From 0c18794ea4289f03fefc7117b56740414cc0536c Mon Sep 17 00:00:00 2001 From: gdong1 Date: Fri, 2 Sep 2011 07:49:32 +0000 Subject: Add security package to repository. git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12261 6f19259b-4bc3-4df7-8a09-765794883524 --- .../PwdCredentialProvider.c | 1422 ++++++++++++++++++++ .../PwdCredentialProvider.h | 354 +++++ .../PwdCredentialProviderData.h | 33 + .../PwdCredentialProviderDxe.inf | 53 + .../PwdCredentialProviderStrings.uni | Bin 0 -> 5128 bytes .../PwdCredentialProviderVfr.Vfr | 35 + 6 files changed, 1897 insertions(+) create mode 100644 SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProvider.c create mode 100644 SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProvider.h create mode 100644 SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderData.h create mode 100644 SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderDxe.inf create mode 100644 SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderStrings.uni create mode 100644 SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderVfr.Vfr (limited to 'SecurityPkg/UserIdentification/PwdCredentialProviderDxe') diff --git a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProvider.c b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProvider.c new file mode 100644 index 0000000000..ad1521040c --- /dev/null +++ b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProvider.c @@ -0,0 +1,1422 @@ +/** @file + Password Credential Provider driver implementation. + +Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "PwdCredentialProvider.h" + +CREDENTIAL_TABLE *mPwdTable = NULL; +PWD_PROVIDER_CALLBACK_INFO *mCallbackInfo = NULL; +PASSWORD_CREDENTIAL_INFO *mPwdInfoHandle = NULL; + +// +// Used for save password credential and form browser. +// Also used as provider identifier. +// +EFI_GUID mPwdCredentialGuid = PWD_CREDENTIAL_PROVIDER_GUID; + +HII_VENDOR_DEVICE_PATH mHiiVendorDevicePath = { + { + { + HARDWARE_DEVICE_PATH, + HW_VENDOR_DP, + { + (UINT8) (sizeof (VENDOR_DEVICE_PATH)), + (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) + } + }, + { 0xeba7fc2b, 0xa465, 0x4d96, { 0x85, 0xa9, 0xd2, 0xf6, 0x64, 0xdf, 0x9b, 0x45 } } + }, + { + END_DEVICE_PATH_TYPE, + END_ENTIRE_DEVICE_PATH_SUBTYPE, + { + (UINT8) (END_DEVICE_PATH_LENGTH), + (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8) + } + } +}; + +EFI_USER_CREDENTIAL_PROTOCOL gPwdCredentialProviderDriver = { + PWD_CREDENTIAL_PROVIDER_GUID, + EFI_USER_CREDENTIAL_CLASS_PASSWORD, + CredentialEnroll, + CredentialForm, + CredentialTile, + CredentialTitle, + CredentialUser, + CredentialSelect, + CredentialDeselect, + CredentialDefault, + CredentialGetInfo, + CredentialGetNextInfo +}; + + +/** + Get string by string id from HII Interface. + + + @param[in] Id String ID to get the string from. + + @retval CHAR16 * String from ID. + @retval NULL If error occurs. + +**/ +CHAR16 * +GetStringById ( + IN EFI_STRING_ID Id + ) +{ + // + // Get the current string for the current Language. + // + return HiiGetString (mCallbackInfo->HiiHandle, Id, NULL); +} + + +/** + Expand password table size. + +**/ +VOID +ExpandTableSize ( + VOID + ) +{ + CREDENTIAL_TABLE *NewTable; + UINTN Count; + + Count = mPwdTable->MaxCount + PASSWORD_TABLE_INC; + // + // Create new credential table. + // + NewTable = (CREDENTIAL_TABLE *) AllocateZeroPool ( + sizeof (CREDENTIAL_TABLE) + + (Count - 1) * sizeof (PASSWORD_INFO) + ); + ASSERT (NewTable != NULL); + + NewTable->MaxCount = Count; + NewTable->Count = mPwdTable->Count; + NewTable->ValidIndex = mPwdTable->ValidIndex; + // + // Copy old entries + // + CopyMem ( + &NewTable->UserInfo, + &mPwdTable->UserInfo, + mPwdTable->Count * sizeof (PASSWORD_INFO) + ); + FreePool (mPwdTable); + mPwdTable = NewTable; +} + + +/** + Add or delete info in table, and sync with NV variable. + + @param[in] Index The index of the password in table. The index begin from 1. + If index is found in table, delete the info, else add the + into to table. + @param[in] Info The new password info to add into table. + + @retval EFI_INVALID_PARAMETER Info is NULL when save the info. + @retval EFI_SUCCESS Modify the table successfully. + @retval Others Failed to modify the table. + +**/ +EFI_STATUS +ModifyTable ( + IN UINTN Index, + IN PASSWORD_INFO * Info OPTIONAL + ) +{ + EFI_STATUS Status; + + if (Index < mPwdTable->Count) { + // + // Delete the specified entry. + // + mPwdTable->Count--; + if (Index != mPwdTable->Count) { + CopyMem ( + &mPwdTable->UserInfo[Index], + &mPwdTable->UserInfo[mPwdTable->Count], + sizeof (PASSWORD_INFO) + ); + } + } else { + // + // Add a new entry. + // + if (Info == NULL) { + return EFI_INVALID_PARAMETER; + } + + if (mPwdTable->Count >= mPwdTable->MaxCount) { + ExpandTableSize (); + } + + CopyMem ( + &mPwdTable->UserInfo[mPwdTable->Count], + Info, + sizeof (PASSWORD_INFO) + ); + mPwdTable->Count++; + } + + // + // Save the credential table. + // + Status = gRT->SetVariable ( + L"PwdCredential", + &mPwdCredentialGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, + mPwdTable->Count * sizeof (PASSWORD_INFO), + &mPwdTable->UserInfo + ); + return Status; +} + + +/** + Create a password table. + + @retval EFI_SUCCESS Create a password table successfully. + @retval Others Failed to create a password. + +**/ +EFI_STATUS +InitCredentialTable ( + VOID + ) +{ + EFI_STATUS Status; + UINT8 *Var; + UINTN VarSize; + + // + // Get Password credential data from NV variable. + // + VarSize = 0; + Var = NULL; + Status = gRT->GetVariable ( + L"PwdCredential", + &mPwdCredentialGuid, + NULL, + &VarSize, + Var + ); + if (Status == EFI_BUFFER_TOO_SMALL) { + Var = AllocateZeroPool (VarSize); + if (Var == NULL) { + return EFI_OUT_OF_RESOURCES; + } + Status = gRT->GetVariable ( + L"PwdCredential", + &mPwdCredentialGuid, + NULL, + &VarSize, + Var + ); + } + if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) { + return Status; + } + + // + // Create the password credential table. + // + mPwdTable = AllocateZeroPool ( + sizeof (CREDENTIAL_TABLE) - sizeof (PASSWORD_INFO) + + PASSWORD_TABLE_INC * sizeof (PASSWORD_INFO) + + VarSize + ); + if (mPwdTable == NULL) { + FreePool (Var); + return EFI_OUT_OF_RESOURCES; + } + + mPwdTable->Count = VarSize / sizeof (PASSWORD_INFO); + mPwdTable->MaxCount = mPwdTable->Count + PASSWORD_TABLE_INC; + mPwdTable->ValidIndex = 0; + if (Var != NULL) { + CopyMem (mPwdTable->UserInfo, Var, VarSize); + FreePool (Var); + } + return EFI_SUCCESS; +} + + +/** + Hash the password to get credential. + + @param[in] Password Points to the input password. + @param[in] PasswordSize The size of password, in bytes. + @param[out] Credential Points to the hashed result. + + @retval TRUE Hash the password successfully. + @retval FALSE Failed to hash the password. + +**/ +BOOLEAN +GenerateCredential ( + IN CHAR16 *Password, + IN UINTN PasswordSize, + OUT UINT8 *Credential + ) +{ + BOOLEAN Status; + UINTN HashSize; + VOID *Hash; + + HashSize = Sha1GetContextSize (); + Hash = AllocatePool (HashSize); + ASSERT (Hash != NULL); + + Status = Sha1Init (Hash); + if (!Status) { + goto Done; + } + + Status = Sha1Update (Hash, Password, PasswordSize); + if (!Status) { + goto Done; + } + + Status = Sha1Final (Hash, Credential); + +Done: + FreePool (Hash); + return Status; +} + + +/** + Get password from user input. + + @param[in] FirstPwd If True, prompt to input the first password. + If False, prompt to input password again. + @param[out] Credential Points to the input password. + +**/ +VOID +GetPassword ( + IN BOOLEAN FirstPwd, + OUT CHAR8 *Credential + ) +{ + EFI_INPUT_KEY Key; + CHAR16 PasswordMask[CREDENTIAL_LEN + 1]; + CHAR16 Password[CREDENTIAL_LEN]; + UINTN PasswordLen; + CHAR16 *QuestionStr; + CHAR16 *LineStr; + + PasswordLen = 0; + while (TRUE) { + PasswordMask[PasswordLen] = L'_'; + PasswordMask[PasswordLen + 1] = L'\0'; + LineStr = GetStringById (STRING_TOKEN (STR_DRAW_A_LINE)); + if (FirstPwd) { + QuestionStr = GetStringById (STRING_TOKEN (STR_INPUT_PASSWORD)); + } else { + QuestionStr = GetStringById (STRING_TOKEN (STR_INPUT_PASSWORD_AGAIN)); + } + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + QuestionStr, + LineStr, + PasswordMask, + NULL + ); + FreePool (QuestionStr); + FreePool (LineStr); + + // + // Check key stroke + // + if (Key.ScanCode == SCAN_NULL) { + if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { + break; + } else if (Key.UnicodeChar == CHAR_BACKSPACE) { + if (PasswordLen > 0) { + PasswordLen--; + } + } else if ((Key.UnicodeChar == CHAR_NULL) || + (Key.UnicodeChar == CHAR_TAB) || + (Key.UnicodeChar == CHAR_LINEFEED)) { + continue; + } else { + Password[PasswordLen] = Key.UnicodeChar; + PasswordMask[PasswordLen] = L'*'; + PasswordLen++; + if (PasswordLen == CREDENTIAL_LEN) { + break; + } + } + } + } + + PasswordLen = PasswordLen * sizeof (CHAR16); + GenerateCredential (Password, PasswordLen, (UINT8 *)Credential); +} + +/** + Check whether the password can be found on this provider. + + @param[in] Password The password to be found. + + @retval EFI_SUCCESS Found password sucessfully. + @retval EFI_NOT_FOUND Fail to find the password. + +**/ +EFI_STATUS +CheckPassword ( + IN CHAR8 *Password + ) +{ + UINTN Index; + CHAR8 *Pwd; + + // + // Check password credential. + // + mPwdTable->ValidIndex = 0; + for (Index = 0; Index < mPwdTable->Count; Index++) { + Pwd = mPwdTable->UserInfo[Index].Password; + if (CompareMem (Pwd, Password, CREDENTIAL_LEN) == 0) { + mPwdTable->ValidIndex = Index + 1; + return EFI_SUCCESS; + } + } + + return EFI_NOT_FOUND; +} + + +/** + Find a user infomation record by the information record type. + + This function searches all user information records of User from beginning + until either the information is found, or there are no more user infomation + records. A match occurs when a Info.InfoType field matches the user information + record type. + + @param[in] User Points to the user profile record to search. + @param[in] InfoType The infomation type to be searched. + @param[out] Info Points to the user info found, the caller is responsible + to free. + + @retval EFI_SUCCESS Find the user information successfully. + @retval Others Fail to find the user information. + +**/ +EFI_STATUS +FindUserInfoByType ( + IN EFI_USER_PROFILE_HANDLE User, + IN UINT8 InfoType, + OUT EFI_USER_INFO **Info + ) +{ + EFI_STATUS Status; + EFI_USER_INFO *UserInfo; + UINTN UserInfoSize; + EFI_USER_INFO_HANDLE UserInfoHandle; + EFI_USER_MANAGER_PROTOCOL *UserManager; + + // + // Find user information by information type. + // + if (Info == NULL) { + return EFI_INVALID_PARAMETER; + } + + Status = gBS->LocateProtocol ( + &gEfiUserManagerProtocolGuid, + NULL, + (VOID **) &UserManager + ); + if (EFI_ERROR (Status)) { + return EFI_NOT_FOUND; + } + + // + // Get each user information. + // + + UserInfoHandle = NULL; + UserInfo = NULL; + UserInfoSize = 0; + while (TRUE) { + Status = UserManager->GetNextInfo (UserManager, User, &UserInfoHandle); + if (EFI_ERROR (Status)) { + break; + } + // + // Get information. + // + Status = UserManager->GetInfo ( + UserManager, + User, + UserInfoHandle, + UserInfo, + &UserInfoSize + ); + if (Status == EFI_BUFFER_TOO_SMALL) { + if (UserInfo != NULL) { + FreePool (UserInfo); + } + UserInfo = AllocateZeroPool (UserInfoSize); + if (UserInfo == NULL) { + return EFI_OUT_OF_RESOURCES; + } + Status = UserManager->GetInfo ( + UserManager, + User, + UserInfoHandle, + UserInfo, + &UserInfoSize + ); + } + if (EFI_ERROR (Status)) { + break; + } + + ASSERT (UserInfo != NULL); + if (UserInfo->InfoType == InfoType) { + *Info = UserInfo; + return EFI_SUCCESS; + } + } + + if (UserInfo != NULL) { + FreePool (UserInfo); + } + return Status; +} + + +/** + This function processes the results of changes in configuration. + + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param Action Specifies the type of action taken by the browser. + @param QuestionId A unique value which is sent to the original + exporting driver so that it can identify the type + of data to expect. + @param Type The type of value for the question. + @param Value A pointer to the data being sent to the original + exporting driver. + @param ActionRequest On return, points to the action requested by the + callback function. + + @retval EFI_SUCCESS The callback successfully handled the action. + @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the + variable and its data. + @retval EFI_DEVICE_ERROR The variable could not be saved. + @retval EFI_UNSUPPORTED The specified Action is not supported by the + callback. + +**/ +EFI_STATUS +EFIAPI +CredentialDriverCallback ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN EFI_BROWSER_ACTION Action, + IN EFI_QUESTION_ID QuestionId, + IN UINT8 Type, + IN EFI_IFR_TYPE_VALUE *Value, + OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest + ) +{ + EFI_STATUS Status; + EFI_INPUT_KEY