]> git.proxmox.com Git - mirror_edk2.git/blame - NetworkPkg/Application/IpsecConfig/IpSecConfig.c
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add check before using it to avoid access violation.
[mirror_edk2.git] / NetworkPkg / Application / IpsecConfig / IpSecConfig.c
CommitLineData
a3bcde70
HT		 1/** @file\r
2 The main process for IpSecConfig application.\r
3\r
9bdc6592 4 Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>\r
a3bcde70
HT		 5\r
6 This program and the accompanying materials\r
7 are licensed and made available under the terms and conditions of the BSD License\r
8 which accompanies this distribution. The full text of the license may be found at\r
9 http://opensource.org/licenses/bsd-license.php.\r
10\r
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
13\r
14**/\r
15\r
16#include <Library/UefiRuntimeServicesTableLib.h>\r
17#include <Library/HiiLib.h>\r
18\r
19#include <Protocol/IpSec.h>\r
20\r
21#include "IpSecConfig.h"\r
22#include "Dump.h"\r
23#include "Indexer.h"\r
24#include "PolicyEntryOperation.h"\r
25#include "Delete.h"\r
26#include "Helper.h"\r
27\r
28//\r
29// Used for ShellCommandLineParseEx only\r
30// and to ensure user inputs are in valid format\r
31//\r
32SHELL_PARAM_ITEM mIpSecConfigParamList[] = {\r
33 { L"-p", TypeValue },\r
34 { L"-a", TypeValue },\r
35 { L"-i", TypeValue },\r
36 { L"-e", TypeValue },\r
37 { L"-d", TypeValue },\r
38 { L"-f", TypeFlag },\r
39 { L"-l", TypeFlag },\r
40 { L"-enable", TypeFlag },\r
41 { L"-disable", TypeFlag },\r
42 { L"-status", TypeFlag },\r
43 { L"-?", TypeFlag },\r
44\r
45 //\r
46 // SPD Selector\r
47 //\r
48 { L"--local", TypeValue },\r
49 { L"--remote", TypeValue },\r
50 { L"--proto", TypeValue },\r
51 { L"--local-port", TypeValue },\r
52 { L"--remote-port", TypeValue },\r
53 { L"--icmp-type", TypeValue },\r
54 { L"--icmp-code", TypeValue },\r
55\r
56 //\r
57 // SPD Data\r
58 //\r
59 { L"--name", TypeValue },\r
60 { L"--packet-flag", TypeValue },\r
61 { L"--action", TypeValue },\r
62 { L"--lifebyte", TypeValue },\r
63 { L"--lifetime-soft", TypeValue },\r
64 { L"--lifetime", TypeValue },\r
65 { L"--mode", TypeValue },\r
66 { L"--tunnel-local", TypeValue },\r
67 { L"--tunnel-remote", TypeValue },\r
68 { L"--dont-fragment", TypeValue },\r
69 { L"--ipsec-proto", TypeValue },\r
70 { L"--auth-algo", TypeValue },\r
71 { L"--encrypt-algo", TypeValue },\r
72\r
73 { L"--ext-sequence", TypeFlag },\r
74 { L"--sequence-overflow", TypeFlag },\r
75 { L"--fragment-check", TypeFlag },\r
76 { L"--ext-sequence-", TypeFlag },\r
77 { L"--sequence-overflow-", TypeFlag },\r
78 { L"--fragment-check-", TypeFlag },\r
79\r
80 //\r
81 // SA ID\r
82 // --ipsec-proto\r
83 //\r
84 { L"--spi", TypeValue },\r
64b2d0e5 85 { L"--tunnel-dest", TypeValue },\r
86 { L"--tunnel-source", TypeValue },\r
a3bcde70
HT		 87 { L"--lookup-spi", TypeValue },\r
88 { L"--lookup-ipsec-proto", TypeValue },\r
89 { L"--lookup-dest", TypeValue },\r
90\r
91 //\r
92 // SA DATA\r
93 // --mode\r
94 // --auth-algo\r
95 // --encrypt-algo\r
96 //\r
97 { L"--sequence-number", TypeValue },\r
98 { L"--antireplay-window", TypeValue },\r
99 { L"--auth-key", TypeValue },\r
100 { L"--encrypt-key", TypeValue },\r
