sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SecurityPkg: Remove code under UserIdentification folder.

Browse Source 
BZ:https://bugzilla.tianocore.org/show_bug.cgi?id=1427

1. UserIdentifyManagerDxe is used to provide UserManagerProtocol.
2. UserProfileManagerDxe provides UI setting
3. PwdCredentialProviderDxe & UsbCredentialProviderDxe are implementation
   examples.

Remove above features because of no platform use it.

Cc: Zhang Chao B <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Chen A Chen <chen.a.chen@intel.com>
Reviewed-by: Zhang Chao B <chao.b.zhang@intel.com>
This commit is contained in:
Chen A Chen 2019-01-07 10:00:28 +08:00 committed by Zhang, Chao B
parent 28ce4cb359
commit 514c55c185
41 changed files with 2 additions and 14003 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
SecurityPkg/Include/Guid/UsbCredentialProviderHii.h
View File

@ -1,29 +0,0 @@
/** @file
GUID used as HII Package list GUID in UsbCredentialProviderDxe driver.
Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef __USB_CREDENTIAL_PROVIDER_HII_H__
#define __USB_CREDENTIAL_PROVIDER_HII_H__
//
// Used for save password credential and form browser
// And used as provider identifier
//
#define USB_CREDENTIAL_PROVIDER_GUID \
{ \
0xd0849ed1, 0xa88c, 0x4ba6, { 0xb1, 0xd6, 0xab, 0x50, 0xe2, 0x80, 0xb7, 0xa9 }\
}
extern EFI_GUID gUsbCredentialProviderGuid;
#endif

25
SecurityPkg/Include/Guid/UserIdentifyManagerHii.h
View File

@ -1,25 +0,0 @@
/** @file
GUID used as HII FormSet and HII Package list GUID in UserIdentifyManagerDxe driver.
Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef __USER_IDENTIFY_MANAGER_HII_H__
#define __USER_IDENTIFY_MANAGER_HII_H__
#define USER_IDENTIFY_MANAGER_GUID \
{ \
0x3ccd3dd8, 0x8d45, 0x4fed, { 0x96, 0x2d, 0x2b, 0x38, 0xcd, 0x82, 0xb3, 0xc4 } \
}
extern EFI_GUID gUserIdentifyManagerGuid;
#endif

25
SecurityPkg/Include/Guid/UserProfileManagerHii.h
View File

@ -1,25 +0,0 @@
/** @file
GUID used as HII FormSet and HII Package list GUID in UserProfileManagerDxe driver.
Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef __USER_PROFILE_MANAGER_HII_H__
#define __USER_PROFILE_MANAGER_HII_H__
#define USER_PROFILE_MANAGER_GUID \
{ \
0xc35f272c, 0x97c2, 0x465a, { 0xa2, 0x16, 0x69, 0x6b, 0x66, 0x8a, 0x8c, 0xfe } \
}
extern EFI_GUID gUserProfileManagerGuid;
#endif

14
SecurityPkg/SecurityPkg.dec
View File

@ -5,7 +5,7 @@
# It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and library classes) # It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and library classes)
# and libraries instances, which are used for those features. # and libraries instances, which are used for those features.
# #
# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> # Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
# (C) Copyright 2015 Hewlett Packard Enterprise Development LP <BR> # (C) Copyright 2015 Hewlett Packard Enterprise Development LP <BR>
# Copyright (c) 2017, Microsoft Corporation. All rights reserved. <BR> # Copyright (c) 2017, Microsoft Corporation. All rights reserved. <BR>
# This program and the accompanying materials are licensed and made available under # This program and the accompanying materials are licensed and made available under
@ -139,22 +139,10 @@
# Include/Guid/Tcg2PhysicalPresenceData.h # Include/Guid/Tcg2PhysicalPresenceData.h
gEfiTcg2PhysicalPresenceGuid = { 0xaeb9c5c1, 0x94f1, 0x4d02, { 0xbf, 0xd9, 0x46, 0x2, 0xdb, 0x2d, 0x3c, 0x54 }} gEfiTcg2PhysicalPresenceGuid = { 0xaeb9c5c1, 0x94f1, 0x4d02, { 0xbf, 0xd9, 0x46, 0x2, 0xdb, 0x2d, 0x3c, 0x54 }}
## GUID used for form browser, password credential and provider identifier.
# Include/Guid/PwdCredentialProviderHii.h
gPwdCredentialProviderGuid = { 0x78b9ec8b, 0xc000, 0x46c5, { 0xac, 0x93, 0x24, 0xa0, 0xc1, 0xbb, 0x0, 0xce }}
## GUID used for form browser, USB credential and provider identifier.
# Include/Guid/UsbCredentialProviderHii.h
gUsbCredentialProviderGuid = { 0xd0849ed1, 0xa88c, 0x4ba6, { 0xb1, 0xd6, 0xab, 0x50, 0xe2, 0x80, 0xb7, 0xa9 }}
## GUID used for FormSet guid and user profile variable. ## GUID used for FormSet guid and user profile variable.
# Include/Guid/UserIdentifyManagerHii.h # Include/Guid/UserIdentifyManagerHii.h
gUserIdentifyManagerGuid = { 0x3ccd3dd8, 0x8d45, 0x4fed, { 0x96, 0x2d, 0x2b, 0x38, 0xcd, 0x82, 0xb3, 0xc4 }} gUserIdentifyManagerGuid = { 0x3ccd3dd8, 0x8d45, 0x4fed, { 0x96, 0x2d, 0x2b, 0x38, 0xcd, 0x82, 0xb3, 0xc4 }}
## GUID used for FormSet.
# Include/Guid/UserProfileManagerHii.h
gUserProfileManagerGuid = { 0xc35f272c, 0x97c2, 0x465a, { 0xa2, 0x16, 0x69, 0x6b, 0x66, 0x8a, 0x8c, 0xfe }}
## GUID used for FormSet. ## GUID used for FormSet.
# Include/Guid/TcgConfigHii.h # Include/Guid/TcgConfigHii.h
gTcgConfigFormSetGuid = { 0xb0f901e4, 0xc424, 0x45de, { 0x90, 0x81, 0x95, 0xe2, 0xb, 0xde, 0x6f, 0xb5 }} gTcgConfigFormSetGuid = { 0xb0f901e4, 0xc424, 0x45de, { 0x90, 0x81, 0x95, 0xe2, 0xb, 0xde, 0x6f, 0xb5 }}

6
SecurityPkg/SecurityPkg.dsc
View File

@ -1,7 +1,7 @@
## @file ## @file
# Security Module Package for All Architectures. # Security Module Package for All Architectures.
# #
# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> # Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
# (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR> # (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
# This program and the accompanying materials # This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License # are licensed and made available under the terms and conditions of the BSD License
@ -146,8 +146,6 @@
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
#SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.inf #SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.inf
SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.inf SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.inf
#SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerDxe.inf
#SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerDxe.inf
# #
# TPM # TPM
@ -200,8 +198,6 @@
SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
[Components.IA32, Components.X64] [Components.IA32, Components.X64]
# SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderDxe.inf
# SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderDxe.inf
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
# #

1464
SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProvider.c
View File

File diff suppressed because it is too large Load Diff

374
SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProvider.h
View File

@ -1,374 +0,0 @@
/** @file
Password Credential Provider driver header file.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef _PASSWORD_CREDENTIAL_PROVIDER_H_
#define _PASSWORD_CREDENTIAL_PROVIDER_H_
#include <Uefi.h>
#include <Guid/GlobalVariable.h>
#include <Protocol/HiiConfigAccess.h>
#include <Protocol/UserCredential2.h>
#include <Protocol/UserManager.h>
#include <Library/UefiRuntimeServicesTableLib.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/DevicePathLib.h>
#include <Library/DebugLib.h>
#include <Library/UefiLib.h>
#include <Library/PrintLib.h>
#include <Library/HiiLib.h>
#include <Library/BaseCryptLib.h>
#include "PwdCredentialProviderData.h"
extern UINT8 PwdCredentialProviderStrings[];
extern UINT8 PwdCredentialProviderVfrBin[];
#define PASSWORD_TABLE_INC 16
#define CREDENTIAL_LEN 20
//
// Password credential information.
//
typedef struct {
EFI_USER_INFO_IDENTIFIER UserId;
CHAR8 Password[CREDENTIAL_LEN];
} PASSWORD_INFO;
//
// Password credential table.
//
typedef struct {
UINTN Count;
UINTN MaxCount;
UINTN ValidIndex;
PASSWORD_INFO UserInfo[1];
} CREDENTIAL_TABLE;
//
// The user information on the password provider.
//
typedef struct {
UINTN Count;
EFI_USER_INFO *Info[1];
} PASSWORD_CREDENTIAL_INFO;
///
/// HII specific Vendor Device Path definition.
///
typedef struct {
VENDOR_DEVICE_PATH VendorDevicePath;
EFI_DEVICE_PATH_PROTOCOL End;
} HII_VENDOR_DEVICE_PATH;
#define PWD_PROVIDER_SIGNATURE SIGNATURE_32 ('P', 'W', 'D', 'P')
typedef struct {
UINTN Signature;
EFI_HANDLE DriverHandle;
EFI_HII_HANDLE HiiHandle;
//
// Produced protocol.
//
EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess;
} PWD_PROVIDER_CALLBACK_INFO;
/**
Enroll a user on a credential provider.
This function enrolls a user on this credential provider. If the user exists on
this credential provider, update the user information on this credential provider;
otherwise delete the user information on credential provider.
@param[in] This Points to this instance of EFI_USER_CREDENTIAL2_PROTOCOL.
@param[in] User The user profile to enroll.
@retval EFI_SUCCESS User profile was successfully enrolled.
@retval EFI_ACCESS_DENIED Current user profile does not permit enrollment on the
user profile handle. Either the user profile cannot enroll
on any user profile or cannot enroll on a user profile
other than the current user profile.
@retval EFI_UNSUPPORTED This credential provider does not support enrollment in
the pre-OS.
@retval EFI_DEVICE_ERROR The new credential could not be created because of a device
error.
@retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle.
**/
EFI_STATUS
EFIAPI
CredentialEnroll (
IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
IN EFI_USER_PROFILE_HANDLE User
);
/**
Returns the user interface information used during user identification.
This function returns information about the form used when interacting with the
user during user identification. The form is the first enabled form in the form-set
class EFI_HII_USER_CREDENTIAL_FORMSET_GUID installed on the HII handle HiiHandle. If
the user credential provider does not require a form to identify the user, then this
function should return EFI_NOT_FOUND.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[out] Hii On return, holds the HII database handle.
@param[out] FormSetId On return, holds the identifier of the form set which contains
the form used during user identification.
@param[out] FormId On return, holds the identifier of the form used during user
identification.
@retval EFI_SUCCESS Form returned successfully.
@retval EFI_NOT_FOUND Form not returned.
@retval EFI_INVALID_PARAMETER Hii is NULL or FormSetId is NULL or FormId is NULL.
**/
EFI_STATUS
EFIAPI
CredentialForm (
IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
OUT EFI_HII_HANDLE *Hii,
OUT EFI_GUID *FormSetId,
OUT EFI_FORM_ID *FormId
);
/**
Returns bitmap used to describe the credential provider type.
This optional function returns a bitmap which is less than or equal to the number
of pixels specified by Width and Height. If no such bitmap exists, then EFI_NOT_FOUND
is returned.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[in, out] Width On entry, points to the desired bitmap width. If NULL then no
bitmap information will be returned. On exit, points to the
width of the bitmap returned.
@param[in, out] Height On entry, points to the desired bitmap height. If NULL then no
bitmap information will be returned. On exit, points to the
height of the bitmap returned
@param[out] Hii On return, holds the HII database handle.
@param[out] Image On return, holds the HII image identifier.
@retval EFI_SUCCESS Image identifier returned successfully.
@retval EFI_NOT_FOUND Image identifier not returned.
@retval EFI_INVALID_PARAMETER Hii is NULL or Image is NULL.
**/
EFI_STATUS
EFIAPI
CredentialTile (
IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
IN OUT UINTN *Width,
IN OUT UINTN *Height,
OUT EFI_HII_HANDLE *Hii,
OUT EFI_IMAGE_ID *Image
);
/**
Returns string used to describe the credential provider type.
This function returns a string which describes the credential provider. If no
such string exists, then EFI_NOT_FOUND is returned.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[out] Hii On return, holds the HII database handle.
@param[out] String On return, holds the HII string identifier.
@retval EFI_SUCCESS String identifier returned successfully.
@retval EFI_NOT_FOUND String identifier not returned.
@retval EFI_INVALID_PARAMETER Hii is NULL or String is NULL.
**/
EFI_STATUS
EFIAPI
CredentialTitle (
IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
OUT EFI_HII_HANDLE *Hii,
OUT EFI_STRING_ID *String
);
/**
Return the user identifier associated with the currently authenticated user.
This function returns the user identifier of the user authenticated by this credential
provider. This function is called after the credential-related information has been
submitted on a form OR after a call to Default() has returned that this credential is
ready to log on.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[in] User The user profile handle of the user profile currently being
considered by the user identity manager. If NULL, then no user
profile is currently under consideration.
@param[out] Identifier On return, points to the user identifier.
@retval EFI_SUCCESS User identifier returned successfully.
@retval EFI_NOT_READY No user identifier can be returned.
@retval EFI_ACCESS_DENIED The user has been locked out of this user credential.
@retval EFI_INVALID_PARAMETER This is NULL, or Identifier is NULL.
@retval EFI_NOT_FOUND User is not NULL, and the specified user handle can't be
found in user profile database
**/
EFI_STATUS
EFIAPI
CredentialUser (
IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
IN EFI_USER_PROFILE_HANDLE User,
OUT EFI_USER_INFO_IDENTIFIER *Identifier
);
/**
Indicate that user interface interaction has begun for the specified credential.
This function is called when a credential provider is selected by the user. If
AutoLogon returns FALSE, then the user interface will be constructed by the User
Identity Manager.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[out] AutoLogon On return, points to the credential provider's capabilities
after the credential provider has been selected by the user.
@retval EFI_SUCCESS Credential provider successfully selected.
@retval EFI_INVALID_PARAMETER AutoLogon is NULL.
**/
EFI_STATUS
EFIAPI
CredentialSelect (
IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon
);
/**
Indicate that user interface interaction has ended for the specified credential.
This function is called when a credential provider is deselected by the user.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@retval EFI_SUCCESS Credential provider successfully deselected.
**/
EFI_STATUS
EFIAPI
CredentialDeselect (
IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This
);
/**
Return the default logon behavior for this user credential.
This function reports the default login behavior regarding this credential provider.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[out] AutoLogon On return, holds whether the credential provider should be used
by default to automatically log on the user.
@retval EFI_SUCCESS Default information successfully returned.
@retval EFI_INVALID_PARAMETER AutoLogon is NULL.
**/
EFI_STATUS
EFIAPI
CredentialDefault (
IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon
);
/**
Return information attached to the credential provider.
This function returns user information.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[in] UserInfo Handle of the user information data record.
@param[out] Info On entry, points to a buffer of at least *InfoSize bytes. On
exit, holds the user information. If the buffer is too small
to hold the information, then EFI_BUFFER_TOO_SMALL is returned
and InfoSize is updated to contain the number of bytes actually
required.
@param[in, out] InfoSize On entry, points to the size of Info. On return, points to the
size of the user information.
@retval EFI_SUCCESS Information returned successfully.
@retval EFI_BUFFER_TOO_SMALL The size specified by InfoSize is too small to hold all of the
user information. The size required is returned in *InfoSize.
@retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL.
@retval EFI_NOT_FOUND The specified UserInfo does not refer to a valid user info handle.
**/
EFI_STATUS
EFIAPI
CredentialGetInfo (
IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
IN EFI_USER_INFO_HANDLE UserInfo,
OUT EFI_USER_INFO *Info,
IN OUT UINTN *InfoSize
);
/**
Enumerate all of the user informations on the credential provider.
This function returns the next user information record. To retrieve the first user
information record handle, point UserInfo at a NULL. Each subsequent call will retrieve
another user information record handle until there are no more, at which point UserInfo
will point to NULL.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[in, out] UserInfo On entry, points to the previous user information handle or NULL
to start enumeration. On exit, points to the next user information
handle or NULL if there is no more user information.
@retval EFI_SUCCESS User information returned.
@retval EFI_NOT_FOUND No more user information found.
@retval EFI_INVALID_PARAMETER UserInfo is NULL.
**/
EFI_STATUS
EFIAPI
CredentialGetNextInfo (
IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
IN OUT EFI_USER_INFO_HANDLE *UserInfo
);
/**
Delete a user on this credential provider.
This function deletes a user on this credential provider.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[in] User The user profile handle to delete.
@retval EFI_SUCCESS User profile was successfully deleted.
@retval EFI_ACCESS_DENIED Current user profile does not permit deletion on the user profile handle.
Either the user profile cannot delete on any user profile or cannot delete
on a user profile other than the current user profile.
@retval EFI_UNSUPPORTED This credential provider does not support deletion in the pre-OS.
@retval EFI_DEVICE_ERROR The new credential could not be deleted because of a device error.
@retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle.
**/
EFI_STATUS
EFIAPI
CredentialDelete (
IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
IN EFI_USER_PROFILE_HANDLE User
);
#endif

21
SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProvider.uni
View File

@ -1,21 +0,0 @@
// /** @file
// Provides a password credential provider implementation
//
// This module provides a password credential provider implementation.
//
// Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
//
// This program and the accompanying materials
// are licensed and made available under the terms and conditions of the BSD License
// which accompanies this distribution. The full text of the license may be found at
// http://opensource.org/licenses/bsd-license.php
// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
//
// **/
#string STR_MODULE_ABSTRACT #language en-US "Provides a password credential provider implementation"
#string STR_MODULE_DESCRIPTION #language en-US "This module provides a password credential provider implementation."

