sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update UID drivers to align with latest UEFI spec 2.3.1.

Browse Source 
Directly use ImageHandle instead of &ImageHandle for wrong usage in TCG physical presence library.

Signed-off-by: gdong1
Reviewed-by: xdu2
Reviewed-by: lgao4


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12530 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
gdong1
2011-10-12 03:38:19 +00:00
parent bfbe0beec1
commit 6f0b864812
14 changed files with 425 additions and 249 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
View File

@ -482,7 +482,7 @@ TcgPhysicalPresenceLibConstructor (
IN EFI_SYSTEM_TABLE *SystemTable IN EFI_SYSTEM_TABLE *SystemTable
) )
{ {
mPpStringPackHandle = HiiAddPackages (&gEfiPhysicalPresenceGuid, &ImageHandle, DxeTcgPhysicalPresenceLibStrings, NULL); mPpStringPackHandle = HiiAddPackages (&gEfiPhysicalPresenceGuid, ImageHandle, DxeTcgPhysicalPresenceLibStrings, NULL);
ASSERT (mPpStringPackHandle != NULL); ASSERT (mPpStringPackHandle != NULL);
return EFI_SUCCESS; return EFI_SUCCESS;

216
SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProvider.c
View File

@ -40,7 +40,7 @@ HII_VENDOR_DEVICE_PATH mHiiVendorDevicePath = {
} }
}; };
EFI_USER_CREDENTIAL_PROTOCOL gPwdCredentialProviderDriver = { EFI_USER_CREDENTIAL2_PROTOCOL gPwdCredentialProviderDriver = {
PWD_CREDENTIAL_PROVIDER_GUID, PWD_CREDENTIAL_PROVIDER_GUID,
EFI_USER_CREDENTIAL_CLASS_PASSWORD, EFI_USER_CREDENTIAL_CLASS_PASSWORD,
CredentialEnroll, CredentialEnroll,
@ -52,7 +52,9 @@ EFI_USER_CREDENTIAL_PROTOCOL gPwdCredentialProviderDriver = {
CredentialDeselect, CredentialDeselect,
CredentialDefault, CredentialDefault,
CredentialGetInfo, CredentialGetInfo,
CredentialGetNextInfo CredentialGetNextInfo,
EFI_CREDENTIAL_CAPABILITIES_ENROLL,
CredentialDelete
}; };
@ -117,12 +119,12 @@ ExpandTableSize (
/** /**
Add or delete info in table, and sync with NV variable. Add, update or delete info in table, and sync with NV variable.
@param[in] Index The index of the password in table. The index begin from 1. @param[in] Index The index of the password in table. If index is found in
If index is found in table, delete the info, else add the table, update the info, else add the into to table.
into to table. @param[in] Info The new password info to add into table.If Info is NULL,
@param[in] Info The new password info to add into table. delete the info by Index.
@retval EFI_INVALID_PARAMETER Info is NULL when save the info. @retval EFI_INVALID_PARAMETER Info is NULL when save the info.
@retval EFI_SUCCESS Modify the table successfully. @retval EFI_SUCCESS Modify the table successfully.
@ -135,23 +137,29 @@ ModifyTable (
IN PASSWORD_INFO * Info OPTIONAL IN PASSWORD_INFO * Info OPTIONAL
) )
{ {
EFI_STATUS Status; EFI_STATUS Status;
PASSWORD_INFO *NewPasswordInfo;
NewPasswordInfo = NULL;
if (Index < mPwdTable->Count) { if (Index < mPwdTable->Count) {
// if (Info == NULL) {
// Delete the specified entry. //
// // Delete the specified entry.
mPwdTable->Count--; //
if (Index != mPwdTable->Count) { mPwdTable->Count--;
CopyMem ( if (Index != mPwdTable->Count) {
&mPwdTable->UserInfo[Index], NewPasswordInfo = &mPwdTable->UserInfo[mPwdTable->Count];
&mPwdTable->UserInfo[mPwdTable->Count], }
sizeof (PASSWORD_INFO) } else {
); //
// Update the specified entry.
//
NewPasswordInfo = Info;
} }
} else { } else {
// //
// Add a new entry. // Add a new password info.
// //
if (Info == NULL) { if (Info == NULL) {
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
@ -161,14 +169,14 @@ ModifyTable (
ExpandTableSize (); ExpandTableSize ();
} }
CopyMem ( NewPasswordInfo = Info;
&mPwdTable->UserInfo[mPwdTable->Count],
Info,
sizeof (PASSWORD_INFO)
);
mPwdTable->Count++; mPwdTable->Count++;
} }
if (NewPasswordInfo != NULL) {
CopyMem (&mPwdTable->UserInfo[Index], NewPasswordInfo, sizeof (PASSWORD_INFO));
}
// //
// Save the credential table. // Save the credential table.
// //
@ -705,13 +713,11 @@ InitFormBrowser (
/** /**
Enroll a user on a credential provider. Enroll a user on a credential provider.
This function enrolls and deletes a user profile using this credential provider. This function enrolls a user on this credential provider. If the user exists on
If a user profile is successfully enrolled, it calls the User Manager Protocol this credential provider, update the user information on this credential provider;
function Notify() to notify the user manager driver that credential information otherwise add the user information on credential provider.
has changed. If an enrolled user does exist, delete the user on the credential
provider.
@param[in] This Points to this instance of EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of EFI_USER_CREDENTIAL2_PROTOCOL.
@param[in] User The user profile to enroll. @param[in] User The user profile to enroll.
@retval EFI_SUCCESS User profile was successfully enrolled. @retval EFI_SUCCESS User profile was successfully enrolled.
@ -729,7 +735,7 @@ InitFormBrowser (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialEnroll ( CredentialEnroll (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
IN EFI_USER_PROFILE_HANDLE User IN EFI_USER_PROFILE_HANDLE User
) )
{ {
@ -741,7 +747,6 @@ CredentialEnroll (
EFI_INPUT_KEY Key; EFI_INPUT_KEY Key;
EFI_USER_MANAGER_PROTOCOL *UserManager; EFI_USER_MANAGER_PROTOCOL *UserManager;
UINT8 *UserId; UINT8 *UserId;
UINT8 *NewUserId;
CHAR16 *QuestionStr; CHAR16 *QuestionStr;
CHAR16 *PromptStr; CHAR16 *PromptStr;
@ -771,23 +776,11 @@ CredentialEnroll (
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
// CopyMem (PwdInfo.UserId, (UINT8 *) (UserInfo + 1), sizeof (EFI_USER_INFO_IDENTIFIER));
// If User exists in mPwdTable, delete User. FreePool (UserInfo);
//
for (Index = 0; Index < mPwdTable->Count; Index++) {
UserId = (UINT8 *) &mPwdTable->UserInfo[Index].UserId;
NewUserId = (UINT8 *) (UserInfo + 1);
if (CompareMem (UserId, NewUserId, sizeof (EFI_USER_INFO_IDENTIFIER)) == 0) {
//
// Delete the existing password.
//
FreePool (UserInfo);
return ModifyTable (Index, NULL);
}
}
// //
// The User doesn't exist in mPwdTable; Enroll the new User. // Get password from user.
// //
while (TRUE) { while (TRUE) {
// //
@ -821,17 +814,23 @@ CredentialEnroll (
FreePool (PromptStr); FreePool (PromptStr);
} }
CopyMem (
PwdInfo.UserId,
(UINT8 *) (UserInfo + 1),
sizeof (EFI_USER_INFO_IDENTIFIER)
);
FreePool (UserInfo);
// //
// Save the new added entry. // Check whether User is ever enrolled in the provider.
//
for (Index = 0; Index < mPwdTable->Count; Index++) {
UserId = (UINT8 *) &mPwdTable->UserInfo[Index].UserId;
if (CompareMem (UserId, (UINT8 *) &PwdInfo.UserId, sizeof (EFI_USER_INFO_IDENTIFIER)) == 0) {
//
// User already exists, update the password.
//
break;
}
}
// //
Status = ModifyTable (mPwdTable->Count, &PwdInfo); // Enroll the User to the provider.
//
Status = ModifyTable (Index, &PwdInfo);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
@ -854,7 +853,7 @@ CredentialEnroll (
the user credential provider does not require a form to identify the user, then this the user credential provider does not require a form to identify the user, then this
function should return EFI_NOT_FOUND. function should return EFI_NOT_FOUND.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[out] Hii On return, holds the HII database handle. @param[out] Hii On return, holds the HII database handle.
@param[out] FormSetId On return, holds the identifier of the form set which contains @param[out] FormSetId On return, holds the identifier of the form set which contains
the form used during user identification. the form used during user identification.
@ -869,7 +868,7 @@ CredentialEnroll (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialForm ( CredentialForm (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
OUT EFI_HII_HANDLE *Hii, OUT EFI_HII_HANDLE *Hii,
OUT EFI_GUID *FormSetId, OUT EFI_GUID *FormSetId,
OUT EFI_FORM_ID *FormId OUT EFI_FORM_ID *FormId
@ -895,7 +894,7 @@ CredentialForm (
of pixels specified by Width and Height. If no such bitmap exists, then EFI_NOT_FOUND of pixels specified by Width and Height. If no such bitmap exists, then EFI_NOT_FOUND
is returned. is returned.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[in, out] Width On entry, points to the desired bitmap width. If NULL then no @param[in, out] Width On entry, points to the desired bitmap width. If NULL then no
