Fix keychain partition list for macOS 12->

diff --git a/addfollowmeprint.sh b/addfollowmeprint.sh
index 3807927139f1b5ef2e9747f96e40c85e632b616f..226900c0a475f746d1ee6cb12614bd02b70b7ef2 100755 (executable)
--- a/addfollowmeprint.sh
+++ b/addfollowmeprint.sh
@@ -318,12 +318,15 @@ if [ "${Uname}" = "darwin" ]; then
 
   # Add credentials to the keychain if they are missing
   # Shamelessly stolen^W^WBorrowed from https://github.com/Orakeltjenesten/scripts/blob/33abfb353524f449f0bbdee27adb2f1f0a9756a2/print/ntnuprint-mac.sh
-  # TODO: Since we should have a known-good username and password at this stage it's unwise to re-use the existing credentials, can we simply drop the test?
-  if ! security find-internet-password -s ${PrintServer} >/dev/null 2>&1; then
-    security -v add-internet-password -a "${Workgroup}\\${Username}" -s ${PrintServer} \
-     -w "${Password}" -D "Network Password" -r "smb " -l "${QueueName}" \
-     -T /System/Library/CoreServices/NetAuthAgent.app -T 'group://NetAuth' \
-     -T /System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthSysAgent >/dev/null 2>&1
+  security -v add-internet-password -U -a "${Workgroup}\\${Username}" -s "${PrintServer}" \
+   -w "${Password}" -D "Network Password" -r "smb " -l "${QueueName}" \
+   -T /System/Library/CoreServices/NetAuthAgent.app -T 'group://NetAuth' \
+   -T /System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthSysAgent >/dev/null 2>&1
+
+  # Make sure the password has the correct ACL ref https://mostlikelee.com/blog-1/2017/9/16/scripting-the-macos-keychain-partition-ids
+  OS_Min_Vers=$(sw_vers | grep ProductVersion | awk '{print $2}' | cut -d "." -f2)
+  if [ "${OS_Min_Vers}" -ge 12 ]; then
+    security set-generic-password-partition-list -S "apple-tool:,apple:" -s "${PrintServer}" -k "${Password}"
   fi
 fi