Skip to content

Commit

Permalink
Prompt for Secure Token Admin Login When Required for AD #127
Browse files Browse the repository at this point in the history
  • Loading branch information
@twocanoes
twocanoes committed Dec 16, 2023
1 parent b8d52d5 commit 42002e6
Show file tree
Hide file tree
Showing 9 changed files with 126 additions and 191 deletions.
7 changes: 5 additions & 2 deletions NomadLogin/LocalCheckAndMigrate.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,13 +56,16 @@ class LocalCheckAndMigrate : NSObject, DSQueryable {

TCSLogWithMark("Local name matches, but not password")

if (getManagedPreference(key: .PasswordOverwriteSilent) as? Bool ?? false) {
// set the hint and return complete
if DefaultsOverride.standardOverride.string(forKey: PrefKeys.localAdminUserName.rawValue) != nil &&
DefaultsOverride.standardOverride.string(forKey: PrefKeys.localAdminPassword.rawValue) != nil &&
getManagedPreference(key: .PasswordOverwriteSilent) as? Bool ?? false {
TCSLogWithMark("Set to write keychain silently and we have admin. Skipping.")
TCSLogWithMark("Setting password to be overwritten.")
delegate?.setHint(type: .passwordOverwrite, hint: true)
TCSLogWithMark("Hint set")
return .complete
} else {
TCSLogWithMark("setting to sync password")
return .syncPassword
}
}
Expand Down
26 changes: 13 additions & 13 deletions XCreds/LoginPasswordWindowController.xib
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@
<autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
<imageCell key="cell" refusesFirstResponder="YES" alignment="left" imageScaling="proportionallyUpOrDown" image="icon_128x128" id="i1e-r0-Waa"/>
</imageView>
<textField verticalHuggingPriority="750" horizontalCompressionResistancePriority="250" fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="NQJ-DJ-Vk6">
<textField focusRingType="none" verticalHuggingPriority="750" horizontalCompressionResistancePriority="250" fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="NQJ-DJ-Vk6">
<rect key="frame" x="94" y="168" width="385" height="38"/>
<autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
<textFieldCell key="cell" selectable="YES" title="Please enter your local login password to sync your cloud password and login." id="Kf4-Rd-r7U">
Expand All @@ -42,7 +42,7 @@
<color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
</textFieldCell>
</textField>
<textField verticalHuggingPriority="750" horizontalCompressionResistancePriority="250" fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="qCR-tF-te2">
<textField focusRingType="none" verticalHuggingPriority="750" horizontalCompressionResistancePriority="250" fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="qCR-tF-te2">
<rect key="frame" x="94" y="105" width="383" height="55"/>
<autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
<textFieldCell key="cell" selectable="YES" title="If you do not know your local login password, click Reset and enter in a local admin usern and password." id="raI-nS-JM6">
Expand All @@ -51,7 +51,7 @@
<color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
</textFieldCell>
</textField>
<textField horizontalHuggingPriority="251" verticalHuggingPriority="750" fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="Vgp-AS-5WP">
<textField focusRingType="none" horizontalHuggingPriority="251" verticalHuggingPriority="750" fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="Vgp-AS-5WP">
<rect key="frame" x="94" y="79" width="66" height="16"/>
<autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
<textFieldCell key="cell" lineBreakMode="clipping" title="Password:" id="gjN-RB-inR">
Expand All @@ -60,7 +60,7 @@
<color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
</textFieldCell>
</textField>
<secureTextField verticalHuggingPriority="750" fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="uxk-Kc-Ey2">
<secureTextField focusRingType="none" verticalHuggingPriority="750" fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="uxk-Kc-Ey2">
<rect key="frame" x="166" y="76" width="309" height="21"/>
<autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
<secureTextFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" borderStyle="bezel" drawsBackground="YES" usesSingleLineMode="YES" id="C9u-SH-tmE">
Expand Down Expand Up @@ -126,18 +126,18 @@ Gw
<window title="Window" allowsToolTipsWhenApplicationIsInactive="NO" autorecalculatesKeyViewLoop="NO" releasedWhenClosed="NO" visibleAtLaunch="NO" frameAutosaveName="" animationBehavior="default" titlebarAppearsTransparent="YES" titleVisibility="hidden" id="1CI-8H-5ew">
<windowStyleMask key="styleMask" titled="YES"/>
<windowPositionMask key="initialPositionMask" leftStrut="YES" rightStrut="YES" topStrut="YES" bottomStrut="YES"/>
<rect key="contentRect" x="537" y="504" width="503" height="206"/>
<rect key="contentRect" x="537" y="504" width="503" height="226"/>
<rect key="screenRect" x="0.0" y="0.0" width="1496" height="910"/>
<view key="contentView" id="9wN-Ld-7y9">
<rect key="frame" x="0.0" y="0.0" width="503" height="206"/>
<rect key="frame" x="0.0" y="0.0" width="503" height="226"/>
<autoresizingMask key="autoresizingMask"/>
<subviews>
<imageView horizontalHuggingPriority="251" verticalHuggingPriority="251" fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="Xxe-1S-Zna">
<rect key="frame" x="20" y="138" width="68" height="68"/>
<autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
<imageCell key="cell" refusesFirstResponder="YES" alignment="left" imageScaling="proportionallyUpOrDown" image="icon_128x128" id="POn-cP-I3n"/>
</imageView>
<textField verticalHuggingPriority="750" horizontalCompressionResistancePriority="250" fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="AEQ-FX-hY0">
<textField focusRingType="none" verticalHuggingPriority="750" horizontalCompressionResistancePriority="250" fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="AEQ-FX-hY0">
<rect key="frame" x="100" y="168" width="385" height="38"/>
<autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
<textFieldCell key="cell" selectable="YES" title="Please enter a local administrator password to reset the user's account." id="qqZ-3u-MDh">
Expand All @@ -146,7 +146,7 @@ Gw
<color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
</textFieldCell>
</textField>
<textField horizontalHuggingPriority="251" verticalHuggingPriority="750" fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="3Cv-XF-qcP">
<textField focusRingType="none" horizontalHuggingPriority="251" verticalHuggingPriority="750" fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="3Cv-XF-qcP">
<rect key="frame" x="100" y="79" width="66" height="16"/>
<autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
<textFieldCell key="cell" lineBreakMode="clipping" title="Password:" id="uze-MC-XH3">
Expand All @@ -155,7 +155,7 @@ Gw
<color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
</textFieldCell>
</textField>
<secureTextField verticalHuggingPriority="750" fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="Vej-yJ-L7m">
<secureTextField focusRingType="none" verticalHuggingPriority="750" fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="Vej-yJ-L7m">
<rect key="frame" x="172" y="76" width="309" height="21"/>
<autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
<secureTextFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" borderStyle="bezel" drawsBackground="YES" usesSingleLineMode="YES" id="yFQ-uv-jJr">
Expand Down Expand Up @@ -193,7 +193,7 @@ Gw
<action selector="adminCancelButtonPressed:" target="-2" id="4Uu-S8-IJk"/>
</connections>
</button>
<textField horizontalHuggingPriority="251" verticalHuggingPriority="750" fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="dRz-I7-gTV">
<textField focusRingType="none" horizontalHuggingPriority="251" verticalHuggingPriority="750" fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="dRz-I7-gTV">
<rect key="frame" x="94" y="106" width="70" height="16"/>
<autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
<textFieldCell key="cell" lineBreakMode="clipping" title="Username:" id="GRh-vK-MaB">
Expand All @@ -202,8 +202,8 @@ Gw
<color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
</textFieldCell>
</textField>
<textField verticalHuggingPriority="750" fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="A7r-Vp-fPL">
<rect key="frame" x="170" y="103" width="311" height="21"/>
<textField focusRingType="none" verticalHuggingPriority="750" fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="A7r-Vp-fPL">
<rect key="frame" x="172" y="103" width="309" height="21"/>
<autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
<textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" borderStyle="bezel" drawsBackground="YES" id="dGW-6n-oBR">
<font key="font" metaFont="system"/>
Expand All @@ -222,7 +222,7 @@ Gw
<connections>
<outlet property="delegate" destination="-2" id="oG5-CP-lwV"/>
</connections>
<point key="canvasLocation" x="79.5" y="-110"/>
<point key="canvasLocation" x="79.5" y="-120"/>
</window>
</objects>
<resources>
Expand Down
36 changes: 2 additions & 34 deletions XCredsLoginPlugIn/LoginWindow/LoginWebViewController.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -248,41 +248,9 @@ class LoginWebViewController: WebViewController, DSQueryable {
case .success:
TCSLogWithMark("Local password matches cloud password ")
case .incorrectPassword:
TCSLogWithMark("local password is different from cloud password. Prompting for local password...")