101 { L"--path-mtu", TypeValue },\r
102\r
103 //\r
104 // PAD ID\r
105 //\r
106 { L"--peer-id", TypeValue },\r
107 { L"--peer-address", TypeValue },\r
108 { L"--auth-proto", TypeValue },\r
109 { L"--auth-method", TypeValue },\r
110 { L"--ike-id", TypeValue },\r
111 { L"--ike-id-", TypeValue },\r
112 { L"--auth-data", TypeValue },\r
113 { L"--revocation-data", TypeValue },\r
114 { L"--lookup-peer-id", TypeValue },\r
115 { L"--lookup-peer-address", TypeValue },\r
116\r
117 { NULL, TypeMax },\r
118};\r
119\r
120//\r
121// -P\r
122//\r
123STR2INT mMapPolicy[] = {\r
124 { L"SPD", IPsecConfigDataTypeSpd },\r
125 { L"SAD", IPsecConfigDataTypeSad },\r
126 { L"PAD", IPsecConfigDataTypePad },\r
127 { NULL, 0 },\r
128};\r
129\r
130//\r
131// --proto\r
132//\r
133STR2INT mMapIpProtocol[] = {\r
134 { L"TCP", EFI_IP4_PROTO_TCP },\r
135 { L"UDP", EFI_IP4_PROTO_UDP },\r
136 { L"ICMP", EFI_IP4_PROTO_ICMP },\r
137 { NULL, 0 },\r
138};\r
139\r
140//\r
141// --action\r
142//\r
143STR2INT mMapIpSecAction[] = {\r
144 { L"Bypass", EfiIPsecActionBypass },\r
145 { L"Discard", EfiIPsecActionDiscard },\r
146 { L"Protect", EfiIPsecActionProtect },\r
147 { NULL, 0 },\r
148};\r
149\r
150//\r
151// --mode\r
152//\r
153STR2INT mMapIpSecMode[] = {\r
154 { L"Transport", EfiIPsecTransport },\r
155 { L"Tunnel", EfiIPsecTunnel },\r
156 { NULL, 0 },\r
157};\r
158\r
159//\r
160// --dont-fragment\r
161//\r
162STR2INT mMapDfOption[] = {\r
163 { L"clear", EfiIPsecTunnelClearDf },\r
164 { L"set", EfiIPsecTunnelSetDf },\r
165 { L"copy", EfiIPsecTunnelCopyDf },\r
166 { NULL, 0 },\r
167};\r
168\r
169//\r
170// --ipsec-proto\r
171//\r
172STR2INT mMapIpSecProtocol[] = {\r
173 { L"AH", EfiIPsecAH },\r
174 { L"ESP", EfiIPsecESP },\r
175 { NULL, 0 },\r
176};\r
177\r
178//\r
179// --auth-algo\r
180//\r
181STR2INT mMapAuthAlgo[] = {\r
780847d1 182 { L"NONE", IPSEC_AALG_NONE },\r
183 { L"MD5HMAC", IPSEC_AALG_MD5HMAC },\r
184 { L"SHA1HMAC", IPSEC_AALG_SHA1HMAC },\r
185 { L"SHA2-256HMAC", IPSEC_AALG_SHA2_256HMAC },\r
186 { L"SHA2-384HMAC", IPSEC_AALG_SHA2_384HMAC },\r
187 { L"SHA2-512HMAC", IPSEC_AALG_SHA2_512HMAC },\r
188 { L"AES-XCBC-MAC", IPSEC_AALG_AES_XCBC_MAC },\r
189 { L"NULL", IPSEC_AALG_NULL },\r
a3bcde70
HT		 190 { NULL, 0 },\r
191};\r
192\r
193//\r
194// --encrypt-algo\r
195//\r
196STR2INT mMapEncAlgo[] = {\r
780847d1 197 { L"NONE", IPSEC_EALG_NONE },\r
198 { L"DESCBC", IPSEC_EALG_DESCBC },\r
199 { L"3DESCBC", IPSEC_EALG_3DESCBC },\r
200 { L"CASTCBC", IPSEC_EALG_CASTCBC },\r
201 { L"BLOWFISHCBC", IPSEC_EALG_BLOWFISHCBC },\r
202 { L"NULL", IPSEC_EALG_NULL },\r
203 { L"AESCBC", IPSEC_EALG_AESCBC },\r
204 { L"AESCTR", IPSEC_EALG_AESCTR },\r
205 { L"AES-CCM-ICV8", IPSEC_EALG_AES_CCM_ICV8 },\r
206 { L"AES-CCM-ICV12",IPSEC_EALG_AES_CCM_ICV12 },\r
207 { L"AES-CCM-ICV16",IPSEC_EALG_AES_CCM_ICV16 },\r
208 { L"AES-GCM-ICV8", IPSEC_EALG_AES_GCM_ICV8 },\r
209 { L"AES-GCM-ICV12",IPSEC_EALG_AES_GCM_ICV12 },\r
210 { L"AES-GCM-ICV16",IPSEC_EALG_AES_GCM_ICV16 },\r
a3bcde70
HT		 211 { NULL, 0 },\r
212};\r
213\r
214//\r
215// --auth-proto\r
216//\r
217STR2INT mMapAuthProto[] = {\r
218 { L"IKEv1", EfiIPsecAuthProtocolIKEv1 },\r
219 { L"IKEv2", EfiIPsecAuthProtocolIKEv2 },\r
