removed reset option

XCreds/LoginPasswordWindowController.xib

@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="21507" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none" useAutolayout="YES" customObjectInstantitationMethod="direct">
+<document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="21701" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none" useAutolayout="YES" customObjectInstantitationMethod="direct">
     <dependencies>
         <deployment identifier="macosx"/>
-        <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="21507"/>
+        <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="21701"/>
         <capability name="documents saved in the Xcode 8 format" minToolsVersion="8.0"/>
     </dependencies>
     <objects>
@@ -42,7 +42,7 @@
                         <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
                         <textFieldCell key="cell" selectable="YES" id="raI-nS-JM6">
                             <font key="font" metaFont="system"/>
-                            <string key="title">If you do not remember your local login password, please select Reset to login with your cloud password and backup your old keychain.</string>
+                            <string key="title">If you do not know your local login password, have a local admin log in at the mac login window and reset your local login password in System Settings.</string>
                             <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
                             <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
                         </textFieldCell>
@@ -81,43 +81,42 @@ DQ
                             <action selector="updateButtonPressed:" target="-2" id="0Yw-3m-Zc7"/>
                         </connections>
                     </button>
-                    <button verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="0Wv-NR-a6r">
-                        <rect key="frame" x="264" y="13" width="76" height="32"/>
-                        <buttonCell key="cell" type="push" title="Cancel" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="yk2-3t-h59">
+                    <button hidden="YES" verticalHuggingPriority="750" fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="vfc-Lt-21D">
+                        <rect key="frame" x="142" y="13" width="69" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="push" title="Reset" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="AFi-y5-fTi">
                             <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
                             <font key="font" metaFont="system"/>
-                            <string key="keyEquivalent" base64-UTF8="YES">
-Gw
-</string>
                         </buttonCell>
                         <connections>
-                            <action selector="cancelButtonPressed:" target="-2" id="qAB-hi-1zy"/>
+                            <action selector="removeKeychainButtonPressed:" target="-2" id="T0U-p4-KUW"/>
                         </connections>
                     </button>
-                    <button verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="vfc-Lt-21D">
-                        <rect key="frame" x="338" y="13" width="69" height="32"/>
-                        <buttonCell key="cell" type="push" title="Reset" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="AFi-y5-fTi">
+                    <button verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="0Wv-NR-a6r">
+                        <rect key="frame" x="331" y="13" width="76" height="32"/>
+                        <buttonCell key="cell" type="push" title="Cancel" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="yk2-3t-h59">
                             <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
                             <font key="font" metaFont="system"/>
+                            <string key="keyEquivalent" base64-UTF8="YES">
+Gw
+</string>
                         </buttonCell>
                         <connections>
-                            <action selector="removeKeychainButtonPressed:" target="-2" id="T0U-p4-KUW"/>
+                            <action selector="cancelButtonPressed:" target="-2" id="qAB-hi-1zy"/>
                         </connections>
                     </button>
                 </subviews>
                 <constraints>
                     <constraint firstAttribute="bottom" secondItem="gTn-ws-NVT" secondAttribute="bottom" constant="20" symbolic="YES" id="1PF-dv-8LN"/>
-                    <constraint firstItem="gTn-ws-NVT" firstAttribute="leading" secondItem="vfc-Lt-21D" secondAttribute="trailing" constant="12" symbolic="YES" id="4mX-Iu-kv1"/>
                     <constraint firstAttribute="trailing" secondItem="gTn-ws-NVT" secondAttribute="trailing" constant="20" symbolic="YES" id="Ca3-N3-wr2"/>
-                    <constraint firstItem="vfc-Lt-21D" firstAttribute="leading" secondItem="0Wv-NR-a6r" secondAttribute="trailing" constant="12" symbolic="YES" id="JmP-Hp-WMC"/>
-                    <constraint firstAttribute="bottom" secondItem="vfc-Lt-21D" secondAttribute="bottom" constant="20" symbolic="YES" id="p0P-ke-j6S"/>
-                    <constraint firstItem="0Wv-NR-a6r" firstAttribute="centerY" secondItem="gTn-ws-NVT" secondAttribute="centerY" id="plG-CO-NAT"/>
+                    <constraint firstAttribute="bottom" secondItem="0Wv-NR-a6r" secondAttribute="bottom" constant="20" symbolic="YES" id="MBG-D2-E15"/>
+                    <constraint firstItem="gTn-ws-NVT" firstAttribute="leading" secondItem="0Wv-NR-a6r" secondAttribute="trailing" constant="12" symbolic="YES" id="r3F-ci-tu2"/>
                 </constraints>
             </view>
             <connections>
                 <outlet property="delegate" destination="-2" id="WxA-Qo-qaN"/>
             </connections>
-            <point key="canvasLocation" x="93.5" y="270"/>
+            <point key="canvasLocation" x="136" y="263"/>
         </window>
     </objects>
     <resources>

