\r
\r
/**\r
- Find the specified info in profile mModifyUser by the InfoType.\r
+ Find the specified info in User profile by the InfoType.\r
\r
+ @param[in] User Handle of the user whose information will be searched.\r
@param[in] InfoType The user information type to find.\r
@param[out] UserInfo Points to user information handle found.\r
\r
**/\r
EFI_STATUS\r
FindInfoByType (\r
+ IN EFI_USER_PROFILE_HANDLE User,\r
IN UINT8 InfoType,\r
OUT EFI_USER_INFO_HANDLE *UserInfo\r
)\r
// Get each user information.\r
//\r
while (TRUE) {\r
- Status = mUserManager->GetNextInfo (mUserManager, mModifyUser, UserInfo);\r
+ Status = mUserManager->GetNextInfo (mUserManager, User, UserInfo);\r
if (EFI_ERROR (Status)) {\r
break;\r
}\r
InfoSize = MemSize;\r
Status = mUserManager->GetInfo (\r
mUserManager,\r
- mModifyUser,\r
+ User,\r
*UserInfo,\r
Info,\r
&InfoSize\r
}\r
Status = mUserManager->GetInfo (\r
mUserManager,\r
- mModifyUser,\r
+ User,\r
*UserInfo,\r
Info,\r
&InfoSize\r
}\r
\r
\r
-/**\r
- Collect all the access policy data to mUserInfo.AccessPolicy, \r
- and save it to user profile.\r
-\r
-**/\r
-VOID\r
-SaveAccessPolicy (\r
- VOID\r
- )\r
-{\r
- EFI_STATUS Status;\r
- UINTN OffSet;\r
- UINTN Size;\r
- EFI_USER_INFO_ACCESS_CONTROL Control;\r
- EFI_USER_INFO_HANDLE UserInfo;\r
- EFI_USER_INFO *Info;\r
-\r
- if (mUserInfo.AccessPolicy != NULL) {\r
- FreePool (mUserInfo.AccessPolicy);\r
- }\r
- mUserInfo.AccessPolicy = NULL;\r
- mUserInfo.AccessPolicyLen = 0;\r
- mUserInfo.AccessPolicyModified = TRUE;\r
- OffSet = 0;\r
- \r
- //\r
- // Save access right.\r
- //\r
- Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL);\r
- if (mUserInfo.AccessPolicyLen - OffSet < Size) {\r
- ExpandMemory (OffSet, Size);\r
- }\r
-\r
- Control.Type = mAccessInfo.AccessRight;\r
- Control.Size = (UINT32) Size;\r
- CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));\r
- OffSet += sizeof (Control);\r
- \r
- //\r
- // Save access setup.\r
- //\r
- Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + sizeof (EFI_GUID);\r
- if (mUserInfo.AccessPolicyLen - OffSet < Size) {\r
- ExpandMemory (OffSet, Size);\r
- }\r
-\r
- Control.Type = EFI_USER_INFO_ACCESS_SETUP;\r
- Control.Size = (UINT32) Size; \r
- CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));\r
- OffSet += sizeof (Control);\r
- \r
- if (mAccessInfo.AccessSetup == ACCESS_SETUP_NORMAL) {\r
- CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), &gEfiUserInfoAccessSetupNormalGuid);\r
- } else if (mAccessInfo.AccessSetup == ACCESS_SETUP_RESTRICTED) {\r
- CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), &gEfiUserInfoAccessSetupRestrictedGuid);\r
- } else if (mAccessInfo.AccessSetup == ACCESS_SETUP_ADMIN) {\r
- CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), &gEfiUserInfoAccessSetupAdminGuid);\r
- }\r
- OffSet += sizeof (EFI_GUID);\r
- \r
- //\r
- // Save access of boot order.\r
- //\r
- Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + sizeof (UINT32);\r
- if (mUserInfo.AccessPolicyLen - OffSet < Size) {\r
- ExpandMemory (OffSet, Size);\r
- }\r
-\r
- Control.Type = EFI_USER_INFO_ACCESS_BOOT_ORDER;\r
- Control.Size = (UINT32) Size; \r
- CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));\r
- OffSet += sizeof (Control);\r
-\r
- CopyMem ((UINT8 *) (mUserInfo.AccessPolicy + OffSet), &mAccessInfo.AccessBootOrder, sizeof (UINT32));\r
- OffSet += sizeof (UINT32);\r
- \r
- //\r
- // Save permit load.\r
- //\r
- if (mAccessInfo.LoadPermitLen > 0) {\r
- Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.LoadPermitLen;\r
- if (mUserInfo.AccessPolicyLen - OffSet < Size) {\r
- ExpandMemory (OffSet, Size);\r
- }\r
-\r
- Control.Type = EFI_USER_INFO_ACCESS_PERMIT_LOAD;\r
- Control.Size = (UINT32) Size; \r
- CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));\r
- OffSet += sizeof (Control);\r
- \r
- CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.LoadPermit, mAccessInfo.LoadPermitLen);\r
- OffSet += mAccessInfo.LoadPermitLen;\r
- }\r
- \r
- //\r
