added lock screen switch to login window

Profile Manifest/com.twocanoes.xcreds.plist

@@ -125,7 +125,6 @@ A profile can consist of payloads with different version numbers. For example, c
 			<key>pfm_type</key>
 			<string>string</string>
 		</dict>
-
 		<dict>
 			<key>pfm_description</key>
 			<string>The OIDC client id public identifier for the app.</string>
@@ -166,6 +165,20 @@ A profile can consist of payloads with different version numbers. For example, c
 			<key>pfm_type</key>
 			<string>boolean</string>
 		</dict>
+		<dict>
+			<key>pfm_default</key>
+			<false/>
+			<key>pfm_description</key>
+			<string>When set to true and the user locks the current session, XCreds will tell the system to switch to Login Window. The current session will stay active but the user will login with the XCreds Login Window to resume the session.</string>
+			<key>pfm_documentation_url</key>
+			<string>https://github.com/twocanoes/xcreds/wiki/AdminGuide#shouldswitchtologinwindowwhenlocked</string>
+			<key>pfm_name</key>
+			<string>shouldSwitchToLoginWindowWhenLocked</string>
+			<key>pfm_title</key>
+			<string>Should Switch To Login Window When Locked</string>
+			<key>pfm_type</key>
+			<string>boolean</string>
+		</dict>
 		<dict>
 			<key>pfm_default</key>
 			<string>https://login.microsoftonline.com/common/.well-known/openid-configuration</string>
@@ -400,7 +413,6 @@ A profile can consist of payloads with different version numbers. For example, c
 			<key>pfm_type</key>
 			<string>string</string>
 		</dict>
-
 		<dict>
 			<key>pfm_default</key>
 			<true/>
@@ -543,7 +555,7 @@ A profile can consist of payloads with different version numbers. For example, c
 			<key>pfm_default</key>
 			<false/>
 			<key>pfm_description</key>
-			<string>Reset the keychain without prompting if the login password doesn't match the local password.</string>
+			<string>Reset the keychain without prompting if the login password doesn&apos;t match the local password.</string>
 			<key>pfm_documentation_url</key>
 			<string>https://github.com/twocanoes/xcreds/wiki/AdminGuide#keychainreset</string>
 			<key>pfm_name</key>

XCreds/AppDelegate.swift

@@ -23,6 +23,8 @@ class AppDelegate: NSObject, NSApplicationDelegate {
 
         }
 
+
+        DistributedNotificationCenter.default().addObserver(self, selector: #selector(screenLocked(_:)), name:NSNotification.Name("com.apple.screenIsLocked") , object: nil)
 //        ManagedPreferences.shared.preference(forKey: .clientID)
         mainController = MainController.init()
         mainController?.run()
@@ -37,6 +39,11 @@ class AppDelegate: NSObject, NSApplicationDelegate {
     func applicationSupportsSecureRestorableState(_ app: NSApplication) -> Bool {
         return true
     }
+    @objc func screenLocked(_ sender:Any) {
+        if UserDefaults.standard.bool(forKey: PrefKeys.shouldSwitchToLoginWindowWhenLocked.rawValue)==true{
+            TCSLoginWindowUtilities().switchToLoginWindow(self)
+        }
+    }
 
 
 }

XCreds/PrefKeys.swift

@@ -8,7 +8,7 @@
 import Foundation
 
 enum PrefKeys: String {
-    case clientID, clientSecret, password="local password",discoveryURL, redirectURI, scopes, accessToken, idToken, refreshToken, tokenEndpoint, expirationDate, invalidToken, refreshRateHours, showDebug, verifyPassword, shouldShowQuitMenu, shouldShowPreferencesOnStart, shouldSetGoogleAccessTypeToOffline, passwordChangeURL, shouldShowAboutMenu, username, idpHostName, passwordElementID, shouldFindPasswordElement, shouldShowVersionInfo, shouldShowSupportStatus,shouldShowConfigureWifiButton,shouldShowMacLoginButton, loginWindowBackgroundImageURL, shouldShowCloudLoginByDefault,idpHostNames,autoRefreshLoginTimer, loginWindowWidth, loginWindowHeight, shouldShowRefreshBanner
+    case clientID, clientSecret, password="local password",discoveryURL, redirectURI, scopes, accessToken, idToken, refreshToken, tokenEndpoint, expirationDate, invalidToken, refreshRateHours, showDebug, verifyPassword, shouldShowQuitMenu, shouldShowPreferencesOnStart, shouldSetGoogleAccessTypeToOffline, passwordChangeURL, shouldShowAboutMenu, username, idpHostName, passwordElementID, shouldFindPasswordElement, shouldShowVersionInfo, shouldShowSupportStatus,shouldShowConfigureWifiButton,shouldShowMacLoginButton, loginWindowBackgroundImageURL, shouldShowCloudLoginByDefault,idpHostNames,autoRefreshLoginTimer, loginWindowWidth, loginWindowHeight, shouldShowRefreshBanner, shouldSwitchToLoginWindowWhenLocked
 }
 func getManagedPreference(key: Preferences) -> Any? {
 

