RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c

   1 /** @file
   2   RedfishCrentialDxe produces the EdkIIRedfishCredentialProtocol for the consumer
   3   to get the Redfish credential Info and to restrict Redfish access from UEFI side.
   4
   5   (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
   6
   7   SPDX-License-Identifier: BSD-2-Clause-Patent
   8
   9 **/
  10
  11 #include <RedfishCredentialDxe.h>
  12
  13 EDKII_REDFISH_CREDENTIAL_PROTOCOL mRedfishCredentialProtocol = {
  14   RedfishCredentialGetAuthInfo,
  15   RedfishCredentialStopService
  16 };
  17
  18 /**
  19   Callback function executed when the ExitBootServices event group is signaled.
  20
  21   @param[in]  Event    Event whose notification function is being invoked.
  22   @param[out] Context  Pointer to the buffer pass in.
  23 **/
  24 VOID
  25 EFIAPI
  26 RedfishCredentialExitBootServicesEventNotify (
  27   IN  EFI_EVENT  Event,
  28   OUT VOID       *Context
  29   )
  30 {
  31   LibCredentialExitBootServicesNotify ((EDKII_REDFISH_CREDENTIAL_PROTOCOL *)Context);
  32 }
  33
  34 /**
  35   Callback function executed when the EndOfDxe event group is signaled.
  36
  37   @param[in]  Event    Event whose notification function is being invoked.
  38   @param[out] Context  Pointer to the buffer pass in.
  39 **/
  40 VOID
  41 EFIAPI
  42 RedfishCredentialEndOfDxeEventNotify (
  43   IN  EFI_EVENT  Event,
  44   OUT VOID       *Context
  45   )
  46 {
  47   LibCredentialEndOfDxeNotify ((EDKII_REDFISH_CREDENTIAL_PROTOCOL *)Context);
  48
  49   //
  50   // Close event, so it will not be invoked again.
  51   //
  52   gBS->CloseEvent (Event);
  53 }
  54
  55 /**
  56   Retrieve platform's Redfish authentication information.
  57
  58   This functions returns the Redfish authentication method together with the user Id and
  59   password.
  60   - For AuthMethodNone, the UserId and Password could be used for HTTP header authentication
  61     as defined by RFC7235.
  62   - For AuthMethodRedfishSession, the UserId and Password could be used for Redfish
  63     session login as defined by  Redfish API specification (DSP0266).
  64
  65   Callers are responsible for and freeing the returned string storage.
  66
  67   @param[in]   This                Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
  68   @param[out]  AuthMethod          Type of Redfish authentication method.
  69   @param[out]  UserId              The pointer to store the returned UserId string.
  70   @param[out]  Password            The pointer to store the returned Password string.
  71
  72   @retval EFI_SUCCESS              Get the authentication information successfully.
  73   @retval EFI_ACCESS_DENIED        SecureBoot is disabled after EndOfDxe.
  74   @retval EFI_INVALID_PARAMETER    This or AuthMethod or UserId or Password is NULL.
  75   @retval EFI_OUT_OF_RESOURCES     There are not enough memory resources.
  76   @retval EFI_UNSUPPORTED          Unsupported authentication method is found.
  77
  78 **/
  79 EFI_STATUS
  80 EFIAPI
  81 RedfishCredentialGetAuthInfo (
  82   IN  EDKII_REDFISH_CREDENTIAL_PROTOCOL    *This,
  83   OUT EDKII_REDFISH_AUTH_METHOD            *AuthMethod,
  84   OUT CHAR8                                **UserId,
  85   OUT CHAR8                                **Password
  86   )
  87 {
  88   if (This == NULL || AuthMethod == NULL || UserId == NULL || Password == NULL) {
  89     return EFI_INVALID_PARAMETER;
  90   }
  91
  92   return LibCredentialGetAuthInfo (This, AuthMethod, UserId,Password);
  93 }
  94
  95 /**
  96   Notify the Redfish service provide to stop provide configuration service to this platform.
  97
  98   This function should be called when the platfrom is about to leave the safe environment.
  99   It will notify the Redfish service provider to abort all logined session, and prohibit
 100   further login with original auth info. GetAuthInfo() will return EFI_UNSUPPORTED once this
 101   function is returned.
