Fix keychain partition list for macOS 12->

[einar-bin] / addfollowmeprint.sh

diff --git a/addfollowmeprint.sh b/addfollowmeprint.sh
index f422c52549916e4f120697be7037030a57b232d3..226900c0a475f746d1ee6cb12614bd02b70b7ef2 100755 (executable)
--- a/addfollowmeprint.sh
+++ b/addfollowmeprint.sh
@@ -3,6 +3,8 @@
 # The targeted and tested distros are: Debian, Ubuntu (and derivates), Fedora, CentOS, OpenSUSE and Mint
 # Copyright © 2017-2019 einar.haraldseid@ntnu.no
 
 # The targeted and tested distros are: Debian, Ubuntu (and derivates), Fedora, CentOS, OpenSUSE and Mint
 # Copyright © 2017-2019 einar.haraldseid@ntnu.no
 

+# LibreOffice has some problems on Linux, see https://bugs.documentfoundation.org/show_bug.cgi?id=126604
+

 # Documentation
 function usage {
   echo "Usage: ./$(basename "${0}") [OPTIONS]"
 # Documentation
 function usage {
   echo "Usage: ./$(basename "${0}") [OPTIONS]"


@@ -257,7 +259,7 @@ if [ "${Uname}" = "darwin" ]; then
   fi
   ShareFound=$(smbutil view "//${Workgroup};${Username}:${Password}@${PrintServer}" 2>/dev/null | grep ${PrintFile} | cut -d " " -f 1)
   if [ "${ShareFound}" != "${PrintFile}" ]; then
   fi
   ShareFound=$(smbutil view "//${Workgroup};${Username}:${Password}@${PrintServer}" 2>/dev/null | grep ${PrintFile} | cut -d " " -f 1)
   if [ "${ShareFound}" != "${PrintFile}" ]; then

-    printerror "Could not find printer share called ${PrintFile} on the server" 
+    printerror "Could not find printer share called ${PrintFile} on the server"

     printerror "This script must be broken or outdated. Please contact orakel@ntnu.no for further assistance."
     exit 1
   fi
     printerror "This script must be broken or outdated. Please contact orakel@ntnu.no for further assistance."
     exit 1
   fi


@@ -275,6 +277,7 @@ if [ "${Uname}" = "linux" ]; then
   else
     PrinterShare="smb://${Workgroup}/${PrintServer}/${PrintFile}"
     AuthInfo="username,password"
   else
     PrinterShare="smb://${Workgroup}/${PrintServer}/${PrintFile}"
     AuthInfo="username,password"

+    echo -e "\nNOTE: Due to the way credentials are stored and accessed on Linux, some print operations will still halt for credentials, notably the \"Print test page\" function and printing from LibreOffice. In those cases, supply your normal NTNU username and password. If this becomes too tedious, you can try using the --plaintext option.\n"

   fi
   if ! sudo lpadmin  -p ${QueueName} \
    -D "FollowMe print queue at NTNU" \
   fi
   if ! sudo lpadmin  -p ${QueueName} \
    -D "FollowMe print queue at NTNU" \


@@ -315,12 +318,15 @@ if [ "${Uname}" = "darwin" ]; then
 
   # Add credentials to the keychain if they are missing
   # Shamelessly stolen^W^WBorrowed from https://github.com/Orakeltjenesten/scripts/blob/33abfb353524f449f0bbdee27adb2f1f0a9756a2/print/ntnuprint-mac.sh
 
   # Add credentials to the keychain if they are missing
   # Shamelessly stolen^W^WBorrowed from https://github.com/Orakeltjenesten/scripts/blob/33abfb353524f449f0bbdee27adb2f1f0a9756a2/print/ntnuprint-mac.sh

-  # TODO: Since we should have a known-good username and password at this stage it's unwise to re-use the existing credentials, can we simply drop the test?
-  if ! security find-internet-password -s ${PrintServer} >/dev/null 2>&1; then
-    security -v add-internet-password -a "${Workgroup}\\${Username}" -s ${PrintServer} \
-     -w "${Password}" -D "Network Password" -r "smb " -l "${QueueName}" \
-     -T /System/Library/CoreServices/NetAuthAgent.app -T 'group://NetAuth' \
-     -T /System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthSysAgent >/dev/null 2>&1
+  security -v add-internet-password -U -a "${Workgroup}\\${Username}" -s "${PrintServer}" \
+   -w "${Password}" -D "Network Password" -r "smb " -l "${QueueName}" \
+   -T /System/Library/CoreServices/NetAuthAgent.app -T 'group://NetAuth' \
+   -T /System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthSysAgent >/dev/null 2>&1
+
+  # Make sure the password has the correct ACL ref https://mostlikelee.com/blog-1/2017/9/16/scripting-the-macos-keychain-partition-ids
+  OS_Min_Vers=$(sw_vers | grep ProductVersion | awk '{print $2}' | cut -d "." -f2)
+  if [ "${OS_Min_Vers}" -ge 12 ]; then
+    security set-generic-password-partition-list -S "apple-tool:,apple:" -s "${PrintServer}" -k "${Password}"

   fi
 fi
 
   fi
 fi
 


@@ -337,7 +343,3 @@ if ! sudo lpadmin -d ${QueueName}; then
 fi
 
 echo "Printer successfully installed."
 fi
 
 echo "Printer successfully installed."

-
-if [ "${Uname}" = "linux" ] && [ "${Plaintext}" != "YES" ]; then
-  echo -e "\nPlease note: due to the way credentials are stored and accessed on Linux, some print operations will still halt for credentials, notably the \"Print test page\" function. In those cases, supply your normal NTNU username and password."
-fi