ruby-jss 2.1.0 → 2.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGES.md +12 -0
- data/lib/jamf/api/classic/api_objects/distribution_point.rb +17 -41
- data/lib/jamf/api/classic/api_objects/policy.rb +77 -55
- data/lib/jamf/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: efe85ea732df2a1ce119273c532084459fdb9ebe6316d62ab7afa533d9c4adc8
|
4
|
+
data.tar.gz: e42de1baecb51f2886d704e63818d24063d4332a0b17170c2977aa3e336656a5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6a0874d08b6c7fc3aa93c207c81ab3a09c0b822e5f035ddb5192144d04fbe3a846db6c6528a8150cd81a2ee9f994155d4b7ba396d11ef7ecf565c9330b99aae6
|
7
|
+
data.tar.gz: fb3bdf758de69f290974def92a42ff279f1c98611373116304fbe618b0536f59361d892c3444db88c952c2208bb7cfbf0763cba8a959bd84cffb3ca5f8bee8e7
|
data/CHANGES.md
CHANGED
@@ -14,6 +14,18 @@ __Please update all installations of ruby-jss to at least v1.6.0.__
|
|
14
14
|
|
15
15
|
Many many thanks to actae0n of Blacksun Hackers Club for reporting this issue and providing examples of how it could be exploited.
|
16
16
|
|
17
|
+
--------
|
18
|
+
|
19
|
+
## \[2.1.1] - 2022-11-07
|
20
|
+
|
21
|
+
### Fixed & Deprecated
|
22
|
+
|
23
|
+
- The classic API no longer includes SHA256 hashes of various passwords - the data value is there, but only contains a string of asterisks. As such, ruby-jss can no longer use those to validate some passwords before trying to use them. The methods doing so are still present, but only return `true`. If an incorrect password is given, the underlying process that uses it will fail on its own.
|
24
|
+
These methods will be removed in a future version of ruby-jss:
|
25
|
+
- `Jamf::DistributionPoint#check_pw` Used mostly by the `Jamf::DistributionPoint#mount` method
|
26
|
+
- `Jamf::Policy.verify_management_password`
|
27
|
+
|
28
|
+
|
17
29
|
## \[2.1.0] - 2022-10-10
|
18
30
|
|
19
31
|
### Added
|
@@ -259,8 +259,8 @@ module Jamf
|
|
259
259
|
attr_reader :ssh_password_sha256
|
260
260
|
|
261
261
|
def initialize(**args)
|
262
|
-
super
|
263
|
-
|
262
|
+
super
|
263
|
+
|
264
264
|
@ip_address = @init_data[:ip_address]
|
265
265
|
@local_path = @init_data[:local_path]
|
266
266
|
@enable_load_balancing = @init_data[:enable_load_balancing]
|
@@ -294,44 +294,28 @@ module Jamf
|
|
294
294
|
|
295
295
|
@port = @init_data[:ssh_password]
|
296
296
|
|
297
|
-
# Note, as of Casper 9.3:
|
298
|
-
# :management_password_md5=>"xxxxx"
|
299
|
-
# and
|
300
|
-
# :management_password_sha256=> "xxxxxxxxxx"
|
301
|
-
# Are the read/write password
|
302
|
-
#
|
303
|
-
# An empty passwd is
|
304
|
-
# MD5 = d41d8cd98f00b204e9800998ecf8427e
|
305
|
-
# SHA256 = e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
306
|
-
#
|
307
|
-
# Seemms the read-only pw isn't available in the API
|
308
|
-
|
309
297
|
# if we mount for fileservice, where's the mountpoint?
|
310
298
|
@mountpoint = DEFAULT_MOUNTPOINT_DIR + "#{DEFAULT_MOUNTPOINT_PREFIX}#{@id}"
