[mirror_edk2.git] / SecurityPkg / UserIdentification / UserProfileManagerDxe / ModifyIdentityPolicy.c

/** @file\r
  The functions for identification policy modification.\r
    \r
Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials \r
are licensed and made available under the terms and conditions of the BSD License \r
which accompanies this distribution.  The full text of the license may be found at \r
http://opensource.org/licenses/bsd-license.php\r
\r
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
#include "UserProfileManager.h"\r
\r
\r
/**\r
  Verify the new identity policy in the current implementation. The same credential\r
  provider can't appear twice in one identity policy.\r
\r
  @param[in] NewGuid       Points to the credential provider guid.\r
  \r
  @retval TRUE     The NewGuid was found in the identity policy.\r
  @retval FALSE    The NewGuid was not found.\r
\r
**/\r
BOOLEAN\r
ProviderAlreadyInPolicy (\r
  IN EFI_GUID                                      *NewGuid\r
  )\r
{\r
  UINTN                         Offset;\r
  EFI_USER_INFO_IDENTITY_POLICY *Identity;\r
  EFI_INPUT_KEY                 Key;\r
\r
  Offset = 0;\r
  while (Offset < mUserInfo.NewIdentityPolicyLen) {\r
    Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (mUserInfo.NewIdentityPolicy + Offset);\r
    if (Identity->Type == EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER) {\r
      if (CompareGuid (NewGuid, (EFI_GUID *) (Identity + 1))) {\r
        CreatePopUp (\r
          EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
          &Key,\r
          L"This Credential Provider Are Already Used!",\r
          L"",\r
          L"Press Any Key to Continue ...",\r
          NULL\r
          );\r
        return TRUE;\r
      }\r
    }\r
    Offset += Identity->Length;\r
  }\r
  \r
  return FALSE;\r
}\r
\r
\r
/**\r
  Add or delete the user's credential record in the provider.\r
\r
  @param[in]  ProviderGuid        Point to credential provider guid.\r
  @param[in]  User                Points to user profile.\r
\r
  @retval EFI_SUCCESS      Add or delete record successfully.\r
  @retval Others           Fail to add or delete record.\r
\r
**/\r
EFI_STATUS\r
EnrollUserOnProvider (\r
  IN  EFI_USER_INFO_IDENTITY_POLICY              *Identity,\r
  IN  EFI_USER_PROFILE_HANDLE                    User \r
  )\r
{\r
  UINTN                          Index;\r
  EFI_USER_CREDENTIAL2_PROTOCOL  *UserCredential;\r
  \r
  //\r
  // Find the specified credential provider.\r
  //\r
  for (Index = 0; Index < mProviderInfo->Count; Index++) {\r
    UserCredential = mProviderInfo->Provider[Index];\r
    if (CompareGuid ((EFI_GUID *)(Identity + 1), &UserCredential->Identifier)) {\r
      return UserCredential->Enroll (UserCredential, User);\r
    }\r
  }\r
\r
  return EFI_NOT_FOUND;  \r
}\r
\r
\r
/**\r
  Delete the User's credential record on the provider.\r
\r
  @param[in]  Identity     Point to EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER user info.\r
  @param[in]  User         Points to user profile.\r
\r
  @retval EFI_SUCCESS      Delete User's credential record successfully.\r
  @retval Others           Fail to add or delete record.\r
\r
**/\r
EFI_STATUS\r
DeleteUserOnProvider (\r
  IN  EFI_USER_INFO_IDENTITY_POLICY              *Identity,\r
  IN  EFI_USER_PROFILE_HANDLE                    User \r
  )\r
{\r
  UINTN                          Index;\r
  EFI_USER_CREDENTIAL2_PROTOCOL  *UserCredential;\r
  \r
  //\r
  // Find the specified credential provider.\r
  //\r
  for (Index = 0; Index < mProviderInfo->Count; Index++) {\r
    UserCredential = mProviderInfo->Provider[Index];\r
    if (CompareGuid ((EFI_GUID *)(Identity + 1), &UserCredential->Identifier)) {\r
      return UserCredential->Delete (UserCredential, User);\r
    }\r
  }\r
\r
  return EFI_NOT_FOUND;  \r
}\r
\r
\r
/**\r
  Delete User's credental from all the providers that exist in User's identity policy.\r
  \r