XCredsLoginPlugIn/LoginWindow/LoginWebViewController.swift

@@ -389,6 +389,9 @@ class LoginWebViewController: WebViewController {
             }
 
         }
+        else {
+            TCSLogWithMark("Local password matches cloud password")
+        }
         TCSLogWithMark("passing username:\(username), password, and tokens")
         TCSLogWithMark("setting kAuthorizationEnvironmentUsername")
 

XCredsLoginPlugIn/LoginWindow/xcreds_login.sh

@@ -18,11 +18,12 @@ f_remove=0
 f_restore=0
 
 remove_rights () {
-    "${authrights_path}" -r  "XCredsLoginPlugin:LoginWindow" "loginwindow:login"
+    "${authrights_path}" -r  "XCredsLoginPlugin:LoginWindow" "loginwindow:login" > /dev/null
     "${authrights_path}" -d  "XCredsLoginPlugin:PowerControl,privileged"
-    "${authrights_path}" -d "XCredsLoginPlugin:KeychainAdd,privileged"
+    "${authrights_path}" -d  "XCredsLoginPlugin:KeychainAdd,privileged"
     "${authrights_path}" -d  "XCredsLoginPlugin:CreateUser,privileged"
     "${authrights_path}" -d  "XCredsLoginPlugin:EnableFDE,privileged"
+    "${authrights_path}" -d  "XCredsLoginPlugin:LoginDone"
 
 }
 while getopts ":ire" o; do

XCredsLoginPlugIn/Mechanisms/XCredsCreateUser.swift

@@ -33,8 +33,8 @@ class XCredsCreateUser: XCredsBaseMechanism {
                               "dsAttrTypeNative:unlockOptions": "0"]
 
     @objc override   func run() {
-        os_log("CreateUser mech starting", log: createUserLog, type: .debug)
-        
+        TCSLogWithMark("CreateUser mech starting")
+
         // check if we are a guest account
         // if so, remove any existing user/home for the guest
         // then allow the mech to create a new user/home
@@ -182,6 +182,7 @@ class XCredsCreateUser: XCredsBaseMechanism {
                                 try user.changePassword(nil, toPassword: xcredsPass!)
 
                             } catch {
+                                os_log(error.localizedDescription)
                                 os_log("Password Overwrite Silent without SecureToken Failed")
                             }
 

XCredsLoginPlugIn/Mechanisms/XCredsEnableFDE.swift

@@ -16,8 +16,8 @@ class XCredsEnableFDE : XCredsBaseMechanism {
 
     @objc override  func run() {
 
-        os_log("Running EnableFDE mech.", log: enableFDELog, type: .debug)
-        
+        TCSLogWithMark("EnableFDE mech starting")
+
         // FileVault
 
         if getManagedPreference(key: .EnableFDE) as? Bool == true {

XCredsLoginPlugIn/Mechanisms/XCredsKeychainAdd.swift

@@ -19,6 +19,8 @@ class XCredsKeychainAdd : XCredsBaseMechanism {
     let kItemName = "xcreds"
 
     @objc override func run() {
+        TCSLogWithMark("XCredsKeychainAdd mech starting")
+
         // get username and password
         // get reference to user's keychain
         // add items
@@ -30,7 +32,7 @@ class XCredsKeychainAdd : XCredsBaseMechanism {
 
         let tokenArray = getHint(type: .tokens) as? Array<String>
 
-        guard let tokenArray = tokenArray, tokenArray.count==3 else {
+        guard let tokenArray = tokenArray, tokenArray.count>3 else {
             TCSLogWithMark("no tokens but allowing login")
             allowLogin()
             return