- // Save forbid load.\r
- //\r
- if (mAccessInfo.LoadForbidLen > 0) {\r
- Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.LoadForbidLen;\r
- if (mUserInfo.AccessPolicyLen - OffSet < Size) {\r
- ExpandMemory (OffSet, Size);\r
- }\r
-\r
- Control.Type = EFI_USER_INFO_ACCESS_FORBID_LOAD;\r
- Control.Size = (UINT32) Size; \r
- CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));\r
- OffSet += sizeof (Control);\r
- \r
- CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.LoadForbid, mAccessInfo.LoadForbidLen);\r
- OffSet += mAccessInfo.LoadForbidLen;\r
- }\r
- \r
- //\r
- // Save permit connect.\r
- //\r
- if (mAccessInfo.ConnectPermitLen > 0) {\r
- Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.ConnectPermitLen;\r
- if (mUserInfo.AccessPolicyLen - OffSet < Size) {\r
- ExpandMemory (OffSet, Size);\r
- }\r
-\r
- Control.Type = EFI_USER_INFO_ACCESS_PERMIT_CONNECT;\r
- Control.Size = (UINT32) Size; \r
- CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));\r
- OffSet += sizeof (Control);\r
- \r
- CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.ConnectPermit, mAccessInfo.ConnectPermitLen);\r
- OffSet += mAccessInfo.ConnectPermitLen;\r
- }\r
- \r
- //\r
- // Save forbid connect.\r
- //\r
- if (mAccessInfo.ConnectForbidLen > 0) {\r
- Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.ConnectForbidLen;\r
- if (mUserInfo.AccessPolicyLen - OffSet < Size) {\r
- ExpandMemory (OffSet, Size);\r
- }\r
-\r
- Control.Type = EFI_USER_INFO_ACCESS_FORBID_CONNECT;\r
- Control.Size = (UINT32) Size; \r
- CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));\r
- OffSet += sizeof (Control);\r
- \r
- CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.ConnectForbid, mAccessInfo.ConnectForbidLen);\r
- OffSet += mAccessInfo.ConnectForbidLen;\r
- }\r
-\r
- mUserInfo.AccessPolicyLen = OffSet;\r
-\r
- //\r
- // Save access policy.\r
- //\r
- if (mUserInfo.AccessPolicyModified && (mUserInfo.AccessPolicyLen > 0)) {\r
- Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + mUserInfo.AccessPolicyLen);\r
- if (Info == NULL) {\r
- return ;\r
- }\r
-\r
- Status = FindInfoByType (EFI_USER_INFO_ACCESS_POLICY_RECORD, &UserInfo);\r
- if (!EFI_ERROR (Status)) {\r
- Info->InfoType = EFI_USER_INFO_ACCESS_POLICY_RECORD;\r
- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV |\r
- EFI_USER_INFO_PUBLIC |\r
- EFI_USER_INFO_EXCLUSIVE;\r
- Info->InfoSize = (UINT32) (sizeof (EFI_USER_INFO) + mUserInfo.AccessPolicyLen);\r
- CopyMem ((UINT8 *) (Info + 1), mUserInfo.AccessPolicy, mUserInfo.AccessPolicyLen);\r
- Status = mUserManager->SetInfo (\r
- mUserManager,\r
- mModifyUser,\r
- &UserInfo,\r
- Info,\r
- Info->InfoSize\r
- );\r
- mUserInfo.AccessPolicyModified = FALSE;\r
- }\r
- FreePool (Info);\r
- }\r
-\r
- if (mAccessInfo.ConnectForbid != NULL) {\r
- FreePool (mAccessInfo.ConnectForbid);\r
- mAccessInfo.ConnectForbid = NULL;\r
- }\r
-\r
- if (mAccessInfo.ConnectPermit != NULL) {\r
- FreePool (mAccessInfo.ConnectPermit);\r
- mAccessInfo.ConnectPermit = NULL;\r
- }\r
-\r
- if (mAccessInfo.LoadForbid != NULL) {\r
- FreePool (mAccessInfo.LoadForbid);\r
- mAccessInfo.LoadForbid = NULL;\r
- }\r
-\r
- if (mAccessInfo.LoadPermit != NULL) {\r
- FreePool (mAccessInfo.LoadPermit);\r
- mAccessInfo.LoadPermit = NULL;\r
- }\r
-}\r
-\r
-\r
/**\r
Get the username from user input, and update username string in the Hii \r
database with it.\r
//\r
// Save the user name.\r
//\r
- Status = FindInfoByType (EFI_USER_INFO_NAME_RECORD, &UserInfo);\r
+ Status = FindInfoByType (mModifyUser, EFI_USER_INFO_NAME_RECORD, &UserInfo);\r
if (!EFI_ERROR (Status)) {\r
mUserManager->SetInfo (\r
mUserManager,\r
\r
\r
/**\r
- Save the identity policy and update UI with it.\r
- \r
- This funciton will verify the new identity policy, in current implementation, \r
- the identity policy can be: T, P & P & P & ..., P | P | P | ...\r
- Here, "T" means "True", "P" means "Credential Provider", "&" means "and", "|" means "or".\r
- Other identity policies are not supported. \r
