]> git.proxmox.com Git - mirror_edk2.git/blob - EmulatorPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib.c
projects / mirror_edk2.git / blob
? search:


eaf9c56450e11127981d1aa21e476a71c6b2fefb
[mirror_edk2.git] / EmulatorPkg / Library / RedfishPlatformCredentialLib / RedfishPlatformCredentialLib.c
1 /** @file
2 EmulaotPkg RedfishPlatformCredentialLib instance
3
4 (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
5
6 SPDX-License-Identifier: BSD-2-Clause-Patent
7
8 **/
9 #include <Uefi.h>
10 #include <Library/BaseMemoryLib.h>
11 #include <Library/BaseLib.h>
12 #include <Library/DebugLib.h>
13 #include <Library/MemoryAllocationLib.h>
14 #include <Library/UefiLib.h>
15
16 #include <Protocol/EdkIIRedfishCredential.h>
17
18 #include <Guid/GlobalVariable.h>
19 #include <Guid/ImageAuthentication.h>
20
21 BOOLEAN mSecureBootDisabled = FALSE;
22 BOOLEAN mStopRedfishService = FALSE;
23
24 EFI_STATUS
25 EFIAPI
26 LibStopRedfishService (
27 IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
28 IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType
29 );
30
31 /**
32 Return the credential for accessing to Redfish servcice.
33
34 @param[out] AuthMethod The authentication method.
35 @param[out] UserId User ID.
36 @param[out] Password USer password.
37
38 @retval EFI_SUCCESS Get the authentication information successfully.
39 @retval EFI_OUT_OF_RESOURCES There are not enough memory resources.
40
41 **/
42 EFI_STATUS
43 GetRedfishCredential (
44 OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
45 OUT CHAR8 **UserId,
46 OUT CHAR8 **Password
47 )
48 {
49 UINTN UserIdSize;
50 UINTN PasswordSize;
51
52 //
53 // AuthMethod set to HTTP Basic authentication.
54 //
55 *AuthMethod = AuthMethodHttpBasic;
56
57 //
58 // User ID and Password.
59 //
60 UserIdSize = AsciiStrSize ((CHAR8 *)PcdGetPtr (PcdRedfishServieUserId));
61 PasswordSize = AsciiStrSize ((CHAR8 *)PcdGetPtr (PcdRedfishServiePassword));
62 if ((UserIdSize == 0) || (PasswordSize == 0)) {
63 DEBUG ((DEBUG_ERROR, "Incorrect string of UserID or Password for REdfish service.\n"));
64 return EFI_INVALID_PARAMETER;
65 }
66
67 *UserId = AllocateZeroPool (UserIdSize);
68 if (*UserId == NULL) {
69 return EFI_OUT_OF_RESOURCES;
70 }
71
72 CopyMem (*UserId, (CHAR8 *)PcdGetPtr (PcdRedfishServieUserId), UserIdSize);
73
74 *Password = AllocateZeroPool (PasswordSize);
75 if (*Password == NULL) {
76 FreePool (*UserId);
77 return EFI_OUT_OF_RESOURCES;
78 }
79
80 CopyMem (*Password, (CHAR8 *)PcdGetPtr (PcdRedfishServiePassword), PasswordSize);
81 return EFI_SUCCESS;
82 }
83
84 /**
85 Retrieve platform's Redfish authentication information.
86
87 This functions returns the Redfish authentication method together with the user Id and
88 password.
89 - For AuthMethodNone, the UserId and Password could be used for HTTP header authentication
90 as defined by RFC7235.
91 - For AuthMethodRedfishSession, the UserId and Password could be used for Redfish
92 session login as defined by Redfish API specification (DSP0266).
93
94 Callers are responsible for and freeing the returned string storage.
95
96 @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
97 @param[out] AuthMethod Type of Redfish authentication method.
98 @param[out] UserId The pointer to store the returned UserId string.
99 @param[out] Password The pointer to store the returned Password string.
100
101 @retval EFI_SUCCESS Get the authentication information successfully.
102 @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe.
103 @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or Password is NULL.
104 @retval EFI_OUT_OF_RESOURCES There are not enough memory resources.
105 @retval EFI_UNSUPPORTED Unsupported authentication method is found.
