFI_UNSUPPORTED;\r
    } else {\r
      //\r
      // Check Secure Boot status and lock Redfish service if Secure Boot is disabled.\r
      //\r
      Status = GetVariable2 (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, (VOID **)&SecureBootVar, NULL);\r
      if (EFI_ERROR (Status) || (*SecureBootVar != SECURE_BOOT_MODE_ENABLE)) {\r
        //\r
        // Secure Boot is disabled\r
        //\r
        mSecureBootDisabled = TRUE;\r
        mStopRedfishService = TRUE;\r
        DEBUG ((DEBUG_INFO, "EFI Redfish service is stopped due to SecureBoot is disabled!!\n"));\r
      }\r
    }\r
  } else if (ServiceStopType == ServiceStopTypeExitBootService) {\r
    //\r
    // Check platform PCD to determine the action for stopping\r
    // Redfish service due to exit boot service.\r
    //\r
    if (PcdGetBool (PcdRedfishServieStopIfExitbootService)) {\r
      return EFI_UNSUPPORTED;\r
    } else {\r
      mStopRedfishService = TRUE;\r
      DEBUG ((DEBUG_INFO, "EFI Redfish service is stopped due to Exit Boot Service!!\n"));\r
    }\r
  } else {\r
    mStopRedfishService = TRUE;\r
    DEBUG ((DEBUG_INFO, "EFI Redfish service is stopped without Redfish service stop type!!\n"));\r
  }\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  Notification of Exit Boot Service.\r
\r
  @param[in]  This    Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.\r
**/\r
VOID\r
EFIAPI\r
LibCredentialExitBootServicesNotify (\r
  IN  EDKII_REDFISH_CREDENTIAL_PROTOCOL  *This\r
  )\r
{\r
  LibStopRedfishService (This, ServiceStopTypeExitBootService);\r
}\r
\r
/**\r
  Notification of End of DXE.\r
\r
  @param[in]  This    Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.\r
**/\r
VOID\r
EFIAPI\r
LibCredentialEndOfDxeNotify (\r
  IN  EDKII_REDFISH_CREDENTIAL_PROTOCOL  *This\r
  )\r
{\r
  LibStopRedfishService (This, ServiceStopTypeSecureBootDisabled);\r
}\r
Commit	Line	Data
c88736f8 AC	1	/** @file\r
	2	EmulaotPkg RedfishPlatformCredentialLib instance\r
	3	\r
	4	(C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>\r
	5	\r
	6	SPDX-License-Identifier: BSD-2-Clause-Patent\r
	7	\r
	8	**/\r
	9	#include <Uefi.h>\r
	10	#include <Library/BaseMemoryLib.h>\r
	11	#include <Library/BaseLib.h>\r
	12	#include <Library/DebugLib.h>\r
	13	#include <Library/MemoryAllocationLib.h>\r
	14	#include <Library/UefiLib.h>\r
	15	\r
	16	#include <Protocol/EdkIIRedfishCredential.h>\r
	17	\r
	18	#include <Guid/GlobalVariable.h>\r
	19	#include <Guid/ImageAuthentication.h>\r
	20	\r
a550d468 MK	21	BOOLEAN mSecureBootDisabled = FALSE;\r
a550d468 MK	22	BOOLEAN mStopRedfishService = FALSE;\r
c88736f8 AC	23	\r
	24	EFI_STATUS\r
	25	EFIAPI\r
	26	LibStopRedfishService (\r
a550d468 MK	27	IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,\r
	28	IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType\r
	29	);\r
c88736f8 AC	30	\r
	31	/**\r
	32	Return the credential for accessing to Redfish servcice.\r
	33	\r
	34	@param[out] AuthMethod The authentication method.\r
	35	@param[out] UserId User ID.\r
	36	@param[out] Password USer password.\r
	37	\r
	38	@retval EFI_SUCCESS Get the authentication information successfully.\r
	39	@retval EFI_OUT_OF_RESOURCES There are not enough memory resources.\r
	40	\r
	41	**/\r
	42	EFI_STATUS\r
	43	GetRedfishCredential (\r
a550d468 MK	44	OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,\r
	45	OUT CHAR8 **UserId,\r
	46	OUT CHAR8 **Password\r
	47	)\r
c88736f8 AC	48	{\r
	49	UINTN UserIdSize;\r
	50	UINTN PasswordSize;\r
	51	\r
	52	//\r
	53	// AuthMethod set to HTTP Basic authentication.\r