  @param[in]  IdentityPolicy     Point to User's identity policy.\r
  @param[in]  IdentityPolicyLen  The length of the identity policy.\r
  @param[in]  User               Points to user profile.\r
\r
**/\r
VOID\r
DeleteCredentialFromProviders (\r
  IN     UINT8                                *IdentityPolicy,\r
  IN     UINTN                                 IdentityPolicyLen,\r
  IN     EFI_USER_PROFILE_HANDLE               User \r
  )\r
{\r
  EFI_USER_INFO_IDENTITY_POLICY    *Identity;\r
  UINTN                            Offset;\r
\r
  Offset = 0;\r
  while (Offset < IdentityPolicyLen) {\r
    Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (IdentityPolicy + Offset);\r
    if (Identity->Type == EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER) {\r
      //\r
      // Delete the user on this provider.\r
      //\r
      DeleteUserOnProvider (Identity, User);\r
    }\r
    Offset += Identity->Length;\r
  }\r
\r
}\r
\r
\r
/**\r
  Remove the provider in FindIdentity from the user identification information record.\r
  \r
  @param[in, out] NewInfo       On entry, points to the user information to remove provider. \r
                                On return, points to the user information the provider is removed.\r
  @param[in]      FindIdentity  Point to the user identity policy.\r
\r
  @retval TRUE                  The provider is removed successfully.\r
  @retval FALSE                 Fail to remove the provider.\r
\r
**/\r
BOOLEAN\r
DeleteProviderFromPolicy (\r
  IN     EFI_USER_INFO_IDENTITY_POLICY         *IdentityPolicy,\r
  IN     UINTN                                 Offset\r
  )\r
{\r
  UINTN                         RemainingLen;\r
  UINTN                         DeleteLen;\r
\r
  if (IdentityPolicy->Length == mUserInfo.NewIdentityPolicyLen) {\r
    //\r
    // Only one credential provider in the identification policy.\r
    // Set the new policy to be TRUE after removed the provider.\r
    //\r
    IdentityPolicy->Type           = EFI_USER_INFO_IDENTITY_TRUE;\r
    IdentityPolicy->Length         = sizeof (EFI_USER_INFO_IDENTITY_POLICY);\r
    mUserInfo.NewIdentityPolicyLen = IdentityPolicy->Length;\r
    return TRUE;\r
  }\r
\r
  DeleteLen = IdentityPolicy->Length + sizeof(EFI_USER_INFO_IDENTITY_POLICY);\r
  if ((Offset + IdentityPolicy->Length) != mUserInfo.NewIdentityPolicyLen) {\r
    //\r
    // This provider is not the last item in the identification policy, delete it and the connector.\r
    //    \r
    RemainingLen = mUserInfo.NewIdentityPolicyLen - Offset - DeleteLen;\r
    CopyMem ((UINT8 *) IdentityPolicy, (UINT8 *) IdentityPolicy + DeleteLen, RemainingLen);\r
  }\r
  mUserInfo.NewIdentityPolicyLen -= DeleteLen;  \r
 \r
  return FALSE;\r
}\r
\r
\r
/**\r
  Update the mUserInfo.NewIdentityPolicy, and UI when 'add option' is pressed.\r
\r
**/\r
VOID\r
 AddProviderToPolicy (\r
  IN  EFI_GUID                                  *NewGuid\r
  )\r
{\r
  UINT8                         *NewPolicyInfo;\r
  UINTN                         NewPolicyInfoLen;\r
  EFI_USER_INFO_IDENTITY_POLICY *Policy;\r
\r
  //\r
  // Allocate memory for the new identity policy.\r
  //\r
  NewPolicyInfoLen = mUserInfo.NewIdentityPolicyLen + sizeof (EFI_USER_INFO_IDENTITY_POLICY) + sizeof (EFI_GUID);\r
  if (mUserInfo.NewIdentityPolicyLen > 0) {\r
    //\r
    // It is not the first provider in the policy. Add a connector before provider.\r
    //\r
    NewPolicyInfoLen += sizeof (EFI_USER_INFO_IDENTITY_POLICY);\r
  }\r
  NewPolicyInfo = AllocateZeroPool (NewPolicyInfoLen);\r
  if (NewPolicyInfo == NULL) {\r
    return ;\r
  }\r
\r
  NewPolicyInfoLen = 0;\r
  if (mUserInfo.NewIdentityPolicyLen > 0) {\r
    //\r
    // Save orginal policy.\r
    //\r
    CopyMem (NewPolicyInfo, mUserInfo.NewIdentityPolicy, mUserInfo.NewIdentityPolicyLen);\r
\r
    //\r
    // Save logical connector.\r
    //\r
    Policy = (EFI_USER_INFO_IDENTITY_POLICY *) (NewPolicyInfo + mUserInfo.NewIdentityPolicyLen);\r
