sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add security package to repository.

Browse Source 
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12261 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
gdong1
2011-09-02 07:49:32 +00:00
parent 986d1dfb08
commit 0c18794ea4
102 changed files with 38487 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1422
SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProvider.c Normal file
View File

File diff suppressed because it is too large Load Diff

354
SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProvider.h Normal file
View File

@@ -0,0 +1,354 @@
/** @file
Password Credential Provider driver header file.
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef _PASSWORD_CREDENTIAL_PROVIDER_H_
#define _PASSWORD_CREDENTIAL_PROVIDER_H_
#include <Uefi.h>
#include <Guid/GlobalVariable.h>
#include <Guid/MdeModuleHii.h>
#include <Protocol/HiiConfigAccess.h>
#include <Protocol/UserCredential.h>
#include <Protocol/UserManager.h>
#include <Library/UefiRuntimeServicesTableLib.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/DevicePathLib.h>
#include <Library/DebugLib.h>
#include <Library/UefiLib.h>
#include <Library/PrintLib.h>
#include <Library/HiiLib.h>
#include <Library/BaseCryptLib.h>
#include "PwdCredentialProviderData.h"
extern UINT8 PwdCredentialProviderStrings[];
extern UINT8 PwdCredentialProviderVfrBin[];
#define PASSWORD_TABLE_INC 16
#define CREDENTIAL_LEN 20
//
// Password credential information.
//
typedef struct {
EFI_USER_INFO_IDENTIFIER UserId;
CHAR8 Password[CREDENTIAL_LEN];
} PASSWORD_INFO;
//
// Password credential table.
//
typedef struct {
UINTN Count;
UINTN MaxCount;
UINTN ValidIndex;
PASSWORD_INFO UserInfo[1];
} CREDENTIAL_TABLE;
//
// The user information on the password provider.
//
typedef struct {
UINTN Count;
EFI_USER_INFO *Info[1];
} PASSWORD_CREDENTIAL_INFO;
///
/// HII specific Vendor Device Path definition.
///
typedef struct {
VENDOR_DEVICE_PATH VendorDevicePath;
EFI_DEVICE_PATH_PROTOCOL End;
} HII_VENDOR_DEVICE_PATH;
#define PWD_PROVIDER_SIGNATURE SIGNATURE_32 ('P', 'W', 'D', 'P')
typedef struct {
UINTN Signature;
EFI_HANDLE DriverHandle;
EFI_HII_HANDLE HiiHandle;
//
// Produced protocol.
//
EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess;
} PWD_PROVIDER_CALLBACK_INFO;
/**
Enroll a user on a credential provider.
This function enrolls and deletes a user profile using this credential provider.
If a user profile is successfully enrolled, it calls the User Manager Protocol
function Notify() to notify the user manager driver that credential information
has changed. If an enrolled user does exist, delete the user on the credential
provider.
@param[in] This Points to this instance of EFI_USER_CREDENTIAL_PROTOCOL.
@param[in] User The user profile to enroll.
@retval EFI_SUCCESS User profile was successfully enrolled.
@retval EFI_ACCESS_DENIED Current user profile does not permit enrollment on the
user profile handle. Either the user profile cannot enroll
on any user profile or cannot enroll on a user profile
other than the current user profile.
@retval EFI_UNSUPPORTED This credential provider does not support enrollment in
the pre-OS.
@retval EFI_DEVICE_ERROR The new credential could not be created because of a device
error.
@retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle.
**/
EFI_STATUS
EFIAPI
CredentialEnroll (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
IN EFI_USER_PROFILE_HANDLE User
);
/**
Returns the user interface information used during user identification.
This function returns information about the form used when interacting with the
user during user identification. The form is the first enabled form in the form-set
class EFI_HII_USER_CREDENTIAL_FORMSET_GUID installed on the HII handle HiiHandle. If
the user credential provider does not require a form to identify the user, then this
function should return EFI_NOT_FOUND.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
@param[out] Hii On return, holds the HII database handle.
@param[out] FormSetId On return, holds the identifier of the form set which contains
the form used during user identification.
@param[out] FormId On return, holds the identifier of the form used during user
identification.
@retval EFI_SUCCESS Form returned successfully.
@retval EFI_NOT_FOUND Form not returned.
@retval EFI_INVALID_PARAMETER Hii is NULL or FormSetId is NULL or FormId is NULL.
**/
EFI_STATUS
EFIAPI
CredentialForm (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
OUT EFI_HII_HANDLE *Hii,
OUT EFI_GUID *FormSetId,
OUT EFI_FORM_ID *FormId
);
/**
Returns bitmap used to describe the credential provider type.
This optional function returns a bitmap which is less than or equal to the number
of pixels specified by Width and Height. If no such bitmap exists, then EFI_NOT_FOUND
is returned.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
@param[in, out] Width On entry, points to the desired bitmap width. If NULL then no
bitmap information will be returned. On exit, points to the
width of the bitmap returned.
@param[in, out] Height On entry, points to the desired bitmap height. If NULL then no
bitmap information will be returned. On exit, points to the
height of the bitmap returned
@param[out] Hii On return, holds the HII database handle.
@param[out] Image On return, holds the HII image identifier.
@retval EFI_SUCCESS Image identifier returned successfully.
@retval EFI_NOT_FOUND Image identifier not returned.
@retval EFI_INVALID_PARAMETER Hii is NULL or Image is NULL.
**/
EFI_STATUS
EFIAPI
CredentialTile (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
IN OUT UINTN *Width,
IN OUT UINTN *Height,
OUT EFI_HII_HANDLE *Hii,
OUT EFI_IMAGE_ID *Image
);
/**
Returns string used to describe the credential provider type.
This function returns a string which describes the credential provider. If no
such string exists, then EFI_NOT_FOUND is returned.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
@param[out] Hii On return, holds the HII database handle.
@param[out] String On return, holds the HII string identifier.
@retval EFI_SUCCESS String identifier returned successfully.
@retval EFI_NOT_FOUND String identifier not returned.
@retval EFI_INVALID_PARAMETER Hii is NULL or String is NULL.
**/
EFI_STATUS
EFIAPI
CredentialTitle (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
OUT EFI_HII_HANDLE *Hii,
OUT EFI_STRING_ID *String
);
/**
Return the user identifier associated with the currently authenticated user.
This function returns the user identifier of the user authenticated by this credential
provider. This function is called after the credential-related information has been
submitted on a form OR after a call to Default() has returned that this credential is
ready to log on.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
@param[in] User The user profile handle of the user profile currently being
considered by the user identity manager. If NULL, then no user
profile is currently under consideration.
@param[out] Identifier On return, points to the user identifier.
@retval EFI_SUCCESS User identifier returned successfully.
@retval EFI_NOT_READY No user identifier can be returned.
@retval EFI_ACCESS_DENIED The user has been locked out of this user credential.
@retval EFI_INVALID_PARAMETER This is NULL, or Identifier is NULL.
@retval EFI_NOT_FOUND User is not NULL, and the specified user handle can't be
found in user profile database
**/
EFI_STATUS
EFIAPI
CredentialUser (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
IN EFI_USER_PROFILE_HANDLE User,
OUT EFI_USER_INFO_IDENTIFIER *Identifier
);
/**
Indicate that user interface interaction has begun for the specified credential.
This function is called when a credential provider is selected by the user. If
AutoLogon returns FALSE, then the user interface will be constructed by the User
Identity Manager.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
@param[out] AutoLogon On return, points to the credential provider's capabilities
after the credential provider has been selected by the user.
@retval EFI_SUCCESS Credential provider successfully selected.
@retval EFI_INVALID_PARAMETER AutoLogon is NULL.
**/
EFI_STATUS
EFIAPI
CredentialSelect (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon
);
/**
Indicate that user interface interaction has ended for the specified credential.
This function is called when a credential provider is deselected by the user.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
@retval EFI_SUCCESS Credential provider successfully deselected.
**/
EFI_STATUS
EFIAPI
CredentialDeselect (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This
);
/**
Return the default logon behavior for this user credential.
This function reports the default login behavior regarding this credential provider.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
@param[out] AutoLogon On return, holds whether the credential provider should be used
by default to automatically log on the user.
@retval EFI_SUCCESS Default information successfully returned.
@retval EFI_INVALID_PARAMETER AutoLogon is NULL.
**/
EFI_STATUS
EFIAPI
CredentialDefault (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon
);
/**
Return information attached to the credential provider.
This function returns user information.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
@param[in] UserInfo Handle of the user information data record.
@param[out] Info On entry, points to a buffer of at least *InfoSize bytes. On
exit, holds the user information. If the buffer is too small
to hold the information, then EFI_BUFFER_TOO_SMALL is returned
and InfoSize is updated to contain the number of bytes actually
required.
@param[in, out] InfoSize On entry, points to the size of Info. On return, points to the
size of the user information.
@retval EFI_SUCCESS Information returned successfully.
@retval EFI_BUFFER_TOO_SMALL The size specified by InfoSize is too small to hold all of the
user information. The size required is returned in *InfoSize.
@retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL.
@retval EFI_NOT_FOUND The specified UserInfo does not refer to a valid user info handle.
**/
EFI_STATUS
EFIAPI
CredentialGetInfo (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
IN EFI_USER_INFO_HANDLE UserInfo,
OUT EFI_USER_INFO *Info,
IN OUT UINTN *InfoSize
);
/**
Enumerate all of the user informations on the credential provider.
This function returns the next user information record. To retrieve the first user
information record handle, point UserInfo at a NULL. Each subsequent call will retrieve
another user information record handle until there are no more, at which point UserInfo
will point to NULL.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
@param[in, out] UserInfo On entry, points to the previous user information handle or NULL
to start enumeration. On exit, points to the next user information
handle or NULL if there is no more user information.
@retval EFI_SUCCESS User information returned.
@retval EFI_NOT_FOUND No more user information found.
@retval EFI_INVALID_PARAMETER UserInfo is NULL.
**/
EFI_STATUS
EFIAPI
CredentialGetNextInfo (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
IN OUT EFI_USER_INFO_HANDLE *UserInfo
);
#endif

33
SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderData.h Normal file
View File

@@ -0,0 +1,33 @@
/** @file
Data structure used by the Password Credential Provider driver.
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef _PWD_CREDENTIAL_PROVIDER_DATA_H_
#define _PWD_CREDENTIAL_PROVIDER_DATA_H_
#define PWD_CREDENTIAL_PROVIDER_GUID \
{ \
0x78b9ec8b, 0xc000, 0x46c5, { 0xac, 0x93, 0x24, 0xa0, 0xc1, 0xbb, 0x0, 0xce } \
}
//
// Forms definition
//
#define FORMID_GET_PASSWORD_FORM 1
//
// Key defination
//
#define KEY_GET_PASSWORD 0x1000
#endif

53
SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderDxe.inf Normal file
View File

@@ -0,0 +1,53 @@
## @file
# Component description file for Password Credential Provider.
#
# Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
# http://opensource.org/licenses/bsd-license.php
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = PwdCredentialProvider
FILE_GUID = D6C589EA-DD29-49ef-97F6-1A9FE19A04E0
MODULE_TYPE = UEFI_DRIVER
VERSION_STRING = 1.0
ENTRY_POINT = PasswordProviderInit
[Sources]
PwdCredentialProvider.c
PwdCredentialProvider.h
PwdCredentialProviderData.h
PwdCredentialProviderVfr.Vfr
PwdCredentialProviderStrings.uni
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
CryptoPkg/CryptoPkg.dec
[LibraryClasses]
UefiRuntimeServicesTableLib
UefiBootServicesTableLib
UefiDriverEntryPoint
MemoryAllocationLib
BaseMemoryLib
DebugLib
HiiLib
UefiLib
BaseCryptLib
[Guids]
gEfiIfrTianoGuid ## CONSUMES ## Guid
gEfiUserCredentialClassPasswordGuid ## CONSUMES ## Guid
[Protocols]
gEfiDevicePathProtocolGuid # PROTOCOL ALWAYS_CONSUMED
gEfiHiiConfigAccessProtocolGuid
gEfiUserCredentialProtocolGuid
gEfiUserManagerProtocolGuid

BIN
SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderStrings.uni Normal file
View File

Binary file not shown.

