/**
Delete the user specified by UserIndex in user profile database.
@param[in] UserIndex The index of user in the user name list
to be deleted.
**/
VOID
DeleteUser (
IN UINT8 UserIndex
)
{
EFI_STATUS Status;
EFI_USER_PROFILE_HANDLE User;
EFI_INPUT_KEY Key;
EFI_USER_INFO_HANDLE UserInfo;
EFI_USER_INFO *Info;
UINTN InfoSize;
//
// Find specified user profile and delete it.
//
User = NULL;
Status = mUserManager->GetNext (mUserManager, &User);
if (EFI_ERROR (Status)) {
goto Done;
}
while (UserIndex > 1) {
Status = mUserManager->GetNext (mUserManager, &User);
if (EFI_ERROR (Status)) {
goto Done;
}
UserIndex--;
}
if (UserIndex == 1) {
//
// Get the identification policy.
//
Status = FindInfoByType (User, EFI_USER_INFO_IDENTITY_POLICY_RECORD, &UserInfo);
if (EFI_ERROR (Status)) {
goto Done;
}
InfoSize = 0;
Info = NULL;
Status = mUserManager->GetInfo (mUserManager, User, UserInfo, Info, &InfoSize);
if (Status == EFI_BUFFER_TOO_SMALL) {
Info = AllocateZeroPool (InfoSize);
if (Info == NULL) {
goto Done;
}
Status = mUserManager->GetInfo (mUserManager, User, UserInfo, Info, &InfoSize);
}
//
// Delete the user on the credential providers by its identification policy.
//
ASSERT (Info != NULL);
DeleteCredentialFromProviders ((UINT8 *)(Info + 1), Info->InfoSize - sizeof (EFI_USER_INFO), User);
FreePool (Info);
Status = mUserManager->Delete (mUserManager, User);
if (EFI_ERROR (Status)) {
goto Done;
}
CreatePopUp (
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
&Key,
L"Delete User Succeed!",
L"",
L"Please Press Any Key to Continue ...",
NULL
);
return ;
}
Done:
CreatePopUp (
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
&Key,
L"Delete User Failed!",
L"",
L"Please Press Any Key to Continue ...",
NULL
);
}
/**
Collect all the access policy data to mUserInfo.AccessPolicy,
and save it to user profile.
**/
VOID
SaveAccessPolicy (
VOID
)
{
EFI_STATUS Status;
UINTN OffSet;
UINTN Size;
EFI_USER_INFO_ACCESS_CONTROL Control;
EFI_USER_INFO_HANDLE UserInfo;
EFI_USER_INFO *Info;
if (mUserInfo.AccessPolicy != NULL) {
FreePool (mUserInfo.AccessPolicy);
}
mUserInfo.AccessPolicy = NULL;
mUserInfo.AccessPolicyLen = 0;
mUserInfo.AccessPolicyModified = TRUE;
OffSet = 0;
//
// Save access right.
//
Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL);
if (mUserInfo.AccessPolicyLen - OffSet < Size) {
ExpandMemory (OffSet, Size);
}
Control.Type = mAccessInfo.AccessRight;
Control.Size = (UINT32) Size;
CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));
OffSet += sizeof (Control);
//
// Save access setup.
//
Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + sizeof (EFI_GUID);
if (mUserInfo.AccessPolicyLen - OffSet < Size) {
ExpandMemory (OffSet, Size);
}
Control.Type = EFI_USER_INFO_ACCESS_SETUP;
Control.Size = (UINT32) Size;
CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));
OffSet += sizeof (Control);
if (mAccessInfo.AccessSetup == ACCESS_SETUP_NORMAL) {
CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), &gEfiUserInfoAccessSetupNormalGuid);
} else if (mAccessInfo.AccessSetup == ACCESS_SETUP_RESTRICTED) {
CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), &gEfiUserInfoAccessSetupRestrictedGuid);
} else if (mAccessInfo.AccessSetup == ACCESS_SETUP_ADMIN) {
CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), &gEfiUserInfoAccessSetupAdminGuid);
}
OffSet += sizeof (EFI_GUID);
//
// Save access of boot order.
//
Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + sizeof (UINT32);
if (mUserInfo.AccessPolicyLen - OffSet < Size) {
ExpandMemory (OffSet, Size);
}
Control.Type = EFI_USER_INFO_ACCESS_BOOT_ORDER;
Control.Size = (UINT32) Size;
CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));
OffSet += sizeof (Control);
CopyMem ((UINT8 *) (mUserInfo.AccessPolicy + OffSet), &mAccessInfo.AccessBootOrder, sizeof (UINT32));
OffSet += sizeof (UINT32);
//
// Save permit load.
//
if (mAccessInfo.LoadPermitLen > 0) {
Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.LoadPermitLen;
if (mUserInfo.AccessPolicyLen - OffSet < Size) {
ExpandMemory (OffSet, Size);
}
Control.Type = EFI_USER_INFO_ACCESS_PERMIT_LOAD;
Control.Size = (UINT32) Size;
CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));
OffSet += sizeof (Control);
CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.LoadPermit, mAccessInfo.LoadPermitLen);
OffSet += mAccessInfo.LoadPermitLen;
}
//
// Save forbid load.
//
if (mAccessInfo.LoadForbidLen > 0) {
Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.LoadForbidLen;
if (mUserInfo.AccessPolicyLen - OffSet < Size) {
ExpandMemory (OffSet, Size);
}
Control.Type = EFI_USER_INFO_ACCESS_FORBID_LOAD;
Control.Size = (UINT32) Size;
CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));
OffSet += sizeof (Control);
CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.LoadForbid, mAccessInfo.LoadForbidLen);
OffSet += mAccessInfo.LoadForbidLen;
}
//
// Save permit connect.