|
311
299
|
end # init
|
312
300
|
|
313
|
-
#
|
301
|
+
# @deprecated The API no longer sends SHA256 hashed password data, and instead
|
302
|
+
# only has a string of asterisks, meaning we can no longer use it to validate
|
303
|
+
# passwords before attempting to use them. Instead, the processes that use
|
304
|
+
# them, e.g. mounting a Dist. Point, will fail on their own if the pw is not
|
305
|
+
# valid.
|
314
306
|
#
|
315
|
-
#
|
307
|
+
# This method remains defined for backward-compatibility with any existing
|
308
|
+
# code that calls it. but it will always return true. It will be removed in
|
309
|
+
# a future version
|
316
310
|
#
|
317
|
-
# @param
|
311
|
+
# @param user[Symbol] ignored
|
318
312
|
#
|
319
|
-
# @
|
320
|
-
# nil is returned if there is no password set in the JSS.
|
313
|
+
# @param pw[String] ignored
|
321
314
|
#
|
322
|
-
|
323
|
-
|
324
|
-
|
325
|
-
|
326
|
-
when :rw then @read_write_password_sha256
|
327
|
-
when :ro then @read_only_password_sha256
|
328
|
-
when :http then @http_password_sha256
|
329
|
-
when :ssh then @ssh_password_sha256
|
330
|
-
end # case
|
331
|
-
|
332
|
-
return nil if sha256 == EMPTY_PW_256
|
333
|
-
|
334
|
-
sha256 == Digest::SHA2.new(256).update(pw).to_s
|
315
|
+
# @return [TrueClass] Allow the process calling this to continue.
|
316
|
+
#
|
317
|
+
def check_pw(_user = nil, _pw = nil)
|
318
|
+
true
|
335
319
|
end
|
336
320
|
|
337
321
|
# Check to see if this dist point is reachable for downloads (read-only)
|
@@ -350,7 +334,6 @@ module Jamf
|
|
350
334
|
def reachable_for_download?(pw = '', check_http = true)
|
351
335
|
return :http if check_http && http_reachable?(pw)
|
352
336
|
return :mountable if mounted?
|
353
|
-
return false unless check_pw :ro, pw
|
354
337
|
|
355
338
|
begin
|
356
339
|
mount pw, :ro
|
@@ -371,7 +354,6 @@ module Jamf
|
|
371
354
|
#
|
372
355
|
def reachable_for_upload?(pw)
|
373
356
|
return :mountable if mounted?
|
374
|
-
return false unless check_pw :rw, pw
|
375
357
|
|
376
358
|
begin
|
377
359
|
mount pw, :rw
|
@@ -413,12 +395,6 @@ module Jamf
|
|
413
395
|
pw
|
414
396
|
end
|
415
397
|
|
416
|
-
pwok = check_pw(access, password)
|
417
|
-
unless pwok
|
418
|
-
msg = pwok.nil? ? "No #{access} password set in the JSS" : "Incorrect password for #{access} account"
|
419
|
-
raise Jamf::InvalidDataError, msg
|
420
|
-
end
|
421
|
-
|
422
398
|
username = access == :ro ? @read_only_username : @read_write_username
|
423
399
|
|
424
400
|
safe_pw = CGI.escape password.to_s
|
@@ -481,7 +457,7 @@ module Jamf
|
|
481
457
|
private
|
482
458
|
|
483
459
|
# can the dp be reached for http downloads?
|
484
|
-
def http_reachable?(pw)
|
460
|
+
def http_reachable?(pw = nil)
|
485
461
|
return false unless http_downloads_enabled
|
486
462
|
|
487
463
|
url =
|
@@ -166,7 +166,7 @@ module Jamf
|
|
166
166
|
selected: 'Currently Selected Startup Disk (No Bless)',
|
167
167
|
netboot: 'NetBoot',
|
168
168
|
os_installer: 'inPlaceOSUpgradeDirectory'
|
169
|
-
}.freeze #
|
169
|
+
}.freeze # NOTE: any other value in :specify_startup is a path to some other drive to boot from, e.g. /Volumes/Foo
|
170
170
|
|
171
171
|
ACCOUNT_ACTIONS = {
|
172
172
|
create: 'Create',
|
@@ -200,9 +200,9 @@ module Jamf
|
|
200
200
|
}.freeze
|
201
201
|
|
202
202
|
DISK_ENCRYPTION_ACTIONS = {
|
203
|
-
apply:
|
204
|
-
remediate:
|
205
|
-
none:
|
203
|
+
apply: 'apply',
|
204
|
+
remediate: 'remediate',
|
205
|
+
none: 'none'
|
206
206
|
}
|
207
207
|
|
208
208
|
PRINTER_ACTIONS = {
|
@@ -751,7 +751,7 @@ module Jamf
|
|
751
751
|
@management_account = amaint[:management_account]
|
752
752
|
@accounts = amaint[:accounts]
|
753
753
|
|
754
|
-
@packages = @init_data[:package_configuration][:packages]
|
754
|
+
@packages = @init_data[:package_configuration][:packages] || []
|
755
755
|
|
756
756
|
@scripts = @init_data[:scripts]
|
757
757
|
|
@@ -815,6 +815,7 @@ module Jamf
|
|
815
815
|
#
|
816
816
|
def enabled=(new_val)
|
817
817
|
return if @enabled == new_val
|
818
|
+
|
818
819
|
@enabled = Jamf::Validate.boolean new_val
|
819
820
|
@need_to_update = true
|
820
821
|
end
|
@@ -868,9 +869,7 @@ module Jamf
|
|
868
869
|
|
869
870
|
# if the event is not 'none' and attempts is <= 0,
|
870
871
|
# set events to 1, or the API won't accept it
|
871
|
-
|
872
|
-
@retry_attempts = 1 unless @retry_attempts.positive?
