2 The functions for identification policy modification.
4 Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
15 #include "UserProfileManager.h"
19 Verify the new identity policy in the current implementation. The same credential
20 provider can't appear twice in one identity policy.
22 @param[in] NewGuid Points to the credential provider guid.
24 @retval TRUE The NewGuid was found in the identity policy.
25 @retval FALSE The NewGuid was not found.
29 ProviderAlreadyInPolicy (
34 EFI_USER_INFO_IDENTITY_POLICY
*Identity
;
38 while (Offset
< mUserInfo
.NewIdentityPolicyLen
) {
39 Identity
= (EFI_USER_INFO_IDENTITY_POLICY
*) (mUserInfo
.NewIdentityPolicy
+ Offset
);
40 if (Identity
->Type
== EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER
) {
41 if (CompareGuid (NewGuid
, (EFI_GUID
*) (Identity
+ 1))) {
43 EFI_LIGHTGRAY
| EFI_BACKGROUND_BLUE
,
45 L
"This Credential Provider Are Already Used!",
47 L
"Press Any Key to Continue ...",
53 Offset
+= Identity
->Length
;
61 Add the user's credential record in the provider.
63 @param[in] Identity Identity policy item including credential provider.
64 @param[in] User Points to user profile.
66 @retval EFI_SUCCESS Add or delete record successfully.
67 @retval Others Fail to add or delete record.
71 EnrollUserOnProvider (
72 IN EFI_USER_INFO_IDENTITY_POLICY
*Identity
,
73 IN EFI_USER_PROFILE_HANDLE User
77 EFI_USER_CREDENTIAL2_PROTOCOL
*UserCredential
;
80 // Find the specified credential provider.
82 for (Index
= 0; Index
< mProviderInfo
->Count
; Index
++) {
83 UserCredential
= mProviderInfo
->Provider
[Index
];
84 if (CompareGuid ((EFI_GUID
*)(Identity
+ 1), &UserCredential
->Identifier
)) {
85 return UserCredential
->Enroll (UserCredential
, User
);
94 Delete the User's credential record on the provider.
96 @param[in] Identity Point to EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER user info.
97 @param[in] User Points to user profile.
99 @retval EFI_SUCCESS Delete User's credential record successfully.
100 @retval Others Fail to add or delete record.
104 DeleteUserOnProvider (
105 IN EFI_USER_INFO_IDENTITY_POLICY
*Identity
,
106 IN EFI_USER_PROFILE_HANDLE User
110 EFI_USER_CREDENTIAL2_PROTOCOL
*UserCredential
;
113 // Find the specified credential provider.
115 for (Index
= 0; Index
< mProviderInfo
->Count
; Index
++) {
116 UserCredential
= mProviderInfo
->Provider
[Index
];
117 if (CompareGuid ((EFI_GUID
*)(Identity
+ 1), &UserCredential
->Identifier
)) {
118 return UserCredential
->Delete (UserCredential
, User
);
122 return EFI_NOT_FOUND
;
127 Delete User's credental from all the providers that exist in User's identity policy.
129 @param[in] IdentityPolicy Point to User's identity policy.
130 @param[in] IdentityPolicyLen The length of the identity policy.
131 @param[in] User Points to user profile.
135 DeleteCredentialFromProviders (
136 IN UINT8
*IdentityPolicy
,
137 IN UINTN IdentityPolicyLen
,
138 IN EFI_USER_PROFILE_HANDLE User
141 EFI_USER_INFO_IDENTITY_POLICY
*Identity
;
145 while (Offset
< IdentityPolicyLen
) {
146 Identity
= (EFI_USER_INFO_IDENTITY_POLICY
*) (IdentityPolicy
+ Offset
);
147 if (Identity
->Type
== EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER
) {
149 // Delete the user on this provider.
151 DeleteUserOnProvider (Identity
, User
);
153 Offset
+= Identity
->Length
;
160 Remove the provider specified by Offset from the new user identification record.
162 @param[in] IdentityPolicy Point to user identity item in new identification policy.
163 @param[in] Offset The item offset in the new identification policy.
167 DeleteProviderFromPolicy (
168 IN EFI_USER_INFO_IDENTITY_POLICY
*IdentityPolicy
,
175 if (IdentityPolicy
->Length
== mUserInfo
.NewIdentityPolicyLen
) {
177 // Only one credential provider in the identification policy.
178 // Set the new policy to be TRUE after removed the provider.
180 IdentityPolicy
->Type
= EFI_USER_INFO_IDENTITY_TRUE
;
181 IdentityPolicy
->Length
= sizeof (EFI_USER_INFO_IDENTITY_POLICY
);
182 mUserInfo
.NewIdentityPolicyLen
= IdentityPolicy
->Length
;
186 DeleteLen
= IdentityPolicy
->Length
+ sizeof(EFI_USER_INFO_IDENTITY_POLICY
);
187 if ((Offset
+ IdentityPolicy
->Length
) != mUserInfo
.NewIdentityPolicyLen
) {
189 // This provider is not the last item in the identification policy, delete it and the connector.