220 { NULL, 0 },\r
221};\r
222\r
223//\r
224// --auth-method\r
225//\r
226STR2INT mMapAuthMethod[] = {\r
227 { L"PreSharedSecret", EfiIPsecAuthMethodPreSharedSecret },\r
228 { L"Certificates", EfiIPsecAuthMethodCertificates },\r
229 { NULL, 0 },\r
230};\r
231\r
780847d1 232EFI_IPSEC2_PROTOCOL *mIpSec;\r
a3bcde70
HT		 233EFI_IPSEC_CONFIG_PROTOCOL *mIpSecConfig;\r
234EFI_HII_HANDLE mHiiHandle;\r
a3bcde70
HT		 235CHAR16 mAppName[] = L"IpSecConfig";\r
236\r
237//\r
238// Used for IpSecConfigRetriveCheckListByName only to check the validation of user input\r
239//\r
240VAR_CHECK_ITEM mIpSecConfigVarCheckList[] = {\r
241 { L"-enable", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },\r
242 { L"-disable", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },\r
243 { L"-status", BIT(1)|BIT(0), BIT(1), BIT(2)|BIT(1)|BIT(0), 0 },\r
244 { L"-p", BIT(1), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r
245\r
246 { L"-a", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r
247 { L"-i", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r
248 { L"-d", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r
249 { L"-e", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r
250 { L"-l", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r
251 { L"-f", BIT(0), 0, BIT(2)|BIT(1)|BIT(0), 0 },\r
252\r
253 { L"-?", BIT(0), BIT(0), BIT(2)|BIT(1)|BIT(0), 0 },\r
254\r
255 //\r
256 // SPD Selector\r
257 //\r
258 { L"--local", 0, 0, BIT(2)|BIT(1), 0 },\r
259 { L"--remote", 0, 0, BIT(2)|BIT(1), 0 },\r
260 { L"--proto", 0, 0, BIT(2)|BIT(1), 0 },\r
261 { L"--local-port", 0, 0, BIT(2)|BIT(1), BIT(0) },\r
262 { L"--remote-port", 0, 0, BIT(2)|BIT(1), BIT(0) },\r
263 { L"--icmp-type", 0, 0, BIT(2)|BIT(1), BIT(1) },\r
264 { L"--icmp-code", 0, 0, BIT(2)|BIT(1), BIT(1) },\r
265\r
266 //\r
267 // SPD Data\r
268 //\r
269 { L"--name", 0, 0, BIT(2), 0 },\r
270 { L"--packet-flag", 0, 0, BIT(2), 0 },\r
271 { L"--action", 0, 0, BIT(2)|BIT(1), 0 },\r
272 { L"--lifebyte", 0, 0, BIT(2)|BIT(1), 0 },\r
273 { L"--lifetime-soft", 0, 0, BIT(2)|BIT(1), 0 },\r
274 { L"--lifetime", 0, 0, BIT(2)|BIT(1), 0 },\r
275 { L"--mode", 0, 0, BIT(2)|BIT(1), 0 },\r
276 { L"--tunnel-local", 0, 0, BIT(2), 0 },\r
277 { L"--tunnel-remote", 0, 0, BIT(2), 0 },\r
278 { L"--dont-fragment", 0, 0, BIT(2), 0 },\r
279 { L"--ipsec-proto", 0, 0, BIT(2)|BIT(1), 0 },\r
280 { L"--auth-algo", 0, 0, BIT(2)|BIT(1), 0 },\r
281 { L"--encrypt-algo", 0, 0, BIT(2)|BIT(1), 0 },\r
282\r
283 { L"--ext-sequence", 0, 0, BIT(2), BIT(2) },\r
284 { L"--sequence-overflow", 0, 0, BIT(2), BIT(2) },\r
285 { L"--fragment-check", 0, 0, BIT(2), BIT(2) },\r
286 { L"--ext-sequence-", 0, 0, BIT(2), BIT(3) },\r
287 { L"--sequence-overflow-", 0, 0, BIT(2), BIT(3) },\r
288 { L"--fragment-check-", 0, 0, BIT(2), BIT(3) },\r
289\r
290 //\r
291 // SA ID\r
292 // --ipsec-proto\r
293 //\r
294 { L"--spi", 0, 0, BIT(1), 0 },\r
64b2d0e5 295 { L"--tunnel-dest", 0, 0, BIT(1), 0 },\r
296 { L"--tunnel-source", 0, 0, BIT(1), 0 },\r
a3bcde70
HT		 297 { L"--lookup-spi", 0, 0, BIT(1), 0 },\r
298 { L"--lookup-ipsec-proto", 0, 0, BIT(1), 0 },\r
299 { L"--lookup-dest", 0, 0, BIT(1), 0 },\r
300\r
301 //\r
