X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;ds=sidebyside;f=SecurityPkg%2FUserIdentification%2FUserProfileManagerDxe%2FUserProfileModify.c;h=833307189a63d97d8e42686326812b632d6fa332;hb=c0cb1e1a72bccb5c83d7a36a8e52a38002b18671;hp=156c155c2ce3f86c3f96b29b855765f5c756a315;hpb=0c18794ea4289f03fefc7117b56740414cc0536c;p=mirror_edk2.git
diff --git a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModify.c b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModify.c
index 156c155c2c..833307189a 100644
--- a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModify.c
+++ b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModify.c
@@ -1,7 +1,7 @@
/** @file
The functions to modify a user profile.
-Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -90,7 +90,7 @@ SelectUserToModify (
HiiUpdateForm (
mCallbackInfo->HiiHandle, // HII handle
- &mUserProfileManagerGuid, // Formset GUID
+ &gUserProfileManagerGuid, // Formset GUID
FORMID_MODIFY_USER, // Form ID
StartOpCodeHandle, // Label for where to insert opcodes
EndOpCodeHandle // Replace data
@@ -338,18 +338,18 @@ AddStr (
StrLength = StrSize (Source2);
} else {
StrLength = StrSize (*Source1);
- StrLength += StrSize (Source2) -1;
+ StrLength += StrSize (Source2) - 2;
}
TmpStr = AllocateZeroPool (StrLength);
ASSERT (TmpStr != NULL);
if (*Source1 == NULL) {
- StrCpy (TmpStr, Source2);;
+ StrCpyS (TmpStr, StrLength / sizeof (CHAR16), Source2);
} else {
- StrCpy (TmpStr, *Source1);
+ StrCpyS (TmpStr, StrLength / sizeof (CHAR16), *Source1);
FreePool (*Source1);
- StrCat (TmpStr, Source2);
+ StrCatS (TmpStr, StrLength / sizeof (CHAR16),Source2);
}
*Source1 = TmpStr;
@@ -379,7 +379,7 @@ ResolveIdentityPolicy (
CHAR16 *ProvStr;
EFI_STRING_ID ProvId;
EFI_HII_HANDLE HiiHandle;
- EFI_USER_CREDENTIAL_PROTOCOL *UserCredential;
+ EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential;
TmpStr = NULL;
@@ -616,7 +616,7 @@ ModifyUserInfo (
HiiUpdateForm (
mCallbackInfo->HiiHandle, // HII handle
- &mUserProfileManagerGuid, // Formset GUID
+ &gUserProfileManagerGuid, // Formset GUID
FORMID_USER_INFO, // Form ID
StartOpCodeHandle, // Label
EndOpCodeHandle // Replace data
@@ -749,8 +749,9 @@ ResolveAccessPolicy (
/**
- Find the specified info in profile mModifyUser by the InfoType.
+ Find the specified info in User profile by the InfoType.
+ @param[in] User Handle of the user whose information will be searched.
@param[in] InfoType The user information type to find.
@param[out] UserInfo Points to user information handle found.
@@ -760,6 +761,7 @@ ResolveAccessPolicy (
**/
EFI_STATUS
FindInfoByType (
+ IN EFI_USER_PROFILE_HANDLE User,
IN UINT8 InfoType,
OUT EFI_USER_INFO_HANDLE *UserInfo
)
@@ -787,7 +789,7 @@ FindInfoByType (
// Get each user information.
//
while (TRUE) {
- Status = mUserManager->GetNextInfo (mUserManager, mModifyUser, UserInfo);
+ Status = mUserManager->GetNextInfo (mUserManager, User, UserInfo);
if (EFI_ERROR (Status)) {
break;
}
@@ -797,7 +799,7 @@ FindInfoByType (
InfoSize = MemSize;
Status = mUserManager->GetInfo (
mUserManager,
- mModifyUser,
+ User,
*UserInfo,
Info,
&InfoSize
@@ -811,7 +813,7 @@ FindInfoByType (
}
Status = mUserManager->GetInfo (
mUserManager,
- mModifyUser,
+ User,
*UserInfo,
Info,
&InfoSize
@@ -1060,7 +1062,7 @@ ModidyAccessPolicy (
//
HiiUpdateForm (
mCallbackInfo->HiiHandle, // HII handle
- &mUserProfileManagerGuid, // Formset GUID
+ &gUserProfileManagerGuid, // Formset GUID
FORMID_MODIFY_AP, // Form ID
StartOpCodeHandle, // Label for where to insert opcodes
EndOpCodeHandle // Replace data
@@ -1104,207 +1106,6 @@ ExpandMemory (
}
-/**
- Collect all the access policy data to mUserInfo.AccessPolicy,
- and save it to user profile.
-
-**/
-VOID
-SaveAccessPolicy (
- VOID
- )
-{
- EFI_STATUS Status;
- UINTN OffSet;
- UINTN Size;
- EFI_USER_INFO_ACCESS_CONTROL Control;
- EFI_USER_INFO_HANDLE UserInfo;
- EFI_USER_INFO *Info;
-
- if (mUserInfo.AccessPolicy != NULL) {
- FreePool (mUserInfo.AccessPolicy);
- }
- mUserInfo.AccessPolicy = NULL;
- mUserInfo.AccessPolicyLen = 0;
- mUserInfo.AccessPolicyModified = TRUE;
- OffSet = 0;
-
- //
- // Save access right.
