Commit c0b94d6b authored by Joel Rennich's avatar Joel Rennich

Merge branch 'develop' into 'master'

Merge 1.3.0

See merge request !63
parents a8ff99b1 28e11b8e
Pipeline #53663564 passed with stage
in 1 minute and 56 seconds
......@@ -2,7 +2,7 @@
"Mac" : [
{
"name" : "NoMAD_ADAuth",
"hash" : "d15a5ad01c1b4f6a6fcdbeccef7a3661649a3c6b7a5c65d690dd42812b9467bb"
"hash" : "4a766a8f684f71b2b3b1c8a5e02b7ec22982b0798ef955d1f4ada1939f890b2e"
}
],
"watchOS" : [
......
// Generated by Apple Swift version 4.2.1 (swiftlang-1000.11.42 clang-1000.11.45.1)
// Generated by Apple Swift version 5.0 effective-4.2 (swiftlang-1001.0.69.5 clang-1001.0.46.3)
#pragma clang diagnostic push
#pragma clang diagnostic ignored "-Wgcc-compat"
......@@ -20,7 +20,7 @@
#endif
#pragma clang diagnostic ignored "-Wauto-import"
#include <objc/NSObject.h>
#include <Foundation/Foundation.h>
#include <stdint.h>
#include <stddef.h>
#include <stdbool.h>
......@@ -163,6 +163,9 @@ typedef unsigned int swift_uint4 __attribute__((__ext_vector_type__(4)));
# define SWIFT_DEPRECATED_OBJC(Msg) SWIFT_DEPRECATED_MSG(Msg)
#endif
#if __has_feature(modules)
#if __has_warning("-Watimport-in-framework-header")
#pragma clang diagnostic ignored "-Watimport-in-framework-header"
#endif
@import Foundation;
@import ObjectiveC;
#endif
......
......@@ -3,7 +3,7 @@
<plist version="1.0">
<dict>
<key>BuildMachineOSBuild</key>
<string>18D42</string>
<string>18E194d</string>
<key>CFBundleDevelopmentRegion</key>
<string>en</string>
<key>CFBundleExecutable</key>
......@@ -27,17 +27,17 @@
<key>DTCompiler</key>
<string>com.apple.compilers.llvm.clang.1_0</string>
<key>DTPlatformBuild</key>
<string>10B61</string>
<string>10E125</string>
<key>DTPlatformVersion</key>
<string>GM</string>
<key>DTSDKBuild</key>
<string>18B71</string>
<string>18E219</string>
<key>DTSDKName</key>
<string>macosx10.14</string>
<key>DTXcode</key>
<string>1010</string>
<string>1020</string>
<key>DTXcodeBuild</key>
<string>10B61</string>
<string>10E125</string>
<key>NSHumanReadableCopyright</key>
<string>Copyright © 2018 Orchard &amp; Grove. All rights reserved.</string>
</dict>
......