+ Get current user's access right.\r
+\r
+ @param[out] AccessRight Points to the buffer used for user's access right.\r
+\r
+ @retval EFI_SUCCESS Get current user access right successfully.\r
+ @retval others Fail to get current user access right.\r
\r
**/\r
-VOID\r
-SaveIdentityPolicy (\r
- VOID\r
+EFI_STATUS\r
+GetAccessRight (\r
+ OUT UINT32 *AccessRight\r
)\r
{\r
EFI_STATUS Status;\r
- EFI_USER_INFO_IDENTITY_POLICY *Identity;\r
EFI_USER_INFO_HANDLE UserInfo;\r
EFI_USER_INFO *Info;\r
- EFI_INPUT_KEY Key;\r
- UINTN Offset;\r
- UINT32 OpCode;\r
UINTN InfoSize;\r
+ UINTN MemSize;\r
+ EFI_USER_INFO_ACCESS_CONTROL Access;\r
+ EFI_USER_PROFILE_HANDLE CurrentUser;\r
+ UINTN TotalLen;\r
+ UINTN CheckLen;\r
\r
- if (!mUserInfo.NewIdentityPolicyModified || (mUserInfo.NewIdentityPolicyLen == 0)) {\r
- return;\r
+ //\r
+ // Allocate user information memory.\r
+ //\r
+ MemSize = sizeof (EFI_USER_INFO) + 63;\r
+ Info = AllocateZeroPool (MemSize);\r
+ if (Info == NULL) {\r
+ return EFI_OUT_OF_RESOURCES;\r
}\r
- \r
+ \r
//\r
- // Check policy expression.\r
+ // Get user access information.\r
//\r
- OpCode = EFI_USER_INFO_IDENTITY_FALSE;\r
- Offset = 0;\r
- while (Offset < mUserInfo.NewIdentityPolicyLen) {\r
+ UserInfo = NULL;\r
+ mUserManager->Current (mUserManager, &CurrentUser);\r
+ while (TRUE) {\r
+ InfoSize = MemSize;\r
//\r
- // Check access policy according to type\r
+ // Get next user information.\r
//\r
- Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (mUserInfo.NewIdentityPolicy + Offset);\r
- switch (Identity->Type) {\r
-\r
- case EFI_USER_INFO_IDENTITY_TRUE:\r
- break;\r
-\r
- case EFI_USER_INFO_IDENTITY_OR:\r
- if (OpCode == EFI_USER_INFO_IDENTITY_AND) {\r
- CreatePopUp (\r
- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
- &Key,\r
- L"Invalid Identity Policy, Mixed Connector Unsupport!",\r
- L"",\r
- L"Press Any Key to Continue ...",\r
- NULL\r
- );\r
- return ;\r
- }\r
-\r
- OpCode = EFI_USER_INFO_IDENTITY_OR;\r
- break;\r
-\r
- case EFI_USER_INFO_IDENTITY_AND:\r
- if (OpCode == EFI_USER_INFO_IDENTITY_OR) {\r
- CreatePopUp (\r
- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
- &Key,\r
- L"Invalid Identity Policy, Mixed Connector Unsupport!",\r
- L"",\r
- L"Press Any Key to Continue ...",\r
- NULL\r
- );\r
- return ;\r
- }\r
-\r
- OpCode = EFI_USER_INFO_IDENTITY_AND;\r
- break;\r
-\r
- case EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER:\r
+ Status = mUserManager->GetNextInfo (mUserManager, CurrentUser, &UserInfo);\r
+ if (EFI_ERROR (Status)) {\r
break;\r
-\r
- default:\r
- CreatePopUp (\r
- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
- &Key,\r
- L"Unsupport parameter",\r
- L"",\r
- L"Press Any Key to Continue ...",\r
- NULL\r
- );\r
- return ;\r
}\r
- Offset += Identity->Length;\r
- }\r
-\r
- //\r
- // Save identity policy.\r
- //\r
- Info = AllocateZeroPool (\r
- sizeof (EFI_USER_INFO) + \r
- mUserInfo.NewIdentityPolicyLen\r
- );\r
- if (Info == NULL) {\r
- return ;\r
- }\r
\r
- Status = FindInfoByType (EFI_USER_INFO_IDENTITY_POLICY_RECORD, &UserInfo);\r
- if (EFI_ERROR (Status)) {\r
- FreePool (Info);\r
- return ;\r
- }\r
- \r
- Info->InfoType = EFI_USER_INFO_IDENTITY_POLICY_RECORD;\r
- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV |\r
- EFI_USER_INFO_PRIVATE |\r
- EFI_USER_INFO_EXCLUSIVE;\r
- Info->InfoSize = (UINT32) (sizeof (EFI_USER_INFO) + mUserInfo.NewIdentityPolicyLen);\r
- CopyMem ((UINT8 *) (Info + 1), mUserInfo.NewIdentityPolicy, mUserInfo.NewIdentityPolicyLen);\r
- Status = mUserManager->SetInfo (\r
- mUserManager,\r
- mModifyUser,\r
- &UserInfo,\r
- Info,\r
- Info->InfoSize\r
- );\r
- FreePool (Info); \r
- if (EFI_ERROR (Status)) {\r
- //\r
- // Get the user information again, it may be changed during saving it.\r
- //\r
- InfoSize = 0;\r
Status = mUserManager->GetInfo (\r
mUserManager,\r
- mModifyUser,\r
+ CurrentUser,\r
UserInfo,\r
Info,\r
&InfoSize\r
);\r
if (Status == EFI_BUFFER_TOO_SMALL) {\r
- Info = AllocateZeroPool (InfoSize);\r