- //
- Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL);
- if (mUserInfo.AccessPolicyLen - OffSet < Size) {
- ExpandMemory (OffSet, Size);
- }
-
- Control.Type = mAccessInfo.AccessRight;
- Control.Size = (UINT32) Size;
- CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));
- OffSet += sizeof (Control);
-
- //
- // Save access setup.
- //
- Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + sizeof (EFI_GUID);
- if (mUserInfo.AccessPolicyLen - OffSet < Size) {
- ExpandMemory (OffSet, Size);
- }
-
- Control.Type = EFI_USER_INFO_ACCESS_SETUP;
- Control.Size = (UINT32) Size;
- CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));
- OffSet += sizeof (Control);
-
- if (mAccessInfo.AccessSetup == ACCESS_SETUP_NORMAL) {
- CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), &gEfiUserInfoAccessSetupNormalGuid);
- } else if (mAccessInfo.AccessSetup == ACCESS_SETUP_RESTRICTED) {
- CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), &gEfiUserInfoAccessSetupRestrictedGuid);
- } else if (mAccessInfo.AccessSetup == ACCESS_SETUP_ADMIN) {
- CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), &gEfiUserInfoAccessSetupAdminGuid);
- }
- OffSet += sizeof (EFI_GUID);
-
- //
- // Save access of boot order.
- //
- Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + sizeof (UINT32);
- if (mUserInfo.AccessPolicyLen - OffSet < Size) {
- ExpandMemory (OffSet, Size);
- }
-
- Control.Type = EFI_USER_INFO_ACCESS_BOOT_ORDER;
- Control.Size = (UINT32) Size;
- CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));
- OffSet += sizeof (Control);
-
- CopyMem ((UINT8 *) (mUserInfo.AccessPolicy + OffSet), &mAccessInfo.AccessBootOrder, sizeof (UINT32));
- OffSet += sizeof (UINT32);
-
- //
- // Save permit load.
- //
- if (mAccessInfo.LoadPermitLen > 0) {
- Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.LoadPermitLen;
- if (mUserInfo.AccessPolicyLen - OffSet < Size) {
- ExpandMemory (OffSet, Size);
- }
-
- Control.Type = EFI_USER_INFO_ACCESS_PERMIT_LOAD;
- Control.Size = (UINT32) Size;
- CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));
- OffSet += sizeof (Control);
-
- CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.LoadPermit, mAccessInfo.LoadPermitLen);
- OffSet += mAccessInfo.LoadPermitLen;
- }
-
- //
- // Save forbid load.
- //
- if (mAccessInfo.LoadForbidLen > 0) {
- Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.LoadForbidLen;
- if (mUserInfo.AccessPolicyLen - OffSet < Size) {
- ExpandMemory (OffSet, Size);
- }
-
- Control.Type = EFI_USER_INFO_ACCESS_FORBID_LOAD;
- Control.Size = (UINT32) Size;
- CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));
- OffSet += sizeof (Control);
-
- CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.LoadForbid, mAccessInfo.LoadForbidLen);
- OffSet += mAccessInfo.LoadForbidLen;
- }
-
- //
- // Save permit connect.
- //
- if (mAccessInfo.ConnectPermitLen > 0) {
- Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.ConnectPermitLen;
- if (mUserInfo.AccessPolicyLen - OffSet < Size) {
- ExpandMemory (OffSet, Size);
- }
-
- Control.Type = EFI_USER_INFO_ACCESS_PERMIT_CONNECT;
- Control.Size = (UINT32) Size;
- CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));
- OffSet += sizeof (Control);
-
- CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.ConnectPermit, mAccessInfo.ConnectPermitLen);
- OffSet += mAccessInfo.ConnectPermitLen;
- }
-
- //
- // Save forbid connect.
- //
- if (mAccessInfo.ConnectForbidLen > 0) {
- Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.ConnectForbidLen;
- if (mUserInfo.AccessPolicyLen - OffSet < Size) {
- ExpandMemory (OffSet, Size);
- }
-
- Control.Type = EFI_USER_INFO_ACCESS_FORBID_CONNECT;
- Control.Size = (UINT32) Size;
- CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));
- OffSet += sizeof (Control);
-
- CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.ConnectForbid, mAccessInfo.ConnectForbidLen);
- OffSet += mAccessInfo.ConnectForbidLen;
- }
-
- mUserInfo.AccessPolicyLen = OffSet;
-
- //
- // Save access policy.