bitmap information will be returned. On exit, points to the bitmap information will be returned. On exit, points to the
width of the bitmap returned. width of the bitmap returned.
@ -913,7 +912,7 @@ CredentialForm (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialTile ( CredentialTile (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
IN OUT UINTN *Width, IN OUT UINTN *Width,
IN OUT UINTN *Height, IN OUT UINTN *Height,
OUT EFI_HII_HANDLE *Hii, OUT EFI_HII_HANDLE *Hii,
@ -933,7 +932,7 @@ CredentialTile (
This function returns a string which describes the credential provider. If no This function returns a string which describes the credential provider. If no
such string exists, then EFI_NOT_FOUND is returned. such string exists, then EFI_NOT_FOUND is returned.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[out] Hii On return, holds the HII database handle. @param[out] Hii On return, holds the HII database handle.
@param[out] String On return, holds the HII string identifier. @param[out] String On return, holds the HII string identifier.
@ -945,7 +944,7 @@ CredentialTile (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialTitle ( CredentialTitle (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
OUT EFI_HII_HANDLE *Hii, OUT EFI_HII_HANDLE *Hii,
OUT EFI_STRING_ID *String OUT EFI_STRING_ID *String
) )
@ -972,7 +971,7 @@ CredentialTitle (
submitted on a form, OR after a call to Default() has returned that this credential is submitted on a form, OR after a call to Default() has returned that this credential is
ready to log on. ready to log on.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[in] User The user profile handle of the user profile currently being @param[in] User The user profile handle of the user profile currently being
considered by the user identity manager. If NULL, then no user considered by the user identity manager. If NULL, then no user
profile is currently under consideration. profile is currently under consideration.
@ -989,7 +988,7 @@ CredentialTitle (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialUser ( CredentialUser (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
IN EFI_USER_PROFILE_HANDLE User, IN EFI_USER_PROFILE_HANDLE User,
OUT EFI_USER_INFO_IDENTIFIER *Identifier OUT EFI_USER_INFO_IDENTIFIER *Identifier
) )
@ -1067,7 +1066,7 @@ CredentialUser (
AutoLogon returns FALSE, then the user interface will be constructed by the User AutoLogon returns FALSE, then the user interface will be constructed by the User
Identity Manager. Identity Manager.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[out] AutoLogon On return, points to the credential provider's capabilities @param[out] AutoLogon On return, points to the credential provider's capabilities
after the credential provider has been selected by the user. after the credential provider has been selected by the user.
@ -1078,7 +1077,7 @@ CredentialUser (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialSelect ( CredentialSelect (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon
) )
{ {
@ -1096,7 +1095,7 @@ CredentialSelect (
This function is called when a credential provider is deselected by the user. This function is called when a credential provider is deselected by the user.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@retval EFI_SUCCESS Credential provider successfully deselected. @retval EFI_SUCCESS Credential provider successfully deselected.
@ -1104,7 +1103,7 @@ CredentialSelect (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialDeselect ( CredentialDeselect (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This
) )
{ {
if (This == NULL) { if (This == NULL) {
@ -1119,7 +1118,7 @@ CredentialDeselect (
This function reports the default login behavior regarding this credential provider. This function reports the default login behavior regarding this credential provider.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[out] AutoLogon On return, holds whether the credential provider should be used @param[out] AutoLogon On return, holds whether the credential provider should be used
by default to automatically log on the user. by default to automatically log on the user.
@ -1130,7 +1129,7 @@ CredentialDeselect (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialDefault ( CredentialDefault (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon
) )
{ {
@ -1148,7 +1147,7 @@ CredentialDefault (
This function returns user information. This function returns user information.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[in] UserInfo Handle of the user information data record. @param[in] UserInfo Handle of the user information data record.
@param[out] Info On entry, points to a buffer of at least *InfoSize bytes. On @param[out] Info On entry, points to a buffer of at least *InfoSize bytes. On
exit, holds the user information. If the buffer is too small exit, holds the user information. If the buffer is too small
@ -1168,7 +1167,7 @@ CredentialDefault (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialGetInfo ( CredentialGetInfo (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
IN EFI_USER_INFO_HANDLE UserInfo, IN EFI_USER_INFO_HANDLE UserInfo,
OUT EFI_USER_INFO *Info, OUT EFI_USER_INFO *Info,
IN OUT UINTN *InfoSize IN OUT UINTN *InfoSize
@ -1215,7 +1214,7 @@ CredentialGetInfo (
another user information record handle until there are no more, at which point UserInfo another user information record handle until there are no more, at which point UserInfo
will point to NULL. will point to NULL.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[in, out] UserInfo On entry, points to the previous user information handle or NULL @param[in, out] UserInfo On entry, points to the previous user information handle or NULL
to start enumeration. On exit, points to the next user information to start enumeration. On exit, points to the next user information
handle or NULL if there is no more user information. handle or NULL if there is no more user information.
@ -1228,7 +1227,7 @@ CredentialGetInfo (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialGetNextInfo ( CredentialGetNextInfo (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
IN OUT EFI_USER_INFO_HANDLE *UserInfo IN OUT EFI_USER_INFO_HANDLE *UserInfo
) )
{ {
@ -1359,6 +1358,71 @@ CredentialGetNextInfo (
return EFI_NOT_FOUND; return EFI_NOT_FOUND;
} }
/**
Delete a user on this credential provider.
This function deletes a user on this credential provider.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[in] User The user profile handle to delete.
@retval EFI_SUCCESS User profile was successfully deleted.
@retval EFI_ACCESS_DENIED Current user profile does not permit deletion on the user profile handle.
Either the user profile cannot delete on any user profile or cannot delete
on a user profile other than the current user profile.
@retval EFI_UNSUPPORTED This credential provider does not support deletion in the pre-OS.
@retval EFI_DEVICE_ERROR The new credential could not be deleted because of a device error.
@retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle.
**/
EFI_STATUS
EFIAPI
CredentialDelete (
IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
IN EFI_USER_PROFILE_HANDLE User
)
{
EFI_STATUS Status;
EFI_USER_INFO *UserInfo;
UINT8 *UserId;
UINT8 *NewUserId;
UINTN Index;
if ((This == NULL) || (User == NULL)) {
return EFI_INVALID_PARAMETER;
}
//
// Get User Identifier.
//
UserInfo = NULL;
Status = FindUserInfoByType (
User,
EFI_USER_INFO_IDENTIFIER_RECORD,
&UserInfo
);
if (EFI_ERROR (Status)) {
return EFI_INVALID_PARAMETER;
}
//
// Find the user by user identifier in mPwdTable.
//
for (Index = 0; Index < mPwdTable->Count; Index++) {
UserId = (UINT8 *) &mPwdTable->UserInfo[Index].UserId;
NewUserId = (UINT8 *) (UserInfo + 1);
if (CompareMem (UserId, NewUserId, sizeof (EFI_USER_INFO_IDENTIFIER)) == 0) {
//
// Found the user, delete it.
//
ModifyTable (Index, NULL);
break;
}
}
FreePool (UserInfo);
return EFI_SUCCESS;
}
/** /**
Main entry for this driver. Main entry for this driver.
@ -1399,7 +1463,7 @@ PasswordProviderInit (
// //
Status = gBS->InstallProtocolInterface ( Status = gBS->InstallProtocolInterface (
&mCallbackInfo->DriverHandle, &mCallbackInfo->DriverHandle,
&gEfiUserCredentialProtocolGuid, &gEfiUserCredential2ProtocolGuid,
EFI_NATIVE_INTERFACE, EFI_NATIVE_INTERFACE,
&gPwdCredentialProviderDriver &gPwdCredentialProviderDriver
); );

