xolo-admin 1.0.1 → 2.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cbba7b8d84c902f3a3683808708db421ec8a3a1759aaee8e349da02a54b3c45e
-  data.tar.gz: 741dcbf5fc8c4df15c2043ea28d467093e56dc56747956b109f994e177e2cce0
+  metadata.gz: 78c42e6fb9e17f593f77705e340642273e4f83d70234a809fdef98101555cbe0
+  data.tar.gz: 54286e2ebccf3dbb76e28d9916da8b593792ccd1691aaebc0ff31f5313d4a6b4
 SHA512:
-  metadata.gz: e1617d119ebb27e0785a7ebe1201f2fc96244834c5145ae4a9a810a33a951a4f30c6dc2593d60283b489f6f4d2f2110c81454e383033e25f2001d24aeeb9a2a6
-  data.tar.gz: 381ac12e8bcee2955b22b1610b661b63764fc04f5b123a2ae85d468add291f2831b1c1a8cbc1282df0b81c8238a204849b909f2ac4fd2ed9bb54f7db1f439926
+  metadata.gz: e43eb8c13033590db47a1b3a8a51480956ee606f5f59a2f857ae38f9e382abb1a4b29f9213c8df4131ca53937553ad09ecea7262df7f3b1a5cbd96b16ab8d0b8
+  data.tar.gz: 9ad24a86d2248d8767aa9c088129071f6d3fdc2aebff88c544584eefa2e1f274e1488dffc601c463727d2131694f33ab8f7a87da12bfb998cea26a0069b93954

data/bin/xadm

@@ -19,8 +19,11 @@ class XoloAdmin
   #####################################
 
   include Xolo::Admin
+
   include Xolo::Core::JSONWrappers
   include Xolo::Core::Output
+  include Xolo::Core::SecurityCmd
+
   include Xolo::Admin::CommandLine
   include Xolo::Admin::Connection
   include Xolo::Admin::Processing

data/data/client/xolo

@@ -14,9 +14,12 @@
 zmodload zsh/zutil
 
 # for perl-style regexps
-# DISABLED FOR NOW - some versions of macos don't seem to have
-# /usr/lib/zsh/5.9/zsh/pcre.so
-# All our regexps now use posix style
+#
+# DISABLED FOR NOW - macOS before 15 Sequoia doesn't have the pcre module,
+# and we want to support 14 Sonoma for now.
+# The file required is /usr/lib/zsh/5.9/zsh/pcre.so
+#
+# Until then, all our regexps now use posix style
 #
 # setopt RE_MATCH_PCRE
 
@@ -37,10 +40,10 @@ export LC_ALL="en_US.UTF-8"
 XOLO_VERSION="0.0.0"
 
 # The usage message for xolo
-USAGE='xolo [options] <command> [<title> [<version>]]'
+USAGE='xolo [options] <command> [ title1[=version1] [ title2[=version2] ... ]]'
 
 # The URL for more information about xolo
-XOLO_DOX_URL='<URL TO BE DETERMINED>'
+XOLO_DOX_URL='https://pixaranimationstudios.github.io/xolo-home/'
 
 # The long path to the lsregister command
 LSREG='/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/Support/lsregister'
@@ -54,6 +57,25 @@ CLIENT_DATA_JSON_FILE="/Library/Application Support/xolo/client-data.json"
 # The jamf policy trigger to update the client data
 UPDATE_CLIENT_DATA_TRIGGER='update-xolo-client-data'
 
+# In the CLI args, titles and versions are separated by the first
+# occurrence of the equals sign
+TITLE_VERSION_SEPARATOR='='
+
+
+# These commands must be run as root
+ROOT_COMMANDS=(
+  install
+  i
+  uninstall
+  u
+  update
+  U
+  refresh
+  r
+  expire
+  e
+)
+
 # GLOBAL VARIABLES
 ###############################
 ###############################
@@ -63,13 +85,13 @@ UPDATE_CLIENT_DATA_TRIGGER='update-xolo-client-data'
 # options
 show_help=
 be_verbose=
-be_quiet=
 debugging_on=
 no_versions=
 show_xolo_version=
 