XCredsLoginPlugIn/Mechanisms/XCredsLoginDone.swift

@@ -11,7 +11,7 @@ class XCredsLoginDone: XCredsBaseMechanism {
     }
 
     @objc override func run() {
-        TCSLogWithMark("trying hide progress")
+        TCSLogWithMark("XCredsLoginDone mech starting")
 
         NotificationCenter.default.post(name: NSNotification.Name("hideProgress"), object: nil)
         allowLogin()

XCredsLoginPlugIn/Mechanisms/XCredsLoginMechanism.swift

@@ -24,7 +24,7 @@ import Cocoa
 
         os_log("Checking for autologin.", log: checkADLog, type: .default)
         if FileManager.default.fileExists(atPath: "/tmp/nolorun") {
-            os_log("NoLo has run once already. Load regular window as this isn't a reboot", log: checkADLog, type: .debug)
+            os_log("XCreds has run once already. Load regular window as this isn't a reboot", log: checkADLog, type: .debug)
             return false
         }
 
@@ -90,7 +90,7 @@ import Cocoa
         return String.init(data: uuid, encoding: String.Encoding.utf8)
     }
     @objc override func run() {
-        TCSLogWithMark("\(#function) \(#file):\(#line)")
+        TCSLogWithMark("XCredsLoginMechanism mech starting")
         if useAutologin() {
             os_log("Using autologin", log: checkADLog, type: .debug)
             os_log("Check autologin complete", log: checkADLog, type: .debug)

XCredsLoginPlugIn/Mechanisms/XCredsPowerControlMechanism.swift

@@ -19,7 +19,7 @@ enum SpecialUsers: String {
 class XCredsPowerControlMechanism: XCredsBaseMechanism {
 
     @objc override func run() {
-        TCSLogWithMark("PowerControl mech starting")
+        TCSLogWithMark("XCredsPowerControlMechanism mech starting")
 
         if FileManager.default.fileExists(atPath: "/tmp/xcreds_return")==true{
             TCSLogWithMark("xcreds_return exists, removing")

XCredsLoginPlugIn/XCredsLoginPlugin.m

@@ -102,7 +102,7 @@ - (OSStatus)MechanismCreate:(AuthorizationPluginRef)inPlugin
 
     MechanismRecord *mechanism = (MechanismRecord *)malloc(sizeof(MechanismRecord));
     if (mechanism == NULL) return errSecMemoryError;
-    TCSLog([NSString stringWithFormat:@"Authorization Plugin ^%s Mechanism created.\n",mechanismId]);
+    TCSLog([NSString stringWithFormat:@"Authorization Plugin %s Mechanism created.\n",mechanismId]);
     mechanism->fMagic = kMechanismMagic;
     mechanism->fEngine = inEngine;
     mechanism->fPlugin = (PluginRecord *)inPlugin;

xCreds.xcodeproj/project.pbxproj

@@ -1011,7 +1011,7 @@
 				CLANG_ENABLE_MODULES = YES;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3634;
+				CURRENT_PROJECT_VERSION = 3639;
 				DEFINES_MODULE = YES;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1048,7 +1048,7 @@
 				CLANG_ENABLE_MODULES = YES;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3634;
+				CURRENT_PROJECT_VERSION = 3639;
 				DEFINES_MODULE = YES;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1113,7 +1113,7 @@
 				CODE_SIGN_ENTITLEMENTS = "XCreds Login Overlay/XCreds_Login_Overlay.entitlements";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3634;
+				CURRENT_PROJECT_VERSION = 3639;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1149,7 +1149,7 @@
 				CODE_SIGN_ENTITLEMENTS = "XCreds Login Overlay/XCreds_Login_Overlay.entitlements";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3634;
+				CURRENT_PROJECT_VERSION = 3639;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1298,7 +1298,7 @@
 				CODE_SIGN_ENTITLEMENTS = XCreds/xCreds.entitlements;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3634;
+				CURRENT_PROJECT_VERSION = 3639;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1333,7 +1333,7 @@
 				CODE_SIGN_ENTITLEMENTS = XCreds/xCreds.entitlements;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3634;
+				CURRENT_PROJECT_VERSION = 3639;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				FRAMEWORK_SEARCH_PATHS = (