2 The functions for identification policy modification.
4 Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
15 #include "UserProfileManager.h"
19 Verify the new identity policy in the current implementation. The same credential
20 provider can't appear twice in one identity policy.
22 @param[in] NewGuid Points to the credential provider guid.
24 @retval TRUE The NewGuid was found in the identity policy.
25 @retval FALSE The NewGuid was not found.
29 ProviderAlreadyInPolicy (
34 EFI_USER_INFO_IDENTITY_POLICY
*Identity
;
38 while (Offset
< mUserInfo
.NewIdentityPolicyLen
) {
39 Identity
= (EFI_USER_INFO_IDENTITY_POLICY
*) (mUserInfo
.NewIdentityPolicy
+ Offset
);
40 if (Identity
->Type
== EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER
) {
41 if (CompareGuid (NewGuid
, (EFI_GUID
*) (Identity
+ 1))) {
43 EFI_LIGHTGRAY
| EFI_BACKGROUND_BLUE
,
45 L
"This Credential Provider Are Already Used!",
47 L
"Press Any Key to Continue ...",
53 Offset
+= Identity
->Length
;
61 Add or delete the user's credential record in the provider.
63 @param[in] ProviderGuid Point to credential provider guid.
64 @param[in] User Points to user profile.
66 @retval EFI_SUCCESS Add or delete record successfully.
67 @retval Others Fail to add or delete record.
71 EnrollUserOnProvider (
72 IN EFI_USER_INFO_IDENTITY_POLICY
*Identity
,
73 IN EFI_USER_PROFILE_HANDLE User
77 EFI_USER_CREDENTIAL2_PROTOCOL
*UserCredential
;
80 // Find the specified credential provider.
82 for (Index
= 0; Index
< mProviderInfo
->Count
; Index
++) {
83 UserCredential
= mProviderInfo
->Provider
[Index
];
84 if (CompareGuid ((EFI_GUID
*)(Identity
+ 1), &UserCredential
->Identifier
)) {
85 return UserCredential
->Enroll (UserCredential
, User
);
94 Delete the User's credential record on the provider.
96 @param[in] Identity Point to EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER user info.
97 @param[in] User Points to user profile.
99 @retval EFI_SUCCESS Delete User's credential record successfully.
100 @retval Others Fail to add or delete record.
104 DeleteUserOnProvider (
105 IN EFI_USER_INFO_IDENTITY_POLICY
*Identity
,
106 IN EFI_USER_PROFILE_HANDLE User
110 EFI_USER_CREDENTIAL2_PROTOCOL
*UserCredential
;
113 // Find the specified credential provider.
115 for (Index
= 0; Index
< mProviderInfo
->Count
; Index
++) {
116 UserCredential
= mProviderInfo
->Provider
[Index
];
117 if (CompareGuid ((EFI_GUID
*)(Identity
+ 1), &UserCredential
->Identifier
)) {
118 return UserCredential
->Delete (UserCredential
, User
);
122 return EFI_NOT_FOUND
;
127 Delete User's credental from all the providers that exist in User's identity policy.
129 @param[in] IdentityPolicy Point to User's identity policy.
130 @param[in] IdentityPolicyLen The length of the identity policy.
131 @param[in] User Points to user profile.
135 DeleteCredentialFromProviders (
136 IN UINT8
*IdentityPolicy
,
137 IN UINTN IdentityPolicyLen
,
138 IN EFI_USER_PROFILE_HANDLE User
141 EFI_USER_INFO_IDENTITY_POLICY
*Identity
;
145 while (Offset
< IdentityPolicyLen
) {
146 Identity
= (EFI_USER_INFO_IDENTITY_POLICY
*) (IdentityPolicy
+ Offset
);
147 if (Identity
->Type
== EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER
) {
149 // Delete the user on this provider.