35
SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderVfr.Vfr Normal file
View File

@@ -0,0 +1,35 @@
/** @file
Password Credential Provider formset.
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "PwdCredentialProviderData.h"
formset
guid = PWD_CREDENTIAL_PROVIDER_GUID,
title = STRING_TOKEN(STR_CREDENTIAL_TITLE),
help = STRING_TOKEN(STR_NULL_STRING),
classguid = PWD_CREDENTIAL_PROVIDER_GUID,
form formid = FORMID_GET_PASSWORD_FORM,
title = STRING_TOKEN(STR_FORM_TITLE);
text
help = STRING_TOKEN(STR_NULL_STRING),
text = STRING_TOKEN(STR_INPUT_PASSWORD),
text = STRING_TOKEN(STR_NULL_STRING),
flags = INTERACTIVE,
key = KEY_GET_PASSWORD;
endform;
endformset;

1407
SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.c Normal file
View File

File diff suppressed because it is too large Load Diff

354
SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.h Normal file
View File

@@ -0,0 +1,354 @@
/** @file
Usb Credential Provider driver header file.
Copyright (c) 2009, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef _USB_CREDENTIAL_PROVIDER_H_
#define _USB_CREDENTIAL_PROVIDER_H_
#include <Uefi.h>
#include <Guid/GlobalVariable.h>
#include <Guid/MdeModuleHii.h>
#include <Guid/FileInfo.h>
#include <Guid/SecurityPkgTokenSpace.h>
#include <Protocol/SimpleFileSystem.h>
#include <Protocol/BlockIo.h>
#include <Protocol/UserCredential.h>
#include <Protocol/UserManager.h>
#include <Library/UefiRuntimeServicesTableLib.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/DevicePathLib.h>
#include <Library/BaseCryptLib.h>
#include <Library/DebugLib.h>
#include <Library/UefiLib.h>
#include <Library/PrintLib.h>
#include <Library/HiiLib.h>
#include <Library/PcdLib.h>
extern UINT8 UsbCredentialProviderStrings[];
extern UINT8 UsbCredentialProviderVfrBin[];
#define USB_TABLE_INC 16
#define HASHED_CREDENTIAL_LEN 20
#define USB_CREDENTIAL_PROVIDER_GUID \
{ \
0xd0849ed1, 0xa88c, 0x4ba6, { 0xb1, 0xd6, 0xab, 0x50, 0xe2, 0x80, 0xb7, 0xa9 }\
}
//
// Save the enroll user credential Information.
//
typedef struct {
EFI_USER_INFO_IDENTIFIER UserId;
UINT8 Token[HASHED_CREDENTIAL_LEN];
} USB_INFO;
//
// USB Credential Table.
//
typedef struct {
UINTN Count;
UINTN MaxCount;
USB_INFO UserInfo[1];
} CREDENTIAL_TABLE;
//
// The user information on the USB provider.
//
typedef struct {
UINTN Count;
EFI_USER_INFO *Info[1];
} USB_CREDENTIAL_INFO;
///
/// HII specific Vendor Device Path definition.
///
typedef struct {
VENDOR_DEVICE_PATH VendorDevicePath;
EFI_DEVICE_PATH_PROTOCOL End;
} HII_VENDOR_DEVICE_PATH;
#define USB_PROVIDER_SIGNATURE SIGNATURE_32 ('U', 'S', 'B', 'P')
typedef struct {
UINTN Signature;
EFI_HANDLE DriverHandle;
EFI_HII_HANDLE HiiHandle;
} USB_PROVIDER_CALLBACK_INFO;
/**
Enroll a user on a credential provider.
This function enrolls and deletes a user profile using this credential provider.
If a user profile is successfully enrolled, it calls the User Manager Protocol
function Notify() to notify the user manager driver that credential information
has changed. If an enrolled user does exist, delete the user on the credential
provider.
@param[in] This Points to this instance of EFI_USER_CREDENTIAL_PROTOCOL.
@param[in] User The user profile to enroll.
@retval EFI_SUCCESS User profile was successfully enrolled.
@retval EFI_ACCESS_DENIED Current user profile does not permit enrollment on the
user profile handle. Either the user profile cannot enroll
on any user profile or cannot enroll on a user profile
other than the current user profile.
@retval EFI_UNSUPPORTED This credential provider does not support enrollment in
the pre-OS.
@retval EFI_DEVICE_ERROR The new credential could not be created because of a device
error.
@retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle.
**/
EFI_STATUS
EFIAPI
CredentialEnroll (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
IN EFI_USER_PROFILE_HANDLE User
);
/**
Returns the user interface information used during user identification.
This function returns information about the form used when interacting with the
user during user identification. The form is the first enabled form in the form-set
class EFI_HII_USER_CREDENTIAL_FORMSET_GUID installed on the HII handle HiiHandle. If
the user credential provider does not require a form to identify the user, then this
function should return EFI_NOT_FOUND.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
@param[out] Hii On return, holds the HII database handle.
@param[out] FormSetId On return, holds the identifier of the form set which contains
the form used during user identification.
@param[out] FormId On return, holds the identifier of the form used during user
identification.
@retval EFI_SUCCESS Form returned successfully.
@retval EFI_NOT_FOUND Form not returned.
@retval EFI_INVALID_PARAMETER Hii is NULL or FormSetId is NULL or FormId is NULL.
**/
EFI_STATUS
EFIAPI
CredentialForm (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
OUT EFI_HII_HANDLE *Hii,
OUT EFI_GUID *FormSetId,
OUT EFI_FORM_ID *FormId
);
/**
Returns bitmap used to describe the credential provider type.
This optional function returns a bitmap which is less than or equal to the number
of pixels specified by Width and Height. If no such bitmap exists, then EFI_NOT_FOUND
is returned.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
@param[in, out] Width On entry, points to the desired bitmap width. If NULL then no
bitmap information will be returned. On exit, points to the
width of the bitmap returned.
@param[in, out] Height On entry, points to the desired bitmap height. If NULL then no
bitmap information will be returned. On exit, points to the
height of the bitmap returned.
@param[out] Hii On return, holds the HII database handle.
@param[out] Image On return, holds the HII image identifier.
@retval EFI_SUCCESS Image identifier returned successfully.
@retval EFI_NOT_FOUND Image identifier not returned.
@retval EFI_INVALID_PARAMETER Hii is NULL or Image is NULL.
**/
EFI_STATUS
EFIAPI
CredentialTile (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
IN OUT UINTN *Width,
IN OUT UINTN *Height,
OUT EFI_HII_HANDLE *Hii,
OUT EFI_IMAGE_ID *Image
);
/**
Returns string used to describe the credential provider type.
This function returns a string which describes the credential provider. If no
such string exists, then EFI_NOT_FOUND is returned.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
@param[out] Hii On return, holds the HII database handle.
@param[out] String On return, holds the HII string identifier.
@retval EFI_SUCCESS String identifier returned successfully.
@retval EFI_NOT_FOUND String identifier not returned.
@retval EFI_INVALID_PARAMETER Hii is NULL or String is NULL.
**/
EFI_STATUS
EFIAPI
CredentialTitle (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
OUT EFI_HII_HANDLE *Hii,
OUT EFI_STRING_ID *String
);
/**
Return the user identifier associated with the currently authenticated user.
This function returns the user identifier of the user authenticated by this credential
provider. This function is called after the credential-related information has been
submitted on a form OR after a call to Default() has returned that this credential is
ready to log on.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
@param[in] User The user profile handle of the user profile currently being
considered by the user identity manager. If NULL, then no user
profile is currently under consideration.
@param[out] Identifier On return, points to the user identifier.
@retval EFI_SUCCESS User identifier returned successfully.
@retval EFI_NOT_READY No user identifier can be returned.
@retval EFI_ACCESS_DENIED The user has been locked out of this user credential.
@retval EFI_INVALID_PARAMETER This is NULL, or Identifier is NULL.
@retval EFI_NOT_FOUND User is not NULL, and the specified user handle can't be
found in user profile database.
**/
EFI_STATUS
EFIAPI
CredentialUser (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
IN EFI_USER_PROFILE_HANDLE User,
OUT EFI_USER_INFO_IDENTIFIER *Identifier
);
/**
Indicate that user interface interaction has begun for the specified credential.
This function is called when a credential provider is selected by the user. If
AutoLogon returns FALSE, then the user interface will be constructed by the User
Identity Manager.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
@param[out] AutoLogon On return, points to the credential provider's capabilities
after the credential provider has been selected by the user.
@retval EFI_SUCCESS Credential provider successfully selected.
@retval EFI_INVALID_PARAMETER AutoLogon is NULL.
**/
EFI_STATUS
EFIAPI
CredentialSelect (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon
);
/**
Indicate that user interface interaction has ended for the specified credential.
This function is called when a credential provider is deselected by the user.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
@retval EFI_SUCCESS Credential provider successfully deselected.
**/
EFI_STATUS
EFIAPI
CredentialDeselect (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This
);
/**
Return the default logon behavior for this user credential.
This function reports the default login behavior regarding this credential provider.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
@param[out] AutoLogon On return, holds whether the credential provider should be used
by default to automatically log on the user.
@retval EFI_SUCCESS Default information successfully returned.
@retval EFI_INVALID_PARAMETER AutoLogon is NULL.
**/
EFI_STATUS
EFIAPI
CredentialDefault (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon
);
/**
Return information attached to the credential provider.
This function returns user information.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
@param[in] UserInfo Handle of the user information data record.
@param[out] Info On entry, points to a buffer of at least *InfoSize bytes. On
exit, holds the user information. If the buffer is too small
to hold the information, then EFI_BUFFER_TOO_SMALL is returned
and InfoSize is updated to contain the number of bytes actually
required.
@param[in, out] InfoSize On entry, points to the size of Info. On return, points to the
size of the user information.
@retval EFI_SUCCESS Information returned successfully.
@retval EFI_BUFFER_TOO_SMALL The size specified by InfoSize is too small to hold all of the
user information. The size required is returned in *InfoSize.
@retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL.
@retval EFI_NOT_FOUND The specified UserInfo does not refer to a valid user info handle.
**/
EFI_STATUS
EFIAPI
CredentialGetInfo (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
IN EFI_USER_INFO_HANDLE UserInfo,
OUT EFI_USER_INFO *Info,
IN OUT UINTN *InfoSize
);
/**
Enumerate all of the user informations on the credential provider.
This function returns the next user information record. To retrieve the first user
information record handle, point UserInfo at a NULL. Each subsequent call will retrieve
another user information record handle until there are no more, at which point UserInfo
will point to NULL.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
@param[in, out] UserInfo On entry, points to the previous user information handle or NULL
to start enumeration. On exit, points to the next user information
handle or NULL if there is no more user information.
@retval EFI_SUCCESS User information returned.
@retval EFI_NOT_FOUND No more user information found.
@retval EFI_INVALID_PARAMETER UserInfo is NULL.
**/
EFI_STATUS
EFIAPI
CredentialGetNextInfo (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
IN OUT EFI_USER_INFO_HANDLE *UserInfo
);
#endif

58
SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderDxe.inf Normal file
View File

@@ -0,0 +1,58 @@
## @file
# Component description file for USB Credential Provider.
#
# Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
# http://opensource.org/licenses/bsd-license.php
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = UsbCredentialProvider
FILE_GUID = 672A0C68-2BF0-46f9-93C3-C4E7DC0FA555
MODULE_TYPE = UEFI_DRIVER
VERSION_STRING = 1.0
ENTRY_POINT = UsbProviderInit
[Sources]
UsbCredentialProvider.c
UsbCredentialProvider.h
UsbCredentialProviderStrings.uni
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
CryptoPkg/CryptoPkg.dec
SecurityPkg/SecurityPkg.dec
[LibraryClasses]
UefiRuntimeServicesTableLib
UefiBootServicesTableLib
UefiDriverEntryPoint
MemoryAllocationLib
BaseMemoryLib
DebugLib
HiiLib
UefiLib
BaseCryptLib
[Guids]
gEfiIfrTianoGuid ## CONSUMES ## Guid
gEfiFileInfoGuid ## CONSUMES ## Guid
gEfiUserCredentialClassSecureCardGuid ## CONSUMES ## Guid
[Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdFixedUsbCredentialProviderTokenFileName
[Protocols]
gEfiDevicePathProtocolGuid # PROTOCOL ALWAYS_CONSUMED
gEfiUserCredentialProtocolGuid
gEfiUserManagerProtocolGuid
gEfiBlockIoProtocolGuid
gEfiSimpleFileSystemProtocolGuid

BIN
SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderStrings.uni Normal file
View File

Binary file not shown.

