1 /** @file
2   The header file for user profile manager driver.
3 
4 Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution.  The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
9 
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
12 
13 **/
14 
15 #ifndef __EFI_USER_PROFILE_MANAGER_H__
16 #define __EFI_USER_PROFILE_MANAGER_H__
17 
18 #include <Uefi.h>
19 
20 #include <Guid/GlobalVariable.h>
21 #include <Guid/MdeModuleHii.h>
22 
23 #include <Protocol/HiiConfigAccess.h>
24 #include <Protocol/UserCredential2.h>
25 #include <Protocol/UserManager.h>
26 
27 #include <Library/UefiRuntimeServicesTableLib.h>
28 #include <Library/UefiBootServicesTableLib.h>
29 #include <Library/MemoryAllocationLib.h>
30 #include <Library/BaseMemoryLib.h>
31 #include <Library/DevicePathLib.h>
32 #include <Library/DebugLib.h>
33 #include <Library/UefiLib.h>
34 #include <Library/PrintLib.h>
35 #include <Library/HiiLib.h>
36 
37 #include "UserProfileManagerData.h"
38 
39 #define  USER_NAME_LENGTH          17
40 
41 //
42 // Credential Provider Information.
43 //
44 typedef struct {
45   UINTN                         Count;
46   EFI_USER_CREDENTIAL2_PROTOCOL *Provider[1];
47 } CREDENTIAL_PROVIDER_INFO;
48 
49 //
50 // User profile information structure.
51 //
52 typedef struct {
53   UINT64    UsageCount;
54   EFI_TIME  CreateDate;
55   EFI_TIME  UsageDate;
56   UINTN     AccessPolicyLen;
57   UINTN     IdentityPolicyLen;
58   UINTN     NewIdentityPolicyLen;
59   UINT8     *AccessPolicy;
60   UINT8     *IdentityPolicy;
61   UINT8     *NewIdentityPolicy;
62   CHAR16    UserName[USER_NAME_LENGTH];
63   BOOLEAN   CreateDateExist;
64   BOOLEAN   UsageDateExist;
65   BOOLEAN   AccessPolicyModified;
66   BOOLEAN   IdentityPolicyModified;
67   BOOLEAN   NewIdentityPolicyModified;
68 } USER_INFO;
69 
70 //
71 // User access information structure.
72 //
73 typedef struct {
74   UINTN  LoadPermitLen;
75   UINTN  LoadForbidLen;
76   UINTN  ConnectPermitLen;
77   UINTN  ConnectForbidLen;
78   UINT8  *LoadPermit;
79   UINT8  *LoadForbid;
80   UINT8  *ConnectPermit;
81   UINT8  *ConnectForbid;
82   UINT32 AccessBootOrder;
83   UINT8  AccessRight;
84   UINT8  AccessSetup;
85 } USER_INFO_ACCESS;
86 
87 #define USER_PROFILE_MANAGER_SIGNATURE  SIGNATURE_32 ('U', 'P', 'M', 'S')
88 
89 typedef struct {
90   UINTN                           Signature;
91   EFI_HANDLE                      DriverHandle;
92   EFI_HII_HANDLE                  HiiHandle;
93   EFI_HII_CONFIG_ACCESS_PROTOCOL  ConfigAccess;
94 } USER_PROFILE_MANAGER_CALLBACK_INFO;
95 
96 //
97 // HII specific Vendor Device Path definition.
98 //
99 typedef struct {
100   VENDOR_DEVICE_PATH        VendorDevicePath;
101   EFI_DEVICE_PATH_PROTOCOL  End;
102 } HII_VENDOR_DEVICE_PATH;
103 
104 //
105 // This is the generated IFR binary data for each formset defined in VFR.
106 //
107 extern UINT8                               UserProfileManagerVfrBin[];
108 
109 //
110 // This is the generated String package data for .UNI file.
111 //
112 extern UINT8                               UserProfileManagerStrings[];
113 
114 //
115 // The user manager protocol, used in several function.
116 //
117 extern EFI_USER_MANAGER_PROTOCOL           *mUserManager;
118 
119 //
120 // The credential providers database in system.
121 //
122 extern CREDENTIAL_PROVIDER_INFO            *mProviderInfo;
123 
124 //
125 // The variables used to update identity policy.
