Be more smarter when deciding when to lock screen

[einar-bin] / addfollowmeprint.sh

diff --git a/addfollowmeprint.sh b/addfollowmeprint.sh
index 8f0b2f981d0ab2c4cf6335e423e5fbffb6630344..f50b1d0136d28d6fe594aa674033c8f8bdc56b62 100755 (executable)
--- a/addfollowmeprint.sh
+++ b/addfollowmeprint.sh
@@ -3,6 +3,8 @@
 # The targeted and tested distros are: Debian, Ubuntu (and derivates), Fedora, CentOS, OpenSUSE and Mint
 # Copyright © 2017-2019 einar.haraldseid@ntnu.no
 
 # The targeted and tested distros are: Debian, Ubuntu (and derivates), Fedora, CentOS, OpenSUSE and Mint
 # Copyright © 2017-2019 einar.haraldseid@ntnu.no
 

+# LibreOffice has some problems on Linux, see https://bugs.documentfoundation.org/show_bug.cgi?id=126604
+

 # Documentation
 function usage {
   echo "Usage: ./$(basename "${0}") [OPTIONS]"
 # Documentation
 function usage {
   echo "Usage: ./$(basename "${0}") [OPTIONS]"


@@ -222,9 +224,9 @@ echo "This script will add a new printer called ${QueueName}, connecting to the
 print server ${PrintServer} using your user name and password from NTNU."
 
 # Get username and password
 print server ${PrintServer} using your user name and password from NTNU."
 
 # Get username and password

-printf "User name: "
+printf "NTNU User name: "

 read -r Username
 read -r Username

-printf "Password: "
+printf "NTNU Password: "

 Settings=$(stty -g)
 stty -echo
 read -r Password
 Settings=$(stty -g)
 stty -echo
 read -r Password


@@ -311,18 +313,24 @@ if [ "${Uname}" = "darwin" ]; then
     exit 1
   fi
 
     exit 1
   fi
 

-  sudo cupsenable "${QueueName}"
-  sudo cupsaccept "${QueueName}"
-

   # Add credentials to the keychain if they are missing
   # Shamelessly stolen^W^WBorrowed from https://github.com/Orakeltjenesten/scripts/blob/33abfb353524f449f0bbdee27adb2f1f0a9756a2/print/ntnuprint-mac.sh
   # Add credentials to the keychain if they are missing
   # Shamelessly stolen^W^WBorrowed from https://github.com/Orakeltjenesten/scripts/blob/33abfb353524f449f0bbdee27adb2f1f0a9756a2/print/ntnuprint-mac.sh

-  # TODO: Since we should have a known-good username and password at this stage it's unwise to re-use the existing credentials, can we simply drop the test?
-  if ! security find-internet-password -s ${PrintServer} >/dev/null 2>&1; then
-    security -v add-internet-password -a "${Workgroup}\\${Username}" -s ${PrintServer} \
-     -w "${Password}" -D "Network Password" -r "smb " -l "${QueueName}" \
-     -T /System/Library/CoreServices/NetAuthAgent.app -T 'group://NetAuth' \
-     -T /System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthSysAgent >/dev/null 2>&1
+  security -v add-internet-password -U -a "${Workgroup}\\${Username}" -s "${PrintServer}" \
+   -w "${Password}" -D "Network Password" -r "smb " -l "${QueueName}" \
+   -T /System/Library/CoreServices/NetAuthAgent.app -T 'group://NetAuth' \
+   -T /System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthSysAgent >/dev/null 2>&1
+
+  # Make sure the password has the correct ACL ref https://mostlikelee.com/blog-1/2017/9/16/scripting-the-macos-keychain-partition-ids
+  OS_Min_Vers=$(sw_vers | grep ProductVersion | awk '{print $2}' | cut -d "." -f2)
+  if [ "${OS_Min_Vers}" -ge 12 ]; then
+    echo -e "\nNOTE: You need to provide your local Mac password again here in order to give the printing system access to your credentials.\n"
+    security set-internet-password-partition-list -S "apple-tool:,apple:" -s "${PrintServer}" > /dev/null

   fi
   fi

+
+  sudo cupsenable "${QueueName}"
+  sudo cupsaccept "${QueueName}"
+  sudo launchctl stop org.cups.cupsd
+  sudo launchctl start org.cups.cupsd

 fi
 
 # Set correct paper size and enable the duplexer option
 fi
 
 # Set correct paper size and enable the duplexer option