Key; + CHAR8 Password[CREDENTIAL_LEN]; + CHAR16 *PromptStr; + + if (Action == EFI_BROWSER_ACTION_CHANGING) { + if (QuestionId == KEY_GET_PASSWORD) { + // + // Get and check password. + // + GetPassword (TRUE, Password); + Status = CheckPassword (Password); + if (EFI_ERROR (Status)) { + PromptStr = GetStringById (STRING_TOKEN (STR_PASSWORD_INCORRECT)); + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"", + PromptStr, + L"", + NULL + ); + FreePool (PromptStr); + return Status; + } + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_EXIT; + } + return EFI_SUCCESS; + } + + // + // All other action return unsupported. + // + return EFI_UNSUPPORTED; +} + + +/** + This function allows a caller to extract the current configuration for one + or more named elements from the target driver. + + + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param Request A null-terminated Unicode string in format. + @param Progress On return, points to a character in the Request string. + Points to the string's null terminator if request was successful. + Points to the most recent '&' before the first failing name/value + pair (or the beginning of the string if the failure is in the + first name/value pair) if the request was not successful. + @param Results A null-terminated Unicode string in format which + has all values filled in for the names in the Request string. + String to be allocated by the called function. + + @retval EFI_SUCCESS The Results is filled with the requested values. + @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results. + @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name. + @retval EFI_NOT_FOUND Routing data doesn't match any storage in this driver. + +**/ +EFI_STATUS +EFIAPI +FakeExtractConfig ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Request, + OUT EFI_STRING *Progress, + OUT EFI_STRING *Results + ) +{ + if (Progress == NULL || Results == NULL) { + return EFI_INVALID_PARAMETER; + } + *Progress = Request; + return EFI_NOT_FOUND; +} + +/** + This function processes the results of changes in configuration. + + + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param Configuration A null-terminated Unicode string in format. + @param Progress A pointer to a string filled in with the offset of the most + recent '&' before the first failing name/value pair (or the + beginning of the string if the failure is in the first + name/value pair) or the terminating NULL if all was successful. + + @retval EFI_SUCCESS The Results is processed successfully. + @retval EFI_INVALID_PARAMETER Configuration is NULL. + @retval EFI_NOT_FOUND Routing data doesn't match any storage in this driver. + +**/ +EFI_STATUS +EFIAPI +FakeRouteConfig ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Configuration, + OUT EFI_STRING *Progress + ) +{ + if (Configuration == NULL || Progress == NULL) { + return EFI_INVALID_PARAMETER; + } + + return EFI_NOT_FOUND; +} + +/** + This function initialize the data mainly used in form browser. + + @retval EFI_SUCCESS Initialize form data successfully. + @retval Others Fail to Initialize form data. + +**/ +EFI_STATUS +InitFormBrowser ( + VOID + ) +{ + EFI_STATUS Status; + PWD_PROVIDER_CALLBACK_INFO *CallbackInfo; + + // + // Initialize driver private data. + // + CallbackInfo = AllocateZeroPool (sizeof (PWD_PROVIDER_CALLBACK_INFO)); + if (CallbackInfo == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + CallbackInfo->Signature = PWD_PROVIDER_SIGNATURE; + CallbackInfo->ConfigAccess.ExtractConfig = FakeExtractConfig; + CallbackInfo->ConfigAccess.RouteConfig = FakeRouteConfig; + CallbackInfo->ConfigAccess.Callback = CredentialDriverCallback; + CallbackInfo->DriverHandle = NULL; + + // + // Install Device Path Protocol and Config Access protocol to driver handle. + // + Status = gBS->InstallMultipleProtocolInterfaces ( + &CallbackInfo->DriverHandle, + &gEfiDevicePathProtocolGuid, + &mHiiVendorDevicePath, + &gEfiHiiConfigAccessProtocolGuid, + &CallbackInfo->ConfigAccess, + NULL + ); + ASSERT_EFI_ERROR (Status); + + // + // Publish HII data. + // + CallbackInfo->HiiHandle = HiiAddPackages ( + &mPwdCredentialGuid, + CallbackInfo->DriverHandle, + PwdCredentialProviderStrings, + PwdCredentialProviderVfrBin, + NULL + ); + if (CallbackInfo->HiiHandle == NULL) { + return EFI_OUT_OF_RESOURCES; + } + mCallbackInfo = CallbackInfo; + + return Status; +} + + +/** + Enroll a user on a credential provider. + + This function enrolls and deletes a user profile using this credential provider. + If a user profile is successfully enrolled, it calls the User Manager Protocol + function Notify() to notify the user manager driver that credential information + has changed. If an enrolled user does exist, delete the user on the credential + provider. + + @param[in] This Points to this instance of EFI_USER_CREDENTIAL_PROTOCOL. + @param[in] User The user profile to enroll. + + @retval EFI_SUCCESS User profile was successfully enrolled. + @retval EFI_ACCESS_DENIED Current user profile does not permit enrollment on the + user profile handle. Either the user profile cannot enroll + on any user profile or cannot enroll on a user profile + other than the current user profile. + @retval EFI_UNSUPPORTED This credential provider does not support enrollment in + the pre-OS. + @retval EFI_DEVICE_ERROR The new credential could not be created because of a device + error. + @retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle. + +**/ +EFI_STATUS +EFIAPI +CredentialEnroll ( + IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, + IN EFI_USER_PROFILE_HANDLE User + ) +{ + EFI_STATUS Status; + UINTN Index; + PASSWORD_INFO PwdInfo; + EFI_USER_INFO *UserInfo; + CHAR8 Password[CREDENTIAL_LEN]; + EFI_INPUT_KEY Key; + EFI_USER_MANAGER_PROTOCOL *UserManager; + UINT8 *UserId; + UINT8 *NewUserId; + CHAR16 *QuestionStr; + CHAR16 *PromptStr; + + if ((This == NULL) || (User == NULL)) { + return EFI_INVALID_PARAMETER; + } + + Status = gBS->LocateProtocol ( + &gEfiUserManagerProtocolGuid, + NULL, + (VOID **) &UserManager + ); + if (EFI_ERROR (Status)) { + return EFI_UNSUPPORTED; + } + + // + // Get User Identifier. + // + UserInfo = NULL; + Status = FindUserInfoByType ( + User, + EFI_USER_INFO_IDENTIFIER_RECORD, + &UserInfo + ); + if (EFI_ERROR (Status)) { + return EFI_INVALID_PARAMETER; + } + + // + // If User exists in mPwdTable, delete User. + // + for (Index = 0; Index < mPwdTable->Count; Index++) { + UserId = (UINT8 *) &mPwdTable->UserInfo[Index].UserId; + NewUserId = (UINT8 *) (UserInfo + 1); + if (CompareMem (UserId, NewUserId, sizeof (EFI_USER_INFO_IDENTIFIER)) == 0) { + // + // Delete the existing password. + // + FreePool (UserInfo); + return ModifyTable (Index, NULL); + } + } + + // + // The User doesn't exist in mPwdTable; Enroll the new User. + // + while (TRUE) { + // + // Input password. + // + GetPassword (TRUE, PwdInfo.Password); + + // + // Input password again. + // + GetPassword (FALSE, Password); + + // + // Compare the two password consistency. + // + if (CompareMem (PwdInfo.Password, Password, CREDENTIAL_LEN) == 0) { + break; + } + + QuestionStr = GetStringById (STRING_TOKEN (STR_PASSWORD_MISMATCH)); + PromptStr = GetStringById (STRING_TOKEN (STR_INPUT_PASSWORD_AGAIN)); + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + QuestionStr, + L"", + PromptStr, + NULL + ); + FreePool (QuestionStr); + FreePool (PromptStr); + } + + CopyMem ( + PwdInfo.UserId, + (UINT8 *) (UserInfo + 1), + sizeof (EFI_USER_INFO_IDENTIFIER) + ); + FreePool (UserInfo); + + // + // Save the new added entry. + // + Status = ModifyTable (mPwdTable->Count, &PwdInfo); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // Notify the user manager driver that credential information has changed. + // + UserManager->Notify (UserManager, mCallbackInfo->DriverHandle); + + return EFI_SUCCESS; +} + + +/** + Returns the user interface information used during user identification. + + This function returns information about the form used when interacting with the + user during user identification. The form is the first enabled form in the form-set + class EFI_HII_USER_CREDENTIAL_FORMSET_GUID installed on the HII handle HiiHandle. If + the user credential provider does not require a form to identify the user, then this + function should return EFI_NOT_FOUND. + + @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. + @param[out] Hii On return, holds the HII database handle. + @param[out] FormSetId On return, holds the identifier of the form set which contains + the form used during user identification. + @param[out] FormId On return, holds the identifier of the form used during user + identification. + + @retval EFI_SUCCESS Form returned successfully. + @retval EFI_NOT_FOUND Form not returned. + @retval EFI_INVALID_PARAMETER Hii is NULL or FormSetId is NULL or FormId is NULL. + +**/ +EFI_STATUS +EFIAPI +CredentialForm ( + IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, + OUT EFI_HII_HANDLE *Hii, + OUT EFI_GUID *FormSetId, + OUT EFI_FORM_ID *FormId + ) +{ + if ((This == NULL) || (Hii == NULL) || + (FormSetId == NULL) || (FormId == NULL)) { + return EFI_INVALID_PARAMETER; + } + + *Hii = mCallbackInfo->HiiHandle; + *FormId = FORMID_GET_PASSWORD_FORM; + CopyGuid (FormSetId, &mPwdCredentialGuid); + + return EFI_SUCCESS; +} + + +/** + Returns bitmap used to describe the credential provider type. + + This optional function returns a bitmap that is less than or equal to the number + of pixels specified by Width and Height. If no such bitmap exists, then EFI_NOT_FOUND + is returned. + + @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. + @param[in, out] Width On entry, points to the desired bitmap width. If NULL then no + bitmap information will be returned. On exit, points to the + width of the bitmap returned. + @param[in, out] Height On entry, points to the desired bitmap height. If NULL then no + bitmap information will be returned. On exit, points to the + height of the bitmap returned + @param[out] Hii On return, holds the HII database handle. + @param[out] Image On return, holds the HII image identifier. + + @retval EFI_SUCCESS Image identifier returned successfully. + @retval EFI_NOT_FOUND Image identifier not returned. + @retval EFI_INVALID_PARAMETER Hii is NULL or Image is NULL. + +**/ +EFI_STATUS +EFIAPI +CredentialTile ( + IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, + IN OUT UINTN *Width, + IN OUT UINTN *Height, + OUT EFI_HII_HANDLE *Hii, + OUT EFI_IMAGE_ID *Image + ) +{ + if ((This == NULL) || (Hii == NULL) || (Image == NULL)) { + return EFI_INVALID_PARAMETER; + } + return EFI_NOT_FOUND; +} + + +/** + Returns string used to describe the credential provider type. + + This function returns a string which describes the credential provider. If no + such string exists, then EFI_NOT_FOUND is returned. + + @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. + @param[out] Hii On return, holds the HII database handle. + @param[out] String On return, holds the HII string identifier. + + @retval EFI_SUCCESS String identifier returned successfully. + @retval EFI_NOT_FOUND String identifier not returned. + @retval EFI_INVALID_PARAMETER Hii is NULL or String is NULL. + +**/ +EFI_STATUS +EFIAPI +CredentialTitle ( + IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, + OUT EFI_HII_HANDLE *Hii, + OUT EFI_STRING_ID *String + ) +{ + if ((This == NULL) || (Hii == NULL) || (String == NULL)) { + return EFI_INVALID_PARAMETER; + } + + // + // Set Hii handle and String ID. + // + *Hii = mCallbackInfo->HiiHandle; + *String = STRING_TOKEN (STR_CREDENTIAL_TITLE); + + return EFI_SUCCESS; +} + + +/** + Return the user identifier associated with the currently authenticated user. + + This function returns the user identifier of the user authenticated by this credential + provider. This function is called after the credential-related information has been + submitted on a form, OR after a call to Default() has returned that this credential is + ready to log on. + + @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. + @param[in] User The user profile handle of the user profile currently being + considered by the user identity manager. If NULL, then no user + profile is currently under consideration. + @param[out] Identifier On return, points to the user identifier. + + @retval EFI_SUCCESS User identifier returned successfully. + @retval EFI_NOT_READY No user identifier can be returned. + @retval EFI_ACCESS_DENIED The user has been locked out of this user credential. + @retval EFI_INVALID_PARAMETER This is NULL, or Identifier is NULL. + @retval EFI_NOT_FOUND User is not NULL, and the specified user handle can't be + found in user profile database + +**/ +EFI_STATUS +EFIAPI +CredentialUser ( + IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, + IN EFI_USER_PROFILE_HANDLE User, + OUT EFI_USER_INFO_IDENTIFIER *Identifier + ) +{ + EFI_STATUS