]>
Commit | Line | Data |
---|---|---|
c88736f8 AC |
1 | /** @file\r |
2 | EmulaotPkg RedfishPlatformCredentialLib instance\r | |
3 | \r | |
4 | (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>\r | |
5 | \r | |
6 | SPDX-License-Identifier: BSD-2-Clause-Patent\r | |
7 | \r | |
8 | **/\r | |
9 | #include <Uefi.h>\r | |
10 | #include <Library/BaseMemoryLib.h>\r | |
11 | #include <Library/BaseLib.h>\r | |
12 | #include <Library/DebugLib.h>\r | |
13 | #include <Library/MemoryAllocationLib.h>\r | |
14 | #include <Library/UefiLib.h>\r | |
15 | \r | |
16 | #include <Protocol/EdkIIRedfishCredential.h>\r | |
17 | \r | |
18 | #include <Guid/GlobalVariable.h>\r | |
19 | #include <Guid/ImageAuthentication.h>\r | |
20 | \r | |
a550d468 MK |
21 | BOOLEAN mSecureBootDisabled = FALSE;\r |
22 | BOOLEAN mStopRedfishService = FALSE;\r | |
c88736f8 AC |
23 | \r |
24 | EFI_STATUS\r | |
25 | EFIAPI\r | |
26 | LibStopRedfishService (\r | |
a550d468 MK |
27 | IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,\r |
28 | IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType\r | |
29 | );\r | |
c88736f8 AC |
30 | \r |
31 | /**\r | |
32 | Return the credential for accessing to Redfish servcice.\r | |
33 | \r | |
34 | @param[out] AuthMethod The authentication method.\r | |
35 | @param[out] UserId User ID.\r | |
36 | @param[out] Password USer password.\r | |
37 | \r | |
38 | @retval EFI_SUCCESS Get the authentication information successfully.\r | |
39 | @retval EFI_OUT_OF_RESOURCES There are not enough memory resources.\r | |
40 | \r | |
41 | **/\r | |
42 | EFI_STATUS\r | |
43 | GetRedfishCredential (\r | |
a550d468 MK |
44 | OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,\r |
45 | OUT CHAR8 **UserId,\r | |
46 | OUT CHAR8 **Password\r | |
47 | )\r | |
c88736f8 AC |
48 | {\r |
49 | UINTN UserIdSize;\r | |
50 | UINTN PasswordSize;\r | |
51 | \r | |
52 | //\r | |
53 | // AuthMethod set to HTTP Basic authentication.\r | |
54 | //\r | |
55 | *AuthMethod = AuthMethodHttpBasic;\r | |
56 | \r | |
57 | //\r | |
58 | // User ID and Password.\r | |
59 | //\r | |
60 | UserIdSize = AsciiStrSize ((CHAR8 *)PcdGetPtr (PcdRedfishServieUserId));\r | |
61 | PasswordSize = AsciiStrSize ((CHAR8 *)PcdGetPtr (PcdRedfishServiePassword));\r | |
a550d468 | 62 | if ((UserIdSize == 0) || (PasswordSize == 0)) {\r |
c88736f8 AC |
63 | DEBUG ((DEBUG_ERROR, "Incorrect string of UserID or Password for REdfish service.\n"));\r |
64 | return EFI_INVALID_PARAMETER;\r | |
65 | }\r | |
a550d468 | 66 | \r |
c88736f8 AC |
67 | *UserId = AllocateZeroPool (UserIdSize);\r |
68 | if (*UserId == NULL) {\r | |
69 | return EFI_OUT_OF_RESOURCES;\r | |
70 | }\r | |
a550d468 | 71 | \r |
c88736f8 AC |
72 | CopyMem (*UserId, (CHAR8 *)PcdGetPtr (PcdRedfishServieUserId), UserIdSize);\r |
73 | \r | |
74 | *Password = AllocateZeroPool (PasswordSize);\r | |
75 | if (*Password == NULL) {\r | |
76 | FreePool (*UserId);\r | |
77 | return EFI_OUT_OF_RESOURCES;\r | |
78 | }\r | |
79 | \r | |
80 | CopyMem (*Password, (CHAR8 *)PcdGetPtr (PcdRedfishServiePassword), PasswordSize);\r | |
81 | return EFI_SUCCESS;\r | |
82 | }\r | |
83 | \r | |
84 | /**\r | |
85 | Retrieve platform's Redfish authentication information.\r | |
86 | \r | |
87 | This functions returns the Redfish authentication method together with the user Id and\r | |