151 DeleteUserOnProvider (Identity
, User
);
153 Offset
+= Identity
->Length
;
160 Remove the provider in FindIdentity from the user identification information record.
162 @param[in, out] NewInfo On entry, points to the user information to remove provider.
163 On return, points to the user information the provider is removed.
164 @param[in] FindIdentity Point to the user identity policy.
166 @retval TRUE The provider is removed successfully.
167 @retval FALSE Fail to remove the provider.
171 DeleteProviderFromPolicy (
172 IN EFI_USER_INFO_IDENTITY_POLICY
*IdentityPolicy
,
179 if (IdentityPolicy
->Length
== mUserInfo
.NewIdentityPolicyLen
) {
181 // Only one credential provider in the identification policy.
182 // Set the new policy to be TRUE after removed the provider.
184 IdentityPolicy
->Type
= EFI_USER_INFO_IDENTITY_TRUE
;
185 IdentityPolicy
->Length
= sizeof (EFI_USER_INFO_IDENTITY_POLICY
);
186 mUserInfo
.NewIdentityPolicyLen
= IdentityPolicy
->Length
;
190 DeleteLen
= IdentityPolicy
->Length
+ sizeof(EFI_USER_INFO_IDENTITY_POLICY
);
191 if ((Offset
+ IdentityPolicy
->Length
) != mUserInfo
.NewIdentityPolicyLen
) {
193 // This provider is not the last item in the identification policy, delete it and the connector.
195 RemainingLen
= mUserInfo
.NewIdentityPolicyLen
- Offset
- DeleteLen
;
196 CopyMem ((UINT8
*) IdentityPolicy
, (UINT8
*) IdentityPolicy
+ DeleteLen
, RemainingLen
);
198 mUserInfo
.NewIdentityPolicyLen
-= DeleteLen
;
205 Update the mUserInfo.NewIdentityPolicy, and UI when 'add option' is pressed.
209 AddProviderToPolicy (
213 UINT8
*NewPolicyInfo
;
214 UINTN NewPolicyInfoLen
;
215 EFI_USER_INFO_IDENTITY_POLICY
*Policy
;
218 // Allocate memory for the new identity policy.
220 NewPolicyInfoLen
= mUserInfo
.NewIdentityPolicyLen
+ sizeof (EFI_USER_INFO_IDENTITY_POLICY
) + sizeof (EFI_GUID
);
221 if (mUserInfo
.NewIdentityPolicyLen
> 0) {
223 // It is not the first provider in the policy. Add a connector before provider.
225 NewPolicyInfoLen
+= sizeof (EFI_USER_INFO_IDENTITY_POLICY
);
227 NewPolicyInfo
= AllocateZeroPool (NewPolicyInfoLen
);
228 if (NewPolicyInfo
== NULL
) {
232 NewPolicyInfoLen
= 0;
233 if (mUserInfo
.NewIdentityPolicyLen
> 0) {
235 // Save orginal policy.
237 CopyMem (NewPolicyInfo
, mUserInfo
.NewIdentityPolicy
, mUserInfo
.NewIdentityPolicyLen
);
240 // Save logical connector.
242 Policy
= (EFI_USER_INFO_IDENTITY_POLICY
*) (NewPolicyInfo
+ mUserInfo
.NewIdentityPolicyLen
);
243 if (mConncetLogical
== 0) {
244 Policy
->Type
= EFI_USER_INFO_IDENTITY_AND
;
246 Policy
->Type
= EFI_USER_INFO_IDENTITY_OR
;
249 Policy
->Length
= sizeof (EFI_USER_INFO_IDENTITY_POLICY
);
250 NewPolicyInfoLen
= mUserInfo
.NewIdentityPolicyLen
+ Policy
->Length
;
251 FreePool (mUserInfo
.NewIdentityPolicy
);
255 // Save credential provider.