302 // SA DATA\r
303 // --mode\r
304 // --auth-algo\r
305 // --encrypt-algo\r
306 //\r
307 { L"--sequence-number", 0, 0, BIT(1), 0 },\r
308 { L"--antireplay-window", 0, 0, BIT(1), 0 },\r
309 { L"--auth-key", 0, 0, BIT(1), 0 },\r
310 { L"--encrypt-key", 0, 0, BIT(1), 0 },\r
311 { L"--path-mtu", 0, 0, BIT(1), 0 },\r
312\r
313 //\r
314 // The example to add a PAD:\r
315 // "-A --peer-id Mike [--peer-address 10.23.2.2] --auth-proto IKE1/IKE2\r
316 // --auth-method PreSharedSeceret/Certificate --ike-id\r
317 // --auth-data 343343 --revocation-data 2342432"\r
318 // The example to delete a PAD:\r
319 // "-D * --lookup-peer-id Mike [--lookup-peer-address 10.23.2.2]"\r
320 // "-D 1"\r
321 // The example to edit a PAD:\r
322 // "-E * --lookup-peer-id Mike --auth-method Certificate"\r
323\r
324 //\r
325 // PAD ID\r
326 //\r
327 { L"--peer-id", 0, 0, BIT(0), BIT(4) },\r
328 { L"--peer-address", 0, 0, BIT(0), BIT(5) },\r
329 { L"--auth-proto", 0, 0, BIT(0), 0 },\r
330 { L"--auth-method", 0, 0, BIT(0), 0 },\r
331 { L"--IKE-ID", 0, 0, BIT(0), BIT(6) },\r
332 { L"--IKE-ID-", 0, 0, BIT(0), BIT(7) },\r
333 { L"--auth-data", 0, 0, BIT(0), 0 },\r
334 { L"--revocation-data", 0, 0, BIT(0), 0 },\r
335 { L"--lookup-peer-id", 0, 0, BIT(0), BIT(4) },\r
336 { L"--lookup-peer-address",0, 0, BIT(0), BIT(5) },\r
337\r
338 { NULL, 0, 0, 0, 0 },\r
339};\r
340\r
341/**\r
342 The function to allocate the proper sized buffer for various\r
343 EFI interfaces.\r
344\r
345 @param[in, out] Status Current status.\r
346 @param[in, out] Buffer Current allocated buffer, or NULL.\r
347 @param[in] BufferSize Current buffer size needed\r
348\r
349 @retval TRUE If the buffer was reallocated and the caller should try the API again.\r
350 @retval FALSE If the buffer was not reallocated successfully.\r
351**/\r
352BOOLEAN\r
353GrowBuffer (\r
354 IN OUT EFI_STATUS *Status,\r
355 IN OUT VOID **Buffer,\r
356 IN UINTN BufferSize\r
357 )\r
358{\r
359 BOOLEAN TryAgain;\r
360\r
361 ASSERT (Status != NULL);\r
362 ASSERT (Buffer != NULL);\r
363\r
364 //\r
365 // If this is an initial request, buffer will be null with a new buffer size.\r
366 //\r
367 if ((NULL == *Buffer) && (BufferSize != 0)) {\r
368 *Status = EFI_BUFFER_TOO_SMALL;\r
369 }\r
370\r
371 //\r
372 // If the status code is "buffer too small", resize the buffer.\r
373 //\r
374 TryAgain = FALSE;\r
375 if (*Status == EFI_BUFFER_TOO_SMALL) {\r
376\r
377 if (*Buffer != NULL) {\r
378 FreePool (*Buffer);\r
379 }\r
380\r
381 *Buffer = AllocateZeroPool (BufferSize);\r
382\r
383 if (*Buffer != NULL) {\r
384 TryAgain = TRUE;\r
385 } else {\r
386 *Status = EFI_OUT_OF_RESOURCES;\r
387 }\r
388 }\r
389\r
390 //\r
391 // If there's an error, free the buffer.\r
392 //\r
393 if (!TryAgain && EFI_ERROR (*Status) && (*Buffer != NULL)) {\r
394 FreePool (*Buffer);\r
395 *Buffer = NULL;\r
396 }\r
397\r
398 return TryAgain;\r
399}\r
400\r
401/**\r
402 Function returns an array of handles that support the requested protocol\r
403 in a buffer allocated from a pool.\r
404\r
405 @param[in] SearchType Specifies which handle(s) are to be returned.\r
406 @param[in] Protocol Provides the protocol to search by.\r
407 This parameter is only valid for SearchType ByProtocol.\r