30
SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderData.h
View File

@ -1,30 +0,0 @@
/** @file
Data structure used by the Password Credential Provider driver.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef _PWD_CREDENTIAL_PROVIDER_DATA_H_
#define _PWD_CREDENTIAL_PROVIDER_DATA_H_
#include <Guid/PwdCredentialProviderHii.h>
//
// Forms definition
//
#define FORMID_GET_PASSWORD_FORM 1
//
// Key defination
//
#define KEY_GET_PASSWORD 0x1000
#endif

65
SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderDxe.inf
View File

@ -1,65 +0,0 @@
## @file
# Provides a password credential provider implementation
# This module provides a password credential provider implementation.
#
# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
# http://opensource.org/licenses/bsd-license.php
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = PwdCredentialProvider
MODULE_UNI_FILE = PwdCredentialProvider.uni
FILE_GUID = D6C589EA-DD29-49ef-97F6-1A9FE19A04E0
MODULE_TYPE = UEFI_DRIVER
VERSION_STRING = 1.0
ENTRY_POINT = PasswordProviderInit
[Sources]
PwdCredentialProvider.c
PwdCredentialProvider.h
PwdCredentialProviderData.h
PwdCredentialProviderVfr.Vfr
PwdCredentialProviderStrings.uni
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
CryptoPkg/CryptoPkg.dec
SecurityPkg/SecurityPkg.dec
[LibraryClasses]
UefiRuntimeServicesTableLib
UefiBootServicesTableLib
UefiDriverEntryPoint
MemoryAllocationLib
BaseMemoryLib
DebugLib
HiiLib
UefiLib
BaseCryptLib
[Guids]
gEfiUserCredentialClassPasswordGuid ## SOMETIMES_CONSUMES ## GUID
## PRODUCES ## Variable:L"PwdCredential"
## CONSUMES ## Variable:L"PwdCredential"
## CONSUMES ## HII
## SOMETIMES_CONSUMES ## GUID # The credential provider identifier
gPwdCredentialProviderGuid
[Protocols]
gEfiDevicePathProtocolGuid ## PRODUCES
gEfiHiiConfigAccessProtocolGuid ## PRODUCES
gEfiUserCredential2ProtocolGuid ## PRODUCES
gEfiUserManagerProtocolGuid ## SOMETIMES_CONSUMES
[UserExtensions.TianoCore."ExtraFiles"]
PwdCredentialProviderExtra.uni

19
SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderExtra.uni
View File

@ -1,19 +0,0 @@
// /** @file
// PwdCredentialProvider Localized Strings and Content
//
// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
//
// This program and the accompanying materials
// are licensed and made available under the terms and conditions of the BSD License
// which accompanies this distribution. The full text of the license may be found at
// http://opensource.org/licenses/bsd-license.php
// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
//
// **/
#string STR_PROPERTIES_MODULE_NAME
#language en-US
"Password Credential Provider"

38
SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderStrings.uni
View File

@ -1,38 +0,0 @@
/** @file
String definitions for the Password Credential Provider.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#langdef en-US "English"
#langdef fr-FR "Francais"
#string STR_CREDENTIAL_TITLE #language en-US "Password Credential Provider"
#language fr-FR "Password Credential Provider (French)"
#string STR_FORM_TITLE #language en-US "Get Password"
#language fr-FR "Get Password(French)"
#string STR_NULL_STRING #language en-US ""
#language fr-FR ""
#string STR_INPUT_PASSWORD #language en-US "Please Input Password"
#language fr-FR "Please Input Password(French)"
#string STR_PROVIDER_NAME #language en-US "INTEL Password Credential Provider"
#language fr-FR "INTEL Password Credential Provider(French)"
#string STR_PROVIDER_TYPE_NAME #language en-US "Password Credential Provider"
#language fr-FR "Password Credential Provider(French)"
#string STR_INPUT_PASSWORD_AGAIN #language en-US "Input Password Again"
#language fr-FR "Input Password Again (French)"
#string STR_DRAW_A_LINE #language en-US "-----------------------------"
#language fr-FR "------------------------------------"
#string STR_PASSWORD_INCORRECT #language en-US " Incorrect Password! "
#language fr-FR " Incorrect Password! (French) "
#string STR_PASSWORD_MISMATCH #language en-US " The Password Mismatch! "
#language fr-FR " The Password Mismatch! (French) "

34
SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderVfr.Vfr
View File

@ -1,34 +0,0 @@
/** @file
Password Credential Provider formset.
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "PwdCredentialProviderData.h"
formset
guid = PWD_CREDENTIAL_PROVIDER_GUID,
title = STRING_TOKEN(STR_CREDENTIAL_TITLE),
help = STRING_TOKEN(STR_NULL_STRING),
classguid = PWD_CREDENTIAL_PROVIDER_GUID,
form formid = FORMID_GET_PASSWORD_FORM,
title = STRING_TOKEN(STR_FORM_TITLE);
text
help = STRING_TOKEN(STR_NULL_STRING),
text = STRING_TOKEN(STR_INPUT_PASSWORD),
flags = INTERACTIVE,
key = KEY_GET_PASSWORD;
endform;
endformset;

1410
SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.c
View File

File diff suppressed because it is too large Load Diff

361
SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.h
View File

@ -1,361 +0,0 @@
/** @file
Usb Credential Provider driver header file.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef _USB_CREDENTIAL_PROVIDER_H_
#define _USB_CREDENTIAL_PROVIDER_H_
#include <Uefi.h>
#include <Guid/GlobalVariable.h>
#include <Guid/FileInfo.h>
#include <Guid/SecurityPkgTokenSpace.h>
#include <Guid/UsbCredentialProviderHii.h>
#include <Protocol/SimpleFileSystem.h>
#include <Protocol/BlockIo.h>
#include <Protocol/UserCredential2.h>
#include <Protocol/UserManager.h>
#include <Library/UefiRuntimeServicesTableLib.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/DevicePathLib.h>
#include <Library/BaseCryptLib.h>
#include <Library/DebugLib.h>
#include <Library/UefiLib.h>
#include <Library/PrintLib.h>
#include <Library/HiiLib.h>
#include <Library/PcdLib.h>
extern UINT8 UsbCredentialProviderStrings[];
#define USB_TABLE_INC 16
#define HASHED_CREDENTIAL_LEN 20
//
// Save the enroll user credential Information.
//
typedef struct {
EFI_USER_INFO_IDENTIFIER UserId;
UINT8 Token[HASHED_CREDENTIAL_LEN];
} USB_INFO;
//
// USB Credential Table.
//
typedef struct {
UINTN Count;
UINTN MaxCount;
USB_INFO UserInfo[1];
} CREDENTIAL_TABLE;
//
// The user information on the USB provider.
//
typedef struct {
UINTN Count;
EFI_USER_INFO *Info[1];
} USB_CREDENTIAL_INFO;
#define USB_PROVIDER_SIGNATURE SIGNATURE_32 ('U', 'S', 'B', 'P')
typedef struct {
UINTN Signature;
EFI_HANDLE DriverHandle;
EFI_HII_HANDLE HiiHandle;
} USB_PROVIDER_CALLBACK_INFO;
/**
Enroll a user on a credential provider.
This function enrolls and deletes a user profile using this credential provider.
If a user profile is successfully enrolled, it calls the User Manager Protocol
function Notify() to notify the user manager driver that credential information
has changed. If an enrolled user does exist, delete the user on the credential
provider.
@param[in] This Points to this instance of EFI_USER_CREDENTIAL2_PROTOCOL.
@param[in] User The user profile to enroll.
@retval EFI_SUCCESS User profile was successfully enrolled.
@retval EFI_ACCESS_DENIED Current user profile does not permit enrollment on the
user profile handle. Either the user profile cannot enroll
on any user profile or cannot enroll on a user profile
other than the current user profile.
@retval EFI_UNSUPPORTED This credential provider does not support enrollment in
the pre-OS.
@retval EFI_DEVICE_ERROR The new credential could not be created because of a device
error.
@retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle.
**/
EFI_STATUS
EFIAPI
CredentialEnroll (
IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
IN EFI_USER_PROFILE_HANDLE User
);
/**
Returns the user interface information used during user identification.
This function enrolls a user on this credential provider. If the user exists on
this credential provider, update the user information on this credential provider;
otherwise delete the user information on credential provider.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[out] Hii On return, holds the HII database handle.
@param[out] FormSetId On return, holds the identifier of the form set which contains
the form used during user identification.
@param[out] FormId On return, holds the identifier of the form used during user
identification.
@retval EFI_SUCCESS Form returned successfully.
@retval EFI_NOT_FOUND Form not returned.
@retval EFI_INVALID_PARAMETER Hii is NULL or FormSetId is NULL or FormId is NULL.
**/
EFI_STATUS
EFIAPI
CredentialForm (
IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
OUT EFI_HII_HANDLE *Hii,
OUT EFI_GUID *FormSetId,
OUT EFI_FORM_ID *FormId
);
/**
Returns bitmap used to describe the credential provider type.
This optional function returns a bitmap which is less than or equal to the number
of pixels specified by Width and Height. If no such bitmap exists, then EFI_NOT_FOUND
is returned.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[in, out] Width On entry, points to the desired bitmap width. If NULL then no
bitmap information will be returned. On exit, points to the
width of the bitmap returned.
@param[in, out] Height On entry, points to the desired bitmap height. If NULL then no
bitmap information will be returned. On exit, points to the
height of the bitmap returned.
@param[out] Hii On return, holds the HII database handle.
@param[out] Image On return, holds the HII image identifier.
@retval EFI_SUCCESS Image identifier returned successfully.
@retval EFI_NOT_FOUND Image identifier not returned.
@retval EFI_INVALID_PARAMETER Hii is NULL or Image is NULL.
**/
EFI_STATUS
EFIAPI
CredentialTile (
IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
IN OUT UINTN *Width,
IN OUT UINTN *Height,
OUT EFI_HII_HANDLE *Hii,
OUT EFI_IMAGE_ID *Image
);
/**
Returns string used to describe the credential provider type.
This function returns a string which describes the credential provider. If no
such string exists, then EFI_NOT_FOUND is returned.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[out] Hii On return, holds the HII database handle.
@param[out] String On return, holds the HII string identifier.
@retval EFI_SUCCESS String identifier returned successfully.
@retval EFI_NOT_FOUND String identifier not returned.
@retval EFI_INVALID_PARAMETER Hii is NULL or String is NULL.
**/
EFI_STATUS
EFIAPI
CredentialTitle (
IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
OUT EFI_HII_HANDLE *Hii,
OUT EFI_STRING_ID *String
);
/**
Return the user identifier associated with the currently authenticated user.
This function returns the user identifier of the user authenticated by this credential
provider. This function is called after the credential-related information has been
submitted on a form OR after a call to Default() has returned that this credential is
ready to log on.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[in] User The user profile handle of the user profile currently being
considered by the user identity manager. If NULL, then no user
profile is currently under consideration.
@param[out] Identifier On return, points to the user identifier.
@retval EFI_SUCCESS User identifier returned successfully.
@retval EFI_NOT_READY No user identifier can be returned.
@retval EFI_ACCESS_DENIED The user has been locked out of this user credential.
@retval EFI_INVALID_PARAMETER This is NULL, or Identifier is NULL.
@retval EFI_NOT_FOUND User is not NULL, and the specified user handle can't be
found in user profile database.
**/
EFI_STATUS
EFIAPI
CredentialUser (
IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
IN EFI_USER_PROFILE_HANDLE User,
OUT EFI_USER_INFO_IDENTIFIER *Identifier
);
/**
Indicate that user interface interaction has begun for the specified credential.
This function is called when a credential provider is selected by the user. If
AutoLogon returns FALSE, then the user interface will be constructed by the User
Identity Manager.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[out] AutoLogon On return, points to the credential provider's capabilities
after the credential provider has been selected by the user.
@retval EFI_SUCCESS Credential provider successfully selected.
@retval EFI_INVALID_PARAMETER AutoLogon is NULL.
**/
EFI_STATUS
EFIAPI
CredentialSelect (
IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon
);
/**
Indicate that user interface interaction has ended for the specified credential.
This function is called when a credential provider is deselected by the user.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@retval EFI_SUCCESS Credential provider successfully deselected.
**/
EFI_STATUS
EFIAPI
CredentialDeselect (
IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This
);
/**
Return the default logon behavior for this user credential.
This function reports the default login behavior regarding this credential provider.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[out] AutoLogon On return, holds whether the credential provider should be used
by default to automatically log on the user.
@retval EFI_SUCCESS Default information successfully returned.
@retval EFI_INVALID_PARAMETER AutoLogon is NULL.
**/
EFI_STATUS
EFIAPI
CredentialDefault (
IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon
);
/**
Return information attached to the credential provider.
This function returns user information.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[in] UserInfo Handle of the user information data record.
@param[out] Info On entry, points to a buffer of at least *InfoSize bytes. On
exit, holds the user information. If the buffer is too small
to hold the information, then EFI_BUFFER_TOO_SMALL is returned
and InfoSize is updated to contain the number of bytes actually
required.
@param[in, out] InfoSize On entry, points to the size of Info. On return, points to the
size of the user information.
@retval EFI_SUCCESS Information returned successfully.
@retval EFI_BUFFER_TOO_SMALL The size specified by InfoSize is too small to hold all of the
user information. The size required is returned in *InfoSize.
@retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL.
@retval EFI_NOT_FOUND The specified UserInfo does not refer to a valid user info handle.
**/
EFI_STATUS
EFIAPI
CredentialGetInfo (
IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
IN EFI_USER_INFO_HANDLE UserInfo,
OUT EFI_USER_INFO *Info,
IN OUT UINTN *InfoSize
);
/**
Enumerate all of the user informations on the credential provider.
This function returns the next user information record. To retrieve the first user
information record handle, point UserInfo at a NULL. Each subsequent call will retrieve
another user information record handle until there are no more, at which point UserInfo
will point to NULL.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[in, out] UserInfo On entry, points to the previous user information handle or NULL
to start enumeration. On exit, points to the next user information
handle or NULL if there is no more user information.
@retval EFI_SUCCESS User information returned.
@retval EFI_NOT_FOUND No more user information found.
@retval EFI_INVALID_PARAMETER UserInfo is NULL.
**/
EFI_STATUS
EFIAPI
CredentialGetNextInfo (
IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
IN OUT EFI_USER_INFO_HANDLE *UserInfo
);
/**
Delete a user on this credential provider.
This function deletes a user on this credential provider.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[in] User The user profile handle to delete.
@retval EFI_SUCCESS User profile was successfully deleted.
@retval EFI_ACCESS_DENIED Current user profile does not permit deletion on the user profile handle.
Either the user profile cannot delete on any user profile or cannot delete
on a user profile other than the current user profile.
@retval EFI_UNSUPPORTED This credential provider does not support deletion in the pre-OS.
@retval EFI_DEVICE_ERROR The new credential could not be deleted because of a device error.
@retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle.
**/
EFI_STATUS
EFIAPI
CredentialDelete (
IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
IN EFI_USER_PROFILE_HANDLE User
);
#endif

23
SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.uni
View File

@ -1,23 +0,0 @@
// /** @file
// Provides a USB credential provider implementation
//
// This module reads a token from a token file that is saved in the root
// folder of a USB stick. The token file name can be specified by the PCD
// PcdFixedUsbCredentialProviderTokenFileName.
//
// Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
//
// This program and the accompanying materials
// are licensed and made available under the terms and conditions of the BSD License
// which accompanies this distribution. The full text of the license may be found at
// http://opensource.org/licenses/bsd-license.php
// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
//
// **/
#string STR_MODULE_ABSTRACT #language en-US "Provides a USB credential provider implementation"
#string STR_MODULE_DESCRIPTION #language en-US "This module reads a token from a token file that is saved in the root folder of a USB stick. The token file name can be specified by the PCD PcdFixedUsbCredentialProviderTokenFileName."

70
SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderDxe.inf
View File

@ -1,70 +0,0 @@
## @file
# Provides a USB credential provider implementation
#
# This module reads a token from a token file that is saved in the root
# folder of a USB stick. The token file name can be specified by the PCD
# PcdFixedUsbCredentialProviderTokenFileName.
#
# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
# http://opensource.org/licenses/bsd-license.php
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = UsbCredentialProvider
MODULE_UNI_FILE = UsbCredentialProvider.uni
FILE_GUID = 672A0C68-2BF0-46f9-93C3-C4E7DC0FA555
MODULE_TYPE = UEFI_DRIVER
VERSION_STRING = 1.0
ENTRY_POINT = UsbProviderInit
[Sources]
UsbCredentialProvider.c
UsbCredentialProvider.h
UsbCredentialProviderStrings.uni
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
CryptoPkg/CryptoPkg.dec
SecurityPkg/SecurityPkg.dec
[LibraryClasses]
UefiRuntimeServicesTableLib
UefiBootServicesTableLib
UefiDriverEntryPoint
MemoryAllocationLib
BaseMemoryLib
DebugLib
HiiLib
UefiLib
BaseCryptLib
[Guids]
## PRODUCES ## Variable:L"UsbCredential"
## CONSUMES ## Variable:L"UsbCredential"
## CONSUMES ## HII
## SOMETIMES_CONSUMES ## GUID # The credential provider identifier
gUsbCredentialProviderGuid
gEfiFileInfoGuid ## SOMETIMES_CONSUMES ## GUID
gEfiUserCredentialClassSecureCardGuid ## SOMETIMES_CONSUMES ## GUID
[Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdFixedUsbCredentialProviderTokenFileName ## SOMETIMES_CONSUMES
[Protocols]
gEfiUserCredential2ProtocolGuid ## PRODUCES
gEfiUserManagerProtocolGuid ## SOMETIMES_CONSUMES
gEfiBlockIoProtocolGuid ## SOMETIMES_CONSUMES
gEfiSimpleFileSystemProtocolGuid ## SOMETIMES_CONSUMES
[UserExtensions.TianoCore."ExtraFiles"]
UsbCredentialProviderExtra.uni

19
SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderExtra.uni
View File

@ -1,19 +0,0 @@
// /** @file
// UsbCredentialProvider Localized Strings and Content
//
// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
//
// This program and the accompanying materials
// are licensed and made available under the terms and conditions of the BSD License
// which accompanies this distribution. The full text of the license may be found at
// http://opensource.org/licenses/bsd-license.php
// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
//
// **/
#string STR_PROPERTIES_MODULE_NAME
#language en-US
"USB Credential Provider"

29
SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderStrings.uni
View File

@ -1,29 +0,0 @@
/** @file
String definitions for the USB Credential Provider.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#langdef en-US "English"
#langdef fr-FR "Francais"
#string STR_CREDENTIAL_TITLE #language en-US "USB Credential Provider"
#language fr-FR "USB Credential Provider (French)"
#string STR_NULL_STRING #language en-US ""
#language fr-FR ""
#string STR_PROVIDER_NAME #language en-US "INTEL USB Credential Provider"
#language fr-FR "INTEL USB Credential Provider (French)"
#string STR_PROVIDER_TYPE_NAME #language en-US "Secure Card Credential Provider"
#language fr-FR "Secure Card Credential Provider (French)"
#string STR_READ_USB_TOKEN_ERROR #language en-US "Read USB Token File Error!"
#language fr-FR "Read USB Token File Error! (French)"
#string STR_INSERT_USB_TOKEN #language en-US "Please insert USB key with Token"
#language fr-FR "Please insert USB key with Token (French)"

148
SecurityPkg/UserIdentification/UserIdentifyManagerDxe/LoadDeferredImage.c
View File

@ -1,148 +0,0 @@
/** @file
Load the deferred images after user is identified.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "UserIdentifyManager.h"
EFI_HANDLE mDeferredImageHandle;
/**
The function will load all the deferred images again. If the deferred image is loaded
successfully, try to start it.
@param Event Event whose notification function is being invoked.
@param Context Pointer to the notification function's context
**/
VOID
EFIAPI
LoadDeferredImage (
IN EFI_EVENT Event,
IN VOID *Context
)
{
EFI_STATUS Status;
EFI_DEFERRED_IMAGE_LOAD_PROTOCOL *DeferredImage;
UINTN HandleCount;
EFI_HANDLE *HandleBuf;
UINTN Index;
UINTN DriverIndex;
EFI_DEVICE_PATH_PROTOCOL *ImageDevicePath;
VOID *DriverImage;
UINTN ImageSize;
BOOLEAN BootOption;
EFI_HANDLE ImageHandle;
UINTN ExitDataSize;
CHAR16 *ExitData;
//
// Find all the deferred image load protocols.
//
HandleCount = 0;
HandleBuf = NULL;
Status = gBS->LocateHandleBuffer (
ByProtocol,
&gEfiDeferredImageLoadProtocolGuid,
NULL,
&HandleCount,
&HandleBuf
);
if (EFI_ERROR (Status)) {
return ;
}
for (Index = 0; Index < HandleCount; Index++) {
Status = gBS->HandleProtocol (
HandleBuf[Index],
&gEfiDeferredImageLoadProtocolGuid,
(VOID **) &DeferredImage
);
if (EFI_ERROR (Status)) {
continue ;
}
DriverIndex = 0;
do {
//
// Load all the deferred images in this protocol instance.
//
Status = DeferredImage->GetImageInfo(
DeferredImage,
DriverIndex,
&ImageDevicePath,
(VOID **) &DriverImage,
&ImageSize,
&BootOption
);
if (EFI_ERROR (Status)) {
break;
}
//
// Load and start the image.
//
Status = gBS->LoadImage (
BootOption,
mDeferredImageHandle,
ImageDevicePath,
NULL,
0,
&ImageHandle
);
if (!EFI_ERROR (Status)) {
//
// Before calling the image, enable the Watchdog Timer for
// a 5 Minute period
//
gBS->SetWatchdogTimer (5 * 60, 0x0000, 0x00, NULL);
Status = gBS->StartImage (ImageHandle, &ExitDataSize, &ExitData);
//
// Clear the Watchdog Timer after the image returns.
//
gBS->SetWatchdogTimer (0x0000, 0x0000, 0x0000, NULL);
}
DriverIndex++;
} while (TRUE);
}
FreePool (HandleBuf);
}
/**
Register an event notification function for user profile changed.
@param[in] ImageHandle Image handle this driver.
**/
VOID
LoadDeferredImageInit (
IN EFI_HANDLE ImageHandle
)
{
EFI_STATUS Status;
EFI_EVENT Event;
mDeferredImageHandle = ImageHandle;
Status = gBS->CreateEventEx (
EVT_NOTIFY_SIGNAL,
TPL_CALLBACK,
LoadDeferredImage,
NULL,
&gEfiEventUserProfileChangedGuid,
&Event
);
ASSERT (Status == EFI_SUCCESS);
}