|
873
|
-
end
|
872
|
+
@retry_attempts = 1 if !(evt == RETRY_EVENTS[:none]) && !@retry_attempts.positive?
|
874
873
|
|
875
874
|
@retry_event = evt
|
876
875
|
@need_to_update = true
|
@@ -934,6 +933,7 @@ module Jamf
|
|
934
933
|
#
|
935
934
|
def target_drive=(path_to_drive)
|
936
935
|
raise Jamf::InvalidDataError, 'Path to target drive must be absolute' unless path_to_drive.to_s.start_with? '/'
|
936
|
+
|
937
937
|
@target_drive = path_to_drive.to_s
|
938
938
|
@need_to_update = true
|
939
939
|
end
|
@@ -946,6 +946,7 @@ module Jamf
|
|
946
946
|
#
|
947
947
|
def offline=(new_val)
|
948
948
|
raise Jamf::InvalidDataError, 'New value must be boolean true or false' unless Jamf::TRUE_FALSE.include? new_val
|
949
|
+
|
949
950
|
@offline = new_val
|
950
951
|
@need_to_update = true
|
951
952
|
end
|
@@ -960,6 +961,7 @@ module Jamf
|
|
960
961
|
#
|
961
962
|
def set_trigger_event(type, new_val)
|
962
963
|
raise Jamf::InvalidDataError, "Trigger type must be one of #{TRIGGER_EVENTS.keys.join(', ')}" unless TRIGGER_EVENTS.key?(type)
|
964
|
+
|
963
965
|
if type == :custom
|
964
966
|
raise Jamf::InvalidDataError, 'Custom triggers must be Strings' unless new_val.is_a? String
|
965
967
|
else
|
@@ -977,6 +979,7 @@ module Jamf
|
|
977
979
|
#
|
978
980
|
def server_side_activation=(activation)
|
979
981
|
raise Jamf::InvalidDataError, 'Activation must be a Time' unless activation.is_a? Time
|
982
|
+
|
980
983
|
@server_side_limitations[:activation] = activation
|
981
984
|
@need_to_update = true
|
982
985
|
end
|
@@ -989,6 +992,7 @@ module Jamf
|
|
989
992
|
#
|
990
993
|
def server_side_expiration=(expiration)
|
991
994
|
raise Jamf::InvalidDataError, 'Expiration must be a Time' unless expiration.is_a? Time
|
995
|
+
|
992
996
|
@server_side_limitations[:expiration] = expiration
|
993
997
|
@need_to_update = true
|
994
998
|
end
|
@@ -999,6 +1003,7 @@ module Jamf
|
|
999
1003
|
#
|
1000
1004
|
def verify_startup_disk=(bool)
|
1001
1005
|
return if @verify_startup_disk == bool
|
1006
|
+
|
1002
1007
|
@verify_startup_disk = Jamf::Validate.boolean bool
|
1003
1008
|
@need_to_update = true
|
1004
1009
|
end
|
@@ -1007,6 +1012,7 @@ module Jamf
|
|
1007
1012
|
#
|
1008
1013
|
def permissions_repair=(bool)
|
1009
1014
|
return if @permissions_repair == bool
|
1015
|
+
|
1010
1016
|
@permissions_repair = Jamf::Validate.boolean bool
|
1011
1017
|
@need_to_update = true
|
1012
1018
|
end
|
@@ -1015,6 +1021,7 @@ module Jamf
|
|
1015
1021
|
#
|
1016
1022
|
def recon=(bool)
|
1017
1023
|
return if @recon == bool
|
1024
|
+
|
1018
1025
|
@recon = Jamf::Validate.boolean bool
