/** @file\r
Usb Credential Provider driver implemenetation.\r
- \r
-Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials \r
-are licensed and made available under the terms and conditions of the BSD License \r
-which accompanies this distribution. The full text of the license may be found at \r
+\r
+Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions of the BSD License\r
+which accompanies this distribution. The full text of the license may be found at\r
http://opensource.org/licenses/bsd-license.php\r
\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
USB_PROVIDER_CALLBACK_INFO *mCallbackInfo = NULL;\r
USB_CREDENTIAL_INFO *mUsbInfoHandle = NULL;\r
\r
-//\r
-// Used for save password credential and form browser\r
-// And used as provider identifier\r
-//\r
-EFI_GUID mUsbCredentialGuid = USB_CREDENTIAL_PROVIDER_GUID;\r
-\r
-HII_VENDOR_DEVICE_PATH mHiiVendorDevicePath = {\r
- {\r
- {\r
- HARDWARE_DEVICE_PATH,\r
- HW_VENDOR_DP,\r
- {\r
- (UINT8) (sizeof (VENDOR_DEVICE_PATH)),\r
- (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8)\r
- }\r
- },\r
- { 0x9463f883, 0x48f6, 0x4a7a, { 0x97, 0x2d, 0x9f, 0x8f, 0x38, 0xf2, 0xdd, 0x91 } }\r
- },\r
- {\r
- END_DEVICE_PATH_TYPE,\r
- END_ENTIRE_DEVICE_PATH_SUBTYPE,\r
- {\r
- (UINT8) (END_DEVICE_PATH_LENGTH),\r
- (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8)\r
- }\r
- }\r
-};\r
-\r
-EFI_USER_CREDENTIAL_PROTOCOL gUsbCredentialProviderDriver = {\r
+EFI_USER_CREDENTIAL2_PROTOCOL gUsbCredentialProviderDriver = {\r
USB_CREDENTIAL_PROVIDER_GUID,\r
EFI_USER_CREDENTIAL_CLASS_SECURE_CARD,\r
CredentialEnroll,\r
CredentialDeselect,\r
CredentialDefault,\r
CredentialGetInfo,\r
- CredentialGetNextInfo\r
+ CredentialGetNextInfo,\r
+ EFI_CREDENTIAL_CAPABILITIES_ENROLL,\r
+ CredentialDelete\r
};\r
\r
\r
sizeof (CREDENTIAL_TABLE) - sizeof (USB_INFO) +\r
Count * sizeof (USB_INFO)\r
);\r
- ASSERT (NewTable != NULL); \r
+ ASSERT (NewTable != NULL);\r
\r
NewTable->MaxCount = Count;\r
NewTable->Count = mUsbTable->Count;\r
// Copy old entries.\r
//\r
CopyMem (\r
- &NewTable->UserInfo, \r
- &mUsbTable->UserInfo, \r
+ &NewTable->UserInfo,\r
+ &mUsbTable->UserInfo,\r
mUsbTable->Count * sizeof (USB_INFO)\r
);\r
FreePool (mUsbTable);\r
\r
\r
/**\r
- Add or delete info in table, and sync with NV variable.\r
+ Add, update or delete info in table, and sync with NV variable.\r
\r
- @param[in] Index The index of the password in table. The index begin from 1.\r
- If index is found in table, delete the info, else add the \r
- into to table. \r
- @param[in] Info The new password info to add into table.\r
+ @param[in] Index The index of the password in table. If index is found in\r
+ table, update the info, else add the into to table.\r
+ @param[in] Info The new credential info to add into table. If Info is NULL,\r
+ delete the info by Index.\r
\r
@retval EFI_INVALID_PARAMETER Info is NULL when save the info.\r
@retval EFI_SUCCESS Modify the table successfully.\r
)\r
{\r
EFI_STATUS Status;\r
- \r
+ USB_INFO *NewUsbInfo;\r
+\r
+ NewUsbInfo = NULL;\r
if (Index < mUsbTable->Count) {\r
- //\r
- // Delete the specified entry\r
- //\r
- mUsbTable->Count--;\r
- if (Index != mUsbTable->Count) {\r
- CopyMem (\r
- &mUsbTable->UserInfo[Index],\r
- &mUsbTable->UserInfo[mUsbTable->Count],\r
- sizeof (USB_INFO)\r
- );\r
+ if (Info == NULL) {\r
+ //\r
+ // Delete the specified entry.\r
+ //\r
+ mUsbTable->Count--;\r
+ if (Index != mUsbTable->Count) {\r
+ NewUsbInfo = &mUsbTable->UserInfo[mUsbTable->Count];\r
+ }\r
+ } else {\r
+ //\r
+ // Update the specified entry.\r
+ //\r
+ NewUsbInfo = Info;\r
}\r
} else {\r
//\r
ExpandTableSize ();\r
}\r
\r
- CopyMem (\r
- &mUsbTable->UserInfo[mUsbTable->Count], \r
- Info, \r
- sizeof (USB_INFO)\r
- );\r
+ NewUsbInfo = Info;\r
mUsbTable->Count++;\r
}\r
\r
+ if (NewUsbInfo != NULL) {\r
+ CopyMem (&mUsbTable->UserInfo[Index], NewUsbInfo, sizeof (USB_INFO));\r
+ }\r
+\r
//\r
// Save the credential table.\r
//\r
Status = gRT->SetVariable (\r
L"UsbCredential",\r
- &mUsbCredentialGuid,\r
+ &gUsbCredentialProviderGuid,\r
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,\r
mUsbTable->Count * sizeof (USB_INFO),\r
&mUsbTable->UserInfo\r
VarSize = 0;\r
Var = NULL;\r