77
SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProvider.h
View File

@ -1,7 +1,7 @@
/** @file /** @file
Password Credential Provider driver header file. Password Credential Provider driver header file.
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR> Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -20,7 +20,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Guid/GlobalVariable.h> #include <Guid/GlobalVariable.h>
#include <Protocol/HiiConfigAccess.h> #include <Protocol/HiiConfigAccess.h>
#include <Protocol/UserCredential.h> #include <Protocol/UserCredential2.h>
#include <Protocol/UserManager.h> #include <Protocol/UserManager.h>
#include <Library/UefiRuntimeServicesTableLib.h> #include <Library/UefiRuntimeServicesTableLib.h>
@ -92,13 +92,11 @@ typedef struct {
/** /**
Enroll a user on a credential provider. Enroll a user on a credential provider.
This function enrolls and deletes a user profile using this credential provider. This function enrolls a user on this credential provider. If the user exists on
If a user profile is successfully enrolled, it calls the User Manager Protocol this credential provider, update the user information on this credential provider;
function Notify() to notify the user manager driver that credential information otherwise delete the user information on credential provider.
has changed. If an enrolled user does exist, delete the user on the credential
provider. @param[in] This Points to this instance of EFI_USER_CREDENTIAL2_PROTOCOL.
@param[in] This Points to this instance of EFI_USER_CREDENTIAL_PROTOCOL.
@param[in] User The user profile to enroll. @param[in] User The user profile to enroll.
@retval EFI_SUCCESS User profile was successfully enrolled. @retval EFI_SUCCESS User profile was successfully enrolled.
@ -116,7 +114,7 @@ typedef struct {
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialEnroll ( CredentialEnroll (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
IN EFI_USER_PROFILE_HANDLE User IN EFI_USER_PROFILE_HANDLE User
); );
@ -129,7 +127,7 @@ CredentialEnroll (
the user credential provider does not require a form to identify the user, then this the user credential provider does not require a form to identify the user, then this
function should return EFI_NOT_FOUND. function should return EFI_NOT_FOUND.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[out] Hii On return, holds the HII database handle. @param[out] Hii On return, holds the HII database handle.
@param[out] FormSetId On return, holds the identifier of the form set which contains @param[out] FormSetId On return, holds the identifier of the form set which contains
the form used during user identification. the form used during user identification.
@ -144,7 +142,7 @@ CredentialEnroll (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialForm ( CredentialForm (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
OUT EFI_HII_HANDLE *Hii, OUT EFI_HII_HANDLE *Hii,
OUT EFI_GUID *FormSetId, OUT EFI_GUID *FormSetId,
OUT EFI_FORM_ID *FormId OUT EFI_FORM_ID *FormId
@ -157,7 +155,7 @@ CredentialForm (
of pixels specified by Width and Height. If no such bitmap exists, then EFI_NOT_FOUND of pixels specified by Width and Height. If no such bitmap exists, then EFI_NOT_FOUND
is returned. is returned.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[in, out] Width On entry, points to the desired bitmap width. If NULL then no @param[in, out] Width On entry, points to the desired bitmap width. If NULL then no
bitmap information will be returned. On exit, points to the bitmap information will be returned. On exit, points to the
width of the bitmap returned. width of the bitmap returned.
@ -175,7 +173,7 @@ CredentialForm (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialTile ( CredentialTile (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
IN OUT UINTN *Width, IN OUT UINTN *Width,
IN OUT UINTN *Height, IN OUT UINTN *Height,
OUT EFI_HII_HANDLE *Hii, OUT EFI_HII_HANDLE *Hii,
@ -188,7 +186,7 @@ CredentialTile (
This function returns a string which describes the credential provider. If no This function returns a string which describes the credential provider. If no
such string exists, then EFI_NOT_FOUND is returned. such string exists, then EFI_NOT_FOUND is returned.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[out] Hii On return, holds the HII database handle. @param[out] Hii On return, holds the HII database handle.
@param[out] String On return, holds the HII string identifier. @param[out] String On return, holds the HII string identifier.
@ -200,7 +198,7 @@ CredentialTile (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialTitle ( CredentialTitle (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
OUT EFI_HII_HANDLE *Hii, OUT EFI_HII_HANDLE *Hii,
OUT EFI_STRING_ID *String OUT EFI_STRING_ID *String
); );
@ -213,7 +211,7 @@ CredentialTitle (
submitted on a form OR after a call to Default() has returned that this credential is submitted on a form OR after a call to Default() has returned that this credential is
ready to log on. ready to log on.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[in] User The user profile handle of the user profile currently being @param[in] User The user profile handle of the user profile currently being
considered by the user identity manager. If NULL, then no user considered by the user identity manager. If NULL, then no user
profile is currently under consideration. profile is currently under consideration.
@ -230,7 +228,7 @@ CredentialTitle (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialUser ( CredentialUser (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
IN EFI_USER_PROFILE_HANDLE User, IN EFI_USER_PROFILE_HANDLE User,
OUT EFI_USER_INFO_IDENTIFIER *Identifier OUT EFI_USER_INFO_IDENTIFIER *Identifier
); );
@ -242,7 +240,7 @@ CredentialUser (
AutoLogon returns FALSE, then the user interface will be constructed by the User AutoLogon returns FALSE, then the user interface will be constructed by the User
Identity Manager. Identity Manager.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[out] AutoLogon On return, points to the credential provider's capabilities @param[out] AutoLogon On return, points to the credential provider's capabilities
after the credential provider has been selected by the user. after the credential provider has been selected by the user.
@ -253,7 +251,7 @@ CredentialUser (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialSelect ( CredentialSelect (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon
); );
@ -262,7 +260,7 @@ CredentialSelect (
This function is called when a credential provider is deselected by the user. This function is called when a credential provider is deselected by the user.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@retval EFI_SUCCESS Credential provider successfully deselected. @retval EFI_SUCCESS Credential provider successfully deselected.
@ -270,7 +268,7 @@ CredentialSelect (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialDeselect ( CredentialDeselect (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This
); );
/** /**
@ -278,7 +276,7 @@ CredentialDeselect (
This function reports the default login behavior regarding this credential provider. This function reports the default login behavior regarding this credential provider.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[out] AutoLogon On return, holds whether the credential provider should be used @param[out] AutoLogon On return, holds whether the credential provider should be used
by default to automatically log on the user. by default to automatically log on the user.
@ -289,7 +287,7 @@ CredentialDeselect (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialDefault ( CredentialDefault (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon
); );
@ -298,7 +296,7 @@ CredentialDefault (
This function returns user information. This function returns user information.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[in] UserInfo Handle of the user information data record. @param[in] UserInfo Handle of the user information data record.
@param[out] Info On entry, points to a buffer of at least *InfoSize bytes. On @param[out] Info On entry, points to a buffer of at least *InfoSize bytes. On
exit, holds the user information. If the buffer is too small exit, holds the user information. If the buffer is too small
@ -318,7 +316,7 @@ CredentialDefault (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialGetInfo ( CredentialGetInfo (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
IN EFI_USER_INFO_HANDLE UserInfo, IN EFI_USER_INFO_HANDLE UserInfo,
OUT EFI_USER_INFO *Info, OUT EFI_USER_INFO *Info,
IN OUT UINTN *InfoSize IN OUT UINTN *InfoSize
@ -333,7 +331,7 @@ CredentialGetInfo (
another user information record handle until there are no more, at which point UserInfo another user information record handle until there are no more, at which point UserInfo
will point to NULL. will point to NULL.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[in, out] UserInfo On entry, points to the previous user information handle or NULL @param[in, out] UserInfo On entry, points to the previous user information handle or NULL
to start enumeration. On exit, points to the next user information to start enumeration. On exit, points to the next user information
handle or NULL if there is no more user information. handle or NULL if there is no more user information.
@ -346,8 +344,31 @@ CredentialGetInfo (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialGetNextInfo ( CredentialGetNextInfo (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
IN OUT EFI_USER_INFO_HANDLE *UserInfo IN OUT EFI_USER_INFO_HANDLE *UserInfo
); );
/**
Delete a user on this credential provider.
This function deletes a user on this credential provider.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[in] User The user profile handle to delete.
@retval EFI_SUCCESS User profile was successfully deleted.
@retval EFI_ACCESS_DENIED Current user profile does not permit deletion on the user profile handle.
Either the user profile cannot delete on any user profile or cannot delete
on a user profile other than the current user profile.
@retval EFI_UNSUPPORTED This credential provider does not support deletion in the pre-OS.
@retval EFI_DEVICE_ERROR The new credential could not be deleted because of a device error.
@retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle.
**/
EFI_STATUS
EFIAPI
CredentialDelete (
IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
IN EFI_USER_PROFILE_HANDLE User
);
#endif #endif

2
SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderDxe.inf
View File

@ -50,5 +50,5 @@
[Protocols] [Protocols]
gEfiDevicePathProtocolGuid # PROTOCOL ALWAYS_CONSUMED gEfiDevicePathProtocolGuid # PROTOCOL ALWAYS_CONSUMED
gEfiHiiConfigAccessProtocolGuid gEfiHiiConfigAccessProtocolGuid
gEfiUserCredentialProtocolGuid gEfiUserCredential2ProtocolGuid
gEfiUserManagerProtocolGuid gEfiUserManagerProtocolGuid