148
SecurityPkg/UserIdentification/UserIdentifyManagerDxe/LoadDeferredImage.c Normal file
View File

@@ -0,0 +1,148 @@
/** @file
Load the deferred images after user is identified.
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "UserIdentifyManager.h"
EFI_HANDLE mDeferredImageHandle;
/**
The function will load all the deferred images again. If the deferred image is loaded
successfully, try to start it.
@param Event Event whose notification function is being invoked.
@param Context Pointer to the notification function's context
**/
VOID
EFIAPI
LoadDeferredImage (
IN EFI_EVENT Event,
IN VOID *Context
)
{
EFI_STATUS Status;
EFI_DEFERRED_IMAGE_LOAD_PROTOCOL *DeferredImage;
UINTN HandleCount;
EFI_HANDLE *HandleBuf;
UINTN Index;
UINTN DriverIndex;
EFI_DEVICE_PATH_PROTOCOL *ImageDevicePath;
VOID *DriverImage;
UINTN ImageSize;
BOOLEAN BootOption;
EFI_HANDLE ImageHandle;
UINTN ExitDataSize;
CHAR16 *ExitData;
//
// Find all the deferred image load protocols.
//
HandleCount = 0;
HandleBuf = NULL;
Status = gBS->LocateHandleBuffer (
ByProtocol,
&gEfiDeferredImageLoadProtocolGuid,
NULL,
&HandleCount,
&HandleBuf
);
if (EFI_ERROR (Status)) {
return ;
}
for (Index = 0; Index < HandleCount; Index++) {
Status = gBS->HandleProtocol (
HandleBuf[Index],
&gEfiDeferredImageLoadProtocolGuid,
(VOID **) &DeferredImage
);
if (EFI_ERROR (Status)) {
continue ;
}
DriverIndex = 0;
do {
//
// Load all the deferred images in this protocol instance.
//
Status = DeferredImage->GetImageInfo(
DeferredImage,
DriverIndex,
&ImageDevicePath,
(VOID **) &DriverImage,
&ImageSize,
&BootOption
);
if (EFI_ERROR (Status)) {
break;
}
//
// Load and start the image.
//
Status = gBS->LoadImage (
BootOption,
mDeferredImageHandle,
ImageDevicePath,
NULL,
0,
&ImageHandle
);
if (!EFI_ERROR (Status)) {
//
// Before calling the image, enable the Watchdog Timer for
// a 5 Minute period
//
gBS->SetWatchdogTimer (5 * 60, 0x0000, 0x00, NULL);
Status = gBS->StartImage (ImageHandle, &ExitDataSize, &ExitData);
//
// Clear the Watchdog Timer after the image returns.
//
gBS->SetWatchdogTimer (0x0000, 0x0000, 0x0000, NULL);
}
DriverIndex++;
} while (TRUE);
}
FreePool (HandleBuf);
}
/**
Register an event notification function for user profile changed.
@param[in] ImageHandle Image handle this driver.
**/
VOID
LoadDeferredImageInit (
IN EFI_HANDLE ImageHandle
)
{
EFI_STATUS Status;
EFI_EVENT Event;
mDeferredImageHandle = ImageHandle;
Status = gBS->CreateEventEx (
EVT_NOTIFY_SIGNAL,
TPL_CALLBACK,
LoadDeferredImage,
NULL,
&gEfiEventUserProfileChangedGuid,
&Event
);
ASSERT (Status == EFI_SUCCESS);
}

4381
SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManager.c Normal file
View File

File diff suppressed because it is too large Load Diff

413
SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManager.h Normal file
View File

@@ -0,0 +1,413 @@
/** @file
The header file for User identify Manager driver.
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef _USER_IDENTIFY_MANAGER_H_
#define _USER_IDENTIFY_MANAGER_H_
#include <Uefi.h>
#include <Guid/GlobalVariable.h>
#include <Guid/MdeModuleHii.h>
#include <Protocol/FormBrowser2.h>
#include <Protocol/HiiDatabase.h>
#include <Protocol/HiiConfigAccess.h>
#include <Protocol/HiiString.h>
#include <Protocol/HiiConfigRouting.h>
#include <Protocol/UserCredential.h>
#include <Protocol/UserManager.h>
#include <Protocol/DeferredImageLoad.h>
#include <Protocol/SimpleTextOut.h>
#include <Protocol/SimpleTextIn.h>
#include <Protocol/SimpleTextInEx.h>
#include <Library/UefiRuntimeServicesTableLib.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/DevicePathLib.h>
#include <Library/DebugLib.h>
#include <Library/UefiLib.h>
#include <Library/PrintLib.h>
#include <Library/HiiLib.h>
#include "UserIdentifyManagerData.h"
//
// This is the generated IFR binary data for each formset defined in VFR.
// This data array is ready to be used as input of HiiAddPackages() to
// create a packagelist.
//
extern UINT8 UserIdentifyManagerVfrBin[];
//
// This is the generated String package data for all .UNI files.
// This data array is ready to be used as input of HiiAddPackages() to
// create a packagelist.
//
extern UINT8 UserIdentifyManagerStrings[];
#define USER_NUMBER_INC 32
#define DEFAULT_PROFILE_SIZE 512
#define INFO_PAYLOAD_SIZE 64
//
// Credential Provider Information.
//
typedef struct {
UINTN Count;
EFI_USER_CREDENTIAL_PROTOCOL *Provider[1];
} CREDENTIAL_PROVIDER_INFO;
//
// Internal user profile entry.
//
typedef struct {
UINTN MaxProfileSize;
UINTN UserProfileSize;
CHAR16 UserVarName[9];
UINT8 *ProfileInfo;
} USER_PROFILE_ENTRY;
//
// Internal user profile database.
//
typedef struct {
UINTN UserProfileNum;
UINTN MaxProfileNum;
EFI_USER_PROFILE_HANDLE UserProfile[1];
} USER_PROFILE_DB;
#define USER_MANAGER_SIGNATURE SIGNATURE_32 ('U', 'I', 'M', 'S')
typedef struct {
UINTN Signature;
EFI_HANDLE DriverHandle;
EFI_HII_HANDLE HiiHandle;
//
// Consumed protocol.
//
EFI_HII_DATABASE_PROTOCOL *HiiDatabase;
EFI_HII_STRING_PROTOCOL *HiiString;
EFI_HII_CONFIG_ROUTING_PROTOCOL *HiiConfigRouting;
EFI_FORM_BROWSER2_PROTOCOL *FormBrowser2;
//
// Produced protocol.
//
EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess;
} USER_MANAGER_CALLBACK_INFO;
///
/// HII specific Vendor Device Path definition.
///
typedef struct {
VENDOR_DEVICE_PATH VendorDevicePath;
EFI_DEVICE_PATH_PROTOCOL End;
} HII_VENDOR_DEVICE_PATH;
/**
Register an event notification function for the user profile changed.
@param[in] ImageHandle Image handle this driver.
**/
VOID
LoadDeferredImageInit (
IN EFI_HANDLE ImageHandle
);
/**
This function creates a new user profile with only
a new user identifier attached and returns its handle.
The user profile is non-volatile, but the handle User
can change across reboots.
@param[in] This Protocol EFI_USER_MANAGER_PROTOCOL instance
pointer.
@param[out] User Handle of a new user profile.
@retval EFI_SUCCESS User profile was successfully created.
@retval EFI_ACCESS_DENIED Current user does not have sufficient permissions
to create a user profile.
@retval EFI_UNSUPPORTED Creation of new user profiles is not supported.
@retval EFI_INVALID_PARAMETER User is NULL.
**/
EFI_STATUS
EFIAPI
UserProfileCreate (
IN CONST EFI_USER_MANAGER_PROTOCOL *This,
OUT EFI_USER_PROFILE_HANDLE *User
);
/**
Delete an existing user profile.
@param This Protocol EFI_USER_MANAGER_PROTOCOL instance
pointer.
@param User User profile handle.
@retval EFI_SUCCESS User profile was successfully deleted.
@retval EFI_ACCESS_DENIED Current user does not have sufficient permissions
to delete a user profile or there is only one
user profile.
@retval EFI_UNSUPPORTED Deletion of new user profiles is not supported.
@retval EFI_INVALID_PARAMETER User does not refer to a valid user profile.
**/
EFI_STATUS
EFIAPI
UserProfileDelete (
IN CONST EFI_USER_MANAGER_PROTOCOL *This,
IN EFI_USER_PROFILE_HANDLE User
);
/**
Get next user profile from the user profile database.
@param[in] This Protocol EFI_USER_MANAGER_PROTOCOL instance
pointer.
@param[in, out] User User profile handle.
@retval EFI_SUCCESS Next enrolled user profile successfully returned.
@retval EFI_INVALID_PARAMETER User is NULL.
**/
EFI_STATUS
EFIAPI
UserProfileGetNext (
IN CONST EFI_USER_MANAGER_PROTOCOL *This,
IN OUT EFI_USER_PROFILE_HANDLE *User
);
/**
This function returns the current user profile handle.
@param[in] This Protocol EFI_USER_MANAGER_PROTOCOL instance pointer.
@param[out] CurrentUser User profile handle.
@retval EFI_SUCCESS Current user profile handle returned successfully.
@retval EFI_INVALID_PARAMETER CurrentUser is NULL.
**/
EFI_STATUS
EFIAPI
UserProfileCurrent (
IN CONST EFI_USER_MANAGER_PROTOCOL *This,
OUT EFI_USER_PROFILE_HANDLE *CurrentUser
);
/**
Identify the user and, if authenticated, returns the user handle and changes
the current user profile.
@param This Protocol EFI_USER_MANAGER_PROTOCOL instance pointer.
@param CurrentUser User profile handle.
@retval EFI_SUCCESS User was successfully identified.
@retval EFI_INVALID_PARAMETER User is NULL.
@retval EFI_ACCESS_DENIED User was not successfully identified.
**/
EFI_STATUS
EFIAPI
UserProfileIdentify (
IN CONST EFI_USER_MANAGER_PROTOCOL *This,
OUT EFI_USER_PROFILE_HANDLE *User
);
/**
Find a user using a user information record.
This function searches all user profiles for the specified user information record.
The search starts with the user information record handle following UserInfo and
continues until either the information is found or there are no more user profiles.
A match occurs when the Info.InfoType field matches the user information record
type and the user information record data matches the portion of Info passed the
EFI_USER_INFO header.
@param[in] This Points to this instance of the EFI_USER_MANAGER_PROTOCOL.
@param[in, out] User On entry, points to the previously returned user profile
handle, or NULL to start searching with the first user profile.
On return, points to the user profile handle, or NULL if not
found.
@param[in, out] UserInfo On entry, points to the previously returned user information
handle, or NULL to start searching with the first. On return,
points to the user information handle of the user information
record, or NULL if not found. Can be NULL, in which case only
one user information record per user can be returned.
@param[in] Info Points to the buffer containing the user information to be
compared to the user information record. If NULL, then only
the user information record type is compared. If InfoSize is 0,
then the user information record must be empty.
@param[in] InfoSize The size of Info, in bytes.
@retval EFI_SUCCESS User information was found. User points to the user profile handle,
and UserInfo points to the user information handle.
@retval EFI_NOT_FOUND User information was not found. User points to NULL and UserInfo
points to NULL.
**/
EFI_STATUS
EFIAPI
UserProfileFind (
IN CONST EFI_USER_MANAGER_PROTOCOL *This,
IN OUT EFI_USER_PROFILE_HANDLE *User,
IN OUT EFI_USER_INFO_HANDLE *UserInfo OPTIONAL,
IN CONST EFI_USER_INFO *Info,
IN UINTN InfoSize
);
/**
This function returns user information.
@param This Protocol EFI_USER_MANAGER_PROTOCOL instance
pointer.
@param User Handle of the user whose profile will be
retrieved.
@param UserInfo Handle of the user information data record.
@param Info On entry, points to a buffer of at least
*InfoSize bytes. On exit, holds the user
information.
@param InfoSize On entry, points to the size of Info. On return,
points to the size of the user information.
@retval EFI_SUCCESS Information returned successfully.
@retval EFI_ACCESS_DENIED The information about the specified user cannot
be accessed by the current user.
EFI_BUFFER_TOO_SMALL- The number of bytes
specified by *InfoSize is too small to hold the
returned data.
**/
EFI_STATUS
EFIAPI
UserProfileGetInfo (
IN CONST EFI_USER_MANAGER_PROTOCOL *This,
IN EFI_USER_PROFILE_HANDLE User,
IN EFI_USER_INFO_HANDLE UserInfo,
OUT EFI_USER_INFO *Info,
IN OUT UINTN *InfoSize
);
/**
This function changes user information.
@param This Protocol EFI_USER_MANAGER_PROTOCOL instance
pointer.
@param User Handle of the user whose profile will be
retrieved.
@param UserInfo Handle of the user information data record.
@param Info Points to the user information.
@param InfoSize The size of Info, in bytes.
@retval EFI_SUCCESS User profile information was successfully
changed/added.
@retval EFI_ACCESS_DENIED The record is exclusive.
@retval EFI_SECURITY_VIOLATION The current user does not have permission to
change the specified user profile or user
information record.
**/
EFI_STATUS
EFIAPI
UserProfileSetInfo (
IN CONST EFI_USER_MANAGER_PROTOCOL *This,
IN EFI_USER_PROFILE_HANDLE User,
IN OUT EFI_USER_INFO_HANDLE *UserInfo,
IN CONST EFI_USER_INFO *Info,
IN UINTN InfoSize
);
/**
This function allows the credential provider to notify the User Identity Manager
when user status has changed while deselected.
@param This Protocol EFI_USER_MANAGER_PROTOCOL instance
pointer.
@param Changed Points to the instance of the
EFI_USER_CREDENTIAL_PROTOCOL where the user has
changed.
@retval EFI_SUCCESS The User Identity Manager has handled the
notification.
@retval EFI_NOT_READY The function was called while the specified
credential provider was not selected.
@retval EFI_UNSUPPORTED The User Identity Manager doesn't support
asynchronous notifications.
**/
EFI_STATUS
EFIAPI
UserProfileNotify (
IN CONST EFI_USER_MANAGER_PROTOCOL *This,
IN EFI_HANDLE Changed
);
/**
Delete the user information attached to the user profile specified by the UserInfo.
@param This Protocol EFI_USER_MANAGER_PROTOCOL instance pointer.
@param User Handle of the user whose profile will be retrieved.
@param UserInfo Handle of the user information data record.
@retval EFI_SUCCESS User information deleted successfully.
@retval EFI_ACCESS_DENIED The current user does not have permission to
delete this user in-formation.
@retval EFI_NOT_FOUND User information record UserInfo does not exist
in the user pro-file.
**/
EFI_STATUS
EFIAPI
UserProfileDeleteInfo (
IN CONST EFI_USER_MANAGER_PROTOCOL *This,
IN EFI_USER_PROFILE_HANDLE User,
IN EFI_USER_INFO_HANDLE UserInfo
);
/**
This function returns the next user information record.
@param This Protocol EFI_USER_MANAGER_PROTOCOL instance pointer.
@param User Handle of the user whose profile will be retrieved.
@param UserInfo Handle of the user information data record.
@retval EFI_SUCCESS User information returned.
@retval EFI_NOT_FOUND No more user information found.
**/
EFI_STATUS
EFIAPI
UserProfileGetNextInfo (
IN CONST EFI_USER_MANAGER_PROTOCOL *This,
IN EFI_USER_PROFILE_HANDLE User,
IN OUT EFI_USER_INFO_HANDLE *UserInfo
);
#endif