Status = gRT->GetVariable (\r
- L"UsbCredential", \r
- &mUsbCredentialGuid, \r
- NULL, \r
+ L"UsbCredential",\r
+ &gUsbCredentialProviderGuid,\r
+ NULL,\r
&VarSize,\r
Var\r
);\r
return EFI_OUT_OF_RESOURCES;\r
}\r
Status = gRT->GetVariable (\r
- L"UsbCredential", \r
- &mUsbCredentialGuid, \r
- NULL, \r
+ L"UsbCredential",\r
+ &gUsbCredentialProviderGuid,\r
+ NULL,\r
&VarSize,\r
Var\r
);\r
if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) {\r
return Status;\r
}\r
- \r
+\r
//\r
// Init Usb credential table.\r
//\r
mUsbTable = AllocateZeroPool (\r
sizeof (CREDENTIAL_TABLE) - sizeof (USB_INFO) +\r
- USB_TABLE_INC * sizeof (USB_INFO) + \r
+ USB_TABLE_INC * sizeof (USB_INFO) +\r
VarSize\r
);\r
if (mUsbTable == NULL) {\r
if (EFI_ERROR (Status)) {\r
continue;\r
}\r
- \r
+\r
Status = SimpleFileSystem->OpenVolume (\r
SimpleFileSystem,\r
&RootFs\r
if (EFI_ERROR (Status)) {\r
continue;\r
}\r
- \r
+\r
Status = RootFs->Open (\r
RootFs,\r
&FileHandle,\r
);\r
if (!EFI_ERROR (Status)) {\r
break;\r
- } \r
+ }\r
}\r
}\r
\r
Status = EFI_NOT_FOUND;\r
goto Done;\r
}\r
- \r
+\r
//\r
// Figure out how big the file is.\r
//\r
goto Done;\r
}\r
\r
- FileInfo = AllocateZeroPool (ScratchBufferSize); \r
+ FileInfo = AllocateZeroPool (ScratchBufferSize);\r
if (FileInfo == NULL) {\r
DEBUG ((DEBUG_ERROR, "Can not allocate enough memory for the token file!\n"));\r
Status = EFI_OUT_OF_RESOURCES;\r
Status = EFI_DEVICE_ERROR;\r
goto Done;\r
}\r
- \r
+\r
//\r
// Allocate a buffer for the file.\r
//\r
*BufferSize = (UINT32) FileInfo->FileSize;\r
- *Buffer = AllocateZeroPool (*BufferSize); \r
+ *Buffer = AllocateZeroPool (*BufferSize);\r
if (*Buffer == NULL) {\r
DEBUG ((DEBUG_ERROR, "Can not allocate a buffer for the file!\n"));\r
Status = EFI_OUT_OF_RESOURCES;\r
goto Done;\r
}\r
- \r
+\r
//\r
// Load file into the allocated memory.\r
//\r
Status = EFI_DEVICE_ERROR;\r
goto Done;\r
}\r
- \r
+\r
//\r
// Close file.\r
//\r
/**\r
Hash the data to get credential.\r
\r
- @param[in] Buffer Points to the data buffer \r
+ @param[in] Buffer Points to the data buffer\r
@param[in] BufferSize The size of data in buffer, in bytes.\r
@param[out] Credential Points to the hashed result\r
\r
@retval TRUE Hash the data successfully.\r
@retval FALSE Failed to hash the data.\r
- \r
+\r
**/\r
BOOLEAN\r
GenerateCredential (\r
BOOLEAN Status;\r
UINTN HashSize;\r
VOID *Hash;\r
- \r
+\r
HashSize = Sha1GetContextSize ();\r
Hash = AllocatePool (HashSize);\r
ASSERT (Hash != NULL);\r
- \r
+\r
Status = Sha1Init (Hash);\r
if (!Status) {\r
goto Done;\r
}\r
- \r
+\r
Status = Sha1Update (Hash, Buffer, BufferSize);\r
if (!Status) {\r
goto Done;\r
}\r
- \r
+\r
Status = Sha1Final (Hash, Credential);\r
- \r
+\r
Done:\r
FreePool (Hash);\r
return Status;\r
\r
@retval EFI_SUCCESS Read a Token successfully.\r
@retval Others Fails to read a Token.\r
- \r
+\r
**/\r
EFI_STATUS\r
GetToken (\r
\r
BufSize = 0;\r
Buffer = NULL;\r
- TokenFile = FixedPcdGetPtr (PcdFixedUsbCredentialProviderTokenFileName);\r
+ TokenFile = PcdGetPtr (PcdFixedUsbCredentialProviderTokenFileName);\r
Status = GetFileData (TokenFile, (VOID *)&Buffer, &BufSize);\r
if (EFI_ERROR (Status)) {\r
DEBUG ((DEBUG_ERROR, "Read file %s from USB error! Status=(%r)\n", TokenFile, Status));\r
return Status;\r
}\r
- \r
+\r
if (!GenerateCredential (Buffer, BufSize, Token)) {\r
DEBUG ((DEBUG_ERROR, "Generate credential from read data failed!\n"));\r
FreePool (Buffer);\r
return EFI_SECURITY_VIOLATION;\r
}\r
- \r
- FreePool (Buffer); \r
+\r
+ FreePool (Buffer);\r
return EFI_SUCCESS;\r
}\r
\r
/**\r
Find a user infomation record by the information record type.\r
\r
- This function searches all user information records of User from beginning \r
+ This function searches all user information records of User from beginning\r
until either the information is found or there are no more user infomation\r
record. A match occurs when a Info.InfoType field matches the user information\r
record type.\r
\r
- @param[in] User Points to the user profile record to search. \r
+ @param[in] User Points to the user profile record to search.\r
@param[in] InfoType The infomation type to be searched.\r
@param[out] Info Points to the user info found, the caller is responsible\r