257 Policy
= (EFI_USER_INFO_IDENTITY_POLICY
*) (NewPolicyInfo
+ NewPolicyInfoLen
);
258 Policy
->Length
= sizeof (EFI_USER_INFO_IDENTITY_POLICY
) + sizeof (EFI_GUID
);
259 Policy
->Type
= EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER
;
260 CopyGuid ((EFI_GUID
*) (Policy
+ 1), NewGuid
);
261 NewPolicyInfoLen
+= Policy
->Length
;
264 // Update identity policy choice.
266 mUserInfo
.NewIdentityPolicy
= NewPolicyInfo
;
267 mUserInfo
.NewIdentityPolicyLen
= NewPolicyInfoLen
;
268 mUserInfo
.NewIdentityPolicyModified
= TRUE
;
273 This function replaces the old identity policy with a new identity policy.
275 This function delete the user identity policy information.
276 If enroll new credential failed, recover the old identity policy.
278 @retval EFI_SUCCESS Modify user identity policy successfully.
279 @retval Others Fail to modify user identity policy.
283 UpdateCredentialProvider (
287 EFI_USER_INFO_IDENTITY_POLICY
*Identity
;
291 // Delete the old identification policy.
293 DeleteCredentialFromProviders (mUserInfo
.IdentityPolicy
, mUserInfo
.IdentityPolicyLen
, mModifyUser
);
296 // Add the new identification policy.
299 while (Offset
< mUserInfo
.NewIdentityPolicyLen
) {
300 Identity
= (EFI_USER_INFO_IDENTITY_POLICY
*) (mUserInfo
.NewIdentityPolicy
+ Offset
);
301 if (Identity
->Type
== EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER
) {
303 // Enroll the user on this provider
305 Status
= EnrollUserOnProvider (Identity
, mModifyUser
);
306 if (EFI_ERROR (Status
)) {
308 // Failed to enroll the user by new identification policy.
309 // So removed the credential provider from the identification policy
311 DeleteProviderFromPolicy (Identity
, Offset
);
315 Offset
+= Identity
->Length
;
323 Check whether the identity policy is valid.
325 @param[in] PolicyInfo Point to the identity policy.
326 @param[in] PolicyInfoLen The policy length.
328 @retval TRUE The policy is a valid identity policy.
329 @retval FALSE The policy is not a valid identity policy.
333 CheckNewIdentityPolicy (
334 IN UINT8
*PolicyInfo
,
335 IN UINTN PolicyInfoLen
338 EFI_USER_INFO_IDENTITY_POLICY
*Identity
;
344 // Check policy expression.
346 OpCode
= EFI_USER_INFO_IDENTITY_FALSE
;
348 while (Offset
< PolicyInfoLen
) {
350 // Check identification policy according to type
352 Identity
= (EFI_USER_INFO_IDENTITY_POLICY
*) (PolicyInfo
+ Offset
);
353 switch (Identity
->Type
) {
355 case EFI_USER_INFO_IDENTITY_TRUE
:
358 case EFI_USER_INFO_IDENTITY_OR
:
359 if (OpCode
== EFI_USER_INFO_IDENTITY_AND
) {
361 EFI_LIGHTGRAY
| EFI_BACKGROUND_BLUE
,
363 L
"Invalid Identity Policy, Mixed Connector Unsupport!",
365 L
"Press Any Key to Continue ...",
371 OpCode
= EFI_USER_INFO_IDENTITY_OR
;
374 case EFI_USER_INFO_IDENTITY_AND
:
375 if (OpCode
== EFI_USER_INFO_IDENTITY_OR
) {
377 EFI_LIGHTGRAY
| EFI_BACKGROUND_BLUE
,
379 L
"Invalid Identity Policy, Mixed Connector Unsupport!",
381 L
"Press Any Key to Continue ...",
387 OpCode
= EFI_USER_INFO_IDENTITY_AND
;
390 case EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER
:
395 EFI_LIGHTGRAY
| EFI_BACKGROUND_BLUE
,
397 L
"Unsupport parameter",
399 L
"Press Any Key to Continue ...",
404 Offset
+= Identity
->Length
;
412 Save the identity policy and update UI with it.
414 This funciton will verify the new identity policy, in current implementation,
415 the identity policy can be: T, P & P & P & ..., P | P | P | ...