42
SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerData.h Normal file
View File

@@ -0,0 +1,42 @@
/** @file
Data structure used by the user identify manager driver.
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef _USER_IDENTIFY_MANAGER_DATA_H_
#define _USER_IDENTIFY_MANAGER_DATA_H_
#include "UserIdentifyManagerStrDefs.h"
//
// Guid used in user profile saving and in form browser.
//
#define USER_IDENTIFY_MANAGER_GUID \
{ \
0x3ccd3dd8, 0x8d45, 0x4fed, { 0x96, 0x2d, 0x2b, 0x38, 0xcd, 0x82, 0xb3, 0xc4 } \
}
//
// Forms definition.
//
#define FORMID_USER_FORM 1
#define FORMID_PROVIDER_FORM 2
//
// Labels definition.
//
#define LABEL_USER_NAME 0x1000
#define LABEL_PROVIDER_NAME 0x3000
#define LABEL_END 0xffff
#define FORM_OPEN_QUESTION_ID 0xfffe
#endif

62
SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerDxe.inf Normal file
View File

@@ -0,0 +1,62 @@
## @file
# Component description file for user identify manager driver.
#
# Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
# http://opensource.org/licenses/bsd-license.php
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#
##
[defines]
INF_VERSION = 0x00010005
BASE_NAME = UserIdentifyManager
FILE_GUID = C5D3191B-27D5-4873-8DF2-628136991A21
MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0
ENTRY_POINT = UserIdentifyManagerInit
[sources]
UserIdentifyManager.c
LoadDeferredImage.c
UserIdentifyManager.h
UserIdentifyManagerData.h
UserIdentifyManagerStrings.uni
UserIdentifyManagerVfr.Vfr
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
[LibraryClasses]
UefiRuntimeServicesTableLib
UefiBootServicesTableLib
UefiDriverEntryPoint
MemoryAllocationLib
BaseMemoryLib
DebugLib
HiiLib
UefiLib
[Guids]
gEfiIfrTianoGuid ## CONSUMES ## Guid
gEfiEventUserProfileChangedGuid ## CONSUMES ## Guid
[Protocols]
gEfiFormBrowser2ProtocolGuid ## CONSUMES
gEfiHiiDatabaseProtocolGuid ## CONSUMES
gEfiUserCredentialProtocolGuid ## CONSUMES
gEfiDeferredImageLoadProtocolGuid ## CONSUMES
gEfiHiiConfigAccessProtocolGuid ## PRODUCES
gEfiUserManagerProtocolGuid ## PRODUCES
gEfiSimpleTextOutProtocolGuid
gEfiSimpleTextInProtocolGuid
gEfiSimpleTextInputExProtocolGuid
[Depex]
gEfiHiiDatabaseProtocolGuid AND
gEfiHiiStringProtocolGuid AND
gEfiFormBrowser2ProtocolGuid

BIN
SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerStrings.uni Normal file
View File

Binary file not shown.

44
SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerVfr.Vfr Normal file
View File

@@ -0,0 +1,44 @@
/** @file
User identify manager formset.
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "UserIdentifyManagerData.h"
formset
guid = USER_IDENTIFY_MANAGER_GUID,
title = STRING_TOKEN(STR_TITLE),
help = STRING_TOKEN(STR_NULL_STRING),
classguid = USER_IDENTIFY_MANAGER_GUID,
form formid = FORMID_USER_FORM,
title = STRING_TOKEN(STR_USER_SELECT);
suppressif TRUE;
text
help = STRING_TOKEN(STR_NULL_STRING),
text = STRING_TOKEN(STR_NULL_STRING),
text = STRING_TOKEN(STR_NULL_STRING),
flags = INTERACTIVE,
key = FORM_OPEN_QUESTION_ID;
endif;
label LABEL_USER_NAME;
label LABEL_END;
endform;
form formid = FORMID_PROVIDER_FORM,
title = STRING_TOKEN(STR_PROVIDER_SELECT);
label LABEL_PROVIDER_NAME;
label LABEL_END;
endform;
endformset;

372
SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileAdd.c Normal file
View File

@@ -0,0 +1,372 @@
/** @file
The functions to add a user profile.
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "UserProfileManager.h"
/**
Get user name from the popup windows.
@param[in, out] UserNameLen On entry, point to UserName buffer lengh, in bytes.
On exit, point to input user name length, in bytes.
@param[out] UserName The buffer to hold the input user name.
@retval EFI_ABORTED It is given up by pressing 'ESC' key.
@retval EFI_NOT_READY Not a valid input at all.
@retval EFI_SUCCESS Get a user name successfully.
**/
EFI_STATUS
GetUserNameInput (
IN OUT UINTN *UserNameLen,
OUT CHAR16 *UserName
)
{
EFI_INPUT_KEY Key;
UINTN NameLen;
CHAR16 Name[USER_NAME_LENGTH];
NameLen = 0;
while (TRUE) {
Name[NameLen] = L'_';
Name[NameLen + 1] = L'\0';
CreatePopUp (
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
&Key,
L"Input User Name",
L"---------------------",
Name,
NULL
);
//
// Check key.
//
if (Key.ScanCode == SCAN_NULL) {
if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) {
//
// Add the null terminator.
//
Name[NameLen] = 0;
NameLen++;
break;
} else if ((Key.UnicodeChar == CHAR_NULL) ||
(Key.UnicodeChar == CHAR_TAB) ||
(Key.UnicodeChar == CHAR_LINEFEED)
) {
continue;
} else {
if (Key.UnicodeChar == CHAR_BACKSPACE) {
if (NameLen > 0) {
NameLen--;
}
} else {
Name[NameLen] = Key.UnicodeChar;
NameLen++;
if (NameLen + 1 == USER_NAME_LENGTH) {
//
// Add the null terminator.
//
Name[NameLen] = 0;
NameLen++;
break;
}
}
}
}
if (Key.ScanCode == SCAN_ESC) {
return EFI_ABORTED;
}
}
if (NameLen <= 1) {
return EFI_NOT_READY;
}
if (*UserNameLen < NameLen * sizeof (CHAR16)) {
return EFI_NOT_READY;
}
*UserNameLen = NameLen * sizeof (CHAR16);
CopyMem (UserName, Name, *UserNameLen);
return EFI_SUCCESS;
}
/**
Set a user's username.
@param[in] User Handle of a user profile .
@param[in] UserNameLen The lengh of UserName.
@param[in] UserName Point to the buffer of user name.
@retval EFI_NOT_READY The usernme in mAddUserName had been used.
@retval EFI_SUCCESS Change the user's username successfully with
username in mAddUserName.
**/
EFI_STATUS
SetUserName (
IN EFI_USER_PROFILE_HANDLE User,
IN UINTN UserNameLen,
IN CHAR16 *UserName
)
{
EFI_STATUS Status;
EFI_USER_INFO_HANDLE UserInfo;
EFI_USER_PROFILE_HANDLE TempUser;
EFI_USER_INFO *NewUserInfo;
NewUserInfo = AllocateZeroPool (sizeof (EFI_USER_INFO) + UserNameLen);
ASSERT (NewUserInfo != NULL);
NewUserInfo->InfoType = EFI_USER_INFO_NAME_RECORD;
NewUserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV |
EFI_USER_INFO_PUBLIC |
EFI_USER_INFO_EXCLUSIVE;
NewUserInfo->InfoSize = (UINT32) (sizeof (EFI_USER_INFO) + UserNameLen);
CopyMem ((UINT8 *) (NewUserInfo + 1), UserName, UserNameLen);
TempUser = NULL;
Status = mUserManager->Find (
mUserManager,
&TempUser,
NULL,
NewUserInfo,
NewUserInfo->InfoSize
);
if (!EFI_ERROR (Status)) {
//
// The user name had been used, return error.
//
FreePool (NewUserInfo);
return EFI_NOT_READY;
}
UserInfo = NULL;
mUserManager->SetInfo (
mUserManager,
User,
&UserInfo,
NewUserInfo,
NewUserInfo->InfoSize
);
FreePool (NewUserInfo);
return EFI_SUCCESS;
}
/**
Set create date of the specified user.
@param[in] User Handle of a user profile.
**/
VOID
SetCreateDate (
IN EFI_USER_PROFILE_HANDLE User
)
{
EFI_STATUS Status;
EFI_USER_INFO_HANDLE UserInfo;
EFI_USER_INFO_CREATE_DATE Date;
EFI_USER_INFO *NewUserInfo;
NewUserInfo = AllocateZeroPool (
sizeof (EFI_USER_INFO) +
sizeof (EFI_USER_INFO_CREATE_DATE)
);
ASSERT (NewUserInfo != NULL);
NewUserInfo->InfoType = EFI_USER_INFO_CREATE_DATE_RECORD;
NewUserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV |
EFI_USER_INFO_PUBLIC |
EFI_USER_INFO_EXCLUSIVE;
NewUserInfo->InfoSize = sizeof (EFI_USER_INFO) + sizeof (EFI_USER_INFO_CREATE_DATE);
Status = gRT->GetTime (&Date, NULL);
if (EFI_ERROR (Status)) {
FreePool (NewUserInfo);
return ;
}
CopyMem ((UINT8 *) (NewUserInfo + 1), &Date, sizeof (EFI_USER_INFO_CREATE_DATE));
UserInfo = NULL;
mUserManager->SetInfo (
mUserManager,
User,
&UserInfo,
NewUserInfo,
NewUserInfo->InfoSize
);
FreePool (NewUserInfo);
}
/**
Set the default identity policy of the specified user.
@param[in] User Handle of a user profile.
**/
VOID
SetIdentityPolicy (
IN EFI_USER_PROFILE_HANDLE User
)
{
EFI_USER_INFO_IDENTITY_POLICY *Policy;
EFI_USER_INFO_HANDLE UserInfo;
EFI_USER_INFO *NewUserInfo;
NewUserInfo = AllocateZeroPool (
sizeof (EFI_USER_INFO) +
sizeof (EFI_USER_INFO_IDENTITY_POLICY)
);
ASSERT (NewUserInfo != NULL);
Policy = (EFI_USER_INFO_IDENTITY_POLICY *) (NewUserInfo + 1);
Policy->Type = EFI_USER_INFO_IDENTITY_TRUE;
Policy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY);
NewUserInfo->InfoType = EFI_USER_INFO_IDENTITY_POLICY_RECORD;
NewUserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV |
EFI_USER_INFO_PRIVATE |
EFI_USER_INFO_EXCLUSIVE;
NewUserInfo->InfoSize = sizeof (EFI_USER_INFO) + Policy->Length;
UserInfo = NULL;
mUserManager->SetInfo (
mUserManager,
User,
&UserInfo,
NewUserInfo,
NewUserInfo->InfoSize
);
FreePool (NewUserInfo);
}
/**
Set the default access policy of the specified user.
@param[in] User Handle of a user profile.
**/
VOID
SetAccessPolicy (
IN EFI_USER_PROFILE_HANDLE User
)
{
EFI_USER_INFO_ACCESS_CONTROL *Control;
EFI_USER_INFO_HANDLE UserInfo;
EFI_USER_INFO *NewUserInfo;
NewUserInfo = AllocateZeroPool (
sizeof (EFI_USER_INFO) +
sizeof (EFI_USER_INFO_ACCESS_CONTROL)
);
ASSERT (NewUserInfo != NULL);
Control = (EFI_USER_INFO_ACCESS_CONTROL *) (NewUserInfo + 1);
Control->Type = EFI_USER_INFO_ACCESS_ENROLL_SELF;
Control->Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL);
NewUserInfo->InfoType = EFI_USER_INFO_ACCESS_POLICY_RECORD;
NewUserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV |
EFI_USER_INFO_PUBLIC |
EFI_USER_INFO_EXCLUSIVE;
NewUserInfo->InfoSize = sizeof (EFI_USER_INFO) + Control->Size;
UserInfo = NULL;
mUserManager->SetInfo (
mUserManager,
User,
&UserInfo,
NewUserInfo,
NewUserInfo->InfoSize
);
FreePool (NewUserInfo);
}
/**
Add a new user profile into the user profile database.
**/
VOID
CallAddUser (
VOID
)
{
EFI_STATUS Status;
EFI_INPUT_KEY Key;
EFI_USER_PROFILE_HANDLE User;
UINTN UserNameLen;
CHAR16 UserName[USER_NAME_LENGTH];
CHAR16 *QuestionStr;
CHAR16 *PromptStr;
QuestionStr = NULL;
PromptStr = NULL;
//
// Get user name to add.
//
UserNameLen = sizeof (UserName);
Status = GetUserNameInput (&UserNameLen, UserName);
if (EFI_ERROR (Status)) {
if (Status != EFI_ABORTED) {
QuestionStr = GetStringById (STRING_TOKEN (STR_GET_USERNAME_FAILED));
PromptStr = GetStringById (STRING_TOKEN (STR_STROKE_KEY_CONTINUE));
goto Done;
}
return ;
}
//
// Create a new user profile.
//
User = NULL;
Status = mUserManager->Create (mUserManager, &User);
if (EFI_ERROR (Status)) {
QuestionStr = GetStringById (STRING_TOKEN (STR_CREATE_PROFILE_FAILED));
PromptStr = GetStringById (STRING_TOKEN (STR_STROKE_KEY_CONTINUE));
} else {
//
// Add default user information.
//
Status = SetUserName (User, UserNameLen, UserName);
if (EFI_ERROR (Status)) {
QuestionStr = GetStringById (STRING_TOKEN (STR_USER_ALREADY_EXISTED));
PromptStr = GetStringById (STRING_TOKEN (STR_STROKE_KEY_CONTINUE));
goto Done;
}
SetCreateDate (User);
SetIdentityPolicy (User);
SetAccessPolicy (User);
QuestionStr = GetStringById (STRING_TOKEN (STR_CREATE_PROFILE_SUCCESS));
PromptStr = GetStringById (STRING_TOKEN (STR_STROKE_KEY_CONTINUE));
}
Done:
CreatePopUp (
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
&Key,
QuestionStr,
L"",
PromptStr,
NULL
);
FreePool (QuestionStr);
FreePool (PromptStr);
}