to free.\r
- \r
+\r
@retval EFI_SUCCESS Find the user information successfully.\r
@retval Others Fail to find the user information.\r
\r
UINTN UserInfoSize;\r
EFI_USER_INFO_HANDLE UserInfoHandle;\r
EFI_USER_MANAGER_PROTOCOL *UserManager;\r
- \r
+\r
//\r
// Find user information by information type.\r
//\r
if (UserInfo->InfoType == InfoType) {\r
*Info = UserInfo;\r
return EFI_SUCCESS;\r
- } \r
+ }\r
}\r
\r
if (UserInfo != NULL) {\r
)\r
{\r
USB_PROVIDER_CALLBACK_INFO *CallbackInfo;\r
- \r
+\r
//\r
// Initialize driver private data.\r
//\r
if (CallbackInfo == NULL) {\r
return EFI_OUT_OF_RESOURCES;\r
}\r
- \r
+\r
CallbackInfo->DriverHandle = NULL;\r
\r
//\r
// Publish HII data.\r
//\r
CallbackInfo->HiiHandle = HiiAddPackages (\r
- &mUsbCredentialGuid,\r
+ &gUsbCredentialProviderGuid,\r
CallbackInfo->DriverHandle,\r
UsbCredentialProviderStrings,\r
NULL\r
/**\r
Enroll a user on a credential provider.\r
\r
- This function enrolls and deletes a user profile using this credential provider. \r
- If a user profile is successfully enrolled, it calls the User Manager Protocol \r
- function Notify() to notify the user manager driver that credential information \r
- has changed. If an enrolled user does exist, delete the user on the credential \r
- provider.\r
- \r
- @param[in] This Points to this instance of EFI_USER_CREDENTIAL_PROTOCOL.\r
+ This function enrolls a user on this credential provider. If the user exists on\r
+ this credential provider, update the user information on this credential provider;\r
+ otherwise add the user information on credential provider.\r
+\r
+ @param[in] This Points to this instance of EFI_USER_CREDENTIAL2_PROTOCOL.\r
@param[in] User The user profile to enroll.\r
- \r
+\r
@retval EFI_SUCCESS User profile was successfully enrolled.\r
@retval EFI_ACCESS_DENIED Current user profile does not permit enrollment on the\r
user profile handle. Either the user profile cannot enroll\r
- on any user profile or cannot enroll on a user profile \r
+ on any user profile or cannot enroll on a user profile\r
other than the current user profile.\r
@retval EFI_UNSUPPORTED This credential provider does not support enrollment in\r
the pre-OS.\r
@retval EFI_DEVICE_ERROR The new credential could not be created because of a device\r
error.\r
@retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle.\r
- \r
+\r
**/\r
EFI_STATUS\r
EFIAPI\r
CredentialEnroll (\r
- IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,\r
+ IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,\r
IN EFI_USER_PROFILE_HANDLE User\r
)\r
{\r
USB_INFO UsbInfo;\r
EFI_USER_INFO *UserInfo;\r
EFI_INPUT_KEY Key;\r
- EFI_USER_MANAGER_PROTOCOL *UserManager;\r
UINT8 *UserId;\r
- UINT8 *NewUserId;\r
- EFI_TPL OldTpl;\r
CHAR16 *QuestionStr;\r
CHAR16 *PromptStr;\r
\r
if ((This == NULL) || (User == NULL)) {\r
return EFI_INVALID_PARAMETER;\r
}\r
- \r
- Status = gBS->LocateProtocol (\r
- &gEfiUserManagerProtocolGuid,\r
- NULL,\r
- (VOID **) &UserManager\r
- );\r
- if (EFI_ERROR (Status)) {\r
- return EFI_UNSUPPORTED;\r
- }\r
\r
//\r
// Get User Identifier\r
if (EFI_ERROR (Status)) {\r
return EFI_INVALID_PARAMETER;\r
}\r
- \r
- //\r
- // If User exists in mUsbTable, delete User.\r
- // \r
- for (Index = 0; Index < mUsbTable->Count; Index++) {\r
- UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId;\r
- NewUserId = (UINT8 *) (UserInfo + 1);\r
- if (CompareMem (UserId, NewUserId, sizeof (EFI_USER_INFO_IDENTIFIER)) == 0) {\r
- //\r
- // Delete the exist Token.\r
- //\r
- FreePool (UserInfo);\r
- return ModifyTable (Index, NULL);\r
- }\r
- }\r
+\r
+ CopyMem (UsbInfo.UserId, (UINT8 *) (UserInfo + 1), sizeof (EFI_USER_INFO_IDENTIFIER));\r
+ FreePool (UserInfo);\r
\r
//\r
// Get Token and User ID to UsbInfo.\r
Status = GetToken (UsbInfo.Token);\r
if (EFI_ERROR (Status)) {\r
QuestionStr = GetStringById (STRING_TOKEN (STR_READ_USB_TOKEN_ERROR));\r
- PromptStr = GetStringById (STRING_TOKEN (STR_INSERT_USB_TOKEN)); \r
- OldTpl = gBS->RaiseTPL (TPL_HIGH_LEVEL);\r
- gBS->RestoreTPL (TPL_APPLICATION); \r
+ PromptStr = GetStringById (STRING_TOKEN (STR_INSERT_USB_TOKEN));\r
CreatePopUp (\r
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
&Key,\r
PromptStr,\r
NULL\r
);\r