|
1019
1026
|
@need_to_update = true
|
1020
1027
|
end
|
@@ -1024,6 +1031,7 @@ module Jamf
|
|
1024
1031
|
#
|
1025
1032
|
def fix_byhost=(bool)
|
1026
1033
|
return if @fix_byhost == bool
|
1034
|
+
|
1027
1035
|
@fix_byhost = Jamf::Validate.boolean bool
|
1028
1036
|
@need_to_update = true
|
1029
1037
|
end
|
@@ -1032,6 +1040,7 @@ module Jamf
|
|
1032
1040
|
#
|
1033
1041
|
def reset_name=(bool)
|
1034
1042
|
return if @reset_name == bool
|
1043
|
+
|
1035
1044
|
@reset_name = Jamf::Validate.boolean bool
|
1036
1045
|
@need_to_update = true
|
1037
1046
|
end
|
@@ -1040,6 +1049,7 @@ module Jamf
|
|
1040
1049
|
#
|
1041
1050
|
def flush_system_cache=(bool)
|
1042
1051
|
return if @flush_system_cache == bool
|
1052
|
+
|
1043
1053
|
@flush_system_cache = Jamf::Validate.boolean bool
|
1044
1054
|
@need_to_update = true
|
1045
1055
|
end # see attr_reader :recon
|
@@ -1048,6 +1058,7 @@ module Jamf
|
|
1048
1058
|
#
|
1049
1059
|
def install_cached_pkgs=(bool)
|
1050
1060
|
return if @install_cached_pkgs == bool
|
1061
|
+
|
1051
1062
|
@install_cached_pkgs = Jamf::Validate.boolean bool
|
1052
1063
|
@need_to_update = true
|
1053
1064
|
end
|
@@ -1056,6 +1067,7 @@ module Jamf
|
|
1056
1067
|
#
|
1057
1068
|
def flush_user_cache=(bool)
|
1058
1069
|
return if @flush_user_cache == bool
|
1070
|
+
|
1059
1071
|
@flush_user_cache = Jamf::Validate.boolean bool
|
1060
1072
|
@need_to_update = true
|
1061
1073
|
end
|
@@ -1071,6 +1083,7 @@ module Jamf
|
|
1071
1083
|
#
|
1072
1084
|
def no_user_logged_in=(no_user_option)
|
1073
1085
|
raise Jamf::InvalidDataError, "no_user_logged_in options: #{NO_USER_LOGGED_IN.join(', ')}" unless NO_USER_LOGGED_IN.include? no_user_option
|
1086
|
+
|
1074
1087
|
@reboot_options[:no_user_logged_in] = no_user_option
|
1075
1088
|
@need_to_update = true
|
1076
1089
|
end
|
@@ -1083,6 +1096,7 @@ module Jamf
|
|
1083
1096
|
#
|
1084
1097
|
def user_logged_in=(logged_in_option)
|
1085
1098
|
raise Jamf::InvalidDataError, "user_logged_in options: #{USER_LOGGED_IN.join(', ')}" unless USER_LOGGED_IN.include? logged_in_option
|
1099
|
+
|
1086
1100
|
@reboot_options[:user_logged_in] = logged_in_option
|
1087
1101
|
@need_to_update = true
|
1088
1102
|
end
|
@@ -1095,6 +1109,7 @@ module Jamf
|
|
1095
1109
|
#
|
1096
1110
|
def reboot_message=(message)
|
1097
1111
|
raise Jamf::InvalidDataError, 'Reboot message must be a String' unless message.is_a? String
|
1112
|
+
|
1098
1113
|
@reboot_options[:message] = message
|
1099
1114
|
@need_to_update = true
|
1100
1115
|
end
|
@@ -1107,6 +1122,7 @@ module Jamf
|
|
1107
1122
|