106
107 **/
108 EFI_STATUS
109 EFIAPI
110 LibCredentialGetAuthInfo (
111 IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
112 OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
113 OUT CHAR8 **UserId,
114 OUT CHAR8 **Password
115 )
116 {
117 EFI_STATUS Status;
118
119 if ((This == NULL) || (AuthMethod == NULL) || (UserId == NULL) || (Password == NULL)) {
120 return EFI_INVALID_PARAMETER;
121 }
122
123 if (mStopRedfishService) {
124 return EFI_ACCESS_DENIED;
125 }
126
127 if (mSecureBootDisabled) {
128 Status = LibStopRedfishService (This, ServiceStopTypeSecureBootDisabled);
129 if (EFI_ERROR (Status) && (Status != EFI_UNSUPPORTED)) {
130 DEBUG ((DEBUG_ERROR, "SecureBoot has been disabled, but failed to stop RedfishService - %r\n", Status));
131 return Status;
132 }
133 }
134
135 Status = GetRedfishCredential (
136 AuthMethod,
137 UserId,
138 Password
139 );
140
141 return Status;
142 }
143
144 /**
145 Notify the Redfish service to stop provide configuration service to this platform.
146
147 This function should be called when the platfrom is about to leave the safe environment.
148 It will notify the Redfish service provider to abort all logined session, and prohibit
149 further login with original auth info. GetAuthInfo() will return EFI_UNSUPPORTED once this
150 function is returned.
151
152 @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
153 @param[in] ServiceStopType Reason of stopping Redfish service.
154
155 @retval EFI_SUCCESS Service has been stoped successfully.
156 @retval EFI_INVALID_PARAMETER This is NULL or given the worng ServiceStopType.
157 @retval EFI_UNSUPPORTED Not support to stop Redfish service.
158 @retval Others Some error happened.
159
160 **/
161 EFI_STATUS
162 EFIAPI
163 LibStopRedfishService (
164 IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
165 IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType
166 )
167 {
168 if (ServiceStopType >= ServiceStopTypeMax) {
169 return EFI_INVALID_PARAMETER;
170 }
171
172 if (ServiceStopType == ServiceStopTypeSecureBootDisabled) {
173 //
174 // Check platform PCD to determine the action for stopping
175 // Redfish service due to secure boot is disabled.
176 //
177 if (!PcdGetBool (PcdRedfishServieStopIfSecureBootDisabled)) {
178 return EFI_UNSUPPORTED;
179 } else {
180 mStopRedfishService = TRUE;
181 DEBUG ((DEBUG_INFO, "EFI Redfish service is stopped due to SecureBoot is disabled!!\n"));
182 }
183 } else if (ServiceStopType == ServiceStopTypeExitBootService) {
184 //
185 // Check platform PCD to determine the action for stopping
186 // Redfish service due to exit boot service.
187 //
188 if (PcdGetBool (PcdRedfishServieStopIfExitbootService)) {
189 return EFI_UNSUPPORTED;
190 } else {
191 mStopRedfishService = TRUE;
192 DEBUG ((DEBUG_INFO, "EFI Redfish service is stopped due to Exit Boot Service!!\n"));
193 }
194 } else {
195 mStopRedfishService = TRUE;
196 DEBUG ((DEBUG_INFO, "EFI Redfish service is stopped without Redfish service stop type!!\n"));
197 }
198
199 return EFI_SUCCESS;
200 }
201
202 /**
203 Notification of Exit Boot Service.
204
205 @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.
206 **/
207 VOID
208 EFIAPI
209 LibCredentialExitBootServicesNotify (
210 IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This
211 )
212 {
213 LibStopRedfishService (This, ServiceStopTypeExitBootService);
214 }
215
216 /**
217 Notification of End of DXE.
218
219 @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.
220 **/
221 VOID
222 EFIAPI
223 LibCredentialEndOfDxeNotify (
224 IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This
225 )
226 {
227 EFI_STATUS Status;
228 UINT8 *SecureBootVar;
229
230 //
231 // Check Secure Boot status and lock Redfish service if Secure Boot is disabled.
232 //
233 Status = GetVariable2 (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, (VOID **)&SecureBootVar, NULL);
234 if (EFI_ERROR (Status) || (*SecureBootVar != SECURE_BOOT_MODE_ENABLE)) {
235 //
236 // Secure Boot is disabled
237 //
238 mSecureBootDisabled = TRUE;
239 LibStopRedfishService (This, ServiceStopTypeSecureBootDisabled);
240 }
241 }
EFI Development Kit II mirror for PVE