 # arguments
 command=
+targets=
 title=
 version=
 
@@ -92,10 +114,18 @@ function die() {
   local mystat=1
 
   [[ -n "$2" ]] && mystat=$2
-  echoerr "$msg"
+  echoerr "ERROR: $msg"
   exit $mystat
 }
 
+# Die if not root and the command being run is in the list of root commands
+#################################
+function must_be_root() {
+  if (( $ROOT_COMMANDS[(Ie)$command] )); then
+    [[ $EUID -ne 0 ]] && die "You must be root to use the '$command' command."
+  fi
+  return 0
+}
 
 # Show the help message
 ###############################
@@ -109,8 +139,8 @@ Usage:
 Options:
   -h, -H, --help:    Show this help message.
   -v, --verbose:     Enable verbose mode, extra information will be printed.
-  -q, --quiet:       Enable quiet mode, only errors will be printed to stderr.
   -d, --debug:       Enable debug mode, extra debug information will be printed.
+                     Implies --verbose.
   -r, --recon:       With 'install' or 'uninstall' run a 'jamf recon' after the
                      operation completes successfully.
   -n, --no-versions: With the 'list-titles' and 'list-installed' commands,
@@ -118,15 +148,12 @@ Options:
                      installed, respectively.
   -V, --version:     Show the version of xolo.
 
-  NOTE: Debug mode will also enable verbose mode. Both debug and verbose modes
-  override quiet mode.
-
 Commands:
-  install, i <title> [<version>]
+  install, i <title>[=<version>] [<title2>[=<version2>] ...]
     Install a title, or specific version thereof (e.g. a version currently in pilot)
     If no version is specified, the currently released version will be installed.
 
-  uninstall, u <title>
+  uninstall, u <title> [<title2> ...]
     Uninstall a title, if possible. Not all titles are uninstallable via xolo.
 
   update, U
@@ -150,8 +177,10 @@ Commands:
     a few moments, since all titles with version scripts will run those scripts
     to see if they are installed.
 
-  details, d <title> [<version>]
-    Show detailed information about a title, or a specific version thereof.
+  details, d <title>[=<version>] [<title2>[=<version2>] ...]
+    Show detailed information about titles, or a specific versions thereof.
+    Note that titles and versions contain different sets of information, so the output
+    will differ depending on what you specify.
 
   expire, e
     Expire the given title if it has not been used in its defined expiration period.
@@ -161,6 +190,26 @@ Commands:
   help, h
     Show this help message. The same as -h or --help.
 
+Examples:
+  xolo install transmogrifier
+    Installs the currently released version of the title "transmogrifier".
+
+  xolo install laserbeam transmogrifier=2.0
+    Installs the currently released version of the title "laserbeam" and version 2.0 of
+    the title "transmogrifier", if it is in pilot or already released.
+
+  xolo uninstall transmogrifier laserbeam
+    Uninstalls the titles "transmogrifier" and "laserbeam, if they are uninstallable via
+    xolo and currently installed. Note that versions are ignored for uninstalling, since
+    only one version of a title can be installed at a time.
+
+  xolo list-titles
+    Lists all titles known to xolo, with their versions and statuses.
+
+  xolo details laserbeam transmogrifier=2.0
+    Shows detailed information about the title "laserbeam" and version 2.0 of the title
+    "transmogrifier".
+
   For more information about xolo, see $XOLO_DOX_URL
 ENDHELP
 } # end show_help
@@ -171,7 +220,6 @@ function parse_cli() {
   zparseopts -D -F -E -- \
     {h,H,-help}=show_help \
     {v,-verbose}=be_verbose \
-    {q,-quiet}=be_quiet \
     {d,-debug}=debugging_on \
     {n,-no-versions}=no_versions \
     {r,-recon}=do_recon \
@@ -181,7 +229,6 @@ function parse_cli() {
   # they are in arrays, but we want regular vars
   show_help=$show_help[-1]
   be_verbose=$be_verbose[-1]
-  be_quiet=$be_quiet[-1]
   debugging_on=$debugging_on[-1]
   no_versions=$no_versions[-1]
   do_recon=$do_recon[-1]
@@ -190,37 +237,43 @@ function parse_cli() {
   # if debugging is on, verbose is also on
   [[ -n $debugging_on ]] && be_verbose=1
 
