forked from lonjee88/BreakGlassAdmin
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Extension Attribute.sh
30 lines (25 loc) · 2.01 KB
/
Extension Attribute.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
#!/bin/bash
: HEADER = <<'EOL'
██████╗ ██████╗ ██████╗██╗ ██╗███████╗████████╗███╗ ███╗ █████╗ ███╗ ██╗
██╔══██╗██╔═══██╗██╔════╝██║ ██╔╝██╔════╝╚══██╔══╝████╗ ████║██╔══██╗████╗ ██║
██████╔╝██║ ██║██║ █████╔╝ █████╗ ██║ ██╔████╔██║███████║██╔██╗ ██║
██╔══██╗██║ ██║██║ ██╔═██╗ ██╔══╝ ██║ ██║╚██╔╝██║██╔══██║██║╚██╗██║
██║ ██║╚██████╔╝╚██████╗██║ ██╗███████╗ ██║ ██║ ╚═╝ ██║██║ ██║██║ ╚████║
╚═╝ ╚═╝ ╚═════╝ ╚═════╝╚═╝ ╚═╝╚══════╝ ╚═╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═══╝
EOL
## In the Breakglass Admin script, if local storage is used, the password
## is stored in a plist with the following ownership/permissions:
## root:wheel - 600 (owner=rwx, all others=no access)
## The default location is "/Library/Preferences" with the default name:
## tech.rocketman.{{EXTATTR}}.plist
## where {{EXTATTR}} is the name provided in the policy.
## The name specified below must match the one used in your policies.
ATTRIBUTE="tech.rocketman.breakglassadmin.plist"
FIELDNAME="Password"
EXTATTRPLIST="/Library/Preferences/${ATTRIBUTE}"
if [[ -f "${EXTATTRPLIST}" ]]; then
RESULT=$(/usr/bin/defaults read "${EXTATTRPLIST}" ${FIELDNAME})
else
RESULT="WARNING: Unable to read file. Will try again at next inventory."
fi
echo "<result>${RESULT}</result>"