XCreds/TCSLoginWindowUtilities.h

@@ -0,0 +1,16 @@
+//
+//  TCSLoginWindowUtilities.h
+//  XCreds
+//
+//  Created by Timothy Perfitt on 5/11/23.
+//
+
+#import <Foundation/Foundation.h>
+
+NS_ASSUME_NONNULL_BEGIN
+
+@interface TCSLoginWindowUtilities : NSObject
+-(void)switchToLoginWindow:(id)sender;
+@end
+
+NS_ASSUME_NONNULL_END

XCreds/TCSLoginWindowUtilities.m

@@ -0,0 +1,106 @@
+//
+//  TCSLoginWindowUtilities.m
+//  XCreds
+//
+//  Created by Timothy Perfitt on 5/11/23.
+//
+#import <Foundation/Foundation.h>
+
+#import "TCSLoginWindowUtilities.h"
+@protocol LFSessionAgentListenerInterface <NSObject>
+- (void)SACLOFinishDelayedLogout:(NSDictionary *)arg1 reply:(void (^)(int))arg2;
+- (void)SACLORegisterLogoutStatusCallacks:(NSDictionary *)arg1 reply:(void (^)(int))arg2;
+- (void)SACLOStartLogoutWithOptions:(int)arg1 subType:(int)arg2 showConfirmation:(BOOL)arg3 countDownTime:(int)arg4 talOptions:(int)arg5 logoutOptions:(NSDictionary *)arg6 reply:(void (^)(int))arg7;
+- (void)SACLOStartLogout:(int)arg1 subType:(int)arg2 showConfirmation:(BOOL)arg3 talOptions:(int)arg4 reply:(void (^)(int))arg5;
+- (void)SACLogoutComplete:(NSDictionary *)arg1 reply:(void (^)(int))arg2;
+- (void)SACNewSessionSignalReady:(void (^)(int))arg1;
+- (void)SACStartSessionForUser:(unsigned int)arg1 reply:(void (^)(int))arg2;
+- (void)SACStopSessionForLoginWindow:(void (^)(int))arg1;
+- (void)SACStartSessionForLoginWindow:(void (^)(int))arg1;
+- (void)SACSaveSetupUserScreenShots:(void (^)(int))arg1;
+- (void)SACMiniBuddySignalFinishedStage1WithOptions:(NSDictionary *)arg1 reply:(void (^)(int))arg2;
+- (void)SACMiniBuddyCopyUpgradeDictionary:(void (^)(int, NSDictionary *))arg1;
+- (void)SACSetFinalSnapshot:(BOOL)arg1 reply:(void (^)(int))arg2;
+- (void)SACStopProgressIndicator:(void (^)(int))arg1;
+- (void)SACStartProgressIndicator:(NSDictionary *)arg1 reply:(void (^)(int))arg2;
+- (void)SACBeginLoginTransition:(NSDictionary *)arg1 reply:(void (^)(int))arg2;
+- (void)SACSwitchToLoginWindow:(void (^)(int))arg1;
+- (void)SACSwitchToUser:(NSDictionary *)arg1 reply:(void (^)(int))arg2;
+- (void)SACSetKeyboardType:(int)arg1 productID:(int)arg2 vendorID:(int)arg3 countryCode:(int)arg4 reply:(void (^)(int))arg5;
+- (void)SACSetAutologinPassword:(NSString *)arg1 reply:(void (^)(int))arg2;
+- (void)SACSetAppleIDForUser:(NSString *)arg1 verified:(BOOL)arg2 reply:(void (^)(int))arg3;
+- (void)SACUpdateAppleIDUserLogin:(NSString *)arg1 reply:(void (^)(int))arg2;
+- (void)SACRestartForUser:(NSString *)arg1 reply:(void (^)(int))arg2;
+- (void)SACScreenSaverDidFadeInBackground:(BOOL)arg1 psnHi:(unsigned int)arg2 psnLow:(unsigned int)arg3 reply:(void (^)(int))arg4;