3766
SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManager.c
View File

File diff suppressed because it is too large Load Diff

413
SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManager.h
View File

@ -1,413 +0,0 @@
/** @file
The header file for User identify Manager driver.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef _USER_IDENTIFY_MANAGER_H_
#define _USER_IDENTIFY_MANAGER_H_
#include <Uefi.h>
#include <Guid/GlobalVariable.h>
#include <Guid/MdeModuleHii.h>
#include <Protocol/FormBrowser2.h>
#include <Protocol/HiiDatabase.h>
#include <Protocol/HiiConfigAccess.h>
#include <Protocol/HiiString.h>
#include <Protocol/HiiConfigRouting.h>
#include <Protocol/UserCredential2.h>
#include <Protocol/UserManager.h>
#include <Protocol/DeferredImageLoad.h>
#include <Protocol/SimpleTextOut.h>
#include <Protocol/SimpleTextIn.h>
#include <Protocol/SimpleTextInEx.h>
#include <Library/UefiRuntimeServicesTableLib.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/DevicePathLib.h>
#include <Library/DebugLib.h>
#include <Library/UefiLib.h>
#include <Library/PrintLib.h>
#include <Library/HiiLib.h>
#include "UserIdentifyManagerData.h"
//
// This is the generated IFR binary data for each formset defined in VFR.
// This data array is ready to be used as input of HiiAddPackages() to
// create a packagelist.
//
extern UINT8 UserIdentifyManagerVfrBin[];
//
// This is the generated String package data for all .UNI files.
// This data array is ready to be used as input of HiiAddPackages() to
// create a packagelist.
//
extern UINT8 UserIdentifyManagerStrings[];
#define USER_NUMBER_INC 32
#define DEFAULT_PROFILE_SIZE 512
#define INFO_PAYLOAD_SIZE 64
//
// Credential Provider Information.
//
typedef struct {
UINTN Count;
EFI_USER_CREDENTIAL2_PROTOCOL *Provider[1];
} CREDENTIAL_PROVIDER_INFO;
//
// Internal user profile entry.
//
typedef struct {
UINTN MaxProfileSize;
UINTN UserProfileSize;
CHAR16 UserVarName[9];
UINT8 *ProfileInfo;
} USER_PROFILE_ENTRY;
//
// Internal user profile database.
//
typedef struct {
UINTN UserProfileNum;
UINTN MaxProfileNum;
EFI_USER_PROFILE_HANDLE UserProfile[1];
} USER_PROFILE_DB;
#define USER_MANAGER_SIGNATURE SIGNATURE_32 ('U', 'I', 'M', 'S')
typedef struct {
UINTN Signature;
EFI_HANDLE DriverHandle;
EFI_HII_HANDLE HiiHandle;
//
// Consumed protocol.
//
EFI_HII_DATABASE_PROTOCOL *HiiDatabase;
EFI_HII_STRING_PROTOCOL *HiiString;
EFI_HII_CONFIG_ROUTING_PROTOCOL *HiiConfigRouting;
EFI_FORM_BROWSER2_PROTOCOL *FormBrowser2;
//
// Produced protocol.
//
EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess;
} USER_MANAGER_CALLBACK_INFO;
///
/// HII specific Vendor Device Path definition.
///
typedef struct {
VENDOR_DEVICE_PATH VendorDevicePath;
EFI_DEVICE_PATH_PROTOCOL End;
} HII_VENDOR_DEVICE_PATH;
/**
Register an event notification function for the user profile changed.
@param[in] ImageHandle Image handle this driver.
**/
VOID
LoadDeferredImageInit (
IN EFI_HANDLE ImageHandle
);
/**
This function creates a new user profile with only
a new user identifier attached and returns its handle.
The user profile is non-volatile, but the handle User
can change across reboots.
@param[in] This Protocol EFI_USER_MANAGER_PROTOCOL instance
pointer.
@param[out] User Handle of a new user profile.
@retval EFI_SUCCESS User profile was successfully created.
@retval EFI_ACCESS_DENIED Current user does not have sufficient permissions
to create a user profile.
@retval EFI_UNSUPPORTED Creation of new user profiles is not supported.
@retval EFI_INVALID_PARAMETER User is NULL.
**/
EFI_STATUS
EFIAPI
UserProfileCreate (
IN CONST EFI_USER_MANAGER_PROTOCOL *This,
OUT EFI_USER_PROFILE_HANDLE *User
);
/**
Delete an existing user profile.
@param This Protocol EFI_USER_MANAGER_PROTOCOL instance
pointer.
@param User User profile handle.
@retval EFI_SUCCESS User profile was successfully deleted.
@retval EFI_ACCESS_DENIED Current user does not have sufficient permissions
to delete a user profile or there is only one
user profile.
@retval EFI_UNSUPPORTED Deletion of new user profiles is not supported.
@retval EFI_INVALID_PARAMETER User does not refer to a valid user profile.
**/
EFI_STATUS
EFIAPI
UserProfileDelete (
IN CONST EFI_USER_MANAGER_PROTOCOL *This,
IN EFI_USER_PROFILE_HANDLE User
);
/**
Get next user profile from the user profile database.
@param[in] This Protocol EFI_USER_MANAGER_PROTOCOL instance
pointer.
@param[in, out] User User profile handle.
@retval EFI_SUCCESS Next enrolled user profile successfully returned.
@retval EFI_INVALID_PARAMETER User is NULL.
**/
EFI_STATUS
EFIAPI
UserProfileGetNext (
IN CONST EFI_USER_MANAGER_PROTOCOL *This,
IN OUT EFI_USER_PROFILE_HANDLE *User
);
/**
This function returns the current user profile handle.
@param[in] This Protocol EFI_USER_MANAGER_PROTOCOL instance pointer.
@param[out] CurrentUser User profile handle.
@retval EFI_SUCCESS Current user profile handle returned successfully.
@retval EFI_INVALID_PARAMETER CurrentUser is NULL.
**/
EFI_STATUS
EFIAPI
UserProfileCurrent (
IN CONST EFI_USER_MANAGER_PROTOCOL *This,
OUT EFI_USER_PROFILE_HANDLE *CurrentUser
);
/**
Identify the user and, if authenticated, returns the user handle and changes
the current user profile.
@param This Protocol EFI_USER_MANAGER_PROTOCOL instance pointer.
@param CurrentUser User profile handle.
@retval EFI_SUCCESS User was successfully identified.
@retval EFI_INVALID_PARAMETER User is NULL.
@retval EFI_ACCESS_DENIED User was not successfully identified.
**/
EFI_STATUS
EFIAPI
UserProfileIdentify (
IN CONST EFI_USER_MANAGER_PROTOCOL *This,
OUT EFI_USER_PROFILE_HANDLE *User
);
/**
Find a user using a user information record.
This function searches all user profiles for the specified user information record.
The search starts with the user information record handle following UserInfo and
continues until either the information is found or there are no more user profiles.
A match occurs when the Info.InfoType field matches the user information record
type and the user information record data matches the portion of Info passed the
EFI_USER_INFO header.
@param[in] This Points to this instance of the EFI_USER_MANAGER_PROTOCOL.
@param[in, out] User On entry, points to the previously returned user profile
handle, or NULL to start searching with the first user profile.
On return, points to the user profile handle, or NULL if not
found.
@param[in, out] UserInfo On entry, points to the previously returned user information
handle, or NULL to start searching with the first. On return,
points to the user information handle of the user information
record, or NULL if not found. Can be NULL, in which case only
one user information record per user can be returned.
@param[in] Info Points to the buffer containing the user information to be
compared to the user information record. If NULL, then only
the user information record type is compared. If InfoSize is 0,
then the user information record must be empty.
@param[in] InfoSize The size of Info, in bytes.
@retval EFI_SUCCESS User information was found. User points to the user profile handle,
and UserInfo points to the user information handle.
@retval EFI_NOT_FOUND User information was not found. User points to NULL and UserInfo
points to NULL.
**/
EFI_STATUS
EFIAPI
UserProfileFind (
IN CONST EFI_USER_MANAGER_PROTOCOL *This,
IN OUT EFI_USER_PROFILE_HANDLE *User,
IN OUT EFI_USER_INFO_HANDLE *UserInfo OPTIONAL,
IN CONST EFI_USER_INFO *Info,
IN UINTN InfoSize
);
/**
This function returns user information.
@param This Protocol EFI_USER_MANAGER_PROTOCOL instance
pointer.
@param User Handle of the user whose profile will be
retrieved.
@param UserInfo Handle of the user information data record.
@param Info On entry, points to a buffer of at least
*InfoSize bytes. On exit, holds the user
information.
@param InfoSize On entry, points to the size of Info. On return,
points to the size of the user information.
@retval EFI_SUCCESS Information returned successfully.
@retval EFI_ACCESS_DENIED The information about the specified user cannot
be accessed by the current user.
EFI_BUFFER_TOO_SMALL- The number of bytes
specified by *InfoSize is too small to hold the
returned data.
**/
EFI_STATUS
EFIAPI
UserProfileGetInfo (
IN CONST EFI_USER_MANAGER_PROTOCOL *This,
IN EFI_USER_PROFILE_HANDLE User,
IN EFI_USER_INFO_HANDLE UserInfo,
OUT EFI_USER_INFO *Info,
IN OUT UINTN *InfoSize
);
/**
This function changes user information.
@param This Protocol EFI_USER_MANAGER_PROTOCOL instance
pointer.
@param User Handle of the user whose profile will be
retrieved.
@param UserInfo Handle of the user information data record.
@param Info Points to the user information.
@param InfoSize The size of Info, in bytes.
@retval EFI_SUCCESS User profile information was successfully
changed/added.
@retval EFI_ACCESS_DENIED The record is exclusive.
@retval EFI_SECURITY_VIOLATION The current user does not have permission to
change the specified user profile or user
information record.
**/
EFI_STATUS
EFIAPI
UserProfileSetInfo (
IN CONST EFI_USER_MANAGER_PROTOCOL *This,
IN EFI_USER_PROFILE_HANDLE User,
IN OUT EFI_USER_INFO_HANDLE *UserInfo,
IN CONST EFI_USER_INFO *Info,
IN UINTN InfoSize
);
/**
This function allows the credential provider to notify the User Identity Manager
when user status has changed while deselected.
@param This Protocol EFI_USER_MANAGER_PROTOCOL instance
pointer.
@param Changed Points to the instance of the
EFI_USER_CREDENTIAL_PROTOCOL where the user has
changed.
@retval EFI_SUCCESS The User Identity Manager has handled the
notification.
@retval EFI_NOT_READY The function was called while the specified
credential provider was not selected.
@retval EFI_UNSUPPORTED The User Identity Manager doesn't support
asynchronous notifications.
**/
EFI_STATUS
EFIAPI
UserProfileNotify (
IN CONST EFI_USER_MANAGER_PROTOCOL *This,
IN EFI_HANDLE Changed
);
/**
Delete the user information attached to the user profile specified by the UserInfo.
@param This Protocol EFI_USER_MANAGER_PROTOCOL instance pointer.
@param User Handle of the user whose profile will be retrieved.
@param UserInfo Handle of the user information data record.
@retval EFI_SUCCESS User information deleted successfully.
@retval EFI_ACCESS_DENIED The current user does not have permission to
delete this user in-formation.
@retval EFI_NOT_FOUND User information record UserInfo does not exist
in the user pro-file.
**/
EFI_STATUS
EFIAPI
UserProfileDeleteInfo (
IN CONST EFI_USER_MANAGER_PROTOCOL *This,
IN EFI_USER_PROFILE_HANDLE User,
IN EFI_USER_INFO_HANDLE UserInfo
);
/**
This function returns the next user information record.
@param This Protocol EFI_USER_MANAGER_PROTOCOL instance pointer.
@param User Handle of the user whose profile will be retrieved.
@param UserInfo Handle of the user information data record.
@retval EFI_SUCCESS User information returned.
@retval EFI_NOT_FOUND No more user information found.
**/
EFI_STATUS
EFIAPI
UserProfileGetNextInfo (
IN CONST EFI_USER_MANAGER_PROTOCOL *This,
IN EFI_USER_PROFILE_HANDLE User,
IN OUT EFI_USER_INFO_HANDLE *UserInfo
);
#endif

21
SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManager.uni
View File

@ -1,21 +0,0 @@
// /** @file
// Produces user manager protocol
//
// This module manages user information and produces user manager protocol.
//
// Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
//
// This program and the accompanying materials
// are licensed and made available under the terms and conditions of the BSD License
// which accompanies this distribution. The full text of the license may be found at
// http://opensource.org/licenses/bsd-license.php
// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
//
// **/
#string STR_MODULE_ABSTRACT #language en-US "Produces user manager protocol"
#string STR_MODULE_DESCRIPTION #language en-US "This module manages user information and produces user manager protocol."

35
SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerData.h
View File

@ -1,35 +0,0 @@
/** @file
Data structure used by the user identify manager driver.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef _USER_IDENTIFY_MANAGER_DATA_H_
#define _USER_IDENTIFY_MANAGER_DATA_H_
#include <Guid/UserIdentifyManagerHii.h>
//
// Forms definition.
//
#define FORMID_USER_FORM 1
#define FORMID_PROVIDER_FORM 2
#define FORMID_INVALID_FORM 0x0FFF
//
// Labels definition.
//
#define LABEL_USER_NAME 0x1000
#define LABEL_PROVIDER_NAME 0x3000
#define LABEL_END 0xffff
#define FORM_OPEN_QUESTION_ID 0xfffe
#endif

79
SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerDxe.inf
View File

@ -1,79 +0,0 @@
## @file
# Produces user manager protocol
#
# This module manages user information and produces user manager protocol.
#
# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
# http://opensource.org/licenses/bsd-license.php
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#
##
[defines]
INF_VERSION = 0x00010005
BASE_NAME = UserIdentifyManager
MODULE_UNI_FILE = UserIdentifyManager.uni
FILE_GUID = C5D3191B-27D5-4873-8DF2-628136991A21
MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0
ENTRY_POINT = UserIdentifyManagerInit
[sources]
UserIdentifyManager.c
LoadDeferredImage.c
UserIdentifyManager.h
UserIdentifyManagerData.h
UserIdentifyManagerStrings.uni
UserIdentifyManagerVfr.Vfr
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
SecurityPkg/SecurityPkg.dec
[LibraryClasses]
UefiRuntimeServicesTableLib
UefiBootServicesTableLib
UefiDriverEntryPoint
MemoryAllocationLib
BaseMemoryLib
DebugLib
HiiLib
UefiLib
[Guids]
gEfiIfrTianoGuid ## SOMETIMES_CONSUMES ## GUID
gEfiEventUserProfileChangedGuid ## SOMETIMES_PRODUCES ## Event
## SOMETIMES_PRODUCES ## Variable:L"Userxxxx"
## SOMETIMES_CONSUMES ## Variable:L"Userxxxx"
## CONSUMES ## HII
gUserIdentifyManagerGuid
[Protocols]
gEfiFormBrowser2ProtocolGuid ## CONSUMES
gEfiHiiDatabaseProtocolGuid ## CONSUMES
gEfiUserCredential2ProtocolGuid ## SOMETIMES_CONSUMES
gEfiDeferredImageLoadProtocolGuid ## SOMETIMES_CONSUMES
gEfiSimpleTextOutProtocolGuid ## SOMETIMES_CONSUMES
gEfiSimpleTextInProtocolGuid ## SOMETIMES_CONSUMES
gEfiSimpleTextInputExProtocolGuid ## SOMETIMES_CONSUMES
gEfiHiiConfigAccessProtocolGuid ## PRODUCES
gEfiDevicePathProtocolGuid ## PRODUCES
## PRODUCES
## SOMETIMES_PRODUCES ## SystemTable
gEfiUserManagerProtocolGuid
[Depex]
gEfiHiiDatabaseProtocolGuid AND
gEfiHiiStringProtocolGuid AND
gEfiFormBrowser2ProtocolGuid
[UserExtensions.TianoCore."ExtraFiles"]
UserIdentifyManagerExtra.uni

19
SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerExtra.uni
View File

@ -1,19 +0,0 @@
// /** @file
// UserIdentifyManager Localized Strings and Content
//
// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
//
// This program and the accompanying materials
// are licensed and made available under the terms and conditions of the BSD License
// which accompanies this distribution. The full text of the license may be found at
// http://opensource.org/licenses/bsd-license.php
// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
//
// **/
#string STR_PROPERTIES_MODULE_NAME
#language en-US
"User Identify Manager"

27
SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerStrings.uni
View File

@ -1,27 +0,0 @@
/** @file
String definitions for the User Identify Manager driver.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#langdef en-US "English"
#langdef fr-FR "Francais"
#string STR_TITLE #language en-US "User Identity Manager"
#language fr-FR "User Identity Manager(French)"
#string STR_USER_SELECT #language en-US "User Selection"
#language fr-FR "User Selection(French)"
#string STR_PROVIDER_SELECT #language en-US "Provider Selection"
#language fr-FR "User Selection(French)"
#string STR_NULL_STRING #language en-US ""
#language fr-FR ""

43
SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerVfr.Vfr
View File

@ -1,43 +0,0 @@
/** @file
User identify manager formset.
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "UserIdentifyManagerData.h"
formset
guid = USER_IDENTIFY_MANAGER_GUID,
title = STRING_TOKEN(STR_TITLE),
help = STRING_TOKEN(STR_NULL_STRING),
classguid = USER_IDENTIFY_MANAGER_GUID,
form formid = FORMID_USER_FORM,
title = STRING_TOKEN(STR_USER_SELECT);
suppressif TRUE;
text
help = STRING_TOKEN(STR_NULL_STRING),
text = STRING_TOKEN(STR_NULL_STRING),
flags = INTERACTIVE,
key = FORM_OPEN_QUESTION_ID;
endif;
label LABEL_USER_NAME;
label LABEL_END;
endform;
form formid = FORMID_PROVIDER_FORM,
title = STRING_TOKEN(STR_PROVIDER_SELECT);
label LABEL_PROVIDER_NAME;
label LABEL_END;
endform;
endformset;

