implemented swiching back to mac login window

twocanoes · Jul 4, 2022 · 85545c2 · 85545c2
1 parent fde13de
commit 85545c2
Show file tree

Hide file tree

Showing 14 changed files with 215 additions and 88 deletions.
diff --git a/XCreds/SecurityPrivateAPI.h b/XCreds/SecurityPrivateAPI.h
@@ -9,7 +9,7 @@
 #ifndef SecurityPrivateAPI_h
 #define SecurityPrivateAPI_h
 
-// So we can use SecKeychainChangePassword() in NoMADUser
+// So we can use SecKeychainChangePassword() 
 #import <Security/Security.h>
 extern OSStatus SecKeychainChangePassword(SecKeychainRef keychainRef, UInt32 oldPasswordLength, const void* oldPassword, UInt32 newPasswordLength, const void* newPassword);
 

diff --git a/XCreds/TCSUnifiedLogger.m b/XCreds/TCSUnifiedLogger.m
@@ -29,6 +29,10 @@ void TCSLog(NSString *string)
 + (TCSUnifiedLogger *)sharedLogger
 {
     static TCSUnifiedLogger *sharedLogger;
+
+    if (sharedLogger !=nil){
+        return sharedLogger;
+    }
     NSFileManager *fm = [NSFileManager defaultManager];
 
     NSString *logFolderPath = [[[NSUserDefaults standardUserDefaults] objectForKey:@"LogFolderPath"] stringByExpandingTildeInPath];

