b8513e9515dbeb1085b28076960316528b92833f
[mirror_edk2.git] / SecurityPkg / UserIdentification / PwdCredentialProviderDxe / PwdCredentialProvider.c
1 /** @file
2 Password Credential Provider driver implementation.
3
4 Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
9
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
12
13 **/
14
15 #include "PwdCredentialProvider.h"
16
17 CREDENTIAL_TABLE *mPwdTable = NULL;
18 PWD_PROVIDER_CALLBACK_INFO *mCallbackInfo = NULL;
19 PASSWORD_CREDENTIAL_INFO *mPwdInfoHandle = NULL;
20
21 HII_VENDOR_DEVICE_PATH mHiiVendorDevicePath = {
22 {
23 {
24 HARDWARE_DEVICE_PATH,
25 HW_VENDOR_DP,
26 {
27 (UINT8) (sizeof (VENDOR_DEVICE_PATH)),
28 (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8)
29 }
30 },
31 PWD_CREDENTIAL_PROVIDER_GUID
32 },
33 {
34 END_DEVICE_PATH_TYPE,
35 END_ENTIRE_DEVICE_PATH_SUBTYPE,
36 {
37 (UINT8) (END_DEVICE_PATH_LENGTH),
38 (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8)
39 }
40 }
41 };
42
43 EFI_USER_CREDENTIAL_PROTOCOL gPwdCredentialProviderDriver = {
44 PWD_CREDENTIAL_PROVIDER_GUID,
45 EFI_USER_CREDENTIAL_CLASS_PASSWORD,
46 CredentialEnroll,
47 CredentialForm,
48 CredentialTile,
49 CredentialTitle,
50 CredentialUser,
51 CredentialSelect,
52 CredentialDeselect,
53 CredentialDefault,
54 CredentialGetInfo,
55 CredentialGetNextInfo
56 };
57
58
59 /**
60 Get string by string id from HII Interface.
61
62
63 @param[in] Id String ID to get the string from.
64
65 @retval CHAR16 * String from ID.
66 @retval NULL If error occurs.
67
68 **/
69 CHAR16 *
70 GetStringById (
71 IN EFI_STRING_ID Id
72 )
73 {
74 //
75 // Get the current string for the current Language.
76 //
77 return HiiGetString (mCallbackInfo->HiiHandle, Id, NULL);
78 }
79
80
81 /**
82 Expand password table size.
83
84 **/
85 VOID
86 ExpandTableSize (
87 VOID
88 )
89 {
90 CREDENTIAL_TABLE *NewTable;
91 UINTN Count;
92
93 Count = mPwdTable->MaxCount + PASSWORD_TABLE_INC;
94 //
95 // Create new credential table.
96 //
97 NewTable = (CREDENTIAL_TABLE *) AllocateZeroPool (
98 sizeof (CREDENTIAL_TABLE) +
99 (Count - 1) * sizeof (PASSWORD_INFO)
100 );
101 ASSERT (NewTable != NULL);
102
103 NewTable->MaxCount = Count;
104 NewTable->Count = mPwdTable->Count;
105 NewTable->ValidIndex = mPwdTable->ValidIndex;
106 //
107 // Copy old entries
108 //
109 CopyMem (
110 &NewTable->UserInfo,
111 &mPwdTable->UserInfo,
112 mPwdTable->Count * sizeof (PASSWORD_INFO)
113 );
114 FreePool (mPwdTable);
115 mPwdTable = NewTable;
116 }
117
118
119 /**
120 Add or delete info in table, and sync with NV variable.
121
122 @param[in] Index The index of the password in table. The index begin from 1.
123 If index is found in table, delete the info, else add the
124 into to table.
125 @param[in] Info The new password info to add into table.
126
127 @retval EFI_INVALID_PARAMETER Info is NULL when save the info.
128 @retval EFI_SUCCESS Modify the table successfully.
129 @retval Others Failed to modify the table.
130
131 **/
132 EFI_STATUS
133 ModifyTable (
134 IN UINTN Index,
135 IN PASSWORD_INFO * Info OPTIONAL
136 )
137 {
138 EFI_STATUS Status;
139
140 if (Index < mPwdTable->Count) {
141 //
142 // Delete the specified entry.
143 //
144 mPwdTable->Count--;
145 if (Index != mPwdTable->Count) {
146 CopyMem (
147 &mPwdTable->UserInfo[Index],
148 &mPwdTable->UserInfo[mPwdTable->Count],
149 sizeof (PASSWORD_INFO)
150 );
151 }
152 } else {
153 //
154 // Add a new entry.
155 //
156 if (Info == NULL) {
157 return EFI_INVALID_PARAMETER;
158 }
159
160 if (mPwdTable->Count >= mPwdTable->MaxCount) {
161 ExpandTableSize ();
162 }
163
164 CopyMem (
165 &mPwdTable->UserInfo[mPwdTable->Count],
166 Info,
167 sizeof (PASSWORD_INFO)
168 );
169 mPwdTable->Count++;
170 }
171
172 //
173 // Save the credential table.
174 //
175 Status = gRT->SetVariable (
176 L"PwdCredential",
177 &gPwdCredentialProviderGuid,
178 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
179 mPwdTable->Count * sizeof (PASSWORD_INFO),
180 &mPwdTable->UserInfo
181 );
182 return Status;
183 }
184
185
186 /**
187 Create a password table.
188
189 @retval EFI_SUCCESS Create a password table successfully.
190 @retval Others Failed to create a password.
191
192 **/
193 EFI_STATUS
194 InitCredentialTable (
195 VOID
196 )
197 {
198 EFI_STATUS Status;
199 UINT8 *Var;
200 UINTN VarSize;
201
202 //
203 // Get Password credential data from NV variable.