126 //
127 extern UINT8                               mProviderChoice;
128 extern UINT8                               mConncetLogical;
129 
130 //
131 // The variables used to update access policy.
132 //
133 extern USER_INFO_ACCESS                    mAccessInfo;
134 
135 //
136 // The user information used to record all data in UI.
137 //
138 extern USER_INFO                           mUserInfo;
139 
140 extern USER_PROFILE_MANAGER_CALLBACK_INFO  *mCallbackInfo;
141 
142 extern EFI_USER_PROFILE_HANDLE             mModifyUser;
143 
144 /**
145   Get string by string id from HII Interface.
146 
147 
148   @param[in] Id      String ID to get the string from.
149 
150   @retval  CHAR16 *  String from ID.
151   @retval  NULL      If error occurs.
152 
153 **/
154 CHAR16 *
155 GetStringById (
156   IN EFI_STRING_ID             Id
157   );
158 
159 /**
160   Add a new user profile into the user profile database.
161 
162 **/
163 VOID
164 CallAddUser (
165   VOID
166   );
167 
168 /**
169   Display user select form; can select a user to modify.
170 
171 **/
172 VOID
173 SelectUserToModify  (
174   VOID
175   );
176 
177 /**
178   Display user select form, cab select a user to delete.
179 
180 **/
181 VOID
182 SelectUserToDelete (
183   VOID
184   );
185 
186 /**
187   Delete the user specified by UserIndex in user profile database.
188 
189   @param[in]  UserIndex    The index of user in the user name list to be deleted.
190 
191 **/
192 VOID
193 DeleteUser (
194   IN UINT8                                      UserIndex
195   );
196 
197 /**
198   Add a username item in form.
199 
200   @param[in]  User             Points to the user profile whose username is added.
201   @param[in]  Index            The index of the user in the user name list.
202   @param[in]  OpCodeHandle     Points to container for dynamic created opcodes.
203 
204 **/
205 VOID
206 AddUserToForm (
207   IN  EFI_USER_PROFILE_HANDLE                   User,
208   IN  UINT16                                    Index,
209   IN  VOID                                      *OpCodeHandle
210   );
211 
212 /**
213   Display modify user information form
214 
215   In this form, username, create Date, usage date, usage count, identity policy,
216   and access policy are displayed.
217 
218   @param[in] UserIndex       The index of the user in display list to modify.
219 
220 **/
221 VOID
222 ModifyUserInfo (
223   IN UINT8                                      UserIndex
224   );
225 
226 /**
227   Get the username from user input and update username string in Hii
228   database with it.
229 
230 **/
231 VOID
232 ModifyUserName (
233   VOID
234   );
235 
236 /**
237   Display the form of modifying user identity policy.
238 
239 **/
240 VOID
241 ModifyIdentityPolicy (
242   VOID
243   );
244 
245 /**
246   Update the mUserInfo.NewIdentityPolicy and UI when 'add option' is pressed.
247 
248 **/
249 VOID
250 AddIdentityPolicyItem (
251   VOID
252   );
253 
254 /**
255   Save the identity policy and update UI with it.
256 
257   This funciton will verify the new identity policy, in current implementation,
258   the identity policy can be:  T, P & P & P & ..., P | P | P | ...
259   Here, "T" means "True", "P" means "Credential Provider", "&" means "and", "|" means "or".
260   Other identity policies are not supported.
261 
262 **/
263 VOID
264 SaveIdentityPolicy (
265   VOID
266   );
267 
268 /**
269   Display modify user access policy form
270 
271   In this form, access right, access setu,p and access boot order are dynamically
272   added. Load devicepath and connect devicepath are displayed too.
273 
274 **/
275 VOID
276 ModidyAccessPolicy (
277   VOID
278   );
279 
280 /**
281   Collect all the access policy data to mUserInfo.AccessPolicy,
282   and save it to user profile.
283 
284 **/
285 VOID
286 SaveAccessPolicy (
287   VOID
288   );
289 
290 /**
291   Get current user's access rights.
292 
293   @param[out]  AccessRight   Points to the buffer used for user's access rights.
294 
295   @retval EFI_SUCCESS        Get current user access rights successfully.
296   @retval others             Fail to get current user access rights.