Status; + UINTN Index; + EFI_USER_INFO *UserInfo; + UINT8 *UserId; + UINT8 *NewUserId; + CHAR8 *Pwd; + CHAR8 *NewPwd; + + if ((This == NULL) || (Identifier == NULL)) { + return EFI_INVALID_PARAMETER; + } + + if (mPwdTable->ValidIndex == 0) { + // + // No password input, or the input password doesn't match + // anyone in PwdTable. + // + return EFI_NOT_READY; + } + + if (User == NULL) { + // + // Return the user ID whose password matches the input password. + // + CopyMem ( + Identifier, + &mPwdTable->UserInfo[mPwdTable->ValidIndex - 1].UserId, + sizeof (EFI_USER_INFO_IDENTIFIER) + ); + return EFI_SUCCESS; + } + + // + // Get the User's ID. + // + Status = FindUserInfoByType ( + User, + EFI_USER_INFO_IDENTIFIER_RECORD, + &UserInfo + ); + if (EFI_ERROR (Status)) { + return EFI_NOT_FOUND; + } + + // + // Check whether the input password matches one in PwdTable. + // + for (Index = 0; Index < mPwdTable->Count; Index++) { + UserId = (UINT8 *) &mPwdTable->UserInfo[Index].UserId; + NewUserId = (UINT8 *) (UserInfo + 1); + if (CompareMem (UserId, NewUserId, sizeof (EFI_USER_INFO_IDENTIFIER)) == 0) { + Pwd = mPwdTable->UserInfo[Index].Password; + NewPwd = mPwdTable->UserInfo[mPwdTable->ValidIndex - 1].Password; + if (CompareMem (Pwd, NewPwd, CREDENTIAL_LEN) == 0) { + CopyMem (Identifier, UserId, sizeof (EFI_USER_INFO_IDENTIFIER)); + FreePool (UserInfo); + return EFI_SUCCESS; + } + } + } + + // + // The User's password doesn't match the input password. + // Return the user ID whose password matches the input password. + // + CopyMem ( + Identifier, + &mPwdTable->UserInfo[mPwdTable->ValidIndex - 1].UserId, + sizeof (EFI_USER_INFO_IDENTIFIER) + ); + FreePool (UserInfo); + return EFI_SUCCESS; +} + + +/** + Indicate that user interface interaction has begun for the specified credential. + + This function is called when a credential provider is selected by the user. If + AutoLogon returns FALSE, then the user interface will be constructed by the User + Identity Manager. + + @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. + @param[out] AutoLogon On return, points to the credential provider's capabilities + after the credential provider has been selected by the user. + + @retval EFI_SUCCESS Credential provider successfully selected. + @retval EFI_INVALID_PARAMETER AutoLogon is NULL. + +**/ +EFI_STATUS +EFIAPI +CredentialSelect ( + IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, + OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon + ) +{ + if ((This == NULL) || (AutoLogon == NULL)) { + return EFI_INVALID_PARAMETER; + } + *AutoLogon = 0; + + return EFI_SUCCESS; +} + + +/** + Indicate that user interface interaction has ended for the specified credential. + + This function is called when a credential provider is deselected by the user. + + @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. + + @retval EFI_SUCCESS Credential provider successfully deselected. + +**/ +EFI_STATUS +EFIAPI +CredentialDeselect ( + IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This + ) +{ + if (This == NULL) { + return EFI_INVALID_PARAMETER; + } + return EFI_SUCCESS; +} + + +/** + Return the default logon behavior for this user credential. + + This function reports the default login behavior regarding this credential provider. + + @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. + @param[out] AutoLogon On return, holds whether the credential provider should be used + by default to automatically log on the user. + + @retval EFI_SUCCESS Default information successfully returned. + @retval EFI_INVALID_PARAMETER AutoLogon is NULL. + +**/ +EFI_STATUS +EFIAPI +CredentialDefault ( + IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, + OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon + ) +{ + if ((This == NULL) || (AutoLogon == NULL)) { + return EFI_INVALID_PARAMETER; + } + *AutoLogon = 0; + + return EFI_SUCCESS; +} + + +/** + Return information attached to the credential provider. + + This function returns user information. + + @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. + @param[in] UserInfo Handle of the user information data record. + @param[out] Info On entry, points to a buffer of at least *InfoSize bytes. On + exit, holds the user information. If the buffer is too small + to hold the information, then EFI_BUFFER_TOO_SMALL is returned + and InfoSize is updated to contain the number of bytes actually + required. + @param[in, out] InfoSize On entry, points to the size of Info. On return, points to the + size of the user information. + + @retval EFI_SUCCESS Information returned successfully. + @retval EFI_BUFFER_TOO_SMALL The size specified by InfoSize is too small to hold all of the + user information. The size required is returned in *InfoSize. + @retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL. + @retval EFI_NOT_FOUND The specified UserInfo does not refer to a valid user info handle. + +**/ +EFI_STATUS +EFIAPI +CredentialGetInfo ( + IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, + IN EFI_USER_INFO_HANDLE UserInfo, + OUT EFI_USER_INFO *Info, + IN OUT UINTN *InfoSize + ) +{ + EFI_USER_INFO *CredentialInfo; + UINTN Index; + + if ((This == NULL) || (InfoSize == NULL) || (Info == NULL)) { + return EFI_INVALID_PARAMETER; + } + + if ((UserInfo == NULL) || (mPwdInfoHandle == NULL)) { + return EFI_NOT_FOUND; + } + + // + // Find information handle in credential info table. + // + for (Index = 0; Index < mPwdInfoHandle->Count; Index++) { + CredentialInfo = mPwdInfoHandle->Info[Index]; + if (UserInfo == (EFI_USER_INFO_HANDLE)CredentialInfo) { + // + // The handle is found, copy the user info. + // + if (CredentialInfo->InfoSize > *InfoSize) { + *InfoSize = CredentialInfo->InfoSize; + return EFI_BUFFER_TOO_SMALL; + } + CopyMem (Info, CredentialInfo, CredentialInfo->InfoSize); + return EFI_SUCCESS; + } + } + + return EFI_NOT_FOUND; +} + + +/** + Enumerate all of the user informations on the credential provider. + + This function returns the next user information record. To retrieve the first user + information record handle, point UserInfo at a NULL. Each subsequent call will retrieve + another user information record handle until there are no more, at which point UserInfo + will point to NULL. + + @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. + @param[in, out] UserInfo On entry, points to the previous user information handle or NULL + to start enumeration. On exit, points to the next