diff options
author | Jiaxin Wu <jiaxin.wu@intel.com> | 2017-01-06 11:53:57 +0800 |
---|---|---|
committer | Jiaxin Wu <jiaxin.wu@intel.com> | 2017-01-23 10:25:29 +0800 |
commit | 221463c2b337072532ed4ab8ffe3b566574724d8 (patch) | |
tree | 63ffb4a63b9d2aa5ac7f8cd05352313df5d63af0 /NetworkPkg/HttpBootDxe | |
parent | 70420e31a04b56f99c1306e281434532a86bde70 (diff) | |
download | edk2-platforms-221463c2b337072532ed4ab8ffe3b566574724d8.tar.xz |
NetworkPkg: Add PCD to enable the HTTP connections switch
v3:
* Correct the commits grammar
v2:
* Rename the PCD to PcdAllowHttpConnections.
* Refine the PCD descriptions.
If the value of PcdAllowHttpConnections is TRUE, HTTP connections are
allowed. Both the "https://" and "http://" URI schemes are permitted.
Otherwise, HTTP connections are denied. Only the "https://" URI scheme
is permitted.
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Kinney Michael D <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Gary Lin <glin@suse.com>
Tested-by: Gary Lin <glin@suse.com>
Diffstat (limited to 'NetworkPkg/HttpBootDxe')
-rw-r--r-- | NetworkPkg/HttpBootDxe/HttpBootClient.c | 20 | ||||
-rw-r--r-- | NetworkPkg/HttpBootDxe/HttpBootConfig.c | 81 | ||||
-rw-r--r-- | NetworkPkg/HttpBootDxe/HttpBootDxe.inf | 5 | ||||
-rw-r--r-- | NetworkPkg/HttpBootDxe/HttpBootSupport.c | 53 | ||||
-rw-r--r-- | NetworkPkg/HttpBootDxe/HttpBootSupport.h | 17 |
5 files changed, 142 insertions, 34 deletions
diff --git a/NetworkPkg/HttpBootDxe/HttpBootClient.c b/NetworkPkg/HttpBootDxe/HttpBootClient.c index 916f2375c9..99db3d5505 100644 --- a/NetworkPkg/HttpBootDxe/HttpBootClient.c +++ b/NetworkPkg/HttpBootDxe/HttpBootClient.c @@ -1,7 +1,7 @@ /** @file
Implementation of the boot file download function.
-Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
This program and the accompanying materials are licensed and made available under
the terms and conditions of the BSD License that accompanies this distribution.
@@ -192,6 +192,15 @@ HttpBootDhcp4ExtractUriInfo ( }
//
+ // Check the URI scheme.
+ //
+ Status = HttpBootCheckUriScheme (Private->BootFileUri);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_ERROR, "HttpBootDhcp4ExtractUriInfo: %r.\n", Status));
+ return Status;
+ }
+
+ //
// Configure the default DNS server if server assigned.
//
if ((SelectOffer->OfferType == HttpOfferTypeDhcpNameUriDns) ||
@@ -295,6 +304,15 @@ HttpBootDhcp6ExtractUriInfo ( }
//
+ // Check the URI scheme.
+ //
+ Status = HttpBootCheckUriScheme (Private->BootFileUri);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_ERROR, "HttpBootDhcp6ExtractUriInfo: %r.\n", Status));
+ return Status;
+ }
+
+ //
// Set the Local station address to IP layer.
//
Status = HttpBootSetIp6Address (Private);
diff --git a/NetworkPkg/HttpBootDxe/HttpBootConfig.c b/NetworkPkg/HttpBootDxe/HttpBootConfig.c index 7c883b8397..f32bf18e9d 100644 --- a/NetworkPkg/HttpBootDxe/HttpBootConfig.c +++ b/NetworkPkg/HttpBootDxe/HttpBootConfig.c @@ -1,7 +1,7 @@ /** @file
Helper functions for configuring or getting the parameters relating to HTTP Boot.