- ASSERT (Info != NULL);\r
+ MemSize = InfoSize;\r
+ FreePool (Info);\r
+ Info = AllocateZeroPool (MemSize);\r
+ if (Info == NULL) {\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
Status = mUserManager->GetInfo (\r
mUserManager,\r
- mModifyUser,\r
+ CurrentUser,\r
UserInfo,\r
Info,\r
&InfoSize\r
);\r
}\r
- ASSERT_EFI_ERROR (Status);\r
- \r
- //\r
- // Save current identification policy to mUserInfo.IdentityPolicy. \r
- //\r
- ASSERT (Info != NULL);\r
- if (mUserInfo.IdentityPolicy != NULL) {\r
- FreePool (mUserInfo.IdentityPolicy);\r
- }\r
-\r
- mUserInfo.IdentityPolicyLen = Info->InfoSize - sizeof (EFI_USER_INFO);\r
- mUserInfo.IdentityPolicy = AllocateCopyPool (mUserInfo.IdentityPolicyLen, Info + 1); \r
- ASSERT (mUserInfo.IdentityPolicy != NULL); \r
-\r
- //\r
- // Free the memory\r
- //\r
- FreePool (Info);\r
- FreePool (mUserInfo.NewIdentityPolicy);\r
- } else { \r
- //\r
- // Update the mUserInfo.IdentityPolicy by mUserInfo.NewIdentityPolicy\r
- //\r
- if (mUserInfo.IdentityPolicy != NULL) {\r
- FreePool (mUserInfo.IdentityPolicy);\r
+ if (EFI_ERROR (Status)) {\r
+ break;\r
}\r
- mUserInfo.IdentityPolicy = mUserInfo.NewIdentityPolicy;\r
- mUserInfo.IdentityPolicyLen = mUserInfo.NewIdentityPolicyLen;\r
- }\r
-\r
- mUserInfo.NewIdentityPolicy = NULL;\r
- mUserInfo.NewIdentityPolicyLen = 0;\r
- mUserInfo.NewIdentityPolicyModified = FALSE; \r
-\r
- //\r
- // Update identity policy choice.\r
- //\r
- ResolveIdentityPolicy (\r
- mUserInfo.IdentityPolicy, \r
- mUserInfo.IdentityPolicyLen, \r
- STRING_TOKEN (STR_IDENTIFY_POLICY_VAL)\r
- );\r
-}\r
-\r
-\r
-/**\r
- Verify the new identity policy in the current implementation. The same credential\r
- provider can't appear twice in one identity policy.\r
-\r
- @param[in] NewGuid Points to the credential provider guid.\r
- \r
- @retval TRUE The NewGuid was found in the identity policy.\r
- @retval FALSE The NewGuid was not found.\r
-\r
-**/\r
-BOOLEAN\r
-CheckIdentityPolicy (\r
- IN EFI_GUID *NewGuid\r
- )\r
-{\r
- UINTN Offset;\r
- EFI_USER_INFO_IDENTITY_POLICY *Identity;\r
- EFI_INPUT_KEY Key;\r
-\r
- Offset = 0;\r
- while (Offset < mUserInfo.NewIdentityPolicyLen) {\r
+ \r
//\r
- // Check access policy according to type.\r
+ // Check user information.\r
//\r
- Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (mUserInfo.NewIdentityPolicy + Offset);\r
- switch (Identity->Type) {\r
-\r
- case EFI_USER_INFO_IDENTITY_TRUE:\r
- case EFI_USER_INFO_IDENTITY_OR:\r
- case EFI_USER_INFO_IDENTITY_AND:\r
- break;\r
-\r
- case EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER:\r
- if (CompareGuid (NewGuid, (EFI_GUID *) (Identity + 1))) {\r
- CreatePopUp (\r
- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
- &Key,\r
- L"This Credential Provider Are Already Used!",\r
- L"",\r
- L"Press Any Key to Continue ...",\r
- NULL\r
- );\r
- return FALSE;\r
+ if (Info->InfoType == EFI_USER_INFO_ACCESS_POLICY_RECORD) {\r
+ TotalLen = Info->InfoSize - sizeof (EFI_USER_INFO);\r
+ CheckLen = 0;\r
+ //\r
+ // Get specified access information.\r
+ //\r
+ while (CheckLen < TotalLen) {\r
+ CopyMem (&Access, (UINT8 *) (Info + 1) + CheckLen, sizeof (Access));\r
+ if ((Access.Type == EFI_USER_INFO_ACCESS_ENROLL_SELF) ||\r
+ (Access.Type == EFI_USER_INFO_ACCESS_ENROLL_OTHERS) ||\r
+ (Access.Type == EFI_USER_INFO_ACCESS_MANAGE)\r
+ ) {\r
+ *AccessRight = Access.Type;\r
+ FreePool (Info);\r
+ return EFI_SUCCESS;\r
+ }\r
+ CheckLen += Access.Size;\r
}\r
- break;\r
-\r
- default:\r
- CreatePopUp (\r
- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
- &Key,\r
- L"Unsupport parameter",\r
- L"",\r
- L"Press Any Key to Continue ...",\r
- NULL\r
- );\r
- return FALSE;\r
}\r
-\r
- Offset += Identity->Length;\r
}\r
- return TRUE;\r
+ FreePool (Info);\r
+ return EFI_NOT_FOUND;\r
}\r
\r
-\r
-/**\r
- Update the mUserInfo.NewIdentityPolicy, and UI when 'add option' is pressed.\r
-\r
-**/\r
-VOID\r
-AddIdentityPolicyItem (\r
- VOID\r
- )\r
-{\r
- UINT8 *NewInfo;\r