user information + handle or NULL if there is no more user information. + + @retval EFI_SUCCESS User information returned. + @retval EFI_NOT_FOUND No more user information found. + @retval EFI_INVALID_PARAMETER UserInfo is NULL. + +**/ +EFI_STATUS +EFIAPI +CredentialGetNextInfo ( + IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, + IN OUT EFI_USER_INFO_HANDLE *UserInfo + ) +{ + EFI_USER_INFO *Info; + CHAR16 *ProvNameStr; + UINTN InfoLen; + UINTN Index; + UINTN ProvStrLen; + + if ((This == NULL) || (UserInfo == NULL)) { + return EFI_INVALID_PARAMETER; + } + + if (mPwdInfoHandle == NULL) { + // + // Initilized user info table. There are 4 user info records in the table. + // + InfoLen = sizeof (PASSWORD_CREDENTIAL_INFO) + (4 - 1) * sizeof (EFI_USER_INFO *); + mPwdInfoHandle = AllocateZeroPool (InfoLen); + if (mPwdInfoHandle == NULL) { + *UserInfo = NULL; + return EFI_NOT_FOUND; + } + + // + // The first information, Credential Provider info. + // + InfoLen = sizeof (EFI_USER_INFO) + sizeof (EFI_GUID); + Info = AllocateZeroPool (InfoLen); + ASSERT (Info != NULL); + + Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_RECORD; + Info->InfoSize = (UINT32) InfoLen; + Info->InfoAttribs = EFI_USER_INFO_PROTECTED; + CopyGuid (&Info->Credential, &mPwdCredentialGuid); + CopyGuid ((EFI_GUID *)(Info + 1), &mPwdCredentialGuid); + + mPwdInfoHandle->Info[0] = Info; + mPwdInfoHandle->Count++; + + // + // The second information, Credential Provider name info. + // + ProvNameStr = GetStringById (STRING_TOKEN (STR_PROVIDER_NAME)); + ProvStrLen = StrSize (ProvNameStr); + InfoLen = sizeof (EFI_USER_INFO) + ProvStrLen; + Info = AllocateZeroPool (InfoLen); + ASSERT (Info != NULL); + + Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD; + Info->InfoSize = (UINT32) InfoLen; + Info->InfoAttribs = EFI_USER_INFO_PROTECTED; + CopyGuid (&Info->Credential, &mPwdCredentialGuid); + CopyMem ((UINT8*)(Info + 1), ProvNameStr, ProvStrLen); + FreePool (ProvNameStr); + + mPwdInfoHandle->Info[1] = Info; + mPwdInfoHandle->Count++; + + // + // The third information, Credential Provider type info. + // + InfoLen = sizeof (EFI_USER_INFO) + sizeof (EFI_GUID); + Info = AllocateZeroPool (InfoLen); + ASSERT (Info != NULL); + + Info->InfoType = EFI_USER_INFO_CREDENTIAL_TYPE_RECORD; + Info->InfoSize = (UINT32) InfoLen; + Info->InfoAttribs = EFI_USER_INFO_PROTECTED; + CopyGuid (&Info->Credential, &mPwdCredentialGuid); + CopyGuid ((EFI_GUID *)(Info + 1), &gEfiUserCredentialClassPasswordGuid); + + mPwdInfoHandle->Info[2] = Info; + mPwdInfoHandle->Count++; + + // + // The fourth information, Credential Provider type name info. + // + ProvNameStr = GetStringById (STRING_TOKEN (STR_PROVIDER_TYPE_NAME)); + ProvStrLen = StrSize (ProvNameStr); + InfoLen = sizeof (EFI_USER_INFO) + ProvStrLen; + Info = AllocateZeroPool (InfoLen); + ASSERT (Info != NULL); + + Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD; + Info->InfoSize = (UINT32) InfoLen; + Info->InfoAttribs = EFI_USER_INFO_PROTECTED; + CopyGuid (&Info->Credential, &mPwdCredentialGuid); + CopyMem ((UINT8*)(Info + 1), ProvNameStr, ProvStrLen); + FreePool (ProvNameStr); + + mPwdInfoHandle->Info[3] = Info; + mPwdInfoHandle->Count++; + } + + if (*UserInfo == NULL) { + // + // Return the first info handle. + // + *UserInfo = (EFI_USER_INFO_HANDLE) mPwdInfoHandle->Info[0]; + return EFI_SUCCESS; + } + + // + // Find information handle in credential info table. + // + for (Index = 0; Index < mPwdInfoHandle->Count; Index++) { + Info = mPwdInfoHandle->Info[Index]; + if (*UserInfo == (EFI_USER_INFO_HANDLE)Info) { + // + // The handle is found, get the next one. + // + if (Index == mPwdInfoHandle->Count - 1) { + // + // Already last one. + // + *UserInfo = NULL; + return EFI_NOT_FOUND; + } + + Index++; + *UserInfo = (EFI_USER_INFO_HANDLE)mPwdInfoHandle->Info[Index]; + return EFI_SUCCESS; + } + } + + *UserInfo = NULL; + return EFI_NOT_FOUND; +} + + +/** + Main entry for this driver. + + @param ImageHandle Image handle this driver. + @param SystemTable Pointer to SystemTable. + + @retval EFI_SUCESS This function always complete successfully. + +**/ +EFI_STATUS +EFIAPI +PasswordProviderInit ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + + // + // Init credential table. + // + Status = InitCredentialTable (); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // Init Form Browser. + // + Status = InitFormBrowser (); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // Install protocol interfaces for the password credential provider. + // + Status = gBS->InstallProtocolInterface ( + &mCallbackInfo->DriverHandle, + &gEfiUserCredentialProtocolGuid, + EFI_NATIVE_INTERFACE, + &gPwdCredentialProviderDriver + ); + return Status; +} diff --git a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProvider.h b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProvider.h new file mode 100644 index 0000000000..9b5e7768ba --- /dev/null +++ b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProvider.h @@ -0,0 +1,354 @@ +/** @file + Password Credential Provider driver header file. + +Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#ifndef _PASSWORD_CREDENTIAL_PROVIDER_H_ +#define _PASSWORD_CREDENTIAL_PROVIDER_H_ + +#include + +#include +#include + +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "PwdCredentialProviderData.h" + +extern UINT8 PwdCredentialProviderStrings[]; +extern UINT8 PwdCredentialProviderVfrBin[]; + +#define PASSWORD_TABLE_INC 16 +#define CREDENTIAL_LEN 20 + +// +// Password credential information. +// +typedef struct { + EFI_USER_INFO_IDENTIFIER UserId; + CHAR8 Password[CREDENTIAL_LEN]; +} PASSWORD_INFO; + +// +// Password credential table. +// +typedef struct { + UINTN Count; + UINTN MaxCount; + UINTN ValidIndex; + PASSWORD_INFO UserInfo[1]; +} CREDENTIAL_TABLE; + +// +// The user information on the password provider. +// +typedef struct { + UINTN Count; + EFI_USER_INFO *Info[1]; +} PASSWORD_CREDENTIAL_INFO; + +/// +/// HII specific Vendor Device Path definition. +/// +typedef struct { + VENDOR_DEVICE_PATH VendorDevicePath; + EFI_DEVICE_PATH_PROTOCOL End; +} HII_VENDOR_DEVICE_PATH; + +#define PWD_PROVIDER_SIGNATURE SIGNATURE_32 ('P', 'W', 'D', 'P') + +typedef struct { + UINTN Signature; + EFI_HANDLE DriverHandle; + EFI_HII_HANDLE HiiHandle; + // + // Produced protocol. + // + EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess; +} PWD_PROVIDER_CALLBACK_INFO; + + +/** + Enroll a user