Posted on 02-27-2020 12:52 AM
Hi mates.
I have this script running that is supposed to generate internet password entries to the current user's login keychain for specified (internal) websites, after prompting for the user's password:
#!/bin/sh
## postinstall
pathToScript=$0
pathToPackage=$1
targetLocation=$2
targetVolume=$3
# Your company's logo, in ICNS format. (For use in AppleScript messages.)
# Use standard UNIX path format: /path/to/file.icns
logoIcns="/usr/local/jamf/bin/app.icns"
# The title of the message that will be displayed to the user.
# Not too long, or it'll get clipped.
promptTitle="App Setup"
# Convert POSIX path of logo icon to Mac path for AppleScript
logoIcns="$(osascript -e 'tell application "System Events" to return POSIX file "'"$logoIcns"'" as text')"
userName=$(stat -f%Su /dev/console)
# Check the OS version.
osMajor=$(sw_vers -productVersion | awk -F . '{print $1}')
osMinor=$(sw_vers -productVersion | awk -F . '{print $2}')
if [[ "$osMajor" -ne 10 || "$osMinor" -lt 9 ]]; then
echo "[ERROR] OS version not 10.9+ or OS version unrecognized."
sw_vers -productVersion
BAIL=true
fi
# Get information necessary to display messages in the current user's context.
userId=$(id -u "$userName")
if [[ "$osMajor" -eq 10 && "$osMinor" -le 9 ]]; then
lId=$(pgrep -x -u "$userId" loginwindow)
lMethod="bsexec"
elif [[ "$osMajor" -eq 10 && "$osMinor" -gt 9 ]]; then
lId=$userId
lMethod="asuser"
fi
sleep 10
userPassword="$(launchctl "$lMethod" "$lId" osascript -e 'display dialog "App needs your user password for adding necessary entries to your login keychain. Please enter your user password:" default answer "" with title "'"${promptTitle//"/\"}"'" giving up after 86400 with text buttons {"OK"} default button 1 with hidden answer with icon file "'"${logoIcns//"/\"}"'"' -e 'return text returned of result')"
security unlock-keychain -p $userPassword /Users/$userName/Library/Keychains/login.keychain
security add-internet-password -l site1.ourserver.com -a $userName -w $userPassword -r "htps" -s site1.ourserver.com -A
security add-internet-password -l site2.ourserver.com -a $userName -w $userPassword -r "http" -s site2.ourserver.com -A
security add-internet-password -l site3.ourserver.com -a $userName -w $userPassword -r "htps" -s site3.ourserver.com -A
exit 0 ## Success
exit 1 ## Failure
The script obviously does what it is supposed to do. It generates internet password entries for the specified websites.
However, when I try to access the sites afterwards, it is still prompting for the credentials, just ignoring the already existing entries. When I enter the credentials and tick "remember my password"; it generates new entries in the keychain that look like exact duplicates of the ones previously generated via script. Does anyone have a clue why this might be happening? Anything else I need to do?
Any ideas?
Thank you and enjoy your weekend.
Chris