- EFI_USER_INFO_IDENTITY_POLICY *Policy;\r
-\r
- if (mProviderInfo->Count == 0) {\r
- return ;\r
- }\r
-\r
- if (!mUserInfo.NewIdentityPolicyModified && (mUserInfo.NewIdentityPolicyLen > 0)) {\r
- FreePool (mUserInfo.NewIdentityPolicy);\r
- mUserInfo.NewIdentityPolicy = NULL;\r
- mUserInfo.NewIdentityPolicyLen = 0;\r
- }\r
- //\r
- // Expand the identity policy memory for the newly added policy info.\r
- //\r
- if (mUserInfo.NewIdentityPolicyLen > 0) {\r
- //\r
- // The new policy is not empty, expand space for connetor and provider.\r
- //\r
- if (!CheckIdentityPolicy (&mProviderInfo->Provider[mProviderChoice]->Identifier)) {\r
- return ;\r
- }\r
- NewInfo = AllocateZeroPool (\r
- mUserInfo.NewIdentityPolicyLen + \r
- sizeof (EFI_USER_INFO_IDENTITY_POLICY) * 2 + \r
- sizeof (EFI_GUID)\r
- );\r
- } else {\r
- //\r
- // The new policy is empty, only expand space for provider.\r
- //\r
- NewInfo = AllocateZeroPool (\r
- mUserInfo.NewIdentityPolicyLen + \r
- sizeof (EFI_USER_INFO_IDENTITY_POLICY) + \r
- sizeof (EFI_GUID)\r
- );\r
- }\r
-\r
- if (NewInfo == NULL) {\r
- return ;\r
- }\r
-\r
- if (mUserInfo.NewIdentityPolicyLen > 0) {\r
- CopyMem (NewInfo, mUserInfo.NewIdentityPolicy, mUserInfo.NewIdentityPolicyLen);\r
- FreePool (mUserInfo.NewIdentityPolicy);\r
- }\r
- mUserInfo.NewIdentityPolicy = NewInfo;\r
-\r
- //\r
- // Save logical connector.\r
- //\r
- if (mUserInfo.NewIdentityPolicyLen > 0) {\r
- Policy = (EFI_USER_INFO_IDENTITY_POLICY *) (mUserInfo.NewIdentityPolicy +\r
- mUserInfo.NewIdentityPolicyLen);\r
- if (mConncetLogical == 0) {\r
- Policy->Type = EFI_USER_INFO_IDENTITY_AND;\r
- } else {\r
- Policy->Type = EFI_USER_INFO_IDENTITY_OR;\r
- }\r
-\r
- Policy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY);\r
- mUserInfo.NewIdentityPolicyLen += Policy->Length;\r
- }\r
- \r
- //\r
- // Save credential provider.\r
- //\r
- Policy = (EFI_USER_INFO_IDENTITY_POLICY *) (mUserInfo.NewIdentityPolicy + \r
- mUserInfo.NewIdentityPolicyLen);\r
- Policy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY) + sizeof (EFI_GUID);\r
- Policy->Type = EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER;\r
- CopyGuid ((EFI_GUID *) (Policy + 1), &mProviderInfo->Provider[mProviderChoice]->Identifier);\r
- mUserInfo.NewIdentityPolicyLen += Policy->Length;\r
-\r
- //\r
- // Update identity policy choice.\r
- //\r
- mUserInfo.NewIdentityPolicyModified = TRUE;\r
- ResolveIdentityPolicy (\r
- mUserInfo.NewIdentityPolicy, \r
- mUserInfo.NewIdentityPolicyLen, \r
- STRING_TOKEN (STR_IDENTIFY_POLICY_VALUE)\r
- );\r
-}\r
-\r
-\r
-/**\r
- Create an action OpCode with QuestionID and DevicePath on a given OpCodeHandle.\r
-\r
- @param[in] QuestionID The question ID.\r
- @param[in] DevicePath Points to device path.\r
- @param[in] OpCodeHandle Points to container for dynamic created opcodes.\r
-\r
-**/\r
-VOID\r
-AddDevicePath (\r
- IN UINTN QuestionID,\r
- IN EFI_DEVICE_PATH_PROTOCOL *DevicePath,\r
- IN VOID *OpCodeHandle\r
- )\r
-{\r
- EFI_STATUS Status;\r
- EFI_DEVICE_PATH_PROTOCOL *Next;\r
- EFI_STRING_ID NameID;\r
- EFI_STRING DriverName;\r
- EFI_DEVICE_PATH_TO_TEXT_PROTOCOL *DevicePathText;\r
-\r
- //\r
- // Locate device path to text protocol.\r
- //\r
- Status = gBS->LocateProtocol (\r
- &gEfiDevicePathToTextProtocolGuid,\r
- NULL,\r
- (VOID **) &DevicePathText\r
- );\r
- if (EFI_ERROR (Status)) {\r
- return ;\r
- }\r
- \r
- //\r
- // Get driver file name node.\r
- //\r
- Next = DevicePath;\r
- while (!IsDevicePathEnd (Next)) {\r
- DevicePath = Next;\r
- Next = NextDevicePathNode (Next);\r
- }\r
-\r
- //\r
- // Display the device path in form.\r
- //\r
- DriverName = DevicePathText->ConvertDevicePathToText (DevicePath, FALSE, FALSE);\r
- NameID = HiiSetString (mCallbackInfo->HiiHandle, 0, DriverName, NULL);\r
- FreePool (DriverName);\r
- if (NameID == 0) {\r
- return ;\r
- }\r
-\r
- HiiCreateActionOpCode (\r
- OpCodeHandle, // Container for dynamic created opcodes\r
- (UINT16) QuestionID, // Question ID\r
- NameID, // Prompt text\r