    if (mConncetLogical == 0) {\r
      Policy->Type = EFI_USER_INFO_IDENTITY_AND;\r
    } else {\r
      Policy->Type = EFI_USER_INFO_IDENTITY_OR;\r
    }\r
\r
    Policy->Length   = sizeof (EFI_USER_INFO_IDENTITY_POLICY);\r
    NewPolicyInfoLen = mUserInfo.NewIdentityPolicyLen + Policy->Length;\r
    FreePool (mUserInfo.NewIdentityPolicy);\r
  }\r
  \r
  //\r
  // Save credential provider.\r
  //\r
  Policy = (EFI_USER_INFO_IDENTITY_POLICY *) (NewPolicyInfo + NewPolicyInfoLen);\r
  Policy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY) + sizeof (EFI_GUID);\r
  Policy->Type   = EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER;\r
  CopyGuid ((EFI_GUID *) (Policy + 1), NewGuid);\r
  NewPolicyInfoLen += Policy->Length;\r
\r
  //\r
  // Update identity policy choice.\r
  //\r
  mUserInfo.NewIdentityPolicy         = NewPolicyInfo;\r
  mUserInfo.NewIdentityPolicyLen      = NewPolicyInfoLen;\r
  mUserInfo.NewIdentityPolicyModified = TRUE;\r
}\r
\r
\r
/**\r
  This function replaces the old identity policy with a new identity policy.\r
\r
  This function delete the user identity policy information.\r
  If enroll new credential failed, recover the old identity policy.\r
\r
  @retval EFI_SUCCESS      Modify user identity policy successfully.\r
  @retval Others           Fail to modify user identity policy.\r
\r
**/\r
EFI_STATUS\r
UpdateCredentialProvider (\r
  )\r
{\r
  EFI_STATUS                    Status;\r
  EFI_USER_INFO_IDENTITY_POLICY *Identity;\r
  UINTN                         Offset;\r
\r
  //\r
  // Delete the old identification policy.\r
  //\r
  DeleteCredentialFromProviders (mUserInfo.IdentityPolicy, mUserInfo.IdentityPolicyLen, mModifyUser);\r
\r
  //\r
  // Add the new identification policy.\r
  //\r
  Offset  = 0;\r
  while (Offset < mUserInfo.NewIdentityPolicyLen) {\r
    Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (mUserInfo.NewIdentityPolicy + Offset);\r
    if (Identity->Type == EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER) {\r
      //\r
      // Enroll the user on this provider\r
      //\r
      Status = EnrollUserOnProvider (Identity, mModifyUser);\r
      if (EFI_ERROR (Status)) {\r
        //\r
        // Failed to enroll the user by new identification policy.\r
        // So removed the credential provider from the identification policy\r
        //\r
        DeleteProviderFromPolicy (Identity, Offset);\r
        continue;\r
      }\r
    }\r
    Offset += Identity->Length;\r
  }\r
\r
  return EFI_SUCCESS;\r
}\r
\r
\r
/**\r
  Check whether the identity policy is valid.\r
\r
  @param[in]  PolicyInfo          Point to the identity policy.\r
  @param[in]  PolicyInfoLen       The policy length.\r
\r
  @retval TRUE     The policy is a valid identity policy.\r
  @retval FALSE    The policy is not a valid identity policy.\r
  \r
**/\r
BOOLEAN\r
CheckNewIdentityPolicy (\r
  IN  UINT8                                     *PolicyInfo,\r
  IN  UINTN                                     PolicyInfoLen\r
  )\r
{\r
  EFI_USER_INFO_IDENTITY_POLICY *Identity;\r
  EFI_INPUT_KEY                 Key;\r
  UINTN                         Offset;\r
  UINT32                        OpCode;\r
  \r
  //\r
  // Check policy expression.\r
  //\r
  OpCode  = EFI_USER_INFO_IDENTITY_FALSE;\r
  Offset  = 0;\r
  while (Offset < PolicyInfoLen) {\r
    //\r
    // Check identification policy according to type\r
    //\r
    Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (PolicyInfo + Offset);\r
    switch (Identity->Type) {\r
      \r
    case EFI_USER_INFO_IDENTITY_TRUE:\r
      break;\r
\r
    case EFI_USER_INFO_IDENTITY_OR:\r
      if (OpCode == EFI_USER_INFO_IDENTITY_AND) {\r
        CreatePopUp (\r
          EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
          &Key,\r
          L"Invalid Identity Policy, Mixed Connector Unsupport!",\r
          L"",\r
          L"Press Any Key to Continue ...",\r
          NULL\r
          );\r
        return FALSE;\r
      }\r