204 //
205 VarSize = 0;
206 Var = NULL;
207 Status = gRT->GetVariable (
208 L"PwdCredential",
209 &gPwdCredentialProviderGuid,
210 NULL,
211 &VarSize,
212 Var
213 );
214 if (Status == EFI_BUFFER_TOO_SMALL) {
215 Var = AllocateZeroPool (VarSize);
216 if (Var == NULL) {
217 return EFI_OUT_OF_RESOURCES;
218 }
219 Status = gRT->GetVariable (
220 L"PwdCredential",
221 &gPwdCredentialProviderGuid,
222 NULL,
223 &VarSize,
224 Var
225 );
226 }
227 if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) {
228 return Status;
229 }
230
231 //
232 // Create the password credential table.
233 //
234 mPwdTable = AllocateZeroPool (
235 sizeof (CREDENTIAL_TABLE) - sizeof (PASSWORD_INFO) +
236 PASSWORD_TABLE_INC * sizeof (PASSWORD_INFO) +
237 VarSize
238 );
239 if (mPwdTable == NULL) {
240 FreePool (Var);
241 return EFI_OUT_OF_RESOURCES;
242 }
243
244 mPwdTable->Count = VarSize / sizeof (PASSWORD_INFO);
245 mPwdTable->MaxCount = mPwdTable->Count + PASSWORD_TABLE_INC;
246 mPwdTable->ValidIndex = 0;
247 if (Var != NULL) {
248 CopyMem (mPwdTable->UserInfo, Var, VarSize);
249 FreePool (Var);
250 }
251 return EFI_SUCCESS;
252 }
253
254
255 /**
256 Hash the password to get credential.
257
258 @param[in] Password Points to the input password.
259 @param[in] PasswordSize The size of password, in bytes.
260 @param[out] Credential Points to the hashed result.
261
262 @retval TRUE Hash the password successfully.
263 @retval FALSE Failed to hash the password.
264
265 **/
266 BOOLEAN
267 GenerateCredential (
268 IN CHAR16 *Password,
269 IN UINTN PasswordSize,
270 OUT UINT8 *Credential
271 )
272 {
273 BOOLEAN Status;
274 UINTN HashSize;
275 VOID *Hash;
276
277 HashSize = Sha1GetContextSize ();
278 Hash = AllocatePool (HashSize);
279 ASSERT (Hash != NULL);
280
281 Status = Sha1Init (Hash);
282 if (!Status) {
283 goto Done;
284 }
285
286 Status = Sha1Update (Hash, Password, PasswordSize);
287 if (!Status) {
288 goto Done;
289 }
290
291 Status = Sha1Final (Hash, Credential);
292
293 Done:
294 FreePool (Hash);
295 return Status;
296 }
297
298
299 /**
300 Get password from user input.
301
302 @param[in] FirstPwd If True, prompt to input the first password.
303 If False, prompt to input password again.
304 @param[out] Credential Points to the input password.
305
306 **/
307 VOID
308 GetPassword (
309 IN BOOLEAN FirstPwd,
310 OUT CHAR8 *Credential
311 )
312 {
313 EFI_INPUT_KEY Key;
314 CHAR16 PasswordMask[CREDENTIAL_LEN + 1];
315 CHAR16 Password[CREDENTIAL_LEN];
316 UINTN PasswordLen;
317 CHAR16 *QuestionStr;
318 CHAR16 *LineStr;
319
320 PasswordLen = 0;
321 while (TRUE) {
322 PasswordMask[PasswordLen] = L'_';
323 PasswordMask[PasswordLen + 1] = L'\0';
324 LineStr = GetStringById (STRING_TOKEN (STR_DRAW_A_LINE));
325 if (FirstPwd) {
326 QuestionStr = GetStringById (STRING_TOKEN (STR_INPUT_PASSWORD));
327 } else {
328 QuestionStr = GetStringById (STRING_TOKEN (STR_INPUT_PASSWORD_AGAIN));
329 }
330 CreatePopUp (
331 EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
332 &Key,
333 QuestionStr,
334 LineStr,
335 PasswordMask,
336 NULL
337 );
338 FreePool (QuestionStr);
339 FreePool (LineStr);
340
341 //
342 // Check key stroke
343 //
344 if (Key.ScanCode == SCAN_NULL) {
345 if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) {
346 break;
347 } else if (Key.UnicodeChar == CHAR_BACKSPACE) {
348 if (PasswordLen > 0) {
349 PasswordLen--;
350 }
351 } else if ((Key.UnicodeChar == CHAR_NULL) ||
352 (Key.UnicodeChar == CHAR_TAB) ||
353 (Key.UnicodeChar == CHAR_LINEFEED)) {
354 continue;
355 } else {
356 Password[PasswordLen] = Key.UnicodeChar;
357 PasswordMask[PasswordLen] = L'*';
358 PasswordLen++;
359 if (PasswordLen == CREDENTIAL_LEN) {
360 break;
361 }
362 }
363 }
364 }
365
366 PasswordLen = PasswordLen * sizeof (CHAR16);
367 GenerateCredential (Password, PasswordLen, (UINT8 *)Credential);
368 }
369
370 /**
371 Check whether the password can be found on this provider.
372
373 @param[in] Password The password to be found.
374
375 @retval EFI_SUCCESS Found password sucessfully.
376 @retval EFI_NOT_FOUND Fail to find the password.
377
378 **/
379 EFI_STATUS
380 CheckPassword (
381 IN CHAR8 *Password
382 )
383 {
384 UINTN Index;
385 CHAR8 *Pwd;
386
387 //
388 // Check password credential.