314
SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileDelete.c Normal file
View File

@@ -0,0 +1,314 @@
/** @file
The functions to delete a user profile.
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "UserProfileManager.h"
/**
Get the username from the specified user.
@param[in] User Handle of a user profile.
@retval EFI_STRING_ID The String Id of the user's username.
**/
EFI_STRING_ID
GetUserName (
IN EFI_USER_PROFILE_HANDLE User
)
{
EFI_STATUS Status;
EFI_USER_INFO_HANDLE UserInfo;
EFI_USER_INFO *Info;
UINTN InfoSize;
UINTN MemSize;
UINTN NameLen;
CHAR16 UserName[USER_NAME_LENGTH];
EFI_STRING_ID UserId;
//
// Allocate user information memory.
//
MemSize = sizeof (EFI_USER_INFO) + 63;
Info = AllocateZeroPool (MemSize);
ASSERT (Info != NULL);
//
// Get user name information.
//
UserInfo = NULL;
while (TRUE) {
InfoSize = MemSize;
//
// Get next user information.
//
Status = mUserManager->GetNextInfo (
mUserManager,
User,
&UserInfo
);
if (EFI_ERROR (Status)) {
break;
}
Status = mUserManager->GetInfo (
mUserManager,
User,
UserInfo,
Info,
&InfoSize
);
if (Status == EFI_BUFFER_TOO_SMALL) {
MemSize = InfoSize;
FreePool (Info);
Info = AllocateZeroPool (MemSize);
ASSERT (Info != NULL);
Status = mUserManager->GetInfo (
mUserManager,
User,
UserInfo,
Info,
&InfoSize
);
}
//
// Check user information.
//
if (Status == EFI_SUCCESS) {
if (Info->InfoType == EFI_USER_INFO_NAME_RECORD) {
NameLen = Info->InfoSize - sizeof (EFI_USER_INFO);
if (NameLen > USER_NAME_LENGTH * sizeof (CHAR16)) {
NameLen = USER_NAME_LENGTH * sizeof (CHAR16);
}
ASSERT (NameLen >= sizeof (CHAR16));
CopyMem (UserName, (UINT8 *) (Info + 1), NameLen);
UserName[NameLen / sizeof (CHAR16) - 1] = 0;
UserId = HiiSetString (
mCallbackInfo->HiiHandle,
0,
UserName,
NULL
);
if (UserId != 0) {
FreePool (Info);
return UserId;
}
}
}
}
FreePool (Info);
return 0;
}
/**
Add a username item in form.
@param[in] User Points to the user profile whose username is added.
@param[in] Index The index of the user in the user name list
@param[in] OpCodeHandle Points to container for dynamic created opcodes.
**/
VOID
AddUserToForm (
IN EFI_USER_PROFILE_HANDLE User,
IN UINT16 Index,
IN VOID *OpCodeHandle
)
{
EFI_STRING_ID NameId;
//
// Get user name
//
NameId = GetUserName (User);
if (NameId == 0) {
return ;
}
//
// Create user name option.
//
switch (Index & KEY_FIRST_FORM_MASK) {
case KEY_MODIFY_USER:
HiiCreateGotoOpCode (
OpCodeHandle, // Container for dynamic created opcodes
FORMID_USER_INFO, // Target Form ID
NameId, // Prompt text
STRING_TOKEN (STR_NULL_STRING), // Help text
EFI_IFR_FLAG_CALLBACK, // Question flag
Index // Question ID
);
break;
case KEY_DEL_USER:
HiiCreateActionOpCode (
OpCodeHandle, // Container for dynamic created opcodes
Index, // Question ID
NameId, // Prompt text
STRING_TOKEN (STR_NULL_STRING), // Help text
EFI_IFR_FLAG_CALLBACK, // Question flag
0 // Action String ID
);
break;
default:
break;
}
}
/**
Delete the user specified by UserIndex in user profile database.
@param[in] UserIndex The index of user in the user name list
to be deleted.
**/
VOID
DeleteUser (
IN UINT8 UserIndex
)
{
EFI_STATUS Status;
EFI_USER_PROFILE_HANDLE User;
EFI_INPUT_KEY Key;
//
// Find specified user profile and delete it.
//
User = NULL;
Status = mUserManager->GetNext (mUserManager, &User);
if (EFI_ERROR (Status)) {
goto Done;
}
while (UserIndex > 1) {
Status = mUserManager->GetNext (mUserManager, &User);
if (EFI_ERROR (Status)) {
goto Done;
}
UserIndex--;
}
if (UserIndex == 1) {
Status = mUserManager->Delete (mUserManager, User);
if (EFI_ERROR (Status)) {
goto Done;
}
CreatePopUp (
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
&Key,
L"Delete User Succeed!",
L"",
L"Please Press Any Key to Continue ...",
NULL
);
return ;
}
Done:
CreatePopUp (
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
&Key,
L"Delete User Failed!",
L"",
L"Please Press Any Key to Continue ...",
NULL
);
}
/**
Display user select form, cab select a user to delete.
**/
VOID
SelectUserToDelete (
VOID
)
{
EFI_STATUS Status;
UINT8 Index;
EFI_USER_PROFILE_HANDLE User;
EFI_USER_PROFILE_HANDLE CurrentUser;
VOID *StartOpCodeHandle;
VOID *EndOpCodeHandle;
EFI_IFR_GUID_LABEL *StartLabel;
EFI_IFR_GUID_LABEL *EndLabel;
//
// Initialize the container for dynamic opcodes.
//
StartOpCodeHandle = HiiAllocateOpCodeHandle ();
ASSERT (StartOpCodeHandle != NULL);
EndOpCodeHandle = HiiAllocateOpCodeHandle ();
ASSERT (EndOpCodeHandle != NULL);
//
// Create Hii Extend Label OpCode.
//
StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
StartOpCodeHandle,
&gEfiIfrTianoGuid,
NULL,
sizeof (EFI_IFR_GUID_LABEL)
);
StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
StartLabel->Number = LABEL_USER_DEL_FUNC;
EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
EndOpCodeHandle,
&gEfiIfrTianoGuid,
NULL,
sizeof (EFI_IFR_GUID_LABEL)
);
EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
EndLabel->Number = LABEL_END;
//
// Add each user can be deleted.
//
User = NULL;
Index = 1;
mUserManager->Current (mUserManager, &CurrentUser);
while (TRUE) {
Status = mUserManager->GetNext (mUserManager, &User);
if (EFI_ERROR (Status)) {
break;
}
if (User != CurrentUser) {
AddUserToForm (
User,
(UINT16)(KEY_DEL_USER | KEY_SELECT_USER | Index),
StartOpCodeHandle
);
}
Index++;
}
HiiUpdateForm (
mCallbackInfo->HiiHandle, // HII handle
&mUserProfileManagerGuid, // Formset GUID
FORMID_DEL_USER, // Form ID
StartOpCodeHandle, // Label for where to insert opcodes
EndOpCodeHandle // Replace data
);
HiiFreeOpCodeHandle (StartOpCodeHandle);
HiiFreeOpCodeHandle (EndOpCodeHandle);
}

806
SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager.c Normal file
View File

@@ -0,0 +1,806 @@
/** @file
This driver is a configuration tool for adding, deleting or modifying user
profiles, including gathering the necessary information to ascertain their
identity in the future, updating user access policy and identification
policy, etc.
Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "UserProfileManager.h"
EFI_GUID mUserProfileManagerGuid = USER_PROFILE_MANAGER_GUID;
EFI_USER_MANAGER_PROTOCOL *mUserManager = NULL;
CREDENTIAL_PROVIDER_INFO *mProviderInfo = NULL;
UINT8 mProviderChoice;
UINT8 mConncetLogical;
USER_INFO_ACCESS mAccessInfo;
USER_INFO mUserInfo;
USER_PROFILE_MANAGER_CALLBACK_INFO *mCallbackInfo;
HII_VENDOR_DEVICE_PATH mHiiVendorDevicePath = {
{
{
HARDWARE_DEVICE_PATH,
HW_VENDOR_DP,
{
(UINT8) (sizeof (VENDOR_DEVICE_PATH)),
(UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8)
}
},
{0xad2e3474, 0x93e6, 0x488b, {0x93, 0x19, 0x64, 0x88, 0xfc, 0x68, 0x1f, 0x16}}
},
{
END_DEVICE_PATH_TYPE,
END_ENTIRE_DEVICE_PATH_SUBTYPE,
{
(UINT8) (END_DEVICE_PATH_LENGTH),
(UINT8) ((END_DEVICE_PATH_LENGTH) >> 8)
}
}
};
/**
Get string by string id from HII Interface.
@param[in] Id String ID to get the string from.
@retval CHAR16 * String from ID.
@retval NULL If error occurs.
**/
CHAR16 *
GetStringById (
IN EFI_STRING_ID Id
)
{
//
// Get the current string for the current Language.
//
return HiiGetString (mCallbackInfo->HiiHandle, Id, NULL);
}
/**
This function gets all the credential providers in the system and saved them
to mProviderInfo.
@retval EFI_SUCESS Init credential provider database successfully.
@retval Others Fail to init credential provider database.
**/
EFI_STATUS
InitProviderInfo (
VOID
)
{
EFI_STATUS Status;
UINTN HandleCount;
EFI_HANDLE *HandleBuf;
UINTN Index;
//
// Try to find all the user credential provider driver.
//
HandleCount = 0;
HandleBuf = NULL;
Status = gBS->LocateHandleBuffer (
ByProtocol,
&gEfiUserCredentialProtocolGuid,
NULL,
&HandleCount,
&HandleBuf
);
if (EFI_ERROR (Status)) {
return Status;
}
//
// Get provider infomation.
//
if (mProviderInfo != NULL) {
FreePool (mProviderInfo);
}
mProviderInfo = AllocateZeroPool (
sizeof (CREDENTIAL_PROVIDER_INFO) -
sizeof (EFI_USER_CREDENTIAL_PROTOCOL *) +
HandleCount * sizeof (EFI_USER_CREDENTIAL_PROTOCOL *)
);
if (mProviderInfo == NULL) {
FreePool (HandleBuf);
return EFI_OUT_OF_RESOURCES;
}
mProviderInfo->Count = HandleCount;
for (Index = 0; Index < HandleCount; Index++) {
Status = gBS->HandleProtocol (
HandleBuf[Index],
&gEfiUserCredentialProtocolGuid,
(VOID **) &mProviderInfo->Provider[Index]
);
if (EFI_ERROR (Status)) {
FreePool (HandleBuf);
FreePool (mProviderInfo);
mProviderInfo = NULL;
return Status;
}
}
FreePool (HandleBuf);
return EFI_SUCCESS;
}
/**
This function processes changes in user profile configuration.
@param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
@param Action Specifies the type of action taken by the browser.
@param QuestionId A unique value which is sent to the original
exporting driver so that it can identify the type
of data to expect.
@param Type The type of value for the question.
@param Value A pointer to the data being sent to the original
exporting driver.
@param ActionRequest On return, points to the action requested by the
callback function.
@retval EFI_SUCCESS The callback successfully handled the action.
@retval Others Fail to handle the action.
**/
EFI_STATUS
EFIAPI
UserProfileManagerCallback (
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN EFI_BROWSER_ACTION Action,
IN EFI_QUESTION_ID QuestionId,
IN UINT8 Type,
IN EFI_IFR_TYPE_VALUE *Value,
OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
)
{
EFI_STATUS Status;
EFI_INPUT_KEY Key;
UINT32 CurrentAccessRight;
CHAR16 *QuestionStr;
CHAR16 *PromptStr;
VOID *StartOpCodeHandle;
VOID *EndOpCodeHandle;
EFI_IFR_GUID_LABEL *StartLabel;
EFI_IFR_GUID_LABEL *EndLabel;
EFI_USER_PROFILE_HANDLE CurrentUser;
Status = EFI_SUCCESS;
switch (Action) {
case EFI_BROWSER_ACTION_FORM_OPEN:
{
//
// Update user manage Form when user manage Form is opened.
// This will be done only in FORM_OPEN CallBack of question with QUESTIONID_USER_MANAGE from user manage Form.
//
if (QuestionId != QUESTIONID_USER_MANAGE) {
return EFI_SUCCESS;
}
//
// Get current user
//
CurrentUser = NULL;
mUserManager->Current (mUserManager, &CurrentUser);
if (CurrentUser == NULL) {
DEBUG ((DEBUG_ERROR, "Error: current user does not exist!\n"));
return EFI_NOT_READY;
}
//
// Get current user's right information.
//
Status = GetAccessRight (&CurrentAccessRight);
if (EFI_ERROR (Status)) {
CurrentAccessRight = EFI_USER_INFO_ACCESS_ENROLL_SELF;
}
//
// Init credential provider information.
//
Status = InitProviderInfo ();
if (EFI_ERROR (Status)) {
return Status;
}
//
// Initialize the container for dynamic opcodes.
//
StartOpCodeHandle = HiiAllocateOpCodeHandle ();
ASSERT (StartOpCodeHandle != NULL);
EndOpCodeHandle = HiiAllocateOpCodeHandle ();
ASSERT (EndOpCodeHandle != NULL);
//
// Create Hii Extend Label OpCode.
//
StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
StartOpCodeHandle,
&gEfiIfrTianoGuid,
NULL,
sizeof (EFI_IFR_GUID_LABEL)
);
StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
StartLabel->Number = LABEL_USER_MANAGE_FUNC;
EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
EndOpCodeHandle,
&gEfiIfrTianoGuid,
NULL,
sizeof (EFI_IFR_GUID_LABEL)
);
EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
EndLabel->Number = LABEL_END;
//
// Add user profile option.
//
if ((CurrentAccessRight == EFI_USER_INFO_ACCESS_MANAGE) ||
(CurrentAccessRight == EFI_USER_INFO_ACCESS_ENROLL_OTHERS)
) {
HiiCreateActionOpCode (
StartOpCodeHandle, // Container for dynamic created opcodes
KEY_ADD_USER, // Question ID
STRING_TOKEN (STR_ADD_USER_TITLE), // Prompt text
STRING_TOKEN (STR_ADD_USER_HELP), // Help text
EFI_IFR_FLAG_CALLBACK, // Question flag
0 // Action String ID
);
}
//
// Add modify user profile option.
//
HiiCreateGotoOpCode (
StartOpCodeHandle, // Container for dynamic created opcodes
FORMID_MODIFY_USER, // Target Form ID
STRING_TOKEN (STR_MODIFY_USER_TITLE), // Prompt text
STRING_TOKEN (STR_MODIFY_USER_HELP), // Help text
EFI_IFR_FLAG_CALLBACK, // Question flag
KEY_MODIFY_USER // Question ID
);
//
// Add delete user profile option
//
if (CurrentAccessRight == EFI_USER_INFO_ACCESS_MANAGE) {
HiiCreateGotoOpCode (
StartOpCodeHandle, // Container for dynamic created opcodes
FORMID_DEL_USER, // Target Form ID
STRING_TOKEN (STR_DELETE_USER_TITLE), // Prompt text
STRING_TOKEN (STR_DELETE_USER_HELP), // Help text
EFI_IFR_FLAG_CALLBACK, // Question flag
KEY_DEL_USER // Question ID
);
}
HiiUpdateForm (
mCallbackInfo->HiiHandle, // HII handle
&mUserProfileManagerGuid, // Formset GUID
FORMID_USER_MANAGE, // Form ID
StartOpCodeHandle, // Label for where to insert opcodes
EndOpCodeHandle // Replace data
);
HiiFreeOpCodeHandle (StartOpCodeHandle);
HiiFreeOpCodeHandle (EndOpCodeHandle);
return EFI_SUCCESS;
}
break;
case EFI_BROWSER_ACTION_FORM_CLOSE:
Status = EFI_SUCCESS;
break;
case EFI_BROWSER_ACTION_CHANGING:
{
//
// Handle the request from form.
//
if ((Value == NULL) || (ActionRequest == NULL)) {
return EFI_INVALID_PARAMETER;
}
//
// Judge first 2 bits.
//
switch (QuestionId & KEY_FIRST_FORM_MASK) {
//
// Add user profile operation.
//
case KEY_ADD_USER:
CallAddUser ();
break;
//
// Delete user profile operation.
//
case KEY_DEL_USER:
//
// Judge next 2 bits.
//
switch (QuestionId & KEY_SECOND_FORM_MASK) {
//
// Enter delete user profile form.
//
case KEY_ENTER_NEXT_FORM:
SelectUserToDelete ();
break;
//
// Delete specified user profile.
//
case KEY_SELECT_USER:
DeleteUser ((UINT8) QuestionId);
//
// Update select user form after delete a user.
//
SelectUserToDelete ();
break;
default:
break;
}
break;
//
// Modify user profile operation.
//
case KEY_MODIFY_USER:
//
// Judge next 2 bits.
//
switch (QuestionId & KEY_SECOND_FORM_MASK) {
//
// Enter modify user profile form.
//
case KEY_ENTER_NEXT_FORM:
SelectUserToModify ();
break;
//
// Enter user profile information form.
//
case KEY_SELECT_USER:
//
// Judge next 3 bits.
//
switch (QuestionId & KEY_MODIFY_INFO_MASK) {
//
// Display user information form.
//
case KEY_ENTER_NEXT_FORM:
ModifyUserInfo ((UINT8) QuestionId);
break;
//
// Modify user name.
//
case KEY_MODIFY_NAME:
ModifyUserName ();
//
// Update username in parent form.
//
SelectUserToModify ();
break;
//
// Modify identity policy.
//
case KEY_MODIFY_IP:
//
// Judge next 3 bits
//
switch (QuestionId & KEY_MODIFY_IP_MASK) {
//
// Display identity policy modify form.
//
case KEY_ENTER_NEXT_FORM:
ModifyIdentityPolicy ();
break;
//
// Change credential provider option.
//
case KEY_MODIFY_PROV:
mProviderChoice = Value->u8;
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT;
break;
//
// Change logical connector.
//
case KEY_MODIFY_CONN:
mConncetLogical = Value->u8;
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT;
break;
//
// Save option.
//
case KEY_ADD_IP_OP:
AddIdentityPolicyItem ();
break;
//
// Return to user profile information form.
//
case KEY_IP_RETURN_UIF:
SaveIdentityPolicy ();
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT;
break;
default:
break;
}
break;
//
// Modify access policy.
//
case KEY_MODIFY_AP:
//
// Judge next 3 bits.
//
switch (QuestionId & KEY_MODIFY_AP_MASK) {
//
// Display access policy modify form.
//
case KEY_ENTER_NEXT_FORM:
ModidyAccessPolicy ();
break;
//
// Change access right choice.
//
case KEY_MODIFY_RIGHT:
mAccessInfo.AccessRight = Value->u8;
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT;
break;
//
// Change setup choice.
//
case KEY_MODIFY_SETUP:
mAccessInfo.AccessSetup= Value->u8;
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT;
break;
//
// Change boot order choice.
//
case KEY_MODIFY_BOOT:
mAccessInfo.AccessBootOrder = Value->u32;
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT;
break;
//
// Load device path form.
//
case KEY_MODIFY_LOAD:
//
// Judge next 2 bits.
//
switch (QuestionId & KEY_DISPLAY_DP_MASK) {
//
// Permit load device path.
//
case KEY_PERMIT_MODIFY:
DisplayLoadPermit ();
break;
//
// Forbid load device path.
//
case KEY_FORBID_MODIFY:
DisplayLoadForbid ();
break;
default:
break;
}
break;
//
// Connect device path form.
//
case KEY_MODIFY_CONNECT:
//
// Judge next 2 bits.
//
switch (QuestionId & KEY_DISPLAY_DP_MASK) {
//
// Permit connect device path.
//
case KEY_PERMIT_MODIFY:
DisplayConnectPermit ();
break;
//
// Forbid connect device path.
//
case KEY_FORBID_MODIFY:
DisplayConnectForbid ();
break;
default:
break;
}
break;
//
// Return to user profile information form.
//
case KEY_AP_RETURN_UIF:
SaveAccessPolicy ();
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT;
break;
default:
break;
}
break;
default:
break;
}
break;
//
// Access policy device path modified.
//
case KEY_MODIFY_AP_DP:
//
// Judge next 2 bits.
//
switch (QuestionId & KEY_MODIFY_DP_MASK) {
//
// Load permit device path modified.
//
case KEY_LOAD_PERMIT_MODIFY:
QuestionStr = GetStringById (STRING_TOKEN (STR_MOVE_TO_FORBID_LIST));
PromptStr = GetStringById (STRING_TOKEN (STR_PRESS_KEY_CONTINUE));
CreatePopUp (
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
&Key,
QuestionStr,
L"",
PromptStr,
NULL
);
FreePool (QuestionStr);
FreePool (PromptStr);
if (Key.UnicodeChar != CHAR_CARRIAGE_RETURN) {
break;
}
AddToForbidLoad ((UINT16)(QuestionId & (KEY_MODIFY_DP_MASK - 1)));
DisplayLoadPermit ();
break;
//
// Load forbid device path modified.
//
case KEY_LOAD_FORBID_MODIFY:
QuestionStr = GetStringById (STRING_TOKEN (STR_MOVE_TO_PERMIT_LIST));
PromptStr = GetStringById (STRING_TOKEN (STR_PRESS_KEY_CONTINUE));
CreatePopUp (
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
&Key,
QuestionStr,
L"",
PromptStr,
NULL
);
FreePool (QuestionStr);
FreePool (PromptStr);
if (Key.UnicodeChar != CHAR_CARRIAGE_RETURN) {
break;
}
DeleteFromForbidLoad ((UINT16)(QuestionId & (KEY_MODIFY_DP_MASK - 1)));
DisplayLoadForbid ();
break;
//
// Connect permit device path modified.
//
case KEY_CONNECT_PERMIT_MODIFY:
break;
//
// Connect forbid device path modified.
//
case KEY_CONNECT_FORBID_MODIFY:
break;
default:
break;
}
break;
default:
break;
}
break;
default:
break;
}
}
break;
default:
//
// All other action return unsupported.
//
Status = EFI_UNSUPPORTED;
break;
}
return Status;
}
/**
This function allows a caller to extract the current configuration for one
or more named elements from the target driver.
@param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
@param Request A null-terminated Unicode string in <ConfigRequest> format.
@param Progress On return, points to a character in the Request string.
Points to the string's null terminator if request was successful.
Points to the most recent '&' before the first failing name/value
pair (or the beginning of the string if the failure is in the
first name/value pair) if the request was not successful.
@param Results A null-terminated Unicode string in <ConfigAltResp> format which
has all values filled in for the names in the Request string.
String to be allocated by the called function.
@retval EFI_SUCCESS The Results is filled with the requested values.
@retval EFI_OUT_OF_RESOURCES Not enough memory to store the results.
@retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name.
@retval EFI_NOT_FOUND Routing data doesn't match any storage in this driver.
**/
EFI_STATUS
EFIAPI
FakeExtractConfig (
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN CONST EFI_STRING Request,
OUT EFI_STRING *Progress,
OUT EFI_STRING *Results
)
{
if (Progress == NULL || Results == NULL) {
return EFI_INVALID_PARAMETER;
}
*Progress = Request;
return EFI_NOT_FOUND;
}
/**
This function processes the results of changes in configuration.
@param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
@param Configuration A null-terminated Unicode string in <ConfigResp> format.
@param Progress A pointer to a string filled in with the offset of the most
recent '&' before the first failing name/value pair (or the
beginning of the string if the failure is in the first
name/value pair) or the terminating NULL if all was successful.
@retval EFI_SUCCESS The Results is processed successfully.
@retval EFI_INVALID_PARAMETER Configuration is NULL.
@retval EFI_NOT_FOUND Routing data doesn't match any storage in this driver.
**/
EFI_STATUS
EFIAPI
FakeRouteConfig (
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN CONST EFI_STRING Configuration,
OUT EFI_STRING *Progress
)
{
if (Configuration == NULL || Progress == NULL) {
return EFI_INVALID_PARAMETER;
}
return EFI_NOT_FOUND;
}
/**
Main entry for this driver.
@param ImageHandle Image handle this driver.
@param SystemTable Pointer to SystemTable.
@retval EFI_SUCESS This function always complete successfully.
**/
EFI_STATUS
EFIAPI
UserProfileManagerInit (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
{
EFI_STATUS Status;
USER_PROFILE_MANAGER_CALLBACK_INFO *CallbackInfo;
Status = gBS->LocateProtocol (
&gEfiUserManagerProtocolGuid,
NULL,
(VOID **) &mUserManager
);
if (EFI_ERROR (Status)) {
return EFI_SUCCESS;
}
//
// Initialize driver private data.
//
ZeroMem (&mUserInfo, sizeof (mUserInfo));
ZeroMem (&mAccessInfo, sizeof (mAccessInfo));
CallbackInfo = AllocateZeroPool (sizeof (USER_PROFILE_MANAGER_CALLBACK_INFO));
ASSERT (CallbackInfo != NULL);
CallbackInfo->Signature = USER_PROFILE_MANAGER_SIGNATURE;
CallbackInfo->ConfigAccess.ExtractConfig = FakeExtractConfig;
CallbackInfo->ConfigAccess.RouteConfig = FakeRouteConfig;
CallbackInfo->ConfigAccess.Callback = UserProfileManagerCallback;
CallbackInfo->DriverHandle = NULL;
//
// Install Device Path Protocol and Config Access protocol to driver handle.
//
Status = gBS->InstallMultipleProtocolInterfaces (
&CallbackInfo->DriverHandle,
&gEfiDevicePathProtocolGuid,
&mHiiVendorDevicePath,
&gEfiHiiConfigAccessProtocolGuid,
&CallbackInfo->ConfigAccess,
NULL
);
ASSERT_EFI_ERROR (Status);
//
// Publish HII data.
//
CallbackInfo->HiiHandle = HiiAddPackages (
&mUserProfileManagerGuid,
CallbackInfo->DriverHandle,
UserProfileManagerStrings,
UserProfileManagerVfrBin,
NULL
);
ASSERT (CallbackInfo->HiiHandle != NULL);
mCallbackInfo = CallbackInfo;
return Status;
}

387
SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager.h Normal file
View File

@@ -0,0 +1,387 @@
/** @file
The header file for user profile manager driver.
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef __EFI_USER_PROFILE_MANAGER_H__
#define __EFI_USER_PROFILE_MANAGER_H__
#include <Uefi.h>
#include <Guid/GlobalVariable.h>
#include <Guid/MdeModuleHii.h>
#include <Protocol/HiiConfigAccess.h>
#include <Protocol/DevicePathToText.h>
#include <Protocol/UserCredential.h>
#include <Protocol/UserManager.h>
#include <Library/UefiRuntimeServicesTableLib.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/DevicePathLib.h>
#include <Library/DebugLib.h>
#include <Library/UefiLib.h>
#include <Library/PrintLib.h>
#include <Library/HiiLib.h>
#include "UserProfileManagerData.h"
#define USER_NAME_LENGTH 17
//
// Credential Provider Information.
//
typedef struct {
UINTN Count;
EFI_USER_CREDENTIAL_PROTOCOL *Provider[1];
} CREDENTIAL_PROVIDER_INFO;
//
// User profile information structure.
//
typedef struct {
UINT64 UsageCount;
EFI_TIME CreateDate;
EFI_TIME UsageDate;
UINTN AccessPolicyLen;
UINTN IdentityPolicyLen;
UINTN NewIdentityPolicyLen;
UINT8 *AccessPolicy;
UINT8 *IdentityPolicy;
UINT8 *NewIdentityPolicy;
CHAR16 UserName[USER_NAME_LENGTH];
BOOLEAN CreateDateExist;
BOOLEAN UsageDateExist;
BOOLEAN AccessPolicyModified;
BOOLEAN IdentityPolicyModified;
BOOLEAN NewIdentityPolicyModified;
} USER_INFO;
//
// User access information structure.
//
typedef struct {
UINTN LoadPermitLen;
UINTN LoadForbidLen;
UINTN ConnectPermitLen;
UINTN ConnectForbidLen;
UINT8 *LoadPermit;
UINT8 *LoadForbid;
UINT8 *ConnectPermit;
UINT8 *ConnectForbid;
UINT32 AccessBootOrder;
UINT8 AccessRight;
UINT8 AccessSetup;
} USER_INFO_ACCESS;
#define USER_PROFILE_MANAGER_SIGNATURE SIGNATURE_32 ('U', 'P', 'M', 'S')
typedef struct {
UINTN Signature;
EFI_HANDLE DriverHandle;
EFI_HII_HANDLE HiiHandle;
EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess;
} USER_PROFILE_MANAGER_CALLBACK_INFO;
//
// HII specific Vendor Device Path definition.
//
typedef struct {
VENDOR_DEVICE_PATH VendorDevicePath;
EFI_DEVICE_PATH_PROTOCOL End;
} HII_VENDOR_DEVICE_PATH;
//
// This is the generated IFR binary data for each formset defined in VFR.
//
extern UINT8 UserProfileManagerVfrBin[];
//
// This is the generated String package data for .UNI file.
//
extern UINT8 UserProfileManagerStrings[];
//
// Guid used in the form browse.
//
extern EFI_GUID mUserProfileManagerGuid;
//
// The user manager protocol, used in several function.
//
extern EFI_USER_MANAGER_PROTOCOL *mUserManager;
//
// The credential providers database in system.
//
extern CREDENTIAL_PROVIDER_INFO *mProviderInfo;
//
// The variables used to update identity policy.
//
extern UINT8 mProviderChoice;
extern UINT8 mConncetLogical;
//
// The variables used to update access policy.
//
extern USER_INFO_ACCESS mAccessInfo;
//
// The user information used to record all data in UI.
//
extern USER_INFO mUserInfo;
extern USER_PROFILE_MANAGER_CALLBACK_INFO *mCallbackInfo;
/**
Get string by string id from HII Interface.
@param[in] Id String ID to get the string from.
@retval CHAR16 * String from ID.
@retval NULL If error occurs.
**/
CHAR16 *
GetStringById (
IN EFI_STRING_ID Id
);
/**
Add a new user profile into the user profile database.
**/
VOID
CallAddUser (
VOID
);
/**
Display user select form; can select a user to modify.
**/
VOID
SelectUserToModify (
VOID
);
/**
Display user select form, cab select a user to delete.
**/
VOID
SelectUserToDelete (
VOID
);
/**
Delete the user specified by UserIndex in user profile database.
@param[in] UserIndex The index of user in the user name list to be deleted.
**/
VOID
DeleteUser (
IN UINT8 UserIndex
);
/**
Add a username item in form.
@param[in] User Points to the user profile whose username is added.
@param[in] Index The index of the user in the user name list.
@param[in] OpCodeHandle Points to container for dynamic created opcodes.
**/
VOID
AddUserToForm (
IN EFI_USER_PROFILE_HANDLE User,
IN UINT16 Index,
IN VOID *OpCodeHandle
);
/**
Display modify user information form
In this form, username, create Date, usage date, usage count, identity policy,
and access policy are displayed.
@param[in] UserIndex The index of the user in display list to modify.
**/
VOID
ModifyUserInfo (
IN UINT8 UserIndex
);
/**
Get the username from user input and update username string in Hii
database with it.
**/
VOID
ModifyUserName (
VOID
);
/**
Display the form of modifying user identity policy.
**/
VOID
ModifyIdentityPolicy (
VOID
);
/**
Update the mUserInfo.NewIdentityPolicy and UI when 'add option' is pressed.
**/
VOID
AddIdentityPolicyItem (
VOID
);
/**
Save the identity policy and update UI with it.
This funciton will verify the new identity policy, in current implementation,
the identity policy can be: T, P & P & P & ..., P | P | P | ...
Here, "T" means "True", "P" means "Credential Provider", "&" means "and", "|" means "or".
Other identity policies are not supported.
**/
VOID
SaveIdentityPolicy (
VOID
);
/**
Display modify user access policy form
In this form, access right, access setu,p and access boot order are dynamically
added. Load devicepath and connect devicepath are displayed too.
**/
VOID
ModidyAccessPolicy (
VOID
);
/**
Collect all the access policy data to mUserInfo.AccessPolicy,
and save it to user profile.
**/
VOID
SaveAccessPolicy (
VOID
);
/**
Get current user's access rights.
@param[out] AccessRight Points to the buffer used for user's access rights.
@retval EFI_SUCCESS Get current user access rights successfully.
@retval others Fail to get current user access rights.
**/
EFI_STATUS
GetAccessRight (
OUT UINT32 *AccessRight
);
/**
Display the permit load device path in the loadable device path list.
**/
VOID
DisplayLoadPermit(
VOID
);
/**
Display the forbid load device path list (mAccessInfo.LoadForbid).
**/
VOID
DisplayLoadForbid (
VOID
);
/**
Display the permit connect device path.
**/
VOID
DisplayConnectPermit (
VOID
);
/**
Display the forbid connect device path list.
**/
VOID
DisplayConnectForbid (
VOID
);
/**
Delete the specified device path by DriverIndex from the forbid device path
list (mAccessInfo.LoadForbid).
@param[in] DriverIndex The index of driver in a forbidden device path list.
**/
VOID
DeleteFromForbidLoad (
IN UINT16 DriverIndex
);
/**
Add the specified device path by DriverIndex to the forbid device path
list (mAccessInfo.LoadForbid).
@param[in] DriverIndex The index of driver saved in driver options.
**/
VOID
AddToForbidLoad (
IN UINT16 DriverIndex
);
/**
Get user name from the popup windows.
@param[in, out] UserNameLen On entry, point to the buffer lengh of UserName.
On exit, point to the input user name length.
@param[out] UserName The buffer to hold the input user name.
@retval EFI_ABORTED It is given up by pressing 'ESC' key.
@retval EFI_NOT_READY Not a valid input at all.
@retval EFI_SUCCESS Get a user name successfully.
**/
EFI_STATUS
GetUserNameInput (
IN OUT UINTN *UserNameLen,
OUT CHAR16 *UserName
);
#endif

