Skip to content

Commit

Permalink
create user mech
Browse files Browse the repository at this point in the history
  • Loading branch information
@twocanoes
twocanoes committed Jul 23, 2022
1 parent 26b995a commit 2bd3cb8
Show file tree
Hide file tree
Showing 11 changed files with 377 additions and 64 deletions.
8 changes: 8 additions & 0 deletions XCreds/PrefKeys.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,16 @@ enum PrefKeys: String {
}
func getManagedPreference(key: Preferences) -> Any? {


if let preference = UserDefaults.standard.value(forKey: key.rawValue) {
os_log("Found managed preference: %{public}@", type: .debug, key.rawValue)
return preference
}


return nil
}

enum Preferences: String {
/// The desired AD domain as a `String`.
case ADDomain
Expand Down
6 changes: 3 additions & 3 deletions XCredsLoginPlugIn/ContextAndHintHandling.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,9 @@ enum HintType: String {
case user
case domain
case pass
case first
case last
case full
case firstName
case lastName
case fullName
case groups
case uid
case gid
Expand Down
72 changes: 45 additions & 27 deletions XCredsLoginPlugIn/LoginWindow/LoginWebViewController.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,40 +71,44 @@ class LoginWebViewController: WebViewController {
var username:String
let defaultsUsername = UserDefaults.standard.string(forKey: PrefKeys.username.rawValue)

if let defaultsUsername = defaultsUsername {
username = defaultsUsername
}
else {
let idToken = tokens.idToken
let idToken = tokens.idToken

let array = idToken.components(separatedBy: ".")
let array = idToken.components(separatedBy: ".")

if array.count != 3 {
TCSLogWithMark("idToken is invalid")
delegate.denyLogin()
if array.count != 3 {
TCSLogWithMark("idToken is invalid")
delegate.denyLogin()


}
let body = array[1]
guard let data = base64UrlDecode(value:body ) else {
TCSLogWithMark("error decoding id token base64")
delegate.denyLogin()
return
}
}
let body = array[1]
guard let data = base64UrlDecode(value:body ) else {
TCSLogWithMark("error decoding id token base64")
delegate.denyLogin()
return
}

let decoder = JSONDecoder()
var idTokenObject:IDToken
do {
idTokenObject = try decoder.decode(IDToken.self, from: data)

let decoder = JSONDecoder()
var idTokenObject:IDToken
do {
idTokenObject = try decoder.decode(IDToken.self, from: data)

}
catch {
TCSLogWithMark("error decoding idtoken::")
TCSLogWithMark("Token:\(body)")
delegate.denyLogin()
return
}
catch {
TCSLogWithMark("error decoding idtoken::")
TCSLogWithMark("Token:\(body)")
delegate.denyLogin()
return

}


if let defaultsUsername = defaultsUsername {
username = defaultsUsername
}
else {

}

var emailString:String

Expand All @@ -131,6 +135,20 @@ class LoginWebViewController: WebViewController {
TCSLogWithMark("username found: \(tUsername)")
username = tUsername
}

if let firstName = idTokenObject.given_name, let lastName = idTokenObject.family_name {
delegate.setHint(type: .fullName, hint: "\(firstName) \(lastName)")

}
if let firstName = idTokenObject.given_name {
delegate.setHint(type: .firstName, hint:firstName)

}
if let lastName = idTokenObject.family_name {
delegate.setHint(type: .lastName, hint:lastName)

}

let isLocal = try? PasswordUtils.isUserLocal(username)

guard let isLocal = isLocal else {
Expand Down
4 changes: 3 additions & 1 deletion XCredsLoginPlugIn/LoginWindow/xcreds_login.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,9 @@ if [ $f_install -eq 1 ]; then
"${authrights_path}" -r "loginwindow:login" "XCredsLoginPlugin:LoginWindow"
"${authrights_path}" -a "XCredsLoginPlugin:LoginWindow" "XCredsLoginPlugin:PowerControl,privileged"
"${authrights_path}" -a "loginwindow:done" "XCredsLoginPlugin:KeychainAdd,privileged"