on a credential provider. + + This function enrolls and deletes a user profile using this credential provider. + If a user profile is successfully enrolled, it calls the User Manager Protocol + function Notify() to notify the user manager driver that credential information + has changed. If an enrolled user does exist, delete the user on the credential + provider. + + @param[in] This Points to this instance of EFI_USER_CREDENTIAL_PROTOCOL. + @param[in] User The user profile to enroll. + + @retval EFI_SUCCESS User profile was successfully enrolled. + @retval EFI_ACCESS_DENIED Current user profile does not permit enrollment on the + user profile handle. Either the user profile cannot enroll + on any user profile or cannot enroll on a user profile + other than the current user profile. + @retval EFI_UNSUPPORTED This credential provider does not support enrollment in + the pre-OS. + @retval EFI_DEVICE_ERROR The new credential could not be created because of a device + error. + @retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle. + +**/ +EFI_STATUS +EFIAPI +CredentialEnroll ( + IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, + IN EFI_USER_PROFILE_HANDLE User + ); + +/** + Returns the user interface information used during user identification. + + This function returns information about the form used when interacting with the + user during user identification. The form is the first enabled form in the form-set + class EFI_HII_USER_CREDENTIAL_FORMSET_GUID installed on the HII handle HiiHandle. If + the user credential provider does not require a form to identify the user, then this + function should return EFI_NOT_FOUND. + + @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. + @param[out] Hii On return, holds the HII database handle. + @param[out] FormSetId On return, holds the identifier of the form set which contains + the form used during user identification. + @param[out] FormId On return, holds the identifier of the form used during user + identification. + + @retval EFI_SUCCESS Form returned successfully. + @retval EFI_NOT_FOUND Form not returned. + @retval EFI_INVALID_PARAMETER Hii is NULL or FormSetId is NULL or FormId is NULL. + +**/ +EFI_STATUS +EFIAPI +CredentialForm ( + IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, + OUT EFI_HII_HANDLE *Hii, + OUT EFI_GUID *FormSetId, + OUT EFI_FORM_ID *FormId + ); + +/** + Returns bitmap used to describe the credential provider type. + + This optional function returns a bitmap which is less than or equal to the number + of pixels specified by Width and Height. If no such bitmap exists, then EFI_NOT_FOUND + is returned. + + @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. + @param[in, out] Width On entry, points to the desired bitmap width. If NULL then no + bitmap information will be returned. On exit, points to the + width of the bitmap returned. + @param[in, out] Height On entry, points to the desired bitmap height. If NULL then no + bitmap information will be returned. On exit, points to the + height of the bitmap returned + @param[out] Hii On return, holds the HII database handle. + @param[out] Image On return, holds the HII image identifier. + + @retval EFI_SUCCESS Image identifier returned successfully. + @retval EFI_NOT_FOUND Image identifier not returned. + @retval EFI_INVALID_PARAMETER Hii is NULL or Image is NULL. + +**/ +EFI_STATUS +EFIAPI +CredentialTile ( + IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, + IN OUT UINTN *Width, + IN OUT UINTN *Height, + OUT EFI_HII_HANDLE *Hii, + OUT EFI_IMAGE_ID *Image + ); + +/** + Returns string used to describe the credential provider type. + + This function returns a string which describes the credential provider. If no + such string exists, then EFI_NOT_FOUND is returned. + + @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. + @param[out] Hii On return, holds the HII database handle. + @param[out] String On return, holds the HII string identifier. + + @retval EFI_SUCCESS String identifier returned successfully. + @retval EFI_NOT_FOUND String identifier not returned. + @retval EFI_INVALID_PARAMETER Hii is NULL or String is NULL. + +**/ +EFI_STATUS +EFIAPI +CredentialTitle ( + IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, + OUT EFI_HII_HANDLE *Hii, + OUT EFI_STRING_ID *String + ); + +/** + Return the user identifier associated with the currently authenticated user. + + This function returns the user identifier of the user authenticated by this credential + provider. This function is called after the credential-related information has been + submitted on a form OR after a call to Default() has returned that this credential is + ready to log on. + + @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. + @param[in] User The user profile handle of the user profile currently being + considered by the user identity manager. If NULL, then no user + profile is currently under consideration. + @param[out] Identifier On return, points to the user identifier. + + @retval EFI_SUCCESS User identifier returned successfully. + @retval EFI_NOT_READY No user identifier can be returned. + @retval EFI_ACCESS_DENIED The user has been locked out of this user credential. + @retval EFI_INVALID_PARAMETER This is NULL, or Identifier is NULL. + @retval EFI_NOT_FOUND User is not NULL, and the specified user handle can't be + found in user profile database + +**/ +EFI_STATUS +EFIAPI +CredentialUser ( + IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, + IN EFI_USER_PROFILE_HANDLE User, + OUT EFI_USER_INFO_IDENTIFIER *Identifier + ); + +/** + Indicate that user interface interaction has begun for the specified credential. + + This function is called when a credential provider is selected by the user. If + AutoLogon returns FALSE, then the user interface will be constructed by the User + Identity Manager. + + @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. + @param[out] AutoLogon On return, points to the credential provider's capabilities + after the credential provider has been selected by the user. + + @retval EFI_SUCCESS Credential provider successfully selected. + @retval EFI_INVALID_PARAMETER AutoLogon is NULL. + +**/ +EFI_STATUS +EFIAPI +CredentialSelect ( + IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, + OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon + ); + +/** + Indicate that user interface interaction has ended for the specified credential. + + This