- gBS->RaiseTPL (OldTpl);\r
FreePool (QuestionStr);\r
FreePool (PromptStr);\r
- FreePool (UserInfo);\r
return Status;\r
- } \r
- CopyMem (\r
- UsbInfo.UserId,\r
- (UINT8 *) (UserInfo + 1),\r
- sizeof (EFI_USER_INFO_IDENTIFIER)\r
- );\r
- FreePool (UserInfo);\r
+ }\r
\r
//\r
- // Save the new added entry.\r
+ // Check whether User is ever enrolled in the provider.\r
//\r
- Status = ModifyTable (mUsbTable->Count, &UsbInfo);\r
- if (EFI_ERROR (Status)) {\r
- return Status;\r
+ for (Index = 0; Index < mUsbTable->Count; Index++) {\r
+ UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId;\r
+ if (CompareMem (UserId, (UINT8 *) &UsbInfo.UserId, sizeof (EFI_USER_INFO_IDENTIFIER)) == 0) {\r
+ //\r
+ // User already exists, update the password.\r
+ //\r
+ break;\r
+ }\r
}\r
\r
//\r
- // Notify the user manager driver that credential information has changed.\r
+ // Enroll the User to the provider.\r
//\r
- UserManager->Notify (UserManager, mCallbackInfo->DriverHandle); \r
+ Status = ModifyTable (Index, &UsbInfo);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
\r
return EFI_SUCCESS;\r
}\r
\r
This function returns information about the form used when interacting with the\r
user during user identification. The form is the first enabled form in the form-set\r
- class EFI_HII_USER_CREDENTIAL_FORMSET_GUID installed on the HII handle HiiHandle. If \r
+ class EFI_HII_USER_CREDENTIAL_FORMSET_GUID installed on the HII handle HiiHandle. If\r
the user credential provider does not require a form to identify the user, then this\r
function should return EFI_NOT_FOUND.\r
\r
- @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.\r
+ @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.\r
@param[out] Hii On return, holds the HII database handle.\r
@param[out] FormSetId On return, holds the identifier of the form set which contains\r
the form used during user identification.\r
- @param[out] FormId On return, holds the identifier of the form used during user \r
+ @param[out] FormId On return, holds the identifier of the form used during user\r
identification.\r
- \r
+\r
@retval EFI_SUCCESS Form returned successfully.\r
@retval EFI_NOT_FOUND Form not returned.\r
@retval EFI_INVALID_PARAMETER Hii is NULL or FormSetId is NULL or FormId is NULL.\r
- \r
+\r
**/\r
EFI_STATUS\r
EFIAPI\r
CredentialForm (\r
- IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,\r
+ IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,\r
OUT EFI_HII_HANDLE *Hii,\r
OUT EFI_GUID *FormSetId,\r
OUT EFI_FORM_ID *FormId\r
)\r
{\r
- if ((This == NULL) || (Hii == NULL) || \r
+ if ((This == NULL) || (Hii == NULL) ||\r
(FormSetId == NULL) || (FormId == NULL)) {\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
This optional function returns a bitmap which is less than or equal to the number\r
of pixels specified by Width and Height. If no such bitmap exists, then EFI_NOT_FOUND\r
- is returned. \r
+ is returned.\r
\r
- @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.\r
- @param[in, out] Width On entry, points to the desired bitmap width. If NULL then no \r
- bitmap information will be returned. On exit, points to the \r
+ @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.\r
+ @param[in, out] Width On entry, points to the desired bitmap width. If NULL then no\r
+ bitmap information will be returned. On exit, points to the\r
width of the bitmap returned.\r
@param[in, out] Height On entry, points to the desired bitmap height. If NULL then no\r
- bitmap information will be returned. On exit, points to the \r
+ bitmap information will be returned. On exit, points to the\r
height of the bitmap returned.\r
- @param[out] Hii On return, holds the HII database handle. \r
- @param[out] Image On return, holds the HII image identifier. \r
- \r
+ @param[out] Hii On return, holds the HII database handle.\r
+ @param[out] Image On return, holds the HII image identifier.\r
+\r
@retval EFI_SUCCESS Image identifier returned successfully.\r
@retval EFI_NOT_FOUND Image identifier not returned.\r
@retval EFI_INVALID_PARAMETER Hii is NULL or Image is NULL.\r
- \r
+\r
**/\r
EFI_STATUS\r
EFIAPI\r
CredentialTile (\r
- IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,\r
+ IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,\r
IN OUT UINTN *Width,\r
IN OUT UINTN *Height,\r
OUT EFI_HII_HANDLE *Hii,\r
Returns string used to describe the credential provider type.\r
\r
This function returns a string which describes the credential provider. If no\r
- such string exists, then EFI_NOT_FOUND is returned. \r
+ such string exists, then EFI_NOT_FOUND is returned.\r
\r
- @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.\r
+ @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.\r
@param[out] Hii On return, holds the HII database handle.\r
@param[out] String On return, holds the HII string identifier.\r
- \r
+\r
@retval EFI_SUCCESS String identifier returned successfully.\r
@retval EFI_NOT_FOUND String identifier not returned.\r
@retval EFI_INVALID_PARAMETER Hii is NULL or String is NULL.\r
- \r
+\r
**/\r
EFI_STATUS\r
EFIAPI\r
CredentialTitle (\r
- IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,\r
+ IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,\r
OUT EFI_HII_HANDLE *Hii,\r
OUT EFI_STRING_ID *String\r
)\r
Return the user identifier associated with the currently authenticated user.\r
\r
This function returns the user identifier of the user authenticated by this credential\r
- provider. This function is called after the credential-related information has been \r
+ provider. This function is called after the credential-related information has been\r
submitted on a form OR after a call to Default() has returned that this credential is\r
ready to log on.\r
\r
- @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.\r
- @param[in] User The user profile handle of the user profile currently being \r
+ @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.\r
+ @param[in] User The user profile handle of the user profile currently being\r
considered by the user identity manager. If NULL, then no user\r
profile is currently under consideration.\r
- @param[out] Identifier On return, points to the user identifier. \r
- \r
+ @param[out] Identifier On return, points to the user identifier.\r
+\r
@retval EFI_SUCCESS User identifier returned successfully.\r
@retval EFI_NOT_READY No user identifier can be returned.\r
@retval EFI_ACCESS_DENIED The user has been locked out of this user credential.\r
@retval EFI_INVALID_PARAMETER This is NULL, or Identifier is NULL.\r
@retval EFI_NOT_FOUND User is not NULL, and the specified user handle can't be\r
found in user profile database.\r
- \r
+\r
**/\r
EFI_STATUS\r
EFIAPI\r
CredentialUser (\r
- IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,\r
+ IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,\r
IN EFI_USER_PROFILE_HANDLE User,\r
OUT EFI_USER_INFO_IDENTIFIER *Identifier\r
)\r
EFI_USER_INFO *UserInfo;\r
UINT8 *UserId;\r
UINT8 *NewUserId;\r
- UINT8 *UserToken; \r
+ UINT8 *UserToken;\r
UINT8 ReadToken[HASHED_CREDENTIAL_LEN];\r
EFI_INPUT_KEY Key;\r
- EFI_TPL OldTpl;\r
CHAR16 *QuestionStr;\r
CHAR16 *PromptStr;\r
- \r
+\r
if ((This == NULL) || (Identifier == NULL)) {\r
return EFI_INVALID_PARAMETER;\r
}\r
- \r
+\r
if (User == NULL) {\r
//\r
// Verify the auto logon user, get user id by matched token.\r
if (mUsbTable->Count == 0) {\r
return EFI_NOT_READY;\r
}\r
- \r
+\r
//\r
// No user selected, get token first and verify the user existed in user database.\r
//\r
if (EFI_ERROR (Status)) {\r
return EFI_NOT_READY;\r
}\r
- \r
+\r
for (Index = 0; Index < mUsbTable->Count; Index++) {\r
//\r
// find the specified credential in the Usb credential database.\r
}\r
}\r
\r
- return EFI_NOT_READY; \r
+ return EFI_NOT_READY;\r
}\r
- \r
- // \r
- // User is not NULL here. Read a token, and check whether the token matches with \r
- // the selected user's Token. If not, try to find a token in token DB to matches \r
+\r
+ //\r
+ // User is not NULL here. Read a token, and check whether the token matches with\r
+ // the selected user's Token. If not, try to find a token in token DB to matches\r
// with read token.\r
- // \r
- \r
+ //\r
+\r
Status = GetToken (ReadToken);\r
if (EFI_ERROR (Status)) {\r
QuestionStr = GetStringById (STRING_TOKEN (STR_READ_USB_TOKEN_ERROR));\r
PromptStr = GetStringById (STRING_TOKEN (STR_INSERT_USB_TOKEN));\r
- OldTpl = gBS->RaiseTPL (TPL_HIGH_LEVEL);\r