389 //
390 mPwdTable->ValidIndex = 0;
391 for (Index = 0; Index < mPwdTable->Count; Index++) {
392 Pwd = mPwdTable->UserInfo[Index].Password;
393 if (CompareMem (Pwd, Password, CREDENTIAL_LEN) == 0) {
394 mPwdTable->ValidIndex = Index + 1;
395 return EFI_SUCCESS;
396 }
397 }
398
399 return EFI_NOT_FOUND;
400 }
401
402
403 /**
404 Find a user infomation record by the information record type.
405
406 This function searches all user information records of User from beginning
407 until either the information is found, or there are no more user infomation
408 records. A match occurs when a Info.InfoType field matches the user information
409 record type.
410
411 @param[in] User Points to the user profile record to search.
412 @param[in] InfoType The infomation type to be searched.
413 @param[out] Info Points to the user info found, the caller is responsible
414 to free.
415
416 @retval EFI_SUCCESS Find the user information successfully.
417 @retval Others Fail to find the user information.
418
419 **/
420 EFI_STATUS
421 FindUserInfoByType (
422 IN EFI_USER_PROFILE_HANDLE User,
423 IN UINT8 InfoType,
424 OUT EFI_USER_INFO **Info
425 )
426 {
427 EFI_STATUS Status;
428 EFI_USER_INFO *UserInfo;
429 UINTN UserInfoSize;
430 EFI_USER_INFO_HANDLE UserInfoHandle;
431 EFI_USER_MANAGER_PROTOCOL *UserManager;
432
433 //
434 // Find user information by information type.
435 //
436 if (Info == NULL) {
437 return EFI_INVALID_PARAMETER;
438 }
439
440 Status = gBS->LocateProtocol (
441 &gEfiUserManagerProtocolGuid,
442 NULL,
443 (VOID **) &UserManager
444 );
445 if (EFI_ERROR (Status)) {
446 return EFI_NOT_FOUND;
447 }
448
449 //
450 // Get each user information.
451 //
452
453 UserInfoHandle = NULL;
454 UserInfo = NULL;
455 UserInfoSize = 0;
456 while (TRUE) {
457 Status = UserManager->GetNextInfo (UserManager, User, &UserInfoHandle);
458 if (EFI_ERROR (Status)) {
459 break;
460 }
461 //
462 // Get information.
463 //
464 Status = UserManager->GetInfo (
465 UserManager,
466 User,
467 UserInfoHandle,
468 UserInfo,
469 &UserInfoSize
470 );
471 if (Status == EFI_BUFFER_TOO_SMALL) {
472 if (UserInfo != NULL) {
473 FreePool (UserInfo);
474 }
475 UserInfo = AllocateZeroPool (UserInfoSize);
476 if (UserInfo == NULL) {
477 return EFI_OUT_OF_RESOURCES;
478 }
479 Status = UserManager->GetInfo (
480 UserManager,
481 User,
482 UserInfoHandle,
483 UserInfo,
484 &UserInfoSize
485 );
486 }
487 if (EFI_ERROR (Status)) {
488 break;
489 }
490
491 ASSERT (UserInfo != NULL);
492 if (UserInfo->InfoType == InfoType) {
493 *Info = UserInfo;
494 return EFI_SUCCESS;
495 }
496 }
497
498 if (UserInfo != NULL) {
499 FreePool (UserInfo);
500 }
501 return Status;
502 }
503
504
505 /**
506 This function processes the results of changes in configuration.
507
508 @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
509 @param Action Specifies the type of action taken by the browser.
510 @param QuestionId A unique value which is sent to the original
511 exporting driver so that it can identify the type
512 of data to expect.
513 @param Type The type of value for the question.
514 @param Value A pointer to the data being sent to the original
515 exporting driver.
516 @param ActionRequest On return, points to the action requested by the
517 callback function.
518
519 @retval EFI_SUCCESS The callback successfully handled the action.
520 @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the
521 variable and its data.
522 @retval EFI_DEVICE_ERROR The variable could not be saved.
523 @retval EFI_UNSUPPORTED The specified Action is not supported by the
524 callback.
525
526 **/
527 EFI_STATUS
528 EFIAPI
529 CredentialDriverCallback (
530 IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
531 IN EFI_BROWSER_ACTION Action,
532 IN EFI_QUESTION_ID QuestionId,
533 IN UINT8 Type,
534 IN EFI_IFR_TYPE_VALUE *Value,
535 OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
536 )
537 {
538 EFI_STATUS Status;
539 EFI_INPUT_KEY Key;
540 CHAR8 Password[CREDENTIAL_LEN];
541 CHAR16 *PromptStr;
542
543 if (Action == EFI_BROWSER_ACTION_CHANGING) {
544 if (QuestionId == KEY_GET_PASSWORD) {
545 //
546 // Get and check password.
547 //
548 GetPassword (TRUE, Password);
549 Status = CheckPassword (Password);
550 if (EFI_ERROR (Status)) {
551 PromptStr = GetStringById (STRING_TOKEN (STR_PASSWORD_INCORRECT));
552 CreatePopUp (
553 EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
554 &Key,
555 L"",
556 PromptStr,
557 L"",
558 NULL
559 );
560 FreePool (PromptStr);
561 return Status;
562 }
563 *ActionRequest = EFI_BROWSER_ACTION_REQUEST_EXIT;
564 }
565 return EFI_SUCCESS;
566 }
567
568 //
569 // All other action return unsupported.
570 //
571 return EFI_UNSUPPORTED;
572 }
573
574
575 /**
576 This function allows a caller to extract the current configuration for one
577 or more named elements from the target driver.
578
579
580 @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
581 @param Request A null-terminated Unicode string in <ConfigRequest> format.
582 @param Progress On return, points to a character in the Request string.
583 Points to the string's null terminator if request was successful.
584 Points to the most recent '&' before the first failing name/value
585 pair (or the beginning of the string if the failure is in the
586 first name/value pair) if the request was not successful.
587 @param Results A null-terminated Unicode string in <ConfigAltResp> format which
588 has all values filled in for the names in the Request string.