if DefaultsOverride.standardOverride.string(forKey: PrefKeys.localAdminUserName.rawValue) != nil &&
DefaultsOverride.standardOverride.string(forKey: PrefKeys.localAdminPassword.rawValue) != nil &&
getManagedPreference(key: .PasswordOverwriteSilent) as? Bool ?? false {
TCSLogWithMark("Set to write keychain silently and we have admin. Skipping.")
mechanism.setHint(type: .passwordOverwrite, hint: true)
os_log("Hint set for passwordOverwrite", log: uiLog, type: .debug)
break;
if let mechanism = mechanism as? XCredsLoginMechanism{
mechanism.promptForLocalPassword(username: username)
}
let promptPasswordWindowController = PromptForLocalPasswordWindowController()

switch promptPasswordWindowController.verifyLocalPasswordAndChange(username:username, password: tokens.password, shouldUpdatePassword: true) {

case .success(let localPassword):
mechanism.setHint(type: .existingLocalUserPassword, hint: localPassword)

case .resetKeychain(let adminUsername, let adminPassword):
os_log("Setting password to be overwritten.", log: uiLog, type: .default)
mechanism.setHint(type: .passwordOverwrite, hint: true)
if let adminUsername = adminUsername, let adminPassword = adminPassword {
mechanism.setHint(type: .adminUsername, hint: adminUsername)
mechanism.setHint(type: .adminPassword, hint: adminPassword)