"${authrights_path}" -a "builtin:login-begin" "XCredsLoginPlugin:CreateUser,privileged"

else
echo "could not find authrights tool"
exit -1
Expand Down
21 changes: 20 additions & 1 deletion XCredsLoginPlugIn/Mechanisms/XCredsBaseMechanism.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,25 @@ protocol XCredsMechanismProtocol {
return userPass
}
}
var xcredsFirst: String? {
get {
guard let firstName = getHint(type: .firstName) as? String else {
return nil
}
os_log("Computed nomadFirst accessed: %{public}@", log: noLoMechlog, type: .debug, firstName)
return firstName
}
}

var xcredsLast: String? {
get {
guard let lastName = getHint(type: .lastName) as? String else {
return nil
}
os_log("Computed nomadLast accessed: %{public}@", log: noLoMechlog, type: .debug, lastName)
return lastName
}
}
var xcredsUser: String? {
get {
guard let userName = getHint(type: .user) as? String else {
Expand Down Expand Up @@ -302,7 +321,7 @@ protocol XCredsMechanismProtocol {
records = try query.resultsAllowingPartial(false) as! [ODRecord]
} catch {
let errorText = error.localizedDescription
// os_log("ODError while trying to check for local user: %{public}@", log: noLoMechlog, type: .error, errorText)
os_log("ODError while trying to check for local user: %{public}@", log: noLoMechlog, type: .error, errorText)
return false
}
let isLocal = records.isEmpty ? false : true
Expand Down
43 changes: 22 additions & 21 deletions ...dsLoginPlugIn/Mechanisms/CreateUser.swift → ...nPlugIn/Mechanisms/XCredsCreateUser.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,13 @@
//

import OpenDirectory
//import os.log
let createUserLog = "createUserLog"
let uiLog = "uiLog"


/// Mechanism to create a local user and homefolder.
class CreateUser: XCredsBaseMechanism {

class XCredsCreateUser: XCredsBaseMechanism {

let createUserLog = "createUserLog"
let uiLog = "uiLog"
//MARK: - Properties
let session = ODSession.default()

Expand All @@ -31,7 +32,7 @@ class CreateUser: XCredsBaseMechanism {
let nativeAttrsDetails = ["dsAttrTypeNative:AvatarRepresentation": "",
"dsAttrTypeNative:unlockOptions": "0"]

@objc override func run() {
@objc override func run() {
os_log("CreateUser mech starting", log: createUserLog, type: .debug)

// check if we are a guest account
Expand Down Expand Up @@ -61,15 +62,15 @@ class CreateUser: XCredsBaseMechanism {
}
}

if xcredsPass != nil && !XCredsBaseMechanism.checkForLocalUser(name: xcredsUser!) {
if xcredsPass != nil && !XCredsCreateUser.checkForLocalUser(name: xcredsUser!) {

var secureTokenCreds = [String:String]()
if getManagedPreference(key: .ManageSecureTokens) as? Bool ?? false {
secureTokenCreds = GetSecureTokenCreds()
}

guard let uid = findFirstAvaliableUID() else {
os_log("Could not find an avaliable UID", log: createUserLog, type: .debug)
os_log("Could not find an available UID", log: createUserLog, type: .debug)
return
}

Expand All @@ -82,7 +83,7 @@ class CreateUser: XCredsBaseMechanism {

os_log("Checking for CreateAdminIfGroupMember groups", log: uiLog, type: .debug)
if let adminGroups = getManagedPreference(key: .CreateAdminIfGroupMember) as? [String] {
// os_log("Found a CreateAdminIfGroupMember key value: %{public}@ ", log: uiLog, type: .debug, adminGroups)
os_log("Found a CreateAdminIfGroupMember key value: ", log: uiLog, type: .debug)
nomadGroups?.forEach { group in
if adminGroups.contains(group) {
isAdmin = true
Expand All @@ -92,18 +93,18 @@ class CreateUser: XCredsBaseMechanism {
}
var customAttributes = [String: String]()

