Repository: twocanoes/xcreds Branch: main Commit: 54128064456f Files: 255 Total size: 2.7 MB Directory structure: gitextract_72nmjfe6/ ├── .gitignore ├── .gitmodules ├── ADLDAPPing.swift ├── BUILD.md ├── CHANGELOG.md ├── Cartfile ├── Cartfile.resolved ├── DNSResolver.m ├── DefaultsOverride.swift ├── Extensions.swift ├── FileVaultLogin/ │ ├── AppDelegate.swift │ ├── Assets.xcassets/ │ │ ├── AccentColor.colorset/ │ │ │ └── Contents.json │ │ ├── AppIcon.appiconset/ │ │ │ └── Contents.json │ │ └── Contents.json │ ├── Base.lproj/ │ │ └── MainMenu.xib │ └── FileVaultLogin.entitlements ├── FilevaultLoginHelper/ │ ├── CodesignCheck.swift │ └── main.swift ├── GoogleLDAP.swift ├── History.md ├── Javascript/ │ └── get_pw/ │ ├── get_pw.html │ └── get_pw.js ├── KerbUtil.h ├── KerbUtil.m ├── KlistUtil.swift ├── LICENSE ├── Logger.swift ├── NoMADSession.swift ├── NomadLogin/ │ ├── DS+AD.swift │ ├── DSQueryable.swift │ ├── LocalCheckAndMigrate.swift │ └── SystemInfoHelper.swift ├── Profile Manifest/ │ ├── README.md │ ├── build.py │ ├── com.twocanoes.xcreds.plist │ └── jamf/ │ └── com.twocanoes.xcreds.json ├── README-Resources.md ├── README.md ├── Sample Profile/ │ ├── Auth0OIDC.mobileconfig │ ├── xcreds-AD Only Just Domain.mobileconfig │ ├── xcreds-AD Only backgtround.mobileconfig │ ├── xcreds-AD Only copy.mobileconfig │ ├── xcreds-AD Only.mobileconfig │ ├── xcreds-AD Only_admin_group.mobileconfig │ ├── xcreds-AD Onlysubdomain.mobileconfig │ ├── xcreds-AD Onlysubdomain_upn_mappings.mobileconfig │ ├── xcreds-AD With Menu and Shares.mobileconfig │ ├── xcreds-AD With Menu.mobileconfig │ ├── xcreds_example_azure.mobileconfig │ ├── xcreds_example_azure_allow_fred.mobileconfig │ ├── xcreds_example_azure_background.mobileconfig │ ├── xcreds_example_azure_hide.mobileconfig │ ├── xcreds_example_azure_loadPageTitle_loadPageInfo.mobileconfig │ ├── xcreds_example_azure_ropg.mobileconfig │ ├── xcreds_example_azure_skip_fv.mobileconfig │ ├── xcreds_example_azure_with_AD.mobileconfig │ ├── xcreds_example_change_app_settings.mobileconfig │ ├── xcreds_example_google.mobileconfig │ ├── xcreds_example_okta.mobileconfig │ ├── xcreds_example_okta_ropg.mobileconfig │ ├── xcreds_example_okta_ropg_menu_item.mobileconfig │ └── xcreds_profile_rfid.configprofile ├── SessionManager.swift ├── ShareMounter.swift ├── ShareMounterMenu.swift ├── Shared/ │ ├── AuthRightsHelper.swift │ ├── ManagedPreferences.swift │ ├── Tokens.swift │ └── XCredsAudit.swift ├── SiteManager.swift ├── StateFileHelper.swift ├── StatusMenuWindowController.swift ├── StatusMenuWindowController.xib ├── TCSTKSmartCard.h ├── TCSTKSmartCard.m ├── TCTaskHelper.h ├── UserRecord.swift ├── XCreds/ │ ├── AboutWindow.xib │ ├── AboutWindowController.swift │ ├── AppDelegate.swift │ ├── Assets.xcassets/ │ │ ├── AccentColor.colorset/ │ │ │ └── Contents.json │ │ ├── AppIcon.appiconset/ │ │ │ └── Contents.json │ │ ├── Contents.json │ │ ├── refresh symbol.imageset/ │ │ │ └── Contents.json │ │ ├── wifi.imageset/ │ │ │ └── Contents.json │ │ ├── xcreds menu icon check.imageset/ │ │ │ └── Contents.json │ │ └── xcreds menu icon.imageset/ │ │ └── Contents.json │ ├── Base.lproj/ │ │ └── MainMenu.xib │ ├── Credits.txt │ ├── DefaultsHelper.swift │ ├── DesktopLoginWindowController.swift │ ├── DesktopLoginWindowController.xib │ ├── FileVaultLogin.swift │ ├── HelperToolManager.swift │ ├── Info.plist │ ├── KeychainUtil.swift │ ├── LicenseChecker.swift │ ├── LoggerHelper.swift │ ├── LoginWebViewController.xib │ ├── MainController.swift │ ├── MainLoginWindowController.swift │ ├── NotifyManager.swift │ ├── PasswordUtils.swift │ ├── PrefKeys.swift │ ├── PreferencesWindow.xib │ ├── PreferencesWindowController.swift │ ├── ScheduleManager.swift │ ├── SecurityPrivateAPI.h │ ├── SelectLocalAccountWindowController.swift │ ├── SelectLocalAccountWindowController.xib │ ├── StatusMenuController.swift │ ├── TCSLoginWindowUtilities.h │ ├── TCSLoginWindowUtilities.m │ ├── TokenManager.swift │ ├── UpdatePasswordWindowController.swift │ ├── UpdatePasswordWindowController.xib │ ├── VerifyLocalPasswordWindowController.swift │ ├── VerifyLocalPasswordWindowController.xib │ ├── VerifyOIDCPassword.xib │ ├── VerifyOIDCPasswordWindowController.swift │ ├── View+Shake.swift │ ├── WebViewController.swift │ ├── Window+ForceToFront.swift │ ├── Window+Shake.swift │ ├── XCreds-Bridging-Header.h │ ├── XCredsLoginPlugin-Bridging-Header.h │ ├── XCredsMechanismProtocol.swift │ ├── defaults.plist │ ├── tap-Bridging-Header.h │ └── xCreds.entitlements ├── XCreds AutoFill/ │ ├── AppDelegate.swift │ ├── Base.lproj/ │ │ └── Main.storyboard │ ├── ViewController.swift │ └── XCreds_AutoFill.entitlements ├── XCreds AutoFill Extension/ │ ├── Base.lproj/ │ │ └── CredentialProviderViewController.xib │ ├── CredentialProviderViewController.swift │ ├── Info.plist │ └── XCreds_AutoFill_Extension.entitlements ├── XCreds Login Overlay/ │ ├── AppDelegate.swift │ ├── Assets.xcassets/ │ │ ├── AccentColor.colorset/ │ │ │ └── Contents.json │ │ ├── AppIcon.appiconset/ │ │ │ └── Contents.json │ │ └── Contents.json │ ├── Base.lproj/ │ │ └── MainMenu.xib │ ├── TCSXCredsLoginOverlayWindow.swift │ ├── XCreds_Login_Overlay.entitlements │ └── com.twocanoes.xcreds-overlay.plist ├── XCreds-Login-Overlay-Info.plist ├── XCreds.xcodeproj/ │ ├── project.pbxproj │ ├── project.xcworkspace/ │ │ ├── contents.xcworkspacedata │ │ ├── xcshareddata/ │ │ │ ├── IDEWorkspaceChecks.plist │ │ │ ├── WorkspaceSettings.xcsettings │ │ │ └── swiftpm/ │ │ │ └── Package.resolved │ │ └── xcuserdata/ │ │ └── tperfitt.xcuserdatad/ │ │ ├── Bookmarks/ │ │ │ └── bookmarks.plist │ │ ├── IDEFindNavigatorScopes.plist │ │ └── WorkspaceSettings.xcsettings │ ├── project_BACKUP_63385.pbxproj │ ├── project_BASE_63385.pbxproj │ ├── project_LOCAL_63385.pbxproj │ ├── project_REMOTE_63385.pbxproj │ ├── xcshareddata/ │ │ └── xcschemes/ │ │ ├── Send To Test.xcscheme │ │ ├── XCreds Login Autofill.xcscheme │ │ ├── XCreds Login Overlay.xcscheme │ │ ├── XCreds Login Password.xcscheme │ │ ├── XCreds.xcscheme │ │ ├── XCredsLoginPlugin.xcscheme │ │ ├── XCredsLoginPlugin_TestDeploy.xcscheme │ │ ├── authrights.xcscheme │ │ └── xcredstap.xcscheme │ └── xcuserdata/ │ └── tperfitt.xcuserdatad/ │ ├── xcdebugger/ │ │ └── Breakpoints_v2.xcbkptlist │ └── xcschemes/ │ └── xcschememanagement.plist ├── XCredsLoginPlugIn/ │ ├── Bundle.swift │ ├── ContextAndHintHandling.swift │ ├── Info.plist │ ├── LoginProgressWindowController.xib │ ├── LoginWindow/ │ │ ├── AuthorizationDBManager.swift │ │ ├── ControlsViewController.swift │ │ ├── ControlsViewController.xib │ │ ├── LocalUsersViewController.xib │ │ ├── LoginWebViewController.swift │ │ ├── LoginWindow.swift │ │ ├── MainLoginWindow.swift │ │ ├── MainLoginWindowController.xib │ │ ├── SignInWindowController.swift │ │ ├── TCSReturnWindow.h │ │ ├── TCSReturnWindow.m │ │ ├── WhitePopoverBackgroundView.swift │ │ └── xcreds_login.sh │ ├── Mechanisms/ │ │ ├── LogOnly.swift │ │ ├── LogShim.swift │ │ ├── XCredsBaseMechanism.swift │ │ ├── XCredsCreateUser.swift │ │ ├── XCredsEnableFDE.swift │ │ ├── XCredsKeychainAdd.swift │ │ ├── XCredsLoginDone.swift │ │ ├── XCredsLoginMechanism.swift │ │ ├── XCredsPowerControlMechanism.swift │ │ └── XCredsUserSetup.swift │ ├── PinPromptWindowController.swift │ ├── PinPromptWindowController.xib │ ├── PinSetWindowController.swift │ ├── PinSetWindowController.xib │ ├── SetupCardWindowController.swift │ ├── SetupCardWindowController.xib │ ├── WifiWindowController.swift │ ├── WifiWindowController.xib │ ├── XCredsLoginPlugin.h │ ├── XCredsLoginPlugin.m │ ├── errorpage.html │ └── loadpage.html ├── app_to_test.sh ├── auth_mech_fixup/ │ ├── auth_mech_fixup-Bridging-Header.h │ └── main.swift ├── authrights/ │ └── authrights.swift ├── build.sh ├── build_resources/ │ ├── DropDMG/ │ │ └── XCreds/ │ │ ├── Icons/ │ │ │ ├── LayoutItem.19C61CBE-0A4A-4AFC-87F7-228B0913D85C.icns │ │ │ ├── LayoutItem.1F40890E-6379-429C-902A-F52E81C1B604.icns │ │ │ ├── LayoutItem.3125D295-9961-40A5-A990-E098A423D71A.icns │ │ │ ├── LayoutItem.9F03F118-1251-4179-9D61-1091A7F850A6.icns │ │ │ ├── original1.LayoutItem.40252953-9EB8-40F8-B657-1AF9D7687C25.icns │ │ │ ├── original1.LayoutItem.7A9CA9A3-6536-42F1-864C-D22F04A837BD.icns │ │ │ ├── original1.LayoutItem.9DA39BA9-26DC-48B5-8685-E2A52439F5D5.icns │ │ │ └── original1.LayoutItem.E51339B3-D748-4ACC-9F9B-64E9C1F1F3C9.icns │ │ ├── Info.plist │ │ └── Preview2.icns │ ├── Legal/ │ │ └── License Agreements.txt │ ├── Packages/ │ │ ├── XCreds/ │ │ │ ├── License Agreements.txt │ │ │ ├── Success.rtfd/ │ │ │ │ └── TXT.rtf │ │ │ ├── XCreds_template.pkgproj │ │ │ ├── scripts/ │ │ │ │ ├── postinstall.sh │ │ │ │ └── preinstall.sh │ │ │ └── template.pkgproj │ │ ├── XCreds Launch Agent/ │ │ │ ├── XCreds Launch Agent.pkgproj │ │ │ └── agent/ │ │ │ └── com.twocanoes.xcreds-launchagent.plist │ │ └── XCreds Uninstaller/ │ │ ├── Scripts/ │ │ │ └── postinstall.sh │ │ └── XCreds Uninstaller.pkgproj │ ├── buildscripts/ │ │ ├── build.sh │ │ └── build_post.sh │ └── exportOptions.plist ├── com.twocanoes.FileVaultLoginHelper.plist ├── com.twocanoes.xcreds-launchagent.plist ├── com.twocanoes.xcreds-overlay.plist ├── headers/ │ ├── DNSResolver.h │ ├── GSSItem.h │ └── krb5.h ├── push_to_test.sh ├── release-notes.md ├── release_notes.sh ├── release_notes_plain.sh ├── run_script.sh ├── scripts/ │ └── setup_xcreds_autostart.sh └── tap/ ├── Info.plist ├── Token.swift ├── TokenDriver.swift ├── TokenSession.swift └── tap.entitlements ================================================ FILE CONTENTS ================================================ ================================================ FILE: .gitignore ================================================ # These are some examples of commonly ignored file patterns. # You should customize this list as applicable to your project. # Learn more about .gitignore: # https://www.atlassian.com/git/tutorials/saving-changes/gitignore *UserInterfaceState.xcuserstate Carthage/ auth.db build/ old/ products/ # Node artifact files node_modules/ dist/ # Compiled Java class files *.class # Compiled Python bytecode *.py[cod] # Log files *.log # Package files *.jar # Maven target/ dist/ # JetBrains IDE .idea/ # Unit test reports TEST*.xml # Generated by MacOS .DS_Store # Generated by Windows Thumbs.db # Applications *.app *.exe *.war # Large media files *.mp4 *.tiff *.avi *.flv *.mov *.wmv ================================================ FILE: .gitmodules ================================================ [submodule "tcsopensourcetools"] path = tcsopensourcetools url = git@bitbucket.org:twocanoes/tcsopensourcetools.git ================================================ FILE: ADLDAPPing.swift ================================================ // // ADLDAPPing.swift // NoMAD // // Created by Michael Lynn, Phillip Boushy on 10/8/16. // Copyright © 2016 Orchard & Grove Inc. All rights reserved. // import Foundation struct DS_FLAGS : OptionSet { let rawValue: UInt32 init(rawValue value: UInt32) { rawValue = value } // List of DS_FLAGS variables // https://msdn.microsoft.com/en-us/library/cc223802.aspx static let DS_PDC_FLAG = DS_FLAGS(rawValue: 1 << 0) // 1 is reserved for future expansion static let DS_GC_FLAG = DS_FLAGS(rawValue: 1 << 2) static let DS_LDAP_FLAG = DS_FLAGS(rawValue: 1 << 3) static let DS_DS_FLAG = DS_FLAGS(rawValue: 1 << 4) // static let DS_KDC_FLAG = DS_FLAGS(rawValue: 1 << 5) static let DS_TIMESERV_FLAG = DS_FLAGS(rawValue: 1 << 6) static let DS_CLOSEST_FLAG = DS_FLAGS(rawValue: 1 << 7) static let DS_WRITABLE_FLAG = DS_FLAGS(rawValue: 1 << 8) static let DS_GOOD_TIMESERV_FLAG = DS_FLAGS(rawValue: 1 << 9) static let DS_NDNC_FLAG = DS_FLAGS(rawValue: 1 << 10) static let DS_SELECT_SECRET_DOMAIN_6_FLAG = DS_FLAGS(rawValue: 1 << 11) static let DS_FULL_SECRET_DOMAIN_6_FLAG = DS_FLAGS(rawValue: 1 << 12) static let DS_WS_FLAG = DS_FLAGS(rawValue: 1 << 13) static let DS_DS_8_FLAG = DS_FLAGS(rawValue: 1 << 14) static let DS_DS_9_FLAG = DS_FLAGS(rawValue: 1 << 15) // 16 - 28 are reserved for future expansion static let DS_DNS_CONTROLLER_FLAG = DS_FLAGS(rawValue: 1 << 29) static let DS_DNS_DOMAIN_FLAG = DS_FLAGS(rawValue: 1 << 30) static let DS_DNS_FOREST_FLAG = DS_FLAGS(rawValue: 1 << 31) } class ADLDAPPing { //var currentDataLocation: Int var type: UInt32 //uint32 var flags: DS_FLAGS //uint32 var domainGUID: UUID var forest: String //rfc1035 var domain: String //rfc1035 var hostname: String //rfc1035 var netbiosDomain: String //rfc1035 var netbiosHostname: String //rfc1035 var user: String //rfc1035 var clientSite: String //rfc1035 var serverSite: String class func decodeGUID(_ buffer: Data, start: Int) -> UUID { var bytes: [UInt8] = [UInt8](repeating: 0, count: 16) let length: Int = 16 (buffer as NSData).getBytes(&bytes, range: NSRange(location: start, length: length)) return (NSUUID(uuidBytes: bytes) as UUID) } class func decodeUInt32(_ buffer: Data, start: Int) -> UInt32 { var value: UInt32 = 0 let length: Int = 4 (buffer as NSData).getBytes(&value, range: NSRange(location: start, length: length)) return value } enum DecodeError: Error { case illegalTag case cyclicPointer } class func decodeRFC1035(_ buffer: Data, start: UInt16, seen: Set?) throws -> (r: String, c: UInt16) { let marker: UInt8 = 0xc0 var cursor: UInt16 = start var result: [String] = [] var pointers: Set pointers = Set() if (seen != nil) { pointers.formUnion(seen!) } while true { var tag: UInt8 = 0 (buffer as NSData).getBytes(&tag, range: NSRange(location: Int(cursor), length: 1)) cursor += 1 if (tag == 0) { // end of a sequence, time to tally up and return results break } else if ((tag & marker) == marker) { var byte: UInt8 = 0 (buffer as NSData).getBytes(&byte, range: NSRange(location: Int(cursor), length: 1)) cursor += 1 // we would appear to have a pointer, let's remember it var ptr: UInt16 = 0 let d: [UInt8] = [byte, (tag & ~marker)] // ptr += UnsafePointer(d).pointee ptr += UnsafePointer(d).withMemoryRebound(to: UInt16.self, capacity: 1) { $0.pointee } // check if we've seen it before already if pointers.contains(ptr) { throw DecodeError.cyclicPointer } pointers.insert(ptr) let (sresult, _) = try ADLDAPPing.decodeRFC1035(buffer, start: ptr, seen: pointers) result.append(sresult) break } else if ((tag & marker) > 0) { throw DecodeError.illegalTag } else { // read 'tag'-many bytes var s: [UInt8] = [UInt8](repeating: 0, count: Int(tag)) (buffer as NSData).getBytes(&s, range: NSRange(location: Int(cursor), length: Int(tag))) cursor += UInt16(tag) result.append(NSString(bytes: s, length: Int(tag), encoding: String.Encoding.utf8.rawValue)! as String) } } let final = result.joined(separator: ".") return (final, cursor) } init?( ldapPingBase64String: String ) { //let cleanedNetlogonBase64String = netlogonBase64String.componentsSeparatedByString(": ")[1] guard let netlogonData = Data(base64Encoded: ldapPingBase64String, options: []) else { myLogger.logit(.notice, message: "Netlogon base64 encoded string is invalid.") return nil } var cursor = UInt16(24) type = ADLDAPPing.decodeUInt32(netlogonData, start: 0) let tempFlags = ADLDAPPing.decodeUInt32(netlogonData, start: 4) //flags = ADLDAPPing.decodeUInt32(netlogonData, start: 4) // Decode Flags flags = DS_FLAGS(rawValue: tempFlags) //flags.contains(.DS_PDC_FLAG) TCSLogWithMark("Is PDC: " + flags.contains(.DS_PDC_FLAG).description) TCSLogWithMark("Is GC: " + flags.contains(.DS_GC_FLAG).description) TCSLogWithMark("Is LDAP: " + flags.contains(.DS_LDAP_FLAG).description) TCSLogWithMark("Is Writable: " + flags.contains(.DS_WRITABLE_FLAG).description) TCSLogWithMark("Is Closest: " + flags.contains(.DS_CLOSEST_FLAG).description) // END domainGUID = ADLDAPPing.decodeGUID(netlogonData, start: 8) // Get forest do { (forest, cursor) = try ADLDAPPing.decodeRFC1035(netlogonData, start: cursor, seen:nil) } catch let error { switch error { case DecodeError.cyclicPointer: myLogger.logit(.notice, message: "Decoding RFC1035 string created loop.") case DecodeError.illegalTag: myLogger.logit(.notice, message: "Decoding RFC1035 string found an illegal tag.") default: myLogger.logit(.notice, message: "Unable to decode RFC1035 string.") } return nil } // Get domain do { (domain, cursor) = try ADLDAPPing.decodeRFC1035(netlogonData, start: cursor, seen:nil) } catch let error { switch error { case DecodeError.cyclicPointer: myLogger.logit(.notice, message: "Decoding RFC1035 string created loop.") case DecodeError.illegalTag: myLogger.logit(.notice, message: "Decoding RFC1035 string found an illegal tag.") default: myLogger.logit(.notice, message: "Unable to decode RFC1035 string.") } return nil } // Get hostname do { (hostname, cursor) = try ADLDAPPing.decodeRFC1035(netlogonData, start: cursor, seen:nil) } catch let error { switch error { case DecodeError.cyclicPointer: myLogger.logit(.notice, message: "Decoding RFC1035 string created loop.") case DecodeError.illegalTag: myLogger.logit(.notice, message: "Decoding RFC1035 string found an illegal tag.") default: myLogger.logit(.notice, message: "Unable to decode RFC1035 string.") } return nil } // Get netbiosDomain do { (netbiosDomain, cursor) = try ADLDAPPing.decodeRFC1035(netlogonData, start: cursor, seen:nil) } catch let error { switch error { case DecodeError.cyclicPointer: myLogger.logit(.notice, message: "Decoding RFC1035 string created loop.") case DecodeError.illegalTag: myLogger.logit(.notice, message: "Decoding RFC1035 string found an illegal tag.") default: myLogger.logit(.notice, message: "Unable to decode RFC1035 string.") } return nil } // Get netbiosHostname do { (netbiosHostname, cursor) = try ADLDAPPing.decodeRFC1035(netlogonData, start: cursor, seen:nil) } catch let error { switch error { case DecodeError.cyclicPointer: myLogger.logit(.notice, message: "Decoding RFC1035 string created loop.") case DecodeError.illegalTag: myLogger.logit(.notice, message: "Decoding RFC1035 string found an illegal tag.") default: myLogger.logit(.notice, message: "Unable to decode RFC1035 string.") } return nil } // Get user do { (user, cursor) = try ADLDAPPing.decodeRFC1035(netlogonData, start: cursor, seen:nil) } catch let error { switch error { case DecodeError.cyclicPointer: myLogger.logit(.notice, message: "Decoding RFC1035 string created loop.") case DecodeError.illegalTag: myLogger.logit(.notice, message: "Decoding RFC1035 string found an illegal tag.") default: myLogger.logit(.notice, message: "Unable to decode RFC1035 string.") } return nil } // Get the site the DC is in. do { (serverSite, cursor) = try ADLDAPPing.decodeRFC1035(netlogonData, start: cursor, seen:nil) } catch let error { switch error { case DecodeError.cyclicPointer: myLogger.logit(.notice, message: "Decoding RFC1035 string created loop.") case DecodeError.illegalTag: myLogger.logit(.notice, message: "Decoding RFC1035 string found an illegal tag.") default: myLogger.logit(.notice, message: "Unable to decode RFC1035 string.") } return nil } // Get the site the client is in. do { (clientSite, cursor) = try ADLDAPPing.decodeRFC1035(netlogonData, start: cursor, seen:nil) } catch let error { switch error { case DecodeError.cyclicPointer: myLogger.logit(.notice, message: "Decoding RFC1035 string created loop.") case DecodeError.illegalTag: myLogger.logit(.notice, message: "Decoding RFC1035 string found an illegal tag.") default: myLogger.logit(.notice, message: "Unable to decode RFC1035 string.") } return nil } } } ================================================ FILE: BUILD.md ================================================ # Building XCreds git clone https://github.com/twocanoes/xcreds.git cd xcreds git submodule init git submodule update carthage update xcodebuild ================================================ FILE: CHANGELOG.md ================================================ # Changelog ## 4.1.6375 (28/02/2024) ## 4.1.6375 (2024-02-28) * updated release notes, fixed script typo [View](https://github.com/twocanoes/xcreds/commit/cdd59f8bfe7b6153c038fb2bbfcc2e2b663b8380) * updated release notes [View](https://github.com/twocanoes/xcreds/commit/88c96dff9b1de5199bf8511c4cf04c21bb42daa8) * added remounting and refresh kerb ticket after network change [View](https://github.com/twocanoes/xcreds/commit/8db9ec64dab9655635cf7b5cd4f0a5911c1e344a) * fixed "Sign in" window issue (OIDC and AD Configured) #170 and Admin user set to Standard user on Local Login #173 [View](https://github.com/twocanoes/xcreds/commit/0b8d9feab4e8dc9bf2d3c31377d2d7bacd49cb01) * Sign in prompted (While not connected to a network) #168 [View](https://github.com/twocanoes/xcreds/commit/4ccca1c62d3308a1bcbefe9caf3af83a8c5ad7d9) * updated profile manifest [View](https://github.com/twocanoes/xcreds/commit/fb8ca59c9951b13c458cb2a2391527dcd221085a) * [Feature Request] Local User Behavior #174 [View](https://github.com/twocanoes/xcreds/commit/009d1bfc6d2c849194f207e0106cdafe5226e179) * fixed crash on menu and edge case with both web and username password views showing [View](https://github.com/twocanoes/xcreds/commit/d6a1b173fc42c3a9724c3e484ab3f06afb26ba9c) * bumped version [View](https://github.com/twocanoes/xcreds/commit/d5840c37a8410fbf4076ee362d720da4910ff2dd) ## 4.1.6346 (2024-02-13) * added fix for override still prompting when overridesilent set [View](https://github.com/twocanoes/xcreds/commit/dec4a69c78ff5ee8876c6b00d33a1a09400ced92) * fixed silentoverride issue [View](https://github.com/twocanoes/xcreds/commit/253a29c608e728c6177bd86e4ec70339611e95a8) * fixed multiple share mounting [View](https://github.com/twocanoes/xcreds/commit/fbc40e45085a2c338f671f5fb827828e2683950d) * fixed Update manifest pfm_last_modified and pfm_version #164 [View](https://github.com/twocanoes/xcreds/commit/a9f5ccc89dd7a7b673d3886aedef8073fe87c980) * implemented [Feature Request] AD - Option to hide Sign-In menu item #150 [View](https://github.com/twocanoes/xcreds/commit/629dfe117cd0665192a536f6f984dbf00a31ee57) * implemented [Feature Request] Standard wallpaper options for default background #155 [View](https://github.com/twocanoes/xcreds/commit/81509683f4e54462c6cc697331132980ee7b58a1) ## 4.1.6313 (2024-02-06) * fixed issue with menu item not updating tokens [View](https://github.com/twocanoes/xcreds/commit/7661fc2d703c065a9a71b0751a6427f1b636783e) * fixed automount [View](https://github.com/twocanoes/xcreds/commit/8a9f8c2aa143ab3138e2741e2ce6061cdd35419b) * remove admin if we made them admin [View](https://github.com/twocanoes/xcreds/commit/e87ec92d5bdb3ace68060f6db3469d76d0dbf0cc) * added check for not removing last admin user [View](https://github.com/twocanoes/xcreds/commit/fbe883413f83d7f96fb5ba0da68ca93ced5e9484) * fixed prompting when both AD and cloud are configured [View](https://github.com/twocanoes/xcreds/commit/32f2bebb4707ed70e21ccfb50f30d09eff076ce9) * added kerberosprincipalname pref and getting kerb ticket with oidc login [View](https://github.com/twocanoes/xcreds/commit/c14fd13e6e347d9be49a709531ecb24b08bafb96) * added menuItemWindowBackgroundImageURL [View](https://github.com/twocanoes/xcreds/commit/7c81253b3643a76c0468d4424344f61fe578d520) * better selection of menu item prompting if both AD and OIDC is setup [View](https://github.com/twocanoes/xcreds/commit/a4140ace5ca7f22d26bf502da72fd928dc4388c6) * fixed issue with ACL on tokens in keychain [View](https://github.com/twocanoes/xcreds/commit/4aeda19969b358ae27baa02aec067ac0f9318a29) * added custom menu item pref [View](https://github.com/twocanoes/xcreds/commit/9453fbd3a3b09887ffd1807dee6ae9e6e8eb574a) * ability to customize Share menu item; added username for AD and OIDC in menu [View](https://github.com/twocanoes/xcreds/commit/b67970aaa2a5ef450cb6d5888338ce4536a2e891) * added pref for shares [View](https://github.com/twocanoes/xcreds/commit/9c8d920744cd44a2b27163db2c1a84d81c5665b3) * added better descriptions to share manifest [View](https://github.com/twocanoes/xcreds/commit/2004767b7c99782c41f3b0a43079ce92daa22374) * updated whats new [View](https://github.com/twocanoes/xcreds/commit/f81c831706a7fdbf124a5d0926fe790b728a4366) * updated manifest [View](https://github.com/twocanoes/xcreds/commit/a3ca6493d51a71006d2e612df747ea1c1747acb9) ## release-4.0 (2024-01-29) ## 4.0.6274 (2024-01-29) * fixed issue with local password update [View](https://github.com/twocanoes/xcreds/commit/b12e859184f6812080906256315d1d7b2f29e496) * updated ropg prefs and checking [View](https://github.com/twocanoes/xcreds/commit/e3149de819f2b72a7e11f9891815de5d5c6511b9) * Minor fixes for ropg [View](https://github.com/twocanoes/xcreds/commit/f99bdd5aa288331c469bd8d6fca83af3642fd622) * fixed passwordElementID preference can cause issue with setting local password #161 [View](https://github.com/twocanoes/xcreds/commit/5b547377d591c7e8dcfc6165197fcf5d94bd881b) * PasswordOverwriteSilent does not prevent user prompt for password #160 [View](https://github.com/twocanoes/xcreds/commit/a438d09a10fa35c914877559a8bab415083a428a) * shouldUseROPGForMenuLogin hides offline login option at XCreds login window #158 [View](https://github.com/twocanoes/xcreds/commit/17f24dd92b8c83bb591b5cd9bb50e41c9ac4086f) * Improvement for refreshRateMinutes description #157 [View](https://github.com/twocanoes/xcreds/commit/cc6e736f0429bb78ac0a925395b305f21d98af4a) * Typos in manifest descriptions #156 [View](https://github.com/twocanoes/xcreds/commit/eae6dff1654237d13bbab857a5e1d8c30c5ffe11) * added release notes [View](https://github.com/twocanoes/xcreds/commit/af102f94dd2fdf999b775f6c01cc2fbd98935819) ## 4.0.6261 (2024-01-15) * built release notes [View](https://github.com/twocanoes/xcreds/commit/7440e188957a5c489891d75513dad33df2ec6aec) * applied patch from Jim Zajkowski to fix integration issues [View](https://github.com/twocanoes/xcreds/commit/278862f63decc361c2dcc1e99da541c431b7099d) * fixed up kerb ticket status in menu [View](https://github.com/twocanoes/xcreds/commit/93371b9a3b32c7f09e23d1b55fb1c783ffd580de) * refactored menu code [View](https://github.com/twocanoes/xcreds/commit/a76b7f843d4a156233abeb9039152748e2dc52c9) * fixed issue with updating keychain [View](https://github.com/twocanoes/xcreds/commit/d0b70c3142e385a51c79c1f94812393a6067e178) * more attempt at sharemounter integration [View](https://github.com/twocanoes/xcreds/commit/18e44d1d6b156ffb63686db8d52905e287dc5f24) * implemented shares [View](https://github.com/twocanoes/xcreds/commit/8bd74a3ac8fe78088e280c19d9ee80eeb1658129) * added additional sample profiles [View](https://github.com/twocanoes/xcreds/commit/721bf74a6f58cce0b09b1aa2e88f6317b643bede) * fixed home mounting [View](https://github.com/twocanoes/xcreds/commit/b4ffa8ff9788cdd76694174c54dd0bc3ce9ddbcc) * fixed enabing window state with AD [View](https://github.com/twocanoes/xcreds/commit/24d17c9845baa29acbd7ec408c02553dd4d7ea3d) * pointed package to main branch for oidclite [View](https://github.com/twocanoes/xcreds/commit/7f23a07412363c7d45ce093eaff0bbac644265bb) * Allow forcing of webview login window [View](https://github.com/twocanoes/xcreds/commit/88eaaf49ff27a7fb38c879d15e597912f06c0d29) * Support separate client ID and secret for ropg [View](https://github.com/twocanoes/xcreds/commit/4e008168bbf206d6678d7c1649e26ec7424928a3) * wip [View](https://github.com/twocanoes/xcreds/commit/7d5fba55eab2430038c2a86b79c08f714316e57b) * fixed issue with ropg clientid/secret selection [View](https://github.com/twocanoes/xcreds/commit/1642241ea03ddc43b4a04b7e9a4f0885113ab4dc) * Keychain is reset on cloud password change when user enters old local password #148 [View](https://github.com/twocanoes/xcreds/commit/79f1bb531ce5fa20389b4fed319bac3539314e96) * Admin status does not change after removed from group #145 [View](https://github.com/twocanoes/xcreds/commit/f9821f992afe305d2be9bec0ee0aec9e1b5dbdca) * Fix manifest key name for loadPageInfo #143 [View](https://github.com/twocanoes/xcreds/commit/b747d621e864a40906b13b85e6d184ead1fb485c) * bumped version [View](https://github.com/twocanoes/xcreds/commit/aad768b0f0b76345a3e7ee2ea0d02fbcf6e953b1) ## 4.0.6203 (2024-01-01) * added release notes and script to generate release notes [View](https://github.com/twocanoes/xcreds/commit/ff9dc64fea8e6f438755e1d72837fce4391d167c) * Feature Request: Allow "loadpage.html" to be customized. #126. To test, add in new keys "loadPageTitle" and "loadPageInfo" or try the xcreds_example_azure_loadPageTitle_loadPageInfo.mobileconfig [View](https://github.com/twocanoes/xcreds/commit/37c7477f66362c1823c49138b49afcad388abbc5) * Update description in manifest for loginWindowWidth and loginWindowHeight #138 [View](https://github.com/twocanoes/xcreds/commit/5951d753b391fda49534c5dda13d508479e66fd8) * [feature request] LocalAD - make sync password with AD optional with preference key #130. To test, set the shouldPromptForADPasswordChange to false and set the user account to require password change on next login and verify the user is not prompted [View](https://github.com/twocanoes/xcreds/commit/0b85b4ffb8e95b8d79ffcf455ac034c05ce4d4f4) * XCreds breaking Munki's logout/install @loginscreen logic #102. Test by defining hideIfPathExists to a path like /tmp/hide and then add/remove and UI should show /hide. Or use sample profile xcreds_example_azure_hide.mobileconfig [View](https://github.com/twocanoes/xcreds/commit/770c179262658ccfd27f9de3808b931cc69a86e4) * Option to enforce account to log in #21. To test, create allowedUsersArray with name of user allowed to log in and define allowUsersClaim with an OIDC claim that contains that value. Or use the xcreds_example_azure_allow_fred.mobileconfig to test [View](https://github.com/twocanoes/xcreds/commit/ee95927865f1e912898c4d030cb367fd589db114) * Feature Request: Force Wi-Fi on option or Wi-Fi on/off switch in "Configure Wi-Fi" #58 [View](https://github.com/twocanoes/xcreds/commit/bfa28014c7d0c000369d49bf9a3896128616901a) * added removeadmin function but not used since it can cause local admins to unadmin [View](https://github.com/twocanoes/xcreds/commit/cc322befaf88bf3440a9d086089468660a4354f3) * loginWindowBackgroundImageURL image should be cached if not a file:// URL #72 [View](https://github.com/twocanoes/xcreds/commit/b2cfd643ac6419904cc30037eaceaf5bb939cc7b) * bumped build number [View](https://github.com/twocanoes/xcreds/commit/500575b7dfa81c7a9a7231aeac88bd3cfe6a5497) ## 4.0.6177 (2023-12-28) * added date to license agreement to resolve Date not shown on user agreement #134 [View](https://github.com/twocanoes/xcreds/commit/17df8ec0734b9a8eddb2485e4d16af25ddd2df30) * fixed Password reset dialog rendering and text need fixes #133 [View](https://github.com/twocanoes/xcreds/commit/a03c7f1463be0ab89a787d08f2f211c8bb9a6552) * Cloud login screen button section pushed to left side #132 [View](https://github.com/twocanoes/xcreds/commit/0a300f842d6ab85e8c28501c9b4b87e57b5e0017) * Active Directory login - blank login after expired user attempts sign-in #114 [View](https://github.com/twocanoes/xcreds/commit/b8d52d586aaa8db98487a8bd8279fbd673992ad8) * Prompt for Secure Token Admin Login When Required for AD #127 [View](https://github.com/twocanoes/xcreds/commit/42002e66a6d90726e9a5f4132f232afd107736d7) * [bug] Build 6023 LocalAD - cancelling Change Password prompt breaks login fields. #129 [View](https://github.com/twocanoes/xcreds/commit/be300977b25f12e409b506de0f0d6fc1addd9ebd) * Add ability to select active directory login to select mapped user account #136 [View](https://github.com/twocanoes/xcreds/commit/19260d33f6a35b1564112c9be94e804bf892cb14) * fixed issue with initial focus [View](https://github.com/twocanoes/xcreds/commit/f40cf398168bffd52a75745ab3527b7f9bfc9f20) * https://github.com/twocanoes/xcreds/issues/54 [View](https://github.com/twocanoes/xcreds/commit/270732273500c8d5d1e791b565df25d581f5e0f4) * Request: display user password expiration (days left or specific date) in app. #54 [View](https://github.com/twocanoes/xcreds/commit/2774028c41b4a2b5031296e284d1cde5ae48541f) * Refresh does not change next password check time #88 [View](https://github.com/twocanoes/xcreds/commit/fdcd94b1dd7f99c6baf635af6d7978d0aad30df3) * changed cartfile to point to github [View](https://github.com/twocanoes/xcreds/commit/960fa77bb2cb6b21719fb33481febbb594b53f90) * removed framework [View](https://github.com/twocanoes/xcreds/commit/ed417781d823012a779fd93c4c29cf46259d0bee) * removed framework [View](https://github.com/twocanoes/xcreds/commit/c054c66e231955a396f9f28bd26d8352ae7ed48f) * added key for ROPG at login window [View](https://github.com/twocanoes/xcreds/commit/716934b3e90d1f8cc454e7f25232584e3f2b5d3a) * partial refactor wip [View](https://github.com/twocanoes/xcreds/commit/1c0fc161b10042d6f88097ffb255749e682023bf) * partial refactor wip [View](https://github.com/twocanoes/xcreds/commit/e24b7e07ec5ceefeacda3cbaa2b92e71a7261ecf) * partial refactor wip [View](https://github.com/twocanoes/xcreds/commit/f651bc35965ad5a1a1c713a4ff0a3cd4b20cb00b) * ropg at login window initial implementation [View](https://github.com/twocanoes/xcreds/commit/32ad7b391c89e870fe373cdac46e62744fb79221) * cleaned up ropg login code [View](https://github.com/twocanoes/xcreds/commit/e9b12682acdcdd8f5b3bd9f1035c80ca2e359995) * hide refresh when on username/password window; move focus to blank password when not entered for username/password window [View](https://github.com/twocanoes/xcreds/commit/b54cf49b000fa8806229300455901955f2f1edf2) * fixed menu app password verification [View](https://github.com/twocanoes/xcreds/commit/93ac8b9bfbeefb2d7b5df4585d033005b6907300) * added ShareMounter and missing KerbUtil filet [View](https://github.com/twocanoes/xcreds/commit/3f14dc2639807400e8c1b6f8824a05d6ea2b474b) * added username / password view to prompt in userspace [View](https://github.com/twocanoes/xcreds/commit/a56020e4ba24ef0d2d634f4e3ad71964c561eaad) * fixed cancel for AD userspace cancel [View](https://github.com/twocanoes/xcreds/commit/8acaf42493adf20b98f132182b7951fae9181976) * fixed override script in usersapce [View](https://github.com/twocanoes/xcreds/commit/bdd67573335b01e9aa809a8af6570474183751cb) * fixed typo [View](https://github.com/twocanoes/xcreds/commit/48329e1d05488dd2b66820ab8d62b6c540901f41) ## 4.0.6023 (2023-12-12) * use default desktop from CoreServices [View](https://github.com/twocanoes/xcreds/commit/c2c99e2657bc7c4e77aa12628c00a1cec35e65dc) * reload the login window when wifi is connected [View](https://github.com/twocanoes/xcreds/commit/64b6876f8ba181c57d1a4ecb9ab8276cc7acb173) * fix conflicts in XCreds app [View](https://github.com/twocanoes/xcreds/commit/e29288a7b32a91a9dabe978caadaa41cce0549f6) * Add new NetworkMonitor and reload webview on network changes [View](https://github.com/twocanoes/xcreds/commit/e6fd5e31e6b573eaeec5d9df9cb8d7545e4d693e) * add new networkmonitor [View](https://github.com/twocanoes/xcreds/commit/0ede34aef5b8ec9c41c41f4a57526cfd2be6b06c) * better handling of loginwindow reload [View](https://github.com/twocanoes/xcreds/commit/472754db230ba77da0ff36c07ccb0a76ebc88dd7) * bumped version [View](https://github.com/twocanoes/xcreds/commit/0a130f4456899320bc2106dc3ee8d0179abf87c6) * bumped version [View](https://github.com/twocanoes/xcreds/commit/bec80f2ecde022f94e1bb6297b7c0d22b4b57d04) * Resolves #111 by only refreshing when on cloud login [View](https://github.com/twocanoes/xcreds/commit/ca8e9851796b02efdcf0b8237cef4fe03622cbf0) * removed tperfitt from logging. issu #108 [View](https://github.com/twocanoes/xcreds/commit/0f75ef578c89f3cfab35e83e1d863b3b281a88b7) * added info in DS for sub and iss when user is logging in and account is created [View](https://github.com/twocanoes/xcreds/commit/a16e2f5b40d2dcdc35e15c864a7887959720f64c) * initial implementation of allow user to select account to map to #98 [View](https://github.com/twocanoes/xcreds/commit/9b4b781714778a0346cb4047a61b5c6b0ce8e4fe) * added preference shouldAllowKeyComboForMacLoginWindow and key combo (control-option return) to switch logon window. command-option-control return for mac login window. Feature Request: Show / Hide the switch login button with a pref key. #121 [View](https://github.com/twocanoes/xcreds/commit/71b874ecf39fcafd7e794306e3a8dfafbcb69ce8) * Log shows tperfitt user profile path #108 [View](https://github.com/twocanoes/xcreds/commit/beb62fab79a1631780e12742763041c15f6aaecb) * Feature Request: Option to alias IdP username to local DS user account #59 [View](https://github.com/twocanoes/xcreds/commit/dd428a9717546b5ea12d7c8677fa99084ce2cccf) * add missing Credits.txt file [View](https://github.com/twocanoes/xcreds/commit/ccadd3398bc60d7b11807980f306dfbd8453c59f) * fixed typo [View](https://github.com/twocanoes/xcreds/commit/0e668f6af5873f5b7ff8770cc34b6ac6138d8e94) * updated manifest for new keys [View](https://github.com/twocanoes/xcreds/commit/f418394373ad7c62d3e297c7f5cd224aaf8d19f9) * showed Create New Account button in migration modal [View](https://github.com/twocanoes/xcreds/commit/59ab7e8d1dae2c1972041eb1e2b7082a98737ae6) * fixed issue #124: Default behavior wrong for shouldAllowKeyComboForMacLoginWindow [View](https://github.com/twocanoes/xcreds/commit/6f3737257205f4d2faa035b6f051bf6bfed2074b) * refactored code to add admin to user account based on group membership each login (issue #109); added groups claim value to OD record on each login in _xcreds_oidc_groups (issue #117) [View](https://github.com/twocanoes/xcreds/commit/8376942e6e23f8804bd5cec3cfff383792391031) * updated license agreement (issue #90) [View](https://github.com/twocanoes/xcreds/commit/f41411c5a51706ba7b33776edc845a409400bf1e) * Detect when no password was entered #17 [View](https://github.com/twocanoes/xcreds/commit/7cf2837f3d653a893f2f5c031c0a72298340aa70) * updated animation when logging in [View](https://github.com/twocanoes/xcreds/commit/51387b15384032bc5f4e82a5d6fea8a49c6e2625) * adding arbitrary claims to local DS user account [View](https://github.com/twocanoes/xcreds/commit/e47832e21a76d3ae86af3e7e5fee41f29772436f) * fixed Active Directory issue after password change #112 [View](https://github.com/twocanoes/xcreds/commit/14e2a7c1e1d15e8655f44bef182a2e14bc0892ce) * partial fix for #114 [View](https://github.com/twocanoes/xcreds/commit/856a3549bec86c6c52b4ed368b2e59d25c38c5a7) * refactored windows to views [View](https://github.com/twocanoes/xcreds/commit/8a0994c7dfbe071ce5397d52070c2a4c9ab9a309) * fixed centering and cloud login sizing [View](https://github.com/twocanoes/xcreds/commit/f83d523c57cf9f65f6f1b7931bdf34ad5a04c090) * fixing timing for animation when logging in; tweaked UI [View](https://github.com/twocanoes/xcreds/commit/9c659dbb4a12c9ee4cbe396119a058d2594e6827) * streamlined startup process [View](https://github.com/twocanoes/xcreds/commit/1895f0365a3aba91fc9c43961bca78ee6a9482e6) * refactored dialogs for prompting for user info; fixed ad groups for making admin user [View](https://github.com/twocanoes/xcreds/commit/7c5af73cb91a83c8f323edc1d8bd9538b02fbd71) * added missing template for package [View](https://github.com/twocanoes/xcreds/commit/281fe86d7bb33c7f278f05117794069c991efb47) * fixed showing offline button [View](https://github.com/twocanoes/xcreds/commit/72ffc3fd5434eb742e1cffa3cb073228f4883292) * implemented feature request: localad/kebereros support for saving groups to prefs #125 [View](https://github.com/twocanoes/xcreds/commit/1d3e2be0a87c3e5d2843767db28de90894bc12cc) * fixed enabling views when logging in [View](https://github.com/twocanoes/xcreds/commit/3ac6e3739200a3ae6f708be731c4d7acdf279e7e) * fixed javascript to key on input instead of keydown/keyup [View](https://github.com/twocanoes/xcreds/commit/3d41a199cfd92f233677cc6859f837ede388311c) * implemented Prompt for Secure Token Admin Login When Required #123 [View](https://github.com/twocanoes/xcreds/commit/32b118fe0c96b6cee8bd8a37bcff22611f28e55b) * fixed Update documented minimum for loginWindowWidth and loginWindowHeight #91 [View](https://github.com/twocanoes/xcreds/commit/21814425a055f0240fb4c11c37c0d01045620fd6) * wip [View](https://github.com/twocanoes/xcreds/commit/a5aca79363b6f3cc974442534bbc7818b0e4775b) * fixed issue with updating password in userspace [View](https://github.com/twocanoes/xcreds/commit/9e483c451eccac80fc533f993fe21a526970fd9e) * bumped build number [View](https://github.com/twocanoes/xcreds/commit/867fc0f3337cde76a06cb821471de2bcd6fb9506) ## v3.2.1.6002 (2023-12-11) * use default desktop from CoreServices [View](https://github.com/twocanoes/xcreds/commit/c2c99e2657bc7c4e77aa12628c00a1cec35e65dc) * reload the login window when wifi is connected [View](https://github.com/twocanoes/xcreds/commit/64b6876f8ba181c57d1a4ecb9ab8276cc7acb173) * fix conflicts in XCreds app [View](https://github.com/twocanoes/xcreds/commit/e29288a7b32a91a9dabe978caadaa41cce0549f6) * Add new NetworkMonitor and reload webview on network changes [View](https://github.com/twocanoes/xcreds/commit/e6fd5e31e6b573eaeec5d9df9cb8d7545e4d693e) * add new networkmonitor [View](https://github.com/twocanoes/xcreds/commit/0ede34aef5b8ec9c41c41f4a57526cfd2be6b06c) * better handling of loginwindow reload [View](https://github.com/twocanoes/xcreds/commit/472754db230ba77da0ff36c07ccb0a76ebc88dd7) * bumped version [View](https://github.com/twocanoes/xcreds/commit/0a130f4456899320bc2106dc3ee8d0179abf87c6) * bumped version [View](https://github.com/twocanoes/xcreds/commit/bec80f2ecde022f94e1bb6297b7c0d22b4b57d04) * Resolves #111 by only refreshing when on cloud login [View](https://github.com/twocanoes/xcreds/commit/ca8e9851796b02efdcf0b8237cef4fe03622cbf0) * removed tperfitt from logging. issu #108 [View](https://github.com/twocanoes/xcreds/commit/0f75ef578c89f3cfab35e83e1d863b3b281a88b7) * added info in DS for sub and iss when user is logging in and account is created [View](https://github.com/twocanoes/xcreds/commit/a16e2f5b40d2dcdc35e15c864a7887959720f64c) * initial implementation of allow user to select account to map to #98 [View](https://github.com/twocanoes/xcreds/commit/9b4b781714778a0346cb4047a61b5c6b0ce8e4fe) * added preference shouldAllowKeyComboForMacLoginWindow and key combo (control-option return) to switch logon window. command-option-control return for mac login window. Feature Request: Show / Hide the switch login button with a pref key. #121 [View](https://github.com/twocanoes/xcreds/commit/71b874ecf39fcafd7e794306e3a8dfafbcb69ce8) * Log shows tperfitt user profile path #108 [View](https://github.com/twocanoes/xcreds/commit/beb62fab79a1631780e12742763041c15f6aaecb) * Feature Request: Option to alias IdP username to local DS user account #59 [View](https://github.com/twocanoes/xcreds/commit/dd428a9717546b5ea12d7c8677fa99084ce2cccf) * add missing Credits.txt file [View](https://github.com/twocanoes/xcreds/commit/ccadd3398bc60d7b11807980f306dfbd8453c59f) * fixed typo [View](https://github.com/twocanoes/xcreds/commit/0e668f6af5873f5b7ff8770cc34b6ac6138d8e94) * updated manifest for new keys [View](https://github.com/twocanoes/xcreds/commit/f418394373ad7c62d3e297c7f5cd224aaf8d19f9) * showed Create New Account button in migration modal [View](https://github.com/twocanoes/xcreds/commit/59ab7e8d1dae2c1972041eb1e2b7082a98737ae6) * updated js [View](https://github.com/twocanoes/xcreds/commit/e621f6a8da59c6923f0ba12b6a3abf5c9a916f34) * bumped version and build [View](https://github.com/twocanoes/xcreds/commit/7140e72c2e619e26b2db99e21f917f6b3147570a) * adde missing credits file [View](https://github.com/twocanoes/xcreds/commit/81f8e48a696c1eeab46bbcb4f36eea66fe6113f4) ## v3.3.5269 (2023-11-27) * use default desktop from CoreServices [View](https://github.com/twocanoes/xcreds/commit/c2c99e2657bc7c4e77aa12628c00a1cec35e65dc) * reload the login window when wifi is connected [View](https://github.com/twocanoes/xcreds/commit/64b6876f8ba181c57d1a4ecb9ab8276cc7acb173) * fix conflicts in XCreds app [View](https://github.com/twocanoes/xcreds/commit/e29288a7b32a91a9dabe978caadaa41cce0549f6) * Add new NetworkMonitor and reload webview on network changes [View](https://github.com/twocanoes/xcreds/commit/e6fd5e31e6b573eaeec5d9df9cb8d7545e4d693e) * add new networkmonitor [View](https://github.com/twocanoes/xcreds/commit/0ede34aef5b8ec9c41c41f4a57526cfd2be6b06c) * better handling of loginwindow reload [View](https://github.com/twocanoes/xcreds/commit/472754db230ba77da0ff36c07ccb0a76ebc88dd7) * bumped version [View](https://github.com/twocanoes/xcreds/commit/0a130f4456899320bc2106dc3ee8d0179abf87c6) * bumped version [View](https://github.com/twocanoes/xcreds/commit/bec80f2ecde022f94e1bb6297b7c0d22b4b57d04) * Resolves #111 by only refreshing when on cloud login [View](https://github.com/twocanoes/xcreds/commit/ca8e9851796b02efdcf0b8237cef4fe03622cbf0) * removed tperfitt from logging. issu #108 [View](https://github.com/twocanoes/xcreds/commit/0f75ef578c89f3cfab35e83e1d863b3b281a88b7) * added info in DS for sub and iss when user is logging in and account is created [View](https://github.com/twocanoes/xcreds/commit/a16e2f5b40d2dcdc35e15c864a7887959720f64c) * initial implementation of allow user to select account to map to #98 [View](https://github.com/twocanoes/xcreds/commit/9b4b781714778a0346cb4047a61b5c6b0ce8e4fe) * added preference shouldAllowKeyComboForMacLoginWindow and key combo (control-option return) to switch logon window. command-option-control return for mac login window. Feature Request: Show / Hide the switch login button with a pref key. #121 [View](https://github.com/twocanoes/xcreds/commit/71b874ecf39fcafd7e794306e3a8dfafbcb69ce8) * Log shows tperfitt user profile path #108 [View](https://github.com/twocanoes/xcreds/commit/beb62fab79a1631780e12742763041c15f6aaecb) * Feature Request: Option to alias IdP username to local DS user account #59 [View](https://github.com/twocanoes/xcreds/commit/dd428a9717546b5ea12d7c8677fa99084ce2cccf) * add missing Credits.txt file [View](https://github.com/twocanoes/xcreds/commit/ccadd3398bc60d7b11807980f306dfbd8453c59f) * fixed typo [View](https://github.com/twocanoes/xcreds/commit/0e668f6af5873f5b7ff8770cc34b6ac6138d8e94) * updated manifest for new keys [View](https://github.com/twocanoes/xcreds/commit/f418394373ad7c62d3e297c7f5cd224aaf8d19f9) * showed Create New Account button in migration modal [View](https://github.com/twocanoes/xcreds/commit/59ab7e8d1dae2c1972041eb1e2b7082a98737ae6) ## v3.2.5197 (2023-10-17) * updated readme [View](https://github.com/twocanoes/xcreds/commit/4f27ddcd3d2a3a8e47f51a40a7631a7bf3343d88) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/e99abc0bb097c042f0ce0283547045ec1916db63) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/70082e7da4df6b71284735eb788b992df4c8ca40) * updated url in profile manifest [View](https://github.com/twocanoes/xcreds/commit/33ef0c9f2f30afc4260526b27ee4e6995e94fcfa) * fixed issue 95: whitespace characters in password and username [View](https://github.com/twocanoes/xcreds/commit/63f4ca53c2c1ba31fd93fd4921042d21284570c6) * shouldPreferLocalLoginInsteadOfCloudLogin [View](https://github.com/twocanoes/xcreds/commit/79e798afab9162255b7a019b74bbb3122330e83a) * another attempt at fixing https://github.com/twocanoes/xcreds/issues/95 [View](https://github.com/twocanoes/xcreds/commit/819e9a047f8d1e9e6d5a4f26b32238cb7fc9da88) * wip [View](https://github.com/twocanoes/xcreds/commit/4ac36cbc2d085ee32bd8d82a66feeb925ff118fb) * fixed keyboard nav for controls [View](https://github.com/twocanoes/xcreds/commit/c5c0cad10f5d5f22f8b6ce3d0993f5f1f72d8f3b) * issue #100: Detect Offline [View](https://github.com/twocanoes/xcreds/commit/fe804f167446fc4b22e128cca576ddd7276fd96f) * Add ability to check passwords via ROPG [View](https://github.com/twocanoes/xcreds/commit/f7c62c0466106cbc26f9f67be441dad847c32ecf) * Rename prefkey to be more boolean [View](https://github.com/twocanoes/xcreds/commit/2909f625588fe25c2082fbf2ff88df468e19c79d) * update to profile manifest [View](https://github.com/twocanoes/xcreds/commit/7fcb0a392b0e8d8c19e81f8e827d6de996da75c4) * fixed typo in function name [View](https://github.com/twocanoes/xcreds/commit/8c12d454e393cc0c52a0feb314a67c357bbac1c9) * added a smidge more logging [View](https://github.com/twocanoes/xcreds/commit/86256a2825eeeebf6eb63fe26451c372e149c2a2) * added self healing for auth rights [View](https://github.com/twocanoes/xcreds/commit/9b43e1cb382cfea1b40a2f40b6cdf6189fed385b) * updated manifest [View](https://github.com/twocanoes/xcreds/commit/7cdf884f2aed100080069e9b3a589af736062c99) ## release_3_1 (2023-07-14) * updated readme [View](https://github.com/twocanoes/xcreds/commit/4f27ddcd3d2a3a8e47f51a40a7631a7bf3343d88) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/e99abc0bb097c042f0ce0283547045ec1916db63) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/70082e7da4df6b71284735eb788b992df4c8ca40) * updated history.md [View](https://github.com/twocanoes/xcreds/commit/85b71172d3192616371ccc30ea16fb6dd092a54e) * fixed check timer to still work if mac sleeps [View](https://github.com/twocanoes/xcreds/commit/af491f5febf433bfeb8478d71a2fa29309676765) * fixed issue with token update time [View](https://github.com/twocanoes/xcreds/commit/0d14279e4003400a0fef812247f3c790fc802f5e) * fixed fade; cleaned up user mappings for weird characters [View](https://github.com/twocanoes/xcreds/commit/c6304954d6b02109d4ff90ed2d3b94963f761461) * final touches [View](https://github.com/twocanoes/xcreds/commit/df5f1110c5800ac8aa31293ac509817a62fedfbc) * bumped to 3.2; added some additional logging [View](https://github.com/twocanoes/xcreds/commit/5a544859855835a6c1d8bfb35a39aeb30cda5962) * bumped build number to 5000 [View](https://github.com/twocanoes/xcreds/commit/6250fdf999d7e57bfd51fe55186fde6fce92a3c0) * updated permission for override_script [View](https://github.com/twocanoes/xcreds/commit/fac2af918a65d5f92c211e4707e9e14d36e5bee1) * changed version back to 3.1; added better about window with history; changed override script requirments to be owned by _securityagent and be 700 [View](https://github.com/twocanoes/xcreds/commit/2f8dd4e599a71d02a88fa4a66814e419c71c0e65) * added command click login window for mac login window [View](https://github.com/twocanoes/xcreds/commit/f0a5b1fc76c133f199da75f31202401476da2af1) * text fixes [View](https://github.com/twocanoes/xcreds/commit/97c383e24729982c364e456ba5c3d49aa983060a) * updated build script [View](https://github.com/twocanoes/xcreds/commit/b4fd79d1d43d922fac3581282c7eb9126d33ed8c) * added back sample profie [View](https://github.com/twocanoes/xcreds/commit/6aa3ec4a58842f9a4dd748cd129ed4c14226888a) * fixed