408\r
409 @param[in] SearchKey Supplies the search key depending on the SearchType.\r
410 @param[in, out] NoHandles The number of handles returned in Buffer.\r
411 @param[out] Buffer A pointer to the buffer to return the requested array of\r
412 handles that support Protocol.\r
413\r
414 @retval EFI_SUCCESS The resulting array of handles was returned.\r
415 @retval Others Other mistake case.\r
416**/\r
417EFI_STATUS\r
418LocateHandle (\r
419 IN EFI_LOCATE_SEARCH_TYPE SearchType,\r
420 IN EFI_GUID *Protocol OPTIONAL,\r
421 IN VOID *SearchKey OPTIONAL,\r
422 IN OUT UINTN *NoHandles,\r
423 OUT EFI_HANDLE **Buffer\r
424 )\r
425{\r
426 EFI_STATUS Status;\r
427 UINTN BufferSize;\r
428\r
429 ASSERT (NoHandles != NULL);\r
430 ASSERT (Buffer != NULL);\r
431\r
432 //\r
433 // Initialize for GrowBuffer loop.\r
434 //\r
435 Status = EFI_SUCCESS;\r
436 *Buffer = NULL;\r
437 BufferSize = 50 * sizeof (EFI_HANDLE);\r
438\r
439 //\r
440 // Call the real function.\r
441 //\r
442 while (GrowBuffer (&Status, (VOID **) Buffer, BufferSize)) {\r
443 Status = gBS->LocateHandle (\r
444 SearchType,\r
445 Protocol,\r
446 SearchKey,\r
447 &BufferSize,\r
448 *Buffer\r
449 );\r
450 }\r
451\r
452 *NoHandles = BufferSize / sizeof (EFI_HANDLE);\r
453 if (EFI_ERROR (Status)) {\r
454 *NoHandles = 0;\r
455 }\r
456\r
457 return Status;\r
458}\r
459\r
460/**\r
461 Find the first instance of this protocol in the system and return its interface.\r
462\r
463 @param[in] ProtocolGuid The guid of the protocol.\r
464 @param[out] Interface The pointer to the first instance of the protocol.\r
465\r
466 @retval EFI_SUCCESS A protocol instance matching ProtocolGuid was found.\r
467 @retval Others A protocol instance matching ProtocolGuid was not found.\r
468**/\r
469EFI_STATUS\r
470LocateProtocol (\r
471 IN EFI_GUID *ProtocolGuid,\r
472 OUT VOID **Interface\r
473 )\r
474\r
475{\r
476 EFI_STATUS Status;\r
477 UINTN NumberHandles;\r
478 UINTN Index;\r
479 EFI_HANDLE *Handles;\r
480\r
481 *Interface = NULL;\r
482 Handles = NULL;\r
483 NumberHandles = 0;\r
484\r
485 Status = LocateHandle (ByProtocol, ProtocolGuid, NULL, &NumberHandles, &Handles);\r
486 if (EFI_ERROR (Status)) {\r
487 DEBUG ((EFI_D_INFO, "LibLocateProtocol: Handle not found\n"));\r
488 return Status;\r
489 }\r
490\r
491 for (Index = 0; Index < NumberHandles; Index++) {\r
492 ASSERT (Handles != NULL);\r
493 Status = gBS->HandleProtocol (\r
494 Handles[Index],\r
495 ProtocolGuid,\r
496 Interface\r
497 );\r
498\r
499 if (!EFI_ERROR (Status)) {\r
500 break;\r
501 }\r
502 }\r
503\r
504 if (Handles != NULL) {\r
505 FreePool (Handles);\r
506 }\r
507\r
508 return Status;\r
509}\r
510\r
511/**\r
512 Helper function called to check the conflicted flags.\r
513\r
514 @param[in] CheckList The pointer to the VAR_CHECK_ITEM table.\r
515 @param[in] ParamPackage The pointer to the ParamPackage list.\r
516\r
517 @retval EFI_SUCCESS No conflicted flags.\r
518 @retval EFI_INVALID_PARAMETER The input parameter is erroroneous or there are some conflicted flags.\r
519**/\r
520EFI_STATUS\r
521IpSecConfigRetriveCheckListByName (\r
522 IN VAR_CHECK_ITEM *CheckList,\r
523 IN LIST_ENTRY *ParamPackage\r