	54	//\r
	55	*AuthMethod = AuthMethodHttpBasic;\r
	56	\r
	57	//\r
	58	// User ID and Password.\r
	59	//\r
	60	UserIdSize = AsciiStrSize ((CHAR8 *)PcdGetPtr (PcdRedfishServieUserId));\r
	61	PasswordSize = AsciiStrSize ((CHAR8 *)PcdGetPtr (PcdRedfishServiePassword));\r
a550d468	62	if ((UserIdSize == 0) \|\| (PasswordSize == 0)) {\r
c88736f8 AC	63	DEBUG ((DEBUG_ERROR, "Incorrect string of UserID or Password for REdfish service.\n"));\r
	64	return EFI_INVALID_PARAMETER;\r
	65	}\r
a550d468	66	\r
c88736f8 AC	67	*UserId = AllocateZeroPool (UserIdSize);\r
	68	if (*UserId == NULL) {\r
	69	return EFI_OUT_OF_RESOURCES;\r
	70	}\r
a550d468	71	\r
c88736f8 AC	72	CopyMem (UserId, (CHAR8 )PcdGetPtr (PcdRedfishServieUserId), UserIdSize);\r
	73	\r
	74	*Password = AllocateZeroPool (PasswordSize);\r
	75	if (*Password == NULL) {\r
	76	FreePool (*UserId);\r
	77	return EFI_OUT_OF_RESOURCES;\r
	78	}\r
	79	\r
	80	CopyMem (Password, (CHAR8 )PcdGetPtr (PcdRedfishServiePassword), PasswordSize);\r
	81	return EFI_SUCCESS;\r
	82	}\r
	83	\r
	84	/**\r
	85	Retrieve platform's Redfish authentication information.\r
	86	\r
	87	This functions returns the Redfish authentication method together with the user Id and\r
	88	password.\r
	89	- For AuthMethodNone, the UserId and Password could be used for HTTP header authentication\r
	90	as defined by RFC7235.\r
	91	- For AuthMethodRedfishSession, the UserId and Password could be used for Redfish\r
	92	session login as defined by Redfish API specification (DSP0266).\r
	93	\r
	94	Callers are responsible for and freeing the returned string storage.\r
	95	\r
	96	@param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.\r
	97	@param[out] AuthMethod Type of Redfish authentication method.\r
	98	@param[out] UserId The pointer to store the returned UserId string.\r
	99	@param[out] Password The pointer to store the returned Password string.\r
	100	\r
	101	@retval EFI_SUCCESS Get the authentication information successfully.\r
	102	@retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe.\r
	103	@retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or Password is NULL.\r
	104	@retval EFI_OUT_OF_RESOURCES There are not enough memory resources.\r
	105	@retval EFI_UNSUPPORTED Unsupported authentication method is found.\r
	106	\r
	107	**/\r
	108	EFI_STATUS\r
	109	EFIAPI\r
	110	LibCredentialGetAuthInfo (\r
	111	IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,\r
	112	OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,\r
	113	OUT CHAR8 **UserId,\r
	114	OUT CHAR8 **Password\r
a550d468	115	)\r
c88736f8	116	{\r
a550d468	117	EFI_STATUS Status;\r
c88736f8	118	\r
a550d468	119	if ((This == NULL) \|\| (AuthMethod == NULL) \|\| (UserId == NULL) \|\| (Password == NULL)) {\r
c88736f8 AC	120	return EFI_INVALID_PARAMETER;\r
	121	}\r
	122	\r
	123	if (mStopRedfishService) {\r
	124	return EFI_ACCESS_DENIED;\r
	125	}\r
	126	\r
	127	if (mSecureBootDisabled) {\r
	128	Status = LibStopRedfishService (This, ServiceStopTypeSecureBootDisabled);\r
a550d468	129	if (EFI_ERROR (Status) && (Status != EFI_UNSUPPORTED)) {\r
c88736f8 AC	130	DEBUG ((DEBUG_ERROR, "SecureBoot has been disabled, but failed to stop RedfishService - %r\n", Status));\r
	131	return Status;\r
	132	}\r
	133	}\r
	134	\r
	135	Status = GetRedfishCredential (\r
	136	AuthMethod,\r
	137	UserId,\r
	138	Password\r
	139	);\r
	140	\r
	141	return Status;\r
	142	}\r
	143	\r
	144	/**\r
	145	Notify the Redfish service to stop provide configuration service to this platform.\r
	146	\r