- //
- if (mUserInfo.AccessPolicyModified && (mUserInfo.AccessPolicyLen > 0)) {
- Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + mUserInfo.AccessPolicyLen);
- if (Info == NULL) {
- return ;
- }
-
- Status = FindInfoByType (EFI_USER_INFO_ACCESS_POLICY_RECORD, &UserInfo);
- if (!EFI_ERROR (Status)) {
- Info->InfoType = EFI_USER_INFO_ACCESS_POLICY_RECORD;
- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV |
- EFI_USER_INFO_PUBLIC |
- EFI_USER_INFO_EXCLUSIVE;
- Info->InfoSize = (UINT32) (sizeof (EFI_USER_INFO) + mUserInfo.AccessPolicyLen);
- CopyMem ((UINT8 *) (Info + 1), mUserInfo.AccessPolicy, mUserInfo.AccessPolicyLen);
- Status = mUserManager->SetInfo (
- mUserManager,
- mModifyUser,
- &UserInfo,
- Info,
- Info->InfoSize
- );
- mUserInfo.AccessPolicyModified = FALSE;
- }
- FreePool (Info);
- }
-
- if (mAccessInfo.ConnectForbid != NULL) {
- FreePool (mAccessInfo.ConnectForbid);
- mAccessInfo.ConnectForbid = NULL;
- }
-
- if (mAccessInfo.ConnectPermit != NULL) {
- FreePool (mAccessInfo.ConnectPermit);
- mAccessInfo.ConnectPermit = NULL;
- }
-
- if (mAccessInfo.LoadForbid != NULL) {
- FreePool (mAccessInfo.LoadForbid);
- mAccessInfo.LoadForbid = NULL;
- }
-
- if (mAccessInfo.LoadPermit != NULL) {
- FreePool (mAccessInfo.LoadPermit);
- mAccessInfo.LoadPermit = NULL;
- }
-}
-
-
/**
Get the username from user input, and update username string in the Hii
database with it.
@@ -1392,7 +1193,7 @@ ModifyUserName (
//
// Save the user name.
//
- Status = FindInfoByType (EFI_USER_INFO_NAME_RECORD, &UserInfo);
+ Status = FindInfoByType (mModifyUser, EFI_USER_INFO_NAME_RECORD, &UserInfo);
if (!EFI_ERROR (Status)) {
mUserManager->SetInfo (
mUserManager,
@@ -1560,7 +1361,7 @@ ModifyIdentityPolicy (
HiiUpdateForm (
mCallbackInfo->HiiHandle, // HII handle
- &mUserProfileManagerGuid, // Formset GUID
+ &gUserProfileManagerGuid, // Formset GUID
FORMID_MODIFY_IP, // Form ID
StartOpCodeHandle, // Label for where to insert opcodes
EndOpCodeHandle // Replace data
@@ -1572,940 +1373,103 @@ ModifyIdentityPolicy (
/**
- Save the identity policy and update UI with it.
-
- This funciton will verify the new identity policy, in current implementation,
- the identity policy can be: T, P & P & P & ..., P | P | P | ...
- Here, "T" means "True", "P" means "Credential Provider", "&" means "and", "|" means "or".
- Other identity policies are not supported.
+ Get current user's access right.
+
+ @param[out] AccessRight Points to the buffer used for user's access right.
+
+ @retval EFI_SUCCESS Get current user access right successfully.
+ @retval others Fail to get current user access right.
**/
-VOID
-SaveIdentityPolicy (
- VOID
+EFI_STATUS
+GetAccessRight (
+ OUT UINT32 *AccessRight
)
{
EFI_STATUS Status;
- EFI_USER_INFO_IDENTITY_POLICY *Identity;
EFI_USER_INFO_HANDLE UserInfo;
EFI_USER_INFO *Info;
- EFI_INPUT_KEY Key;
- UINTN Offset;
- UINT32 OpCode;
UINTN InfoSize;
+ UINTN MemSize;
+ EFI_USER_INFO_ACCESS_CONTROL Access;
+ EFI_USER_PROFILE_HANDLE CurrentUser;
+ UINTN TotalLen;
+ UINTN CheckLen;
- if (!mUserInfo.NewIdentityPolicyModified || (mUserInfo.NewIdentityPolicyLen == 0)) {
- return;
+ //
+ // Allocate user information memory.
+ //
+ MemSize = sizeof (EFI_USER_INFO) + 63;
+ Info = AllocateZeroPool (MemSize);
+ if (Info == NULL) {
+ return EFI_OUT_OF_RESOURCES;
}
-
+
//
- // Check policy expression.
+ // Get user access information.
//
- OpCode = EFI_USER_INFO_IDENTITY_FALSE;
- Offset = 0;
- while (Offset < mUserInfo.NewIdentityPolicyLen) {
+ UserInfo = NULL;
+ mUserManager->Current (mUserManager, &CurrentUser);
+ while (TRUE) {
+ InfoSize = MemSize;
//
- // Check access policy according to type
+ // Get next user information.
//
- Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (mUserInfo.NewIdentityPolicy + Offset);
- switch (Identity->Type) {
-
- case EFI_USER_INFO_IDENTITY_TRUE:
- break;
-
- case EFI_USER_INFO_IDENTITY_OR:
- if (OpCode == EFI_USER_INFO_IDENTITY_AND) {
- CreatePopUp (
- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
- &Key,
- L"Invalid Identity Policy, Mixed Connector Unsupport!",
- L"",
- L"Press Any Key to Continue ...",
- NULL
- );
- return ;
- }
-
- OpCode = EFI_USER_INFO_IDENTITY_OR;
- break;
-
- case EFI_USER_INFO_IDENTITY_AND:
- if (OpCode == EFI_USER_INFO_IDENTITY_OR) {
- CreatePopUp (
- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
- &Key,
- L"Invalid Identity Policy, Mixed Connector Unsupport!",
- L"",
- L"Press Any Key to Continue ...",
- NULL
- );
- return ;
- }
-
- OpCode = EFI_USER_INFO_IDENTITY_AND;
- break;
-
- case EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER:
+ Status = mUserManager->GetNextInfo (mUserManager, CurrentUser, &UserInfo);
+ if (EFI_ERROR (Status)) {
break;
-
- default:
- CreatePopUp (
- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
- &Key,
- L"Unsupport parameter",
- L"",
- L"Press Any Key to Continue ...",
- NULL
- );
- return ;
}
- Offset += Identity->Length;
- }
-
- //
- // Save identity policy.