589 String to be allocated by the called function.
590
591 @retval EFI_SUCCESS The Results is filled with the requested values.
592 @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results.
593 @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name.
594 @retval EFI_NOT_FOUND Routing data doesn't match any storage in this driver.
595
596 **/
597 EFI_STATUS
598 EFIAPI
599 FakeExtractConfig (
600 IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
601 IN CONST EFI_STRING Request,
602 OUT EFI_STRING *Progress,
603 OUT EFI_STRING *Results
604 )
605 {
606 if (Progress == NULL || Results == NULL) {
607 return EFI_INVALID_PARAMETER;
608 }
609 *Progress = Request;
610 return EFI_NOT_FOUND;
611 }
612
613 /**
614 This function processes the results of changes in configuration.
615
616
617 @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
618 @param Configuration A null-terminated Unicode string in <ConfigResp> format.
619 @param Progress A pointer to a string filled in with the offset of the most
620 recent '&' before the first failing name/value pair (or the
621 beginning of the string if the failure is in the first
622 name/value pair) or the terminating NULL if all was successful.
623
624 @retval EFI_SUCCESS The Results is processed successfully.
625 @retval EFI_INVALID_PARAMETER Configuration is NULL.
626 @retval EFI_NOT_FOUND Routing data doesn't match any storage in this driver.
627
628 **/
629 EFI_STATUS
630 EFIAPI
631 FakeRouteConfig (
632 IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
633 IN CONST EFI_STRING Configuration,
634 OUT EFI_STRING *Progress
635 )
636 {
637 if (Configuration == NULL || Progress == NULL) {
638 return EFI_INVALID_PARAMETER;
639 }
640
641 return EFI_NOT_FOUND;
642 }
643
644 /**
645 This function initialize the data mainly used in form browser.
646
647 @retval EFI_SUCCESS Initialize form data successfully.
648 @retval Others Fail to Initialize form data.
649
650 **/
651 EFI_STATUS
652 InitFormBrowser (
653 VOID
654 )
655 {
656 EFI_STATUS Status;
657 PWD_PROVIDER_CALLBACK_INFO *CallbackInfo;
658
659 //
660 // Initialize driver private data.
661 //
662 CallbackInfo = AllocateZeroPool (sizeof (PWD_PROVIDER_CALLBACK_INFO));
663 if (CallbackInfo == NULL) {
664 return EFI_OUT_OF_RESOURCES;
665 }
666
667 CallbackInfo->Signature = PWD_PROVIDER_SIGNATURE;
668 CallbackInfo->ConfigAccess.ExtractConfig = FakeExtractConfig;
669 CallbackInfo->ConfigAccess.RouteConfig = FakeRouteConfig;
670 CallbackInfo->ConfigAccess.Callback = CredentialDriverCallback;
671 CallbackInfo->DriverHandle = NULL;
672
673 //
674 // Install Device Path Protocol and Config Access protocol to driver handle.
675 //
676 Status = gBS->InstallMultipleProtocolInterfaces (
677 &CallbackInfo->DriverHandle,
678 &gEfiDevicePathProtocolGuid,
679 &mHiiVendorDevicePath,
680 &gEfiHiiConfigAccessProtocolGuid,
681 &CallbackInfo->ConfigAccess,
682 NULL
683 );
684 ASSERT_EFI_ERROR (Status);
685
686 //
687 // Publish HII data.
688 //
689 CallbackInfo->HiiHandle = HiiAddPackages (
690 &gPwdCredentialProviderGuid,
691 CallbackInfo->DriverHandle,
692 PwdCredentialProviderStrings,
693 PwdCredentialProviderVfrBin,
694 NULL
695 );
696 if (CallbackInfo->HiiHandle == NULL) {
697 return EFI_OUT_OF_RESOURCES;
698 }
699 mCallbackInfo = CallbackInfo;
700
701 return Status;
702 }
703
704
705 /**
706 Enroll a user on a credential provider.
707
708 This function enrolls and deletes a user profile using this credential provider.
709 If a user profile is successfully enrolled, it calls the User Manager Protocol
710 function Notify() to notify the user manager driver that credential information
711 has changed. If an enrolled user does exist, delete the user on the credential
712 provider.
713
714 @param[in] This Points to this instance of EFI_USER_CREDENTIAL_PROTOCOL.
715 @param[in] User The user profile to enroll.
716
717 @retval EFI_SUCCESS User profile was successfully enrolled.
718 @retval EFI_ACCESS_DENIED Current user profile does not permit enrollment on the
719 user profile handle. Either the user profile cannot enroll
720 on any user profile or cannot enroll on a user profile
721 other than the current user profile.
722 @retval EFI_UNSUPPORTED This credential provider does not support enrollment in
723 the pre-OS.
724 @retval EFI_DEVICE_ERROR The new credential could not be created because of a device
725 error.
726 @retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle.
727
728 **/
729 EFI_STATUS
730 EFIAPI
731 CredentialEnroll (
732 IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
733 IN EFI_USER_PROFILE_HANDLE User
734 )
735 {
736 EFI_STATUS Status;
737 UINTN Index;
738 PASSWORD_INFO PwdInfo;
739 EFI_USER_INFO *UserInfo;
740 CHAR8 Password[CREDENTIAL_LEN];
741 EFI_INPUT_KEY Key;
742 EFI_USER_MANAGER_PROTOCOL *UserManager;
743 UINT8 *UserId;
744 UINT8 *NewUserId;
745 CHAR16 *QuestionStr;
746 CHAR16 *PromptStr;
747
748 if ((This == NULL) || (User == NULL)) {
749 return EFI_INVALID_PARAMETER;
750 }
751
752 Status = gBS->LocateProtocol (
753 &gEfiUserManagerProtocolGuid,
754 NULL,
755 (VOID **) &UserManager
756 );
757 if (EFI_ERROR (Status)) {
758 return EFI_UNSUPPORTED;
759 }
760
761 //
762 // Get User Identifier.