\r
      OpCode = EFI_USER_INFO_IDENTITY_OR;\r
      break;\r
\r
    case EFI_USER_INFO_IDENTITY_AND:\r
      if (OpCode == EFI_USER_INFO_IDENTITY_OR) {\r
        CreatePopUp (\r
          EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
          &Key,\r
          L"Invalid Identity Policy, Mixed Connector Unsupport!",\r
          L"",\r
          L"Press Any Key to Continue ...",\r
          NULL\r
          );\r
        return FALSE;\r
      }\r
\r
      OpCode = EFI_USER_INFO_IDENTITY_AND;\r
      break;\r
\r
    case EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER:\r
      break;\r
\r
    default:\r
      CreatePopUp (\r
        EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
        &Key,\r
        L"Unsupport parameter",\r
        L"",\r
        L"Press Any Key to Continue ...",\r
        NULL\r
        );\r
      return FALSE;\r
    }\r
    Offset += Identity->Length;\r
  }\r
\r
  return TRUE;\r
}\r
\r
\r
/**\r
  Save the identity policy and update UI with it.\r
  \r
  This funciton will verify the new identity policy, in current implementation, \r
  the identity policy can be:  T, P & P & P & ..., P | P | P | ...\r
  Here, "T" means "True", "P" means "Credential Provider", "&" means "and", "|" means "or".\r
  Other identity policies are not supported.  \r
\r
**/\r
VOID\r
SaveIdentityPolicy (\r
  VOID\r
  )\r
{\r
  EFI_STATUS                    Status;\r
  EFI_USER_INFO_HANDLE          UserInfo;\r
  EFI_USER_INFO                 *Info;\r
\r
  if (!mUserInfo.NewIdentityPolicyModified || (mUserInfo.NewIdentityPolicyLen == 0)) {\r
    return;\r
  }\r
\r
  //\r
  // Check policy expression.\r
  //\r
  if (!CheckNewIdentityPolicy (mUserInfo.NewIdentityPolicy, mUserInfo.NewIdentityPolicyLen)) {\r
    return;\r
  }\r
\r
  Status = FindInfoByType (mModifyUser, EFI_USER_INFO_IDENTITY_POLICY_RECORD, &UserInfo);\r
  if (EFI_ERROR (Status)) {\r
    return ;\r
  }\r
  \r
  //\r
  // Update the informantion on credential provider.\r
  //\r
  Status = UpdateCredentialProvider ();\r
  if (EFI_ERROR (Status)) {\r
    return ;\r
  }\r
  \r
  //\r
  // Save new identification policy.\r
  //\r
  Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + mUserInfo.NewIdentityPolicyLen);\r
  ASSERT (Info != NULL);\r
\r
  Info->InfoType    = EFI_USER_INFO_IDENTITY_POLICY_RECORD;\r
  Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE;\r
  Info->InfoSize    = (UINT32) (sizeof (EFI_USER_INFO) + mUserInfo.NewIdentityPolicyLen);\r
  CopyMem ((UINT8 *) (Info + 1), mUserInfo.NewIdentityPolicy, mUserInfo.NewIdentityPolicyLen);\r
\r
  Status = mUserManager->SetInfo (mUserManager, mModifyUser, &UserInfo, Info, Info->InfoSize);\r
  FreePool (Info);\r
   \r
  //\r
  // Update the mUserInfo.IdentityPolicy by mUserInfo.NewIdentityPolicy\r
  //\r
  if (mUserInfo.IdentityPolicy != NULL) {\r
    FreePool (mUserInfo.IdentityPolicy);\r
  }\r
  mUserInfo.IdentityPolicy    = mUserInfo.NewIdentityPolicy;\r
  mUserInfo.IdentityPolicyLen = mUserInfo.NewIdentityPolicyLen;\r
\r
  mUserInfo.NewIdentityPolicy         = NULL;\r
  mUserInfo.NewIdentityPolicyLen      = 0;\r
  mUserInfo.NewIdentityPolicyModified = FALSE;   \r
\r
  //\r
  // Update identity policy choice.\r
  //\r
  ResolveIdentityPolicy (mUserInfo.IdentityPolicy, mUserInfo.IdentityPolicyLen, STRING_TOKEN (STR_IDENTIFY_POLICY_VAL));\r
}\r
\r
\r
/**\r
  Update the mUserInfo.NewIdentityPolicy, and UI when 'add option' is pressed.\r
\r
**/\r
VOID\r
 AddIdentityPolicyItem (\r
  VOID\r
  )\r
{\r
  if (mProviderInfo->Count == 0) {\r
    return ;\r
  }\r
  \r
  //\r
  // Check the identity policy.\r
  //\r
  if (ProviderAlreadyInPolicy (&mProviderInfo->Provider[mProviderChoice]->Identifier)) {\r
    return;\r
  }\r
\r
  //\r
  // Add it to identification policy\r
  //\r
  AddProviderToPolicy (&mProviderInfo->Provider[mProviderChoice]->Identifier);\r
\r
  //\r
  // Update identity policy choice.\r
  //\r