diff --git a/XCredsLoginPlugIn/LoginWindow/AuthorizationDBManager.swift b/XCredsLoginPlugIn/LoginWindow/AuthorizationDBManager.swift
@@ -0,0 +1,150 @@
+//
+//  AuthorizationDBManager.swift
+//  XCredsLoginPlugin
+//
+//  Created by Timothy Perfitt on 7/3/22.
+//
+
+import Foundation
+import Security.AuthorizationDB
+
+class AuthorizationDBManager: NSObject {
+    static let shared = AuthorizationDBManager()
+    private func getAuth() -> AuthorizationRef? {
+        if NSUserName() != "root" {
+            print("Not Running as root, please execute with sudo privilege to do this function")
+            exit(1)
+        }
+        var authRef : AuthorizationRef? = nil
+        let err = AuthorizationCreate(nil, nil, AuthorizationFlags(rawValue: 0), &authRef)
+
+        if err != noErr {
+
+            TCSLog("error getting rights to write authdb")
+            return nil
+        }
+        return authRef!
+    }
+    func rightsInfo() -> Dictionary<String,Any>? {
+        var rightsInfo: CFDictionary?
+
+        let err = AuthorizationRightGet("system.login.console", &rightsInfo)
+
+        if err != noErr {
+            TCSLog("eror getting right")
+            return nil
+        }
+        let rightInfo = rightsInfo as? Dictionary<String, Any>
+
+        return rightInfo
+    }
+    func consoleRights() -> Array <String> {
+
+        guard let rightInfo = rightsInfo() else {
+            TCSLog("error getting rightsInfo")
+
+            return []
+        }
+
+        guard let rightsArray = rightInfo["mechanisms"] else{
+            TCSLog("error getting mechanisms")
+
+            return []
+        }
+        guard let rightsArray = rightsArray as? Array<String> else {
+            TCSLog("error getting rightsArray")
+
+            return []
+
+        }
+        return rightsArray
+    }
+    func setConsoleRights(rights:Array<String>) -> Bool {
+
+        var rightInfo: CFDictionary?
+
+        let err = AuthorizationRightGet("system.login.console", &rightInfo)
+
+        if err != noErr {
+            TCSLog("error AuthorizationRightGet")
+
+            return false
+        }
+
+        guard var rightInfo = rightInfo as? Dictionary<String, Any> else {
+            TCSLog("error rightInfo")
+
+            return false
+        }
+        rightInfo["mechanisms"] = rights
+        guard let auth = getAuth() else {
+            TCSLog("error getAuth")
+
+            return false
+        }
+        let r = rightInfo as CFTypeRef
+        let err2 = AuthorizationRightSet(auth, "system.login.console",r, nil, nil, nil)
+
+        if err2 != noErr {
+            TCSLog("error AuthorizationRightSet")
+
+            return false
+        }
+        return true
+    }
+    func replace(right:String, withNewRight newRight:String) -> Bool {
+
+    var consoleRights = consoleRights()
+        let positionOfOldRight = consoleRights.firstIndex(of: right)
+
+        guard let positionOfOldRight = positionOfOldRight else {
+            TCSLog("error positionOfOldRight")
+
+            return false
+        }
+
+        consoleRights[positionOfOldRight] = newRight
+
+        return setConsoleRights(rights: consoleRights)
+
+    }
+    func rightExists(right:String)->Bool{
+        let consoleRights = consoleRights()
+        let positionOfRight = consoleRights.firstIndex(of: right)
+
+        if positionOfRight == nil {
+            TCSLog("did not find \(right)")
+            return false
+        }
+        TCSLog("found \(right)")
+
+        return true
+    }
+    func insertRight(newRight:String, afterRight right:String) -> Bool {
+        var consoleRights = consoleRights()
+        let positionOfRight = consoleRights.firstIndex(of: right)
+
+        guard let positionOfRight = positionOfRight else {
+            TCSLog("error positionOfRight")
+
+            return false
+        }
+        consoleRights.insert(newRight, at: positionOfRight+1)
+
+        return true
+    }
+    func insertRight(newRight:String, beforeRight right:String) -> Bool {
+        var consoleRights = consoleRights()
+        let positionOfRight = consoleRights.firstIndex(of: right)
+
+        guard let positionOfRight = positionOfRight else {
+            TCSLog("error positionOfRight2")
+
+            return false
+        }
+        consoleRights.insert(newRight, at: positionOfRight)
+
+        let success = setConsoleRights(rights: consoleRights)
+        return success
+    }
+}
diff --git a/XCredsLoginPlugIn/LoginWindow/LoginWindowControls.xib b/XCredsLoginPlugIn/LoginWindow/LoginWindowControls.xib
@@ -21,11 +21,11 @@
                 <rect key="frame" x="0.0" y="0.0" width="872" height="109"/>
                 <autoresizingMask key="autoresizingMask"/>
                 <subviews>
-                    <customView translatesAutoresizingMaskIntoConstraints="NO" id="sxl-0U-ne5">
-                        <rect key="frame" x="186" y="16" width="500" height="78"/>
+                    <customView misplaced="YES" translatesAutoresizingMaskIntoConstraints="NO" id="sxl-0U-ne5">
+                        <rect key="frame" x="252" y="20" width="369" height="78"/>
                         <subviews>
                             <button fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="6f9-0z-Xqg">
-                                <rect key="frame" x="153" y="1" width="67" height="64"/>
+                                <rect key="frame" x="151" y="1" width="67" height="64"/>
                                 <autoresizingMask key="autoresizingMask" flexibleMinX="YES" flexibleMaxX="YES" flexibleMinY="YES" flexibleMaxY="YES"/>
                                 <buttonCell key="cell" type="bevel" title="Shutdown" bezelStyle="rounded" image="ShutdownX" imagePosition="above" alignment="center" imageScaling="proportionallyDown" inset="2" id="WRj-LR-MaW">