- //
- Info = AllocateZeroPool (
- sizeof (EFI_USER_INFO) +
- mUserInfo.NewIdentityPolicyLen
- );
- if (Info == NULL) {
- return ;
- }
- Status = FindInfoByType (EFI_USER_INFO_IDENTITY_POLICY_RECORD, &UserInfo);
- if (EFI_ERROR (Status)) {
- FreePool (Info);
- return ;
- }
-
- Info->InfoType = EFI_USER_INFO_IDENTITY_POLICY_RECORD;
- Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV |
- EFI_USER_INFO_PRIVATE |
- EFI_USER_INFO_EXCLUSIVE;
- Info->InfoSize = (UINT32) (sizeof (EFI_USER_INFO) + mUserInfo.NewIdentityPolicyLen);
- CopyMem ((UINT8 *) (Info + 1), mUserInfo.NewIdentityPolicy, mUserInfo.NewIdentityPolicyLen);
- Status = mUserManager->SetInfo (
- mUserManager,
- mModifyUser,
- &UserInfo,
- Info,
- Info->InfoSize
- );
- FreePool (Info);
- if (EFI_ERROR (Status)) {
- //
- // Get the user information again, it may be changed during saving it.
- //
- InfoSize = 0;
Status = mUserManager->GetInfo (
mUserManager,
- mModifyUser,
+ CurrentUser,
UserInfo,
Info,
&InfoSize
);
if (Status == EFI_BUFFER_TOO_SMALL) {
- Info = AllocateZeroPool (InfoSize);
- ASSERT (Info != NULL);
+ MemSize = InfoSize;
+ FreePool (Info);
+ Info = AllocateZeroPool (MemSize);
+ if (Info == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
Status = mUserManager->GetInfo (
mUserManager,
- mModifyUser,
+ CurrentUser,
UserInfo,
Info,
&InfoSize
);
}
- ASSERT_EFI_ERROR (Status);
-
- //
- // Save current identification policy to mUserInfo.IdentityPolicy.
- //
- ASSERT (Info != NULL);
- if (mUserInfo.IdentityPolicy != NULL) {
- FreePool (mUserInfo.IdentityPolicy);
- }
-
- mUserInfo.IdentityPolicyLen = Info->InfoSize - sizeof (EFI_USER_INFO);
- mUserInfo.IdentityPolicy = AllocateCopyPool (mUserInfo.IdentityPolicyLen, Info + 1);
- ASSERT (mUserInfo.IdentityPolicy != NULL);
-
- //
- // Free the memory
- //
- FreePool (Info);
- FreePool (mUserInfo.NewIdentityPolicy);
- } else {
- //
- // Update the mUserInfo.IdentityPolicy by mUserInfo.NewIdentityPolicy
- //
- if (mUserInfo.IdentityPolicy != NULL) {
- FreePool (mUserInfo.IdentityPolicy);
+ if (EFI_ERROR (Status)) {
+ break;
}
- mUserInfo.IdentityPolicy = mUserInfo.NewIdentityPolicy;
- mUserInfo.IdentityPolicyLen = mUserInfo.NewIdentityPolicyLen;
- }
-
- mUserInfo.NewIdentityPolicy = NULL;
- mUserInfo.NewIdentityPolicyLen = 0;
- mUserInfo.NewIdentityPolicyModified = FALSE;
-
- //
- // Update identity policy choice.
- //
- ResolveIdentityPolicy (
- mUserInfo.IdentityPolicy,
- mUserInfo.IdentityPolicyLen,
- STRING_TOKEN (STR_IDENTIFY_POLICY_VAL)
- );
-}
-
-
-/**
- Verify the new identity policy in the current implementation. The same credential
- provider can't appear twice in one identity policy.
-
- @param[in] NewGuid Points to the credential provider guid.
-
- @retval TRUE The NewGuid was found in the identity policy.
- @retval FALSE The NewGuid was not found.
-
-**/
-BOOLEAN
-CheckIdentityPolicy (
- IN EFI_GUID *NewGuid
- )
-{
- UINTN Offset;
- EFI_USER_INFO_IDENTITY_POLICY *Identity;
- EFI_INPUT_KEY Key;
-
- Offset = 0;
- while (Offset < mUserInfo.NewIdentityPolicyLen) {
+
//
- // Check access policy according to type.
+ // Check user information.
//
- Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (mUserInfo.NewIdentityPolicy + Offset);
- switch (Identity->Type) {
-
- case EFI_USER_INFO_IDENTITY_TRUE:
- case EFI_USER_INFO_IDENTITY_OR:
- case EFI_USER_INFO_IDENTITY_AND:
- break;
-
- case EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER:
- if (CompareGuid (NewGuid, (EFI_GUID *) (Identity + 1))) {
- CreatePopUp (
- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
- &Key,
- L"This Credential Provider Are Already Used!",
- L"",
- L"Press Any Key to Continue ...",
- NULL
- );
- return FALSE;
+ if (Info->InfoType == EFI_USER_INFO_ACCESS_POLICY_RECORD) {
+ TotalLen = Info->InfoSize - sizeof (EFI_USER_INFO);
+ CheckLen = 0;
+ //
+ // Get specified access information.