- STRING_TOKEN (STR_NULL_STRING), // Help text\r
- EFI_IFR_FLAG_CALLBACK, // Question flag\r
- 0 // Action String ID\r
- );\r
-}\r
-\r
-\r
-/**\r
- Check whether the DevicePath is in the device path forbid list \r
- (mAccessInfo.LoadForbid).\r
-\r
- @param[in] DevicePath Points to device path.\r
- \r
- @retval TRUE The DevicePath is in the device path forbid list.\r
- @retval FALSE The DevicePath is not in the device path forbid list.\r
-\r
-**/\r
-BOOLEAN\r
-IsLoadForbidden (\r
- IN EFI_DEVICE_PATH_PROTOCOL *DevicePath\r
- )\r
-{\r
- UINTN OffSet;\r
- UINTN DPSize;\r
- UINTN Size;\r
- EFI_DEVICE_PATH_PROTOCOL *Dp;\r
-\r
- OffSet = 0;\r
- Size = GetDevicePathSize (DevicePath);\r
- //\r
- // Check each device path.\r
- //\r
- while (OffSet < mAccessInfo.LoadForbidLen) {\r
- Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + OffSet);\r
- DPSize = GetDevicePathSize (Dp);\r
- //\r
- // Compare device path.\r
- //\r
- if ((DPSize == Size) && (CompareMem (DevicePath, Dp, Size) == 0)) {\r
- return TRUE;\r
- }\r
- OffSet += DPSize;\r
- }\r
- return FALSE;\r
-}\r
-\r
-\r
-/**\r
- Display the permit load device path in the loadable device path list.\r
-\r
-**/\r
-VOID\r
-DisplayLoadPermit(\r
- VOID\r
- )\r
-{\r
- EFI_STATUS Status;\r
- CHAR16 *Order;\r
- UINTN OrderSize;\r
- UINTN ListCount;\r
- UINTN Index;\r
- UINT8 *Var;\r
- UINT8 *VarPtr;\r
- CHAR16 VarName[12];\r
- VOID *StartOpCodeHandle;\r
- VOID *EndOpCodeHandle;\r
- EFI_IFR_GUID_LABEL *StartLabel;\r
- EFI_IFR_GUID_LABEL *EndLabel;\r
-\r
- //\r
- // Get DriverOrder.\r
- //\r
- OrderSize = 0;\r
- Status = gRT->GetVariable (\r
- L"DriverOrder", \r
- &gEfiGlobalVariableGuid, \r
- NULL, \r
- &OrderSize, \r
- NULL\r
- );\r
- if (Status != EFI_BUFFER_TOO_SMALL) {\r
- return ;\r
- }\r
-\r
- Order = AllocateZeroPool (OrderSize);\r
- if (Order == NULL) {\r
- return ;\r
- }\r
-\r
- Status = gRT->GetVariable (\r
- L"DriverOrder", \r
- &gEfiGlobalVariableGuid, \r
- NULL, \r
- &OrderSize, \r
- Order\r
- );\r
- if (EFI_ERROR (Status)) {\r
- return ;\r
- }\r
- \r
- //\r
- // Initialize the container for dynamic opcodes.\r
- //\r
- StartOpCodeHandle = HiiAllocateOpCodeHandle ();\r
- ASSERT (StartOpCodeHandle != NULL);\r
-\r
- EndOpCodeHandle = HiiAllocateOpCodeHandle ();\r
- ASSERT (EndOpCodeHandle != NULL);\r
-\r
- //\r
- // Create Hii Extend Label OpCode.\r
- //\r
- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (\r
- StartOpCodeHandle,\r
- &gEfiIfrTianoGuid,\r
- NULL,\r
- sizeof (EFI_IFR_GUID_LABEL)\r
- );\r
- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;\r
- StartLabel->Number = LABEL_PERMIT_LOAD_FUNC;\r
-\r
- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (\r
- EndOpCodeHandle,\r
- &gEfiIfrTianoGuid,\r
- NULL,\r
- sizeof (EFI_IFR_GUID_LABEL)\r
- );\r
- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;\r
- EndLabel->Number = LABEL_END;\r
-\r
- //\r
- // Add each driver option.\r
- //\r
- Var = NULL;\r
- ListCount = OrderSize / sizeof (UINT16);\r
- for (Index = 0; Index < ListCount; Index++) {\r
- //\r
- // Get driver device path.\r
- //\r
- UnicodeSPrint (VarName, sizeof (VarName), L"Driver%04x", Order[Index]);\r
- Var = GetEfiGlobalVariable (VarName);\r
- if (Var == NULL) {\r
- continue;\r
- }\r
- \r
- //\r
- // Check whether the driver is already forbidden.\r
- //\r
- \r
- VarPtr = Var;\r
- //\r
- // Skip attribute.\r
- //\r
- VarPtr += sizeof (UINT32);\r
-\r
- //\r
- // Skip device path lenth.\r
- //\r
- VarPtr += sizeof (UINT16);\r
-\r
- //\r
- // Skip descript string.\r
- //\r
- VarPtr += StrSize ((UINT16 *) VarPtr);\r
-\r
- if (IsLoadForbidden ((EFI_DEVICE_PATH_PROTOCOL *) VarPtr)) {\r
- FreePool (Var);\r
- Var = NULL;\r
- continue;\r
- }\r
-\r
- AddDevicePath (\r
- KEY_MODIFY_USER | KEY_MODIFY_AP_DP | KEY_LOAD_PERMIT_MODIFY | Order[Index],\r
- (EFI_DEVICE_PATH_PROTOCOL *) VarPtr,\r
- StartOpCodeHandle\r
- );\r
- FreePool (Var);\r
- Var = NULL;\r
- }\r
-\r
- HiiUpdateForm (\r
- mCallbackInfo->HiiHandle, // HII handle\r
