Permalink
Browse files

Merge branch 'master' of https://github.com/munki/munki

  • Loading branch information...
gregneagle committed Dec 12, 2016
2 parents b4dbbe2 + 5ac861a commit 4f45a6a68319d637559b8cf9c5a2753e40abd175
Showing with 69 additions and 22 deletions.
  1. +13 −8 code/client/managedsoftwareupdate
  2. +56 −14 code/client/munkilib/munkicommon.py
@@ -280,16 +280,21 @@ def doRestart():
# no-one is logged in or we're at the loginwindow
time.sleep(5)
#check to see if we should perform an AuthRestart
os_version_tuple = munkicommon.getOsVersion(as_tuple=True)
if (munkicommon.pref('PerformAuthRestarts')
and munkicommon.pref('RecoveryKeyFile')):
munkicommon.log('Starting Authorized Restart...')
and munkicommon.pref('RecoveryKeyFile')
and os_version_tuple >= (10, 8)):
munkicommon.display_debug1('Configured to perform AuthRestarts...')
# try to perform an auth restart
munkicommon.perform_auth_restart()
time.sleep(2)
# if we got to here then the auth restart failed, notify that it did
# then perform a normal restart
munkicommon.display_warning(
'Authorized Restart Failed. Performing normal restart...')
if not munkicommon.perform_auth_restart():
# if we got to here then the auth restart failed
# notify that it did then perform a normal restart
munkicommon.display_warning(
'Authorized Restart Failed. Performing normal restart...')
else:
# we should be performing the auth restart now give it time to
# complete
time.sleep(10)
dummy_retcode = subprocess.call(['/sbin/shutdown', '-r', 'now'])
else:
if munkicommon.munkistatusoutput:
@@ -2779,18 +2779,50 @@ def blockingApplicationsRunning(pkginfoitem):
return True
return False


def supports_auth_restart():
"""Check if the machine supports an authorized
restart, returns True or False accordingly
NOTE: This does not check to see if FileVault is
enabled as it may return true on a machine with
FileVault disabled."""
cmd = ['/usr/bin/fdesetup', 'supportsauthrestart']
if subprocess.check_output(cmd).strip() == 'true':
"""Check if FileVault is enabled then checks
if an Authorized Restart is supported, returns True
or False accordingly.
"""
display_debug1('Checking if FileVault is Enabled...')
active_cmd = ['/usr/bin/fdesetup', 'isactive']
try:
is_active = subprocess.check_output(
active_cmd, stderr=subprocess.STDOUT)
except subprocess.CalledProcessError as exc:
if exc.output and 'false' in exc.output:
display_warning('FileVault appears to be Disabled...')
return False
if not exc.output:
display_warning(
'Encountered problem determining FileVault Status...')
return False
display_warning(exc.output)
return False
display_debug1(
'Checking if FileVault can perform an AuthRestart...')
support_cmd = ['/usr/bin/fdesetup', 'supportsauthrestart']
try:
is_supported = subprocess.check_output(
support_cmd, stderr=subprocess.STDOUT)
except subprocess.CalledProcessError as exc:
if not exc.output:
display_warning(
'Encountered problem determining AuthRestart Status...')
return False
display_warning(exc.output)
return False
if 'true' in is_active and 'true' in is_supported:
display_debug1(
'FileVault is On and Supports an AuthRestart...')
return True
else:
display_warning(
'FileVault is Disabled or does not support an AuthRestart...')
return False


def get_auth_restart_key():
"""Returns recovery key as a string... If we failed
to get the proper information, returns an empty string"""
@@ -2813,31 +2845,41 @@ def get_auth_restart_key():
return ''
except KeyError:
display_error(
'Problem with Key: RecoveryKey in {0}...'.format(recoverykeyplist))
'Problem with Key: RecoveryKey in {0}...'.format(recoverykeyplist))
return ''


def perform_auth_restart():
"""When called this will perform an authorized restart. Before trying
to perform an authorized restart it checks to see if the machine supports
the feature. If supported it will then look for the defined plist containing
a key called RecoveryKey. It will use that value to perform the restart"""
display_debug1('Checking if machine supports Authorized Restarts...')
display_debug1(
'Checking if performing an Auth Restart is fully supported...')
if not supports_auth_restart():
display_warning("Machine doesn't support Authorized Restarts...")
return ''
return False
display_debug1('Machine Supports Authorized Restarts...')
recovery_key = get_auth_restart_key()
if not recovery_key:
return ''
key = { 'Password': recovery_key }
return False
key = {'Password': recovery_key}
inputplist = FoundationPlist.writePlistToString(key)
log('Attempting an Authorized Restart Now...')
cmd = subprocess.Popen(
['/usr/bin/fdesetup','authrestart','-inputplist'],
stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.PIPE)
['/usr/bin/fdesetup', 'authrestart', '-inputplist'],
stdout=subprocess.PIPE,
stdin=subprocess.PIPE,
stderr=subprocess.PIPE)
(out, err) = cmd.communicate(input=inputplist)
os_version_tuple = getOsVersion(as_tuple=True)
if os_version_tuple >= (10, 12) and 'System is being restarted' in err:
return True
if err:
display_error(err)
return False
else:
return True


# module globals

0 comments on commit 4f45a6a

Please sign in to comment.