add fix for FV and < 10.14.2

77c19baa · Joel Rennich · aeedcabb · 77c19baa · 77c19baa
Commit 77c19baa authored Dec 05, 2018 by Joel Rennich
Hide whitespace changes
Inline Side-by-side

Showing with 63 additions and 1 deletion

Mechs/CreateUser.swift Mechs/CreateUser.swift +62 -0

NoMADLogin-AD/Info.plist NoMADLogin-AD/Info.plist +1 -1

No files found.
--- a/Mechs/CreateUser.swift
+++ b/Mechs/CreateUser.swift
@@ -230,6 +230,13 @@ class CreateUser: NoLoMechanism {
                let errorText = error.localizedDescription
                os_log("Unable to add user to administrators group: %{public}@", log: createUserLog, type: .error, errorText)
            }
+            
+            if isFdeEnabled() == false {
+                if #available(OSX 10.14, *) {
+                    addSecureToken(shortName, pass)
+                }
+            }
+            
        }
        
        os_log("User creation complete for: %{public}@", log: createUserLog, type: .debug, shortName)
@@ -407,4 +414,59 @@ class CreateUser: NoLoMechanism {
            }
        }
    }
+    
+    fileprivate func addSecureToken(_ shortName: String, _ pass: String?) {
+        //MARK: 10.14 fix
+        // check for 10.14
+        // check for no existing local users?
+        // - perhaps looking for diskutil apfs listcryptousers /
+        //     if a user already has a token, this will fail anyway
+        // - gate behind a pref key?
+        
+        // attempt to add token to user
+        
+        
+        os_log("Attempting to add a token to new user.", log: createUserLog, type: .default)
+        
+        let launchPath = "/usr/sbin/sysadminctl"
+        
+        var args = [
+            "-secureTokenOn",
+            shortName,
+            "-password",
+            pass ?? "",
+            "-adminUser",
+            shortName,
+            "-adminPassword",
+            pass ?? ""
+        ]
+        
+        let result = cliTask(launchPath, arguments: args, waitForTermination: true)
+        os_log("sysdaminctl result: @{public}%", log: createUserLog, type: .debug, result)
+        args = [
+            "********",
+            "********",
+            "********",
+            "********",
+            "********",
+            "********",
+            "********",
+            "********"
+        ]
+    }
+    
+    fileprivate func isFdeEnabled() -> Bool {
+        
+        // check to see if FV is already running
+        
+        let launchPath = "/usr/bin/fdesetup"
+        let args = [
+            "status"
+        ]
+        if cliTask(launchPath, arguments: args, waitForTermination: true).contains("FileVault is Off") {
+            return false
+        } else {
+            return true
+        }
+    }
 }
--- a/NoMADLogin-AD/Info.plist
+++ b/NoMADLogin-AD/Info.plist
@@ -17,7 +17,7 @@
 	<key>CFBundleShortVersionString</key>
 	<string>1.2.2b1</string>
 	<key>CFBundleVersion</key>
-	<string>312</string>
+	<string>313</string>
 	<key>NSHumanReadableCopyright</key>
 	<string>Copyright © 2018 Orchard &amp; Grove. All rights reserved.</string>
 	<key>NSPrincipalClass</key>