88 | password.\r | |
89 | - For AuthMethodNone, the UserId and Password could be used for HTTP header authentication\r | |
90 | as defined by RFC7235.\r | |
91 | - For AuthMethodRedfishSession, the UserId and Password could be used for Redfish\r | |
92 | session login as defined by Redfish API specification (DSP0266).\r | |
93 | \r | |
94 | Callers are responsible for and freeing the returned string storage.\r | |
95 | \r | |
96 | @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.\r | |
97 | @param[out] AuthMethod Type of Redfish authentication method.\r | |
98 | @param[out] UserId The pointer to store the returned UserId string.\r | |
99 | @param[out] Password The pointer to store the returned Password string.\r | |
100 | \r | |
101 | @retval EFI_SUCCESS Get the authentication information successfully.\r | |
102 | @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe.\r | |
103 | @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or Password is NULL.\r | |
104 | @retval EFI_OUT_OF_RESOURCES There are not enough memory resources.\r | |
105 | @retval EFI_UNSUPPORTED Unsupported authentication method is found.\r | |
106 | \r | |
107 | **/\r | |
108 | EFI_STATUS\r | |
109 | EFIAPI\r | |
110 | LibCredentialGetAuthInfo (\r | |
111 | IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,\r | |
112 | OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,\r | |
113 | OUT CHAR8 **UserId,\r | |
114 | OUT CHAR8 **Password\r | |
a550d468 | 115 | )\r |
c88736f8 | 116 | {\r |
a550d468 | 117 | EFI_STATUS Status;\r |
c88736f8 | 118 | \r |
a550d468 | 119 | if ((This == NULL) || (AuthMethod == NULL) || (UserId == NULL) || (Password == NULL)) {\r |
c88736f8 AC |
120 | return EFI_INVALID_PARAMETER;\r |
121 | }\r | |
122 | \r | |
123 | if (mStopRedfishService) {\r | |
124 | return EFI_ACCESS_DENIED;\r | |
125 | }\r | |
126 | \r | |
127 | if (mSecureBootDisabled) {\r | |
128 | Status = LibStopRedfishService (This, ServiceStopTypeSecureBootDisabled);\r | |
a550d468 | 129 | if (EFI_ERROR (Status) && (Status != EFI_UNSUPPORTED)) {\r |
c88736f8 AC |
130 | DEBUG ((DEBUG_ERROR, "SecureBoot has been disabled, but failed to stop RedfishService - %r\n", Status));\r |
131 | return Status;\r | |
132 | }\r | |
133 | }\r | |
134 | \r | |
135 | Status = GetRedfishCredential (\r | |
136 | AuthMethod,\r | |
137 | UserId,\r | |
138 | Password\r | |
139 | );\r | |
140 | \r | |
141 | return Status;\r | |
142 | }\r | |
143 | \r | |
144 | /**\r | |
145 | Notify the Redfish service to stop provide configuration service to this platform.\r | |
146 | \r | |
147 | This function should be called when the platfrom is about to leave the safe environment.\r | |
148 | It will notify the Redfish service provider to abort all logined session, and prohibit\r | |
149 | further login with original auth info. GetAuthInfo() will return EFI_UNSUPPORTED once this\r | |
150 | function is returned.\r | |
151 | \r | |
152 | @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.\r | |
153 | @param[in] ServiceStopType Reason of stopping Redfish service.\r | |
154 | \r | |
155 | @retval EFI_SUCCESS Service has been stoped successfully.\r | |
156 | @retval EFI_INVALID_PARAMETER This is NULL or given the worng ServiceStopType.\r | |
157 | @retval EFI_UNSUPPORTED Not support to stop Redfish service.\r | |
