-
Notifications
You must be signed in to change notification settings - Fork 6
/
Update_local_password_for_jamf_connect
177 lines (138 loc) · 5.14 KB
/
Update_local_password_for_jamf_connect
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
adminName=$4
adminPass=$5
rescueUser="rescue"
if [[ -z "$adminName" ]] || [[ -z "$adminPass" ]] ; then
echo "admin name or admin pass missing"
exit 1
fi
#Get logged in user
loggedInUser=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
if [[ -z "$loggedInUser" ]] || [[ "$loggedInUser" == 'root' ]] || [[ "$loggedInUser" == "loginwindow" ]] ; then
echo "Failed to gather loggedInUser correctly"
exit 1
else
echo "loggedInUser is $loggedInUser"
fi
loggedInUID=$(id -u "$loggedInUser")
if [[ "$loggedInUser" == "$adminName" ]] ; then
PROCEED="button returned:Yes"
else
DESCRIPTION="WARNING: This is designed to be used when the password the the primary account for this computer has been forgotten. Please use only with the assistance of Helpdesk."
PROCEED="$(osascript -e 'display dialog "'"$DESCRIPTION"'" buttons {"Yes", "No"} default button "Yes"')"
fi
if [ "$PROCEED" = "button returned:Yes" ]; then
echo "Yes, continue with script."
else
echo "No, cancel script."
exit 1
fi
#### SET UP DISPLAY DIALOG FUNCTION
#### SET UP DISPLAY DIALOG FUNCTION
DisplayDialog(){
local dialogText="$1"
echo "$dialogText"
#Log "Display Dialog: $dialogText"
cmd="display dialog \"$dialogText\" buttons {\"Continue\"} default button 1 giving up after 180"
if [[ -z "$loggedInUID" ]] || [[ -z "$loggedInUser" ]] ; then
/usr/bin/osascript -e "$cmd"
else
/bin/launchctl asuser "$loggedInUID" sudo -iu "$loggedInUser" /usr/bin/osascript -e "$cmd"
fi
}
### MAKE SURE WE HAVE BOTH VARIABLES
if [[ -z "$adminName" ]] || [[ -z "$adminPass" ]] ; then
DisplayDialog "Either admin username or admin password is missing"
exit 1
fi
echo " "
echo "Checking admin passsword"
adminPassCheck=$(/usr/bin/dscl /Local/Default -authonly "$adminName" "$adminPass")
if [[ -z "$adminPassCheck" ]]; then
echo "Continue"
else
DisplayDialog "admin Password not set correctly"
exit 1
fi
echo " "
echo "Making sure password is eligible for Jamf Connect password reset"
check4AD="$(/usr/bin/dscl localhost -list . | grep "Active Directory")"
jamfConnect="/Applications/Jamf Connect.app"
NETACCLIST=$(dscl . list /Users OriginalNodeName | awk '{print $1}' 2>/dev/null)
if [ "${check4AD}" != "Active Directory" ]; then
echo "computer not bound to AD"
else
DisplayDialog "Computer bound to AD"
exit 1
fi
if [[ -e "$jamfConnect" ]] ; then
echo "jamf connect installed"
else
DisplayDialog "Jamf connect not installed"
exit 1
fi
if [[ -n "$NETACCLIST" ]] ; then
DisplayDialog "mobile accounts found."
exit 1
else
echo "no mobile accounts"
fi
#
## get username to change
echo "prompting user for Account Username"
userName=$(/bin/launchctl asuser "$loggedInUID" sudo -iu "$loggedInUser" /usr/bin/osascript<<END
text returned of (display dialog "Enter the username whose password you want to change:" default answer "" buttons {"Continue"} default button 1 giving up after 60 )
END
)
## CANNOT CHANGE PASSWORD OF LOGGED IN USER.
## this doesn't make sure the user isn't logged in, but it does make sure the user isn't the current user
if [[ "$userName" == "$loggedInUser" ]] ; then
DisplayDialog "You cannot change the password of the currently logged in user."
exit 1
elif [[ "$userName" == "$adminName" ]] || [[ "$userName" == "$rescueUser" ]] ; then
DisplayDialog "You cannot change the password of $userName."
exit 1
fi
otherUsersInstalled="$(dscl . list /Users UniqueID | awk '$2 > 499 { print $1 }' | grep -v "${adminName}" | grep -v 'rescue' )"
userCheck="$(echo "${otherUsersInstalled}" | grep "${userName}")"
if [[ -z "${userCheck}" ]] ; then
DisplayDialog "$userName not found computer userlist: $otherUsersInstalled"
exit 1
else
echo "$userName found computer userlist"
fi
echo "prompting user for Account Password"
userPass=$(/bin/launchctl asuser "$loggedInUID" sudo -iu "$loggedInUser" /usr/bin/osascript<<END
text returned of (display dialog "Enter $userName's new password that matches AD." default answer "" buttons {"Continue"} default button 1 giving up after 60 )
END
)
echo "prompting user for Account Password"
verifyPass=$(/bin/launchctl asuser "$loggedInUID" sudo -iu "$loggedInUser" /usr/bin/osascript<<END
text returned of (display dialog "Verify $userName's new password." default answer "" buttons {"Continue"} default button 1 giving up after 60 )
END
)
if [[ "${userPass}" == "${verifyPass}" ]] ; then
echo "userPass and verifyPass match"
else
DisplayDialog "Passwords do not match."
exit 1
fi
# WITH HIDDEN ANSWER
# userPass=$(/usr/bin/osascript<<END
# tell application "System Events"
# activate
# set the answer to text returned of (display dialog "Enter $loggedInUser's Current Account Password:" default answer "" with hidden answer buttons {"Continue"} default button 1)
# end tell
# END
# )
sysadminctl -adminUser "${adminName}" -adminPassword "${adminPass}" -resetPasswordFor "${userName}" -newPassword "${userPass}"
echo " "
echo "Checking admin passsword"
userPassCheck=$(/usr/bin/dscl /Local/Default -authonly "$userName" "$userPass")
if [[ -z "$userPassCheck" ]]; then
echo "Continue"
DisplayDialog "Password Change Successful"
else
echo "user Password not set correctly"
DisplayDialog "Password Change Failed"
exit 1
fi