- gBS->RestoreTPL (TPL_APPLICATION);\r
CreatePopUp (\r
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,\r
&Key,\r
PromptStr,\r
NULL\r
);\r
- gBS->RaiseTPL (OldTpl);\r
FreePool (QuestionStr);\r
FreePool (PromptStr);\r
return EFI_NOT_FOUND;\r
Status = FindUserInfoByType (User, EFI_USER_INFO_IDENTIFIER_RECORD, &UserInfo);\r
if (EFI_ERROR (Status)) {\r
return EFI_NOT_FOUND;\r
- } \r
- \r
+ }\r
+\r
//\r
// Check the selected user's Token with the read token.\r
//\r
CopyMem (Identifier, UserId, sizeof (EFI_USER_INFO_IDENTIFIER));\r
FreePool (UserInfo);\r
return EFI_SUCCESS;\r
- } \r
+ }\r
}\r
}\r
+\r
FreePool (UserInfo);\r
- \r
- //\r
- // The read token mismatch with the User's Token.\r
- // Only check token.\r
- //\r
- for (Index = 0; Index < mUsbTable->Count; Index++) {\r
- UserToken = mUsbTable->UserInfo[Index].Token;\r
- if (CompareMem (UserToken, ReadToken, HASHED_CREDENTIAL_LEN) == 0) {\r
- //\r
- // The read token matches with the one in UsbTable.\r
- //\r
- UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId;\r
- CopyMem (Identifier, UserId, sizeof (EFI_USER_INFO_IDENTIFIER));\r
- return EFI_SUCCESS;\r
- } \r
- }\r
- \r
- return EFI_NOT_FOUND;\r
+\r
+ return EFI_NOT_READY;\r
}\r
\r
\r
/**\r
Indicate that user interface interaction has begun for the specified credential.\r
\r
- This function is called when a credential provider is selected by the user. If \r
+ This function is called when a credential provider is selected by the user. If\r
AutoLogon returns FALSE, then the user interface will be constructed by the User\r
- Identity Manager. \r
+ Identity Manager.\r
+\r
+ @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.\r
+ @param[out] AutoLogon On return, points to the credential provider's capabilities\r
+ after the credential provider has been selected by the user.\r
\r
- @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.\r
- @param[out] AutoLogon On return, points to the credential provider's capabilities \r
- after the credential provider has been selected by the user. \r
- \r
@retval EFI_SUCCESS Credential provider successfully selected.\r
@retval EFI_INVALID_PARAMETER AutoLogon is NULL.\r
- \r
+\r
**/\r
EFI_STATUS\r
EFIAPI\r
CredentialSelect (\r
- IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,\r
+ IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,\r
OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon\r
)\r
{\r
\r
This function is called when a credential provider is deselected by the user.\r
\r
- @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.\r
- \r
+ @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.\r
+\r
@retval EFI_SUCCESS Credential provider successfully deselected.\r
- \r
+\r
**/\r
EFI_STATUS\r
EFIAPI\r
CredentialDeselect (\r
- IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This\r
+ IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This\r
)\r
{\r
if (This == NULL) {\r
/**\r
Return the default logon behavior for this user credential.\r
\r
- This function reports the default login behavior regarding this credential provider. \r
+ This function reports the default login behavior regarding this credential provider.\r
\r
- @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.\r
+ @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.\r
@param[out] AutoLogon On return, holds whether the credential provider should be used\r
- by default to automatically log on the user. \r
- \r
+ by default to automatically log on the user.\r
+\r
@retval EFI_SUCCESS Default information successfully returned.\r
@retval EFI_INVALID_PARAMETER AutoLogon is NULL.\r
- \r
+\r
**/\r
EFI_STATUS\r
EFIAPI\r
CredentialDefault (\r
- IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,\r
+ IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,\r
OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon\r
)\r
{\r
/**\r
Return information attached to the credential provider.\r
\r
- This function returns user information. \r
+ This function returns user information.\r
\r
- @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.\r
- @param[in] UserInfo Handle of the user information data record. \r
+ @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.\r
