updated fullname

twocanoes · May 30, 2023 · 6271994 · 6271994
1 parent 5fa6c04
commit 6271994
Show file tree

Hide file tree

Showing 13 changed files with 165 additions and 63 deletions.
diff --git a/DefaultsOverride.swift b/DefaultsOverride.swift
@@ -108,10 +108,6 @@ public class DefaultsOverride: UserDefaults {
 
             TCSLogErrorWithMark(error.localizedDescription)
         }
-
-
-
-
     }
     override public func string(forKey defaultName: String) -> String? {
         TCSLogWithMark()

diff --git a/History.md b/History.md
@@ -8,6 +8,11 @@ New username and password window allows logging in with local user or Active Dir
 ### New Username and Password Window ###
 We no longer use the macOS login window and use the new XCreds username/password window. This allows for faster switching and Active Directory login.
 
+### Switch to Login Window at Screen Saver ###
+When the "shouldSwitchToLoginWindowWhenLocked" key is set and XCreds is running in the user session and the screen is locked, the lock screen will fast user switch to the log 
+
+When set to true and the user locks the current session, XCreds will tell the system to switch to Login Window. The current session will stay active but the user will login with the XCreds Login Window to resume the session.
+
 ### Admin Group ###
 
 If group membership is returned in the "groups" claim and matches the group defined in the "CreateAdminIfGroupMember" preference, the user will be created as admin.

diff --git a/NomadLogin/NoLoMechanism.swift b/NomadLogin/NoLoMechanism.swift
@@ -94,7 +94,7 @@ class NoLoMechanism: NSObject {
             guard let lastName = getHint(type: .noMADLast) as? String else {
                 return nil
             }
-            os_log("Computed nomadLast accessed: %{public}@", log: noLoMechlog, type: .debug, lastName)
+            os_log("Computed lastName accessed: %{public}@", log: noLoMechlog, type: .debug, lastName)
             return lastName
         }
     }

diff --git a/NomadLogin/SystemInfoHelper.swift b/NomadLogin/SystemInfoHelper.swift
@@ -7,7 +7,7 @@
 //
 
 import Foundation
-import NoMAD_ADAuth
+
 import NetworkExtension
 
 class SystemInfoHelper {

diff --git a/XCreds Login Overlay/AppDelegate.swift b/XCreds Login Overlay/AppDelegate.swift
@@ -7,12 +7,92 @@
 
 import Cocoa
 import AppKit
+
+
+
 @main
 struct MyMain {
+    static func resetRights() ->Bool {
+
+        if AuthorizationDBManager.shared.rightExists(right:"XCredsLoginPlugin:LoginWindow")==true {
+            TCSLogWithMark("replacing XCredsLoginPlugin:LoginWindow with loginwindow:login")
+            if AuthorizationDBManager.shared.replace(right: "XCredsLoginPlugin:LoginWindow", withNewRight: "loginwindow:login") == false {
+                TCSLogErrorWithMark("Error removing XCredsLoginPlugin:LoginWindow. bailing")
+                return false
+
+            }
+        }
+        else if AuthorizationDBManager.shared.rightExists(right: "loginwindow:login")==false {
+            TCSLogErrorWithMark("There was no XCredsLoginPlugin:LoginWindow and no loginwindow:login. Please remove /var/db/auth.db and reboot")
+            return false
+        }
+
+
+
+
+        for authRight in AuthorizationDBManager.shared.consoleRights() {
+            if authRight.hasPrefix("XCredsLoginPlugin") {
+                TCSLogWithMark("Removing \(authRight)")
+                if AuthorizationDBManager.shared.remove(right: authRight) == false {
+                    TCSLogErrorWithMark("Error removing \(authRight)")
+
+                }
+            }
+
+        }
+        return true
+
+    }
+    static func addRights() ->Bool {
+
+        TCSLogWithMark("Adding rights back in")
+        if AuthorizationDBManager.shared.replace(right: "loginwindow:login", withNewRight: "XCredsLoginPlugin:LoginWindow")==false {
+            TCSLogWithMark("error adding loginwindow:login after XCredsLoginPlugin:LoginWindow. bailing since this shouldn't happen")
+
+            return false
+
+        }
+
+        for right in [["XCredsLoginPlugin:LoginWindow":"XCredsLoginPlugin:PowerControl,privileged"], ["loginwindow:done":"XCredsLoginPlugin:KeychainAdd,privileged"],["builtin:login-begin":"XCredsLoginPlugin:CreateUser,privileged"],["loginwindow:done":"XCredsLoginPlugin:EnableFDE,privileged"],["loginwindow:done":"XCredsLoginPlugin:LoginDone"]] {
+
+            if AuthorizationDBManager.shared.rightExists(right: right.keys.first!){
+
+                if AuthorizationDBManager.shared.insertRight(newRight: right.values.first!, afterRight: right.keys.first!) {
+
+
+                    TCSLogWithMark("adding \(right.values.first!) after \(right.keys.first!)")
+                }
+
+                else {
+                    TCSLogErrorWithMark("\(right.keys.first!) does not exist. not inserting \(right.values.first!)")
+                }
+
+            }
+        }
+        return true
+
+    }
+
     static func main() -> Void {
-        sleep(15)
-         let _ = NSApplicationMain(CommandLine.argc, CommandLine.unsafeArgv)
+        if AuthorizationDBManager.shared.rightExists(right: "XCredsLoginPlugin:LoginWindow") == true {
+            TCSLogWithMark("XCreds auth rights already installed.")
+
+            return
+        }
+        TCSLogErrorWithMark("XCreds rights do not exist. Fixing and rebooting")
+
+        if resetRights()==false {
+            TCSLogErrorWithMark("error resetting rights")
+            return
+        }
+        if addRights()==false {
+            TCSLogErrorWithMark("error adding rights")
+
+        }
+        let _ = cliTaskNoTerm("/sbin/reboot")
+
     }
+
 }
 