191 RemainingLen
= mUserInfo
.NewIdentityPolicyLen
- Offset
- DeleteLen
;
192 CopyMem ((UINT8
*) IdentityPolicy
, (UINT8
*) IdentityPolicy
+ DeleteLen
, RemainingLen
);
194 mUserInfo
.NewIdentityPolicyLen
-= DeleteLen
;
199 Add a new provider to the mUserInfo.NewIdentityPolicy.
201 It is invoked when 'add option' in UI is pressed.
203 @param[in] NewGuid Points to the credential provider guid.
207 AddProviderToPolicy (
211 UINT8
*NewPolicyInfo
;
212 UINTN NewPolicyInfoLen
;
213 EFI_USER_INFO_IDENTITY_POLICY
*Policy
;
216 // Allocate memory for the new identity policy.
218 NewPolicyInfoLen
= mUserInfo
.NewIdentityPolicyLen
+ sizeof (EFI_USER_INFO_IDENTITY_POLICY
) + sizeof (EFI_GUID
);
219 if (mUserInfo
.NewIdentityPolicyLen
> 0) {
221 // It is not the first provider in the policy. Add a connector before provider.
223 NewPolicyInfoLen
+= sizeof (EFI_USER_INFO_IDENTITY_POLICY
);
225 NewPolicyInfo
= AllocateZeroPool (NewPolicyInfoLen
);
226 if (NewPolicyInfo
== NULL
) {
230 NewPolicyInfoLen
= 0;
231 if (mUserInfo
.NewIdentityPolicyLen
> 0) {
233 // Save orginal policy.
235 CopyMem (NewPolicyInfo
, mUserInfo
.NewIdentityPolicy
, mUserInfo
.NewIdentityPolicyLen
);
238 // Save logical connector.
240 Policy
= (EFI_USER_INFO_IDENTITY_POLICY
*) (NewPolicyInfo
+ mUserInfo
.NewIdentityPolicyLen
);
241 if (mConncetLogical
== 0) {
242 Policy
->Type
= EFI_USER_INFO_IDENTITY_AND
;
244 Policy
->Type
= EFI_USER_INFO_IDENTITY_OR
;
247 Policy
->Length
= sizeof (EFI_USER_INFO_IDENTITY_POLICY
);
248 NewPolicyInfoLen
= mUserInfo
.NewIdentityPolicyLen
+ Policy
->Length
;
249 FreePool (mUserInfo
.NewIdentityPolicy
);
253 // Save credential provider.
255 Policy
= (EFI_USER_INFO_IDENTITY_POLICY
*) (NewPolicyInfo
+ NewPolicyInfoLen
);
256 Policy
->Length
= sizeof (EFI_USER_INFO_IDENTITY_POLICY
) + sizeof (EFI_GUID
);
257 Policy
->Type
= EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER
;
258 CopyGuid ((EFI_GUID
*) (Policy
+ 1), NewGuid
);
259 NewPolicyInfoLen
+= Policy
->Length
;
262 // Update identity policy choice.
264 mUserInfo
.NewIdentityPolicy
= NewPolicyInfo
;
265 mUserInfo
.NewIdentityPolicyLen
= NewPolicyInfoLen
;
266 mUserInfo
.NewIdentityPolicyModified
= TRUE
;
271 This function replaces the old identity policy with a new identity policy.
273 This function delete the user identity policy information.
274 If enroll new credential failed, recover the old identity policy.
276 @retval EFI_SUCCESS Modify user identity policy successfully.
277 @retval Others Fail to modify user identity policy.
281 UpdateCredentialProvider (
285 EFI_USER_INFO_IDENTITY_POLICY
*Identity
;
289 // Delete the old identification policy.
291 DeleteCredentialFromProviders (mUserInfo
.IdentityPolicy
, mUserInfo
.IdentityPolicyLen
, mModifyUser
);
294 // Add the new identification policy.
297 while (Offset
< mUserInfo
.NewIdentityPolicyLen
) {
298 Identity
= (EFI_USER_INFO_IDENTITY_POLICY
*) (mUserInfo
.NewIdentityPolicy
+ Offset
);
299 if (Identity
->Type
== EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER
) {
301 // Enroll the user on this provider
303 Status
= EnrollUserOnProvider (Identity
, mModifyUser
);
304 if (EFI_ERROR (Status
)) {
306 // Failed to enroll the user by new identification policy.
307 // So removed the credential provider from the identification policy
309 DeleteProviderFromPolicy (Identity
, Offset
);
313 Offset
+= Identity
->Length
;
321 Check whether the identity policy is valid.
323 @param[in] PolicyInfo Point to the identity policy.
324 @param[in] PolicyInfoLen The policy length.
326 @retval TRUE The policy is a valid identity policy.
327 @retval FALSE The policy is not a valid identity policy.
331 CheckNewIdentityPolicy (
332 IN UINT8
*PolicyInfo
,
333 IN UINTN PolicyInfoLen
336 EFI_USER_INFO_IDENTITY_POLICY
*Identity
;
342 // Check policy expression.