+ @param[in] UserInfo Handle of the user information data record.\r
@param[out] Info On entry, points to a buffer of at least *InfoSize bytes. On\r
exit, holds the user information. If the buffer is too small\r
to hold the information, then EFI_BUFFER_TOO_SMALL is returned\r
and InfoSize is updated to contain the number of bytes actually\r
required.\r
- @param[in, out] InfoSize On entry, points to the size of Info. On return, points to the \r
- size of the user information. \r
- \r
+ @param[in, out] InfoSize On entry, points to the size of Info. On return, points to the\r
+ size of the user information.\r
+\r
@retval EFI_SUCCESS Information returned successfully.\r
@retval EFI_BUFFER_TOO_SMALL The size specified by InfoSize is too small to hold all of the\r
user information. The size required is returned in *InfoSize.\r
@retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL.\r
- @retval EFI_NOT_FOUND The specified UserInfo does not refer to a valid user info handle. \r
- \r
+ @retval EFI_NOT_FOUND The specified UserInfo does not refer to a valid user info handle.\r
+\r
**/\r
EFI_STATUS\r
EFIAPI\r
CredentialGetInfo (\r
- IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,\r
+ IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,\r
IN EFI_USER_INFO_HANDLE UserInfo,\r
OUT EFI_USER_INFO *Info,\r
IN OUT UINTN *InfoSize\r
{\r
EFI_USER_INFO *CredentialInfo;\r
UINTN Index;\r
- \r
+\r
if ((This == NULL) || (InfoSize == NULL) || (Info == NULL)) {\r
return EFI_INVALID_PARAMETER;\r
}\r
if ((UserInfo == NULL) || (mUsbInfoHandle == NULL)) {\r
return EFI_NOT_FOUND;\r
}\r
- \r
+\r
//\r
// Find information handle in credential info table.\r
//\r
*InfoSize = CredentialInfo->InfoSize;\r
return EFI_BUFFER_TOO_SMALL;\r
}\r
- \r
- CopyMem (Info, CredentialInfo, CredentialInfo->InfoSize); \r
- return EFI_SUCCESS; \r
+\r
+ CopyMem (Info, CredentialInfo, CredentialInfo->InfoSize);\r
+ return EFI_SUCCESS;\r
}\r
}\r
- \r
+\r
return EFI_NOT_FOUND;\r
}\r
\r
This function returns the next user information record. To retrieve the first user\r
information record handle, point UserInfo at a NULL. Each subsequent call will retrieve\r
another user information record handle until there are no more, at which point UserInfo\r
- will point to NULL. \r
+ will point to NULL.\r
\r
- @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.\r
+ @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.\r
@param[in, out] UserInfo On entry, points to the previous user information handle or NULL\r
to start enumeration. On exit, points to the next user information\r
handle or NULL if there is no more user information.\r
- \r
+\r
@retval EFI_SUCCESS User information returned.\r
@retval EFI_NOT_FOUND No more user information found.\r
@retval EFI_INVALID_PARAMETER UserInfo is NULL.\r
- \r
+\r
**/\r
EFI_STATUS\r
EFIAPI\r
CredentialGetNextInfo (\r
- IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,\r
+ IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,\r
IN OUT EFI_USER_INFO_HANDLE *UserInfo\r
)\r
{\r
UINTN InfoLen;\r
UINTN Index;\r
UINTN ProvStrLen;\r
- \r
+\r
if ((This == NULL) || (UserInfo == NULL)) {\r
return EFI_INVALID_PARAMETER;\r
}\r
InfoLen = sizeof (EFI_USER_INFO) + sizeof (EFI_GUID);\r
Info = AllocateZeroPool (InfoLen);\r
ASSERT (Info != NULL);\r
- \r
+\r
Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_RECORD;\r
Info->InfoSize = (UINT32) InfoLen;\r
Info->InfoAttribs = EFI_USER_INFO_PROTECTED;\r
- CopyGuid (&Info->Credential, &mUsbCredentialGuid);\r
- CopyGuid ((EFI_GUID *)(Info + 1), &mUsbCredentialGuid);\r
- \r
+ CopyGuid (&Info->Credential, &gUsbCredentialProviderGuid);\r
+ CopyGuid ((EFI_GUID *)(Info + 1), &gUsbCredentialProviderGuid);\r
+\r
mUsbInfoHandle->Info[0] = Info;\r
mUsbInfoHandle->Count++;\r
\r
InfoLen = sizeof (EFI_USER_INFO) + ProvStrLen;\r
Info = AllocateZeroPool (InfoLen);\r
ASSERT (Info != NULL);\r
- \r
+\r
Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD;\r
Info->InfoSize = (UINT32) InfoLen;\r
Info->InfoAttribs = EFI_USER_INFO_PROTECTED;\r
- CopyGuid (&Info->Credential, &mUsbCredentialGuid);\r
+ CopyGuid (&Info->Credential, &gUsbCredentialProviderGuid);\r
CopyMem ((UINT8*)(Info + 1), ProvNameStr, ProvStrLen);\r