  ResolveIdentityPolicy (mUserInfo.NewIdentityPolicy, mUserInfo.NewIdentityPolicyLen, STRING_TOKEN (STR_IDENTIFY_POLICY_VALUE));\r
}\r
\r
\r
Commit	Line	Data
0c5b25f0	1	/** @file\r
	2	The functions for identification policy modification.\r
	3	\r
	4	Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>\r
	5	This program and the accompanying materials \r
	6	are licensed and made available under the terms and conditions of the BSD License \r
	7	which accompanies this distribution. The full text of the license may be found at \r
	8	http://opensource.org/licenses/bsd-license.php\r
	9	\r
	10	THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
	11	WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
	12	\r
	13	**/\r
	14	\r
	15	#include "UserProfileManager.h"\r
	16	\r
	17	\r
	18	/**\r
	19	Verify the new identity policy in the current implementation. The same credential\r
	20	provider can't appear twice in one identity policy.\r
	21	\r
	22	@param[in] NewGuid Points to the credential provider guid.\r
	23	\r
	24	@retval TRUE The NewGuid was found in the identity policy.\r
	25	@retval FALSE The NewGuid was not found.\r
	26	\r
	27	**/\r
	28	BOOLEAN\r
	29	ProviderAlreadyInPolicy (\r
	30	IN EFI_GUID *NewGuid\r
	31	)\r
	32	{\r
	33	UINTN Offset;\r
	34	EFI_USER_INFO_IDENTITY_POLICY *Identity;\r
	35	EFI_INPUT_KEY Key;\r
	36	\r
	37	Offset = 0;\r
	38	while (Offset < mUserInfo.NewIdentityPolicyLen) {\r
	39	Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (mUserInfo.NewIdentityPolicy + Offset);\r
	40	if (Identity->Type == EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER) {\r
	41	if (CompareGuid (NewGuid, (EFI_GUID *) (Identity + 1))) {\r
	42	CreatePopUp (\r
	43	EFI_LIGHTGRAY \| EFI_BACKGROUND_BLUE,\r
	44	&Key,\r
	45	L"This Credential Provider Are Already Used!",\r
	46	L"",\r
	47	L"Press Any Key to Continue ...",\r
	48	NULL\r
	49	);\r
	50	return TRUE;\r
	51	}\r
	52	}\r
	53	Offset += Identity->Length;\r
	54	}\r
	55	\r
	56	return FALSE;\r
	57	}\r
	58	\r
	59	\r
	60	/**\r
	61	Add or delete the user's credential record in the provider.\r
	62	\r
	63	@param[in] ProviderGuid Point to credential provider guid.\r
	64	@param[in] User Points to user profile.\r
65	\r
66	@retval EFI_SUCCESS Add or delete record successfully.\r
67	@retval Others Fail to add or delete record.\r
68	\r
69	**/\r
70	EFI_STATUS\r
71	EnrollUserOnProvider (\r
72	IN EFI_USER_INFO_IDENTITY_POLICY *Identity,\r
73	IN EFI_USER_PROFILE_HANDLE User \r
74	)\r
75	{\r
76	UINTN Index;\r
77	EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential;\r
78	\r
79	//\r
80	// Find the specified credential provider.\r
81	//\r
82	for (Index = 0; Index < mProviderInfo->Count; Index++) {\r
83	UserCredential = mProviderInfo->Provider[Index];\r
84	if (CompareGuid ((EFI_GUID *)(Identity + 1), &UserCredential->Identifier)) {\r
85	return UserCredential->Enroll (UserCredential, User);\r
86	}\r
87	}\r
88	\r
89	return EFI_NOT_FOUND; \r
90	}\r
91	\r
92	\r
93	/**\r
94	Delete the User's credential record on the provider.\r
95	\r
96	@param[in] Identity Point to EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER user info.\r
97	@param[in] User Points to user profile.\r
98	\r
99	@retval EFI_SUCCESS Delete User's credential record successfully.\r
100	@retval Others Fail to add or delete record.\r
101	\r
102	**/\r
103	EFI_STATUS\r
104	DeleteUserOnProvider (\r
105	IN EFI_USER_INFO_IDENTITY_POLICY *Identity,\r
106	IN EFI_USER_PROFILE_HANDLE User \r
107	)\r
108	{\r
109	UINTN Index;\r
110	EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential;\r
111	\r
112	//\r
113	// Find the specified credential provider.\r
114	//\r
115	for (Index = 0; Index < mProviderInfo->Count; Index++) {\r
116	UserCredential = mProviderInfo->Provider[Index];\r
117	if (CompareGuid ((EFI_GUID *)(Identity + 1), &UserCredential->Identifier)) {\r
118	return UserCredential->Delete (UserCredential, User);\r
119	}\r
120	}\r
121	\r
122	return EFI_NOT_FOUND; \r
123	}\r
124	\r
125	\r
126	/**\r