 102
 103   @param[in]   This                Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
 104   @param[in]   ServiceStopType     Reason of stopping Redfish service.
 105
 106   @retval EFI_SUCCESS              Service has been stoped successfully.
 107   @retval EFI_INVALID_PARAMETER    This is NULL or given the worng ServiceStopType.
 108   @retval EFI_UNSUPPORTED          Not support to stop Redfish service.
 109   @retval Others                   Some error happened.
 110
 111 **/
 112 EFI_STATUS
 113 EFIAPI
 114 RedfishCredentialStopService (
 115   IN     EDKII_REDFISH_CREDENTIAL_PROTOCOL    *This,
 116   IN     EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType
 117   )
 118 {
 119   if (This == NULL) {
 120     return EFI_INVALID_PARAMETER;
 121   }
 122
 123   return LibStopRedfishService (This, ServiceStopType);
 124 }
 125
 126 /**
 127   Main entry for this driver.
 128
 129   @param ImageHandle     Image handle this driver.
 130   @param SystemTable     Pointer to SystemTable.
 131
 132   @retval EFI_SUCCESS    This function always complete successfully.
 133
 134 **/
 135 EFI_STATUS
 136 EFIAPI
 137 RedfishCredentialDxeDriverEntryPoint (
 138   IN EFI_HANDLE         ImageHandle,
 139   IN EFI_SYSTEM_TABLE   *SystemTable
 140   )
 141 {
 142   EFI_STATUS  Status;
 143   EFI_HANDLE  Handle;
 144   EFI_EVENT   EndOfDxeEvent;
 145   EFI_EVENT   ExitBootServiceEvent;
 146
 147   Handle = NULL;
 148
 149   //
 150   // Install the RedfishCredentialProtocol onto Handle.
 151   //
 152   Status = gBS->InstallMultipleProtocolInterfaces (
 153                   &Handle,
 154                   &gEdkIIRedfishCredentialProtocolGuid,
 155                   &mRedfishCredentialProtocol,
 156                   NULL
 157                   );
 158   if (EFI_ERROR (Status)) {
 159     return Status;
 160   }
 161
 162   //
 163   // After EndOfDxe, if SecureBoot is disabled, Redfish Credential Protocol should return
 164   // error code to caller to avoid the 3rd code to bypass Redfish Credential Protocol and
 165   // retrieve userid/pwd directly. So, here, we create EndOfDxe Event to check SecureBoot
 166   // status.
 167   //
 168   Status = gBS->CreateEventEx (
 169                   EVT_NOTIFY_SIGNAL,
 170                   TPL_CALLBACK,
 171                   RedfishCredentialEndOfDxeEventNotify,
 172                   (VOID *)&mRedfishCredentialProtocol,
 173                   &gEfiEndOfDxeEventGroupGuid,
 174                   &EndOfDxeEvent
 175                   );
 176   if (EFI_ERROR (Status)) {
 177     goto ON_ERROR;
 178   }
 179
 180   //
 181   // After ExitBootServices, Redfish Credential Protocol should stop the service.
 182   // So, here, we create ExitBootService Event to stop service.
 183   //
 184   Status = gBS->CreateEventEx (
 185                   EVT_NOTIFY_SIGNAL,
 186                   TPL_CALLBACK,
 187                   RedfishCredentialExitBootServicesEventNotify,
 188                   (VOID *)&mRedfishCredentialProtocol,
 189                   &gEfiEventExitBootServicesGuid,
 190                   &ExitBootServiceEvent
 191                   );
 192   if (EFI_ERROR (Status)) {
 193     gBS->CloseEvent (EndOfDxeEvent);
 194     goto ON_ERROR;
 195   }
 196
 197   return EFI_SUCCESS;
 198
 199 ON_ERROR:
 200
 201   gBS->UninstallMultipleProtocolInterfaces (
 202          Handle,
 203          &gEdkIIRedfishCredentialProtocolGuid,
 204          &mRedfishCredentialProtocol,
 205          NULL
 206          );
 207
 208   return Status;
 209 }