763 //
764 UserInfo = NULL;
765 Status = FindUserInfoByType (
766 User,
767 EFI_USER_INFO_IDENTIFIER_RECORD,
768 &UserInfo
769 );
770 if (EFI_ERROR (Status)) {
771 return EFI_INVALID_PARAMETER;
772 }
773
774 //
775 // If User exists in mPwdTable, delete User.
776 //
777 for (Index = 0; Index < mPwdTable->Count; Index++) {
778 UserId = (UINT8 *) &mPwdTable->UserInfo[Index].UserId;
779 NewUserId = (UINT8 *) (UserInfo + 1);
780 if (CompareMem (UserId, NewUserId, sizeof (EFI_USER_INFO_IDENTIFIER)) == 0) {
781 //
782 // Delete the existing password.
783 //
784 FreePool (UserInfo);
785 return ModifyTable (Index, NULL);
786 }
787 }
788
789 //
790 // The User doesn't exist in mPwdTable; Enroll the new User.
791 //
792 while (TRUE) {
793 //
794 // Input password.
795 //
796 GetPassword (TRUE, PwdInfo.Password);
797
798 //
799 // Input password again.
800 //
801 GetPassword (FALSE, Password);
802
803 //
804 // Compare the two password consistency.
805 //
806 if (CompareMem (PwdInfo.Password, Password, CREDENTIAL_LEN) == 0) {
807 break;
808 }
809
810 QuestionStr = GetStringById (STRING_TOKEN (STR_PASSWORD_MISMATCH));
811 PromptStr = GetStringById (STRING_TOKEN (STR_INPUT_PASSWORD_AGAIN));
812 CreatePopUp (
813 EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
814 &Key,
815 QuestionStr,
816 L"",
817 PromptStr,
818 NULL
819 );
820 FreePool (QuestionStr);
821 FreePool (PromptStr);
822 }
823
824 CopyMem (
825 PwdInfo.UserId,
826 (UINT8 *) (UserInfo + 1),
827 sizeof (EFI_USER_INFO_IDENTIFIER)
828 );
829 FreePool (UserInfo);
830
831 //
832 // Save the new added entry.
833 //
834 Status = ModifyTable (mPwdTable->Count, &PwdInfo);
835 if (EFI_ERROR (Status)) {
836 return Status;
837 }
838
839 //
840 // Notify the user manager driver that credential information has changed.
841 //
842 UserManager->Notify (UserManager, mCallbackInfo->DriverHandle);
843
844 return EFI_SUCCESS;
845 }
846
847
848 /**
849 Returns the user interface information used during user identification.
850
851 This function returns information about the form used when interacting with the
852 user during user identification. The form is the first enabled form in the form-set
853 class EFI_HII_USER_CREDENTIAL_FORMSET_GUID installed on the HII handle HiiHandle. If
854 the user credential provider does not require a form to identify the user, then this
855 function should return EFI_NOT_FOUND.
856
857 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
858 @param[out] Hii On return, holds the HII database handle.
859 @param[out] FormSetId On return, holds the identifier of the form set which contains
860 the form used during user identification.
861 @param[out] FormId On return, holds the identifier of the form used during user
862 identification.
863
864 @retval EFI_SUCCESS Form returned successfully.
865 @retval EFI_NOT_FOUND Form not returned.
866 @retval EFI_INVALID_PARAMETER Hii is NULL or FormSetId is NULL or FormId is NULL.
867
868 **/
869 EFI_STATUS
870 EFIAPI
871 CredentialForm (
872 IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
873 OUT EFI_HII_HANDLE *Hii,
874 OUT EFI_GUID *FormSetId,
875 OUT EFI_FORM_ID *FormId
876 )
877 {
878 if ((This == NULL) || (Hii == NULL) ||
879 (FormSetId == NULL) || (FormId == NULL)) {
880 return EFI_INVALID_PARAMETER;
881 }
882
883 *Hii = mCallbackInfo->HiiHandle;
884 *FormId = FORMID_GET_PASSWORD_FORM;
885 CopyGuid (FormSetId, &gPwdCredentialProviderGuid);
886
887 return EFI_SUCCESS;
888 }
889
890
891 /**
892 Returns bitmap used to describe the credential provider type.
893
894 This optional function returns a bitmap that is less than or equal to the number
895 of pixels specified by Width and Height. If no such bitmap exists, then EFI_NOT_FOUND
896 is returned.
897
898 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
899 @param[in, out] Width On entry, points to the desired bitmap width. If NULL then no
900 bitmap information will be returned. On exit, points to the
901 width of the bitmap returned.
902 @param[in, out] Height On entry, points to the desired bitmap height. If NULL then no
903 bitmap information will be returned. On exit, points to the
904 height of the bitmap returned
905 @param[out] Hii On return, holds the HII database handle.
906 @param[out] Image On return, holds the HII image identifier.
907
908 @retval EFI_SUCCESS Image identifier returned successfully.
909 @retval EFI_NOT_FOUND Image identifier not returned.
910 @retval EFI_INVALID_PARAMETER Hii is NULL or Image is NULL.
911
912 **/
913 EFI_STATUS
914 EFIAPI
915 CredentialTile (
916 IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
917 IN OUT UINTN *Width,
918 IN OUT UINTN *Height,
919 OUT EFI_HII_HANDLE *Hii,
920 OUT EFI_IMAGE_ID *Image
921 )
922 {
923 if ((This == NULL) || (Hii == NULL) || (Image == NULL)) {
924 return EFI_INVALID_PARAMETER;
925 }
926 return EFI_NOT_FOUND;
927 }
928
929
930 /**
931 Returns string used to describe the credential provider type.
932
933 This function returns a string which describes the credential provider. If no
934 such string exists, then EFI_NOT_FOUND is returned.