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -446,9 +446,16 @@ HttpBootFormCallback ( )
{
EFI_INPUT_KEY Key;
- UINTN Index;
CHAR16 *Uri;
+ UINTN UriLen;
+ CHAR8 *AsciiUri;
HTTP_BOOT_FORM_CALLBACK_INFO *CallbackInfo;
+ EFI_STATUS Status;
+
+ Uri = NULL;
+ UriLen = 0;
+ AsciiUri = NULL;
+ Status = EFI_SUCCESS;
if (This == NULL || Value == NULL) {
return EFI_INVALID_PARAMETER;
@@ -466,49 +473,63 @@ HttpBootFormCallback ( // Get user input URI string
//
Uri = HiiGetString (CallbackInfo->RegisteredHandle, Value->string, NULL);
- if (Uri == NULL) {
- return EFI_UNSUPPORTED;
- }
//
- // Convert the scheme to all lower case.
+ // The URI should be either an empty string (for corporate environment) ,or http(s) for home environment.
+ // Pop up a message box for the unsupported URI.
//
- for (Index = 0; Index < StrLen (Uri); Index++) {
- if (Uri[Index] == L':') {
- break;
+ if (StrLen (Uri) != 0) {
+ UriLen = StrLen (Uri) + 1;
+ AsciiUri = AllocateZeroPool (UriLen);
+ if (AsciiUri == NULL) {
+ FreePool (Uri);
+ return EFI_OUT_OF_RESOURCES;
}
- if (Uri[Index] >= L'A' && Uri[Index] <= L'Z') {
- Uri[Index] -= (CHAR16)(L'A' - L'a');
+
+ UnicodeStrToAsciiStrS (Uri, AsciiUri, UriLen);
+
+ Status = HttpBootCheckUriScheme (AsciiUri);
+
+ if (Status == EFI_INVALID_PARAMETER) {
+
+ DEBUG ((EFI_D_ERROR, "HttpBootFormCallback: %r.\n", Status));
+
+ CreatePopUp (
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
+ &Key,
+ L"ERROR: Unsupported URI!",
+ L"Only supports HTTP and HTTPS",
+ NULL
+ );
+ } else if (Status == EFI_ACCESS_DENIED) {
+
+ DEBUG ((EFI_D_ERROR, "HttpBootFormCallback: %r.\n", Status));
+
+ CreatePopUp (
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
+ &Key,
+ L"ERROR: Unsupported URI!",
+ L"HTTP is disabled",
+ NULL
+ );
}
}
- //
- // Set the converted URI string back
- //
- HiiSetString (CallbackInfo->RegisteredHandle, Value->string, Uri, NULL);
-
- //
- // The URI should be either an empty string (for corporate environment) ,or http(s) for home environment.
- // Pop up a message box for other unsupported URI.
- //
- if ((StrLen (Uri) != 0) && (StrnCmp (Uri, L"http://", 7) != 0) && (StrnCmp (Uri, L"https://", 8) != 0)) {
- CreatePopUp (
- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
- &Key,
- L"ERROR: Unsupported URI!",
- L"Only supports HTTP and HTTPS",
- NULL
- );
+ if (Uri != NULL) {
+ FreePool (Uri);
}
- FreePool (Uri);
+ if (AsciiUri != NULL) {
+ FreePool (AsciiUri);
+ }
+
break;
default:
break;
}
- return EFI_SUCCESS;
+ return Status;
}
/**
diff --git a/NetworkPkg/HttpBootDxe/HttpBootDxe.inf b/NetworkPkg/HttpBootDxe/HttpBootDxe.inf index e6ce864264..982e6b49be 100644 --- a/NetworkPkg/HttpBootDxe/HttpBootDxe.inf +++ b/NetworkPkg/HttpBootDxe/HttpBootDxe.inf @@ -1,7 +1,7 @@ ## @file
# This modules produce the Load File Protocol for UEFI HTTP boot.
#
-# Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -94,5 +94,8 @@ gEfiVirtualCdGuid ## SOMETIMES_CONSUMES ## GUID
gEfiVirtualDiskGuid ## SOMETIMES_CONSUMES ## GUID
+[Pcd]
+ gEfiNetworkPkgTokenSpaceGuid.PcdAllowHttpConnections ## CONSUMES
+
[UserExtensions.TianoCore."ExtraFiles"]
HttpBootDxeExtra.uni
diff --git a/NetworkPkg/HttpBootDxe/HttpBootSupport.c b/NetworkPkg/HttpBootDxe/HttpBootSupport.c index bdb29ae9a0..69b129f9d2 100644 --- a/NetworkPkg/HttpBootDxe/HttpBootSupport.c +++ b/NetworkPkg/HttpBootDxe/HttpBootSupport.c @@ -1,7 +1,7 @@ /** @file
Support functions implementation for UEFI HTTP boot driver.
-Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
This program and the accompanying materials are licensed and made available under
the terms and conditions of the BSD License that accompanies this distribution.
@@ -989,6 +989,57 @@ HttpIoRecvResponse ( }
/**
+ This function checks the HTTP(S) URI scheme.
+
+ @param[in] Uri The pointer to the URI string.
+
+ @retval EFI_SUCCESS The URI scheme is valid.
+ @retval EFI_INVALID_PARAMETER The URI scheme is not HTTP or HTTPS.
+ @retval EFI_ACCESS_DENIED HTTP is disabled and the URI is HTTP.
+
+**/
+EFI_STATUS
+HttpBootCheckUriScheme (
+ IN CHAR8 *Uri
+ )
+{
+ UINTN Index;
+ EFI_STATUS Status;
+
+ Status = EFI_SUCCESS;
+
+ //
+ // Convert the scheme to all lower case.
+ //
+ for (Index = 0; Index < AsciiStrLen (Uri); Index++) {
+ if (Uri[Index] == ':') {
+ break;
+ }
+ if (Uri[Index] >= 'A' && Uri[Index] <= 'Z') {
+ Uri[Index] -= (CHAR8)('A' - 'a');
+ }
+ }
+
+ //
+ // Return EFI_INVALID_PARAMETER if the URI is not HTTP or HTTPS.
+ //
+ if ((AsciiStrnCmp (Uri, "http://", 7) != 0) && (AsciiStrnCmp (Uri, "https://", 8) != 0)) {
+ DEBUG ((EFI_D_ERROR, "HttpBootCheckUriScheme: Invalid Uri.\n"));
+ return EFI_INVALID_PARAMETER;
+ }
+
+ //
+ // HTTP is disabled, return EFI_ACCESS_DENIED if the URI is HTTP.
+ //
+ if (!PcdGetBool (PcdAllowHttpConnections) && (AsciiStrnCmp (Uri, "http://", 7) == 0)) {
+ DEBUG ((EFI_D_ERROR, "HttpBootCheckUriScheme: HTTP is disabled.\n"));
+ return EFI_ACCESS_DENIED;
+ }
+
+ return Status;
+}
+
+/**
Get the URI address string from the input device path.
Caller need to free the buffer in the UriAddress pointer.
diff --git a/NetworkPkg/HttpBootDxe/HttpBootSupport.h b/NetworkPkg/HttpBootDxe/HttpBootSupport.h index 4d024277b5..65302d2be2 100644 --- a/NetworkPkg/HttpBootDxe/HttpBootSupport.h +++ b/NetworkPkg/HttpBootDxe/HttpBootSupport.h @@ -1,7 +1,7 @@ /** @file
Support functions declaration for UEFI HTTP boot driver.
-Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials are licensed and made available under
the terms and conditions of the BSD License that accompanies this distribution.
The full text of the license may be found at
@@ -332,6 +332,21 @@ HttpIoRecvResponse ( );
/**
+ This function checks the HTTP(S) URI scheme.
+
+ @param[in] Uri The pointer to the URI string.
+
+ @retval EFI_SUCCESS The URI scheme is valid.
+ @retval EFI_INVALID_PARAMETER The URI scheme is not HTTP or HTTPS.
+ @retval EFI_ACCESS_DENIED HTTP is disabled and the URI is HTTP.
+
+**/
+EFI_STATUS
+HttpBootCheckUriScheme (
+ IN CHAR8 *Uri
+ );
+
+/**
Get the URI address string from the input device path.
Caller need to free the buffer in the UriAddress pointer.
|