1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
|
/** @file
The header file for user profile manager driver.
Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef __EFI_USER_PROFILE_MANAGER_H__
#define __EFI_USER_PROFILE_MANAGER_H__
#include <Uefi.h>
#include <Guid/GlobalVariable.h>
#include <Guid/MdeModuleHii.h>
#include <Protocol/HiiConfigAccess.h>
#include <Protocol/DevicePathToText.h>
#include <Protocol/UserCredential2.h>
#include <Protocol/UserManager.h>
#include <Library/UefiRuntimeServicesTableLib.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/DevicePathLib.h>
#include <Library/DebugLib.h>
#include <Library/UefiLib.h>
#include <Library/PrintLib.h>
#include <Library/HiiLib.h>
#include "UserProfileManagerData.h"
#define USER_NAME_LENGTH 17
//
// Credential Provider Information.
//
typedef struct {
UINTN Count;
EFI_USER_CREDENTIAL2_PROTOCOL *Provider[1];
} CREDENTIAL_PROVIDER_INFO;
//
// User profile information structure.
//
typedef struct {
UINT64 UsageCount;
EFI_TIME CreateDate;
EFI_TIME UsageDate;
UINTN AccessPolicyLen;
UINTN IdentityPolicyLen;
UINTN NewIdentityPolicyLen;
UINT8 *AccessPolicy;
UINT8 *IdentityPolicy;
UINT8 *NewIdentityPolicy;
CHAR16 UserName[USER_NAME_LENGTH];
BOOLEAN CreateDateExist;
BOOLEAN UsageDateExist;
BOOLEAN AccessPolicyModified;
BOOLEAN IdentityPolicyModified;
BOOLEAN NewIdentityPolicyModified;
} USER_INFO;
//
// User access information structure.
//
typedef struct {
UINTN LoadPermitLen;
UINTN LoadForbidLen;
UINTN ConnectPermitLen;
UINTN ConnectForbidLen;
UINT8 *LoadPermit;
UINT8 *LoadForbid;
UINT8 *ConnectPermit;
UINT8 *ConnectForbid;
UINT32 AccessBootOrder;
UINT8 AccessRight;
UINT8 AccessSetup;
} USER_INFO_ACCESS;
#define USER_PROFILE_MANAGER_SIGNATURE SIGNATURE_32 ('U', 'P', 'M', 'S')
typedef struct {
UINTN Signature;
EFI_HANDLE DriverHandle;
EFI_HII_HANDLE HiiHandle;
EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess;
} USER_PROFILE_MANAGER_CALLBACK_INFO;
//
// HII specific Vendor Device Path definition.
//
typedef struct {
VENDOR_DEVICE_PATH VendorDevicePath;
EFI_DEVICE_PATH_PROTOCOL End;
} HII_VENDOR_DEVICE_PATH;
//
// This is the generated IFR binary data for each formset defined in VFR.
//
extern UINT8 UserProfileManagerVfrBin[];
//
// This is the generated String package data for .UNI file.
//
extern UINT8 UserProfileManagerStrings[];
//
// The user manager protocol, used in several function.
//
extern EFI_USER_MANAGER_PROTOCOL *mUserManager;
//
// The credential providers database in system.
//
extern CREDENTIAL_PROVIDER_INFO *mProviderInfo;
//
// The variables used to update identity policy.
//
extern UINT8 mProviderChoice;
extern UINT8 mConncetLogical;
//
// The variables used to update access policy.
//
extern USER_INFO_ACCESS mAccessInfo;
//
// The user information used to record all data in UI.
//
extern USER_INFO mUserInfo;
extern USER_PROFILE_MANAGER_CALLBACK_INFO *mCallbackInfo;
extern EFI_USER_PROFILE_HANDLE mModifyUser;
/**
Get string by string id from HII Interface.
@param[in] Id String ID to get the string from.
@retval CHAR16 * String from ID.
@retval NULL If error occurs.
**/
CHAR16 *
GetStringById (
IN EFI_STRING_ID Id
);
/**
Add a new user profile into the user profile database.
**/
VOID
CallAddUser (
VOID
);
/**
Display user select form; can select a user to modify.
**/
VOID
SelectUserToModify (
VOID
);
/**
Display user select form, cab select a user to delete.
**/
VOID
SelectUserToDelete (
VOID
);
/**
Delete the user specified by UserIndex in user profile database.
@param[in] UserIndex The index of user in the user name list to be deleted.
**/
VOID
DeleteUser (
IN UINT8 UserIndex
);
/**
Add a username item in form.
@param[in] User Points to the user profile whose username is added.
@param[in] Index The index of the user in the user name list.
@param[in] OpCodeHandle Points to container for dynamic created opcodes.