127	Delete User's credental from all the providers that exist in User's identity policy.\r
128	\r
129	@param[in] IdentityPolicy Point to User's identity policy.\r
130	@param[in] IdentityPolicyLen The length of the identity policy.\r
131	@param[in] User Points to user profile.\r
132	\r
133	**/\r
134	VOID\r
135	DeleteCredentialFromProviders (\r
136	IN UINT8 *IdentityPolicy,\r
137	IN UINTN IdentityPolicyLen,\r
138	IN EFI_USER_PROFILE_HANDLE User \r
139	)\r
140	{\r
141	EFI_USER_INFO_IDENTITY_POLICY *Identity;\r
142	UINTN Offset;\r
143	\r
144	Offset = 0;\r
145	while (Offset < IdentityPolicyLen) {\r
146	Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (IdentityPolicy + Offset);\r
147	if (Identity->Type == EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER) {\r
148	//\r
149	// Delete the user on this provider.\r
150	//\r
151	DeleteUserOnProvider (Identity, User);\r
152	}\r
153	Offset += Identity->Length;\r
154	}\r
155	\r
156	}\r
157	\r
158	\r
159	/**\r
160	Remove the provider in FindIdentity from the user identification information record.\r
161	\r
162	@param[in, out] NewInfo On entry, points to the user information to remove provider. \r
163	On return, points to the user information the provider is removed.\r
164	@param[in] FindIdentity Point to the user identity policy.\r
165	\r
166	@retval TRUE The provider is removed successfully.\r
167	@retval FALSE Fail to remove the provider.\r
168	\r
169	**/\r
170	BOOLEAN\r
171	DeleteProviderFromPolicy (\r
172	IN EFI_USER_INFO_IDENTITY_POLICY *IdentityPolicy,\r
173	IN UINTN Offset\r
174	)\r
175	{\r
176	UINTN RemainingLen;\r
177	UINTN DeleteLen;\r
178	\r
179	if (IdentityPolicy->Length == mUserInfo.NewIdentityPolicyLen) {\r
180	//\r
181	// Only one credential provider in the identification policy.\r
182	// Set the new policy to be TRUE after removed the provider.\r
183	//\r
184	IdentityPolicy->Type = EFI_USER_INFO_IDENTITY_TRUE;\r
185	IdentityPolicy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY);\r
186	mUserInfo.NewIdentityPolicyLen = IdentityPolicy->Length;\r
187	return TRUE;\r
188	}\r
189	\r
190	DeleteLen = IdentityPolicy->Length + sizeof(EFI_USER_INFO_IDENTITY_POLICY);\r
191	if ((Offset + IdentityPolicy->Length) != mUserInfo.NewIdentityPolicyLen) {\r
192	//\r
193	// This provider is not the last item in the identification policy, delete it and the connector.\r
194	// \r
195	RemainingLen = mUserInfo.NewIdentityPolicyLen - Offset - DeleteLen;\r
196	CopyMem ((UINT8 ) IdentityPolicy, (UINT8 ) IdentityPolicy + DeleteLen, RemainingLen);\r
197	}\r
198	mUserInfo.NewIdentityPolicyLen -= DeleteLen; \r
199	\r
200	return FALSE;\r
201	}\r
202	\r
203	\r
204	/**\r
205	Update the mUserInfo.NewIdentityPolicy, and UI when 'add option' is pressed.\r
206	\r
207	**/\r
208	VOID\r
209	AddProviderToPolicy (\r
210	IN EFI_GUID *NewGuid\r
211	)\r
212	{\r
213	UINT8 *NewPolicyInfo;\r
214	UINTN NewPolicyInfoLen;\r
215	EFI_USER_INFO_IDENTITY_POLICY *Policy;\r
216	\r
217	//\r
218	// Allocate memory for the new identity policy.\r
219	//\r
220	NewPolicyInfoLen = mUserInfo.NewIdentityPolicyLen + sizeof (EFI_USER_INFO_IDENTITY_POLICY) + sizeof (EFI_GUID);\r
221	if (mUserInfo.NewIdentityPolicyLen > 0) {\r
222	//\r
223	// It is not the first provider in the policy. Add a connector before provider.\r
224	//\r
225	NewPolicyInfoLen += sizeof (EFI_USER_INFO_IDENTITY_POLICY);\r
226	}\r
227	NewPolicyInfo = AllocateZeroPool (NewPolicyInfoLen);\r
228	if (NewPolicyInfo == NULL) {\r
229	return ;\r
230	}\r
231	\r
232	NewPolicyInfoLen = 0;\r
233	if (mUserInfo.NewIdentityPolicyLen > 0) {\r
234	//\r
235	// Save orginal policy.\r
236	//\r
237	CopyMem (NewPolicyInfo, mUserInfo.NewIdentityPolicy, mUserInfo.NewIdentityPolicyLen);\r
238	\r
239	//\r
240	// Save logical connector.\r
241	//\r
242	Policy = (EFI_USER_INFO_IDENTITY_POLICY *) (NewPolicyInfo + mUserInfo.NewIdentityPolicyLen);\r
243	if (mConncetLogical == 0) {\r
244	Policy->Type = EFI_USER_INFO_IDENTITY_AND;\r
245	} else {\r
246	Policy->Type = EFI_USER_INFO_IDENTITY_OR;\r