524)\r
525{\r
526\r
527 LIST_ENTRY *Node;\r
528 VAR_CHECK_ITEM *Item;\r
529 UINT32 Attribute1;\r
530 UINT32 Attribute2;\r
531 UINT32 Attribute3;\r
532 UINT32 Attribute4;\r
533 UINT32 Index;\r
534\r
535 Attribute1 = 0;\r
536 Attribute2 = 0;\r
537 Attribute3 = 0;\r
538 Attribute4 = 0;\r
539 Index = 0;\r
540 Item = mIpSecConfigVarCheckList;\r
541\r
542 if ((ParamPackage == NULL) || (CheckList == NULL)) {\r
543 return EFI_INVALID_PARAMETER;\r
544 }\r
545\r
546 //\r
547 // Enumerate through the list of parameters that are input by user.\r
548 //\r
549 for (Node = GetFirstNode (ParamPackage); !IsNull (ParamPackage, Node); Node = GetNextNode (ParamPackage, Node)) {\r
550 if (((SHELL_PARAM_PACKAGE *) Node)->Name != NULL) {\r
551 //\r
64b2d0e5 552 // Enumerate the check list that defines the conflicted attributes of each flag.\r
a3bcde70
HT		 553 //\r
554 for (; Item->VarName != NULL; Item++) {\r
555 if (StrCmp (((SHELL_PARAM_PACKAGE *) Node)->Name, Item->VarName) == 0) {\r
556 Index++;\r
557 if (Index == 1) {\r
558 Attribute1 = Item->Attribute1;\r
559 Attribute2 = Item->Attribute2;\r
560 Attribute3 = Item->Attribute3;\r
561 Attribute4 = Item->Attribute4;\r
562 } else {\r
563 Attribute1 &= Item->Attribute1;\r
564 Attribute2 |= Item->Attribute2;\r
565 Attribute3 &= Item->Attribute3;\r
566 Attribute4 |= Item->Attribute4;\r
567 if (Attribute1 != 0) {\r
568 return EFI_INVALID_PARAMETER;\r
569 }\r
570\r
571 if (Attribute2 != 0) {\r
572 if ((Index == 2) && (StrCmp (Item->VarName, L"-p") == 0)) {\r
573 continue;\r
574 }\r
575\r
576 return EFI_INVALID_PARAMETER;\r
577 }\r
578\r
579 if (Attribute3 == 0) {\r
580 return EFI_INVALID_PARAMETER;\r
581 }\r
582 if (((Attribute4 & 0xFF) == 0x03) || ((Attribute4 & 0xFF) == 0x0C) ||\r
583 ((Attribute4 & 0xFF) == 0x30) || ((Attribute4 & 0xFF) == 0xC0)) {\r
584 return EFI_INVALID_PARAMETER;\r
585 }\r
586 }\r
587 break;\r
588 }\r
589 }\r
590\r
591 Item = mIpSecConfigVarCheckList;\r
592 }\r
593 }\r
594\r
595 return EFI_SUCCESS;\r
596}\r
597\r
598/**\r
599 This is the declaration of an EFI image entry point. This entry point is\r
600 the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers, including\r
601 both device drivers and bus drivers.\r
602\r
603 The entry point for IpSecConfig application that parse the command line input and call an IpSecConfig process.\r
604\r
605 @param[in] ImageHandle The image handle of this application.\r
606 @param[in] SystemTable The pointer to the EFI System Table.\r
607\r
608 @retval EFI_SUCCESS The operation completed successfully.\r
609\r
610**/\r
611EFI_STATUS\r
612EFIAPI\r
613InitializeIpSecConfig (\r
614 IN EFI_HANDLE ImageHandle,\r
615 IN EFI_SYSTEM_TABLE *SystemTable\r
616 )\r
617{\r
618 EFI_STATUS Status;\r
619 EFI_IPSEC_CONFIG_DATA_TYPE DataType;\r
620 UINT8 Value;\r
621 LIST_ENTRY *ParamPackage;\r
622 CONST CHAR16 *ValueStr;\r
623 CHAR16 *ProblemParam;\r
624 UINTN NonOptionCount;\r
625\r
626 //\r
627 // Register our string package with HII and return the handle to it.\r
628 //\r
629 mHiiHandle = HiiAddPackages (&gEfiCallerIdGuid, ImageHandle, IpSecConfigStrings, NULL);\r
630 ASSERT (mHiiHandle != NULL);\r
631\r