158 | @retval Others Some error happened.\r | |
159 | \r | |
160 | **/\r | |
161 | EFI_STATUS\r | |
162 | EFIAPI\r | |
163 | LibStopRedfishService (\r | |
a550d468 MK |
164 | IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,\r |
165 | IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType\r | |
166 | )\r | |
c88736f8 | 167 | {\r |
33438f73 AC |
168 | EFI_STATUS Status;\r |
169 | UINT8 *SecureBootVar;\r | |
170 | \r | |
c88736f8 AC |
171 | if (ServiceStopType >= ServiceStopTypeMax) {\r |
172 | return EFI_INVALID_PARAMETER;\r | |
173 | }\r | |
174 | \r | |
175 | if (ServiceStopType == ServiceStopTypeSecureBootDisabled) {\r | |
176 | //\r | |
177 | // Check platform PCD to determine the action for stopping\r | |
178 | // Redfish service due to secure boot is disabled.\r | |
179 | //\r | |
180 | if (!PcdGetBool (PcdRedfishServieStopIfSecureBootDisabled)) {\r | |
181 | return EFI_UNSUPPORTED;\r | |
182 | } else {\r | |
33438f73 AC |
183 | //\r |
184 | // Check Secure Boot status and lock Redfish service if Secure Boot is disabled.\r | |
185 | //\r | |
186 | Status = GetVariable2 (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, (VOID **)&SecureBootVar, NULL);\r | |
187 | if (EFI_ERROR (Status) || (*SecureBootVar != SECURE_BOOT_MODE_ENABLE)) {\r | |
188 | //\r | |
189 | // Secure Boot is disabled\r | |
190 | //\r | |
191 | mSecureBootDisabled = TRUE;\r | |
192 | mStopRedfishService = TRUE;\r | |
193 | DEBUG ((DEBUG_INFO, "EFI Redfish service is stopped due to SecureBoot is disabled!!\n"));\r | |
194 | }\r | |
c88736f8 AC |
195 | }\r |
196 | } else if (ServiceStopType == ServiceStopTypeExitBootService) {\r | |
197 | //\r | |
198 | // Check platform PCD to determine the action for stopping\r | |
199 | // Redfish service due to exit boot service.\r | |
200 | //\r | |
201 | if (PcdGetBool (PcdRedfishServieStopIfExitbootService)) {\r | |
202 | return EFI_UNSUPPORTED;\r | |
203 | } else {\r | |
204 | mStopRedfishService = TRUE;\r | |
205 | DEBUG ((DEBUG_INFO, "EFI Redfish service is stopped due to Exit Boot Service!!\n"));\r | |
206 | }\r | |
207 | } else {\r | |
208 | mStopRedfishService = TRUE;\r | |
209 | DEBUG ((DEBUG_INFO, "EFI Redfish service is stopped without Redfish service stop type!!\n"));\r | |
210 | }\r | |
a550d468 | 211 | \r |
c88736f8 AC |
212 | return EFI_SUCCESS;\r |
213 | }\r | |
a550d468 | 214 | \r |
c88736f8 AC |
215 | /**\r |
216 | Notification of Exit Boot Service.\r | |
217 | \r | |
218 | @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.\r | |
219 | **/\r | |
220 | VOID\r | |
221 | EFIAPI\r | |
222 | LibCredentialExitBootServicesNotify (\r | |
223 | IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This\r | |
a550d468 | 224 | )\r |
c88736f8 AC |
225 | {\r |
226 | LibStopRedfishService (This, ServiceStopTypeExitBootService);\r | |
227 | }\r | |
228 | \r | |
229 | /**\r | |
230 | Notification of End of DXE.\r | |
231 | \r | |
232 | @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.\r | |
233 | **/\r | |
234 | VOID\r | |
235 | EFIAPI\r | |
236 | LibCredentialEndOfDxeNotify (\r | |
237 | IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This\r | |
a550d468 | 238 | )\r |
c88736f8 | 239 | {\r |
33438f73 | 240 | LibStopRedfishService (This, ServiceStopTypeSecureBootDisabled);\r |
c88736f8 | 241 | }\r |