-  # if we're in verbose mode, we're not in quiet mode
-  [[ -n $be_verbose ]] && unset be_quiet
-
   command=$1
   [[ ${#@} -gt 0 ]] && shift
 
-  title=$1
-  [[ ${#@} -gt 0 ]] && shift
-
-  version=$1
-
-  # echo "show_help is: $show_help"
-  # echo "be_verbose is: $be_verbose"
-  # echo "be_quiet is: $be_quiet"
-  # echo "debugging_on is: $debugging_on"
-  # echo "command is: $command"
-  # echo "title is: $title"
-  # echo "version is: $version"
-
+  targets=("${(@)@}")
 
   debug "Parsed command line:"
   debug "..show_help is: $show_help"
   debug "..be_verbose is: $be_verbose"
-  debug "..be_quiet is: $be_quiet"
   debug "..debugging_on is: $debugging_on"
   debug "..no_versions is: $no_versions"
   debug "..show_xolo_version is: $show_xolo_version"
 
   debug "..command is: $command"
-  debug "..title is: $title"
-  debug "..version is: $version"
+  debug "..targets are: $targets"
+}
+
+# Parse a title and version from the command line, where they may be given in the form
+# title or title=version
+#################################
+function parse_title_and_version() {
+  local arg=$1
+  debug "Parsing title and version from arg: '$arg'"
+
+  if [[ "$arg" == *"$TITLE_VERSION_SEPARATOR"* ]] ; then
+    # everything before the first = is title
+    title=${arg%%$TITLE_VERSION_SEPARATOR*}
+    # everything after the first = is version
+    version=${arg#*$TITLE_VERSION_SEPARATOR}
+  else
+    title="$arg"
+    version=''
+  fi
+
+  debug "..title is: '$title'"
+  debug "..version is: '$version'"
+
+  return 0
 }
 
 # quick test for debugging_on
@@ -235,16 +288,10 @@ function be_verbose() {
   [[ -n "$be_verbose" ]]
 }
 
-# quick test for be_quiet
-###############################
-function be_quiet() {
-  [[ -n "$be_quiet" ]]
-}
-
-# Print a message to stout if we're not in quiet mode
+# Print a message to stout
 ###############################
 function say() {
-  be_quiet || echo "$*"
+  echo "$*"
 }
 
 # Print a message to stdout if we're in verbose or debug mode
@@ -366,7 +413,7 @@ function all_xolo_titles() {
   read -r -d '' jscode <<ENDJAVASCRIPT
     result = Object.keys(parsed_data.titles).join('\n');
 ENDJAVASCRIPT
-  extract_json_data "$jscode"
+  extract_json_data "$jscode" | sort
 }
 
 # Outputs all known titles, one per line, with versions and statuses
@@ -399,7 +446,7 @@ function all_xolo_titles_with_versions() {
     result = result.slice(0, -1);
 
 ENDJAVASCRIPT
-  extract_json_data "$jscode"
+  extract_json_data "$jscode"  | sort
 }
 
 
@@ -680,39 +727,24 @@ ENDJAVASCRIPT
 # Run a Jamf policy trigger
 # $1 = the policy trigger to run
 # $2 = any extra options to pass to the jamf command
-# be_verbose() and be_quiet() will automatically be honored
+# be_verbose() will automatically be honored
 #######################################
 function run_jamf_policy_trigger() {
   local policy_trigger=$1
   local jamf_options=$2
   local jamf_verbose=''
-  local jamf_quiet=''
   local cmd
 