688
SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyAccessPolicy.c
View File

@ -1,688 +0,0 @@
/** @file
The functions for access policy modification.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "UserProfileManager.h"
/**
Collect all the access policy data to mUserInfo.AccessPolicy,
and save it to user profile.
**/
VOID
SaveAccessPolicy (
VOID
)
{
EFI_STATUS Status;
UINTN OffSet;
UINTN Size;
EFI_USER_INFO_ACCESS_CONTROL Control;
EFI_USER_INFO_HANDLE UserInfo;
EFI_USER_INFO *Info;
if (mUserInfo.AccessPolicy != NULL) {
FreePool (mUserInfo.AccessPolicy);
}
mUserInfo.AccessPolicy = NULL;
mUserInfo.AccessPolicyLen = 0;
mUserInfo.AccessPolicyModified = TRUE;
OffSet = 0;
//
// Save access right.
//
Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL);
if (mUserInfo.AccessPolicyLen - OffSet < Size) {
ExpandMemory (OffSet, Size);
}
Control.Type = mAccessInfo.AccessRight;
Control.Size = (UINT32) Size;
CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));
OffSet += sizeof (Control);
//
// Save access setup.
//
Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + sizeof (EFI_GUID);
if (mUserInfo.AccessPolicyLen - OffSet < Size) {
ExpandMemory (OffSet, Size);
}
Control.Type = EFI_USER_INFO_ACCESS_SETUP;
Control.Size = (UINT32) Size;
CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));
OffSet += sizeof (Control);
if (mAccessInfo.AccessSetup == ACCESS_SETUP_NORMAL) {
CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), &gEfiUserInfoAccessSetupNormalGuid);
} else if (mAccessInfo.AccessSetup == ACCESS_SETUP_RESTRICTED) {
CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), &gEfiUserInfoAccessSetupRestrictedGuid);
} else if (mAccessInfo.AccessSetup == ACCESS_SETUP_ADMIN) {
CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), &gEfiUserInfoAccessSetupAdminGuid);
}
OffSet += sizeof (EFI_GUID);
//
// Save access of boot order.
//
Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + sizeof (UINT32);
if (mUserInfo.AccessPolicyLen - OffSet < Size) {
ExpandMemory (OffSet, Size);
}
Control.Type = EFI_USER_INFO_ACCESS_BOOT_ORDER;
Control.Size = (UINT32) Size;
CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));
OffSet += sizeof (Control);
CopyMem ((UINT8 *) (mUserInfo.AccessPolicy + OffSet), &mAccessInfo.AccessBootOrder, sizeof (UINT32));
OffSet += sizeof (UINT32);
//
// Save permit load.
//
if (mAccessInfo.LoadPermitLen > 0) {
Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.LoadPermitLen;
if (mUserInfo.AccessPolicyLen - OffSet < Size) {
ExpandMemory (OffSet, Size);
}
Control.Type = EFI_USER_INFO_ACCESS_PERMIT_LOAD;
Control.Size = (UINT32) Size;
CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));
OffSet += sizeof (Control);
CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.LoadPermit, mAccessInfo.LoadPermitLen);
OffSet += mAccessInfo.LoadPermitLen;
}
//
// Save forbid load.
//
if (mAccessInfo.LoadForbidLen > 0) {
Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.LoadForbidLen;
if (mUserInfo.AccessPolicyLen - OffSet < Size) {
ExpandMemory (OffSet, Size);
}
Control.Type = EFI_USER_INFO_ACCESS_FORBID_LOAD;
Control.Size = (UINT32) Size;
CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));
OffSet += sizeof (Control);
CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.LoadForbid, mAccessInfo.LoadForbidLen);
OffSet += mAccessInfo.LoadForbidLen;
}
//
// Save permit connect.
//
if (mAccessInfo.ConnectPermitLen > 0) {
Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.ConnectPermitLen;
if (mUserInfo.AccessPolicyLen - OffSet < Size) {
ExpandMemory (OffSet, Size);
}
Control.Type = EFI_USER_INFO_ACCESS_PERMIT_CONNECT;
Control.Size = (UINT32) Size;
CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));
OffSet += sizeof (Control);
CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.ConnectPermit, mAccessInfo.ConnectPermitLen);
OffSet += mAccessInfo.ConnectPermitLen;
}
//
// Save forbid connect.
//
if (mAccessInfo.ConnectForbidLen > 0) {
Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.ConnectForbidLen;
if (mUserInfo.AccessPolicyLen - OffSet < Size) {
ExpandMemory (OffSet, Size);
}
Control.Type = EFI_USER_INFO_ACCESS_FORBID_CONNECT;
Control.Size = (UINT32) Size;
CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));
OffSet += sizeof (Control);
CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.ConnectForbid, mAccessInfo.ConnectForbidLen);
OffSet += mAccessInfo.ConnectForbidLen;
}
mUserInfo.AccessPolicyLen = OffSet;
//
// Save access policy.
//
if (mUserInfo.AccessPolicyModified && (mUserInfo.AccessPolicyLen > 0) && (mUserInfo.AccessPolicy != NULL)) {
Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + mUserInfo.AccessPolicyLen);
if (Info == NULL) {
return ;
}
Status = FindInfoByType (mModifyUser, EFI_USER_INFO_ACCESS_POLICY_RECORD, &UserInfo);
if (!EFI_ERROR (Status)) {
Info->InfoType = EFI_USER_INFO_ACCESS_POLICY_RECORD;
Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV |
EFI_USER_INFO_PUBLIC |
EFI_USER_INFO_EXCLUSIVE;
Info->InfoSize = (UINT32) (sizeof (EFI_USER_INFO) + mUserInfo.AccessPolicyLen);
CopyMem ((UINT8 *) (Info + 1), mUserInfo.AccessPolicy, mUserInfo.AccessPolicyLen);
Status = mUserManager->SetInfo (
mUserManager,
mModifyUser,
&UserInfo,
Info,
Info->InfoSize
);
mUserInfo.AccessPolicyModified = FALSE;
}
FreePool (Info);
}
if (mAccessInfo.ConnectForbid != NULL) {
FreePool (mAccessInfo.ConnectForbid);
mAccessInfo.ConnectForbid = NULL;
}
if (mAccessInfo.ConnectPermit != NULL) {
FreePool (mAccessInfo.ConnectPermit);
mAccessInfo.ConnectPermit = NULL;
}
if (mAccessInfo.LoadForbid != NULL) {
FreePool (mAccessInfo.LoadForbid);
mAccessInfo.LoadForbid = NULL;
}
if (mAccessInfo.LoadPermit != NULL) {
FreePool (mAccessInfo.LoadPermit);
mAccessInfo.LoadPermit = NULL;
}
}
/**
Create an action OpCode with QuestionID and DevicePath on a given OpCodeHandle.
@param[in] QuestionID The question ID.
@param[in] DevicePath Points to device path.
@param[in] OpCodeHandle Points to container for dynamic created opcodes.
**/
VOID
AddDevicePath (
IN UINTN QuestionID,
IN EFI_DEVICE_PATH_PROTOCOL *DevicePath,
IN VOID *OpCodeHandle
)
{
EFI_DEVICE_PATH_PROTOCOL *Next;
EFI_STRING_ID NameID;
EFI_STRING DriverName;
//
// Get driver file name node.
//
Next = DevicePath;
while (!IsDevicePathEnd (Next)) {
DevicePath = Next;
Next = NextDevicePathNode (Next);
}
//
// Display the device path in form.
//
DriverName = ConvertDevicePathToText (DevicePath, FALSE, FALSE);
NameID = HiiSetString (mCallbackInfo->HiiHandle, 0, DriverName, NULL);
FreePool (DriverName);
if (NameID == 0) {
return ;
}
HiiCreateActionOpCode (
OpCodeHandle, // Container for dynamic created opcodes
(UINT16) QuestionID, // Question ID
NameID, // Prompt text
STRING_TOKEN (STR_NULL_STRING), // Help text
EFI_IFR_FLAG_CALLBACK, // Question flag
0 // Action String ID
);
}
/**
Check whether the DevicePath is in the device path forbid list
(mAccessInfo.LoadForbid).
@param[in] DevicePath Points to device path.
@retval TRUE The DevicePath is in the device path forbid list.
@retval FALSE The DevicePath is not in the device path forbid list.
**/
BOOLEAN
IsLoadForbidden (
IN EFI_DEVICE_PATH_PROTOCOL *DevicePath
)
{
UINTN OffSet;
UINTN DPSize;
UINTN Size;
EFI_DEVICE_PATH_PROTOCOL *Dp;
OffSet = 0;
Size = GetDevicePathSize (DevicePath);
//
// Check each device path.
//
while (OffSet < mAccessInfo.LoadForbidLen) {
Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + OffSet);
DPSize = GetDevicePathSize (Dp);
//
// Compare device path.
//
if ((DPSize == Size) && (CompareMem (DevicePath, Dp, Size) == 0)) {
return TRUE;
}
OffSet += DPSize;
}
return FALSE;
}
/**
Display the permit load device path in the loadable device path list.
**/
VOID
DisplayLoadPermit(
VOID
)
{
EFI_STATUS Status;
CHAR16 *Order;
UINTN OrderSize;
UINTN ListCount;
UINTN Index;
UINT8 *Var;
UINT8 *VarPtr;
CHAR16 VarName[12];
VOID *StartOpCodeHandle;
VOID *EndOpCodeHandle;
EFI_IFR_GUID_LABEL *StartLabel;
EFI_IFR_GUID_LABEL *EndLabel;
//
// Get DriverOrder.
//
OrderSize = 0;
Status = gRT->GetVariable (
L"DriverOrder",
&gEfiGlobalVariableGuid,
NULL,
&OrderSize,
NULL
);
if (Status != EFI_BUFFER_TOO_SMALL) {
return ;
}
Order = AllocateZeroPool (OrderSize);
if (Order == NULL) {
return ;
}
Status = gRT->GetVariable (
L"DriverOrder",
&gEfiGlobalVariableGuid,
NULL,
&OrderSize,
Order
);
if (EFI_ERROR (Status)) {
return ;
}
//
// Initialize the container for dynamic opcodes.
//
StartOpCodeHandle = HiiAllocateOpCodeHandle ();
ASSERT (StartOpCodeHandle != NULL);
EndOpCodeHandle = HiiAllocateOpCodeHandle ();
ASSERT (EndOpCodeHandle != NULL);
//
// Create Hii Extend Label OpCode.
//
StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
StartOpCodeHandle,
&gEfiIfrTianoGuid,
NULL,
sizeof (EFI_IFR_GUID_LABEL)
);
StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
StartLabel->Number = LABEL_PERMIT_LOAD_FUNC;
EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
EndOpCodeHandle,
&gEfiIfrTianoGuid,
NULL,
sizeof (EFI_IFR_GUID_LABEL)
);
EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
EndLabel->Number = LABEL_END;
//
// Add each driver option.
//
Var = NULL;
ListCount = OrderSize / sizeof (UINT16);
for (Index = 0; Index < ListCount; Index++) {
//
// Get driver device path.
//
UnicodeSPrint (VarName, sizeof (VarName), L"Driver%04x", Order[Index]);
GetEfiGlobalVariable2 (VarName, (VOID**)&Var, NULL);
if (Var == NULL) {
continue;
}
//
// Check whether the driver is already forbidden.
//
VarPtr = Var;
//
// Skip attribute.
//
VarPtr += sizeof (UINT32);
//
// Skip device path lenth.
//
VarPtr += sizeof (UINT16);
//
// Skip descript string.
//
VarPtr += StrSize ((UINT16 *) VarPtr);
if (IsLoadForbidden ((EFI_DEVICE_PATH_PROTOCOL *) VarPtr)) {
FreePool (Var);
Var = NULL;
continue;
}
AddDevicePath (
KEY_MODIFY_USER | KEY_MODIFY_AP_DP | KEY_LOAD_PERMIT_MODIFY | Order[Index],
(EFI_DEVICE_PATH_PROTOCOL *) VarPtr,
StartOpCodeHandle
);
FreePool (Var);
Var = NULL;
}
HiiUpdateForm (
mCallbackInfo->HiiHandle, // HII handle
&gUserProfileManagerGuid, // Formset GUID
FORMID_PERMIT_LOAD_DP, // Form ID
StartOpCodeHandle, // Label for where to insert opcodes
EndOpCodeHandle // Replace data
);
HiiFreeOpCodeHandle (StartOpCodeHandle);
HiiFreeOpCodeHandle (EndOpCodeHandle);
//
// Clear Environment.
//
if (Var != NULL) {
FreePool (Var);
}
FreePool (Order);
}
/**
Display the forbid load device path list (mAccessInfo.LoadForbid).
**/
VOID
DisplayLoadForbid (
VOID
)
{
UINTN Offset;
UINTN DPSize;
UINTN Index;
EFI_DEVICE_PATH_PROTOCOL *Dp;
VOID *StartOpCodeHandle;
VOID *EndOpCodeHandle;
EFI_IFR_GUID_LABEL *StartLabel;
EFI_IFR_GUID_LABEL *EndLabel;
//
// Initialize the container for dynamic opcodes.
//
StartOpCodeHandle = HiiAllocateOpCodeHandle ();
ASSERT (StartOpCodeHandle != NULL);
EndOpCodeHandle = HiiAllocateOpCodeHandle ();
ASSERT (EndOpCodeHandle != NULL);
//
// Create Hii Extend Label OpCode.
//
StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
StartOpCodeHandle,
&gEfiIfrTianoGuid,
NULL,
sizeof (EFI_IFR_GUID_LABEL)
);
StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
StartLabel->Number = LABLE_FORBID_LOAD_FUNC;
EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
EndOpCodeHandle,
&gEfiIfrTianoGuid,
NULL,
sizeof (EFI_IFR_GUID_LABEL)
);
EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
EndLabel->Number = LABEL_END;
//
// Add each forbid load drivers.
//
Offset = 0;
Index = 0;
while (Offset < mAccessInfo.LoadForbidLen) {
Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + Offset);
DPSize = GetDevicePathSize (Dp);
AddDevicePath (
KEY_MODIFY_USER | KEY_MODIFY_AP_DP | KEY_LOAD_FORBID_MODIFY | Index,
Dp,
StartOpCodeHandle
);
Index++;
Offset += DPSize;
}
HiiUpdateForm (
mCallbackInfo->HiiHandle, // HII handle
&gUserProfileManagerGuid, // Formset GUID
FORMID_FORBID_LOAD_DP, // Form ID
StartOpCodeHandle, // Label for where to insert opcodes
EndOpCodeHandle // Replace data
);
HiiFreeOpCodeHandle (StartOpCodeHandle);
HiiFreeOpCodeHandle (EndOpCodeHandle);
}
/**
Display the permit connect device path.
**/
VOID
DisplayConnectPermit (
VOID
)
{
//
// Note:
// As no architect protocol/interface to be called in ConnectController()
// to verify the device path, just add a place holder for permitted connect
// device path.
//
}
/**
Display the forbid connect device path list.
**/
VOID
DisplayConnectForbid (
VOID
)
{
//
// Note:
// As no architect protocol/interface to be called in ConnectController()
// to verify the device path, just add a place holder for forbidden connect
// device path.
//
}
/**
Delete the specified device path by DriverIndex from the forbid device path
list (mAccessInfo.LoadForbid).
@param[in] DriverIndex The index of driver in forbidden device path list.
**/
VOID
DeleteFromForbidLoad (
IN UINT16 DriverIndex
)
{
UINTN OffSet;
UINTN DPSize;
UINTN OffLen;
EFI_DEVICE_PATH_PROTOCOL *Dp;
OffSet = 0;
//
// Find the specified device path.
//
while ((OffSet < mAccessInfo.LoadForbidLen) && (DriverIndex > 0)) {
Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + OffSet);
DPSize = GetDevicePathSize (Dp);
OffSet += DPSize;
DriverIndex--;
}
//
// Specified device path found.
//
if (DriverIndex == 0) {
Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + OffSet);
DPSize = GetDevicePathSize (Dp);
OffLen = mAccessInfo.LoadForbidLen - OffSet - DPSize;
if (OffLen > 0) {
CopyMem (
mAccessInfo.LoadForbid + OffSet,
mAccessInfo.LoadForbid + OffSet + DPSize,
OffLen
);
}
mAccessInfo.LoadForbidLen -= DPSize;
}
}
/**
Add the specified device path by DriverIndex to the forbid device path
list (mAccessInfo.LoadForbid).
@param[in] DriverIndex The index of driver saved in driver options.
**/
VOID
AddToForbidLoad (
IN UINT16 DriverIndex
)
{
UINTN DevicePathLen;
UINT8 *Var;
UINT8 *VarPtr;
UINTN NewLen;
UINT8 *NewFL;
CHAR16 VarName[13];
//
// Get loadable driver device path.
//
UnicodeSPrint (VarName, sizeof (VarName), L"Driver%04x", DriverIndex);
GetEfiGlobalVariable2 (VarName, (VOID**)&Var, NULL);
if (Var == NULL) {
return;
}
//
// Save forbid load driver.
//
VarPtr = Var;
//
// Skip attribute.
//
VarPtr += sizeof (UINT32);
DevicePathLen = *(UINT16 *) VarPtr;
//
// Skip device path length.
//
VarPtr += sizeof (UINT16);
//
// Skip description string.
//
VarPtr += StrSize ((UINT16 *) VarPtr);
NewLen = mAccessInfo.LoadForbidLen + DevicePathLen;
NewFL = AllocateZeroPool (NewLen);
if (NewFL == NULL) {
FreePool (Var);
return ;
}
if (mAccessInfo.LoadForbidLen > 0) {
CopyMem (NewFL, mAccessInfo.LoadForbid, mAccessInfo.LoadForbidLen);
FreePool (mAccessInfo.LoadForbid);
}
CopyMem (NewFL + mAccessInfo.LoadForbidLen, VarPtr, DevicePathLen);
mAccessInfo.LoadForbidLen = NewLen;
mAccessInfo.LoadForbid = NewFL;
FreePool (Var);
}