- &gUserProfileManagerGuid, // Formset GUID\r
- FORMID_PERMIT_LOAD_DP, // Form ID\r
- StartOpCodeHandle, // Label for where to insert opcodes\r
- EndOpCodeHandle // Replace data\r
- );\r
-\r
- HiiFreeOpCodeHandle (StartOpCodeHandle);\r
- HiiFreeOpCodeHandle (EndOpCodeHandle);\r
-\r
- //\r
- // Clear Environment.\r
- //\r
- if (Var != NULL) {\r
- FreePool (Var);\r
- }\r
- FreePool (Order);\r
-}\r
-\r
-\r
-/**\r
- Display the forbid load device path list (mAccessInfo.LoadForbid).\r
-\r
-**/\r
-VOID\r
-DisplayLoadForbid (\r
- VOID\r
- )\r
-{\r
- UINTN Offset;\r
- UINTN DPSize;\r
- UINTN Index;\r
- EFI_DEVICE_PATH_PROTOCOL *Dp;\r
- VOID *StartOpCodeHandle;\r
- VOID *EndOpCodeHandle;\r
- EFI_IFR_GUID_LABEL *StartLabel;\r
- EFI_IFR_GUID_LABEL *EndLabel;\r
-\r
- //\r
- // Initialize the container for dynamic opcodes.\r
- //\r
- StartOpCodeHandle = HiiAllocateOpCodeHandle ();\r
- ASSERT (StartOpCodeHandle != NULL);\r
-\r
- EndOpCodeHandle = HiiAllocateOpCodeHandle ();\r
- ASSERT (EndOpCodeHandle != NULL);\r
-\r
- //\r
- // Create Hii Extend Label OpCode.\r
- //\r
- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (\r
- StartOpCodeHandle,\r
- &gEfiIfrTianoGuid,\r
- NULL,\r
- sizeof (EFI_IFR_GUID_LABEL)\r
- );\r
- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;\r
- StartLabel->Number = LABLE_FORBID_LOAD_FUNC;\r
-\r
- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (\r
- EndOpCodeHandle,\r
- &gEfiIfrTianoGuid,\r
- NULL,\r
- sizeof (EFI_IFR_GUID_LABEL)\r
- );\r
- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;\r
- EndLabel->Number = LABEL_END;\r
-\r
- //\r
- // Add each forbid load drivers.\r
- //\r
- Offset = 0;\r
- Index = 0;\r
- while (Offset < mAccessInfo.LoadForbidLen) {\r
- Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + Offset);\r
- DPSize = GetDevicePathSize (Dp);\r
- AddDevicePath (\r
- KEY_MODIFY_USER | KEY_MODIFY_AP_DP | KEY_LOAD_FORBID_MODIFY | Index,\r
- Dp,\r
- StartOpCodeHandle\r
- );\r
- Index++;\r
- Offset += DPSize;\r
- }\r
-\r
- HiiUpdateForm (\r
- mCallbackInfo->HiiHandle, // HII handle\r
- &gUserProfileManagerGuid, // Formset GUID\r
- FORMID_FORBID_LOAD_DP, // Form ID\r
- StartOpCodeHandle, // Label for where to insert opcodes\r
- EndOpCodeHandle // Replace data\r
- );\r
-\r
- HiiFreeOpCodeHandle (StartOpCodeHandle);\r
- HiiFreeOpCodeHandle (EndOpCodeHandle);\r
-}\r
-\r
-\r
-/**\r
- Display the permit connect device path.\r
-\r
-**/\r
-VOID\r
-DisplayConnectPermit (\r
- VOID\r
- )\r
-{\r
- //\r
- // Note: \r
- // As no architect protocol/interface to be called in ConnectController()\r
- // to verify the device path, just add a place holder for permitted connect\r
- // device path.\r
- //\r
-}\r
-\r
-\r
-/**\r
- Display the forbid connect device path list.\r
-\r
-**/\r
-VOID\r
-DisplayConnectForbid (\r
- VOID\r
- )\r
-{\r
- //\r
- // Note: \r
- // As no architect protocol/interface to be called in ConnectController()\r
- // to verify the device path, just add a place holder for forbidden connect\r
- // device path.\r
- //\r
-}\r
-\r
-\r
-/**\r
- Delete the specified device path by DriverIndex from the forbid device path \r
- list (mAccessInfo.LoadForbid).\r
-\r
- @param[in] DriverIndex The index of driver in forbidden device path list.\r
- \r
-**/\r
-VOID\r
-DeleteFromForbidLoad (\r
- IN UINT16 DriverIndex\r
- )\r
-{\r
- UINTN OffSet;\r
- UINTN DPSize;\r
- UINTN OffLen;\r
- EFI_DEVICE_PATH_PROTOCOL *Dp;\r
-\r
- OffSet = 0;\r
- //\r
- // Find the specified device path.\r
- //\r
- while ((OffSet < mAccessInfo.LoadForbidLen) && (DriverIndex > 0)) {\r
- Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + OffSet);\r
- DPSize = GetDevicePathSize (Dp);\r
- OffSet += DPSize;\r
- DriverIndex--;\r
- }\r
- \r
- //\r
- // Specified device path found.\r
- //\r
- if (DriverIndex == 0) {\r
- Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + OffSet);\r
- DPSize = GetDevicePathSize (Dp);\r
- OffLen = mAccessInfo.LoadForbidLen - OffSet - DPSize;\r
- if (OffLen > 0) {\r
- CopyMem (\r