FreePool (ProvNameStr);\r
- \r
+\r
mUsbInfoHandle->Info[1] = Info;\r
mUsbInfoHandle->Count++;\r
\r
InfoLen = sizeof (EFI_USER_INFO) + sizeof (EFI_GUID);\r
Info = AllocateZeroPool (InfoLen);\r
ASSERT (Info != NULL);\r
- \r
+\r
Info->InfoType = EFI_USER_INFO_CREDENTIAL_TYPE_RECORD;\r
Info->InfoSize = (UINT32) InfoLen;\r
Info->InfoAttribs = EFI_USER_INFO_PROTECTED;\r
- CopyGuid (&Info->Credential, &mUsbCredentialGuid);\r
+ CopyGuid (&Info->Credential, &gUsbCredentialProviderGuid);\r
CopyGuid ((EFI_GUID *)(Info + 1), &gEfiUserCredentialClassSecureCardGuid);\r
- \r
+\r
mUsbInfoHandle->Info[2] = Info;\r
mUsbInfoHandle->Count++;\r
- \r
+\r
//\r
// The fourth information, Credential Provider type name info.\r
//\r
InfoLen = sizeof (EFI_USER_INFO) + ProvStrLen;\r
Info = AllocateZeroPool (InfoLen);\r
ASSERT (Info != NULL);\r
- \r
+\r
Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD;\r
Info->InfoSize = (UINT32) InfoLen;\r
Info->InfoAttribs = EFI_USER_INFO_PROTECTED;\r
- CopyGuid (&Info->Credential, &mUsbCredentialGuid);\r
+ CopyGuid (&Info->Credential, &gUsbCredentialProviderGuid);\r
CopyMem ((UINT8*)(Info + 1), ProvNameStr, ProvStrLen);\r
FreePool (ProvNameStr);\r
- \r
+\r
mUsbInfoHandle->Info[3] = Info;\r
mUsbInfoHandle->Count++;\r
}\r
- \r
+\r
if (*UserInfo == NULL) {\r
//\r
// Return the first info handle.\r
*UserInfo = (EFI_USER_INFO_HANDLE) mUsbInfoHandle->Info[0];\r
return EFI_SUCCESS;\r
}\r
- \r
+\r
//\r
// Find information handle in credential info table.\r
//\r
}\r
Index++;\r
*UserInfo = (EFI_USER_INFO_HANDLE)mUsbInfoHandle->Info[Index];\r
- return EFI_SUCCESS; \r
+ return EFI_SUCCESS;\r
}\r
}\r
\r
}\r
\r
\r
+/**\r
+ Delete a user on this credential provider.\r
+\r
+ This function deletes a user on this credential provider.\r
+\r
+ @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.\r
+ @param[in] User The user profile handle to delete.\r
+\r
+ @retval EFI_SUCCESS User profile was successfully deleted.\r
+ @retval EFI_ACCESS_DENIED Current user profile does not permit deletion on the user profile handle.\r
+ Either the user profile cannot delete on any user profile or cannot delete\r
+ on a user profile other than the current user profile.\r
+ @retval EFI_UNSUPPORTED This credential provider does not support deletion in the pre-OS.\r
+ @retval EFI_DEVICE_ERROR The new credential could not be deleted because of a device error.\r
+ @retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+CredentialDelete (\r
+ IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,\r
+ IN EFI_USER_PROFILE_HANDLE User\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ EFI_USER_INFO *UserInfo;\r
+ UINT8 *UserId;\r
+ UINT8 *NewUserId;\r
+ UINTN Index;\r
+\r
+ if ((This == NULL) || (User == NULL)) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ //\r
+ // Get User Identifier.\r
+ //\r
+ UserInfo = NULL;\r
+ Status = FindUserInfoByType (\r
+ User,\r
+ EFI_USER_INFO_IDENTIFIER_RECORD,\r
+ &UserInfo\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ //\r
+ // Find the user by user identifier in mPwdTable.\r
+ //\r
+ for (Index = 0; Index < mUsbTable->Count; Index++) {\r
+ UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId;\r
+ NewUserId = (UINT8 *) (UserInfo + 1);\r
+ if (CompareMem (UserId, NewUserId, sizeof (EFI_USER_INFO_IDENTIFIER)) == 0) {\r
+ //\r
+ // Found the user, delete it.\r
+ //\r
+ ModifyTable (Index, NULL);\r
+ break;\r
+ }\r
+ }\r
+\r
+ FreePool (UserInfo);\r
+ return EFI_SUCCESS;\r
+}\r
+\r
+\r
/**\r
Main entry for this driver.\r
\r
{\r
EFI_STATUS Status;\r
\r
+ //\r
+ // It is NOT robust enough to be included in production.\r
+ //\r
+ #error "This implementation is just a sample, please comment this line if you really want to use this driver."\r
+\r
//\r
// Init credential table.\r
//\r
if (EFI_ERROR (Status)) {\r
return Status;\r
}\r
- \r
+\r
//\r
// Init Form Browser\r
//\r
if (EFI_ERROR (Status)) {\r
return Status;\r
}\r
- \r
+\r
//\r
// Install protocol interfaces for the Usb Credential Provider.\r
//\r
Status = gBS->InstallProtocolInterface (\r
&mCallbackInfo->DriverHandle,\r
- &gEfiUserCredentialProtocolGuid,\r
+ &gEfiUserCredential2ProtocolGuid,\r
EFI_NATIVE_INTERFACE,\r
&gUsbCredentialProviderDriver\r
);\r