                                     <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
@@ -37,7 +37,7 @@
                                 </connections>
                             </button>
                             <button fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="HyD-ug-de2">
-                                <rect key="frame" x="24" y="1" width="67" height="64"/>
+                                <rect key="frame" x="37" y="1" width="67" height="64"/>
                                 <autoresizingMask key="autoresizingMask" flexibleMinX="YES" flexibleMaxX="YES" flexibleMinY="YES" flexibleMaxY="YES"/>
                                 <buttonCell key="cell" type="bevel" title="Restart" bezelStyle="rounded" image="RestartX" imagePosition="above" alignment="center" imageScaling="proportionallyDown" inset="2" id="UQm-h8-fbd">
                                     <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
@@ -48,33 +48,27 @@
                                     <action selector="restartClick:" target="-2" id="NIy-Js-LHD"/>
                                 </connections>
                             </button>
-                            <button fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="LW1-vo-EUl">
-                                <rect key="frame" x="277" y="1" width="67" height="64"/>
-                                <autoresizingMask key="autoresizingMask" flexibleMinX="YES" flexibleMaxX="YES" flexibleMinY="YES" flexibleMaxY="YES"/>
-                                <buttonCell key="cell" type="bevel" title="WiFi" bezelStyle="rounded" image="RestartX" imagePosition="above" alignment="center" imageScaling="proportionallyDown" inset="2" id="pVM-6f-Z04">
-                                    <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
-                                    <font key="font" metaFont="system"/>
-                                </buttonCell>
-                                <color key="contentTintColor" red="0.99999600649999998" green="1" blue="1" alpha="1" colorSpace="custom" customColorSpace="sRGB"/>
-                            </button>
                             <button fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="2By-DW-YEU">
-                                <rect key="frame" x="401" y="1" width="90" height="64"/>
+                                <rect key="frame" x="244" y="1" width="119" height="64"/>
                                 <autoresizingMask key="autoresizingMask" flexibleMinX="YES" flexibleMaxX="YES" flexibleMinY="YES" flexibleMaxY="YES"/>
-                                <buttonCell key="cell" type="bevel" title="Login Window" bezelStyle="rounded" image="RestartX" imagePosition="above" alignment="center" imageScaling="proportionallyDown" inset="2" id="c0y-fU-B6x">
+                                <buttonCell key="cell" type="bevel" title="Mac Login Window" bezelStyle="rounded" image="loginwindow" imagePosition="above" alignment="center" imageScaling="proportionallyDown" inset="2" id="c0y-fU-B6x">
                                     <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
                                     <font key="font" metaFont="system"/>
                                 </buttonCell>
                                 <color key="contentTintColor" red="0.99999600649999998" green="1" blue="1" alpha="1" colorSpace="custom" customColorSpace="sRGB"/>
+                                <connections>
+                                    <action selector="resetToStandardLoginWindow:" target="-2" id="BdF-GG-oFz"/>
+                                </connections>
                             </button>
                         </subviews>
                         <constraints>
-                            <constraint firstAttribute="width" constant="500" id="aKl-rA-eDh"/>
+                            <constraint firstAttribute="width" constant="341" id="aKl-rA-eDh"/>
                             <constraint firstAttribute="height" constant="78" id="cmM-6M-FrE"/>
                         </constraints>
                     </customView>
                 </subviews>
                 <constraints>
-                    <constraint firstItem="sxl-0U-ne5" firstAttribute="centerY" secondItem="Tpj-ss-EMv" secondAttribute="centerY" constant="-0.5" id="2Wq-KM-ceX"/>
+                    <constraint firstItem="sxl-0U-ne5" firstAttribute="centerY" secondItem="Tpj-ss-EMv" secondAttribute="centerY" constant="-4.5" id="2Wq-KM-ceX"/>
                     <constraint firstItem="sxl-0U-ne5" firstAttribute="centerX" secondItem="Tpj-ss-EMv" secondAttribute="centerX" id="eIH-vl-2ht"/>
                 </constraints>
             </view>
@@ -84,5 +78,6 @@
     <resources>
         <image name="RestartX" width="32" height="32"/>
         <image name="ShutdownX" width="32" height="32"/>
+        <image name="loginwindow" width="41" height="31.5"/>
     </resources>
 </document>
diff --git a/XCredsLoginPlugIn/LoginWindow/LoginWindowControlsWindowController.swift b/XCredsLoginPlugIn/LoginWindow/LoginWindowControlsWindowController.swift
@@ -49,6 +49,16 @@ class LoginWindowControlsWindowController: NSWindowController {
         delegate.setHint(type: .user, hint: SpecialUsers.shutdown.rawValue)
         delegate.allowLogin()
     }
+    @IBAction func resetToStandardLoginWindow(_ sender: Any) {
+        TCSLog("resetting to standard login window")
+        guard let delegate = delegate else {
+            TCSLog("No delegate set for resetToStandardLoginWindow")
+            return
+        }
+        delegate.setHint(type: .user, hint: SpecialUsers.standardLoginWindow.rawValue)
+        delegate.allowLogin()
+    }
+
 