+ //
+ while (CheckLen < TotalLen) {
+ CopyMem (&Access, (UINT8 *) (Info + 1) + CheckLen, sizeof (Access));
+ if ((Access.Type == EFI_USER_INFO_ACCESS_ENROLL_SELF) ||
+ (Access.Type == EFI_USER_INFO_ACCESS_ENROLL_OTHERS) ||
+ (Access.Type == EFI_USER_INFO_ACCESS_MANAGE)
+ ) {
+ *AccessRight = Access.Type;
+ FreePool (Info);
+ return EFI_SUCCESS;
+ }
+ CheckLen += Access.Size;
}
- break;
-
- default:
- CreatePopUp (
- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
- &Key,
- L"Unsupport parameter",
- L"",
- L"Press Any Key to Continue ...",
- NULL
- );
- return FALSE;
}
-
- Offset += Identity->Length;
}
- return TRUE;
+ FreePool (Info);
+ return EFI_NOT_FOUND;
}
-
-/**
- Update the mUserInfo.NewIdentityPolicy, and UI when 'add option' is pressed.
-
-**/
-VOID
-AddIdentityPolicyItem (
- VOID
- )
-{
- UINT8 *NewInfo;
- EFI_USER_INFO_IDENTITY_POLICY *Policy;
-
- if (mProviderInfo->Count == 0) {
- return ;
- }
-
- if (!mUserInfo.NewIdentityPolicyModified && (mUserInfo.NewIdentityPolicyLen > 0)) {
- FreePool (mUserInfo.NewIdentityPolicy);
- mUserInfo.NewIdentityPolicy = NULL;
- mUserInfo.NewIdentityPolicyLen = 0;
- }
- //
- // Expand the identity policy memory for the newly added policy info.
- //
- if (mUserInfo.NewIdentityPolicyLen > 0) {
- //
- // The new policy is not empty, expand space for connetor and provider.
- //
- if (!CheckIdentityPolicy (&mProviderInfo->Provider[mProviderChoice]->Identifier)) {
- return ;
- }
- NewInfo = AllocateZeroPool (
- mUserInfo.NewIdentityPolicyLen +
- sizeof (EFI_USER_INFO_IDENTITY_POLICY) * 2 +
- sizeof (EFI_GUID)
- );
- } else {
- //
- // The new policy is empty, only expand space for provider.
- //
- NewInfo = AllocateZeroPool (
- mUserInfo.NewIdentityPolicyLen +
- sizeof (EFI_USER_INFO_IDENTITY_POLICY) +
- sizeof (EFI_GUID)
- );
- }
-
- if (NewInfo == NULL) {
- return ;
- }
-
- if (mUserInfo.NewIdentityPolicyLen > 0) {
- CopyMem (NewInfo, mUserInfo.NewIdentityPolicy, mUserInfo.NewIdentityPolicyLen);
- FreePool (mUserInfo.NewIdentityPolicy);
- }
- mUserInfo.NewIdentityPolicy = NewInfo;
-
- //
- // Save logical connector.
- //
- if (mUserInfo.NewIdentityPolicyLen > 0) {
- Policy = (EFI_USER_INFO_IDENTITY_POLICY *) (mUserInfo.NewIdentityPolicy +
- mUserInfo.NewIdentityPolicyLen);
- if (mConncetLogical == 0) {
- Policy->Type = EFI_USER_INFO_IDENTITY_AND;
- } else {
- Policy->Type = EFI_USER_INFO_IDENTITY_OR;
- }
-
- Policy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY);
- mUserInfo.NewIdentityPolicyLen += Policy->Length;
- }
-
- //
- // Save credential provider.
- //
- Policy = (EFI_USER_INFO_IDENTITY_POLICY *) (mUserInfo.NewIdentityPolicy +
- mUserInfo.NewIdentityPolicyLen);
- Policy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY) + sizeof (EFI_GUID);
- Policy->Type = EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER;
- CopyGuid ((EFI_GUID *) (Policy + 1), &mProviderInfo->Provider[mProviderChoice]->Identifier);
- mUserInfo.NewIdentityPolicyLen += Policy->Length;
-
- //
- // Update identity policy choice.
- //
- mUserInfo.NewIdentityPolicyModified = TRUE;
- ResolveIdentityPolicy (
- mUserInfo.NewIdentityPolicy,
- mUserInfo.NewIdentityPolicyLen,
- STRING_TOKEN (STR_IDENTIFY_POLICY_VALUE)
- );
-}
-
-
-/**
- Create an action OpCode with QuestionID and DevicePath on a given OpCodeHandle.
-
- @param[in] QuestionID The question ID.
- @param[in] DevicePath Points to device path.
- @param[in] OpCodeHandle Points to container for dynamic created opcodes.