}

os_log("Hint set", log: uiLog, type: .debug)
case .cancelled:
mechanism.denyLogin(message:nil)
return
case .error(let errMesg):
mechanism.denyLogin(message:errMesg)
}


case .accountDoesNotExist:
TCSLogWithMark("user account doesn't exist yet")

Expand Down
109 changes: 57 additions & 52 deletions XCredsLoginPlugIn/LoginWindow/SignInWindowController.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -426,57 +426,57 @@ let checkADLog = OSLog(subsystem: "menu.nomad.login.ad", category: "CheckADMech"

//MARK: - Update Local User Account Methods

fileprivate func showPasswordSync() {
// hide other possible boxes
TCSLogWithMark()

let passwordWindowController = PromptForLocalPasswordWindowController.init(windowNibName: NSNib.Name("LoginPasswordWindowController"))

passwordWindowController.window?.canBecomeVisibleWithoutLogin=true
passwordWindowController.window?.isMovable = false
passwordWindowController.window?.canBecomeVisibleWithoutLogin = true
passwordWindowController.window?.level = NSWindow.Level(rawValue: NSWindow.Level.floating.rawValue)
var isDone = false
while (!isDone){
DispatchQueue.main.async{
TCSLogWithMark("resetting level")
passwordWindowController.window?.level = NSWindow.Level(rawValue: NSWindow.Level.floating.rawValue)
}

let response = NSApp.runModal(for: passwordWindowController.window!)
passwordWindowController.window?.close()

if response == .cancel {
isDone=true
TCSLogWithMark("User cancelled resetting keychain or entering password. Denying login")
completeLogin(authResult: .deny)

return
}

let localPassword = passwordWindowController.password
guard let localPassword = localPassword else {
continue
}
do {
os_log("Password doesn't match existing local. Try to change local pass to match.", log: uiLog, type: .default)
let localUser = try getLocalRecord(shortName)
try localUser.changePassword(localPassword, toPassword: passString)
os_log("Password sync worked, allowing login", log: uiLog, type: .default)

isDone=true
mechanism?.setHint(type: .existingLocalUserPassword, hint: localPassword)
completeLogin(authResult: .allow)
return
} catch {
os_log("Unable to sync local password to Network password. Reload and try again", log: uiLog, type: .error)
return
}


}

}
// fileprivate func showPasswordSync() {
// // hide other possible boxes
// TCSLogWithMark()
//
// let passwordWindowController = PromptForLocalPasswordWindowController.init(windowNibName: NSNib.Name("LoginPasswordWindowController"))
//
// passwordWindowController.window?.canBecomeVisibleWithoutLogin=true
// passwordWindowController.window?.isMovable = false
// passwordWindowController.window?.canBecomeVisibleWithoutLogin = true
// passwordWindowController.window?.level = NSWindow.Level(rawValue: NSWindow.Level.floating.rawValue)
// var isDone = false
// while (!isDone){
// DispatchQueue.main.async{
// TCSLogWithMark("resetting level")
// passwordWindowController.window?.level = NSWindow.Level(rawValue: NSWindow.Level.floating.rawValue)
// }
//
// let response = NSApp.runModal(for: passwordWindowController.window!)
// passwordWindowController.window?.close()
//
// if response == .cancel {
// isDone=true
// TCSLogWithMark("User cancelled resetting keychain or entering password. Denying login")
// completeLogin(authResult: .deny)
//
// return
// }
//
// let localPassword = passwordWindowController.password
// guard let localPassword = localPassword else {
// continue
// }
// do {
// os_log("Password doesn't match existing local. Try to change local pass to match.", log: uiLog, type: .default)
// let localUser = try getLocalRecord(shortName)
// try localUser.changePassword(localPassword, toPassword: passString)
// os_log("Password sync worked, allowing login", log: uiLog, type: .default)
//
// isDone=true
// mechanism?.setHint(type: .existingLocalUserPassword, hint: localPassword)
// completeLogin(authResult: .allow)
// return
// } catch {
// os_log("Unable to sync local password to Network password. Reload and try again", log: uiLog, type: .error)
// return
// }
//
//
// }
//
// }


fileprivate func showMigration() {
Expand Down Expand Up @@ -774,9 +774,14 @@ extension SignInViewController: NoMADUserSessionDelegate {
case .syncPassword:
// first check to see if we can resolve this ourselves
TCSLogWithMark("Sync password called.")
showPasswordSync()
// showPasswordSync()

if let mechanism = mechanism as? XCredsLoginMechanism {
let res = mechanism.promptForLocalPassword(username: user.shortName)
completeLogin(authResult: res)


}
case .errorSkipMigration, .skipMigration, .userMatchSkipMigration, .complete:
completeLogin(authResult: .allow)
}
Expand Down

0 comments on commit 42002e6

Please sign in to comment.