Recreate Login Keychain via GUI
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-12-2018 06:12 PM
Hello Friends,
When I execute the script no dialog box appears. I am using jamfHelper & Applescript for this.
I think I am missing some important things. Please suggest .
My script is below.
!/bin/bash
#
Name: recreate_keychain.sh
Description: This script deletes the user's login.keychain, prompts
the current user for their password, and then creates
a new keychain. Uses Applescript dialog and jamfHelper
for notifications and password prompt.
################################## VARIABLES ###############################
Your company's logo, in PNG format. (For use in jamfHelper messages.)
Use standard UNIX path format: /path/to/file.png
LOGO_PNG=“/Users/navepand/Desktop/Shell_Script/AppIcon.png"
Your company's logo, in ICNS format. (For use in AppleScript messages.)
Use standard UNIX path format: /path/to/file.icns
LOGO_ICNS="/Applications/Utilities/Keychain Access.app/Contents/Resources/AppIcon.icns"
The title of the message that will be displayed to the user.
Not too long, or it'll get clipped.
PROMPT_TITLE="Keychain Repair"
The body of the message that will be displayed before prompting the user for
their password. All message strings below can be multiple lines.
PROMPT_MESSAGE="We will now repair your login Keychain on this Mac.Click the Next button below, then enter your Mac's password when prompted."
The body of the message that will be displayed after 5 incorrect passwords.
FORGOT_PW_MESSAGE="You made five incorrect password attempts.Please contact the Help Desk at it.amazon.com for help with your Mac password."
The body of the message that will be displayed after successful completion.
SUCCESS_MESSAGE="Thank you! Your Keychain has been repaired."
################## VALIDATION AND ERROR CHECKING ##################
Suppress errors for the duration of this script. (This prevents JAMF Pro from
marking a policy as "failed" if the words "fail" or "error" inadvertently
appear in the script output.)
exec 2>/dev/null
BAIL=false
Make sure the custom logos have been received successfully
if [[ ! -f "$LOGO_ICNS" ]]; then
echo "[ERROR] Custom logo icon not present: $LOGO_ICNS"
BAIL=true
fi
if [[ ! -f "$LOGO_PNG" ]]; then
echo "[ERROR] Custom logo PNG not present: $LOGO_PNG"
BAIL=true
fi
Convert POSIX path of logo icon to Mac path for AppleScript
LOGO_ICNS="$(osascript -e 'tell application "System Events" to return POSIX file "'"$LOGO_ICNS"'" as text')"
Bail out if jamfHelper doesn't exist.
jamfHelper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"
if [[ ! -x "$jamfHelper" ]]; then
echo "[ERROR] jamfHelper not found."
BAIL=true
fi
Check the OS version.
OS_MAJOR=$(sw_vers -productVersion | awk -F . '{print $1}')
OS_MINOR=$(sw_vers -productVersion | awk -F . '{print $2}')
if [[ "$OS_MAJOR" -ne 10 || "$OS_MINOR" -lt 9 ]]; then
echo "[ERROR] OS version not 10.9+ or OS version unrecognized."
sw_vers -productVersion
BAIL=true
fi
Get the logged in user's name
CURRENT_USER="$(stat -f%Su /dev/console)"
########################## MAIN PROCESS ###########################
Get information necessary to display messages in the current user's context.
USER_ID=$(id -u "$CURRENT_USER")
if [[ "$OS_MAJOR" -eq 10 && "$OS_MINOR" -le 9 ]]; then
L_ID=$(pgrep -x -u "$USER_ID" loginwindow)
L_METHOD="bsexec"
elif [[ "$OS_MAJOR" -eq 10 && "$OS_MINOR" -gt 9 ]]; then
L_ID=USER_ID
L_METHOD="asuser"
fi
Display a branded prompt explaining the password prompt.
echo "Alerting user $CURRENT_USER about incoming password prompt..."
launchctl "$L_METHOD" "$L_ID" "$jamfHelper" -windowType "hud" -icon "$LOGO_PNG" -title "$PROMPT_TITLE" -description "$PROMPT_MESSAGE" -button1 "Next" -defaultButton 1 -startlaunchd &>/dev/null
Get the name of the users keychain - some messy sed and awk to set up the correct name for security to like
KEYCHAIN=$(su $CURRENT_USER -c "security list-keychains" | grep login | sed -e 's/"//g' | sed -e 's/// /g' | awk '{print $NF}')
Go delete the keychain in question...
su $CURRENT_USER -c "security delete-keychain $KEYCHAIN"
Get the logged in user's password via a prompt.
echo "Prompting $CURRENT_USER for their Mac password..."
USER_PASS="$(launchctl "$L_METHOD" "$L_ID" osascript -e 'display dialog "Please enter the password you use to log in to your Mac:" default answer "" with title "'"${PROMPT_TITLE//"/\"}"'" giving up after 86400 with text buttons {"OK"} default button 1 with hidden answer with icon file "'"${LOGO_ICNS//"/\"}"'"' -e 'return text returned of result')"
Now password validation loop.
TRY=1
until dscl /Search -authonly "$CURRENT_USER" "$USER_PASS" &>/dev/null; do
(( TRY++ ))
echo "Prompting $CURRENT_USER for their Mac password (attempt $TRY)..."
USER_PASS="$(launchctl "$L_METHOD" "$L_ID" osascript -e 'display dialog "Sorry, that password was incorrect. Please try again:" default answer "" with title "'"${PROMPT_TITLE//"/\"}"'" giving up after 86400 with text buttons {"OK"} default button 1 with hidden answer with icon file "'"${LOGO_ICNS//"/\"}"'"' -e 'return text returned of result')"
if (( TRY >= 5 )); then
echo "[ERROR] Password prompt unsuccessful after 5 attempts. Displaying "forgot password" message..."
launchctl "$L_METHOD" "$L_ID" "$jamfHelper" -windowType "utility" -icon "$LOGO_PNG" -title "$PROMPT_TITLE" -description "$FORGOT_PW_MESSAGE" -button1 'OK' -defaultButton 1 -timeout 30 -startlaunchd &>/dev/null &
exit 1
fi
done
echo "Successfully prompted for Mac password."
Translate XML reserved characters to XML friendly representations.
USER_PASS_XML=$(echo "$USER_PASS" | sed -e 's~&~&~g' -e 's~<~<~g' -e 's~>~>~g' -e 's~"~"~g' -e "s~'~'~g" )
Create the new login keychain
expect <<- DONE set timeout -1 spawn su $CURRENT_USER -c "security create-keychain login.keychain"
# Look for prompt
expect "?chain:"
# Send user-entered password from prompt
send "$USER_PASS_XML
"
expect "?chain:"
send "$USER_PASS_XML
"
expect EOF
DONE
Set the newly created login.keychain as the users default keychain
su $CURRENT_USER -c "security default-keychain -s login.keychain"
echo "Displaying "success" message..."
launchctl "$L_METHOD" "$L_ID" "$jamfHelper" -windowType "utility" -icon "$LOGO_PNG" -title "$PROMPT_TITLE" -description "$SUCCESS_MESSAGE" -button1 'OK' -defaultButton 1 -timeout 30 -startlaunchd &>/dev/null &
exit 0