632 Status = ShellCommandLineParseEx (mIpSecConfigParamList, &ParamPackage, &ProblemParam, TRUE, FALSE);\r
633 if (EFI_ERROR (Status)) {\r
634 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_UNKNOWN_OPERATION), mHiiHandle, ProblemParam);\r
635 goto Done;\r
636 }\r
637\r
638 Status = IpSecConfigRetriveCheckListByName (mIpSecConfigVarCheckList, ParamPackage);\r
639 if (EFI_ERROR (Status)) {\r
640 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_MISTAKEN_OPTIONS), mHiiHandle);\r
641 goto Done;\r
642 }\r
643\r
644 Status = LocateProtocol (&gEfiIpSecConfigProtocolGuid, (VOID **) &mIpSecConfig);\r
645 if (EFI_ERROR (Status) || mIpSecConfig == NULL) {\r
646 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_PROTOCOL_INEXISTENT), mHiiHandle, mAppName);\r
647 goto Done;\r
648 }\r
649\r
0a7294f7 650 Status = LocateProtocol (&gEfiIpSec2ProtocolGuid, (VOID **) &mIpSec);\r
a3bcde70
HT		 651 if (EFI_ERROR (Status) || mIpSec == NULL) {\r
652 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_PROTOCOL_INEXISTENT), mHiiHandle, mAppName);\r
653 goto Done;\r
654 }\r
655\r
656 //\r
657 // Enable IPsec.\r
658 //\r
659 if (ShellCommandLineGetFlag (ParamPackage, L"-enable")) {\r
660 if (!(mIpSec->DisabledFlag)) {\r
661 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_ENABLE), mHiiHandle, mAppName);\r
662 } else {\r
663 //\r
664 // Set enable flag.\r
665 //\r
666 Value = IPSEC_STATUS_ENABLED;\r
667 Status = gRT->SetVariable (\r
668 IPSECCONFIG_STATUS_NAME,\r
669 &gEfiIpSecConfigProtocolGuid,\r
670 EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE,\r
671 sizeof (Value),\r
672 &Value\r
673 );\r
674 if (!EFI_ERROR (Status)) {\r
675 mIpSec->DisabledFlag = FALSE;\r
676 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ENABLE_SUCCESS), mHiiHandle, mAppName);\r
677 } else {\r
678 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ENABLE_FAILED), mHiiHandle, mAppName);\r
679 }\r
680 }\r
681\r
682 goto Done;\r
683 }\r
684\r
685 //\r
686 // Disable IPsec.\r
687 //\r
688 if (ShellCommandLineGetFlag (ParamPackage, L"-disable")) {\r
689 if (mIpSec->DisabledFlag) {\r
690 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_ALREADY_DISABLE), mHiiHandle, mAppName);\r
691 } else {\r
692 //\r
693 // Set disable flag; however, leave it to be disabled in the callback function of DisabledEvent.\r
694 //\r
695 gBS->SignalEvent (mIpSec->DisabledEvent);\r
696 if (mIpSec->DisabledFlag) {\r
697 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_DISABLE_SUCCESS), mHiiHandle, mAppName);\r
698 } else {\r
699 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_DISABLE_FAILED), mHiiHandle, mAppName);\r
700 }\r
701 }\r
702\r
703 goto Done;\r
704 }\r
705\r
706 //\r
707 //IPsec Status.\r
708 //\r
709 if (ShellCommandLineGetFlag (ParamPackage, L"-status")) {\r
710 if (mIpSec->DisabledFlag) {\r
711 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_STATUS_DISABLE), mHiiHandle, mAppName);\r
712 } else {\r
713 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_STATUS_ENABLE), mHiiHandle, mAppName);\r
714 }\r
a3bcde70
HT		 715 goto Done;\r
716 }\r
717\r
718 //\r
719 // Try to get policy database type.\r
720 //\r
14fc747b 721 DataType = (EFI_IPSEC_CONFIG_DATA_TYPE) - 1;\r