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadOrganization</key>
<string>NoLo</string>
<key>PayloadDisplayName</key>
<string>NoLo sample</string>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadIdentifier</key>
<string>4E9128EE-18BA-4669-891A-643F929AA7CB</string>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadEnabled</key>
<true/>
<key>PayloadIdentifier</key>
<string>C5EB392A-957E-491D-936D-8228052697B7</string>
<key>PayloadDescription</key>
<string>NoLo UserInput Settings</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadType</key>
<string>menu.nomad.login.ad</string>
<key>PayloadUUID</key>
<string>C5EB392A-957E-491D-936D-8228052697B7</string>
<key>PayloadDisplayName</key>
<string>NoLo Settings</string>
<key>PayloadOrganization</key>
<string>NoMAD</string>
<key>UserInputUI</key>
<dict>
<key>TextFields</key>
<array>
<dict>
<key>title</key>
<string>User Name</string>
<key>placeholder</key>
<string>user@domain.com</string>
</dict>
<dict>
<key>title</key>
<string>Password</string>
<key>placeholder</key>
<string>something secure</string>
</dict>
</array>
<key>PopUps</key>
<array>
<dict>
<key>title</key>
<string>Pop Up One</string>
<key>Items</key>
<array>
<string>Minneapolis</string>
<string>Austin</string>
<string>New York</string>
<string>Los Angeles</string>
<string>Peoria</string>
</array>
</dict>
</array>
<key>Button</key>
<dict>
<key>title</key>
<string>Get r' Done</string>
</dict>
</dict>
</dict>
</array>
<key>PayloadUUID</key>
<string>4E9128EE-18BA-4669-891A-643F929AA7CB</string>
<key>PayloadEnabled</key>
<true/>
<key>PayloadDescription</key>
<string></string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
\ No newline at end of file
......@@ -178,6 +178,8 @@ class EULAUI : NSWindowController {
if error != noErr {
os_log("Got error setting authentication result", log: uiLog, type: .error)
}
backgroundWindow.close()
effectWindow.close()
NSApp.abortModal()
self.window?.close()
}
......@@ -225,7 +227,13 @@ class EULAUI : NSWindowController {
defer: true)
effectWindow.contentView = effectView
effectWindow.alphaValue = 0.8
if let backgroundImageAlpha = getManagedPreference(key: .BackgroundImageAlpha) as? Int {
effectWindow.alphaValue = CGFloat(Double(backgroundImageAlpha) * 0.1)
} else {
effectWindow.alphaValue = 0.8
}
effectWindow.orderFrontRegardless()
effectWindow.canBecomeVisibleWithoutLogin = true
}
......
......@@ -24,7 +24,7 @@
<window allowsToolTipsWhenApplicationIsInactive="NO" autorecalculatesKeyViewLoop="NO" restorable="NO" releasedWhenClosed="NO" animationBehavior="default" id="QvC-M9-y7g">
<windowStyleMask key="styleMask" titled="YES"/>
<rect key="contentRect" x="196" y="240" width="706" height="449"/>
<rect key="screenRect" x="0.0" y="0.0" width="1440" height="877"/>
<rect key="screenRect" x="0.0" y="0.0" width="1920" height="1057"/>
<view key="contentView" wantsLayer="YES" id="EiT-Mj-1SZ">
<rect key="frame" x="0.0" y="0.0" width="706" height="449"/>
<autoresizingMask key="autoresizingMask"/>
......
......@@ -52,8 +52,8 @@ class RunScript : NoLoMechanism {
}
} else if arg == "<<Principal>>" {
if let setupAdminPass = getHint(type: .kerberos_principal) as? String {
cleanArgs.append(setupAdminPass)
if let principal = getHint(type: .kerberos_principal) as? String {
cleanArgs.append(principal)
} else {
cleanArgs.append(kArgError)
}
......
......@@ -20,6 +20,7 @@
1AA58F02216611BD00431201 /* EULAUI.xib in Resources */ = {isa = PBXBuildFile; fileRef = 1AA58EF42166104400431201 /* EULAUI.xib */; };
1AA58F03216611C100431201 /* UserInputUI.swift in Sources */ = {isa = PBXBuildFile; fileRef = 1AA58EEA2166101100431201 /* UserInputUI.swift */; };
1AA58F04216611C400431201 /* UserInputUI.xib in Resources */ = {isa = PBXBuildFile; fileRef = 1AA58EEB2166101100431201 /* UserInputUI.xib */; };