-  # debug means verbose
-  if be_verbose ; then
-    jamf_verbose='-verbose'
-  else
-    # if told to be quiet, do so
-    if be_quiet ; then
-      jamf_quiet=1
-
-    # but if we're refreshing client data as part of
-    # another command, always be quiet.
-    elif [[ $policy_trigger == $UPDATE_CLIENT_DATA_TRIGGER && "$command" != 'refresh' ]] ; then
-      jamf_quiet=1
-    fi
-  fi
-
+  be_verbose && jamf_verbose='-verbose'
 
   cmd="$JAMF policy -trigger $policy_trigger $jamf_options $jamf_verbose"
+  tempfile=$(mktemp /tmp/xolo-policy.XXXXXXXX)
+
   debug "Running jamf policy command: $cmd"
+  eval "$cmd" | tee "$tempfile"
 
-  if [[ -n $jamf_quiet ]] ; then
-    policy_output=$( eval "$cmd" )
-  else
-    policy_output=$( eval "$cmd" | tee /dev/tty )
-  fi
+  policy_output=$(<"$tempfile")
+  rm -f "$tempfile"
 
   [[ $policy_output =~ 'Submitting log to https://' ]] && return 0
 
@@ -723,6 +755,7 @@ function run_jamf_policy_trigger() {
 # Refresh the client data
 ###############################
 function refresh_client_data() {
+
   # if we've already refreshed during this run, we're done
   [[ -n "$client_data_refreshed" ]] && return
 
@@ -744,8 +777,9 @@ function validate_title() {
   # die if no title given
   [[ -z "$title" ]] && die "No title given.\nUsage: $USAGE\nUse --help for more information."
 
-  # make sure the JSON data file is up to date
-  refresh_client_data
+  # make sure the JSON data file is up to date, if we are root
+
+  [[ $EUID -eq 0 ]] && refresh_client_data
 
   # die if no such title
   # all titles in an array
@@ -776,9 +810,21 @@ function validate_version() {
   version_is_valid=1
 }
 
+# Install all the items on the command line, which may be titles or specific versions of titles
+#################################
+function install_cli_args() {
+  debug "Installing Targets: $targets"
+  for item in $targets ; do
+    parse_title_and_version "$item"
+    install
+  done
+}
+
+
 # Install a title, or a specific version thereof
 ###############################
 function install() {
+
   validate_title
 
   # if no version is given, we'll find the current release
@@ -814,12 +860,25 @@ function install() {
   fi
 }
 
+# uninstall CLI args, which are just titles since versions don't matter for uninstalling
+##############################
+function uninstall_cli_args() {
+  debug "Uninstalling Targets: $targets"
+  for item in $targets ; do
+    parse_title_and_version "$item"
+    uninstall
+  done
+}
+
 # Unnstall a title
 # This might not do anything if the title is not uninstallable,
 # or if the title is not installed
 ###############################
 function uninstall() {
   validate_title
+
+  details_for_title $title | grep -q 'Uninstallable: true' || die "Title $title is not uninstallable via xolo"
+
   say "Uninstalling title $title..."
 
   if run_jamf_policy_trigger "xolo-${title}-uninstall" ; then
@@ -843,8 +902,6 @@ function run_recon() {
   say 'Running jamf recon...'
   if be_verbose ; then
     $JAMF recon -verbose
-  elif be_quiet ; then
-    $JAMF recon &> /dev/null
   else
     $JAMF recon
   fi
@@ -861,8 +918,6 @@ function update() {
   debug "Running jamf policy..."
     if be_verbose ; then
     $JAMF policy -verbose
-  elif be_quiet ; then
-    $JAMF policy &> /dev/null
   else
     $JAMF policy
   fi
@@ -881,9 +936,20 @@ function list_all_titles() {
   all_xolo_titles_with_versions
 }
 
+# Show detailed information about all titles, or specific versions thereof, given on the command line
+########################
+function show_details_cli_args() {
+  debug "Showing details for targets: $targets"
+  for item in $targets; do
+    parse_title_and_version "$item"
+    show_details
+  done
+}
+
 # Show detailed information about a title or a version thereof
 ###############################
 function show_details() {
+  debug "Showing details for title '$title' and version '$version'..."
   validate_title
 
   if [[ -z "$version" ]] ; then
@@ -901,7 +967,7 @@ function list_installed_titles() {
   local app_data
 
 
-  verbose "Listing installed titles..."
+  verbose "Locating installed titles..."
 