timer minutes [View](https://github.com/twocanoes/xcreds/commit/e78b306018cd996176b9530ba302689bd1d3e358) ## v3.1.4144 (2023-06-08) * updated AD support: kerb ticket now obtained at user space app launch from password in keychain. udpated profile manifest with better comments; delete cookes on webview each time it appears; added local login button; shows username password if discoveryURL is not defined [View](https://github.com/twocanoes/xcreds/commit/d17509bd2ce49313561632e15bc2698e38f09721) ## v3.1.4143 (2023-06-07) * updated fullname [View](https://github.com/twocanoes/xcreds/commit/627199474b42349bd42f6dc47c4cd442b9c3357a) * added shake to password field [View](https://github.com/twocanoes/xcreds/commit/d2370669893dc37937617be59a5601109915e991) * added shake to password field [View](https://github.com/twocanoes/xcreds/commit/d0f4efdbf886cbe9a21e449fe8d47f1ed671bdcd) * get kerb ticket on login [View](https://github.com/twocanoes/xcreds/commit/b7f7ad622ceaa57d27e419fa3fad10f0e040f8e3) ## v3.1.4081 (2023-05-27) * updated readme [View](https://github.com/twocanoes/xcreds/commit/4f27ddcd3d2a3a8e47f51a40a7631a7bf3343d88) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/e99abc0bb097c042f0ce0283547045ec1916db63) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/70082e7da4df6b71284735eb788b992df4c8ca40) * added Package.resolved [View](https://github.com/twocanoes/xcreds/commit/91fb7f3da5e789dabb37a5a8585592c69c1a732c) * added XCredsLoginPlugIn/errorpage.html [View](https://github.com/twocanoes/xcreds/commit/7bf66a34a1ef091f532959de62247ba1fbead13e) * cleaned up build system a bit [View](https://github.com/twocanoes/xcreds/commit/f99ec4a8ae38ff00adabe9b43c1ff8577c803dd1) * improved javascript parsing [View](https://github.com/twocanoes/xcreds/commit/ecf710eb181fd3f6dbdce7aedf511b8840e33ca6) * fixed issue with initial javascript listener [View](https://github.com/twocanoes/xcreds/commit/574a51b5b8329be4cc2ec8c045f710548aecf7d6) * cleaned up logging a bit [View](https://github.com/twocanoes/xcreds/commit/dfbf57f4a3d9649e2b35231bfedc6d591a7c3e41) * removed reset option [View](https://github.com/twocanoes/xcreds/commit/3150fa654f3b8a55018f0a1e0390aa6ec541e125) * removed KeychainReset and PasswordOverwriteSilent because it makes things worse [View](https://github.com/twocanoes/xcreds/commit/39362899ee0c0813f416057cad203061869daa84) * added lock screen switch to login window [View](https://github.com/twocanoes/xcreds/commit/77c52ad11ab01b1afd5e011b38a06b3de9527196) * fixed window levels, progress screen, background and boot runner issues [View](https://github.com/twocanoes/xcreds/commit/4c887fbdc82a0f63fcd8876aa662c6bc96ef7bbd) * improved logging [View](https://github.com/twocanoes/xcreds/commit/e92ffe9e65f1a95b4b3e9f1c8ea1089ae7720863) * checkpoint [View](https://github.com/twocanoes/xcreds/commit/488b66494c65e8460eefdf5bbb8c0d271102f298) * added override script and secure token admin reset [View](https://github.com/twocanoes/xcreds/commit/6717b3aa2cd0ef9d387484e7571183e6f8ffbb5d) * removed shouldFindPasswordElement since that is defaulit fallback behavior [View](https://github.com/twocanoes/xcreds/commit/2825ee7b6db005f6aa8ca6d60c72210ae7343af4) * cleaned up ui a bit [View](https://github.com/twocanoes/xcreds/commit/b64496bcb55573dff889a9ab92be2ed3f9cdd5e3) * dont refresh prefs so much [View](https://github.com/twocanoes/xcreds/commit/91ee8dcd371fe9e2182fd421674f9fcd484e4d81) * added check for group membership in oidc claim [View](https://github.com/twocanoes/xcreds/commit/2c03586a59821a04948692dcb9a41006ebf735f7) * added history file [View](https://github.com/twocanoes/xcreds/commit/5fa6c0436a58535e03fd457de9dd720186274a38) ## release-3.0 (2023-05-08) * updated readme [View](https://github.com/twocanoes/xcreds/commit/4f27ddcd3d2a3a8e47f51a40a7631a7bf3343d88) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/e99abc0bb097c042f0ce0283547045ec1916db63) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/70082e7da4df6b71284735eb788b992df4c8ca40) ## release_3_0 (2023-04-18) * added trial license beginnings [View](https://github.com/twocanoes/xcreds/commit/5a6cc5a91715e909dc8f9510f800dfffe485b7d6) * fixed regression for password change not capturing new password on azure [View](https://github.com/twocanoes/xcreds/commit/8db379d829d925409abfea85da72a788ead43d22) * bumped version to 3600 [View](https://github.com/twocanoes/xcreds/commit/f9601726f3d7255414d4ad44e20b9ac526af0f7c) * fixed issue with crash if time is far off [View](https://github.com/twocanoes/xcreds/commit/9c1d0d81ed62f525614b79e3a3dbc4b4bed3964b) * fixed typo [View](https://github.com/twocanoes/xcreds/commit/f309f95218424ca8f67177b0daed79d98344e943) * updated license [View](https://github.com/twocanoes/xcreds/commit/534be3e278d1daae48218952d20194e4e03b17b4) * fixed focus issue [View](https://github.com/twocanoes/xcreds/commit/e3c87a548a9e682b75ec01b4216ddfdda8a2ced2) ## release_v2_4 (2023-03-28) * updated readme [View](https://github.com/twocanoes/xcreds/commit/4f27ddcd3d2a3a8e47f51a40a7631a7bf3343d88) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/e99abc0bb097c042f0ce0283547045ec1916db63) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/70082e7da4df6b71284735eb788b992df4c8ca40) * added more logging for id token and bumped version to 2.3 [View](https://github.com/twocanoes/xcreds/commit/b8494ee343dab510fba1c1f304623efc985455a0) * added remove keychain option [View](https://github.com/twocanoes/xcreds/commit/19032d8df58c0bdd6197fc47f9f3aa2d8d6694ea) * updated language on keychain option and added pref in manifest [View](https://github.com/twocanoes/xcreds/commit/709a7f29e696c088cc8e13959dadba8f9c0f8c8e) * added key for customizing return to xcreds; added preference and ability to automatically refresh login window [View](https://github.com/twocanoes/xcreds/commit/514a1ba5ddaec55bfb8e40ca3e6c98a43c50ec7b) * added in login window height/width [View](https://github.com/twocanoes/xcreds/commit/18e974e67f2833862a1a6913a6c4563e339d4239) * added in login window height/width min value of 100 [View](https://github.com/twocanoes/xcreds/commit/6090d5ec4895045448920e774e16dc0614223919) * added in login window height/width min value of 100 [View](https://github.com/twocanoes/xcreds/commit/0a7dad70364bd830b8028da2cadd62c98b79271d) * fixed login window size and background image [View](https://github.com/twocanoes/xcreds/commit/339a66e7fdf6e8484da8f7c0a5c2ee6eed0aaef7) * fixed focus issue [View](https://github.com/twocanoes/xcreds/commit/992512bb1ac27f36c655d1e1a02eafdbd47a2b80) * updated sample configu [View](https://github.com/twocanoes/xcreds/commit/cd482e69520c8a7994eb8233e26c8a008c5048e7) * tweaked text for user space refresh token window and added pref to show or hide [View](https://github.com/twocanoes/xcreds/commit/9f29893203caef8799683cc2ded3345f306c4528) * fixed names and links in manifest [View](https://github.com/twocanoes/xcreds/commit/e759138ca72f2a4153fbea02f7b0b5cfd031bd01) * fixed crashing issue due to null refreshview outlet [View](https://github.com/twocanoes/xcreds/commit/d3931983b53633c91c33494fc1fcccd7614948ad) * added frontmost when prompting for keychain password [View](https://github.com/twocanoes/xcreds/commit/92ee6ed5c41dfefc798f1c839193aaa4a4a09f67) * fixed issue with autorefresh [View](https://github.com/twocanoes/xcreds/commit/d7126a026281afaac27c9381a9c4e42d472b4b31) * fixed changing wifi not dismissing dialog [View](https://github.com/twocanoes/xcreds/commit/7a3d45178e299b52014fb3dd0adf6c180667222f) * fixed changing wifi not dismissing dialog [View](https://github.com/twocanoes/xcreds/commit/9ef84939d56cce29c9b8e3a84b0f070a30f7e30c) * added 802.1x support; added support for pref key for finding password based on type=password [View](https://github.com/twocanoes/xcreds/commit/38ddeff5cd86d0cd43a97844c9d160da0ee446f3) * wip [View](https://github.com/twocanoes/xcreds/commit/72da3de9c054f4fb35fb19c9bb6ffd5c2ebbb47a) ## release_v2_1 (2023-01-11) ## realease_v2_2 (2023-01-11) * updated readme [View](https://github.com/twocanoes/xcreds/commit/4f27ddcd3d2a3a8e47f51a40a7631a7bf3343d88) * support getting password with get and adfs [View](https://github.com/twocanoes/xcreds/commit/494fdf75c79d8aa3b2c3cc6dc947f4423b2b3674) * Revert "support getting password with get and adfs" [View](https://github.com/twocanoes/xcreds/commit/425bda9a9323fd7eb9437f09f9da63747db9dc8d) * changed pref names for custom IDP / ADFS [View](https://github.com/twocanoes/xcreds/commit/83947497ec00cdfd7ec3b9a3683fa3b8e007aadf) * fixed package template issue and updated manifest [View](https://github.com/twocanoes/xcreds/commit/f2540a6c64b5bc9971833e8fa859821d4822af9c) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/e99abc0bb097c042f0ce0283547045ec1916db63) * enabled rekeying FileVault implementation [View](https://github.com/twocanoes/xcreds/commit/2ba233e3695b8a7bda297b0908da933d24bec1c4) * Support a Azure AD host [View](https://github.com/twocanoes/xcreds/commit/c0415863273f9797808d32633d3e800d630f9a0f) * If fullname is empty, shorname is used. [View](https://github.com/twocanoes/xcreds/commit/7764740647f8e4450b411fa08849e5f4cceba078) * added autologin when fv enabled [View](https://github.com/twocanoes/xcreds/commit/c8b394e055e2aa176af8a7f9e8cce53a3066f408) * added okta compatibility [View](https://github.com/twocanoes/xcreds/commit/5f38e70e641bc2c8129e940ae7e9f710380fea5b) * added a bit more logging [View](https://github.com/twocanoes/xcreds/commit/e2d2330a5050ab419290de466cef9f0b63407215) * removed "prompt":"consent" [View](https://github.com/twocanoes/xcreds/commit/3e0a5e6de6342f36c9622aba3ad55d2db4488942) * fixed notification prompt [View](https://github.com/twocanoes/xcreds/commit/40423c3b3ba271483826e49b6010f95e5b5683c7) * added shouldShowCloudLoginByDefault user default [View](https://github.com/twocanoes/xcreds/commit/d8658f333726d8151c2486a7fe38f94cc29cacb2) * added idhostnames array so you can specify multiple tenants [View](https://github.com/twocanoes/xcreds/commit/663dfa99b6bfb54487ca5cbc8d83618c8d180496) * removed registration reminder [View](https://github.com/twocanoes/xcreds/commit/738dff1ab4396e14d701da2dcb79c5c657533433) * removed spaces [View](https://github.com/twocanoes/xcreds/commit/180c2b9f4c267479723810a22a1dcc7715d992ce) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/70082e7da4df6b71284735eb788b992df4c8ca40) * added mappings for user info [View](https://github.com/twocanoes/xcreds/commit/074ac99d5b3b72f3a8fb553670968f6e67da8f10) * bumped version to 2.2 and build [View](https://github.com/twocanoes/xcreds/commit/23d902d5227eab2f3e61a6c931ccf63b94bc0ccb) * added new key for OIDC mapping [View](https://github.com/twocanoes/xcreds/commit/485be954afebf7cbe808a8b23e0be6a7c5efa495) * made keys lowercase for mappings [View](https://github.com/twocanoes/xcreds/commit/7432620d1a5c7e22e98975a5e806b73a9140d5ee) * changed case of keys [View](https://github.com/twocanoes/xcreds/commit/ecac4002bd45677fa72386cc73a56bfe6d3f53ed) * renamed mapped prefs with a prefix [View](https://github.com/twocanoes/xcreds/commit/aadd1445d92ac12e084946e1b40d97cf9f5aa6c7) * username hint was not being set [View](https://github.com/twocanoes/xcreds/commit/aba884ce568c39653fec406f7c95b21b1c554642) * added startup script [View](https://github.com/twocanoes/xcreds/commit/9c374670c37ba1b522e1247ec96a850a4e663b8e) * added credit to script [View](https://github.com/twocanoes/xcreds/commit/e36e74db471c955bd356f150dbc9b19d240a50d4) * implemented KeychainReset [View](https://github.com/twocanoes/xcreds/commit/0c34708fdeb9c9aa4303daa8382948d4e7d8143d) * implemented PasswordOverwriteSilent [View](https://github.com/twocanoes/xcreds/commit/8fcee904d23440051516c74228213a64b4ead348) * removed show prefs menu [View](https://github.com/twocanoes/xcreds/commit/d34328d71ec93b2663b75c080e41c8e0707b1f8e) * fixed timer issue [View](https://github.com/twocanoes/xcreds/commit/1d37d90a8ce81a142b90874b5d35641db4a9c1a8) * fixed shouldShowCloudLoginByDefault not working [View](https://github.com/twocanoes/xcreds/commit/570576b00c63db1f11ab5d7799301c9faed7f1e9) * fixed edge case when not showing xcreds login when logging out [View](https://github.com/twocanoes/xcreds/commit/3447f7be9e35a5e894911c0fa7366be4fa0d3b05) * removed test time [View](https://github.com/twocanoes/xcreds/commit/5bd5f84563b2a05fd4c2c169e1601cf5c270d8a9) * added sub as local user account if other methods not available; added some additional logging [View](https://github.com/twocanoes/xcreds/commit/fd4067d3a54850244f5f456825cbb531800dca85) * remove progress screen overlay because it was hiding filevault [View](https://github.com/twocanoes/xcreds/commit/453a9b79a19bbd05c4d638c01337b4752943898d) ## release_v2_0 (2022-08-30) * bumped version to 1.1 [View](https://github.com/twocanoes/xcreds/commit/d6a4c915da4e771335915c6aa1dae53d94c8c039) * added sample profile for google [View](https://github.com/twocanoes/xcreds/commit/342c8590fd5392822a9a57dd9a3293aa5f276eb6) * Cloud password verification dialog not centered... #15 [View](https://github.com/twocanoes/xcreds/commit/b1d8ee6069a92e6b231b8bce944f684fa36ec68e) * add "have token" indicator #10 [View](https://github.com/twocanoes/xcreds/commit/db746fd65ae1623e1d69f3c075391f474c9ccc3e) * Hide "About XCreds" menu item #18; Ability to add a custom URL and menu item for "Change Password #18 [View](https://github.com/twocanoes/xcreds/commit/f1c4593b4ad1b73899f9bc2cbfe61cd2d37eac11) * start of login window [View](https://github.com/twocanoes/xcreds/commit/ce6cc87d6f5e0ee87ecea89514865fd7b92df476) * pass username and password for login window [View](https://github.com/twocanoes/xcreds/commit/6addc7950cf499fb9bdeee098af1e0f9d35bfb63) * added fade to login window complete [View](https://github.com/twocanoes/xcreds/commit/3fd2f6dd2f69f8ec41e7eda52937e98cf0a30738) * restart and shutdown buttons [View](https://github.com/twocanoes/xcreds/commit/fde13dea140cf02043c8f9404c08917868bb5ecc) * implemented swiching back to mac login window [View](https://github.com/twocanoes/xcreds/commit/85545c29a8ad7c2b28daef1f8e8024bf377761ba) * wip [View](https://github.com/twocanoes/xcreds/commit/e755e305eb936a965cb0ef133d9f7c1cfb7cc765) * fixed xcreds breakage due to refactoring for xcreds login window [View](https://github.com/twocanoes/xcreds/commit/f41778819ed0d04325880e641799f723732ca6f3) * added keychain updating with tokens [View](https://github.com/twocanoes/xcreds/commit/2e3114e4f657761addd714abe7de790350623c83) * xcreds login window [View](https://github.com/twocanoes/xcreds/commit/03e929f9fa582b394686bb7669b28d0e906c4cd9) * added return to cloud login and wait message [View](https://github.com/twocanoes/xcreds/commit/f29ea30d43e51b6ef44bfbdad7d0ccd1d650a6b3) * bumped version [View](https://github.com/twocanoes/xcreds/commit/7fb698159e5f0b6cd54057d0938ddd0a448bd321) * updated manifest [View](https://github.com/twocanoes/xcreds/commit/ce8b9197c101d106605d5ea8e6bf87f5b52412ac) * added username to manifest [View](https://github.com/twocanoes/xcreds/commit/aa7945756f9c0a0573cf79b48c677c35dfbe7469) * fixed install scripts [View](https://github.com/twocanoes/xcreds/commit/ad2152c8e24b03dd685627d052b3116e5badfd62) * updated readme [View](https://github.com/twocanoes/xcreds/commit/690e6966e81bcb27f8859c010c230d2d0af4ba0a) * updaed sample profiles [View](https://github.com/twocanoes/xcreds/commit/5cd70f021fc8a4b7321dbfe7bd5cf1298a901609) * added arbitrary check for password in form [View](https://github.com/twocanoes/xcreds/commit/9d1dadac7750544dffa4db82fc258f0b7ed9663e) * bumped build number [View](https://github.com/twocanoes/xcreds/commit/bb90624c3d9a45870956621f22b41da5434e2bce) * fixed idtoken required values causing failure [View](https://github.com/twocanoes/xcreds/commit/de5dd6affee913fc6f2f65125188a8e894460b65) * added build number when starting up [View](https://github.com/twocanoes/xcreds/commit/2d4b70a192e119352cccc2d7318b8997e3c7fe74) * added build number when starting up in mechnism [View](https://github.com/twocanoes/xcreds/commit/5f6bdd336f311caa991f10c380b15f9acc2f5bb2) * added build number when starting up in mechnism [View](https://github.com/twocanoes/xcreds/commit/26b995a2173376ea6275a037a7866ea154b9ef31) * create user mech [View](https://github.com/twocanoes/xcreds/commit/2bd3cb885f9cfc2557cc709404a8c665e99236f1) * tweaked create user [View](https://github.com/twocanoes/xcreds/commit/4bfdd1017266b30d25e9fb0162decbe54fe3b5a9) * added FDE enable [View](https://github.com/twocanoes/xcreds/commit/2422e5588412d4cc721f93c0695405d939096c42) * updated prefs [View](https://github.com/twocanoes/xcreds/commit/14d39e3fe023b6412a73b6cba2a214b283a1b7d7) * added fde option [View](https://github.com/twocanoes/xcreds/commit/2b022b47d6c23e2bbf6fcd6f0b7bb249df689bc1) * added network changing detection to reload page [View](https://github.com/twocanoes/xcreds/commit/de4acf06e2e7b18c232dd0dcd5ce55e8944d2e2a) * fixed status icon issue; fixed lack of prompting on first launch [View](https://github.com/twocanoes/xcreds/commit/9aa2d77b366fe963aed1ec78c932c467d83f5b63) * added default to create keychain [View](https://github.com/twocanoes/xcreds/commit/27be41527d7716df6fbcd9ed276f542b80e53682) * added better loading at start [View](https://github.com/twocanoes/xcreds/commit/1223e399814d061d9962a75d6c037445cd9862f9) * updated loading message [View](https://github.com/twocanoes/xcreds/commit/d8d1b96e3e2927eb110747155942c4f000c8872c) * smother transitions and background image [View](https://github.com/twocanoes/xcreds/commit/6f6f2b9c7b24a3724440b77b52d86cfaeca3169d) * fixed background image url [View](https://github.com/twocanoes/xcreds/commit/8164b122c71f76b0bea9a3237d386ffac9ec0d30) * fixed overlay not showing [View](https://github.com/twocanoes/xcreds/commit/6cedc60bbaad9747209ae73521a0af480a8301a0) * fixed regression with back to my xcreds [View](https://github.com/twocanoes/xcreds/commit/ff3dee83940377a8544283d207e011f5854be8c3) * add tweak to back to my xcreds [View](https://github.com/twocanoes/xcreds/commit/7aafd66a0d75a3ee09dc6a4cd1c7f211877fb15b) * more tweaks to back to my xcreds [View](https://github.com/twocanoes/xcreds/commit/b2ef99f2db8056933eb2c047f28d6449059103dd) * fixed minor issues with prefs [View](https://github.com/twocanoes/xcreds/commit/18bccee23ceb28e47bd25f7ed38433dea76e787b) * reverted default [View](https://github.com/twocanoes/xcreds/commit/5fe505fa6c90b1ae198bc1d5aeac6068e0e9ecdc) * project update [View](https://github.com/twocanoes/xcreds/commit/4ea4da0da0260d9d9379ea599689d1c5ed1515b5) ## prebeta (2022-06-15) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/7289a72ae79005797fa4651dc61328354aca7c2b) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/07947e9e66f68db049481b6e35373a8a5b5a4bf5) * added support for Google IdP [View](https://github.com/twocanoes/xcreds/commit/4733a6cdeef503db2e08a21bb9443700bfb9526d) --- ## 4.1.6346 (2024-02-13) (13/02/2024) ## 4.1.6346 (2024-02-13) * added fix for override still prompting when overridesilent set [View](https://github.com/twocanoes/xcreds/commit/dec4a69c78ff5ee8876c6b00d33a1a09400ced92) * fixed silentoverride issue [View](https://github.com/twocanoes/xcreds/commit/253a29c608e728c6177bd86e4ec70339611e95a8) * fixed multiple share mounting [View](https://github.com/twocanoes/xcreds/commit/fbc40e45085a2c338f671f5fb827828e2683950d) * fixed Update manifest pfm_last_modified and pfm_version #164 [View](https://github.com/twocanoes/xcreds/commit/a9f5ccc89dd7a7b673d3886aedef8073fe87c980) * implemented [Feature Request] AD - Option to hide Sign-In menu item #150 [View](https://github.com/twocanoes/xcreds/commit/629dfe117cd0665192a536f6f984dbf00a31ee57) * implemented [Feature Request] Standard wallpaper options for default background #155 [View](https://github.com/twocanoes/xcreds/commit/81509683f4e54462c6cc697331132980ee7b58a1) ## 4.1.6313 (2024-02-06) * fixed issue with menu item not updating tokens [View](https://github.com/twocanoes/xcreds/commit/7661fc2d703c065a9a71b0751a6427f1b636783e) * fixed automount [View](https://github.com/twocanoes/xcreds/commit/8a9f8c2aa143ab3138e2741e2ce6061cdd35419b) * remove admin if we made them admin [View](https://github.com/twocanoes/xcreds/commit/e87ec92d5bdb3ace68060f6db3469d76d0dbf0cc) * added check for not removing last admin user [View](https://github.com/twocanoes/xcreds/commit/fbe883413f83d7f96fb5ba0da68ca93ced5e9484) * fixed prompting when both AD and cloud are configured [View](https://github.com/twocanoes/xcreds/commit/32f2bebb4707ed70e21ccfb50f30d09eff076ce9) * added kerberosprincipalname pref and getting kerb ticket with oidc login [View](https://github.com/twocanoes/xcreds/commit/c14fd13e6e347d9be49a709531ecb24b08bafb96) * added menuItemWindowBackgroundImageURL [View](https://github.com/twocanoes/xcreds/commit/7c81253b3643a76c0468d4424344f61fe578d520) * better selection of menu item prompting if both AD and OIDC is setup [View](https://github.com/twocanoes/xcreds/commit/a4140ace5ca7f22d26bf502da72fd928dc4388c6) * fixed issue with ACL on tokens in keychain [View](https://github.com/twocanoes/xcreds/commit/4aeda19969b358ae27baa02aec067ac0f9318a29) * added custom menu item pref [View](https://github.com/twocanoes/xcreds/commit/9453fbd3a3b09887ffd1807dee6ae9e6e8eb574a) * ability to customize Share menu item; added username for AD and OIDC in menu [View](https://github.com/twocanoes/xcreds/commit/b67970aaa2a5ef450cb6d5888338ce4536a2e891) * added pref for shares [View](https://github.com/twocanoes/xcreds/commit/9c8d920744cd44a2b27163db2c1a84d81c5665b3) * added better descriptions to share manifest [View](https://github.com/twocanoes/xcreds/commit/2004767b7c99782c41f3b0a43079ce92daa22374) * updated whats new [View](https://github.com/twocanoes/xcreds/commit/f81c831706a7fdbf124a5d0926fe790b728a4366) * updated manifest [View](https://github.com/twocanoes/xcreds/commit/a3ca6493d51a71006d2e612df747ea1c1747acb9) --- ## XCreds 4.1 (06/02/2024) ## 4.1.6313 (2024-02-06) See https://twocanoes.com/knowledge-base/whats-new-in-xcreds-4-1/ for full details * fixed issue with menu item not updating tokens [View](https://github.com/twocanoes/xcreds/commit/7661fc2d703c065a9a71b0751a6427f1b636783e) * fixed automount [View](https://github.com/twocanoes/xcreds/commit/8a9f8c2aa143ab3138e2741e2ce6061cdd35419b) * remove admin if we made them admin [View](https://github.com/twocanoes/xcreds/commit/e87ec92d5bdb3ace68060f6db3469d76d0dbf0cc) * added check for not removing last admin user [View](https://github.com/twocanoes/xcreds/commit/fbe883413f83d7f96fb5ba0da68ca93ced5e9484) * fixed prompting when both AD and cloud are configured [View](https://github.com/twocanoes/xcreds/commit/32f2bebb4707ed70e21ccfb50f30d09eff076ce9) * added kerberosprincipalname pref and getting kerb ticket with oidc login [View](https://github.com/twocanoes/xcreds/commit/c14fd13e6e347d9be49a709531ecb24b08bafb96) * added menuItemWindowBackgroundImageURL [View](https://github.com/twocanoes/xcreds/commit/7c81253b3643a76c0468d4424344f61fe578d520) * better selection of menu item prompting if both AD and OIDC is setup [View](https://github.com/twocanoes/xcreds/commit/a4140ace5ca7f22d26bf502da72fd928dc4388c6) * fixed issue with ACL on tokens in keychain [View](https://github.com/twocanoes/xcreds/commit/4aeda19969b358ae27baa02aec067ac0f9318a29) * added custom menu item pref [View](https://github.com/twocanoes/xcreds/commit/9453fbd3a3b09887ffd1807dee6ae9e6e8eb574a) * ability to customize Share menu item; added username for AD and OIDC in menu [View](https://github.com/twocanoes/xcreds/commit/b67970aaa2a5ef450cb6d5888338ce4536a2e891) * added pref for shares [View](https://github.com/twocanoes/xcreds/commit/9c8d920744cd44a2b27163db2c1a84d81c5665b3) * added better descriptions to share manifest [View](https://github.com/twocanoes/xcreds/commit/2004767b7c99782c41f3b0a43079ce92daa22374) * updated whats new [View](https://github.com/twocanoes/xcreds/commit/f81c831706a7fdbf124a5d0926fe790b728a4366) * updated manifest [View](https://github.com/twocanoes/xcreds/commit/a3ca6493d51a71006d2e612df747ea1c1747acb9) --- ## XCreds 4.0 (29/01/2024) ## 4.0.6274 (2024-01-26) * fixed issue with local password update [View](https://github.com/twocanoes/xcreds/commit/b12e859184f6812080906256315d1d7b2f29e496) * updated ropg prefs and checking [View](https://github.com/twocanoes/xcreds/commit/e3149de819f2b72a7e11f9891815de5d5c6511b9) * Minor fixes for ropg [View](https://github.com/twocanoes/xcreds/commit/f99bdd5aa288331c469bd8d6fca83af3642fd622) * fixed passwordElementID preference can cause issue with setting local password #161 [View](https://github.com/twocanoes/xcreds/commit/5b547377d591c7e8dcfc6165197fcf5d94bd881b) * PasswordOverwriteSilent does not prevent user prompt for password #160 [View](https://github.com/twocanoes/xcreds/commit/a438d09a10fa35c914877559a8bab415083a428a) * shouldUseROPGForMenuLogin hides offline login option at XCreds login window #158 [View](https://github.com/twocanoes/xcreds/commit/17f24dd92b8c83bb591b5cd9bb50e41c9ac4086f) * Improvement for refreshRateMinutes description #157 [View](https://github.com/twocanoes/xcreds/commit/cc6e736f0429bb78ac0a925395b305f21d98af4a) * Typos in manifest descriptions #156 [View](https://github.com/twocanoes/xcreds/commit/eae6dff1654237d13bbab857a5e1d8c30c5ffe11) ## 4.0.6261 (2024-01-15) * built release notes [View](https://github.com/twocanoes/xcreds/commit/7440e188957a5c489891d75513dad33df2ec6aec) * applied patch from Jim Zajkowski to fix integration issues [View](https://github.com/twocanoes/xcreds/commit/278862f63decc361c2dcc1e99da541c431b7099d) * fixed up kerb ticket status in menu [View](https://github.com/twocanoes/xcreds/commit/93371b9a3b32c7f09e23d1b55fb1c783ffd580de) * refactored menu code [View](https://github.com/twocanoes/xcreds/commit/a76b7f843d4a156233abeb9039152748e2dc52c9) * fixed issue with updating keychain [View](https://github.com/twocanoes/xcreds/commit/d0b70c3142e385a51c79c1f94812393a6067e178) * more attempt at sharemounter integration [View](https://github.com/twocanoes/xcreds/commit/18e44d1d6b156ffb63686db8d52905e287dc5f24) * implemented shares [View](https://github.com/twocanoes/xcreds/commit/8bd74a3ac8fe78088e280c19d9ee80eeb1658129) * added additional sample profiles [View](https://github.com/twocanoes/xcreds/commit/721bf74a6f58cce0b09b1aa2e88f6317b643bede) * fixed home mounting [View](https://github.com/twocanoes/xcreds/commit/b4ffa8ff9788cdd76694174c54dd0bc3ce9ddbcc) * fixed enabing window state with AD [View](https://github.com/twocanoes/xcreds/commit/24d17c9845baa29acbd7ec408c02553dd4d7ea3d) * pointed package to main branch for oidclite [View](https://github.com/twocanoes/xcreds/commit/7f23a07412363c7d45ce093eaff0bbac644265bb) * Allow forcing of webview login window [View](https://github.com/twocanoes/xcreds/commit/88eaaf49ff27a7fb38c879d15e597912f06c0d29) * Support separate client ID and secret for ropg [View](https://github.com/twocanoes/xcreds/commit/4e008168bbf206d6678d7c1649e26ec7424928a3) * wip [View](https://github.com/twocanoes/xcreds/commit/7d5fba55eab2430038c2a86b79c08f714316e57b) * fixed issue with ropg clientid/secret selection [View](https://github.com/twocanoes/xcreds/commit/1642241ea03ddc43b4a04b7e9a4f0885113ab4dc) * Keychain is reset on cloud password change when user enters old local password #148 [View](https://github.com/twocanoes/xcreds/commit/79f1bb531ce5fa20389b4fed319bac3539314e96) * Admin status does not change after removed from group #145 [View](https://github.com/twocanoes/xcreds/commit/f9821f992afe305d2be9bec0ee0aec9e1b5dbdca) * Fix manifest key name for loadPageInfo #143 [View](https://github.com/twocanoes/xcreds/commit/b747d621e864a40906b13b85e6d184ead1fb485c) * bumped version [View](https://github.com/twocanoes/xcreds/commit/aad768b0f0b76345a3e7ee2ea0d02fbcf6e953b1) ## 4.0.6203 (2024-01-01) * added release notes and script to generate release notes [View](https://github.com/twocanoes/xcreds/commit/ff9dc64fea8e6f438755e1d72837fce4391d167c) * Feature Request: Allow "loadpage.html" to be customized. #126. To test, add in new keys "loadPageTitle" and "loadPageInfo" or try the xcreds_example_azure_loadPageTitle_loadPageInfo.mobileconfig [View](https://github.com/twocanoes/xcreds/commit/37c7477f66362c1823c49138b49afcad388abbc5) * Update description in manifest for loginWindowWidth and loginWindowHeight #138 [View](https://github.com/twocanoes/xcreds/commit/5951d753b391fda49534c5dda13d508479e66fd8) * [feature request] LocalAD - make sync password with AD optional with preference key #130. To test, set the shouldPromptForADPasswordChange to false and set the user account to require password change on next login and verify the user is not prompted [View](https://github.com/twocanoes/xcreds/commit/0b85b4ffb8e95b8d79ffcf455ac034c05ce4d4f4) * XCreds breaking Munki's logout/install @loginscreen logic #102. Test by defining hideIfPathExists to a path like /tmp/hide and then add/remove and UI should show /hide. Or use sample profile xcreds_example_azure_hide.mobileconfig [View](https://github.com/twocanoes/xcreds/commit/770c179262658ccfd27f9de3808b931cc69a86e4) * Option to enforce account to log in #21. To test, create allowedUsersArray with name of user allowed to log in and define allowUsersClaim with an OIDC claim that contains that value. Or use the xcreds_example_azure_allow_fred.mobileconfig to test [View](https://github.com/twocanoes/xcreds/commit/ee95927865f1e912898c4d030cb367fd589db114) * Feature Request: Force Wi-Fi on option or Wi-Fi on/off switch in "Configure Wi-Fi" #58 [View](https://github.com/twocanoes/xcreds/commit/bfa28014c7d0c000369d49bf9a3896128616901a) * added removeadmin function but not used since it can cause local admins to unadmin [View](https://github.com/twocanoes/xcreds/commit/cc322befaf88bf3440a9d086089468660a4354f3) * loginWindowBackgroundImageURL image should be cached if not a file:// URL #72 [View](https://github.com/twocanoes/xcreds/commit/b2cfd643ac6419904cc30037eaceaf5bb939cc7b) * bumped build number [View](https://github.com/twocanoes/xcreds/commit/500575b7dfa81c7a9a7231aeac88bd3cfe6a5497) ## 4.0.6177 (2023-12-28) * added date to license agreement to resolve Date not shown on user agreement #134 [View](https://github.com/twocanoes/xcreds/commit/17df8ec0734b9a8eddb2485e4d16af25ddd2df30) * fixed Password reset dialog rendering and text need fixes #133 [View](https://github.com/twocanoes/xcreds/commit/a03c7f1463be0ab89a787d08f2f211c8bb9a6552) * Cloud login screen button section pushed to left side #132 [View](https://github.com/twocanoes/xcreds/commit/0a300f842d6ab85e8c28501c9b4b87e57b5e0017) * Active Directory login - blank login after expired user attempts sign-in #114 [View](https://github.com/twocanoes/xcreds/commit/b8d52d586aaa8db98487a8bd8279fbd673992ad8) * Prompt for Secure Token Admin Login When Required for AD #127 [View](https://github.com/twocanoes/xcreds/commit/42002e66a6d90726e9a5f4132f232afd107736d7) * [bug] Build 6023 LocalAD - cancelling Change Password prompt breaks login fields. #129 [View](https://github.com/twocanoes/xcreds/commit/be300977b25f12e409b506de0f0d6fc1addd9ebd) * Add ability to select active directory login to select mapped user account #136 [View](https://github.com/twocanoes/xcreds/commit/19260d33f6a35b1564112c9be94e804bf892cb14) * fixed issue with initial focus [View](https://github.com/twocanoes/xcreds/commit/f40cf398168bffd52a75745ab3527b7f9bfc9f20) * https://github.com/twocanoes/xcreds/issues/54 [View](https://github.com/twocanoes/xcreds/commit/270732273500c8d5d1e791b565df25d581f5e0f4) * Request: display user password expiration (days left or specific date) in app. #54 [View](https://github.com/twocanoes/xcreds/commit/2774028c41b4a2b5031296e284d1cde5ae48541f) * Refresh does not change next password check time #88 [View](https://github.com/twocanoes/xcreds/commit/fdcd94b1dd7f99c6baf635af6d7978d0aad30df3) * changed cartfile to point to github [View](https://github.com/twocanoes/xcreds/commit/960fa77bb2cb6b21719fb33481febbb594b53f90) * removed framework [View](https://github.com/twocanoes/xcreds/commit/ed417781d823012a779fd93c4c29cf46259d0bee) * removed framework [View](https://github.com/twocanoes/xcreds/commit/c054c66e231955a396f9f28bd26d8352ae7ed48f) * added key for ROPG at login window [View](https://github.com/twocanoes/xcreds/commit/716934b3e90d1f8cc454e7f25232584e3f2b5d3a) * partial refactor wip [View](https://github.com/twocanoes/xcreds/commit/1c0fc161b10042d6f88097ffb255749e682023bf) * partial refactor wip [View](https://github.com/twocanoes/xcreds/commit/e24b7e07ec5ceefeacda3cbaa2b92e71a7261ecf) * partial refactor wip [View](https://github.com/twocanoes/xcreds/commit/f651bc35965ad5a1a1c713a4ff0a3cd4b20cb00b) * ropg at login window initial implementation [View](https://github.com/twocanoes/xcreds/commit/32ad7b391c89e870fe373cdac46e62744fb79221) * cleaned up ropg login code [View](https://github.com/twocanoes/xcreds/commit/e9b12682acdcdd8f5b3bd9f1035c80ca2e359995) * hide refresh when on username/password window; move focus to blank password when not entered for username/password window [View](https://github.com/twocanoes/xcreds/commit/b54cf49b000fa8806229300455901955f2f1edf2) * fixed menu app password verification [View](https://github.com/twocanoes/xcreds/commit/93ac8b9bfbeefb2d7b5df4585d033005b6907300) * added ShareMounter and missing KerbUtil filet [View](https://github.com/twocanoes/xcreds/commit/3f14dc2639807400e8c1b6f8824a05d6ea2b474b) * added username / password view to prompt in userspace [View](https://github.com/twocanoes/xcreds/commit/a56020e4ba24ef0d2d634f4e3ad71964c561eaad) * fixed cancel for AD userspace cancel [View](https://github.com/twocanoes/xcreds/commit/8acaf42493adf20b98f132182b7951fae9181976) * fixed override script in usersapce [View](https://github.com/twocanoes/xcreds/commit/bdd67573335b01e9aa809a8af6570474183751cb) * fixed typo [View](https://github.com/twocanoes/xcreds/commit/48329e1d05488dd2b66820ab8d62b6c540901f41) ## 4.0.6023 (2023-12-12) * use default desktop from CoreServices [View](https://github.com/twocanoes/xcreds/commit/c2c99e2657bc7c4e77aa12628c00a1cec35e65dc) * reload the login window when wifi is connected [View](https://github.com/twocanoes/xcreds/commit/64b6876f8ba181c57d1a4ecb9ab8276cc7acb173) * fix conflicts in XCreds app [View](https://github.com/twocanoes/xcreds/commit/e29288a7b32a91a9dabe978caadaa41cce0549f6) * Add new NetworkMonitor and reload webview on network changes [View](https://github.com/twocanoes/xcreds/commit/e6fd5e31e6b573eaeec5d9df9cb8d7545e4d693e) * add new networkmonitor [View](https://github.com/twocanoes/xcreds/commit/0ede34aef5b8ec9c41c41f4a57526cfd2be6b06c) * better handling of loginwindow reload [View](https://github.com/twocanoes/xcreds/commit/472754db230ba77da0ff36c07ccb0a76ebc88dd7) * bumped version [View](https://github.com/twocanoes/xcreds/commit/0a130f4456899320bc2106dc3ee8d0179abf87c6) * bumped version [View](https://github.com/twocanoes/xcreds/commit/bec80f2ecde022f94e1bb6297b7c0d22b4b57d04) * Resolves #111 by only refreshing when on cloud login [View](https://github.com/twocanoes/xcreds/commit/ca8e9851796b02efdcf0b8237cef4fe03622cbf0) * removed tperfitt from logging. issu #108 [View](https://github.com/twocanoes/xcreds/commit/0f75ef578c89f3cfab35e83e1d863b3b281a88b7) * added info in DS for sub and iss when user is logging in and account is created [View](https://github.com/twocanoes/xcreds/commit/a16e2f5b40d2dcdc35e15c864a7887959720f64c) * initial implementation of allow user to select account to map to #98 [View](https://github.com/twocanoes/xcreds/commit/9b4b781714778a0346cb4047a61b5c6b0ce8e4fe) * added preference shouldAllowKeyComboForMacLoginWindow and key combo (control-option return) to switch logon window. command-option-control return for mac login window. Feature Request: Show / Hide the switch login button with a pref key. #121 [View](https://github.com/twocanoes/xcreds/commit/71b874ecf39fcafd7e794306e3a8dfafbcb69ce8) * Log shows tperfitt user profile path #108 [View](https://github.com/twocanoes/xcreds/commit/beb62fab79a1631780e12742763041c15f6aaecb) * Feature Request: Option to alias IdP username to local DS user account #59 [View](https://github.com/twocanoes/xcreds/commit/dd428a9717546b5ea12d7c8677fa99084ce2cccf) * add missing Credits.txt file [View](https://github.com/twocanoes/xcreds/commit/ccadd3398bc60d7b11807980f306dfbd8453c59f) * fixed typo [View](https://github.com/twocanoes/xcreds/commit/0e668f6af5873f5b7ff8770cc34b6ac6138d8e94) * updated manifest for new keys [View](https://github.com/twocanoes/xcreds/commit/f418394373ad7c62d3e297c7f5cd224aaf8d19f9) * showed Create New Account button in migration modal [View](https://github.com/twocanoes/xcreds/commit/59ab7e8d1dae2c1972041eb1e2b7082a98737ae6) * fixed issue #124: Default behavior wrong for shouldAllowKeyComboForMacLoginWindow [View](https://github.com/twocanoes/xcreds/commit/6f3737257205f4d2faa035b6f051bf6bfed2074b) * refactored code to add admin to user account based on group membership each login (issue #109); added groups claim value to OD record on each login in _xcreds_oidc_groups (issue #117) [View](https://github.com/twocanoes/xcreds/commit/8376942e6e23f8804bd5cec3cfff383792391031) * updated license agreement (issue #90) [View](https://github.com/twocanoes/xcreds/commit/f41411c5a51706ba7b33776edc845a409400bf1e) * Detect when no password was entered #17 [View](https://github.com/twocanoes/xcreds/commit/7cf2837f3d653a893f2f5c031c0a72298340aa70) * updated animation when logging in [View](https://github.com/twocanoes/xcreds/commit/51387b15384032bc5f4e82a5d6fea8a49c6e2625) * adding arbitrary claims to local DS user account [View](https://github.com/twocanoes/xcreds/commit/e47832e21a76d3ae86af3e7e5fee41f29772436f) * fixed Active Directory issue after password change #112 [View](https://github.com/twocanoes/xcreds/commit/14e2a7c1e1d15e8655f44bef182a2e14bc0892ce) * partial fix for #114 [View](https://github.com/twocanoes/xcreds/commit/856a3549bec86c6c52b4ed368b2e59d25c38c5a7) * refactored windows to views [View](https://github.com/twocanoes/xcreds/commit/8a0994c7dfbe071ce5397d52070c2a4c9ab9a309) * fixed centering and cloud login sizing [View](https://github.com/twocanoes/xcreds/commit/f83d523c57cf9f65f6f1b7931bdf34ad5a04c090) * fixing timing for animation when logging in; tweaked UI [View](https://github.com/twocanoes/xcreds/commit/9c659dbb4a12c9ee4cbe396119a058d2594e6827) * streamlined startup process [View](https://github.com/twocanoes/xcreds/commit/1895f0365a3aba91fc9c43961bca78ee6a9482e6) * refactored dialogs for prompting for user info; fixed ad groups for making admin user [View](https://github.com/twocanoes/xcreds/commit/7c5af73cb91a83c8f323edc1d8bd9538b02fbd71) * added missing template for package [View](https://github.com/twocanoes/xcreds/commit/281fe86d7bb33c7f278f05117794069c991efb47) * fixed showing offline button [View](https://github.com/twocanoes/xcreds/commit/72ffc3fd5434eb742e1cffa3cb073228f4883292) * implemented feature request: localad/kebereros support for saving groups to prefs #125 [View](https://github.com/twocanoes/xcreds/commit/1d3e2be0a87c3e5d2843767db28de90894bc12cc) * fixed enabling views when logging in [View](https://github.com/twocanoes/xcreds/commit/3ac6e3739200a3ae6f708be731c4d7acdf279e7e) * fixed javascript to key on input instead of keydown/keyup [View](https://github.com/twocanoes/xcreds/commit/3d41a199cfd92f233677cc6859f837ede388311c) * implemented Prompt for Secure Token Admin Login When Required #123 [View](https://github.com/twocanoes/xcreds/commit/32b118fe0c96b6cee8bd8a37bcff22611f28e55b) * fixed Update documented minimum for loginWindowWidth and loginWindowHeight #91 [View](https://github.com/twocanoes/xcreds/commit/21814425a055f0240fb4c11c37c0d01045620fd6) * wip [View](https://github.com/twocanoes/xcreds/commit/a5aca79363b6f3cc974442534bbc7818b0e4775b) * fixed issue with updating password in userspace [View](https://github.com/twocanoes/xcreds/commit/9e483c451eccac80fc533f993fe21a526970fd9e) * bumped build number [View](https://github.com/twocanoes/xcreds/commit/867fc0f3337cde76a06cb821471de2bcd6fb9506) ## v3.2.1.6002 (2023-12-11) * use default desktop from CoreServices [View](https://github.com/twocanoes/xcreds/commit/c2c99e2657bc7c4e77aa12628c00a1cec35e65dc) * reload the login window when wifi is connected [View](https://github.com/twocanoes/xcreds/commit/64b6876f8ba181c57d1a4ecb9ab8276cc7acb173) * fix conflicts in XCreds app [View](https://github.com/twocanoes/xcreds/commit/e29288a7b32a91a9dabe978caadaa41cce0549f6) * Add new NetworkMonitor and reload webview on network changes [View](https://github.com/twocanoes/xcreds/commit/e6fd5e31e6b573eaeec5d9df9cb8d7545e4d693e) * add new networkmonitor [View](https://github.com/twocanoes/xcreds/commit/0ede34aef5b8ec9c41c41f4a57526cfd2be6b06c) * better handling of loginwindow reload [View](https://github.com/twocanoes/xcreds/commit/472754db230ba77da0ff36c07ccb0a76ebc88dd7) * bumped version [View](https://github.com/twocanoes/xcreds/commit/0a130f4456899320bc2106dc3ee8d0179abf87c6) * bumped version [View](https://github.com/twocanoes/xcreds/commit/bec80f2ecde022f94e1bb6297b7c0d22b4b57d04) * Resolves #111 by only refreshing when on cloud login [View](https://github.com/twocanoes/xcreds/commit/ca8e9851796b02efdcf0b8237cef4fe03622cbf0) * removed tperfitt from logging. issu #108 [View](https://github.com/twocanoes/xcreds/commit/0f75ef578c89f3cfab35e83e1d863b3b281a88b7) * added info in DS for sub and iss when user is logging in and account is created [View](https://github.com/twocanoes/xcreds/commit/a16e2f5b40d2dcdc35e15c864a7887959720f64c) * initial implementation of allow user to select account to map to #98 [View](https://github.com/twocanoes/xcreds/commit/9b4b781714778a0346cb4047a61b5c6b0ce8e4fe) * added preference shouldAllowKeyComboForMacLoginWindow and key combo (control-option return) to switch logon window. command-option-control return for mac login window. Feature Request: Show / Hide the switch login button with a pref key. #121 [View](https://github.com/twocanoes/xcreds/commit/71b874ecf39fcafd7e794306e3a8dfafbcb69ce8) * Log shows tperfitt user profile path #108 [View](https://github.com/twocanoes/xcreds/commit/beb62fab79a1631780e12742763041c15f6aaecb) * Feature Request: Option to alias IdP username to local DS user account #59 [View](https://github.com/twocanoes/xcreds/commit/dd428a9717546b5ea12d7c8677fa99084ce2cccf) * add missing Credits.txt file [View](https://github.com/twocanoes/xcreds/commit/ccadd3398bc60d7b11807980f306dfbd8453c59f) * fixed typo [View](https://github.com/twocanoes/xcreds/commit/0e668f6af5873f5b7ff8770cc34b6ac6138d8e94) * updated manifest for new keys [View](https://github.com/twocanoes/xcreds/commit/f418394373ad7c62d3e297c7f5cd224aaf8d19f9) * showed Create New Account button in migration modal [View](https://github.com/twocanoes/xcreds/commit/59ab7e8d1dae2c1972041eb1e2b7082a98737ae6) * updated js [View](https://github.com/twocanoes/xcreds/commit/e621f6a8da59c6923f0ba12b6a3abf5c9a916f34) * bumped version and build [View](https://github.com/twocanoes/xcreds/commit/7140e72c2e619e26b2db99e21f917f6b3147570a) * adde missing credits file [View](https://github.com/twocanoes/xcreds/commit/81f8e48a696c1eeab46bbcb4f36eea66fe6113f4) ## v3.3.5269 (2023-11-27) * use default desktop from CoreServices [View](https://github.com/twocanoes/xcreds/commit/c2c99e2657bc7c4e77aa12628c00a1cec35e65dc) * reload the login window when wifi is connected [View](https://github.com/twocanoes/xcreds/commit/64b6876f8ba181c57d1a4ecb9ab8276cc7acb173) * fix conflicts in XCreds app [View](https://github.com/twocanoes/xcreds/commit/e29288a7b32a91a9dabe978caadaa41cce0549f6) * Add new NetworkMonitor and reload webview on network changes [View](https://github.com/twocanoes/xcreds/commit/e6fd5e31e6b573eaeec5d9df9cb8d7545e4d693e) * add new networkmonitor [View](https://github.com/twocanoes/xcreds/commit/0ede34aef5b8ec9c41c41f4a57526cfd2be6b06c) * better handling of loginwindow reload [View](https://github.com/twocanoes/xcreds/commit/472754db230ba77da0ff36c07ccb0a76ebc88dd7) * bumped version [View](https://github.com/twocanoes/xcreds/commit/0a130f4456899320bc2106dc3ee8d0179abf87c6) * bumped version [View](https://github.com/twocanoes/xcreds/commit/bec80f2ecde022f94e1bb6297b7c0d22b4b57d04) * Resolves #111 by only refreshing when on cloud login [View](https://github.com/twocanoes/xcreds/commit/ca8e9851796b02efdcf0b8237cef4fe03622cbf0) * removed tperfitt from logging. issu #108 [View](https://github.com/twocanoes/xcreds/commit/0f75ef578c89f3cfab35e83e1d863b3b281a88b7) * added info in DS for sub and iss when user is logging in and account is created [View](https://github.com/twocanoes/xcreds/commit/a16e2f5b40d2dcdc35e15c864a7887959720f64c) * initial implementation of allow user to select account to map to #98 [View](https://github.com/twocanoes/xcreds/commit/9b4b781714778a0346cb4047a61b5c6b0ce8e4fe) * added preference shouldAllowKeyComboForMacLoginWindow and key combo (control-option return) to switch logon window. command-option-control return for mac login window. Feature Request: Show / Hide the switch login button with a pref key. #121 [View](https://github.com/twocanoes/xcreds/commit/71b874ecf39fcafd7e794306e3a8dfafbcb69ce8) * Log shows tperfitt user profile path #108 [View](https://github.com/twocanoes/xcreds/commit/beb62fab79a1631780e12742763041c15f6aaecb) * Feature Request: Option to alias IdP username to local DS user account #59 [View](https://github.com/twocanoes/xcreds/commit/dd428a9717546b5ea12d7c8677fa99084ce2cccf) * add missing Credits.txt file [View](https://github.com/twocanoes/xcreds/commit/ccadd3398bc60d7b11807980f306dfbd8453c59f) * fixed typo [View](https://github.com/twocanoes/xcreds/commit/0e668f6af5873f5b7ff8770cc34b6ac6138d8e94) * updated manifest for new keys [View](https://github.com/twocanoes/xcreds/commit/f418394373ad7c62d3e297c7f5cd224aaf8d19f9) * showed Create New Account button in migration modal [View](https://github.com/twocanoes/xcreds/commit/59ab7e8d1dae2c1972041eb1e2b7082a98737ae6) ## v3.2.5197 (2023-10-17) * updated readme [View](https://github.com/twocanoes/xcreds/commit/4f27ddcd3d2a3a8e47f51a40a7631a7bf3343d88) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/e99abc0bb097c042f0ce0283547045ec1916db63) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/70082e7da4df6b71284735eb788b992df4c8ca40) * updated url in profile manifest [View](https://github.com/twocanoes/xcreds/commit/33ef0c9f2f30afc4260526b27ee4e6995e94fcfa) * fixed issue 95: whitespace characters in password and username [View](https://github.com/twocanoes/xcreds/commit/63f4ca53c2c1ba31fd93fd4921042d21284570c6) * shouldPreferLocalLoginInsteadOfCloudLogin [View](https://github.com/twocanoes/xcreds/commit/79e798afab9162255b7a019b74bbb3122330e83a) * another attempt at fixing https://github.com/twocanoes/xcreds/issues/95 [View](https://github.com/twocanoes/xcreds/commit/819e9a047f8d1e9e6d5a4f26b32238cb7fc9da88) * wip [View](https://github.com/twocanoes/xcreds/commit/4ac36cbc2d085ee32bd8d82a66feeb925ff118fb) * fixed keyboard nav for controls [View](https://github.com/twocanoes/xcreds/commit/c5c0cad10f5d5f22f8b6ce3d0993f5f1f72d8f3b) * issue #100: Detect Offline [View](https://github.com/twocanoes/xcreds/commit/fe804f167446fc4b22e128cca576ddd7276fd96f) * Add ability to check passwords via ROPG [View](https://github.com/twocanoes/xcreds/commit/f7c62c0466106cbc26f9f67be441dad847c32ecf) * Rename prefkey to be more boolean [View](https://github.com/twocanoes/xcreds/commit/2909f625588fe25c2082fbf2ff88df468e19c79d) * update to profile manifest [View](https://github.com/twocanoes/xcreds/commit/7fcb0a392b0e8d8c19e81f8e827d6de996da75c4) * fixed typo in function name [View](https://github.com/twocanoes/xcreds/commit/8c12d454e393cc0c52a0feb314a67c357bbac1c9) * added a smidge more logging [View](https://github.com/twocanoes/xcreds/commit/86256a2825eeeebf6eb63fe26451c372e149c2a2) * added self healing for auth rights [View](https://github.com/twocanoes/xcreds/commit/9b43e1cb382cfea1b40a2f40b6cdf6189fed385b) * updated manifest [View](https://github.com/twocanoes/xcreds/commit/7cdf884f2aed100080069e9b3a589af736062c99) ## release_3_1 (2023-07-14) * updated readme [View](https://github.com/twocanoes/xcreds/commit/4f27ddcd3d2a3a8e47f51a40a7631a7bf3343d88) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/e99abc0bb097c042f0ce0283547045ec1916db63) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/70082e7da4df6b71284735eb788b992df4c8ca40) * updated history.md [View](https://github.com/twocanoes/xcreds/commit/85b71172d3192616371ccc30ea16fb6dd092a54e) * fixed check timer to still work if mac sleeps [View](https://github.com/twocanoes/xcreds/commit/af491f5febf433bfeb8478d71a2fa29309676765) * fixed issue with token update time [View](https://github.com/twocanoes/xcreds/commit/0d14279e4003400a0fef812247f3c790fc802f5e) * fixed fade; cleaned up user mappings for weird characters [View](https://github.com/twocanoes/xcreds/commit/c6304954d6b02109d4ff90ed2d3b94963f761461) * final touches [View](https://github.com/twocanoes/xcreds/commit/df5f1110c5800ac8aa31293ac509817a62fedfbc) * bumped to 3.2; added some additional logging [View](https://github.com/twocanoes/xcreds/commit/5a544859855835a6c1d8bfb35a39aeb30cda5962) * bumped build number to 5000 [View](https://github.com/twocanoes/xcreds/commit/6250fdf999d7e57bfd51fe55186fde6fce92a3c0) * updated permission for override_script [View](https://github.com/twocanoes/xcreds/commit/fac2af918a65d5f92c211e4707e9e14d36e5bee1) * changed version back to 3.1; added better about window with history; changed override script requirments to be owned by _securityagent and be 700 [View](https://github.com/twocanoes/xcreds/commit/2f8dd4e599a71d02a88fa4a66814e419c71c0e65) * added command click login window for mac login window [View](https://github.com/twocanoes/xcreds/commit/f0a5b1fc76c133f199da75f31202401476da2af1) * text fixes [View](https://github.com/twocanoes/xcreds/commit/97c383e24729982c364e456ba5c3d49aa983060a) * updated build script [View](https://github.com/twocanoes/xcreds/commit/b4fd79d1d43d922fac3581282c7eb9126d33ed8c) * added back sample profie [View](https://github.com/twocanoes/xcreds/commit/6aa3ec4a58842f9a4dd748cd129ed4c14226888a) * fixed timer minutes [View](https://github.com/twocanoes/xcreds/commit/e78b306018cd996176b9530ba302689bd1d3e358) ## v3.1.4144 (2023-06-08) * updated AD support: kerb ticket now obtained at user space app launch from password in keychain. udpated profile manifest with better comments; delete cookes on webview each time it appears; added local login button; shows username password if discoveryURL is not defined [View](https://github.com/twocanoes/xcreds/commit/d17509bd2ce49313561632e15bc2698e38f09721) ## v3.1.4143 (2023-06-07) * updated fullname [View](https://github.com/twocanoes/xcreds/commit/627199474b42349bd42f6dc47c4cd442b9c3357a) * added shake to password field [View](https://github.com/twocanoes/xcreds/commit/d2370669893dc37937617be59a5601109915e991) * added shake to password field [View](https://github.com/twocanoes/xcreds/commit/d0f4efdbf886cbe9a21e449fe8d47f1ed671bdcd) * get kerb ticket on login [View](https://github.com/twocanoes/xcreds/commit/b7f7ad622ceaa57d27e419fa3fad10f0e040f8e3) ## v3.1.4081 (2023-05-27) * updated readme [View](https://github.com/twocanoes/xcreds/commit/4f27ddcd3d2a3a8e47f51a40a7631a7bf3343d88) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/e99abc0bb097c042f0ce0283547045ec1916db63) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/70082e7da4df6b71284735eb788b992df4c8ca40) * added Package.resolved [View](https://github.com/twocanoes/xcreds/commit/91fb7f3da5e789dabb37a5a8585592c69c1a732c) * added XCredsLoginPlugIn/errorpage.html [View](https://github.com/twocanoes/xcreds/commit/7bf66a34a1ef091f532959de62247ba1fbead13e) * cleaned up build system a bit [View](https://github.com/twocanoes/xcreds/commit/f99ec4a8ae38ff00adabe9b43c1ff8577c803dd1) * improved javascript parsing [View](https://github.com/twocanoes/xcreds/commit/ecf710eb181fd3f6dbdce7aedf511b8840e33ca6) * fixed issue with initial javascript listener [View](https://github.com/twocanoes/xcreds/commit/574a51b5b8329be4cc2ec8c045f710548aecf7d6) * cleaned up logging a bit [View](https://github.com/twocanoes/xcreds/commit/dfbf57f4a3d9649e2b35231bfedc6d591a7c3e41) * removed reset option [View](https://github.com/twocanoes/xcreds/commit/3150fa654f3b8a55018f0a1e0390aa6ec541e125) * removed KeychainReset and PasswordOverwriteSilent because it makes things worse [View](https://github.com/twocanoes/xcreds/commit/39362899ee0c0813f416057cad203061869daa84) * added lock screen switch to login window [View](https://github.com/twocanoes/xcreds/commit/77c52ad11ab01b1afd5e011b38a06b3de9527196) * fixed window levels, progress screen, background and boot runner issues [View](https://github.com/twocanoes/xcreds/commit/4c887fbdc82a0f63fcd8876aa662c6bc96ef7bbd) * improved logging [View](https://github.com/twocanoes/xcreds/commit/e92ffe9e65f1a95b4b3e9f1c8ea1089ae7720863) * checkpoint [View](https://github.com/twocanoes/xcreds/commit/488b66494c65e8460eefdf5bbb8c0d271102f298) * added override script and secure token admin reset [View](https://github.com/twocanoes/xcreds/commit/6717b3aa2cd0ef9d387484e7571183e6f8ffbb5d) * removed shouldFindPasswordElement since that is defaulit fallback behavior [View](https://github.com/twocanoes/xcreds/commit/2825ee7b6db005f6aa8ca6d60c72210ae7343af4) * cleaned up ui a bit [View](https://github.com/twocanoes/xcreds/commit/b64496bcb55573dff889a9ab92be2ed3f9cdd5e3) * dont refresh prefs so much [View](https://github.com/twocanoes/xcreds/commit/91ee8dcd371fe9e2182fd421674f9fcd484e4d81) * added check for group membership in oidc claim [View](https://github.com/twocanoes/xcreds/commit/2c03586a59821a04948692dcb9a41006ebf735f7) * added history file [View](https://github.com/twocanoes/xcreds/commit/5fa6c0436a58535e03fd457de9dd720186274a38) ## release-3.0 (2023-05-08) * updated readme [View](https://github.com/twocanoes/xcreds/commit/4f27ddcd3d2a3a8e47f51a40a7631a7bf3343d88) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/e99abc0bb097c042f0ce0283547045ec1916db63) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/70082e7da4df6b71284735eb788b992df4c8ca40) ## release_3_0 (2023-04-18) * added trial license beginnings [View](https://github.com/twocanoes/xcreds/commit/5a6cc5a91715e909dc8f9510f800dfffe485b7d6) * fixed regression for password change not capturing new password on azure [View](https://github.com/twocanoes/xcreds/commit/8db379d829d925409abfea85da72a788ead43d22) * bumped version to 3600 [View](https://github.com/twocanoes/xcreds/commit/f9601726f3d7255414d4ad44e20b9ac526af0f7c) * fixed issue with crash if time is far off [View](https://github.com/twocanoes/xcreds/commit/9c1d0d81ed62f525614b79e3a3dbc4b4bed3964b) * fixed typo [View](https://github.com/twocanoes/xcreds/commit/f309f95218424ca8f67177b0daed79d98344e943) * updated license [View](https://github.com/twocanoes/xcreds/commit/534be3e278d1daae48218952d20194e4e03b17b4) * fixed focus issue [View](https://github.com/twocanoes/xcreds/commit/e3c87a548a9e682b75ec01b4216ddfdda8a2ced2) ## release_v2_4 (2023-03-28) * updated readme [View](https://github.com/twocanoes/xcreds/commit/4f27ddcd3d2a3a8e47f51a40a7631a7bf3343d88) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/e99abc0bb097c042f0ce0283547045ec1916db63) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/70082e7da4df6b71284735eb788b992df4c8ca40) * added more logging for id token and bumped version to 2.3 [View](https://github.com/twocanoes/xcreds/commit/b8494ee343dab510fba1c1f304623efc985455a0) * added remove keychain option [View](https://github.com/twocanoes/xcreds/commit/19032d8df58c0bdd6197fc47f9f3aa2d8d6694ea) * updated language on keychain option and added pref in manifest [View](https://github.com/twocanoes/xcreds/commit/709a7f29e696c088cc8e13959dadba8f9c0f8c8e) * added key for customizing return to xcreds; added preference and ability to automatically refresh login window [View](https://github.com/twocanoes/xcreds/commit/514a1ba5ddaec55bfb8e40ca3e6c98a43c50ec7b) * added in login window height/width [View](https://github.com/twocanoes/xcreds/commit/18e974e67f2833862a1a6913a6c4563e339d4239) * added in login window height/width min value of 100 [View](https://github.com/twocanoes/xcreds/commit/6090d5ec4895045448920e774e16dc0614223919) * added in login window height/width min value of 100 [View](https://github.com/twocanoes/xcreds/commit/0a7dad70364bd830b8028da2cadd62c98b79271d) * fixed login window size and background image [View](https://github.com/twocanoes/xcreds/commit/339a66e7fdf6e8484da8f7c0a5c2ee6eed0aaef7) * fixed focus issue [View](https://github.com/twocanoes/xcreds/commit/992512bb1ac27f36c655d1e1a02eafdbd47a2b80) * updated sample configu [View](https://github.com/twocanoes/xcreds/commit/cd482e69520c8a7994eb8233e26c8a008c5048e7) * tweaked text for user space refresh token window and added pref to show or hide [View](https://github.com/twocanoes/xcreds/commit/9f29893203caef8799683cc2ded3345f306c4528) * fixed names and links in manifest [View](https://github.com/twocanoes/xcreds/commit/e759138ca72f2a4153fbea02f7b0b5cfd031bd01) * fixed crashing issue due to null refreshview outlet [View](https://github.com/twocanoes/xcreds/commit/d3931983b53633c91c33494fc1fcccd7614948ad) * added frontmost when prompting for keychain password [View](https://github.com/twocanoes/xcreds/commit/92ee6ed5c41dfefc798f1c839193aaa4a4a09f67) * fixed issue with autorefresh [View](https://github.com/twocanoes/xcreds/commit/d7126a026281afaac27c9381a9c4e42d472b4b31) * fixed changing wifi not dismissing dialog [View](https://github.com/twocanoes/xcreds/commit/7a3d45178e299b52014fb3dd0adf6c180667222f) * fixed changing wifi not dismissing dialog [View](https://github.com/twocanoes/xcreds/commit/9ef84939d56cce29c9b8e3a84b0f070a30f7e30c) * added 802.1x support; added support for pref key for finding password based on type=password [View](https://github.com/twocanoes/xcreds/commit/38ddeff5cd86d0cd43a97844c9d160da0ee446f3) * wip [View](https://github.com/twocanoes/xcreds/commit/72da3de9c054f4fb35fb19c9bb6ffd5c2ebbb47a) ## release_v2_1 (2023-01-11) ## realease_v2_2 (2023-01-11) * updated readme [View](https://github.com/twocanoes/xcreds/commit/4f27ddcd3d2a3a8e47f51a40a7631a7bf3343d88) * support getting password with get and adfs [View](https://github.com/twocanoes/xcreds/commit/494fdf75c79d8aa3b2c3cc6dc947f4423b2b3674) * Revert "support getting password with get and adfs" [View](https://github.com/twocanoes/xcreds/commit/425bda9a9323fd7eb9437f09f9da63747db9dc8d) * changed pref names for custom IDP / ADFS [View](https://github.com/twocanoes/xcreds/commit/83947497ec00cdfd7ec3b9a3683fa3b8e007aadf) * fixed package template issue and updated manifest [View](https://github.com/twocanoes/xcreds/commit/f2540a6c64b5bc9971833e8fa859821d4822af9c) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/e99abc0bb097c042f0ce0283547045ec1916db63) * enabled rekeying FileVault implementation [View](https://github.com/twocanoes/xcreds/commit/2ba233e3695b8a7bda297b0908da933d24bec1c4) * Support a Azure AD host [View](https://github.com/twocanoes/xcreds/commit/c0415863273f9797808d32633d3e800d630f9a0f) * If fullname is empty, shorname is used. [View](https://github.com/twocanoes/xcreds/commit/7764740647f8e4450b411fa08849e5f4cceba078) * added autologin when fv enabled [View](https://github.com/twocanoes/xcreds/commit/c8b394e055e2aa176af8a7f9e8cce53a3066f408) * added okta compatibility [View](https://github.com/twocanoes/xcreds/commit/5f38e70e641bc2c8129e940ae7e9f710380fea5b) * added a bit more logging [View](https://github.com/twocanoes/xcreds/commit/e2d2330a5050ab419290de466cef9f0b63407215) * removed "prompt":"consent" [View](https://github.com/twocanoes/xcreds/commit/3e0a5e6de6342f36c9622aba3ad55d2db4488942) * fixed notification prompt [View](https://github.com/twocanoes/xcreds/commit/40423c3b3ba271483826e49b6010f95e5b5683c7) * added shouldShowCloudLoginByDefault user default [View](https://github.com/twocanoes/xcreds/commit/d8658f333726d8151c2486a7fe38f94cc29cacb2) * added idhostnames array so you can specify multiple tenants [View](https://github.com/twocanoes/xcreds/commit/663dfa99b6bfb54487ca5cbc8d83618c8d180496) * removed registration reminder [View](https://github.com/twocanoes/xcreds/commit/738dff1ab4396e14d701da2dcb79c5c657533433) * removed spaces [View](https://github.com/twocanoes/xcreds/commit/180c2b9f4c267479723810a22a1dcc7715d992ce) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/70082e7da4df6b71284735eb788b992df4c8ca40) * added mappings for user info [View](https://github.com/twocanoes/xcreds/commit/074ac99d5b3b72f3a8fb553670968f6e67da8f10) * bumped version to 2.2 and build [View](https://github.com/twocanoes/xcreds/commit/23d902d5227eab2f3e61a6c931ccf63b94bc0ccb) * added new key for OIDC mapping [View](https://github.com/twocanoes/xcreds/commit/485be954afebf7cbe808a8b23e0be6a7c5efa495) * made keys lowercase for mappings [View](https://github.com/twocanoes/xcreds/commit/7432620d1a5c7e22e98975a5e806b73a9140d5ee) * changed case of keys [View](https://github.com/twocanoes/xcreds/commit/ecac4002bd45677fa72386cc73a56bfe6d3f53ed) * renamed mapped prefs with a prefix [View](https://github.com/twocanoes/xcreds/commit/aadd1445d92ac12e084946e1b40d97cf9f5aa6c7) * username hint was not being set [View](https://github.com/twocanoes/xcreds/commit/aba884ce568c39653fec406f7c95b21b1c554642) * added startup script [View](https://github.com/twocanoes/xcreds/commit/9c374670c37ba1b522e1247ec96a850a4e663b8e) * added credit to script [View](https://github.com/twocanoes/xcreds/commit/e36e74db471c955bd356f150dbc9b19d240a50d4) * implemented KeychainReset [View](https://github.com/twocanoes/xcreds/commit/0c34708fdeb9c9aa4303daa8382948d4e7d8143d) * implemented PasswordOverwriteSilent [View](https://github.com/twocanoes/xcreds/commit/8fcee904d23440051516c74228213a64b4ead348) * removed show prefs menu [View](https://github.com/twocanoes/xcreds/commit/d34328d71ec93b2663b75c080e41c8e0707b1f8e) * fixed timer issue [View](https://github.com/twocanoes/xcreds/commit/1d37d90a8ce81a142b90874b5d35641db4a9c1a8) * fixed shouldShowCloudLoginByDefault not working [View](https://github.com/twocanoes/xcreds/commit/570576b00c63db1f11ab5d7799301c9faed7f1e9) * fixed edge case when not showing xcreds login when logging out [View](https://github.com/twocanoes/xcreds/commit/3447f7be9e35a5e894911c0fa7366be4fa0d3b05) * removed test time [View](https://github.com/twocanoes/xcreds/commit/5bd5f84563b2a05fd4c2c169e1601cf5c270d8a9) * added sub as local user account if other methods not available; added some additional logging [View](https://github.com/twocanoes/xcreds/commit/fd4067d3a54850244f5f456825cbb531800dca85) * remove progress screen overlay because it was hiding filevault [View](https://github.com/twocanoes/xcreds/commit/453a9b79a19bbd05c4d638c01337b4752943898d) ## release_v2_0 (2022-08-30) * bumped version to 1.1 [View](https://github.com/twocanoes/xcreds/commit/d6a4c915da4e771335915c6aa1dae53d94c8c039) * added sample profile for google [View](https://github.com/twocanoes/xcreds/commit/342c8590fd5392822a9a57dd9a3293aa5f276eb6) * Cloud password verification dialog not centered... #15 [View](https://github.com/twocanoes/xcreds/commit/b1d8ee6069a92e6b231b8bce944f684fa36ec68e) * add "have token" indicator #10 [View](https://github.com/twocanoes/xcreds/commit/db746fd65ae1623e1d69f3c075391f474c9ccc3e) * Hide "About XCreds" menu item #18; Ability to add a custom URL and menu item for "Change Password #18 [View](https://github.com/twocanoes/xcreds/commit/f1c4593b4ad1b73899f9bc2cbfe61cd2d37eac11) * start of login window [View](https://github.com/twocanoes/xcreds/commit/ce6cc87d6f5e0ee87ecea89514865fd7b92df476) * pass username and password for login window [View](https://github.com/twocanoes/xcreds/commit/6addc7950cf499fb9bdeee098af1e0f9d35bfb63) * added fade to login window complete [View](https://github.com/twocanoes/xcreds/commit/3fd2f6dd2f69f8ec41e7eda52937e98cf0a30738) * restart and shutdown buttons [View](https://github.com/twocanoes/xcreds/commit/fde13dea140cf02043c8f9404c08917868bb5ecc) * implemented swiching back to mac login window [View](https://github.com/twocanoes/xcreds/commit/85545c29a8ad7c2b28daef1f8e8024bf377761ba) * wip [View](https://github.com/twocanoes/xcreds/commit/e755e305eb936a965cb0ef133d9f7c1cfb7cc765) * fixed xcreds breakage due to refactoring for xcreds login window [View](https://github.com/twocanoes/xcreds/commit/f41778819ed0d04325880e641799f723732ca6f3) * added keychain updating with tokens [View](https://github.com/twocanoes/xcreds/commit/2e3114e4f657761addd714abe7de790350623c83) * xcreds login window [View](https://github.com/twocanoes/xcreds/commit/03e929f9fa582b394686bb7669b28d0e906c4cd9) * added return to cloud login and wait message [View](https://github.com/twocanoes/xcreds/commit/f29ea30d43e51b6ef44bfbdad7d0ccd1d650a6b3) * bumped version [View](https://github.com/twocanoes/xcreds/commit/7fb698159e5f0b6cd54057d0938ddd0a448bd321) * updated manifest [View](https://github.com/twocanoes/xcreds/commit/ce8b9197c101d106605d5ea8e6bf87f5b52412ac) * added username to manifest [View](https://github.com/twocanoes/xcreds/commit/aa7945756f9c0a0573cf79b48c677c35dfbe7469) * fixed install scripts [View](https://github.com/twocanoes/xcreds/commit/ad2152c8e24b03dd685627d052b3116e5badfd62) * updated readme [View](https://github.com/twocanoes/xcreds/commit/690e6966e81bcb27f8859c010c230d2d0af4ba0a) * updaed sample profiles [View](https://github.com/twocanoes/xcreds/commit/5cd70f021fc8a4b7321dbfe7bd5cf1298a901609) * added arbitrary check for password in form [View](https://github.com/twocanoes/xcreds/commit/9d1dadac7750544dffa4db82fc258f0b7ed9663e) * bumped build number [View](https://github.com/twocanoes/xcreds/commit/bb90624c3d9a45870956621f22b41da5434e2bce) * fixed idtoken required values causing failure [View](https://github.com/twocanoes/xcreds/commit/de5dd6affee913fc6f2f65125188a8e894460b65) * added build number when starting up [View](https://github.com/twocanoes/xcreds/commit/2d4b70a192e119352cccc2d7318b8997e3c7fe74) * added build number when starting up in mechnism [View](https://github.com/twocanoes/xcreds/commit/5f6bdd336f311caa991f10c380b15f9acc2f5bb2) * added build number when starting up in mechnism [View](https://github.com/twocanoes/xcreds/commit/26b995a2173376ea6275a037a7866ea154b9ef31) * create user mech [View](https://github.com/twocanoes/xcreds/commit/2bd3cb885f9cfc2557cc709404a8c665e99236f1) * tweaked create user [View](https://github.com/twocanoes/xcreds/commit/4bfdd1017266b30d25e9fb0162decbe54fe3b5a9) * added FDE enable [View](https://github.com/twocanoes/xcreds/commit/2422e5588412d4cc721f93c0695405d939096c42) * updated prefs [View](https://github.com/twocanoes/xcreds/commit/14d39e3fe023b6412a73b6cba2a214b283a1b7d7) * added fde option [View](https://github.com/twocanoes/xcreds/commit/2b022b47d6c23e2bbf6fcd6f0b7bb249df689bc1) * added network changing detection to reload page [View](https://github.com/twocanoes/xcreds/commit/de4acf06e2e7b18c232dd0dcd5ce55e8944d2e2a) * fixed status icon issue; fixed lack of prompting on first launch [View](https://github.com/twocanoes/xcreds/commit/9aa2d77b366fe963aed1ec78c932c467d83f5b63) * added default to create keychain [View](https://github.com/twocanoes/xcreds/commit/27be41527d7716df6fbcd9ed276f542b80e53682) * added better loading at start [View](https://github.com/twocanoes/xcreds/commit/1223e399814d061d9962a75d6c037445cd9862f9) * updated loading message [View](https://github.com/twocanoes/xcreds/commit/d8d1b96e3e2927eb110747155942c4f000c8872c) * smother transitions and background image [View](https://github.com/twocanoes/xcreds/commit/6f6f2b9c7b24a3724440b77b52d86cfaeca3169d) * fixed background image url [View](https://github.com/twocanoes/xcreds/commit/8164b122c71f76b0bea9a3237d386ffac9ec0d30) * fixed overlay not showing [View](https://github.com/twocanoes/xcreds/commit/6cedc60bbaad9747209ae73521a0af480a8301a0) * fixed regression with back to my xcreds [View](https://github.com/twocanoes/xcreds/commit/ff3dee83940377a8544283d207e011f5854be8c3) * add tweak to back to my xcreds [View](https://github.com/twocanoes/xcreds/commit/7aafd66a0d75a3ee09dc6a4cd1c7f211877fb15b) * more tweaks to back to my xcreds [View](https://github.com/twocanoes/xcreds/commit/b2ef99f2db8056933eb2c047f28d6449059103dd) * fixed minor issues with prefs [View](https://github.com/twocanoes/xcreds/commit/18bccee23ceb28e47bd25f7ed38433dea76e787b) * reverted default [View](https://github.com/twocanoes/xcreds/commit/5fe505fa6c90b1ae198bc1d5aeac6068e0e9ecdc) * project update [View](https://github.com/twocanoes/xcreds/commit/4ea4da0da0260d9d9379ea599689d1c5ed1515b5) ## prebeta (2022-06-15) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/7289a72ae79005797fa4651dc61328354aca7c2b) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/07947e9e66f68db049481b6e35373a8a5b5a4bf5) * added support for Google IdP [View](https://github.com/twocanoes/xcreds/commit/4733a6cdeef503db2e08a21bb9443700bfb9526d) --- ## XCreds 4 Beta 5 (15/01/2024) ## 4.0.6261 (2024-01-15) * built release notes [View](https://github.com/twocanoes/xcreds/commit/7440e188957a5c489891d75513dad33df2ec6aec) * applied patch from Jim Zajkowski to fix integration issues [View](https://github.com/twocanoes/xcreds/commit/278862f63decc361c2dcc1e99da541c431b7099d) * fixed up kerb ticket status in menu [View](https://github.com/twocanoes/xcreds/commit/93371b9a3b32c7f09e23d1b55fb1c783ffd580de) * refactored menu code [View](https://github.com/twocanoes/xcreds/commit/a76b7f843d4a156233abeb9039152748e2dc52c9) * fixed issue with updating keychain [View](https://github.com/twocanoes/xcreds/commit/d0b70c3142e385a51c79c1f94812393a6067e178) * more attempt at sharemounter integration [View](https://github.com/twocanoes/xcreds/commit/18e44d1d6b156ffb63686db8d52905e287dc5f24) * implemented shares [View](https://github.com/twocanoes/xcreds/commit/8bd74a3ac8fe78088e280c19d9ee80eeb1658129) * added additional sample profiles [View](https://github.com/twocanoes/xcreds/commit/721bf74a6f58cce0b09b1aa2e88f6317b643bede) * fixed home mounting [View](https://github.com/twocanoes/xcreds/commit/b4ffa8ff9788cdd76694174c54dd0bc3ce9ddbcc) * fixed enabing window state with AD [View](https://github.com/twocanoes/xcreds/commit/24d17c9845baa29acbd7ec408c02553dd4d7ea3d) * pointed package to main branch for oidclite [View](https://github.com/twocanoes/xcreds/commit/7f23a07412363c7d45ce093eaff0bbac644265bb) * Allow forcing of webview login window [View](https://github.com/twocanoes/xcreds/commit/88eaaf49ff27a7fb38c879d15e597912f06c0d29) * Support separate client ID and secret for ropg [View](https://github.com/twocanoes/xcreds/commit/4e008168bbf206d6678d7c1649e26ec7424928a3) * wip [View](https://github.com/twocanoes/xcreds/commit/7d5fba55eab2430038c2a86b79c08f714316e57b) * fixed issue with ropg clientid/secret selection [View](https://github.com/twocanoes/xcreds/commit/1642241ea03ddc43b4a04b7e9a4f0885113ab4dc) * Keychain is reset on cloud password change when user enters old local password #148 [View](https://github.com/twocanoes/xcreds/commit/79f1bb531ce5fa20389b4fed319bac3539314e96) * Admin status does not change after removed from group #145 [View](https://github.com/twocanoes/xcreds/commit/f9821f992afe305d2be9bec0ee0aec9e1b5dbdca) * Fix manifest key name for loadPageInfo #143 [View](https://github.com/twocanoes/xcreds/commit/b747d621e864a40906b13b85e6d184ead1fb485c) * bumped version [View](https://github.com/twocanoes/xcreds/commit/aad768b0f0b76345a3e7ee2ea0d02fbcf6e953b1) ## 4.0.6203 (2024-01-01) * added release notes and script to generate release notes [View](https://github.com/twocanoes/xcreds/commit/ff9dc64fea8e6f438755e1d72837fce4391d167c) * Feature Request: Allow "loadpage.html" to be customized. #126. To test, add in new keys "loadPageTitle" and "loadPageInfo" or try the xcreds_example_azure_loadPageTitle_loadPageInfo.mobileconfig [View](https://github.com/twocanoes/xcreds/commit/37c7477f66362c1823c49138b49afcad388abbc5) * Update description in manifest for loginWindowWidth and loginWindowHeight #138 [View](https://github.com/twocanoes/xcreds/commit/5951d753b391fda49534c5dda13d508479e66fd8) * [feature request] LocalAD - make sync password with AD optional with preference key #130. To test, set the shouldPromptForADPasswordChange to false and set the user account to require password change on next login and verify the user is not prompted [View](https://github.com/twocanoes/xcreds/commit/0b85b4ffb8e95b8d79ffcf455ac034c05ce4d4f4) * XCreds breaking Munki's logout/install @loginscreen logic #102. Test by defining hideIfPathExists to a path like /tmp/hide and then add/remove and UI should show /hide. Or use sample profile xcreds_example_azure_hide.mobileconfig [View](https://github.com/twocanoes/xcreds/commit/770c179262658ccfd27f9de3808b931cc69a86e4) * Option to enforce account to log in #21. To test, create allowedUsersArray with name of user allowed to log in and define allowUsersClaim with an OIDC claim that contains that value. Or use the xcreds_example_azure_allow_fred.mobileconfig to test [View](https://github.com/twocanoes/xcreds/commit/ee95927865f1e912898c4d030cb367fd589db114) * Feature Request: Force Wi-Fi on option or Wi-Fi on/off switch in "Configure Wi-Fi" #58 [View](https://github.com/twocanoes/xcreds/commit/bfa28014c7d0c000369d49bf9a3896128616901a) * added removeadmin function but not used since it can cause local admins to unadmin [View](https://github.com/twocanoes/xcreds/commit/cc322befaf88bf3440a9d086089468660a4354f3) * loginWindowBackgroundImageURL image should be cached if not a file:// URL #72 [View](https://github.com/twocanoes/xcreds/commit/b2cfd643ac6419904cc30037eaceaf5bb939cc7b) * bumped build number [View](https://github.com/twocanoes/xcreds/commit/500575b7dfa81c7a9a7231aeac88bd3cfe6a5497) ## 4.0.6177 (2023-12-28) * added date to license agreement to resolve Date not shown on user agreement #134 [View](https://github.com/twocanoes/xcreds/commit/17df8ec0734b9a8eddb2485e4d16af25ddd2df30) * fixed Password reset dialog rendering and text need fixes #133 [View](https://github.com/twocanoes/xcreds/commit/a03c7f1463be0ab89a787d08f2f211c8bb9a6552) * Cloud login screen button section pushed to left side #132 [View](https://github.com/twocanoes/xcreds/commit/0a300f842d6ab85e8c28501c9b4b87e57b5e0017) * Active Directory login - blank login after expired user attempts sign-in #114 [View](https://github.com/twocanoes/xcreds/commit/b8d52d586aaa8db98487a8bd8279fbd673992ad8) * Prompt for Secure Token Admin Login When Required for AD #127 [View](https://github.com/twocanoes/xcreds/commit/42002e66a6d90726e9a5f4132f232afd107736d7) * [bug] Build 6023 LocalAD - cancelling Change Password prompt breaks login fields. #129 [View](https://github.com/twocanoes/xcreds/commit/be300977b25f12e409b506de0f0d6fc1addd9ebd) * Add ability to select active directory login to select mapped user account #136 [View](https://github.com/twocanoes/xcreds/commit/19260d33f6a35b1564112c9be94e804bf892cb14) * fixed issue with initial focus [View](https://github.com/twocanoes/xcreds/commit/f40cf398168bffd52a75745ab3527b7f9bfc9f20) * https://github.com/twocanoes/xcreds/issues/54 [View](https://github.com/twocanoes/xcreds/commit/270732273500c8d5d1e791b565df25d581f5e0f4) * Request: display user password expiration (days left or specific date) in app. #54 [View](https://github.com/twocanoes/xcreds/commit/2774028c41b4a2b5031296e284d1cde5ae48541f) * Refresh does not change next password check time #88 [View](https://github.com/twocanoes/xcreds/commit/fdcd94b1dd7f99c6baf635af6d7978d0aad30df3) * changed cartfile to point to github [View](https://github.com/twocanoes/xcreds/commit/960fa77bb2cb6b21719fb33481febbb594b53f90) * removed framework [View](https://github.com/twocanoes/xcreds/commit/ed417781d823012a779fd93c4c29cf46259d0bee) * removed framework [View](https://github.com/twocanoes/xcreds/commit/c054c66e231955a396f9f28bd26d8352ae7ed48f) * added key for ROPG at login window [View](https://github.com/twocanoes/xcreds/commit/716934b3e90d1f8cc454e7f25232584e3f2b5d3a) * partial refactor wip [View](https://github.com/twocanoes/xcreds/commit/1c0fc161b10042d6f88097ffb255749e682023bf) * partial refactor wip [View](https://github.com/twocanoes/xcreds/commit/e24b7e07ec5ceefeacda3cbaa2b92e71a7261ecf) * partial refactor wip [View](https://github.com/twocanoes/xcreds/commit/f651bc35965ad5a1a1c713a4ff0a3cd4b20cb00b) * ropg at login window initial implementation [View](https://github.com/twocanoes/xcreds/commit/32ad7b391c89e870fe373cdac46e62744fb79221) * cleaned up ropg login code [View](https://github.com/twocanoes/xcreds/commit/e9b12682acdcdd8f5b3bd9f1035c80ca2e359995) * hide refresh when on username/password window; move focus to blank password when not entered for username/password window [View](https://github.com/twocanoes/xcreds/commit/b54cf49b000fa8806229300455901955f2f1edf2) * fixed menu app password verification [View](https://github.com/twocanoes/xcreds/commit/93ac8b9bfbeefb2d7b5df4585d033005b6907300) * added ShareMounter and missing KerbUtil filet [View](https://github.com/twocanoes/xcreds/commit/3f14dc2639807400e8c1b6f8824a05d6ea2b474b) * added username / password view to prompt in userspace [View](https://github.com/twocanoes/xcreds/commit/a56020e4ba24ef0d2d634f4e3ad71964c561eaad) * fixed cancel for AD userspace cancel [View](https://github.com/twocanoes/xcreds/commit/8acaf42493adf20b98f132182b7951fae9181976) * fixed override script in usersapce [View](https://github.com/twocanoes/xcreds/commit/bdd67573335b01e9aa809a8af6570474183751cb) * fixed typo [View](https://github.com/twocanoes/xcreds/commit/48329e1d05488dd2b66820ab8d62b6c540901f41) ## 4.0.6023 (2023-12-12) * use default desktop from CoreServices [View](https://github.com/twocanoes/xcreds/commit/c2c99e2657bc7c4e77aa12628c00a1cec35e65dc) * reload the login window when wifi is connected [View](https://github.com/twocanoes/xcreds/commit/64b6876f8ba181c57d1a4ecb9ab8276cc7acb173) * fix conflicts in XCreds app [View](https://github.com/twocanoes/xcreds/commit/e29288a7b32a91a9dabe978caadaa41cce0549f6) * Add new NetworkMonitor and reload webview on network changes [View](https://github.com/twocanoes/xcreds/commit/e6fd5e31e6b573eaeec5d9df9cb8d7545e4d693e) * add new networkmonitor [View](https://github.com/twocanoes/xcreds/commit/0ede34aef5b8ec9c41c41f4a57526cfd2be6b06c) * better handling of loginwindow reload [View](https://github.com/twocanoes/xcreds/commit/472754db230ba77da0ff36c07ccb0a76ebc88dd7) * bumped version [View](https://github.com/twocanoes/xcreds/commit/0a130f4456899320bc2106dc3ee8d0179abf87c6) * bumped version [View](https://github.com/twocanoes/xcreds/commit/bec80f2ecde022f94e1bb6297b7c0d22b4b57d04) * Resolves #111 by only refreshing when on cloud login [View](https://github.com/twocanoes/xcreds/commit/ca8e9851796b02efdcf0b8237cef4fe03622cbf0) * removed tperfitt from logging. issu #108 [View](https://github.com/twocanoes/xcreds/commit/0f75ef578c89f3cfab35e83e1d863b3b281a88b7) * added info in DS for sub and iss when user is logging in and account is created [View](https://github.com/twocanoes/xcreds/commit/a16e2f5b40d2dcdc35e15c864a7887959720f64c) * initial implementation of allow user to select account to map to #98 [View](https://github.com/twocanoes/xcreds/commit/9b4b781714778a0346cb4047a61b5c6b0ce8e4fe) * added preference shouldAllowKeyComboForMacLoginWindow and key combo (control-option return) to switch logon window. command-option-control return for mac login window. Feature Request: Show / Hide the switch login button with a pref key. #121 [View](https://github.com/twocanoes/xcreds/commit/71b874ecf39fcafd7e794306e3a8dfafbcb69ce8) * Log shows tperfitt user profile path #108 [View](https://github.com/twocanoes/xcreds/commit/beb62fab79a1631780e12742763041c15f6aaecb) * Feature Request: Option to alias IdP username to local DS user account #59 [View](https://github.com/twocanoes/xcreds/commit/dd428a9717546b5ea12d7c8677fa99084ce2cccf) * add missing Credits.txt file [View](https://github.com/twocanoes/xcreds/commit/ccadd3398bc60d7b11807980f306dfbd8453c59f) * fixed typo [View](https://github.com/twocanoes/xcreds/commit/0e668f6af5873f5b7ff8770cc34b6ac6138d8e94) * updated manifest for new keys [View](https://github.com/twocanoes/xcreds/commit/f418394373ad7c62d3e297c7f5cd224aaf8d19f9) * showed Create New Account button in migration modal [View](https://github.com/twocanoes/xcreds/commit/59ab7e8d1dae2c1972041eb1e2b7082a98737ae6) * fixed issue #124: Default behavior wrong for shouldAllowKeyComboForMacLoginWindow [View](https://github.com/twocanoes/xcreds/commit/6f3737257205f4d2faa035b6f051bf6bfed2074b) * refactored code to add admin to user account based on group membership each login (issue #109); added groups claim value to OD record on each login in _xcreds_oidc_groups (issue #117) [View](https://github.com/twocanoes/xcreds/commit/8376942e6e23f8804bd5cec3cfff383792391031) * updated license agreement (issue #90) [View](https://github.com/twocanoes/xcreds/commit/f41411c5a51706ba7b33776edc845a409400bf1e) * Detect when no password was entered #17 [View](https://github.com/twocanoes/xcreds/commit/7cf2837f3d653a893f2f5c031c0a72298340aa70) * updated animation when logging in [View](https://github.com/twocanoes/xcreds/commit/51387b15384032bc5f4e82a5d6fea8a49c6e2625) * adding arbitrary claims to local DS user account [View](https://github.com/twocanoes/xcreds/commit/e47832e21a76d3ae86af3e7e5fee41f29772436f) * fixed Active Directory issue after password change #112 [View](https://github.com/twocanoes/xcreds/commit/14e2a7c1e1d15e8655f44bef182a2e14bc0892ce) * partial fix for #114 [View](https://github.com/twocanoes/xcreds/commit/856a3549bec86c6c52b4ed368b2e59d25c38c5a7) * refactored windows to views [View](https://github.com/twocanoes/xcreds/commit/8a0994c7dfbe071ce5397d52070c2a4c9ab9a309) * fixed centering and cloud login sizing [View](https://github.com/twocanoes/xcreds/commit/f83d523c57cf9f65f6f1b7931bdf34ad5a04c090) * fixing timing for animation when logging in; tweaked UI [View](https://github.com/twocanoes/xcreds/commit/9c659dbb4a12c9ee4cbe396119a058d2594e6827) * streamlined startup process [View](https://github.com/twocanoes/xcreds/commit/1895f0365a3aba91fc9c43961bca78ee6a9482e6) * refactored dialogs for prompting for user info; fixed ad groups for making admin user [View](https://github.com/twocanoes/xcreds/commit/7c5af73cb91a83c8f323edc1d8bd9538b02fbd71) * added missing template for package [View](https://github.com/twocanoes/xcreds/commit/281fe86d7bb33c7f278f05117794069c991efb47) * fixed showing offline button [View](https://github.com/twocanoes/xcreds/commit/72ffc3fd5434eb742e1cffa3cb073228f4883292) * implemented feature request: localad/kebereros support for saving groups to prefs #125 [View](https://github.com/twocanoes/xcreds/commit/1d3e2be0a87c3e5d2843767db28de90894bc12cc) * fixed enabling views when logging in [View](https://github.com/twocanoes/xcreds/commit/3ac6e3739200a3ae6f708be731c4d7acdf279e7e) * fixed javascript to key on input instead of keydown/keyup [View](https://github.com/twocanoes/xcreds/commit/3d41a199cfd92f233677cc6859f837ede388311c) * implemented Prompt for Secure Token Admin Login When Required #123 [View](https://github.com/twocanoes/xcreds/commit/32b118fe0c96b6cee8bd8a37bcff22611f28e55b) * fixed Update documented minimum for loginWindowWidth and loginWindowHeight #91 [View](https://github.com/twocanoes/xcreds/commit/21814425a055f0240fb4c11c37c0d01045620fd6) * wip [View](https://github.com/twocanoes/xcreds/commit/a5aca79363b6f3cc974442534bbc7818b0e4775b) * fixed issue with updating password in userspace [View](https://github.com/twocanoes/xcreds/commit/9e483c451eccac80fc533f993fe21a526970fd9e) * bumped build number [View](https://github.com/twocanoes/xcreds/commit/867fc0f3337cde76a06cb821471de2bcd6fb9506) ## v3.2.1.6002 (2023-12-11) * use default desktop from CoreServices [View](https://github.com/twocanoes/xcreds/commit/c2c99e2657bc7c4e77aa12628c00a1cec35e65dc) * reload the login window when wifi is connected [View](https://github.com/twocanoes/xcreds/commit/64b6876f8ba181c57d1a4ecb9ab8276cc7acb173) * fix conflicts in XCreds app [View](https://github.com/twocanoes/xcreds/commit/e29288a7b32a91a9dabe978caadaa41cce0549f6) * Add new NetworkMonitor and reload webview on network changes [View](https://github.com/twocanoes/xcreds/commit/e6fd5e31e6b573eaeec5d9df9cb8d7545e4d693e) * add new networkmonitor [View](https://github.com/twocanoes/xcreds/commit/0ede34aef5b8ec9c41c41f4a57526cfd2be6b06c) * better handling of loginwindow reload [View](https://github.com/twocanoes/xcreds/commit/472754db230ba77da0ff36c07ccb0a76ebc88dd7) * bumped version [View](https://github.com/twocanoes/xcreds/commit/0a130f4456899320bc2106dc3ee8d0179abf87c6) * bumped version [View](https://github.com/twocanoes/xcreds/commit/bec80f2ecde022f94e1bb6297b7c0d22b4b57d04) * Resolves #111 by only refreshing when on cloud login [View](https://github.com/twocanoes/xcreds/commit/ca8e9851796b02efdcf0b8237cef4fe03622cbf0) * removed tperfitt from logging. issu #108 [View](https://github.com/twocanoes/xcreds/commit/0f75ef578c89f3cfab35e83e1d863b3b281a88b7) * added info in DS for sub and iss when user is logging in and account is created [View](https://github.com/twocanoes/xcreds/commit/a16e2f5b40d2dcdc35e15c864a7887959720f64c) * initial implementation of allow user to select account to map to #98 [View](https://github.com/twocanoes/xcreds/commit/9b4b781714778a0346cb4047a61b5c6b0ce8e4fe) * added preference shouldAllowKeyComboForMacLoginWindow and key combo (control-option return) to switch logon window. command-option-control return for mac login window. Feature Request: Show / Hide the switch login button with a pref key. #121 [View](https://github.com/twocanoes/xcreds/commit/71b874ecf39fcafd7e794306e3a8dfafbcb69ce8) * Log shows tperfitt user profile path #108 [View](https://github.com/twocanoes/xcreds/commit/beb62fab79a1631780e12742763041c15f6aaecb) * Feature Request: Option to alias IdP username to local DS user account #59 [View](https://github.com/twocanoes/xcreds/commit/dd428a9717546b5ea12d7c8677fa99084ce2cccf) * add missing Credits.txt file [View](https://github.com/twocanoes/xcreds/commit/ccadd3398bc60d7b11807980f306dfbd8453c59f) * fixed typo [View](https://github.com/twocanoes/xcreds/commit/0e668f6af5873f5b7ff8770cc34b6ac6138d8e94) * updated manifest for new keys [View](https://github.com/twocanoes/xcreds/commit/f418394373ad7c62d3e297c7f5cd224aaf8d19f9) * showed Create New Account button in migration modal [View](https://github.com/twocanoes/xcreds/commit/59ab7e8d1dae2c1972041eb1e2b7082a98737ae6) * updated js [View](https://github.com/twocanoes/xcreds/commit/e621f6a8da59c6923f0ba12b6a3abf5c9a916f34) * bumped version and build [View](https://github.com/twocanoes/xcreds/commit/7140e72c2e619e26b2db99e21f917f6b3147570a) * adde missing credits file [View](https://github.com/twocanoes/xcreds/commit/81f8e48a696c1eeab46bbcb4f36eea66fe6113f4) ## v3.3.5269 (2023-11-27) * use default desktop from CoreServices [View](https://github.com/twocanoes/xcreds/commit/c2c99e2657bc7c4e77aa12628c00a1cec35e65dc) * reload the login window when wifi is connected [View](https://github.com/twocanoes/xcreds/commit/64b6876f8ba181c57d1a4ecb9ab8276cc7acb173) * fix conflicts in XCreds app [View](https://github.com/twocanoes/xcreds/commit/e29288a7b32a91a9dabe978caadaa41cce0549f6) * Add new NetworkMonitor and reload webview on network changes [View](https://github.com/twocanoes/xcreds/commit/e6fd5e31e6b573eaeec5d9df9cb8d7545e4d693e) * add new networkmonitor [View](https://github.com/twocanoes/xcreds/commit/0ede34aef5b8ec9c41c41f4a57526cfd2be6b06c) * better handling of loginwindow reload [View](https://github.com/twocanoes/xcreds/commit/472754db230ba77da0ff36c07ccb0a76ebc88dd7) * bumped version [View](https://github.com/twocanoes/xcreds/commit/0a130f4456899320bc2106dc3ee8d0179abf87c6) * bumped version [View](https://github.com/twocanoes/xcreds/commit/bec80f2ecde022f94e1bb6297b7c0d22b4b57d04) * Resolves #111 by only refreshing when on cloud login [View](https://github.com/twocanoes/xcreds/commit/ca8e9851796b02efdcf0b8237cef4fe03622cbf0) * removed tperfitt from logging. issu #108 [View](https://github.com/twocanoes/xcreds/commit/0f75ef578c89f3cfab35e83e1d863b3b281a88b7) * added info in DS for sub and iss when user is logging in and account is created [View](https://github.com/twocanoes/xcreds/commit/a16e2f5b40d2dcdc35e15c864a7887959720f64c) * initial implementation of allow user to select account to map to #98 [View](https://github.com/twocanoes/xcreds/commit/9b4b781714778a0346cb4047a61b5c6b0ce8e4fe) * added preference shouldAllowKeyComboForMacLoginWindow and key combo (control-option return) to switch logon window. command-option-control return for mac login window. Feature Request: Show / Hide the switch login button with a pref key. #121 [View](https://github.com/twocanoes/xcreds/commit/71b874ecf39fcafd7e794306e3a8dfafbcb69ce8) * Log shows tperfitt user profile path #108 [View](https://github.com/twocanoes/xcreds/commit/beb62fab79a1631780e12742763041c15f6aaecb) * Feature Request: Option to alias IdP username to local DS user account #59 [View](https://github.com/twocanoes/xcreds/commit/dd428a9717546b5ea12d7c8677fa99084ce2cccf) * add missing Credits.txt file [View](https://github.com/twocanoes/xcreds/commit/ccadd3398bc60d7b11807980f306dfbd8453c59f) * fixed typo [View](https://github.com/twocanoes/xcreds/commit/0e668f6af5873f5b7ff8770cc34b6ac6138d8e94) * updated manifest for new keys [View](https://github.com/twocanoes/xcreds/commit/f418394373ad7c62d3e297c7f5cd224aaf8d19f9) * showed Create New Account button in migration modal [View](https://github.com/twocanoes/xcreds/commit/59ab7e8d1dae2c1972041eb1e2b7082a98737ae6) ## v3.2.5197 (2023-10-17) * updated readme [View](https://github.com/twocanoes/xcreds/commit/4f27ddcd3d2a3a8e47f51a40a7631a7bf3343d88) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/e99abc0bb097c042f0ce0283547045ec1916db63) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/70082e7da4df6b71284735eb788b992df4c8ca40) * updated url in profile manifest [View](https://github.com/twocanoes/xcreds/commit/33ef0c9f2f30afc4260526b27ee4e6995e94fcfa) * fixed issue 95: whitespace characters in password and username [View](https://github.com/twocanoes/xcreds/commit/63f4ca53c2c1ba31fd93fd4921042d21284570c6) * shouldPreferLocalLoginInsteadOfCloudLogin [View](https://github.com/twocanoes/xcreds/commit/79e798afab9162255b7a019b74bbb3122330e83a) * another attempt at fixing https://github.com/twocanoes/xcreds/issues/95 [View](https://github.com/twocanoes/xcreds/commit/819e9a047f8d1e9e6d5a4f26b32238cb7fc9da88) * wip [View](https://github.com/twocanoes/xcreds/commit/4ac36cbc2d085ee32bd8d82a66feeb925ff118fb) * fixed keyboard nav for controls [View](https://github.com/twocanoes/xcreds/commit/c5c0cad10f5d5f22f8b6ce3d0993f5f1f72d8f3b) * issue #100: Detect Offline [View](https://github.com/twocanoes/xcreds/commit/fe804f167446fc4b22e128cca576ddd7276fd96f) * Add ability to check passwords via ROPG [View](https://github.com/twocanoes/xcreds/commit/f7c62c0466106cbc26f9f67be441dad847c32ecf) * Rename prefkey to be more boolean [View](https://github.com/twocanoes/xcreds/commit/2909f625588fe25c2082fbf2ff88df468e19c79d) * update to profile manifest [View](https://github.com/twocanoes/xcreds/commit/7fcb0a392b0e8d8c19e81f8e827d6de996da75c4) * fixed typo in function name [View](https://github.com/twocanoes/xcreds/commit/8c12d454e393cc0c52a0feb314a67c357bbac1c9) * added a smidge more logging [View](https://github.com/twocanoes/xcreds/commit/86256a2825eeeebf6eb63fe26451c372e149c2a2) * added self healing for auth rights [View](https://github.com/twocanoes/xcreds/commit/9b43e1cb382cfea1b40a2f40b6cdf6189fed385b) * updated manifest [View](https://github.com/twocanoes/xcreds/commit/7cdf884f2aed100080069e9b3a589af736062c99) ## release_3_1 (2023-07-14) * updated readme [View](https://github.com/twocanoes/xcreds/commit/4f27ddcd3d2a3a8e47f51a40a7631a7bf3343d88) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/e99abc0bb097c042f0ce0283547045ec1916db63) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/70082e7da4df6b71284735eb788b992df4c8ca40) * updated history.md [View](https://github.com/twocanoes/xcreds/commit/85b71172d3192616371ccc30ea16fb6dd092a54e) * fixed check timer to still work if mac sleeps [View](https://github.com/twocanoes/xcreds/commit/af491f5febf433bfeb8478d71a2fa29309676765) * fixed issue with token update time [View](https://github.com/twocanoes/xcreds/commit/0d14279e4003400a0fef812247f3c790fc802f5e) * fixed fade; cleaned up user mappings for weird characters [View](https://github.com/twocanoes/xcreds/commit/c6304954d6b02109d4ff90ed2d3b94963f761461) * final touches [View](https://github.com/twocanoes/xcreds/commit/df5f1110c5800ac8aa31293ac509817a62fedfbc) * bumped to 3.2; added some additional logging [View](https://github.com/twocanoes/xcreds/commit/5a544859855835a6c1d8bfb35a39aeb30cda5962) * bumped build number to 5000 [View](https://github.com/twocanoes/xcreds/commit/6250fdf999d7e57bfd51fe55186fde6fce92a3c0) * updated permission for override_script [View](https://github.com/twocanoes/xcreds/commit/fac2af918a65d5f92c211e4707e9e14d36e5bee1) * changed version back to 3.1; added better about window with history; changed override script requirments to be owned by _securityagent and be 700 [View](https://github.com/twocanoes/xcreds/commit/2f8dd4e599a71d02a88fa4a66814e419c71c0e65) * added command click login window for mac login window [View](https://github.com/twocanoes/xcreds/commit/f0a5b1fc76c133f199da75f31202401476da2af1) * text fixes [View](https://github.com/twocanoes/xcreds/commit/97c383e24729982c364e456ba5c3d49aa983060a) * updated build script [View](https://github.com/twocanoes/xcreds/commit/b4fd79d1d43d922fac3581282c7eb9126d33ed8c) * added back sample profie [View](https://github.com/twocanoes/xcreds/commit/6aa3ec4a58842f9a4dd748cd129ed4c14226888a) * fixed timer minutes [View](https://github.com/twocanoes/xcreds/commit/e78b306018cd996176b9530ba302689bd1d3e358) ## v3.1.4144 (2023-06-08) * updated AD support: kerb ticket now obtained at user space app launch from password in keychain. udpated profile manifest with better comments; delete cookes on webview each time it appears; added local login button; shows username password if discoveryURL is not defined [View](https://github.com/twocanoes/xcreds/commit/d17509bd2ce49313561632e15bc2698e38f09721) ## v3.1.4143 (2023-06-07) * updated fullname [View](https://github.com/twocanoes/xcreds/commit/627199474b42349bd42f6dc47c4cd442b9c3357a) * added shake to password field [View](https://github.com/twocanoes/xcreds/commit/d2370669893dc37937617be59a5601109915e991) * added shake to password field [View](https://github.com/twocanoes/xcreds/commit/d0f4efdbf886cbe9a21e449fe8d47f1ed671bdcd) * get kerb ticket on login [View](https://github.com/twocanoes/xcreds/commit/b7f7ad622ceaa57d27e419fa3fad10f0e040f8e3) ## v3.1.4081 (2023-05-27) * updated readme [View](https://github.com/twocanoes/xcreds/commit/4f27ddcd3d2a3a8e47f51a40a7631a7bf3343d88) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/e99abc0bb097c042f0ce0283547045ec1916db63) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/70082e7da4df6b71284735eb788b992df4c8ca40) * added Package.resolved [View](https://github.com/twocanoes/xcreds/commit/91fb7f3da5e789dabb37a5a8585592c69c1a732c) * added XCredsLoginPlugIn/errorpage.html [View](https://github.com/twocanoes/xcreds/commit/7bf66a34a1ef091f532959de62247ba1fbead13e) * cleaned up build system a bit [View](https://github.com/twocanoes/xcreds/commit/f99ec4a8ae38ff00adabe9b43c1ff8577c803dd1) * improved javascript parsing [View](https://github.com/twocanoes/xcreds/commit/ecf710eb181fd3f6dbdce7aedf511b8840e33ca6) * fixed issue with initial javascript listener [View](https://github.com/twocanoes/xcreds/commit/574a51b5b8329be4cc2ec8c045f710548aecf7d6) * cleaned up logging a bit [View](https://github.com/twocanoes/xcreds/commit/dfbf57f4a3d9649e2b35231bfedc6d591a7c3e41) * removed reset option [View](https://github.com/twocanoes/xcreds/commit/3150fa654f3b8a55018f0a1e0390aa6ec541e125) * removed KeychainReset and PasswordOverwriteSilent because it makes things worse [View](https://github.com/twocanoes/xcreds/commit/39362899ee0c0813f416057cad203061869daa84) * added lock screen switch to login window [View](https://github.com/twocanoes/xcreds/commit/77c52ad11ab01b1afd5e011b38a06b3de9527196) * fixed window levels, progress screen, background and boot runner issues [View](https://github.com/twocanoes/xcreds/commit/4c887fbdc82a0f63fcd8876aa662c6bc96ef7bbd) * improved logging [View](https://github.com/twocanoes/xcreds/commit/e92ffe9e65f1a95b4b3e9f1c8ea1089ae7720863) * checkpoint [View](https://github.com/twocanoes/xcreds/commit/488b66494c65e8460eefdf5bbb8c0d271102f298) * added override script and secure token admin reset [View](https://github.com/twocanoes/xcreds/commit/6717b3aa2cd0ef9d387484e7571183e6f8ffbb5d) * removed shouldFindPasswordElement since that is defaulit fallback behavior [View](https://github.com/twocanoes/xcreds/commit/2825ee7b6db005f6aa8ca6d60c72210ae7343af4) * cleaned up ui a bit [View](https://github.com/twocanoes/xcreds/commit/b64496bcb55573dff889a9ab92be2ed3f9cdd5e3) * dont refresh prefs so much [View](https://github.com/twocanoes/xcreds/commit/91ee8dcd371fe9e2182fd421674f9fcd484e4d81) * added check for group membership in oidc claim [View](https://github.com/twocanoes/xcreds/commit/2c03586a59821a04948692dcb9a41006ebf735f7) * added history file [View](https://github.com/twocanoes/xcreds/commit/5fa6c0436a58535e03fd457de9dd720186274a38) ## release-3.0 (2023-05-08) * updated readme [View](https://github.com/twocanoes/xcreds/commit/4f27ddcd3d2a3a8e47f51a40a7631a7bf3343d88) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/e99abc0bb097c042f0ce0283547045ec1916db63) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/70082e7da4df6b71284735eb788b992df4c8ca40) ## release_3_0 (2023-04-18) * added trial license beginnings [View](https://github.com/twocanoes/xcreds/commit/5a6cc5a91715e909dc8f9510f800dfffe485b7d6) * fixed regression for password change not capturing new password on azure [View](https://github.com/twocanoes/xcreds/commit/8db379d829d925409abfea85da72a788ead43d22) * bumped version to 3600 [View](https://github.com/twocanoes/xcreds/commit/f9601726f3d7255414d4ad44e20b9ac526af0f7c) * fixed issue with crash if time is far off [View](https://github.com/twocanoes/xcreds/commit/9c1d0d81ed62f525614b79e3a3dbc4b4bed3964b) * fixed typo [View](https://github.com/twocanoes/xcreds/commit/f309f95218424ca8f67177b0daed79d98344e943) * updated license [View](https://github.com/twocanoes/xcreds/commit/534be3e278d1daae48218952d20194e4e03b17b4) * fixed focus issue [View](https://github.com/twocanoes/xcreds/commit/e3c87a548a9e682b75ec01b4216ddfdda8a2ced2) ## release_v2_4 (2023-03-28) * updated readme [View](https://github.com/twocanoes/xcreds/commit/4f27ddcd3d2a3a8e47f51a40a7631a7bf3343d88) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/e99abc0bb097c042f0ce0283547045ec1916db63) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/70082e7da4df6b71284735eb788b992df4c8ca40) * added more logging for id token and bumped version to 2.3 [View](https://github.com/twocanoes/xcreds/commit/b8494ee343dab510fba1c1f304623efc985455a0) * added remove keychain option [View](https://github.com/twocanoes/xcreds/commit/19032d8df58c0bdd6197fc47f9f3aa2d8d6694ea) * updated language on keychain option and added pref in manifest [View](https://github.com/twocanoes/xcreds/commit/709a7f29e696c088cc8e13959dadba8f9c0f8c8e) * added key for customizing return to xcreds; added preference and ability to automatically refresh login window [View](https://github.com/twocanoes/xcreds/commit/514a1ba5ddaec55bfb8e40ca3e6c98a43c50ec7b) * added in login window height/width [View](https://github.com/twocanoes/xcreds/commit/18e974e67f2833862a1a6913a6c4563e339d4239) * added in login window height/width min value of 100 [View](https://github.com/twocanoes/xcreds/commit/6090d5ec4895045448920e774e16dc0614223919) * added in login window height/width min value of 100 [View](https://github.com/twocanoes/xcreds/commit/0a7dad70364bd830b8028da2cadd62c98b79271d) * fixed login window size and background image [View](https://github.com/twocanoes/xcreds/commit/339a66e7fdf6e8484da8f7c0a5c2ee6eed0aaef7) * fixed focus issue [View](https://github.com/twocanoes/xcreds/commit/992512bb1ac27f36c655d1e1a02eafdbd47a2b80) * updated sample configu [View](https://github.com/twocanoes/xcreds/commit/cd482e69520c8a7994eb8233e26c8a008c5048e7) * tweaked text for user space refresh token window and added pref to show or hide [View](https://github.com/twocanoes/xcreds/commit/9f29893203caef8799683cc2ded3345f306c4528) * fixed names and links in manifest [View](https://github.com/twocanoes/xcreds/commit/e759138ca72f2a4153fbea02f7b0b5cfd031bd01) * fixed crashing issue due to null refreshview outlet [View](https://github.com/twocanoes/xcreds/commit/d3931983b53633c91c33494fc1fcccd7614948ad) * added frontmost when prompting for keychain password [View](https://github.com/twocanoes/xcreds/commit/92ee6ed5c41dfefc798f1c839193aaa4a4a09f67) * fixed issue with autorefresh [View](https://github.com/twocanoes/xcreds/commit/d7126a026281afaac27c9381a9c4e42d472b4b31) * fixed changing wifi not dismissing dialog [View](https://github.com/twocanoes/xcreds/commit/7a3d45178e299b52014fb3dd0adf6c180667222f) * fixed changing wifi not dismissing dialog [View](https://github.com/twocanoes/xcreds/commit/9ef84939d56cce29c9b8e3a84b0f070a30f7e30c) * added 802.1x support; added support for pref key for finding password based on type=password [View](https://github.com/twocanoes/xcreds/commit/38ddeff5cd86d0cd43a97844c9d160da0ee446f3) * wip [View](https://github.com/twocanoes/xcreds/commit/72da3de9c054f4fb35fb19c9bb6ffd5c2ebbb47a) ## release_v2_1 (2023-01-11) ## realease_v2_2 (2023-01-11) * updated readme [View](https://github.com/twocanoes/xcreds/commit/4f27ddcd3d2a3a8e47f51a40a7631a7bf3343d88) * support getting password with get and adfs [View](https://github.com/twocanoes/xcreds/commit/494fdf75c79d8aa3b2c3cc6dc947f4423b2b3674) * Revert "support getting password with get and adfs" [View](https://github.com/twocanoes/xcreds/commit/425bda9a9323fd7eb9437f09f9da63747db9dc8d) * changed pref names for custom IDP / ADFS [View](https://github.com/twocanoes/xcreds/commit/83947497ec00cdfd7ec3b9a3683fa3b8e007aadf) * fixed package template issue and updated manifest [View](https://github.com/twocanoes/xcreds/commit/f2540a6c64b5bc9971833e8fa859821d4822af9c) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/e99abc0bb097c042f0ce0283547045ec1916db63) * enabled rekeying FileVault implementation [View](https://github.com/twocanoes/xcreds/commit/2ba233e3695b8a7bda297b0908da933d24bec1c4) * Support a Azure AD host [View](https://github.com/twocanoes/xcreds/commit/c0415863273f9797808d32633d3e800d630f9a0f) * If fullname is empty, shorname is used. [View](https://github.com/twocanoes/xcreds/commit/7764740647f8e4450b411fa08849e5f4cceba078) * added autologin when fv enabled [View](https://github.com/twocanoes/xcreds/commit/c8b394e055e2aa176af8a7f9e8cce53a3066f408) * added okta compatibility [View](https://github.com/twocanoes/xcreds/commit/5f38e70e641bc2c8129e940ae7e9f710380fea5b) * added a bit more logging [View](https://github.com/twocanoes/xcreds/commit/e2d2330a5050ab419290de466cef9f0b63407215) * removed "prompt":"consent" [View](https://github.com/twocanoes/xcreds/commit/3e0a5e6de6342f36c9622aba3ad55d2db4488942) * fixed notification prompt [View](https://github.com/twocanoes/xcreds/commit/40423c3b3ba271483826e49b6010f95e5b5683c7) * added shouldShowCloudLoginByDefault user default [View](https://github.com/twocanoes/xcreds/commit/d8658f333726d8151c2486a7fe38f94cc29cacb2) * added idhostnames array so you can specify multiple tenants [View](https://github.com/twocanoes/xcreds/commit/663dfa99b6bfb54487ca5cbc8d83618c8d180496) * removed registration reminder [View](https://github.com/twocanoes/xcreds/commit/738dff1ab4396e14d701da2dcb79c5c657533433) * removed spaces [View](https://github.com/twocanoes/xcreds/commit/180c2b9f4c267479723810a22a1dcc7715d992ce) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/70082e7da4df6b71284735eb788b992df4c8ca40) * added mappings for user info [View](https://github.com/twocanoes/xcreds/commit/074ac99d5b3b72f3a8fb553670968f6e67da8f10) * bumped version to 2.2 and build [View](https://github.com/twocanoes/xcreds/commit/23d902d5227eab2f3e61a6c931ccf63b94bc0ccb) * added new key for OIDC mapping [View](https://github.com/twocanoes/xcreds/commit/485be954afebf7cbe808a8b23e0be6a7c5efa495) * made keys lowercase for mappings [View](https://github.com/twocanoes/xcreds/commit/7432620d1a5c7e22e98975a5e806b73a9140d5ee) * changed case of keys [View](https://github.com/twocanoes/xcreds/commit/ecac4002bd45677fa72386cc73a56bfe6d3f53ed) * renamed mapped prefs with a prefix [View](https://github.com/twocanoes/xcreds/commit/aadd1445d92ac12e084946e1b40d97cf9f5aa6c7) * username hint was not being set [View](https://github.com/twocanoes/xcreds/commit/aba884ce568c39653fec406f7c95b21b1c554642) * added startup script [View](https://github.com/twocanoes/xcreds/commit/9c374670c37ba1b522e1247ec96a850a4e663b8e) * added credit to script [View](https://github.com/twocanoes/xcreds/commit/e36e74db471c955bd356f150dbc9b19d240a50d4) * implemented KeychainReset [View](https://github.com/twocanoes/xcreds/commit/0c34708fdeb9c9aa4303daa8382948d4e7d8143d) * implemented PasswordOverwriteSilent [View](https://github.com/twocanoes/xcreds/commit/8fcee904d23440051516c74228213a64b4ead348) * removed show prefs menu [View](https://github.com/twocanoes/xcreds/commit/d34328d71ec93b2663b75c080e41c8e0707b1f8e) * fixed timer issue [View](https://github.com/twocanoes/xcreds/commit/1d37d90a8ce81a142b90874b5d35641db4a9c1a8) * fixed shouldShowCloudLoginByDefault not working [View](https://github.com/twocanoes/xcreds/commit/570576b00c63db1f11ab5d7799301c9faed7f1e9) * fixed edge case when not showing xcreds login when logging out [View](https://github.com/twocanoes/xcreds/commit/3447f7be9e35a5e894911c0fa7366be4fa0d3b05) * removed test time [View](https://github.com/twocanoes/xcreds/commit/5bd5f84563b2a05fd4c2c169e1601cf5c270d8a9) * added sub as local user account if other methods not available; added some additional logging [View](https://github.com/twocanoes/xcreds/commit/fd4067d3a54850244f5f456825cbb531800dca85) * remove progress screen overlay because it was hiding filevault [View](https://github.com/twocanoes/xcreds/commit/453a9b79a19bbd05c4d638c01337b4752943898d) ## release_v2_0 (2022-08-30) * bumped version to 1.1 [View](https://github.com/twocanoes/xcreds/commit/d6a4c915da4e771335915c6aa1dae53d94c8c039) * added sample profile for google [View](https://github.com/twocanoes/xcreds/commit/342c8590fd5392822a9a57dd9a3293aa5f276eb6) * Cloud password verification dialog not centered... #15 [View](https://github.com/twocanoes/xcreds/commit/b1d8ee6069a92e6b231b8bce944f684fa36ec68e) * add "have token" indicator #10 [View](https://github.com/twocanoes/xcreds/commit/db746fd65ae1623e1d69f3c075391f474c9ccc3e) * Hide "About XCreds" menu item #18; Ability to add a custom URL and menu item for "Change Password #18 [View](https://github.com/twocanoes/xcreds/commit/f1c4593b4ad1b73899f9bc2cbfe61cd2d37eac11) * start of login window [View](https://github.com/twocanoes/xcreds/commit/ce6cc87d6f5e0ee87ecea89514865fd7b92df476) * pass username and password for login window [View](https://github.com/twocanoes/xcreds/commit/6addc7950cf499fb9bdeee098af1e0f9d35bfb63) * added fade to login window complete [View](https://github.com/twocanoes/xcreds/commit/3fd2f6dd2f69f8ec41e7eda52937e98cf0a30738) * restart and shutdown buttons [View](https://github.com/twocanoes/xcreds/commit/fde13dea140cf02043c8f9404c08917868bb5ecc) * implemented swiching back to mac login window [View](https://github.com/twocanoes/xcreds/commit/85545c29a8ad7c2b28daef1f8e8024bf377761ba) * wip [View](https://github.com/twocanoes/xcreds/commit/e755e305eb936a965cb0ef133d9f7c1cfb7cc765) * fixed xcreds breakage due to refactoring for xcreds login window [View](https://github.com/twocanoes/xcreds/commit/f41778819ed0d04325880e641799f723732ca6f3) * added keychain updating with tokens [View](https://github.com/twocanoes/xcreds/commit/2e3114e4f657761addd714abe7de790350623c83) * xcreds login window [View](https://github.com/twocanoes/xcreds/commit/03e929f9fa582b394686bb7669b28d0e906c4cd9) * added return to cloud login and wait message [View](https://github.com/twocanoes/xcreds/commit/f29ea30d43e51b6ef44bfbdad7d0ccd1d650a6b3) * bumped version [View](https://github.com/twocanoes/xcreds/commit/7fb698159e5f0b6cd54057d0938ddd0a448bd321) * updated manifest [View](https://github.com/twocanoes/xcreds/commit/ce8b9197c101d106605d5ea8e6bf87f5b52412ac) * added username to manifest [View](https://github.com/twocanoes/xcreds/commit/aa7945756f9c0a0573cf79b48c677c35dfbe7469) * fixed install scripts [View](https://github.com/twocanoes/xcreds/commit/ad2152c8e24b03dd685627d052b3116e5badfd62) * updated readme [View](https://github.com/twocanoes/xcreds/commit/690e6966e81bcb27f8859c010c230d2d0af4ba0a) * updaed sample profiles [View](https://github.com/twocanoes/xcreds/commit/5cd70f021fc8a4b7321dbfe7bd5cf1298a901609) * added arbitrary check for password in form [View](https://github.com/twocanoes/xcreds/commit/9d1dadac7750544dffa4db82fc258f0b7ed9663e) * bumped build number [View](https://github.com/twocanoes/xcreds/commit/bb90624c3d9a45870956621f22b41da5434e2bce) * fixed idtoken required values causing failure [View](https://github.com/twocanoes/xcreds/commit/de5dd6affee913fc6f2f65125188a8e894460b65) * added build number when starting up [View](https://github.com/twocanoes/xcreds/commit/2d4b70a192e119352cccc2d7318b8997e3c7fe74) * added build number when starting up in mechnism [View](https://github.com/twocanoes/xcreds/commit/5f6bdd336f311caa991f10c380b15f9acc2f5bb2) * added build number when starting up in mechnism [View](https://github.com/twocanoes/xcreds/commit/26b995a2173376ea6275a037a7866ea154b9ef31) * create user mech [View](https://github.com/twocanoes/xcreds/commit/2bd3cb885f9cfc2557cc709404a8c665e99236f1) * tweaked create user [View](https://github.com/twocanoes/xcreds/commit/4bfdd1017266b30d25e9fb0162decbe54fe3b5a9) * added FDE enable [View](https://github.com/twocanoes/xcreds/commit/2422e5588412d4cc721f93c0695405d939096c42) * updated prefs [View](https://github.com/twocanoes/xcreds/commit/14d39e3fe023b6412a73b6cba2a214b283a1b7d7) * added fde option [View](https://github.com/twocanoes/xcreds/commit/2b022b47d6c23e2bbf6fcd6f0b7bb249df689bc1) * added network changing detection to reload page [View](https://github.com/twocanoes/xcreds/commit/de4acf06e2e7b18c232dd0dcd5ce55e8944d2e2a) * fixed status icon issue; fixed lack of prompting on first launch [View](https://github.com/twocanoes/xcreds/commit/9aa2d77b366fe963aed1ec78c932c467d83f5b63) * added default to create keychain [View](https://github.com/twocanoes/xcreds/commit/27be41527d7716df6fbcd9ed276f542b80e53682) * added better loading at start [View](https://github.com/twocanoes/xcreds/commit/1223e399814d061d9962a75d6c037445cd9862f9) * updated loading message [View](https://github.com/twocanoes/xcreds/commit/d8d1b96e3e2927eb110747155942c4f000c8872c) * smother transitions and background image [View](https://github.com/twocanoes/xcreds/commit/6f6f2b9c7b24a3724440b77b52d86cfaeca3169d) * fixed background image url [View](https://github.com/twocanoes/xcreds/commit/8164b122c71f76b0bea9a3237d386ffac9ec0d30) * fixed overlay not showing [View](https://github.com/twocanoes/xcreds/commit/6cedc60bbaad9747209ae73521a0af480a8301a0) * fixed regression with back to my xcreds [View](https://github.com/twocanoes/xcreds/commit/ff3dee83940377a8544283d207e011f5854be8c3) * add tweak to back to my xcreds [View](https://github.com/twocanoes/xcreds/commit/7aafd66a0d75a3ee09dc6a4cd1c7f211877fb15b) * more tweaks to back to my xcreds [View](https://github.com/twocanoes/xcreds/commit/b2ef99f2db8056933eb2c047f28d6449059103dd) * fixed minor issues with prefs [View](https://github.com/twocanoes/xcreds/commit/18bccee23ceb28e47bd25f7ed38433dea76e787b) * reverted default [View](https://github.com/twocanoes/xcreds/commit/5fe505fa6c90b1ae198bc1d5aeac6068e0e9ecdc) * project update [View](https://github.com/twocanoes/xcreds/commit/4ea4da0da0260d9d9379ea599689d1c5ed1515b5) ## prebeta (2022-06-15) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/7289a72ae79005797fa4651dc61328354aca7c2b) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/07947e9e66f68db049481b6e35373a8a5b5a4bf5) * added support for Google IdP [View](https://github.com/twocanoes/xcreds/commit/4733a6cdeef503db2e08a21bb9443700bfb9526d) --- ## XCreds 4 Beta 4 (01/01/2024) # What's New Bug fixes and and minor tweaks ## 4.0.6203 (2024-01-01) * added release notes and script to generate release notes [View](https://github.com/twocanoes/xcreds/commit/ff9dc64fea8e6f438755e1d72837fce4391d167c) * Feature Request: Allow "loadpage.html" to be customized. #126. To test, add in new keys "loadPageTitle" and "loadPageInfo" or try the xcreds_example_azure_loadPageTitle_loadPageInfo.mobileconfig [View](https://github.com/twocanoes/xcreds/commit/37c7477f66362c1823c49138b49afcad388abbc5) * Update description in manifest for loginWindowWidth and loginWindowHeight #138 [View](https://github.com/twocanoes/xcreds/commit/5951d753b391fda49534c5dda13d508479e66fd8) * [feature request] LocalAD - make sync password with AD optional with preference key #130. To test, set the shouldPromptForADPasswordChange to false and set the user account to require password change on next login and verify the user is not prompted [View](https://github.com/twocanoes/xcreds/commit/0b85b4ffb8e95b8d79ffcf455ac034c05ce4d4f4) * XCreds breaking Munki's logout/install @loginscreen logic #102. Test by defining hideIfPathExists to a path like /tmp/hide and then add/remove and UI should show /hide. Or use sample profile xcreds_example_azure_hide.mobileconfig [View](https://github.com/twocanoes/xcreds/commit/770c179262658ccfd27f9de3808b931cc69a86e4) * Option to enforce account to log in #21. To test, create allowedUsersArray with name of user allowed to log in and define allowUsersClaim with an OIDC claim that contains that value. Or use the xcreds_example_azure_allow_fred.mobileconfig to test [View](https://github.com/twocanoes/xcreds/commit/ee95927865f1e912898c4d030cb367fd589db114) * Feature Request: Force Wi-Fi on option or Wi-Fi on/off switch in "Configure Wi-Fi" #58 [View](https://github.com/twocanoes/xcreds/commit/bfa28014c7d0c000369d49bf9a3896128616901a) * added removeadmin function but not used since it can cause local admins to unadmin [View](https://github.com/twocanoes/xcreds/commit/cc322befaf88bf3440a9d086089468660a4354f3) * loginWindowBackgroundImageURL image should be cached if not a file:// URL #72 [View](https://github.com/twocanoes/xcreds/commit/b2cfd643ac6419904cc30037eaceaf5bb939cc7b) * bumped build number [View](https://github.com/twocanoes/xcreds/commit/500575b7dfa81c7a9a7231aeac88bd3cfe6a5497) ## 4.0.6177 (2023-12-28) * added date to license agreement to resolve Date not shown on user agreement #134 [View](https://github.com/twocanoes/xcreds/commit/17df8ec0734b9a8eddb2485e4d16af25ddd2df30) * fixed Password reset dialog rendering and text need fixes #133 [View](https://github.com/twocanoes/xcreds/commit/a03c7f1463be0ab89a787d08f2f211c8bb9a6552) * Cloud login screen button section pushed to left side #132 [View](https://github.com/twocanoes/xcreds/commit/0a300f842d6ab85e8c28501c9b4b87e57b5e0017) * Active Directory login - blank login after expired user attempts sign-in #114 [View](https://github.com/twocanoes/xcreds/commit/b8d52d586aaa8db98487a8bd8279fbd673992ad8) * Prompt for Secure Token Admin Login When Required for AD #127 [View](https://github.com/twocanoes/xcreds/commit/42002e66a6d90726e9a5f4132f232afd107736d7) * [bug] Build 6023 LocalAD - cancelling Change Password prompt breaks login fields. #129 [View](https://github.com/twocanoes/xcreds/commit/be300977b25f12e409b506de0f0d6fc1addd9ebd) * Add ability to select active directory login to select mapped user account #136 [View](https://github.com/twocanoes/xcreds/commit/19260d33f6a35b1564112c9be94e804bf892cb14) * fixed issue with initial focus [View](https://github.com/twocanoes/xcreds/commit/f40cf398168bffd52a75745ab3527b7f9bfc9f20) * https://github.com/twocanoes/xcreds/issues/54 [View](https://github.com/twocanoes/xcreds/commit/270732273500c8d5d1e791b565df25d581f5e0f4) * Request: display user password expiration (days left or specific date) in app. #54 [View](https://github.com/twocanoes/xcreds/commit/2774028c41b4a2b5031296e284d1cde5ae48541f) * Refresh does not change next password check time #88 [View](https://github.com/twocanoes/xcreds/commit/fdcd94b1dd7f99c6baf635af6d7978d0aad30df3) * changed cartfile to point to github [View](https://github.com/twocanoes/xcreds/commit/960fa77bb2cb6b21719fb33481febbb594b53f90) * removed framework [View](https://github.com/twocanoes/xcreds/commit/ed417781d823012a779fd93c4c29cf46259d0bee) * removed framework [View](https://github.com/twocanoes/xcreds/commit/c054c66e231955a396f9f28bd26d8352ae7ed48f) * added key for ROPG at login window [View](https://github.com/twocanoes/xcreds/commit/716934b3e90d1f8cc454e7f25232584e3f2b5d3a) * partial refactor wip [View](https://github.com/twocanoes/xcreds/commit/1c0fc161b10042d6f88097ffb255749e682023bf) * partial refactor wip [View](https://github.com/twocanoes/xcreds/commit/e24b7e07ec5ceefeacda3cbaa2b92e71a7261ecf) * partial refactor wip [View](https://github.com/twocanoes/xcreds/commit/f651bc35965ad5a1a1c713a4ff0a3cd4b20cb00b) * ropg at login window initial implementation [View](https://github.com/twocanoes/xcreds/commit/32ad7b391c89e870fe373cdac46e62744fb79221) * cleaned up ropg login code [View](https://github.com/twocanoes/xcreds/commit/e9b12682acdcdd8f5b3bd9f1035c80ca2e359995) * hide refresh when on username/password window; move focus to blank password when not entered for username/password window [View](https://github.com/twocanoes/xcreds/commit/b54cf49b000fa8806229300455901955f2f1edf2) * fixed menu app password verification [View](https://github.com/twocanoes/xcreds/commit/93ac8b9bfbeefb2d7b5df4585d033005b6907300) * added ShareMounter and missing KerbUtil filet [View](https://github.com/twocanoes/xcreds/commit/3f14dc2639807400e8c1b6f8824a05d6ea2b474b) * added username / password view to prompt in userspace [View](https://github.com/twocanoes/xcreds/commit/a56020e4ba24ef0d2d634f4e3ad71964c561eaad) * fixed cancel for AD userspace cancel [View](https://github.com/twocanoes/xcreds/commit/8acaf42493adf20b98f132182b7951fae9181976) * fixed override script in usersapce [View](https://github.com/twocanoes/xcreds/commit/bdd67573335b01e9aa809a8af6570474183751cb) * fixed typo [View](https://github.com/twocanoes/xcreds/commit/48329e1d05488dd2b66820ab8d62b6c540901f41) ## 4.0.6023 (2023-12-12) * use default desktop from CoreServices [View](https://github.com/twocanoes/xcreds/commit/c2c99e2657bc7c4e77aa12628c00a1cec35e65dc) * reload the login window when wifi is connected [View](https://github.com/twocanoes/xcreds/commit/64b6876f8ba181c57d1a4ecb9ab8276cc7acb173) * fix conflicts in XCreds app [View](https://github.com/twocanoes/xcreds/commit/e29288a7b32a91a9dabe978caadaa41cce0549f6) * Add new NetworkMonitor and reload webview on network changes [View](https://github.com/twocanoes/xcreds/commit/e6fd5e31e6b573eaeec5d9df9cb8d7545e4d693e) * add new networkmonitor [View](https://github.com/twocanoes/xcreds/commit/0ede34aef5b8ec9c41c41f4a57526cfd2be6b06c) * better handling of loginwindow reload [View](https://github.com/twocanoes/xcreds/commit/472754db230ba77da0ff36c07ccb0a76ebc88dd7) * bumped version [View](https://github.com/twocanoes/xcreds/commit/0a130f4456899320bc2106dc3ee8d0179abf87c6) * bumped version [View](https://github.com/twocanoes/xcreds/commit/bec80f2ecde022f94e1bb6297b7c0d22b4b57d04) * Resolves #111 by only refreshing when on cloud login [View](https://github.com/twocanoes/xcreds/commit/ca8e9851796b02efdcf0b8237cef4fe03622cbf0) * removed tperfitt from logging. issu #108 [View](https://github.com/twocanoes/xcreds/commit/0f75ef578c89f3cfab35e83e1d863b3b281a88b7) * added info in DS for sub and iss when user is logging in and account is created [View](https://github.com/twocanoes/xcreds/commit/a16e2f5b40d2dcdc35e15c864a7887959720f64c) * initial implementation of allow user to select account to map to #98 [View](https://github.com/twocanoes/xcreds/commit/9b4b781714778a0346cb4047a61b5c6b0ce8e4fe) * added preference shouldAllowKeyComboForMacLoginWindow and key combo (control-option return) to switch logon window. command-option-control return for mac login window. Feature Request: Show / Hide the switch login button with a pref key. #121 [View](https://github.com/twocanoes/xcreds/commit/71b874ecf39fcafd7e794306e3a8dfafbcb69ce8) * Log shows tperfitt user profile path #108 [View](https://github.com/twocanoes/xcreds/commit/beb62fab79a1631780e12742763041c15f6aaecb) * Feature Request: Option to alias IdP username to local DS user account #59 [View](https://github.com/twocanoes/xcreds/commit/dd428a9717546b5ea12d7c8677fa99084ce2cccf) * add missing Credits.txt file [View](https://github.com/twocanoes/xcreds/commit/ccadd3398bc60d7b11807980f306dfbd8453c59f) * fixed typo [View](https://github.com/twocanoes/xcreds/commit/0e668f6af5873f5b7ff8770cc34b6ac6138d8e94) * updated manifest for new keys [View](https://github.com/twocanoes/xcreds/commit/f418394373ad7c62d3e297c7f5cd224aaf8d19f9) * showed Create New Account button in migration modal [View](https://github.com/twocanoes/xcreds/commit/59ab7e8d1dae2c1972041eb1e2b7082a98737ae6) * fixed issue #124: Default behavior wrong for shouldAllowKeyComboForMacLoginWindow [View](https://github.com/twocanoes/xcreds/commit/6f3737257205f4d2faa035b6f051bf6bfed2074b) * refactored code to add admin to user account based on group membership each login (issue #109); added groups claim value to OD record on each login in _xcreds_oidc_groups (issue #117) [View](https://github.com/twocanoes/xcreds/commit/8376942e6e23f8804bd5cec3cfff383792391031) * updated license agreement (issue #90) [View](https://github.com/twocanoes/xcreds/commit/f41411c5a51706ba7b33776edc845a409400bf1e) * Detect when no password was entered #17 [View](https://github.com/twocanoes/xcreds/commit/7cf2837f3d653a893f2f5c031c0a72298340aa70) * updated animation when logging in [View](https://github.com/twocanoes/xcreds/commit/51387b15384032bc5f4e82a5d6fea8a49c6e2625) * adding arbitrary claims to local DS user account [View](https://github.com/twocanoes/xcreds/commit/e47832e21a76d3ae86af3e7e5fee41f29772436f) * fixed Active Directory issue after password change #112 [View](https://github.com/twocanoes/xcreds/commit/14e2a7c1e1d15e8655f44bef182a2e14bc0892ce) * partial fix for #114 [View](https://github.com/twocanoes/xcreds/commit/856a3549bec86c6c52b4ed368b2e59d25c38c5a7) * refactored windows to views [View](https://github.com/twocanoes/xcreds/commit/8a0994c7dfbe071ce5397d52070c2a4c9ab9a309) * fixed centering and cloud login sizing [View](https://github.com/twocanoes/xcreds/commit/f83d523c57cf9f65f6f1b7931bdf34ad5a04c090) * fixing timing for animation when logging in; tweaked UI [View](https://github.com/twocanoes/xcreds/commit/9c659dbb4a12c9ee4cbe396119a058d2594e6827) * streamlined startup process [View](https://github.com/twocanoes/xcreds/commit/1895f0365a3aba91fc9c43961bca78ee6a9482e6) * refactored dialogs for prompting for user info; fixed ad groups for making admin user [View](https://github.com/twocanoes/xcreds/commit/7c5af73cb91a83c8f323edc1d8bd9538b02fbd71) * added missing template for package [View](https://github.com/twocanoes/xcreds/commit/281fe86d7bb33c7f278f05117794069c991efb47) * fixed showing offline button [View](https://github.com/twocanoes/xcreds/commit/72ffc3fd5434eb742e1cffa3cb073228f4883292) * implemented feature request: localad/kebereros support for saving groups to prefs #125 [View](https://github.com/twocanoes/xcreds/commit/1d3e2be0a87c3e5d2843767db28de90894bc12cc) * fixed enabling views when logging in [View](https://github.com/twocanoes/xcreds/commit/3ac6e3739200a3ae6f708be731c4d7acdf279e7e) * fixed javascript to key on input instead of keydown/keyup [View](https://github.com/twocanoes/xcreds/commit/3d41a199cfd92f233677cc6859f837ede388311c) * implemented Prompt for Secure Token Admin Login When Required #123 [View](https://github.com/twocanoes/xcreds/commit/32b118fe0c96b6cee8bd8a37bcff22611f28e55b) * fixed Update documented minimum for loginWindowWidth and loginWindowHeight #91 [View](https://github.com/twocanoes/xcreds/commit/21814425a055f0240fb4c11c37c0d01045620fd6) * wip [View](https://github.com/twocanoes/xcreds/commit/a5aca79363b6f3cc974442534bbc7818b0e4775b) * fixed issue with updating password in userspace [View](https://github.com/twocanoes/xcreds/commit/9e483c451eccac80fc533f993fe21a526970fd9e) * bumped build number [View](https://github.com/twocanoes/xcreds/commit/867fc0f3337cde76a06cb821471de2bcd6fb9506) ## v3.2.1.6002 (2023-12-11) * use default desktop from CoreServices [View](https://github.com/twocanoes/xcreds/commit/c2c99e2657bc7c4e77aa12628c00a1cec35e65dc) * reload the login window when wifi is connected [View](https://github.com/twocanoes/xcreds/commit/64b6876f8ba181c57d1a4ecb9ab8276cc7acb173) * fix