git.slaskete.net / einar-bin / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Automatisk lÄsing av skjerm
[einar-bin] / addfollowmeprint.sh
diff --git a/addfollowmeprint.sh b/addfollowmeprint.sh
index 3807927139f1b5ef2e9747f96e40c85e632b616f..f50b1d0136d28d6fe594aa674033c8f8bdc56b62 100755 (executable)
--- a/addfollowmeprint.sh
+++ b/addfollowmeprint.sh
@@ -224,9 +224,9 @@ echo "This script will add a new printer called ${QueueName}, connecting to the
 print server ${PrintServer} using your user name and password from NTNU."
 
 # Get username and password
 print server ${PrintServer} using your user name and password from NTNU."
 
 # Get username and password
-printf "User name: "
+printf "NTNU User name: "
 read -r Username
 read -r Username
-printf "Password: "
+printf "NTNU Password: "
 Settings=$(stty -g)
 stty -echo
 read -r Password
 Settings=$(stty -g)
 stty -echo
 read -r Password
@@ -313,18 +313,24 @@ if [ "${Uname}" = "darwin" ]; then
     exit 1
   fi
 
     exit 1
   fi
 
-  sudo cupsenable "${QueueName}"
-  sudo cupsaccept "${QueueName}"
-
   # Add credentials to the keychain if they are missing
   # Shamelessly stolen^W^WBorrowed from https://github.com/Orakeltjenesten/scripts/blob/33abfb353524f449f0bbdee27adb2f1f0a9756a2/print/ntnuprint-mac.sh
   # Add credentials to the keychain if they are missing
   # Shamelessly stolen^W^WBorrowed from https://github.com/Orakeltjenesten/scripts/blob/33abfb353524f449f0bbdee27adb2f1f0a9756a2/print/ntnuprint-mac.sh
-  # TODO: Since we should have a known-good username and password at this stage it's unwise to re-use the existing credentials, can we simply drop the test?
-  if ! security find-internet-password -s ${PrintServer} >/dev/null 2>&1; then
-    security -v add-internet-password -a "${Workgroup}\\${Username}" -s ${PrintServer} \
-     -w "${Password}" -D "Network Password" -r "smb " -l "${QueueName}" \
-     -T /System/Library/CoreServices/NetAuthAgent.app -T 'group://NetAuth' \
-     -T /System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthSysAgent >/dev/null 2>&1
+  security -v add-internet-password -U -a "${Workgroup}\\${Username}" -s "${PrintServer}" \
+   -w "${Password}" -D "Network Password" -r "smb " -l "${QueueName}" \
+   -T /System/Library/CoreServices/NetAuthAgent.app -T 'group://NetAuth' \
+   -T /System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthSysAgent >/dev/null 2>&1
+
+  # Make sure the password has the correct ACL ref https://mostlikelee.com/blog-1/2017/9/16/scripting-the-macos-keychain-partition-ids
+  OS_Min_Vers=$(sw_vers | grep ProductVersion | awk '{print $2}' | cut -d "." -f2)
+  if [ "${OS_Min_Vers}" -ge 12 ]; then
+    echo -e "\nNOTE: You need to provide your local Mac password again here in order to give the printing system access to your credentials.\n"
+    security set-internet-password-partition-list -S "apple-tool:,apple:" -s "${PrintServer}" > /dev/null
   fi
   fi
+
+  sudo cupsenable "${QueueName}"
+  sudo cupsaccept "${QueueName}"
+  sudo launchctl stop org.cups.cupsd
+  sudo launchctl start org.cups.cupsd
 fi
 
 # Set correct paper size and enable the duplexer option
 fi
 
 # Set correct paper size and enable the duplexer option
Various scripts and utilities found in my $HOME/bin - mostly bash hacks