516
SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyIdentityPolicy.c
View File

@ -1,516 +0,0 @@
/** @file
The functions for identification policy modification.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "UserProfileManager.h"
/**
Verify the new identity policy in the current implementation. The same credential
provider can't appear twice in one identity policy.
@param[in] NewGuid Points to the credential provider guid.
@retval TRUE The NewGuid was found in the identity policy.
@retval FALSE The NewGuid was not found.
**/
BOOLEAN
ProviderAlreadyInPolicy (
IN EFI_GUID *NewGuid
)
{
UINTN Offset;
EFI_USER_INFO_IDENTITY_POLICY *Identity;
EFI_INPUT_KEY Key;
Offset = 0;
while (Offset < mUserInfo.NewIdentityPolicyLen) {
Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (mUserInfo.NewIdentityPolicy + Offset);
if (Identity->Type == EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER) {
if (CompareGuid (NewGuid, (EFI_GUID *) (Identity + 1))) {
CreatePopUp (
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
&Key,
L"This Credential Provider Are Already Used!",
L"",
L"Press Any Key to Continue ...",
NULL
);
return TRUE;
}
}
Offset += Identity->Length;
}
return FALSE;
}
/**
Add the user's credential record in the provider.
@param[in] Identity Identity policy item including credential provider.
@param[in] User Points to user profile.
@retval EFI_SUCCESS Add or delete record successfully.
@retval Others Fail to add or delete record.
**/
EFI_STATUS
EnrollUserOnProvider (
IN EFI_USER_INFO_IDENTITY_POLICY *Identity,
IN EFI_USER_PROFILE_HANDLE User
)
{
UINTN Index;
EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential;
//
// Find the specified credential provider.
//
for (Index = 0; Index < mProviderInfo->Count; Index++) {
UserCredential = mProviderInfo->Provider[Index];
if (CompareGuid ((EFI_GUID *)(Identity + 1), &UserCredential->Identifier)) {
return UserCredential->Enroll (UserCredential, User);
}
}
return EFI_NOT_FOUND;
}
/**
Delete the User's credential record on the provider.
@param[in] Identity Point to EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER user info.
@param[in] User Points to user profile.
@retval EFI_SUCCESS Delete User's credential record successfully.
@retval Others Fail to add or delete record.
**/
EFI_STATUS
DeleteUserOnProvider (
IN EFI_USER_INFO_IDENTITY_POLICY *Identity,
IN EFI_USER_PROFILE_HANDLE User
)
{
UINTN Index;
EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential;
//
// Find the specified credential provider.
//
for (Index = 0; Index < mProviderInfo->Count; Index++) {
UserCredential = mProviderInfo->Provider[Index];
if (CompareGuid ((EFI_GUID *)(Identity + 1), &UserCredential->Identifier)) {
return UserCredential->Delete (UserCredential, User);
}
}
return EFI_NOT_FOUND;
}
/**
Delete User's credental from all the providers that exist in User's identity policy.
@param[in] IdentityPolicy Point to User's identity policy.
@param[in] IdentityPolicyLen The length of the identity policy.
@param[in] User Points to user profile.
**/
VOID
DeleteCredentialFromProviders (
IN UINT8 *IdentityPolicy,
IN UINTN IdentityPolicyLen,
IN EFI_USER_PROFILE_HANDLE User
)
{
EFI_USER_INFO_IDENTITY_POLICY *Identity;
UINTN Offset;
Offset = 0;
while (Offset < IdentityPolicyLen) {
Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (IdentityPolicy + Offset);
if (Identity->Type == EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER) {
//
// Delete the user on this provider.
//
DeleteUserOnProvider (Identity, User);
}
Offset += Identity->Length;
}
}
/**
Remove the provider specified by Offset from the new user identification record.
@param[in] IdentityPolicy Point to user identity item in new identification policy.
@param[in] Offset The item offset in the new identification policy.
**/
VOID
DeleteProviderFromPolicy (
IN EFI_USER_INFO_IDENTITY_POLICY *IdentityPolicy,
IN UINTN Offset
)
{
UINTN RemainingLen;
UINTN DeleteLen;
if (IdentityPolicy->Length == mUserInfo.NewIdentityPolicyLen) {
//
// Only one credential provider in the identification policy.
// Set the new policy to be TRUE after removed the provider.
//
IdentityPolicy->Type = EFI_USER_INFO_IDENTITY_TRUE;
IdentityPolicy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY);
mUserInfo.NewIdentityPolicyLen = IdentityPolicy->Length;
return ;
}
DeleteLen = IdentityPolicy->Length + sizeof(EFI_USER_INFO_IDENTITY_POLICY);
if ((Offset + IdentityPolicy->Length) != mUserInfo.NewIdentityPolicyLen) {
//
// This provider is not the last item in the identification policy, delete it and the connector.
//
RemainingLen = mUserInfo.NewIdentityPolicyLen - Offset - DeleteLen;
CopyMem ((UINT8 *) IdentityPolicy, (UINT8 *) IdentityPolicy + DeleteLen, RemainingLen);
}
mUserInfo.NewIdentityPolicyLen -= DeleteLen;
}
/**
Add a new provider to the mUserInfo.NewIdentityPolicy.
It is invoked when 'add option' in UI is pressed.
@param[in] NewGuid Points to the credential provider guid.
**/
VOID
AddProviderToPolicy (
IN EFI_GUID *NewGuid
)
{
UINT8 *NewPolicyInfo;
UINTN NewPolicyInfoLen;
EFI_USER_INFO_IDENTITY_POLICY *Policy;
//
// Allocate memory for the new identity policy.
//
NewPolicyInfoLen = mUserInfo.NewIdentityPolicyLen + sizeof (EFI_USER_INFO_IDENTITY_POLICY) + sizeof (EFI_GUID);
if (mUserInfo.NewIdentityPolicyLen > 0) {
//
// It is not the first provider in the policy. Add a connector before provider.
//
NewPolicyInfoLen += sizeof (EFI_USER_INFO_IDENTITY_POLICY);
}
NewPolicyInfo = AllocateZeroPool (NewPolicyInfoLen);
if (NewPolicyInfo == NULL) {
return ;
}
NewPolicyInfoLen = 0;
if (mUserInfo.NewIdentityPolicyLen > 0) {
//
// Save orginal policy.
//
CopyMem (NewPolicyInfo, mUserInfo.NewIdentityPolicy, mUserInfo.NewIdentityPolicyLen);
//
// Save logical connector.
//
Policy = (EFI_USER_INFO_IDENTITY_POLICY *) (NewPolicyInfo + mUserInfo.NewIdentityPolicyLen);
if (mConncetLogical == 0) {
Policy->Type = EFI_USER_INFO_IDENTITY_AND;
} else {
Policy->Type = EFI_USER_INFO_IDENTITY_OR;
}
Policy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY);
NewPolicyInfoLen = mUserInfo.NewIdentityPolicyLen + Policy->Length;
FreePool (mUserInfo.NewIdentityPolicy);
}
//
// Save credential provider.
//
Policy = (EFI_USER_INFO_IDENTITY_POLICY *) (NewPolicyInfo + NewPolicyInfoLen);
Policy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY) + sizeof (EFI_GUID);
Policy->Type = EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER;
CopyGuid ((EFI_GUID *) (Policy + 1), NewGuid);
NewPolicyInfoLen += Policy->Length;
//
// Update identity policy choice.
//
mUserInfo.NewIdentityPolicy = NewPolicyInfo;
mUserInfo.NewIdentityPolicyLen = NewPolicyInfoLen;
mUserInfo.NewIdentityPolicyModified = TRUE;
}
/**
This function replaces the old identity policy with a new identity policy.
This function delete the user identity policy information.
If enroll new credential failed, recover the old identity policy.
@retval EFI_SUCCESS Modify user identity policy successfully.
@retval Others Fail to modify user identity policy.
**/
EFI_STATUS
UpdateCredentialProvider (
)
{
EFI_STATUS Status;
EFI_USER_INFO_IDENTITY_POLICY *Identity;
UINTN Offset;
//
// Delete the old identification policy.
//
DeleteCredentialFromProviders (mUserInfo.IdentityPolicy, mUserInfo.IdentityPolicyLen, mModifyUser);
//
// Add the new identification policy.
//
Offset = 0;
while (Offset < mUserInfo.NewIdentityPolicyLen) {
Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (mUserInfo.NewIdentityPolicy + Offset);
if (Identity->Type == EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER) {
//
// Enroll the user on this provider
//
Status = EnrollUserOnProvider (Identity, mModifyUser);
if (EFI_ERROR (Status)) {
//
// Failed to enroll the user by new identification policy.
// So removed the credential provider from the identification policy
//
DeleteProviderFromPolicy (Identity, Offset);
continue;
}
}
Offset += Identity->Length;
}
return EFI_SUCCESS;
}
/**
Check whether the identity policy is valid.
@param[in] PolicyInfo Point to the identity policy.
@param[in] PolicyInfoLen The policy length.
@retval TRUE The policy is a valid identity policy.
@retval FALSE The policy is not a valid identity policy.
**/
BOOLEAN
CheckNewIdentityPolicy (
IN UINT8 *PolicyInfo,
IN UINTN PolicyInfoLen
)
{
EFI_USER_INFO_IDENTITY_POLICY *Identity;
EFI_INPUT_KEY Key;
UINTN Offset;
UINT32 OpCode;
//
// Check policy expression.
//
OpCode = EFI_USER_INFO_IDENTITY_FALSE;
Offset = 0;
while (Offset < PolicyInfoLen) {
//
// Check identification policy according to type
//
Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (PolicyInfo + Offset);
switch (Identity->Type) {
case EFI_USER_INFO_IDENTITY_TRUE:
break;
case EFI_USER_INFO_IDENTITY_OR:
if (OpCode == EFI_USER_INFO_IDENTITY_AND) {
CreatePopUp (
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
&Key,
L"Invalid Identity Policy, Mixed Connector Unsupport!",
L"",
L"Press Any Key to Continue ...",
NULL
);
return FALSE;
}
OpCode = EFI_USER_INFO_IDENTITY_OR;
break;
case EFI_USER_INFO_IDENTITY_AND:
if (OpCode == EFI_USER_INFO_IDENTITY_OR) {
CreatePopUp (
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
&Key,
L"Invalid Identity Policy, Mixed Connector Unsupport!",
L"",
L"Press Any Key to Continue ...",
NULL
);
return FALSE;
}
OpCode = EFI_USER_INFO_IDENTITY_AND;
break;
case EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER:
break;
default:
CreatePopUp (
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
&Key,
L"Unsupport parameter",
L"",
L"Press Any Key to Continue ...",
NULL
);
return FALSE;
}
Offset += Identity->Length;
}
return TRUE;
}
/**
Save the identity policy and update UI with it.
This function will verify the new identity policy, in current implementation,
the identity policy can be: T, P & P & P & ..., P | P | P | ...
Here, "T" means "True", "P" means "Credential Provider", "&" means "and", "|" means "or".
Other identity policies are not supported.
**/
VOID
SaveIdentityPolicy (
VOID
)
{
EFI_STATUS Status;
EFI_USER_INFO_HANDLE UserInfo;
EFI_USER_INFO *Info;
if (!mUserInfo.NewIdentityPolicyModified || (mUserInfo.NewIdentityPolicyLen == 0)) {
return;
}
//
// Check policy expression.
//
if (!CheckNewIdentityPolicy (mUserInfo.NewIdentityPolicy, mUserInfo.NewIdentityPolicyLen)) {
return;
}
Status = FindInfoByType (mModifyUser, EFI_USER_INFO_IDENTITY_POLICY_RECORD, &UserInfo);
if (EFI_ERROR (Status)) {
return ;
}
//
// Update the informantion on credential provider.
//
Status = UpdateCredentialProvider ();
if (EFI_ERROR (Status)) {
return ;
}
//
// Save new identification policy.
//
Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + mUserInfo.NewIdentityPolicyLen);
ASSERT (Info != NULL);
Info->InfoType = EFI_USER_INFO_IDENTITY_POLICY_RECORD;
Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE;
Info->InfoSize = (UINT32) (sizeof (EFI_USER_INFO) + mUserInfo.NewIdentityPolicyLen);
CopyMem ((UINT8 *) (Info + 1), mUserInfo.NewIdentityPolicy, mUserInfo.NewIdentityPolicyLen);
Status = mUserManager->SetInfo (mUserManager, mModifyUser, &UserInfo, Info, Info->InfoSize);
FreePool (Info);
//
// Update the mUserInfo.IdentityPolicy by mUserInfo.NewIdentityPolicy
//
if (mUserInfo.IdentityPolicy != NULL) {
FreePool (mUserInfo.IdentityPolicy);
}
mUserInfo.IdentityPolicy = mUserInfo.NewIdentityPolicy;
mUserInfo.IdentityPolicyLen = mUserInfo.NewIdentityPolicyLen;
mUserInfo.NewIdentityPolicy = NULL;
mUserInfo.NewIdentityPolicyLen = 0;
mUserInfo.NewIdentityPolicyModified = FALSE;
//
// Update identity policy choice.
//
ResolveIdentityPolicy (mUserInfo.IdentityPolicy, mUserInfo.IdentityPolicyLen, STRING_TOKEN (STR_IDENTIFY_POLICY_VAL));
}
/**
Update the mUserInfo.NewIdentityPolicy, and UI when 'add option' is pressed.
**/
VOID
AddIdentityPolicyItem (
VOID
)
{
if (mProviderInfo->Count == 0) {
return ;
}
//
// Check the identity policy.
//
if (ProviderAlreadyInPolicy (&mProviderInfo->Provider[mProviderChoice]->Identifier)) {
return;
}
//
// Add it to identification policy
//
AddProviderToPolicy (&mProviderInfo->Provider[mProviderChoice]->Identifier);
//
// Update identity policy choice.
//
ResolveIdentityPolicy (mUserInfo.NewIdentityPolicy, mUserInfo.NewIdentityPolicyLen, STRING_TOKEN (STR_IDENTIFY_POLICY_VALUE));
}

372
SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileAdd.c
View File

@ -1,372 +0,0 @@
/** @file
The functions to add a user profile.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "UserProfileManager.h"
/**
Get user name from the popup windows.
@param[in, out] UserNameLen On entry, point to UserName buffer lengh, in bytes.
On exit, point to input user name length, in bytes.
@param[out] UserName The buffer to hold the input user name.
@retval EFI_ABORTED It is given up by pressing 'ESC' key.
@retval EFI_NOT_READY Not a valid input at all.
@retval EFI_SUCCESS Get a user name successfully.
**/
EFI_STATUS
GetUserNameInput (
IN OUT UINTN *UserNameLen,
OUT CHAR16 *UserName
)
{
EFI_INPUT_KEY Key;
UINTN NameLen;
CHAR16 Name[USER_NAME_LENGTH];
NameLen = 0;
while (TRUE) {
Name[NameLen] = L'_';
Name[NameLen + 1] = L'\0';
CreatePopUp (
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
&Key,
L"Input User Name",
L"---------------------",
Name,
NULL
);
//
// Check key.
//
if (Key.ScanCode == SCAN_NULL) {
if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) {
//
// Add the null terminator.
//
Name[NameLen] = 0;
NameLen++;
break;
} else if ((Key.UnicodeChar == CHAR_NULL) ||
(Key.UnicodeChar == CHAR_TAB) ||
(Key.UnicodeChar == CHAR_LINEFEED)
) {
continue;
} else {
if (Key.UnicodeChar == CHAR_BACKSPACE) {
if (NameLen > 0) {
NameLen--;
}
} else {
Name[NameLen] = Key.UnicodeChar;
NameLen++;
if (NameLen + 1 == USER_NAME_LENGTH) {
//
// Add the null terminator.
//
Name[NameLen] = 0;
NameLen++;
break;
}
}
}
}
if (Key.ScanCode == SCAN_ESC) {
return EFI_ABORTED;
}
}
if (NameLen <= 1) {
return EFI_NOT_READY;
}
if (*UserNameLen < NameLen * sizeof (CHAR16)) {
return EFI_NOT_READY;
}
*UserNameLen = NameLen * sizeof (CHAR16);
CopyMem (UserName, Name, *UserNameLen);
return EFI_SUCCESS;
}
/**
Set a user's username.
@param[in] User Handle of a user profile .
@param[in] UserNameLen The lengh of UserName.
@param[in] UserName Point to the buffer of user name.
@retval EFI_NOT_READY The usernme in mAddUserName had been used.
@retval EFI_SUCCESS Change the user's username successfully with
username in mAddUserName.
**/
EFI_STATUS
SetUserName (
IN EFI_USER_PROFILE_HANDLE User,
IN UINTN UserNameLen,
IN CHAR16 *UserName
)
{
EFI_STATUS Status;
EFI_USER_INFO_HANDLE UserInfo;
EFI_USER_PROFILE_HANDLE TempUser;
EFI_USER_INFO *NewUserInfo;
NewUserInfo = AllocateZeroPool (sizeof (EFI_USER_INFO) + UserNameLen);
ASSERT (NewUserInfo != NULL);
NewUserInfo->InfoType = EFI_USER_INFO_NAME_RECORD;
NewUserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV |
EFI_USER_INFO_PUBLIC |
EFI_USER_INFO_EXCLUSIVE;
NewUserInfo->InfoSize = (UINT32) (sizeof (EFI_USER_INFO) + UserNameLen);
CopyMem ((UINT8 *) (NewUserInfo + 1), UserName, UserNameLen);
TempUser = NULL;
Status = mUserManager->Find (
mUserManager,
&TempUser,
NULL,
NewUserInfo,
NewUserInfo->InfoSize
);
if (!EFI_ERROR (Status)) {
//
// The user name had been used, return error.
//
FreePool (NewUserInfo);
return EFI_NOT_READY;
}
UserInfo = NULL;
mUserManager->SetInfo (
mUserManager,
User,
&UserInfo,
NewUserInfo,
NewUserInfo->InfoSize
);
FreePool (NewUserInfo);
return EFI_SUCCESS;
}
/**
Set create date of the specified user.
@param[in] User Handle of a user profile.
**/
VOID
SetCreateDate (
IN EFI_USER_PROFILE_HANDLE User
)
{
EFI_STATUS Status;
EFI_USER_INFO_HANDLE UserInfo;
EFI_USER_INFO_CREATE_DATE Date;
EFI_USER_INFO *NewUserInfo;
NewUserInfo = AllocateZeroPool (
sizeof (EFI_USER_INFO) +
sizeof (EFI_USER_INFO_CREATE_DATE)
);
ASSERT (NewUserInfo != NULL);
NewUserInfo->InfoType = EFI_USER_INFO_CREATE_DATE_RECORD;
NewUserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV |
EFI_USER_INFO_PUBLIC |
EFI_USER_INFO_EXCLUSIVE;
NewUserInfo->InfoSize = sizeof (EFI_USER_INFO) + sizeof (EFI_USER_INFO_CREATE_DATE);
Status = gRT->GetTime (&Date, NULL);
if (EFI_ERROR (Status)) {
FreePool (NewUserInfo);
return ;
}
CopyMem ((UINT8 *) (NewUserInfo + 1), &Date, sizeof (EFI_USER_INFO_CREATE_DATE));
UserInfo = NULL;
mUserManager->SetInfo (
mUserManager,
User,
&UserInfo,
NewUserInfo,
NewUserInfo->InfoSize
);
FreePool (NewUserInfo);
}
/**
Set the default identity policy of the specified user.
@param[in] User Handle of a user profile.
**/
VOID
SetIdentityPolicy (
IN EFI_USER_PROFILE_HANDLE User
)
{
EFI_USER_INFO_IDENTITY_POLICY *Policy;
EFI_USER_INFO_HANDLE UserInfo;
EFI_USER_INFO *NewUserInfo;
NewUserInfo = AllocateZeroPool (
sizeof (EFI_USER_INFO) +
sizeof (EFI_USER_INFO_IDENTITY_POLICY)
);
ASSERT (NewUserInfo != NULL);
Policy = (EFI_USER_INFO_IDENTITY_POLICY *) (NewUserInfo + 1);
Policy->Type = EFI_USER_INFO_IDENTITY_TRUE;
Policy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY);
NewUserInfo->InfoType = EFI_USER_INFO_IDENTITY_POLICY_RECORD;
NewUserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV |
EFI_USER_INFO_PUBLIC |
EFI_USER_INFO_EXCLUSIVE;
NewUserInfo->InfoSize = sizeof (EFI_USER_INFO) + Policy->Length;
UserInfo = NULL;
mUserManager->SetInfo (
mUserManager,
User,
&UserInfo,
NewUserInfo,
NewUserInfo->InfoSize
);
FreePool (NewUserInfo);
}
/**
Set the default access policy of the specified user.
@param[in] User Handle of a user profile.
**/
VOID
SetAccessPolicy (
IN EFI_USER_PROFILE_HANDLE User
)
{
EFI_USER_INFO_ACCESS_CONTROL *Control;
EFI_USER_INFO_HANDLE UserInfo;
EFI_USER_INFO *NewUserInfo;
NewUserInfo = AllocateZeroPool (
sizeof (EFI_USER_INFO) +
sizeof (EFI_USER_INFO_ACCESS_CONTROL)
);
ASSERT (NewUserInfo != NULL);
Control = (EFI_USER_INFO_ACCESS_CONTROL *) (NewUserInfo + 1);
Control->Type = EFI_USER_INFO_ACCESS_ENROLL_SELF;
Control->Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL);
NewUserInfo->InfoType = EFI_USER_INFO_ACCESS_POLICY_RECORD;
NewUserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV |
EFI_USER_INFO_PUBLIC |
EFI_USER_INFO_EXCLUSIVE;
NewUserInfo->InfoSize = sizeof (EFI_USER_INFO) + Control->Size;
UserInfo = NULL;
mUserManager->SetInfo (
mUserManager,
User,
&UserInfo,
NewUserInfo,
NewUserInfo->InfoSize
);
FreePool (NewUserInfo);
}
/**
Add a new user profile into the user profile database.
**/
VOID
CallAddUser (
VOID
)
{
EFI_STATUS Status;
EFI_INPUT_KEY Key;
EFI_USER_PROFILE_HANDLE User;
UINTN UserNameLen;
CHAR16 UserName[USER_NAME_LENGTH];
CHAR16 *QuestionStr;
CHAR16 *PromptStr;
QuestionStr = NULL;
PromptStr = NULL;
//
// Get user name to add.
//
UserNameLen = sizeof (UserName);
Status = GetUserNameInput (&UserNameLen, UserName);
if (EFI_ERROR (Status)) {
if (Status != EFI_ABORTED) {
QuestionStr = GetStringById (STRING_TOKEN (STR_GET_USERNAME_FAILED));
PromptStr = GetStringById (STRING_TOKEN (STR_STROKE_KEY_CONTINUE));
goto Done;
}
return ;
}
//
// Create a new user profile.
//
User = NULL;
Status = mUserManager->Create (mUserManager, &User);
if (EFI_ERROR (Status)) {
QuestionStr = GetStringById (STRING_TOKEN (STR_CREATE_PROFILE_FAILED));
PromptStr = GetStringById (STRING_TOKEN (STR_STROKE_KEY_CONTINUE));
} else {
//
// Add default user information.
//
Status = SetUserName (User, UserNameLen, UserName);
if (EFI_ERROR (Status)) {
QuestionStr = GetStringById (STRING_TOKEN (STR_USER_ALREADY_EXISTED));
PromptStr = GetStringById (STRING_TOKEN (STR_STROKE_KEY_CONTINUE));
goto Done;
}
SetCreateDate (User);
SetIdentityPolicy (User);
SetAccessPolicy (User);
QuestionStr = GetStringById (STRING_TOKEN (STR_CREATE_PROFILE_SUCCESS));
PromptStr = GetStringById (STRING_TOKEN (STR_STROKE_KEY_CONTINUE));
}
Done:
CreatePopUp (
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
&Key,
QuestionStr,
L"",
PromptStr,
NULL
);
FreePool (QuestionStr);
FreePool (PromptStr);
}