-
-**/
-VOID
-AddDevicePath (
- IN UINTN QuestionID,
- IN EFI_DEVICE_PATH_PROTOCOL *DevicePath,
- IN VOID *OpCodeHandle
- )
-{
- EFI_STATUS Status;
- EFI_DEVICE_PATH_PROTOCOL *Next;
- EFI_STRING_ID NameID;
- EFI_STRING DriverName;
- EFI_DEVICE_PATH_TO_TEXT_PROTOCOL *DevicePathText;
-
- //
- // Locate device path to text protocol.
- //
- Status = gBS->LocateProtocol (
- &gEfiDevicePathToTextProtocolGuid,
- NULL,
- (VOID **) &DevicePathText
- );
- if (EFI_ERROR (Status)) {
- return ;
- }
-
- //
- // Get driver file name node.
- //
- Next = DevicePath;
- while (!IsDevicePathEnd (Next)) {
- DevicePath = Next;
- Next = NextDevicePathNode (Next);
- }
-
- //
- // Display the device path in form.
- //
- DriverName = DevicePathText->ConvertDevicePathToText (DevicePath, FALSE, FALSE);
- NameID = HiiSetString (mCallbackInfo->HiiHandle, 0, DriverName, NULL);
- FreePool (DriverName);
- if (NameID == 0) {
- return ;
- }
-
- HiiCreateActionOpCode (
- OpCodeHandle, // Container for dynamic created opcodes
- (UINT16) QuestionID, // Question ID
- NameID, // Prompt text
- STRING_TOKEN (STR_NULL_STRING), // Help text
- EFI_IFR_FLAG_CALLBACK, // Question flag
- 0 // Action String ID
- );
-}
-
-
-/**
- Check whether the DevicePath is in the device path forbid list
- (mAccessInfo.LoadForbid).
-
- @param[in] DevicePath Points to device path.
-
- @retval TRUE The DevicePath is in the device path forbid list.
- @retval FALSE The DevicePath is not in the device path forbid list.
-
-**/
-BOOLEAN
-IsLoadForbidden (
- IN EFI_DEVICE_PATH_PROTOCOL *DevicePath
- )
-{
- UINTN OffSet;
- UINTN DPSize;
- UINTN Size;
- EFI_DEVICE_PATH_PROTOCOL *Dp;
-
- OffSet = 0;
- Size = GetDevicePathSize (DevicePath);
- //
- // Check each device path.
- //
- while (OffSet < mAccessInfo.LoadForbidLen) {
- Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + OffSet);
- DPSize = GetDevicePathSize (Dp);
- //
- // Compare device path.
- //
- if ((DPSize == Size) && (CompareMem (DevicePath, Dp, Size) == 0)) {
- return TRUE;
- }
- OffSet += DPSize;
- }
- return FALSE;
-}
-
-
-/**
- Display the permit load device path in the loadable device path list.
-
-**/
-VOID
-DisplayLoadPermit(
- VOID
- )
-{
- EFI_STATUS Status;
- CHAR16 *Order;
- UINTN OrderSize;
- UINTN ListCount;
- UINTN Index;
- UINT8 *Var;
- UINT8 *VarPtr;
- CHAR16 VarName[12];
- VOID *StartOpCodeHandle;
- VOID *EndOpCodeHandle;
- EFI_IFR_GUID_LABEL *StartLabel;
- EFI_IFR_GUID_LABEL *EndLabel;
-
- //
- // Get DriverOrder.
- //
- OrderSize = 0;
- Status = gRT->GetVariable (
- L"DriverOrder",
- &gEfiGlobalVariableGuid,
- NULL,
- &OrderSize,
- NULL
- );
- if (Status != EFI_BUFFER_TOO_SMALL) {
- return ;
- }
-
- Order = AllocateZeroPool (OrderSize);
- if (Order == NULL) {
- return ;
- }
-
- Status = gRT->GetVariable (
- L"DriverOrder",
- &gEfiGlobalVariableGuid,
- NULL,
- &OrderSize,
- Order
- );
- if (EFI_ERROR (Status)) {
- return ;
- }
-
- //
- // Initialize the container for dynamic opcodes.
- //
- StartOpCodeHandle = HiiAllocateOpCodeHandle ();
- ASSERT (StartOpCodeHandle != NULL);
-
- EndOpCodeHandle = HiiAllocateOpCodeHandle ();
- ASSERT (EndOpCodeHandle != NULL);
-
- //
- // Create Hii Extend Label OpCode.
- //
- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
- StartOpCodeHandle,
- &gEfiIfrTianoGuid,
- NULL,
- sizeof (EFI_IFR_GUID_LABEL)
- );
- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
- StartLabel->Number = LABEL_PERMIT_LOAD_FUNC;
-
- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
- EndOpCodeHandle,
- &gEfiIfrTianoGuid,
- NULL,
- sizeof (EFI_IFR_GUID_LABEL)
- );
- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
- EndLabel->Number = LABEL_END;
-
- //
- // Add each driver option.
- //
- Var = NULL;
- ListCount = OrderSize / sizeof (UINT16);
- for (Index = 0; Index < ListCount; Index++) {
- //
- // Get driver device path.
- //
- UnicodeSPrint (VarName, sizeof (VarName), L"Driver%04x", Order[Index]);
- Var = GetEfiGlobalVariable (VarName);
- if (Var == NULL) {
- continue;
- }
-
- //
- // Check whether the driver is already forbidden.