   # populate the installed_apps associative array
   get_installed_apps
@@ -916,6 +982,7 @@ function list_installed_titles() {
       display_title_if_installed_by_version_script $ttl
     fi
   done <<<"$(all_xolo_titles)"
+  return 0
 }
 
 # given a title and some app data (name, bundle id)
@@ -1081,6 +1148,9 @@ function expire() {
   uninstall
 }
 
+
+
+
 # MAIN
 ###############################
 ###############################
@@ -1109,14 +1179,17 @@ function main() {
 
   [[ -z "$command" ]] && die "No command given.\nUsage: $USAGE\nUse --help for more information."
 
+  # confirm we are root for those commands that need it
+  must_be_root
+
   case "$command" in
     install|i)
       debug "processing command 'install'"
-      install
+      install_cli_args
       ;;
     uninstall|u)
       debug "processing command 'uninstall'"
-      uninstall
+      uninstall_cli_args
       ;;
     update|U)
       debug "processing command 'update'"
@@ -1138,7 +1211,7 @@ function main() {
       ;;
     details|d)
       debug "processing command 'details'"
-      show_details
+      show_details_cli_args
       ;;
     expire|e)
       debug "processing command 'expire'"
@@ -1157,4 +1230,4 @@ function main() {
 
 # RUN!
 ###########################
-main "$@"
+main "$@"

data/lib/xolo/admin/command_line.rb

@@ -333,7 +333,7 @@ module Xolo
         vers_cmd = version_command?
         title_or_vers_command = title_or_version_command?
         add_command = add_command?
-        edit_command?
+        edit_command = edit_command?
         arg_banner = Xolo::Admin::Options::COMMANDS.dig(cmd, :arg_banner)
         arg_banner ||= Xolo::Admin::Options::DFT_CMD_TITLE_ARG_BANNER
 
@@ -370,12 +370,25 @@ module Xolo
             cmd_opts.each do |opt_key, deets|
               next unless deets[:cli]
 
+              desc = deets[:desc]
+
               # Required opts are only required when adding.
               # when editing, they should already exist
-              required = deets[:required] && add_command
-
-              desc = deets[:desc]
-              desc = "#{desc}REQUIRED" if required
+              if add_command
+                if deets[:edit_only]
+                  next
+                elsif deets[:required]
+                  desc = "#{desc}REQUIRED"
+                  required = true
+                elsif deets[:title_type]
+                  desc = "#{desc}Only used with #{deets[:title_type]} titles."
+                  required = deets[:required]
+                else
+                  required = false
+                end
+              end
+
+              next if edit_command && deets[:add_only]
 
               # booleans are CLI flags defaulting to false
               # everything else is a string that we will convert as we validate later

data/lib/xolo/admin/connection.rb

@@ -20,6 +20,7 @@ module Xolo
       ##############################
 
       TIMEOUT = 300
+      UPLOAD_TIMEOUT = 1800
       OPEN_TIMEOUT = 10
 
       PING_ROUTE = '/ping'
@@ -76,7 +77,8 @@ module Xolo
           raise Xolo::ServerError, "#{resp.status}: #{resp.body}"
         end
       rescue Faraday::UnauthorizedError
-        raise Xolo::AuthenticationError, 'Invalid username or password'
+        msg = "Invalid username or password. If you recently changed your Jamf Pro password, please update it using 'xadm config'."
+        raise Xolo::AuthenticationError, msg
       end
 
       # @return [Hash] the SSL options for Faraday connections
@@ -180,7 +182,7 @@ module Xolo
         return @upload_cnx if @upload_cnx
 
         @upload_cnx = Faraday.new(server_url(host: host), ssl: ssl_opts) do |cnx|
-          cnx.options[:timeout] = TIMEOUT
+          cnx.options[:timeout] = UPLOAD_TIMEOUT
           cnx.options[:open_timeout] = OPEN_TIMEOUT
 
           cnx.request :multipart