- mAccessInfo.LoadForbid + OffSet, \r
- mAccessInfo.LoadForbid + OffSet + DPSize, \r
- OffLen\r
- );\r
- }\r
- mAccessInfo.LoadForbidLen -= DPSize;\r
- }\r
-}\r
-\r
-\r
-/**\r
- Add the specified device path by DriverIndex to the forbid device path \r
- list (mAccessInfo.LoadForbid).\r
-\r
- @param[in] DriverIndex The index of driver saved in driver options.\r
- \r
-**/\r
-VOID\r
-AddToForbidLoad (\r
- IN UINT16 DriverIndex\r
- )\r
-{\r
- UINTN DevicePathLen;\r
- UINT8 *Var;\r
- UINT8 *VarPtr;\r
- UINTN NewLen;\r
- UINT8 *NewFL;\r
- CHAR16 VarName[13];\r
-\r
- //\r
- // Get loadable driver device path.\r
- //\r
- UnicodeSPrint (VarName, sizeof (VarName), L"Driver%04x", DriverIndex);\r
- Var = GetEfiGlobalVariable (VarName);\r
- if (Var == NULL) {\r
- return;\r
- }\r
- \r
- //\r
- // Save forbid load driver.\r
- //\r
- \r
- VarPtr = Var;\r
- //\r
- // Skip attribute.\r
- //\r
- VarPtr += sizeof (UINT32);\r
-\r
- DevicePathLen = *(UINT16 *) VarPtr;\r
- //\r
- // Skip device path length.\r
- //\r
- VarPtr += sizeof (UINT16);\r
-\r
- //\r
- // Skip description string.\r
- //\r
- VarPtr += StrSize ((UINT16 *) VarPtr);\r
-\r
- NewLen = mAccessInfo.LoadForbidLen + DevicePathLen;\r
- NewFL = AllocateZeroPool (NewLen);\r
- if (NewFL == NULL) {\r
- FreePool (Var);\r
- return ;\r
- }\r
-\r
- if (mAccessInfo.LoadForbidLen > 0) {\r
- CopyMem (NewFL, mAccessInfo.LoadForbid, mAccessInfo.LoadForbidLen);\r
- FreePool (mAccessInfo.LoadForbid);\r
- }\r
-\r
- CopyMem (NewFL + mAccessInfo.LoadForbidLen, VarPtr, DevicePathLen);\r
- mAccessInfo.LoadForbidLen = NewLen;\r
- mAccessInfo.LoadForbid = NewFL;\r
- FreePool (Var);\r
-}\r
-\r
-\r
-/**\r
- Get current user's access right.\r
-\r
- @param[out] AccessRight Points to the buffer used for user's access right.\r
-\r
- @retval EFI_SUCCESS Get current user access right successfully.\r
- @retval others Fail to get current user access right.\r
-\r
-**/\r
-EFI_STATUS\r
-GetAccessRight (\r
- OUT UINT32 *AccessRight\r
- )\r
-{\r
- EFI_STATUS Status;\r
- EFI_USER_INFO_HANDLE UserInfo;\r
- EFI_USER_INFO *Info;\r
- UINTN InfoSize;\r
- UINTN MemSize;\r
- EFI_USER_INFO_ACCESS_CONTROL Access;\r
- EFI_USER_PROFILE_HANDLE CurrentUser;\r
- UINTN TotalLen;\r
- UINTN CheckLen;\r
-\r
- //\r
- // Allocate user information memory.\r
- //\r
- MemSize = sizeof (EFI_USER_INFO) + 63;\r
- Info = AllocateZeroPool (MemSize);\r
- if (Info == NULL) {\r
- return EFI_OUT_OF_RESOURCES;\r
- }\r
- \r
- //\r
- // Get user access information.\r
- //\r
- UserInfo = NULL;\r
- mUserManager->Current (mUserManager, &CurrentUser);\r
- while (TRUE) {\r
- InfoSize = MemSize;\r
- //\r
- // Get next user information.\r
- //\r
- Status = mUserManager->GetNextInfo (mUserManager, CurrentUser, &UserInfo);\r
- if (EFI_ERROR (Status)) {\r
- break;\r
- }\r
-\r
- Status = mUserManager->GetInfo (\r
- mUserManager,\r
- CurrentUser,\r
- UserInfo,\r
- Info,\r
- &InfoSize\r
- );\r
- if (Status == EFI_BUFFER_TOO_SMALL) {\r
- MemSize = InfoSize;\r
- FreePool (Info);\r
- Info = AllocateZeroPool (MemSize);\r
- if (Info == NULL) {\r
- return EFI_OUT_OF_RESOURCES;\r
- }\r
- Status = mUserManager->GetInfo (\r
- mUserManager,\r
- CurrentUser,\r
- UserInfo,\r
- Info,\r
- &InfoSize\r
- );\r
- }\r
- if (EFI_ERROR (Status)) {\r
- break;\r
- }\r
- \r
- //\r
- // Check user information.\r
- //\r
- if (Info->InfoType == EFI_USER_INFO_ACCESS_POLICY_RECORD) {\r
- TotalLen = Info->InfoSize - sizeof (EFI_USER_INFO);\r
- CheckLen = 0;\r
- //\r
- // Get specified access information.\r
- //\r
- while (CheckLen < TotalLen) {\r
- CopyMem (&Access, (UINT8 *) (Info + 1) + CheckLen, sizeof (Access));\r
- if ((Access.Type == EFI_USER_INFO_ACCESS_ENROLL_SELF) ||\r
- (Access.Type == EFI_USER_INFO_ACCESS_ENROLL_OTHERS) ||\r
- (Access.Type == EFI_USER_INFO_ACCESS_MANAGE)\r
- ) {\r
- *AccessRight = Access.Type;\r
- FreePool (Info);\r
- return EFI_SUCCESS;\r
- }\r
- CheckLen += Access.Size;\r
- }\r
- }\r
- }\r
- FreePool (Info);\r
- return EFI_NOT_FOUND;\r
-}\r
-\r
-\r
-\r