- //
-
- VarPtr = Var;
- //
- // Skip attribute.
- //
- VarPtr += sizeof (UINT32);
-
- //
- // Skip device path lenth.
- //
- VarPtr += sizeof (UINT16);
-
- //
- // Skip descript string.
- //
- VarPtr += StrSize ((UINT16 *) VarPtr);
-
- if (IsLoadForbidden ((EFI_DEVICE_PATH_PROTOCOL *) VarPtr)) {
- FreePool (Var);
- Var = NULL;
- continue;
- }
-
- AddDevicePath (
- KEY_MODIFY_USER | KEY_MODIFY_AP_DP | KEY_LOAD_PERMIT_MODIFY | Order[Index],
- (EFI_DEVICE_PATH_PROTOCOL *) VarPtr,
- StartOpCodeHandle
- );
- FreePool (Var);
- Var = NULL;
- }
-
- HiiUpdateForm (
- mCallbackInfo->HiiHandle, // HII handle
- &mUserProfileManagerGuid, // Formset GUID
- FORMID_PERMIT_LOAD_DP, // Form ID
- StartOpCodeHandle, // Label for where to insert opcodes
- EndOpCodeHandle // Replace data
- );
-
- HiiFreeOpCodeHandle (StartOpCodeHandle);
- HiiFreeOpCodeHandle (EndOpCodeHandle);
-
- //
- // Clear Environment.
- //
- if (Var != NULL) {
- FreePool (Var);
- }
- FreePool (Order);
-}
-
-
-/**
- Display the forbid load device path list (mAccessInfo.LoadForbid).
-
-**/
-VOID
-DisplayLoadForbid (
- VOID
- )
-{
- UINTN Offset;
- UINTN DPSize;
- UINTN Index;
- EFI_DEVICE_PATH_PROTOCOL *Dp;
- VOID *StartOpCodeHandle;
- VOID *EndOpCodeHandle;
- EFI_IFR_GUID_LABEL *StartLabel;
- EFI_IFR_GUID_LABEL *EndLabel;
-
- //
- // Initialize the container for dynamic opcodes.
- //
- StartOpCodeHandle = HiiAllocateOpCodeHandle ();
- ASSERT (StartOpCodeHandle != NULL);
-
- EndOpCodeHandle = HiiAllocateOpCodeHandle ();
- ASSERT (EndOpCodeHandle != NULL);
-
- //
- // Create Hii Extend Label OpCode.
- //
- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
- StartOpCodeHandle,
- &gEfiIfrTianoGuid,
- NULL,
- sizeof (EFI_IFR_GUID_LABEL)
- );
- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
- StartLabel->Number = LABLE_FORBID_LOAD_FUNC;
-
- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
- EndOpCodeHandle,
- &gEfiIfrTianoGuid,
- NULL,
- sizeof (EFI_IFR_GUID_LABEL)
- );
- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
- EndLabel->Number = LABEL_END;
-
- //
- // Add each forbid load drivers.
- //
- Offset = 0;
- Index = 0;
- while (Offset < mAccessInfo.LoadForbidLen) {
- Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + Offset);
- DPSize = GetDevicePathSize (Dp);
- AddDevicePath (
- KEY_MODIFY_USER | KEY_MODIFY_AP_DP | KEY_LOAD_FORBID_MODIFY | Index,
- Dp,
- StartOpCodeHandle
- );
- Index++;
- Offset += DPSize;
- }
-
- HiiUpdateForm (
- mCallbackInfo->HiiHandle, // HII handle
- &mUserProfileManagerGuid, // Formset GUID
- FORMID_FORBID_LOAD_DP, // Form ID
- StartOpCodeHandle, // Label for where to insert opcodes
- EndOpCodeHandle // Replace data
- );
-
- HiiFreeOpCodeHandle (StartOpCodeHandle);
- HiiFreeOpCodeHandle (EndOpCodeHandle);
-}
-
-
-/**
- Display the permit connect device path.
-
-**/
-VOID
-DisplayConnectPermit (
- VOID
- )
-{
- //
- // Note:
- // As no architect protocol/interface to be called in ConnectController()
- // to verify the device path, just add a place holder for permitted connect
- // device path.
- //
-}
-
-
-/**
- Display the forbid connect device path list.
-
-**/
-VOID
-DisplayConnectForbid (
- VOID
- )
-{
- //
- // Note:
- // As no architect protocol/interface to be called in ConnectController()
- // to verify the device path, just add a place holder for forbidden connect
- // device path.
- //
-}
-
-
-/**
- Delete the specified device path by DriverIndex from the forbid device path
- list (mAccessInfo.LoadForbid).
-
- @param[in] DriverIndex The index of driver in forbidden device path list.
-
-**/
-VOID
-DeleteFromForbidLoad (
- IN UINT16 DriverIndex
- )
-{
- UINTN OffSet;
- UINTN DPSize;
- UINTN OffLen;
- EFI_DEVICE_PATH_PROTOCOL *Dp;
-
- OffSet = 0;
- //
- // Find the specified device path.
- //
- while ((OffSet < mAccessInfo.LoadForbidLen) && (DriverIndex > 0)) {
- Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + OffSet);
- DPSize = GetDevicePathSize (Dp);
- OffSet += DPSize;
- DriverIndex--;
- }
-
- //
- // Specified device path found.