 class AppDelegate: NSObject, NSApplicationDelegate {
@@ -69,30 +149,30 @@ class AppDelegate: NSObject, NSApplicationDelegate {
 
  */
     func applicationDidFinishLaunching(_ aNotification: Notification) {
-        if AuthorizationDBManager.shared.rightExists(right: "loginwindow:login") == true {
-
-            var statusWindowRect=window.frame
-            let screenRect = NSScreen.screens[0].visibleFrame
-            statusWindowRect.size.width=screenRect.size.width
-            statusWindowRect.origin=screenRect.origin;
-            window.setFrame(statusWindowRect, display: true, animate: false)
-            window.canBecomeVisibleWithoutLogin=true
-            window.hidesOnDeactivate=false
-            window.isOpaque=false
-            window.level = .modalPanel
-            //        Timer.scheduledTimer(withTimeInterval: 3, repeats: true) { timer in
-            //            NSApp.activate(ignoringOtherApps: true)
-            //            self.window.orderFrontRegardless()
-            //        }
-
-            NSApp.activate(ignoringOtherApps: true)
-            window.orderFrontRegardless()
-            if let ud = UserDefaults(suiteName: "com.twocanoes.xcreds"),  let customTextString = ud.value(forKey: "cloudLoginText") {
-                cloudLoginTextField.stringValue = customTextString as! String
-                cloudLoginTextField.sizeToFit()
-
-            }
-        }
+//        if AuthorizationDBManager.shared.rightExists(right: "loginwindow:login") == true {
+//
+//            var statusWindowRect=window.frame
+//            let screenRect = NSScreen.screens[0].visibleFrame
+//            statusWindowRect.size.width=screenRect.size.width
+//            statusWindowRect.origin=screenRect.origin;
+//            window.setFrame(statusWindowRect, display: true, animate: false)
+//            window.canBecomeVisibleWithoutLogin=true
+//            window.hidesOnDeactivate=false
+//            window.isOpaque=false
+//            window.level = .modalPanel
+//            //        Timer.scheduledTimer(withTimeInterval: 3, repeats: true) { timer in
+//            //            NSApp.activate(ignoringOtherApps: true)
+//            //            self.window.orderFrontRegardless()
+//            //        }
+//
+//            NSApp.activate(ignoringOtherApps: true)
+//            window.orderFrontRegardless()
+//            if let ud = UserDefaults(suiteName: "com.twocanoes.xcreds"),  let customTextString = ud.value(forKey: "cloudLoginText") {
+//                cloudLoginTextField.stringValue = customTextString as! String
+//                cloudLoginTextField.sizeToFit()
+//
+//            }
+//        }
     }
 