# @return [void] description of returned object
|
1108
1123
|
def user_message_start=(message)
|
1109
1124
|
raise Jamf::InvalidDataError, 'User message must be a String' unless message.is_a? String
|
1125
|
+
|
1110
1126
|
@user_message_start = message
|
1111
1127
|
@need_to_update = true
|
1112
1128
|
end
|
@@ -1118,6 +1134,7 @@ module Jamf
|
|
1118
1134
|
# @return [void] description of returned object
|
1119
1135
|
def user_message_end=(message)
|
1120
1136
|
raise Jamf::InvalidDataError, 'User message must be a String' unless message.is_a? String
|
1137
|
+
|
1121
1138
|
@user_message_finish = message
|
1122
1139
|
@need_to_update = true
|
1123
1140
|
end
|
@@ -1133,6 +1150,7 @@ module Jamf
|
|
1133
1150
|
#
|
1134
1151
|
def startup_disk=(startup_disk_option)
|
1135
1152
|
raise Jamf::InvalidDataError, "#{startup_disk_option} is not a valid Startup Disk" unless startup_disk_option.is_a? String
|
1153
|
+
|
1136
1154
|
@reboot_options[:startup_disk] = 'Specify Local Startup Disk'
|
1137
1155
|
self.specify_startup = startup_disk_option
|
1138
1156
|
@need_to_update = true
|
@@ -1147,6 +1165,7 @@ module Jamf
|
|
1147
1165
|
#
|
1148
1166
|
def specify_startup=(startup_volume)
|
1149
1167
|
raise Jamf::InvalidDataError, "#{startup_volume} is not a valid Startup Disk" unless startup_volume.is_a? String
|
1168
|
+
|
1150
1169
|
@reboot_options[:specify_startup] = startup_volume
|
1151
1170
|
@need_to_update = true
|
1152
1171
|
end
|
@@ -1172,6 +1191,7 @@ module Jamf
|
|
1172
1191
|
#
|
1173
1192
|
def minutes_until_reboot=(minutes)
|
1174
1193
|
raise Jamf::InvalidDataError, 'Minutes until reboot must be an Integer' unless minutes.is_a? Integer
|
1194
|
+
|
1175
1195
|
@reboot_options[:minutes_until_reboot] = minutes
|
1176
1196
|
@need_to_update = true
|
1177
1197
|
end
|
@@ -1185,6 +1205,7 @@ module Jamf
|
|
1185
1205
|
#
|
1186
1206
|
def file_vault_2_reboot=(fv_bool)
|
1187
1207
|
raise Jamf::InvalidDataError, 'FileVault 2 Reboot must be a Boolean' unless fv_bool.jss_boolean?
|
1208
|
+
|
1188
1209
|
@reboot_options[:file_vault_2_reboot] = fv_bool
|
1189
1210
|
@need_to_update = true
|
1190
1211
|
end
|
@@ -1206,6 +1227,7 @@ module Jamf
|
|
1206
1227
|
#
|
1207
1228
|
def run_command=(command)
|
1208
1229
|
raise Jamf::InvalidDataError, 'Command to run must be a String' unless command.is_a? String
|
1230
|
+
|
1209
1231
|
@files_processes[:run_command] = command
|
1210
1232
|
@need_to_update = true
|
1211
1233
|
end
|
@@ -1262,7 +1284,7 @@ module Jamf
|
|
1262
1284
|
#
|
1263
1285
|
def search_by_path
|
1264
1286
|
if @files_processes[:search_by_path].nil?
|
1265
|
-
|
1287
|
+
nil
|
1266
1288
|
else
|
1267
1289
|
Pathname.new @files_processes[:search_by_path]
|
1268
1290
|
end
|
@@ -1289,6 +1311,7 @@ module Jamf
|
|
1289
1311
|
#
|
1290
1312
|
def set_search_by_path(path, delete = false)
|
1291
1313
|
raise Jamf::InvalidDataError, 'Path to search for must be a String or a Pathname' unless path.is_a?(String) || path.is_a?(Pathname)
|
1314
|
+
|
1292
1315
|
@files_processes[:search_by_path] = path.to_s
|
1293
1316
|
@files_processes[:delete_file] = delete ? true : false
|
1294
1317
|
@need_to_update = true
|
@@ -1308,6 +1331,7 @@ module Jamf
|
|
1308
1331
|
#
|
1309
1332
|
def spotlight_search=(term)
|
1310
1333
|
raise Jamf::InvalidDataError, 'Spotlight search term must be a String' unless term.is_a? String
|
1334
|
+
|
1311
1335
|
@files_processes[:spotlight_search] = term
|
1312
1336
|
@need_to_update = true
|
1313
1337
|
end
|
@@ -1326,6 +1350,7 @@ module Jamf
|
|
1326
1350
|
#
|
1327
1351
|
def locate_file=(term)
|
1328
1352
|
raise Jamf::InvalidDataError, 'Term to locate must be a String' unless term.is_a? String
|
1353
|
+
|
1329
1354
|
@files_processes[:locate_file] = term
|
1330
1355
|
@need_to_update = true
|
1331
1356
|
end
|
@@ -1571,7 +1596,6 @@ module Jamf
|
|
1571
1596
|
@directory_bindings
|
1572
1597
|
end
|
1573
1598
|
|
1574
|
-
|
1575
1599
|
# Remove a directory binding from this policy by name or id
|
1576
1600
|
#
|
1577
1601
|
# @param identifier [String,Integer] the name or id of the directory binding to remove
|
@@ -1596,7 +1620,6 @@ module Jamf
|
|
1596
1620
|
@dock_items.map { |p| p[:name] }
|
1597
1621
|
end
|
1598
1622
|
|
1599
|
-
|
1600
1623
|
###### Printers
|
1601
1624
|
|
1602
1625
|
# Add a specific printer object to the policy.
|
@@ -1661,7 +1684,7 @@ module Jamf
|
|
1661
1684
|
|
1662
1685
|
name = Jamf::DockItem.map_all_ids_to(:name, cnx: @cnx)[id]
|
1663
1686
|
|
1664
|
-
@dock_items << {id: id, name: name, action: DOCK_ITEM_ACTIONS[action]}
|
1687
|
+
@dock_items << { id: id, name: name, action: DOCK_ITEM_ACTIONS[action] }
|
1665
1688
|
|
1666
1689
|
@need_to_update = true
|
1667
1690
|
@dock_items
|
@@ -1677,24 +1700,18 @@ module Jamf
|
|
1677
1700
|
|
1678
1701
|
# @return [Array] the id's of the printers handled by the policy
|
1679
1702
|
def printer_ids
|
1680
|
-
|
1681
|
-
|
1682
|
-
|
1683
|
-
return []
|
1684
|
-
end
|
1703
|
+
@printers.map { |p| p[:id] }
|
1704
|
+
rescue TypeError
|
1705
|
+
[]
|
1685
1706
|
end
|
1686
1707
|
|
1687
1708
|
# @return [Array] the names of the printers handled by the policy
|
1688
1709
|
def printer_names
|
1689
|
-
|
1690
|
-
|
1691
|
-
|
1692
|
-
return []
|
1693
|
-
end
|
1710
|
+
@printers.map { |p| p[:name] }
|
1711
|
+
rescue TypeError
|
1712
|
+
[]
|
1694
1713
|
end
|
1695
1714
|
|
1696
|
-
|
1697
|
-
|
1698
1715
|
###### Disk Encryption
|
1699
1716
|
|
1700
1717
|
# Sets the Disk Encryption application to "Remediate" and sets the remediation key type to individual.
|
@@ -1703,12 +1720,12 @@ module Jamf
|
|
1703
1720
|
#
|
1704
1721
|
# @return [Void]
|
1705
1722
|
#
|
1706
|
-
def reissue_key
|
1723
|
+
def reissue_key
|
1707
1724
|
if @disk_encryption[:action] != DISK_ENCRYPTION_ACTIONS[:remediate]
|
1708
1725
|
# Setting New Action
|
1709
1726
|
hash = {
|
1710
1727
|
action: DISK_ENCRYPTION_ACTIONS[:remediate],
|
1711
|
-
remediate_key_type:
|
1728
|
+
remediate_key_type: 'Individual'
|
1712
1729
|
}
|
1713
1730
|
|
1714
1731
|
@disk_encryption = hash
|
@@ -1716,12 +1733,10 @@ module Jamf
|
|
1716
1733
|
|
1717
1734
|
else
|
1718
1735
|
# Update
|
1719
|
-
|
1736
|
+
nil
|
1720
1737
|
end
|
1721
|
-
|
1722
1738
|
end
|
1723
1739
|
|
1724
|
-
|
1725
1740
|
# Sets the Disk Encryption application to "Apply" and sets the correct disk encryption configuration ID using either the name or id.
|
1726
1741
|
#
|
1727
1742
|
# @author Tyler Morgan
|
@@ -1729,7 +1744,6 @@ module Jamf
|
|
1729
1744
|
# @return [Void]
|
1730
1745
|
#
|
1731
1746
|
def apply_encryption_configuration(identifier)
|
1732
|
-
|
1733
1747
|
id = Jamf::DiskEncryptionConfiguration.valid_id identifier
|
1734
1748
|
|
1735
1749
|
return if id.nil?
|
@@ -1744,14 +1758,13 @@ module Jamf
|
|
1744
1758
|
@need_to_update = true
|
1745
1759
|
end
|
1746
1760
|
|
1747
|
-
|
1748
1761
|
# Removes the Disk Encryption settings associated with this specific policy.
|
1749
1762
|
#
|
1750
1763
|
# @author Tyler Morgan
|
1751
1764
|
#
|
1752
1765
|
# @return [Void]
|
1753
1766
|
#
|
1754
|
-
def remove_encryption_configuration
|
1767
|
+
def remove_encryption_configuration
|
1755
1768
|
hash = {
|
1756
1769
|
action: DISK_ENCRYPTION_ACTIONS[:none]
|
1757
1770
|
}
|
@@ -1774,16 +1787,16 @@ module Jamf
|
|
1774
1787
|
|
1775
1788
|
management_data = {}
|
1776
1789
|
|
1777
|
-
if
|
1778
|
-
raise Jamf::MissingDataError,
|
1790
|
+
if %i[change_pw reset_pw].include?(action)
|
1791
|
+
raise Jamf::MissingDataError, ':password must be provided when changing management account password' if opts[:password].nil?
|
1779
1792
|
|
1780
1793
|
management_data = {
|
1781
1794
|
action: MGMT_ACCOUNT_ACTIONS[action],
|
1782
1795
|
managed_password: opts[:password]
|
1783
1796
|
}
|
1784
|
-
elsif
|
1785
|
-
raise Jamf::MissingDataError,
|
1786
|
-
raise Jamf::InvalidDataError,
|
1797
|
+
elsif %i[reset_random generate_pw].include?(action)
|
1798
|
+
raise Jamf::MissingDataError, ':password_length must be provided when setting a random password' if opts[:password_length].nil?
|
1799
|
+
raise Jamf::InvalidDataError, ':password_length must be an Integer' unless opts[:password_length].is_a? Integer
|
1787
1800
|
|
1788
1801
|
management_data = {
|
1789
1802
|
action: MGMT_ACCOUNT_ACTIONS[action],
|
@@ -1800,21 +1813,23 @@ module Jamf
|
|
1800
1813
|
@need_to_update = true
|
1801
1814
|
|
1802
1815
|
@management_account
|
1803
|
-
|
1804
1816
|
end
|
1805
1817
|
|
1806
|
-
#
|
1818
|
+
# @deprecated The API no longer sends SHA256 hashed password data, and instead
|
1819
|
+
# only has a string of asterisks, meaning we can no longer use it to validate
|
1820
|
+
# passwords before attempting to use them. Instead, the processes that use
|
1821
|
+
# the password will fail on their own if the pw is not valid.
|
1807
1822
|
#
|
1808
|
-
#
|
1823
|
+
# This method remains defined for backward-compatibility with any existing
|
1824
|
+
# code that calls it. but it will always return true. Itwill be removed in
|
1825
|
+
# a future version
|
1809
1826
|
#
|
1810
|
-
# @
|
1827
|
+
# @param password[String] ignored
|
1811
1828
|
#
|
1812
|
-
|
1813
|
-
|
1814
|
-
|
1815
|
-
|
1816
|
-
|
1817
|
-
return Digest::SHA256.hexdigest(password).to_s == @management_account[:managed_password_sha256].to_s
|
1829
|
+
# @return [TrueClass] Allow the process calling this to continue.
|
1830
|
+
#
|
1831
|
+
def verify_management_password(_password = nil)
|
1832
|
+
true
|
1818
1833
|
end
|
1819
1834
|
|
1820
1835
|
###### Actions
|
@@ -1829,8 +1844,10 @@ module Jamf
|
|
1829
1844
|
#
|
1830
1845
|
def run(show_output = false)
|
1831
1846
|
return nil unless enabled?
|
1847
|
+
|
1832
1848
|
output = Jamf::Client.run_jamf('policy', "-id #{id}", show_output)
|
1833
1849
|
return nil if output.include? 'No policies were found for the ID'
|
1850
|
+
|
1834
1851
|
$CHILD_STATUS.exitstatus.zero? ? true : false
|
1835
1852
|
end
|
1836
1853
|
alias execute run
|
@@ -1944,6 +1961,7 @@ module Jamf
|
|
1944
1961
|
|
1945
1962
|
id = Jamf::Script.valid_id identifier, cnx: @cnx
|
1946
1963
|
raise Jamf::NoSuchItemError, "No script matches '#{identifier}'" unless id
|
1964
|
+
|
1947
1965
|
id
|
1948
1966
|
end
|
1949
1967
|
|
@@ -1963,12 +1981,13 @@ module Jamf
|
|
1963
1981
|
else Jamf::Validate.integer(opts[:position])
|
1964
1982
|
end
|
1965
1983
|
|
1966
|
-
|
1967
|
-
|
1984
|
+
# if the given position is past the end, set it to -1 (the end)
|
1985
|
+
opts[:position] = -1 if opts[:position] > @directory_bindings.size
|
1986
|
+
|
1987
|
+
id = Jamf::DirectoryBinding.valid_id identifier, cnx: @cnx
|
1988
|
+
raise Jamf::NoSuchItemError, "No directory binding matches '#{identifier}'" unless id
|
1968
1989
|
|
1969
|
-
|
1970
|
-
raise Jamf::NoSuchItemError, "No directory binding matches '#{identifier}'" unless id
|
1971
|
-
id
|
1990
|
+
id
|
1972
1991
|
end
|
1973
1992
|
|
1974
1993
|
# Raises an error if the printer being added isn't valid, additionally checks the options and sets defaults where possible.
|
@@ -1994,14 +2013,17 @@ module Jamf
|
|
1994
2013
|
raise Jamf::MissingDataError, "action must be provided, must be one of :#{PRINTER_ACTIONS.keys.join(':,')}." if opts[:action].nil?
|
1995
2014
|
raise Jamf::InvalidDataError, "action must be one of :#{PRINTER_ACTIONS.keys.join(',:')}." unless PRINTER_ACTIONS.keys.include? opts[:action]
|
1996
2015
|
|
1997
|
-
|
1998
2016
|
# Checks if the make_default option is valid, and sets the default if needed.
|
1999
|
-
|
2017
|
+
unless opts[:make_default].is_a?(TrueClass) || opts[:make_default].is_a?(FalseClass) || opts[:make_default].nil?
|
2018
|
+
raise Jamf::InvalidDataError,
|
2019
|
+
'make_default must be either true or false.'
|
2020
|
+
end
|
2000
2021
|
|
2001
2022
|
opts[:make_default] = false if opts[:make_default].nil?
|
2002
2023
|
|
2003
2024
|
id = Jamf::Printer.valid_id identifier, cnx: @cnx
|
2004
2025
|
raise Jamf::NoSuchItemError, "No printer matches '#{identifier}'" unless id
|
2026
|
+
|
2005
2027
|
id
|
2006
2028
|
end
|
2007
2029
|
|
@@ -2081,7 +2103,7 @@ module Jamf
|
|
2081
2103
|
|
2082
2104
|
disk_encryption = obj.add_element 'disk_encryption'
|
2083
2105
|
|
2084
|
-
@disk_encryption.each do |k,v|
|
2106
|
+
@disk_encryption.each do |k, v|
|
2085
2107
|
disk_encryption.add_element(k.to_s).text = v.to_s
|
2086
2108
|
end
|
2087
2109
|
|
data/lib/jamf/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ruby-jss
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.1.
|
4
|
+
version: 2.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Chris Lasell
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2022-
|
13
|
+
date: 2022-11-09 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: CFPropertyList
|