935
936 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
937 @param[out] Hii On return, holds the HII database handle.
938 @param[out] String On return, holds the HII string identifier.
939
940 @retval EFI_SUCCESS String identifier returned successfully.
941 @retval EFI_NOT_FOUND String identifier not returned.
942 @retval EFI_INVALID_PARAMETER Hii is NULL or String is NULL.
943
944 **/
945 EFI_STATUS
946 EFIAPI
947 CredentialTitle (
948 IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
949 OUT EFI_HII_HANDLE *Hii,
950 OUT EFI_STRING_ID *String
951 )
952 {
953 if ((This == NULL) || (Hii == NULL) || (String == NULL)) {
954 return EFI_INVALID_PARAMETER;
955 }
956
957 //
958 // Set Hii handle and String ID.
959 //
960 *Hii = mCallbackInfo->HiiHandle;
961 *String = STRING_TOKEN (STR_CREDENTIAL_TITLE);
962
963 return EFI_SUCCESS;
964 }
965
966
967 /**
968 Return the user identifier associated with the currently authenticated user.
969
970 This function returns the user identifier of the user authenticated by this credential
971 provider. This function is called after the credential-related information has been
972 submitted on a form, OR after a call to Default() has returned that this credential is
973 ready to log on.
974
975 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
976 @param[in] User The user profile handle of the user profile currently being
977 considered by the user identity manager. If NULL, then no user
978 profile is currently under consideration.
979 @param[out] Identifier On return, points to the user identifier.
980
981 @retval EFI_SUCCESS User identifier returned successfully.
982 @retval EFI_NOT_READY No user identifier can be returned.
983 @retval EFI_ACCESS_DENIED The user has been locked out of this user credential.
984 @retval EFI_INVALID_PARAMETER This is NULL, or Identifier is NULL.
985 @retval EFI_NOT_FOUND User is not NULL, and the specified user handle can't be
986 found in user profile database
987
988 **/
989 EFI_STATUS
990 EFIAPI
991 CredentialUser (
992 IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
993 IN EFI_USER_PROFILE_HANDLE User,
994 OUT EFI_USER_INFO_IDENTIFIER *Identifier
995 )
996 {
997 EFI_STATUS Status;
998 UINTN Index;
999 EFI_USER_INFO *UserInfo;
1000 UINT8 *UserId;
1001 UINT8 *NewUserId;
1002 CHAR8 *Pwd;
1003 CHAR8 *NewPwd;
1004
1005 if ((This == NULL) || (Identifier == NULL)) {
1006 return EFI_INVALID_PARAMETER;
1007 }
1008
1009 if (mPwdTable->ValidIndex == 0) {
1010 //
1011 // No password input, or the input password doesn't match
1012 // anyone in PwdTable.
1013 //
1014 return EFI_NOT_READY;
1015 }
1016
1017 if (User == NULL) {
1018 //
1019 // Return the user ID whose password matches the input password.
1020 //
1021 CopyMem (
1022 Identifier,
1023 &mPwdTable->UserInfo[mPwdTable->ValidIndex - 1].UserId,
1024 sizeof (EFI_USER_INFO_IDENTIFIER)
1025 );
1026 return EFI_SUCCESS;
1027 }
1028
1029 //
1030 // Get the User's ID.
1031 //
1032 Status = FindUserInfoByType (
1033 User,
1034 EFI_USER_INFO_IDENTIFIER_RECORD,
1035 &UserInfo
1036 );
1037 if (EFI_ERROR (Status)) {
1038 return EFI_NOT_FOUND;
1039 }
1040
1041 //
1042 // Check whether the input password matches one in PwdTable.
1043 //
1044 for (Index = 0; Index < mPwdTable->Count; Index++) {
1045 UserId = (UINT8 *) &mPwdTable->UserInfo[Index].UserId;
1046 NewUserId = (UINT8 *) (UserInfo + 1);
1047 if (CompareMem (UserId, NewUserId, sizeof (EFI_USER_INFO_IDENTIFIER)) == 0) {
1048 Pwd = mPwdTable->UserInfo[Index].Password;
1049 NewPwd = mPwdTable->UserInfo[mPwdTable->ValidIndex - 1].Password;
1050 if (CompareMem (Pwd, NewPwd, CREDENTIAL_LEN) == 0) {
1051 CopyMem (Identifier, UserId, sizeof (EFI_USER_INFO_IDENTIFIER));
1052 FreePool (UserInfo);
1053 return EFI_SUCCESS;
1054 }
1055 }
1056 }
1057
1058 FreePool (UserInfo);
1059 return EFI_NOT_READY;
1060 }
1061
1062
1063 /**
1064 Indicate that user interface interaction has begun for the specified credential.
1065
1066 This function is called when a credential provider is selected by the user. If
1067 AutoLogon returns FALSE, then the user interface will be constructed by the User
1068 Identity Manager.
1069
1070 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
1071 @param[out] AutoLogon On return, points to the credential provider's capabilities
1072 after the credential provider has been selected by the user.
1073
1074 @retval EFI_SUCCESS Credential provider successfully selected.
1075 @retval EFI_INVALID_PARAMETER AutoLogon is NULL.
1076
1077 **/
1078 EFI_STATUS
1079 EFIAPI
1080 CredentialSelect (
1081 IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
1082 OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon
1083 )
1084 {
1085 if ((This == NULL) || (AutoLogon == NULL)) {
1086 return EFI_INVALID_PARAMETER;
1087 }
1088 *AutoLogon = 0;
1089
1090 return EFI_SUCCESS;
1091 }
1092
1093
1094 /**
1095 Indicate that user interface interaction has ended for the specified credential.
1096
1097 This function is called when a credential provider is deselected by the user.
1098
1099 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
1100
1101 @retval EFI_SUCCESS Credential provider successfully deselected.