 }
 

diff --git a/XCredsLoginPlugIn/LoginWindow/images/loginwindow.png b/XCredsLoginPlugIn/LoginWindow/images/loginwindow.png
diff --git a/XCredsLoginPlugIn/LoginWindow/images/loginwindow@2x.png b/XCredsLoginPlugIn/LoginWindow/images/loginwindow@2x.png
diff --git a/XCredsLoginPlugIn/Mechanisms/XCredsBaseMechanism.swift b/XCredsLoginPlugIn/Mechanisms/XCredsBaseMechanism.swift
@@ -41,7 +41,7 @@ protocol XCredsMechanismProtocol {
             guard let userName = getHint(type: .user) as? String else {
                 return nil
             }
-            TCSLog("Computed nomadUser accessed: %{public}@")
+            TCSLog("Computed user accessed")
             return userName
         }
     }

diff --git a/XCredsLoginPlugIn/Mechanisms/XCredsPowerControlMechanism.swift b/XCredsLoginPlugIn/Mechanisms/XCredsPowerControlMechanism.swift
@@ -13,6 +13,7 @@ enum SpecialUsers: String {
     case sleep
     case restart
     case shutdown
+    case standardLoginWindow
 }
 
 class XCredsPowerControlMechanism: XCredsBaseMechanism {
@@ -21,7 +22,15 @@ class XCredsPowerControlMechanism: XCredsBaseMechanism {
         TCSLog("PowerControl mech starting")
 
         guard let userName = xcredsUser else {
-            TCSLog("No username was set somehow, pass the login to the next mech.")
+            if AuthorizationDBManager.shared.rightExists(right: "loginwindow:login"){
+                TCSLog("setting standard login back to XCreds login")
+                let _ = AuthorizationDBManager.shared.replace(right:"loginwindow:login", withNewRight: "XCredsLoginPlugin:LoginWindow")
+            }
+            else {
+                TCSLog("No username was set somehow, pass the login to the next mech.")
+
+            }
+
             let _ = allowLogin()
             return
         }
@@ -38,8 +47,21 @@ class XCredsPowerControlMechanism: XCredsBaseMechanism {
         case SpecialUsers.restart.rawValue:
             TCSLog("Restarting system")
             let _ = cliTask("/sbin/shutdown -r now")
+
+        case SpecialUsers.standardLoginWindow.rawValue:
+            TCSLog("Setting back to login window")
+            let res = AuthorizationDBManager.shared.replace(right:"XCredsLoginPlugin:LoginWindow", withNewRight: "loginwindow:login")
+
+            if res == false {
+                TCSLog("could not restore loginwindow right")
+                denyLogin()
+                return
+            }
+            let _ = cliTask("/usr/bin/killall loginwindow")
+
         default:
             TCSLog("No special users named. pass login to the next mech.")
+
             let _ = allowLogin()
         }
     }

diff --git a/XCredsLoginPlugIn/XCredsLoginPlugin.m b/XCredsLoginPlugIn/XCredsLoginPlugin.m
@@ -24,8 +24,7 @@ static OSStatus MechanismCreate(AuthorizationPluginRef inPlugin,
                                 AuthorizationEngineRef inEngine,
                                 AuthorizationMechanismId mechanismId,
                                 AuthorizationMechanismRef *outMechanism) {
-    [[TCSUnifiedLogger sharedLogger] setLogFolderName:@"/private/tmp"];
-    [[TCSUnifiedLogger sharedLogger] setLogFileName:@"xcreds.log"];
+    [[TCSUnifiedLogger sharedLogger] setLogFileURL:[NSURL fileURLWithPath:@"/tmp/xcreds.log"]];
     [[TCSUnifiedLogger sharedLogger] logString:[NSString stringWithFormat:@"%s %s:%d",__FUNCTION__, __FILE__,__LINE__] level:LOGLEVELDEBUG];
 