297 
298 **/
299 EFI_STATUS
300 GetAccessRight (
301   OUT  UINT32                                    *AccessRight
302   );
303 
304 /**
305   Display the permit load device path in the loadable device path list.
306 
307 **/
308 VOID
309 DisplayLoadPermit(
310   VOID
311   );
312 
313 /**
314   Display the forbid load device path list (mAccessInfo.LoadForbid).
315 
316 **/
317 VOID
318 DisplayLoadForbid (
319   VOID
320   );
321 
322 /**
323   Display the permit connect device path.
324 
325 **/
326 VOID
327 DisplayConnectPermit (
328   VOID
329   );
330 
331 /**
332   Display the forbid connect device path list.
333 
334 **/
335 VOID
336 DisplayConnectForbid (
337   VOID
338   );
339 
340 /**
341   Delete the specified device path by DriverIndex from the forbid device path
342   list (mAccessInfo.LoadForbid).
343 
344   @param[in]  DriverIndex   The index of driver in a forbidden device path list.
345 
346 **/
347 VOID
348 DeleteFromForbidLoad (
349   IN  UINT16                                    DriverIndex
350   );
351 
352 /**
353   Add the specified device path by DriverIndex to the forbid device path
354   list (mAccessInfo.LoadForbid).
355 
356   @param[in]  DriverIndex   The index of driver saved in driver options.
357 
358 **/
359 VOID
360 AddToForbidLoad (
361   IN  UINT16                                    DriverIndex
362   );
363 
364 /**
365   Get user name from the popup windows.
366 
367   @param[in, out]  UserNameLen   On entry, point to the buffer lengh of UserName.
368                                  On exit, point to the input user name length.
369   @param[out]      UserName      The buffer to hold the input user name.
370 
371   @retval EFI_ABORTED            It is given up by pressing 'ESC' key.
372   @retval EFI_NOT_READY          Not a valid input at all.
373   @retval EFI_SUCCESS            Get a user name successfully.
374 
375 **/
376 EFI_STATUS
377 GetUserNameInput (
378   IN OUT  UINTN         *UserNameLen,
379      OUT  CHAR16        *UserName
380   );
381 
382 /**
383   Find the specified info in User profile by the InfoType.
384 
385   @param[in]  User         Handle of the user whose information will be searched.
386   @param[in]  InfoType     The user information type to find.
387   @param[out] UserInfo     Points to user information handle found.
388 
389   @retval EFI_SUCCESS      Find the user information successfully.
390   @retval Others           Fail to find the user information.
391 
392 **/
393 EFI_STATUS
394 FindInfoByType (
395   IN  EFI_USER_PROFILE_HANDLE                   User,
396   IN  UINT8                                     InfoType,
397   OUT EFI_USER_INFO_HANDLE                      *UserInfo
398   );
399 
400 /**
401   Convert the identity policy to a unicode string and update the Hii database
402   IpStringId string with it.
403 
404   @param[in]  Ip         Points to identity policy.
405   @param[in]  IpLen      The identity policy length.
406   @param[in]  IpStringId String ID in the HII database to be replaced.
407 
408 **/
409 VOID
410 ResolveIdentityPolicy (
411   IN  UINT8                                     *Ip,
412   IN  UINTN                                     IpLen,
413   IN  EFI_STRING_ID                             IpStringId
414   );
415 
416 /**
417   Expand access policy memory size.
418 
419   @param[in] ValidLen       The valid access policy length.
420   @param[in] ExpandLen      The length that is needed to expand.
421 
422 **/
423 VOID
424 ExpandMemory (
425   IN      UINTN                                 ValidLen,
426   IN      UINTN                                 ExpandLen
427   );
428 
429 /**
430   Delete User's credental from all the providers that exist in User's identity policy.
431 
432   @param[in]  IdentityPolicy     Point to User's identity policy.
433   @param[in]  IdentityPolicyLen  The length of the identity policy.
434   @param[in]  User               Points to user profile.
435 
436 **/
437 VOID
438 DeleteCredentialFromProviders (
439   IN     UINT8                                *IdentityPolicy,
440   IN     UINTN                                 IdentityPolicyLen,
441   IN     EFI_USER_PROFILE_HANDLE               User
442   );
443 
444 #endif
445