214
SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.c
View File

@ -18,7 +18,7 @@ CREDENTIAL_TABLE *mUsbTable = NULL;
USB_PROVIDER_CALLBACK_INFO *mCallbackInfo = NULL; USB_PROVIDER_CALLBACK_INFO *mCallbackInfo = NULL;
USB_CREDENTIAL_INFO *mUsbInfoHandle = NULL; USB_CREDENTIAL_INFO *mUsbInfoHandle = NULL;
EFI_USER_CREDENTIAL_PROTOCOL gUsbCredentialProviderDriver = { EFI_USER_CREDENTIAL2_PROTOCOL gUsbCredentialProviderDriver = {
USB_CREDENTIAL_PROVIDER_GUID, USB_CREDENTIAL_PROVIDER_GUID,
EFI_USER_CREDENTIAL_CLASS_SECURE_CARD, EFI_USER_CREDENTIAL_CLASS_SECURE_CARD,
CredentialEnroll, CredentialEnroll,
@ -30,7 +30,9 @@ EFI_USER_CREDENTIAL_PROTOCOL gUsbCredentialProviderDriver = {
CredentialDeselect, CredentialDeselect,
CredentialDefault, CredentialDefault,
CredentialGetInfo, CredentialGetInfo,
CredentialGetNextInfo CredentialGetNextInfo,
EFI_CREDENTIAL_CAPABILITIES_ENROLL,
CredentialDelete
}; };
@ -95,12 +97,12 @@ ExpandTableSize (
/** /**
Add or delete info in table, and sync with NV variable. Add, update or delete info in table, and sync with NV variable.
@param[in] Index The index of the password in table. The index begin from 1. @param[in] Index The index of the password in table. If index is found in
If index is found in table, delete the info, else add the table, update the info, else add the into to table.
into to table. @param[in] Info The new credential info to add into table. If Info is NULL,
@param[in] Info The new password info to add into table. delete the info by Index.
@retval EFI_INVALID_PARAMETER Info is NULL when save the info. @retval EFI_INVALID_PARAMETER Info is NULL when save the info.
@retval EFI_SUCCESS Modify the table successfully. @retval EFI_SUCCESS Modify the table successfully.
@ -114,18 +116,23 @@ ModifyTable (
) )
{ {
EFI_STATUS Status; EFI_STATUS Status;
USB_INFO *NewUsbInfo;
NewUsbInfo = NULL;
if (Index < mUsbTable->Count) { if (Index < mUsbTable->Count) {
// if (Info == NULL) {
// Delete the specified entry //
// // Delete the specified entry.
mUsbTable->Count--; //
if (Index != mUsbTable->Count) { mUsbTable->Count--;
CopyMem ( if (Index != mUsbTable->Count) {
&mUsbTable->UserInfo[Index], NewUsbInfo = &mUsbTable->UserInfo[mUsbTable->Count];
&mUsbTable->UserInfo[mUsbTable->Count], }
sizeof (USB_INFO) } else {
); //
// Update the specified entry.
//
NewUsbInfo = Info;
} }
} else { } else {
// //
@ -139,14 +146,14 @@ ModifyTable (
ExpandTableSize (); ExpandTableSize ();
} }
CopyMem ( NewUsbInfo = Info;
&mUsbTable->UserInfo[mUsbTable->Count],
Info,
sizeof (USB_INFO)
);
mUsbTable->Count++; mUsbTable->Count++;
} }
if (NewUsbInfo != NULL) {
CopyMem (&mUsbTable->UserInfo[Index], NewUsbInfo, sizeof (USB_INFO));
}
// //
// Save the credential table. // Save the credential table.
// //
@ -636,13 +643,11 @@ InitFormBrowser (
/** /**
Enroll a user on a credential provider. Enroll a user on a credential provider.
This function enrolls and deletes a user profile using this credential provider. This function enrolls a user on this credential provider. If the user exists on
If a user profile is successfully enrolled, it calls the User Manager Protocol this credential provider, update the user information on this credential provider;
function Notify() to notify the user manager driver that credential information otherwise add the user information on credential provider.
has changed. If an enrolled user does exist, delete the user on the credential
provider.
@param[in] This Points to this instance of EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of EFI_USER_CREDENTIAL2_PROTOCOL.
@param[in] User The user profile to enroll. @param[in] User The user profile to enroll.
@retval EFI_SUCCESS User profile was successfully enrolled. @retval EFI_SUCCESS User profile was successfully enrolled.
@ -660,7 +665,7 @@ InitFormBrowser (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialEnroll ( CredentialEnroll (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
IN EFI_USER_PROFILE_HANDLE User IN EFI_USER_PROFILE_HANDLE User
) )
{ {
@ -671,8 +676,6 @@ CredentialEnroll (
EFI_INPUT_KEY Key; EFI_INPUT_KEY Key;
EFI_USER_MANAGER_PROTOCOL *UserManager; EFI_USER_MANAGER_PROTOCOL *UserManager;
UINT8 *UserId; UINT8 *UserId;
UINT8 *NewUserId;
EFI_TPL OldTpl;
CHAR16 *QuestionStr; CHAR16 *QuestionStr;
CHAR16 *PromptStr; CHAR16 *PromptStr;
@ -701,22 +704,10 @@ CredentialEnroll (
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
//
// If User exists in mUsbTable, delete User.
//
for (Index = 0; Index < mUsbTable->Count; Index++) {
UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId;
NewUserId = (UINT8 *) (UserInfo + 1);
if (CompareMem (UserId, NewUserId, sizeof (EFI_USER_INFO_IDENTIFIER)) == 0) {
//
// Delete the exist Token.
//
FreePool (UserInfo);
return ModifyTable (Index, NULL);
}
}
CopyMem (UsbInfo.UserId, (UINT8 *) (UserInfo + 1), sizeof (EFI_USER_INFO_IDENTIFIER));
FreePool (UserInfo);
// //
// Get Token and User ID to UsbInfo. // Get Token and User ID to UsbInfo.
// //
@ -724,8 +715,6 @@ CredentialEnroll (
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
QuestionStr = GetStringById (STRING_TOKEN (STR_READ_USB_TOKEN_ERROR)); QuestionStr = GetStringById (STRING_TOKEN (STR_READ_USB_TOKEN_ERROR));
PromptStr = GetStringById (STRING_TOKEN (STR_INSERT_USB_TOKEN)); PromptStr = GetStringById (STRING_TOKEN (STR_INSERT_USB_TOKEN));
OldTpl = gBS->RaiseTPL (TPL_HIGH_LEVEL);
gBS->RestoreTPL (TPL_APPLICATION);
CreatePopUp ( CreatePopUp (
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
&Key, &Key,
@ -734,23 +723,28 @@ CredentialEnroll (
PromptStr, PromptStr,
NULL NULL
); );
gBS->RaiseTPL (OldTpl);
FreePool (QuestionStr); FreePool (QuestionStr);
FreePool (PromptStr); FreePool (PromptStr);
FreePool (UserInfo);
return Status; return Status;
} }
CopyMem (
UsbInfo.UserId,
(UINT8 *) (UserInfo + 1),
sizeof (EFI_USER_INFO_IDENTIFIER)
);
FreePool (UserInfo);
// //
// Save the new added entry. // Check whether User is ever enrolled in the provider.
//
for (Index = 0; Index < mUsbTable->Count; Index++) {
UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId;
if (CompareMem (UserId, (UINT8 *) &UsbInfo.UserId, sizeof (EFI_USER_INFO_IDENTIFIER)) == 0) {
//
// User already exists, update the password.
//
break;
}
}
// //
Status = ModifyTable (mUsbTable->Count, &UsbInfo); // Enroll the User to the provider.
//
Status = ModifyTable (Index, &UsbInfo);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
@ -773,7 +767,7 @@ CredentialEnroll (
the user credential provider does not require a form to identify the user, then this the user credential provider does not require a form to identify the user, then this
function should return EFI_NOT_FOUND. function should return EFI_NOT_FOUND.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[out] Hii On return, holds the HII database handle. @param[out] Hii On return, holds the HII database handle.
@param[out] FormSetId On return, holds the identifier of the form set which contains @param[out] FormSetId On return, holds the identifier of the form set which contains
the form used during user identification. the form used during user identification.
@ -788,7 +782,7 @@ CredentialEnroll (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialForm ( CredentialForm (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
OUT EFI_HII_HANDLE *Hii, OUT EFI_HII_HANDLE *Hii,
OUT EFI_GUID *FormSetId, OUT EFI_GUID *FormSetId,
OUT EFI_FORM_ID *FormId OUT EFI_FORM_ID *FormId
@ -809,7 +803,7 @@ CredentialForm (
of pixels specified by Width and Height. If no such bitmap exists, then EFI_NOT_FOUND of pixels specified by Width and Height. If no such bitmap exists, then EFI_NOT_FOUND
is returned. is returned.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[in, out] Width On entry, points to the desired bitmap width. If NULL then no @param[in, out] Width On entry, points to the desired bitmap width. If NULL then no
bitmap information will be returned. On exit, points to the bitmap information will be returned. On exit, points to the
width of the bitmap returned. width of the bitmap returned.