+- (void)SACScreenSaverIsRunningInBackground:(void (^)(int, BOOL))arg1;
+- (void)SACScreenSaverTimeRemaining:(void (^)(int, double))arg1;
+- (void)SACScreenSaverStopNowWithOptions:(NSDictionary *)arg1 reply:(void (^)(int))arg2;
+- (void)SACScreenSaverStopNow:(void (^)(int))arg1;
+- (void)SACScreenSaverStartNow:(void (^)(int))arg1;
+- (void)SACSetScreenSaverCanRun:(BOOL)arg1 reply:(void (^)(int))arg2;
+- (void)SACScreenSaverCanRun:(void (^)(int, BOOL))arg1;
+- (void)SACScreenSaverIsRunning:(void (^)(int, BOOL))arg1;
+- (void)SACShieldWindowShowing:(void (^)(int, BOOL))arg1;
+- (void)SACScreenLockEnabled:(void (^)(int, BOOL))arg1;
+- (void)SACLockScreenImmediate:(void (^)(int))arg1;
+- (void)SACScreenLockPreferencesChanged:(void (^)(int))arg1;
+- (void)SACFaceTimeCallRingStop:(void (^)(int))arg1;
+- (void)SACFaceTimeCallRingStart:(void (^)(int))arg1;
+@end
+
+@protocol LFLogindListenerLookupInterface <NSObject>
+- (void)SMMoveSessionToConsoleTemporaryBridge:(NSDictionary *)arg1 reply:(void (^)(int))arg2;
+- (void)SMReleaseSessionTemporaryBridge:(NSDictionary *)arg1 reply:(void (^)(int))arg2;
+- (void)SMCreateSessionTemporaryBridge:(NSDictionary *)arg1 reply:(void (^)(int, unsigned int))arg2;
+- (void)SMGetSessionAgentConnection:(void (^)(int, NSXPCListenerEndpoint *))arg1;
+@end
+
+static NSString* XPCHelperMachServiceName = @"com.apple.logind";
+
+
+@implementation TCSLoginWindowUtilities
+
+
+-(void)switchToLoginWindow:(id)sender{
+
+    NSString*  service_name = XPCHelperMachServiceName;
+
+    NSXPCConnection* connection = [[NSXPCConnection alloc] initWithMachServiceName:service_name options:0x1000];
+
+    NSXPCInterface* interface = [NSXPCInterface interfaceWithProtocol:@protocol(LFLogindListenerLookupInterface)];
+
+    [connection setRemoteObjectInterface:interface];
+
+    [connection resume];
+
+    id obj = [connection remoteObjectProxyWithErrorHandler:^(NSError* error)
+    {
+    NSLog(@"[-] Something went wrong");
+    NSLog(@"[-] Error: %@", error);
+    }];
+
+    NSLog(@"obj: %@", obj);
+    NSLog(@"conn: %@", connection);
+
+    [obj SMGetSessionAgentConnection:^(int b, NSXPCListenerEndpoint * endpoint){
+        NSLog(@"SMGetSessionAgentConnection Response: %d", b);
+
+        NSXPCConnection* SAConnection = [[NSXPCConnection alloc] initWithListenerEndpoint:endpoint];
+        [SAConnection setRemoteObjectInterface:[NSXPCInterface interfaceWithProtocol:@protocol(LFSessionAgentListenerInterface)]];
+        [SAConnection resume];
+
+        id login_window = [SAConnection remoteObjectProxy];
+
+
+        [login_window SACSwitchToLoginWindow:^(int) {
+
+        }];
+
+    }];
+
+    [NSThread sleepForTimeInterval:10.0f];
+
+    NSLog(@"Done");
+
+}
+@end