**/
VOID
AddUserToForm (
IN EFI_USER_PROFILE_HANDLE User,
IN UINT16 Index,
IN VOID *OpCodeHandle
);
/**
Display modify user information form
In this form, username, create Date, usage date, usage count, identity policy,
and access policy are displayed.
@param[in] UserIndex The index of the user in display list to modify.
**/
VOID
ModifyUserInfo (
IN UINT8 UserIndex
);
/**
Get the username from user input and update username string in Hii
database with it.
**/
VOID
ModifyUserName (
VOID
);
/**
Display the form of modifying user identity policy.
**/
VOID
ModifyIdentityPolicy (
VOID
);
/**
Update the mUserInfo.NewIdentityPolicy and UI when 'add option' is pressed.
**/
VOID
AddIdentityPolicyItem (
VOID
);
/**
Save the identity policy and update UI with it.
This funciton will verify the new identity policy, in current implementation,
the identity policy can be: T, P & P & P & ..., P | P | P | ...
Here, "T" means "True", "P" means "Credential Provider", "&" means "and", "|" means "or".
Other identity policies are not supported.
**/
VOID
SaveIdentityPolicy (
VOID
);
/**
Display modify user access policy form
In this form, access right, access setu,p and access boot order are dynamically
added. Load devicepath and connect devicepath are displayed too.
**/
VOID
ModidyAccessPolicy (
VOID
);
/**
Collect all the access policy data to mUserInfo.AccessPolicy,
and save it to user profile.
**/
VOID
SaveAccessPolicy (
VOID
);
/**
Get current user's access rights.
@param[out] AccessRight Points to the buffer used for user's access rights.
@retval EFI_SUCCESS Get current user access rights successfully.
@retval others Fail to get current user access rights.
**/
EFI_STATUS
GetAccessRight (
OUT UINT32 *AccessRight
);
/**
Display the permit load device path in the loadable device path list.
**/
VOID
DisplayLoadPermit(
VOID
);
/**
Display the forbid load device path list (mAccessInfo.LoadForbid).
**/
VOID
DisplayLoadForbid (
VOID
);
/**
Display the permit connect device path.
**/
VOID
DisplayConnectPermit (
VOID
);
/**
Display the forbid connect device path list.
**/
VOID
DisplayConnectForbid (
VOID
);
/**
Delete the specified device path by DriverIndex from the forbid device path
list (mAccessInfo.LoadForbid).
@param[in] DriverIndex The index of driver in a forbidden device path list.
**/
VOID
DeleteFromForbidLoad (
IN UINT16 DriverIndex
);
/**
Add the specified device path by DriverIndex to the forbid device path
list (mAccessInfo.LoadForbid).
@param[in] DriverIndex The index of driver saved in driver options.
**/
VOID
AddToForbidLoad (
IN UINT16 DriverIndex
);
/**
Get user name from the popup windows.
@param[in, out] UserNameLen On entry, point to the buffer lengh of UserName.
On exit, point to the input user name length.
@param[out] UserName The buffer to hold the input user name.
@retval EFI_ABORTED It is given up by pressing 'ESC' key.
@retval EFI_NOT_READY Not a valid input at all.
@retval EFI_SUCCESS Get a user name successfully.
**/
EFI_STATUS
GetUserNameInput (
IN OUT UINTN *UserNameLen,
OUT CHAR16 *UserName
);
/**
Find the specified info in User profile by the InfoType.
@param[in] User Handle of the user whose information will be searched.
@param[in] InfoType The user information type to find.
@param[out] UserInfo Points to user information handle found.
@retval EFI_SUCCESS Find the user information successfully.
@retval Others Fail to find the user information.
**/
EFI_STATUS
FindInfoByType (
IN EFI_USER_PROFILE_HANDLE User,
IN UINT8 InfoType,
OUT EFI_USER_INFO_HANDLE *UserInfo
);
/**
Convert the identity policy to a unicode string and update the Hii database
IpStringId string with it.
@param[in] Ip Points to identity policy.
@param[in] IpLen The identity policy length.
@param[in] IpStringId String ID in the HII database to be replaced.
**/
VOID
ResolveIdentityPolicy (
IN UINT8 *Ip,
IN UINTN IpLen,
IN EFI_STRING_ID IpStringId
);
/**
Expand access policy memory size.
@param[in] ValidLen The valid access policy length.
@param[in] ExpandLen The length that is needed to expand.
**/
VOID
ExpandMemory (
IN UINTN ValidLen,
IN UINTN ExpandLen
);
/**
Delete User's credental from all the providers that exist in User's identity policy.
@param[in] IdentityPolicy Point to User's identity policy.
@param[in] IdentityPolicyLen The length of the identity policy.
@param[in] User Points to user profile.
**/
VOID
DeleteCredentialFromProviders (
IN UINT8 *IdentityPolicy,
IN UINTN IdentityPolicyLen,
IN EFI_USER_PROFILE_HANDLE User
);
#endif
|