	147	This function should be called when the platfrom is about to leave the safe environment.\r
	148	It will notify the Redfish service provider to abort all logined session, and prohibit\r
	149	further login with original auth info. GetAuthInfo() will return EFI_UNSUPPORTED once this\r
	150	function is returned.\r
	151	\r
	152	@param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.\r
	153	@param[in] ServiceStopType Reason of stopping Redfish service.\r
	154	\r
	155	@retval EFI_SUCCESS Service has been stoped successfully.\r
	156	@retval EFI_INVALID_PARAMETER This is NULL or given the worng ServiceStopType.\r
	157	@retval EFI_UNSUPPORTED Not support to stop Redfish service.\r
	158	@retval Others Some error happened.\r
	159	\r
	160	**/\r
	161	EFI_STATUS\r
	162	EFIAPI\r
	163	LibStopRedfishService (\r
a550d468 MK	164	IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,\r
	165	IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType\r
	166	)\r
c88736f8	167	{\r
33438f73 AC	168	EFI_STATUS Status;\r
	169	UINT8 *SecureBootVar;\r
	170	\r
c88736f8 AC	171	if (ServiceStopType >= ServiceStopTypeMax) {\r
	172	return EFI_INVALID_PARAMETER;\r
	173	}\r
	174	\r
	175	if (ServiceStopType == ServiceStopTypeSecureBootDisabled) {\r
	176	//\r
	177	// Check platform PCD to determine the action for stopping\r
	178	// Redfish service due to secure boot is disabled.\r
	179	//\r
	180	if (!PcdGetBool (PcdRedfishServieStopIfSecureBootDisabled)) {\r
	181	return EFI_UNSUPPORTED;\r
	182	} else {\r
33438f73 AC	183	//\r
	184	// Check Secure Boot status and lock Redfish service if Secure Boot is disabled.\r
	185	//\r
	186	Status = GetVariable2 (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, (VOID **)&SecureBootVar, NULL);\r
	187	if (EFI_ERROR (Status) \|\| (*SecureBootVar != SECURE_BOOT_MODE_ENABLE)) {\r
	188	//\r
	189	// Secure Boot is disabled\r
	190	//\r
	191	mSecureBootDisabled = TRUE;\r
	192	mStopRedfishService = TRUE;\r
	193	DEBUG ((DEBUG_INFO, "EFI Redfish service is stopped due to SecureBoot is disabled!!\n"));\r
	194	}\r
c88736f8 AC	195	}\r
	196	} else if (ServiceStopType == ServiceStopTypeExitBootService) {\r
	197	//\r
	198	// Check platform PCD to determine the action for stopping\r
	199	// Redfish service due to exit boot service.\r
	200	//\r
	201	if (PcdGetBool (PcdRedfishServieStopIfExitbootService)) {\r
	202	return EFI_UNSUPPORTED;\r
	203	} else {\r
	204	mStopRedfishService = TRUE;\r
	205	DEBUG ((DEBUG_INFO, "EFI Redfish service is stopped due to Exit Boot Service!!\n"));\r
	206	}\r
	207	} else {\r
	208	mStopRedfishService = TRUE;\r
	209	DEBUG ((DEBUG_INFO, "EFI Redfish service is stopped without Redfish service stop type!!\n"));\r
	210	}\r
a550d468	211	\r
c88736f8 AC	212	return EFI_SUCCESS;\r
c88736f8 AC	213	}\r
a550d468	214	\r
c88736f8 AC	215	/**\r
	216	Notification of Exit Boot Service.\r
	217	\r
	218	@param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.\r
	219	**/\r
	220	VOID\r
	221	EFIAPI\r
	222	LibCredentialExitBootServicesNotify (\r
	223	IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This\r
a550d468	224	)\r
c88736f8 AC	225	{\r
	226	LibStopRedfishService (This, ServiceStopTypeExitBootService);\r
	227	}\r
	228	\r
	229	/**\r
	230	Notification of End of DXE.\r
	231	\r
	232	@param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.\r
	233	**/\r
	234	VOID\r
	235	EFIAPI\r
	236	LibCredentialEndOfDxeNotify (\r
	237	IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This\r
a550d468	238	)\r
c88736f8	239	{\r
33438f73	240	LibStopRedfishService (This, ServiceStopTypeSecureBootDisabled);\r
c88736f8	241	}\r