1102
1103 **/
1104 EFI_STATUS
1105 EFIAPI
1106 CredentialDeselect (
1107 IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This
1108 )
1109 {
1110 if (This == NULL) {
1111 return EFI_INVALID_PARAMETER;
1112 }
1113 return EFI_SUCCESS;
1114 }
1115
1116
1117 /**
1118 Return the default logon behavior for this user credential.
1119
1120 This function reports the default login behavior regarding this credential provider.
1121
1122 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
1123 @param[out] AutoLogon On return, holds whether the credential provider should be used
1124 by default to automatically log on the user.
1125
1126 @retval EFI_SUCCESS Default information successfully returned.
1127 @retval EFI_INVALID_PARAMETER AutoLogon is NULL.
1128
1129 **/
1130 EFI_STATUS
1131 EFIAPI
1132 CredentialDefault (
1133 IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
1134 OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon
1135 )
1136 {
1137 if ((This == NULL) || (AutoLogon == NULL)) {
1138 return EFI_INVALID_PARAMETER;
1139 }
1140 *AutoLogon = 0;
1141
1142 return EFI_SUCCESS;
1143 }
1144
1145
1146 /**
1147 Return information attached to the credential provider.
1148
1149 This function returns user information.
1150
1151 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
1152 @param[in] UserInfo Handle of the user information data record.
1153 @param[out] Info On entry, points to a buffer of at least *InfoSize bytes. On
1154 exit, holds the user information. If the buffer is too small
1155 to hold the information, then EFI_BUFFER_TOO_SMALL is returned
1156 and InfoSize is updated to contain the number of bytes actually
1157 required.
1158 @param[in, out] InfoSize On entry, points to the size of Info. On return, points to the
1159 size of the user information.
1160
1161 @retval EFI_SUCCESS Information returned successfully.
1162 @retval EFI_BUFFER_TOO_SMALL The size specified by InfoSize is too small to hold all of the
1163 user information. The size required is returned in *InfoSize.
1164 @retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL.
1165 @retval EFI_NOT_FOUND The specified UserInfo does not refer to a valid user info handle.
1166
1167 **/
1168 EFI_STATUS
1169 EFIAPI
1170 CredentialGetInfo (
1171 IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
1172 IN EFI_USER_INFO_HANDLE UserInfo,
1173 OUT EFI_USER_INFO *Info,
1174 IN OUT UINTN *InfoSize
1175 )
1176 {
1177 EFI_USER_INFO *CredentialInfo;
1178 UINTN Index;
1179
1180 if ((This == NULL) || (InfoSize == NULL) || (Info == NULL)) {
1181 return EFI_INVALID_PARAMETER;
1182 }
1183
1184 if ((UserInfo == NULL) || (mPwdInfoHandle == NULL)) {
1185 return EFI_NOT_FOUND;
1186 }
1187
1188 //
1189 // Find information handle in credential info table.
1190 //
1191 for (Index = 0; Index < mPwdInfoHandle->Count; Index++) {
1192 CredentialInfo = mPwdInfoHandle->Info[Index];
1193 if (UserInfo == (EFI_USER_INFO_HANDLE)CredentialInfo) {
1194 //
1195 // The handle is found, copy the user info.
1196 //
1197 if (CredentialInfo->InfoSize > *InfoSize) {
1198 *InfoSize = CredentialInfo->InfoSize;
1199 return EFI_BUFFER_TOO_SMALL;
1200 }
1201 CopyMem (Info, CredentialInfo, CredentialInfo->InfoSize);
1202 return EFI_SUCCESS;
1203 }
1204 }
1205
1206 return EFI_NOT_FOUND;
1207 }
1208
1209
1210 /**
1211 Enumerate all of the user informations on the credential provider.
1212
1213 This function returns the next user information record. To retrieve the first user
1214 information record handle, point UserInfo at a NULL. Each subsequent call will retrieve
1215 another user information record handle until there are no more, at which point UserInfo
1216 will point to NULL.
1217
1218 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
1219 @param[in, out] UserInfo On entry, points to the previous user information handle or NULL
1220 to start enumeration. On exit, points to the next user information
1221 handle or NULL if there is no more user information.
1222
1223 @retval EFI_SUCCESS User information returned.
1224 @retval EFI_NOT_FOUND No more user information found.
1225 @retval EFI_INVALID_PARAMETER UserInfo is NULL.
1226
1227 **/
1228 EFI_STATUS
1229 EFIAPI
1230 CredentialGetNextInfo (
1231 IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
1232 IN OUT EFI_USER_INFO_HANDLE *UserInfo
1233 )
1234 {
1235 EFI_USER_INFO *Info;
1236 CHAR16 *ProvNameStr;
1237 UINTN InfoLen;
1238 UINTN Index;
1239 UINTN ProvStrLen;
1240
1241 if ((This == NULL) || (UserInfo == NULL)) {
1242 return EFI_INVALID_PARAMETER;
1243 }
1244
1245 if (mPwdInfoHandle == NULL) {
1246 //
1247 // Initilized user info table. There are 4 user info records in the table.
1248 //
1249 InfoLen = sizeof (PASSWORD_CREDENTIAL_INFO) + (4 - 1) * sizeof (EFI_USER_INFO *);
1250 mPwdInfoHandle = AllocateZeroPool (InfoLen);
1251 if (mPwdInfoHandle == NULL) {
1252 *UserInfo = NULL;
1253 return EFI_NOT_FOUND;
1254 }
1255
1256 //
1257 // The first information, Credential Provider info.
