security add-internet-password - script-generated entries simply ignored

mucgyver-old
New Contributor III

Hi mates.

I have this script running that is supposed to generate internet password entries to the current user's login keychain for specified (internal) websites, after prompting for the user's password:

#!/bin/sh
## postinstall

pathToScript=$0
pathToPackage=$1
targetLocation=$2
targetVolume=$3

# Your company's logo, in ICNS format. (For use in AppleScript messages.)
# Use standard UNIX path format:  /path/to/file.icns
logoIcns="/usr/local/jamf/bin/app.icns"

# The title of the message that will be displayed to the user.
# Not too long, or it'll get clipped.
promptTitle="App Setup"

# Convert POSIX path of logo icon to Mac path for AppleScript
logoIcns="$(osascript -e 'tell application "System Events" to return POSIX file "'"$logoIcns"'" as text')"

userName=$(stat -f%Su /dev/console)

# Check the OS version.
osMajor=$(sw_vers -productVersion | awk -F . '{print $1}')
osMinor=$(sw_vers -productVersion | awk -F . '{print $2}')
if [[ "$osMajor" -ne 10 || "$osMinor" -lt 9 ]]; then
    echo "[ERROR] OS version not 10.9+ or OS version unrecognized."
    sw_vers -productVersion
    BAIL=true
fi

# Get information necessary to display messages in the current user's context.
userId=$(id -u "$userName")
if [[ "$osMajor" -eq 10 && "$osMinor" -le 9 ]]; then
    lId=$(pgrep -x -u "$userId" loginwindow)
    lMethod="bsexec"
elif [[ "$osMajor" -eq 10 && "$osMinor" -gt 9 ]]; then
    lId=$userId
    lMethod="asuser"
fi

sleep 10

userPassword="$(launchctl "$lMethod" "$lId" osascript -e 'display dialog "App needs your user password for adding necessary entries to your login keychain. Please enter your user password:" default answer "" with title "'"${promptTitle//"/\"}"'" giving up after 86400 with text buttons {"OK"} default button 1 with hidden answer with icon file "'"${logoIcns//"/\"}"'"' -e 'return text returned of result')"

security unlock-keychain -p $userPassword /Users/$userName/Library/Keychains/login.keychain

security add-internet-password -l site1.ourserver.com -a $userName -w $userPassword -r "htps" -s site1.ourserver.com -A
security add-internet-password -l site2.ourserver.com -a $userName -w $userPassword -r "http" -s site2.ourserver.com -A
security add-internet-password -l site3.ourserver.com -a $userName -w $userPassword -r "htps" -s site3.ourserver.com -A

exit 0      ## Success
exit 1      ## Failure

The script obviously does what it is supposed to do. It generates internet password entries for the specified websites.

However, when I try to access the sites afterwards, it is still prompting for the credentials, just ignoring the already existing entries. When I enter the credentials and tick "remember my password"; it generates new entries in the keychain that look like exact duplicates of the ones previously generated via script. Does anyone have a clue why this might be happening? Anything else I need to do?

Any ideas?

Thank you, and take care.
Chris

0 REPLIES 0