1AACDAE02217B72B006D8A65 /* NoLoUserInput Sample.mobileconfig in Resources */ = {isa = PBXBuildFile; fileRef = 1AACDADF2217B72A006D8A65 /* NoLoUserInput Sample.mobileconfig */; };
1AF15E8721B1F85E00D36F3E /* NoLoWindow.swift in Sources */ = {isa = PBXBuildFile; fileRef = 1AF15E8621B1F85E00D36F3E /* NoLoWindow.swift */; };
9C0A3EA41FF2CCD70030A04F /* LoggingDefinitions.swift in Sources */ = {isa = PBXBuildFile; fileRef = 9C0A3EA31FF2CCD70030A04F /* LoggingDefinitions.swift */; };
9C468F812006A95400A475FC /* Preferences.swift in Sources */ = {isa = PBXBuildFile; fileRef = 9C468F802006A95400A475FC /* Preferences.swift */; };
......@@ -76,6 +77,7 @@
1AA58EF8216610B300431201 /* UserInput.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = UserInput.swift; sourceTree = "<group>"; };
1AA58EFA216610C300431201 /* Notify.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Notify.swift; sourceTree = "<group>"; };
1AA58EFC216610C700431201 /* RunScript.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = RunScript.swift; sourceTree = "<group>"; };
1AACDADF2217B72A006D8A65 /* NoLoUserInput Sample.mobileconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; path = "NoLoUserInput Sample.mobileconfig"; sourceTree = "<group>"; };
1AF15E8621B1F85E00D36F3E /* NoLoWindow.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = NoLoWindow.swift; sourceTree = "<group>"; };
9C0A3EA31FF2CCD70030A04F /* LoggingDefinitions.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = LoggingDefinitions.swift; sourceTree = "<group>"; };
9C2F03601FEB0B9A0036C08C /* README.md */ = {isa = PBXFileReference; lastKnownFileType = net.daringfireball.markdown; path = README.md; sourceTree = "<group>"; };
......@@ -147,6 +149,14 @@
path = EULA;
sourceTree = "<group>";
};
1AACDADE2217B71C006D8A65 /* ConfigSamples */ = {
isa = PBXGroup;
children = (
1AACDADF2217B72A006D8A65 /* NoLoUserInput Sample.mobileconfig */,
);
path = ConfigSamples;
sourceTree = "<group>";
};
9C97401C1FC5DE4500D9EAE6 /* evaluate-mechanisms */ = {
isa = PBXGroup;
children = (
......@@ -161,6 +171,7 @@
9CBDCF921FC4CEE300CF73F4 = {
isa = PBXGroup;
children = (
1AACDADE2217B71C006D8A65 /* ConfigSamples */,
9C2F03601FEB0B9A0036C08C /* README.md */,
1AA58EEC2166104400431201 /* Notify */,
1AA58EF22166104400431201 /* EULA */,
......@@ -306,6 +317,7 @@
isa = PBXResourcesBuildPhase;
buildActionMask = 2147483647;
files = (
1AACDAE02217B72B006D8A65 /* NoLoUserInput Sample.mobileconfig in Resources */,
1AA58F02216611BD00431201 /* EULAUI.xib in Resources */,
1AA58F04216611C400431201 /* UserInputUI.xib in Resources */,
1AA58EFE216611AF00431201 /* NoLoNotify.xib in Resources */,
......
......@@ -15,9 +15,9 @@
<key>CFBundlePackageType</key>
<string>BNDL</string>
<key>CFBundleShortVersionString</key>
<string>1.2.3</string>
<string>1.3.0</string>
<key>CFBundleVersion</key>
<string>321</string>
<string>335</string>
<key>NSHumanReadableCopyright</key>
<string>Copyright © 2019 Orchard &amp; Grove. All rights reserved.</string>
<key>NSPrincipalClass</key>
......
......@@ -182,7 +182,13 @@ class NoLoNotify : NSWindowController, TrackerDelegate {
defer: true)
effectWindow.contentView = effectView
effectWindow.alphaValue = 0.8
if let backgroundImageAlpha = getManagedPreference(key: .BackgroundImageAlpha) as? Int {
effectWindow.alphaValue = CGFloat(Double(backgroundImageAlpha) * 0.1)
} else {
effectWindow.alphaValue = 0.8
}
effectWindow.orderFrontRegardless()
effectWindow.canBecomeVisibleWithoutLogin = true
}
......@@ -407,6 +413,8 @@ class NoLoNotify : NSWindowController, TrackerDelegate {
/// - Parameter authResult:`Authorizationresult` enum value that indicates if login should proceed.
fileprivate func completeLogin(authResult: AuthorizationResult) {
let _ = mech?.fPlugin.pointee.fCallbacks.pointee.SetResult((mech?.fEngine)!, authResult)
backgroundWindow.close()
effectWindow.close()
NSApp.abortModal()
self.window?.close()
}
......