XCreds/XCreds-Bridging-Header.h

@@ -12,4 +12,6 @@
 #import "TCSKeychain.h"
 #import "TCSUnifiedLogger.h"
 #import <ProductLicense/ProductLicense.h>
+#import "TCSLoginWindowUtilities.h"
+
 #endif /* XCreds_Bridging_Header_h */

XCreds/defaults.plist

@@ -34,6 +34,8 @@
 	<true/>
 	<key>KeychainCreate</key>
 	<true/>
+	<key>shouldSwitchToLoginWindowWhenLocked</key>
+	<false/>
 	<key>shouldShowCloudLoginByDefault</key>
 	<true/>
 	<key>autoRefreshLoginTimer</key>

xCreds.xcodeproj/project.pbxproj

@@ -132,6 +132,7 @@
 		76DC0A87288386FA007C42B2 /* NSTaskWrapper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F528724FA80013E2A1 /* NSTaskWrapper.swift */; };
 		76DC0A88288387D8007C42B2 /* NSFileManager+TCSRealHomeFolder.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADFC284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m */; };
 		76DD6D17285997F300A700ED /* OIDCLite in Frameworks */ = {isa = PBXBuildFile; productRef = 76DD6D16285997F300A700ED /* OIDCLite */; };
+		76E9CE702A0DC6E30060220C /* TCSLoginWindowUtilities.m in Sources */ = {isa = PBXBuildFile; fileRef = 76E9CE6F2A0DC6E30060220C /* TCSLoginWindowUtilities.m */; };
 		76EB8410285C28F0001AE215 /* ChangePasswordMenuItem.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EB840F285C28F0001AE215 /* ChangePasswordMenuItem.swift */; };
 		76EE069E27FD1D00009E0F3A /* AppDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE069D27FD1D00009E0F3A /* AppDelegate.swift */; };
 		76EE06A027FD1D01009E0F3A /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 76EE069F27FD1D01009E0F3A /* Assets.xcassets */; };
@@ -318,6 +319,8 @@
 		76DC0A7D288376BC007C42B2 /* TCSXCredsLoginOverlayWindow.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = TCSXCredsLoginOverlayWindow.swift; sourceTree = "<group>"; };
 		76DC0A7F2883785A007C42B2 /* XCreds-Login-Overlay-Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist; path = "XCreds-Login-Overlay-Info.plist"; sourceTree = SOURCE_ROOT; };
 		76DD6D122859978F00A700ED /* OIDCLite */ = {isa = PBXFileReference; lastKnownFileType = wrapper; name = OIDCLite; path = ../OIDCLite; sourceTree = "<group>"; };
+		76E9CE6E2A0DC6E30060220C /* TCSLoginWindowUtilities.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = TCSLoginWindowUtilities.h; path = XCreds/TCSLoginWindowUtilities.h; sourceTree = "<group>"; };
+		76E9CE6F2A0DC6E30060220C /* TCSLoginWindowUtilities.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; name = TCSLoginWindowUtilities.m; path = XCreds/TCSLoginWindowUtilities.m; sourceTree = "<group>"; };
 		76EB840F285C28F0001AE215 /* ChangePasswordMenuItem.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ChangePasswordMenuItem.swift; sourceTree = "<group>"; };
 		76EE069A27FD1D00009E0F3A /* XCreds.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = XCreds.app; sourceTree = BUILT_PRODUCTS_DIR; };
 		76EE069D27FD1D00009E0F3A /* AppDelegate.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppDelegate.swift; sourceTree = "<group>"; };
@@ -509,6 +512,8 @@
 		76EE069127FD1D00009E0F3A = {
 			isa = PBXGroup;
 			children = (
+				76E9CE6E2A0DC6E30060220C /* TCSLoginWindowUtilities.h */,
+				76E9CE6F2A0DC6E30060220C /* TCSLoginWindowUtilities.m */,
 				76673CD429D3D5F500452848 /* LicenseChecker.swift */,
 				7683973029A854EC003D9B9F /* NSImage+String.swift */,
 				76DB5CF32A09AE9A0014F8E1 /* get_pw.js */,
@@ -924,6 +929,7 @@
 				76EE06AC27FD1D92009E0F3A /* TokenManager.swift in Sources */,
 				76EE06BA27FD1EE8009E0F3A /* SignInMenuItem.swift in Sources */,
 				76B882B229CCFDBA00BB8186 /* NSData+HexString.m in Sources */,
+				76E9CE702A0DC6E30060220C /* TCSLoginWindowUtilities.m in Sources */,
 				76D7ADFE284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m in Sources */,
 				76EECD0428753C7F00483C66 /* String+Base64URLEncoded.swift in Sources */,
 				766355DC287133C7002E3867 /* WebView.swift in Sources */,
@@ -1011,7 +1017,7 @@
 				CLANG_ENABLE_MODULES = YES;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3639;
+				CURRENT_PROJECT_VERSION = 3643;
 				DEFINES_MODULE = YES;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1048,7 +1054,7 @@
 				CLANG_ENABLE_MODULES = YES;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3639;
+				CURRENT_PROJECT_VERSION = 3643;
 				DEFINES_MODULE = YES;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1113,7 +1119,7 @@
 				CODE_SIGN_ENTITLEMENTS = "XCreds Login Overlay/XCreds_Login_Overlay.entitlements";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3639;
+				CURRENT_PROJECT_VERSION = 3643;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1149,7 +1155,7 @@
 				CODE_SIGN_ENTITLEMENTS = "XCreds Login Overlay/XCreds_Login_Overlay.entitlements";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3639;
+				CURRENT_PROJECT_VERSION = 3643;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1298,7 +1304,7 @@
 				CODE_SIGN_ENTITLEMENTS = XCreds/xCreds.entitlements;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3639;
+				CURRENT_PROJECT_VERSION = 3643;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1333,7 +1339,7 @@
 				CODE_SIGN_ENTITLEMENTS = XCreds/xCreds.entitlements;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3639;
+				CURRENT_PROJECT_VERSION = 3643;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				FRAMEWORK_SEARCH_PATHS = (