@ -827,7 +821,7 @@ CredentialForm (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialTile ( CredentialTile (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
IN OUT UINTN *Width, IN OUT UINTN *Width,
IN OUT UINTN *Height, IN OUT UINTN *Height,
OUT EFI_HII_HANDLE *Hii, OUT EFI_HII_HANDLE *Hii,
@ -847,7 +841,7 @@ CredentialTile (
This function returns a string which describes the credential provider. If no This function returns a string which describes the credential provider. If no
such string exists, then EFI_NOT_FOUND is returned. such string exists, then EFI_NOT_FOUND is returned.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[out] Hii On return, holds the HII database handle. @param[out] Hii On return, holds the HII database handle.
@param[out] String On return, holds the HII string identifier. @param[out] String On return, holds the HII string identifier.
@ -859,7 +853,7 @@ CredentialTile (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialTitle ( CredentialTitle (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
OUT EFI_HII_HANDLE *Hii, OUT EFI_HII_HANDLE *Hii,
OUT EFI_STRING_ID *String OUT EFI_STRING_ID *String
) )
@ -885,7 +879,7 @@ CredentialTitle (
submitted on a form OR after a call to Default() has returned that this credential is submitted on a form OR after a call to Default() has returned that this credential is
ready to log on. ready to log on.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[in] User The user profile handle of the user profile currently being @param[in] User The user profile handle of the user profile currently being
considered by the user identity manager. If NULL, then no user considered by the user identity manager. If NULL, then no user
profile is currently under consideration. profile is currently under consideration.
@ -902,7 +896,7 @@ CredentialTitle (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialUser ( CredentialUser (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
IN EFI_USER_PROFILE_HANDLE User, IN EFI_USER_PROFILE_HANDLE User,
OUT EFI_USER_INFO_IDENTIFIER *Identifier OUT EFI_USER_INFO_IDENTIFIER *Identifier
) )
@ -1023,7 +1017,7 @@ CredentialUser (
AutoLogon returns FALSE, then the user interface will be constructed by the User AutoLogon returns FALSE, then the user interface will be constructed by the User
Identity Manager. Identity Manager.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[out] AutoLogon On return, points to the credential provider's capabilities @param[out] AutoLogon On return, points to the credential provider's capabilities
after the credential provider has been selected by the user. after the credential provider has been selected by the user.
@ -1034,7 +1028,7 @@ CredentialUser (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialSelect ( CredentialSelect (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon
) )
{ {
@ -1053,7 +1047,7 @@ CredentialSelect (
This function is called when a credential provider is deselected by the user. This function is called when a credential provider is deselected by the user.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@retval EFI_SUCCESS Credential provider successfully deselected. @retval EFI_SUCCESS Credential provider successfully deselected.
@ -1061,7 +1055,7 @@ CredentialSelect (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialDeselect ( CredentialDeselect (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This
) )
{ {
if (This == NULL) { if (This == NULL) {
@ -1076,7 +1070,7 @@ CredentialDeselect (
This function reports the default login behavior regarding this credential provider. This function reports the default login behavior regarding this credential provider.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[out] AutoLogon On return, holds whether the credential provider should be used @param[out] AutoLogon On return, holds whether the credential provider should be used
by default to automatically log on the user. by default to automatically log on the user.
@ -1087,7 +1081,7 @@ CredentialDeselect (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialDefault ( CredentialDefault (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon
) )
{ {
@ -1105,7 +1099,7 @@ CredentialDefault (
This function returns user information. This function returns user information.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[in] UserInfo Handle of the user information data record. @param[in] UserInfo Handle of the user information data record.
@param[out] Info On entry, points to a buffer of at least *InfoSize bytes. On @param[out] Info On entry, points to a buffer of at least *InfoSize bytes. On
exit, holds the user information. If the buffer is too small exit, holds the user information. If the buffer is too small
@ -1125,7 +1119,7 @@ CredentialDefault (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialGetInfo ( CredentialGetInfo (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
IN EFI_USER_INFO_HANDLE UserInfo, IN EFI_USER_INFO_HANDLE UserInfo,
OUT EFI_USER_INFO *Info, OUT EFI_USER_INFO *Info,
IN OUT UINTN *InfoSize IN OUT UINTN *InfoSize
@ -1173,7 +1167,7 @@ CredentialGetInfo (
another user information record handle until there are no more, at which point UserInfo another user information record handle until there are no more, at which point UserInfo
will point to NULL. will point to NULL.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[in, out] UserInfo On entry, points to the previous user information handle or NULL @param[in, out] UserInfo On entry, points to the previous user information handle or NULL
to start enumeration. On exit, points to the next user information to start enumeration. On exit, points to the next user information
handle or NULL if there is no more user information. handle or NULL if there is no more user information.
@ -1186,7 +1180,7 @@ CredentialGetInfo (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialGetNextInfo ( CredentialGetNextInfo (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
IN OUT EFI_USER_INFO_HANDLE *UserInfo IN OUT EFI_USER_INFO_HANDLE *UserInfo
) )
{ {
@ -1317,6 +1311,72 @@ CredentialGetNextInfo (
} }
/**
Delete a user on this credential provider.
This function deletes a user on this credential provider.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[in] User The user profile handle to delete.
@retval EFI_SUCCESS User profile was successfully deleted.
@retval EFI_ACCESS_DENIED Current user profile does not permit deletion on the user profile handle.
Either the user profile cannot delete on any user profile or cannot delete
on a user profile other than the current user profile.
@retval EFI_UNSUPPORTED This credential provider does not support deletion in the pre-OS.
@retval EFI_DEVICE_ERROR The new credential could not be deleted because of a device error.
@retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle.
**/
EFI_STATUS
EFIAPI
CredentialDelete (
IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
IN EFI_USER_PROFILE_HANDLE User
)
{
EFI_STATUS Status;
EFI_USER_INFO *UserInfo;
UINT8 *UserId;
UINT8 *NewUserId;
UINTN Index;
if ((This == NULL) || (User == NULL)) {
return EFI_INVALID_PARAMETER;
}
//
// Get User Identifier.
//
UserInfo = NULL;
Status = FindUserInfoByType (
User,
EFI_USER_INFO_IDENTIFIER_RECORD,
&UserInfo
);
if (EFI_ERROR (Status)) {
return EFI_INVALID_PARAMETER;
}
//
// Find the user by user identifier in mPwdTable.
//
for (Index = 0; Index < mUsbTable->Count; Index++) {
UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId;
NewUserId = (UINT8 *) (UserInfo + 1);
if (CompareMem (UserId, NewUserId, sizeof (EFI_USER_INFO_IDENTIFIER)) == 0) {
//
// Found the user, delete it.
//
ModifyTable (Index, NULL);
break;
}
}
FreePool (UserInfo);
return EFI_SUCCESS;
}
/** /**
Main entry for this driver. Main entry for this driver.
@ -1356,7 +1416,7 @@ UsbProviderInit (
// //
Status = gBS->InstallProtocolInterface ( Status = gBS->InstallProtocolInterface (
&mCallbackInfo->DriverHandle, &mCallbackInfo->DriverHandle,
&gEfiUserCredentialProtocolGuid, &gEfiUserCredential2ProtocolGuid,
EFI_NATIVE_INTERFACE, EFI_NATIVE_INTERFACE,
&gUsbCredentialProviderDriver &gUsbCredentialProviderDriver
); );