//
if (mAccessInfo.ConnectPermitLen > 0) {
Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.ConnectPermitLen;
if (mUserInfo.AccessPolicyLen - OffSet < Size) {
ExpandMemory (OffSet, Size);
}
Control.Type = EFI_USER_INFO_ACCESS_PERMIT_CONNECT;
Control.Size = (UINT32) Size;
CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));
OffSet += sizeof (Control);
CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.ConnectPermit, mAccessInfo.ConnectPermitLen);
OffSet += mAccessInfo.ConnectPermitLen;
}
//
// Save forbid connect.
//
if (mAccessInfo.ConnectForbidLen > 0) {
Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.ConnectForbidLen;
if (mUserInfo.AccessPolicyLen - OffSet < Size) {
ExpandMemory (OffSet, Size);
}
Control.Type = EFI_USER_INFO_ACCESS_FORBID_CONNECT;
Control.Size = (UINT32) Size;
CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));
OffSet += sizeof (Control);
CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.ConnectForbid, mAccessInfo.ConnectForbidLen);
OffSet += mAccessInfo.ConnectForbidLen;
}
mUserInfo.AccessPolicyLen = OffSet;
//
// Save access policy.
//
if (mUserInfo.AccessPolicyModified && (mUserInfo.AccessPolicyLen > 0) && (mUserInfo.AccessPolicy != NULL)) {
Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + mUserInfo.AccessPolicyLen);
if (Info == NULL) {
return ;
}
Status = FindInfoByType (mModifyUser, EFI_USER_INFO_ACCESS_POLICY_RECORD, &UserInfo);
if (!EFI_ERROR (Status)) {
Info->InfoType = EFI_USER_INFO_ACCESS_POLICY_RECORD;
Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV |
EFI_USER_INFO_PUBLIC |
EFI_USER_INFO_EXCLUSIVE;
Info->InfoSize = (UINT32) (sizeof (EFI_USER_INFO) + mUserInfo.AccessPolicyLen);
CopyMem ((UINT8 *) (Info + 1), mUserInfo.AccessPolicy, mUserInfo.AccessPolicyLen);
Status = mUserManager->SetInfo (
mUserManager,
mModifyUser,
&UserInfo,
Info,
Info->InfoSize
);
mUserInfo.AccessPolicyModified = FALSE;
}
FreePool (Info);
}
if (mAccessInfo.ConnectForbid != NULL) {
FreePool (mAccessInfo.ConnectForbid);
mAccessInfo.ConnectForbid = NULL;
}
if (mAccessInfo.ConnectPermit != NULL) {
FreePool (mAccessInfo.ConnectPermit);
mAccessInfo.ConnectPermit = NULL;
}
if (mAccessInfo.LoadForbid != NULL) {
FreePool (mAccessInfo.LoadForbid);
mAccessInfo.LoadForbid = NULL;
}
if (mAccessInfo.LoadPermit != NULL) {
FreePool (mAccessInfo.LoadPermit);
mAccessInfo.LoadPermit = NULL;
}
}
/**
Save the identity policy and update UI with it.
This funciton will verify the new identity policy, in current implementation,
the identity policy can be: T, P & P & P & ..., P | P | P | ...
Here, "T" means "True", "P" means "Credential Provider", "&" means "and", "|" means "or".
Other identity policies are not supported.
**/
VOID
SaveIdentityPolicy (
VOID
)
{
EFI_STATUS Status;
EFI_USER_INFO_HANDLE UserInfo;
EFI_USER_INFO *Info;
if (!mUserInfo.NewIdentityPolicyModified || (mUserInfo.NewIdentityPolicyLen == 0)) {
return;
}
//
// Check policy expression.
//
if (!CheckNewIdentityPolicy (mUserInfo.NewIdentityPolicy, mUserInfo.NewIdentityPolicyLen)) {
return;
}
Status = FindInfoByType (mModifyUser, EFI_USER_INFO_IDENTITY_POLICY_RECORD, &UserInfo);
if (EFI_ERROR (Status)) {
return ;
}
//
// Update the informantion on credential provider.
//
Status = UpdateCredentialProvider ();
if (EFI_ERROR (Status)) {
return ;
}
//
// Save new identification policy.
//
Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + mUserInfo.NewIdentityPolicyLen);
ASSERT (Info != NULL);
Info->InfoType = EFI_USER_INFO_IDENTITY_POLICY_RECORD;
Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE;
Info->InfoSize = (UINT32) (sizeof (EFI_USER_INFO) + mUserInfo.NewIdentityPolicyLen);
CopyMem ((UINT8 *) (Info + 1), mUserInfo.NewIdentityPolicy, mUserInfo.NewIdentityPolicyLen);
Status = mUserManager->SetInfo (mUserManager, mModifyUser, &UserInfo, Info, Info->InfoSize);
FreePool (Info);
//
// Update the mUserInfo.IdentityPolicy by mUserInfo.NewIdentityPolicy
//
if (mUserInfo.IdentityPolicy != NULL) {
FreePool (mUserInfo.IdentityPolicy);
}
mUserInfo.IdentityPolicy = mUserInfo.NewIdentityPolicy;
mUserInfo.IdentityPolicyLen = mUserInfo.NewIdentityPolicyLen;
mUserInfo.NewIdentityPolicy = NULL;
mUserInfo.NewIdentityPolicyLen = 0;
mUserInfo.NewIdentityPolicyModified = FALSE;
//
// Update identity policy choice.
//
ResolveIdentityPolicy (mUserInfo.IdentityPolicy, mUserInfo.IdentityPolicyLen, STRING_TOKEN (STR_IDENTIFY_POLICY_VAL));
}