1258 //
1259 InfoLen = sizeof (EFI_USER_INFO) + sizeof (EFI_GUID);
1260 Info = AllocateZeroPool (InfoLen);
1261 ASSERT (Info != NULL);
1262
1263 Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_RECORD;
1264 Info->InfoSize = (UINT32) InfoLen;
1265 Info->InfoAttribs = EFI_USER_INFO_PROTECTED;
1266 CopyGuid (&Info->Credential, &gPwdCredentialProviderGuid);
1267 CopyGuid ((EFI_GUID *)(Info + 1), &gPwdCredentialProviderGuid);
1268
1269 mPwdInfoHandle->Info[0] = Info;
1270 mPwdInfoHandle->Count++;
1271
1272 //
1273 // The second information, Credential Provider name info.
1274 //
1275 ProvNameStr = GetStringById (STRING_TOKEN (STR_PROVIDER_NAME));
1276 ProvStrLen = StrSize (ProvNameStr);
1277 InfoLen = sizeof (EFI_USER_INFO) + ProvStrLen;
1278 Info = AllocateZeroPool (InfoLen);
1279 ASSERT (Info != NULL);
1280
1281 Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD;
1282 Info->InfoSize = (UINT32) InfoLen;
1283 Info->InfoAttribs = EFI_USER_INFO_PROTECTED;
1284 CopyGuid (&Info->Credential, &gPwdCredentialProviderGuid);
1285 CopyMem ((UINT8*)(Info + 1), ProvNameStr, ProvStrLen);
1286 FreePool (ProvNameStr);
1287
1288 mPwdInfoHandle->Info[1] = Info;
1289 mPwdInfoHandle->Count++;
1290
1291 //
1292 // The third information, Credential Provider type info.
1293 //
1294 InfoLen = sizeof (EFI_USER_INFO) + sizeof (EFI_GUID);
1295 Info = AllocateZeroPool (InfoLen);
1296 ASSERT (Info != NULL);
1297
1298 Info->InfoType = EFI_USER_INFO_CREDENTIAL_TYPE_RECORD;
1299 Info->InfoSize = (UINT32) InfoLen;
1300 Info->InfoAttribs = EFI_USER_INFO_PROTECTED;
1301 CopyGuid (&Info->Credential, &gPwdCredentialProviderGuid);
1302 CopyGuid ((EFI_GUID *)(Info + 1), &gEfiUserCredentialClassPasswordGuid);
1303
1304 mPwdInfoHandle->Info[2] = Info;
1305 mPwdInfoHandle->Count++;
1306
1307 //
1308 // The fourth information, Credential Provider type name info.
1309 //
1310 ProvNameStr = GetStringById (STRING_TOKEN (STR_PROVIDER_TYPE_NAME));
1311 ProvStrLen = StrSize (ProvNameStr);
1312 InfoLen = sizeof (EFI_USER_INFO) + ProvStrLen;
1313 Info = AllocateZeroPool (InfoLen);
1314 ASSERT (Info != NULL);
1315
1316 Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD;
1317 Info->InfoSize = (UINT32) InfoLen;
1318 Info->InfoAttribs = EFI_USER_INFO_PROTECTED;
1319 CopyGuid (&Info->Credential, &gPwdCredentialProviderGuid);
1320 CopyMem ((UINT8*)(Info + 1), ProvNameStr, ProvStrLen);
1321 FreePool (ProvNameStr);
1322
1323 mPwdInfoHandle->Info[3] = Info;
1324 mPwdInfoHandle->Count++;
1325 }
1326
1327 if (*UserInfo == NULL) {
1328 //
1329 // Return the first info handle.
1330 //
1331 *UserInfo = (EFI_USER_INFO_HANDLE) mPwdInfoHandle->Info[0];
1332 return EFI_SUCCESS;
1333 }
1334
1335 //
1336 // Find information handle in credential info table.
1337 //
1338 for (Index = 0; Index < mPwdInfoHandle->Count; Index++) {
1339 Info = mPwdInfoHandle->Info[Index];
1340 if (*UserInfo == (EFI_USER_INFO_HANDLE)Info) {
1341 //
1342 // The handle is found, get the next one.
1343 //
1344 if (Index == mPwdInfoHandle->Count - 1) {
1345 //
1346 // Already last one.
1347 //
1348 *UserInfo = NULL;
1349 return EFI_NOT_FOUND;
1350 }
1351
1352 Index++;
1353 *UserInfo = (EFI_USER_INFO_HANDLE)mPwdInfoHandle->Info[Index];
1354 return EFI_SUCCESS;
1355 }
1356 }
1357
1358 *UserInfo = NULL;
1359 return EFI_NOT_FOUND;
1360 }
1361
1362
1363 /**
1364 Main entry for this driver.
1365
1366 @param ImageHandle Image handle this driver.
1367 @param SystemTable Pointer to SystemTable.
1368
1369 @retval EFI_SUCESS This function always complete successfully.
1370
1371 **/
1372 EFI_STATUS
1373 EFIAPI
1374 PasswordProviderInit (
1375 IN EFI_HANDLE ImageHandle,
1376 IN EFI_SYSTEM_TABLE *SystemTable
1377 )
1378 {
1379 EFI_STATUS Status;
1380
1381 //
1382 // Init credential table.
1383 //
1384 Status = InitCredentialTable ();
1385 if (EFI_ERROR (Status)) {
1386 return Status;
1387 }
1388
1389 //
1390 // Init Form Browser.
1391 //
1392 Status = InitFormBrowser ();
1393 if (EFI_ERROR (Status)) {
1394 return Status;
1395 }
1396
1397 //
1398 // Install protocol interfaces for the password credential provider.
1399 //
1400 Status = gBS->InstallProtocolInterface (
1401 &mCallbackInfo->DriverHandle,
1402 &gEfiUserCredentialProtocolGuid,
1403 EFI_NATIVE_INTERFACE,
1404 &gPwdCredentialProviderDriver
1405 );
1406 return Status;
1407 }