343
SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileDelete.c
View File

@ -1,343 +0,0 @@
/** @file
The functions to delete a user profile.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "UserProfileManager.h"
/**
Get the username from the specified user.
@param[in] User Handle of a user profile.
@retval EFI_STRING_ID The String Id of the user's username.
**/
EFI_STRING_ID
GetUserName (
IN EFI_USER_PROFILE_HANDLE User
)
{
EFI_STATUS Status;
EFI_USER_INFO_HANDLE UserInfo;
EFI_USER_INFO *Info;
UINTN InfoSize;
UINTN MemSize;
UINTN NameLen;
CHAR16 UserName[USER_NAME_LENGTH];
EFI_STRING_ID UserId;
//
// Allocate user information memory.
//
MemSize = sizeof (EFI_USER_INFO) + 63;
Info = AllocateZeroPool (MemSize);
ASSERT (Info != NULL);
//
// Get user name information.
//
UserInfo = NULL;
while (TRUE) {
InfoSize = MemSize;
//
// Get next user information.
//
Status = mUserManager->GetNextInfo (
mUserManager,
User,
&UserInfo
);
if (EFI_ERROR (Status)) {
break;
}
Status = mUserManager->GetInfo (
mUserManager,
User,
UserInfo,
Info,
&InfoSize
);
if (Status == EFI_BUFFER_TOO_SMALL) {
MemSize = InfoSize;
FreePool (Info);
Info = AllocateZeroPool (MemSize);
ASSERT (Info != NULL);
Status = mUserManager->GetInfo (
mUserManager,
User,
UserInfo,
Info,
&InfoSize
);
}
//
// Check user information.
//
if (Status == EFI_SUCCESS) {
if (Info->InfoType == EFI_USER_INFO_NAME_RECORD) {
NameLen = Info->InfoSize - sizeof (EFI_USER_INFO);
if (NameLen > USER_NAME_LENGTH * sizeof (CHAR16)) {
NameLen = USER_NAME_LENGTH * sizeof (CHAR16);
}
ASSERT (NameLen >= sizeof (CHAR16));
CopyMem (UserName, (UINT8 *) (Info + 1), NameLen);
UserName[NameLen / sizeof (CHAR16) - 1] = 0;
UserId = HiiSetString (
mCallbackInfo->HiiHandle,
0,
UserName,
NULL
);
if (UserId != 0) {
FreePool (Info);
return UserId;
}
}
}
}
FreePool (Info);
return 0;
}
/**
Add a username item in form.
@param[in] User Points to the user profile whose username is added.
@param[in] Index The index of the user in the user name list
@param[in] OpCodeHandle Points to container for dynamic created opcodes.
**/
VOID
AddUserToForm (
IN EFI_USER_PROFILE_HANDLE User,
IN UINT16 Index,
IN VOID *OpCodeHandle
)
{
EFI_STRING_ID NameId;
//
// Get user name
//
NameId = GetUserName (User);
if (NameId == 0) {
return ;
}
//
// Create user name option.
//
switch (Index & KEY_FIRST_FORM_MASK) {
case KEY_MODIFY_USER:
HiiCreateGotoOpCode (
OpCodeHandle, // Container for dynamic created opcodes
FORMID_USER_INFO, // Target Form ID
NameId, // Prompt text
STRING_TOKEN (STR_NULL_STRING), // Help text
EFI_IFR_FLAG_CALLBACK, // Question flag
Index // Question ID
);
break;
case KEY_DEL_USER:
HiiCreateActionOpCode (
OpCodeHandle, // Container for dynamic created opcodes
Index, // Question ID
NameId, // Prompt text
STRING_TOKEN (STR_NULL_STRING), // Help text
EFI_IFR_FLAG_CALLBACK, // Question flag
0 // Action String ID
);
break;
default:
break;
}
}
/**
Delete the user specified by UserIndex in user profile database.
@param[in] UserIndex The index of user in the user name list
to be deleted.
**/
VOID
DeleteUser (
IN UINT8 UserIndex
)
{
EFI_STATUS Status;
EFI_USER_PROFILE_HANDLE User;
EFI_INPUT_KEY Key;
EFI_USER_INFO_HANDLE UserInfo;
EFI_USER_INFO *Info;
UINTN InfoSize;
//
// Find specified user profile and delete it.
//
User = NULL;
Status = mUserManager->GetNext (mUserManager, &User);
if (EFI_ERROR (Status)) {
goto Done;
}
while (UserIndex > 1) {
Status = mUserManager->GetNext (mUserManager, &User);
if (EFI_ERROR (Status)) {
goto Done;
}
UserIndex--;
}
if (UserIndex == 1) {
//
// Get the identification policy.
//
Status = FindInfoByType (User, EFI_USER_INFO_IDENTITY_POLICY_RECORD, &UserInfo);
if (EFI_ERROR (Status)) {
goto Done;
}
InfoSize = 0;
Info = NULL;
Status = mUserManager->GetInfo (mUserManager, User, UserInfo, Info, &InfoSize);
if (Status == EFI_BUFFER_TOO_SMALL) {
Info = AllocateZeroPool (InfoSize);
if (Info == NULL) {
goto Done;
}
Status = mUserManager->GetInfo (mUserManager, User, UserInfo, Info, &InfoSize);
}
//
// Delete the user on the credential providers by its identification policy.
//
ASSERT (Info != NULL);
DeleteCredentialFromProviders ((UINT8 *)(Info + 1), Info->InfoSize - sizeof (EFI_USER_INFO), User);
FreePool (Info);
Status = mUserManager->Delete (mUserManager, User);
if (EFI_ERROR (Status)) {
goto Done;
}
CreatePopUp (
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
&Key,
L"Delete User Succeed!",
L"",
L"Please Press Any Key to Continue ...",
NULL
);
return ;
}
Done:
CreatePopUp (
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
&Key,
L"Delete User Failed!",
L"",
L"Please Press Any Key to Continue ...",
NULL
);
}
/**
Display user select form, cab select a user to delete.
**/
VOID
SelectUserToDelete (
VOID
)
{
EFI_STATUS Status;
UINT8 Index;
EFI_USER_PROFILE_HANDLE User;
EFI_USER_PROFILE_HANDLE CurrentUser;
VOID *StartOpCodeHandle;
VOID *EndOpCodeHandle;
EFI_IFR_GUID_LABEL *StartLabel;
EFI_IFR_GUID_LABEL *EndLabel;
//
// Initialize the container for dynamic opcodes.
//
StartOpCodeHandle = HiiAllocateOpCodeHandle ();
ASSERT (StartOpCodeHandle != NULL);
EndOpCodeHandle = HiiAllocateOpCodeHandle ();
ASSERT (EndOpCodeHandle != NULL);
//
// Create Hii Extend Label OpCode.
//
StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
StartOpCodeHandle,
&gEfiIfrTianoGuid,
NULL,
sizeof (EFI_IFR_GUID_LABEL)
);
StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
StartLabel->Number = LABEL_USER_DEL_FUNC;
EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
EndOpCodeHandle,
&gEfiIfrTianoGuid,
NULL,
sizeof (EFI_IFR_GUID_LABEL)
);
EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
EndLabel->Number = LABEL_END;
//
// Add each user can be deleted.
//
User = NULL;
Index = 1;
mUserManager->Current (mUserManager, &CurrentUser);
while (TRUE) {
Status = mUserManager->GetNext (mUserManager, &User);
if (EFI_ERROR (Status)) {
break;
}
if (User != CurrentUser) {
AddUserToForm (
User,
(UINT16)(KEY_DEL_USER | KEY_SELECT_USER | Index),
StartOpCodeHandle
);
}
Index++;
}
HiiUpdateForm (
mCallbackInfo->HiiHandle, // HII handle
&gUserProfileManagerGuid, // Formset GUID
FORMID_DEL_USER, // Form ID
StartOpCodeHandle, // Label for where to insert opcodes
EndOpCodeHandle // Replace data
);
HiiFreeOpCodeHandle (StartOpCodeHandle);
HiiFreeOpCodeHandle (EndOpCodeHandle);
}

887
SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager.c
View File

@ -1,887 +0,0 @@
/** @file
This driver is a configuration tool for adding, deleting or modifying user
profiles, including gathering the necessary information to ascertain their
identity in the future, updating user access policy and identification
policy, etc.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2018 Hewlett Packard Enterprise Development LP<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "UserProfileManager.h"
EFI_USER_MANAGER_PROTOCOL *mUserManager = NULL;
CREDENTIAL_PROVIDER_INFO *mProviderInfo = NULL;
UINT8 mProviderChoice;
UINT8 mConncetLogical;
USER_INFO_ACCESS mAccessInfo;
USER_INFO mUserInfo;
USER_PROFILE_MANAGER_CALLBACK_INFO *mCallbackInfo;
HII_VENDOR_DEVICE_PATH mHiiVendorDevicePath = {
{
{
HARDWARE_DEVICE_PATH,
HW_VENDOR_DP,
{
(UINT8) (sizeof (VENDOR_DEVICE_PATH)),
(UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8)
}
},
USER_PROFILE_MANAGER_GUID
},
{
END_DEVICE_PATH_TYPE,
END_ENTIRE_DEVICE_PATH_SUBTYPE,
{
(UINT8) (END_DEVICE_PATH_LENGTH),
(UINT8) ((END_DEVICE_PATH_LENGTH) >> 8)
}
}
};
/**
Get string by string id from HII Interface.
@param[in] Id String ID to get the string from.
@retval CHAR16 * String from ID.
@retval NULL If error occurs.
**/
CHAR16 *
GetStringById (
IN EFI_STRING_ID Id
)
{
//
// Get the current string for the current Language.
//
return HiiGetString (mCallbackInfo->HiiHandle, Id, NULL);
}
/**
This function gets all the credential providers in the system and saved them
to mProviderInfo.
@retval EFI_SUCESS Init credential provider database successfully.
@retval Others Fail to init credential provider database.
**/
EFI_STATUS
InitProviderInfo (
VOID
)
{
EFI_STATUS Status;
UINTN HandleCount;
EFI_HANDLE *HandleBuf;
UINTN Index;
//
// Try to find all the user credential provider driver.
//
HandleCount = 0;
HandleBuf = NULL;
Status = gBS->LocateHandleBuffer (
ByProtocol,
&gEfiUserCredential2ProtocolGuid,
NULL,
&HandleCount,
&HandleBuf
);
if (EFI_ERROR (Status)) {
return Status;
}
//
// Get provider infomation.
//
if (mProviderInfo != NULL) {
FreePool (mProviderInfo);
}
mProviderInfo = AllocateZeroPool (
sizeof (CREDENTIAL_PROVIDER_INFO) -
sizeof (EFI_USER_CREDENTIAL2_PROTOCOL *) +
HandleCount * sizeof (EFI_USER_CREDENTIAL2_PROTOCOL *)
);
if (mProviderInfo == NULL) {
FreePool (HandleBuf);
return EFI_OUT_OF_RESOURCES;
}
mProviderInfo->Count = HandleCount;
for (Index = 0; Index < HandleCount; Index++) {
Status = gBS->HandleProtocol (
HandleBuf[Index],
&gEfiUserCredential2ProtocolGuid,
(VOID **) &mProviderInfo->Provider[Index]
);
if (EFI_ERROR (Status)) {
FreePool (HandleBuf);
FreePool (mProviderInfo);
mProviderInfo = NULL;
return Status;
}
}
FreePool (HandleBuf);
return EFI_SUCCESS;
}
/**
This function processes changes in user profile configuration.
@param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
@param Action Specifies the type of action taken by the browser.
@param QuestionId A unique value which is sent to the original
exporting driver so that it can identify the type
of data to expect.
@param Type The type of value for the question.
@param Value A pointer to the data being sent to the original
exporting driver.
@param ActionRequest On return, points to the action requested by the
callback function.
@retval EFI_SUCCESS The callback successfully handled the action.
@retval Others Fail to handle the action.
**/
EFI_STATUS
EFIAPI
UserProfileManagerCallback (
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN EFI_BROWSER_ACTION Action,
IN EFI_QUESTION_ID QuestionId,
IN UINT8 Type,
IN EFI_IFR_TYPE_VALUE *Value,
OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
)
{
EFI_STATUS Status;
EFI_INPUT_KEY Key;
UINT32 CurrentAccessRight;
CHAR16 *QuestionStr;
CHAR16 *PromptStr;
VOID *StartOpCodeHandle;
VOID *EndOpCodeHandle;
EFI_IFR_GUID_LABEL *StartLabel;
EFI_IFR_GUID_LABEL *EndLabel;
EFI_USER_PROFILE_HANDLE CurrentUser;
Status = EFI_SUCCESS;
switch (Action) {
case EFI_BROWSER_ACTION_FORM_OPEN:
{
//
// Update user manage Form when user manage Form is opened.
// This will be done only in FORM_OPEN CallBack of question with QUESTIONID_USER_MANAGE from user manage Form.
//
if (QuestionId != QUESTIONID_USER_MANAGE) {
return EFI_SUCCESS;
}
//
// Get current user
//
CurrentUser = NULL;
mUserManager->Current (mUserManager, &CurrentUser);
if (CurrentUser == NULL) {
DEBUG ((DEBUG_ERROR, "Error: current user does not exist!\n"));
return EFI_NOT_READY;
}
//
// Get current user's right information.
//
Status = GetAccessRight (&CurrentAccessRight);
if (EFI_ERROR (Status)) {
CurrentAccessRight = EFI_USER_INFO_ACCESS_ENROLL_SELF;
}
//
// Init credential provider information.
//
Status = InitProviderInfo ();
if (EFI_ERROR (Status)) {
return Status;
}
//
// Initialize the container for dynamic opcodes.
//
StartOpCodeHandle = HiiAllocateOpCodeHandle ();
ASSERT (StartOpCodeHandle != NULL);
EndOpCodeHandle = HiiAllocateOpCodeHandle ();
ASSERT (EndOpCodeHandle != NULL);
//
// Create Hii Extend Label OpCode.
//
StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
StartOpCodeHandle,
&gEfiIfrTianoGuid,
NULL,
sizeof (EFI_IFR_GUID_LABEL)
);
StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
StartLabel->Number = LABEL_USER_MANAGE_FUNC;
EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
EndOpCodeHandle,
&gEfiIfrTianoGuid,
NULL,
sizeof (EFI_IFR_GUID_LABEL)
);
EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
EndLabel->Number = LABEL_END;
//
// Add user profile option.
//
if ((CurrentAccessRight == EFI_USER_INFO_ACCESS_MANAGE) ||
(CurrentAccessRight == EFI_USER_INFO_ACCESS_ENROLL_OTHERS)
) {
HiiCreateActionOpCode (
StartOpCodeHandle, // Container for dynamic created opcodes
KEY_ADD_USER, // Question ID
STRING_TOKEN (STR_ADD_USER_TITLE), // Prompt text
STRING_TOKEN (STR_ADD_USER_HELP), // Help text
EFI_IFR_FLAG_CALLBACK, // Question flag
0 // Action String ID
);
}
//
// Add modify user profile option.
//
HiiCreateGotoOpCode (
StartOpCodeHandle, // Container for dynamic created opcodes
FORMID_MODIFY_USER, // Target Form ID
STRING_TOKEN (STR_MODIFY_USER_TITLE), // Prompt text
STRING_TOKEN (STR_MODIFY_USER_HELP), // Help text
EFI_IFR_FLAG_CALLBACK, // Question flag
KEY_MODIFY_USER // Question ID
);
//
// Add delete user profile option
//
if (CurrentAccessRight == EFI_USER_INFO_ACCESS_MANAGE) {
HiiCreateGotoOpCode (
StartOpCodeHandle, // Container for dynamic created opcodes
FORMID_DEL_USER, // Target Form ID
STRING_TOKEN (STR_DELETE_USER_TITLE), // Prompt text
STRING_TOKEN (STR_DELETE_USER_HELP), // Help text
EFI_IFR_FLAG_CALLBACK, // Question flag
KEY_DEL_USER // Question ID
);
}
HiiUpdateForm (
mCallbackInfo->HiiHandle, // HII handle
&gUserProfileManagerGuid, // Formset GUID
FORMID_USER_MANAGE, // Form ID
StartOpCodeHandle, // Label for where to insert opcodes
EndOpCodeHandle // Replace data
);
HiiFreeOpCodeHandle (StartOpCodeHandle);
HiiFreeOpCodeHandle (EndOpCodeHandle);
return EFI_SUCCESS;
}
break;
case EFI_BROWSER_ACTION_FORM_CLOSE:
Status = EFI_SUCCESS;
break;
case EFI_BROWSER_ACTION_CHANGED:
{
//
// Handle the request from form.
//
if ((Value == NULL) || (ActionRequest == NULL)) {
return EFI_INVALID_PARAMETER;
}
//
// Judge first 2 bits.
//
switch (QuestionId & KEY_FIRST_FORM_MASK) {
//
// Add user profile operation.
//
case KEY_ADD_USER:
CallAddUser ();
break;
//
// Delete user profile operation.
//
case KEY_DEL_USER:
//
// Judge next 2 bits.
//
switch (QuestionId & KEY_SECOND_FORM_MASK) {
//
// Delete specified user profile.
//
case KEY_SELECT_USER:
DeleteUser ((UINT8) QuestionId);
//
// Update select user form after delete a user.
//
SelectUserToDelete ();
break;
default:
break;
}
break;
//
// Modify user profile operation.
//
case KEY_MODIFY_USER:
//
// Judge next 2 bits.
//
switch (QuestionId & KEY_SECOND_FORM_MASK) {
//
// Enter user profile information form.
//
case KEY_SELECT_USER:
//
// Judge next 3 bits.
//
switch (QuestionId & KEY_MODIFY_INFO_MASK) {
//
// Modify user name.
//
case KEY_MODIFY_NAME:
ModifyUserName ();
//
// Update username in parent form.
//
SelectUserToModify ();
break;
//
// Modify identity policy.
//
case KEY_MODIFY_IP:
//
// Judge next 3 bits
//
switch (QuestionId & KEY_MODIFY_IP_MASK) {
//
// Change credential provider option.
//
case KEY_MODIFY_PROV:
mProviderChoice = Value->u8;
break;
//
// Change logical connector.
//
case KEY_MODIFY_CONN:
mConncetLogical = Value->u8;
break;
//
// Save option.
//
case KEY_ADD_IP_OP:
AddIdentityPolicyItem ();
break;
//
// Return to user profile information form.
//
case KEY_IP_RETURN_UIF:
SaveIdentityPolicy ();
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_SUBMIT_EXIT;
break;
default:
break;
}
break;
//
// Modify access policy.
//
case KEY_MODIFY_AP:
//
// Judge next 3 bits.
//
switch (QuestionId & KEY_MODIFY_AP_MASK) {
//
// Change access right choice.
//
case KEY_MODIFY_RIGHT:
mAccessInfo.AccessRight = Value->u8;
break;
//
// Change setup choice.
//
case KEY_MODIFY_SETUP:
mAccessInfo.AccessSetup= Value->u8;
break;
//
// Change boot order choice.
//
case KEY_MODIFY_BOOT:
mAccessInfo.AccessBootOrder = Value->u32;
break;
//
// Return to user profile information form.
//
case KEY_AP_RETURN_UIF:
SaveAccessPolicy ();
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_SUBMIT_EXIT;
break;
default:
break;
}
break;
default:
break;
}
break;
//
// Access policy device path modified.
//
case KEY_MODIFY_AP_DP:
//
// Judge next 2 bits.
//
switch (QuestionId & KEY_MODIFY_DP_MASK) {
//
// Load permit device path modified.
//
case KEY_LOAD_PERMIT_MODIFY:
QuestionStr = GetStringById (STRING_TOKEN (STR_MOVE_TO_FORBID_LIST));
PromptStr = GetStringById (STRING_TOKEN (STR_PRESS_KEY_CONTINUE));
CreatePopUp (
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
&Key,
QuestionStr,
L"",
PromptStr,
NULL
);
FreePool (QuestionStr);
FreePool (PromptStr);
if (Key.UnicodeChar != CHAR_CARRIAGE_RETURN) {
break;
}
AddToForbidLoad ((UINT16)(QuestionId & (KEY_MODIFY_DP_MASK - 1)));
DisplayLoadPermit ();
break;
//
// Load forbid device path modified.
//
case KEY_LOAD_FORBID_MODIFY:
QuestionStr = GetStringById (STRING_TOKEN (STR_MOVE_TO_PERMIT_LIST));
PromptStr = GetStringById (STRING_TOKEN (STR_PRESS_KEY_CONTINUE));
CreatePopUp (
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
&Key,
QuestionStr,
L"",
PromptStr,
NULL
);
FreePool (QuestionStr);
FreePool (PromptStr);
if (Key.UnicodeChar != CHAR_CARRIAGE_RETURN) {
break;
}
DeleteFromForbidLoad ((UINT16)(QuestionId & (KEY_MODIFY_DP_MASK - 1)));
DisplayLoadForbid ();
break;
//
// Connect permit device path modified.
//
case KEY_CONNECT_PERMIT_MODIFY:
break;
//
// Connect forbid device path modified.
//
case KEY_CONNECT_FORBID_MODIFY:
break;
default:
break;
}
break;
default:
break;
}
break;
default:
break;
}
}
break;
case EFI_BROWSER_ACTION_CHANGING:
{
//
// Handle the request from form.
//
if (Value == NULL) {
return EFI_INVALID_PARAMETER;
}
//
// Judge first 2 bits.
//
switch (QuestionId & KEY_FIRST_FORM_MASK) {
//
// Delete user profile operation.
//
case KEY_DEL_USER:
//
// Judge next 2 bits.
//
switch (QuestionId & KEY_SECOND_FORM_MASK) {
//
// Enter delete user profile form.
//
case KEY_ENTER_NEXT_FORM:
SelectUserToDelete ();
break;
default:
break;
}
break;
//
// Modify user profile operation.
//
case KEY_MODIFY_USER:
//
// Judge next 2 bits.
//
switch (QuestionId & KEY_SECOND_FORM_MASK) {
//
// Enter modify user profile form.
//
case KEY_ENTER_NEXT_FORM:
SelectUserToModify ();
break;
//
// Enter user profile information form.
//
case KEY_SELECT_USER:
//
// Judge next 3 bits.
//
switch (QuestionId & KEY_MODIFY_INFO_MASK) {
//
// Display user information form.
//
case KEY_ENTER_NEXT_FORM:
ModifyUserInfo ((UINT8) QuestionId);
break;
//
// Modify identity policy.
//
case KEY_MODIFY_IP:
//
// Judge next 3 bits
//
switch (QuestionId & KEY_MODIFY_IP_MASK) {
//
// Display identity policy modify form.
//
case KEY_ENTER_NEXT_FORM:
ModifyIdentityPolicy ();
break;
default:
break;
}
break;
//
// Modify access policy.
//
case KEY_MODIFY_AP:
//
// Judge next 3 bits.
//
switch (QuestionId & KEY_MODIFY_AP_MASK) {
//
// Display access policy modify form.
//
case KEY_ENTER_NEXT_FORM:
ModidyAccessPolicy ();
break;
//
// Load device path form.
//
case KEY_MODIFY_LOAD:
//
// Judge next 2 bits.
//
switch (QuestionId & KEY_DISPLAY_DP_MASK) {
//
// Permit load device path.
//
case KEY_PERMIT_MODIFY:
DisplayLoadPermit ();
break;
//
// Forbid load device path.
//
case KEY_FORBID_MODIFY:
DisplayLoadForbid ();
break;
default:
break;
}
break;
//
// Connect device path form.
//
case KEY_MODIFY_CONNECT:
//
// Judge next 2 bits.
//
switch (QuestionId & KEY_DISPLAY_DP_MASK) {
//
// Permit connect device path.
//
case KEY_PERMIT_MODIFY:
DisplayConnectPermit ();
break;
//
// Forbid connect device path.
//
case KEY_FORBID_MODIFY:
DisplayConnectForbid ();
break;
default:
break;
}
break;
default:
break;
}
break;
default:
break;
}
break;
default:
break;
}
break;
default:
break;
}
}
break;
default:
//
// All other action return unsupported.
//
Status = EFI_UNSUPPORTED;
break;
}
return Status;
}
/**
This function allows a caller to extract the current configuration for one
or more named elements from the target driver.
@param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
@param Request A null-terminated Unicode string in <ConfigRequest> format.
@param Progress On return, points to a character in the Request string.
Points to the string's null terminator if request was successful.
Points to the most recent '&' before the first failing name/value
pair (or the beginning of the string if the failure is in the
first name/value pair) if the request was not successful.
@param Results A null-terminated Unicode string in <ConfigAltResp> format which
has all values filled in for the names in the Request string.
String to be allocated by the called function.
@retval EFI_SUCCESS The Results is filled with the requested values.
@retval EFI_OUT_OF_RESOURCES Not enough memory to store the results.
@retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name.
@retval EFI_NOT_FOUND Routing data doesn't match any storage in this driver.
**/
EFI_STATUS
EFIAPI
FakeExtractConfig (
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN CONST EFI_STRING Request,
OUT EFI_STRING *Progress,
OUT EFI_STRING *Results
)
{
if (Progress == NULL || Results == NULL) {
return EFI_INVALID_PARAMETER;
}
*Progress = Request;
return EFI_NOT_FOUND;
}
/**
This function processes the results of changes in configuration.
@param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
@param Configuration A null-terminated Unicode string in <ConfigResp> format.
@param Progress A pointer to a string filled in with the offset of the most
recent '&' before the first failing name/value pair (or the
beginning of the string if the failure is in the first
name/value pair) or the terminating NULL if all was successful.
@retval EFI_SUCCESS The Results is processed successfully.
@retval EFI_INVALID_PARAMETER Configuration is NULL.
@retval EFI_NOT_FOUND Routing data doesn't match any storage in this driver.
**/
EFI_STATUS
EFIAPI
FakeRouteConfig (
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN CONST EFI_STRING Configuration,
OUT EFI_STRING *Progress
)
{
if (Configuration == NULL || Progress == NULL) {
return EFI_INVALID_PARAMETER;
}
*Progress = Configuration;
return EFI_NOT_FOUND;
}
/**
Main entry for this driver.
@param ImageHandle Image handle this driver.
@param SystemTable Pointer to SystemTable.
@retval EFI_SUCESS This function always complete successfully.
**/
EFI_STATUS
EFIAPI
UserProfileManagerInit (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
{
EFI_STATUS Status;
USER_PROFILE_MANAGER_CALLBACK_INFO *CallbackInfo;
Status = gBS->LocateProtocol (
&gEfiUserManagerProtocolGuid,
NULL,
(VOID **) &mUserManager
);
if (EFI_ERROR (Status)) {
return EFI_SUCCESS;
}
//
// Initialize driver private data.
//
ZeroMem (&mUserInfo, sizeof (mUserInfo));
ZeroMem (&mAccessInfo, sizeof (mAccessInfo));
CallbackInfo = AllocateZeroPool (sizeof (USER_PROFILE_MANAGER_CALLBACK_INFO));
ASSERT (CallbackInfo != NULL);
CallbackInfo->Signature = USER_PROFILE_MANAGER_SIGNATURE;
CallbackInfo->ConfigAccess.ExtractConfig = FakeExtractConfig;
CallbackInfo->ConfigAccess.RouteConfig = FakeRouteConfig;
CallbackInfo->ConfigAccess.Callback = UserProfileManagerCallback;
CallbackInfo->DriverHandle = NULL;
//
// Install Device Path Protocol and Config Access protocol to driver handle.
//
Status = gBS->InstallMultipleProtocolInterfaces (
&CallbackInfo->DriverHandle,
&gEfiDevicePathProtocolGuid,
&mHiiVendorDevicePath,
&gEfiHiiConfigAccessProtocolGuid,
&CallbackInfo->ConfigAccess,
NULL
);
ASSERT_EFI_ERROR (Status);
//
// Publish HII data.
//
CallbackInfo->HiiHandle = HiiAddPackages (
&gUserProfileManagerGuid,
CallbackInfo->DriverHandle,
UserProfileManagerStrings,
UserProfileManagerVfrBin,
NULL
);
ASSERT (CallbackInfo->HiiHandle != NULL);
mCallbackInfo = CallbackInfo;
return Status;
}