a3bcde70
HT		 722 ValueStr = ShellCommandLineGetValue (ParamPackage, L"-p");\r
723 if (ValueStr != NULL) {\r
724 DataType = (EFI_IPSEC_CONFIG_DATA_TYPE) MapStringToInteger (ValueStr, mMapPolicy);\r
725 if (DataType == -1) {\r
726 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_DB), mHiiHandle, mAppName, ValueStr);\r
727 goto Done;\r
728 }\r
729 }\r
730\r
731 if (ShellCommandLineGetFlag (ParamPackage, L"-?")) {\r
14fc747b 732 if (DataType == -1) {\r
733 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_HELP), mHiiHandle);\r
734 goto Done;\r
735 }\r
a3bcde70 736\r
14fc747b 737 switch (DataType) {\r
a3bcde70
HT		 738 case IPsecConfigDataTypeSpd:\r
739 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_SPD_HELP), mHiiHandle);\r
740 break;\r
741\r
742 case IPsecConfigDataTypeSad:\r
743 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_SAD_HELP), mHiiHandle);\r
744 break;\r
745\r
746 case IPsecConfigDataTypePad:\r
747 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_PAD_HELP), mHiiHandle);\r
748 break;\r
749\r
750 default:\r
751 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_INCORRECT_DB), mHiiHandle);\r
752 break;\r
753 }\r
754\r
755 goto Done;\r
756 }\r
757\r
780847d1 758 NonOptionCount = ShellCommandLineGetCount (ParamPackage);\r
a3bcde70
HT		 759 if ((NonOptionCount - 1) > 0) {\r
760 ValueStr = ShellCommandLineGetRawValue (ParamPackage, (UINT32) (NonOptionCount - 1));\r
761 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_REDUNDANCY_MANY), mHiiHandle, mAppName, ValueStr);\r
762 goto Done;\r
763 }\r
764\r
765 if (DataType == -1) {\r
766 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_DB), mHiiHandle, mAppName);\r
767 goto Done;\r
768 }\r
769\r
770 if (ShellCommandLineGetFlag (ParamPackage, L"-a")) {\r
771 Status = AddOrInsertPolicyEntry (DataType, ParamPackage);\r
772 if (EFI_ERROR (Status)) {\r
773 goto Done;\r
774 }\r
775 } else if (ShellCommandLineGetFlag (ParamPackage, L"-i")) {\r
776 Status = AddOrInsertPolicyEntry (DataType, ParamPackage);\r
777 if (EFI_ERROR (Status)) {\r
778 goto Done;\r
779 }\r
780 } else if (ShellCommandLineGetFlag (ParamPackage, L"-e")) {\r
781 Status = EditPolicyEntry (DataType, ParamPackage);\r
782 if (EFI_ERROR (Status)) {\r
783 goto Done;\r
784 }\r
785 } else if (ShellCommandLineGetFlag (ParamPackage, L"-d")) {\r
786 Status = FlushOrDeletePolicyEntry (DataType, ParamPackage);\r
787 if (EFI_ERROR (Status)) {\r
788 goto Done;\r
789 }\r
790 } else if (ShellCommandLineGetFlag (ParamPackage, L"-f")) {\r
791 Status = FlushOrDeletePolicyEntry (DataType, ParamPackage);\r
792 if (EFI_ERROR (Status)) {\r
793 goto Done;\r
794 }\r
795 } else if (ShellCommandLineGetFlag (ParamPackage, L"-l")) {\r
796 Status = ListPolicyEntry (DataType, ParamPackage);\r
797 if (EFI_ERROR (Status)) {\r
798 goto Done;\r
799 }\r
800 } else {\r
801 ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IPSEC_CONFIG_UNKNOWN_OPERATION), mHiiHandle, mAppName);\r
802 goto Done;\r
803 }\r
804\r
805Done:\r
806 ShellCommandLineFreeVarList (ParamPackage);\r
807 HiiRemovePackages (mHiiHandle);\r
808\r
809 return EFI_SUCCESS;\r
810}\r
EFI Development Kit II mirror for PVE