73
SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.h
View File

@ -24,7 +24,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Protocol/SimpleFileSystem.h> #include <Protocol/SimpleFileSystem.h>
#include <Protocol/BlockIo.h> #include <Protocol/BlockIo.h>
#include <Protocol/UserCredential.h> #include <Protocol/UserCredential2.h>
#include <Protocol/UserManager.h> #include <Protocol/UserManager.h>
#include <Library/UefiRuntimeServicesTableLib.h> #include <Library/UefiRuntimeServicesTableLib.h>
@ -86,7 +86,7 @@ typedef struct {
has changed. If an enrolled user does exist, delete the user on the credential has changed. If an enrolled user does exist, delete the user on the credential
provider. provider.
@param[in] This Points to this instance of EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of EFI_USER_CREDENTIAL2_PROTOCOL.
@param[in] User The user profile to enroll. @param[in] User The user profile to enroll.
@retval EFI_SUCCESS User profile was successfully enrolled. @retval EFI_SUCCESS User profile was successfully enrolled.
@ -104,20 +104,18 @@ typedef struct {
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialEnroll ( CredentialEnroll (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
IN EFI_USER_PROFILE_HANDLE User IN EFI_USER_PROFILE_HANDLE User
); );
/** /**
Returns the user interface information used during user identification. Returns the user interface information used during user identification.
This function returns information about the form used when interacting with the This function enrolls a user on this credential provider. If the user exists on
user during user identification. The form is the first enabled form in the form-set this credential provider, update the user information on this credential provider;
class EFI_HII_USER_CREDENTIAL_FORMSET_GUID installed on the HII handle HiiHandle. If otherwise delete the user information on credential provider.
the user credential provider does not require a form to identify the user, then this
function should return EFI_NOT_FOUND.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[out] Hii On return, holds the HII database handle. @param[out] Hii On return, holds the HII database handle.
@param[out] FormSetId On return, holds the identifier of the form set which contains @param[out] FormSetId On return, holds the identifier of the form set which contains
the form used during user identification. the form used during user identification.
@ -132,7 +130,7 @@ CredentialEnroll (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialForm ( CredentialForm (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
OUT EFI_HII_HANDLE *Hii, OUT EFI_HII_HANDLE *Hii,
OUT EFI_GUID *FormSetId, OUT EFI_GUID *FormSetId,
OUT EFI_FORM_ID *FormId OUT EFI_FORM_ID *FormId
@ -145,7 +143,7 @@ CredentialForm (
of pixels specified by Width and Height. If no such bitmap exists, then EFI_NOT_FOUND of pixels specified by Width and Height. If no such bitmap exists, then EFI_NOT_FOUND
is returned. is returned.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[in, out] Width On entry, points to the desired bitmap width. If NULL then no @param[in, out] Width On entry, points to the desired bitmap width. If NULL then no
bitmap information will be returned. On exit, points to the bitmap information will be returned. On exit, points to the
width of the bitmap returned. width of the bitmap returned.
@ -163,7 +161,7 @@ CredentialForm (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialTile ( CredentialTile (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
IN OUT UINTN *Width, IN OUT UINTN *Width,
IN OUT UINTN *Height, IN OUT UINTN *Height,
OUT EFI_HII_HANDLE *Hii, OUT EFI_HII_HANDLE *Hii,
@ -176,7 +174,7 @@ CredentialTile (
This function returns a string which describes the credential provider. If no This function returns a string which describes the credential provider. If no
such string exists, then EFI_NOT_FOUND is returned. such string exists, then EFI_NOT_FOUND is returned.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[out] Hii On return, holds the HII database handle. @param[out] Hii On return, holds the HII database handle.
@param[out] String On return, holds the HII string identifier. @param[out] String On return, holds the HII string identifier.
@ -188,7 +186,7 @@ CredentialTile (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialTitle ( CredentialTitle (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
OUT EFI_HII_HANDLE *Hii, OUT EFI_HII_HANDLE *Hii,
OUT EFI_STRING_ID *String OUT EFI_STRING_ID *String
); );
@ -201,7 +199,7 @@ CredentialTitle (
submitted on a form OR after a call to Default() has returned that this credential is submitted on a form OR after a call to Default() has returned that this credential is
ready to log on. ready to log on.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[in] User The user profile handle of the user profile currently being @param[in] User The user profile handle of the user profile currently being
considered by the user identity manager. If NULL, then no user considered by the user identity manager. If NULL, then no user
profile is currently under consideration. profile is currently under consideration.
@ -218,7 +216,7 @@ CredentialTitle (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialUser ( CredentialUser (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
IN EFI_USER_PROFILE_HANDLE User, IN EFI_USER_PROFILE_HANDLE User,
OUT EFI_USER_INFO_IDENTIFIER *Identifier OUT EFI_USER_INFO_IDENTIFIER *Identifier
); );
@ -230,7 +228,7 @@ CredentialUser (
AutoLogon returns FALSE, then the user interface will be constructed by the User AutoLogon returns FALSE, then the user interface will be constructed by the User
Identity Manager. Identity Manager.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[out] AutoLogon On return, points to the credential provider's capabilities @param[out] AutoLogon On return, points to the credential provider's capabilities
after the credential provider has been selected by the user. after the credential provider has been selected by the user.
@ -241,7 +239,7 @@ CredentialUser (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialSelect ( CredentialSelect (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon
); );
@ -250,7 +248,7 @@ CredentialSelect (
This function is called when a credential provider is deselected by the user. This function is called when a credential provider is deselected by the user.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@retval EFI_SUCCESS Credential provider successfully deselected. @retval EFI_SUCCESS Credential provider successfully deselected.
@ -258,7 +256,7 @@ CredentialSelect (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialDeselect ( CredentialDeselect (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This
); );
/** /**
@ -266,7 +264,7 @@ CredentialDeselect (
This function reports the default login behavior regarding this credential provider. This function reports the default login behavior regarding this credential provider.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[out] AutoLogon On return, holds whether the credential provider should be used @param[out] AutoLogon On return, holds whether the credential provider should be used
by default to automatically log on the user. by default to automatically log on the user.
@ -277,7 +275,7 @@ CredentialDeselect (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialDefault ( CredentialDefault (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon
); );
@ -286,7 +284,7 @@ CredentialDefault (
This function returns user information. This function returns user information.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[in] UserInfo Handle of the user information data record. @param[in] UserInfo Handle of the user information data record.
@param[out] Info On entry, points to a buffer of at least *InfoSize bytes. On @param[out] Info On entry, points to a buffer of at least *InfoSize bytes. On
exit, holds the user information. If the buffer is too small exit, holds the user information. If the buffer is too small
@ -306,7 +304,7 @@ CredentialDefault (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialGetInfo ( CredentialGetInfo (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
IN EFI_USER_INFO_HANDLE UserInfo, IN EFI_USER_INFO_HANDLE UserInfo,
OUT EFI_USER_INFO *Info, OUT EFI_USER_INFO *Info,
IN OUT UINTN *InfoSize IN OUT UINTN *InfoSize
@ -320,7 +318,7 @@ CredentialGetInfo (
another user information record handle until there are no more, at which point UserInfo another user information record handle until there are no more, at which point UserInfo
will point to NULL. will point to NULL.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[in, out] UserInfo On entry, points to the previous user information handle or NULL @param[in, out] UserInfo On entry, points to the previous user information handle or NULL
to start enumeration. On exit, points to the next user information to start enumeration. On exit, points to the next user information
handle or NULL if there is no more user information. handle or NULL if there is no more user information.
@ -333,8 +331,31 @@ CredentialGetInfo (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
CredentialGetNextInfo ( CredentialGetNextInfo (
IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
IN OUT EFI_USER_INFO_HANDLE *UserInfo IN OUT EFI_USER_INFO_HANDLE *UserInfo
); );
/**
Delete a user on this credential provider.
This function deletes a user on this credential provider.
@param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
@param[in] User The user profile handle to delete.
@retval EFI_SUCCESS User profile was successfully deleted.
@retval EFI_ACCESS_DENIED Current user profile does not permit deletion on the user profile handle.
Either the user profile cannot delete on any user profile or cannot delete
on a user profile other than the current user profile.
@retval EFI_UNSUPPORTED This credential provider does not support deletion in the pre-OS.
@retval EFI_DEVICE_ERROR The new credential could not be deleted because of a device error.
@retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle.
**/
EFI_STATUS
EFIAPI
CredentialDelete (
IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
IN EFI_USER_PROFILE_HANDLE User
);
#endif #endif

2
SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderDxe.inf
View File

@ -51,7 +51,7 @@
[Protocols] [Protocols]
gEfiDevicePathProtocolGuid # PROTOCOL ALWAYS_CONSUMED gEfiDevicePathProtocolGuid # PROTOCOL ALWAYS_CONSUMED
gEfiUserCredentialProtocolGuid gEfiUserCredential2ProtocolGuid
gEfiUserManagerProtocolGuid gEfiUserManagerProtocolGuid
gEfiBlockIoProtocolGuid gEfiBlockIoProtocolGuid
gEfiSimpleFileSystemProtocolGuid gEfiSimpleFileSystemProtocolGuid