161
SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerData.h Normal file
View File

@@ -0,0 +1,161 @@
/** @file
The form data for user profile manager driver.
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef __USER_PROFILE_MANAGER_DATA_H__
#define __USER_PROFILE_MANAGER_DATA_H__
#define USER_PROFILE_MANAGER_GUID \
{ \
0xc35f272c, 0x97c2, 0x465a, { 0xa2, 0x16, 0x69, 0x6b, 0x66, 0x8a, 0x8c, 0xfe } \
}
//
// Form ID
//
#define FORMID_USER_MANAGE 0x0001
#define FORMID_MODIFY_USER 0x0002
#define FORMID_DEL_USER 0x0003
#define FORMID_USER_INFO 0x0004
#define FORMID_MODIFY_IP 0x0005
#define FORMID_MODIFY_AP 0x0006
#define FORMID_LOAD_DP 0x0007
#define FORMID_CONNECT_DP 0x0008
#define FORMID_PERMIT_LOAD_DP 0x0009
#define FORMID_FORBID_LOAD_DP 0x000A
#define FORMID_PERMIT_CONNECT_DP 0x000B
#define FORMID_FORBID_CONNECT_DP 0x000C
//
// Label ID
//
#define LABEL_USER_MANAGE_FUNC 0x0010
#define LABEL_USER_DEL_FUNC 0x0020
#define LABEL_USER_MOD_FUNC 0x0030
#define LABEL_USER_INFO_FUNC 0x0040
#define LABEL_IP_MOD_FUNC 0x0050
#define LABEL_AP_MOD_FUNC 0x0060
#define LABEL_PERMIT_LOAD_FUNC 0x0070
#define LABLE_FORBID_LOAD_FUNC 0x0080
#define LABEL_END 0x00F0
//
// First form key (Add/modify/del user profile).
// First 2 bits (bit 16~15).
//
#define KEY_MODIFY_USER 0x4000
#define KEY_DEL_USER 0x8000
#define KEY_ADD_USER 0xC000
#define KEY_FIRST_FORM_MASK 0xC000
//
// Second form key (Display new form /Select user / modify device path in access policy).
// Next 2 bits (bit 14~13).
//
#define KEY_ENTER_NEXT_FORM 0x0000
#define KEY_SELECT_USER 0x1000
#define KEY_MODIFY_AP_DP 0x2000
#define KEY_OPEN_CLOSE_FORM_ACTION 0x3000
#define KEY_SECOND_FORM_MASK 0x3000
//
// User profile information form key.
// Next 3 bits (bit 12~10).
//
#define KEY_MODIFY_NAME 0x0200
#define KEY_MODIFY_IP 0x0400
#define KEY_MODIFY_AP 0x0600
#define KEY_MODIFY_INFO_MASK 0x0E00
//
// Specified key, used in VFR (KEY_MODIFY_USER | KEY_SELECT_USER | KEY_MODIFY_NAME).
//
#define KEY_MODIFY_USER_NAME 0x5200
//
// Modify identity policy form key.
// Next 3 bits (bit 9~7).
//
#define KEY_MODIFY_PROV 0x0040
#define KEY_MODIFY_MTYPE 0x0080
#define KEY_MODIFY_CONN 0x00C0
#define KEY_ADD_IP_OP 0x0100
#define KEY_IP_RETURN_UIF 0x0140
#define KEY_MODIFY_IP_MASK 0x01C0
//
// Specified key.
//
#define KEY_ADD_LOGICAL_OP 0x5500
#define KEY_IP_RETURN 0x5540
//
// Modify access policy form key.
// Next 3 bits (bit 9~7).
//
#define KEY_MODIFY_RIGHT 0x0040
#define KEY_MODIFY_SETUP 0x0080
#define KEY_MODIFY_BOOT 0x00C0
#define KEY_MODIFY_LOAD 0x0100
#define KEY_MODIFY_CONNECT 0x0140
#define KEY_AP_RETURN_UIF 0x0180
#define KEY_MODIFY_AP_MASK 0x01C0
//
// Specified key.
//
#define KEY_LOAD_DP 0x5700
#define KEY_CONN_DP 0x5740
#define KEY_AP_RETURN 0x5780
//
// Device path form key.
// Next 2 bits (bit 6~5).
//
#define KEY_PERMIT_MODIFY 0x0010
#define KEY_FORBID_MODIFY 0x0020
#define KEY_DISPLAY_DP_MASK 0x0030
//
// Specified key.
//
#define KEY_LOAD_PERMIT 0x5710
#define KEY_LOAD_FORBID 0x5720
#define KEY_CONNECT_PERMIT 0x5750
#define KEY_CONNECT_FORBID 0x5760
//
// Device path modify key.
// 2 bits (bit 12~11).
//
#define KEY_LOAD_PERMIT_MODIFY 0x0000
#define KEY_LOAD_FORBID_MODIFY 0x0400
#define KEY_CONNECT_PERMIT_MODIFY 0x0800
#define KEY_CONNECT_FORBID_MODIFY 0x0C00
#define KEY_MODIFY_DP_MASK 0x0C00
//
// The permissions usable when configuring the platform.
//
#define ACCESS_SETUP_RESTRICTED 1
#define ACCESS_SETUP_NORMAL 2
#define ACCESS_SETUP_ADMIN 3
//
// Question ID for the question used in each form (KEY_OPEN_CLOSE_FORM_ACTION | FORMID_FORM_USER_MANAGE)
// This ID is used in FORM OPEN/CLOSE CallBack action.
//
#define QUESTIONID_USER_MANAGE 0x3001
#endif

60
SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerDxe.inf Normal file
View File

@@ -0,0 +1,60 @@
## @file
# Component description file for user profile manager driver.
#
# Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
# http://opensource.org/licenses/bsd-license.php
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = UserProfileManager
FILE_GUID = E38CB52D-A74D-45db-A8D0-290C9B21BBF2
MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0
ENTRY_POINT = UserProfileManagerInit
[Sources]
UserProfileManager.c
UserProfileManager.h
UserProfileAdd.c
UserProfileDelete.c
UserProfileModify.c
UserProfileManagerData.h
UserProfileManagerStrings.uni
UserProfileManagerVfr.Vfr
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
[LibraryClasses]
UefiRuntimeServicesTableLib
UefiBootServicesTableLib
UefiDriverEntryPoint
MemoryAllocationLib
BaseMemoryLib
DebugLib
HiiLib
UefiLib
[Guids]
gEfiIfrTianoGuid ## CONSUMES ## Guid
gEfiUserInfoAccessSetupAdminGuid ## CONSUMES ## Guid
gEfiUserInfoAccessSetupNormalGuid ## CONSUMES ## Guid
gEfiUserInfoAccessSetupRestrictedGuid ## CONSUMES ## Guid
[Protocols]
gEfiDevicePathProtocolGuid # PROTOCOL ALWAYS_CONSUMED
gEfiHiiConfigAccessProtocolGuid
gEfiUserCredentialProtocolGuid
gEfiUserManagerProtocolGuid
gEfiDevicePathToTextProtocolGuid
[Depex]
gEfiUserManagerProtocolGuid

BIN
SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerStrings.uni Normal file
View File

Binary file not shown.

247
SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerVfr.Vfr Normal file
View File

@@ -0,0 +1,247 @@
/** @file
User Profile Manager formset.
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "UserProfileManagerData.h"
#define USER_MANAGER_CLASS 0x00
#define USER_MANAGER_SUBCLASS 0x04
formset
guid = USER_PROFILE_MANAGER_GUID,
title = STRING_TOKEN(STR_FORMSET_TITLE),
help = STRING_TOKEN(STR_TITLE_HELP),
class = USER_MANAGER_CLASS,
subclass = USER_MANAGER_SUBCLASS,
// User manager form
form formid = FORMID_USER_MANAGE,
title = STRING_TOKEN(STR_USERMAN_TITLE);
label LABEL_USER_MANAGE_FUNC;
label LABEL_END;
suppressif TRUE;
text
help = STRING_TOKEN(STR_NULL_STRING),
text = STRING_TOKEN(STR_NULL_STRING),
text = STRING_TOKEN(STR_NULL_STRING),
flags = INTERACTIVE,
key = QUESTIONID_USER_MANAGE;
endif;
endform;
// Modify user profile form
form formid = FORMID_MODIFY_USER,
title = STRING_TOKEN(STR_MODIFY_USER_TITLE);
label LABEL_USER_MOD_FUNC;
label LABEL_END;
endform;
// Delete user profile form
form formid = FORMID_DEL_USER,
title = STRING_TOKEN(STR_DELETE_USER_TITLE);
label LABEL_USER_DEL_FUNC;
label LABEL_END;
subtitle
text = STRING_TOKEN(STR_NULL_STRING);
endform;
//
// User profile information form
//
form formid = FORMID_USER_INFO,
title = STRING_TOKEN(STR_USER_INFO);
text
help = STRING_TOKEN(STR_USER_NAME_VAL),
text = STRING_TOKEN(STR_USER_NAME),
flags = INTERACTIVE,
key = KEY_MODIFY_USER_NAME;
text
help = STRING_TOKEN(STR_CREATE_DATE_VAL),
text = STRING_TOKEN(STR_CREATE_DATE);
text
help = STRING_TOKEN(STR_USAGE_DATE_VAL),
text = STRING_TOKEN(STR_USAGE_DATE);
text
help = STRING_TOKEN(STR_USAGE_COUNT_VAL),
text = STRING_TOKEN(STR_USAGE_COUNT);
label LABEL_USER_INFO_FUNC;
label LABEL_END;
endform;
//
// Identify policy modify form
//
form formid = FORMID_MODIFY_IP,
title = STRING_TOKEN(STR_IDENTIFY_POLICY);
text
help = STRING_TOKEN(STR_IDENTIFY_POLICY_HELP),
text = STRING_TOKEN(STR_IDENTIFY_POLICY),
text = STRING_TOKEN(STR_IDENTIFY_POLICY_VALUE);
label LABEL_IP_MOD_FUNC;
label LABEL_END;
text
help = STRING_TOKEN(STR_ADD_OPTION_HELP),
text = STRING_TOKEN(STR_ADD_OPTION),
flags = INTERACTIVE,
key = KEY_ADD_LOGICAL_OP;
subtitle
text = STRING_TOKEN(STR_NULL_STRING);
goto FORMID_USER_INFO,
prompt = STRING_TOKEN(STR_SAVE),
help = STRING_TOKEN(STR_IDENTIFY_SAVE_HELP),
flags = INTERACTIVE,
key = KEY_IP_RETURN;
endform;
//
// Access policy modify form
//
form formid = FORMID_MODIFY_AP,
title = STRING_TOKEN(STR_ACCESS_POLICY);
label LABEL_AP_MOD_FUNC;
label LABEL_END;
goto FORMID_LOAD_DP,
prompt = STRING_TOKEN(STR_LOAD),
help = STRING_TOKEN(STR_LOAD_HELP),
flags = INTERACTIVE,
key = KEY_LOAD_DP;
goto FORMID_CONNECT_DP,
prompt = STRING_TOKEN(STR_CONNECT),
help = STRING_TOKEN(STR_CONNECT_HELP),
flags = INTERACTIVE,
key = KEY_CONN_DP;
subtitle
text = STRING_TOKEN(STR_NULL_STRING);
goto FORMID_USER_INFO,
prompt = STRING_TOKEN(STR_SAVE),
help = STRING_TOKEN(STR_ACCESS_SAVE_HELP),
flags = INTERACTIVE,
key = KEY_AP_RETURN;
endform;
//
// Load device path form
//
form formid = FORMID_LOAD_DP,
title = STRING_TOKEN(STR_LOAD);
goto FORMID_PERMIT_LOAD_DP,
prompt = STRING_TOKEN(STR_LOAD_PERMIT),
help = STRING_TOKEN(STR_LOAD_PERMIT_HELP),
flags = INTERACTIVE,
key = KEY_LOAD_PERMIT;
goto FORMID_FORBID_LOAD_DP,
prompt = STRING_TOKEN(STR_LOAD_FORBID),
help = STRING_TOKEN(STR_LOAD_FORBID_HELP),
flags = INTERACTIVE,
key = KEY_LOAD_FORBID;
endform;
//
// Permit load device path form
//
form formid = FORMID_PERMIT_LOAD_DP,
title = STRING_TOKEN(STR_LOAD_PERMIT);
label LABEL_PERMIT_LOAD_FUNC;
label LABEL_END;
subtitle
text = STRING_TOKEN(STR_NULL_STRING);
endform;
//
// Forbid load device path form
//
form formid = FORMID_FORBID_LOAD_DP,
title = STRING_TOKEN(STR_LOAD_FORBID);
label LABLE_FORBID_LOAD_FUNC;
label LABEL_END;
subtitle
text = STRING_TOKEN(STR_NULL_STRING);
endform;
//
// Connect device path form
//
form formid = FORMID_CONNECT_DP,
title = STRING_TOKEN(STR_CONNECT);
goto FORMID_PERMIT_CONNECT_DP,
prompt = STRING_TOKEN(STR_CONNECT_PERMIT),
help = STRING_TOKEN(STR_CONNECT_PERMIT_HELP),
flags = INTERACTIVE,
key = KEY_CONNECT_PERMIT;
goto FORMID_FORBID_CONNECT_DP,
prompt = STRING_TOKEN(STR_CONNECT_FORBID),
help = STRING_TOKEN(STR_CONNECT_FORBID_HELP),
flags = INTERACTIVE,
key = KEY_CONNECT_FORBID;
endform;
//
// Permit connect device path form
//
form formid = FORMID_PERMIT_CONNECT_DP,
title = STRING_TOKEN(STR_CONNECT_PERMIT);
subtitle
text = STRING_TOKEN(STR_NULL_STRING);
endform;
//
// Forbid connect device path form
//
form formid = FORMID_FORBID_CONNECT_DP,
title = STRING_TOKEN(STR_CONNECT_FORBID);
subtitle
text = STRING_TOKEN(STR_NULL_STRING);
endform;
endformset;

2511
SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModify.c Normal file
View File

File diff suppressed because it is too large Load Diff