444
SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager.h
View File

@ -1,444 +0,0 @@
/** @file
The header file for user profile manager driver.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef __EFI_USER_PROFILE_MANAGER_H__
#define __EFI_USER_PROFILE_MANAGER_H__
#include <Uefi.h>
#include <Guid/GlobalVariable.h>
#include <Guid/MdeModuleHii.h>
#include <Protocol/HiiConfigAccess.h>
#include <Protocol/UserCredential2.h>
#include <Protocol/UserManager.h>
#include <Library/UefiRuntimeServicesTableLib.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/DevicePathLib.h>
#include <Library/DebugLib.h>
#include <Library/UefiLib.h>
#include <Library/PrintLib.h>
#include <Library/HiiLib.h>
#include "UserProfileManagerData.h"
#define USER_NAME_LENGTH 17
//
// Credential Provider Information.
//
typedef struct {
UINTN Count;
EFI_USER_CREDENTIAL2_PROTOCOL *Provider[1];
} CREDENTIAL_PROVIDER_INFO;
//
// User profile information structure.
//
typedef struct {
UINT64 UsageCount;
EFI_TIME CreateDate;
EFI_TIME UsageDate;
UINTN AccessPolicyLen;
UINTN IdentityPolicyLen;
UINTN NewIdentityPolicyLen;
UINT8 *AccessPolicy;
UINT8 *IdentityPolicy;
UINT8 *NewIdentityPolicy;
CHAR16 UserName[USER_NAME_LENGTH];
BOOLEAN CreateDateExist;
BOOLEAN UsageDateExist;
BOOLEAN AccessPolicyModified;
BOOLEAN IdentityPolicyModified;
BOOLEAN NewIdentityPolicyModified;
} USER_INFO;
//
// User access information structure.
//
typedef struct {
UINTN LoadPermitLen;
UINTN LoadForbidLen;
UINTN ConnectPermitLen;
UINTN ConnectForbidLen;
UINT8 *LoadPermit;
UINT8 *LoadForbid;
UINT8 *ConnectPermit;
UINT8 *ConnectForbid;
UINT32 AccessBootOrder;
UINT8 AccessRight;
UINT8 AccessSetup;
} USER_INFO_ACCESS;
#define USER_PROFILE_MANAGER_SIGNATURE SIGNATURE_32 ('U', 'P', 'M', 'S')
typedef struct {
UINTN Signature;
EFI_HANDLE DriverHandle;
EFI_HII_HANDLE HiiHandle;
EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess;
} USER_PROFILE_MANAGER_CALLBACK_INFO;
//
// HII specific Vendor Device Path definition.
//
typedef struct {
VENDOR_DEVICE_PATH VendorDevicePath;
EFI_DEVICE_PATH_PROTOCOL End;
} HII_VENDOR_DEVICE_PATH;
//
// This is the generated IFR binary data for each formset defined in VFR.
//
extern UINT8 UserProfileManagerVfrBin[];
//
// This is the generated String package data for .UNI file.
//
extern UINT8 UserProfileManagerStrings[];
//
// The user manager protocol, used in several function.
//
extern EFI_USER_MANAGER_PROTOCOL *mUserManager;
//
// The credential providers database in system.
//
extern CREDENTIAL_PROVIDER_INFO *mProviderInfo;
//
// The variables used to update identity policy.
//
extern UINT8 mProviderChoice;
extern UINT8 mConncetLogical;
//
// The variables used to update access policy.
//
extern USER_INFO_ACCESS mAccessInfo;
//
// The user information used to record all data in UI.
//
extern USER_INFO mUserInfo;
extern USER_PROFILE_MANAGER_CALLBACK_INFO *mCallbackInfo;
extern EFI_USER_PROFILE_HANDLE mModifyUser;
/**
Get string by string id from HII Interface.
@param[in] Id String ID to get the string from.
@retval CHAR16 * String from ID.
@retval NULL If error occurs.
**/
CHAR16 *
GetStringById (
IN EFI_STRING_ID Id
);
/**
Add a new user profile into the user profile database.
**/
VOID
CallAddUser (
VOID
);
/**
Display user select form; can select a user to modify.
**/
VOID
SelectUserToModify (
VOID
);
/**
Display user select form, cab select a user to delete.
**/
VOID
SelectUserToDelete (
VOID
);
/**
Delete the user specified by UserIndex in user profile database.
@param[in] UserIndex The index of user in the user name list to be deleted.
**/
VOID
DeleteUser (
IN UINT8 UserIndex
);
/**
Add a username item in form.
@param[in] User Points to the user profile whose username is added.
@param[in] Index The index of the user in the user name list.
@param[in] OpCodeHandle Points to container for dynamic created opcodes.
**/
VOID
AddUserToForm (
IN EFI_USER_PROFILE_HANDLE User,
IN UINT16 Index,
IN VOID *OpCodeHandle
);
/**
Display modify user information form
In this form, username, create Date, usage date, usage count, identity policy,
and access policy are displayed.
@param[in] UserIndex The index of the user in display list to modify.
**/
VOID
ModifyUserInfo (
IN UINT8 UserIndex
);
/**
Get the username from user input and update username string in Hii
database with it.
**/
VOID
ModifyUserName (
VOID
);
/**
Display the form of modifying user identity policy.
**/
VOID
ModifyIdentityPolicy (
VOID
);
/**
Update the mUserInfo.NewIdentityPolicy and UI when 'add option' is pressed.
**/
VOID
AddIdentityPolicyItem (
VOID
);
/**
Save the identity policy and update UI with it.
This function will verify the new identity policy, in current implementation,
the identity policy can be: T, P & P & P & ..., P | P | P | ...
Here, "T" means "True", "P" means "Credential Provider", "&" means "and", "|" means "or".
Other identity policies are not supported.
**/
VOID
SaveIdentityPolicy (
VOID
);
/**
Display modify user access policy form
In this form, access right, access setu,p and access boot order are dynamically
added. Load devicepath and connect devicepath are displayed too.
**/
VOID
ModidyAccessPolicy (
VOID
);
/**
Collect all the access policy data to mUserInfo.AccessPolicy,
and save it to user profile.
**/
VOID
SaveAccessPolicy (
VOID
);
/**
Get current user's access rights.
@param[out] AccessRight Points to the buffer used for user's access rights.
@retval EFI_SUCCESS Get current user access rights successfully.
@retval others Fail to get current user access rights.
**/
EFI_STATUS
GetAccessRight (
OUT UINT32 *AccessRight
);
/**
Display the permit load device path in the loadable device path list.
**/
VOID
DisplayLoadPermit(
VOID
);
/**
Display the forbid load device path list (mAccessInfo.LoadForbid).
**/
VOID
DisplayLoadForbid (
VOID
);
/**
Display the permit connect device path.
**/
VOID
DisplayConnectPermit (
VOID
);
/**
Display the forbid connect device path list.
**/
VOID
DisplayConnectForbid (
VOID
);
/**
Delete the specified device path by DriverIndex from the forbid device path
list (mAccessInfo.LoadForbid).
@param[in] DriverIndex The index of driver in a forbidden device path list.
**/
VOID
DeleteFromForbidLoad (
IN UINT16 DriverIndex
);
/**
Add the specified device path by DriverIndex to the forbid device path
list (mAccessInfo.LoadForbid).
@param[in] DriverIndex The index of driver saved in driver options.
**/
VOID
AddToForbidLoad (
IN UINT16 DriverIndex
);
/**
Get user name from the popup windows.
@param[in, out] UserNameLen On entry, point to the buffer lengh of UserName.
On exit, point to the input user name length.
@param[out] UserName The buffer to hold the input user name.
@retval EFI_ABORTED It is given up by pressing 'ESC' key.
@retval EFI_NOT_READY Not a valid input at all.
@retval EFI_SUCCESS Get a user name successfully.
**/
EFI_STATUS
GetUserNameInput (
IN OUT UINTN *UserNameLen,
OUT CHAR16 *UserName
);
/**
Find the specified info in User profile by the InfoType.
@param[in] User Handle of the user whose information will be searched.
@param[in] InfoType The user information type to find.
@param[out] UserInfo Points to user information handle found.
@retval EFI_SUCCESS Find the user information successfully.
@retval Others Fail to find the user information.
**/
EFI_STATUS
FindInfoByType (
IN EFI_USER_PROFILE_HANDLE User,
IN UINT8 InfoType,
OUT EFI_USER_INFO_HANDLE *UserInfo
);
/**
Convert the identity policy to a unicode string and update the Hii database
IpStringId string with it.
@param[in] Ip Points to identity policy.
@param[in] IpLen The identity policy length.
@param[in] IpStringId String ID in the HII database to be replaced.
**/
VOID
ResolveIdentityPolicy (
IN UINT8 *Ip,
IN UINTN IpLen,
IN EFI_STRING_ID IpStringId
);
/**
Expand access policy memory size.
@param[in] ValidLen The valid access policy length.
@param[in] ExpandLen The length that is needed to expand.
**/
VOID
ExpandMemory (
IN UINTN ValidLen,
IN UINTN ExpandLen
);
/**
Delete User's credental from all the providers that exist in User's identity policy.
@param[in] IdentityPolicy Point to User's identity policy.
@param[in] IdentityPolicyLen The length of the identity policy.
@param[in] User Points to user profile.
**/
VOID
DeleteCredentialFromProviders (
IN UINT8 *IdentityPolicy,
IN UINTN IdentityPolicyLen,
IN EFI_USER_PROFILE_HANDLE User
);
#endif

22
SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager.uni
View File

@ -1,22 +0,0 @@
// /** @file
// A UI tool to manage user profiles
//
// By this module, user can add/update/delete user profiles, and can also
// modify the user access policy and the user identification policy.
//
// Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
//
// This program and the accompanying materials
// are licensed and made available under the terms and conditions of the BSD License
// which accompanies this distribution. The full text of the license may be found at
// http://opensource.org/licenses/bsd-license.php
// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
//
// **/
#string STR_MODULE_ABSTRACT #language en-US "A UI tool to manage user profiles"
#string STR_MODULE_DESCRIPTION #language en-US "By this module, user can add/update/delete user profiles, and can also modify the user access policy and the user identification policy."

158
SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerData.h
View File

@ -1,158 +0,0 @@
/** @file
The form data for user profile manager driver.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef __USER_PROFILE_MANAGER_DATA_H__
#define __USER_PROFILE_MANAGER_DATA_H__
#include <Guid/UserProfileManagerHii.h>
//
// Form ID
//
#define FORMID_USER_MANAGE 0x0001
#define FORMID_MODIFY_USER 0x0002
#define FORMID_DEL_USER 0x0003
#define FORMID_USER_INFO 0x0004
#define FORMID_MODIFY_IP 0x0005
#define FORMID_MODIFY_AP 0x0006
#define FORMID_LOAD_DP 0x0007
#define FORMID_CONNECT_DP 0x0008
#define FORMID_PERMIT_LOAD_DP 0x0009
#define FORMID_FORBID_LOAD_DP 0x000A
#define FORMID_PERMIT_CONNECT_DP 0x000B
#define FORMID_FORBID_CONNECT_DP 0x000C
//
// Label ID
//
#define LABEL_USER_MANAGE_FUNC 0x0010
#define LABEL_USER_DEL_FUNC 0x0020
#define LABEL_USER_MOD_FUNC 0x0030
#define LABEL_USER_INFO_FUNC 0x0040
#define LABEL_IP_MOD_FUNC 0x0050
#define LABEL_AP_MOD_FUNC 0x0060
#define LABEL_PERMIT_LOAD_FUNC 0x0070
#define LABLE_FORBID_LOAD_FUNC 0x0080
#define LABEL_END 0x00F0
//
// First form key (Add/modify/del user profile).
// First 2 bits (bit 16~15).
//
#define KEY_MODIFY_USER 0x4000
#define KEY_DEL_USER 0x8000
#define KEY_ADD_USER 0xC000
#define KEY_FIRST_FORM_MASK 0xC000
//
// Second form key (Display new form /Select user / modify device path in access policy).
// Next 2 bits (bit 14~13).
//
#define KEY_ENTER_NEXT_FORM 0x0000
#define KEY_SELECT_USER 0x1000
#define KEY_MODIFY_AP_DP 0x2000
#define KEY_OPEN_CLOSE_FORM_ACTION 0x3000
#define KEY_SECOND_FORM_MASK 0x3000
//
// User profile information form key.
// Next 3 bits (bit 12~10).
//
#define KEY_MODIFY_NAME 0x0200
#define KEY_MODIFY_IP 0x0400
#define KEY_MODIFY_AP 0x0600
#define KEY_MODIFY_INFO_MASK 0x0E00
//
// Specified key, used in VFR (KEY_MODIFY_USER | KEY_SELECT_USER | KEY_MODIFY_NAME).
//
#define KEY_MODIFY_USER_NAME 0x5200
//
// Modify identity policy form key.
// Next 3 bits (bit 9~7).
//
#define KEY_MODIFY_PROV 0x0040
#define KEY_MODIFY_MTYPE 0x0080
#define KEY_MODIFY_CONN 0x00C0
#define KEY_ADD_IP_OP 0x0100
#define KEY_IP_RETURN_UIF 0x0140
#define KEY_MODIFY_IP_MASK 0x01C0
//
// Specified key.
//
#define KEY_ADD_LOGICAL_OP 0x5500
#define KEY_IP_RETURN 0x5540
//
// Modify access policy form key.
// Next 3 bits (bit 9~7).
//
#define KEY_MODIFY_RIGHT 0x0040
#define KEY_MODIFY_SETUP 0x0080
#define KEY_MODIFY_BOOT 0x00C0
#define KEY_MODIFY_LOAD 0x0100
#define KEY_MODIFY_CONNECT 0x0140
#define KEY_AP_RETURN_UIF 0x0180
#define KEY_MODIFY_AP_MASK 0x01C0
//
// Specified key.
//
#define KEY_LOAD_DP 0x5700
#define KEY_CONN_DP 0x5740
#define KEY_AP_RETURN 0x5780
//
// Device path form key.
// Next 2 bits (bit 6~5).
//
#define KEY_PERMIT_MODIFY 0x0010
#define KEY_FORBID_MODIFY 0x0020
#define KEY_DISPLAY_DP_MASK 0x0030
//
// Specified key.
//
#define KEY_LOAD_PERMIT 0x5710
#define KEY_LOAD_FORBID 0x5720
#define KEY_CONNECT_PERMIT 0x5750
#define KEY_CONNECT_FORBID 0x5760
//
// Device path modify key.
// 2 bits (bit 12~11).
//
#define KEY_LOAD_PERMIT_MODIFY 0x0000
#define KEY_LOAD_FORBID_MODIFY 0x0400
#define KEY_CONNECT_PERMIT_MODIFY 0x0800
#define KEY_CONNECT_FORBID_MODIFY 0x0C00
#define KEY_MODIFY_DP_MASK 0x0C00
//
// The permissions usable when configuring the platform.
//
#define ACCESS_SETUP_RESTRICTED 1
#define ACCESS_SETUP_NORMAL 2
#define ACCESS_SETUP_ADMIN 3
//
// Question ID for the question used in each form (KEY_OPEN_CLOSE_FORM_ACTION | FORMID_FORM_USER_MANAGE)
// This ID is used in FORM OPEN/CLOSE CallBack action.
//
#define QUESTIONID_USER_MANAGE 0x3001
#endif

