* [PATCH] SecurityPkg: Remove code under UserIdentification folder. @ 2019-01-09 1:09 chenche4 2019-01-09 1:38 ` Gao, Liming 0 siblings, 1 reply; 4+ messages in thread From: chenche4 @ 2019-01-09 1:09 UTC (permalink / raw) To: edk2-devel; +Cc: chenche4, Zhang Chao B 1. UserIdentifyManagerDxe is used to provide UserManagerProtocol. 2. UserProfileManagerDxe provide UI setting 3. PwdCredentialProviderDxe & UsbCredentialProviderDxe are implementation examples. Remove above features because of no platform use it. Cc: Zhang Chao B <chao.b.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Chen A Chen <chen.a.chen@intel.com> --- .../Include/Guid/UsbCredentialProviderHii.h | 29 - SecurityPkg/Include/Guid/UserIdentifyManagerHii.h | 25 - SecurityPkg/Include/Guid/UserProfileManagerHii.h | 25 - SecurityPkg/SecurityPkg.dec | 12 - SecurityPkg/SecurityPkg.dsc | 4 - .../PwdCredentialProvider.c | 1464 -------- .../PwdCredentialProvider.h | 374 -- .../PwdCredentialProvider.uni | 21 - .../PwdCredentialProviderData.h | 30 - .../PwdCredentialProviderDxe.inf | 65 - .../PwdCredentialProviderExtra.uni | 19 - .../PwdCredentialProviderStrings.uni | 38 - .../PwdCredentialProviderVfr.Vfr | 34 - .../UsbCredentialProvider.c | 1410 -------- .../UsbCredentialProvider.h | 361 -- .../UsbCredentialProvider.uni | 23 - .../UsbCredentialProviderDxe.inf | 70 - .../UsbCredentialProviderExtra.uni | 19 - .../UsbCredentialProviderStrings.uni | 29 - .../UserIdentifyManagerDxe/LoadDeferredImage.c | 148 - .../UserIdentifyManagerDxe/UserIdentifyManager.c | 3766 -------------------- .../UserIdentifyManagerDxe/UserIdentifyManager.h | 413 --- .../UserIdentifyManagerDxe/UserIdentifyManager.uni | 21 - .../UserIdentifyManagerData.h | 35 - .../UserIdentifyManagerDxe.inf | 79 - .../UserIdentifyManagerExtra.uni | 19 - .../UserIdentifyManagerStrings.uni | 27 - .../UserIdentifyManagerVfr.Vfr | 43 - .../UserProfileManagerDxe/ModifyAccessPolicy.c | 688 ---- .../UserProfileManagerDxe/ModifyIdentityPolicy.c | 516 --- .../UserProfileManagerDxe/UserProfileAdd.c | 372 -- .../UserProfileManagerDxe/UserProfileDelete.c | 343 -- .../UserProfileManagerDxe/UserProfileManager.c | 887 ----- .../UserProfileManagerDxe/UserProfileManager.h | 444 --- .../UserProfileManagerDxe/UserProfileManager.uni | 22 - .../UserProfileManagerDxe/UserProfileManagerData.h | 158 - .../UserProfileManagerDxe.inf | 72 - .../UserProfileManagerExtra.uni | 19 - .../UserProfileManagerStrings.uni | 158 - .../UserProfileManagerVfr.Vfr | 244 -- .../UserProfileManagerDxe/UserProfileModify.c | 1475 -------- 41 files changed, 14001 deletions(-) delete mode 100644 SecurityPkg/Include/Guid/UsbCredentialProviderHii.h delete mode 100644 SecurityPkg/Include/Guid/UserIdentifyManagerHii.h delete mode 100644 SecurityPkg/Include/Guid/UserProfileManagerHii.h delete mode 100644 SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProvider.c delete mode 100644 SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProvider.h delete mode 100644 SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProvider.uni delete mode 100644 SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderData.h delete mode 100644 SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderDxe.inf delete mode 100644 SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderExtra.uni delete mode 100644 SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderStrings.uni delete mode 100644 SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderVfr.Vfr delete mode 100644 SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.c delete mode 100644 SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.h delete mode 100644 SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.uni delete mode 100644 SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderDxe.inf delete mode 100644 SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderExtra.uni delete mode 100644 SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderStrings.uni delete mode 100644 SecurityPkg/UserIdentification/UserIdentifyManagerDxe/LoadDeferredImage.c delete mode 100644 SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManager.c delete mode 100644 SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManager.h delete mode 100644 SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManager.uni delete mode 100644 SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerData.h delete mode 100644 SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerDxe.inf delete mode 100644 SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerExtra.uni delete mode 100644 SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerStrings.uni delete mode 100644 SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerVfr.Vfr delete mode 100644 SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyAccessPolicy.c delete mode 100644 SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyIdentityPolicy.c delete mode 100644 SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileAdd.c delete mode 100644 SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileDelete.c delete mode 100644 SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager.c delete mode 100644 SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager.h delete mode 100644 SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager.uni delete mode 100644 SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerData.h delete mode 100644 SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerDxe.inf delete mode 100644 SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerExtra.uni delete mode 100644 SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerStrings.uni delete mode 100644 SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerVfr.Vfr delete mode 100644 SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModify.c diff --git a/SecurityPkg/Include/Guid/UsbCredentialProviderHii.h b/SecurityPkg/Include/Guid/UsbCredentialProviderHii.h deleted file mode 100644 index 059d68f32e..0000000000 --- a/SecurityPkg/Include/Guid/UsbCredentialProviderHii.h +++ /dev/null @@ -1,29 +0,0 @@ -/** @file - GUID used as HII Package list GUID in UsbCredentialProviderDxe driver. - -Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR> -This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#ifndef __USB_CREDENTIAL_PROVIDER_HII_H__ -#define __USB_CREDENTIAL_PROVIDER_HII_H__ - -// -// Used for save password credential and form browser -// And used as provider identifier -// -#define USB_CREDENTIAL_PROVIDER_GUID \ - { \ - 0xd0849ed1, 0xa88c, 0x4ba6, { 0xb1, 0xd6, 0xab, 0x50, 0xe2, 0x80, 0xb7, 0xa9 }\ - } - -extern EFI_GUID gUsbCredentialProviderGuid; - -#endif diff --git a/SecurityPkg/Include/Guid/UserIdentifyManagerHii.h b/SecurityPkg/Include/Guid/UserIdentifyManagerHii.h deleted file mode 100644 index 323c51f0f6..0000000000 --- a/SecurityPkg/Include/Guid/UserIdentifyManagerHii.h +++ /dev/null @@ -1,25 +0,0 @@ -/** @file - GUID used as HII FormSet and HII Package list GUID in UserIdentifyManagerDxe driver. - -Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR> -This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#ifndef __USER_IDENTIFY_MANAGER_HII_H__ -#define __USER_IDENTIFY_MANAGER_HII_H__ - -#define USER_IDENTIFY_MANAGER_GUID \ - { \ - 0x3ccd3dd8, 0x8d45, 0x4fed, { 0x96, 0x2d, 0x2b, 0x38, 0xcd, 0x82, 0xb3, 0xc4 } \ - } - -extern EFI_GUID gUserIdentifyManagerGuid; - -#endif diff --git a/SecurityPkg/Include/Guid/UserProfileManagerHii.h b/SecurityPkg/Include/Guid/UserProfileManagerHii.h deleted file mode 100644 index 105059350c..0000000000 --- a/SecurityPkg/Include/Guid/UserProfileManagerHii.h +++ /dev/null @@ -1,25 +0,0 @@ -/** @file - GUID used as HII FormSet and HII Package list GUID in UserProfileManagerDxe driver. - -Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR> -This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#ifndef __USER_PROFILE_MANAGER_HII_H__ -#define __USER_PROFILE_MANAGER_HII_H__ - -#define USER_PROFILE_MANAGER_GUID \ - { \ - 0xc35f272c, 0x97c2, 0x465a, { 0xa2, 0x16, 0x69, 0x6b, 0x66, 0x8a, 0x8c, 0xfe } \ - } - -extern EFI_GUID gUserProfileManagerGuid; - -#endif diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 8d64b4fefe..0c2afe2938 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -139,22 +139,10 @@ # Include/Guid/Tcg2PhysicalPresenceData.h gEfiTcg2PhysicalPresenceGuid = { 0xaeb9c5c1, 0x94f1, 0x4d02, { 0xbf, 0xd9, 0x46, 0x2, 0xdb, 0x2d, 0x3c, 0x54 }} - ## GUID used for form browser, password credential and provider identifier. - # Include/Guid/PwdCredentialProviderHii.h - gPwdCredentialProviderGuid = { 0x78b9ec8b, 0xc000, 0x46c5, { 0xac, 0x93, 0x24, 0xa0, 0xc1, 0xbb, 0x0, 0xce }} - - ## GUID used for form browser, USB credential and provider identifier. - # Include/Guid/UsbCredentialProviderHii.h - gUsbCredentialProviderGuid = { 0xd0849ed1, 0xa88c, 0x4ba6, { 0xb1, 0xd6, 0xab, 0x50, 0xe2, 0x80, 0xb7, 0xa9 }} - ## GUID used for FormSet guid and user profile variable. # Include/Guid/UserIdentifyManagerHii.h gUserIdentifyManagerGuid = { 0x3ccd3dd8, 0x8d45, 0x4fed, { 0x96, 0x2d, 0x2b, 0x38, 0xcd, 0x82, 0xb3, 0xc4 }} - ## GUID used for FormSet. - # Include/Guid/UserProfileManagerHii.h - gUserProfileManagerGuid = { 0xc35f272c, 0x97c2, 0x465a, { 0xa2, 0x16, 0x69, 0x6b, 0x66, 0x8a, 0x8c, 0xfe }} - ## GUID used for FormSet. # Include/Guid/TcgConfigHii.h gTcgConfigFormSetGuid = { 0xb0f901e4, 0xc424, 0x45de, { 0x90, 0x81, 0x95, 0xe2, 0xb, 0xde, 0x6f, 0xb5 }} diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 68a2953162..19aaebff1f 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -146,8 +146,6 @@ SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf #SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.inf SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.inf - #SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerDxe.inf - #SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerDxe.inf # # TPM @@ -200,8 +198,6 @@ SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf [Components.IA32, Components.X64] -# SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderDxe.inf -# SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderDxe.inf SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf # diff --git a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProvider.c b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProvider.c deleted file mode 100644 index 52fc68b5ee..0000000000 --- a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProvider.c +++ /dev/null @@ -1,1464 +0,0 @@ -/** @file - Password Credential Provider driver implementation. - -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> -(C) Copyright 2018 Hewlett Packard Enterprise Development LP<BR> -This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include "PwdCredentialProvider.h" - -CREDENTIAL_TABLE *mPwdTable = NULL; -PWD_PROVIDER_CALLBACK_INFO *mCallbackInfo = NULL; -PASSWORD_CREDENTIAL_INFO *mPwdInfoHandle = NULL; - -HII_VENDOR_DEVICE_PATH mHiiVendorDevicePath = { - { - { - HARDWARE_DEVICE_PATH, - HW_VENDOR_DP, - { - (UINT8) (sizeof (VENDOR_DEVICE_PATH)), - (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) - } - }, - PWD_CREDENTIAL_PROVIDER_GUID - }, - { - END_DEVICE_PATH_TYPE, - END_ENTIRE_DEVICE_PATH_SUBTYPE, - { - (UINT8) (END_DEVICE_PATH_LENGTH), - (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8) - } - } -}; - -EFI_USER_CREDENTIAL2_PROTOCOL gPwdCredentialProviderDriver = { - PWD_CREDENTIAL_PROVIDER_GUID, - EFI_USER_CREDENTIAL_CLASS_PASSWORD, - CredentialEnroll, - CredentialForm, - CredentialTile, - CredentialTitle, - CredentialUser, - CredentialSelect, - CredentialDeselect, - CredentialDefault, - CredentialGetInfo, - CredentialGetNextInfo, - EFI_CREDENTIAL_CAPABILITIES_ENROLL, - CredentialDelete -}; - - -/** - Get string by string id from HII Interface. - - - @param[in] Id String ID to get the string from. - - @retval CHAR16 * String from ID. - @retval NULL If error occurs. - -**/ -CHAR16 * -GetStringById ( - IN EFI_STRING_ID Id - ) -{ - // - // Get the current string for the current Language. - // - return HiiGetString (mCallbackInfo->HiiHandle, Id, NULL); -} - - -/** - Expand password table size. - -**/ -VOID -ExpandTableSize ( - VOID - ) -{ - CREDENTIAL_TABLE *NewTable; - UINTN Count; - - Count = mPwdTable->MaxCount + PASSWORD_TABLE_INC; - // - // Create new credential table. - // - NewTable = (CREDENTIAL_TABLE *) AllocateZeroPool ( - sizeof (CREDENTIAL_TABLE) + - (Count - 1) * sizeof (PASSWORD_INFO) - ); - ASSERT (NewTable != NULL); - - NewTable->MaxCount = Count; - NewTable->Count = mPwdTable->Count; - NewTable->ValidIndex = mPwdTable->ValidIndex; - // - // Copy old entries - // - CopyMem ( - &NewTable->UserInfo, - &mPwdTable->UserInfo, - mPwdTable->Count * sizeof (PASSWORD_INFO) - ); - FreePool (mPwdTable); - mPwdTable = NewTable; -} - - -/** - Add, update or delete info in table, and sync with NV variable. - - @param[in] Index The index of the password in table. If index is found in - table, update the info, else add the into to table. - @param[in] Info The new password info to add into table.If Info is NULL, - delete the info by Index. - - @retval EFI_INVALID_PARAMETER Info is NULL when save the info. - @retval EFI_SUCCESS Modify the table successfully. - @retval Others Failed to modify the table. - -**/ -EFI_STATUS -ModifyTable ( - IN UINTN Index, - IN PASSWORD_INFO * Info OPTIONAL - ) -{ - EFI_STATUS Status; - PASSWORD_INFO *NewPasswordInfo; - - NewPasswordInfo = NULL; - - if (Index < mPwdTable->Count) { - if (Info == NULL) { - // - // Delete the specified entry. - // - mPwdTable->Count--; - if (Index != mPwdTable->Count) { - NewPasswordInfo = &mPwdTable->UserInfo[mPwdTable->Count]; - } - } else { - // - // Update the specified entry. - // - NewPasswordInfo = Info; - } - } else { - // - // Add a new password info. - // - if (Info == NULL) { - return EFI_INVALID_PARAMETER; - } - - if (mPwdTable->Count >= mPwdTable->MaxCount) { - ExpandTableSize (); - } - - NewPasswordInfo = Info; - mPwdTable->Count++; - } - - if (NewPasswordInfo != NULL) { - CopyMem (&mPwdTable->UserInfo[Index], NewPasswordInfo, sizeof (PASSWORD_INFO)); - } - - // - // Save the credential table. - // - Status = gRT->SetVariable ( - L"PwdCredential", - &gPwdCredentialProviderGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, - mPwdTable->Count * sizeof (PASSWORD_INFO), - &mPwdTable->UserInfo - ); - return Status; -} - - -/** - Create a password table. - - @retval EFI_SUCCESS Create a password table successfully. - @retval Others Failed to create a password. - -**/ -EFI_STATUS -InitCredentialTable ( - VOID - ) -{ - EFI_STATUS Status; - UINT8 *Var; - UINTN VarSize; - - // - // Get Password credential data from NV variable. - // - VarSize = 0; - Var = NULL; - Status = gRT->GetVariable ( - L"PwdCredential", - &gPwdCredentialProviderGuid, - NULL, - &VarSize, - Var - ); - if (Status == EFI_BUFFER_TOO_SMALL) { - Var = AllocateZeroPool (VarSize); - if (Var == NULL) { - return EFI_OUT_OF_RESOURCES; - } - Status = gRT->GetVariable ( - L"PwdCredential", - &gPwdCredentialProviderGuid, - NULL, - &VarSize, - Var - ); - } - if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) { - return Status; - } - - // - // Create the password credential table. - // - mPwdTable = AllocateZeroPool ( - sizeof (CREDENTIAL_TABLE) - sizeof (PASSWORD_INFO) + - PASSWORD_TABLE_INC * sizeof (PASSWORD_INFO) + - VarSize - ); - if (mPwdTable == NULL) { - FreePool (Var); - return EFI_OUT_OF_RESOURCES; - } - - mPwdTable->Count = VarSize / sizeof (PASSWORD_INFO); - mPwdTable->MaxCount = mPwdTable->Count + PASSWORD_TABLE_INC; - mPwdTable->ValidIndex = 0; - if (Var != NULL) { - CopyMem (mPwdTable->UserInfo, Var, VarSize); - FreePool (Var); - } - return EFI_SUCCESS; -} - - -/** - Hash the password to get credential. - - @param[in] Password Points to the input password. - @param[in] PasswordSize The size of password, in bytes. - @param[out] Credential Points to the hashed result. - - @retval TRUE Hash the password successfully. - @retval FALSE Failed to hash the password. - -**/ -BOOLEAN -GenerateCredential ( - IN CHAR16 *Password, - IN UINTN PasswordSize, - OUT UINT8 *Credential - ) -{ - BOOLEAN Status; - UINTN HashSize; - VOID *Hash; - - HashSize = Sha1GetContextSize (); - Hash = AllocatePool (HashSize); - ASSERT (Hash != NULL); - - Status = Sha1Init (Hash); - if (!Status) { - goto Done; - } - - Status = Sha1Update (Hash, Password, PasswordSize); - if (!Status) { - goto Done; - } - - Status = Sha1Final (Hash, Credential); - -Done: - FreePool (Hash); - return Status; -} - - -/** - Get password from user input. - - @param[in] FirstPwd If True, prompt to input the first password. - If False, prompt to input password again. - @param[out] Credential Points to the input password. - -**/ -VOID -GetPassword ( - IN BOOLEAN FirstPwd, - OUT CHAR8 *Credential - ) -{ - EFI_INPUT_KEY Key; - CHAR16 PasswordMask[CREDENTIAL_LEN + 1]; - CHAR16 Password[CREDENTIAL_LEN]; - UINTN PasswordLen; - CHAR16 *QuestionStr; - CHAR16 *LineStr; - - PasswordLen = 0; - while (TRUE) { - PasswordMask[PasswordLen] = L'_'; - PasswordMask[PasswordLen + 1] = L'\0'; - LineStr = GetStringById (STRING_TOKEN (STR_DRAW_A_LINE)); - if (FirstPwd) { - QuestionStr = GetStringById (STRING_TOKEN (STR_INPUT_PASSWORD)); - } else { - QuestionStr = GetStringById (STRING_TOKEN (STR_INPUT_PASSWORD_AGAIN)); - } - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - QuestionStr, - LineStr, - PasswordMask, - NULL - ); - FreePool (QuestionStr); - FreePool (LineStr); - - // - // Check key stroke - // - if (Key.ScanCode == SCAN_NULL) { - if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { - break; - } else if (Key.UnicodeChar == CHAR_BACKSPACE) { - if (PasswordLen > 0) { - PasswordLen--; - } - } else if ((Key.UnicodeChar == CHAR_NULL) || - (Key.UnicodeChar == CHAR_TAB) || - (Key.UnicodeChar == CHAR_LINEFEED)) { - continue; - } else { - Password[PasswordLen] = Key.UnicodeChar; - PasswordMask[PasswordLen] = L'*'; - PasswordLen++; - if (PasswordLen == CREDENTIAL_LEN) { - break; - } - } - } - } - - PasswordLen = PasswordLen * sizeof (CHAR16); - GenerateCredential (Password, PasswordLen, (UINT8 *)Credential); -} - -/** - Check whether the password can be found on this provider. - - @param[in] Password The password to be found. - - @retval EFI_SUCCESS Found password sucessfully. - @retval EFI_NOT_FOUND Fail to find the password. - -**/ -EFI_STATUS -CheckPassword ( - IN CHAR8 *Password - ) -{ - UINTN Index; - CHAR8 *Pwd; - - // - // Check password credential. - // - mPwdTable->ValidIndex = 0; - for (Index = 0; Index < mPwdTable->Count; Index++) { - Pwd = mPwdTable->UserInfo[Index].Password; - if (CompareMem (Pwd, Password, CREDENTIAL_LEN) == 0) { - mPwdTable->ValidIndex = Index + 1; - return EFI_SUCCESS; - } - } - - return EFI_NOT_FOUND; -} - - -/** - Find a user infomation record by the information record type. - - This function searches all user information records of User from beginning - until either the information is found, or there are no more user infomation - records. A match occurs when a Info.InfoType field matches the user information - record type. - - @param[in] User Points to the user profile record to search. - @param[in] InfoType The infomation type to be searched. - @param[out] Info Points to the user info found, the caller is responsible - to free. - - @retval EFI_SUCCESS Find the user information successfully. - @retval Others Fail to find the user information. - -**/ -EFI_STATUS -FindUserInfoByType ( - IN EFI_USER_PROFILE_HANDLE User, - IN UINT8 InfoType, - OUT EFI_USER_INFO **Info - ) -{ - EFI_STATUS Status; - EFI_USER_INFO *UserInfo; - UINTN UserInfoSize; - EFI_USER_INFO_HANDLE UserInfoHandle; - EFI_USER_MANAGER_PROTOCOL *UserManager; - - // - // Find user information by information type. - // - if (Info == NULL) { - return EFI_INVALID_PARAMETER; - } - - Status = gBS->LocateProtocol ( - &gEfiUserManagerProtocolGuid, - NULL, - (VOID **) &UserManager - ); - if (EFI_ERROR (Status)) { - return EFI_NOT_FOUND; - } - - // - // Get each user information. - // - - UserInfoHandle = NULL; - UserInfo = NULL; - UserInfoSize = 0; - while (TRUE) { - Status = UserManager->GetNextInfo (UserManager, User, &UserInfoHandle); - if (EFI_ERROR (Status)) { - break; - } - // - // Get information. - // - Status = UserManager->GetInfo ( - UserManager, - User, - UserInfoHandle, - UserInfo, - &UserInfoSize - ); - if (Status == EFI_BUFFER_TOO_SMALL) { - if (UserInfo != NULL) { - FreePool (UserInfo); - } - UserInfo = AllocateZeroPool (UserInfoSize); - if (UserInfo == NULL) { - return EFI_OUT_OF_RESOURCES; - } - Status = UserManager->GetInfo ( - UserManager, - User, - UserInfoHandle, - UserInfo, - &UserInfoSize - ); - } - if (EFI_ERROR (Status)) { - break; - } - - ASSERT (UserInfo != NULL); - if (UserInfo->InfoType == InfoType) { - *Info = UserInfo; - return EFI_SUCCESS; - } - } - - if (UserInfo != NULL) { - FreePool (UserInfo); - } - return Status; -} - - -/** - This function processes the results of changes in configuration. - - @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. - @param Action Specifies the type of action taken by the browser. - @param QuestionId A unique value which is sent to the original - exporting driver so that it can identify the type - of data to expect. - @param Type The type of value for the question. - @param Value A pointer to the data being sent to the original - exporting driver. - @param ActionRequest On return, points to the action requested by the - callback function. - - @retval EFI_SUCCESS The callback successfully handled the action. - @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the - variable and its data. - @retval EFI_DEVICE_ERROR The variable could not be saved. - @retval EFI_UNSUPPORTED The specified Action is not supported by the - callback. - -**/ -EFI_STATUS -EFIAPI -CredentialDriverCallback ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN EFI_BROWSER_ACTION Action, - IN EFI_QUESTION_ID QuestionId, - IN UINT8 Type, - IN EFI_IFR_TYPE_VALUE *Value, - OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest - ) -{ - EFI_STATUS Status; - EFI_INPUT_KEY Key; - CHAR8 Password[CREDENTIAL_LEN]; - CHAR16 *PromptStr; - - if (Action == EFI_BROWSER_ACTION_CHANGED) { - if (QuestionId == KEY_GET_PASSWORD) { - // - // Get and check password. - // - GetPassword (TRUE, Password); - Status = CheckPassword (Password); - if (EFI_ERROR (Status)) { - PromptStr = GetStringById (STRING_TOKEN (STR_PASSWORD_INCORRECT)); - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"", - PromptStr, - L"", - NULL - ); - FreePool (PromptStr); - return Status; - } - *ActionRequest = EFI_BROWSER_ACTION_REQUEST_EXIT; - } - return EFI_SUCCESS; - } - - // - // All other action return unsupported. - // - return EFI_UNSUPPORTED; -} - - -/** - This function allows a caller to extract the current configuration for one - or more named elements from the target driver. - - - @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. - @param Request A null-terminated Unicode string in <ConfigRequest> format. - @param Progress On return, points to a character in the Request string. - Points to the string's null terminator if request was successful. - Points to the most recent '&' before the first failing name/value - pair (or the beginning of the string if the failure is in the - first name/value pair) if the request was not successful. - @param Results A null-terminated Unicode string in <ConfigAltResp> format which - has all values filled in for the names in the Request string. - String to be allocated by the called function. - - @retval EFI_SUCCESS The Results is filled with the requested values. - @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results. - @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name. - @retval EFI_NOT_FOUND Routing data doesn't match any storage in this driver. - -**/ -EFI_STATUS -EFIAPI -FakeExtractConfig ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN CONST EFI_STRING Request, - OUT EFI_STRING *Progress, - OUT EFI_STRING *Results - ) -{ - if (Progress == NULL || Results == NULL) { - return EFI_INVALID_PARAMETER; - } - *Progress = Request; - return EFI_NOT_FOUND; -} - -/** - This function processes the results of changes in configuration. - - - @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. - @param Configuration A null-terminated Unicode string in <ConfigResp> format. - @param Progress A pointer to a string filled in with the offset of the most - recent '&' before the first failing name/value pair (or the - beginning of the string if the failure is in the first - name/value pair) or the terminating NULL if all was successful. - - @retval EFI_SUCCESS The Results is processed successfully. - @retval EFI_INVALID_PARAMETER Configuration is NULL. - @retval EFI_NOT_FOUND Routing data doesn't match any storage in this driver. - -**/ -EFI_STATUS -EFIAPI -FakeRouteConfig ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN CONST EFI_STRING Configuration, - OUT EFI_STRING *Progress - ) -{ - if (Configuration == NULL || Progress == NULL) { - return EFI_INVALID_PARAMETER; - } - - *Progress = Configuration; - - return EFI_NOT_FOUND; -} - -/** - This function initialize the data mainly used in form browser. - - @retval EFI_SUCCESS Initialize form data successfully. - @retval Others Fail to Initialize form data. - -**/ -EFI_STATUS -InitFormBrowser ( - VOID - ) -{ - EFI_STATUS Status; - PWD_PROVIDER_CALLBACK_INFO *CallbackInfo; - - // - // Initialize driver private data. - // - CallbackInfo = AllocateZeroPool (sizeof (PWD_PROVIDER_CALLBACK_INFO)); - if (CallbackInfo == NULL) { - return EFI_OUT_OF_RESOURCES; - } - - CallbackInfo->Signature = PWD_PROVIDER_SIGNATURE; - CallbackInfo->ConfigAccess.ExtractConfig = FakeExtractConfig; - CallbackInfo->ConfigAccess.RouteConfig = FakeRouteConfig; - CallbackInfo->ConfigAccess.Callback = CredentialDriverCallback; - CallbackInfo->DriverHandle = NULL; - - // - // Install Device Path Protocol and Config Access protocol to driver handle. - // - Status = gBS->InstallMultipleProtocolInterfaces ( - &CallbackInfo->DriverHandle, - &gEfiDevicePathProtocolGuid, - &mHiiVendorDevicePath, - &gEfiHiiConfigAccessProtocolGuid, - &CallbackInfo->ConfigAccess, - NULL - ); - ASSERT_EFI_ERROR (Status); - - // - // Publish HII data. - // - CallbackInfo->HiiHandle = HiiAddPackages ( - &gPwdCredentialProviderGuid, - CallbackInfo->DriverHandle, - PwdCredentialProviderStrings, - PwdCredentialProviderVfrBin, - NULL - ); - if (CallbackInfo->HiiHandle == NULL) { - return EFI_OUT_OF_RESOURCES; - } - mCallbackInfo = CallbackInfo; - - return Status; -} - - -/** - Enroll a user on a credential provider. - - This function enrolls a user on this credential provider. If the user exists on - this credential provider, update the user information on this credential provider; - otherwise add the user information on credential provider. - - @param[in] This Points to this instance of EFI_USER_CREDENTIAL2_PROTOCOL. - @param[in] User The user profile to enroll. - - @retval EFI_SUCCESS User profile was successfully enrolled. - @retval EFI_ACCESS_DENIED Current user profile does not permit enrollment on the - user profile handle. Either the user profile cannot enroll - on any user profile or cannot enroll on a user profile - other than the current user profile. - @retval EFI_UNSUPPORTED This credential provider does not support enrollment in - the pre-OS. - @retval EFI_DEVICE_ERROR The new credential could not be created because of a device - error. - @retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle. - -**/ -EFI_STATUS -EFIAPI -CredentialEnroll ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - IN EFI_USER_PROFILE_HANDLE User - ) -{ - EFI_STATUS Status; - UINTN Index; - PASSWORD_INFO PwdInfo; - EFI_USER_INFO *UserInfo; - CHAR8 Password[CREDENTIAL_LEN]; - EFI_INPUT_KEY Key; - UINT8 *UserId; - CHAR16 *QuestionStr; - CHAR16 *PromptStr; - - if ((This == NULL) || (User == NULL)) { - return EFI_INVALID_PARAMETER; - } - - // - // Get User Identifier. - // - UserInfo = NULL; - Status = FindUserInfoByType ( - User, - EFI_USER_INFO_IDENTIFIER_RECORD, - &UserInfo - ); - if (EFI_ERROR (Status)) { - return EFI_INVALID_PARAMETER; - } - - CopyMem (PwdInfo.UserId, (UINT8 *) (UserInfo + 1), sizeof (EFI_USER_INFO_IDENTIFIER)); - FreePool (UserInfo); - - // - // Get password from user. - // - while (TRUE) { - // - // Input password. - // - GetPassword (TRUE, PwdInfo.Password); - - // - // Input password again. - // - GetPassword (FALSE, Password); - - // - // Compare the two password consistency. - // - if (CompareMem (PwdInfo.Password, Password, CREDENTIAL_LEN) == 0) { - break; - } - - QuestionStr = GetStringById (STRING_TOKEN (STR_PASSWORD_MISMATCH)); - PromptStr = GetStringById (STRING_TOKEN (STR_INPUT_PASSWORD_AGAIN)); - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - QuestionStr, - L"", - PromptStr, - NULL - ); - FreePool (QuestionStr); - FreePool (PromptStr); - } - - // - // Check whether User is ever enrolled in the provider. - // - for (Index = 0; Index < mPwdTable->Count; Index++) { - UserId = (UINT8 *) &mPwdTable->UserInfo[Index].UserId; - if (CompareMem (UserId, (UINT8 *) &PwdInfo.UserId, sizeof (EFI_USER_INFO_IDENTIFIER)) == 0) { - // - // User already exists, update the password. - // - break; - } - } - - // - // Enroll the User to the provider. - // - Status = ModifyTable (Index, &PwdInfo); - if (EFI_ERROR (Status)) { - return Status; - } - - return EFI_SUCCESS; -} - - -/** - Returns the user interface information used during user identification. - - This function returns information about the form used when interacting with the - user during user identification. The form is the first enabled form in the form-set - class EFI_HII_USER_CREDENTIAL_FORMSET_GUID installed on the HII handle HiiHandle. If - the user credential provider does not require a form to identify the user, then this - function should return EFI_NOT_FOUND. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[out] Hii On return, holds the HII database handle. - @param[out] FormSetId On return, holds the identifier of the form set which contains - the form used during user identification. - @param[out] FormId On return, holds the identifier of the form used during user - identification. - - @retval EFI_SUCCESS Form returned successfully. - @retval EFI_NOT_FOUND Form not returned. - @retval EFI_INVALID_PARAMETER Hii is NULL or FormSetId is NULL or FormId is NULL. - -**/ -EFI_STATUS -EFIAPI -CredentialForm ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - OUT EFI_HII_HANDLE *Hii, - OUT EFI_GUID *FormSetId, - OUT EFI_FORM_ID *FormId - ) -{ - if ((This == NULL) || (Hii == NULL) || - (FormSetId == NULL) || (FormId == NULL)) { - return EFI_INVALID_PARAMETER; - } - - *Hii = mCallbackInfo->HiiHandle; - *FormId = FORMID_GET_PASSWORD_FORM; - CopyGuid (FormSetId, &gPwdCredentialProviderGuid); - - return EFI_SUCCESS; -} - - -/** - Returns bitmap used to describe the credential provider type. - - This optional function returns a bitmap that is less than or equal to the number - of pixels specified by Width and Height. If no such bitmap exists, then EFI_NOT_FOUND - is returned. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[in, out] Width On entry, points to the desired bitmap width. If NULL then no - bitmap information will be returned. On exit, points to the - width of the bitmap returned. - @param[in, out] Height On entry, points to the desired bitmap height. If NULL then no - bitmap information will be returned. On exit, points to the - height of the bitmap returned - @param[out] Hii On return, holds the HII database handle. - @param[out] Image On return, holds the HII image identifier. - - @retval EFI_SUCCESS Image identifier returned successfully. - @retval EFI_NOT_FOUND Image identifier not returned. - @retval EFI_INVALID_PARAMETER Hii is NULL or Image is NULL. - -**/ -EFI_STATUS -EFIAPI -CredentialTile ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - IN OUT UINTN *Width, - IN OUT UINTN *Height, - OUT EFI_HII_HANDLE *Hii, - OUT EFI_IMAGE_ID *Image - ) -{ - if ((This == NULL) || (Hii == NULL) || (Image == NULL)) { - return EFI_INVALID_PARAMETER; - } - return EFI_NOT_FOUND; -} - - -/** - Returns string used to describe the credential provider type. - - This function returns a string which describes the credential provider. If no - such string exists, then EFI_NOT_FOUND is returned. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[out] Hii On return, holds the HII database handle. - @param[out] String On return, holds the HII string identifier. - - @retval EFI_SUCCESS String identifier returned successfully. - @retval EFI_NOT_FOUND String identifier not returned. - @retval EFI_INVALID_PARAMETER Hii is NULL or String is NULL. - -**/ -EFI_STATUS -EFIAPI -CredentialTitle ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - OUT EFI_HII_HANDLE *Hii, - OUT EFI_STRING_ID *String - ) -{ - if ((This == NULL) || (Hii == NULL) || (String == NULL)) { - return EFI_INVALID_PARAMETER; - } - - // - // Set Hii handle and String ID. - // - *Hii = mCallbackInfo->HiiHandle; - *String = STRING_TOKEN (STR_CREDENTIAL_TITLE); - - return EFI_SUCCESS; -} - - -/** - Return the user identifier associated with the currently authenticated user. - - This function returns the user identifier of the user authenticated by this credential - provider. This function is called after the credential-related information has been - submitted on a form, OR after a call to Default() has returned that this credential is - ready to log on. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[in] User The user profile handle of the user profile currently being - considered by the user identity manager. If NULL, then no user - profile is currently under consideration. - @param[out] Identifier On return, points to the user identifier. - - @retval EFI_SUCCESS User identifier returned successfully. - @retval EFI_NOT_READY No user identifier can be returned. - @retval EFI_ACCESS_DENIED The user has been locked out of this user credential. - @retval EFI_INVALID_PARAMETER This is NULL, or Identifier is NULL. - @retval EFI_NOT_FOUND User is not NULL, and the specified user handle can't be - found in user profile database - -**/ -EFI_STATUS -EFIAPI -CredentialUser ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - IN EFI_USER_PROFILE_HANDLE User, - OUT EFI_USER_INFO_IDENTIFIER *Identifier - ) -{ - EFI_STATUS Status; - UINTN Index; - EFI_USER_INFO *UserInfo; - UINT8 *UserId; - UINT8 *NewUserId; - CHAR8 *Pwd; - CHAR8 *NewPwd; - - if ((This == NULL) || (Identifier == NULL)) { - return EFI_INVALID_PARAMETER; - } - - if (mPwdTable->ValidIndex == 0) { - // - // No password input, or the input password doesn't match - // anyone in PwdTable. - // - return EFI_NOT_READY; - } - - if (User == NULL) { - // - // Return the user ID whose password matches the input password. - // - CopyMem ( - Identifier, - &mPwdTable->UserInfo[mPwdTable->ValidIndex - 1].UserId, - sizeof (EFI_USER_INFO_IDENTIFIER) - ); - return EFI_SUCCESS; - } - - // - // Get the User's ID. - // - Status = FindUserInfoByType ( - User, - EFI_USER_INFO_IDENTIFIER_RECORD, - &UserInfo - ); - if (EFI_ERROR (Status)) { - return EFI_NOT_FOUND; - } - - // - // Check whether the input password matches one in PwdTable. - // - for (Index = 0; Index < mPwdTable->Count; Index++) { - UserId = (UINT8 *) &mPwdTable->UserInfo[Index].UserId; - NewUserId = (UINT8 *) (UserInfo + 1); - if (CompareMem (UserId, NewUserId, sizeof (EFI_USER_INFO_IDENTIFIER)) == 0) { - Pwd = mPwdTable->UserInfo[Index].Password; - NewPwd = mPwdTable->UserInfo[mPwdTable->ValidIndex - 1].Password; - if (CompareMem (Pwd, NewPwd, CREDENTIAL_LEN) == 0) { - CopyMem (Identifier, UserId, sizeof (EFI_USER_INFO_IDENTIFIER)); - FreePool (UserInfo); - return EFI_SUCCESS; - } - } - } - - FreePool (UserInfo); - return EFI_NOT_READY; -} - - -/** - Indicate that user interface interaction has begun for the specified credential. - - This function is called when a credential provider is selected by the user. If - AutoLogon returns FALSE, then the user interface will be constructed by the User - Identity Manager. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[out] AutoLogon On return, points to the credential provider's capabilities - after the credential provider has been selected by the user. - - @retval EFI_SUCCESS Credential provider successfully selected. - @retval EFI_INVALID_PARAMETER AutoLogon is NULL. - -**/ -EFI_STATUS -EFIAPI -CredentialSelect ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon - ) -{ - if ((This == NULL) || (AutoLogon == NULL)) { - return EFI_INVALID_PARAMETER; - } - *AutoLogon = 0; - - return EFI_SUCCESS; -} - - -/** - Indicate that user interface interaction has ended for the specified credential. - - This function is called when a credential provider is deselected by the user. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - - @retval EFI_SUCCESS Credential provider successfully deselected. - -**/ -EFI_STATUS -EFIAPI -CredentialDeselect ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This - ) -{ - if (This == NULL) { - return EFI_INVALID_PARAMETER; - } - return EFI_SUCCESS; -} - - -/** - Return the default logon behavior for this user credential. - - This function reports the default login behavior regarding this credential provider. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[out] AutoLogon On return, holds whether the credential provider should be used - by default to automatically log on the user. - - @retval EFI_SUCCESS Default information successfully returned. - @retval EFI_INVALID_PARAMETER AutoLogon is NULL. - -**/ -EFI_STATUS -EFIAPI -CredentialDefault ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon - ) -{ - if ((This == NULL) || (AutoLogon == NULL)) { - return EFI_INVALID_PARAMETER; - } - *AutoLogon = 0; - - return EFI_SUCCESS; -} - - -/** - Return information attached to the credential provider. - - This function returns user information. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[in] UserInfo Handle of the user information data record. - @param[out] Info On entry, points to a buffer of at least *InfoSize bytes. On - exit, holds the user information. If the buffer is too small - to hold the information, then EFI_BUFFER_TOO_SMALL is returned - and InfoSize is updated to contain the number of bytes actually - required. - @param[in, out] InfoSize On entry, points to the size of Info. On return, points to the - size of the user information. - - @retval EFI_SUCCESS Information returned successfully. - @retval EFI_BUFFER_TOO_SMALL The size specified by InfoSize is too small to hold all of the - user information. The size required is returned in *InfoSize. - @retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL. - @retval EFI_NOT_FOUND The specified UserInfo does not refer to a valid user info handle. - -**/ -EFI_STATUS -EFIAPI -CredentialGetInfo ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - IN EFI_USER_INFO_HANDLE UserInfo, - OUT EFI_USER_INFO *Info, - IN OUT UINTN *InfoSize - ) -{ - EFI_USER_INFO *CredentialInfo; - UINTN Index; - - if ((This == NULL) || (InfoSize == NULL) || (Info == NULL)) { - return EFI_INVALID_PARAMETER; - } - - if ((UserInfo == NULL) || (mPwdInfoHandle == NULL)) { - return EFI_NOT_FOUND; - } - - // - // Find information handle in credential info table. - // - for (Index = 0; Index < mPwdInfoHandle->Count; Index++) { - CredentialInfo = mPwdInfoHandle->Info[Index]; - if (UserInfo == (EFI_USER_INFO_HANDLE)CredentialInfo) { - // - // The handle is found, copy the user info. - // - if (CredentialInfo->InfoSize > *InfoSize) { - *InfoSize = CredentialInfo->InfoSize; - return EFI_BUFFER_TOO_SMALL; - } - CopyMem (Info, CredentialInfo, CredentialInfo->InfoSize); - return EFI_SUCCESS; - } - } - - return EFI_NOT_FOUND; -} - - -/** - Enumerate all of the user informations on the credential provider. - - This function returns the next user information record. To retrieve the first user - information record handle, point UserInfo at a NULL. Each subsequent call will retrieve - another user information record handle until there are no more, at which point UserInfo - will point to NULL. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[in, out] UserInfo On entry, points to the previous user information handle or NULL - to start enumeration. On exit, points to the next user information - handle or NULL if there is no more user information. - - @retval EFI_SUCCESS User information returned. - @retval EFI_NOT_FOUND No more user information found. - @retval EFI_INVALID_PARAMETER UserInfo is NULL. - -**/ -EFI_STATUS -EFIAPI -CredentialGetNextInfo ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - IN OUT EFI_USER_INFO_HANDLE *UserInfo - ) -{ - EFI_USER_INFO *Info; - CHAR16 *ProvNameStr; - UINTN InfoLen; - UINTN Index; - UINTN ProvStrLen; - - if ((This == NULL) || (UserInfo == NULL)) { - return EFI_INVALID_PARAMETER; - } - - if (mPwdInfoHandle == NULL) { - // - // Initilized user info table. There are 4 user info records in the table. - // - InfoLen = sizeof (PASSWORD_CREDENTIAL_INFO) + (4 - 1) * sizeof (EFI_USER_INFO *); - mPwdInfoHandle = AllocateZeroPool (InfoLen); - if (mPwdInfoHandle == NULL) { - *UserInfo = NULL; - return EFI_NOT_FOUND; - } - - // - // The first information, Credential Provider info. - // - InfoLen = sizeof (EFI_USER_INFO) + sizeof (EFI_GUID); - Info = AllocateZeroPool (InfoLen); - ASSERT (Info != NULL); - - Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_RECORD; - Info->InfoSize = (UINT32) InfoLen; - Info->InfoAttribs = EFI_USER_INFO_PROTECTED; - CopyGuid (&Info->Credential, &gPwdCredentialProviderGuid); - CopyGuid ((EFI_GUID *)(Info + 1), &gPwdCredentialProviderGuid); - - mPwdInfoHandle->Info[0] = Info; - mPwdInfoHandle->Count++; - - // - // The second information, Credential Provider name info. - // - ProvNameStr = GetStringById (STRING_TOKEN (STR_PROVIDER_NAME)); - ProvStrLen = StrSize (ProvNameStr); - InfoLen = sizeof (EFI_USER_INFO) + ProvStrLen; - Info = AllocateZeroPool (InfoLen); - ASSERT (Info != NULL); - - Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD; - Info->InfoSize = (UINT32) InfoLen; - Info->InfoAttribs = EFI_USER_INFO_PROTECTED; - CopyGuid (&Info->Credential, &gPwdCredentialProviderGuid); - CopyMem ((UINT8*)(Info + 1), ProvNameStr, ProvStrLen); - FreePool (ProvNameStr); - - mPwdInfoHandle->Info[1] = Info; - mPwdInfoHandle->Count++; - - // - // The third information, Credential Provider type info. - // - InfoLen = sizeof (EFI_USER_INFO) + sizeof (EFI_GUID); - Info = AllocateZeroPool (InfoLen); - ASSERT (Info != NULL); - - Info->InfoType = EFI_USER_INFO_CREDENTIAL_TYPE_RECORD; - Info->InfoSize = (UINT32) InfoLen; - Info->InfoAttribs = EFI_USER_INFO_PROTECTED; - CopyGuid (&Info->Credential, &gPwdCredentialProviderGuid); - CopyGuid ((EFI_GUID *)(Info + 1), &gEfiUserCredentialClassPasswordGuid); - - mPwdInfoHandle->Info[2] = Info; - mPwdInfoHandle->Count++; - - // - // The fourth information, Credential Provider type name info. - // - ProvNameStr = GetStringById (STRING_TOKEN (STR_PROVIDER_TYPE_NAME)); - ProvStrLen = StrSize (ProvNameStr); - InfoLen = sizeof (EFI_USER_INFO) + ProvStrLen; - Info = AllocateZeroPool (InfoLen); - ASSERT (Info != NULL); - - Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD; - Info->InfoSize = (UINT32) InfoLen; - Info->InfoAttribs = EFI_USER_INFO_PROTECTED; - CopyGuid (&Info->Credential, &gPwdCredentialProviderGuid); - CopyMem ((UINT8*)(Info + 1), ProvNameStr, ProvStrLen); - FreePool (ProvNameStr); - - mPwdInfoHandle->Info[3] = Info; - mPwdInfoHandle->Count++; - } - - if (*UserInfo == NULL) { - // - // Return the first info handle. - // - *UserInfo = (EFI_USER_INFO_HANDLE) mPwdInfoHandle->Info[0]; - return EFI_SUCCESS; - } - - // - // Find information handle in credential info table. - // - for (Index = 0; Index < mPwdInfoHandle->Count; Index++) { - Info = mPwdInfoHandle->Info[Index]; - if (*UserInfo == (EFI_USER_INFO_HANDLE)Info) { - // - // The handle is found, get the next one. - // - if (Index == mPwdInfoHandle->Count - 1) { - // - // Already last one. - // - *UserInfo = NULL; - return EFI_NOT_FOUND; - } - - Index++; - *UserInfo = (EFI_USER_INFO_HANDLE)mPwdInfoHandle->Info[Index]; - return EFI_SUCCESS; - } - } - - *UserInfo = NULL; - return EFI_NOT_FOUND; -} - -/** - Delete a user on this credential provider. - - This function deletes a user on this credential provider. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[in] User The user profile handle to delete. - - @retval EFI_SUCCESS User profile was successfully deleted. - @retval EFI_ACCESS_DENIED Current user profile does not permit deletion on the user profile handle. - Either the user profile cannot delete on any user profile or cannot delete - on a user profile other than the current user profile. - @retval EFI_UNSUPPORTED This credential provider does not support deletion in the pre-OS. - @retval EFI_DEVICE_ERROR The new credential could not be deleted because of a device error. - @retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle. -**/ -EFI_STATUS -EFIAPI -CredentialDelete ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - IN EFI_USER_PROFILE_HANDLE User - ) -{ - EFI_STATUS Status; - EFI_USER_INFO *UserInfo; - UINT8 *UserId; - UINT8 *NewUserId; - UINTN Index; - - if ((This == NULL) || (User == NULL)) { - return EFI_INVALID_PARAMETER; - } - - // - // Get User Identifier. - // - UserInfo = NULL; - Status = FindUserInfoByType ( - User, - EFI_USER_INFO_IDENTIFIER_RECORD, - &UserInfo - ); - if (EFI_ERROR (Status)) { - return EFI_INVALID_PARAMETER; - } - - // - // Find the user by user identifier in mPwdTable. - // - for (Index = 0; Index < mPwdTable->Count; Index++) { - UserId = (UINT8 *) &mPwdTable->UserInfo[Index].UserId; - NewUserId = (UINT8 *) (UserInfo + 1); - if (CompareMem (UserId, NewUserId, sizeof (EFI_USER_INFO_IDENTIFIER)) == 0) { - // - // Found the user, delete it. - // - ModifyTable (Index, NULL); - break; - } - } - - FreePool (UserInfo); - return EFI_SUCCESS; -} - - -/** - Main entry for this driver. - - @param ImageHandle Image handle this driver. - @param SystemTable Pointer to SystemTable. - - @retval EFI_SUCESS This function always complete successfully. - -**/ -EFI_STATUS -EFIAPI -PasswordProviderInit ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable - ) -{ - EFI_STATUS Status; - - // - // It is NOT robust enough to be included in production. - // - #error "This implementation is just a sample, please comment this line if you really want to use this driver." - - // - // Init credential table. - // - Status = InitCredentialTable (); - if (EFI_ERROR (Status)) { - return Status; - } - - // - // Init Form Browser. - // - Status = InitFormBrowser (); - if (EFI_ERROR (Status)) { - return Status; - } - - // - // Install protocol interfaces for the password credential provider. - // - Status = gBS->InstallProtocolInterface ( - &mCallbackInfo->DriverHandle, - &gEfiUserCredential2ProtocolGuid, - EFI_NATIVE_INTERFACE, - &gPwdCredentialProviderDriver - ); - return Status; -} diff --git a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProvider.h b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProvider.h deleted file mode 100644 index fd782549fd..0000000000 --- a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProvider.h +++ /dev/null @@ -1,374 +0,0 @@ -/** @file - Password Credential Provider driver header file. - -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> -This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#ifndef _PASSWORD_CREDENTIAL_PROVIDER_H_ -#define _PASSWORD_CREDENTIAL_PROVIDER_H_ - -#include <Uefi.h> - -#include <Guid/GlobalVariable.h> - -#include <Protocol/HiiConfigAccess.h> -#include <Protocol/UserCredential2.h> -#include <Protocol/UserManager.h> - -#include <Library/UefiRuntimeServicesTableLib.h> -#include <Library/UefiBootServicesTableLib.h> -#include <Library/MemoryAllocationLib.h> -#include <Library/BaseMemoryLib.h> -#include <Library/DevicePathLib.h> -#include <Library/DebugLib.h> -#include <Library/UefiLib.h> -#include <Library/PrintLib.h> -#include <Library/HiiLib.h> -#include <Library/BaseCryptLib.h> - -#include "PwdCredentialProviderData.h" - -extern UINT8 PwdCredentialProviderStrings[]; -extern UINT8 PwdCredentialProviderVfrBin[]; - -#define PASSWORD_TABLE_INC 16 -#define CREDENTIAL_LEN 20 - -// -// Password credential information. -// -typedef struct { - EFI_USER_INFO_IDENTIFIER UserId; - CHAR8 Password[CREDENTIAL_LEN]; -} PASSWORD_INFO; - -// -// Password credential table. -// -typedef struct { - UINTN Count; - UINTN MaxCount; - UINTN ValidIndex; - PASSWORD_INFO UserInfo[1]; -} CREDENTIAL_TABLE; - -// -// The user information on the password provider. -// -typedef struct { - UINTN Count; - EFI_USER_INFO *Info[1]; -} PASSWORD_CREDENTIAL_INFO; - -/// -/// HII specific Vendor Device Path definition. -/// -typedef struct { - VENDOR_DEVICE_PATH VendorDevicePath; - EFI_DEVICE_PATH_PROTOCOL End; -} HII_VENDOR_DEVICE_PATH; - -#define PWD_PROVIDER_SIGNATURE SIGNATURE_32 ('P', 'W', 'D', 'P') - -typedef struct { - UINTN Signature; - EFI_HANDLE DriverHandle; - EFI_HII_HANDLE HiiHandle; - // - // Produced protocol. - // - EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess; -} PWD_PROVIDER_CALLBACK_INFO; - - -/** - Enroll a user on a credential provider. - - This function enrolls a user on this credential provider. If the user exists on - this credential provider, update the user information on this credential provider; - otherwise delete the user information on credential provider. - - @param[in] This Points to this instance of EFI_USER_CREDENTIAL2_PROTOCOL. - @param[in] User The user profile to enroll. - - @retval EFI_SUCCESS User profile was successfully enrolled. - @retval EFI_ACCESS_DENIED Current user profile does not permit enrollment on the - user profile handle. Either the user profile cannot enroll - on any user profile or cannot enroll on a user profile - other than the current user profile. - @retval EFI_UNSUPPORTED This credential provider does not support enrollment in - the pre-OS. - @retval EFI_DEVICE_ERROR The new credential could not be created because of a device - error. - @retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle. - -**/ -EFI_STATUS -EFIAPI -CredentialEnroll ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - IN EFI_USER_PROFILE_HANDLE User - ); - -/** - Returns the user interface information used during user identification. - - This function returns information about the form used when interacting with the - user during user identification. The form is the first enabled form in the form-set - class EFI_HII_USER_CREDENTIAL_FORMSET_GUID installed on the HII handle HiiHandle. If - the user credential provider does not require a form to identify the user, then this - function should return EFI_NOT_FOUND. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[out] Hii On return, holds the HII database handle. - @param[out] FormSetId On return, holds the identifier of the form set which contains - the form used during user identification. - @param[out] FormId On return, holds the identifier of the form used during user - identification. - - @retval EFI_SUCCESS Form returned successfully. - @retval EFI_NOT_FOUND Form not returned. - @retval EFI_INVALID_PARAMETER Hii is NULL or FormSetId is NULL or FormId is NULL. - -**/ -EFI_STATUS -EFIAPI -CredentialForm ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - OUT EFI_HII_HANDLE *Hii, - OUT EFI_GUID *FormSetId, - OUT EFI_FORM_ID *FormId - ); - -/** - Returns bitmap used to describe the credential provider type. - - This optional function returns a bitmap which is less than or equal to the number - of pixels specified by Width and Height. If no such bitmap exists, then EFI_NOT_FOUND - is returned. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[in, out] Width On entry, points to the desired bitmap width. If NULL then no - bitmap information will be returned. On exit, points to the - width of the bitmap returned. - @param[in, out] Height On entry, points to the desired bitmap height. If NULL then no - bitmap information will be returned. On exit, points to the - height of the bitmap returned - @param[out] Hii On return, holds the HII database handle. - @param[out] Image On return, holds the HII image identifier. - - @retval EFI_SUCCESS Image identifier returned successfully. - @retval EFI_NOT_FOUND Image identifier not returned. - @retval EFI_INVALID_PARAMETER Hii is NULL or Image is NULL. - -**/ -EFI_STATUS -EFIAPI -CredentialTile ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - IN OUT UINTN *Width, - IN OUT UINTN *Height, - OUT EFI_HII_HANDLE *Hii, - OUT EFI_IMAGE_ID *Image - ); - -/** - Returns string used to describe the credential provider type. - - This function returns a string which describes the credential provider. If no - such string exists, then EFI_NOT_FOUND is returned. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[out] Hii On return, holds the HII database handle. - @param[out] String On return, holds the HII string identifier. - - @retval EFI_SUCCESS String identifier returned successfully. - @retval EFI_NOT_FOUND String identifier not returned. - @retval EFI_INVALID_PARAMETER Hii is NULL or String is NULL. - -**/ -EFI_STATUS -EFIAPI -CredentialTitle ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - OUT EFI_HII_HANDLE *Hii, - OUT EFI_STRING_ID *String - ); - -/** - Return the user identifier associated with the currently authenticated user. - - This function returns the user identifier of the user authenticated by this credential - provider. This function is called after the credential-related information has been - submitted on a form OR after a call to Default() has returned that this credential is - ready to log on. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[in] User The user profile handle of the user profile currently being - considered by the user identity manager. If NULL, then no user - profile is currently under consideration. - @param[out] Identifier On return, points to the user identifier. - - @retval EFI_SUCCESS User identifier returned successfully. - @retval EFI_NOT_READY No user identifier can be returned. - @retval EFI_ACCESS_DENIED The user has been locked out of this user credential. - @retval EFI_INVALID_PARAMETER This is NULL, or Identifier is NULL. - @retval EFI_NOT_FOUND User is not NULL, and the specified user handle can't be - found in user profile database - -**/ -EFI_STATUS -EFIAPI -CredentialUser ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - IN EFI_USER_PROFILE_HANDLE User, - OUT EFI_USER_INFO_IDENTIFIER *Identifier - ); - -/** - Indicate that user interface interaction has begun for the specified credential. - - This function is called when a credential provider is selected by the user. If - AutoLogon returns FALSE, then the user interface will be constructed by the User - Identity Manager. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[out] AutoLogon On return, points to the credential provider's capabilities - after the credential provider has been selected by the user. - - @retval EFI_SUCCESS Credential provider successfully selected. - @retval EFI_INVALID_PARAMETER AutoLogon is NULL. - -**/ -EFI_STATUS -EFIAPI -CredentialSelect ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon - ); - -/** - Indicate that user interface interaction has ended for the specified credential. - - This function is called when a credential provider is deselected by the user. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - - @retval EFI_SUCCESS Credential provider successfully deselected. - -**/ -EFI_STATUS -EFIAPI -CredentialDeselect ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This - ); - -/** - Return the default logon behavior for this user credential. - - This function reports the default login behavior regarding this credential provider. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[out] AutoLogon On return, holds whether the credential provider should be used - by default to automatically log on the user. - - @retval EFI_SUCCESS Default information successfully returned. - @retval EFI_INVALID_PARAMETER AutoLogon is NULL. - -**/ -EFI_STATUS -EFIAPI -CredentialDefault ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon - ); - -/** - Return information attached to the credential provider. - - This function returns user information. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[in] UserInfo Handle of the user information data record. - @param[out] Info On entry, points to a buffer of at least *InfoSize bytes. On - exit, holds the user information. If the buffer is too small - to hold the information, then EFI_BUFFER_TOO_SMALL is returned - and InfoSize is updated to contain the number of bytes actually - required. - @param[in, out] InfoSize On entry, points to the size of Info. On return, points to the - size of the user information. - - @retval EFI_SUCCESS Information returned successfully. - @retval EFI_BUFFER_TOO_SMALL The size specified by InfoSize is too small to hold all of the - user information. The size required is returned in *InfoSize. - @retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL. - @retval EFI_NOT_FOUND The specified UserInfo does not refer to a valid user info handle. - -**/ -EFI_STATUS -EFIAPI -CredentialGetInfo ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - IN EFI_USER_INFO_HANDLE UserInfo, - OUT EFI_USER_INFO *Info, - IN OUT UINTN *InfoSize - ); - - -/** - Enumerate all of the user informations on the credential provider. - - This function returns the next user information record. To retrieve the first user - information record handle, point UserInfo at a NULL. Each subsequent call will retrieve - another user information record handle until there are no more, at which point UserInfo - will point to NULL. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[in, out] UserInfo On entry, points to the previous user information handle or NULL - to start enumeration. On exit, points to the next user information - handle or NULL if there is no more user information. - - @retval EFI_SUCCESS User information returned. - @retval EFI_NOT_FOUND No more user information found. - @retval EFI_INVALID_PARAMETER UserInfo is NULL. - -**/ -EFI_STATUS -EFIAPI -CredentialGetNextInfo ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - IN OUT EFI_USER_INFO_HANDLE *UserInfo - ); - -/** - Delete a user on this credential provider. - - This function deletes a user on this credential provider. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[in] User The user profile handle to delete. - - @retval EFI_SUCCESS User profile was successfully deleted. - @retval EFI_ACCESS_DENIED Current user profile does not permit deletion on the user profile handle. - Either the user profile cannot delete on any user profile or cannot delete - on a user profile other than the current user profile. - @retval EFI_UNSUPPORTED This credential provider does not support deletion in the pre-OS. - @retval EFI_DEVICE_ERROR The new credential could not be deleted because of a device error. - @retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle. -**/ -EFI_STATUS -EFIAPI -CredentialDelete ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - IN EFI_USER_PROFILE_HANDLE User - ); - -#endif diff --git a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProvider.uni b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProvider.uni deleted file mode 100644 index 749e9a8f17..0000000000 --- a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProvider.uni +++ /dev/null @@ -1,21 +0,0 @@ -// /** @file -// Provides a password credential provider implementation -// -// This module provides a password credential provider implementation. -// -// Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR> -// -// This program and the accompanying materials -// are licensed and made available under the terms and conditions of the BSD License -// which accompanies this distribution. The full text of the license may be found at -// http://opensource.org/licenses/bsd-license.php -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -// -// **/ - - -#string STR_MODULE_ABSTRACT #language en-US "Provides a password credential provider implementation" - -#string STR_MODULE_DESCRIPTION #language en-US "This module provides a password credential provider implementation." - diff --git a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderData.h b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderData.h deleted file mode 100644 index 31bdfe4c50..0000000000 --- a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderData.h +++ /dev/null @@ -1,30 +0,0 @@ -/** @file - Data structure used by the Password Credential Provider driver. - -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> -This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#ifndef _PWD_CREDENTIAL_PROVIDER_DATA_H_ -#define _PWD_CREDENTIAL_PROVIDER_DATA_H_ - -#include <Guid/PwdCredentialProviderHii.h> - -// -// Forms definition -// -#define FORMID_GET_PASSWORD_FORM 1 - -// -// Key defination -// -#define KEY_GET_PASSWORD 0x1000 - -#endif diff --git a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderDxe.inf b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderDxe.inf deleted file mode 100644 index ab7ba2c913..0000000000 --- a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderDxe.inf +++ /dev/null @@ -1,65 +0,0 @@ -## @file -# Provides a password credential provider implementation -# This module provides a password credential provider implementation. -# -# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> -# This program and the accompanying materials -# are licensed and made available under the terms and conditions of the BSD License -# which accompanies this distribution. The full text of the license may be found at -# http://opensource.org/licenses/bsd-license.php -# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -# -## - -[Defines] - INF_VERSION = 0x00010005 - BASE_NAME = PwdCredentialProvider - MODULE_UNI_FILE = PwdCredentialProvider.uni - FILE_GUID = D6C589EA-DD29-49ef-97F6-1A9FE19A04E0 - MODULE_TYPE = UEFI_DRIVER - VERSION_STRING = 1.0 - ENTRY_POINT = PasswordProviderInit - -[Sources] - PwdCredentialProvider.c - PwdCredentialProvider.h - PwdCredentialProviderData.h - PwdCredentialProviderVfr.Vfr - PwdCredentialProviderStrings.uni - -[Packages] - MdePkg/MdePkg.dec - MdeModulePkg/MdeModulePkg.dec - CryptoPkg/CryptoPkg.dec - SecurityPkg/SecurityPkg.dec - -[LibraryClasses] - UefiRuntimeServicesTableLib - UefiBootServicesTableLib - UefiDriverEntryPoint - MemoryAllocationLib - BaseMemoryLib - DebugLib - HiiLib - UefiLib - BaseCryptLib - -[Guids] - gEfiUserCredentialClassPasswordGuid ## SOMETIMES_CONSUMES ## GUID - - ## PRODUCES ## Variable:L"PwdCredential" - ## CONSUMES ## Variable:L"PwdCredential" - ## CONSUMES ## HII - ## SOMETIMES_CONSUMES ## GUID # The credential provider identifier - gPwdCredentialProviderGuid - -[Protocols] - gEfiDevicePathProtocolGuid ## PRODUCES - gEfiHiiConfigAccessProtocolGuid ## PRODUCES - gEfiUserCredential2ProtocolGuid ## PRODUCES - gEfiUserManagerProtocolGuid ## SOMETIMES_CONSUMES - -[UserExtensions.TianoCore."ExtraFiles"] - PwdCredentialProviderExtra.uni - diff --git a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderExtra.uni b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderExtra.uni deleted file mode 100644 index bcc220a51d..0000000000 --- a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderExtra.uni +++ /dev/null @@ -1,19 +0,0 @@ -// /** @file -// PwdCredentialProvider Localized Strings and Content -// -// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> -// -// This program and the accompanying materials -// are licensed and made available under the terms and conditions of the BSD License -// which accompanies this distribution. The full text of the license may be found at -// http://opensource.org/licenses/bsd-license.php -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -// -// **/ - -#string STR_PROPERTIES_MODULE_NAME -#language en-US -"Password Credential Provider" - - diff --git a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderStrings.uni b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderStrings.uni deleted file mode 100644 index e7b3126f83..0000000000 --- a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderStrings.uni +++ /dev/null @@ -1,38 +0,0 @@ -/** @file - String definitions for the Password Credential Provider. - -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> -This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php. - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#langdef en-US "English" -#langdef fr-FR "Francais" - -#string STR_CREDENTIAL_TITLE #language en-US "Password Credential Provider" - #language fr-FR "Password Credential Provider (French)" -#string STR_FORM_TITLE #language en-US "Get Password" - #language fr-FR "Get Password(French)" -#string STR_NULL_STRING #language en-US "" - #language fr-FR "" -#string STR_INPUT_PASSWORD #language en-US "Please Input Password" - #language fr-FR "Please Input Password(French)" -#string STR_PROVIDER_NAME #language en-US "INTEL Password Credential Provider" - #language fr-FR "INTEL Password Credential Provider(French)" -#string STR_PROVIDER_TYPE_NAME #language en-US "Password Credential Provider" - #language fr-FR "Password Credential Provider(French)" -#string STR_INPUT_PASSWORD_AGAIN #language en-US "Input Password Again" - #language fr-FR "Input Password Again (French)" -#string STR_DRAW_A_LINE #language en-US "-----------------------------" - #language fr-FR "------------------------------------" -#string STR_PASSWORD_INCORRECT #language en-US " Incorrect Password! " - #language fr-FR " Incorrect Password! (French) " -#string STR_PASSWORD_MISMATCH #language en-US " The Password Mismatch! " - #language fr-FR " The Password Mismatch! (French) " - diff --git a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderVfr.Vfr b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderVfr.Vfr deleted file mode 100644 index 60972203b0..0000000000 --- a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderVfr.Vfr +++ /dev/null @@ -1,34 +0,0 @@ -/** @file - Password Credential Provider formset. - -Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR> -This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include "PwdCredentialProviderData.h" - -formset - guid = PWD_CREDENTIAL_PROVIDER_GUID, - title = STRING_TOKEN(STR_CREDENTIAL_TITLE), - help = STRING_TOKEN(STR_NULL_STRING), - classguid = PWD_CREDENTIAL_PROVIDER_GUID, - - form formid = FORMID_GET_PASSWORD_FORM, - title = STRING_TOKEN(STR_FORM_TITLE); - - text - help = STRING_TOKEN(STR_NULL_STRING), - text = STRING_TOKEN(STR_INPUT_PASSWORD), - flags = INTERACTIVE, - key = KEY_GET_PASSWORD; - - endform; - -endformset; \ No newline at end of file diff --git a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.c b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.c deleted file mode 100644 index 841e975103..0000000000 --- a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.c +++ /dev/null @@ -1,1410 +0,0 @@ -/** @file - Usb Credential Provider driver implemenetation. - -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> -This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include "UsbCredentialProvider.h" - -CREDENTIAL_TABLE *mUsbTable = NULL; -USB_PROVIDER_CALLBACK_INFO *mCallbackInfo = NULL; -USB_CREDENTIAL_INFO *mUsbInfoHandle = NULL; - -EFI_USER_CREDENTIAL2_PROTOCOL gUsbCredentialProviderDriver = { - USB_CREDENTIAL_PROVIDER_GUID, - EFI_USER_CREDENTIAL_CLASS_SECURE_CARD, - CredentialEnroll, - CredentialForm, - CredentialTile, - CredentialTitle, - CredentialUser, - CredentialSelect, - CredentialDeselect, - CredentialDefault, - CredentialGetInfo, - CredentialGetNextInfo, - EFI_CREDENTIAL_CAPABILITIES_ENROLL, - CredentialDelete -}; - - -/** - Get string by string id from HII Interface. - - - @param[in] Id String ID to get the string from. - - @retval CHAR16 * String from ID. - @retval NULL If error occurs. - -**/ -CHAR16 * -GetStringById ( - IN EFI_STRING_ID Id - ) -{ - // - // Get the current string for the current Language - // - return HiiGetString (mCallbackInfo->HiiHandle, Id, NULL); -} - - -/** - Expand password table size. - -**/ -VOID -ExpandTableSize ( - VOID - ) -{ - CREDENTIAL_TABLE *NewTable; - UINTN Count; - - Count = mUsbTable->MaxCount + USB_TABLE_INC; - // - // Create new credential table. - // - NewTable = AllocateZeroPool ( - sizeof (CREDENTIAL_TABLE) - sizeof (USB_INFO) + - Count * sizeof (USB_INFO) - ); - ASSERT (NewTable != NULL); - - NewTable->MaxCount = Count; - NewTable->Count = mUsbTable->Count; - - // - // Copy old entries. - // - CopyMem ( - &NewTable->UserInfo, - &mUsbTable->UserInfo, - mUsbTable->Count * sizeof (USB_INFO) - ); - FreePool (mUsbTable); - mUsbTable = NewTable; -} - - -/** - Add, update or delete info in table, and sync with NV variable. - - @param[in] Index The index of the password in table. If index is found in - table, update the info, else add the into to table. - @param[in] Info The new credential info to add into table. If Info is NULL, - delete the info by Index. - - @retval EFI_INVALID_PARAMETER Info is NULL when save the info. - @retval EFI_SUCCESS Modify the table successfully. - @retval Others Failed to modify the table. - -**/ -EFI_STATUS -ModifyTable ( - IN UINTN Index, - IN USB_INFO * Info OPTIONAL - ) -{ - EFI_STATUS Status; - USB_INFO *NewUsbInfo; - - NewUsbInfo = NULL; - if (Index < mUsbTable->Count) { - if (Info == NULL) { - // - // Delete the specified entry. - // - mUsbTable->Count--; - if (Index != mUsbTable->Count) { - NewUsbInfo = &mUsbTable->UserInfo[mUsbTable->Count]; - } - } else { - // - // Update the specified entry. - // - NewUsbInfo = Info; - } - } else { - // - // Add a new entry - // - if (Info == NULL) { - return EFI_INVALID_PARAMETER; - } - - if (mUsbTable->Count >= mUsbTable->MaxCount) { - ExpandTableSize (); - } - - NewUsbInfo = Info; - mUsbTable->Count++; - } - - if (NewUsbInfo != NULL) { - CopyMem (&mUsbTable->UserInfo[Index], NewUsbInfo, sizeof (USB_INFO)); - } - - // - // Save the credential table. - // - Status = gRT->SetVariable ( - L"UsbCredential", - &gUsbCredentialProviderGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, - mUsbTable->Count * sizeof (USB_INFO), - &mUsbTable->UserInfo - ); - return Status; -} - - -/** - Create a credential table - - @retval EFI_SUCCESS Create a credential table successfully. - @retval Others Failed to create a password. - -**/ -EFI_STATUS -InitCredentialTable ( - VOID - ) -{ - EFI_STATUS Status; - UINT8 *Var; - UINTN VarSize; - - // - // Get Usb credential data from NV variable. - // - VarSize = 0; - Var = NULL; - Status = gRT->GetVariable ( - L"UsbCredential", - &gUsbCredentialProviderGuid, - NULL, - &VarSize, - Var - ); - if (Status == EFI_BUFFER_TOO_SMALL) { - Var = AllocateZeroPool (VarSize); - if (Var == NULL) { - return EFI_OUT_OF_RESOURCES; - } - Status = gRT->GetVariable ( - L"UsbCredential", - &gUsbCredentialProviderGuid, - NULL, - &VarSize, - Var - ); - } - if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) { - return Status; - } - - // - // Init Usb credential table. - // - mUsbTable = AllocateZeroPool ( - sizeof (CREDENTIAL_TABLE) - sizeof (USB_INFO) + - USB_TABLE_INC * sizeof (USB_INFO) + - VarSize - ); - if (mUsbTable == NULL) { - FreePool (Var); - return EFI_OUT_OF_RESOURCES; - } - - mUsbTable->Count = VarSize / sizeof (USB_INFO); - mUsbTable->MaxCount = mUsbTable->Count + USB_TABLE_INC; - if (Var != NULL) { - CopyMem (mUsbTable->UserInfo, Var, VarSize); - FreePool (Var); - } - return EFI_SUCCESS; -} - - -/** - Read the specified file by FileName in the Usb key and return the file size in BufferSize - and file content in Buffer. - Note: the caller is responsible to free the buffer memory. - - @param FileName File to read. - @param Buffer Returned with data read from the file. - @param BufferSize Size of the data buffer. - - @retval EFI_SUCCESS The command completed successfully. - @retval EFI_OUT_OF_RESOURCES Resource allocation failed. - @retval EFI_NOT_FOUND File not found. - @retval EFI_DEVICE_ERROR Device I/O error. - -**/ -EFI_STATUS -GetFileData ( - IN CHAR16 *FileName, - OUT VOID **Buffer, - OUT UINTN *BufferSize - ) -{ - EFI_STATUS Status; - UINTN Index; - UINTN HandleCount; - UINTN ScratchBufferSize; - EFI_HANDLE *HandleBuffer; - EFI_FILE *RootFs; - EFI_FILE *FileHandle; - EFI_FILE_INFO *FileInfo; - EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *SimpleFileSystem; - EFI_BLOCK_IO_PROTOCOL *BlkIo; - - FileInfo = NULL; - FileHandle = NULL; - - Status = gBS->LocateHandleBuffer ( - ByProtocol, - &gEfiSimpleFileSystemProtocolGuid, - NULL, - &HandleCount, - &HandleBuffer - ); - if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "Can not Locate SimpleFileSystemProtocol\n")); - goto Done; - } - - // - // Find and open the file in removable media disk. - // - for (Index = 0; Index < HandleCount; Index++) { - Status = gBS->HandleProtocol ( - HandleBuffer[Index], - &gEfiBlockIoProtocolGuid, - (VOID **) &BlkIo - ); - if (EFI_ERROR (Status)) { - continue; - } - - if (BlkIo->Media->RemovableMedia) { - Status = gBS->HandleProtocol ( - HandleBuffer[Index], - &gEfiSimpleFileSystemProtocolGuid, - (VOID **) &SimpleFileSystem - ); - if (EFI_ERROR (Status)) { - continue; - } - - Status = SimpleFileSystem->OpenVolume ( - SimpleFileSystem, - &RootFs - ); - if (EFI_ERROR (Status)) { - continue; - } - - Status = RootFs->Open ( - RootFs, - &FileHandle, - FileName, - EFI_FILE_MODE_READ, - 0 - ); - if (!EFI_ERROR (Status)) { - break; - } - } - } - - FreePool (HandleBuffer); - - if (Index >= HandleCount) { - DEBUG ((DEBUG_ERROR, "Can not found the token file!\n")); - Status = EFI_NOT_FOUND; - goto Done; - } - - // - // Figure out how big the file is. - // - ScratchBufferSize = 0; - Status = FileHandle->GetInfo ( - FileHandle, - &gEfiFileInfoGuid, - &ScratchBufferSize, - NULL - ); - if (EFI_ERROR (Status) && (Status != EFI_BUFFER_TOO_SMALL)) { - DEBUG ((DEBUG_ERROR, "Can not obtain file size info!\n")); - Status = EFI_DEVICE_ERROR; - goto Done; - } - - FileInfo = AllocateZeroPool (ScratchBufferSize); - if (FileInfo == NULL) { - DEBUG ((DEBUG_ERROR, "Can not allocate enough memory for the token file!\n")); - Status = EFI_OUT_OF_RESOURCES; - goto Done; - } - - Status = FileHandle->GetInfo ( - FileHandle, - &gEfiFileInfoGuid, - &ScratchBufferSize, - FileInfo - ); - if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "Can not obtain file info from the token file!\n")); - Status = EFI_DEVICE_ERROR; - goto Done; - } - - // - // Allocate a buffer for the file. - // - *BufferSize = (UINT32) FileInfo->FileSize; - *Buffer = AllocateZeroPool (*BufferSize); - if (*Buffer == NULL) { - DEBUG ((DEBUG_ERROR, "Can not allocate a buffer for the file!\n")); - Status = EFI_OUT_OF_RESOURCES; - goto Done; - } - - // - // Load file into the allocated memory. - // - Status = FileHandle->Read (FileHandle, BufferSize, *Buffer); - if (EFI_ERROR (Status)) { - FreePool (*Buffer); - DEBUG ((DEBUG_ERROR, "Can not read the token file!\n")); - Status = EFI_DEVICE_ERROR; - goto Done; - } - - // - // Close file. - // - Status = FileHandle->Close (FileHandle); - if (EFI_ERROR (Status)) { - FreePool (*Buffer); - DEBUG ((DEBUG_ERROR, "Can not close the token file !\n")); - Status = EFI_DEVICE_ERROR; - } - -Done: - - if (FileInfo != NULL) { - FreePool (FileInfo); - } - - return Status; -} - - -/** - Hash the data to get credential. - - @param[in] Buffer Points to the data buffer - @param[in] BufferSize The size of data in buffer, in bytes. - @param[out] Credential Points to the hashed result - - @retval TRUE Hash the data successfully. - @retval FALSE Failed to hash the data. - -**/ -BOOLEAN -GenerateCredential ( - IN UINT8 *Buffer, - IN UINTN BufferSize, - OUT UINT8 *Credential - ) -{ - BOOLEAN Status; - UINTN HashSize; - VOID *Hash; - - HashSize = Sha1GetContextSize (); - Hash = AllocatePool (HashSize); - ASSERT (Hash != NULL); - - Status = Sha1Init (Hash); - if (!Status) { - goto Done; - } - - Status = Sha1Update (Hash, Buffer, BufferSize); - if (!Status) { - goto Done; - } - - Status = Sha1Final (Hash, Credential); - -Done: - FreePool (Hash); - return Status; -} - - -/** - Read the token file, and default the Token is saved at the begining of the file. - - @param[out] Token Token read from a Token file. - - @retval EFI_SUCCESS Read a Token successfully. - @retval Others Fails to read a Token. - -**/ -EFI_STATUS -GetToken ( - OUT UINT8 *Token - ) -{ - EFI_STATUS Status; - UINT8 *Buffer; - UINTN BufSize; - CHAR16 *TokenFile; - - BufSize = 0; - Buffer = NULL; - TokenFile = PcdGetPtr (PcdFixedUsbCredentialProviderTokenFileName); - Status = GetFileData (TokenFile, (VOID *)&Buffer, &BufSize); - if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "Read file %s from USB error! Status=(%r)\n", TokenFile, Status)); - return Status; - } - - if (!GenerateCredential (Buffer, BufSize, Token)) { - DEBUG ((DEBUG_ERROR, "Generate credential from read data failed!\n")); - FreePool (Buffer); - return EFI_SECURITY_VIOLATION; - } - - FreePool (Buffer); - return EFI_SUCCESS; -} - - -/** - Find a user infomation record by the information record type. - - This function searches all user information records of User from beginning - until either the information is found or there are no more user infomation - record. A match occurs when a Info.InfoType field matches the user information - record type. - - @param[in] User Points to the user profile record to search. - @param[in] InfoType The infomation type to be searched. - @param[out] Info Points to the user info found, the caller is responsible - to free. - - @retval EFI_SUCCESS Find the user information successfully. - @retval Others Fail to find the user information. - -**/ -EFI_STATUS -FindUserInfoByType ( - IN EFI_USER_PROFILE_HANDLE User, - IN UINT8 InfoType, - OUT EFI_USER_INFO **Info - ) -{ - EFI_STATUS Status; - EFI_USER_INFO *UserInfo; - UINTN UserInfoSize; - EFI_USER_INFO_HANDLE UserInfoHandle; - EFI_USER_MANAGER_PROTOCOL *UserManager; - - // - // Find user information by information type. - // - if (Info == NULL) { - return EFI_INVALID_PARAMETER; - } - - Status = gBS->LocateProtocol ( - &gEfiUserManagerProtocolGuid, - NULL, - (VOID **) &UserManager - ); - if (EFI_ERROR (Status)) { - return EFI_NOT_FOUND; - } - - // - // Get each user information. - // - - UserInfoHandle = NULL; - UserInfo = NULL; - UserInfoSize = 0; - while (TRUE) { - Status = UserManager->GetNextInfo (UserManager, User, &UserInfoHandle); - if (EFI_ERROR (Status)) { - break; - } - // - // Get information. - // - Status = UserManager->GetInfo ( - UserManager, - User, - UserInfoHandle, - UserInfo, - &UserInfoSize - ); - if (Status == EFI_BUFFER_TOO_SMALL) { - if (UserInfo != NULL) { - FreePool (UserInfo); - } - UserInfo = AllocateZeroPool (UserInfoSize); - if (UserInfo == NULL) { - return EFI_OUT_OF_RESOURCES; - } - Status = UserManager->GetInfo ( - UserManager, - User, - UserInfoHandle, - UserInfo, - &UserInfoSize - ); - } - if (EFI_ERROR (Status)) { - break; - } - - ASSERT (UserInfo != NULL); - if (UserInfo->InfoType == InfoType) { - *Info = UserInfo; - return EFI_SUCCESS; - } - } - - if (UserInfo != NULL) { - FreePool (UserInfo); - } - return Status; -} - - -/** - This function initialize the data mainly used in form browser. - - @retval EFI_SUCCESS Initialize form data successfully. - @retval Others Fail to Initialize form data. - -**/ -EFI_STATUS -InitFormBrowser ( - VOID - ) -{ - USB_PROVIDER_CALLBACK_INFO *CallbackInfo; - - // - // Initialize driver private data. - // - CallbackInfo = AllocateZeroPool (sizeof (USB_PROVIDER_CALLBACK_INFO)); - if (CallbackInfo == NULL) { - return EFI_OUT_OF_RESOURCES; - } - - CallbackInfo->DriverHandle = NULL; - - // - // Publish HII data. - // - CallbackInfo->HiiHandle = HiiAddPackages ( - &gUsbCredentialProviderGuid, - CallbackInfo->DriverHandle, - UsbCredentialProviderStrings, - NULL - ); - if (CallbackInfo->HiiHandle == NULL) { - return EFI_OUT_OF_RESOURCES; - } - mCallbackInfo = CallbackInfo; - - return EFI_SUCCESS; -} - - -/** - Enroll a user on a credential provider. - - This function enrolls a user on this credential provider. If the user exists on - this credential provider, update the user information on this credential provider; - otherwise add the user information on credential provider. - - @param[in] This Points to this instance of EFI_USER_CREDENTIAL2_PROTOCOL. - @param[in] User The user profile to enroll. - - @retval EFI_SUCCESS User profile was successfully enrolled. - @retval EFI_ACCESS_DENIED Current user profile does not permit enrollment on the - user profile handle. Either the user profile cannot enroll - on any user profile or cannot enroll on a user profile - other than the current user profile. - @retval EFI_UNSUPPORTED This credential provider does not support enrollment in - the pre-OS. - @retval EFI_DEVICE_ERROR The new credential could not be created because of a device - error. - @retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle. - -**/ -EFI_STATUS -EFIAPI -CredentialEnroll ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - IN EFI_USER_PROFILE_HANDLE User - ) -{ - EFI_STATUS Status; - UINTN Index; - USB_INFO UsbInfo; - EFI_USER_INFO *UserInfo; - EFI_INPUT_KEY Key; - UINT8 *UserId; - CHAR16 *QuestionStr; - CHAR16 *PromptStr; - - if ((This == NULL) || (User == NULL)) { - return EFI_INVALID_PARAMETER; - } - - // - // Get User Identifier - // - UserInfo = NULL; - Status = FindUserInfoByType ( - User, - EFI_USER_INFO_IDENTIFIER_RECORD, - &UserInfo - ); - if (EFI_ERROR (Status)) { - return EFI_INVALID_PARAMETER; - } - - CopyMem (UsbInfo.UserId, (UINT8 *) (UserInfo + 1), sizeof (EFI_USER_INFO_IDENTIFIER)); - FreePool (UserInfo); - - // - // Get Token and User ID to UsbInfo. - // - Status = GetToken (UsbInfo.Token); - if (EFI_ERROR (Status)) { - QuestionStr = GetStringById (STRING_TOKEN (STR_READ_USB_TOKEN_ERROR)); - PromptStr = GetStringById (STRING_TOKEN (STR_INSERT_USB_TOKEN)); - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - QuestionStr, - L"", - PromptStr, - NULL - ); - FreePool (QuestionStr); - FreePool (PromptStr); - return Status; - } - - // - // Check whether User is ever enrolled in the provider. - // - for (Index = 0; Index < mUsbTable->Count; Index++) { - UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId; - if (CompareMem (UserId, (UINT8 *) &UsbInfo.UserId, sizeof (EFI_USER_INFO_IDENTIFIER)) == 0) { - // - // User already exists, update the password. - // - break; - } - } - - // - // Enroll the User to the provider. - // - Status = ModifyTable (Index, &UsbInfo); - if (EFI_ERROR (Status)) { - return Status; - } - - return EFI_SUCCESS; -} - - -/** - Returns the user interface information used during user identification. - - This function returns information about the form used when interacting with the - user during user identification. The form is the first enabled form in the form-set - class EFI_HII_USER_CREDENTIAL_FORMSET_GUID installed on the HII handle HiiHandle. If - the user credential provider does not require a form to identify the user, then this - function should return EFI_NOT_FOUND. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[out] Hii On return, holds the HII database handle. - @param[out] FormSetId On return, holds the identifier of the form set which contains - the form used during user identification. - @param[out] FormId On return, holds the identifier of the form used during user - identification. - - @retval EFI_SUCCESS Form returned successfully. - @retval EFI_NOT_FOUND Form not returned. - @retval EFI_INVALID_PARAMETER Hii is NULL or FormSetId is NULL or FormId is NULL. - -**/ -EFI_STATUS -EFIAPI -CredentialForm ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - OUT EFI_HII_HANDLE *Hii, - OUT EFI_GUID *FormSetId, - OUT EFI_FORM_ID *FormId - ) -{ - if ((This == NULL) || (Hii == NULL) || - (FormSetId == NULL) || (FormId == NULL)) { - return EFI_INVALID_PARAMETER; - } - return EFI_NOT_FOUND; -} - - -/** - Returns bitmap used to describe the credential provider type. - - This optional function returns a bitmap which is less than or equal to the number - of pixels specified by Width and Height. If no such bitmap exists, then EFI_NOT_FOUND - is returned. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[in, out] Width On entry, points to the desired bitmap width. If NULL then no - bitmap information will be returned. On exit, points to the - width of the bitmap returned. - @param[in, out] Height On entry, points to the desired bitmap height. If NULL then no - bitmap information will be returned. On exit, points to the - height of the bitmap returned. - @param[out] Hii On return, holds the HII database handle. - @param[out] Image On return, holds the HII image identifier. - - @retval EFI_SUCCESS Image identifier returned successfully. - @retval EFI_NOT_FOUND Image identifier not returned. - @retval EFI_INVALID_PARAMETER Hii is NULL or Image is NULL. - -**/ -EFI_STATUS -EFIAPI -CredentialTile ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - IN OUT UINTN *Width, - IN OUT UINTN *Height, - OUT EFI_HII_HANDLE *Hii, - OUT EFI_IMAGE_ID *Image - ) -{ - if ((This == NULL) || (Hii == NULL) || (Image == NULL)) { - return EFI_INVALID_PARAMETER; - } - return EFI_NOT_FOUND; -} - - -/** - Returns string used to describe the credential provider type. - - This function returns a string which describes the credential provider. If no - such string exists, then EFI_NOT_FOUND is returned. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[out] Hii On return, holds the HII database handle. - @param[out] String On return, holds the HII string identifier. - - @retval EFI_SUCCESS String identifier returned successfully. - @retval EFI_NOT_FOUND String identifier not returned. - @retval EFI_INVALID_PARAMETER Hii is NULL or String is NULL. - -**/ -EFI_STATUS -EFIAPI -CredentialTitle ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - OUT EFI_HII_HANDLE *Hii, - OUT EFI_STRING_ID *String - ) -{ - if ((This == NULL) || (Hii == NULL) || (String == NULL)) { - return EFI_INVALID_PARAMETER; - } - // - // Set Hii handle and String ID. - // - *Hii = mCallbackInfo->HiiHandle; - *String = STRING_TOKEN (STR_CREDENTIAL_TITLE); - - return EFI_SUCCESS; -} - - -/** - Return the user identifier associated with the currently authenticated user. - - This function returns the user identifier of the user authenticated by this credential - provider. This function is called after the credential-related information has been - submitted on a form OR after a call to Default() has returned that this credential is - ready to log on. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[in] User The user profile handle of the user profile currently being - considered by the user identity manager. If NULL, then no user - profile is currently under consideration. - @param[out] Identifier On return, points to the user identifier. - - @retval EFI_SUCCESS User identifier returned successfully. - @retval EFI_NOT_READY No user identifier can be returned. - @retval EFI_ACCESS_DENIED The user has been locked out of this user credential. - @retval EFI_INVALID_PARAMETER This is NULL, or Identifier is NULL. - @retval EFI_NOT_FOUND User is not NULL, and the specified user handle can't be - found in user profile database. - -**/ -EFI_STATUS -EFIAPI -CredentialUser ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - IN EFI_USER_PROFILE_HANDLE User, - OUT EFI_USER_INFO_IDENTIFIER *Identifier - ) -{ - EFI_STATUS Status; - UINTN Index; - EFI_USER_INFO *UserInfo; - UINT8 *UserId; - UINT8 *NewUserId; - UINT8 *UserToken; - UINT8 ReadToken[HASHED_CREDENTIAL_LEN]; - EFI_INPUT_KEY Key; - CHAR16 *QuestionStr; - CHAR16 *PromptStr; - - if ((This == NULL) || (Identifier == NULL)) { - return EFI_INVALID_PARAMETER; - } - - if (User == NULL) { - // - // Verify the auto logon user, get user id by matched token. - // - if (mUsbTable->Count == 0) { - return EFI_NOT_READY; - } - - // - // No user selected, get token first and verify the user existed in user database. - // - Status = GetToken (ReadToken); - if (EFI_ERROR (Status)) { - return EFI_NOT_READY; - } - - for (Index = 0; Index < mUsbTable->Count; Index++) { - // - // find the specified credential in the Usb credential database. - // - UserToken = mUsbTable->UserInfo[Index].Token; - if (CompareMem (UserToken, ReadToken, HASHED_CREDENTIAL_LEN) == 0) { - UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId; - CopyMem (Identifier, UserId, sizeof (EFI_USER_INFO_IDENTIFIER)); - return EFI_SUCCESS; - } - } - - return EFI_NOT_READY; - } - - // - // User is not NULL here. Read a token, and check whether the token matches with - // the selected user's Token. If not, try to find a token in token DB to matches - // with read token. - // - - Status = GetToken (ReadToken); - if (EFI_ERROR (Status)) { - QuestionStr = GetStringById (STRING_TOKEN (STR_READ_USB_TOKEN_ERROR)); - PromptStr = GetStringById (STRING_TOKEN (STR_INSERT_USB_TOKEN)); - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - QuestionStr, - L"", - PromptStr, - NULL - ); - FreePool (QuestionStr); - FreePool (PromptStr); - return EFI_NOT_FOUND; - } - - // - // Get the selected user's identifier. - // - Status = FindUserInfoByType (User, EFI_USER_INFO_IDENTIFIER_RECORD, &UserInfo); - if (EFI_ERROR (Status)) { - return EFI_NOT_FOUND; - } - - // - // Check the selected user's Token with the read token. - // - for (Index = 0; Index < mUsbTable->Count; Index++) { - UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId; - NewUserId = (UINT8 *) (UserInfo + 1); - if (CompareMem (UserId, NewUserId, sizeof (EFI_USER_INFO_IDENTIFIER)) == 0) { - // - // The user's ID is found in the UsbTable. - // - UserToken = mUsbTable->UserInfo[Index].Token; - if (CompareMem (UserToken, ReadToken, HASHED_CREDENTIAL_LEN) == 0) { - // - // The read token matches with the one in UsbTable. - // - CopyMem (Identifier, UserId, sizeof (EFI_USER_INFO_IDENTIFIER)); - FreePool (UserInfo); - return EFI_SUCCESS; - } - } - } - - FreePool (UserInfo); - - return EFI_NOT_READY; -} - - -/** - Indicate that user interface interaction has begun for the specified credential. - - This function is called when a credential provider is selected by the user. If - AutoLogon returns FALSE, then the user interface will be constructed by the User - Identity Manager. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[out] AutoLogon On return, points to the credential provider's capabilities - after the credential provider has been selected by the user. - - @retval EFI_SUCCESS Credential provider successfully selected. - @retval EFI_INVALID_PARAMETER AutoLogon is NULL. - -**/ -EFI_STATUS -EFIAPI -CredentialSelect ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon - ) -{ - if ((This == NULL) || (AutoLogon == NULL)) { - return EFI_INVALID_PARAMETER; - } - - *AutoLogon = EFI_CREDENTIAL_LOGON_FLAG_DEFAULT | EFI_CREDENTIAL_LOGON_FLAG_AUTO; - - return EFI_SUCCESS; -} - - -/** - Indicate that user interface interaction has ended for the specified credential. - - This function is called when a credential provider is deselected by the user. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - - @retval EFI_SUCCESS Credential provider successfully deselected. - -**/ -EFI_STATUS -EFIAPI -CredentialDeselect ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This - ) -{ - if (This == NULL) { - return EFI_INVALID_PARAMETER; - } - return EFI_SUCCESS; -} - - -/** - Return the default logon behavior for this user credential. - - This function reports the default login behavior regarding this credential provider. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[out] AutoLogon On return, holds whether the credential provider should be used - by default to automatically log on the user. - - @retval EFI_SUCCESS Default information successfully returned. - @retval EFI_INVALID_PARAMETER AutoLogon is NULL. - -**/ -EFI_STATUS -EFIAPI -CredentialDefault ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon - ) -{ - if ((This == NULL) || (AutoLogon == NULL)) { - return EFI_INVALID_PARAMETER; - } - - *AutoLogon = EFI_CREDENTIAL_LOGON_FLAG_DEFAULT | EFI_CREDENTIAL_LOGON_FLAG_AUTO; - return EFI_SUCCESS; -} - - -/** - Return information attached to the credential provider. - - This function returns user information. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[in] UserInfo Handle of the user information data record. - @param[out] Info On entry, points to a buffer of at least *InfoSize bytes. On - exit, holds the user information. If the buffer is too small - to hold the information, then EFI_BUFFER_TOO_SMALL is returned - and InfoSize is updated to contain the number of bytes actually - required. - @param[in, out] InfoSize On entry, points to the size of Info. On return, points to the - size of the user information. - - @retval EFI_SUCCESS Information returned successfully. - @retval EFI_BUFFER_TOO_SMALL The size specified by InfoSize is too small to hold all of the - user information. The size required is returned in *InfoSize. - @retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL. - @retval EFI_NOT_FOUND The specified UserInfo does not refer to a valid user info handle. - -**/ -EFI_STATUS -EFIAPI -CredentialGetInfo ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - IN EFI_USER_INFO_HANDLE UserInfo, - OUT EFI_USER_INFO *Info, - IN OUT UINTN *InfoSize - ) -{ - EFI_USER_INFO *CredentialInfo; - UINTN Index; - - if ((This == NULL) || (InfoSize == NULL) || (Info == NULL)) { - return EFI_INVALID_PARAMETER; - } - - if ((UserInfo == NULL) || (mUsbInfoHandle == NULL)) { - return EFI_NOT_FOUND; - } - - // - // Find information handle in credential info table. - // - for (Index = 0; Index < mUsbInfoHandle->Count; Index++) { - CredentialInfo = mUsbInfoHandle->Info[Index]; - if (UserInfo == (EFI_USER_INFO_HANDLE)CredentialInfo) { - // - // The handle is found, copy the user info. - // - if (CredentialInfo->InfoSize > *InfoSize) { - *InfoSize = CredentialInfo->InfoSize; - return EFI_BUFFER_TOO_SMALL; - } - - CopyMem (Info, CredentialInfo, CredentialInfo->InfoSize); - return EFI_SUCCESS; - } - } - - return EFI_NOT_FOUND; -} - - -/** - Enumerate all of the user informations on the credential provider. - - This function returns the next user information record. To retrieve the first user - information record handle, point UserInfo at a NULL. Each subsequent call will retrieve - another user information record handle until there are no more, at which point UserInfo - will point to NULL. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[in, out] UserInfo On entry, points to the previous user information handle or NULL - to start enumeration. On exit, points to the next user information - handle or NULL if there is no more user information. - - @retval EFI_SUCCESS User information returned. - @retval EFI_NOT_FOUND No more user information found. - @retval EFI_INVALID_PARAMETER UserInfo is NULL. - -**/ -EFI_STATUS -EFIAPI -CredentialGetNextInfo ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - IN OUT EFI_USER_INFO_HANDLE *UserInfo - ) -{ - EFI_USER_INFO *Info; - CHAR16 *ProvNameStr; - UINTN InfoLen; - UINTN Index; - UINTN ProvStrLen; - - if ((This == NULL) || (UserInfo == NULL)) { - return EFI_INVALID_PARAMETER; - } - - if (mUsbInfoHandle == NULL) { - // - // Initilized user info table. There are 4 user info records in the table. - // - InfoLen = sizeof (USB_CREDENTIAL_INFO) + (4 - 1) * sizeof (EFI_USER_INFO *); - mUsbInfoHandle = AllocateZeroPool (InfoLen); - if (mUsbInfoHandle == NULL) { - *UserInfo = NULL; - return EFI_NOT_FOUND; - } - - // - // The first information, Credential Provider info. - // - InfoLen = sizeof (EFI_USER_INFO) + sizeof (EFI_GUID); - Info = AllocateZeroPool (InfoLen); - ASSERT (Info != NULL); - - Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_RECORD; - Info->InfoSize = (UINT32) InfoLen; - Info->InfoAttribs = EFI_USER_INFO_PROTECTED; - CopyGuid (&Info->Credential, &gUsbCredentialProviderGuid); - CopyGuid ((EFI_GUID *)(Info + 1), &gUsbCredentialProviderGuid); - - mUsbInfoHandle->Info[0] = Info; - mUsbInfoHandle->Count++; - - // - // The second information, Credential Provider name info. - // - ProvNameStr = GetStringById (STRING_TOKEN (STR_PROVIDER_NAME)); - ProvStrLen = StrSize (ProvNameStr); - InfoLen = sizeof (EFI_USER_INFO) + ProvStrLen; - Info = AllocateZeroPool (InfoLen); - ASSERT (Info != NULL); - - Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD; - Info->InfoSize = (UINT32) InfoLen; - Info->InfoAttribs = EFI_USER_INFO_PROTECTED; - CopyGuid (&Info->Credential, &gUsbCredentialProviderGuid); - CopyMem ((UINT8*)(Info + 1), ProvNameStr, ProvStrLen); - FreePool (ProvNameStr); - - mUsbInfoHandle->Info[1] = Info; - mUsbInfoHandle->Count++; - - // - // The third information, Credential Provider type info. - // - InfoLen = sizeof (EFI_USER_INFO) + sizeof (EFI_GUID); - Info = AllocateZeroPool (InfoLen); - ASSERT (Info != NULL); - - Info->InfoType = EFI_USER_INFO_CREDENTIAL_TYPE_RECORD; - Info->InfoSize = (UINT32) InfoLen; - Info->InfoAttribs = EFI_USER_INFO_PROTECTED; - CopyGuid (&Info->Credential, &gUsbCredentialProviderGuid); - CopyGuid ((EFI_GUID *)(Info + 1), &gEfiUserCredentialClassSecureCardGuid); - - mUsbInfoHandle->Info[2] = Info; - mUsbInfoHandle->Count++; - - // - // The fourth information, Credential Provider type name info. - // - ProvNameStr = GetStringById (STRING_TOKEN (STR_PROVIDER_TYPE_NAME)); - ProvStrLen = StrSize (ProvNameStr); - InfoLen = sizeof (EFI_USER_INFO) + ProvStrLen; - Info = AllocateZeroPool (InfoLen); - ASSERT (Info != NULL); - - Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD; - Info->InfoSize = (UINT32) InfoLen; - Info->InfoAttribs = EFI_USER_INFO_PROTECTED; - CopyGuid (&Info->Credential, &gUsbCredentialProviderGuid); - CopyMem ((UINT8*)(Info + 1), ProvNameStr, ProvStrLen); - FreePool (ProvNameStr); - - mUsbInfoHandle->Info[3] = Info; - mUsbInfoHandle->Count++; - } - - if (*UserInfo == NULL) { - // - // Return the first info handle. - // - *UserInfo = (EFI_USER_INFO_HANDLE) mUsbInfoHandle->Info[0]; - return EFI_SUCCESS; - } - - // - // Find information handle in credential info table. - // - for (Index = 0; Index < mUsbInfoHandle->Count; Index++) { - Info = mUsbInfoHandle->Info[Index]; - if (*UserInfo == (EFI_USER_INFO_HANDLE)Info) { - // - // The handle is found, get the next one. - // - if (Index == mUsbInfoHandle->Count - 1) { - // - // Already last one. - // - *UserInfo = NULL; - return EFI_NOT_FOUND; - } - Index++; - *UserInfo = (EFI_USER_INFO_HANDLE)mUsbInfoHandle->Info[Index]; - return EFI_SUCCESS; - } - } - - *UserInfo = NULL; - return EFI_NOT_FOUND; -} - - -/** - Delete a user on this credential provider. - - This function deletes a user on this credential provider. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[in] User The user profile handle to delete. - - @retval EFI_SUCCESS User profile was successfully deleted. - @retval EFI_ACCESS_DENIED Current user profile does not permit deletion on the user profile handle. - Either the user profile cannot delete on any user profile or cannot delete - on a user profile other than the current user profile. - @retval EFI_UNSUPPORTED This credential provider does not support deletion in the pre-OS. - @retval EFI_DEVICE_ERROR The new credential could not be deleted because of a device error. - @retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle. -**/ -EFI_STATUS -EFIAPI -CredentialDelete ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - IN EFI_USER_PROFILE_HANDLE User - ) -{ - EFI_STATUS Status; - EFI_USER_INFO *UserInfo; - UINT8 *UserId; - UINT8 *NewUserId; - UINTN Index; - - if ((This == NULL) || (User == NULL)) { - return EFI_INVALID_PARAMETER; - } - - // - // Get User Identifier. - // - UserInfo = NULL; - Status = FindUserInfoByType ( - User, - EFI_USER_INFO_IDENTIFIER_RECORD, - &UserInfo - ); - if (EFI_ERROR (Status)) { - return EFI_INVALID_PARAMETER; - } - - // - // Find the user by user identifier in mPwdTable. - // - for (Index = 0; Index < mUsbTable->Count; Index++) { - UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId; - NewUserId = (UINT8 *) (UserInfo + 1); - if (CompareMem (UserId, NewUserId, sizeof (EFI_USER_INFO_IDENTIFIER)) == 0) { - // - // Found the user, delete it. - // - ModifyTable (Index, NULL); - break; - } - } - - FreePool (UserInfo); - return EFI_SUCCESS; -} - - -/** - Main entry for this driver. - - @param ImageHandle Image handle this driver. - @param SystemTable Pointer to SystemTable. - - @retval EFI_SUCESS This function always complete successfully. - -**/ -EFI_STATUS -EFIAPI -UsbProviderInit ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable - ) -{ - EFI_STATUS Status; - - // - // It is NOT robust enough to be included in production. - // - #error "This implementation is just a sample, please comment this line if you really want to use this driver." - - // - // Init credential table. - // - Status = InitCredentialTable (); - if (EFI_ERROR (Status)) { - return Status; - } - - // - // Init Form Browser - // - Status = InitFormBrowser (); - if (EFI_ERROR (Status)) { - return Status; - } - - // - // Install protocol interfaces for the Usb Credential Provider. - // - Status = gBS->InstallProtocolInterface ( - &mCallbackInfo->DriverHandle, - &gEfiUserCredential2ProtocolGuid, - EFI_NATIVE_INTERFACE, - &gUsbCredentialProviderDriver - ); - return Status; -} diff --git a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.h b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.h deleted file mode 100644 index 63f6576045..0000000000 --- a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.h +++ /dev/null @@ -1,361 +0,0 @@ -/** @file - Usb Credential Provider driver header file. - -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> -This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#ifndef _USB_CREDENTIAL_PROVIDER_H_ -#define _USB_CREDENTIAL_PROVIDER_H_ - -#include <Uefi.h> - -#include <Guid/GlobalVariable.h> -#include <Guid/FileInfo.h> -#include <Guid/SecurityPkgTokenSpace.h> -#include <Guid/UsbCredentialProviderHii.h> - -#include <Protocol/SimpleFileSystem.h> -#include <Protocol/BlockIo.h> -#include <Protocol/UserCredential2.h> -#include <Protocol/UserManager.h> - -#include <Library/UefiRuntimeServicesTableLib.h> -#include <Library/UefiBootServicesTableLib.h> -#include <Library/MemoryAllocationLib.h> -#include <Library/BaseMemoryLib.h> -#include <Library/DevicePathLib.h> -#include <Library/BaseCryptLib.h> -#include <Library/DebugLib.h> -#include <Library/UefiLib.h> -#include <Library/PrintLib.h> -#include <Library/HiiLib.h> -#include <Library/PcdLib.h> - -extern UINT8 UsbCredentialProviderStrings[]; - -#define USB_TABLE_INC 16 -#define HASHED_CREDENTIAL_LEN 20 - -// -// Save the enroll user credential Information. -// -typedef struct { - EFI_USER_INFO_IDENTIFIER UserId; - UINT8 Token[HASHED_CREDENTIAL_LEN]; -} USB_INFO; - -// -// USB Credential Table. -// -typedef struct { - UINTN Count; - UINTN MaxCount; - USB_INFO UserInfo[1]; -} CREDENTIAL_TABLE; - -// -// The user information on the USB provider. -// -typedef struct { - UINTN Count; - EFI_USER_INFO *Info[1]; -} USB_CREDENTIAL_INFO; - -#define USB_PROVIDER_SIGNATURE SIGNATURE_32 ('U', 'S', 'B', 'P') - -typedef struct { - UINTN Signature; - EFI_HANDLE DriverHandle; - EFI_HII_HANDLE HiiHandle; -} USB_PROVIDER_CALLBACK_INFO; - -/** - Enroll a user on a credential provider. - - This function enrolls and deletes a user profile using this credential provider. - If a user profile is successfully enrolled, it calls the User Manager Protocol - function Notify() to notify the user manager driver that credential information - has changed. If an enrolled user does exist, delete the user on the credential - provider. - - @param[in] This Points to this instance of EFI_USER_CREDENTIAL2_PROTOCOL. - @param[in] User The user profile to enroll. - - @retval EFI_SUCCESS User profile was successfully enrolled. - @retval EFI_ACCESS_DENIED Current user profile does not permit enrollment on the - user profile handle. Either the user profile cannot enroll - on any user profile or cannot enroll on a user profile - other than the current user profile. - @retval EFI_UNSUPPORTED This credential provider does not support enrollment in - the pre-OS. - @retval EFI_DEVICE_ERROR The new credential could not be created because of a device - error. - @retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle. - -**/ -EFI_STATUS -EFIAPI -CredentialEnroll ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - IN EFI_USER_PROFILE_HANDLE User - ); - -/** - Returns the user interface information used during user identification. - - This function enrolls a user on this credential provider. If the user exists on - this credential provider, update the user information on this credential provider; - otherwise delete the user information on credential provider. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[out] Hii On return, holds the HII database handle. - @param[out] FormSetId On return, holds the identifier of the form set which contains - the form used during user identification. - @param[out] FormId On return, holds the identifier of the form used during user - identification. - - @retval EFI_SUCCESS Form returned successfully. - @retval EFI_NOT_FOUND Form not returned. - @retval EFI_INVALID_PARAMETER Hii is NULL or FormSetId is NULL or FormId is NULL. - -**/ -EFI_STATUS -EFIAPI -CredentialForm ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - OUT EFI_HII_HANDLE *Hii, - OUT EFI_GUID *FormSetId, - OUT EFI_FORM_ID *FormId - ); - -/** - Returns bitmap used to describe the credential provider type. - - This optional function returns a bitmap which is less than or equal to the number - of pixels specified by Width and Height. If no such bitmap exists, then EFI_NOT_FOUND - is returned. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[in, out] Width On entry, points to the desired bitmap width. If NULL then no - bitmap information will be returned. On exit, points to the - width of the bitmap returned. - @param[in, out] Height On entry, points to the desired bitmap height. If NULL then no - bitmap information will be returned. On exit, points to the - height of the bitmap returned. - @param[out] Hii On return, holds the HII database handle. - @param[out] Image On return, holds the HII image identifier. - - @retval EFI_SUCCESS Image identifier returned successfully. - @retval EFI_NOT_FOUND Image identifier not returned. - @retval EFI_INVALID_PARAMETER Hii is NULL or Image is NULL. - -**/ -EFI_STATUS -EFIAPI -CredentialTile ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - IN OUT UINTN *Width, - IN OUT UINTN *Height, - OUT EFI_HII_HANDLE *Hii, - OUT EFI_IMAGE_ID *Image - ); - -/** - Returns string used to describe the credential provider type. - - This function returns a string which describes the credential provider. If no - such string exists, then EFI_NOT_FOUND is returned. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[out] Hii On return, holds the HII database handle. - @param[out] String On return, holds the HII string identifier. - - @retval EFI_SUCCESS String identifier returned successfully. - @retval EFI_NOT_FOUND String identifier not returned. - @retval EFI_INVALID_PARAMETER Hii is NULL or String is NULL. - -**/ -EFI_STATUS -EFIAPI -CredentialTitle ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - OUT EFI_HII_HANDLE *Hii, - OUT EFI_STRING_ID *String - ); - -/** - Return the user identifier associated with the currently authenticated user. - - This function returns the user identifier of the user authenticated by this credential - provider. This function is called after the credential-related information has been - submitted on a form OR after a call to Default() has returned that this credential is - ready to log on. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[in] User The user profile handle of the user profile currently being - considered by the user identity manager. If NULL, then no user - profile is currently under consideration. - @param[out] Identifier On return, points to the user identifier. - - @retval EFI_SUCCESS User identifier returned successfully. - @retval EFI_NOT_READY No user identifier can be returned. - @retval EFI_ACCESS_DENIED The user has been locked out of this user credential. - @retval EFI_INVALID_PARAMETER This is NULL, or Identifier is NULL. - @retval EFI_NOT_FOUND User is not NULL, and the specified user handle can't be - found in user profile database. - -**/ -EFI_STATUS -EFIAPI -CredentialUser ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - IN EFI_USER_PROFILE_HANDLE User, - OUT EFI_USER_INFO_IDENTIFIER *Identifier - ); - -/** - Indicate that user interface interaction has begun for the specified credential. - - This function is called when a credential provider is selected by the user. If - AutoLogon returns FALSE, then the user interface will be constructed by the User - Identity Manager. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[out] AutoLogon On return, points to the credential provider's capabilities - after the credential provider has been selected by the user. - - @retval EFI_SUCCESS Credential provider successfully selected. - @retval EFI_INVALID_PARAMETER AutoLogon is NULL. - -**/ -EFI_STATUS -EFIAPI -CredentialSelect ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon - ); - -/** - Indicate that user interface interaction has ended for the specified credential. - - This function is called when a credential provider is deselected by the user. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - - @retval EFI_SUCCESS Credential provider successfully deselected. - -**/ -EFI_STATUS -EFIAPI -CredentialDeselect ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This - ); - -/** - Return the default logon behavior for this user credential. - - This function reports the default login behavior regarding this credential provider. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[out] AutoLogon On return, holds whether the credential provider should be used - by default to automatically log on the user. - - @retval EFI_SUCCESS Default information successfully returned. - @retval EFI_INVALID_PARAMETER AutoLogon is NULL. - -**/ -EFI_STATUS -EFIAPI -CredentialDefault ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon - ); - -/** - Return information attached to the credential provider. - - This function returns user information. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[in] UserInfo Handle of the user information data record. - @param[out] Info On entry, points to a buffer of at least *InfoSize bytes. On - exit, holds the user information. If the buffer is too small - to hold the information, then EFI_BUFFER_TOO_SMALL is returned - and InfoSize is updated to contain the number of bytes actually - required. - @param[in, out] InfoSize On entry, points to the size of Info. On return, points to the - size of the user information. - - @retval EFI_SUCCESS Information returned successfully. - @retval EFI_BUFFER_TOO_SMALL The size specified by InfoSize is too small to hold all of the - user information. The size required is returned in *InfoSize. - @retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL. - @retval EFI_NOT_FOUND The specified UserInfo does not refer to a valid user info handle. - -**/ -EFI_STATUS -EFIAPI -CredentialGetInfo ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - IN EFI_USER_INFO_HANDLE UserInfo, - OUT EFI_USER_INFO *Info, - IN OUT UINTN *InfoSize - ); - -/** - Enumerate all of the user informations on the credential provider. - - This function returns the next user information record. To retrieve the first user - information record handle, point UserInfo at a NULL. Each subsequent call will retrieve - another user information record handle until there are no more, at which point UserInfo - will point to NULL. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[in, out] UserInfo On entry, points to the previous user information handle or NULL - to start enumeration. On exit, points to the next user information - handle or NULL if there is no more user information. - - @retval EFI_SUCCESS User information returned. - @retval EFI_NOT_FOUND No more user information found. - @retval EFI_INVALID_PARAMETER UserInfo is NULL. - -**/ -EFI_STATUS -EFIAPI -CredentialGetNextInfo ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - IN OUT EFI_USER_INFO_HANDLE *UserInfo - ); - -/** - Delete a user on this credential provider. - - This function deletes a user on this credential provider. - - @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[in] User The user profile handle to delete. - - @retval EFI_SUCCESS User profile was successfully deleted. - @retval EFI_ACCESS_DENIED Current user profile does not permit deletion on the user profile handle. - Either the user profile cannot delete on any user profile or cannot delete - on a user profile other than the current user profile. - @retval EFI_UNSUPPORTED This credential provider does not support deletion in the pre-OS. - @retval EFI_DEVICE_ERROR The new credential could not be deleted because of a device error. - @retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle. -**/ -EFI_STATUS -EFIAPI -CredentialDelete ( - IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, - IN EFI_USER_PROFILE_HANDLE User - ); - -#endif diff --git a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.uni b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.uni deleted file mode 100644 index 961e09f360..0000000000 --- a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.uni +++ /dev/null @@ -1,23 +0,0 @@ -// /** @file -// Provides a USB credential provider implementation -// -// This module reads a token from a token file that is saved in the root -// folder of a USB stick. The token file name can be specified by the PCD -// PcdFixedUsbCredentialProviderTokenFileName. -// -// Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR> -// -// This program and the accompanying materials -// are licensed and made available under the terms and conditions of the BSD License -// which accompanies this distribution. The full text of the license may be found at -// http://opensource.org/licenses/bsd-license.php -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -// -// **/ - - -#string STR_MODULE_ABSTRACT #language en-US "Provides a USB credential provider implementation" - -#string STR_MODULE_DESCRIPTION #language en-US "This module reads a token from a token file that is saved in the root folder of a USB stick. The token file name can be specified by the PCD PcdFixedUsbCredentialProviderTokenFileName." - diff --git a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderDxe.inf b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderDxe.inf deleted file mode 100644 index 1e8e42332f..0000000000 --- a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderDxe.inf +++ /dev/null @@ -1,70 +0,0 @@ -## @file -# Provides a USB credential provider implementation -# -# This module reads a token from a token file that is saved in the root -# folder of a USB stick. The token file name can be specified by the PCD -# PcdFixedUsbCredentialProviderTokenFileName. -# -# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> -# This program and the accompanying materials -# are licensed and made available under the terms and conditions of the BSD License -# which accompanies this distribution. The full text of the license may be found at -# http://opensource.org/licenses/bsd-license.php -# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -# -## - -[Defines] - INF_VERSION = 0x00010005 - BASE_NAME = UsbCredentialProvider - MODULE_UNI_FILE = UsbCredentialProvider.uni - FILE_GUID = 672A0C68-2BF0-46f9-93C3-C4E7DC0FA555 - MODULE_TYPE = UEFI_DRIVER - VERSION_STRING = 1.0 - ENTRY_POINT = UsbProviderInit - -[Sources] - UsbCredentialProvider.c - UsbCredentialProvider.h - UsbCredentialProviderStrings.uni - -[Packages] - MdePkg/MdePkg.dec - MdeModulePkg/MdeModulePkg.dec - CryptoPkg/CryptoPkg.dec - SecurityPkg/SecurityPkg.dec - -[LibraryClasses] - UefiRuntimeServicesTableLib - UefiBootServicesTableLib - UefiDriverEntryPoint - MemoryAllocationLib - BaseMemoryLib - DebugLib - HiiLib - UefiLib - BaseCryptLib - -[Guids] - ## PRODUCES ## Variable:L"UsbCredential" - ## CONSUMES ## Variable:L"UsbCredential" - ## CONSUMES ## HII - ## SOMETIMES_CONSUMES ## GUID # The credential provider identifier - gUsbCredentialProviderGuid - - gEfiFileInfoGuid ## SOMETIMES_CONSUMES ## GUID - gEfiUserCredentialClassSecureCardGuid ## SOMETIMES_CONSUMES ## GUID - -[Pcd] - gEfiSecurityPkgTokenSpaceGuid.PcdFixedUsbCredentialProviderTokenFileName ## SOMETIMES_CONSUMES - -[Protocols] - gEfiUserCredential2ProtocolGuid ## PRODUCES - gEfiUserManagerProtocolGuid ## SOMETIMES_CONSUMES - gEfiBlockIoProtocolGuid ## SOMETIMES_CONSUMES - gEfiSimpleFileSystemProtocolGuid ## SOMETIMES_CONSUMES - -[UserExtensions.TianoCore."ExtraFiles"] - UsbCredentialProviderExtra.uni - diff --git a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderExtra.uni b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderExtra.uni deleted file mode 100644 index a20917d5f7..0000000000 --- a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderExtra.uni +++ /dev/null @@ -1,19 +0,0 @@ -// /** @file -// UsbCredentialProvider Localized Strings and Content -// -// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> -// -// This program and the accompanying materials -// are licensed and made available under the terms and conditions of the BSD License -// which accompanies this distribution. The full text of the license may be found at -// http://opensource.org/licenses/bsd-license.php -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -// -// **/ - -#string STR_PROPERTIES_MODULE_NAME -#language en-US -"USB Credential Provider" - - diff --git a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderStrings.uni b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderStrings.uni deleted file mode 100644 index f306d50a4e..0000000000 --- a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderStrings.uni +++ /dev/null @@ -1,29 +0,0 @@ -/** @file - String definitions for the USB Credential Provider. - -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> -This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php. - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#langdef en-US "English" -#langdef fr-FR "Francais" - -#string STR_CREDENTIAL_TITLE #language en-US "USB Credential Provider" - #language fr-FR "USB Credential Provider (French)" -#string STR_NULL_STRING #language en-US "" - #language fr-FR "" -#string STR_PROVIDER_NAME #language en-US "INTEL USB Credential Provider" - #language fr-FR "INTEL USB Credential Provider (French)" -#string STR_PROVIDER_TYPE_NAME #language en-US "Secure Card Credential Provider" - #language fr-FR "Secure Card Credential Provider (French)" -#string STR_READ_USB_TOKEN_ERROR #language en-US "Read USB Token File Error!" - #language fr-FR "Read USB Token File Error! (French)" -#string STR_INSERT_USB_TOKEN #language en-US "Please insert USB key with Token" - #language fr-FR "Please insert USB key with Token (French)" diff --git a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/LoadDeferredImage.c b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/LoadDeferredImage.c deleted file mode 100644 index 2cfe130db8..0000000000 --- a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/LoadDeferredImage.c +++ /dev/null @@ -1,148 +0,0 @@ -/** @file - Load the deferred images after user is identified. - -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> -This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include "UserIdentifyManager.h" - -EFI_HANDLE mDeferredImageHandle; - -/** - The function will load all the deferred images again. If the deferred image is loaded - successfully, try to start it. - - @param Event Event whose notification function is being invoked. - @param Context Pointer to the notification function's context - -**/ -VOID -EFIAPI -LoadDeferredImage ( - IN EFI_EVENT Event, - IN VOID *Context - ) -{ - EFI_STATUS Status; - EFI_DEFERRED_IMAGE_LOAD_PROTOCOL *DeferredImage; - UINTN HandleCount; - EFI_HANDLE *HandleBuf; - UINTN Index; - UINTN DriverIndex; - EFI_DEVICE_PATH_PROTOCOL *ImageDevicePath; - VOID *DriverImage; - UINTN ImageSize; - BOOLEAN BootOption; - EFI_HANDLE ImageHandle; - UINTN ExitDataSize; - CHAR16 *ExitData; - - // - // Find all the deferred image load protocols. - // - HandleCount = 0; - HandleBuf = NULL; - Status = gBS->LocateHandleBuffer ( - ByProtocol, - &gEfiDeferredImageLoadProtocolGuid, - NULL, - &HandleCount, - &HandleBuf - ); - if (EFI_ERROR (Status)) { - return ; - } - - for (Index = 0; Index < HandleCount; Index++) { - Status = gBS->HandleProtocol ( - HandleBuf[Index], - &gEfiDeferredImageLoadProtocolGuid, - (VOID **) &DeferredImage - ); - if (EFI_ERROR (Status)) { - continue ; - } - - DriverIndex = 0; - do { - // - // Load all the deferred images in this protocol instance. - // - Status = DeferredImage->GetImageInfo( - DeferredImage, - DriverIndex, - &ImageDevicePath, - (VOID **) &DriverImage, - &ImageSize, - &BootOption - ); - if (EFI_ERROR (Status)) { - break; - } - - // - // Load and start the image. - // - Status = gBS->LoadImage ( - BootOption, - mDeferredImageHandle, - ImageDevicePath, - NULL, - 0, - &ImageHandle - ); - if (!EFI_ERROR (Status)) { - // - // Before calling the image, enable the Watchdog Timer for - // a 5 Minute period - // - gBS->SetWatchdogTimer (5 * 60, 0x0000, 0x00, NULL); - Status = gBS->StartImage (ImageHandle, &ExitDataSize, &ExitData); - - // - // Clear the Watchdog Timer after the image returns. - // - gBS->SetWatchdogTimer (0x0000, 0x0000, 0x0000, NULL); - } - DriverIndex++; - } while (TRUE); - } - FreePool (HandleBuf); -} - - -/** - Register an event notification function for user profile changed. - - @param[in] ImageHandle Image handle this driver. - -**/ -VOID -LoadDeferredImageInit ( - IN EFI_HANDLE ImageHandle - ) -{ - EFI_STATUS Status; - EFI_EVENT Event; - - mDeferredImageHandle = ImageHandle; - - Status = gBS->CreateEventEx ( - EVT_NOTIFY_SIGNAL, - TPL_CALLBACK, - LoadDeferredImage, - NULL, - &gEfiEventUserProfileChangedGuid, - &Event - ); - - ASSERT (Status == EFI_SUCCESS); -} diff --git a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManager.c b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManager.c deleted file mode 100644 index fd941792c1..0000000000 --- a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManager.c +++ /dev/null @@ -1,3766 +0,0 @@ -/** @file - This driver manages user information and produces user manager protocol. - -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> -(C) Copyright 2018 Hewlett Packard Enterprise Development LP<BR> -This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include "UserIdentifyManager.h" - -// -// Default user name. -// -CHAR16 mUserName[] = L"Administrator"; - -// -// Points to the user profile database. -// -USER_PROFILE_DB *mUserProfileDb = NULL; - -// -// Points to the credential providers found in system. -// -CREDENTIAL_PROVIDER_INFO *mProviderDb = NULL; - -// -// Current user shared in multi function. -// -EFI_USER_PROFILE_HANDLE mCurrentUser = NULL; - -// -// Flag indicates a user is identified. -// -BOOLEAN mIdentified = FALSE; -USER_MANAGER_CALLBACK_INFO *mCallbackInfo = NULL; -HII_VENDOR_DEVICE_PATH mHiiVendorDevicePath = { - { - { - HARDWARE_DEVICE_PATH, - HW_VENDOR_DP, - { - (UINT8) (sizeof (VENDOR_DEVICE_PATH)), - (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) - } - }, - USER_IDENTIFY_MANAGER_GUID - }, - { - END_DEVICE_PATH_TYPE, - END_ENTIRE_DEVICE_PATH_SUBTYPE, - { - (UINT8) (END_DEVICE_PATH_LENGTH), - (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8) - } - } -}; - - -EFI_USER_MANAGER_PROTOCOL gUserIdentifyManager = { - UserProfileCreate, - UserProfileDelete, - UserProfileGetNext, - UserProfileCurrent, - UserProfileIdentify, - UserProfileFind, - UserProfileNotify, - UserProfileGetInfo, - UserProfileSetInfo, - UserProfileDeleteInfo, - UserProfileGetNextInfo, -}; - - -/** - Find the specified user in the user database. - - This function searches the specified user from the beginning of the user database. - And if NextUser is TRUE, return the next User in the user database. - - @param[in, out] User On entry, points to the user profile entry to search. - On return, points to the user profile entry or NULL if not found. - @param[in] NextUser If FALSE, find the user in user profile database specifyed by User - If TRUE, find the next user in user profile database specifyed - by User. - @param[out] ProfileIndex A pointer to the index of user profile database that matches the - user specifyed by User. - - @retval EFI_NOT_FOUND User was NULL, or User was not found, or the next user was not found. - @retval EFI_SUCCESS User or the next user are found in user profile database - -**/ -EFI_STATUS -FindUserProfile ( - IN OUT USER_PROFILE_ENTRY **User, - IN BOOLEAN NextUser, - OUT UINTN *ProfileIndex OPTIONAL - ) -{ - UINTN Index; - - // - // Check parameters - // - if ((mUserProfileDb == NULL) || (User == NULL)) { - return EFI_NOT_FOUND; - } - - // - // Check whether the user profile is in the user profile database. - // - for (Index = 0; Index < mUserProfileDb->UserProfileNum; Index++) { - if (mUserProfileDb->UserProfile[Index] == *User) { - if (ProfileIndex != NULL) { - *ProfileIndex = Index; - } - break; - } - } - - if (NextUser) { - // - // Find the next user profile. - // - Index++; - if (Index < mUserProfileDb->UserProfileNum) { - *User = mUserProfileDb->UserProfile[Index]; - } else if (Index == mUserProfileDb->UserProfileNum) { - *User = NULL; - return EFI_NOT_FOUND; - } else { - if ((mUserProfileDb->UserProfileNum > 0) && (*User == NULL)) { - *User = mUserProfileDb->UserProfile[0]; - } else { - *User = NULL; - return EFI_NOT_FOUND; - } - } - } else if (Index == mUserProfileDb->UserProfileNum) { - return EFI_NOT_FOUND; - } - - return EFI_SUCCESS; -} - -/** - Find the specified user information record in the specified User profile. - - This function searches the specified user information record from the beginning of the user - profile. And if NextInfo is TRUE, return the next info in the user profile. - - @param[in] User Points to the user profile entry. - @param[in, out] Info On entry, points to the user information record or NULL to start - searching with the first user information record. - On return, points to the user information record or NULL if not found. - @param[in] NextInfo If FALSE, find the user information record in profile specifyed by User. - If TRUE, find the next user information record in profile specifyed - by User. - @param[out] Offset A pointer to the offset of the information record in the user profile. - - @retval EFI_INVALID_PARAMETER Info is NULL - @retval EFI_NOT_FOUND Info was not found, or the next Info was not found. - @retval EFI_SUCCESS Info or the next info are found in user profile. - -**/ -EFI_STATUS -FindUserInfo ( - IN USER_PROFILE_ENTRY * User, - IN OUT EFI_USER_INFO **Info, - IN BOOLEAN NextInfo, - OUT UINTN *Offset OPTIONAL - ) -{ - EFI_STATUS Status; - EFI_USER_INFO *UserInfo; - UINTN InfoLen; - - if (Info == NULL) { - return EFI_INVALID_PARAMETER; - } - - // - // Check user profile entry - // - Status = FindUserProfile (&User, FALSE, NULL); - if (EFI_ERROR (Status)) { - return Status; - } - - // - // Find user information in the specified user record. - // - InfoLen = 0; - while (InfoLen < User->UserProfileSize) { - UserInfo = (EFI_USER_INFO *) (User->ProfileInfo + InfoLen); - if (UserInfo == *Info) { - if (Offset != NULL) { - *Offset = InfoLen; - } - break; - } - InfoLen += ALIGN_VARIABLE (UserInfo->InfoSize); - } - - // - // Check whether to find the next user information. - // - if (NextInfo) { - if (InfoLen < User->UserProfileSize) { - UserInfo = (EFI_USER_INFO *) (User->ProfileInfo + InfoLen); - InfoLen += ALIGN_VARIABLE (UserInfo->InfoSize); - if (InfoLen < User->UserProfileSize) { - *Info = (EFI_USER_INFO *) (User->ProfileInfo + InfoLen); - if (Offset != NULL) { - *Offset = InfoLen; - } - } else if (InfoLen == User->UserProfileSize) { - *Info = NULL; - return EFI_NOT_FOUND; - } - } else { - if (*Info == NULL) { - *Info = (EFI_USER_INFO *) User->ProfileInfo; - if (Offset != NULL) { - *Offset = 0; - } - } else { - *Info = NULL; - return EFI_NOT_FOUND; - } - } - } else if (InfoLen == User->UserProfileSize) { - return EFI_NOT_FOUND; - } - - return EFI_SUCCESS; -} - -/** - Find a user infomation record by the information record type. - - This function searches all user information records of User. The search starts with the - user information record following Info and continues until either the information is found - or there are no more user infomation record. - A match occurs when a Info.InfoType field matches the user information record type. - - @param[in] User Points to the user profile record to search. - @param[in, out] Info On entry, points to the user information record or NULL to start - searching with the first user information record. - On return, points to the user information record or NULL if not found. - @param[in] InfoType The infomation type to be searched. - - @retval EFI_SUCCESS User information was found. Info points to the user information record. - @retval EFI_NOT_FOUND User information was not found. - @retval EFI_INVALID_PARAMETER User is NULL or Info is NULL. - -**/ -EFI_STATUS -FindUserInfoByType ( - IN USER_PROFILE_ENTRY *User, - IN OUT EFI_USER_INFO **Info, - IN UINT8 InfoType - ) -{ - EFI_STATUS Status; - EFI_USER_INFO *UserInfo; - UINTN InfoLen; - - if (Info == NULL) { - return EFI_INVALID_PARAMETER; - } - - // - // Check whether the user has the specified user information. - // - InfoLen = 0; - if (*Info == NULL) { - Status = FindUserProfile (&User, FALSE, NULL); - } else { - Status = FindUserInfo (User, Info, TRUE, &InfoLen); - } - - if (EFI_ERROR (Status)) { - return EFI_NOT_FOUND; - } - - while (InfoLen < User->UserProfileSize) { - UserInfo = (EFI_USER_INFO *) (User->ProfileInfo + InfoLen); - if (UserInfo->InfoType == InfoType) { - if (UserInfo != *Info) { - *Info = UserInfo; - return EFI_SUCCESS; - } - } - - InfoLen += ALIGN_VARIABLE (UserInfo->InfoSize); - } - - *Info = NULL; - return EFI_NOT_FOUND; -} - -/** - Find a user using a user information record. - - This function searches all user profiles for the specified user information record. The - search starts with the user information record handle following UserInfo and continues - until either the information is found or there are no more user profiles. - A match occurs when the Info.InfoType field matches the user information record type and the - user information record data matches the portion of Info passed the EFI_USER_INFO header. - - @param[in, out] User On entry, points to the previously returned user profile record, - or NULL to start searching with the first user profile. - On return, points to the user profile entry, or NULL if not found. - @param[in, out] UserInfo On entry, points to the previously returned user information record, - or NULL to start searching with the first. - On return, points to the user information record, or NULL if not found. - @param[in] Info Points to the buffer containing the user information to be compared - to the user information record. - @param[in] InfoSize The size of Info, in bytes. Same as Info->InfoSize. - - @retval EFI_SUCCESS User information was found. User points to the user profile record, - and UserInfo points to the user information record. - @retval EFI_NOT_FOUND User information was not found. - @retval EFI_INVALID_PARAMETER User is NULL; Info is NULL; or, InfoSize is too small. - -**/ -EFI_STATUS -FindUserProfileByInfo ( - IN OUT USER_PROFILE_ENTRY **User, - IN OUT EFI_USER_INFO **UserInfo, OPTIONAL - IN EFI_USER_INFO *Info, - IN UINTN InfoSize - ) -{ - EFI_STATUS Status; - EFI_USER_INFO *InfoEntry; - - - if ((User == NULL) || (Info == NULL)) { - return EFI_INVALID_PARAMETER; - } - - if (InfoSize < sizeof (EFI_USER_INFO)) { - return EFI_INVALID_PARAMETER; - } - - if (UserInfo != NULL) { - InfoEntry = *UserInfo; - } else { - InfoEntry = NULL; - } - // - // Find user profile according to information. - // - if (*User == NULL) { - *User = mUserProfileDb->UserProfile[0]; - } - - // - // Check user profile handle. - // - Status = FindUserProfile (User, FALSE, NULL); - - while (!EFI_ERROR (Status)) { - // - // Find the user information in a user profile. - // - while (TRUE) { - Status = FindUserInfoByType (*User, &InfoEntry, Info->InfoType); - if (EFI_ERROR (Status)) { - break; - } - - if (InfoSize == Info->InfoSize) { - if (CompareMem ((UINT8 *) (InfoEntry + 1), (UINT8 *) (Info + 1), InfoSize - sizeof (EFI_USER_INFO)) == 0) { - // - // Found the infomation record. - // - if (UserInfo != NULL) { - *UserInfo = InfoEntry; - } - return EFI_SUCCESS; - } - } - } - - // - // Get next user profile. - // - InfoEntry = NULL; - Status = FindUserProfile (User, TRUE, NULL); - } - - return EFI_NOT_FOUND; -} - - -/** - Check whether the access policy is valid. - - @param[in] PolicyInfo Point to the access policy. - @param[in] InfoLen The policy length. - - @retval TRUE The policy is a valid access policy. - @retval FALSE The access policy is not a valid access policy. - -**/ -BOOLEAN -CheckAccessPolicy ( - IN UINT8 *PolicyInfo, - IN UINTN InfoLen - ) -{ - UINTN TotalLen; - UINTN ValueLen; - UINTN OffSet; - EFI_USER_INFO_ACCESS_CONTROL Access; - EFI_DEVICE_PATH_PROTOCOL *Path; - UINTN PathSize; - - TotalLen = 0; - while (TotalLen < InfoLen) { - // - // Check access policy according to type. - // - CopyMem (&Access, PolicyInfo + TotalLen, sizeof (Access)); - ValueLen = Access.Size - sizeof (EFI_USER_INFO_ACCESS_CONTROL); - switch (Access.Type) { - case EFI_USER_INFO_ACCESS_FORBID_LOAD: - case EFI_USER_INFO_ACCESS_PERMIT_LOAD: - case EFI_USER_INFO_ACCESS_FORBID_CONNECT: - case EFI_USER_INFO_ACCESS_PERMIT_CONNECT: - OffSet = 0; - while (OffSet < ValueLen) { - Path = (EFI_DEVICE_PATH_PROTOCOL *) (PolicyInfo + TotalLen + sizeof (Access) + OffSet); - PathSize = GetDevicePathSize (Path); - OffSet += PathSize; - } - if (OffSet != ValueLen) { - return FALSE; - } - break; - - case EFI_USER_INFO_ACCESS_SETUP: - if (ValueLen % sizeof (EFI_GUID) != 0) { - return FALSE; - } - break; - - case EFI_USER_INFO_ACCESS_BOOT_ORDER: - if (ValueLen % sizeof (EFI_USER_INFO_ACCESS_BOOT_ORDER_HDR) != 0) { - return FALSE; - } - break; - - case EFI_USER_INFO_ACCESS_ENROLL_SELF: - case EFI_USER_INFO_ACCESS_ENROLL_OTHERS: - case EFI_USER_INFO_ACCESS_MANAGE: - if (ValueLen != 0) { - return FALSE; - } - break; - - default: - return FALSE; - break; - } - - TotalLen += Access.Size; - } - - if (TotalLen != InfoLen) { - return FALSE; - } - - return TRUE; -} - - -/** - Check whether the identity policy is valid. - - @param[in] PolicyInfo Point to the identity policy. - @param[in] InfoLen The policy length. - - @retval TRUE The policy is a valid identity policy. - @retval FALSE The access policy is not a valid identity policy. - -**/ -BOOLEAN -CheckIdentityPolicy ( - IN UINT8 *PolicyInfo, - IN UINTN InfoLen - ) -{ - UINTN TotalLen; - UINTN ValueLen; - EFI_USER_INFO_IDENTITY_POLICY *Identity; - - TotalLen = 0; - - // - // Check each part of policy expression. - // - while (TotalLen < InfoLen) { - // - // Check access polisy according to type. - // - Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (PolicyInfo + TotalLen); - ValueLen = Identity->Length - sizeof (EFI_USER_INFO_IDENTITY_POLICY); - switch (Identity->Type) { - // - // Check False option. - // - case EFI_USER_INFO_IDENTITY_FALSE: - if (ValueLen != 0) { - return FALSE; - } - break; - - // - // Check True option. - // - case EFI_USER_INFO_IDENTITY_TRUE: - if (ValueLen != 0) { - return FALSE; - } - break; - - // - // Check negative operation. - // - case EFI_USER_INFO_IDENTITY_NOT: - if (ValueLen != 0) { - return FALSE; - } - break; - - // - // Check and operation. - // - case EFI_USER_INFO_IDENTITY_AND: - if (ValueLen != 0) { - return FALSE; - } - break; - - // - // Check or operation. - // - case EFI_USER_INFO_IDENTITY_OR: - if (ValueLen != 0) { - return FALSE; - } - break; - - // - // Check credential provider by type. - // - case EFI_USER_INFO_IDENTITY_CREDENTIAL_TYPE: - if (ValueLen != sizeof (EFI_GUID)) { - return FALSE; - } - break; - - // - // Check credential provider by ID. - // - case EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER: - if (ValueLen != sizeof (EFI_GUID)) { - return FALSE; - } - break; - - default: - return FALSE; - break; - } - - TotalLen += Identity->Length; - } - - if (TotalLen != InfoLen) { - return FALSE; - } - - return TRUE; -} - - -/** - Check whether the user information is a valid user information record. - - @param[in] Info points to the user information. - - @retval TRUE The info is a valid user information record. - @retval FALSE The info is not a valid user information record. - -**/ -BOOLEAN -CheckUserInfo ( - IN CONST EFI_USER_INFO *Info - ) -{ - UINTN InfoLen; - - if (Info == NULL) { - return FALSE; - } - // - // Check user information according to information type. - // - InfoLen = Info->InfoSize - sizeof (EFI_USER_INFO); - switch (Info->InfoType) { - case EFI_USER_INFO_EMPTY_RECORD: - if (InfoLen != 0) { - return FALSE; - } - break; - - case EFI_USER_INFO_NAME_RECORD: - case EFI_USER_INFO_CREDENTIAL_TYPE_NAME_RECORD: - case EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD: - break; - - case EFI_USER_INFO_CREATE_DATE_RECORD: - case EFI_USER_INFO_USAGE_DATE_RECORD: - if (InfoLen != sizeof (EFI_TIME)) { - return FALSE; - } - break; - - case EFI_USER_INFO_USAGE_COUNT_RECORD: - if (InfoLen != sizeof (UINT64)) { - return FALSE; - } - break; - - case EFI_USER_INFO_IDENTIFIER_RECORD: - if (InfoLen != 16) { - return FALSE; - } - break; - - case EFI_USER_INFO_CREDENTIAL_TYPE_RECORD: - case EFI_USER_INFO_CREDENTIAL_PROVIDER_RECORD: - case EFI_USER_INFO_GUID_RECORD: - if (InfoLen != sizeof (EFI_GUID)) { - return FALSE; - } - break; - - case EFI_USER_INFO_PKCS11_RECORD: - case EFI_USER_INFO_CBEFF_RECORD: - break; - - case EFI_USER_INFO_FAR_RECORD: - case EFI_USER_INFO_RETRY_RECORD: - if (InfoLen != 1) { - return FALSE; - } - break; - - case EFI_USER_INFO_ACCESS_POLICY_RECORD: - if(!CheckAccessPolicy ((UINT8 *) (Info + 1), InfoLen)) { - return FALSE; - } - break; - - case EFI_USER_INFO_IDENTITY_POLICY_RECORD: - if (!CheckIdentityPolicy ((UINT8 *) (Info + 1), InfoLen)) { - return FALSE; - } - break; - - default: - return FALSE; - break; - } - - return TRUE; -} - - -/** - Check the user profile data format to be added. - - @param[in] UserProfileInfo Points to the user profile data. - @param[in] UserProfileSize The length of user profile data. - - @retval TRUE It is a valid user profile. - @retval FALSE It is not a valid user profile. - -**/ -BOOLEAN -CheckProfileInfo ( - IN UINT8 *UserProfileInfo, - IN UINTN UserProfileSize - ) -{ - UINTN ChkLen; - EFI_USER_INFO *Info; - - if (UserProfileInfo == NULL) { - return FALSE; - } - - // - // Check user profile information length. - // - ChkLen = 0; - while (ChkLen < UserProfileSize) { - Info = (EFI_USER_INFO *) (UserProfileInfo + ChkLen); - // - // Check user information format. - // - if (!CheckUserInfo (Info)) { - return FALSE; - } - - ChkLen += ALIGN_VARIABLE (Info->InfoSize); - } - - if (ChkLen != UserProfileSize) { - return FALSE; - } - - return TRUE; -} - - -/** - Find the specified RightType in current user profile. - - @param[in] RightType Could be EFI_USER_INFO_ACCESS_MANAGE, - EFI_USER_INFO_ACCESS_ENROLL_OTHERS or - EFI_USER_INFO_ACCESS_ENROLL_SELF. - - @retval TRUE Find the specified RightType in current user profile. - @retval FALSE Can't find the right in the profile. - -**/ -BOOLEAN -CheckCurrentUserAccessRight ( - IN UINT32 RightType - ) -{ - EFI_STATUS Status; - EFI_USER_INFO *Info; - UINTN TotalLen; - UINTN CheckLen; - EFI_USER_INFO_ACCESS_CONTROL Access; - - // - // Get user access right information. - // - Info = NULL; - Status = FindUserInfoByType ( - (USER_PROFILE_ENTRY *) mCurrentUser, - &Info, - EFI_USER_INFO_ACCESS_POLICY_RECORD - ); - if (EFI_ERROR (Status)) { - return FALSE; - } - - ASSERT (Info != NULL); - TotalLen = Info->InfoSize - sizeof (EFI_USER_INFO); - CheckLen = 0; - while (CheckLen < TotalLen) { - // - // Check right according to access type. - // - CopyMem (&Access, (UINT8 *) (Info + 1) + CheckLen, sizeof (Access)); - if (Access.Type == RightType) { - return TRUE;; - } - - CheckLen += Access.Size; - } - - return FALSE; -} - - -/** - Create a unique user identifier. - - @param[out] Identifier This points to the identifier. - -**/ -VOID -GenerateIdentifier ( - OUT UINT8 *Identifier - ) -{ - EFI_TIME Time; - UINT64 MonotonicCount; - UINT32 *MonotonicPointer; - UINTN Index; - - // - // Create a unique user identifier. - // - gRT->GetTime (&Time, NULL); - CopyMem (Identifier, &Time, sizeof (EFI_TIME)); - // - // Remove zeros. - // - for (Index = 0; Index < sizeof (EFI_TIME); Index++) { - if (Identifier[Index] == 0) { - Identifier[Index] = 0x5a; - } - } - - MonotonicPointer = (UINT32 *) Identifier; - gBS->GetNextMonotonicCount (&MonotonicCount); - MonotonicPointer[0] += (UINT32) MonotonicCount; - MonotonicPointer[1] += (UINT32) MonotonicCount; - MonotonicPointer[2] += (UINT32) MonotonicCount; - MonotonicPointer[3] += (UINT32) MonotonicCount; -} - - -/** - Generate unique user ID. - - @param[out] UserId Points to the user identifer. - -**/ -VOID -GenerateUserId ( - OUT UINT8 *UserId - ) -{ - EFI_STATUS Status; - USER_PROFILE_ENTRY *UserProfile; - EFI_USER_INFO *UserInfo; - UINTN Index; - - // - // Generate unique user ID - // - while (TRUE) { - GenerateIdentifier (UserId); - // - // Check whether it's unique in user profile database. - // - if (mUserProfileDb == NULL) { - return ; - } - - for (Index = 0; Index < mUserProfileDb->UserProfileNum; Index++) { - UserProfile = (USER_PROFILE_ENTRY *) (mUserProfileDb->UserProfile[Index]); - UserInfo = NULL; - Status = FindUserInfoByType (UserProfile, &UserInfo, EFI_USER_INFO_IDENTIFIER_RECORD); - if (EFI_ERROR (Status)) { - continue; - } - - if (CompareMem ((UINT8 *) (UserInfo + 1), UserId, sizeof (EFI_USER_INFO_IDENTIFIER)) == 0) { - break; - } - } - - if (Index == mUserProfileDb->UserProfileNum) { - return ; - } - } -} - - -/** - Expand user profile database. - - @retval TRUE Success to expand user profile database. - @retval FALSE Fail to expand user profile database. - -**/ -BOOLEAN -ExpandUsermUserProfileDb ( - VOID - ) -{ - UINTN MaxNum; - USER_PROFILE_DB *NewDataBase; - - // - // Create new user profile database. - // - if (mUserProfileDb == NULL) { - MaxNum = USER_NUMBER_INC; - } else { - MaxNum = mUserProfileDb->MaxProfileNum + USER_NUMBER_INC; - } - - NewDataBase = AllocateZeroPool ( - sizeof (USER_PROFILE_DB) - sizeof (EFI_USER_PROFILE_HANDLE) + - MaxNum * sizeof (EFI_USER_PROFILE_HANDLE) - ); - if (NewDataBase == NULL) { - return FALSE; - } - - NewDataBase->MaxProfileNum = MaxNum; - - // - // Copy old user profile database value - // - if (mUserProfileDb == NULL) { - NewDataBase->UserProfileNum = 0; - } else { - NewDataBase->UserProfileNum = mUserProfileDb->UserProfileNum; - CopyMem ( - NewDataBase->UserProfile, - mUserProfileDb->UserProfile, - NewDataBase->UserProfileNum * sizeof (EFI_USER_PROFILE_HANDLE) - ); - FreePool (mUserProfileDb); - } - - mUserProfileDb = NewDataBase; - return TRUE; -} - - -/** - Expand user profile - - @param[in] User Points to user profile. - @param[in] ExpandSize The size of user profile. - - @retval TRUE Success to expand user profile size. - @retval FALSE Fail to expand user profile size. - -**/ -BOOLEAN -ExpandUserProfile ( - IN USER_PROFILE_ENTRY *User, - IN UINTN ExpandSize - ) -{ - UINT8 *Info; - UINTN InfoSizeInc; - - // - // Allocate new memory. - // - InfoSizeInc = 128; - User->MaxProfileSize += ((ExpandSize + InfoSizeInc - 1) / InfoSizeInc) * InfoSizeInc; - Info = AllocateZeroPool (User->MaxProfileSize); - if (Info == NULL) { - return FALSE; - } - - // - // Copy exist information. - // - if (User->UserProfileSize > 0) { - CopyMem (Info, User->ProfileInfo, User->UserProfileSize); - FreePool (User->ProfileInfo); - } - - User->ProfileInfo = Info; - return TRUE; -} - - -/** - Save the user profile to non-volatile memory, or delete it from non-volatile memory. - - @param[in] User Point to the user profile - @param[in] Delete If TRUE, delete the found user profile. - If FALSE, save the user profile. - @retval EFI_SUCCESS Save or delete user profile successfully. - @retval Others Fail to change the profile. - -**/ -EFI_STATUS -SaveNvUserProfile ( - IN USER_PROFILE_ENTRY *User, - IN BOOLEAN Delete - ) -{ - EFI_STATUS Status; - - // - // Check user profile entry. - // - Status = FindUserProfile (&User, FALSE, NULL); - if (EFI_ERROR (Status)) { - return Status; - } - - // - // Save the user profile to non-volatile memory. - // - Status = gRT->SetVariable ( - User->UserVarName, - &gUserIdentifyManagerGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, - Delete ? 0 : User->UserProfileSize, - User->ProfileInfo - ); - return Status; -} - -/** - Add one new user info into the user's profile. - - @param[in] User point to the user profile - @param[in] Info Points to the user information payload. - @param[in] InfoSize The size of the user information payload, in bytes. - @param[out] UserInfo Point to the new info in user profile - @param[in] Save If TRUE, save the profile to NV flash. - If FALSE, don't need to save the profile to NV flash. - - @retval EFI_SUCCESS Add user info to user profile successfully. - @retval Others Fail to add user info to user profile. - -**/ -EFI_STATUS -AddUserInfo ( - IN USER_PROFILE_ENTRY *User, - IN UINT8 *Info, - IN UINTN InfoSize, - OUT EFI_USER_INFO **UserInfo, OPTIONAL - IN BOOLEAN Save - ) -{ - EFI_STATUS Status; - - if ((Info == NULL) || (User == NULL)) { - return EFI_INVALID_PARAMETER; - } - - // - // Check user profile handle. - // - Status = FindUserProfile (&User, FALSE, NULL); - if (EFI_ERROR (Status)) { - return Status; - } - - // - // Check user information memory size. - // - if (User->MaxProfileSize - User->UserProfileSize < ALIGN_VARIABLE (InfoSize)) { - if (!ExpandUserProfile (User, ALIGN_VARIABLE (InfoSize))) { - return EFI_OUT_OF_RESOURCES; - } - } - - // - // Add new user information. - // - CopyMem (User->ProfileInfo + User->UserProfileSize, Info, InfoSize); - if (UserInfo != NULL) { - *UserInfo = (EFI_USER_INFO *) (User->ProfileInfo + User->UserProfileSize); - } - User->UserProfileSize += ALIGN_VARIABLE (InfoSize); - - // - // Save user profile information. - // - if (Save) { - Status = SaveNvUserProfile (User, FALSE); - } - - return Status; -} - - -/** - Get the user info from the specified user info handle. - - @param[in] User Point to the user profile. - @param[in] UserInfo Point to the user information record to get. - @param[out] Info On entry, points to a buffer of at least *InfoSize bytes. - On exit, holds the user information. - @param[in, out] InfoSize On entry, points to the size of Info. - On return, points to the size of the user information. - @param[in] ChkRight If TRUE, check the user info attribute. - If FALSE, don't check the user info attribute. - - - @retval EFI_ACCESS_DENIED The information cannot be accessed by the current user. - @retval EFI_INVALID_PARAMETER InfoSize is NULL or UserInfo is NULL. - @retval EFI_BUFFER_TOO_SMALL The number of bytes specified by *InfoSize is too small to hold the - returned data. The actual size required is returned in *InfoSize. - @retval EFI_SUCCESS Information returned successfully. - -**/ -EFI_STATUS -GetUserInfo ( - IN USER_PROFILE_ENTRY *User, - IN EFI_USER_INFO *UserInfo, - OUT EFI_USER_INFO *Info, - IN OUT UINTN *InfoSize, - IN BOOLEAN ChkRight - ) -{ - EFI_STATUS Status; - - if ((InfoSize == NULL) || (UserInfo == NULL)) { - return EFI_INVALID_PARAMETER; - } - - if ((*InfoSize != 0) && (Info == NULL)) { - return EFI_INVALID_PARAMETER; - } - - // - // Find the user information to get. - // - Status = FindUserInfo (User, &UserInfo, FALSE, NULL); - if (EFI_ERROR (Status)) { - return Status; - } - - // - // Check information attributes. - // - if (ChkRight) { - switch (UserInfo->InfoAttribs & EFI_USER_INFO_ACCESS) { - case EFI_USER_INFO_PRIVATE: - case EFI_USER_INFO_PROTECTED: - if (User != mCurrentUser) { - return EFI_ACCESS_DENIED; - } - break; - - case EFI_USER_INFO_PUBLIC: - break; - - default: - return EFI_INVALID_PARAMETER; - break; - } - } - - // - // Get user information. - // - if (UserInfo->InfoSize > *InfoSize) { - *InfoSize = UserInfo->InfoSize; - return EFI_BUFFER_TOO_SMALL; - } - - *InfoSize = UserInfo->InfoSize; - if (Info != NULL) { - CopyMem (Info, UserInfo, *InfoSize); - } - - return EFI_SUCCESS; -} - - -/** - Delete the specified user information from user profile. - - @param[in] User Point to the user profile. - @param[in] Info Point to the user information record to delete. - @param[in] Save If TRUE, save the profile to NV flash. - If FALSE, don't need to save the profile to NV flash. - - @retval EFI_SUCCESS Delete user info from user profile successfully. - @retval Others Fail to delete user info from user profile. - -**/ -EFI_STATUS -DelUserInfo ( - IN USER_PROFILE_ENTRY *User, - IN EFI_USER_INFO *Info, - IN BOOLEAN Save - ) -{ - EFI_STATUS Status; - UINTN Offset; - UINTN NextOffset; - - // - // Check user information handle. - // - Status = FindUserInfo (User, &Info, FALSE, &Offset); - if (EFI_ERROR (Status)) { - return Status; - } - - if (Info->InfoType == EFI_USER_INFO_IDENTIFIER_RECORD) { - return EFI_ACCESS_DENIED; - } - - // - // Delete the specified user information. - // - NextOffset = Offset + ALIGN_VARIABLE (Info->InfoSize); - User->UserProfileSize -= ALIGN_VARIABLE (Info->InfoSize); - if (Offset < User->UserProfileSize) { - CopyMem (User->ProfileInfo + Offset, User->ProfileInfo + NextOffset, User->UserProfileSize - Offset); - } - - if (Save) { - Status = SaveNvUserProfile (User, FALSE); - } - - return Status; -} - - -/** - Add or update user information. - - @param[in] User Point to the user profile. - @param[in, out] UserInfo On entry, points to the user information to modify, - or NULL to add a new UserInfo. - On return, points to the modified user information. - @param[in] Info Points to the new user information. - @param[in] InfoSize The size of Info,in bytes. - - @retval EFI_INVALID_PARAMETER UserInfo is NULL or Info is NULL. - @retval EFI_ACCESS_DENIED The record is exclusive. - @retval EFI_SUCCESS User information was successfully changed/added. - -**/ -EFI_STATUS -ModifyUserInfo ( - IN USER_PROFILE_ENTRY *User, - IN OUT EFI_USER_INFO **UserInfo, - IN CONST EFI_USER_INFO *Info, - IN UINTN InfoSize - ) -{ - EFI_STATUS Status; - UINTN PayloadLen; - EFI_USER_INFO *OldInfo; - - if ((UserInfo == NULL) || (Info == NULL)) { - return EFI_INVALID_PARAMETER; - } - - if (InfoSize < sizeof (EFI_USER_INFO) || InfoSize != Info->InfoSize) { - return EFI_INVALID_PARAMETER; - } - - // - // Check user information. - // - if (Info->InfoType == EFI_USER_INFO_IDENTIFIER_RECORD) { - return EFI_ACCESS_DENIED; - } - - if (!CheckUserInfo (Info)) { - return EFI_INVALID_PARAMETER; - } - - - if (*UserInfo == NULL) { - // - // Add new user information. - // - OldInfo = NULL; - do { - Status = FindUserInfoByType (User, &OldInfo, Info->InfoType); - if (EFI_ERROR (Status)) { - break; - } - ASSERT (OldInfo != NULL); - - if (((OldInfo->InfoAttribs & EFI_USER_INFO_EXCLUSIVE) != 0) || - ((Info->InfoAttribs & EFI_USER_INFO_EXCLUSIVE) != 0)) { - // - // Same type can not co-exist for exclusive information. - // - return EFI_ACCESS_DENIED; - } - - // - // Check whether it exists in DB. - // - if (Info->InfoSize != OldInfo->InfoSize) { - continue; - } - - if (!CompareGuid (&OldInfo->Credential, &Info->Credential)) { - continue; - } - - PayloadLen = Info->InfoSize - sizeof (EFI_USER_INFO); - if (PayloadLen == 0) { - continue; - } - - if (CompareMem ((UINT8 *)(OldInfo + 1), (UINT8 *)(Info + 1), PayloadLen) != 0) { - continue; - } - - // - // Yes. The new info is as same as the one in profile. - // - return EFI_SUCCESS; - } while (!EFI_ERROR (Status)); - - Status = AddUserInfo (User, (UINT8 *) Info, InfoSize, UserInfo, TRUE); - return Status; - } - - // - // Modify existing user information. - // - OldInfo = *UserInfo; - if (OldInfo->InfoType != Info->InfoType) { - return EFI_INVALID_PARAMETER; - } - - if (((Info->InfoAttribs & EFI_USER_INFO_EXCLUSIVE) != 0) && - (OldInfo->InfoAttribs & EFI_USER_INFO_EXCLUSIVE) == 0) { - // - // Try to add exclusive attrib in new info. - // Check whether there is another information with the same type in profile. - // - OldInfo = NULL; - do { - Status = FindUserInfoByType (User, &OldInfo, Info->InfoType); - if (EFI_ERROR (Status)) { - break; - } - if (OldInfo != *UserInfo) { - // - // There is another information with the same type in profile. - // Therefore, can't modify existing user information to add exclusive attribute. - // - return EFI_ACCESS_DENIED; - } - } while (TRUE); - } - - Status = DelUserInfo (User, *UserInfo, FALSE); - if (EFI_ERROR (Status)) { - return Status; - } - - return AddUserInfo (User, (UINT8 *) Info, InfoSize, UserInfo, TRUE); -} - - -/** - Delete the user profile from non-volatile memory and database. - - @param[in] User Points to the user profile. - - @retval EFI_SUCCESS Delete user from the user profile successfully. - @retval Others Fail to delete user from user profile - -**/ -EFI_STATUS -DelUserProfile ( - IN USER_PROFILE_ENTRY *User - ) -{ - EFI_STATUS Status; - UINTN Index; - - // - // Check whether it is in the user profile database. - // - Status = FindUserProfile (&User, FALSE, &Index); - if (EFI_ERROR (Status)) { - return EFI_INVALID_PARAMETER; - } - - // - // Check whether it is the current user. - // - if (User == mCurrentUser) { - return EFI_ACCESS_DENIED; - } - - // - // Delete user profile from the non-volatile memory. - // - Status = SaveNvUserProfile (mUserProfileDb->UserProfile[mUserProfileDb->UserProfileNum - 1], TRUE); - if (EFI_ERROR (Status)) { - return Status; - } - mUserProfileDb->UserProfileNum--; - - // - // Modify user profile database. - // - if (Index != mUserProfileDb->UserProfileNum) { - mUserProfileDb->UserProfile[Index] = mUserProfileDb->UserProfile[mUserProfileDb->UserProfileNum]; - CopyMem ( - ((USER_PROFILE_ENTRY *) mUserProfileDb->UserProfile[Index])->UserVarName, - User->UserVarName, - sizeof (User->UserVarName) - ); - Status = SaveNvUserProfile (mUserProfileDb->UserProfile[Index], FALSE); - if (EFI_ERROR (Status)) { - return Status; - } - } - // - // Delete user profile information. - // - if (User->ProfileInfo != NULL) { - FreePool (User->ProfileInfo); - } - - FreePool (User); - return EFI_SUCCESS; -} - - -/** - Add user profile to user profile database. - - @param[out] UserProfile Point to the newly added user profile. - @param[in] ProfileSize The size of the user profile. - @param[in] ProfileInfo Point to the user profie data. - @param[in] Save If TRUE, save the new added profile to NV flash. - If FALSE, don't save the profile to NV flash. - - @retval EFI_SUCCESS Add user profile to user profile database successfully. - @retval Others Fail to add user profile to user profile database. - -**/ -EFI_STATUS -AddUserProfile ( - OUT USER_PROFILE_ENTRY **UserProfile, OPTIONAL - IN UINTN ProfileSize, - IN UINT8 *ProfileInfo, - IN BOOLEAN Save - ) -{ - EFI_STATUS Status; - USER_PROFILE_ENTRY *User; - - // - // Check the data format to be added. - // - if (!CheckProfileInfo (ProfileInfo, ProfileSize)) { - return EFI_SECURITY_VIOLATION; - } - - // - // Create user profile entry. - // - User = AllocateZeroPool (sizeof (USER_PROFILE_ENTRY)); - if (User == NULL) { - return EFI_OUT_OF_RESOURCES; - } - // - // Add the entry to the user profile database. - // - if (mUserProfileDb->UserProfileNum == mUserProfileDb->MaxProfileNum) { - if (!ExpandUsermUserProfileDb ()) { - FreePool (User); - return EFI_OUT_OF_RESOURCES; - } - } - - UnicodeSPrint ( - User->UserVarName, - sizeof (User->UserVarName), - L"User%04x", - mUserProfileDb->UserProfileNum - ); - User->UserProfileSize = 0; - User->MaxProfileSize = 0; - User->ProfileInfo = NULL; - mUserProfileDb->UserProfile[mUserProfileDb->UserProfileNum] = (EFI_USER_PROFILE_HANDLE) User; - mUserProfileDb->UserProfileNum++; - - // - // Add user profile information. - // - Status = AddUserInfo (User, ProfileInfo, ProfileSize, NULL, Save); - if (EFI_ERROR (Status)) { - DelUserProfile (User); - return Status; - } - // - // Set new user profile handle. - // - if (UserProfile != NULL) { - *UserProfile = User; - } - - return EFI_SUCCESS; -} - - -/** - This function creates a new user profile with only a new user identifier - attached and returns its handle. The user profile is non-volatile, but the - handle User can change across reboots. - - @param[out] User Handle of a new user profile. - - @retval EFI_SUCCESS User profile was successfully created. - @retval Others Fail to create user profile - -**/ -EFI_STATUS -CreateUserProfile ( - OUT USER_PROFILE_ENTRY **User - ) -{ - EFI_STATUS Status; - EFI_USER_INFO *UserInfo; - - if (User == NULL) { - return EFI_INVALID_PARAMETER; - } - // - // Generate user id information. - // - UserInfo = AllocateZeroPool (sizeof (EFI_USER_INFO) + sizeof (EFI_USER_INFO_IDENTIFIER)); - if (UserInfo == NULL) { - return EFI_OUT_OF_RESOURCES; - } - - UserInfo->InfoType = EFI_USER_INFO_IDENTIFIER_RECORD; - UserInfo->InfoSize = sizeof (EFI_USER_INFO) + sizeof (EFI_USER_INFO_IDENTIFIER); - UserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; - GenerateUserId ((UINT8 *) (UserInfo + 1)); - - // - // Add user profile to the user profile database. - // - Status = AddUserProfile (User, UserInfo->InfoSize, (UINT8 *) UserInfo, TRUE); - FreePool (UserInfo); - return Status; -} - - -/** - Add a default user profile to user profile database. - - @retval EFI_SUCCESS A default user profile is added successfully. - @retval Others Fail to add a default user profile - -**/ -EFI_STATUS -AddDefaultUserProfile ( - VOID - ) -{ - EFI_STATUS Status; - USER_PROFILE_ENTRY *User; - EFI_USER_INFO *Info; - EFI_USER_INFO *NewInfo; - EFI_USER_INFO_CREATE_DATE CreateDate; - EFI_USER_INFO_USAGE_COUNT UsageCount; - EFI_USER_INFO_ACCESS_CONTROL *Access; - EFI_USER_INFO_IDENTITY_POLICY *Policy; - - // - // Create a user profile. - // - Status = CreateUserProfile (&User); - if (EFI_ERROR (Status)) { - return Status; - } - - // - // Allocate a buffer to add all default user information. - // - Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + INFO_PAYLOAD_SIZE); - if (Info == NULL) { - return EFI_OUT_OF_RESOURCES; - } - - // - // Add user name. - // - Info->InfoType = EFI_USER_INFO_NAME_RECORD; - Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; - Info->InfoSize = sizeof (EFI_USER_INFO) + sizeof (mUserName); - CopyMem ((UINT8 *) (Info + 1), mUserName, sizeof (mUserName)); - NewInfo = NULL; - Status = ModifyUserInfo (User, &NewInfo, Info, Info->InfoSize); - if (EFI_ERROR (Status)) { - goto Done; - } - - // - // Add user profile create date record. - // - Info->InfoType = EFI_USER_INFO_CREATE_DATE_RECORD; - Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; - Info->InfoSize = sizeof (EFI_USER_INFO) + sizeof (EFI_USER_INFO_CREATE_DATE); - Status = gRT->GetTime (&CreateDate, NULL); - if (EFI_ERROR (Status)) { - goto Done; - } - - CopyMem ((UINT8 *) (Info + 1), &CreateDate, sizeof (EFI_USER_INFO_CREATE_DATE)); - NewInfo = NULL; - Status = ModifyUserInfo (User, &NewInfo, Info, Info->InfoSize); - if (EFI_ERROR (Status)) { - goto Done; - } - - // - // Add user profile usage count record. - // - Info->InfoType = EFI_USER_INFO_USAGE_COUNT_RECORD; - Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; - Info->InfoSize = sizeof (EFI_USER_INFO) + sizeof (EFI_USER_INFO_USAGE_COUNT); - UsageCount = 0; - CopyMem ((UINT8 *) (Info + 1), &UsageCount, sizeof (EFI_USER_INFO_USAGE_COUNT)); - NewInfo = NULL; - Status = ModifyUserInfo (User, &NewInfo, Info, Info->InfoSize); - if (EFI_ERROR (Status)) { - goto Done; - } - - // - // Add user access right. - // - Info->InfoType = EFI_USER_INFO_ACCESS_POLICY_RECORD; - Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; - Access = (EFI_USER_INFO_ACCESS_CONTROL *) (Info + 1); - Access->Type = EFI_USER_INFO_ACCESS_MANAGE; - Access->Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL); - Info->InfoSize = sizeof (EFI_USER_INFO) + Access->Size; - NewInfo = NULL; - Status = ModifyUserInfo (User, &NewInfo, Info, Info->InfoSize); - if (EFI_ERROR (Status)) { - goto Done; - } - - // - // Add user identity policy. - // - Info->InfoType = EFI_USER_INFO_IDENTITY_POLICY_RECORD; - Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | EFI_USER_INFO_PRIVATE | EFI_USER_INFO_EXCLUSIVE; - Policy = (EFI_USER_INFO_IDENTITY_POLICY *) (Info + 1); - Policy->Type = EFI_USER_INFO_IDENTITY_TRUE; - Policy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY); - Info->InfoSize = sizeof (EFI_USER_INFO) + Policy->Length; - NewInfo = NULL; - Status = ModifyUserInfo (User, &NewInfo, Info, Info->InfoSize); - -Done: - FreePool (Info); - return Status; -} - - -/** - Publish current user information into EFI System Configuration Table. - - By UEFI spec, the User Identity Manager will publish the current user profile - into the EFI System Configuration Table. Currently, only the user identifier and user - name are published. - - @retval EFI_SUCCESS Current user information is published successfully. - @retval Others Fail to publish current user information - -**/ -EFI_STATUS -PublishUserTable ( - VOID - ) -{ - EFI_STATUS Status; - EFI_CONFIGURATION_TABLE *EfiConfigurationTable; - EFI_USER_INFO_TABLE *UserInfoTable; - EFI_USER_INFO *IdInfo; - EFI_USER_INFO *NameInfo; - - Status = EfiGetSystemConfigurationTable ( - &gEfiUserManagerProtocolGuid, - (VOID **) &EfiConfigurationTable - ); - if (!EFI_ERROR (Status)) { - // - // The table existed! - // - return EFI_SUCCESS; - } - - // - // Get user ID information. - // - IdInfo = NULL; - Status = FindUserInfoByType (mCurrentUser, &IdInfo, EFI_USER_INFO_IDENTIFIER_RECORD); - if (EFI_ERROR (Status)) { - return Status; - - } - // - // Get user name information. - // - NameInfo = NULL; - Status = FindUserInfoByType (mCurrentUser, &NameInfo, EFI_USER_INFO_NAME_RECORD); - if (EFI_ERROR (Status)) { - return Status; - } - - // - // Allocate a buffer for user information table. - // - UserInfoTable = (EFI_USER_INFO_TABLE *) AllocateRuntimePool ( - sizeof (EFI_USER_INFO_TABLE) + - IdInfo->InfoSize + - NameInfo->InfoSize - ); - if (UserInfoTable == NULL) { - Status = EFI_OUT_OF_RESOURCES; - return Status; - } - - UserInfoTable->Size = sizeof (EFI_USER_INFO_TABLE); - - // - // Append the user information to the user info table - // - CopyMem ((UINT8 *) UserInfoTable + UserInfoTable->Size, (UINT8 *) IdInfo, IdInfo->InfoSize); - UserInfoTable->Size += IdInfo->InfoSize; - - CopyMem ((UINT8 *) UserInfoTable + UserInfoTable->Size, (UINT8 *) NameInfo, NameInfo->InfoSize); - UserInfoTable->Size += NameInfo->InfoSize; - - Status = gBS->InstallConfigurationTable (&gEfiUserManagerProtocolGuid, (VOID *) UserInfoTable); - return Status; -} - - -/** - Get the user's identity type. - - The identify manager only supports the identity policy in which the credential - provider handles are connected by the operator 'AND' or 'OR'. - - - @param[in] User Handle of a user profile. - @param[out] PolicyType Point to the identity type. - - @retval EFI_SUCCESS Get user's identity type successfully. - @retval Others Fail to get user's identity type. - -**/ -EFI_STATUS -GetIdentifyType ( - IN EFI_USER_PROFILE_HANDLE User, - OUT UINT8 *PolicyType - ) -{ - EFI_STATUS Status; - EFI_USER_INFO *IdentifyInfo; - UINTN TotalLen; - EFI_USER_INFO_IDENTITY_POLICY *Identity; - - // - // Get user identify policy information. - // - IdentifyInfo = NULL; - Status = FindUserInfoByType (User, &IdentifyInfo, EFI_USER_INFO_IDENTITY_POLICY_RECORD); - if (EFI_ERROR (Status)) { - return Status; - } - ASSERT (IdentifyInfo != NULL); - - // - // Search the user identify policy according to type. - // - TotalLen = 0; - *PolicyType = EFI_USER_INFO_IDENTITY_FALSE; - while (TotalLen < IdentifyInfo->InfoSize - sizeof (EFI_USER_INFO)) { - Identity = (EFI_USER_INFO_IDENTITY_POLICY *) ((UINT8 *) (IdentifyInfo + 1) + TotalLen); - if (Identity->Type == EFI_USER_INFO_IDENTITY_AND) { - *PolicyType = EFI_USER_INFO_IDENTITY_AND; - break; - } - - if (Identity->Type == EFI_USER_INFO_IDENTITY_OR) { - *PolicyType = EFI_USER_INFO_IDENTITY_OR; - break; - } - TotalLen += Identity->Length; - } - return EFI_SUCCESS; -} - - -/** - Identify the User by the specfied provider. - - @param[in] User Handle of a user profile. - @param[in] Provider Points to the identifier of credential provider. - - @retval EFI_INVALID_PARAMETER Provider is NULL. - @retval EFI_NOT_FOUND Fail to identify the specified user. - @retval EFI_SUCCESS User is identified successfully. - -**/ -EFI_STATUS -IdentifyByProviderId ( - IN EFI_USER_PROFILE_HANDLE User, - IN EFI_GUID *Provider - ) -{ - EFI_STATUS Status; - EFI_USER_INFO_IDENTIFIER UserId; - UINTN Index; - EFI_CREDENTIAL_LOGON_FLAGS AutoLogon; - EFI_HII_HANDLE HiiHandle; - EFI_GUID FormSetId; - EFI_FORM_ID FormId; - EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential; - - if (Provider == NULL) { - return EFI_INVALID_PARAMETER; - } - - // - // Check the user ID identified by the specified credential provider. - // - for (Index = 0; Index < mProviderDb->Count; Index++) { - // - // Check credential provider class. - // - UserCredential = mProviderDb->Provider[Index]; - if (CompareGuid (&UserCredential->Identifier, Provider)) { - Status = UserCredential->Select (UserCredential, &AutoLogon); - if (EFI_ERROR (Status)) { - return Status; - } - - if ((AutoLogon & EFI_CREDENTIAL_LOGON_FLAG_AUTO) == 0) { - // - // Get credential provider form. - // - Status = UserCredential->Form ( - UserCredential, - &HiiHandle, - &FormSetId, - &FormId - ); - if (!EFI_ERROR (Status)) { - // - // Send form to get user input. - // - Status = mCallbackInfo->FormBrowser2->SendForm ( - mCallbackInfo->FormBrowser2, - &HiiHandle, - 1, - &FormSetId, - FormId, - NULL, - NULL - ); - if (EFI_ERROR (Status)) { - return Status; - } - } - } - - Status = UserCredential->User (UserCredential, User, &UserId); - if (EFI_ERROR (Status)) { - return Status; - } - - Status = UserCredential->Deselect (UserCredential); - if (EFI_ERROR (Status)) { - return Status; - } - - return EFI_SUCCESS; - } - } - - return EFI_NOT_FOUND; -} - - -/** - Update user information when user is logon on successfully. - - @param[in] User Points to user profile. - - @retval EFI_SUCCESS Update user information successfully. - @retval Others Fail to update user information. - -**/ -EFI_STATUS -UpdateUserInfo ( - IN USER_PROFILE_ENTRY *User - ) -{ - EFI_STATUS Status; - EFI_USER_INFO *Info; - EFI_USER_INFO *NewInfo; - EFI_USER_INFO_CREATE_DATE Date; - EFI_USER_INFO_USAGE_COUNT UsageCount; - UINTN InfoLen; - - // - // Allocate a buffer to update user's date record and usage record. - // - InfoLen = MAX (sizeof (EFI_USER_INFO_CREATE_DATE), sizeof (EFI_USER_INFO_USAGE_COUNT)); - Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + InfoLen); - if (Info == NULL) { - return EFI_OUT_OF_RESOURCES; - } - - // - // Check create date record. - // - NewInfo = NULL; - Status = FindUserInfoByType (User, &NewInfo, EFI_USER_INFO_CREATE_DATE_RECORD); - if (Status == EFI_NOT_FOUND) { - Info->InfoType = EFI_USER_INFO_CREATE_DATE_RECORD; - Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; - Info->InfoSize = sizeof (EFI_USER_INFO) + sizeof (EFI_USER_INFO_CREATE_DATE); - Status = gRT->GetTime (&Date, NULL); - if (EFI_ERROR (Status)) { - FreePool (Info); - return Status; - } - - CopyMem ((UINT8 *) (Info + 1), &Date, sizeof (EFI_USER_INFO_CREATE_DATE)); - NewInfo = NULL; - Status = ModifyUserInfo (User, &NewInfo, Info, Info->InfoSize); - if (EFI_ERROR (Status)) { - FreePool (Info); - return Status; - } - } - - // - // Update usage date record. - // - NewInfo = NULL; - Status = FindUserInfoByType (User, &NewInfo, EFI_USER_INFO_USAGE_DATE_RECORD); - if ((Status == EFI_SUCCESS) || (Status == EFI_NOT_FOUND)) { - Info->InfoType = EFI_USER_INFO_USAGE_DATE_RECORD; - Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; - Info->InfoSize = sizeof (EFI_USER_INFO) + sizeof (EFI_USER_INFO_USAGE_DATE); - Status = gRT->GetTime (&Date, NULL); - if (EFI_ERROR (Status)) { - FreePool (Info); - return Status; - } - - CopyMem ((UINT8 *) (Info + 1), &Date, sizeof (EFI_USER_INFO_USAGE_DATE)); - Status = ModifyUserInfo (User, &NewInfo, Info, Info->InfoSize); - if (EFI_ERROR (Status)) { - FreePool (Info); - return Status; - } - } - - // - // Update usage count record. - // - UsageCount = 0; - NewInfo = NULL; - Status = FindUserInfoByType (User, &NewInfo, EFI_USER_INFO_USAGE_COUNT_RECORD); - // - // Get usage count. - // - if (Status == EFI_SUCCESS) { - CopyMem (&UsageCount, (UINT8 *) (NewInfo + 1), sizeof (EFI_USER_INFO_USAGE_COUNT)); - } - - UsageCount++; - if ((Status == EFI_SUCCESS) || (Status == EFI_NOT_FOUND)) { - Info->InfoType = EFI_USER_INFO_USAGE_COUNT_RECORD; - Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; - Info->InfoSize = sizeof (EFI_USER_INFO) + sizeof (EFI_USER_INFO_USAGE_COUNT); - CopyMem ((UINT8 *) (Info + 1), &UsageCount, sizeof (EFI_USER_INFO_USAGE_COUNT)); - Status = ModifyUserInfo (User, &NewInfo, Info, Info->InfoSize); - if (EFI_ERROR (Status)) { - FreePool (Info); - return Status; - } - } - - FreePool (Info); - return EFI_SUCCESS; -} - - -/** - Add a credenetial provider item in form. - - @param[in] ProviderGuid Points to the identifir of credential provider. - @param[in] OpCodeHandle Points to container for dynamic created opcodes. - -**/ -VOID -AddProviderSelection ( - IN EFI_GUID *ProviderGuid, - IN VOID *OpCodeHandle - ) -{ - EFI_HII_HANDLE HiiHandle; - EFI_STRING_ID ProvID; - CHAR16 *ProvStr; - UINTN Index; - EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential; - - for (Index = 0; Index < mProviderDb->Count; Index++) { - UserCredential = mProviderDb->Provider[Index]; - if (CompareGuid (&UserCredential->Identifier, ProviderGuid)) { - // - // Add credential provider selection. - // - UserCredential->Title (UserCredential, &HiiHandle, &ProvID); - ProvStr = HiiGetString (HiiHandle, ProvID, NULL); - if (ProvStr == NULL) { - continue ; - } - ProvID = HiiSetString (mCallbackInfo->HiiHandle, 0, ProvStr, NULL); - FreePool (ProvStr); - HiiCreateActionOpCode ( - OpCodeHandle, // Container for dynamic created opcodes - (EFI_QUESTION_ID)(LABEL_PROVIDER_NAME + Index), // Question ID - ProvID, // Prompt text - STRING_TOKEN (STR_NULL_STRING), // Help text - EFI_IFR_FLAG_CALLBACK, // Question flag - 0 // Action String ID - ); - break; - } - } -} - - -/** - Add a username item in form. - - @param[in] Index The index of the user in the user name list. - @param[in] User Points to the user profile whose username is added. - @param[in] OpCodeHandle Points to container for dynamic created opcodes. - - @retval EFI_SUCCESS Add a username successfully. - @retval Others Fail to add a username. - -**/ -EFI_STATUS -AddUserSelection ( - IN UINT16 Index, - IN USER_PROFILE_ENTRY *User, - IN VOID *OpCodeHandle - ) -{ - EFI_STRING_ID UserName; - EFI_STATUS Status; - EFI_USER_INFO *UserInfo; - - UserInfo = NULL; - Status = FindUserInfoByType (User, &UserInfo, EFI_USER_INFO_NAME_RECORD); - if (EFI_ERROR (Status)) { - return Status; - } - - // - // Add user name selection. - // - UserName = HiiSetString (mCallbackInfo->HiiHandle, 0, (EFI_STRING) (UserInfo + 1), NULL); - if (UserName == 0) { - return EFI_OUT_OF_RESOURCES; - } - - HiiCreateGotoOpCode ( - OpCodeHandle, // Container for dynamic created opcodes - FORMID_PROVIDER_FORM, // Target Form ID - UserName, // Prompt text - STRING_TOKEN (STR_NULL_STRING), // Help text - EFI_IFR_FLAG_CALLBACK, // Question flag - (UINT16) Index // Question ID - ); - - return EFI_SUCCESS; -} - - -/** - Identify the user whose identity policy does not contain the operator 'OR'. - - @param[in] User Points to the user profile. - - @retval EFI_SUCCESS The specified user is identified successfully. - @retval Others Fail to identify the user. - -**/ -EFI_STATUS -IdentifyAndTypeUser ( - IN USER_PROFILE_ENTRY *User - ) -{ - EFI_STATUS Status; - EFI_USER_INFO *IdentifyInfo; - BOOLEAN Success; - UINTN TotalLen; - UINTN ValueLen; - EFI_USER_INFO_IDENTITY_POLICY *Identity; - - // - // Get user identify policy information. - // - IdentifyInfo = NULL; - Status = FindUserInfoByType (User, &IdentifyInfo, EFI_USER_INFO_IDENTITY_POLICY_RECORD); - if (EFI_ERROR (Status)) { - return Status; - } - ASSERT (IdentifyInfo != NULL); - - // - // Check each part of identification policy expression. - // - Success = FALSE; - TotalLen = 0; - while (TotalLen < IdentifyInfo->InfoSize - sizeof (EFI_USER_INFO)) { - Identity = (EFI_USER_INFO_IDENTITY_POLICY *) ((UINT8 *) (IdentifyInfo + 1) + TotalLen); - ValueLen = Identity->Length - sizeof (EFI_USER_INFO_IDENTITY_POLICY); - switch (Identity->Type) { - - case EFI_USER_INFO_IDENTITY_FALSE: - // - // Check False option. - // - Success = FALSE; - break; - - case EFI_USER_INFO_IDENTITY_TRUE: - // - // Check True option. - // - Success = TRUE; - break; - - case EFI_USER_INFO_IDENTITY_NOT: - // - // Check negative operation. - // - break; - - case EFI_USER_INFO_IDENTITY_AND: - // - // Check and operation. - // - if (!Success) { - return EFI_NOT_READY; - } - - Success = FALSE; - break; - - case EFI_USER_INFO_IDENTITY_OR: - // - // Check or operation. - // - if (Success) { - return EFI_SUCCESS; - } - break; - - case EFI_USER_INFO_IDENTITY_CREDENTIAL_TYPE: - // - // Check credential provider by type. - // - break; - - case EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER: - // - // Check credential provider by ID. - // - if (ValueLen != sizeof (EFI_GUID)) { - return EFI_INVALID_PARAMETER; - } - - Status = IdentifyByProviderId (User, (EFI_GUID *) (Identity + 1)); - if (EFI_ERROR (Status)) { - return Status; - } - - Success = TRUE; - break; - - default: - return EFI_INVALID_PARAMETER; - break; - } - - TotalLen += Identity->Length; - } - - if (TotalLen != IdentifyInfo->InfoSize - sizeof (EFI_USER_INFO)) { - return EFI_INVALID_PARAMETER; - } - - if (!Success) { - return EFI_NOT_READY; - } - - return EFI_SUCCESS; -} - - -/** - Identify the user whose identity policy does not contain the operator 'AND'. - - @param[in] User Points to the user profile. - - @retval EFI_SUCCESS The specified user is identified successfully. - @retval Others Fail to identify the user. - -**/ -EFI_STATUS -IdentifyOrTypeUser ( - IN USER_PROFILE_ENTRY *User - ) -{ - EFI_STATUS Status; - EFI_USER_INFO *IdentifyInfo; - UINTN TotalLen; - UINTN ValueLen; - EFI_USER_INFO_IDENTITY_POLICY *Identity; - VOID *StartOpCodeHandle; - VOID *EndOpCodeHandle; - EFI_IFR_GUID_LABEL *StartLabel; - EFI_IFR_GUID_LABEL *EndLabel; - - // - // Get user identify policy information. - // - IdentifyInfo = NULL; - Status = FindUserInfoByType (User, &IdentifyInfo, EFI_USER_INFO_IDENTITY_POLICY_RECORD); - if (EFI_ERROR (Status)) { - return Status; - } - ASSERT (IdentifyInfo != NULL); - - // - // Initialize the container for dynamic opcodes. - // - StartOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (StartOpCodeHandle != NULL); - - EndOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (EndOpCodeHandle != NULL); - - // - // Create Hii Extend Label OpCode. - // - StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( - StartOpCodeHandle, - &gEfiIfrTianoGuid, - NULL, - sizeof (EFI_IFR_GUID_LABEL) - ); - StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - StartLabel->Number = LABEL_PROVIDER_NAME; - - EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( - EndOpCodeHandle, - &gEfiIfrTianoGuid, - NULL, - sizeof (EFI_IFR_GUID_LABEL) - ); - EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - EndLabel->Number = LABEL_END; - - // - // Add the providers that exists in the user's policy. - // - TotalLen = 0; - while (TotalLen < IdentifyInfo->InfoSize - sizeof (EFI_USER_INFO)) { - Identity = (EFI_USER_INFO_IDENTITY_POLICY *) ((UINT8 *) (IdentifyInfo + 1) + TotalLen); - ValueLen = Identity->Length - sizeof (EFI_USER_INFO_IDENTITY_POLICY); - if (Identity->Type == EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER) { - AddProviderSelection ((EFI_GUID *) (Identity + 1), StartOpCodeHandle); - } - - TotalLen += Identity->Length; - } - - HiiUpdateForm ( - mCallbackInfo->HiiHandle, // HII handle - &gUserIdentifyManagerGuid,// Formset GUID - FORMID_PROVIDER_FORM, // Form ID - StartOpCodeHandle, // Label for where to insert opcodes - EndOpCodeHandle // Replace data - ); - - HiiFreeOpCodeHandle (StartOpCodeHandle); - HiiFreeOpCodeHandle (EndOpCodeHandle); - - return EFI_SUCCESS; -} - - -/** - This function processes the results of changes in configuration. - - @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. - @param Action Specifies the type of action taken by the browser. - @param QuestionId A unique value which is sent to the original - exporting driver so that it can identify the type - of data to expect. - @param Type The type of value for the question. - @param Value A pointer to the data being sent to the original - exporting driver. - @param ActionRequest On return, points to the action requested by the - callback function. - - @retval EFI_SUCCESS The callback successfully handled the action. - @retval Others Fail to handle the action. - -**/ -EFI_STATUS -EFIAPI -UserIdentifyManagerCallback ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN EFI_BROWSER_ACTION Action, - IN EFI_QUESTION_ID QuestionId, - IN UINT8 Type, - IN EFI_IFR_TYPE_VALUE *Value, - OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest - ) -{ - EFI_STATUS Status; - USER_PROFILE_ENTRY *User; - UINT8 PolicyType; - UINT16 Index; - VOID *StartOpCodeHandle; - VOID *EndOpCodeHandle; - EFI_IFR_GUID_LABEL *StartLabel; - EFI_IFR_GUID_LABEL *EndLabel; - - Status = EFI_SUCCESS; - - switch (Action) { - case EFI_BROWSER_ACTION_FORM_OPEN: - { - // - // Update user Form when user Form is opened. - // This will be done only in FORM_OPEN CallBack of question with FORM_OPEN_QUESTION_ID from user Form. - // - if (QuestionId != FORM_OPEN_QUESTION_ID) { - return EFI_SUCCESS; - } - - // - // Initialize the container for dynamic opcodes. - // - StartOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (StartOpCodeHandle != NULL); - - EndOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (EndOpCodeHandle != NULL); - - // - // Create Hii Extend Label OpCode. - // - StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( - StartOpCodeHandle, - &gEfiIfrTianoGuid, - NULL, - sizeof (EFI_IFR_GUID_LABEL) - ); - StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - StartLabel->Number = LABEL_USER_NAME; - - EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( - EndOpCodeHandle, - &gEfiIfrTianoGuid, - NULL, - sizeof (EFI_IFR_GUID_LABEL) - ); - EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - EndLabel->Number = LABEL_END; - - // - // Add all the user profile in the user profile database. - // - for (Index = 0; Index < mUserProfileDb->UserProfileNum; Index++) { - User = (USER_PROFILE_ENTRY *) mUserProfileDb->UserProfile[Index]; - AddUserSelection ((UINT16)(LABEL_USER_NAME + Index), User, StartOpCodeHandle); - } - - HiiUpdateForm ( - mCallbackInfo->HiiHandle, // HII handle - &gUserIdentifyManagerGuid,// Formset GUID - FORMID_USER_FORM, // Form ID - StartOpCodeHandle, // Label for where to insert opcodes - EndOpCodeHandle // Replace data - ); - - HiiFreeOpCodeHandle (StartOpCodeHandle); - HiiFreeOpCodeHandle (EndOpCodeHandle); - - return EFI_SUCCESS; - } - break; - - case EFI_BROWSER_ACTION_FORM_CLOSE: - Status = EFI_SUCCESS; - break; - - case EFI_BROWSER_ACTION_CHANGED: - if (QuestionId >= LABEL_PROVIDER_NAME) { - // - // QuestionId comes from the second Form (Select a Credential Provider if identity - // policy is OR type). Identify the user by the selected provider. - // - Status = IdentifyByProviderId (mCurrentUser, &mProviderDb->Provider[QuestionId & 0xFFF]->Identifier); - if (Status == EFI_SUCCESS) { - mIdentified = TRUE; - *ActionRequest = EFI_BROWSER_ACTION_REQUEST_EXIT; - } - return EFI_SUCCESS; - } - break; - - case EFI_BROWSER_ACTION_CHANGING: - // - // QuestionId comes from the first Form (Select a user to identify). - // - if (QuestionId >= LABEL_PROVIDER_NAME) { - return EFI_SUCCESS; - } - - User = (USER_PROFILE_ENTRY *) mUserProfileDb->UserProfile[QuestionId & 0xFFF]; - Status = GetIdentifyType (User, &PolicyType); - if (EFI_ERROR (Status)) { - return Status; - } - - if (PolicyType == EFI_USER_INFO_IDENTITY_OR) { - // - // Identify the user by "OR" logical. - // - Status = IdentifyOrTypeUser (User); - if (EFI_ERROR (Status)) { - return Status; - } - - mCurrentUser = (EFI_USER_PROFILE_HANDLE) User; - } else { - // - // Identify the user by "AND" logical. - // - Status = IdentifyAndTypeUser (User); - if (EFI_ERROR (Status)) { - return Status; - } - - mCurrentUser = (EFI_USER_PROFILE_HANDLE) User; - mIdentified = TRUE; - if (Type == EFI_IFR_TYPE_REF) { - Value->ref.FormId = FORMID_INVALID_FORM; - } - } - break; - - default: - // - // All other action return unsupported. - // - Status = EFI_UNSUPPORTED; - break; - } - - - return Status; -} - - -/** - This function construct user profile database from user data saved in the Flash. - If no user is found in Flash, add one default user "administrator" in the user - profile database. - - @retval EFI_SUCCESS Init user profile database successfully. - @retval Others Fail to init user profile database. - -**/ -EFI_STATUS -InitUserProfileDb ( - VOID - ) -{ - EFI_STATUS Status; - UINT8 *VarData; - UINTN VarSize; - UINTN CurVarSize; - CHAR16 VarName[10]; - UINTN Index; - UINT32 VarAttr; - - if (mUserProfileDb != NULL) { - // - // The user profiles had been already initialized. - // - return EFI_SUCCESS; - } - - // - // Init user profile database structure. - // - if (!ExpandUsermUserProfileDb ()) { - return EFI_OUT_OF_RESOURCES; - } - - CurVarSize = DEFAULT_PROFILE_SIZE; - VarData = AllocateZeroPool (CurVarSize); - if (VarData == NULL) { - return EFI_OUT_OF_RESOURCES; - } - - // - // Get all user proifle entries. - // - Index = 0; - while (TRUE) { - // - // Get variable name. - // - UnicodeSPrint ( - VarName, - sizeof (VarName), - L"User%04x", - Index - ); - Index++; - - // - // Get variable value. - // - VarSize = CurVarSize; - Status = gRT->GetVariable (VarName, &gUserIdentifyManagerGuid, &VarAttr, &VarSize, VarData); - if (Status == EFI_BUFFER_TOO_SMALL) { - FreePool (VarData); - VarData = AllocatePool (VarSize); - if (VarData == NULL) { - Status = EFI_OUT_OF_RESOURCES; - break; - } - - CurVarSize = VarSize; - Status = gRT->GetVariable (VarName, &gUserIdentifyManagerGuid, &VarAttr, &VarSize, VarData); - } - - if (EFI_ERROR (Status)) { - if (Status == EFI_NOT_FOUND) { - Status = EFI_SUCCESS; - } - break; - } - - // - // Check variable attributes. - // - if (VarAttr != (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS)) { - Status = gRT->SetVariable (VarName, &gUserIdentifyManagerGuid, VarAttr, 0, NULL); - continue; - } - - // - // Add user profile to the user profile database. - // - Status = AddUserProfile (NULL, VarSize, VarData, FALSE); - if (EFI_ERROR (Status)) { - if (Status == EFI_SECURITY_VIOLATION) { - // - // Delete invalid user profile - // - gRT->SetVariable (VarName, &gUserIdentifyManagerGuid, VarAttr, 0, NULL); - } else if (Status == EFI_OUT_OF_RESOURCES) { - break; - } - } else { - // - // Delete and save the profile again if some invalid profiles are deleted. - // - if (mUserProfileDb->UserProfileNum < Index) { - gRT->SetVariable (VarName, &gUserIdentifyManagerGuid, VarAttr, 0, NULL); - SaveNvUserProfile (mUserProfileDb->UserProfile[mUserProfileDb->UserProfileNum - 1], FALSE); - } - } - } - - if (VarData != NULL) { - FreePool (VarData); - } - - if (EFI_ERROR (Status)) { - return Status; - } - - // - // Check whether the user profile database is empty. - // - if (mUserProfileDb->UserProfileNum == 0) { - Status = AddDefaultUserProfile (); - } - - return Status; -} - - -/** - This function collects all the credential providers and saves to mProviderDb. - - @retval EFI_SUCCESS Collect credential providers successfully. - @retval Others Fail to collect credential providers. - -**/ -EFI_STATUS -InitProviderInfo ( - VOID - ) -{ - EFI_STATUS Status; - UINTN HandleCount; - EFI_HANDLE *HandleBuf; - UINTN Index; - - if (mProviderDb != NULL) { - // - // The credential providers had been collected before. - // - return EFI_SUCCESS; - } - - // - // Try to find all the user credential provider driver. - // - HandleCount = 0; - HandleBuf = NULL; - Status = gBS->LocateHandleBuffer ( - ByProtocol, - &gEfiUserCredential2ProtocolGuid, - NULL, - &HandleCount, - &HandleBuf - ); - if (EFI_ERROR (Status)) { - return Status; - } - - // - // Get provider infomation. - // - mProviderDb = AllocateZeroPool ( - sizeof (CREDENTIAL_PROVIDER_INFO) - - sizeof (EFI_USER_CREDENTIAL2_PROTOCOL *) + - HandleCount * sizeof (EFI_USER_CREDENTIAL2_PROTOCOL *) - ); - if (mProviderDb == NULL) { - FreePool (HandleBuf); - return EFI_OUT_OF_RESOURCES; - } - - mProviderDb->Count = HandleCount; - for (Index = 0; Index < HandleCount; Index++) { - Status = gBS->HandleProtocol ( - HandleBuf[Index], - &gEfiUserCredential2ProtocolGuid, - (VOID **) &mProviderDb->Provider[Index] - ); - if (EFI_ERROR (Status)) { - FreePool (HandleBuf); - FreePool (mProviderDb); - mProviderDb = NULL; - return Status; - } - } - - FreePool (HandleBuf); - return EFI_SUCCESS; -} - - -/** - This function allows a caller to extract the current configuration for one - or more named elements from the target driver. - - - @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. - @param Request A null-terminated Unicode string in <ConfigRequest> format. - @param Progress On return, points to a character in the Request string. - Points to the string's null terminator if request was successful. - Points to the most recent '&' before the first failing name/value - pair (or the beginning of the string if the failure is in the - first name/value pair) if the request was not successful. - @param Results A null-terminated Unicode string in <ConfigAltResp> format which - has all values filled in for the names in the Request string. - String to be allocated by the called function. - - @retval EFI_SUCCESS The Results is filled with the requested values. - @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results. - @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name. - @retval EFI_NOT_FOUND Routing data doesn't match any storage in this driver. - -**/ -EFI_STATUS -EFIAPI -FakeExtractConfig ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN CONST EFI_STRING Request, - OUT EFI_STRING *Progress, - OUT EFI_STRING *Results - ) -{ - if (Progress == NULL || Results == NULL) { - return EFI_INVALID_PARAMETER; - } - *Progress = Request; - return EFI_NOT_FOUND; -} - -/** - This function processes the results of changes in configuration. - - - @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. - @param Configuration A null-terminated Unicode string in <ConfigResp> format. - @param Progress A pointer to a string filled in with the offset of the most - recent '&' before the first failing name/value pair (or the - beginning of the string if the failure is in the first - name/value pair) or the terminating NULL if all was successful. - - @retval EFI_SUCCESS The Results is processed successfully. - @retval EFI_INVALID_PARAMETER Configuration is NULL. - @retval EFI_NOT_FOUND Routing data doesn't match any storage in this driver. - -**/ -EFI_STATUS -EFIAPI -FakeRouteConfig ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN CONST EFI_STRING Configuration, - OUT EFI_STRING *Progress - ) -{ - if (Configuration == NULL || Progress == NULL) { - return EFI_INVALID_PARAMETER; - } - - *Progress = Configuration; - - return EFI_NOT_FOUND; -} - - -/** - This function initialize the data mainly used in form browser. - - @retval EFI_SUCCESS Initialize form data successfully. - @retval Others Fail to Initialize form data. - -**/ -EFI_STATUS -InitFormBrowser ( - VOID - ) -{ - EFI_STATUS Status; - USER_MANAGER_CALLBACK_INFO *CallbackInfo; - EFI_HII_DATABASE_PROTOCOL *HiiDatabase; - EFI_HII_STRING_PROTOCOL *HiiString; - EFI_FORM_BROWSER2_PROTOCOL *FormBrowser2; - - // - // Initialize driver private data. - // - CallbackInfo = AllocateZeroPool (sizeof (USER_MANAGER_CALLBACK_INFO)); - if (CallbackInfo == NULL) { - return EFI_OUT_OF_RESOURCES; - } - - CallbackInfo->Signature = USER_MANAGER_SIGNATURE; - CallbackInfo->ConfigAccess.ExtractConfig = FakeExtractConfig; - CallbackInfo->ConfigAccess.RouteConfig = FakeRouteConfig; - CallbackInfo->ConfigAccess.Callback = UserIdentifyManagerCallback; - - // - // Locate Hii Database protocol. - // - Status = gBS->LocateProtocol (&gEfiHiiDatabaseProtocolGuid, NULL, (VOID **) &HiiDatabase); - if (EFI_ERROR (Status)) { - return Status; - } - CallbackInfo->HiiDatabase = HiiDatabase; - - // - // Locate HiiString protocol. - // - Status = gBS->LocateProtocol (&gEfiHiiStringProtocolGuid, NULL, (VOID **) &HiiString); - if (EFI_ERROR (Status)) { - return Status; - } - CallbackInfo->HiiString = HiiString; - - // - // Locate Formbrowser2 protocol. - // - Status = gBS->LocateProtocol (&gEfiFormBrowser2ProtocolGuid, NULL, (VOID **) &FormBrowser2); - if (EFI_ERROR (Status)) { - return Status; - } - - CallbackInfo->FormBrowser2 = FormBrowser2; - CallbackInfo->DriverHandle = NULL; - - // - // Install Device Path Protocol and Config Access protocol to driver handle. - // - Status = gBS->InstallMultipleProtocolInterfaces ( - &CallbackInfo->DriverHandle, - &gEfiDevicePathProtocolGuid, - &mHiiVendorDevicePath, - &gEfiHiiConfigAccessProtocolGuid, - &CallbackInfo->ConfigAccess, - NULL - ); - ASSERT_EFI_ERROR (Status); - - // - // Publish HII data. - // - CallbackInfo->HiiHandle = HiiAddPackages ( - &gUserIdentifyManagerGuid, - CallbackInfo->DriverHandle, - UserIdentifyManagerStrings, - UserIdentifyManagerVfrBin, - NULL - ); - if (CallbackInfo->HiiHandle == NULL) { - return EFI_OUT_OF_RESOURCES; - } - - mCallbackInfo = CallbackInfo; - - return EFI_SUCCESS; -} - - -/** - Identify the user whose identification policy supports auto logon. - - @param[in] ProviderIndex The provider index in the provider list. - @param[out] User Points to user user profile if a user is identified successfully. - - @retval EFI_SUCCESS Identify a user with the specified provider successfully. - @retval Others Fail to identify a user. - -**/ -EFI_STATUS -IdentifyAutoLogonUser ( - IN UINTN ProviderIndex, - OUT USER_PROFILE_ENTRY **User - ) -{ - EFI_STATUS Status; - EFI_USER_INFO *Info; - UINT8 PolicyType; - - Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + sizeof (EFI_USER_INFO_IDENTIFIER)); - if (Info == NULL) { - return EFI_OUT_OF_RESOURCES; - } - - Info->InfoType = EFI_USER_INFO_IDENTIFIER_RECORD; - Info->InfoSize = sizeof (EFI_USER_INFO) + sizeof (EFI_USER_INFO_IDENTIFIER); - - // - // Identify the specified credential provider's auto logon user. - // - Status = mProviderDb->Provider[ProviderIndex]->User ( - mProviderDb->Provider[ProviderIndex], - NULL, - (EFI_USER_INFO_IDENTIFIER *) (Info + 1) - ); - if (EFI_ERROR (Status)) { - FreePool (Info); - return Status; - } - - // - // Find user with the specified user ID. - // - *User = NULL; - Status = FindUserProfileByInfo (User, NULL, Info, Info->InfoSize); - FreePool (Info); - if (EFI_ERROR (Status)) { - return Status; - } - - Status = GetIdentifyType ((EFI_USER_PROFILE_HANDLE) * User, &PolicyType); - if (PolicyType == EFI_USER_INFO_IDENTITY_AND) { - // - // The identified user need also identified by other credential provider. - // This can handle through select user. - // - return EFI_NOT_READY; - } - - return Status; -} - - -/** - Check whether the given console is ready. - - @param[in] ProtocolGuid Points to the protocol guid of sonsole . - - @retval TRUE The given console is ready. - @retval FALSE The given console is not ready. - -**/ -BOOLEAN -CheckConsole ( - EFI_GUID *ProtocolGuid - ) -{ - EFI_STATUS Status; - UINTN HandleCount; - EFI_HANDLE *HandleBuf; - UINTN Index; - EFI_DEVICE_PATH_PROTOCOL *DevicePath; - - // - // Try to find all the handle driver. - // - HandleCount = 0; - HandleBuf = NULL; - Status = gBS->LocateHandleBuffer ( - ByProtocol, - ProtocolGuid, - NULL, - &HandleCount, - &HandleBuf - ); - if (EFI_ERROR (Status)) { - return FALSE; - } - - for (Index = 0; Index < HandleCount; Index++) { - DevicePath = DevicePathFromHandle (HandleBuf[Index]); - if (DevicePath != NULL) { - FreePool (HandleBuf); - return TRUE; - } - } - FreePool (HandleBuf); - return FALSE; -} - - -/** - Check whether the console is ready. - - @retval TRUE The console is ready. - @retval FALSE The console is not ready. - -**/ -BOOLEAN -IsConsoleReady ( - VOID - ) -{ - if (!CheckConsole (&gEfiSimpleTextOutProtocolGuid)) { - return FALSE; - } - - if (!CheckConsole (&gEfiSimpleTextInProtocolGuid)) { - if (!CheckConsole (&gEfiSimpleTextInputExProtocolGuid)) { - return FALSE; - } - } - - return TRUE; -} - - -/** - Identify a user to logon. - - @param[out] User Points to user user profile if a user is identified successfully. - - @retval EFI_SUCCESS Identify a user successfully. - -**/ -EFI_STATUS -IdentifyUser ( - OUT USER_PROFILE_ENTRY **User - ) -{ - EFI_STATUS Status; - UINTN Index; - EFI_CREDENTIAL_LOGON_FLAGS AutoLogon; - EFI_USER_INFO *IdentifyInfo; - EFI_USER_INFO_IDENTITY_POLICY *Identity; - EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential; - USER_PROFILE_ENTRY *UserEntry; - - // - // Initialize credential providers. - // - InitProviderInfo (); - - // - // Initialize user profile database. - // - InitUserProfileDb (); - - // - // If only one user in system, and its identify policy is TRUE, then auto logon. - // - if (mUserProfileDb->UserProfileNum == 1) { - UserEntry = (USER_PROFILE_ENTRY *) mUserProfileDb->UserProfile[0]; - IdentifyInfo = NULL; - Status = FindUserInfoByType (UserEntry, &IdentifyInfo, EFI_USER_INFO_IDENTITY_POLICY_RECORD); - if (EFI_ERROR (Status)) { - return Status; - } - ASSERT (IdentifyInfo != NULL); - - Identity = (EFI_USER_INFO_IDENTITY_POLICY *) ((UINT8 *) (IdentifyInfo + 1)); - if (Identity->Type == EFI_USER_INFO_IDENTITY_TRUE) { - mCurrentUser = (EFI_USER_PROFILE_HANDLE) UserEntry; - UpdateUserInfo (UserEntry); - *User = UserEntry; - return EFI_SUCCESS; - } - } - - // - // Find and login the default & AutoLogon user. - // - for (Index = 0; Index < mProviderDb->Count; Index++) { - UserCredential = mProviderDb->Provider[Index]; - Status = UserCredential->Default (UserCredential, &AutoLogon); - if (EFI_ERROR (Status)) { - continue; - } - - if ((AutoLogon & (EFI_CREDENTIAL_LOGON_FLAG_DEFAULT | EFI_CREDENTIAL_LOGON_FLAG_AUTO)) != 0) { - Status = IdentifyAutoLogonUser (Index, &UserEntry); - if (Status == EFI_SUCCESS) { - mCurrentUser = (EFI_USER_PROFILE_HANDLE) UserEntry; - UpdateUserInfo (UserEntry); - *User = UserEntry; - return EFI_SUCCESS; - } - } - } - - if (!IsConsoleReady ()) { - // - // The console is still not ready for user selection. - // - return EFI_ACCESS_DENIED; - } - - // - // Select a user and identify it. - // - mCallbackInfo->FormBrowser2->SendForm ( - mCallbackInfo->FormBrowser2, - &mCallbackInfo->HiiHandle, - 1, - &gUserIdentifyManagerGuid, - 0, - NULL, - NULL - ); - - if (mIdentified) { - *User = (USER_PROFILE_ENTRY *) mCurrentUser; - UpdateUserInfo (*User); - return EFI_SUCCESS; - } - - return EFI_ACCESS_DENIED; -} - - -/** - An empty function to pass error checking of CreateEventEx (). - - @param Event Event whose notification function is being invoked. - @param Context Pointer to the notification function's context, - which is implementation-dependent. - -**/ -VOID -EFIAPI -InternalEmptyFuntion ( - IN EFI_EVENT Event, - IN VOID *Context - ) -{ -} - - -/** - Create, Signal, and Close the User Profile Changed event. - -**/ -VOID -SignalEventUserProfileChanged ( - VOID - ) -{ - EFI_STATUS Status; - EFI_EVENT Event; - - Status = gBS->CreateEventEx ( - EVT_NOTIFY_SIGNAL, - TPL_CALLBACK, - InternalEmptyFuntion, - NULL, - &gEfiEventUserProfileChangedGuid, - &Event - ); - ASSERT_EFI_ERROR (Status); - gBS->SignalEvent (Event); - gBS->CloseEvent (Event); -} - - -/** - Create a new user profile. - - This function creates a new user profile with only a new user identifier attached and returns - its handle. The user profile is non-volatile, but the handle User can change across reboots. - - @param[in] This Points to this instance of the EFI_USER_MANAGER_PROTOCOL. - @param[out] User On return, points to the new user profile handle. - The user profile handle is unique only during this boot. - - @retval EFI_SUCCESS User profile was successfully created. - @retval EFI_ACCESS_DENIED Current user does not have sufficient permissions to create a - user profile. - @retval EFI_UNSUPPORTED Creation of new user profiles is not supported. - @retval EFI_INVALID_PARAMETER The User parameter is NULL. - -**/ -EFI_STATUS -EFIAPI -UserProfileCreate ( - IN CONST EFI_USER_MANAGER_PROTOCOL *This, - OUT EFI_USER_PROFILE_HANDLE *User - ) -{ - EFI_STATUS Status; - - if ((This == NULL) || (User == NULL)) { - return EFI_INVALID_PARAMETER; - } - - // - // Check the right of the current user. - // - if (!CheckCurrentUserAccessRight (EFI_USER_INFO_ACCESS_MANAGE)) { - if (!CheckCurrentUserAccessRight (EFI_USER_INFO_ACCESS_ENROLL_OTHERS)) { - return EFI_ACCESS_DENIED; - } - } - - // - // Create new user profile - // - Status = CreateUserProfile ((USER_PROFILE_ENTRY **) User); - if (EFI_ERROR (Status)) { - return EFI_ACCESS_DENIED; - } - return EFI_SUCCESS; -} - - -/** - Delete an existing user profile. - - @param[in] This Points to this instance of the EFI_USER_MANAGER_PROTOCOL. - @param[in] User User profile handle. - - @retval EFI_SUCCESS User profile was successfully deleted. - @retval EFI_ACCESS_DENIED Current user does not have sufficient permissions to delete a user - profile or there is only one user profile. - @retval EFI_UNSUPPORTED Deletion of new user profiles is not supported. - @retval EFI_INVALID_PARAMETER User does not refer to a valid user profile. - -**/ -EFI_STATUS -EFIAPI -UserProfileDelete ( - IN CONST EFI_USER_MANAGER_PROTOCOL *This, - IN EFI_USER_PROFILE_HANDLE User - ) -{ - EFI_STATUS Status; - - if (This == NULL) { - return EFI_INVALID_PARAMETER; - } - - // - // Check the right of the current user. - // - if (!CheckCurrentUserAccessRight (EFI_USER_INFO_ACCESS_MANAGE)) { - return EFI_ACCESS_DENIED; - } - - // - // Delete user profile. - // - Status = DelUserProfile (User); - if (EFI_ERROR (Status)) { - if (Status != EFI_INVALID_PARAMETER) { - return EFI_ACCESS_DENIED; - } - return EFI_INVALID_PARAMETER; - } - - return EFI_SUCCESS; -} - - -/** - Enumerate all of the enrolled users on the platform. - - This function returns the next enrolled user profile. To retrieve the first user profile handle, - point User at a NULL. Each subsequent call will retrieve another user profile handle until there - are no more, at which point User will point to NULL. - - @param[in] This Points to this instance of the EFI_USER_MANAGER_PROTOCOL. - @param[in, out] User On entry, points to the previous user profile handle or NULL to - start enumeration. On exit, points to the next user profile handle - or NULL if there are no more user profiles. - - @retval EFI_SUCCESS Next enrolled user profile successfully returned. - @retval EFI_ACCESS_DENIED Next enrolled user profile was not successfully returned. - @retval EFI_INVALID_PARAMETER The User parameter is NULL. -**/ -EFI_STATUS -EFIAPI -UserProfileGetNext ( - IN CONST EFI_USER_MANAGER_PROTOCOL *This, - IN OUT EFI_USER_PROFILE_HANDLE *User - ) -{ - EFI_STATUS Status; - - if ((This == NULL) || (User == NULL)) { - return EFI_INVALID_PARAMETER; - } - - Status = FindUserProfile ((USER_PROFILE_ENTRY **) User, TRUE, NULL); - if (EFI_ERROR (Status)) { - return EFI_ACCESS_DENIED; - } - return EFI_SUCCESS; -} - - -/** - Return the current user profile handle. - - @param[in] This Points to this instance of the EFI_USER_MANAGER_PROTOCOL. - @param[out] CurrentUser On return, points to the current user profile handle. - - @retval EFI_SUCCESS Current user profile handle returned successfully. - @retval EFI_INVALID_PARAMETER The CurrentUser parameter is NULL. - -**/ -EFI_STATUS -EFIAPI -UserProfileCurrent ( - IN CONST EFI_USER_MANAGER_PROTOCOL *This, - OUT EFI_USER_PROFILE_HANDLE *CurrentUser - ) -{ - // - // Get current user profile. - // - if ((This == NULL) || (CurrentUser == NULL)) { - return EFI_INVALID_PARAMETER; - } - - *CurrentUser = mCurrentUser; - return EFI_SUCCESS; -} - - -/** - Identify a user. - - Identify the user and, if authenticated, returns the user handle and changes the current - user profile. All user information marked as private in a previously selected profile - is no longer available for inspection. - Whenever the current user profile is changed then the an event with the GUID - EFI_EVENT_GROUP_USER_PROFILE_CHANGED is signaled. - - @param[in] This Points to this instance of the EFI_USER_MANAGER_PROTOCOL. - @param[out] User On return, points to the user profile handle for the current - user profile. - - @retval EFI_SUCCESS User was successfully identified. - @retval EFI_ACCESS_DENIED User was not successfully identified. - @retval EFI_INVALID_PARAMETER The User parameter is NULL. - -**/ -EFI_STATUS -EFIAPI -UserProfileIdentify ( - IN CONST EFI_USER_MANAGER_PROTOCOL *This, - OUT EFI_USER_PROFILE_HANDLE *User - ) -{ - EFI_STATUS Status; - - if ((This == NULL) || (User == NULL)) { - return EFI_INVALID_PARAMETER; - } - - if (mCurrentUser != NULL) { - *User = mCurrentUser; - return EFI_SUCCESS; - } - - // - // Identify user - // - Status = IdentifyUser ((USER_PROFILE_ENTRY **) User); - if (EFI_ERROR (Status)) { - return EFI_ACCESS_DENIED; - } - - // - // Publish the user info into the EFI system configuration table. - // - PublishUserTable (); - - // - // Signal User Profile Changed event. - // - SignalEventUserProfileChanged (); - return EFI_SUCCESS; -} - -/** - Find a user using a user information record. - - This function searches all user profiles for the specified user information record. - The search starts with the user information record handle following UserInfo and - continues until either the information is found or there are no more user profiles. - A match occurs when the Info.InfoType field matches the user information record - type and the user information record data matches the portion of Info. - - @param[in] This Points to this instance of the EFI_USER_MANAGER_PROTOCOL. - @param[in, out] User On entry, points to the previously returned user profile - handle, or NULL to start searching with the first user profile. - On return, points to the user profile handle, or NULL if not - found. - @param[in, out] UserInfo On entry, points to the previously returned user information - handle, or NULL to start searching with the first. On return, - points to the user information handle of the user information - record, or NULL if not found. Can be NULL, in which case only - one user information record per user can be returned. - @param[in] Info Points to the buffer containing the user information to be - compared to the user information record. If the user information - record data is empty, then only the user information record type - is compared. If InfoSize is 0, then the user information record - must be empty. - - @param[in] InfoSize The size of Info, in bytes. - - @retval EFI_SUCCESS User information was found. User points to the user profile - handle, and UserInfo points to the user information handle. - @retval EFI_NOT_FOUND User information was not found. User points to NULL, and - UserInfo points to NULL. - @retval EFI_INVALID_PARAMETER User is NULL. Or Info is NULL. - -**/ -EFI_STATUS -EFIAPI -UserProfileFind ( - IN CONST EFI_USER_MANAGER_PROTOCOL *This, - IN OUT EFI_USER_PROFILE_HANDLE *User, - IN OUT EFI_USER_INFO_HANDLE *UserInfo OPTIONAL, - IN CONST EFI_USER_INFO *Info, - IN UINTN InfoSize - ) -{ - EFI_STATUS Status; - UINTN Size; - - if ((This == NULL) || (User == NULL) || (Info == NULL)) { - return EFI_INVALID_PARAMETER; - } - - if (InfoSize == 0) { - // - // If InfoSize is 0, then the user information record must be empty. - // - if (Info->InfoSize != sizeof (EFI_USER_INFO)) { - return EFI_INVALID_PARAMETER; - } - } else { - if (InfoSize != Info->InfoSize) { - return EFI_INVALID_PARAMETER; - } - } - Size = Info->InfoSize; - - // - // Find user profile accdoring to user information. - // - Status = FindUserProfileByInfo ( - (USER_PROFILE_ENTRY **) User, - (EFI_USER_INFO **) UserInfo, - (EFI_USER_INFO *) Info, - Size - ); - if (EFI_ERROR (Status)) { - *User = NULL; - if (UserInfo != NULL) { - *UserInfo = NULL; - } - return EFI_NOT_FOUND; - } - - return EFI_SUCCESS; -} - - -/** - Return information attached to the user. - - This function returns user information. The format of the information is described in User - Information. The function may return EFI_ACCESS_DENIED if the information is marked private - and the handle specified by User is not the current user profile. The function may return - EFI_ACCESS_DENIED if the information is marked protected and the information is associated - with a credential provider for which the user has not been authenticated. - - @param[in] This Points to this instance of the EFI_USER_MANAGER_PROTOCOL. - @param[in] User Handle of the user whose profile will be retrieved. - @param[in] UserInfo Handle of the user information data record. - @param[out] Info On entry, points to a buffer of at least *InfoSize bytes. On exit, - holds the user information. If the buffer is too small to hold the - information, then EFI_BUFFER_TOO_SMALL is returned and InfoSize is - updated to contain the number of bytes actually required. - @param[in, out] InfoSize On entry, points to the size of Info. On return, points to the size - of the user information. - - @retval EFI_SUCCESS Information returned successfully. - @retval EFI_ACCESS_DENIED The information about the specified user cannot be accessed by the - current user. - @retval EFI_BUFFER_TOO_SMALL The number of bytes specified by *InfoSize is too small to hold the - returned data. The actual size required is returned in *InfoSize. - @retval EFI_NOT_FOUND User does not refer to a valid user profile or UserInfo does not refer - to a valid user info handle. - @retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL. - -**/ -EFI_STATUS -EFIAPI -UserProfileGetInfo ( - IN CONST EFI_USER_MANAGER_PROTOCOL *This, - IN EFI_USER_PROFILE_HANDLE User, - IN EFI_USER_INFO_HANDLE UserInfo, - OUT EFI_USER_INFO *Info, - IN OUT UINTN *InfoSize - ) -{ - EFI_STATUS Status; - - if ((This == NULL) || (InfoSize == NULL)) { - return EFI_INVALID_PARAMETER; - } - - if ((*InfoSize != 0) && (Info == NULL)) { - return EFI_INVALID_PARAMETER; - } - - if ((User == NULL) || (UserInfo == NULL)) { - return EFI_NOT_FOUND; - } - - Status = GetUserInfo (User, UserInfo, Info, InfoSize, TRUE); - if (EFI_ERROR (Status)) { - if (Status == EFI_BUFFER_TOO_SMALL) { - return EFI_BUFFER_TOO_SMALL; - } - return EFI_ACCESS_DENIED; - } - return EFI_SUCCESS; -} - - -/** - Add or update user information. - - This function changes user information. If NULL is pointed to by UserInfo, then a new user - information record is created and its handle is returned in UserInfo. Otherwise, the existing - one is replaced. - If EFI_USER_INFO_IDENITTY_POLICY_RECORD is changed, it is the caller's responsibility to keep - it to be synced with the information on credential providers. - If EFI_USER_INFO_EXCLUSIVE is specified in Info and a user information record of the same - type already exists in the user profile, then EFI_ACCESS_DENIED will be returned and UserInfo - will point to the handle of the existing record. - - @param[in] This Points to this instance of the EFI_USER_MANAGER_PROTOCOL. - @param[in] User Handle of the user whose profile will be retrieved. - @param[in, out] UserInfo Handle of the user information data record. - @param[in] Info On entry, points to a buffer of at least *InfoSize bytes. On exit, - holds the user information. If the buffer is too small to hold the - information, then EFI_BUFFER_TOO_SMALL is returned and InfoSize is - updated to contain the number of bytes actually required. - @param[in] InfoSize On entry, points to the size of Info. On return, points to the size - of the user information. - - @retval EFI_SUCCESS Information returned successfully. - @retval EFI_ACCESS_DENIED The record is exclusive. - @retval EFI_SECURITY_VIOLATION The current user does not have permission to change the specified - user profile or user information record. - @retval EFI_NOT_FOUND User does not refer to a valid user profile or UserInfo does not - refer to a valid user info handle. - @retval EFI_INVALID_PARAMETER UserInfo is NULL or Info is NULL. -**/ -EFI_STATUS -EFIAPI -UserProfileSetInfo ( - IN CONST EFI_USER_MANAGER_PROTOCOL *This, - IN EFI_USER_PROFILE_HANDLE User, - IN OUT EFI_USER_INFO_HANDLE *UserInfo, - IN CONST EFI_USER_INFO *Info, - IN UINTN InfoSize - ) -{ - EFI_STATUS Status; - - if ((This == NULL) || (User == NULL) || (UserInfo == NULL) || (Info == NULL)) { - return EFI_INVALID_PARAMETER; - } - - // - // Check the right of the current user. - // - if (User != mCurrentUser) { - if (!CheckCurrentUserAccessRight (EFI_USER_INFO_ACCESS_MANAGE)) { - if (*UserInfo != NULL) { - // - // Can't update info in other profiles without MANAGE right. - // - return EFI_SECURITY_VIOLATION; - } - - if (!CheckCurrentUserAccessRight (EFI_USER_INFO_ACCESS_ENROLL_OTHERS)) { - // - // Can't add info into other profiles. - // - return EFI_SECURITY_VIOLATION; - } - } - } - - if (User == mCurrentUser) { - if (CheckCurrentUserAccessRight (EFI_USER_INFO_ACCESS_ENROLL_SELF)) { - // - // Only identify policy can be added/updated. - // - if (Info->InfoType != EFI_USER_INFO_IDENTITY_POLICY_RECORD) { - return EFI_SECURITY_VIOLATION; - } - } - } - - // - // Modify user information. - // - Status = ModifyUserInfo (User, (EFI_USER_INFO **) UserInfo, Info, InfoSize); - if (EFI_ERROR (Status)) { - if (Status == EFI_ACCESS_DENIED) { - return EFI_ACCESS_DENIED; - } - return EFI_SECURITY_VIOLATION; - } - return EFI_SUCCESS; -} - - -/** - Called by credential provider to notify of information change. - - This function allows the credential provider to notify the User Identity Manager when user status - has changed. - If the User Identity Manager doesn't support asynchronous changes in credentials, then this function - should return EFI_UNSUPPORTED. - If current user does not exist, and the credential provider can identify a user, then make the user - to be current user and signal the EFI_EVENT_GROUP_USER_PROFILE_CHANGED event. - If current user already exists, and the credential provider can identify another user, then switch - current user to the newly identified user, and signal the EFI_EVENT_GROUP_USER_PROFILE_CHANGED event. - If current user was identified by this credential provider and now the credential provider cannot identify - current user, then logout current user and signal the EFI_EVENT_GROUP_USER_PROFILE_CHANGED event. - - @param[in] This Points to this instance of the EFI_USER_MANAGER_PROTOCOL. - @param[in] Changed Handle on which is installed an instance of the EFI_USER_CREDENTIAL2_PROTOCOL - where the user has changed. - - @retval EFI_SUCCESS The User Identity Manager has handled the notification. - @retval EFI_NOT_READY The function was called while the specified credential provider was not selected. - @retval EFI_UNSUPPORTED The User Identity Manager doesn't support asynchronous notifications. - -**/ -EFI_STATUS -EFIAPI -UserProfileNotify ( - IN CONST EFI_USER_MANAGER_PROTOCOL *This, - IN EFI_HANDLE Changed - ) -{ - return EFI_UNSUPPORTED; -} - - -/** - Delete user information. - - Delete the user information attached to the user profile specified by the UserInfo. - - @param[in] This Points to this instance of the EFI_USER_MANAGER_PROTOCOL. - @param[in] User Handle of the user whose information will be deleted. - @param[in] UserInfo Handle of the user information to remove. - - @retval EFI_SUCCESS User information deleted successfully. - @retval EFI_NOT_FOUND User information record UserInfo does not exist in the user profile. - @retval EFI_ACCESS_DENIED The current user does not have permission to delete this user information. - -**/ -EFI_STATUS -EFIAPI -UserProfileDeleteInfo ( - IN CONST EFI_USER_MANAGER_PROTOCOL *This, - IN EFI_USER_PROFILE_HANDLE User, - IN EFI_USER_INFO_HANDLE UserInfo - ) -{ - EFI_STATUS Status; - - if (This == NULL) { - return EFI_INVALID_PARAMETER; - } - - // - // Check the right of the current user. - // - if (User != mCurrentUser) { - if (!CheckCurrentUserAccessRight (EFI_USER_INFO_ACCESS_MANAGE)) { - return EFI_ACCESS_DENIED; - } - } - - // - // Delete user information. - // - Status = DelUserInfo (User, UserInfo, TRUE); - if (EFI_ERROR (Status)) { - if (Status == EFI_NOT_FOUND) { - return EFI_NOT_FOUND; - } - return EFI_ACCESS_DENIED; - } - return EFI_SUCCESS; -} - - -/** - Enumerate user information of all the enrolled users on the platform. - - This function returns the next user information record. To retrieve the first user - information record handle, point UserInfo at a NULL. Each subsequent call will retrieve - another user information record handle until there are no more, at which point UserInfo - will point to NULL. - - @param[in] This Points to this instance of the EFI_USER_MANAGER_PROTOCOL. - @param[in] User Handle of the user whose information will be deleted. - @param[in, out] UserInfo Handle of the user information to remove. - - @retval EFI_SUCCESS User information returned. - @retval EFI_NOT_FOUND No more user information found. - @retval EFI_INVALID_PARAMETER UserInfo is NULL. - -**/ -EFI_STATUS -EFIAPI -UserProfileGetNextInfo ( - IN CONST EFI_USER_MANAGER_PROTOCOL *This, - IN EFI_USER_PROFILE_HANDLE User, - IN OUT EFI_USER_INFO_HANDLE *UserInfo - ) -{ - if ((This == NULL) || (UserInfo == NULL)) { - return EFI_INVALID_PARAMETER; - } - // - // Get next user information entry. - // - return FindUserInfo (User, (EFI_USER_INFO **) UserInfo, TRUE, NULL); -} - - -/** - Main entry for this driver. - - @param[in] ImageHandle Image handle this driver. - @param[in] SystemTable Pointer to SystemTable. - - @retval EFI_SUCESS This function always complete successfully. - -**/ -EFI_STATUS -EFIAPI -UserIdentifyManagerInit ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable - ) -{ - - EFI_STATUS Status; - - // - // It is NOT robust enough to be included in production. - // - #error "This implementation is just a sample, please comment this line if you really want to use this driver." - - // - // Initiate form browser. - // - InitFormBrowser (); - - // - // Install protocol interfaces for the User Identity Manager. - // - Status = gBS->InstallProtocolInterface ( - &mCallbackInfo->DriverHandle, - &gEfiUserManagerProtocolGuid, - EFI_NATIVE_INTERFACE, - &gUserIdentifyManager - ); - ASSERT_EFI_ERROR (Status); - - LoadDeferredImageInit (ImageHandle); - return EFI_SUCCESS; -} - - diff --git a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManager.h b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManager.h deleted file mode 100644 index 1c449b0128..0000000000 --- a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManager.h +++ /dev/null @@ -1,413 +0,0 @@ -/** @file - The header file for User identify Manager driver. - -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> -This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#ifndef _USER_IDENTIFY_MANAGER_H_ -#define _USER_IDENTIFY_MANAGER_H_ - -#include <Uefi.h> - -#include <Guid/GlobalVariable.h> -#include <Guid/MdeModuleHii.h> - -#include <Protocol/FormBrowser2.h> -#include <Protocol/HiiDatabase.h> -#include <Protocol/HiiConfigAccess.h> -#include <Protocol/HiiString.h> -#include <Protocol/HiiConfigRouting.h> -#include <Protocol/UserCredential2.h> -#include <Protocol/UserManager.h> -#include <Protocol/DeferredImageLoad.h> -#include <Protocol/SimpleTextOut.h> -#include <Protocol/SimpleTextIn.h> -#include <Protocol/SimpleTextInEx.h> - -#include <Library/UefiRuntimeServicesTableLib.h> -#include <Library/UefiBootServicesTableLib.h> -#include <Library/MemoryAllocationLib.h> -#include <Library/BaseMemoryLib.h> -#include <Library/DevicePathLib.h> -#include <Library/DebugLib.h> -#include <Library/UefiLib.h> -#include <Library/PrintLib.h> -#include <Library/HiiLib.h> - -#include "UserIdentifyManagerData.h" - -// -// This is the generated IFR binary data for each formset defined in VFR. -// This data array is ready to be used as input of HiiAddPackages() to -// create a packagelist. -// -extern UINT8 UserIdentifyManagerVfrBin[]; - -// -// This is the generated String package data for all .UNI files. -// This data array is ready to be used as input of HiiAddPackages() to -// create a packagelist. -// -extern UINT8 UserIdentifyManagerStrings[]; - -#define USER_NUMBER_INC 32 -#define DEFAULT_PROFILE_SIZE 512 -#define INFO_PAYLOAD_SIZE 64 - -// -// Credential Provider Information. -// -typedef struct { - UINTN Count; - EFI_USER_CREDENTIAL2_PROTOCOL *Provider[1]; -} CREDENTIAL_PROVIDER_INFO; - -// -// Internal user profile entry. -// -typedef struct { - UINTN MaxProfileSize; - UINTN UserProfileSize; - CHAR16 UserVarName[9]; - UINT8 *ProfileInfo; -} USER_PROFILE_ENTRY; - -// -// Internal user profile database. -// -typedef struct { - UINTN UserProfileNum; - UINTN MaxProfileNum; - EFI_USER_PROFILE_HANDLE UserProfile[1]; -} USER_PROFILE_DB; - -#define USER_MANAGER_SIGNATURE SIGNATURE_32 ('U', 'I', 'M', 'S') - -typedef struct { - UINTN Signature; - EFI_HANDLE DriverHandle; - EFI_HII_HANDLE HiiHandle; - - // - // Consumed protocol. - // - EFI_HII_DATABASE_PROTOCOL *HiiDatabase; - EFI_HII_STRING_PROTOCOL *HiiString; - EFI_HII_CONFIG_ROUTING_PROTOCOL *HiiConfigRouting; - EFI_FORM_BROWSER2_PROTOCOL *FormBrowser2; - - // - // Produced protocol. - // - EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess; -} USER_MANAGER_CALLBACK_INFO; - -/// -/// HII specific Vendor Device Path definition. -/// -typedef struct { - VENDOR_DEVICE_PATH VendorDevicePath; - EFI_DEVICE_PATH_PROTOCOL End; -} HII_VENDOR_DEVICE_PATH; - -/** - Register an event notification function for the user profile changed. - - @param[in] ImageHandle Image handle this driver. - -**/ -VOID -LoadDeferredImageInit ( - IN EFI_HANDLE ImageHandle - ); - - -/** - This function creates a new user profile with only - a new user identifier attached and returns its handle. - The user profile is non-volatile, but the handle User - can change across reboots. - - @param[in] This Protocol EFI_USER_MANAGER_PROTOCOL instance - pointer. - @param[out] User Handle of a new user profile. - - @retval EFI_SUCCESS User profile was successfully created. - @retval EFI_ACCESS_DENIED Current user does not have sufficient permissions - to create a user profile. - @retval EFI_UNSUPPORTED Creation of new user profiles is not supported. - @retval EFI_INVALID_PARAMETER User is NULL. - -**/ -EFI_STATUS -EFIAPI -UserProfileCreate ( - IN CONST EFI_USER_MANAGER_PROTOCOL *This, - OUT EFI_USER_PROFILE_HANDLE *User - ); - - -/** - Delete an existing user profile. - - @param This Protocol EFI_USER_MANAGER_PROTOCOL instance - pointer. - @param User User profile handle. - - @retval EFI_SUCCESS User profile was successfully deleted. - @retval EFI_ACCESS_DENIED Current user does not have sufficient permissions - to delete a user profile or there is only one - user profile. - @retval EFI_UNSUPPORTED Deletion of new user profiles is not supported. - @retval EFI_INVALID_PARAMETER User does not refer to a valid user profile. - -**/ -EFI_STATUS -EFIAPI -UserProfileDelete ( - IN CONST EFI_USER_MANAGER_PROTOCOL *This, - IN EFI_USER_PROFILE_HANDLE User - ); - - -/** - Get next user profile from the user profile database. - - @param[in] This Protocol EFI_USER_MANAGER_PROTOCOL instance - pointer. - @param[in, out] User User profile handle. - - @retval EFI_SUCCESS Next enrolled user profile successfully returned. - @retval EFI_INVALID_PARAMETER User is NULL. - -**/ -EFI_STATUS -EFIAPI -UserProfileGetNext ( - IN CONST EFI_USER_MANAGER_PROTOCOL *This, - IN OUT EFI_USER_PROFILE_HANDLE *User - ); - - -/** - This function returns the current user profile handle. - - @param[in] This Protocol EFI_USER_MANAGER_PROTOCOL instance pointer. - @param[out] CurrentUser User profile handle. - - @retval EFI_SUCCESS Current user profile handle returned successfully. - @retval EFI_INVALID_PARAMETER CurrentUser is NULL. - -**/ -EFI_STATUS -EFIAPI -UserProfileCurrent ( - IN CONST EFI_USER_MANAGER_PROTOCOL *This, - OUT EFI_USER_PROFILE_HANDLE *CurrentUser - ); - - -/** - Identify the user and, if authenticated, returns the user handle and changes - the current user profile. - - @param This Protocol EFI_USER_MANAGER_PROTOCOL instance pointer. - @param CurrentUser User profile handle. - - @retval EFI_SUCCESS User was successfully identified. - @retval EFI_INVALID_PARAMETER User is NULL. - @retval EFI_ACCESS_DENIED User was not successfully identified. - -**/ -EFI_STATUS -EFIAPI -UserProfileIdentify ( - IN CONST EFI_USER_MANAGER_PROTOCOL *This, - OUT EFI_USER_PROFILE_HANDLE *User - ); - - -/** - Find a user using a user information record. - - This function searches all user profiles for the specified user information record. - The search starts with the user information record handle following UserInfo and - continues until either the information is found or there are no more user profiles. - A match occurs when the Info.InfoType field matches the user information record - type and the user information record data matches the portion of Info passed the - EFI_USER_INFO header. - - @param[in] This Points to this instance of the EFI_USER_MANAGER_PROTOCOL. - @param[in, out] User On entry, points to the previously returned user profile - handle, or NULL to start searching with the first user profile. - On return, points to the user profile handle, or NULL if not - found. - @param[in, out] UserInfo On entry, points to the previously returned user information - handle, or NULL to start searching with the first. On return, - points to the user information handle of the user information - record, or NULL if not found. Can be NULL, in which case only - one user information record per user can be returned. - @param[in] Info Points to the buffer containing the user information to be - compared to the user information record. If NULL, then only - the user information record type is compared. If InfoSize is 0, - then the user information record must be empty. - - @param[in] InfoSize The size of Info, in bytes. - - @retval EFI_SUCCESS User information was found. User points to the user profile handle, - and UserInfo points to the user information handle. - @retval EFI_NOT_FOUND User information was not found. User points to NULL and UserInfo - points to NULL. - -**/ -EFI_STATUS -EFIAPI -UserProfileFind ( - IN CONST EFI_USER_MANAGER_PROTOCOL *This, - IN OUT EFI_USER_PROFILE_HANDLE *User, - IN OUT EFI_USER_INFO_HANDLE *UserInfo OPTIONAL, - IN CONST EFI_USER_INFO *Info, - IN UINTN InfoSize - ); - - -/** - This function returns user information. - - @param This Protocol EFI_USER_MANAGER_PROTOCOL instance - pointer. - @param User Handle of the user whose profile will be - retrieved. - @param UserInfo Handle of the user information data record. - @param Info On entry, points to a buffer of at least - *InfoSize bytes. On exit, holds the user - information. - @param InfoSize On entry, points to the size of Info. On return, - points to the size of the user information. - - @retval EFI_SUCCESS Information returned successfully. - @retval EFI_ACCESS_DENIED The information about the specified user cannot - be accessed by the current user. - EFI_BUFFER_TOO_SMALL- The number of bytes - specified by *InfoSize is too small to hold the - returned data. - -**/ -EFI_STATUS -EFIAPI -UserProfileGetInfo ( - IN CONST EFI_USER_MANAGER_PROTOCOL *This, - IN EFI_USER_PROFILE_HANDLE User, - IN EFI_USER_INFO_HANDLE UserInfo, - OUT EFI_USER_INFO *Info, - IN OUT UINTN *InfoSize - ); - - -/** - This function changes user information. - - @param This Protocol EFI_USER_MANAGER_PROTOCOL instance - pointer. - @param User Handle of the user whose profile will be - retrieved. - @param UserInfo Handle of the user information data record. - @param Info Points to the user information. - @param InfoSize The size of Info, in bytes. - - @retval EFI_SUCCESS User profile information was successfully - changed/added. - @retval EFI_ACCESS_DENIED The record is exclusive. - @retval EFI_SECURITY_VIOLATION The current user does not have permission to - change the specified user profile or user - information record. - -**/ -EFI_STATUS -EFIAPI -UserProfileSetInfo ( - IN CONST EFI_USER_MANAGER_PROTOCOL *This, - IN EFI_USER_PROFILE_HANDLE User, - IN OUT EFI_USER_INFO_HANDLE *UserInfo, - IN CONST EFI_USER_INFO *Info, - IN UINTN InfoSize - ); - - -/** - This function allows the credential provider to notify the User Identity Manager - when user status has changed while deselected. - - @param This Protocol EFI_USER_MANAGER_PROTOCOL instance - pointer. - @param Changed Points to the instance of the - EFI_USER_CREDENTIAL_PROTOCOL where the user has - changed. - - @retval EFI_SUCCESS The User Identity Manager has handled the - notification. - @retval EFI_NOT_READY The function was called while the specified - credential provider was not selected. - @retval EFI_UNSUPPORTED The User Identity Manager doesn't support - asynchronous notifications. - -**/ -EFI_STATUS -EFIAPI -UserProfileNotify ( - IN CONST EFI_USER_MANAGER_PROTOCOL *This, - IN EFI_HANDLE Changed - ); - - -/** - Delete the user information attached to the user profile specified by the UserInfo. - - @param This Protocol EFI_USER_MANAGER_PROTOCOL instance pointer. - @param User Handle of the user whose profile will be retrieved. - @param UserInfo Handle of the user information data record. - - @retval EFI_SUCCESS User information deleted successfully. - @retval EFI_ACCESS_DENIED The current user does not have permission to - delete this user in-formation. - @retval EFI_NOT_FOUND User information record UserInfo does not exist - in the user pro-file. - -**/ -EFI_STATUS -EFIAPI -UserProfileDeleteInfo ( - IN CONST EFI_USER_MANAGER_PROTOCOL *This, - IN EFI_USER_PROFILE_HANDLE User, - IN EFI_USER_INFO_HANDLE UserInfo - ); - - -/** - This function returns the next user information record. - - @param This Protocol EFI_USER_MANAGER_PROTOCOL instance pointer. - @param User Handle of the user whose profile will be retrieved. - @param UserInfo Handle of the user information data record. - - @retval EFI_SUCCESS User information returned. - @retval EFI_NOT_FOUND No more user information found. - -**/ -EFI_STATUS -EFIAPI -UserProfileGetNextInfo ( - IN CONST EFI_USER_MANAGER_PROTOCOL *This, - IN EFI_USER_PROFILE_HANDLE User, - IN OUT EFI_USER_INFO_HANDLE *UserInfo - ); - -#endif diff --git a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManager.uni b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManager.uni deleted file mode 100644 index 82c72baeeb..0000000000 --- a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManager.uni +++ /dev/null @@ -1,21 +0,0 @@ -// /** @file -// Produces user manager protocol -// -// This module manages user information and produces user manager protocol. -// -// Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR> -// -// This program and the accompanying materials -// are licensed and made available under the terms and conditions of the BSD License -// which accompanies this distribution. The full text of the license may be found at -// http://opensource.org/licenses/bsd-license.php -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -// -// **/ - - -#string STR_MODULE_ABSTRACT #language en-US "Produces user manager protocol" - -#string STR_MODULE_DESCRIPTION #language en-US "This module manages user information and produces user manager protocol." - diff --git a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerData.h b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerData.h deleted file mode 100644 index 4e07ddd309..0000000000 --- a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerData.h +++ /dev/null @@ -1,35 +0,0 @@ -/** @file - Data structure used by the user identify manager driver. - -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> -This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#ifndef _USER_IDENTIFY_MANAGER_DATA_H_ -#define _USER_IDENTIFY_MANAGER_DATA_H_ - -#include <Guid/UserIdentifyManagerHii.h> - -// -// Forms definition. -// -#define FORMID_USER_FORM 1 -#define FORMID_PROVIDER_FORM 2 -#define FORMID_INVALID_FORM 0x0FFF - -// -// Labels definition. -// -#define LABEL_USER_NAME 0x1000 -#define LABEL_PROVIDER_NAME 0x3000 -#define LABEL_END 0xffff -#define FORM_OPEN_QUESTION_ID 0xfffe - -#endif diff --git a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerDxe.inf b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerDxe.inf deleted file mode 100644 index 27e8ba19ad..0000000000 --- a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerDxe.inf +++ /dev/null @@ -1,79 +0,0 @@ -## @file -# Produces user manager protocol -# -# This module manages user information and produces user manager protocol. -# -# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> -# This program and the accompanying materials -# are licensed and made available under the terms and conditions of the BSD License -# which accompanies this distribution. The full text of the license may be found at -# http://opensource.org/licenses/bsd-license.php -# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -# -## - -[defines] - INF_VERSION = 0x00010005 - BASE_NAME = UserIdentifyManager - MODULE_UNI_FILE = UserIdentifyManager.uni - FILE_GUID = C5D3191B-27D5-4873-8DF2-628136991A21 - MODULE_TYPE = DXE_DRIVER - VERSION_STRING = 1.0 - ENTRY_POINT = UserIdentifyManagerInit - -[sources] - UserIdentifyManager.c - LoadDeferredImage.c - UserIdentifyManager.h - UserIdentifyManagerData.h - UserIdentifyManagerStrings.uni - UserIdentifyManagerVfr.Vfr - -[Packages] - MdePkg/MdePkg.dec - MdeModulePkg/MdeModulePkg.dec - SecurityPkg/SecurityPkg.dec - -[LibraryClasses] - UefiRuntimeServicesTableLib - UefiBootServicesTableLib - UefiDriverEntryPoint - MemoryAllocationLib - BaseMemoryLib - DebugLib - HiiLib - UefiLib - -[Guids] - gEfiIfrTianoGuid ## SOMETIMES_CONSUMES ## GUID - gEfiEventUserProfileChangedGuid ## SOMETIMES_PRODUCES ## Event - - ## SOMETIMES_PRODUCES ## Variable:L"Userxxxx" - ## SOMETIMES_CONSUMES ## Variable:L"Userxxxx" - ## CONSUMES ## HII - gUserIdentifyManagerGuid - -[Protocols] - gEfiFormBrowser2ProtocolGuid ## CONSUMES - gEfiHiiDatabaseProtocolGuid ## CONSUMES - gEfiUserCredential2ProtocolGuid ## SOMETIMES_CONSUMES - gEfiDeferredImageLoadProtocolGuid ## SOMETIMES_CONSUMES - gEfiSimpleTextOutProtocolGuid ## SOMETIMES_CONSUMES - gEfiSimpleTextInProtocolGuid ## SOMETIMES_CONSUMES - gEfiSimpleTextInputExProtocolGuid ## SOMETIMES_CONSUMES - gEfiHiiConfigAccessProtocolGuid ## PRODUCES - gEfiDevicePathProtocolGuid ## PRODUCES - - ## PRODUCES - ## SOMETIMES_PRODUCES ## SystemTable - gEfiUserManagerProtocolGuid - -[Depex] - gEfiHiiDatabaseProtocolGuid AND - gEfiHiiStringProtocolGuid AND - gEfiFormBrowser2ProtocolGuid - -[UserExtensions.TianoCore."ExtraFiles"] - UserIdentifyManagerExtra.uni - diff --git a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerExtra.uni b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerExtra.uni deleted file mode 100644 index 8b7cba7b32..0000000000 --- a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerExtra.uni +++ /dev/null @@ -1,19 +0,0 @@ -// /** @file -// UserIdentifyManager Localized Strings and Content -// -// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> -// -// This program and the accompanying materials -// are licensed and made available under the terms and conditions of the BSD License -// which accompanies this distribution. The full text of the license may be found at -// http://opensource.org/licenses/bsd-license.php -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -// -// **/ - -#string STR_PROPERTIES_MODULE_NAME -#language en-US -"User Identify Manager" - - diff --git a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerStrings.uni b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerStrings.uni deleted file mode 100644 index fcbf5005cd..0000000000 --- a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerStrings.uni +++ /dev/null @@ -1,27 +0,0 @@ -/** @file - String definitions for the User Identify Manager driver. - -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> -This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php. - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#langdef en-US "English" -#langdef fr-FR "Francais" - -#string STR_TITLE #language en-US "User Identity Manager" - #language fr-FR "User Identity Manager(French)" -#string STR_USER_SELECT #language en-US "User Selection" - #language fr-FR "User Selection(French)" -#string STR_PROVIDER_SELECT #language en-US "Provider Selection" - #language fr-FR "User Selection(French)" -#string STR_NULL_STRING #language en-US "" - #language fr-FR "" - - diff --git a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerVfr.Vfr b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerVfr.Vfr deleted file mode 100644 index 306679776d..0000000000 --- a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerVfr.Vfr +++ /dev/null @@ -1,43 +0,0 @@ -/** @file - User identify manager formset. - -Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR> -This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include "UserIdentifyManagerData.h" - -formset - guid = USER_IDENTIFY_MANAGER_GUID, - title = STRING_TOKEN(STR_TITLE), - help = STRING_TOKEN(STR_NULL_STRING), - classguid = USER_IDENTIFY_MANAGER_GUID, - - form formid = FORMID_USER_FORM, - title = STRING_TOKEN(STR_USER_SELECT); - - suppressif TRUE; - text - help = STRING_TOKEN(STR_NULL_STRING), - text = STRING_TOKEN(STR_NULL_STRING), - flags = INTERACTIVE, - key = FORM_OPEN_QUESTION_ID; - endif; - - label LABEL_USER_NAME; - label LABEL_END; - endform; - - form formid = FORMID_PROVIDER_FORM, - title = STRING_TOKEN(STR_PROVIDER_SELECT); - label LABEL_PROVIDER_NAME; - label LABEL_END; - endform; -endformset; \ No newline at end of file diff --git a/SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyAccessPolicy.c b/SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyAccessPolicy.c deleted file mode 100644 index 56d3b1df98..0000000000 --- a/SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyAccessPolicy.c +++ /dev/null @@ -1,688 +0,0 @@ -/** @file - The functions for access policy modification. - -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> -This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include "UserProfileManager.h" - -/** - Collect all the access policy data to mUserInfo.AccessPolicy, - and save it to user profile. - -**/ -VOID -SaveAccessPolicy ( - VOID - ) -{ - EFI_STATUS Status; - UINTN OffSet; - UINTN Size; - EFI_USER_INFO_ACCESS_CONTROL Control; - EFI_USER_INFO_HANDLE UserInfo; - EFI_USER_INFO *Info; - - if (mUserInfo.AccessPolicy != NULL) { - FreePool (mUserInfo.AccessPolicy); - } - mUserInfo.AccessPolicy = NULL; - mUserInfo.AccessPolicyLen = 0; - mUserInfo.AccessPolicyModified = TRUE; - OffSet = 0; - - // - // Save access right. - // - Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL); - if (mUserInfo.AccessPolicyLen - OffSet < Size) { - ExpandMemory (OffSet, Size); - } - - Control.Type = mAccessInfo.AccessRight; - Control.Size = (UINT32) Size; - CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); - OffSet += sizeof (Control); - - // - // Save access setup. - // - Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + sizeof (EFI_GUID); - if (mUserInfo.AccessPolicyLen - OffSet < Size) { - ExpandMemory (OffSet, Size); - } - - Control.Type = EFI_USER_INFO_ACCESS_SETUP; - Control.Size = (UINT32) Size; - CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); - OffSet += sizeof (Control); - - if (mAccessInfo.AccessSetup == ACCESS_SETUP_NORMAL) { - CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), &gEfiUserInfoAccessSetupNormalGuid); - } else if (mAccessInfo.AccessSetup == ACCESS_SETUP_RESTRICTED) { - CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), &gEfiUserInfoAccessSetupRestrictedGuid); - } else if (mAccessInfo.AccessSetup == ACCESS_SETUP_ADMIN) { - CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), &gEfiUserInfoAccessSetupAdminGuid); - } - OffSet += sizeof (EFI_GUID); - - // - // Save access of boot order. - // - Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + sizeof (UINT32); - if (mUserInfo.AccessPolicyLen - OffSet < Size) { - ExpandMemory (OffSet, Size); - } - - Control.Type = EFI_USER_INFO_ACCESS_BOOT_ORDER; - Control.Size = (UINT32) Size; - CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); - OffSet += sizeof (Control); - - CopyMem ((UINT8 *) (mUserInfo.AccessPolicy + OffSet), &mAccessInfo.AccessBootOrder, sizeof (UINT32)); - OffSet += sizeof (UINT32); - - // - // Save permit load. - // - if (mAccessInfo.LoadPermitLen > 0) { - Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.LoadPermitLen; - if (mUserInfo.AccessPolicyLen - OffSet < Size) { - ExpandMemory (OffSet, Size); - } - - Control.Type = EFI_USER_INFO_ACCESS_PERMIT_LOAD; - Control.Size = (UINT32) Size; - CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); - OffSet += sizeof (Control); - - CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.LoadPermit, mAccessInfo.LoadPermitLen); - OffSet += mAccessInfo.LoadPermitLen; - } - - // - // Save forbid load. - // - if (mAccessInfo.LoadForbidLen > 0) { - Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.LoadForbidLen; - if (mUserInfo.AccessPolicyLen - OffSet < Size) { - ExpandMemory (OffSet, Size); - } - - Control.Type = EFI_USER_INFO_ACCESS_FORBID_LOAD; - Control.Size = (UINT32) Size; - CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); - OffSet += sizeof (Control); - - CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.LoadForbid, mAccessInfo.LoadForbidLen); - OffSet += mAccessInfo.LoadForbidLen; - } - - // - // Save permit connect. - // - if (mAccessInfo.ConnectPermitLen > 0) { - Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.ConnectPermitLen; - if (mUserInfo.AccessPolicyLen - OffSet < Size) { - ExpandMemory (OffSet, Size); - } - - Control.Type = EFI_USER_INFO_ACCESS_PERMIT_CONNECT; - Control.Size = (UINT32) Size; - CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); - OffSet += sizeof (Control); - - CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.ConnectPermit, mAccessInfo.ConnectPermitLen); - OffSet += mAccessInfo.ConnectPermitLen; - } - - // - // Save forbid connect. - // - if (mAccessInfo.ConnectForbidLen > 0) { - Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.ConnectForbidLen; - if (mUserInfo.AccessPolicyLen - OffSet < Size) { - ExpandMemory (OffSet, Size); - } - - Control.Type = EFI_USER_INFO_ACCESS_FORBID_CONNECT; - Control.Size = (UINT32) Size; - CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); - OffSet += sizeof (Control); - - CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.ConnectForbid, mAccessInfo.ConnectForbidLen); - OffSet += mAccessInfo.ConnectForbidLen; - } - - mUserInfo.AccessPolicyLen = OffSet; - - // - // Save access policy. - // - if (mUserInfo.AccessPolicyModified && (mUserInfo.AccessPolicyLen > 0) && (mUserInfo.AccessPolicy != NULL)) { - Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + mUserInfo.AccessPolicyLen); - if (Info == NULL) { - return ; - } - - Status = FindInfoByType (mModifyUser, EFI_USER_INFO_ACCESS_POLICY_RECORD, &UserInfo); - if (!EFI_ERROR (Status)) { - Info->InfoType = EFI_USER_INFO_ACCESS_POLICY_RECORD; - Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | - EFI_USER_INFO_PUBLIC | - EFI_USER_INFO_EXCLUSIVE; - Info->InfoSize = (UINT32) (sizeof (EFI_USER_INFO) + mUserInfo.AccessPolicyLen); - CopyMem ((UINT8 *) (Info + 1), mUserInfo.AccessPolicy, mUserInfo.AccessPolicyLen); - Status = mUserManager->SetInfo ( - mUserManager, - mModifyUser, - &UserInfo, - Info, - Info->InfoSize - ); - mUserInfo.AccessPolicyModified = FALSE; - } - FreePool (Info); - } - - if (mAccessInfo.ConnectForbid != NULL) { - FreePool (mAccessInfo.ConnectForbid); - mAccessInfo.ConnectForbid = NULL; - } - - if (mAccessInfo.ConnectPermit != NULL) { - FreePool (mAccessInfo.ConnectPermit); - mAccessInfo.ConnectPermit = NULL; - } - - if (mAccessInfo.LoadForbid != NULL) { - FreePool (mAccessInfo.LoadForbid); - mAccessInfo.LoadForbid = NULL; - } - - if (mAccessInfo.LoadPermit != NULL) { - FreePool (mAccessInfo.LoadPermit); - mAccessInfo.LoadPermit = NULL; - } -} - -/** - Create an action OpCode with QuestionID and DevicePath on a given OpCodeHandle. - - @param[in] QuestionID The question ID. - @param[in] DevicePath Points to device path. - @param[in] OpCodeHandle Points to container for dynamic created opcodes. - -**/ -VOID -AddDevicePath ( - IN UINTN QuestionID, - IN EFI_DEVICE_PATH_PROTOCOL *DevicePath, - IN VOID *OpCodeHandle - ) -{ - EFI_DEVICE_PATH_PROTOCOL *Next; - EFI_STRING_ID NameID; - EFI_STRING DriverName; - - // - // Get driver file name node. - // - Next = DevicePath; - while (!IsDevicePathEnd (Next)) { - DevicePath = Next; - Next = NextDevicePathNode (Next); - } - - // - // Display the device path in form. - // - DriverName = ConvertDevicePathToText (DevicePath, FALSE, FALSE); - NameID = HiiSetString (mCallbackInfo->HiiHandle, 0, DriverName, NULL); - FreePool (DriverName); - if (NameID == 0) { - return ; - } - - HiiCreateActionOpCode ( - OpCodeHandle, // Container for dynamic created opcodes - (UINT16) QuestionID, // Question ID - NameID, // Prompt text - STRING_TOKEN (STR_NULL_STRING), // Help text - EFI_IFR_FLAG_CALLBACK, // Question flag - 0 // Action String ID - ); -} - - -/** - Check whether the DevicePath is in the device path forbid list - (mAccessInfo.LoadForbid). - - @param[in] DevicePath Points to device path. - - @retval TRUE The DevicePath is in the device path forbid list. - @retval FALSE The DevicePath is not in the device path forbid list. - -**/ -BOOLEAN -IsLoadForbidden ( - IN EFI_DEVICE_PATH_PROTOCOL *DevicePath - ) -{ - UINTN OffSet; - UINTN DPSize; - UINTN Size; - EFI_DEVICE_PATH_PROTOCOL *Dp; - - OffSet = 0; - Size = GetDevicePathSize (DevicePath); - // - // Check each device path. - // - while (OffSet < mAccessInfo.LoadForbidLen) { - Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + OffSet); - DPSize = GetDevicePathSize (Dp); - // - // Compare device path. - // - if ((DPSize == Size) && (CompareMem (DevicePath, Dp, Size) == 0)) { - return TRUE; - } - OffSet += DPSize; - } - return FALSE; -} - - -/** - Display the permit load device path in the loadable device path list. - -**/ -VOID -DisplayLoadPermit( - VOID - ) -{ - EFI_STATUS Status; - CHAR16 *Order; - UINTN OrderSize; - UINTN ListCount; - UINTN Index; - UINT8 *Var; - UINT8 *VarPtr; - CHAR16 VarName[12]; - VOID *StartOpCodeHandle; - VOID *EndOpCodeHandle; - EFI_IFR_GUID_LABEL *StartLabel; - EFI_IFR_GUID_LABEL *EndLabel; - - // - // Get DriverOrder. - // - OrderSize = 0; - Status = gRT->GetVariable ( - L"DriverOrder", - &gEfiGlobalVariableGuid, - NULL, - &OrderSize, - NULL - ); - if (Status != EFI_BUFFER_TOO_SMALL) { - return ; - } - - Order = AllocateZeroPool (OrderSize); - if (Order == NULL) { - return ; - } - - Status = gRT->GetVariable ( - L"DriverOrder", - &gEfiGlobalVariableGuid, - NULL, - &OrderSize, - Order - ); - if (EFI_ERROR (Status)) { - return ; - } - - // - // Initialize the container for dynamic opcodes. - // - StartOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (StartOpCodeHandle != NULL); - - EndOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (EndOpCodeHandle != NULL); - - // - // Create Hii Extend Label OpCode. - // - StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( - StartOpCodeHandle, - &gEfiIfrTianoGuid, - NULL, - sizeof (EFI_IFR_GUID_LABEL) - ); - StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - StartLabel->Number = LABEL_PERMIT_LOAD_FUNC; - - EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( - EndOpCodeHandle, - &gEfiIfrTianoGuid, - NULL, - sizeof (EFI_IFR_GUID_LABEL) - ); - EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - EndLabel->Number = LABEL_END; - - // - // Add each driver option. - // - Var = NULL; - ListCount = OrderSize / sizeof (UINT16); - for (Index = 0; Index < ListCount; Index++) { - // - // Get driver device path. - // - UnicodeSPrint (VarName, sizeof (VarName), L"Driver%04x", Order[Index]); - GetEfiGlobalVariable2 (VarName, (VOID**)&Var, NULL); - if (Var == NULL) { - continue; - } - - // - // Check whether the driver is already forbidden. - // - - VarPtr = Var; - // - // Skip attribute. - // - VarPtr += sizeof (UINT32); - - // - // Skip device path lenth. - // - VarPtr += sizeof (UINT16); - - // - // Skip descript string. - // - VarPtr += StrSize ((UINT16 *) VarPtr); - - if (IsLoadForbidden ((EFI_DEVICE_PATH_PROTOCOL *) VarPtr)) { - FreePool (Var); - Var = NULL; - continue; - } - - AddDevicePath ( - KEY_MODIFY_USER | KEY_MODIFY_AP_DP | KEY_LOAD_PERMIT_MODIFY | Order[Index], - (EFI_DEVICE_PATH_PROTOCOL *) VarPtr, - StartOpCodeHandle - ); - FreePool (Var); - Var = NULL; - } - - HiiUpdateForm ( - mCallbackInfo->HiiHandle, // HII handle - &gUserProfileManagerGuid, // Formset GUID - FORMID_PERMIT_LOAD_DP, // Form ID - StartOpCodeHandle, // Label for where to insert opcodes - EndOpCodeHandle // Replace data - ); - - HiiFreeOpCodeHandle (StartOpCodeHandle); - HiiFreeOpCodeHandle (EndOpCodeHandle); - - // - // Clear Environment. - // - if (Var != NULL) { - FreePool (Var); - } - FreePool (Order); -} - - -/** - Display the forbid load device path list (mAccessInfo.LoadForbid). - -**/ -VOID -DisplayLoadForbid ( - VOID - ) -{ - UINTN Offset; - UINTN DPSize; - UINTN Index; - EFI_DEVICE_PATH_PROTOCOL *Dp; - VOID *StartOpCodeHandle; - VOID *EndOpCodeHandle; - EFI_IFR_GUID_LABEL *StartLabel; - EFI_IFR_GUID_LABEL *EndLabel; - - // - // Initialize the container for dynamic opcodes. - // - StartOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (StartOpCodeHandle != NULL); - - EndOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (EndOpCodeHandle != NULL); - - // - // Create Hii Extend Label OpCode. - // - StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( - StartOpCodeHandle, - &gEfiIfrTianoGuid, - NULL, - sizeof (EFI_IFR_GUID_LABEL) - ); - StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - StartLabel->Number = LABLE_FORBID_LOAD_FUNC; - - EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( - EndOpCodeHandle, - &gEfiIfrTianoGuid, - NULL, - sizeof (EFI_IFR_GUID_LABEL) - ); - EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - EndLabel->Number = LABEL_END; - - // - // Add each forbid load drivers. - // - Offset = 0; - Index = 0; - while (Offset < mAccessInfo.LoadForbidLen) { - Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + Offset); - DPSize = GetDevicePathSize (Dp); - AddDevicePath ( - KEY_MODIFY_USER | KEY_MODIFY_AP_DP | KEY_LOAD_FORBID_MODIFY | Index, - Dp, - StartOpCodeHandle - ); - Index++; - Offset += DPSize; - } - - HiiUpdateForm ( - mCallbackInfo->HiiHandle, // HII handle - &gUserProfileManagerGuid, // Formset GUID - FORMID_FORBID_LOAD_DP, // Form ID - StartOpCodeHandle, // Label for where to insert opcodes - EndOpCodeHandle // Replace data - ); - - HiiFreeOpCodeHandle (StartOpCodeHandle); - HiiFreeOpCodeHandle (EndOpCodeHandle); -} - - -/** - Display the permit connect device path. - -**/ -VOID -DisplayConnectPermit ( - VOID - ) -{ - // - // Note: - // As no architect protocol/interface to be called in ConnectController() - // to verify the device path, just add a place holder for permitted connect - // device path. - // -} - - -/** - Display the forbid connect device path list. - -**/ -VOID -DisplayConnectForbid ( - VOID - ) -{ - // - // Note: - // As no architect protocol/interface to be called in ConnectController() - // to verify the device path, just add a place holder for forbidden connect - // device path. - // -} - - -/** - Delete the specified device path by DriverIndex from the forbid device path - list (mAccessInfo.LoadForbid). - - @param[in] DriverIndex The index of driver in forbidden device path list. - -**/ -VOID -DeleteFromForbidLoad ( - IN UINT16 DriverIndex - ) -{ - UINTN OffSet; - UINTN DPSize; - UINTN OffLen; - EFI_DEVICE_PATH_PROTOCOL *Dp; - - OffSet = 0; - // - // Find the specified device path. - // - while ((OffSet < mAccessInfo.LoadForbidLen) && (DriverIndex > 0)) { - Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + OffSet); - DPSize = GetDevicePathSize (Dp); - OffSet += DPSize; - DriverIndex--; - } - - // - // Specified device path found. - // - if (DriverIndex == 0) { - Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + OffSet); - DPSize = GetDevicePathSize (Dp); - OffLen = mAccessInfo.LoadForbidLen - OffSet - DPSize; - if (OffLen > 0) { - CopyMem ( - mAccessInfo.LoadForbid + OffSet, - mAccessInfo.LoadForbid + OffSet + DPSize, - OffLen - ); - } - mAccessInfo.LoadForbidLen -= DPSize; - } -} - - -/** - Add the specified device path by DriverIndex to the forbid device path - list (mAccessInfo.LoadForbid). - - @param[in] DriverIndex The index of driver saved in driver options. - -**/ -VOID -AddToForbidLoad ( - IN UINT16 DriverIndex - ) -{ - UINTN DevicePathLen; - UINT8 *Var; - UINT8 *VarPtr; - UINTN NewLen; - UINT8 *NewFL; - CHAR16 VarName[13]; - - // - // Get loadable driver device path. - // - UnicodeSPrint (VarName, sizeof (VarName), L"Driver%04x", DriverIndex); - GetEfiGlobalVariable2 (VarName, (VOID**)&Var, NULL); - if (Var == NULL) { - return; - } - - // - // Save forbid load driver. - // - - VarPtr = Var; - // - // Skip attribute. - // - VarPtr += sizeof (UINT32); - - DevicePathLen = *(UINT16 *) VarPtr; - // - // Skip device path length. - // - VarPtr += sizeof (UINT16); - - // - // Skip description string. - // - VarPtr += StrSize ((UINT16 *) VarPtr); - - NewLen = mAccessInfo.LoadForbidLen + DevicePathLen; - NewFL = AllocateZeroPool (NewLen); - if (NewFL == NULL) { - FreePool (Var); - return ; - } - - if (mAccessInfo.LoadForbidLen > 0) { - CopyMem (NewFL, mAccessInfo.LoadForbid, mAccessInfo.LoadForbidLen); - FreePool (mAccessInfo.LoadForbid); - } - - CopyMem (NewFL + mAccessInfo.LoadForbidLen, VarPtr, DevicePathLen); - mAccessInfo.LoadForbidLen = NewLen; - mAccessInfo.LoadForbid = NewFL; - FreePool (Var); -} - - diff --git a/SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyIdentityPolicy.c b/SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyIdentityPolicy.c deleted file mode 100644 index 602c4a8397..0000000000 --- a/SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyIdentityPolicy.c +++ /dev/null @@ -1,516 +0,0 @@ -/** @file - The functions for identification policy modification. - -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> -This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include "UserProfileManager.h" - - -/** - Verify the new identity policy in the current implementation. The same credential - provider can't appear twice in one identity policy. - - @param[in] NewGuid Points to the credential provider guid. - - @retval TRUE The NewGuid was found in the identity policy. - @retval FALSE The NewGuid was not found. - -**/ -BOOLEAN -ProviderAlreadyInPolicy ( - IN EFI_GUID *NewGuid - ) -{ - UINTN Offset; - EFI_USER_INFO_IDENTITY_POLICY *Identity; - EFI_INPUT_KEY Key; - - Offset = 0; - while (Offset < mUserInfo.NewIdentityPolicyLen) { - Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (mUserInfo.NewIdentityPolicy + Offset); - if (Identity->Type == EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER) { - if (CompareGuid (NewGuid, (EFI_GUID *) (Identity + 1))) { - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"This Credential Provider Are Already Used!", - L"", - L"Press Any Key to Continue ...", - NULL - ); - return TRUE; - } - } - Offset += Identity->Length; - } - - return FALSE; -} - - -/** - Add the user's credential record in the provider. - - @param[in] Identity Identity policy item including credential provider. - @param[in] User Points to user profile. - - @retval EFI_SUCCESS Add or delete record successfully. - @retval Others Fail to add or delete record. - -**/ -EFI_STATUS -EnrollUserOnProvider ( - IN EFI_USER_INFO_IDENTITY_POLICY *Identity, - IN EFI_USER_PROFILE_HANDLE User - ) -{ - UINTN Index; - EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential; - - // - // Find the specified credential provider. - // - for (Index = 0; Index < mProviderInfo->Count; Index++) { - UserCredential = mProviderInfo->Provider[Index]; - if (CompareGuid ((EFI_GUID *)(Identity + 1), &UserCredential->Identifier)) { - return UserCredential->Enroll (UserCredential, User); - } - } - - return EFI_NOT_FOUND; -} - - -/** - Delete the User's credential record on the provider. - - @param[in] Identity Point to EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER user info. - @param[in] User Points to user profile. - - @retval EFI_SUCCESS Delete User's credential record successfully. - @retval Others Fail to add or delete record. - -**/ -EFI_STATUS -DeleteUserOnProvider ( - IN EFI_USER_INFO_IDENTITY_POLICY *Identity, - IN EFI_USER_PROFILE_HANDLE User - ) -{ - UINTN Index; - EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential; - - // - // Find the specified credential provider. - // - for (Index = 0; Index < mProviderInfo->Count; Index++) { - UserCredential = mProviderInfo->Provider[Index]; - if (CompareGuid ((EFI_GUID *)(Identity + 1), &UserCredential->Identifier)) { - return UserCredential->Delete (UserCredential, User); - } - } - - return EFI_NOT_FOUND; -} - - -/** - Delete User's credental from all the providers that exist in User's identity policy. - - @param[in] IdentityPolicy Point to User's identity policy. - @param[in] IdentityPolicyLen The length of the identity policy. - @param[in] User Points to user profile. - -**/ -VOID -DeleteCredentialFromProviders ( - IN UINT8 *IdentityPolicy, - IN UINTN IdentityPolicyLen, - IN EFI_USER_PROFILE_HANDLE User - ) -{ - EFI_USER_INFO_IDENTITY_POLICY *Identity; - UINTN Offset; - - Offset = 0; - while (Offset < IdentityPolicyLen) { - Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (IdentityPolicy + Offset); - if (Identity->Type == EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER) { - // - // Delete the user on this provider. - // - DeleteUserOnProvider (Identity, User); - } - Offset += Identity->Length; - } - -} - - -/** - Remove the provider specified by Offset from the new user identification record. - - @param[in] IdentityPolicy Point to user identity item in new identification policy. - @param[in] Offset The item offset in the new identification policy. - -**/ -VOID -DeleteProviderFromPolicy ( - IN EFI_USER_INFO_IDENTITY_POLICY *IdentityPolicy, - IN UINTN Offset - ) -{ - UINTN RemainingLen; - UINTN DeleteLen; - - if (IdentityPolicy->Length == mUserInfo.NewIdentityPolicyLen) { - // - // Only one credential provider in the identification policy. - // Set the new policy to be TRUE after removed the provider. - // - IdentityPolicy->Type = EFI_USER_INFO_IDENTITY_TRUE; - IdentityPolicy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY); - mUserInfo.NewIdentityPolicyLen = IdentityPolicy->Length; - return ; - } - - DeleteLen = IdentityPolicy->Length + sizeof(EFI_USER_INFO_IDENTITY_POLICY); - if ((Offset + IdentityPolicy->Length) != mUserInfo.NewIdentityPolicyLen) { - // - // This provider is not the last item in the identification policy, delete it and the connector. - // - RemainingLen = mUserInfo.NewIdentityPolicyLen - Offset - DeleteLen; - CopyMem ((UINT8 *) IdentityPolicy, (UINT8 *) IdentityPolicy + DeleteLen, RemainingLen); - } - mUserInfo.NewIdentityPolicyLen -= DeleteLen; -} - - -/** - Add a new provider to the mUserInfo.NewIdentityPolicy. - - It is invoked when 'add option' in UI is pressed. - - @param[in] NewGuid Points to the credential provider guid. - -**/ -VOID -AddProviderToPolicy ( - IN EFI_GUID *NewGuid - ) -{ - UINT8 *NewPolicyInfo; - UINTN NewPolicyInfoLen; - EFI_USER_INFO_IDENTITY_POLICY *Policy; - - // - // Allocate memory for the new identity policy. - // - NewPolicyInfoLen = mUserInfo.NewIdentityPolicyLen + sizeof (EFI_USER_INFO_IDENTITY_POLICY) + sizeof (EFI_GUID); - if (mUserInfo.NewIdentityPolicyLen > 0) { - // - // It is not the first provider in the policy. Add a connector before provider. - // - NewPolicyInfoLen += sizeof (EFI_USER_INFO_IDENTITY_POLICY); - } - NewPolicyInfo = AllocateZeroPool (NewPolicyInfoLen); - if (NewPolicyInfo == NULL) { - return ; - } - - NewPolicyInfoLen = 0; - if (mUserInfo.NewIdentityPolicyLen > 0) { - // - // Save orginal policy. - // - CopyMem (NewPolicyInfo, mUserInfo.NewIdentityPolicy, mUserInfo.NewIdentityPolicyLen); - - // - // Save logical connector. - // - Policy = (EFI_USER_INFO_IDENTITY_POLICY *) (NewPolicyInfo + mUserInfo.NewIdentityPolicyLen); - if (mConncetLogical == 0) { - Policy->Type = EFI_USER_INFO_IDENTITY_AND; - } else { - Policy->Type = EFI_USER_INFO_IDENTITY_OR; - } - - Policy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY); - NewPolicyInfoLen = mUserInfo.NewIdentityPolicyLen + Policy->Length; - FreePool (mUserInfo.NewIdentityPolicy); - } - - // - // Save credential provider. - // - Policy = (EFI_USER_INFO_IDENTITY_POLICY *) (NewPolicyInfo + NewPolicyInfoLen); - Policy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY) + sizeof (EFI_GUID); - Policy->Type = EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER; - CopyGuid ((EFI_GUID *) (Policy + 1), NewGuid); - NewPolicyInfoLen += Policy->Length; - - // - // Update identity policy choice. - // - mUserInfo.NewIdentityPolicy = NewPolicyInfo; - mUserInfo.NewIdentityPolicyLen = NewPolicyInfoLen; - mUserInfo.NewIdentityPolicyModified = TRUE; -} - - -/** - This function replaces the old identity policy with a new identity policy. - - This function delete the user identity policy information. - If enroll new credential failed, recover the old identity policy. - - @retval EFI_SUCCESS Modify user identity policy successfully. - @retval Others Fail to modify user identity policy. - -**/ -EFI_STATUS -UpdateCredentialProvider ( - ) -{ - EFI_STATUS Status; - EFI_USER_INFO_IDENTITY_POLICY *Identity; - UINTN Offset; - - // - // Delete the old identification policy. - // - DeleteCredentialFromProviders (mUserInfo.IdentityPolicy, mUserInfo.IdentityPolicyLen, mModifyUser); - - // - // Add the new identification policy. - // - Offset = 0; - while (Offset < mUserInfo.NewIdentityPolicyLen) { - Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (mUserInfo.NewIdentityPolicy + Offset); - if (Identity->Type == EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER) { - // - // Enroll the user on this provider - // - Status = EnrollUserOnProvider (Identity, mModifyUser); - if (EFI_ERROR (Status)) { - // - // Failed to enroll the user by new identification policy. - // So removed the credential provider from the identification policy - // - DeleteProviderFromPolicy (Identity, Offset); - continue; - } - } - Offset += Identity->Length; - } - - return EFI_SUCCESS; -} - - -/** - Check whether the identity policy is valid. - - @param[in] PolicyInfo Point to the identity policy. - @param[in] PolicyInfoLen The policy length. - - @retval TRUE The policy is a valid identity policy. - @retval FALSE The policy is not a valid identity policy. - -**/ -BOOLEAN -CheckNewIdentityPolicy ( - IN UINT8 *PolicyInfo, - IN UINTN PolicyInfoLen - ) -{ - EFI_USER_INFO_IDENTITY_POLICY *Identity; - EFI_INPUT_KEY Key; - UINTN Offset; - UINT32 OpCode; - - // - // Check policy expression. - // - OpCode = EFI_USER_INFO_IDENTITY_FALSE; - Offset = 0; - while (Offset < PolicyInfoLen) { - // - // Check identification policy according to type - // - Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (PolicyInfo + Offset); - switch (Identity->Type) { - - case EFI_USER_INFO_IDENTITY_TRUE: - break; - - case EFI_USER_INFO_IDENTITY_OR: - if (OpCode == EFI_USER_INFO_IDENTITY_AND) { - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"Invalid Identity Policy, Mixed Connector Unsupport!", - L"", - L"Press Any Key to Continue ...", - NULL - ); - return FALSE; - } - - OpCode = EFI_USER_INFO_IDENTITY_OR; - break; - - case EFI_USER_INFO_IDENTITY_AND: - if (OpCode == EFI_USER_INFO_IDENTITY_OR) { - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"Invalid Identity Policy, Mixed Connector Unsupport!", - L"", - L"Press Any Key to Continue ...", - NULL - ); - return FALSE; - } - - OpCode = EFI_USER_INFO_IDENTITY_AND; - break; - - case EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER: - break; - - default: - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"Unsupport parameter", - L"", - L"Press Any Key to Continue ...", - NULL - ); - return FALSE; - } - Offset += Identity->Length; - } - - return TRUE; -} - - -/** - Save the identity policy and update UI with it. - - This function will verify the new identity policy, in current implementation, - the identity policy can be: T, P & P & P & ..., P | P | P | ... - Here, "T" means "True", "P" means "Credential Provider", "&" means "and", "|" means "or". - Other identity policies are not supported. - -**/ -VOID -SaveIdentityPolicy ( - VOID - ) -{ - EFI_STATUS Status; - EFI_USER_INFO_HANDLE UserInfo; - EFI_USER_INFO *Info; - - if (!mUserInfo.NewIdentityPolicyModified || (mUserInfo.NewIdentityPolicyLen == 0)) { - return; - } - - // - // Check policy expression. - // - if (!CheckNewIdentityPolicy (mUserInfo.NewIdentityPolicy, mUserInfo.NewIdentityPolicyLen)) { - return; - } - - Status = FindInfoByType (mModifyUser, EFI_USER_INFO_IDENTITY_POLICY_RECORD, &UserInfo); - if (EFI_ERROR (Status)) { - return ; - } - - // - // Update the informantion on credential provider. - // - Status = UpdateCredentialProvider (); - if (EFI_ERROR (Status)) { - return ; - } - - // - // Save new identification policy. - // - Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + mUserInfo.NewIdentityPolicyLen); - ASSERT (Info != NULL); - - Info->InfoType = EFI_USER_INFO_IDENTITY_POLICY_RECORD; - Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; - Info->InfoSize = (UINT32) (sizeof (EFI_USER_INFO) + mUserInfo.NewIdentityPolicyLen); - CopyMem ((UINT8 *) (Info + 1), mUserInfo.NewIdentityPolicy, mUserInfo.NewIdentityPolicyLen); - - Status = mUserManager->SetInfo (mUserManager, mModifyUser, &UserInfo, Info, Info->InfoSize); - FreePool (Info); - - // - // Update the mUserInfo.IdentityPolicy by mUserInfo.NewIdentityPolicy - // - if (mUserInfo.IdentityPolicy != NULL) { - FreePool (mUserInfo.IdentityPolicy); - } - mUserInfo.IdentityPolicy = mUserInfo.NewIdentityPolicy; - mUserInfo.IdentityPolicyLen = mUserInfo.NewIdentityPolicyLen; - - mUserInfo.NewIdentityPolicy = NULL; - mUserInfo.NewIdentityPolicyLen = 0; - mUserInfo.NewIdentityPolicyModified = FALSE; - - // - // Update identity policy choice. - // - ResolveIdentityPolicy (mUserInfo.IdentityPolicy, mUserInfo.IdentityPolicyLen, STRING_TOKEN (STR_IDENTIFY_POLICY_VAL)); -} - - -/** - Update the mUserInfo.NewIdentityPolicy, and UI when 'add option' is pressed. - -**/ -VOID -AddIdentityPolicyItem ( - VOID - ) -{ - if (mProviderInfo->Count == 0) { - return ; - } - - // - // Check the identity policy. - // - if (ProviderAlreadyInPolicy (&mProviderInfo->Provider[mProviderChoice]->Identifier)) { - return; - } - - // - // Add it to identification policy - // - AddProviderToPolicy (&mProviderInfo->Provider[mProviderChoice]->Identifier); - - // - // Update identity policy choice. - // - ResolveIdentityPolicy (mUserInfo.NewIdentityPolicy, mUserInfo.NewIdentityPolicyLen, STRING_TOKEN (STR_IDENTIFY_POLICY_VALUE)); -} - - diff --git a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileAdd.c b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileAdd.c deleted file mode 100644 index 6de7e75e79..0000000000 --- a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileAdd.c +++ /dev/null @@ -1,372 +0,0 @@ -/** @file - The functions to add a user profile. - -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> -This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include "UserProfileManager.h" - - -/** - Get user name from the popup windows. - - @param[in, out] UserNameLen On entry, point to UserName buffer lengh, in bytes. - On exit, point to input user name length, in bytes. - @param[out] UserName The buffer to hold the input user name. - - @retval EFI_ABORTED It is given up by pressing 'ESC' key. - @retval EFI_NOT_READY Not a valid input at all. - @retval EFI_SUCCESS Get a user name successfully. - -**/ -EFI_STATUS -GetUserNameInput ( - IN OUT UINTN *UserNameLen, - OUT CHAR16 *UserName - ) -{ - EFI_INPUT_KEY Key; - UINTN NameLen; - CHAR16 Name[USER_NAME_LENGTH]; - - NameLen = 0; - while (TRUE) { - Name[NameLen] = L'_'; - Name[NameLen + 1] = L'\0'; - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"Input User Name", - L"---------------------", - Name, - NULL - ); - // - // Check key. - // - if (Key.ScanCode == SCAN_NULL) { - if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { - // - // Add the null terminator. - // - Name[NameLen] = 0; - NameLen++; - break; - } else if ((Key.UnicodeChar == CHAR_NULL) || - (Key.UnicodeChar == CHAR_TAB) || - (Key.UnicodeChar == CHAR_LINEFEED) - ) { - continue; - } else { - if (Key.UnicodeChar == CHAR_BACKSPACE) { - if (NameLen > 0) { - NameLen--; - } - } else { - Name[NameLen] = Key.UnicodeChar; - NameLen++; - if (NameLen + 1 == USER_NAME_LENGTH) { - // - // Add the null terminator. - // - Name[NameLen] = 0; - NameLen++; - break; - } - } - } - } - - if (Key.ScanCode == SCAN_ESC) { - return EFI_ABORTED; - } - } - - if (NameLen <= 1) { - return EFI_NOT_READY; - } - - if (*UserNameLen < NameLen * sizeof (CHAR16)) { - return EFI_NOT_READY; - } - - *UserNameLen = NameLen * sizeof (CHAR16); - CopyMem (UserName, Name, *UserNameLen); - - return EFI_SUCCESS; -} - -/** - Set a user's username. - - @param[in] User Handle of a user profile . - @param[in] UserNameLen The lengh of UserName. - @param[in] UserName Point to the buffer of user name. - - @retval EFI_NOT_READY The usernme in mAddUserName had been used. - @retval EFI_SUCCESS Change the user's username successfully with - username in mAddUserName. - -**/ -EFI_STATUS -SetUserName ( - IN EFI_USER_PROFILE_HANDLE User, - IN UINTN UserNameLen, - IN CHAR16 *UserName - ) -{ - EFI_STATUS Status; - EFI_USER_INFO_HANDLE UserInfo; - EFI_USER_PROFILE_HANDLE TempUser; - EFI_USER_INFO *NewUserInfo; - - NewUserInfo = AllocateZeroPool (sizeof (EFI_USER_INFO) + UserNameLen); - ASSERT (NewUserInfo != NULL); - - NewUserInfo->InfoType = EFI_USER_INFO_NAME_RECORD; - NewUserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | - EFI_USER_INFO_PUBLIC | - EFI_USER_INFO_EXCLUSIVE; - NewUserInfo->InfoSize = (UINT32) (sizeof (EFI_USER_INFO) + UserNameLen); - CopyMem ((UINT8 *) (NewUserInfo + 1), UserName, UserNameLen); - TempUser = NULL; - Status = mUserManager->Find ( - mUserManager, - &TempUser, - NULL, - NewUserInfo, - NewUserInfo->InfoSize - ); - if (!EFI_ERROR (Status)) { - // - // The user name had been used, return error. - // - FreePool (NewUserInfo); - return EFI_NOT_READY; - } - - UserInfo = NULL; - mUserManager->SetInfo ( - mUserManager, - User, - &UserInfo, - NewUserInfo, - NewUserInfo->InfoSize - ); - FreePool (NewUserInfo); - return EFI_SUCCESS; -} - - -/** - Set create date of the specified user. - - @param[in] User Handle of a user profile. - -**/ -VOID -SetCreateDate ( - IN EFI_USER_PROFILE_HANDLE User - ) -{ - EFI_STATUS Status; - EFI_USER_INFO_HANDLE UserInfo; - EFI_USER_INFO_CREATE_DATE Date; - EFI_USER_INFO *NewUserInfo; - - NewUserInfo = AllocateZeroPool ( - sizeof (EFI_USER_INFO) + - sizeof (EFI_USER_INFO_CREATE_DATE) - ); - ASSERT (NewUserInfo != NULL); - - NewUserInfo->InfoType = EFI_USER_INFO_CREATE_DATE_RECORD; - NewUserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | - EFI_USER_INFO_PUBLIC | - EFI_USER_INFO_EXCLUSIVE; - NewUserInfo->InfoSize = sizeof (EFI_USER_INFO) + sizeof (EFI_USER_INFO_CREATE_DATE); - Status = gRT->GetTime (&Date, NULL); - if (EFI_ERROR (Status)) { - FreePool (NewUserInfo); - return ; - } - - CopyMem ((UINT8 *) (NewUserInfo + 1), &Date, sizeof (EFI_USER_INFO_CREATE_DATE)); - UserInfo = NULL; - mUserManager->SetInfo ( - mUserManager, - User, - &UserInfo, - NewUserInfo, - NewUserInfo->InfoSize - ); - FreePool (NewUserInfo); -} - - -/** - Set the default identity policy of the specified user. - - @param[in] User Handle of a user profile. - -**/ -VOID -SetIdentityPolicy ( - IN EFI_USER_PROFILE_HANDLE User - ) -{ - EFI_USER_INFO_IDENTITY_POLICY *Policy; - EFI_USER_INFO_HANDLE UserInfo; - EFI_USER_INFO *NewUserInfo; - - NewUserInfo = AllocateZeroPool ( - sizeof (EFI_USER_INFO) + - sizeof (EFI_USER_INFO_IDENTITY_POLICY) - ); - ASSERT (NewUserInfo != NULL); - - Policy = (EFI_USER_INFO_IDENTITY_POLICY *) (NewUserInfo + 1); - Policy->Type = EFI_USER_INFO_IDENTITY_TRUE; - Policy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY); - - NewUserInfo->InfoType = EFI_USER_INFO_IDENTITY_POLICY_RECORD; - NewUserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | - EFI_USER_INFO_PUBLIC | - EFI_USER_INFO_EXCLUSIVE; - NewUserInfo->InfoSize = sizeof (EFI_USER_INFO) + Policy->Length; - UserInfo = NULL; - mUserManager->SetInfo ( - mUserManager, - User, - &UserInfo, - NewUserInfo, - NewUserInfo->InfoSize - ); - FreePool (NewUserInfo); -} - - -/** - Set the default access policy of the specified user. - - @param[in] User Handle of a user profile. - -**/ -VOID -SetAccessPolicy ( - IN EFI_USER_PROFILE_HANDLE User - ) -{ - EFI_USER_INFO_ACCESS_CONTROL *Control; - EFI_USER_INFO_HANDLE UserInfo; - EFI_USER_INFO *NewUserInfo; - - NewUserInfo = AllocateZeroPool ( - sizeof (EFI_USER_INFO) + - sizeof (EFI_USER_INFO_ACCESS_CONTROL) - ); - ASSERT (NewUserInfo != NULL); - - Control = (EFI_USER_INFO_ACCESS_CONTROL *) (NewUserInfo + 1); - Control->Type = EFI_USER_INFO_ACCESS_ENROLL_SELF; - Control->Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL); - - NewUserInfo->InfoType = EFI_USER_INFO_ACCESS_POLICY_RECORD; - NewUserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | - EFI_USER_INFO_PUBLIC | - EFI_USER_INFO_EXCLUSIVE; - NewUserInfo->InfoSize = sizeof (EFI_USER_INFO) + Control->Size; - UserInfo = NULL; - mUserManager->SetInfo ( - mUserManager, - User, - &UserInfo, - NewUserInfo, - NewUserInfo->InfoSize - ); - FreePool (NewUserInfo); -} - - -/** - Add a new user profile into the user profile database. - -**/ -VOID -CallAddUser ( - VOID - ) -{ - EFI_STATUS Status; - EFI_INPUT_KEY Key; - EFI_USER_PROFILE_HANDLE User; - UINTN UserNameLen; - CHAR16 UserName[USER_NAME_LENGTH]; - CHAR16 *QuestionStr; - CHAR16 *PromptStr; - - QuestionStr = NULL; - PromptStr = NULL; - - // - // Get user name to add. - // - UserNameLen = sizeof (UserName); - Status = GetUserNameInput (&UserNameLen, UserName); - if (EFI_ERROR (Status)) { - if (Status != EFI_ABORTED) { - QuestionStr = GetStringById (STRING_TOKEN (STR_GET_USERNAME_FAILED)); - PromptStr = GetStringById (STRING_TOKEN (STR_STROKE_KEY_CONTINUE)); - goto Done; - } - return ; - } - - // - // Create a new user profile. - // - User = NULL; - Status = mUserManager->Create (mUserManager, &User); - if (EFI_ERROR (Status)) { - QuestionStr = GetStringById (STRING_TOKEN (STR_CREATE_PROFILE_FAILED)); - PromptStr = GetStringById (STRING_TOKEN (STR_STROKE_KEY_CONTINUE)); - } else { - // - // Add default user information. - // - Status = SetUserName (User, UserNameLen, UserName); - if (EFI_ERROR (Status)) { - QuestionStr = GetStringById (STRING_TOKEN (STR_USER_ALREADY_EXISTED)); - PromptStr = GetStringById (STRING_TOKEN (STR_STROKE_KEY_CONTINUE)); - goto Done; - } - - SetCreateDate (User); - SetIdentityPolicy (User); - SetAccessPolicy (User); - - QuestionStr = GetStringById (STRING_TOKEN (STR_CREATE_PROFILE_SUCCESS)); - PromptStr = GetStringById (STRING_TOKEN (STR_STROKE_KEY_CONTINUE)); - } - -Done: - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - QuestionStr, - L"", - PromptStr, - NULL - ); - FreePool (QuestionStr); - FreePool (PromptStr); -} - diff --git a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileDelete.c b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileDelete.c deleted file mode 100644 index af5d3109dd..0000000000 --- a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileDelete.c +++ /dev/null @@ -1,343 +0,0 @@ -/** @file - The functions to delete a user profile. - -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> -This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include "UserProfileManager.h" - -/** - Get the username from the specified user. - - @param[in] User Handle of a user profile. - - @retval EFI_STRING_ID The String Id of the user's username. - -**/ -EFI_STRING_ID -GetUserName ( - IN EFI_USER_PROFILE_HANDLE User - ) -{ - EFI_STATUS Status; - EFI_USER_INFO_HANDLE UserInfo; - EFI_USER_INFO *Info; - UINTN InfoSize; - UINTN MemSize; - UINTN NameLen; - CHAR16 UserName[USER_NAME_LENGTH]; - EFI_STRING_ID UserId; - - // - // Allocate user information memory. - // - MemSize = sizeof (EFI_USER_INFO) + 63; - Info = AllocateZeroPool (MemSize); - ASSERT (Info != NULL); - - // - // Get user name information. - // - UserInfo = NULL; - while (TRUE) { - InfoSize = MemSize; - // - // Get next user information. - // - Status = mUserManager->GetNextInfo ( - mUserManager, - User, - &UserInfo - ); - if (EFI_ERROR (Status)) { - break; - } - - Status = mUserManager->GetInfo ( - mUserManager, - User, - UserInfo, - Info, - &InfoSize - ); - if (Status == EFI_BUFFER_TOO_SMALL) { - MemSize = InfoSize; - FreePool (Info); - Info = AllocateZeroPool (MemSize); - ASSERT (Info != NULL); - - Status = mUserManager->GetInfo ( - mUserManager, - User, - UserInfo, - Info, - &InfoSize - ); - } - // - // Check user information. - // - if (Status == EFI_SUCCESS) { - if (Info->InfoType == EFI_USER_INFO_NAME_RECORD) { - NameLen = Info->InfoSize - sizeof (EFI_USER_INFO); - if (NameLen > USER_NAME_LENGTH * sizeof (CHAR16)) { - NameLen = USER_NAME_LENGTH * sizeof (CHAR16); - } - ASSERT (NameLen >= sizeof (CHAR16)); - CopyMem (UserName, (UINT8 *) (Info + 1), NameLen); - UserName[NameLen / sizeof (CHAR16) - 1] = 0; - UserId = HiiSetString ( - mCallbackInfo->HiiHandle, - 0, - UserName, - NULL - ); - if (UserId != 0) { - FreePool (Info); - return UserId; - } - } - } - } - - FreePool (Info); - return 0; -} - - -/** - Add a username item in form. - - @param[in] User Points to the user profile whose username is added. - @param[in] Index The index of the user in the user name list - @param[in] OpCodeHandle Points to container for dynamic created opcodes. - -**/ -VOID -AddUserToForm ( - IN EFI_USER_PROFILE_HANDLE User, - IN UINT16 Index, - IN VOID *OpCodeHandle - ) -{ - EFI_STRING_ID NameId; - - // - // Get user name - // - NameId = GetUserName (User); - if (NameId == 0) { - return ; - } - - // - // Create user name option. - // - switch (Index & KEY_FIRST_FORM_MASK) { - case KEY_MODIFY_USER: - HiiCreateGotoOpCode ( - OpCodeHandle, // Container for dynamic created opcodes - FORMID_USER_INFO, // Target Form ID - NameId, // Prompt text - STRING_TOKEN (STR_NULL_STRING), // Help text - EFI_IFR_FLAG_CALLBACK, // Question flag - Index // Question ID - ); - break; - - case KEY_DEL_USER: - HiiCreateActionOpCode ( - OpCodeHandle, // Container for dynamic created opcodes - Index, // Question ID - NameId, // Prompt text - STRING_TOKEN (STR_NULL_STRING), // Help text - EFI_IFR_FLAG_CALLBACK, // Question flag - 0 // Action String ID - ); - break; - - default: - break; - } -} - - -/** - Delete the user specified by UserIndex in user profile database. - - @param[in] UserIndex The index of user in the user name list - to be deleted. - -**/ -VOID -DeleteUser ( - IN UINT8 UserIndex - ) -{ - EFI_STATUS Status; - EFI_USER_PROFILE_HANDLE User; - EFI_INPUT_KEY Key; - EFI_USER_INFO_HANDLE UserInfo; - EFI_USER_INFO *Info; - UINTN InfoSize; - - // - // Find specified user profile and delete it. - // - User = NULL; - Status = mUserManager->GetNext (mUserManager, &User); - if (EFI_ERROR (Status)) { - goto Done; - } - - while (UserIndex > 1) { - Status = mUserManager->GetNext (mUserManager, &User); - if (EFI_ERROR (Status)) { - goto Done; - } - UserIndex--; - } - - if (UserIndex == 1) { - // - // Get the identification policy. - // - Status = FindInfoByType (User, EFI_USER_INFO_IDENTITY_POLICY_RECORD, &UserInfo); - if (EFI_ERROR (Status)) { - goto Done; - } - - InfoSize = 0; - Info = NULL; - Status = mUserManager->GetInfo (mUserManager, User, UserInfo, Info, &InfoSize); - if (Status == EFI_BUFFER_TOO_SMALL) { - Info = AllocateZeroPool (InfoSize); - if (Info == NULL) { - goto Done; - } - Status = mUserManager->GetInfo (mUserManager, User, UserInfo, Info, &InfoSize); - } - - // - // Delete the user on the credential providers by its identification policy. - // - ASSERT (Info != NULL); - DeleteCredentialFromProviders ((UINT8 *)(Info + 1), Info->InfoSize - sizeof (EFI_USER_INFO), User); - FreePool (Info); - - Status = mUserManager->Delete (mUserManager, User); - if (EFI_ERROR (Status)) { - goto Done; - } - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"Delete User Succeed!", - L"", - L"Please Press Any Key to Continue ...", - NULL - ); - return ; - } - -Done: - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"Delete User Failed!", - L"", - L"Please Press Any Key to Continue ...", - NULL - ); -} - - -/** - Display user select form, cab select a user to delete. - -**/ -VOID -SelectUserToDelete ( - VOID - ) -{ - EFI_STATUS Status; - UINT8 Index; - EFI_USER_PROFILE_HANDLE User; - EFI_USER_PROFILE_HANDLE CurrentUser; - VOID *StartOpCodeHandle; - VOID *EndOpCodeHandle; - EFI_IFR_GUID_LABEL *StartLabel; - EFI_IFR_GUID_LABEL *EndLabel; - - // - // Initialize the container for dynamic opcodes. - // - StartOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (StartOpCodeHandle != NULL); - - EndOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (EndOpCodeHandle != NULL); - - // - // Create Hii Extend Label OpCode. - // - StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( - StartOpCodeHandle, - &gEfiIfrTianoGuid, - NULL, - sizeof (EFI_IFR_GUID_LABEL) - ); - StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - StartLabel->Number = LABEL_USER_DEL_FUNC; - - EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( - EndOpCodeHandle, - &gEfiIfrTianoGuid, - NULL, - sizeof (EFI_IFR_GUID_LABEL) - ); - EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - EndLabel->Number = LABEL_END; - - // - // Add each user can be deleted. - // - User = NULL; - Index = 1; - mUserManager->Current (mUserManager, &CurrentUser); - while (TRUE) { - Status = mUserManager->GetNext (mUserManager, &User); - if (EFI_ERROR (Status)) { - break; - } - - if (User != CurrentUser) { - AddUserToForm ( - User, - (UINT16)(KEY_DEL_USER | KEY_SELECT_USER | Index), - StartOpCodeHandle - ); - } - Index++; - } - - HiiUpdateForm ( - mCallbackInfo->HiiHandle, // HII handle - &gUserProfileManagerGuid, // Formset GUID - FORMID_DEL_USER, // Form ID - StartOpCodeHandle, // Label for where to insert opcodes - EndOpCodeHandle // Replace data - ); - - HiiFreeOpCodeHandle (StartOpCodeHandle); - HiiFreeOpCodeHandle (EndOpCodeHandle); -} diff --git a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager.c b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager.c deleted file mode 100644 index e73ba3a8fc..0000000000 --- a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager.c +++ /dev/null @@ -1,887 +0,0 @@ -/** @file - This driver is a configuration tool for adding, deleting or modifying user - profiles, including gathering the necessary information to ascertain their - identity in the future, updating user access policy and identification - policy, etc. - -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> -(C) Copyright 2018 Hewlett Packard Enterprise Development LP<BR> -This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include "UserProfileManager.h" - -EFI_USER_MANAGER_PROTOCOL *mUserManager = NULL; -CREDENTIAL_PROVIDER_INFO *mProviderInfo = NULL; -UINT8 mProviderChoice; -UINT8 mConncetLogical; -USER_INFO_ACCESS mAccessInfo; -USER_INFO mUserInfo; -USER_PROFILE_MANAGER_CALLBACK_INFO *mCallbackInfo; -HII_VENDOR_DEVICE_PATH mHiiVendorDevicePath = { - { - { - HARDWARE_DEVICE_PATH, - HW_VENDOR_DP, - { - (UINT8) (sizeof (VENDOR_DEVICE_PATH)), - (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) - } - }, - USER_PROFILE_MANAGER_GUID - }, - { - END_DEVICE_PATH_TYPE, - END_ENTIRE_DEVICE_PATH_SUBTYPE, - { - (UINT8) (END_DEVICE_PATH_LENGTH), - (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8) - } - } -}; - - -/** - Get string by string id from HII Interface. - - - @param[in] Id String ID to get the string from. - - @retval CHAR16 * String from ID. - @retval NULL If error occurs. - -**/ -CHAR16 * -GetStringById ( - IN EFI_STRING_ID Id - ) -{ - // - // Get the current string for the current Language. - // - return HiiGetString (mCallbackInfo->HiiHandle, Id, NULL); -} - - -/** - This function gets all the credential providers in the system and saved them - to mProviderInfo. - - @retval EFI_SUCESS Init credential provider database successfully. - @retval Others Fail to init credential provider database. - -**/ -EFI_STATUS -InitProviderInfo ( - VOID - ) -{ - EFI_STATUS Status; - UINTN HandleCount; - EFI_HANDLE *HandleBuf; - UINTN Index; - - // - // Try to find all the user credential provider driver. - // - HandleCount = 0; - HandleBuf = NULL; - Status = gBS->LocateHandleBuffer ( - ByProtocol, - &gEfiUserCredential2ProtocolGuid, - NULL, - &HandleCount, - &HandleBuf - ); - if (EFI_ERROR (Status)) { - return Status; - } - - // - // Get provider infomation. - // - if (mProviderInfo != NULL) { - FreePool (mProviderInfo); - } - mProviderInfo = AllocateZeroPool ( - sizeof (CREDENTIAL_PROVIDER_INFO) - - sizeof (EFI_USER_CREDENTIAL2_PROTOCOL *) + - HandleCount * sizeof (EFI_USER_CREDENTIAL2_PROTOCOL *) - ); - if (mProviderInfo == NULL) { - FreePool (HandleBuf); - return EFI_OUT_OF_RESOURCES; - } - - mProviderInfo->Count = HandleCount; - for (Index = 0; Index < HandleCount; Index++) { - Status = gBS->HandleProtocol ( - HandleBuf[Index], - &gEfiUserCredential2ProtocolGuid, - (VOID **) &mProviderInfo->Provider[Index] - ); - if (EFI_ERROR (Status)) { - FreePool (HandleBuf); - FreePool (mProviderInfo); - mProviderInfo = NULL; - return Status; - } - } - - FreePool (HandleBuf); - return EFI_SUCCESS; -} - - -/** - This function processes changes in user profile configuration. - - @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. - @param Action Specifies the type of action taken by the browser. - @param QuestionId A unique value which is sent to the original - exporting driver so that it can identify the type - of data to expect. - @param Type The type of value for the question. - @param Value A pointer to the data being sent to the original - exporting driver. - @param ActionRequest On return, points to the action requested by the - callback function. - - @retval EFI_SUCCESS The callback successfully handled the action. - @retval Others Fail to handle the action. - -**/ -EFI_STATUS -EFIAPI -UserProfileManagerCallback ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN EFI_BROWSER_ACTION Action, - IN EFI_QUESTION_ID QuestionId, - IN UINT8 Type, - IN EFI_IFR_TYPE_VALUE *Value, - OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest - ) -{ - EFI_STATUS Status; - EFI_INPUT_KEY Key; - UINT32 CurrentAccessRight; - CHAR16 *QuestionStr; - CHAR16 *PromptStr; - VOID *StartOpCodeHandle; - VOID *EndOpCodeHandle; - EFI_IFR_GUID_LABEL *StartLabel; - EFI_IFR_GUID_LABEL *EndLabel; - EFI_USER_PROFILE_HANDLE CurrentUser; - - Status = EFI_SUCCESS; - - switch (Action) { - case EFI_BROWSER_ACTION_FORM_OPEN: - { - // - // Update user manage Form when user manage Form is opened. - // This will be done only in FORM_OPEN CallBack of question with QUESTIONID_USER_MANAGE from user manage Form. - // - if (QuestionId != QUESTIONID_USER_MANAGE) { - return EFI_SUCCESS; - } - - // - // Get current user - // - CurrentUser = NULL; - mUserManager->Current (mUserManager, &CurrentUser); - if (CurrentUser == NULL) { - DEBUG ((DEBUG_ERROR, "Error: current user does not exist!\n")); - return EFI_NOT_READY; - } - - // - // Get current user's right information. - // - Status = GetAccessRight (&CurrentAccessRight); - if (EFI_ERROR (Status)) { - CurrentAccessRight = EFI_USER_INFO_ACCESS_ENROLL_SELF; - } - - // - // Init credential provider information. - // - Status = InitProviderInfo (); - if (EFI_ERROR (Status)) { - return Status; - } - - // - // Initialize the container for dynamic opcodes. - // - StartOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (StartOpCodeHandle != NULL); - - EndOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (EndOpCodeHandle != NULL); - - // - // Create Hii Extend Label OpCode. - // - StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( - StartOpCodeHandle, - &gEfiIfrTianoGuid, - NULL, - sizeof (EFI_IFR_GUID_LABEL) - ); - StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - StartLabel->Number = LABEL_USER_MANAGE_FUNC; - - EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( - EndOpCodeHandle, - &gEfiIfrTianoGuid, - NULL, - sizeof (EFI_IFR_GUID_LABEL) - ); - EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - EndLabel->Number = LABEL_END; - - // - // Add user profile option. - // - if ((CurrentAccessRight == EFI_USER_INFO_ACCESS_MANAGE) || - (CurrentAccessRight == EFI_USER_INFO_ACCESS_ENROLL_OTHERS) - ) { - HiiCreateActionOpCode ( - StartOpCodeHandle, // Container for dynamic created opcodes - KEY_ADD_USER, // Question ID - STRING_TOKEN (STR_ADD_USER_TITLE), // Prompt text - STRING_TOKEN (STR_ADD_USER_HELP), // Help text - EFI_IFR_FLAG_CALLBACK, // Question flag - 0 // Action String ID - ); - } - - // - // Add modify user profile option. - // - HiiCreateGotoOpCode ( - StartOpCodeHandle, // Container for dynamic created opcodes - FORMID_MODIFY_USER, // Target Form ID - STRING_TOKEN (STR_MODIFY_USER_TITLE), // Prompt text - STRING_TOKEN (STR_MODIFY_USER_HELP), // Help text - EFI_IFR_FLAG_CALLBACK, // Question flag - KEY_MODIFY_USER // Question ID - ); - - // - // Add delete user profile option - // - if (CurrentAccessRight == EFI_USER_INFO_ACCESS_MANAGE) { - HiiCreateGotoOpCode ( - StartOpCodeHandle, // Container for dynamic created opcodes - FORMID_DEL_USER, // Target Form ID - STRING_TOKEN (STR_DELETE_USER_TITLE), // Prompt text - STRING_TOKEN (STR_DELETE_USER_HELP), // Help text - EFI_IFR_FLAG_CALLBACK, // Question flag - KEY_DEL_USER // Question ID - ); - } - - HiiUpdateForm ( - mCallbackInfo->HiiHandle, // HII handle - &gUserProfileManagerGuid, // Formset GUID - FORMID_USER_MANAGE, // Form ID - StartOpCodeHandle, // Label for where to insert opcodes - EndOpCodeHandle // Replace data - ); - - HiiFreeOpCodeHandle (StartOpCodeHandle); - HiiFreeOpCodeHandle (EndOpCodeHandle); - - return EFI_SUCCESS; - } - break; - - case EFI_BROWSER_ACTION_FORM_CLOSE: - Status = EFI_SUCCESS; - break; - - case EFI_BROWSER_ACTION_CHANGED: - { - // - // Handle the request from form. - // - if ((Value == NULL) || (ActionRequest == NULL)) { - return EFI_INVALID_PARAMETER; - } - - // - // Judge first 2 bits. - // - switch (QuestionId & KEY_FIRST_FORM_MASK) { - // - // Add user profile operation. - // - case KEY_ADD_USER: - CallAddUser (); - break; - - // - // Delete user profile operation. - // - case KEY_DEL_USER: - // - // Judge next 2 bits. - // - switch (QuestionId & KEY_SECOND_FORM_MASK) { - // - // Delete specified user profile. - // - case KEY_SELECT_USER: - DeleteUser ((UINT8) QuestionId); - // - // Update select user form after delete a user. - // - SelectUserToDelete (); - break; - - default: - break; - } - break; - - // - // Modify user profile operation. - // - case KEY_MODIFY_USER: - // - // Judge next 2 bits. - // - switch (QuestionId & KEY_SECOND_FORM_MASK) { - // - // Enter user profile information form. - // - case KEY_SELECT_USER: - // - // Judge next 3 bits. - // - switch (QuestionId & KEY_MODIFY_INFO_MASK) { - // - // Modify user name. - // - case KEY_MODIFY_NAME: - ModifyUserName (); - // - // Update username in parent form. - // - SelectUserToModify (); - break; - - // - // Modify identity policy. - // - case KEY_MODIFY_IP: - // - // Judge next 3 bits - // - switch (QuestionId & KEY_MODIFY_IP_MASK) { - // - // Change credential provider option. - // - case KEY_MODIFY_PROV: - mProviderChoice = Value->u8; - break; - - // - // Change logical connector. - // - case KEY_MODIFY_CONN: - mConncetLogical = Value->u8; - break; - - // - // Save option. - // - case KEY_ADD_IP_OP: - AddIdentityPolicyItem (); - break; - - // - // Return to user profile information form. - // - case KEY_IP_RETURN_UIF: - SaveIdentityPolicy (); - *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_SUBMIT_EXIT; - break; - - default: - break; - } - break; - - // - // Modify access policy. - // - case KEY_MODIFY_AP: - // - // Judge next 3 bits. - // - switch (QuestionId & KEY_MODIFY_AP_MASK) { - // - // Change access right choice. - // - case KEY_MODIFY_RIGHT: - mAccessInfo.AccessRight = Value->u8; - break; - - // - // Change setup choice. - // - case KEY_MODIFY_SETUP: - mAccessInfo.AccessSetup= Value->u8; - break; - - // - // Change boot order choice. - // - case KEY_MODIFY_BOOT: - mAccessInfo.AccessBootOrder = Value->u32; - break; - - // - // Return to user profile information form. - // - case KEY_AP_RETURN_UIF: - SaveAccessPolicy (); - *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_SUBMIT_EXIT; - break; - - default: - break; - } - break; - - default: - break; - } - break; - - // - // Access policy device path modified. - // - case KEY_MODIFY_AP_DP: - // - // Judge next 2 bits. - // - switch (QuestionId & KEY_MODIFY_DP_MASK) { - // - // Load permit device path modified. - // - case KEY_LOAD_PERMIT_MODIFY: - QuestionStr = GetStringById (STRING_TOKEN (STR_MOVE_TO_FORBID_LIST)); - PromptStr = GetStringById (STRING_TOKEN (STR_PRESS_KEY_CONTINUE)); - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - QuestionStr, - L"", - PromptStr, - NULL - ); - FreePool (QuestionStr); - FreePool (PromptStr); - if (Key.UnicodeChar != CHAR_CARRIAGE_RETURN) { - break; - } - - AddToForbidLoad ((UINT16)(QuestionId & (KEY_MODIFY_DP_MASK - 1))); - DisplayLoadPermit (); - break; - - // - // Load forbid device path modified. - // - case KEY_LOAD_FORBID_MODIFY: - QuestionStr = GetStringById (STRING_TOKEN (STR_MOVE_TO_PERMIT_LIST)); - PromptStr = GetStringById (STRING_TOKEN (STR_PRESS_KEY_CONTINUE)); - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - QuestionStr, - L"", - PromptStr, - NULL - ); - FreePool (QuestionStr); - FreePool (PromptStr); - if (Key.UnicodeChar != CHAR_CARRIAGE_RETURN) { - break; - } - - DeleteFromForbidLoad ((UINT16)(QuestionId & (KEY_MODIFY_DP_MASK - 1))); - DisplayLoadForbid (); - break; - - // - // Connect permit device path modified. - // - case KEY_CONNECT_PERMIT_MODIFY: - break; - - // - // Connect forbid device path modified. - // - case KEY_CONNECT_FORBID_MODIFY: - break; - - default: - break; - } - break; - - default: - break; - } - break; - - default: - break; - } - } - break; - - - case EFI_BROWSER_ACTION_CHANGING: - { - // - // Handle the request from form. - // - if (Value == NULL) { - return EFI_INVALID_PARAMETER; - } - - // - // Judge first 2 bits. - // - switch (QuestionId & KEY_FIRST_FORM_MASK) { - // - // Delete user profile operation. - // - case KEY_DEL_USER: - // - // Judge next 2 bits. - // - switch (QuestionId & KEY_SECOND_FORM_MASK) { - // - // Enter delete user profile form. - // - case KEY_ENTER_NEXT_FORM: - SelectUserToDelete (); - break; - - default: - break; - } - break; - - // - // Modify user profile operation. - // - case KEY_MODIFY_USER: - // - // Judge next 2 bits. - // - switch (QuestionId & KEY_SECOND_FORM_MASK) { - // - // Enter modify user profile form. - // - case KEY_ENTER_NEXT_FORM: - SelectUserToModify (); - break; - - // - // Enter user profile information form. - // - case KEY_SELECT_USER: - // - // Judge next 3 bits. - // - switch (QuestionId & KEY_MODIFY_INFO_MASK) { - // - // Display user information form. - // - case KEY_ENTER_NEXT_FORM: - ModifyUserInfo ((UINT8) QuestionId); - break; - - // - // Modify identity policy. - // - case KEY_MODIFY_IP: - // - // Judge next 3 bits - // - switch (QuestionId & KEY_MODIFY_IP_MASK) { - // - // Display identity policy modify form. - // - case KEY_ENTER_NEXT_FORM: - ModifyIdentityPolicy (); - break; - - default: - break; - } - break; - - // - // Modify access policy. - // - case KEY_MODIFY_AP: - // - // Judge next 3 bits. - // - switch (QuestionId & KEY_MODIFY_AP_MASK) { - // - // Display access policy modify form. - // - case KEY_ENTER_NEXT_FORM: - ModidyAccessPolicy (); - break; - // - // Load device path form. - // - case KEY_MODIFY_LOAD: - // - // Judge next 2 bits. - // - switch (QuestionId & KEY_DISPLAY_DP_MASK) { - // - // Permit load device path. - // - case KEY_PERMIT_MODIFY: - DisplayLoadPermit (); - break; - - // - // Forbid load device path. - // - case KEY_FORBID_MODIFY: - DisplayLoadForbid (); - break; - - default: - break; - } - break; - - // - // Connect device path form. - // - case KEY_MODIFY_CONNECT: - // - // Judge next 2 bits. - // - switch (QuestionId & KEY_DISPLAY_DP_MASK) { - // - // Permit connect device path. - // - case KEY_PERMIT_MODIFY: - DisplayConnectPermit (); - break; - - // - // Forbid connect device path. - // - case KEY_FORBID_MODIFY: - DisplayConnectForbid (); - break; - - default: - break; - } - break; - - default: - break; - } - break; - - default: - break; - } - break; - - default: - break; - } - break; - - default: - break; - } - } - break; - - default: - // - // All other action return unsupported. - // - Status = EFI_UNSUPPORTED; - break; - } - - - return Status; -} - - -/** - This function allows a caller to extract the current configuration for one - or more named elements from the target driver. - - - @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. - @param Request A null-terminated Unicode string in <ConfigRequest> format. - @param Progress On return, points to a character in the Request string. - Points to the string's null terminator if request was successful. - Points to the most recent '&' before the first failing name/value - pair (or the beginning of the string if the failure is in the - first name/value pair) if the request was not successful. - @param Results A null-terminated Unicode string in <ConfigAltResp> format which - has all values filled in for the names in the Request string. - String to be allocated by the called function. - - @retval EFI_SUCCESS The Results is filled with the requested values. - @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results. - @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name. - @retval EFI_NOT_FOUND Routing data doesn't match any storage in this driver. - -**/ -EFI_STATUS -EFIAPI -FakeExtractConfig ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN CONST EFI_STRING Request, - OUT EFI_STRING *Progress, - OUT EFI_STRING *Results - ) -{ - if (Progress == NULL || Results == NULL) { - return EFI_INVALID_PARAMETER; - } - *Progress = Request; - return EFI_NOT_FOUND; -} - -/** - This function processes the results of changes in configuration. - - - @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. - @param Configuration A null-terminated Unicode string in <ConfigResp> format. - @param Progress A pointer to a string filled in with the offset of the most - recent '&' before the first failing name/value pair (or the - beginning of the string if the failure is in the first - name/value pair) or the terminating NULL if all was successful. - - @retval EFI_SUCCESS The Results is processed successfully. - @retval EFI_INVALID_PARAMETER Configuration is NULL. - @retval EFI_NOT_FOUND Routing data doesn't match any storage in this driver. - -**/ -EFI_STATUS -EFIAPI -FakeRouteConfig ( - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, - IN CONST EFI_STRING Configuration, - OUT EFI_STRING *Progress - ) -{ - if (Configuration == NULL || Progress == NULL) { - return EFI_INVALID_PARAMETER; - } - - *Progress = Configuration; - - return EFI_NOT_FOUND; -} - - -/** - Main entry for this driver. - - @param ImageHandle Image handle this driver. - @param SystemTable Pointer to SystemTable. - - @retval EFI_SUCESS This function always complete successfully. - -**/ -EFI_STATUS -EFIAPI -UserProfileManagerInit ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable - ) -{ - EFI_STATUS Status; - USER_PROFILE_MANAGER_CALLBACK_INFO *CallbackInfo; - - Status = gBS->LocateProtocol ( - &gEfiUserManagerProtocolGuid, - NULL, - (VOID **) &mUserManager - ); - if (EFI_ERROR (Status)) { - return EFI_SUCCESS; - } - - // - // Initialize driver private data. - // - ZeroMem (&mUserInfo, sizeof (mUserInfo)); - ZeroMem (&mAccessInfo, sizeof (mAccessInfo)); - - CallbackInfo = AllocateZeroPool (sizeof (USER_PROFILE_MANAGER_CALLBACK_INFO)); - ASSERT (CallbackInfo != NULL); - - CallbackInfo->Signature = USER_PROFILE_MANAGER_SIGNATURE; - CallbackInfo->ConfigAccess.ExtractConfig = FakeExtractConfig; - CallbackInfo->ConfigAccess.RouteConfig = FakeRouteConfig; - CallbackInfo->ConfigAccess.Callback = UserProfileManagerCallback; - CallbackInfo->DriverHandle = NULL; - - // - // Install Device Path Protocol and Config Access protocol to driver handle. - // - Status = gBS->InstallMultipleProtocolInterfaces ( - &CallbackInfo->DriverHandle, - &gEfiDevicePathProtocolGuid, - &mHiiVendorDevicePath, - &gEfiHiiConfigAccessProtocolGuid, - &CallbackInfo->ConfigAccess, - NULL - ); - ASSERT_EFI_ERROR (Status); - - // - // Publish HII data. - // - CallbackInfo->HiiHandle = HiiAddPackages ( - &gUserProfileManagerGuid, - CallbackInfo->DriverHandle, - UserProfileManagerStrings, - UserProfileManagerVfrBin, - NULL - ); - ASSERT (CallbackInfo->HiiHandle != NULL); - mCallbackInfo = CallbackInfo; - - return Status; -} - - diff --git a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager.h b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager.h deleted file mode 100644 index aff1e28d9d..0000000000 --- a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager.h +++ /dev/null @@ -1,444 +0,0 @@ -/** @file - The header file for user profile manager driver. - -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> -This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#ifndef __EFI_USER_PROFILE_MANAGER_H__ -#define __EFI_USER_PROFILE_MANAGER_H__ - -#include <Uefi.h> - -#include <Guid/GlobalVariable.h> -#include <Guid/MdeModuleHii.h> - -#include <Protocol/HiiConfigAccess.h> -#include <Protocol/UserCredential2.h> -#include <Protocol/UserManager.h> - -#include <Library/UefiRuntimeServicesTableLib.h> -#include <Library/UefiBootServicesTableLib.h> -#include <Library/MemoryAllocationLib.h> -#include <Library/BaseMemoryLib.h> -#include <Library/DevicePathLib.h> -#include <Library/DebugLib.h> -#include <Library/UefiLib.h> -#include <Library/PrintLib.h> -#include <Library/HiiLib.h> - -#include "UserProfileManagerData.h" - -#define USER_NAME_LENGTH 17 - -// -// Credential Provider Information. -// -typedef struct { - UINTN Count; - EFI_USER_CREDENTIAL2_PROTOCOL *Provider[1]; -} CREDENTIAL_PROVIDER_INFO; - -// -// User profile information structure. -// -typedef struct { - UINT64 UsageCount; - EFI_TIME CreateDate; - EFI_TIME UsageDate; - UINTN AccessPolicyLen; - UINTN IdentityPolicyLen; - UINTN NewIdentityPolicyLen; - UINT8 *AccessPolicy; - UINT8 *IdentityPolicy; - UINT8 *NewIdentityPolicy; - CHAR16 UserName[USER_NAME_LENGTH]; - BOOLEAN CreateDateExist; - BOOLEAN UsageDateExist; - BOOLEAN AccessPolicyModified; - BOOLEAN IdentityPolicyModified; - BOOLEAN NewIdentityPolicyModified; -} USER_INFO; - -// -// User access information structure. -// -typedef struct { - UINTN LoadPermitLen; - UINTN LoadForbidLen; - UINTN ConnectPermitLen; - UINTN ConnectForbidLen; - UINT8 *LoadPermit; - UINT8 *LoadForbid; - UINT8 *ConnectPermit; - UINT8 *ConnectForbid; - UINT32 AccessBootOrder; - UINT8 AccessRight; - UINT8 AccessSetup; -} USER_INFO_ACCESS; - -#define USER_PROFILE_MANAGER_SIGNATURE SIGNATURE_32 ('U', 'P', 'M', 'S') - -typedef struct { - UINTN Signature; - EFI_HANDLE DriverHandle; - EFI_HII_HANDLE HiiHandle; - EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess; -} USER_PROFILE_MANAGER_CALLBACK_INFO; - -// -// HII specific Vendor Device Path definition. -// -typedef struct { - VENDOR_DEVICE_PATH VendorDevicePath; - EFI_DEVICE_PATH_PROTOCOL End; -} HII_VENDOR_DEVICE_PATH; - -// -// This is the generated IFR binary data for each formset defined in VFR. -// -extern UINT8 UserProfileManagerVfrBin[]; - -// -// This is the generated String package data for .UNI file. -// -extern UINT8 UserProfileManagerStrings[]; - -// -// The user manager protocol, used in several function. -// -extern EFI_USER_MANAGER_PROTOCOL *mUserManager; - -// -// The credential providers database in system. -// -extern CREDENTIAL_PROVIDER_INFO *mProviderInfo; - -// -// The variables used to update identity policy. -// -extern UINT8 mProviderChoice; -extern UINT8 mConncetLogical; - -// -// The variables used to update access policy. -// -extern USER_INFO_ACCESS mAccessInfo; - -// -// The user information used to record all data in UI. -// -extern USER_INFO mUserInfo; - -extern USER_PROFILE_MANAGER_CALLBACK_INFO *mCallbackInfo; - -extern EFI_USER_PROFILE_HANDLE mModifyUser; - -/** - Get string by string id from HII Interface. - - - @param[in] Id String ID to get the string from. - - @retval CHAR16 * String from ID. - @retval NULL If error occurs. - -**/ -CHAR16 * -GetStringById ( - IN EFI_STRING_ID Id - ); - -/** - Add a new user profile into the user profile database. - -**/ -VOID -CallAddUser ( - VOID - ); - -/** - Display user select form; can select a user to modify. - -**/ -VOID -SelectUserToModify ( - VOID - ); - -/** - Display user select form, cab select a user to delete. - -**/ -VOID -SelectUserToDelete ( - VOID - ); - -/** - Delete the user specified by UserIndex in user profile database. - - @param[in] UserIndex The index of user in the user name list to be deleted. - -**/ -VOID -DeleteUser ( - IN UINT8 UserIndex - ); - -/** - Add a username item in form. - - @param[in] User Points to the user profile whose username is added. - @param[in] Index The index of the user in the user name list. - @param[in] OpCodeHandle Points to container for dynamic created opcodes. - -**/ -VOID -AddUserToForm ( - IN EFI_USER_PROFILE_HANDLE User, - IN UINT16 Index, - IN VOID *OpCodeHandle - ); - -/** - Display modify user information form - - In this form, username, create Date, usage date, usage count, identity policy, - and access policy are displayed. - - @param[in] UserIndex The index of the user in display list to modify. - -**/ -VOID -ModifyUserInfo ( - IN UINT8 UserIndex - ); - -/** - Get the username from user input and update username string in Hii - database with it. - -**/ -VOID -ModifyUserName ( - VOID - ); - -/** - Display the form of modifying user identity policy. - -**/ -VOID -ModifyIdentityPolicy ( - VOID - ); - -/** - Update the mUserInfo.NewIdentityPolicy and UI when 'add option' is pressed. - -**/ -VOID -AddIdentityPolicyItem ( - VOID - ); - -/** - Save the identity policy and update UI with it. - - This function will verify the new identity policy, in current implementation, - the identity policy can be: T, P & P & P & ..., P | P | P | ... - Here, "T" means "True", "P" means "Credential Provider", "&" means "and", "|" means "or". - Other identity policies are not supported. - -**/ -VOID -SaveIdentityPolicy ( - VOID - ); - -/** - Display modify user access policy form - - In this form, access right, access setu,p and access boot order are dynamically - added. Load devicepath and connect devicepath are displayed too. - -**/ -VOID -ModidyAccessPolicy ( - VOID - ); - -/** - Collect all the access policy data to mUserInfo.AccessPolicy, - and save it to user profile. - -**/ -VOID -SaveAccessPolicy ( - VOID - ); - -/** - Get current user's access rights. - - @param[out] AccessRight Points to the buffer used for user's access rights. - - @retval EFI_SUCCESS Get current user access rights successfully. - @retval others Fail to get current user access rights. - -**/ -EFI_STATUS -GetAccessRight ( - OUT UINT32 *AccessRight - ); - -/** - Display the permit load device path in the loadable device path list. - -**/ -VOID -DisplayLoadPermit( - VOID - ); - -/** - Display the forbid load device path list (mAccessInfo.LoadForbid). - -**/ -VOID -DisplayLoadForbid ( - VOID - ); - -/** - Display the permit connect device path. - -**/ -VOID -DisplayConnectPermit ( - VOID - ); - -/** - Display the forbid connect device path list. - -**/ -VOID -DisplayConnectForbid ( - VOID - ); - -/** - Delete the specified device path by DriverIndex from the forbid device path - list (mAccessInfo.LoadForbid). - - @param[in] DriverIndex The index of driver in a forbidden device path list. - -**/ -VOID -DeleteFromForbidLoad ( - IN UINT16 DriverIndex - ); - -/** - Add the specified device path by DriverIndex to the forbid device path - list (mAccessInfo.LoadForbid). - - @param[in] DriverIndex The index of driver saved in driver options. - -**/ -VOID -AddToForbidLoad ( - IN UINT16 DriverIndex - ); - -/** - Get user name from the popup windows. - - @param[in, out] UserNameLen On entry, point to the buffer lengh of UserName. - On exit, point to the input user name length. - @param[out] UserName The buffer to hold the input user name. - - @retval EFI_ABORTED It is given up by pressing 'ESC' key. - @retval EFI_NOT_READY Not a valid input at all. - @retval EFI_SUCCESS Get a user name successfully. - -**/ -EFI_STATUS -GetUserNameInput ( - IN OUT UINTN *UserNameLen, - OUT CHAR16 *UserName - ); - -/** - Find the specified info in User profile by the InfoType. - - @param[in] User Handle of the user whose information will be searched. - @param[in] InfoType The user information type to find. - @param[out] UserInfo Points to user information handle found. - - @retval EFI_SUCCESS Find the user information successfully. - @retval Others Fail to find the user information. - -**/ -EFI_STATUS -FindInfoByType ( - IN EFI_USER_PROFILE_HANDLE User, - IN UINT8 InfoType, - OUT EFI_USER_INFO_HANDLE *UserInfo - ); - -/** - Convert the identity policy to a unicode string and update the Hii database - IpStringId string with it. - - @param[in] Ip Points to identity policy. - @param[in] IpLen The identity policy length. - @param[in] IpStringId String ID in the HII database to be replaced. - -**/ -VOID -ResolveIdentityPolicy ( - IN UINT8 *Ip, - IN UINTN IpLen, - IN EFI_STRING_ID IpStringId - ); - -/** - Expand access policy memory size. - - @param[in] ValidLen The valid access policy length. - @param[in] ExpandLen The length that is needed to expand. - -**/ -VOID -ExpandMemory ( - IN UINTN ValidLen, - IN UINTN ExpandLen - ); - -/** - Delete User's credental from all the providers that exist in User's identity policy. - - @param[in] IdentityPolicy Point to User's identity policy. - @param[in] IdentityPolicyLen The length of the identity policy. - @param[in] User Points to user profile. - -**/ -VOID -DeleteCredentialFromProviders ( - IN UINT8 *IdentityPolicy, - IN UINTN IdentityPolicyLen, - IN EFI_USER_PROFILE_HANDLE User - ); - -#endif diff --git a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager.uni b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager.uni deleted file mode 100644 index e4a768e00a..0000000000 --- a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager.uni +++ /dev/null @@ -1,22 +0,0 @@ -// /** @file -// A UI tool to manage user profiles -// -// By this module, user can add/update/delete user profiles, and can also -// modify the user access policy and the user identification policy. -// -// Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR> -// -// This program and the accompanying materials -// are licensed and made available under the terms and conditions of the BSD License -// which accompanies this distribution. The full text of the license may be found at -// http://opensource.org/licenses/bsd-license.php -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -// -// **/ - - -#string STR_MODULE_ABSTRACT #language en-US "A UI tool to manage user profiles" - -#string STR_MODULE_DESCRIPTION #language en-US "By this module, user can add/update/delete user profiles, and can also modify the user access policy and the user identification policy." - diff --git a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerData.h b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerData.h deleted file mode 100644 index a83caac9ba..0000000000 --- a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerData.h +++ /dev/null @@ -1,158 +0,0 @@ -/** @file - The form data for user profile manager driver. - -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> -This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#ifndef __USER_PROFILE_MANAGER_DATA_H__ -#define __USER_PROFILE_MANAGER_DATA_H__ - -#include <Guid/UserProfileManagerHii.h> - -// -// Form ID -// -#define FORMID_USER_MANAGE 0x0001 -#define FORMID_MODIFY_USER 0x0002 -#define FORMID_DEL_USER 0x0003 -#define FORMID_USER_INFO 0x0004 -#define FORMID_MODIFY_IP 0x0005 -#define FORMID_MODIFY_AP 0x0006 -#define FORMID_LOAD_DP 0x0007 -#define FORMID_CONNECT_DP 0x0008 -#define FORMID_PERMIT_LOAD_DP 0x0009 -#define FORMID_FORBID_LOAD_DP 0x000A -#define FORMID_PERMIT_CONNECT_DP 0x000B -#define FORMID_FORBID_CONNECT_DP 0x000C - -// -// Label ID -// -#define LABEL_USER_MANAGE_FUNC 0x0010 -#define LABEL_USER_DEL_FUNC 0x0020 -#define LABEL_USER_MOD_FUNC 0x0030 -#define LABEL_USER_INFO_FUNC 0x0040 -#define LABEL_IP_MOD_FUNC 0x0050 -#define LABEL_AP_MOD_FUNC 0x0060 -#define LABEL_PERMIT_LOAD_FUNC 0x0070 -#define LABLE_FORBID_LOAD_FUNC 0x0080 -#define LABEL_END 0x00F0 - -// -// First form key (Add/modify/del user profile). -// First 2 bits (bit 16~15). -// -#define KEY_MODIFY_USER 0x4000 -#define KEY_DEL_USER 0x8000 -#define KEY_ADD_USER 0xC000 -#define KEY_FIRST_FORM_MASK 0xC000 - -// -// Second form key (Display new form /Select user / modify device path in access policy). -// Next 2 bits (bit 14~13). -// -#define KEY_ENTER_NEXT_FORM 0x0000 -#define KEY_SELECT_USER 0x1000 -#define KEY_MODIFY_AP_DP 0x2000 -#define KEY_OPEN_CLOSE_FORM_ACTION 0x3000 -#define KEY_SECOND_FORM_MASK 0x3000 - -// -// User profile information form key. -// Next 3 bits (bit 12~10). -// -#define KEY_MODIFY_NAME 0x0200 -#define KEY_MODIFY_IP 0x0400 -#define KEY_MODIFY_AP 0x0600 -#define KEY_MODIFY_INFO_MASK 0x0E00 - -// -// Specified key, used in VFR (KEY_MODIFY_USER | KEY_SELECT_USER | KEY_MODIFY_NAME). -// -#define KEY_MODIFY_USER_NAME 0x5200 - -// -// Modify identity policy form key. -// Next 3 bits (bit 9~7). -// -#define KEY_MODIFY_PROV 0x0040 -#define KEY_MODIFY_MTYPE 0x0080 -#define KEY_MODIFY_CONN 0x00C0 -#define KEY_ADD_IP_OP 0x0100 -#define KEY_IP_RETURN_UIF 0x0140 -#define KEY_MODIFY_IP_MASK 0x01C0 - -// -// Specified key. -// -#define KEY_ADD_LOGICAL_OP 0x5500 -#define KEY_IP_RETURN 0x5540 - -// -// Modify access policy form key. -// Next 3 bits (bit 9~7). -// -#define KEY_MODIFY_RIGHT 0x0040 -#define KEY_MODIFY_SETUP 0x0080 -#define KEY_MODIFY_BOOT 0x00C0 -#define KEY_MODIFY_LOAD 0x0100 -#define KEY_MODIFY_CONNECT 0x0140 -#define KEY_AP_RETURN_UIF 0x0180 -#define KEY_MODIFY_AP_MASK 0x01C0 - -// -// Specified key. -// -#define KEY_LOAD_DP 0x5700 -#define KEY_CONN_DP 0x5740 -#define KEY_AP_RETURN 0x5780 - -// -// Device path form key. -// Next 2 bits (bit 6~5). -// -#define KEY_PERMIT_MODIFY 0x0010 -#define KEY_FORBID_MODIFY 0x0020 -#define KEY_DISPLAY_DP_MASK 0x0030 - -// -// Specified key. -// -#define KEY_LOAD_PERMIT 0x5710 -#define KEY_LOAD_FORBID 0x5720 -#define KEY_CONNECT_PERMIT 0x5750 -#define KEY_CONNECT_FORBID 0x5760 - -// -// Device path modify key. -// 2 bits (bit 12~11). -// -#define KEY_LOAD_PERMIT_MODIFY 0x0000 -#define KEY_LOAD_FORBID_MODIFY 0x0400 -#define KEY_CONNECT_PERMIT_MODIFY 0x0800 -#define KEY_CONNECT_FORBID_MODIFY 0x0C00 -#define KEY_MODIFY_DP_MASK 0x0C00 - - -// -// The permissions usable when configuring the platform. -// -#define ACCESS_SETUP_RESTRICTED 1 -#define ACCESS_SETUP_NORMAL 2 -#define ACCESS_SETUP_ADMIN 3 - -// -// Question ID for the question used in each form (KEY_OPEN_CLOSE_FORM_ACTION | FORMID_FORM_USER_MANAGE) -// This ID is used in FORM OPEN/CLOSE CallBack action. -// -#define QUESTIONID_USER_MANAGE 0x3001 - -#endif diff --git a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerDxe.inf b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerDxe.inf deleted file mode 100644 index cdd97731b2..0000000000 --- a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerDxe.inf +++ /dev/null @@ -1,72 +0,0 @@ -## @file -# A UI tool to manage user profiles -# -# By this module, user can add/update/delete user profiles, and can also -# modify the user access policy and the user identification policy. -# -# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> -# This program and the accompanying materials -# are licensed and made available under the terms and conditions of the BSD License -# which accompanies this distribution. The full text of the license may be found at -# http://opensource.org/licenses/bsd-license.php -# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -# -## - -[Defines] - INF_VERSION = 0x00010005 - BASE_NAME = UserProfileManager - MODULE_UNI_FILE = UserProfileManager.uni - FILE_GUID = E38CB52D-A74D-45db-A8D0-290C9B21BBF2 - MODULE_TYPE = DXE_DRIVER - VERSION_STRING = 1.0 - ENTRY_POINT = UserProfileManagerInit - -[Sources] - UserProfileManager.c - UserProfileManager.h - UserProfileAdd.c - UserProfileDelete.c - UserProfileModify.c - ModifyIdentityPolicy.c - ModifyAccessPolicy.c - UserProfileManagerData.h - UserProfileManagerStrings.uni - UserProfileManagerVfr.Vfr - -[Packages] - MdePkg/MdePkg.dec - MdeModulePkg/MdeModulePkg.dec - SecurityPkg/SecurityPkg.dec - -[LibraryClasses] - UefiRuntimeServicesTableLib - UefiBootServicesTableLib - UefiDriverEntryPoint - MemoryAllocationLib - BaseMemoryLib - DebugLib - HiiLib - UefiLib - DevicePathLib - -[Guids] - gEfiIfrTianoGuid ## SOMETIMES_CONSUMES ## GUID - gEfiUserInfoAccessSetupAdminGuid ## SOMETIMES_CONSUMES ## GUID - gEfiUserInfoAccessSetupNormalGuid ## SOMETIMES_CONSUMES ## GUID - gEfiUserInfoAccessSetupRestrictedGuid ## SOMETIMES_CONSUMES ## GUID - gUserProfileManagerGuid ## CONSUMES ## HII - -[Protocols] - gEfiDevicePathProtocolGuid ## PRODUCES - gEfiHiiConfigAccessProtocolGuid ## PRODUCES - gEfiUserCredential2ProtocolGuid ## SOMETIMES_CONSUMES - gEfiUserManagerProtocolGuid ## CONSUMES - -[Depex] - gEfiUserManagerProtocolGuid - -[UserExtensions.TianoCore."ExtraFiles"] - UserProfileManagerExtra.uni - diff --git a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerExtra.uni b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerExtra.uni deleted file mode 100644 index bf7ac7dc04..0000000000 --- a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerExtra.uni +++ /dev/null @@ -1,19 +0,0 @@ -// /** @file -// UserProfileManager Localized Strings and Content -// -// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> -// -// This program and the accompanying materials -// are licensed and made available under the terms and conditions of the BSD License -// which accompanies this distribution. The full text of the license may be found at -// http://opensource.org/licenses/bsd-license.php -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -// -// **/ - -#string STR_PROPERTIES_MODULE_NAME -#language en-US -"User Profile Manager" - - diff --git a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerStrings.uni b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerStrings.uni deleted file mode 100644 index 3a003a9883..0000000000 --- a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerStrings.uni +++ /dev/null @@ -1,158 +0,0 @@ -/** @file - String definitions for User Profile Manager driver. - -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> -This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#langdef en-US "English" -#langdef fr-FR "Français" - -#string STR_NULL_STRING #language en-US "" - #language fr-FR "" -#string STR_FORMSET_TITLE #language en-US "User Manager" - #language fr-FR "User Manager(French)" -#string STR_TITLE_HELP #language en-US "This selection will take you to the User Manager" - #language fr-FR "This selection will take you to the User Manager(French)" -#string STR_USERMAN_TITLE #language en-US "User Manager" - #language fr-FR "User Manager(French)" -#string STR_ADD_USER_TITLE #language en-US "Add User Profile" - #language fr-FR "Add User Profile(French)" -#string STR_ADD_USER_HELP #language en-US "Add User Profile to User Database" - #language fr-FR "Add User Profile to User Database(French)" -#string STR_MODIFY_USER_TITLE #language en-US "Modify User Profile" - #language fr-FR "Modify User Profile(French)" -#string STR_MODIFY_USER_HELP #language en-US "Modify User Profile Information" - #language fr-FR "Modify User Profile Information(French)" -#string STR_DELETE_USER_TITLE #language en-US "Delete User Profile" - #language fr-FR "Delete User Profile(French)" -#string STR_DELETE_USER_HELP #language en-US "Delete User Profile from User Database" - #language fr-FR "Delete User Profile from User Database(French)" -#string STR_USER_INFO #language en-US "User Profile Information" - #language fr-FR "User Profile Information(French)" -#string STR_USER_NAME #language en-US "User Name" - #language fr-FR "User Name(French)" -#string STR_USER_NAME_VAL #language en-US "" - #language fr-FR "" -#string STR_CREATE_DATE #language en-US "Create Date" - #language fr-FR "Create Date(French)" -#string STR_CREATE_DATE_VAL #language en-US "" - #language fr-FR "" -#string STR_USAGE_DATE #language en-US "Usage Date" - #language fr-FR "Usage Date(French)" -#string STR_USAGE_DATE_VAL #language en-US "" - #language fr-FR "" -#string STR_USAGE_COUNT #language en-US "Usage Count" - #language fr-FR "Usage Count(French)" -#string STR_USAGE_COUNT_VAL #language en-US "" - #language fr-FR "" -#string STR_IDENTIFY_POLICY #language en-US "Identify Policy" - #language fr-FR "Identify Policy(French)" -#string STR_IDENTIFY_POLICY_VAL #language en-US "" - #language fr-FR "" -#string STR_ACCESS_POLICY #language en-US "Access Policy" - #language fr-FR "Access Policy(French)" -#string STR_SAVE #language en-US "Save & Exit" - #language fr-FR "Save & Exit(French)" -#string STR_IDENTIFY_SAVE_HELP #language en-US "Save Identify Policy and Exit" - #language fr-FR "Save Identify Policy and Exit(French)" -#string STR_PROVIDER #language en-US "Credential Provider" - #language fr-FR "Credential Provider(French)" -#string STR_PROVIDER_HELP #language en-US "Select Credential Provider Option" - #language fr-FR "Select Credential Provider Option(French)" -#string STR_OR_CON #language en-US "Or" - #language fr-FR "Or(French)" -#string STR_AND_CON #language en-US "And" - #language fr-FR "And(French)" -#string STR_CONNECTOR #language en-US "Logical Connector" - #language fr-FR "Logical Connector(French)" -#string STR_CONNECTOR_HELP #language en-US "Select Logical Connector Option" - #language fr-FR "Select Logical Connector Option(French)" -#string STR_IDENTIFY_POLICY_VALUE #language en-US "" - #language fr-FR "" -#string STR_IDENTIFY_POLICY_HELP #language en-US "Current Identify Policy" - #language fr-FR "Current Identify Policy(French)" -#string STR_ADD_OPTION #language en-US "Add Option" - #language fr-FR "Add Option(French)" -#string STR_ADD_OPTION_HELP #language en-US "Add This Option to Identify Policy" - #language fr-FR "Add This Option to Identify Policy(French)" -#string STR_ACCESS_SAVE_HELP #language en-US "Save Access Policy and Exit" - #language fr-FR "Save Access Policy and Exit(French)" -#string STR_ACCESS_RIGHT #language en-US "Access Right" - #language fr-FR "Access Right(French)" -#string STR_ACCESS_RIGHT_HELP #language en-US "Select Access Right Option" - #language fr-FR "Select Access Right Option(French)" -#string STR_NORMAL #language en-US "Normal" - #language fr-FR "Normal(French)" -#string STR_ENROLL #language en-US "Enroll" - #language fr-FR "Enroll(French)" -#string STR_MANAGE #language en-US "Manage" - #language fr-FR "Manage(French)" -#string STR_ACCESS_SETUP #language en-US "Access Setup" - #language fr-FR "Access Setup(French)" -#string STR_ACCESS_SETUP_HELP #language en-US "Select Access Setup Option" - #language fr-FR "Selelct Access Setup Option(French)" -#string STR_RESTRICTED #language en-US "Restricted" - #language fr-FR "Restricted(French)" -#string STR_ADMIN #language en-US "Admin" - #language fr-FR "Admin(French)" -#string STR_BOOR_ORDER #language en-US "Access Boot Order" - #language fr-FR "Access Boot Order(French)" -#string STR_BOOT_ORDER_HELP #language en-US "Select Access Boot Order Option" - #language fr-FR "Select Access Boot Order Option(French)" -#string STR_INSERT #language en-US "Insert" - #language fr-FR "Insert(French)" -#string STR_APPEND #language en-US "Append" - #language fr-FR "Append(French)" -#string STR_REPLACE #language en-US "Replace" - #language fr-FR "Replace(French)" -#string STR_NODEFAULT #language en-US "Nodefault" - #language fr-FR "Nodefault(French)" -#string STR_LOAD #language en-US "Load Device Path" - #language fr-FR "Load Device Path(French)" -#string STR_LOAD_HELP #language en-US "Select Permit/Forbid Load Device Path" - #language fr-FR "Select Permit/Forbid Load Device Path(French)" -#string STR_CONNECT #language en-US "Connect Device Path" - #language fr-FR "Connect Device Path(French)" -#string STR_CONNECT_HELP #language en-US "Select Permit/Forbid Connect Device Path" - #language fr-FR "Select Permit/Forbid Connect Device Path(French)" -#string STR_LOAD_PERMIT #language en-US "Permit Load Device Path" - #language fr-FR "Permit Load Device Path(French)" -#string STR_LOAD_PERMIT_HELP #language en-US "Change Permit Load Device Path to Forbid" - #language fr-FR "Change Permit Load Device Path to Forbid(French)" -#string STR_LOAD_FORBID #language en-US "Forbid Load Device Path" - #language fr-FR "Forbid Load Device Path(French)" -#string STR_LOAD_FORBID_HELP #language en-US "Change Forbid Load Device Path to Permit" - #language fr-FR "Change Forbid Load Device Path to Permit(French)" -#string STR_CONNECT_PERMIT #language en-US "Permit Connect Device Path" - #language fr-FR "Permit Connect Device Path(French)" -#string STR_CONNECT_PERMIT_HELP #language en-US "Change Permit Connect Device Path to Forbid" - #language fr-FR "Change Permit Connect Device Path to Forbid(French)" -#string STR_CONNECT_FORBID #language en-US "Forbid Connect Device Path" - #language fr-FR "Forbid Connect Device Path(French)" -#string STR_CONNECT_FORBID_HELP #language en-US "Change Forbid Connect Device Path to Permit" - #language fr-FR "Change Forbid Connect Device Path to Permit(French)" -#string STR_PRESS_KEY_CONTINUE #language en-US "Press ENTER to Continue, Other Key to Cancel ..." - #language fr-FR "Press ENTER to Continue, Other Key to Cancel ...(French)" -#string STR_MOVE_TO_FORBID_LIST #language en-US "Are You Sure to Move It to Forbid List?" - #language fr-FR "Are You Sure to Move It to Forbid List?(French)" -#string STR_MOVE_TO_PERMIT_LIST #language en-US "Are You Sure to Move It to Permit List?" - #language fr-FR "Are You Sure to Move It to Permit List?(French)" -#string STR_STROKE_KEY_CONTINUE #language en-US "Please Press Any Key to Continue ..." - #language fr-FR "Please Press Any Key to Continue ... (French)" -#string STR_CREATE_PROFILE_FAILED #language en-US "Create New User Profile Failed!" - #language fr-FR "Create New User Profile Failed! (French)" -#string STR_CREATE_PROFILE_SUCCESS #language en-US "Create New User Profile Succeed!" - #language fr-FR "Create New User Profile Succeed! (French)" -#string STR_USER_ALREADY_EXISTED #language en-US "User Name Had Already Existed." - #language fr-FR "User Name Had Already Existed. (French)" -#string STR_GET_USERNAME_FAILED #language en-US "Failed To Get User Name." - #language fr-FR "Failed To Get User Name. (French)" - diff --git a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerVfr.Vfr b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerVfr.Vfr deleted file mode 100644 index 2cf3359f2a..0000000000 --- a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerVfr.Vfr +++ /dev/null @@ -1,244 +0,0 @@ -/** @file - User Profile Manager formset. - -Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR> -This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include "UserProfileManagerData.h" - -#define USER_MANAGER_CLASS 0x00 -#define USER_MANAGER_SUBCLASS 0x04 - -formset - guid = USER_PROFILE_MANAGER_GUID, - title = STRING_TOKEN(STR_FORMSET_TITLE), - help = STRING_TOKEN(STR_TITLE_HELP), - - // User manager form - form formid = FORMID_USER_MANAGE, - title = STRING_TOKEN(STR_USERMAN_TITLE); - - label LABEL_USER_MANAGE_FUNC; - label LABEL_END; - - suppressif TRUE; - text - help = STRING_TOKEN(STR_NULL_STRING), - text = STRING_TOKEN(STR_NULL_STRING), - flags = INTERACTIVE, - key = QUESTIONID_USER_MANAGE; - endif; - - endform; - - // Modify user profile form - form formid = FORMID_MODIFY_USER, - title = STRING_TOKEN(STR_MODIFY_USER_TITLE); - - label LABEL_USER_MOD_FUNC; - label LABEL_END; - - endform; - - // Delete user profile form - form formid = FORMID_DEL_USER, - title = STRING_TOKEN(STR_DELETE_USER_TITLE); - - label LABEL_USER_DEL_FUNC; - label LABEL_END; - - subtitle - text = STRING_TOKEN(STR_NULL_STRING); - endform; - - // - // User profile information form - // - form formid = FORMID_USER_INFO, - title = STRING_TOKEN(STR_USER_INFO); - - text - help = STRING_TOKEN(STR_USER_NAME_VAL), - text = STRING_TOKEN(STR_USER_NAME), - flags = INTERACTIVE, - key = KEY_MODIFY_USER_NAME; - - text - help = STRING_TOKEN(STR_CREATE_DATE_VAL), - text = STRING_TOKEN(STR_CREATE_DATE); - - text - help = STRING_TOKEN(STR_USAGE_DATE_VAL), - text = STRING_TOKEN(STR_USAGE_DATE); - - text - help = STRING_TOKEN(STR_USAGE_COUNT_VAL), - text = STRING_TOKEN(STR_USAGE_COUNT); - - label LABEL_USER_INFO_FUNC; - label LABEL_END; - - endform; - - // - // Identify policy modify form - // - form formid = FORMID_MODIFY_IP, - title = STRING_TOKEN(STR_IDENTIFY_POLICY); - - text - help = STRING_TOKEN(STR_IDENTIFY_POLICY_HELP), - text = STRING_TOKEN(STR_IDENTIFY_POLICY), - text = STRING_TOKEN(STR_IDENTIFY_POLICY_VALUE); - - label LABEL_IP_MOD_FUNC; - label LABEL_END; - - text - help = STRING_TOKEN(STR_ADD_OPTION_HELP), - text = STRING_TOKEN(STR_ADD_OPTION), - flags = INTERACTIVE, - key = KEY_ADD_LOGICAL_OP; - - subtitle - text = STRING_TOKEN(STR_NULL_STRING); - - text - help = STRING_TOKEN(STR_IDENTIFY_SAVE_HELP), - text = STRING_TOKEN(STR_SAVE), - flags = INTERACTIVE, - key = KEY_IP_RETURN; - - endform; - - // - // Access policy modify form - // - form formid = FORMID_MODIFY_AP, - title = STRING_TOKEN(STR_ACCESS_POLICY); - - label LABEL_AP_MOD_FUNC; - label LABEL_END; - - goto FORMID_LOAD_DP, - prompt = STRING_TOKEN(STR_LOAD), - help = STRING_TOKEN(STR_LOAD_HELP), - flags = INTERACTIVE, - key = KEY_LOAD_DP; - - goto FORMID_CONNECT_DP, - prompt = STRING_TOKEN(STR_CONNECT), - help = STRING_TOKEN(STR_CONNECT_HELP), - flags = INTERACTIVE, - key = KEY_CONN_DP; - - subtitle - text = STRING_TOKEN(STR_NULL_STRING); - - text - help = STRING_TOKEN(STR_ACCESS_SAVE_HELP), - text = STRING_TOKEN(STR_SAVE), - flags = INTERACTIVE, - key = KEY_AP_RETURN; - - endform; - - // - // Load device path form - // - form formid = FORMID_LOAD_DP, - title = STRING_TOKEN(STR_LOAD); - - goto FORMID_PERMIT_LOAD_DP, - prompt = STRING_TOKEN(STR_LOAD_PERMIT), - help = STRING_TOKEN(STR_LOAD_PERMIT_HELP), - flags = INTERACTIVE, - key = KEY_LOAD_PERMIT; - - goto FORMID_FORBID_LOAD_DP, - prompt = STRING_TOKEN(STR_LOAD_FORBID), - help = STRING_TOKEN(STR_LOAD_FORBID_HELP), - flags = INTERACTIVE, - key = KEY_LOAD_FORBID; - - endform; - - // - // Permit load device path form - // - form formid = FORMID_PERMIT_LOAD_DP, - title = STRING_TOKEN(STR_LOAD_PERMIT); - - label LABEL_PERMIT_LOAD_FUNC; - label LABEL_END; - - subtitle - text = STRING_TOKEN(STR_NULL_STRING); - - endform; - - // - // Forbid load device path form - // - form formid = FORMID_FORBID_LOAD_DP, - title = STRING_TOKEN(STR_LOAD_FORBID); - - label LABLE_FORBID_LOAD_FUNC; - label LABEL_END; - - subtitle - text = STRING_TOKEN(STR_NULL_STRING); - - endform; - - // - // Connect device path form - // - form formid = FORMID_CONNECT_DP, - title = STRING_TOKEN(STR_CONNECT); - - goto FORMID_PERMIT_CONNECT_DP, - prompt = STRING_TOKEN(STR_CONNECT_PERMIT), - help = STRING_TOKEN(STR_CONNECT_PERMIT_HELP), - flags = INTERACTIVE, - key = KEY_CONNECT_PERMIT; - - goto FORMID_FORBID_CONNECT_DP, - prompt = STRING_TOKEN(STR_CONNECT_FORBID), - help = STRING_TOKEN(STR_CONNECT_FORBID_HELP), - flags = INTERACTIVE, - key = KEY_CONNECT_FORBID; - - endform; - - // - // Permit connect device path form - // - form formid = FORMID_PERMIT_CONNECT_DP, - title = STRING_TOKEN(STR_CONNECT_PERMIT); - - subtitle - text = STRING_TOKEN(STR_NULL_STRING); - - endform; - - // - // Forbid connect device path form - // - form formid = FORMID_FORBID_CONNECT_DP, - title = STRING_TOKEN(STR_CONNECT_FORBID); - - subtitle - text = STRING_TOKEN(STR_NULL_STRING); - - endform; - -endformset; diff --git a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModify.c b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModify.c deleted file mode 100644 index d165e5ae9b..0000000000 --- a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModify.c +++ /dev/null @@ -1,1475 +0,0 @@ -/** @file - The functions to modify a user profile. - -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> -This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include "UserProfileManager.h" - -EFI_USER_PROFILE_HANDLE mModifyUser = NULL; - -/** - Display user select form, cab select a user to modify. - -**/ -VOID -SelectUserToModify ( - VOID - ) -{ - EFI_STATUS Status; - UINT8 Index; - EFI_USER_PROFILE_HANDLE User; - EFI_USER_PROFILE_HANDLE CurrentUser; - UINT32 CurrentAccessRight; - VOID *StartOpCodeHandle; - VOID *EndOpCodeHandle; - EFI_IFR_GUID_LABEL *StartLabel; - EFI_IFR_GUID_LABEL *EndLabel; - - // - // Initialize the container for dynamic opcodes. - // - StartOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (StartOpCodeHandle != NULL); - - EndOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (EndOpCodeHandle != NULL); - - // - // Create Hii Extend Label OpCode. - // - StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( - StartOpCodeHandle, - &gEfiIfrTianoGuid, - NULL, - sizeof (EFI_IFR_GUID_LABEL) - ); - StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - StartLabel->Number = LABEL_USER_MOD_FUNC; - - EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( - EndOpCodeHandle, - &gEfiIfrTianoGuid, - NULL, - sizeof (EFI_IFR_GUID_LABEL) - ); - EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - EndLabel->Number = LABEL_END; - - // - // Add each user can be modified. - // - User = NULL; - Index = 1; - mUserManager->Current (mUserManager, &CurrentUser); - while (TRUE) { - Status = mUserManager->GetNext (mUserManager, &User); - if (EFI_ERROR (Status)) { - break; - } - - Status = GetAccessRight (&CurrentAccessRight); - if (EFI_ERROR (Status)) { - CurrentAccessRight = EFI_USER_INFO_ACCESS_ENROLL_SELF; - } - - if ((CurrentAccessRight == EFI_USER_INFO_ACCESS_MANAGE) || (User == CurrentUser)) { - AddUserToForm (User, (UINT16)(KEY_MODIFY_USER | KEY_SELECT_USER | Index), StartOpCodeHandle); - } - Index++; - } - - HiiUpdateForm ( - mCallbackInfo->HiiHandle, // HII handle - &gUserProfileManagerGuid, // Formset GUID - FORMID_MODIFY_USER, // Form ID - StartOpCodeHandle, // Label for where to insert opcodes - EndOpCodeHandle // Replace data - ); - - HiiFreeOpCodeHandle (StartOpCodeHandle); - HiiFreeOpCodeHandle (EndOpCodeHandle); -} - - -/** - Get all the user info from mModifyUser in the user manager, and save on the - global variable. - -**/ -VOID -GetAllUserInfo ( - VOID - ) -{ - EFI_STATUS Status; - EFI_USER_INFO_HANDLE UserInfo; - EFI_USER_INFO *Info; - UINTN InfoSize; - UINTN MemSize; - UINTN DataLen; - - // - // Init variable to default value. - // - mProviderChoice = 0; - mConncetLogical = 0; - - mUserInfo.CreateDateExist = FALSE; - mUserInfo.UsageDateExist = FALSE; - mUserInfo.UsageCount = 0; - - mUserInfo.AccessPolicyLen = 0; - mUserInfo.AccessPolicyModified = FALSE; - if (mUserInfo.AccessPolicy != NULL) { - FreePool (mUserInfo.AccessPolicy); - mUserInfo.AccessPolicy = NULL; - } - mUserInfo.IdentityPolicyLen = 0; - mUserInfo.IdentityPolicyModified = FALSE; - if (mUserInfo.IdentityPolicy != NULL) { - FreePool (mUserInfo.IdentityPolicy); - mUserInfo.IdentityPolicy = NULL; - } - - // - // Allocate user information memory. - // - MemSize = sizeof (EFI_USER_INFO) + 63; - Info = AllocateZeroPool (MemSize); - if (Info == NULL) { - return ; - } - - // - // Get each user information. - // - UserInfo = NULL; - while (TRUE) { - Status = mUserManager->GetNextInfo (mUserManager, mModifyUser, &UserInfo); - if (EFI_ERROR (Status)) { - break; - } - // - // Get information. - // - InfoSize = MemSize; - Status = mUserManager->GetInfo ( - mUserManager, - mModifyUser, - UserInfo, - Info, - &InfoSize - ); - if (Status == EFI_BUFFER_TOO_SMALL) { - MemSize = InfoSize; - FreePool (Info); - Info = AllocateZeroPool (MemSize); - if (Info == NULL) { - return ; - } - - Status = mUserManager->GetInfo ( - mUserManager, - mModifyUser, - UserInfo, - Info, - &InfoSize - ); - } - - if (Status == EFI_SUCCESS) { - // - // Deal with each information according to informaiton type. - // - DataLen = Info->InfoSize - sizeof (EFI_USER_INFO); - switch (Info->InfoType) { - case EFI_USER_INFO_NAME_RECORD: - CopyMem (&mUserInfo.UserName, (UINT8 *) (Info + 1), DataLen); - break; - - case EFI_USER_INFO_CREATE_DATE_RECORD: - CopyMem (&mUserInfo.CreateDate, (UINT8 *) (Info + 1), DataLen); - mUserInfo.CreateDateExist = TRUE; - break; - - case EFI_USER_INFO_USAGE_DATE_RECORD: - CopyMem (&mUserInfo.UsageDate, (UINT8 *) (Info + 1), DataLen); - mUserInfo.UsageDateExist = TRUE; - break; - - case EFI_USER_INFO_USAGE_COUNT_RECORD: - CopyMem (&mUserInfo.UsageCount, (UINT8 *) (Info + 1), DataLen); - break; - - case EFI_USER_INFO_ACCESS_POLICY_RECORD: - mUserInfo.AccessPolicy = AllocateZeroPool (DataLen); - if (mUserInfo.AccessPolicy == NULL) { - break; - } - - CopyMem (mUserInfo.AccessPolicy, (UINT8 *) (Info + 1), DataLen); - mUserInfo.AccessPolicyLen = DataLen; - break; - - case EFI_USER_INFO_IDENTITY_POLICY_RECORD: - mUserInfo.IdentityPolicy = AllocateZeroPool (DataLen); - if (mUserInfo.IdentityPolicy == NULL) { - break; - } - - CopyMem (mUserInfo.IdentityPolicy, (UINT8 *) (Info + 1), DataLen); - mUserInfo.IdentityPolicyLen = DataLen; - break; - - default: - break; - } - } - } - FreePool (Info); -} - - -/** - Convert the Date to a string, and update the Hii database DateID string with it. - - @param[in] Date Points to the date to be converted. - @param[in] DateId String ID in the HII database to be replaced. - -**/ -VOID -ResolveDate ( - IN EFI_TIME *Date, - IN EFI_STRING_ID DateId - ) -{ - CHAR16 *Str; - UINTN DateBufLen; - - // - // Convert date to string. - // - DateBufLen = 64; - Str = AllocateZeroPool (DateBufLen); - if (Str == NULL) { - return ; - } - - UnicodeSPrint ( - Str, - DateBufLen, - L"%4d-%2d-%2d ", - Date->Year, - Date->Month, - Date->Day - ); - - // - // Convert time to string. - // - DateBufLen -= StrLen (Str); - UnicodeSPrint ( - Str + StrLen (Str), - DateBufLen, - L"%2d:%2d:%2d", - Date->Hour, - Date->Minute, - Date->Second - ); - - HiiSetString (mCallbackInfo->HiiHandle, DateId, Str, NULL); - FreePool (Str); -} - - -/** - Convert the CountVal to a string, and update the Hii database CountId string - with it. - - @param[in] CountVal The hex value to convert. - @param[in] CountId String ID in the HII database to be replaced. - -**/ -VOID -ResolveCount ( - IN UINT32 CountVal, - IN EFI_STRING_ID CountId - ) -{ - CHAR16 Count[10]; - - UnicodeSPrint (Count, 20, L"%d", CountVal); - HiiSetString (mCallbackInfo->HiiHandle, CountId, Count, NULL); -} - - -/** - Concatenates one Null-terminated Unicode string to another Null-terminated - Unicode string. - - @param[in, out] Source1 On entry, point to a Null-terminated Unicode string. - On exit, point to a new concatenated Unicode string - @param[in] Source2 Pointer to a Null-terminated Unicode string. - -**/ -VOID -AddStr ( - IN OUT CHAR16 **Source1, - IN CONST CHAR16 *Source2 - ) -{ - CHAR16 *TmpStr; - UINTN StrLength; - - ASSERT (Source1 != NULL); - ASSERT (Source2 != NULL); - - if (*Source1 == NULL) { - StrLength = StrSize (Source2); - } else { - StrLength = StrSize (*Source1); - StrLength += StrSize (Source2) - 2; - } - - TmpStr = AllocateZeroPool (StrLength); - ASSERT (TmpStr != NULL); - - if (*Source1 == NULL) { - StrCpyS (TmpStr, StrLength / sizeof (CHAR16), Source2); - } else { - StrCpyS (TmpStr, StrLength / sizeof (CHAR16), *Source1); - FreePool (*Source1); - StrCatS (TmpStr, StrLength / sizeof (CHAR16),Source2); - } - - *Source1 = TmpStr; -} - - -/** - Convert the identity policy to a unicode string and update the Hii database - IpStringId string with it. - - @param[in] Ip Points to identity policy. - @param[in] IpLen The identity policy length. - @param[in] IpStringId String ID in the HII database to be replaced. - -**/ -VOID -ResolveIdentityPolicy ( - IN UINT8 *Ip, - IN UINTN IpLen, - IN EFI_STRING_ID IpStringId - ) -{ - CHAR16 *TmpStr; - UINTN ChkLen; - EFI_USER_INFO_IDENTITY_POLICY *Identity; - UINT16 Index; - CHAR16 *ProvStr; - EFI_STRING_ID ProvId; - EFI_HII_HANDLE HiiHandle; - EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential; - - TmpStr = NULL; - - // - // Resolve each policy. - // - ChkLen = 0; - while (ChkLen < IpLen) { - Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (Ip + ChkLen); - switch (Identity->Type) { - case EFI_USER_INFO_IDENTITY_FALSE: - AddStr (&TmpStr, L"False"); - break; - - case EFI_USER_INFO_IDENTITY_TRUE: - AddStr (&TmpStr, L"None"); - break; - - case EFI_USER_INFO_IDENTITY_NOT: - AddStr (&TmpStr, L"! "); - break; - - case EFI_USER_INFO_IDENTITY_AND: - AddStr (&TmpStr, L" && "); - break; - - case EFI_USER_INFO_IDENTITY_OR: - AddStr (&TmpStr, L" || "); - break; - - case EFI_USER_INFO_IDENTITY_CREDENTIAL_TYPE: - for (Index = 0; Index < mProviderInfo->Count; Index++) { - UserCredential = mProviderInfo->Provider[Index]; - if (CompareGuid ((EFI_GUID *) (Identity + 1), &UserCredential->Type)) { - UserCredential->Title ( - UserCredential, - &HiiHandle, - &ProvId - ); - ProvStr = HiiGetString (HiiHandle, ProvId, NULL); - if (ProvStr != NULL) { - AddStr (&TmpStr, ProvStr); - FreePool (ProvStr); - } - break; - } - } - break; - - case EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER: - for (Index = 0; Index < mProviderInfo->Count; Index++) { - UserCredential = mProviderInfo->Provider[Index]; - if (CompareGuid ((EFI_GUID *) (Identity + 1), &UserCredential->Identifier)) { - UserCredential->Title ( - UserCredential, - &HiiHandle, - &ProvId - ); - ProvStr = HiiGetString (HiiHandle, ProvId, NULL); - if (ProvStr != NULL) { - AddStr (&TmpStr, ProvStr); - FreePool (ProvStr); - } - break; - } - } - break; - } - - ChkLen += Identity->Length; - } - - if (TmpStr != NULL) { - HiiSetString (mCallbackInfo->HiiHandle, IpStringId, TmpStr, NULL); - FreePool (TmpStr); - } -} - - -/** - Display modify user information form. - - This form displays, username, create Date, usage date, usage count, identity policy, - and access policy. - - @param[in] UserIndex The index of the user in display list to modify. - -**/ -VOID -ModifyUserInfo ( - IN UINT8 UserIndex - ) -{ - EFI_STATUS Status; - EFI_USER_PROFILE_HANDLE CurrentUser; - UINT32 CurrentAccessRight; - VOID *StartOpCodeHandle; - VOID *EndOpCodeHandle; - EFI_IFR_GUID_LABEL *StartLabel; - EFI_IFR_GUID_LABEL *EndLabel; - - // - // Initialize the container for dynamic opcodes. - // - StartOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (StartOpCodeHandle != NULL); - - EndOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (EndOpCodeHandle != NULL); - - // - // Create Hii Extend Label OpCode. - // - StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( - StartOpCodeHandle, - &gEfiIfrTianoGuid, - NULL, - sizeof (EFI_IFR_GUID_LABEL) - ); - StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - StartLabel->Number = LABEL_USER_INFO_FUNC; - - EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( - EndOpCodeHandle, - &gEfiIfrTianoGuid, - NULL, - sizeof (EFI_IFR_GUID_LABEL) - ); - EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - EndLabel->Number = LABEL_END; - - // - // Find the user profile to be modified. - // - mModifyUser = NULL; - Status = mUserManager->GetNext (mUserManager, &mModifyUser); - if (EFI_ERROR (Status)) { - return ; - } - - while (UserIndex > 1) { - Status = mUserManager->GetNext (mUserManager, &mModifyUser); - if (EFI_ERROR (Status)) { - return ; - } - UserIndex--; - } - - // - // Get user profile information. - // - GetAllUserInfo (); - - // - // Update user name. - HiiSetString ( - mCallbackInfo->HiiHandle, - STRING_TOKEN (STR_USER_NAME_VAL), - mUserInfo.UserName, - NULL - ); - - // - // Update create date. - // - if (mUserInfo.CreateDateExist) { - ResolveDate (&mUserInfo.CreateDate, STRING_TOKEN (STR_CREATE_DATE_VAL)); - } else { - HiiSetString ( - mCallbackInfo->HiiHandle, - STRING_TOKEN (STR_CREATE_DATE_VAL), - L"", - NULL - ); - } - - // - // Add usage date. - // - if (mUserInfo.UsageDateExist) { - ResolveDate (&mUserInfo.UsageDate, STRING_TOKEN (STR_USAGE_DATE_VAL)); - } else { - HiiSetString ( - mCallbackInfo->HiiHandle, - STRING_TOKEN (STR_USAGE_DATE_VAL), - L"", - NULL - ); - } - - // - // Add usage count. - // - ResolveCount ((UINT32) mUserInfo.UsageCount, STRING_TOKEN (STR_USAGE_COUNT_VAL)); - - // - // Add identity policy. - // - mUserManager->Current (mUserManager, &CurrentUser); - if (mModifyUser == CurrentUser) { - ResolveIdentityPolicy ( - mUserInfo.IdentityPolicy, - mUserInfo.IdentityPolicyLen, - STRING_TOKEN (STR_IDENTIFY_POLICY_VAL) - ); - HiiCreateGotoOpCode ( - StartOpCodeHandle, // Container for opcodes - FORMID_MODIFY_IP, // Target Form ID - STRING_TOKEN (STR_IDENTIFY_POLICY), // Prompt text - STRING_TOKEN (STR_IDENTIFY_POLICY_VAL), // Help text - EFI_IFR_FLAG_CALLBACK, // Question flag - KEY_MODIFY_USER | KEY_SELECT_USER | KEY_MODIFY_IP // Question ID - ); - } - - // - // Add access policy. - // - Status = GetAccessRight (&CurrentAccessRight); - if (EFI_ERROR (Status)) { - CurrentAccessRight = EFI_USER_INFO_ACCESS_ENROLL_SELF; - } - - if (CurrentAccessRight == EFI_USER_INFO_ACCESS_MANAGE) { - HiiCreateGotoOpCode ( - StartOpCodeHandle, // Container for opcodes - FORMID_MODIFY_AP, // Target Form ID - STRING_TOKEN (STR_ACCESS_POLICY), // Prompt text - STRING_TOKEN (STR_NULL_STRING), // Help text - EFI_IFR_FLAG_CALLBACK, // Question flag - KEY_MODIFY_USER | KEY_SELECT_USER | KEY_MODIFY_AP // Question ID - ); - } - - HiiUpdateForm ( - mCallbackInfo->HiiHandle, // HII handle - &gUserProfileManagerGuid, // Formset GUID - FORMID_USER_INFO, // Form ID - StartOpCodeHandle, // Label - EndOpCodeHandle // Replace data - ); - - HiiFreeOpCodeHandle (StartOpCodeHandle); - HiiFreeOpCodeHandle (EndOpCodeHandle); -} - - -/** - Get all the access policy info from current user info, and save in the global - variable. - -**/ -VOID -ResolveAccessPolicy ( - VOID - ) -{ - UINTN OffSet; - EFI_USER_INFO_ACCESS_CONTROL Control; - UINTN ValLen; - UINT8 *AccessData; - - // - // Set default value - // - mAccessInfo.AccessRight = EFI_USER_INFO_ACCESS_ENROLL_SELF; - mAccessInfo.AccessSetup = ACCESS_SETUP_RESTRICTED; - mAccessInfo.AccessBootOrder = EFI_USER_INFO_ACCESS_BOOT_ORDER_INSERT; - - mAccessInfo.LoadPermitLen = 0; - mAccessInfo.LoadForbidLen = 0; - mAccessInfo.ConnectPermitLen = 0; - mAccessInfo.ConnectForbidLen = 0; - - // - // Get each user access policy. - // - OffSet = 0; - while (OffSet < mUserInfo.AccessPolicyLen) { - CopyMem (&Control, mUserInfo.AccessPolicy + OffSet, sizeof (Control)); - ValLen = Control.Size - sizeof (Control); - switch (Control.Type) { - case EFI_USER_INFO_ACCESS_ENROLL_SELF: - mAccessInfo.AccessRight = EFI_USER_INFO_ACCESS_ENROLL_SELF; - break; - - case EFI_USER_INFO_ACCESS_ENROLL_OTHERS: - mAccessInfo.AccessRight = EFI_USER_INFO_ACCESS_ENROLL_OTHERS; - break; - - case EFI_USER_INFO_ACCESS_MANAGE: - mAccessInfo.AccessRight = EFI_USER_INFO_ACCESS_MANAGE; - break; - - case EFI_USER_INFO_ACCESS_SETUP: - AccessData = mUserInfo.AccessPolicy + OffSet + sizeof (Control); - if (CompareGuid ((EFI_GUID *) AccessData, &gEfiUserInfoAccessSetupNormalGuid)) { - mAccessInfo.AccessSetup = ACCESS_SETUP_NORMAL; - } else if (CompareGuid ((EFI_GUID *) AccessData, &gEfiUserInfoAccessSetupRestrictedGuid)) { - mAccessInfo.AccessSetup = ACCESS_SETUP_RESTRICTED; - } else if (CompareGuid ((EFI_GUID *) AccessData, &gEfiUserInfoAccessSetupAdminGuid)) { - mAccessInfo.AccessSetup = ACCESS_SETUP_ADMIN; - } - break; - - case EFI_USER_INFO_ACCESS_BOOT_ORDER: - AccessData = mUserInfo.AccessPolicy + OffSet + sizeof (Control); - CopyMem (&mAccessInfo.AccessBootOrder, AccessData, sizeof (UINT32)); - break; - - case EFI_USER_INFO_ACCESS_FORBID_LOAD: - if (mAccessInfo.LoadForbid != NULL) { - FreePool (mAccessInfo.LoadForbid); - } - - mAccessInfo.LoadForbid = AllocateZeroPool (ValLen); - if (mAccessInfo.LoadForbid != NULL) { - AccessData = mUserInfo.AccessPolicy + OffSet + sizeof (Control); - CopyMem (mAccessInfo.LoadForbid, AccessData, ValLen); - mAccessInfo.LoadForbidLen = ValLen; - } - break; - - case EFI_USER_INFO_ACCESS_PERMIT_LOAD: - if (mAccessInfo.LoadPermit != NULL) { - FreePool (mAccessInfo.LoadPermit); - } - - mAccessInfo.LoadPermit = AllocateZeroPool (ValLen); - if (mAccessInfo.LoadPermit != NULL) { - AccessData = mUserInfo.AccessPolicy + OffSet + sizeof (Control); - CopyMem (mAccessInfo.LoadPermit, AccessData, ValLen); - mAccessInfo.LoadPermitLen = ValLen; - } - break; - - case EFI_USER_INFO_ACCESS_FORBID_CONNECT: - if (mAccessInfo.ConnectForbid != NULL) { - FreePool (mAccessInfo.ConnectForbid); - } - - mAccessInfo.ConnectForbid = AllocateZeroPool (ValLen); - if (mAccessInfo.ConnectForbid != NULL) { - AccessData = mUserInfo.AccessPolicy + OffSet + sizeof (Control); - CopyMem (mAccessInfo.ConnectForbid, AccessData, ValLen); - mAccessInfo.ConnectForbidLen = ValLen; - } - break; - - case EFI_USER_INFO_ACCESS_PERMIT_CONNECT: - if (mAccessInfo.ConnectPermit != NULL) { - FreePool (mAccessInfo.ConnectPermit); - } - - mAccessInfo.ConnectPermit = AllocateZeroPool (ValLen); - if (mAccessInfo.ConnectPermit != NULL) { - AccessData = mUserInfo.AccessPolicy + OffSet + sizeof (Control); - CopyMem (mAccessInfo.ConnectPermit, AccessData, ValLen); - mAccessInfo.ConnectPermitLen = ValLen; - } - break; - } - - OffSet += Control.Size; - } -} - - -/** - Find the specified info in User profile by the InfoType. - - @param[in] User Handle of the user whose information will be searched. - @param[in] InfoType The user information type to find. - @param[out] UserInfo Points to user information handle found. - - @retval EFI_SUCCESS Find the user information successfully. - @retval Others Fail to find the user information. - -**/ -EFI_STATUS -FindInfoByType ( - IN EFI_USER_PROFILE_HANDLE User, - IN UINT8 InfoType, - OUT EFI_USER_INFO_HANDLE *UserInfo - ) -{ - EFI_STATUS Status; - EFI_USER_INFO *Info; - UINTN InfoSize; - UINTN MemSize; - - if (UserInfo == NULL) { - return EFI_INVALID_PARAMETER; - } - - *UserInfo = NULL; - // - // Allocate user information memory. - // - MemSize = sizeof (EFI_USER_INFO) + 63; - Info = AllocateZeroPool (MemSize); - if (Info == NULL) { - return EFI_OUT_OF_RESOURCES; - } - - // - // Get each user information. - // - while (TRUE) { - Status = mUserManager->GetNextInfo (mUserManager, User, UserInfo); - if (EFI_ERROR (Status)) { - break; - } - // - // Get information. - // - InfoSize = MemSize; - Status = mUserManager->GetInfo ( - mUserManager, - User, - *UserInfo, - Info, - &InfoSize - ); - if (Status == EFI_BUFFER_TOO_SMALL) { - MemSize = InfoSize; - FreePool (Info); - Info = AllocateZeroPool (MemSize); - if (Info == NULL) { - return EFI_OUT_OF_RESOURCES; - } - Status = mUserManager->GetInfo ( - mUserManager, - User, - *UserInfo, - Info, - &InfoSize - ); - } - if (Status == EFI_SUCCESS) { - if (Info->InfoType == InfoType) { - break; - } - } - } - - FreePool (Info); - return Status; -} - - -/** - Display modify user access policy form. - - In this form, access right, access setup and access boot order are dynamically - added. Load devicepath and connect devicepath are displayed too. - -**/ -VOID -ModidyAccessPolicy ( - VOID - ) -{ - VOID *StartOpCodeHandle; - VOID *EndOpCodeHandle; - VOID *OptionsOpCodeHandle; - EFI_IFR_GUID_LABEL *StartLabel; - EFI_IFR_GUID_LABEL *EndLabel; - VOID *DefaultOpCodeHandle; - - // - // Initialize the container for dynamic opcodes. - // - StartOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (StartOpCodeHandle != NULL); - - EndOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (EndOpCodeHandle != NULL); - - // - // Create Hii Extend Label OpCode. - // - StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( - StartOpCodeHandle, - &gEfiIfrTianoGuid, - NULL, - sizeof (EFI_IFR_GUID_LABEL) - ); - StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - StartLabel->Number = LABEL_AP_MOD_FUNC; - - EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( - EndOpCodeHandle, - &gEfiIfrTianoGuid, - NULL, - sizeof (EFI_IFR_GUID_LABEL) - ); - EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - EndLabel->Number = LABEL_END; - - - // - // Resolve access policy information. - // - ResolveAccessPolicy (); - - // - // Add access right one-of-code. - // - OptionsOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (OptionsOpCodeHandle != NULL); - DefaultOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (DefaultOpCodeHandle != NULL); - - HiiCreateOneOfOptionOpCode ( - OptionsOpCodeHandle, - STRING_TOKEN (STR_NORMAL), - 0, - EFI_IFR_NUMERIC_SIZE_1, - EFI_USER_INFO_ACCESS_ENROLL_SELF - ); - - HiiCreateOneOfOptionOpCode ( - OptionsOpCodeHandle, - STRING_TOKEN (STR_ENROLL), - 0, - EFI_IFR_NUMERIC_SIZE_1, - EFI_USER_INFO_ACCESS_ENROLL_OTHERS - ); - - HiiCreateOneOfOptionOpCode ( - OptionsOpCodeHandle, - STRING_TOKEN (STR_MANAGE), - 0, - EFI_IFR_NUMERIC_SIZE_1, - EFI_USER_INFO_ACCESS_MANAGE - ); - - HiiCreateDefaultOpCode ( - DefaultOpCodeHandle, - EFI_HII_DEFAULT_CLASS_STANDARD, - EFI_IFR_NUMERIC_SIZE_1, - mAccessInfo.AccessRight - ); - - HiiCreateOneOfOpCode ( - StartOpCodeHandle, // Container for dynamic created opcodes - KEY_MODIFY_USER | KEY_SELECT_USER | KEY_MODIFY_AP | KEY_MODIFY_RIGHT, // Question ID - 0, // VarStore ID - 0, // Offset in Buffer Storage - STRING_TOKEN (STR_ACCESS_RIGHT), // Question prompt text - STRING_TOKEN (STR_ACCESS_RIGHT_HELP), // Question help text - EFI_IFR_FLAG_CALLBACK, // Question flag - EFI_IFR_NUMERIC_SIZE_1, // Data type of Question Value - OptionsOpCodeHandle, // Option Opcode list - DefaultOpCodeHandle // Default Opcode - ); - HiiFreeOpCodeHandle (DefaultOpCodeHandle); - HiiFreeOpCodeHandle (OptionsOpCodeHandle); - - - // - // Add setup type one-of-code. - // - OptionsOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (OptionsOpCodeHandle != NULL); - DefaultOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (DefaultOpCodeHandle != NULL); - - HiiCreateOneOfOptionOpCode ( - OptionsOpCodeHandle, - STRING_TOKEN (STR_RESTRICTED), - 0, - EFI_IFR_NUMERIC_SIZE_1, - ACCESS_SETUP_RESTRICTED - ); - - HiiCreateOneOfOptionOpCode ( - OptionsOpCodeHandle, - STRING_TOKEN (STR_NORMAL), - 0, - EFI_IFR_NUMERIC_SIZE_1, - ACCESS_SETUP_NORMAL - ); - - HiiCreateOneOfOptionOpCode ( - OptionsOpCodeHandle, - STRING_TOKEN (STR_ADMIN), - 0, - EFI_IFR_NUMERIC_SIZE_1, - ACCESS_SETUP_ADMIN - ); - - HiiCreateDefaultOpCode ( - DefaultOpCodeHandle, - EFI_HII_DEFAULT_CLASS_STANDARD, - EFI_IFR_NUMERIC_SIZE_1, - mAccessInfo.AccessSetup - ); - - HiiCreateOneOfOpCode ( - StartOpCodeHandle, // Container for dynamic created opcodes - KEY_MODIFY_USER | KEY_SELECT_USER | KEY_MODIFY_AP | KEY_MODIFY_SETUP, // Question ID - 0, // VarStore ID - 0, // Offset in Buffer Storage - STRING_TOKEN (STR_ACCESS_SETUP), // Question prompt text - STRING_TOKEN (STR_ACCESS_SETUP_HELP), // Question help text - EFI_IFR_FLAG_CALLBACK, // Question flag - EFI_IFR_NUMERIC_SIZE_1, // Data type of Question Value - OptionsOpCodeHandle, // Option Opcode list - DefaultOpCodeHandle // Default Opcode - ); - HiiFreeOpCodeHandle (DefaultOpCodeHandle); - HiiFreeOpCodeHandle (OptionsOpCodeHandle); - - // - // Add boot order one-of-code. - // - OptionsOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (OptionsOpCodeHandle != NULL); - DefaultOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (DefaultOpCodeHandle != NULL); - - HiiCreateOneOfOptionOpCode ( - OptionsOpCodeHandle, - STRING_TOKEN (STR_INSERT), - 0, - EFI_IFR_NUMERIC_SIZE_4, - EFI_USER_INFO_ACCESS_BOOT_ORDER_INSERT - ); - - HiiCreateOneOfOptionOpCode ( - OptionsOpCodeHandle, - STRING_TOKEN (STR_APPEND), - 0, - EFI_IFR_NUMERIC_SIZE_4, - EFI_USER_INFO_ACCESS_BOOT_ORDER_APPEND - ); - - HiiCreateOneOfOptionOpCode ( - OptionsOpCodeHandle, - STRING_TOKEN (STR_REPLACE), - 0, - EFI_IFR_NUMERIC_SIZE_4, - EFI_USER_INFO_ACCESS_BOOT_ORDER_REPLACE - ); - - HiiCreateOneOfOptionOpCode ( - OptionsOpCodeHandle, - STRING_TOKEN (STR_NODEFAULT), - 0, - EFI_IFR_NUMERIC_SIZE_4, - EFI_USER_INFO_ACCESS_BOOT_ORDER_NODEFAULT - ); - - HiiCreateDefaultOpCode ( - DefaultOpCodeHandle, - EFI_HII_DEFAULT_CLASS_STANDARD, - EFI_IFR_NUMERIC_SIZE_4, - mAccessInfo.AccessBootOrder - ); - - HiiCreateOneOfOpCode ( - StartOpCodeHandle, // Container for dynamic created opcodes - KEY_MODIFY_USER | KEY_SELECT_USER | KEY_MODIFY_AP | KEY_MODIFY_BOOT, // Question ID - 0, // VarStore ID - 0, // Offset in Buffer Storage - STRING_TOKEN (STR_BOOR_ORDER), // Question prompt text - STRING_TOKEN (STR_BOOT_ORDER_HELP), // Question help text - EFI_IFR_FLAG_CALLBACK, // Question flag - EFI_IFR_NUMERIC_SIZE_1, // Data type of Question Value - OptionsOpCodeHandle, // Option Opcode list - DefaultOpCodeHandle // Default Opcode - ); - HiiFreeOpCodeHandle (DefaultOpCodeHandle); - HiiFreeOpCodeHandle (OptionsOpCodeHandle); - - // - // Update Form. - // - HiiUpdateForm ( - mCallbackInfo->HiiHandle, // HII handle - &gUserProfileManagerGuid, // Formset GUID - FORMID_MODIFY_AP, // Form ID - StartOpCodeHandle, // Label for where to insert opcodes - EndOpCodeHandle // Replace data - ); - - HiiFreeOpCodeHandle (StartOpCodeHandle); - HiiFreeOpCodeHandle (EndOpCodeHandle); -} - - -/** - Expand access policy memory size. - - @param[in] ValidLen The valid access policy length. - @param[in] ExpandLen The length that is needed to expand. - -**/ -VOID -ExpandMemory ( - IN UINTN ValidLen, - IN UINTN ExpandLen - ) -{ - UINT8 *Mem; - UINTN Len; - - // - // Expand memory. - // - Len = mUserInfo.AccessPolicyLen + (ExpandLen / 64 + 1) * 64; - Mem = AllocateZeroPool (Len); - ASSERT (Mem != NULL); - - if (mUserInfo.AccessPolicy != NULL) { - CopyMem (Mem, mUserInfo.AccessPolicy, ValidLen); - FreePool (mUserInfo.AccessPolicy); - } - - mUserInfo.AccessPolicy = Mem; - mUserInfo.AccessPolicyLen = Len; -} - - -/** - Get the username from user input, and update username string in the Hii - database with it. - -**/ -VOID -ModifyUserName ( - VOID - ) -{ - EFI_STATUS Status; - CHAR16 UserName[USER_NAME_LENGTH]; - UINTN Len; - EFI_INPUT_KEY Key; - EFI_USER_INFO_HANDLE UserInfo; - EFI_USER_INFO *Info; - EFI_USER_PROFILE_HANDLE TempUser; - - // - // Get the new user name. - // - Len = sizeof (UserName); - Status = GetUserNameInput (&Len, UserName); - if (EFI_ERROR (Status)) { - if (Status != EFI_ABORTED) { - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"Failed To Get User Name.", - L"", - L"Please Press Any Key to Continue ...", - NULL - ); - } - return ; - } - - // - // Check whether the username had been used or not. - // - Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + Len); - if (Info == NULL) { - return ; - } - - Info->InfoType = EFI_USER_INFO_NAME_RECORD; - Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | - EFI_USER_INFO_PUBLIC | - EFI_USER_INFO_EXCLUSIVE; - Info->InfoSize = (UINT32) (sizeof (EFI_USER_INFO) + Len); - CopyMem ((UINT8 *) (Info + 1), UserName, Len); - - TempUser = NULL; - Status = mUserManager->Find ( - mUserManager, - &TempUser, - NULL, - Info, - Info->InfoSize - ); - if (!EFI_ERROR (Status)) { - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"The User Name Had Been Used.", - L"", - L"Please Use Other User Name", - NULL - ); - FreePool (Info); - return ; - } - - // - // Update username display in the form. - // - CopyMem (mUserInfo.UserName, UserName, Len); - HiiSetString ( - mCallbackInfo->HiiHandle, - STRING_TOKEN (STR_USER_NAME_VAL), - mUserInfo.UserName, - NULL - ); - - // - // Save the user name. - // - Status = FindInfoByType (mModifyUser, EFI_USER_INFO_NAME_RECORD, &UserInfo); - if (!EFI_ERROR (Status)) { - mUserManager->SetInfo ( - mUserManager, - mModifyUser, - &UserInfo, - Info, - Info->InfoSize - ); - } - FreePool (Info); -} - - -/** - Display the form of the modifying user identity policy. - -**/ -VOID -ModifyIdentityPolicy ( - VOID - ) -{ - UINTN Index; - CHAR16 *ProvStr; - EFI_STRING_ID ProvID; - EFI_HII_HANDLE HiiHandle; - VOID *OptionsOpCodeHandle; - VOID *StartOpCodeHandle; - VOID *EndOpCodeHandle; - EFI_IFR_GUID_LABEL *StartLabel; - EFI_IFR_GUID_LABEL *EndLabel; - - // - // Initialize the container for dynamic opcodes. - // - StartOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (StartOpCodeHandle != NULL); - - EndOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (EndOpCodeHandle != NULL); - - // - // Create Hii Extend Label OpCode. - // - StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( - StartOpCodeHandle, - &gEfiIfrTianoGuid, - NULL, - sizeof (EFI_IFR_GUID_LABEL) - ); - StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - StartLabel->Number = LABEL_IP_MOD_FUNC; - - EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( - EndOpCodeHandle, - &gEfiIfrTianoGuid, - NULL, - sizeof (EFI_IFR_GUID_LABEL) - ); - EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - EndLabel->Number = LABEL_END; - - // - // Add credential providers - //. - if (mProviderInfo->Count > 0) { - OptionsOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (OptionsOpCodeHandle != NULL); - - // - // Add credential provider Option OpCode. - // - for (Index = 0; Index < mProviderInfo->Count; Index++) { - mProviderInfo->Provider[Index]->Title ( - mProviderInfo->Provider[Index], - &HiiHandle, - &ProvID - ); - ProvStr = HiiGetString (HiiHandle, ProvID, NULL); - ProvID = HiiSetString (mCallbackInfo->HiiHandle, 0, ProvStr, NULL); - FreePool (ProvStr); - if (ProvID == 0) { - return ; - } - - HiiCreateOneOfOptionOpCode ( - OptionsOpCodeHandle, - ProvID, - 0, - EFI_IFR_NUMERIC_SIZE_1, - (UINT8) Index - ); - } - - HiiCreateOneOfOpCode ( - StartOpCodeHandle, // Container for dynamic created opcodes - KEY_MODIFY_USER | KEY_SELECT_USER | KEY_MODIFY_IP | KEY_MODIFY_PROV, // Question ID - 0, // VarStore ID - 0, // Offset in Buffer Storage - STRING_TOKEN (STR_PROVIDER), // Question prompt text - STRING_TOKEN (STR_PROVIDER_HELP), // Question help text - EFI_IFR_FLAG_CALLBACK, // Question flag - EFI_IFR_NUMERIC_SIZE_1, // Data type of Question Value - OptionsOpCodeHandle, // Option Opcode list - NULL // Default Opcode is NULl - ); - - HiiFreeOpCodeHandle (OptionsOpCodeHandle); - } - - // - // Add logical connector Option OpCode. - // - OptionsOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (OptionsOpCodeHandle != NULL); - - HiiCreateOneOfOptionOpCode ( - OptionsOpCodeHandle, - STRING_TOKEN (STR_AND_CON), - 0, - EFI_IFR_NUMERIC_SIZE_1, - 0 - ); - - HiiCreateOneOfOptionOpCode ( - OptionsOpCodeHandle, - STRING_TOKEN (STR_OR_CON), - 0, - EFI_IFR_NUMERIC_SIZE_1, - 1 - ); - - HiiCreateOneOfOpCode ( - StartOpCodeHandle, // Container for dynamic created opcodes - KEY_MODIFY_USER | KEY_SELECT_USER | KEY_MODIFY_IP | KEY_MODIFY_CONN, // Question ID - 0, // VarStore ID - 0, // Offset in Buffer Storage - STRING_TOKEN (STR_CONNECTOR), // Question prompt text - STRING_TOKEN (STR_CONNECTOR_HELP), // Question help text - EFI_IFR_FLAG_CALLBACK, // Question flag - EFI_IFR_NUMERIC_SIZE_1, // Data type of Question Value - OptionsOpCodeHandle, // Option Opcode list - NULL // Default Opcode is NULl - ); - - HiiFreeOpCodeHandle (OptionsOpCodeHandle); - - // - // Update identity policy in the form. - // - ResolveIdentityPolicy ( - mUserInfo.IdentityPolicy, - mUserInfo.IdentityPolicyLen, - STRING_TOKEN (STR_IDENTIFY_POLICY_VALUE) - ); - - if (mUserInfo.NewIdentityPolicy != NULL) { - FreePool (mUserInfo.NewIdentityPolicy); - mUserInfo.NewIdentityPolicy = NULL; - mUserInfo.NewIdentityPolicyLen = 0; - mUserInfo.NewIdentityPolicyModified = FALSE; - } - mProviderChoice = 0; - mConncetLogical = 0; - - HiiUpdateForm ( - mCallbackInfo->HiiHandle, // HII handle - &gUserProfileManagerGuid, // Formset GUID - FORMID_MODIFY_IP, // Form ID - StartOpCodeHandle, // Label for where to insert opcodes - EndOpCodeHandle // Replace data - ); - - HiiFreeOpCodeHandle (StartOpCodeHandle); - HiiFreeOpCodeHandle (EndOpCodeHandle); -} - - -/** - Get current user's access right. - - @param[out] AccessRight Points to the buffer used for user's access right. - - @retval EFI_SUCCESS Get current user access right successfully. - @retval others Fail to get current user access right. - -**/ -EFI_STATUS -GetAccessRight ( - OUT UINT32 *AccessRight - ) -{ - EFI_STATUS Status; - EFI_USER_INFO_HANDLE UserInfo; - EFI_USER_INFO *Info; - UINTN InfoSize; - UINTN MemSize; - EFI_USER_INFO_ACCESS_CONTROL Access; - EFI_USER_PROFILE_HANDLE CurrentUser; - UINTN TotalLen; - UINTN CheckLen; - - // - // Allocate user information memory. - // - MemSize = sizeof (EFI_USER_INFO) + 63; - Info = AllocateZeroPool (MemSize); - if (Info == NULL) { - return EFI_OUT_OF_RESOURCES; - } - - // - // Get user access information. - // - UserInfo = NULL; - mUserManager->Current (mUserManager, &CurrentUser); - while (TRUE) { - InfoSize = MemSize; - // - // Get next user information. - // - Status = mUserManager->GetNextInfo (mUserManager, CurrentUser, &UserInfo); - if (EFI_ERROR (Status)) { - break; - } - - Status = mUserManager->GetInfo ( - mUserManager, - CurrentUser, - UserInfo, - Info, - &InfoSize - ); - if (Status == EFI_BUFFER_TOO_SMALL) { - MemSize = InfoSize; - FreePool (Info); - Info = AllocateZeroPool (MemSize); - if (Info == NULL) { - return EFI_OUT_OF_RESOURCES; - } - Status = mUserManager->GetInfo ( - mUserManager, - CurrentUser, - UserInfo, - Info, - &InfoSize - ); - } - if (EFI_ERROR (Status)) { - break; - } - - // - // Check user information. - // - if (Info->InfoType == EFI_USER_INFO_ACCESS_POLICY_RECORD) { - TotalLen = Info->InfoSize - sizeof (EFI_USER_INFO); - CheckLen = 0; - // - // Get specified access information. - // - while (CheckLen < TotalLen) { - CopyMem (&Access, (UINT8 *) (Info + 1) + CheckLen, sizeof (Access)); - if ((Access.Type == EFI_USER_INFO_ACCESS_ENROLL_SELF) || - (Access.Type == EFI_USER_INFO_ACCESS_ENROLL_OTHERS) || - (Access.Type == EFI_USER_INFO_ACCESS_MANAGE) - ) { - *AccessRight = Access.Type; - FreePool (Info); - return EFI_SUCCESS; - } - CheckLen += Access.Size; - } - } - } - FreePool (Info); - return EFI_NOT_FOUND; -} - -- 2.16.2.windows.1 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] SecurityPkg: Remove code under UserIdentification folder. 2019-01-09 1:09 [PATCH] SecurityPkg: Remove code under UserIdentification folder chenche4 @ 2019-01-09 1:38 ` Gao, Liming 2019-01-09 1:54 ` Chen, Chen A 0 siblings, 1 reply; 4+ messages in thread From: Gao, Liming @ 2019-01-09 1:38 UTC (permalink / raw) To: Chen, Chen A, edk2-devel@lists.01.org; +Cc: Zhang, Chao B Could you create BZ for this change? >-----Original Message----- >From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of >chenche4 >Sent: Wednesday, January 09, 2019 9:09 AM >To: edk2-devel@lists.01.org >Cc: Zhang, Chao B <chao.b.zhang@intel.com> >Subject: [edk2] [PATCH] SecurityPkg: Remove code under UserIdentification >folder. > >1. UserIdentifyManagerDxe is used to provide UserManagerProtocol. >2. UserProfileManagerDxe provide UI setting >3. PwdCredentialProviderDxe & UsbCredentialProviderDxe are >implementation > examples. > >Remove above features because of no platform use it. > >Cc: Zhang Chao B <chao.b.zhang@intel.com> >Contributed-under: TianoCore Contribution Agreement 1.1 >Signed-off-by: Chen A Chen <chen.a.chen@intel.com> >--- > .../Include/Guid/UsbCredentialProviderHii.h | 29 - > SecurityPkg/Include/Guid/UserIdentifyManagerHii.h | 25 - > SecurityPkg/Include/Guid/UserProfileManagerHii.h | 25 - > SecurityPkg/SecurityPkg.dec | 12 - > SecurityPkg/SecurityPkg.dsc | 4 - > .../PwdCredentialProvider.c | 1464 -------- > .../PwdCredentialProvider.h | 374 -- > .../PwdCredentialProvider.uni | 21 - > .../PwdCredentialProviderData.h | 30 - > .../PwdCredentialProviderDxe.inf | 65 - > .../PwdCredentialProviderExtra.uni | 19 - > .../PwdCredentialProviderStrings.uni | 38 - > .../PwdCredentialProviderVfr.Vfr | 34 - > .../UsbCredentialProvider.c | 1410 -------- > .../UsbCredentialProvider.h | 361 -- > .../UsbCredentialProvider.uni | 23 - > .../UsbCredentialProviderDxe.inf | 70 - > .../UsbCredentialProviderExtra.uni | 19 - > .../UsbCredentialProviderStrings.uni | 29 - > .../UserIdentifyManagerDxe/LoadDeferredImage.c | 148 - > .../UserIdentifyManagerDxe/UserIdentifyManager.c | 3766 -------------------- > .../UserIdentifyManagerDxe/UserIdentifyManager.h | 413 --- > .../UserIdentifyManagerDxe/UserIdentifyManager.uni | 21 - > .../UserIdentifyManagerData.h | 35 - > .../UserIdentifyManagerDxe.inf | 79 - > .../UserIdentifyManagerExtra.uni | 19 - > .../UserIdentifyManagerStrings.uni | 27 - > .../UserIdentifyManagerVfr.Vfr | 43 - > .../UserProfileManagerDxe/ModifyAccessPolicy.c | 688 ---- > .../UserProfileManagerDxe/ModifyIdentityPolicy.c | 516 --- > .../UserProfileManagerDxe/UserProfileAdd.c | 372 -- > .../UserProfileManagerDxe/UserProfileDelete.c | 343 -- > .../UserProfileManagerDxe/UserProfileManager.c | 887 ----- > .../UserProfileManagerDxe/UserProfileManager.h | 444 --- > .../UserProfileManagerDxe/UserProfileManager.uni | 22 - > .../UserProfileManagerDxe/UserProfileManagerData.h | 158 - > .../UserProfileManagerDxe.inf | 72 - > .../UserProfileManagerExtra.uni | 19 - > .../UserProfileManagerStrings.uni | 158 - > .../UserProfileManagerVfr.Vfr | 244 -- > .../UserProfileManagerDxe/UserProfileModify.c | 1475 -------- > 41 files changed, 14001 deletions(-) > delete mode 100644 SecurityPkg/Include/Guid/UsbCredentialProviderHii.h > delete mode 100644 SecurityPkg/Include/Guid/UserIdentifyManagerHii.h > delete mode 100644 SecurityPkg/Include/Guid/UserProfileManagerHii.h > delete mode 100644 >SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialPro >vider.c > delete mode 100644 >SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialPro >vider.h > delete mode 100644 >SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialPro >vider.uni > delete mode 100644 >SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialPro >viderData.h > delete mode 100644 >SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialPro >viderDxe.inf > delete mode 100644 >SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialPro >viderExtra.uni > delete mode 100644 >SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialPro >viderStrings.uni > delete mode 100644 >SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialPro >viderVfr.Vfr > delete mode 100644 >SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPro >vider.c > delete mode 100644 >SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPro >vider.h > delete mode 100644 >SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPro >vider.uni > delete mode 100644 >SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPro >viderDxe.inf > delete mode 100644 >SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPro >viderExtra.uni > delete mode 100644 >SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPro >viderStrings.uni > delete mode 100644 >SecurityPkg/UserIdentification/UserIdentifyManagerDxe/LoadDeferredImag >e.c > delete mode 100644 >SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManag >er.c > delete mode 100644 >SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManag >er.h > delete mode 100644 >SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManag >er.uni > delete mode 100644 >SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManag >erData.h > delete mode 100644 >SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManag >erDxe.inf > delete mode 100644 >SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManag >erExtra.uni > delete mode 100644 >SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManag >erStrings.uni > delete mode 100644 >SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManag >erVfr.Vfr > delete mode 100644 >SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyAccessPolicy. >c > delete mode 100644 >SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyIdentityPolicy >.c > delete mode 100644 >SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileAdd.c > delete mode 100644 >SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileDelete.c > delete mode 100644 >SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager. >c > delete mode 100644 >SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager. >h > delete mode 100644 >SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager. >uni > delete mode 100644 >SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager >Data.h > delete mode 100644 >SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager >Dxe.inf > delete mode 100644 >SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager >Extra.uni > delete mode 100644 >SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager >Strings.uni > delete mode 100644 >SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager >Vfr.Vfr > delete mode 100644 >SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModify.c > >diff --git a/SecurityPkg/Include/Guid/UsbCredentialProviderHii.h >b/SecurityPkg/Include/Guid/UsbCredentialProviderHii.h >deleted file mode 100644 >index 059d68f32e..0000000000 >--- a/SecurityPkg/Include/Guid/UsbCredentialProviderHii.h >+++ /dev/null >@@ -1,29 +0,0 @@ >-/** @file >- GUID used as HII Package list GUID in UsbCredentialProviderDxe driver. >- >-Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#ifndef __USB_CREDENTIAL_PROVIDER_HII_H__ >-#define __USB_CREDENTIAL_PROVIDER_HII_H__ >- >-// >-// Used for save password credential and form browser >-// And used as provider identifier >-// >-#define USB_CREDENTIAL_PROVIDER_GUID \ >- { \ >- 0xd0849ed1, 0xa88c, 0x4ba6, { 0xb1, 0xd6, 0xab, 0x50, 0xe2, 0x80, 0xb7, >0xa9 }\ >- } >- >-extern EFI_GUID gUsbCredentialProviderGuid; >- >-#endif >diff --git a/SecurityPkg/Include/Guid/UserIdentifyManagerHii.h >b/SecurityPkg/Include/Guid/UserIdentifyManagerHii.h >deleted file mode 100644 >index 323c51f0f6..0000000000 >--- a/SecurityPkg/Include/Guid/UserIdentifyManagerHii.h >+++ /dev/null >@@ -1,25 +0,0 @@ >-/** @file >- GUID used as HII FormSet and HII Package list GUID in >UserIdentifyManagerDxe driver. >- >-Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#ifndef __USER_IDENTIFY_MANAGER_HII_H__ >-#define __USER_IDENTIFY_MANAGER_HII_H__ >- >-#define USER_IDENTIFY_MANAGER_GUID \ >- { \ >- 0x3ccd3dd8, 0x8d45, 0x4fed, { 0x96, 0x2d, 0x2b, 0x38, 0xcd, 0x82, 0xb3, >0xc4 } \ >- } >- >-extern EFI_GUID gUserIdentifyManagerGuid; >- >-#endif >diff --git a/SecurityPkg/Include/Guid/UserProfileManagerHii.h >b/SecurityPkg/Include/Guid/UserProfileManagerHii.h >deleted file mode 100644 >index 105059350c..0000000000 >--- a/SecurityPkg/Include/Guid/UserProfileManagerHii.h >+++ /dev/null >@@ -1,25 +0,0 @@ >-/** @file >- GUID used as HII FormSet and HII Package list GUID in >UserProfileManagerDxe driver. >- >-Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#ifndef __USER_PROFILE_MANAGER_HII_H__ >-#define __USER_PROFILE_MANAGER_HII_H__ >- >-#define USER_PROFILE_MANAGER_GUID \ >- { \ >- 0xc35f272c, 0x97c2, 0x465a, { 0xa2, 0x16, 0x69, 0x6b, 0x66, 0x8a, 0x8c, 0xfe } >\ >- } >- >-extern EFI_GUID gUserProfileManagerGuid; >- >-#endif >diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec >index 8d64b4fefe..0c2afe2938 100644 >--- a/SecurityPkg/SecurityPkg.dec >+++ b/SecurityPkg/SecurityPkg.dec >@@ -139,22 +139,10 @@ > # Include/Guid/Tcg2PhysicalPresenceData.h > gEfiTcg2PhysicalPresenceGuid = { 0xaeb9c5c1, 0x94f1, 0x4d02, { 0xbf, 0xd9, >0x46, 0x2, 0xdb, 0x2d, 0x3c, 0x54 }} > >- ## GUID used for form browser, password credential and provider identifier. >- # Include/Guid/PwdCredentialProviderHii.h >- gPwdCredentialProviderGuid = { 0x78b9ec8b, 0xc000, 0x46c5, { 0xac, >0x93, 0x24, 0xa0, 0xc1, 0xbb, 0x0, 0xce }} >- >- ## GUID used for form browser, USB credential and provider identifier. >- # Include/Guid/UsbCredentialProviderHii.h >- gUsbCredentialProviderGuid = { 0xd0849ed1, 0xa88c, 0x4ba6, { 0xb1, >0xd6, 0xab, 0x50, 0xe2, 0x80, 0xb7, 0xa9 }} >- > ## GUID used for FormSet guid and user profile variable. > # Include/Guid/UserIdentifyManagerHii.h > gUserIdentifyManagerGuid = { 0x3ccd3dd8, 0x8d45, 0x4fed, { 0x96, >0x2d, 0x2b, 0x38, 0xcd, 0x82, 0xb3, 0xc4 }} > >- ## GUID used for FormSet. >- # Include/Guid/UserProfileManagerHii.h >- gUserProfileManagerGuid = { 0xc35f272c, 0x97c2, 0x465a, { 0xa2, 0x16, >0x69, 0x6b, 0x66, 0x8a, 0x8c, 0xfe }} >- > ## GUID used for FormSet. > # Include/Guid/TcgConfigHii.h > gTcgConfigFormSetGuid = { 0xb0f901e4, 0xc424, 0x45de, { 0x90, 0x81, >0x95, 0xe2, 0xb, 0xde, 0x6f, 0xb5 }} >diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc >index 68a2953162..19aaebff1f 100644 >--- a/SecurityPkg/SecurityPkg.dsc >+++ b/SecurityPkg/SecurityPkg.dsc >@@ -146,8 +146,6 @@ > SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf > #SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.inf > >SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticati >onStatusLib.inf >- >#SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMana >gerDxe.inf >- >#SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManage >rDxe.inf > > # > # TPM >@@ -200,8 +198,6 @@ > SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf > > [Components.IA32, Components.X64] >-# >SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialPro >viderDxe.inf >-# >SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPro >viderDxe.inf > >SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig >Dxe.inf > > # >diff --git >a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialP >rovider.c >b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredential >Provider.c >deleted file mode 100644 >index 52fc68b5ee..0000000000 >--- >a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialP >rovider.c >+++ /dev/null >@@ -1,1464 +0,0 @@ >-/** @file >- Password Credential Provider driver implementation. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-(C) Copyright 2018 Hewlett Packard Enterprise Development LP<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#include "PwdCredentialProvider.h" >- >-CREDENTIAL_TABLE *mPwdTable = NULL; >-PWD_PROVIDER_CALLBACK_INFO *mCallbackInfo = NULL; >-PASSWORD_CREDENTIAL_INFO *mPwdInfoHandle = NULL; >- >-HII_VENDOR_DEVICE_PATH mHiiVendorDevicePath = { >- { >- { >- HARDWARE_DEVICE_PATH, >- HW_VENDOR_DP, >- { >- (UINT8) (sizeof (VENDOR_DEVICE_PATH)), >- (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) >- } >- }, >- PWD_CREDENTIAL_PROVIDER_GUID >- }, >- { >- END_DEVICE_PATH_TYPE, >- END_ENTIRE_DEVICE_PATH_SUBTYPE, >- { >- (UINT8) (END_DEVICE_PATH_LENGTH), >- (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8) >- } >- } >-}; >- >-EFI_USER_CREDENTIAL2_PROTOCOL gPwdCredentialProviderDriver = { >- PWD_CREDENTIAL_PROVIDER_GUID, >- EFI_USER_CREDENTIAL_CLASS_PASSWORD, >- CredentialEnroll, >- CredentialForm, >- CredentialTile, >- CredentialTitle, >- CredentialUser, >- CredentialSelect, >- CredentialDeselect, >- CredentialDefault, >- CredentialGetInfo, >- CredentialGetNextInfo, >- EFI_CREDENTIAL_CAPABILITIES_ENROLL, >- CredentialDelete >-}; >- >- >-/** >- Get string by string id from HII Interface. >- >- >- @param[in] Id String ID to get the string from. >- >- @retval CHAR16 * String from ID. >- @retval NULL If error occurs. >- >-**/ >-CHAR16 * >-GetStringById ( >- IN EFI_STRING_ID Id >- ) >-{ >- // >- // Get the current string for the current Language. >- // >- return HiiGetString (mCallbackInfo->HiiHandle, Id, NULL); >-} >- >- >-/** >- Expand password table size. >- >-**/ >-VOID >-ExpandTableSize ( >- VOID >- ) >-{ >- CREDENTIAL_TABLE *NewTable; >- UINTN Count; >- >- Count = mPwdTable->MaxCount + PASSWORD_TABLE_INC; >- // >- // Create new credential table. >- // >- NewTable = (CREDENTIAL_TABLE *) AllocateZeroPool ( >- sizeof (CREDENTIAL_TABLE) + >- (Count - 1) * sizeof (PASSWORD_INFO) >- ); >- ASSERT (NewTable != NULL); >- >- NewTable->MaxCount = Count; >- NewTable->Count = mPwdTable->Count; >- NewTable->ValidIndex = mPwdTable->ValidIndex; >- // >- // Copy old entries >- // >- CopyMem ( >- &NewTable->UserInfo, >- &mPwdTable->UserInfo, >- mPwdTable->Count * sizeof (PASSWORD_INFO) >- ); >- FreePool (mPwdTable); >- mPwdTable = NewTable; >-} >- >- >-/** >- Add, update or delete info in table, and sync with NV variable. >- >- @param[in] Index The index of the password in table. If index is found in >- table, update the info, else add the into to table. >- @param[in] Info The new password info to add into table.If Info is NULL, >- delete the info by Index. >- >- @retval EFI_INVALID_PARAMETER Info is NULL when save the info. >- @retval EFI_SUCCESS Modify the table successfully. >- @retval Others Failed to modify the table. >- >-**/ >-EFI_STATUS >-ModifyTable ( >- IN UINTN Index, >- IN PASSWORD_INFO * Info OPTIONAL >- ) >-{ >- EFI_STATUS Status; >- PASSWORD_INFO *NewPasswordInfo; >- >- NewPasswordInfo = NULL; >- >- if (Index < mPwdTable->Count) { >- if (Info == NULL) { >- // >- // Delete the specified entry. >- // >- mPwdTable->Count--; >- if (Index != mPwdTable->Count) { >- NewPasswordInfo = &mPwdTable->UserInfo[mPwdTable->Count]; >- } >- } else { >- // >- // Update the specified entry. >- // >- NewPasswordInfo = Info; >- } >- } else { >- // >- // Add a new password info. >- // >- if (Info == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- >- if (mPwdTable->Count >= mPwdTable->MaxCount) { >- ExpandTableSize (); >- } >- >- NewPasswordInfo = Info; >- mPwdTable->Count++; >- } >- >- if (NewPasswordInfo != NULL) { >- CopyMem (&mPwdTable->UserInfo[Index], NewPasswordInfo, sizeof >(PASSWORD_INFO)); >- } >- >- // >- // Save the credential table. >- // >- Status = gRT->SetVariable ( >- L"PwdCredential", >- &gPwdCredentialProviderGuid, >- EFI_VARIABLE_NON_VOLATILE | >EFI_VARIABLE_BOOTSERVICE_ACCESS, >- mPwdTable->Count * sizeof (PASSWORD_INFO), >- &mPwdTable->UserInfo >- ); >- return Status; >-} >- >- >-/** >- Create a password table. >- >- @retval EFI_SUCCESS Create a password table successfully. >- @retval Others Failed to create a password. >- >-**/ >-EFI_STATUS >-InitCredentialTable ( >- VOID >- ) >-{ >- EFI_STATUS Status; >- UINT8 *Var; >- UINTN VarSize; >- >- // >- // Get Password credential data from NV variable. >- // >- VarSize = 0; >- Var = NULL; >- Status = gRT->GetVariable ( >- L"PwdCredential", >- &gPwdCredentialProviderGuid, >- NULL, >- &VarSize, >- Var >- ); >- if (Status == EFI_BUFFER_TOO_SMALL) { >- Var = AllocateZeroPool (VarSize); >- if (Var == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- Status = gRT->GetVariable ( >- L"PwdCredential", >- &gPwdCredentialProviderGuid, >- NULL, >- &VarSize, >- Var >- ); >- } >- if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) { >- return Status; >- } >- >- // >- // Create the password credential table. >- // >- mPwdTable = AllocateZeroPool ( >- sizeof (CREDENTIAL_TABLE) - sizeof (PASSWORD_INFO) + >- PASSWORD_TABLE_INC * sizeof (PASSWORD_INFO) + >- VarSize >- ); >- if (mPwdTable == NULL) { >- FreePool (Var); >- return EFI_OUT_OF_RESOURCES; >- } >- >- mPwdTable->Count = VarSize / sizeof (PASSWORD_INFO); >- mPwdTable->MaxCount = mPwdTable->Count + PASSWORD_TABLE_INC; >- mPwdTable->ValidIndex = 0; >- if (Var != NULL) { >- CopyMem (mPwdTable->UserInfo, Var, VarSize); >- FreePool (Var); >- } >- return EFI_SUCCESS; >-} >- >- >-/** >- Hash the password to get credential. >- >- @param[in] Password Points to the input password. >- @param[in] PasswordSize The size of password, in bytes. >- @param[out] Credential Points to the hashed result. >- >- @retval TRUE Hash the password successfully. >- @retval FALSE Failed to hash the password. >- >-**/ >-BOOLEAN >-GenerateCredential ( >- IN CHAR16 *Password, >- IN UINTN PasswordSize, >- OUT UINT8 *Credential >- ) >-{ >- BOOLEAN Status; >- UINTN HashSize; >- VOID *Hash; >- >- HashSize = Sha1GetContextSize (); >- Hash = AllocatePool (HashSize); >- ASSERT (Hash != NULL); >- >- Status = Sha1Init (Hash); >- if (!Status) { >- goto Done; >- } >- >- Status = Sha1Update (Hash, Password, PasswordSize); >- if (!Status) { >- goto Done; >- } >- >- Status = Sha1Final (Hash, Credential); >- >-Done: >- FreePool (Hash); >- return Status; >-} >- >- >-/** >- Get password from user input. >- >- @param[in] FirstPwd If True, prompt to input the first password. >- If False, prompt to input password again. >- @param[out] Credential Points to the input password. >- >-**/ >-VOID >-GetPassword ( >- IN BOOLEAN FirstPwd, >- OUT CHAR8 *Credential >- ) >-{ >- EFI_INPUT_KEY Key; >- CHAR16 PasswordMask[CREDENTIAL_LEN + 1]; >- CHAR16 Password[CREDENTIAL_LEN]; >- UINTN PasswordLen; >- CHAR16 *QuestionStr; >- CHAR16 *LineStr; >- >- PasswordLen = 0; >- while (TRUE) { >- PasswordMask[PasswordLen] = L'_'; >- PasswordMask[PasswordLen + 1] = L'\0'; >- LineStr = GetStringById (STRING_TOKEN (STR_DRAW_A_LINE)); >- if (FirstPwd) { >- QuestionStr = GetStringById (STRING_TOKEN (STR_INPUT_PASSWORD)); >- } else { >- QuestionStr = GetStringById (STRING_TOKEN >(STR_INPUT_PASSWORD_AGAIN)); >- } >- CreatePopUp ( >- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >- &Key, >- QuestionStr, >- LineStr, >- PasswordMask, >- NULL >- ); >- FreePool (QuestionStr); >- FreePool (LineStr); >- >- // >- // Check key stroke >- // >- if (Key.ScanCode == SCAN_NULL) { >- if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { >- break; >- } else if (Key.UnicodeChar == CHAR_BACKSPACE) { >- if (PasswordLen > 0) { >- PasswordLen--; >- } >- } else if ((Key.UnicodeChar == CHAR_NULL) || >- (Key.UnicodeChar == CHAR_TAB) || >- (Key.UnicodeChar == CHAR_LINEFEED)) { >- continue; >- } else { >- Password[PasswordLen] = Key.UnicodeChar; >- PasswordMask[PasswordLen] = L'*'; >- PasswordLen++; >- if (PasswordLen == CREDENTIAL_LEN) { >- break; >- } >- } >- } >- } >- >- PasswordLen = PasswordLen * sizeof (CHAR16); >- GenerateCredential (Password, PasswordLen, (UINT8 *)Credential); >-} >- >-/** >- Check whether the password can be found on this provider. >- >- @param[in] Password The password to be found. >- >- @retval EFI_SUCCESS Found password sucessfully. >- @retval EFI_NOT_FOUND Fail to find the password. >- >-**/ >-EFI_STATUS >-CheckPassword ( >- IN CHAR8 *Password >- ) >-{ >- UINTN Index; >- CHAR8 *Pwd; >- >- // >- // Check password credential. >- // >- mPwdTable->ValidIndex = 0; >- for (Index = 0; Index < mPwdTable->Count; Index++) { >- Pwd = mPwdTable->UserInfo[Index].Password; >- if (CompareMem (Pwd, Password, CREDENTIAL_LEN) == 0) { >- mPwdTable->ValidIndex = Index + 1; >- return EFI_SUCCESS; >- } >- } >- >- return EFI_NOT_FOUND; >-} >- >- >-/** >- Find a user infomation record by the information record type. >- >- This function searches all user information records of User from beginning >- until either the information is found, or there are no more user infomation >- records. A match occurs when a Info.InfoType field matches the user >information >- record type. >- >- @param[in] User Points to the user profile record to search. >- @param[in] InfoType The infomation type to be searched. >- @param[out] Info Points to the user info found, the caller is responsible >- to free. >- >- @retval EFI_SUCCESS Find the user information successfully. >- @retval Others Fail to find the user information. >- >-**/ >-EFI_STATUS >-FindUserInfoByType ( >- IN EFI_USER_PROFILE_HANDLE User, >- IN UINT8 InfoType, >- OUT EFI_USER_INFO **Info >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO *UserInfo; >- UINTN UserInfoSize; >- EFI_USER_INFO_HANDLE UserInfoHandle; >- EFI_USER_MANAGER_PROTOCOL *UserManager; >- >- // >- // Find user information by information type. >- // >- if (Info == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- >- Status = gBS->LocateProtocol ( >- &gEfiUserManagerProtocolGuid, >- NULL, >- (VOID **) &UserManager >- ); >- if (EFI_ERROR (Status)) { >- return EFI_NOT_FOUND; >- } >- >- // >- // Get each user information. >- // >- >- UserInfoHandle = NULL; >- UserInfo = NULL; >- UserInfoSize = 0; >- while (TRUE) { >- Status = UserManager->GetNextInfo (UserManager, User, >&UserInfoHandle); >- if (EFI_ERROR (Status)) { >- break; >- } >- // >- // Get information. >- // >- Status = UserManager->GetInfo ( >- UserManager, >- User, >- UserInfoHandle, >- UserInfo, >- &UserInfoSize >- ); >- if (Status == EFI_BUFFER_TOO_SMALL) { >- if (UserInfo != NULL) { >- FreePool (UserInfo); >- } >- UserInfo = AllocateZeroPool (UserInfoSize); >- if (UserInfo == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- Status = UserManager->GetInfo ( >- UserManager, >- User, >- UserInfoHandle, >- UserInfo, >- &UserInfoSize >- ); >- } >- if (EFI_ERROR (Status)) { >- break; >- } >- >- ASSERT (UserInfo != NULL); >- if (UserInfo->InfoType == InfoType) { >- *Info = UserInfo; >- return EFI_SUCCESS; >- } >- } >- >- if (UserInfo != NULL) { >- FreePool (UserInfo); >- } >- return Status; >-} >- >- >-/** >- This function processes the results of changes in configuration. >- >- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. >- @param Action Specifies the type of action taken by the browser. >- @param QuestionId A unique value which is sent to the original >- exporting driver so that it can identify the type >- of data to expect. >- @param Type The type of value for the question. >- @param Value A pointer to the data being sent to the original >- exporting driver. >- @param ActionRequest On return, points to the action requested by >the >- callback function. >- >- @retval EFI_SUCCESS The callback successfully handled the action. >- @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold >the >- variable and its data. >- @retval EFI_DEVICE_ERROR The variable could not be saved. >- @retval EFI_UNSUPPORTED The specified Action is not supported by the >- callback. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialDriverCallback ( >- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, >- IN EFI_BROWSER_ACTION Action, >- IN EFI_QUESTION_ID QuestionId, >- IN UINT8 Type, >- IN EFI_IFR_TYPE_VALUE *Value, >- OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest >- ) >-{ >- EFI_STATUS Status; >- EFI_INPUT_KEY Key; >- CHAR8 Password[CREDENTIAL_LEN]; >- CHAR16 *PromptStr; >- >- if (Action == EFI_BROWSER_ACTION_CHANGED) { >- if (QuestionId == KEY_GET_PASSWORD) { >- // >- // Get and check password. >- // >- GetPassword (TRUE, Password); >- Status = CheckPassword (Password); >- if (EFI_ERROR (Status)) { >- PromptStr = GetStringById (STRING_TOKEN >(STR_PASSWORD_INCORRECT)); >- CreatePopUp ( >- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >- &Key, >- L"", >- PromptStr, >- L"", >- NULL >- ); >- FreePool (PromptStr); >- return Status; >- } >- *ActionRequest = EFI_BROWSER_ACTION_REQUEST_EXIT; >- } >- return EFI_SUCCESS; >- } >- >- // >- // All other action return unsupported. >- // >- return EFI_UNSUPPORTED; >-} >- >- >-/** >- This function allows a caller to extract the current configuration for one >- or more named elements from the target driver. >- >- >- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. >- @param Request A null-terminated Unicode string in <ConfigRequest> >format. >- @param Progress On return, points to a character in the Request string. >- Points to the string's null terminator if request was successful. >- Points to the most recent '&' before the first failing name/value >- pair (or the beginning of the string if the failure is in the >- first name/value pair) if the request was not successful. >- @param Results A null-terminated Unicode string in <ConfigAltResp> >format which >- has all values filled in for the names in the Request string. >- String to be allocated by the called function. >- >- @retval EFI_SUCCESS The Results is filled with the requested values. >- @retval EFI_OUT_OF_RESOURCES Not enough memory to store the >results. >- @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown >name. >- @retval EFI_NOT_FOUND Routing data doesn't match any storage in >this driver. >- >-**/ >-EFI_STATUS >-EFIAPI >-FakeExtractConfig ( >- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, >- IN CONST EFI_STRING Request, >- OUT EFI_STRING *Progress, >- OUT EFI_STRING *Results >- ) >-{ >- if (Progress == NULL || Results == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- *Progress = Request; >- return EFI_NOT_FOUND; >-} >- >-/** >- This function processes the results of changes in configuration. >- >- >- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. >- @param Configuration A null-terminated Unicode string in <ConfigResp> >format. >- @param Progress A pointer to a string filled in with the offset of the >most >- recent '&' before the first failing name/value pair (or the >- beginning of the string if the failure is in the first >- name/value pair) or the terminating NULL if all was successful. >- >- @retval EFI_SUCCESS The Results is processed successfully. >- @retval EFI_INVALID_PARAMETER Configuration is NULL. >- @retval EFI_NOT_FOUND Routing data doesn't match any storage in >this driver. >- >-**/ >-EFI_STATUS >-EFIAPI >-FakeRouteConfig ( >- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, >- IN CONST EFI_STRING Configuration, >- OUT EFI_STRING *Progress >- ) >-{ >- if (Configuration == NULL || Progress == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- >- *Progress = Configuration; >- >- return EFI_NOT_FOUND; >-} >- >-/** >- This function initialize the data mainly used in form browser. >- >- @retval EFI_SUCCESS Initialize form data successfully. >- @retval Others Fail to Initialize form data. >- >-**/ >-EFI_STATUS >-InitFormBrowser ( >- VOID >- ) >-{ >- EFI_STATUS Status; >- PWD_PROVIDER_CALLBACK_INFO *CallbackInfo; >- >- // >- // Initialize driver private data. >- // >- CallbackInfo = AllocateZeroPool (sizeof (PWD_PROVIDER_CALLBACK_INFO)); >- if (CallbackInfo == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- >- CallbackInfo->Signature = PWD_PROVIDER_SIGNATURE; >- CallbackInfo->ConfigAccess.ExtractConfig = FakeExtractConfig; >- CallbackInfo->ConfigAccess.RouteConfig = FakeRouteConfig; >- CallbackInfo->ConfigAccess.Callback = CredentialDriverCallback; >- CallbackInfo->DriverHandle = NULL; >- >- // >- // Install Device Path Protocol and Config Access protocol to driver handle. >- // >- Status = gBS->InstallMultipleProtocolInterfaces ( >- &CallbackInfo->DriverHandle, >- &gEfiDevicePathProtocolGuid, >- &mHiiVendorDevicePath, >- &gEfiHiiConfigAccessProtocolGuid, >- &CallbackInfo->ConfigAccess, >- NULL >- ); >- ASSERT_EFI_ERROR (Status); >- >- // >- // Publish HII data. >- // >- CallbackInfo->HiiHandle = HiiAddPackages ( >- &gPwdCredentialProviderGuid, >- CallbackInfo->DriverHandle, >- PwdCredentialProviderStrings, >- PwdCredentialProviderVfrBin, >- NULL >- ); >- if (CallbackInfo->HiiHandle == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- mCallbackInfo = CallbackInfo; >- >- return Status; >-} >- >- >-/** >- Enroll a user on a credential provider. >- >- This function enrolls a user on this credential provider. If the user exists on >- this credential provider, update the user information on this credential >provider; >- otherwise add the user information on credential provider. >- >- @param[in] This Points to this instance of >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in] User The user profile to enroll. >- >- @retval EFI_SUCCESS User profile was successfully enrolled. >- @retval EFI_ACCESS_DENIED Current user profile does not permit >enrollment on the >- user profile handle. Either the user profile cannot enroll >- on any user profile or cannot enroll on a user profile >- other than the current user profile. >- @retval EFI_UNSUPPORTED This credential provider does not support >enrollment in >- the pre-OS. >- @retval EFI_DEVICE_ERROR The new credential could not be created >because of a device >- error. >- @retval EFI_INVALID_PARAMETER User does not refer to a valid user >profile handle. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialEnroll ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User >- ) >-{ >- EFI_STATUS Status; >- UINTN Index; >- PASSWORD_INFO PwdInfo; >- EFI_USER_INFO *UserInfo; >- CHAR8 Password[CREDENTIAL_LEN]; >- EFI_INPUT_KEY Key; >- UINT8 *UserId; >- CHAR16 *QuestionStr; >- CHAR16 *PromptStr; >- >- if ((This == NULL) || (User == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Get User Identifier. >- // >- UserInfo = NULL; >- Status = FindUserInfoByType ( >- User, >- EFI_USER_INFO_IDENTIFIER_RECORD, >- &UserInfo >- ); >- if (EFI_ERROR (Status)) { >- return EFI_INVALID_PARAMETER; >- } >- >- CopyMem (PwdInfo.UserId, (UINT8 *) (UserInfo + 1), sizeof >(EFI_USER_INFO_IDENTIFIER)); >- FreePool (UserInfo); >- >- // >- // Get password from user. >- // >- while (TRUE) { >- // >- // Input password. >- // >- GetPassword (TRUE, PwdInfo.Password); >- >- // >- // Input password again. >- // >- GetPassword (FALSE, Password); >- >- // >- // Compare the two password consistency. >- // >- if (CompareMem (PwdInfo.Password, Password, CREDENTIAL_LEN) == 0) { >- break; >- } >- >- QuestionStr = GetStringById (STRING_TOKEN >(STR_PASSWORD_MISMATCH)); >- PromptStr = GetStringById (STRING_TOKEN >(STR_INPUT_PASSWORD_AGAIN)); >- CreatePopUp ( >- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >- &Key, >- QuestionStr, >- L"", >- PromptStr, >- NULL >- ); >- FreePool (QuestionStr); >- FreePool (PromptStr); >- } >- >- // >- // Check whether User is ever enrolled in the provider. >- // >- for (Index = 0; Index < mPwdTable->Count; Index++) { >- UserId = (UINT8 *) &mPwdTable->UserInfo[Index].UserId; >- if (CompareMem (UserId, (UINT8 *) &PwdInfo.UserId, sizeof >(EFI_USER_INFO_IDENTIFIER)) == 0) { >- // >- // User already exists, update the password. >- // >- break; >- } >- } >- >- // >- // Enroll the User to the provider. >- // >- Status = ModifyTable (Index, &PwdInfo); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- return EFI_SUCCESS; >-} >- >- >-/** >- Returns the user interface information used during user identification. >- >- This function returns information about the form used when interacting >with the >- user during user identification. The form is the first enabled form in the >form-set >- class EFI_HII_USER_CREDENTIAL_FORMSET_GUID installed on the HII >handle HiiHandle. If >- the user credential provider does not require a form to identify the user, >then this >- function should return EFI_NOT_FOUND. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[out] Hii On return, holds the HII database handle. >- @param[out] FormSetId On return, holds the identifier of the form set >which contains >- the form used during user identification. >- @param[out] FormId On return, holds the identifier of the form used >during user >- identification. >- >- @retval EFI_SUCCESS Form returned successfully. >- @retval EFI_NOT_FOUND Form not returned. >- @retval EFI_INVALID_PARAMETER Hii is NULL or FormSetId is NULL or >FormId is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialForm ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- OUT EFI_HII_HANDLE *Hii, >- OUT EFI_GUID *FormSetId, >- OUT EFI_FORM_ID *FormId >- ) >-{ >- if ((This == NULL) || (Hii == NULL) || >- (FormSetId == NULL) || (FormId == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- *Hii = mCallbackInfo->HiiHandle; >- *FormId = FORMID_GET_PASSWORD_FORM; >- CopyGuid (FormSetId, &gPwdCredentialProviderGuid); >- >- return EFI_SUCCESS; >-} >- >- >-/** >- Returns bitmap used to describe the credential provider type. >- >- This optional function returns a bitmap that is less than or equal to the >number >- of pixels specified by Width and Height. If no such bitmap exists, then >EFI_NOT_FOUND >- is returned. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in, out] Width On entry, points to the desired bitmap width. If >NULL then no >- bitmap information will be returned. On exit, points to the >- width of the bitmap returned. >- @param[in, out] Height On entry, points to the desired bitmap height. If >NULL then no >- bitmap information will be returned. On exit, points to the >- height of the bitmap returned >- @param[out] Hii On return, holds the HII database handle. >- @param[out] Image On return, holds the HII image identifier. >- >- @retval EFI_SUCCESS Image identifier returned successfully. >- @retval EFI_NOT_FOUND Image identifier not returned. >- @retval EFI_INVALID_PARAMETER Hii is NULL or Image is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialTile ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN OUT UINTN *Width, >- IN OUT UINTN *Height, >- OUT EFI_HII_HANDLE *Hii, >- OUT EFI_IMAGE_ID *Image >- ) >-{ >- if ((This == NULL) || (Hii == NULL) || (Image == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- return EFI_NOT_FOUND; >-} >- >- >-/** >- Returns string used to describe the credential provider type. >- >- This function returns a string which describes the credential provider. If no >- such string exists, then EFI_NOT_FOUND is returned. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[out] Hii On return, holds the HII database handle. >- @param[out] String On return, holds the HII string identifier. >- >- @retval EFI_SUCCESS String identifier returned successfully. >- @retval EFI_NOT_FOUND String identifier not returned. >- @retval EFI_INVALID_PARAMETER Hii is NULL or String is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialTitle ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- OUT EFI_HII_HANDLE *Hii, >- OUT EFI_STRING_ID *String >- ) >-{ >- if ((This == NULL) || (Hii == NULL) || (String == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Set Hii handle and String ID. >- // >- *Hii = mCallbackInfo->HiiHandle; >- *String = STRING_TOKEN (STR_CREDENTIAL_TITLE); >- >- return EFI_SUCCESS; >-} >- >- >-/** >- Return the user identifier associated with the currently authenticated user. >- >- This function returns the user identifier of the user authenticated by this >credential >- provider. This function is called after the credential-related information has >been >- submitted on a form, OR after a call to Default() has returned that this >credential is >- ready to log on. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in] User The user profile handle of the user profile currently >being >- considered by the user identity manager. If NULL, then no user >- profile is currently under consideration. >- @param[out] Identifier On return, points to the user identifier. >- >- @retval EFI_SUCCESS User identifier returned successfully. >- @retval EFI_NOT_READY No user identifier can be returned. >- @retval EFI_ACCESS_DENIED The user has been locked out of this user >credential. >- @retval EFI_INVALID_PARAMETER This is NULL, or Identifier is NULL. >- @retval EFI_NOT_FOUND User is not NULL, and the specified user >handle can't be >- found in user profile database >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialUser ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User, >- OUT EFI_USER_INFO_IDENTIFIER *Identifier >- ) >-{ >- EFI_STATUS Status; >- UINTN Index; >- EFI_USER_INFO *UserInfo; >- UINT8 *UserId; >- UINT8 *NewUserId; >- CHAR8 *Pwd; >- CHAR8 *NewPwd; >- >- if ((This == NULL) || (Identifier == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- if (mPwdTable->ValidIndex == 0) { >- // >- // No password input, or the input password doesn't match >- // anyone in PwdTable. >- // >- return EFI_NOT_READY; >- } >- >- if (User == NULL) { >- // >- // Return the user ID whose password matches the input password. >- // >- CopyMem ( >- Identifier, >- &mPwdTable->UserInfo[mPwdTable->ValidIndex - 1].UserId, >- sizeof (EFI_USER_INFO_IDENTIFIER) >- ); >- return EFI_SUCCESS; >- } >- >- // >- // Get the User's ID. >- // >- Status = FindUserInfoByType ( >- User, >- EFI_USER_INFO_IDENTIFIER_RECORD, >- &UserInfo >- ); >- if (EFI_ERROR (Status)) { >- return EFI_NOT_FOUND; >- } >- >- // >- // Check whether the input password matches one in PwdTable. >- // >- for (Index = 0; Index < mPwdTable->Count; Index++) { >- UserId = (UINT8 *) &mPwdTable->UserInfo[Index].UserId; >- NewUserId = (UINT8 *) (UserInfo + 1); >- if (CompareMem (UserId, NewUserId, sizeof (EFI_USER_INFO_IDENTIFIER)) >== 0) { >- Pwd = mPwdTable->UserInfo[Index].Password; >- NewPwd = mPwdTable->UserInfo[mPwdTable->ValidIndex - 1].Password; >- if (CompareMem (Pwd, NewPwd, CREDENTIAL_LEN) == 0) { >- CopyMem (Identifier, UserId, sizeof (EFI_USER_INFO_IDENTIFIER)); >- FreePool (UserInfo); >- return EFI_SUCCESS; >- } >- } >- } >- >- FreePool (UserInfo); >- return EFI_NOT_READY; >-} >- >- >-/** >- Indicate that user interface interaction has begun for the specified >credential. >- >- This function is called when a credential provider is selected by the user. If >- AutoLogon returns FALSE, then the user interface will be constructed by the >User >- Identity Manager. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[out] AutoLogon On return, points to the credential provider's >capabilities >- after the credential provider has been selected by the user. >- >- @retval EFI_SUCCESS Credential provider successfully selected. >- @retval EFI_INVALID_PARAMETER AutoLogon is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialSelect ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon >- ) >-{ >- if ((This == NULL) || (AutoLogon == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- *AutoLogon = 0; >- >- return EFI_SUCCESS; >-} >- >- >-/** >- Indicate that user interface interaction has ended for the specified >credential. >- >- This function is called when a credential provider is deselected by the user. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- >- @retval EFI_SUCCESS Credential provider successfully deselected. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialDeselect ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This >- ) >-{ >- if (This == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- return EFI_SUCCESS; >-} >- >- >-/** >- Return the default logon behavior for this user credential. >- >- This function reports the default login behavior regarding this credential >provider. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[out] AutoLogon On return, holds whether the credential provider >should be used >- by default to automatically log on the user. >- >- @retval EFI_SUCCESS Default information successfully returned. >- @retval EFI_INVALID_PARAMETER AutoLogon is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialDefault ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon >- ) >-{ >- if ((This == NULL) || (AutoLogon == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- *AutoLogon = 0; >- >- return EFI_SUCCESS; >-} >- >- >-/** >- Return information attached to the credential provider. >- >- This function returns user information. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in] UserInfo Handle of the user information data record. >- @param[out] Info On entry, points to a buffer of at least *InfoSize >bytes. On >- exit, holds the user information. If the buffer is too small >- to hold the information, then EFI_BUFFER_TOO_SMALL is >returned >- and InfoSize is updated to contain the number of bytes >actually >- required. >- @param[in, out] InfoSize On entry, points to the size of Info. On return, >points to the >- size of the user information. >- >- @retval EFI_SUCCESS Information returned successfully. >- @retval EFI_BUFFER_TOO_SMALL The size specified by InfoSize is too small >to hold all of the >- user information. The size required is returned in *InfoSize. >- @retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL. >- @retval EFI_NOT_FOUND The specified UserInfo does not refer to a >valid user info handle. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialGetInfo ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN EFI_USER_INFO_HANDLE UserInfo, >- OUT EFI_USER_INFO *Info, >- IN OUT UINTN *InfoSize >- ) >-{ >- EFI_USER_INFO *CredentialInfo; >- UINTN Index; >- >- if ((This == NULL) || (InfoSize == NULL) || (Info == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- if ((UserInfo == NULL) || (mPwdInfoHandle == NULL)) { >- return EFI_NOT_FOUND; >- } >- >- // >- // Find information handle in credential info table. >- // >- for (Index = 0; Index < mPwdInfoHandle->Count; Index++) { >- CredentialInfo = mPwdInfoHandle->Info[Index]; >- if (UserInfo == (EFI_USER_INFO_HANDLE)CredentialInfo) { >- // >- // The handle is found, copy the user info. >- // >- if (CredentialInfo->InfoSize > *InfoSize) { >- *InfoSize = CredentialInfo->InfoSize; >- return EFI_BUFFER_TOO_SMALL; >- } >- CopyMem (Info, CredentialInfo, CredentialInfo->InfoSize); >- return EFI_SUCCESS; >- } >- } >- >- return EFI_NOT_FOUND; >-} >- >- >-/** >- Enumerate all of the user informations on the credential provider. >- >- This function returns the next user information record. To retrieve the first >user >- information record handle, point UserInfo at a NULL. Each subsequent call >will retrieve >- another user information record handle until there are no more, at which >point UserInfo >- will point to NULL. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in, out] UserInfo On entry, points to the previous user information >handle or NULL >- to start enumeration. On exit, points to the next user >information >- handle or NULL if there is no more user information. >- >- @retval EFI_SUCCESS User information returned. >- @retval EFI_NOT_FOUND No more user information found. >- @retval EFI_INVALID_PARAMETER UserInfo is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialGetNextInfo ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN OUT EFI_USER_INFO_HANDLE *UserInfo >- ) >-{ >- EFI_USER_INFO *Info; >- CHAR16 *ProvNameStr; >- UINTN InfoLen; >- UINTN Index; >- UINTN ProvStrLen; >- >- if ((This == NULL) || (UserInfo == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- if (mPwdInfoHandle == NULL) { >- // >- // Initilized user info table. There are 4 user info records in the table. >- // >- InfoLen = sizeof (PASSWORD_CREDENTIAL_INFO) + (4 - 1) * sizeof >(EFI_USER_INFO *); >- mPwdInfoHandle = AllocateZeroPool (InfoLen); >- if (mPwdInfoHandle == NULL) { >- *UserInfo = NULL; >- return EFI_NOT_FOUND; >- } >- >- // >- // The first information, Credential Provider info. >- // >- InfoLen = sizeof (EFI_USER_INFO) + sizeof (EFI_GUID); >- Info = AllocateZeroPool (InfoLen); >- ASSERT (Info != NULL); >- >- Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_RECORD; >- Info->InfoSize = (UINT32) InfoLen; >- Info->InfoAttribs = EFI_USER_INFO_PROTECTED; >- CopyGuid (&Info->Credential, &gPwdCredentialProviderGuid); >- CopyGuid ((EFI_GUID *)(Info + 1), &gPwdCredentialProviderGuid); >- >- mPwdInfoHandle->Info[0] = Info; >- mPwdInfoHandle->Count++; >- >- // >- // The second information, Credential Provider name info. >- // >- ProvNameStr = GetStringById (STRING_TOKEN (STR_PROVIDER_NAME)); >- ProvStrLen = StrSize (ProvNameStr); >- InfoLen = sizeof (EFI_USER_INFO) + ProvStrLen; >- Info = AllocateZeroPool (InfoLen); >- ASSERT (Info != NULL); >- >- Info->InfoType = >EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD; >- Info->InfoSize = (UINT32) InfoLen; >- Info->InfoAttribs = EFI_USER_INFO_PROTECTED; >- CopyGuid (&Info->Credential, &gPwdCredentialProviderGuid); >- CopyMem ((UINT8*)(Info + 1), ProvNameStr, ProvStrLen); >- FreePool (ProvNameStr); >- >- mPwdInfoHandle->Info[1] = Info; >- mPwdInfoHandle->Count++; >- >- // >- // The third information, Credential Provider type info. >- // >- InfoLen = sizeof (EFI_USER_INFO) + sizeof (EFI_GUID); >- Info = AllocateZeroPool (InfoLen); >- ASSERT (Info != NULL); >- >- Info->InfoType = EFI_USER_INFO_CREDENTIAL_TYPE_RECORD; >- Info->InfoSize = (UINT32) InfoLen; >- Info->InfoAttribs = EFI_USER_INFO_PROTECTED; >- CopyGuid (&Info->Credential, &gPwdCredentialProviderGuid); >- CopyGuid ((EFI_GUID *)(Info + 1), &gEfiUserCredentialClassPasswordGuid); >- >- mPwdInfoHandle->Info[2] = Info; >- mPwdInfoHandle->Count++; >- >- // >- // The fourth information, Credential Provider type name info. >- // >- ProvNameStr = GetStringById (STRING_TOKEN >(STR_PROVIDER_TYPE_NAME)); >- ProvStrLen = StrSize (ProvNameStr); >- InfoLen = sizeof (EFI_USER_INFO) + ProvStrLen; >- Info = AllocateZeroPool (InfoLen); >- ASSERT (Info != NULL); >- >- Info->InfoType = >EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD; >- Info->InfoSize = (UINT32) InfoLen; >- Info->InfoAttribs = EFI_USER_INFO_PROTECTED; >- CopyGuid (&Info->Credential, &gPwdCredentialProviderGuid); >- CopyMem ((UINT8*)(Info + 1), ProvNameStr, ProvStrLen); >- FreePool (ProvNameStr); >- >- mPwdInfoHandle->Info[3] = Info; >- mPwdInfoHandle->Count++; >- } >- >- if (*UserInfo == NULL) { >- // >- // Return the first info handle. >- // >- *UserInfo = (EFI_USER_INFO_HANDLE) mPwdInfoHandle->Info[0]; >- return EFI_SUCCESS; >- } >- >- // >- // Find information handle in credential info table. >- // >- for (Index = 0; Index < mPwdInfoHandle->Count; Index++) { >- Info = mPwdInfoHandle->Info[Index]; >- if (*UserInfo == (EFI_USER_INFO_HANDLE)Info) { >- // >- // The handle is found, get the next one. >- // >- if (Index == mPwdInfoHandle->Count - 1) { >- // >- // Already last one. >- // >- *UserInfo = NULL; >- return EFI_NOT_FOUND; >- } >- >- Index++; >- *UserInfo = (EFI_USER_INFO_HANDLE)mPwdInfoHandle->Info[Index]; >- return EFI_SUCCESS; >- } >- } >- >- *UserInfo = NULL; >- return EFI_NOT_FOUND; >-} >- >-/** >- Delete a user on this credential provider. >- >- This function deletes a user on this credential provider. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in] User The user profile handle to delete. >- >- @retval EFI_SUCCESS User profile was successfully deleted. >- @retval EFI_ACCESS_DENIED Current user profile does not permit >deletion on the user profile handle. >- Either the user profile cannot delete on any user profile or >cannot delete >- on a user profile other than the current user profile. >- @retval EFI_UNSUPPORTED This credential provider does not support >deletion in the pre-OS. >- @retval EFI_DEVICE_ERROR The new credential could not be deleted >because of a device error. >- @retval EFI_INVALID_PARAMETER User does not refer to a valid user >profile handle. >-**/ >-EFI_STATUS >-EFIAPI >-CredentialDelete ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO *UserInfo; >- UINT8 *UserId; >- UINT8 *NewUserId; >- UINTN Index; >- >- if ((This == NULL) || (User == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Get User Identifier. >- // >- UserInfo = NULL; >- Status = FindUserInfoByType ( >- User, >- EFI_USER_INFO_IDENTIFIER_RECORD, >- &UserInfo >- ); >- if (EFI_ERROR (Status)) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Find the user by user identifier in mPwdTable. >- // >- for (Index = 0; Index < mPwdTable->Count; Index++) { >- UserId = (UINT8 *) &mPwdTable->UserInfo[Index].UserId; >- NewUserId = (UINT8 *) (UserInfo + 1); >- if (CompareMem (UserId, NewUserId, sizeof (EFI_USER_INFO_IDENTIFIER)) >== 0) { >- // >- // Found the user, delete it. >- // >- ModifyTable (Index, NULL); >- break; >- } >- } >- >- FreePool (UserInfo); >- return EFI_SUCCESS; >-} >- >- >-/** >- Main entry for this driver. >- >- @param ImageHandle Image handle this driver. >- @param SystemTable Pointer to SystemTable. >- >- @retval EFI_SUCESS This function always complete successfully. >- >-**/ >-EFI_STATUS >-EFIAPI >-PasswordProviderInit ( >- IN EFI_HANDLE ImageHandle, >- IN EFI_SYSTEM_TABLE *SystemTable >- ) >-{ >- EFI_STATUS Status; >- >- // >- // It is NOT robust enough to be included in production. >- // >- #error "This implementation is just a sample, please comment this line if you >really want to use this driver." >- >- // >- // Init credential table. >- // >- Status = InitCredentialTable (); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- // >- // Init Form Browser. >- // >- Status = InitFormBrowser (); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- // >- // Install protocol interfaces for the password credential provider. >- // >- Status = gBS->InstallProtocolInterface ( >- &mCallbackInfo->DriverHandle, >- &gEfiUserCredential2ProtocolGuid, >- EFI_NATIVE_INTERFACE, >- &gPwdCredentialProviderDriver >- ); >- return Status; >-} >diff --git >a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialP >rovider.h >b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredential >Provider.h >deleted file mode 100644 >index fd782549fd..0000000000 >--- >a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialP >rovider.h >+++ /dev/null >@@ -1,374 +0,0 @@ >-/** @file >- Password Credential Provider driver header file. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#ifndef _PASSWORD_CREDENTIAL_PROVIDER_H_ >-#define _PASSWORD_CREDENTIAL_PROVIDER_H_ >- >-#include <Uefi.h> >- >-#include <Guid/GlobalVariable.h> >- >-#include <Protocol/HiiConfigAccess.h> >-#include <Protocol/UserCredential2.h> >-#include <Protocol/UserManager.h> >- >-#include <Library/UefiRuntimeServicesTableLib.h> >-#include <Library/UefiBootServicesTableLib.h> >-#include <Library/MemoryAllocationLib.h> >-#include <Library/BaseMemoryLib.h> >-#include <Library/DevicePathLib.h> >-#include <Library/DebugLib.h> >-#include <Library/UefiLib.h> >-#include <Library/PrintLib.h> >-#include <Library/HiiLib.h> >-#include <Library/BaseCryptLib.h> >- >-#include "PwdCredentialProviderData.h" >- >-extern UINT8 PwdCredentialProviderStrings[]; >-extern UINT8 PwdCredentialProviderVfrBin[]; >- >-#define PASSWORD_TABLE_INC 16 >-#define CREDENTIAL_LEN 20 >- >-// >-// Password credential information. >-// >-typedef struct { >- EFI_USER_INFO_IDENTIFIER UserId; >- CHAR8 Password[CREDENTIAL_LEN]; >-} PASSWORD_INFO; >- >-// >-// Password credential table. >-// >-typedef struct { >- UINTN Count; >- UINTN MaxCount; >- UINTN ValidIndex; >- PASSWORD_INFO UserInfo[1]; >-} CREDENTIAL_TABLE; >- >-// >-// The user information on the password provider. >-// >-typedef struct { >- UINTN Count; >- EFI_USER_INFO *Info[1]; >-} PASSWORD_CREDENTIAL_INFO; >- >-/// >-/// HII specific Vendor Device Path definition. >-/// >-typedef struct { >- VENDOR_DEVICE_PATH VendorDevicePath; >- EFI_DEVICE_PATH_PROTOCOL End; >-} HII_VENDOR_DEVICE_PATH; >- >-#define PWD_PROVIDER_SIGNATURE SIGNATURE_32 ('P', 'W', 'D', 'P') >- >-typedef struct { >- UINTN Signature; >- EFI_HANDLE DriverHandle; >- EFI_HII_HANDLE HiiHandle; >- // >- // Produced protocol. >- // >- EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess; >-} PWD_PROVIDER_CALLBACK_INFO; >- >- >-/** >- Enroll a user on a credential provider. >- >- This function enrolls a user on this credential provider. If the user exists on >- this credential provider, update the user information on this credential >provider; >- otherwise delete the user information on credential provider. >- >- @param[in] This Points to this instance of >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in] User The user profile to enroll. >- >- @retval EFI_SUCCESS User profile was successfully enrolled. >- @retval EFI_ACCESS_DENIED Current user profile does not permit >enrollment on the >- user profile handle. Either the user profile cannot enroll >- on any user profile or cannot enroll on a user profile >- other than the current user profile. >- @retval EFI_UNSUPPORTED This credential provider does not support >enrollment in >- the pre-OS. >- @retval EFI_DEVICE_ERROR The new credential could not be created >because of a device >- error. >- @retval EFI_INVALID_PARAMETER User does not refer to a valid user >profile handle. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialEnroll ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User >- ); >- >-/** >- Returns the user interface information used during user identification. >- >- This function returns information about the form used when interacting >with the >- user during user identification. The form is the first enabled form in the >form-set >- class EFI_HII_USER_CREDENTIAL_FORMSET_GUID installed on the HII >handle HiiHandle. If >- the user credential provider does not require a form to identify the user, >then this >- function should return EFI_NOT_FOUND. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[out] Hii On return, holds the HII database handle. >- @param[out] FormSetId On return, holds the identifier of the form set >which contains >- the form used during user identification. >- @param[out] FormId On return, holds the identifier of the form used >during user >- identification. >- >- @retval EFI_SUCCESS Form returned successfully. >- @retval EFI_NOT_FOUND Form not returned. >- @retval EFI_INVALID_PARAMETER Hii is NULL or FormSetId is NULL or >FormId is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialForm ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- OUT EFI_HII_HANDLE *Hii, >- OUT EFI_GUID *FormSetId, >- OUT EFI_FORM_ID *FormId >- ); >- >-/** >- Returns bitmap used to describe the credential provider type. >- >- This optional function returns a bitmap which is less than or equal to the >number >- of pixels specified by Width and Height. If no such bitmap exists, then >EFI_NOT_FOUND >- is returned. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in, out] Width On entry, points to the desired bitmap width. If >NULL then no >- bitmap information will be returned. On exit, points to the >- width of the bitmap returned. >- @param[in, out] Height On entry, points to the desired bitmap height. If >NULL then no >- bitmap information will be returned. On exit, points to the >- height of the bitmap returned >- @param[out] Hii On return, holds the HII database handle. >- @param[out] Image On return, holds the HII image identifier. >- >- @retval EFI_SUCCESS Image identifier returned successfully. >- @retval EFI_NOT_FOUND Image identifier not returned. >- @retval EFI_INVALID_PARAMETER Hii is NULL or Image is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialTile ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN OUT UINTN *Width, >- IN OUT UINTN *Height, >- OUT EFI_HII_HANDLE *Hii, >- OUT EFI_IMAGE_ID *Image >- ); >- >-/** >- Returns string used to describe the credential provider type. >- >- This function returns a string which describes the credential provider. If no >- such string exists, then EFI_NOT_FOUND is returned. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[out] Hii On return, holds the HII database handle. >- @param[out] String On return, holds the HII string identifier. >- >- @retval EFI_SUCCESS String identifier returned successfully. >- @retval EFI_NOT_FOUND String identifier not returned. >- @retval EFI_INVALID_PARAMETER Hii is NULL or String is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialTitle ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- OUT EFI_HII_HANDLE *Hii, >- OUT EFI_STRING_ID *String >- ); >- >-/** >- Return the user identifier associated with the currently authenticated user. >- >- This function returns the user identifier of the user authenticated by this >credential >- provider. This function is called after the credential-related information has >been >- submitted on a form OR after a call to Default() has returned that this >credential is >- ready to log on. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in] User The user profile handle of the user profile currently >being >- considered by the user identity manager. If NULL, then no user >- profile is currently under consideration. >- @param[out] Identifier On return, points to the user identifier. >- >- @retval EFI_SUCCESS User identifier returned successfully. >- @retval EFI_NOT_READY No user identifier can be returned. >- @retval EFI_ACCESS_DENIED The user has been locked out of this user >credential. >- @retval EFI_INVALID_PARAMETER This is NULL, or Identifier is NULL. >- @retval EFI_NOT_FOUND User is not NULL, and the specified user >handle can't be >- found in user profile database >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialUser ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User, >- OUT EFI_USER_INFO_IDENTIFIER *Identifier >- ); >- >-/** >- Indicate that user interface interaction has begun for the specified >credential. >- >- This function is called when a credential provider is selected by the user. If >- AutoLogon returns FALSE, then the user interface will be constructed by the >User >- Identity Manager. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[out] AutoLogon On return, points to the credential provider's >capabilities >- after the credential provider has been selected by the user. >- >- @retval EFI_SUCCESS Credential provider successfully selected. >- @retval EFI_INVALID_PARAMETER AutoLogon is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialSelect ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon >- ); >- >-/** >- Indicate that user interface interaction has ended for the specified >credential. >- >- This function is called when a credential provider is deselected by the user. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- >- @retval EFI_SUCCESS Credential provider successfully deselected. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialDeselect ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This >- ); >- >-/** >- Return the default logon behavior for this user credential. >- >- This function reports the default login behavior regarding this credential >provider. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[out] AutoLogon On return, holds whether the credential provider >should be used >- by default to automatically log on the user. >- >- @retval EFI_SUCCESS Default information successfully returned. >- @retval EFI_INVALID_PARAMETER AutoLogon is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialDefault ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon >- ); >- >-/** >- Return information attached to the credential provider. >- >- This function returns user information. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in] UserInfo Handle of the user information data record. >- @param[out] Info On entry, points to a buffer of at least *InfoSize >bytes. On >- exit, holds the user information. If the buffer is too small >- to hold the information, then EFI_BUFFER_TOO_SMALL is >returned >- and InfoSize is updated to contain the number of bytes >actually >- required. >- @param[in, out] InfoSize On entry, points to the size of Info. On return, >points to the >- size of the user information. >- >- @retval EFI_SUCCESS Information returned successfully. >- @retval EFI_BUFFER_TOO_SMALL The size specified by InfoSize is too small >to hold all of the >- user information. The size required is returned in *InfoSize. >- @retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL. >- @retval EFI_NOT_FOUND The specified UserInfo does not refer to a >valid user info handle. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialGetInfo ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN EFI_USER_INFO_HANDLE UserInfo, >- OUT EFI_USER_INFO *Info, >- IN OUT UINTN *InfoSize >- ); >- >- >-/** >- Enumerate all of the user informations on the credential provider. >- >- This function returns the next user information record. To retrieve the first >user >- information record handle, point UserInfo at a NULL. Each subsequent call >will retrieve >- another user information record handle until there are no more, at which >point UserInfo >- will point to NULL. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in, out] UserInfo On entry, points to the previous user information >handle or NULL >- to start enumeration. On exit, points to the next user >information >- handle or NULL if there is no more user information. >- >- @retval EFI_SUCCESS User information returned. >- @retval EFI_NOT_FOUND No more user information found. >- @retval EFI_INVALID_PARAMETER UserInfo is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialGetNextInfo ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN OUT EFI_USER_INFO_HANDLE *UserInfo >- ); >- >-/** >- Delete a user on this credential provider. >- >- This function deletes a user on this credential provider. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in] User The user profile handle to delete. >- >- @retval EFI_SUCCESS User profile was successfully deleted. >- @retval EFI_ACCESS_DENIED Current user profile does not permit >deletion on the user profile handle. >- Either the user profile cannot delete on any user profile or >cannot delete >- on a user profile other than the current user profile. >- @retval EFI_UNSUPPORTED This credential provider does not support >deletion in the pre-OS. >- @retval EFI_DEVICE_ERROR The new credential could not be deleted >because of a device error. >- @retval EFI_INVALID_PARAMETER User does not refer to a valid user >profile handle. >-**/ >-EFI_STATUS >-EFIAPI >-CredentialDelete ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User >- ); >- >-#endif >diff --git >a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialP >rovider.uni >b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredential >Provider.uni >deleted file mode 100644 >index 749e9a8f17..0000000000 >--- >a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialP >rovider.uni >+++ /dev/null >@@ -1,21 +0,0 @@ >-// /** @file >-// Provides a password credential provider implementation >-// >-// This module provides a password credential provider implementation. >-// >-// Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR> >-// >-// This program and the accompanying materials >-// are licensed and made available under the terms and conditions of the BSD >License >-// which accompanies this distribution. The full text of the license may be >found at >-// http://opensource.org/licenses/bsd-license.php >-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >-// >-// **/ >- >- >-#string STR_MODULE_ABSTRACT #language en-US "Provides a >password credential provider implementation" >- >-#string STR_MODULE_DESCRIPTION #language en-US "This module >provides a password credential provider implementation." >- >diff --git >a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialP >roviderData.h >b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredential >ProviderData.h >deleted file mode 100644 >index 31bdfe4c50..0000000000 >--- >a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialP >roviderData.h >+++ /dev/null >@@ -1,30 +0,0 @@ >-/** @file >- Data structure used by the Password Credential Provider driver. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#ifndef _PWD_CREDENTIAL_PROVIDER_DATA_H_ >-#define _PWD_CREDENTIAL_PROVIDER_DATA_H_ >- >-#include <Guid/PwdCredentialProviderHii.h> >- >-// >-// Forms definition >-// >-#define FORMID_GET_PASSWORD_FORM 1 >- >-// >-// Key defination >-// >-#define KEY_GET_PASSWORD 0x1000 >- >-#endif >diff --git >a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialP >roviderDxe.inf >b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredential >ProviderDxe.inf >deleted file mode 100644 >index ab7ba2c913..0000000000 >--- >a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialP >roviderDxe.inf >+++ /dev/null >@@ -1,65 +0,0 @@ >-## @file >-# Provides a password credential provider implementation >-# This module provides a password credential provider implementation. >-# >-# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-# This program and the accompanying materials >-# are licensed and made available under the terms and conditions of the BSD >License >-# which accompanies this distribution. The full text of the license may be >found at >-# http://opensource.org/licenses/bsd-license.php >-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >-# >-## >- >-[Defines] >- INF_VERSION = 0x00010005 >- BASE_NAME = PwdCredentialProvider >- MODULE_UNI_FILE = PwdCredentialProvider.uni >- FILE_GUID = D6C589EA-DD29-49ef-97F6-1A9FE19A04E0 >- MODULE_TYPE = UEFI_DRIVER >- VERSION_STRING = 1.0 >- ENTRY_POINT = PasswordProviderInit >- >-[Sources] >- PwdCredentialProvider.c >- PwdCredentialProvider.h >- PwdCredentialProviderData.h >- PwdCredentialProviderVfr.Vfr >- PwdCredentialProviderStrings.uni >- >-[Packages] >- MdePkg/MdePkg.dec >- MdeModulePkg/MdeModulePkg.dec >- CryptoPkg/CryptoPkg.dec >- SecurityPkg/SecurityPkg.dec >- >-[LibraryClasses] >- UefiRuntimeServicesTableLib >- UefiBootServicesTableLib >- UefiDriverEntryPoint >- MemoryAllocationLib >- BaseMemoryLib >- DebugLib >- HiiLib >- UefiLib >- BaseCryptLib >- >-[Guids] >- gEfiUserCredentialClassPasswordGuid ## SOMETIMES_CONSUMES >## GUID >- >- ## PRODUCES ## Variable:L"PwdCredential" >- ## CONSUMES ## Variable:L"PwdCredential" >- ## CONSUMES ## HII >- ## SOMETIMES_CONSUMES ## GUID # The credential provider >identifier >- gPwdCredentialProviderGuid >- >-[Protocols] >- gEfiDevicePathProtocolGuid ## PRODUCES >- gEfiHiiConfigAccessProtocolGuid ## PRODUCES >- gEfiUserCredential2ProtocolGuid ## PRODUCES >- gEfiUserManagerProtocolGuid ## SOMETIMES_CONSUMES >- >-[UserExtensions.TianoCore."ExtraFiles"] >- PwdCredentialProviderExtra.uni >- >diff --git >a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialP >roviderExtra.uni >b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredential >ProviderExtra.uni >deleted file mode 100644 >index bcc220a51d..0000000000 >--- >a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialP >roviderExtra.uni >+++ /dev/null >@@ -1,19 +0,0 @@ >-// /** @file >-// PwdCredentialProvider Localized Strings and Content >-// >-// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> >-// >-// This program and the accompanying materials >-// are licensed and made available under the terms and conditions of the BSD >License >-// which accompanies this distribution. The full text of the license may be >found at >-// http://opensource.org/licenses/bsd-license.php >-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >-// >-// **/ >- >-#string STR_PROPERTIES_MODULE_NAME >-#language en-US >-"Password Credential Provider" >- >- >diff --git >a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialP >roviderStrings.uni >b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredential >ProviderStrings.uni >deleted file mode 100644 >index e7b3126f83..0000000000 >--- >a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialP >roviderStrings.uni >+++ /dev/null >@@ -1,38 +0,0 @@ >-/** @file >- String definitions for the Password Credential Provider. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php. >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#langdef en-US "English" >-#langdef fr-FR "Francais" >- >-#string STR_CREDENTIAL_TITLE #language en-US "Password >Credential Provider" >- #language fr-FR "Password Credential Provider >(French)" >-#string STR_FORM_TITLE #language en-US "Get Password" >- #language fr-FR "Get Password(French)" >-#string STR_NULL_STRING #language en-US "" >- #language fr-FR "" >-#string STR_INPUT_PASSWORD #language en-US "Please Input >Password" >- #language fr-FR "Please Input Password(French)" >-#string STR_PROVIDER_NAME #language en-US "INTEL >Password Credential Provider" >- #language fr-FR "INTEL Password Credential >Provider(French)" >-#string STR_PROVIDER_TYPE_NAME #language en-US "Password >Credential Provider" >- #language fr-FR "Password Credential >Provider(French)" >-#string STR_INPUT_PASSWORD_AGAIN #language en-US "Input >Password Again" >- #language fr-FR "Input Password Again (French)" >-#string STR_DRAW_A_LINE #language en-US "--------------------- >--------" >- #language fr-FR "------------------------------------" >-#string STR_PASSWORD_INCORRECT #language en-US " Incorrect >Password! " >- #language fr-FR " Incorrect Password! (French) " >-#string STR_PASSWORD_MISMATCH #language en-US " The >Password Mismatch! " >- #language fr-FR " The Password Mismatch! (French) >" >- >diff --git >a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialP >roviderVfr.Vfr >b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredential >ProviderVfr.Vfr >deleted file mode 100644 >index 60972203b0..0000000000 >--- >a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialP >roviderVfr.Vfr >+++ /dev/null >@@ -1,34 +0,0 @@ >-/** @file >- Password Credential Provider formset. >- >-Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#include "PwdCredentialProviderData.h" >- >-formset >- guid = PWD_CREDENTIAL_PROVIDER_GUID, >- title = STRING_TOKEN(STR_CREDENTIAL_TITLE), >- help = STRING_TOKEN(STR_NULL_STRING), >- classguid = PWD_CREDENTIAL_PROVIDER_GUID, >- >- form formid = FORMID_GET_PASSWORD_FORM, >- title = STRING_TOKEN(STR_FORM_TITLE); >- >- text >- help = STRING_TOKEN(STR_NULL_STRING), >- text = STRING_TOKEN(STR_INPUT_PASSWORD), >- flags = INTERACTIVE, >- key = KEY_GET_PASSWORD; >- >- endform; >- >-endformset; >\ No newline at end of file >diff --git >a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >ovider.c >b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >ovider.c >deleted file mode 100644 >index 841e975103..0000000000 >--- >a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >ovider.c >+++ /dev/null >@@ -1,1410 +0,0 @@ >-/** @file >- Usb Credential Provider driver implemenetation. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#include "UsbCredentialProvider.h" >- >-CREDENTIAL_TABLE *mUsbTable = NULL; >-USB_PROVIDER_CALLBACK_INFO *mCallbackInfo = NULL; >-USB_CREDENTIAL_INFO *mUsbInfoHandle = NULL; >- >-EFI_USER_CREDENTIAL2_PROTOCOL gUsbCredentialProviderDriver = { >- USB_CREDENTIAL_PROVIDER_GUID, >- EFI_USER_CREDENTIAL_CLASS_SECURE_CARD, >- CredentialEnroll, >- CredentialForm, >- CredentialTile, >- CredentialTitle, >- CredentialUser, >- CredentialSelect, >- CredentialDeselect, >- CredentialDefault, >- CredentialGetInfo, >- CredentialGetNextInfo, >- EFI_CREDENTIAL_CAPABILITIES_ENROLL, >- CredentialDelete >-}; >- >- >-/** >- Get string by string id from HII Interface. >- >- >- @param[in] Id String ID to get the string from. >- >- @retval CHAR16 * String from ID. >- @retval NULL If error occurs. >- >-**/ >-CHAR16 * >-GetStringById ( >- IN EFI_STRING_ID Id >- ) >-{ >- // >- // Get the current string for the current Language >- // >- return HiiGetString (mCallbackInfo->HiiHandle, Id, NULL); >-} >- >- >-/** >- Expand password table size. >- >-**/ >-VOID >-ExpandTableSize ( >- VOID >- ) >-{ >- CREDENTIAL_TABLE *NewTable; >- UINTN Count; >- >- Count = mUsbTable->MaxCount + USB_TABLE_INC; >- // >- // Create new credential table. >- // >- NewTable = AllocateZeroPool ( >- sizeof (CREDENTIAL_TABLE) - sizeof (USB_INFO) + >- Count * sizeof (USB_INFO) >- ); >- ASSERT (NewTable != NULL); >- >- NewTable->MaxCount = Count; >- NewTable->Count = mUsbTable->Count; >- >- // >- // Copy old entries. >- // >- CopyMem ( >- &NewTable->UserInfo, >- &mUsbTable->UserInfo, >- mUsbTable->Count * sizeof (USB_INFO) >- ); >- FreePool (mUsbTable); >- mUsbTable = NewTable; >-} >- >- >-/** >- Add, update or delete info in table, and sync with NV variable. >- >- @param[in] Index The index of the password in table. If index is found in >- table, update the info, else add the into to table. >- @param[in] Info The new credential info to add into table. If Info is NULL, >- delete the info by Index. >- >- @retval EFI_INVALID_PARAMETER Info is NULL when save the info. >- @retval EFI_SUCCESS Modify the table successfully. >- @retval Others Failed to modify the table. >- >-**/ >-EFI_STATUS >-ModifyTable ( >- IN UINTN Index, >- IN USB_INFO * Info OPTIONAL >- ) >-{ >- EFI_STATUS Status; >- USB_INFO *NewUsbInfo; >- >- NewUsbInfo = NULL; >- if (Index < mUsbTable->Count) { >- if (Info == NULL) { >- // >- // Delete the specified entry. >- // >- mUsbTable->Count--; >- if (Index != mUsbTable->Count) { >- NewUsbInfo = &mUsbTable->UserInfo[mUsbTable->Count]; >- } >- } else { >- // >- // Update the specified entry. >- // >- NewUsbInfo = Info; >- } >- } else { >- // >- // Add a new entry >- // >- if (Info == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- >- if (mUsbTable->Count >= mUsbTable->MaxCount) { >- ExpandTableSize (); >- } >- >- NewUsbInfo = Info; >- mUsbTable->Count++; >- } >- >- if (NewUsbInfo != NULL) { >- CopyMem (&mUsbTable->UserInfo[Index], NewUsbInfo, sizeof >(USB_INFO)); >- } >- >- // >- // Save the credential table. >- // >- Status = gRT->SetVariable ( >- L"UsbCredential", >- &gUsbCredentialProviderGuid, >- EFI_VARIABLE_NON_VOLATILE | >EFI_VARIABLE_BOOTSERVICE_ACCESS, >- mUsbTable->Count * sizeof (USB_INFO), >- &mUsbTable->UserInfo >- ); >- return Status; >-} >- >- >-/** >- Create a credential table >- >- @retval EFI_SUCCESS Create a credential table successfully. >- @retval Others Failed to create a password. >- >-**/ >-EFI_STATUS >-InitCredentialTable ( >- VOID >- ) >-{ >- EFI_STATUS Status; >- UINT8 *Var; >- UINTN VarSize; >- >- // >- // Get Usb credential data from NV variable. >- // >- VarSize = 0; >- Var = NULL; >- Status = gRT->GetVariable ( >- L"UsbCredential", >- &gUsbCredentialProviderGuid, >- NULL, >- &VarSize, >- Var >- ); >- if (Status == EFI_BUFFER_TOO_SMALL) { >- Var = AllocateZeroPool (VarSize); >- if (Var == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- Status = gRT->GetVariable ( >- L"UsbCredential", >- &gUsbCredentialProviderGuid, >- NULL, >- &VarSize, >- Var >- ); >- } >- if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) { >- return Status; >- } >- >- // >- // Init Usb credential table. >- // >- mUsbTable = AllocateZeroPool ( >- sizeof (CREDENTIAL_TABLE) - sizeof (USB_INFO) + >- USB_TABLE_INC * sizeof (USB_INFO) + >- VarSize >- ); >- if (mUsbTable == NULL) { >- FreePool (Var); >- return EFI_OUT_OF_RESOURCES; >- } >- >- mUsbTable->Count = VarSize / sizeof (USB_INFO); >- mUsbTable->MaxCount = mUsbTable->Count + USB_TABLE_INC; >- if (Var != NULL) { >- CopyMem (mUsbTable->UserInfo, Var, VarSize); >- FreePool (Var); >- } >- return EFI_SUCCESS; >-} >- >- >-/** >- Read the specified file by FileName in the Usb key and return the file size in >BufferSize >- and file content in Buffer. >- Note: the caller is responsible to free the buffer memory. >- >- @param FileName File to read. >- @param Buffer Returned with data read from the file. >- @param BufferSize Size of the data buffer. >- >- @retval EFI_SUCCESS The command completed successfully. >- @retval EFI_OUT_OF_RESOURCES Resource allocation failed. >- @retval EFI_NOT_FOUND File not found. >- @retval EFI_DEVICE_ERROR Device I/O error. >- >-**/ >-EFI_STATUS >-GetFileData ( >- IN CHAR16 *FileName, >- OUT VOID **Buffer, >- OUT UINTN *BufferSize >- ) >-{ >- EFI_STATUS Status; >- UINTN Index; >- UINTN HandleCount; >- UINTN ScratchBufferSize; >- EFI_HANDLE *HandleBuffer; >- EFI_FILE *RootFs; >- EFI_FILE *FileHandle; >- EFI_FILE_INFO *FileInfo; >- EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *SimpleFileSystem; >- EFI_BLOCK_IO_PROTOCOL *BlkIo; >- >- FileInfo = NULL; >- FileHandle = NULL; >- >- Status = gBS->LocateHandleBuffer ( >- ByProtocol, >- &gEfiSimpleFileSystemProtocolGuid, >- NULL, >- &HandleCount, >- &HandleBuffer >- ); >- if (EFI_ERROR (Status)) { >- DEBUG ((DEBUG_ERROR, "Can not Locate SimpleFileSystemProtocol\n")); >- goto Done; >- } >- >- // >- // Find and open the file in removable media disk. >- // >- for (Index = 0; Index < HandleCount; Index++) { >- Status = gBS->HandleProtocol ( >- HandleBuffer[Index], >- &gEfiBlockIoProtocolGuid, >- (VOID **) &BlkIo >- ); >- if (EFI_ERROR (Status)) { >- continue; >- } >- >- if (BlkIo->Media->RemovableMedia) { >- Status = gBS->HandleProtocol ( >- HandleBuffer[Index], >- &gEfiSimpleFileSystemProtocolGuid, >- (VOID **) &SimpleFileSystem >- ); >- if (EFI_ERROR (Status)) { >- continue; >- } >- >- Status = SimpleFileSystem->OpenVolume ( >- SimpleFileSystem, >- &RootFs >- ); >- if (EFI_ERROR (Status)) { >- continue; >- } >- >- Status = RootFs->Open ( >- RootFs, >- &FileHandle, >- FileName, >- EFI_FILE_MODE_READ, >- 0 >- ); >- if (!EFI_ERROR (Status)) { >- break; >- } >- } >- } >- >- FreePool (HandleBuffer); >- >- if (Index >= HandleCount) { >- DEBUG ((DEBUG_ERROR, "Can not found the token file!\n")); >- Status = EFI_NOT_FOUND; >- goto Done; >- } >- >- // >- // Figure out how big the file is. >- // >- ScratchBufferSize = 0; >- Status = FileHandle->GetInfo ( >- FileHandle, >- &gEfiFileInfoGuid, >- &ScratchBufferSize, >- NULL >- ); >- if (EFI_ERROR (Status) && (Status != EFI_BUFFER_TOO_SMALL)) { >- DEBUG ((DEBUG_ERROR, "Can not obtain file size info!\n")); >- Status = EFI_DEVICE_ERROR; >- goto Done; >- } >- >- FileInfo = AllocateZeroPool (ScratchBufferSize); >- if (FileInfo == NULL) { >- DEBUG ((DEBUG_ERROR, "Can not allocate enough memory for the token >file!\n")); >- Status = EFI_OUT_OF_RESOURCES; >- goto Done; >- } >- >- Status = FileHandle->GetInfo ( >- FileHandle, >- &gEfiFileInfoGuid, >- &ScratchBufferSize, >- FileInfo >- ); >- if (EFI_ERROR (Status)) { >- DEBUG ((DEBUG_ERROR, "Can not obtain file info from the token file!\n")); >- Status = EFI_DEVICE_ERROR; >- goto Done; >- } >- >- // >- // Allocate a buffer for the file. >- // >- *BufferSize = (UINT32) FileInfo->FileSize; >- *Buffer = AllocateZeroPool (*BufferSize); >- if (*Buffer == NULL) { >- DEBUG ((DEBUG_ERROR, "Can not allocate a buffer for the file!\n")); >- Status = EFI_OUT_OF_RESOURCES; >- goto Done; >- } >- >- // >- // Load file into the allocated memory. >- // >- Status = FileHandle->Read (FileHandle, BufferSize, *Buffer); >- if (EFI_ERROR (Status)) { >- FreePool (*Buffer); >- DEBUG ((DEBUG_ERROR, "Can not read the token file!\n")); >- Status = EFI_DEVICE_ERROR; >- goto Done; >- } >- >- // >- // Close file. >- // >- Status = FileHandle->Close (FileHandle); >- if (EFI_ERROR (Status)) { >- FreePool (*Buffer); >- DEBUG ((DEBUG_ERROR, "Can not close the token file !\n")); >- Status = EFI_DEVICE_ERROR; >- } >- >-Done: >- >- if (FileInfo != NULL) { >- FreePool (FileInfo); >- } >- >- return Status; >-} >- >- >-/** >- Hash the data to get credential. >- >- @param[in] Buffer Points to the data buffer >- @param[in] BufferSize The size of data in buffer, in bytes. >- @param[out] Credential Points to the hashed result >- >- @retval TRUE Hash the data successfully. >- @retval FALSE Failed to hash the data. >- >-**/ >-BOOLEAN >-GenerateCredential ( >- IN UINT8 *Buffer, >- IN UINTN BufferSize, >- OUT UINT8 *Credential >- ) >-{ >- BOOLEAN Status; >- UINTN HashSize; >- VOID *Hash; >- >- HashSize = Sha1GetContextSize (); >- Hash = AllocatePool (HashSize); >- ASSERT (Hash != NULL); >- >- Status = Sha1Init (Hash); >- if (!Status) { >- goto Done; >- } >- >- Status = Sha1Update (Hash, Buffer, BufferSize); >- if (!Status) { >- goto Done; >- } >- >- Status = Sha1Final (Hash, Credential); >- >-Done: >- FreePool (Hash); >- return Status; >-} >- >- >-/** >- Read the token file, and default the Token is saved at the begining of the file. >- >- @param[out] Token Token read from a Token file. >- >- @retval EFI_SUCCESS Read a Token successfully. >- @retval Others Fails to read a Token. >- >-**/ >-EFI_STATUS >-GetToken ( >- OUT UINT8 *Token >- ) >-{ >- EFI_STATUS Status; >- UINT8 *Buffer; >- UINTN BufSize; >- CHAR16 *TokenFile; >- >- BufSize = 0; >- Buffer = NULL; >- TokenFile = PcdGetPtr (PcdFixedUsbCredentialProviderTokenFileName); >- Status = GetFileData (TokenFile, (VOID *)&Buffer, &BufSize); >- if (EFI_ERROR (Status)) { >- DEBUG ((DEBUG_ERROR, "Read file %s from USB error! Status=(%r)\n", >TokenFile, Status)); >- return Status; >- } >- >- if (!GenerateCredential (Buffer, BufSize, Token)) { >- DEBUG ((DEBUG_ERROR, "Generate credential from read data failed!\n")); >- FreePool (Buffer); >- return EFI_SECURITY_VIOLATION; >- } >- >- FreePool (Buffer); >- return EFI_SUCCESS; >-} >- >- >-/** >- Find a user infomation record by the information record type. >- >- This function searches all user information records of User from beginning >- until either the information is found or there are no more user infomation >- record. A match occurs when a Info.InfoType field matches the user >information >- record type. >- >- @param[in] User Points to the user profile record to search. >- @param[in] InfoType The infomation type to be searched. >- @param[out] Info Points to the user info found, the caller is responsible >- to free. >- >- @retval EFI_SUCCESS Find the user information successfully. >- @retval Others Fail to find the user information. >- >-**/ >-EFI_STATUS >-FindUserInfoByType ( >- IN EFI_USER_PROFILE_HANDLE User, >- IN UINT8 InfoType, >- OUT EFI_USER_INFO **Info >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO *UserInfo; >- UINTN UserInfoSize; >- EFI_USER_INFO_HANDLE UserInfoHandle; >- EFI_USER_MANAGER_PROTOCOL *UserManager; >- >- // >- // Find user information by information type. >- // >- if (Info == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- >- Status = gBS->LocateProtocol ( >- &gEfiUserManagerProtocolGuid, >- NULL, >- (VOID **) &UserManager >- ); >- if (EFI_ERROR (Status)) { >- return EFI_NOT_FOUND; >- } >- >- // >- // Get each user information. >- // >- >- UserInfoHandle = NULL; >- UserInfo = NULL; >- UserInfoSize = 0; >- while (TRUE) { >- Status = UserManager->GetNextInfo (UserManager, User, >&UserInfoHandle); >- if (EFI_ERROR (Status)) { >- break; >- } >- // >- // Get information. >- // >- Status = UserManager->GetInfo ( >- UserManager, >- User, >- UserInfoHandle, >- UserInfo, >- &UserInfoSize >- ); >- if (Status == EFI_BUFFER_TOO_SMALL) { >- if (UserInfo != NULL) { >- FreePool (UserInfo); >- } >- UserInfo = AllocateZeroPool (UserInfoSize); >- if (UserInfo == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- Status = UserManager->GetInfo ( >- UserManager, >- User, >- UserInfoHandle, >- UserInfo, >- &UserInfoSize >- ); >- } >- if (EFI_ERROR (Status)) { >- break; >- } >- >- ASSERT (UserInfo != NULL); >- if (UserInfo->InfoType == InfoType) { >- *Info = UserInfo; >- return EFI_SUCCESS; >- } >- } >- >- if (UserInfo != NULL) { >- FreePool (UserInfo); >- } >- return Status; >-} >- >- >-/** >- This function initialize the data mainly used in form browser. >- >- @retval EFI_SUCCESS Initialize form data successfully. >- @retval Others Fail to Initialize form data. >- >-**/ >-EFI_STATUS >-InitFormBrowser ( >- VOID >- ) >-{ >- USB_PROVIDER_CALLBACK_INFO *CallbackInfo; >- >- // >- // Initialize driver private data. >- // >- CallbackInfo = AllocateZeroPool (sizeof (USB_PROVIDER_CALLBACK_INFO)); >- if (CallbackInfo == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- >- CallbackInfo->DriverHandle = NULL; >- >- // >- // Publish HII data. >- // >- CallbackInfo->HiiHandle = HiiAddPackages ( >- &gUsbCredentialProviderGuid, >- CallbackInfo->DriverHandle, >- UsbCredentialProviderStrings, >- NULL >- ); >- if (CallbackInfo->HiiHandle == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- mCallbackInfo = CallbackInfo; >- >- return EFI_SUCCESS; >-} >- >- >-/** >- Enroll a user on a credential provider. >- >- This function enrolls a user on this credential provider. If the user exists on >- this credential provider, update the user information on this credential >provider; >- otherwise add the user information on credential provider. >- >- @param[in] This Points to this instance of >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in] User The user profile to enroll. >- >- @retval EFI_SUCCESS User profile was successfully enrolled. >- @retval EFI_ACCESS_DENIED Current user profile does not permit >enrollment on the >- user profile handle. Either the user profile cannot enroll >- on any user profile or cannot enroll on a user profile >- other than the current user profile. >- @retval EFI_UNSUPPORTED This credential provider does not support >enrollment in >- the pre-OS. >- @retval EFI_DEVICE_ERROR The new credential could not be created >because of a device >- error. >- @retval EFI_INVALID_PARAMETER User does not refer to a valid user >profile handle. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialEnroll ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User >- ) >-{ >- EFI_STATUS Status; >- UINTN Index; >- USB_INFO UsbInfo; >- EFI_USER_INFO *UserInfo; >- EFI_INPUT_KEY Key; >- UINT8 *UserId; >- CHAR16 *QuestionStr; >- CHAR16 *PromptStr; >- >- if ((This == NULL) || (User == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Get User Identifier >- // >- UserInfo = NULL; >- Status = FindUserInfoByType ( >- User, >- EFI_USER_INFO_IDENTIFIER_RECORD, >- &UserInfo >- ); >- if (EFI_ERROR (Status)) { >- return EFI_INVALID_PARAMETER; >- } >- >- CopyMem (UsbInfo.UserId, (UINT8 *) (UserInfo + 1), sizeof >(EFI_USER_INFO_IDENTIFIER)); >- FreePool (UserInfo); >- >- // >- // Get Token and User ID to UsbInfo. >- // >- Status = GetToken (UsbInfo.Token); >- if (EFI_ERROR (Status)) { >- QuestionStr = GetStringById (STRING_TOKEN >(STR_READ_USB_TOKEN_ERROR)); >- PromptStr = GetStringById (STRING_TOKEN (STR_INSERT_USB_TOKEN)); >- CreatePopUp ( >- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >- &Key, >- QuestionStr, >- L"", >- PromptStr, >- NULL >- ); >- FreePool (QuestionStr); >- FreePool (PromptStr); >- return Status; >- } >- >- // >- // Check whether User is ever enrolled in the provider. >- // >- for (Index = 0; Index < mUsbTable->Count; Index++) { >- UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId; >- if (CompareMem (UserId, (UINT8 *) &UsbInfo.UserId, sizeof >(EFI_USER_INFO_IDENTIFIER)) == 0) { >- // >- // User already exists, update the password. >- // >- break; >- } >- } >- >- // >- // Enroll the User to the provider. >- // >- Status = ModifyTable (Index, &UsbInfo); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- return EFI_SUCCESS; >-} >- >- >-/** >- Returns the user interface information used during user identification. >- >- This function returns information about the form used when interacting >with the >- user during user identification. The form is the first enabled form in the >form-set >- class EFI_HII_USER_CREDENTIAL_FORMSET_GUID installed on the HII >handle HiiHandle. If >- the user credential provider does not require a form to identify the user, >then this >- function should return EFI_NOT_FOUND. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[out] Hii On return, holds the HII database handle. >- @param[out] FormSetId On return, holds the identifier of the form set >which contains >- the form used during user identification. >- @param[out] FormId On return, holds the identifier of the form used >during user >- identification. >- >- @retval EFI_SUCCESS Form returned successfully. >- @retval EFI_NOT_FOUND Form not returned. >- @retval EFI_INVALID_PARAMETER Hii is NULL or FormSetId is NULL or >FormId is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialForm ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- OUT EFI_HII_HANDLE *Hii, >- OUT EFI_GUID *FormSetId, >- OUT EFI_FORM_ID *FormId >- ) >-{ >- if ((This == NULL) || (Hii == NULL) || >- (FormSetId == NULL) || (FormId == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- return EFI_NOT_FOUND; >-} >- >- >-/** >- Returns bitmap used to describe the credential provider type. >- >- This optional function returns a bitmap which is less than or equal to the >number >- of pixels specified by Width and Height. If no such bitmap exists, then >EFI_NOT_FOUND >- is returned. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in, out] Width On entry, points to the desired bitmap width. If >NULL then no >- bitmap information will be returned. On exit, points to the >- width of the bitmap returned. >- @param[in, out] Height On entry, points to the desired bitmap height. If >NULL then no >- bitmap information will be returned. On exit, points to the >- height of the bitmap returned. >- @param[out] Hii On return, holds the HII database handle. >- @param[out] Image On return, holds the HII image identifier. >- >- @retval EFI_SUCCESS Image identifier returned successfully. >- @retval EFI_NOT_FOUND Image identifier not returned. >- @retval EFI_INVALID_PARAMETER Hii is NULL or Image is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialTile ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN OUT UINTN *Width, >- IN OUT UINTN *Height, >- OUT EFI_HII_HANDLE *Hii, >- OUT EFI_IMAGE_ID *Image >- ) >-{ >- if ((This == NULL) || (Hii == NULL) || (Image == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- return EFI_NOT_FOUND; >-} >- >- >-/** >- Returns string used to describe the credential provider type. >- >- This function returns a string which describes the credential provider. If no >- such string exists, then EFI_NOT_FOUND is returned. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[out] Hii On return, holds the HII database handle. >- @param[out] String On return, holds the HII string identifier. >- >- @retval EFI_SUCCESS String identifier returned successfully. >- @retval EFI_NOT_FOUND String identifier not returned. >- @retval EFI_INVALID_PARAMETER Hii is NULL or String is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialTitle ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- OUT EFI_HII_HANDLE *Hii, >- OUT EFI_STRING_ID *String >- ) >-{ >- if ((This == NULL) || (Hii == NULL) || (String == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- // >- // Set Hii handle and String ID. >- // >- *Hii = mCallbackInfo->HiiHandle; >- *String = STRING_TOKEN (STR_CREDENTIAL_TITLE); >- >- return EFI_SUCCESS; >-} >- >- >-/** >- Return the user identifier associated with the currently authenticated user. >- >- This function returns the user identifier of the user authenticated by this >credential >- provider. This function is called after the credential-related information has >been >- submitted on a form OR after a call to Default() has returned that this >credential is >- ready to log on. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in] User The user profile handle of the user profile currently >being >- considered by the user identity manager. If NULL, then no user >- profile is currently under consideration. >- @param[out] Identifier On return, points to the user identifier. >- >- @retval EFI_SUCCESS User identifier returned successfully. >- @retval EFI_NOT_READY No user identifier can be returned. >- @retval EFI_ACCESS_DENIED The user has been locked out of this user >credential. >- @retval EFI_INVALID_PARAMETER This is NULL, or Identifier is NULL. >- @retval EFI_NOT_FOUND User is not NULL, and the specified user >handle can't be >- found in user profile database. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialUser ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User, >- OUT EFI_USER_INFO_IDENTIFIER *Identifier >- ) >-{ >- EFI_STATUS Status; >- UINTN Index; >- EFI_USER_INFO *UserInfo; >- UINT8 *UserId; >- UINT8 *NewUserId; >- UINT8 *UserToken; >- UINT8 ReadToken[HASHED_CREDENTIAL_LEN]; >- EFI_INPUT_KEY Key; >- CHAR16 *QuestionStr; >- CHAR16 *PromptStr; >- >- if ((This == NULL) || (Identifier == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- if (User == NULL) { >- // >- // Verify the auto logon user, get user id by matched token. >- // >- if (mUsbTable->Count == 0) { >- return EFI_NOT_READY; >- } >- >- // >- // No user selected, get token first and verify the user existed in user >database. >- // >- Status = GetToken (ReadToken); >- if (EFI_ERROR (Status)) { >- return EFI_NOT_READY; >- } >- >- for (Index = 0; Index < mUsbTable->Count; Index++) { >- // >- // find the specified credential in the Usb credential database. >- // >- UserToken = mUsbTable->UserInfo[Index].Token; >- if (CompareMem (UserToken, ReadToken, HASHED_CREDENTIAL_LEN) == >0) { >- UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId; >- CopyMem (Identifier, UserId, sizeof (EFI_USER_INFO_IDENTIFIER)); >- return EFI_SUCCESS; >- } >- } >- >- return EFI_NOT_READY; >- } >- >- // >- // User is not NULL here. Read a token, and check whether the token >matches with >- // the selected user's Token. If not, try to find a token in token DB to >matches >- // with read token. >- // >- >- Status = GetToken (ReadToken); >- if (EFI_ERROR (Status)) { >- QuestionStr = GetStringById (STRING_TOKEN >(STR_READ_USB_TOKEN_ERROR)); >- PromptStr = GetStringById (STRING_TOKEN (STR_INSERT_USB_TOKEN)); >- CreatePopUp ( >- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >- &Key, >- QuestionStr, >- L"", >- PromptStr, >- NULL >- ); >- FreePool (QuestionStr); >- FreePool (PromptStr); >- return EFI_NOT_FOUND; >- } >- >- // >- // Get the selected user's identifier. >- // >- Status = FindUserInfoByType (User, EFI_USER_INFO_IDENTIFIER_RECORD, >&UserInfo); >- if (EFI_ERROR (Status)) { >- return EFI_NOT_FOUND; >- } >- >- // >- // Check the selected user's Token with the read token. >- // >- for (Index = 0; Index < mUsbTable->Count; Index++) { >- UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId; >- NewUserId = (UINT8 *) (UserInfo + 1); >- if (CompareMem (UserId, NewUserId, sizeof (EFI_USER_INFO_IDENTIFIER)) >== 0) { >- // >- // The user's ID is found in the UsbTable. >- // >- UserToken = mUsbTable->UserInfo[Index].Token; >- if (CompareMem (UserToken, ReadToken, HASHED_CREDENTIAL_LEN) == >0) { >- // >- // The read token matches with the one in UsbTable. >- // >- CopyMem (Identifier, UserId, sizeof (EFI_USER_INFO_IDENTIFIER)); >- FreePool (UserInfo); >- return EFI_SUCCESS; >- } >- } >- } >- >- FreePool (UserInfo); >- >- return EFI_NOT_READY; >-} >- >- >-/** >- Indicate that user interface interaction has begun for the specified >credential. >- >- This function is called when a credential provider is selected by the user. If >- AutoLogon returns FALSE, then the user interface will be constructed by the >User >- Identity Manager. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[out] AutoLogon On return, points to the credential provider's >capabilities >- after the credential provider has been selected by the user. >- >- @retval EFI_SUCCESS Credential provider successfully selected. >- @retval EFI_INVALID_PARAMETER AutoLogon is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialSelect ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon >- ) >-{ >- if ((This == NULL) || (AutoLogon == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- *AutoLogon = EFI_CREDENTIAL_LOGON_FLAG_DEFAULT | >EFI_CREDENTIAL_LOGON_FLAG_AUTO; >- >- return EFI_SUCCESS; >-} >- >- >-/** >- Indicate that user interface interaction has ended for the specified >credential. >- >- This function is called when a credential provider is deselected by the user. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- >- @retval EFI_SUCCESS Credential provider successfully deselected. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialDeselect ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This >- ) >-{ >- if (This == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- return EFI_SUCCESS; >-} >- >- >-/** >- Return the default logon behavior for this user credential. >- >- This function reports the default login behavior regarding this credential >provider. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[out] AutoLogon On return, holds whether the credential provider >should be used >- by default to automatically log on the user. >- >- @retval EFI_SUCCESS Default information successfully returned. >- @retval EFI_INVALID_PARAMETER AutoLogon is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialDefault ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon >- ) >-{ >- if ((This == NULL) || (AutoLogon == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- *AutoLogon = EFI_CREDENTIAL_LOGON_FLAG_DEFAULT | >EFI_CREDENTIAL_LOGON_FLAG_AUTO; >- return EFI_SUCCESS; >-} >- >- >-/** >- Return information attached to the credential provider. >- >- This function returns user information. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in] UserInfo Handle of the user information data record. >- @param[out] Info On entry, points to a buffer of at least *InfoSize >bytes. On >- exit, holds the user information. If the buffer is too small >- to hold the information, then EFI_BUFFER_TOO_SMALL is >returned >- and InfoSize is updated to contain the number of bytes >actually >- required. >- @param[in, out] InfoSize On entry, points to the size of Info. On return, >points to the >- size of the user information. >- >- @retval EFI_SUCCESS Information returned successfully. >- @retval EFI_BUFFER_TOO_SMALL The size specified by InfoSize is too small >to hold all of the >- user information. The size required is returned in *InfoSize. >- @retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL. >- @retval EFI_NOT_FOUND The specified UserInfo does not refer to a >valid user info handle. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialGetInfo ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN EFI_USER_INFO_HANDLE UserInfo, >- OUT EFI_USER_INFO *Info, >- IN OUT UINTN *InfoSize >- ) >-{ >- EFI_USER_INFO *CredentialInfo; >- UINTN Index; >- >- if ((This == NULL) || (InfoSize == NULL) || (Info == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- if ((UserInfo == NULL) || (mUsbInfoHandle == NULL)) { >- return EFI_NOT_FOUND; >- } >- >- // >- // Find information handle in credential info table. >- // >- for (Index = 0; Index < mUsbInfoHandle->Count; Index++) { >- CredentialInfo = mUsbInfoHandle->Info[Index]; >- if (UserInfo == (EFI_USER_INFO_HANDLE)CredentialInfo) { >- // >- // The handle is found, copy the user info. >- // >- if (CredentialInfo->InfoSize > *InfoSize) { >- *InfoSize = CredentialInfo->InfoSize; >- return EFI_BUFFER_TOO_SMALL; >- } >- >- CopyMem (Info, CredentialInfo, CredentialInfo->InfoSize); >- return EFI_SUCCESS; >- } >- } >- >- return EFI_NOT_FOUND; >-} >- >- >-/** >- Enumerate all of the user informations on the credential provider. >- >- This function returns the next user information record. To retrieve the first >user >- information record handle, point UserInfo at a NULL. Each subsequent call >will retrieve >- another user information record handle until there are no more, at which >point UserInfo >- will point to NULL. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in, out] UserInfo On entry, points to the previous user information >handle or NULL >- to start enumeration. On exit, points to the next user >information >- handle or NULL if there is no more user information. >- >- @retval EFI_SUCCESS User information returned. >- @retval EFI_NOT_FOUND No more user information found. >- @retval EFI_INVALID_PARAMETER UserInfo is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialGetNextInfo ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN OUT EFI_USER_INFO_HANDLE *UserInfo >- ) >-{ >- EFI_USER_INFO *Info; >- CHAR16 *ProvNameStr; >- UINTN InfoLen; >- UINTN Index; >- UINTN ProvStrLen; >- >- if ((This == NULL) || (UserInfo == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- if (mUsbInfoHandle == NULL) { >- // >- // Initilized user info table. There are 4 user info records in the table. >- // >- InfoLen = sizeof (USB_CREDENTIAL_INFO) + (4 - 1) * sizeof >(EFI_USER_INFO *); >- mUsbInfoHandle = AllocateZeroPool (InfoLen); >- if (mUsbInfoHandle == NULL) { >- *UserInfo = NULL; >- return EFI_NOT_FOUND; >- } >- >- // >- // The first information, Credential Provider info. >- // >- InfoLen = sizeof (EFI_USER_INFO) + sizeof (EFI_GUID); >- Info = AllocateZeroPool (InfoLen); >- ASSERT (Info != NULL); >- >- Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_RECORD; >- Info->InfoSize = (UINT32) InfoLen; >- Info->InfoAttribs = EFI_USER_INFO_PROTECTED; >- CopyGuid (&Info->Credential, &gUsbCredentialProviderGuid); >- CopyGuid ((EFI_GUID *)(Info + 1), &gUsbCredentialProviderGuid); >- >- mUsbInfoHandle->Info[0] = Info; >- mUsbInfoHandle->Count++; >- >- // >- // The second information, Credential Provider name info. >- // >- ProvNameStr = GetStringById (STRING_TOKEN (STR_PROVIDER_NAME)); >- ProvStrLen = StrSize (ProvNameStr); >- InfoLen = sizeof (EFI_USER_INFO) + ProvStrLen; >- Info = AllocateZeroPool (InfoLen); >- ASSERT (Info != NULL); >- >- Info->InfoType = >EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD; >- Info->InfoSize = (UINT32) InfoLen; >- Info->InfoAttribs = EFI_USER_INFO_PROTECTED; >- CopyGuid (&Info->Credential, &gUsbCredentialProviderGuid); >- CopyMem ((UINT8*)(Info + 1), ProvNameStr, ProvStrLen); >- FreePool (ProvNameStr); >- >- mUsbInfoHandle->Info[1] = Info; >- mUsbInfoHandle->Count++; >- >- // >- // The third information, Credential Provider type info. >- // >- InfoLen = sizeof (EFI_USER_INFO) + sizeof (EFI_GUID); >- Info = AllocateZeroPool (InfoLen); >- ASSERT (Info != NULL); >- >- Info->InfoType = EFI_USER_INFO_CREDENTIAL_TYPE_RECORD; >- Info->InfoSize = (UINT32) InfoLen; >- Info->InfoAttribs = EFI_USER_INFO_PROTECTED; >- CopyGuid (&Info->Credential, &gUsbCredentialProviderGuid); >- CopyGuid ((EFI_GUID *)(Info + 1), >&gEfiUserCredentialClassSecureCardGuid); >- >- mUsbInfoHandle->Info[2] = Info; >- mUsbInfoHandle->Count++; >- >- // >- // The fourth information, Credential Provider type name info. >- // >- ProvNameStr = GetStringById (STRING_TOKEN >(STR_PROVIDER_TYPE_NAME)); >- ProvStrLen = StrSize (ProvNameStr); >- InfoLen = sizeof (EFI_USER_INFO) + ProvStrLen; >- Info = AllocateZeroPool (InfoLen); >- ASSERT (Info != NULL); >- >- Info->InfoType = >EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD; >- Info->InfoSize = (UINT32) InfoLen; >- Info->InfoAttribs = EFI_USER_INFO_PROTECTED; >- CopyGuid (&Info->Credential, &gUsbCredentialProviderGuid); >- CopyMem ((UINT8*)(Info + 1), ProvNameStr, ProvStrLen); >- FreePool (ProvNameStr); >- >- mUsbInfoHandle->Info[3] = Info; >- mUsbInfoHandle->Count++; >- } >- >- if (*UserInfo == NULL) { >- // >- // Return the first info handle. >- // >- *UserInfo = (EFI_USER_INFO_HANDLE) mUsbInfoHandle->Info[0]; >- return EFI_SUCCESS; >- } >- >- // >- // Find information handle in credential info table. >- // >- for (Index = 0; Index < mUsbInfoHandle->Count; Index++) { >- Info = mUsbInfoHandle->Info[Index]; >- if (*UserInfo == (EFI_USER_INFO_HANDLE)Info) { >- // >- // The handle is found, get the next one. >- // >- if (Index == mUsbInfoHandle->Count - 1) { >- // >- // Already last one. >- // >- *UserInfo = NULL; >- return EFI_NOT_FOUND; >- } >- Index++; >- *UserInfo = (EFI_USER_INFO_HANDLE)mUsbInfoHandle->Info[Index]; >- return EFI_SUCCESS; >- } >- } >- >- *UserInfo = NULL; >- return EFI_NOT_FOUND; >-} >- >- >-/** >- Delete a user on this credential provider. >- >- This function deletes a user on this credential provider. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in] User The user profile handle to delete. >- >- @retval EFI_SUCCESS User profile was successfully deleted. >- @retval EFI_ACCESS_DENIED Current user profile does not permit >deletion on the user profile handle. >- Either the user profile cannot delete on any user profile or >cannot delete >- on a user profile other than the current user profile. >- @retval EFI_UNSUPPORTED This credential provider does not support >deletion in the pre-OS. >- @retval EFI_DEVICE_ERROR The new credential could not be deleted >because of a device error. >- @retval EFI_INVALID_PARAMETER User does not refer to a valid user >profile handle. >-**/ >-EFI_STATUS >-EFIAPI >-CredentialDelete ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO *UserInfo; >- UINT8 *UserId; >- UINT8 *NewUserId; >- UINTN Index; >- >- if ((This == NULL) || (User == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Get User Identifier. >- // >- UserInfo = NULL; >- Status = FindUserInfoByType ( >- User, >- EFI_USER_INFO_IDENTIFIER_RECORD, >- &UserInfo >- ); >- if (EFI_ERROR (Status)) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Find the user by user identifier in mPwdTable. >- // >- for (Index = 0; Index < mUsbTable->Count; Index++) { >- UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId; >- NewUserId = (UINT8 *) (UserInfo + 1); >- if (CompareMem (UserId, NewUserId, sizeof (EFI_USER_INFO_IDENTIFIER)) >== 0) { >- // >- // Found the user, delete it. >- // >- ModifyTable (Index, NULL); >- break; >- } >- } >- >- FreePool (UserInfo); >- return EFI_SUCCESS; >-} >- >- >-/** >- Main entry for this driver. >- >- @param ImageHandle Image handle this driver. >- @param SystemTable Pointer to SystemTable. >- >- @retval EFI_SUCESS This function always complete successfully. >- >-**/ >-EFI_STATUS >-EFIAPI >-UsbProviderInit ( >- IN EFI_HANDLE ImageHandle, >- IN EFI_SYSTEM_TABLE *SystemTable >- ) >-{ >- EFI_STATUS Status; >- >- // >- // It is NOT robust enough to be included in production. >- // >- #error "This implementation is just a sample, please comment this line if you >really want to use this driver." >- >- // >- // Init credential table. >- // >- Status = InitCredentialTable (); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- // >- // Init Form Browser >- // >- Status = InitFormBrowser (); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- // >- // Install protocol interfaces for the Usb Credential Provider. >- // >- Status = gBS->InstallProtocolInterface ( >- &mCallbackInfo->DriverHandle, >- &gEfiUserCredential2ProtocolGuid, >- EFI_NATIVE_INTERFACE, >- &gUsbCredentialProviderDriver >- ); >- return Status; >-} >diff --git >a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >ovider.h >b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >ovider.h >deleted file mode 100644 >index 63f6576045..0000000000 >--- >a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >ovider.h >+++ /dev/null >@@ -1,361 +0,0 @@ >-/** @file >- Usb Credential Provider driver header file. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#ifndef _USB_CREDENTIAL_PROVIDER_H_ >-#define _USB_CREDENTIAL_PROVIDER_H_ >- >-#include <Uefi.h> >- >-#include <Guid/GlobalVariable.h> >-#include <Guid/FileInfo.h> >-#include <Guid/SecurityPkgTokenSpace.h> >-#include <Guid/UsbCredentialProviderHii.h> >- >-#include <Protocol/SimpleFileSystem.h> >-#include <Protocol/BlockIo.h> >-#include <Protocol/UserCredential2.h> >-#include <Protocol/UserManager.h> >- >-#include <Library/UefiRuntimeServicesTableLib.h> >-#include <Library/UefiBootServicesTableLib.h> >-#include <Library/MemoryAllocationLib.h> >-#include <Library/BaseMemoryLib.h> >-#include <Library/DevicePathLib.h> >-#include <Library/BaseCryptLib.h> >-#include <Library/DebugLib.h> >-#include <Library/UefiLib.h> >-#include <Library/PrintLib.h> >-#include <Library/HiiLib.h> >-#include <Library/PcdLib.h> >- >-extern UINT8 UsbCredentialProviderStrings[]; >- >-#define USB_TABLE_INC 16 >-#define HASHED_CREDENTIAL_LEN 20 >- >-// >-// Save the enroll user credential Information. >-// >-typedef struct { >- EFI_USER_INFO_IDENTIFIER UserId; >- UINT8 Token[HASHED_CREDENTIAL_LEN]; >-} USB_INFO; >- >-// >-// USB Credential Table. >-// >-typedef struct { >- UINTN Count; >- UINTN MaxCount; >- USB_INFO UserInfo[1]; >-} CREDENTIAL_TABLE; >- >-// >-// The user information on the USB provider. >-// >-typedef struct { >- UINTN Count; >- EFI_USER_INFO *Info[1]; >-} USB_CREDENTIAL_INFO; >- >-#define USB_PROVIDER_SIGNATURE SIGNATURE_32 ('U', 'S', 'B', 'P') >- >-typedef struct { >- UINTN Signature; >- EFI_HANDLE DriverHandle; >- EFI_HII_HANDLE HiiHandle; >-} USB_PROVIDER_CALLBACK_INFO; >- >-/** >- Enroll a user on a credential provider. >- >- This function enrolls and deletes a user profile using this credential provider. >- If a user profile is successfully enrolled, it calls the User Manager Protocol >- function Notify() to notify the user manager driver that credential >information >- has changed. If an enrolled user does exist, delete the user on the >credential >- provider. >- >- @param[in] This Points to this instance of >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in] User The user profile to enroll. >- >- @retval EFI_SUCCESS User profile was successfully enrolled. >- @retval EFI_ACCESS_DENIED Current user profile does not permit >enrollment on the >- user profile handle. Either the user profile cannot enroll >- on any user profile or cannot enroll on a user profile >- other than the current user profile. >- @retval EFI_UNSUPPORTED This credential provider does not support >enrollment in >- the pre-OS. >- @retval EFI_DEVICE_ERROR The new credential could not be created >because of a device >- error. >- @retval EFI_INVALID_PARAMETER User does not refer to a valid user >profile handle. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialEnroll ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User >- ); >- >-/** >- Returns the user interface information used during user identification. >- >- This function enrolls a user on this credential provider. If the user exists on >- this credential provider, update the user information on this credential >provider; >- otherwise delete the user information on credential provider. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[out] Hii On return, holds the HII database handle. >- @param[out] FormSetId On return, holds the identifier of the form set >which contains >- the form used during user identification. >- @param[out] FormId On return, holds the identifier of the form used >during user >- identification. >- >- @retval EFI_SUCCESS Form returned successfully. >- @retval EFI_NOT_FOUND Form not returned. >- @retval EFI_INVALID_PARAMETER Hii is NULL or FormSetId is NULL or >FormId is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialForm ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- OUT EFI_HII_HANDLE *Hii, >- OUT EFI_GUID *FormSetId, >- OUT EFI_FORM_ID *FormId >- ); >- >-/** >- Returns bitmap used to describe the credential provider type. >- >- This optional function returns a bitmap which is less than or equal to the >number >- of pixels specified by Width and Height. If no such bitmap exists, then >EFI_NOT_FOUND >- is returned. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in, out] Width On entry, points to the desired bitmap width. If >NULL then no >- bitmap information will be returned. On exit, points to the >- width of the bitmap returned. >- @param[in, out] Height On entry, points to the desired bitmap height. If >NULL then no >- bitmap information will be returned. On exit, points to the >- height of the bitmap returned. >- @param[out] Hii On return, holds the HII database handle. >- @param[out] Image On return, holds the HII image identifier. >- >- @retval EFI_SUCCESS Image identifier returned successfully. >- @retval EFI_NOT_FOUND Image identifier not returned. >- @retval EFI_INVALID_PARAMETER Hii is NULL or Image is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialTile ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN OUT UINTN *Width, >- IN OUT UINTN *Height, >- OUT EFI_HII_HANDLE *Hii, >- OUT EFI_IMAGE_ID *Image >- ); >- >-/** >- Returns string used to describe the credential provider type. >- >- This function returns a string which describes the credential provider. If no >- such string exists, then EFI_NOT_FOUND is returned. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[out] Hii On return, holds the HII database handle. >- @param[out] String On return, holds the HII string identifier. >- >- @retval EFI_SUCCESS String identifier returned successfully. >- @retval EFI_NOT_FOUND String identifier not returned. >- @retval EFI_INVALID_PARAMETER Hii is NULL or String is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialTitle ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- OUT EFI_HII_HANDLE *Hii, >- OUT EFI_STRING_ID *String >- ); >- >-/** >- Return the user identifier associated with the currently authenticated user. >- >- This function returns the user identifier of the user authenticated by this >credential >- provider. This function is called after the credential-related information has >been >- submitted on a form OR after a call to Default() has returned that this >credential is >- ready to log on. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in] User The user profile handle of the user profile currently >being >- considered by the user identity manager. If NULL, then no user >- profile is currently under consideration. >- @param[out] Identifier On return, points to the user identifier. >- >- @retval EFI_SUCCESS User identifier returned successfully. >- @retval EFI_NOT_READY No user identifier can be returned. >- @retval EFI_ACCESS_DENIED The user has been locked out of this user >credential. >- @retval EFI_INVALID_PARAMETER This is NULL, or Identifier is NULL. >- @retval EFI_NOT_FOUND User is not NULL, and the specified user >handle can't be >- found in user profile database. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialUser ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User, >- OUT EFI_USER_INFO_IDENTIFIER *Identifier >- ); >- >-/** >- Indicate that user interface interaction has begun for the specified >credential. >- >- This function is called when a credential provider is selected by the user. If >- AutoLogon returns FALSE, then the user interface will be constructed by the >User >- Identity Manager. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[out] AutoLogon On return, points to the credential provider's >capabilities >- after the credential provider has been selected by the user. >- >- @retval EFI_SUCCESS Credential provider successfully selected. >- @retval EFI_INVALID_PARAMETER AutoLogon is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialSelect ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon >- ); >- >-/** >- Indicate that user interface interaction has ended for the specified >credential. >- >- This function is called when a credential provider is deselected by the user. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- >- @retval EFI_SUCCESS Credential provider successfully deselected. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialDeselect ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This >- ); >- >-/** >- Return the default logon behavior for this user credential. >- >- This function reports the default login behavior regarding this credential >provider. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[out] AutoLogon On return, holds whether the credential provider >should be used >- by default to automatically log on the user. >- >- @retval EFI_SUCCESS Default information successfully returned. >- @retval EFI_INVALID_PARAMETER AutoLogon is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialDefault ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon >- ); >- >-/** >- Return information attached to the credential provider. >- >- This function returns user information. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in] UserInfo Handle of the user information data record. >- @param[out] Info On entry, points to a buffer of at least *InfoSize >bytes. On >- exit, holds the user information. If the buffer is too small >- to hold the information, then EFI_BUFFER_TOO_SMALL is >returned >- and InfoSize is updated to contain the number of bytes >actually >- required. >- @param[in, out] InfoSize On entry, points to the size of Info. On return, >points to the >- size of the user information. >- >- @retval EFI_SUCCESS Information returned successfully. >- @retval EFI_BUFFER_TOO_SMALL The size specified by InfoSize is too small >to hold all of the >- user information. The size required is returned in *InfoSize. >- @retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL. >- @retval EFI_NOT_FOUND The specified UserInfo does not refer to a >valid user info handle. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialGetInfo ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN EFI_USER_INFO_HANDLE UserInfo, >- OUT EFI_USER_INFO *Info, >- IN OUT UINTN *InfoSize >- ); >- >-/** >- Enumerate all of the user informations on the credential provider. >- >- This function returns the next user information record. To retrieve the first >user >- information record handle, point UserInfo at a NULL. Each subsequent call >will retrieve >- another user information record handle until there are no more, at which >point UserInfo >- will point to NULL. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in, out] UserInfo On entry, points to the previous user information >handle or NULL >- to start enumeration. On exit, points to the next user >information >- handle or NULL if there is no more user information. >- >- @retval EFI_SUCCESS User information returned. >- @retval EFI_NOT_FOUND No more user information found. >- @retval EFI_INVALID_PARAMETER UserInfo is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialGetNextInfo ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN OUT EFI_USER_INFO_HANDLE *UserInfo >- ); >- >-/** >- Delete a user on this credential provider. >- >- This function deletes a user on this credential provider. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in] User The user profile handle to delete. >- >- @retval EFI_SUCCESS User profile was successfully deleted. >- @retval EFI_ACCESS_DENIED Current user profile does not permit >deletion on the user profile handle. >- Either the user profile cannot delete on any user profile or >cannot delete >- on a user profile other than the current user profile. >- @retval EFI_UNSUPPORTED This credential provider does not support >deletion in the pre-OS. >- @retval EFI_DEVICE_ERROR The new credential could not be deleted >because of a device error. >- @retval EFI_INVALID_PARAMETER User does not refer to a valid user >profile handle. >-**/ >-EFI_STATUS >-EFIAPI >-CredentialDelete ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User >- ); >- >-#endif >diff --git >a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >ovider.uni >b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >ovider.uni >deleted file mode 100644 >index 961e09f360..0000000000 >--- >a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >ovider.uni >+++ /dev/null >@@ -1,23 +0,0 @@ >-// /** @file >-// Provides a USB credential provider implementation >-// >-// This module reads a token from a token file that is saved in the root >-// folder of a USB stick. The token file name can be specified by the PCD >-// PcdFixedUsbCredentialProviderTokenFileName. >-// >-// Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR> >-// >-// This program and the accompanying materials >-// are licensed and made available under the terms and conditions of the BSD >License >-// which accompanies this distribution. The full text of the license may be >found at >-// http://opensource.org/licenses/bsd-license.php >-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >-// >-// **/ >- >- >-#string STR_MODULE_ABSTRACT #language en-US "Provides a USB >credential provider implementation" >- >-#string STR_MODULE_DESCRIPTION #language en-US "This module >reads a token from a token file that is saved in the root folder of a USB stick. >The token file name can be specified by the PCD >PcdFixedUsbCredentialProviderTokenFileName." >- >diff --git >a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >oviderDxe.inf >b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >oviderDxe.inf >deleted file mode 100644 >index 1e8e42332f..0000000000 >--- >a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >oviderDxe.inf >+++ /dev/null >@@ -1,70 +0,0 @@ >-## @file >-# Provides a USB credential provider implementation >-# >-# This module reads a token from a token file that is saved in the root >-# folder of a USB stick. The token file name can be specified by the PCD >-# PcdFixedUsbCredentialProviderTokenFileName. >-# >-# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-# This program and the accompanying materials >-# are licensed and made available under the terms and conditions of the BSD >License >-# which accompanies this distribution. The full text of the license may be >found at >-# http://opensource.org/licenses/bsd-license.php >-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >-# >-## >- >-[Defines] >- INF_VERSION = 0x00010005 >- BASE_NAME = UsbCredentialProvider >- MODULE_UNI_FILE = UsbCredentialProvider.uni >- FILE_GUID = 672A0C68-2BF0-46f9-93C3-C4E7DC0FA555 >- MODULE_TYPE = UEFI_DRIVER >- VERSION_STRING = 1.0 >- ENTRY_POINT = UsbProviderInit >- >-[Sources] >- UsbCredentialProvider.c >- UsbCredentialProvider.h >- UsbCredentialProviderStrings.uni >- >-[Packages] >- MdePkg/MdePkg.dec >- MdeModulePkg/MdeModulePkg.dec >- CryptoPkg/CryptoPkg.dec >- SecurityPkg/SecurityPkg.dec >- >-[LibraryClasses] >- UefiRuntimeServicesTableLib >- UefiBootServicesTableLib >- UefiDriverEntryPoint >- MemoryAllocationLib >- BaseMemoryLib >- DebugLib >- HiiLib >- UefiLib >- BaseCryptLib >- >-[Guids] >- ## PRODUCES ## Variable:L"UsbCredential" >- ## CONSUMES ## Variable:L"UsbCredential" >- ## CONSUMES ## HII >- ## SOMETIMES_CONSUMES ## GUID # The credential provider >identifier >- gUsbCredentialProviderGuid >- >- gEfiFileInfoGuid ## SOMETIMES_CONSUMES ## GUID >- gEfiUserCredentialClassSecureCardGuid ## SOMETIMES_CONSUMES >## GUID >- >-[Pcd] >- >gEfiSecurityPkgTokenSpaceGuid.PcdFixedUsbCredentialProviderTokenFileNa >me ## SOMETIMES_CONSUMES >- >-[Protocols] >- gEfiUserCredential2ProtocolGuid ## PRODUCES >- gEfiUserManagerProtocolGuid ## SOMETIMES_CONSUMES >- gEfiBlockIoProtocolGuid ## SOMETIMES_CONSUMES >- gEfiSimpleFileSystemProtocolGuid ## SOMETIMES_CONSUMES >- >-[UserExtensions.TianoCore."ExtraFiles"] >- UsbCredentialProviderExtra.uni >- >diff --git >a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >oviderExtra.uni >b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >oviderExtra.uni >deleted file mode 100644 >index a20917d5f7..0000000000 >--- >a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >oviderExtra.uni >+++ /dev/null >@@ -1,19 +0,0 @@ >-// /** @file >-// UsbCredentialProvider Localized Strings and Content >-// >-// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> >-// >-// This program and the accompanying materials >-// are licensed and made available under the terms and conditions of the BSD >License >-// which accompanies this distribution. The full text of the license may be >found at >-// http://opensource.org/licenses/bsd-license.php >-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >-// >-// **/ >- >-#string STR_PROPERTIES_MODULE_NAME >-#language en-US >-"USB Credential Provider" >- >- >diff --git >a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >oviderStrings.uni >b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >oviderStrings.uni >deleted file mode 100644 >index f306d50a4e..0000000000 >--- >a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >oviderStrings.uni >+++ /dev/null >@@ -1,29 +0,0 @@ >-/** @file >- String definitions for the USB Credential Provider. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php. >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#langdef en-US "English" >-#langdef fr-FR "Francais" >- >-#string STR_CREDENTIAL_TITLE #language en-US "USB Credential >Provider" >- #language fr-FR "USB Credential Provider (French)" >-#string STR_NULL_STRING #language en-US "" >- #language fr-FR "" >-#string STR_PROVIDER_NAME #language en-US "INTEL USB >Credential Provider" >- #language fr-FR "INTEL USB Credential Provider >(French)" >-#string STR_PROVIDER_TYPE_NAME #language en-US "Secure Card >Credential Provider" >- #language fr-FR "Secure Card Credential Provider >(French)" >-#string STR_READ_USB_TOKEN_ERROR #language en-US "Read USB >Token File Error!" >- #language fr-FR "Read USB Token File Error! >(French)" >-#string STR_INSERT_USB_TOKEN #language en-US "Please insert >USB key with Token" >- #language fr-FR "Please insert USB key with Token >(French)" >diff --git >a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/LoadDeferredIma >ge.c >b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/LoadDeferredIm >age.c >deleted file mode 100644 >index 2cfe130db8..0000000000 >--- >a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/LoadDeferredIma >ge.c >+++ /dev/null >@@ -1,148 +0,0 @@ >-/** @file >- Load the deferred images after user is identified. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#include "UserIdentifyManager.h" >- >-EFI_HANDLE mDeferredImageHandle; >- >-/** >- The function will load all the deferred images again. If the deferred image is >loaded >- successfully, try to start it. >- >- @param Event Event whose notification function is being invoked. >- @param Context Pointer to the notification function's context >- >-**/ >-VOID >-EFIAPI >-LoadDeferredImage ( >- IN EFI_EVENT Event, >- IN VOID *Context >- ) >-{ >- EFI_STATUS Status; >- EFI_DEFERRED_IMAGE_LOAD_PROTOCOL *DeferredImage; >- UINTN HandleCount; >- EFI_HANDLE *HandleBuf; >- UINTN Index; >- UINTN DriverIndex; >- EFI_DEVICE_PATH_PROTOCOL *ImageDevicePath; >- VOID *DriverImage; >- UINTN ImageSize; >- BOOLEAN BootOption; >- EFI_HANDLE ImageHandle; >- UINTN ExitDataSize; >- CHAR16 *ExitData; >- >- // >- // Find all the deferred image load protocols. >- // >- HandleCount = 0; >- HandleBuf = NULL; >- Status = gBS->LocateHandleBuffer ( >- ByProtocol, >- &gEfiDeferredImageLoadProtocolGuid, >- NULL, >- &HandleCount, >- &HandleBuf >- ); >- if (EFI_ERROR (Status)) { >- return ; >- } >- >- for (Index = 0; Index < HandleCount; Index++) { >- Status = gBS->HandleProtocol ( >- HandleBuf[Index], >- &gEfiDeferredImageLoadProtocolGuid, >- (VOID **) &DeferredImage >- ); >- if (EFI_ERROR (Status)) { >- continue ; >- } >- >- DriverIndex = 0; >- do { >- // >- // Load all the deferred images in this protocol instance. >- // >- Status = DeferredImage->GetImageInfo( >- DeferredImage, >- DriverIndex, >- &ImageDevicePath, >- (VOID **) &DriverImage, >- &ImageSize, >- &BootOption >- ); >- if (EFI_ERROR (Status)) { >- break; >- } >- >- // >- // Load and start the image. >- // >- Status = gBS->LoadImage ( >- BootOption, >- mDeferredImageHandle, >- ImageDevicePath, >- NULL, >- 0, >- &ImageHandle >- ); >- if (!EFI_ERROR (Status)) { >- // >- // Before calling the image, enable the Watchdog Timer for >- // a 5 Minute period >- // >- gBS->SetWatchdogTimer (5 * 60, 0x0000, 0x00, NULL); >- Status = gBS->StartImage (ImageHandle, &ExitDataSize, &ExitData); >- >- // >- // Clear the Watchdog Timer after the image returns. >- // >- gBS->SetWatchdogTimer (0x0000, 0x0000, 0x0000, NULL); >- } >- DriverIndex++; >- } while (TRUE); >- } >- FreePool (HandleBuf); >-} >- >- >-/** >- Register an event notification function for user profile changed. >- >- @param[in] ImageHandle Image handle this driver. >- >-**/ >-VOID >-LoadDeferredImageInit ( >- IN EFI_HANDLE ImageHandle >- ) >-{ >- EFI_STATUS Status; >- EFI_EVENT Event; >- >- mDeferredImageHandle = ImageHandle; >- >- Status = gBS->CreateEventEx ( >- EVT_NOTIFY_SIGNAL, >- TPL_CALLBACK, >- LoadDeferredImage, >- NULL, >- &gEfiEventUserProfileChangedGuid, >- &Event >- ); >- >- ASSERT (Status == EFI_SUCCESS); >-} >diff --git >a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >ager.c >b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >ager.c >deleted file mode 100644 >index fd941792c1..0000000000 >--- >a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >ager.c >+++ /dev/null >@@ -1,3766 +0,0 @@ >-/** @file >- This driver manages user information and produces user manager protocol. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-(C) Copyright 2018 Hewlett Packard Enterprise Development LP<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#include "UserIdentifyManager.h" >- >-// >-// Default user name. >-// >-CHAR16 mUserName[] = L"Administrator"; >- >-// >-// Points to the user profile database. >-// >-USER_PROFILE_DB *mUserProfileDb = NULL; >- >-// >-// Points to the credential providers found in system. >-// >-CREDENTIAL_PROVIDER_INFO *mProviderDb = NULL; >- >-// >-// Current user shared in multi function. >-// >-EFI_USER_PROFILE_HANDLE mCurrentUser = NULL; >- >-// >-// Flag indicates a user is identified. >-// >-BOOLEAN mIdentified = FALSE; >-USER_MANAGER_CALLBACK_INFO *mCallbackInfo = NULL; >-HII_VENDOR_DEVICE_PATH mHiiVendorDevicePath = { >- { >- { >- HARDWARE_DEVICE_PATH, >- HW_VENDOR_DP, >- { >- (UINT8) (sizeof (VENDOR_DEVICE_PATH)), >- (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) >- } >- }, >- USER_IDENTIFY_MANAGER_GUID >- }, >- { >- END_DEVICE_PATH_TYPE, >- END_ENTIRE_DEVICE_PATH_SUBTYPE, >- { >- (UINT8) (END_DEVICE_PATH_LENGTH), >- (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8) >- } >- } >-}; >- >- >-EFI_USER_MANAGER_PROTOCOL gUserIdentifyManager = { >- UserProfileCreate, >- UserProfileDelete, >- UserProfileGetNext, >- UserProfileCurrent, >- UserProfileIdentify, >- UserProfileFind, >- UserProfileNotify, >- UserProfileGetInfo, >- UserProfileSetInfo, >- UserProfileDeleteInfo, >- UserProfileGetNextInfo, >-}; >- >- >-/** >- Find the specified user in the user database. >- >- This function searches the specified user from the beginning of the user >database. >- And if NextUser is TRUE, return the next User in the user database. >- >- @param[in, out] User On entry, points to the user profile entry to >search. >- On return, points to the user profile entry or NULL if not >found. >- @param[in] NextUser If FALSE, find the user in user profile database >specifyed by User >- If TRUE, find the next user in user profile database specifyed >- by User. >- @param[out] ProfileIndex A pointer to the index of user profile database >that matches the >- user specifyed by User. >- >- @retval EFI_NOT_FOUND User was NULL, or User was not found, or the >next user was not found. >- @retval EFI_SUCCESS User or the next user are found in user profile >database >- >-**/ >-EFI_STATUS >-FindUserProfile ( >- IN OUT USER_PROFILE_ENTRY **User, >- IN BOOLEAN NextUser, >- OUT UINTN *ProfileIndex OPTIONAL >- ) >-{ >- UINTN Index; >- >- // >- // Check parameters >- // >- if ((mUserProfileDb == NULL) || (User == NULL)) { >- return EFI_NOT_FOUND; >- } >- >- // >- // Check whether the user profile is in the user profile database. >- // >- for (Index = 0; Index < mUserProfileDb->UserProfileNum; Index++) { >- if (mUserProfileDb->UserProfile[Index] == *User) { >- if (ProfileIndex != NULL) { >- *ProfileIndex = Index; >- } >- break; >- } >- } >- >- if (NextUser) { >- // >- // Find the next user profile. >- // >- Index++; >- if (Index < mUserProfileDb->UserProfileNum) { >- *User = mUserProfileDb->UserProfile[Index]; >- } else if (Index == mUserProfileDb->UserProfileNum) { >- *User = NULL; >- return EFI_NOT_FOUND; >- } else { >- if ((mUserProfileDb->UserProfileNum > 0) && (*User == NULL)) { >- *User = mUserProfileDb->UserProfile[0]; >- } else { >- *User = NULL; >- return EFI_NOT_FOUND; >- } >- } >- } else if (Index == mUserProfileDb->UserProfileNum) { >- return EFI_NOT_FOUND; >- } >- >- return EFI_SUCCESS; >-} >- >-/** >- Find the specified user information record in the specified User profile. >- >- This function searches the specified user information record from the >beginning of the user >- profile. And if NextInfo is TRUE, return the next info in the user profile. >- >- @param[in] User Points to the user profile entry. >- @param[in, out] Info On entry, points to the user information record or >NULL to start >- searching with the first user information record. >- On return, points to the user information record or NULL if not >found. >- @param[in] NextInfo If FALSE, find the user information record in profile >specifyed by User. >- If TRUE, find the next user information record in profile >specifyed >- by User. >- @param[out] Offset A pointer to the offset of the information record in >the user profile. >- >- @retval EFI_INVALID_PARAMETER Info is NULL >- @retval EFI_NOT_FOUND Info was not found, or the next Info was not >found. >- @retval EFI_SUCCESS Info or the next info are found in user profile. >- >-**/ >-EFI_STATUS >-FindUserInfo ( >- IN USER_PROFILE_ENTRY * User, >- IN OUT EFI_USER_INFO **Info, >- IN BOOLEAN NextInfo, >- OUT UINTN *Offset OPTIONAL >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO *UserInfo; >- UINTN InfoLen; >- >- if (Info == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Check user profile entry >- // >- Status = FindUserProfile (&User, FALSE, NULL); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- // >- // Find user information in the specified user record. >- // >- InfoLen = 0; >- while (InfoLen < User->UserProfileSize) { >- UserInfo = (EFI_USER_INFO *) (User->ProfileInfo + InfoLen); >- if (UserInfo == *Info) { >- if (Offset != NULL) { >- *Offset = InfoLen; >- } >- break; >- } >- InfoLen += ALIGN_VARIABLE (UserInfo->InfoSize); >- } >- >- // >- // Check whether to find the next user information. >- // >- if (NextInfo) { >- if (InfoLen < User->UserProfileSize) { >- UserInfo = (EFI_USER_INFO *) (User->ProfileInfo + InfoLen); >- InfoLen += ALIGN_VARIABLE (UserInfo->InfoSize); >- if (InfoLen < User->UserProfileSize) { >- *Info = (EFI_USER_INFO *) (User->ProfileInfo + InfoLen); >- if (Offset != NULL) { >- *Offset = InfoLen; >- } >- } else if (InfoLen == User->UserProfileSize) { >- *Info = NULL; >- return EFI_NOT_FOUND; >- } >- } else { >- if (*Info == NULL) { >- *Info = (EFI_USER_INFO *) User->ProfileInfo; >- if (Offset != NULL) { >- *Offset = 0; >- } >- } else { >- *Info = NULL; >- return EFI_NOT_FOUND; >- } >- } >- } else if (InfoLen == User->UserProfileSize) { >- return EFI_NOT_FOUND; >- } >- >- return EFI_SUCCESS; >-} >- >-/** >- Find a user infomation record by the information record type. >- >- This function searches all user information records of User. The search starts >with the >- user information record following Info and continues until either the >information is found >- or there are no more user infomation record. >- A match occurs when a Info.InfoType field matches the user information >record type. >- >- @param[in] User Points to the user profile record to search. >- @param[in, out] Info On entry, points to the user information record or >NULL to start >- searching with the first user information record. >- On return, points to the user information record or NULL if not >found. >- @param[in] InfoType The infomation type to be searched. >- >- @retval EFI_SUCCESS User information was found. Info points to the >user information record. >- @retval EFI_NOT_FOUND User information was not found. >- @retval EFI_INVALID_PARAMETER User is NULL or Info is NULL. >- >-**/ >-EFI_STATUS >-FindUserInfoByType ( >- IN USER_PROFILE_ENTRY *User, >- IN OUT EFI_USER_INFO **Info, >- IN UINT8 InfoType >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO *UserInfo; >- UINTN InfoLen; >- >- if (Info == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Check whether the user has the specified user information. >- // >- InfoLen = 0; >- if (*Info == NULL) { >- Status = FindUserProfile (&User, FALSE, NULL); >- } else { >- Status = FindUserInfo (User, Info, TRUE, &InfoLen); >- } >- >- if (EFI_ERROR (Status)) { >- return EFI_NOT_FOUND; >- } >- >- while (InfoLen < User->UserProfileSize) { >- UserInfo = (EFI_USER_INFO *) (User->ProfileInfo + InfoLen); >- if (UserInfo->InfoType == InfoType) { >- if (UserInfo != *Info) { >- *Info = UserInfo; >- return EFI_SUCCESS; >- } >- } >- >- InfoLen += ALIGN_VARIABLE (UserInfo->InfoSize); >- } >- >- *Info = NULL; >- return EFI_NOT_FOUND; >-} >- >-/** >- Find a user using a user information record. >- >- This function searches all user profiles for the specified user information >record. The >- search starts with the user information record handle following UserInfo >and continues >- until either the information is found or there are no more user profiles. >- A match occurs when the Info.InfoType field matches the user information >record type and the >- user information record data matches the portion of Info passed the >EFI_USER_INFO header. >- >- @param[in, out] User On entry, points to the previously returned user >profile record, >- or NULL to start searching with the first user profile. >- On return, points to the user profile entry, or NULL if not found. >- @param[in, out] UserInfo On entry, points to the previously returned user >information record, >- or NULL to start searching with the first. >- On return, points to the user information record, or NULL if not >found. >- @param[in] Info Points to the buffer containing the user information to >be compared >- to the user information record. >- @param[in] InfoSize The size of Info, in bytes. Same as Info->InfoSize. >- >- @retval EFI_SUCCESS User information was found. User points to the >user profile record, >- and UserInfo points to the user information record. >- @retval EFI_NOT_FOUND User information was not found. >- @retval EFI_INVALID_PARAMETER User is NULL; Info is NULL; or, InfoSize is >too small. >- >-**/ >-EFI_STATUS >-FindUserProfileByInfo ( >- IN OUT USER_PROFILE_ENTRY **User, >- IN OUT EFI_USER_INFO **UserInfo, OPTIONAL >- IN EFI_USER_INFO *Info, >- IN UINTN InfoSize >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO *InfoEntry; >- >- >- if ((User == NULL) || (Info == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- if (InfoSize < sizeof (EFI_USER_INFO)) { >- return EFI_INVALID_PARAMETER; >- } >- >- if (UserInfo != NULL) { >- InfoEntry = *UserInfo; >- } else { >- InfoEntry = NULL; >- } >- // >- // Find user profile according to information. >- // >- if (*User == NULL) { >- *User = mUserProfileDb->UserProfile[0]; >- } >- >- // >- // Check user profile handle. >- // >- Status = FindUserProfile (User, FALSE, NULL); >- >- while (!EFI_ERROR (Status)) { >- // >- // Find the user information in a user profile. >- // >- while (TRUE) { >- Status = FindUserInfoByType (*User, &InfoEntry, Info->InfoType); >- if (EFI_ERROR (Status)) { >- break; >- } >- >- if (InfoSize == Info->InfoSize) { >- if (CompareMem ((UINT8 *) (InfoEntry + 1), (UINT8 *) (Info + 1), InfoSize >- sizeof (EFI_USER_INFO)) == 0) { >- // >- // Found the infomation record. >- // >- if (UserInfo != NULL) { >- *UserInfo = InfoEntry; >- } >- return EFI_SUCCESS; >- } >- } >- } >- >- // >- // Get next user profile. >- // >- InfoEntry = NULL; >- Status = FindUserProfile (User, TRUE, NULL); >- } >- >- return EFI_NOT_FOUND; >-} >- >- >-/** >- Check whether the access policy is valid. >- >- @param[in] PolicyInfo Point to the access policy. >- @param[in] InfoLen The policy length. >- >- @retval TRUE The policy is a valid access policy. >- @retval FALSE The access policy is not a valid access policy. >- >-**/ >-BOOLEAN >-CheckAccessPolicy ( >- IN UINT8 *PolicyInfo, >- IN UINTN InfoLen >- ) >-{ >- UINTN TotalLen; >- UINTN ValueLen; >- UINTN OffSet; >- EFI_USER_INFO_ACCESS_CONTROL Access; >- EFI_DEVICE_PATH_PROTOCOL *Path; >- UINTN PathSize; >- >- TotalLen = 0; >- while (TotalLen < InfoLen) { >- // >- // Check access policy according to type. >- // >- CopyMem (&Access, PolicyInfo + TotalLen, sizeof (Access)); >- ValueLen = Access.Size - sizeof (EFI_USER_INFO_ACCESS_CONTROL); >- switch (Access.Type) { >- case EFI_USER_INFO_ACCESS_FORBID_LOAD: >- case EFI_USER_INFO_ACCESS_PERMIT_LOAD: >- case EFI_USER_INFO_ACCESS_FORBID_CONNECT: >- case EFI_USER_INFO_ACCESS_PERMIT_CONNECT: >- OffSet = 0; >- while (OffSet < ValueLen) { >- Path = (EFI_DEVICE_PATH_PROTOCOL *) (PolicyInfo + TotalLen + >sizeof (Access) + OffSet); >- PathSize = GetDevicePathSize (Path); >- OffSet += PathSize; >- } >- if (OffSet != ValueLen) { >- return FALSE; >- } >- break; >- >- case EFI_USER_INFO_ACCESS_SETUP: >- if (ValueLen % sizeof (EFI_GUID) != 0) { >- return FALSE; >- } >- break; >- >- case EFI_USER_INFO_ACCESS_BOOT_ORDER: >- if (ValueLen % sizeof (EFI_USER_INFO_ACCESS_BOOT_ORDER_HDR) != 0) >{ >- return FALSE; >- } >- break; >- >- case EFI_USER_INFO_ACCESS_ENROLL_SELF: >- case EFI_USER_INFO_ACCESS_ENROLL_OTHERS: >- case EFI_USER_INFO_ACCESS_MANAGE: >- if (ValueLen != 0) { >- return FALSE; >- } >- break; >- >- default: >- return FALSE; >- break; >- } >- >- TotalLen += Access.Size; >- } >- >- if (TotalLen != InfoLen) { >- return FALSE; >- } >- >- return TRUE; >-} >- >- >-/** >- Check whether the identity policy is valid. >- >- @param[in] PolicyInfo Point to the identity policy. >- @param[in] InfoLen The policy length. >- >- @retval TRUE The policy is a valid identity policy. >- @retval FALSE The access policy is not a valid identity policy. >- >-**/ >-BOOLEAN >-CheckIdentityPolicy ( >- IN UINT8 *PolicyInfo, >- IN UINTN InfoLen >- ) >-{ >- UINTN TotalLen; >- UINTN ValueLen; >- EFI_USER_INFO_IDENTITY_POLICY *Identity; >- >- TotalLen = 0; >- >- // >- // Check each part of policy expression. >- // >- while (TotalLen < InfoLen) { >- // >- // Check access polisy according to type. >- // >- Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (PolicyInfo + TotalLen); >- ValueLen = Identity->Length - sizeof (EFI_USER_INFO_IDENTITY_POLICY); >- switch (Identity->Type) { >- // >- // Check False option. >- // >- case EFI_USER_INFO_IDENTITY_FALSE: >- if (ValueLen != 0) { >- return FALSE; >- } >- break; >- >- // >- // Check True option. >- // >- case EFI_USER_INFO_IDENTITY_TRUE: >- if (ValueLen != 0) { >- return FALSE; >- } >- break; >- >- // >- // Check negative operation. >- // >- case EFI_USER_INFO_IDENTITY_NOT: >- if (ValueLen != 0) { >- return FALSE; >- } >- break; >- >- // >- // Check and operation. >- // >- case EFI_USER_INFO_IDENTITY_AND: >- if (ValueLen != 0) { >- return FALSE; >- } >- break; >- >- // >- // Check or operation. >- // >- case EFI_USER_INFO_IDENTITY_OR: >- if (ValueLen != 0) { >- return FALSE; >- } >- break; >- >- // >- // Check credential provider by type. >- // >- case EFI_USER_INFO_IDENTITY_CREDENTIAL_TYPE: >- if (ValueLen != sizeof (EFI_GUID)) { >- return FALSE; >- } >- break; >- >- // >- // Check credential provider by ID. >- // >- case EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER: >- if (ValueLen != sizeof (EFI_GUID)) { >- return FALSE; >- } >- break; >- >- default: >- return FALSE; >- break; >- } >- >- TotalLen += Identity->Length; >- } >- >- if (TotalLen != InfoLen) { >- return FALSE; >- } >- >- return TRUE; >-} >- >- >-/** >- Check whether the user information is a valid user information record. >- >- @param[in] Info points to the user information. >- >- @retval TRUE The info is a valid user information record. >- @retval FALSE The info is not a valid user information record. >- >-**/ >-BOOLEAN >-CheckUserInfo ( >- IN CONST EFI_USER_INFO *Info >- ) >-{ >- UINTN InfoLen; >- >- if (Info == NULL) { >- return FALSE; >- } >- // >- // Check user information according to information type. >- // >- InfoLen = Info->InfoSize - sizeof (EFI_USER_INFO); >- switch (Info->InfoType) { >- case EFI_USER_INFO_EMPTY_RECORD: >- if (InfoLen != 0) { >- return FALSE; >- } >- break; >- >- case EFI_USER_INFO_NAME_RECORD: >- case EFI_USER_INFO_CREDENTIAL_TYPE_NAME_RECORD: >- case EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD: >- break; >- >- case EFI_USER_INFO_CREATE_DATE_RECORD: >- case EFI_USER_INFO_USAGE_DATE_RECORD: >- if (InfoLen != sizeof (EFI_TIME)) { >- return FALSE; >- } >- break; >- >- case EFI_USER_INFO_USAGE_COUNT_RECORD: >- if (InfoLen != sizeof (UINT64)) { >- return FALSE; >- } >- break; >- >- case EFI_USER_INFO_IDENTIFIER_RECORD: >- if (InfoLen != 16) { >- return FALSE; >- } >- break; >- >- case EFI_USER_INFO_CREDENTIAL_TYPE_RECORD: >- case EFI_USER_INFO_CREDENTIAL_PROVIDER_RECORD: >- case EFI_USER_INFO_GUID_RECORD: >- if (InfoLen != sizeof (EFI_GUID)) { >- return FALSE; >- } >- break; >- >- case EFI_USER_INFO_PKCS11_RECORD: >- case EFI_USER_INFO_CBEFF_RECORD: >- break; >- >- case EFI_USER_INFO_FAR_RECORD: >- case EFI_USER_INFO_RETRY_RECORD: >- if (InfoLen != 1) { >- return FALSE; >- } >- break; >- >- case EFI_USER_INFO_ACCESS_POLICY_RECORD: >- if(!CheckAccessPolicy ((UINT8 *) (Info + 1), InfoLen)) { >- return FALSE; >- } >- break; >- >- case EFI_USER_INFO_IDENTITY_POLICY_RECORD: >- if (!CheckIdentityPolicy ((UINT8 *) (Info + 1), InfoLen)) { >- return FALSE; >- } >- break; >- >- default: >- return FALSE; >- break; >- } >- >- return TRUE; >-} >- >- >-/** >- Check the user profile data format to be added. >- >- @param[in] UserProfileInfo Points to the user profile data. >- @param[in] UserProfileSize The length of user profile data. >- >- @retval TRUE It is a valid user profile. >- @retval FALSE It is not a valid user profile. >- >-**/ >-BOOLEAN >-CheckProfileInfo ( >- IN UINT8 *UserProfileInfo, >- IN UINTN UserProfileSize >- ) >-{ >- UINTN ChkLen; >- EFI_USER_INFO *Info; >- >- if (UserProfileInfo == NULL) { >- return FALSE; >- } >- >- // >- // Check user profile information length. >- // >- ChkLen = 0; >- while (ChkLen < UserProfileSize) { >- Info = (EFI_USER_INFO *) (UserProfileInfo + ChkLen); >- // >- // Check user information format. >- // >- if (!CheckUserInfo (Info)) { >- return FALSE; >- } >- >- ChkLen += ALIGN_VARIABLE (Info->InfoSize); >- } >- >- if (ChkLen != UserProfileSize) { >- return FALSE; >- } >- >- return TRUE; >-} >- >- >-/** >- Find the specified RightType in current user profile. >- >- @param[in] RightType Could be EFI_USER_INFO_ACCESS_MANAGE, >- EFI_USER_INFO_ACCESS_ENROLL_OTHERS or >- EFI_USER_INFO_ACCESS_ENROLL_SELF. >- >- @retval TRUE Find the specified RightType in current user profile. >- @retval FALSE Can't find the right in the profile. >- >-**/ >-BOOLEAN >-CheckCurrentUserAccessRight ( >- IN UINT32 RightType >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO *Info; >- UINTN TotalLen; >- UINTN CheckLen; >- EFI_USER_INFO_ACCESS_CONTROL Access; >- >- // >- // Get user access right information. >- // >- Info = NULL; >- Status = FindUserInfoByType ( >- (USER_PROFILE_ENTRY *) mCurrentUser, >- &Info, >- EFI_USER_INFO_ACCESS_POLICY_RECORD >- ); >- if (EFI_ERROR (Status)) { >- return FALSE; >- } >- >- ASSERT (Info != NULL); >- TotalLen = Info->InfoSize - sizeof (EFI_USER_INFO); >- CheckLen = 0; >- while (CheckLen < TotalLen) { >- // >- // Check right according to access type. >- // >- CopyMem (&Access, (UINT8 *) (Info + 1) + CheckLen, sizeof (Access)); >- if (Access.Type == RightType) { >- return TRUE;; >- } >- >- CheckLen += Access.Size; >- } >- >- return FALSE; >-} >- >- >-/** >- Create a unique user identifier. >- >- @param[out] Identifier This points to the identifier. >- >-**/ >-VOID >-GenerateIdentifier ( >- OUT UINT8 *Identifier >- ) >-{ >- EFI_TIME Time; >- UINT64 MonotonicCount; >- UINT32 *MonotonicPointer; >- UINTN Index; >- >- // >- // Create a unique user identifier. >- // >- gRT->GetTime (&Time, NULL); >- CopyMem (Identifier, &Time, sizeof (EFI_TIME)); >- // >- // Remove zeros. >- // >- for (Index = 0; Index < sizeof (EFI_TIME); Index++) { >- if (Identifier[Index] == 0) { >- Identifier[Index] = 0x5a; >- } >- } >- >- MonotonicPointer = (UINT32 *) Identifier; >- gBS->GetNextMonotonicCount (&MonotonicCount); >- MonotonicPointer[0] += (UINT32) MonotonicCount; >- MonotonicPointer[1] += (UINT32) MonotonicCount; >- MonotonicPointer[2] += (UINT32) MonotonicCount; >- MonotonicPointer[3] += (UINT32) MonotonicCount; >-} >- >- >-/** >- Generate unique user ID. >- >- @param[out] UserId Points to the user identifer. >- >-**/ >-VOID >-GenerateUserId ( >- OUT UINT8 *UserId >- ) >-{ >- EFI_STATUS Status; >- USER_PROFILE_ENTRY *UserProfile; >- EFI_USER_INFO *UserInfo; >- UINTN Index; >- >- // >- // Generate unique user ID >- // >- while (TRUE) { >- GenerateIdentifier (UserId); >- // >- // Check whether it's unique in user profile database. >- // >- if (mUserProfileDb == NULL) { >- return ; >- } >- >- for (Index = 0; Index < mUserProfileDb->UserProfileNum; Index++) { >- UserProfile = (USER_PROFILE_ENTRY *) (mUserProfileDb- >>UserProfile[Index]); >- UserInfo = NULL; >- Status = FindUserInfoByType (UserProfile, &UserInfo, >EFI_USER_INFO_IDENTIFIER_RECORD); >- if (EFI_ERROR (Status)) { >- continue; >- } >- >- if (CompareMem ((UINT8 *) (UserInfo + 1), UserId, sizeof >(EFI_USER_INFO_IDENTIFIER)) == 0) { >- break; >- } >- } >- >- if (Index == mUserProfileDb->UserProfileNum) { >- return ; >- } >- } >-} >- >- >-/** >- Expand user profile database. >- >- @retval TRUE Success to expand user profile database. >- @retval FALSE Fail to expand user profile database. >- >-**/ >-BOOLEAN >-ExpandUsermUserProfileDb ( >- VOID >- ) >-{ >- UINTN MaxNum; >- USER_PROFILE_DB *NewDataBase; >- >- // >- // Create new user profile database. >- // >- if (mUserProfileDb == NULL) { >- MaxNum = USER_NUMBER_INC; >- } else { >- MaxNum = mUserProfileDb->MaxProfileNum + USER_NUMBER_INC; >- } >- >- NewDataBase = AllocateZeroPool ( >- sizeof (USER_PROFILE_DB) - sizeof (EFI_USER_PROFILE_HANDLE) + >- MaxNum * sizeof (EFI_USER_PROFILE_HANDLE) >- ); >- if (NewDataBase == NULL) { >- return FALSE; >- } >- >- NewDataBase->MaxProfileNum = MaxNum; >- >- // >- // Copy old user profile database value >- // >- if (mUserProfileDb == NULL) { >- NewDataBase->UserProfileNum = 0; >- } else { >- NewDataBase->UserProfileNum = mUserProfileDb->UserProfileNum; >- CopyMem ( >- NewDataBase->UserProfile, >- mUserProfileDb->UserProfile, >- NewDataBase->UserProfileNum * sizeof (EFI_USER_PROFILE_HANDLE) >- ); >- FreePool (mUserProfileDb); >- } >- >- mUserProfileDb = NewDataBase; >- return TRUE; >-} >- >- >-/** >- Expand user profile >- >- @param[in] User Points to user profile. >- @param[in] ExpandSize The size of user profile. >- >- @retval TRUE Success to expand user profile size. >- @retval FALSE Fail to expand user profile size. >- >-**/ >-BOOLEAN >-ExpandUserProfile ( >- IN USER_PROFILE_ENTRY *User, >- IN UINTN ExpandSize >- ) >-{ >- UINT8 *Info; >- UINTN InfoSizeInc; >- >- // >- // Allocate new memory. >- // >- InfoSizeInc = 128; >- User->MaxProfileSize += ((ExpandSize + InfoSizeInc - 1) / InfoSizeInc) * >InfoSizeInc; >- Info = AllocateZeroPool (User->MaxProfileSize); >- if (Info == NULL) { >- return FALSE; >- } >- >- // >- // Copy exist information. >- // >- if (User->UserProfileSize > 0) { >- CopyMem (Info, User->ProfileInfo, User->UserProfileSize); >- FreePool (User->ProfileInfo); >- } >- >- User->ProfileInfo = Info; >- return TRUE; >-} >- >- >-/** >- Save the user profile to non-volatile memory, or delete it from non-volatile >memory. >- >- @param[in] User Point to the user profile >- @param[in] Delete If TRUE, delete the found user profile. >- If FALSE, save the user profile. >- @retval EFI_SUCCESS Save or delete user profile successfully. >- @retval Others Fail to change the profile. >- >-**/ >-EFI_STATUS >-SaveNvUserProfile ( >- IN USER_PROFILE_ENTRY *User, >- IN BOOLEAN Delete >- ) >-{ >- EFI_STATUS Status; >- >- // >- // Check user profile entry. >- // >- Status = FindUserProfile (&User, FALSE, NULL); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- // >- // Save the user profile to non-volatile memory. >- // >- Status = gRT->SetVariable ( >- User->UserVarName, >- &gUserIdentifyManagerGuid, >- EFI_VARIABLE_NON_VOLATILE | >EFI_VARIABLE_BOOTSERVICE_ACCESS, >- Delete ? 0 : User->UserProfileSize, >- User->ProfileInfo >- ); >- return Status; >-} >- >-/** >- Add one new user info into the user's profile. >- >- @param[in] User point to the user profile >- @param[in] Info Points to the user information payload. >- @param[in] InfoSize The size of the user information payload, in bytes. >- @param[out] UserInfo Point to the new info in user profile >- @param[in] Save If TRUE, save the profile to NV flash. >- If FALSE, don't need to save the profile to NV flash. >- >- @retval EFI_SUCCESS Add user info to user profile successfully. >- @retval Others Fail to add user info to user profile. >- >-**/ >-EFI_STATUS >-AddUserInfo ( >- IN USER_PROFILE_ENTRY *User, >- IN UINT8 *Info, >- IN UINTN InfoSize, >- OUT EFI_USER_INFO **UserInfo, OPTIONAL >- IN BOOLEAN Save >- ) >-{ >- EFI_STATUS Status; >- >- if ((Info == NULL) || (User == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Check user profile handle. >- // >- Status = FindUserProfile (&User, FALSE, NULL); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- // >- // Check user information memory size. >- // >- if (User->MaxProfileSize - User->UserProfileSize < ALIGN_VARIABLE >(InfoSize)) { >- if (!ExpandUserProfile (User, ALIGN_VARIABLE (InfoSize))) { >- return EFI_OUT_OF_RESOURCES; >- } >- } >- >- // >- // Add new user information. >- // >- CopyMem (User->ProfileInfo + User->UserProfileSize, Info, InfoSize); >- if (UserInfo != NULL) { >- *UserInfo = (EFI_USER_INFO *) (User->ProfileInfo + User- >>UserProfileSize); >- } >- User->UserProfileSize += ALIGN_VARIABLE (InfoSize); >- >- // >- // Save user profile information. >- // >- if (Save) { >- Status = SaveNvUserProfile (User, FALSE); >- } >- >- return Status; >-} >- >- >-/** >- Get the user info from the specified user info handle. >- >- @param[in] User Point to the user profile. >- @param[in] UserInfo Point to the user information record to get. >- @param[out] Info On entry, points to a buffer of at least *InfoSize >bytes. >- On exit, holds the user information. >- @param[in, out] InfoSize On entry, points to the size of Info. >- On return, points to the size of the user information. >- @param[in] ChkRight If TRUE, check the user info attribute. >- If FALSE, don't check the user info attribute. >- >- >- @retval EFI_ACCESS_DENIED The information cannot be accessed by the >current user. >- @retval EFI_INVALID_PARAMETER InfoSize is NULL or UserInfo is NULL. >- @retval EFI_BUFFER_TOO_SMALL The number of bytes specified by >*InfoSize is too small to hold the >- returned data. The actual size required is returned in >*InfoSize. >- @retval EFI_SUCCESS Information returned successfully. >- >-**/ >-EFI_STATUS >-GetUserInfo ( >- IN USER_PROFILE_ENTRY *User, >- IN EFI_USER_INFO *UserInfo, >- OUT EFI_USER_INFO *Info, >- IN OUT UINTN *InfoSize, >- IN BOOLEAN ChkRight >- ) >-{ >- EFI_STATUS Status; >- >- if ((InfoSize == NULL) || (UserInfo == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- if ((*InfoSize != 0) && (Info == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Find the user information to get. >- // >- Status = FindUserInfo (User, &UserInfo, FALSE, NULL); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- // >- // Check information attributes. >- // >- if (ChkRight) { >- switch (UserInfo->InfoAttribs & EFI_USER_INFO_ACCESS) { >- case EFI_USER_INFO_PRIVATE: >- case EFI_USER_INFO_PROTECTED: >- if (User != mCurrentUser) { >- return EFI_ACCESS_DENIED; >- } >- break; >- >- case EFI_USER_INFO_PUBLIC: >- break; >- >- default: >- return EFI_INVALID_PARAMETER; >- break; >- } >- } >- >- // >- // Get user information. >- // >- if (UserInfo->InfoSize > *InfoSize) { >- *InfoSize = UserInfo->InfoSize; >- return EFI_BUFFER_TOO_SMALL; >- } >- >- *InfoSize = UserInfo->InfoSize; >- if (Info != NULL) { >- CopyMem (Info, UserInfo, *InfoSize); >- } >- >- return EFI_SUCCESS; >-} >- >- >-/** >- Delete the specified user information from user profile. >- >- @param[in] User Point to the user profile. >- @param[in] Info Point to the user information record to delete. >- @param[in] Save If TRUE, save the profile to NV flash. >- If FALSE, don't need to save the profile to NV flash. >- >- @retval EFI_SUCCESS Delete user info from user profile successfully. >- @retval Others Fail to delete user info from user profile. >- >-**/ >-EFI_STATUS >-DelUserInfo ( >- IN USER_PROFILE_ENTRY *User, >- IN EFI_USER_INFO *Info, >- IN BOOLEAN Save >- ) >-{ >- EFI_STATUS Status; >- UINTN Offset; >- UINTN NextOffset; >- >- // >- // Check user information handle. >- // >- Status = FindUserInfo (User, &Info, FALSE, &Offset); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- if (Info->InfoType == EFI_USER_INFO_IDENTIFIER_RECORD) { >- return EFI_ACCESS_DENIED; >- } >- >- // >- // Delete the specified user information. >- // >- NextOffset = Offset + ALIGN_VARIABLE (Info->InfoSize); >- User->UserProfileSize -= ALIGN_VARIABLE (Info->InfoSize); >- if (Offset < User->UserProfileSize) { >- CopyMem (User->ProfileInfo + Offset, User->ProfileInfo + NextOffset, >User->UserProfileSize - Offset); >- } >- >- if (Save) { >- Status = SaveNvUserProfile (User, FALSE); >- } >- >- return Status; >-} >- >- >-/** >- Add or update user information. >- >- @param[in] User Point to the user profile. >- @param[in, out] UserInfo On entry, points to the user information to >modify, >- or NULL to add a new UserInfo. >- On return, points to the modified user information. >- @param[in] Info Points to the new user information. >- @param[in] InfoSize The size of Info,in bytes. >- >- @retval EFI_INVALID_PARAMETER UserInfo is NULL or Info is NULL. >- @retval EFI_ACCESS_DENIED The record is exclusive. >- @retval EFI_SUCCESS User information was successfully >changed/added. >- >-**/ >-EFI_STATUS >-ModifyUserInfo ( >- IN USER_PROFILE_ENTRY *User, >- IN OUT EFI_USER_INFO **UserInfo, >- IN CONST EFI_USER_INFO *Info, >- IN UINTN InfoSize >- ) >-{ >- EFI_STATUS Status; >- UINTN PayloadLen; >- EFI_USER_INFO *OldInfo; >- >- if ((UserInfo == NULL) || (Info == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- if (InfoSize < sizeof (EFI_USER_INFO) || InfoSize != Info->InfoSize) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Check user information. >- // >- if (Info->InfoType == EFI_USER_INFO_IDENTIFIER_RECORD) { >- return EFI_ACCESS_DENIED; >- } >- >- if (!CheckUserInfo (Info)) { >- return EFI_INVALID_PARAMETER; >- } >- >- >- if (*UserInfo == NULL) { >- // >- // Add new user information. >- // >- OldInfo = NULL; >- do { >- Status = FindUserInfoByType (User, &OldInfo, Info->InfoType); >- if (EFI_ERROR (Status)) { >- break; >- } >- ASSERT (OldInfo != NULL); >- >- if (((OldInfo->InfoAttribs & EFI_USER_INFO_EXCLUSIVE) != 0) || >- ((Info->InfoAttribs & EFI_USER_INFO_EXCLUSIVE) != 0)) { >- // >- // Same type can not co-exist for exclusive information. >- // >- return EFI_ACCESS_DENIED; >- } >- >- // >- // Check whether it exists in DB. >- // >- if (Info->InfoSize != OldInfo->InfoSize) { >- continue; >- } >- >- if (!CompareGuid (&OldInfo->Credential, &Info->Credential)) { >- continue; >- } >- >- PayloadLen = Info->InfoSize - sizeof (EFI_USER_INFO); >- if (PayloadLen == 0) { >- continue; >- } >- >- if (CompareMem ((UINT8 *)(OldInfo + 1), (UINT8 *)(Info + 1), >PayloadLen) != 0) { >- continue; >- } >- >- // >- // Yes. The new info is as same as the one in profile. >- // >- return EFI_SUCCESS; >- } while (!EFI_ERROR (Status)); >- >- Status = AddUserInfo (User, (UINT8 *) Info, InfoSize, UserInfo, TRUE); >- return Status; >- } >- >- // >- // Modify existing user information. >- // >- OldInfo = *UserInfo; >- if (OldInfo->InfoType != Info->InfoType) { >- return EFI_INVALID_PARAMETER; >- } >- >- if (((Info->InfoAttribs & EFI_USER_INFO_EXCLUSIVE) != 0) && >- (OldInfo->InfoAttribs & EFI_USER_INFO_EXCLUSIVE) == 0) { >- // >- // Try to add exclusive attrib in new info. >- // Check whether there is another information with the same type in >profile. >- // >- OldInfo = NULL; >- do { >- Status = FindUserInfoByType (User, &OldInfo, Info->InfoType); >- if (EFI_ERROR (Status)) { >- break; >- } >- if (OldInfo != *UserInfo) { >- // >- // There is another information with the same type in profile. >- // Therefore, can't modify existing user information to add exclusive >attribute. >- // >- return EFI_ACCESS_DENIED; >- } >- } while (TRUE); >- } >- >- Status = DelUserInfo (User, *UserInfo, FALSE); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- return AddUserInfo (User, (UINT8 *) Info, InfoSize, UserInfo, TRUE); >-} >- >- >-/** >- Delete the user profile from non-volatile memory and database. >- >- @param[in] User Points to the user profile. >- >- @retval EFI_SUCCESS Delete user from the user profile successfully. >- @retval Others Fail to delete user from user profile >- >-**/ >-EFI_STATUS >-DelUserProfile ( >- IN USER_PROFILE_ENTRY *User >- ) >-{ >- EFI_STATUS Status; >- UINTN Index; >- >- // >- // Check whether it is in the user profile database. >- // >- Status = FindUserProfile (&User, FALSE, &Index); >- if (EFI_ERROR (Status)) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Check whether it is the current user. >- // >- if (User == mCurrentUser) { >- return EFI_ACCESS_DENIED; >- } >- >- // >- // Delete user profile from the non-volatile memory. >- // >- Status = SaveNvUserProfile (mUserProfileDb- >>UserProfile[mUserProfileDb->UserProfileNum - 1], TRUE); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- mUserProfileDb->UserProfileNum--; >- >- // >- // Modify user profile database. >- // >- if (Index != mUserProfileDb->UserProfileNum) { >- mUserProfileDb->UserProfile[Index] = mUserProfileDb- >>UserProfile[mUserProfileDb->UserProfileNum]; >- CopyMem ( >- ((USER_PROFILE_ENTRY *) mUserProfileDb->UserProfile[Index])- >>UserVarName, >- User->UserVarName, >- sizeof (User->UserVarName) >- ); >- Status = SaveNvUserProfile (mUserProfileDb->UserProfile[Index], FALSE); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- } >- // >- // Delete user profile information. >- // >- if (User->ProfileInfo != NULL) { >- FreePool (User->ProfileInfo); >- } >- >- FreePool (User); >- return EFI_SUCCESS; >-} >- >- >-/** >- Add user profile to user profile database. >- >- @param[out] UserProfile Point to the newly added user profile. >- @param[in] ProfileSize The size of the user profile. >- @param[in] ProfileInfo Point to the user profie data. >- @param[in] Save If TRUE, save the new added profile to NV flash. >- If FALSE, don't save the profile to NV flash. >- >- @retval EFI_SUCCESS Add user profile to user profile database >successfully. >- @retval Others Fail to add user profile to user profile database. >- >-**/ >-EFI_STATUS >-AddUserProfile ( >- OUT USER_PROFILE_ENTRY **UserProfile, OPTIONAL >- IN UINTN ProfileSize, >- IN UINT8 *ProfileInfo, >- IN BOOLEAN Save >- ) >-{ >- EFI_STATUS Status; >- USER_PROFILE_ENTRY *User; >- >- // >- // Check the data format to be added. >- // >- if (!CheckProfileInfo (ProfileInfo, ProfileSize)) { >- return EFI_SECURITY_VIOLATION; >- } >- >- // >- // Create user profile entry. >- // >- User = AllocateZeroPool (sizeof (USER_PROFILE_ENTRY)); >- if (User == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- // >- // Add the entry to the user profile database. >- // >- if (mUserProfileDb->UserProfileNum == mUserProfileDb->MaxProfileNum) >{ >- if (!ExpandUsermUserProfileDb ()) { >- FreePool (User); >- return EFI_OUT_OF_RESOURCES; >- } >- } >- >- UnicodeSPrint ( >- User->UserVarName, >- sizeof (User->UserVarName), >- L"User%04x", >- mUserProfileDb->UserProfileNum >- ); >- User->UserProfileSize = 0; >- User->MaxProfileSize = 0; >- User->ProfileInfo = NULL; >- mUserProfileDb->UserProfile[mUserProfileDb->UserProfileNum] = >(EFI_USER_PROFILE_HANDLE) User; >- mUserProfileDb->UserProfileNum++; >- >- // >- // Add user profile information. >- // >- Status = AddUserInfo (User, ProfileInfo, ProfileSize, NULL, Save); >- if (EFI_ERROR (Status)) { >- DelUserProfile (User); >- return Status; >- } >- // >- // Set new user profile handle. >- // >- if (UserProfile != NULL) { >- *UserProfile = User; >- } >- >- return EFI_SUCCESS; >-} >- >- >-/** >- This function creates a new user profile with only a new user identifier >- attached and returns its handle. The user profile is non-volatile, but the >- handle User can change across reboots. >- >- @param[out] User Handle of a new user profile. >- >- @retval EFI_SUCCESS User profile was successfully created. >- @retval Others Fail to create user profile >- >-**/ >-EFI_STATUS >-CreateUserProfile ( >- OUT USER_PROFILE_ENTRY **User >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO *UserInfo; >- >- if (User == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- // >- // Generate user id information. >- // >- UserInfo = AllocateZeroPool (sizeof (EFI_USER_INFO) + sizeof >(EFI_USER_INFO_IDENTIFIER)); >- if (UserInfo == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- >- UserInfo->InfoType = EFI_USER_INFO_IDENTIFIER_RECORD; >- UserInfo->InfoSize = sizeof (EFI_USER_INFO) + sizeof >(EFI_USER_INFO_IDENTIFIER); >- UserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; >- GenerateUserId ((UINT8 *) (UserInfo + 1)); >- >- // >- // Add user profile to the user profile database. >- // >- Status = AddUserProfile (User, UserInfo->InfoSize, (UINT8 *) UserInfo, >TRUE); >- FreePool (UserInfo); >- return Status; >-} >- >- >-/** >- Add a default user profile to user profile database. >- >- @retval EFI_SUCCESS A default user profile is added successfully. >- @retval Others Fail to add a default user profile >- >-**/ >-EFI_STATUS >-AddDefaultUserProfile ( >- VOID >- ) >-{ >- EFI_STATUS Status; >- USER_PROFILE_ENTRY *User; >- EFI_USER_INFO *Info; >- EFI_USER_INFO *NewInfo; >- EFI_USER_INFO_CREATE_DATE CreateDate; >- EFI_USER_INFO_USAGE_COUNT UsageCount; >- EFI_USER_INFO_ACCESS_CONTROL *Access; >- EFI_USER_INFO_IDENTITY_POLICY *Policy; >- >- // >- // Create a user profile. >- // >- Status = CreateUserProfile (&User); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- // >- // Allocate a buffer to add all default user information. >- // >- Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + INFO_PAYLOAD_SIZE); >- if (Info == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- >- // >- // Add user name. >- // >- Info->InfoType = EFI_USER_INFO_NAME_RECORD; >- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; >- Info->InfoSize = sizeof (EFI_USER_INFO) + sizeof (mUserName); >- CopyMem ((UINT8 *) (Info + 1), mUserName, sizeof (mUserName)); >- NewInfo = NULL; >- Status = ModifyUserInfo (User, &NewInfo, Info, Info->InfoSize); >- if (EFI_ERROR (Status)) { >- goto Done; >- } >- >- // >- // Add user profile create date record. >- // >- Info->InfoType = EFI_USER_INFO_CREATE_DATE_RECORD; >- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; >- Info->InfoSize = sizeof (EFI_USER_INFO) + sizeof >(EFI_USER_INFO_CREATE_DATE); >- Status = gRT->GetTime (&CreateDate, NULL); >- if (EFI_ERROR (Status)) { >- goto Done; >- } >- >- CopyMem ((UINT8 *) (Info + 1), &CreateDate, sizeof >(EFI_USER_INFO_CREATE_DATE)); >- NewInfo = NULL; >- Status = ModifyUserInfo (User, &NewInfo, Info, Info->InfoSize); >- if (EFI_ERROR (Status)) { >- goto Done; >- } >- >- // >- // Add user profile usage count record. >- // >- Info->InfoType = EFI_USER_INFO_USAGE_COUNT_RECORD; >- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; >- Info->InfoSize = sizeof (EFI_USER_INFO) + sizeof >(EFI_USER_INFO_USAGE_COUNT); >- UsageCount = 0; >- CopyMem ((UINT8 *) (Info + 1), &UsageCount, sizeof >(EFI_USER_INFO_USAGE_COUNT)); >- NewInfo = NULL; >- Status = ModifyUserInfo (User, &NewInfo, Info, Info->InfoSize); >- if (EFI_ERROR (Status)) { >- goto Done; >- } >- >- // >- // Add user access right. >- // >- Info->InfoType = EFI_USER_INFO_ACCESS_POLICY_RECORD; >- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; >- Access = (EFI_USER_INFO_ACCESS_CONTROL *) (Info + 1); >- Access->Type = EFI_USER_INFO_ACCESS_MANAGE; >- Access->Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL); >- Info->InfoSize = sizeof (EFI_USER_INFO) + Access->Size; >- NewInfo = NULL; >- Status = ModifyUserInfo (User, &NewInfo, Info, Info->InfoSize); >- if (EFI_ERROR (Status)) { >- goto Done; >- } >- >- // >- // Add user identity policy. >- // >- Info->InfoType = EFI_USER_INFO_IDENTITY_POLICY_RECORD; >- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >EFI_USER_INFO_PRIVATE | EFI_USER_INFO_EXCLUSIVE; >- Policy = (EFI_USER_INFO_IDENTITY_POLICY *) (Info + 1); >- Policy->Type = EFI_USER_INFO_IDENTITY_TRUE; >- Policy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY); >- Info->InfoSize = sizeof (EFI_USER_INFO) + Policy->Length; >- NewInfo = NULL; >- Status = ModifyUserInfo (User, &NewInfo, Info, Info->InfoSize); >- >-Done: >- FreePool (Info); >- return Status; >-} >- >- >-/** >- Publish current user information into EFI System Configuration Table. >- >- By UEFI spec, the User Identity Manager will publish the current user profile >- into the EFI System Configuration Table. Currently, only the user identifier >and user >- name are published. >- >- @retval EFI_SUCCESS Current user information is published successfully. >- @retval Others Fail to publish current user information >- >-**/ >-EFI_STATUS >-PublishUserTable ( >- VOID >- ) >-{ >- EFI_STATUS Status; >- EFI_CONFIGURATION_TABLE *EfiConfigurationTable; >- EFI_USER_INFO_TABLE *UserInfoTable; >- EFI_USER_INFO *IdInfo; >- EFI_USER_INFO *NameInfo; >- >- Status = EfiGetSystemConfigurationTable ( >- &gEfiUserManagerProtocolGuid, >- (VOID **) &EfiConfigurationTable >- ); >- if (!EFI_ERROR (Status)) { >- // >- // The table existed! >- // >- return EFI_SUCCESS; >- } >- >- // >- // Get user ID information. >- // >- IdInfo = NULL; >- Status = FindUserInfoByType (mCurrentUser, &IdInfo, >EFI_USER_INFO_IDENTIFIER_RECORD); >- if (EFI_ERROR (Status)) { >- return Status; >- >- } >- // >- // Get user name information. >- // >- NameInfo = NULL; >- Status = FindUserInfoByType (mCurrentUser, &NameInfo, >EFI_USER_INFO_NAME_RECORD); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- // >- // Allocate a buffer for user information table. >- // >- UserInfoTable = (EFI_USER_INFO_TABLE *) AllocateRuntimePool ( >- sizeof (EFI_USER_INFO_TABLE) + >- IdInfo->InfoSize + >- NameInfo->InfoSize >- ); >- if (UserInfoTable == NULL) { >- Status = EFI_OUT_OF_RESOURCES; >- return Status; >- } >- >- UserInfoTable->Size = sizeof (EFI_USER_INFO_TABLE); >- >- // >- // Append the user information to the user info table >- // >- CopyMem ((UINT8 *) UserInfoTable + UserInfoTable->Size, (UINT8 *) IdInfo, >IdInfo->InfoSize); >- UserInfoTable->Size += IdInfo->InfoSize; >- >- CopyMem ((UINT8 *) UserInfoTable + UserInfoTable->Size, (UINT8 *) >NameInfo, NameInfo->InfoSize); >- UserInfoTable->Size += NameInfo->InfoSize; >- >- Status = gBS->InstallConfigurationTable (&gEfiUserManagerProtocolGuid, >(VOID *) UserInfoTable); >- return Status; >-} >- >- >-/** >- Get the user's identity type. >- >- The identify manager only supports the identity policy in which the >credential >- provider handles are connected by the operator 'AND' or 'OR'. >- >- >- @param[in] User Handle of a user profile. >- @param[out] PolicyType Point to the identity type. >- >- @retval EFI_SUCCESS Get user's identity type successfully. >- @retval Others Fail to get user's identity type. >- >-**/ >-EFI_STATUS >-GetIdentifyType ( >- IN EFI_USER_PROFILE_HANDLE User, >- OUT UINT8 *PolicyType >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO *IdentifyInfo; >- UINTN TotalLen; >- EFI_USER_INFO_IDENTITY_POLICY *Identity; >- >- // >- // Get user identify policy information. >- // >- IdentifyInfo = NULL; >- Status = FindUserInfoByType (User, &IdentifyInfo, >EFI_USER_INFO_IDENTITY_POLICY_RECORD); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- ASSERT (IdentifyInfo != NULL); >- >- // >- // Search the user identify policy according to type. >- // >- TotalLen = 0; >- *PolicyType = EFI_USER_INFO_IDENTITY_FALSE; >- while (TotalLen < IdentifyInfo->InfoSize - sizeof (EFI_USER_INFO)) { >- Identity = (EFI_USER_INFO_IDENTITY_POLICY *) ((UINT8 *) (IdentifyInfo + >1) + TotalLen); >- if (Identity->Type == EFI_USER_INFO_IDENTITY_AND) { >- *PolicyType = EFI_USER_INFO_IDENTITY_AND; >- break; >- } >- >- if (Identity->Type == EFI_USER_INFO_IDENTITY_OR) { >- *PolicyType = EFI_USER_INFO_IDENTITY_OR; >- break; >- } >- TotalLen += Identity->Length; >- } >- return EFI_SUCCESS; >-} >- >- >-/** >- Identify the User by the specfied provider. >- >- @param[in] User Handle of a user profile. >- @param[in] Provider Points to the identifier of credential provider. >- >- @retval EFI_INVALID_PARAMETER Provider is NULL. >- @retval EFI_NOT_FOUND Fail to identify the specified user. >- @retval EFI_SUCCESS User is identified successfully. >- >-**/ >-EFI_STATUS >-IdentifyByProviderId ( >- IN EFI_USER_PROFILE_HANDLE User, >- IN EFI_GUID *Provider >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO_IDENTIFIER UserId; >- UINTN Index; >- EFI_CREDENTIAL_LOGON_FLAGS AutoLogon; >- EFI_HII_HANDLE HiiHandle; >- EFI_GUID FormSetId; >- EFI_FORM_ID FormId; >- EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential; >- >- if (Provider == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Check the user ID identified by the specified credential provider. >- // >- for (Index = 0; Index < mProviderDb->Count; Index++) { >- // >- // Check credential provider class. >- // >- UserCredential = mProviderDb->Provider[Index]; >- if (CompareGuid (&UserCredential->Identifier, Provider)) { >- Status = UserCredential->Select (UserCredential, &AutoLogon); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- if ((AutoLogon & EFI_CREDENTIAL_LOGON_FLAG_AUTO) == 0) { >- // >- // Get credential provider form. >- // >- Status = UserCredential->Form ( >- UserCredential, >- &HiiHandle, >- &FormSetId, >- &FormId >- ); >- if (!EFI_ERROR (Status)) { >- // >- // Send form to get user input. >- // >- Status = mCallbackInfo->FormBrowser2->SendForm ( >- mCallbackInfo->FormBrowser2, >- &HiiHandle, >- 1, >- &FormSetId, >- FormId, >- NULL, >- NULL >- ); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- } >- } >- >- Status = UserCredential->User (UserCredential, User, &UserId); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- Status = UserCredential->Deselect (UserCredential); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- return EFI_SUCCESS; >- } >- } >- >- return EFI_NOT_FOUND; >-} >- >- >-/** >- Update user information when user is logon on successfully. >- >- @param[in] User Points to user profile. >- >- @retval EFI_SUCCESS Update user information successfully. >- @retval Others Fail to update user information. >- >-**/ >-EFI_STATUS >-UpdateUserInfo ( >- IN USER_PROFILE_ENTRY *User >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO *Info; >- EFI_USER_INFO *NewInfo; >- EFI_USER_INFO_CREATE_DATE Date; >- EFI_USER_INFO_USAGE_COUNT UsageCount; >- UINTN InfoLen; >- >- // >- // Allocate a buffer to update user's date record and usage record. >- // >- InfoLen = MAX (sizeof (EFI_USER_INFO_CREATE_DATE), sizeof >(EFI_USER_INFO_USAGE_COUNT)); >- Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + InfoLen); >- if (Info == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- >- // >- // Check create date record. >- // >- NewInfo = NULL; >- Status = FindUserInfoByType (User, &NewInfo, >EFI_USER_INFO_CREATE_DATE_RECORD); >- if (Status == EFI_NOT_FOUND) { >- Info->InfoType = EFI_USER_INFO_CREATE_DATE_RECORD; >- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; >- Info->InfoSize = sizeof (EFI_USER_INFO) + sizeof >(EFI_USER_INFO_CREATE_DATE); >- Status = gRT->GetTime (&Date, NULL); >- if (EFI_ERROR (Status)) { >- FreePool (Info); >- return Status; >- } >- >- CopyMem ((UINT8 *) (Info + 1), &Date, sizeof >(EFI_USER_INFO_CREATE_DATE)); >- NewInfo = NULL; >- Status = ModifyUserInfo (User, &NewInfo, Info, Info->InfoSize); >- if (EFI_ERROR (Status)) { >- FreePool (Info); >- return Status; >- } >- } >- >- // >- // Update usage date record. >- // >- NewInfo = NULL; >- Status = FindUserInfoByType (User, &NewInfo, >EFI_USER_INFO_USAGE_DATE_RECORD); >- if ((Status == EFI_SUCCESS) || (Status == EFI_NOT_FOUND)) { >- Info->InfoType = EFI_USER_INFO_USAGE_DATE_RECORD; >- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; >- Info->InfoSize = sizeof (EFI_USER_INFO) + sizeof >(EFI_USER_INFO_USAGE_DATE); >- Status = gRT->GetTime (&Date, NULL); >- if (EFI_ERROR (Status)) { >- FreePool (Info); >- return Status; >- } >- >- CopyMem ((UINT8 *) (Info + 1), &Date, sizeof >(EFI_USER_INFO_USAGE_DATE)); >- Status = ModifyUserInfo (User, &NewInfo, Info, Info->InfoSize); >- if (EFI_ERROR (Status)) { >- FreePool (Info); >- return Status; >- } >- } >- >- // >- // Update usage count record. >- // >- UsageCount = 0; >- NewInfo = NULL; >- Status = FindUserInfoByType (User, &NewInfo, >EFI_USER_INFO_USAGE_COUNT_RECORD); >- // >- // Get usage count. >- // >- if (Status == EFI_SUCCESS) { >- CopyMem (&UsageCount, (UINT8 *) (NewInfo + 1), sizeof >(EFI_USER_INFO_USAGE_COUNT)); >- } >- >- UsageCount++; >- if ((Status == EFI_SUCCESS) || (Status == EFI_NOT_FOUND)) { >- Info->InfoType = EFI_USER_INFO_USAGE_COUNT_RECORD; >- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; >- Info->InfoSize = sizeof (EFI_USER_INFO) + sizeof >(EFI_USER_INFO_USAGE_COUNT); >- CopyMem ((UINT8 *) (Info + 1), &UsageCount, sizeof >(EFI_USER_INFO_USAGE_COUNT)); >- Status = ModifyUserInfo (User, &NewInfo, Info, Info->InfoSize); >- if (EFI_ERROR (Status)) { >- FreePool (Info); >- return Status; >- } >- } >- >- FreePool (Info); >- return EFI_SUCCESS; >-} >- >- >-/** >- Add a credenetial provider item in form. >- >- @param[in] ProviderGuid Points to the identifir of credential provider. >- @param[in] OpCodeHandle Points to container for dynamic created >opcodes. >- >-**/ >-VOID >-AddProviderSelection ( >- IN EFI_GUID *ProviderGuid, >- IN VOID *OpCodeHandle >- ) >-{ >- EFI_HII_HANDLE HiiHandle; >- EFI_STRING_ID ProvID; >- CHAR16 *ProvStr; >- UINTN Index; >- EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential; >- >- for (Index = 0; Index < mProviderDb->Count; Index++) { >- UserCredential = mProviderDb->Provider[Index]; >- if (CompareGuid (&UserCredential->Identifier, ProviderGuid)) { >- // >- // Add credential provider selection. >- // >- UserCredential->Title (UserCredential, &HiiHandle, &ProvID); >- ProvStr = HiiGetString (HiiHandle, ProvID, NULL); >- if (ProvStr == NULL) { >- continue ; >- } >- ProvID = HiiSetString (mCallbackInfo->HiiHandle, 0, ProvStr, NULL); >- FreePool (ProvStr); >- HiiCreateActionOpCode ( >- OpCodeHandle, // Container for dynamic created opcodes >- (EFI_QUESTION_ID)(LABEL_PROVIDER_NAME + Index), // Question ID >- ProvID, // Prompt text >- STRING_TOKEN (STR_NULL_STRING), // Help text >- EFI_IFR_FLAG_CALLBACK, // Question flag >- 0 // Action String ID >- ); >- break; >- } >- } >-} >- >- >-/** >- Add a username item in form. >- >- @param[in] Index The index of the user in the user name list. >- @param[in] User Points to the user profile whose username is added. >- @param[in] OpCodeHandle Points to container for dynamic created >opcodes. >- >- @retval EFI_SUCCESS Add a username successfully. >- @retval Others Fail to add a username. >- >-**/ >-EFI_STATUS >-AddUserSelection ( >- IN UINT16 Index, >- IN USER_PROFILE_ENTRY *User, >- IN VOID *OpCodeHandle >- ) >-{ >- EFI_STRING_ID UserName; >- EFI_STATUS Status; >- EFI_USER_INFO *UserInfo; >- >- UserInfo = NULL; >- Status = FindUserInfoByType (User, &UserInfo, >EFI_USER_INFO_NAME_RECORD); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- // >- // Add user name selection. >- // >- UserName = HiiSetString (mCallbackInfo->HiiHandle, 0, (EFI_STRING) >(UserInfo + 1), NULL); >- if (UserName == 0) { >- return EFI_OUT_OF_RESOURCES; >- } >- >- HiiCreateGotoOpCode ( >- OpCodeHandle, // Container for dynamic created opcodes >- FORMID_PROVIDER_FORM, // Target Form ID >- UserName, // Prompt text >- STRING_TOKEN (STR_NULL_STRING), // Help text >- EFI_IFR_FLAG_CALLBACK, // Question flag >- (UINT16) Index // Question ID >- ); >- >- return EFI_SUCCESS; >-} >- >- >-/** >- Identify the user whose identity policy does not contain the operator 'OR'. >- >- @param[in] User Points to the user profile. >- >- @retval EFI_SUCCESS The specified user is identified successfully. >- @retval Others Fail to identify the user. >- >-**/ >-EFI_STATUS >-IdentifyAndTypeUser ( >- IN USER_PROFILE_ENTRY *User >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO *IdentifyInfo; >- BOOLEAN Success; >- UINTN TotalLen; >- UINTN ValueLen; >- EFI_USER_INFO_IDENTITY_POLICY *Identity; >- >- // >- // Get user identify policy information. >- // >- IdentifyInfo = NULL; >- Status = FindUserInfoByType (User, &IdentifyInfo, >EFI_USER_INFO_IDENTITY_POLICY_RECORD); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- ASSERT (IdentifyInfo != NULL); >- >- // >- // Check each part of identification policy expression. >- // >- Success = FALSE; >- TotalLen = 0; >- while (TotalLen < IdentifyInfo->InfoSize - sizeof (EFI_USER_INFO)) { >- Identity = (EFI_USER_INFO_IDENTITY_POLICY *) ((UINT8 *) (IdentifyInfo + >1) + TotalLen); >- ValueLen = Identity->Length - sizeof (EFI_USER_INFO_IDENTITY_POLICY); >- switch (Identity->Type) { >- >- case EFI_USER_INFO_IDENTITY_FALSE: >- // >- // Check False option. >- // >- Success = FALSE; >- break; >- >- case EFI_USER_INFO_IDENTITY_TRUE: >- // >- // Check True option. >- // >- Success = TRUE; >- break; >- >- case EFI_USER_INFO_IDENTITY_NOT: >- // >- // Check negative operation. >- // >- break; >- >- case EFI_USER_INFO_IDENTITY_AND: >- // >- // Check and operation. >- // >- if (!Success) { >- return EFI_NOT_READY; >- } >- >- Success = FALSE; >- break; >- >- case EFI_USER_INFO_IDENTITY_OR: >- // >- // Check or operation. >- // >- if (Success) { >- return EFI_SUCCESS; >- } >- break; >- >- case EFI_USER_INFO_IDENTITY_CREDENTIAL_TYPE: >- // >- // Check credential provider by type. >- // >- break; >- >- case EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER: >- // >- // Check credential provider by ID. >- // >- if (ValueLen != sizeof (EFI_GUID)) { >- return EFI_INVALID_PARAMETER; >- } >- >- Status = IdentifyByProviderId (User, (EFI_GUID *) (Identity + 1)); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- Success = TRUE; >- break; >- >- default: >- return EFI_INVALID_PARAMETER; >- break; >- } >- >- TotalLen += Identity->Length; >- } >- >- if (TotalLen != IdentifyInfo->InfoSize - sizeof (EFI_USER_INFO)) { >- return EFI_INVALID_PARAMETER; >- } >- >- if (!Success) { >- return EFI_NOT_READY; >- } >- >- return EFI_SUCCESS; >-} >- >- >-/** >- Identify the user whose identity policy does not contain the operator 'AND'. >- >- @param[in] User Points to the user profile. >- >- @retval EFI_SUCCESS The specified user is identified successfully. >- @retval Others Fail to identify the user. >- >-**/ >-EFI_STATUS >-IdentifyOrTypeUser ( >- IN USER_PROFILE_ENTRY *User >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO *IdentifyInfo; >- UINTN TotalLen; >- UINTN ValueLen; >- EFI_USER_INFO_IDENTITY_POLICY *Identity; >- VOID *StartOpCodeHandle; >- VOID *EndOpCodeHandle; >- EFI_IFR_GUID_LABEL *StartLabel; >- EFI_IFR_GUID_LABEL *EndLabel; >- >- // >- // Get user identify policy information. >- // >- IdentifyInfo = NULL; >- Status = FindUserInfoByType (User, &IdentifyInfo, >EFI_USER_INFO_IDENTITY_POLICY_RECORD); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- ASSERT (IdentifyInfo != NULL); >- >- // >- // Initialize the container for dynamic opcodes. >- // >- StartOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (StartOpCodeHandle != NULL); >- >- EndOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (EndOpCodeHandle != NULL); >- >- // >- // Create Hii Extend Label OpCode. >- // >- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- StartOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- StartLabel->Number = LABEL_PROVIDER_NAME; >- >- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- EndOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- EndLabel->Number = LABEL_END; >- >- // >- // Add the providers that exists in the user's policy. >- // >- TotalLen = 0; >- while (TotalLen < IdentifyInfo->InfoSize - sizeof (EFI_USER_INFO)) { >- Identity = (EFI_USER_INFO_IDENTITY_POLICY *) ((UINT8 *) (IdentifyInfo + >1) + TotalLen); >- ValueLen = Identity->Length - sizeof (EFI_USER_INFO_IDENTITY_POLICY); >- if (Identity->Type == EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER) { >- AddProviderSelection ((EFI_GUID *) (Identity + 1), StartOpCodeHandle); >- } >- >- TotalLen += Identity->Length; >- } >- >- HiiUpdateForm ( >- mCallbackInfo->HiiHandle, // HII handle >- &gUserIdentifyManagerGuid,// Formset GUID >- FORMID_PROVIDER_FORM, // Form ID >- StartOpCodeHandle, // Label for where to insert opcodes >- EndOpCodeHandle // Replace data >- ); >- >- HiiFreeOpCodeHandle (StartOpCodeHandle); >- HiiFreeOpCodeHandle (EndOpCodeHandle); >- >- return EFI_SUCCESS; >-} >- >- >-/** >- This function processes the results of changes in configuration. >- >- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. >- @param Action Specifies the type of action taken by the browser. >- @param QuestionId A unique value which is sent to the original >- exporting driver so that it can identify the type >- of data to expect. >- @param Type The type of value for the question. >- @param Value A pointer to the data being sent to the original >- exporting driver. >- @param ActionRequest On return, points to the action requested by >the >- callback function. >- >- @retval EFI_SUCCESS The callback successfully handled the action. >- @retval Others Fail to handle the action. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserIdentifyManagerCallback ( >- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, >- IN EFI_BROWSER_ACTION Action, >- IN EFI_QUESTION_ID QuestionId, >- IN UINT8 Type, >- IN EFI_IFR_TYPE_VALUE *Value, >- OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest >- ) >-{ >- EFI_STATUS Status; >- USER_PROFILE_ENTRY *User; >- UINT8 PolicyType; >- UINT16 Index; >- VOID *StartOpCodeHandle; >- VOID *EndOpCodeHandle; >- EFI_IFR_GUID_LABEL *StartLabel; >- EFI_IFR_GUID_LABEL *EndLabel; >- >- Status = EFI_SUCCESS; >- >- switch (Action) { >- case EFI_BROWSER_ACTION_FORM_OPEN: >- { >- // >- // Update user Form when user Form is opened. >- // This will be done only in FORM_OPEN CallBack of question with >FORM_OPEN_QUESTION_ID from user Form. >- // >- if (QuestionId != FORM_OPEN_QUESTION_ID) { >- return EFI_SUCCESS; >- } >- >- // >- // Initialize the container for dynamic opcodes. >- // >- StartOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (StartOpCodeHandle != NULL); >- >- EndOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (EndOpCodeHandle != NULL); >- >- // >- // Create Hii Extend Label OpCode. >- // >- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- StartOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- StartLabel->Number = LABEL_USER_NAME; >- >- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- EndOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- EndLabel->Number = LABEL_END; >- >- // >- // Add all the user profile in the user profile database. >- // >- for (Index = 0; Index < mUserProfileDb->UserProfileNum; Index++) { >- User = (USER_PROFILE_ENTRY *) mUserProfileDb->UserProfile[Index]; >- AddUserSelection ((UINT16)(LABEL_USER_NAME + Index), User, >StartOpCodeHandle); >- } >- >- HiiUpdateForm ( >- mCallbackInfo->HiiHandle, // HII handle >- &gUserIdentifyManagerGuid,// Formset GUID >- FORMID_USER_FORM, // Form ID >- StartOpCodeHandle, // Label for where to insert opcodes >- EndOpCodeHandle // Replace data >- ); >- >- HiiFreeOpCodeHandle (StartOpCodeHandle); >- HiiFreeOpCodeHandle (EndOpCodeHandle); >- >- return EFI_SUCCESS; >- } >- break; >- >- case EFI_BROWSER_ACTION_FORM_CLOSE: >- Status = EFI_SUCCESS; >- break; >- >- case EFI_BROWSER_ACTION_CHANGED: >- if (QuestionId >= LABEL_PROVIDER_NAME) { >- // >- // QuestionId comes from the second Form (Select a Credential Provider if >identity >- // policy is OR type). Identify the user by the selected provider. >- // >- Status = IdentifyByProviderId (mCurrentUser, &mProviderDb- >>Provider[QuestionId & 0xFFF]->Identifier); >- if (Status == EFI_SUCCESS) { >- mIdentified = TRUE; >- *ActionRequest = EFI_BROWSER_ACTION_REQUEST_EXIT; >- } >- return EFI_SUCCESS; >- } >- break; >- >- case EFI_BROWSER_ACTION_CHANGING: >- // >- // QuestionId comes from the first Form (Select a user to identify). >- // >- if (QuestionId >= LABEL_PROVIDER_NAME) { >- return EFI_SUCCESS; >- } >- >- User = (USER_PROFILE_ENTRY *) mUserProfileDb- >>UserProfile[QuestionId & 0xFFF]; >- Status = GetIdentifyType (User, &PolicyType); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- if (PolicyType == EFI_USER_INFO_IDENTITY_OR) { >- // >- // Identify the user by "OR" logical. >- // >- Status = IdentifyOrTypeUser (User); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- mCurrentUser = (EFI_USER_PROFILE_HANDLE) User; >- } else { >- // >- // Identify the user by "AND" logical. >- // >- Status = IdentifyAndTypeUser (User); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- mCurrentUser = (EFI_USER_PROFILE_HANDLE) User; >- mIdentified = TRUE; >- if (Type == EFI_IFR_TYPE_REF) { >- Value->ref.FormId = FORMID_INVALID_FORM; >- } >- } >- break; >- >- default: >- // >- // All other action return unsupported. >- // >- Status = EFI_UNSUPPORTED; >- break; >- } >- >- >- return Status; >-} >- >- >-/** >- This function construct user profile database from user data saved in the >Flash. >- If no user is found in Flash, add one default user "administrator" in the user >- profile database. >- >- @retval EFI_SUCCESS Init user profile database successfully. >- @retval Others Fail to init user profile database. >- >-**/ >-EFI_STATUS >-InitUserProfileDb ( >- VOID >- ) >-{ >- EFI_STATUS Status; >- UINT8 *VarData; >- UINTN VarSize; >- UINTN CurVarSize; >- CHAR16 VarName[10]; >- UINTN Index; >- UINT32 VarAttr; >- >- if (mUserProfileDb != NULL) { >- // >- // The user profiles had been already initialized. >- // >- return EFI_SUCCESS; >- } >- >- // >- // Init user profile database structure. >- // >- if (!ExpandUsermUserProfileDb ()) { >- return EFI_OUT_OF_RESOURCES; >- } >- >- CurVarSize = DEFAULT_PROFILE_SIZE; >- VarData = AllocateZeroPool (CurVarSize); >- if (VarData == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- >- // >- // Get all user proifle entries. >- // >- Index = 0; >- while (TRUE) { >- // >- // Get variable name. >- // >- UnicodeSPrint ( >- VarName, >- sizeof (VarName), >- L"User%04x", >- Index >- ); >- Index++; >- >- // >- // Get variable value. >- // >- VarSize = CurVarSize; >- Status = gRT->GetVariable (VarName, &gUserIdentifyManagerGuid, >&VarAttr, &VarSize, VarData); >- if (Status == EFI_BUFFER_TOO_SMALL) { >- FreePool (VarData); >- VarData = AllocatePool (VarSize); >- if (VarData == NULL) { >- Status = EFI_OUT_OF_RESOURCES; >- break; >- } >- >- CurVarSize = VarSize; >- Status = gRT->GetVariable (VarName, &gUserIdentifyManagerGuid, >&VarAttr, &VarSize, VarData); >- } >- >- if (EFI_ERROR (Status)) { >- if (Status == EFI_NOT_FOUND) { >- Status = EFI_SUCCESS; >- } >- break; >- } >- >- // >- // Check variable attributes. >- // >- if (VarAttr != (EFI_VARIABLE_NON_VOLATILE | >EFI_VARIABLE_BOOTSERVICE_ACCESS)) { >- Status = gRT->SetVariable (VarName, &gUserIdentifyManagerGuid, >VarAttr, 0, NULL); >- continue; >- } >- >- // >- // Add user profile to the user profile database. >- // >- Status = AddUserProfile (NULL, VarSize, VarData, FALSE); >- if (EFI_ERROR (Status)) { >- if (Status == EFI_SECURITY_VIOLATION) { >- // >- // Delete invalid user profile >- // >- gRT->SetVariable (VarName, &gUserIdentifyManagerGuid, VarAttr, 0, >NULL); >- } else if (Status == EFI_OUT_OF_RESOURCES) { >- break; >- } >- } else { >- // >- // Delete and save the profile again if some invalid profiles are deleted. >- // >- if (mUserProfileDb->UserProfileNum < Index) { >- gRT->SetVariable (VarName, &gUserIdentifyManagerGuid, VarAttr, 0, >NULL); >- SaveNvUserProfile (mUserProfileDb->UserProfile[mUserProfileDb- >>UserProfileNum - 1], FALSE); >- } >- } >- } >- >- if (VarData != NULL) { >- FreePool (VarData); >- } >- >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- // >- // Check whether the user profile database is empty. >- // >- if (mUserProfileDb->UserProfileNum == 0) { >- Status = AddDefaultUserProfile (); >- } >- >- return Status; >-} >- >- >-/** >- This function collects all the credential providers and saves to mProviderDb. >- >- @retval EFI_SUCCESS Collect credential providers successfully. >- @retval Others Fail to collect credential providers. >- >-**/ >-EFI_STATUS >-InitProviderInfo ( >- VOID >- ) >-{ >- EFI_STATUS Status; >- UINTN HandleCount; >- EFI_HANDLE *HandleBuf; >- UINTN Index; >- >- if (mProviderDb != NULL) { >- // >- // The credential providers had been collected before. >- // >- return EFI_SUCCESS; >- } >- >- // >- // Try to find all the user credential provider driver. >- // >- HandleCount = 0; >- HandleBuf = NULL; >- Status = gBS->LocateHandleBuffer ( >- ByProtocol, >- &gEfiUserCredential2ProtocolGuid, >- NULL, >- &HandleCount, >- &HandleBuf >- ); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- // >- // Get provider infomation. >- // >- mProviderDb = AllocateZeroPool ( >- sizeof (CREDENTIAL_PROVIDER_INFO) - >- sizeof (EFI_USER_CREDENTIAL2_PROTOCOL *) + >- HandleCount * sizeof (EFI_USER_CREDENTIAL2_PROTOCOL *) >- ); >- if (mProviderDb == NULL) { >- FreePool (HandleBuf); >- return EFI_OUT_OF_RESOURCES; >- } >- >- mProviderDb->Count = HandleCount; >- for (Index = 0; Index < HandleCount; Index++) { >- Status = gBS->HandleProtocol ( >- HandleBuf[Index], >- &gEfiUserCredential2ProtocolGuid, >- (VOID **) &mProviderDb->Provider[Index] >- ); >- if (EFI_ERROR (Status)) { >- FreePool (HandleBuf); >- FreePool (mProviderDb); >- mProviderDb = NULL; >- return Status; >- } >- } >- >- FreePool (HandleBuf); >- return EFI_SUCCESS; >-} >- >- >-/** >- This function allows a caller to extract the current configuration for one >- or more named elements from the target driver. >- >- >- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. >- @param Request A null-terminated Unicode string in <ConfigRequest> >format. >- @param Progress On return, points to a character in the Request string. >- Points to the string's null terminator if request was successful. >- Points to the most recent '&' before the first failing name/value >- pair (or the beginning of the string if the failure is in the >- first name/value pair) if the request was not successful. >- @param Results A null-terminated Unicode string in <ConfigAltResp> >format which >- has all values filled in for the names in the Request string. >- String to be allocated by the called function. >- >- @retval EFI_SUCCESS The Results is filled with the requested values. >- @retval EFI_OUT_OF_RESOURCES Not enough memory to store the >results. >- @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown >name. >- @retval EFI_NOT_FOUND Routing data doesn't match any storage in >this driver. >- >-**/ >-EFI_STATUS >-EFIAPI >-FakeExtractConfig ( >- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, >- IN CONST EFI_STRING Request, >- OUT EFI_STRING *Progress, >- OUT EFI_STRING *Results >- ) >-{ >- if (Progress == NULL || Results == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- *Progress = Request; >- return EFI_NOT_FOUND; >-} >- >-/** >- This function processes the results of changes in configuration. >- >- >- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. >- @param Configuration A null-terminated Unicode string in <ConfigResp> >format. >- @param Progress A pointer to a string filled in with the offset of the >most >- recent '&' before the first failing name/value pair (or the >- beginning of the string if the failure is in the first >- name/value pair) or the terminating NULL if all was successful. >- >- @retval EFI_SUCCESS The Results is processed successfully. >- @retval EFI_INVALID_PARAMETER Configuration is NULL. >- @retval EFI_NOT_FOUND Routing data doesn't match any storage in >this driver. >- >-**/ >-EFI_STATUS >-EFIAPI >-FakeRouteConfig ( >- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, >- IN CONST EFI_STRING Configuration, >- OUT EFI_STRING *Progress >- ) >-{ >- if (Configuration == NULL || Progress == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- >- *Progress = Configuration; >- >- return EFI_NOT_FOUND; >-} >- >- >-/** >- This function initialize the data mainly used in form browser. >- >- @retval EFI_SUCCESS Initialize form data successfully. >- @retval Others Fail to Initialize form data. >- >-**/ >-EFI_STATUS >-InitFormBrowser ( >- VOID >- ) >-{ >- EFI_STATUS Status; >- USER_MANAGER_CALLBACK_INFO *CallbackInfo; >- EFI_HII_DATABASE_PROTOCOL *HiiDatabase; >- EFI_HII_STRING_PROTOCOL *HiiString; >- EFI_FORM_BROWSER2_PROTOCOL *FormBrowser2; >- >- // >- // Initialize driver private data. >- // >- CallbackInfo = AllocateZeroPool (sizeof >(USER_MANAGER_CALLBACK_INFO)); >- if (CallbackInfo == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- >- CallbackInfo->Signature = USER_MANAGER_SIGNATURE; >- CallbackInfo->ConfigAccess.ExtractConfig = FakeExtractConfig; >- CallbackInfo->ConfigAccess.RouteConfig = FakeRouteConfig; >- CallbackInfo->ConfigAccess.Callback = UserIdentifyManagerCallback; >- >- // >- // Locate Hii Database protocol. >- // >- Status = gBS->LocateProtocol (&gEfiHiiDatabaseProtocolGuid, NULL, (VOID >**) &HiiDatabase); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- CallbackInfo->HiiDatabase = HiiDatabase; >- >- // >- // Locate HiiString protocol. >- // >- Status = gBS->LocateProtocol (&gEfiHiiStringProtocolGuid, NULL, (VOID **) >&HiiString); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- CallbackInfo->HiiString = HiiString; >- >- // >- // Locate Formbrowser2 protocol. >- // >- Status = gBS->LocateProtocol (&gEfiFormBrowser2ProtocolGuid, NULL, >(VOID **) &FormBrowser2); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- CallbackInfo->FormBrowser2 = FormBrowser2; >- CallbackInfo->DriverHandle = NULL; >- >- // >- // Install Device Path Protocol and Config Access protocol to driver handle. >- // >- Status = gBS->InstallMultipleProtocolInterfaces ( >- &CallbackInfo->DriverHandle, >- &gEfiDevicePathProtocolGuid, >- &mHiiVendorDevicePath, >- &gEfiHiiConfigAccessProtocolGuid, >- &CallbackInfo->ConfigAccess, >- NULL >- ); >- ASSERT_EFI_ERROR (Status); >- >- // >- // Publish HII data. >- // >- CallbackInfo->HiiHandle = HiiAddPackages ( >- &gUserIdentifyManagerGuid, >- CallbackInfo->DriverHandle, >- UserIdentifyManagerStrings, >- UserIdentifyManagerVfrBin, >- NULL >- ); >- if (CallbackInfo->HiiHandle == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- >- mCallbackInfo = CallbackInfo; >- >- return EFI_SUCCESS; >-} >- >- >-/** >- Identify the user whose identification policy supports auto logon. >- >- @param[in] ProviderIndex The provider index in the provider list. >- @param[out] User Points to user user profile if a user is identified >successfully. >- >- @retval EFI_SUCCESS Identify a user with the specified provider >successfully. >- @retval Others Fail to identify a user. >- >-**/ >-EFI_STATUS >-IdentifyAutoLogonUser ( >- IN UINTN ProviderIndex, >- OUT USER_PROFILE_ENTRY **User >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO *Info; >- UINT8 PolicyType; >- >- Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + sizeof >(EFI_USER_INFO_IDENTIFIER)); >- if (Info == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- >- Info->InfoType = EFI_USER_INFO_IDENTIFIER_RECORD; >- Info->InfoSize = sizeof (EFI_USER_INFO) + sizeof >(EFI_USER_INFO_IDENTIFIER); >- >- // >- // Identify the specified credential provider's auto logon user. >- // >- Status = mProviderDb->Provider[ProviderIndex]->User ( >- mProviderDb->Provider[ProviderIndex], >- NULL, >- (EFI_USER_INFO_IDENTIFIER *) (Info + 1) >- ); >- if (EFI_ERROR (Status)) { >- FreePool (Info); >- return Status; >- } >- >- // >- // Find user with the specified user ID. >- // >- *User = NULL; >- Status = FindUserProfileByInfo (User, NULL, Info, Info->InfoSize); >- FreePool (Info); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- Status = GetIdentifyType ((EFI_USER_PROFILE_HANDLE) * User, >&PolicyType); >- if (PolicyType == EFI_USER_INFO_IDENTITY_AND) { >- // >- // The identified user need also identified by other credential provider. >- // This can handle through select user. >- // >- return EFI_NOT_READY; >- } >- >- return Status; >-} >- >- >-/** >- Check whether the given console is ready. >- >- @param[in] ProtocolGuid Points to the protocol guid of sonsole . >- >- @retval TRUE The given console is ready. >- @retval FALSE The given console is not ready. >- >-**/ >-BOOLEAN >-CheckConsole ( >- EFI_GUID *ProtocolGuid >- ) >-{ >- EFI_STATUS Status; >- UINTN HandleCount; >- EFI_HANDLE *HandleBuf; >- UINTN Index; >- EFI_DEVICE_PATH_PROTOCOL *DevicePath; >- >- // >- // Try to find all the handle driver. >- // >- HandleCount = 0; >- HandleBuf = NULL; >- Status = gBS->LocateHandleBuffer ( >- ByProtocol, >- ProtocolGuid, >- NULL, >- &HandleCount, >- &HandleBuf >- ); >- if (EFI_ERROR (Status)) { >- return FALSE; >- } >- >- for (Index = 0; Index < HandleCount; Index++) { >- DevicePath = DevicePathFromHandle (HandleBuf[Index]); >- if (DevicePath != NULL) { >- FreePool (HandleBuf); >- return TRUE; >- } >- } >- FreePool (HandleBuf); >- return FALSE; >-} >- >- >-/** >- Check whether the console is ready. >- >- @retval TRUE The console is ready. >- @retval FALSE The console is not ready. >- >-**/ >-BOOLEAN >-IsConsoleReady ( >- VOID >- ) >-{ >- if (!CheckConsole (&gEfiSimpleTextOutProtocolGuid)) { >- return FALSE; >- } >- >- if (!CheckConsole (&gEfiSimpleTextInProtocolGuid)) { >- if (!CheckConsole (&gEfiSimpleTextInputExProtocolGuid)) { >- return FALSE; >- } >- } >- >- return TRUE; >-} >- >- >-/** >- Identify a user to logon. >- >- @param[out] User Points to user user profile if a user is identified >successfully. >- >- @retval EFI_SUCCESS Identify a user successfully. >- >-**/ >-EFI_STATUS >-IdentifyUser ( >- OUT USER_PROFILE_ENTRY **User >- ) >-{ >- EFI_STATUS Status; >- UINTN Index; >- EFI_CREDENTIAL_LOGON_FLAGS AutoLogon; >- EFI_USER_INFO *IdentifyInfo; >- EFI_USER_INFO_IDENTITY_POLICY *Identity; >- EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential; >- USER_PROFILE_ENTRY *UserEntry; >- >- // >- // Initialize credential providers. >- // >- InitProviderInfo (); >- >- // >- // Initialize user profile database. >- // >- InitUserProfileDb (); >- >- // >- // If only one user in system, and its identify policy is TRUE, then auto logon. >- // >- if (mUserProfileDb->UserProfileNum == 1) { >- UserEntry = (USER_PROFILE_ENTRY *) mUserProfileDb->UserProfile[0]; >- IdentifyInfo = NULL; >- Status = FindUserInfoByType (UserEntry, &IdentifyInfo, >EFI_USER_INFO_IDENTITY_POLICY_RECORD); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- ASSERT (IdentifyInfo != NULL); >- >- Identity = (EFI_USER_INFO_IDENTITY_POLICY *) ((UINT8 *) (IdentifyInfo + >1)); >- if (Identity->Type == EFI_USER_INFO_IDENTITY_TRUE) { >- mCurrentUser = (EFI_USER_PROFILE_HANDLE) UserEntry; >- UpdateUserInfo (UserEntry); >- *User = UserEntry; >- return EFI_SUCCESS; >- } >- } >- >- // >- // Find and login the default & AutoLogon user. >- // >- for (Index = 0; Index < mProviderDb->Count; Index++) { >- UserCredential = mProviderDb->Provider[Index]; >- Status = UserCredential->Default (UserCredential, &AutoLogon); >- if (EFI_ERROR (Status)) { >- continue; >- } >- >- if ((AutoLogon & (EFI_CREDENTIAL_LOGON_FLAG_DEFAULT | >EFI_CREDENTIAL_LOGON_FLAG_AUTO)) != 0) { >- Status = IdentifyAutoLogonUser (Index, &UserEntry); >- if (Status == EFI_SUCCESS) { >- mCurrentUser = (EFI_USER_PROFILE_HANDLE) UserEntry; >- UpdateUserInfo (UserEntry); >- *User = UserEntry; >- return EFI_SUCCESS; >- } >- } >- } >- >- if (!IsConsoleReady ()) { >- // >- // The console is still not ready for user selection. >- // >- return EFI_ACCESS_DENIED; >- } >- >- // >- // Select a user and identify it. >- // >- mCallbackInfo->FormBrowser2->SendForm ( >- mCallbackInfo->FormBrowser2, >- &mCallbackInfo->HiiHandle, >- 1, >- &gUserIdentifyManagerGuid, >- 0, >- NULL, >- NULL >- ); >- >- if (mIdentified) { >- *User = (USER_PROFILE_ENTRY *) mCurrentUser; >- UpdateUserInfo (*User); >- return EFI_SUCCESS; >- } >- >- return EFI_ACCESS_DENIED; >-} >- >- >-/** >- An empty function to pass error checking of CreateEventEx (). >- >- @param Event Event whose notification function is being invoked. >- @param Context Pointer to the notification function's context, >- which is implementation-dependent. >- >-**/ >-VOID >-EFIAPI >-InternalEmptyFuntion ( >- IN EFI_EVENT Event, >- IN VOID *Context >- ) >-{ >-} >- >- >-/** >- Create, Signal, and Close the User Profile Changed event. >- >-**/ >-VOID >-SignalEventUserProfileChanged ( >- VOID >- ) >-{ >- EFI_STATUS Status; >- EFI_EVENT Event; >- >- Status = gBS->CreateEventEx ( >- EVT_NOTIFY_SIGNAL, >- TPL_CALLBACK, >- InternalEmptyFuntion, >- NULL, >- &gEfiEventUserProfileChangedGuid, >- &Event >- ); >- ASSERT_EFI_ERROR (Status); >- gBS->SignalEvent (Event); >- gBS->CloseEvent (Event); >-} >- >- >-/** >- Create a new user profile. >- >- This function creates a new user profile with only a new user identifier >attached and returns >- its handle. The user profile is non-volatile, but the handle User can change >across reboots. >- >- @param[in] This Points to this instance of the >EFI_USER_MANAGER_PROTOCOL. >- @param[out] User On return, points to the new user profile handle. >- The user profile handle is unique only during this boot. >- >- @retval EFI_SUCCESS User profile was successfully created. >- @retval EFI_ACCESS_DENIED Current user does not have sufficient >permissions to create a >- user profile. >- @retval EFI_UNSUPPORTED Creation of new user profiles is not >supported. >- @retval EFI_INVALID_PARAMETER The User parameter is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileCreate ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- OUT EFI_USER_PROFILE_HANDLE *User >- ) >-{ >- EFI_STATUS Status; >- >- if ((This == NULL) || (User == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Check the right of the current user. >- // >- if (!CheckCurrentUserAccessRight (EFI_USER_INFO_ACCESS_MANAGE)) { >- if (!CheckCurrentUserAccessRight >(EFI_USER_INFO_ACCESS_ENROLL_OTHERS)) { >- return EFI_ACCESS_DENIED; >- } >- } >- >- // >- // Create new user profile >- // >- Status = CreateUserProfile ((USER_PROFILE_ENTRY **) User); >- if (EFI_ERROR (Status)) { >- return EFI_ACCESS_DENIED; >- } >- return EFI_SUCCESS; >-} >- >- >-/** >- Delete an existing user profile. >- >- @param[in] This Points to this instance of the >EFI_USER_MANAGER_PROTOCOL. >- @param[in] User User profile handle. >- >- @retval EFI_SUCCESS User profile was successfully deleted. >- @retval EFI_ACCESS_DENIED Current user does not have sufficient >permissions to delete a user >- profile or there is only one user profile. >- @retval EFI_UNSUPPORTED Deletion of new user profiles is not >supported. >- @retval EFI_INVALID_PARAMETER User does not refer to a valid user >profile. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileDelete ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User >- ) >-{ >- EFI_STATUS Status; >- >- if (This == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Check the right of the current user. >- // >- if (!CheckCurrentUserAccessRight (EFI_USER_INFO_ACCESS_MANAGE)) { >- return EFI_ACCESS_DENIED; >- } >- >- // >- // Delete user profile. >- // >- Status = DelUserProfile (User); >- if (EFI_ERROR (Status)) { >- if (Status != EFI_INVALID_PARAMETER) { >- return EFI_ACCESS_DENIED; >- } >- return EFI_INVALID_PARAMETER; >- } >- >- return EFI_SUCCESS; >-} >- >- >-/** >- Enumerate all of the enrolled users on the platform. >- >- This function returns the next enrolled user profile. To retrieve the first user >profile handle, >- point User at a NULL. Each subsequent call will retrieve another user profile >handle until there >- are no more, at which point User will point to NULL. >- >- @param[in] This Points to this instance of the >EFI_USER_MANAGER_PROTOCOL. >- @param[in, out] User On entry, points to the previous user profile >handle or NULL to >- start enumeration. On exit, points to the next user profile >handle >- or NULL if there are no more user profiles. >- >- @retval EFI_SUCCESS Next enrolled user profile successfully returned. >- @retval EFI_ACCESS_DENIED Next enrolled user profile was not >successfully returned. >- @retval EFI_INVALID_PARAMETER The User parameter is NULL. >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileGetNext ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- IN OUT EFI_USER_PROFILE_HANDLE *User >- ) >-{ >- EFI_STATUS Status; >- >- if ((This == NULL) || (User == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- Status = FindUserProfile ((USER_PROFILE_ENTRY **) User, TRUE, NULL); >- if (EFI_ERROR (Status)) { >- return EFI_ACCESS_DENIED; >- } >- return EFI_SUCCESS; >-} >- >- >-/** >- Return the current user profile handle. >- >- @param[in] This Points to this instance of the >EFI_USER_MANAGER_PROTOCOL. >- @param[out] CurrentUser On return, points to the current user profile >handle. >- >- @retval EFI_SUCCESS Current user profile handle returned successfully. >- @retval EFI_INVALID_PARAMETER The CurrentUser parameter is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileCurrent ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- OUT EFI_USER_PROFILE_HANDLE *CurrentUser >- ) >-{ >- // >- // Get current user profile. >- // >- if ((This == NULL) || (CurrentUser == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- *CurrentUser = mCurrentUser; >- return EFI_SUCCESS; >-} >- >- >-/** >- Identify a user. >- >- Identify the user and, if authenticated, returns the user handle and changes >the current >- user profile. All user information marked as private in a previously selected >profile >- is no longer available for inspection. >- Whenever the current user profile is changed then the an event with the >GUID >- EFI_EVENT_GROUP_USER_PROFILE_CHANGED is signaled. >- >- @param[in] This Points to this instance of the >EFI_USER_MANAGER_PROTOCOL. >- @param[out] User On return, points to the user profile handle for >the current >- user profile. >- >- @retval EFI_SUCCESS User was successfully identified. >- @retval EFI_ACCESS_DENIED User was not successfully identified. >- @retval EFI_INVALID_PARAMETER The User parameter is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileIdentify ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- OUT EFI_USER_PROFILE_HANDLE *User >- ) >-{ >- EFI_STATUS Status; >- >- if ((This == NULL) || (User == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- if (mCurrentUser != NULL) { >- *User = mCurrentUser; >- return EFI_SUCCESS; >- } >- >- // >- // Identify user >- // >- Status = IdentifyUser ((USER_PROFILE_ENTRY **) User); >- if (EFI_ERROR (Status)) { >- return EFI_ACCESS_DENIED; >- } >- >- // >- // Publish the user info into the EFI system configuration table. >- // >- PublishUserTable (); >- >- // >- // Signal User Profile Changed event. >- // >- SignalEventUserProfileChanged (); >- return EFI_SUCCESS; >-} >- >-/** >- Find a user using a user information record. >- >- This function searches all user profiles for the specified user information >record. >- The search starts with the user information record handle following >UserInfo and >- continues until either the information is found or there are no more user >profiles. >- A match occurs when the Info.InfoType field matches the user information >record >- type and the user information record data matches the portion of Info. >- >- @param[in] This Points to this instance of the >EFI_USER_MANAGER_PROTOCOL. >- @param[in, out] User On entry, points to the previously returned user >profile >- handle, or NULL to start searching with the first user profile. >- On return, points to the user profile handle, or NULL if not >- found. >- @param[in, out] UserInfo On entry, points to the previously returned >user information >- handle, or NULL to start searching with the first. On return, >- points to the user information handle of the user >information >- record, or NULL if not found. Can be NULL, in which case only >- one user information record per user can be returned. >- @param[in] Info Points to the buffer containing the user information >to be >- compared to the user information record. If the user >information >- record data is empty, then only the user information record >type >- is compared. If InfoSize is 0, then the user information record >- must be empty. >- >- @param[in] InfoSize The size of Info, in bytes. >- >- @retval EFI_SUCCESS User information was found. User points to the >user profile >- handle, and UserInfo points to the user information handle. >- @retval EFI_NOT_FOUND User information was not found. User points >to NULL, and >- UserInfo points to NULL. >- @retval EFI_INVALID_PARAMETER User is NULL. Or Info is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileFind ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- IN OUT EFI_USER_PROFILE_HANDLE *User, >- IN OUT EFI_USER_INFO_HANDLE *UserInfo OPTIONAL, >- IN CONST EFI_USER_INFO *Info, >- IN UINTN InfoSize >- ) >-{ >- EFI_STATUS Status; >- UINTN Size; >- >- if ((This == NULL) || (User == NULL) || (Info == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- if (InfoSize == 0) { >- // >- // If InfoSize is 0, then the user information record must be empty. >- // >- if (Info->InfoSize != sizeof (EFI_USER_INFO)) { >- return EFI_INVALID_PARAMETER; >- } >- } else { >- if (InfoSize != Info->InfoSize) { >- return EFI_INVALID_PARAMETER; >- } >- } >- Size = Info->InfoSize; >- >- // >- // Find user profile accdoring to user information. >- // >- Status = FindUserProfileByInfo ( >- (USER_PROFILE_ENTRY **) User, >- (EFI_USER_INFO **) UserInfo, >- (EFI_USER_INFO *) Info, >- Size >- ); >- if (EFI_ERROR (Status)) { >- *User = NULL; >- if (UserInfo != NULL) { >- *UserInfo = NULL; >- } >- return EFI_NOT_FOUND; >- } >- >- return EFI_SUCCESS; >-} >- >- >-/** >- Return information attached to the user. >- >- This function returns user information. The format of the information is >described in User >- Information. The function may return EFI_ACCESS_DENIED if the >information is marked private >- and the handle specified by User is not the current user profile. The function >may return >- EFI_ACCESS_DENIED if the information is marked protected and the >information is associated >- with a credential provider for which the user has not been authenticated. >- >- @param[in] This Points to this instance of the >EFI_USER_MANAGER_PROTOCOL. >- @param[in] User Handle of the user whose profile will be retrieved. >- @param[in] UserInfo Handle of the user information data record. >- @param[out] Info On entry, points to a buffer of at least *InfoSize >bytes. On exit, >- holds the user information. If the buffer is too small to hold >the >- information, then EFI_BUFFER_TOO_SMALL is returned and >InfoSize is >- updated to contain the number of bytes actually required. >- @param[in, out] InfoSize On entry, points to the size of Info. On return, >points to the size >- of the user information. >- >- @retval EFI_SUCCESS Information returned successfully. >- @retval EFI_ACCESS_DENIED The information about the specified user >cannot be accessed by the >- current user. >- @retval EFI_BUFFER_TOO_SMALL The number of bytes specified by >*InfoSize is too small to hold the >- returned data. The actual size required is returned in >*InfoSize. >- @retval EFI_NOT_FOUND User does not refer to a valid user profile or >UserInfo does not refer >- to a valid user info handle. >- @retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileGetInfo ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User, >- IN EFI_USER_INFO_HANDLE UserInfo, >- OUT EFI_USER_INFO *Info, >- IN OUT UINTN *InfoSize >- ) >-{ >- EFI_STATUS Status; >- >- if ((This == NULL) || (InfoSize == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- if ((*InfoSize != 0) && (Info == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- if ((User == NULL) || (UserInfo == NULL)) { >- return EFI_NOT_FOUND; >- } >- >- Status = GetUserInfo (User, UserInfo, Info, InfoSize, TRUE); >- if (EFI_ERROR (Status)) { >- if (Status == EFI_BUFFER_TOO_SMALL) { >- return EFI_BUFFER_TOO_SMALL; >- } >- return EFI_ACCESS_DENIED; >- } >- return EFI_SUCCESS; >-} >- >- >-/** >- Add or update user information. >- >- This function changes user information. If NULL is pointed to by UserInfo, >then a new user >- information record is created and its handle is returned in UserInfo. >Otherwise, the existing >- one is replaced. >- If EFI_USER_INFO_IDENITTY_POLICY_RECORD is changed, it is the caller's >responsibility to keep >- it to be synced with the information on credential providers. >- If EFI_USER_INFO_EXCLUSIVE is specified in Info and a user information >record of the same >- type already exists in the user profile, then EFI_ACCESS_DENIED will be >returned and UserInfo >- will point to the handle of the existing record. >- >- @param[in] This Points to this instance of the >EFI_USER_MANAGER_PROTOCOL. >- @param[in] User Handle of the user whose profile will be retrieved. >- @param[in, out] UserInfo Handle of the user information data record. >- @param[in] Info On entry, points to a buffer of at least *InfoSize >bytes. On exit, >- holds the user information. If the buffer is too small to hold >the >- information, then EFI_BUFFER_TOO_SMALL is returned and >InfoSize is >- updated to contain the number of bytes actually required. >- @param[in] InfoSize On entry, points to the size of Info. On return, >points to the size >- of the user information. >- >- @retval EFI_SUCCESS Information returned successfully. >- @retval EFI_ACCESS_DENIED The record is exclusive. >- @retval EFI_SECURITY_VIOLATION The current user does not have >permission to change the specified >- user profile or user information record. >- @retval EFI_NOT_FOUND User does not refer to a valid user profile or >UserInfo does not >- refer to a valid user info handle. >- @retval EFI_INVALID_PARAMETER UserInfo is NULL or Info is NULL. >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileSetInfo ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User, >- IN OUT EFI_USER_INFO_HANDLE *UserInfo, >- IN CONST EFI_USER_INFO *Info, >- IN UINTN InfoSize >- ) >-{ >- EFI_STATUS Status; >- >- if ((This == NULL) || (User == NULL) || (UserInfo == NULL) || (Info == NULL)) >{ >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Check the right of the current user. >- // >- if (User != mCurrentUser) { >- if (!CheckCurrentUserAccessRight (EFI_USER_INFO_ACCESS_MANAGE)) { >- if (*UserInfo != NULL) { >- // >- // Can't update info in other profiles without MANAGE right. >- // >- return EFI_SECURITY_VIOLATION; >- } >- >- if (!CheckCurrentUserAccessRight >(EFI_USER_INFO_ACCESS_ENROLL_OTHERS)) { >- // >- // Can't add info into other profiles. >- // >- return EFI_SECURITY_VIOLATION; >- } >- } >- } >- >- if (User == mCurrentUser) { >- if (CheckCurrentUserAccessRight (EFI_USER_INFO_ACCESS_ENROLL_SELF)) >{ >- // >- // Only identify policy can be added/updated. >- // >- if (Info->InfoType != EFI_USER_INFO_IDENTITY_POLICY_RECORD) { >- return EFI_SECURITY_VIOLATION; >- } >- } >- } >- >- // >- // Modify user information. >- // >- Status = ModifyUserInfo (User, (EFI_USER_INFO **) UserInfo, Info, >InfoSize); >- if (EFI_ERROR (Status)) { >- if (Status == EFI_ACCESS_DENIED) { >- return EFI_ACCESS_DENIED; >- } >- return EFI_SECURITY_VIOLATION; >- } >- return EFI_SUCCESS; >-} >- >- >-/** >- Called by credential provider to notify of information change. >- >- This function allows the credential provider to notify the User Identity >Manager when user status >- has changed. >- If the User Identity Manager doesn't support asynchronous changes in >credentials, then this function >- should return EFI_UNSUPPORTED. >- If current user does not exist, and the credential provider can identify a user, >then make the user >- to be current user and signal the >EFI_EVENT_GROUP_USER_PROFILE_CHANGED event. >- If current user already exists, and the credential provider can identify >another user, then switch >- current user to the newly identified user, and signal the >EFI_EVENT_GROUP_USER_PROFILE_CHANGED event. >- If current user was identified by this credential provider and now the >credential provider cannot identify >- current user, then logout current user and signal the >EFI_EVENT_GROUP_USER_PROFILE_CHANGED event. >- >- @param[in] This Points to this instance of the >EFI_USER_MANAGER_PROTOCOL. >- @param[in] Changed Handle on which is installed an instance of the >EFI_USER_CREDENTIAL2_PROTOCOL >- where the user has changed. >- >- @retval EFI_SUCCESS The User Identity Manager has handled the >notification. >- @retval EFI_NOT_READY The function was called while the specified >credential provider was not selected. >- @retval EFI_UNSUPPORTED The User Identity Manager doesn't support >asynchronous notifications. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileNotify ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- IN EFI_HANDLE Changed >- ) >-{ >- return EFI_UNSUPPORTED; >-} >- >- >-/** >- Delete user information. >- >- Delete the user information attached to the user profile specified by the >UserInfo. >- >- @param[in] This Points to this instance of the >EFI_USER_MANAGER_PROTOCOL. >- @param[in] User Handle of the user whose information will be >deleted. >- @param[in] UserInfo Handle of the user information to remove. >- >- @retval EFI_SUCCESS User information deleted successfully. >- @retval EFI_NOT_FOUND User information record UserInfo does not >exist in the user profile. >- @retval EFI_ACCESS_DENIED The current user does not have permission to >delete this user information. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileDeleteInfo ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User, >- IN EFI_USER_INFO_HANDLE UserInfo >- ) >-{ >- EFI_STATUS Status; >- >- if (This == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Check the right of the current user. >- // >- if (User != mCurrentUser) { >- if (!CheckCurrentUserAccessRight (EFI_USER_INFO_ACCESS_MANAGE)) { >- return EFI_ACCESS_DENIED; >- } >- } >- >- // >- // Delete user information. >- // >- Status = DelUserInfo (User, UserInfo, TRUE); >- if (EFI_ERROR (Status)) { >- if (Status == EFI_NOT_FOUND) { >- return EFI_NOT_FOUND; >- } >- return EFI_ACCESS_DENIED; >- } >- return EFI_SUCCESS; >-} >- >- >-/** >- Enumerate user information of all the enrolled users on the platform. >- >- This function returns the next user information record. To retrieve the first >user >- information record handle, point UserInfo at a NULL. Each subsequent call >will retrieve >- another user information record handle until there are no more, at which >point UserInfo >- will point to NULL. >- >- @param[in] This Points to this instance of the >EFI_USER_MANAGER_PROTOCOL. >- @param[in] User Handle of the user whose information will be >deleted. >- @param[in, out] UserInfo Handle of the user information to remove. >- >- @retval EFI_SUCCESS User information returned. >- @retval EFI_NOT_FOUND No more user information found. >- @retval EFI_INVALID_PARAMETER UserInfo is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileGetNextInfo ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User, >- IN OUT EFI_USER_INFO_HANDLE *UserInfo >- ) >-{ >- if ((This == NULL) || (UserInfo == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- // >- // Get next user information entry. >- // >- return FindUserInfo (User, (EFI_USER_INFO **) UserInfo, TRUE, NULL); >-} >- >- >-/** >- Main entry for this driver. >- >- @param[in] ImageHandle Image handle this driver. >- @param[in] SystemTable Pointer to SystemTable. >- >- @retval EFI_SUCESS This function always complete successfully. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserIdentifyManagerInit ( >- IN EFI_HANDLE ImageHandle, >- IN EFI_SYSTEM_TABLE *SystemTable >- ) >-{ >- >- EFI_STATUS Status; >- >- // >- // It is NOT robust enough to be included in production. >- // >- #error "This implementation is just a sample, please comment this line if you >really want to use this driver." >- >- // >- // Initiate form browser. >- // >- InitFormBrowser (); >- >- // >- // Install protocol interfaces for the User Identity Manager. >- // >- Status = gBS->InstallProtocolInterface ( >- &mCallbackInfo->DriverHandle, >- &gEfiUserManagerProtocolGuid, >- EFI_NATIVE_INTERFACE, >- &gUserIdentifyManager >- ); >- ASSERT_EFI_ERROR (Status); >- >- LoadDeferredImageInit (ImageHandle); >- return EFI_SUCCESS; >-} >- >- >diff --git >a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >ager.h >b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >ager.h >deleted file mode 100644 >index 1c449b0128..0000000000 >--- >a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >ager.h >+++ /dev/null >@@ -1,413 +0,0 @@ >-/** @file >- The header file for User identify Manager driver. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#ifndef _USER_IDENTIFY_MANAGER_H_ >-#define _USER_IDENTIFY_MANAGER_H_ >- >-#include <Uefi.h> >- >-#include <Guid/GlobalVariable.h> >-#include <Guid/MdeModuleHii.h> >- >-#include <Protocol/FormBrowser2.h> >-#include <Protocol/HiiDatabase.h> >-#include <Protocol/HiiConfigAccess.h> >-#include <Protocol/HiiString.h> >-#include <Protocol/HiiConfigRouting.h> >-#include <Protocol/UserCredential2.h> >-#include <Protocol/UserManager.h> >-#include <Protocol/DeferredImageLoad.h> >-#include <Protocol/SimpleTextOut.h> >-#include <Protocol/SimpleTextIn.h> >-#include <Protocol/SimpleTextInEx.h> >- >-#include <Library/UefiRuntimeServicesTableLib.h> >-#include <Library/UefiBootServicesTableLib.h> >-#include <Library/MemoryAllocationLib.h> >-#include <Library/BaseMemoryLib.h> >-#include <Library/DevicePathLib.h> >-#include <Library/DebugLib.h> >-#include <Library/UefiLib.h> >-#include <Library/PrintLib.h> >-#include <Library/HiiLib.h> >- >-#include "UserIdentifyManagerData.h" >- >-// >-// This is the generated IFR binary data for each formset defined in VFR. >-// This data array is ready to be used as input of HiiAddPackages() to >-// create a packagelist. >-// >-extern UINT8 UserIdentifyManagerVfrBin[]; >- >-// >-// This is the generated String package data for all .UNI files. >-// This data array is ready to be used as input of HiiAddPackages() to >-// create a packagelist. >-// >-extern UINT8 UserIdentifyManagerStrings[]; >- >-#define USER_NUMBER_INC 32 >-#define DEFAULT_PROFILE_SIZE 512 >-#define INFO_PAYLOAD_SIZE 64 >- >-// >-// Credential Provider Information. >-// >-typedef struct { >- UINTN Count; >- EFI_USER_CREDENTIAL2_PROTOCOL *Provider[1]; >-} CREDENTIAL_PROVIDER_INFO; >- >-// >-// Internal user profile entry. >-// >-typedef struct { >- UINTN MaxProfileSize; >- UINTN UserProfileSize; >- CHAR16 UserVarName[9]; >- UINT8 *ProfileInfo; >-} USER_PROFILE_ENTRY; >- >-// >-// Internal user profile database. >-// >-typedef struct { >- UINTN UserProfileNum; >- UINTN MaxProfileNum; >- EFI_USER_PROFILE_HANDLE UserProfile[1]; >-} USER_PROFILE_DB; >- >-#define USER_MANAGER_SIGNATURE SIGNATURE_32 ('U', 'I', 'M', 'S') >- >-typedef struct { >- UINTN Signature; >- EFI_HANDLE DriverHandle; >- EFI_HII_HANDLE HiiHandle; >- >- // >- // Consumed protocol. >- // >- EFI_HII_DATABASE_PROTOCOL *HiiDatabase; >- EFI_HII_STRING_PROTOCOL *HiiString; >- EFI_HII_CONFIG_ROUTING_PROTOCOL *HiiConfigRouting; >- EFI_FORM_BROWSER2_PROTOCOL *FormBrowser2; >- >- // >- // Produced protocol. >- // >- EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess; >-} USER_MANAGER_CALLBACK_INFO; >- >-/// >-/// HII specific Vendor Device Path definition. >-/// >-typedef struct { >- VENDOR_DEVICE_PATH VendorDevicePath; >- EFI_DEVICE_PATH_PROTOCOL End; >-} HII_VENDOR_DEVICE_PATH; >- >-/** >- Register an event notification function for the user profile changed. >- >- @param[in] ImageHandle Image handle this driver. >- >-**/ >-VOID >-LoadDeferredImageInit ( >- IN EFI_HANDLE ImageHandle >- ); >- >- >-/** >- This function creates a new user profile with only >- a new user identifier attached and returns its handle. >- The user profile is non-volatile, but the handle User >- can change across reboots. >- >- @param[in] This Protocol EFI_USER_MANAGER_PROTOCOL >instance >- pointer. >- @param[out] User Handle of a new user profile. >- >- @retval EFI_SUCCESS User profile was successfully created. >- @retval EFI_ACCESS_DENIED Current user does not have sufficient >permissions >- to create a user profile. >- @retval EFI_UNSUPPORTED Creation of new user profiles is not >supported. >- @retval EFI_INVALID_PARAMETER User is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileCreate ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- OUT EFI_USER_PROFILE_HANDLE *User >- ); >- >- >-/** >- Delete an existing user profile. >- >- @param This Protocol EFI_USER_MANAGER_PROTOCOL instance >- pointer. >- @param User User profile handle. >- >- @retval EFI_SUCCESS User profile was successfully deleted. >- @retval EFI_ACCESS_DENIED Current user does not have sufficient >permissions >- to delete a user profile or there is only one >- user profile. >- @retval EFI_UNSUPPORTED Deletion of new user profiles is not >supported. >- @retval EFI_INVALID_PARAMETER User does not refer to a valid user >profile. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileDelete ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User >- ); >- >- >-/** >- Get next user profile from the user profile database. >- >- @param[in] This Protocol EFI_USER_MANAGER_PROTOCOL >instance >- pointer. >- @param[in, out] User User profile handle. >- >- @retval EFI_SUCCESS Next enrolled user profile successfully returned. >- @retval EFI_INVALID_PARAMETER User is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileGetNext ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- IN OUT EFI_USER_PROFILE_HANDLE *User >- ); >- >- >-/** >- This function returns the current user profile handle. >- >- @param[in] This Protocol EFI_USER_MANAGER_PROTOCOL >instance pointer. >- @param[out] CurrentUser User profile handle. >- >- @retval EFI_SUCCESS Current user profile handle returned >successfully. >- @retval EFI_INVALID_PARAMETER CurrentUser is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileCurrent ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- OUT EFI_USER_PROFILE_HANDLE *CurrentUser >- ); >- >- >-/** >- Identify the user and, if authenticated, returns the user handle and changes >- the current user profile. >- >- @param This Protocol EFI_USER_MANAGER_PROTOCOL instance >pointer. >- @param CurrentUser User profile handle. >- >- @retval EFI_SUCCESS User was successfully identified. >- @retval EFI_INVALID_PARAMETER User is NULL. >- @retval EFI_ACCESS_DENIED User was not successfully identified. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileIdentify ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- OUT EFI_USER_PROFILE_HANDLE *User >- ); >- >- >-/** >- Find a user using a user information record. >- >- This function searches all user profiles for the specified user information >record. >- The search starts with the user information record handle following >UserInfo and >- continues until either the information is found or there are no more user >profiles. >- A match occurs when the Info.InfoType field matches the user information >record >- type and the user information record data matches the portion of Info >passed the >- EFI_USER_INFO header. >- >- @param[in] This Points to this instance of the >EFI_USER_MANAGER_PROTOCOL. >- @param[in, out] User On entry, points to the previously returned user >profile >- handle, or NULL to start searching with the first user profile. >- On return, points to the user profile handle, or NULL if not >- found. >- @param[in, out] UserInfo On entry, points to the previously returned user >information >- handle, or NULL to start searching with the first. On return, >- points to the user information handle of the user information >- record, or NULL if not found. Can be NULL, in which case only >- one user information record per user can be returned. >- @param[in] Info Points to the buffer containing the user information to >be >- compared to the user information record. If NULL, then only >- the user information record type is compared. If InfoSize is 0, >- then the user information record must be empty. >- >- @param[in] InfoSize The size of Info, in bytes. >- >- @retval EFI_SUCCESS User information was found. User points to the >user profile handle, >- and UserInfo points to the user information handle. >- @retval EFI_NOT_FOUND User information was not found. User points to >NULL and UserInfo >- points to NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileFind ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- IN OUT EFI_USER_PROFILE_HANDLE *User, >- IN OUT EFI_USER_INFO_HANDLE *UserInfo OPTIONAL, >- IN CONST EFI_USER_INFO *Info, >- IN UINTN InfoSize >- ); >- >- >-/** >- This function returns user information. >- >- @param This Protocol EFI_USER_MANAGER_PROTOCOL instance >- pointer. >- @param User Handle of the user whose profile will be >- retrieved. >- @param UserInfo Handle of the user information data record. >- @param Info On entry, points to a buffer of at least >- *InfoSize bytes. On exit, holds the user >- information. >- @param InfoSize On entry, points to the size of Info. On return, >- points to the size of the user information. >- >- @retval EFI_SUCCESS Information returned successfully. >- @retval EFI_ACCESS_DENIED The information about the specified user >cannot >- be accessed by the current user. >- EFI_BUFFER_TOO_SMALL- The number of bytes >- specified by *InfoSize is too small to hold the >- returned data. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileGetInfo ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User, >- IN EFI_USER_INFO_HANDLE UserInfo, >- OUT EFI_USER_INFO *Info, >- IN OUT UINTN *InfoSize >- ); >- >- >-/** >- This function changes user information. >- >- @param This Protocol EFI_USER_MANAGER_PROTOCOL instance >- pointer. >- @param User Handle of the user whose profile will be >- retrieved. >- @param UserInfo Handle of the user information data record. >- @param Info Points to the user information. >- @param InfoSize The size of Info, in bytes. >- >- @retval EFI_SUCCESS User profile information was successfully >- changed/added. >- @retval EFI_ACCESS_DENIED The record is exclusive. >- @retval EFI_SECURITY_VIOLATION The current user does not have >permission to >- change the specified user profile or user >- information record. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileSetInfo ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User, >- IN OUT EFI_USER_INFO_HANDLE *UserInfo, >- IN CONST EFI_USER_INFO *Info, >- IN UINTN InfoSize >- ); >- >- >-/** >- This function allows the credential provider to notify the User Identity >Manager >- when user status has changed while deselected. >- >- @param This Protocol EFI_USER_MANAGER_PROTOCOL instance >- pointer. >- @param Changed Points to the instance of the >- EFI_USER_CREDENTIAL_PROTOCOL where the user has >- changed. >- >- @retval EFI_SUCCESS The User Identity Manager has handled the >- notification. >- @retval EFI_NOT_READY The function was called while the specified >- credential provider was not selected. >- @retval EFI_UNSUPPORTED The User Identity Manager doesn't support >- asynchronous notifications. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileNotify ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- IN EFI_HANDLE Changed >- ); >- >- >-/** >- Delete the user information attached to the user profile specified by the >UserInfo. >- >- @param This Protocol EFI_USER_MANAGER_PROTOCOL instance >pointer. >- @param User Handle of the user whose profile will be retrieved. >- @param UserInfo Handle of the user information data record. >- >- @retval EFI_SUCCESS User information deleted successfully. >- @retval EFI_ACCESS_DENIED The current user does not have permission >to >- delete this user in-formation. >- @retval EFI_NOT_FOUND User information record UserInfo does not >exist >- in the user pro-file. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileDeleteInfo ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User, >- IN EFI_USER_INFO_HANDLE UserInfo >- ); >- >- >-/** >- This function returns the next user information record. >- >- @param This Protocol EFI_USER_MANAGER_PROTOCOL instance >pointer. >- @param User Handle of the user whose profile will be retrieved. >- @param UserInfo Handle of the user information data record. >- >- @retval EFI_SUCCESS User information returned. >- @retval EFI_NOT_FOUND No more user information found. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileGetNextInfo ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User, >- IN OUT EFI_USER_INFO_HANDLE *UserInfo >- ); >- >-#endif >diff --git >a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >ager.uni >b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >ager.uni >deleted file mode 100644 >index 82c72baeeb..0000000000 >--- >a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >ager.uni >+++ /dev/null >@@ -1,21 +0,0 @@ >-// /** @file >-// Produces user manager protocol >-// >-// This module manages user information and produces user manager >protocol. >-// >-// Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR> >-// >-// This program and the accompanying materials >-// are licensed and made available under the terms and conditions of the BSD >License >-// which accompanies this distribution. The full text of the license may be >found at >-// http://opensource.org/licenses/bsd-license.php >-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >-// >-// **/ >- >- >-#string STR_MODULE_ABSTRACT #language en-US "Produces user >manager protocol" >- >-#string STR_MODULE_DESCRIPTION #language en-US "This module >manages user information and produces user manager protocol." >- >diff --git >a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >agerData.h >b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >agerData.h >deleted file mode 100644 >index 4e07ddd309..0000000000 >--- >a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >agerData.h >+++ /dev/null >@@ -1,35 +0,0 @@ >-/** @file >- Data structure used by the user identify manager driver. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#ifndef _USER_IDENTIFY_MANAGER_DATA_H_ >-#define _USER_IDENTIFY_MANAGER_DATA_H_ >- >-#include <Guid/UserIdentifyManagerHii.h> >- >-// >-// Forms definition. >-// >-#define FORMID_USER_FORM 1 >-#define FORMID_PROVIDER_FORM 2 >-#define FORMID_INVALID_FORM 0x0FFF >- >-// >-// Labels definition. >-// >-#define LABEL_USER_NAME 0x1000 >-#define LABEL_PROVIDER_NAME 0x3000 >-#define LABEL_END 0xffff >-#define FORM_OPEN_QUESTION_ID 0xfffe >- >-#endif >diff --git >a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >agerDxe.inf >b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >agerDxe.inf >deleted file mode 100644 >index 27e8ba19ad..0000000000 >--- >a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >agerDxe.inf >+++ /dev/null >@@ -1,79 +0,0 @@ >-## @file >-# Produces user manager protocol >-# >-# This module manages user information and produces user manager >protocol. >-# >-# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-# This program and the accompanying materials >-# are licensed and made available under the terms and conditions of the BSD >License >-# which accompanies this distribution. The full text of the license may be >found at >-# http://opensource.org/licenses/bsd-license.php >-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >-# >-## >- >-[defines] >- INF_VERSION = 0x00010005 >- BASE_NAME = UserIdentifyManager >- MODULE_UNI_FILE = UserIdentifyManager.uni >- FILE_GUID = C5D3191B-27D5-4873-8DF2-628136991A21 >- MODULE_TYPE = DXE_DRIVER >- VERSION_STRING = 1.0 >- ENTRY_POINT = UserIdentifyManagerInit >- >-[sources] >- UserIdentifyManager.c >- LoadDeferredImage.c >- UserIdentifyManager.h >- UserIdentifyManagerData.h >- UserIdentifyManagerStrings.uni >- UserIdentifyManagerVfr.Vfr >- >-[Packages] >- MdePkg/MdePkg.dec >- MdeModulePkg/MdeModulePkg.dec >- SecurityPkg/SecurityPkg.dec >- >-[LibraryClasses] >- UefiRuntimeServicesTableLib >- UefiBootServicesTableLib >- UefiDriverEntryPoint >- MemoryAllocationLib >- BaseMemoryLib >- DebugLib >- HiiLib >- UefiLib >- >-[Guids] >- gEfiIfrTianoGuid ## SOMETIMES_CONSUMES ## GUID >- gEfiEventUserProfileChangedGuid ## SOMETIMES_PRODUCES ## >Event >- >- ## SOMETIMES_PRODUCES ## Variable:L"Userxxxx" >- ## SOMETIMES_CONSUMES ## Variable:L"Userxxxx" >- ## CONSUMES ## HII >- gUserIdentifyManagerGuid >- >-[Protocols] >- gEfiFormBrowser2ProtocolGuid ## CONSUMES >- gEfiHiiDatabaseProtocolGuid ## CONSUMES >- gEfiUserCredential2ProtocolGuid ## SOMETIMES_CONSUMES >- gEfiDeferredImageLoadProtocolGuid ## SOMETIMES_CONSUMES >- gEfiSimpleTextOutProtocolGuid ## SOMETIMES_CONSUMES >- gEfiSimpleTextInProtocolGuid ## SOMETIMES_CONSUMES >- gEfiSimpleTextInputExProtocolGuid ## SOMETIMES_CONSUMES >- gEfiHiiConfigAccessProtocolGuid ## PRODUCES >- gEfiDevicePathProtocolGuid ## PRODUCES >- >- ## PRODUCES >- ## SOMETIMES_PRODUCES ## SystemTable >- gEfiUserManagerProtocolGuid >- >-[Depex] >- gEfiHiiDatabaseProtocolGuid AND >- gEfiHiiStringProtocolGuid AND >- gEfiFormBrowser2ProtocolGuid >- >-[UserExtensions.TianoCore."ExtraFiles"] >- UserIdentifyManagerExtra.uni >- >diff --git >a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >agerExtra.uni >b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >agerExtra.uni >deleted file mode 100644 >index 8b7cba7b32..0000000000 >--- >a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >agerExtra.uni >+++ /dev/null >@@ -1,19 +0,0 @@ >-// /** @file >-// UserIdentifyManager Localized Strings and Content >-// >-// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> >-// >-// This program and the accompanying materials >-// are licensed and made available under the terms and conditions of the BSD >License >-// which accompanies this distribution. The full text of the license may be >found at >-// http://opensource.org/licenses/bsd-license.php >-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >-// >-// **/ >- >-#string STR_PROPERTIES_MODULE_NAME >-#language en-US >-"User Identify Manager" >- >- >diff --git >a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >agerStrings.uni >b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >agerStrings.uni >deleted file mode 100644 >index fcbf5005cd..0000000000 >--- >a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >agerStrings.uni >+++ /dev/null >@@ -1,27 +0,0 @@ >-/** @file >- String definitions for the User Identify Manager driver. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php. >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#langdef en-US "English" >-#langdef fr-FR "Francais" >- >-#string STR_TITLE #language en-US "User Identity Manager" >- #language fr-FR "User Identity Manager(French)" >-#string STR_USER_SELECT #language en-US "User Selection" >- #language fr-FR "User Selection(French)" >-#string STR_PROVIDER_SELECT #language en-US "Provider >Selection" >- #language fr-FR "User Selection(French)" >-#string STR_NULL_STRING #language en-US "" >- #language fr-FR "" >- >- >diff --git >a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >agerVfr.Vfr >b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >agerVfr.Vfr >deleted file mode 100644 >index 306679776d..0000000000 >--- >a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >agerVfr.Vfr >+++ /dev/null >@@ -1,43 +0,0 @@ >-/** @file >- User identify manager formset. >- >-Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#include "UserIdentifyManagerData.h" >- >-formset >- guid = USER_IDENTIFY_MANAGER_GUID, >- title = STRING_TOKEN(STR_TITLE), >- help = STRING_TOKEN(STR_NULL_STRING), >- classguid = USER_IDENTIFY_MANAGER_GUID, >- >- form formid = FORMID_USER_FORM, >- title = STRING_TOKEN(STR_USER_SELECT); >- >- suppressif TRUE; >- text >- help = STRING_TOKEN(STR_NULL_STRING), >- text = STRING_TOKEN(STR_NULL_STRING), >- flags = INTERACTIVE, >- key = FORM_OPEN_QUESTION_ID; >- endif; >- >- label LABEL_USER_NAME; >- label LABEL_END; >- endform; >- >- form formid = FORMID_PROVIDER_FORM, >- title = STRING_TOKEN(STR_PROVIDER_SELECT); >- label LABEL_PROVIDER_NAME; >- label LABEL_END; >- endform; >-endformset; >\ No newline at end of file >diff --git >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyAccessPolic >y.c >b/SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyAccessPolic >y.c >deleted file mode 100644 >index 56d3b1df98..0000000000 >--- >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyAccessPolic >y.c >+++ /dev/null >@@ -1,688 +0,0 @@ >-/** @file >- The functions for access policy modification. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#include "UserProfileManager.h" >- >-/** >- Collect all the access policy data to mUserInfo.AccessPolicy, >- and save it to user profile. >- >-**/ >-VOID >-SaveAccessPolicy ( >- VOID >- ) >-{ >- EFI_STATUS Status; >- UINTN OffSet; >- UINTN Size; >- EFI_USER_INFO_ACCESS_CONTROL Control; >- EFI_USER_INFO_HANDLE UserInfo; >- EFI_USER_INFO *Info; >- >- if (mUserInfo.AccessPolicy != NULL) { >- FreePool (mUserInfo.AccessPolicy); >- } >- mUserInfo.AccessPolicy = NULL; >- mUserInfo.AccessPolicyLen = 0; >- mUserInfo.AccessPolicyModified = TRUE; >- OffSet = 0; >- >- // >- // Save access right. >- // >- Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL); >- if (mUserInfo.AccessPolicyLen - OffSet < Size) { >- ExpandMemory (OffSet, Size); >- } >- >- Control.Type = mAccessInfo.AccessRight; >- Control.Size = (UINT32) Size; >- CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); >- OffSet += sizeof (Control); >- >- // >- // Save access setup. >- // >- Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + sizeof (EFI_GUID); >- if (mUserInfo.AccessPolicyLen - OffSet < Size) { >- ExpandMemory (OffSet, Size); >- } >- >- Control.Type = EFI_USER_INFO_ACCESS_SETUP; >- Control.Size = (UINT32) Size; >- CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); >- OffSet += sizeof (Control); >- >- if (mAccessInfo.AccessSetup == ACCESS_SETUP_NORMAL) { >- CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), >&gEfiUserInfoAccessSetupNormalGuid); >- } else if (mAccessInfo.AccessSetup == ACCESS_SETUP_RESTRICTED) { >- CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), >&gEfiUserInfoAccessSetupRestrictedGuid); >- } else if (mAccessInfo.AccessSetup == ACCESS_SETUP_ADMIN) { >- CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), >&gEfiUserInfoAccessSetupAdminGuid); >- } >- OffSet += sizeof (EFI_GUID); >- >- // >- // Save access of boot order. >- // >- Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + sizeof (UINT32); >- if (mUserInfo.AccessPolicyLen - OffSet < Size) { >- ExpandMemory (OffSet, Size); >- } >- >- Control.Type = EFI_USER_INFO_ACCESS_BOOT_ORDER; >- Control.Size = (UINT32) Size; >- CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); >- OffSet += sizeof (Control); >- >- CopyMem ((UINT8 *) (mUserInfo.AccessPolicy + OffSet), >&mAccessInfo.AccessBootOrder, sizeof (UINT32)); >- OffSet += sizeof (UINT32); >- >- // >- // Save permit load. >- // >- if (mAccessInfo.LoadPermitLen > 0) { >- Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + >mAccessInfo.LoadPermitLen; >- if (mUserInfo.AccessPolicyLen - OffSet < Size) { >- ExpandMemory (OffSet, Size); >- } >- >- Control.Type = EFI_USER_INFO_ACCESS_PERMIT_LOAD; >- Control.Size = (UINT32) Size; >- CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); >- OffSet += sizeof (Control); >- >- CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.LoadPermit, >mAccessInfo.LoadPermitLen); >- OffSet += mAccessInfo.LoadPermitLen; >- } >- >- // >- // Save forbid load. >- // >- if (mAccessInfo.LoadForbidLen > 0) { >- Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + >mAccessInfo.LoadForbidLen; >- if (mUserInfo.AccessPolicyLen - OffSet < Size) { >- ExpandMemory (OffSet, Size); >- } >- >- Control.Type = EFI_USER_INFO_ACCESS_FORBID_LOAD; >- Control.Size = (UINT32) Size; >- CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); >- OffSet += sizeof (Control); >- >- CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.LoadForbid, >mAccessInfo.LoadForbidLen); >- OffSet += mAccessInfo.LoadForbidLen; >- } >- >- // >- // Save permit connect. >- // >- if (mAccessInfo.ConnectPermitLen > 0) { >- Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + >mAccessInfo.ConnectPermitLen; >- if (mUserInfo.AccessPolicyLen - OffSet < Size) { >- ExpandMemory (OffSet, Size); >- } >- >- Control.Type = EFI_USER_INFO_ACCESS_PERMIT_CONNECT; >- Control.Size = (UINT32) Size; >- CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); >- OffSet += sizeof (Control); >- >- CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.ConnectPermit, >mAccessInfo.ConnectPermitLen); >- OffSet += mAccessInfo.ConnectPermitLen; >- } >- >- // >- // Save forbid connect. >- // >- if (mAccessInfo.ConnectForbidLen > 0) { >- Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + >mAccessInfo.ConnectForbidLen; >- if (mUserInfo.AccessPolicyLen - OffSet < Size) { >- ExpandMemory (OffSet, Size); >- } >- >- Control.Type = EFI_USER_INFO_ACCESS_FORBID_CONNECT; >- Control.Size = (UINT32) Size; >- CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); >- OffSet += sizeof (Control); >- >- CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.ConnectForbid, >mAccessInfo.ConnectForbidLen); >- OffSet += mAccessInfo.ConnectForbidLen; >- } >- >- mUserInfo.AccessPolicyLen = OffSet; >- >- // >- // Save access policy. >- // >- if (mUserInfo.AccessPolicyModified && (mUserInfo.AccessPolicyLen > 0) >&& (mUserInfo.AccessPolicy != NULL)) { >- Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + >mUserInfo.AccessPolicyLen); >- if (Info == NULL) { >- return ; >- } >- >- Status = FindInfoByType (mModifyUser, >EFI_USER_INFO_ACCESS_POLICY_RECORD, &UserInfo); >- if (!EFI_ERROR (Status)) { >- Info->InfoType = EFI_USER_INFO_ACCESS_POLICY_RECORD; >- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >- EFI_USER_INFO_PUBLIC | >- EFI_USER_INFO_EXCLUSIVE; >- Info->InfoSize = (UINT32) (sizeof (EFI_USER_INFO) + >mUserInfo.AccessPolicyLen); >- CopyMem ((UINT8 *) (Info + 1), mUserInfo.AccessPolicy, >mUserInfo.AccessPolicyLen); >- Status = mUserManager->SetInfo ( >- mUserManager, >- mModifyUser, >- &UserInfo, >- Info, >- Info->InfoSize >- ); >- mUserInfo.AccessPolicyModified = FALSE; >- } >- FreePool (Info); >- } >- >- if (mAccessInfo.ConnectForbid != NULL) { >- FreePool (mAccessInfo.ConnectForbid); >- mAccessInfo.ConnectForbid = NULL; >- } >- >- if (mAccessInfo.ConnectPermit != NULL) { >- FreePool (mAccessInfo.ConnectPermit); >- mAccessInfo.ConnectPermit = NULL; >- } >- >- if (mAccessInfo.LoadForbid != NULL) { >- FreePool (mAccessInfo.LoadForbid); >- mAccessInfo.LoadForbid = NULL; >- } >- >- if (mAccessInfo.LoadPermit != NULL) { >- FreePool (mAccessInfo.LoadPermit); >- mAccessInfo.LoadPermit = NULL; >- } >-} >- >-/** >- Create an action OpCode with QuestionID and DevicePath on a given >OpCodeHandle. >- >- @param[in] QuestionID The question ID. >- @param[in] DevicePath Points to device path. >- @param[in] OpCodeHandle Points to container for dynamic created >opcodes. >- >-**/ >-VOID >-AddDevicePath ( >- IN UINTN QuestionID, >- IN EFI_DEVICE_PATH_PROTOCOL *DevicePath, >- IN VOID *OpCodeHandle >- ) >-{ >- EFI_DEVICE_PATH_PROTOCOL *Next; >- EFI_STRING_ID NameID; >- EFI_STRING DriverName; >- >- // >- // Get driver file name node. >- // >- Next = DevicePath; >- while (!IsDevicePathEnd (Next)) { >- DevicePath = Next; >- Next = NextDevicePathNode (Next); >- } >- >- // >- // Display the device path in form. >- // >- DriverName = ConvertDevicePathToText (DevicePath, FALSE, FALSE); >- NameID = HiiSetString (mCallbackInfo->HiiHandle, 0, DriverName, NULL); >- FreePool (DriverName); >- if (NameID == 0) { >- return ; >- } >- >- HiiCreateActionOpCode ( >- OpCodeHandle, // Container for dynamic created opcodes >- (UINT16) QuestionID, // Question ID >- NameID, // Prompt text >- STRING_TOKEN (STR_NULL_STRING), // Help text >- EFI_IFR_FLAG_CALLBACK, // Question flag >- 0 // Action String ID >- ); >-} >- >- >-/** >- Check whether the DevicePath is in the device path forbid list >- (mAccessInfo.LoadForbid). >- >- @param[in] DevicePath Points to device path. >- >- @retval TRUE The DevicePath is in the device path forbid list. >- @retval FALSE The DevicePath is not in the device path forbid list. >- >-**/ >-BOOLEAN >-IsLoadForbidden ( >- IN EFI_DEVICE_PATH_PROTOCOL *DevicePath >- ) >-{ >- UINTN OffSet; >- UINTN DPSize; >- UINTN Size; >- EFI_DEVICE_PATH_PROTOCOL *Dp; >- >- OffSet = 0; >- Size = GetDevicePathSize (DevicePath); >- // >- // Check each device path. >- // >- while (OffSet < mAccessInfo.LoadForbidLen) { >- Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + >OffSet); >- DPSize = GetDevicePathSize (Dp); >- // >- // Compare device path. >- // >- if ((DPSize == Size) && (CompareMem (DevicePath, Dp, Size) == 0)) { >- return TRUE; >- } >- OffSet += DPSize; >- } >- return FALSE; >-} >- >- >-/** >- Display the permit load device path in the loadable device path list. >- >-**/ >-VOID >-DisplayLoadPermit( >- VOID >- ) >-{ >- EFI_STATUS Status; >- CHAR16 *Order; >- UINTN OrderSize; >- UINTN ListCount; >- UINTN Index; >- UINT8 *Var; >- UINT8 *VarPtr; >- CHAR16 VarName[12]; >- VOID *StartOpCodeHandle; >- VOID *EndOpCodeHandle; >- EFI_IFR_GUID_LABEL *StartLabel; >- EFI_IFR_GUID_LABEL *EndLabel; >- >- // >- // Get DriverOrder. >- // >- OrderSize = 0; >- Status = gRT->GetVariable ( >- L"DriverOrder", >- &gEfiGlobalVariableGuid, >- NULL, >- &OrderSize, >- NULL >- ); >- if (Status != EFI_BUFFER_TOO_SMALL) { >- return ; >- } >- >- Order = AllocateZeroPool (OrderSize); >- if (Order == NULL) { >- return ; >- } >- >- Status = gRT->GetVariable ( >- L"DriverOrder", >- &gEfiGlobalVariableGuid, >- NULL, >- &OrderSize, >- Order >- ); >- if (EFI_ERROR (Status)) { >- return ; >- } >- >- // >- // Initialize the container for dynamic opcodes. >- // >- StartOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (StartOpCodeHandle != NULL); >- >- EndOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (EndOpCodeHandle != NULL); >- >- // >- // Create Hii Extend Label OpCode. >- // >- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- StartOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- StartLabel->Number = LABEL_PERMIT_LOAD_FUNC; >- >- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- EndOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- EndLabel->Number = LABEL_END; >- >- // >- // Add each driver option. >- // >- Var = NULL; >- ListCount = OrderSize / sizeof (UINT16); >- for (Index = 0; Index < ListCount; Index++) { >- // >- // Get driver device path. >- // >- UnicodeSPrint (VarName, sizeof (VarName), L"Driver%04x", Order[Index]); >- GetEfiGlobalVariable2 (VarName, (VOID**)&Var, NULL); >- if (Var == NULL) { >- continue; >- } >- >- // >- // Check whether the driver is already forbidden. >- // >- >- VarPtr = Var; >- // >- // Skip attribute. >- // >- VarPtr += sizeof (UINT32); >- >- // >- // Skip device path lenth. >- // >- VarPtr += sizeof (UINT16); >- >- // >- // Skip descript string. >- // >- VarPtr += StrSize ((UINT16 *) VarPtr); >- >- if (IsLoadForbidden ((EFI_DEVICE_PATH_PROTOCOL *) VarPtr)) { >- FreePool (Var); >- Var = NULL; >- continue; >- } >- >- AddDevicePath ( >- KEY_MODIFY_USER | KEY_MODIFY_AP_DP | KEY_LOAD_PERMIT_MODIFY >| Order[Index], >- (EFI_DEVICE_PATH_PROTOCOL *) VarPtr, >- StartOpCodeHandle >- ); >- FreePool (Var); >- Var = NULL; >- } >- >- HiiUpdateForm ( >- mCallbackInfo->HiiHandle, // HII handle >- &gUserProfileManagerGuid, // Formset GUID >- FORMID_PERMIT_LOAD_DP, // Form ID >- StartOpCodeHandle, // Label for where to insert opcodes >- EndOpCodeHandle // Replace data >- ); >- >- HiiFreeOpCodeHandle (StartOpCodeHandle); >- HiiFreeOpCodeHandle (EndOpCodeHandle); >- >- // >- // Clear Environment. >- // >- if (Var != NULL) { >- FreePool (Var); >- } >- FreePool (Order); >-} >- >- >-/** >- Display the forbid load device path list (mAccessInfo.LoadForbid). >- >-**/ >-VOID >-DisplayLoadForbid ( >- VOID >- ) >-{ >- UINTN Offset; >- UINTN DPSize; >- UINTN Index; >- EFI_DEVICE_PATH_PROTOCOL *Dp; >- VOID *StartOpCodeHandle; >- VOID *EndOpCodeHandle; >- EFI_IFR_GUID_LABEL *StartLabel; >- EFI_IFR_GUID_LABEL *EndLabel; >- >- // >- // Initialize the container for dynamic opcodes. >- // >- StartOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (StartOpCodeHandle != NULL); >- >- EndOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (EndOpCodeHandle != NULL); >- >- // >- // Create Hii Extend Label OpCode. >- // >- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- StartOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- StartLabel->Number = LABLE_FORBID_LOAD_FUNC; >- >- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- EndOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- EndLabel->Number = LABEL_END; >- >- // >- // Add each forbid load drivers. >- // >- Offset = 0; >- Index = 0; >- while (Offset < mAccessInfo.LoadForbidLen) { >- Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + >Offset); >- DPSize = GetDevicePathSize (Dp); >- AddDevicePath ( >- KEY_MODIFY_USER | KEY_MODIFY_AP_DP | KEY_LOAD_FORBID_MODIFY >| Index, >- Dp, >- StartOpCodeHandle >- ); >- Index++; >- Offset += DPSize; >- } >- >- HiiUpdateForm ( >- mCallbackInfo->HiiHandle, // HII handle >- &gUserProfileManagerGuid, // Formset GUID >- FORMID_FORBID_LOAD_DP, // Form ID >- StartOpCodeHandle, // Label for where to insert opcodes >- EndOpCodeHandle // Replace data >- ); >- >- HiiFreeOpCodeHandle (StartOpCodeHandle); >- HiiFreeOpCodeHandle (EndOpCodeHandle); >-} >- >- >-/** >- Display the permit connect device path. >- >-**/ >-VOID >-DisplayConnectPermit ( >- VOID >- ) >-{ >- // >- // Note: >- // As no architect protocol/interface to be called in ConnectController() >- // to verify the device path, just add a place holder for permitted connect >- // device path. >- // >-} >- >- >-/** >- Display the forbid connect device path list. >- >-**/ >-VOID >-DisplayConnectForbid ( >- VOID >- ) >-{ >- // >- // Note: >- // As no architect protocol/interface to be called in ConnectController() >- // to verify the device path, just add a place holder for forbidden connect >- // device path. >- // >-} >- >- >-/** >- Delete the specified device path by DriverIndex from the forbid device path >- list (mAccessInfo.LoadForbid). >- >- @param[in] DriverIndex The index of driver in forbidden device path list. >- >-**/ >-VOID >-DeleteFromForbidLoad ( >- IN UINT16 DriverIndex >- ) >-{ >- UINTN OffSet; >- UINTN DPSize; >- UINTN OffLen; >- EFI_DEVICE_PATH_PROTOCOL *Dp; >- >- OffSet = 0; >- // >- // Find the specified device path. >- // >- while ((OffSet < mAccessInfo.LoadForbidLen) && (DriverIndex > 0)) { >- Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + >OffSet); >- DPSize = GetDevicePathSize (Dp); >- OffSet += DPSize; >- DriverIndex--; >- } >- >- // >- // Specified device path found. >- // >- if (DriverIndex == 0) { >- Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + >OffSet); >- DPSize = GetDevicePathSize (Dp); >- OffLen = mAccessInfo.LoadForbidLen - OffSet - DPSize; >- if (OffLen > 0) { >- CopyMem ( >- mAccessInfo.LoadForbid + OffSet, >- mAccessInfo.LoadForbid + OffSet + DPSize, >- OffLen >- ); >- } >- mAccessInfo.LoadForbidLen -= DPSize; >- } >-} >- >- >-/** >- Add the specified device path by DriverIndex to the forbid device path >- list (mAccessInfo.LoadForbid). >- >- @param[in] DriverIndex The index of driver saved in driver options. >- >-**/ >-VOID >-AddToForbidLoad ( >- IN UINT16 DriverIndex >- ) >-{ >- UINTN DevicePathLen; >- UINT8 *Var; >- UINT8 *VarPtr; >- UINTN NewLen; >- UINT8 *NewFL; >- CHAR16 VarName[13]; >- >- // >- // Get loadable driver device path. >- // >- UnicodeSPrint (VarName, sizeof (VarName), L"Driver%04x", DriverIndex); >- GetEfiGlobalVariable2 (VarName, (VOID**)&Var, NULL); >- if (Var == NULL) { >- return; >- } >- >- // >- // Save forbid load driver. >- // >- >- VarPtr = Var; >- // >- // Skip attribute. >- // >- VarPtr += sizeof (UINT32); >- >- DevicePathLen = *(UINT16 *) VarPtr; >- // >- // Skip device path length. >- // >- VarPtr += sizeof (UINT16); >- >- // >- // Skip description string. >- // >- VarPtr += StrSize ((UINT16 *) VarPtr); >- >- NewLen = mAccessInfo.LoadForbidLen + DevicePathLen; >- NewFL = AllocateZeroPool (NewLen); >- if (NewFL == NULL) { >- FreePool (Var); >- return ; >- } >- >- if (mAccessInfo.LoadForbidLen > 0) { >- CopyMem (NewFL, mAccessInfo.LoadForbid, mAccessInfo.LoadForbidLen); >- FreePool (mAccessInfo.LoadForbid); >- } >- >- CopyMem (NewFL + mAccessInfo.LoadForbidLen, VarPtr, DevicePathLen); >- mAccessInfo.LoadForbidLen = NewLen; >- mAccessInfo.LoadForbid = NewFL; >- FreePool (Var); >-} >- >- >diff --git >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyIdentityPoli >cy.c >b/SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyIdentityPoli >cy.c >deleted file mode 100644 >index 602c4a8397..0000000000 >--- >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyIdentityPoli >cy.c >+++ /dev/null >@@ -1,516 +0,0 @@ >-/** @file >- The functions for identification policy modification. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#include "UserProfileManager.h" >- >- >-/** >- Verify the new identity policy in the current implementation. The same >credential >- provider can't appear twice in one identity policy. >- >- @param[in] NewGuid Points to the credential provider guid. >- >- @retval TRUE The NewGuid was found in the identity policy. >- @retval FALSE The NewGuid was not found. >- >-**/ >-BOOLEAN >-ProviderAlreadyInPolicy ( >- IN EFI_GUID *NewGuid >- ) >-{ >- UINTN Offset; >- EFI_USER_INFO_IDENTITY_POLICY *Identity; >- EFI_INPUT_KEY Key; >- >- Offset = 0; >- while (Offset < mUserInfo.NewIdentityPolicyLen) { >- Identity = (EFI_USER_INFO_IDENTITY_POLICY *) >(mUserInfo.NewIdentityPolicy + Offset); >- if (Identity->Type == EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER) { >- if (CompareGuid (NewGuid, (EFI_GUID *) (Identity + 1))) { >- CreatePopUp ( >- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >- &Key, >- L"This Credential Provider Are Already Used!", >- L"", >- L"Press Any Key to Continue ...", >- NULL >- ); >- return TRUE; >- } >- } >- Offset += Identity->Length; >- } >- >- return FALSE; >-} >- >- >-/** >- Add the user's credential record in the provider. >- >- @param[in] Identity Identity policy item including credential provider. >- @param[in] User Points to user profile. >- >- @retval EFI_SUCCESS Add or delete record successfully. >- @retval Others Fail to add or delete record. >- >-**/ >-EFI_STATUS >-EnrollUserOnProvider ( >- IN EFI_USER_INFO_IDENTITY_POLICY *Identity, >- IN EFI_USER_PROFILE_HANDLE User >- ) >-{ >- UINTN Index; >- EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential; >- >- // >- // Find the specified credential provider. >- // >- for (Index = 0; Index < mProviderInfo->Count; Index++) { >- UserCredential = mProviderInfo->Provider[Index]; >- if (CompareGuid ((EFI_GUID *)(Identity + 1), &UserCredential->Identifier)) >{ >- return UserCredential->Enroll (UserCredential, User); >- } >- } >- >- return EFI_NOT_FOUND; >-} >- >- >-/** >- Delete the User's credential record on the provider. >- >- @param[in] Identity Point to >EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER user info. >- @param[in] User Points to user profile. >- >- @retval EFI_SUCCESS Delete User's credential record successfully. >- @retval Others Fail to add or delete record. >- >-**/ >-EFI_STATUS >-DeleteUserOnProvider ( >- IN EFI_USER_INFO_IDENTITY_POLICY *Identity, >- IN EFI_USER_PROFILE_HANDLE User >- ) >-{ >- UINTN Index; >- EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential; >- >- // >- // Find the specified credential provider. >- // >- for (Index = 0; Index < mProviderInfo->Count; Index++) { >- UserCredential = mProviderInfo->Provider[Index]; >- if (CompareGuid ((EFI_GUID *)(Identity + 1), &UserCredential->Identifier)) >{ >- return UserCredential->Delete (UserCredential, User); >- } >- } >- >- return EFI_NOT_FOUND; >-} >- >- >-/** >- Delete User's credental from all the providers that exist in User's identity >policy. >- >- @param[in] IdentityPolicy Point to User's identity policy. >- @param[in] IdentityPolicyLen The length of the identity policy. >- @param[in] User Points to user profile. >- >-**/ >-VOID >-DeleteCredentialFromProviders ( >- IN UINT8 *IdentityPolicy, >- IN UINTN IdentityPolicyLen, >- IN EFI_USER_PROFILE_HANDLE User >- ) >-{ >- EFI_USER_INFO_IDENTITY_POLICY *Identity; >- UINTN Offset; >- >- Offset = 0; >- while (Offset < IdentityPolicyLen) { >- Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (IdentityPolicy + Offset); >- if (Identity->Type == EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER) { >- // >- // Delete the user on this provider. >- // >- DeleteUserOnProvider (Identity, User); >- } >- Offset += Identity->Length; >- } >- >-} >- >- >-/** >- Remove the provider specified by Offset from the new user identification >record. >- >- @param[in] IdentityPolicy Point to user identity item in new identification >policy. >- @param[in] Offset The item offset in the new identification policy. >- >-**/ >-VOID >-DeleteProviderFromPolicy ( >- IN EFI_USER_INFO_IDENTITY_POLICY *IdentityPolicy, >- IN UINTN Offset >- ) >-{ >- UINTN RemainingLen; >- UINTN DeleteLen; >- >- if (IdentityPolicy->Length == mUserInfo.NewIdentityPolicyLen) { >- // >- // Only one credential provider in the identification policy. >- // Set the new policy to be TRUE after removed the provider. >- // >- IdentityPolicy->Type = EFI_USER_INFO_IDENTITY_TRUE; >- IdentityPolicy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY); >- mUserInfo.NewIdentityPolicyLen = IdentityPolicy->Length; >- return ; >- } >- >- DeleteLen = IdentityPolicy->Length + >sizeof(EFI_USER_INFO_IDENTITY_POLICY); >- if ((Offset + IdentityPolicy->Length) != mUserInfo.NewIdentityPolicyLen) { >- // >- // This provider is not the last item in the identification policy, delete it and >the connector. >- // >- RemainingLen = mUserInfo.NewIdentityPolicyLen - Offset - DeleteLen; >- CopyMem ((UINT8 *) IdentityPolicy, (UINT8 *) IdentityPolicy + DeleteLen, >RemainingLen); >- } >- mUserInfo.NewIdentityPolicyLen -= DeleteLen; >-} >- >- >-/** >- Add a new provider to the mUserInfo.NewIdentityPolicy. >- >- It is invoked when 'add option' in UI is pressed. >- >- @param[in] NewGuid Points to the credential provider guid. >- >-**/ >-VOID >-AddProviderToPolicy ( >- IN EFI_GUID *NewGuid >- ) >-{ >- UINT8 *NewPolicyInfo; >- UINTN NewPolicyInfoLen; >- EFI_USER_INFO_IDENTITY_POLICY *Policy; >- >- // >- // Allocate memory for the new identity policy. >- // >- NewPolicyInfoLen = mUserInfo.NewIdentityPolicyLen + sizeof >(EFI_USER_INFO_IDENTITY_POLICY) + sizeof (EFI_GUID); >- if (mUserInfo.NewIdentityPolicyLen > 0) { >- // >- // It is not the first provider in the policy. Add a connector before provider. >- // >- NewPolicyInfoLen += sizeof (EFI_USER_INFO_IDENTITY_POLICY); >- } >- NewPolicyInfo = AllocateZeroPool (NewPolicyInfoLen); >- if (NewPolicyInfo == NULL) { >- return ; >- } >- >- NewPolicyInfoLen = 0; >- if (mUserInfo.NewIdentityPolicyLen > 0) { >- // >- // Save orginal policy. >- // >- CopyMem (NewPolicyInfo, mUserInfo.NewIdentityPolicy, >mUserInfo.NewIdentityPolicyLen); >- >- // >- // Save logical connector. >- // >- Policy = (EFI_USER_INFO_IDENTITY_POLICY *) (NewPolicyInfo + >mUserInfo.NewIdentityPolicyLen); >- if (mConncetLogical == 0) { >- Policy->Type = EFI_USER_INFO_IDENTITY_AND; >- } else { >- Policy->Type = EFI_USER_INFO_IDENTITY_OR; >- } >- >- Policy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY); >- NewPolicyInfoLen = mUserInfo.NewIdentityPolicyLen + Policy->Length; >- FreePool (mUserInfo.NewIdentityPolicy); >- } >- >- // >- // Save credential provider. >- // >- Policy = (EFI_USER_INFO_IDENTITY_POLICY *) (NewPolicyInfo + >NewPolicyInfoLen); >- Policy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY) + sizeof >(EFI_GUID); >- Policy->Type = EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER; >- CopyGuid ((EFI_GUID *) (Policy + 1), NewGuid); >- NewPolicyInfoLen += Policy->Length; >- >- // >- // Update identity policy choice. >- // >- mUserInfo.NewIdentityPolicy = NewPolicyInfo; >- mUserInfo.NewIdentityPolicyLen = NewPolicyInfoLen; >- mUserInfo.NewIdentityPolicyModified = TRUE; >-} >- >- >-/** >- This function replaces the old identity policy with a new identity policy. >- >- This function delete the user identity policy information. >- If enroll new credential failed, recover the old identity policy. >- >- @retval EFI_SUCCESS Modify user identity policy successfully. >- @retval Others Fail to modify user identity policy. >- >-**/ >-EFI_STATUS >-UpdateCredentialProvider ( >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO_IDENTITY_POLICY *Identity; >- UINTN Offset; >- >- // >- // Delete the old identification policy. >- // >- DeleteCredentialFromProviders (mUserInfo.IdentityPolicy, >mUserInfo.IdentityPolicyLen, mModifyUser); >- >- // >- // Add the new identification policy. >- // >- Offset = 0; >- while (Offset < mUserInfo.NewIdentityPolicyLen) { >- Identity = (EFI_USER_INFO_IDENTITY_POLICY *) >(mUserInfo.NewIdentityPolicy + Offset); >- if (Identity->Type == EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER) { >- // >- // Enroll the user on this provider >- // >- Status = EnrollUserOnProvider (Identity, mModifyUser); >- if (EFI_ERROR (Status)) { >- // >- // Failed to enroll the user by new identification policy. >- // So removed the credential provider from the identification policy >- // >- DeleteProviderFromPolicy (Identity, Offset); >- continue; >- } >- } >- Offset += Identity->Length; >- } >- >- return EFI_SUCCESS; >-} >- >- >-/** >- Check whether the identity policy is valid. >- >- @param[in] PolicyInfo Point to the identity policy. >- @param[in] PolicyInfoLen The policy length. >- >- @retval TRUE The policy is a valid identity policy. >- @retval FALSE The policy is not a valid identity policy. >- >-**/ >-BOOLEAN >-CheckNewIdentityPolicy ( >- IN UINT8 *PolicyInfo, >- IN UINTN PolicyInfoLen >- ) >-{ >- EFI_USER_INFO_IDENTITY_POLICY *Identity; >- EFI_INPUT_KEY Key; >- UINTN Offset; >- UINT32 OpCode; >- >- // >- // Check policy expression. >- // >- OpCode = EFI_USER_INFO_IDENTITY_FALSE; >- Offset = 0; >- while (Offset < PolicyInfoLen) { >- // >- // Check identification policy according to type >- // >- Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (PolicyInfo + Offset); >- switch (Identity->Type) { >- >- case EFI_USER_INFO_IDENTITY_TRUE: >- break; >- >- case EFI_USER_INFO_IDENTITY_OR: >- if (OpCode == EFI_USER_INFO_IDENTITY_AND) { >- CreatePopUp ( >- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >- &Key, >- L"Invalid Identity Policy, Mixed Connector Unsupport!", >- L"", >- L"Press Any Key to Continue ...", >- NULL >- ); >- return FALSE; >- } >- >- OpCode = EFI_USER_INFO_IDENTITY_OR; >- break; >- >- case EFI_USER_INFO_IDENTITY_AND: >- if (OpCode == EFI_USER_INFO_IDENTITY_OR) { >- CreatePopUp ( >- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >- &Key, >- L"Invalid Identity Policy, Mixed Connector Unsupport!", >- L"", >- L"Press Any Key to Continue ...", >- NULL >- ); >- return FALSE; >- } >- >- OpCode = EFI_USER_INFO_IDENTITY_AND; >- break; >- >- case EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER: >- break; >- >- default: >- CreatePopUp ( >- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >- &Key, >- L"Unsupport parameter", >- L"", >- L"Press Any Key to Continue ...", >- NULL >- ); >- return FALSE; >- } >- Offset += Identity->Length; >- } >- >- return TRUE; >-} >- >- >-/** >- Save the identity policy and update UI with it. >- >- This function will verify the new identity policy, in current implementation, >- the identity policy can be: T, P & P & P & ..., P | P | P | ... >- Here, "T" means "True", "P" means "Credential Provider", "&" means "and", >"|" means "or". >- Other identity policies are not supported. >- >-**/ >-VOID >-SaveIdentityPolicy ( >- VOID >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO_HANDLE UserInfo; >- EFI_USER_INFO *Info; >- >- if (!mUserInfo.NewIdentityPolicyModified || >(mUserInfo.NewIdentityPolicyLen == 0)) { >- return; >- } >- >- // >- // Check policy expression. >- // >- if (!CheckNewIdentityPolicy (mUserInfo.NewIdentityPolicy, >mUserInfo.NewIdentityPolicyLen)) { >- return; >- } >- >- Status = FindInfoByType (mModifyUser, >EFI_USER_INFO_IDENTITY_POLICY_RECORD, &UserInfo); >- if (EFI_ERROR (Status)) { >- return ; >- } >- >- // >- // Update the informantion on credential provider. >- // >- Status = UpdateCredentialProvider (); >- if (EFI_ERROR (Status)) { >- return ; >- } >- >- // >- // Save new identification policy. >- // >- Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + >mUserInfo.NewIdentityPolicyLen); >- ASSERT (Info != NULL); >- >- Info->InfoType = EFI_USER_INFO_IDENTITY_POLICY_RECORD; >- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; >- Info->InfoSize = (UINT32) (sizeof (EFI_USER_INFO) + >mUserInfo.NewIdentityPolicyLen); >- CopyMem ((UINT8 *) (Info + 1), mUserInfo.NewIdentityPolicy, >mUserInfo.NewIdentityPolicyLen); >- >- Status = mUserManager->SetInfo (mUserManager, mModifyUser, >&UserInfo, Info, Info->InfoSize); >- FreePool (Info); >- >- // >- // Update the mUserInfo.IdentityPolicy by mUserInfo.NewIdentityPolicy >- // >- if (mUserInfo.IdentityPolicy != NULL) { >- FreePool (mUserInfo.IdentityPolicy); >- } >- mUserInfo.IdentityPolicy = mUserInfo.NewIdentityPolicy; >- mUserInfo.IdentityPolicyLen = mUserInfo.NewIdentityPolicyLen; >- >- mUserInfo.NewIdentityPolicy = NULL; >- mUserInfo.NewIdentityPolicyLen = 0; >- mUserInfo.NewIdentityPolicyModified = FALSE; >- >- // >- // Update identity policy choice. >- // >- ResolveIdentityPolicy (mUserInfo.IdentityPolicy, >mUserInfo.IdentityPolicyLen, STRING_TOKEN (STR_IDENTIFY_POLICY_VAL)); >-} >- >- >-/** >- Update the mUserInfo.NewIdentityPolicy, and UI when 'add option' is >pressed. >- >-**/ >-VOID >-AddIdentityPolicyItem ( >- VOID >- ) >-{ >- if (mProviderInfo->Count == 0) { >- return ; >- } >- >- // >- // Check the identity policy. >- // >- if (ProviderAlreadyInPolicy (&mProviderInfo->Provider[mProviderChoice]- >>Identifier)) { >- return; >- } >- >- // >- // Add it to identification policy >- // >- AddProviderToPolicy (&mProviderInfo->Provider[mProviderChoice]- >>Identifier); >- >- // >- // Update identity policy choice. >- // >- ResolveIdentityPolicy (mUserInfo.NewIdentityPolicy, >mUserInfo.NewIdentityPolicyLen, STRING_TOKEN >(STR_IDENTIFY_POLICY_VALUE)); >-} >- >- >diff --git >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileAdd.c >b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileAdd.c >deleted file mode 100644 >index 6de7e75e79..0000000000 >--- >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileAdd.c >+++ /dev/null >@@ -1,372 +0,0 @@ >-/** @file >- The functions to add a user profile. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#include "UserProfileManager.h" >- >- >-/** >- Get user name from the popup windows. >- >- @param[in, out] UserNameLen On entry, point to UserName buffer lengh, >in bytes. >- On exit, point to input user name length, in bytes. >- @param[out] UserName The buffer to hold the input user name. >- >- @retval EFI_ABORTED It is given up by pressing 'ESC' key. >- @retval EFI_NOT_READY Not a valid input at all. >- @retval EFI_SUCCESS Get a user name successfully. >- >-**/ >-EFI_STATUS >-GetUserNameInput ( >- IN OUT UINTN *UserNameLen, >- OUT CHAR16 *UserName >- ) >-{ >- EFI_INPUT_KEY Key; >- UINTN NameLen; >- CHAR16 Name[USER_NAME_LENGTH]; >- >- NameLen = 0; >- while (TRUE) { >- Name[NameLen] = L'_'; >- Name[NameLen + 1] = L'\0'; >- CreatePopUp ( >- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >- &Key, >- L"Input User Name", >- L"---------------------", >- Name, >- NULL >- ); >- // >- // Check key. >- // >- if (Key.ScanCode == SCAN_NULL) { >- if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { >- // >- // Add the null terminator. >- // >- Name[NameLen] = 0; >- NameLen++; >- break; >- } else if ((Key.UnicodeChar == CHAR_NULL) || >- (Key.UnicodeChar == CHAR_TAB) || >- (Key.UnicodeChar == CHAR_LINEFEED) >- ) { >- continue; >- } else { >- if (Key.UnicodeChar == CHAR_BACKSPACE) { >- if (NameLen > 0) { >- NameLen--; >- } >- } else { >- Name[NameLen] = Key.UnicodeChar; >- NameLen++; >- if (NameLen + 1 == USER_NAME_LENGTH) { >- // >- // Add the null terminator. >- // >- Name[NameLen] = 0; >- NameLen++; >- break; >- } >- } >- } >- } >- >- if (Key.ScanCode == SCAN_ESC) { >- return EFI_ABORTED; >- } >- } >- >- if (NameLen <= 1) { >- return EFI_NOT_READY; >- } >- >- if (*UserNameLen < NameLen * sizeof (CHAR16)) { >- return EFI_NOT_READY; >- } >- >- *UserNameLen = NameLen * sizeof (CHAR16); >- CopyMem (UserName, Name, *UserNameLen); >- >- return EFI_SUCCESS; >-} >- >-/** >- Set a user's username. >- >- @param[in] User Handle of a user profile . >- @param[in] UserNameLen The lengh of UserName. >- @param[in] UserName Point to the buffer of user name. >- >- @retval EFI_NOT_READY The usernme in mAddUserName had been used. >- @retval EFI_SUCCESS Change the user's username successfully with >- username in mAddUserName. >- >-**/ >-EFI_STATUS >-SetUserName ( >- IN EFI_USER_PROFILE_HANDLE User, >- IN UINTN UserNameLen, >- IN CHAR16 *UserName >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO_HANDLE UserInfo; >- EFI_USER_PROFILE_HANDLE TempUser; >- EFI_USER_INFO *NewUserInfo; >- >- NewUserInfo = AllocateZeroPool (sizeof (EFI_USER_INFO) + UserNameLen); >- ASSERT (NewUserInfo != NULL); >- >- NewUserInfo->InfoType = EFI_USER_INFO_NAME_RECORD; >- NewUserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >- EFI_USER_INFO_PUBLIC | >- EFI_USER_INFO_EXCLUSIVE; >- NewUserInfo->InfoSize = (UINT32) (sizeof (EFI_USER_INFO) + >UserNameLen); >- CopyMem ((UINT8 *) (NewUserInfo + 1), UserName, UserNameLen); >- TempUser = NULL; >- Status = mUserManager->Find ( >- mUserManager, >- &TempUser, >- NULL, >- NewUserInfo, >- NewUserInfo->InfoSize >- ); >- if (!EFI_ERROR (Status)) { >- // >- // The user name had been used, return error. >- // >- FreePool (NewUserInfo); >- return EFI_NOT_READY; >- } >- >- UserInfo = NULL; >- mUserManager->SetInfo ( >- mUserManager, >- User, >- &UserInfo, >- NewUserInfo, >- NewUserInfo->InfoSize >- ); >- FreePool (NewUserInfo); >- return EFI_SUCCESS; >-} >- >- >-/** >- Set create date of the specified user. >- >- @param[in] User Handle of a user profile. >- >-**/ >-VOID >-SetCreateDate ( >- IN EFI_USER_PROFILE_HANDLE User >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO_HANDLE UserInfo; >- EFI_USER_INFO_CREATE_DATE Date; >- EFI_USER_INFO *NewUserInfo; >- >- NewUserInfo = AllocateZeroPool ( >- sizeof (EFI_USER_INFO) + >- sizeof (EFI_USER_INFO_CREATE_DATE) >- ); >- ASSERT (NewUserInfo != NULL); >- >- NewUserInfo->InfoType = EFI_USER_INFO_CREATE_DATE_RECORD; >- NewUserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >- EFI_USER_INFO_PUBLIC | >- EFI_USER_INFO_EXCLUSIVE; >- NewUserInfo->InfoSize = sizeof (EFI_USER_INFO) + sizeof >(EFI_USER_INFO_CREATE_DATE); >- Status = gRT->GetTime (&Date, NULL); >- if (EFI_ERROR (Status)) { >- FreePool (NewUserInfo); >- return ; >- } >- >- CopyMem ((UINT8 *) (NewUserInfo + 1), &Date, sizeof >(EFI_USER_INFO_CREATE_DATE)); >- UserInfo = NULL; >- mUserManager->SetInfo ( >- mUserManager, >- User, >- &UserInfo, >- NewUserInfo, >- NewUserInfo->InfoSize >- ); >- FreePool (NewUserInfo); >-} >- >- >-/** >- Set the default identity policy of the specified user. >- >- @param[in] User Handle of a user profile. >- >-**/ >-VOID >-SetIdentityPolicy ( >- IN EFI_USER_PROFILE_HANDLE User >- ) >-{ >- EFI_USER_INFO_IDENTITY_POLICY *Policy; >- EFI_USER_INFO_HANDLE UserInfo; >- EFI_USER_INFO *NewUserInfo; >- >- NewUserInfo = AllocateZeroPool ( >- sizeof (EFI_USER_INFO) + >- sizeof (EFI_USER_INFO_IDENTITY_POLICY) >- ); >- ASSERT (NewUserInfo != NULL); >- >- Policy = (EFI_USER_INFO_IDENTITY_POLICY *) (NewUserInfo + 1); >- Policy->Type = EFI_USER_INFO_IDENTITY_TRUE; >- Policy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY); >- >- NewUserInfo->InfoType = EFI_USER_INFO_IDENTITY_POLICY_RECORD; >- NewUserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >- EFI_USER_INFO_PUBLIC | >- EFI_USER_INFO_EXCLUSIVE; >- NewUserInfo->InfoSize = sizeof (EFI_USER_INFO) + Policy->Length; >- UserInfo = NULL; >- mUserManager->SetInfo ( >- mUserManager, >- User, >- &UserInfo, >- NewUserInfo, >- NewUserInfo->InfoSize >- ); >- FreePool (NewUserInfo); >-} >- >- >-/** >- Set the default access policy of the specified user. >- >- @param[in] User Handle of a user profile. >- >-**/ >-VOID >-SetAccessPolicy ( >- IN EFI_USER_PROFILE_HANDLE User >- ) >-{ >- EFI_USER_INFO_ACCESS_CONTROL *Control; >- EFI_USER_INFO_HANDLE UserInfo; >- EFI_USER_INFO *NewUserInfo; >- >- NewUserInfo = AllocateZeroPool ( >- sizeof (EFI_USER_INFO) + >- sizeof (EFI_USER_INFO_ACCESS_CONTROL) >- ); >- ASSERT (NewUserInfo != NULL); >- >- Control = (EFI_USER_INFO_ACCESS_CONTROL *) (NewUserInfo + >1); >- Control->Type = EFI_USER_INFO_ACCESS_ENROLL_SELF; >- Control->Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL); >- >- NewUserInfo->InfoType = EFI_USER_INFO_ACCESS_POLICY_RECORD; >- NewUserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >- EFI_USER_INFO_PUBLIC | >- EFI_USER_INFO_EXCLUSIVE; >- NewUserInfo->InfoSize = sizeof (EFI_USER_INFO) + Control->Size; >- UserInfo = NULL; >- mUserManager->SetInfo ( >- mUserManager, >- User, >- &UserInfo, >- NewUserInfo, >- NewUserInfo->InfoSize >- ); >- FreePool (NewUserInfo); >-} >- >- >-/** >- Add a new user profile into the user profile database. >- >-**/ >-VOID >-CallAddUser ( >- VOID >- ) >-{ >- EFI_STATUS Status; >- EFI_INPUT_KEY Key; >- EFI_USER_PROFILE_HANDLE User; >- UINTN UserNameLen; >- CHAR16 UserName[USER_NAME_LENGTH]; >- CHAR16 *QuestionStr; >- CHAR16 *PromptStr; >- >- QuestionStr = NULL; >- PromptStr = NULL; >- >- // >- // Get user name to add. >- // >- UserNameLen = sizeof (UserName); >- Status = GetUserNameInput (&UserNameLen, UserName); >- if (EFI_ERROR (Status)) { >- if (Status != EFI_ABORTED) { >- QuestionStr = GetStringById (STRING_TOKEN >(STR_GET_USERNAME_FAILED)); >- PromptStr = GetStringById (STRING_TOKEN >(STR_STROKE_KEY_CONTINUE)); >- goto Done; >- } >- return ; >- } >- >- // >- // Create a new user profile. >- // >- User = NULL; >- Status = mUserManager->Create (mUserManager, &User); >- if (EFI_ERROR (Status)) { >- QuestionStr = GetStringById (STRING_TOKEN >(STR_CREATE_PROFILE_FAILED)); >- PromptStr = GetStringById (STRING_TOKEN >(STR_STROKE_KEY_CONTINUE)); >- } else { >- // >- // Add default user information. >- // >- Status = SetUserName (User, UserNameLen, UserName); >- if (EFI_ERROR (Status)) { >- QuestionStr = GetStringById (STRING_TOKEN >(STR_USER_ALREADY_EXISTED)); >- PromptStr = GetStringById (STRING_TOKEN >(STR_STROKE_KEY_CONTINUE)); >- goto Done; >- } >- >- SetCreateDate (User); >- SetIdentityPolicy (User); >- SetAccessPolicy (User); >- >- QuestionStr = GetStringById (STRING_TOKEN >(STR_CREATE_PROFILE_SUCCESS)); >- PromptStr = GetStringById (STRING_TOKEN >(STR_STROKE_KEY_CONTINUE)); >- } >- >-Done: >- CreatePopUp ( >- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >- &Key, >- QuestionStr, >- L"", >- PromptStr, >- NULL >- ); >- FreePool (QuestionStr); >- FreePool (PromptStr); >-} >- >diff --git >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileDelete. >c >b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileDelete. >c >deleted file mode 100644 >index af5d3109dd..0000000000 >--- >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileDelete. >c >+++ /dev/null >@@ -1,343 +0,0 @@ >-/** @file >- The functions to delete a user profile. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#include "UserProfileManager.h" >- >-/** >- Get the username from the specified user. >- >- @param[in] User Handle of a user profile. >- >- @retval EFI_STRING_ID The String Id of the user's username. >- >-**/ >-EFI_STRING_ID >-GetUserName ( >- IN EFI_USER_PROFILE_HANDLE User >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO_HANDLE UserInfo; >- EFI_USER_INFO *Info; >- UINTN InfoSize; >- UINTN MemSize; >- UINTN NameLen; >- CHAR16 UserName[USER_NAME_LENGTH]; >- EFI_STRING_ID UserId; >- >- // >- // Allocate user information memory. >- // >- MemSize = sizeof (EFI_USER_INFO) + 63; >- Info = AllocateZeroPool (MemSize); >- ASSERT (Info != NULL); >- >- // >- // Get user name information. >- // >- UserInfo = NULL; >- while (TRUE) { >- InfoSize = MemSize; >- // >- // Get next user information. >- // >- Status = mUserManager->GetNextInfo ( >- mUserManager, >- User, >- &UserInfo >- ); >- if (EFI_ERROR (Status)) { >- break; >- } >- >- Status = mUserManager->GetInfo ( >- mUserManager, >- User, >- UserInfo, >- Info, >- &InfoSize >- ); >- if (Status == EFI_BUFFER_TOO_SMALL) { >- MemSize = InfoSize; >- FreePool (Info); >- Info = AllocateZeroPool (MemSize); >- ASSERT (Info != NULL); >- >- Status = mUserManager->GetInfo ( >- mUserManager, >- User, >- UserInfo, >- Info, >- &InfoSize >- ); >- } >- // >- // Check user information. >- // >- if (Status == EFI_SUCCESS) { >- if (Info->InfoType == EFI_USER_INFO_NAME_RECORD) { >- NameLen = Info->InfoSize - sizeof (EFI_USER_INFO); >- if (NameLen > USER_NAME_LENGTH * sizeof (CHAR16)) { >- NameLen = USER_NAME_LENGTH * sizeof (CHAR16); >- } >- ASSERT (NameLen >= sizeof (CHAR16)); >- CopyMem (UserName, (UINT8 *) (Info + 1), NameLen); >- UserName[NameLen / sizeof (CHAR16) - 1] = 0; >- UserId = HiiSetString ( >- mCallbackInfo->HiiHandle, >- 0, >- UserName, >- NULL >- ); >- if (UserId != 0) { >- FreePool (Info); >- return UserId; >- } >- } >- } >- } >- >- FreePool (Info); >- return 0; >-} >- >- >-/** >- Add a username item in form. >- >- @param[in] User Points to the user profile whose username is added. >- @param[in] Index The index of the user in the user name list >- @param[in] OpCodeHandle Points to container for dynamic created >opcodes. >- >-**/ >-VOID >-AddUserToForm ( >- IN EFI_USER_PROFILE_HANDLE User, >- IN UINT16 Index, >- IN VOID *OpCodeHandle >- ) >-{ >- EFI_STRING_ID NameId; >- >- // >- // Get user name >- // >- NameId = GetUserName (User); >- if (NameId == 0) { >- return ; >- } >- >- // >- // Create user name option. >- // >- switch (Index & KEY_FIRST_FORM_MASK) { >- case KEY_MODIFY_USER: >- HiiCreateGotoOpCode ( >- OpCodeHandle, // Container for dynamic created opcodes >- FORMID_USER_INFO, // Target Form ID >- NameId, // Prompt text >- STRING_TOKEN (STR_NULL_STRING), // Help text >- EFI_IFR_FLAG_CALLBACK, // Question flag >- Index // Question ID >- ); >- break; >- >- case KEY_DEL_USER: >- HiiCreateActionOpCode ( >- OpCodeHandle, // Container for dynamic created opcodes >- Index, // Question ID >- NameId, // Prompt text >- STRING_TOKEN (STR_NULL_STRING), // Help text >- EFI_IFR_FLAG_CALLBACK, // Question flag >- 0 // Action String ID >- ); >- break; >- >- default: >- break; >- } >-} >- >- >-/** >- Delete the user specified by UserIndex in user profile database. >- >- @param[in] UserIndex The index of user in the user name list >- to be deleted. >- >-**/ >-VOID >-DeleteUser ( >- IN UINT8 UserIndex >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_PROFILE_HANDLE User; >- EFI_INPUT_KEY Key; >- EFI_USER_INFO_HANDLE UserInfo; >- EFI_USER_INFO *Info; >- UINTN InfoSize; >- >- // >- // Find specified user profile and delete it. >- // >- User = NULL; >- Status = mUserManager->GetNext (mUserManager, &User); >- if (EFI_ERROR (Status)) { >- goto Done; >- } >- >- while (UserIndex > 1) { >- Status = mUserManager->GetNext (mUserManager, &User); >- if (EFI_ERROR (Status)) { >- goto Done; >- } >- UserIndex--; >- } >- >- if (UserIndex == 1) { >- // >- // Get the identification policy. >- // >- Status = FindInfoByType (User, >EFI_USER_INFO_IDENTITY_POLICY_RECORD, &UserInfo); >- if (EFI_ERROR (Status)) { >- goto Done; >- } >- >- InfoSize = 0; >- Info = NULL; >- Status = mUserManager->GetInfo (mUserManager, User, UserInfo, Info, >&InfoSize); >- if (Status == EFI_BUFFER_TOO_SMALL) { >- Info = AllocateZeroPool (InfoSize); >- if (Info == NULL) { >- goto Done; >- } >- Status = mUserManager->GetInfo (mUserManager, User, UserInfo, Info, >&InfoSize); >- } >- >- // >- // Delete the user on the credential providers by its identification policy. >- // >- ASSERT (Info != NULL); >- DeleteCredentialFromProviders ((UINT8 *)(Info + 1), Info->InfoSize - sizeof >(EFI_USER_INFO), User); >- FreePool (Info); >- >- Status = mUserManager->Delete (mUserManager, User); >- if (EFI_ERROR (Status)) { >- goto Done; >- } >- CreatePopUp ( >- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >- &Key, >- L"Delete User Succeed!", >- L"", >- L"Please Press Any Key to Continue ...", >- NULL >- ); >- return ; >- } >- >-Done: >- CreatePopUp ( >- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >- &Key, >- L"Delete User Failed!", >- L"", >- L"Please Press Any Key to Continue ...", >- NULL >- ); >-} >- >- >-/** >- Display user select form, cab select a user to delete. >- >-**/ >-VOID >-SelectUserToDelete ( >- VOID >- ) >-{ >- EFI_STATUS Status; >- UINT8 Index; >- EFI_USER_PROFILE_HANDLE User; >- EFI_USER_PROFILE_HANDLE CurrentUser; >- VOID *StartOpCodeHandle; >- VOID *EndOpCodeHandle; >- EFI_IFR_GUID_LABEL *StartLabel; >- EFI_IFR_GUID_LABEL *EndLabel; >- >- // >- // Initialize the container for dynamic opcodes. >- // >- StartOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (StartOpCodeHandle != NULL); >- >- EndOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (EndOpCodeHandle != NULL); >- >- // >- // Create Hii Extend Label OpCode. >- // >- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- StartOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- StartLabel->Number = LABEL_USER_DEL_FUNC; >- >- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- EndOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- EndLabel->Number = LABEL_END; >- >- // >- // Add each user can be deleted. >- // >- User = NULL; >- Index = 1; >- mUserManager->Current (mUserManager, &CurrentUser); >- while (TRUE) { >- Status = mUserManager->GetNext (mUserManager, &User); >- if (EFI_ERROR (Status)) { >- break; >- } >- >- if (User != CurrentUser) { >- AddUserToForm ( >- User, >- (UINT16)(KEY_DEL_USER | KEY_SELECT_USER | Index), >- StartOpCodeHandle >- ); >- } >- Index++; >- } >- >- HiiUpdateForm ( >- mCallbackInfo->HiiHandle, // HII handle >- &gUserProfileManagerGuid, // Formset GUID >- FORMID_DEL_USER, // Form ID >- StartOpCodeHandle, // Label for where to insert opcodes >- EndOpCodeHandle // Replace data >- ); >- >- HiiFreeOpCodeHandle (StartOpCodeHandle); >- HiiFreeOpCodeHandle (EndOpCodeHandle); >-} >diff --git >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >er.c >b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >er.c >deleted file mode 100644 >index e73ba3a8fc..0000000000 >--- >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >er.c >+++ /dev/null >@@ -1,887 +0,0 @@ >-/** @file >- This driver is a configuration tool for adding, deleting or modifying user >- profiles, including gathering the necessary information to ascertain their >- identity in the future, updating user access policy and identification >- policy, etc. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-(C) Copyright 2018 Hewlett Packard Enterprise Development LP<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#include "UserProfileManager.h" >- >-EFI_USER_MANAGER_PROTOCOL *mUserManager = NULL; >-CREDENTIAL_PROVIDER_INFO *mProviderInfo = NULL; >-UINT8 mProviderChoice; >-UINT8 mConncetLogical; >-USER_INFO_ACCESS mAccessInfo; >-USER_INFO mUserInfo; >-USER_PROFILE_MANAGER_CALLBACK_INFO *mCallbackInfo; >-HII_VENDOR_DEVICE_PATH mHiiVendorDevicePath = { >- { >- { >- HARDWARE_DEVICE_PATH, >- HW_VENDOR_DP, >- { >- (UINT8) (sizeof (VENDOR_DEVICE_PATH)), >- (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) >- } >- }, >- USER_PROFILE_MANAGER_GUID >- }, >- { >- END_DEVICE_PATH_TYPE, >- END_ENTIRE_DEVICE_PATH_SUBTYPE, >- { >- (UINT8) (END_DEVICE_PATH_LENGTH), >- (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8) >- } >- } >-}; >- >- >-/** >- Get string by string id from HII Interface. >- >- >- @param[in] Id String ID to get the string from. >- >- @retval CHAR16 * String from ID. >- @retval NULL If error occurs. >- >-**/ >-CHAR16 * >-GetStringById ( >- IN EFI_STRING_ID Id >- ) >-{ >- // >- // Get the current string for the current Language. >- // >- return HiiGetString (mCallbackInfo->HiiHandle, Id, NULL); >-} >- >- >-/** >- This function gets all the credential providers in the system and saved them >- to mProviderInfo. >- >- @retval EFI_SUCESS Init credential provider database successfully. >- @retval Others Fail to init credential provider database. >- >-**/ >-EFI_STATUS >-InitProviderInfo ( >- VOID >- ) >-{ >- EFI_STATUS Status; >- UINTN HandleCount; >- EFI_HANDLE *HandleBuf; >- UINTN Index; >- >- // >- // Try to find all the user credential provider driver. >- // >- HandleCount = 0; >- HandleBuf = NULL; >- Status = gBS->LocateHandleBuffer ( >- ByProtocol, >- &gEfiUserCredential2ProtocolGuid, >- NULL, >- &HandleCount, >- &HandleBuf >- ); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- // >- // Get provider infomation. >- // >- if (mProviderInfo != NULL) { >- FreePool (mProviderInfo); >- } >- mProviderInfo = AllocateZeroPool ( >- sizeof (CREDENTIAL_PROVIDER_INFO) - >- sizeof (EFI_USER_CREDENTIAL2_PROTOCOL *) + >- HandleCount * sizeof (EFI_USER_CREDENTIAL2_PROTOCOL *) >- ); >- if (mProviderInfo == NULL) { >- FreePool (HandleBuf); >- return EFI_OUT_OF_RESOURCES; >- } >- >- mProviderInfo->Count = HandleCount; >- for (Index = 0; Index < HandleCount; Index++) { >- Status = gBS->HandleProtocol ( >- HandleBuf[Index], >- &gEfiUserCredential2ProtocolGuid, >- (VOID **) &mProviderInfo->Provider[Index] >- ); >- if (EFI_ERROR (Status)) { >- FreePool (HandleBuf); >- FreePool (mProviderInfo); >- mProviderInfo = NULL; >- return Status; >- } >- } >- >- FreePool (HandleBuf); >- return EFI_SUCCESS; >-} >- >- >-/** >- This function processes changes in user profile configuration. >- >- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. >- @param Action Specifies the type of action taken by the browser. >- @param QuestionId A unique value which is sent to the original >- exporting driver so that it can identify the type >- of data to expect. >- @param Type The type of value for the question. >- @param Value A pointer to the data being sent to the original >- exporting driver. >- @param ActionRequest On return, points to the action requested by >the >- callback function. >- >- @retval EFI_SUCCESS The callback successfully handled the action. >- @retval Others Fail to handle the action. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileManagerCallback ( >- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, >- IN EFI_BROWSER_ACTION Action, >- IN EFI_QUESTION_ID QuestionId, >- IN UINT8 Type, >- IN EFI_IFR_TYPE_VALUE *Value, >- OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest >- ) >-{ >- EFI_STATUS Status; >- EFI_INPUT_KEY Key; >- UINT32 CurrentAccessRight; >- CHAR16 *QuestionStr; >- CHAR16 *PromptStr; >- VOID *StartOpCodeHandle; >- VOID *EndOpCodeHandle; >- EFI_IFR_GUID_LABEL *StartLabel; >- EFI_IFR_GUID_LABEL *EndLabel; >- EFI_USER_PROFILE_HANDLE CurrentUser; >- >- Status = EFI_SUCCESS; >- >- switch (Action) { >- case EFI_BROWSER_ACTION_FORM_OPEN: >- { >- // >- // Update user manage Form when user manage Form is opened. >- // This will be done only in FORM_OPEN CallBack of question with >QUESTIONID_USER_MANAGE from user manage Form. >- // >- if (QuestionId != QUESTIONID_USER_MANAGE) { >- return EFI_SUCCESS; >- } >- >- // >- // Get current user >- // >- CurrentUser = NULL; >- mUserManager->Current (mUserManager, &CurrentUser); >- if (CurrentUser == NULL) { >- DEBUG ((DEBUG_ERROR, "Error: current user does not exist!\n")); >- return EFI_NOT_READY; >- } >- >- // >- // Get current user's right information. >- // >- Status = GetAccessRight (&CurrentAccessRight); >- if (EFI_ERROR (Status)) { >- CurrentAccessRight = EFI_USER_INFO_ACCESS_ENROLL_SELF; >- } >- >- // >- // Init credential provider information. >- // >- Status = InitProviderInfo (); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- // >- // Initialize the container for dynamic opcodes. >- // >- StartOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (StartOpCodeHandle != NULL); >- >- EndOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (EndOpCodeHandle != NULL); >- >- // >- // Create Hii Extend Label OpCode. >- // >- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- StartOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- StartLabel->Number = LABEL_USER_MANAGE_FUNC; >- >- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- EndOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- EndLabel->Number = LABEL_END; >- >- // >- // Add user profile option. >- // >- if ((CurrentAccessRight == EFI_USER_INFO_ACCESS_MANAGE) || >- (CurrentAccessRight == EFI_USER_INFO_ACCESS_ENROLL_OTHERS) >- ) { >- HiiCreateActionOpCode ( >- StartOpCodeHandle, // Container for dynamic created opcodes >- KEY_ADD_USER, // Question ID >- STRING_TOKEN (STR_ADD_USER_TITLE), // Prompt text >- STRING_TOKEN (STR_ADD_USER_HELP), // Help text >- EFI_IFR_FLAG_CALLBACK, // Question flag >- 0 // Action String ID >- ); >- } >- >- // >- // Add modify user profile option. >- // >- HiiCreateGotoOpCode ( >- StartOpCodeHandle, // Container for dynamic created opcodes >- FORMID_MODIFY_USER, // Target Form ID >- STRING_TOKEN (STR_MODIFY_USER_TITLE), // Prompt text >- STRING_TOKEN (STR_MODIFY_USER_HELP), // Help text >- EFI_IFR_FLAG_CALLBACK, // Question flag >- KEY_MODIFY_USER // Question ID >- ); >- >- // >- // Add delete user profile option >- // >- if (CurrentAccessRight == EFI_USER_INFO_ACCESS_MANAGE) { >- HiiCreateGotoOpCode ( >- StartOpCodeHandle, // Container for dynamic created opcodes >- FORMID_DEL_USER, // Target Form ID >- STRING_TOKEN (STR_DELETE_USER_TITLE), // Prompt text >- STRING_TOKEN (STR_DELETE_USER_HELP), // Help text >- EFI_IFR_FLAG_CALLBACK, // Question flag >- KEY_DEL_USER // Question ID >- ); >- } >- >- HiiUpdateForm ( >- mCallbackInfo->HiiHandle, // HII handle >- &gUserProfileManagerGuid, // Formset GUID >- FORMID_USER_MANAGE, // Form ID >- StartOpCodeHandle, // Label for where to insert opcodes >- EndOpCodeHandle // Replace data >- ); >- >- HiiFreeOpCodeHandle (StartOpCodeHandle); >- HiiFreeOpCodeHandle (EndOpCodeHandle); >- >- return EFI_SUCCESS; >- } >- break; >- >- case EFI_BROWSER_ACTION_FORM_CLOSE: >- Status = EFI_SUCCESS; >- break; >- >- case EFI_BROWSER_ACTION_CHANGED: >- { >- // >- // Handle the request from form. >- // >- if ((Value == NULL) || (ActionRequest == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Judge first 2 bits. >- // >- switch (QuestionId & KEY_FIRST_FORM_MASK) { >- // >- // Add user profile operation. >- // >- case KEY_ADD_USER: >- CallAddUser (); >- break; >- >- // >- // Delete user profile operation. >- // >- case KEY_DEL_USER: >- // >- // Judge next 2 bits. >- // >- switch (QuestionId & KEY_SECOND_FORM_MASK) { >- // >- // Delete specified user profile. >- // >- case KEY_SELECT_USER: >- DeleteUser ((UINT8) QuestionId); >- // >- // Update select user form after delete a user. >- // >- SelectUserToDelete (); >- break; >- >- default: >- break; >- } >- break; >- >- // >- // Modify user profile operation. >- // >- case KEY_MODIFY_USER: >- // >- // Judge next 2 bits. >- // >- switch (QuestionId & KEY_SECOND_FORM_MASK) { >- // >- // Enter user profile information form. >- // >- case KEY_SELECT_USER: >- // >- // Judge next 3 bits. >- // >- switch (QuestionId & KEY_MODIFY_INFO_MASK) { >- // >- // Modify user name. >- // >- case KEY_MODIFY_NAME: >- ModifyUserName (); >- // >- // Update username in parent form. >- // >- SelectUserToModify (); >- break; >- >- // >- // Modify identity policy. >- // >- case KEY_MODIFY_IP: >- // >- // Judge next 3 bits >- // >- switch (QuestionId & KEY_MODIFY_IP_MASK) { >- // >- // Change credential provider option. >- // >- case KEY_MODIFY_PROV: >- mProviderChoice = Value->u8; >- break; >- >- // >- // Change logical connector. >- // >- case KEY_MODIFY_CONN: >- mConncetLogical = Value->u8; >- break; >- >- // >- // Save option. >- // >- case KEY_ADD_IP_OP: >- AddIdentityPolicyItem (); >- break; >- >- // >- // Return to user profile information form. >- // >- case KEY_IP_RETURN_UIF: >- SaveIdentityPolicy (); >- *ActionRequest = >EFI_BROWSER_ACTION_REQUEST_FORM_SUBMIT_EXIT; >- break; >- >- default: >- break; >- } >- break; >- >- // >- // Modify access policy. >- // >- case KEY_MODIFY_AP: >- // >- // Judge next 3 bits. >- // >- switch (QuestionId & KEY_MODIFY_AP_MASK) { >- // >- // Change access right choice. >- // >- case KEY_MODIFY_RIGHT: >- mAccessInfo.AccessRight = Value->u8; >- break; >- >- // >- // Change setup choice. >- // >- case KEY_MODIFY_SETUP: >- mAccessInfo.AccessSetup= Value->u8; >- break; >- >- // >- // Change boot order choice. >- // >- case KEY_MODIFY_BOOT: >- mAccessInfo.AccessBootOrder = Value->u32; >- break; >- >- // >- // Return to user profile information form. >- // >- case KEY_AP_RETURN_UIF: >- SaveAccessPolicy (); >- *ActionRequest = >EFI_BROWSER_ACTION_REQUEST_FORM_SUBMIT_EXIT; >- break; >- >- default: >- break; >- } >- break; >- >- default: >- break; >- } >- break; >- >- // >- // Access policy device path modified. >- // >- case KEY_MODIFY_AP_DP: >- // >- // Judge next 2 bits. >- // >- switch (QuestionId & KEY_MODIFY_DP_MASK) { >- // >- // Load permit device path modified. >- // >- case KEY_LOAD_PERMIT_MODIFY: >- QuestionStr = GetStringById (STRING_TOKEN >(STR_MOVE_TO_FORBID_LIST)); >- PromptStr = GetStringById (STRING_TOKEN >(STR_PRESS_KEY_CONTINUE)); >- CreatePopUp ( >- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >- &Key, >- QuestionStr, >- L"", >- PromptStr, >- NULL >- ); >- FreePool (QuestionStr); >- FreePool (PromptStr); >- if (Key.UnicodeChar != CHAR_CARRIAGE_RETURN) { >- break; >- } >- >- AddToForbidLoad ((UINT16)(QuestionId & (KEY_MODIFY_DP_MASK - >1))); >- DisplayLoadPermit (); >- break; >- >- // >- // Load forbid device path modified. >- // >- case KEY_LOAD_FORBID_MODIFY: >- QuestionStr = GetStringById (STRING_TOKEN >(STR_MOVE_TO_PERMIT_LIST)); >- PromptStr = GetStringById (STRING_TOKEN >(STR_PRESS_KEY_CONTINUE)); >- CreatePopUp ( >- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >- &Key, >- QuestionStr, >- L"", >- PromptStr, >- NULL >- ); >- FreePool (QuestionStr); >- FreePool (PromptStr); >- if (Key.UnicodeChar != CHAR_CARRIAGE_RETURN) { >- break; >- } >- >- DeleteFromForbidLoad ((UINT16)(QuestionId & >(KEY_MODIFY_DP_MASK - 1))); >- DisplayLoadForbid (); >- break; >- >- // >- // Connect permit device path modified. >- // >- case KEY_CONNECT_PERMIT_MODIFY: >- break; >- >- // >- // Connect forbid device path modified. >- // >- case KEY_CONNECT_FORBID_MODIFY: >- break; >- >- default: >- break; >- } >- break; >- >- default: >- break; >- } >- break; >- >- default: >- break; >- } >- } >- break; >- >- >- case EFI_BROWSER_ACTION_CHANGING: >- { >- // >- // Handle the request from form. >- // >- if (Value == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Judge first 2 bits. >- // >- switch (QuestionId & KEY_FIRST_FORM_MASK) { >- // >- // Delete user profile operation. >- // >- case KEY_DEL_USER: >- // >- // Judge next 2 bits. >- // >- switch (QuestionId & KEY_SECOND_FORM_MASK) { >- // >- // Enter delete user profile form. >- // >- case KEY_ENTER_NEXT_FORM: >- SelectUserToDelete (); >- break; >- >- default: >- break; >- } >- break; >- >- // >- // Modify user profile operation. >- // >- case KEY_MODIFY_USER: >- // >- // Judge next 2 bits. >- // >- switch (QuestionId & KEY_SECOND_FORM_MASK) { >- // >- // Enter modify user profile form. >- // >- case KEY_ENTER_NEXT_FORM: >- SelectUserToModify (); >- break; >- >- // >- // Enter user profile information form. >- // >- case KEY_SELECT_USER: >- // >- // Judge next 3 bits. >- // >- switch (QuestionId & KEY_MODIFY_INFO_MASK) { >- // >- // Display user information form. >- // >- case KEY_ENTER_NEXT_FORM: >- ModifyUserInfo ((UINT8) QuestionId); >- break; >- >- // >- // Modify identity policy. >- // >- case KEY_MODIFY_IP: >- // >- // Judge next 3 bits >- // >- switch (QuestionId & KEY_MODIFY_IP_MASK) { >- // >- // Display identity policy modify form. >- // >- case KEY_ENTER_NEXT_FORM: >- ModifyIdentityPolicy (); >- break; >- >- default: >- break; >- } >- break; >- >- // >- // Modify access policy. >- // >- case KEY_MODIFY_AP: >- // >- // Judge next 3 bits. >- // >- switch (QuestionId & KEY_MODIFY_AP_MASK) { >- // >- // Display access policy modify form. >- // >- case KEY_ENTER_NEXT_FORM: >- ModidyAccessPolicy (); >- break; >- // >- // Load device path form. >- // >- case KEY_MODIFY_LOAD: >- // >- // Judge next 2 bits. >- // >- switch (QuestionId & KEY_DISPLAY_DP_MASK) { >- // >- // Permit load device path. >- // >- case KEY_PERMIT_MODIFY: >- DisplayLoadPermit (); >- break; >- >- // >- // Forbid load device path. >- // >- case KEY_FORBID_MODIFY: >- DisplayLoadForbid (); >- break; >- >- default: >- break; >- } >- break; >- >- // >- // Connect device path form. >- // >- case KEY_MODIFY_CONNECT: >- // >- // Judge next 2 bits. >- // >- switch (QuestionId & KEY_DISPLAY_DP_MASK) { >- // >- // Permit connect device path. >- // >- case KEY_PERMIT_MODIFY: >- DisplayConnectPermit (); >- break; >- >- // >- // Forbid connect device path. >- // >- case KEY_FORBID_MODIFY: >- DisplayConnectForbid (); >- break; >- >- default: >- break; >- } >- break; >- >- default: >- break; >- } >- break; >- >- default: >- break; >- } >- break; >- >- default: >- break; >- } >- break; >- >- default: >- break; >- } >- } >- break; >- >- default: >- // >- // All other action return unsupported. >- // >- Status = EFI_UNSUPPORTED; >- break; >- } >- >- >- return Status; >-} >- >- >-/** >- This function allows a caller to extract the current configuration for one >- or more named elements from the target driver. >- >- >- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. >- @param Request A null-terminated Unicode string in <ConfigRequest> >format. >- @param Progress On return, points to a character in the Request string. >- Points to the string's null terminator if request was successful. >- Points to the most recent '&' before the first failing name/value >- pair (or the beginning of the string if the failure is in the >- first name/value pair) if the request was not successful. >- @param Results A null-terminated Unicode string in <ConfigAltResp> >format which >- has all values filled in for the names in the Request string. >- String to be allocated by the called function. >- >- @retval EFI_SUCCESS The Results is filled with the requested values. >- @retval EFI_OUT_OF_RESOURCES Not enough memory to store the >results. >- @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown >name. >- @retval EFI_NOT_FOUND Routing data doesn't match any storage in >this driver. >- >-**/ >-EFI_STATUS >-EFIAPI >-FakeExtractConfig ( >- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, >- IN CONST EFI_STRING Request, >- OUT EFI_STRING *Progress, >- OUT EFI_STRING *Results >- ) >-{ >- if (Progress == NULL || Results == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- *Progress = Request; >- return EFI_NOT_FOUND; >-} >- >-/** >- This function processes the results of changes in configuration. >- >- >- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. >- @param Configuration A null-terminated Unicode string in <ConfigResp> >format. >- @param Progress A pointer to a string filled in with the offset of the >most >- recent '&' before the first failing name/value pair (or the >- beginning of the string if the failure is in the first >- name/value pair) or the terminating NULL if all was successful. >- >- @retval EFI_SUCCESS The Results is processed successfully. >- @retval EFI_INVALID_PARAMETER Configuration is NULL. >- @retval EFI_NOT_FOUND Routing data doesn't match any storage in >this driver. >- >-**/ >-EFI_STATUS >-EFIAPI >-FakeRouteConfig ( >- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, >- IN CONST EFI_STRING Configuration, >- OUT EFI_STRING *Progress >- ) >-{ >- if (Configuration == NULL || Progress == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- >- *Progress = Configuration; >- >- return EFI_NOT_FOUND; >-} >- >- >-/** >- Main entry for this driver. >- >- @param ImageHandle Image handle this driver. >- @param SystemTable Pointer to SystemTable. >- >- @retval EFI_SUCESS This function always complete successfully. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileManagerInit ( >- IN EFI_HANDLE ImageHandle, >- IN EFI_SYSTEM_TABLE *SystemTable >- ) >-{ >- EFI_STATUS Status; >- USER_PROFILE_MANAGER_CALLBACK_INFO *CallbackInfo; >- >- Status = gBS->LocateProtocol ( >- &gEfiUserManagerProtocolGuid, >- NULL, >- (VOID **) &mUserManager >- ); >- if (EFI_ERROR (Status)) { >- return EFI_SUCCESS; >- } >- >- // >- // Initialize driver private data. >- // >- ZeroMem (&mUserInfo, sizeof (mUserInfo)); >- ZeroMem (&mAccessInfo, sizeof (mAccessInfo)); >- >- CallbackInfo = AllocateZeroPool (sizeof >(USER_PROFILE_MANAGER_CALLBACK_INFO)); >- ASSERT (CallbackInfo != NULL); >- >- CallbackInfo->Signature = USER_PROFILE_MANAGER_SIGNATURE; >- CallbackInfo->ConfigAccess.ExtractConfig = FakeExtractConfig; >- CallbackInfo->ConfigAccess.RouteConfig = FakeRouteConfig; >- CallbackInfo->ConfigAccess.Callback = UserProfileManagerCallback; >- CallbackInfo->DriverHandle = NULL; >- >- // >- // Install Device Path Protocol and Config Access protocol to driver handle. >- // >- Status = gBS->InstallMultipleProtocolInterfaces ( >- &CallbackInfo->DriverHandle, >- &gEfiDevicePathProtocolGuid, >- &mHiiVendorDevicePath, >- &gEfiHiiConfigAccessProtocolGuid, >- &CallbackInfo->ConfigAccess, >- NULL >- ); >- ASSERT_EFI_ERROR (Status); >- >- // >- // Publish HII data. >- // >- CallbackInfo->HiiHandle = HiiAddPackages ( >- &gUserProfileManagerGuid, >- CallbackInfo->DriverHandle, >- UserProfileManagerStrings, >- UserProfileManagerVfrBin, >- NULL >- ); >- ASSERT (CallbackInfo->HiiHandle != NULL); >- mCallbackInfo = CallbackInfo; >- >- return Status; >-} >- >- >diff --git >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >er.h >b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >er.h >deleted file mode 100644 >index aff1e28d9d..0000000000 >--- >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >er.h >+++ /dev/null >@@ -1,444 +0,0 @@ >-/** @file >- The header file for user profile manager driver. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#ifndef __EFI_USER_PROFILE_MANAGER_H__ >-#define __EFI_USER_PROFILE_MANAGER_H__ >- >-#include <Uefi.h> >- >-#include <Guid/GlobalVariable.h> >-#include <Guid/MdeModuleHii.h> >- >-#include <Protocol/HiiConfigAccess.h> >-#include <Protocol/UserCredential2.h> >-#include <Protocol/UserManager.h> >- >-#include <Library/UefiRuntimeServicesTableLib.h> >-#include <Library/UefiBootServicesTableLib.h> >-#include <Library/MemoryAllocationLib.h> >-#include <Library/BaseMemoryLib.h> >-#include <Library/DevicePathLib.h> >-#include <Library/DebugLib.h> >-#include <Library/UefiLib.h> >-#include <Library/PrintLib.h> >-#include <Library/HiiLib.h> >- >-#include "UserProfileManagerData.h" >- >-#define USER_NAME_LENGTH 17 >- >-// >-// Credential Provider Information. >-// >-typedef struct { >- UINTN Count; >- EFI_USER_CREDENTIAL2_PROTOCOL *Provider[1]; >-} CREDENTIAL_PROVIDER_INFO; >- >-// >-// User profile information structure. >-// >-typedef struct { >- UINT64 UsageCount; >- EFI_TIME CreateDate; >- EFI_TIME UsageDate; >- UINTN AccessPolicyLen; >- UINTN IdentityPolicyLen; >- UINTN NewIdentityPolicyLen; >- UINT8 *AccessPolicy; >- UINT8 *IdentityPolicy; >- UINT8 *NewIdentityPolicy; >- CHAR16 UserName[USER_NAME_LENGTH]; >- BOOLEAN CreateDateExist; >- BOOLEAN UsageDateExist; >- BOOLEAN AccessPolicyModified; >- BOOLEAN IdentityPolicyModified; >- BOOLEAN NewIdentityPolicyModified; >-} USER_INFO; >- >-// >-// User access information structure. >-// >-typedef struct { >- UINTN LoadPermitLen; >- UINTN LoadForbidLen; >- UINTN ConnectPermitLen; >- UINTN ConnectForbidLen; >- UINT8 *LoadPermit; >- UINT8 *LoadForbid; >- UINT8 *ConnectPermit; >- UINT8 *ConnectForbid; >- UINT32 AccessBootOrder; >- UINT8 AccessRight; >- UINT8 AccessSetup; >-} USER_INFO_ACCESS; >- >-#define USER_PROFILE_MANAGER_SIGNATURE SIGNATURE_32 ('U', 'P', 'M', >'S') >- >-typedef struct { >- UINTN Signature; >- EFI_HANDLE DriverHandle; >- EFI_HII_HANDLE HiiHandle; >- EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess; >-} USER_PROFILE_MANAGER_CALLBACK_INFO; >- >-// >-// HII specific Vendor Device Path definition. >-// >-typedef struct { >- VENDOR_DEVICE_PATH VendorDevicePath; >- EFI_DEVICE_PATH_PROTOCOL End; >-} HII_VENDOR_DEVICE_PATH; >- >-// >-// This is the generated IFR binary data for each formset defined in VFR. >-// >-extern UINT8 UserProfileManagerVfrBin[]; >- >-// >-// This is the generated String package data for .UNI file. >-// >-extern UINT8 UserProfileManagerStrings[]; >- >-// >-// The user manager protocol, used in several function. >-// >-extern EFI_USER_MANAGER_PROTOCOL *mUserManager; >- >-// >-// The credential providers database in system. >-// >-extern CREDENTIAL_PROVIDER_INFO *mProviderInfo; >- >-// >-// The variables used to update identity policy. >-// >-extern UINT8 mProviderChoice; >-extern UINT8 mConncetLogical; >- >-// >-// The variables used to update access policy. >-// >-extern USER_INFO_ACCESS mAccessInfo; >- >-// >-// The user information used to record all data in UI. >-// >-extern USER_INFO mUserInfo; >- >-extern USER_PROFILE_MANAGER_CALLBACK_INFO *mCallbackInfo; >- >-extern EFI_USER_PROFILE_HANDLE mModifyUser; >- >-/** >- Get string by string id from HII Interface. >- >- >- @param[in] Id String ID to get the string from. >- >- @retval CHAR16 * String from ID. >- @retval NULL If error occurs. >- >-**/ >-CHAR16 * >-GetStringById ( >- IN EFI_STRING_ID Id >- ); >- >-/** >- Add a new user profile into the user profile database. >- >-**/ >-VOID >-CallAddUser ( >- VOID >- ); >- >-/** >- Display user select form; can select a user to modify. >- >-**/ >-VOID >-SelectUserToModify ( >- VOID >- ); >- >-/** >- Display user select form, cab select a user to delete. >- >-**/ >-VOID >-SelectUserToDelete ( >- VOID >- ); >- >-/** >- Delete the user specified by UserIndex in user profile database. >- >- @param[in] UserIndex The index of user in the user name list to be >deleted. >- >-**/ >-VOID >-DeleteUser ( >- IN UINT8 UserIndex >- ); >- >-/** >- Add a username item in form. >- >- @param[in] User Points to the user profile whose username is added. >- @param[in] Index The index of the user in the user name list. >- @param[in] OpCodeHandle Points to container for dynamic created >opcodes. >- >-**/ >-VOID >-AddUserToForm ( >- IN EFI_USER_PROFILE_HANDLE User, >- IN UINT16 Index, >- IN VOID *OpCodeHandle >- ); >- >-/** >- Display modify user information form >- >- In this form, username, create Date, usage date, usage count, identity policy, >- and access policy are displayed. >- >- @param[in] UserIndex The index of the user in display list to modify. >- >-**/ >-VOID >-ModifyUserInfo ( >- IN UINT8 UserIndex >- ); >- >-/** >- Get the username from user input and update username string in Hii >- database with it. >- >-**/ >-VOID >-ModifyUserName ( >- VOID >- ); >- >-/** >- Display the form of modifying user identity policy. >- >-**/ >-VOID >-ModifyIdentityPolicy ( >- VOID >- ); >- >-/** >- Update the mUserInfo.NewIdentityPolicy and UI when 'add option' is >pressed. >- >-**/ >-VOID >-AddIdentityPolicyItem ( >- VOID >- ); >- >-/** >- Save the identity policy and update UI with it. >- >- This function will verify the new identity policy, in current implementation, >- the identity policy can be: T, P & P & P & ..., P | P | P | ... >- Here, "T" means "True", "P" means "Credential Provider", "&" means "and", >"|" means "or". >- Other identity policies are not supported. >- >-**/ >-VOID >-SaveIdentityPolicy ( >- VOID >- ); >- >-/** >- Display modify user access policy form >- >- In this form, access right, access setu,p and access boot order are >dynamically >- added. Load devicepath and connect devicepath are displayed too. >- >-**/ >-VOID >-ModidyAccessPolicy ( >- VOID >- ); >- >-/** >- Collect all the access policy data to mUserInfo.AccessPolicy, >- and save it to user profile. >- >-**/ >-VOID >-SaveAccessPolicy ( >- VOID >- ); >- >-/** >- Get current user's access rights. >- >- @param[out] AccessRight Points to the buffer used for user's access rights. >- >- @retval EFI_SUCCESS Get current user access rights successfully. >- @retval others Fail to get current user access rights. >- >-**/ >-EFI_STATUS >-GetAccessRight ( >- OUT UINT32 *AccessRight >- ); >- >-/** >- Display the permit load device path in the loadable device path list. >- >-**/ >-VOID >-DisplayLoadPermit( >- VOID >- ); >- >-/** >- Display the forbid load device path list (mAccessInfo.LoadForbid). >- >-**/ >-VOID >-DisplayLoadForbid ( >- VOID >- ); >- >-/** >- Display the permit connect device path. >- >-**/ >-VOID >-DisplayConnectPermit ( >- VOID >- ); >- >-/** >- Display the forbid connect device path list. >- >-**/ >-VOID >-DisplayConnectForbid ( >- VOID >- ); >- >-/** >- Delete the specified device path by DriverIndex from the forbid device path >- list (mAccessInfo.LoadForbid). >- >- @param[in] DriverIndex The index of driver in a forbidden device path list. >- >-**/ >-VOID >-DeleteFromForbidLoad ( >- IN UINT16 DriverIndex >- ); >- >-/** >- Add the specified device path by DriverIndex to the forbid device path >- list (mAccessInfo.LoadForbid). >- >- @param[in] DriverIndex The index of driver saved in driver options. >- >-**/ >-VOID >-AddToForbidLoad ( >- IN UINT16 DriverIndex >- ); >- >-/** >- Get user name from the popup windows. >- >- @param[in, out] UserNameLen On entry, point to the buffer lengh of >UserName. >- On exit, point to the input user name length. >- @param[out] UserName The buffer to hold the input user name. >- >- @retval EFI_ABORTED It is given up by pressing 'ESC' key. >- @retval EFI_NOT_READY Not a valid input at all. >- @retval EFI_SUCCESS Get a user name successfully. >- >-**/ >-EFI_STATUS >-GetUserNameInput ( >- IN OUT UINTN *UserNameLen, >- OUT CHAR16 *UserName >- ); >- >-/** >- Find the specified info in User profile by the InfoType. >- >- @param[in] User Handle of the user whose information will be >searched. >- @param[in] InfoType The user information type to find. >- @param[out] UserInfo Points to user information handle found. >- >- @retval EFI_SUCCESS Find the user information successfully. >- @retval Others Fail to find the user information. >- >-**/ >-EFI_STATUS >-FindInfoByType ( >- IN EFI_USER_PROFILE_HANDLE User, >- IN UINT8 InfoType, >- OUT EFI_USER_INFO_HANDLE *UserInfo >- ); >- >-/** >- Convert the identity policy to a unicode string and update the Hii database >- IpStringId string with it. >- >- @param[in] Ip Points to identity policy. >- @param[in] IpLen The identity policy length. >- @param[in] IpStringId String ID in the HII database to be replaced. >- >-**/ >-VOID >-ResolveIdentityPolicy ( >- IN UINT8 *Ip, >- IN UINTN IpLen, >- IN EFI_STRING_ID IpStringId >- ); >- >-/** >- Expand access policy memory size. >- >- @param[in] ValidLen The valid access policy length. >- @param[in] ExpandLen The length that is needed to expand. >- >-**/ >-VOID >-ExpandMemory ( >- IN UINTN ValidLen, >- IN UINTN ExpandLen >- ); >- >-/** >- Delete User's credental from all the providers that exist in User's identity >policy. >- >- @param[in] IdentityPolicy Point to User's identity policy. >- @param[in] IdentityPolicyLen The length of the identity policy. >- @param[in] User Points to user profile. >- >-**/ >-VOID >-DeleteCredentialFromProviders ( >- IN UINT8 *IdentityPolicy, >- IN UINTN IdentityPolicyLen, >- IN EFI_USER_PROFILE_HANDLE User >- ); >- >-#endif >diff --git >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >er.uni >b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >er.uni >deleted file mode 100644 >index e4a768e00a..0000000000 >--- >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >er.uni >+++ /dev/null >@@ -1,22 +0,0 @@ >-// /** @file >-// A UI tool to manage user profiles >-// >-// By this module, user can add/update/delete user profiles, and can also >-// modify the user access policy and the user identification policy. >-// >-// Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR> >-// >-// This program and the accompanying materials >-// are licensed and made available under the terms and conditions of the BSD >License >-// which accompanies this distribution. The full text of the license may be >found at >-// http://opensource.org/licenses/bsd-license.php >-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >-// >-// **/ >- >- >-#string STR_MODULE_ABSTRACT #language en-US "A UI tool to >manage user profiles" >- >-#string STR_MODULE_DESCRIPTION #language en-US "By this module, >user can add/update/delete user profiles, and can also modify the user access >policy and the user identification policy." >- >diff --git >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >erData.h >b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >erData.h >deleted file mode 100644 >index a83caac9ba..0000000000 >--- >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >erData.h >+++ /dev/null >@@ -1,158 +0,0 @@ >-/** @file >- The form data for user profile manager driver. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#ifndef __USER_PROFILE_MANAGER_DATA_H__ >-#define __USER_PROFILE_MANAGER_DATA_H__ >- >-#include <Guid/UserProfileManagerHii.h> >- >-// >-// Form ID >-// >-#define FORMID_USER_MANAGE 0x0001 >-#define FORMID_MODIFY_USER 0x0002 >-#define FORMID_DEL_USER 0x0003 >-#define FORMID_USER_INFO 0x0004 >-#define FORMID_MODIFY_IP 0x0005 >-#define FORMID_MODIFY_AP 0x0006 >-#define FORMID_LOAD_DP 0x0007 >-#define FORMID_CONNECT_DP 0x0008 >-#define FORMID_PERMIT_LOAD_DP 0x0009 >-#define FORMID_FORBID_LOAD_DP 0x000A >-#define FORMID_PERMIT_CONNECT_DP 0x000B >-#define FORMID_FORBID_CONNECT_DP 0x000C >- >-// >-// Label ID >-// >-#define LABEL_USER_MANAGE_FUNC 0x0010 >-#define LABEL_USER_DEL_FUNC 0x0020 >-#define LABEL_USER_MOD_FUNC 0x0030 >-#define LABEL_USER_INFO_FUNC 0x0040 >-#define LABEL_IP_MOD_FUNC 0x0050 >-#define LABEL_AP_MOD_FUNC 0x0060 >-#define LABEL_PERMIT_LOAD_FUNC 0x0070 >-#define LABLE_FORBID_LOAD_FUNC 0x0080 >-#define LABEL_END 0x00F0 >- >-// >-// First form key (Add/modify/del user profile). >-// First 2 bits (bit 16~15). >-// >-#define KEY_MODIFY_USER 0x4000 >-#define KEY_DEL_USER 0x8000 >-#define KEY_ADD_USER 0xC000 >-#define KEY_FIRST_FORM_MASK 0xC000 >- >-// >-// Second form key (Display new form /Select user / modify device path in >access policy). >-// Next 2 bits (bit 14~13). >-// >-#define KEY_ENTER_NEXT_FORM 0x0000 >-#define KEY_SELECT_USER 0x1000 >-#define KEY_MODIFY_AP_DP 0x2000 >-#define KEY_OPEN_CLOSE_FORM_ACTION 0x3000 >-#define KEY_SECOND_FORM_MASK 0x3000 >- >-// >-// User profile information form key. >-// Next 3 bits (bit 12~10). >-// >-#define KEY_MODIFY_NAME 0x0200 >-#define KEY_MODIFY_IP 0x0400 >-#define KEY_MODIFY_AP 0x0600 >-#define KEY_MODIFY_INFO_MASK 0x0E00 >- >-// >-// Specified key, used in VFR (KEY_MODIFY_USER | KEY_SELECT_USER | >KEY_MODIFY_NAME). >-// >-#define KEY_MODIFY_USER_NAME 0x5200 >- >-// >-// Modify identity policy form key. >-// Next 3 bits (bit 9~7). >-// >-#define KEY_MODIFY_PROV 0x0040 >-#define KEY_MODIFY_MTYPE 0x0080 >-#define KEY_MODIFY_CONN 0x00C0 >-#define KEY_ADD_IP_OP 0x0100 >-#define KEY_IP_RETURN_UIF 0x0140 >-#define KEY_MODIFY_IP_MASK 0x01C0 >- >-// >-// Specified key. >-// >-#define KEY_ADD_LOGICAL_OP 0x5500 >-#define KEY_IP_RETURN 0x5540 >- >-// >-// Modify access policy form key. >-// Next 3 bits (bit 9~7). >-// >-#define KEY_MODIFY_RIGHT 0x0040 >-#define KEY_MODIFY_SETUP 0x0080 >-#define KEY_MODIFY_BOOT 0x00C0 >-#define KEY_MODIFY_LOAD 0x0100 >-#define KEY_MODIFY_CONNECT 0x0140 >-#define KEY_AP_RETURN_UIF 0x0180 >-#define KEY_MODIFY_AP_MASK 0x01C0 >- >-// >-// Specified key. >-// >-#define KEY_LOAD_DP 0x5700 >-#define KEY_CONN_DP 0x5740 >-#define KEY_AP_RETURN 0x5780 >- >-// >-// Device path form key. >-// Next 2 bits (bit 6~5). >-// >-#define KEY_PERMIT_MODIFY 0x0010 >-#define KEY_FORBID_MODIFY 0x0020 >-#define KEY_DISPLAY_DP_MASK 0x0030 >- >-// >-// Specified key. >-// >-#define KEY_LOAD_PERMIT 0x5710 >-#define KEY_LOAD_FORBID 0x5720 >-#define KEY_CONNECT_PERMIT 0x5750 >-#define KEY_CONNECT_FORBID 0x5760 >- >-// >-// Device path modify key. >-// 2 bits (bit 12~11). >-// >-#define KEY_LOAD_PERMIT_MODIFY 0x0000 >-#define KEY_LOAD_FORBID_MODIFY 0x0400 >-#define KEY_CONNECT_PERMIT_MODIFY 0x0800 >-#define KEY_CONNECT_FORBID_MODIFY 0x0C00 >-#define KEY_MODIFY_DP_MASK 0x0C00 >- >- >-// >-// The permissions usable when configuring the platform. >-// >-#define ACCESS_SETUP_RESTRICTED 1 >-#define ACCESS_SETUP_NORMAL 2 >-#define ACCESS_SETUP_ADMIN 3 >- >-// >-// Question ID for the question used in each form >(KEY_OPEN_CLOSE_FORM_ACTION | FORMID_FORM_USER_MANAGE) >-// This ID is used in FORM OPEN/CLOSE CallBack action. >-// >-#define QUESTIONID_USER_MANAGE 0x3001 >- >-#endif >diff --git >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >erDxe.inf >b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >erDxe.inf >deleted file mode 100644 >index cdd97731b2..0000000000 >--- >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >erDxe.inf >+++ /dev/null >@@ -1,72 +0,0 @@ >-## @file >-# A UI tool to manage user profiles >-# >-# By this module, user can add/update/delete user profiles, and can also >-# modify the user access policy and the user identification policy. >-# >-# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-# This program and the accompanying materials >-# are licensed and made available under the terms and conditions of the BSD >License >-# which accompanies this distribution. The full text of the license may be >found at >-# http://opensource.org/licenses/bsd-license.php >-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >-# >-## >- >-[Defines] >- INF_VERSION = 0x00010005 >- BASE_NAME = UserProfileManager >- MODULE_UNI_FILE = UserProfileManager.uni >- FILE_GUID = E38CB52D-A74D-45db-A8D0-290C9B21BBF2 >- MODULE_TYPE = DXE_DRIVER >- VERSION_STRING = 1.0 >- ENTRY_POINT = UserProfileManagerInit >- >-[Sources] >- UserProfileManager.c >- UserProfileManager.h >- UserProfileAdd.c >- UserProfileDelete.c >- UserProfileModify.c >- ModifyIdentityPolicy.c >- ModifyAccessPolicy.c >- UserProfileManagerData.h >- UserProfileManagerStrings.uni >- UserProfileManagerVfr.Vfr >- >-[Packages] >- MdePkg/MdePkg.dec >- MdeModulePkg/MdeModulePkg.dec >- SecurityPkg/SecurityPkg.dec >- >-[LibraryClasses] >- UefiRuntimeServicesTableLib >- UefiBootServicesTableLib >- UefiDriverEntryPoint >- MemoryAllocationLib >- BaseMemoryLib >- DebugLib >- HiiLib >- UefiLib >- DevicePathLib >- >-[Guids] >- gEfiIfrTianoGuid ## SOMETIMES_CONSUMES ## GUID >- gEfiUserInfoAccessSetupAdminGuid ## SOMETIMES_CONSUMES ## >GUID >- gEfiUserInfoAccessSetupNormalGuid ## SOMETIMES_CONSUMES ## >GUID >- gEfiUserInfoAccessSetupRestrictedGuid ## SOMETIMES_CONSUMES >## GUID >- gUserProfileManagerGuid ## CONSUMES ## HII >- >-[Protocols] >- gEfiDevicePathProtocolGuid ## PRODUCES >- gEfiHiiConfigAccessProtocolGuid ## PRODUCES >- gEfiUserCredential2ProtocolGuid ## SOMETIMES_CONSUMES >- gEfiUserManagerProtocolGuid ## CONSUMES >- >-[Depex] >- gEfiUserManagerProtocolGuid >- >-[UserExtensions.TianoCore."ExtraFiles"] >- UserProfileManagerExtra.uni >- >diff --git >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >erExtra.uni >b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >erExtra.uni >deleted file mode 100644 >index bf7ac7dc04..0000000000 >--- >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >erExtra.uni >+++ /dev/null >@@ -1,19 +0,0 @@ >-// /** @file >-// UserProfileManager Localized Strings and Content >-// >-// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> >-// >-// This program and the accompanying materials >-// are licensed and made available under the terms and conditions of the BSD >License >-// which accompanies this distribution. The full text of the license may be >found at >-// http://opensource.org/licenses/bsd-license.php >-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >-// >-// **/ >- >-#string STR_PROPERTIES_MODULE_NAME >-#language en-US >-"User Profile Manager" >- >- >diff --git >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >erStrings.uni >b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >erStrings.uni >deleted file mode 100644 >index 3a003a9883..0000000000 >--- >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >erStrings.uni >+++ /dev/null >@@ -1,158 +0,0 @@ >-/** @file >- String definitions for User Profile Manager driver. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#langdef en-US "English" >-#langdef fr-FR "Français" >- >-#string STR_NULL_STRING #language en-US "" >- #language fr-FR "" >-#string STR_FORMSET_TITLE #language en-US "User Manager" >- #language fr-FR "User Manager(French)" >-#string STR_TITLE_HELP #language en-US "This selection will take >you to the User Manager" >- #language fr-FR "This selection will take you to the User >Manager(French)" >-#string STR_USERMAN_TITLE #language en-US "User Manager" >- #language fr-FR "User Manager(French)" >-#string STR_ADD_USER_TITLE #language en-US "Add User Profile" >- #language fr-FR "Add User Profile(French)" >-#string STR_ADD_USER_HELP #language en-US "Add User Profile to >User Database" >- #language fr-FR "Add User Profile to User >Database(French)" >-#string STR_MODIFY_USER_TITLE #language en-US "Modify User >Profile" >- #language fr-FR "Modify User Profile(French)" >-#string STR_MODIFY_USER_HELP #language en-US "Modify User Profile >Information" >- #language fr-FR "Modify User Profile >Information(French)" >-#string STR_DELETE_USER_TITLE #language en-US "Delete User Profile" >- #language fr-FR "Delete User Profile(French)" >-#string STR_DELETE_USER_HELP #language en-US "Delete User Profile >from User Database" >- #language fr-FR "Delete User Profile from User >Database(French)" >-#string STR_USER_INFO #language en-US "User Profile >Information" >- #language fr-FR "User Profile Information(French)" >-#string STR_USER_NAME #language en-US "User Name" >- #language fr-FR "User Name(French)" >-#string STR_USER_NAME_VAL #language en-US "" >- #language fr-FR "" >-#string STR_CREATE_DATE #language en-US "Create Date" >- #language fr-FR "Create Date(French)" >-#string STR_CREATE_DATE_VAL #language en-US "" >- #language fr-FR "" >-#string STR_USAGE_DATE #language en-US "Usage Date" >- #language fr-FR "Usage Date(French)" >-#string STR_USAGE_DATE_VAL #language en-US "" >- #language fr-FR "" >-#string STR_USAGE_COUNT #language en-US "Usage Count" >- #language fr-FR "Usage Count(French)" >-#string STR_USAGE_COUNT_VAL #language en-US "" >- #language fr-FR "" >-#string STR_IDENTIFY_POLICY #language en-US "Identify Policy" >- #language fr-FR "Identify Policy(French)" >-#string STR_IDENTIFY_POLICY_VAL #language en-US "" >- #language fr-FR "" >-#string STR_ACCESS_POLICY #language en-US "Access Policy" >- #language fr-FR "Access Policy(French)" >-#string STR_SAVE #language en-US "Save & Exit" >- #language fr-FR "Save & Exit(French)" >-#string STR_IDENTIFY_SAVE_HELP #language en-US "Save Identify Policy >and Exit" >- #language fr-FR "Save Identify Policy and Exit(French)" >-#string STR_PROVIDER #language en-US "Credential Provider" >- #language fr-FR "Credential Provider(French)" >-#string STR_PROVIDER_HELP #language en-US "Select Credential >Provider Option" >- #language fr-FR "Select Credential Provider >Option(French)" >-#string STR_OR_CON #language en-US "Or" >- #language fr-FR "Or(French)" >-#string STR_AND_CON #language en-US "And" >- #language fr-FR "And(French)" >-#string STR_CONNECTOR #language en-US "Logical Connector" >- #language fr-FR "Logical Connector(French)" >-#string STR_CONNECTOR_HELP #language en-US "Select Logical >Connector Option" >- #language fr-FR "Select Logical Connector >Option(French)" >-#string STR_IDENTIFY_POLICY_VALUE #language en-US "" >- #language fr-FR "" >-#string STR_IDENTIFY_POLICY_HELP #language en-US "Current Identify >Policy" >- #language fr-FR "Current Identify Policy(French)" >-#string STR_ADD_OPTION #language en-US "Add Option" >- #language fr-FR "Add Option(French)" >-#string STR_ADD_OPTION_HELP #language en-US "Add This Option to >Identify Policy" >- #language fr-FR "Add This Option to Identify >Policy(French)" >-#string STR_ACCESS_SAVE_HELP #language en-US "Save Access Policy >and Exit" >- #language fr-FR "Save Access Policy and Exit(French)" >-#string STR_ACCESS_RIGHT #language en-US "Access Right" >- #language fr-FR "Access Right(French)" >-#string STR_ACCESS_RIGHT_HELP #language en-US "Select Access Right >Option" >- #language fr-FR "Select Access Right Option(French)" >-#string STR_NORMAL #language en-US "Normal" >- #language fr-FR "Normal(French)" >-#string STR_ENROLL #language en-US "Enroll" >- #language fr-FR "Enroll(French)" >-#string STR_MANAGE #language en-US "Manage" >- #language fr-FR "Manage(French)" >-#string STR_ACCESS_SETUP #language en-US "Access Setup" >- #language fr-FR "Access Setup(French)" >-#string STR_ACCESS_SETUP_HELP #language en-US "Select Access >Setup Option" >- #language fr-FR "Selelct Access Setup Option(French)" >-#string STR_RESTRICTED #language en-US "Restricted" >- #language fr-FR "Restricted(French)" >-#string STR_ADMIN #language en-US "Admin" >- #language fr-FR "Admin(French)" >-#string STR_BOOR_ORDER #language en-US "Access Boot Order" >- #language fr-FR "Access Boot Order(French)" >-#string STR_BOOT_ORDER_HELP #language en-US "Select Access Boot >Order Option" >- #language fr-FR "Select Access Boot Order >Option(French)" >-#string STR_INSERT #language en-US "Insert" >- #language fr-FR "Insert(French)" >-#string STR_APPEND #language en-US "Append" >- #language fr-FR "Append(French)" >-#string STR_REPLACE #language en-US "Replace" >- #language fr-FR "Replace(French)" >-#string STR_NODEFAULT #language en-US "Nodefault" >- #language fr-FR "Nodefault(French)" >-#string STR_LOAD #language en-US "Load Device Path" >- #language fr-FR "Load Device Path(French)" >-#string STR_LOAD_HELP #language en-US "Select Permit/Forbid >Load Device Path" >- #language fr-FR "Select Permit/Forbid Load Device >Path(French)" >-#string STR_CONNECT #language en-US "Connect Device Path" >- #language fr-FR "Connect Device Path(French)" >-#string STR_CONNECT_HELP #language en-US "Select Permit/Forbid >Connect Device Path" >- #language fr-FR "Select Permit/Forbid Connect Device >Path(French)" >-#string STR_LOAD_PERMIT #language en-US "Permit Load Device >Path" >- #language fr-FR "Permit Load Device Path(French)" >-#string STR_LOAD_PERMIT_HELP #language en-US "Change Permit >Load Device Path to Forbid" >- #language fr-FR "Change Permit Load Device Path to >Forbid(French)" >-#string STR_LOAD_FORBID #language en-US "Forbid Load Device >Path" >- #language fr-FR "Forbid Load Device Path(French)" >-#string STR_LOAD_FORBID_HELP #language en-US "Change Forbid Load >Device Path to Permit" >- #language fr-FR "Change Forbid Load Device Path to >Permit(French)" >-#string STR_CONNECT_PERMIT #language en-US "Permit Connect >Device Path" >- #language fr-FR "Permit Connect Device Path(French)" >-#string STR_CONNECT_PERMIT_HELP #language en-US "Change Permit >Connect Device Path to Forbid" >- #language fr-FR "Change Permit Connect Device Path to >Forbid(French)" >-#string STR_CONNECT_FORBID #language en-US "Forbid Connect >Device Path" >- #language fr-FR "Forbid Connect Device Path(French)" >-#string STR_CONNECT_FORBID_HELP #language en-US "Change Forbid >Connect Device Path to Permit" >- #language fr-FR "Change Forbid Connect Device Path to >Permit(French)" >-#string STR_PRESS_KEY_CONTINUE #language en-US "Press ENTER to >Continue, Other Key to Cancel ..." >- #language fr-FR "Press ENTER to Continue, Other Key to >Cancel ...(French)" >-#string STR_MOVE_TO_FORBID_LIST #language en-US "Are You Sure to >Move It to Forbid List?" >- #language fr-FR "Are You Sure to Move It to Forbid >List?(French)" >-#string STR_MOVE_TO_PERMIT_LIST #language en-US "Are You Sure to >Move It to Permit List?" >- #language fr-FR "Are You Sure to Move It to Permit >List?(French)" >-#string STR_STROKE_KEY_CONTINUE #language en-US "Please Press Any >Key to Continue ..." >- #language fr-FR "Please Press Any Key to Continue ... >(French)" >-#string STR_CREATE_PROFILE_FAILED #language en-US "Create New User >Profile Failed!" >- #language fr-FR "Create New User Profile Failed! >(French)" >-#string STR_CREATE_PROFILE_SUCCESS #language en-US "Create New >User Profile Succeed!" >- #language fr-FR "Create New User Profile Succeed! >(French)" >-#string STR_USER_ALREADY_EXISTED #language en-US "User Name Had >Already Existed." >- #language fr-FR "User Name Had Already Existed. >(French)" >-#string STR_GET_USERNAME_FAILED #language en-US "Failed To Get >User Name." >- #language fr-FR "Failed To Get User Name. (French)" >- >diff --git >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >erVfr.Vfr >b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >erVfr.Vfr >deleted file mode 100644 >index 2cf3359f2a..0000000000 >--- >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >erVfr.Vfr >+++ /dev/null >@@ -1,244 +0,0 @@ >-/** @file >- User Profile Manager formset. >- >-Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#include "UserProfileManagerData.h" >- >-#define USER_MANAGER_CLASS 0x00 >-#define USER_MANAGER_SUBCLASS 0x04 >- >-formset >- guid = USER_PROFILE_MANAGER_GUID, >- title = STRING_TOKEN(STR_FORMSET_TITLE), >- help = STRING_TOKEN(STR_TITLE_HELP), >- >- // User manager form >- form formid = FORMID_USER_MANAGE, >- title = STRING_TOKEN(STR_USERMAN_TITLE); >- >- label LABEL_USER_MANAGE_FUNC; >- label LABEL_END; >- >- suppressif TRUE; >- text >- help = STRING_TOKEN(STR_NULL_STRING), >- text = STRING_TOKEN(STR_NULL_STRING), >- flags = INTERACTIVE, >- key = QUESTIONID_USER_MANAGE; >- endif; >- >- endform; >- >- // Modify user profile form >- form formid = FORMID_MODIFY_USER, >- title = STRING_TOKEN(STR_MODIFY_USER_TITLE); >- >- label LABEL_USER_MOD_FUNC; >- label LABEL_END; >- >- endform; >- >- // Delete user profile form >- form formid = FORMID_DEL_USER, >- title = STRING_TOKEN(STR_DELETE_USER_TITLE); >- >- label LABEL_USER_DEL_FUNC; >- label LABEL_END; >- >- subtitle >- text = STRING_TOKEN(STR_NULL_STRING); >- endform; >- >- // >- // User profile information form >- // >- form formid = FORMID_USER_INFO, >- title = STRING_TOKEN(STR_USER_INFO); >- >- text >- help = STRING_TOKEN(STR_USER_NAME_VAL), >- text = STRING_TOKEN(STR_USER_NAME), >- flags = INTERACTIVE, >- key = KEY_MODIFY_USER_NAME; >- >- text >- help = STRING_TOKEN(STR_CREATE_DATE_VAL), >- text = STRING_TOKEN(STR_CREATE_DATE); >- >- text >- help = STRING_TOKEN(STR_USAGE_DATE_VAL), >- text = STRING_TOKEN(STR_USAGE_DATE); >- >- text >- help = STRING_TOKEN(STR_USAGE_COUNT_VAL), >- text = STRING_TOKEN(STR_USAGE_COUNT); >- >- label LABEL_USER_INFO_FUNC; >- label LABEL_END; >- >- endform; >- >- // >- // Identify policy modify form >- // >- form formid = FORMID_MODIFY_IP, >- title = STRING_TOKEN(STR_IDENTIFY_POLICY); >- >- text >- help = STRING_TOKEN(STR_IDENTIFY_POLICY_HELP), >- text = STRING_TOKEN(STR_IDENTIFY_POLICY), >- text = STRING_TOKEN(STR_IDENTIFY_POLICY_VALUE); >- >- label LABEL_IP_MOD_FUNC; >- label LABEL_END; >- >- text >- help = STRING_TOKEN(STR_ADD_OPTION_HELP), >- text = STRING_TOKEN(STR_ADD_OPTION), >- flags = INTERACTIVE, >- key = KEY_ADD_LOGICAL_OP; >- >- subtitle >- text = STRING_TOKEN(STR_NULL_STRING); >- >- text >- help = STRING_TOKEN(STR_IDENTIFY_SAVE_HELP), >- text = STRING_TOKEN(STR_SAVE), >- flags = INTERACTIVE, >- key = KEY_IP_RETURN; >- >- endform; >- >- // >- // Access policy modify form >- // >- form formid = FORMID_MODIFY_AP, >- title = STRING_TOKEN(STR_ACCESS_POLICY); >- >- label LABEL_AP_MOD_FUNC; >- label LABEL_END; >- >- goto FORMID_LOAD_DP, >- prompt = STRING_TOKEN(STR_LOAD), >- help = STRING_TOKEN(STR_LOAD_HELP), >- flags = INTERACTIVE, >- key = KEY_LOAD_DP; >- >- goto FORMID_CONNECT_DP, >- prompt = STRING_TOKEN(STR_CONNECT), >- help = STRING_TOKEN(STR_CONNECT_HELP), >- flags = INTERACTIVE, >- key = KEY_CONN_DP; >- >- subtitle >- text = STRING_TOKEN(STR_NULL_STRING); >- >- text >- help = STRING_TOKEN(STR_ACCESS_SAVE_HELP), >- text = STRING_TOKEN(STR_SAVE), >- flags = INTERACTIVE, >- key = KEY_AP_RETURN; >- >- endform; >- >- // >- // Load device path form >- // >- form formid = FORMID_LOAD_DP, >- title = STRING_TOKEN(STR_LOAD); >- >- goto FORMID_PERMIT_LOAD_DP, >- prompt = STRING_TOKEN(STR_LOAD_PERMIT), >- help = STRING_TOKEN(STR_LOAD_PERMIT_HELP), >- flags = INTERACTIVE, >- key = KEY_LOAD_PERMIT; >- >- goto FORMID_FORBID_LOAD_DP, >- prompt = STRING_TOKEN(STR_LOAD_FORBID), >- help = STRING_TOKEN(STR_LOAD_FORBID_HELP), >- flags = INTERACTIVE, >- key = KEY_LOAD_FORBID; >- >- endform; >- >- // >- // Permit load device path form >- // >- form formid = FORMID_PERMIT_LOAD_DP, >- title = STRING_TOKEN(STR_LOAD_PERMIT); >- >- label LABEL_PERMIT_LOAD_FUNC; >- label LABEL_END; >- >- subtitle >- text = STRING_TOKEN(STR_NULL_STRING); >- >- endform; >- >- // >- // Forbid load device path form >- // >- form formid = FORMID_FORBID_LOAD_DP, >- title = STRING_TOKEN(STR_LOAD_FORBID); >- >- label LABLE_FORBID_LOAD_FUNC; >- label LABEL_END; >- >- subtitle >- text = STRING_TOKEN(STR_NULL_STRING); >- >- endform; >- >- // >- // Connect device path form >- // >- form formid = FORMID_CONNECT_DP, >- title = STRING_TOKEN(STR_CONNECT); >- >- goto FORMID_PERMIT_CONNECT_DP, >- prompt = STRING_TOKEN(STR_CONNECT_PERMIT), >- help = STRING_TOKEN(STR_CONNECT_PERMIT_HELP), >- flags = INTERACTIVE, >- key = KEY_CONNECT_PERMIT; >- >- goto FORMID_FORBID_CONNECT_DP, >- prompt = STRING_TOKEN(STR_CONNECT_FORBID), >- help = STRING_TOKEN(STR_CONNECT_FORBID_HELP), >- flags = INTERACTIVE, >- key = KEY_CONNECT_FORBID; >- >- endform; >- >- // >- // Permit connect device path form >- // >- form formid = FORMID_PERMIT_CONNECT_DP, >- title = STRING_TOKEN(STR_CONNECT_PERMIT); >- >- subtitle >- text = STRING_TOKEN(STR_NULL_STRING); >- >- endform; >- >- // >- // Forbid connect device path form >- // >- form formid = FORMID_FORBID_CONNECT_DP, >- title = STRING_TOKEN(STR_CONNECT_FORBID); >- >- subtitle >- text = STRING_TOKEN(STR_NULL_STRING); >- >- endform; >- >-endformset; >diff --git >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModify >.c >b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModify >.c >deleted file mode 100644 >index d165e5ae9b..0000000000 >--- >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModify >.c >+++ /dev/null >@@ -1,1475 +0,0 @@ >-/** @file >- The functions to modify a user profile. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#include "UserProfileManager.h" >- >-EFI_USER_PROFILE_HANDLE mModifyUser = NULL; >- >-/** >- Display user select form, cab select a user to modify. >- >-**/ >-VOID >-SelectUserToModify ( >- VOID >- ) >-{ >- EFI_STATUS Status; >- UINT8 Index; >- EFI_USER_PROFILE_HANDLE User; >- EFI_USER_PROFILE_HANDLE CurrentUser; >- UINT32 CurrentAccessRight; >- VOID *StartOpCodeHandle; >- VOID *EndOpCodeHandle; >- EFI_IFR_GUID_LABEL *StartLabel; >- EFI_IFR_GUID_LABEL *EndLabel; >- >- // >- // Initialize the container for dynamic opcodes. >- // >- StartOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (StartOpCodeHandle != NULL); >- >- EndOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (EndOpCodeHandle != NULL); >- >- // >- // Create Hii Extend Label OpCode. >- // >- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- StartOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- StartLabel->Number = LABEL_USER_MOD_FUNC; >- >- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- EndOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- EndLabel->Number = LABEL_END; >- >- // >- // Add each user can be modified. >- // >- User = NULL; >- Index = 1; >- mUserManager->Current (mUserManager, &CurrentUser); >- while (TRUE) { >- Status = mUserManager->GetNext (mUserManager, &User); >- if (EFI_ERROR (Status)) { >- break; >- } >- >- Status = GetAccessRight (&CurrentAccessRight); >- if (EFI_ERROR (Status)) { >- CurrentAccessRight = EFI_USER_INFO_ACCESS_ENROLL_SELF; >- } >- >- if ((CurrentAccessRight == EFI_USER_INFO_ACCESS_MANAGE) || (User == >CurrentUser)) { >- AddUserToForm (User, (UINT16)(KEY_MODIFY_USER | KEY_SELECT_USER >| Index), StartOpCodeHandle); >- } >- Index++; >- } >- >- HiiUpdateForm ( >- mCallbackInfo->HiiHandle, // HII handle >- &gUserProfileManagerGuid, // Formset GUID >- FORMID_MODIFY_USER, // Form ID >- StartOpCodeHandle, // Label for where to insert opcodes >- EndOpCodeHandle // Replace data >- ); >- >- HiiFreeOpCodeHandle (StartOpCodeHandle); >- HiiFreeOpCodeHandle (EndOpCodeHandle); >-} >- >- >-/** >- Get all the user info from mModifyUser in the user manager, and save on >the >- global variable. >- >-**/ >-VOID >-GetAllUserInfo ( >- VOID >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO_HANDLE UserInfo; >- EFI_USER_INFO *Info; >- UINTN InfoSize; >- UINTN MemSize; >- UINTN DataLen; >- >- // >- // Init variable to default value. >- // >- mProviderChoice = 0; >- mConncetLogical = 0; >- >- mUserInfo.CreateDateExist = FALSE; >- mUserInfo.UsageDateExist = FALSE; >- mUserInfo.UsageCount = 0; >- >- mUserInfo.AccessPolicyLen = 0; >- mUserInfo.AccessPolicyModified = FALSE; >- if (mUserInfo.AccessPolicy != NULL) { >- FreePool (mUserInfo.AccessPolicy); >- mUserInfo.AccessPolicy = NULL; >- } >- mUserInfo.IdentityPolicyLen = 0; >- mUserInfo.IdentityPolicyModified = FALSE; >- if (mUserInfo.IdentityPolicy != NULL) { >- FreePool (mUserInfo.IdentityPolicy); >- mUserInfo.IdentityPolicy = NULL; >- } >- >- // >- // Allocate user information memory. >- // >- MemSize = sizeof (EFI_USER_INFO) + 63; >- Info = AllocateZeroPool (MemSize); >- if (Info == NULL) { >- return ; >- } >- >- // >- // Get each user information. >- // >- UserInfo = NULL; >- while (TRUE) { >- Status = mUserManager->GetNextInfo (mUserManager, mModifyUser, >&UserInfo); >- if (EFI_ERROR (Status)) { >- break; >- } >- // >- // Get information. >- // >- InfoSize = MemSize; >- Status = mUserManager->GetInfo ( >- mUserManager, >- mModifyUser, >- UserInfo, >- Info, >- &InfoSize >- ); >- if (Status == EFI_BUFFER_TOO_SMALL) { >- MemSize = InfoSize; >- FreePool (Info); >- Info = AllocateZeroPool (MemSize); >- if (Info == NULL) { >- return ; >- } >- >- Status = mUserManager->GetInfo ( >- mUserManager, >- mModifyUser, >- UserInfo, >- Info, >- &InfoSize >- ); >- } >- >- if (Status == EFI_SUCCESS) { >- // >- // Deal with each information according to informaiton type. >- // >- DataLen = Info->InfoSize - sizeof (EFI_USER_INFO); >- switch (Info->InfoType) { >- case EFI_USER_INFO_NAME_RECORD: >- CopyMem (&mUserInfo.UserName, (UINT8 *) (Info + 1), DataLen); >- break; >- >- case EFI_USER_INFO_CREATE_DATE_RECORD: >- CopyMem (&mUserInfo.CreateDate, (UINT8 *) (Info + 1), DataLen); >- mUserInfo.CreateDateExist = TRUE; >- break; >- >- case EFI_USER_INFO_USAGE_DATE_RECORD: >- CopyMem (&mUserInfo.UsageDate, (UINT8 *) (Info + 1), DataLen); >- mUserInfo.UsageDateExist = TRUE; >- break; >- >- case EFI_USER_INFO_USAGE_COUNT_RECORD: >- CopyMem (&mUserInfo.UsageCount, (UINT8 *) (Info + 1), DataLen); >- break; >- >- case EFI_USER_INFO_ACCESS_POLICY_RECORD: >- mUserInfo.AccessPolicy = AllocateZeroPool (DataLen); >- if (mUserInfo.AccessPolicy == NULL) { >- break; >- } >- >- CopyMem (mUserInfo.AccessPolicy, (UINT8 *) (Info + 1), DataLen); >- mUserInfo.AccessPolicyLen = DataLen; >- break; >- >- case EFI_USER_INFO_IDENTITY_POLICY_RECORD: >- mUserInfo.IdentityPolicy = AllocateZeroPool (DataLen); >- if (mUserInfo.IdentityPolicy == NULL) { >- break; >- } >- >- CopyMem (mUserInfo.IdentityPolicy, (UINT8 *) (Info + 1), DataLen); >- mUserInfo.IdentityPolicyLen = DataLen; >- break; >- >- default: >- break; >- } >- } >- } >- FreePool (Info); >-} >- >- >-/** >- Convert the Date to a string, and update the Hii database DateID string with >it. >- >- @param[in] Date Points to the date to be converted. >- @param[in] DateId String ID in the HII database to be replaced. >- >-**/ >-VOID >-ResolveDate ( >- IN EFI_TIME *Date, >- IN EFI_STRING_ID DateId >- ) >-{ >- CHAR16 *Str; >- UINTN DateBufLen; >- >- // >- // Convert date to string. >- // >- DateBufLen = 64; >- Str = AllocateZeroPool (DateBufLen); >- if (Str == NULL) { >- return ; >- } >- >- UnicodeSPrint ( >- Str, >- DateBufLen, >- L"%4d-%2d-%2d ", >- Date->Year, >- Date->Month, >- Date->Day >- ); >- >- // >- // Convert time to string. >- // >- DateBufLen -= StrLen (Str); >- UnicodeSPrint ( >- Str + StrLen (Str), >- DateBufLen, >- L"%2d:%2d:%2d", >- Date->Hour, >- Date->Minute, >- Date->Second >- ); >- >- HiiSetString (mCallbackInfo->HiiHandle, DateId, Str, NULL); >- FreePool (Str); >-} >- >- >-/** >- Convert the CountVal to a string, and update the Hii database CountId string >- with it. >- >- @param[in] CountVal The hex value to convert. >- @param[in] CountId String ID in the HII database to be replaced. >- >-**/ >-VOID >-ResolveCount ( >- IN UINT32 CountVal, >- IN EFI_STRING_ID CountId >- ) >-{ >- CHAR16 Count[10]; >- >- UnicodeSPrint (Count, 20, L"%d", CountVal); >- HiiSetString (mCallbackInfo->HiiHandle, CountId, Count, NULL); >-} >- >- >-/** >- Concatenates one Null-terminated Unicode string to another Null- >terminated >- Unicode string. >- >- @param[in, out] Source1 On entry, point to a Null-terminated Unicode >string. >- On exit, point to a new concatenated Unicode string >- @param[in] Source2 Pointer to a Null-terminated Unicode string. >- >-**/ >-VOID >-AddStr ( >- IN OUT CHAR16 **Source1, >- IN CONST CHAR16 *Source2 >- ) >-{ >- CHAR16 *TmpStr; >- UINTN StrLength; >- >- ASSERT (Source1 != NULL); >- ASSERT (Source2 != NULL); >- >- if (*Source1 == NULL) { >- StrLength = StrSize (Source2); >- } else { >- StrLength = StrSize (*Source1); >- StrLength += StrSize (Source2) - 2; >- } >- >- TmpStr = AllocateZeroPool (StrLength); >- ASSERT (TmpStr != NULL); >- >- if (*Source1 == NULL) { >- StrCpyS (TmpStr, StrLength / sizeof (CHAR16), Source2); >- } else { >- StrCpyS (TmpStr, StrLength / sizeof (CHAR16), *Source1); >- FreePool (*Source1); >- StrCatS (TmpStr, StrLength / sizeof (CHAR16),Source2); >- } >- >- *Source1 = TmpStr; >-} >- >- >-/** >- Convert the identity policy to a unicode string and update the Hii database >- IpStringId string with it. >- >- @param[in] Ip Points to identity policy. >- @param[in] IpLen The identity policy length. >- @param[in] IpStringId String ID in the HII database to be replaced. >- >-**/ >-VOID >-ResolveIdentityPolicy ( >- IN UINT8 *Ip, >- IN UINTN IpLen, >- IN EFI_STRING_ID IpStringId >- ) >-{ >- CHAR16 *TmpStr; >- UINTN ChkLen; >- EFI_USER_INFO_IDENTITY_POLICY *Identity; >- UINT16 Index; >- CHAR16 *ProvStr; >- EFI_STRING_ID ProvId; >- EFI_HII_HANDLE HiiHandle; >- EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential; >- >- TmpStr = NULL; >- >- // >- // Resolve each policy. >- // >- ChkLen = 0; >- while (ChkLen < IpLen) { >- Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (Ip + ChkLen); >- switch (Identity->Type) { >- case EFI_USER_INFO_IDENTITY_FALSE: >- AddStr (&TmpStr, L"False"); >- break; >- >- case EFI_USER_INFO_IDENTITY_TRUE: >- AddStr (&TmpStr, L"None"); >- break; >- >- case EFI_USER_INFO_IDENTITY_NOT: >- AddStr (&TmpStr, L"! "); >- break; >- >- case EFI_USER_INFO_IDENTITY_AND: >- AddStr (&TmpStr, L" && "); >- break; >- >- case EFI_USER_INFO_IDENTITY_OR: >- AddStr (&TmpStr, L" || "); >- break; >- >- case EFI_USER_INFO_IDENTITY_CREDENTIAL_TYPE: >- for (Index = 0; Index < mProviderInfo->Count; Index++) { >- UserCredential = mProviderInfo->Provider[Index]; >- if (CompareGuid ((EFI_GUID *) (Identity + 1), &UserCredential->Type)) { >- UserCredential->Title ( >- UserCredential, >- &HiiHandle, >- &ProvId >- ); >- ProvStr = HiiGetString (HiiHandle, ProvId, NULL); >- if (ProvStr != NULL) { >- AddStr (&TmpStr, ProvStr); >- FreePool (ProvStr); >- } >- break; >- } >- } >- break; >- >- case EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER: >- for (Index = 0; Index < mProviderInfo->Count; Index++) { >- UserCredential = mProviderInfo->Provider[Index]; >- if (CompareGuid ((EFI_GUID *) (Identity + 1), &UserCredential- >>Identifier)) { >- UserCredential->Title ( >- UserCredential, >- &HiiHandle, >- &ProvId >- ); >- ProvStr = HiiGetString (HiiHandle, ProvId, NULL); >- if (ProvStr != NULL) { >- AddStr (&TmpStr, ProvStr); >- FreePool (ProvStr); >- } >- break; >- } >- } >- break; >- } >- >- ChkLen += Identity->Length; >- } >- >- if (TmpStr != NULL) { >- HiiSetString (mCallbackInfo->HiiHandle, IpStringId, TmpStr, NULL); >- FreePool (TmpStr); >- } >-} >- >- >-/** >- Display modify user information form. >- >- This form displays, username, create Date, usage date, usage count, identity >policy, >- and access policy. >- >- @param[in] UserIndex The index of the user in display list to modify. >- >-**/ >-VOID >-ModifyUserInfo ( >- IN UINT8 UserIndex >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_PROFILE_HANDLE CurrentUser; >- UINT32 CurrentAccessRight; >- VOID *StartOpCodeHandle; >- VOID *EndOpCodeHandle; >- EFI_IFR_GUID_LABEL *StartLabel; >- EFI_IFR_GUID_LABEL *EndLabel; >- >- // >- // Initialize the container for dynamic opcodes. >- // >- StartOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (StartOpCodeHandle != NULL); >- >- EndOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (EndOpCodeHandle != NULL); >- >- // >- // Create Hii Extend Label OpCode. >- // >- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- StartOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- StartLabel->Number = LABEL_USER_INFO_FUNC; >- >- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- EndOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- EndLabel->Number = LABEL_END; >- >- // >- // Find the user profile to be modified. >- // >- mModifyUser = NULL; >- Status = mUserManager->GetNext (mUserManager, &mModifyUser); >- if (EFI_ERROR (Status)) { >- return ; >- } >- >- while (UserIndex > 1) { >- Status = mUserManager->GetNext (mUserManager, &mModifyUser); >- if (EFI_ERROR (Status)) { >- return ; >- } >- UserIndex--; >- } >- >- // >- // Get user profile information. >- // >- GetAllUserInfo (); >- >- // >- // Update user name. >- HiiSetString ( >- mCallbackInfo->HiiHandle, >- STRING_TOKEN (STR_USER_NAME_VAL), >- mUserInfo.UserName, >- NULL >- ); >- >- // >- // Update create date. >- // >- if (mUserInfo.CreateDateExist) { >- ResolveDate (&mUserInfo.CreateDate, STRING_TOKEN >(STR_CREATE_DATE_VAL)); >- } else { >- HiiSetString ( >- mCallbackInfo->HiiHandle, >- STRING_TOKEN (STR_CREATE_DATE_VAL), >- L"", >- NULL >- ); >- } >- >- // >- // Add usage date. >- // >- if (mUserInfo.UsageDateExist) { >- ResolveDate (&mUserInfo.UsageDate, STRING_TOKEN >(STR_USAGE_DATE_VAL)); >- } else { >- HiiSetString ( >- mCallbackInfo->HiiHandle, >- STRING_TOKEN (STR_USAGE_DATE_VAL), >- L"", >- NULL >- ); >- } >- >- // >- // Add usage count. >- // >- ResolveCount ((UINT32) mUserInfo.UsageCount, STRING_TOKEN >(STR_USAGE_COUNT_VAL)); >- >- // >- // Add identity policy. >- // >- mUserManager->Current (mUserManager, &CurrentUser); >- if (mModifyUser == CurrentUser) { >- ResolveIdentityPolicy ( >- mUserInfo.IdentityPolicy, >- mUserInfo.IdentityPolicyLen, >- STRING_TOKEN (STR_IDENTIFY_POLICY_VAL) >- ); >- HiiCreateGotoOpCode ( >- StartOpCodeHandle, // Container for opcodes >- FORMID_MODIFY_IP, // Target Form ID >- STRING_TOKEN (STR_IDENTIFY_POLICY), // Prompt text >- STRING_TOKEN (STR_IDENTIFY_POLICY_VAL), // Help text >- EFI_IFR_FLAG_CALLBACK, // Question flag >- KEY_MODIFY_USER | KEY_SELECT_USER | KEY_MODIFY_IP // Question >ID >- ); >- } >- >- // >- // Add access policy. >- // >- Status = GetAccessRight (&CurrentAccessRight); >- if (EFI_ERROR (Status)) { >- CurrentAccessRight = EFI_USER_INFO_ACCESS_ENROLL_SELF; >- } >- >- if (CurrentAccessRight == EFI_USER_INFO_ACCESS_MANAGE) { >- HiiCreateGotoOpCode ( >- StartOpCodeHandle, // Container for opcodes >- FORMID_MODIFY_AP, // Target Form ID >- STRING_TOKEN (STR_ACCESS_POLICY), // Prompt text >- STRING_TOKEN (STR_NULL_STRING), // Help text >- EFI_IFR_FLAG_CALLBACK, // Question flag >- KEY_MODIFY_USER | KEY_SELECT_USER | KEY_MODIFY_AP // Question >ID >- ); >- } >- >- HiiUpdateForm ( >- mCallbackInfo->HiiHandle, // HII handle >- &gUserProfileManagerGuid, // Formset GUID >- FORMID_USER_INFO, // Form ID >- StartOpCodeHandle, // Label >- EndOpCodeHandle // Replace data >- ); >- >- HiiFreeOpCodeHandle (StartOpCodeHandle); >- HiiFreeOpCodeHandle (EndOpCodeHandle); >-} >- >- >-/** >- Get all the access policy info from current user info, and save in the global >- variable. >- >-**/ >-VOID >-ResolveAccessPolicy ( >- VOID >- ) >-{ >- UINTN OffSet; >- EFI_USER_INFO_ACCESS_CONTROL Control; >- UINTN ValLen; >- UINT8 *AccessData; >- >- // >- // Set default value >- // >- mAccessInfo.AccessRight = EFI_USER_INFO_ACCESS_ENROLL_SELF; >- mAccessInfo.AccessSetup = ACCESS_SETUP_RESTRICTED; >- mAccessInfo.AccessBootOrder = >EFI_USER_INFO_ACCESS_BOOT_ORDER_INSERT; >- >- mAccessInfo.LoadPermitLen = 0; >- mAccessInfo.LoadForbidLen = 0; >- mAccessInfo.ConnectPermitLen = 0; >- mAccessInfo.ConnectForbidLen = 0; >- >- // >- // Get each user access policy. >- // >- OffSet = 0; >- while (OffSet < mUserInfo.AccessPolicyLen) { >- CopyMem (&Control, mUserInfo.AccessPolicy + OffSet, sizeof (Control)); >- ValLen = Control.Size - sizeof (Control); >- switch (Control.Type) { >- case EFI_USER_INFO_ACCESS_ENROLL_SELF: >- mAccessInfo.AccessRight = EFI_USER_INFO_ACCESS_ENROLL_SELF; >- break; >- >- case EFI_USER_INFO_ACCESS_ENROLL_OTHERS: >- mAccessInfo.AccessRight = EFI_USER_INFO_ACCESS_ENROLL_OTHERS; >- break; >- >- case EFI_USER_INFO_ACCESS_MANAGE: >- mAccessInfo.AccessRight = EFI_USER_INFO_ACCESS_MANAGE; >- break; >- >- case EFI_USER_INFO_ACCESS_SETUP: >- AccessData = mUserInfo.AccessPolicy + OffSet + sizeof (Control); >- if (CompareGuid ((EFI_GUID *) AccessData, >&gEfiUserInfoAccessSetupNormalGuid)) { >- mAccessInfo.AccessSetup = ACCESS_SETUP_NORMAL; >- } else if (CompareGuid ((EFI_GUID *) AccessData, >&gEfiUserInfoAccessSetupRestrictedGuid)) { >- mAccessInfo.AccessSetup = ACCESS_SETUP_RESTRICTED; >- } else if (CompareGuid ((EFI_GUID *) AccessData, >&gEfiUserInfoAccessSetupAdminGuid)) { >- mAccessInfo.AccessSetup = ACCESS_SETUP_ADMIN; >- } >- break; >- >- case EFI_USER_INFO_ACCESS_BOOT_ORDER: >- AccessData = mUserInfo.AccessPolicy + OffSet + sizeof (Control); >- CopyMem (&mAccessInfo.AccessBootOrder, AccessData, sizeof (UINT32)); >- break; >- >- case EFI_USER_INFO_ACCESS_FORBID_LOAD: >- if (mAccessInfo.LoadForbid != NULL) { >- FreePool (mAccessInfo.LoadForbid); >- } >- >- mAccessInfo.LoadForbid = AllocateZeroPool (ValLen); >- if (mAccessInfo.LoadForbid != NULL) { >- AccessData = mUserInfo.AccessPolicy + OffSet + sizeof (Control); >- CopyMem (mAccessInfo.LoadForbid, AccessData, ValLen); >- mAccessInfo.LoadForbidLen = ValLen; >- } >- break; >- >- case EFI_USER_INFO_ACCESS_PERMIT_LOAD: >- if (mAccessInfo.LoadPermit != NULL) { >- FreePool (mAccessInfo.LoadPermit); >- } >- >- mAccessInfo.LoadPermit = AllocateZeroPool (ValLen); >- if (mAccessInfo.LoadPermit != NULL) { >- AccessData = mUserInfo.AccessPolicy + OffSet + sizeof (Control); >- CopyMem (mAccessInfo.LoadPermit, AccessData, ValLen); >- mAccessInfo.LoadPermitLen = ValLen; >- } >- break; >- >- case EFI_USER_INFO_ACCESS_FORBID_CONNECT: >- if (mAccessInfo.ConnectForbid != NULL) { >- FreePool (mAccessInfo.ConnectForbid); >- } >- >- mAccessInfo.ConnectForbid = AllocateZeroPool (ValLen); >- if (mAccessInfo.ConnectForbid != NULL) { >- AccessData = mUserInfo.AccessPolicy + OffSet + sizeof (Control); >- CopyMem (mAccessInfo.ConnectForbid, AccessData, ValLen); >- mAccessInfo.ConnectForbidLen = ValLen; >- } >- break; >- >- case EFI_USER_INFO_ACCESS_PERMIT_CONNECT: >- if (mAccessInfo.ConnectPermit != NULL) { >- FreePool (mAccessInfo.ConnectPermit); >- } >- >- mAccessInfo.ConnectPermit = AllocateZeroPool (ValLen); >- if (mAccessInfo.ConnectPermit != NULL) { >- AccessData = mUserInfo.AccessPolicy + OffSet + sizeof (Control); >- CopyMem (mAccessInfo.ConnectPermit, AccessData, ValLen); >- mAccessInfo.ConnectPermitLen = ValLen; >- } >- break; >- } >- >- OffSet += Control.Size; >- } >-} >- >- >-/** >- Find the specified info in User profile by the InfoType. >- >- @param[in] User Handle of the user whose information will be >searched. >- @param[in] InfoType The user information type to find. >- @param[out] UserInfo Points to user information handle found. >- >- @retval EFI_SUCCESS Find the user information successfully. >- @retval Others Fail to find the user information. >- >-**/ >-EFI_STATUS >-FindInfoByType ( >- IN EFI_USER_PROFILE_HANDLE User, >- IN UINT8 InfoType, >- OUT EFI_USER_INFO_HANDLE *UserInfo >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO *Info; >- UINTN InfoSize; >- UINTN MemSize; >- >- if (UserInfo == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- >- *UserInfo = NULL; >- // >- // Allocate user information memory. >- // >- MemSize = sizeof (EFI_USER_INFO) + 63; >- Info = AllocateZeroPool (MemSize); >- if (Info == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- >- // >- // Get each user information. >- // >- while (TRUE) { >- Status = mUserManager->GetNextInfo (mUserManager, User, UserInfo); >- if (EFI_ERROR (Status)) { >- break; >- } >- // >- // Get information. >- // >- InfoSize = MemSize; >- Status = mUserManager->GetInfo ( >- mUserManager, >- User, >- *UserInfo, >- Info, >- &InfoSize >- ); >- if (Status == EFI_BUFFER_TOO_SMALL) { >- MemSize = InfoSize; >- FreePool (Info); >- Info = AllocateZeroPool (MemSize); >- if (Info == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- Status = mUserManager->GetInfo ( >- mUserManager, >- User, >- *UserInfo, >- Info, >- &InfoSize >- ); >- } >- if (Status == EFI_SUCCESS) { >- if (Info->InfoType == InfoType) { >- break; >- } >- } >- } >- >- FreePool (Info); >- return Status; >-} >- >- >-/** >- Display modify user access policy form. >- >- In this form, access right, access setup and access boot order are dynamically >- added. Load devicepath and connect devicepath are displayed too. >- >-**/ >-VOID >-ModidyAccessPolicy ( >- VOID >- ) >-{ >- VOID *StartOpCodeHandle; >- VOID *EndOpCodeHandle; >- VOID *OptionsOpCodeHandle; >- EFI_IFR_GUID_LABEL *StartLabel; >- EFI_IFR_GUID_LABEL *EndLabel; >- VOID *DefaultOpCodeHandle; >- >- // >- // Initialize the container for dynamic opcodes. >- // >- StartOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (StartOpCodeHandle != NULL); >- >- EndOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (EndOpCodeHandle != NULL); >- >- // >- // Create Hii Extend Label OpCode. >- // >- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- StartOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- StartLabel->Number = LABEL_AP_MOD_FUNC; >- >- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- EndOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- EndLabel->Number = LABEL_END; >- >- >- // >- // Resolve access policy information. >- // >- ResolveAccessPolicy (); >- >- // >- // Add access right one-of-code. >- // >- OptionsOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (OptionsOpCodeHandle != NULL); >- DefaultOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (DefaultOpCodeHandle != NULL); >- >- HiiCreateOneOfOptionOpCode ( >- OptionsOpCodeHandle, >- STRING_TOKEN (STR_NORMAL), >- 0, >- EFI_IFR_NUMERIC_SIZE_1, >- EFI_USER_INFO_ACCESS_ENROLL_SELF >- ); >- >- HiiCreateOneOfOptionOpCode ( >- OptionsOpCodeHandle, >- STRING_TOKEN (STR_ENROLL), >- 0, >- EFI_IFR_NUMERIC_SIZE_1, >- EFI_USER_INFO_ACCESS_ENROLL_OTHERS >- ); >- >- HiiCreateOneOfOptionOpCode ( >- OptionsOpCodeHandle, >- STRING_TOKEN (STR_MANAGE), >- 0, >- EFI_IFR_NUMERIC_SIZE_1, >- EFI_USER_INFO_ACCESS_MANAGE >- ); >- >- HiiCreateDefaultOpCode ( >- DefaultOpCodeHandle, >- EFI_HII_DEFAULT_CLASS_STANDARD, >- EFI_IFR_NUMERIC_SIZE_1, >- mAccessInfo.AccessRight >- ); >- >- HiiCreateOneOfOpCode ( >- StartOpCodeHandle, // Container for dynamic created opcodes >- KEY_MODIFY_USER | KEY_SELECT_USER | KEY_MODIFY_AP | >KEY_MODIFY_RIGHT, // Question ID >- 0, // VarStore ID >- 0, // Offset in Buffer Storage >- STRING_TOKEN (STR_ACCESS_RIGHT), // Question prompt text >- STRING_TOKEN (STR_ACCESS_RIGHT_HELP), // Question help text >- EFI_IFR_FLAG_CALLBACK, // Question flag >- EFI_IFR_NUMERIC_SIZE_1, // Data type of Question Value >- OptionsOpCodeHandle, // Option Opcode list >- DefaultOpCodeHandle // Default Opcode >- ); >- HiiFreeOpCodeHandle (DefaultOpCodeHandle); >- HiiFreeOpCodeHandle (OptionsOpCodeHandle); >- >- >- // >- // Add setup type one-of-code. >- // >- OptionsOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (OptionsOpCodeHandle != NULL); >- DefaultOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (DefaultOpCodeHandle != NULL); >- >- HiiCreateOneOfOptionOpCode ( >- OptionsOpCodeHandle, >- STRING_TOKEN (STR_RESTRICTED), >- 0, >- EFI_IFR_NUMERIC_SIZE_1, >- ACCESS_SETUP_RESTRICTED >- ); >- >- HiiCreateOneOfOptionOpCode ( >- OptionsOpCodeHandle, >- STRING_TOKEN (STR_NORMAL), >- 0, >- EFI_IFR_NUMERIC_SIZE_1, >- ACCESS_SETUP_NORMAL >- ); >- >- HiiCreateOneOfOptionOpCode ( >- OptionsOpCodeHandle, >- STRING_TOKEN (STR_ADMIN), >- 0, >- EFI_IFR_NUMERIC_SIZE_1, >- ACCESS_SETUP_ADMIN >- ); >- >- HiiCreateDefaultOpCode ( >- DefaultOpCodeHandle, >- EFI_HII_DEFAULT_CLASS_STANDARD, >- EFI_IFR_NUMERIC_SIZE_1, >- mAccessInfo.AccessSetup >- ); >- >- HiiCreateOneOfOpCode ( >- StartOpCodeHandle, // Container for dynamic created opcodes >- KEY_MODIFY_USER | KEY_SELECT_USER | KEY_MODIFY_AP | >KEY_MODIFY_SETUP, // Question ID >- 0, // VarStore ID >- 0, // Offset in Buffer Storage >- STRING_TOKEN (STR_ACCESS_SETUP), // Question prompt text >- STRING_TOKEN (STR_ACCESS_SETUP_HELP), // Question help text >- EFI_IFR_FLAG_CALLBACK, // Question flag >- EFI_IFR_NUMERIC_SIZE_1, // Data type of Question Value >- OptionsOpCodeHandle, // Option Opcode list >- DefaultOpCodeHandle // Default Opcode >- ); >- HiiFreeOpCodeHandle (DefaultOpCodeHandle); >- HiiFreeOpCodeHandle (OptionsOpCodeHandle); >- >- // >- // Add boot order one-of-code. >- // >- OptionsOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (OptionsOpCodeHandle != NULL); >- DefaultOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (DefaultOpCodeHandle != NULL); >- >- HiiCreateOneOfOptionOpCode ( >- OptionsOpCodeHandle, >- STRING_TOKEN (STR_INSERT), >- 0, >- EFI_IFR_NUMERIC_SIZE_4, >- EFI_USER_INFO_ACCESS_BOOT_ORDER_INSERT >- ); >- >- HiiCreateOneOfOptionOpCode ( >- OptionsOpCodeHandle, >- STRING_TOKEN (STR_APPEND), >- 0, >- EFI_IFR_NUMERIC_SIZE_4, >- EFI_USER_INFO_ACCESS_BOOT_ORDER_APPEND >- ); >- >- HiiCreateOneOfOptionOpCode ( >- OptionsOpCodeHandle, >- STRING_TOKEN (STR_REPLACE), >- 0, >- EFI_IFR_NUMERIC_SIZE_4, >- EFI_USER_INFO_ACCESS_BOOT_ORDER_REPLACE >- ); >- >- HiiCreateOneOfOptionOpCode ( >- OptionsOpCodeHandle, >- STRING_TOKEN (STR_NODEFAULT), >- 0, >- EFI_IFR_NUMERIC_SIZE_4, >- EFI_USER_INFO_ACCESS_BOOT_ORDER_NODEFAULT >- ); >- >- HiiCreateDefaultOpCode ( >- DefaultOpCodeHandle, >- EFI_HII_DEFAULT_CLASS_STANDARD, >- EFI_IFR_NUMERIC_SIZE_4, >- mAccessInfo.AccessBootOrder >- ); >- >- HiiCreateOneOfOpCode ( >- StartOpCodeHandle, // Container for dynamic created opcodes >- KEY_MODIFY_USER | KEY_SELECT_USER | KEY_MODIFY_AP | >KEY_MODIFY_BOOT, // Question ID >- 0, // VarStore ID >- 0, // Offset in Buffer Storage >- STRING_TOKEN (STR_BOOR_ORDER), // Question prompt text >- STRING_TOKEN (STR_BOOT_ORDER_HELP), // Question help text >- EFI_IFR_FLAG_CALLBACK, // Question flag >- EFI_IFR_NUMERIC_SIZE_1, // Data type of Question Value >- OptionsOpCodeHandle, // Option Opcode list >- DefaultOpCodeHandle // Default Opcode >- ); >- HiiFreeOpCodeHandle (DefaultOpCodeHandle); >- HiiFreeOpCodeHandle (OptionsOpCodeHandle); >- >- // >- // Update Form. >- // >- HiiUpdateForm ( >- mCallbackInfo->HiiHandle, // HII handle >- &gUserProfileManagerGuid, // Formset GUID >- FORMID_MODIFY_AP, // Form ID >- StartOpCodeHandle, // Label for where to insert opcodes >- EndOpCodeHandle // Replace data >- ); >- >- HiiFreeOpCodeHandle (StartOpCodeHandle); >- HiiFreeOpCodeHandle (EndOpCodeHandle); >-} >- >- >-/** >- Expand access policy memory size. >- >- @param[in] ValidLen The valid access policy length. >- @param[in] ExpandLen The length that is needed to expand. >- >-**/ >-VOID >-ExpandMemory ( >- IN UINTN ValidLen, >- IN UINTN ExpandLen >- ) >-{ >- UINT8 *Mem; >- UINTN Len; >- >- // >- // Expand memory. >- // >- Len = mUserInfo.AccessPolicyLen + (ExpandLen / 64 + 1) * 64; >- Mem = AllocateZeroPool (Len); >- ASSERT (Mem != NULL); >- >- if (mUserInfo.AccessPolicy != NULL) { >- CopyMem (Mem, mUserInfo.AccessPolicy, ValidLen); >- FreePool (mUserInfo.AccessPolicy); >- } >- >- mUserInfo.AccessPolicy = Mem; >- mUserInfo.AccessPolicyLen = Len; >-} >- >- >-/** >- Get the username from user input, and update username string in the Hii >- database with it. >- >-**/ >-VOID >-ModifyUserName ( >- VOID >- ) >-{ >- EFI_STATUS Status; >- CHAR16 UserName[USER_NAME_LENGTH]; >- UINTN Len; >- EFI_INPUT_KEY Key; >- EFI_USER_INFO_HANDLE UserInfo; >- EFI_USER_INFO *Info; >- EFI_USER_PROFILE_HANDLE TempUser; >- >- // >- // Get the new user name. >- // >- Len = sizeof (UserName); >- Status = GetUserNameInput (&Len, UserName); >- if (EFI_ERROR (Status)) { >- if (Status != EFI_ABORTED) { >- CreatePopUp ( >- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >- &Key, >- L"Failed To Get User Name.", >- L"", >- L"Please Press Any Key to Continue ...", >- NULL >- ); >- } >- return ; >- } >- >- // >- // Check whether the username had been used or not. >- // >- Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + Len); >- if (Info == NULL) { >- return ; >- } >- >- Info->InfoType = EFI_USER_INFO_NAME_RECORD; >- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >- EFI_USER_INFO_PUBLIC | >- EFI_USER_INFO_EXCLUSIVE; >- Info->InfoSize = (UINT32) (sizeof (EFI_USER_INFO) + Len); >- CopyMem ((UINT8 *) (Info + 1), UserName, Len); >- >- TempUser = NULL; >- Status = mUserManager->Find ( >- mUserManager, >- &TempUser, >- NULL, >- Info, >- Info->InfoSize >- ); >- if (!EFI_ERROR (Status)) { >- CreatePopUp ( >- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >- &Key, >- L"The User Name Had Been Used.", >- L"", >- L"Please Use Other User Name", >- NULL >- ); >- FreePool (Info); >- return ; >- } >- >- // >- // Update username display in the form. >- // >- CopyMem (mUserInfo.UserName, UserName, Len); >- HiiSetString ( >- mCallbackInfo->HiiHandle, >- STRING_TOKEN (STR_USER_NAME_VAL), >- mUserInfo.UserName, >- NULL >- ); >- >- // >- // Save the user name. >- // >- Status = FindInfoByType (mModifyUser, EFI_USER_INFO_NAME_RECORD, >&UserInfo); >- if (!EFI_ERROR (Status)) { >- mUserManager->SetInfo ( >- mUserManager, >- mModifyUser, >- &UserInfo, >- Info, >- Info->InfoSize >- ); >- } >- FreePool (Info); >-} >- >- >-/** >- Display the form of the modifying user identity policy. >- >-**/ >-VOID >-ModifyIdentityPolicy ( >- VOID >- ) >-{ >- UINTN Index; >- CHAR16 *ProvStr; >- EFI_STRING_ID ProvID; >- EFI_HII_HANDLE HiiHandle; >- VOID *OptionsOpCodeHandle; >- VOID *StartOpCodeHandle; >- VOID *EndOpCodeHandle; >- EFI_IFR_GUID_LABEL *StartLabel; >- EFI_IFR_GUID_LABEL *EndLabel; >- >- // >- // Initialize the container for dynamic opcodes. >- // >- StartOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (StartOpCodeHandle != NULL); >- >- EndOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (EndOpCodeHandle != NULL); >- >- // >- // Create Hii Extend Label OpCode. >- // >- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- StartOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- StartLabel->Number = LABEL_IP_MOD_FUNC; >- >- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- EndOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- EndLabel->Number = LABEL_END; >- >- // >- // Add credential providers >- //. >- if (mProviderInfo->Count > 0) { >- OptionsOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (OptionsOpCodeHandle != NULL); >- >- // >- // Add credential provider Option OpCode. >- // >- for (Index = 0; Index < mProviderInfo->Count; Index++) { >- mProviderInfo->Provider[Index]->Title ( >- mProviderInfo->Provider[Index], >- &HiiHandle, >- &ProvID >- ); >- ProvStr = HiiGetString (HiiHandle, ProvID, NULL); >- ProvID = HiiSetString (mCallbackInfo->HiiHandle, 0, ProvStr, NULL); >- FreePool (ProvStr); >- if (ProvID == 0) { >- return ; >- } >- >- HiiCreateOneOfOptionOpCode ( >- OptionsOpCodeHandle, >- ProvID, >- 0, >- EFI_IFR_NUMERIC_SIZE_1, >- (UINT8) Index >- ); >- } >- >- HiiCreateOneOfOpCode ( >- StartOpCodeHandle, // Container for dynamic created opcodes >- KEY_MODIFY_USER | KEY_SELECT_USER | KEY_MODIFY_IP | >KEY_MODIFY_PROV, // Question ID >- 0, // VarStore ID >- 0, // Offset in Buffer Storage >- STRING_TOKEN (STR_PROVIDER), // Question prompt text >- STRING_TOKEN (STR_PROVIDER_HELP), // Question help text >- EFI_IFR_FLAG_CALLBACK, // Question flag >- EFI_IFR_NUMERIC_SIZE_1, // Data type of Question Value >- OptionsOpCodeHandle, // Option Opcode list >- NULL // Default Opcode is NULl >- ); >- >- HiiFreeOpCodeHandle (OptionsOpCodeHandle); >- } >- >- // >- // Add logical connector Option OpCode. >- // >- OptionsOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (OptionsOpCodeHandle != NULL); >- >- HiiCreateOneOfOptionOpCode ( >- OptionsOpCodeHandle, >- STRING_TOKEN (STR_AND_CON), >- 0, >- EFI_IFR_NUMERIC_SIZE_1, >- 0 >- ); >- >- HiiCreateOneOfOptionOpCode ( >- OptionsOpCodeHandle, >- STRING_TOKEN (STR_OR_CON), >- 0, >- EFI_IFR_NUMERIC_SIZE_1, >- 1 >- ); >- >- HiiCreateOneOfOpCode ( >- StartOpCodeHandle, // Container for dynamic created opcodes >- KEY_MODIFY_USER | KEY_SELECT_USER | KEY_MODIFY_IP | >KEY_MODIFY_CONN, // Question ID >- 0, // VarStore ID >- 0, // Offset in Buffer Storage >- STRING_TOKEN (STR_CONNECTOR), // Question prompt text >- STRING_TOKEN (STR_CONNECTOR_HELP), // Question help text >- EFI_IFR_FLAG_CALLBACK, // Question flag >- EFI_IFR_NUMERIC_SIZE_1, // Data type of Question Value >- OptionsOpCodeHandle, // Option Opcode list >- NULL // Default Opcode is NULl >- ); >- >- HiiFreeOpCodeHandle (OptionsOpCodeHandle); >- >- // >- // Update identity policy in the form. >- // >- ResolveIdentityPolicy ( >- mUserInfo.IdentityPolicy, >- mUserInfo.IdentityPolicyLen, >- STRING_TOKEN (STR_IDENTIFY_POLICY_VALUE) >- ); >- >- if (mUserInfo.NewIdentityPolicy != NULL) { >- FreePool (mUserInfo.NewIdentityPolicy); >- mUserInfo.NewIdentityPolicy = NULL; >- mUserInfo.NewIdentityPolicyLen = 0; >- mUserInfo.NewIdentityPolicyModified = FALSE; >- } >- mProviderChoice = 0; >- mConncetLogical = 0; >- >- HiiUpdateForm ( >- mCallbackInfo->HiiHandle, // HII handle >- &gUserProfileManagerGuid, // Formset GUID >- FORMID_MODIFY_IP, // Form ID >- StartOpCodeHandle, // Label for where to insert opcodes >- EndOpCodeHandle // Replace data >- ); >- >- HiiFreeOpCodeHandle (StartOpCodeHandle); >- HiiFreeOpCodeHandle (EndOpCodeHandle); >-} >- >- >-/** >- Get current user's access right. >- >- @param[out] AccessRight Points to the buffer used for user's access right. >- >- @retval EFI_SUCCESS Get current user access right successfully. >- @retval others Fail to get current user access right. >- >-**/ >-EFI_STATUS >-GetAccessRight ( >- OUT UINT32 *AccessRight >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO_HANDLE UserInfo; >- EFI_USER_INFO *Info; >- UINTN InfoSize; >- UINTN MemSize; >- EFI_USER_INFO_ACCESS_CONTROL Access; >- EFI_USER_PROFILE_HANDLE CurrentUser; >- UINTN TotalLen; >- UINTN CheckLen; >- >- // >- // Allocate user information memory. >- // >- MemSize = sizeof (EFI_USER_INFO) + 63; >- Info = AllocateZeroPool (MemSize); >- if (Info == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- >- // >- // Get user access information. >- // >- UserInfo = NULL; >- mUserManager->Current (mUserManager, &CurrentUser); >- while (TRUE) { >- InfoSize = MemSize; >- // >- // Get next user information. >- // >- Status = mUserManager->GetNextInfo (mUserManager, CurrentUser, >&UserInfo); >- if (EFI_ERROR (Status)) { >- break; >- } >- >- Status = mUserManager->GetInfo ( >- mUserManager, >- CurrentUser, >- UserInfo, >- Info, >- &InfoSize >- ); >- if (Status == EFI_BUFFER_TOO_SMALL) { >- MemSize = InfoSize; >- FreePool (Info); >- Info = AllocateZeroPool (MemSize); >- if (Info == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- Status = mUserManager->GetInfo ( >- mUserManager, >- CurrentUser, >- UserInfo, >- Info, >- &InfoSize >- ); >- } >- if (EFI_ERROR (Status)) { >- break; >- } >- >- // >- // Check user information. >- // >- if (Info->InfoType == EFI_USER_INFO_ACCESS_POLICY_RECORD) { >- TotalLen = Info->InfoSize - sizeof (EFI_USER_INFO); >- CheckLen = 0; >- // >- // Get specified access information. >- // >- while (CheckLen < TotalLen) { >- CopyMem (&Access, (UINT8 *) (Info + 1) + CheckLen, sizeof (Access)); >- if ((Access.Type == EFI_USER_INFO_ACCESS_ENROLL_SELF) || >- (Access.Type == EFI_USER_INFO_ACCESS_ENROLL_OTHERS) || >- (Access.Type == EFI_USER_INFO_ACCESS_MANAGE) >- ) { >- *AccessRight = Access.Type; >- FreePool (Info); >- return EFI_SUCCESS; >- } >- CheckLen += Access.Size; >- } >- } >- } >- FreePool (Info); >- return EFI_NOT_FOUND; >-} >- >-- >2.16.2.windows.1 > >_______________________________________________ >edk2-devel mailing list >edk2-devel@lists.01.org >https://lists.01.org/mailman/listinfo/edk2-devel ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] SecurityPkg: Remove code under UserIdentification folder. 2019-01-09 1:38 ` Gao, Liming @ 2019-01-09 1:54 ` Chen, Chen A 2019-01-09 2:17 ` Gao, Liming 0 siblings, 1 reply; 4+ messages in thread From: Chen, Chen A @ 2019-01-09 1:54 UTC (permalink / raw) To: Gao, Liming, edk2-devel@lists.01.org; +Cc: Zhang, Chao B Yes, Chao has filed on BZ1427. -----Original Message----- From: Gao, Liming Sent: Wednesday, January 9, 2019 9:39 AM To: Chen, Chen A <chen.a.chen@intel.com>; edk2-devel@lists.01.org Cc: Zhang, Chao B <chao.b.zhang@intel.com> Subject: RE: [edk2] [PATCH] SecurityPkg: Remove code under UserIdentification folder. Could you create BZ for this change? >-----Original Message----- >From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of >chenche4 >Sent: Wednesday, January 09, 2019 9:09 AM >To: edk2-devel@lists.01.org >Cc: Zhang, Chao B <chao.b.zhang@intel.com> >Subject: [edk2] [PATCH] SecurityPkg: Remove code under UserIdentification >folder. > >1. UserIdentifyManagerDxe is used to provide UserManagerProtocol. >2. UserProfileManagerDxe provide UI setting >3. PwdCredentialProviderDxe & UsbCredentialProviderDxe are >implementation > examples. > >Remove above features because of no platform use it. > >Cc: Zhang Chao B <chao.b.zhang@intel.com> >Contributed-under: TianoCore Contribution Agreement 1.1 >Signed-off-by: Chen A Chen <chen.a.chen@intel.com> >--- > .../Include/Guid/UsbCredentialProviderHii.h | 29 - > SecurityPkg/Include/Guid/UserIdentifyManagerHii.h | 25 - > SecurityPkg/Include/Guid/UserProfileManagerHii.h | 25 - > SecurityPkg/SecurityPkg.dec | 12 - > SecurityPkg/SecurityPkg.dsc | 4 - > .../PwdCredentialProvider.c | 1464 -------- > .../PwdCredentialProvider.h | 374 -- > .../PwdCredentialProvider.uni | 21 - > .../PwdCredentialProviderData.h | 30 - > .../PwdCredentialProviderDxe.inf | 65 - > .../PwdCredentialProviderExtra.uni | 19 - > .../PwdCredentialProviderStrings.uni | 38 - > .../PwdCredentialProviderVfr.Vfr | 34 - > .../UsbCredentialProvider.c | 1410 -------- > .../UsbCredentialProvider.h | 361 -- > .../UsbCredentialProvider.uni | 23 - > .../UsbCredentialProviderDxe.inf | 70 - > .../UsbCredentialProviderExtra.uni | 19 - > .../UsbCredentialProviderStrings.uni | 29 - > .../UserIdentifyManagerDxe/LoadDeferredImage.c | 148 - > .../UserIdentifyManagerDxe/UserIdentifyManager.c | 3766 -------------------- > .../UserIdentifyManagerDxe/UserIdentifyManager.h | 413 --- > .../UserIdentifyManagerDxe/UserIdentifyManager.uni | 21 - > .../UserIdentifyManagerData.h | 35 - > .../UserIdentifyManagerDxe.inf | 79 - > .../UserIdentifyManagerExtra.uni | 19 - > .../UserIdentifyManagerStrings.uni | 27 - > .../UserIdentifyManagerVfr.Vfr | 43 - > .../UserProfileManagerDxe/ModifyAccessPolicy.c | 688 ---- > .../UserProfileManagerDxe/ModifyIdentityPolicy.c | 516 --- > .../UserProfileManagerDxe/UserProfileAdd.c | 372 -- > .../UserProfileManagerDxe/UserProfileDelete.c | 343 -- > .../UserProfileManagerDxe/UserProfileManager.c | 887 ----- > .../UserProfileManagerDxe/UserProfileManager.h | 444 --- > .../UserProfileManagerDxe/UserProfileManager.uni | 22 - > .../UserProfileManagerDxe/UserProfileManagerData.h | 158 - > .../UserProfileManagerDxe.inf | 72 - > .../UserProfileManagerExtra.uni | 19 - > .../UserProfileManagerStrings.uni | 158 - > .../UserProfileManagerVfr.Vfr | 244 -- > .../UserProfileManagerDxe/UserProfileModify.c | 1475 -------- > 41 files changed, 14001 deletions(-) > delete mode 100644 SecurityPkg/Include/Guid/UsbCredentialProviderHii.h > delete mode 100644 SecurityPkg/Include/Guid/UserIdentifyManagerHii.h > delete mode 100644 SecurityPkg/Include/Guid/UserProfileManagerHii.h > delete mode 100644 >SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialPro >vider.c > delete mode 100644 >SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialPro >vider.h > delete mode 100644 >SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialPro >vider.uni > delete mode 100644 >SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialPro >viderData.h > delete mode 100644 >SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialPro >viderDxe.inf > delete mode 100644 >SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialPro >viderExtra.uni > delete mode 100644 >SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialPro >viderStrings.uni > delete mode 100644 >SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialPro >viderVfr.Vfr > delete mode 100644 >SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPro >vider.c > delete mode 100644 >SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPro >vider.h > delete mode 100644 >SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPro >vider.uni > delete mode 100644 >SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPro >viderDxe.inf > delete mode 100644 >SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPro >viderExtra.uni > delete mode 100644 >SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPro >viderStrings.uni > delete mode 100644 >SecurityPkg/UserIdentification/UserIdentifyManagerDxe/LoadDeferredImag >e.c > delete mode 100644 >SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManag >er.c > delete mode 100644 >SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManag >er.h > delete mode 100644 >SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManag >er.uni > delete mode 100644 >SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManag >erData.h > delete mode 100644 >SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManag >erDxe.inf > delete mode 100644 >SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManag >erExtra.uni > delete mode 100644 >SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManag >erStrings.uni > delete mode 100644 >SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManag >erVfr.Vfr > delete mode 100644 >SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyAccessPolicy. >c > delete mode 100644 >SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyIdentityPolicy >.c > delete mode 100644 >SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileAdd.c > delete mode 100644 >SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileDelete.c > delete mode 100644 >SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager. >c > delete mode 100644 >SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager. >h > delete mode 100644 >SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager. >uni > delete mode 100644 >SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager >Data.h > delete mode 100644 >SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager >Dxe.inf > delete mode 100644 >SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager >Extra.uni > delete mode 100644 >SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager >Strings.uni > delete mode 100644 >SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager >Vfr.Vfr > delete mode 100644 >SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModify.c > >diff --git a/SecurityPkg/Include/Guid/UsbCredentialProviderHii.h >b/SecurityPkg/Include/Guid/UsbCredentialProviderHii.h >deleted file mode 100644 >index 059d68f32e..0000000000 >--- a/SecurityPkg/Include/Guid/UsbCredentialProviderHii.h >+++ /dev/null >@@ -1,29 +0,0 @@ >-/** @file >- GUID used as HII Package list GUID in UsbCredentialProviderDxe driver. >- >-Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#ifndef __USB_CREDENTIAL_PROVIDER_HII_H__ >-#define __USB_CREDENTIAL_PROVIDER_HII_H__ >- >-// >-// Used for save password credential and form browser >-// And used as provider identifier >-// >-#define USB_CREDENTIAL_PROVIDER_GUID \ >- { \ >- 0xd0849ed1, 0xa88c, 0x4ba6, { 0xb1, 0xd6, 0xab, 0x50, 0xe2, 0x80, 0xb7, >0xa9 }\ >- } >- >-extern EFI_GUID gUsbCredentialProviderGuid; >- >-#endif >diff --git a/SecurityPkg/Include/Guid/UserIdentifyManagerHii.h >b/SecurityPkg/Include/Guid/UserIdentifyManagerHii.h >deleted file mode 100644 >index 323c51f0f6..0000000000 >--- a/SecurityPkg/Include/Guid/UserIdentifyManagerHii.h >+++ /dev/null >@@ -1,25 +0,0 @@ >-/** @file >- GUID used as HII FormSet and HII Package list GUID in >UserIdentifyManagerDxe driver. >- >-Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#ifndef __USER_IDENTIFY_MANAGER_HII_H__ >-#define __USER_IDENTIFY_MANAGER_HII_H__ >- >-#define USER_IDENTIFY_MANAGER_GUID \ >- { \ >- 0x3ccd3dd8, 0x8d45, 0x4fed, { 0x96, 0x2d, 0x2b, 0x38, 0xcd, 0x82, 0xb3, >0xc4 } \ >- } >- >-extern EFI_GUID gUserIdentifyManagerGuid; >- >-#endif >diff --git a/SecurityPkg/Include/Guid/UserProfileManagerHii.h >b/SecurityPkg/Include/Guid/UserProfileManagerHii.h >deleted file mode 100644 >index 105059350c..0000000000 >--- a/SecurityPkg/Include/Guid/UserProfileManagerHii.h >+++ /dev/null >@@ -1,25 +0,0 @@ >-/** @file >- GUID used as HII FormSet and HII Package list GUID in >UserProfileManagerDxe driver. >- >-Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#ifndef __USER_PROFILE_MANAGER_HII_H__ >-#define __USER_PROFILE_MANAGER_HII_H__ >- >-#define USER_PROFILE_MANAGER_GUID \ >- { \ >- 0xc35f272c, 0x97c2, 0x465a, { 0xa2, 0x16, 0x69, 0x6b, 0x66, 0x8a, 0x8c, 0xfe } >\ >- } >- >-extern EFI_GUID gUserProfileManagerGuid; >- >-#endif >diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec >index 8d64b4fefe..0c2afe2938 100644 >--- a/SecurityPkg/SecurityPkg.dec >+++ b/SecurityPkg/SecurityPkg.dec >@@ -139,22 +139,10 @@ > # Include/Guid/Tcg2PhysicalPresenceData.h > gEfiTcg2PhysicalPresenceGuid = { 0xaeb9c5c1, 0x94f1, 0x4d02, { 0xbf, 0xd9, >0x46, 0x2, 0xdb, 0x2d, 0x3c, 0x54 }} > >- ## GUID used for form browser, password credential and provider identifier. >- # Include/Guid/PwdCredentialProviderHii.h >- gPwdCredentialProviderGuid = { 0x78b9ec8b, 0xc000, 0x46c5, { 0xac, >0x93, 0x24, 0xa0, 0xc1, 0xbb, 0x0, 0xce }} >- >- ## GUID used for form browser, USB credential and provider identifier. >- # Include/Guid/UsbCredentialProviderHii.h >- gUsbCredentialProviderGuid = { 0xd0849ed1, 0xa88c, 0x4ba6, { 0xb1, >0xd6, 0xab, 0x50, 0xe2, 0x80, 0xb7, 0xa9 }} >- > ## GUID used for FormSet guid and user profile variable. > # Include/Guid/UserIdentifyManagerHii.h > gUserIdentifyManagerGuid = { 0x3ccd3dd8, 0x8d45, 0x4fed, { 0x96, >0x2d, 0x2b, 0x38, 0xcd, 0x82, 0xb3, 0xc4 }} > >- ## GUID used for FormSet. >- # Include/Guid/UserProfileManagerHii.h >- gUserProfileManagerGuid = { 0xc35f272c, 0x97c2, 0x465a, { 0xa2, 0x16, >0x69, 0x6b, 0x66, 0x8a, 0x8c, 0xfe }} >- > ## GUID used for FormSet. > # Include/Guid/TcgConfigHii.h > gTcgConfigFormSetGuid = { 0xb0f901e4, 0xc424, 0x45de, { 0x90, 0x81, >0x95, 0xe2, 0xb, 0xde, 0x6f, 0xb5 }} >diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc >index 68a2953162..19aaebff1f 100644 >--- a/SecurityPkg/SecurityPkg.dsc >+++ b/SecurityPkg/SecurityPkg.dsc >@@ -146,8 +146,6 @@ > SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf > #SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.inf > >SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticati >onStatusLib.inf >- >#SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMana >gerDxe.inf >- >#SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManage >rDxe.inf > > # > # TPM >@@ -200,8 +198,6 @@ > SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf > > [Components.IA32, Components.X64] >-# >SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialPro >viderDxe.inf >-# >SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPro >viderDxe.inf > >SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig >Dxe.inf > > # >diff --git >a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialP >rovider.c >b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredential >Provider.c >deleted file mode 100644 >index 52fc68b5ee..0000000000 >--- >a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialP >rovider.c >+++ /dev/null >@@ -1,1464 +0,0 @@ >-/** @file >- Password Credential Provider driver implementation. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-(C) Copyright 2018 Hewlett Packard Enterprise Development LP<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#include "PwdCredentialProvider.h" >- >-CREDENTIAL_TABLE *mPwdTable = NULL; >-PWD_PROVIDER_CALLBACK_INFO *mCallbackInfo = NULL; >-PASSWORD_CREDENTIAL_INFO *mPwdInfoHandle = NULL; >- >-HII_VENDOR_DEVICE_PATH mHiiVendorDevicePath = { >- { >- { >- HARDWARE_DEVICE_PATH, >- HW_VENDOR_DP, >- { >- (UINT8) (sizeof (VENDOR_DEVICE_PATH)), >- (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) >- } >- }, >- PWD_CREDENTIAL_PROVIDER_GUID >- }, >- { >- END_DEVICE_PATH_TYPE, >- END_ENTIRE_DEVICE_PATH_SUBTYPE, >- { >- (UINT8) (END_DEVICE_PATH_LENGTH), >- (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8) >- } >- } >-}; >- >-EFI_USER_CREDENTIAL2_PROTOCOL gPwdCredentialProviderDriver = { >- PWD_CREDENTIAL_PROVIDER_GUID, >- EFI_USER_CREDENTIAL_CLASS_PASSWORD, >- CredentialEnroll, >- CredentialForm, >- CredentialTile, >- CredentialTitle, >- CredentialUser, >- CredentialSelect, >- CredentialDeselect, >- CredentialDefault, >- CredentialGetInfo, >- CredentialGetNextInfo, >- EFI_CREDENTIAL_CAPABILITIES_ENROLL, >- CredentialDelete >-}; >- >- >-/** >- Get string by string id from HII Interface. >- >- >- @param[in] Id String ID to get the string from. >- >- @retval CHAR16 * String from ID. >- @retval NULL If error occurs. >- >-**/ >-CHAR16 * >-GetStringById ( >- IN EFI_STRING_ID Id >- ) >-{ >- // >- // Get the current string for the current Language. >- // >- return HiiGetString (mCallbackInfo->HiiHandle, Id, NULL); >-} >- >- >-/** >- Expand password table size. >- >-**/ >-VOID >-ExpandTableSize ( >- VOID >- ) >-{ >- CREDENTIAL_TABLE *NewTable; >- UINTN Count; >- >- Count = mPwdTable->MaxCount + PASSWORD_TABLE_INC; >- // >- // Create new credential table. >- // >- NewTable = (CREDENTIAL_TABLE *) AllocateZeroPool ( >- sizeof (CREDENTIAL_TABLE) + >- (Count - 1) * sizeof (PASSWORD_INFO) >- ); >- ASSERT (NewTable != NULL); >- >- NewTable->MaxCount = Count; >- NewTable->Count = mPwdTable->Count; >- NewTable->ValidIndex = mPwdTable->ValidIndex; >- // >- // Copy old entries >- // >- CopyMem ( >- &NewTable->UserInfo, >- &mPwdTable->UserInfo, >- mPwdTable->Count * sizeof (PASSWORD_INFO) >- ); >- FreePool (mPwdTable); >- mPwdTable = NewTable; >-} >- >- >-/** >- Add, update or delete info in table, and sync with NV variable. >- >- @param[in] Index The index of the password in table. If index is found in >- table, update the info, else add the into to table. >- @param[in] Info The new password info to add into table.If Info is NULL, >- delete the info by Index. >- >- @retval EFI_INVALID_PARAMETER Info is NULL when save the info. >- @retval EFI_SUCCESS Modify the table successfully. >- @retval Others Failed to modify the table. >- >-**/ >-EFI_STATUS >-ModifyTable ( >- IN UINTN Index, >- IN PASSWORD_INFO * Info OPTIONAL >- ) >-{ >- EFI_STATUS Status; >- PASSWORD_INFO *NewPasswordInfo; >- >- NewPasswordInfo = NULL; >- >- if (Index < mPwdTable->Count) { >- if (Info == NULL) { >- // >- // Delete the specified entry. >- // >- mPwdTable->Count--; >- if (Index != mPwdTable->Count) { >- NewPasswordInfo = &mPwdTable->UserInfo[mPwdTable->Count]; >- } >- } else { >- // >- // Update the specified entry. >- // >- NewPasswordInfo = Info; >- } >- } else { >- // >- // Add a new password info. >- // >- if (Info == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- >- if (mPwdTable->Count >= mPwdTable->MaxCount) { >- ExpandTableSize (); >- } >- >- NewPasswordInfo = Info; >- mPwdTable->Count++; >- } >- >- if (NewPasswordInfo != NULL) { >- CopyMem (&mPwdTable->UserInfo[Index], NewPasswordInfo, sizeof >(PASSWORD_INFO)); >- } >- >- // >- // Save the credential table. >- // >- Status = gRT->SetVariable ( >- L"PwdCredential", >- &gPwdCredentialProviderGuid, >- EFI_VARIABLE_NON_VOLATILE | >EFI_VARIABLE_BOOTSERVICE_ACCESS, >- mPwdTable->Count * sizeof (PASSWORD_INFO), >- &mPwdTable->UserInfo >- ); >- return Status; >-} >- >- >-/** >- Create a password table. >- >- @retval EFI_SUCCESS Create a password table successfully. >- @retval Others Failed to create a password. >- >-**/ >-EFI_STATUS >-InitCredentialTable ( >- VOID >- ) >-{ >- EFI_STATUS Status; >- UINT8 *Var; >- UINTN VarSize; >- >- // >- // Get Password credential data from NV variable. >- // >- VarSize = 0; >- Var = NULL; >- Status = gRT->GetVariable ( >- L"PwdCredential", >- &gPwdCredentialProviderGuid, >- NULL, >- &VarSize, >- Var >- ); >- if (Status == EFI_BUFFER_TOO_SMALL) { >- Var = AllocateZeroPool (VarSize); >- if (Var == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- Status = gRT->GetVariable ( >- L"PwdCredential", >- &gPwdCredentialProviderGuid, >- NULL, >- &VarSize, >- Var >- ); >- } >- if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) { >- return Status; >- } >- >- // >- // Create the password credential table. >- // >- mPwdTable = AllocateZeroPool ( >- sizeof (CREDENTIAL_TABLE) - sizeof (PASSWORD_INFO) + >- PASSWORD_TABLE_INC * sizeof (PASSWORD_INFO) + >- VarSize >- ); >- if (mPwdTable == NULL) { >- FreePool (Var); >- return EFI_OUT_OF_RESOURCES; >- } >- >- mPwdTable->Count = VarSize / sizeof (PASSWORD_INFO); >- mPwdTable->MaxCount = mPwdTable->Count + PASSWORD_TABLE_INC; >- mPwdTable->ValidIndex = 0; >- if (Var != NULL) { >- CopyMem (mPwdTable->UserInfo, Var, VarSize); >- FreePool (Var); >- } >- return EFI_SUCCESS; >-} >- >- >-/** >- Hash the password to get credential. >- >- @param[in] Password Points to the input password. >- @param[in] PasswordSize The size of password, in bytes. >- @param[out] Credential Points to the hashed result. >- >- @retval TRUE Hash the password successfully. >- @retval FALSE Failed to hash the password. >- >-**/ >-BOOLEAN >-GenerateCredential ( >- IN CHAR16 *Password, >- IN UINTN PasswordSize, >- OUT UINT8 *Credential >- ) >-{ >- BOOLEAN Status; >- UINTN HashSize; >- VOID *Hash; >- >- HashSize = Sha1GetContextSize (); >- Hash = AllocatePool (HashSize); >- ASSERT (Hash != NULL); >- >- Status = Sha1Init (Hash); >- if (!Status) { >- goto Done; >- } >- >- Status = Sha1Update (Hash, Password, PasswordSize); >- if (!Status) { >- goto Done; >- } >- >- Status = Sha1Final (Hash, Credential); >- >-Done: >- FreePool (Hash); >- return Status; >-} >- >- >-/** >- Get password from user input. >- >- @param[in] FirstPwd If True, prompt to input the first password. >- If False, prompt to input password again. >- @param[out] Credential Points to the input password. >- >-**/ >-VOID >-GetPassword ( >- IN BOOLEAN FirstPwd, >- OUT CHAR8 *Credential >- ) >-{ >- EFI_INPUT_KEY Key; >- CHAR16 PasswordMask[CREDENTIAL_LEN + 1]; >- CHAR16 Password[CREDENTIAL_LEN]; >- UINTN PasswordLen; >- CHAR16 *QuestionStr; >- CHAR16 *LineStr; >- >- PasswordLen = 0; >- while (TRUE) { >- PasswordMask[PasswordLen] = L'_'; >- PasswordMask[PasswordLen + 1] = L'\0'; >- LineStr = GetStringById (STRING_TOKEN (STR_DRAW_A_LINE)); >- if (FirstPwd) { >- QuestionStr = GetStringById (STRING_TOKEN (STR_INPUT_PASSWORD)); >- } else { >- QuestionStr = GetStringById (STRING_TOKEN >(STR_INPUT_PASSWORD_AGAIN)); >- } >- CreatePopUp ( >- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >- &Key, >- QuestionStr, >- LineStr, >- PasswordMask, >- NULL >- ); >- FreePool (QuestionStr); >- FreePool (LineStr); >- >- // >- // Check key stroke >- // >- if (Key.ScanCode == SCAN_NULL) { >- if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { >- break; >- } else if (Key.UnicodeChar == CHAR_BACKSPACE) { >- if (PasswordLen > 0) { >- PasswordLen--; >- } >- } else if ((Key.UnicodeChar == CHAR_NULL) || >- (Key.UnicodeChar == CHAR_TAB) || >- (Key.UnicodeChar == CHAR_LINEFEED)) { >- continue; >- } else { >- Password[PasswordLen] = Key.UnicodeChar; >- PasswordMask[PasswordLen] = L'*'; >- PasswordLen++; >- if (PasswordLen == CREDENTIAL_LEN) { >- break; >- } >- } >- } >- } >- >- PasswordLen = PasswordLen * sizeof (CHAR16); >- GenerateCredential (Password, PasswordLen, (UINT8 *)Credential); >-} >- >-/** >- Check whether the password can be found on this provider. >- >- @param[in] Password The password to be found. >- >- @retval EFI_SUCCESS Found password sucessfully. >- @retval EFI_NOT_FOUND Fail to find the password. >- >-**/ >-EFI_STATUS >-CheckPassword ( >- IN CHAR8 *Password >- ) >-{ >- UINTN Index; >- CHAR8 *Pwd; >- >- // >- // Check password credential. >- // >- mPwdTable->ValidIndex = 0; >- for (Index = 0; Index < mPwdTable->Count; Index++) { >- Pwd = mPwdTable->UserInfo[Index].Password; >- if (CompareMem (Pwd, Password, CREDENTIAL_LEN) == 0) { >- mPwdTable->ValidIndex = Index + 1; >- return EFI_SUCCESS; >- } >- } >- >- return EFI_NOT_FOUND; >-} >- >- >-/** >- Find a user infomation record by the information record type. >- >- This function searches all user information records of User from beginning >- until either the information is found, or there are no more user infomation >- records. A match occurs when a Info.InfoType field matches the user >information >- record type. >- >- @param[in] User Points to the user profile record to search. >- @param[in] InfoType The infomation type to be searched. >- @param[out] Info Points to the user info found, the caller is responsible >- to free. >- >- @retval EFI_SUCCESS Find the user information successfully. >- @retval Others Fail to find the user information. >- >-**/ >-EFI_STATUS >-FindUserInfoByType ( >- IN EFI_USER_PROFILE_HANDLE User, >- IN UINT8 InfoType, >- OUT EFI_USER_INFO **Info >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO *UserInfo; >- UINTN UserInfoSize; >- EFI_USER_INFO_HANDLE UserInfoHandle; >- EFI_USER_MANAGER_PROTOCOL *UserManager; >- >- // >- // Find user information by information type. >- // >- if (Info == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- >- Status = gBS->LocateProtocol ( >- &gEfiUserManagerProtocolGuid, >- NULL, >- (VOID **) &UserManager >- ); >- if (EFI_ERROR (Status)) { >- return EFI_NOT_FOUND; >- } >- >- // >- // Get each user information. >- // >- >- UserInfoHandle = NULL; >- UserInfo = NULL; >- UserInfoSize = 0; >- while (TRUE) { >- Status = UserManager->GetNextInfo (UserManager, User, >&UserInfoHandle); >- if (EFI_ERROR (Status)) { >- break; >- } >- // >- // Get information. >- // >- Status = UserManager->GetInfo ( >- UserManager, >- User, >- UserInfoHandle, >- UserInfo, >- &UserInfoSize >- ); >- if (Status == EFI_BUFFER_TOO_SMALL) { >- if (UserInfo != NULL) { >- FreePool (UserInfo); >- } >- UserInfo = AllocateZeroPool (UserInfoSize); >- if (UserInfo == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- Status = UserManager->GetInfo ( >- UserManager, >- User, >- UserInfoHandle, >- UserInfo, >- &UserInfoSize >- ); >- } >- if (EFI_ERROR (Status)) { >- break; >- } >- >- ASSERT (UserInfo != NULL); >- if (UserInfo->InfoType == InfoType) { >- *Info = UserInfo; >- return EFI_SUCCESS; >- } >- } >- >- if (UserInfo != NULL) { >- FreePool (UserInfo); >- } >- return Status; >-} >- >- >-/** >- This function processes the results of changes in configuration. >- >- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. >- @param Action Specifies the type of action taken by the browser. >- @param QuestionId A unique value which is sent to the original >- exporting driver so that it can identify the type >- of data to expect. >- @param Type The type of value for the question. >- @param Value A pointer to the data being sent to the original >- exporting driver. >- @param ActionRequest On return, points to the action requested by >the >- callback function. >- >- @retval EFI_SUCCESS The callback successfully handled the action. >- @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold >the >- variable and its data. >- @retval EFI_DEVICE_ERROR The variable could not be saved. >- @retval EFI_UNSUPPORTED The specified Action is not supported by the >- callback. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialDriverCallback ( >- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, >- IN EFI_BROWSER_ACTION Action, >- IN EFI_QUESTION_ID QuestionId, >- IN UINT8 Type, >- IN EFI_IFR_TYPE_VALUE *Value, >- OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest >- ) >-{ >- EFI_STATUS Status; >- EFI_INPUT_KEY Key; >- CHAR8 Password[CREDENTIAL_LEN]; >- CHAR16 *PromptStr; >- >- if (Action == EFI_BROWSER_ACTION_CHANGED) { >- if (QuestionId == KEY_GET_PASSWORD) { >- // >- // Get and check password. >- // >- GetPassword (TRUE, Password); >- Status = CheckPassword (Password); >- if (EFI_ERROR (Status)) { >- PromptStr = GetStringById (STRING_TOKEN >(STR_PASSWORD_INCORRECT)); >- CreatePopUp ( >- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >- &Key, >- L"", >- PromptStr, >- L"", >- NULL >- ); >- FreePool (PromptStr); >- return Status; >- } >- *ActionRequest = EFI_BROWSER_ACTION_REQUEST_EXIT; >- } >- return EFI_SUCCESS; >- } >- >- // >- // All other action return unsupported. >- // >- return EFI_UNSUPPORTED; >-} >- >- >-/** >- This function allows a caller to extract the current configuration for one >- or more named elements from the target driver. >- >- >- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. >- @param Request A null-terminated Unicode string in <ConfigRequest> >format. >- @param Progress On return, points to a character in the Request string. >- Points to the string's null terminator if request was successful. >- Points to the most recent '&' before the first failing name/value >- pair (or the beginning of the string if the failure is in the >- first name/value pair) if the request was not successful. >- @param Results A null-terminated Unicode string in <ConfigAltResp> >format which >- has all values filled in for the names in the Request string. >- String to be allocated by the called function. >- >- @retval EFI_SUCCESS The Results is filled with the requested values. >- @retval EFI_OUT_OF_RESOURCES Not enough memory to store the >results. >- @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown >name. >- @retval EFI_NOT_FOUND Routing data doesn't match any storage in >this driver. >- >-**/ >-EFI_STATUS >-EFIAPI >-FakeExtractConfig ( >- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, >- IN CONST EFI_STRING Request, >- OUT EFI_STRING *Progress, >- OUT EFI_STRING *Results >- ) >-{ >- if (Progress == NULL || Results == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- *Progress = Request; >- return EFI_NOT_FOUND; >-} >- >-/** >- This function processes the results of changes in configuration. >- >- >- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. >- @param Configuration A null-terminated Unicode string in <ConfigResp> >format. >- @param Progress A pointer to a string filled in with the offset of the >most >- recent '&' before the first failing name/value pair (or the >- beginning of the string if the failure is in the first >- name/value pair) or the terminating NULL if all was successful. >- >- @retval EFI_SUCCESS The Results is processed successfully. >- @retval EFI_INVALID_PARAMETER Configuration is NULL. >- @retval EFI_NOT_FOUND Routing data doesn't match any storage in >this driver. >- >-**/ >-EFI_STATUS >-EFIAPI >-FakeRouteConfig ( >- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, >- IN CONST EFI_STRING Configuration, >- OUT EFI_STRING *Progress >- ) >-{ >- if (Configuration == NULL || Progress == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- >- *Progress = Configuration; >- >- return EFI_NOT_FOUND; >-} >- >-/** >- This function initialize the data mainly used in form browser. >- >- @retval EFI_SUCCESS Initialize form data successfully. >- @retval Others Fail to Initialize form data. >- >-**/ >-EFI_STATUS >-InitFormBrowser ( >- VOID >- ) >-{ >- EFI_STATUS Status; >- PWD_PROVIDER_CALLBACK_INFO *CallbackInfo; >- >- // >- // Initialize driver private data. >- // >- CallbackInfo = AllocateZeroPool (sizeof (PWD_PROVIDER_CALLBACK_INFO)); >- if (CallbackInfo == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- >- CallbackInfo->Signature = PWD_PROVIDER_SIGNATURE; >- CallbackInfo->ConfigAccess.ExtractConfig = FakeExtractConfig; >- CallbackInfo->ConfigAccess.RouteConfig = FakeRouteConfig; >- CallbackInfo->ConfigAccess.Callback = CredentialDriverCallback; >- CallbackInfo->DriverHandle = NULL; >- >- // >- // Install Device Path Protocol and Config Access protocol to driver handle. >- // >- Status = gBS->InstallMultipleProtocolInterfaces ( >- &CallbackInfo->DriverHandle, >- &gEfiDevicePathProtocolGuid, >- &mHiiVendorDevicePath, >- &gEfiHiiConfigAccessProtocolGuid, >- &CallbackInfo->ConfigAccess, >- NULL >- ); >- ASSERT_EFI_ERROR (Status); >- >- // >- // Publish HII data. >- // >- CallbackInfo->HiiHandle = HiiAddPackages ( >- &gPwdCredentialProviderGuid, >- CallbackInfo->DriverHandle, >- PwdCredentialProviderStrings, >- PwdCredentialProviderVfrBin, >- NULL >- ); >- if (CallbackInfo->HiiHandle == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- mCallbackInfo = CallbackInfo; >- >- return Status; >-} >- >- >-/** >- Enroll a user on a credential provider. >- >- This function enrolls a user on this credential provider. If the user exists on >- this credential provider, update the user information on this credential >provider; >- otherwise add the user information on credential provider. >- >- @param[in] This Points to this instance of >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in] User The user profile to enroll. >- >- @retval EFI_SUCCESS User profile was successfully enrolled. >- @retval EFI_ACCESS_DENIED Current user profile does not permit >enrollment on the >- user profile handle. Either the user profile cannot enroll >- on any user profile or cannot enroll on a user profile >- other than the current user profile. >- @retval EFI_UNSUPPORTED This credential provider does not support >enrollment in >- the pre-OS. >- @retval EFI_DEVICE_ERROR The new credential could not be created >because of a device >- error. >- @retval EFI_INVALID_PARAMETER User does not refer to a valid user >profile handle. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialEnroll ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User >- ) >-{ >- EFI_STATUS Status; >- UINTN Index; >- PASSWORD_INFO PwdInfo; >- EFI_USER_INFO *UserInfo; >- CHAR8 Password[CREDENTIAL_LEN]; >- EFI_INPUT_KEY Key; >- UINT8 *UserId; >- CHAR16 *QuestionStr; >- CHAR16 *PromptStr; >- >- if ((This == NULL) || (User == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Get User Identifier. >- // >- UserInfo = NULL; >- Status = FindUserInfoByType ( >- User, >- EFI_USER_INFO_IDENTIFIER_RECORD, >- &UserInfo >- ); >- if (EFI_ERROR (Status)) { >- return EFI_INVALID_PARAMETER; >- } >- >- CopyMem (PwdInfo.UserId, (UINT8 *) (UserInfo + 1), sizeof >(EFI_USER_INFO_IDENTIFIER)); >- FreePool (UserInfo); >- >- // >- // Get password from user. >- // >- while (TRUE) { >- // >- // Input password. >- // >- GetPassword (TRUE, PwdInfo.Password); >- >- // >- // Input password again. >- // >- GetPassword (FALSE, Password); >- >- // >- // Compare the two password consistency. >- // >- if (CompareMem (PwdInfo.Password, Password, CREDENTIAL_LEN) == 0) { >- break; >- } >- >- QuestionStr = GetStringById (STRING_TOKEN >(STR_PASSWORD_MISMATCH)); >- PromptStr = GetStringById (STRING_TOKEN >(STR_INPUT_PASSWORD_AGAIN)); >- CreatePopUp ( >- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >- &Key, >- QuestionStr, >- L"", >- PromptStr, >- NULL >- ); >- FreePool (QuestionStr); >- FreePool (PromptStr); >- } >- >- // >- // Check whether User is ever enrolled in the provider. >- // >- for (Index = 0; Index < mPwdTable->Count; Index++) { >- UserId = (UINT8 *) &mPwdTable->UserInfo[Index].UserId; >- if (CompareMem (UserId, (UINT8 *) &PwdInfo.UserId, sizeof >(EFI_USER_INFO_IDENTIFIER)) == 0) { >- // >- // User already exists, update the password. >- // >- break; >- } >- } >- >- // >- // Enroll the User to the provider. >- // >- Status = ModifyTable (Index, &PwdInfo); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- return EFI_SUCCESS; >-} >- >- >-/** >- Returns the user interface information used during user identification. >- >- This function returns information about the form used when interacting >with the >- user during user identification. The form is the first enabled form in the >form-set >- class EFI_HII_USER_CREDENTIAL_FORMSET_GUID installed on the HII >handle HiiHandle. If >- the user credential provider does not require a form to identify the user, >then this >- function should return EFI_NOT_FOUND. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[out] Hii On return, holds the HII database handle. >- @param[out] FormSetId On return, holds the identifier of the form set >which contains >- the form used during user identification. >- @param[out] FormId On return, holds the identifier of the form used >during user >- identification. >- >- @retval EFI_SUCCESS Form returned successfully. >- @retval EFI_NOT_FOUND Form not returned. >- @retval EFI_INVALID_PARAMETER Hii is NULL or FormSetId is NULL or >FormId is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialForm ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- OUT EFI_HII_HANDLE *Hii, >- OUT EFI_GUID *FormSetId, >- OUT EFI_FORM_ID *FormId >- ) >-{ >- if ((This == NULL) || (Hii == NULL) || >- (FormSetId == NULL) || (FormId == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- *Hii = mCallbackInfo->HiiHandle; >- *FormId = FORMID_GET_PASSWORD_FORM; >- CopyGuid (FormSetId, &gPwdCredentialProviderGuid); >- >- return EFI_SUCCESS; >-} >- >- >-/** >- Returns bitmap used to describe the credential provider type. >- >- This optional function returns a bitmap that is less than or equal to the >number >- of pixels specified by Width and Height. If no such bitmap exists, then >EFI_NOT_FOUND >- is returned. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in, out] Width On entry, points to the desired bitmap width. If >NULL then no >- bitmap information will be returned. On exit, points to the >- width of the bitmap returned. >- @param[in, out] Height On entry, points to the desired bitmap height. If >NULL then no >- bitmap information will be returned. On exit, points to the >- height of the bitmap returned >- @param[out] Hii On return, holds the HII database handle. >- @param[out] Image On return, holds the HII image identifier. >- >- @retval EFI_SUCCESS Image identifier returned successfully. >- @retval EFI_NOT_FOUND Image identifier not returned. >- @retval EFI_INVALID_PARAMETER Hii is NULL or Image is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialTile ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN OUT UINTN *Width, >- IN OUT UINTN *Height, >- OUT EFI_HII_HANDLE *Hii, >- OUT EFI_IMAGE_ID *Image >- ) >-{ >- if ((This == NULL) || (Hii == NULL) || (Image == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- return EFI_NOT_FOUND; >-} >- >- >-/** >- Returns string used to describe the credential provider type. >- >- This function returns a string which describes the credential provider. If no >- such string exists, then EFI_NOT_FOUND is returned. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[out] Hii On return, holds the HII database handle. >- @param[out] String On return, holds the HII string identifier. >- >- @retval EFI_SUCCESS String identifier returned successfully. >- @retval EFI_NOT_FOUND String identifier not returned. >- @retval EFI_INVALID_PARAMETER Hii is NULL or String is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialTitle ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- OUT EFI_HII_HANDLE *Hii, >- OUT EFI_STRING_ID *String >- ) >-{ >- if ((This == NULL) || (Hii == NULL) || (String == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Set Hii handle and String ID. >- // >- *Hii = mCallbackInfo->HiiHandle; >- *String = STRING_TOKEN (STR_CREDENTIAL_TITLE); >- >- return EFI_SUCCESS; >-} >- >- >-/** >- Return the user identifier associated with the currently authenticated user. >- >- This function returns the user identifier of the user authenticated by this >credential >- provider. This function is called after the credential-related information has >been >- submitted on a form, OR after a call to Default() has returned that this >credential is >- ready to log on. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in] User The user profile handle of the user profile currently >being >- considered by the user identity manager. If NULL, then no user >- profile is currently under consideration. >- @param[out] Identifier On return, points to the user identifier. >- >- @retval EFI_SUCCESS User identifier returned successfully. >- @retval EFI_NOT_READY No user identifier can be returned. >- @retval EFI_ACCESS_DENIED The user has been locked out of this user >credential. >- @retval EFI_INVALID_PARAMETER This is NULL, or Identifier is NULL. >- @retval EFI_NOT_FOUND User is not NULL, and the specified user >handle can't be >- found in user profile database >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialUser ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User, >- OUT EFI_USER_INFO_IDENTIFIER *Identifier >- ) >-{ >- EFI_STATUS Status; >- UINTN Index; >- EFI_USER_INFO *UserInfo; >- UINT8 *UserId; >- UINT8 *NewUserId; >- CHAR8 *Pwd; >- CHAR8 *NewPwd; >- >- if ((This == NULL) || (Identifier == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- if (mPwdTable->ValidIndex == 0) { >- // >- // No password input, or the input password doesn't match >- // anyone in PwdTable. >- // >- return EFI_NOT_READY; >- } >- >- if (User == NULL) { >- // >- // Return the user ID whose password matches the input password. >- // >- CopyMem ( >- Identifier, >- &mPwdTable->UserInfo[mPwdTable->ValidIndex - 1].UserId, >- sizeof (EFI_USER_INFO_IDENTIFIER) >- ); >- return EFI_SUCCESS; >- } >- >- // >- // Get the User's ID. >- // >- Status = FindUserInfoByType ( >- User, >- EFI_USER_INFO_IDENTIFIER_RECORD, >- &UserInfo >- ); >- if (EFI_ERROR (Status)) { >- return EFI_NOT_FOUND; >- } >- >- // >- // Check whether the input password matches one in PwdTable. >- // >- for (Index = 0; Index < mPwdTable->Count; Index++) { >- UserId = (UINT8 *) &mPwdTable->UserInfo[Index].UserId; >- NewUserId = (UINT8 *) (UserInfo + 1); >- if (CompareMem (UserId, NewUserId, sizeof (EFI_USER_INFO_IDENTIFIER)) >== 0) { >- Pwd = mPwdTable->UserInfo[Index].Password; >- NewPwd = mPwdTable->UserInfo[mPwdTable->ValidIndex - 1].Password; >- if (CompareMem (Pwd, NewPwd, CREDENTIAL_LEN) == 0) { >- CopyMem (Identifier, UserId, sizeof (EFI_USER_INFO_IDENTIFIER)); >- FreePool (UserInfo); >- return EFI_SUCCESS; >- } >- } >- } >- >- FreePool (UserInfo); >- return EFI_NOT_READY; >-} >- >- >-/** >- Indicate that user interface interaction has begun for the specified >credential. >- >- This function is called when a credential provider is selected by the user. If >- AutoLogon returns FALSE, then the user interface will be constructed by the >User >- Identity Manager. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[out] AutoLogon On return, points to the credential provider's >capabilities >- after the credential provider has been selected by the user. >- >- @retval EFI_SUCCESS Credential provider successfully selected. >- @retval EFI_INVALID_PARAMETER AutoLogon is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialSelect ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon >- ) >-{ >- if ((This == NULL) || (AutoLogon == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- *AutoLogon = 0; >- >- return EFI_SUCCESS; >-} >- >- >-/** >- Indicate that user interface interaction has ended for the specified >credential. >- >- This function is called when a credential provider is deselected by the user. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- >- @retval EFI_SUCCESS Credential provider successfully deselected. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialDeselect ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This >- ) >-{ >- if (This == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- return EFI_SUCCESS; >-} >- >- >-/** >- Return the default logon behavior for this user credential. >- >- This function reports the default login behavior regarding this credential >provider. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[out] AutoLogon On return, holds whether the credential provider >should be used >- by default to automatically log on the user. >- >- @retval EFI_SUCCESS Default information successfully returned. >- @retval EFI_INVALID_PARAMETER AutoLogon is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialDefault ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon >- ) >-{ >- if ((This == NULL) || (AutoLogon == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- *AutoLogon = 0; >- >- return EFI_SUCCESS; >-} >- >- >-/** >- Return information attached to the credential provider. >- >- This function returns user information. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in] UserInfo Handle of the user information data record. >- @param[out] Info On entry, points to a buffer of at least *InfoSize >bytes. On >- exit, holds the user information. If the buffer is too small >- to hold the information, then EFI_BUFFER_TOO_SMALL is >returned >- and InfoSize is updated to contain the number of bytes >actually >- required. >- @param[in, out] InfoSize On entry, points to the size of Info. On return, >points to the >- size of the user information. >- >- @retval EFI_SUCCESS Information returned successfully. >- @retval EFI_BUFFER_TOO_SMALL The size specified by InfoSize is too small >to hold all of the >- user information. The size required is returned in *InfoSize. >- @retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL. >- @retval EFI_NOT_FOUND The specified UserInfo does not refer to a >valid user info handle. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialGetInfo ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN EFI_USER_INFO_HANDLE UserInfo, >- OUT EFI_USER_INFO *Info, >- IN OUT UINTN *InfoSize >- ) >-{ >- EFI_USER_INFO *CredentialInfo; >- UINTN Index; >- >- if ((This == NULL) || (InfoSize == NULL) || (Info == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- if ((UserInfo == NULL) || (mPwdInfoHandle == NULL)) { >- return EFI_NOT_FOUND; >- } >- >- // >- // Find information handle in credential info table. >- // >- for (Index = 0; Index < mPwdInfoHandle->Count; Index++) { >- CredentialInfo = mPwdInfoHandle->Info[Index]; >- if (UserInfo == (EFI_USER_INFO_HANDLE)CredentialInfo) { >- // >- // The handle is found, copy the user info. >- // >- if (CredentialInfo->InfoSize > *InfoSize) { >- *InfoSize = CredentialInfo->InfoSize; >- return EFI_BUFFER_TOO_SMALL; >- } >- CopyMem (Info, CredentialInfo, CredentialInfo->InfoSize); >- return EFI_SUCCESS; >- } >- } >- >- return EFI_NOT_FOUND; >-} >- >- >-/** >- Enumerate all of the user informations on the credential provider. >- >- This function returns the next user information record. To retrieve the first >user >- information record handle, point UserInfo at a NULL. Each subsequent call >will retrieve >- another user information record handle until there are no more, at which >point UserInfo >- will point to NULL. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in, out] UserInfo On entry, points to the previous user information >handle or NULL >- to start enumeration. On exit, points to the next user >information >- handle or NULL if there is no more user information. >- >- @retval EFI_SUCCESS User information returned. >- @retval EFI_NOT_FOUND No more user information found. >- @retval EFI_INVALID_PARAMETER UserInfo is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialGetNextInfo ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN OUT EFI_USER_INFO_HANDLE *UserInfo >- ) >-{ >- EFI_USER_INFO *Info; >- CHAR16 *ProvNameStr; >- UINTN InfoLen; >- UINTN Index; >- UINTN ProvStrLen; >- >- if ((This == NULL) || (UserInfo == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- if (mPwdInfoHandle == NULL) { >- // >- // Initilized user info table. There are 4 user info records in the table. >- // >- InfoLen = sizeof (PASSWORD_CREDENTIAL_INFO) + (4 - 1) * sizeof >(EFI_USER_INFO *); >- mPwdInfoHandle = AllocateZeroPool (InfoLen); >- if (mPwdInfoHandle == NULL) { >- *UserInfo = NULL; >- return EFI_NOT_FOUND; >- } >- >- // >- // The first information, Credential Provider info. >- // >- InfoLen = sizeof (EFI_USER_INFO) + sizeof (EFI_GUID); >- Info = AllocateZeroPool (InfoLen); >- ASSERT (Info != NULL); >- >- Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_RECORD; >- Info->InfoSize = (UINT32) InfoLen; >- Info->InfoAttribs = EFI_USER_INFO_PROTECTED; >- CopyGuid (&Info->Credential, &gPwdCredentialProviderGuid); >- CopyGuid ((EFI_GUID *)(Info + 1), &gPwdCredentialProviderGuid); >- >- mPwdInfoHandle->Info[0] = Info; >- mPwdInfoHandle->Count++; >- >- // >- // The second information, Credential Provider name info. >- // >- ProvNameStr = GetStringById (STRING_TOKEN (STR_PROVIDER_NAME)); >- ProvStrLen = StrSize (ProvNameStr); >- InfoLen = sizeof (EFI_USER_INFO) + ProvStrLen; >- Info = AllocateZeroPool (InfoLen); >- ASSERT (Info != NULL); >- >- Info->InfoType = >EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD; >- Info->InfoSize = (UINT32) InfoLen; >- Info->InfoAttribs = EFI_USER_INFO_PROTECTED; >- CopyGuid (&Info->Credential, &gPwdCredentialProviderGuid); >- CopyMem ((UINT8*)(Info + 1), ProvNameStr, ProvStrLen); >- FreePool (ProvNameStr); >- >- mPwdInfoHandle->Info[1] = Info; >- mPwdInfoHandle->Count++; >- >- // >- // The third information, Credential Provider type info. >- // >- InfoLen = sizeof (EFI_USER_INFO) + sizeof (EFI_GUID); >- Info = AllocateZeroPool (InfoLen); >- ASSERT (Info != NULL); >- >- Info->InfoType = EFI_USER_INFO_CREDENTIAL_TYPE_RECORD; >- Info->InfoSize = (UINT32) InfoLen; >- Info->InfoAttribs = EFI_USER_INFO_PROTECTED; >- CopyGuid (&Info->Credential, &gPwdCredentialProviderGuid); >- CopyGuid ((EFI_GUID *)(Info + 1), &gEfiUserCredentialClassPasswordGuid); >- >- mPwdInfoHandle->Info[2] = Info; >- mPwdInfoHandle->Count++; >- >- // >- // The fourth information, Credential Provider type name info. >- // >- ProvNameStr = GetStringById (STRING_TOKEN >(STR_PROVIDER_TYPE_NAME)); >- ProvStrLen = StrSize (ProvNameStr); >- InfoLen = sizeof (EFI_USER_INFO) + ProvStrLen; >- Info = AllocateZeroPool (InfoLen); >- ASSERT (Info != NULL); >- >- Info->InfoType = >EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD; >- Info->InfoSize = (UINT32) InfoLen; >- Info->InfoAttribs = EFI_USER_INFO_PROTECTED; >- CopyGuid (&Info->Credential, &gPwdCredentialProviderGuid); >- CopyMem ((UINT8*)(Info + 1), ProvNameStr, ProvStrLen); >- FreePool (ProvNameStr); >- >- mPwdInfoHandle->Info[3] = Info; >- mPwdInfoHandle->Count++; >- } >- >- if (*UserInfo == NULL) { >- // >- // Return the first info handle. >- // >- *UserInfo = (EFI_USER_INFO_HANDLE) mPwdInfoHandle->Info[0]; >- return EFI_SUCCESS; >- } >- >- // >- // Find information handle in credential info table. >- // >- for (Index = 0; Index < mPwdInfoHandle->Count; Index++) { >- Info = mPwdInfoHandle->Info[Index]; >- if (*UserInfo == (EFI_USER_INFO_HANDLE)Info) { >- // >- // The handle is found, get the next one. >- // >- if (Index == mPwdInfoHandle->Count - 1) { >- // >- // Already last one. >- // >- *UserInfo = NULL; >- return EFI_NOT_FOUND; >- } >- >- Index++; >- *UserInfo = (EFI_USER_INFO_HANDLE)mPwdInfoHandle->Info[Index]; >- return EFI_SUCCESS; >- } >- } >- >- *UserInfo = NULL; >- return EFI_NOT_FOUND; >-} >- >-/** >- Delete a user on this credential provider. >- >- This function deletes a user on this credential provider. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in] User The user profile handle to delete. >- >- @retval EFI_SUCCESS User profile was successfully deleted. >- @retval EFI_ACCESS_DENIED Current user profile does not permit >deletion on the user profile handle. >- Either the user profile cannot delete on any user profile or >cannot delete >- on a user profile other than the current user profile. >- @retval EFI_UNSUPPORTED This credential provider does not support >deletion in the pre-OS. >- @retval EFI_DEVICE_ERROR The new credential could not be deleted >because of a device error. >- @retval EFI_INVALID_PARAMETER User does not refer to a valid user >profile handle. >-**/ >-EFI_STATUS >-EFIAPI >-CredentialDelete ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO *UserInfo; >- UINT8 *UserId; >- UINT8 *NewUserId; >- UINTN Index; >- >- if ((This == NULL) || (User == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Get User Identifier. >- // >- UserInfo = NULL; >- Status = FindUserInfoByType ( >- User, >- EFI_USER_INFO_IDENTIFIER_RECORD, >- &UserInfo >- ); >- if (EFI_ERROR (Status)) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Find the user by user identifier in mPwdTable. >- // >- for (Index = 0; Index < mPwdTable->Count; Index++) { >- UserId = (UINT8 *) &mPwdTable->UserInfo[Index].UserId; >- NewUserId = (UINT8 *) (UserInfo + 1); >- if (CompareMem (UserId, NewUserId, sizeof (EFI_USER_INFO_IDENTIFIER)) >== 0) { >- // >- // Found the user, delete it. >- // >- ModifyTable (Index, NULL); >- break; >- } >- } >- >- FreePool (UserInfo); >- return EFI_SUCCESS; >-} >- >- >-/** >- Main entry for this driver. >- >- @param ImageHandle Image handle this driver. >- @param SystemTable Pointer to SystemTable. >- >- @retval EFI_SUCESS This function always complete successfully. >- >-**/ >-EFI_STATUS >-EFIAPI >-PasswordProviderInit ( >- IN EFI_HANDLE ImageHandle, >- IN EFI_SYSTEM_TABLE *SystemTable >- ) >-{ >- EFI_STATUS Status; >- >- // >- // It is NOT robust enough to be included in production. >- // >- #error "This implementation is just a sample, please comment this line if you >really want to use this driver." >- >- // >- // Init credential table. >- // >- Status = InitCredentialTable (); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- // >- // Init Form Browser. >- // >- Status = InitFormBrowser (); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- // >- // Install protocol interfaces for the password credential provider. >- // >- Status = gBS->InstallProtocolInterface ( >- &mCallbackInfo->DriverHandle, >- &gEfiUserCredential2ProtocolGuid, >- EFI_NATIVE_INTERFACE, >- &gPwdCredentialProviderDriver >- ); >- return Status; >-} >diff --git >a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialP >rovider.h >b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredential >Provider.h >deleted file mode 100644 >index fd782549fd..0000000000 >--- >a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialP >rovider.h >+++ /dev/null >@@ -1,374 +0,0 @@ >-/** @file >- Password Credential Provider driver header file. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#ifndef _PASSWORD_CREDENTIAL_PROVIDER_H_ >-#define _PASSWORD_CREDENTIAL_PROVIDER_H_ >- >-#include <Uefi.h> >- >-#include <Guid/GlobalVariable.h> >- >-#include <Protocol/HiiConfigAccess.h> >-#include <Protocol/UserCredential2.h> >-#include <Protocol/UserManager.h> >- >-#include <Library/UefiRuntimeServicesTableLib.h> >-#include <Library/UefiBootServicesTableLib.h> >-#include <Library/MemoryAllocationLib.h> >-#include <Library/BaseMemoryLib.h> >-#include <Library/DevicePathLib.h> >-#include <Library/DebugLib.h> >-#include <Library/UefiLib.h> >-#include <Library/PrintLib.h> >-#include <Library/HiiLib.h> >-#include <Library/BaseCryptLib.h> >- >-#include "PwdCredentialProviderData.h" >- >-extern UINT8 PwdCredentialProviderStrings[]; >-extern UINT8 PwdCredentialProviderVfrBin[]; >- >-#define PASSWORD_TABLE_INC 16 >-#define CREDENTIAL_LEN 20 >- >-// >-// Password credential information. >-// >-typedef struct { >- EFI_USER_INFO_IDENTIFIER UserId; >- CHAR8 Password[CREDENTIAL_LEN]; >-} PASSWORD_INFO; >- >-// >-// Password credential table. >-// >-typedef struct { >- UINTN Count; >- UINTN MaxCount; >- UINTN ValidIndex; >- PASSWORD_INFO UserInfo[1]; >-} CREDENTIAL_TABLE; >- >-// >-// The user information on the password provider. >-// >-typedef struct { >- UINTN Count; >- EFI_USER_INFO *Info[1]; >-} PASSWORD_CREDENTIAL_INFO; >- >-/// >-/// HII specific Vendor Device Path definition. >-/// >-typedef struct { >- VENDOR_DEVICE_PATH VendorDevicePath; >- EFI_DEVICE_PATH_PROTOCOL End; >-} HII_VENDOR_DEVICE_PATH; >- >-#define PWD_PROVIDER_SIGNATURE SIGNATURE_32 ('P', 'W', 'D', 'P') >- >-typedef struct { >- UINTN Signature; >- EFI_HANDLE DriverHandle; >- EFI_HII_HANDLE HiiHandle; >- // >- // Produced protocol. >- // >- EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess; >-} PWD_PROVIDER_CALLBACK_INFO; >- >- >-/** >- Enroll a user on a credential provider. >- >- This function enrolls a user on this credential provider. If the user exists on >- this credential provider, update the user information on this credential >provider; >- otherwise delete the user information on credential provider. >- >- @param[in] This Points to this instance of >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in] User The user profile to enroll. >- >- @retval EFI_SUCCESS User profile was successfully enrolled. >- @retval EFI_ACCESS_DENIED Current user profile does not permit >enrollment on the >- user profile handle. Either the user profile cannot enroll >- on any user profile or cannot enroll on a user profile >- other than the current user profile. >- @retval EFI_UNSUPPORTED This credential provider does not support >enrollment in >- the pre-OS. >- @retval EFI_DEVICE_ERROR The new credential could not be created >because of a device >- error. >- @retval EFI_INVALID_PARAMETER User does not refer to a valid user >profile handle. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialEnroll ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User >- ); >- >-/** >- Returns the user interface information used during user identification. >- >- This function returns information about the form used when interacting >with the >- user during user identification. The form is the first enabled form in the >form-set >- class EFI_HII_USER_CREDENTIAL_FORMSET_GUID installed on the HII >handle HiiHandle. If >- the user credential provider does not require a form to identify the user, >then this >- function should return EFI_NOT_FOUND. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[out] Hii On return, holds the HII database handle. >- @param[out] FormSetId On return, holds the identifier of the form set >which contains >- the form used during user identification. >- @param[out] FormId On return, holds the identifier of the form used >during user >- identification. >- >- @retval EFI_SUCCESS Form returned successfully. >- @retval EFI_NOT_FOUND Form not returned. >- @retval EFI_INVALID_PARAMETER Hii is NULL or FormSetId is NULL or >FormId is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialForm ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- OUT EFI_HII_HANDLE *Hii, >- OUT EFI_GUID *FormSetId, >- OUT EFI_FORM_ID *FormId >- ); >- >-/** >- Returns bitmap used to describe the credential provider type. >- >- This optional function returns a bitmap which is less than or equal to the >number >- of pixels specified by Width and Height. If no such bitmap exists, then >EFI_NOT_FOUND >- is returned. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in, out] Width On entry, points to the desired bitmap width. If >NULL then no >- bitmap information will be returned. On exit, points to the >- width of the bitmap returned. >- @param[in, out] Height On entry, points to the desired bitmap height. If >NULL then no >- bitmap information will be returned. On exit, points to the >- height of the bitmap returned >- @param[out] Hii On return, holds the HII database handle. >- @param[out] Image On return, holds the HII image identifier. >- >- @retval EFI_SUCCESS Image identifier returned successfully. >- @retval EFI_NOT_FOUND Image identifier not returned. >- @retval EFI_INVALID_PARAMETER Hii is NULL or Image is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialTile ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN OUT UINTN *Width, >- IN OUT UINTN *Height, >- OUT EFI_HII_HANDLE *Hii, >- OUT EFI_IMAGE_ID *Image >- ); >- >-/** >- Returns string used to describe the credential provider type. >- >- This function returns a string which describes the credential provider. If no >- such string exists, then EFI_NOT_FOUND is returned. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[out] Hii On return, holds the HII database handle. >- @param[out] String On return, holds the HII string identifier. >- >- @retval EFI_SUCCESS String identifier returned successfully. >- @retval EFI_NOT_FOUND String identifier not returned. >- @retval EFI_INVALID_PARAMETER Hii is NULL or String is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialTitle ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- OUT EFI_HII_HANDLE *Hii, >- OUT EFI_STRING_ID *String >- ); >- >-/** >- Return the user identifier associated with the currently authenticated user. >- >- This function returns the user identifier of the user authenticated by this >credential >- provider. This function is called after the credential-related information has >been >- submitted on a form OR after a call to Default() has returned that this >credential is >- ready to log on. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in] User The user profile handle of the user profile currently >being >- considered by the user identity manager. If NULL, then no user >- profile is currently under consideration. >- @param[out] Identifier On return, points to the user identifier. >- >- @retval EFI_SUCCESS User identifier returned successfully. >- @retval EFI_NOT_READY No user identifier can be returned. >- @retval EFI_ACCESS_DENIED The user has been locked out of this user >credential. >- @retval EFI_INVALID_PARAMETER This is NULL, or Identifier is NULL. >- @retval EFI_NOT_FOUND User is not NULL, and the specified user >handle can't be >- found in user profile database >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialUser ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User, >- OUT EFI_USER_INFO_IDENTIFIER *Identifier >- ); >- >-/** >- Indicate that user interface interaction has begun for the specified >credential. >- >- This function is called when a credential provider is selected by the user. If >- AutoLogon returns FALSE, then the user interface will be constructed by the >User >- Identity Manager. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[out] AutoLogon On return, points to the credential provider's >capabilities >- after the credential provider has been selected by the user. >- >- @retval EFI_SUCCESS Credential provider successfully selected. >- @retval EFI_INVALID_PARAMETER AutoLogon is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialSelect ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon >- ); >- >-/** >- Indicate that user interface interaction has ended for the specified >credential. >- >- This function is called when a credential provider is deselected by the user. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- >- @retval EFI_SUCCESS Credential provider successfully deselected. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialDeselect ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This >- ); >- >-/** >- Return the default logon behavior for this user credential. >- >- This function reports the default login behavior regarding this credential >provider. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[out] AutoLogon On return, holds whether the credential provider >should be used >- by default to automatically log on the user. >- >- @retval EFI_SUCCESS Default information successfully returned. >- @retval EFI_INVALID_PARAMETER AutoLogon is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialDefault ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon >- ); >- >-/** >- Return information attached to the credential provider. >- >- This function returns user information. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in] UserInfo Handle of the user information data record. >- @param[out] Info On entry, points to a buffer of at least *InfoSize >bytes. On >- exit, holds the user information. If the buffer is too small >- to hold the information, then EFI_BUFFER_TOO_SMALL is >returned >- and InfoSize is updated to contain the number of bytes >actually >- required. >- @param[in, out] InfoSize On entry, points to the size of Info. On return, >points to the >- size of the user information. >- >- @retval EFI_SUCCESS Information returned successfully. >- @retval EFI_BUFFER_TOO_SMALL The size specified by InfoSize is too small >to hold all of the >- user information. The size required is returned in *InfoSize. >- @retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL. >- @retval EFI_NOT_FOUND The specified UserInfo does not refer to a >valid user info handle. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialGetInfo ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN EFI_USER_INFO_HANDLE UserInfo, >- OUT EFI_USER_INFO *Info, >- IN OUT UINTN *InfoSize >- ); >- >- >-/** >- Enumerate all of the user informations on the credential provider. >- >- This function returns the next user information record. To retrieve the first >user >- information record handle, point UserInfo at a NULL. Each subsequent call >will retrieve >- another user information record handle until there are no more, at which >point UserInfo >- will point to NULL. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in, out] UserInfo On entry, points to the previous user information >handle or NULL >- to start enumeration. On exit, points to the next user >information >- handle or NULL if there is no more user information. >- >- @retval EFI_SUCCESS User information returned. >- @retval EFI_NOT_FOUND No more user information found. >- @retval EFI_INVALID_PARAMETER UserInfo is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialGetNextInfo ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN OUT EFI_USER_INFO_HANDLE *UserInfo >- ); >- >-/** >- Delete a user on this credential provider. >- >- This function deletes a user on this credential provider. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in] User The user profile handle to delete. >- >- @retval EFI_SUCCESS User profile was successfully deleted. >- @retval EFI_ACCESS_DENIED Current user profile does not permit >deletion on the user profile handle. >- Either the user profile cannot delete on any user profile or >cannot delete >- on a user profile other than the current user profile. >- @retval EFI_UNSUPPORTED This credential provider does not support >deletion in the pre-OS. >- @retval EFI_DEVICE_ERROR The new credential could not be deleted >because of a device error. >- @retval EFI_INVALID_PARAMETER User does not refer to a valid user >profile handle. >-**/ >-EFI_STATUS >-EFIAPI >-CredentialDelete ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User >- ); >- >-#endif >diff --git >a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialP >rovider.uni >b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredential >Provider.uni >deleted file mode 100644 >index 749e9a8f17..0000000000 >--- >a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialP >rovider.uni >+++ /dev/null >@@ -1,21 +0,0 @@ >-// /** @file >-// Provides a password credential provider implementation >-// >-// This module provides a password credential provider implementation. >-// >-// Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR> >-// >-// This program and the accompanying materials >-// are licensed and made available under the terms and conditions of the BSD >License >-// which accompanies this distribution. The full text of the license may be >found at >-// http://opensource.org/licenses/bsd-license.php >-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >-// >-// **/ >- >- >-#string STR_MODULE_ABSTRACT #language en-US "Provides a >password credential provider implementation" >- >-#string STR_MODULE_DESCRIPTION #language en-US "This module >provides a password credential provider implementation." >- >diff --git >a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialP >roviderData.h >b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredential >ProviderData.h >deleted file mode 100644 >index 31bdfe4c50..0000000000 >--- >a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialP >roviderData.h >+++ /dev/null >@@ -1,30 +0,0 @@ >-/** @file >- Data structure used by the Password Credential Provider driver. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#ifndef _PWD_CREDENTIAL_PROVIDER_DATA_H_ >-#define _PWD_CREDENTIAL_PROVIDER_DATA_H_ >- >-#include <Guid/PwdCredentialProviderHii.h> >- >-// >-// Forms definition >-// >-#define FORMID_GET_PASSWORD_FORM 1 >- >-// >-// Key defination >-// >-#define KEY_GET_PASSWORD 0x1000 >- >-#endif >diff --git >a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialP >roviderDxe.inf >b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredential >ProviderDxe.inf >deleted file mode 100644 >index ab7ba2c913..0000000000 >--- >a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialP >roviderDxe.inf >+++ /dev/null >@@ -1,65 +0,0 @@ >-## @file >-# Provides a password credential provider implementation >-# This module provides a password credential provider implementation. >-# >-# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-# This program and the accompanying materials >-# are licensed and made available under the terms and conditions of the BSD >License >-# which accompanies this distribution. The full text of the license may be >found at >-# http://opensource.org/licenses/bsd-license.php >-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >-# >-## >- >-[Defines] >- INF_VERSION = 0x00010005 >- BASE_NAME = PwdCredentialProvider >- MODULE_UNI_FILE = PwdCredentialProvider.uni >- FILE_GUID = D6C589EA-DD29-49ef-97F6-1A9FE19A04E0 >- MODULE_TYPE = UEFI_DRIVER >- VERSION_STRING = 1.0 >- ENTRY_POINT = PasswordProviderInit >- >-[Sources] >- PwdCredentialProvider.c >- PwdCredentialProvider.h >- PwdCredentialProviderData.h >- PwdCredentialProviderVfr.Vfr >- PwdCredentialProviderStrings.uni >- >-[Packages] >- MdePkg/MdePkg.dec >- MdeModulePkg/MdeModulePkg.dec >- CryptoPkg/CryptoPkg.dec >- SecurityPkg/SecurityPkg.dec >- >-[LibraryClasses] >- UefiRuntimeServicesTableLib >- UefiBootServicesTableLib >- UefiDriverEntryPoint >- MemoryAllocationLib >- BaseMemoryLib >- DebugLib >- HiiLib >- UefiLib >- BaseCryptLib >- >-[Guids] >- gEfiUserCredentialClassPasswordGuid ## SOMETIMES_CONSUMES >## GUID >- >- ## PRODUCES ## Variable:L"PwdCredential" >- ## CONSUMES ## Variable:L"PwdCredential" >- ## CONSUMES ## HII >- ## SOMETIMES_CONSUMES ## GUID # The credential provider >identifier >- gPwdCredentialProviderGuid >- >-[Protocols] >- gEfiDevicePathProtocolGuid ## PRODUCES >- gEfiHiiConfigAccessProtocolGuid ## PRODUCES >- gEfiUserCredential2ProtocolGuid ## PRODUCES >- gEfiUserManagerProtocolGuid ## SOMETIMES_CONSUMES >- >-[UserExtensions.TianoCore."ExtraFiles"] >- PwdCredentialProviderExtra.uni >- >diff --git >a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialP >roviderExtra.uni >b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredential >ProviderExtra.uni >deleted file mode 100644 >index bcc220a51d..0000000000 >--- >a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialP >roviderExtra.uni >+++ /dev/null >@@ -1,19 +0,0 @@ >-// /** @file >-// PwdCredentialProvider Localized Strings and Content >-// >-// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> >-// >-// This program and the accompanying materials >-// are licensed and made available under the terms and conditions of the BSD >License >-// which accompanies this distribution. The full text of the license may be >found at >-// http://opensource.org/licenses/bsd-license.php >-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >-// >-// **/ >- >-#string STR_PROPERTIES_MODULE_NAME >-#language en-US >-"Password Credential Provider" >- >- >diff --git >a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialP >roviderStrings.uni >b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredential >ProviderStrings.uni >deleted file mode 100644 >index e7b3126f83..0000000000 >--- >a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialP >roviderStrings.uni >+++ /dev/null >@@ -1,38 +0,0 @@ >-/** @file >- String definitions for the Password Credential Provider. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php. >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#langdef en-US "English" >-#langdef fr-FR "Francais" >- >-#string STR_CREDENTIAL_TITLE #language en-US "Password >Credential Provider" >- #language fr-FR "Password Credential Provider >(French)" >-#string STR_FORM_TITLE #language en-US "Get Password" >- #language fr-FR "Get Password(French)" >-#string STR_NULL_STRING #language en-US "" >- #language fr-FR "" >-#string STR_INPUT_PASSWORD #language en-US "Please Input >Password" >- #language fr-FR "Please Input Password(French)" >-#string STR_PROVIDER_NAME #language en-US "INTEL >Password Credential Provider" >- #language fr-FR "INTEL Password Credential >Provider(French)" >-#string STR_PROVIDER_TYPE_NAME #language en-US "Password >Credential Provider" >- #language fr-FR "Password Credential >Provider(French)" >-#string STR_INPUT_PASSWORD_AGAIN #language en-US "Input >Password Again" >- #language fr-FR "Input Password Again (French)" >-#string STR_DRAW_A_LINE #language en-US "--------------------- >--------" >- #language fr-FR "------------------------------------" >-#string STR_PASSWORD_INCORRECT #language en-US " Incorrect >Password! " >- #language fr-FR " Incorrect Password! (French) " >-#string STR_PASSWORD_MISMATCH #language en-US " The >Password Mismatch! " >- #language fr-FR " The Password Mismatch! (French) >" >- >diff --git >a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialP >roviderVfr.Vfr >b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredential >ProviderVfr.Vfr >deleted file mode 100644 >index 60972203b0..0000000000 >--- >a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialP >roviderVfr.Vfr >+++ /dev/null >@@ -1,34 +0,0 @@ >-/** @file >- Password Credential Provider formset. >- >-Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#include "PwdCredentialProviderData.h" >- >-formset >- guid = PWD_CREDENTIAL_PROVIDER_GUID, >- title = STRING_TOKEN(STR_CREDENTIAL_TITLE), >- help = STRING_TOKEN(STR_NULL_STRING), >- classguid = PWD_CREDENTIAL_PROVIDER_GUID, >- >- form formid = FORMID_GET_PASSWORD_FORM, >- title = STRING_TOKEN(STR_FORM_TITLE); >- >- text >- help = STRING_TOKEN(STR_NULL_STRING), >- text = STRING_TOKEN(STR_INPUT_PASSWORD), >- flags = INTERACTIVE, >- key = KEY_GET_PASSWORD; >- >- endform; >- >-endformset; >\ No newline at end of file >diff --git >a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >ovider.c >b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >ovider.c >deleted file mode 100644 >index 841e975103..0000000000 >--- >a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >ovider.c >+++ /dev/null >@@ -1,1410 +0,0 @@ >-/** @file >- Usb Credential Provider driver implemenetation. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#include "UsbCredentialProvider.h" >- >-CREDENTIAL_TABLE *mUsbTable = NULL; >-USB_PROVIDER_CALLBACK_INFO *mCallbackInfo = NULL; >-USB_CREDENTIAL_INFO *mUsbInfoHandle = NULL; >- >-EFI_USER_CREDENTIAL2_PROTOCOL gUsbCredentialProviderDriver = { >- USB_CREDENTIAL_PROVIDER_GUID, >- EFI_USER_CREDENTIAL_CLASS_SECURE_CARD, >- CredentialEnroll, >- CredentialForm, >- CredentialTile, >- CredentialTitle, >- CredentialUser, >- CredentialSelect, >- CredentialDeselect, >- CredentialDefault, >- CredentialGetInfo, >- CredentialGetNextInfo, >- EFI_CREDENTIAL_CAPABILITIES_ENROLL, >- CredentialDelete >-}; >- >- >-/** >- Get string by string id from HII Interface. >- >- >- @param[in] Id String ID to get the string from. >- >- @retval CHAR16 * String from ID. >- @retval NULL If error occurs. >- >-**/ >-CHAR16 * >-GetStringById ( >- IN EFI_STRING_ID Id >- ) >-{ >- // >- // Get the current string for the current Language >- // >- return HiiGetString (mCallbackInfo->HiiHandle, Id, NULL); >-} >- >- >-/** >- Expand password table size. >- >-**/ >-VOID >-ExpandTableSize ( >- VOID >- ) >-{ >- CREDENTIAL_TABLE *NewTable; >- UINTN Count; >- >- Count = mUsbTable->MaxCount + USB_TABLE_INC; >- // >- // Create new credential table. >- // >- NewTable = AllocateZeroPool ( >- sizeof (CREDENTIAL_TABLE) - sizeof (USB_INFO) + >- Count * sizeof (USB_INFO) >- ); >- ASSERT (NewTable != NULL); >- >- NewTable->MaxCount = Count; >- NewTable->Count = mUsbTable->Count; >- >- // >- // Copy old entries. >- // >- CopyMem ( >- &NewTable->UserInfo, >- &mUsbTable->UserInfo, >- mUsbTable->Count * sizeof (USB_INFO) >- ); >- FreePool (mUsbTable); >- mUsbTable = NewTable; >-} >- >- >-/** >- Add, update or delete info in table, and sync with NV variable. >- >- @param[in] Index The index of the password in table. If index is found in >- table, update the info, else add the into to table. >- @param[in] Info The new credential info to add into table. If Info is NULL, >- delete the info by Index. >- >- @retval EFI_INVALID_PARAMETER Info is NULL when save the info. >- @retval EFI_SUCCESS Modify the table successfully. >- @retval Others Failed to modify the table. >- >-**/ >-EFI_STATUS >-ModifyTable ( >- IN UINTN Index, >- IN USB_INFO * Info OPTIONAL >- ) >-{ >- EFI_STATUS Status; >- USB_INFO *NewUsbInfo; >- >- NewUsbInfo = NULL; >- if (Index < mUsbTable->Count) { >- if (Info == NULL) { >- // >- // Delete the specified entry. >- // >- mUsbTable->Count--; >- if (Index != mUsbTable->Count) { >- NewUsbInfo = &mUsbTable->UserInfo[mUsbTable->Count]; >- } >- } else { >- // >- // Update the specified entry. >- // >- NewUsbInfo = Info; >- } >- } else { >- // >- // Add a new entry >- // >- if (Info == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- >- if (mUsbTable->Count >= mUsbTable->MaxCount) { >- ExpandTableSize (); >- } >- >- NewUsbInfo = Info; >- mUsbTable->Count++; >- } >- >- if (NewUsbInfo != NULL) { >- CopyMem (&mUsbTable->UserInfo[Index], NewUsbInfo, sizeof >(USB_INFO)); >- } >- >- // >- // Save the credential table. >- // >- Status = gRT->SetVariable ( >- L"UsbCredential", >- &gUsbCredentialProviderGuid, >- EFI_VARIABLE_NON_VOLATILE | >EFI_VARIABLE_BOOTSERVICE_ACCESS, >- mUsbTable->Count * sizeof (USB_INFO), >- &mUsbTable->UserInfo >- ); >- return Status; >-} >- >- >-/** >- Create a credential table >- >- @retval EFI_SUCCESS Create a credential table successfully. >- @retval Others Failed to create a password. >- >-**/ >-EFI_STATUS >-InitCredentialTable ( >- VOID >- ) >-{ >- EFI_STATUS Status; >- UINT8 *Var; >- UINTN VarSize; >- >- // >- // Get Usb credential data from NV variable. >- // >- VarSize = 0; >- Var = NULL; >- Status = gRT->GetVariable ( >- L"UsbCredential", >- &gUsbCredentialProviderGuid, >- NULL, >- &VarSize, >- Var >- ); >- if (Status == EFI_BUFFER_TOO_SMALL) { >- Var = AllocateZeroPool (VarSize); >- if (Var == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- Status = gRT->GetVariable ( >- L"UsbCredential", >- &gUsbCredentialProviderGuid, >- NULL, >- &VarSize, >- Var >- ); >- } >- if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) { >- return Status; >- } >- >- // >- // Init Usb credential table. >- // >- mUsbTable = AllocateZeroPool ( >- sizeof (CREDENTIAL_TABLE) - sizeof (USB_INFO) + >- USB_TABLE_INC * sizeof (USB_INFO) + >- VarSize >- ); >- if (mUsbTable == NULL) { >- FreePool (Var); >- return EFI_OUT_OF_RESOURCES; >- } >- >- mUsbTable->Count = VarSize / sizeof (USB_INFO); >- mUsbTable->MaxCount = mUsbTable->Count + USB_TABLE_INC; >- if (Var != NULL) { >- CopyMem (mUsbTable->UserInfo, Var, VarSize); >- FreePool (Var); >- } >- return EFI_SUCCESS; >-} >- >- >-/** >- Read the specified file by FileName in the Usb key and return the file size in >BufferSize >- and file content in Buffer. >- Note: the caller is responsible to free the buffer memory. >- >- @param FileName File to read. >- @param Buffer Returned with data read from the file. >- @param BufferSize Size of the data buffer. >- >- @retval EFI_SUCCESS The command completed successfully. >- @retval EFI_OUT_OF_RESOURCES Resource allocation failed. >- @retval EFI_NOT_FOUND File not found. >- @retval EFI_DEVICE_ERROR Device I/O error. >- >-**/ >-EFI_STATUS >-GetFileData ( >- IN CHAR16 *FileName, >- OUT VOID **Buffer, >- OUT UINTN *BufferSize >- ) >-{ >- EFI_STATUS Status; >- UINTN Index; >- UINTN HandleCount; >- UINTN ScratchBufferSize; >- EFI_HANDLE *HandleBuffer; >- EFI_FILE *RootFs; >- EFI_FILE *FileHandle; >- EFI_FILE_INFO *FileInfo; >- EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *SimpleFileSystem; >- EFI_BLOCK_IO_PROTOCOL *BlkIo; >- >- FileInfo = NULL; >- FileHandle = NULL; >- >- Status = gBS->LocateHandleBuffer ( >- ByProtocol, >- &gEfiSimpleFileSystemProtocolGuid, >- NULL, >- &HandleCount, >- &HandleBuffer >- ); >- if (EFI_ERROR (Status)) { >- DEBUG ((DEBUG_ERROR, "Can not Locate SimpleFileSystemProtocol\n")); >- goto Done; >- } >- >- // >- // Find and open the file in removable media disk. >- // >- for (Index = 0; Index < HandleCount; Index++) { >- Status = gBS->HandleProtocol ( >- HandleBuffer[Index], >- &gEfiBlockIoProtocolGuid, >- (VOID **) &BlkIo >- ); >- if (EFI_ERROR (Status)) { >- continue; >- } >- >- if (BlkIo->Media->RemovableMedia) { >- Status = gBS->HandleProtocol ( >- HandleBuffer[Index], >- &gEfiSimpleFileSystemProtocolGuid, >- (VOID **) &SimpleFileSystem >- ); >- if (EFI_ERROR (Status)) { >- continue; >- } >- >- Status = SimpleFileSystem->OpenVolume ( >- SimpleFileSystem, >- &RootFs >- ); >- if (EFI_ERROR (Status)) { >- continue; >- } >- >- Status = RootFs->Open ( >- RootFs, >- &FileHandle, >- FileName, >- EFI_FILE_MODE_READ, >- 0 >- ); >- if (!EFI_ERROR (Status)) { >- break; >- } >- } >- } >- >- FreePool (HandleBuffer); >- >- if (Index >= HandleCount) { >- DEBUG ((DEBUG_ERROR, "Can not found the token file!\n")); >- Status = EFI_NOT_FOUND; >- goto Done; >- } >- >- // >- // Figure out how big the file is. >- // >- ScratchBufferSize = 0; >- Status = FileHandle->GetInfo ( >- FileHandle, >- &gEfiFileInfoGuid, >- &ScratchBufferSize, >- NULL >- ); >- if (EFI_ERROR (Status) && (Status != EFI_BUFFER_TOO_SMALL)) { >- DEBUG ((DEBUG_ERROR, "Can not obtain file size info!\n")); >- Status = EFI_DEVICE_ERROR; >- goto Done; >- } >- >- FileInfo = AllocateZeroPool (ScratchBufferSize); >- if (FileInfo == NULL) { >- DEBUG ((DEBUG_ERROR, "Can not allocate enough memory for the token >file!\n")); >- Status = EFI_OUT_OF_RESOURCES; >- goto Done; >- } >- >- Status = FileHandle->GetInfo ( >- FileHandle, >- &gEfiFileInfoGuid, >- &ScratchBufferSize, >- FileInfo >- ); >- if (EFI_ERROR (Status)) { >- DEBUG ((DEBUG_ERROR, "Can not obtain file info from the token file!\n")); >- Status = EFI_DEVICE_ERROR; >- goto Done; >- } >- >- // >- // Allocate a buffer for the file. >- // >- *BufferSize = (UINT32) FileInfo->FileSize; >- *Buffer = AllocateZeroPool (*BufferSize); >- if (*Buffer == NULL) { >- DEBUG ((DEBUG_ERROR, "Can not allocate a buffer for the file!\n")); >- Status = EFI_OUT_OF_RESOURCES; >- goto Done; >- } >- >- // >- // Load file into the allocated memory. >- // >- Status = FileHandle->Read (FileHandle, BufferSize, *Buffer); >- if (EFI_ERROR (Status)) { >- FreePool (*Buffer); >- DEBUG ((DEBUG_ERROR, "Can not read the token file!\n")); >- Status = EFI_DEVICE_ERROR; >- goto Done; >- } >- >- // >- // Close file. >- // >- Status = FileHandle->Close (FileHandle); >- if (EFI_ERROR (Status)) { >- FreePool (*Buffer); >- DEBUG ((DEBUG_ERROR, "Can not close the token file !\n")); >- Status = EFI_DEVICE_ERROR; >- } >- >-Done: >- >- if (FileInfo != NULL) { >- FreePool (FileInfo); >- } >- >- return Status; >-} >- >- >-/** >- Hash the data to get credential. >- >- @param[in] Buffer Points to the data buffer >- @param[in] BufferSize The size of data in buffer, in bytes. >- @param[out] Credential Points to the hashed result >- >- @retval TRUE Hash the data successfully. >- @retval FALSE Failed to hash the data. >- >-**/ >-BOOLEAN >-GenerateCredential ( >- IN UINT8 *Buffer, >- IN UINTN BufferSize, >- OUT UINT8 *Credential >- ) >-{ >- BOOLEAN Status; >- UINTN HashSize; >- VOID *Hash; >- >- HashSize = Sha1GetContextSize (); >- Hash = AllocatePool (HashSize); >- ASSERT (Hash != NULL); >- >- Status = Sha1Init (Hash); >- if (!Status) { >- goto Done; >- } >- >- Status = Sha1Update (Hash, Buffer, BufferSize); >- if (!Status) { >- goto Done; >- } >- >- Status = Sha1Final (Hash, Credential); >- >-Done: >- FreePool (Hash); >- return Status; >-} >- >- >-/** >- Read the token file, and default the Token is saved at the begining of the file. >- >- @param[out] Token Token read from a Token file. >- >- @retval EFI_SUCCESS Read a Token successfully. >- @retval Others Fails to read a Token. >- >-**/ >-EFI_STATUS >-GetToken ( >- OUT UINT8 *Token >- ) >-{ >- EFI_STATUS Status; >- UINT8 *Buffer; >- UINTN BufSize; >- CHAR16 *TokenFile; >- >- BufSize = 0; >- Buffer = NULL; >- TokenFile = PcdGetPtr (PcdFixedUsbCredentialProviderTokenFileName); >- Status = GetFileData (TokenFile, (VOID *)&Buffer, &BufSize); >- if (EFI_ERROR (Status)) { >- DEBUG ((DEBUG_ERROR, "Read file %s from USB error! Status=(%r)\n", >TokenFile, Status)); >- return Status; >- } >- >- if (!GenerateCredential (Buffer, BufSize, Token)) { >- DEBUG ((DEBUG_ERROR, "Generate credential from read data failed!\n")); >- FreePool (Buffer); >- return EFI_SECURITY_VIOLATION; >- } >- >- FreePool (Buffer); >- return EFI_SUCCESS; >-} >- >- >-/** >- Find a user infomation record by the information record type. >- >- This function searches all user information records of User from beginning >- until either the information is found or there are no more user infomation >- record. A match occurs when a Info.InfoType field matches the user >information >- record type. >- >- @param[in] User Points to the user profile record to search. >- @param[in] InfoType The infomation type to be searched. >- @param[out] Info Points to the user info found, the caller is responsible >- to free. >- >- @retval EFI_SUCCESS Find the user information successfully. >- @retval Others Fail to find the user information. >- >-**/ >-EFI_STATUS >-FindUserInfoByType ( >- IN EFI_USER_PROFILE_HANDLE User, >- IN UINT8 InfoType, >- OUT EFI_USER_INFO **Info >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO *UserInfo; >- UINTN UserInfoSize; >- EFI_USER_INFO_HANDLE UserInfoHandle; >- EFI_USER_MANAGER_PROTOCOL *UserManager; >- >- // >- // Find user information by information type. >- // >- if (Info == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- >- Status = gBS->LocateProtocol ( >- &gEfiUserManagerProtocolGuid, >- NULL, >- (VOID **) &UserManager >- ); >- if (EFI_ERROR (Status)) { >- return EFI_NOT_FOUND; >- } >- >- // >- // Get each user information. >- // >- >- UserInfoHandle = NULL; >- UserInfo = NULL; >- UserInfoSize = 0; >- while (TRUE) { >- Status = UserManager->GetNextInfo (UserManager, User, >&UserInfoHandle); >- if (EFI_ERROR (Status)) { >- break; >- } >- // >- // Get information. >- // >- Status = UserManager->GetInfo ( >- UserManager, >- User, >- UserInfoHandle, >- UserInfo, >- &UserInfoSize >- ); >- if (Status == EFI_BUFFER_TOO_SMALL) { >- if (UserInfo != NULL) { >- FreePool (UserInfo); >- } >- UserInfo = AllocateZeroPool (UserInfoSize); >- if (UserInfo == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- Status = UserManager->GetInfo ( >- UserManager, >- User, >- UserInfoHandle, >- UserInfo, >- &UserInfoSize >- ); >- } >- if (EFI_ERROR (Status)) { >- break; >- } >- >- ASSERT (UserInfo != NULL); >- if (UserInfo->InfoType == InfoType) { >- *Info = UserInfo; >- return EFI_SUCCESS; >- } >- } >- >- if (UserInfo != NULL) { >- FreePool (UserInfo); >- } >- return Status; >-} >- >- >-/** >- This function initialize the data mainly used in form browser. >- >- @retval EFI_SUCCESS Initialize form data successfully. >- @retval Others Fail to Initialize form data. >- >-**/ >-EFI_STATUS >-InitFormBrowser ( >- VOID >- ) >-{ >- USB_PROVIDER_CALLBACK_INFO *CallbackInfo; >- >- // >- // Initialize driver private data. >- // >- CallbackInfo = AllocateZeroPool (sizeof (USB_PROVIDER_CALLBACK_INFO)); >- if (CallbackInfo == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- >- CallbackInfo->DriverHandle = NULL; >- >- // >- // Publish HII data. >- // >- CallbackInfo->HiiHandle = HiiAddPackages ( >- &gUsbCredentialProviderGuid, >- CallbackInfo->DriverHandle, >- UsbCredentialProviderStrings, >- NULL >- ); >- if (CallbackInfo->HiiHandle == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- mCallbackInfo = CallbackInfo; >- >- return EFI_SUCCESS; >-} >- >- >-/** >- Enroll a user on a credential provider. >- >- This function enrolls a user on this credential provider. If the user exists on >- this credential provider, update the user information on this credential >provider; >- otherwise add the user information on credential provider. >- >- @param[in] This Points to this instance of >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in] User The user profile to enroll. >- >- @retval EFI_SUCCESS User profile was successfully enrolled. >- @retval EFI_ACCESS_DENIED Current user profile does not permit >enrollment on the >- user profile handle. Either the user profile cannot enroll >- on any user profile or cannot enroll on a user profile >- other than the current user profile. >- @retval EFI_UNSUPPORTED This credential provider does not support >enrollment in >- the pre-OS. >- @retval EFI_DEVICE_ERROR The new credential could not be created >because of a device >- error. >- @retval EFI_INVALID_PARAMETER User does not refer to a valid user >profile handle. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialEnroll ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User >- ) >-{ >- EFI_STATUS Status; >- UINTN Index; >- USB_INFO UsbInfo; >- EFI_USER_INFO *UserInfo; >- EFI_INPUT_KEY Key; >- UINT8 *UserId; >- CHAR16 *QuestionStr; >- CHAR16 *PromptStr; >- >- if ((This == NULL) || (User == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Get User Identifier >- // >- UserInfo = NULL; >- Status = FindUserInfoByType ( >- User, >- EFI_USER_INFO_IDENTIFIER_RECORD, >- &UserInfo >- ); >- if (EFI_ERROR (Status)) { >- return EFI_INVALID_PARAMETER; >- } >- >- CopyMem (UsbInfo.UserId, (UINT8 *) (UserInfo + 1), sizeof >(EFI_USER_INFO_IDENTIFIER)); >- FreePool (UserInfo); >- >- // >- // Get Token and User ID to UsbInfo. >- // >- Status = GetToken (UsbInfo.Token); >- if (EFI_ERROR (Status)) { >- QuestionStr = GetStringById (STRING_TOKEN >(STR_READ_USB_TOKEN_ERROR)); >- PromptStr = GetStringById (STRING_TOKEN (STR_INSERT_USB_TOKEN)); >- CreatePopUp ( >- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >- &Key, >- QuestionStr, >- L"", >- PromptStr, >- NULL >- ); >- FreePool (QuestionStr); >- FreePool (PromptStr); >- return Status; >- } >- >- // >- // Check whether User is ever enrolled in the provider. >- // >- for (Index = 0; Index < mUsbTable->Count; Index++) { >- UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId; >- if (CompareMem (UserId, (UINT8 *) &UsbInfo.UserId, sizeof >(EFI_USER_INFO_IDENTIFIER)) == 0) { >- // >- // User already exists, update the password. >- // >- break; >- } >- } >- >- // >- // Enroll the User to the provider. >- // >- Status = ModifyTable (Index, &UsbInfo); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- return EFI_SUCCESS; >-} >- >- >-/** >- Returns the user interface information used during user identification. >- >- This function returns information about the form used when interacting >with the >- user during user identification. The form is the first enabled form in the >form-set >- class EFI_HII_USER_CREDENTIAL_FORMSET_GUID installed on the HII >handle HiiHandle. If >- the user credential provider does not require a form to identify the user, >then this >- function should return EFI_NOT_FOUND. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[out] Hii On return, holds the HII database handle. >- @param[out] FormSetId On return, holds the identifier of the form set >which contains >- the form used during user identification. >- @param[out] FormId On return, holds the identifier of the form used >during user >- identification. >- >- @retval EFI_SUCCESS Form returned successfully. >- @retval EFI_NOT_FOUND Form not returned. >- @retval EFI_INVALID_PARAMETER Hii is NULL or FormSetId is NULL or >FormId is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialForm ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- OUT EFI_HII_HANDLE *Hii, >- OUT EFI_GUID *FormSetId, >- OUT EFI_FORM_ID *FormId >- ) >-{ >- if ((This == NULL) || (Hii == NULL) || >- (FormSetId == NULL) || (FormId == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- return EFI_NOT_FOUND; >-} >- >- >-/** >- Returns bitmap used to describe the credential provider type. >- >- This optional function returns a bitmap which is less than or equal to the >number >- of pixels specified by Width and Height. If no such bitmap exists, then >EFI_NOT_FOUND >- is returned. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in, out] Width On entry, points to the desired bitmap width. If >NULL then no >- bitmap information will be returned. On exit, points to the >- width of the bitmap returned. >- @param[in, out] Height On entry, points to the desired bitmap height. If >NULL then no >- bitmap information will be returned. On exit, points to the >- height of the bitmap returned. >- @param[out] Hii On return, holds the HII database handle. >- @param[out] Image On return, holds the HII image identifier. >- >- @retval EFI_SUCCESS Image identifier returned successfully. >- @retval EFI_NOT_FOUND Image identifier not returned. >- @retval EFI_INVALID_PARAMETER Hii is NULL or Image is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialTile ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN OUT UINTN *Width, >- IN OUT UINTN *Height, >- OUT EFI_HII_HANDLE *Hii, >- OUT EFI_IMAGE_ID *Image >- ) >-{ >- if ((This == NULL) || (Hii == NULL) || (Image == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- return EFI_NOT_FOUND; >-} >- >- >-/** >- Returns string used to describe the credential provider type. >- >- This function returns a string which describes the credential provider. If no >- such string exists, then EFI_NOT_FOUND is returned. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[out] Hii On return, holds the HII database handle. >- @param[out] String On return, holds the HII string identifier. >- >- @retval EFI_SUCCESS String identifier returned successfully. >- @retval EFI_NOT_FOUND String identifier not returned. >- @retval EFI_INVALID_PARAMETER Hii is NULL or String is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialTitle ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- OUT EFI_HII_HANDLE *Hii, >- OUT EFI_STRING_ID *String >- ) >-{ >- if ((This == NULL) || (Hii == NULL) || (String == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- // >- // Set Hii handle and String ID. >- // >- *Hii = mCallbackInfo->HiiHandle; >- *String = STRING_TOKEN (STR_CREDENTIAL_TITLE); >- >- return EFI_SUCCESS; >-} >- >- >-/** >- Return the user identifier associated with the currently authenticated user. >- >- This function returns the user identifier of the user authenticated by this >credential >- provider. This function is called after the credential-related information has >been >- submitted on a form OR after a call to Default() has returned that this >credential is >- ready to log on. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in] User The user profile handle of the user profile currently >being >- considered by the user identity manager. If NULL, then no user >- profile is currently under consideration. >- @param[out] Identifier On return, points to the user identifier. >- >- @retval EFI_SUCCESS User identifier returned successfully. >- @retval EFI_NOT_READY No user identifier can be returned. >- @retval EFI_ACCESS_DENIED The user has been locked out of this user >credential. >- @retval EFI_INVALID_PARAMETER This is NULL, or Identifier is NULL. >- @retval EFI_NOT_FOUND User is not NULL, and the specified user >handle can't be >- found in user profile database. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialUser ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User, >- OUT EFI_USER_INFO_IDENTIFIER *Identifier >- ) >-{ >- EFI_STATUS Status; >- UINTN Index; >- EFI_USER_INFO *UserInfo; >- UINT8 *UserId; >- UINT8 *NewUserId; >- UINT8 *UserToken; >- UINT8 ReadToken[HASHED_CREDENTIAL_LEN]; >- EFI_INPUT_KEY Key; >- CHAR16 *QuestionStr; >- CHAR16 *PromptStr; >- >- if ((This == NULL) || (Identifier == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- if (User == NULL) { >- // >- // Verify the auto logon user, get user id by matched token. >- // >- if (mUsbTable->Count == 0) { >- return EFI_NOT_READY; >- } >- >- // >- // No user selected, get token first and verify the user existed in user >database. >- // >- Status = GetToken (ReadToken); >- if (EFI_ERROR (Status)) { >- return EFI_NOT_READY; >- } >- >- for (Index = 0; Index < mUsbTable->Count; Index++) { >- // >- // find the specified credential in the Usb credential database. >- // >- UserToken = mUsbTable->UserInfo[Index].Token; >- if (CompareMem (UserToken, ReadToken, HASHED_CREDENTIAL_LEN) == >0) { >- UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId; >- CopyMem (Identifier, UserId, sizeof (EFI_USER_INFO_IDENTIFIER)); >- return EFI_SUCCESS; >- } >- } >- >- return EFI_NOT_READY; >- } >- >- // >- // User is not NULL here. Read a token, and check whether the token >matches with >- // the selected user's Token. If not, try to find a token in token DB to >matches >- // with read token. >- // >- >- Status = GetToken (ReadToken); >- if (EFI_ERROR (Status)) { >- QuestionStr = GetStringById (STRING_TOKEN >(STR_READ_USB_TOKEN_ERROR)); >- PromptStr = GetStringById (STRING_TOKEN (STR_INSERT_USB_TOKEN)); >- CreatePopUp ( >- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >- &Key, >- QuestionStr, >- L"", >- PromptStr, >- NULL >- ); >- FreePool (QuestionStr); >- FreePool (PromptStr); >- return EFI_NOT_FOUND; >- } >- >- // >- // Get the selected user's identifier. >- // >- Status = FindUserInfoByType (User, EFI_USER_INFO_IDENTIFIER_RECORD, >&UserInfo); >- if (EFI_ERROR (Status)) { >- return EFI_NOT_FOUND; >- } >- >- // >- // Check the selected user's Token with the read token. >- // >- for (Index = 0; Index < mUsbTable->Count; Index++) { >- UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId; >- NewUserId = (UINT8 *) (UserInfo + 1); >- if (CompareMem (UserId, NewUserId, sizeof (EFI_USER_INFO_IDENTIFIER)) >== 0) { >- // >- // The user's ID is found in the UsbTable. >- // >- UserToken = mUsbTable->UserInfo[Index].Token; >- if (CompareMem (UserToken, ReadToken, HASHED_CREDENTIAL_LEN) == >0) { >- // >- // The read token matches with the one in UsbTable. >- // >- CopyMem (Identifier, UserId, sizeof (EFI_USER_INFO_IDENTIFIER)); >- FreePool (UserInfo); >- return EFI_SUCCESS; >- } >- } >- } >- >- FreePool (UserInfo); >- >- return EFI_NOT_READY; >-} >- >- >-/** >- Indicate that user interface interaction has begun for the specified >credential. >- >- This function is called when a credential provider is selected by the user. If >- AutoLogon returns FALSE, then the user interface will be constructed by the >User >- Identity Manager. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[out] AutoLogon On return, points to the credential provider's >capabilities >- after the credential provider has been selected by the user. >- >- @retval EFI_SUCCESS Credential provider successfully selected. >- @retval EFI_INVALID_PARAMETER AutoLogon is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialSelect ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon >- ) >-{ >- if ((This == NULL) || (AutoLogon == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- *AutoLogon = EFI_CREDENTIAL_LOGON_FLAG_DEFAULT | >EFI_CREDENTIAL_LOGON_FLAG_AUTO; >- >- return EFI_SUCCESS; >-} >- >- >-/** >- Indicate that user interface interaction has ended for the specified >credential. >- >- This function is called when a credential provider is deselected by the user. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- >- @retval EFI_SUCCESS Credential provider successfully deselected. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialDeselect ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This >- ) >-{ >- if (This == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- return EFI_SUCCESS; >-} >- >- >-/** >- Return the default logon behavior for this user credential. >- >- This function reports the default login behavior regarding this credential >provider. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[out] AutoLogon On return, holds whether the credential provider >should be used >- by default to automatically log on the user. >- >- @retval EFI_SUCCESS Default information successfully returned. >- @retval EFI_INVALID_PARAMETER AutoLogon is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialDefault ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon >- ) >-{ >- if ((This == NULL) || (AutoLogon == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- *AutoLogon = EFI_CREDENTIAL_LOGON_FLAG_DEFAULT | >EFI_CREDENTIAL_LOGON_FLAG_AUTO; >- return EFI_SUCCESS; >-} >- >- >-/** >- Return information attached to the credential provider. >- >- This function returns user information. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in] UserInfo Handle of the user information data record. >- @param[out] Info On entry, points to a buffer of at least *InfoSize >bytes. On >- exit, holds the user information. If the buffer is too small >- to hold the information, then EFI_BUFFER_TOO_SMALL is >returned >- and InfoSize is updated to contain the number of bytes >actually >- required. >- @param[in, out] InfoSize On entry, points to the size of Info. On return, >points to the >- size of the user information. >- >- @retval EFI_SUCCESS Information returned successfully. >- @retval EFI_BUFFER_TOO_SMALL The size specified by InfoSize is too small >to hold all of the >- user information. The size required is returned in *InfoSize. >- @retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL. >- @retval EFI_NOT_FOUND The specified UserInfo does not refer to a >valid user info handle. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialGetInfo ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN EFI_USER_INFO_HANDLE UserInfo, >- OUT EFI_USER_INFO *Info, >- IN OUT UINTN *InfoSize >- ) >-{ >- EFI_USER_INFO *CredentialInfo; >- UINTN Index; >- >- if ((This == NULL) || (InfoSize == NULL) || (Info == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- if ((UserInfo == NULL) || (mUsbInfoHandle == NULL)) { >- return EFI_NOT_FOUND; >- } >- >- // >- // Find information handle in credential info table. >- // >- for (Index = 0; Index < mUsbInfoHandle->Count; Index++) { >- CredentialInfo = mUsbInfoHandle->Info[Index]; >- if (UserInfo == (EFI_USER_INFO_HANDLE)CredentialInfo) { >- // >- // The handle is found, copy the user info. >- // >- if (CredentialInfo->InfoSize > *InfoSize) { >- *InfoSize = CredentialInfo->InfoSize; >- return EFI_BUFFER_TOO_SMALL; >- } >- >- CopyMem (Info, CredentialInfo, CredentialInfo->InfoSize); >- return EFI_SUCCESS; >- } >- } >- >- return EFI_NOT_FOUND; >-} >- >- >-/** >- Enumerate all of the user informations on the credential provider. >- >- This function returns the next user information record. To retrieve the first >user >- information record handle, point UserInfo at a NULL. Each subsequent call >will retrieve >- another user information record handle until there are no more, at which >point UserInfo >- will point to NULL. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in, out] UserInfo On entry, points to the previous user information >handle or NULL >- to start enumeration. On exit, points to the next user >information >- handle or NULL if there is no more user information. >- >- @retval EFI_SUCCESS User information returned. >- @retval EFI_NOT_FOUND No more user information found. >- @retval EFI_INVALID_PARAMETER UserInfo is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialGetNextInfo ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN OUT EFI_USER_INFO_HANDLE *UserInfo >- ) >-{ >- EFI_USER_INFO *Info; >- CHAR16 *ProvNameStr; >- UINTN InfoLen; >- UINTN Index; >- UINTN ProvStrLen; >- >- if ((This == NULL) || (UserInfo == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- if (mUsbInfoHandle == NULL) { >- // >- // Initilized user info table. There are 4 user info records in the table. >- // >- InfoLen = sizeof (USB_CREDENTIAL_INFO) + (4 - 1) * sizeof >(EFI_USER_INFO *); >- mUsbInfoHandle = AllocateZeroPool (InfoLen); >- if (mUsbInfoHandle == NULL) { >- *UserInfo = NULL; >- return EFI_NOT_FOUND; >- } >- >- // >- // The first information, Credential Provider info. >- // >- InfoLen = sizeof (EFI_USER_INFO) + sizeof (EFI_GUID); >- Info = AllocateZeroPool (InfoLen); >- ASSERT (Info != NULL); >- >- Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_RECORD; >- Info->InfoSize = (UINT32) InfoLen; >- Info->InfoAttribs = EFI_USER_INFO_PROTECTED; >- CopyGuid (&Info->Credential, &gUsbCredentialProviderGuid); >- CopyGuid ((EFI_GUID *)(Info + 1), &gUsbCredentialProviderGuid); >- >- mUsbInfoHandle->Info[0] = Info; >- mUsbInfoHandle->Count++; >- >- // >- // The second information, Credential Provider name info. >- // >- ProvNameStr = GetStringById (STRING_TOKEN (STR_PROVIDER_NAME)); >- ProvStrLen = StrSize (ProvNameStr); >- InfoLen = sizeof (EFI_USER_INFO) + ProvStrLen; >- Info = AllocateZeroPool (InfoLen); >- ASSERT (Info != NULL); >- >- Info->InfoType = >EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD; >- Info->InfoSize = (UINT32) InfoLen; >- Info->InfoAttribs = EFI_USER_INFO_PROTECTED; >- CopyGuid (&Info->Credential, &gUsbCredentialProviderGuid); >- CopyMem ((UINT8*)(Info + 1), ProvNameStr, ProvStrLen); >- FreePool (ProvNameStr); >- >- mUsbInfoHandle->Info[1] = Info; >- mUsbInfoHandle->Count++; >- >- // >- // The third information, Credential Provider type info. >- // >- InfoLen = sizeof (EFI_USER_INFO) + sizeof (EFI_GUID); >- Info = AllocateZeroPool (InfoLen); >- ASSERT (Info != NULL); >- >- Info->InfoType = EFI_USER_INFO_CREDENTIAL_TYPE_RECORD; >- Info->InfoSize = (UINT32) InfoLen; >- Info->InfoAttribs = EFI_USER_INFO_PROTECTED; >- CopyGuid (&Info->Credential, &gUsbCredentialProviderGuid); >- CopyGuid ((EFI_GUID *)(Info + 1), >&gEfiUserCredentialClassSecureCardGuid); >- >- mUsbInfoHandle->Info[2] = Info; >- mUsbInfoHandle->Count++; >- >- // >- // The fourth information, Credential Provider type name info. >- // >- ProvNameStr = GetStringById (STRING_TOKEN >(STR_PROVIDER_TYPE_NAME)); >- ProvStrLen = StrSize (ProvNameStr); >- InfoLen = sizeof (EFI_USER_INFO) + ProvStrLen; >- Info = AllocateZeroPool (InfoLen); >- ASSERT (Info != NULL); >- >- Info->InfoType = >EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD; >- Info->InfoSize = (UINT32) InfoLen; >- Info->InfoAttribs = EFI_USER_INFO_PROTECTED; >- CopyGuid (&Info->Credential, &gUsbCredentialProviderGuid); >- CopyMem ((UINT8*)(Info + 1), ProvNameStr, ProvStrLen); >- FreePool (ProvNameStr); >- >- mUsbInfoHandle->Info[3] = Info; >- mUsbInfoHandle->Count++; >- } >- >- if (*UserInfo == NULL) { >- // >- // Return the first info handle. >- // >- *UserInfo = (EFI_USER_INFO_HANDLE) mUsbInfoHandle->Info[0]; >- return EFI_SUCCESS; >- } >- >- // >- // Find information handle in credential info table. >- // >- for (Index = 0; Index < mUsbInfoHandle->Count; Index++) { >- Info = mUsbInfoHandle->Info[Index]; >- if (*UserInfo == (EFI_USER_INFO_HANDLE)Info) { >- // >- // The handle is found, get the next one. >- // >- if (Index == mUsbInfoHandle->Count - 1) { >- // >- // Already last one. >- // >- *UserInfo = NULL; >- return EFI_NOT_FOUND; >- } >- Index++; >- *UserInfo = (EFI_USER_INFO_HANDLE)mUsbInfoHandle->Info[Index]; >- return EFI_SUCCESS; >- } >- } >- >- *UserInfo = NULL; >- return EFI_NOT_FOUND; >-} >- >- >-/** >- Delete a user on this credential provider. >- >- This function deletes a user on this credential provider. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in] User The user profile handle to delete. >- >- @retval EFI_SUCCESS User profile was successfully deleted. >- @retval EFI_ACCESS_DENIED Current user profile does not permit >deletion on the user profile handle. >- Either the user profile cannot delete on any user profile or >cannot delete >- on a user profile other than the current user profile. >- @retval EFI_UNSUPPORTED This credential provider does not support >deletion in the pre-OS. >- @retval EFI_DEVICE_ERROR The new credential could not be deleted >because of a device error. >- @retval EFI_INVALID_PARAMETER User does not refer to a valid user >profile handle. >-**/ >-EFI_STATUS >-EFIAPI >-CredentialDelete ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO *UserInfo; >- UINT8 *UserId; >- UINT8 *NewUserId; >- UINTN Index; >- >- if ((This == NULL) || (User == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Get User Identifier. >- // >- UserInfo = NULL; >- Status = FindUserInfoByType ( >- User, >- EFI_USER_INFO_IDENTIFIER_RECORD, >- &UserInfo >- ); >- if (EFI_ERROR (Status)) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Find the user by user identifier in mPwdTable. >- // >- for (Index = 0; Index < mUsbTable->Count; Index++) { >- UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId; >- NewUserId = (UINT8 *) (UserInfo + 1); >- if (CompareMem (UserId, NewUserId, sizeof (EFI_USER_INFO_IDENTIFIER)) >== 0) { >- // >- // Found the user, delete it. >- // >- ModifyTable (Index, NULL); >- break; >- } >- } >- >- FreePool (UserInfo); >- return EFI_SUCCESS; >-} >- >- >-/** >- Main entry for this driver. >- >- @param ImageHandle Image handle this driver. >- @param SystemTable Pointer to SystemTable. >- >- @retval EFI_SUCESS This function always complete successfully. >- >-**/ >-EFI_STATUS >-EFIAPI >-UsbProviderInit ( >- IN EFI_HANDLE ImageHandle, >- IN EFI_SYSTEM_TABLE *SystemTable >- ) >-{ >- EFI_STATUS Status; >- >- // >- // It is NOT robust enough to be included in production. >- // >- #error "This implementation is just a sample, please comment this line if you >really want to use this driver." >- >- // >- // Init credential table. >- // >- Status = InitCredentialTable (); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- // >- // Init Form Browser >- // >- Status = InitFormBrowser (); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- // >- // Install protocol interfaces for the Usb Credential Provider. >- // >- Status = gBS->InstallProtocolInterface ( >- &mCallbackInfo->DriverHandle, >- &gEfiUserCredential2ProtocolGuid, >- EFI_NATIVE_INTERFACE, >- &gUsbCredentialProviderDriver >- ); >- return Status; >-} >diff --git >a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >ovider.h >b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >ovider.h >deleted file mode 100644 >index 63f6576045..0000000000 >--- >a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >ovider.h >+++ /dev/null >@@ -1,361 +0,0 @@ >-/** @file >- Usb Credential Provider driver header file. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#ifndef _USB_CREDENTIAL_PROVIDER_H_ >-#define _USB_CREDENTIAL_PROVIDER_H_ >- >-#include <Uefi.h> >- >-#include <Guid/GlobalVariable.h> >-#include <Guid/FileInfo.h> >-#include <Guid/SecurityPkgTokenSpace.h> >-#include <Guid/UsbCredentialProviderHii.h> >- >-#include <Protocol/SimpleFileSystem.h> >-#include <Protocol/BlockIo.h> >-#include <Protocol/UserCredential2.h> >-#include <Protocol/UserManager.h> >- >-#include <Library/UefiRuntimeServicesTableLib.h> >-#include <Library/UefiBootServicesTableLib.h> >-#include <Library/MemoryAllocationLib.h> >-#include <Library/BaseMemoryLib.h> >-#include <Library/DevicePathLib.h> >-#include <Library/BaseCryptLib.h> >-#include <Library/DebugLib.h> >-#include <Library/UefiLib.h> >-#include <Library/PrintLib.h> >-#include <Library/HiiLib.h> >-#include <Library/PcdLib.h> >- >-extern UINT8 UsbCredentialProviderStrings[]; >- >-#define USB_TABLE_INC 16 >-#define HASHED_CREDENTIAL_LEN 20 >- >-// >-// Save the enroll user credential Information. >-// >-typedef struct { >- EFI_USER_INFO_IDENTIFIER UserId; >- UINT8 Token[HASHED_CREDENTIAL_LEN]; >-} USB_INFO; >- >-// >-// USB Credential Table. >-// >-typedef struct { >- UINTN Count; >- UINTN MaxCount; >- USB_INFO UserInfo[1]; >-} CREDENTIAL_TABLE; >- >-// >-// The user information on the USB provider. >-// >-typedef struct { >- UINTN Count; >- EFI_USER_INFO *Info[1]; >-} USB_CREDENTIAL_INFO; >- >-#define USB_PROVIDER_SIGNATURE SIGNATURE_32 ('U', 'S', 'B', 'P') >- >-typedef struct { >- UINTN Signature; >- EFI_HANDLE DriverHandle; >- EFI_HII_HANDLE HiiHandle; >-} USB_PROVIDER_CALLBACK_INFO; >- >-/** >- Enroll a user on a credential provider. >- >- This function enrolls and deletes a user profile using this credential provider. >- If a user profile is successfully enrolled, it calls the User Manager Protocol >- function Notify() to notify the user manager driver that credential >information >- has changed. If an enrolled user does exist, delete the user on the >credential >- provider. >- >- @param[in] This Points to this instance of >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in] User The user profile to enroll. >- >- @retval EFI_SUCCESS User profile was successfully enrolled. >- @retval EFI_ACCESS_DENIED Current user profile does not permit >enrollment on the >- user profile handle. Either the user profile cannot enroll >- on any user profile or cannot enroll on a user profile >- other than the current user profile. >- @retval EFI_UNSUPPORTED This credential provider does not support >enrollment in >- the pre-OS. >- @retval EFI_DEVICE_ERROR The new credential could not be created >because of a device >- error. >- @retval EFI_INVALID_PARAMETER User does not refer to a valid user >profile handle. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialEnroll ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User >- ); >- >-/** >- Returns the user interface information used during user identification. >- >- This function enrolls a user on this credential provider. If the user exists on >- this credential provider, update the user information on this credential >provider; >- otherwise delete the user information on credential provider. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[out] Hii On return, holds the HII database handle. >- @param[out] FormSetId On return, holds the identifier of the form set >which contains >- the form used during user identification. >- @param[out] FormId On return, holds the identifier of the form used >during user >- identification. >- >- @retval EFI_SUCCESS Form returned successfully. >- @retval EFI_NOT_FOUND Form not returned. >- @retval EFI_INVALID_PARAMETER Hii is NULL or FormSetId is NULL or >FormId is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialForm ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- OUT EFI_HII_HANDLE *Hii, >- OUT EFI_GUID *FormSetId, >- OUT EFI_FORM_ID *FormId >- ); >- >-/** >- Returns bitmap used to describe the credential provider type. >- >- This optional function returns a bitmap which is less than or equal to the >number >- of pixels specified by Width and Height. If no such bitmap exists, then >EFI_NOT_FOUND >- is returned. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in, out] Width On entry, points to the desired bitmap width. If >NULL then no >- bitmap information will be returned. On exit, points to the >- width of the bitmap returned. >- @param[in, out] Height On entry, points to the desired bitmap height. If >NULL then no >- bitmap information will be returned. On exit, points to the >- height of the bitmap returned. >- @param[out] Hii On return, holds the HII database handle. >- @param[out] Image On return, holds the HII image identifier. >- >- @retval EFI_SUCCESS Image identifier returned successfully. >- @retval EFI_NOT_FOUND Image identifier not returned. >- @retval EFI_INVALID_PARAMETER Hii is NULL or Image is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialTile ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN OUT UINTN *Width, >- IN OUT UINTN *Height, >- OUT EFI_HII_HANDLE *Hii, >- OUT EFI_IMAGE_ID *Image >- ); >- >-/** >- Returns string used to describe the credential provider type. >- >- This function returns a string which describes the credential provider. If no >- such string exists, then EFI_NOT_FOUND is returned. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[out] Hii On return, holds the HII database handle. >- @param[out] String On return, holds the HII string identifier. >- >- @retval EFI_SUCCESS String identifier returned successfully. >- @retval EFI_NOT_FOUND String identifier not returned. >- @retval EFI_INVALID_PARAMETER Hii is NULL or String is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialTitle ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- OUT EFI_HII_HANDLE *Hii, >- OUT EFI_STRING_ID *String >- ); >- >-/** >- Return the user identifier associated with the currently authenticated user. >- >- This function returns the user identifier of the user authenticated by this >credential >- provider. This function is called after the credential-related information has >been >- submitted on a form OR after a call to Default() has returned that this >credential is >- ready to log on. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in] User The user profile handle of the user profile currently >being >- considered by the user identity manager. If NULL, then no user >- profile is currently under consideration. >- @param[out] Identifier On return, points to the user identifier. >- >- @retval EFI_SUCCESS User identifier returned successfully. >- @retval EFI_NOT_READY No user identifier can be returned. >- @retval EFI_ACCESS_DENIED The user has been locked out of this user >credential. >- @retval EFI_INVALID_PARAMETER This is NULL, or Identifier is NULL. >- @retval EFI_NOT_FOUND User is not NULL, and the specified user >handle can't be >- found in user profile database. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialUser ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User, >- OUT EFI_USER_INFO_IDENTIFIER *Identifier >- ); >- >-/** >- Indicate that user interface interaction has begun for the specified >credential. >- >- This function is called when a credential provider is selected by the user. If >- AutoLogon returns FALSE, then the user interface will be constructed by the >User >- Identity Manager. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[out] AutoLogon On return, points to the credential provider's >capabilities >- after the credential provider has been selected by the user. >- >- @retval EFI_SUCCESS Credential provider successfully selected. >- @retval EFI_INVALID_PARAMETER AutoLogon is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialSelect ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon >- ); >- >-/** >- Indicate that user interface interaction has ended for the specified >credential. >- >- This function is called when a credential provider is deselected by the user. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- >- @retval EFI_SUCCESS Credential provider successfully deselected. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialDeselect ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This >- ); >- >-/** >- Return the default logon behavior for this user credential. >- >- This function reports the default login behavior regarding this credential >provider. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[out] AutoLogon On return, holds whether the credential provider >should be used >- by default to automatically log on the user. >- >- @retval EFI_SUCCESS Default information successfully returned. >- @retval EFI_INVALID_PARAMETER AutoLogon is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialDefault ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon >- ); >- >-/** >- Return information attached to the credential provider. >- >- This function returns user information. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in] UserInfo Handle of the user information data record. >- @param[out] Info On entry, points to a buffer of at least *InfoSize >bytes. On >- exit, holds the user information. If the buffer is too small >- to hold the information, then EFI_BUFFER_TOO_SMALL is >returned >- and InfoSize is updated to contain the number of bytes >actually >- required. >- @param[in, out] InfoSize On entry, points to the size of Info. On return, >points to the >- size of the user information. >- >- @retval EFI_SUCCESS Information returned successfully. >- @retval EFI_BUFFER_TOO_SMALL The size specified by InfoSize is too small >to hold all of the >- user information. The size required is returned in *InfoSize. >- @retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL. >- @retval EFI_NOT_FOUND The specified UserInfo does not refer to a >valid user info handle. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialGetInfo ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN EFI_USER_INFO_HANDLE UserInfo, >- OUT EFI_USER_INFO *Info, >- IN OUT UINTN *InfoSize >- ); >- >-/** >- Enumerate all of the user informations on the credential provider. >- >- This function returns the next user information record. To retrieve the first >user >- information record handle, point UserInfo at a NULL. Each subsequent call >will retrieve >- another user information record handle until there are no more, at which >point UserInfo >- will point to NULL. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in, out] UserInfo On entry, points to the previous user information >handle or NULL >- to start enumeration. On exit, points to the next user >information >- handle or NULL if there is no more user information. >- >- @retval EFI_SUCCESS User information returned. >- @retval EFI_NOT_FOUND No more user information found. >- @retval EFI_INVALID_PARAMETER UserInfo is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-CredentialGetNextInfo ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN OUT EFI_USER_INFO_HANDLE *UserInfo >- ); >- >-/** >- Delete a user on this credential provider. >- >- This function deletes a user on this credential provider. >- >- @param[in] This Points to this instance of the >EFI_USER_CREDENTIAL2_PROTOCOL. >- @param[in] User The user profile handle to delete. >- >- @retval EFI_SUCCESS User profile was successfully deleted. >- @retval EFI_ACCESS_DENIED Current user profile does not permit >deletion on the user profile handle. >- Either the user profile cannot delete on any user profile or >cannot delete >- on a user profile other than the current user profile. >- @retval EFI_UNSUPPORTED This credential provider does not support >deletion in the pre-OS. >- @retval EFI_DEVICE_ERROR The new credential could not be deleted >because of a device error. >- @retval EFI_INVALID_PARAMETER User does not refer to a valid user >profile handle. >-**/ >-EFI_STATUS >-EFIAPI >-CredentialDelete ( >- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User >- ); >- >-#endif >diff --git >a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >ovider.uni >b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >ovider.uni >deleted file mode 100644 >index 961e09f360..0000000000 >--- >a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >ovider.uni >+++ /dev/null >@@ -1,23 +0,0 @@ >-// /** @file >-// Provides a USB credential provider implementation >-// >-// This module reads a token from a token file that is saved in the root >-// folder of a USB stick. The token file name can be specified by the PCD >-// PcdFixedUsbCredentialProviderTokenFileName. >-// >-// Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR> >-// >-// This program and the accompanying materials >-// are licensed and made available under the terms and conditions of the BSD >License >-// which accompanies this distribution. The full text of the license may be >found at >-// http://opensource.org/licenses/bsd-license.php >-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >-// >-// **/ >- >- >-#string STR_MODULE_ABSTRACT #language en-US "Provides a USB >credential provider implementation" >- >-#string STR_MODULE_DESCRIPTION #language en-US "This module >reads a token from a token file that is saved in the root folder of a USB stick. >The token file name can be specified by the PCD >PcdFixedUsbCredentialProviderTokenFileName." >- >diff --git >a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >oviderDxe.inf >b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >oviderDxe.inf >deleted file mode 100644 >index 1e8e42332f..0000000000 >--- >a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >oviderDxe.inf >+++ /dev/null >@@ -1,70 +0,0 @@ >-## @file >-# Provides a USB credential provider implementation >-# >-# This module reads a token from a token file that is saved in the root >-# folder of a USB stick. The token file name can be specified by the PCD >-# PcdFixedUsbCredentialProviderTokenFileName. >-# >-# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-# This program and the accompanying materials >-# are licensed and made available under the terms and conditions of the BSD >License >-# which accompanies this distribution. The full text of the license may be >found at >-# http://opensource.org/licenses/bsd-license.php >-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >-# >-## >- >-[Defines] >- INF_VERSION = 0x00010005 >- BASE_NAME = UsbCredentialProvider >- MODULE_UNI_FILE = UsbCredentialProvider.uni >- FILE_GUID = 672A0C68-2BF0-46f9-93C3-C4E7DC0FA555 >- MODULE_TYPE = UEFI_DRIVER >- VERSION_STRING = 1.0 >- ENTRY_POINT = UsbProviderInit >- >-[Sources] >- UsbCredentialProvider.c >- UsbCredentialProvider.h >- UsbCredentialProviderStrings.uni >- >-[Packages] >- MdePkg/MdePkg.dec >- MdeModulePkg/MdeModulePkg.dec >- CryptoPkg/CryptoPkg.dec >- SecurityPkg/SecurityPkg.dec >- >-[LibraryClasses] >- UefiRuntimeServicesTableLib >- UefiBootServicesTableLib >- UefiDriverEntryPoint >- MemoryAllocationLib >- BaseMemoryLib >- DebugLib >- HiiLib >- UefiLib >- BaseCryptLib >- >-[Guids] >- ## PRODUCES ## Variable:L"UsbCredential" >- ## CONSUMES ## Variable:L"UsbCredential" >- ## CONSUMES ## HII >- ## SOMETIMES_CONSUMES ## GUID # The credential provider >identifier >- gUsbCredentialProviderGuid >- >- gEfiFileInfoGuid ## SOMETIMES_CONSUMES ## GUID >- gEfiUserCredentialClassSecureCardGuid ## SOMETIMES_CONSUMES >## GUID >- >-[Pcd] >- >gEfiSecurityPkgTokenSpaceGuid.PcdFixedUsbCredentialProviderTokenFileNa >me ## SOMETIMES_CONSUMES >- >-[Protocols] >- gEfiUserCredential2ProtocolGuid ## PRODUCES >- gEfiUserManagerProtocolGuid ## SOMETIMES_CONSUMES >- gEfiBlockIoProtocolGuid ## SOMETIMES_CONSUMES >- gEfiSimpleFileSystemProtocolGuid ## SOMETIMES_CONSUMES >- >-[UserExtensions.TianoCore."ExtraFiles"] >- UsbCredentialProviderExtra.uni >- >diff --git >a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >oviderExtra.uni >b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >oviderExtra.uni >deleted file mode 100644 >index a20917d5f7..0000000000 >--- >a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >oviderExtra.uni >+++ /dev/null >@@ -1,19 +0,0 @@ >-// /** @file >-// UsbCredentialProvider Localized Strings and Content >-// >-// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> >-// >-// This program and the accompanying materials >-// are licensed and made available under the terms and conditions of the BSD >License >-// which accompanies this distribution. The full text of the license may be >found at >-// http://opensource.org/licenses/bsd-license.php >-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >-// >-// **/ >- >-#string STR_PROPERTIES_MODULE_NAME >-#language en-US >-"USB Credential Provider" >- >- >diff --git >a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >oviderStrings.uni >b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >oviderStrings.uni >deleted file mode 100644 >index f306d50a4e..0000000000 >--- >a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >oviderStrings.uni >+++ /dev/null >@@ -1,29 +0,0 @@ >-/** @file >- String definitions for the USB Credential Provider. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php. >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#langdef en-US "English" >-#langdef fr-FR "Francais" >- >-#string STR_CREDENTIAL_TITLE #language en-US "USB Credential >Provider" >- #language fr-FR "USB Credential Provider (French)" >-#string STR_NULL_STRING #language en-US "" >- #language fr-FR "" >-#string STR_PROVIDER_NAME #language en-US "INTEL USB >Credential Provider" >- #language fr-FR "INTEL USB Credential Provider >(French)" >-#string STR_PROVIDER_TYPE_NAME #language en-US "Secure Card >Credential Provider" >- #language fr-FR "Secure Card Credential Provider >(French)" >-#string STR_READ_USB_TOKEN_ERROR #language en-US "Read USB >Token File Error!" >- #language fr-FR "Read USB Token File Error! >(French)" >-#string STR_INSERT_USB_TOKEN #language en-US "Please insert >USB key with Token" >- #language fr-FR "Please insert USB key with Token >(French)" >diff --git >a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/LoadDeferredIma >ge.c >b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/LoadDeferredIm >age.c >deleted file mode 100644 >index 2cfe130db8..0000000000 >--- >a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/LoadDeferredIma >ge.c >+++ /dev/null >@@ -1,148 +0,0 @@ >-/** @file >- Load the deferred images after user is identified. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#include "UserIdentifyManager.h" >- >-EFI_HANDLE mDeferredImageHandle; >- >-/** >- The function will load all the deferred images again. If the deferred image is >loaded >- successfully, try to start it. >- >- @param Event Event whose notification function is being invoked. >- @param Context Pointer to the notification function's context >- >-**/ >-VOID >-EFIAPI >-LoadDeferredImage ( >- IN EFI_EVENT Event, >- IN VOID *Context >- ) >-{ >- EFI_STATUS Status; >- EFI_DEFERRED_IMAGE_LOAD_PROTOCOL *DeferredImage; >- UINTN HandleCount; >- EFI_HANDLE *HandleBuf; >- UINTN Index; >- UINTN DriverIndex; >- EFI_DEVICE_PATH_PROTOCOL *ImageDevicePath; >- VOID *DriverImage; >- UINTN ImageSize; >- BOOLEAN BootOption; >- EFI_HANDLE ImageHandle; >- UINTN ExitDataSize; >- CHAR16 *ExitData; >- >- // >- // Find all the deferred image load protocols. >- // >- HandleCount = 0; >- HandleBuf = NULL; >- Status = gBS->LocateHandleBuffer ( >- ByProtocol, >- &gEfiDeferredImageLoadProtocolGuid, >- NULL, >- &HandleCount, >- &HandleBuf >- ); >- if (EFI_ERROR (Status)) { >- return ; >- } >- >- for (Index = 0; Index < HandleCount; Index++) { >- Status = gBS->HandleProtocol ( >- HandleBuf[Index], >- &gEfiDeferredImageLoadProtocolGuid, >- (VOID **) &DeferredImage >- ); >- if (EFI_ERROR (Status)) { >- continue ; >- } >- >- DriverIndex = 0; >- do { >- // >- // Load all the deferred images in this protocol instance. >- // >- Status = DeferredImage->GetImageInfo( >- DeferredImage, >- DriverIndex, >- &ImageDevicePath, >- (VOID **) &DriverImage, >- &ImageSize, >- &BootOption >- ); >- if (EFI_ERROR (Status)) { >- break; >- } >- >- // >- // Load and start the image. >- // >- Status = gBS->LoadImage ( >- BootOption, >- mDeferredImageHandle, >- ImageDevicePath, >- NULL, >- 0, >- &ImageHandle >- ); >- if (!EFI_ERROR (Status)) { >- // >- // Before calling the image, enable the Watchdog Timer for >- // a 5 Minute period >- // >- gBS->SetWatchdogTimer (5 * 60, 0x0000, 0x00, NULL); >- Status = gBS->StartImage (ImageHandle, &ExitDataSize, &ExitData); >- >- // >- // Clear the Watchdog Timer after the image returns. >- // >- gBS->SetWatchdogTimer (0x0000, 0x0000, 0x0000, NULL); >- } >- DriverIndex++; >- } while (TRUE); >- } >- FreePool (HandleBuf); >-} >- >- >-/** >- Register an event notification function for user profile changed. >- >- @param[in] ImageHandle Image handle this driver. >- >-**/ >-VOID >-LoadDeferredImageInit ( >- IN EFI_HANDLE ImageHandle >- ) >-{ >- EFI_STATUS Status; >- EFI_EVENT Event; >- >- mDeferredImageHandle = ImageHandle; >- >- Status = gBS->CreateEventEx ( >- EVT_NOTIFY_SIGNAL, >- TPL_CALLBACK, >- LoadDeferredImage, >- NULL, >- &gEfiEventUserProfileChangedGuid, >- &Event >- ); >- >- ASSERT (Status == EFI_SUCCESS); >-} >diff --git >a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >ager.c >b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >ager.c >deleted file mode 100644 >index fd941792c1..0000000000 >--- >a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >ager.c >+++ /dev/null >@@ -1,3766 +0,0 @@ >-/** @file >- This driver manages user information and produces user manager protocol. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-(C) Copyright 2018 Hewlett Packard Enterprise Development LP<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#include "UserIdentifyManager.h" >- >-// >-// Default user name. >-// >-CHAR16 mUserName[] = L"Administrator"; >- >-// >-// Points to the user profile database. >-// >-USER_PROFILE_DB *mUserProfileDb = NULL; >- >-// >-// Points to the credential providers found in system. >-// >-CREDENTIAL_PROVIDER_INFO *mProviderDb = NULL; >- >-// >-// Current user shared in multi function. >-// >-EFI_USER_PROFILE_HANDLE mCurrentUser = NULL; >- >-// >-// Flag indicates a user is identified. >-// >-BOOLEAN mIdentified = FALSE; >-USER_MANAGER_CALLBACK_INFO *mCallbackInfo = NULL; >-HII_VENDOR_DEVICE_PATH mHiiVendorDevicePath = { >- { >- { >- HARDWARE_DEVICE_PATH, >- HW_VENDOR_DP, >- { >- (UINT8) (sizeof (VENDOR_DEVICE_PATH)), >- (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) >- } >- }, >- USER_IDENTIFY_MANAGER_GUID >- }, >- { >- END_DEVICE_PATH_TYPE, >- END_ENTIRE_DEVICE_PATH_SUBTYPE, >- { >- (UINT8) (END_DEVICE_PATH_LENGTH), >- (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8) >- } >- } >-}; >- >- >-EFI_USER_MANAGER_PROTOCOL gUserIdentifyManager = { >- UserProfileCreate, >- UserProfileDelete, >- UserProfileGetNext, >- UserProfileCurrent, >- UserProfileIdentify, >- UserProfileFind, >- UserProfileNotify, >- UserProfileGetInfo, >- UserProfileSetInfo, >- UserProfileDeleteInfo, >- UserProfileGetNextInfo, >-}; >- >- >-/** >- Find the specified user in the user database. >- >- This function searches the specified user from the beginning of the user >database. >- And if NextUser is TRUE, return the next User in the user database. >- >- @param[in, out] User On entry, points to the user profile entry to >search. >- On return, points to the user profile entry or NULL if not >found. >- @param[in] NextUser If FALSE, find the user in user profile database >specifyed by User >- If TRUE, find the next user in user profile database specifyed >- by User. >- @param[out] ProfileIndex A pointer to the index of user profile database >that matches the >- user specifyed by User. >- >- @retval EFI_NOT_FOUND User was NULL, or User was not found, or the >next user was not found. >- @retval EFI_SUCCESS User or the next user are found in user profile >database >- >-**/ >-EFI_STATUS >-FindUserProfile ( >- IN OUT USER_PROFILE_ENTRY **User, >- IN BOOLEAN NextUser, >- OUT UINTN *ProfileIndex OPTIONAL >- ) >-{ >- UINTN Index; >- >- // >- // Check parameters >- // >- if ((mUserProfileDb == NULL) || (User == NULL)) { >- return EFI_NOT_FOUND; >- } >- >- // >- // Check whether the user profile is in the user profile database. >- // >- for (Index = 0; Index < mUserProfileDb->UserProfileNum; Index++) { >- if (mUserProfileDb->UserProfile[Index] == *User) { >- if (ProfileIndex != NULL) { >- *ProfileIndex = Index; >- } >- break; >- } >- } >- >- if (NextUser) { >- // >- // Find the next user profile. >- // >- Index++; >- if (Index < mUserProfileDb->UserProfileNum) { >- *User = mUserProfileDb->UserProfile[Index]; >- } else if (Index == mUserProfileDb->UserProfileNum) { >- *User = NULL; >- return EFI_NOT_FOUND; >- } else { >- if ((mUserProfileDb->UserProfileNum > 0) && (*User == NULL)) { >- *User = mUserProfileDb->UserProfile[0]; >- } else { >- *User = NULL; >- return EFI_NOT_FOUND; >- } >- } >- } else if (Index == mUserProfileDb->UserProfileNum) { >- return EFI_NOT_FOUND; >- } >- >- return EFI_SUCCESS; >-} >- >-/** >- Find the specified user information record in the specified User profile. >- >- This function searches the specified user information record from the >beginning of the user >- profile. And if NextInfo is TRUE, return the next info in the user profile. >- >- @param[in] User Points to the user profile entry. >- @param[in, out] Info On entry, points to the user information record or >NULL to start >- searching with the first user information record. >- On return, points to the user information record or NULL if not >found. >- @param[in] NextInfo If FALSE, find the user information record in profile >specifyed by User. >- If TRUE, find the next user information record in profile >specifyed >- by User. >- @param[out] Offset A pointer to the offset of the information record in >the user profile. >- >- @retval EFI_INVALID_PARAMETER Info is NULL >- @retval EFI_NOT_FOUND Info was not found, or the next Info was not >found. >- @retval EFI_SUCCESS Info or the next info are found in user profile. >- >-**/ >-EFI_STATUS >-FindUserInfo ( >- IN USER_PROFILE_ENTRY * User, >- IN OUT EFI_USER_INFO **Info, >- IN BOOLEAN NextInfo, >- OUT UINTN *Offset OPTIONAL >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO *UserInfo; >- UINTN InfoLen; >- >- if (Info == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Check user profile entry >- // >- Status = FindUserProfile (&User, FALSE, NULL); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- // >- // Find user information in the specified user record. >- // >- InfoLen = 0; >- while (InfoLen < User->UserProfileSize) { >- UserInfo = (EFI_USER_INFO *) (User->ProfileInfo + InfoLen); >- if (UserInfo == *Info) { >- if (Offset != NULL) { >- *Offset = InfoLen; >- } >- break; >- } >- InfoLen += ALIGN_VARIABLE (UserInfo->InfoSize); >- } >- >- // >- // Check whether to find the next user information. >- // >- if (NextInfo) { >- if (InfoLen < User->UserProfileSize) { >- UserInfo = (EFI_USER_INFO *) (User->ProfileInfo + InfoLen); >- InfoLen += ALIGN_VARIABLE (UserInfo->InfoSize); >- if (InfoLen < User->UserProfileSize) { >- *Info = (EFI_USER_INFO *) (User->ProfileInfo + InfoLen); >- if (Offset != NULL) { >- *Offset = InfoLen; >- } >- } else if (InfoLen == User->UserProfileSize) { >- *Info = NULL; >- return EFI_NOT_FOUND; >- } >- } else { >- if (*Info == NULL) { >- *Info = (EFI_USER_INFO *) User->ProfileInfo; >- if (Offset != NULL) { >- *Offset = 0; >- } >- } else { >- *Info = NULL; >- return EFI_NOT_FOUND; >- } >- } >- } else if (InfoLen == User->UserProfileSize) { >- return EFI_NOT_FOUND; >- } >- >- return EFI_SUCCESS; >-} >- >-/** >- Find a user infomation record by the information record type. >- >- This function searches all user information records of User. The search starts >with the >- user information record following Info and continues until either the >information is found >- or there are no more user infomation record. >- A match occurs when a Info.InfoType field matches the user information >record type. >- >- @param[in] User Points to the user profile record to search. >- @param[in, out] Info On entry, points to the user information record or >NULL to start >- searching with the first user information record. >- On return, points to the user information record or NULL if not >found. >- @param[in] InfoType The infomation type to be searched. >- >- @retval EFI_SUCCESS User information was found. Info points to the >user information record. >- @retval EFI_NOT_FOUND User information was not found. >- @retval EFI_INVALID_PARAMETER User is NULL or Info is NULL. >- >-**/ >-EFI_STATUS >-FindUserInfoByType ( >- IN USER_PROFILE_ENTRY *User, >- IN OUT EFI_USER_INFO **Info, >- IN UINT8 InfoType >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO *UserInfo; >- UINTN InfoLen; >- >- if (Info == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Check whether the user has the specified user information. >- // >- InfoLen = 0; >- if (*Info == NULL) { >- Status = FindUserProfile (&User, FALSE, NULL); >- } else { >- Status = FindUserInfo (User, Info, TRUE, &InfoLen); >- } >- >- if (EFI_ERROR (Status)) { >- return EFI_NOT_FOUND; >- } >- >- while (InfoLen < User->UserProfileSize) { >- UserInfo = (EFI_USER_INFO *) (User->ProfileInfo + InfoLen); >- if (UserInfo->InfoType == InfoType) { >- if (UserInfo != *Info) { >- *Info = UserInfo; >- return EFI_SUCCESS; >- } >- } >- >- InfoLen += ALIGN_VARIABLE (UserInfo->InfoSize); >- } >- >- *Info = NULL; >- return EFI_NOT_FOUND; >-} >- >-/** >- Find a user using a user information record. >- >- This function searches all user profiles for the specified user information >record. The >- search starts with the user information record handle following UserInfo >and continues >- until either the information is found or there are no more user profiles. >- A match occurs when the Info.InfoType field matches the user information >record type and the >- user information record data matches the portion of Info passed the >EFI_USER_INFO header. >- >- @param[in, out] User On entry, points to the previously returned user >profile record, >- or NULL to start searching with the first user profile. >- On return, points to the user profile entry, or NULL if not found. >- @param[in, out] UserInfo On entry, points to the previously returned user >information record, >- or NULL to start searching with the first. >- On return, points to the user information record, or NULL if not >found. >- @param[in] Info Points to the buffer containing the user information to >be compared >- to the user information record. >- @param[in] InfoSize The size of Info, in bytes. Same as Info->InfoSize. >- >- @retval EFI_SUCCESS User information was found. User points to the >user profile record, >- and UserInfo points to the user information record. >- @retval EFI_NOT_FOUND User information was not found. >- @retval EFI_INVALID_PARAMETER User is NULL; Info is NULL; or, InfoSize is >too small. >- >-**/ >-EFI_STATUS >-FindUserProfileByInfo ( >- IN OUT USER_PROFILE_ENTRY **User, >- IN OUT EFI_USER_INFO **UserInfo, OPTIONAL >- IN EFI_USER_INFO *Info, >- IN UINTN InfoSize >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO *InfoEntry; >- >- >- if ((User == NULL) || (Info == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- if (InfoSize < sizeof (EFI_USER_INFO)) { >- return EFI_INVALID_PARAMETER; >- } >- >- if (UserInfo != NULL) { >- InfoEntry = *UserInfo; >- } else { >- InfoEntry = NULL; >- } >- // >- // Find user profile according to information. >- // >- if (*User == NULL) { >- *User = mUserProfileDb->UserProfile[0]; >- } >- >- // >- // Check user profile handle. >- // >- Status = FindUserProfile (User, FALSE, NULL); >- >- while (!EFI_ERROR (Status)) { >- // >- // Find the user information in a user profile. >- // >- while (TRUE) { >- Status = FindUserInfoByType (*User, &InfoEntry, Info->InfoType); >- if (EFI_ERROR (Status)) { >- break; >- } >- >- if (InfoSize == Info->InfoSize) { >- if (CompareMem ((UINT8 *) (InfoEntry + 1), (UINT8 *) (Info + 1), InfoSize >- sizeof (EFI_USER_INFO)) == 0) { >- // >- // Found the infomation record. >- // >- if (UserInfo != NULL) { >- *UserInfo = InfoEntry; >- } >- return EFI_SUCCESS; >- } >- } >- } >- >- // >- // Get next user profile. >- // >- InfoEntry = NULL; >- Status = FindUserProfile (User, TRUE, NULL); >- } >- >- return EFI_NOT_FOUND; >-} >- >- >-/** >- Check whether the access policy is valid. >- >- @param[in] PolicyInfo Point to the access policy. >- @param[in] InfoLen The policy length. >- >- @retval TRUE The policy is a valid access policy. >- @retval FALSE The access policy is not a valid access policy. >- >-**/ >-BOOLEAN >-CheckAccessPolicy ( >- IN UINT8 *PolicyInfo, >- IN UINTN InfoLen >- ) >-{ >- UINTN TotalLen; >- UINTN ValueLen; >- UINTN OffSet; >- EFI_USER_INFO_ACCESS_CONTROL Access; >- EFI_DEVICE_PATH_PROTOCOL *Path; >- UINTN PathSize; >- >- TotalLen = 0; >- while (TotalLen < InfoLen) { >- // >- // Check access policy according to type. >- // >- CopyMem (&Access, PolicyInfo + TotalLen, sizeof (Access)); >- ValueLen = Access.Size - sizeof (EFI_USER_INFO_ACCESS_CONTROL); >- switch (Access.Type) { >- case EFI_USER_INFO_ACCESS_FORBID_LOAD: >- case EFI_USER_INFO_ACCESS_PERMIT_LOAD: >- case EFI_USER_INFO_ACCESS_FORBID_CONNECT: >- case EFI_USER_INFO_ACCESS_PERMIT_CONNECT: >- OffSet = 0; >- while (OffSet < ValueLen) { >- Path = (EFI_DEVICE_PATH_PROTOCOL *) (PolicyInfo + TotalLen + >sizeof (Access) + OffSet); >- PathSize = GetDevicePathSize (Path); >- OffSet += PathSize; >- } >- if (OffSet != ValueLen) { >- return FALSE; >- } >- break; >- >- case EFI_USER_INFO_ACCESS_SETUP: >- if (ValueLen % sizeof (EFI_GUID) != 0) { >- return FALSE; >- } >- break; >- >- case EFI_USER_INFO_ACCESS_BOOT_ORDER: >- if (ValueLen % sizeof (EFI_USER_INFO_ACCESS_BOOT_ORDER_HDR) != 0) >{ >- return FALSE; >- } >- break; >- >- case EFI_USER_INFO_ACCESS_ENROLL_SELF: >- case EFI_USER_INFO_ACCESS_ENROLL_OTHERS: >- case EFI_USER_INFO_ACCESS_MANAGE: >- if (ValueLen != 0) { >- return FALSE; >- } >- break; >- >- default: >- return FALSE; >- break; >- } >- >- TotalLen += Access.Size; >- } >- >- if (TotalLen != InfoLen) { >- return FALSE; >- } >- >- return TRUE; >-} >- >- >-/** >- Check whether the identity policy is valid. >- >- @param[in] PolicyInfo Point to the identity policy. >- @param[in] InfoLen The policy length. >- >- @retval TRUE The policy is a valid identity policy. >- @retval FALSE The access policy is not a valid identity policy. >- >-**/ >-BOOLEAN >-CheckIdentityPolicy ( >- IN UINT8 *PolicyInfo, >- IN UINTN InfoLen >- ) >-{ >- UINTN TotalLen; >- UINTN ValueLen; >- EFI_USER_INFO_IDENTITY_POLICY *Identity; >- >- TotalLen = 0; >- >- // >- // Check each part of policy expression. >- // >- while (TotalLen < InfoLen) { >- // >- // Check access polisy according to type. >- // >- Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (PolicyInfo + TotalLen); >- ValueLen = Identity->Length - sizeof (EFI_USER_INFO_IDENTITY_POLICY); >- switch (Identity->Type) { >- // >- // Check False option. >- // >- case EFI_USER_INFO_IDENTITY_FALSE: >- if (ValueLen != 0) { >- return FALSE; >- } >- break; >- >- // >- // Check True option. >- // >- case EFI_USER_INFO_IDENTITY_TRUE: >- if (ValueLen != 0) { >- return FALSE; >- } >- break; >- >- // >- // Check negative operation. >- // >- case EFI_USER_INFO_IDENTITY_NOT: >- if (ValueLen != 0) { >- return FALSE; >- } >- break; >- >- // >- // Check and operation. >- // >- case EFI_USER_INFO_IDENTITY_AND: >- if (ValueLen != 0) { >- return FALSE; >- } >- break; >- >- // >- // Check or operation. >- // >- case EFI_USER_INFO_IDENTITY_OR: >- if (ValueLen != 0) { >- return FALSE; >- } >- break; >- >- // >- // Check credential provider by type. >- // >- case EFI_USER_INFO_IDENTITY_CREDENTIAL_TYPE: >- if (ValueLen != sizeof (EFI_GUID)) { >- return FALSE; >- } >- break; >- >- // >- // Check credential provider by ID. >- // >- case EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER: >- if (ValueLen != sizeof (EFI_GUID)) { >- return FALSE; >- } >- break; >- >- default: >- return FALSE; >- break; >- } >- >- TotalLen += Identity->Length; >- } >- >- if (TotalLen != InfoLen) { >- return FALSE; >- } >- >- return TRUE; >-} >- >- >-/** >- Check whether the user information is a valid user information record. >- >- @param[in] Info points to the user information. >- >- @retval TRUE The info is a valid user information record. >- @retval FALSE The info is not a valid user information record. >- >-**/ >-BOOLEAN >-CheckUserInfo ( >- IN CONST EFI_USER_INFO *Info >- ) >-{ >- UINTN InfoLen; >- >- if (Info == NULL) { >- return FALSE; >- } >- // >- // Check user information according to information type. >- // >- InfoLen = Info->InfoSize - sizeof (EFI_USER_INFO); >- switch (Info->InfoType) { >- case EFI_USER_INFO_EMPTY_RECORD: >- if (InfoLen != 0) { >- return FALSE; >- } >- break; >- >- case EFI_USER_INFO_NAME_RECORD: >- case EFI_USER_INFO_CREDENTIAL_TYPE_NAME_RECORD: >- case EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD: >- break; >- >- case EFI_USER_INFO_CREATE_DATE_RECORD: >- case EFI_USER_INFO_USAGE_DATE_RECORD: >- if (InfoLen != sizeof (EFI_TIME)) { >- return FALSE; >- } >- break; >- >- case EFI_USER_INFO_USAGE_COUNT_RECORD: >- if (InfoLen != sizeof (UINT64)) { >- return FALSE; >- } >- break; >- >- case EFI_USER_INFO_IDENTIFIER_RECORD: >- if (InfoLen != 16) { >- return FALSE; >- } >- break; >- >- case EFI_USER_INFO_CREDENTIAL_TYPE_RECORD: >- case EFI_USER_INFO_CREDENTIAL_PROVIDER_RECORD: >- case EFI_USER_INFO_GUID_RECORD: >- if (InfoLen != sizeof (EFI_GUID)) { >- return FALSE; >- } >- break; >- >- case EFI_USER_INFO_PKCS11_RECORD: >- case EFI_USER_INFO_CBEFF_RECORD: >- break; >- >- case EFI_USER_INFO_FAR_RECORD: >- case EFI_USER_INFO_RETRY_RECORD: >- if (InfoLen != 1) { >- return FALSE; >- } >- break; >- >- case EFI_USER_INFO_ACCESS_POLICY_RECORD: >- if(!CheckAccessPolicy ((UINT8 *) (Info + 1), InfoLen)) { >- return FALSE; >- } >- break; >- >- case EFI_USER_INFO_IDENTITY_POLICY_RECORD: >- if (!CheckIdentityPolicy ((UINT8 *) (Info + 1), InfoLen)) { >- return FALSE; >- } >- break; >- >- default: >- return FALSE; >- break; >- } >- >- return TRUE; >-} >- >- >-/** >- Check the user profile data format to be added. >- >- @param[in] UserProfileInfo Points to the user profile data. >- @param[in] UserProfileSize The length of user profile data. >- >- @retval TRUE It is a valid user profile. >- @retval FALSE It is not a valid user profile. >- >-**/ >-BOOLEAN >-CheckProfileInfo ( >- IN UINT8 *UserProfileInfo, >- IN UINTN UserProfileSize >- ) >-{ >- UINTN ChkLen; >- EFI_USER_INFO *Info; >- >- if (UserProfileInfo == NULL) { >- return FALSE; >- } >- >- // >- // Check user profile information length. >- // >- ChkLen = 0; >- while (ChkLen < UserProfileSize) { >- Info = (EFI_USER_INFO *) (UserProfileInfo + ChkLen); >- // >- // Check user information format. >- // >- if (!CheckUserInfo (Info)) { >- return FALSE; >- } >- >- ChkLen += ALIGN_VARIABLE (Info->InfoSize); >- } >- >- if (ChkLen != UserProfileSize) { >- return FALSE; >- } >- >- return TRUE; >-} >- >- >-/** >- Find the specified RightType in current user profile. >- >- @param[in] RightType Could be EFI_USER_INFO_ACCESS_MANAGE, >- EFI_USER_INFO_ACCESS_ENROLL_OTHERS or >- EFI_USER_INFO_ACCESS_ENROLL_SELF. >- >- @retval TRUE Find the specified RightType in current user profile. >- @retval FALSE Can't find the right in the profile. >- >-**/ >-BOOLEAN >-CheckCurrentUserAccessRight ( >- IN UINT32 RightType >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO *Info; >- UINTN TotalLen; >- UINTN CheckLen; >- EFI_USER_INFO_ACCESS_CONTROL Access; >- >- // >- // Get user access right information. >- // >- Info = NULL; >- Status = FindUserInfoByType ( >- (USER_PROFILE_ENTRY *) mCurrentUser, >- &Info, >- EFI_USER_INFO_ACCESS_POLICY_RECORD >- ); >- if (EFI_ERROR (Status)) { >- return FALSE; >- } >- >- ASSERT (Info != NULL); >- TotalLen = Info->InfoSize - sizeof (EFI_USER_INFO); >- CheckLen = 0; >- while (CheckLen < TotalLen) { >- // >- // Check right according to access type. >- // >- CopyMem (&Access, (UINT8 *) (Info + 1) + CheckLen, sizeof (Access)); >- if (Access.Type == RightType) { >- return TRUE;; >- } >- >- CheckLen += Access.Size; >- } >- >- return FALSE; >-} >- >- >-/** >- Create a unique user identifier. >- >- @param[out] Identifier This points to the identifier. >- >-**/ >-VOID >-GenerateIdentifier ( >- OUT UINT8 *Identifier >- ) >-{ >- EFI_TIME Time; >- UINT64 MonotonicCount; >- UINT32 *MonotonicPointer; >- UINTN Index; >- >- // >- // Create a unique user identifier. >- // >- gRT->GetTime (&Time, NULL); >- CopyMem (Identifier, &Time, sizeof (EFI_TIME)); >- // >- // Remove zeros. >- // >- for (Index = 0; Index < sizeof (EFI_TIME); Index++) { >- if (Identifier[Index] == 0) { >- Identifier[Index] = 0x5a; >- } >- } >- >- MonotonicPointer = (UINT32 *) Identifier; >- gBS->GetNextMonotonicCount (&MonotonicCount); >- MonotonicPointer[0] += (UINT32) MonotonicCount; >- MonotonicPointer[1] += (UINT32) MonotonicCount; >- MonotonicPointer[2] += (UINT32) MonotonicCount; >- MonotonicPointer[3] += (UINT32) MonotonicCount; >-} >- >- >-/** >- Generate unique user ID. >- >- @param[out] UserId Points to the user identifer. >- >-**/ >-VOID >-GenerateUserId ( >- OUT UINT8 *UserId >- ) >-{ >- EFI_STATUS Status; >- USER_PROFILE_ENTRY *UserProfile; >- EFI_USER_INFO *UserInfo; >- UINTN Index; >- >- // >- // Generate unique user ID >- // >- while (TRUE) { >- GenerateIdentifier (UserId); >- // >- // Check whether it's unique in user profile database. >- // >- if (mUserProfileDb == NULL) { >- return ; >- } >- >- for (Index = 0; Index < mUserProfileDb->UserProfileNum; Index++) { >- UserProfile = (USER_PROFILE_ENTRY *) (mUserProfileDb- >>UserProfile[Index]); >- UserInfo = NULL; >- Status = FindUserInfoByType (UserProfile, &UserInfo, >EFI_USER_INFO_IDENTIFIER_RECORD); >- if (EFI_ERROR (Status)) { >- continue; >- } >- >- if (CompareMem ((UINT8 *) (UserInfo + 1), UserId, sizeof >(EFI_USER_INFO_IDENTIFIER)) == 0) { >- break; >- } >- } >- >- if (Index == mUserProfileDb->UserProfileNum) { >- return ; >- } >- } >-} >- >- >-/** >- Expand user profile database. >- >- @retval TRUE Success to expand user profile database. >- @retval FALSE Fail to expand user profile database. >- >-**/ >-BOOLEAN >-ExpandUsermUserProfileDb ( >- VOID >- ) >-{ >- UINTN MaxNum; >- USER_PROFILE_DB *NewDataBase; >- >- // >- // Create new user profile database. >- // >- if (mUserProfileDb == NULL) { >- MaxNum = USER_NUMBER_INC; >- } else { >- MaxNum = mUserProfileDb->MaxProfileNum + USER_NUMBER_INC; >- } >- >- NewDataBase = AllocateZeroPool ( >- sizeof (USER_PROFILE_DB) - sizeof (EFI_USER_PROFILE_HANDLE) + >- MaxNum * sizeof (EFI_USER_PROFILE_HANDLE) >- ); >- if (NewDataBase == NULL) { >- return FALSE; >- } >- >- NewDataBase->MaxProfileNum = MaxNum; >- >- // >- // Copy old user profile database value >- // >- if (mUserProfileDb == NULL) { >- NewDataBase->UserProfileNum = 0; >- } else { >- NewDataBase->UserProfileNum = mUserProfileDb->UserProfileNum; >- CopyMem ( >- NewDataBase->UserProfile, >- mUserProfileDb->UserProfile, >- NewDataBase->UserProfileNum * sizeof (EFI_USER_PROFILE_HANDLE) >- ); >- FreePool (mUserProfileDb); >- } >- >- mUserProfileDb = NewDataBase; >- return TRUE; >-} >- >- >-/** >- Expand user profile >- >- @param[in] User Points to user profile. >- @param[in] ExpandSize The size of user profile. >- >- @retval TRUE Success to expand user profile size. >- @retval FALSE Fail to expand user profile size. >- >-**/ >-BOOLEAN >-ExpandUserProfile ( >- IN USER_PROFILE_ENTRY *User, >- IN UINTN ExpandSize >- ) >-{ >- UINT8 *Info; >- UINTN InfoSizeInc; >- >- // >- // Allocate new memory. >- // >- InfoSizeInc = 128; >- User->MaxProfileSize += ((ExpandSize + InfoSizeInc - 1) / InfoSizeInc) * >InfoSizeInc; >- Info = AllocateZeroPool (User->MaxProfileSize); >- if (Info == NULL) { >- return FALSE; >- } >- >- // >- // Copy exist information. >- // >- if (User->UserProfileSize > 0) { >- CopyMem (Info, User->ProfileInfo, User->UserProfileSize); >- FreePool (User->ProfileInfo); >- } >- >- User->ProfileInfo = Info; >- return TRUE; >-} >- >- >-/** >- Save the user profile to non-volatile memory, or delete it from non-volatile >memory. >- >- @param[in] User Point to the user profile >- @param[in] Delete If TRUE, delete the found user profile. >- If FALSE, save the user profile. >- @retval EFI_SUCCESS Save or delete user profile successfully. >- @retval Others Fail to change the profile. >- >-**/ >-EFI_STATUS >-SaveNvUserProfile ( >- IN USER_PROFILE_ENTRY *User, >- IN BOOLEAN Delete >- ) >-{ >- EFI_STATUS Status; >- >- // >- // Check user profile entry. >- // >- Status = FindUserProfile (&User, FALSE, NULL); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- // >- // Save the user profile to non-volatile memory. >- // >- Status = gRT->SetVariable ( >- User->UserVarName, >- &gUserIdentifyManagerGuid, >- EFI_VARIABLE_NON_VOLATILE | >EFI_VARIABLE_BOOTSERVICE_ACCESS, >- Delete ? 0 : User->UserProfileSize, >- User->ProfileInfo >- ); >- return Status; >-} >- >-/** >- Add one new user info into the user's profile. >- >- @param[in] User point to the user profile >- @param[in] Info Points to the user information payload. >- @param[in] InfoSize The size of the user information payload, in bytes. >- @param[out] UserInfo Point to the new info in user profile >- @param[in] Save If TRUE, save the profile to NV flash. >- If FALSE, don't need to save the profile to NV flash. >- >- @retval EFI_SUCCESS Add user info to user profile successfully. >- @retval Others Fail to add user info to user profile. >- >-**/ >-EFI_STATUS >-AddUserInfo ( >- IN USER_PROFILE_ENTRY *User, >- IN UINT8 *Info, >- IN UINTN InfoSize, >- OUT EFI_USER_INFO **UserInfo, OPTIONAL >- IN BOOLEAN Save >- ) >-{ >- EFI_STATUS Status; >- >- if ((Info == NULL) || (User == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Check user profile handle. >- // >- Status = FindUserProfile (&User, FALSE, NULL); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- // >- // Check user information memory size. >- // >- if (User->MaxProfileSize - User->UserProfileSize < ALIGN_VARIABLE >(InfoSize)) { >- if (!ExpandUserProfile (User, ALIGN_VARIABLE (InfoSize))) { >- return EFI_OUT_OF_RESOURCES; >- } >- } >- >- // >- // Add new user information. >- // >- CopyMem (User->ProfileInfo + User->UserProfileSize, Info, InfoSize); >- if (UserInfo != NULL) { >- *UserInfo = (EFI_USER_INFO *) (User->ProfileInfo + User- >>UserProfileSize); >- } >- User->UserProfileSize += ALIGN_VARIABLE (InfoSize); >- >- // >- // Save user profile information. >- // >- if (Save) { >- Status = SaveNvUserProfile (User, FALSE); >- } >- >- return Status; >-} >- >- >-/** >- Get the user info from the specified user info handle. >- >- @param[in] User Point to the user profile. >- @param[in] UserInfo Point to the user information record to get. >- @param[out] Info On entry, points to a buffer of at least *InfoSize >bytes. >- On exit, holds the user information. >- @param[in, out] InfoSize On entry, points to the size of Info. >- On return, points to the size of the user information. >- @param[in] ChkRight If TRUE, check the user info attribute. >- If FALSE, don't check the user info attribute. >- >- >- @retval EFI_ACCESS_DENIED The information cannot be accessed by the >current user. >- @retval EFI_INVALID_PARAMETER InfoSize is NULL or UserInfo is NULL. >- @retval EFI_BUFFER_TOO_SMALL The number of bytes specified by >*InfoSize is too small to hold the >- returned data. The actual size required is returned in >*InfoSize. >- @retval EFI_SUCCESS Information returned successfully. >- >-**/ >-EFI_STATUS >-GetUserInfo ( >- IN USER_PROFILE_ENTRY *User, >- IN EFI_USER_INFO *UserInfo, >- OUT EFI_USER_INFO *Info, >- IN OUT UINTN *InfoSize, >- IN BOOLEAN ChkRight >- ) >-{ >- EFI_STATUS Status; >- >- if ((InfoSize == NULL) || (UserInfo == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- if ((*InfoSize != 0) && (Info == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Find the user information to get. >- // >- Status = FindUserInfo (User, &UserInfo, FALSE, NULL); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- // >- // Check information attributes. >- // >- if (ChkRight) { >- switch (UserInfo->InfoAttribs & EFI_USER_INFO_ACCESS) { >- case EFI_USER_INFO_PRIVATE: >- case EFI_USER_INFO_PROTECTED: >- if (User != mCurrentUser) { >- return EFI_ACCESS_DENIED; >- } >- break; >- >- case EFI_USER_INFO_PUBLIC: >- break; >- >- default: >- return EFI_INVALID_PARAMETER; >- break; >- } >- } >- >- // >- // Get user information. >- // >- if (UserInfo->InfoSize > *InfoSize) { >- *InfoSize = UserInfo->InfoSize; >- return EFI_BUFFER_TOO_SMALL; >- } >- >- *InfoSize = UserInfo->InfoSize; >- if (Info != NULL) { >- CopyMem (Info, UserInfo, *InfoSize); >- } >- >- return EFI_SUCCESS; >-} >- >- >-/** >- Delete the specified user information from user profile. >- >- @param[in] User Point to the user profile. >- @param[in] Info Point to the user information record to delete. >- @param[in] Save If TRUE, save the profile to NV flash. >- If FALSE, don't need to save the profile to NV flash. >- >- @retval EFI_SUCCESS Delete user info from user profile successfully. >- @retval Others Fail to delete user info from user profile. >- >-**/ >-EFI_STATUS >-DelUserInfo ( >- IN USER_PROFILE_ENTRY *User, >- IN EFI_USER_INFO *Info, >- IN BOOLEAN Save >- ) >-{ >- EFI_STATUS Status; >- UINTN Offset; >- UINTN NextOffset; >- >- // >- // Check user information handle. >- // >- Status = FindUserInfo (User, &Info, FALSE, &Offset); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- if (Info->InfoType == EFI_USER_INFO_IDENTIFIER_RECORD) { >- return EFI_ACCESS_DENIED; >- } >- >- // >- // Delete the specified user information. >- // >- NextOffset = Offset + ALIGN_VARIABLE (Info->InfoSize); >- User->UserProfileSize -= ALIGN_VARIABLE (Info->InfoSize); >- if (Offset < User->UserProfileSize) { >- CopyMem (User->ProfileInfo + Offset, User->ProfileInfo + NextOffset, >User->UserProfileSize - Offset); >- } >- >- if (Save) { >- Status = SaveNvUserProfile (User, FALSE); >- } >- >- return Status; >-} >- >- >-/** >- Add or update user information. >- >- @param[in] User Point to the user profile. >- @param[in, out] UserInfo On entry, points to the user information to >modify, >- or NULL to add a new UserInfo. >- On return, points to the modified user information. >- @param[in] Info Points to the new user information. >- @param[in] InfoSize The size of Info,in bytes. >- >- @retval EFI_INVALID_PARAMETER UserInfo is NULL or Info is NULL. >- @retval EFI_ACCESS_DENIED The record is exclusive. >- @retval EFI_SUCCESS User information was successfully >changed/added. >- >-**/ >-EFI_STATUS >-ModifyUserInfo ( >- IN USER_PROFILE_ENTRY *User, >- IN OUT EFI_USER_INFO **UserInfo, >- IN CONST EFI_USER_INFO *Info, >- IN UINTN InfoSize >- ) >-{ >- EFI_STATUS Status; >- UINTN PayloadLen; >- EFI_USER_INFO *OldInfo; >- >- if ((UserInfo == NULL) || (Info == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- if (InfoSize < sizeof (EFI_USER_INFO) || InfoSize != Info->InfoSize) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Check user information. >- // >- if (Info->InfoType == EFI_USER_INFO_IDENTIFIER_RECORD) { >- return EFI_ACCESS_DENIED; >- } >- >- if (!CheckUserInfo (Info)) { >- return EFI_INVALID_PARAMETER; >- } >- >- >- if (*UserInfo == NULL) { >- // >- // Add new user information. >- // >- OldInfo = NULL; >- do { >- Status = FindUserInfoByType (User, &OldInfo, Info->InfoType); >- if (EFI_ERROR (Status)) { >- break; >- } >- ASSERT (OldInfo != NULL); >- >- if (((OldInfo->InfoAttribs & EFI_USER_INFO_EXCLUSIVE) != 0) || >- ((Info->InfoAttribs & EFI_USER_INFO_EXCLUSIVE) != 0)) { >- // >- // Same type can not co-exist for exclusive information. >- // >- return EFI_ACCESS_DENIED; >- } >- >- // >- // Check whether it exists in DB. >- // >- if (Info->InfoSize != OldInfo->InfoSize) { >- continue; >- } >- >- if (!CompareGuid (&OldInfo->Credential, &Info->Credential)) { >- continue; >- } >- >- PayloadLen = Info->InfoSize - sizeof (EFI_USER_INFO); >- if (PayloadLen == 0) { >- continue; >- } >- >- if (CompareMem ((UINT8 *)(OldInfo + 1), (UINT8 *)(Info + 1), >PayloadLen) != 0) { >- continue; >- } >- >- // >- // Yes. The new info is as same as the one in profile. >- // >- return EFI_SUCCESS; >- } while (!EFI_ERROR (Status)); >- >- Status = AddUserInfo (User, (UINT8 *) Info, InfoSize, UserInfo, TRUE); >- return Status; >- } >- >- // >- // Modify existing user information. >- // >- OldInfo = *UserInfo; >- if (OldInfo->InfoType != Info->InfoType) { >- return EFI_INVALID_PARAMETER; >- } >- >- if (((Info->InfoAttribs & EFI_USER_INFO_EXCLUSIVE) != 0) && >- (OldInfo->InfoAttribs & EFI_USER_INFO_EXCLUSIVE) == 0) { >- // >- // Try to add exclusive attrib in new info. >- // Check whether there is another information with the same type in >profile. >- // >- OldInfo = NULL; >- do { >- Status = FindUserInfoByType (User, &OldInfo, Info->InfoType); >- if (EFI_ERROR (Status)) { >- break; >- } >- if (OldInfo != *UserInfo) { >- // >- // There is another information with the same type in profile. >- // Therefore, can't modify existing user information to add exclusive >attribute. >- // >- return EFI_ACCESS_DENIED; >- } >- } while (TRUE); >- } >- >- Status = DelUserInfo (User, *UserInfo, FALSE); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- return AddUserInfo (User, (UINT8 *) Info, InfoSize, UserInfo, TRUE); >-} >- >- >-/** >- Delete the user profile from non-volatile memory and database. >- >- @param[in] User Points to the user profile. >- >- @retval EFI_SUCCESS Delete user from the user profile successfully. >- @retval Others Fail to delete user from user profile >- >-**/ >-EFI_STATUS >-DelUserProfile ( >- IN USER_PROFILE_ENTRY *User >- ) >-{ >- EFI_STATUS Status; >- UINTN Index; >- >- // >- // Check whether it is in the user profile database. >- // >- Status = FindUserProfile (&User, FALSE, &Index); >- if (EFI_ERROR (Status)) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Check whether it is the current user. >- // >- if (User == mCurrentUser) { >- return EFI_ACCESS_DENIED; >- } >- >- // >- // Delete user profile from the non-volatile memory. >- // >- Status = SaveNvUserProfile (mUserProfileDb- >>UserProfile[mUserProfileDb->UserProfileNum - 1], TRUE); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- mUserProfileDb->UserProfileNum--; >- >- // >- // Modify user profile database. >- // >- if (Index != mUserProfileDb->UserProfileNum) { >- mUserProfileDb->UserProfile[Index] = mUserProfileDb- >>UserProfile[mUserProfileDb->UserProfileNum]; >- CopyMem ( >- ((USER_PROFILE_ENTRY *) mUserProfileDb->UserProfile[Index])- >>UserVarName, >- User->UserVarName, >- sizeof (User->UserVarName) >- ); >- Status = SaveNvUserProfile (mUserProfileDb->UserProfile[Index], FALSE); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- } >- // >- // Delete user profile information. >- // >- if (User->ProfileInfo != NULL) { >- FreePool (User->ProfileInfo); >- } >- >- FreePool (User); >- return EFI_SUCCESS; >-} >- >- >-/** >- Add user profile to user profile database. >- >- @param[out] UserProfile Point to the newly added user profile. >- @param[in] ProfileSize The size of the user profile. >- @param[in] ProfileInfo Point to the user profie data. >- @param[in] Save If TRUE, save the new added profile to NV flash. >- If FALSE, don't save the profile to NV flash. >- >- @retval EFI_SUCCESS Add user profile to user profile database >successfully. >- @retval Others Fail to add user profile to user profile database. >- >-**/ >-EFI_STATUS >-AddUserProfile ( >- OUT USER_PROFILE_ENTRY **UserProfile, OPTIONAL >- IN UINTN ProfileSize, >- IN UINT8 *ProfileInfo, >- IN BOOLEAN Save >- ) >-{ >- EFI_STATUS Status; >- USER_PROFILE_ENTRY *User; >- >- // >- // Check the data format to be added. >- // >- if (!CheckProfileInfo (ProfileInfo, ProfileSize)) { >- return EFI_SECURITY_VIOLATION; >- } >- >- // >- // Create user profile entry. >- // >- User = AllocateZeroPool (sizeof (USER_PROFILE_ENTRY)); >- if (User == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- // >- // Add the entry to the user profile database. >- // >- if (mUserProfileDb->UserProfileNum == mUserProfileDb->MaxProfileNum) >{ >- if (!ExpandUsermUserProfileDb ()) { >- FreePool (User); >- return EFI_OUT_OF_RESOURCES; >- } >- } >- >- UnicodeSPrint ( >- User->UserVarName, >- sizeof (User->UserVarName), >- L"User%04x", >- mUserProfileDb->UserProfileNum >- ); >- User->UserProfileSize = 0; >- User->MaxProfileSize = 0; >- User->ProfileInfo = NULL; >- mUserProfileDb->UserProfile[mUserProfileDb->UserProfileNum] = >(EFI_USER_PROFILE_HANDLE) User; >- mUserProfileDb->UserProfileNum++; >- >- // >- // Add user profile information. >- // >- Status = AddUserInfo (User, ProfileInfo, ProfileSize, NULL, Save); >- if (EFI_ERROR (Status)) { >- DelUserProfile (User); >- return Status; >- } >- // >- // Set new user profile handle. >- // >- if (UserProfile != NULL) { >- *UserProfile = User; >- } >- >- return EFI_SUCCESS; >-} >- >- >-/** >- This function creates a new user profile with only a new user identifier >- attached and returns its handle. The user profile is non-volatile, but the >- handle User can change across reboots. >- >- @param[out] User Handle of a new user profile. >- >- @retval EFI_SUCCESS User profile was successfully created. >- @retval Others Fail to create user profile >- >-**/ >-EFI_STATUS >-CreateUserProfile ( >- OUT USER_PROFILE_ENTRY **User >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO *UserInfo; >- >- if (User == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- // >- // Generate user id information. >- // >- UserInfo = AllocateZeroPool (sizeof (EFI_USER_INFO) + sizeof >(EFI_USER_INFO_IDENTIFIER)); >- if (UserInfo == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- >- UserInfo->InfoType = EFI_USER_INFO_IDENTIFIER_RECORD; >- UserInfo->InfoSize = sizeof (EFI_USER_INFO) + sizeof >(EFI_USER_INFO_IDENTIFIER); >- UserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; >- GenerateUserId ((UINT8 *) (UserInfo + 1)); >- >- // >- // Add user profile to the user profile database. >- // >- Status = AddUserProfile (User, UserInfo->InfoSize, (UINT8 *) UserInfo, >TRUE); >- FreePool (UserInfo); >- return Status; >-} >- >- >-/** >- Add a default user profile to user profile database. >- >- @retval EFI_SUCCESS A default user profile is added successfully. >- @retval Others Fail to add a default user profile >- >-**/ >-EFI_STATUS >-AddDefaultUserProfile ( >- VOID >- ) >-{ >- EFI_STATUS Status; >- USER_PROFILE_ENTRY *User; >- EFI_USER_INFO *Info; >- EFI_USER_INFO *NewInfo; >- EFI_USER_INFO_CREATE_DATE CreateDate; >- EFI_USER_INFO_USAGE_COUNT UsageCount; >- EFI_USER_INFO_ACCESS_CONTROL *Access; >- EFI_USER_INFO_IDENTITY_POLICY *Policy; >- >- // >- // Create a user profile. >- // >- Status = CreateUserProfile (&User); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- // >- // Allocate a buffer to add all default user information. >- // >- Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + INFO_PAYLOAD_SIZE); >- if (Info == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- >- // >- // Add user name. >- // >- Info->InfoType = EFI_USER_INFO_NAME_RECORD; >- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; >- Info->InfoSize = sizeof (EFI_USER_INFO) + sizeof (mUserName); >- CopyMem ((UINT8 *) (Info + 1), mUserName, sizeof (mUserName)); >- NewInfo = NULL; >- Status = ModifyUserInfo (User, &NewInfo, Info, Info->InfoSize); >- if (EFI_ERROR (Status)) { >- goto Done; >- } >- >- // >- // Add user profile create date record. >- // >- Info->InfoType = EFI_USER_INFO_CREATE_DATE_RECORD; >- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; >- Info->InfoSize = sizeof (EFI_USER_INFO) + sizeof >(EFI_USER_INFO_CREATE_DATE); >- Status = gRT->GetTime (&CreateDate, NULL); >- if (EFI_ERROR (Status)) { >- goto Done; >- } >- >- CopyMem ((UINT8 *) (Info + 1), &CreateDate, sizeof >(EFI_USER_INFO_CREATE_DATE)); >- NewInfo = NULL; >- Status = ModifyUserInfo (User, &NewInfo, Info, Info->InfoSize); >- if (EFI_ERROR (Status)) { >- goto Done; >- } >- >- // >- // Add user profile usage count record. >- // >- Info->InfoType = EFI_USER_INFO_USAGE_COUNT_RECORD; >- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; >- Info->InfoSize = sizeof (EFI_USER_INFO) + sizeof >(EFI_USER_INFO_USAGE_COUNT); >- UsageCount = 0; >- CopyMem ((UINT8 *) (Info + 1), &UsageCount, sizeof >(EFI_USER_INFO_USAGE_COUNT)); >- NewInfo = NULL; >- Status = ModifyUserInfo (User, &NewInfo, Info, Info->InfoSize); >- if (EFI_ERROR (Status)) { >- goto Done; >- } >- >- // >- // Add user access right. >- // >- Info->InfoType = EFI_USER_INFO_ACCESS_POLICY_RECORD; >- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; >- Access = (EFI_USER_INFO_ACCESS_CONTROL *) (Info + 1); >- Access->Type = EFI_USER_INFO_ACCESS_MANAGE; >- Access->Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL); >- Info->InfoSize = sizeof (EFI_USER_INFO) + Access->Size; >- NewInfo = NULL; >- Status = ModifyUserInfo (User, &NewInfo, Info, Info->InfoSize); >- if (EFI_ERROR (Status)) { >- goto Done; >- } >- >- // >- // Add user identity policy. >- // >- Info->InfoType = EFI_USER_INFO_IDENTITY_POLICY_RECORD; >- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >EFI_USER_INFO_PRIVATE | EFI_USER_INFO_EXCLUSIVE; >- Policy = (EFI_USER_INFO_IDENTITY_POLICY *) (Info + 1); >- Policy->Type = EFI_USER_INFO_IDENTITY_TRUE; >- Policy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY); >- Info->InfoSize = sizeof (EFI_USER_INFO) + Policy->Length; >- NewInfo = NULL; >- Status = ModifyUserInfo (User, &NewInfo, Info, Info->InfoSize); >- >-Done: >- FreePool (Info); >- return Status; >-} >- >- >-/** >- Publish current user information into EFI System Configuration Table. >- >- By UEFI spec, the User Identity Manager will publish the current user profile >- into the EFI System Configuration Table. Currently, only the user identifier >and user >- name are published. >- >- @retval EFI_SUCCESS Current user information is published successfully. >- @retval Others Fail to publish current user information >- >-**/ >-EFI_STATUS >-PublishUserTable ( >- VOID >- ) >-{ >- EFI_STATUS Status; >- EFI_CONFIGURATION_TABLE *EfiConfigurationTable; >- EFI_USER_INFO_TABLE *UserInfoTable; >- EFI_USER_INFO *IdInfo; >- EFI_USER_INFO *NameInfo; >- >- Status = EfiGetSystemConfigurationTable ( >- &gEfiUserManagerProtocolGuid, >- (VOID **) &EfiConfigurationTable >- ); >- if (!EFI_ERROR (Status)) { >- // >- // The table existed! >- // >- return EFI_SUCCESS; >- } >- >- // >- // Get user ID information. >- // >- IdInfo = NULL; >- Status = FindUserInfoByType (mCurrentUser, &IdInfo, >EFI_USER_INFO_IDENTIFIER_RECORD); >- if (EFI_ERROR (Status)) { >- return Status; >- >- } >- // >- // Get user name information. >- // >- NameInfo = NULL; >- Status = FindUserInfoByType (mCurrentUser, &NameInfo, >EFI_USER_INFO_NAME_RECORD); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- // >- // Allocate a buffer for user information table. >- // >- UserInfoTable = (EFI_USER_INFO_TABLE *) AllocateRuntimePool ( >- sizeof (EFI_USER_INFO_TABLE) + >- IdInfo->InfoSize + >- NameInfo->InfoSize >- ); >- if (UserInfoTable == NULL) { >- Status = EFI_OUT_OF_RESOURCES; >- return Status; >- } >- >- UserInfoTable->Size = sizeof (EFI_USER_INFO_TABLE); >- >- // >- // Append the user information to the user info table >- // >- CopyMem ((UINT8 *) UserInfoTable + UserInfoTable->Size, (UINT8 *) IdInfo, >IdInfo->InfoSize); >- UserInfoTable->Size += IdInfo->InfoSize; >- >- CopyMem ((UINT8 *) UserInfoTable + UserInfoTable->Size, (UINT8 *) >NameInfo, NameInfo->InfoSize); >- UserInfoTable->Size += NameInfo->InfoSize; >- >- Status = gBS->InstallConfigurationTable (&gEfiUserManagerProtocolGuid, >(VOID *) UserInfoTable); >- return Status; >-} >- >- >-/** >- Get the user's identity type. >- >- The identify manager only supports the identity policy in which the >credential >- provider handles are connected by the operator 'AND' or 'OR'. >- >- >- @param[in] User Handle of a user profile. >- @param[out] PolicyType Point to the identity type. >- >- @retval EFI_SUCCESS Get user's identity type successfully. >- @retval Others Fail to get user's identity type. >- >-**/ >-EFI_STATUS >-GetIdentifyType ( >- IN EFI_USER_PROFILE_HANDLE User, >- OUT UINT8 *PolicyType >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO *IdentifyInfo; >- UINTN TotalLen; >- EFI_USER_INFO_IDENTITY_POLICY *Identity; >- >- // >- // Get user identify policy information. >- // >- IdentifyInfo = NULL; >- Status = FindUserInfoByType (User, &IdentifyInfo, >EFI_USER_INFO_IDENTITY_POLICY_RECORD); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- ASSERT (IdentifyInfo != NULL); >- >- // >- // Search the user identify policy according to type. >- // >- TotalLen = 0; >- *PolicyType = EFI_USER_INFO_IDENTITY_FALSE; >- while (TotalLen < IdentifyInfo->InfoSize - sizeof (EFI_USER_INFO)) { >- Identity = (EFI_USER_INFO_IDENTITY_POLICY *) ((UINT8 *) (IdentifyInfo + >1) + TotalLen); >- if (Identity->Type == EFI_USER_INFO_IDENTITY_AND) { >- *PolicyType = EFI_USER_INFO_IDENTITY_AND; >- break; >- } >- >- if (Identity->Type == EFI_USER_INFO_IDENTITY_OR) { >- *PolicyType = EFI_USER_INFO_IDENTITY_OR; >- break; >- } >- TotalLen += Identity->Length; >- } >- return EFI_SUCCESS; >-} >- >- >-/** >- Identify the User by the specfied provider. >- >- @param[in] User Handle of a user profile. >- @param[in] Provider Points to the identifier of credential provider. >- >- @retval EFI_INVALID_PARAMETER Provider is NULL. >- @retval EFI_NOT_FOUND Fail to identify the specified user. >- @retval EFI_SUCCESS User is identified successfully. >- >-**/ >-EFI_STATUS >-IdentifyByProviderId ( >- IN EFI_USER_PROFILE_HANDLE User, >- IN EFI_GUID *Provider >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO_IDENTIFIER UserId; >- UINTN Index; >- EFI_CREDENTIAL_LOGON_FLAGS AutoLogon; >- EFI_HII_HANDLE HiiHandle; >- EFI_GUID FormSetId; >- EFI_FORM_ID FormId; >- EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential; >- >- if (Provider == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Check the user ID identified by the specified credential provider. >- // >- for (Index = 0; Index < mProviderDb->Count; Index++) { >- // >- // Check credential provider class. >- // >- UserCredential = mProviderDb->Provider[Index]; >- if (CompareGuid (&UserCredential->Identifier, Provider)) { >- Status = UserCredential->Select (UserCredential, &AutoLogon); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- if ((AutoLogon & EFI_CREDENTIAL_LOGON_FLAG_AUTO) == 0) { >- // >- // Get credential provider form. >- // >- Status = UserCredential->Form ( >- UserCredential, >- &HiiHandle, >- &FormSetId, >- &FormId >- ); >- if (!EFI_ERROR (Status)) { >- // >- // Send form to get user input. >- // >- Status = mCallbackInfo->FormBrowser2->SendForm ( >- mCallbackInfo->FormBrowser2, >- &HiiHandle, >- 1, >- &FormSetId, >- FormId, >- NULL, >- NULL >- ); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- } >- } >- >- Status = UserCredential->User (UserCredential, User, &UserId); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- Status = UserCredential->Deselect (UserCredential); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- return EFI_SUCCESS; >- } >- } >- >- return EFI_NOT_FOUND; >-} >- >- >-/** >- Update user information when user is logon on successfully. >- >- @param[in] User Points to user profile. >- >- @retval EFI_SUCCESS Update user information successfully. >- @retval Others Fail to update user information. >- >-**/ >-EFI_STATUS >-UpdateUserInfo ( >- IN USER_PROFILE_ENTRY *User >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO *Info; >- EFI_USER_INFO *NewInfo; >- EFI_USER_INFO_CREATE_DATE Date; >- EFI_USER_INFO_USAGE_COUNT UsageCount; >- UINTN InfoLen; >- >- // >- // Allocate a buffer to update user's date record and usage record. >- // >- InfoLen = MAX (sizeof (EFI_USER_INFO_CREATE_DATE), sizeof >(EFI_USER_INFO_USAGE_COUNT)); >- Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + InfoLen); >- if (Info == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- >- // >- // Check create date record. >- // >- NewInfo = NULL; >- Status = FindUserInfoByType (User, &NewInfo, >EFI_USER_INFO_CREATE_DATE_RECORD); >- if (Status == EFI_NOT_FOUND) { >- Info->InfoType = EFI_USER_INFO_CREATE_DATE_RECORD; >- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; >- Info->InfoSize = sizeof (EFI_USER_INFO) + sizeof >(EFI_USER_INFO_CREATE_DATE); >- Status = gRT->GetTime (&Date, NULL); >- if (EFI_ERROR (Status)) { >- FreePool (Info); >- return Status; >- } >- >- CopyMem ((UINT8 *) (Info + 1), &Date, sizeof >(EFI_USER_INFO_CREATE_DATE)); >- NewInfo = NULL; >- Status = ModifyUserInfo (User, &NewInfo, Info, Info->InfoSize); >- if (EFI_ERROR (Status)) { >- FreePool (Info); >- return Status; >- } >- } >- >- // >- // Update usage date record. >- // >- NewInfo = NULL; >- Status = FindUserInfoByType (User, &NewInfo, >EFI_USER_INFO_USAGE_DATE_RECORD); >- if ((Status == EFI_SUCCESS) || (Status == EFI_NOT_FOUND)) { >- Info->InfoType = EFI_USER_INFO_USAGE_DATE_RECORD; >- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; >- Info->InfoSize = sizeof (EFI_USER_INFO) + sizeof >(EFI_USER_INFO_USAGE_DATE); >- Status = gRT->GetTime (&Date, NULL); >- if (EFI_ERROR (Status)) { >- FreePool (Info); >- return Status; >- } >- >- CopyMem ((UINT8 *) (Info + 1), &Date, sizeof >(EFI_USER_INFO_USAGE_DATE)); >- Status = ModifyUserInfo (User, &NewInfo, Info, Info->InfoSize); >- if (EFI_ERROR (Status)) { >- FreePool (Info); >- return Status; >- } >- } >- >- // >- // Update usage count record. >- // >- UsageCount = 0; >- NewInfo = NULL; >- Status = FindUserInfoByType (User, &NewInfo, >EFI_USER_INFO_USAGE_COUNT_RECORD); >- // >- // Get usage count. >- // >- if (Status == EFI_SUCCESS) { >- CopyMem (&UsageCount, (UINT8 *) (NewInfo + 1), sizeof >(EFI_USER_INFO_USAGE_COUNT)); >- } >- >- UsageCount++; >- if ((Status == EFI_SUCCESS) || (Status == EFI_NOT_FOUND)) { >- Info->InfoType = EFI_USER_INFO_USAGE_COUNT_RECORD; >- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; >- Info->InfoSize = sizeof (EFI_USER_INFO) + sizeof >(EFI_USER_INFO_USAGE_COUNT); >- CopyMem ((UINT8 *) (Info + 1), &UsageCount, sizeof >(EFI_USER_INFO_USAGE_COUNT)); >- Status = ModifyUserInfo (User, &NewInfo, Info, Info->InfoSize); >- if (EFI_ERROR (Status)) { >- FreePool (Info); >- return Status; >- } >- } >- >- FreePool (Info); >- return EFI_SUCCESS; >-} >- >- >-/** >- Add a credenetial provider item in form. >- >- @param[in] ProviderGuid Points to the identifir of credential provider. >- @param[in] OpCodeHandle Points to container for dynamic created >opcodes. >- >-**/ >-VOID >-AddProviderSelection ( >- IN EFI_GUID *ProviderGuid, >- IN VOID *OpCodeHandle >- ) >-{ >- EFI_HII_HANDLE HiiHandle; >- EFI_STRING_ID ProvID; >- CHAR16 *ProvStr; >- UINTN Index; >- EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential; >- >- for (Index = 0; Index < mProviderDb->Count; Index++) { >- UserCredential = mProviderDb->Provider[Index]; >- if (CompareGuid (&UserCredential->Identifier, ProviderGuid)) { >- // >- // Add credential provider selection. >- // >- UserCredential->Title (UserCredential, &HiiHandle, &ProvID); >- ProvStr = HiiGetString (HiiHandle, ProvID, NULL); >- if (ProvStr == NULL) { >- continue ; >- } >- ProvID = HiiSetString (mCallbackInfo->HiiHandle, 0, ProvStr, NULL); >- FreePool (ProvStr); >- HiiCreateActionOpCode ( >- OpCodeHandle, // Container for dynamic created opcodes >- (EFI_QUESTION_ID)(LABEL_PROVIDER_NAME + Index), // Question ID >- ProvID, // Prompt text >- STRING_TOKEN (STR_NULL_STRING), // Help text >- EFI_IFR_FLAG_CALLBACK, // Question flag >- 0 // Action String ID >- ); >- break; >- } >- } >-} >- >- >-/** >- Add a username item in form. >- >- @param[in] Index The index of the user in the user name list. >- @param[in] User Points to the user profile whose username is added. >- @param[in] OpCodeHandle Points to container for dynamic created >opcodes. >- >- @retval EFI_SUCCESS Add a username successfully. >- @retval Others Fail to add a username. >- >-**/ >-EFI_STATUS >-AddUserSelection ( >- IN UINT16 Index, >- IN USER_PROFILE_ENTRY *User, >- IN VOID *OpCodeHandle >- ) >-{ >- EFI_STRING_ID UserName; >- EFI_STATUS Status; >- EFI_USER_INFO *UserInfo; >- >- UserInfo = NULL; >- Status = FindUserInfoByType (User, &UserInfo, >EFI_USER_INFO_NAME_RECORD); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- // >- // Add user name selection. >- // >- UserName = HiiSetString (mCallbackInfo->HiiHandle, 0, (EFI_STRING) >(UserInfo + 1), NULL); >- if (UserName == 0) { >- return EFI_OUT_OF_RESOURCES; >- } >- >- HiiCreateGotoOpCode ( >- OpCodeHandle, // Container for dynamic created opcodes >- FORMID_PROVIDER_FORM, // Target Form ID >- UserName, // Prompt text >- STRING_TOKEN (STR_NULL_STRING), // Help text >- EFI_IFR_FLAG_CALLBACK, // Question flag >- (UINT16) Index // Question ID >- ); >- >- return EFI_SUCCESS; >-} >- >- >-/** >- Identify the user whose identity policy does not contain the operator 'OR'. >- >- @param[in] User Points to the user profile. >- >- @retval EFI_SUCCESS The specified user is identified successfully. >- @retval Others Fail to identify the user. >- >-**/ >-EFI_STATUS >-IdentifyAndTypeUser ( >- IN USER_PROFILE_ENTRY *User >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO *IdentifyInfo; >- BOOLEAN Success; >- UINTN TotalLen; >- UINTN ValueLen; >- EFI_USER_INFO_IDENTITY_POLICY *Identity; >- >- // >- // Get user identify policy information. >- // >- IdentifyInfo = NULL; >- Status = FindUserInfoByType (User, &IdentifyInfo, >EFI_USER_INFO_IDENTITY_POLICY_RECORD); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- ASSERT (IdentifyInfo != NULL); >- >- // >- // Check each part of identification policy expression. >- // >- Success = FALSE; >- TotalLen = 0; >- while (TotalLen < IdentifyInfo->InfoSize - sizeof (EFI_USER_INFO)) { >- Identity = (EFI_USER_INFO_IDENTITY_POLICY *) ((UINT8 *) (IdentifyInfo + >1) + TotalLen); >- ValueLen = Identity->Length - sizeof (EFI_USER_INFO_IDENTITY_POLICY); >- switch (Identity->Type) { >- >- case EFI_USER_INFO_IDENTITY_FALSE: >- // >- // Check False option. >- // >- Success = FALSE; >- break; >- >- case EFI_USER_INFO_IDENTITY_TRUE: >- // >- // Check True option. >- // >- Success = TRUE; >- break; >- >- case EFI_USER_INFO_IDENTITY_NOT: >- // >- // Check negative operation. >- // >- break; >- >- case EFI_USER_INFO_IDENTITY_AND: >- // >- // Check and operation. >- // >- if (!Success) { >- return EFI_NOT_READY; >- } >- >- Success = FALSE; >- break; >- >- case EFI_USER_INFO_IDENTITY_OR: >- // >- // Check or operation. >- // >- if (Success) { >- return EFI_SUCCESS; >- } >- break; >- >- case EFI_USER_INFO_IDENTITY_CREDENTIAL_TYPE: >- // >- // Check credential provider by type. >- // >- break; >- >- case EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER: >- // >- // Check credential provider by ID. >- // >- if (ValueLen != sizeof (EFI_GUID)) { >- return EFI_INVALID_PARAMETER; >- } >- >- Status = IdentifyByProviderId (User, (EFI_GUID *) (Identity + 1)); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- Success = TRUE; >- break; >- >- default: >- return EFI_INVALID_PARAMETER; >- break; >- } >- >- TotalLen += Identity->Length; >- } >- >- if (TotalLen != IdentifyInfo->InfoSize - sizeof (EFI_USER_INFO)) { >- return EFI_INVALID_PARAMETER; >- } >- >- if (!Success) { >- return EFI_NOT_READY; >- } >- >- return EFI_SUCCESS; >-} >- >- >-/** >- Identify the user whose identity policy does not contain the operator 'AND'. >- >- @param[in] User Points to the user profile. >- >- @retval EFI_SUCCESS The specified user is identified successfully. >- @retval Others Fail to identify the user. >- >-**/ >-EFI_STATUS >-IdentifyOrTypeUser ( >- IN USER_PROFILE_ENTRY *User >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO *IdentifyInfo; >- UINTN TotalLen; >- UINTN ValueLen; >- EFI_USER_INFO_IDENTITY_POLICY *Identity; >- VOID *StartOpCodeHandle; >- VOID *EndOpCodeHandle; >- EFI_IFR_GUID_LABEL *StartLabel; >- EFI_IFR_GUID_LABEL *EndLabel; >- >- // >- // Get user identify policy information. >- // >- IdentifyInfo = NULL; >- Status = FindUserInfoByType (User, &IdentifyInfo, >EFI_USER_INFO_IDENTITY_POLICY_RECORD); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- ASSERT (IdentifyInfo != NULL); >- >- // >- // Initialize the container for dynamic opcodes. >- // >- StartOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (StartOpCodeHandle != NULL); >- >- EndOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (EndOpCodeHandle != NULL); >- >- // >- // Create Hii Extend Label OpCode. >- // >- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- StartOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- StartLabel->Number = LABEL_PROVIDER_NAME; >- >- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- EndOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- EndLabel->Number = LABEL_END; >- >- // >- // Add the providers that exists in the user's policy. >- // >- TotalLen = 0; >- while (TotalLen < IdentifyInfo->InfoSize - sizeof (EFI_USER_INFO)) { >- Identity = (EFI_USER_INFO_IDENTITY_POLICY *) ((UINT8 *) (IdentifyInfo + >1) + TotalLen); >- ValueLen = Identity->Length - sizeof (EFI_USER_INFO_IDENTITY_POLICY); >- if (Identity->Type == EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER) { >- AddProviderSelection ((EFI_GUID *) (Identity + 1), StartOpCodeHandle); >- } >- >- TotalLen += Identity->Length; >- } >- >- HiiUpdateForm ( >- mCallbackInfo->HiiHandle, // HII handle >- &gUserIdentifyManagerGuid,// Formset GUID >- FORMID_PROVIDER_FORM, // Form ID >- StartOpCodeHandle, // Label for where to insert opcodes >- EndOpCodeHandle // Replace data >- ); >- >- HiiFreeOpCodeHandle (StartOpCodeHandle); >- HiiFreeOpCodeHandle (EndOpCodeHandle); >- >- return EFI_SUCCESS; >-} >- >- >-/** >- This function processes the results of changes in configuration. >- >- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. >- @param Action Specifies the type of action taken by the browser. >- @param QuestionId A unique value which is sent to the original >- exporting driver so that it can identify the type >- of data to expect. >- @param Type The type of value for the question. >- @param Value A pointer to the data being sent to the original >- exporting driver. >- @param ActionRequest On return, points to the action requested by >the >- callback function. >- >- @retval EFI_SUCCESS The callback successfully handled the action. >- @retval Others Fail to handle the action. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserIdentifyManagerCallback ( >- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, >- IN EFI_BROWSER_ACTION Action, >- IN EFI_QUESTION_ID QuestionId, >- IN UINT8 Type, >- IN EFI_IFR_TYPE_VALUE *Value, >- OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest >- ) >-{ >- EFI_STATUS Status; >- USER_PROFILE_ENTRY *User; >- UINT8 PolicyType; >- UINT16 Index; >- VOID *StartOpCodeHandle; >- VOID *EndOpCodeHandle; >- EFI_IFR_GUID_LABEL *StartLabel; >- EFI_IFR_GUID_LABEL *EndLabel; >- >- Status = EFI_SUCCESS; >- >- switch (Action) { >- case EFI_BROWSER_ACTION_FORM_OPEN: >- { >- // >- // Update user Form when user Form is opened. >- // This will be done only in FORM_OPEN CallBack of question with >FORM_OPEN_QUESTION_ID from user Form. >- // >- if (QuestionId != FORM_OPEN_QUESTION_ID) { >- return EFI_SUCCESS; >- } >- >- // >- // Initialize the container for dynamic opcodes. >- // >- StartOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (StartOpCodeHandle != NULL); >- >- EndOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (EndOpCodeHandle != NULL); >- >- // >- // Create Hii Extend Label OpCode. >- // >- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- StartOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- StartLabel->Number = LABEL_USER_NAME; >- >- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- EndOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- EndLabel->Number = LABEL_END; >- >- // >- // Add all the user profile in the user profile database. >- // >- for (Index = 0; Index < mUserProfileDb->UserProfileNum; Index++) { >- User = (USER_PROFILE_ENTRY *) mUserProfileDb->UserProfile[Index]; >- AddUserSelection ((UINT16)(LABEL_USER_NAME + Index), User, >StartOpCodeHandle); >- } >- >- HiiUpdateForm ( >- mCallbackInfo->HiiHandle, // HII handle >- &gUserIdentifyManagerGuid,// Formset GUID >- FORMID_USER_FORM, // Form ID >- StartOpCodeHandle, // Label for where to insert opcodes >- EndOpCodeHandle // Replace data >- ); >- >- HiiFreeOpCodeHandle (StartOpCodeHandle); >- HiiFreeOpCodeHandle (EndOpCodeHandle); >- >- return EFI_SUCCESS; >- } >- break; >- >- case EFI_BROWSER_ACTION_FORM_CLOSE: >- Status = EFI_SUCCESS; >- break; >- >- case EFI_BROWSER_ACTION_CHANGED: >- if (QuestionId >= LABEL_PROVIDER_NAME) { >- // >- // QuestionId comes from the second Form (Select a Credential Provider if >identity >- // policy is OR type). Identify the user by the selected provider. >- // >- Status = IdentifyByProviderId (mCurrentUser, &mProviderDb- >>Provider[QuestionId & 0xFFF]->Identifier); >- if (Status == EFI_SUCCESS) { >- mIdentified = TRUE; >- *ActionRequest = EFI_BROWSER_ACTION_REQUEST_EXIT; >- } >- return EFI_SUCCESS; >- } >- break; >- >- case EFI_BROWSER_ACTION_CHANGING: >- // >- // QuestionId comes from the first Form (Select a user to identify). >- // >- if (QuestionId >= LABEL_PROVIDER_NAME) { >- return EFI_SUCCESS; >- } >- >- User = (USER_PROFILE_ENTRY *) mUserProfileDb- >>UserProfile[QuestionId & 0xFFF]; >- Status = GetIdentifyType (User, &PolicyType); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- if (PolicyType == EFI_USER_INFO_IDENTITY_OR) { >- // >- // Identify the user by "OR" logical. >- // >- Status = IdentifyOrTypeUser (User); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- mCurrentUser = (EFI_USER_PROFILE_HANDLE) User; >- } else { >- // >- // Identify the user by "AND" logical. >- // >- Status = IdentifyAndTypeUser (User); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- mCurrentUser = (EFI_USER_PROFILE_HANDLE) User; >- mIdentified = TRUE; >- if (Type == EFI_IFR_TYPE_REF) { >- Value->ref.FormId = FORMID_INVALID_FORM; >- } >- } >- break; >- >- default: >- // >- // All other action return unsupported. >- // >- Status = EFI_UNSUPPORTED; >- break; >- } >- >- >- return Status; >-} >- >- >-/** >- This function construct user profile database from user data saved in the >Flash. >- If no user is found in Flash, add one default user "administrator" in the user >- profile database. >- >- @retval EFI_SUCCESS Init user profile database successfully. >- @retval Others Fail to init user profile database. >- >-**/ >-EFI_STATUS >-InitUserProfileDb ( >- VOID >- ) >-{ >- EFI_STATUS Status; >- UINT8 *VarData; >- UINTN VarSize; >- UINTN CurVarSize; >- CHAR16 VarName[10]; >- UINTN Index; >- UINT32 VarAttr; >- >- if (mUserProfileDb != NULL) { >- // >- // The user profiles had been already initialized. >- // >- return EFI_SUCCESS; >- } >- >- // >- // Init user profile database structure. >- // >- if (!ExpandUsermUserProfileDb ()) { >- return EFI_OUT_OF_RESOURCES; >- } >- >- CurVarSize = DEFAULT_PROFILE_SIZE; >- VarData = AllocateZeroPool (CurVarSize); >- if (VarData == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- >- // >- // Get all user proifle entries. >- // >- Index = 0; >- while (TRUE) { >- // >- // Get variable name. >- // >- UnicodeSPrint ( >- VarName, >- sizeof (VarName), >- L"User%04x", >- Index >- ); >- Index++; >- >- // >- // Get variable value. >- // >- VarSize = CurVarSize; >- Status = gRT->GetVariable (VarName, &gUserIdentifyManagerGuid, >&VarAttr, &VarSize, VarData); >- if (Status == EFI_BUFFER_TOO_SMALL) { >- FreePool (VarData); >- VarData = AllocatePool (VarSize); >- if (VarData == NULL) { >- Status = EFI_OUT_OF_RESOURCES; >- break; >- } >- >- CurVarSize = VarSize; >- Status = gRT->GetVariable (VarName, &gUserIdentifyManagerGuid, >&VarAttr, &VarSize, VarData); >- } >- >- if (EFI_ERROR (Status)) { >- if (Status == EFI_NOT_FOUND) { >- Status = EFI_SUCCESS; >- } >- break; >- } >- >- // >- // Check variable attributes. >- // >- if (VarAttr != (EFI_VARIABLE_NON_VOLATILE | >EFI_VARIABLE_BOOTSERVICE_ACCESS)) { >- Status = gRT->SetVariable (VarName, &gUserIdentifyManagerGuid, >VarAttr, 0, NULL); >- continue; >- } >- >- // >- // Add user profile to the user profile database. >- // >- Status = AddUserProfile (NULL, VarSize, VarData, FALSE); >- if (EFI_ERROR (Status)) { >- if (Status == EFI_SECURITY_VIOLATION) { >- // >- // Delete invalid user profile >- // >- gRT->SetVariable (VarName, &gUserIdentifyManagerGuid, VarAttr, 0, >NULL); >- } else if (Status == EFI_OUT_OF_RESOURCES) { >- break; >- } >- } else { >- // >- // Delete and save the profile again if some invalid profiles are deleted. >- // >- if (mUserProfileDb->UserProfileNum < Index) { >- gRT->SetVariable (VarName, &gUserIdentifyManagerGuid, VarAttr, 0, >NULL); >- SaveNvUserProfile (mUserProfileDb->UserProfile[mUserProfileDb- >>UserProfileNum - 1], FALSE); >- } >- } >- } >- >- if (VarData != NULL) { >- FreePool (VarData); >- } >- >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- // >- // Check whether the user profile database is empty. >- // >- if (mUserProfileDb->UserProfileNum == 0) { >- Status = AddDefaultUserProfile (); >- } >- >- return Status; >-} >- >- >-/** >- This function collects all the credential providers and saves to mProviderDb. >- >- @retval EFI_SUCCESS Collect credential providers successfully. >- @retval Others Fail to collect credential providers. >- >-**/ >-EFI_STATUS >-InitProviderInfo ( >- VOID >- ) >-{ >- EFI_STATUS Status; >- UINTN HandleCount; >- EFI_HANDLE *HandleBuf; >- UINTN Index; >- >- if (mProviderDb != NULL) { >- // >- // The credential providers had been collected before. >- // >- return EFI_SUCCESS; >- } >- >- // >- // Try to find all the user credential provider driver. >- // >- HandleCount = 0; >- HandleBuf = NULL; >- Status = gBS->LocateHandleBuffer ( >- ByProtocol, >- &gEfiUserCredential2ProtocolGuid, >- NULL, >- &HandleCount, >- &HandleBuf >- ); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- // >- // Get provider infomation. >- // >- mProviderDb = AllocateZeroPool ( >- sizeof (CREDENTIAL_PROVIDER_INFO) - >- sizeof (EFI_USER_CREDENTIAL2_PROTOCOL *) + >- HandleCount * sizeof (EFI_USER_CREDENTIAL2_PROTOCOL *) >- ); >- if (mProviderDb == NULL) { >- FreePool (HandleBuf); >- return EFI_OUT_OF_RESOURCES; >- } >- >- mProviderDb->Count = HandleCount; >- for (Index = 0; Index < HandleCount; Index++) { >- Status = gBS->HandleProtocol ( >- HandleBuf[Index], >- &gEfiUserCredential2ProtocolGuid, >- (VOID **) &mProviderDb->Provider[Index] >- ); >- if (EFI_ERROR (Status)) { >- FreePool (HandleBuf); >- FreePool (mProviderDb); >- mProviderDb = NULL; >- return Status; >- } >- } >- >- FreePool (HandleBuf); >- return EFI_SUCCESS; >-} >- >- >-/** >- This function allows a caller to extract the current configuration for one >- or more named elements from the target driver. >- >- >- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. >- @param Request A null-terminated Unicode string in <ConfigRequest> >format. >- @param Progress On return, points to a character in the Request string. >- Points to the string's null terminator if request was successful. >- Points to the most recent '&' before the first failing name/value >- pair (or the beginning of the string if the failure is in the >- first name/value pair) if the request was not successful. >- @param Results A null-terminated Unicode string in <ConfigAltResp> >format which >- has all values filled in for the names in the Request string. >- String to be allocated by the called function. >- >- @retval EFI_SUCCESS The Results is filled with the requested values. >- @retval EFI_OUT_OF_RESOURCES Not enough memory to store the >results. >- @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown >name. >- @retval EFI_NOT_FOUND Routing data doesn't match any storage in >this driver. >- >-**/ >-EFI_STATUS >-EFIAPI >-FakeExtractConfig ( >- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, >- IN CONST EFI_STRING Request, >- OUT EFI_STRING *Progress, >- OUT EFI_STRING *Results >- ) >-{ >- if (Progress == NULL || Results == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- *Progress = Request; >- return EFI_NOT_FOUND; >-} >- >-/** >- This function processes the results of changes in configuration. >- >- >- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. >- @param Configuration A null-terminated Unicode string in <ConfigResp> >format. >- @param Progress A pointer to a string filled in with the offset of the >most >- recent '&' before the first failing name/value pair (or the >- beginning of the string if the failure is in the first >- name/value pair) or the terminating NULL if all was successful. >- >- @retval EFI_SUCCESS The Results is processed successfully. >- @retval EFI_INVALID_PARAMETER Configuration is NULL. >- @retval EFI_NOT_FOUND Routing data doesn't match any storage in >this driver. >- >-**/ >-EFI_STATUS >-EFIAPI >-FakeRouteConfig ( >- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, >- IN CONST EFI_STRING Configuration, >- OUT EFI_STRING *Progress >- ) >-{ >- if (Configuration == NULL || Progress == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- >- *Progress = Configuration; >- >- return EFI_NOT_FOUND; >-} >- >- >-/** >- This function initialize the data mainly used in form browser. >- >- @retval EFI_SUCCESS Initialize form data successfully. >- @retval Others Fail to Initialize form data. >- >-**/ >-EFI_STATUS >-InitFormBrowser ( >- VOID >- ) >-{ >- EFI_STATUS Status; >- USER_MANAGER_CALLBACK_INFO *CallbackInfo; >- EFI_HII_DATABASE_PROTOCOL *HiiDatabase; >- EFI_HII_STRING_PROTOCOL *HiiString; >- EFI_FORM_BROWSER2_PROTOCOL *FormBrowser2; >- >- // >- // Initialize driver private data. >- // >- CallbackInfo = AllocateZeroPool (sizeof >(USER_MANAGER_CALLBACK_INFO)); >- if (CallbackInfo == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- >- CallbackInfo->Signature = USER_MANAGER_SIGNATURE; >- CallbackInfo->ConfigAccess.ExtractConfig = FakeExtractConfig; >- CallbackInfo->ConfigAccess.RouteConfig = FakeRouteConfig; >- CallbackInfo->ConfigAccess.Callback = UserIdentifyManagerCallback; >- >- // >- // Locate Hii Database protocol. >- // >- Status = gBS->LocateProtocol (&gEfiHiiDatabaseProtocolGuid, NULL, (VOID >**) &HiiDatabase); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- CallbackInfo->HiiDatabase = HiiDatabase; >- >- // >- // Locate HiiString protocol. >- // >- Status = gBS->LocateProtocol (&gEfiHiiStringProtocolGuid, NULL, (VOID **) >&HiiString); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- CallbackInfo->HiiString = HiiString; >- >- // >- // Locate Formbrowser2 protocol. >- // >- Status = gBS->LocateProtocol (&gEfiFormBrowser2ProtocolGuid, NULL, >(VOID **) &FormBrowser2); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- CallbackInfo->FormBrowser2 = FormBrowser2; >- CallbackInfo->DriverHandle = NULL; >- >- // >- // Install Device Path Protocol and Config Access protocol to driver handle. >- // >- Status = gBS->InstallMultipleProtocolInterfaces ( >- &CallbackInfo->DriverHandle, >- &gEfiDevicePathProtocolGuid, >- &mHiiVendorDevicePath, >- &gEfiHiiConfigAccessProtocolGuid, >- &CallbackInfo->ConfigAccess, >- NULL >- ); >- ASSERT_EFI_ERROR (Status); >- >- // >- // Publish HII data. >- // >- CallbackInfo->HiiHandle = HiiAddPackages ( >- &gUserIdentifyManagerGuid, >- CallbackInfo->DriverHandle, >- UserIdentifyManagerStrings, >- UserIdentifyManagerVfrBin, >- NULL >- ); >- if (CallbackInfo->HiiHandle == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- >- mCallbackInfo = CallbackInfo; >- >- return EFI_SUCCESS; >-} >- >- >-/** >- Identify the user whose identification policy supports auto logon. >- >- @param[in] ProviderIndex The provider index in the provider list. >- @param[out] User Points to user user profile if a user is identified >successfully. >- >- @retval EFI_SUCCESS Identify a user with the specified provider >successfully. >- @retval Others Fail to identify a user. >- >-**/ >-EFI_STATUS >-IdentifyAutoLogonUser ( >- IN UINTN ProviderIndex, >- OUT USER_PROFILE_ENTRY **User >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO *Info; >- UINT8 PolicyType; >- >- Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + sizeof >(EFI_USER_INFO_IDENTIFIER)); >- if (Info == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- >- Info->InfoType = EFI_USER_INFO_IDENTIFIER_RECORD; >- Info->InfoSize = sizeof (EFI_USER_INFO) + sizeof >(EFI_USER_INFO_IDENTIFIER); >- >- // >- // Identify the specified credential provider's auto logon user. >- // >- Status = mProviderDb->Provider[ProviderIndex]->User ( >- mProviderDb->Provider[ProviderIndex], >- NULL, >- (EFI_USER_INFO_IDENTIFIER *) (Info + 1) >- ); >- if (EFI_ERROR (Status)) { >- FreePool (Info); >- return Status; >- } >- >- // >- // Find user with the specified user ID. >- // >- *User = NULL; >- Status = FindUserProfileByInfo (User, NULL, Info, Info->InfoSize); >- FreePool (Info); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- Status = GetIdentifyType ((EFI_USER_PROFILE_HANDLE) * User, >&PolicyType); >- if (PolicyType == EFI_USER_INFO_IDENTITY_AND) { >- // >- // The identified user need also identified by other credential provider. >- // This can handle through select user. >- // >- return EFI_NOT_READY; >- } >- >- return Status; >-} >- >- >-/** >- Check whether the given console is ready. >- >- @param[in] ProtocolGuid Points to the protocol guid of sonsole . >- >- @retval TRUE The given console is ready. >- @retval FALSE The given console is not ready. >- >-**/ >-BOOLEAN >-CheckConsole ( >- EFI_GUID *ProtocolGuid >- ) >-{ >- EFI_STATUS Status; >- UINTN HandleCount; >- EFI_HANDLE *HandleBuf; >- UINTN Index; >- EFI_DEVICE_PATH_PROTOCOL *DevicePath; >- >- // >- // Try to find all the handle driver. >- // >- HandleCount = 0; >- HandleBuf = NULL; >- Status = gBS->LocateHandleBuffer ( >- ByProtocol, >- ProtocolGuid, >- NULL, >- &HandleCount, >- &HandleBuf >- ); >- if (EFI_ERROR (Status)) { >- return FALSE; >- } >- >- for (Index = 0; Index < HandleCount; Index++) { >- DevicePath = DevicePathFromHandle (HandleBuf[Index]); >- if (DevicePath != NULL) { >- FreePool (HandleBuf); >- return TRUE; >- } >- } >- FreePool (HandleBuf); >- return FALSE; >-} >- >- >-/** >- Check whether the console is ready. >- >- @retval TRUE The console is ready. >- @retval FALSE The console is not ready. >- >-**/ >-BOOLEAN >-IsConsoleReady ( >- VOID >- ) >-{ >- if (!CheckConsole (&gEfiSimpleTextOutProtocolGuid)) { >- return FALSE; >- } >- >- if (!CheckConsole (&gEfiSimpleTextInProtocolGuid)) { >- if (!CheckConsole (&gEfiSimpleTextInputExProtocolGuid)) { >- return FALSE; >- } >- } >- >- return TRUE; >-} >- >- >-/** >- Identify a user to logon. >- >- @param[out] User Points to user user profile if a user is identified >successfully. >- >- @retval EFI_SUCCESS Identify a user successfully. >- >-**/ >-EFI_STATUS >-IdentifyUser ( >- OUT USER_PROFILE_ENTRY **User >- ) >-{ >- EFI_STATUS Status; >- UINTN Index; >- EFI_CREDENTIAL_LOGON_FLAGS AutoLogon; >- EFI_USER_INFO *IdentifyInfo; >- EFI_USER_INFO_IDENTITY_POLICY *Identity; >- EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential; >- USER_PROFILE_ENTRY *UserEntry; >- >- // >- // Initialize credential providers. >- // >- InitProviderInfo (); >- >- // >- // Initialize user profile database. >- // >- InitUserProfileDb (); >- >- // >- // If only one user in system, and its identify policy is TRUE, then auto logon. >- // >- if (mUserProfileDb->UserProfileNum == 1) { >- UserEntry = (USER_PROFILE_ENTRY *) mUserProfileDb->UserProfile[0]; >- IdentifyInfo = NULL; >- Status = FindUserInfoByType (UserEntry, &IdentifyInfo, >EFI_USER_INFO_IDENTITY_POLICY_RECORD); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- ASSERT (IdentifyInfo != NULL); >- >- Identity = (EFI_USER_INFO_IDENTITY_POLICY *) ((UINT8 *) (IdentifyInfo + >1)); >- if (Identity->Type == EFI_USER_INFO_IDENTITY_TRUE) { >- mCurrentUser = (EFI_USER_PROFILE_HANDLE) UserEntry; >- UpdateUserInfo (UserEntry); >- *User = UserEntry; >- return EFI_SUCCESS; >- } >- } >- >- // >- // Find and login the default & AutoLogon user. >- // >- for (Index = 0; Index < mProviderDb->Count; Index++) { >- UserCredential = mProviderDb->Provider[Index]; >- Status = UserCredential->Default (UserCredential, &AutoLogon); >- if (EFI_ERROR (Status)) { >- continue; >- } >- >- if ((AutoLogon & (EFI_CREDENTIAL_LOGON_FLAG_DEFAULT | >EFI_CREDENTIAL_LOGON_FLAG_AUTO)) != 0) { >- Status = IdentifyAutoLogonUser (Index, &UserEntry); >- if (Status == EFI_SUCCESS) { >- mCurrentUser = (EFI_USER_PROFILE_HANDLE) UserEntry; >- UpdateUserInfo (UserEntry); >- *User = UserEntry; >- return EFI_SUCCESS; >- } >- } >- } >- >- if (!IsConsoleReady ()) { >- // >- // The console is still not ready for user selection. >- // >- return EFI_ACCESS_DENIED; >- } >- >- // >- // Select a user and identify it. >- // >- mCallbackInfo->FormBrowser2->SendForm ( >- mCallbackInfo->FormBrowser2, >- &mCallbackInfo->HiiHandle, >- 1, >- &gUserIdentifyManagerGuid, >- 0, >- NULL, >- NULL >- ); >- >- if (mIdentified) { >- *User = (USER_PROFILE_ENTRY *) mCurrentUser; >- UpdateUserInfo (*User); >- return EFI_SUCCESS; >- } >- >- return EFI_ACCESS_DENIED; >-} >- >- >-/** >- An empty function to pass error checking of CreateEventEx (). >- >- @param Event Event whose notification function is being invoked. >- @param Context Pointer to the notification function's context, >- which is implementation-dependent. >- >-**/ >-VOID >-EFIAPI >-InternalEmptyFuntion ( >- IN EFI_EVENT Event, >- IN VOID *Context >- ) >-{ >-} >- >- >-/** >- Create, Signal, and Close the User Profile Changed event. >- >-**/ >-VOID >-SignalEventUserProfileChanged ( >- VOID >- ) >-{ >- EFI_STATUS Status; >- EFI_EVENT Event; >- >- Status = gBS->CreateEventEx ( >- EVT_NOTIFY_SIGNAL, >- TPL_CALLBACK, >- InternalEmptyFuntion, >- NULL, >- &gEfiEventUserProfileChangedGuid, >- &Event >- ); >- ASSERT_EFI_ERROR (Status); >- gBS->SignalEvent (Event); >- gBS->CloseEvent (Event); >-} >- >- >-/** >- Create a new user profile. >- >- This function creates a new user profile with only a new user identifier >attached and returns >- its handle. The user profile is non-volatile, but the handle User can change >across reboots. >- >- @param[in] This Points to this instance of the >EFI_USER_MANAGER_PROTOCOL. >- @param[out] User On return, points to the new user profile handle. >- The user profile handle is unique only during this boot. >- >- @retval EFI_SUCCESS User profile was successfully created. >- @retval EFI_ACCESS_DENIED Current user does not have sufficient >permissions to create a >- user profile. >- @retval EFI_UNSUPPORTED Creation of new user profiles is not >supported. >- @retval EFI_INVALID_PARAMETER The User parameter is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileCreate ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- OUT EFI_USER_PROFILE_HANDLE *User >- ) >-{ >- EFI_STATUS Status; >- >- if ((This == NULL) || (User == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Check the right of the current user. >- // >- if (!CheckCurrentUserAccessRight (EFI_USER_INFO_ACCESS_MANAGE)) { >- if (!CheckCurrentUserAccessRight >(EFI_USER_INFO_ACCESS_ENROLL_OTHERS)) { >- return EFI_ACCESS_DENIED; >- } >- } >- >- // >- // Create new user profile >- // >- Status = CreateUserProfile ((USER_PROFILE_ENTRY **) User); >- if (EFI_ERROR (Status)) { >- return EFI_ACCESS_DENIED; >- } >- return EFI_SUCCESS; >-} >- >- >-/** >- Delete an existing user profile. >- >- @param[in] This Points to this instance of the >EFI_USER_MANAGER_PROTOCOL. >- @param[in] User User profile handle. >- >- @retval EFI_SUCCESS User profile was successfully deleted. >- @retval EFI_ACCESS_DENIED Current user does not have sufficient >permissions to delete a user >- profile or there is only one user profile. >- @retval EFI_UNSUPPORTED Deletion of new user profiles is not >supported. >- @retval EFI_INVALID_PARAMETER User does not refer to a valid user >profile. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileDelete ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User >- ) >-{ >- EFI_STATUS Status; >- >- if (This == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Check the right of the current user. >- // >- if (!CheckCurrentUserAccessRight (EFI_USER_INFO_ACCESS_MANAGE)) { >- return EFI_ACCESS_DENIED; >- } >- >- // >- // Delete user profile. >- // >- Status = DelUserProfile (User); >- if (EFI_ERROR (Status)) { >- if (Status != EFI_INVALID_PARAMETER) { >- return EFI_ACCESS_DENIED; >- } >- return EFI_INVALID_PARAMETER; >- } >- >- return EFI_SUCCESS; >-} >- >- >-/** >- Enumerate all of the enrolled users on the platform. >- >- This function returns the next enrolled user profile. To retrieve the first user >profile handle, >- point User at a NULL. Each subsequent call will retrieve another user profile >handle until there >- are no more, at which point User will point to NULL. >- >- @param[in] This Points to this instance of the >EFI_USER_MANAGER_PROTOCOL. >- @param[in, out] User On entry, points to the previous user profile >handle or NULL to >- start enumeration. On exit, points to the next user profile >handle >- or NULL if there are no more user profiles. >- >- @retval EFI_SUCCESS Next enrolled user profile successfully returned. >- @retval EFI_ACCESS_DENIED Next enrolled user profile was not >successfully returned. >- @retval EFI_INVALID_PARAMETER The User parameter is NULL. >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileGetNext ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- IN OUT EFI_USER_PROFILE_HANDLE *User >- ) >-{ >- EFI_STATUS Status; >- >- if ((This == NULL) || (User == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- Status = FindUserProfile ((USER_PROFILE_ENTRY **) User, TRUE, NULL); >- if (EFI_ERROR (Status)) { >- return EFI_ACCESS_DENIED; >- } >- return EFI_SUCCESS; >-} >- >- >-/** >- Return the current user profile handle. >- >- @param[in] This Points to this instance of the >EFI_USER_MANAGER_PROTOCOL. >- @param[out] CurrentUser On return, points to the current user profile >handle. >- >- @retval EFI_SUCCESS Current user profile handle returned successfully. >- @retval EFI_INVALID_PARAMETER The CurrentUser parameter is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileCurrent ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- OUT EFI_USER_PROFILE_HANDLE *CurrentUser >- ) >-{ >- // >- // Get current user profile. >- // >- if ((This == NULL) || (CurrentUser == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- *CurrentUser = mCurrentUser; >- return EFI_SUCCESS; >-} >- >- >-/** >- Identify a user. >- >- Identify the user and, if authenticated, returns the user handle and changes >the current >- user profile. All user information marked as private in a previously selected >profile >- is no longer available for inspection. >- Whenever the current user profile is changed then the an event with the >GUID >- EFI_EVENT_GROUP_USER_PROFILE_CHANGED is signaled. >- >- @param[in] This Points to this instance of the >EFI_USER_MANAGER_PROTOCOL. >- @param[out] User On return, points to the user profile handle for >the current >- user profile. >- >- @retval EFI_SUCCESS User was successfully identified. >- @retval EFI_ACCESS_DENIED User was not successfully identified. >- @retval EFI_INVALID_PARAMETER The User parameter is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileIdentify ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- OUT EFI_USER_PROFILE_HANDLE *User >- ) >-{ >- EFI_STATUS Status; >- >- if ((This == NULL) || (User == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- if (mCurrentUser != NULL) { >- *User = mCurrentUser; >- return EFI_SUCCESS; >- } >- >- // >- // Identify user >- // >- Status = IdentifyUser ((USER_PROFILE_ENTRY **) User); >- if (EFI_ERROR (Status)) { >- return EFI_ACCESS_DENIED; >- } >- >- // >- // Publish the user info into the EFI system configuration table. >- // >- PublishUserTable (); >- >- // >- // Signal User Profile Changed event. >- // >- SignalEventUserProfileChanged (); >- return EFI_SUCCESS; >-} >- >-/** >- Find a user using a user information record. >- >- This function searches all user profiles for the specified user information >record. >- The search starts with the user information record handle following >UserInfo and >- continues until either the information is found or there are no more user >profiles. >- A match occurs when the Info.InfoType field matches the user information >record >- type and the user information record data matches the portion of Info. >- >- @param[in] This Points to this instance of the >EFI_USER_MANAGER_PROTOCOL. >- @param[in, out] User On entry, points to the previously returned user >profile >- handle, or NULL to start searching with the first user profile. >- On return, points to the user profile handle, or NULL if not >- found. >- @param[in, out] UserInfo On entry, points to the previously returned >user information >- handle, or NULL to start searching with the first. On return, >- points to the user information handle of the user >information >- record, or NULL if not found. Can be NULL, in which case only >- one user information record per user can be returned. >- @param[in] Info Points to the buffer containing the user information >to be >- compared to the user information record. If the user >information >- record data is empty, then only the user information record >type >- is compared. If InfoSize is 0, then the user information record >- must be empty. >- >- @param[in] InfoSize The size of Info, in bytes. >- >- @retval EFI_SUCCESS User information was found. User points to the >user profile >- handle, and UserInfo points to the user information handle. >- @retval EFI_NOT_FOUND User information was not found. User points >to NULL, and >- UserInfo points to NULL. >- @retval EFI_INVALID_PARAMETER User is NULL. Or Info is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileFind ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- IN OUT EFI_USER_PROFILE_HANDLE *User, >- IN OUT EFI_USER_INFO_HANDLE *UserInfo OPTIONAL, >- IN CONST EFI_USER_INFO *Info, >- IN UINTN InfoSize >- ) >-{ >- EFI_STATUS Status; >- UINTN Size; >- >- if ((This == NULL) || (User == NULL) || (Info == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- if (InfoSize == 0) { >- // >- // If InfoSize is 0, then the user information record must be empty. >- // >- if (Info->InfoSize != sizeof (EFI_USER_INFO)) { >- return EFI_INVALID_PARAMETER; >- } >- } else { >- if (InfoSize != Info->InfoSize) { >- return EFI_INVALID_PARAMETER; >- } >- } >- Size = Info->InfoSize; >- >- // >- // Find user profile accdoring to user information. >- // >- Status = FindUserProfileByInfo ( >- (USER_PROFILE_ENTRY **) User, >- (EFI_USER_INFO **) UserInfo, >- (EFI_USER_INFO *) Info, >- Size >- ); >- if (EFI_ERROR (Status)) { >- *User = NULL; >- if (UserInfo != NULL) { >- *UserInfo = NULL; >- } >- return EFI_NOT_FOUND; >- } >- >- return EFI_SUCCESS; >-} >- >- >-/** >- Return information attached to the user. >- >- This function returns user information. The format of the information is >described in User >- Information. The function may return EFI_ACCESS_DENIED if the >information is marked private >- and the handle specified by User is not the current user profile. The function >may return >- EFI_ACCESS_DENIED if the information is marked protected and the >information is associated >- with a credential provider for which the user has not been authenticated. >- >- @param[in] This Points to this instance of the >EFI_USER_MANAGER_PROTOCOL. >- @param[in] User Handle of the user whose profile will be retrieved. >- @param[in] UserInfo Handle of the user information data record. >- @param[out] Info On entry, points to a buffer of at least *InfoSize >bytes. On exit, >- holds the user information. If the buffer is too small to hold >the >- information, then EFI_BUFFER_TOO_SMALL is returned and >InfoSize is >- updated to contain the number of bytes actually required. >- @param[in, out] InfoSize On entry, points to the size of Info. On return, >points to the size >- of the user information. >- >- @retval EFI_SUCCESS Information returned successfully. >- @retval EFI_ACCESS_DENIED The information about the specified user >cannot be accessed by the >- current user. >- @retval EFI_BUFFER_TOO_SMALL The number of bytes specified by >*InfoSize is too small to hold the >- returned data. The actual size required is returned in >*InfoSize. >- @retval EFI_NOT_FOUND User does not refer to a valid user profile or >UserInfo does not refer >- to a valid user info handle. >- @retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileGetInfo ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User, >- IN EFI_USER_INFO_HANDLE UserInfo, >- OUT EFI_USER_INFO *Info, >- IN OUT UINTN *InfoSize >- ) >-{ >- EFI_STATUS Status; >- >- if ((This == NULL) || (InfoSize == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- if ((*InfoSize != 0) && (Info == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- if ((User == NULL) || (UserInfo == NULL)) { >- return EFI_NOT_FOUND; >- } >- >- Status = GetUserInfo (User, UserInfo, Info, InfoSize, TRUE); >- if (EFI_ERROR (Status)) { >- if (Status == EFI_BUFFER_TOO_SMALL) { >- return EFI_BUFFER_TOO_SMALL; >- } >- return EFI_ACCESS_DENIED; >- } >- return EFI_SUCCESS; >-} >- >- >-/** >- Add or update user information. >- >- This function changes user information. If NULL is pointed to by UserInfo, >then a new user >- information record is created and its handle is returned in UserInfo. >Otherwise, the existing >- one is replaced. >- If EFI_USER_INFO_IDENITTY_POLICY_RECORD is changed, it is the caller's >responsibility to keep >- it to be synced with the information on credential providers. >- If EFI_USER_INFO_EXCLUSIVE is specified in Info and a user information >record of the same >- type already exists in the user profile, then EFI_ACCESS_DENIED will be >returned and UserInfo >- will point to the handle of the existing record. >- >- @param[in] This Points to this instance of the >EFI_USER_MANAGER_PROTOCOL. >- @param[in] User Handle of the user whose profile will be retrieved. >- @param[in, out] UserInfo Handle of the user information data record. >- @param[in] Info On entry, points to a buffer of at least *InfoSize >bytes. On exit, >- holds the user information. If the buffer is too small to hold >the >- information, then EFI_BUFFER_TOO_SMALL is returned and >InfoSize is >- updated to contain the number of bytes actually required. >- @param[in] InfoSize On entry, points to the size of Info. On return, >points to the size >- of the user information. >- >- @retval EFI_SUCCESS Information returned successfully. >- @retval EFI_ACCESS_DENIED The record is exclusive. >- @retval EFI_SECURITY_VIOLATION The current user does not have >permission to change the specified >- user profile or user information record. >- @retval EFI_NOT_FOUND User does not refer to a valid user profile or >UserInfo does not >- refer to a valid user info handle. >- @retval EFI_INVALID_PARAMETER UserInfo is NULL or Info is NULL. >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileSetInfo ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User, >- IN OUT EFI_USER_INFO_HANDLE *UserInfo, >- IN CONST EFI_USER_INFO *Info, >- IN UINTN InfoSize >- ) >-{ >- EFI_STATUS Status; >- >- if ((This == NULL) || (User == NULL) || (UserInfo == NULL) || (Info == NULL)) >{ >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Check the right of the current user. >- // >- if (User != mCurrentUser) { >- if (!CheckCurrentUserAccessRight (EFI_USER_INFO_ACCESS_MANAGE)) { >- if (*UserInfo != NULL) { >- // >- // Can't update info in other profiles without MANAGE right. >- // >- return EFI_SECURITY_VIOLATION; >- } >- >- if (!CheckCurrentUserAccessRight >(EFI_USER_INFO_ACCESS_ENROLL_OTHERS)) { >- // >- // Can't add info into other profiles. >- // >- return EFI_SECURITY_VIOLATION; >- } >- } >- } >- >- if (User == mCurrentUser) { >- if (CheckCurrentUserAccessRight (EFI_USER_INFO_ACCESS_ENROLL_SELF)) >{ >- // >- // Only identify policy can be added/updated. >- // >- if (Info->InfoType != EFI_USER_INFO_IDENTITY_POLICY_RECORD) { >- return EFI_SECURITY_VIOLATION; >- } >- } >- } >- >- // >- // Modify user information. >- // >- Status = ModifyUserInfo (User, (EFI_USER_INFO **) UserInfo, Info, >InfoSize); >- if (EFI_ERROR (Status)) { >- if (Status == EFI_ACCESS_DENIED) { >- return EFI_ACCESS_DENIED; >- } >- return EFI_SECURITY_VIOLATION; >- } >- return EFI_SUCCESS; >-} >- >- >-/** >- Called by credential provider to notify of information change. >- >- This function allows the credential provider to notify the User Identity >Manager when user status >- has changed. >- If the User Identity Manager doesn't support asynchronous changes in >credentials, then this function >- should return EFI_UNSUPPORTED. >- If current user does not exist, and the credential provider can identify a user, >then make the user >- to be current user and signal the >EFI_EVENT_GROUP_USER_PROFILE_CHANGED event. >- If current user already exists, and the credential provider can identify >another user, then switch >- current user to the newly identified user, and signal the >EFI_EVENT_GROUP_USER_PROFILE_CHANGED event. >- If current user was identified by this credential provider and now the >credential provider cannot identify >- current user, then logout current user and signal the >EFI_EVENT_GROUP_USER_PROFILE_CHANGED event. >- >- @param[in] This Points to this instance of the >EFI_USER_MANAGER_PROTOCOL. >- @param[in] Changed Handle on which is installed an instance of the >EFI_USER_CREDENTIAL2_PROTOCOL >- where the user has changed. >- >- @retval EFI_SUCCESS The User Identity Manager has handled the >notification. >- @retval EFI_NOT_READY The function was called while the specified >credential provider was not selected. >- @retval EFI_UNSUPPORTED The User Identity Manager doesn't support >asynchronous notifications. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileNotify ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- IN EFI_HANDLE Changed >- ) >-{ >- return EFI_UNSUPPORTED; >-} >- >- >-/** >- Delete user information. >- >- Delete the user information attached to the user profile specified by the >UserInfo. >- >- @param[in] This Points to this instance of the >EFI_USER_MANAGER_PROTOCOL. >- @param[in] User Handle of the user whose information will be >deleted. >- @param[in] UserInfo Handle of the user information to remove. >- >- @retval EFI_SUCCESS User information deleted successfully. >- @retval EFI_NOT_FOUND User information record UserInfo does not >exist in the user profile. >- @retval EFI_ACCESS_DENIED The current user does not have permission to >delete this user information. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileDeleteInfo ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User, >- IN EFI_USER_INFO_HANDLE UserInfo >- ) >-{ >- EFI_STATUS Status; >- >- if (This == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Check the right of the current user. >- // >- if (User != mCurrentUser) { >- if (!CheckCurrentUserAccessRight (EFI_USER_INFO_ACCESS_MANAGE)) { >- return EFI_ACCESS_DENIED; >- } >- } >- >- // >- // Delete user information. >- // >- Status = DelUserInfo (User, UserInfo, TRUE); >- if (EFI_ERROR (Status)) { >- if (Status == EFI_NOT_FOUND) { >- return EFI_NOT_FOUND; >- } >- return EFI_ACCESS_DENIED; >- } >- return EFI_SUCCESS; >-} >- >- >-/** >- Enumerate user information of all the enrolled users on the platform. >- >- This function returns the next user information record. To retrieve the first >user >- information record handle, point UserInfo at a NULL. Each subsequent call >will retrieve >- another user information record handle until there are no more, at which >point UserInfo >- will point to NULL. >- >- @param[in] This Points to this instance of the >EFI_USER_MANAGER_PROTOCOL. >- @param[in] User Handle of the user whose information will be >deleted. >- @param[in, out] UserInfo Handle of the user information to remove. >- >- @retval EFI_SUCCESS User information returned. >- @retval EFI_NOT_FOUND No more user information found. >- @retval EFI_INVALID_PARAMETER UserInfo is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileGetNextInfo ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User, >- IN OUT EFI_USER_INFO_HANDLE *UserInfo >- ) >-{ >- if ((This == NULL) || (UserInfo == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- // >- // Get next user information entry. >- // >- return FindUserInfo (User, (EFI_USER_INFO **) UserInfo, TRUE, NULL); >-} >- >- >-/** >- Main entry for this driver. >- >- @param[in] ImageHandle Image handle this driver. >- @param[in] SystemTable Pointer to SystemTable. >- >- @retval EFI_SUCESS This function always complete successfully. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserIdentifyManagerInit ( >- IN EFI_HANDLE ImageHandle, >- IN EFI_SYSTEM_TABLE *SystemTable >- ) >-{ >- >- EFI_STATUS Status; >- >- // >- // It is NOT robust enough to be included in production. >- // >- #error "This implementation is just a sample, please comment this line if you >really want to use this driver." >- >- // >- // Initiate form browser. >- // >- InitFormBrowser (); >- >- // >- // Install protocol interfaces for the User Identity Manager. >- // >- Status = gBS->InstallProtocolInterface ( >- &mCallbackInfo->DriverHandle, >- &gEfiUserManagerProtocolGuid, >- EFI_NATIVE_INTERFACE, >- &gUserIdentifyManager >- ); >- ASSERT_EFI_ERROR (Status); >- >- LoadDeferredImageInit (ImageHandle); >- return EFI_SUCCESS; >-} >- >- >diff --git >a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >ager.h >b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >ager.h >deleted file mode 100644 >index 1c449b0128..0000000000 >--- >a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >ager.h >+++ /dev/null >@@ -1,413 +0,0 @@ >-/** @file >- The header file for User identify Manager driver. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#ifndef _USER_IDENTIFY_MANAGER_H_ >-#define _USER_IDENTIFY_MANAGER_H_ >- >-#include <Uefi.h> >- >-#include <Guid/GlobalVariable.h> >-#include <Guid/MdeModuleHii.h> >- >-#include <Protocol/FormBrowser2.h> >-#include <Protocol/HiiDatabase.h> >-#include <Protocol/HiiConfigAccess.h> >-#include <Protocol/HiiString.h> >-#include <Protocol/HiiConfigRouting.h> >-#include <Protocol/UserCredential2.h> >-#include <Protocol/UserManager.h> >-#include <Protocol/DeferredImageLoad.h> >-#include <Protocol/SimpleTextOut.h> >-#include <Protocol/SimpleTextIn.h> >-#include <Protocol/SimpleTextInEx.h> >- >-#include <Library/UefiRuntimeServicesTableLib.h> >-#include <Library/UefiBootServicesTableLib.h> >-#include <Library/MemoryAllocationLib.h> >-#include <Library/BaseMemoryLib.h> >-#include <Library/DevicePathLib.h> >-#include <Library/DebugLib.h> >-#include <Library/UefiLib.h> >-#include <Library/PrintLib.h> >-#include <Library/HiiLib.h> >- >-#include "UserIdentifyManagerData.h" >- >-// >-// This is the generated IFR binary data for each formset defined in VFR. >-// This data array is ready to be used as input of HiiAddPackages() to >-// create a packagelist. >-// >-extern UINT8 UserIdentifyManagerVfrBin[]; >- >-// >-// This is the generated String package data for all .UNI files. >-// This data array is ready to be used as input of HiiAddPackages() to >-// create a packagelist. >-// >-extern UINT8 UserIdentifyManagerStrings[]; >- >-#define USER_NUMBER_INC 32 >-#define DEFAULT_PROFILE_SIZE 512 >-#define INFO_PAYLOAD_SIZE 64 >- >-// >-// Credential Provider Information. >-// >-typedef struct { >- UINTN Count; >- EFI_USER_CREDENTIAL2_PROTOCOL *Provider[1]; >-} CREDENTIAL_PROVIDER_INFO; >- >-// >-// Internal user profile entry. >-// >-typedef struct { >- UINTN MaxProfileSize; >- UINTN UserProfileSize; >- CHAR16 UserVarName[9]; >- UINT8 *ProfileInfo; >-} USER_PROFILE_ENTRY; >- >-// >-// Internal user profile database. >-// >-typedef struct { >- UINTN UserProfileNum; >- UINTN MaxProfileNum; >- EFI_USER_PROFILE_HANDLE UserProfile[1]; >-} USER_PROFILE_DB; >- >-#define USER_MANAGER_SIGNATURE SIGNATURE_32 ('U', 'I', 'M', 'S') >- >-typedef struct { >- UINTN Signature; >- EFI_HANDLE DriverHandle; >- EFI_HII_HANDLE HiiHandle; >- >- // >- // Consumed protocol. >- // >- EFI_HII_DATABASE_PROTOCOL *HiiDatabase; >- EFI_HII_STRING_PROTOCOL *HiiString; >- EFI_HII_CONFIG_ROUTING_PROTOCOL *HiiConfigRouting; >- EFI_FORM_BROWSER2_PROTOCOL *FormBrowser2; >- >- // >- // Produced protocol. >- // >- EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess; >-} USER_MANAGER_CALLBACK_INFO; >- >-/// >-/// HII specific Vendor Device Path definition. >-/// >-typedef struct { >- VENDOR_DEVICE_PATH VendorDevicePath; >- EFI_DEVICE_PATH_PROTOCOL End; >-} HII_VENDOR_DEVICE_PATH; >- >-/** >- Register an event notification function for the user profile changed. >- >- @param[in] ImageHandle Image handle this driver. >- >-**/ >-VOID >-LoadDeferredImageInit ( >- IN EFI_HANDLE ImageHandle >- ); >- >- >-/** >- This function creates a new user profile with only >- a new user identifier attached and returns its handle. >- The user profile is non-volatile, but the handle User >- can change across reboots. >- >- @param[in] This Protocol EFI_USER_MANAGER_PROTOCOL >instance >- pointer. >- @param[out] User Handle of a new user profile. >- >- @retval EFI_SUCCESS User profile was successfully created. >- @retval EFI_ACCESS_DENIED Current user does not have sufficient >permissions >- to create a user profile. >- @retval EFI_UNSUPPORTED Creation of new user profiles is not >supported. >- @retval EFI_INVALID_PARAMETER User is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileCreate ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- OUT EFI_USER_PROFILE_HANDLE *User >- ); >- >- >-/** >- Delete an existing user profile. >- >- @param This Protocol EFI_USER_MANAGER_PROTOCOL instance >- pointer. >- @param User User profile handle. >- >- @retval EFI_SUCCESS User profile was successfully deleted. >- @retval EFI_ACCESS_DENIED Current user does not have sufficient >permissions >- to delete a user profile or there is only one >- user profile. >- @retval EFI_UNSUPPORTED Deletion of new user profiles is not >supported. >- @retval EFI_INVALID_PARAMETER User does not refer to a valid user >profile. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileDelete ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User >- ); >- >- >-/** >- Get next user profile from the user profile database. >- >- @param[in] This Protocol EFI_USER_MANAGER_PROTOCOL >instance >- pointer. >- @param[in, out] User User profile handle. >- >- @retval EFI_SUCCESS Next enrolled user profile successfully returned. >- @retval EFI_INVALID_PARAMETER User is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileGetNext ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- IN OUT EFI_USER_PROFILE_HANDLE *User >- ); >- >- >-/** >- This function returns the current user profile handle. >- >- @param[in] This Protocol EFI_USER_MANAGER_PROTOCOL >instance pointer. >- @param[out] CurrentUser User profile handle. >- >- @retval EFI_SUCCESS Current user profile handle returned >successfully. >- @retval EFI_INVALID_PARAMETER CurrentUser is NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileCurrent ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- OUT EFI_USER_PROFILE_HANDLE *CurrentUser >- ); >- >- >-/** >- Identify the user and, if authenticated, returns the user handle and changes >- the current user profile. >- >- @param This Protocol EFI_USER_MANAGER_PROTOCOL instance >pointer. >- @param CurrentUser User profile handle. >- >- @retval EFI_SUCCESS User was successfully identified. >- @retval EFI_INVALID_PARAMETER User is NULL. >- @retval EFI_ACCESS_DENIED User was not successfully identified. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileIdentify ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- OUT EFI_USER_PROFILE_HANDLE *User >- ); >- >- >-/** >- Find a user using a user information record. >- >- This function searches all user profiles for the specified user information >record. >- The search starts with the user information record handle following >UserInfo and >- continues until either the information is found or there are no more user >profiles. >- A match occurs when the Info.InfoType field matches the user information >record >- type and the user information record data matches the portion of Info >passed the >- EFI_USER_INFO header. >- >- @param[in] This Points to this instance of the >EFI_USER_MANAGER_PROTOCOL. >- @param[in, out] User On entry, points to the previously returned user >profile >- handle, or NULL to start searching with the first user profile. >- On return, points to the user profile handle, or NULL if not >- found. >- @param[in, out] UserInfo On entry, points to the previously returned user >information >- handle, or NULL to start searching with the first. On return, >- points to the user information handle of the user information >- record, or NULL if not found. Can be NULL, in which case only >- one user information record per user can be returned. >- @param[in] Info Points to the buffer containing the user information to >be >- compared to the user information record. If NULL, then only >- the user information record type is compared. If InfoSize is 0, >- then the user information record must be empty. >- >- @param[in] InfoSize The size of Info, in bytes. >- >- @retval EFI_SUCCESS User information was found. User points to the >user profile handle, >- and UserInfo points to the user information handle. >- @retval EFI_NOT_FOUND User information was not found. User points to >NULL and UserInfo >- points to NULL. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileFind ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- IN OUT EFI_USER_PROFILE_HANDLE *User, >- IN OUT EFI_USER_INFO_HANDLE *UserInfo OPTIONAL, >- IN CONST EFI_USER_INFO *Info, >- IN UINTN InfoSize >- ); >- >- >-/** >- This function returns user information. >- >- @param This Protocol EFI_USER_MANAGER_PROTOCOL instance >- pointer. >- @param User Handle of the user whose profile will be >- retrieved. >- @param UserInfo Handle of the user information data record. >- @param Info On entry, points to a buffer of at least >- *InfoSize bytes. On exit, holds the user >- information. >- @param InfoSize On entry, points to the size of Info. On return, >- points to the size of the user information. >- >- @retval EFI_SUCCESS Information returned successfully. >- @retval EFI_ACCESS_DENIED The information about the specified user >cannot >- be accessed by the current user. >- EFI_BUFFER_TOO_SMALL- The number of bytes >- specified by *InfoSize is too small to hold the >- returned data. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileGetInfo ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User, >- IN EFI_USER_INFO_HANDLE UserInfo, >- OUT EFI_USER_INFO *Info, >- IN OUT UINTN *InfoSize >- ); >- >- >-/** >- This function changes user information. >- >- @param This Protocol EFI_USER_MANAGER_PROTOCOL instance >- pointer. >- @param User Handle of the user whose profile will be >- retrieved. >- @param UserInfo Handle of the user information data record. >- @param Info Points to the user information. >- @param InfoSize The size of Info, in bytes. >- >- @retval EFI_SUCCESS User profile information was successfully >- changed/added. >- @retval EFI_ACCESS_DENIED The record is exclusive. >- @retval EFI_SECURITY_VIOLATION The current user does not have >permission to >- change the specified user profile or user >- information record. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileSetInfo ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User, >- IN OUT EFI_USER_INFO_HANDLE *UserInfo, >- IN CONST EFI_USER_INFO *Info, >- IN UINTN InfoSize >- ); >- >- >-/** >- This function allows the credential provider to notify the User Identity >Manager >- when user status has changed while deselected. >- >- @param This Protocol EFI_USER_MANAGER_PROTOCOL instance >- pointer. >- @param Changed Points to the instance of the >- EFI_USER_CREDENTIAL_PROTOCOL where the user has >- changed. >- >- @retval EFI_SUCCESS The User Identity Manager has handled the >- notification. >- @retval EFI_NOT_READY The function was called while the specified >- credential provider was not selected. >- @retval EFI_UNSUPPORTED The User Identity Manager doesn't support >- asynchronous notifications. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileNotify ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- IN EFI_HANDLE Changed >- ); >- >- >-/** >- Delete the user information attached to the user profile specified by the >UserInfo. >- >- @param This Protocol EFI_USER_MANAGER_PROTOCOL instance >pointer. >- @param User Handle of the user whose profile will be retrieved. >- @param UserInfo Handle of the user information data record. >- >- @retval EFI_SUCCESS User information deleted successfully. >- @retval EFI_ACCESS_DENIED The current user does not have permission >to >- delete this user in-formation. >- @retval EFI_NOT_FOUND User information record UserInfo does not >exist >- in the user pro-file. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileDeleteInfo ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User, >- IN EFI_USER_INFO_HANDLE UserInfo >- ); >- >- >-/** >- This function returns the next user information record. >- >- @param This Protocol EFI_USER_MANAGER_PROTOCOL instance >pointer. >- @param User Handle of the user whose profile will be retrieved. >- @param UserInfo Handle of the user information data record. >- >- @retval EFI_SUCCESS User information returned. >- @retval EFI_NOT_FOUND No more user information found. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileGetNextInfo ( >- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >- IN EFI_USER_PROFILE_HANDLE User, >- IN OUT EFI_USER_INFO_HANDLE *UserInfo >- ); >- >-#endif >diff --git >a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >ager.uni >b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >ager.uni >deleted file mode 100644 >index 82c72baeeb..0000000000 >--- >a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >ager.uni >+++ /dev/null >@@ -1,21 +0,0 @@ >-// /** @file >-// Produces user manager protocol >-// >-// This module manages user information and produces user manager >protocol. >-// >-// Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR> >-// >-// This program and the accompanying materials >-// are licensed and made available under the terms and conditions of the BSD >License >-// which accompanies this distribution. The full text of the license may be >found at >-// http://opensource.org/licenses/bsd-license.php >-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >-// >-// **/ >- >- >-#string STR_MODULE_ABSTRACT #language en-US "Produces user >manager protocol" >- >-#string STR_MODULE_DESCRIPTION #language en-US "This module >manages user information and produces user manager protocol." >- >diff --git >a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >agerData.h >b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >agerData.h >deleted file mode 100644 >index 4e07ddd309..0000000000 >--- >a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >agerData.h >+++ /dev/null >@@ -1,35 +0,0 @@ >-/** @file >- Data structure used by the user identify manager driver. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#ifndef _USER_IDENTIFY_MANAGER_DATA_H_ >-#define _USER_IDENTIFY_MANAGER_DATA_H_ >- >-#include <Guid/UserIdentifyManagerHii.h> >- >-// >-// Forms definition. >-// >-#define FORMID_USER_FORM 1 >-#define FORMID_PROVIDER_FORM 2 >-#define FORMID_INVALID_FORM 0x0FFF >- >-// >-// Labels definition. >-// >-#define LABEL_USER_NAME 0x1000 >-#define LABEL_PROVIDER_NAME 0x3000 >-#define LABEL_END 0xffff >-#define FORM_OPEN_QUESTION_ID 0xfffe >- >-#endif >diff --git >a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >agerDxe.inf >b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >agerDxe.inf >deleted file mode 100644 >index 27e8ba19ad..0000000000 >--- >a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >agerDxe.inf >+++ /dev/null >@@ -1,79 +0,0 @@ >-## @file >-# Produces user manager protocol >-# >-# This module manages user information and produces user manager >protocol. >-# >-# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-# This program and the accompanying materials >-# are licensed and made available under the terms and conditions of the BSD >License >-# which accompanies this distribution. The full text of the license may be >found at >-# http://opensource.org/licenses/bsd-license.php >-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >-# >-## >- >-[defines] >- INF_VERSION = 0x00010005 >- BASE_NAME = UserIdentifyManager >- MODULE_UNI_FILE = UserIdentifyManager.uni >- FILE_GUID = C5D3191B-27D5-4873-8DF2-628136991A21 >- MODULE_TYPE = DXE_DRIVER >- VERSION_STRING = 1.0 >- ENTRY_POINT = UserIdentifyManagerInit >- >-[sources] >- UserIdentifyManager.c >- LoadDeferredImage.c >- UserIdentifyManager.h >- UserIdentifyManagerData.h >- UserIdentifyManagerStrings.uni >- UserIdentifyManagerVfr.Vfr >- >-[Packages] >- MdePkg/MdePkg.dec >- MdeModulePkg/MdeModulePkg.dec >- SecurityPkg/SecurityPkg.dec >- >-[LibraryClasses] >- UefiRuntimeServicesTableLib >- UefiBootServicesTableLib >- UefiDriverEntryPoint >- MemoryAllocationLib >- BaseMemoryLib >- DebugLib >- HiiLib >- UefiLib >- >-[Guids] >- gEfiIfrTianoGuid ## SOMETIMES_CONSUMES ## GUID >- gEfiEventUserProfileChangedGuid ## SOMETIMES_PRODUCES ## >Event >- >- ## SOMETIMES_PRODUCES ## Variable:L"Userxxxx" >- ## SOMETIMES_CONSUMES ## Variable:L"Userxxxx" >- ## CONSUMES ## HII >- gUserIdentifyManagerGuid >- >-[Protocols] >- gEfiFormBrowser2ProtocolGuid ## CONSUMES >- gEfiHiiDatabaseProtocolGuid ## CONSUMES >- gEfiUserCredential2ProtocolGuid ## SOMETIMES_CONSUMES >- gEfiDeferredImageLoadProtocolGuid ## SOMETIMES_CONSUMES >- gEfiSimpleTextOutProtocolGuid ## SOMETIMES_CONSUMES >- gEfiSimpleTextInProtocolGuid ## SOMETIMES_CONSUMES >- gEfiSimpleTextInputExProtocolGuid ## SOMETIMES_CONSUMES >- gEfiHiiConfigAccessProtocolGuid ## PRODUCES >- gEfiDevicePathProtocolGuid ## PRODUCES >- >- ## PRODUCES >- ## SOMETIMES_PRODUCES ## SystemTable >- gEfiUserManagerProtocolGuid >- >-[Depex] >- gEfiHiiDatabaseProtocolGuid AND >- gEfiHiiStringProtocolGuid AND >- gEfiFormBrowser2ProtocolGuid >- >-[UserExtensions.TianoCore."ExtraFiles"] >- UserIdentifyManagerExtra.uni >- >diff --git >a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >agerExtra.uni >b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >agerExtra.uni >deleted file mode 100644 >index 8b7cba7b32..0000000000 >--- >a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >agerExtra.uni >+++ /dev/null >@@ -1,19 +0,0 @@ >-// /** @file >-// UserIdentifyManager Localized Strings and Content >-// >-// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> >-// >-// This program and the accompanying materials >-// are licensed and made available under the terms and conditions of the BSD >License >-// which accompanies this distribution. The full text of the license may be >found at >-// http://opensource.org/licenses/bsd-license.php >-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >-// >-// **/ >- >-#string STR_PROPERTIES_MODULE_NAME >-#language en-US >-"User Identify Manager" >- >- >diff --git >a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >agerStrings.uni >b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >agerStrings.uni >deleted file mode 100644 >index fcbf5005cd..0000000000 >--- >a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >agerStrings.uni >+++ /dev/null >@@ -1,27 +0,0 @@ >-/** @file >- String definitions for the User Identify Manager driver. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php. >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#langdef en-US "English" >-#langdef fr-FR "Francais" >- >-#string STR_TITLE #language en-US "User Identity Manager" >- #language fr-FR "User Identity Manager(French)" >-#string STR_USER_SELECT #language en-US "User Selection" >- #language fr-FR "User Selection(French)" >-#string STR_PROVIDER_SELECT #language en-US "Provider >Selection" >- #language fr-FR "User Selection(French)" >-#string STR_NULL_STRING #language en-US "" >- #language fr-FR "" >- >- >diff --git >a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >agerVfr.Vfr >b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >agerVfr.Vfr >deleted file mode 100644 >index 306679776d..0000000000 >--- >a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >agerVfr.Vfr >+++ /dev/null >@@ -1,43 +0,0 @@ >-/** @file >- User identify manager formset. >- >-Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#include "UserIdentifyManagerData.h" >- >-formset >- guid = USER_IDENTIFY_MANAGER_GUID, >- title = STRING_TOKEN(STR_TITLE), >- help = STRING_TOKEN(STR_NULL_STRING), >- classguid = USER_IDENTIFY_MANAGER_GUID, >- >- form formid = FORMID_USER_FORM, >- title = STRING_TOKEN(STR_USER_SELECT); >- >- suppressif TRUE; >- text >- help = STRING_TOKEN(STR_NULL_STRING), >- text = STRING_TOKEN(STR_NULL_STRING), >- flags = INTERACTIVE, >- key = FORM_OPEN_QUESTION_ID; >- endif; >- >- label LABEL_USER_NAME; >- label LABEL_END; >- endform; >- >- form formid = FORMID_PROVIDER_FORM, >- title = STRING_TOKEN(STR_PROVIDER_SELECT); >- label LABEL_PROVIDER_NAME; >- label LABEL_END; >- endform; >-endformset; >\ No newline at end of file >diff --git >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyAccessPolic >y.c >b/SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyAccessPolic >y.c >deleted file mode 100644 >index 56d3b1df98..0000000000 >--- >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyAccessPolic >y.c >+++ /dev/null >@@ -1,688 +0,0 @@ >-/** @file >- The functions for access policy modification. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#include "UserProfileManager.h" >- >-/** >- Collect all the access policy data to mUserInfo.AccessPolicy, >- and save it to user profile. >- >-**/ >-VOID >-SaveAccessPolicy ( >- VOID >- ) >-{ >- EFI_STATUS Status; >- UINTN OffSet; >- UINTN Size; >- EFI_USER_INFO_ACCESS_CONTROL Control; >- EFI_USER_INFO_HANDLE UserInfo; >- EFI_USER_INFO *Info; >- >- if (mUserInfo.AccessPolicy != NULL) { >- FreePool (mUserInfo.AccessPolicy); >- } >- mUserInfo.AccessPolicy = NULL; >- mUserInfo.AccessPolicyLen = 0; >- mUserInfo.AccessPolicyModified = TRUE; >- OffSet = 0; >- >- // >- // Save access right. >- // >- Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL); >- if (mUserInfo.AccessPolicyLen - OffSet < Size) { >- ExpandMemory (OffSet, Size); >- } >- >- Control.Type = mAccessInfo.AccessRight; >- Control.Size = (UINT32) Size; >- CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); >- OffSet += sizeof (Control); >- >- // >- // Save access setup. >- // >- Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + sizeof (EFI_GUID); >- if (mUserInfo.AccessPolicyLen - OffSet < Size) { >- ExpandMemory (OffSet, Size); >- } >- >- Control.Type = EFI_USER_INFO_ACCESS_SETUP; >- Control.Size = (UINT32) Size; >- CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); >- OffSet += sizeof (Control); >- >- if (mAccessInfo.AccessSetup == ACCESS_SETUP_NORMAL) { >- CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), >&gEfiUserInfoAccessSetupNormalGuid); >- } else if (mAccessInfo.AccessSetup == ACCESS_SETUP_RESTRICTED) { >- CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), >&gEfiUserInfoAccessSetupRestrictedGuid); >- } else if (mAccessInfo.AccessSetup == ACCESS_SETUP_ADMIN) { >- CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), >&gEfiUserInfoAccessSetupAdminGuid); >- } >- OffSet += sizeof (EFI_GUID); >- >- // >- // Save access of boot order. >- // >- Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + sizeof (UINT32); >- if (mUserInfo.AccessPolicyLen - OffSet < Size) { >- ExpandMemory (OffSet, Size); >- } >- >- Control.Type = EFI_USER_INFO_ACCESS_BOOT_ORDER; >- Control.Size = (UINT32) Size; >- CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); >- OffSet += sizeof (Control); >- >- CopyMem ((UINT8 *) (mUserInfo.AccessPolicy + OffSet), >&mAccessInfo.AccessBootOrder, sizeof (UINT32)); >- OffSet += sizeof (UINT32); >- >- // >- // Save permit load. >- // >- if (mAccessInfo.LoadPermitLen > 0) { >- Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + >mAccessInfo.LoadPermitLen; >- if (mUserInfo.AccessPolicyLen - OffSet < Size) { >- ExpandMemory (OffSet, Size); >- } >- >- Control.Type = EFI_USER_INFO_ACCESS_PERMIT_LOAD; >- Control.Size = (UINT32) Size; >- CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); >- OffSet += sizeof (Control); >- >- CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.LoadPermit, >mAccessInfo.LoadPermitLen); >- OffSet += mAccessInfo.LoadPermitLen; >- } >- >- // >- // Save forbid load. >- // >- if (mAccessInfo.LoadForbidLen > 0) { >- Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + >mAccessInfo.LoadForbidLen; >- if (mUserInfo.AccessPolicyLen - OffSet < Size) { >- ExpandMemory (OffSet, Size); >- } >- >- Control.Type = EFI_USER_INFO_ACCESS_FORBID_LOAD; >- Control.Size = (UINT32) Size; >- CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); >- OffSet += sizeof (Control); >- >- CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.LoadForbid, >mAccessInfo.LoadForbidLen); >- OffSet += mAccessInfo.LoadForbidLen; >- } >- >- // >- // Save permit connect. >- // >- if (mAccessInfo.ConnectPermitLen > 0) { >- Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + >mAccessInfo.ConnectPermitLen; >- if (mUserInfo.AccessPolicyLen - OffSet < Size) { >- ExpandMemory (OffSet, Size); >- } >- >- Control.Type = EFI_USER_INFO_ACCESS_PERMIT_CONNECT; >- Control.Size = (UINT32) Size; >- CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); >- OffSet += sizeof (Control); >- >- CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.ConnectPermit, >mAccessInfo.ConnectPermitLen); >- OffSet += mAccessInfo.ConnectPermitLen; >- } >- >- // >- // Save forbid connect. >- // >- if (mAccessInfo.ConnectForbidLen > 0) { >- Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + >mAccessInfo.ConnectForbidLen; >- if (mUserInfo.AccessPolicyLen - OffSet < Size) { >- ExpandMemory (OffSet, Size); >- } >- >- Control.Type = EFI_USER_INFO_ACCESS_FORBID_CONNECT; >- Control.Size = (UINT32) Size; >- CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); >- OffSet += sizeof (Control); >- >- CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.ConnectForbid, >mAccessInfo.ConnectForbidLen); >- OffSet += mAccessInfo.ConnectForbidLen; >- } >- >- mUserInfo.AccessPolicyLen = OffSet; >- >- // >- // Save access policy. >- // >- if (mUserInfo.AccessPolicyModified && (mUserInfo.AccessPolicyLen > 0) >&& (mUserInfo.AccessPolicy != NULL)) { >- Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + >mUserInfo.AccessPolicyLen); >- if (Info == NULL) { >- return ; >- } >- >- Status = FindInfoByType (mModifyUser, >EFI_USER_INFO_ACCESS_POLICY_RECORD, &UserInfo); >- if (!EFI_ERROR (Status)) { >- Info->InfoType = EFI_USER_INFO_ACCESS_POLICY_RECORD; >- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >- EFI_USER_INFO_PUBLIC | >- EFI_USER_INFO_EXCLUSIVE; >- Info->InfoSize = (UINT32) (sizeof (EFI_USER_INFO) + >mUserInfo.AccessPolicyLen); >- CopyMem ((UINT8 *) (Info + 1), mUserInfo.AccessPolicy, >mUserInfo.AccessPolicyLen); >- Status = mUserManager->SetInfo ( >- mUserManager, >- mModifyUser, >- &UserInfo, >- Info, >- Info->InfoSize >- ); >- mUserInfo.AccessPolicyModified = FALSE; >- } >- FreePool (Info); >- } >- >- if (mAccessInfo.ConnectForbid != NULL) { >- FreePool (mAccessInfo.ConnectForbid); >- mAccessInfo.ConnectForbid = NULL; >- } >- >- if (mAccessInfo.ConnectPermit != NULL) { >- FreePool (mAccessInfo.ConnectPermit); >- mAccessInfo.ConnectPermit = NULL; >- } >- >- if (mAccessInfo.LoadForbid != NULL) { >- FreePool (mAccessInfo.LoadForbid); >- mAccessInfo.LoadForbid = NULL; >- } >- >- if (mAccessInfo.LoadPermit != NULL) { >- FreePool (mAccessInfo.LoadPermit); >- mAccessInfo.LoadPermit = NULL; >- } >-} >- >-/** >- Create an action OpCode with QuestionID and DevicePath on a given >OpCodeHandle. >- >- @param[in] QuestionID The question ID. >- @param[in] DevicePath Points to device path. >- @param[in] OpCodeHandle Points to container for dynamic created >opcodes. >- >-**/ >-VOID >-AddDevicePath ( >- IN UINTN QuestionID, >- IN EFI_DEVICE_PATH_PROTOCOL *DevicePath, >- IN VOID *OpCodeHandle >- ) >-{ >- EFI_DEVICE_PATH_PROTOCOL *Next; >- EFI_STRING_ID NameID; >- EFI_STRING DriverName; >- >- // >- // Get driver file name node. >- // >- Next = DevicePath; >- while (!IsDevicePathEnd (Next)) { >- DevicePath = Next; >- Next = NextDevicePathNode (Next); >- } >- >- // >- // Display the device path in form. >- // >- DriverName = ConvertDevicePathToText (DevicePath, FALSE, FALSE); >- NameID = HiiSetString (mCallbackInfo->HiiHandle, 0, DriverName, NULL); >- FreePool (DriverName); >- if (NameID == 0) { >- return ; >- } >- >- HiiCreateActionOpCode ( >- OpCodeHandle, // Container for dynamic created opcodes >- (UINT16) QuestionID, // Question ID >- NameID, // Prompt text >- STRING_TOKEN (STR_NULL_STRING), // Help text >- EFI_IFR_FLAG_CALLBACK, // Question flag >- 0 // Action String ID >- ); >-} >- >- >-/** >- Check whether the DevicePath is in the device path forbid list >- (mAccessInfo.LoadForbid). >- >- @param[in] DevicePath Points to device path. >- >- @retval TRUE The DevicePath is in the device path forbid list. >- @retval FALSE The DevicePath is not in the device path forbid list. >- >-**/ >-BOOLEAN >-IsLoadForbidden ( >- IN EFI_DEVICE_PATH_PROTOCOL *DevicePath >- ) >-{ >- UINTN OffSet; >- UINTN DPSize; >- UINTN Size; >- EFI_DEVICE_PATH_PROTOCOL *Dp; >- >- OffSet = 0; >- Size = GetDevicePathSize (DevicePath); >- // >- // Check each device path. >- // >- while (OffSet < mAccessInfo.LoadForbidLen) { >- Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + >OffSet); >- DPSize = GetDevicePathSize (Dp); >- // >- // Compare device path. >- // >- if ((DPSize == Size) && (CompareMem (DevicePath, Dp, Size) == 0)) { >- return TRUE; >- } >- OffSet += DPSize; >- } >- return FALSE; >-} >- >- >-/** >- Display the permit load device path in the loadable device path list. >- >-**/ >-VOID >-DisplayLoadPermit( >- VOID >- ) >-{ >- EFI_STATUS Status; >- CHAR16 *Order; >- UINTN OrderSize; >- UINTN ListCount; >- UINTN Index; >- UINT8 *Var; >- UINT8 *VarPtr; >- CHAR16 VarName[12]; >- VOID *StartOpCodeHandle; >- VOID *EndOpCodeHandle; >- EFI_IFR_GUID_LABEL *StartLabel; >- EFI_IFR_GUID_LABEL *EndLabel; >- >- // >- // Get DriverOrder. >- // >- OrderSize = 0; >- Status = gRT->GetVariable ( >- L"DriverOrder", >- &gEfiGlobalVariableGuid, >- NULL, >- &OrderSize, >- NULL >- ); >- if (Status != EFI_BUFFER_TOO_SMALL) { >- return ; >- } >- >- Order = AllocateZeroPool (OrderSize); >- if (Order == NULL) { >- return ; >- } >- >- Status = gRT->GetVariable ( >- L"DriverOrder", >- &gEfiGlobalVariableGuid, >- NULL, >- &OrderSize, >- Order >- ); >- if (EFI_ERROR (Status)) { >- return ; >- } >- >- // >- // Initialize the container for dynamic opcodes. >- // >- StartOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (StartOpCodeHandle != NULL); >- >- EndOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (EndOpCodeHandle != NULL); >- >- // >- // Create Hii Extend Label OpCode. >- // >- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- StartOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- StartLabel->Number = LABEL_PERMIT_LOAD_FUNC; >- >- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- EndOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- EndLabel->Number = LABEL_END; >- >- // >- // Add each driver option. >- // >- Var = NULL; >- ListCount = OrderSize / sizeof (UINT16); >- for (Index = 0; Index < ListCount; Index++) { >- // >- // Get driver device path. >- // >- UnicodeSPrint (VarName, sizeof (VarName), L"Driver%04x", Order[Index]); >- GetEfiGlobalVariable2 (VarName, (VOID**)&Var, NULL); >- if (Var == NULL) { >- continue; >- } >- >- // >- // Check whether the driver is already forbidden. >- // >- >- VarPtr = Var; >- // >- // Skip attribute. >- // >- VarPtr += sizeof (UINT32); >- >- // >- // Skip device path lenth. >- // >- VarPtr += sizeof (UINT16); >- >- // >- // Skip descript string. >- // >- VarPtr += StrSize ((UINT16 *) VarPtr); >- >- if (IsLoadForbidden ((EFI_DEVICE_PATH_PROTOCOL *) VarPtr)) { >- FreePool (Var); >- Var = NULL; >- continue; >- } >- >- AddDevicePath ( >- KEY_MODIFY_USER | KEY_MODIFY_AP_DP | KEY_LOAD_PERMIT_MODIFY >| Order[Index], >- (EFI_DEVICE_PATH_PROTOCOL *) VarPtr, >- StartOpCodeHandle >- ); >- FreePool (Var); >- Var = NULL; >- } >- >- HiiUpdateForm ( >- mCallbackInfo->HiiHandle, // HII handle >- &gUserProfileManagerGuid, // Formset GUID >- FORMID_PERMIT_LOAD_DP, // Form ID >- StartOpCodeHandle, // Label for where to insert opcodes >- EndOpCodeHandle // Replace data >- ); >- >- HiiFreeOpCodeHandle (StartOpCodeHandle); >- HiiFreeOpCodeHandle (EndOpCodeHandle); >- >- // >- // Clear Environment. >- // >- if (Var != NULL) { >- FreePool (Var); >- } >- FreePool (Order); >-} >- >- >-/** >- Display the forbid load device path list (mAccessInfo.LoadForbid). >- >-**/ >-VOID >-DisplayLoadForbid ( >- VOID >- ) >-{ >- UINTN Offset; >- UINTN DPSize; >- UINTN Index; >- EFI_DEVICE_PATH_PROTOCOL *Dp; >- VOID *StartOpCodeHandle; >- VOID *EndOpCodeHandle; >- EFI_IFR_GUID_LABEL *StartLabel; >- EFI_IFR_GUID_LABEL *EndLabel; >- >- // >- // Initialize the container for dynamic opcodes. >- // >- StartOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (StartOpCodeHandle != NULL); >- >- EndOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (EndOpCodeHandle != NULL); >- >- // >- // Create Hii Extend Label OpCode. >- // >- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- StartOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- StartLabel->Number = LABLE_FORBID_LOAD_FUNC; >- >- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- EndOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- EndLabel->Number = LABEL_END; >- >- // >- // Add each forbid load drivers. >- // >- Offset = 0; >- Index = 0; >- while (Offset < mAccessInfo.LoadForbidLen) { >- Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + >Offset); >- DPSize = GetDevicePathSize (Dp); >- AddDevicePath ( >- KEY_MODIFY_USER | KEY_MODIFY_AP_DP | KEY_LOAD_FORBID_MODIFY >| Index, >- Dp, >- StartOpCodeHandle >- ); >- Index++; >- Offset += DPSize; >- } >- >- HiiUpdateForm ( >- mCallbackInfo->HiiHandle, // HII handle >- &gUserProfileManagerGuid, // Formset GUID >- FORMID_FORBID_LOAD_DP, // Form ID >- StartOpCodeHandle, // Label for where to insert opcodes >- EndOpCodeHandle // Replace data >- ); >- >- HiiFreeOpCodeHandle (StartOpCodeHandle); >- HiiFreeOpCodeHandle (EndOpCodeHandle); >-} >- >- >-/** >- Display the permit connect device path. >- >-**/ >-VOID >-DisplayConnectPermit ( >- VOID >- ) >-{ >- // >- // Note: >- // As no architect protocol/interface to be called in ConnectController() >- // to verify the device path, just add a place holder for permitted connect >- // device path. >- // >-} >- >- >-/** >- Display the forbid connect device path list. >- >-**/ >-VOID >-DisplayConnectForbid ( >- VOID >- ) >-{ >- // >- // Note: >- // As no architect protocol/interface to be called in ConnectController() >- // to verify the device path, just add a place holder for forbidden connect >- // device path. >- // >-} >- >- >-/** >- Delete the specified device path by DriverIndex from the forbid device path >- list (mAccessInfo.LoadForbid). >- >- @param[in] DriverIndex The index of driver in forbidden device path list. >- >-**/ >-VOID >-DeleteFromForbidLoad ( >- IN UINT16 DriverIndex >- ) >-{ >- UINTN OffSet; >- UINTN DPSize; >- UINTN OffLen; >- EFI_DEVICE_PATH_PROTOCOL *Dp; >- >- OffSet = 0; >- // >- // Find the specified device path. >- // >- while ((OffSet < mAccessInfo.LoadForbidLen) && (DriverIndex > 0)) { >- Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + >OffSet); >- DPSize = GetDevicePathSize (Dp); >- OffSet += DPSize; >- DriverIndex--; >- } >- >- // >- // Specified device path found. >- // >- if (DriverIndex == 0) { >- Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + >OffSet); >- DPSize = GetDevicePathSize (Dp); >- OffLen = mAccessInfo.LoadForbidLen - OffSet - DPSize; >- if (OffLen > 0) { >- CopyMem ( >- mAccessInfo.LoadForbid + OffSet, >- mAccessInfo.LoadForbid + OffSet + DPSize, >- OffLen >- ); >- } >- mAccessInfo.LoadForbidLen -= DPSize; >- } >-} >- >- >-/** >- Add the specified device path by DriverIndex to the forbid device path >- list (mAccessInfo.LoadForbid). >- >- @param[in] DriverIndex The index of driver saved in driver options. >- >-**/ >-VOID >-AddToForbidLoad ( >- IN UINT16 DriverIndex >- ) >-{ >- UINTN DevicePathLen; >- UINT8 *Var; >- UINT8 *VarPtr; >- UINTN NewLen; >- UINT8 *NewFL; >- CHAR16 VarName[13]; >- >- // >- // Get loadable driver device path. >- // >- UnicodeSPrint (VarName, sizeof (VarName), L"Driver%04x", DriverIndex); >- GetEfiGlobalVariable2 (VarName, (VOID**)&Var, NULL); >- if (Var == NULL) { >- return; >- } >- >- // >- // Save forbid load driver. >- // >- >- VarPtr = Var; >- // >- // Skip attribute. >- // >- VarPtr += sizeof (UINT32); >- >- DevicePathLen = *(UINT16 *) VarPtr; >- // >- // Skip device path length. >- // >- VarPtr += sizeof (UINT16); >- >- // >- // Skip description string. >- // >- VarPtr += StrSize ((UINT16 *) VarPtr); >- >- NewLen = mAccessInfo.LoadForbidLen + DevicePathLen; >- NewFL = AllocateZeroPool (NewLen); >- if (NewFL == NULL) { >- FreePool (Var); >- return ; >- } >- >- if (mAccessInfo.LoadForbidLen > 0) { >- CopyMem (NewFL, mAccessInfo.LoadForbid, mAccessInfo.LoadForbidLen); >- FreePool (mAccessInfo.LoadForbid); >- } >- >- CopyMem (NewFL + mAccessInfo.LoadForbidLen, VarPtr, DevicePathLen); >- mAccessInfo.LoadForbidLen = NewLen; >- mAccessInfo.LoadForbid = NewFL; >- FreePool (Var); >-} >- >- >diff --git >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyIdentityPoli >cy.c >b/SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyIdentityPoli >cy.c >deleted file mode 100644 >index 602c4a8397..0000000000 >--- >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyIdentityPoli >cy.c >+++ /dev/null >@@ -1,516 +0,0 @@ >-/** @file >- The functions for identification policy modification. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#include "UserProfileManager.h" >- >- >-/** >- Verify the new identity policy in the current implementation. The same >credential >- provider can't appear twice in one identity policy. >- >- @param[in] NewGuid Points to the credential provider guid. >- >- @retval TRUE The NewGuid was found in the identity policy. >- @retval FALSE The NewGuid was not found. >- >-**/ >-BOOLEAN >-ProviderAlreadyInPolicy ( >- IN EFI_GUID *NewGuid >- ) >-{ >- UINTN Offset; >- EFI_USER_INFO_IDENTITY_POLICY *Identity; >- EFI_INPUT_KEY Key; >- >- Offset = 0; >- while (Offset < mUserInfo.NewIdentityPolicyLen) { >- Identity = (EFI_USER_INFO_IDENTITY_POLICY *) >(mUserInfo.NewIdentityPolicy + Offset); >- if (Identity->Type == EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER) { >- if (CompareGuid (NewGuid, (EFI_GUID *) (Identity + 1))) { >- CreatePopUp ( >- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >- &Key, >- L"This Credential Provider Are Already Used!", >- L"", >- L"Press Any Key to Continue ...", >- NULL >- ); >- return TRUE; >- } >- } >- Offset += Identity->Length; >- } >- >- return FALSE; >-} >- >- >-/** >- Add the user's credential record in the provider. >- >- @param[in] Identity Identity policy item including credential provider. >- @param[in] User Points to user profile. >- >- @retval EFI_SUCCESS Add or delete record successfully. >- @retval Others Fail to add or delete record. >- >-**/ >-EFI_STATUS >-EnrollUserOnProvider ( >- IN EFI_USER_INFO_IDENTITY_POLICY *Identity, >- IN EFI_USER_PROFILE_HANDLE User >- ) >-{ >- UINTN Index; >- EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential; >- >- // >- // Find the specified credential provider. >- // >- for (Index = 0; Index < mProviderInfo->Count; Index++) { >- UserCredential = mProviderInfo->Provider[Index]; >- if (CompareGuid ((EFI_GUID *)(Identity + 1), &UserCredential->Identifier)) >{ >- return UserCredential->Enroll (UserCredential, User); >- } >- } >- >- return EFI_NOT_FOUND; >-} >- >- >-/** >- Delete the User's credential record on the provider. >- >- @param[in] Identity Point to >EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER user info. >- @param[in] User Points to user profile. >- >- @retval EFI_SUCCESS Delete User's credential record successfully. >- @retval Others Fail to add or delete record. >- >-**/ >-EFI_STATUS >-DeleteUserOnProvider ( >- IN EFI_USER_INFO_IDENTITY_POLICY *Identity, >- IN EFI_USER_PROFILE_HANDLE User >- ) >-{ >- UINTN Index; >- EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential; >- >- // >- // Find the specified credential provider. >- // >- for (Index = 0; Index < mProviderInfo->Count; Index++) { >- UserCredential = mProviderInfo->Provider[Index]; >- if (CompareGuid ((EFI_GUID *)(Identity + 1), &UserCredential->Identifier)) >{ >- return UserCredential->Delete (UserCredential, User); >- } >- } >- >- return EFI_NOT_FOUND; >-} >- >- >-/** >- Delete User's credental from all the providers that exist in User's identity >policy. >- >- @param[in] IdentityPolicy Point to User's identity policy. >- @param[in] IdentityPolicyLen The length of the identity policy. >- @param[in] User Points to user profile. >- >-**/ >-VOID >-DeleteCredentialFromProviders ( >- IN UINT8 *IdentityPolicy, >- IN UINTN IdentityPolicyLen, >- IN EFI_USER_PROFILE_HANDLE User >- ) >-{ >- EFI_USER_INFO_IDENTITY_POLICY *Identity; >- UINTN Offset; >- >- Offset = 0; >- while (Offset < IdentityPolicyLen) { >- Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (IdentityPolicy + Offset); >- if (Identity->Type == EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER) { >- // >- // Delete the user on this provider. >- // >- DeleteUserOnProvider (Identity, User); >- } >- Offset += Identity->Length; >- } >- >-} >- >- >-/** >- Remove the provider specified by Offset from the new user identification >record. >- >- @param[in] IdentityPolicy Point to user identity item in new identification >policy. >- @param[in] Offset The item offset in the new identification policy. >- >-**/ >-VOID >-DeleteProviderFromPolicy ( >- IN EFI_USER_INFO_IDENTITY_POLICY *IdentityPolicy, >- IN UINTN Offset >- ) >-{ >- UINTN RemainingLen; >- UINTN DeleteLen; >- >- if (IdentityPolicy->Length == mUserInfo.NewIdentityPolicyLen) { >- // >- // Only one credential provider in the identification policy. >- // Set the new policy to be TRUE after removed the provider. >- // >- IdentityPolicy->Type = EFI_USER_INFO_IDENTITY_TRUE; >- IdentityPolicy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY); >- mUserInfo.NewIdentityPolicyLen = IdentityPolicy->Length; >- return ; >- } >- >- DeleteLen = IdentityPolicy->Length + >sizeof(EFI_USER_INFO_IDENTITY_POLICY); >- if ((Offset + IdentityPolicy->Length) != mUserInfo.NewIdentityPolicyLen) { >- // >- // This provider is not the last item in the identification policy, delete it and >the connector. >- // >- RemainingLen = mUserInfo.NewIdentityPolicyLen - Offset - DeleteLen; >- CopyMem ((UINT8 *) IdentityPolicy, (UINT8 *) IdentityPolicy + DeleteLen, >RemainingLen); >- } >- mUserInfo.NewIdentityPolicyLen -= DeleteLen; >-} >- >- >-/** >- Add a new provider to the mUserInfo.NewIdentityPolicy. >- >- It is invoked when 'add option' in UI is pressed. >- >- @param[in] NewGuid Points to the credential provider guid. >- >-**/ >-VOID >-AddProviderToPolicy ( >- IN EFI_GUID *NewGuid >- ) >-{ >- UINT8 *NewPolicyInfo; >- UINTN NewPolicyInfoLen; >- EFI_USER_INFO_IDENTITY_POLICY *Policy; >- >- // >- // Allocate memory for the new identity policy. >- // >- NewPolicyInfoLen = mUserInfo.NewIdentityPolicyLen + sizeof >(EFI_USER_INFO_IDENTITY_POLICY) + sizeof (EFI_GUID); >- if (mUserInfo.NewIdentityPolicyLen > 0) { >- // >- // It is not the first provider in the policy. Add a connector before provider. >- // >- NewPolicyInfoLen += sizeof (EFI_USER_INFO_IDENTITY_POLICY); >- } >- NewPolicyInfo = AllocateZeroPool (NewPolicyInfoLen); >- if (NewPolicyInfo == NULL) { >- return ; >- } >- >- NewPolicyInfoLen = 0; >- if (mUserInfo.NewIdentityPolicyLen > 0) { >- // >- // Save orginal policy. >- // >- CopyMem (NewPolicyInfo, mUserInfo.NewIdentityPolicy, >mUserInfo.NewIdentityPolicyLen); >- >- // >- // Save logical connector. >- // >- Policy = (EFI_USER_INFO_IDENTITY_POLICY *) (NewPolicyInfo + >mUserInfo.NewIdentityPolicyLen); >- if (mConncetLogical == 0) { >- Policy->Type = EFI_USER_INFO_IDENTITY_AND; >- } else { >- Policy->Type = EFI_USER_INFO_IDENTITY_OR; >- } >- >- Policy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY); >- NewPolicyInfoLen = mUserInfo.NewIdentityPolicyLen + Policy->Length; >- FreePool (mUserInfo.NewIdentityPolicy); >- } >- >- // >- // Save credential provider. >- // >- Policy = (EFI_USER_INFO_IDENTITY_POLICY *) (NewPolicyInfo + >NewPolicyInfoLen); >- Policy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY) + sizeof >(EFI_GUID); >- Policy->Type = EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER; >- CopyGuid ((EFI_GUID *) (Policy + 1), NewGuid); >- NewPolicyInfoLen += Policy->Length; >- >- // >- // Update identity policy choice. >- // >- mUserInfo.NewIdentityPolicy = NewPolicyInfo; >- mUserInfo.NewIdentityPolicyLen = NewPolicyInfoLen; >- mUserInfo.NewIdentityPolicyModified = TRUE; >-} >- >- >-/** >- This function replaces the old identity policy with a new identity policy. >- >- This function delete the user identity policy information. >- If enroll new credential failed, recover the old identity policy. >- >- @retval EFI_SUCCESS Modify user identity policy successfully. >- @retval Others Fail to modify user identity policy. >- >-**/ >-EFI_STATUS >-UpdateCredentialProvider ( >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO_IDENTITY_POLICY *Identity; >- UINTN Offset; >- >- // >- // Delete the old identification policy. >- // >- DeleteCredentialFromProviders (mUserInfo.IdentityPolicy, >mUserInfo.IdentityPolicyLen, mModifyUser); >- >- // >- // Add the new identification policy. >- // >- Offset = 0; >- while (Offset < mUserInfo.NewIdentityPolicyLen) { >- Identity = (EFI_USER_INFO_IDENTITY_POLICY *) >(mUserInfo.NewIdentityPolicy + Offset); >- if (Identity->Type == EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER) { >- // >- // Enroll the user on this provider >- // >- Status = EnrollUserOnProvider (Identity, mModifyUser); >- if (EFI_ERROR (Status)) { >- // >- // Failed to enroll the user by new identification policy. >- // So removed the credential provider from the identification policy >- // >- DeleteProviderFromPolicy (Identity, Offset); >- continue; >- } >- } >- Offset += Identity->Length; >- } >- >- return EFI_SUCCESS; >-} >- >- >-/** >- Check whether the identity policy is valid. >- >- @param[in] PolicyInfo Point to the identity policy. >- @param[in] PolicyInfoLen The policy length. >- >- @retval TRUE The policy is a valid identity policy. >- @retval FALSE The policy is not a valid identity policy. >- >-**/ >-BOOLEAN >-CheckNewIdentityPolicy ( >- IN UINT8 *PolicyInfo, >- IN UINTN PolicyInfoLen >- ) >-{ >- EFI_USER_INFO_IDENTITY_POLICY *Identity; >- EFI_INPUT_KEY Key; >- UINTN Offset; >- UINT32 OpCode; >- >- // >- // Check policy expression. >- // >- OpCode = EFI_USER_INFO_IDENTITY_FALSE; >- Offset = 0; >- while (Offset < PolicyInfoLen) { >- // >- // Check identification policy according to type >- // >- Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (PolicyInfo + Offset); >- switch (Identity->Type) { >- >- case EFI_USER_INFO_IDENTITY_TRUE: >- break; >- >- case EFI_USER_INFO_IDENTITY_OR: >- if (OpCode == EFI_USER_INFO_IDENTITY_AND) { >- CreatePopUp ( >- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >- &Key, >- L"Invalid Identity Policy, Mixed Connector Unsupport!", >- L"", >- L"Press Any Key to Continue ...", >- NULL >- ); >- return FALSE; >- } >- >- OpCode = EFI_USER_INFO_IDENTITY_OR; >- break; >- >- case EFI_USER_INFO_IDENTITY_AND: >- if (OpCode == EFI_USER_INFO_IDENTITY_OR) { >- CreatePopUp ( >- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >- &Key, >- L"Invalid Identity Policy, Mixed Connector Unsupport!", >- L"", >- L"Press Any Key to Continue ...", >- NULL >- ); >- return FALSE; >- } >- >- OpCode = EFI_USER_INFO_IDENTITY_AND; >- break; >- >- case EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER: >- break; >- >- default: >- CreatePopUp ( >- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >- &Key, >- L"Unsupport parameter", >- L"", >- L"Press Any Key to Continue ...", >- NULL >- ); >- return FALSE; >- } >- Offset += Identity->Length; >- } >- >- return TRUE; >-} >- >- >-/** >- Save the identity policy and update UI with it. >- >- This function will verify the new identity policy, in current implementation, >- the identity policy can be: T, P & P & P & ..., P | P | P | ... >- Here, "T" means "True", "P" means "Credential Provider", "&" means "and", >"|" means "or". >- Other identity policies are not supported. >- >-**/ >-VOID >-SaveIdentityPolicy ( >- VOID >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO_HANDLE UserInfo; >- EFI_USER_INFO *Info; >- >- if (!mUserInfo.NewIdentityPolicyModified || >(mUserInfo.NewIdentityPolicyLen == 0)) { >- return; >- } >- >- // >- // Check policy expression. >- // >- if (!CheckNewIdentityPolicy (mUserInfo.NewIdentityPolicy, >mUserInfo.NewIdentityPolicyLen)) { >- return; >- } >- >- Status = FindInfoByType (mModifyUser, >EFI_USER_INFO_IDENTITY_POLICY_RECORD, &UserInfo); >- if (EFI_ERROR (Status)) { >- return ; >- } >- >- // >- // Update the informantion on credential provider. >- // >- Status = UpdateCredentialProvider (); >- if (EFI_ERROR (Status)) { >- return ; >- } >- >- // >- // Save new identification policy. >- // >- Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + >mUserInfo.NewIdentityPolicyLen); >- ASSERT (Info != NULL); >- >- Info->InfoType = EFI_USER_INFO_IDENTITY_POLICY_RECORD; >- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; >- Info->InfoSize = (UINT32) (sizeof (EFI_USER_INFO) + >mUserInfo.NewIdentityPolicyLen); >- CopyMem ((UINT8 *) (Info + 1), mUserInfo.NewIdentityPolicy, >mUserInfo.NewIdentityPolicyLen); >- >- Status = mUserManager->SetInfo (mUserManager, mModifyUser, >&UserInfo, Info, Info->InfoSize); >- FreePool (Info); >- >- // >- // Update the mUserInfo.IdentityPolicy by mUserInfo.NewIdentityPolicy >- // >- if (mUserInfo.IdentityPolicy != NULL) { >- FreePool (mUserInfo.IdentityPolicy); >- } >- mUserInfo.IdentityPolicy = mUserInfo.NewIdentityPolicy; >- mUserInfo.IdentityPolicyLen = mUserInfo.NewIdentityPolicyLen; >- >- mUserInfo.NewIdentityPolicy = NULL; >- mUserInfo.NewIdentityPolicyLen = 0; >- mUserInfo.NewIdentityPolicyModified = FALSE; >- >- // >- // Update identity policy choice. >- // >- ResolveIdentityPolicy (mUserInfo.IdentityPolicy, >mUserInfo.IdentityPolicyLen, STRING_TOKEN (STR_IDENTIFY_POLICY_VAL)); >-} >- >- >-/** >- Update the mUserInfo.NewIdentityPolicy, and UI when 'add option' is >pressed. >- >-**/ >-VOID >-AddIdentityPolicyItem ( >- VOID >- ) >-{ >- if (mProviderInfo->Count == 0) { >- return ; >- } >- >- // >- // Check the identity policy. >- // >- if (ProviderAlreadyInPolicy (&mProviderInfo->Provider[mProviderChoice]- >>Identifier)) { >- return; >- } >- >- // >- // Add it to identification policy >- // >- AddProviderToPolicy (&mProviderInfo->Provider[mProviderChoice]- >>Identifier); >- >- // >- // Update identity policy choice. >- // >- ResolveIdentityPolicy (mUserInfo.NewIdentityPolicy, >mUserInfo.NewIdentityPolicyLen, STRING_TOKEN >(STR_IDENTIFY_POLICY_VALUE)); >-} >- >- >diff --git >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileAdd.c >b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileAdd.c >deleted file mode 100644 >index 6de7e75e79..0000000000 >--- >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileAdd.c >+++ /dev/null >@@ -1,372 +0,0 @@ >-/** @file >- The functions to add a user profile. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#include "UserProfileManager.h" >- >- >-/** >- Get user name from the popup windows. >- >- @param[in, out] UserNameLen On entry, point to UserName buffer lengh, >in bytes. >- On exit, point to input user name length, in bytes. >- @param[out] UserName The buffer to hold the input user name. >- >- @retval EFI_ABORTED It is given up by pressing 'ESC' key. >- @retval EFI_NOT_READY Not a valid input at all. >- @retval EFI_SUCCESS Get a user name successfully. >- >-**/ >-EFI_STATUS >-GetUserNameInput ( >- IN OUT UINTN *UserNameLen, >- OUT CHAR16 *UserName >- ) >-{ >- EFI_INPUT_KEY Key; >- UINTN NameLen; >- CHAR16 Name[USER_NAME_LENGTH]; >- >- NameLen = 0; >- while (TRUE) { >- Name[NameLen] = L'_'; >- Name[NameLen + 1] = L'\0'; >- CreatePopUp ( >- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >- &Key, >- L"Input User Name", >- L"---------------------", >- Name, >- NULL >- ); >- // >- // Check key. >- // >- if (Key.ScanCode == SCAN_NULL) { >- if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { >- // >- // Add the null terminator. >- // >- Name[NameLen] = 0; >- NameLen++; >- break; >- } else if ((Key.UnicodeChar == CHAR_NULL) || >- (Key.UnicodeChar == CHAR_TAB) || >- (Key.UnicodeChar == CHAR_LINEFEED) >- ) { >- continue; >- } else { >- if (Key.UnicodeChar == CHAR_BACKSPACE) { >- if (NameLen > 0) { >- NameLen--; >- } >- } else { >- Name[NameLen] = Key.UnicodeChar; >- NameLen++; >- if (NameLen + 1 == USER_NAME_LENGTH) { >- // >- // Add the null terminator. >- // >- Name[NameLen] = 0; >- NameLen++; >- break; >- } >- } >- } >- } >- >- if (Key.ScanCode == SCAN_ESC) { >- return EFI_ABORTED; >- } >- } >- >- if (NameLen <= 1) { >- return EFI_NOT_READY; >- } >- >- if (*UserNameLen < NameLen * sizeof (CHAR16)) { >- return EFI_NOT_READY; >- } >- >- *UserNameLen = NameLen * sizeof (CHAR16); >- CopyMem (UserName, Name, *UserNameLen); >- >- return EFI_SUCCESS; >-} >- >-/** >- Set a user's username. >- >- @param[in] User Handle of a user profile . >- @param[in] UserNameLen The lengh of UserName. >- @param[in] UserName Point to the buffer of user name. >- >- @retval EFI_NOT_READY The usernme in mAddUserName had been used. >- @retval EFI_SUCCESS Change the user's username successfully with >- username in mAddUserName. >- >-**/ >-EFI_STATUS >-SetUserName ( >- IN EFI_USER_PROFILE_HANDLE User, >- IN UINTN UserNameLen, >- IN CHAR16 *UserName >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO_HANDLE UserInfo; >- EFI_USER_PROFILE_HANDLE TempUser; >- EFI_USER_INFO *NewUserInfo; >- >- NewUserInfo = AllocateZeroPool (sizeof (EFI_USER_INFO) + UserNameLen); >- ASSERT (NewUserInfo != NULL); >- >- NewUserInfo->InfoType = EFI_USER_INFO_NAME_RECORD; >- NewUserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >- EFI_USER_INFO_PUBLIC | >- EFI_USER_INFO_EXCLUSIVE; >- NewUserInfo->InfoSize = (UINT32) (sizeof (EFI_USER_INFO) + >UserNameLen); >- CopyMem ((UINT8 *) (NewUserInfo + 1), UserName, UserNameLen); >- TempUser = NULL; >- Status = mUserManager->Find ( >- mUserManager, >- &TempUser, >- NULL, >- NewUserInfo, >- NewUserInfo->InfoSize >- ); >- if (!EFI_ERROR (Status)) { >- // >- // The user name had been used, return error. >- // >- FreePool (NewUserInfo); >- return EFI_NOT_READY; >- } >- >- UserInfo = NULL; >- mUserManager->SetInfo ( >- mUserManager, >- User, >- &UserInfo, >- NewUserInfo, >- NewUserInfo->InfoSize >- ); >- FreePool (NewUserInfo); >- return EFI_SUCCESS; >-} >- >- >-/** >- Set create date of the specified user. >- >- @param[in] User Handle of a user profile. >- >-**/ >-VOID >-SetCreateDate ( >- IN EFI_USER_PROFILE_HANDLE User >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO_HANDLE UserInfo; >- EFI_USER_INFO_CREATE_DATE Date; >- EFI_USER_INFO *NewUserInfo; >- >- NewUserInfo = AllocateZeroPool ( >- sizeof (EFI_USER_INFO) + >- sizeof (EFI_USER_INFO_CREATE_DATE) >- ); >- ASSERT (NewUserInfo != NULL); >- >- NewUserInfo->InfoType = EFI_USER_INFO_CREATE_DATE_RECORD; >- NewUserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >- EFI_USER_INFO_PUBLIC | >- EFI_USER_INFO_EXCLUSIVE; >- NewUserInfo->InfoSize = sizeof (EFI_USER_INFO) + sizeof >(EFI_USER_INFO_CREATE_DATE); >- Status = gRT->GetTime (&Date, NULL); >- if (EFI_ERROR (Status)) { >- FreePool (NewUserInfo); >- return ; >- } >- >- CopyMem ((UINT8 *) (NewUserInfo + 1), &Date, sizeof >(EFI_USER_INFO_CREATE_DATE)); >- UserInfo = NULL; >- mUserManager->SetInfo ( >- mUserManager, >- User, >- &UserInfo, >- NewUserInfo, >- NewUserInfo->InfoSize >- ); >- FreePool (NewUserInfo); >-} >- >- >-/** >- Set the default identity policy of the specified user. >- >- @param[in] User Handle of a user profile. >- >-**/ >-VOID >-SetIdentityPolicy ( >- IN EFI_USER_PROFILE_HANDLE User >- ) >-{ >- EFI_USER_INFO_IDENTITY_POLICY *Policy; >- EFI_USER_INFO_HANDLE UserInfo; >- EFI_USER_INFO *NewUserInfo; >- >- NewUserInfo = AllocateZeroPool ( >- sizeof (EFI_USER_INFO) + >- sizeof (EFI_USER_INFO_IDENTITY_POLICY) >- ); >- ASSERT (NewUserInfo != NULL); >- >- Policy = (EFI_USER_INFO_IDENTITY_POLICY *) (NewUserInfo + 1); >- Policy->Type = EFI_USER_INFO_IDENTITY_TRUE; >- Policy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY); >- >- NewUserInfo->InfoType = EFI_USER_INFO_IDENTITY_POLICY_RECORD; >- NewUserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >- EFI_USER_INFO_PUBLIC | >- EFI_USER_INFO_EXCLUSIVE; >- NewUserInfo->InfoSize = sizeof (EFI_USER_INFO) + Policy->Length; >- UserInfo = NULL; >- mUserManager->SetInfo ( >- mUserManager, >- User, >- &UserInfo, >- NewUserInfo, >- NewUserInfo->InfoSize >- ); >- FreePool (NewUserInfo); >-} >- >- >-/** >- Set the default access policy of the specified user. >- >- @param[in] User Handle of a user profile. >- >-**/ >-VOID >-SetAccessPolicy ( >- IN EFI_USER_PROFILE_HANDLE User >- ) >-{ >- EFI_USER_INFO_ACCESS_CONTROL *Control; >- EFI_USER_INFO_HANDLE UserInfo; >- EFI_USER_INFO *NewUserInfo; >- >- NewUserInfo = AllocateZeroPool ( >- sizeof (EFI_USER_INFO) + >- sizeof (EFI_USER_INFO_ACCESS_CONTROL) >- ); >- ASSERT (NewUserInfo != NULL); >- >- Control = (EFI_USER_INFO_ACCESS_CONTROL *) (NewUserInfo + >1); >- Control->Type = EFI_USER_INFO_ACCESS_ENROLL_SELF; >- Control->Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL); >- >- NewUserInfo->InfoType = EFI_USER_INFO_ACCESS_POLICY_RECORD; >- NewUserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >- EFI_USER_INFO_PUBLIC | >- EFI_USER_INFO_EXCLUSIVE; >- NewUserInfo->InfoSize = sizeof (EFI_USER_INFO) + Control->Size; >- UserInfo = NULL; >- mUserManager->SetInfo ( >- mUserManager, >- User, >- &UserInfo, >- NewUserInfo, >- NewUserInfo->InfoSize >- ); >- FreePool (NewUserInfo); >-} >- >- >-/** >- Add a new user profile into the user profile database. >- >-**/ >-VOID >-CallAddUser ( >- VOID >- ) >-{ >- EFI_STATUS Status; >- EFI_INPUT_KEY Key; >- EFI_USER_PROFILE_HANDLE User; >- UINTN UserNameLen; >- CHAR16 UserName[USER_NAME_LENGTH]; >- CHAR16 *QuestionStr; >- CHAR16 *PromptStr; >- >- QuestionStr = NULL; >- PromptStr = NULL; >- >- // >- // Get user name to add. >- // >- UserNameLen = sizeof (UserName); >- Status = GetUserNameInput (&UserNameLen, UserName); >- if (EFI_ERROR (Status)) { >- if (Status != EFI_ABORTED) { >- QuestionStr = GetStringById (STRING_TOKEN >(STR_GET_USERNAME_FAILED)); >- PromptStr = GetStringById (STRING_TOKEN >(STR_STROKE_KEY_CONTINUE)); >- goto Done; >- } >- return ; >- } >- >- // >- // Create a new user profile. >- // >- User = NULL; >- Status = mUserManager->Create (mUserManager, &User); >- if (EFI_ERROR (Status)) { >- QuestionStr = GetStringById (STRING_TOKEN >(STR_CREATE_PROFILE_FAILED)); >- PromptStr = GetStringById (STRING_TOKEN >(STR_STROKE_KEY_CONTINUE)); >- } else { >- // >- // Add default user information. >- // >- Status = SetUserName (User, UserNameLen, UserName); >- if (EFI_ERROR (Status)) { >- QuestionStr = GetStringById (STRING_TOKEN >(STR_USER_ALREADY_EXISTED)); >- PromptStr = GetStringById (STRING_TOKEN >(STR_STROKE_KEY_CONTINUE)); >- goto Done; >- } >- >- SetCreateDate (User); >- SetIdentityPolicy (User); >- SetAccessPolicy (User); >- >- QuestionStr = GetStringById (STRING_TOKEN >(STR_CREATE_PROFILE_SUCCESS)); >- PromptStr = GetStringById (STRING_TOKEN >(STR_STROKE_KEY_CONTINUE)); >- } >- >-Done: >- CreatePopUp ( >- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >- &Key, >- QuestionStr, >- L"", >- PromptStr, >- NULL >- ); >- FreePool (QuestionStr); >- FreePool (PromptStr); >-} >- >diff --git >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileDelete. >c >b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileDelete. >c >deleted file mode 100644 >index af5d3109dd..0000000000 >--- >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileDelete. >c >+++ /dev/null >@@ -1,343 +0,0 @@ >-/** @file >- The functions to delete a user profile. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#include "UserProfileManager.h" >- >-/** >- Get the username from the specified user. >- >- @param[in] User Handle of a user profile. >- >- @retval EFI_STRING_ID The String Id of the user's username. >- >-**/ >-EFI_STRING_ID >-GetUserName ( >- IN EFI_USER_PROFILE_HANDLE User >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO_HANDLE UserInfo; >- EFI_USER_INFO *Info; >- UINTN InfoSize; >- UINTN MemSize; >- UINTN NameLen; >- CHAR16 UserName[USER_NAME_LENGTH]; >- EFI_STRING_ID UserId; >- >- // >- // Allocate user information memory. >- // >- MemSize = sizeof (EFI_USER_INFO) + 63; >- Info = AllocateZeroPool (MemSize); >- ASSERT (Info != NULL); >- >- // >- // Get user name information. >- // >- UserInfo = NULL; >- while (TRUE) { >- InfoSize = MemSize; >- // >- // Get next user information. >- // >- Status = mUserManager->GetNextInfo ( >- mUserManager, >- User, >- &UserInfo >- ); >- if (EFI_ERROR (Status)) { >- break; >- } >- >- Status = mUserManager->GetInfo ( >- mUserManager, >- User, >- UserInfo, >- Info, >- &InfoSize >- ); >- if (Status == EFI_BUFFER_TOO_SMALL) { >- MemSize = InfoSize; >- FreePool (Info); >- Info = AllocateZeroPool (MemSize); >- ASSERT (Info != NULL); >- >- Status = mUserManager->GetInfo ( >- mUserManager, >- User, >- UserInfo, >- Info, >- &InfoSize >- ); >- } >- // >- // Check user information. >- // >- if (Status == EFI_SUCCESS) { >- if (Info->InfoType == EFI_USER_INFO_NAME_RECORD) { >- NameLen = Info->InfoSize - sizeof (EFI_USER_INFO); >- if (NameLen > USER_NAME_LENGTH * sizeof (CHAR16)) { >- NameLen = USER_NAME_LENGTH * sizeof (CHAR16); >- } >- ASSERT (NameLen >= sizeof (CHAR16)); >- CopyMem (UserName, (UINT8 *) (Info + 1), NameLen); >- UserName[NameLen / sizeof (CHAR16) - 1] = 0; >- UserId = HiiSetString ( >- mCallbackInfo->HiiHandle, >- 0, >- UserName, >- NULL >- ); >- if (UserId != 0) { >- FreePool (Info); >- return UserId; >- } >- } >- } >- } >- >- FreePool (Info); >- return 0; >-} >- >- >-/** >- Add a username item in form. >- >- @param[in] User Points to the user profile whose username is added. >- @param[in] Index The index of the user in the user name list >- @param[in] OpCodeHandle Points to container for dynamic created >opcodes. >- >-**/ >-VOID >-AddUserToForm ( >- IN EFI_USER_PROFILE_HANDLE User, >- IN UINT16 Index, >- IN VOID *OpCodeHandle >- ) >-{ >- EFI_STRING_ID NameId; >- >- // >- // Get user name >- // >- NameId = GetUserName (User); >- if (NameId == 0) { >- return ; >- } >- >- // >- // Create user name option. >- // >- switch (Index & KEY_FIRST_FORM_MASK) { >- case KEY_MODIFY_USER: >- HiiCreateGotoOpCode ( >- OpCodeHandle, // Container for dynamic created opcodes >- FORMID_USER_INFO, // Target Form ID >- NameId, // Prompt text >- STRING_TOKEN (STR_NULL_STRING), // Help text >- EFI_IFR_FLAG_CALLBACK, // Question flag >- Index // Question ID >- ); >- break; >- >- case KEY_DEL_USER: >- HiiCreateActionOpCode ( >- OpCodeHandle, // Container for dynamic created opcodes >- Index, // Question ID >- NameId, // Prompt text >- STRING_TOKEN (STR_NULL_STRING), // Help text >- EFI_IFR_FLAG_CALLBACK, // Question flag >- 0 // Action String ID >- ); >- break; >- >- default: >- break; >- } >-} >- >- >-/** >- Delete the user specified by UserIndex in user profile database. >- >- @param[in] UserIndex The index of user in the user name list >- to be deleted. >- >-**/ >-VOID >-DeleteUser ( >- IN UINT8 UserIndex >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_PROFILE_HANDLE User; >- EFI_INPUT_KEY Key; >- EFI_USER_INFO_HANDLE UserInfo; >- EFI_USER_INFO *Info; >- UINTN InfoSize; >- >- // >- // Find specified user profile and delete it. >- // >- User = NULL; >- Status = mUserManager->GetNext (mUserManager, &User); >- if (EFI_ERROR (Status)) { >- goto Done; >- } >- >- while (UserIndex > 1) { >- Status = mUserManager->GetNext (mUserManager, &User); >- if (EFI_ERROR (Status)) { >- goto Done; >- } >- UserIndex--; >- } >- >- if (UserIndex == 1) { >- // >- // Get the identification policy. >- // >- Status = FindInfoByType (User, >EFI_USER_INFO_IDENTITY_POLICY_RECORD, &UserInfo); >- if (EFI_ERROR (Status)) { >- goto Done; >- } >- >- InfoSize = 0; >- Info = NULL; >- Status = mUserManager->GetInfo (mUserManager, User, UserInfo, Info, >&InfoSize); >- if (Status == EFI_BUFFER_TOO_SMALL) { >- Info = AllocateZeroPool (InfoSize); >- if (Info == NULL) { >- goto Done; >- } >- Status = mUserManager->GetInfo (mUserManager, User, UserInfo, Info, >&InfoSize); >- } >- >- // >- // Delete the user on the credential providers by its identification policy. >- // >- ASSERT (Info != NULL); >- DeleteCredentialFromProviders ((UINT8 *)(Info + 1), Info->InfoSize - sizeof >(EFI_USER_INFO), User); >- FreePool (Info); >- >- Status = mUserManager->Delete (mUserManager, User); >- if (EFI_ERROR (Status)) { >- goto Done; >- } >- CreatePopUp ( >- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >- &Key, >- L"Delete User Succeed!", >- L"", >- L"Please Press Any Key to Continue ...", >- NULL >- ); >- return ; >- } >- >-Done: >- CreatePopUp ( >- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >- &Key, >- L"Delete User Failed!", >- L"", >- L"Please Press Any Key to Continue ...", >- NULL >- ); >-} >- >- >-/** >- Display user select form, cab select a user to delete. >- >-**/ >-VOID >-SelectUserToDelete ( >- VOID >- ) >-{ >- EFI_STATUS Status; >- UINT8 Index; >- EFI_USER_PROFILE_HANDLE User; >- EFI_USER_PROFILE_HANDLE CurrentUser; >- VOID *StartOpCodeHandle; >- VOID *EndOpCodeHandle; >- EFI_IFR_GUID_LABEL *StartLabel; >- EFI_IFR_GUID_LABEL *EndLabel; >- >- // >- // Initialize the container for dynamic opcodes. >- // >- StartOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (StartOpCodeHandle != NULL); >- >- EndOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (EndOpCodeHandle != NULL); >- >- // >- // Create Hii Extend Label OpCode. >- // >- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- StartOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- StartLabel->Number = LABEL_USER_DEL_FUNC; >- >- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- EndOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- EndLabel->Number = LABEL_END; >- >- // >- // Add each user can be deleted. >- // >- User = NULL; >- Index = 1; >- mUserManager->Current (mUserManager, &CurrentUser); >- while (TRUE) { >- Status = mUserManager->GetNext (mUserManager, &User); >- if (EFI_ERROR (Status)) { >- break; >- } >- >- if (User != CurrentUser) { >- AddUserToForm ( >- User, >- (UINT16)(KEY_DEL_USER | KEY_SELECT_USER | Index), >- StartOpCodeHandle >- ); >- } >- Index++; >- } >- >- HiiUpdateForm ( >- mCallbackInfo->HiiHandle, // HII handle >- &gUserProfileManagerGuid, // Formset GUID >- FORMID_DEL_USER, // Form ID >- StartOpCodeHandle, // Label for where to insert opcodes >- EndOpCodeHandle // Replace data >- ); >- >- HiiFreeOpCodeHandle (StartOpCodeHandle); >- HiiFreeOpCodeHandle (EndOpCodeHandle); >-} >diff --git >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >er.c >b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >er.c >deleted file mode 100644 >index e73ba3a8fc..0000000000 >--- >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >er.c >+++ /dev/null >@@ -1,887 +0,0 @@ >-/** @file >- This driver is a configuration tool for adding, deleting or modifying user >- profiles, including gathering the necessary information to ascertain their >- identity in the future, updating user access policy and identification >- policy, etc. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-(C) Copyright 2018 Hewlett Packard Enterprise Development LP<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#include "UserProfileManager.h" >- >-EFI_USER_MANAGER_PROTOCOL *mUserManager = NULL; >-CREDENTIAL_PROVIDER_INFO *mProviderInfo = NULL; >-UINT8 mProviderChoice; >-UINT8 mConncetLogical; >-USER_INFO_ACCESS mAccessInfo; >-USER_INFO mUserInfo; >-USER_PROFILE_MANAGER_CALLBACK_INFO *mCallbackInfo; >-HII_VENDOR_DEVICE_PATH mHiiVendorDevicePath = { >- { >- { >- HARDWARE_DEVICE_PATH, >- HW_VENDOR_DP, >- { >- (UINT8) (sizeof (VENDOR_DEVICE_PATH)), >- (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) >- } >- }, >- USER_PROFILE_MANAGER_GUID >- }, >- { >- END_DEVICE_PATH_TYPE, >- END_ENTIRE_DEVICE_PATH_SUBTYPE, >- { >- (UINT8) (END_DEVICE_PATH_LENGTH), >- (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8) >- } >- } >-}; >- >- >-/** >- Get string by string id from HII Interface. >- >- >- @param[in] Id String ID to get the string from. >- >- @retval CHAR16 * String from ID. >- @retval NULL If error occurs. >- >-**/ >-CHAR16 * >-GetStringById ( >- IN EFI_STRING_ID Id >- ) >-{ >- // >- // Get the current string for the current Language. >- // >- return HiiGetString (mCallbackInfo->HiiHandle, Id, NULL); >-} >- >- >-/** >- This function gets all the credential providers in the system and saved them >- to mProviderInfo. >- >- @retval EFI_SUCESS Init credential provider database successfully. >- @retval Others Fail to init credential provider database. >- >-**/ >-EFI_STATUS >-InitProviderInfo ( >- VOID >- ) >-{ >- EFI_STATUS Status; >- UINTN HandleCount; >- EFI_HANDLE *HandleBuf; >- UINTN Index; >- >- // >- // Try to find all the user credential provider driver. >- // >- HandleCount = 0; >- HandleBuf = NULL; >- Status = gBS->LocateHandleBuffer ( >- ByProtocol, >- &gEfiUserCredential2ProtocolGuid, >- NULL, >- &HandleCount, >- &HandleBuf >- ); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- // >- // Get provider infomation. >- // >- if (mProviderInfo != NULL) { >- FreePool (mProviderInfo); >- } >- mProviderInfo = AllocateZeroPool ( >- sizeof (CREDENTIAL_PROVIDER_INFO) - >- sizeof (EFI_USER_CREDENTIAL2_PROTOCOL *) + >- HandleCount * sizeof (EFI_USER_CREDENTIAL2_PROTOCOL *) >- ); >- if (mProviderInfo == NULL) { >- FreePool (HandleBuf); >- return EFI_OUT_OF_RESOURCES; >- } >- >- mProviderInfo->Count = HandleCount; >- for (Index = 0; Index < HandleCount; Index++) { >- Status = gBS->HandleProtocol ( >- HandleBuf[Index], >- &gEfiUserCredential2ProtocolGuid, >- (VOID **) &mProviderInfo->Provider[Index] >- ); >- if (EFI_ERROR (Status)) { >- FreePool (HandleBuf); >- FreePool (mProviderInfo); >- mProviderInfo = NULL; >- return Status; >- } >- } >- >- FreePool (HandleBuf); >- return EFI_SUCCESS; >-} >- >- >-/** >- This function processes changes in user profile configuration. >- >- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. >- @param Action Specifies the type of action taken by the browser. >- @param QuestionId A unique value which is sent to the original >- exporting driver so that it can identify the type >- of data to expect. >- @param Type The type of value for the question. >- @param Value A pointer to the data being sent to the original >- exporting driver. >- @param ActionRequest On return, points to the action requested by >the >- callback function. >- >- @retval EFI_SUCCESS The callback successfully handled the action. >- @retval Others Fail to handle the action. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileManagerCallback ( >- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, >- IN EFI_BROWSER_ACTION Action, >- IN EFI_QUESTION_ID QuestionId, >- IN UINT8 Type, >- IN EFI_IFR_TYPE_VALUE *Value, >- OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest >- ) >-{ >- EFI_STATUS Status; >- EFI_INPUT_KEY Key; >- UINT32 CurrentAccessRight; >- CHAR16 *QuestionStr; >- CHAR16 *PromptStr; >- VOID *StartOpCodeHandle; >- VOID *EndOpCodeHandle; >- EFI_IFR_GUID_LABEL *StartLabel; >- EFI_IFR_GUID_LABEL *EndLabel; >- EFI_USER_PROFILE_HANDLE CurrentUser; >- >- Status = EFI_SUCCESS; >- >- switch (Action) { >- case EFI_BROWSER_ACTION_FORM_OPEN: >- { >- // >- // Update user manage Form when user manage Form is opened. >- // This will be done only in FORM_OPEN CallBack of question with >QUESTIONID_USER_MANAGE from user manage Form. >- // >- if (QuestionId != QUESTIONID_USER_MANAGE) { >- return EFI_SUCCESS; >- } >- >- // >- // Get current user >- // >- CurrentUser = NULL; >- mUserManager->Current (mUserManager, &CurrentUser); >- if (CurrentUser == NULL) { >- DEBUG ((DEBUG_ERROR, "Error: current user does not exist!\n")); >- return EFI_NOT_READY; >- } >- >- // >- // Get current user's right information. >- // >- Status = GetAccessRight (&CurrentAccessRight); >- if (EFI_ERROR (Status)) { >- CurrentAccessRight = EFI_USER_INFO_ACCESS_ENROLL_SELF; >- } >- >- // >- // Init credential provider information. >- // >- Status = InitProviderInfo (); >- if (EFI_ERROR (Status)) { >- return Status; >- } >- >- // >- // Initialize the container for dynamic opcodes. >- // >- StartOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (StartOpCodeHandle != NULL); >- >- EndOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (EndOpCodeHandle != NULL); >- >- // >- // Create Hii Extend Label OpCode. >- // >- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- StartOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- StartLabel->Number = LABEL_USER_MANAGE_FUNC; >- >- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- EndOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- EndLabel->Number = LABEL_END; >- >- // >- // Add user profile option. >- // >- if ((CurrentAccessRight == EFI_USER_INFO_ACCESS_MANAGE) || >- (CurrentAccessRight == EFI_USER_INFO_ACCESS_ENROLL_OTHERS) >- ) { >- HiiCreateActionOpCode ( >- StartOpCodeHandle, // Container for dynamic created opcodes >- KEY_ADD_USER, // Question ID >- STRING_TOKEN (STR_ADD_USER_TITLE), // Prompt text >- STRING_TOKEN (STR_ADD_USER_HELP), // Help text >- EFI_IFR_FLAG_CALLBACK, // Question flag >- 0 // Action String ID >- ); >- } >- >- // >- // Add modify user profile option. >- // >- HiiCreateGotoOpCode ( >- StartOpCodeHandle, // Container for dynamic created opcodes >- FORMID_MODIFY_USER, // Target Form ID >- STRING_TOKEN (STR_MODIFY_USER_TITLE), // Prompt text >- STRING_TOKEN (STR_MODIFY_USER_HELP), // Help text >- EFI_IFR_FLAG_CALLBACK, // Question flag >- KEY_MODIFY_USER // Question ID >- ); >- >- // >- // Add delete user profile option >- // >- if (CurrentAccessRight == EFI_USER_INFO_ACCESS_MANAGE) { >- HiiCreateGotoOpCode ( >- StartOpCodeHandle, // Container for dynamic created opcodes >- FORMID_DEL_USER, // Target Form ID >- STRING_TOKEN (STR_DELETE_USER_TITLE), // Prompt text >- STRING_TOKEN (STR_DELETE_USER_HELP), // Help text >- EFI_IFR_FLAG_CALLBACK, // Question flag >- KEY_DEL_USER // Question ID >- ); >- } >- >- HiiUpdateForm ( >- mCallbackInfo->HiiHandle, // HII handle >- &gUserProfileManagerGuid, // Formset GUID >- FORMID_USER_MANAGE, // Form ID >- StartOpCodeHandle, // Label for where to insert opcodes >- EndOpCodeHandle // Replace data >- ); >- >- HiiFreeOpCodeHandle (StartOpCodeHandle); >- HiiFreeOpCodeHandle (EndOpCodeHandle); >- >- return EFI_SUCCESS; >- } >- break; >- >- case EFI_BROWSER_ACTION_FORM_CLOSE: >- Status = EFI_SUCCESS; >- break; >- >- case EFI_BROWSER_ACTION_CHANGED: >- { >- // >- // Handle the request from form. >- // >- if ((Value == NULL) || (ActionRequest == NULL)) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Judge first 2 bits. >- // >- switch (QuestionId & KEY_FIRST_FORM_MASK) { >- // >- // Add user profile operation. >- // >- case KEY_ADD_USER: >- CallAddUser (); >- break; >- >- // >- // Delete user profile operation. >- // >- case KEY_DEL_USER: >- // >- // Judge next 2 bits. >- // >- switch (QuestionId & KEY_SECOND_FORM_MASK) { >- // >- // Delete specified user profile. >- // >- case KEY_SELECT_USER: >- DeleteUser ((UINT8) QuestionId); >- // >- // Update select user form after delete a user. >- // >- SelectUserToDelete (); >- break; >- >- default: >- break; >- } >- break; >- >- // >- // Modify user profile operation. >- // >- case KEY_MODIFY_USER: >- // >- // Judge next 2 bits. >- // >- switch (QuestionId & KEY_SECOND_FORM_MASK) { >- // >- // Enter user profile information form. >- // >- case KEY_SELECT_USER: >- // >- // Judge next 3 bits. >- // >- switch (QuestionId & KEY_MODIFY_INFO_MASK) { >- // >- // Modify user name. >- // >- case KEY_MODIFY_NAME: >- ModifyUserName (); >- // >- // Update username in parent form. >- // >- SelectUserToModify (); >- break; >- >- // >- // Modify identity policy. >- // >- case KEY_MODIFY_IP: >- // >- // Judge next 3 bits >- // >- switch (QuestionId & KEY_MODIFY_IP_MASK) { >- // >- // Change credential provider option. >- // >- case KEY_MODIFY_PROV: >- mProviderChoice = Value->u8; >- break; >- >- // >- // Change logical connector. >- // >- case KEY_MODIFY_CONN: >- mConncetLogical = Value->u8; >- break; >- >- // >- // Save option. >- // >- case KEY_ADD_IP_OP: >- AddIdentityPolicyItem (); >- break; >- >- // >- // Return to user profile information form. >- // >- case KEY_IP_RETURN_UIF: >- SaveIdentityPolicy (); >- *ActionRequest = >EFI_BROWSER_ACTION_REQUEST_FORM_SUBMIT_EXIT; >- break; >- >- default: >- break; >- } >- break; >- >- // >- // Modify access policy. >- // >- case KEY_MODIFY_AP: >- // >- // Judge next 3 bits. >- // >- switch (QuestionId & KEY_MODIFY_AP_MASK) { >- // >- // Change access right choice. >- // >- case KEY_MODIFY_RIGHT: >- mAccessInfo.AccessRight = Value->u8; >- break; >- >- // >- // Change setup choice. >- // >- case KEY_MODIFY_SETUP: >- mAccessInfo.AccessSetup= Value->u8; >- break; >- >- // >- // Change boot order choice. >- // >- case KEY_MODIFY_BOOT: >- mAccessInfo.AccessBootOrder = Value->u32; >- break; >- >- // >- // Return to user profile information form. >- // >- case KEY_AP_RETURN_UIF: >- SaveAccessPolicy (); >- *ActionRequest = >EFI_BROWSER_ACTION_REQUEST_FORM_SUBMIT_EXIT; >- break; >- >- default: >- break; >- } >- break; >- >- default: >- break; >- } >- break; >- >- // >- // Access policy device path modified. >- // >- case KEY_MODIFY_AP_DP: >- // >- // Judge next 2 bits. >- // >- switch (QuestionId & KEY_MODIFY_DP_MASK) { >- // >- // Load permit device path modified. >- // >- case KEY_LOAD_PERMIT_MODIFY: >- QuestionStr = GetStringById (STRING_TOKEN >(STR_MOVE_TO_FORBID_LIST)); >- PromptStr = GetStringById (STRING_TOKEN >(STR_PRESS_KEY_CONTINUE)); >- CreatePopUp ( >- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >- &Key, >- QuestionStr, >- L"", >- PromptStr, >- NULL >- ); >- FreePool (QuestionStr); >- FreePool (PromptStr); >- if (Key.UnicodeChar != CHAR_CARRIAGE_RETURN) { >- break; >- } >- >- AddToForbidLoad ((UINT16)(QuestionId & (KEY_MODIFY_DP_MASK - >1))); >- DisplayLoadPermit (); >- break; >- >- // >- // Load forbid device path modified. >- // >- case KEY_LOAD_FORBID_MODIFY: >- QuestionStr = GetStringById (STRING_TOKEN >(STR_MOVE_TO_PERMIT_LIST)); >- PromptStr = GetStringById (STRING_TOKEN >(STR_PRESS_KEY_CONTINUE)); >- CreatePopUp ( >- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >- &Key, >- QuestionStr, >- L"", >- PromptStr, >- NULL >- ); >- FreePool (QuestionStr); >- FreePool (PromptStr); >- if (Key.UnicodeChar != CHAR_CARRIAGE_RETURN) { >- break; >- } >- >- DeleteFromForbidLoad ((UINT16)(QuestionId & >(KEY_MODIFY_DP_MASK - 1))); >- DisplayLoadForbid (); >- break; >- >- // >- // Connect permit device path modified. >- // >- case KEY_CONNECT_PERMIT_MODIFY: >- break; >- >- // >- // Connect forbid device path modified. >- // >- case KEY_CONNECT_FORBID_MODIFY: >- break; >- >- default: >- break; >- } >- break; >- >- default: >- break; >- } >- break; >- >- default: >- break; >- } >- } >- break; >- >- >- case EFI_BROWSER_ACTION_CHANGING: >- { >- // >- // Handle the request from form. >- // >- if (Value == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- >- // >- // Judge first 2 bits. >- // >- switch (QuestionId & KEY_FIRST_FORM_MASK) { >- // >- // Delete user profile operation. >- // >- case KEY_DEL_USER: >- // >- // Judge next 2 bits. >- // >- switch (QuestionId & KEY_SECOND_FORM_MASK) { >- // >- // Enter delete user profile form. >- // >- case KEY_ENTER_NEXT_FORM: >- SelectUserToDelete (); >- break; >- >- default: >- break; >- } >- break; >- >- // >- // Modify user profile operation. >- // >- case KEY_MODIFY_USER: >- // >- // Judge next 2 bits. >- // >- switch (QuestionId & KEY_SECOND_FORM_MASK) { >- // >- // Enter modify user profile form. >- // >- case KEY_ENTER_NEXT_FORM: >- SelectUserToModify (); >- break; >- >- // >- // Enter user profile information form. >- // >- case KEY_SELECT_USER: >- // >- // Judge next 3 bits. >- // >- switch (QuestionId & KEY_MODIFY_INFO_MASK) { >- // >- // Display user information form. >- // >- case KEY_ENTER_NEXT_FORM: >- ModifyUserInfo ((UINT8) QuestionId); >- break; >- >- // >- // Modify identity policy. >- // >- case KEY_MODIFY_IP: >- // >- // Judge next 3 bits >- // >- switch (QuestionId & KEY_MODIFY_IP_MASK) { >- // >- // Display identity policy modify form. >- // >- case KEY_ENTER_NEXT_FORM: >- ModifyIdentityPolicy (); >- break; >- >- default: >- break; >- } >- break; >- >- // >- // Modify access policy. >- // >- case KEY_MODIFY_AP: >- // >- // Judge next 3 bits. >- // >- switch (QuestionId & KEY_MODIFY_AP_MASK) { >- // >- // Display access policy modify form. >- // >- case KEY_ENTER_NEXT_FORM: >- ModidyAccessPolicy (); >- break; >- // >- // Load device path form. >- // >- case KEY_MODIFY_LOAD: >- // >- // Judge next 2 bits. >- // >- switch (QuestionId & KEY_DISPLAY_DP_MASK) { >- // >- // Permit load device path. >- // >- case KEY_PERMIT_MODIFY: >- DisplayLoadPermit (); >- break; >- >- // >- // Forbid load device path. >- // >- case KEY_FORBID_MODIFY: >- DisplayLoadForbid (); >- break; >- >- default: >- break; >- } >- break; >- >- // >- // Connect device path form. >- // >- case KEY_MODIFY_CONNECT: >- // >- // Judge next 2 bits. >- // >- switch (QuestionId & KEY_DISPLAY_DP_MASK) { >- // >- // Permit connect device path. >- // >- case KEY_PERMIT_MODIFY: >- DisplayConnectPermit (); >- break; >- >- // >- // Forbid connect device path. >- // >- case KEY_FORBID_MODIFY: >- DisplayConnectForbid (); >- break; >- >- default: >- break; >- } >- break; >- >- default: >- break; >- } >- break; >- >- default: >- break; >- } >- break; >- >- default: >- break; >- } >- break; >- >- default: >- break; >- } >- } >- break; >- >- default: >- // >- // All other action return unsupported. >- // >- Status = EFI_UNSUPPORTED; >- break; >- } >- >- >- return Status; >-} >- >- >-/** >- This function allows a caller to extract the current configuration for one >- or more named elements from the target driver. >- >- >- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. >- @param Request A null-terminated Unicode string in <ConfigRequest> >format. >- @param Progress On return, points to a character in the Request string. >- Points to the string's null terminator if request was successful. >- Points to the most recent '&' before the first failing name/value >- pair (or the beginning of the string if the failure is in the >- first name/value pair) if the request was not successful. >- @param Results A null-terminated Unicode string in <ConfigAltResp> >format which >- has all values filled in for the names in the Request string. >- String to be allocated by the called function. >- >- @retval EFI_SUCCESS The Results is filled with the requested values. >- @retval EFI_OUT_OF_RESOURCES Not enough memory to store the >results. >- @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown >name. >- @retval EFI_NOT_FOUND Routing data doesn't match any storage in >this driver. >- >-**/ >-EFI_STATUS >-EFIAPI >-FakeExtractConfig ( >- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, >- IN CONST EFI_STRING Request, >- OUT EFI_STRING *Progress, >- OUT EFI_STRING *Results >- ) >-{ >- if (Progress == NULL || Results == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- *Progress = Request; >- return EFI_NOT_FOUND; >-} >- >-/** >- This function processes the results of changes in configuration. >- >- >- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. >- @param Configuration A null-terminated Unicode string in <ConfigResp> >format. >- @param Progress A pointer to a string filled in with the offset of the >most >- recent '&' before the first failing name/value pair (or the >- beginning of the string if the failure is in the first >- name/value pair) or the terminating NULL if all was successful. >- >- @retval EFI_SUCCESS The Results is processed successfully. >- @retval EFI_INVALID_PARAMETER Configuration is NULL. >- @retval EFI_NOT_FOUND Routing data doesn't match any storage in >this driver. >- >-**/ >-EFI_STATUS >-EFIAPI >-FakeRouteConfig ( >- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, >- IN CONST EFI_STRING Configuration, >- OUT EFI_STRING *Progress >- ) >-{ >- if (Configuration == NULL || Progress == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- >- *Progress = Configuration; >- >- return EFI_NOT_FOUND; >-} >- >- >-/** >- Main entry for this driver. >- >- @param ImageHandle Image handle this driver. >- @param SystemTable Pointer to SystemTable. >- >- @retval EFI_SUCESS This function always complete successfully. >- >-**/ >-EFI_STATUS >-EFIAPI >-UserProfileManagerInit ( >- IN EFI_HANDLE ImageHandle, >- IN EFI_SYSTEM_TABLE *SystemTable >- ) >-{ >- EFI_STATUS Status; >- USER_PROFILE_MANAGER_CALLBACK_INFO *CallbackInfo; >- >- Status = gBS->LocateProtocol ( >- &gEfiUserManagerProtocolGuid, >- NULL, >- (VOID **) &mUserManager >- ); >- if (EFI_ERROR (Status)) { >- return EFI_SUCCESS; >- } >- >- // >- // Initialize driver private data. >- // >- ZeroMem (&mUserInfo, sizeof (mUserInfo)); >- ZeroMem (&mAccessInfo, sizeof (mAccessInfo)); >- >- CallbackInfo = AllocateZeroPool (sizeof >(USER_PROFILE_MANAGER_CALLBACK_INFO)); >- ASSERT (CallbackInfo != NULL); >- >- CallbackInfo->Signature = USER_PROFILE_MANAGER_SIGNATURE; >- CallbackInfo->ConfigAccess.ExtractConfig = FakeExtractConfig; >- CallbackInfo->ConfigAccess.RouteConfig = FakeRouteConfig; >- CallbackInfo->ConfigAccess.Callback = UserProfileManagerCallback; >- CallbackInfo->DriverHandle = NULL; >- >- // >- // Install Device Path Protocol and Config Access protocol to driver handle. >- // >- Status = gBS->InstallMultipleProtocolInterfaces ( >- &CallbackInfo->DriverHandle, >- &gEfiDevicePathProtocolGuid, >- &mHiiVendorDevicePath, >- &gEfiHiiConfigAccessProtocolGuid, >- &CallbackInfo->ConfigAccess, >- NULL >- ); >- ASSERT_EFI_ERROR (Status); >- >- // >- // Publish HII data. >- // >- CallbackInfo->HiiHandle = HiiAddPackages ( >- &gUserProfileManagerGuid, >- CallbackInfo->DriverHandle, >- UserProfileManagerStrings, >- UserProfileManagerVfrBin, >- NULL >- ); >- ASSERT (CallbackInfo->HiiHandle != NULL); >- mCallbackInfo = CallbackInfo; >- >- return Status; >-} >- >- >diff --git >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >er.h >b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >er.h >deleted file mode 100644 >index aff1e28d9d..0000000000 >--- >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >er.h >+++ /dev/null >@@ -1,444 +0,0 @@ >-/** @file >- The header file for user profile manager driver. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#ifndef __EFI_USER_PROFILE_MANAGER_H__ >-#define __EFI_USER_PROFILE_MANAGER_H__ >- >-#include <Uefi.h> >- >-#include <Guid/GlobalVariable.h> >-#include <Guid/MdeModuleHii.h> >- >-#include <Protocol/HiiConfigAccess.h> >-#include <Protocol/UserCredential2.h> >-#include <Protocol/UserManager.h> >- >-#include <Library/UefiRuntimeServicesTableLib.h> >-#include <Library/UefiBootServicesTableLib.h> >-#include <Library/MemoryAllocationLib.h> >-#include <Library/BaseMemoryLib.h> >-#include <Library/DevicePathLib.h> >-#include <Library/DebugLib.h> >-#include <Library/UefiLib.h> >-#include <Library/PrintLib.h> >-#include <Library/HiiLib.h> >- >-#include "UserProfileManagerData.h" >- >-#define USER_NAME_LENGTH 17 >- >-// >-// Credential Provider Information. >-// >-typedef struct { >- UINTN Count; >- EFI_USER_CREDENTIAL2_PROTOCOL *Provider[1]; >-} CREDENTIAL_PROVIDER_INFO; >- >-// >-// User profile information structure. >-// >-typedef struct { >- UINT64 UsageCount; >- EFI_TIME CreateDate; >- EFI_TIME UsageDate; >- UINTN AccessPolicyLen; >- UINTN IdentityPolicyLen; >- UINTN NewIdentityPolicyLen; >- UINT8 *AccessPolicy; >- UINT8 *IdentityPolicy; >- UINT8 *NewIdentityPolicy; >- CHAR16 UserName[USER_NAME_LENGTH]; >- BOOLEAN CreateDateExist; >- BOOLEAN UsageDateExist; >- BOOLEAN AccessPolicyModified; >- BOOLEAN IdentityPolicyModified; >- BOOLEAN NewIdentityPolicyModified; >-} USER_INFO; >- >-// >-// User access information structure. >-// >-typedef struct { >- UINTN LoadPermitLen; >- UINTN LoadForbidLen; >- UINTN ConnectPermitLen; >- UINTN ConnectForbidLen; >- UINT8 *LoadPermit; >- UINT8 *LoadForbid; >- UINT8 *ConnectPermit; >- UINT8 *ConnectForbid; >- UINT32 AccessBootOrder; >- UINT8 AccessRight; >- UINT8 AccessSetup; >-} USER_INFO_ACCESS; >- >-#define USER_PROFILE_MANAGER_SIGNATURE SIGNATURE_32 ('U', 'P', 'M', >'S') >- >-typedef struct { >- UINTN Signature; >- EFI_HANDLE DriverHandle; >- EFI_HII_HANDLE HiiHandle; >- EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess; >-} USER_PROFILE_MANAGER_CALLBACK_INFO; >- >-// >-// HII specific Vendor Device Path definition. >-// >-typedef struct { >- VENDOR_DEVICE_PATH VendorDevicePath; >- EFI_DEVICE_PATH_PROTOCOL End; >-} HII_VENDOR_DEVICE_PATH; >- >-// >-// This is the generated IFR binary data for each formset defined in VFR. >-// >-extern UINT8 UserProfileManagerVfrBin[]; >- >-// >-// This is the generated String package data for .UNI file. >-// >-extern UINT8 UserProfileManagerStrings[]; >- >-// >-// The user manager protocol, used in several function. >-// >-extern EFI_USER_MANAGER_PROTOCOL *mUserManager; >- >-// >-// The credential providers database in system. >-// >-extern CREDENTIAL_PROVIDER_INFO *mProviderInfo; >- >-// >-// The variables used to update identity policy. >-// >-extern UINT8 mProviderChoice; >-extern UINT8 mConncetLogical; >- >-// >-// The variables used to update access policy. >-// >-extern USER_INFO_ACCESS mAccessInfo; >- >-// >-// The user information used to record all data in UI. >-// >-extern USER_INFO mUserInfo; >- >-extern USER_PROFILE_MANAGER_CALLBACK_INFO *mCallbackInfo; >- >-extern EFI_USER_PROFILE_HANDLE mModifyUser; >- >-/** >- Get string by string id from HII Interface. >- >- >- @param[in] Id String ID to get the string from. >- >- @retval CHAR16 * String from ID. >- @retval NULL If error occurs. >- >-**/ >-CHAR16 * >-GetStringById ( >- IN EFI_STRING_ID Id >- ); >- >-/** >- Add a new user profile into the user profile database. >- >-**/ >-VOID >-CallAddUser ( >- VOID >- ); >- >-/** >- Display user select form; can select a user to modify. >- >-**/ >-VOID >-SelectUserToModify ( >- VOID >- ); >- >-/** >- Display user select form, cab select a user to delete. >- >-**/ >-VOID >-SelectUserToDelete ( >- VOID >- ); >- >-/** >- Delete the user specified by UserIndex in user profile database. >- >- @param[in] UserIndex The index of user in the user name list to be >deleted. >- >-**/ >-VOID >-DeleteUser ( >- IN UINT8 UserIndex >- ); >- >-/** >- Add a username item in form. >- >- @param[in] User Points to the user profile whose username is added. >- @param[in] Index The index of the user in the user name list. >- @param[in] OpCodeHandle Points to container for dynamic created >opcodes. >- >-**/ >-VOID >-AddUserToForm ( >- IN EFI_USER_PROFILE_HANDLE User, >- IN UINT16 Index, >- IN VOID *OpCodeHandle >- ); >- >-/** >- Display modify user information form >- >- In this form, username, create Date, usage date, usage count, identity policy, >- and access policy are displayed. >- >- @param[in] UserIndex The index of the user in display list to modify. >- >-**/ >-VOID >-ModifyUserInfo ( >- IN UINT8 UserIndex >- ); >- >-/** >- Get the username from user input and update username string in Hii >- database with it. >- >-**/ >-VOID >-ModifyUserName ( >- VOID >- ); >- >-/** >- Display the form of modifying user identity policy. >- >-**/ >-VOID >-ModifyIdentityPolicy ( >- VOID >- ); >- >-/** >- Update the mUserInfo.NewIdentityPolicy and UI when 'add option' is >pressed. >- >-**/ >-VOID >-AddIdentityPolicyItem ( >- VOID >- ); >- >-/** >- Save the identity policy and update UI with it. >- >- This function will verify the new identity policy, in current implementation, >- the identity policy can be: T, P & P & P & ..., P | P | P | ... >- Here, "T" means "True", "P" means "Credential Provider", "&" means "and", >"|" means "or". >- Other identity policies are not supported. >- >-**/ >-VOID >-SaveIdentityPolicy ( >- VOID >- ); >- >-/** >- Display modify user access policy form >- >- In this form, access right, access setu,p and access boot order are >dynamically >- added. Load devicepath and connect devicepath are displayed too. >- >-**/ >-VOID >-ModidyAccessPolicy ( >- VOID >- ); >- >-/** >- Collect all the access policy data to mUserInfo.AccessPolicy, >- and save it to user profile. >- >-**/ >-VOID >-SaveAccessPolicy ( >- VOID >- ); >- >-/** >- Get current user's access rights. >- >- @param[out] AccessRight Points to the buffer used for user's access rights. >- >- @retval EFI_SUCCESS Get current user access rights successfully. >- @retval others Fail to get current user access rights. >- >-**/ >-EFI_STATUS >-GetAccessRight ( >- OUT UINT32 *AccessRight >- ); >- >-/** >- Display the permit load device path in the loadable device path list. >- >-**/ >-VOID >-DisplayLoadPermit( >- VOID >- ); >- >-/** >- Display the forbid load device path list (mAccessInfo.LoadForbid). >- >-**/ >-VOID >-DisplayLoadForbid ( >- VOID >- ); >- >-/** >- Display the permit connect device path. >- >-**/ >-VOID >-DisplayConnectPermit ( >- VOID >- ); >- >-/** >- Display the forbid connect device path list. >- >-**/ >-VOID >-DisplayConnectForbid ( >- VOID >- ); >- >-/** >- Delete the specified device path by DriverIndex from the forbid device path >- list (mAccessInfo.LoadForbid). >- >- @param[in] DriverIndex The index of driver in a forbidden device path list. >- >-**/ >-VOID >-DeleteFromForbidLoad ( >- IN UINT16 DriverIndex >- ); >- >-/** >- Add the specified device path by DriverIndex to the forbid device path >- list (mAccessInfo.LoadForbid). >- >- @param[in] DriverIndex The index of driver saved in driver options. >- >-**/ >-VOID >-AddToForbidLoad ( >- IN UINT16 DriverIndex >- ); >- >-/** >- Get user name from the popup windows. >- >- @param[in, out] UserNameLen On entry, point to the buffer lengh of >UserName. >- On exit, point to the input user name length. >- @param[out] UserName The buffer to hold the input user name. >- >- @retval EFI_ABORTED It is given up by pressing 'ESC' key. >- @retval EFI_NOT_READY Not a valid input at all. >- @retval EFI_SUCCESS Get a user name successfully. >- >-**/ >-EFI_STATUS >-GetUserNameInput ( >- IN OUT UINTN *UserNameLen, >- OUT CHAR16 *UserName >- ); >- >-/** >- Find the specified info in User profile by the InfoType. >- >- @param[in] User Handle of the user whose information will be >searched. >- @param[in] InfoType The user information type to find. >- @param[out] UserInfo Points to user information handle found. >- >- @retval EFI_SUCCESS Find the user information successfully. >- @retval Others Fail to find the user information. >- >-**/ >-EFI_STATUS >-FindInfoByType ( >- IN EFI_USER_PROFILE_HANDLE User, >- IN UINT8 InfoType, >- OUT EFI_USER_INFO_HANDLE *UserInfo >- ); >- >-/** >- Convert the identity policy to a unicode string and update the Hii database >- IpStringId string with it. >- >- @param[in] Ip Points to identity policy. >- @param[in] IpLen The identity policy length. >- @param[in] IpStringId String ID in the HII database to be replaced. >- >-**/ >-VOID >-ResolveIdentityPolicy ( >- IN UINT8 *Ip, >- IN UINTN IpLen, >- IN EFI_STRING_ID IpStringId >- ); >- >-/** >- Expand access policy memory size. >- >- @param[in] ValidLen The valid access policy length. >- @param[in] ExpandLen The length that is needed to expand. >- >-**/ >-VOID >-ExpandMemory ( >- IN UINTN ValidLen, >- IN UINTN ExpandLen >- ); >- >-/** >- Delete User's credental from all the providers that exist in User's identity >policy. >- >- @param[in] IdentityPolicy Point to User's identity policy. >- @param[in] IdentityPolicyLen The length of the identity policy. >- @param[in] User Points to user profile. >- >-**/ >-VOID >-DeleteCredentialFromProviders ( >- IN UINT8 *IdentityPolicy, >- IN UINTN IdentityPolicyLen, >- IN EFI_USER_PROFILE_HANDLE User >- ); >- >-#endif >diff --git >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >er.uni >b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >er.uni >deleted file mode 100644 >index e4a768e00a..0000000000 >--- >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >er.uni >+++ /dev/null >@@ -1,22 +0,0 @@ >-// /** @file >-// A UI tool to manage user profiles >-// >-// By this module, user can add/update/delete user profiles, and can also >-// modify the user access policy and the user identification policy. >-// >-// Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR> >-// >-// This program and the accompanying materials >-// are licensed and made available under the terms and conditions of the BSD >License >-// which accompanies this distribution. The full text of the license may be >found at >-// http://opensource.org/licenses/bsd-license.php >-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >-// >-// **/ >- >- >-#string STR_MODULE_ABSTRACT #language en-US "A UI tool to >manage user profiles" >- >-#string STR_MODULE_DESCRIPTION #language en-US "By this module, >user can add/update/delete user profiles, and can also modify the user access >policy and the user identification policy." >- >diff --git >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >erData.h >b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >erData.h >deleted file mode 100644 >index a83caac9ba..0000000000 >--- >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >erData.h >+++ /dev/null >@@ -1,158 +0,0 @@ >-/** @file >- The form data for user profile manager driver. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#ifndef __USER_PROFILE_MANAGER_DATA_H__ >-#define __USER_PROFILE_MANAGER_DATA_H__ >- >-#include <Guid/UserProfileManagerHii.h> >- >-// >-// Form ID >-// >-#define FORMID_USER_MANAGE 0x0001 >-#define FORMID_MODIFY_USER 0x0002 >-#define FORMID_DEL_USER 0x0003 >-#define FORMID_USER_INFO 0x0004 >-#define FORMID_MODIFY_IP 0x0005 >-#define FORMID_MODIFY_AP 0x0006 >-#define FORMID_LOAD_DP 0x0007 >-#define FORMID_CONNECT_DP 0x0008 >-#define FORMID_PERMIT_LOAD_DP 0x0009 >-#define FORMID_FORBID_LOAD_DP 0x000A >-#define FORMID_PERMIT_CONNECT_DP 0x000B >-#define FORMID_FORBID_CONNECT_DP 0x000C >- >-// >-// Label ID >-// >-#define LABEL_USER_MANAGE_FUNC 0x0010 >-#define LABEL_USER_DEL_FUNC 0x0020 >-#define LABEL_USER_MOD_FUNC 0x0030 >-#define LABEL_USER_INFO_FUNC 0x0040 >-#define LABEL_IP_MOD_FUNC 0x0050 >-#define LABEL_AP_MOD_FUNC 0x0060 >-#define LABEL_PERMIT_LOAD_FUNC 0x0070 >-#define LABLE_FORBID_LOAD_FUNC 0x0080 >-#define LABEL_END 0x00F0 >- >-// >-// First form key (Add/modify/del user profile). >-// First 2 bits (bit 16~15). >-// >-#define KEY_MODIFY_USER 0x4000 >-#define KEY_DEL_USER 0x8000 >-#define KEY_ADD_USER 0xC000 >-#define KEY_FIRST_FORM_MASK 0xC000 >- >-// >-// Second form key (Display new form /Select user / modify device path in >access policy). >-// Next 2 bits (bit 14~13). >-// >-#define KEY_ENTER_NEXT_FORM 0x0000 >-#define KEY_SELECT_USER 0x1000 >-#define KEY_MODIFY_AP_DP 0x2000 >-#define KEY_OPEN_CLOSE_FORM_ACTION 0x3000 >-#define KEY_SECOND_FORM_MASK 0x3000 >- >-// >-// User profile information form key. >-// Next 3 bits (bit 12~10). >-// >-#define KEY_MODIFY_NAME 0x0200 >-#define KEY_MODIFY_IP 0x0400 >-#define KEY_MODIFY_AP 0x0600 >-#define KEY_MODIFY_INFO_MASK 0x0E00 >- >-// >-// Specified key, used in VFR (KEY_MODIFY_USER | KEY_SELECT_USER | >KEY_MODIFY_NAME). >-// >-#define KEY_MODIFY_USER_NAME 0x5200 >- >-// >-// Modify identity policy form key. >-// Next 3 bits (bit 9~7). >-// >-#define KEY_MODIFY_PROV 0x0040 >-#define KEY_MODIFY_MTYPE 0x0080 >-#define KEY_MODIFY_CONN 0x00C0 >-#define KEY_ADD_IP_OP 0x0100 >-#define KEY_IP_RETURN_UIF 0x0140 >-#define KEY_MODIFY_IP_MASK 0x01C0 >- >-// >-// Specified key. >-// >-#define KEY_ADD_LOGICAL_OP 0x5500 >-#define KEY_IP_RETURN 0x5540 >- >-// >-// Modify access policy form key. >-// Next 3 bits (bit 9~7). >-// >-#define KEY_MODIFY_RIGHT 0x0040 >-#define KEY_MODIFY_SETUP 0x0080 >-#define KEY_MODIFY_BOOT 0x00C0 >-#define KEY_MODIFY_LOAD 0x0100 >-#define KEY_MODIFY_CONNECT 0x0140 >-#define KEY_AP_RETURN_UIF 0x0180 >-#define KEY_MODIFY_AP_MASK 0x01C0 >- >-// >-// Specified key. >-// >-#define KEY_LOAD_DP 0x5700 >-#define KEY_CONN_DP 0x5740 >-#define KEY_AP_RETURN 0x5780 >- >-// >-// Device path form key. >-// Next 2 bits (bit 6~5). >-// >-#define KEY_PERMIT_MODIFY 0x0010 >-#define KEY_FORBID_MODIFY 0x0020 >-#define KEY_DISPLAY_DP_MASK 0x0030 >- >-// >-// Specified key. >-// >-#define KEY_LOAD_PERMIT 0x5710 >-#define KEY_LOAD_FORBID 0x5720 >-#define KEY_CONNECT_PERMIT 0x5750 >-#define KEY_CONNECT_FORBID 0x5760 >- >-// >-// Device path modify key. >-// 2 bits (bit 12~11). >-// >-#define KEY_LOAD_PERMIT_MODIFY 0x0000 >-#define KEY_LOAD_FORBID_MODIFY 0x0400 >-#define KEY_CONNECT_PERMIT_MODIFY 0x0800 >-#define KEY_CONNECT_FORBID_MODIFY 0x0C00 >-#define KEY_MODIFY_DP_MASK 0x0C00 >- >- >-// >-// The permissions usable when configuring the platform. >-// >-#define ACCESS_SETUP_RESTRICTED 1 >-#define ACCESS_SETUP_NORMAL 2 >-#define ACCESS_SETUP_ADMIN 3 >- >-// >-// Question ID for the question used in each form >(KEY_OPEN_CLOSE_FORM_ACTION | FORMID_FORM_USER_MANAGE) >-// This ID is used in FORM OPEN/CLOSE CallBack action. >-// >-#define QUESTIONID_USER_MANAGE 0x3001 >- >-#endif >diff --git >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >erDxe.inf >b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >erDxe.inf >deleted file mode 100644 >index cdd97731b2..0000000000 >--- >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >erDxe.inf >+++ /dev/null >@@ -1,72 +0,0 @@ >-## @file >-# A UI tool to manage user profiles >-# >-# By this module, user can add/update/delete user profiles, and can also >-# modify the user access policy and the user identification policy. >-# >-# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-# This program and the accompanying materials >-# are licensed and made available under the terms and conditions of the BSD >License >-# which accompanies this distribution. The full text of the license may be >found at >-# http://opensource.org/licenses/bsd-license.php >-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >-# >-## >- >-[Defines] >- INF_VERSION = 0x00010005 >- BASE_NAME = UserProfileManager >- MODULE_UNI_FILE = UserProfileManager.uni >- FILE_GUID = E38CB52D-A74D-45db-A8D0-290C9B21BBF2 >- MODULE_TYPE = DXE_DRIVER >- VERSION_STRING = 1.0 >- ENTRY_POINT = UserProfileManagerInit >- >-[Sources] >- UserProfileManager.c >- UserProfileManager.h >- UserProfileAdd.c >- UserProfileDelete.c >- UserProfileModify.c >- ModifyIdentityPolicy.c >- ModifyAccessPolicy.c >- UserProfileManagerData.h >- UserProfileManagerStrings.uni >- UserProfileManagerVfr.Vfr >- >-[Packages] >- MdePkg/MdePkg.dec >- MdeModulePkg/MdeModulePkg.dec >- SecurityPkg/SecurityPkg.dec >- >-[LibraryClasses] >- UefiRuntimeServicesTableLib >- UefiBootServicesTableLib >- UefiDriverEntryPoint >- MemoryAllocationLib >- BaseMemoryLib >- DebugLib >- HiiLib >- UefiLib >- DevicePathLib >- >-[Guids] >- gEfiIfrTianoGuid ## SOMETIMES_CONSUMES ## GUID >- gEfiUserInfoAccessSetupAdminGuid ## SOMETIMES_CONSUMES ## >GUID >- gEfiUserInfoAccessSetupNormalGuid ## SOMETIMES_CONSUMES ## >GUID >- gEfiUserInfoAccessSetupRestrictedGuid ## SOMETIMES_CONSUMES >## GUID >- gUserProfileManagerGuid ## CONSUMES ## HII >- >-[Protocols] >- gEfiDevicePathProtocolGuid ## PRODUCES >- gEfiHiiConfigAccessProtocolGuid ## PRODUCES >- gEfiUserCredential2ProtocolGuid ## SOMETIMES_CONSUMES >- gEfiUserManagerProtocolGuid ## CONSUMES >- >-[Depex] >- gEfiUserManagerProtocolGuid >- >-[UserExtensions.TianoCore."ExtraFiles"] >- UserProfileManagerExtra.uni >- >diff --git >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >erExtra.uni >b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >erExtra.uni >deleted file mode 100644 >index bf7ac7dc04..0000000000 >--- >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >erExtra.uni >+++ /dev/null >@@ -1,19 +0,0 @@ >-// /** @file >-// UserProfileManager Localized Strings and Content >-// >-// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> >-// >-// This program and the accompanying materials >-// are licensed and made available under the terms and conditions of the BSD >License >-// which accompanies this distribution. The full text of the license may be >found at >-// http://opensource.org/licenses/bsd-license.php >-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >-// >-// **/ >- >-#string STR_PROPERTIES_MODULE_NAME >-#language en-US >-"User Profile Manager" >- >- >diff --git >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >erStrings.uni >b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >erStrings.uni >deleted file mode 100644 >index 3a003a9883..0000000000 >--- >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >erStrings.uni >+++ /dev/null >@@ -1,158 +0,0 @@ >-/** @file >- String definitions for User Profile Manager driver. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#langdef en-US "English" >-#langdef fr-FR "Français" >- >-#string STR_NULL_STRING #language en-US "" >- #language fr-FR "" >-#string STR_FORMSET_TITLE #language en-US "User Manager" >- #language fr-FR "User Manager(French)" >-#string STR_TITLE_HELP #language en-US "This selection will take >you to the User Manager" >- #language fr-FR "This selection will take you to the User >Manager(French)" >-#string STR_USERMAN_TITLE #language en-US "User Manager" >- #language fr-FR "User Manager(French)" >-#string STR_ADD_USER_TITLE #language en-US "Add User Profile" >- #language fr-FR "Add User Profile(French)" >-#string STR_ADD_USER_HELP #language en-US "Add User Profile to >User Database" >- #language fr-FR "Add User Profile to User >Database(French)" >-#string STR_MODIFY_USER_TITLE #language en-US "Modify User >Profile" >- #language fr-FR "Modify User Profile(French)" >-#string STR_MODIFY_USER_HELP #language en-US "Modify User Profile >Information" >- #language fr-FR "Modify User Profile >Information(French)" >-#string STR_DELETE_USER_TITLE #language en-US "Delete User Profile" >- #language fr-FR "Delete User Profile(French)" >-#string STR_DELETE_USER_HELP #language en-US "Delete User Profile >from User Database" >- #language fr-FR "Delete User Profile from User >Database(French)" >-#string STR_USER_INFO #language en-US "User Profile >Information" >- #language fr-FR "User Profile Information(French)" >-#string STR_USER_NAME #language en-US "User Name" >- #language fr-FR "User Name(French)" >-#string STR_USER_NAME_VAL #language en-US "" >- #language fr-FR "" >-#string STR_CREATE_DATE #language en-US "Create Date" >- #language fr-FR "Create Date(French)" >-#string STR_CREATE_DATE_VAL #language en-US "" >- #language fr-FR "" >-#string STR_USAGE_DATE #language en-US "Usage Date" >- #language fr-FR "Usage Date(French)" >-#string STR_USAGE_DATE_VAL #language en-US "" >- #language fr-FR "" >-#string STR_USAGE_COUNT #language en-US "Usage Count" >- #language fr-FR "Usage Count(French)" >-#string STR_USAGE_COUNT_VAL #language en-US "" >- #language fr-FR "" >-#string STR_IDENTIFY_POLICY #language en-US "Identify Policy" >- #language fr-FR "Identify Policy(French)" >-#string STR_IDENTIFY_POLICY_VAL #language en-US "" >- #language fr-FR "" >-#string STR_ACCESS_POLICY #language en-US "Access Policy" >- #language fr-FR "Access Policy(French)" >-#string STR_SAVE #language en-US "Save & Exit" >- #language fr-FR "Save & Exit(French)" >-#string STR_IDENTIFY_SAVE_HELP #language en-US "Save Identify Policy >and Exit" >- #language fr-FR "Save Identify Policy and Exit(French)" >-#string STR_PROVIDER #language en-US "Credential Provider" >- #language fr-FR "Credential Provider(French)" >-#string STR_PROVIDER_HELP #language en-US "Select Credential >Provider Option" >- #language fr-FR "Select Credential Provider >Option(French)" >-#string STR_OR_CON #language en-US "Or" >- #language fr-FR "Or(French)" >-#string STR_AND_CON #language en-US "And" >- #language fr-FR "And(French)" >-#string STR_CONNECTOR #language en-US "Logical Connector" >- #language fr-FR "Logical Connector(French)" >-#string STR_CONNECTOR_HELP #language en-US "Select Logical >Connector Option" >- #language fr-FR "Select Logical Connector >Option(French)" >-#string STR_IDENTIFY_POLICY_VALUE #language en-US "" >- #language fr-FR "" >-#string STR_IDENTIFY_POLICY_HELP #language en-US "Current Identify >Policy" >- #language fr-FR "Current Identify Policy(French)" >-#string STR_ADD_OPTION #language en-US "Add Option" >- #language fr-FR "Add Option(French)" >-#string STR_ADD_OPTION_HELP #language en-US "Add This Option to >Identify Policy" >- #language fr-FR "Add This Option to Identify >Policy(French)" >-#string STR_ACCESS_SAVE_HELP #language en-US "Save Access Policy >and Exit" >- #language fr-FR "Save Access Policy and Exit(French)" >-#string STR_ACCESS_RIGHT #language en-US "Access Right" >- #language fr-FR "Access Right(French)" >-#string STR_ACCESS_RIGHT_HELP #language en-US "Select Access Right >Option" >- #language fr-FR "Select Access Right Option(French)" >-#string STR_NORMAL #language en-US "Normal" >- #language fr-FR "Normal(French)" >-#string STR_ENROLL #language en-US "Enroll" >- #language fr-FR "Enroll(French)" >-#string STR_MANAGE #language en-US "Manage" >- #language fr-FR "Manage(French)" >-#string STR_ACCESS_SETUP #language en-US "Access Setup" >- #language fr-FR "Access Setup(French)" >-#string STR_ACCESS_SETUP_HELP #language en-US "Select Access >Setup Option" >- #language fr-FR "Selelct Access Setup Option(French)" >-#string STR_RESTRICTED #language en-US "Restricted" >- #language fr-FR "Restricted(French)" >-#string STR_ADMIN #language en-US "Admin" >- #language fr-FR "Admin(French)" >-#string STR_BOOR_ORDER #language en-US "Access Boot Order" >- #language fr-FR "Access Boot Order(French)" >-#string STR_BOOT_ORDER_HELP #language en-US "Select Access Boot >Order Option" >- #language fr-FR "Select Access Boot Order >Option(French)" >-#string STR_INSERT #language en-US "Insert" >- #language fr-FR "Insert(French)" >-#string STR_APPEND #language en-US "Append" >- #language fr-FR "Append(French)" >-#string STR_REPLACE #language en-US "Replace" >- #language fr-FR "Replace(French)" >-#string STR_NODEFAULT #language en-US "Nodefault" >- #language fr-FR "Nodefault(French)" >-#string STR_LOAD #language en-US "Load Device Path" >- #language fr-FR "Load Device Path(French)" >-#string STR_LOAD_HELP #language en-US "Select Permit/Forbid >Load Device Path" >- #language fr-FR "Select Permit/Forbid Load Device >Path(French)" >-#string STR_CONNECT #language en-US "Connect Device Path" >- #language fr-FR "Connect Device Path(French)" >-#string STR_CONNECT_HELP #language en-US "Select Permit/Forbid >Connect Device Path" >- #language fr-FR "Select Permit/Forbid Connect Device >Path(French)" >-#string STR_LOAD_PERMIT #language en-US "Permit Load Device >Path" >- #language fr-FR "Permit Load Device Path(French)" >-#string STR_LOAD_PERMIT_HELP #language en-US "Change Permit >Load Device Path to Forbid" >- #language fr-FR "Change Permit Load Device Path to >Forbid(French)" >-#string STR_LOAD_FORBID #language en-US "Forbid Load Device >Path" >- #language fr-FR "Forbid Load Device Path(French)" >-#string STR_LOAD_FORBID_HELP #language en-US "Change Forbid Load >Device Path to Permit" >- #language fr-FR "Change Forbid Load Device Path to >Permit(French)" >-#string STR_CONNECT_PERMIT #language en-US "Permit Connect >Device Path" >- #language fr-FR "Permit Connect Device Path(French)" >-#string STR_CONNECT_PERMIT_HELP #language en-US "Change Permit >Connect Device Path to Forbid" >- #language fr-FR "Change Permit Connect Device Path to >Forbid(French)" >-#string STR_CONNECT_FORBID #language en-US "Forbid Connect >Device Path" >- #language fr-FR "Forbid Connect Device Path(French)" >-#string STR_CONNECT_FORBID_HELP #language en-US "Change Forbid >Connect Device Path to Permit" >- #language fr-FR "Change Forbid Connect Device Path to >Permit(French)" >-#string STR_PRESS_KEY_CONTINUE #language en-US "Press ENTER to >Continue, Other Key to Cancel ..." >- #language fr-FR "Press ENTER to Continue, Other Key to >Cancel ...(French)" >-#string STR_MOVE_TO_FORBID_LIST #language en-US "Are You Sure to >Move It to Forbid List?" >- #language fr-FR "Are You Sure to Move It to Forbid >List?(French)" >-#string STR_MOVE_TO_PERMIT_LIST #language en-US "Are You Sure to >Move It to Permit List?" >- #language fr-FR "Are You Sure to Move It to Permit >List?(French)" >-#string STR_STROKE_KEY_CONTINUE #language en-US "Please Press Any >Key to Continue ..." >- #language fr-FR "Please Press Any Key to Continue ... >(French)" >-#string STR_CREATE_PROFILE_FAILED #language en-US "Create New User >Profile Failed!" >- #language fr-FR "Create New User Profile Failed! >(French)" >-#string STR_CREATE_PROFILE_SUCCESS #language en-US "Create New >User Profile Succeed!" >- #language fr-FR "Create New User Profile Succeed! >(French)" >-#string STR_USER_ALREADY_EXISTED #language en-US "User Name Had >Already Existed." >- #language fr-FR "User Name Had Already Existed. >(French)" >-#string STR_GET_USERNAME_FAILED #language en-US "Failed To Get >User Name." >- #language fr-FR "Failed To Get User Name. (French)" >- >diff --git >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >erVfr.Vfr >b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >erVfr.Vfr >deleted file mode 100644 >index 2cf3359f2a..0000000000 >--- >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >erVfr.Vfr >+++ /dev/null >@@ -1,244 +0,0 @@ >-/** @file >- User Profile Manager formset. >- >-Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#include "UserProfileManagerData.h" >- >-#define USER_MANAGER_CLASS 0x00 >-#define USER_MANAGER_SUBCLASS 0x04 >- >-formset >- guid = USER_PROFILE_MANAGER_GUID, >- title = STRING_TOKEN(STR_FORMSET_TITLE), >- help = STRING_TOKEN(STR_TITLE_HELP), >- >- // User manager form >- form formid = FORMID_USER_MANAGE, >- title = STRING_TOKEN(STR_USERMAN_TITLE); >- >- label LABEL_USER_MANAGE_FUNC; >- label LABEL_END; >- >- suppressif TRUE; >- text >- help = STRING_TOKEN(STR_NULL_STRING), >- text = STRING_TOKEN(STR_NULL_STRING), >- flags = INTERACTIVE, >- key = QUESTIONID_USER_MANAGE; >- endif; >- >- endform; >- >- // Modify user profile form >- form formid = FORMID_MODIFY_USER, >- title = STRING_TOKEN(STR_MODIFY_USER_TITLE); >- >- label LABEL_USER_MOD_FUNC; >- label LABEL_END; >- >- endform; >- >- // Delete user profile form >- form formid = FORMID_DEL_USER, >- title = STRING_TOKEN(STR_DELETE_USER_TITLE); >- >- label LABEL_USER_DEL_FUNC; >- label LABEL_END; >- >- subtitle >- text = STRING_TOKEN(STR_NULL_STRING); >- endform; >- >- // >- // User profile information form >- // >- form formid = FORMID_USER_INFO, >- title = STRING_TOKEN(STR_USER_INFO); >- >- text >- help = STRING_TOKEN(STR_USER_NAME_VAL), >- text = STRING_TOKEN(STR_USER_NAME), >- flags = INTERACTIVE, >- key = KEY_MODIFY_USER_NAME; >- >- text >- help = STRING_TOKEN(STR_CREATE_DATE_VAL), >- text = STRING_TOKEN(STR_CREATE_DATE); >- >- text >- help = STRING_TOKEN(STR_USAGE_DATE_VAL), >- text = STRING_TOKEN(STR_USAGE_DATE); >- >- text >- help = STRING_TOKEN(STR_USAGE_COUNT_VAL), >- text = STRING_TOKEN(STR_USAGE_COUNT); >- >- label LABEL_USER_INFO_FUNC; >- label LABEL_END; >- >- endform; >- >- // >- // Identify policy modify form >- // >- form formid = FORMID_MODIFY_IP, >- title = STRING_TOKEN(STR_IDENTIFY_POLICY); >- >- text >- help = STRING_TOKEN(STR_IDENTIFY_POLICY_HELP), >- text = STRING_TOKEN(STR_IDENTIFY_POLICY), >- text = STRING_TOKEN(STR_IDENTIFY_POLICY_VALUE); >- >- label LABEL_IP_MOD_FUNC; >- label LABEL_END; >- >- text >- help = STRING_TOKEN(STR_ADD_OPTION_HELP), >- text = STRING_TOKEN(STR_ADD_OPTION), >- flags = INTERACTIVE, >- key = KEY_ADD_LOGICAL_OP; >- >- subtitle >- text = STRING_TOKEN(STR_NULL_STRING); >- >- text >- help = STRING_TOKEN(STR_IDENTIFY_SAVE_HELP), >- text = STRING_TOKEN(STR_SAVE), >- flags = INTERACTIVE, >- key = KEY_IP_RETURN; >- >- endform; >- >- // >- // Access policy modify form >- // >- form formid = FORMID_MODIFY_AP, >- title = STRING_TOKEN(STR_ACCESS_POLICY); >- >- label LABEL_AP_MOD_FUNC; >- label LABEL_END; >- >- goto FORMID_LOAD_DP, >- prompt = STRING_TOKEN(STR_LOAD), >- help = STRING_TOKEN(STR_LOAD_HELP), >- flags = INTERACTIVE, >- key = KEY_LOAD_DP; >- >- goto FORMID_CONNECT_DP, >- prompt = STRING_TOKEN(STR_CONNECT), >- help = STRING_TOKEN(STR_CONNECT_HELP), >- flags = INTERACTIVE, >- key = KEY_CONN_DP; >- >- subtitle >- text = STRING_TOKEN(STR_NULL_STRING); >- >- text >- help = STRING_TOKEN(STR_ACCESS_SAVE_HELP), >- text = STRING_TOKEN(STR_SAVE), >- flags = INTERACTIVE, >- key = KEY_AP_RETURN; >- >- endform; >- >- // >- // Load device path form >- // >- form formid = FORMID_LOAD_DP, >- title = STRING_TOKEN(STR_LOAD); >- >- goto FORMID_PERMIT_LOAD_DP, >- prompt = STRING_TOKEN(STR_LOAD_PERMIT), >- help = STRING_TOKEN(STR_LOAD_PERMIT_HELP), >- flags = INTERACTIVE, >- key = KEY_LOAD_PERMIT; >- >- goto FORMID_FORBID_LOAD_DP, >- prompt = STRING_TOKEN(STR_LOAD_FORBID), >- help = STRING_TOKEN(STR_LOAD_FORBID_HELP), >- flags = INTERACTIVE, >- key = KEY_LOAD_FORBID; >- >- endform; >- >- // >- // Permit load device path form >- // >- form formid = FORMID_PERMIT_LOAD_DP, >- title = STRING_TOKEN(STR_LOAD_PERMIT); >- >- label LABEL_PERMIT_LOAD_FUNC; >- label LABEL_END; >- >- subtitle >- text = STRING_TOKEN(STR_NULL_STRING); >- >- endform; >- >- // >- // Forbid load device path form >- // >- form formid = FORMID_FORBID_LOAD_DP, >- title = STRING_TOKEN(STR_LOAD_FORBID); >- >- label LABLE_FORBID_LOAD_FUNC; >- label LABEL_END; >- >- subtitle >- text = STRING_TOKEN(STR_NULL_STRING); >- >- endform; >- >- // >- // Connect device path form >- // >- form formid = FORMID_CONNECT_DP, >- title = STRING_TOKEN(STR_CONNECT); >- >- goto FORMID_PERMIT_CONNECT_DP, >- prompt = STRING_TOKEN(STR_CONNECT_PERMIT), >- help = STRING_TOKEN(STR_CONNECT_PERMIT_HELP), >- flags = INTERACTIVE, >- key = KEY_CONNECT_PERMIT; >- >- goto FORMID_FORBID_CONNECT_DP, >- prompt = STRING_TOKEN(STR_CONNECT_FORBID), >- help = STRING_TOKEN(STR_CONNECT_FORBID_HELP), >- flags = INTERACTIVE, >- key = KEY_CONNECT_FORBID; >- >- endform; >- >- // >- // Permit connect device path form >- // >- form formid = FORMID_PERMIT_CONNECT_DP, >- title = STRING_TOKEN(STR_CONNECT_PERMIT); >- >- subtitle >- text = STRING_TOKEN(STR_NULL_STRING); >- >- endform; >- >- // >- // Forbid connect device path form >- // >- form formid = FORMID_FORBID_CONNECT_DP, >- title = STRING_TOKEN(STR_CONNECT_FORBID); >- >- subtitle >- text = STRING_TOKEN(STR_NULL_STRING); >- >- endform; >- >-endformset; >diff --git >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModify >.c >b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModify >.c >deleted file mode 100644 >index d165e5ae9b..0000000000 >--- >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModify >.c >+++ /dev/null >@@ -1,1475 +0,0 @@ >-/** @file >- The functions to modify a user profile. >- >-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >-This program and the accompanying materials >-are licensed and made available under the terms and conditions of the BSD >License >-which accompanies this distribution. The full text of the license may be >found at >-http://opensource.org/licenses/bsd-license.php >- >-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >EXPRESS OR IMPLIED. >- >-**/ >- >-#include "UserProfileManager.h" >- >-EFI_USER_PROFILE_HANDLE mModifyUser = NULL; >- >-/** >- Display user select form, cab select a user to modify. >- >-**/ >-VOID >-SelectUserToModify ( >- VOID >- ) >-{ >- EFI_STATUS Status; >- UINT8 Index; >- EFI_USER_PROFILE_HANDLE User; >- EFI_USER_PROFILE_HANDLE CurrentUser; >- UINT32 CurrentAccessRight; >- VOID *StartOpCodeHandle; >- VOID *EndOpCodeHandle; >- EFI_IFR_GUID_LABEL *StartLabel; >- EFI_IFR_GUID_LABEL *EndLabel; >- >- // >- // Initialize the container for dynamic opcodes. >- // >- StartOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (StartOpCodeHandle != NULL); >- >- EndOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (EndOpCodeHandle != NULL); >- >- // >- // Create Hii Extend Label OpCode. >- // >- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- StartOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- StartLabel->Number = LABEL_USER_MOD_FUNC; >- >- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- EndOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- EndLabel->Number = LABEL_END; >- >- // >- // Add each user can be modified. >- // >- User = NULL; >- Index = 1; >- mUserManager->Current (mUserManager, &CurrentUser); >- while (TRUE) { >- Status = mUserManager->GetNext (mUserManager, &User); >- if (EFI_ERROR (Status)) { >- break; >- } >- >- Status = GetAccessRight (&CurrentAccessRight); >- if (EFI_ERROR (Status)) { >- CurrentAccessRight = EFI_USER_INFO_ACCESS_ENROLL_SELF; >- } >- >- if ((CurrentAccessRight == EFI_USER_INFO_ACCESS_MANAGE) || (User == >CurrentUser)) { >- AddUserToForm (User, (UINT16)(KEY_MODIFY_USER | KEY_SELECT_USER >| Index), StartOpCodeHandle); >- } >- Index++; >- } >- >- HiiUpdateForm ( >- mCallbackInfo->HiiHandle, // HII handle >- &gUserProfileManagerGuid, // Formset GUID >- FORMID_MODIFY_USER, // Form ID >- StartOpCodeHandle, // Label for where to insert opcodes >- EndOpCodeHandle // Replace data >- ); >- >- HiiFreeOpCodeHandle (StartOpCodeHandle); >- HiiFreeOpCodeHandle (EndOpCodeHandle); >-} >- >- >-/** >- Get all the user info from mModifyUser in the user manager, and save on >the >- global variable. >- >-**/ >-VOID >-GetAllUserInfo ( >- VOID >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO_HANDLE UserInfo; >- EFI_USER_INFO *Info; >- UINTN InfoSize; >- UINTN MemSize; >- UINTN DataLen; >- >- // >- // Init variable to default value. >- // >- mProviderChoice = 0; >- mConncetLogical = 0; >- >- mUserInfo.CreateDateExist = FALSE; >- mUserInfo.UsageDateExist = FALSE; >- mUserInfo.UsageCount = 0; >- >- mUserInfo.AccessPolicyLen = 0; >- mUserInfo.AccessPolicyModified = FALSE; >- if (mUserInfo.AccessPolicy != NULL) { >- FreePool (mUserInfo.AccessPolicy); >- mUserInfo.AccessPolicy = NULL; >- } >- mUserInfo.IdentityPolicyLen = 0; >- mUserInfo.IdentityPolicyModified = FALSE; >- if (mUserInfo.IdentityPolicy != NULL) { >- FreePool (mUserInfo.IdentityPolicy); >- mUserInfo.IdentityPolicy = NULL; >- } >- >- // >- // Allocate user information memory. >- // >- MemSize = sizeof (EFI_USER_INFO) + 63; >- Info = AllocateZeroPool (MemSize); >- if (Info == NULL) { >- return ; >- } >- >- // >- // Get each user information. >- // >- UserInfo = NULL; >- while (TRUE) { >- Status = mUserManager->GetNextInfo (mUserManager, mModifyUser, >&UserInfo); >- if (EFI_ERROR (Status)) { >- break; >- } >- // >- // Get information. >- // >- InfoSize = MemSize; >- Status = mUserManager->GetInfo ( >- mUserManager, >- mModifyUser, >- UserInfo, >- Info, >- &InfoSize >- ); >- if (Status == EFI_BUFFER_TOO_SMALL) { >- MemSize = InfoSize; >- FreePool (Info); >- Info = AllocateZeroPool (MemSize); >- if (Info == NULL) { >- return ; >- } >- >- Status = mUserManager->GetInfo ( >- mUserManager, >- mModifyUser, >- UserInfo, >- Info, >- &InfoSize >- ); >- } >- >- if (Status == EFI_SUCCESS) { >- // >- // Deal with each information according to informaiton type. >- // >- DataLen = Info->InfoSize - sizeof (EFI_USER_INFO); >- switch (Info->InfoType) { >- case EFI_USER_INFO_NAME_RECORD: >- CopyMem (&mUserInfo.UserName, (UINT8 *) (Info + 1), DataLen); >- break; >- >- case EFI_USER_INFO_CREATE_DATE_RECORD: >- CopyMem (&mUserInfo.CreateDate, (UINT8 *) (Info + 1), DataLen); >- mUserInfo.CreateDateExist = TRUE; >- break; >- >- case EFI_USER_INFO_USAGE_DATE_RECORD: >- CopyMem (&mUserInfo.UsageDate, (UINT8 *) (Info + 1), DataLen); >- mUserInfo.UsageDateExist = TRUE; >- break; >- >- case EFI_USER_INFO_USAGE_COUNT_RECORD: >- CopyMem (&mUserInfo.UsageCount, (UINT8 *) (Info + 1), DataLen); >- break; >- >- case EFI_USER_INFO_ACCESS_POLICY_RECORD: >- mUserInfo.AccessPolicy = AllocateZeroPool (DataLen); >- if (mUserInfo.AccessPolicy == NULL) { >- break; >- } >- >- CopyMem (mUserInfo.AccessPolicy, (UINT8 *) (Info + 1), DataLen); >- mUserInfo.AccessPolicyLen = DataLen; >- break; >- >- case EFI_USER_INFO_IDENTITY_POLICY_RECORD: >- mUserInfo.IdentityPolicy = AllocateZeroPool (DataLen); >- if (mUserInfo.IdentityPolicy == NULL) { >- break; >- } >- >- CopyMem (mUserInfo.IdentityPolicy, (UINT8 *) (Info + 1), DataLen); >- mUserInfo.IdentityPolicyLen = DataLen; >- break; >- >- default: >- break; >- } >- } >- } >- FreePool (Info); >-} >- >- >-/** >- Convert the Date to a string, and update the Hii database DateID string with >it. >- >- @param[in] Date Points to the date to be converted. >- @param[in] DateId String ID in the HII database to be replaced. >- >-**/ >-VOID >-ResolveDate ( >- IN EFI_TIME *Date, >- IN EFI_STRING_ID DateId >- ) >-{ >- CHAR16 *Str; >- UINTN DateBufLen; >- >- // >- // Convert date to string. >- // >- DateBufLen = 64; >- Str = AllocateZeroPool (DateBufLen); >- if (Str == NULL) { >- return ; >- } >- >- UnicodeSPrint ( >- Str, >- DateBufLen, >- L"%4d-%2d-%2d ", >- Date->Year, >- Date->Month, >- Date->Day >- ); >- >- // >- // Convert time to string. >- // >- DateBufLen -= StrLen (Str); >- UnicodeSPrint ( >- Str + StrLen (Str), >- DateBufLen, >- L"%2d:%2d:%2d", >- Date->Hour, >- Date->Minute, >- Date->Second >- ); >- >- HiiSetString (mCallbackInfo->HiiHandle, DateId, Str, NULL); >- FreePool (Str); >-} >- >- >-/** >- Convert the CountVal to a string, and update the Hii database CountId string >- with it. >- >- @param[in] CountVal The hex value to convert. >- @param[in] CountId String ID in the HII database to be replaced. >- >-**/ >-VOID >-ResolveCount ( >- IN UINT32 CountVal, >- IN EFI_STRING_ID CountId >- ) >-{ >- CHAR16 Count[10]; >- >- UnicodeSPrint (Count, 20, L"%d", CountVal); >- HiiSetString (mCallbackInfo->HiiHandle, CountId, Count, NULL); >-} >- >- >-/** >- Concatenates one Null-terminated Unicode string to another Null- >terminated >- Unicode string. >- >- @param[in, out] Source1 On entry, point to a Null-terminated Unicode >string. >- On exit, point to a new concatenated Unicode string >- @param[in] Source2 Pointer to a Null-terminated Unicode string. >- >-**/ >-VOID >-AddStr ( >- IN OUT CHAR16 **Source1, >- IN CONST CHAR16 *Source2 >- ) >-{ >- CHAR16 *TmpStr; >- UINTN StrLength; >- >- ASSERT (Source1 != NULL); >- ASSERT (Source2 != NULL); >- >- if (*Source1 == NULL) { >- StrLength = StrSize (Source2); >- } else { >- StrLength = StrSize (*Source1); >- StrLength += StrSize (Source2) - 2; >- } >- >- TmpStr = AllocateZeroPool (StrLength); >- ASSERT (TmpStr != NULL); >- >- if (*Source1 == NULL) { >- StrCpyS (TmpStr, StrLength / sizeof (CHAR16), Source2); >- } else { >- StrCpyS (TmpStr, StrLength / sizeof (CHAR16), *Source1); >- FreePool (*Source1); >- StrCatS (TmpStr, StrLength / sizeof (CHAR16),Source2); >- } >- >- *Source1 = TmpStr; >-} >- >- >-/** >- Convert the identity policy to a unicode string and update the Hii database >- IpStringId string with it. >- >- @param[in] Ip Points to identity policy. >- @param[in] IpLen The identity policy length. >- @param[in] IpStringId String ID in the HII database to be replaced. >- >-**/ >-VOID >-ResolveIdentityPolicy ( >- IN UINT8 *Ip, >- IN UINTN IpLen, >- IN EFI_STRING_ID IpStringId >- ) >-{ >- CHAR16 *TmpStr; >- UINTN ChkLen; >- EFI_USER_INFO_IDENTITY_POLICY *Identity; >- UINT16 Index; >- CHAR16 *ProvStr; >- EFI_STRING_ID ProvId; >- EFI_HII_HANDLE HiiHandle; >- EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential; >- >- TmpStr = NULL; >- >- // >- // Resolve each policy. >- // >- ChkLen = 0; >- while (ChkLen < IpLen) { >- Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (Ip + ChkLen); >- switch (Identity->Type) { >- case EFI_USER_INFO_IDENTITY_FALSE: >- AddStr (&TmpStr, L"False"); >- break; >- >- case EFI_USER_INFO_IDENTITY_TRUE: >- AddStr (&TmpStr, L"None"); >- break; >- >- case EFI_USER_INFO_IDENTITY_NOT: >- AddStr (&TmpStr, L"! "); >- break; >- >- case EFI_USER_INFO_IDENTITY_AND: >- AddStr (&TmpStr, L" && "); >- break; >- >- case EFI_USER_INFO_IDENTITY_OR: >- AddStr (&TmpStr, L" || "); >- break; >- >- case EFI_USER_INFO_IDENTITY_CREDENTIAL_TYPE: >- for (Index = 0; Index < mProviderInfo->Count; Index++) { >- UserCredential = mProviderInfo->Provider[Index]; >- if (CompareGuid ((EFI_GUID *) (Identity + 1), &UserCredential->Type)) { >- UserCredential->Title ( >- UserCredential, >- &HiiHandle, >- &ProvId >- ); >- ProvStr = HiiGetString (HiiHandle, ProvId, NULL); >- if (ProvStr != NULL) { >- AddStr (&TmpStr, ProvStr); >- FreePool (ProvStr); >- } >- break; >- } >- } >- break; >- >- case EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER: >- for (Index = 0; Index < mProviderInfo->Count; Index++) { >- UserCredential = mProviderInfo->Provider[Index]; >- if (CompareGuid ((EFI_GUID *) (Identity + 1), &UserCredential- >>Identifier)) { >- UserCredential->Title ( >- UserCredential, >- &HiiHandle, >- &ProvId >- ); >- ProvStr = HiiGetString (HiiHandle, ProvId, NULL); >- if (ProvStr != NULL) { >- AddStr (&TmpStr, ProvStr); >- FreePool (ProvStr); >- } >- break; >- } >- } >- break; >- } >- >- ChkLen += Identity->Length; >- } >- >- if (TmpStr != NULL) { >- HiiSetString (mCallbackInfo->HiiHandle, IpStringId, TmpStr, NULL); >- FreePool (TmpStr); >- } >-} >- >- >-/** >- Display modify user information form. >- >- This form displays, username, create Date, usage date, usage count, identity >policy, >- and access policy. >- >- @param[in] UserIndex The index of the user in display list to modify. >- >-**/ >-VOID >-ModifyUserInfo ( >- IN UINT8 UserIndex >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_PROFILE_HANDLE CurrentUser; >- UINT32 CurrentAccessRight; >- VOID *StartOpCodeHandle; >- VOID *EndOpCodeHandle; >- EFI_IFR_GUID_LABEL *StartLabel; >- EFI_IFR_GUID_LABEL *EndLabel; >- >- // >- // Initialize the container for dynamic opcodes. >- // >- StartOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (StartOpCodeHandle != NULL); >- >- EndOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (EndOpCodeHandle != NULL); >- >- // >- // Create Hii Extend Label OpCode. >- // >- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- StartOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- StartLabel->Number = LABEL_USER_INFO_FUNC; >- >- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- EndOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- EndLabel->Number = LABEL_END; >- >- // >- // Find the user profile to be modified. >- // >- mModifyUser = NULL; >- Status = mUserManager->GetNext (mUserManager, &mModifyUser); >- if (EFI_ERROR (Status)) { >- return ; >- } >- >- while (UserIndex > 1) { >- Status = mUserManager->GetNext (mUserManager, &mModifyUser); >- if (EFI_ERROR (Status)) { >- return ; >- } >- UserIndex--; >- } >- >- // >- // Get user profile information. >- // >- GetAllUserInfo (); >- >- // >- // Update user name. >- HiiSetString ( >- mCallbackInfo->HiiHandle, >- STRING_TOKEN (STR_USER_NAME_VAL), >- mUserInfo.UserName, >- NULL >- ); >- >- // >- // Update create date. >- // >- if (mUserInfo.CreateDateExist) { >- ResolveDate (&mUserInfo.CreateDate, STRING_TOKEN >(STR_CREATE_DATE_VAL)); >- } else { >- HiiSetString ( >- mCallbackInfo->HiiHandle, >- STRING_TOKEN (STR_CREATE_DATE_VAL), >- L"", >- NULL >- ); >- } >- >- // >- // Add usage date. >- // >- if (mUserInfo.UsageDateExist) { >- ResolveDate (&mUserInfo.UsageDate, STRING_TOKEN >(STR_USAGE_DATE_VAL)); >- } else { >- HiiSetString ( >- mCallbackInfo->HiiHandle, >- STRING_TOKEN (STR_USAGE_DATE_VAL), >- L"", >- NULL >- ); >- } >- >- // >- // Add usage count. >- // >- ResolveCount ((UINT32) mUserInfo.UsageCount, STRING_TOKEN >(STR_USAGE_COUNT_VAL)); >- >- // >- // Add identity policy. >- // >- mUserManager->Current (mUserManager, &CurrentUser); >- if (mModifyUser == CurrentUser) { >- ResolveIdentityPolicy ( >- mUserInfo.IdentityPolicy, >- mUserInfo.IdentityPolicyLen, >- STRING_TOKEN (STR_IDENTIFY_POLICY_VAL) >- ); >- HiiCreateGotoOpCode ( >- StartOpCodeHandle, // Container for opcodes >- FORMID_MODIFY_IP, // Target Form ID >- STRING_TOKEN (STR_IDENTIFY_POLICY), // Prompt text >- STRING_TOKEN (STR_IDENTIFY_POLICY_VAL), // Help text >- EFI_IFR_FLAG_CALLBACK, // Question flag >- KEY_MODIFY_USER | KEY_SELECT_USER | KEY_MODIFY_IP // Question >ID >- ); >- } >- >- // >- // Add access policy. >- // >- Status = GetAccessRight (&CurrentAccessRight); >- if (EFI_ERROR (Status)) { >- CurrentAccessRight = EFI_USER_INFO_ACCESS_ENROLL_SELF; >- } >- >- if (CurrentAccessRight == EFI_USER_INFO_ACCESS_MANAGE) { >- HiiCreateGotoOpCode ( >- StartOpCodeHandle, // Container for opcodes >- FORMID_MODIFY_AP, // Target Form ID >- STRING_TOKEN (STR_ACCESS_POLICY), // Prompt text >- STRING_TOKEN (STR_NULL_STRING), // Help text >- EFI_IFR_FLAG_CALLBACK, // Question flag >- KEY_MODIFY_USER | KEY_SELECT_USER | KEY_MODIFY_AP // Question >ID >- ); >- } >- >- HiiUpdateForm ( >- mCallbackInfo->HiiHandle, // HII handle >- &gUserProfileManagerGuid, // Formset GUID >- FORMID_USER_INFO, // Form ID >- StartOpCodeHandle, // Label >- EndOpCodeHandle // Replace data >- ); >- >- HiiFreeOpCodeHandle (StartOpCodeHandle); >- HiiFreeOpCodeHandle (EndOpCodeHandle); >-} >- >- >-/** >- Get all the access policy info from current user info, and save in the global >- variable. >- >-**/ >-VOID >-ResolveAccessPolicy ( >- VOID >- ) >-{ >- UINTN OffSet; >- EFI_USER_INFO_ACCESS_CONTROL Control; >- UINTN ValLen; >- UINT8 *AccessData; >- >- // >- // Set default value >- // >- mAccessInfo.AccessRight = EFI_USER_INFO_ACCESS_ENROLL_SELF; >- mAccessInfo.AccessSetup = ACCESS_SETUP_RESTRICTED; >- mAccessInfo.AccessBootOrder = >EFI_USER_INFO_ACCESS_BOOT_ORDER_INSERT; >- >- mAccessInfo.LoadPermitLen = 0; >- mAccessInfo.LoadForbidLen = 0; >- mAccessInfo.ConnectPermitLen = 0; >- mAccessInfo.ConnectForbidLen = 0; >- >- // >- // Get each user access policy. >- // >- OffSet = 0; >- while (OffSet < mUserInfo.AccessPolicyLen) { >- CopyMem (&Control, mUserInfo.AccessPolicy + OffSet, sizeof (Control)); >- ValLen = Control.Size - sizeof (Control); >- switch (Control.Type) { >- case EFI_USER_INFO_ACCESS_ENROLL_SELF: >- mAccessInfo.AccessRight = EFI_USER_INFO_ACCESS_ENROLL_SELF; >- break; >- >- case EFI_USER_INFO_ACCESS_ENROLL_OTHERS: >- mAccessInfo.AccessRight = EFI_USER_INFO_ACCESS_ENROLL_OTHERS; >- break; >- >- case EFI_USER_INFO_ACCESS_MANAGE: >- mAccessInfo.AccessRight = EFI_USER_INFO_ACCESS_MANAGE; >- break; >- >- case EFI_USER_INFO_ACCESS_SETUP: >- AccessData = mUserInfo.AccessPolicy + OffSet + sizeof (Control); >- if (CompareGuid ((EFI_GUID *) AccessData, >&gEfiUserInfoAccessSetupNormalGuid)) { >- mAccessInfo.AccessSetup = ACCESS_SETUP_NORMAL; >- } else if (CompareGuid ((EFI_GUID *) AccessData, >&gEfiUserInfoAccessSetupRestrictedGuid)) { >- mAccessInfo.AccessSetup = ACCESS_SETUP_RESTRICTED; >- } else if (CompareGuid ((EFI_GUID *) AccessData, >&gEfiUserInfoAccessSetupAdminGuid)) { >- mAccessInfo.AccessSetup = ACCESS_SETUP_ADMIN; >- } >- break; >- >- case EFI_USER_INFO_ACCESS_BOOT_ORDER: >- AccessData = mUserInfo.AccessPolicy + OffSet + sizeof (Control); >- CopyMem (&mAccessInfo.AccessBootOrder, AccessData, sizeof (UINT32)); >- break; >- >- case EFI_USER_INFO_ACCESS_FORBID_LOAD: >- if (mAccessInfo.LoadForbid != NULL) { >- FreePool (mAccessInfo.LoadForbid); >- } >- >- mAccessInfo.LoadForbid = AllocateZeroPool (ValLen); >- if (mAccessInfo.LoadForbid != NULL) { >- AccessData = mUserInfo.AccessPolicy + OffSet + sizeof (Control); >- CopyMem (mAccessInfo.LoadForbid, AccessData, ValLen); >- mAccessInfo.LoadForbidLen = ValLen; >- } >- break; >- >- case EFI_USER_INFO_ACCESS_PERMIT_LOAD: >- if (mAccessInfo.LoadPermit != NULL) { >- FreePool (mAccessInfo.LoadPermit); >- } >- >- mAccessInfo.LoadPermit = AllocateZeroPool (ValLen); >- if (mAccessInfo.LoadPermit != NULL) { >- AccessData = mUserInfo.AccessPolicy + OffSet + sizeof (Control); >- CopyMem (mAccessInfo.LoadPermit, AccessData, ValLen); >- mAccessInfo.LoadPermitLen = ValLen; >- } >- break; >- >- case EFI_USER_INFO_ACCESS_FORBID_CONNECT: >- if (mAccessInfo.ConnectForbid != NULL) { >- FreePool (mAccessInfo.ConnectForbid); >- } >- >- mAccessInfo.ConnectForbid = AllocateZeroPool (ValLen); >- if (mAccessInfo.ConnectForbid != NULL) { >- AccessData = mUserInfo.AccessPolicy + OffSet + sizeof (Control); >- CopyMem (mAccessInfo.ConnectForbid, AccessData, ValLen); >- mAccessInfo.ConnectForbidLen = ValLen; >- } >- break; >- >- case EFI_USER_INFO_ACCESS_PERMIT_CONNECT: >- if (mAccessInfo.ConnectPermit != NULL) { >- FreePool (mAccessInfo.ConnectPermit); >- } >- >- mAccessInfo.ConnectPermit = AllocateZeroPool (ValLen); >- if (mAccessInfo.ConnectPermit != NULL) { >- AccessData = mUserInfo.AccessPolicy + OffSet + sizeof (Control); >- CopyMem (mAccessInfo.ConnectPermit, AccessData, ValLen); >- mAccessInfo.ConnectPermitLen = ValLen; >- } >- break; >- } >- >- OffSet += Control.Size; >- } >-} >- >- >-/** >- Find the specified info in User profile by the InfoType. >- >- @param[in] User Handle of the user whose information will be >searched. >- @param[in] InfoType The user information type to find. >- @param[out] UserInfo Points to user information handle found. >- >- @retval EFI_SUCCESS Find the user information successfully. >- @retval Others Fail to find the user information. >- >-**/ >-EFI_STATUS >-FindInfoByType ( >- IN EFI_USER_PROFILE_HANDLE User, >- IN UINT8 InfoType, >- OUT EFI_USER_INFO_HANDLE *UserInfo >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO *Info; >- UINTN InfoSize; >- UINTN MemSize; >- >- if (UserInfo == NULL) { >- return EFI_INVALID_PARAMETER; >- } >- >- *UserInfo = NULL; >- // >- // Allocate user information memory. >- // >- MemSize = sizeof (EFI_USER_INFO) + 63; >- Info = AllocateZeroPool (MemSize); >- if (Info == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- >- // >- // Get each user information. >- // >- while (TRUE) { >- Status = mUserManager->GetNextInfo (mUserManager, User, UserInfo); >- if (EFI_ERROR (Status)) { >- break; >- } >- // >- // Get information. >- // >- InfoSize = MemSize; >- Status = mUserManager->GetInfo ( >- mUserManager, >- User, >- *UserInfo, >- Info, >- &InfoSize >- ); >- if (Status == EFI_BUFFER_TOO_SMALL) { >- MemSize = InfoSize; >- FreePool (Info); >- Info = AllocateZeroPool (MemSize); >- if (Info == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- Status = mUserManager->GetInfo ( >- mUserManager, >- User, >- *UserInfo, >- Info, >- &InfoSize >- ); >- } >- if (Status == EFI_SUCCESS) { >- if (Info->InfoType == InfoType) { >- break; >- } >- } >- } >- >- FreePool (Info); >- return Status; >-} >- >- >-/** >- Display modify user access policy form. >- >- In this form, access right, access setup and access boot order are dynamically >- added. Load devicepath and connect devicepath are displayed too. >- >-**/ >-VOID >-ModidyAccessPolicy ( >- VOID >- ) >-{ >- VOID *StartOpCodeHandle; >- VOID *EndOpCodeHandle; >- VOID *OptionsOpCodeHandle; >- EFI_IFR_GUID_LABEL *StartLabel; >- EFI_IFR_GUID_LABEL *EndLabel; >- VOID *DefaultOpCodeHandle; >- >- // >- // Initialize the container for dynamic opcodes. >- // >- StartOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (StartOpCodeHandle != NULL); >- >- EndOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (EndOpCodeHandle != NULL); >- >- // >- // Create Hii Extend Label OpCode. >- // >- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- StartOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- StartLabel->Number = LABEL_AP_MOD_FUNC; >- >- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- EndOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- EndLabel->Number = LABEL_END; >- >- >- // >- // Resolve access policy information. >- // >- ResolveAccessPolicy (); >- >- // >- // Add access right one-of-code. >- // >- OptionsOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (OptionsOpCodeHandle != NULL); >- DefaultOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (DefaultOpCodeHandle != NULL); >- >- HiiCreateOneOfOptionOpCode ( >- OptionsOpCodeHandle, >- STRING_TOKEN (STR_NORMAL), >- 0, >- EFI_IFR_NUMERIC_SIZE_1, >- EFI_USER_INFO_ACCESS_ENROLL_SELF >- ); >- >- HiiCreateOneOfOptionOpCode ( >- OptionsOpCodeHandle, >- STRING_TOKEN (STR_ENROLL), >- 0, >- EFI_IFR_NUMERIC_SIZE_1, >- EFI_USER_INFO_ACCESS_ENROLL_OTHERS >- ); >- >- HiiCreateOneOfOptionOpCode ( >- OptionsOpCodeHandle, >- STRING_TOKEN (STR_MANAGE), >- 0, >- EFI_IFR_NUMERIC_SIZE_1, >- EFI_USER_INFO_ACCESS_MANAGE >- ); >- >- HiiCreateDefaultOpCode ( >- DefaultOpCodeHandle, >- EFI_HII_DEFAULT_CLASS_STANDARD, >- EFI_IFR_NUMERIC_SIZE_1, >- mAccessInfo.AccessRight >- ); >- >- HiiCreateOneOfOpCode ( >- StartOpCodeHandle, // Container for dynamic created opcodes >- KEY_MODIFY_USER | KEY_SELECT_USER | KEY_MODIFY_AP | >KEY_MODIFY_RIGHT, // Question ID >- 0, // VarStore ID >- 0, // Offset in Buffer Storage >- STRING_TOKEN (STR_ACCESS_RIGHT), // Question prompt text >- STRING_TOKEN (STR_ACCESS_RIGHT_HELP), // Question help text >- EFI_IFR_FLAG_CALLBACK, // Question flag >- EFI_IFR_NUMERIC_SIZE_1, // Data type of Question Value >- OptionsOpCodeHandle, // Option Opcode list >- DefaultOpCodeHandle // Default Opcode >- ); >- HiiFreeOpCodeHandle (DefaultOpCodeHandle); >- HiiFreeOpCodeHandle (OptionsOpCodeHandle); >- >- >- // >- // Add setup type one-of-code. >- // >- OptionsOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (OptionsOpCodeHandle != NULL); >- DefaultOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (DefaultOpCodeHandle != NULL); >- >- HiiCreateOneOfOptionOpCode ( >- OptionsOpCodeHandle, >- STRING_TOKEN (STR_RESTRICTED), >- 0, >- EFI_IFR_NUMERIC_SIZE_1, >- ACCESS_SETUP_RESTRICTED >- ); >- >- HiiCreateOneOfOptionOpCode ( >- OptionsOpCodeHandle, >- STRING_TOKEN (STR_NORMAL), >- 0, >- EFI_IFR_NUMERIC_SIZE_1, >- ACCESS_SETUP_NORMAL >- ); >- >- HiiCreateOneOfOptionOpCode ( >- OptionsOpCodeHandle, >- STRING_TOKEN (STR_ADMIN), >- 0, >- EFI_IFR_NUMERIC_SIZE_1, >- ACCESS_SETUP_ADMIN >- ); >- >- HiiCreateDefaultOpCode ( >- DefaultOpCodeHandle, >- EFI_HII_DEFAULT_CLASS_STANDARD, >- EFI_IFR_NUMERIC_SIZE_1, >- mAccessInfo.AccessSetup >- ); >- >- HiiCreateOneOfOpCode ( >- StartOpCodeHandle, // Container for dynamic created opcodes >- KEY_MODIFY_USER | KEY_SELECT_USER | KEY_MODIFY_AP | >KEY_MODIFY_SETUP, // Question ID >- 0, // VarStore ID >- 0, // Offset in Buffer Storage >- STRING_TOKEN (STR_ACCESS_SETUP), // Question prompt text >- STRING_TOKEN (STR_ACCESS_SETUP_HELP), // Question help text >- EFI_IFR_FLAG_CALLBACK, // Question flag >- EFI_IFR_NUMERIC_SIZE_1, // Data type of Question Value >- OptionsOpCodeHandle, // Option Opcode list >- DefaultOpCodeHandle // Default Opcode >- ); >- HiiFreeOpCodeHandle (DefaultOpCodeHandle); >- HiiFreeOpCodeHandle (OptionsOpCodeHandle); >- >- // >- // Add boot order one-of-code. >- // >- OptionsOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (OptionsOpCodeHandle != NULL); >- DefaultOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (DefaultOpCodeHandle != NULL); >- >- HiiCreateOneOfOptionOpCode ( >- OptionsOpCodeHandle, >- STRING_TOKEN (STR_INSERT), >- 0, >- EFI_IFR_NUMERIC_SIZE_4, >- EFI_USER_INFO_ACCESS_BOOT_ORDER_INSERT >- ); >- >- HiiCreateOneOfOptionOpCode ( >- OptionsOpCodeHandle, >- STRING_TOKEN (STR_APPEND), >- 0, >- EFI_IFR_NUMERIC_SIZE_4, >- EFI_USER_INFO_ACCESS_BOOT_ORDER_APPEND >- ); >- >- HiiCreateOneOfOptionOpCode ( >- OptionsOpCodeHandle, >- STRING_TOKEN (STR_REPLACE), >- 0, >- EFI_IFR_NUMERIC_SIZE_4, >- EFI_USER_INFO_ACCESS_BOOT_ORDER_REPLACE >- ); >- >- HiiCreateOneOfOptionOpCode ( >- OptionsOpCodeHandle, >- STRING_TOKEN (STR_NODEFAULT), >- 0, >- EFI_IFR_NUMERIC_SIZE_4, >- EFI_USER_INFO_ACCESS_BOOT_ORDER_NODEFAULT >- ); >- >- HiiCreateDefaultOpCode ( >- DefaultOpCodeHandle, >- EFI_HII_DEFAULT_CLASS_STANDARD, >- EFI_IFR_NUMERIC_SIZE_4, >- mAccessInfo.AccessBootOrder >- ); >- >- HiiCreateOneOfOpCode ( >- StartOpCodeHandle, // Container for dynamic created opcodes >- KEY_MODIFY_USER | KEY_SELECT_USER | KEY_MODIFY_AP | >KEY_MODIFY_BOOT, // Question ID >- 0, // VarStore ID >- 0, // Offset in Buffer Storage >- STRING_TOKEN (STR_BOOR_ORDER), // Question prompt text >- STRING_TOKEN (STR_BOOT_ORDER_HELP), // Question help text >- EFI_IFR_FLAG_CALLBACK, // Question flag >- EFI_IFR_NUMERIC_SIZE_1, // Data type of Question Value >- OptionsOpCodeHandle, // Option Opcode list >- DefaultOpCodeHandle // Default Opcode >- ); >- HiiFreeOpCodeHandle (DefaultOpCodeHandle); >- HiiFreeOpCodeHandle (OptionsOpCodeHandle); >- >- // >- // Update Form. >- // >- HiiUpdateForm ( >- mCallbackInfo->HiiHandle, // HII handle >- &gUserProfileManagerGuid, // Formset GUID >- FORMID_MODIFY_AP, // Form ID >- StartOpCodeHandle, // Label for where to insert opcodes >- EndOpCodeHandle // Replace data >- ); >- >- HiiFreeOpCodeHandle (StartOpCodeHandle); >- HiiFreeOpCodeHandle (EndOpCodeHandle); >-} >- >- >-/** >- Expand access policy memory size. >- >- @param[in] ValidLen The valid access policy length. >- @param[in] ExpandLen The length that is needed to expand. >- >-**/ >-VOID >-ExpandMemory ( >- IN UINTN ValidLen, >- IN UINTN ExpandLen >- ) >-{ >- UINT8 *Mem; >- UINTN Len; >- >- // >- // Expand memory. >- // >- Len = mUserInfo.AccessPolicyLen + (ExpandLen / 64 + 1) * 64; >- Mem = AllocateZeroPool (Len); >- ASSERT (Mem != NULL); >- >- if (mUserInfo.AccessPolicy != NULL) { >- CopyMem (Mem, mUserInfo.AccessPolicy, ValidLen); >- FreePool (mUserInfo.AccessPolicy); >- } >- >- mUserInfo.AccessPolicy = Mem; >- mUserInfo.AccessPolicyLen = Len; >-} >- >- >-/** >- Get the username from user input, and update username string in the Hii >- database with it. >- >-**/ >-VOID >-ModifyUserName ( >- VOID >- ) >-{ >- EFI_STATUS Status; >- CHAR16 UserName[USER_NAME_LENGTH]; >- UINTN Len; >- EFI_INPUT_KEY Key; >- EFI_USER_INFO_HANDLE UserInfo; >- EFI_USER_INFO *Info; >- EFI_USER_PROFILE_HANDLE TempUser; >- >- // >- // Get the new user name. >- // >- Len = sizeof (UserName); >- Status = GetUserNameInput (&Len, UserName); >- if (EFI_ERROR (Status)) { >- if (Status != EFI_ABORTED) { >- CreatePopUp ( >- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >- &Key, >- L"Failed To Get User Name.", >- L"", >- L"Please Press Any Key to Continue ...", >- NULL >- ); >- } >- return ; >- } >- >- // >- // Check whether the username had been used or not. >- // >- Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + Len); >- if (Info == NULL) { >- return ; >- } >- >- Info->InfoType = EFI_USER_INFO_NAME_RECORD; >- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >- EFI_USER_INFO_PUBLIC | >- EFI_USER_INFO_EXCLUSIVE; >- Info->InfoSize = (UINT32) (sizeof (EFI_USER_INFO) + Len); >- CopyMem ((UINT8 *) (Info + 1), UserName, Len); >- >- TempUser = NULL; >- Status = mUserManager->Find ( >- mUserManager, >- &TempUser, >- NULL, >- Info, >- Info->InfoSize >- ); >- if (!EFI_ERROR (Status)) { >- CreatePopUp ( >- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >- &Key, >- L"The User Name Had Been Used.", >- L"", >- L"Please Use Other User Name", >- NULL >- ); >- FreePool (Info); >- return ; >- } >- >- // >- // Update username display in the form. >- // >- CopyMem (mUserInfo.UserName, UserName, Len); >- HiiSetString ( >- mCallbackInfo->HiiHandle, >- STRING_TOKEN (STR_USER_NAME_VAL), >- mUserInfo.UserName, >- NULL >- ); >- >- // >- // Save the user name. >- // >- Status = FindInfoByType (mModifyUser, EFI_USER_INFO_NAME_RECORD, >&UserInfo); >- if (!EFI_ERROR (Status)) { >- mUserManager->SetInfo ( >- mUserManager, >- mModifyUser, >- &UserInfo, >- Info, >- Info->InfoSize >- ); >- } >- FreePool (Info); >-} >- >- >-/** >- Display the form of the modifying user identity policy. >- >-**/ >-VOID >-ModifyIdentityPolicy ( >- VOID >- ) >-{ >- UINTN Index; >- CHAR16 *ProvStr; >- EFI_STRING_ID ProvID; >- EFI_HII_HANDLE HiiHandle; >- VOID *OptionsOpCodeHandle; >- VOID *StartOpCodeHandle; >- VOID *EndOpCodeHandle; >- EFI_IFR_GUID_LABEL *StartLabel; >- EFI_IFR_GUID_LABEL *EndLabel; >- >- // >- // Initialize the container for dynamic opcodes. >- // >- StartOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (StartOpCodeHandle != NULL); >- >- EndOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (EndOpCodeHandle != NULL); >- >- // >- // Create Hii Extend Label OpCode. >- // >- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- StartOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- StartLabel->Number = LABEL_IP_MOD_FUNC; >- >- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >- EndOpCodeHandle, >- &gEfiIfrTianoGuid, >- NULL, >- sizeof (EFI_IFR_GUID_LABEL) >- ); >- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >- EndLabel->Number = LABEL_END; >- >- // >- // Add credential providers >- //. >- if (mProviderInfo->Count > 0) { >- OptionsOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (OptionsOpCodeHandle != NULL); >- >- // >- // Add credential provider Option OpCode. >- // >- for (Index = 0; Index < mProviderInfo->Count; Index++) { >- mProviderInfo->Provider[Index]->Title ( >- mProviderInfo->Provider[Index], >- &HiiHandle, >- &ProvID >- ); >- ProvStr = HiiGetString (HiiHandle, ProvID, NULL); >- ProvID = HiiSetString (mCallbackInfo->HiiHandle, 0, ProvStr, NULL); >- FreePool (ProvStr); >- if (ProvID == 0) { >- return ; >- } >- >- HiiCreateOneOfOptionOpCode ( >- OptionsOpCodeHandle, >- ProvID, >- 0, >- EFI_IFR_NUMERIC_SIZE_1, >- (UINT8) Index >- ); >- } >- >- HiiCreateOneOfOpCode ( >- StartOpCodeHandle, // Container for dynamic created opcodes >- KEY_MODIFY_USER | KEY_SELECT_USER | KEY_MODIFY_IP | >KEY_MODIFY_PROV, // Question ID >- 0, // VarStore ID >- 0, // Offset in Buffer Storage >- STRING_TOKEN (STR_PROVIDER), // Question prompt text >- STRING_TOKEN (STR_PROVIDER_HELP), // Question help text >- EFI_IFR_FLAG_CALLBACK, // Question flag >- EFI_IFR_NUMERIC_SIZE_1, // Data type of Question Value >- OptionsOpCodeHandle, // Option Opcode list >- NULL // Default Opcode is NULl >- ); >- >- HiiFreeOpCodeHandle (OptionsOpCodeHandle); >- } >- >- // >- // Add logical connector Option OpCode. >- // >- OptionsOpCodeHandle = HiiAllocateOpCodeHandle (); >- ASSERT (OptionsOpCodeHandle != NULL); >- >- HiiCreateOneOfOptionOpCode ( >- OptionsOpCodeHandle, >- STRING_TOKEN (STR_AND_CON), >- 0, >- EFI_IFR_NUMERIC_SIZE_1, >- 0 >- ); >- >- HiiCreateOneOfOptionOpCode ( >- OptionsOpCodeHandle, >- STRING_TOKEN (STR_OR_CON), >- 0, >- EFI_IFR_NUMERIC_SIZE_1, >- 1 >- ); >- >- HiiCreateOneOfOpCode ( >- StartOpCodeHandle, // Container for dynamic created opcodes >- KEY_MODIFY_USER | KEY_SELECT_USER | KEY_MODIFY_IP | >KEY_MODIFY_CONN, // Question ID >- 0, // VarStore ID >- 0, // Offset in Buffer Storage >- STRING_TOKEN (STR_CONNECTOR), // Question prompt text >- STRING_TOKEN (STR_CONNECTOR_HELP), // Question help text >- EFI_IFR_FLAG_CALLBACK, // Question flag >- EFI_IFR_NUMERIC_SIZE_1, // Data type of Question Value >- OptionsOpCodeHandle, // Option Opcode list >- NULL // Default Opcode is NULl >- ); >- >- HiiFreeOpCodeHandle (OptionsOpCodeHandle); >- >- // >- // Update identity policy in the form. >- // >- ResolveIdentityPolicy ( >- mUserInfo.IdentityPolicy, >- mUserInfo.IdentityPolicyLen, >- STRING_TOKEN (STR_IDENTIFY_POLICY_VALUE) >- ); >- >- if (mUserInfo.NewIdentityPolicy != NULL) { >- FreePool (mUserInfo.NewIdentityPolicy); >- mUserInfo.NewIdentityPolicy = NULL; >- mUserInfo.NewIdentityPolicyLen = 0; >- mUserInfo.NewIdentityPolicyModified = FALSE; >- } >- mProviderChoice = 0; >- mConncetLogical = 0; >- >- HiiUpdateForm ( >- mCallbackInfo->HiiHandle, // HII handle >- &gUserProfileManagerGuid, // Formset GUID >- FORMID_MODIFY_IP, // Form ID >- StartOpCodeHandle, // Label for where to insert opcodes >- EndOpCodeHandle // Replace data >- ); >- >- HiiFreeOpCodeHandle (StartOpCodeHandle); >- HiiFreeOpCodeHandle (EndOpCodeHandle); >-} >- >- >-/** >- Get current user's access right. >- >- @param[out] AccessRight Points to the buffer used for user's access right. >- >- @retval EFI_SUCCESS Get current user access right successfully. >- @retval others Fail to get current user access right. >- >-**/ >-EFI_STATUS >-GetAccessRight ( >- OUT UINT32 *AccessRight >- ) >-{ >- EFI_STATUS Status; >- EFI_USER_INFO_HANDLE UserInfo; >- EFI_USER_INFO *Info; >- UINTN InfoSize; >- UINTN MemSize; >- EFI_USER_INFO_ACCESS_CONTROL Access; >- EFI_USER_PROFILE_HANDLE CurrentUser; >- UINTN TotalLen; >- UINTN CheckLen; >- >- // >- // Allocate user information memory. >- // >- MemSize = sizeof (EFI_USER_INFO) + 63; >- Info = AllocateZeroPool (MemSize); >- if (Info == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- >- // >- // Get user access information. >- // >- UserInfo = NULL; >- mUserManager->Current (mUserManager, &CurrentUser); >- while (TRUE) { >- InfoSize = MemSize; >- // >- // Get next user information. >- // >- Status = mUserManager->GetNextInfo (mUserManager, CurrentUser, >&UserInfo); >- if (EFI_ERROR (Status)) { >- break; >- } >- >- Status = mUserManager->GetInfo ( >- mUserManager, >- CurrentUser, >- UserInfo, >- Info, >- &InfoSize >- ); >- if (Status == EFI_BUFFER_TOO_SMALL) { >- MemSize = InfoSize; >- FreePool (Info); >- Info = AllocateZeroPool (MemSize); >- if (Info == NULL) { >- return EFI_OUT_OF_RESOURCES; >- } >- Status = mUserManager->GetInfo ( >- mUserManager, >- CurrentUser, >- UserInfo, >- Info, >- &InfoSize >- ); >- } >- if (EFI_ERROR (Status)) { >- break; >- } >- >- // >- // Check user information. >- // >- if (Info->InfoType == EFI_USER_INFO_ACCESS_POLICY_RECORD) { >- TotalLen = Info->InfoSize - sizeof (EFI_USER_INFO); >- CheckLen = 0; >- // >- // Get specified access information. >- // >- while (CheckLen < TotalLen) { >- CopyMem (&Access, (UINT8 *) (Info + 1) + CheckLen, sizeof (Access)); >- if ((Access.Type == EFI_USER_INFO_ACCESS_ENROLL_SELF) || >- (Access.Type == EFI_USER_INFO_ACCESS_ENROLL_OTHERS) || >- (Access.Type == EFI_USER_INFO_ACCESS_MANAGE) >- ) { >- *AccessRight = Access.Type; >- FreePool (Info); >- return EFI_SUCCESS; >- } >- CheckLen += Access.Size; >- } >- } >- } >- FreePool (Info); >- return EFI_NOT_FOUND; >-} >- >-- >2.16.2.windows.1 > >_______________________________________________ >edk2-devel mailing list >edk2-devel@lists.01.org >https://lists.01.org/mailman/listinfo/edk2-devel ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] SecurityPkg: Remove code under UserIdentification folder. 2019-01-09 1:54 ` Chen, Chen A @ 2019-01-09 2:17 ` Gao, Liming 0 siblings, 0 replies; 4+ messages in thread From: Gao, Liming @ 2019-01-09 2:17 UTC (permalink / raw) To: Chen, Chen A, edk2-devel@lists.01.org; +Cc: Zhang, Chao B When you update the patch, please also add BZ URL in the commit message. Thanks Liming >-----Original Message----- >From: Chen, Chen A >Sent: Wednesday, January 09, 2019 9:55 AM >To: Gao, Liming <liming.gao@intel.com>; edk2-devel@lists.01.org >Cc: Zhang, Chao B <chao.b.zhang@intel.com> >Subject: RE: [edk2] [PATCH] SecurityPkg: Remove code under >UserIdentification folder. > >Yes, Chao has filed on BZ1427. > >-----Original Message----- >From: Gao, Liming >Sent: Wednesday, January 9, 2019 9:39 AM >To: Chen, Chen A <chen.a.chen@intel.com>; edk2-devel@lists.01.org >Cc: Zhang, Chao B <chao.b.zhang@intel.com> >Subject: RE: [edk2] [PATCH] SecurityPkg: Remove code under >UserIdentification folder. > >Could you create BZ for this change? > >>-----Original Message----- >>From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of >>chenche4 >>Sent: Wednesday, January 09, 2019 9:09 AM >>To: edk2-devel@lists.01.org >>Cc: Zhang, Chao B <chao.b.zhang@intel.com> >>Subject: [edk2] [PATCH] SecurityPkg: Remove code under UserIdentification >>folder. >> >>1. UserIdentifyManagerDxe is used to provide UserManagerProtocol. >>2. UserProfileManagerDxe provide UI setting >>3. PwdCredentialProviderDxe & UsbCredentialProviderDxe are >>implementation >> examples. >> >>Remove above features because of no platform use it. >> >>Cc: Zhang Chao B <chao.b.zhang@intel.com> >>Contributed-under: TianoCore Contribution Agreement 1.1 >>Signed-off-by: Chen A Chen <chen.a.chen@intel.com> >>--- >> .../Include/Guid/UsbCredentialProviderHii.h | 29 - >> SecurityPkg/Include/Guid/UserIdentifyManagerHii.h | 25 - >> SecurityPkg/Include/Guid/UserProfileManagerHii.h | 25 - >> SecurityPkg/SecurityPkg.dec | 12 - >> SecurityPkg/SecurityPkg.dsc | 4 - >> .../PwdCredentialProvider.c | 1464 -------- >> .../PwdCredentialProvider.h | 374 -- >> .../PwdCredentialProvider.uni | 21 - >> .../PwdCredentialProviderData.h | 30 - >> .../PwdCredentialProviderDxe.inf | 65 - >> .../PwdCredentialProviderExtra.uni | 19 - >> .../PwdCredentialProviderStrings.uni | 38 - >> .../PwdCredentialProviderVfr.Vfr | 34 - >> .../UsbCredentialProvider.c | 1410 -------- >> .../UsbCredentialProvider.h | 361 -- >> .../UsbCredentialProvider.uni | 23 - >> .../UsbCredentialProviderDxe.inf | 70 - >> .../UsbCredentialProviderExtra.uni | 19 - >> .../UsbCredentialProviderStrings.uni | 29 - >> .../UserIdentifyManagerDxe/LoadDeferredImage.c | 148 - >> .../UserIdentifyManagerDxe/UserIdentifyManager.c | 3766 ------------------ >-- >> .../UserIdentifyManagerDxe/UserIdentifyManager.h | 413 --- >> .../UserIdentifyManagerDxe/UserIdentifyManager.uni | 21 - >> .../UserIdentifyManagerData.h | 35 - >> .../UserIdentifyManagerDxe.inf | 79 - >> .../UserIdentifyManagerExtra.uni | 19 - >> .../UserIdentifyManagerStrings.uni | 27 - >> .../UserIdentifyManagerVfr.Vfr | 43 - >> .../UserProfileManagerDxe/ModifyAccessPolicy.c | 688 ---- >> .../UserProfileManagerDxe/ModifyIdentityPolicy.c | 516 --- >> .../UserProfileManagerDxe/UserProfileAdd.c | 372 -- >> .../UserProfileManagerDxe/UserProfileDelete.c | 343 -- >> .../UserProfileManagerDxe/UserProfileManager.c | 887 ----- >> .../UserProfileManagerDxe/UserProfileManager.h | 444 --- >> .../UserProfileManagerDxe/UserProfileManager.uni | 22 - >> .../UserProfileManagerDxe/UserProfileManagerData.h | 158 - >> .../UserProfileManagerDxe.inf | 72 - >> .../UserProfileManagerExtra.uni | 19 - >> .../UserProfileManagerStrings.uni | 158 - >> .../UserProfileManagerVfr.Vfr | 244 -- >> .../UserProfileManagerDxe/UserProfileModify.c | 1475 -------- >> 41 files changed, 14001 deletions(-) >> delete mode 100644 SecurityPkg/Include/Guid/UsbCredentialProviderHii.h >> delete mode 100644 SecurityPkg/Include/Guid/UserIdentifyManagerHii.h >> delete mode 100644 SecurityPkg/Include/Guid/UserProfileManagerHii.h >> delete mode 100644 >>SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialPr >o >>vider.c >> delete mode 100644 >>SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialPr >o >>vider.h >> delete mode 100644 >>SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialPr >o >>vider.uni >> delete mode 100644 >>SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialPr >o >>viderData.h >> delete mode 100644 >>SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialPr >o >>viderDxe.inf >> delete mode 100644 >>SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialPr >o >>viderExtra.uni >> delete mode 100644 >>SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialPr >o >>viderStrings.uni >> delete mode 100644 >>SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialPr >o >>viderVfr.Vfr >> delete mode 100644 >>SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >o >>vider.c >> delete mode 100644 >>SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >o >>vider.h >> delete mode 100644 >>SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >o >>vider.uni >> delete mode 100644 >>SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >o >>viderDxe.inf >> delete mode 100644 >>SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >o >>viderExtra.uni >> delete mode 100644 >>SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >o >>viderStrings.uni >> delete mode 100644 >>SecurityPkg/UserIdentification/UserIdentifyManagerDxe/LoadDeferredIma >g >>e.c >> delete mode 100644 >>SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMana >g >>er.c >> delete mode 100644 >>SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMana >g >>er.h >> delete mode 100644 >>SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMana >g >>er.uni >> delete mode 100644 >>SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMana >g >>erData.h >> delete mode 100644 >>SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMana >g >>erDxe.inf >> delete mode 100644 >>SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMana >g >>erExtra.uni >> delete mode 100644 >>SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMana >g >>erStrings.uni >> delete mode 100644 >>SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMana >g >>erVfr.Vfr >> delete mode 100644 >>SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyAccessPolicy. >>c >> delete mode 100644 >>SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyIdentityPolic >y >>.c >> delete mode 100644 >>SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileAdd.c >> delete mode 100644 >>SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileDelete.c >> delete mode 100644 >>SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManage >r. >>c >> delete mode 100644 >>SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManage >r. >>h >> delete mode 100644 >>SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManage >r. >>uni >> delete mode 100644 >>SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManage >r >>Data.h >> delete mode 100644 >>SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManage >r >>Dxe.inf >> delete mode 100644 >>SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManage >r >>Extra.uni >> delete mode 100644 >>SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManage >r >>Strings.uni >> delete mode 100644 >>SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManage >r >>Vfr.Vfr >> delete mode 100644 >>SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModify. >c >> >>diff --git a/SecurityPkg/Include/Guid/UsbCredentialProviderHii.h >>b/SecurityPkg/Include/Guid/UsbCredentialProviderHii.h >>deleted file mode 100644 >>index 059d68f32e..0000000000 >>--- a/SecurityPkg/Include/Guid/UsbCredentialProviderHii.h >>+++ /dev/null >>@@ -1,29 +0,0 @@ >>-/** @file >>- GUID used as HII Package list GUID in UsbCredentialProviderDxe driver. >>- >>-Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR> >>-This program and the accompanying materials >>-are licensed and made available under the terms and conditions of the BSD >>License >>-which accompanies this distribution. The full text of the license may be >>found at >>-http://opensource.org/licenses/bsd-license.php >>- >>-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >>-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>- >>-**/ >>- >>-#ifndef __USB_CREDENTIAL_PROVIDER_HII_H__ >>-#define __USB_CREDENTIAL_PROVIDER_HII_H__ >>- >>-// >>-// Used for save password credential and form browser >>-// And used as provider identifier >>-// >>-#define USB_CREDENTIAL_PROVIDER_GUID \ >>- { \ >>- 0xd0849ed1, 0xa88c, 0x4ba6, { 0xb1, 0xd6, 0xab, 0x50, 0xe2, 0x80, 0xb7, >>0xa9 }\ >>- } >>- >>-extern EFI_GUID gUsbCredentialProviderGuid; >>- >>-#endif >>diff --git a/SecurityPkg/Include/Guid/UserIdentifyManagerHii.h >>b/SecurityPkg/Include/Guid/UserIdentifyManagerHii.h >>deleted file mode 100644 >>index 323c51f0f6..0000000000 >>--- a/SecurityPkg/Include/Guid/UserIdentifyManagerHii.h >>+++ /dev/null >>@@ -1,25 +0,0 @@ >>-/** @file >>- GUID used as HII FormSet and HII Package list GUID in >>UserIdentifyManagerDxe driver. >>- >>-Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR> >>-This program and the accompanying materials >>-are licensed and made available under the terms and conditions of the BSD >>License >>-which accompanies this distribution. The full text of the license may be >>found at >>-http://opensource.org/licenses/bsd-license.php >>- >>-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >>-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>- >>-**/ >>- >>-#ifndef __USER_IDENTIFY_MANAGER_HII_H__ >>-#define __USER_IDENTIFY_MANAGER_HII_H__ >>- >>-#define USER_IDENTIFY_MANAGER_GUID \ >>- { \ >>- 0x3ccd3dd8, 0x8d45, 0x4fed, { 0x96, 0x2d, 0x2b, 0x38, 0xcd, 0x82, 0xb3, >>0xc4 } \ >>- } >>- >>-extern EFI_GUID gUserIdentifyManagerGuid; >>- >>-#endif >>diff --git a/SecurityPkg/Include/Guid/UserProfileManagerHii.h >>b/SecurityPkg/Include/Guid/UserProfileManagerHii.h >>deleted file mode 100644 >>index 105059350c..0000000000 >>--- a/SecurityPkg/Include/Guid/UserProfileManagerHii.h >>+++ /dev/null >>@@ -1,25 +0,0 @@ >>-/** @file >>- GUID used as HII FormSet and HII Package list GUID in >>UserProfileManagerDxe driver. >>- >>-Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR> >>-This program and the accompanying materials >>-are licensed and made available under the terms and conditions of the BSD >>License >>-which accompanies this distribution. The full text of the license may be >>found at >>-http://opensource.org/licenses/bsd-license.php >>- >>-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >>-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>- >>-**/ >>- >>-#ifndef __USER_PROFILE_MANAGER_HII_H__ >>-#define __USER_PROFILE_MANAGER_HII_H__ >>- >>-#define USER_PROFILE_MANAGER_GUID \ >>- { \ >>- 0xc35f272c, 0x97c2, 0x465a, { 0xa2, 0x16, 0x69, 0x6b, 0x66, 0x8a, 0x8c, >0xfe } >>\ >>- } >>- >>-extern EFI_GUID gUserProfileManagerGuid; >>- >>-#endif >>diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec >>index 8d64b4fefe..0c2afe2938 100644 >>--- a/SecurityPkg/SecurityPkg.dec >>+++ b/SecurityPkg/SecurityPkg.dec >>@@ -139,22 +139,10 @@ >> # Include/Guid/Tcg2PhysicalPresenceData.h >> gEfiTcg2PhysicalPresenceGuid = { 0xaeb9c5c1, 0x94f1, 0x4d02, { 0xbf, 0xd9, >>0x46, 0x2, 0xdb, 0x2d, 0x3c, 0x54 }} >> >>- ## GUID used for form browser, password credential and provider >identifier. >>- # Include/Guid/PwdCredentialProviderHii.h >>- gPwdCredentialProviderGuid = { 0x78b9ec8b, 0xc000, 0x46c5, { 0xac, >>0x93, 0x24, 0xa0, 0xc1, 0xbb, 0x0, 0xce }} >>- >>- ## GUID used for form browser, USB credential and provider identifier. >>- # Include/Guid/UsbCredentialProviderHii.h >>- gUsbCredentialProviderGuid = { 0xd0849ed1, 0xa88c, 0x4ba6, { 0xb1, >>0xd6, 0xab, 0x50, 0xe2, 0x80, 0xb7, 0xa9 }} >>- >> ## GUID used for FormSet guid and user profile variable. >> # Include/Guid/UserIdentifyManagerHii.h >> gUserIdentifyManagerGuid = { 0x3ccd3dd8, 0x8d45, 0x4fed, { 0x96, >>0x2d, 0x2b, 0x38, 0xcd, 0x82, 0xb3, 0xc4 }} >> >>- ## GUID used for FormSet. >>- # Include/Guid/UserProfileManagerHii.h >>- gUserProfileManagerGuid = { 0xc35f272c, 0x97c2, 0x465a, { 0xa2, 0x16, >>0x69, 0x6b, 0x66, 0x8a, 0x8c, 0xfe }} >>- >> ## GUID used for FormSet. >> # Include/Guid/TcgConfigHii.h >> gTcgConfigFormSetGuid = { 0xb0f901e4, 0xc424, 0x45de, { 0x90, 0x81, >>0x95, 0xe2, 0xb, 0xde, 0x6f, 0xb5 }} >>diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc >>index 68a2953162..19aaebff1f 100644 >>--- a/SecurityPkg/SecurityPkg.dsc >>+++ b/SecurityPkg/SecurityPkg.dsc >>@@ -146,8 +146,6 @@ >> SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf >> #SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.inf >> >>SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthentica >ti >>onStatusLib.inf >>- >>#SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMan >a >>gerDxe.inf >>- >>#SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManag >e >>rDxe.inf >> >> # >> # TPM >>@@ -200,8 +198,6 @@ >> SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf >> >> [Components.IA32, Components.X64] >>-# >>SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialPr >o >>viderDxe.inf >>-# >>SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialPr >o >>viderDxe.inf >> >>SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi >g >>Dxe.inf >> >> # >>diff --git >>a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredential >P >>rovider.c >>b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentia >l >>Provider.c >>deleted file mode 100644 >>index 52fc68b5ee..0000000000 >>--- >>a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredential >P >>rovider.c >>+++ /dev/null >>@@ -1,1464 +0,0 @@ >>-/** @file >>- Password Credential Provider driver implementation. >>- >>-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >>-(C) Copyright 2018 Hewlett Packard Enterprise Development LP<BR> >>-This program and the accompanying materials >>-are licensed and made available under the terms and conditions of the BSD >>License >>-which accompanies this distribution. The full text of the license may be >>found at >>-http://opensource.org/licenses/bsd-license.php >>- >>-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >>-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>- >>-**/ >>- >>-#include "PwdCredentialProvider.h" >>- >>-CREDENTIAL_TABLE *mPwdTable = NULL; >>-PWD_PROVIDER_CALLBACK_INFO *mCallbackInfo = NULL; >>-PASSWORD_CREDENTIAL_INFO *mPwdInfoHandle = NULL; >>- >>-HII_VENDOR_DEVICE_PATH mHiiVendorDevicePath = { >>- { >>- { >>- HARDWARE_DEVICE_PATH, >>- HW_VENDOR_DP, >>- { >>- (UINT8) (sizeof (VENDOR_DEVICE_PATH)), >>- (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) >>- } >>- }, >>- PWD_CREDENTIAL_PROVIDER_GUID >>- }, >>- { >>- END_DEVICE_PATH_TYPE, >>- END_ENTIRE_DEVICE_PATH_SUBTYPE, >>- { >>- (UINT8) (END_DEVICE_PATH_LENGTH), >>- (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8) >>- } >>- } >>-}; >>- >>-EFI_USER_CREDENTIAL2_PROTOCOL gPwdCredentialProviderDriver = { >>- PWD_CREDENTIAL_PROVIDER_GUID, >>- EFI_USER_CREDENTIAL_CLASS_PASSWORD, >>- CredentialEnroll, >>- CredentialForm, >>- CredentialTile, >>- CredentialTitle, >>- CredentialUser, >>- CredentialSelect, >>- CredentialDeselect, >>- CredentialDefault, >>- CredentialGetInfo, >>- CredentialGetNextInfo, >>- EFI_CREDENTIAL_CAPABILITIES_ENROLL, >>- CredentialDelete >>-}; >>- >>- >>-/** >>- Get string by string id from HII Interface. >>- >>- >>- @param[in] Id String ID to get the string from. >>- >>- @retval CHAR16 * String from ID. >>- @retval NULL If error occurs. >>- >>-**/ >>-CHAR16 * >>-GetStringById ( >>- IN EFI_STRING_ID Id >>- ) >>-{ >>- // >>- // Get the current string for the current Language. >>- // >>- return HiiGetString (mCallbackInfo->HiiHandle, Id, NULL); >>-} >>- >>- >>-/** >>- Expand password table size. >>- >>-**/ >>-VOID >>-ExpandTableSize ( >>- VOID >>- ) >>-{ >>- CREDENTIAL_TABLE *NewTable; >>- UINTN Count; >>- >>- Count = mPwdTable->MaxCount + PASSWORD_TABLE_INC; >>- // >>- // Create new credential table. >>- // >>- NewTable = (CREDENTIAL_TABLE *) AllocateZeroPool ( >>- sizeof (CREDENTIAL_TABLE) + >>- (Count - 1) * sizeof (PASSWORD_INFO) >>- ); >>- ASSERT (NewTable != NULL); >>- >>- NewTable->MaxCount = Count; >>- NewTable->Count = mPwdTable->Count; >>- NewTable->ValidIndex = mPwdTable->ValidIndex; >>- // >>- // Copy old entries >>- // >>- CopyMem ( >>- &NewTable->UserInfo, >>- &mPwdTable->UserInfo, >>- mPwdTable->Count * sizeof (PASSWORD_INFO) >>- ); >>- FreePool (mPwdTable); >>- mPwdTable = NewTable; >>-} >>- >>- >>-/** >>- Add, update or delete info in table, and sync with NV variable. >>- >>- @param[in] Index The index of the password in table. If index is found >in >>- table, update the info, else add the into to table. >>- @param[in] Info The new password info to add into table.If Info is NULL, >>- delete the info by Index. >>- >>- @retval EFI_INVALID_PARAMETER Info is NULL when save the info. >>- @retval EFI_SUCCESS Modify the table successfully. >>- @retval Others Failed to modify the table. >>- >>-**/ >>-EFI_STATUS >>-ModifyTable ( >>- IN UINTN Index, >>- IN PASSWORD_INFO * Info OPTIONAL >>- ) >>-{ >>- EFI_STATUS Status; >>- PASSWORD_INFO *NewPasswordInfo; >>- >>- NewPasswordInfo = NULL; >>- >>- if (Index < mPwdTable->Count) { >>- if (Info == NULL) { >>- // >>- // Delete the specified entry. >>- // >>- mPwdTable->Count--; >>- if (Index != mPwdTable->Count) { >>- NewPasswordInfo = &mPwdTable->UserInfo[mPwdTable->Count]; >>- } >>- } else { >>- // >>- // Update the specified entry. >>- // >>- NewPasswordInfo = Info; >>- } >>- } else { >>- // >>- // Add a new password info. >>- // >>- if (Info == NULL) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- if (mPwdTable->Count >= mPwdTable->MaxCount) { >>- ExpandTableSize (); >>- } >>- >>- NewPasswordInfo = Info; >>- mPwdTable->Count++; >>- } >>- >>- if (NewPasswordInfo != NULL) { >>- CopyMem (&mPwdTable->UserInfo[Index], NewPasswordInfo, sizeof >>(PASSWORD_INFO)); >>- } >>- >>- // >>- // Save the credential table. >>- // >>- Status = gRT->SetVariable ( >>- L"PwdCredential", >>- &gPwdCredentialProviderGuid, >>- EFI_VARIABLE_NON_VOLATILE | >>EFI_VARIABLE_BOOTSERVICE_ACCESS, >>- mPwdTable->Count * sizeof (PASSWORD_INFO), >>- &mPwdTable->UserInfo >>- ); >>- return Status; >>-} >>- >>- >>-/** >>- Create a password table. >>- >>- @retval EFI_SUCCESS Create a password table successfully. >>- @retval Others Failed to create a password. >>- >>-**/ >>-EFI_STATUS >>-InitCredentialTable ( >>- VOID >>- ) >>-{ >>- EFI_STATUS Status; >>- UINT8 *Var; >>- UINTN VarSize; >>- >>- // >>- // Get Password credential data from NV variable. >>- // >>- VarSize = 0; >>- Var = NULL; >>- Status = gRT->GetVariable ( >>- L"PwdCredential", >>- &gPwdCredentialProviderGuid, >>- NULL, >>- &VarSize, >>- Var >>- ); >>- if (Status == EFI_BUFFER_TOO_SMALL) { >>- Var = AllocateZeroPool (VarSize); >>- if (Var == NULL) { >>- return EFI_OUT_OF_RESOURCES; >>- } >>- Status = gRT->GetVariable ( >>- L"PwdCredential", >>- &gPwdCredentialProviderGuid, >>- NULL, >>- &VarSize, >>- Var >>- ); >>- } >>- if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) { >>- return Status; >>- } >>- >>- // >>- // Create the password credential table. >>- // >>- mPwdTable = AllocateZeroPool ( >>- sizeof (CREDENTIAL_TABLE) - sizeof (PASSWORD_INFO) + >>- PASSWORD_TABLE_INC * sizeof (PASSWORD_INFO) + >>- VarSize >>- ); >>- if (mPwdTable == NULL) { >>- FreePool (Var); >>- return EFI_OUT_OF_RESOURCES; >>- } >>- >>- mPwdTable->Count = VarSize / sizeof (PASSWORD_INFO); >>- mPwdTable->MaxCount = mPwdTable->Count + PASSWORD_TABLE_INC; >>- mPwdTable->ValidIndex = 0; >>- if (Var != NULL) { >>- CopyMem (mPwdTable->UserInfo, Var, VarSize); >>- FreePool (Var); >>- } >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- Hash the password to get credential. >>- >>- @param[in] Password Points to the input password. >>- @param[in] PasswordSize The size of password, in bytes. >>- @param[out] Credential Points to the hashed result. >>- >>- @retval TRUE Hash the password successfully. >>- @retval FALSE Failed to hash the password. >>- >>-**/ >>-BOOLEAN >>-GenerateCredential ( >>- IN CHAR16 *Password, >>- IN UINTN PasswordSize, >>- OUT UINT8 *Credential >>- ) >>-{ >>- BOOLEAN Status; >>- UINTN HashSize; >>- VOID *Hash; >>- >>- HashSize = Sha1GetContextSize (); >>- Hash = AllocatePool (HashSize); >>- ASSERT (Hash != NULL); >>- >>- Status = Sha1Init (Hash); >>- if (!Status) { >>- goto Done; >>- } >>- >>- Status = Sha1Update (Hash, Password, PasswordSize); >>- if (!Status) { >>- goto Done; >>- } >>- >>- Status = Sha1Final (Hash, Credential); >>- >>-Done: >>- FreePool (Hash); >>- return Status; >>-} >>- >>- >>-/** >>- Get password from user input. >>- >>- @param[in] FirstPwd If True, prompt to input the first password. >>- If False, prompt to input password again. >>- @param[out] Credential Points to the input password. >>- >>-**/ >>-VOID >>-GetPassword ( >>- IN BOOLEAN FirstPwd, >>- OUT CHAR8 *Credential >>- ) >>-{ >>- EFI_INPUT_KEY Key; >>- CHAR16 PasswordMask[CREDENTIAL_LEN + 1]; >>- CHAR16 Password[CREDENTIAL_LEN]; >>- UINTN PasswordLen; >>- CHAR16 *QuestionStr; >>- CHAR16 *LineStr; >>- >>- PasswordLen = 0; >>- while (TRUE) { >>- PasswordMask[PasswordLen] = L'_'; >>- PasswordMask[PasswordLen + 1] = L'\0'; >>- LineStr = GetStringById (STRING_TOKEN (STR_DRAW_A_LINE)); >>- if (FirstPwd) { >>- QuestionStr = GetStringById (STRING_TOKEN (STR_INPUT_PASSWORD)); >>- } else { >>- QuestionStr = GetStringById (STRING_TOKEN >>(STR_INPUT_PASSWORD_AGAIN)); >>- } >>- CreatePopUp ( >>- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >>- &Key, >>- QuestionStr, >>- LineStr, >>- PasswordMask, >>- NULL >>- ); >>- FreePool (QuestionStr); >>- FreePool (LineStr); >>- >>- // >>- // Check key stroke >>- // >>- if (Key.ScanCode == SCAN_NULL) { >>- if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { >>- break; >>- } else if (Key.UnicodeChar == CHAR_BACKSPACE) { >>- if (PasswordLen > 0) { >>- PasswordLen--; >>- } >>- } else if ((Key.UnicodeChar == CHAR_NULL) || >>- (Key.UnicodeChar == CHAR_TAB) || >>- (Key.UnicodeChar == CHAR_LINEFEED)) { >>- continue; >>- } else { >>- Password[PasswordLen] = Key.UnicodeChar; >>- PasswordMask[PasswordLen] = L'*'; >>- PasswordLen++; >>- if (PasswordLen == CREDENTIAL_LEN) { >>- break; >>- } >>- } >>- } >>- } >>- >>- PasswordLen = PasswordLen * sizeof (CHAR16); >>- GenerateCredential (Password, PasswordLen, (UINT8 *)Credential); >>-} >>- >>-/** >>- Check whether the password can be found on this provider. >>- >>- @param[in] Password The password to be found. >>- >>- @retval EFI_SUCCESS Found password sucessfully. >>- @retval EFI_NOT_FOUND Fail to find the password. >>- >>-**/ >>-EFI_STATUS >>-CheckPassword ( >>- IN CHAR8 *Password >>- ) >>-{ >>- UINTN Index; >>- CHAR8 *Pwd; >>- >>- // >>- // Check password credential. >>- // >>- mPwdTable->ValidIndex = 0; >>- for (Index = 0; Index < mPwdTable->Count; Index++) { >>- Pwd = mPwdTable->UserInfo[Index].Password; >>- if (CompareMem (Pwd, Password, CREDENTIAL_LEN) == 0) { >>- mPwdTable->ValidIndex = Index + 1; >>- return EFI_SUCCESS; >>- } >>- } >>- >>- return EFI_NOT_FOUND; >>-} >>- >>- >>-/** >>- Find a user infomation record by the information record type. >>- >>- This function searches all user information records of User from beginning >>- until either the information is found, or there are no more user infomation >>- records. A match occurs when a Info.InfoType field matches the user >>information >>- record type. >>- >>- @param[in] User Points to the user profile record to search. >>- @param[in] InfoType The infomation type to be searched. >>- @param[out] Info Points to the user info found, the caller is >responsible >>- to free. >>- >>- @retval EFI_SUCCESS Find the user information successfully. >>- @retval Others Fail to find the user information. >>- >>-**/ >>-EFI_STATUS >>-FindUserInfoByType ( >>- IN EFI_USER_PROFILE_HANDLE User, >>- IN UINT8 InfoType, >>- OUT EFI_USER_INFO **Info >>- ) >>-{ >>- EFI_STATUS Status; >>- EFI_USER_INFO *UserInfo; >>- UINTN UserInfoSize; >>- EFI_USER_INFO_HANDLE UserInfoHandle; >>- EFI_USER_MANAGER_PROTOCOL *UserManager; >>- >>- // >>- // Find user information by information type. >>- // >>- if (Info == NULL) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- Status = gBS->LocateProtocol ( >>- &gEfiUserManagerProtocolGuid, >>- NULL, >>- (VOID **) &UserManager >>- ); >>- if (EFI_ERROR (Status)) { >>- return EFI_NOT_FOUND; >>- } >>- >>- // >>- // Get each user information. >>- // >>- >>- UserInfoHandle = NULL; >>- UserInfo = NULL; >>- UserInfoSize = 0; >>- while (TRUE) { >>- Status = UserManager->GetNextInfo (UserManager, User, >>&UserInfoHandle); >>- if (EFI_ERROR (Status)) { >>- break; >>- } >>- // >>- // Get information. >>- // >>- Status = UserManager->GetInfo ( >>- UserManager, >>- User, >>- UserInfoHandle, >>- UserInfo, >>- &UserInfoSize >>- ); >>- if (Status == EFI_BUFFER_TOO_SMALL) { >>- if (UserInfo != NULL) { >>- FreePool (UserInfo); >>- } >>- UserInfo = AllocateZeroPool (UserInfoSize); >>- if (UserInfo == NULL) { >>- return EFI_OUT_OF_RESOURCES; >>- } >>- Status = UserManager->GetInfo ( >>- UserManager, >>- User, >>- UserInfoHandle, >>- UserInfo, >>- &UserInfoSize >>- ); >>- } >>- if (EFI_ERROR (Status)) { >>- break; >>- } >>- >>- ASSERT (UserInfo != NULL); >>- if (UserInfo->InfoType == InfoType) { >>- *Info = UserInfo; >>- return EFI_SUCCESS; >>- } >>- } >>- >>- if (UserInfo != NULL) { >>- FreePool (UserInfo); >>- } >>- return Status; >>-} >>- >>- >>-/** >>- This function processes the results of changes in configuration. >>- >>- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. >>- @param Action Specifies the type of action taken by the browser. >>- @param QuestionId A unique value which is sent to the original >>- exporting driver so that it can identify the type >>- of data to expect. >>- @param Type The type of value for the question. >>- @param Value A pointer to the data being sent to the original >>- exporting driver. >>- @param ActionRequest On return, points to the action requested by >>the >>- callback function. >>- >>- @retval EFI_SUCCESS The callback successfully handled the action. >>- @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold >>the >>- variable and its data. >>- @retval EFI_DEVICE_ERROR The variable could not be saved. >>- @retval EFI_UNSUPPORTED The specified Action is not supported by >the >>- callback. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialDriverCallback ( >>- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, >>- IN EFI_BROWSER_ACTION Action, >>- IN EFI_QUESTION_ID QuestionId, >>- IN UINT8 Type, >>- IN EFI_IFR_TYPE_VALUE *Value, >>- OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest >>- ) >>-{ >>- EFI_STATUS Status; >>- EFI_INPUT_KEY Key; >>- CHAR8 Password[CREDENTIAL_LEN]; >>- CHAR16 *PromptStr; >>- >>- if (Action == EFI_BROWSER_ACTION_CHANGED) { >>- if (QuestionId == KEY_GET_PASSWORD) { >>- // >>- // Get and check password. >>- // >>- GetPassword (TRUE, Password); >>- Status = CheckPassword (Password); >>- if (EFI_ERROR (Status)) { >>- PromptStr = GetStringById (STRING_TOKEN >>(STR_PASSWORD_INCORRECT)); >>- CreatePopUp ( >>- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >>- &Key, >>- L"", >>- PromptStr, >>- L"", >>- NULL >>- ); >>- FreePool (PromptStr); >>- return Status; >>- } >>- *ActionRequest = EFI_BROWSER_ACTION_REQUEST_EXIT; >>- } >>- return EFI_SUCCESS; >>- } >>- >>- // >>- // All other action return unsupported. >>- // >>- return EFI_UNSUPPORTED; >>-} >>- >>- >>-/** >>- This function allows a caller to extract the current configuration for one >>- or more named elements from the target driver. >>- >>- >>- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. >>- @param Request A null-terminated Unicode string in <ConfigRequest> >>format. >>- @param Progress On return, points to a character in the Request string. >>- Points to the string's null terminator if request was successful. >>- Points to the most recent '&' before the first failing name/value >>- pair (or the beginning of the string if the failure is in the >>- first name/value pair) if the request was not successful. >>- @param Results A null-terminated Unicode string in <ConfigAltResp> >>format which >>- has all values filled in for the names in the Request string. >>- String to be allocated by the called function. >>- >>- @retval EFI_SUCCESS The Results is filled with the requested values. >>- @retval EFI_OUT_OF_RESOURCES Not enough memory to store the >>results. >>- @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown >>name. >>- @retval EFI_NOT_FOUND Routing data doesn't match any storage in >>this driver. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-FakeExtractConfig ( >>- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, >>- IN CONST EFI_STRING Request, >>- OUT EFI_STRING *Progress, >>- OUT EFI_STRING *Results >>- ) >>-{ >>- if (Progress == NULL || Results == NULL) { >>- return EFI_INVALID_PARAMETER; >>- } >>- *Progress = Request; >>- return EFI_NOT_FOUND; >>-} >>- >>-/** >>- This function processes the results of changes in configuration. >>- >>- >>- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. >>- @param Configuration A null-terminated Unicode string in <ConfigResp> >>format. >>- @param Progress A pointer to a string filled in with the offset of the >>most >>- recent '&' before the first failing name/value pair (or the >>- beginning of the string if the failure is in the first >>- name/value pair) or the terminating NULL if all was successful. >>- >>- @retval EFI_SUCCESS The Results is processed successfully. >>- @retval EFI_INVALID_PARAMETER Configuration is NULL. >>- @retval EFI_NOT_FOUND Routing data doesn't match any storage in >>this driver. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-FakeRouteConfig ( >>- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, >>- IN CONST EFI_STRING Configuration, >>- OUT EFI_STRING *Progress >>- ) >>-{ >>- if (Configuration == NULL || Progress == NULL) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- *Progress = Configuration; >>- >>- return EFI_NOT_FOUND; >>-} >>- >>-/** >>- This function initialize the data mainly used in form browser. >>- >>- @retval EFI_SUCCESS Initialize form data successfully. >>- @retval Others Fail to Initialize form data. >>- >>-**/ >>-EFI_STATUS >>-InitFormBrowser ( >>- VOID >>- ) >>-{ >>- EFI_STATUS Status; >>- PWD_PROVIDER_CALLBACK_INFO *CallbackInfo; >>- >>- // >>- // Initialize driver private data. >>- // >>- CallbackInfo = AllocateZeroPool (sizeof >(PWD_PROVIDER_CALLBACK_INFO)); >>- if (CallbackInfo == NULL) { >>- return EFI_OUT_OF_RESOURCES; >>- } >>- >>- CallbackInfo->Signature = PWD_PROVIDER_SIGNATURE; >>- CallbackInfo->ConfigAccess.ExtractConfig = FakeExtractConfig; >>- CallbackInfo->ConfigAccess.RouteConfig = FakeRouteConfig; >>- CallbackInfo->ConfigAccess.Callback = CredentialDriverCallback; >>- CallbackInfo->DriverHandle = NULL; >>- >>- // >>- // Install Device Path Protocol and Config Access protocol to driver handle. >>- // >>- Status = gBS->InstallMultipleProtocolInterfaces ( >>- &CallbackInfo->DriverHandle, >>- &gEfiDevicePathProtocolGuid, >>- &mHiiVendorDevicePath, >>- &gEfiHiiConfigAccessProtocolGuid, >>- &CallbackInfo->ConfigAccess, >>- NULL >>- ); >>- ASSERT_EFI_ERROR (Status); >>- >>- // >>- // Publish HII data. >>- // >>- CallbackInfo->HiiHandle = HiiAddPackages ( >>- &gPwdCredentialProviderGuid, >>- CallbackInfo->DriverHandle, >>- PwdCredentialProviderStrings, >>- PwdCredentialProviderVfrBin, >>- NULL >>- ); >>- if (CallbackInfo->HiiHandle == NULL) { >>- return EFI_OUT_OF_RESOURCES; >>- } >>- mCallbackInfo = CallbackInfo; >>- >>- return Status; >>-} >>- >>- >>-/** >>- Enroll a user on a credential provider. >>- >>- This function enrolls a user on this credential provider. If the user exists on >>- this credential provider, update the user information on this credential >>provider; >>- otherwise add the user information on credential provider. >>- >>- @param[in] This Points to this instance of >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[in] User The user profile to enroll. >>- >>- @retval EFI_SUCCESS User profile was successfully enrolled. >>- @retval EFI_ACCESS_DENIED Current user profile does not permit >>enrollment on the >>- user profile handle. Either the user profile cannot enroll >>- on any user profile or cannot enroll on a user profile >>- other than the current user profile. >>- @retval EFI_UNSUPPORTED This credential provider does not support >>enrollment in >>- the pre-OS. >>- @retval EFI_DEVICE_ERROR The new credential could not be created >>because of a device >>- error. >>- @retval EFI_INVALID_PARAMETER User does not refer to a valid user >>profile handle. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialEnroll ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- IN EFI_USER_PROFILE_HANDLE User >>- ) >>-{ >>- EFI_STATUS Status; >>- UINTN Index; >>- PASSWORD_INFO PwdInfo; >>- EFI_USER_INFO *UserInfo; >>- CHAR8 Password[CREDENTIAL_LEN]; >>- EFI_INPUT_KEY Key; >>- UINT8 *UserId; >>- CHAR16 *QuestionStr; >>- CHAR16 *PromptStr; >>- >>- if ((This == NULL) || (User == NULL)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- // >>- // Get User Identifier. >>- // >>- UserInfo = NULL; >>- Status = FindUserInfoByType ( >>- User, >>- EFI_USER_INFO_IDENTIFIER_RECORD, >>- &UserInfo >>- ); >>- if (EFI_ERROR (Status)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- CopyMem (PwdInfo.UserId, (UINT8 *) (UserInfo + 1), sizeof >>(EFI_USER_INFO_IDENTIFIER)); >>- FreePool (UserInfo); >>- >>- // >>- // Get password from user. >>- // >>- while (TRUE) { >>- // >>- // Input password. >>- // >>- GetPassword (TRUE, PwdInfo.Password); >>- >>- // >>- // Input password again. >>- // >>- GetPassword (FALSE, Password); >>- >>- // >>- // Compare the two password consistency. >>- // >>- if (CompareMem (PwdInfo.Password, Password, CREDENTIAL_LEN) == 0) >{ >>- break; >>- } >>- >>- QuestionStr = GetStringById (STRING_TOKEN >>(STR_PASSWORD_MISMATCH)); >>- PromptStr = GetStringById (STRING_TOKEN >>(STR_INPUT_PASSWORD_AGAIN)); >>- CreatePopUp ( >>- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >>- &Key, >>- QuestionStr, >>- L"", >>- PromptStr, >>- NULL >>- ); >>- FreePool (QuestionStr); >>- FreePool (PromptStr); >>- } >>- >>- // >>- // Check whether User is ever enrolled in the provider. >>- // >>- for (Index = 0; Index < mPwdTable->Count; Index++) { >>- UserId = (UINT8 *) &mPwdTable->UserInfo[Index].UserId; >>- if (CompareMem (UserId, (UINT8 *) &PwdInfo.UserId, sizeof >>(EFI_USER_INFO_IDENTIFIER)) == 0) { >>- // >>- // User already exists, update the password. >>- // >>- break; >>- } >>- } >>- >>- // >>- // Enroll the User to the provider. >>- // >>- Status = ModifyTable (Index, &PwdInfo); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- Returns the user interface information used during user identification. >>- >>- This function returns information about the form used when interacting >>with the >>- user during user identification. The form is the first enabled form in the >>form-set >>- class EFI_HII_USER_CREDENTIAL_FORMSET_GUID installed on the HII >>handle HiiHandle. If >>- the user credential provider does not require a form to identify the user, >>then this >>- function should return EFI_NOT_FOUND. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[out] Hii On return, holds the HII database handle. >>- @param[out] FormSetId On return, holds the identifier of the form set >>which contains >>- the form used during user identification. >>- @param[out] FormId On return, holds the identifier of the form used >>during user >>- identification. >>- >>- @retval EFI_SUCCESS Form returned successfully. >>- @retval EFI_NOT_FOUND Form not returned. >>- @retval EFI_INVALID_PARAMETER Hii is NULL or FormSetId is NULL or >>FormId is NULL. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialForm ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- OUT EFI_HII_HANDLE *Hii, >>- OUT EFI_GUID *FormSetId, >>- OUT EFI_FORM_ID *FormId >>- ) >>-{ >>- if ((This == NULL) || (Hii == NULL) || >>- (FormSetId == NULL) || (FormId == NULL)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- *Hii = mCallbackInfo->HiiHandle; >>- *FormId = FORMID_GET_PASSWORD_FORM; >>- CopyGuid (FormSetId, &gPwdCredentialProviderGuid); >>- >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- Returns bitmap used to describe the credential provider type. >>- >>- This optional function returns a bitmap that is less than or equal to the >>number >>- of pixels specified by Width and Height. If no such bitmap exists, then >>EFI_NOT_FOUND >>- is returned. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[in, out] Width On entry, points to the desired bitmap width. If >>NULL then no >>- bitmap information will be returned. On exit, points to the >>- width of the bitmap returned. >>- @param[in, out] Height On entry, points to the desired bitmap height. If >>NULL then no >>- bitmap information will be returned. On exit, points to the >>- height of the bitmap returned >>- @param[out] Hii On return, holds the HII database handle. >>- @param[out] Image On return, holds the HII image identifier. >>- >>- @retval EFI_SUCCESS Image identifier returned successfully. >>- @retval EFI_NOT_FOUND Image identifier not returned. >>- @retval EFI_INVALID_PARAMETER Hii is NULL or Image is NULL. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialTile ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- IN OUT UINTN *Width, >>- IN OUT UINTN *Height, >>- OUT EFI_HII_HANDLE *Hii, >>- OUT EFI_IMAGE_ID *Image >>- ) >>-{ >>- if ((This == NULL) || (Hii == NULL) || (Image == NULL)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- return EFI_NOT_FOUND; >>-} >>- >>- >>-/** >>- Returns string used to describe the credential provider type. >>- >>- This function returns a string which describes the credential provider. If no >>- such string exists, then EFI_NOT_FOUND is returned. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[out] Hii On return, holds the HII database handle. >>- @param[out] String On return, holds the HII string identifier. >>- >>- @retval EFI_SUCCESS String identifier returned successfully. >>- @retval EFI_NOT_FOUND String identifier not returned. >>- @retval EFI_INVALID_PARAMETER Hii is NULL or String is NULL. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialTitle ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- OUT EFI_HII_HANDLE *Hii, >>- OUT EFI_STRING_ID *String >>- ) >>-{ >>- if ((This == NULL) || (Hii == NULL) || (String == NULL)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- // >>- // Set Hii handle and String ID. >>- // >>- *Hii = mCallbackInfo->HiiHandle; >>- *String = STRING_TOKEN (STR_CREDENTIAL_TITLE); >>- >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- Return the user identifier associated with the currently authenticated user. >>- >>- This function returns the user identifier of the user authenticated by this >>credential >>- provider. This function is called after the credential-related information has >>been >>- submitted on a form, OR after a call to Default() has returned that this >>credential is >>- ready to log on. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[in] User The user profile handle of the user profile currently >>being >>- considered by the user identity manager. If NULL, then no >user >>- profile is currently under consideration. >>- @param[out] Identifier On return, points to the user identifier. >>- >>- @retval EFI_SUCCESS User identifier returned successfully. >>- @retval EFI_NOT_READY No user identifier can be returned. >>- @retval EFI_ACCESS_DENIED The user has been locked out of this user >>credential. >>- @retval EFI_INVALID_PARAMETER This is NULL, or Identifier is NULL. >>- @retval EFI_NOT_FOUND User is not NULL, and the specified user >>handle can't be >>- found in user profile database >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialUser ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- IN EFI_USER_PROFILE_HANDLE User, >>- OUT EFI_USER_INFO_IDENTIFIER *Identifier >>- ) >>-{ >>- EFI_STATUS Status; >>- UINTN Index; >>- EFI_USER_INFO *UserInfo; >>- UINT8 *UserId; >>- UINT8 *NewUserId; >>- CHAR8 *Pwd; >>- CHAR8 *NewPwd; >>- >>- if ((This == NULL) || (Identifier == NULL)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- if (mPwdTable->ValidIndex == 0) { >>- // >>- // No password input, or the input password doesn't match >>- // anyone in PwdTable. >>- // >>- return EFI_NOT_READY; >>- } >>- >>- if (User == NULL) { >>- // >>- // Return the user ID whose password matches the input password. >>- // >>- CopyMem ( >>- Identifier, >>- &mPwdTable->UserInfo[mPwdTable->ValidIndex - 1].UserId, >>- sizeof (EFI_USER_INFO_IDENTIFIER) >>- ); >>- return EFI_SUCCESS; >>- } >>- >>- // >>- // Get the User's ID. >>- // >>- Status = FindUserInfoByType ( >>- User, >>- EFI_USER_INFO_IDENTIFIER_RECORD, >>- &UserInfo >>- ); >>- if (EFI_ERROR (Status)) { >>- return EFI_NOT_FOUND; >>- } >>- >>- // >>- // Check whether the input password matches one in PwdTable. >>- // >>- for (Index = 0; Index < mPwdTable->Count; Index++) { >>- UserId = (UINT8 *) &mPwdTable->UserInfo[Index].UserId; >>- NewUserId = (UINT8 *) (UserInfo + 1); >>- if (CompareMem (UserId, NewUserId, sizeof >(EFI_USER_INFO_IDENTIFIER)) >>== 0) { >>- Pwd = mPwdTable->UserInfo[Index].Password; >>- NewPwd = mPwdTable->UserInfo[mPwdTable->ValidIndex - >1].Password; >>- if (CompareMem (Pwd, NewPwd, CREDENTIAL_LEN) == 0) { >>- CopyMem (Identifier, UserId, sizeof (EFI_USER_INFO_IDENTIFIER)); >>- FreePool (UserInfo); >>- return EFI_SUCCESS; >>- } >>- } >>- } >>- >>- FreePool (UserInfo); >>- return EFI_NOT_READY; >>-} >>- >>- >>-/** >>- Indicate that user interface interaction has begun for the specified >>credential. >>- >>- This function is called when a credential provider is selected by the user. If >>- AutoLogon returns FALSE, then the user interface will be constructed by >the >>User >>- Identity Manager. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[out] AutoLogon On return, points to the credential provider's >>capabilities >>- after the credential provider has been selected by the user. >>- >>- @retval EFI_SUCCESS Credential provider successfully selected. >>- @retval EFI_INVALID_PARAMETER AutoLogon is NULL. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialSelect ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon >>- ) >>-{ >>- if ((This == NULL) || (AutoLogon == NULL)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- *AutoLogon = 0; >>- >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- Indicate that user interface interaction has ended for the specified >>credential. >>- >>- This function is called when a credential provider is deselected by the user. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- >>- @retval EFI_SUCCESS Credential provider successfully deselected. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialDeselect ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This >>- ) >>-{ >>- if (This == NULL) { >>- return EFI_INVALID_PARAMETER; >>- } >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- Return the default logon behavior for this user credential. >>- >>- This function reports the default login behavior regarding this credential >>provider. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[out] AutoLogon On return, holds whether the credential >provider >>should be used >>- by default to automatically log on the user. >>- >>- @retval EFI_SUCCESS Default information successfully returned. >>- @retval EFI_INVALID_PARAMETER AutoLogon is NULL. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialDefault ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon >>- ) >>-{ >>- if ((This == NULL) || (AutoLogon == NULL)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- *AutoLogon = 0; >>- >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- Return information attached to the credential provider. >>- >>- This function returns user information. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[in] UserInfo Handle of the user information data record. >>- @param[out] Info On entry, points to a buffer of at least *InfoSize >>bytes. On >>- exit, holds the user information. If the buffer is too small >>- to hold the information, then EFI_BUFFER_TOO_SMALL is >>returned >>- and InfoSize is updated to contain the number of bytes >>actually >>- required. >>- @param[in, out] InfoSize On entry, points to the size of Info. On return, >>points to the >>- size of the user information. >>- >>- @retval EFI_SUCCESS Information returned successfully. >>- @retval EFI_BUFFER_TOO_SMALL The size specified by InfoSize is too >small >>to hold all of the >>- user information. The size required is returned in *InfoSize. >>- @retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL. >>- @retval EFI_NOT_FOUND The specified UserInfo does not refer to a >>valid user info handle. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialGetInfo ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- IN EFI_USER_INFO_HANDLE UserInfo, >>- OUT EFI_USER_INFO *Info, >>- IN OUT UINTN *InfoSize >>- ) >>-{ >>- EFI_USER_INFO *CredentialInfo; >>- UINTN Index; >>- >>- if ((This == NULL) || (InfoSize == NULL) || (Info == NULL)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- if ((UserInfo == NULL) || (mPwdInfoHandle == NULL)) { >>- return EFI_NOT_FOUND; >>- } >>- >>- // >>- // Find information handle in credential info table. >>- // >>- for (Index = 0; Index < mPwdInfoHandle->Count; Index++) { >>- CredentialInfo = mPwdInfoHandle->Info[Index]; >>- if (UserInfo == (EFI_USER_INFO_HANDLE)CredentialInfo) { >>- // >>- // The handle is found, copy the user info. >>- // >>- if (CredentialInfo->InfoSize > *InfoSize) { >>- *InfoSize = CredentialInfo->InfoSize; >>- return EFI_BUFFER_TOO_SMALL; >>- } >>- CopyMem (Info, CredentialInfo, CredentialInfo->InfoSize); >>- return EFI_SUCCESS; >>- } >>- } >>- >>- return EFI_NOT_FOUND; >>-} >>- >>- >>-/** >>- Enumerate all of the user informations on the credential provider. >>- >>- This function returns the next user information record. To retrieve the first >>user >>- information record handle, point UserInfo at a NULL. Each subsequent call >>will retrieve >>- another user information record handle until there are no more, at which >>point UserInfo >>- will point to NULL. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[in, out] UserInfo On entry, points to the previous user >information >>handle or NULL >>- to start enumeration. On exit, points to the next user >>information >>- handle or NULL if there is no more user information. >>- >>- @retval EFI_SUCCESS User information returned. >>- @retval EFI_NOT_FOUND No more user information found. >>- @retval EFI_INVALID_PARAMETER UserInfo is NULL. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialGetNextInfo ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- IN OUT EFI_USER_INFO_HANDLE *UserInfo >>- ) >>-{ >>- EFI_USER_INFO *Info; >>- CHAR16 *ProvNameStr; >>- UINTN InfoLen; >>- UINTN Index; >>- UINTN ProvStrLen; >>- >>- if ((This == NULL) || (UserInfo == NULL)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- if (mPwdInfoHandle == NULL) { >>- // >>- // Initilized user info table. There are 4 user info records in the table. >>- // >>- InfoLen = sizeof (PASSWORD_CREDENTIAL_INFO) + (4 - 1) * sizeof >>(EFI_USER_INFO *); >>- mPwdInfoHandle = AllocateZeroPool (InfoLen); >>- if (mPwdInfoHandle == NULL) { >>- *UserInfo = NULL; >>- return EFI_NOT_FOUND; >>- } >>- >>- // >>- // The first information, Credential Provider info. >>- // >>- InfoLen = sizeof (EFI_USER_INFO) + sizeof (EFI_GUID); >>- Info = AllocateZeroPool (InfoLen); >>- ASSERT (Info != NULL); >>- >>- Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_RECORD; >>- Info->InfoSize = (UINT32) InfoLen; >>- Info->InfoAttribs = EFI_USER_INFO_PROTECTED; >>- CopyGuid (&Info->Credential, &gPwdCredentialProviderGuid); >>- CopyGuid ((EFI_GUID *)(Info + 1), &gPwdCredentialProviderGuid); >>- >>- mPwdInfoHandle->Info[0] = Info; >>- mPwdInfoHandle->Count++; >>- >>- // >>- // The second information, Credential Provider name info. >>- // >>- ProvNameStr = GetStringById (STRING_TOKEN (STR_PROVIDER_NAME)); >>- ProvStrLen = StrSize (ProvNameStr); >>- InfoLen = sizeof (EFI_USER_INFO) + ProvStrLen; >>- Info = AllocateZeroPool (InfoLen); >>- ASSERT (Info != NULL); >>- >>- Info->InfoType = >>EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD; >>- Info->InfoSize = (UINT32) InfoLen; >>- Info->InfoAttribs = EFI_USER_INFO_PROTECTED; >>- CopyGuid (&Info->Credential, &gPwdCredentialProviderGuid); >>- CopyMem ((UINT8*)(Info + 1), ProvNameStr, ProvStrLen); >>- FreePool (ProvNameStr); >>- >>- mPwdInfoHandle->Info[1] = Info; >>- mPwdInfoHandle->Count++; >>- >>- // >>- // The third information, Credential Provider type info. >>- // >>- InfoLen = sizeof (EFI_USER_INFO) + sizeof (EFI_GUID); >>- Info = AllocateZeroPool (InfoLen); >>- ASSERT (Info != NULL); >>- >>- Info->InfoType = EFI_USER_INFO_CREDENTIAL_TYPE_RECORD; >>- Info->InfoSize = (UINT32) InfoLen; >>- Info->InfoAttribs = EFI_USER_INFO_PROTECTED; >>- CopyGuid (&Info->Credential, &gPwdCredentialProviderGuid); >>- CopyGuid ((EFI_GUID *)(Info + 1), >&gEfiUserCredentialClassPasswordGuid); >>- >>- mPwdInfoHandle->Info[2] = Info; >>- mPwdInfoHandle->Count++; >>- >>- // >>- // The fourth information, Credential Provider type name info. >>- // >>- ProvNameStr = GetStringById (STRING_TOKEN >>(STR_PROVIDER_TYPE_NAME)); >>- ProvStrLen = StrSize (ProvNameStr); >>- InfoLen = sizeof (EFI_USER_INFO) + ProvStrLen; >>- Info = AllocateZeroPool (InfoLen); >>- ASSERT (Info != NULL); >>- >>- Info->InfoType = >>EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD; >>- Info->InfoSize = (UINT32) InfoLen; >>- Info->InfoAttribs = EFI_USER_INFO_PROTECTED; >>- CopyGuid (&Info->Credential, &gPwdCredentialProviderGuid); >>- CopyMem ((UINT8*)(Info + 1), ProvNameStr, ProvStrLen); >>- FreePool (ProvNameStr); >>- >>- mPwdInfoHandle->Info[3] = Info; >>- mPwdInfoHandle->Count++; >>- } >>- >>- if (*UserInfo == NULL) { >>- // >>- // Return the first info handle. >>- // >>- *UserInfo = (EFI_USER_INFO_HANDLE) mPwdInfoHandle->Info[0]; >>- return EFI_SUCCESS; >>- } >>- >>- // >>- // Find information handle in credential info table. >>- // >>- for (Index = 0; Index < mPwdInfoHandle->Count; Index++) { >>- Info = mPwdInfoHandle->Info[Index]; >>- if (*UserInfo == (EFI_USER_INFO_HANDLE)Info) { >>- // >>- // The handle is found, get the next one. >>- // >>- if (Index == mPwdInfoHandle->Count - 1) { >>- // >>- // Already last one. >>- // >>- *UserInfo = NULL; >>- return EFI_NOT_FOUND; >>- } >>- >>- Index++; >>- *UserInfo = (EFI_USER_INFO_HANDLE)mPwdInfoHandle->Info[Index]; >>- return EFI_SUCCESS; >>- } >>- } >>- >>- *UserInfo = NULL; >>- return EFI_NOT_FOUND; >>-} >>- >>-/** >>- Delete a user on this credential provider. >>- >>- This function deletes a user on this credential provider. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[in] User The user profile handle to delete. >>- >>- @retval EFI_SUCCESS User profile was successfully deleted. >>- @retval EFI_ACCESS_DENIED Current user profile does not permit >>deletion on the user profile handle. >>- Either the user profile cannot delete on any user profile or >>cannot delete >>- on a user profile other than the current user profile. >>- @retval EFI_UNSUPPORTED This credential provider does not support >>deletion in the pre-OS. >>- @retval EFI_DEVICE_ERROR The new credential could not be deleted >>because of a device error. >>- @retval EFI_INVALID_PARAMETER User does not refer to a valid user >>profile handle. >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialDelete ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- IN EFI_USER_PROFILE_HANDLE User >>- ) >>-{ >>- EFI_STATUS Status; >>- EFI_USER_INFO *UserInfo; >>- UINT8 *UserId; >>- UINT8 *NewUserId; >>- UINTN Index; >>- >>- if ((This == NULL) || (User == NULL)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- // >>- // Get User Identifier. >>- // >>- UserInfo = NULL; >>- Status = FindUserInfoByType ( >>- User, >>- EFI_USER_INFO_IDENTIFIER_RECORD, >>- &UserInfo >>- ); >>- if (EFI_ERROR (Status)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- // >>- // Find the user by user identifier in mPwdTable. >>- // >>- for (Index = 0; Index < mPwdTable->Count; Index++) { >>- UserId = (UINT8 *) &mPwdTable->UserInfo[Index].UserId; >>- NewUserId = (UINT8 *) (UserInfo + 1); >>- if (CompareMem (UserId, NewUserId, sizeof >(EFI_USER_INFO_IDENTIFIER)) >>== 0) { >>- // >>- // Found the user, delete it. >>- // >>- ModifyTable (Index, NULL); >>- break; >>- } >>- } >>- >>- FreePool (UserInfo); >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- Main entry for this driver. >>- >>- @param ImageHandle Image handle this driver. >>- @param SystemTable Pointer to SystemTable. >>- >>- @retval EFI_SUCESS This function always complete successfully. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-PasswordProviderInit ( >>- IN EFI_HANDLE ImageHandle, >>- IN EFI_SYSTEM_TABLE *SystemTable >>- ) >>-{ >>- EFI_STATUS Status; >>- >>- // >>- // It is NOT robust enough to be included in production. >>- // >>- #error "This implementation is just a sample, please comment this line if >you >>really want to use this driver." >>- >>- // >>- // Init credential table. >>- // >>- Status = InitCredentialTable (); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- >>- // >>- // Init Form Browser. >>- // >>- Status = InitFormBrowser (); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- >>- // >>- // Install protocol interfaces for the password credential provider. >>- // >>- Status = gBS->InstallProtocolInterface ( >>- &mCallbackInfo->DriverHandle, >>- &gEfiUserCredential2ProtocolGuid, >>- EFI_NATIVE_INTERFACE, >>- &gPwdCredentialProviderDriver >>- ); >>- return Status; >>-} >>diff --git >>a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredential >P >>rovider.h >>b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentia >l >>Provider.h >>deleted file mode 100644 >>index fd782549fd..0000000000 >>--- >>a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredential >P >>rovider.h >>+++ /dev/null >>@@ -1,374 +0,0 @@ >>-/** @file >>- Password Credential Provider driver header file. >>- >>-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >>-This program and the accompanying materials >>-are licensed and made available under the terms and conditions of the BSD >>License >>-which accompanies this distribution. The full text of the license may be >>found at >>-http://opensource.org/licenses/bsd-license.php >>- >>-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >>-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>- >>-**/ >>- >>-#ifndef _PASSWORD_CREDENTIAL_PROVIDER_H_ >>-#define _PASSWORD_CREDENTIAL_PROVIDER_H_ >>- >>-#include <Uefi.h> >>- >>-#include <Guid/GlobalVariable.h> >>- >>-#include <Protocol/HiiConfigAccess.h> >>-#include <Protocol/UserCredential2.h> >>-#include <Protocol/UserManager.h> >>- >>-#include <Library/UefiRuntimeServicesTableLib.h> >>-#include <Library/UefiBootServicesTableLib.h> >>-#include <Library/MemoryAllocationLib.h> >>-#include <Library/BaseMemoryLib.h> >>-#include <Library/DevicePathLib.h> >>-#include <Library/DebugLib.h> >>-#include <Library/UefiLib.h> >>-#include <Library/PrintLib.h> >>-#include <Library/HiiLib.h> >>-#include <Library/BaseCryptLib.h> >>- >>-#include "PwdCredentialProviderData.h" >>- >>-extern UINT8 PwdCredentialProviderStrings[]; >>-extern UINT8 PwdCredentialProviderVfrBin[]; >>- >>-#define PASSWORD_TABLE_INC 16 >>-#define CREDENTIAL_LEN 20 >>- >>-// >>-// Password credential information. >>-// >>-typedef struct { >>- EFI_USER_INFO_IDENTIFIER UserId; >>- CHAR8 Password[CREDENTIAL_LEN]; >>-} PASSWORD_INFO; >>- >>-// >>-// Password credential table. >>-// >>-typedef struct { >>- UINTN Count; >>- UINTN MaxCount; >>- UINTN ValidIndex; >>- PASSWORD_INFO UserInfo[1]; >>-} CREDENTIAL_TABLE; >>- >>-// >>-// The user information on the password provider. >>-// >>-typedef struct { >>- UINTN Count; >>- EFI_USER_INFO *Info[1]; >>-} PASSWORD_CREDENTIAL_INFO; >>- >>-/// >>-/// HII specific Vendor Device Path definition. >>-/// >>-typedef struct { >>- VENDOR_DEVICE_PATH VendorDevicePath; >>- EFI_DEVICE_PATH_PROTOCOL End; >>-} HII_VENDOR_DEVICE_PATH; >>- >>-#define PWD_PROVIDER_SIGNATURE SIGNATURE_32 ('P', 'W', 'D', 'P') >>- >>-typedef struct { >>- UINTN Signature; >>- EFI_HANDLE DriverHandle; >>- EFI_HII_HANDLE HiiHandle; >>- // >>- // Produced protocol. >>- // >>- EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess; >>-} PWD_PROVIDER_CALLBACK_INFO; >>- >>- >>-/** >>- Enroll a user on a credential provider. >>- >>- This function enrolls a user on this credential provider. If the user exists on >>- this credential provider, update the user information on this credential >>provider; >>- otherwise delete the user information on credential provider. >>- >>- @param[in] This Points to this instance of >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[in] User The user profile to enroll. >>- >>- @retval EFI_SUCCESS User profile was successfully enrolled. >>- @retval EFI_ACCESS_DENIED Current user profile does not permit >>enrollment on the >>- user profile handle. Either the user profile cannot enroll >>- on any user profile or cannot enroll on a user profile >>- other than the current user profile. >>- @retval EFI_UNSUPPORTED This credential provider does not support >>enrollment in >>- the pre-OS. >>- @retval EFI_DEVICE_ERROR The new credential could not be created >>because of a device >>- error. >>- @retval EFI_INVALID_PARAMETER User does not refer to a valid user >>profile handle. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialEnroll ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- IN EFI_USER_PROFILE_HANDLE User >>- ); >>- >>-/** >>- Returns the user interface information used during user identification. >>- >>- This function returns information about the form used when interacting >>with the >>- user during user identification. The form is the first enabled form in the >>form-set >>- class EFI_HII_USER_CREDENTIAL_FORMSET_GUID installed on the HII >>handle HiiHandle. If >>- the user credential provider does not require a form to identify the user, >>then this >>- function should return EFI_NOT_FOUND. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[out] Hii On return, holds the HII database handle. >>- @param[out] FormSetId On return, holds the identifier of the form set >>which contains >>- the form used during user identification. >>- @param[out] FormId On return, holds the identifier of the form used >>during user >>- identification. >>- >>- @retval EFI_SUCCESS Form returned successfully. >>- @retval EFI_NOT_FOUND Form not returned. >>- @retval EFI_INVALID_PARAMETER Hii is NULL or FormSetId is NULL or >>FormId is NULL. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialForm ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- OUT EFI_HII_HANDLE *Hii, >>- OUT EFI_GUID *FormSetId, >>- OUT EFI_FORM_ID *FormId >>- ); >>- >>-/** >>- Returns bitmap used to describe the credential provider type. >>- >>- This optional function returns a bitmap which is less than or equal to the >>number >>- of pixels specified by Width and Height. If no such bitmap exists, then >>EFI_NOT_FOUND >>- is returned. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[in, out] Width On entry, points to the desired bitmap width. If >>NULL then no >>- bitmap information will be returned. On exit, points to the >>- width of the bitmap returned. >>- @param[in, out] Height On entry, points to the desired bitmap height. If >>NULL then no >>- bitmap information will be returned. On exit, points to the >>- height of the bitmap returned >>- @param[out] Hii On return, holds the HII database handle. >>- @param[out] Image On return, holds the HII image identifier. >>- >>- @retval EFI_SUCCESS Image identifier returned successfully. >>- @retval EFI_NOT_FOUND Image identifier not returned. >>- @retval EFI_INVALID_PARAMETER Hii is NULL or Image is NULL. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialTile ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- IN OUT UINTN *Width, >>- IN OUT UINTN *Height, >>- OUT EFI_HII_HANDLE *Hii, >>- OUT EFI_IMAGE_ID *Image >>- ); >>- >>-/** >>- Returns string used to describe the credential provider type. >>- >>- This function returns a string which describes the credential provider. If no >>- such string exists, then EFI_NOT_FOUND is returned. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[out] Hii On return, holds the HII database handle. >>- @param[out] String On return, holds the HII string identifier. >>- >>- @retval EFI_SUCCESS String identifier returned successfully. >>- @retval EFI_NOT_FOUND String identifier not returned. >>- @retval EFI_INVALID_PARAMETER Hii is NULL or String is NULL. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialTitle ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- OUT EFI_HII_HANDLE *Hii, >>- OUT EFI_STRING_ID *String >>- ); >>- >>-/** >>- Return the user identifier associated with the currently authenticated user. >>- >>- This function returns the user identifier of the user authenticated by this >>credential >>- provider. This function is called after the credential-related information has >>been >>- submitted on a form OR after a call to Default() has returned that this >>credential is >>- ready to log on. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[in] User The user profile handle of the user profile currently >>being >>- considered by the user identity manager. If NULL, then no >user >>- profile is currently under consideration. >>- @param[out] Identifier On return, points to the user identifier. >>- >>- @retval EFI_SUCCESS User identifier returned successfully. >>- @retval EFI_NOT_READY No user identifier can be returned. >>- @retval EFI_ACCESS_DENIED The user has been locked out of this user >>credential. >>- @retval EFI_INVALID_PARAMETER This is NULL, or Identifier is NULL. >>- @retval EFI_NOT_FOUND User is not NULL, and the specified user >>handle can't be >>- found in user profile database >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialUser ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- IN EFI_USER_PROFILE_HANDLE User, >>- OUT EFI_USER_INFO_IDENTIFIER *Identifier >>- ); >>- >>-/** >>- Indicate that user interface interaction has begun for the specified >>credential. >>- >>- This function is called when a credential provider is selected by the user. If >>- AutoLogon returns FALSE, then the user interface will be constructed by >the >>User >>- Identity Manager. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[out] AutoLogon On return, points to the credential provider's >>capabilities >>- after the credential provider has been selected by the user. >>- >>- @retval EFI_SUCCESS Credential provider successfully selected. >>- @retval EFI_INVALID_PARAMETER AutoLogon is NULL. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialSelect ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon >>- ); >>- >>-/** >>- Indicate that user interface interaction has ended for the specified >>credential. >>- >>- This function is called when a credential provider is deselected by the user. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- >>- @retval EFI_SUCCESS Credential provider successfully deselected. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialDeselect ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This >>- ); >>- >>-/** >>- Return the default logon behavior for this user credential. >>- >>- This function reports the default login behavior regarding this credential >>provider. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[out] AutoLogon On return, holds whether the credential >provider >>should be used >>- by default to automatically log on the user. >>- >>- @retval EFI_SUCCESS Default information successfully returned. >>- @retval EFI_INVALID_PARAMETER AutoLogon is NULL. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialDefault ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon >>- ); >>- >>-/** >>- Return information attached to the credential provider. >>- >>- This function returns user information. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[in] UserInfo Handle of the user information data record. >>- @param[out] Info On entry, points to a buffer of at least *InfoSize >>bytes. On >>- exit, holds the user information. If the buffer is too small >>- to hold the information, then EFI_BUFFER_TOO_SMALL is >>returned >>- and InfoSize is updated to contain the number of bytes >>actually >>- required. >>- @param[in, out] InfoSize On entry, points to the size of Info. On return, >>points to the >>- size of the user information. >>- >>- @retval EFI_SUCCESS Information returned successfully. >>- @retval EFI_BUFFER_TOO_SMALL The size specified by InfoSize is too >small >>to hold all of the >>- user information. The size required is returned in *InfoSize. >>- @retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL. >>- @retval EFI_NOT_FOUND The specified UserInfo does not refer to a >>valid user info handle. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialGetInfo ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- IN EFI_USER_INFO_HANDLE UserInfo, >>- OUT EFI_USER_INFO *Info, >>- IN OUT UINTN *InfoSize >>- ); >>- >>- >>-/** >>- Enumerate all of the user informations on the credential provider. >>- >>- This function returns the next user information record. To retrieve the first >>user >>- information record handle, point UserInfo at a NULL. Each subsequent call >>will retrieve >>- another user information record handle until there are no more, at which >>point UserInfo >>- will point to NULL. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[in, out] UserInfo On entry, points to the previous user >information >>handle or NULL >>- to start enumeration. On exit, points to the next user >>information >>- handle or NULL if there is no more user information. >>- >>- @retval EFI_SUCCESS User information returned. >>- @retval EFI_NOT_FOUND No more user information found. >>- @retval EFI_INVALID_PARAMETER UserInfo is NULL. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialGetNextInfo ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- IN OUT EFI_USER_INFO_HANDLE *UserInfo >>- ); >>- >>-/** >>- Delete a user on this credential provider. >>- >>- This function deletes a user on this credential provider. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[in] User The user profile handle to delete. >>- >>- @retval EFI_SUCCESS User profile was successfully deleted. >>- @retval EFI_ACCESS_DENIED Current user profile does not permit >>deletion on the user profile handle. >>- Either the user profile cannot delete on any user profile or >>cannot delete >>- on a user profile other than the current user profile. >>- @retval EFI_UNSUPPORTED This credential provider does not support >>deletion in the pre-OS. >>- @retval EFI_DEVICE_ERROR The new credential could not be deleted >>because of a device error. >>- @retval EFI_INVALID_PARAMETER User does not refer to a valid user >>profile handle. >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialDelete ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- IN EFI_USER_PROFILE_HANDLE User >>- ); >>- >>-#endif >>diff --git >>a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredential >P >>rovider.uni >>b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentia >l >>Provider.uni >>deleted file mode 100644 >>index 749e9a8f17..0000000000 >>--- >>a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredential >P >>rovider.uni >>+++ /dev/null >>@@ -1,21 +0,0 @@ >>-// /** @file >>-// Provides a password credential provider implementation >>-// >>-// This module provides a password credential provider implementation. >>-// >>-// Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR> >>-// >>-// This program and the accompanying materials >>-// are licensed and made available under the terms and conditions of the >BSD >>License >>-// which accompanies this distribution. The full text of the license may be >>found at >>-// http://opensource.org/licenses/bsd-license.php >>-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >>BASIS, >>-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>-// >>-// **/ >>- >>- >>-#string STR_MODULE_ABSTRACT #language en-US "Provides a >>password credential provider implementation" >>- >>-#string STR_MODULE_DESCRIPTION #language en-US "This module >>provides a password credential provider implementation." >>- >>diff --git >>a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredential >P >>roviderData.h >>b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentia >l >>ProviderData.h >>deleted file mode 100644 >>index 31bdfe4c50..0000000000 >>--- >>a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredential >P >>roviderData.h >>+++ /dev/null >>@@ -1,30 +0,0 @@ >>-/** @file >>- Data structure used by the Password Credential Provider driver. >>- >>-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >>-This program and the accompanying materials >>-are licensed and made available under the terms and conditions of the BSD >>License >>-which accompanies this distribution. The full text of the license may be >>found at >>-http://opensource.org/licenses/bsd-license.php >>- >>-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >>-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>- >>-**/ >>- >>-#ifndef _PWD_CREDENTIAL_PROVIDER_DATA_H_ >>-#define _PWD_CREDENTIAL_PROVIDER_DATA_H_ >>- >>-#include <Guid/PwdCredentialProviderHii.h> >>- >>-// >>-// Forms definition >>-// >>-#define FORMID_GET_PASSWORD_FORM 1 >>- >>-// >>-// Key defination >>-// >>-#define KEY_GET_PASSWORD 0x1000 >>- >>-#endif >>diff --git >>a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredential >P >>roviderDxe.inf >>b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentia >l >>ProviderDxe.inf >>deleted file mode 100644 >>index ab7ba2c913..0000000000 >>--- >>a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredential >P >>roviderDxe.inf >>+++ /dev/null >>@@ -1,65 +0,0 @@ >>-## @file >>-# Provides a password credential provider implementation >>-# This module provides a password credential provider implementation. >>-# >>-# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >>-# This program and the accompanying materials >>-# are licensed and made available under the terms and conditions of the >BSD >>License >>-# which accompanies this distribution. The full text of the license may be >>found at >>-# http://opensource.org/licenses/bsd-license.php >>-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >>BASIS, >>-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>-# >>-## >>- >>-[Defines] >>- INF_VERSION = 0x00010005 >>- BASE_NAME = PwdCredentialProvider >>- MODULE_UNI_FILE = PwdCredentialProvider.uni >>- FILE_GUID = D6C589EA-DD29-49ef-97F6-1A9FE19A04E0 >>- MODULE_TYPE = UEFI_DRIVER >>- VERSION_STRING = 1.0 >>- ENTRY_POINT = PasswordProviderInit >>- >>-[Sources] >>- PwdCredentialProvider.c >>- PwdCredentialProvider.h >>- PwdCredentialProviderData.h >>- PwdCredentialProviderVfr.Vfr >>- PwdCredentialProviderStrings.uni >>- >>-[Packages] >>- MdePkg/MdePkg.dec >>- MdeModulePkg/MdeModulePkg.dec >>- CryptoPkg/CryptoPkg.dec >>- SecurityPkg/SecurityPkg.dec >>- >>-[LibraryClasses] >>- UefiRuntimeServicesTableLib >>- UefiBootServicesTableLib >>- UefiDriverEntryPoint >>- MemoryAllocationLib >>- BaseMemoryLib >>- DebugLib >>- HiiLib >>- UefiLib >>- BaseCryptLib >>- >>-[Guids] >>- gEfiUserCredentialClassPasswordGuid ## SOMETIMES_CONSUMES >>## GUID >>- >>- ## PRODUCES ## Variable:L"PwdCredential" >>- ## CONSUMES ## Variable:L"PwdCredential" >>- ## CONSUMES ## HII >>- ## SOMETIMES_CONSUMES ## GUID # The credential provider >>identifier >>- gPwdCredentialProviderGuid >>- >>-[Protocols] >>- gEfiDevicePathProtocolGuid ## PRODUCES >>- gEfiHiiConfigAccessProtocolGuid ## PRODUCES >>- gEfiUserCredential2ProtocolGuid ## PRODUCES >>- gEfiUserManagerProtocolGuid ## SOMETIMES_CONSUMES >>- >>-[UserExtensions.TianoCore."ExtraFiles"] >>- PwdCredentialProviderExtra.uni >>- >>diff --git >>a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredential >P >>roviderExtra.uni >>b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentia >l >>ProviderExtra.uni >>deleted file mode 100644 >>index bcc220a51d..0000000000 >>--- >>a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredential >P >>roviderExtra.uni >>+++ /dev/null >>@@ -1,19 +0,0 @@ >>-// /** @file >>-// PwdCredentialProvider Localized Strings and Content >>-// >>-// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> >>-// >>-// This program and the accompanying materials >>-// are licensed and made available under the terms and conditions of the >BSD >>License >>-// which accompanies this distribution. The full text of the license may be >>found at >>-// http://opensource.org/licenses/bsd-license.php >>-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >>BASIS, >>-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>-// >>-// **/ >>- >>-#string STR_PROPERTIES_MODULE_NAME >>-#language en-US >>-"Password Credential Provider" >>- >>- >>diff --git >>a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredential >P >>roviderStrings.uni >>b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentia >l >>ProviderStrings.uni >>deleted file mode 100644 >>index e7b3126f83..0000000000 >>--- >>a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredential >P >>roviderStrings.uni >>+++ /dev/null >>@@ -1,38 +0,0 @@ >>-/** @file >>- String definitions for the Password Credential Provider. >>- >>-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >>-This program and the accompanying materials >>-are licensed and made available under the terms and conditions of the BSD >>License >>-which accompanies this distribution. The full text of the license may be >>found at >>-http://opensource.org/licenses/bsd-license.php. >>- >>-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >>-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>- >>-**/ >>- >>-#langdef en-US "English" >>-#langdef fr-FR "Francais" >>- >>-#string STR_CREDENTIAL_TITLE #language en-US "Password >>Credential Provider" >>- #language fr-FR "Password Credential Provider >>(French)" >>-#string STR_FORM_TITLE #language en-US "Get Password" >>- #language fr-FR "Get Password(French)" >>-#string STR_NULL_STRING #language en-US "" >>- #language fr-FR "" >>-#string STR_INPUT_PASSWORD #language en-US "Please Input >>Password" >>- #language fr-FR "Please Input Password(French)" >>-#string STR_PROVIDER_NAME #language en-US "INTEL >>Password Credential Provider" >>- #language fr-FR "INTEL Password Credential >>Provider(French)" >>-#string STR_PROVIDER_TYPE_NAME #language en-US "Password >>Credential Provider" >>- #language fr-FR "Password Credential >>Provider(French)" >>-#string STR_INPUT_PASSWORD_AGAIN #language en-US "Input >>Password Again" >>- #language fr-FR "Input Password Again (French)" >>-#string STR_DRAW_A_LINE #language en-US "-------------------- >- >>--------" >>- #language fr-FR "------------------------------------" >>-#string STR_PASSWORD_INCORRECT #language en-US " >Incorrect >>Password! " >>- #language fr-FR " Incorrect Password! (French) >" >>-#string STR_PASSWORD_MISMATCH #language en-US " The >>Password Mismatch! " >>- #language fr-FR " The Password Mismatch! >(French) >>" >>- >>diff --git >>a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredential >P >>roviderVfr.Vfr >>b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentia >l >>ProviderVfr.Vfr >>deleted file mode 100644 >>index 60972203b0..0000000000 >>--- >>a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredential >P >>roviderVfr.Vfr >>+++ /dev/null >>@@ -1,34 +0,0 @@ >>-/** @file >>- Password Credential Provider formset. >>- >>-Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR> >>-This program and the accompanying materials >>-are licensed and made available under the terms and conditions of the BSD >>License >>-which accompanies this distribution. The full text of the license may be >>found at >>-http://opensource.org/licenses/bsd-license.php >>- >>-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >>-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>- >>-**/ >>- >>-#include "PwdCredentialProviderData.h" >>- >>-formset >>- guid = PWD_CREDENTIAL_PROVIDER_GUID, >>- title = STRING_TOKEN(STR_CREDENTIAL_TITLE), >>- help = STRING_TOKEN(STR_NULL_STRING), >>- classguid = PWD_CREDENTIAL_PROVIDER_GUID, >>- >>- form formid = FORMID_GET_PASSWORD_FORM, >>- title = STRING_TOKEN(STR_FORM_TITLE); >>- >>- text >>- help = STRING_TOKEN(STR_NULL_STRING), >>- text = STRING_TOKEN(STR_INPUT_PASSWORD), >>- flags = INTERACTIVE, >>- key = KEY_GET_PASSWORD; >>- >>- endform; >>- >>-endformset; >>\ No newline at end of file >>diff --git >>a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredential >Pr >>ovider.c >>b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredential >Pr >>ovider.c >>deleted file mode 100644 >>index 841e975103..0000000000 >>--- >>a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredential >Pr >>ovider.c >>+++ /dev/null >>@@ -1,1410 +0,0 @@ >>-/** @file >>- Usb Credential Provider driver implemenetation. >>- >>-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >>-This program and the accompanying materials >>-are licensed and made available under the terms and conditions of the BSD >>License >>-which accompanies this distribution. The full text of the license may be >>found at >>-http://opensource.org/licenses/bsd-license.php >>- >>-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >>-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>- >>-**/ >>- >>-#include "UsbCredentialProvider.h" >>- >>-CREDENTIAL_TABLE *mUsbTable = NULL; >>-USB_PROVIDER_CALLBACK_INFO *mCallbackInfo = NULL; >>-USB_CREDENTIAL_INFO *mUsbInfoHandle = NULL; >>- >>-EFI_USER_CREDENTIAL2_PROTOCOL gUsbCredentialProviderDriver = { >>- USB_CREDENTIAL_PROVIDER_GUID, >>- EFI_USER_CREDENTIAL_CLASS_SECURE_CARD, >>- CredentialEnroll, >>- CredentialForm, >>- CredentialTile, >>- CredentialTitle, >>- CredentialUser, >>- CredentialSelect, >>- CredentialDeselect, >>- CredentialDefault, >>- CredentialGetInfo, >>- CredentialGetNextInfo, >>- EFI_CREDENTIAL_CAPABILITIES_ENROLL, >>- CredentialDelete >>-}; >>- >>- >>-/** >>- Get string by string id from HII Interface. >>- >>- >>- @param[in] Id String ID to get the string from. >>- >>- @retval CHAR16 * String from ID. >>- @retval NULL If error occurs. >>- >>-**/ >>-CHAR16 * >>-GetStringById ( >>- IN EFI_STRING_ID Id >>- ) >>-{ >>- // >>- // Get the current string for the current Language >>- // >>- return HiiGetString (mCallbackInfo->HiiHandle, Id, NULL); >>-} >>- >>- >>-/** >>- Expand password table size. >>- >>-**/ >>-VOID >>-ExpandTableSize ( >>- VOID >>- ) >>-{ >>- CREDENTIAL_TABLE *NewTable; >>- UINTN Count; >>- >>- Count = mUsbTable->MaxCount + USB_TABLE_INC; >>- // >>- // Create new credential table. >>- // >>- NewTable = AllocateZeroPool ( >>- sizeof (CREDENTIAL_TABLE) - sizeof (USB_INFO) + >>- Count * sizeof (USB_INFO) >>- ); >>- ASSERT (NewTable != NULL); >>- >>- NewTable->MaxCount = Count; >>- NewTable->Count = mUsbTable->Count; >>- >>- // >>- // Copy old entries. >>- // >>- CopyMem ( >>- &NewTable->UserInfo, >>- &mUsbTable->UserInfo, >>- mUsbTable->Count * sizeof (USB_INFO) >>- ); >>- FreePool (mUsbTable); >>- mUsbTable = NewTable; >>-} >>- >>- >>-/** >>- Add, update or delete info in table, and sync with NV variable. >>- >>- @param[in] Index The index of the password in table. If index is found >in >>- table, update the info, else add the into to table. >>- @param[in] Info The new credential info to add into table. If Info is >NULL, >>- delete the info by Index. >>- >>- @retval EFI_INVALID_PARAMETER Info is NULL when save the info. >>- @retval EFI_SUCCESS Modify the table successfully. >>- @retval Others Failed to modify the table. >>- >>-**/ >>-EFI_STATUS >>-ModifyTable ( >>- IN UINTN Index, >>- IN USB_INFO * Info OPTIONAL >>- ) >>-{ >>- EFI_STATUS Status; >>- USB_INFO *NewUsbInfo; >>- >>- NewUsbInfo = NULL; >>- if (Index < mUsbTable->Count) { >>- if (Info == NULL) { >>- // >>- // Delete the specified entry. >>- // >>- mUsbTable->Count--; >>- if (Index != mUsbTable->Count) { >>- NewUsbInfo = &mUsbTable->UserInfo[mUsbTable->Count]; >>- } >>- } else { >>- // >>- // Update the specified entry. >>- // >>- NewUsbInfo = Info; >>- } >>- } else { >>- // >>- // Add a new entry >>- // >>- if (Info == NULL) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- if (mUsbTable->Count >= mUsbTable->MaxCount) { >>- ExpandTableSize (); >>- } >>- >>- NewUsbInfo = Info; >>- mUsbTable->Count++; >>- } >>- >>- if (NewUsbInfo != NULL) { >>- CopyMem (&mUsbTable->UserInfo[Index], NewUsbInfo, sizeof >>(USB_INFO)); >>- } >>- >>- // >>- // Save the credential table. >>- // >>- Status = gRT->SetVariable ( >>- L"UsbCredential", >>- &gUsbCredentialProviderGuid, >>- EFI_VARIABLE_NON_VOLATILE | >>EFI_VARIABLE_BOOTSERVICE_ACCESS, >>- mUsbTable->Count * sizeof (USB_INFO), >>- &mUsbTable->UserInfo >>- ); >>- return Status; >>-} >>- >>- >>-/** >>- Create a credential table >>- >>- @retval EFI_SUCCESS Create a credential table successfully. >>- @retval Others Failed to create a password. >>- >>-**/ >>-EFI_STATUS >>-InitCredentialTable ( >>- VOID >>- ) >>-{ >>- EFI_STATUS Status; >>- UINT8 *Var; >>- UINTN VarSize; >>- >>- // >>- // Get Usb credential data from NV variable. >>- // >>- VarSize = 0; >>- Var = NULL; >>- Status = gRT->GetVariable ( >>- L"UsbCredential", >>- &gUsbCredentialProviderGuid, >>- NULL, >>- &VarSize, >>- Var >>- ); >>- if (Status == EFI_BUFFER_TOO_SMALL) { >>- Var = AllocateZeroPool (VarSize); >>- if (Var == NULL) { >>- return EFI_OUT_OF_RESOURCES; >>- } >>- Status = gRT->GetVariable ( >>- L"UsbCredential", >>- &gUsbCredentialProviderGuid, >>- NULL, >>- &VarSize, >>- Var >>- ); >>- } >>- if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) { >>- return Status; >>- } >>- >>- // >>- // Init Usb credential table. >>- // >>- mUsbTable = AllocateZeroPool ( >>- sizeof (CREDENTIAL_TABLE) - sizeof (USB_INFO) + >>- USB_TABLE_INC * sizeof (USB_INFO) + >>- VarSize >>- ); >>- if (mUsbTable == NULL) { >>- FreePool (Var); >>- return EFI_OUT_OF_RESOURCES; >>- } >>- >>- mUsbTable->Count = VarSize / sizeof (USB_INFO); >>- mUsbTable->MaxCount = mUsbTable->Count + USB_TABLE_INC; >>- if (Var != NULL) { >>- CopyMem (mUsbTable->UserInfo, Var, VarSize); >>- FreePool (Var); >>- } >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- Read the specified file by FileName in the Usb key and return the file size >in >>BufferSize >>- and file content in Buffer. >>- Note: the caller is responsible to free the buffer memory. >>- >>- @param FileName File to read. >>- @param Buffer Returned with data read from the file. >>- @param BufferSize Size of the data buffer. >>- >>- @retval EFI_SUCCESS The command completed successfully. >>- @retval EFI_OUT_OF_RESOURCES Resource allocation failed. >>- @retval EFI_NOT_FOUND File not found. >>- @retval EFI_DEVICE_ERROR Device I/O error. >>- >>-**/ >>-EFI_STATUS >>-GetFileData ( >>- IN CHAR16 *FileName, >>- OUT VOID **Buffer, >>- OUT UINTN *BufferSize >>- ) >>-{ >>- EFI_STATUS Status; >>- UINTN Index; >>- UINTN HandleCount; >>- UINTN ScratchBufferSize; >>- EFI_HANDLE *HandleBuffer; >>- EFI_FILE *RootFs; >>- EFI_FILE *FileHandle; >>- EFI_FILE_INFO *FileInfo; >>- EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *SimpleFileSystem; >>- EFI_BLOCK_IO_PROTOCOL *BlkIo; >>- >>- FileInfo = NULL; >>- FileHandle = NULL; >>- >>- Status = gBS->LocateHandleBuffer ( >>- ByProtocol, >>- &gEfiSimpleFileSystemProtocolGuid, >>- NULL, >>- &HandleCount, >>- &HandleBuffer >>- ); >>- if (EFI_ERROR (Status)) { >>- DEBUG ((DEBUG_ERROR, "Can not Locate SimpleFileSystemProtocol\n")); >>- goto Done; >>- } >>- >>- // >>- // Find and open the file in removable media disk. >>- // >>- for (Index = 0; Index < HandleCount; Index++) { >>- Status = gBS->HandleProtocol ( >>- HandleBuffer[Index], >>- &gEfiBlockIoProtocolGuid, >>- (VOID **) &BlkIo >>- ); >>- if (EFI_ERROR (Status)) { >>- continue; >>- } >>- >>- if (BlkIo->Media->RemovableMedia) { >>- Status = gBS->HandleProtocol ( >>- HandleBuffer[Index], >>- &gEfiSimpleFileSystemProtocolGuid, >>- (VOID **) &SimpleFileSystem >>- ); >>- if (EFI_ERROR (Status)) { >>- continue; >>- } >>- >>- Status = SimpleFileSystem->OpenVolume ( >>- SimpleFileSystem, >>- &RootFs >>- ); >>- if (EFI_ERROR (Status)) { >>- continue; >>- } >>- >>- Status = RootFs->Open ( >>- RootFs, >>- &FileHandle, >>- FileName, >>- EFI_FILE_MODE_READ, >>- 0 >>- ); >>- if (!EFI_ERROR (Status)) { >>- break; >>- } >>- } >>- } >>- >>- FreePool (HandleBuffer); >>- >>- if (Index >= HandleCount) { >>- DEBUG ((DEBUG_ERROR, "Can not found the token file!\n")); >>- Status = EFI_NOT_FOUND; >>- goto Done; >>- } >>- >>- // >>- // Figure out how big the file is. >>- // >>- ScratchBufferSize = 0; >>- Status = FileHandle->GetInfo ( >>- FileHandle, >>- &gEfiFileInfoGuid, >>- &ScratchBufferSize, >>- NULL >>- ); >>- if (EFI_ERROR (Status) && (Status != EFI_BUFFER_TOO_SMALL)) { >>- DEBUG ((DEBUG_ERROR, "Can not obtain file size info!\n")); >>- Status = EFI_DEVICE_ERROR; >>- goto Done; >>- } >>- >>- FileInfo = AllocateZeroPool (ScratchBufferSize); >>- if (FileInfo == NULL) { >>- DEBUG ((DEBUG_ERROR, "Can not allocate enough memory for the token >>file!\n")); >>- Status = EFI_OUT_OF_RESOURCES; >>- goto Done; >>- } >>- >>- Status = FileHandle->GetInfo ( >>- FileHandle, >>- &gEfiFileInfoGuid, >>- &ScratchBufferSize, >>- FileInfo >>- ); >>- if (EFI_ERROR (Status)) { >>- DEBUG ((DEBUG_ERROR, "Can not obtain file info from the token >file!\n")); >>- Status = EFI_DEVICE_ERROR; >>- goto Done; >>- } >>- >>- // >>- // Allocate a buffer for the file. >>- // >>- *BufferSize = (UINT32) FileInfo->FileSize; >>- *Buffer = AllocateZeroPool (*BufferSize); >>- if (*Buffer == NULL) { >>- DEBUG ((DEBUG_ERROR, "Can not allocate a buffer for the file!\n")); >>- Status = EFI_OUT_OF_RESOURCES; >>- goto Done; >>- } >>- >>- // >>- // Load file into the allocated memory. >>- // >>- Status = FileHandle->Read (FileHandle, BufferSize, *Buffer); >>- if (EFI_ERROR (Status)) { >>- FreePool (*Buffer); >>- DEBUG ((DEBUG_ERROR, "Can not read the token file!\n")); >>- Status = EFI_DEVICE_ERROR; >>- goto Done; >>- } >>- >>- // >>- // Close file. >>- // >>- Status = FileHandle->Close (FileHandle); >>- if (EFI_ERROR (Status)) { >>- FreePool (*Buffer); >>- DEBUG ((DEBUG_ERROR, "Can not close the token file !\n")); >>- Status = EFI_DEVICE_ERROR; >>- } >>- >>-Done: >>- >>- if (FileInfo != NULL) { >>- FreePool (FileInfo); >>- } >>- >>- return Status; >>-} >>- >>- >>-/** >>- Hash the data to get credential. >>- >>- @param[in] Buffer Points to the data buffer >>- @param[in] BufferSize The size of data in buffer, in bytes. >>- @param[out] Credential Points to the hashed result >>- >>- @retval TRUE Hash the data successfully. >>- @retval FALSE Failed to hash the data. >>- >>-**/ >>-BOOLEAN >>-GenerateCredential ( >>- IN UINT8 *Buffer, >>- IN UINTN BufferSize, >>- OUT UINT8 *Credential >>- ) >>-{ >>- BOOLEAN Status; >>- UINTN HashSize; >>- VOID *Hash; >>- >>- HashSize = Sha1GetContextSize (); >>- Hash = AllocatePool (HashSize); >>- ASSERT (Hash != NULL); >>- >>- Status = Sha1Init (Hash); >>- if (!Status) { >>- goto Done; >>- } >>- >>- Status = Sha1Update (Hash, Buffer, BufferSize); >>- if (!Status) { >>- goto Done; >>- } >>- >>- Status = Sha1Final (Hash, Credential); >>- >>-Done: >>- FreePool (Hash); >>- return Status; >>-} >>- >>- >>-/** >>- Read the token file, and default the Token is saved at the begining of the >file. >>- >>- @param[out] Token Token read from a Token file. >>- >>- @retval EFI_SUCCESS Read a Token successfully. >>- @retval Others Fails to read a Token. >>- >>-**/ >>-EFI_STATUS >>-GetToken ( >>- OUT UINT8 *Token >>- ) >>-{ >>- EFI_STATUS Status; >>- UINT8 *Buffer; >>- UINTN BufSize; >>- CHAR16 *TokenFile; >>- >>- BufSize = 0; >>- Buffer = NULL; >>- TokenFile = PcdGetPtr (PcdFixedUsbCredentialProviderTokenFileName); >>- Status = GetFileData (TokenFile, (VOID *)&Buffer, &BufSize); >>- if (EFI_ERROR (Status)) { >>- DEBUG ((DEBUG_ERROR, "Read file %s from USB error! Status=(%r)\n", >>TokenFile, Status)); >>- return Status; >>- } >>- >>- if (!GenerateCredential (Buffer, BufSize, Token)) { >>- DEBUG ((DEBUG_ERROR, "Generate credential from read data >failed!\n")); >>- FreePool (Buffer); >>- return EFI_SECURITY_VIOLATION; >>- } >>- >>- FreePool (Buffer); >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- Find a user infomation record by the information record type. >>- >>- This function searches all user information records of User from beginning >>- until either the information is found or there are no more user infomation >>- record. A match occurs when a Info.InfoType field matches the user >>information >>- record type. >>- >>- @param[in] User Points to the user profile record to search. >>- @param[in] InfoType The infomation type to be searched. >>- @param[out] Info Points to the user info found, the caller is >responsible >>- to free. >>- >>- @retval EFI_SUCCESS Find the user information successfully. >>- @retval Others Fail to find the user information. >>- >>-**/ >>-EFI_STATUS >>-FindUserInfoByType ( >>- IN EFI_USER_PROFILE_HANDLE User, >>- IN UINT8 InfoType, >>- OUT EFI_USER_INFO **Info >>- ) >>-{ >>- EFI_STATUS Status; >>- EFI_USER_INFO *UserInfo; >>- UINTN UserInfoSize; >>- EFI_USER_INFO_HANDLE UserInfoHandle; >>- EFI_USER_MANAGER_PROTOCOL *UserManager; >>- >>- // >>- // Find user information by information type. >>- // >>- if (Info == NULL) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- Status = gBS->LocateProtocol ( >>- &gEfiUserManagerProtocolGuid, >>- NULL, >>- (VOID **) &UserManager >>- ); >>- if (EFI_ERROR (Status)) { >>- return EFI_NOT_FOUND; >>- } >>- >>- // >>- // Get each user information. >>- // >>- >>- UserInfoHandle = NULL; >>- UserInfo = NULL; >>- UserInfoSize = 0; >>- while (TRUE) { >>- Status = UserManager->GetNextInfo (UserManager, User, >>&UserInfoHandle); >>- if (EFI_ERROR (Status)) { >>- break; >>- } >>- // >>- // Get information. >>- // >>- Status = UserManager->GetInfo ( >>- UserManager, >>- User, >>- UserInfoHandle, >>- UserInfo, >>- &UserInfoSize >>- ); >>- if (Status == EFI_BUFFER_TOO_SMALL) { >>- if (UserInfo != NULL) { >>- FreePool (UserInfo); >>- } >>- UserInfo = AllocateZeroPool (UserInfoSize); >>- if (UserInfo == NULL) { >>- return EFI_OUT_OF_RESOURCES; >>- } >>- Status = UserManager->GetInfo ( >>- UserManager, >>- User, >>- UserInfoHandle, >>- UserInfo, >>- &UserInfoSize >>- ); >>- } >>- if (EFI_ERROR (Status)) { >>- break; >>- } >>- >>- ASSERT (UserInfo != NULL); >>- if (UserInfo->InfoType == InfoType) { >>- *Info = UserInfo; >>- return EFI_SUCCESS; >>- } >>- } >>- >>- if (UserInfo != NULL) { >>- FreePool (UserInfo); >>- } >>- return Status; >>-} >>- >>- >>-/** >>- This function initialize the data mainly used in form browser. >>- >>- @retval EFI_SUCCESS Initialize form data successfully. >>- @retval Others Fail to Initialize form data. >>- >>-**/ >>-EFI_STATUS >>-InitFormBrowser ( >>- VOID >>- ) >>-{ >>- USB_PROVIDER_CALLBACK_INFO *CallbackInfo; >>- >>- // >>- // Initialize driver private data. >>- // >>- CallbackInfo = AllocateZeroPool (sizeof >(USB_PROVIDER_CALLBACK_INFO)); >>- if (CallbackInfo == NULL) { >>- return EFI_OUT_OF_RESOURCES; >>- } >>- >>- CallbackInfo->DriverHandle = NULL; >>- >>- // >>- // Publish HII data. >>- // >>- CallbackInfo->HiiHandle = HiiAddPackages ( >>- &gUsbCredentialProviderGuid, >>- CallbackInfo->DriverHandle, >>- UsbCredentialProviderStrings, >>- NULL >>- ); >>- if (CallbackInfo->HiiHandle == NULL) { >>- return EFI_OUT_OF_RESOURCES; >>- } >>- mCallbackInfo = CallbackInfo; >>- >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- Enroll a user on a credential provider. >>- >>- This function enrolls a user on this credential provider. If the user exists on >>- this credential provider, update the user information on this credential >>provider; >>- otherwise add the user information on credential provider. >>- >>- @param[in] This Points to this instance of >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[in] User The user profile to enroll. >>- >>- @retval EFI_SUCCESS User profile was successfully enrolled. >>- @retval EFI_ACCESS_DENIED Current user profile does not permit >>enrollment on the >>- user profile handle. Either the user profile cannot enroll >>- on any user profile or cannot enroll on a user profile >>- other than the current user profile. >>- @retval EFI_UNSUPPORTED This credential provider does not support >>enrollment in >>- the pre-OS. >>- @retval EFI_DEVICE_ERROR The new credential could not be created >>because of a device >>- error. >>- @retval EFI_INVALID_PARAMETER User does not refer to a valid user >>profile handle. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialEnroll ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- IN EFI_USER_PROFILE_HANDLE User >>- ) >>-{ >>- EFI_STATUS Status; >>- UINTN Index; >>- USB_INFO UsbInfo; >>- EFI_USER_INFO *UserInfo; >>- EFI_INPUT_KEY Key; >>- UINT8 *UserId; >>- CHAR16 *QuestionStr; >>- CHAR16 *PromptStr; >>- >>- if ((This == NULL) || (User == NULL)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- // >>- // Get User Identifier >>- // >>- UserInfo = NULL; >>- Status = FindUserInfoByType ( >>- User, >>- EFI_USER_INFO_IDENTIFIER_RECORD, >>- &UserInfo >>- ); >>- if (EFI_ERROR (Status)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- CopyMem (UsbInfo.UserId, (UINT8 *) (UserInfo + 1), sizeof >>(EFI_USER_INFO_IDENTIFIER)); >>- FreePool (UserInfo); >>- >>- // >>- // Get Token and User ID to UsbInfo. >>- // >>- Status = GetToken (UsbInfo.Token); >>- if (EFI_ERROR (Status)) { >>- QuestionStr = GetStringById (STRING_TOKEN >>(STR_READ_USB_TOKEN_ERROR)); >>- PromptStr = GetStringById (STRING_TOKEN (STR_INSERT_USB_TOKEN)); >>- CreatePopUp ( >>- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >>- &Key, >>- QuestionStr, >>- L"", >>- PromptStr, >>- NULL >>- ); >>- FreePool (QuestionStr); >>- FreePool (PromptStr); >>- return Status; >>- } >>- >>- // >>- // Check whether User is ever enrolled in the provider. >>- // >>- for (Index = 0; Index < mUsbTable->Count; Index++) { >>- UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId; >>- if (CompareMem (UserId, (UINT8 *) &UsbInfo.UserId, sizeof >>(EFI_USER_INFO_IDENTIFIER)) == 0) { >>- // >>- // User already exists, update the password. >>- // >>- break; >>- } >>- } >>- >>- // >>- // Enroll the User to the provider. >>- // >>- Status = ModifyTable (Index, &UsbInfo); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- Returns the user interface information used during user identification. >>- >>- This function returns information about the form used when interacting >>with the >>- user during user identification. The form is the first enabled form in the >>form-set >>- class EFI_HII_USER_CREDENTIAL_FORMSET_GUID installed on the HII >>handle HiiHandle. If >>- the user credential provider does not require a form to identify the user, >>then this >>- function should return EFI_NOT_FOUND. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[out] Hii On return, holds the HII database handle. >>- @param[out] FormSetId On return, holds the identifier of the form set >>which contains >>- the form used during user identification. >>- @param[out] FormId On return, holds the identifier of the form used >>during user >>- identification. >>- >>- @retval EFI_SUCCESS Form returned successfully. >>- @retval EFI_NOT_FOUND Form not returned. >>- @retval EFI_INVALID_PARAMETER Hii is NULL or FormSetId is NULL or >>FormId is NULL. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialForm ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- OUT EFI_HII_HANDLE *Hii, >>- OUT EFI_GUID *FormSetId, >>- OUT EFI_FORM_ID *FormId >>- ) >>-{ >>- if ((This == NULL) || (Hii == NULL) || >>- (FormSetId == NULL) || (FormId == NULL)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- return EFI_NOT_FOUND; >>-} >>- >>- >>-/** >>- Returns bitmap used to describe the credential provider type. >>- >>- This optional function returns a bitmap which is less than or equal to the >>number >>- of pixels specified by Width and Height. If no such bitmap exists, then >>EFI_NOT_FOUND >>- is returned. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[in, out] Width On entry, points to the desired bitmap width. If >>NULL then no >>- bitmap information will be returned. On exit, points to the >>- width of the bitmap returned. >>- @param[in, out] Height On entry, points to the desired bitmap height. If >>NULL then no >>- bitmap information will be returned. On exit, points to the >>- height of the bitmap returned. >>- @param[out] Hii On return, holds the HII database handle. >>- @param[out] Image On return, holds the HII image identifier. >>- >>- @retval EFI_SUCCESS Image identifier returned successfully. >>- @retval EFI_NOT_FOUND Image identifier not returned. >>- @retval EFI_INVALID_PARAMETER Hii is NULL or Image is NULL. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialTile ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- IN OUT UINTN *Width, >>- IN OUT UINTN *Height, >>- OUT EFI_HII_HANDLE *Hii, >>- OUT EFI_IMAGE_ID *Image >>- ) >>-{ >>- if ((This == NULL) || (Hii == NULL) || (Image == NULL)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- return EFI_NOT_FOUND; >>-} >>- >>- >>-/** >>- Returns string used to describe the credential provider type. >>- >>- This function returns a string which describes the credential provider. If no >>- such string exists, then EFI_NOT_FOUND is returned. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[out] Hii On return, holds the HII database handle. >>- @param[out] String On return, holds the HII string identifier. >>- >>- @retval EFI_SUCCESS String identifier returned successfully. >>- @retval EFI_NOT_FOUND String identifier not returned. >>- @retval EFI_INVALID_PARAMETER Hii is NULL or String is NULL. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialTitle ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- OUT EFI_HII_HANDLE *Hii, >>- OUT EFI_STRING_ID *String >>- ) >>-{ >>- if ((This == NULL) || (Hii == NULL) || (String == NULL)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- // >>- // Set Hii handle and String ID. >>- // >>- *Hii = mCallbackInfo->HiiHandle; >>- *String = STRING_TOKEN (STR_CREDENTIAL_TITLE); >>- >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- Return the user identifier associated with the currently authenticated user. >>- >>- This function returns the user identifier of the user authenticated by this >>credential >>- provider. This function is called after the credential-related information has >>been >>- submitted on a form OR after a call to Default() has returned that this >>credential is >>- ready to log on. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[in] User The user profile handle of the user profile currently >>being >>- considered by the user identity manager. If NULL, then no >user >>- profile is currently under consideration. >>- @param[out] Identifier On return, points to the user identifier. >>- >>- @retval EFI_SUCCESS User identifier returned successfully. >>- @retval EFI_NOT_READY No user identifier can be returned. >>- @retval EFI_ACCESS_DENIED The user has been locked out of this user >>credential. >>- @retval EFI_INVALID_PARAMETER This is NULL, or Identifier is NULL. >>- @retval EFI_NOT_FOUND User is not NULL, and the specified user >>handle can't be >>- found in user profile database. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialUser ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- IN EFI_USER_PROFILE_HANDLE User, >>- OUT EFI_USER_INFO_IDENTIFIER *Identifier >>- ) >>-{ >>- EFI_STATUS Status; >>- UINTN Index; >>- EFI_USER_INFO *UserInfo; >>- UINT8 *UserId; >>- UINT8 *NewUserId; >>- UINT8 *UserToken; >>- UINT8 ReadToken[HASHED_CREDENTIAL_LEN]; >>- EFI_INPUT_KEY Key; >>- CHAR16 *QuestionStr; >>- CHAR16 *PromptStr; >>- >>- if ((This == NULL) || (Identifier == NULL)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- if (User == NULL) { >>- // >>- // Verify the auto logon user, get user id by matched token. >>- // >>- if (mUsbTable->Count == 0) { >>- return EFI_NOT_READY; >>- } >>- >>- // >>- // No user selected, get token first and verify the user existed in user >>database. >>- // >>- Status = GetToken (ReadToken); >>- if (EFI_ERROR (Status)) { >>- return EFI_NOT_READY; >>- } >>- >>- for (Index = 0; Index < mUsbTable->Count; Index++) { >>- // >>- // find the specified credential in the Usb credential database. >>- // >>- UserToken = mUsbTable->UserInfo[Index].Token; >>- if (CompareMem (UserToken, ReadToken, HASHED_CREDENTIAL_LEN) >== >>0) { >>- UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId; >>- CopyMem (Identifier, UserId, sizeof (EFI_USER_INFO_IDENTIFIER)); >>- return EFI_SUCCESS; >>- } >>- } >>- >>- return EFI_NOT_READY; >>- } >>- >>- // >>- // User is not NULL here. Read a token, and check whether the token >>matches with >>- // the selected user's Token. If not, try to find a token in token DB to >>matches >>- // with read token. >>- // >>- >>- Status = GetToken (ReadToken); >>- if (EFI_ERROR (Status)) { >>- QuestionStr = GetStringById (STRING_TOKEN >>(STR_READ_USB_TOKEN_ERROR)); >>- PromptStr = GetStringById (STRING_TOKEN (STR_INSERT_USB_TOKEN)); >>- CreatePopUp ( >>- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >>- &Key, >>- QuestionStr, >>- L"", >>- PromptStr, >>- NULL >>- ); >>- FreePool (QuestionStr); >>- FreePool (PromptStr); >>- return EFI_NOT_FOUND; >>- } >>- >>- // >>- // Get the selected user's identifier. >>- // >>- Status = FindUserInfoByType (User, EFI_USER_INFO_IDENTIFIER_RECORD, >>&UserInfo); >>- if (EFI_ERROR (Status)) { >>- return EFI_NOT_FOUND; >>- } >>- >>- // >>- // Check the selected user's Token with the read token. >>- // >>- for (Index = 0; Index < mUsbTable->Count; Index++) { >>- UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId; >>- NewUserId = (UINT8 *) (UserInfo + 1); >>- if (CompareMem (UserId, NewUserId, sizeof >(EFI_USER_INFO_IDENTIFIER)) >>== 0) { >>- // >>- // The user's ID is found in the UsbTable. >>- // >>- UserToken = mUsbTable->UserInfo[Index].Token; >>- if (CompareMem (UserToken, ReadToken, HASHED_CREDENTIAL_LEN) >== >>0) { >>- // >>- // The read token matches with the one in UsbTable. >>- // >>- CopyMem (Identifier, UserId, sizeof (EFI_USER_INFO_IDENTIFIER)); >>- FreePool (UserInfo); >>- return EFI_SUCCESS; >>- } >>- } >>- } >>- >>- FreePool (UserInfo); >>- >>- return EFI_NOT_READY; >>-} >>- >>- >>-/** >>- Indicate that user interface interaction has begun for the specified >>credential. >>- >>- This function is called when a credential provider is selected by the user. If >>- AutoLogon returns FALSE, then the user interface will be constructed by >the >>User >>- Identity Manager. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[out] AutoLogon On return, points to the credential provider's >>capabilities >>- after the credential provider has been selected by the user. >>- >>- @retval EFI_SUCCESS Credential provider successfully selected. >>- @retval EFI_INVALID_PARAMETER AutoLogon is NULL. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialSelect ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon >>- ) >>-{ >>- if ((This == NULL) || (AutoLogon == NULL)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- *AutoLogon = EFI_CREDENTIAL_LOGON_FLAG_DEFAULT | >>EFI_CREDENTIAL_LOGON_FLAG_AUTO; >>- >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- Indicate that user interface interaction has ended for the specified >>credential. >>- >>- This function is called when a credential provider is deselected by the user. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- >>- @retval EFI_SUCCESS Credential provider successfully deselected. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialDeselect ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This >>- ) >>-{ >>- if (This == NULL) { >>- return EFI_INVALID_PARAMETER; >>- } >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- Return the default logon behavior for this user credential. >>- >>- This function reports the default login behavior regarding this credential >>provider. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[out] AutoLogon On return, holds whether the credential >provider >>should be used >>- by default to automatically log on the user. >>- >>- @retval EFI_SUCCESS Default information successfully returned. >>- @retval EFI_INVALID_PARAMETER AutoLogon is NULL. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialDefault ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon >>- ) >>-{ >>- if ((This == NULL) || (AutoLogon == NULL)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- *AutoLogon = EFI_CREDENTIAL_LOGON_FLAG_DEFAULT | >>EFI_CREDENTIAL_LOGON_FLAG_AUTO; >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- Return information attached to the credential provider. >>- >>- This function returns user information. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[in] UserInfo Handle of the user information data record. >>- @param[out] Info On entry, points to a buffer of at least *InfoSize >>bytes. On >>- exit, holds the user information. If the buffer is too small >>- to hold the information, then EFI_BUFFER_TOO_SMALL is >>returned >>- and InfoSize is updated to contain the number of bytes >>actually >>- required. >>- @param[in, out] InfoSize On entry, points to the size of Info. On return, >>points to the >>- size of the user information. >>- >>- @retval EFI_SUCCESS Information returned successfully. >>- @retval EFI_BUFFER_TOO_SMALL The size specified by InfoSize is too >small >>to hold all of the >>- user information. The size required is returned in *InfoSize. >>- @retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL. >>- @retval EFI_NOT_FOUND The specified UserInfo does not refer to a >>valid user info handle. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialGetInfo ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- IN EFI_USER_INFO_HANDLE UserInfo, >>- OUT EFI_USER_INFO *Info, >>- IN OUT UINTN *InfoSize >>- ) >>-{ >>- EFI_USER_INFO *CredentialInfo; >>- UINTN Index; >>- >>- if ((This == NULL) || (InfoSize == NULL) || (Info == NULL)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- if ((UserInfo == NULL) || (mUsbInfoHandle == NULL)) { >>- return EFI_NOT_FOUND; >>- } >>- >>- // >>- // Find information handle in credential info table. >>- // >>- for (Index = 0; Index < mUsbInfoHandle->Count; Index++) { >>- CredentialInfo = mUsbInfoHandle->Info[Index]; >>- if (UserInfo == (EFI_USER_INFO_HANDLE)CredentialInfo) { >>- // >>- // The handle is found, copy the user info. >>- // >>- if (CredentialInfo->InfoSize > *InfoSize) { >>- *InfoSize = CredentialInfo->InfoSize; >>- return EFI_BUFFER_TOO_SMALL; >>- } >>- >>- CopyMem (Info, CredentialInfo, CredentialInfo->InfoSize); >>- return EFI_SUCCESS; >>- } >>- } >>- >>- return EFI_NOT_FOUND; >>-} >>- >>- >>-/** >>- Enumerate all of the user informations on the credential provider. >>- >>- This function returns the next user information record. To retrieve the first >>user >>- information record handle, point UserInfo at a NULL. Each subsequent call >>will retrieve >>- another user information record handle until there are no more, at which >>point UserInfo >>- will point to NULL. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[in, out] UserInfo On entry, points to the previous user >information >>handle or NULL >>- to start enumeration. On exit, points to the next user >>information >>- handle or NULL if there is no more user information. >>- >>- @retval EFI_SUCCESS User information returned. >>- @retval EFI_NOT_FOUND No more user information found. >>- @retval EFI_INVALID_PARAMETER UserInfo is NULL. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialGetNextInfo ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- IN OUT EFI_USER_INFO_HANDLE *UserInfo >>- ) >>-{ >>- EFI_USER_INFO *Info; >>- CHAR16 *ProvNameStr; >>- UINTN InfoLen; >>- UINTN Index; >>- UINTN ProvStrLen; >>- >>- if ((This == NULL) || (UserInfo == NULL)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- if (mUsbInfoHandle == NULL) { >>- // >>- // Initilized user info table. There are 4 user info records in the table. >>- // >>- InfoLen = sizeof (USB_CREDENTIAL_INFO) + (4 - 1) * sizeof >>(EFI_USER_INFO *); >>- mUsbInfoHandle = AllocateZeroPool (InfoLen); >>- if (mUsbInfoHandle == NULL) { >>- *UserInfo = NULL; >>- return EFI_NOT_FOUND; >>- } >>- >>- // >>- // The first information, Credential Provider info. >>- // >>- InfoLen = sizeof (EFI_USER_INFO) + sizeof (EFI_GUID); >>- Info = AllocateZeroPool (InfoLen); >>- ASSERT (Info != NULL); >>- >>- Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_RECORD; >>- Info->InfoSize = (UINT32) InfoLen; >>- Info->InfoAttribs = EFI_USER_INFO_PROTECTED; >>- CopyGuid (&Info->Credential, &gUsbCredentialProviderGuid); >>- CopyGuid ((EFI_GUID *)(Info + 1), &gUsbCredentialProviderGuid); >>- >>- mUsbInfoHandle->Info[0] = Info; >>- mUsbInfoHandle->Count++; >>- >>- // >>- // The second information, Credential Provider name info. >>- // >>- ProvNameStr = GetStringById (STRING_TOKEN (STR_PROVIDER_NAME)); >>- ProvStrLen = StrSize (ProvNameStr); >>- InfoLen = sizeof (EFI_USER_INFO) + ProvStrLen; >>- Info = AllocateZeroPool (InfoLen); >>- ASSERT (Info != NULL); >>- >>- Info->InfoType = >>EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD; >>- Info->InfoSize = (UINT32) InfoLen; >>- Info->InfoAttribs = EFI_USER_INFO_PROTECTED; >>- CopyGuid (&Info->Credential, &gUsbCredentialProviderGuid); >>- CopyMem ((UINT8*)(Info + 1), ProvNameStr, ProvStrLen); >>- FreePool (ProvNameStr); >>- >>- mUsbInfoHandle->Info[1] = Info; >>- mUsbInfoHandle->Count++; >>- >>- // >>- // The third information, Credential Provider type info. >>- // >>- InfoLen = sizeof (EFI_USER_INFO) + sizeof (EFI_GUID); >>- Info = AllocateZeroPool (InfoLen); >>- ASSERT (Info != NULL); >>- >>- Info->InfoType = EFI_USER_INFO_CREDENTIAL_TYPE_RECORD; >>- Info->InfoSize = (UINT32) InfoLen; >>- Info->InfoAttribs = EFI_USER_INFO_PROTECTED; >>- CopyGuid (&Info->Credential, &gUsbCredentialProviderGuid); >>- CopyGuid ((EFI_GUID *)(Info + 1), >>&gEfiUserCredentialClassSecureCardGuid); >>- >>- mUsbInfoHandle->Info[2] = Info; >>- mUsbInfoHandle->Count++; >>- >>- // >>- // The fourth information, Credential Provider type name info. >>- // >>- ProvNameStr = GetStringById (STRING_TOKEN >>(STR_PROVIDER_TYPE_NAME)); >>- ProvStrLen = StrSize (ProvNameStr); >>- InfoLen = sizeof (EFI_USER_INFO) + ProvStrLen; >>- Info = AllocateZeroPool (InfoLen); >>- ASSERT (Info != NULL); >>- >>- Info->InfoType = >>EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD; >>- Info->InfoSize = (UINT32) InfoLen; >>- Info->InfoAttribs = EFI_USER_INFO_PROTECTED; >>- CopyGuid (&Info->Credential, &gUsbCredentialProviderGuid); >>- CopyMem ((UINT8*)(Info + 1), ProvNameStr, ProvStrLen); >>- FreePool (ProvNameStr); >>- >>- mUsbInfoHandle->Info[3] = Info; >>- mUsbInfoHandle->Count++; >>- } >>- >>- if (*UserInfo == NULL) { >>- // >>- // Return the first info handle. >>- // >>- *UserInfo = (EFI_USER_INFO_HANDLE) mUsbInfoHandle->Info[0]; >>- return EFI_SUCCESS; >>- } >>- >>- // >>- // Find information handle in credential info table. >>- // >>- for (Index = 0; Index < mUsbInfoHandle->Count; Index++) { >>- Info = mUsbInfoHandle->Info[Index]; >>- if (*UserInfo == (EFI_USER_INFO_HANDLE)Info) { >>- // >>- // The handle is found, get the next one. >>- // >>- if (Index == mUsbInfoHandle->Count - 1) { >>- // >>- // Already last one. >>- // >>- *UserInfo = NULL; >>- return EFI_NOT_FOUND; >>- } >>- Index++; >>- *UserInfo = (EFI_USER_INFO_HANDLE)mUsbInfoHandle->Info[Index]; >>- return EFI_SUCCESS; >>- } >>- } >>- >>- *UserInfo = NULL; >>- return EFI_NOT_FOUND; >>-} >>- >>- >>-/** >>- Delete a user on this credential provider. >>- >>- This function deletes a user on this credential provider. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[in] User The user profile handle to delete. >>- >>- @retval EFI_SUCCESS User profile was successfully deleted. >>- @retval EFI_ACCESS_DENIED Current user profile does not permit >>deletion on the user profile handle. >>- Either the user profile cannot delete on any user profile or >>cannot delete >>- on a user profile other than the current user profile. >>- @retval EFI_UNSUPPORTED This credential provider does not support >>deletion in the pre-OS. >>- @retval EFI_DEVICE_ERROR The new credential could not be deleted >>because of a device error. >>- @retval EFI_INVALID_PARAMETER User does not refer to a valid user >>profile handle. >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialDelete ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- IN EFI_USER_PROFILE_HANDLE User >>- ) >>-{ >>- EFI_STATUS Status; >>- EFI_USER_INFO *UserInfo; >>- UINT8 *UserId; >>- UINT8 *NewUserId; >>- UINTN Index; >>- >>- if ((This == NULL) || (User == NULL)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- // >>- // Get User Identifier. >>- // >>- UserInfo = NULL; >>- Status = FindUserInfoByType ( >>- User, >>- EFI_USER_INFO_IDENTIFIER_RECORD, >>- &UserInfo >>- ); >>- if (EFI_ERROR (Status)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- // >>- // Find the user by user identifier in mPwdTable. >>- // >>- for (Index = 0; Index < mUsbTable->Count; Index++) { >>- UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId; >>- NewUserId = (UINT8 *) (UserInfo + 1); >>- if (CompareMem (UserId, NewUserId, sizeof >(EFI_USER_INFO_IDENTIFIER)) >>== 0) { >>- // >>- // Found the user, delete it. >>- // >>- ModifyTable (Index, NULL); >>- break; >>- } >>- } >>- >>- FreePool (UserInfo); >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- Main entry for this driver. >>- >>- @param ImageHandle Image handle this driver. >>- @param SystemTable Pointer to SystemTable. >>- >>- @retval EFI_SUCESS This function always complete successfully. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-UsbProviderInit ( >>- IN EFI_HANDLE ImageHandle, >>- IN EFI_SYSTEM_TABLE *SystemTable >>- ) >>-{ >>- EFI_STATUS Status; >>- >>- // >>- // It is NOT robust enough to be included in production. >>- // >>- #error "This implementation is just a sample, please comment this line if >you >>really want to use this driver." >>- >>- // >>- // Init credential table. >>- // >>- Status = InitCredentialTable (); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- >>- // >>- // Init Form Browser >>- // >>- Status = InitFormBrowser (); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- >>- // >>- // Install protocol interfaces for the Usb Credential Provider. >>- // >>- Status = gBS->InstallProtocolInterface ( >>- &mCallbackInfo->DriverHandle, >>- &gEfiUserCredential2ProtocolGuid, >>- EFI_NATIVE_INTERFACE, >>- &gUsbCredentialProviderDriver >>- ); >>- return Status; >>-} >>diff --git >>a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredential >Pr >>ovider.h >>b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredential >Pr >>ovider.h >>deleted file mode 100644 >>index 63f6576045..0000000000 >>--- >>a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredential >Pr >>ovider.h >>+++ /dev/null >>@@ -1,361 +0,0 @@ >>-/** @file >>- Usb Credential Provider driver header file. >>- >>-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >>-This program and the accompanying materials >>-are licensed and made available under the terms and conditions of the BSD >>License >>-which accompanies this distribution. The full text of the license may be >>found at >>-http://opensource.org/licenses/bsd-license.php >>- >>-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >>-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>- >>-**/ >>- >>-#ifndef _USB_CREDENTIAL_PROVIDER_H_ >>-#define _USB_CREDENTIAL_PROVIDER_H_ >>- >>-#include <Uefi.h> >>- >>-#include <Guid/GlobalVariable.h> >>-#include <Guid/FileInfo.h> >>-#include <Guid/SecurityPkgTokenSpace.h> >>-#include <Guid/UsbCredentialProviderHii.h> >>- >>-#include <Protocol/SimpleFileSystem.h> >>-#include <Protocol/BlockIo.h> >>-#include <Protocol/UserCredential2.h> >>-#include <Protocol/UserManager.h> >>- >>-#include <Library/UefiRuntimeServicesTableLib.h> >>-#include <Library/UefiBootServicesTableLib.h> >>-#include <Library/MemoryAllocationLib.h> >>-#include <Library/BaseMemoryLib.h> >>-#include <Library/DevicePathLib.h> >>-#include <Library/BaseCryptLib.h> >>-#include <Library/DebugLib.h> >>-#include <Library/UefiLib.h> >>-#include <Library/PrintLib.h> >>-#include <Library/HiiLib.h> >>-#include <Library/PcdLib.h> >>- >>-extern UINT8 UsbCredentialProviderStrings[]; >>- >>-#define USB_TABLE_INC 16 >>-#define HASHED_CREDENTIAL_LEN 20 >>- >>-// >>-// Save the enroll user credential Information. >>-// >>-typedef struct { >>- EFI_USER_INFO_IDENTIFIER UserId; >>- UINT8 Token[HASHED_CREDENTIAL_LEN]; >>-} USB_INFO; >>- >>-// >>-// USB Credential Table. >>-// >>-typedef struct { >>- UINTN Count; >>- UINTN MaxCount; >>- USB_INFO UserInfo[1]; >>-} CREDENTIAL_TABLE; >>- >>-// >>-// The user information on the USB provider. >>-// >>-typedef struct { >>- UINTN Count; >>- EFI_USER_INFO *Info[1]; >>-} USB_CREDENTIAL_INFO; >>- >>-#define USB_PROVIDER_SIGNATURE SIGNATURE_32 ('U', 'S', 'B', 'P') >>- >>-typedef struct { >>- UINTN Signature; >>- EFI_HANDLE DriverHandle; >>- EFI_HII_HANDLE HiiHandle; >>-} USB_PROVIDER_CALLBACK_INFO; >>- >>-/** >>- Enroll a user on a credential provider. >>- >>- This function enrolls and deletes a user profile using this credential >provider. >>- If a user profile is successfully enrolled, it calls the User Manager Protocol >>- function Notify() to notify the user manager driver that credential >>information >>- has changed. If an enrolled user does exist, delete the user on the >>credential >>- provider. >>- >>- @param[in] This Points to this instance of >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[in] User The user profile to enroll. >>- >>- @retval EFI_SUCCESS User profile was successfully enrolled. >>- @retval EFI_ACCESS_DENIED Current user profile does not permit >>enrollment on the >>- user profile handle. Either the user profile cannot enroll >>- on any user profile or cannot enroll on a user profile >>- other than the current user profile. >>- @retval EFI_UNSUPPORTED This credential provider does not support >>enrollment in >>- the pre-OS. >>- @retval EFI_DEVICE_ERROR The new credential could not be created >>because of a device >>- error. >>- @retval EFI_INVALID_PARAMETER User does not refer to a valid user >>profile handle. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialEnroll ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- IN EFI_USER_PROFILE_HANDLE User >>- ); >>- >>-/** >>- Returns the user interface information used during user identification. >>- >>- This function enrolls a user on this credential provider. If the user exists on >>- this credential provider, update the user information on this credential >>provider; >>- otherwise delete the user information on credential provider. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[out] Hii On return, holds the HII database handle. >>- @param[out] FormSetId On return, holds the identifier of the form set >>which contains >>- the form used during user identification. >>- @param[out] FormId On return, holds the identifier of the form used >>during user >>- identification. >>- >>- @retval EFI_SUCCESS Form returned successfully. >>- @retval EFI_NOT_FOUND Form not returned. >>- @retval EFI_INVALID_PARAMETER Hii is NULL or FormSetId is NULL or >>FormId is NULL. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialForm ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- OUT EFI_HII_HANDLE *Hii, >>- OUT EFI_GUID *FormSetId, >>- OUT EFI_FORM_ID *FormId >>- ); >>- >>-/** >>- Returns bitmap used to describe the credential provider type. >>- >>- This optional function returns a bitmap which is less than or equal to the >>number >>- of pixels specified by Width and Height. If no such bitmap exists, then >>EFI_NOT_FOUND >>- is returned. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[in, out] Width On entry, points to the desired bitmap width. If >>NULL then no >>- bitmap information will be returned. On exit, points to the >>- width of the bitmap returned. >>- @param[in, out] Height On entry, points to the desired bitmap height. If >>NULL then no >>- bitmap information will be returned. On exit, points to the >>- height of the bitmap returned. >>- @param[out] Hii On return, holds the HII database handle. >>- @param[out] Image On return, holds the HII image identifier. >>- >>- @retval EFI_SUCCESS Image identifier returned successfully. >>- @retval EFI_NOT_FOUND Image identifier not returned. >>- @retval EFI_INVALID_PARAMETER Hii is NULL or Image is NULL. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialTile ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- IN OUT UINTN *Width, >>- IN OUT UINTN *Height, >>- OUT EFI_HII_HANDLE *Hii, >>- OUT EFI_IMAGE_ID *Image >>- ); >>- >>-/** >>- Returns string used to describe the credential provider type. >>- >>- This function returns a string which describes the credential provider. If no >>- such string exists, then EFI_NOT_FOUND is returned. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[out] Hii On return, holds the HII database handle. >>- @param[out] String On return, holds the HII string identifier. >>- >>- @retval EFI_SUCCESS String identifier returned successfully. >>- @retval EFI_NOT_FOUND String identifier not returned. >>- @retval EFI_INVALID_PARAMETER Hii is NULL or String is NULL. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialTitle ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- OUT EFI_HII_HANDLE *Hii, >>- OUT EFI_STRING_ID *String >>- ); >>- >>-/** >>- Return the user identifier associated with the currently authenticated user. >>- >>- This function returns the user identifier of the user authenticated by this >>credential >>- provider. This function is called after the credential-related information has >>been >>- submitted on a form OR after a call to Default() has returned that this >>credential is >>- ready to log on. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[in] User The user profile handle of the user profile currently >>being >>- considered by the user identity manager. If NULL, then no >user >>- profile is currently under consideration. >>- @param[out] Identifier On return, points to the user identifier. >>- >>- @retval EFI_SUCCESS User identifier returned successfully. >>- @retval EFI_NOT_READY No user identifier can be returned. >>- @retval EFI_ACCESS_DENIED The user has been locked out of this user >>credential. >>- @retval EFI_INVALID_PARAMETER This is NULL, or Identifier is NULL. >>- @retval EFI_NOT_FOUND User is not NULL, and the specified user >>handle can't be >>- found in user profile database. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialUser ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- IN EFI_USER_PROFILE_HANDLE User, >>- OUT EFI_USER_INFO_IDENTIFIER *Identifier >>- ); >>- >>-/** >>- Indicate that user interface interaction has begun for the specified >>credential. >>- >>- This function is called when a credential provider is selected by the user. If >>- AutoLogon returns FALSE, then the user interface will be constructed by >the >>User >>- Identity Manager. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[out] AutoLogon On return, points to the credential provider's >>capabilities >>- after the credential provider has been selected by the user. >>- >>- @retval EFI_SUCCESS Credential provider successfully selected. >>- @retval EFI_INVALID_PARAMETER AutoLogon is NULL. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialSelect ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon >>- ); >>- >>-/** >>- Indicate that user interface interaction has ended for the specified >>credential. >>- >>- This function is called when a credential provider is deselected by the user. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- >>- @retval EFI_SUCCESS Credential provider successfully deselected. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialDeselect ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This >>- ); >>- >>-/** >>- Return the default logon behavior for this user credential. >>- >>- This function reports the default login behavior regarding this credential >>provider. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[out] AutoLogon On return, holds whether the credential >provider >>should be used >>- by default to automatically log on the user. >>- >>- @retval EFI_SUCCESS Default information successfully returned. >>- @retval EFI_INVALID_PARAMETER AutoLogon is NULL. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialDefault ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon >>- ); >>- >>-/** >>- Return information attached to the credential provider. >>- >>- This function returns user information. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[in] UserInfo Handle of the user information data record. >>- @param[out] Info On entry, points to a buffer of at least *InfoSize >>bytes. On >>- exit, holds the user information. If the buffer is too small >>- to hold the information, then EFI_BUFFER_TOO_SMALL is >>returned >>- and InfoSize is updated to contain the number of bytes >>actually >>- required. >>- @param[in, out] InfoSize On entry, points to the size of Info. On return, >>points to the >>- size of the user information. >>- >>- @retval EFI_SUCCESS Information returned successfully. >>- @retval EFI_BUFFER_TOO_SMALL The size specified by InfoSize is too >small >>to hold all of the >>- user information. The size required is returned in *InfoSize. >>- @retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL. >>- @retval EFI_NOT_FOUND The specified UserInfo does not refer to a >>valid user info handle. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialGetInfo ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- IN EFI_USER_INFO_HANDLE UserInfo, >>- OUT EFI_USER_INFO *Info, >>- IN OUT UINTN *InfoSize >>- ); >>- >>-/** >>- Enumerate all of the user informations on the credential provider. >>- >>- This function returns the next user information record. To retrieve the first >>user >>- information record handle, point UserInfo at a NULL. Each subsequent call >>will retrieve >>- another user information record handle until there are no more, at which >>point UserInfo >>- will point to NULL. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[in, out] UserInfo On entry, points to the previous user >information >>handle or NULL >>- to start enumeration. On exit, points to the next user >>information >>- handle or NULL if there is no more user information. >>- >>- @retval EFI_SUCCESS User information returned. >>- @retval EFI_NOT_FOUND No more user information found. >>- @retval EFI_INVALID_PARAMETER UserInfo is NULL. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialGetNextInfo ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- IN OUT EFI_USER_INFO_HANDLE *UserInfo >>- ); >>- >>-/** >>- Delete a user on this credential provider. >>- >>- This function deletes a user on this credential provider. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL. >>- @param[in] User The user profile handle to delete. >>- >>- @retval EFI_SUCCESS User profile was successfully deleted. >>- @retval EFI_ACCESS_DENIED Current user profile does not permit >>deletion on the user profile handle. >>- Either the user profile cannot delete on any user profile or >>cannot delete >>- on a user profile other than the current user profile. >>- @retval EFI_UNSUPPORTED This credential provider does not support >>deletion in the pre-OS. >>- @retval EFI_DEVICE_ERROR The new credential could not be deleted >>because of a device error. >>- @retval EFI_INVALID_PARAMETER User does not refer to a valid user >>profile handle. >>-**/ >>-EFI_STATUS >>-EFIAPI >>-CredentialDelete ( >>- IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This, >>- IN EFI_USER_PROFILE_HANDLE User >>- ); >>- >>-#endif >>diff --git >>a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredential >Pr >>ovider.uni >>b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredential >Pr >>ovider.uni >>deleted file mode 100644 >>index 961e09f360..0000000000 >>--- >>a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredential >Pr >>ovider.uni >>+++ /dev/null >>@@ -1,23 +0,0 @@ >>-// /** @file >>-// Provides a USB credential provider implementation >>-// >>-// This module reads a token from a token file that is saved in the root >>-// folder of a USB stick. The token file name can be specified by the PCD >>-// PcdFixedUsbCredentialProviderTokenFileName. >>-// >>-// Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR> >>-// >>-// This program and the accompanying materials >>-// are licensed and made available under the terms and conditions of the >BSD >>License >>-// which accompanies this distribution. The full text of the license may be >>found at >>-// http://opensource.org/licenses/bsd-license.php >>-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >>BASIS, >>-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>-// >>-// **/ >>- >>- >>-#string STR_MODULE_ABSTRACT #language en-US "Provides a USB >>credential provider implementation" >>- >>-#string STR_MODULE_DESCRIPTION #language en-US "This module >>reads a token from a token file that is saved in the root folder of a USB stick. >>The token file name can be specified by the PCD >>PcdFixedUsbCredentialProviderTokenFileName." >>- >>diff --git >>a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredential >Pr >>oviderDxe.inf >>b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredential >Pr >>oviderDxe.inf >>deleted file mode 100644 >>index 1e8e42332f..0000000000 >>--- >>a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredential >Pr >>oviderDxe.inf >>+++ /dev/null >>@@ -1,70 +0,0 @@ >>-## @file >>-# Provides a USB credential provider implementation >>-# >>-# This module reads a token from a token file that is saved in the root >>-# folder of a USB stick. The token file name can be specified by the PCD >>-# PcdFixedUsbCredentialProviderTokenFileName. >>-# >>-# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >>-# This program and the accompanying materials >>-# are licensed and made available under the terms and conditions of the >BSD >>License >>-# which accompanies this distribution. The full text of the license may be >>found at >>-# http://opensource.org/licenses/bsd-license.php >>-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >>BASIS, >>-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>-# >>-## >>- >>-[Defines] >>- INF_VERSION = 0x00010005 >>- BASE_NAME = UsbCredentialProvider >>- MODULE_UNI_FILE = UsbCredentialProvider.uni >>- FILE_GUID = 672A0C68-2BF0-46f9-93C3-C4E7DC0FA555 >>- MODULE_TYPE = UEFI_DRIVER >>- VERSION_STRING = 1.0 >>- ENTRY_POINT = UsbProviderInit >>- >>-[Sources] >>- UsbCredentialProvider.c >>- UsbCredentialProvider.h >>- UsbCredentialProviderStrings.uni >>- >>-[Packages] >>- MdePkg/MdePkg.dec >>- MdeModulePkg/MdeModulePkg.dec >>- CryptoPkg/CryptoPkg.dec >>- SecurityPkg/SecurityPkg.dec >>- >>-[LibraryClasses] >>- UefiRuntimeServicesTableLib >>- UefiBootServicesTableLib >>- UefiDriverEntryPoint >>- MemoryAllocationLib >>- BaseMemoryLib >>- DebugLib >>- HiiLib >>- UefiLib >>- BaseCryptLib >>- >>-[Guids] >>- ## PRODUCES ## Variable:L"UsbCredential" >>- ## CONSUMES ## Variable:L"UsbCredential" >>- ## CONSUMES ## HII >>- ## SOMETIMES_CONSUMES ## GUID # The credential provider >>identifier >>- gUsbCredentialProviderGuid >>- >>- gEfiFileInfoGuid ## SOMETIMES_CONSUMES ## GUID >>- gEfiUserCredentialClassSecureCardGuid ## SOMETIMES_CONSUMES >>## GUID >>- >>-[Pcd] >>- >>gEfiSecurityPkgTokenSpaceGuid.PcdFixedUsbCredentialProviderTokenFileN >a >>me ## SOMETIMES_CONSUMES >>- >>-[Protocols] >>- gEfiUserCredential2ProtocolGuid ## PRODUCES >>- gEfiUserManagerProtocolGuid ## SOMETIMES_CONSUMES >>- gEfiBlockIoProtocolGuid ## SOMETIMES_CONSUMES >>- gEfiSimpleFileSystemProtocolGuid ## SOMETIMES_CONSUMES >>- >>-[UserExtensions.TianoCore."ExtraFiles"] >>- UsbCredentialProviderExtra.uni >>- >>diff --git >>a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredential >Pr >>oviderExtra.uni >>b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredential >Pr >>oviderExtra.uni >>deleted file mode 100644 >>index a20917d5f7..0000000000 >>--- >>a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredential >Pr >>oviderExtra.uni >>+++ /dev/null >>@@ -1,19 +0,0 @@ >>-// /** @file >>-// UsbCredentialProvider Localized Strings and Content >>-// >>-// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> >>-// >>-// This program and the accompanying materials >>-// are licensed and made available under the terms and conditions of the >BSD >>License >>-// which accompanies this distribution. The full text of the license may be >>found at >>-// http://opensource.org/licenses/bsd-license.php >>-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >>BASIS, >>-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>-// >>-// **/ >>- >>-#string STR_PROPERTIES_MODULE_NAME >>-#language en-US >>-"USB Credential Provider" >>- >>- >>diff --git >>a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredential >Pr >>oviderStrings.uni >>b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredential >Pr >>oviderStrings.uni >>deleted file mode 100644 >>index f306d50a4e..0000000000 >>--- >>a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredential >Pr >>oviderStrings.uni >>+++ /dev/null >>@@ -1,29 +0,0 @@ >>-/** @file >>- String definitions for the USB Credential Provider. >>- >>-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >>-This program and the accompanying materials >>-are licensed and made available under the terms and conditions of the BSD >>License >>-which accompanies this distribution. The full text of the license may be >>found at >>-http://opensource.org/licenses/bsd-license.php. >>- >>-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >>-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>- >>-**/ >>- >>-#langdef en-US "English" >>-#langdef fr-FR "Francais" >>- >>-#string STR_CREDENTIAL_TITLE #language en-US "USB Credential >>Provider" >>- #language fr-FR "USB Credential Provider >(French)" >>-#string STR_NULL_STRING #language en-US "" >>- #language fr-FR "" >>-#string STR_PROVIDER_NAME #language en-US "INTEL USB >>Credential Provider" >>- #language fr-FR "INTEL USB Credential Provider >>(French)" >>-#string STR_PROVIDER_TYPE_NAME #language en-US "Secure >Card >>Credential Provider" >>- #language fr-FR "Secure Card Credential Provider >>(French)" >>-#string STR_READ_USB_TOKEN_ERROR #language en-US "Read >USB >>Token File Error!" >>- #language fr-FR "Read USB Token File Error! >>(French)" >>-#string STR_INSERT_USB_TOKEN #language en-US "Please insert >>USB key with Token" >>- #language fr-FR "Please insert USB key with Token >>(French)" >>diff --git >>a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/LoadDeferredI >ma >>ge.c >>b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/LoadDeferredI >m >>age.c >>deleted file mode 100644 >>index 2cfe130db8..0000000000 >>--- >>a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/LoadDeferredI >ma >>ge.c >>+++ /dev/null >>@@ -1,148 +0,0 @@ >>-/** @file >>- Load the deferred images after user is identified. >>- >>-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >>-This program and the accompanying materials >>-are licensed and made available under the terms and conditions of the BSD >>License >>-which accompanies this distribution. The full text of the license may be >>found at >>-http://opensource.org/licenses/bsd-license.php >>- >>-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >>-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>- >>-**/ >>- >>-#include "UserIdentifyManager.h" >>- >>-EFI_HANDLE mDeferredImageHandle; >>- >>-/** >>- The function will load all the deferred images again. If the deferred image >is >>loaded >>- successfully, try to start it. >>- >>- @param Event Event whose notification function is being invoked. >>- @param Context Pointer to the notification function's context >>- >>-**/ >>-VOID >>-EFIAPI >>-LoadDeferredImage ( >>- IN EFI_EVENT Event, >>- IN VOID *Context >>- ) >>-{ >>- EFI_STATUS Status; >>- EFI_DEFERRED_IMAGE_LOAD_PROTOCOL *DeferredImage; >>- UINTN HandleCount; >>- EFI_HANDLE *HandleBuf; >>- UINTN Index; >>- UINTN DriverIndex; >>- EFI_DEVICE_PATH_PROTOCOL *ImageDevicePath; >>- VOID *DriverImage; >>- UINTN ImageSize; >>- BOOLEAN BootOption; >>- EFI_HANDLE ImageHandle; >>- UINTN ExitDataSize; >>- CHAR16 *ExitData; >>- >>- // >>- // Find all the deferred image load protocols. >>- // >>- HandleCount = 0; >>- HandleBuf = NULL; >>- Status = gBS->LocateHandleBuffer ( >>- ByProtocol, >>- &gEfiDeferredImageLoadProtocolGuid, >>- NULL, >>- &HandleCount, >>- &HandleBuf >>- ); >>- if (EFI_ERROR (Status)) { >>- return ; >>- } >>- >>- for (Index = 0; Index < HandleCount; Index++) { >>- Status = gBS->HandleProtocol ( >>- HandleBuf[Index], >>- &gEfiDeferredImageLoadProtocolGuid, >>- (VOID **) &DeferredImage >>- ); >>- if (EFI_ERROR (Status)) { >>- continue ; >>- } >>- >>- DriverIndex = 0; >>- do { >>- // >>- // Load all the deferred images in this protocol instance. >>- // >>- Status = DeferredImage->GetImageInfo( >>- DeferredImage, >>- DriverIndex, >>- &ImageDevicePath, >>- (VOID **) &DriverImage, >>- &ImageSize, >>- &BootOption >>- ); >>- if (EFI_ERROR (Status)) { >>- break; >>- } >>- >>- // >>- // Load and start the image. >>- // >>- Status = gBS->LoadImage ( >>- BootOption, >>- mDeferredImageHandle, >>- ImageDevicePath, >>- NULL, >>- 0, >>- &ImageHandle >>- ); >>- if (!EFI_ERROR (Status)) { >>- // >>- // Before calling the image, enable the Watchdog Timer for >>- // a 5 Minute period >>- // >>- gBS->SetWatchdogTimer (5 * 60, 0x0000, 0x00, NULL); >>- Status = gBS->StartImage (ImageHandle, &ExitDataSize, &ExitData); >>- >>- // >>- // Clear the Watchdog Timer after the image returns. >>- // >>- gBS->SetWatchdogTimer (0x0000, 0x0000, 0x0000, NULL); >>- } >>- DriverIndex++; >>- } while (TRUE); >>- } >>- FreePool (HandleBuf); >>-} >>- >>- >>-/** >>- Register an event notification function for user profile changed. >>- >>- @param[in] ImageHandle Image handle this driver. >>- >>-**/ >>-VOID >>-LoadDeferredImageInit ( >>- IN EFI_HANDLE ImageHandle >>- ) >>-{ >>- EFI_STATUS Status; >>- EFI_EVENT Event; >>- >>- mDeferredImageHandle = ImageHandle; >>- >>- Status = gBS->CreateEventEx ( >>- EVT_NOTIFY_SIGNAL, >>- TPL_CALLBACK, >>- LoadDeferredImage, >>- NULL, >>- &gEfiEventUserProfileChangedGuid, >>- &Event >>- ); >>- >>- ASSERT (Status == EFI_SUCCESS); >>-} >>diff --git >>a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMa >n >>ager.c >>b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMa >n >>ager.c >>deleted file mode 100644 >>index fd941792c1..0000000000 >>--- >>a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMa >n >>ager.c >>+++ /dev/null >>@@ -1,3766 +0,0 @@ >>-/** @file >>- This driver manages user information and produces user manager protocol. >>- >>-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >>-(C) Copyright 2018 Hewlett Packard Enterprise Development LP<BR> >>-This program and the accompanying materials >>-are licensed and made available under the terms and conditions of the BSD >>License >>-which accompanies this distribution. The full text of the license may be >>found at >>-http://opensource.org/licenses/bsd-license.php >>- >>-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >>-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>- >>-**/ >>- >>-#include "UserIdentifyManager.h" >>- >>-// >>-// Default user name. >>-// >>-CHAR16 mUserName[] = L"Administrator"; >>- >>-// >>-// Points to the user profile database. >>-// >>-USER_PROFILE_DB *mUserProfileDb = NULL; >>- >>-// >>-// Points to the credential providers found in system. >>-// >>-CREDENTIAL_PROVIDER_INFO *mProviderDb = NULL; >>- >>-// >>-// Current user shared in multi function. >>-// >>-EFI_USER_PROFILE_HANDLE mCurrentUser = NULL; >>- >>-// >>-// Flag indicates a user is identified. >>-// >>-BOOLEAN mIdentified = FALSE; >>-USER_MANAGER_CALLBACK_INFO *mCallbackInfo = NULL; >>-HII_VENDOR_DEVICE_PATH mHiiVendorDevicePath = { >>- { >>- { >>- HARDWARE_DEVICE_PATH, >>- HW_VENDOR_DP, >>- { >>- (UINT8) (sizeof (VENDOR_DEVICE_PATH)), >>- (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) >>- } >>- }, >>- USER_IDENTIFY_MANAGER_GUID >>- }, >>- { >>- END_DEVICE_PATH_TYPE, >>- END_ENTIRE_DEVICE_PATH_SUBTYPE, >>- { >>- (UINT8) (END_DEVICE_PATH_LENGTH), >>- (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8) >>- } >>- } >>-}; >>- >>- >>-EFI_USER_MANAGER_PROTOCOL gUserIdentifyManager = { >>- UserProfileCreate, >>- UserProfileDelete, >>- UserProfileGetNext, >>- UserProfileCurrent, >>- UserProfileIdentify, >>- UserProfileFind, >>- UserProfileNotify, >>- UserProfileGetInfo, >>- UserProfileSetInfo, >>- UserProfileDeleteInfo, >>- UserProfileGetNextInfo, >>-}; >>- >>- >>-/** >>- Find the specified user in the user database. >>- >>- This function searches the specified user from the beginning of the user >>database. >>- And if NextUser is TRUE, return the next User in the user database. >>- >>- @param[in, out] User On entry, points to the user profile entry to >>search. >>- On return, points to the user profile entry or NULL if not >>found. >>- @param[in] NextUser If FALSE, find the user in user profile database >>specifyed by User >>- If TRUE, find the next user in user profile database specifyed >>- by User. >>- @param[out] ProfileIndex A pointer to the index of user profile >database >>that matches the >>- user specifyed by User. >>- >>- @retval EFI_NOT_FOUND User was NULL, or User was not found, or >the >>next user was not found. >>- @retval EFI_SUCCESS User or the next user are found in user profile >>database >>- >>-**/ >>-EFI_STATUS >>-FindUserProfile ( >>- IN OUT USER_PROFILE_ENTRY **User, >>- IN BOOLEAN NextUser, >>- OUT UINTN *ProfileIndex OPTIONAL >>- ) >>-{ >>- UINTN Index; >>- >>- // >>- // Check parameters >>- // >>- if ((mUserProfileDb == NULL) || (User == NULL)) { >>- return EFI_NOT_FOUND; >>- } >>- >>- // >>- // Check whether the user profile is in the user profile database. >>- // >>- for (Index = 0; Index < mUserProfileDb->UserProfileNum; Index++) { >>- if (mUserProfileDb->UserProfile[Index] == *User) { >>- if (ProfileIndex != NULL) { >>- *ProfileIndex = Index; >>- } >>- break; >>- } >>- } >>- >>- if (NextUser) { >>- // >>- // Find the next user profile. >>- // >>- Index++; >>- if (Index < mUserProfileDb->UserProfileNum) { >>- *User = mUserProfileDb->UserProfile[Index]; >>- } else if (Index == mUserProfileDb->UserProfileNum) { >>- *User = NULL; >>- return EFI_NOT_FOUND; >>- } else { >>- if ((mUserProfileDb->UserProfileNum > 0) && (*User == NULL)) { >>- *User = mUserProfileDb->UserProfile[0]; >>- } else { >>- *User = NULL; >>- return EFI_NOT_FOUND; >>- } >>- } >>- } else if (Index == mUserProfileDb->UserProfileNum) { >>- return EFI_NOT_FOUND; >>- } >>- >>- return EFI_SUCCESS; >>-} >>- >>-/** >>- Find the specified user information record in the specified User profile. >>- >>- This function searches the specified user information record from the >>beginning of the user >>- profile. And if NextInfo is TRUE, return the next info in the user profile. >>- >>- @param[in] User Points to the user profile entry. >>- @param[in, out] Info On entry, points to the user information record or >>NULL to start >>- searching with the first user information record. >>- On return, points to the user information record or NULL if not >>found. >>- @param[in] NextInfo If FALSE, find the user information record in profile >>specifyed by User. >>- If TRUE, find the next user information record in profile >>specifyed >>- by User. >>- @param[out] Offset A pointer to the offset of the information record in >>the user profile. >>- >>- @retval EFI_INVALID_PARAMETER Info is NULL >>- @retval EFI_NOT_FOUND Info was not found, or the next Info was not >>found. >>- @retval EFI_SUCCESS Info or the next info are found in user profile. >>- >>-**/ >>-EFI_STATUS >>-FindUserInfo ( >>- IN USER_PROFILE_ENTRY * User, >>- IN OUT EFI_USER_INFO **Info, >>- IN BOOLEAN NextInfo, >>- OUT UINTN *Offset OPTIONAL >>- ) >>-{ >>- EFI_STATUS Status; >>- EFI_USER_INFO *UserInfo; >>- UINTN InfoLen; >>- >>- if (Info == NULL) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- // >>- // Check user profile entry >>- // >>- Status = FindUserProfile (&User, FALSE, NULL); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- >>- // >>- // Find user information in the specified user record. >>- // >>- InfoLen = 0; >>- while (InfoLen < User->UserProfileSize) { >>- UserInfo = (EFI_USER_INFO *) (User->ProfileInfo + InfoLen); >>- if (UserInfo == *Info) { >>- if (Offset != NULL) { >>- *Offset = InfoLen; >>- } >>- break; >>- } >>- InfoLen += ALIGN_VARIABLE (UserInfo->InfoSize); >>- } >>- >>- // >>- // Check whether to find the next user information. >>- // >>- if (NextInfo) { >>- if (InfoLen < User->UserProfileSize) { >>- UserInfo = (EFI_USER_INFO *) (User->ProfileInfo + InfoLen); >>- InfoLen += ALIGN_VARIABLE (UserInfo->InfoSize); >>- if (InfoLen < User->UserProfileSize) { >>- *Info = (EFI_USER_INFO *) (User->ProfileInfo + InfoLen); >>- if (Offset != NULL) { >>- *Offset = InfoLen; >>- } >>- } else if (InfoLen == User->UserProfileSize) { >>- *Info = NULL; >>- return EFI_NOT_FOUND; >>- } >>- } else { >>- if (*Info == NULL) { >>- *Info = (EFI_USER_INFO *) User->ProfileInfo; >>- if (Offset != NULL) { >>- *Offset = 0; >>- } >>- } else { >>- *Info = NULL; >>- return EFI_NOT_FOUND; >>- } >>- } >>- } else if (InfoLen == User->UserProfileSize) { >>- return EFI_NOT_FOUND; >>- } >>- >>- return EFI_SUCCESS; >>-} >>- >>-/** >>- Find a user infomation record by the information record type. >>- >>- This function searches all user information records of User. The search >starts >>with the >>- user information record following Info and continues until either the >>information is found >>- or there are no more user infomation record. >>- A match occurs when a Info.InfoType field matches the user information >>record type. >>- >>- @param[in] User Points to the user profile record to search. >>- @param[in, out] Info On entry, points to the user information record or >>NULL to start >>- searching with the first user information record. >>- On return, points to the user information record or NULL if not >>found. >>- @param[in] InfoType The infomation type to be searched. >>- >>- @retval EFI_SUCCESS User information was found. Info points to the >>user information record. >>- @retval EFI_NOT_FOUND User information was not found. >>- @retval EFI_INVALID_PARAMETER User is NULL or Info is NULL. >>- >>-**/ >>-EFI_STATUS >>-FindUserInfoByType ( >>- IN USER_PROFILE_ENTRY *User, >>- IN OUT EFI_USER_INFO **Info, >>- IN UINT8 InfoType >>- ) >>-{ >>- EFI_STATUS Status; >>- EFI_USER_INFO *UserInfo; >>- UINTN InfoLen; >>- >>- if (Info == NULL) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- // >>- // Check whether the user has the specified user information. >>- // >>- InfoLen = 0; >>- if (*Info == NULL) { >>- Status = FindUserProfile (&User, FALSE, NULL); >>- } else { >>- Status = FindUserInfo (User, Info, TRUE, &InfoLen); >>- } >>- >>- if (EFI_ERROR (Status)) { >>- return EFI_NOT_FOUND; >>- } >>- >>- while (InfoLen < User->UserProfileSize) { >>- UserInfo = (EFI_USER_INFO *) (User->ProfileInfo + InfoLen); >>- if (UserInfo->InfoType == InfoType) { >>- if (UserInfo != *Info) { >>- *Info = UserInfo; >>- return EFI_SUCCESS; >>- } >>- } >>- >>- InfoLen += ALIGN_VARIABLE (UserInfo->InfoSize); >>- } >>- >>- *Info = NULL; >>- return EFI_NOT_FOUND; >>-} >>- >>-/** >>- Find a user using a user information record. >>- >>- This function searches all user profiles for the specified user information >>record. The >>- search starts with the user information record handle following UserInfo >>and continues >>- until either the information is found or there are no more user profiles. >>- A match occurs when the Info.InfoType field matches the user information >>record type and the >>- user information record data matches the portion of Info passed the >>EFI_USER_INFO header. >>- >>- @param[in, out] User On entry, points to the previously returned user >>profile record, >>- or NULL to start searching with the first user profile. >>- On return, points to the user profile entry, or NULL if not >found. >>- @param[in, out] UserInfo On entry, points to the previously returned user >>information record, >>- or NULL to start searching with the first. >>- On return, points to the user information record, or NULL if >not >>found. >>- @param[in] Info Points to the buffer containing the user information >to >>be compared >>- to the user information record. >>- @param[in] InfoSize The size of Info, in bytes. Same as Info->InfoSize. >>- >>- @retval EFI_SUCCESS User information was found. User points to the >>user profile record, >>- and UserInfo points to the user information record. >>- @retval EFI_NOT_FOUND User information was not found. >>- @retval EFI_INVALID_PARAMETER User is NULL; Info is NULL; or, InfoSize >is >>too small. >>- >>-**/ >>-EFI_STATUS >>-FindUserProfileByInfo ( >>- IN OUT USER_PROFILE_ENTRY **User, >>- IN OUT EFI_USER_INFO **UserInfo, OPTIONAL >>- IN EFI_USER_INFO *Info, >>- IN UINTN InfoSize >>- ) >>-{ >>- EFI_STATUS Status; >>- EFI_USER_INFO *InfoEntry; >>- >>- >>- if ((User == NULL) || (Info == NULL)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- if (InfoSize < sizeof (EFI_USER_INFO)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- if (UserInfo != NULL) { >>- InfoEntry = *UserInfo; >>- } else { >>- InfoEntry = NULL; >>- } >>- // >>- // Find user profile according to information. >>- // >>- if (*User == NULL) { >>- *User = mUserProfileDb->UserProfile[0]; >>- } >>- >>- // >>- // Check user profile handle. >>- // >>- Status = FindUserProfile (User, FALSE, NULL); >>- >>- while (!EFI_ERROR (Status)) { >>- // >>- // Find the user information in a user profile. >>- // >>- while (TRUE) { >>- Status = FindUserInfoByType (*User, &InfoEntry, Info->InfoType); >>- if (EFI_ERROR (Status)) { >>- break; >>- } >>- >>- if (InfoSize == Info->InfoSize) { >>- if (CompareMem ((UINT8 *) (InfoEntry + 1), (UINT8 *) (Info + 1), >InfoSize >>- sizeof (EFI_USER_INFO)) == 0) { >>- // >>- // Found the infomation record. >>- // >>- if (UserInfo != NULL) { >>- *UserInfo = InfoEntry; >>- } >>- return EFI_SUCCESS; >>- } >>- } >>- } >>- >>- // >>- // Get next user profile. >>- // >>- InfoEntry = NULL; >>- Status = FindUserProfile (User, TRUE, NULL); >>- } >>- >>- return EFI_NOT_FOUND; >>-} >>- >>- >>-/** >>- Check whether the access policy is valid. >>- >>- @param[in] PolicyInfo Point to the access policy. >>- @param[in] InfoLen The policy length. >>- >>- @retval TRUE The policy is a valid access policy. >>- @retval FALSE The access policy is not a valid access policy. >>- >>-**/ >>-BOOLEAN >>-CheckAccessPolicy ( >>- IN UINT8 *PolicyInfo, >>- IN UINTN InfoLen >>- ) >>-{ >>- UINTN TotalLen; >>- UINTN ValueLen; >>- UINTN OffSet; >>- EFI_USER_INFO_ACCESS_CONTROL Access; >>- EFI_DEVICE_PATH_PROTOCOL *Path; >>- UINTN PathSize; >>- >>- TotalLen = 0; >>- while (TotalLen < InfoLen) { >>- // >>- // Check access policy according to type. >>- // >>- CopyMem (&Access, PolicyInfo + TotalLen, sizeof (Access)); >>- ValueLen = Access.Size - sizeof (EFI_USER_INFO_ACCESS_CONTROL); >>- switch (Access.Type) { >>- case EFI_USER_INFO_ACCESS_FORBID_LOAD: >>- case EFI_USER_INFO_ACCESS_PERMIT_LOAD: >>- case EFI_USER_INFO_ACCESS_FORBID_CONNECT: >>- case EFI_USER_INFO_ACCESS_PERMIT_CONNECT: >>- OffSet = 0; >>- while (OffSet < ValueLen) { >>- Path = (EFI_DEVICE_PATH_PROTOCOL *) (PolicyInfo + TotalLen + >>sizeof (Access) + OffSet); >>- PathSize = GetDevicePathSize (Path); >>- OffSet += PathSize; >>- } >>- if (OffSet != ValueLen) { >>- return FALSE; >>- } >>- break; >>- >>- case EFI_USER_INFO_ACCESS_SETUP: >>- if (ValueLen % sizeof (EFI_GUID) != 0) { >>- return FALSE; >>- } >>- break; >>- >>- case EFI_USER_INFO_ACCESS_BOOT_ORDER: >>- if (ValueLen % sizeof (EFI_USER_INFO_ACCESS_BOOT_ORDER_HDR) != 0) >>{ >>- return FALSE; >>- } >>- break; >>- >>- case EFI_USER_INFO_ACCESS_ENROLL_SELF: >>- case EFI_USER_INFO_ACCESS_ENROLL_OTHERS: >>- case EFI_USER_INFO_ACCESS_MANAGE: >>- if (ValueLen != 0) { >>- return FALSE; >>- } >>- break; >>- >>- default: >>- return FALSE; >>- break; >>- } >>- >>- TotalLen += Access.Size; >>- } >>- >>- if (TotalLen != InfoLen) { >>- return FALSE; >>- } >>- >>- return TRUE; >>-} >>- >>- >>-/** >>- Check whether the identity policy is valid. >>- >>- @param[in] PolicyInfo Point to the identity policy. >>- @param[in] InfoLen The policy length. >>- >>- @retval TRUE The policy is a valid identity policy. >>- @retval FALSE The access policy is not a valid identity policy. >>- >>-**/ >>-BOOLEAN >>-CheckIdentityPolicy ( >>- IN UINT8 *PolicyInfo, >>- IN UINTN InfoLen >>- ) >>-{ >>- UINTN TotalLen; >>- UINTN ValueLen; >>- EFI_USER_INFO_IDENTITY_POLICY *Identity; >>- >>- TotalLen = 0; >>- >>- // >>- // Check each part of policy expression. >>- // >>- while (TotalLen < InfoLen) { >>- // >>- // Check access polisy according to type. >>- // >>- Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (PolicyInfo + TotalLen); >>- ValueLen = Identity->Length - sizeof (EFI_USER_INFO_IDENTITY_POLICY); >>- switch (Identity->Type) { >>- // >>- // Check False option. >>- // >>- case EFI_USER_INFO_IDENTITY_FALSE: >>- if (ValueLen != 0) { >>- return FALSE; >>- } >>- break; >>- >>- // >>- // Check True option. >>- // >>- case EFI_USER_INFO_IDENTITY_TRUE: >>- if (ValueLen != 0) { >>- return FALSE; >>- } >>- break; >>- >>- // >>- // Check negative operation. >>- // >>- case EFI_USER_INFO_IDENTITY_NOT: >>- if (ValueLen != 0) { >>- return FALSE; >>- } >>- break; >>- >>- // >>- // Check and operation. >>- // >>- case EFI_USER_INFO_IDENTITY_AND: >>- if (ValueLen != 0) { >>- return FALSE; >>- } >>- break; >>- >>- // >>- // Check or operation. >>- // >>- case EFI_USER_INFO_IDENTITY_OR: >>- if (ValueLen != 0) { >>- return FALSE; >>- } >>- break; >>- >>- // >>- // Check credential provider by type. >>- // >>- case EFI_USER_INFO_IDENTITY_CREDENTIAL_TYPE: >>- if (ValueLen != sizeof (EFI_GUID)) { >>- return FALSE; >>- } >>- break; >>- >>- // >>- // Check credential provider by ID. >>- // >>- case EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER: >>- if (ValueLen != sizeof (EFI_GUID)) { >>- return FALSE; >>- } >>- break; >>- >>- default: >>- return FALSE; >>- break; >>- } >>- >>- TotalLen += Identity->Length; >>- } >>- >>- if (TotalLen != InfoLen) { >>- return FALSE; >>- } >>- >>- return TRUE; >>-} >>- >>- >>-/** >>- Check whether the user information is a valid user information record. >>- >>- @param[in] Info points to the user information. >>- >>- @retval TRUE The info is a valid user information record. >>- @retval FALSE The info is not a valid user information record. >>- >>-**/ >>-BOOLEAN >>-CheckUserInfo ( >>- IN CONST EFI_USER_INFO *Info >>- ) >>-{ >>- UINTN InfoLen; >>- >>- if (Info == NULL) { >>- return FALSE; >>- } >>- // >>- // Check user information according to information type. >>- // >>- InfoLen = Info->InfoSize - sizeof (EFI_USER_INFO); >>- switch (Info->InfoType) { >>- case EFI_USER_INFO_EMPTY_RECORD: >>- if (InfoLen != 0) { >>- return FALSE; >>- } >>- break; >>- >>- case EFI_USER_INFO_NAME_RECORD: >>- case EFI_USER_INFO_CREDENTIAL_TYPE_NAME_RECORD: >>- case EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD: >>- break; >>- >>- case EFI_USER_INFO_CREATE_DATE_RECORD: >>- case EFI_USER_INFO_USAGE_DATE_RECORD: >>- if (InfoLen != sizeof (EFI_TIME)) { >>- return FALSE; >>- } >>- break; >>- >>- case EFI_USER_INFO_USAGE_COUNT_RECORD: >>- if (InfoLen != sizeof (UINT64)) { >>- return FALSE; >>- } >>- break; >>- >>- case EFI_USER_INFO_IDENTIFIER_RECORD: >>- if (InfoLen != 16) { >>- return FALSE; >>- } >>- break; >>- >>- case EFI_USER_INFO_CREDENTIAL_TYPE_RECORD: >>- case EFI_USER_INFO_CREDENTIAL_PROVIDER_RECORD: >>- case EFI_USER_INFO_GUID_RECORD: >>- if (InfoLen != sizeof (EFI_GUID)) { >>- return FALSE; >>- } >>- break; >>- >>- case EFI_USER_INFO_PKCS11_RECORD: >>- case EFI_USER_INFO_CBEFF_RECORD: >>- break; >>- >>- case EFI_USER_INFO_FAR_RECORD: >>- case EFI_USER_INFO_RETRY_RECORD: >>- if (InfoLen != 1) { >>- return FALSE; >>- } >>- break; >>- >>- case EFI_USER_INFO_ACCESS_POLICY_RECORD: >>- if(!CheckAccessPolicy ((UINT8 *) (Info + 1), InfoLen)) { >>- return FALSE; >>- } >>- break; >>- >>- case EFI_USER_INFO_IDENTITY_POLICY_RECORD: >>- if (!CheckIdentityPolicy ((UINT8 *) (Info + 1), InfoLen)) { >>- return FALSE; >>- } >>- break; >>- >>- default: >>- return FALSE; >>- break; >>- } >>- >>- return TRUE; >>-} >>- >>- >>-/** >>- Check the user profile data format to be added. >>- >>- @param[in] UserProfileInfo Points to the user profile data. >>- @param[in] UserProfileSize The length of user profile data. >>- >>- @retval TRUE It is a valid user profile. >>- @retval FALSE It is not a valid user profile. >>- >>-**/ >>-BOOLEAN >>-CheckProfileInfo ( >>- IN UINT8 *UserProfileInfo, >>- IN UINTN UserProfileSize >>- ) >>-{ >>- UINTN ChkLen; >>- EFI_USER_INFO *Info; >>- >>- if (UserProfileInfo == NULL) { >>- return FALSE; >>- } >>- >>- // >>- // Check user profile information length. >>- // >>- ChkLen = 0; >>- while (ChkLen < UserProfileSize) { >>- Info = (EFI_USER_INFO *) (UserProfileInfo + ChkLen); >>- // >>- // Check user information format. >>- // >>- if (!CheckUserInfo (Info)) { >>- return FALSE; >>- } >>- >>- ChkLen += ALIGN_VARIABLE (Info->InfoSize); >>- } >>- >>- if (ChkLen != UserProfileSize) { >>- return FALSE; >>- } >>- >>- return TRUE; >>-} >>- >>- >>-/** >>- Find the specified RightType in current user profile. >>- >>- @param[in] RightType Could be EFI_USER_INFO_ACCESS_MANAGE, >>- EFI_USER_INFO_ACCESS_ENROLL_OTHERS or >>- EFI_USER_INFO_ACCESS_ENROLL_SELF. >>- >>- @retval TRUE Find the specified RightType in current user profile. >>- @retval FALSE Can't find the right in the profile. >>- >>-**/ >>-BOOLEAN >>-CheckCurrentUserAccessRight ( >>- IN UINT32 RightType >>- ) >>-{ >>- EFI_STATUS Status; >>- EFI_USER_INFO *Info; >>- UINTN TotalLen; >>- UINTN CheckLen; >>- EFI_USER_INFO_ACCESS_CONTROL Access; >>- >>- // >>- // Get user access right information. >>- // >>- Info = NULL; >>- Status = FindUserInfoByType ( >>- (USER_PROFILE_ENTRY *) mCurrentUser, >>- &Info, >>- EFI_USER_INFO_ACCESS_POLICY_RECORD >>- ); >>- if (EFI_ERROR (Status)) { >>- return FALSE; >>- } >>- >>- ASSERT (Info != NULL); >>- TotalLen = Info->InfoSize - sizeof (EFI_USER_INFO); >>- CheckLen = 0; >>- while (CheckLen < TotalLen) { >>- // >>- // Check right according to access type. >>- // >>- CopyMem (&Access, (UINT8 *) (Info + 1) + CheckLen, sizeof (Access)); >>- if (Access.Type == RightType) { >>- return TRUE;; >>- } >>- >>- CheckLen += Access.Size; >>- } >>- >>- return FALSE; >>-} >>- >>- >>-/** >>- Create a unique user identifier. >>- >>- @param[out] Identifier This points to the identifier. >>- >>-**/ >>-VOID >>-GenerateIdentifier ( >>- OUT UINT8 *Identifier >>- ) >>-{ >>- EFI_TIME Time; >>- UINT64 MonotonicCount; >>- UINT32 *MonotonicPointer; >>- UINTN Index; >>- >>- // >>- // Create a unique user identifier. >>- // >>- gRT->GetTime (&Time, NULL); >>- CopyMem (Identifier, &Time, sizeof (EFI_TIME)); >>- // >>- // Remove zeros. >>- // >>- for (Index = 0; Index < sizeof (EFI_TIME); Index++) { >>- if (Identifier[Index] == 0) { >>- Identifier[Index] = 0x5a; >>- } >>- } >>- >>- MonotonicPointer = (UINT32 *) Identifier; >>- gBS->GetNextMonotonicCount (&MonotonicCount); >>- MonotonicPointer[0] += (UINT32) MonotonicCount; >>- MonotonicPointer[1] += (UINT32) MonotonicCount; >>- MonotonicPointer[2] += (UINT32) MonotonicCount; >>- MonotonicPointer[3] += (UINT32) MonotonicCount; >>-} >>- >>- >>-/** >>- Generate unique user ID. >>- >>- @param[out] UserId Points to the user identifer. >>- >>-**/ >>-VOID >>-GenerateUserId ( >>- OUT UINT8 *UserId >>- ) >>-{ >>- EFI_STATUS Status; >>- USER_PROFILE_ENTRY *UserProfile; >>- EFI_USER_INFO *UserInfo; >>- UINTN Index; >>- >>- // >>- // Generate unique user ID >>- // >>- while (TRUE) { >>- GenerateIdentifier (UserId); >>- // >>- // Check whether it's unique in user profile database. >>- // >>- if (mUserProfileDb == NULL) { >>- return ; >>- } >>- >>- for (Index = 0; Index < mUserProfileDb->UserProfileNum; Index++) { >>- UserProfile = (USER_PROFILE_ENTRY *) (mUserProfileDb- >>>UserProfile[Index]); >>- UserInfo = NULL; >>- Status = FindUserInfoByType (UserProfile, &UserInfo, >>EFI_USER_INFO_IDENTIFIER_RECORD); >>- if (EFI_ERROR (Status)) { >>- continue; >>- } >>- >>- if (CompareMem ((UINT8 *) (UserInfo + 1), UserId, sizeof >>(EFI_USER_INFO_IDENTIFIER)) == 0) { >>- break; >>- } >>- } >>- >>- if (Index == mUserProfileDb->UserProfileNum) { >>- return ; >>- } >>- } >>-} >>- >>- >>-/** >>- Expand user profile database. >>- >>- @retval TRUE Success to expand user profile database. >>- @retval FALSE Fail to expand user profile database. >>- >>-**/ >>-BOOLEAN >>-ExpandUsermUserProfileDb ( >>- VOID >>- ) >>-{ >>- UINTN MaxNum; >>- USER_PROFILE_DB *NewDataBase; >>- >>- // >>- // Create new user profile database. >>- // >>- if (mUserProfileDb == NULL) { >>- MaxNum = USER_NUMBER_INC; >>- } else { >>- MaxNum = mUserProfileDb->MaxProfileNum + USER_NUMBER_INC; >>- } >>- >>- NewDataBase = AllocateZeroPool ( >>- sizeof (USER_PROFILE_DB) - sizeof (EFI_USER_PROFILE_HANDLE) + >>- MaxNum * sizeof (EFI_USER_PROFILE_HANDLE) >>- ); >>- if (NewDataBase == NULL) { >>- return FALSE; >>- } >>- >>- NewDataBase->MaxProfileNum = MaxNum; >>- >>- // >>- // Copy old user profile database value >>- // >>- if (mUserProfileDb == NULL) { >>- NewDataBase->UserProfileNum = 0; >>- } else { >>- NewDataBase->UserProfileNum = mUserProfileDb->UserProfileNum; >>- CopyMem ( >>- NewDataBase->UserProfile, >>- mUserProfileDb->UserProfile, >>- NewDataBase->UserProfileNum * sizeof (EFI_USER_PROFILE_HANDLE) >>- ); >>- FreePool (mUserProfileDb); >>- } >>- >>- mUserProfileDb = NewDataBase; >>- return TRUE; >>-} >>- >>- >>-/** >>- Expand user profile >>- >>- @param[in] User Points to user profile. >>- @param[in] ExpandSize The size of user profile. >>- >>- @retval TRUE Success to expand user profile size. >>- @retval FALSE Fail to expand user profile size. >>- >>-**/ >>-BOOLEAN >>-ExpandUserProfile ( >>- IN USER_PROFILE_ENTRY *User, >>- IN UINTN ExpandSize >>- ) >>-{ >>- UINT8 *Info; >>- UINTN InfoSizeInc; >>- >>- // >>- // Allocate new memory. >>- // >>- InfoSizeInc = 128; >>- User->MaxProfileSize += ((ExpandSize + InfoSizeInc - 1) / InfoSizeInc) * >>InfoSizeInc; >>- Info = AllocateZeroPool (User->MaxProfileSize); >>- if (Info == NULL) { >>- return FALSE; >>- } >>- >>- // >>- // Copy exist information. >>- // >>- if (User->UserProfileSize > 0) { >>- CopyMem (Info, User->ProfileInfo, User->UserProfileSize); >>- FreePool (User->ProfileInfo); >>- } >>- >>- User->ProfileInfo = Info; >>- return TRUE; >>-} >>- >>- >>-/** >>- Save the user profile to non-volatile memory, or delete it from non-volatile >>memory. >>- >>- @param[in] User Point to the user profile >>- @param[in] Delete If TRUE, delete the found user profile. >>- If FALSE, save the user profile. >>- @retval EFI_SUCCESS Save or delete user profile successfully. >>- @retval Others Fail to change the profile. >>- >>-**/ >>-EFI_STATUS >>-SaveNvUserProfile ( >>- IN USER_PROFILE_ENTRY *User, >>- IN BOOLEAN Delete >>- ) >>-{ >>- EFI_STATUS Status; >>- >>- // >>- // Check user profile entry. >>- // >>- Status = FindUserProfile (&User, FALSE, NULL); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- >>- // >>- // Save the user profile to non-volatile memory. >>- // >>- Status = gRT->SetVariable ( >>- User->UserVarName, >>- &gUserIdentifyManagerGuid, >>- EFI_VARIABLE_NON_VOLATILE | >>EFI_VARIABLE_BOOTSERVICE_ACCESS, >>- Delete ? 0 : User->UserProfileSize, >>- User->ProfileInfo >>- ); >>- return Status; >>-} >>- >>-/** >>- Add one new user info into the user's profile. >>- >>- @param[in] User point to the user profile >>- @param[in] Info Points to the user information payload. >>- @param[in] InfoSize The size of the user information payload, in bytes. >>- @param[out] UserInfo Point to the new info in user profile >>- @param[in] Save If TRUE, save the profile to NV flash. >>- If FALSE, don't need to save the profile to NV flash. >>- >>- @retval EFI_SUCCESS Add user info to user profile successfully. >>- @retval Others Fail to add user info to user profile. >>- >>-**/ >>-EFI_STATUS >>-AddUserInfo ( >>- IN USER_PROFILE_ENTRY *User, >>- IN UINT8 *Info, >>- IN UINTN InfoSize, >>- OUT EFI_USER_INFO **UserInfo, OPTIONAL >>- IN BOOLEAN Save >>- ) >>-{ >>- EFI_STATUS Status; >>- >>- if ((Info == NULL) || (User == NULL)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- // >>- // Check user profile handle. >>- // >>- Status = FindUserProfile (&User, FALSE, NULL); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- >>- // >>- // Check user information memory size. >>- // >>- if (User->MaxProfileSize - User->UserProfileSize < ALIGN_VARIABLE >>(InfoSize)) { >>- if (!ExpandUserProfile (User, ALIGN_VARIABLE (InfoSize))) { >>- return EFI_OUT_OF_RESOURCES; >>- } >>- } >>- >>- // >>- // Add new user information. >>- // >>- CopyMem (User->ProfileInfo + User->UserProfileSize, Info, InfoSize); >>- if (UserInfo != NULL) { >>- *UserInfo = (EFI_USER_INFO *) (User->ProfileInfo + User- >>>UserProfileSize); >>- } >>- User->UserProfileSize += ALIGN_VARIABLE (InfoSize); >>- >>- // >>- // Save user profile information. >>- // >>- if (Save) { >>- Status = SaveNvUserProfile (User, FALSE); >>- } >>- >>- return Status; >>-} >>- >>- >>-/** >>- Get the user info from the specified user info handle. >>- >>- @param[in] User Point to the user profile. >>- @param[in] UserInfo Point to the user information record to get. >>- @param[out] Info On entry, points to a buffer of at least *InfoSize >>bytes. >>- On exit, holds the user information. >>- @param[in, out] InfoSize On entry, points to the size of Info. >>- On return, points to the size of the user information. >>- @param[in] ChkRight If TRUE, check the user info attribute. >>- If FALSE, don't check the user info attribute. >>- >>- >>- @retval EFI_ACCESS_DENIED The information cannot be accessed by >the >>current user. >>- @retval EFI_INVALID_PARAMETER InfoSize is NULL or UserInfo is NULL. >>- @retval EFI_BUFFER_TOO_SMALL The number of bytes specified by >>*InfoSize is too small to hold the >>- returned data. The actual size required is returned in >>*InfoSize. >>- @retval EFI_SUCCESS Information returned successfully. >>- >>-**/ >>-EFI_STATUS >>-GetUserInfo ( >>- IN USER_PROFILE_ENTRY *User, >>- IN EFI_USER_INFO *UserInfo, >>- OUT EFI_USER_INFO *Info, >>- IN OUT UINTN *InfoSize, >>- IN BOOLEAN ChkRight >>- ) >>-{ >>- EFI_STATUS Status; >>- >>- if ((InfoSize == NULL) || (UserInfo == NULL)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- if ((*InfoSize != 0) && (Info == NULL)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- // >>- // Find the user information to get. >>- // >>- Status = FindUserInfo (User, &UserInfo, FALSE, NULL); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- >>- // >>- // Check information attributes. >>- // >>- if (ChkRight) { >>- switch (UserInfo->InfoAttribs & EFI_USER_INFO_ACCESS) { >>- case EFI_USER_INFO_PRIVATE: >>- case EFI_USER_INFO_PROTECTED: >>- if (User != mCurrentUser) { >>- return EFI_ACCESS_DENIED; >>- } >>- break; >>- >>- case EFI_USER_INFO_PUBLIC: >>- break; >>- >>- default: >>- return EFI_INVALID_PARAMETER; >>- break; >>- } >>- } >>- >>- // >>- // Get user information. >>- // >>- if (UserInfo->InfoSize > *InfoSize) { >>- *InfoSize = UserInfo->InfoSize; >>- return EFI_BUFFER_TOO_SMALL; >>- } >>- >>- *InfoSize = UserInfo->InfoSize; >>- if (Info != NULL) { >>- CopyMem (Info, UserInfo, *InfoSize); >>- } >>- >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- Delete the specified user information from user profile. >>- >>- @param[in] User Point to the user profile. >>- @param[in] Info Point to the user information record to delete. >>- @param[in] Save If TRUE, save the profile to NV flash. >>- If FALSE, don't need to save the profile to NV flash. >>- >>- @retval EFI_SUCCESS Delete user info from user profile successfully. >>- @retval Others Fail to delete user info from user profile. >>- >>-**/ >>-EFI_STATUS >>-DelUserInfo ( >>- IN USER_PROFILE_ENTRY *User, >>- IN EFI_USER_INFO *Info, >>- IN BOOLEAN Save >>- ) >>-{ >>- EFI_STATUS Status; >>- UINTN Offset; >>- UINTN NextOffset; >>- >>- // >>- // Check user information handle. >>- // >>- Status = FindUserInfo (User, &Info, FALSE, &Offset); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- >>- if (Info->InfoType == EFI_USER_INFO_IDENTIFIER_RECORD) { >>- return EFI_ACCESS_DENIED; >>- } >>- >>- // >>- // Delete the specified user information. >>- // >>- NextOffset = Offset + ALIGN_VARIABLE (Info->InfoSize); >>- User->UserProfileSize -= ALIGN_VARIABLE (Info->InfoSize); >>- if (Offset < User->UserProfileSize) { >>- CopyMem (User->ProfileInfo + Offset, User->ProfileInfo + NextOffset, >>User->UserProfileSize - Offset); >>- } >>- >>- if (Save) { >>- Status = SaveNvUserProfile (User, FALSE); >>- } >>- >>- return Status; >>-} >>- >>- >>-/** >>- Add or update user information. >>- >>- @param[in] User Point to the user profile. >>- @param[in, out] UserInfo On entry, points to the user information to >>modify, >>- or NULL to add a new UserInfo. >>- On return, points to the modified user information. >>- @param[in] Info Points to the new user information. >>- @param[in] InfoSize The size of Info,in bytes. >>- >>- @retval EFI_INVALID_PARAMETER UserInfo is NULL or Info is NULL. >>- @retval EFI_ACCESS_DENIED The record is exclusive. >>- @retval EFI_SUCCESS User information was successfully >>changed/added. >>- >>-**/ >>-EFI_STATUS >>-ModifyUserInfo ( >>- IN USER_PROFILE_ENTRY *User, >>- IN OUT EFI_USER_INFO **UserInfo, >>- IN CONST EFI_USER_INFO *Info, >>- IN UINTN InfoSize >>- ) >>-{ >>- EFI_STATUS Status; >>- UINTN PayloadLen; >>- EFI_USER_INFO *OldInfo; >>- >>- if ((UserInfo == NULL) || (Info == NULL)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- if (InfoSize < sizeof (EFI_USER_INFO) || InfoSize != Info->InfoSize) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- // >>- // Check user information. >>- // >>- if (Info->InfoType == EFI_USER_INFO_IDENTIFIER_RECORD) { >>- return EFI_ACCESS_DENIED; >>- } >>- >>- if (!CheckUserInfo (Info)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- >>- if (*UserInfo == NULL) { >>- // >>- // Add new user information. >>- // >>- OldInfo = NULL; >>- do { >>- Status = FindUserInfoByType (User, &OldInfo, Info->InfoType); >>- if (EFI_ERROR (Status)) { >>- break; >>- } >>- ASSERT (OldInfo != NULL); >>- >>- if (((OldInfo->InfoAttribs & EFI_USER_INFO_EXCLUSIVE) != 0) || >>- ((Info->InfoAttribs & EFI_USER_INFO_EXCLUSIVE) != 0)) { >>- // >>- // Same type can not co-exist for exclusive information. >>- // >>- return EFI_ACCESS_DENIED; >>- } >>- >>- // >>- // Check whether it exists in DB. >>- // >>- if (Info->InfoSize != OldInfo->InfoSize) { >>- continue; >>- } >>- >>- if (!CompareGuid (&OldInfo->Credential, &Info->Credential)) { >>- continue; >>- } >>- >>- PayloadLen = Info->InfoSize - sizeof (EFI_USER_INFO); >>- if (PayloadLen == 0) { >>- continue; >>- } >>- >>- if (CompareMem ((UINT8 *)(OldInfo + 1), (UINT8 *)(Info + 1), >>PayloadLen) != 0) { >>- continue; >>- } >>- >>- // >>- // Yes. The new info is as same as the one in profile. >>- // >>- return EFI_SUCCESS; >>- } while (!EFI_ERROR (Status)); >>- >>- Status = AddUserInfo (User, (UINT8 *) Info, InfoSize, UserInfo, TRUE); >>- return Status; >>- } >>- >>- // >>- // Modify existing user information. >>- // >>- OldInfo = *UserInfo; >>- if (OldInfo->InfoType != Info->InfoType) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- if (((Info->InfoAttribs & EFI_USER_INFO_EXCLUSIVE) != 0) && >>- (OldInfo->InfoAttribs & EFI_USER_INFO_EXCLUSIVE) == 0) { >>- // >>- // Try to add exclusive attrib in new info. >>- // Check whether there is another information with the same type in >>profile. >>- // >>- OldInfo = NULL; >>- do { >>- Status = FindUserInfoByType (User, &OldInfo, Info->InfoType); >>- if (EFI_ERROR (Status)) { >>- break; >>- } >>- if (OldInfo != *UserInfo) { >>- // >>- // There is another information with the same type in profile. >>- // Therefore, can't modify existing user information to add exclusive >>attribute. >>- // >>- return EFI_ACCESS_DENIED; >>- } >>- } while (TRUE); >>- } >>- >>- Status = DelUserInfo (User, *UserInfo, FALSE); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- >>- return AddUserInfo (User, (UINT8 *) Info, InfoSize, UserInfo, TRUE); >>-} >>- >>- >>-/** >>- Delete the user profile from non-volatile memory and database. >>- >>- @param[in] User Points to the user profile. >>- >>- @retval EFI_SUCCESS Delete user from the user profile successfully. >>- @retval Others Fail to delete user from user profile >>- >>-**/ >>-EFI_STATUS >>-DelUserProfile ( >>- IN USER_PROFILE_ENTRY *User >>- ) >>-{ >>- EFI_STATUS Status; >>- UINTN Index; >>- >>- // >>- // Check whether it is in the user profile database. >>- // >>- Status = FindUserProfile (&User, FALSE, &Index); >>- if (EFI_ERROR (Status)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- // >>- // Check whether it is the current user. >>- // >>- if (User == mCurrentUser) { >>- return EFI_ACCESS_DENIED; >>- } >>- >>- // >>- // Delete user profile from the non-volatile memory. >>- // >>- Status = SaveNvUserProfile (mUserProfileDb- >>>UserProfile[mUserProfileDb->UserProfileNum - 1], TRUE); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- mUserProfileDb->UserProfileNum--; >>- >>- // >>- // Modify user profile database. >>- // >>- if (Index != mUserProfileDb->UserProfileNum) { >>- mUserProfileDb->UserProfile[Index] = mUserProfileDb- >>>UserProfile[mUserProfileDb->UserProfileNum]; >>- CopyMem ( >>- ((USER_PROFILE_ENTRY *) mUserProfileDb->UserProfile[Index])- >>>UserVarName, >>- User->UserVarName, >>- sizeof (User->UserVarName) >>- ); >>- Status = SaveNvUserProfile (mUserProfileDb->UserProfile[Index], FALSE); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- } >>- // >>- // Delete user profile information. >>- // >>- if (User->ProfileInfo != NULL) { >>- FreePool (User->ProfileInfo); >>- } >>- >>- FreePool (User); >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- Add user profile to user profile database. >>- >>- @param[out] UserProfile Point to the newly added user profile. >>- @param[in] ProfileSize The size of the user profile. >>- @param[in] ProfileInfo Point to the user profie data. >>- @param[in] Save If TRUE, save the new added profile to NV flash. >>- If FALSE, don't save the profile to NV flash. >>- >>- @retval EFI_SUCCESS Add user profile to user profile database >>successfully. >>- @retval Others Fail to add user profile to user profile database. >>- >>-**/ >>-EFI_STATUS >>-AddUserProfile ( >>- OUT USER_PROFILE_ENTRY **UserProfile, OPTIONAL >>- IN UINTN ProfileSize, >>- IN UINT8 *ProfileInfo, >>- IN BOOLEAN Save >>- ) >>-{ >>- EFI_STATUS Status; >>- USER_PROFILE_ENTRY *User; >>- >>- // >>- // Check the data format to be added. >>- // >>- if (!CheckProfileInfo (ProfileInfo, ProfileSize)) { >>- return EFI_SECURITY_VIOLATION; >>- } >>- >>- // >>- // Create user profile entry. >>- // >>- User = AllocateZeroPool (sizeof (USER_PROFILE_ENTRY)); >>- if (User == NULL) { >>- return EFI_OUT_OF_RESOURCES; >>- } >>- // >>- // Add the entry to the user profile database. >>- // >>- if (mUserProfileDb->UserProfileNum == mUserProfileDb->MaxProfileNum) >>{ >>- if (!ExpandUsermUserProfileDb ()) { >>- FreePool (User); >>- return EFI_OUT_OF_RESOURCES; >>- } >>- } >>- >>- UnicodeSPrint ( >>- User->UserVarName, >>- sizeof (User->UserVarName), >>- L"User%04x", >>- mUserProfileDb->UserProfileNum >>- ); >>- User->UserProfileSize = 0; >>- User->MaxProfileSize = 0; >>- User->ProfileInfo = NULL; >>- mUserProfileDb->UserProfile[mUserProfileDb->UserProfileNum] = >>(EFI_USER_PROFILE_HANDLE) User; >>- mUserProfileDb->UserProfileNum++; >>- >>- // >>- // Add user profile information. >>- // >>- Status = AddUserInfo (User, ProfileInfo, ProfileSize, NULL, Save); >>- if (EFI_ERROR (Status)) { >>- DelUserProfile (User); >>- return Status; >>- } >>- // >>- // Set new user profile handle. >>- // >>- if (UserProfile != NULL) { >>- *UserProfile = User; >>- } >>- >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- This function creates a new user profile with only a new user identifier >>- attached and returns its handle. The user profile is non-volatile, but the >>- handle User can change across reboots. >>- >>- @param[out] User Handle of a new user profile. >>- >>- @retval EFI_SUCCESS User profile was successfully created. >>- @retval Others Fail to create user profile >>- >>-**/ >>-EFI_STATUS >>-CreateUserProfile ( >>- OUT USER_PROFILE_ENTRY **User >>- ) >>-{ >>- EFI_STATUS Status; >>- EFI_USER_INFO *UserInfo; >>- >>- if (User == NULL) { >>- return EFI_INVALID_PARAMETER; >>- } >>- // >>- // Generate user id information. >>- // >>- UserInfo = AllocateZeroPool (sizeof (EFI_USER_INFO) + sizeof >>(EFI_USER_INFO_IDENTIFIER)); >>- if (UserInfo == NULL) { >>- return EFI_OUT_OF_RESOURCES; >>- } >>- >>- UserInfo->InfoType = EFI_USER_INFO_IDENTIFIER_RECORD; >>- UserInfo->InfoSize = sizeof (EFI_USER_INFO) + sizeof >>(EFI_USER_INFO_IDENTIFIER); >>- UserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >>EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; >>- GenerateUserId ((UINT8 *) (UserInfo + 1)); >>- >>- // >>- // Add user profile to the user profile database. >>- // >>- Status = AddUserProfile (User, UserInfo->InfoSize, (UINT8 *) UserInfo, >>TRUE); >>- FreePool (UserInfo); >>- return Status; >>-} >>- >>- >>-/** >>- Add a default user profile to user profile database. >>- >>- @retval EFI_SUCCESS A default user profile is added successfully. >>- @retval Others Fail to add a default user profile >>- >>-**/ >>-EFI_STATUS >>-AddDefaultUserProfile ( >>- VOID >>- ) >>-{ >>- EFI_STATUS Status; >>- USER_PROFILE_ENTRY *User; >>- EFI_USER_INFO *Info; >>- EFI_USER_INFO *NewInfo; >>- EFI_USER_INFO_CREATE_DATE CreateDate; >>- EFI_USER_INFO_USAGE_COUNT UsageCount; >>- EFI_USER_INFO_ACCESS_CONTROL *Access; >>- EFI_USER_INFO_IDENTITY_POLICY *Policy; >>- >>- // >>- // Create a user profile. >>- // >>- Status = CreateUserProfile (&User); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- >>- // >>- // Allocate a buffer to add all default user information. >>- // >>- Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + INFO_PAYLOAD_SIZE); >>- if (Info == NULL) { >>- return EFI_OUT_OF_RESOURCES; >>- } >>- >>- // >>- // Add user name. >>- // >>- Info->InfoType = EFI_USER_INFO_NAME_RECORD; >>- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >>EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; >>- Info->InfoSize = sizeof (EFI_USER_INFO) + sizeof (mUserName); >>- CopyMem ((UINT8 *) (Info + 1), mUserName, sizeof (mUserName)); >>- NewInfo = NULL; >>- Status = ModifyUserInfo (User, &NewInfo, Info, Info->InfoSize); >>- if (EFI_ERROR (Status)) { >>- goto Done; >>- } >>- >>- // >>- // Add user profile create date record. >>- // >>- Info->InfoType = EFI_USER_INFO_CREATE_DATE_RECORD; >>- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >>EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; >>- Info->InfoSize = sizeof (EFI_USER_INFO) + sizeof >>(EFI_USER_INFO_CREATE_DATE); >>- Status = gRT->GetTime (&CreateDate, NULL); >>- if (EFI_ERROR (Status)) { >>- goto Done; >>- } >>- >>- CopyMem ((UINT8 *) (Info + 1), &CreateDate, sizeof >>(EFI_USER_INFO_CREATE_DATE)); >>- NewInfo = NULL; >>- Status = ModifyUserInfo (User, &NewInfo, Info, Info->InfoSize); >>- if (EFI_ERROR (Status)) { >>- goto Done; >>- } >>- >>- // >>- // Add user profile usage count record. >>- // >>- Info->InfoType = EFI_USER_INFO_USAGE_COUNT_RECORD; >>- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >>EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; >>- Info->InfoSize = sizeof (EFI_USER_INFO) + sizeof >>(EFI_USER_INFO_USAGE_COUNT); >>- UsageCount = 0; >>- CopyMem ((UINT8 *) (Info + 1), &UsageCount, sizeof >>(EFI_USER_INFO_USAGE_COUNT)); >>- NewInfo = NULL; >>- Status = ModifyUserInfo (User, &NewInfo, Info, Info->InfoSize); >>- if (EFI_ERROR (Status)) { >>- goto Done; >>- } >>- >>- // >>- // Add user access right. >>- // >>- Info->InfoType = EFI_USER_INFO_ACCESS_POLICY_RECORD; >>- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >>EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; >>- Access = (EFI_USER_INFO_ACCESS_CONTROL *) (Info + 1); >>- Access->Type = EFI_USER_INFO_ACCESS_MANAGE; >>- Access->Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL); >>- Info->InfoSize = sizeof (EFI_USER_INFO) + Access->Size; >>- NewInfo = NULL; >>- Status = ModifyUserInfo (User, &NewInfo, Info, Info->InfoSize); >>- if (EFI_ERROR (Status)) { >>- goto Done; >>- } >>- >>- // >>- // Add user identity policy. >>- // >>- Info->InfoType = EFI_USER_INFO_IDENTITY_POLICY_RECORD; >>- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >>EFI_USER_INFO_PRIVATE | EFI_USER_INFO_EXCLUSIVE; >>- Policy = (EFI_USER_INFO_IDENTITY_POLICY *) (Info + 1); >>- Policy->Type = EFI_USER_INFO_IDENTITY_TRUE; >>- Policy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY); >>- Info->InfoSize = sizeof (EFI_USER_INFO) + Policy->Length; >>- NewInfo = NULL; >>- Status = ModifyUserInfo (User, &NewInfo, Info, Info->InfoSize); >>- >>-Done: >>- FreePool (Info); >>- return Status; >>-} >>- >>- >>-/** >>- Publish current user information into EFI System Configuration Table. >>- >>- By UEFI spec, the User Identity Manager will publish the current user >profile >>- into the EFI System Configuration Table. Currently, only the user identifier >>and user >>- name are published. >>- >>- @retval EFI_SUCCESS Current user information is published successfully. >>- @retval Others Fail to publish current user information >>- >>-**/ >>-EFI_STATUS >>-PublishUserTable ( >>- VOID >>- ) >>-{ >>- EFI_STATUS Status; >>- EFI_CONFIGURATION_TABLE *EfiConfigurationTable; >>- EFI_USER_INFO_TABLE *UserInfoTable; >>- EFI_USER_INFO *IdInfo; >>- EFI_USER_INFO *NameInfo; >>- >>- Status = EfiGetSystemConfigurationTable ( >>- &gEfiUserManagerProtocolGuid, >>- (VOID **) &EfiConfigurationTable >>- ); >>- if (!EFI_ERROR (Status)) { >>- // >>- // The table existed! >>- // >>- return EFI_SUCCESS; >>- } >>- >>- // >>- // Get user ID information. >>- // >>- IdInfo = NULL; >>- Status = FindUserInfoByType (mCurrentUser, &IdInfo, >>EFI_USER_INFO_IDENTIFIER_RECORD); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- >>- } >>- // >>- // Get user name information. >>- // >>- NameInfo = NULL; >>- Status = FindUserInfoByType (mCurrentUser, &NameInfo, >>EFI_USER_INFO_NAME_RECORD); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- >>- // >>- // Allocate a buffer for user information table. >>- // >>- UserInfoTable = (EFI_USER_INFO_TABLE *) AllocateRuntimePool ( >>- sizeof (EFI_USER_INFO_TABLE) + >>- IdInfo->InfoSize + >>- NameInfo->InfoSize >>- ); >>- if (UserInfoTable == NULL) { >>- Status = EFI_OUT_OF_RESOURCES; >>- return Status; >>- } >>- >>- UserInfoTable->Size = sizeof (EFI_USER_INFO_TABLE); >>- >>- // >>- // Append the user information to the user info table >>- // >>- CopyMem ((UINT8 *) UserInfoTable + UserInfoTable->Size, (UINT8 *) >IdInfo, >>IdInfo->InfoSize); >>- UserInfoTable->Size += IdInfo->InfoSize; >>- >>- CopyMem ((UINT8 *) UserInfoTable + UserInfoTable->Size, (UINT8 *) >>NameInfo, NameInfo->InfoSize); >>- UserInfoTable->Size += NameInfo->InfoSize; >>- >>- Status = gBS->InstallConfigurationTable (&gEfiUserManagerProtocolGuid, >>(VOID *) UserInfoTable); >>- return Status; >>-} >>- >>- >>-/** >>- Get the user's identity type. >>- >>- The identify manager only supports the identity policy in which the >>credential >>- provider handles are connected by the operator 'AND' or 'OR'. >>- >>- >>- @param[in] User Handle of a user profile. >>- @param[out] PolicyType Point to the identity type. >>- >>- @retval EFI_SUCCESS Get user's identity type successfully. >>- @retval Others Fail to get user's identity type. >>- >>-**/ >>-EFI_STATUS >>-GetIdentifyType ( >>- IN EFI_USER_PROFILE_HANDLE User, >>- OUT UINT8 *PolicyType >>- ) >>-{ >>- EFI_STATUS Status; >>- EFI_USER_INFO *IdentifyInfo; >>- UINTN TotalLen; >>- EFI_USER_INFO_IDENTITY_POLICY *Identity; >>- >>- // >>- // Get user identify policy information. >>- // >>- IdentifyInfo = NULL; >>- Status = FindUserInfoByType (User, &IdentifyInfo, >>EFI_USER_INFO_IDENTITY_POLICY_RECORD); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- ASSERT (IdentifyInfo != NULL); >>- >>- // >>- // Search the user identify policy according to type. >>- // >>- TotalLen = 0; >>- *PolicyType = EFI_USER_INFO_IDENTITY_FALSE; >>- while (TotalLen < IdentifyInfo->InfoSize - sizeof (EFI_USER_INFO)) { >>- Identity = (EFI_USER_INFO_IDENTITY_POLICY *) ((UINT8 *) (IdentifyInfo >+ >>1) + TotalLen); >>- if (Identity->Type == EFI_USER_INFO_IDENTITY_AND) { >>- *PolicyType = EFI_USER_INFO_IDENTITY_AND; >>- break; >>- } >>- >>- if (Identity->Type == EFI_USER_INFO_IDENTITY_OR) { >>- *PolicyType = EFI_USER_INFO_IDENTITY_OR; >>- break; >>- } >>- TotalLen += Identity->Length; >>- } >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- Identify the User by the specfied provider. >>- >>- @param[in] User Handle of a user profile. >>- @param[in] Provider Points to the identifier of credential provider. >>- >>- @retval EFI_INVALID_PARAMETER Provider is NULL. >>- @retval EFI_NOT_FOUND Fail to identify the specified user. >>- @retval EFI_SUCCESS User is identified successfully. >>- >>-**/ >>-EFI_STATUS >>-IdentifyByProviderId ( >>- IN EFI_USER_PROFILE_HANDLE User, >>- IN EFI_GUID *Provider >>- ) >>-{ >>- EFI_STATUS Status; >>- EFI_USER_INFO_IDENTIFIER UserId; >>- UINTN Index; >>- EFI_CREDENTIAL_LOGON_FLAGS AutoLogon; >>- EFI_HII_HANDLE HiiHandle; >>- EFI_GUID FormSetId; >>- EFI_FORM_ID FormId; >>- EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential; >>- >>- if (Provider == NULL) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- // >>- // Check the user ID identified by the specified credential provider. >>- // >>- for (Index = 0; Index < mProviderDb->Count; Index++) { >>- // >>- // Check credential provider class. >>- // >>- UserCredential = mProviderDb->Provider[Index]; >>- if (CompareGuid (&UserCredential->Identifier, Provider)) { >>- Status = UserCredential->Select (UserCredential, &AutoLogon); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- >>- if ((AutoLogon & EFI_CREDENTIAL_LOGON_FLAG_AUTO) == 0) { >>- // >>- // Get credential provider form. >>- // >>- Status = UserCredential->Form ( >>- UserCredential, >>- &HiiHandle, >>- &FormSetId, >>- &FormId >>- ); >>- if (!EFI_ERROR (Status)) { >>- // >>- // Send form to get user input. >>- // >>- Status = mCallbackInfo->FormBrowser2->SendForm ( >>- mCallbackInfo->FormBrowser2, >>- &HiiHandle, >>- 1, >>- &FormSetId, >>- FormId, >>- NULL, >>- NULL >>- ); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- } >>- } >>- >>- Status = UserCredential->User (UserCredential, User, &UserId); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- >>- Status = UserCredential->Deselect (UserCredential); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- >>- return EFI_SUCCESS; >>- } >>- } >>- >>- return EFI_NOT_FOUND; >>-} >>- >>- >>-/** >>- Update user information when user is logon on successfully. >>- >>- @param[in] User Points to user profile. >>- >>- @retval EFI_SUCCESS Update user information successfully. >>- @retval Others Fail to update user information. >>- >>-**/ >>-EFI_STATUS >>-UpdateUserInfo ( >>- IN USER_PROFILE_ENTRY *User >>- ) >>-{ >>- EFI_STATUS Status; >>- EFI_USER_INFO *Info; >>- EFI_USER_INFO *NewInfo; >>- EFI_USER_INFO_CREATE_DATE Date; >>- EFI_USER_INFO_USAGE_COUNT UsageCount; >>- UINTN InfoLen; >>- >>- // >>- // Allocate a buffer to update user's date record and usage record. >>- // >>- InfoLen = MAX (sizeof (EFI_USER_INFO_CREATE_DATE), sizeof >>(EFI_USER_INFO_USAGE_COUNT)); >>- Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + InfoLen); >>- if (Info == NULL) { >>- return EFI_OUT_OF_RESOURCES; >>- } >>- >>- // >>- // Check create date record. >>- // >>- NewInfo = NULL; >>- Status = FindUserInfoByType (User, &NewInfo, >>EFI_USER_INFO_CREATE_DATE_RECORD); >>- if (Status == EFI_NOT_FOUND) { >>- Info->InfoType = EFI_USER_INFO_CREATE_DATE_RECORD; >>- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >>EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; >>- Info->InfoSize = sizeof (EFI_USER_INFO) + sizeof >>(EFI_USER_INFO_CREATE_DATE); >>- Status = gRT->GetTime (&Date, NULL); >>- if (EFI_ERROR (Status)) { >>- FreePool (Info); >>- return Status; >>- } >>- >>- CopyMem ((UINT8 *) (Info + 1), &Date, sizeof >>(EFI_USER_INFO_CREATE_DATE)); >>- NewInfo = NULL; >>- Status = ModifyUserInfo (User, &NewInfo, Info, Info->InfoSize); >>- if (EFI_ERROR (Status)) { >>- FreePool (Info); >>- return Status; >>- } >>- } >>- >>- // >>- // Update usage date record. >>- // >>- NewInfo = NULL; >>- Status = FindUserInfoByType (User, &NewInfo, >>EFI_USER_INFO_USAGE_DATE_RECORD); >>- if ((Status == EFI_SUCCESS) || (Status == EFI_NOT_FOUND)) { >>- Info->InfoType = EFI_USER_INFO_USAGE_DATE_RECORD; >>- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >>EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; >>- Info->InfoSize = sizeof (EFI_USER_INFO) + sizeof >>(EFI_USER_INFO_USAGE_DATE); >>- Status = gRT->GetTime (&Date, NULL); >>- if (EFI_ERROR (Status)) { >>- FreePool (Info); >>- return Status; >>- } >>- >>- CopyMem ((UINT8 *) (Info + 1), &Date, sizeof >>(EFI_USER_INFO_USAGE_DATE)); >>- Status = ModifyUserInfo (User, &NewInfo, Info, Info->InfoSize); >>- if (EFI_ERROR (Status)) { >>- FreePool (Info); >>- return Status; >>- } >>- } >>- >>- // >>- // Update usage count record. >>- // >>- UsageCount = 0; >>- NewInfo = NULL; >>- Status = FindUserInfoByType (User, &NewInfo, >>EFI_USER_INFO_USAGE_COUNT_RECORD); >>- // >>- // Get usage count. >>- // >>- if (Status == EFI_SUCCESS) { >>- CopyMem (&UsageCount, (UINT8 *) (NewInfo + 1), sizeof >>(EFI_USER_INFO_USAGE_COUNT)); >>- } >>- >>- UsageCount++; >>- if ((Status == EFI_SUCCESS) || (Status == EFI_NOT_FOUND)) { >>- Info->InfoType = EFI_USER_INFO_USAGE_COUNT_RECORD; >>- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >>EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; >>- Info->InfoSize = sizeof (EFI_USER_INFO) + sizeof >>(EFI_USER_INFO_USAGE_COUNT); >>- CopyMem ((UINT8 *) (Info + 1), &UsageCount, sizeof >>(EFI_USER_INFO_USAGE_COUNT)); >>- Status = ModifyUserInfo (User, &NewInfo, Info, Info->InfoSize); >>- if (EFI_ERROR (Status)) { >>- FreePool (Info); >>- return Status; >>- } >>- } >>- >>- FreePool (Info); >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- Add a credenetial provider item in form. >>- >>- @param[in] ProviderGuid Points to the identifir of credential provider. >>- @param[in] OpCodeHandle Points to container for dynamic created >>opcodes. >>- >>-**/ >>-VOID >>-AddProviderSelection ( >>- IN EFI_GUID *ProviderGuid, >>- IN VOID *OpCodeHandle >>- ) >>-{ >>- EFI_HII_HANDLE HiiHandle; >>- EFI_STRING_ID ProvID; >>- CHAR16 *ProvStr; >>- UINTN Index; >>- EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential; >>- >>- for (Index = 0; Index < mProviderDb->Count; Index++) { >>- UserCredential = mProviderDb->Provider[Index]; >>- if (CompareGuid (&UserCredential->Identifier, ProviderGuid)) { >>- // >>- // Add credential provider selection. >>- // >>- UserCredential->Title (UserCredential, &HiiHandle, &ProvID); >>- ProvStr = HiiGetString (HiiHandle, ProvID, NULL); >>- if (ProvStr == NULL) { >>- continue ; >>- } >>- ProvID = HiiSetString (mCallbackInfo->HiiHandle, 0, ProvStr, NULL); >>- FreePool (ProvStr); >>- HiiCreateActionOpCode ( >>- OpCodeHandle, // Container for dynamic created opcodes >>- (EFI_QUESTION_ID)(LABEL_PROVIDER_NAME + Index), // Question ID >>- ProvID, // Prompt text >>- STRING_TOKEN (STR_NULL_STRING), // Help text >>- EFI_IFR_FLAG_CALLBACK, // Question flag >>- 0 // Action String ID >>- ); >>- break; >>- } >>- } >>-} >>- >>- >>-/** >>- Add a username item in form. >>- >>- @param[in] Index The index of the user in the user name list. >>- @param[in] User Points to the user profile whose username is >added. >>- @param[in] OpCodeHandle Points to container for dynamic created >>opcodes. >>- >>- @retval EFI_SUCCESS Add a username successfully. >>- @retval Others Fail to add a username. >>- >>-**/ >>-EFI_STATUS >>-AddUserSelection ( >>- IN UINT16 Index, >>- IN USER_PROFILE_ENTRY *User, >>- IN VOID *OpCodeHandle >>- ) >>-{ >>- EFI_STRING_ID UserName; >>- EFI_STATUS Status; >>- EFI_USER_INFO *UserInfo; >>- >>- UserInfo = NULL; >>- Status = FindUserInfoByType (User, &UserInfo, >>EFI_USER_INFO_NAME_RECORD); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- >>- // >>- // Add user name selection. >>- // >>- UserName = HiiSetString (mCallbackInfo->HiiHandle, 0, (EFI_STRING) >>(UserInfo + 1), NULL); >>- if (UserName == 0) { >>- return EFI_OUT_OF_RESOURCES; >>- } >>- >>- HiiCreateGotoOpCode ( >>- OpCodeHandle, // Container for dynamic created opcodes >>- FORMID_PROVIDER_FORM, // Target Form ID >>- UserName, // Prompt text >>- STRING_TOKEN (STR_NULL_STRING), // Help text >>- EFI_IFR_FLAG_CALLBACK, // Question flag >>- (UINT16) Index // Question ID >>- ); >>- >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- Identify the user whose identity policy does not contain the operator 'OR'. >>- >>- @param[in] User Points to the user profile. >>- >>- @retval EFI_SUCCESS The specified user is identified successfully. >>- @retval Others Fail to identify the user. >>- >>-**/ >>-EFI_STATUS >>-IdentifyAndTypeUser ( >>- IN USER_PROFILE_ENTRY *User >>- ) >>-{ >>- EFI_STATUS Status; >>- EFI_USER_INFO *IdentifyInfo; >>- BOOLEAN Success; >>- UINTN TotalLen; >>- UINTN ValueLen; >>- EFI_USER_INFO_IDENTITY_POLICY *Identity; >>- >>- // >>- // Get user identify policy information. >>- // >>- IdentifyInfo = NULL; >>- Status = FindUserInfoByType (User, &IdentifyInfo, >>EFI_USER_INFO_IDENTITY_POLICY_RECORD); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- ASSERT (IdentifyInfo != NULL); >>- >>- // >>- // Check each part of identification policy expression. >>- // >>- Success = FALSE; >>- TotalLen = 0; >>- while (TotalLen < IdentifyInfo->InfoSize - sizeof (EFI_USER_INFO)) { >>- Identity = (EFI_USER_INFO_IDENTITY_POLICY *) ((UINT8 *) (IdentifyInfo >+ >>1) + TotalLen); >>- ValueLen = Identity->Length - sizeof (EFI_USER_INFO_IDENTITY_POLICY); >>- switch (Identity->Type) { >>- >>- case EFI_USER_INFO_IDENTITY_FALSE: >>- // >>- // Check False option. >>- // >>- Success = FALSE; >>- break; >>- >>- case EFI_USER_INFO_IDENTITY_TRUE: >>- // >>- // Check True option. >>- // >>- Success = TRUE; >>- break; >>- >>- case EFI_USER_INFO_IDENTITY_NOT: >>- // >>- // Check negative operation. >>- // >>- break; >>- >>- case EFI_USER_INFO_IDENTITY_AND: >>- // >>- // Check and operation. >>- // >>- if (!Success) { >>- return EFI_NOT_READY; >>- } >>- >>- Success = FALSE; >>- break; >>- >>- case EFI_USER_INFO_IDENTITY_OR: >>- // >>- // Check or operation. >>- // >>- if (Success) { >>- return EFI_SUCCESS; >>- } >>- break; >>- >>- case EFI_USER_INFO_IDENTITY_CREDENTIAL_TYPE: >>- // >>- // Check credential provider by type. >>- // >>- break; >>- >>- case EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER: >>- // >>- // Check credential provider by ID. >>- // >>- if (ValueLen != sizeof (EFI_GUID)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- Status = IdentifyByProviderId (User, (EFI_GUID *) (Identity + 1)); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- >>- Success = TRUE; >>- break; >>- >>- default: >>- return EFI_INVALID_PARAMETER; >>- break; >>- } >>- >>- TotalLen += Identity->Length; >>- } >>- >>- if (TotalLen != IdentifyInfo->InfoSize - sizeof (EFI_USER_INFO)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- if (!Success) { >>- return EFI_NOT_READY; >>- } >>- >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- Identify the user whose identity policy does not contain the operator 'AND'. >>- >>- @param[in] User Points to the user profile. >>- >>- @retval EFI_SUCCESS The specified user is identified successfully. >>- @retval Others Fail to identify the user. >>- >>-**/ >>-EFI_STATUS >>-IdentifyOrTypeUser ( >>- IN USER_PROFILE_ENTRY *User >>- ) >>-{ >>- EFI_STATUS Status; >>- EFI_USER_INFO *IdentifyInfo; >>- UINTN TotalLen; >>- UINTN ValueLen; >>- EFI_USER_INFO_IDENTITY_POLICY *Identity; >>- VOID *StartOpCodeHandle; >>- VOID *EndOpCodeHandle; >>- EFI_IFR_GUID_LABEL *StartLabel; >>- EFI_IFR_GUID_LABEL *EndLabel; >>- >>- // >>- // Get user identify policy information. >>- // >>- IdentifyInfo = NULL; >>- Status = FindUserInfoByType (User, &IdentifyInfo, >>EFI_USER_INFO_IDENTITY_POLICY_RECORD); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- ASSERT (IdentifyInfo != NULL); >>- >>- // >>- // Initialize the container for dynamic opcodes. >>- // >>- StartOpCodeHandle = HiiAllocateOpCodeHandle (); >>- ASSERT (StartOpCodeHandle != NULL); >>- >>- EndOpCodeHandle = HiiAllocateOpCodeHandle (); >>- ASSERT (EndOpCodeHandle != NULL); >>- >>- // >>- // Create Hii Extend Label OpCode. >>- // >>- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >>- StartOpCodeHandle, >>- &gEfiIfrTianoGuid, >>- NULL, >>- sizeof (EFI_IFR_GUID_LABEL) >>- ); >>- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >>- StartLabel->Number = LABEL_PROVIDER_NAME; >>- >>- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >>- EndOpCodeHandle, >>- &gEfiIfrTianoGuid, >>- NULL, >>- sizeof (EFI_IFR_GUID_LABEL) >>- ); >>- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >>- EndLabel->Number = LABEL_END; >>- >>- // >>- // Add the providers that exists in the user's policy. >>- // >>- TotalLen = 0; >>- while (TotalLen < IdentifyInfo->InfoSize - sizeof (EFI_USER_INFO)) { >>- Identity = (EFI_USER_INFO_IDENTITY_POLICY *) ((UINT8 *) (IdentifyInfo >+ >>1) + TotalLen); >>- ValueLen = Identity->Length - sizeof (EFI_USER_INFO_IDENTITY_POLICY); >>- if (Identity->Type == EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER) >{ >>- AddProviderSelection ((EFI_GUID *) (Identity + 1), StartOpCodeHandle); >>- } >>- >>- TotalLen += Identity->Length; >>- } >>- >>- HiiUpdateForm ( >>- mCallbackInfo->HiiHandle, // HII handle >>- &gUserIdentifyManagerGuid,// Formset GUID >>- FORMID_PROVIDER_FORM, // Form ID >>- StartOpCodeHandle, // Label for where to insert opcodes >>- EndOpCodeHandle // Replace data >>- ); >>- >>- HiiFreeOpCodeHandle (StartOpCodeHandle); >>- HiiFreeOpCodeHandle (EndOpCodeHandle); >>- >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- This function processes the results of changes in configuration. >>- >>- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. >>- @param Action Specifies the type of action taken by the browser. >>- @param QuestionId A unique value which is sent to the original >>- exporting driver so that it can identify the type >>- of data to expect. >>- @param Type The type of value for the question. >>- @param Value A pointer to the data being sent to the original >>- exporting driver. >>- @param ActionRequest On return, points to the action requested by >>the >>- callback function. >>- >>- @retval EFI_SUCCESS The callback successfully handled the action. >>- @retval Others Fail to handle the action. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-UserIdentifyManagerCallback ( >>- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, >>- IN EFI_BROWSER_ACTION Action, >>- IN EFI_QUESTION_ID QuestionId, >>- IN UINT8 Type, >>- IN EFI_IFR_TYPE_VALUE *Value, >>- OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest >>- ) >>-{ >>- EFI_STATUS Status; >>- USER_PROFILE_ENTRY *User; >>- UINT8 PolicyType; >>- UINT16 Index; >>- VOID *StartOpCodeHandle; >>- VOID *EndOpCodeHandle; >>- EFI_IFR_GUID_LABEL *StartLabel; >>- EFI_IFR_GUID_LABEL *EndLabel; >>- >>- Status = EFI_SUCCESS; >>- >>- switch (Action) { >>- case EFI_BROWSER_ACTION_FORM_OPEN: >>- { >>- // >>- // Update user Form when user Form is opened. >>- // This will be done only in FORM_OPEN CallBack of question with >>FORM_OPEN_QUESTION_ID from user Form. >>- // >>- if (QuestionId != FORM_OPEN_QUESTION_ID) { >>- return EFI_SUCCESS; >>- } >>- >>- // >>- // Initialize the container for dynamic opcodes. >>- // >>- StartOpCodeHandle = HiiAllocateOpCodeHandle (); >>- ASSERT (StartOpCodeHandle != NULL); >>- >>- EndOpCodeHandle = HiiAllocateOpCodeHandle (); >>- ASSERT (EndOpCodeHandle != NULL); >>- >>- // >>- // Create Hii Extend Label OpCode. >>- // >>- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >>- StartOpCodeHandle, >>- &gEfiIfrTianoGuid, >>- NULL, >>- sizeof (EFI_IFR_GUID_LABEL) >>- ); >>- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >>- StartLabel->Number = LABEL_USER_NAME; >>- >>- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >>- EndOpCodeHandle, >>- &gEfiIfrTianoGuid, >>- NULL, >>- sizeof (EFI_IFR_GUID_LABEL) >>- ); >>- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >>- EndLabel->Number = LABEL_END; >>- >>- // >>- // Add all the user profile in the user profile database. >>- // >>- for (Index = 0; Index < mUserProfileDb->UserProfileNum; Index++) { >>- User = (USER_PROFILE_ENTRY *) mUserProfileDb->UserProfile[Index]; >>- AddUserSelection ((UINT16)(LABEL_USER_NAME + Index), User, >>StartOpCodeHandle); >>- } >>- >>- HiiUpdateForm ( >>- mCallbackInfo->HiiHandle, // HII handle >>- &gUserIdentifyManagerGuid,// Formset GUID >>- FORMID_USER_FORM, // Form ID >>- StartOpCodeHandle, // Label for where to insert opcodes >>- EndOpCodeHandle // Replace data >>- ); >>- >>- HiiFreeOpCodeHandle (StartOpCodeHandle); >>- HiiFreeOpCodeHandle (EndOpCodeHandle); >>- >>- return EFI_SUCCESS; >>- } >>- break; >>- >>- case EFI_BROWSER_ACTION_FORM_CLOSE: >>- Status = EFI_SUCCESS; >>- break; >>- >>- case EFI_BROWSER_ACTION_CHANGED: >>- if (QuestionId >= LABEL_PROVIDER_NAME) { >>- // >>- // QuestionId comes from the second Form (Select a Credential Provider >if >>identity >>- // policy is OR type). Identify the user by the selected provider. >>- // >>- Status = IdentifyByProviderId (mCurrentUser, &mProviderDb- >>>Provider[QuestionId & 0xFFF]->Identifier); >>- if (Status == EFI_SUCCESS) { >>- mIdentified = TRUE; >>- *ActionRequest = EFI_BROWSER_ACTION_REQUEST_EXIT; >>- } >>- return EFI_SUCCESS; >>- } >>- break; >>- >>- case EFI_BROWSER_ACTION_CHANGING: >>- // >>- // QuestionId comes from the first Form (Select a user to identify). >>- // >>- if (QuestionId >= LABEL_PROVIDER_NAME) { >>- return EFI_SUCCESS; >>- } >>- >>- User = (USER_PROFILE_ENTRY *) mUserProfileDb- >>>UserProfile[QuestionId & 0xFFF]; >>- Status = GetIdentifyType (User, &PolicyType); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- >>- if (PolicyType == EFI_USER_INFO_IDENTITY_OR) { >>- // >>- // Identify the user by "OR" logical. >>- // >>- Status = IdentifyOrTypeUser (User); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- >>- mCurrentUser = (EFI_USER_PROFILE_HANDLE) User; >>- } else { >>- // >>- // Identify the user by "AND" logical. >>- // >>- Status = IdentifyAndTypeUser (User); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- >>- mCurrentUser = (EFI_USER_PROFILE_HANDLE) User; >>- mIdentified = TRUE; >>- if (Type == EFI_IFR_TYPE_REF) { >>- Value->ref.FormId = FORMID_INVALID_FORM; >>- } >>- } >>- break; >>- >>- default: >>- // >>- // All other action return unsupported. >>- // >>- Status = EFI_UNSUPPORTED; >>- break; >>- } >>- >>- >>- return Status; >>-} >>- >>- >>-/** >>- This function construct user profile database from user data saved in the >>Flash. >>- If no user is found in Flash, add one default user "administrator" in the user >>- profile database. >>- >>- @retval EFI_SUCCESS Init user profile database successfully. >>- @retval Others Fail to init user profile database. >>- >>-**/ >>-EFI_STATUS >>-InitUserProfileDb ( >>- VOID >>- ) >>-{ >>- EFI_STATUS Status; >>- UINT8 *VarData; >>- UINTN VarSize; >>- UINTN CurVarSize; >>- CHAR16 VarName[10]; >>- UINTN Index; >>- UINT32 VarAttr; >>- >>- if (mUserProfileDb != NULL) { >>- // >>- // The user profiles had been already initialized. >>- // >>- return EFI_SUCCESS; >>- } >>- >>- // >>- // Init user profile database structure. >>- // >>- if (!ExpandUsermUserProfileDb ()) { >>- return EFI_OUT_OF_RESOURCES; >>- } >>- >>- CurVarSize = DEFAULT_PROFILE_SIZE; >>- VarData = AllocateZeroPool (CurVarSize); >>- if (VarData == NULL) { >>- return EFI_OUT_OF_RESOURCES; >>- } >>- >>- // >>- // Get all user proifle entries. >>- // >>- Index = 0; >>- while (TRUE) { >>- // >>- // Get variable name. >>- // >>- UnicodeSPrint ( >>- VarName, >>- sizeof (VarName), >>- L"User%04x", >>- Index >>- ); >>- Index++; >>- >>- // >>- // Get variable value. >>- // >>- VarSize = CurVarSize; >>- Status = gRT->GetVariable (VarName, &gUserIdentifyManagerGuid, >>&VarAttr, &VarSize, VarData); >>- if (Status == EFI_BUFFER_TOO_SMALL) { >>- FreePool (VarData); >>- VarData = AllocatePool (VarSize); >>- if (VarData == NULL) { >>- Status = EFI_OUT_OF_RESOURCES; >>- break; >>- } >>- >>- CurVarSize = VarSize; >>- Status = gRT->GetVariable (VarName, &gUserIdentifyManagerGuid, >>&VarAttr, &VarSize, VarData); >>- } >>- >>- if (EFI_ERROR (Status)) { >>- if (Status == EFI_NOT_FOUND) { >>- Status = EFI_SUCCESS; >>- } >>- break; >>- } >>- >>- // >>- // Check variable attributes. >>- // >>- if (VarAttr != (EFI_VARIABLE_NON_VOLATILE | >>EFI_VARIABLE_BOOTSERVICE_ACCESS)) { >>- Status = gRT->SetVariable (VarName, &gUserIdentifyManagerGuid, >>VarAttr, 0, NULL); >>- continue; >>- } >>- >>- // >>- // Add user profile to the user profile database. >>- // >>- Status = AddUserProfile (NULL, VarSize, VarData, FALSE); >>- if (EFI_ERROR (Status)) { >>- if (Status == EFI_SECURITY_VIOLATION) { >>- // >>- // Delete invalid user profile >>- // >>- gRT->SetVariable (VarName, &gUserIdentifyManagerGuid, VarAttr, 0, >>NULL); >>- } else if (Status == EFI_OUT_OF_RESOURCES) { >>- break; >>- } >>- } else { >>- // >>- // Delete and save the profile again if some invalid profiles are deleted. >>- // >>- if (mUserProfileDb->UserProfileNum < Index) { >>- gRT->SetVariable (VarName, &gUserIdentifyManagerGuid, VarAttr, 0, >>NULL); >>- SaveNvUserProfile (mUserProfileDb->UserProfile[mUserProfileDb- >>>UserProfileNum - 1], FALSE); >>- } >>- } >>- } >>- >>- if (VarData != NULL) { >>- FreePool (VarData); >>- } >>- >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- >>- // >>- // Check whether the user profile database is empty. >>- // >>- if (mUserProfileDb->UserProfileNum == 0) { >>- Status = AddDefaultUserProfile (); >>- } >>- >>- return Status; >>-} >>- >>- >>-/** >>- This function collects all the credential providers and saves to mProviderDb. >>- >>- @retval EFI_SUCCESS Collect credential providers successfully. >>- @retval Others Fail to collect credential providers. >>- >>-**/ >>-EFI_STATUS >>-InitProviderInfo ( >>- VOID >>- ) >>-{ >>- EFI_STATUS Status; >>- UINTN HandleCount; >>- EFI_HANDLE *HandleBuf; >>- UINTN Index; >>- >>- if (mProviderDb != NULL) { >>- // >>- // The credential providers had been collected before. >>- // >>- return EFI_SUCCESS; >>- } >>- >>- // >>- // Try to find all the user credential provider driver. >>- // >>- HandleCount = 0; >>- HandleBuf = NULL; >>- Status = gBS->LocateHandleBuffer ( >>- ByProtocol, >>- &gEfiUserCredential2ProtocolGuid, >>- NULL, >>- &HandleCount, >>- &HandleBuf >>- ); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- >>- // >>- // Get provider infomation. >>- // >>- mProviderDb = AllocateZeroPool ( >>- sizeof (CREDENTIAL_PROVIDER_INFO) - >>- sizeof (EFI_USER_CREDENTIAL2_PROTOCOL *) + >>- HandleCount * sizeof (EFI_USER_CREDENTIAL2_PROTOCOL *) >>- ); >>- if (mProviderDb == NULL) { >>- FreePool (HandleBuf); >>- return EFI_OUT_OF_RESOURCES; >>- } >>- >>- mProviderDb->Count = HandleCount; >>- for (Index = 0; Index < HandleCount; Index++) { >>- Status = gBS->HandleProtocol ( >>- HandleBuf[Index], >>- &gEfiUserCredential2ProtocolGuid, >>- (VOID **) &mProviderDb->Provider[Index] >>- ); >>- if (EFI_ERROR (Status)) { >>- FreePool (HandleBuf); >>- FreePool (mProviderDb); >>- mProviderDb = NULL; >>- return Status; >>- } >>- } >>- >>- FreePool (HandleBuf); >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- This function allows a caller to extract the current configuration for one >>- or more named elements from the target driver. >>- >>- >>- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. >>- @param Request A null-terminated Unicode string in <ConfigRequest> >>format. >>- @param Progress On return, points to a character in the Request string. >>- Points to the string's null terminator if request was successful. >>- Points to the most recent '&' before the first failing name/value >>- pair (or the beginning of the string if the failure is in the >>- first name/value pair) if the request was not successful. >>- @param Results A null-terminated Unicode string in <ConfigAltResp> >>format which >>- has all values filled in for the names in the Request string. >>- String to be allocated by the called function. >>- >>- @retval EFI_SUCCESS The Results is filled with the requested values. >>- @retval EFI_OUT_OF_RESOURCES Not enough memory to store the >>results. >>- @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown >>name. >>- @retval EFI_NOT_FOUND Routing data doesn't match any storage in >>this driver. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-FakeExtractConfig ( >>- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, >>- IN CONST EFI_STRING Request, >>- OUT EFI_STRING *Progress, >>- OUT EFI_STRING *Results >>- ) >>-{ >>- if (Progress == NULL || Results == NULL) { >>- return EFI_INVALID_PARAMETER; >>- } >>- *Progress = Request; >>- return EFI_NOT_FOUND; >>-} >>- >>-/** >>- This function processes the results of changes in configuration. >>- >>- >>- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. >>- @param Configuration A null-terminated Unicode string in <ConfigResp> >>format. >>- @param Progress A pointer to a string filled in with the offset of the >>most >>- recent '&' before the first failing name/value pair (or the >>- beginning of the string if the failure is in the first >>- name/value pair) or the terminating NULL if all was successful. >>- >>- @retval EFI_SUCCESS The Results is processed successfully. >>- @retval EFI_INVALID_PARAMETER Configuration is NULL. >>- @retval EFI_NOT_FOUND Routing data doesn't match any storage in >>this driver. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-FakeRouteConfig ( >>- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, >>- IN CONST EFI_STRING Configuration, >>- OUT EFI_STRING *Progress >>- ) >>-{ >>- if (Configuration == NULL || Progress == NULL) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- *Progress = Configuration; >>- >>- return EFI_NOT_FOUND; >>-} >>- >>- >>-/** >>- This function initialize the data mainly used in form browser. >>- >>- @retval EFI_SUCCESS Initialize form data successfully. >>- @retval Others Fail to Initialize form data. >>- >>-**/ >>-EFI_STATUS >>-InitFormBrowser ( >>- VOID >>- ) >>-{ >>- EFI_STATUS Status; >>- USER_MANAGER_CALLBACK_INFO *CallbackInfo; >>- EFI_HII_DATABASE_PROTOCOL *HiiDatabase; >>- EFI_HII_STRING_PROTOCOL *HiiString; >>- EFI_FORM_BROWSER2_PROTOCOL *FormBrowser2; >>- >>- // >>- // Initialize driver private data. >>- // >>- CallbackInfo = AllocateZeroPool (sizeof >>(USER_MANAGER_CALLBACK_INFO)); >>- if (CallbackInfo == NULL) { >>- return EFI_OUT_OF_RESOURCES; >>- } >>- >>- CallbackInfo->Signature = USER_MANAGER_SIGNATURE; >>- CallbackInfo->ConfigAccess.ExtractConfig = FakeExtractConfig; >>- CallbackInfo->ConfigAccess.RouteConfig = FakeRouteConfig; >>- CallbackInfo->ConfigAccess.Callback = UserIdentifyManagerCallback; >>- >>- // >>- // Locate Hii Database protocol. >>- // >>- Status = gBS->LocateProtocol (&gEfiHiiDatabaseProtocolGuid, NULL, (VOID >>**) &HiiDatabase); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- CallbackInfo->HiiDatabase = HiiDatabase; >>- >>- // >>- // Locate HiiString protocol. >>- // >>- Status = gBS->LocateProtocol (&gEfiHiiStringProtocolGuid, NULL, (VOID **) >>&HiiString); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- CallbackInfo->HiiString = HiiString; >>- >>- // >>- // Locate Formbrowser2 protocol. >>- // >>- Status = gBS->LocateProtocol (&gEfiFormBrowser2ProtocolGuid, NULL, >>(VOID **) &FormBrowser2); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- >>- CallbackInfo->FormBrowser2 = FormBrowser2; >>- CallbackInfo->DriverHandle = NULL; >>- >>- // >>- // Install Device Path Protocol and Config Access protocol to driver handle. >>- // >>- Status = gBS->InstallMultipleProtocolInterfaces ( >>- &CallbackInfo->DriverHandle, >>- &gEfiDevicePathProtocolGuid, >>- &mHiiVendorDevicePath, >>- &gEfiHiiConfigAccessProtocolGuid, >>- &CallbackInfo->ConfigAccess, >>- NULL >>- ); >>- ASSERT_EFI_ERROR (Status); >>- >>- // >>- // Publish HII data. >>- // >>- CallbackInfo->HiiHandle = HiiAddPackages ( >>- &gUserIdentifyManagerGuid, >>- CallbackInfo->DriverHandle, >>- UserIdentifyManagerStrings, >>- UserIdentifyManagerVfrBin, >>- NULL >>- ); >>- if (CallbackInfo->HiiHandle == NULL) { >>- return EFI_OUT_OF_RESOURCES; >>- } >>- >>- mCallbackInfo = CallbackInfo; >>- >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- Identify the user whose identification policy supports auto logon. >>- >>- @param[in] ProviderIndex The provider index in the provider list. >>- @param[out] User Points to user user profile if a user is identified >>successfully. >>- >>- @retval EFI_SUCCESS Identify a user with the specified provider >>successfully. >>- @retval Others Fail to identify a user. >>- >>-**/ >>-EFI_STATUS >>-IdentifyAutoLogonUser ( >>- IN UINTN ProviderIndex, >>- OUT USER_PROFILE_ENTRY **User >>- ) >>-{ >>- EFI_STATUS Status; >>- EFI_USER_INFO *Info; >>- UINT8 PolicyType; >>- >>- Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + sizeof >>(EFI_USER_INFO_IDENTIFIER)); >>- if (Info == NULL) { >>- return EFI_OUT_OF_RESOURCES; >>- } >>- >>- Info->InfoType = EFI_USER_INFO_IDENTIFIER_RECORD; >>- Info->InfoSize = sizeof (EFI_USER_INFO) + sizeof >>(EFI_USER_INFO_IDENTIFIER); >>- >>- // >>- // Identify the specified credential provider's auto logon user. >>- // >>- Status = mProviderDb->Provider[ProviderIndex]->User ( >>- mProviderDb->Provider[ProviderIndex], >>- NULL, >>- (EFI_USER_INFO_IDENTIFIER *) (Info + 1) >>- ); >>- if (EFI_ERROR (Status)) { >>- FreePool (Info); >>- return Status; >>- } >>- >>- // >>- // Find user with the specified user ID. >>- // >>- *User = NULL; >>- Status = FindUserProfileByInfo (User, NULL, Info, Info->InfoSize); >>- FreePool (Info); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- >>- Status = GetIdentifyType ((EFI_USER_PROFILE_HANDLE) * User, >>&PolicyType); >>- if (PolicyType == EFI_USER_INFO_IDENTITY_AND) { >>- // >>- // The identified user need also identified by other credential provider. >>- // This can handle through select user. >>- // >>- return EFI_NOT_READY; >>- } >>- >>- return Status; >>-} >>- >>- >>-/** >>- Check whether the given console is ready. >>- >>- @param[in] ProtocolGuid Points to the protocol guid of sonsole . >>- >>- @retval TRUE The given console is ready. >>- @retval FALSE The given console is not ready. >>- >>-**/ >>-BOOLEAN >>-CheckConsole ( >>- EFI_GUID *ProtocolGuid >>- ) >>-{ >>- EFI_STATUS Status; >>- UINTN HandleCount; >>- EFI_HANDLE *HandleBuf; >>- UINTN Index; >>- EFI_DEVICE_PATH_PROTOCOL *DevicePath; >>- >>- // >>- // Try to find all the handle driver. >>- // >>- HandleCount = 0; >>- HandleBuf = NULL; >>- Status = gBS->LocateHandleBuffer ( >>- ByProtocol, >>- ProtocolGuid, >>- NULL, >>- &HandleCount, >>- &HandleBuf >>- ); >>- if (EFI_ERROR (Status)) { >>- return FALSE; >>- } >>- >>- for (Index = 0; Index < HandleCount; Index++) { >>- DevicePath = DevicePathFromHandle (HandleBuf[Index]); >>- if (DevicePath != NULL) { >>- FreePool (HandleBuf); >>- return TRUE; >>- } >>- } >>- FreePool (HandleBuf); >>- return FALSE; >>-} >>- >>- >>-/** >>- Check whether the console is ready. >>- >>- @retval TRUE The console is ready. >>- @retval FALSE The console is not ready. >>- >>-**/ >>-BOOLEAN >>-IsConsoleReady ( >>- VOID >>- ) >>-{ >>- if (!CheckConsole (&gEfiSimpleTextOutProtocolGuid)) { >>- return FALSE; >>- } >>- >>- if (!CheckConsole (&gEfiSimpleTextInProtocolGuid)) { >>- if (!CheckConsole (&gEfiSimpleTextInputExProtocolGuid)) { >>- return FALSE; >>- } >>- } >>- >>- return TRUE; >>-} >>- >>- >>-/** >>- Identify a user to logon. >>- >>- @param[out] User Points to user user profile if a user is identified >>successfully. >>- >>- @retval EFI_SUCCESS Identify a user successfully. >>- >>-**/ >>-EFI_STATUS >>-IdentifyUser ( >>- OUT USER_PROFILE_ENTRY **User >>- ) >>-{ >>- EFI_STATUS Status; >>- UINTN Index; >>- EFI_CREDENTIAL_LOGON_FLAGS AutoLogon; >>- EFI_USER_INFO *IdentifyInfo; >>- EFI_USER_INFO_IDENTITY_POLICY *Identity; >>- EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential; >>- USER_PROFILE_ENTRY *UserEntry; >>- >>- // >>- // Initialize credential providers. >>- // >>- InitProviderInfo (); >>- >>- // >>- // Initialize user profile database. >>- // >>- InitUserProfileDb (); >>- >>- // >>- // If only one user in system, and its identify policy is TRUE, then auto logon. >>- // >>- if (mUserProfileDb->UserProfileNum == 1) { >>- UserEntry = (USER_PROFILE_ENTRY *) mUserProfileDb->UserProfile[0]; >>- IdentifyInfo = NULL; >>- Status = FindUserInfoByType (UserEntry, &IdentifyInfo, >>EFI_USER_INFO_IDENTITY_POLICY_RECORD); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- ASSERT (IdentifyInfo != NULL); >>- >>- Identity = (EFI_USER_INFO_IDENTITY_POLICY *) ((UINT8 *) (IdentifyInfo >+ >>1)); >>- if (Identity->Type == EFI_USER_INFO_IDENTITY_TRUE) { >>- mCurrentUser = (EFI_USER_PROFILE_HANDLE) UserEntry; >>- UpdateUserInfo (UserEntry); >>- *User = UserEntry; >>- return EFI_SUCCESS; >>- } >>- } >>- >>- // >>- // Find and login the default & AutoLogon user. >>- // >>- for (Index = 0; Index < mProviderDb->Count; Index++) { >>- UserCredential = mProviderDb->Provider[Index]; >>- Status = UserCredential->Default (UserCredential, &AutoLogon); >>- if (EFI_ERROR (Status)) { >>- continue; >>- } >>- >>- if ((AutoLogon & (EFI_CREDENTIAL_LOGON_FLAG_DEFAULT | >>EFI_CREDENTIAL_LOGON_FLAG_AUTO)) != 0) { >>- Status = IdentifyAutoLogonUser (Index, &UserEntry); >>- if (Status == EFI_SUCCESS) { >>- mCurrentUser = (EFI_USER_PROFILE_HANDLE) UserEntry; >>- UpdateUserInfo (UserEntry); >>- *User = UserEntry; >>- return EFI_SUCCESS; >>- } >>- } >>- } >>- >>- if (!IsConsoleReady ()) { >>- // >>- // The console is still not ready for user selection. >>- // >>- return EFI_ACCESS_DENIED; >>- } >>- >>- // >>- // Select a user and identify it. >>- // >>- mCallbackInfo->FormBrowser2->SendForm ( >>- mCallbackInfo->FormBrowser2, >>- &mCallbackInfo->HiiHandle, >>- 1, >>- &gUserIdentifyManagerGuid, >>- 0, >>- NULL, >>- NULL >>- ); >>- >>- if (mIdentified) { >>- *User = (USER_PROFILE_ENTRY *) mCurrentUser; >>- UpdateUserInfo (*User); >>- return EFI_SUCCESS; >>- } >>- >>- return EFI_ACCESS_DENIED; >>-} >>- >>- >>-/** >>- An empty function to pass error checking of CreateEventEx (). >>- >>- @param Event Event whose notification function is being invoked. >>- @param Context Pointer to the notification function's context, >>- which is implementation-dependent. >>- >>-**/ >>-VOID >>-EFIAPI >>-InternalEmptyFuntion ( >>- IN EFI_EVENT Event, >>- IN VOID *Context >>- ) >>-{ >>-} >>- >>- >>-/** >>- Create, Signal, and Close the User Profile Changed event. >>- >>-**/ >>-VOID >>-SignalEventUserProfileChanged ( >>- VOID >>- ) >>-{ >>- EFI_STATUS Status; >>- EFI_EVENT Event; >>- >>- Status = gBS->CreateEventEx ( >>- EVT_NOTIFY_SIGNAL, >>- TPL_CALLBACK, >>- InternalEmptyFuntion, >>- NULL, >>- &gEfiEventUserProfileChangedGuid, >>- &Event >>- ); >>- ASSERT_EFI_ERROR (Status); >>- gBS->SignalEvent (Event); >>- gBS->CloseEvent (Event); >>-} >>- >>- >>-/** >>- Create a new user profile. >>- >>- This function creates a new user profile with only a new user identifier >>attached and returns >>- its handle. The user profile is non-volatile, but the handle User can change >>across reboots. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_MANAGER_PROTOCOL. >>- @param[out] User On return, points to the new user profile handle. >>- The user profile handle is unique only during this boot. >>- >>- @retval EFI_SUCCESS User profile was successfully created. >>- @retval EFI_ACCESS_DENIED Current user does not have sufficient >>permissions to create a >>- user profile. >>- @retval EFI_UNSUPPORTED Creation of new user profiles is not >>supported. >>- @retval EFI_INVALID_PARAMETER The User parameter is NULL. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-UserProfileCreate ( >>- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >>- OUT EFI_USER_PROFILE_HANDLE *User >>- ) >>-{ >>- EFI_STATUS Status; >>- >>- if ((This == NULL) || (User == NULL)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- // >>- // Check the right of the current user. >>- // >>- if (!CheckCurrentUserAccessRight (EFI_USER_INFO_ACCESS_MANAGE)) { >>- if (!CheckCurrentUserAccessRight >>(EFI_USER_INFO_ACCESS_ENROLL_OTHERS)) { >>- return EFI_ACCESS_DENIED; >>- } >>- } >>- >>- // >>- // Create new user profile >>- // >>- Status = CreateUserProfile ((USER_PROFILE_ENTRY **) User); >>- if (EFI_ERROR (Status)) { >>- return EFI_ACCESS_DENIED; >>- } >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- Delete an existing user profile. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_MANAGER_PROTOCOL. >>- @param[in] User User profile handle. >>- >>- @retval EFI_SUCCESS User profile was successfully deleted. >>- @retval EFI_ACCESS_DENIED Current user does not have sufficient >>permissions to delete a user >>- profile or there is only one user profile. >>- @retval EFI_UNSUPPORTED Deletion of new user profiles is not >>supported. >>- @retval EFI_INVALID_PARAMETER User does not refer to a valid user >>profile. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-UserProfileDelete ( >>- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >>- IN EFI_USER_PROFILE_HANDLE User >>- ) >>-{ >>- EFI_STATUS Status; >>- >>- if (This == NULL) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- // >>- // Check the right of the current user. >>- // >>- if (!CheckCurrentUserAccessRight (EFI_USER_INFO_ACCESS_MANAGE)) { >>- return EFI_ACCESS_DENIED; >>- } >>- >>- // >>- // Delete user profile. >>- // >>- Status = DelUserProfile (User); >>- if (EFI_ERROR (Status)) { >>- if (Status != EFI_INVALID_PARAMETER) { >>- return EFI_ACCESS_DENIED; >>- } >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- Enumerate all of the enrolled users on the platform. >>- >>- This function returns the next enrolled user profile. To retrieve the first >user >>profile handle, >>- point User at a NULL. Each subsequent call will retrieve another user profile >>handle until there >>- are no more, at which point User will point to NULL. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_MANAGER_PROTOCOL. >>- @param[in, out] User On entry, points to the previous user profile >>handle or NULL to >>- start enumeration. On exit, points to the next user profile >>handle >>- or NULL if there are no more user profiles. >>- >>- @retval EFI_SUCCESS Next enrolled user profile successfully returned. >>- @retval EFI_ACCESS_DENIED Next enrolled user profile was not >>successfully returned. >>- @retval EFI_INVALID_PARAMETER The User parameter is NULL. >>-**/ >>-EFI_STATUS >>-EFIAPI >>-UserProfileGetNext ( >>- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >>- IN OUT EFI_USER_PROFILE_HANDLE *User >>- ) >>-{ >>- EFI_STATUS Status; >>- >>- if ((This == NULL) || (User == NULL)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- Status = FindUserProfile ((USER_PROFILE_ENTRY **) User, TRUE, NULL); >>- if (EFI_ERROR (Status)) { >>- return EFI_ACCESS_DENIED; >>- } >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- Return the current user profile handle. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_MANAGER_PROTOCOL. >>- @param[out] CurrentUser On return, points to the current user profile >>handle. >>- >>- @retval EFI_SUCCESS Current user profile handle returned >successfully. >>- @retval EFI_INVALID_PARAMETER The CurrentUser parameter is NULL. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-UserProfileCurrent ( >>- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >>- OUT EFI_USER_PROFILE_HANDLE *CurrentUser >>- ) >>-{ >>- // >>- // Get current user profile. >>- // >>- if ((This == NULL) || (CurrentUser == NULL)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- *CurrentUser = mCurrentUser; >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- Identify a user. >>- >>- Identify the user and, if authenticated, returns the user handle and >changes >>the current >>- user profile. All user information marked as private in a previously selected >>profile >>- is no longer available for inspection. >>- Whenever the current user profile is changed then the an event with the >>GUID >>- EFI_EVENT_GROUP_USER_PROFILE_CHANGED is signaled. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_MANAGER_PROTOCOL. >>- @param[out] User On return, points to the user profile handle for >>the current >>- user profile. >>- >>- @retval EFI_SUCCESS User was successfully identified. >>- @retval EFI_ACCESS_DENIED User was not successfully identified. >>- @retval EFI_INVALID_PARAMETER The User parameter is NULL. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-UserProfileIdentify ( >>- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >>- OUT EFI_USER_PROFILE_HANDLE *User >>- ) >>-{ >>- EFI_STATUS Status; >>- >>- if ((This == NULL) || (User == NULL)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- if (mCurrentUser != NULL) { >>- *User = mCurrentUser; >>- return EFI_SUCCESS; >>- } >>- >>- // >>- // Identify user >>- // >>- Status = IdentifyUser ((USER_PROFILE_ENTRY **) User); >>- if (EFI_ERROR (Status)) { >>- return EFI_ACCESS_DENIED; >>- } >>- >>- // >>- // Publish the user info into the EFI system configuration table. >>- // >>- PublishUserTable (); >>- >>- // >>- // Signal User Profile Changed event. >>- // >>- SignalEventUserProfileChanged (); >>- return EFI_SUCCESS; >>-} >>- >>-/** >>- Find a user using a user information record. >>- >>- This function searches all user profiles for the specified user information >>record. >>- The search starts with the user information record handle following >>UserInfo and >>- continues until either the information is found or there are no more user >>profiles. >>- A match occurs when the Info.InfoType field matches the user information >>record >>- type and the user information record data matches the portion of Info. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_MANAGER_PROTOCOL. >>- @param[in, out] User On entry, points to the previously returned >user >>profile >>- handle, or NULL to start searching with the first user profile. >>- On return, points to the user profile handle, or NULL if not >>- found. >>- @param[in, out] UserInfo On entry, points to the previously returned >>user information >>- handle, or NULL to start searching with the first. On return, >>- points to the user information handle of the user >>information >>- record, or NULL if not found. Can be NULL, in which case >only >>- one user information record per user can be returned. >>- @param[in] Info Points to the buffer containing the user >information >>to be >>- compared to the user information record. If the user >>information >>- record data is empty, then only the user information record >>type >>- is compared. If InfoSize is 0, then the user information >record >>- must be empty. >>- >>- @param[in] InfoSize The size of Info, in bytes. >>- >>- @retval EFI_SUCCESS User information was found. User points to the >>user profile >>- handle, and UserInfo points to the user information handle. >>- @retval EFI_NOT_FOUND User information was not found. User >points >>to NULL, and >>- UserInfo points to NULL. >>- @retval EFI_INVALID_PARAMETER User is NULL. Or Info is NULL. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-UserProfileFind ( >>- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >>- IN OUT EFI_USER_PROFILE_HANDLE *User, >>- IN OUT EFI_USER_INFO_HANDLE *UserInfo OPTIONAL, >>- IN CONST EFI_USER_INFO *Info, >>- IN UINTN InfoSize >>- ) >>-{ >>- EFI_STATUS Status; >>- UINTN Size; >>- >>- if ((This == NULL) || (User == NULL) || (Info == NULL)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- if (InfoSize == 0) { >>- // >>- // If InfoSize is 0, then the user information record must be empty. >>- // >>- if (Info->InfoSize != sizeof (EFI_USER_INFO)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- } else { >>- if (InfoSize != Info->InfoSize) { >>- return EFI_INVALID_PARAMETER; >>- } >>- } >>- Size = Info->InfoSize; >>- >>- // >>- // Find user profile accdoring to user information. >>- // >>- Status = FindUserProfileByInfo ( >>- (USER_PROFILE_ENTRY **) User, >>- (EFI_USER_INFO **) UserInfo, >>- (EFI_USER_INFO *) Info, >>- Size >>- ); >>- if (EFI_ERROR (Status)) { >>- *User = NULL; >>- if (UserInfo != NULL) { >>- *UserInfo = NULL; >>- } >>- return EFI_NOT_FOUND; >>- } >>- >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- Return information attached to the user. >>- >>- This function returns user information. The format of the information is >>described in User >>- Information. The function may return EFI_ACCESS_DENIED if the >>information is marked private >>- and the handle specified by User is not the current user profile. The >function >>may return >>- EFI_ACCESS_DENIED if the information is marked protected and the >>information is associated >>- with a credential provider for which the user has not been authenticated. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_MANAGER_PROTOCOL. >>- @param[in] User Handle of the user whose profile will be retrieved. >>- @param[in] UserInfo Handle of the user information data record. >>- @param[out] Info On entry, points to a buffer of at least *InfoSize >>bytes. On exit, >>- holds the user information. If the buffer is too small to hold >>the >>- information, then EFI_BUFFER_TOO_SMALL is returned and >>InfoSize is >>- updated to contain the number of bytes actually required. >>- @param[in, out] InfoSize On entry, points to the size of Info. On return, >>points to the size >>- of the user information. >>- >>- @retval EFI_SUCCESS Information returned successfully. >>- @retval EFI_ACCESS_DENIED The information about the specified user >>cannot be accessed by the >>- current user. >>- @retval EFI_BUFFER_TOO_SMALL The number of bytes specified by >>*InfoSize is too small to hold the >>- returned data. The actual size required is returned in >>*InfoSize. >>- @retval EFI_NOT_FOUND User does not refer to a valid user profile or >>UserInfo does not refer >>- to a valid user info handle. >>- @retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-UserProfileGetInfo ( >>- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >>- IN EFI_USER_PROFILE_HANDLE User, >>- IN EFI_USER_INFO_HANDLE UserInfo, >>- OUT EFI_USER_INFO *Info, >>- IN OUT UINTN *InfoSize >>- ) >>-{ >>- EFI_STATUS Status; >>- >>- if ((This == NULL) || (InfoSize == NULL)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- if ((*InfoSize != 0) && (Info == NULL)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- if ((User == NULL) || (UserInfo == NULL)) { >>- return EFI_NOT_FOUND; >>- } >>- >>- Status = GetUserInfo (User, UserInfo, Info, InfoSize, TRUE); >>- if (EFI_ERROR (Status)) { >>- if (Status == EFI_BUFFER_TOO_SMALL) { >>- return EFI_BUFFER_TOO_SMALL; >>- } >>- return EFI_ACCESS_DENIED; >>- } >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- Add or update user information. >>- >>- This function changes user information. If NULL is pointed to by UserInfo, >>then a new user >>- information record is created and its handle is returned in UserInfo. >>Otherwise, the existing >>- one is replaced. >>- If EFI_USER_INFO_IDENITTY_POLICY_RECORD is changed, it is the caller's >>responsibility to keep >>- it to be synced with the information on credential providers. >>- If EFI_USER_INFO_EXCLUSIVE is specified in Info and a user information >>record of the same >>- type already exists in the user profile, then EFI_ACCESS_DENIED will be >>returned and UserInfo >>- will point to the handle of the existing record. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_MANAGER_PROTOCOL. >>- @param[in] User Handle of the user whose profile will be >retrieved. >>- @param[in, out] UserInfo Handle of the user information data record. >>- @param[in] Info On entry, points to a buffer of at least *InfoSize >>bytes. On exit, >>- holds the user information. If the buffer is too small to hold >>the >>- information, then EFI_BUFFER_TOO_SMALL is returned >and >>InfoSize is >>- updated to contain the number of bytes actually required. >>- @param[in] InfoSize On entry, points to the size of Info. On return, >>points to the size >>- of the user information. >>- >>- @retval EFI_SUCCESS Information returned successfully. >>- @retval EFI_ACCESS_DENIED The record is exclusive. >>- @retval EFI_SECURITY_VIOLATION The current user does not have >>permission to change the specified >>- user profile or user information record. >>- @retval EFI_NOT_FOUND User does not refer to a valid user profile or >>UserInfo does not >>- refer to a valid user info handle. >>- @retval EFI_INVALID_PARAMETER UserInfo is NULL or Info is NULL. >>-**/ >>-EFI_STATUS >>-EFIAPI >>-UserProfileSetInfo ( >>- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >>- IN EFI_USER_PROFILE_HANDLE User, >>- IN OUT EFI_USER_INFO_HANDLE *UserInfo, >>- IN CONST EFI_USER_INFO *Info, >>- IN UINTN InfoSize >>- ) >>-{ >>- EFI_STATUS Status; >>- >>- if ((This == NULL) || (User == NULL) || (UserInfo == NULL) || (Info == >NULL)) >>{ >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- // >>- // Check the right of the current user. >>- // >>- if (User != mCurrentUser) { >>- if (!CheckCurrentUserAccessRight (EFI_USER_INFO_ACCESS_MANAGE)) { >>- if (*UserInfo != NULL) { >>- // >>- // Can't update info in other profiles without MANAGE right. >>- // >>- return EFI_SECURITY_VIOLATION; >>- } >>- >>- if (!CheckCurrentUserAccessRight >>(EFI_USER_INFO_ACCESS_ENROLL_OTHERS)) { >>- // >>- // Can't add info into other profiles. >>- // >>- return EFI_SECURITY_VIOLATION; >>- } >>- } >>- } >>- >>- if (User == mCurrentUser) { >>- if (CheckCurrentUserAccessRight >(EFI_USER_INFO_ACCESS_ENROLL_SELF)) >>{ >>- // >>- // Only identify policy can be added/updated. >>- // >>- if (Info->InfoType != EFI_USER_INFO_IDENTITY_POLICY_RECORD) { >>- return EFI_SECURITY_VIOLATION; >>- } >>- } >>- } >>- >>- // >>- // Modify user information. >>- // >>- Status = ModifyUserInfo (User, (EFI_USER_INFO **) UserInfo, Info, >>InfoSize); >>- if (EFI_ERROR (Status)) { >>- if (Status == EFI_ACCESS_DENIED) { >>- return EFI_ACCESS_DENIED; >>- } >>- return EFI_SECURITY_VIOLATION; >>- } >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- Called by credential provider to notify of information change. >>- >>- This function allows the credential provider to notify the User Identity >>Manager when user status >>- has changed. >>- If the User Identity Manager doesn't support asynchronous changes in >>credentials, then this function >>- should return EFI_UNSUPPORTED. >>- If current user does not exist, and the credential provider can identify a >user, >>then make the user >>- to be current user and signal the >>EFI_EVENT_GROUP_USER_PROFILE_CHANGED event. >>- If current user already exists, and the credential provider can identify >>another user, then switch >>- current user to the newly identified user, and signal the >>EFI_EVENT_GROUP_USER_PROFILE_CHANGED event. >>- If current user was identified by this credential provider and now the >>credential provider cannot identify >>- current user, then logout current user and signal the >>EFI_EVENT_GROUP_USER_PROFILE_CHANGED event. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_MANAGER_PROTOCOL. >>- @param[in] Changed Handle on which is installed an instance of the >>EFI_USER_CREDENTIAL2_PROTOCOL >>- where the user has changed. >>- >>- @retval EFI_SUCCESS The User Identity Manager has handled the >>notification. >>- @retval EFI_NOT_READY The function was called while the specified >>credential provider was not selected. >>- @retval EFI_UNSUPPORTED The User Identity Manager doesn't support >>asynchronous notifications. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-UserProfileNotify ( >>- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >>- IN EFI_HANDLE Changed >>- ) >>-{ >>- return EFI_UNSUPPORTED; >>-} >>- >>- >>-/** >>- Delete user information. >>- >>- Delete the user information attached to the user profile specified by the >>UserInfo. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_MANAGER_PROTOCOL. >>- @param[in] User Handle of the user whose information will be >>deleted. >>- @param[in] UserInfo Handle of the user information to remove. >>- >>- @retval EFI_SUCCESS User information deleted successfully. >>- @retval EFI_NOT_FOUND User information record UserInfo does not >>exist in the user profile. >>- @retval EFI_ACCESS_DENIED The current user does not have permission >to >>delete this user information. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-UserProfileDeleteInfo ( >>- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >>- IN EFI_USER_PROFILE_HANDLE User, >>- IN EFI_USER_INFO_HANDLE UserInfo >>- ) >>-{ >>- EFI_STATUS Status; >>- >>- if (This == NULL) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- // >>- // Check the right of the current user. >>- // >>- if (User != mCurrentUser) { >>- if (!CheckCurrentUserAccessRight (EFI_USER_INFO_ACCESS_MANAGE)) { >>- return EFI_ACCESS_DENIED; >>- } >>- } >>- >>- // >>- // Delete user information. >>- // >>- Status = DelUserInfo (User, UserInfo, TRUE); >>- if (EFI_ERROR (Status)) { >>- if (Status == EFI_NOT_FOUND) { >>- return EFI_NOT_FOUND; >>- } >>- return EFI_ACCESS_DENIED; >>- } >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- Enumerate user information of all the enrolled users on the platform. >>- >>- This function returns the next user information record. To retrieve the first >>user >>- information record handle, point UserInfo at a NULL. Each subsequent call >>will retrieve >>- another user information record handle until there are no more, at which >>point UserInfo >>- will point to NULL. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_MANAGER_PROTOCOL. >>- @param[in] User Handle of the user whose information will be >>deleted. >>- @param[in, out] UserInfo Handle of the user information to remove. >>- >>- @retval EFI_SUCCESS User information returned. >>- @retval EFI_NOT_FOUND No more user information found. >>- @retval EFI_INVALID_PARAMETER UserInfo is NULL. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-UserProfileGetNextInfo ( >>- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >>- IN EFI_USER_PROFILE_HANDLE User, >>- IN OUT EFI_USER_INFO_HANDLE *UserInfo >>- ) >>-{ >>- if ((This == NULL) || (UserInfo == NULL)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- // >>- // Get next user information entry. >>- // >>- return FindUserInfo (User, (EFI_USER_INFO **) UserInfo, TRUE, NULL); >>-} >>- >>- >>-/** >>- Main entry for this driver. >>- >>- @param[in] ImageHandle Image handle this driver. >>- @param[in] SystemTable Pointer to SystemTable. >>- >>- @retval EFI_SUCESS This function always complete successfully. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-UserIdentifyManagerInit ( >>- IN EFI_HANDLE ImageHandle, >>- IN EFI_SYSTEM_TABLE *SystemTable >>- ) >>-{ >>- >>- EFI_STATUS Status; >>- >>- // >>- // It is NOT robust enough to be included in production. >>- // >>- #error "This implementation is just a sample, please comment this line if >you >>really want to use this driver." >>- >>- // >>- // Initiate form browser. >>- // >>- InitFormBrowser (); >>- >>- // >>- // Install protocol interfaces for the User Identity Manager. >>- // >>- Status = gBS->InstallProtocolInterface ( >>- &mCallbackInfo->DriverHandle, >>- &gEfiUserManagerProtocolGuid, >>- EFI_NATIVE_INTERFACE, >>- &gUserIdentifyManager >>- ); >>- ASSERT_EFI_ERROR (Status); >>- >>- LoadDeferredImageInit (ImageHandle); >>- return EFI_SUCCESS; >>-} >>- >>- >>diff --git >>a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMa >n >>ager.h >>b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMa >n >>ager.h >>deleted file mode 100644 >>index 1c449b0128..0000000000 >>--- >>a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMa >n >>ager.h >>+++ /dev/null >>@@ -1,413 +0,0 @@ >>-/** @file >>- The header file for User identify Manager driver. >>- >>-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >>-This program and the accompanying materials >>-are licensed and made available under the terms and conditions of the BSD >>License >>-which accompanies this distribution. The full text of the license may be >>found at >>-http://opensource.org/licenses/bsd-license.php >>- >>-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >>-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>- >>-**/ >>- >>-#ifndef _USER_IDENTIFY_MANAGER_H_ >>-#define _USER_IDENTIFY_MANAGER_H_ >>- >>-#include <Uefi.h> >>- >>-#include <Guid/GlobalVariable.h> >>-#include <Guid/MdeModuleHii.h> >>- >>-#include <Protocol/FormBrowser2.h> >>-#include <Protocol/HiiDatabase.h> >>-#include <Protocol/HiiConfigAccess.h> >>-#include <Protocol/HiiString.h> >>-#include <Protocol/HiiConfigRouting.h> >>-#include <Protocol/UserCredential2.h> >>-#include <Protocol/UserManager.h> >>-#include <Protocol/DeferredImageLoad.h> >>-#include <Protocol/SimpleTextOut.h> >>-#include <Protocol/SimpleTextIn.h> >>-#include <Protocol/SimpleTextInEx.h> >>- >>-#include <Library/UefiRuntimeServicesTableLib.h> >>-#include <Library/UefiBootServicesTableLib.h> >>-#include <Library/MemoryAllocationLib.h> >>-#include <Library/BaseMemoryLib.h> >>-#include <Library/DevicePathLib.h> >>-#include <Library/DebugLib.h> >>-#include <Library/UefiLib.h> >>-#include <Library/PrintLib.h> >>-#include <Library/HiiLib.h> >>- >>-#include "UserIdentifyManagerData.h" >>- >>-// >>-// This is the generated IFR binary data for each formset defined in VFR. >>-// This data array is ready to be used as input of HiiAddPackages() to >>-// create a packagelist. >>-// >>-extern UINT8 UserIdentifyManagerVfrBin[]; >>- >>-// >>-// This is the generated String package data for all .UNI files. >>-// This data array is ready to be used as input of HiiAddPackages() to >>-// create a packagelist. >>-// >>-extern UINT8 UserIdentifyManagerStrings[]; >>- >>-#define USER_NUMBER_INC 32 >>-#define DEFAULT_PROFILE_SIZE 512 >>-#define INFO_PAYLOAD_SIZE 64 >>- >>-// >>-// Credential Provider Information. >>-// >>-typedef struct { >>- UINTN Count; >>- EFI_USER_CREDENTIAL2_PROTOCOL *Provider[1]; >>-} CREDENTIAL_PROVIDER_INFO; >>- >>-// >>-// Internal user profile entry. >>-// >>-typedef struct { >>- UINTN MaxProfileSize; >>- UINTN UserProfileSize; >>- CHAR16 UserVarName[9]; >>- UINT8 *ProfileInfo; >>-} USER_PROFILE_ENTRY; >>- >>-// >>-// Internal user profile database. >>-// >>-typedef struct { >>- UINTN UserProfileNum; >>- UINTN MaxProfileNum; >>- EFI_USER_PROFILE_HANDLE UserProfile[1]; >>-} USER_PROFILE_DB; >>- >>-#define USER_MANAGER_SIGNATURE SIGNATURE_32 ('U', 'I', 'M', 'S') >>- >>-typedef struct { >>- UINTN Signature; >>- EFI_HANDLE DriverHandle; >>- EFI_HII_HANDLE HiiHandle; >>- >>- // >>- // Consumed protocol. >>- // >>- EFI_HII_DATABASE_PROTOCOL *HiiDatabase; >>- EFI_HII_STRING_PROTOCOL *HiiString; >>- EFI_HII_CONFIG_ROUTING_PROTOCOL *HiiConfigRouting; >>- EFI_FORM_BROWSER2_PROTOCOL *FormBrowser2; >>- >>- // >>- // Produced protocol. >>- // >>- EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess; >>-} USER_MANAGER_CALLBACK_INFO; >>- >>-/// >>-/// HII specific Vendor Device Path definition. >>-/// >>-typedef struct { >>- VENDOR_DEVICE_PATH VendorDevicePath; >>- EFI_DEVICE_PATH_PROTOCOL End; >>-} HII_VENDOR_DEVICE_PATH; >>- >>-/** >>- Register an event notification function for the user profile changed. >>- >>- @param[in] ImageHandle Image handle this driver. >>- >>-**/ >>-VOID >>-LoadDeferredImageInit ( >>- IN EFI_HANDLE ImageHandle >>- ); >>- >>- >>-/** >>- This function creates a new user profile with only >>- a new user identifier attached and returns its handle. >>- The user profile is non-volatile, but the handle User >>- can change across reboots. >>- >>- @param[in] This Protocol EFI_USER_MANAGER_PROTOCOL >>instance >>- pointer. >>- @param[out] User Handle of a new user profile. >>- >>- @retval EFI_SUCCESS User profile was successfully created. >>- @retval EFI_ACCESS_DENIED Current user does not have sufficient >>permissions >>- to create a user profile. >>- @retval EFI_UNSUPPORTED Creation of new user profiles is not >>supported. >>- @retval EFI_INVALID_PARAMETER User is NULL. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-UserProfileCreate ( >>- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >>- OUT EFI_USER_PROFILE_HANDLE *User >>- ); >>- >>- >>-/** >>- Delete an existing user profile. >>- >>- @param This Protocol EFI_USER_MANAGER_PROTOCOL instance >>- pointer. >>- @param User User profile handle. >>- >>- @retval EFI_SUCCESS User profile was successfully deleted. >>- @retval EFI_ACCESS_DENIED Current user does not have sufficient >>permissions >>- to delete a user profile or there is only one >>- user profile. >>- @retval EFI_UNSUPPORTED Deletion of new user profiles is not >>supported. >>- @retval EFI_INVALID_PARAMETER User does not refer to a valid user >>profile. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-UserProfileDelete ( >>- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >>- IN EFI_USER_PROFILE_HANDLE User >>- ); >>- >>- >>-/** >>- Get next user profile from the user profile database. >>- >>- @param[in] This Protocol EFI_USER_MANAGER_PROTOCOL >>instance >>- pointer. >>- @param[in, out] User User profile handle. >>- >>- @retval EFI_SUCCESS Next enrolled user profile successfully >returned. >>- @retval EFI_INVALID_PARAMETER User is NULL. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-UserProfileGetNext ( >>- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >>- IN OUT EFI_USER_PROFILE_HANDLE *User >>- ); >>- >>- >>-/** >>- This function returns the current user profile handle. >>- >>- @param[in] This Protocol EFI_USER_MANAGER_PROTOCOL >>instance pointer. >>- @param[out] CurrentUser User profile handle. >>- >>- @retval EFI_SUCCESS Current user profile handle returned >>successfully. >>- @retval EFI_INVALID_PARAMETER CurrentUser is NULL. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-UserProfileCurrent ( >>- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >>- OUT EFI_USER_PROFILE_HANDLE *CurrentUser >>- ); >>- >>- >>-/** >>- Identify the user and, if authenticated, returns the user handle and >changes >>- the current user profile. >>- >>- @param This Protocol EFI_USER_MANAGER_PROTOCOL instance >>pointer. >>- @param CurrentUser User profile handle. >>- >>- @retval EFI_SUCCESS User was successfully identified. >>- @retval EFI_INVALID_PARAMETER User is NULL. >>- @retval EFI_ACCESS_DENIED User was not successfully identified. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-UserProfileIdentify ( >>- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >>- OUT EFI_USER_PROFILE_HANDLE *User >>- ); >>- >>- >>-/** >>- Find a user using a user information record. >>- >>- This function searches all user profiles for the specified user information >>record. >>- The search starts with the user information record handle following >>UserInfo and >>- continues until either the information is found or there are no more user >>profiles. >>- A match occurs when the Info.InfoType field matches the user information >>record >>- type and the user information record data matches the portion of Info >>passed the >>- EFI_USER_INFO header. >>- >>- @param[in] This Points to this instance of the >>EFI_USER_MANAGER_PROTOCOL. >>- @param[in, out] User On entry, points to the previously returned user >>profile >>- handle, or NULL to start searching with the first user profile. >>- On return, points to the user profile handle, or NULL if not >>- found. >>- @param[in, out] UserInfo On entry, points to the previously returned user >>information >>- handle, or NULL to start searching with the first. On return, >>- points to the user information handle of the user information >>- record, or NULL if not found. Can be NULL, in which case only >>- one user information record per user can be returned. >>- @param[in] Info Points to the buffer containing the user information >to >>be >>- compared to the user information record. If NULL, then only >>- the user information record type is compared. If InfoSize is 0, >>- then the user information record must be empty. >>- >>- @param[in] InfoSize The size of Info, in bytes. >>- >>- @retval EFI_SUCCESS User information was found. User points to the >>user profile handle, >>- and UserInfo points to the user information handle. >>- @retval EFI_NOT_FOUND User information was not found. User points >to >>NULL and UserInfo >>- points to NULL. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-UserProfileFind ( >>- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >>- IN OUT EFI_USER_PROFILE_HANDLE *User, >>- IN OUT EFI_USER_INFO_HANDLE *UserInfo OPTIONAL, >>- IN CONST EFI_USER_INFO *Info, >>- IN UINTN InfoSize >>- ); >>- >>- >>-/** >>- This function returns user information. >>- >>- @param This Protocol EFI_USER_MANAGER_PROTOCOL instance >>- pointer. >>- @param User Handle of the user whose profile will be >>- retrieved. >>- @param UserInfo Handle of the user information data record. >>- @param Info On entry, points to a buffer of at least >>- *InfoSize bytes. On exit, holds the user >>- information. >>- @param InfoSize On entry, points to the size of Info. On return, >>- points to the size of the user information. >>- >>- @retval EFI_SUCCESS Information returned successfully. >>- @retval EFI_ACCESS_DENIED The information about the specified user >>cannot >>- be accessed by the current user. >>- EFI_BUFFER_TOO_SMALL- The number of bytes >>- specified by *InfoSize is too small to hold the >>- returned data. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-UserProfileGetInfo ( >>- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >>- IN EFI_USER_PROFILE_HANDLE User, >>- IN EFI_USER_INFO_HANDLE UserInfo, >>- OUT EFI_USER_INFO *Info, >>- IN OUT UINTN *InfoSize >>- ); >>- >>- >>-/** >>- This function changes user information. >>- >>- @param This Protocol EFI_USER_MANAGER_PROTOCOL instance >>- pointer. >>- @param User Handle of the user whose profile will be >>- retrieved. >>- @param UserInfo Handle of the user information data record. >>- @param Info Points to the user information. >>- @param InfoSize The size of Info, in bytes. >>- >>- @retval EFI_SUCCESS User profile information was successfully >>- changed/added. >>- @retval EFI_ACCESS_DENIED The record is exclusive. >>- @retval EFI_SECURITY_VIOLATION The current user does not have >>permission to >>- change the specified user profile or user >>- information record. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-UserProfileSetInfo ( >>- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >>- IN EFI_USER_PROFILE_HANDLE User, >>- IN OUT EFI_USER_INFO_HANDLE *UserInfo, >>- IN CONST EFI_USER_INFO *Info, >>- IN UINTN InfoSize >>- ); >>- >>- >>-/** >>- This function allows the credential provider to notify the User Identity >>Manager >>- when user status has changed while deselected. >>- >>- @param This Protocol EFI_USER_MANAGER_PROTOCOL instance >>- pointer. >>- @param Changed Points to the instance of the >>- EFI_USER_CREDENTIAL_PROTOCOL where the user has >>- changed. >>- >>- @retval EFI_SUCCESS The User Identity Manager has handled the >>- notification. >>- @retval EFI_NOT_READY The function was called while the specified >>- credential provider was not selected. >>- @retval EFI_UNSUPPORTED The User Identity Manager doesn't >support >>- asynchronous notifications. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-UserProfileNotify ( >>- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >>- IN EFI_HANDLE Changed >>- ); >>- >>- >>-/** >>- Delete the user information attached to the user profile specified by the >>UserInfo. >>- >>- @param This Protocol EFI_USER_MANAGER_PROTOCOL instance >>pointer. >>- @param User Handle of the user whose profile will be retrieved. >>- @param UserInfo Handle of the user information data record. >>- >>- @retval EFI_SUCCESS User information deleted successfully. >>- @retval EFI_ACCESS_DENIED The current user does not have >permission >>to >>- delete this user in-formation. >>- @retval EFI_NOT_FOUND User information record UserInfo does not >>exist >>- in the user pro-file. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-UserProfileDeleteInfo ( >>- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >>- IN EFI_USER_PROFILE_HANDLE User, >>- IN EFI_USER_INFO_HANDLE UserInfo >>- ); >>- >>- >>-/** >>- This function returns the next user information record. >>- >>- @param This Protocol EFI_USER_MANAGER_PROTOCOL instance >>pointer. >>- @param User Handle of the user whose profile will be retrieved. >>- @param UserInfo Handle of the user information data record. >>- >>- @retval EFI_SUCCESS User information returned. >>- @retval EFI_NOT_FOUND No more user information found. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-UserProfileGetNextInfo ( >>- IN CONST EFI_USER_MANAGER_PROTOCOL *This, >>- IN EFI_USER_PROFILE_HANDLE User, >>- IN OUT EFI_USER_INFO_HANDLE *UserInfo >>- ); >>- >>-#endif >>diff --git >>a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMa >n >>ager.uni >>b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMa >n >>ager.uni >>deleted file mode 100644 >>index 82c72baeeb..0000000000 >>--- >>a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMa >n >>ager.uni >>+++ /dev/null >>@@ -1,21 +0,0 @@ >>-// /** @file >>-// Produces user manager protocol >>-// >>-// This module manages user information and produces user manager >>protocol. >>-// >>-// Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR> >>-// >>-// This program and the accompanying materials >>-// are licensed and made available under the terms and conditions of the >BSD >>License >>-// which accompanies this distribution. The full text of the license may be >>found at >>-// http://opensource.org/licenses/bsd-license.php >>-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >>BASIS, >>-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>-// >>-// **/ >>- >>- >>-#string STR_MODULE_ABSTRACT #language en-US "Produces user >>manager protocol" >>- >>-#string STR_MODULE_DESCRIPTION #language en-US "This module >>manages user information and produces user manager protocol." >>- >>diff --git >>a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMa >n >>agerData.h >>b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMa >n >>agerData.h >>deleted file mode 100644 >>index 4e07ddd309..0000000000 >>--- >>a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMa >n >>agerData.h >>+++ /dev/null >>@@ -1,35 +0,0 @@ >>-/** @file >>- Data structure used by the user identify manager driver. >>- >>-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >>-This program and the accompanying materials >>-are licensed and made available under the terms and conditions of the BSD >>License >>-which accompanies this distribution. The full text of the license may be >>found at >>-http://opensource.org/licenses/bsd-license.php >>- >>-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >>-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>- >>-**/ >>- >>-#ifndef _USER_IDENTIFY_MANAGER_DATA_H_ >>-#define _USER_IDENTIFY_MANAGER_DATA_H_ >>- >>-#include <Guid/UserIdentifyManagerHii.h> >>- >>-// >>-// Forms definition. >>-// >>-#define FORMID_USER_FORM 1 >>-#define FORMID_PROVIDER_FORM 2 >>-#define FORMID_INVALID_FORM 0x0FFF >>- >>-// >>-// Labels definition. >>-// >>-#define LABEL_USER_NAME 0x1000 >>-#define LABEL_PROVIDER_NAME 0x3000 >>-#define LABEL_END 0xffff >>-#define FORM_OPEN_QUESTION_ID 0xfffe >>- >>-#endif >>diff --git >>a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMa >n >>agerDxe.inf >>b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMa >n >>agerDxe.inf >>deleted file mode 100644 >>index 27e8ba19ad..0000000000 >>--- >>a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMa >n >>agerDxe.inf >>+++ /dev/null >>@@ -1,79 +0,0 @@ >>-## @file >>-# Produces user manager protocol >>-# >>-# This module manages user information and produces user manager >>protocol. >>-# >>-# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >>-# This program and the accompanying materials >>-# are licensed and made available under the terms and conditions of the >BSD >>License >>-# which accompanies this distribution. The full text of the license may be >>found at >>-# http://opensource.org/licenses/bsd-license.php >>-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >>BASIS, >>-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>-# >>-## >>- >>-[defines] >>- INF_VERSION = 0x00010005 >>- BASE_NAME = UserIdentifyManager >>- MODULE_UNI_FILE = UserIdentifyManager.uni >>- FILE_GUID = C5D3191B-27D5-4873-8DF2-628136991A21 >>- MODULE_TYPE = DXE_DRIVER >>- VERSION_STRING = 1.0 >>- ENTRY_POINT = UserIdentifyManagerInit >>- >>-[sources] >>- UserIdentifyManager.c >>- LoadDeferredImage.c >>- UserIdentifyManager.h >>- UserIdentifyManagerData.h >>- UserIdentifyManagerStrings.uni >>- UserIdentifyManagerVfr.Vfr >>- >>-[Packages] >>- MdePkg/MdePkg.dec >>- MdeModulePkg/MdeModulePkg.dec >>- SecurityPkg/SecurityPkg.dec >>- >>-[LibraryClasses] >>- UefiRuntimeServicesTableLib >>- UefiBootServicesTableLib >>- UefiDriverEntryPoint >>- MemoryAllocationLib >>- BaseMemoryLib >>- DebugLib >>- HiiLib >>- UefiLib >>- >>-[Guids] >>- gEfiIfrTianoGuid ## SOMETIMES_CONSUMES ## GUID >>- gEfiEventUserProfileChangedGuid ## SOMETIMES_PRODUCES ## >>Event >>- >>- ## SOMETIMES_PRODUCES ## Variable:L"Userxxxx" >>- ## SOMETIMES_CONSUMES ## Variable:L"Userxxxx" >>- ## CONSUMES ## HII >>- gUserIdentifyManagerGuid >>- >>-[Protocols] >>- gEfiFormBrowser2ProtocolGuid ## CONSUMES >>- gEfiHiiDatabaseProtocolGuid ## CONSUMES >>- gEfiUserCredential2ProtocolGuid ## SOMETIMES_CONSUMES >>- gEfiDeferredImageLoadProtocolGuid ## SOMETIMES_CONSUMES >>- gEfiSimpleTextOutProtocolGuid ## SOMETIMES_CONSUMES >>- gEfiSimpleTextInProtocolGuid ## SOMETIMES_CONSUMES >>- gEfiSimpleTextInputExProtocolGuid ## SOMETIMES_CONSUMES >>- gEfiHiiConfigAccessProtocolGuid ## PRODUCES >>- gEfiDevicePathProtocolGuid ## PRODUCES >>- >>- ## PRODUCES >>- ## SOMETIMES_PRODUCES ## SystemTable >>- gEfiUserManagerProtocolGuid >>- >>-[Depex] >>- gEfiHiiDatabaseProtocolGuid AND >>- gEfiHiiStringProtocolGuid AND >>- gEfiFormBrowser2ProtocolGuid >>- >>-[UserExtensions.TianoCore."ExtraFiles"] >>- UserIdentifyManagerExtra.uni >>- >>diff --git >>a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMa >n >>agerExtra.uni >>b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMa >n >>agerExtra.uni >>deleted file mode 100644 >>index 8b7cba7b32..0000000000 >>--- >>a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMa >n >>agerExtra.uni >>+++ /dev/null >>@@ -1,19 +0,0 @@ >>-// /** @file >>-// UserIdentifyManager Localized Strings and Content >>-// >>-// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> >>-// >>-// This program and the accompanying materials >>-// are licensed and made available under the terms and conditions of the >BSD >>License >>-// which accompanies this distribution. The full text of the license may be >>found at >>-// http://opensource.org/licenses/bsd-license.php >>-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >>BASIS, >>-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>-// >>-// **/ >>- >>-#string STR_PROPERTIES_MODULE_NAME >>-#language en-US >>-"User Identify Manager" >>- >>- >>diff --git >>a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMa >n >>agerStrings.uni >>b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMa >n >>agerStrings.uni >>deleted file mode 100644 >>index fcbf5005cd..0000000000 >>--- >>a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMa >n >>agerStrings.uni >>+++ /dev/null >>@@ -1,27 +0,0 @@ >>-/** @file >>- String definitions for the User Identify Manager driver. >>- >>-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >>-This program and the accompanying materials >>-are licensed and made available under the terms and conditions of the BSD >>License >>-which accompanies this distribution. The full text of the license may be >>found at >>-http://opensource.org/licenses/bsd-license.php. >>- >>-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >>-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>- >>-**/ >>- >>-#langdef en-US "English" >>-#langdef fr-FR "Francais" >>- >>-#string STR_TITLE #language en-US "User Identity >Manager" >>- #language fr-FR "User Identity Manager(French)" >>-#string STR_USER_SELECT #language en-US "User Selection" >>- #language fr-FR "User Selection(French)" >>-#string STR_PROVIDER_SELECT #language en-US "Provider >>Selection" >>- #language fr-FR "User Selection(French)" >>-#string STR_NULL_STRING #language en-US "" >>- #language fr-FR "" >>- >>- >>diff --git >>a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMa >n >>agerVfr.Vfr >>b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMa >n >>agerVfr.Vfr >>deleted file mode 100644 >>index 306679776d..0000000000 >>--- >>a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyMa >n >>agerVfr.Vfr >>+++ /dev/null >>@@ -1,43 +0,0 @@ >>-/** @file >>- User identify manager formset. >>- >>-Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR> >>-This program and the accompanying materials >>-are licensed and made available under the terms and conditions of the BSD >>License >>-which accompanies this distribution. The full text of the license may be >>found at >>-http://opensource.org/licenses/bsd-license.php >>- >>-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >>-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>- >>-**/ >>- >>-#include "UserIdentifyManagerData.h" >>- >>-formset >>- guid = USER_IDENTIFY_MANAGER_GUID, >>- title = STRING_TOKEN(STR_TITLE), >>- help = STRING_TOKEN(STR_NULL_STRING), >>- classguid = USER_IDENTIFY_MANAGER_GUID, >>- >>- form formid = FORMID_USER_FORM, >>- title = STRING_TOKEN(STR_USER_SELECT); >>- >>- suppressif TRUE; >>- text >>- help = STRING_TOKEN(STR_NULL_STRING), >>- text = STRING_TOKEN(STR_NULL_STRING), >>- flags = INTERACTIVE, >>- key = FORM_OPEN_QUESTION_ID; >>- endif; >>- >>- label LABEL_USER_NAME; >>- label LABEL_END; >>- endform; >>- >>- form formid = FORMID_PROVIDER_FORM, >>- title = STRING_TOKEN(STR_PROVIDER_SELECT); >>- label LABEL_PROVIDER_NAME; >>- label LABEL_END; >>- endform; >>-endformset; >>\ No newline at end of file >>diff --git >>a/SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyAccessPoli >c >>y.c >>b/SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyAccessPoli >c >>y.c >>deleted file mode 100644 >>index 56d3b1df98..0000000000 >>--- >>a/SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyAccessPoli >c >>y.c >>+++ /dev/null >>@@ -1,688 +0,0 @@ >>-/** @file >>- The functions for access policy modification. >>- >>-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >>-This program and the accompanying materials >>-are licensed and made available under the terms and conditions of the BSD >>License >>-which accompanies this distribution. The full text of the license may be >>found at >>-http://opensource.org/licenses/bsd-license.php >>- >>-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >>-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>- >>-**/ >>- >>-#include "UserProfileManager.h" >>- >>-/** >>- Collect all the access policy data to mUserInfo.AccessPolicy, >>- and save it to user profile. >>- >>-**/ >>-VOID >>-SaveAccessPolicy ( >>- VOID >>- ) >>-{ >>- EFI_STATUS Status; >>- UINTN OffSet; >>- UINTN Size; >>- EFI_USER_INFO_ACCESS_CONTROL Control; >>- EFI_USER_INFO_HANDLE UserInfo; >>- EFI_USER_INFO *Info; >>- >>- if (mUserInfo.AccessPolicy != NULL) { >>- FreePool (mUserInfo.AccessPolicy); >>- } >>- mUserInfo.AccessPolicy = NULL; >>- mUserInfo.AccessPolicyLen = 0; >>- mUserInfo.AccessPolicyModified = TRUE; >>- OffSet = 0; >>- >>- // >>- // Save access right. >>- // >>- Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL); >>- if (mUserInfo.AccessPolicyLen - OffSet < Size) { >>- ExpandMemory (OffSet, Size); >>- } >>- >>- Control.Type = mAccessInfo.AccessRight; >>- Control.Size = (UINT32) Size; >>- CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); >>- OffSet += sizeof (Control); >>- >>- // >>- // Save access setup. >>- // >>- Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + sizeof (EFI_GUID); >>- if (mUserInfo.AccessPolicyLen - OffSet < Size) { >>- ExpandMemory (OffSet, Size); >>- } >>- >>- Control.Type = EFI_USER_INFO_ACCESS_SETUP; >>- Control.Size = (UINT32) Size; >>- CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); >>- OffSet += sizeof (Control); >>- >>- if (mAccessInfo.AccessSetup == ACCESS_SETUP_NORMAL) { >>- CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), >>&gEfiUserInfoAccessSetupNormalGuid); >>- } else if (mAccessInfo.AccessSetup == ACCESS_SETUP_RESTRICTED) { >>- CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), >>&gEfiUserInfoAccessSetupRestrictedGuid); >>- } else if (mAccessInfo.AccessSetup == ACCESS_SETUP_ADMIN) { >>- CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), >>&gEfiUserInfoAccessSetupAdminGuid); >>- } >>- OffSet += sizeof (EFI_GUID); >>- >>- // >>- // Save access of boot order. >>- // >>- Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + sizeof (UINT32); >>- if (mUserInfo.AccessPolicyLen - OffSet < Size) { >>- ExpandMemory (OffSet, Size); >>- } >>- >>- Control.Type = EFI_USER_INFO_ACCESS_BOOT_ORDER; >>- Control.Size = (UINT32) Size; >>- CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); >>- OffSet += sizeof (Control); >>- >>- CopyMem ((UINT8 *) (mUserInfo.AccessPolicy + OffSet), >>&mAccessInfo.AccessBootOrder, sizeof (UINT32)); >>- OffSet += sizeof (UINT32); >>- >>- // >>- // Save permit load. >>- // >>- if (mAccessInfo.LoadPermitLen > 0) { >>- Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + >>mAccessInfo.LoadPermitLen; >>- if (mUserInfo.AccessPolicyLen - OffSet < Size) { >>- ExpandMemory (OffSet, Size); >>- } >>- >>- Control.Type = EFI_USER_INFO_ACCESS_PERMIT_LOAD; >>- Control.Size = (UINT32) Size; >>- CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); >>- OffSet += sizeof (Control); >>- >>- CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.LoadPermit, >>mAccessInfo.LoadPermitLen); >>- OffSet += mAccessInfo.LoadPermitLen; >>- } >>- >>- // >>- // Save forbid load. >>- // >>- if (mAccessInfo.LoadForbidLen > 0) { >>- Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + >>mAccessInfo.LoadForbidLen; >>- if (mUserInfo.AccessPolicyLen - OffSet < Size) { >>- ExpandMemory (OffSet, Size); >>- } >>- >>- Control.Type = EFI_USER_INFO_ACCESS_FORBID_LOAD; >>- Control.Size = (UINT32) Size; >>- CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); >>- OffSet += sizeof (Control); >>- >>- CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.LoadForbid, >>mAccessInfo.LoadForbidLen); >>- OffSet += mAccessInfo.LoadForbidLen; >>- } >>- >>- // >>- // Save permit connect. >>- // >>- if (mAccessInfo.ConnectPermitLen > 0) { >>- Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + >>mAccessInfo.ConnectPermitLen; >>- if (mUserInfo.AccessPolicyLen - OffSet < Size) { >>- ExpandMemory (OffSet, Size); >>- } >>- >>- Control.Type = EFI_USER_INFO_ACCESS_PERMIT_CONNECT; >>- Control.Size = (UINT32) Size; >>- CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); >>- OffSet += sizeof (Control); >>- >>- CopyMem (mUserInfo.AccessPolicy + OffSet, >mAccessInfo.ConnectPermit, >>mAccessInfo.ConnectPermitLen); >>- OffSet += mAccessInfo.ConnectPermitLen; >>- } >>- >>- // >>- // Save forbid connect. >>- // >>- if (mAccessInfo.ConnectForbidLen > 0) { >>- Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + >>mAccessInfo.ConnectForbidLen; >>- if (mUserInfo.AccessPolicyLen - OffSet < Size) { >>- ExpandMemory (OffSet, Size); >>- } >>- >>- Control.Type = EFI_USER_INFO_ACCESS_FORBID_CONNECT; >>- Control.Size = (UINT32) Size; >>- CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); >>- OffSet += sizeof (Control); >>- >>- CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.ConnectForbid, >>mAccessInfo.ConnectForbidLen); >>- OffSet += mAccessInfo.ConnectForbidLen; >>- } >>- >>- mUserInfo.AccessPolicyLen = OffSet; >>- >>- // >>- // Save access policy. >>- // >>- if (mUserInfo.AccessPolicyModified && (mUserInfo.AccessPolicyLen > 0) >>&& (mUserInfo.AccessPolicy != NULL)) { >>- Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + >>mUserInfo.AccessPolicyLen); >>- if (Info == NULL) { >>- return ; >>- } >>- >>- Status = FindInfoByType (mModifyUser, >>EFI_USER_INFO_ACCESS_POLICY_RECORD, &UserInfo); >>- if (!EFI_ERROR (Status)) { >>- Info->InfoType = EFI_USER_INFO_ACCESS_POLICY_RECORD; >>- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >>- EFI_USER_INFO_PUBLIC | >>- EFI_USER_INFO_EXCLUSIVE; >>- Info->InfoSize = (UINT32) (sizeof (EFI_USER_INFO) + >>mUserInfo.AccessPolicyLen); >>- CopyMem ((UINT8 *) (Info + 1), mUserInfo.AccessPolicy, >>mUserInfo.AccessPolicyLen); >>- Status = mUserManager->SetInfo ( >>- mUserManager, >>- mModifyUser, >>- &UserInfo, >>- Info, >>- Info->InfoSize >>- ); >>- mUserInfo.AccessPolicyModified = FALSE; >>- } >>- FreePool (Info); >>- } >>- >>- if (mAccessInfo.ConnectForbid != NULL) { >>- FreePool (mAccessInfo.ConnectForbid); >>- mAccessInfo.ConnectForbid = NULL; >>- } >>- >>- if (mAccessInfo.ConnectPermit != NULL) { >>- FreePool (mAccessInfo.ConnectPermit); >>- mAccessInfo.ConnectPermit = NULL; >>- } >>- >>- if (mAccessInfo.LoadForbid != NULL) { >>- FreePool (mAccessInfo.LoadForbid); >>- mAccessInfo.LoadForbid = NULL; >>- } >>- >>- if (mAccessInfo.LoadPermit != NULL) { >>- FreePool (mAccessInfo.LoadPermit); >>- mAccessInfo.LoadPermit = NULL; >>- } >>-} >>- >>-/** >>- Create an action OpCode with QuestionID and DevicePath on a given >>OpCodeHandle. >>- >>- @param[in] QuestionID The question ID. >>- @param[in] DevicePath Points to device path. >>- @param[in] OpCodeHandle Points to container for dynamic created >>opcodes. >>- >>-**/ >>-VOID >>-AddDevicePath ( >>- IN UINTN QuestionID, >>- IN EFI_DEVICE_PATH_PROTOCOL *DevicePath, >>- IN VOID *OpCodeHandle >>- ) >>-{ >>- EFI_DEVICE_PATH_PROTOCOL *Next; >>- EFI_STRING_ID NameID; >>- EFI_STRING DriverName; >>- >>- // >>- // Get driver file name node. >>- // >>- Next = DevicePath; >>- while (!IsDevicePathEnd (Next)) { >>- DevicePath = Next; >>- Next = NextDevicePathNode (Next); >>- } >>- >>- // >>- // Display the device path in form. >>- // >>- DriverName = ConvertDevicePathToText (DevicePath, FALSE, FALSE); >>- NameID = HiiSetString (mCallbackInfo->HiiHandle, 0, DriverName, NULL); >>- FreePool (DriverName); >>- if (NameID == 0) { >>- return ; >>- } >>- >>- HiiCreateActionOpCode ( >>- OpCodeHandle, // Container for dynamic created opcodes >>- (UINT16) QuestionID, // Question ID >>- NameID, // Prompt text >>- STRING_TOKEN (STR_NULL_STRING), // Help text >>- EFI_IFR_FLAG_CALLBACK, // Question flag >>- 0 // Action String ID >>- ); >>-} >>- >>- >>-/** >>- Check whether the DevicePath is in the device path forbid list >>- (mAccessInfo.LoadForbid). >>- >>- @param[in] DevicePath Points to device path. >>- >>- @retval TRUE The DevicePath is in the device path forbid list. >>- @retval FALSE The DevicePath is not in the device path forbid list. >>- >>-**/ >>-BOOLEAN >>-IsLoadForbidden ( >>- IN EFI_DEVICE_PATH_PROTOCOL *DevicePath >>- ) >>-{ >>- UINTN OffSet; >>- UINTN DPSize; >>- UINTN Size; >>- EFI_DEVICE_PATH_PROTOCOL *Dp; >>- >>- OffSet = 0; >>- Size = GetDevicePathSize (DevicePath); >>- // >>- // Check each device path. >>- // >>- while (OffSet < mAccessInfo.LoadForbidLen) { >>- Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + >>OffSet); >>- DPSize = GetDevicePathSize (Dp); >>- // >>- // Compare device path. >>- // >>- if ((DPSize == Size) && (CompareMem (DevicePath, Dp, Size) == 0)) { >>- return TRUE; >>- } >>- OffSet += DPSize; >>- } >>- return FALSE; >>-} >>- >>- >>-/** >>- Display the permit load device path in the loadable device path list. >>- >>-**/ >>-VOID >>-DisplayLoadPermit( >>- VOID >>- ) >>-{ >>- EFI_STATUS Status; >>- CHAR16 *Order; >>- UINTN OrderSize; >>- UINTN ListCount; >>- UINTN Index; >>- UINT8 *Var; >>- UINT8 *VarPtr; >>- CHAR16 VarName[12]; >>- VOID *StartOpCodeHandle; >>- VOID *EndOpCodeHandle; >>- EFI_IFR_GUID_LABEL *StartLabel; >>- EFI_IFR_GUID_LABEL *EndLabel; >>- >>- // >>- // Get DriverOrder. >>- // >>- OrderSize = 0; >>- Status = gRT->GetVariable ( >>- L"DriverOrder", >>- &gEfiGlobalVariableGuid, >>- NULL, >>- &OrderSize, >>- NULL >>- ); >>- if (Status != EFI_BUFFER_TOO_SMALL) { >>- return ; >>- } >>- >>- Order = AllocateZeroPool (OrderSize); >>- if (Order == NULL) { >>- return ; >>- } >>- >>- Status = gRT->GetVariable ( >>- L"DriverOrder", >>- &gEfiGlobalVariableGuid, >>- NULL, >>- &OrderSize, >>- Order >>- ); >>- if (EFI_ERROR (Status)) { >>- return ; >>- } >>- >>- // >>- // Initialize the container for dynamic opcodes. >>- // >>- StartOpCodeHandle = HiiAllocateOpCodeHandle (); >>- ASSERT (StartOpCodeHandle != NULL); >>- >>- EndOpCodeHandle = HiiAllocateOpCodeHandle (); >>- ASSERT (EndOpCodeHandle != NULL); >>- >>- // >>- // Create Hii Extend Label OpCode. >>- // >>- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >>- StartOpCodeHandle, >>- &gEfiIfrTianoGuid, >>- NULL, >>- sizeof (EFI_IFR_GUID_LABEL) >>- ); >>- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >>- StartLabel->Number = LABEL_PERMIT_LOAD_FUNC; >>- >>- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >>- EndOpCodeHandle, >>- &gEfiIfrTianoGuid, >>- NULL, >>- sizeof (EFI_IFR_GUID_LABEL) >>- ); >>- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >>- EndLabel->Number = LABEL_END; >>- >>- // >>- // Add each driver option. >>- // >>- Var = NULL; >>- ListCount = OrderSize / sizeof (UINT16); >>- for (Index = 0; Index < ListCount; Index++) { >>- // >>- // Get driver device path. >>- // >>- UnicodeSPrint (VarName, sizeof (VarName), L"Driver%04x", >Order[Index]); >>- GetEfiGlobalVariable2 (VarName, (VOID**)&Var, NULL); >>- if (Var == NULL) { >>- continue; >>- } >>- >>- // >>- // Check whether the driver is already forbidden. >>- // >>- >>- VarPtr = Var; >>- // >>- // Skip attribute. >>- // >>- VarPtr += sizeof (UINT32); >>- >>- // >>- // Skip device path lenth. >>- // >>- VarPtr += sizeof (UINT16); >>- >>- // >>- // Skip descript string. >>- // >>- VarPtr += StrSize ((UINT16 *) VarPtr); >>- >>- if (IsLoadForbidden ((EFI_DEVICE_PATH_PROTOCOL *) VarPtr)) { >>- FreePool (Var); >>- Var = NULL; >>- continue; >>- } >>- >>- AddDevicePath ( >>- KEY_MODIFY_USER | KEY_MODIFY_AP_DP | >KEY_LOAD_PERMIT_MODIFY >>| Order[Index], >>- (EFI_DEVICE_PATH_PROTOCOL *) VarPtr, >>- StartOpCodeHandle >>- ); >>- FreePool (Var); >>- Var = NULL; >>- } >>- >>- HiiUpdateForm ( >>- mCallbackInfo->HiiHandle, // HII handle >>- &gUserProfileManagerGuid, // Formset GUID >>- FORMID_PERMIT_LOAD_DP, // Form ID >>- StartOpCodeHandle, // Label for where to insert opcodes >>- EndOpCodeHandle // Replace data >>- ); >>- >>- HiiFreeOpCodeHandle (StartOpCodeHandle); >>- HiiFreeOpCodeHandle (EndOpCodeHandle); >>- >>- // >>- // Clear Environment. >>- // >>- if (Var != NULL) { >>- FreePool (Var); >>- } >>- FreePool (Order); >>-} >>- >>- >>-/** >>- Display the forbid load device path list (mAccessInfo.LoadForbid). >>- >>-**/ >>-VOID >>-DisplayLoadForbid ( >>- VOID >>- ) >>-{ >>- UINTN Offset; >>- UINTN DPSize; >>- UINTN Index; >>- EFI_DEVICE_PATH_PROTOCOL *Dp; >>- VOID *StartOpCodeHandle; >>- VOID *EndOpCodeHandle; >>- EFI_IFR_GUID_LABEL *StartLabel; >>- EFI_IFR_GUID_LABEL *EndLabel; >>- >>- // >>- // Initialize the container for dynamic opcodes. >>- // >>- StartOpCodeHandle = HiiAllocateOpCodeHandle (); >>- ASSERT (StartOpCodeHandle != NULL); >>- >>- EndOpCodeHandle = HiiAllocateOpCodeHandle (); >>- ASSERT (EndOpCodeHandle != NULL); >>- >>- // >>- // Create Hii Extend Label OpCode. >>- // >>- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >>- StartOpCodeHandle, >>- &gEfiIfrTianoGuid, >>- NULL, >>- sizeof (EFI_IFR_GUID_LABEL) >>- ); >>- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >>- StartLabel->Number = LABLE_FORBID_LOAD_FUNC; >>- >>- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >>- EndOpCodeHandle, >>- &gEfiIfrTianoGuid, >>- NULL, >>- sizeof (EFI_IFR_GUID_LABEL) >>- ); >>- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >>- EndLabel->Number = LABEL_END; >>- >>- // >>- // Add each forbid load drivers. >>- // >>- Offset = 0; >>- Index = 0; >>- while (Offset < mAccessInfo.LoadForbidLen) { >>- Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + >>Offset); >>- DPSize = GetDevicePathSize (Dp); >>- AddDevicePath ( >>- KEY_MODIFY_USER | KEY_MODIFY_AP_DP | >KEY_LOAD_FORBID_MODIFY >>| Index, >>- Dp, >>- StartOpCodeHandle >>- ); >>- Index++; >>- Offset += DPSize; >>- } >>- >>- HiiUpdateForm ( >>- mCallbackInfo->HiiHandle, // HII handle >>- &gUserProfileManagerGuid, // Formset GUID >>- FORMID_FORBID_LOAD_DP, // Form ID >>- StartOpCodeHandle, // Label for where to insert opcodes >>- EndOpCodeHandle // Replace data >>- ); >>- >>- HiiFreeOpCodeHandle (StartOpCodeHandle); >>- HiiFreeOpCodeHandle (EndOpCodeHandle); >>-} >>- >>- >>-/** >>- Display the permit connect device path. >>- >>-**/ >>-VOID >>-DisplayConnectPermit ( >>- VOID >>- ) >>-{ >>- // >>- // Note: >>- // As no architect protocol/interface to be called in ConnectController() >>- // to verify the device path, just add a place holder for permitted connect >>- // device path. >>- // >>-} >>- >>- >>-/** >>- Display the forbid connect device path list. >>- >>-**/ >>-VOID >>-DisplayConnectForbid ( >>- VOID >>- ) >>-{ >>- // >>- // Note: >>- // As no architect protocol/interface to be called in ConnectController() >>- // to verify the device path, just add a place holder for forbidden connect >>- // device path. >>- // >>-} >>- >>- >>-/** >>- Delete the specified device path by DriverIndex from the forbid device >path >>- list (mAccessInfo.LoadForbid). >>- >>- @param[in] DriverIndex The index of driver in forbidden device path list. >>- >>-**/ >>-VOID >>-DeleteFromForbidLoad ( >>- IN UINT16 DriverIndex >>- ) >>-{ >>- UINTN OffSet; >>- UINTN DPSize; >>- UINTN OffLen; >>- EFI_DEVICE_PATH_PROTOCOL *Dp; >>- >>- OffSet = 0; >>- // >>- // Find the specified device path. >>- // >>- while ((OffSet < mAccessInfo.LoadForbidLen) && (DriverIndex > 0)) { >>- Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + >>OffSet); >>- DPSize = GetDevicePathSize (Dp); >>- OffSet += DPSize; >>- DriverIndex--; >>- } >>- >>- // >>- // Specified device path found. >>- // >>- if (DriverIndex == 0) { >>- Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + >>OffSet); >>- DPSize = GetDevicePathSize (Dp); >>- OffLen = mAccessInfo.LoadForbidLen - OffSet - DPSize; >>- if (OffLen > 0) { >>- CopyMem ( >>- mAccessInfo.LoadForbid + OffSet, >>- mAccessInfo.LoadForbid + OffSet + DPSize, >>- OffLen >>- ); >>- } >>- mAccessInfo.LoadForbidLen -= DPSize; >>- } >>-} >>- >>- >>-/** >>- Add the specified device path by DriverIndex to the forbid device path >>- list (mAccessInfo.LoadForbid). >>- >>- @param[in] DriverIndex The index of driver saved in driver options. >>- >>-**/ >>-VOID >>-AddToForbidLoad ( >>- IN UINT16 DriverIndex >>- ) >>-{ >>- UINTN DevicePathLen; >>- UINT8 *Var; >>- UINT8 *VarPtr; >>- UINTN NewLen; >>- UINT8 *NewFL; >>- CHAR16 VarName[13]; >>- >>- // >>- // Get loadable driver device path. >>- // >>- UnicodeSPrint (VarName, sizeof (VarName), L"Driver%04x", DriverIndex); >>- GetEfiGlobalVariable2 (VarName, (VOID**)&Var, NULL); >>- if (Var == NULL) { >>- return; >>- } >>- >>- // >>- // Save forbid load driver. >>- // >>- >>- VarPtr = Var; >>- // >>- // Skip attribute. >>- // >>- VarPtr += sizeof (UINT32); >>- >>- DevicePathLen = *(UINT16 *) VarPtr; >>- // >>- // Skip device path length. >>- // >>- VarPtr += sizeof (UINT16); >>- >>- // >>- // Skip description string. >>- // >>- VarPtr += StrSize ((UINT16 *) VarPtr); >>- >>- NewLen = mAccessInfo.LoadForbidLen + DevicePathLen; >>- NewFL = AllocateZeroPool (NewLen); >>- if (NewFL == NULL) { >>- FreePool (Var); >>- return ; >>- } >>- >>- if (mAccessInfo.LoadForbidLen > 0) { >>- CopyMem (NewFL, mAccessInfo.LoadForbid, >mAccessInfo.LoadForbidLen); >>- FreePool (mAccessInfo.LoadForbid); >>- } >>- >>- CopyMem (NewFL + mAccessInfo.LoadForbidLen, VarPtr, DevicePathLen); >>- mAccessInfo.LoadForbidLen = NewLen; >>- mAccessInfo.LoadForbid = NewFL; >>- FreePool (Var); >>-} >>- >>- >>diff --git >>a/SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyIdentityPo >li >>cy.c >>b/SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyIdentityP >oli >>cy.c >>deleted file mode 100644 >>index 602c4a8397..0000000000 >>--- >>a/SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyIdentityPo >li >>cy.c >>+++ /dev/null >>@@ -1,516 +0,0 @@ >>-/** @file >>- The functions for identification policy modification. >>- >>-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >>-This program and the accompanying materials >>-are licensed and made available under the terms and conditions of the BSD >>License >>-which accompanies this distribution. The full text of the license may be >>found at >>-http://opensource.org/licenses/bsd-license.php >>- >>-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >>-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>- >>-**/ >>- >>-#include "UserProfileManager.h" >>- >>- >>-/** >>- Verify the new identity policy in the current implementation. The same >>credential >>- provider can't appear twice in one identity policy. >>- >>- @param[in] NewGuid Points to the credential provider guid. >>- >>- @retval TRUE The NewGuid was found in the identity policy. >>- @retval FALSE The NewGuid was not found. >>- >>-**/ >>-BOOLEAN >>-ProviderAlreadyInPolicy ( >>- IN EFI_GUID *NewGuid >>- ) >>-{ >>- UINTN Offset; >>- EFI_USER_INFO_IDENTITY_POLICY *Identity; >>- EFI_INPUT_KEY Key; >>- >>- Offset = 0; >>- while (Offset < mUserInfo.NewIdentityPolicyLen) { >>- Identity = (EFI_USER_INFO_IDENTITY_POLICY *) >>(mUserInfo.NewIdentityPolicy + Offset); >>- if (Identity->Type == EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER) >{ >>- if (CompareGuid (NewGuid, (EFI_GUID *) (Identity + 1))) { >>- CreatePopUp ( >>- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >>- &Key, >>- L"This Credential Provider Are Already Used!", >>- L"", >>- L"Press Any Key to Continue ...", >>- NULL >>- ); >>- return TRUE; >>- } >>- } >>- Offset += Identity->Length; >>- } >>- >>- return FALSE; >>-} >>- >>- >>-/** >>- Add the user's credential record in the provider. >>- >>- @param[in] Identity Identity policy item including credential provider. >>- @param[in] User Points to user profile. >>- >>- @retval EFI_SUCCESS Add or delete record successfully. >>- @retval Others Fail to add or delete record. >>- >>-**/ >>-EFI_STATUS >>-EnrollUserOnProvider ( >>- IN EFI_USER_INFO_IDENTITY_POLICY *Identity, >>- IN EFI_USER_PROFILE_HANDLE User >>- ) >>-{ >>- UINTN Index; >>- EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential; >>- >>- // >>- // Find the specified credential provider. >>- // >>- for (Index = 0; Index < mProviderInfo->Count; Index++) { >>- UserCredential = mProviderInfo->Provider[Index]; >>- if (CompareGuid ((EFI_GUID *)(Identity + 1), &UserCredential- >>Identifier)) >>{ >>- return UserCredential->Enroll (UserCredential, User); >>- } >>- } >>- >>- return EFI_NOT_FOUND; >>-} >>- >>- >>-/** >>- Delete the User's credential record on the provider. >>- >>- @param[in] Identity Point to >>EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER user info. >>- @param[in] User Points to user profile. >>- >>- @retval EFI_SUCCESS Delete User's credential record successfully. >>- @retval Others Fail to add or delete record. >>- >>-**/ >>-EFI_STATUS >>-DeleteUserOnProvider ( >>- IN EFI_USER_INFO_IDENTITY_POLICY *Identity, >>- IN EFI_USER_PROFILE_HANDLE User >>- ) >>-{ >>- UINTN Index; >>- EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential; >>- >>- // >>- // Find the specified credential provider. >>- // >>- for (Index = 0; Index < mProviderInfo->Count; Index++) { >>- UserCredential = mProviderInfo->Provider[Index]; >>- if (CompareGuid ((EFI_GUID *)(Identity + 1), &UserCredential- >>Identifier)) >>{ >>- return UserCredential->Delete (UserCredential, User); >>- } >>- } >>- >>- return EFI_NOT_FOUND; >>-} >>- >>- >>-/** >>- Delete User's credental from all the providers that exist in User's identity >>policy. >>- >>- @param[in] IdentityPolicy Point to User's identity policy. >>- @param[in] IdentityPolicyLen The length of the identity policy. >>- @param[in] User Points to user profile. >>- >>-**/ >>-VOID >>-DeleteCredentialFromProviders ( >>- IN UINT8 *IdentityPolicy, >>- IN UINTN IdentityPolicyLen, >>- IN EFI_USER_PROFILE_HANDLE User >>- ) >>-{ >>- EFI_USER_INFO_IDENTITY_POLICY *Identity; >>- UINTN Offset; >>- >>- Offset = 0; >>- while (Offset < IdentityPolicyLen) { >>- Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (IdentityPolicy + Offset); >>- if (Identity->Type == EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER) >{ >>- // >>- // Delete the user on this provider. >>- // >>- DeleteUserOnProvider (Identity, User); >>- } >>- Offset += Identity->Length; >>- } >>- >>-} >>- >>- >>-/** >>- Remove the provider specified by Offset from the new user identification >>record. >>- >>- @param[in] IdentityPolicy Point to user identity item in new >identification >>policy. >>- @param[in] Offset The item offset in the new identification policy. >>- >>-**/ >>-VOID >>-DeleteProviderFromPolicy ( >>- IN EFI_USER_INFO_IDENTITY_POLICY *IdentityPolicy, >>- IN UINTN Offset >>- ) >>-{ >>- UINTN RemainingLen; >>- UINTN DeleteLen; >>- >>- if (IdentityPolicy->Length == mUserInfo.NewIdentityPolicyLen) { >>- // >>- // Only one credential provider in the identification policy. >>- // Set the new policy to be TRUE after removed the provider. >>- // >>- IdentityPolicy->Type = EFI_USER_INFO_IDENTITY_TRUE; >>- IdentityPolicy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY); >>- mUserInfo.NewIdentityPolicyLen = IdentityPolicy->Length; >>- return ; >>- } >>- >>- DeleteLen = IdentityPolicy->Length + >>sizeof(EFI_USER_INFO_IDENTITY_POLICY); >>- if ((Offset + IdentityPolicy->Length) != mUserInfo.NewIdentityPolicyLen) { >>- // >>- // This provider is not the last item in the identification policy, delete it >and >>the connector. >>- // >>- RemainingLen = mUserInfo.NewIdentityPolicyLen - Offset - DeleteLen; >>- CopyMem ((UINT8 *) IdentityPolicy, (UINT8 *) IdentityPolicy + DeleteLen, >>RemainingLen); >>- } >>- mUserInfo.NewIdentityPolicyLen -= DeleteLen; >>-} >>- >>- >>-/** >>- Add a new provider to the mUserInfo.NewIdentityPolicy. >>- >>- It is invoked when 'add option' in UI is pressed. >>- >>- @param[in] NewGuid Points to the credential provider guid. >>- >>-**/ >>-VOID >>-AddProviderToPolicy ( >>- IN EFI_GUID *NewGuid >>- ) >>-{ >>- UINT8 *NewPolicyInfo; >>- UINTN NewPolicyInfoLen; >>- EFI_USER_INFO_IDENTITY_POLICY *Policy; >>- >>- // >>- // Allocate memory for the new identity policy. >>- // >>- NewPolicyInfoLen = mUserInfo.NewIdentityPolicyLen + sizeof >>(EFI_USER_INFO_IDENTITY_POLICY) + sizeof (EFI_GUID); >>- if (mUserInfo.NewIdentityPolicyLen > 0) { >>- // >>- // It is not the first provider in the policy. Add a connector before provider. >>- // >>- NewPolicyInfoLen += sizeof (EFI_USER_INFO_IDENTITY_POLICY); >>- } >>- NewPolicyInfo = AllocateZeroPool (NewPolicyInfoLen); >>- if (NewPolicyInfo == NULL) { >>- return ; >>- } >>- >>- NewPolicyInfoLen = 0; >>- if (mUserInfo.NewIdentityPolicyLen > 0) { >>- // >>- // Save orginal policy. >>- // >>- CopyMem (NewPolicyInfo, mUserInfo.NewIdentityPolicy, >>mUserInfo.NewIdentityPolicyLen); >>- >>- // >>- // Save logical connector. >>- // >>- Policy = (EFI_USER_INFO_IDENTITY_POLICY *) (NewPolicyInfo + >>mUserInfo.NewIdentityPolicyLen); >>- if (mConncetLogical == 0) { >>- Policy->Type = EFI_USER_INFO_IDENTITY_AND; >>- } else { >>- Policy->Type = EFI_USER_INFO_IDENTITY_OR; >>- } >>- >>- Policy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY); >>- NewPolicyInfoLen = mUserInfo.NewIdentityPolicyLen + Policy->Length; >>- FreePool (mUserInfo.NewIdentityPolicy); >>- } >>- >>- // >>- // Save credential provider. >>- // >>- Policy = (EFI_USER_INFO_IDENTITY_POLICY *) (NewPolicyInfo + >>NewPolicyInfoLen); >>- Policy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY) + sizeof >>(EFI_GUID); >>- Policy->Type = EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER; >>- CopyGuid ((EFI_GUID *) (Policy + 1), NewGuid); >>- NewPolicyInfoLen += Policy->Length; >>- >>- // >>- // Update identity policy choice. >>- // >>- mUserInfo.NewIdentityPolicy = NewPolicyInfo; >>- mUserInfo.NewIdentityPolicyLen = NewPolicyInfoLen; >>- mUserInfo.NewIdentityPolicyModified = TRUE; >>-} >>- >>- >>-/** >>- This function replaces the old identity policy with a new identity policy. >>- >>- This function delete the user identity policy information. >>- If enroll new credential failed, recover the old identity policy. >>- >>- @retval EFI_SUCCESS Modify user identity policy successfully. >>- @retval Others Fail to modify user identity policy. >>- >>-**/ >>-EFI_STATUS >>-UpdateCredentialProvider ( >>- ) >>-{ >>- EFI_STATUS Status; >>- EFI_USER_INFO_IDENTITY_POLICY *Identity; >>- UINTN Offset; >>- >>- // >>- // Delete the old identification policy. >>- // >>- DeleteCredentialFromProviders (mUserInfo.IdentityPolicy, >>mUserInfo.IdentityPolicyLen, mModifyUser); >>- >>- // >>- // Add the new identification policy. >>- // >>- Offset = 0; >>- while (Offset < mUserInfo.NewIdentityPolicyLen) { >>- Identity = (EFI_USER_INFO_IDENTITY_POLICY *) >>(mUserInfo.NewIdentityPolicy + Offset); >>- if (Identity->Type == EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER) >{ >>- // >>- // Enroll the user on this provider >>- // >>- Status = EnrollUserOnProvider (Identity, mModifyUser); >>- if (EFI_ERROR (Status)) { >>- // >>- // Failed to enroll the user by new identification policy. >>- // So removed the credential provider from the identification policy >>- // >>- DeleteProviderFromPolicy (Identity, Offset); >>- continue; >>- } >>- } >>- Offset += Identity->Length; >>- } >>- >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- Check whether the identity policy is valid. >>- >>- @param[in] PolicyInfo Point to the identity policy. >>- @param[in] PolicyInfoLen The policy length. >>- >>- @retval TRUE The policy is a valid identity policy. >>- @retval FALSE The policy is not a valid identity policy. >>- >>-**/ >>-BOOLEAN >>-CheckNewIdentityPolicy ( >>- IN UINT8 *PolicyInfo, >>- IN UINTN PolicyInfoLen >>- ) >>-{ >>- EFI_USER_INFO_IDENTITY_POLICY *Identity; >>- EFI_INPUT_KEY Key; >>- UINTN Offset; >>- UINT32 OpCode; >>- >>- // >>- // Check policy expression. >>- // >>- OpCode = EFI_USER_INFO_IDENTITY_FALSE; >>- Offset = 0; >>- while (Offset < PolicyInfoLen) { >>- // >>- // Check identification policy according to type >>- // >>- Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (PolicyInfo + Offset); >>- switch (Identity->Type) { >>- >>- case EFI_USER_INFO_IDENTITY_TRUE: >>- break; >>- >>- case EFI_USER_INFO_IDENTITY_OR: >>- if (OpCode == EFI_USER_INFO_IDENTITY_AND) { >>- CreatePopUp ( >>- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >>- &Key, >>- L"Invalid Identity Policy, Mixed Connector Unsupport!", >>- L"", >>- L"Press Any Key to Continue ...", >>- NULL >>- ); >>- return FALSE; >>- } >>- >>- OpCode = EFI_USER_INFO_IDENTITY_OR; >>- break; >>- >>- case EFI_USER_INFO_IDENTITY_AND: >>- if (OpCode == EFI_USER_INFO_IDENTITY_OR) { >>- CreatePopUp ( >>- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >>- &Key, >>- L"Invalid Identity Policy, Mixed Connector Unsupport!", >>- L"", >>- L"Press Any Key to Continue ...", >>- NULL >>- ); >>- return FALSE; >>- } >>- >>- OpCode = EFI_USER_INFO_IDENTITY_AND; >>- break; >>- >>- case EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER: >>- break; >>- >>- default: >>- CreatePopUp ( >>- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >>- &Key, >>- L"Unsupport parameter", >>- L"", >>- L"Press Any Key to Continue ...", >>- NULL >>- ); >>- return FALSE; >>- } >>- Offset += Identity->Length; >>- } >>- >>- return TRUE; >>-} >>- >>- >>-/** >>- Save the identity policy and update UI with it. >>- >>- This function will verify the new identity policy, in current implementation, >>- the identity policy can be: T, P & P & P & ..., P | P | P | ... >>- Here, "T" means "True", "P" means "Credential Provider", "&" means >"and", >>"|" means "or". >>- Other identity policies are not supported. >>- >>-**/ >>-VOID >>-SaveIdentityPolicy ( >>- VOID >>- ) >>-{ >>- EFI_STATUS Status; >>- EFI_USER_INFO_HANDLE UserInfo; >>- EFI_USER_INFO *Info; >>- >>- if (!mUserInfo.NewIdentityPolicyModified || >>(mUserInfo.NewIdentityPolicyLen == 0)) { >>- return; >>- } >>- >>- // >>- // Check policy expression. >>- // >>- if (!CheckNewIdentityPolicy (mUserInfo.NewIdentityPolicy, >>mUserInfo.NewIdentityPolicyLen)) { >>- return; >>- } >>- >>- Status = FindInfoByType (mModifyUser, >>EFI_USER_INFO_IDENTITY_POLICY_RECORD, &UserInfo); >>- if (EFI_ERROR (Status)) { >>- return ; >>- } >>- >>- // >>- // Update the informantion on credential provider. >>- // >>- Status = UpdateCredentialProvider (); >>- if (EFI_ERROR (Status)) { >>- return ; >>- } >>- >>- // >>- // Save new identification policy. >>- // >>- Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + >>mUserInfo.NewIdentityPolicyLen); >>- ASSERT (Info != NULL); >>- >>- Info->InfoType = EFI_USER_INFO_IDENTITY_POLICY_RECORD; >>- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >>EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; >>- Info->InfoSize = (UINT32) (sizeof (EFI_USER_INFO) + >>mUserInfo.NewIdentityPolicyLen); >>- CopyMem ((UINT8 *) (Info + 1), mUserInfo.NewIdentityPolicy, >>mUserInfo.NewIdentityPolicyLen); >>- >>- Status = mUserManager->SetInfo (mUserManager, mModifyUser, >>&UserInfo, Info, Info->InfoSize); >>- FreePool (Info); >>- >>- // >>- // Update the mUserInfo.IdentityPolicy by mUserInfo.NewIdentityPolicy >>- // >>- if (mUserInfo.IdentityPolicy != NULL) { >>- FreePool (mUserInfo.IdentityPolicy); >>- } >>- mUserInfo.IdentityPolicy = mUserInfo.NewIdentityPolicy; >>- mUserInfo.IdentityPolicyLen = mUserInfo.NewIdentityPolicyLen; >>- >>- mUserInfo.NewIdentityPolicy = NULL; >>- mUserInfo.NewIdentityPolicyLen = 0; >>- mUserInfo.NewIdentityPolicyModified = FALSE; >>- >>- // >>- // Update identity policy choice. >>- // >>- ResolveIdentityPolicy (mUserInfo.IdentityPolicy, >>mUserInfo.IdentityPolicyLen, STRING_TOKEN (STR_IDENTIFY_POLICY_VAL)); >>-} >>- >>- >>-/** >>- Update the mUserInfo.NewIdentityPolicy, and UI when 'add option' is >>pressed. >>- >>-**/ >>-VOID >>-AddIdentityPolicyItem ( >>- VOID >>- ) >>-{ >>- if (mProviderInfo->Count == 0) { >>- return ; >>- } >>- >>- // >>- // Check the identity policy. >>- // >>- if (ProviderAlreadyInPolicy (&mProviderInfo->Provider[mProviderChoice]- >>>Identifier)) { >>- return; >>- } >>- >>- // >>- // Add it to identification policy >>- // >>- AddProviderToPolicy (&mProviderInfo->Provider[mProviderChoice]- >>>Identifier); >>- >>- // >>- // Update identity policy choice. >>- // >>- ResolveIdentityPolicy (mUserInfo.NewIdentityPolicy, >>mUserInfo.NewIdentityPolicyLen, STRING_TOKEN >>(STR_IDENTIFY_POLICY_VALUE)); >>-} >>- >>- >>diff --git >>a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileAdd.c >>b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileAdd.c >>deleted file mode 100644 >>index 6de7e75e79..0000000000 >>--- >>a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileAdd.c >>+++ /dev/null >>@@ -1,372 +0,0 @@ >>-/** @file >>- The functions to add a user profile. >>- >>-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >>-This program and the accompanying materials >>-are licensed and made available under the terms and conditions of the BSD >>License >>-which accompanies this distribution. The full text of the license may be >>found at >>-http://opensource.org/licenses/bsd-license.php >>- >>-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >>-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>- >>-**/ >>- >>-#include "UserProfileManager.h" >>- >>- >>-/** >>- Get user name from the popup windows. >>- >>- @param[in, out] UserNameLen On entry, point to UserName buffer >lengh, >>in bytes. >>- On exit, point to input user name length, in bytes. >>- @param[out] UserName The buffer to hold the input user name. >>- >>- @retval EFI_ABORTED It is given up by pressing 'ESC' key. >>- @retval EFI_NOT_READY Not a valid input at all. >>- @retval EFI_SUCCESS Get a user name successfully. >>- >>-**/ >>-EFI_STATUS >>-GetUserNameInput ( >>- IN OUT UINTN *UserNameLen, >>- OUT CHAR16 *UserName >>- ) >>-{ >>- EFI_INPUT_KEY Key; >>- UINTN NameLen; >>- CHAR16 Name[USER_NAME_LENGTH]; >>- >>- NameLen = 0; >>- while (TRUE) { >>- Name[NameLen] = L'_'; >>- Name[NameLen + 1] = L'\0'; >>- CreatePopUp ( >>- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >>- &Key, >>- L"Input User Name", >>- L"---------------------", >>- Name, >>- NULL >>- ); >>- // >>- // Check key. >>- // >>- if (Key.ScanCode == SCAN_NULL) { >>- if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { >>- // >>- // Add the null terminator. >>- // >>- Name[NameLen] = 0; >>- NameLen++; >>- break; >>- } else if ((Key.UnicodeChar == CHAR_NULL) || >>- (Key.UnicodeChar == CHAR_TAB) || >>- (Key.UnicodeChar == CHAR_LINEFEED) >>- ) { >>- continue; >>- } else { >>- if (Key.UnicodeChar == CHAR_BACKSPACE) { >>- if (NameLen > 0) { >>- NameLen--; >>- } >>- } else { >>- Name[NameLen] = Key.UnicodeChar; >>- NameLen++; >>- if (NameLen + 1 == USER_NAME_LENGTH) { >>- // >>- // Add the null terminator. >>- // >>- Name[NameLen] = 0; >>- NameLen++; >>- break; >>- } >>- } >>- } >>- } >>- >>- if (Key.ScanCode == SCAN_ESC) { >>- return EFI_ABORTED; >>- } >>- } >>- >>- if (NameLen <= 1) { >>- return EFI_NOT_READY; >>- } >>- >>- if (*UserNameLen < NameLen * sizeof (CHAR16)) { >>- return EFI_NOT_READY; >>- } >>- >>- *UserNameLen = NameLen * sizeof (CHAR16); >>- CopyMem (UserName, Name, *UserNameLen); >>- >>- return EFI_SUCCESS; >>-} >>- >>-/** >>- Set a user's username. >>- >>- @param[in] User Handle of a user profile . >>- @param[in] UserNameLen The lengh of UserName. >>- @param[in] UserName Point to the buffer of user name. >>- >>- @retval EFI_NOT_READY The usernme in mAddUserName had been >used. >>- @retval EFI_SUCCESS Change the user's username successfully with >>- username in mAddUserName. >>- >>-**/ >>-EFI_STATUS >>-SetUserName ( >>- IN EFI_USER_PROFILE_HANDLE User, >>- IN UINTN UserNameLen, >>- IN CHAR16 *UserName >>- ) >>-{ >>- EFI_STATUS Status; >>- EFI_USER_INFO_HANDLE UserInfo; >>- EFI_USER_PROFILE_HANDLE TempUser; >>- EFI_USER_INFO *NewUserInfo; >>- >>- NewUserInfo = AllocateZeroPool (sizeof (EFI_USER_INFO) + >UserNameLen); >>- ASSERT (NewUserInfo != NULL); >>- >>- NewUserInfo->InfoType = EFI_USER_INFO_NAME_RECORD; >>- NewUserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >>- EFI_USER_INFO_PUBLIC | >>- EFI_USER_INFO_EXCLUSIVE; >>- NewUserInfo->InfoSize = (UINT32) (sizeof (EFI_USER_INFO) + >>UserNameLen); >>- CopyMem ((UINT8 *) (NewUserInfo + 1), UserName, UserNameLen); >>- TempUser = NULL; >>- Status = mUserManager->Find ( >>- mUserManager, >>- &TempUser, >>- NULL, >>- NewUserInfo, >>- NewUserInfo->InfoSize >>- ); >>- if (!EFI_ERROR (Status)) { >>- // >>- // The user name had been used, return error. >>- // >>- FreePool (NewUserInfo); >>- return EFI_NOT_READY; >>- } >>- >>- UserInfo = NULL; >>- mUserManager->SetInfo ( >>- mUserManager, >>- User, >>- &UserInfo, >>- NewUserInfo, >>- NewUserInfo->InfoSize >>- ); >>- FreePool (NewUserInfo); >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- Set create date of the specified user. >>- >>- @param[in] User Handle of a user profile. >>- >>-**/ >>-VOID >>-SetCreateDate ( >>- IN EFI_USER_PROFILE_HANDLE User >>- ) >>-{ >>- EFI_STATUS Status; >>- EFI_USER_INFO_HANDLE UserInfo; >>- EFI_USER_INFO_CREATE_DATE Date; >>- EFI_USER_INFO *NewUserInfo; >>- >>- NewUserInfo = AllocateZeroPool ( >>- sizeof (EFI_USER_INFO) + >>- sizeof (EFI_USER_INFO_CREATE_DATE) >>- ); >>- ASSERT (NewUserInfo != NULL); >>- >>- NewUserInfo->InfoType = EFI_USER_INFO_CREATE_DATE_RECORD; >>- NewUserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >>- EFI_USER_INFO_PUBLIC | >>- EFI_USER_INFO_EXCLUSIVE; >>- NewUserInfo->InfoSize = sizeof (EFI_USER_INFO) + sizeof >>(EFI_USER_INFO_CREATE_DATE); >>- Status = gRT->GetTime (&Date, NULL); >>- if (EFI_ERROR (Status)) { >>- FreePool (NewUserInfo); >>- return ; >>- } >>- >>- CopyMem ((UINT8 *) (NewUserInfo + 1), &Date, sizeof >>(EFI_USER_INFO_CREATE_DATE)); >>- UserInfo = NULL; >>- mUserManager->SetInfo ( >>- mUserManager, >>- User, >>- &UserInfo, >>- NewUserInfo, >>- NewUserInfo->InfoSize >>- ); >>- FreePool (NewUserInfo); >>-} >>- >>- >>-/** >>- Set the default identity policy of the specified user. >>- >>- @param[in] User Handle of a user profile. >>- >>-**/ >>-VOID >>-SetIdentityPolicy ( >>- IN EFI_USER_PROFILE_HANDLE User >>- ) >>-{ >>- EFI_USER_INFO_IDENTITY_POLICY *Policy; >>- EFI_USER_INFO_HANDLE UserInfo; >>- EFI_USER_INFO *NewUserInfo; >>- >>- NewUserInfo = AllocateZeroPool ( >>- sizeof (EFI_USER_INFO) + >>- sizeof (EFI_USER_INFO_IDENTITY_POLICY) >>- ); >>- ASSERT (NewUserInfo != NULL); >>- >>- Policy = (EFI_USER_INFO_IDENTITY_POLICY *) (NewUserInfo + 1); >>- Policy->Type = EFI_USER_INFO_IDENTITY_TRUE; >>- Policy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY); >>- >>- NewUserInfo->InfoType = EFI_USER_INFO_IDENTITY_POLICY_RECORD; >>- NewUserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >>- EFI_USER_INFO_PUBLIC | >>- EFI_USER_INFO_EXCLUSIVE; >>- NewUserInfo->InfoSize = sizeof (EFI_USER_INFO) + Policy->Length; >>- UserInfo = NULL; >>- mUserManager->SetInfo ( >>- mUserManager, >>- User, >>- &UserInfo, >>- NewUserInfo, >>- NewUserInfo->InfoSize >>- ); >>- FreePool (NewUserInfo); >>-} >>- >>- >>-/** >>- Set the default access policy of the specified user. >>- >>- @param[in] User Handle of a user profile. >>- >>-**/ >>-VOID >>-SetAccessPolicy ( >>- IN EFI_USER_PROFILE_HANDLE User >>- ) >>-{ >>- EFI_USER_INFO_ACCESS_CONTROL *Control; >>- EFI_USER_INFO_HANDLE UserInfo; >>- EFI_USER_INFO *NewUserInfo; >>- >>- NewUserInfo = AllocateZeroPool ( >>- sizeof (EFI_USER_INFO) + >>- sizeof (EFI_USER_INFO_ACCESS_CONTROL) >>- ); >>- ASSERT (NewUserInfo != NULL); >>- >>- Control = (EFI_USER_INFO_ACCESS_CONTROL *) (NewUserInfo + >>1); >>- Control->Type = EFI_USER_INFO_ACCESS_ENROLL_SELF; >>- Control->Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL); >>- >>- NewUserInfo->InfoType = EFI_USER_INFO_ACCESS_POLICY_RECORD; >>- NewUserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >>- EFI_USER_INFO_PUBLIC | >>- EFI_USER_INFO_EXCLUSIVE; >>- NewUserInfo->InfoSize = sizeof (EFI_USER_INFO) + Control->Size; >>- UserInfo = NULL; >>- mUserManager->SetInfo ( >>- mUserManager, >>- User, >>- &UserInfo, >>- NewUserInfo, >>- NewUserInfo->InfoSize >>- ); >>- FreePool (NewUserInfo); >>-} >>- >>- >>-/** >>- Add a new user profile into the user profile database. >>- >>-**/ >>-VOID >>-CallAddUser ( >>- VOID >>- ) >>-{ >>- EFI_STATUS Status; >>- EFI_INPUT_KEY Key; >>- EFI_USER_PROFILE_HANDLE User; >>- UINTN UserNameLen; >>- CHAR16 UserName[USER_NAME_LENGTH]; >>- CHAR16 *QuestionStr; >>- CHAR16 *PromptStr; >>- >>- QuestionStr = NULL; >>- PromptStr = NULL; >>- >>- // >>- // Get user name to add. >>- // >>- UserNameLen = sizeof (UserName); >>- Status = GetUserNameInput (&UserNameLen, UserName); >>- if (EFI_ERROR (Status)) { >>- if (Status != EFI_ABORTED) { >>- QuestionStr = GetStringById (STRING_TOKEN >>(STR_GET_USERNAME_FAILED)); >>- PromptStr = GetStringById (STRING_TOKEN >>(STR_STROKE_KEY_CONTINUE)); >>- goto Done; >>- } >>- return ; >>- } >>- >>- // >>- // Create a new user profile. >>- // >>- User = NULL; >>- Status = mUserManager->Create (mUserManager, &User); >>- if (EFI_ERROR (Status)) { >>- QuestionStr = GetStringById (STRING_TOKEN >>(STR_CREATE_PROFILE_FAILED)); >>- PromptStr = GetStringById (STRING_TOKEN >>(STR_STROKE_KEY_CONTINUE)); >>- } else { >>- // >>- // Add default user information. >>- // >>- Status = SetUserName (User, UserNameLen, UserName); >>- if (EFI_ERROR (Status)) { >>- QuestionStr = GetStringById (STRING_TOKEN >>(STR_USER_ALREADY_EXISTED)); >>- PromptStr = GetStringById (STRING_TOKEN >>(STR_STROKE_KEY_CONTINUE)); >>- goto Done; >>- } >>- >>- SetCreateDate (User); >>- SetIdentityPolicy (User); >>- SetAccessPolicy (User); >>- >>- QuestionStr = GetStringById (STRING_TOKEN >>(STR_CREATE_PROFILE_SUCCESS)); >>- PromptStr = GetStringById (STRING_TOKEN >>(STR_STROKE_KEY_CONTINUE)); >>- } >>- >>-Done: >>- CreatePopUp ( >>- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >>- &Key, >>- QuestionStr, >>- L"", >>- PromptStr, >>- NULL >>- ); >>- FreePool (QuestionStr); >>- FreePool (PromptStr); >>-} >>- >>diff --git >>a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileDelet >e. >>c >>b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileDelet >e. >>c >>deleted file mode 100644 >>index af5d3109dd..0000000000 >>--- >>a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileDelet >e. >>c >>+++ /dev/null >>@@ -1,343 +0,0 @@ >>-/** @file >>- The functions to delete a user profile. >>- >>-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >>-This program and the accompanying materials >>-are licensed and made available under the terms and conditions of the BSD >>License >>-which accompanies this distribution. The full text of the license may be >>found at >>-http://opensource.org/licenses/bsd-license.php >>- >>-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >>-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>- >>-**/ >>- >>-#include "UserProfileManager.h" >>- >>-/** >>- Get the username from the specified user. >>- >>- @param[in] User Handle of a user profile. >>- >>- @retval EFI_STRING_ID The String Id of the user's username. >>- >>-**/ >>-EFI_STRING_ID >>-GetUserName ( >>- IN EFI_USER_PROFILE_HANDLE User >>- ) >>-{ >>- EFI_STATUS Status; >>- EFI_USER_INFO_HANDLE UserInfo; >>- EFI_USER_INFO *Info; >>- UINTN InfoSize; >>- UINTN MemSize; >>- UINTN NameLen; >>- CHAR16 UserName[USER_NAME_LENGTH]; >>- EFI_STRING_ID UserId; >>- >>- // >>- // Allocate user information memory. >>- // >>- MemSize = sizeof (EFI_USER_INFO) + 63; >>- Info = AllocateZeroPool (MemSize); >>- ASSERT (Info != NULL); >>- >>- // >>- // Get user name information. >>- // >>- UserInfo = NULL; >>- while (TRUE) { >>- InfoSize = MemSize; >>- // >>- // Get next user information. >>- // >>- Status = mUserManager->GetNextInfo ( >>- mUserManager, >>- User, >>- &UserInfo >>- ); >>- if (EFI_ERROR (Status)) { >>- break; >>- } >>- >>- Status = mUserManager->GetInfo ( >>- mUserManager, >>- User, >>- UserInfo, >>- Info, >>- &InfoSize >>- ); >>- if (Status == EFI_BUFFER_TOO_SMALL) { >>- MemSize = InfoSize; >>- FreePool (Info); >>- Info = AllocateZeroPool (MemSize); >>- ASSERT (Info != NULL); >>- >>- Status = mUserManager->GetInfo ( >>- mUserManager, >>- User, >>- UserInfo, >>- Info, >>- &InfoSize >>- ); >>- } >>- // >>- // Check user information. >>- // >>- if (Status == EFI_SUCCESS) { >>- if (Info->InfoType == EFI_USER_INFO_NAME_RECORD) { >>- NameLen = Info->InfoSize - sizeof (EFI_USER_INFO); >>- if (NameLen > USER_NAME_LENGTH * sizeof (CHAR16)) { >>- NameLen = USER_NAME_LENGTH * sizeof (CHAR16); >>- } >>- ASSERT (NameLen >= sizeof (CHAR16)); >>- CopyMem (UserName, (UINT8 *) (Info + 1), NameLen); >>- UserName[NameLen / sizeof (CHAR16) - 1] = 0; >>- UserId = HiiSetString ( >>- mCallbackInfo->HiiHandle, >>- 0, >>- UserName, >>- NULL >>- ); >>- if (UserId != 0) { >>- FreePool (Info); >>- return UserId; >>- } >>- } >>- } >>- } >>- >>- FreePool (Info); >>- return 0; >>-} >>- >>- >>-/** >>- Add a username item in form. >>- >>- @param[in] User Points to the user profile whose username is added. >>- @param[in] Index The index of the user in the user name list >>- @param[in] OpCodeHandle Points to container for dynamic created >>opcodes. >>- >>-**/ >>-VOID >>-AddUserToForm ( >>- IN EFI_USER_PROFILE_HANDLE User, >>- IN UINT16 Index, >>- IN VOID *OpCodeHandle >>- ) >>-{ >>- EFI_STRING_ID NameId; >>- >>- // >>- // Get user name >>- // >>- NameId = GetUserName (User); >>- if (NameId == 0) { >>- return ; >>- } >>- >>- // >>- // Create user name option. >>- // >>- switch (Index & KEY_FIRST_FORM_MASK) { >>- case KEY_MODIFY_USER: >>- HiiCreateGotoOpCode ( >>- OpCodeHandle, // Container for dynamic created opcodes >>- FORMID_USER_INFO, // Target Form ID >>- NameId, // Prompt text >>- STRING_TOKEN (STR_NULL_STRING), // Help text >>- EFI_IFR_FLAG_CALLBACK, // Question flag >>- Index // Question ID >>- ); >>- break; >>- >>- case KEY_DEL_USER: >>- HiiCreateActionOpCode ( >>- OpCodeHandle, // Container for dynamic created opcodes >>- Index, // Question ID >>- NameId, // Prompt text >>- STRING_TOKEN (STR_NULL_STRING), // Help text >>- EFI_IFR_FLAG_CALLBACK, // Question flag >>- 0 // Action String ID >>- ); >>- break; >>- >>- default: >>- break; >>- } >>-} >>- >>- >>-/** >>- Delete the user specified by UserIndex in user profile database. >>- >>- @param[in] UserIndex The index of user in the user name list >>- to be deleted. >>- >>-**/ >>-VOID >>-DeleteUser ( >>- IN UINT8 UserIndex >>- ) >>-{ >>- EFI_STATUS Status; >>- EFI_USER_PROFILE_HANDLE User; >>- EFI_INPUT_KEY Key; >>- EFI_USER_INFO_HANDLE UserInfo; >>- EFI_USER_INFO *Info; >>- UINTN InfoSize; >>- >>- // >>- // Find specified user profile and delete it. >>- // >>- User = NULL; >>- Status = mUserManager->GetNext (mUserManager, &User); >>- if (EFI_ERROR (Status)) { >>- goto Done; >>- } >>- >>- while (UserIndex > 1) { >>- Status = mUserManager->GetNext (mUserManager, &User); >>- if (EFI_ERROR (Status)) { >>- goto Done; >>- } >>- UserIndex--; >>- } >>- >>- if (UserIndex == 1) { >>- // >>- // Get the identification policy. >>- // >>- Status = FindInfoByType (User, >>EFI_USER_INFO_IDENTITY_POLICY_RECORD, &UserInfo); >>- if (EFI_ERROR (Status)) { >>- goto Done; >>- } >>- >>- InfoSize = 0; >>- Info = NULL; >>- Status = mUserManager->GetInfo (mUserManager, User, UserInfo, Info, >>&InfoSize); >>- if (Status == EFI_BUFFER_TOO_SMALL) { >>- Info = AllocateZeroPool (InfoSize); >>- if (Info == NULL) { >>- goto Done; >>- } >>- Status = mUserManager->GetInfo (mUserManager, User, UserInfo, Info, >>&InfoSize); >>- } >>- >>- // >>- // Delete the user on the credential providers by its identification policy. >>- // >>- ASSERT (Info != NULL); >>- DeleteCredentialFromProviders ((UINT8 *)(Info + 1), Info->InfoSize - >sizeof >>(EFI_USER_INFO), User); >>- FreePool (Info); >>- >>- Status = mUserManager->Delete (mUserManager, User); >>- if (EFI_ERROR (Status)) { >>- goto Done; >>- } >>- CreatePopUp ( >>- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >>- &Key, >>- L"Delete User Succeed!", >>- L"", >>- L"Please Press Any Key to Continue ...", >>- NULL >>- ); >>- return ; >>- } >>- >>-Done: >>- CreatePopUp ( >>- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >>- &Key, >>- L"Delete User Failed!", >>- L"", >>- L"Please Press Any Key to Continue ...", >>- NULL >>- ); >>-} >>- >>- >>-/** >>- Display user select form, cab select a user to delete. >>- >>-**/ >>-VOID >>-SelectUserToDelete ( >>- VOID >>- ) >>-{ >>- EFI_STATUS Status; >>- UINT8 Index; >>- EFI_USER_PROFILE_HANDLE User; >>- EFI_USER_PROFILE_HANDLE CurrentUser; >>- VOID *StartOpCodeHandle; >>- VOID *EndOpCodeHandle; >>- EFI_IFR_GUID_LABEL *StartLabel; >>- EFI_IFR_GUID_LABEL *EndLabel; >>- >>- // >>- // Initialize the container for dynamic opcodes. >>- // >>- StartOpCodeHandle = HiiAllocateOpCodeHandle (); >>- ASSERT (StartOpCodeHandle != NULL); >>- >>- EndOpCodeHandle = HiiAllocateOpCodeHandle (); >>- ASSERT (EndOpCodeHandle != NULL); >>- >>- // >>- // Create Hii Extend Label OpCode. >>- // >>- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >>- StartOpCodeHandle, >>- &gEfiIfrTianoGuid, >>- NULL, >>- sizeof (EFI_IFR_GUID_LABEL) >>- ); >>- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >>- StartLabel->Number = LABEL_USER_DEL_FUNC; >>- >>- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >>- EndOpCodeHandle, >>- &gEfiIfrTianoGuid, >>- NULL, >>- sizeof (EFI_IFR_GUID_LABEL) >>- ); >>- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >>- EndLabel->Number = LABEL_END; >>- >>- // >>- // Add each user can be deleted. >>- // >>- User = NULL; >>- Index = 1; >>- mUserManager->Current (mUserManager, &CurrentUser); >>- while (TRUE) { >>- Status = mUserManager->GetNext (mUserManager, &User); >>- if (EFI_ERROR (Status)) { >>- break; >>- } >>- >>- if (User != CurrentUser) { >>- AddUserToForm ( >>- User, >>- (UINT16)(KEY_DEL_USER | KEY_SELECT_USER | Index), >>- StartOpCodeHandle >>- ); >>- } >>- Index++; >>- } >>- >>- HiiUpdateForm ( >>- mCallbackInfo->HiiHandle, // HII handle >>- &gUserProfileManagerGuid, // Formset GUID >>- FORMID_DEL_USER, // Form ID >>- StartOpCodeHandle, // Label for where to insert opcodes >>- EndOpCodeHandle // Replace data >>- ); >>- >>- HiiFreeOpCodeHandle (StartOpCodeHandle); >>- HiiFreeOpCodeHandle (EndOpCodeHandle); >>-} >>diff --git >>a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileMana >g >>er.c >>b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileMana >g >>er.c >>deleted file mode 100644 >>index e73ba3a8fc..0000000000 >>--- >>a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileMana >g >>er.c >>+++ /dev/null >>@@ -1,887 +0,0 @@ >>-/** @file >>- This driver is a configuration tool for adding, deleting or modifying user >>- profiles, including gathering the necessary information to ascertain their >>- identity in the future, updating user access policy and identification >>- policy, etc. >>- >>-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >>-(C) Copyright 2018 Hewlett Packard Enterprise Development LP<BR> >>-This program and the accompanying materials >>-are licensed and made available under the terms and conditions of the BSD >>License >>-which accompanies this distribution. The full text of the license may be >>found at >>-http://opensource.org/licenses/bsd-license.php >>- >>-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >>-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>- >>-**/ >>- >>-#include "UserProfileManager.h" >>- >>-EFI_USER_MANAGER_PROTOCOL *mUserManager = NULL; >>-CREDENTIAL_PROVIDER_INFO *mProviderInfo = NULL; >>-UINT8 mProviderChoice; >>-UINT8 mConncetLogical; >>-USER_INFO_ACCESS mAccessInfo; >>-USER_INFO mUserInfo; >>-USER_PROFILE_MANAGER_CALLBACK_INFO *mCallbackInfo; >>-HII_VENDOR_DEVICE_PATH mHiiVendorDevicePath = { >>- { >>- { >>- HARDWARE_DEVICE_PATH, >>- HW_VENDOR_DP, >>- { >>- (UINT8) (sizeof (VENDOR_DEVICE_PATH)), >>- (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) >>- } >>- }, >>- USER_PROFILE_MANAGER_GUID >>- }, >>- { >>- END_DEVICE_PATH_TYPE, >>- END_ENTIRE_DEVICE_PATH_SUBTYPE, >>- { >>- (UINT8) (END_DEVICE_PATH_LENGTH), >>- (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8) >>- } >>- } >>-}; >>- >>- >>-/** >>- Get string by string id from HII Interface. >>- >>- >>- @param[in] Id String ID to get the string from. >>- >>- @retval CHAR16 * String from ID. >>- @retval NULL If error occurs. >>- >>-**/ >>-CHAR16 * >>-GetStringById ( >>- IN EFI_STRING_ID Id >>- ) >>-{ >>- // >>- // Get the current string for the current Language. >>- // >>- return HiiGetString (mCallbackInfo->HiiHandle, Id, NULL); >>-} >>- >>- >>-/** >>- This function gets all the credential providers in the system and saved >them >>- to mProviderInfo. >>- >>- @retval EFI_SUCESS Init credential provider database successfully. >>- @retval Others Fail to init credential provider database. >>- >>-**/ >>-EFI_STATUS >>-InitProviderInfo ( >>- VOID >>- ) >>-{ >>- EFI_STATUS Status; >>- UINTN HandleCount; >>- EFI_HANDLE *HandleBuf; >>- UINTN Index; >>- >>- // >>- // Try to find all the user credential provider driver. >>- // >>- HandleCount = 0; >>- HandleBuf = NULL; >>- Status = gBS->LocateHandleBuffer ( >>- ByProtocol, >>- &gEfiUserCredential2ProtocolGuid, >>- NULL, >>- &HandleCount, >>- &HandleBuf >>- ); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- >>- // >>- // Get provider infomation. >>- // >>- if (mProviderInfo != NULL) { >>- FreePool (mProviderInfo); >>- } >>- mProviderInfo = AllocateZeroPool ( >>- sizeof (CREDENTIAL_PROVIDER_INFO) - >>- sizeof (EFI_USER_CREDENTIAL2_PROTOCOL *) + >>- HandleCount * sizeof (EFI_USER_CREDENTIAL2_PROTOCOL *) >>- ); >>- if (mProviderInfo == NULL) { >>- FreePool (HandleBuf); >>- return EFI_OUT_OF_RESOURCES; >>- } >>- >>- mProviderInfo->Count = HandleCount; >>- for (Index = 0; Index < HandleCount; Index++) { >>- Status = gBS->HandleProtocol ( >>- HandleBuf[Index], >>- &gEfiUserCredential2ProtocolGuid, >>- (VOID **) &mProviderInfo->Provider[Index] >>- ); >>- if (EFI_ERROR (Status)) { >>- FreePool (HandleBuf); >>- FreePool (mProviderInfo); >>- mProviderInfo = NULL; >>- return Status; >>- } >>- } >>- >>- FreePool (HandleBuf); >>- return EFI_SUCCESS; >>-} >>- >>- >>-/** >>- This function processes changes in user profile configuration. >>- >>- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. >>- @param Action Specifies the type of action taken by the browser. >>- @param QuestionId A unique value which is sent to the original >>- exporting driver so that it can identify the type >>- of data to expect. >>- @param Type The type of value for the question. >>- @param Value A pointer to the data being sent to the original >>- exporting driver. >>- @param ActionRequest On return, points to the action requested by >>the >>- callback function. >>- >>- @retval EFI_SUCCESS The callback successfully handled the action. >>- @retval Others Fail to handle the action. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-UserProfileManagerCallback ( >>- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, >>- IN EFI_BROWSER_ACTION Action, >>- IN EFI_QUESTION_ID QuestionId, >>- IN UINT8 Type, >>- IN EFI_IFR_TYPE_VALUE *Value, >>- OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest >>- ) >>-{ >>- EFI_STATUS Status; >>- EFI_INPUT_KEY Key; >>- UINT32 CurrentAccessRight; >>- CHAR16 *QuestionStr; >>- CHAR16 *PromptStr; >>- VOID *StartOpCodeHandle; >>- VOID *EndOpCodeHandle; >>- EFI_IFR_GUID_LABEL *StartLabel; >>- EFI_IFR_GUID_LABEL *EndLabel; >>- EFI_USER_PROFILE_HANDLE CurrentUser; >>- >>- Status = EFI_SUCCESS; >>- >>- switch (Action) { >>- case EFI_BROWSER_ACTION_FORM_OPEN: >>- { >>- // >>- // Update user manage Form when user manage Form is opened. >>- // This will be done only in FORM_OPEN CallBack of question with >>QUESTIONID_USER_MANAGE from user manage Form. >>- // >>- if (QuestionId != QUESTIONID_USER_MANAGE) { >>- return EFI_SUCCESS; >>- } >>- >>- // >>- // Get current user >>- // >>- CurrentUser = NULL; >>- mUserManager->Current (mUserManager, &CurrentUser); >>- if (CurrentUser == NULL) { >>- DEBUG ((DEBUG_ERROR, "Error: current user does not exist!\n")); >>- return EFI_NOT_READY; >>- } >>- >>- // >>- // Get current user's right information. >>- // >>- Status = GetAccessRight (&CurrentAccessRight); >>- if (EFI_ERROR (Status)) { >>- CurrentAccessRight = EFI_USER_INFO_ACCESS_ENROLL_SELF; >>- } >>- >>- // >>- // Init credential provider information. >>- // >>- Status = InitProviderInfo (); >>- if (EFI_ERROR (Status)) { >>- return Status; >>- } >>- >>- // >>- // Initialize the container for dynamic opcodes. >>- // >>- StartOpCodeHandle = HiiAllocateOpCodeHandle (); >>- ASSERT (StartOpCodeHandle != NULL); >>- >>- EndOpCodeHandle = HiiAllocateOpCodeHandle (); >>- ASSERT (EndOpCodeHandle != NULL); >>- >>- // >>- // Create Hii Extend Label OpCode. >>- // >>- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >>- StartOpCodeHandle, >>- &gEfiIfrTianoGuid, >>- NULL, >>- sizeof (EFI_IFR_GUID_LABEL) >>- ); >>- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >>- StartLabel->Number = LABEL_USER_MANAGE_FUNC; >>- >>- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >>- EndOpCodeHandle, >>- &gEfiIfrTianoGuid, >>- NULL, >>- sizeof (EFI_IFR_GUID_LABEL) >>- ); >>- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >>- EndLabel->Number = LABEL_END; >>- >>- // >>- // Add user profile option. >>- // >>- if ((CurrentAccessRight == EFI_USER_INFO_ACCESS_MANAGE) || >>- (CurrentAccessRight == EFI_USER_INFO_ACCESS_ENROLL_OTHERS) >>- ) { >>- HiiCreateActionOpCode ( >>- StartOpCodeHandle, // Container for dynamic created >opcodes >>- KEY_ADD_USER, // Question ID >>- STRING_TOKEN (STR_ADD_USER_TITLE), // Prompt text >>- STRING_TOKEN (STR_ADD_USER_HELP), // Help text >>- EFI_IFR_FLAG_CALLBACK, // Question flag >>- 0 // Action String ID >>- ); >>- } >>- >>- // >>- // Add modify user profile option. >>- // >>- HiiCreateGotoOpCode ( >>- StartOpCodeHandle, // Container for dynamic created >opcodes >>- FORMID_MODIFY_USER, // Target Form ID >>- STRING_TOKEN (STR_MODIFY_USER_TITLE), // Prompt text >>- STRING_TOKEN (STR_MODIFY_USER_HELP), // Help text >>- EFI_IFR_FLAG_CALLBACK, // Question flag >>- KEY_MODIFY_USER // Question ID >>- ); >>- >>- // >>- // Add delete user profile option >>- // >>- if (CurrentAccessRight == EFI_USER_INFO_ACCESS_MANAGE) { >>- HiiCreateGotoOpCode ( >>- StartOpCodeHandle, // Container for dynamic created >opcodes >>- FORMID_DEL_USER, // Target Form ID >>- STRING_TOKEN (STR_DELETE_USER_TITLE), // Prompt text >>- STRING_TOKEN (STR_DELETE_USER_HELP), // Help text >>- EFI_IFR_FLAG_CALLBACK, // Question flag >>- KEY_DEL_USER // Question ID >>- ); >>- } >>- >>- HiiUpdateForm ( >>- mCallbackInfo->HiiHandle, // HII handle >>- &gUserProfileManagerGuid, // Formset GUID >>- FORMID_USER_MANAGE, // Form ID >>- StartOpCodeHandle, // Label for where to insert opcodes >>- EndOpCodeHandle // Replace data >>- ); >>- >>- HiiFreeOpCodeHandle (StartOpCodeHandle); >>- HiiFreeOpCodeHandle (EndOpCodeHandle); >>- >>- return EFI_SUCCESS; >>- } >>- break; >>- >>- case EFI_BROWSER_ACTION_FORM_CLOSE: >>- Status = EFI_SUCCESS; >>- break; >>- >>- case EFI_BROWSER_ACTION_CHANGED: >>- { >>- // >>- // Handle the request from form. >>- // >>- if ((Value == NULL) || (ActionRequest == NULL)) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- // >>- // Judge first 2 bits. >>- // >>- switch (QuestionId & KEY_FIRST_FORM_MASK) { >>- // >>- // Add user profile operation. >>- // >>- case KEY_ADD_USER: >>- CallAddUser (); >>- break; >>- >>- // >>- // Delete user profile operation. >>- // >>- case KEY_DEL_USER: >>- // >>- // Judge next 2 bits. >>- // >>- switch (QuestionId & KEY_SECOND_FORM_MASK) { >>- // >>- // Delete specified user profile. >>- // >>- case KEY_SELECT_USER: >>- DeleteUser ((UINT8) QuestionId); >>- // >>- // Update select user form after delete a user. >>- // >>- SelectUserToDelete (); >>- break; >>- >>- default: >>- break; >>- } >>- break; >>- >>- // >>- // Modify user profile operation. >>- // >>- case KEY_MODIFY_USER: >>- // >>- // Judge next 2 bits. >>- // >>- switch (QuestionId & KEY_SECOND_FORM_MASK) { >>- // >>- // Enter user profile information form. >>- // >>- case KEY_SELECT_USER: >>- // >>- // Judge next 3 bits. >>- // >>- switch (QuestionId & KEY_MODIFY_INFO_MASK) { >>- // >>- // Modify user name. >>- // >>- case KEY_MODIFY_NAME: >>- ModifyUserName (); >>- // >>- // Update username in parent form. >>- // >>- SelectUserToModify (); >>- break; >>- >>- // >>- // Modify identity policy. >>- // >>- case KEY_MODIFY_IP: >>- // >>- // Judge next 3 bits >>- // >>- switch (QuestionId & KEY_MODIFY_IP_MASK) { >>- // >>- // Change credential provider option. >>- // >>- case KEY_MODIFY_PROV: >>- mProviderChoice = Value->u8; >>- break; >>- >>- // >>- // Change logical connector. >>- // >>- case KEY_MODIFY_CONN: >>- mConncetLogical = Value->u8; >>- break; >>- >>- // >>- // Save option. >>- // >>- case KEY_ADD_IP_OP: >>- AddIdentityPolicyItem (); >>- break; >>- >>- // >>- // Return to user profile information form. >>- // >>- case KEY_IP_RETURN_UIF: >>- SaveIdentityPolicy (); >>- *ActionRequest = >>EFI_BROWSER_ACTION_REQUEST_FORM_SUBMIT_EXIT; >>- break; >>- >>- default: >>- break; >>- } >>- break; >>- >>- // >>- // Modify access policy. >>- // >>- case KEY_MODIFY_AP: >>- // >>- // Judge next 3 bits. >>- // >>- switch (QuestionId & KEY_MODIFY_AP_MASK) { >>- // >>- // Change access right choice. >>- // >>- case KEY_MODIFY_RIGHT: >>- mAccessInfo.AccessRight = Value->u8; >>- break; >>- >>- // >>- // Change setup choice. >>- // >>- case KEY_MODIFY_SETUP: >>- mAccessInfo.AccessSetup= Value->u8; >>- break; >>- >>- // >>- // Change boot order choice. >>- // >>- case KEY_MODIFY_BOOT: >>- mAccessInfo.AccessBootOrder = Value->u32; >>- break; >>- >>- // >>- // Return to user profile information form. >>- // >>- case KEY_AP_RETURN_UIF: >>- SaveAccessPolicy (); >>- *ActionRequest = >>EFI_BROWSER_ACTION_REQUEST_FORM_SUBMIT_EXIT; >>- break; >>- >>- default: >>- break; >>- } >>- break; >>- >>- default: >>- break; >>- } >>- break; >>- >>- // >>- // Access policy device path modified. >>- // >>- case KEY_MODIFY_AP_DP: >>- // >>- // Judge next 2 bits. >>- // >>- switch (QuestionId & KEY_MODIFY_DP_MASK) { >>- // >>- // Load permit device path modified. >>- // >>- case KEY_LOAD_PERMIT_MODIFY: >>- QuestionStr = GetStringById (STRING_TOKEN >>(STR_MOVE_TO_FORBID_LIST)); >>- PromptStr = GetStringById (STRING_TOKEN >>(STR_PRESS_KEY_CONTINUE)); >>- CreatePopUp ( >>- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >>- &Key, >>- QuestionStr, >>- L"", >>- PromptStr, >>- NULL >>- ); >>- FreePool (QuestionStr); >>- FreePool (PromptStr); >>- if (Key.UnicodeChar != CHAR_CARRIAGE_RETURN) { >>- break; >>- } >>- >>- AddToForbidLoad ((UINT16)(QuestionId & (KEY_MODIFY_DP_MASK - >>1))); >>- DisplayLoadPermit (); >>- break; >>- >>- // >>- // Load forbid device path modified. >>- // >>- case KEY_LOAD_FORBID_MODIFY: >>- QuestionStr = GetStringById (STRING_TOKEN >>(STR_MOVE_TO_PERMIT_LIST)); >>- PromptStr = GetStringById (STRING_TOKEN >>(STR_PRESS_KEY_CONTINUE)); >>- CreatePopUp ( >>- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >>- &Key, >>- QuestionStr, >>- L"", >>- PromptStr, >>- NULL >>- ); >>- FreePool (QuestionStr); >>- FreePool (PromptStr); >>- if (Key.UnicodeChar != CHAR_CARRIAGE_RETURN) { >>- break; >>- } >>- >>- DeleteFromForbidLoad ((UINT16)(QuestionId & >>(KEY_MODIFY_DP_MASK - 1))); >>- DisplayLoadForbid (); >>- break; >>- >>- // >>- // Connect permit device path modified. >>- // >>- case KEY_CONNECT_PERMIT_MODIFY: >>- break; >>- >>- // >>- // Connect forbid device path modified. >>- // >>- case KEY_CONNECT_FORBID_MODIFY: >>- break; >>- >>- default: >>- break; >>- } >>- break; >>- >>- default: >>- break; >>- } >>- break; >>- >>- default: >>- break; >>- } >>- } >>- break; >>- >>- >>- case EFI_BROWSER_ACTION_CHANGING: >>- { >>- // >>- // Handle the request from form. >>- // >>- if (Value == NULL) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- // >>- // Judge first 2 bits. >>- // >>- switch (QuestionId & KEY_FIRST_FORM_MASK) { >>- // >>- // Delete user profile operation. >>- // >>- case KEY_DEL_USER: >>- // >>- // Judge next 2 bits. >>- // >>- switch (QuestionId & KEY_SECOND_FORM_MASK) { >>- // >>- // Enter delete user profile form. >>- // >>- case KEY_ENTER_NEXT_FORM: >>- SelectUserToDelete (); >>- break; >>- >>- default: >>- break; >>- } >>- break; >>- >>- // >>- // Modify user profile operation. >>- // >>- case KEY_MODIFY_USER: >>- // >>- // Judge next 2 bits. >>- // >>- switch (QuestionId & KEY_SECOND_FORM_MASK) { >>- // >>- // Enter modify user profile form. >>- // >>- case KEY_ENTER_NEXT_FORM: >>- SelectUserToModify (); >>- break; >>- >>- // >>- // Enter user profile information form. >>- // >>- case KEY_SELECT_USER: >>- // >>- // Judge next 3 bits. >>- // >>- switch (QuestionId & KEY_MODIFY_INFO_MASK) { >>- // >>- // Display user information form. >>- // >>- case KEY_ENTER_NEXT_FORM: >>- ModifyUserInfo ((UINT8) QuestionId); >>- break; >>- >>- // >>- // Modify identity policy. >>- // >>- case KEY_MODIFY_IP: >>- // >>- // Judge next 3 bits >>- // >>- switch (QuestionId & KEY_MODIFY_IP_MASK) { >>- // >>- // Display identity policy modify form. >>- // >>- case KEY_ENTER_NEXT_FORM: >>- ModifyIdentityPolicy (); >>- break; >>- >>- default: >>- break; >>- } >>- break; >>- >>- // >>- // Modify access policy. >>- // >>- case KEY_MODIFY_AP: >>- // >>- // Judge next 3 bits. >>- // >>- switch (QuestionId & KEY_MODIFY_AP_MASK) { >>- // >>- // Display access policy modify form. >>- // >>- case KEY_ENTER_NEXT_FORM: >>- ModidyAccessPolicy (); >>- break; >>- // >>- // Load device path form. >>- // >>- case KEY_MODIFY_LOAD: >>- // >>- // Judge next 2 bits. >>- // >>- switch (QuestionId & KEY_DISPLAY_DP_MASK) { >>- // >>- // Permit load device path. >>- // >>- case KEY_PERMIT_MODIFY: >>- DisplayLoadPermit (); >>- break; >>- >>- // >>- // Forbid load device path. >>- // >>- case KEY_FORBID_MODIFY: >>- DisplayLoadForbid (); >>- break; >>- >>- default: >>- break; >>- } >>- break; >>- >>- // >>- // Connect device path form. >>- // >>- case KEY_MODIFY_CONNECT: >>- // >>- // Judge next 2 bits. >>- // >>- switch (QuestionId & KEY_DISPLAY_DP_MASK) { >>- // >>- // Permit connect device path. >>- // >>- case KEY_PERMIT_MODIFY: >>- DisplayConnectPermit (); >>- break; >>- >>- // >>- // Forbid connect device path. >>- // >>- case KEY_FORBID_MODIFY: >>- DisplayConnectForbid (); >>- break; >>- >>- default: >>- break; >>- } >>- break; >>- >>- default: >>- break; >>- } >>- break; >>- >>- default: >>- break; >>- } >>- break; >>- >>- default: >>- break; >>- } >>- break; >>- >>- default: >>- break; >>- } >>- } >>- break; >>- >>- default: >>- // >>- // All other action return unsupported. >>- // >>- Status = EFI_UNSUPPORTED; >>- break; >>- } >>- >>- >>- return Status; >>-} >>- >>- >>-/** >>- This function allows a caller to extract the current configuration for one >>- or more named elements from the target driver. >>- >>- >>- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. >>- @param Request A null-terminated Unicode string in <ConfigRequest> >>format. >>- @param Progress On return, points to a character in the Request string. >>- Points to the string's null terminator if request was successful. >>- Points to the most recent '&' before the first failing name/value >>- pair (or the beginning of the string if the failure is in the >>- first name/value pair) if the request was not successful. >>- @param Results A null-terminated Unicode string in <ConfigAltResp> >>format which >>- has all values filled in for the names in the Request string. >>- String to be allocated by the called function. >>- >>- @retval EFI_SUCCESS The Results is filled with the requested values. >>- @retval EFI_OUT_OF_RESOURCES Not enough memory to store the >>results. >>- @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown >>name. >>- @retval EFI_NOT_FOUND Routing data doesn't match any storage in >>this driver. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-FakeExtractConfig ( >>- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, >>- IN CONST EFI_STRING Request, >>- OUT EFI_STRING *Progress, >>- OUT EFI_STRING *Results >>- ) >>-{ >>- if (Progress == NULL || Results == NULL) { >>- return EFI_INVALID_PARAMETER; >>- } >>- *Progress = Request; >>- return EFI_NOT_FOUND; >>-} >>- >>-/** >>- This function processes the results of changes in configuration. >>- >>- >>- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. >>- @param Configuration A null-terminated Unicode string in <ConfigResp> >>format. >>- @param Progress A pointer to a string filled in with the offset of the >>most >>- recent '&' before the first failing name/value pair (or the >>- beginning of the string if the failure is in the first >>- name/value pair) or the terminating NULL if all was successful. >>- >>- @retval EFI_SUCCESS The Results is processed successfully. >>- @retval EFI_INVALID_PARAMETER Configuration is NULL. >>- @retval EFI_NOT_FOUND Routing data doesn't match any storage in >>this driver. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-FakeRouteConfig ( >>- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, >>- IN CONST EFI_STRING Configuration, >>- OUT EFI_STRING *Progress >>- ) >>-{ >>- if (Configuration == NULL || Progress == NULL) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- *Progress = Configuration; >>- >>- return EFI_NOT_FOUND; >>-} >>- >>- >>-/** >>- Main entry for this driver. >>- >>- @param ImageHandle Image handle this driver. >>- @param SystemTable Pointer to SystemTable. >>- >>- @retval EFI_SUCESS This function always complete successfully. >>- >>-**/ >>-EFI_STATUS >>-EFIAPI >>-UserProfileManagerInit ( >>- IN EFI_HANDLE ImageHandle, >>- IN EFI_SYSTEM_TABLE *SystemTable >>- ) >>-{ >>- EFI_STATUS Status; >>- USER_PROFILE_MANAGER_CALLBACK_INFO *CallbackInfo; >>- >>- Status = gBS->LocateProtocol ( >>- &gEfiUserManagerProtocolGuid, >>- NULL, >>- (VOID **) &mUserManager >>- ); >>- if (EFI_ERROR (Status)) { >>- return EFI_SUCCESS; >>- } >>- >>- // >>- // Initialize driver private data. >>- // >>- ZeroMem (&mUserInfo, sizeof (mUserInfo)); >>- ZeroMem (&mAccessInfo, sizeof (mAccessInfo)); >>- >>- CallbackInfo = AllocateZeroPool (sizeof >>(USER_PROFILE_MANAGER_CALLBACK_INFO)); >>- ASSERT (CallbackInfo != NULL); >>- >>- CallbackInfo->Signature = USER_PROFILE_MANAGER_SIGNATURE; >>- CallbackInfo->ConfigAccess.ExtractConfig = FakeExtractConfig; >>- CallbackInfo->ConfigAccess.RouteConfig = FakeRouteConfig; >>- CallbackInfo->ConfigAccess.Callback = UserProfileManagerCallback; >>- CallbackInfo->DriverHandle = NULL; >>- >>- // >>- // Install Device Path Protocol and Config Access protocol to driver handle. >>- // >>- Status = gBS->InstallMultipleProtocolInterfaces ( >>- &CallbackInfo->DriverHandle, >>- &gEfiDevicePathProtocolGuid, >>- &mHiiVendorDevicePath, >>- &gEfiHiiConfigAccessProtocolGuid, >>- &CallbackInfo->ConfigAccess, >>- NULL >>- ); >>- ASSERT_EFI_ERROR (Status); >>- >>- // >>- // Publish HII data. >>- // >>- CallbackInfo->HiiHandle = HiiAddPackages ( >>- &gUserProfileManagerGuid, >>- CallbackInfo->DriverHandle, >>- UserProfileManagerStrings, >>- UserProfileManagerVfrBin, >>- NULL >>- ); >>- ASSERT (CallbackInfo->HiiHandle != NULL); >>- mCallbackInfo = CallbackInfo; >>- >>- return Status; >>-} >>- >>- >>diff --git >>a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileMana >g >>er.h >>b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileMana >g >>er.h >>deleted file mode 100644 >>index aff1e28d9d..0000000000 >>--- >>a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileMana >g >>er.h >>+++ /dev/null >>@@ -1,444 +0,0 @@ >>-/** @file >>- The header file for user profile manager driver. >>- >>-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >>-This program and the accompanying materials >>-are licensed and made available under the terms and conditions of the BSD >>License >>-which accompanies this distribution. The full text of the license may be >>found at >>-http://opensource.org/licenses/bsd-license.php >>- >>-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >>-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>- >>-**/ >>- >>-#ifndef __EFI_USER_PROFILE_MANAGER_H__ >>-#define __EFI_USER_PROFILE_MANAGER_H__ >>- >>-#include <Uefi.h> >>- >>-#include <Guid/GlobalVariable.h> >>-#include <Guid/MdeModuleHii.h> >>- >>-#include <Protocol/HiiConfigAccess.h> >>-#include <Protocol/UserCredential2.h> >>-#include <Protocol/UserManager.h> >>- >>-#include <Library/UefiRuntimeServicesTableLib.h> >>-#include <Library/UefiBootServicesTableLib.h> >>-#include <Library/MemoryAllocationLib.h> >>-#include <Library/BaseMemoryLib.h> >>-#include <Library/DevicePathLib.h> >>-#include <Library/DebugLib.h> >>-#include <Library/UefiLib.h> >>-#include <Library/PrintLib.h> >>-#include <Library/HiiLib.h> >>- >>-#include "UserProfileManagerData.h" >>- >>-#define USER_NAME_LENGTH 17 >>- >>-// >>-// Credential Provider Information. >>-// >>-typedef struct { >>- UINTN Count; >>- EFI_USER_CREDENTIAL2_PROTOCOL *Provider[1]; >>-} CREDENTIAL_PROVIDER_INFO; >>- >>-// >>-// User profile information structure. >>-// >>-typedef struct { >>- UINT64 UsageCount; >>- EFI_TIME CreateDate; >>- EFI_TIME UsageDate; >>- UINTN AccessPolicyLen; >>- UINTN IdentityPolicyLen; >>- UINTN NewIdentityPolicyLen; >>- UINT8 *AccessPolicy; >>- UINT8 *IdentityPolicy; >>- UINT8 *NewIdentityPolicy; >>- CHAR16 UserName[USER_NAME_LENGTH]; >>- BOOLEAN CreateDateExist; >>- BOOLEAN UsageDateExist; >>- BOOLEAN AccessPolicyModified; >>- BOOLEAN IdentityPolicyModified; >>- BOOLEAN NewIdentityPolicyModified; >>-} USER_INFO; >>- >>-// >>-// User access information structure. >>-// >>-typedef struct { >>- UINTN LoadPermitLen; >>- UINTN LoadForbidLen; >>- UINTN ConnectPermitLen; >>- UINTN ConnectForbidLen; >>- UINT8 *LoadPermit; >>- UINT8 *LoadForbid; >>- UINT8 *ConnectPermit; >>- UINT8 *ConnectForbid; >>- UINT32 AccessBootOrder; >>- UINT8 AccessRight; >>- UINT8 AccessSetup; >>-} USER_INFO_ACCESS; >>- >>-#define USER_PROFILE_MANAGER_SIGNATURE SIGNATURE_32 ('U', 'P', >'M', >>'S') >>- >>-typedef struct { >>- UINTN Signature; >>- EFI_HANDLE DriverHandle; >>- EFI_HII_HANDLE HiiHandle; >>- EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess; >>-} USER_PROFILE_MANAGER_CALLBACK_INFO; >>- >>-// >>-// HII specific Vendor Device Path definition. >>-// >>-typedef struct { >>- VENDOR_DEVICE_PATH VendorDevicePath; >>- EFI_DEVICE_PATH_PROTOCOL End; >>-} HII_VENDOR_DEVICE_PATH; >>- >>-// >>-// This is the generated IFR binary data for each formset defined in VFR. >>-// >>-extern UINT8 UserProfileManagerVfrBin[]; >>- >>-// >>-// This is the generated String package data for .UNI file. >>-// >>-extern UINT8 UserProfileManagerStrings[]; >>- >>-// >>-// The user manager protocol, used in several function. >>-// >>-extern EFI_USER_MANAGER_PROTOCOL *mUserManager; >>- >>-// >>-// The credential providers database in system. >>-// >>-extern CREDENTIAL_PROVIDER_INFO *mProviderInfo; >>- >>-// >>-// The variables used to update identity policy. >>-// >>-extern UINT8 mProviderChoice; >>-extern UINT8 mConncetLogical; >>- >>-// >>-// The variables used to update access policy. >>-// >>-extern USER_INFO_ACCESS mAccessInfo; >>- >>-// >>-// The user information used to record all data in UI. >>-// >>-extern USER_INFO mUserInfo; >>- >>-extern USER_PROFILE_MANAGER_CALLBACK_INFO *mCallbackInfo; >>- >>-extern EFI_USER_PROFILE_HANDLE mModifyUser; >>- >>-/** >>- Get string by string id from HII Interface. >>- >>- >>- @param[in] Id String ID to get the string from. >>- >>- @retval CHAR16 * String from ID. >>- @retval NULL If error occurs. >>- >>-**/ >>-CHAR16 * >>-GetStringById ( >>- IN EFI_STRING_ID Id >>- ); >>- >>-/** >>- Add a new user profile into the user profile database. >>- >>-**/ >>-VOID >>-CallAddUser ( >>- VOID >>- ); >>- >>-/** >>- Display user select form; can select a user to modify. >>- >>-**/ >>-VOID >>-SelectUserToModify ( >>- VOID >>- ); >>- >>-/** >>- Display user select form, cab select a user to delete. >>- >>-**/ >>-VOID >>-SelectUserToDelete ( >>- VOID >>- ); >>- >>-/** >>- Delete the user specified by UserIndex in user profile database. >>- >>- @param[in] UserIndex The index of user in the user name list to be >>deleted. >>- >>-**/ >>-VOID >>-DeleteUser ( >>- IN UINT8 UserIndex >>- ); >>- >>-/** >>- Add a username item in form. >>- >>- @param[in] User Points to the user profile whose username is >added. >>- @param[in] Index The index of the user in the user name list. >>- @param[in] OpCodeHandle Points to container for dynamic created >>opcodes. >>- >>-**/ >>-VOID >>-AddUserToForm ( >>- IN EFI_USER_PROFILE_HANDLE User, >>- IN UINT16 Index, >>- IN VOID *OpCodeHandle >>- ); >>- >>-/** >>- Display modify user information form >>- >>- In this form, username, create Date, usage date, usage count, identity >policy, >>- and access policy are displayed. >>- >>- @param[in] UserIndex The index of the user in display list to modify. >>- >>-**/ >>-VOID >>-ModifyUserInfo ( >>- IN UINT8 UserIndex >>- ); >>- >>-/** >>- Get the username from user input and update username string in Hii >>- database with it. >>- >>-**/ >>-VOID >>-ModifyUserName ( >>- VOID >>- ); >>- >>-/** >>- Display the form of modifying user identity policy. >>- >>-**/ >>-VOID >>-ModifyIdentityPolicy ( >>- VOID >>- ); >>- >>-/** >>- Update the mUserInfo.NewIdentityPolicy and UI when 'add option' is >>pressed. >>- >>-**/ >>-VOID >>-AddIdentityPolicyItem ( >>- VOID >>- ); >>- >>-/** >>- Save the identity policy and update UI with it. >>- >>- This function will verify the new identity policy, in current implementation, >>- the identity policy can be: T, P & P & P & ..., P | P | P | ... >>- Here, "T" means "True", "P" means "Credential Provider", "&" means >"and", >>"|" means "or". >>- Other identity policies are not supported. >>- >>-**/ >>-VOID >>-SaveIdentityPolicy ( >>- VOID >>- ); >>- >>-/** >>- Display modify user access policy form >>- >>- In this form, access right, access setu,p and access boot order are >>dynamically >>- added. Load devicepath and connect devicepath are displayed too. >>- >>-**/ >>-VOID >>-ModidyAccessPolicy ( >>- VOID >>- ); >>- >>-/** >>- Collect all the access policy data to mUserInfo.AccessPolicy, >>- and save it to user profile. >>- >>-**/ >>-VOID >>-SaveAccessPolicy ( >>- VOID >>- ); >>- >>-/** >>- Get current user's access rights. >>- >>- @param[out] AccessRight Points to the buffer used for user's access >rights. >>- >>- @retval EFI_SUCCESS Get current user access rights successfully. >>- @retval others Fail to get current user access rights. >>- >>-**/ >>-EFI_STATUS >>-GetAccessRight ( >>- OUT UINT32 *AccessRight >>- ); >>- >>-/** >>- Display the permit load device path in the loadable device path list. >>- >>-**/ >>-VOID >>-DisplayLoadPermit( >>- VOID >>- ); >>- >>-/** >>- Display the forbid load device path list (mAccessInfo.LoadForbid). >>- >>-**/ >>-VOID >>-DisplayLoadForbid ( >>- VOID >>- ); >>- >>-/** >>- Display the permit connect device path. >>- >>-**/ >>-VOID >>-DisplayConnectPermit ( >>- VOID >>- ); >>- >>-/** >>- Display the forbid connect device path list. >>- >>-**/ >>-VOID >>-DisplayConnectForbid ( >>- VOID >>- ); >>- >>-/** >>- Delete the specified device path by DriverIndex from the forbid device >path >>- list (mAccessInfo.LoadForbid). >>- >>- @param[in] DriverIndex The index of driver in a forbidden device path list. >>- >>-**/ >>-VOID >>-DeleteFromForbidLoad ( >>- IN UINT16 DriverIndex >>- ); >>- >>-/** >>- Add the specified device path by DriverIndex to the forbid device path >>- list (mAccessInfo.LoadForbid). >>- >>- @param[in] DriverIndex The index of driver saved in driver options. >>- >>-**/ >>-VOID >>-AddToForbidLoad ( >>- IN UINT16 DriverIndex >>- ); >>- >>-/** >>- Get user name from the popup windows. >>- >>- @param[in, out] UserNameLen On entry, point to the buffer lengh of >>UserName. >>- On exit, point to the input user name length. >>- @param[out] UserName The buffer to hold the input user name. >>- >>- @retval EFI_ABORTED It is given up by pressing 'ESC' key. >>- @retval EFI_NOT_READY Not a valid input at all. >>- @retval EFI_SUCCESS Get a user name successfully. >>- >>-**/ >>-EFI_STATUS >>-GetUserNameInput ( >>- IN OUT UINTN *UserNameLen, >>- OUT CHAR16 *UserName >>- ); >>- >>-/** >>- Find the specified info in User profile by the InfoType. >>- >>- @param[in] User Handle of the user whose information will be >>searched. >>- @param[in] InfoType The user information type to find. >>- @param[out] UserInfo Points to user information handle found. >>- >>- @retval EFI_SUCCESS Find the user information successfully. >>- @retval Others Fail to find the user information. >>- >>-**/ >>-EFI_STATUS >>-FindInfoByType ( >>- IN EFI_USER_PROFILE_HANDLE User, >>- IN UINT8 InfoType, >>- OUT EFI_USER_INFO_HANDLE *UserInfo >>- ); >>- >>-/** >>- Convert the identity policy to a unicode string and update the Hii database >>- IpStringId string with it. >>- >>- @param[in] Ip Points to identity policy. >>- @param[in] IpLen The identity policy length. >>- @param[in] IpStringId String ID in the HII database to be replaced. >>- >>-**/ >>-VOID >>-ResolveIdentityPolicy ( >>- IN UINT8 *Ip, >>- IN UINTN IpLen, >>- IN EFI_STRING_ID IpStringId >>- ); >>- >>-/** >>- Expand access policy memory size. >>- >>- @param[in] ValidLen The valid access policy length. >>- @param[in] ExpandLen The length that is needed to expand. >>- >>-**/ >>-VOID >>-ExpandMemory ( >>- IN UINTN ValidLen, >>- IN UINTN ExpandLen >>- ); >>- >>-/** >>- Delete User's credental from all the providers that exist in User's identity >>policy. >>- >>- @param[in] IdentityPolicy Point to User's identity policy. >>- @param[in] IdentityPolicyLen The length of the identity policy. >>- @param[in] User Points to user profile. >>- >>-**/ >>-VOID >>-DeleteCredentialFromProviders ( >>- IN UINT8 *IdentityPolicy, >>- IN UINTN IdentityPolicyLen, >>- IN EFI_USER_PROFILE_HANDLE User >>- ); >>- >>-#endif >>diff --git >>a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileMana >g >>er.uni >>b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileMana >g >>er.uni >>deleted file mode 100644 >>index e4a768e00a..0000000000 >>--- >>a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileMana >g >>er.uni >>+++ /dev/null >>@@ -1,22 +0,0 @@ >>-// /** @file >>-// A UI tool to manage user profiles >>-// >>-// By this module, user can add/update/delete user profiles, and can also >>-// modify the user access policy and the user identification policy. >>-// >>-// Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR> >>-// >>-// This program and the accompanying materials >>-// are licensed and made available under the terms and conditions of the >BSD >>License >>-// which accompanies this distribution. The full text of the license may be >>found at >>-// http://opensource.org/licenses/bsd-license.php >>-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >>BASIS, >>-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>-// >>-// **/ >>- >>- >>-#string STR_MODULE_ABSTRACT #language en-US "A UI tool to >>manage user profiles" >>- >>-#string STR_MODULE_DESCRIPTION #language en-US "By this module, >>user can add/update/delete user profiles, and can also modify the user >access >>policy and the user identification policy." >>- >>diff --git >>a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileMana >g >>erData.h >>b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileMana >g >>erData.h >>deleted file mode 100644 >>index a83caac9ba..0000000000 >>--- >>a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileMana >g >>erData.h >>+++ /dev/null >>@@ -1,158 +0,0 @@ >>-/** @file >>- The form data for user profile manager driver. >>- >>-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >>-This program and the accompanying materials >>-are licensed and made available under the terms and conditions of the BSD >>License >>-which accompanies this distribution. The full text of the license may be >>found at >>-http://opensource.org/licenses/bsd-license.php >>- >>-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >>-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>- >>-**/ >>- >>-#ifndef __USER_PROFILE_MANAGER_DATA_H__ >>-#define __USER_PROFILE_MANAGER_DATA_H__ >>- >>-#include <Guid/UserProfileManagerHii.h> >>- >>-// >>-// Form ID >>-// >>-#define FORMID_USER_MANAGE 0x0001 >>-#define FORMID_MODIFY_USER 0x0002 >>-#define FORMID_DEL_USER 0x0003 >>-#define FORMID_USER_INFO 0x0004 >>-#define FORMID_MODIFY_IP 0x0005 >>-#define FORMID_MODIFY_AP 0x0006 >>-#define FORMID_LOAD_DP 0x0007 >>-#define FORMID_CONNECT_DP 0x0008 >>-#define FORMID_PERMIT_LOAD_DP 0x0009 >>-#define FORMID_FORBID_LOAD_DP 0x000A >>-#define FORMID_PERMIT_CONNECT_DP 0x000B >>-#define FORMID_FORBID_CONNECT_DP 0x000C >>- >>-// >>-// Label ID >>-// >>-#define LABEL_USER_MANAGE_FUNC 0x0010 >>-#define LABEL_USER_DEL_FUNC 0x0020 >>-#define LABEL_USER_MOD_FUNC 0x0030 >>-#define LABEL_USER_INFO_FUNC 0x0040 >>-#define LABEL_IP_MOD_FUNC 0x0050 >>-#define LABEL_AP_MOD_FUNC 0x0060 >>-#define LABEL_PERMIT_LOAD_FUNC 0x0070 >>-#define LABLE_FORBID_LOAD_FUNC 0x0080 >>-#define LABEL_END 0x00F0 >>- >>-// >>-// First form key (Add/modify/del user profile). >>-// First 2 bits (bit 16~15). >>-// >>-#define KEY_MODIFY_USER 0x4000 >>-#define KEY_DEL_USER 0x8000 >>-#define KEY_ADD_USER 0xC000 >>-#define KEY_FIRST_FORM_MASK 0xC000 >>- >>-// >>-// Second form key (Display new form /Select user / modify device path in >>access policy). >>-// Next 2 bits (bit 14~13). >>-// >>-#define KEY_ENTER_NEXT_FORM 0x0000 >>-#define KEY_SELECT_USER 0x1000 >>-#define KEY_MODIFY_AP_DP 0x2000 >>-#define KEY_OPEN_CLOSE_FORM_ACTION 0x3000 >>-#define KEY_SECOND_FORM_MASK 0x3000 >>- >>-// >>-// User profile information form key. >>-// Next 3 bits (bit 12~10). >>-// >>-#define KEY_MODIFY_NAME 0x0200 >>-#define KEY_MODIFY_IP 0x0400 >>-#define KEY_MODIFY_AP 0x0600 >>-#define KEY_MODIFY_INFO_MASK 0x0E00 >>- >>-// >>-// Specified key, used in VFR (KEY_MODIFY_USER | KEY_SELECT_USER | >>KEY_MODIFY_NAME). >>-// >>-#define KEY_MODIFY_USER_NAME 0x5200 >>- >>-// >>-// Modify identity policy form key. >>-// Next 3 bits (bit 9~7). >>-// >>-#define KEY_MODIFY_PROV 0x0040 >>-#define KEY_MODIFY_MTYPE 0x0080 >>-#define KEY_MODIFY_CONN 0x00C0 >>-#define KEY_ADD_IP_OP 0x0100 >>-#define KEY_IP_RETURN_UIF 0x0140 >>-#define KEY_MODIFY_IP_MASK 0x01C0 >>- >>-// >>-// Specified key. >>-// >>-#define KEY_ADD_LOGICAL_OP 0x5500 >>-#define KEY_IP_RETURN 0x5540 >>- >>-// >>-// Modify access policy form key. >>-// Next 3 bits (bit 9~7). >>-// >>-#define KEY_MODIFY_RIGHT 0x0040 >>-#define KEY_MODIFY_SETUP 0x0080 >>-#define KEY_MODIFY_BOOT 0x00C0 >>-#define KEY_MODIFY_LOAD 0x0100 >>-#define KEY_MODIFY_CONNECT 0x0140 >>-#define KEY_AP_RETURN_UIF 0x0180 >>-#define KEY_MODIFY_AP_MASK 0x01C0 >>- >>-// >>-// Specified key. >>-// >>-#define KEY_LOAD_DP 0x5700 >>-#define KEY_CONN_DP 0x5740 >>-#define KEY_AP_RETURN 0x5780 >>- >>-// >>-// Device path form key. >>-// Next 2 bits (bit 6~5). >>-// >>-#define KEY_PERMIT_MODIFY 0x0010 >>-#define KEY_FORBID_MODIFY 0x0020 >>-#define KEY_DISPLAY_DP_MASK 0x0030 >>- >>-// >>-// Specified key. >>-// >>-#define KEY_LOAD_PERMIT 0x5710 >>-#define KEY_LOAD_FORBID 0x5720 >>-#define KEY_CONNECT_PERMIT 0x5750 >>-#define KEY_CONNECT_FORBID 0x5760 >>- >>-// >>-// Device path modify key. >>-// 2 bits (bit 12~11). >>-// >>-#define KEY_LOAD_PERMIT_MODIFY 0x0000 >>-#define KEY_LOAD_FORBID_MODIFY 0x0400 >>-#define KEY_CONNECT_PERMIT_MODIFY 0x0800 >>-#define KEY_CONNECT_FORBID_MODIFY 0x0C00 >>-#define KEY_MODIFY_DP_MASK 0x0C00 >>- >>- >>-// >>-// The permissions usable when configuring the platform. >>-// >>-#define ACCESS_SETUP_RESTRICTED 1 >>-#define ACCESS_SETUP_NORMAL 2 >>-#define ACCESS_SETUP_ADMIN 3 >>- >>-// >>-// Question ID for the question used in each form >>(KEY_OPEN_CLOSE_FORM_ACTION | FORMID_FORM_USER_MANAGE) >>-// This ID is used in FORM OPEN/CLOSE CallBack action. >>-// >>-#define QUESTIONID_USER_MANAGE 0x3001 >>- >>-#endif >>diff --git >>a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileMana >g >>erDxe.inf >>b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileMana >g >>erDxe.inf >>deleted file mode 100644 >>index cdd97731b2..0000000000 >>--- >>a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileMana >g >>erDxe.inf >>+++ /dev/null >>@@ -1,72 +0,0 @@ >>-## @file >>-# A UI tool to manage user profiles >>-# >>-# By this module, user can add/update/delete user profiles, and can also >>-# modify the user access policy and the user identification policy. >>-# >>-# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >>-# This program and the accompanying materials >>-# are licensed and made available under the terms and conditions of the >BSD >>License >>-# which accompanies this distribution. The full text of the license may be >>found at >>-# http://opensource.org/licenses/bsd-license.php >>-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >>BASIS, >>-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>-# >>-## >>- >>-[Defines] >>- INF_VERSION = 0x00010005 >>- BASE_NAME = UserProfileManager >>- MODULE_UNI_FILE = UserProfileManager.uni >>- FILE_GUID = E38CB52D-A74D-45db-A8D0-290C9B21BBF2 >>- MODULE_TYPE = DXE_DRIVER >>- VERSION_STRING = 1.0 >>- ENTRY_POINT = UserProfileManagerInit >>- >>-[Sources] >>- UserProfileManager.c >>- UserProfileManager.h >>- UserProfileAdd.c >>- UserProfileDelete.c >>- UserProfileModify.c >>- ModifyIdentityPolicy.c >>- ModifyAccessPolicy.c >>- UserProfileManagerData.h >>- UserProfileManagerStrings.uni >>- UserProfileManagerVfr.Vfr >>- >>-[Packages] >>- MdePkg/MdePkg.dec >>- MdeModulePkg/MdeModulePkg.dec >>- SecurityPkg/SecurityPkg.dec >>- >>-[LibraryClasses] >>- UefiRuntimeServicesTableLib >>- UefiBootServicesTableLib >>- UefiDriverEntryPoint >>- MemoryAllocationLib >>- BaseMemoryLib >>- DebugLib >>- HiiLib >>- UefiLib >>- DevicePathLib >>- >>-[Guids] >>- gEfiIfrTianoGuid ## SOMETIMES_CONSUMES ## GUID >>- gEfiUserInfoAccessSetupAdminGuid ## SOMETIMES_CONSUMES >## >>GUID >>- gEfiUserInfoAccessSetupNormalGuid ## SOMETIMES_CONSUMES >## >>GUID >>- gEfiUserInfoAccessSetupRestrictedGuid ## SOMETIMES_CONSUMES >>## GUID >>- gUserProfileManagerGuid ## CONSUMES ## HII >>- >>-[Protocols] >>- gEfiDevicePathProtocolGuid ## PRODUCES >>- gEfiHiiConfigAccessProtocolGuid ## PRODUCES >>- gEfiUserCredential2ProtocolGuid ## SOMETIMES_CONSUMES >>- gEfiUserManagerProtocolGuid ## CONSUMES >>- >>-[Depex] >>- gEfiUserManagerProtocolGuid >>- >>-[UserExtensions.TianoCore."ExtraFiles"] >>- UserProfileManagerExtra.uni >>- >>diff --git >>a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileMana >g >>erExtra.uni >>b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileMana >g >>erExtra.uni >>deleted file mode 100644 >>index bf7ac7dc04..0000000000 >>--- >>a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileMana >g >>erExtra.uni >>+++ /dev/null >>@@ -1,19 +0,0 @@ >>-// /** @file >>-// UserProfileManager Localized Strings and Content >>-// >>-// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> >>-// >>-// This program and the accompanying materials >>-// are licensed and made available under the terms and conditions of the >BSD >>License >>-// which accompanies this distribution. The full text of the license may be >>found at >>-// http://opensource.org/licenses/bsd-license.php >>-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >>BASIS, >>-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>-// >>-// **/ >>- >>-#string STR_PROPERTIES_MODULE_NAME >>-#language en-US >>-"User Profile Manager" >>- >>- >>diff --git >>a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileMana >g >>erStrings.uni >>b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileMana >g >>erStrings.uni >>deleted file mode 100644 >>index 3a003a9883..0000000000 >>--- >>a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileMana >g >>erStrings.uni >>+++ /dev/null >>@@ -1,158 +0,0 @@ >>-/** @file >>- String definitions for User Profile Manager driver. >>- >>-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >>-This program and the accompanying materials >>-are licensed and made available under the terms and conditions of the BSD >>License >>-which accompanies this distribution. The full text of the license may be >>found at >>-http://opensource.org/licenses/bsd-license.php >>- >>-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >>-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>- >>-**/ >>- >>-#langdef en-US "English" >>-#langdef fr-FR "Français" >>- >>-#string STR_NULL_STRING #language en-US "" >>- #language fr-FR "" >>-#string STR_FORMSET_TITLE #language en-US "User Manager" >>- #language fr-FR "User Manager(French)" >>-#string STR_TITLE_HELP #language en-US "This selection will take >>you to the User Manager" >>- #language fr-FR "This selection will take you to the User >>Manager(French)" >>-#string STR_USERMAN_TITLE #language en-US "User Manager" >>- #language fr-FR "User Manager(French)" >>-#string STR_ADD_USER_TITLE #language en-US "Add User Profile" >>- #language fr-FR "Add User Profile(French)" >>-#string STR_ADD_USER_HELP #language en-US "Add User Profile to >>User Database" >>- #language fr-FR "Add User Profile to User >>Database(French)" >>-#string STR_MODIFY_USER_TITLE #language en-US "Modify User >>Profile" >>- #language fr-FR "Modify User Profile(French)" >>-#string STR_MODIFY_USER_HELP #language en-US "Modify User >Profile >>Information" >>- #language fr-FR "Modify User Profile >>Information(French)" >>-#string STR_DELETE_USER_TITLE #language en-US "Delete User >Profile" >>- #language fr-FR "Delete User Profile(French)" >>-#string STR_DELETE_USER_HELP #language en-US "Delete User Profile >>from User Database" >>- #language fr-FR "Delete User Profile from User >>Database(French)" >>-#string STR_USER_INFO #language en-US "User Profile >>Information" >>- #language fr-FR "User Profile Information(French)" >>-#string STR_USER_NAME #language en-US "User Name" >>- #language fr-FR "User Name(French)" >>-#string STR_USER_NAME_VAL #language en-US "" >>- #language fr-FR "" >>-#string STR_CREATE_DATE #language en-US "Create Date" >>- #language fr-FR "Create Date(French)" >>-#string STR_CREATE_DATE_VAL #language en-US "" >>- #language fr-FR "" >>-#string STR_USAGE_DATE #language en-US "Usage Date" >>- #language fr-FR "Usage Date(French)" >>-#string STR_USAGE_DATE_VAL #language en-US "" >>- #language fr-FR "" >>-#string STR_USAGE_COUNT #language en-US "Usage Count" >>- #language fr-FR "Usage Count(French)" >>-#string STR_USAGE_COUNT_VAL #language en-US "" >>- #language fr-FR "" >>-#string STR_IDENTIFY_POLICY #language en-US "Identify Policy" >>- #language fr-FR "Identify Policy(French)" >>-#string STR_IDENTIFY_POLICY_VAL #language en-US "" >>- #language fr-FR "" >>-#string STR_ACCESS_POLICY #language en-US "Access Policy" >>- #language fr-FR "Access Policy(French)" >>-#string STR_SAVE #language en-US "Save & Exit" >>- #language fr-FR "Save & Exit(French)" >>-#string STR_IDENTIFY_SAVE_HELP #language en-US "Save Identify >Policy >>and Exit" >>- #language fr-FR "Save Identify Policy and Exit(French)" >>-#string STR_PROVIDER #language en-US "Credential Provider" >>- #language fr-FR "Credential Provider(French)" >>-#string STR_PROVIDER_HELP #language en-US "Select Credential >>Provider Option" >>- #language fr-FR "Select Credential Provider >>Option(French)" >>-#string STR_OR_CON #language en-US "Or" >>- #language fr-FR "Or(French)" >>-#string STR_AND_CON #language en-US "And" >>- #language fr-FR "And(French)" >>-#string STR_CONNECTOR #language en-US "Logical Connector" >>- #language fr-FR "Logical Connector(French)" >>-#string STR_CONNECTOR_HELP #language en-US "Select Logical >>Connector Option" >>- #language fr-FR "Select Logical Connector >>Option(French)" >>-#string STR_IDENTIFY_POLICY_VALUE #language en-US "" >>- #language fr-FR "" >>-#string STR_IDENTIFY_POLICY_HELP #language en-US "Current Identify >>Policy" >>- #language fr-FR "Current Identify Policy(French)" >>-#string STR_ADD_OPTION #language en-US "Add Option" >>- #language fr-FR "Add Option(French)" >>-#string STR_ADD_OPTION_HELP #language en-US "Add This Option >to >>Identify Policy" >>- #language fr-FR "Add This Option to Identify >>Policy(French)" >>-#string STR_ACCESS_SAVE_HELP #language en-US "Save Access Policy >>and Exit" >>- #language fr-FR "Save Access Policy and Exit(French)" >>-#string STR_ACCESS_RIGHT #language en-US "Access Right" >>- #language fr-FR "Access Right(French)" >>-#string STR_ACCESS_RIGHT_HELP #language en-US "Select Access >Right >>Option" >>- #language fr-FR "Select Access Right Option(French)" >>-#string STR_NORMAL #language en-US "Normal" >>- #language fr-FR "Normal(French)" >>-#string STR_ENROLL #language en-US "Enroll" >>- #language fr-FR "Enroll(French)" >>-#string STR_MANAGE #language en-US "Manage" >>- #language fr-FR "Manage(French)" >>-#string STR_ACCESS_SETUP #language en-US "Access Setup" >>- #language fr-FR "Access Setup(French)" >>-#string STR_ACCESS_SETUP_HELP #language en-US "Select Access >>Setup Option" >>- #language fr-FR "Selelct Access Setup Option(French)" >>-#string STR_RESTRICTED #language en-US "Restricted" >>- #language fr-FR "Restricted(French)" >>-#string STR_ADMIN #language en-US "Admin" >>- #language fr-FR "Admin(French)" >>-#string STR_BOOR_ORDER #language en-US "Access Boot Order" >>- #language fr-FR "Access Boot Order(French)" >>-#string STR_BOOT_ORDER_HELP #language en-US "Select Access >Boot >>Order Option" >>- #language fr-FR "Select Access Boot Order >>Option(French)" >>-#string STR_INSERT #language en-US "Insert" >>- #language fr-FR "Insert(French)" >>-#string STR_APPEND #language en-US "Append" >>- #language fr-FR "Append(French)" >>-#string STR_REPLACE #language en-US "Replace" >>- #language fr-FR "Replace(French)" >>-#string STR_NODEFAULT #language en-US "Nodefault" >>- #language fr-FR "Nodefault(French)" >>-#string STR_LOAD #language en-US "Load Device Path" >>- #language fr-FR "Load Device Path(French)" >>-#string STR_LOAD_HELP #language en-US "Select Permit/Forbid >>Load Device Path" >>- #language fr-FR "Select Permit/Forbid Load Device >>Path(French)" >>-#string STR_CONNECT #language en-US "Connect Device Path" >>- #language fr-FR "Connect Device Path(French)" >>-#string STR_CONNECT_HELP #language en-US "Select Permit/Forbid >>Connect Device Path" >>- #language fr-FR "Select Permit/Forbid Connect Device >>Path(French)" >>-#string STR_LOAD_PERMIT #language en-US "Permit Load Device >>Path" >>- #language fr-FR "Permit Load Device Path(French)" >>-#string STR_LOAD_PERMIT_HELP #language en-US "Change Permit >>Load Device Path to Forbid" >>- #language fr-FR "Change Permit Load Device Path to >>Forbid(French)" >>-#string STR_LOAD_FORBID #language en-US "Forbid Load Device >>Path" >>- #language fr-FR "Forbid Load Device Path(French)" >>-#string STR_LOAD_FORBID_HELP #language en-US "Change Forbid >Load >>Device Path to Permit" >>- #language fr-FR "Change Forbid Load Device Path to >>Permit(French)" >>-#string STR_CONNECT_PERMIT #language en-US "Permit Connect >>Device Path" >>- #language fr-FR "Permit Connect Device Path(French)" >>-#string STR_CONNECT_PERMIT_HELP #language en-US "Change Permit >>Connect Device Path to Forbid" >>- #language fr-FR "Change Permit Connect Device Path to >>Forbid(French)" >>-#string STR_CONNECT_FORBID #language en-US "Forbid Connect >>Device Path" >>- #language fr-FR "Forbid Connect Device Path(French)" >>-#string STR_CONNECT_FORBID_HELP #language en-US "Change Forbid >>Connect Device Path to Permit" >>- #language fr-FR "Change Forbid Connect Device Path to >>Permit(French)" >>-#string STR_PRESS_KEY_CONTINUE #language en-US "Press ENTER to >>Continue, Other Key to Cancel ..." >>- #language fr-FR "Press ENTER to Continue, Other Key to >>Cancel ...(French)" >>-#string STR_MOVE_TO_FORBID_LIST #language en-US "Are You Sure to >>Move It to Forbid List?" >>- #language fr-FR "Are You Sure to Move It to Forbid >>List?(French)" >>-#string STR_MOVE_TO_PERMIT_LIST #language en-US "Are You Sure >to >>Move It to Permit List?" >>- #language fr-FR "Are You Sure to Move It to Permit >>List?(French)" >>-#string STR_STROKE_KEY_CONTINUE #language en-US "Please Press >Any >>Key to Continue ..." >>- #language fr-FR "Please Press Any Key to Continue ... >>(French)" >>-#string STR_CREATE_PROFILE_FAILED #language en-US "Create New >User >>Profile Failed!" >>- #language fr-FR "Create New User Profile Failed! >>(French)" >>-#string STR_CREATE_PROFILE_SUCCESS #language en-US "Create New >>User Profile Succeed!" >>- #language fr-FR "Create New User Profile Succeed! >>(French)" >>-#string STR_USER_ALREADY_EXISTED #language en-US "User Name Had >>Already Existed." >>- #language fr-FR "User Name Had Already Existed. >>(French)" >>-#string STR_GET_USERNAME_FAILED #language en-US "Failed To Get >>User Name." >>- #language fr-FR "Failed To Get User Name. (French)" >>- >>diff --git >>a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileMana >g >>erVfr.Vfr >>b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileMana >g >>erVfr.Vfr >>deleted file mode 100644 >>index 2cf3359f2a..0000000000 >>--- >>a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileMana >g >>erVfr.Vfr >>+++ /dev/null >>@@ -1,244 +0,0 @@ >>-/** @file >>- User Profile Manager formset. >>- >>-Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR> >>-This program and the accompanying materials >>-are licensed and made available under the terms and conditions of the BSD >>License >>-which accompanies this distribution. The full text of the license may be >>found at >>-http://opensource.org/licenses/bsd-license.php >>- >>-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >>-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>- >>-**/ >>- >>-#include "UserProfileManagerData.h" >>- >>-#define USER_MANAGER_CLASS 0x00 >>-#define USER_MANAGER_SUBCLASS 0x04 >>- >>-formset >>- guid = USER_PROFILE_MANAGER_GUID, >>- title = STRING_TOKEN(STR_FORMSET_TITLE), >>- help = STRING_TOKEN(STR_TITLE_HELP), >>- >>- // User manager form >>- form formid = FORMID_USER_MANAGE, >>- title = STRING_TOKEN(STR_USERMAN_TITLE); >>- >>- label LABEL_USER_MANAGE_FUNC; >>- label LABEL_END; >>- >>- suppressif TRUE; >>- text >>- help = STRING_TOKEN(STR_NULL_STRING), >>- text = STRING_TOKEN(STR_NULL_STRING), >>- flags = INTERACTIVE, >>- key = QUESTIONID_USER_MANAGE; >>- endif; >>- >>- endform; >>- >>- // Modify user profile form >>- form formid = FORMID_MODIFY_USER, >>- title = STRING_TOKEN(STR_MODIFY_USER_TITLE); >>- >>- label LABEL_USER_MOD_FUNC; >>- label LABEL_END; >>- >>- endform; >>- >>- // Delete user profile form >>- form formid = FORMID_DEL_USER, >>- title = STRING_TOKEN(STR_DELETE_USER_TITLE); >>- >>- label LABEL_USER_DEL_FUNC; >>- label LABEL_END; >>- >>- subtitle >>- text = STRING_TOKEN(STR_NULL_STRING); >>- endform; >>- >>- // >>- // User profile information form >>- // >>- form formid = FORMID_USER_INFO, >>- title = STRING_TOKEN(STR_USER_INFO); >>- >>- text >>- help = STRING_TOKEN(STR_USER_NAME_VAL), >>- text = STRING_TOKEN(STR_USER_NAME), >>- flags = INTERACTIVE, >>- key = KEY_MODIFY_USER_NAME; >>- >>- text >>- help = STRING_TOKEN(STR_CREATE_DATE_VAL), >>- text = STRING_TOKEN(STR_CREATE_DATE); >>- >>- text >>- help = STRING_TOKEN(STR_USAGE_DATE_VAL), >>- text = STRING_TOKEN(STR_USAGE_DATE); >>- >>- text >>- help = STRING_TOKEN(STR_USAGE_COUNT_VAL), >>- text = STRING_TOKEN(STR_USAGE_COUNT); >>- >>- label LABEL_USER_INFO_FUNC; >>- label LABEL_END; >>- >>- endform; >>- >>- // >>- // Identify policy modify form >>- // >>- form formid = FORMID_MODIFY_IP, >>- title = STRING_TOKEN(STR_IDENTIFY_POLICY); >>- >>- text >>- help = STRING_TOKEN(STR_IDENTIFY_POLICY_HELP), >>- text = STRING_TOKEN(STR_IDENTIFY_POLICY), >>- text = STRING_TOKEN(STR_IDENTIFY_POLICY_VALUE); >>- >>- label LABEL_IP_MOD_FUNC; >>- label LABEL_END; >>- >>- text >>- help = STRING_TOKEN(STR_ADD_OPTION_HELP), >>- text = STRING_TOKEN(STR_ADD_OPTION), >>- flags = INTERACTIVE, >>- key = KEY_ADD_LOGICAL_OP; >>- >>- subtitle >>- text = STRING_TOKEN(STR_NULL_STRING); >>- >>- text >>- help = STRING_TOKEN(STR_IDENTIFY_SAVE_HELP), >>- text = STRING_TOKEN(STR_SAVE), >>- flags = INTERACTIVE, >>- key = KEY_IP_RETURN; >>- >>- endform; >>- >>- // >>- // Access policy modify form >>- // >>- form formid = FORMID_MODIFY_AP, >>- title = STRING_TOKEN(STR_ACCESS_POLICY); >>- >>- label LABEL_AP_MOD_FUNC; >>- label LABEL_END; >>- >>- goto FORMID_LOAD_DP, >>- prompt = STRING_TOKEN(STR_LOAD), >>- help = STRING_TOKEN(STR_LOAD_HELP), >>- flags = INTERACTIVE, >>- key = KEY_LOAD_DP; >>- >>- goto FORMID_CONNECT_DP, >>- prompt = STRING_TOKEN(STR_CONNECT), >>- help = STRING_TOKEN(STR_CONNECT_HELP), >>- flags = INTERACTIVE, >>- key = KEY_CONN_DP; >>- >>- subtitle >>- text = STRING_TOKEN(STR_NULL_STRING); >>- >>- text >>- help = STRING_TOKEN(STR_ACCESS_SAVE_HELP), >>- text = STRING_TOKEN(STR_SAVE), >>- flags = INTERACTIVE, >>- key = KEY_AP_RETURN; >>- >>- endform; >>- >>- // >>- // Load device path form >>- // >>- form formid = FORMID_LOAD_DP, >>- title = STRING_TOKEN(STR_LOAD); >>- >>- goto FORMID_PERMIT_LOAD_DP, >>- prompt = STRING_TOKEN(STR_LOAD_PERMIT), >>- help = STRING_TOKEN(STR_LOAD_PERMIT_HELP), >>- flags = INTERACTIVE, >>- key = KEY_LOAD_PERMIT; >>- >>- goto FORMID_FORBID_LOAD_DP, >>- prompt = STRING_TOKEN(STR_LOAD_FORBID), >>- help = STRING_TOKEN(STR_LOAD_FORBID_HELP), >>- flags = INTERACTIVE, >>- key = KEY_LOAD_FORBID; >>- >>- endform; >>- >>- // >>- // Permit load device path form >>- // >>- form formid = FORMID_PERMIT_LOAD_DP, >>- title = STRING_TOKEN(STR_LOAD_PERMIT); >>- >>- label LABEL_PERMIT_LOAD_FUNC; >>- label LABEL_END; >>- >>- subtitle >>- text = STRING_TOKEN(STR_NULL_STRING); >>- >>- endform; >>- >>- // >>- // Forbid load device path form >>- // >>- form formid = FORMID_FORBID_LOAD_DP, >>- title = STRING_TOKEN(STR_LOAD_FORBID); >>- >>- label LABLE_FORBID_LOAD_FUNC; >>- label LABEL_END; >>- >>- subtitle >>- text = STRING_TOKEN(STR_NULL_STRING); >>- >>- endform; >>- >>- // >>- // Connect device path form >>- // >>- form formid = FORMID_CONNECT_DP, >>- title = STRING_TOKEN(STR_CONNECT); >>- >>- goto FORMID_PERMIT_CONNECT_DP, >>- prompt = STRING_TOKEN(STR_CONNECT_PERMIT), >>- help = STRING_TOKEN(STR_CONNECT_PERMIT_HELP), >>- flags = INTERACTIVE, >>- key = KEY_CONNECT_PERMIT; >>- >>- goto FORMID_FORBID_CONNECT_DP, >>- prompt = STRING_TOKEN(STR_CONNECT_FORBID), >>- help = STRING_TOKEN(STR_CONNECT_FORBID_HELP), >>- flags = INTERACTIVE, >>- key = KEY_CONNECT_FORBID; >>- >>- endform; >>- >>- // >>- // Permit connect device path form >>- // >>- form formid = FORMID_PERMIT_CONNECT_DP, >>- title = STRING_TOKEN(STR_CONNECT_PERMIT); >>- >>- subtitle >>- text = STRING_TOKEN(STR_NULL_STRING); >>- >>- endform; >>- >>- // >>- // Forbid connect device path form >>- // >>- form formid = FORMID_FORBID_CONNECT_DP, >>- title = STRING_TOKEN(STR_CONNECT_FORBID); >>- >>- subtitle >>- text = STRING_TOKEN(STR_NULL_STRING); >>- >>- endform; >>- >>-endformset; >>diff --git >>a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModif >y >>.c >>b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModif >y >>.c >>deleted file mode 100644 >>index d165e5ae9b..0000000000 >>--- >>a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModif >y >>.c >>+++ /dev/null >>@@ -1,1475 +0,0 @@ >>-/** @file >>- The functions to modify a user profile. >>- >>-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> >>-This program and the accompanying materials >>-are licensed and made available under the terms and conditions of the BSD >>License >>-which accompanies this distribution. The full text of the license may be >>found at >>-http://opensource.org/licenses/bsd-license.php >>- >>-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >BASIS, >>-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >>EXPRESS OR IMPLIED. >>- >>-**/ >>- >>-#include "UserProfileManager.h" >>- >>-EFI_USER_PROFILE_HANDLE mModifyUser = NULL; >>- >>-/** >>- Display user select form, cab select a user to modify. >>- >>-**/ >>-VOID >>-SelectUserToModify ( >>- VOID >>- ) >>-{ >>- EFI_STATUS Status; >>- UINT8 Index; >>- EFI_USER_PROFILE_HANDLE User; >>- EFI_USER_PROFILE_HANDLE CurrentUser; >>- UINT32 CurrentAccessRight; >>- VOID *StartOpCodeHandle; >>- VOID *EndOpCodeHandle; >>- EFI_IFR_GUID_LABEL *StartLabel; >>- EFI_IFR_GUID_LABEL *EndLabel; >>- >>- // >>- // Initialize the container for dynamic opcodes. >>- // >>- StartOpCodeHandle = HiiAllocateOpCodeHandle (); >>- ASSERT (StartOpCodeHandle != NULL); >>- >>- EndOpCodeHandle = HiiAllocateOpCodeHandle (); >>- ASSERT (EndOpCodeHandle != NULL); >>- >>- // >>- // Create Hii Extend Label OpCode. >>- // >>- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >>- StartOpCodeHandle, >>- &gEfiIfrTianoGuid, >>- NULL, >>- sizeof (EFI_IFR_GUID_LABEL) >>- ); >>- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >>- StartLabel->Number = LABEL_USER_MOD_FUNC; >>- >>- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >>- EndOpCodeHandle, >>- &gEfiIfrTianoGuid, >>- NULL, >>- sizeof (EFI_IFR_GUID_LABEL) >>- ); >>- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >>- EndLabel->Number = LABEL_END; >>- >>- // >>- // Add each user can be modified. >>- // >>- User = NULL; >>- Index = 1; >>- mUserManager->Current (mUserManager, &CurrentUser); >>- while (TRUE) { >>- Status = mUserManager->GetNext (mUserManager, &User); >>- if (EFI_ERROR (Status)) { >>- break; >>- } >>- >>- Status = GetAccessRight (&CurrentAccessRight); >>- if (EFI_ERROR (Status)) { >>- CurrentAccessRight = EFI_USER_INFO_ACCESS_ENROLL_SELF; >>- } >>- >>- if ((CurrentAccessRight == EFI_USER_INFO_ACCESS_MANAGE) || (User >== >>CurrentUser)) { >>- AddUserToForm (User, (UINT16)(KEY_MODIFY_USER | >KEY_SELECT_USER >>| Index), StartOpCodeHandle); >>- } >>- Index++; >>- } >>- >>- HiiUpdateForm ( >>- mCallbackInfo->HiiHandle, // HII handle >>- &gUserProfileManagerGuid, // Formset GUID >>- FORMID_MODIFY_USER, // Form ID >>- StartOpCodeHandle, // Label for where to insert opcodes >>- EndOpCodeHandle // Replace data >>- ); >>- >>- HiiFreeOpCodeHandle (StartOpCodeHandle); >>- HiiFreeOpCodeHandle (EndOpCodeHandle); >>-} >>- >>- >>-/** >>- Get all the user info from mModifyUser in the user manager, and save on >>the >>- global variable. >>- >>-**/ >>-VOID >>-GetAllUserInfo ( >>- VOID >>- ) >>-{ >>- EFI_STATUS Status; >>- EFI_USER_INFO_HANDLE UserInfo; >>- EFI_USER_INFO *Info; >>- UINTN InfoSize; >>- UINTN MemSize; >>- UINTN DataLen; >>- >>- // >>- // Init variable to default value. >>- // >>- mProviderChoice = 0; >>- mConncetLogical = 0; >>- >>- mUserInfo.CreateDateExist = FALSE; >>- mUserInfo.UsageDateExist = FALSE; >>- mUserInfo.UsageCount = 0; >>- >>- mUserInfo.AccessPolicyLen = 0; >>- mUserInfo.AccessPolicyModified = FALSE; >>- if (mUserInfo.AccessPolicy != NULL) { >>- FreePool (mUserInfo.AccessPolicy); >>- mUserInfo.AccessPolicy = NULL; >>- } >>- mUserInfo.IdentityPolicyLen = 0; >>- mUserInfo.IdentityPolicyModified = FALSE; >>- if (mUserInfo.IdentityPolicy != NULL) { >>- FreePool (mUserInfo.IdentityPolicy); >>- mUserInfo.IdentityPolicy = NULL; >>- } >>- >>- // >>- // Allocate user information memory. >>- // >>- MemSize = sizeof (EFI_USER_INFO) + 63; >>- Info = AllocateZeroPool (MemSize); >>- if (Info == NULL) { >>- return ; >>- } >>- >>- // >>- // Get each user information. >>- // >>- UserInfo = NULL; >>- while (TRUE) { >>- Status = mUserManager->GetNextInfo (mUserManager, mModifyUser, >>&UserInfo); >>- if (EFI_ERROR (Status)) { >>- break; >>- } >>- // >>- // Get information. >>- // >>- InfoSize = MemSize; >>- Status = mUserManager->GetInfo ( >>- mUserManager, >>- mModifyUser, >>- UserInfo, >>- Info, >>- &InfoSize >>- ); >>- if (Status == EFI_BUFFER_TOO_SMALL) { >>- MemSize = InfoSize; >>- FreePool (Info); >>- Info = AllocateZeroPool (MemSize); >>- if (Info == NULL) { >>- return ; >>- } >>- >>- Status = mUserManager->GetInfo ( >>- mUserManager, >>- mModifyUser, >>- UserInfo, >>- Info, >>- &InfoSize >>- ); >>- } >>- >>- if (Status == EFI_SUCCESS) { >>- // >>- // Deal with each information according to informaiton type. >>- // >>- DataLen = Info->InfoSize - sizeof (EFI_USER_INFO); >>- switch (Info->InfoType) { >>- case EFI_USER_INFO_NAME_RECORD: >>- CopyMem (&mUserInfo.UserName, (UINT8 *) (Info + 1), DataLen); >>- break; >>- >>- case EFI_USER_INFO_CREATE_DATE_RECORD: >>- CopyMem (&mUserInfo.CreateDate, (UINT8 *) (Info + 1), DataLen); >>- mUserInfo.CreateDateExist = TRUE; >>- break; >>- >>- case EFI_USER_INFO_USAGE_DATE_RECORD: >>- CopyMem (&mUserInfo.UsageDate, (UINT8 *) (Info + 1), DataLen); >>- mUserInfo.UsageDateExist = TRUE; >>- break; >>- >>- case EFI_USER_INFO_USAGE_COUNT_RECORD: >>- CopyMem (&mUserInfo.UsageCount, (UINT8 *) (Info + 1), DataLen); >>- break; >>- >>- case EFI_USER_INFO_ACCESS_POLICY_RECORD: >>- mUserInfo.AccessPolicy = AllocateZeroPool (DataLen); >>- if (mUserInfo.AccessPolicy == NULL) { >>- break; >>- } >>- >>- CopyMem (mUserInfo.AccessPolicy, (UINT8 *) (Info + 1), DataLen); >>- mUserInfo.AccessPolicyLen = DataLen; >>- break; >>- >>- case EFI_USER_INFO_IDENTITY_POLICY_RECORD: >>- mUserInfo.IdentityPolicy = AllocateZeroPool (DataLen); >>- if (mUserInfo.IdentityPolicy == NULL) { >>- break; >>- } >>- >>- CopyMem (mUserInfo.IdentityPolicy, (UINT8 *) (Info + 1), DataLen); >>- mUserInfo.IdentityPolicyLen = DataLen; >>- break; >>- >>- default: >>- break; >>- } >>- } >>- } >>- FreePool (Info); >>-} >>- >>- >>-/** >>- Convert the Date to a string, and update the Hii database DateID string >with >>it. >>- >>- @param[in] Date Points to the date to be converted. >>- @param[in] DateId String ID in the HII database to be replaced. >>- >>-**/ >>-VOID >>-ResolveDate ( >>- IN EFI_TIME *Date, >>- IN EFI_STRING_ID DateId >>- ) >>-{ >>- CHAR16 *Str; >>- UINTN DateBufLen; >>- >>- // >>- // Convert date to string. >>- // >>- DateBufLen = 64; >>- Str = AllocateZeroPool (DateBufLen); >>- if (Str == NULL) { >>- return ; >>- } >>- >>- UnicodeSPrint ( >>- Str, >>- DateBufLen, >>- L"%4d-%2d-%2d ", >>- Date->Year, >>- Date->Month, >>- Date->Day >>- ); >>- >>- // >>- // Convert time to string. >>- // >>- DateBufLen -= StrLen (Str); >>- UnicodeSPrint ( >>- Str + StrLen (Str), >>- DateBufLen, >>- L"%2d:%2d:%2d", >>- Date->Hour, >>- Date->Minute, >>- Date->Second >>- ); >>- >>- HiiSetString (mCallbackInfo->HiiHandle, DateId, Str, NULL); >>- FreePool (Str); >>-} >>- >>- >>-/** >>- Convert the CountVal to a string, and update the Hii database CountId >string >>- with it. >>- >>- @param[in] CountVal The hex value to convert. >>- @param[in] CountId String ID in the HII database to be replaced. >>- >>-**/ >>-VOID >>-ResolveCount ( >>- IN UINT32 CountVal, >>- IN EFI_STRING_ID CountId >>- ) >>-{ >>- CHAR16 Count[10]; >>- >>- UnicodeSPrint (Count, 20, L"%d", CountVal); >>- HiiSetString (mCallbackInfo->HiiHandle, CountId, Count, NULL); >>-} >>- >>- >>-/** >>- Concatenates one Null-terminated Unicode string to another Null- >>terminated >>- Unicode string. >>- >>- @param[in, out] Source1 On entry, point to a Null-terminated Unicode >>string. >>- On exit, point to a new concatenated Unicode string >>- @param[in] Source2 Pointer to a Null-terminated Unicode string. >>- >>-**/ >>-VOID >>-AddStr ( >>- IN OUT CHAR16 **Source1, >>- IN CONST CHAR16 *Source2 >>- ) >>-{ >>- CHAR16 *TmpStr; >>- UINTN StrLength; >>- >>- ASSERT (Source1 != NULL); >>- ASSERT (Source2 != NULL); >>- >>- if (*Source1 == NULL) { >>- StrLength = StrSize (Source2); >>- } else { >>- StrLength = StrSize (*Source1); >>- StrLength += StrSize (Source2) - 2; >>- } >>- >>- TmpStr = AllocateZeroPool (StrLength); >>- ASSERT (TmpStr != NULL); >>- >>- if (*Source1 == NULL) { >>- StrCpyS (TmpStr, StrLength / sizeof (CHAR16), Source2); >>- } else { >>- StrCpyS (TmpStr, StrLength / sizeof (CHAR16), *Source1); >>- FreePool (*Source1); >>- StrCatS (TmpStr, StrLength / sizeof (CHAR16),Source2); >>- } >>- >>- *Source1 = TmpStr; >>-} >>- >>- >>-/** >>- Convert the identity policy to a unicode string and update the Hii database >>- IpStringId string with it. >>- >>- @param[in] Ip Points to identity policy. >>- @param[in] IpLen The identity policy length. >>- @param[in] IpStringId String ID in the HII database to be replaced. >>- >>-**/ >>-VOID >>-ResolveIdentityPolicy ( >>- IN UINT8 *Ip, >>- IN UINTN IpLen, >>- IN EFI_STRING_ID IpStringId >>- ) >>-{ >>- CHAR16 *TmpStr; >>- UINTN ChkLen; >>- EFI_USER_INFO_IDENTITY_POLICY *Identity; >>- UINT16 Index; >>- CHAR16 *ProvStr; >>- EFI_STRING_ID ProvId; >>- EFI_HII_HANDLE HiiHandle; >>- EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential; >>- >>- TmpStr = NULL; >>- >>- // >>- // Resolve each policy. >>- // >>- ChkLen = 0; >>- while (ChkLen < IpLen) { >>- Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (Ip + ChkLen); >>- switch (Identity->Type) { >>- case EFI_USER_INFO_IDENTITY_FALSE: >>- AddStr (&TmpStr, L"False"); >>- break; >>- >>- case EFI_USER_INFO_IDENTITY_TRUE: >>- AddStr (&TmpStr, L"None"); >>- break; >>- >>- case EFI_USER_INFO_IDENTITY_NOT: >>- AddStr (&TmpStr, L"! "); >>- break; >>- >>- case EFI_USER_INFO_IDENTITY_AND: >>- AddStr (&TmpStr, L" && "); >>- break; >>- >>- case EFI_USER_INFO_IDENTITY_OR: >>- AddStr (&TmpStr, L" || "); >>- break; >>- >>- case EFI_USER_INFO_IDENTITY_CREDENTIAL_TYPE: >>- for (Index = 0; Index < mProviderInfo->Count; Index++) { >>- UserCredential = mProviderInfo->Provider[Index]; >>- if (CompareGuid ((EFI_GUID *) (Identity + 1), &UserCredential->Type)) >{ >>- UserCredential->Title ( >>- UserCredential, >>- &HiiHandle, >>- &ProvId >>- ); >>- ProvStr = HiiGetString (HiiHandle, ProvId, NULL); >>- if (ProvStr != NULL) { >>- AddStr (&TmpStr, ProvStr); >>- FreePool (ProvStr); >>- } >>- break; >>- } >>- } >>- break; >>- >>- case EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER: >>- for (Index = 0; Index < mProviderInfo->Count; Index++) { >>- UserCredential = mProviderInfo->Provider[Index]; >>- if (CompareGuid ((EFI_GUID *) (Identity + 1), &UserCredential- >>>Identifier)) { >>- UserCredential->Title ( >>- UserCredential, >>- &HiiHandle, >>- &ProvId >>- ); >>- ProvStr = HiiGetString (HiiHandle, ProvId, NULL); >>- if (ProvStr != NULL) { >>- AddStr (&TmpStr, ProvStr); >>- FreePool (ProvStr); >>- } >>- break; >>- } >>- } >>- break; >>- } >>- >>- ChkLen += Identity->Length; >>- } >>- >>- if (TmpStr != NULL) { >>- HiiSetString (mCallbackInfo->HiiHandle, IpStringId, TmpStr, NULL); >>- FreePool (TmpStr); >>- } >>-} >>- >>- >>-/** >>- Display modify user information form. >>- >>- This form displays, username, create Date, usage date, usage count, >identity >>policy, >>- and access policy. >>- >>- @param[in] UserIndex The index of the user in display list to modify. >>- >>-**/ >>-VOID >>-ModifyUserInfo ( >>- IN UINT8 UserIndex >>- ) >>-{ >>- EFI_STATUS Status; >>- EFI_USER_PROFILE_HANDLE CurrentUser; >>- UINT32 CurrentAccessRight; >>- VOID *StartOpCodeHandle; >>- VOID *EndOpCodeHandle; >>- EFI_IFR_GUID_LABEL *StartLabel; >>- EFI_IFR_GUID_LABEL *EndLabel; >>- >>- // >>- // Initialize the container for dynamic opcodes. >>- // >>- StartOpCodeHandle = HiiAllocateOpCodeHandle (); >>- ASSERT (StartOpCodeHandle != NULL); >>- >>- EndOpCodeHandle = HiiAllocateOpCodeHandle (); >>- ASSERT (EndOpCodeHandle != NULL); >>- >>- // >>- // Create Hii Extend Label OpCode. >>- // >>- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >>- StartOpCodeHandle, >>- &gEfiIfrTianoGuid, >>- NULL, >>- sizeof (EFI_IFR_GUID_LABEL) >>- ); >>- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >>- StartLabel->Number = LABEL_USER_INFO_FUNC; >>- >>- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >>- EndOpCodeHandle, >>- &gEfiIfrTianoGuid, >>- NULL, >>- sizeof (EFI_IFR_GUID_LABEL) >>- ); >>- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >>- EndLabel->Number = LABEL_END; >>- >>- // >>- // Find the user profile to be modified. >>- // >>- mModifyUser = NULL; >>- Status = mUserManager->GetNext (mUserManager, &mModifyUser); >>- if (EFI_ERROR (Status)) { >>- return ; >>- } >>- >>- while (UserIndex > 1) { >>- Status = mUserManager->GetNext (mUserManager, &mModifyUser); >>- if (EFI_ERROR (Status)) { >>- return ; >>- } >>- UserIndex--; >>- } >>- >>- // >>- // Get user profile information. >>- // >>- GetAllUserInfo (); >>- >>- // >>- // Update user name. >>- HiiSetString ( >>- mCallbackInfo->HiiHandle, >>- STRING_TOKEN (STR_USER_NAME_VAL), >>- mUserInfo.UserName, >>- NULL >>- ); >>- >>- // >>- // Update create date. >>- // >>- if (mUserInfo.CreateDateExist) { >>- ResolveDate (&mUserInfo.CreateDate, STRING_TOKEN >>(STR_CREATE_DATE_VAL)); >>- } else { >>- HiiSetString ( >>- mCallbackInfo->HiiHandle, >>- STRING_TOKEN (STR_CREATE_DATE_VAL), >>- L"", >>- NULL >>- ); >>- } >>- >>- // >>- // Add usage date. >>- // >>- if (mUserInfo.UsageDateExist) { >>- ResolveDate (&mUserInfo.UsageDate, STRING_TOKEN >>(STR_USAGE_DATE_VAL)); >>- } else { >>- HiiSetString ( >>- mCallbackInfo->HiiHandle, >>- STRING_TOKEN (STR_USAGE_DATE_VAL), >>- L"", >>- NULL >>- ); >>- } >>- >>- // >>- // Add usage count. >>- // >>- ResolveCount ((UINT32) mUserInfo.UsageCount, STRING_TOKEN >>(STR_USAGE_COUNT_VAL)); >>- >>- // >>- // Add identity policy. >>- // >>- mUserManager->Current (mUserManager, &CurrentUser); >>- if (mModifyUser == CurrentUser) { >>- ResolveIdentityPolicy ( >>- mUserInfo.IdentityPolicy, >>- mUserInfo.IdentityPolicyLen, >>- STRING_TOKEN (STR_IDENTIFY_POLICY_VAL) >>- ); >>- HiiCreateGotoOpCode ( >>- StartOpCodeHandle, // Container for opcodes >>- FORMID_MODIFY_IP, // Target Form ID >>- STRING_TOKEN (STR_IDENTIFY_POLICY), // Prompt text >>- STRING_TOKEN (STR_IDENTIFY_POLICY_VAL), // Help text >>- EFI_IFR_FLAG_CALLBACK, // Question flag >>- KEY_MODIFY_USER | KEY_SELECT_USER | KEY_MODIFY_IP // Question >>ID >>- ); >>- } >>- >>- // >>- // Add access policy. >>- // >>- Status = GetAccessRight (&CurrentAccessRight); >>- if (EFI_ERROR (Status)) { >>- CurrentAccessRight = EFI_USER_INFO_ACCESS_ENROLL_SELF; >>- } >>- >>- if (CurrentAccessRight == EFI_USER_INFO_ACCESS_MANAGE) { >>- HiiCreateGotoOpCode ( >>- StartOpCodeHandle, // Container for opcodes >>- FORMID_MODIFY_AP, // Target Form ID >>- STRING_TOKEN (STR_ACCESS_POLICY), // Prompt text >>- STRING_TOKEN (STR_NULL_STRING), // Help text >>- EFI_IFR_FLAG_CALLBACK, // Question flag >>- KEY_MODIFY_USER | KEY_SELECT_USER | KEY_MODIFY_AP // Question >>ID >>- ); >>- } >>- >>- HiiUpdateForm ( >>- mCallbackInfo->HiiHandle, // HII handle >>- &gUserProfileManagerGuid, // Formset GUID >>- FORMID_USER_INFO, // Form ID >>- StartOpCodeHandle, // Label >>- EndOpCodeHandle // Replace data >>- ); >>- >>- HiiFreeOpCodeHandle (StartOpCodeHandle); >>- HiiFreeOpCodeHandle (EndOpCodeHandle); >>-} >>- >>- >>-/** >>- Get all the access policy info from current user info, and save in the global >>- variable. >>- >>-**/ >>-VOID >>-ResolveAccessPolicy ( >>- VOID >>- ) >>-{ >>- UINTN OffSet; >>- EFI_USER_INFO_ACCESS_CONTROL Control; >>- UINTN ValLen; >>- UINT8 *AccessData; >>- >>- // >>- // Set default value >>- // >>- mAccessInfo.AccessRight = EFI_USER_INFO_ACCESS_ENROLL_SELF; >>- mAccessInfo.AccessSetup = ACCESS_SETUP_RESTRICTED; >>- mAccessInfo.AccessBootOrder = >>EFI_USER_INFO_ACCESS_BOOT_ORDER_INSERT; >>- >>- mAccessInfo.LoadPermitLen = 0; >>- mAccessInfo.LoadForbidLen = 0; >>- mAccessInfo.ConnectPermitLen = 0; >>- mAccessInfo.ConnectForbidLen = 0; >>- >>- // >>- // Get each user access policy. >>- // >>- OffSet = 0; >>- while (OffSet < mUserInfo.AccessPolicyLen) { >>- CopyMem (&Control, mUserInfo.AccessPolicy + OffSet, sizeof (Control)); >>- ValLen = Control.Size - sizeof (Control); >>- switch (Control.Type) { >>- case EFI_USER_INFO_ACCESS_ENROLL_SELF: >>- mAccessInfo.AccessRight = EFI_USER_INFO_ACCESS_ENROLL_SELF; >>- break; >>- >>- case EFI_USER_INFO_ACCESS_ENROLL_OTHERS: >>- mAccessInfo.AccessRight = EFI_USER_INFO_ACCESS_ENROLL_OTHERS; >>- break; >>- >>- case EFI_USER_INFO_ACCESS_MANAGE: >>- mAccessInfo.AccessRight = EFI_USER_INFO_ACCESS_MANAGE; >>- break; >>- >>- case EFI_USER_INFO_ACCESS_SETUP: >>- AccessData = mUserInfo.AccessPolicy + OffSet + sizeof (Control); >>- if (CompareGuid ((EFI_GUID *) AccessData, >>&gEfiUserInfoAccessSetupNormalGuid)) { >>- mAccessInfo.AccessSetup = ACCESS_SETUP_NORMAL; >>- } else if (CompareGuid ((EFI_GUID *) AccessData, >>&gEfiUserInfoAccessSetupRestrictedGuid)) { >>- mAccessInfo.AccessSetup = ACCESS_SETUP_RESTRICTED; >>- } else if (CompareGuid ((EFI_GUID *) AccessData, >>&gEfiUserInfoAccessSetupAdminGuid)) { >>- mAccessInfo.AccessSetup = ACCESS_SETUP_ADMIN; >>- } >>- break; >>- >>- case EFI_USER_INFO_ACCESS_BOOT_ORDER: >>- AccessData = mUserInfo.AccessPolicy + OffSet + sizeof (Control); >>- CopyMem (&mAccessInfo.AccessBootOrder, AccessData, sizeof >(UINT32)); >>- break; >>- >>- case EFI_USER_INFO_ACCESS_FORBID_LOAD: >>- if (mAccessInfo.LoadForbid != NULL) { >>- FreePool (mAccessInfo.LoadForbid); >>- } >>- >>- mAccessInfo.LoadForbid = AllocateZeroPool (ValLen); >>- if (mAccessInfo.LoadForbid != NULL) { >>- AccessData = mUserInfo.AccessPolicy + OffSet + sizeof (Control); >>- CopyMem (mAccessInfo.LoadForbid, AccessData, ValLen); >>- mAccessInfo.LoadForbidLen = ValLen; >>- } >>- break; >>- >>- case EFI_USER_INFO_ACCESS_PERMIT_LOAD: >>- if (mAccessInfo.LoadPermit != NULL) { >>- FreePool (mAccessInfo.LoadPermit); >>- } >>- >>- mAccessInfo.LoadPermit = AllocateZeroPool (ValLen); >>- if (mAccessInfo.LoadPermit != NULL) { >>- AccessData = mUserInfo.AccessPolicy + OffSet + sizeof (Control); >>- CopyMem (mAccessInfo.LoadPermit, AccessData, ValLen); >>- mAccessInfo.LoadPermitLen = ValLen; >>- } >>- break; >>- >>- case EFI_USER_INFO_ACCESS_FORBID_CONNECT: >>- if (mAccessInfo.ConnectForbid != NULL) { >>- FreePool (mAccessInfo.ConnectForbid); >>- } >>- >>- mAccessInfo.ConnectForbid = AllocateZeroPool (ValLen); >>- if (mAccessInfo.ConnectForbid != NULL) { >>- AccessData = mUserInfo.AccessPolicy + OffSet + sizeof (Control); >>- CopyMem (mAccessInfo.ConnectForbid, AccessData, ValLen); >>- mAccessInfo.ConnectForbidLen = ValLen; >>- } >>- break; >>- >>- case EFI_USER_INFO_ACCESS_PERMIT_CONNECT: >>- if (mAccessInfo.ConnectPermit != NULL) { >>- FreePool (mAccessInfo.ConnectPermit); >>- } >>- >>- mAccessInfo.ConnectPermit = AllocateZeroPool (ValLen); >>- if (mAccessInfo.ConnectPermit != NULL) { >>- AccessData = mUserInfo.AccessPolicy + OffSet + sizeof (Control); >>- CopyMem (mAccessInfo.ConnectPermit, AccessData, ValLen); >>- mAccessInfo.ConnectPermitLen = ValLen; >>- } >>- break; >>- } >>- >>- OffSet += Control.Size; >>- } >>-} >>- >>- >>-/** >>- Find the specified info in User profile by the InfoType. >>- >>- @param[in] User Handle of the user whose information will be >>searched. >>- @param[in] InfoType The user information type to find. >>- @param[out] UserInfo Points to user information handle found. >>- >>- @retval EFI_SUCCESS Find the user information successfully. >>- @retval Others Fail to find the user information. >>- >>-**/ >>-EFI_STATUS >>-FindInfoByType ( >>- IN EFI_USER_PROFILE_HANDLE User, >>- IN UINT8 InfoType, >>- OUT EFI_USER_INFO_HANDLE *UserInfo >>- ) >>-{ >>- EFI_STATUS Status; >>- EFI_USER_INFO *Info; >>- UINTN InfoSize; >>- UINTN MemSize; >>- >>- if (UserInfo == NULL) { >>- return EFI_INVALID_PARAMETER; >>- } >>- >>- *UserInfo = NULL; >>- // >>- // Allocate user information memory. >>- // >>- MemSize = sizeof (EFI_USER_INFO) + 63; >>- Info = AllocateZeroPool (MemSize); >>- if (Info == NULL) { >>- return EFI_OUT_OF_RESOURCES; >>- } >>- >>- // >>- // Get each user information. >>- // >>- while (TRUE) { >>- Status = mUserManager->GetNextInfo (mUserManager, User, UserInfo); >>- if (EFI_ERROR (Status)) { >>- break; >>- } >>- // >>- // Get information. >>- // >>- InfoSize = MemSize; >>- Status = mUserManager->GetInfo ( >>- mUserManager, >>- User, >>- *UserInfo, >>- Info, >>- &InfoSize >>- ); >>- if (Status == EFI_BUFFER_TOO_SMALL) { >>- MemSize = InfoSize; >>- FreePool (Info); >>- Info = AllocateZeroPool (MemSize); >>- if (Info == NULL) { >>- return EFI_OUT_OF_RESOURCES; >>- } >>- Status = mUserManager->GetInfo ( >>- mUserManager, >>- User, >>- *UserInfo, >>- Info, >>- &InfoSize >>- ); >>- } >>- if (Status == EFI_SUCCESS) { >>- if (Info->InfoType == InfoType) { >>- break; >>- } >>- } >>- } >>- >>- FreePool (Info); >>- return Status; >>-} >>- >>- >>-/** >>- Display modify user access policy form. >>- >>- In this form, access right, access setup and access boot order are >dynamically >>- added. Load devicepath and connect devicepath are displayed too. >>- >>-**/ >>-VOID >>-ModidyAccessPolicy ( >>- VOID >>- ) >>-{ >>- VOID *StartOpCodeHandle; >>- VOID *EndOpCodeHandle; >>- VOID *OptionsOpCodeHandle; >>- EFI_IFR_GUID_LABEL *StartLabel; >>- EFI_IFR_GUID_LABEL *EndLabel; >>- VOID *DefaultOpCodeHandle; >>- >>- // >>- // Initialize the container for dynamic opcodes. >>- // >>- StartOpCodeHandle = HiiAllocateOpCodeHandle (); >>- ASSERT (StartOpCodeHandle != NULL); >>- >>- EndOpCodeHandle = HiiAllocateOpCodeHandle (); >>- ASSERT (EndOpCodeHandle != NULL); >>- >>- // >>- // Create Hii Extend Label OpCode. >>- // >>- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >>- StartOpCodeHandle, >>- &gEfiIfrTianoGuid, >>- NULL, >>- sizeof (EFI_IFR_GUID_LABEL) >>- ); >>- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >>- StartLabel->Number = LABEL_AP_MOD_FUNC; >>- >>- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >>- EndOpCodeHandle, >>- &gEfiIfrTianoGuid, >>- NULL, >>- sizeof (EFI_IFR_GUID_LABEL) >>- ); >>- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >>- EndLabel->Number = LABEL_END; >>- >>- >>- // >>- // Resolve access policy information. >>- // >>- ResolveAccessPolicy (); >>- >>- // >>- // Add access right one-of-code. >>- // >>- OptionsOpCodeHandle = HiiAllocateOpCodeHandle (); >>- ASSERT (OptionsOpCodeHandle != NULL); >>- DefaultOpCodeHandle = HiiAllocateOpCodeHandle (); >>- ASSERT (DefaultOpCodeHandle != NULL); >>- >>- HiiCreateOneOfOptionOpCode ( >>- OptionsOpCodeHandle, >>- STRING_TOKEN (STR_NORMAL), >>- 0, >>- EFI_IFR_NUMERIC_SIZE_1, >>- EFI_USER_INFO_ACCESS_ENROLL_SELF >>- ); >>- >>- HiiCreateOneOfOptionOpCode ( >>- OptionsOpCodeHandle, >>- STRING_TOKEN (STR_ENROLL), >>- 0, >>- EFI_IFR_NUMERIC_SIZE_1, >>- EFI_USER_INFO_ACCESS_ENROLL_OTHERS >>- ); >>- >>- HiiCreateOneOfOptionOpCode ( >>- OptionsOpCodeHandle, >>- STRING_TOKEN (STR_MANAGE), >>- 0, >>- EFI_IFR_NUMERIC_SIZE_1, >>- EFI_USER_INFO_ACCESS_MANAGE >>- ); >>- >>- HiiCreateDefaultOpCode ( >>- DefaultOpCodeHandle, >>- EFI_HII_DEFAULT_CLASS_STANDARD, >>- EFI_IFR_NUMERIC_SIZE_1, >>- mAccessInfo.AccessRight >>- ); >>- >>- HiiCreateOneOfOpCode ( >>- StartOpCodeHandle, // Container for dynamic created opcodes >>- KEY_MODIFY_USER | KEY_SELECT_USER | KEY_MODIFY_AP | >>KEY_MODIFY_RIGHT, // Question ID >>- 0, // VarStore ID >>- 0, // Offset in Buffer Storage >>- STRING_TOKEN (STR_ACCESS_RIGHT), // Question prompt text >>- STRING_TOKEN (STR_ACCESS_RIGHT_HELP), // Question help text >>- EFI_IFR_FLAG_CALLBACK, // Question flag >>- EFI_IFR_NUMERIC_SIZE_1, // Data type of Question Value >>- OptionsOpCodeHandle, // Option Opcode list >>- DefaultOpCodeHandle // Default Opcode >>- ); >>- HiiFreeOpCodeHandle (DefaultOpCodeHandle); >>- HiiFreeOpCodeHandle (OptionsOpCodeHandle); >>- >>- >>- // >>- // Add setup type one-of-code. >>- // >>- OptionsOpCodeHandle = HiiAllocateOpCodeHandle (); >>- ASSERT (OptionsOpCodeHandle != NULL); >>- DefaultOpCodeHandle = HiiAllocateOpCodeHandle (); >>- ASSERT (DefaultOpCodeHandle != NULL); >>- >>- HiiCreateOneOfOptionOpCode ( >>- OptionsOpCodeHandle, >>- STRING_TOKEN (STR_RESTRICTED), >>- 0, >>- EFI_IFR_NUMERIC_SIZE_1, >>- ACCESS_SETUP_RESTRICTED >>- ); >>- >>- HiiCreateOneOfOptionOpCode ( >>- OptionsOpCodeHandle, >>- STRING_TOKEN (STR_NORMAL), >>- 0, >>- EFI_IFR_NUMERIC_SIZE_1, >>- ACCESS_SETUP_NORMAL >>- ); >>- >>- HiiCreateOneOfOptionOpCode ( >>- OptionsOpCodeHandle, >>- STRING_TOKEN (STR_ADMIN), >>- 0, >>- EFI_IFR_NUMERIC_SIZE_1, >>- ACCESS_SETUP_ADMIN >>- ); >>- >>- HiiCreateDefaultOpCode ( >>- DefaultOpCodeHandle, >>- EFI_HII_DEFAULT_CLASS_STANDARD, >>- EFI_IFR_NUMERIC_SIZE_1, >>- mAccessInfo.AccessSetup >>- ); >>- >>- HiiCreateOneOfOpCode ( >>- StartOpCodeHandle, // Container for dynamic created opcodes >>- KEY_MODIFY_USER | KEY_SELECT_USER | KEY_MODIFY_AP | >>KEY_MODIFY_SETUP, // Question ID >>- 0, // VarStore ID >>- 0, // Offset in Buffer Storage >>- STRING_TOKEN (STR_ACCESS_SETUP), // Question prompt text >>- STRING_TOKEN (STR_ACCESS_SETUP_HELP), // Question help text >>- EFI_IFR_FLAG_CALLBACK, // Question flag >>- EFI_IFR_NUMERIC_SIZE_1, // Data type of Question Value >>- OptionsOpCodeHandle, // Option Opcode list >>- DefaultOpCodeHandle // Default Opcode >>- ); >>- HiiFreeOpCodeHandle (DefaultOpCodeHandle); >>- HiiFreeOpCodeHandle (OptionsOpCodeHandle); >>- >>- // >>- // Add boot order one-of-code. >>- // >>- OptionsOpCodeHandle = HiiAllocateOpCodeHandle (); >>- ASSERT (OptionsOpCodeHandle != NULL); >>- DefaultOpCodeHandle = HiiAllocateOpCodeHandle (); >>- ASSERT (DefaultOpCodeHandle != NULL); >>- >>- HiiCreateOneOfOptionOpCode ( >>- OptionsOpCodeHandle, >>- STRING_TOKEN (STR_INSERT), >>- 0, >>- EFI_IFR_NUMERIC_SIZE_4, >>- EFI_USER_INFO_ACCESS_BOOT_ORDER_INSERT >>- ); >>- >>- HiiCreateOneOfOptionOpCode ( >>- OptionsOpCodeHandle, >>- STRING_TOKEN (STR_APPEND), >>- 0, >>- EFI_IFR_NUMERIC_SIZE_4, >>- EFI_USER_INFO_ACCESS_BOOT_ORDER_APPEND >>- ); >>- >>- HiiCreateOneOfOptionOpCode ( >>- OptionsOpCodeHandle, >>- STRING_TOKEN (STR_REPLACE), >>- 0, >>- EFI_IFR_NUMERIC_SIZE_4, >>- EFI_USER_INFO_ACCESS_BOOT_ORDER_REPLACE >>- ); >>- >>- HiiCreateOneOfOptionOpCode ( >>- OptionsOpCodeHandle, >>- STRING_TOKEN (STR_NODEFAULT), >>- 0, >>- EFI_IFR_NUMERIC_SIZE_4, >>- EFI_USER_INFO_ACCESS_BOOT_ORDER_NODEFAULT >>- ); >>- >>- HiiCreateDefaultOpCode ( >>- DefaultOpCodeHandle, >>- EFI_HII_DEFAULT_CLASS_STANDARD, >>- EFI_IFR_NUMERIC_SIZE_4, >>- mAccessInfo.AccessBootOrder >>- ); >>- >>- HiiCreateOneOfOpCode ( >>- StartOpCodeHandle, // Container for dynamic created opcodes >>- KEY_MODIFY_USER | KEY_SELECT_USER | KEY_MODIFY_AP | >>KEY_MODIFY_BOOT, // Question ID >>- 0, // VarStore ID >>- 0, // Offset in Buffer Storage >>- STRING_TOKEN (STR_BOOR_ORDER), // Question prompt text >>- STRING_TOKEN (STR_BOOT_ORDER_HELP), // Question help text >>- EFI_IFR_FLAG_CALLBACK, // Question flag >>- EFI_IFR_NUMERIC_SIZE_1, // Data type of Question Value >>- OptionsOpCodeHandle, // Option Opcode list >>- DefaultOpCodeHandle // Default Opcode >>- ); >>- HiiFreeOpCodeHandle (DefaultOpCodeHandle); >>- HiiFreeOpCodeHandle (OptionsOpCodeHandle); >>- >>- // >>- // Update Form. >>- // >>- HiiUpdateForm ( >>- mCallbackInfo->HiiHandle, // HII handle >>- &gUserProfileManagerGuid, // Formset GUID >>- FORMID_MODIFY_AP, // Form ID >>- StartOpCodeHandle, // Label for where to insert opcodes >>- EndOpCodeHandle // Replace data >>- ); >>- >>- HiiFreeOpCodeHandle (StartOpCodeHandle); >>- HiiFreeOpCodeHandle (EndOpCodeHandle); >>-} >>- >>- >>-/** >>- Expand access policy memory size. >>- >>- @param[in] ValidLen The valid access policy length. >>- @param[in] ExpandLen The length that is needed to expand. >>- >>-**/ >>-VOID >>-ExpandMemory ( >>- IN UINTN ValidLen, >>- IN UINTN ExpandLen >>- ) >>-{ >>- UINT8 *Mem; >>- UINTN Len; >>- >>- // >>- // Expand memory. >>- // >>- Len = mUserInfo.AccessPolicyLen + (ExpandLen / 64 + 1) * 64; >>- Mem = AllocateZeroPool (Len); >>- ASSERT (Mem != NULL); >>- >>- if (mUserInfo.AccessPolicy != NULL) { >>- CopyMem (Mem, mUserInfo.AccessPolicy, ValidLen); >>- FreePool (mUserInfo.AccessPolicy); >>- } >>- >>- mUserInfo.AccessPolicy = Mem; >>- mUserInfo.AccessPolicyLen = Len; >>-} >>- >>- >>-/** >>- Get the username from user input, and update username string in the Hii >>- database with it. >>- >>-**/ >>-VOID >>-ModifyUserName ( >>- VOID >>- ) >>-{ >>- EFI_STATUS Status; >>- CHAR16 UserName[USER_NAME_LENGTH]; >>- UINTN Len; >>- EFI_INPUT_KEY Key; >>- EFI_USER_INFO_HANDLE UserInfo; >>- EFI_USER_INFO *Info; >>- EFI_USER_PROFILE_HANDLE TempUser; >>- >>- // >>- // Get the new user name. >>- // >>- Len = sizeof (UserName); >>- Status = GetUserNameInput (&Len, UserName); >>- if (EFI_ERROR (Status)) { >>- if (Status != EFI_ABORTED) { >>- CreatePopUp ( >>- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >>- &Key, >>- L"Failed To Get User Name.", >>- L"", >>- L"Please Press Any Key to Continue ...", >>- NULL >>- ); >>- } >>- return ; >>- } >>- >>- // >>- // Check whether the username had been used or not. >>- // >>- Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + Len); >>- if (Info == NULL) { >>- return ; >>- } >>- >>- Info->InfoType = EFI_USER_INFO_NAME_RECORD; >>- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | >>- EFI_USER_INFO_PUBLIC | >>- EFI_USER_INFO_EXCLUSIVE; >>- Info->InfoSize = (UINT32) (sizeof (EFI_USER_INFO) + Len); >>- CopyMem ((UINT8 *) (Info + 1), UserName, Len); >>- >>- TempUser = NULL; >>- Status = mUserManager->Find ( >>- mUserManager, >>- &TempUser, >>- NULL, >>- Info, >>- Info->InfoSize >>- ); >>- if (!EFI_ERROR (Status)) { >>- CreatePopUp ( >>- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, >>- &Key, >>- L"The User Name Had Been Used.", >>- L"", >>- L"Please Use Other User Name", >>- NULL >>- ); >>- FreePool (Info); >>- return ; >>- } >>- >>- // >>- // Update username display in the form. >>- // >>- CopyMem (mUserInfo.UserName, UserName, Len); >>- HiiSetString ( >>- mCallbackInfo->HiiHandle, >>- STRING_TOKEN (STR_USER_NAME_VAL), >>- mUserInfo.UserName, >>- NULL >>- ); >>- >>- // >>- // Save the user name. >>- // >>- Status = FindInfoByType (mModifyUser, EFI_USER_INFO_NAME_RECORD, >>&UserInfo); >>- if (!EFI_ERROR (Status)) { >>- mUserManager->SetInfo ( >>- mUserManager, >>- mModifyUser, >>- &UserInfo, >>- Info, >>- Info->InfoSize >>- ); >>- } >>- FreePool (Info); >>-} >>- >>- >>-/** >>- Display the form of the modifying user identity policy. >>- >>-**/ >>-VOID >>-ModifyIdentityPolicy ( >>- VOID >>- ) >>-{ >>- UINTN Index; >>- CHAR16 *ProvStr; >>- EFI_STRING_ID ProvID; >>- EFI_HII_HANDLE HiiHandle; >>- VOID *OptionsOpCodeHandle; >>- VOID *StartOpCodeHandle; >>- VOID *EndOpCodeHandle; >>- EFI_IFR_GUID_LABEL *StartLabel; >>- EFI_IFR_GUID_LABEL *EndLabel; >>- >>- // >>- // Initialize the container for dynamic opcodes. >>- // >>- StartOpCodeHandle = HiiAllocateOpCodeHandle (); >>- ASSERT (StartOpCodeHandle != NULL); >>- >>- EndOpCodeHandle = HiiAllocateOpCodeHandle (); >>- ASSERT (EndOpCodeHandle != NULL); >>- >>- // >>- // Create Hii Extend Label OpCode. >>- // >>- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >>- StartOpCodeHandle, >>- &gEfiIfrTianoGuid, >>- NULL, >>- sizeof (EFI_IFR_GUID_LABEL) >>- ); >>- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >>- StartLabel->Number = LABEL_IP_MOD_FUNC; >>- >>- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( >>- EndOpCodeHandle, >>- &gEfiIfrTianoGuid, >>- NULL, >>- sizeof (EFI_IFR_GUID_LABEL) >>- ); >>- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; >>- EndLabel->Number = LABEL_END; >>- >>- // >>- // Add credential providers >>- //. >>- if (mProviderInfo->Count > 0) { >>- OptionsOpCodeHandle = HiiAllocateOpCodeHandle (); >>- ASSERT (OptionsOpCodeHandle != NULL); >>- >>- // >>- // Add credential provider Option OpCode. >>- // >>- for (Index = 0; Index < mProviderInfo->Count; Index++) { >>- mProviderInfo->Provider[Index]->Title ( >>- mProviderInfo->Provider[Index], >>- &HiiHandle, >>- &ProvID >>- ); >>- ProvStr = HiiGetString (HiiHandle, ProvID, NULL); >>- ProvID = HiiSetString (mCallbackInfo->HiiHandle, 0, ProvStr, NULL); >>- FreePool (ProvStr); >>- if (ProvID == 0) { >>- return ; >>- } >>- >>- HiiCreateOneOfOptionOpCode ( >>- OptionsOpCodeHandle, >>- ProvID, >>- 0, >>- EFI_IFR_NUMERIC_SIZE_1, >>- (UINT8) Index >>- ); >>- } >>- >>- HiiCreateOneOfOpCode ( >>- StartOpCodeHandle, // Container for dynamic created opcodes >>- KEY_MODIFY_USER | KEY_SELECT_USER | KEY_MODIFY_IP | >>KEY_MODIFY_PROV, // Question ID >>- 0, // VarStore ID >>- 0, // Offset in Buffer Storage >>- STRING_TOKEN (STR_PROVIDER), // Question prompt text >>- STRING_TOKEN (STR_PROVIDER_HELP), // Question help text >>- EFI_IFR_FLAG_CALLBACK, // Question flag >>- EFI_IFR_NUMERIC_SIZE_1, // Data type of Question Value >>- OptionsOpCodeHandle, // Option Opcode list >>- NULL // Default Opcode is NULl >>- ); >>- >>- HiiFreeOpCodeHandle (OptionsOpCodeHandle); >>- } >>- >>- // >>- // Add logical connector Option OpCode. >>- // >>- OptionsOpCodeHandle = HiiAllocateOpCodeHandle (); >>- ASSERT (OptionsOpCodeHandle != NULL); >>- >>- HiiCreateOneOfOptionOpCode ( >>- OptionsOpCodeHandle, >>- STRING_TOKEN (STR_AND_CON), >>- 0, >>- EFI_IFR_NUMERIC_SIZE_1, >>- 0 >>- ); >>- >>- HiiCreateOneOfOptionOpCode ( >>- OptionsOpCodeHandle, >>- STRING_TOKEN (STR_OR_CON), >>- 0, >>- EFI_IFR_NUMERIC_SIZE_1, >>- 1 >>- ); >>- >>- HiiCreateOneOfOpCode ( >>- StartOpCodeHandle, // Container for dynamic created opcodes >>- KEY_MODIFY_USER | KEY_SELECT_USER | KEY_MODIFY_IP | >>KEY_MODIFY_CONN, // Question ID >>- 0, // VarStore ID >>- 0, // Offset in Buffer Storage >>- STRING_TOKEN (STR_CONNECTOR), // Question prompt text >>- STRING_TOKEN (STR_CONNECTOR_HELP), // Question help text >>- EFI_IFR_FLAG_CALLBACK, // Question flag >>- EFI_IFR_NUMERIC_SIZE_1, // Data type of Question Value >>- OptionsOpCodeHandle, // Option Opcode list >>- NULL // Default Opcode is NULl >>- ); >>- >>- HiiFreeOpCodeHandle (OptionsOpCodeHandle); >>- >>- // >>- // Update identity policy in the form. >>- // >>- ResolveIdentityPolicy ( >>- mUserInfo.IdentityPolicy, >>- mUserInfo.IdentityPolicyLen, >>- STRING_TOKEN (STR_IDENTIFY_POLICY_VALUE) >>- ); >>- >>- if (mUserInfo.NewIdentityPolicy != NULL) { >>- FreePool (mUserInfo.NewIdentityPolicy); >>- mUserInfo.NewIdentityPolicy = NULL; >>- mUserInfo.NewIdentityPolicyLen = 0; >>- mUserInfo.NewIdentityPolicyModified = FALSE; >>- } >>- mProviderChoice = 0; >>- mConncetLogical = 0; >>- >>- HiiUpdateForm ( >>- mCallbackInfo->HiiHandle, // HII handle >>- &gUserProfileManagerGuid, // Formset GUID >>- FORMID_MODIFY_IP, // Form ID >>- StartOpCodeHandle, // Label for where to insert opcodes >>- EndOpCodeHandle // Replace data >>- ); >>- >>- HiiFreeOpCodeHandle (StartOpCodeHandle); >>- HiiFreeOpCodeHandle (EndOpCodeHandle); >>-} >>- >>- >>-/** >>- Get current user's access right. >>- >>- @param[out] AccessRight Points to the buffer used for user's access right. >>- >>- @retval EFI_SUCCESS Get current user access right successfully. >>- @retval others Fail to get current user access right. >>- >>-**/ >>-EFI_STATUS >>-GetAccessRight ( >>- OUT UINT32 *AccessRight >>- ) >>-{ >>- EFI_STATUS Status; >>- EFI_USER_INFO_HANDLE UserInfo; >>- EFI_USER_INFO *Info; >>- UINTN InfoSize; >>- UINTN MemSize; >>- EFI_USER_INFO_ACCESS_CONTROL Access; >>- EFI_USER_PROFILE_HANDLE CurrentUser; >>- UINTN TotalLen; >>- UINTN CheckLen; >>- >>- // >>- // Allocate user information memory. >>- // >>- MemSize = sizeof (EFI_USER_INFO) + 63; >>- Info = AllocateZeroPool (MemSize); >>- if (Info == NULL) { >>- return EFI_OUT_OF_RESOURCES; >>- } >>- >>- // >>- // Get user access information. >>- // >>- UserInfo = NULL; >>- mUserManager->Current (mUserManager, &CurrentUser); >>- while (TRUE) { >>- InfoSize = MemSize; >>- // >>- // Get next user information. >>- // >>- Status = mUserManager->GetNextInfo (mUserManager, CurrentUser, >>&UserInfo); >>- if (EFI_ERROR (Status)) { >>- break; >>- } >>- >>- Status = mUserManager->GetInfo ( >>- mUserManager, >>- CurrentUser, >>- UserInfo, >>- Info, >>- &InfoSize >>- ); >>- if (Status == EFI_BUFFER_TOO_SMALL) { >>- MemSize = InfoSize; >>- FreePool (Info); >>- Info = AllocateZeroPool (MemSize); >>- if (Info == NULL) { >>- return EFI_OUT_OF_RESOURCES; >>- } >>- Status = mUserManager->GetInfo ( >>- mUserManager, >>- CurrentUser, >>- UserInfo, >>- Info, >>- &InfoSize >>- ); >>- } >>- if (EFI_ERROR (Status)) { >>- break; >>- } >>- >>- // >>- // Check user information. >>- // >>- if (Info->InfoType == EFI_USER_INFO_ACCESS_POLICY_RECORD) { >>- TotalLen = Info->InfoSize - sizeof (EFI_USER_INFO); >>- CheckLen = 0; >>- // >>- // Get specified access information. >>- // >>- while (CheckLen < TotalLen) { >>- CopyMem (&Access, (UINT8 *) (Info + 1) + CheckLen, sizeof (Access)); >>- if ((Access.Type == EFI_USER_INFO_ACCESS_ENROLL_SELF) || >>- (Access.Type == EFI_USER_INFO_ACCESS_ENROLL_OTHERS) || >>- (Access.Type == EFI_USER_INFO_ACCESS_MANAGE) >>- ) { >>- *AccessRight = Access.Type; >>- FreePool (Info); >>- return EFI_SUCCESS; >>- } >>- CheckLen += Access.Size; >>- } >>- } >>- } >>- FreePool (Info); >>- return EFI_NOT_FOUND; >>-} >>- >>-- >>2.16.2.windows.1 >> >>_______________________________________________ >>edk2-devel mailing list >>edk2-devel@lists.01.org >>https://lists.01.org/mailman/listinfo/edk2-devel ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-01-09 2:17 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2019-01-09 1:09 [PATCH] SecurityPkg: Remove code under UserIdentification folder chenche4 2019-01-09 1:38 ` Gao, Liming 2019-01-09 1:54 ` Chen, Chen A 2019-01-09 2:17 ` Gao, Liming
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox