Skip to content

Commit

Permalink
Uploading Privileges 1.5.3 source code, which includes new management…
Browse files Browse the repository at this point in the history 
… options for the ReasonRequired management key.

Uploading Privileges 1.5.3 source code, which includes new management options for the ReasonRequired management key. Also uploading an updated Example_ReasonRequired macOS configuration profile which includes the new management options.
  • Loading branch information
@rtrouton
rtrouton committed Jun 15, 2022
1 parent d99f52c commit 803c1c6
Show file tree
Hide file tree
Showing 41 changed files with 594 additions and 323 deletions.
195 changes: 115 additions & 80 deletions application_management/example_profiles/ReasonRequired/Example_ReasonRequired.mobileconfig
View file
Original file line number Diff line number Diff line change
@@ -1,83 +1,118 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadContent</key>
<dict>
<key>corp.sap.privileges</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<!--
key: ReasonRequired
value: a boolean
If set to true, the user must provide a reason for needing admin rights.
The reason will be logged.
-->
<key>ReasonRequired</key>
<true/>
<!--
key: ReasonMinLength
value: a positive integer
If "ReasonRequired" is set to true, this key specifies the minimum number
of characters the user has to enter as the reason for becoming an admin.
If not set, the value defaults to 10. The text field is limited to a
maximum of 100 characters, so values greater than 100 have no effect.
Please be aware that enabling this option, disables the "Toggle Privileges"
entry in the Privileges Dock tile menu.
-->
<key>ReasonMinLength</key>
<integer>5</integer>
</dict>
</dict>
</array>
</dict>
</dict>
<key>PayloadDescription</key>
<string/>
<key>PayloadDisplayName</key>
<string>Privileges configuration</string>
<key>PayloadEnabled</key>
<true/>
<key>PayloadIdentifier</key>
<string>com.apple.ManagedClient.preferences.36132147-235E-4663-ADA8-2664C67C4DD2</string>
<key>PayloadOrganization</key>
<string>SAP SE</string>
<key>PayloadType</key>
<string>com.apple.ManagedClient.preferences</string>
<key>PayloadUUID</key>
<string>36132147-235E-4663-ADA8-2664C67C4DD2</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string>Configures the Privileges app.</string>
<key>PayloadDisplayName</key>
<string>Privileges configuration</string>
<key>PayloadEnabled</key>
<true/>
<key>PayloadIdentifier</key>
<string>CF401A42-35CA-4DA6-9123-5A49C87ECB5A</string>
<key>PayloadOrganization</key>
<string>SAP SE</string>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>50870D16-7AAD-478B-BFFE-BED09499F7E0</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadContent</key>
<dict>
<key>corp.sap.privileges</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<!--
key: ReasonRequired
value: a boolean
If set to true, the user must provide a reason for needing admin rights.
The reason will be logged.
-->
<key>ReasonRequired</key>
<true />
<!--
key: ReasonMinLength
value: a positive integer below 100
If "ReasonRequired" is set to true, this key specifies the minimum number
of characters the user has to enter as the reason for becoming an admin.
If not set, the value defaults to 10. The text field is limited to a
maximum of 100 characters, so values greater than 100 have no effect.
Please be aware that enabling this option, disables the "Toggle Privileges"
entry in the Privileges Dock tile menu.
-->
<key>ReasonMinLength</key>
<integer>20</integer>
<!--
key: ReasonMaxLength
value: a positive integer below 100
If "ReasonRequired" is set to true, this key specifies the maximum number
of characters the user can enter as the reason for becoming an admin.
If not set, the value defaults to 100. If a value > 100 is specified or
if "ReasonMaxLength" is <= "ReasonMinLength", the value is set to default.
-->
<key>ReasonMaxLength</key>
<integer>30</integer>
<!--
key: ReasonPresetList
value: an array of strings
If "ReasonRequired" is set to true, this key allows to pre-define a list
of possible reasons (for becoming an admin) the user can choose from. If
set, an additional pop-up menu will appear in the dialog box. This only
works for the GUI version of Privileges.
-->
<key>ReasonPresetList</key>
<array>
<dict>
<key>default</key>
<string>Just for fun</string>
</dict>
<dict>
<key>default</key>
<string>For installing software</string>
</dict>
<dict>
<key>default</key>
<string>Don't know</string>
</dict>
</array>
</dict>
</dict>
</array>
</dict>
</dict>
<key>PayloadDescription</key>
<string />
<key>PayloadDisplayName</key>
<string>Privileges configuration</string>
<key>PayloadEnabled</key>
<true />
<key>PayloadIdentifier</key>
<string>com.apple.ManagedClient.preferences.36132147-235E-4663-ADA8-2664C67C4DD2</string>
<key>PayloadOrganization</key>
<string>SAP SE</string>
<key>PayloadType</key>
<string>com.apple.ManagedClient.preferences</string>
<key>PayloadUUID</key>
<string>36132147-235E-4663-ADA8-2664C67C4DD2</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string>Configures the Privileges app.</string>
<key>PayloadDisplayName</key>
<string>Privileges configuration</string>
<key>PayloadEnabled</key>
<true />
<key>PayloadIdentifier</key>
<string>CF401A42-35CA-4DA6-9123-5A49C87ECB5A</string>
<key>PayloadOrganization</key>
<string>SAP SE</string>
<key>PayloadRemovalDisallowed</key>
<true />
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>50870D16-7AAD-478B-BFFE-BED09499F7E0</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
42 changes: 42 additions & 0 deletions source/Constants.h
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
/*
Constants.h
Copyright 2022 SAP SE
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

