-
Notifications
You must be signed in to change notification settings - Fork 0
Jaykrishnak/Recovery-Key-Re-issue-in-Mac
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
#!/bin/bash #################################################################################################### # # Copyright (c) 2017, JAMF Software, LLC. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: # * Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # * Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # * Neither the name of the JAMF Software, LLC nor the # names of its contributors may be used to endorse or promote products # derived from this software without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY JAMF SOFTWARE, LLC "AS IS" AND ANY # EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE # DISCLAIMED. IN NO EVENT SHALL JAMF SOFTWARE, LLC BE LIABLE FOR ANY # DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES # (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND # ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # #################################################################################################### # # Description # # The purpose of this script is to allow a new individual recovery key to be issued # if the current key is invalid and the management account is not enabled for FV2, # or if the machine was encrypted outside of the JSS. # # First put a configuration profile for FV2 recovery key redirection in place. # Ensure keys are being redirected to your JSS. # # This script will prompt the user for their password so a new FV2 individual # recovery key can be issued and redirected to the JSS. # #################################################################################################### # # HISTORY # # -Created by Sam Fortuna on Sept. 5, 2014 # -Updated by Sam Fortuna on Nov. 18, 2014 # -Added support for 10.10 # -Updated by Sam Fortuna on June 23, 2015 # -Properly escapes special characters in user passwords # -Updated by Bram Cohen on May 27, 2016 # -Pipe FV key and password to /dev/null # -Updated by Jordan Wisniewski on Dec 5, 2016 # -Removed quotes for 'send {${userPass}} ' so # passwords with spaces work. # -Updated by Shane Brown/Kylie Bareis on Aug 29, 2017 # - Fixed an issue with usernames that contain # sub-string matches of each other. # -Updated by Bram Cohen on Jan 3, 2018 # - 10.13 adds a new prompt for username before password in changerecovery # -Updated by Matt Boyle on July 6, 2018 # - Error handeling, custom Window Lables, Messages and FV2 Icon # -Updated by David Raabe on July 26, 2018 # - Added Custom Branding to pop up windows # -Updated by Sebastien Del Saz Alvarez on January 22, 2021 # -Changed OS variable and relevant if statements to use OS Build rather than OS Version to avoid errors in Big Sur #################################################################################################### # # Parameter 4 = Set organization name in pop up window # Parameter 5 = Failed Attempts until Stop # Parameter 6 = Custom text for contact information. # Parameter 7 = Custom Branding - Defaults to Self Service Icon #Customizing Window selfServiceBrandIcon="/Users/$3/Library/Application Support/com.jamfsoftware.selfservice.mac/Documents/Images/brandingimage.png" jamfBrandIcon="/Library/Application Support/JAMF/Jamf.app/Contents/Resources/AppIcon.icns" fileVaultIcon="/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/FileVaultIcon.icns" if [ ! -z "$4" ] then orgName="$4 -" fi if [ ! -z "$6" ] then haltMsg="$6" else haltMsg="Please Contact IT for Further assistance." fi if [[ ! -z "$7" ]]; then brandIcon="$7" elif [[ -f $selfServiceBrandIcon ]]; then brandIcon=$selfServiceBrandIcon elif [[ -f $jamfBrandIcon ]]; then brandIcon=$jamfBrandIcon else brandIcon=$fileVaultIcon fi ## Get the logged in user's name userName=$(/usr/bin/stat -f%Su /dev/console) ## Grab the UUID of the User userNameUUID=$(dscl . -read /Users/$userName/ GeneratedUID | awk '{print $2}') ## Get the OS build BUILD=`/usr/bin/sw_vers -buildVersion | awk {'print substr ($0,0,2)'}` ## This first user check sees if the logged in account is already authorized with FileVault 2 userCheck=`fdesetup list | awk -v usrN="$userNameUUID" -F, 'match($0, usrN) {print $1}'` if [ "${userCheck}" != "${userName}" ]; then echo "This user is not a FileVault 2 enabled user." exit 3 fi ## Counter for Attempts try=0 if [ ! -z "$5" ] then maxTry=$5 else maxTry=2 fi ## Check to see if the encryption process is complete encryptCheck=`fdesetup status` statusCheck=$(echo "${encryptCheck}" | grep "FileVault is On.") expectedStatus="FileVault is On." if [ "${statusCheck}" != "${expectedStatus}" ]; then echo "The encryption process has not completed." echo "${encryptCheck}" exit 4 fi passwordPrompt () { ## Get the logged in user's password via a prompt echo "Prompting ${userName} for their login password." userPass=$(/usr/bin/osascript -e " on run display dialog \"To generate a new FileVault key\" & return & \"Enter login password for '$userName'\" default answer \"\" with title \"$orgName FileVault Key Reset\" buttons {\"Cancel\", \"Ok\"} default button 2 with icon POSIX file \"$brandIcon\" with text and hidden answer set userPass to text returned of the result return userPass end run") if [ "$?" == "1" ] then echo "User Canceled" exit 0 fi try=$((try+1)) if [[ $BUILD -ge 13 ]] && [[ $BUILD -lt 17 ]]; then ## This "expect" block will populate answers for the fdesetup prompts that normally occur while hiding them from output result=$(expect -c " log_user 0 spawn fdesetup changerecovery -personal expect \"Enter a password for '/', or the recovery key:\" send {${userPass}} send \r log_user 1 expect eof " >> /dev/null) elif [[ $BUILD -ge 17 ]]; then result=$(expect -c " log_user 0 spawn fdesetup changerecovery -personal expect \"Enter the user name:\" send {${userName}} send \r expect \"Enter a password for '/', or the recovery key:\" send {${userPass}} send \r log_user 1 expect eof ") else echo "OS version not 10.9+ or OS version unrecognized" echo "$(/usr/bin/sw_vers -productVersion)" exit 5 fi } successAlert () { /usr/bin/osascript -e " on run display dialog \"\" & return & \"Your FileVault Key was successfully Changed\" with title \"$orgName FileVault Key Reset\" buttons {\"Close\"} default button 1 with icon POSIX file \"$brandIcon\" end run" } errorAlert () { /usr/bin/osascript -e " on run display dialog \"FileVault Key not Changed\" & return & \"$result\" buttons {\"Cancel\", \"Try Again\"} default button 2 with title \"$orgName FileVault Key Reset\" with icon POSIX file \"$brandIcon\" end run" if [ "$?" == "1" ] then echo "User Canceled" exit 0 else try=$(($try+1)) fi } haltAlert () { /usr/bin/osascript -e " on run display dialog \"FileVault Key not changed\" & return & \"$haltMsg\" buttons {\"Close\"} default button 1 with title \"$orgName FileVault Key Reset\" with icon POSIX file \"$brandIcon\" end run " } while true do passwordPrompt if [[ $result = *"Error"* ]] then echo "Error Changing Key" if [ $try -ge $maxTry ] then haltAlert echo "Quitting.. Too Many failures" exit 0 else echo $result errorAlert fi else echo "Successfully Changed FV2 Key" successAlert exit 0 fi done
About
No description, website, or topics provided.
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published