- //
- if (DriverIndex == 0) {
- Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + OffSet);
- DPSize = GetDevicePathSize (Dp);
- OffLen = mAccessInfo.LoadForbidLen - OffSet - DPSize;
- if (OffLen > 0) {
- CopyMem (
- mAccessInfo.LoadForbid + OffSet,
- mAccessInfo.LoadForbid + OffSet + DPSize,
- OffLen
- );
- }
- mAccessInfo.LoadForbidLen -= DPSize;
- }
-}
-
-
-/**
- Add the specified device path by DriverIndex to the forbid device path
- list (mAccessInfo.LoadForbid).
-
- @param[in] DriverIndex The index of driver saved in driver options.
-
-**/
-VOID
-AddToForbidLoad (
- IN UINT16 DriverIndex
- )
-{
- UINTN DevicePathLen;
- UINT8 *Var;
- UINT8 *VarPtr;
- UINTN NewLen;
- UINT8 *NewFL;
- CHAR16 VarName[13];
-
- //
- // Get loadable driver device path.
- //
- UnicodeSPrint (VarName, sizeof (VarName), L"Driver%04x", DriverIndex);
- Var = GetEfiGlobalVariable (VarName);
- if (Var == NULL) {
- return;
- }
-
- //
- // Save forbid load driver.
- //
-
- VarPtr = Var;
- //
- // Skip attribute.
- //
- VarPtr += sizeof (UINT32);
-
- DevicePathLen = *(UINT16 *) VarPtr;
- //
- // Skip device path length.
- //
- VarPtr += sizeof (UINT16);
-
- //
- // Skip description string.
- //
- VarPtr += StrSize ((UINT16 *) VarPtr);
-
- NewLen = mAccessInfo.LoadForbidLen + DevicePathLen;
- NewFL = AllocateZeroPool (NewLen);
- if (NewFL == NULL) {
- FreePool (Var);
- return ;
- }
-
- if (mAccessInfo.LoadForbidLen > 0) {
- CopyMem (NewFL, mAccessInfo.LoadForbid, mAccessInfo.LoadForbidLen);
- FreePool (mAccessInfo.LoadForbid);
- }
-
- CopyMem (NewFL + mAccessInfo.LoadForbidLen, VarPtr, DevicePathLen);
- mAccessInfo.LoadForbidLen = NewLen;
- mAccessInfo.LoadForbid = NewFL;
- FreePool (Var);
-}
-
-
-/**
- Get current user's access right.
-
- @param[out] AccessRight Points to the buffer used for user's access right.
-
- @retval EFI_SUCCESS Get current user access right successfully.
- @retval others Fail to get current user access right.
-
-**/
-EFI_STATUS
-GetAccessRight (
- OUT UINT32 *AccessRight
- )
-{
- EFI_STATUS Status;
- EFI_USER_INFO_HANDLE UserInfo;
- EFI_USER_INFO *Info;
- UINTN InfoSize;
- UINTN MemSize;
- EFI_USER_INFO_ACCESS_CONTROL Access;
- EFI_USER_PROFILE_HANDLE CurrentUser;
- UINTN TotalLen;
- UINTN CheckLen;
-
- //
- // Allocate user information memory.
- //
- MemSize = sizeof (EFI_USER_INFO) + 63;
- Info = AllocateZeroPool (MemSize);
- if (Info == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
-
- //
- // Get user access information.
- //
- UserInfo = NULL;
- mUserManager->Current (mUserManager, &CurrentUser);
- while (TRUE) {
- InfoSize = MemSize;
- //
- // Get next user information.
- //
- Status = mUserManager->GetNextInfo (mUserManager, CurrentUser, &UserInfo);
- if (EFI_ERROR (Status)) {
- break;
- }
-
- Status = mUserManager->GetInfo (
- mUserManager,
- CurrentUser,
- UserInfo,
- Info,
- &InfoSize
- );
- if (Status == EFI_BUFFER_TOO_SMALL) {
- MemSize = InfoSize;
- FreePool (Info);
- Info = AllocateZeroPool (MemSize);
- if (Info == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
- Status = mUserManager->GetInfo (
- mUserManager,
- CurrentUser,
- UserInfo,
- Info,
- &InfoSize
- );
- }
- if (EFI_ERROR (Status)) {
- break;
- }
-
- //
- // Check user information.
- //
- if (Info->InfoType == EFI_USER_INFO_ACCESS_POLICY_RECORD) {
- TotalLen = Info->InfoSize - sizeof (EFI_USER_INFO);
- CheckLen = 0;
- //
- // Get specified access information.
- //
- while (CheckLen < TotalLen) {
- CopyMem (&Access, (UINT8 *) (Info + 1) + CheckLen, sizeof (Access));
- if ((Access.Type == EFI_USER_INFO_ACCESS_ENROLL_SELF) ||
- (Access.Type == EFI_USER_INFO_ACCESS_ENROLL_OTHERS) ||
- (Access.Type == EFI_USER_INFO_ACCESS_MANAGE)
- ) {
- *AccessRight = Access.Type;
- FreePool (Info);
- return EFI_SUCCESS;
- }
- CheckLen += Access.Size;
- }
- }
- }
- FreePool (Info);
- return EFI_NOT_FOUND;
-}
-
-
-