247	}\r
248	\r
249	Policy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY);\r
250	NewPolicyInfoLen = mUserInfo.NewIdentityPolicyLen + Policy->Length;\r
251	FreePool (mUserInfo.NewIdentityPolicy);\r
252	}\r
253	\r
254	//\r
255	// Save credential provider.\r
256	//\r
257	Policy = (EFI_USER_INFO_IDENTITY_POLICY *) (NewPolicyInfo + NewPolicyInfoLen);\r
258	Policy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY) + sizeof (EFI_GUID);\r
259	Policy->Type = EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER;\r
260	CopyGuid ((EFI_GUID *) (Policy + 1), NewGuid);\r
261	NewPolicyInfoLen += Policy->Length;\r
262	\r
263	//\r
264	// Update identity policy choice.\r
265	//\r
266	mUserInfo.NewIdentityPolicy = NewPolicyInfo;\r
267	mUserInfo.NewIdentityPolicyLen = NewPolicyInfoLen;\r
268	mUserInfo.NewIdentityPolicyModified = TRUE;\r
269	}\r
270	\r
271	\r
272	/**\r
273	This function replaces the old identity policy with a new identity policy.\r
274	\r
275	This function delete the user identity policy information.\r
276	If enroll new credential failed, recover the old identity policy.\r
277	\r
278	@retval EFI_SUCCESS Modify user identity policy successfully.\r
279	@retval Others Fail to modify user identity policy.\r
280	\r
281	**/\r
282	EFI_STATUS\r
283	UpdateCredentialProvider (\r
284	)\r
285	{\r
286	EFI_STATUS Status;\r
287	EFI_USER_INFO_IDENTITY_POLICY *Identity;\r
288	UINTN Offset;\r
289	\r
290	//\r
291	// Delete the old identification policy.\r
292	//\r
293	DeleteCredentialFromProviders (mUserInfo.IdentityPolicy, mUserInfo.IdentityPolicyLen, mModifyUser);\r
294	\r
295	//\r
296	// Add the new identification policy.\r
297	//\r
298	Offset = 0;\r
299	while (Offset < mUserInfo.NewIdentityPolicyLen) {\r
300	Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (mUserInfo.NewIdentityPolicy + Offset);\r
301	if (Identity->Type == EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER) {\r
302	//\r
303	// Enroll the user on this provider\r
304	//\r
305	Status = EnrollUserOnProvider (Identity, mModifyUser);\r
306	if (EFI_ERROR (Status)) {\r
307	//\r
308	// Failed to enroll the user by new identification policy.\r
309	// So removed the credential provider from the identification policy\r
310	//\r
311	DeleteProviderFromPolicy (Identity, Offset);\r
312	continue;\r
313	}\r
314	}\r
315	Offset += Identity->Length;\r
316	}\r
317	\r
318	return EFI_SUCCESS;\r
319	}\r
320	\r
321	\r
322	/**\r
323	Check whether the identity policy is valid.\r
324	\r
325	@param[in] PolicyInfo Point to the identity policy.\r
326	@param[in] PolicyInfoLen The policy length.\r
327	\r
328	@retval TRUE The policy is a valid identity policy.\r
329	@retval FALSE The policy is not a valid identity policy.\r
330	\r
331	**/\r
332	BOOLEAN\r
333	CheckNewIdentityPolicy (\r
334	IN UINT8 *PolicyInfo,\r
335	IN UINTN PolicyInfoLen\r
336	)\r
337	{\r
338	EFI_USER_INFO_IDENTITY_POLICY *Identity;\r
339	EFI_INPUT_KEY Key;\r
340	UINTN Offset;\r
341	UINT32 OpCode;\r
342	\r
343	//\r
344	// Check policy expression.\r
345	//\r
346	OpCode = EFI_USER_INFO_IDENTITY_FALSE;\r
347	Offset = 0;\r
348	while (Offset < PolicyInfoLen) {\r
349	//\r
350	// Check identification policy according to type\r
351	//\r
352	Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (PolicyInfo + Offset);\r
353	switch (Identity->Type) {\r
354	\r
355	case EFI_USER_INFO_IDENTITY_TRUE:\r
356	break;\r
357	\r
358	case EFI_USER_INFO_IDENTITY_OR:\r
359	if (OpCode == EFI_USER_INFO_IDENTITY_AND) {\r
360	CreatePopUp (\r
361	EFI_LIGHTGRAY \| EFI_BACKGROUND_BLUE,\r
362	&Key,\r
363	L"Invalid Identity Policy, Mixed Connector Unsupport!",\r
364	L"",\r
365	L"Press Any Key to Continue ...",\r
366	NULL\r
367	);\r
368	return FALSE;\r
369	}\r
370	\r
371	OpCode = EFI_USER_INFO_IDENTITY_OR;\r
372	break;\r
373	\r
374	case EFI_USER_INFO_IDENTITY_AND:\r
375	if (OpCode == EFI_USER_INFO_IDENTITY_OR) {\r
376	CreatePopUp (\r
377	EFI_LIGHTGRAY \| EFI_BACKGROUND_BLUE,\r
378	&Key,\r