64
SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManager.c
View File

@ -1016,6 +1016,8 @@ ExpandUserProfile (
@param[in] ByType If TRUE, Provider is credential class guid. @param[in] ByType If TRUE, Provider is credential class guid.
If FALSE, Provider is provider guid. If FALSE, Provider is provider guid.
@param[in] User Points to user profile. @param[in] User Points to user profile.
@param[in] Delete If TRUE, delete User from the provider; If FALSE, add
User info from the provider.
@retval EFI_SUCCESS Add or delete record successfully. @retval EFI_SUCCESS Add or delete record successfully.
@retval Others Fail to add or delete record. @retval Others Fail to add or delete record.
@ -1025,17 +1027,17 @@ EFI_STATUS
ModifyProviderCredential ( ModifyProviderCredential (
IN EFI_GUID *Provider, IN EFI_GUID *Provider,
IN BOOLEAN ByType, IN BOOLEAN ByType,
IN USER_PROFILE_ENTRY *User IN USER_PROFILE_ENTRY *User,
IN BOOLEAN Delete
) )
{ {
UINTN Index; UINTN Index;
EFI_USER_CREDENTIAL_PROTOCOL *UserCredential; EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential;
if (Provider == NULL) { if (Provider == NULL) {
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
// //
// Find the specified credential provider. // Find the specified credential provider.
// //
@ -1045,7 +1047,11 @@ ModifyProviderCredential (
// //
UserCredential = mProviderDb->Provider[Index]; UserCredential = mProviderDb->Provider[Index];
if (CompareGuid (&UserCredential->Identifier, Provider)) { if (CompareGuid (&UserCredential->Identifier, Provider)) {
return UserCredential->Enroll (UserCredential, User); if (Delete) {
return UserCredential->Delete (UserCredential, User);
} else {
return UserCredential->Enroll (UserCredential, User);
}
} }
} }
@ -1059,9 +1065,11 @@ ModifyProviderCredential (
Found the providers information in PolicyInfo, and then add or delete the user's credential Found the providers information in PolicyInfo, and then add or delete the user's credential
record in the providers. record in the providers.
@param User Points to user profile. @param[in] User Points to user profile.
@param PolicyInfo Point to identification policy to be modified. @param[in] PolicyInfo Point to identification policy to be modified.
@param InfoLen The length of PolicyInfo. @param[in] InfoLen The length of PolicyInfo.
@param[in] Delete If TRUE, delete User from the provider; If FALSE, add
User info from the provider.
@retval EFI_SUCCESS Modify PolicyInfo successfully. @retval EFI_SUCCESS Modify PolicyInfo successfully.
@retval Others Fail to modify PolicyInfo. @retval Others Fail to modify PolicyInfo.
@ -1071,7 +1079,8 @@ EFI_STATUS
ModifyCredentialInfo ( ModifyCredentialInfo (
IN USER_PROFILE_ENTRY *User, IN USER_PROFILE_ENTRY *User,
IN UINT8 *PolicyInfo, IN UINT8 *PolicyInfo,
IN UINTN InfoLen IN UINTN InfoLen,
IN BOOLEAN Delete
) )
{ {
EFI_STATUS Status; EFI_STATUS Status;
@ -1089,14 +1098,14 @@ ModifyCredentialInfo (
Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (PolicyInfo + TotalLen); Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (PolicyInfo + TotalLen);
switch (Identity->Type) { switch (Identity->Type) {
case EFI_USER_INFO_IDENTITY_CREDENTIAL_TYPE: case EFI_USER_INFO_IDENTITY_CREDENTIAL_TYPE:
Status = ModifyProviderCredential ((EFI_GUID *) (Identity + 1), TRUE, User); Status = ModifyProviderCredential ((EFI_GUID *) (Identity + 1), TRUE, User, Delete);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
break; break;
case EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER: case EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER:
Status = ModifyProviderCredential ((EFI_GUID *) (Identity + 1), FALSE, User); Status = ModifyProviderCredential ((EFI_GUID *) (Identity + 1), FALSE, User, Delete);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
@ -1372,7 +1381,7 @@ ModifyUserIpInfo (
// //
// The credential is NOT found in the old identity policy; add it. // The credential is NOT found in the old identity policy; add it.
// //
Status = ModifyCredentialInfo (User, (UINT8 *) Identity, Identity->Length); Status = ModifyCredentialInfo (User, (UINT8 *) Identity, Identity->Length, FALSE);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
break; break;
} }
@ -1399,7 +1408,7 @@ ModifyUserIpInfo (
break; break;
} }
ModifyCredentialInfo (User, (UINT8 *) Identity, Identity->Length); ModifyCredentialInfo (User, (UINT8 *) Identity, Identity->Length, TRUE);
CredentialCount--; CredentialCount--;
} }
} }
@ -1426,7 +1435,7 @@ ModifyUserIpInfo (
// //
// The credential is found in the old identity policy, so delete the old credential first. // The credential is found in the old identity policy, so delete the old credential first.
// //
Status = ModifyCredentialInfo (User, (UINT8 *) Identity, Identity->Length); Status = ModifyCredentialInfo (User, (UINT8 *) Identity, Identity->Length, TRUE);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
// //
// Failed to delete old credential. // Failed to delete old credential.
@ -1438,7 +1447,7 @@ ModifyUserIpInfo (
// //
// Add the new credential. // Add the new credential.
// //
Status = ModifyCredentialInfo (User, (UINT8 *) Identity, Identity->Length); Status = ModifyCredentialInfo (User, (UINT8 *) Identity, Identity->Length, FALSE);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
// //
// Failed to enroll the user by new identification policy. // Failed to enroll the user by new identification policy.
@ -1462,7 +1471,7 @@ ModifyUserIpInfo (
// //
// The credential is NOT found in the new identity policy. Delete the old credential. // The credential is NOT found in the new identity policy. Delete the old credential.
// //
ModifyCredentialInfo (User, (UINT8 *) Identity, Identity->Length); ModifyCredentialInfo (User, (UINT8 *) Identity, Identity->Length, TRUE);
} }
} }
TotalLen += Identity->Length; TotalLen += Identity->Length;
@ -1526,7 +1535,8 @@ AddUserInfo (
Status = ModifyCredentialInfo ( Status = ModifyCredentialInfo (
User, User,
(UINT8 *) ((EFI_USER_INFO *) Info + 1), (UINT8 *) ((EFI_USER_INFO *) Info + 1),
InfoSize - sizeof (EFI_USER_INFO) InfoSize - sizeof (EFI_USER_INFO),
FALSE
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
@ -1672,7 +1682,7 @@ DelUserInfo (
if (Info->InfoType == EFI_USER_INFO_IDENTIFIER_RECORD) { if (Info->InfoType == EFI_USER_INFO_IDENTIFIER_RECORD) {
return EFI_ACCESS_DENIED; return EFI_ACCESS_DENIED;
} else if (Info->InfoType == EFI_USER_INFO_IDENTITY_POLICY_RECORD) { } else if (Info->InfoType == EFI_USER_INFO_IDENTITY_POLICY_RECORD) {
Status = ModifyCredentialInfo (User, (UINT8 *) (Info + 1), Info->InfoSize - sizeof (EFI_USER_INFO)); Status = ModifyCredentialInfo (User, (UINT8 *) (Info + 1), Info->InfoSize - sizeof (EFI_USER_INFO), TRUE);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
@ -2331,7 +2341,7 @@ IdentifyByProviderId (
EFI_HII_HANDLE HiiHandle; EFI_HII_HANDLE HiiHandle;
EFI_GUID FormSetId; EFI_GUID FormSetId;
EFI_FORM_ID FormId; EFI_FORM_ID FormId;
EFI_USER_CREDENTIAL_PROTOCOL *UserCredential; EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential;
if (Provider == NULL) { if (Provider == NULL) {
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
@ -2523,7 +2533,7 @@ AddProviderSelection (
EFI_STRING_ID ProvID; EFI_STRING_ID ProvID;
CHAR16 *ProvStr; CHAR16 *ProvStr;
UINTN Index; UINTN Index;
EFI_USER_CREDENTIAL_PROTOCOL *UserCredential; EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential;
for (Index = 0; Index < mProviderDb->Count; Index++) { for (Index = 0; Index < mProviderDb->Count; Index++) {
UserCredential = mProviderDb->Provider[Index]; UserCredential = mProviderDb->Provider[Index];
@ -3152,7 +3162,7 @@ InitProviderInfo (
HandleBuf = NULL; HandleBuf = NULL;
Status = gBS->LocateHandleBuffer ( Status = gBS->LocateHandleBuffer (
ByProtocol, ByProtocol,
&gEfiUserCredentialProtocolGuid, &gEfiUserCredential2ProtocolGuid,
NULL, NULL,
&HandleCount, &HandleCount,
&HandleBuf &HandleBuf
@ -3166,8 +3176,8 @@ InitProviderInfo (
// //
mProviderDb = AllocateZeroPool ( mProviderDb = AllocateZeroPool (
sizeof (CREDENTIAL_PROVIDER_INFO) - sizeof (CREDENTIAL_PROVIDER_INFO) -
sizeof (EFI_USER_CREDENTIAL_PROTOCOL *) + sizeof (EFI_USER_CREDENTIAL2_PROTOCOL *) +
HandleCount * sizeof (EFI_USER_CREDENTIAL_PROTOCOL *) HandleCount * sizeof (EFI_USER_CREDENTIAL2_PROTOCOL *)
); );
if (mProviderDb == NULL) { if (mProviderDb == NULL) {
FreePool (HandleBuf); FreePool (HandleBuf);
@ -3178,7 +3188,7 @@ InitProviderInfo (
for (Index = 0; Index < HandleCount; Index++) { for (Index = 0; Index < HandleCount; Index++) {
Status = gBS->HandleProtocol ( Status = gBS->HandleProtocol (
HandleBuf[Index], HandleBuf[Index],
&gEfiUserCredentialProtocolGuid, &gEfiUserCredential2ProtocolGuid,
(VOID **) &mProviderDb->Provider[Index] (VOID **) &mProviderDb->Provider[Index]
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
@ -3513,7 +3523,7 @@ IdentifyUser (
EFI_CREDENTIAL_LOGON_FLAGS AutoLogon; EFI_CREDENTIAL_LOGON_FLAGS AutoLogon;
EFI_USER_INFO *IdentifyInfo; EFI_USER_INFO *IdentifyInfo;
EFI_USER_INFO_IDENTITY_POLICY *Identity; EFI_USER_INFO_IDENTITY_POLICY *Identity;
EFI_USER_CREDENTIAL_PROTOCOL *UserCredential; EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential;
USER_PROFILE_ENTRY *UserEntry; USER_PROFILE_ENTRY *UserEntry;
// //
@ -4114,7 +4124,7 @@ UserProfileSetInfo (
credential and add it. credential and add it.
@param[in] This Points to this instance of the EFI_USER_MANAGER_PROTOCOL. @param[in] This Points to this instance of the EFI_USER_MANAGER_PROTOCOL.
@param[in] Changed Handle on which is installed an instance of the EFI_USER_CREDENTIAL_PROTOCOL @param[in] Changed Handle on which is installed an instance of the EFI_USER_CREDENTIAL2_PROTOCOL
where the user has changed. where the user has changed.
@retval EFI_SUCCESS The User Identity Manager has handled the notification. @retval EFI_SUCCESS The User Identity Manager has handled the notification.
@ -4130,7 +4140,7 @@ UserProfileNotify (
) )
{ {
EFI_STATUS Status; EFI_STATUS Status;
EFI_USER_CREDENTIAL_PROTOCOL *Provider; EFI_USER_CREDENTIAL2_PROTOCOL *Provider;
EFI_USER_INFO_IDENTIFIER UserId; EFI_USER_INFO_IDENTIFIER UserId;
EFI_USER_INFO_HANDLE UserInfo; EFI_USER_INFO_HANDLE UserInfo;
EFI_USER_INFO_HANDLE UserInfo2; EFI_USER_INFO_HANDLE UserInfo2;
@ -4144,7 +4154,7 @@ UserProfileNotify (
Status = gBS->HandleProtocol ( Status = gBS->HandleProtocol (
Changed, Changed,
&gEfiUserCredentialProtocolGuid, &gEfiUserCredential2ProtocolGuid,
(VOID **) &Provider (VOID **) &Provider
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {

6
SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManager.h
View File

@ -1,7 +1,7 @@
/** @file /** @file
The header file for User identify Manager driver. The header file for User identify Manager driver.
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR> Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -25,7 +25,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Protocol/HiiConfigAccess.h> #include <Protocol/HiiConfigAccess.h>
#include <Protocol/HiiString.h> #include <Protocol/HiiString.h>
#include <Protocol/HiiConfigRouting.h> #include <Protocol/HiiConfigRouting.h>
#include <Protocol/UserCredential.h> #include <Protocol/UserCredential2.h>
#include <Protocol/UserManager.h> #include <Protocol/UserManager.h>
#include <Protocol/DeferredImageLoad.h> #include <Protocol/DeferredImageLoad.h>
#include <Protocol/SimpleTextOut.h> #include <Protocol/SimpleTextOut.h>
@ -67,7 +67,7 @@ extern UINT8 UserIdentifyManagerStrings[];
// //
typedef struct { typedef struct {
UINTN Count; UINTN Count;
EFI_USER_CREDENTIAL_PROTOCOL *Provider[1]; EFI_USER_CREDENTIAL2_PROTOCOL *Provider[1];
} CREDENTIAL_PROVIDER_INFO; } CREDENTIAL_PROVIDER_INFO;
// //

2
SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerDxe.inf
View File

@ -50,7 +50,7 @@
[Protocols] [Protocols]
gEfiFormBrowser2ProtocolGuid ## CONSUMES gEfiFormBrowser2ProtocolGuid ## CONSUMES
gEfiHiiDatabaseProtocolGuid ## CONSUMES gEfiHiiDatabaseProtocolGuid ## CONSUMES
gEfiUserCredentialProtocolGuid ## CONSUMES gEfiUserCredential2ProtocolGuid ## CONSUMES
gEfiDeferredImageLoadProtocolGuid ## CONSUMES gEfiDeferredImageLoadProtocolGuid ## CONSUMES
gEfiHiiConfigAccessProtocolGuid ## PRODUCES gEfiHiiConfigAccessProtocolGuid ## PRODUCES
gEfiUserManagerProtocolGuid ## PRODUCES gEfiUserManagerProtocolGuid ## PRODUCES

8
SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager.c
View File

@ -94,7 +94,7 @@ InitProviderInfo (
HandleBuf = NULL; HandleBuf = NULL;
Status = gBS->LocateHandleBuffer ( Status = gBS->LocateHandleBuffer (
ByProtocol, ByProtocol,
&gEfiUserCredentialProtocolGuid, &gEfiUserCredential2ProtocolGuid,
NULL, NULL,
&HandleCount, &HandleCount,
&HandleBuf &HandleBuf
@ -111,8 +111,8 @@ InitProviderInfo (
} }
mProviderInfo = AllocateZeroPool ( mProviderInfo = AllocateZeroPool (
sizeof (CREDENTIAL_PROVIDER_INFO) - sizeof (CREDENTIAL_PROVIDER_INFO) -
sizeof (EFI_USER_CREDENTIAL_PROTOCOL *) + sizeof (EFI_USER_CREDENTIAL2_PROTOCOL *) +
HandleCount * sizeof (EFI_USER_CREDENTIAL_PROTOCOL *) HandleCount * sizeof (EFI_USER_CREDENTIAL2_PROTOCOL *)
); );
if (mProviderInfo == NULL) { if (mProviderInfo == NULL) {
FreePool (HandleBuf); FreePool (HandleBuf);
@ -123,7 +123,7 @@ InitProviderInfo (
for (Index = 0; Index < HandleCount; Index++) { for (Index = 0; Index < HandleCount; Index++) {
Status = gBS->HandleProtocol ( Status = gBS->HandleProtocol (
HandleBuf[Index], HandleBuf[Index],
&gEfiUserCredentialProtocolGuid, &gEfiUserCredential2ProtocolGuid,
(VOID **) &mProviderInfo->Provider[Index] (VOID **) &mProviderInfo->Provider[Index]
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {

4
SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager.h
View File

@ -22,7 +22,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Protocol/HiiConfigAccess.h> #include <Protocol/HiiConfigAccess.h>
#include <Protocol/DevicePathToText.h> #include <Protocol/DevicePathToText.h>
#include <Protocol/UserCredential.h> #include <Protocol/UserCredential2.h>
#include <Protocol/UserManager.h> #include <Protocol/UserManager.h>
#include <Library/UefiRuntimeServicesTableLib.h> #include <Library/UefiRuntimeServicesTableLib.h>
@ -44,7 +44,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
// //
typedef struct { typedef struct {
UINTN Count; UINTN Count;
EFI_USER_CREDENTIAL_PROTOCOL *Provider[1]; EFI_USER_CREDENTIAL2_PROTOCOL *Provider[1];
} CREDENTIAL_PROVIDER_INFO; } CREDENTIAL_PROVIDER_INFO;
// //

2
SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerDxe.inf
View File

@ -54,7 +54,7 @@
[Protocols] [Protocols]
gEfiDevicePathProtocolGuid # PROTOCOL ALWAYS_CONSUMED gEfiDevicePathProtocolGuid # PROTOCOL ALWAYS_CONSUMED
gEfiHiiConfigAccessProtocolGuid gEfiHiiConfigAccessProtocolGuid
gEfiUserCredentialProtocolGuid gEfiUserCredential2ProtocolGuid
gEfiUserManagerProtocolGuid gEfiUserManagerProtocolGuid
gEfiDevicePathToTextProtocolGuid gEfiDevicePathToTextProtocolGuid

2
SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModify.c
View File

@ -379,7 +379,7 @@ ResolveIdentityPolicy (
CHAR16 *ProvStr; CHAR16 *ProvStr;
EFI_STRING_ID ProvId; EFI_STRING_ID ProvId;
EFI_HII_HANDLE HiiHandle; EFI_HII_HANDLE HiiHandle;
EFI_USER_CREDENTIAL_PROTOCOL *UserCredential; EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential;
TmpStr = NULL; TmpStr = NULL;