72
SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerDxe.inf
View File

@ -1,72 +0,0 @@
## @file
# A UI tool to manage user profiles
#
# By this module, user can add/update/delete user profiles, and can also
# modify the user access policy and the user identification policy.
#
# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
# http://opensource.org/licenses/bsd-license.php
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = UserProfileManager
MODULE_UNI_FILE = UserProfileManager.uni
FILE_GUID = E38CB52D-A74D-45db-A8D0-290C9B21BBF2
MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0
ENTRY_POINT = UserProfileManagerInit
[Sources]
UserProfileManager.c
UserProfileManager.h
UserProfileAdd.c
UserProfileDelete.c
UserProfileModify.c
ModifyIdentityPolicy.c
ModifyAccessPolicy.c
UserProfileManagerData.h
UserProfileManagerStrings.uni
UserProfileManagerVfr.Vfr
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
SecurityPkg/SecurityPkg.dec
[LibraryClasses]
UefiRuntimeServicesTableLib
UefiBootServicesTableLib
UefiDriverEntryPoint
MemoryAllocationLib
BaseMemoryLib
DebugLib
HiiLib
UefiLib
DevicePathLib
[Guids]
gEfiIfrTianoGuid ## SOMETIMES_CONSUMES ## GUID
gEfiUserInfoAccessSetupAdminGuid ## SOMETIMES_CONSUMES ## GUID
gEfiUserInfoAccessSetupNormalGuid ## SOMETIMES_CONSUMES ## GUID
gEfiUserInfoAccessSetupRestrictedGuid ## SOMETIMES_CONSUMES ## GUID
gUserProfileManagerGuid ## CONSUMES ## HII
[Protocols]
gEfiDevicePathProtocolGuid ## PRODUCES
gEfiHiiConfigAccessProtocolGuid ## PRODUCES
gEfiUserCredential2ProtocolGuid ## SOMETIMES_CONSUMES
gEfiUserManagerProtocolGuid ## CONSUMES
[Depex]
gEfiUserManagerProtocolGuid
[UserExtensions.TianoCore."ExtraFiles"]
UserProfileManagerExtra.uni

19
SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerExtra.uni
View File

@ -1,19 +0,0 @@
// /** @file
// UserProfileManager Localized Strings and Content
//
// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
//
// This program and the accompanying materials
// are licensed and made available under the terms and conditions of the BSD License
// which accompanies this distribution. The full text of the license may be found at
// http://opensource.org/licenses/bsd-license.php
// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
//
// **/
#string STR_PROPERTIES_MODULE_NAME
#language en-US
"User Profile Manager"

158
SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerStrings.uni
View File

@ -1,158 +0,0 @@
/** @file
String definitions for User Profile Manager driver.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#langdef en-US "English"
#langdef fr-FR "Français"
#string STR_NULL_STRING #language en-US ""
#language fr-FR ""
#string STR_FORMSET_TITLE #language en-US "User Manager"
#language fr-FR "User Manager(French)"
#string STR_TITLE_HELP #language en-US "This selection will take you to the User Manager"
#language fr-FR "This selection will take you to the User Manager(French)"
#string STR_USERMAN_TITLE #language en-US "User Manager"
#language fr-FR "User Manager(French)"
#string STR_ADD_USER_TITLE #language en-US "Add User Profile"
#language fr-FR "Add User Profile(French)"
#string STR_ADD_USER_HELP #language en-US "Add User Profile to User Database"
#language fr-FR "Add User Profile to User Database(French)"
#string STR_MODIFY_USER_TITLE #language en-US "Modify User Profile"
#language fr-FR "Modify User Profile(French)"
#string STR_MODIFY_USER_HELP #language en-US "Modify User Profile Information"
#language fr-FR "Modify User Profile Information(French)"
#string STR_DELETE_USER_TITLE #language en-US "Delete User Profile"
#language fr-FR "Delete User Profile(French)"
#string STR_DELETE_USER_HELP #language en-US "Delete User Profile from User Database"
#language fr-FR "Delete User Profile from User Database(French)"
#string STR_USER_INFO #language en-US "User Profile Information"
#language fr-FR "User Profile Information(French)"
#string STR_USER_NAME #language en-US "User Name"
#language fr-FR "User Name(French)"
#string STR_USER_NAME_VAL #language en-US ""
#language fr-FR ""
#string STR_CREATE_DATE #language en-US "Create Date"
#language fr-FR "Create Date(French)"
#string STR_CREATE_DATE_VAL #language en-US ""
#language fr-FR ""
#string STR_USAGE_DATE #language en-US "Usage Date"
#language fr-FR "Usage Date(French)"
#string STR_USAGE_DATE_VAL #language en-US ""
#language fr-FR ""
#string STR_USAGE_COUNT #language en-US "Usage Count"
#language fr-FR "Usage Count(French)"
#string STR_USAGE_COUNT_VAL #language en-US ""
#language fr-FR ""
#string STR_IDENTIFY_POLICY #language en-US "Identify Policy"
#language fr-FR "Identify Policy(French)"
#string STR_IDENTIFY_POLICY_VAL #language en-US ""
#language fr-FR ""
#string STR_ACCESS_POLICY #language en-US "Access Policy"
#language fr-FR "Access Policy(French)"
#string STR_SAVE #language en-US "Save & Exit"
#language fr-FR "Save & Exit(French)"
#string STR_IDENTIFY_SAVE_HELP #language en-US "Save Identify Policy and Exit"
#language fr-FR "Save Identify Policy and Exit(French)"
#string STR_PROVIDER #language en-US "Credential Provider"
#language fr-FR "Credential Provider(French)"
#string STR_PROVIDER_HELP #language en-US "Select Credential Provider Option"
#language fr-FR "Select Credential Provider Option(French)"
#string STR_OR_CON #language en-US "Or"
#language fr-FR "Or(French)"
#string STR_AND_CON #language en-US "And"
#language fr-FR "And(French)"
#string STR_CONNECTOR #language en-US "Logical Connector"
#language fr-FR "Logical Connector(French)"
#string STR_CONNECTOR_HELP #language en-US "Select Logical Connector Option"
#language fr-FR "Select Logical Connector Option(French)"
#string STR_IDENTIFY_POLICY_VALUE #language en-US ""
#language fr-FR ""
#string STR_IDENTIFY_POLICY_HELP #language en-US "Current Identify Policy"
#language fr-FR "Current Identify Policy(French)"
#string STR_ADD_OPTION #language en-US "Add Option"
#language fr-FR "Add Option(French)"
#string STR_ADD_OPTION_HELP #language en-US "Add This Option to Identify Policy"
#language fr-FR "Add This Option to Identify Policy(French)"
#string STR_ACCESS_SAVE_HELP #language en-US "Save Access Policy and Exit"
#language fr-FR "Save Access Policy and Exit(French)"
#string STR_ACCESS_RIGHT #language en-US "Access Right"
#language fr-FR "Access Right(French)"
#string STR_ACCESS_RIGHT_HELP #language en-US "Select Access Right Option"
#language fr-FR "Select Access Right Option(French)"
#string STR_NORMAL #language en-US "Normal"
#language fr-FR "Normal(French)"
#string STR_ENROLL #language en-US "Enroll"
#language fr-FR "Enroll(French)"
#string STR_MANAGE #language en-US "Manage"
#language fr-FR "Manage(French)"
#string STR_ACCESS_SETUP #language en-US "Access Setup"
#language fr-FR "Access Setup(French)"
#string STR_ACCESS_SETUP_HELP #language en-US "Select Access Setup Option"
#language fr-FR "Selelct Access Setup Option(French)"
#string STR_RESTRICTED #language en-US "Restricted"
#language fr-FR "Restricted(French)"
#string STR_ADMIN #language en-US "Admin"
#language fr-FR "Admin(French)"
#string STR_BOOR_ORDER #language en-US "Access Boot Order"
#language fr-FR "Access Boot Order(French)"
#string STR_BOOT_ORDER_HELP #language en-US "Select Access Boot Order Option"
#language fr-FR "Select Access Boot Order Option(French)"
#string STR_INSERT #language en-US "Insert"
#language fr-FR "Insert(French)"
#string STR_APPEND #language en-US "Append"
#language fr-FR "Append(French)"
#string STR_REPLACE #language en-US "Replace"
#language fr-FR "Replace(French)"
#string STR_NODEFAULT #language en-US "Nodefault"
#language fr-FR "Nodefault(French)"
#string STR_LOAD #language en-US "Load Device Path"
#language fr-FR "Load Device Path(French)"
#string STR_LOAD_HELP #language en-US "Select Permit/Forbid Load Device Path"
#language fr-FR "Select Permit/Forbid Load Device Path(French)"
#string STR_CONNECT #language en-US "Connect Device Path"
#language fr-FR "Connect Device Path(French)"
#string STR_CONNECT_HELP #language en-US "Select Permit/Forbid Connect Device Path"
#language fr-FR "Select Permit/Forbid Connect Device Path(French)"
#string STR_LOAD_PERMIT #language en-US "Permit Load Device Path"
#language fr-FR "Permit Load Device Path(French)"
#string STR_LOAD_PERMIT_HELP #language en-US "Change Permit Load Device Path to Forbid"
#language fr-FR "Change Permit Load Device Path to Forbid(French)"
#string STR_LOAD_FORBID #language en-US "Forbid Load Device Path"
#language fr-FR "Forbid Load Device Path(French)"
#string STR_LOAD_FORBID_HELP #language en-US "Change Forbid Load Device Path to Permit"
#language fr-FR "Change Forbid Load Device Path to Permit(French)"
#string STR_CONNECT_PERMIT #language en-US "Permit Connect Device Path"
#language fr-FR "Permit Connect Device Path(French)"
#string STR_CONNECT_PERMIT_HELP #language en-US "Change Permit Connect Device Path to Forbid"
#language fr-FR "Change Permit Connect Device Path to Forbid(French)"
#string STR_CONNECT_FORBID #language en-US "Forbid Connect Device Path"
#language fr-FR "Forbid Connect Device Path(French)"
#string STR_CONNECT_FORBID_HELP #language en-US "Change Forbid Connect Device Path to Permit"
#language fr-FR "Change Forbid Connect Device Path to Permit(French)"
#string STR_PRESS_KEY_CONTINUE #language en-US "Press ENTER to Continue, Other Key to Cancel ..."
#language fr-FR "Press ENTER to Continue, Other Key to Cancel ...(French)"
#string STR_MOVE_TO_FORBID_LIST #language en-US "Are You Sure to Move It to Forbid List?"
#language fr-FR "Are You Sure to Move It to Forbid List?(French)"
#string STR_MOVE_TO_PERMIT_LIST #language en-US "Are You Sure to Move It to Permit List?"
#language fr-FR "Are You Sure to Move It to Permit List?(French)"
#string STR_STROKE_KEY_CONTINUE #language en-US "Please Press Any Key to Continue ..."
#language fr-FR "Please Press Any Key to Continue ... (French)"
#string STR_CREATE_PROFILE_FAILED #language en-US "Create New User Profile Failed!"
#language fr-FR "Create New User Profile Failed! (French)"
#string STR_CREATE_PROFILE_SUCCESS #language en-US "Create New User Profile Succeed!"
#language fr-FR "Create New User Profile Succeed! (French)"
#string STR_USER_ALREADY_EXISTED #language en-US "User Name Had Already Existed."
#language fr-FR "User Name Had Already Existed. (French)"
#string STR_GET_USERNAME_FAILED #language en-US "Failed To Get User Name."
#language fr-FR "Failed To Get User Name. (French)"

244
SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerVfr.Vfr
View File

@ -1,244 +0,0 @@
/** @file
User Profile Manager formset.
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "UserProfileManagerData.h"
#define USER_MANAGER_CLASS 0x00
#define USER_MANAGER_SUBCLASS 0x04
formset
guid = USER_PROFILE_MANAGER_GUID,
title = STRING_TOKEN(STR_FORMSET_TITLE),
help = STRING_TOKEN(STR_TITLE_HELP),
// User manager form
form formid = FORMID_USER_MANAGE,
title = STRING_TOKEN(STR_USERMAN_TITLE);
label LABEL_USER_MANAGE_FUNC;
label LABEL_END;
suppressif TRUE;
text
help = STRING_TOKEN(STR_NULL_STRING),
text = STRING_TOKEN(STR_NULL_STRING),
flags = INTERACTIVE,
key = QUESTIONID_USER_MANAGE;
endif;
endform;
// Modify user profile form
form formid = FORMID_MODIFY_USER,
title = STRING_TOKEN(STR_MODIFY_USER_TITLE);
label LABEL_USER_MOD_FUNC;
label LABEL_END;
endform;
// Delete user profile form
form formid = FORMID_DEL_USER,
title = STRING_TOKEN(STR_DELETE_USER_TITLE);
label LABEL_USER_DEL_FUNC;
label LABEL_END;
subtitle
text = STRING_TOKEN(STR_NULL_STRING);
endform;
//
// User profile information form
//
form formid = FORMID_USER_INFO,
title = STRING_TOKEN(STR_USER_INFO);
text
help = STRING_TOKEN(STR_USER_NAME_VAL),
text = STRING_TOKEN(STR_USER_NAME),
flags = INTERACTIVE,
key = KEY_MODIFY_USER_NAME;
text
help = STRING_TOKEN(STR_CREATE_DATE_VAL),
text = STRING_TOKEN(STR_CREATE_DATE);
text
help = STRING_TOKEN(STR_USAGE_DATE_VAL),
text = STRING_TOKEN(STR_USAGE_DATE);
text
help = STRING_TOKEN(STR_USAGE_COUNT_VAL),
text = STRING_TOKEN(STR_USAGE_COUNT);
label LABEL_USER_INFO_FUNC;
label LABEL_END;
endform;
//
// Identify policy modify form
//
form formid = FORMID_MODIFY_IP,
title = STRING_TOKEN(STR_IDENTIFY_POLICY);
text
help = STRING_TOKEN(STR_IDENTIFY_POLICY_HELP),
text = STRING_TOKEN(STR_IDENTIFY_POLICY),
text = STRING_TOKEN(STR_IDENTIFY_POLICY_VALUE);
label LABEL_IP_MOD_FUNC;
label LABEL_END;
text
help = STRING_TOKEN(STR_ADD_OPTION_HELP),
text = STRING_TOKEN(STR_ADD_OPTION),
flags = INTERACTIVE,
key = KEY_ADD_LOGICAL_OP;
subtitle
text = STRING_TOKEN(STR_NULL_STRING);
text
help = STRING_TOKEN(STR_IDENTIFY_SAVE_HELP),
text = STRING_TOKEN(STR_SAVE),
flags = INTERACTIVE,
key = KEY_IP_RETURN;
endform;
//
// Access policy modify form
//
form formid = FORMID_MODIFY_AP,
title = STRING_TOKEN(STR_ACCESS_POLICY);
label LABEL_AP_MOD_FUNC;
label LABEL_END;
goto FORMID_LOAD_DP,
prompt = STRING_TOKEN(STR_LOAD),
help = STRING_TOKEN(STR_LOAD_HELP),
flags = INTERACTIVE,
key = KEY_LOAD_DP;
goto FORMID_CONNECT_DP,
prompt = STRING_TOKEN(STR_CONNECT),
help = STRING_TOKEN(STR_CONNECT_HELP),
flags = INTERACTIVE,
key = KEY_CONN_DP;
subtitle
text = STRING_TOKEN(STR_NULL_STRING);
text
help = STRING_TOKEN(STR_ACCESS_SAVE_HELP),
text = STRING_TOKEN(STR_SAVE),
flags = INTERACTIVE,
key = KEY_AP_RETURN;
endform;
//
// Load device path form
//
form formid = FORMID_LOAD_DP,
title = STRING_TOKEN(STR_LOAD);
goto FORMID_PERMIT_LOAD_DP,
prompt = STRING_TOKEN(STR_LOAD_PERMIT),
help = STRING_TOKEN(STR_LOAD_PERMIT_HELP),
flags = INTERACTIVE,
key = KEY_LOAD_PERMIT;
goto FORMID_FORBID_LOAD_DP,
prompt = STRING_TOKEN(STR_LOAD_FORBID),
help = STRING_TOKEN(STR_LOAD_FORBID_HELP),
flags = INTERACTIVE,
key = KEY_LOAD_FORBID;
endform;
//
// Permit load device path form
//
form formid = FORMID_PERMIT_LOAD_DP,
title = STRING_TOKEN(STR_LOAD_PERMIT);
label LABEL_PERMIT_LOAD_FUNC;
label LABEL_END;
subtitle
text = STRING_TOKEN(STR_NULL_STRING);
endform;
//
// Forbid load device path form
//
form formid = FORMID_FORBID_LOAD_DP,
title = STRING_TOKEN(STR_LOAD_FORBID);
label LABLE_FORBID_LOAD_FUNC;
label LABEL_END;
subtitle
text = STRING_TOKEN(STR_NULL_STRING);
endform;
//
// Connect device path form
//
form formid = FORMID_CONNECT_DP,
title = STRING_TOKEN(STR_CONNECT);
goto FORMID_PERMIT_CONNECT_DP,
prompt = STRING_TOKEN(STR_CONNECT_PERMIT),
help = STRING_TOKEN(STR_CONNECT_PERMIT_HELP),
flags = INTERACTIVE,
key = KEY_CONNECT_PERMIT;
goto FORMID_FORBID_CONNECT_DP,
prompt = STRING_TOKEN(STR_CONNECT_FORBID),
help = STRING_TOKEN(STR_CONNECT_FORBID_HELP),
flags = INTERACTIVE,
key = KEY_CONNECT_FORBID;
endform;
//
// Permit connect device path form
//
form formid = FORMID_PERMIT_CONNECT_DP,
title = STRING_TOKEN(STR_CONNECT_PERMIT);
subtitle
text = STRING_TOKEN(STR_NULL_STRING);
endform;
//
// Forbid connect device path form
//
form formid = FORMID_FORBID_CONNECT_DP,
title = STRING_TOKEN(STR_CONNECT_FORBID);
subtitle
text = STRING_TOKEN(STR_NULL_STRING);
endform;
endformset;

1475
SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModify.c
View File

File diff suppressed because it is too large Load Diff