     func applicationWillTerminate(_ aNotification: Notification) {

diff --git a/XCredsLoginPlugIn/LoginWindow/AuthorizationDBManager.swift b/XCredsLoginPlugIn/LoginWindow/AuthorizationDBManager.swift
@@ -126,10 +126,8 @@ class AuthorizationDBManager: NSObject {
         let positionOfRight = consoleRights.firstIndex(of: right)
 
         if positionOfRight == nil {
-//            TCSLogWithMark("did not find \(right)")
             return false
         }
-//        TCSLogWithMark("found \(right)")
 
         return true
     }

diff --git a/XCredsLoginPlugIn/LoginWindow/LoginWebViewWindowController.swift b/XCredsLoginPlugIn/LoginWindow/LoginWebViewWindowController.swift
@@ -150,13 +150,12 @@ class LoginWebViewWindowController: WebViewWindowController {
             context.duration = 1.0
             context.allowsImplicitAnimation = true
             self.webView?.animator().alphaValue = 0.0
+//            self.webView?.animator().frame=NSMakeRect(self.webView.frame.origin.x+self.webView.frame.size.width/2, self.webView.frame.origin.y,0,self.webView.frame.size.height)
         }, completionHandler: {
-            DispatchQueue.main.async{
                 self.webView?.alphaValue = 0.0
-
                 self.window?.close()
 
-            }
+
         })
     }
 
@@ -246,7 +245,7 @@ class LoginWebViewWindowController: WebViewWindowController {
         TCSLogWithMark("checking map_fullname")
 
         if let idTokenInfo = idTokenInfo, let mapKey = DefaultsOverride.standardOverride.object(forKey: "map_fullname")  as? String, mapKey.count>0, let mapValue = idTokenInfo[mapKey] as? String {
-//we have a mapping so use that.
+            //we have a mapping so use that.
             TCSLogWithMark("full name mapped to: \(mapKey)")
 
             delegate.setHint(type: .fullName, hint: "\(mapValue)")

diff --git a/XCredsLoginPlugIn/Mechanisms/XCredsCreateUser.swift b/XCredsLoginPlugIn/Mechanisms/XCredsCreateUser.swift
@@ -43,7 +43,7 @@ class XCredsCreateUser: XCredsBaseMechanism {
         // check if we are a guest account
         // if so, remove any existing user/home for the guest
         // then allow the mech to create a new user/home
-        
+
         if (getHint(type: .guestUser) as? String == "true") {
             TCSLog("Setting up a guest account")
 
@@ -67,7 +67,7 @@ class XCredsCreateUser: XCredsBaseMechanism {
             }
         }
 
-        if xcredsPass != nil && !XCredsCreateUser.checkForLocalUser(name: xcredsUser!) {
+        if let xcredsPass=xcredsPass,let xcredsUser = xcredsUser, XCredsCreateUser.checkForLocalUser(name: xcredsUser)==false{
 
             var secureTokenCreds:SecureTokenCredential? = nil
             if let creds = PasswordUtils.GetSecureTokenCreds() {
@@ -103,6 +103,11 @@ class XCredsCreateUser: XCredsBaseMechanism {
                 }
             }
 
+            var fullname:String?
+            if let fullnameHint = getHint(type: .fullName) as? String {
+                fullname=fullnameHint
+            }
+
             var customAttributes = [String: String]()
 
             let metaPrefix = "_xcreds"
@@ -112,20 +117,26 @@ class XCredsCreateUser: XCredsBaseMechanism {
             let currentDate = ISO8601DateFormatter().string(from: Date())
             customAttributes["dsAttrTypeNative:\(metaPrefix)_creationDate"] = currentDate
 
-            createUser(shortName: xcredsUser!,
-                       first: xcredsFirst! ,
-                       last: xcredsLast!,
-                       pass: xcredsPass!,
+            guard let xcredsFirst=xcredsFirst, let xcredsLast = xcredsLast else {
+                TCSLogErrorWithMark("first or last name not defined. bailing")
+                let _ = denyLogin()
+                return
+
+            }
+            createUser(shortName: xcredsUser,
+                       first: xcredsFirst ,
+                       last: xcredsLast, fullName: fullname,
+                       pass: xcredsPass,
                        uid: uid,
                        gid: "20",
                        canChangePass: true,
                        isAdmin: isAdmin,
                        customAttributes: customAttributes,
                        secureTokenCreds: secureTokenCreds)
 
