-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathkeychain-piv.sh
More file actions
53 lines (44 loc) · 2.65 KB
/
keychain-piv.sh
File metadata and controls
53 lines (44 loc) · 2.65 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
#!/bin/bash
fvstatus=$(fdesetup status)
if [[ "$fvstatus" == "FileVault is On." ]]; then
echo "FV ON"
else
echo "FV OFF"
/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -title "Filevault Off" -description "FileVault is NOT enabled. No synchronization for smartcard is required." -button1 "Ok" -defaultButton 1 -icon /System/Library/CoreServices/Problem\ Reporter.app/Contents/Resources/ProblemReporter.icns
exit 0
fi
GUIUSER="$(/usr/sbin/scutil <<< "show State:/Users/ConsoleUser" | awk -F': ' '/[[:space:]]+Name[[:space:]]:/ { if ( $2 != "loginwindow" ) { print $2 }}' )"
echo $GUIUSER
GUIUID=$(id -u $GUIUSER)
echo $GUIUID
hash=$(launchctl asuser $GUIUID sc_auth identities | awk '/ PIV /{print $1}')
echo $hash
if [ -z $hash ]; then
echo "No PIV detected"
/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -title "No PIV Detected" -description "No smartcard detected. Please try again.
If problems continue, try these 2 steps.
1. Take the card out and re-insert
2. Unplug the reader and plug back in
Then try again." -button1 "Ok" -defaultButton 1 -icon /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/GenericNetworkIcon.icns
exit 1
fi
sc_auth filevault -o disable -u $GUIUSER
echo $?
sudo -u $GUIUSER launchctl asuser $GUIUID sc_auth filevault -o enable -u $GUIUSER -h $hash
echo $?
fvstatus="$(sc_auth filevault -o status -u $GUIUSER)"
if [[ "$fvstatus" =~ "not present" ]]; then
echo "FAIL"
if [[ "$(arch)" == "arm64" ]]; then
/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -title "Failure" -description "Filevault and the Keychain failed to update." -button1 "Ok" -defaultButton 1 -icon /System/Library/CoreServices/Problem\ Reporter.app/Contents/Resources/ProblemReporter.icns
else
/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -title "Failure" -description "The Keychain failed to update. " -button1 "Ok" -defaultButton 1 -icon /System/Library/CoreServices/Problem\ Reporter.app/Contents/Resources/ProblemReporter.icns
fi
else
/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -title "Success" -description 'Everything has updated successfully!' -button1 "Ok" -defaultButton 1 -icon '/System/Applications/Utilities/Keychain Access.app/Contents/Resources/AppIcon.icns'
echo "SUCCESS"
fi
diskutil apfs updatePreboot /
domain=$(launchctl asuser $GUIUID app-sso -l | awk -F '<string>|</string>' '{print $2}' | xargs)
launchctl asuser $GUIUID app-sso -d $domain
killall AppSSOAgent