     return [authorizationPlugin MechanismCreate:inPlugin

diff --git a/xCreds.xcodeproj/project.pbxproj b/xCreds.xcodeproj/project.pbxproj
@@ -49,6 +49,9 @@
 		76BEF7F328724F120013E2A1 /* XCredsPowerControlMechanism.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F228724F120013E2A1 /* XCredsPowerControlMechanism.swift */; };
 		76BEF7F628724FA80013E2A1 /* NSTaskWrapper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F528724FA80013E2A1 /* NSTaskWrapper.swift */; };
 		76BEF7F82872504C0013E2A1 /* ContextAndHintHandling.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F72872504C0013E2A1 /* ContextAndHintHandling.swift */; };
+		76BEF7FA28726C700013E2A1 /* AuthorizationDBManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */; };
+		76BEF8002872A3030013E2A1 /* loginwindow@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7FE2872A3030013E2A1 /* loginwindow@2x.png */; };
+		76BEF8012872A3030013E2A1 /* loginwindow.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7FF2872A3030013E2A1 /* loginwindow.png */; };
 		76D7ADFB284EB15100332EBC /* TCSUnifiedLogger.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADF9284EB15000332EBC /* TCSUnifiedLogger.m */; };
 		76D7ADFE284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADFC284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m */; };
 		76DD6D17285997F300A700ED /* OIDCLite in Frameworks */ = {isa = PBXBuildFile; productRef = 76DD6D16285997F300A700ED /* OIDCLite */; };
@@ -131,6 +134,9 @@
 		76BEF7F228724F120013E2A1 /* XCredsPowerControlMechanism.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = XCredsPowerControlMechanism.swift; sourceTree = "<group>"; };
 		76BEF7F528724FA80013E2A1 /* NSTaskWrapper.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = NSTaskWrapper.swift; sourceTree = "<group>"; };
 		76BEF7F72872504C0013E2A1 /* ContextAndHintHandling.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ContextAndHintHandling.swift; sourceTree = "<group>"; };
+		76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = AuthorizationDBManager.swift; path = XCredsLoginPlugIn/LoginWindow/AuthorizationDBManager.swift; sourceTree = SOURCE_ROOT; };
+		76BEF7FE2872A3030013E2A1 /* loginwindow@2x.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = "loginwindow@2x.png"; sourceTree = "<group>"; };
+		76BEF7FF2872A3030013E2A1 /* loginwindow.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = loginwindow.png; sourceTree = "<group>"; };
 		76D7ADF9284EB15000332EBC /* TCSUnifiedLogger.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = TCSUnifiedLogger.m; sourceTree = "<group>"; };
 		76D7ADFA284EB15100332EBC /* TCSUnifiedLogger.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TCSUnifiedLogger.h; sourceTree = "<group>"; };
 		76D7ADFC284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "NSFileManager+TCSRealHomeFolder.m"; sourceTree = "<group>"; };
@@ -218,6 +224,7 @@
 		76BEF7F028724E520013E2A1 /* LoginWindow */ = {
 			isa = PBXGroup;
 			children = (
+				76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */,
 				76BEF7F128724EB60013E2A1 /* images */,
 				76BEF7DC2871F5F00013E2A1 /* TCSReturnWindow.h */,
 				76BEF7DB2871F5F00013E2A1 /* TCSReturnWindow.m */,
@@ -233,6 +240,8 @@
 		76BEF7F128724EB60013E2A1 /* images */ = {
 			isa = PBXGroup;
 			children = (
+				76BEF7FF2872A3030013E2A1 /* loginwindow.png */,
+				76BEF7FE2872A3030013E2A1 /* loginwindow@2x.png */,
 				76BEF7E6287202AF0013E2A1 /* ShutdownX.png */,
 				76BEF7E7287202AF0013E2A1 /* ShutdownX@2x.png */,
 				76BEF7E2287202080013E2A1 /* RestartX.png */,
@@ -436,9 +445,11 @@
 			isa = PBXResourcesBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
+				76BEF8002872A3030013E2A1 /* loginwindow@2x.png in Resources */,
 				766355D928711C51002E3867 /* defaults.plist in Resources */,
 				766355D52870F29A002E3867 /* TestWindowController.xib in Resources */,
 				76BEF7E4287202090013E2A1 /* RestartX.png in Resources */,
+				76BEF8012872A3030013E2A1 /* loginwindow.png in Resources */,
 				766355D12870EBAD002E3867 /* VerifyOIDCPassword.xib in Resources */,
 				76BEF7E8287202AF0013E2A1 /* ShutdownX.png in Resources */,
 				766355DE28713486002E3867 /* LoginWebView.xib in Resources */,
@@ -483,6 +494,7 @@
 				766355D42870F29A002E3867 /* TestWindowController.swift in Sources */,
 				766355C32870CB6F002E3867 /* XCredsLoginPlugin.m in Sources */,
 				766355CB2870E5E9002E3867 /* NSFileManager+TCSRealHomeFolder.m in Sources */,
+				76BEF7FA28726C700013E2A1 /* AuthorizationDBManager.swift in Sources */,
 				76BEF7E12871F74D0013E2A1 /* LoginWindowControlsWindowController.swift in Sources */,
 				76BEF7F628724FA80013E2A1 /* NSTaskWrapper.swift in Sources */,
 				766355DB287132E9002E3867 /* LoginWebViewController.swift in Sources */,

diff --git a/...deproj/project.xcworkspace/xcuserdata/tperfitt.xcuserdatad/UserInterfaceState.xcuserstate b/...deproj/project.xcworkspace/xcuserdata/tperfitt.xcuserdatad/UserInterfaceState.xcuserstate
diff --git a/xCreds.xcodeproj/xcshareddata/xcschemes/XCreds.xcscheme b/xCreds.xcodeproj/xcshareddata/xcschemes/XCreds.xcscheme
@@ -34,6 +34,7 @@
       buildConfiguration = "Debug"
       selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
       selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+      debugAsWhichUser = "root"
       launchStyle = "0"
       useCustomWorkingDirectory = "NO"
       ignoresPersistentStateOnLaunch = "NO"