-            TCSLogWithMark("Creating local homefolder for \(xcredsUser ?? "")")
-            createHomeDirFor(xcredsUser!)
-            TCSLogWithMark("Fixup home permissions for: \(xcredsUser ?? "")")
+            TCSLogWithMark("Creating local homefolder for \(xcredsUser)")
+            createHomeDirFor(xcredsUser)
+            TCSLogWithMark("Fixup home permissions for: \(xcredsUser)")
             let _ = cliTask("/usr/sbin/diskutil resetUserPermissions / \(uid)", arguments: nil, waitForTermination: true)
             TCSLogWithMark("Account creation complete, allowing login")
         } else {
@@ -175,7 +186,7 @@ class XCredsCreateUser: XCredsBaseMechanism {
     }
 
     // mark utility functions
-    func createUser(shortName: String, first: String, last: String, pass: String?, uid: String, gid: String, canChangePass: Bool, isAdmin: Bool, customAttributes: [String:String], secureTokenCreds: SecureTokenCredential?) {
+    func createUser(shortName: String, first: String, last: String, fullName:String?, pass: String?, uid: String, gid: String, canChangePass: Bool, isAdmin: Bool, customAttributes: [String:String], secureTokenCreds: SecureTokenCredential?) {
         var newRecord: ODRecord?
         os_log("Creating new local account for: %{public}@", log: createUserLog, type: .default, shortName)
         //        os_log("New user attributes. first: %{public}@, last: %{public}@, uid: %{public}@, gid: %{public}@, canChangePass: %{public}@, isAdmin: %{public}@, customAttributes: %{public}@", log: createUserLog, type: .debug, first, last, uid, gid, canChangePass.description, isAdmin.description, customAttributes)
@@ -185,8 +196,12 @@ class XCredsCreateUser: XCredsBaseMechanism {
         // regardless of if there's more than one value or not
 
         os_log("Checking for UserProfileImage key", log: createUserLog, type: .debug)
-
         var userFullName = [first, last].joined(separator: " ").trimmingCharacters(in: .whitespaces)
+
+        if let fullName = fullName {
+            userFullName=fullName
+        }
+
         if userFullName.isEmpty {
             userFullName = shortName
         }

diff --git a/build.sh b/build.sh
@@ -2,6 +2,13 @@
 
 set -e
 
+echo "post to github? (y/N)"
+read should_upload
+if [ "${should_upload}" = "y" ]; then
+   upload=1
+echo "uploading to github when done"
+fi
+
 carthage update
 xcodebuild -resolvePackageDependencies
 

diff --git a/build_resources/buildscripts/build.sh b/build_resources/buildscripts/build.sh
@@ -7,6 +7,7 @@ PROJECT_FOLDER="../../"
 SRC_PATH="../../"
 
 ###########################
+
 if [ -e "${SRC_PATH}/../build/bitbucket_creds.sh" ] ; then 
 	source "${SRC_PATH}/../build/bitbucket_creds.sh"
 fi

diff --git a/build_resources/buildscripts/build_post.sh b/build_resources/buildscripts/build_post.sh
@@ -1,6 +1,5 @@
 #!/bin/sh
 set -x 
-
 prebeta_filename="${1}"
 
 if [ ! -e Builds ] ; then
@@ -18,7 +17,7 @@ this_dir=$(dirname $0)
 source ${this_dir}/../../../build/github_creds.sh 
 
 #echo "Uploading ${prebeta_filename}"
-if [ -f "${prebeta_filename}" ]; then
+if [ -f "${prebeta_filename}" ] &&  [ -n "${upload}"]; then
 
 #	curl --progress-bar -X POST "https://${bitbucket_username}:${bitbucket_password}@api.bitbucket.org/2.0/repositories/twocanoes/xcreds/downloads" --form files=@"${prebeta_filename}" > /tmp/curl.log
 	owner="twocanoes"