416 Here, "T" means "True", "P" means "Credential Provider", "&" means "and", "|" means "or".
417 Other identity policies are not supported.
426 EFI_USER_INFO_HANDLE UserInfo
;
429 if (!mUserInfo
.NewIdentityPolicyModified
|| (mUserInfo
.NewIdentityPolicyLen
== 0)) {
434 // Check policy expression.
436 if (!CheckNewIdentityPolicy (mUserInfo
.NewIdentityPolicy
, mUserInfo
.NewIdentityPolicyLen
)) {
440 Status
= FindInfoByType (mModifyUser
, EFI_USER_INFO_IDENTITY_POLICY_RECORD
, &UserInfo
);
441 if (EFI_ERROR (Status
)) {
446 // Update the informantion on credential provider.
448 Status
= UpdateCredentialProvider ();
449 if (EFI_ERROR (Status
)) {
454 // Save new identification policy.
456 Info
= AllocateZeroPool (sizeof (EFI_USER_INFO
) + mUserInfo
.NewIdentityPolicyLen
);
457 ASSERT (Info
!= NULL
);
459 Info
->InfoType
= EFI_USER_INFO_IDENTITY_POLICY_RECORD
;
460 Info
->InfoAttribs
= EFI_USER_INFO_STORAGE_PLATFORM_NV
| EFI_USER_INFO_PUBLIC
| EFI_USER_INFO_EXCLUSIVE
;
461 Info
->InfoSize
= (UINT32
) (sizeof (EFI_USER_INFO
) + mUserInfo
.NewIdentityPolicyLen
);
462 CopyMem ((UINT8
*) (Info
+ 1), mUserInfo
.NewIdentityPolicy
, mUserInfo
.NewIdentityPolicyLen
);
464 Status
= mUserManager
->SetInfo (mUserManager
, mModifyUser
, &UserInfo
, Info
, Info
->InfoSize
);
468 // Update the mUserInfo.IdentityPolicy by mUserInfo.NewIdentityPolicy
470 if (mUserInfo
.IdentityPolicy
!= NULL
) {
471 FreePool (mUserInfo
.IdentityPolicy
);
473 mUserInfo
.IdentityPolicy
= mUserInfo
.NewIdentityPolicy
;
474 mUserInfo
.IdentityPolicyLen
= mUserInfo
.NewIdentityPolicyLen
;
476 mUserInfo
.NewIdentityPolicy
= NULL
;
477 mUserInfo
.NewIdentityPolicyLen
= 0;
478 mUserInfo
.NewIdentityPolicyModified
= FALSE
;
481 // Update identity policy choice.
483 ResolveIdentityPolicy (mUserInfo
.IdentityPolicy
, mUserInfo
.IdentityPolicyLen
, STRING_TOKEN (STR_IDENTIFY_POLICY_VAL
));
488 Update the mUserInfo.NewIdentityPolicy, and UI when 'add option' is pressed.
492 AddIdentityPolicyItem (
496 if (mProviderInfo
->Count
== 0) {
501 // Check the identity policy.
503 if (ProviderAlreadyInPolicy (&mProviderInfo
->Provider
[mProviderChoice
]->Identifier
)) {
508 // Add it to identification policy
510 AddProviderToPolicy (&mProviderInfo
->Provider
[mProviderChoice
]->Identifier
);
513 // Update identity policy choice.
515 ResolveIdentityPolicy (mUserInfo
.NewIdentityPolicy
, mUserInfo
.NewIdentityPolicyLen
, STRING_TOKEN (STR_IDENTIFY_POLICY_VALUE
));