......@@ -21,6 +21,38 @@ For those of you that are new to NoLo, the basic features are:
* Display a EULA for users to accept on login
* Create a keychain item for NoMAD
## What's new in 1.3.0
* `BackgroundImageAlpha` an Integer from 0-10 which determines the alpha value for the background image in 10% increments, i.e. a value of `3` would be a 30% alpha
This was broken before and is now fixed.
* `DenyLocal` Boolean determines if local user accounts are allowed to sign in, or if all auth is forced through AD.
* `DenyLocalExcluded` Array or strings of user shortnames that will be allowed to authenticate locally instead of via AD.
* `DenyLoginUnlessGroupMember` Array of strings of AD group names. When an AD user is authenticating, only allow login if the user is a member of one of these groups.
* `EnableFDERecoveryKeyPath` String of a folder path where the recovery key will be stored. NoLo will create this folder if it does not already exist.
* `EnableFDERekey` Boolean that determines if the FileVault personal recovery key should be rotated when a valid FileVault user signs in.
* `LDAPServers` Array of strings of LDAP servers that you would like to use for AD authentication instead of using SRV record lookup.
* `LoginLogoAlpha` an Integer from 0-10 which determines the alpha value for the logo image in 10% increments, i.e. a value of `3` would be a 30% alpha
This was broken before and is now fixed.
* `LoginLogoData` is working again.
* `NotifyLogStyle` Takes a string of `jamf`, `filewave`, `munki` or `none` and will add the appropriate log file to the the Notify mechanism.
* `ScriptPath` Path to a script for the RunScript mechanism to run.
* `ScriptArgs` Array of strings of arguments to give the script being run by the RunScript mechanism. `<<User>>` will be replaced with the current user's shortname, `<<First>>` with the current user's first name, `<<Last>>` with the current user's last name, `<<Principal>>` with the current user's Kerberos principal.
* `UseCNForFullName` Use the the user's cn from AD instead of attempting to create the user name from the first and last name attributes of the user's AD record.
* `UsernameFieldPlaceholder` text to place into the user field in the loginwindow to give a hint as to what to enter.
* `UserInputOutputPath` string determining the path where the `userinfo.plist` will be written.
* `UserInputUI` a rather complicated dictionary that contains the settings for up to 4 text fields and 4 pop up buttons that will be shown during the UserInput mechanism. Look in the ConfigSamples folder in the source for an example of this configuration profile.
* `UserInputLogo` path to a logo file to use for the UserInput mechanism.
* `UserInputTitle` string for the UserInput mechanism title.
* `UserInputMainText` string for the UserInput text.
### New Mechanisms
* `NoMADLoginAD:RunScript` will run a script of your choosing as set by the preferences. This is typically marked as `privileged` to allow the script to run as root.
* `NoMADLoginAD:Notify` runs the Notify screen. See the DEPNotify project for more information.
* `NoMADLoginAD:UserInput` displays up to 4 text fields and 4 pull down menus to allow the user to enter information during the login process.
### Other changes
* The Demobilize mechanism will work with mobile accounts from other services than just Apple's AD plugin.
* The Demobilze and Notify mechanisms can be used without the NoMAD Login login window UI.
## What's new in 1.2.2
* Built product with current Swift SDK.
......