#define kMTAdminGroupID 80
#define kMTDockTimeoutDefault 20
#define kMTReasonMinLengthDefault 10
#define kMTReasonMaxLengthDefault 100
#define kMTFixedTimeoutValues @[@0, @5, @10, @20, @60]

#define kMTDefaultsToggleTimeout @"DockToggleTimeout"
#define kMTDefaultsToggleMaxTimeout @"DockToggleMaxTimeout"
#define kMTDefaultsEnforcePrivileges @"EnforcePrivileges"
#define kMTDefaultsAuthRequired @"RequireAuthentication"
#define kMTDefaultsLimitToUser @"LimitToUser"
#define kMTDefaultsLimitToGroup @"LimitToGroup"
#define kMTDefaultsRequireReason @"ReasonRequired"
#define kMTDefaultsReasonMinLength @"ReasonMinLength"
#define kMTDefaultsReasonMaxLength @"ReasonMaxLength"
#define kMTDefaultsReasonPresets @"ReasonPresetList"
#define kMTDefaultsRemoteLogging @"RemoteLogging"
#define kMTDefaultsRLServerType @"ServerType"
#define kMTDefaultsRLServerAddress @"ServerAddress"
#define kMTDefaultsRLServerPort @"ServerPort"
#define kMTDefaultsRLEnableTCP @"EnableTCP"
#define kMTDefaultsRLSyslogOptions @"SyslogOptions"
#define kMTDefaultsRLSyslogFacility @"LogFacility"
#define kMTDefaultsRLSyslogSeverity @"LogSeverity"
#define kMTDefaultsRLSyslogMaxSize @"MaximumMessageSize"
6 changes: 1 addition & 5 deletions source/MTAuthCommon.h
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
/*
MTAuthCommon.h
Copyright 2016-2020 SAP SE
Copyright 2016-2022 SAP SE
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -62,8 +62,4 @@
*/
+ (NSString*)getSigningAuthorityWithError:(NSError**)error;

#define ADMIN_GROUP_ID 80
#define DEFAULT_DOCK_TIMEOUT 20
#define FIXED_TIMEOUT_VALUES {0, 5, 10, 20, 60}

@end
2 changes: 1 addition & 1 deletion source/MTAuthCommon.m
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
/*
MTAuthCommon.m
Copyright 2016-2020 SAP SE
Copyright 2016-2022 SAP SE
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
Expand Down
2 changes: 1 addition & 1 deletion source/MTIdentity.h
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
/*
MTIdentity.h
Copyright 2016-2020 SAP SE
Copyright 2016-2022 SAP SE
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
Expand Down
2 changes: 1 addition & 1 deletion source/MTIdentity.m
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
/*
MTIdentity.m
Copyright 2016-2020 SAP SE
Copyright 2016-2022 SAP SE
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
Expand Down
Loading

0 comments on commit 803c1c6

Please sign in to comment.