379	L"Invalid Identity Policy, Mixed Connector Unsupport!",\r
380	L"",\r
381	L"Press Any Key to Continue ...",\r
382	NULL\r
383	);\r
384	return FALSE;\r
385	}\r
386	\r
387	OpCode = EFI_USER_INFO_IDENTITY_AND;\r
388	break;\r
389	\r
390	case EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER:\r
391	break;\r
392	\r
393	default:\r
394	CreatePopUp (\r
395	EFI_LIGHTGRAY \| EFI_BACKGROUND_BLUE,\r
396	&Key,\r
397	L"Unsupport parameter",\r
398	L"",\r
399	L"Press Any Key to Continue ...",\r
400	NULL\r
401	);\r
402	return FALSE;\r
403	}\r
404	Offset += Identity->Length;\r
405	}\r
406	\r
407	return TRUE;\r
408	}\r
409	\r
410	\r
411	/**\r
412	Save the identity policy and update UI with it.\r
413	\r
414	This funciton will verify the new identity policy, in current implementation, \r
415	the identity policy can be: T, P & P & P & ..., P \| P \| P \| ...\r
416	Here, "T" means "True", "P" means "Credential Provider", "&" means "and", "\|" means "or".\r
417	Other identity policies are not supported. \r
418	\r
419	**/\r
420	VOID\r
421	SaveIdentityPolicy (\r
422	VOID\r
423	)\r
424	{\r
425	EFI_STATUS Status;\r
426	EFI_USER_INFO_HANDLE UserInfo;\r
427	EFI_USER_INFO *Info;\r
428	\r
429	if (!mUserInfo.NewIdentityPolicyModified \|\| (mUserInfo.NewIdentityPolicyLen == 0)) {\r
430	return;\r
431	}\r
432	\r
433	//\r
434	// Check policy expression.\r
435	//\r
436	if (!CheckNewIdentityPolicy (mUserInfo.NewIdentityPolicy, mUserInfo.NewIdentityPolicyLen)) {\r
437	return;\r
438	}\r
439	\r
440	Status = FindInfoByType (mModifyUser, EFI_USER_INFO_IDENTITY_POLICY_RECORD, &UserInfo);\r
441	if (EFI_ERROR (Status)) {\r
442	return ;\r
443	}\r
444	\r
445	//\r
446	// Update the informantion on credential provider.\r
447	//\r
448	Status = UpdateCredentialProvider ();\r
449	if (EFI_ERROR (Status)) {\r
450	return ;\r
451	}\r
452	\r
453	//\r
454	// Save new identification policy.\r
455	//\r
456	Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + mUserInfo.NewIdentityPolicyLen);\r
457	ASSERT (Info != NULL);\r
458	\r
459	Info->InfoType = EFI_USER_INFO_IDENTITY_POLICY_RECORD;\r
460	Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV \| EFI_USER_INFO_PUBLIC \| EFI_USER_INFO_EXCLUSIVE;\r
461	Info->InfoSize = (UINT32) (sizeof (EFI_USER_INFO) + mUserInfo.NewIdentityPolicyLen);\r
462	CopyMem ((UINT8 *) (Info + 1), mUserInfo.NewIdentityPolicy, mUserInfo.NewIdentityPolicyLen);\r
463	\r
464	Status = mUserManager->SetInfo (mUserManager, mModifyUser, &UserInfo, Info, Info->InfoSize);\r
465	FreePool (Info);\r
466	\r
467	//\r
468	// Update the mUserInfo.IdentityPolicy by mUserInfo.NewIdentityPolicy\r
469	//\r
470	if (mUserInfo.IdentityPolicy != NULL) {\r
471	FreePool (mUserInfo.IdentityPolicy);\r
472	}\r
473	mUserInfo.IdentityPolicy = mUserInfo.NewIdentityPolicy;\r
474	mUserInfo.IdentityPolicyLen = mUserInfo.NewIdentityPolicyLen;\r
475	\r
476	mUserInfo.NewIdentityPolicy = NULL;\r
477	mUserInfo.NewIdentityPolicyLen = 0;\r
478	mUserInfo.NewIdentityPolicyModified = FALSE; \r
479	\r
480	//\r
481	// Update identity policy choice.\r
482	//\r
483	ResolveIdentityPolicy (mUserInfo.IdentityPolicy, mUserInfo.IdentityPolicyLen, STRING_TOKEN (STR_IDENTIFY_POLICY_VAL));\r
484	}\r
485	\r
486	\r
487	/**\r
488	Update the mUserInfo.NewIdentityPolicy, and UI when 'add option' is pressed.\r
489	\r
490	**/\r
491	VOID\r
492	AddIdentityPolicyItem (\r
493	VOID\r
494	)\r
495	{\r
496	if (mProviderInfo->Count == 0) {\r
497	return ;\r
498	}\r
499	\r
500	//\r
501	// Check the identity policy.\r
502	//\r
503	if (ProviderAlreadyInPolicy (&mProviderInfo->Provider[mProviderChoice]->Identifier)) {\r
504	return;\r
505	}\r
506	\r
507	//\r
508	// Add it to identification policy\r
509	//\r
510	AddProviderToPolicy (&mProviderInfo->Provider[mProviderChoice]->Identifier);\r
511	\r
512	//\r
513	// Update identity policy choice.\r
514	//\r
515	ResolveIdentityPolicy (mUserInfo.NewIdentityPolicy, mUserInfo.NewIdentityPolicyLen, STRING_TOKEN (STR_IDENTIFY_POLICY_VALUE));\r
516	}\r
517	\r
518	\r