......@@ -99,33 +99,7 @@ class SignIn: NSWindowController {
effectWindow.contentView = effectView
if let backgroundImageAlpha = getManagedPreference(key: .BackgroundImageAlpha) as? Int {
switch backgroundImageAlpha {
case 0 :
effectWindow.alphaValue = 0.0
case 1 :
effectWindow.alphaValue = 0.1
case 2 :
effectWindow.alphaValue = 0.2
case 3 :
effectWindow.alphaValue = 0.3
case 4 :
effectWindow.alphaValue = 0.4
case 5 :
effectWindow.alphaValue = 0.5
case 6 :
effectWindow.alphaValue = 0.6
case 7 :
effectWindow.alphaValue = 0.7
case 8 :
effectWindow.alphaValue = 0.8
case 9 :
effectWindow.alphaValue = 0.9
case 10 :
effectWindow.alphaValue = 1.0
default :
effectWindow.alphaValue = 1.0
}
effectWindow.alphaValue = CGFloat(Double(backgroundImageAlpha) * 0.1)
} else {
effectWindow.alphaValue = 0.8
}
......@@ -382,7 +356,7 @@ class SignIn: NSWindowController {
}
@IBAction func changePassowrd(_ sender: Any) {
@IBAction func ChangePassword(_ sender: Any) {
guard newPassword.stringValue == newPasswordConfirmation.stringValue else {
os_log("New passwords didn't match", log: uiLog, type: .error)
alertText.stringValue = "New passwords don't match"
......@@ -530,6 +504,7 @@ extension SignIn: NoMADUserSessionDelegate {
if passChanged {
os_log("Password change failed.", log: uiLog, type: .default)
os_log("Password change failure description: %{public}@", log: uiLog, type: .error, description)
oldPassword.isEnabled = true
newPassword.isEnabled = true
newPasswordConfirmation.isEnabled = true
......@@ -573,15 +548,15 @@ extension SignIn: NoMADUserSessionDelegate {
os_log("Checking for DenyLogin groups", log: uiLog, type: .debug)
if let adminGroups = getManagedPreference(key: .DenyLoginUnlessGroupMember) as? [String] {
os_log("Found a CreateAdminIfGroupMember key value: %{public}@ ", log: uiLog, type: .debug, adminGroups)
if let allowedGroups = getManagedPreference(key: .DenyLoginUnlessGroupMember) as? [String] {
os_log("Found a DenyLoginUnlessGroupMember key value: %{public}@ ", log: uiLog, type: .debug, allowedGroups.debugDescription)
// set the allowed login to false for now
allowedLogin = false
user.groups.forEach { group in
if adminGroups.contains(group) {
if allowedGroups.contains(group) {
allowedLogin = true
os_log("User is a member of %{public}@ group. Setting allowedLogin = true ", log: uiLog, type: .debug, group)
}
......@@ -605,7 +580,6 @@ extension SignIn: NoMADUserSessionDelegate {
} else {
authFail()
alertText.stringValue = "Not authorized to login."
showResetUI()
}
}
}
......
......@@ -27,7 +27,7 @@
<customObject id="-3" userLabel="Application" customClass="NSObject"/>
<window allowsToolTipsWhenApplicationIsInactive="NO" autorecalculatesKeyViewLoop="NO" releasedWhenClosed="NO" animationBehavior="default" titlebarAppearsTransparent="YES" id="F0z-JX-Cv5" customClass="NoLoWindow" customModule="NoMADLoginAD" customModuleProvider="target">
<rect key="contentRect" x="276" y="219" width="521" height="511"/>
<rect key="screenRect" x="0.0" y="0.0" width="1440" height="877"/>
<rect key="screenRect" x="0.0" y="0.0" width="1920" height="1057"/>
<view key="contentView" wantsLayer="YES" id="se5-gp-TjO">
<rect key="frame" x="0.0" y="0.0" width="521" height="511"/>
<autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
......@@ -166,7 +166,7 @@ DQ
</string>
</buttonCell>
<connections>
<action selector="changePassowrd:" target="-2" id="Dep-hk-DUa"/>
<action selector="ChangePassword:" target="-2" id="Dep-hk-DUa"/>
</connections>
</button>
<stackView distribution="fillEqually" orientation="horizontal" alignment="bottom" spacing="19" horizontalStackHuggingPriority="249.99998474121094" verticalStackHuggingPriority="249.99998474121094" detachesHiddenViews="YES" translatesAutoresizingMaskIntoConstraints="NO" id="UUS-jL-biV">
......
......@@ -262,7 +262,13 @@ class UserInputUI : NSWindowController {
defer: true)
effectWindow.contentView = effectView
effectWindow.alphaValue = 0.8
if let backgroundImageAlpha = getManagedPreference(key: .BackgroundImageAlpha) as? Int {
effectWindow.alphaValue = CGFloat(Double(backgroundImageAlpha) * 0.1)
} else {
effectWindow.alphaValue = 0.8
}
effectWindow.orderFrontRegardless()
effectWindow.canBecomeVisibleWithoutLogin = true
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment