From 2ddb8419d3a56ed081843dd498a3dfad9ea3a1ef Mon Sep 17 00:00:00 2001 From: =?utf8?q?Einar=20J=C3=B8rgen=20Haraldseid?= Date: Thu, 10 Oct 2019 11:10:09 +0200 Subject: [PATCH 1/1] Fix keychain partition list for macOS 12-> --- addfollowmeprint.sh | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/addfollowmeprint.sh b/addfollowmeprint.sh index 3807927..226900c 100755 --- a/addfollowmeprint.sh +++ b/addfollowmeprint.sh @@ -318,12 +318,15 @@ if [ "${Uname}" = "darwin" ]; then # Add credentials to the keychain if they are missing # Shamelessly stolen^W^WBorrowed from https://github.com/Orakeltjenesten/scripts/blob/33abfb353524f449f0bbdee27adb2f1f0a9756a2/print/ntnuprint-mac.sh - # TODO: Since we should have a known-good username and password at this stage it's unwise to re-use the existing credentials, can we simply drop the test? - if ! security find-internet-password -s ${PrintServer} >/dev/null 2>&1; then - security -v add-internet-password -a "${Workgroup}\\${Username}" -s ${PrintServer} \ - -w "${Password}" -D "Network Password" -r "smb " -l "${QueueName}" \ - -T /System/Library/CoreServices/NetAuthAgent.app -T 'group://NetAuth' \ - -T /System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthSysAgent >/dev/null 2>&1 + security -v add-internet-password -U -a "${Workgroup}\\${Username}" -s "${PrintServer}" \ + -w "${Password}" -D "Network Password" -r "smb " -l "${QueueName}" \ + -T /System/Library/CoreServices/NetAuthAgent.app -T 'group://NetAuth' \ + -T /System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthSysAgent >/dev/null 2>&1 + + # Make sure the password has the correct ACL ref https://mostlikelee.com/blog-1/2017/9/16/scripting-the-macos-keychain-partition-ids + OS_Min_Vers=$(sw_vers | grep ProductVersion | awk '{print $2}' | cut -d "." -f2) + if [ "${OS_Min_Vers}" -ge 12 ]; then + security set-generic-password-partition-list -S "apple-tool:,apple:" -s "${PrintServer}" -k "${Password}" fi fi -- 2.30.2