344 OpCode
= EFI_USER_INFO_IDENTITY_FALSE
;
346 while (Offset
< PolicyInfoLen
) {
348 // Check identification policy according to type
350 Identity
= (EFI_USER_INFO_IDENTITY_POLICY
*) (PolicyInfo
+ Offset
);
351 switch (Identity
->Type
) {
353 case EFI_USER_INFO_IDENTITY_TRUE
:
356 case EFI_USER_INFO_IDENTITY_OR
:
357 if (OpCode
== EFI_USER_INFO_IDENTITY_AND
) {
359 EFI_LIGHTGRAY
| EFI_BACKGROUND_BLUE
,
361 L
"Invalid Identity Policy, Mixed Connector Unsupport!",
363 L
"Press Any Key to Continue ...",
369 OpCode
= EFI_USER_INFO_IDENTITY_OR
;
372 case EFI_USER_INFO_IDENTITY_AND
:
373 if (OpCode
== EFI_USER_INFO_IDENTITY_OR
) {
375 EFI_LIGHTGRAY
| EFI_BACKGROUND_BLUE
,
377 L
"Invalid Identity Policy, Mixed Connector Unsupport!",
379 L
"Press Any Key to Continue ...",
385 OpCode
= EFI_USER_INFO_IDENTITY_AND
;
388 case EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER
:
393 EFI_LIGHTGRAY
| EFI_BACKGROUND_BLUE
,
395 L
"Unsupport parameter",
397 L
"Press Any Key to Continue ...",
402 Offset
+= Identity
->Length
;
410 Save the identity policy and update UI with it.
412 This funciton will verify the new identity policy, in current implementation,
413 the identity policy can be: T, P & P & P & ..., P | P | P | ...
414 Here, "T" means "True", "P" means "Credential Provider", "&" means "and", "|" means "or".
415 Other identity policies are not supported.
424 EFI_USER_INFO_HANDLE UserInfo
;
427 if (!mUserInfo
.NewIdentityPolicyModified
|| (mUserInfo
.NewIdentityPolicyLen
== 0)) {
432 // Check policy expression.
434 if (!CheckNewIdentityPolicy (mUserInfo
.NewIdentityPolicy
, mUserInfo
.NewIdentityPolicyLen
)) {
438 Status
= FindInfoByType (mModifyUser
, EFI_USER_INFO_IDENTITY_POLICY_RECORD
, &UserInfo
);
439 if (EFI_ERROR (Status
)) {
444 // Update the informantion on credential provider.
446 Status
= UpdateCredentialProvider ();
447 if (EFI_ERROR (Status
)) {
452 // Save new identification policy.
454 Info
= AllocateZeroPool (sizeof (EFI_USER_INFO
) + mUserInfo
.NewIdentityPolicyLen
);
455 ASSERT (Info
!= NULL
);
457 Info
->InfoType
= EFI_USER_INFO_IDENTITY_POLICY_RECORD
;
458 Info
->InfoAttribs
= EFI_USER_INFO_STORAGE_PLATFORM_NV
| EFI_USER_INFO_PUBLIC
| EFI_USER_INFO_EXCLUSIVE
;
459 Info
->InfoSize
= (UINT32
) (sizeof (EFI_USER_INFO
) + mUserInfo
.NewIdentityPolicyLen
);
460 CopyMem ((UINT8
*) (Info
+ 1), mUserInfo
.NewIdentityPolicy
, mUserInfo
.NewIdentityPolicyLen
);
462 Status
= mUserManager
->SetInfo (mUserManager
, mModifyUser
, &UserInfo
, Info
, Info
->InfoSize
);
466 // Update the mUserInfo.IdentityPolicy by mUserInfo.NewIdentityPolicy
468 if (mUserInfo
.IdentityPolicy
!= NULL
) {
469 FreePool (mUserInfo
.IdentityPolicy
);
471 mUserInfo
.IdentityPolicy
= mUserInfo
.NewIdentityPolicy
;
472 mUserInfo
.IdentityPolicyLen
= mUserInfo
.NewIdentityPolicyLen
;
474 mUserInfo
.NewIdentityPolicy
= NULL
;
475 mUserInfo
.NewIdentityPolicyLen
= 0;
476 mUserInfo
.NewIdentityPolicyModified
= FALSE
;
479 // Update identity policy choice.
481 ResolveIdentityPolicy (mUserInfo
.IdentityPolicy
, mUserInfo
.IdentityPolicyLen
, STRING_TOKEN (STR_IDENTIFY_POLICY_VAL
));
486 Update the mUserInfo.NewIdentityPolicy, and UI when 'add option' is pressed.
490 AddIdentityPolicyItem (
494 if (mProviderInfo
->Count
== 0) {
499 // Check the identity policy.
501 if (ProviderAlreadyInPolicy (&mProviderInfo
->Provider
[mProviderChoice
]->Identifier
)) {
506 // Add it to identification policy
508 AddProviderToPolicy (&mProviderInfo
->Provider
[mProviderChoice
]->Identifier
);
511 // Update identity policy choice.
513 ResolveIdentityPolicy (mUserInfo
.NewIdentityPolicy
, mUserInfo
.NewIdentityPolicyLen
, STRING_TOKEN (STR_IDENTIFY_POLICY_VALUE
));