function is called when a credential provider is deselected by the user. + + @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. + + @retval EFI_SUCCESS Credential provider successfully deselected. + +**/ +EFI_STATUS +EFIAPI +CredentialDeselect ( + IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This + ); + +/** + Return the default logon behavior for this user credential. + + This function reports the default login behavior regarding this credential provider. + + @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. + @param[out] AutoLogon On return, holds whether the credential provider should be used + by default to automatically log on the user. + + @retval EFI_SUCCESS Default information successfully returned. + @retval EFI_INVALID_PARAMETER AutoLogon is NULL. + +**/ +EFI_STATUS +EFIAPI +CredentialDefault ( + IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, + OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon + ); + +/** + Return information attached to the credential provider. + + This function returns user information. + + @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. + @param[in] UserInfo Handle of the user information data record. + @param[out] Info On entry, points to a buffer of at least *InfoSize bytes. On + exit, holds the user information. If the buffer is too small + to hold the information, then EFI_BUFFER_TOO_SMALL is returned + and InfoSize is updated to contain the number of bytes actually + required. + @param[in, out] InfoSize On entry, points to the size of Info. On return, points to the + size of the user information. + + @retval EFI_SUCCESS Information returned successfully. + @retval EFI_BUFFER_TOO_SMALL The size specified by InfoSize is too small to hold all of the + user information. The size required is returned in *InfoSize. + @retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL. + @retval EFI_NOT_FOUND The specified UserInfo does not refer to a valid user info handle. + +**/ +EFI_STATUS +EFIAPI +CredentialGetInfo ( + IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, + IN EFI_USER_INFO_HANDLE UserInfo, + OUT EFI_USER_INFO *Info, + IN OUT UINTN *InfoSize + ); + + +/** + Enumerate all of the user informations on the credential provider. + + This function returns the next user information record. To retrieve the first user + information record handle, point UserInfo at a NULL. Each subsequent call will retrieve + another user information record handle until there are no more, at which point UserInfo + will point to NULL. + + @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL. + @param[in, out] UserInfo On entry, points to the previous user information handle or NULL + to start enumeration. On exit, points to the next user information + handle or NULL if there is no more user information. + + @retval EFI_SUCCESS User information returned. + @retval EFI_NOT_FOUND No more user information found. + @retval EFI_INVALID_PARAMETER UserInfo is NULL. + +**/ +EFI_STATUS +EFIAPI +CredentialGetNextInfo ( + IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This, + IN OUT EFI_USER_INFO_HANDLE *UserInfo + ); + +#endif diff --git a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderData.h b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderData.h new file mode 100644 index 0000000000..ffe0adea20 --- /dev/null +++ b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderData.h @@ -0,0 +1,33 @@ +/** @file + Data structure used by the Password Credential Provider driver. + +Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#ifndef _PWD_CREDENTIAL_PROVIDER_DATA_H_ +#define _PWD_CREDENTIAL_PROVIDER_DATA_H_ + +#define PWD_CREDENTIAL_PROVIDER_GUID \ + { \ + 0x78b9ec8b, 0xc000, 0x46c5, { 0xac, 0x93, 0x24, 0xa0, 0xc1, 0xbb, 0x0, 0xce } \ + } + +// +// Forms definition +// +#define FORMID_GET_PASSWORD_FORM 1 + +// +// Key defination +// +#define KEY_GET_PASSWORD 0x1000 + +#endif diff --git a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderDxe.inf b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderDxe.inf new file mode 100644 index 0000000000..0ffc24e076 --- /dev/null +++ b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderDxe.inf @@ -0,0 +1,53 @@ +## @file +# Component description file for Password Credential Provider. +# +# Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = PwdCredentialProvider + FILE_GUID = D6C589EA-DD29-49ef-97F6-1A9FE19A04E0 + MODULE_TYPE = UEFI_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = PasswordProviderInit + +[Sources] + PwdCredentialProvider.c + PwdCredentialProvider.h + PwdCredentialProviderData.h + PwdCredentialProviderVfr.Vfr + PwdCredentialProviderStrings.uni + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + UefiRuntimeServicesTableLib + UefiBootServicesTableLib + UefiDriverEntryPoint + MemoryAllocationLib + BaseMemoryLib + DebugLib + HiiLib + UefiLib + BaseCryptLib + +[Guids] + gEfiIfrTianoGuid ## CONSUMES ## Guid + gEfiUserCredentialClassPasswordGuid ## CONSUMES ## Guid + +[Protocols] + gEfiDevicePathProtocolGuid # PROTOCOL ALWAYS_CONSUMED + gEfiHiiConfigAccessProtocolGuid + gEfiUserCredentialProtocolGuid + gEfiUserManagerProtocolGuid \ No newline at end of file diff --git a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderStrings.uni b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderStrings.uni new file mode 100644 index 0000000000..48573b6e8e Binary files /dev/null and b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderStrings.uni differ diff --git a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderVfr.Vfr b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderVfr.Vfr new file mode 100644 index 0000000000..69f4be8c23 --- /dev/null +++ b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderVfr.Vfr @@ -0,0 +1,35 @@ +/** @file + Password Credential Provider formset. + +Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "PwdCredentialProviderData.h" + +formset + guid = PWD_CREDENTIAL_PROVIDER_GUID, + title = STRING_TOKEN(STR_CREDENTIAL_TITLE), + help = STRING_TOKEN(STR_NULL_STRING), + classguid = PWD_CREDENTIAL_PROVIDER_GUID, + + form formid = FORMID_GET_PASSWORD_FORM, + title = STRING_TOKEN(STR_FORM_TITLE); + + text + help = STRING_TOKEN(STR_NULL_STRING), + text = STRING_TOKEN(STR_INPUT_PASSWORD), + text = STRING_TOKEN(STR_NULL_STRING), + flags = INTERACTIVE, + key = KEY_GET_PASSWORD; + + endform; + +endformset; \ No newline at end of file -- cgit v1.2.3