Posted on 10-07-2019 04:59 PM
I recently wrote an extension attribute to check for the existence of a certificate in a user's keychain. I can run it without issue locally, and via policy, but when running it as an EA, no response is written to the computer record:
#!/bin/bash
CERTNAME="Okta MTLS"
currentUser=$(/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");')
query=$(security find-certificate -a /Users/$currentUser/Library/Keychains/okta.keychain | awk -F'"' '/alis/{print $4}')
if [ "$query" == "$CERTNAME" ]; then
result="Yes"
else
result="No"
fi
echo "$result"
I've also tried to grab the current user's name another way:
currentUser=$(ls -l /dev/console | cut -d " " -f4)
Lastly, I tried writing the output to a txt file and simply cat'ing it via an extension attribute, all to no avail.
No matter what, my extension attribute shows no result in the computer record.
Any tips or suggestions greatly appreciated.
Solved! Go to Solution.
Posted on 10-07-2019 08:00 PM
First thing is, Extension Attributes require that the result be surrounded by proper tags for it to populate in the computer record. Try changing echo "$result"
to echo "<result>$result</result>"
Second, if that doesn't work for some reason, you may have to run the security command as the user, not as root, which is what it would typically be running as when an inventory collection happens.
But try making that first necessary change and see if it fixes it.
Posted on 10-07-2019 08:00 PM
First thing is, Extension Attributes require that the result be surrounded by proper tags for it to populate in the computer record. Try changing echo "$result"
to echo "<result>$result</result>"
Second, if that doesn't work for some reason, you may have to run the security command as the user, not as root, which is what it would typically be running as when an inventory collection happens.
But try making that first necessary change and see if it fixes it.
Posted on 10-08-2019 02:31 PM
The tags were the problem, thanks for the quick response!