let nomadMetaPrefix = "_nomad"
let metaPrefix = "_xcreds"

customAttributes["dsAttrTypeNative:\(nomadMetaPrefix)_didCreateUser"] = "1"
customAttributes["dsAttrTypeNative:\(metaPrefix)_didCreateUser"] = "1"

let currentDate = ISO8601DateFormatter().string(from: Date())
customAttributes["dsAttrTypeNative:\(nomadMetaPrefix)_creationDate"] = currentDate
customAttributes["dsAttrTypeNative:\(metaPrefix)_creationDate"] = currentDate

// customAttributes["dsAttrTypeNative:\(nomadMetaPrefix)_domain"] = nomadDomain!

createUser(shortName: xcredsUser!,
first: "XCreds.first",
last: "XCreds.last",
first: xcredsFirst!,
last: xcredsLast!,
pass: xcredsPass!,
uid: uid,
gid: "20",
Expand Down Expand Up @@ -196,7 +197,7 @@ class CreateUser: XCredsBaseMechanism {
}

// Set the login timestamp if requested
setTimestampFor(xcredsUser as? String ?? "")
setTimestampFor(xcredsUser ?? "")
}
os_log("Allowing login", log: createUserLog, type: .debug)
let _ = allowLogin()
Expand Down Expand Up @@ -252,9 +253,9 @@ class CreateUser: XCredsBaseMechanism {
}

if getManagedPreference(key: .UseCNForFullName) as? Bool ?? false {
attrs[kODAttributeTypeFullName] = [getHint(type: .full) as? String ?? ""]
attrs[kODAttributeTypeFullName] = [getHint(type: .fullName) as? String ?? ""]
} else if getManagedPreference(key: .UseCNForFullNameFallback) as? Bool ?? false && "\(first) \(last)" == " " {
attrs[kODAttributeTypeFullName] = [getHint(type: .full) as? String ?? ""]
attrs[kODAttributeTypeFullName] = [getHint(type: .fullName) as? String ?? ""]
}


Expand Down Expand Up @@ -403,15 +404,15 @@ class CreateUser: XCredsBaseMechanism {
if getManagedPreference(key: .AliasUPN) as? Bool ?? false {
if let upn = getHint(type: .kerberos_principal) as? String {
os_log("Adding UPN as an alias: %{public}@", log: createUserLog, type: .debug, upn)
let result = XCredsBaseMechanism.addAlias(name: shortName, alias: upn.lowercased())
let result = XCredsCreateUser.addAlias(name: shortName, alias: upn.lowercased())
os_log("Adding UPN result: %{public}@", log: createUserLog, type: .debug, result.description)
}
}

if getManagedPreference(key: .AliasNTName) as? Bool ?? false {
if let ntName = getHint(type: .ntName) as? String {
os_log("Adding NTName as an alias: %{public}@", log: createUserLog, type: .debug, ntName)
let result = XCredsBaseMechanism.addAlias(name: shortName, alias: ntName)
let result = XCredsCreateUser.addAlias(name: shortName, alias: ntName)
os_log("Adding NTName result: %{public}@", log: createUserLog, type: .debug, result.description)
}
}
Expand Down Expand Up @@ -600,10 +601,10 @@ class CreateUser: XCredsBaseMechanism {
}
}

fileprivate func setTimestampFor(_ xcredsUser: String) {
fileprivate func setTimestampFor(_ nomadUser: String) {
// Add network sign in stamp
if let signInTime = getHint(type: .networkSignIn) {
if XCredsBaseMechanism.updateSignIn(name: xcredsUser, time: signInTime as AnyObject) {
if XCredsCreateUser.updateSignIn(name: nomadUser, time: signInTime as AnyObject) {
os_log("Sign in time updated", log: createUserLog, type: .default)
} else {
os_log("Dould not add timestamp", log: createUserLog, type: .error)
Expand Down

0 comments on commit 2bd3cb8

Please sign in to comment.