conflicts in XCreds app [View](https://github.com/twocanoes/xcreds/commit/e29288a7b32a91a9dabe978caadaa41cce0549f6) * Add new NetworkMonitor and reload webview on network changes [View](https://github.com/twocanoes/xcreds/commit/e6fd5e31e6b573eaeec5d9df9cb8d7545e4d693e) * add new networkmonitor [View](https://github.com/twocanoes/xcreds/commit/0ede34aef5b8ec9c41c41f4a57526cfd2be6b06c) * better handling of loginwindow reload [View](https://github.com/twocanoes/xcreds/commit/472754db230ba77da0ff36c07ccb0a76ebc88dd7) * bumped version [View](https://github.com/twocanoes/xcreds/commit/0a130f4456899320bc2106dc3ee8d0179abf87c6) * bumped version [View](https://github.com/twocanoes/xcreds/commit/bec80f2ecde022f94e1bb6297b7c0d22b4b57d04) * Resolves #111 by only refreshing when on cloud login [View](https://github.com/twocanoes/xcreds/commit/ca8e9851796b02efdcf0b8237cef4fe03622cbf0) * removed tperfitt from logging. issu #108 [View](https://github.com/twocanoes/xcreds/commit/0f75ef578c89f3cfab35e83e1d863b3b281a88b7) * added info in DS for sub and iss when user is logging in and account is created [View](https://github.com/twocanoes/xcreds/commit/a16e2f5b40d2dcdc35e15c864a7887959720f64c) * initial implementation of allow user to select account to map to #98 [View](https://github.com/twocanoes/xcreds/commit/9b4b781714778a0346cb4047a61b5c6b0ce8e4fe) * added preference shouldAllowKeyComboForMacLoginWindow and key combo (control-option return) to switch logon window. command-option-control return for mac login window. Feature Request: Show / Hide the switch login button with a pref key. #121 [View](https://github.com/twocanoes/xcreds/commit/71b874ecf39fcafd7e794306e3a8dfafbcb69ce8) * Log shows tperfitt user profile path #108 [View](https://github.com/twocanoes/xcreds/commit/beb62fab79a1631780e12742763041c15f6aaecb) * Feature Request: Option to alias IdP username to local DS user account #59 [View](https://github.com/twocanoes/xcreds/commit/dd428a9717546b5ea12d7c8677fa99084ce2cccf) * add missing Credits.txt file [View](https://github.com/twocanoes/xcreds/commit/ccadd3398bc60d7b11807980f306dfbd8453c59f) * fixed typo [View](https://github.com/twocanoes/xcreds/commit/0e668f6af5873f5b7ff8770cc34b6ac6138d8e94) * updated manifest for new keys [View](https://github.com/twocanoes/xcreds/commit/f418394373ad7c62d3e297c7f5cd224aaf8d19f9) * showed Create New Account button in migration modal [View](https://github.com/twocanoes/xcreds/commit/59ab7e8d1dae2c1972041eb1e2b7082a98737ae6) * updated js [View](https://github.com/twocanoes/xcreds/commit/e621f6a8da59c6923f0ba12b6a3abf5c9a916f34) * bumped version and build [View](https://github.com/twocanoes/xcreds/commit/7140e72c2e619e26b2db99e21f917f6b3147570a) * adde missing credits file [View](https://github.com/twocanoes/xcreds/commit/81f8e48a696c1eeab46bbcb4f36eea66fe6113f4) ## v3.3.5269 (2023-11-27) * use default desktop from CoreServices [View](https://github.com/twocanoes/xcreds/commit/c2c99e2657bc7c4e77aa12628c00a1cec35e65dc) * reload the login window when wifi is connected [View](https://github.com/twocanoes/xcreds/commit/64b6876f8ba181c57d1a4ecb9ab8276cc7acb173) * fix conflicts in XCreds app [View](https://github.com/twocanoes/xcreds/commit/e29288a7b32a91a9dabe978caadaa41cce0549f6) * Add new NetworkMonitor and reload webview on network changes [View](https://github.com/twocanoes/xcreds/commit/e6fd5e31e6b573eaeec5d9df9cb8d7545e4d693e) * add new networkmonitor [View](https://github.com/twocanoes/xcreds/commit/0ede34aef5b8ec9c41c41f4a57526cfd2be6b06c) * better handling of loginwindow reload [View](https://github.com/twocanoes/xcreds/commit/472754db230ba77da0ff36c07ccb0a76ebc88dd7) * bumped version [View](https://github.com/twocanoes/xcreds/commit/0a130f4456899320bc2106dc3ee8d0179abf87c6) * bumped version [View](https://github.com/twocanoes/xcreds/commit/bec80f2ecde022f94e1bb6297b7c0d22b4b57d04) * Resolves #111 by only refreshing when on cloud login [View](https://github.com/twocanoes/xcreds/commit/ca8e9851796b02efdcf0b8237cef4fe03622cbf0) * removed tperfitt from logging. issu #108 [View](https://github.com/twocanoes/xcreds/commit/0f75ef578c89f3cfab35e83e1d863b3b281a88b7) * added info in DS for sub and iss when user is logging in and account is created [View](https://github.com/twocanoes/xcreds/commit/a16e2f5b40d2dcdc35e15c864a7887959720f64c) * initial implementation of allow user to select account to map to #98 [View](https://github.com/twocanoes/xcreds/commit/9b4b781714778a0346cb4047a61b5c6b0ce8e4fe) * added preference shouldAllowKeyComboForMacLoginWindow and key combo (control-option return) to switch logon window. command-option-control return for mac login window. Feature Request: Show / Hide the switch login button with a pref key. #121 [View](https://github.com/twocanoes/xcreds/commit/71b874ecf39fcafd7e794306e3a8dfafbcb69ce8) * Log shows tperfitt user profile path #108 [View](https://github.com/twocanoes/xcreds/commit/beb62fab79a1631780e12742763041c15f6aaecb) * Feature Request: Option to alias IdP username to local DS user account #59 [View](https://github.com/twocanoes/xcreds/commit/dd428a9717546b5ea12d7c8677fa99084ce2cccf) * add missing Credits.txt file [View](https://github.com/twocanoes/xcreds/commit/ccadd3398bc60d7b11807980f306dfbd8453c59f) * fixed typo [View](https://github.com/twocanoes/xcreds/commit/0e668f6af5873f5b7ff8770cc34b6ac6138d8e94) * updated manifest for new keys [View](https://github.com/twocanoes/xcreds/commit/f418394373ad7c62d3e297c7f5cd224aaf8d19f9) * showed Create New Account button in migration modal [View](https://github.com/twocanoes/xcreds/commit/59ab7e8d1dae2c1972041eb1e2b7082a98737ae6) ## v3.2.5197 (2023-10-17) * updated readme [View](https://github.com/twocanoes/xcreds/commit/4f27ddcd3d2a3a8e47f51a40a7631a7bf3343d88) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/e99abc0bb097c042f0ce0283547045ec1916db63) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/70082e7da4df6b71284735eb788b992df4c8ca40) * updated url in profile manifest [View](https://github.com/twocanoes/xcreds/commit/33ef0c9f2f30afc4260526b27ee4e6995e94fcfa) * fixed issue 95: whitespace characters in password and username [View](https://github.com/twocanoes/xcreds/commit/63f4ca53c2c1ba31fd93fd4921042d21284570c6) * shouldPreferLocalLoginInsteadOfCloudLogin [View](https://github.com/twocanoes/xcreds/commit/79e798afab9162255b7a019b74bbb3122330e83a) * another attempt at fixing https://github.com/twocanoes/xcreds/issues/95 [View](https://github.com/twocanoes/xcreds/commit/819e9a047f8d1e9e6d5a4f26b32238cb7fc9da88) * wip [View](https://github.com/twocanoes/xcreds/commit/4ac36cbc2d085ee32bd8d82a66feeb925ff118fb) * fixed keyboard nav for controls [View](https://github.com/twocanoes/xcreds/commit/c5c0cad10f5d5f22f8b6ce3d0993f5f1f72d8f3b) * issue #100: Detect Offline [View](https://github.com/twocanoes/xcreds/commit/fe804f167446fc4b22e128cca576ddd7276fd96f) * Add ability to check passwords via ROPG [View](https://github.com/twocanoes/xcreds/commit/f7c62c0466106cbc26f9f67be441dad847c32ecf) * Rename prefkey to be more boolean [View](https://github.com/twocanoes/xcreds/commit/2909f625588fe25c2082fbf2ff88df468e19c79d) * update to profile manifest [View](https://github.com/twocanoes/xcreds/commit/7fcb0a392b0e8d8c19e81f8e827d6de996da75c4) * fixed typo in function name [View](https://github.com/twocanoes/xcreds/commit/8c12d454e393cc0c52a0feb314a67c357bbac1c9) * added a smidge more logging [View](https://github.com/twocanoes/xcreds/commit/86256a2825eeeebf6eb63fe26451c372e149c2a2) * added self healing for auth rights [View](https://github.com/twocanoes/xcreds/commit/9b43e1cb382cfea1b40a2f40b6cdf6189fed385b) * updated manifest [View](https://github.com/twocanoes/xcreds/commit/7cdf884f2aed100080069e9b3a589af736062c99) ## release_3_1 (2023-07-14) * updated readme [View](https://github.com/twocanoes/xcreds/commit/4f27ddcd3d2a3a8e47f51a40a7631a7bf3343d88) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/e99abc0bb097c042f0ce0283547045ec1916db63) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/70082e7da4df6b71284735eb788b992df4c8ca40) * updated history.md [View](https://github.com/twocanoes/xcreds/commit/85b71172d3192616371ccc30ea16fb6dd092a54e) * fixed check timer to still work if mac sleeps [View](https://github.com/twocanoes/xcreds/commit/af491f5febf433bfeb8478d71a2fa29309676765) * fixed issue with token update time [View](https://github.com/twocanoes/xcreds/commit/0d14279e4003400a0fef812247f3c790fc802f5e) * fixed fade; cleaned up user mappings for weird characters [View](https://github.com/twocanoes/xcreds/commit/c6304954d6b02109d4ff90ed2d3b94963f761461) * final touches [View](https://github.com/twocanoes/xcreds/commit/df5f1110c5800ac8aa31293ac509817a62fedfbc) * bumped to 3.2; added some additional logging [View](https://github.com/twocanoes/xcreds/commit/5a544859855835a6c1d8bfb35a39aeb30cda5962) * bumped build number to 5000 [View](https://github.com/twocanoes/xcreds/commit/6250fdf999d7e57bfd51fe55186fde6fce92a3c0) * updated permission for override_script [View](https://github.com/twocanoes/xcreds/commit/fac2af918a65d5f92c211e4707e9e14d36e5bee1) * changed version back to 3.1; added better about window with history; changed override script requirments to be owned by _securityagent and be 700 [View](https://github.com/twocanoes/xcreds/commit/2f8dd4e599a71d02a88fa4a66814e419c71c0e65) * added command click login window for mac login window [View](https://github.com/twocanoes/xcreds/commit/f0a5b1fc76c133f199da75f31202401476da2af1) * text fixes [View](https://github.com/twocanoes/xcreds/commit/97c383e24729982c364e456ba5c3d49aa983060a) * updated build script [View](https://github.com/twocanoes/xcreds/commit/b4fd79d1d43d922fac3581282c7eb9126d33ed8c) * added back sample profie [View](https://github.com/twocanoes/xcreds/commit/6aa3ec4a58842f9a4dd748cd129ed4c14226888a) * fixed timer minutes [View](https://github.com/twocanoes/xcreds/commit/e78b306018cd996176b9530ba302689bd1d3e358) ## v3.1.4144 (2023-06-08) * updated AD support: kerb ticket now obtained at user space app launch from password in keychain. udpated profile manifest with better comments; delete cookes on webview each time it appears; added local login button; shows username password if discoveryURL is not defined [View](https://github.com/twocanoes/xcreds/commit/d17509bd2ce49313561632e15bc2698e38f09721) ## v3.1.4143 (2023-06-07) * updated fullname [View](https://github.com/twocanoes/xcreds/commit/627199474b42349bd42f6dc47c4cd442b9c3357a) * added shake to password field [View](https://github.com/twocanoes/xcreds/commit/d2370669893dc37937617be59a5601109915e991) * added shake to password field [View](https://github.com/twocanoes/xcreds/commit/d0f4efdbf886cbe9a21e449fe8d47f1ed671bdcd) * get kerb ticket on login [View](https://github.com/twocanoes/xcreds/commit/b7f7ad622ceaa57d27e419fa3fad10f0e040f8e3) ## v3.1.4081 (2023-05-27) * updated readme [View](https://github.com/twocanoes/xcreds/commit/4f27ddcd3d2a3a8e47f51a40a7631a7bf3343d88) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/e99abc0bb097c042f0ce0283547045ec1916db63) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/70082e7da4df6b71284735eb788b992df4c8ca40) * added Package.resolved [View](https://github.com/twocanoes/xcreds/commit/91fb7f3da5e789dabb37a5a8585592c69c1a732c) * added XCredsLoginPlugIn/errorpage.html [View](https://github.com/twocanoes/xcreds/commit/7bf66a34a1ef091f532959de62247ba1fbead13e) * cleaned up build system a bit [View](https://github.com/twocanoes/xcreds/commit/f99ec4a8ae38ff00adabe9b43c1ff8577c803dd1) * improved javascript parsing [View](https://github.com/twocanoes/xcreds/commit/ecf710eb181fd3f6dbdce7aedf511b8840e33ca6) * fixed issue with initial javascript listener [View](https://github.com/twocanoes/xcreds/commit/574a51b5b8329be4cc2ec8c045f710548aecf7d6) * cleaned up logging a bit [View](https://github.com/twocanoes/xcreds/commit/dfbf57f4a3d9649e2b35231bfedc6d591a7c3e41) * removed reset option [View](https://github.com/twocanoes/xcreds/commit/3150fa654f3b8a55018f0a1e0390aa6ec541e125) * removed KeychainReset and PasswordOverwriteSilent because it makes things worse [View](https://github.com/twocanoes/xcreds/commit/39362899ee0c0813f416057cad203061869daa84) * added lock screen switch to login window [View](https://github.com/twocanoes/xcreds/commit/77c52ad11ab01b1afd5e011b38a06b3de9527196) * fixed window levels, progress screen, background and boot runner issues [View](https://github.com/twocanoes/xcreds/commit/4c887fbdc82a0f63fcd8876aa662c6bc96ef7bbd) * improved logging [View](https://github.com/twocanoes/xcreds/commit/e92ffe9e65f1a95b4b3e9f1c8ea1089ae7720863) * checkpoint [View](https://github.com/twocanoes/xcreds/commit/488b66494c65e8460eefdf5bbb8c0d271102f298) * added override script and secure token admin reset [View](https://github.com/twocanoes/xcreds/commit/6717b3aa2cd0ef9d387484e7571183e6f8ffbb5d) * removed shouldFindPasswordElement since that is defaulit fallback behavior [View](https://github.com/twocanoes/xcreds/commit/2825ee7b6db005f6aa8ca6d60c72210ae7343af4) * cleaned up ui a bit [View](https://github.com/twocanoes/xcreds/commit/b64496bcb55573dff889a9ab92be2ed3f9cdd5e3) * dont refresh prefs so much [View](https://github.com/twocanoes/xcreds/commit/91ee8dcd371fe9e2182fd421674f9fcd484e4d81) * added check for group membership in oidc claim [View](https://github.com/twocanoes/xcreds/commit/2c03586a59821a04948692dcb9a41006ebf735f7) * added history file [View](https://github.com/twocanoes/xcreds/commit/5fa6c0436a58535e03fd457de9dd720186274a38) ## release-3.0 (2023-05-08) * updated readme [View](https://github.com/twocanoes/xcreds/commit/4f27ddcd3d2a3a8e47f51a40a7631a7bf3343d88) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/e99abc0bb097c042f0ce0283547045ec1916db63) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/70082e7da4df6b71284735eb788b992df4c8ca40) ## release_3_0 (2023-04-18) * added trial license beginnings [View](https://github.com/twocanoes/xcreds/commit/5a6cc5a91715e909dc8f9510f800dfffe485b7d6) * fixed regression for password change not capturing new password on azure [View](https://github.com/twocanoes/xcreds/commit/8db379d829d925409abfea85da72a788ead43d22) * bumped version to 3600 [View](https://github.com/twocanoes/xcreds/commit/f9601726f3d7255414d4ad44e20b9ac526af0f7c) * fixed issue with crash if time is far off [View](https://github.com/twocanoes/xcreds/commit/9c1d0d81ed62f525614b79e3a3dbc4b4bed3964b) * fixed typo [View](https://github.com/twocanoes/xcreds/commit/f309f95218424ca8f67177b0daed79d98344e943) * updated license [View](https://github.com/twocanoes/xcreds/commit/534be3e278d1daae48218952d20194e4e03b17b4) * fixed focus issue [View](https://github.com/twocanoes/xcreds/commit/e3c87a548a9e682b75ec01b4216ddfdda8a2ced2) ## release_v2_4 (2023-03-28) * updated readme [View](https://github.com/twocanoes/xcreds/commit/4f27ddcd3d2a3a8e47f51a40a7631a7bf3343d88) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/e99abc0bb097c042f0ce0283547045ec1916db63) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/70082e7da4df6b71284735eb788b992df4c8ca40) * added more logging for id token and bumped version to 2.3 [View](https://github.com/twocanoes/xcreds/commit/b8494ee343dab510fba1c1f304623efc985455a0) * added remove keychain option [View](https://github.com/twocanoes/xcreds/commit/19032d8df58c0bdd6197fc47f9f3aa2d8d6694ea) * updated language on keychain option and added pref in manifest [View](https://github.com/twocanoes/xcreds/commit/709a7f29e696c088cc8e13959dadba8f9c0f8c8e) * added key for customizing return to xcreds; added preference and ability to automatically refresh login window [View](https://github.com/twocanoes/xcreds/commit/514a1ba5ddaec55bfb8e40ca3e6c98a43c50ec7b) * added in login window height/width [View](https://github.com/twocanoes/xcreds/commit/18e974e67f2833862a1a6913a6c4563e339d4239) * added in login window height/width min value of 100 [View](https://github.com/twocanoes/xcreds/commit/6090d5ec4895045448920e774e16dc0614223919) * added in login window height/width min value of 100 [View](https://github.com/twocanoes/xcreds/commit/0a7dad70364bd830b8028da2cadd62c98b79271d) * fixed login window size and background image [View](https://github.com/twocanoes/xcreds/commit/339a66e7fdf6e8484da8f7c0a5c2ee6eed0aaef7) * fixed focus issue [View](https://github.com/twocanoes/xcreds/commit/992512bb1ac27f36c655d1e1a02eafdbd47a2b80) * updated sample configu [View](https://github.com/twocanoes/xcreds/commit/cd482e69520c8a7994eb8233e26c8a008c5048e7) * tweaked text for user space refresh token window and added pref to show or hide [View](https://github.com/twocanoes/xcreds/commit/9f29893203caef8799683cc2ded3345f306c4528) * fixed names and links in manifest [View](https://github.com/twocanoes/xcreds/commit/e759138ca72f2a4153fbea02f7b0b5cfd031bd01) * fixed crashing issue due to null refreshview outlet [View](https://github.com/twocanoes/xcreds/commit/d3931983b53633c91c33494fc1fcccd7614948ad) * added frontmost when prompting for keychain password [View](https://github.com/twocanoes/xcreds/commit/92ee6ed5c41dfefc798f1c839193aaa4a4a09f67) * fixed issue with autorefresh [View](https://github.com/twocanoes/xcreds/commit/d7126a026281afaac27c9381a9c4e42d472b4b31) * fixed changing wifi not dismissing dialog [View](https://github.com/twocanoes/xcreds/commit/7a3d45178e299b52014fb3dd0adf6c180667222f) * fixed changing wifi not dismissing dialog [View](https://github.com/twocanoes/xcreds/commit/9ef84939d56cce29c9b8e3a84b0f070a30f7e30c) * added 802.1x support; added support for pref key for finding password based on type=password [View](https://github.com/twocanoes/xcreds/commit/38ddeff5cd86d0cd43a97844c9d160da0ee446f3) * wip [View](https://github.com/twocanoes/xcreds/commit/72da3de9c054f4fb35fb19c9bb6ffd5c2ebbb47a) ## release_v2_1 (2023-01-11) ## realease_v2_2 (2023-01-11) * updated readme [View](https://github.com/twocanoes/xcreds/commit/4f27ddcd3d2a3a8e47f51a40a7631a7bf3343d88) * support getting password with get and adfs [View](https://github.com/twocanoes/xcreds/commit/494fdf75c79d8aa3b2c3cc6dc947f4423b2b3674) * Revert "support getting password with get and adfs" [View](https://github.com/twocanoes/xcreds/commit/425bda9a9323fd7eb9437f09f9da63747db9dc8d) * changed pref names for custom IDP / ADFS [View](https://github.com/twocanoes/xcreds/commit/83947497ec00cdfd7ec3b9a3683fa3b8e007aadf) * fixed package template issue and updated manifest [View](https://github.com/twocanoes/xcreds/commit/f2540a6c64b5bc9971833e8fa859821d4822af9c) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/e99abc0bb097c042f0ce0283547045ec1916db63) * enabled rekeying FileVault implementation [View](https://github.com/twocanoes/xcreds/commit/2ba233e3695b8a7bda297b0908da933d24bec1c4) * Support a Azure AD host [View](https://github.com/twocanoes/xcreds/commit/c0415863273f9797808d32633d3e800d630f9a0f) * If fullname is empty, shorname is used. [View](https://github.com/twocanoes/xcreds/commit/7764740647f8e4450b411fa08849e5f4cceba078) * added autologin when fv enabled [View](https://github.com/twocanoes/xcreds/commit/c8b394e055e2aa176af8a7f9e8cce53a3066f408) * added okta compatibility [View](https://github.com/twocanoes/xcreds/commit/5f38e70e641bc2c8129e940ae7e9f710380fea5b) * added a bit more logging [View](https://github.com/twocanoes/xcreds/commit/e2d2330a5050ab419290de466cef9f0b63407215) * removed "prompt":"consent" [View](https://github.com/twocanoes/xcreds/commit/3e0a5e6de6342f36c9622aba3ad55d2db4488942) * fixed notification prompt [View](https://github.com/twocanoes/xcreds/commit/40423c3b3ba271483826e49b6010f95e5b5683c7) * added shouldShowCloudLoginByDefault user default [View](https://github.com/twocanoes/xcreds/commit/d8658f333726d8151c2486a7fe38f94cc29cacb2) * added idhostnames array so you can specify multiple tenants [View](https://github.com/twocanoes/xcreds/commit/663dfa99b6bfb54487ca5cbc8d83618c8d180496) * removed registration reminder [View](https://github.com/twocanoes/xcreds/commit/738dff1ab4396e14d701da2dcb79c5c657533433) * removed spaces [View](https://github.com/twocanoes/xcreds/commit/180c2b9f4c267479723810a22a1dcc7715d992ce) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/70082e7da4df6b71284735eb788b992df4c8ca40) * added mappings for user info [View](https://github.com/twocanoes/xcreds/commit/074ac99d5b3b72f3a8fb553670968f6e67da8f10) * bumped version to 2.2 and build [View](https://github.com/twocanoes/xcreds/commit/23d902d5227eab2f3e61a6c931ccf63b94bc0ccb) * added new key for OIDC mapping [View](https://github.com/twocanoes/xcreds/commit/485be954afebf7cbe808a8b23e0be6a7c5efa495) * made keys lowercase for mappings [View](https://github.com/twocanoes/xcreds/commit/7432620d1a5c7e22e98975a5e806b73a9140d5ee) * changed case of keys [View](https://github.com/twocanoes/xcreds/commit/ecac4002bd45677fa72386cc73a56bfe6d3f53ed) * renamed mapped prefs with a prefix [View](https://github.com/twocanoes/xcreds/commit/aadd1445d92ac12e084946e1b40d97cf9f5aa6c7) * username hint was not being set [View](https://github.com/twocanoes/xcreds/commit/aba884ce568c39653fec406f7c95b21b1c554642) * added startup script [View](https://github.com/twocanoes/xcreds/commit/9c374670c37ba1b522e1247ec96a850a4e663b8e) * added credit to script [View](https://github.com/twocanoes/xcreds/commit/e36e74db471c955bd356f150dbc9b19d240a50d4) * implemented KeychainReset [View](https://github.com/twocanoes/xcreds/commit/0c34708fdeb9c9aa4303daa8382948d4e7d8143d) * implemented PasswordOverwriteSilent [View](https://github.com/twocanoes/xcreds/commit/8fcee904d23440051516c74228213a64b4ead348) * removed show prefs menu [View](https://github.com/twocanoes/xcreds/commit/d34328d71ec93b2663b75c080e41c8e0707b1f8e) * fixed timer issue [View](https://github.com/twocanoes/xcreds/commit/1d37d90a8ce81a142b90874b5d35641db4a9c1a8) * fixed shouldShowCloudLoginByDefault not working [View](https://github.com/twocanoes/xcreds/commit/570576b00c63db1f11ab5d7799301c9faed7f1e9) * fixed edge case when not showing xcreds login when logging out [View](https://github.com/twocanoes/xcreds/commit/3447f7be9e35a5e894911c0fa7366be4fa0d3b05) * removed test time [View](https://github.com/twocanoes/xcreds/commit/5bd5f84563b2a05fd4c2c169e1601cf5c270d8a9) * added sub as local user account if other methods not available; added some additional logging [View](https://github.com/twocanoes/xcreds/commit/fd4067d3a54850244f5f456825cbb531800dca85) * remove progress screen overlay because it was hiding filevault [View](https://github.com/twocanoes/xcreds/commit/453a9b79a19bbd05c4d638c01337b4752943898d) ## release_v2_0 (2022-08-30) * bumped version to 1.1 [View](https://github.com/twocanoes/xcreds/commit/d6a4c915da4e771335915c6aa1dae53d94c8c039) * added sample profile for google [View](https://github.com/twocanoes/xcreds/commit/342c8590fd5392822a9a57dd9a3293aa5f276eb6) * Cloud password verification dialog not centered... #15 [View](https://github.com/twocanoes/xcreds/commit/b1d8ee6069a92e6b231b8bce944f684fa36ec68e) * add "have token" indicator #10 [View](https://github.com/twocanoes/xcreds/commit/db746fd65ae1623e1d69f3c075391f474c9ccc3e) * Hide "About XCreds" menu item #18; Ability to add a custom URL and menu item for "Change Password #18 [View](https://github.com/twocanoes/xcreds/commit/f1c4593b4ad1b73899f9bc2cbfe61cd2d37eac11) * start of login window [View](https://github.com/twocanoes/xcreds/commit/ce6cc87d6f5e0ee87ecea89514865fd7b92df476) * pass username and password for login window [View](https://github.com/twocanoes/xcreds/commit/6addc7950cf499fb9bdeee098af1e0f9d35bfb63) * added fade to login window complete [View](https://github.com/twocanoes/xcreds/commit/3fd2f6dd2f69f8ec41e7eda52937e98cf0a30738) * restart and shutdown buttons [View](https://github.com/twocanoes/xcreds/commit/fde13dea140cf02043c8f9404c08917868bb5ecc) * implemented swiching back to mac login window [View](https://github.com/twocanoes/xcreds/commit/85545c29a8ad7c2b28daef1f8e8024bf377761ba) * wip [View](https://github.com/twocanoes/xcreds/commit/e755e305eb936a965cb0ef133d9f7c1cfb7cc765) * fixed xcreds breakage due to refactoring for xcreds login window [View](https://github.com/twocanoes/xcreds/commit/f41778819ed0d04325880e641799f723732ca6f3) * added keychain updating with tokens [View](https://github.com/twocanoes/xcreds/commit/2e3114e4f657761addd714abe7de790350623c83) * xcreds login window [View](https://github.com/twocanoes/xcreds/commit/03e929f9fa582b394686bb7669b28d0e906c4cd9) * added return to cloud login and wait message [View](https://github.com/twocanoes/xcreds/commit/f29ea30d43e51b6ef44bfbdad7d0ccd1d650a6b3) * bumped version [View](https://github.com/twocanoes/xcreds/commit/7fb698159e5f0b6cd54057d0938ddd0a448bd321) * updated manifest [View](https://github.com/twocanoes/xcreds/commit/ce8b9197c101d106605d5ea8e6bf87f5b52412ac) * added username to manifest [View](https://github.com/twocanoes/xcreds/commit/aa7945756f9c0a0573cf79b48c677c35dfbe7469) * fixed install scripts [View](https://github.com/twocanoes/xcreds/commit/ad2152c8e24b03dd685627d052b3116e5badfd62) * updated readme [View](https://github.com/twocanoes/xcreds/commit/690e6966e81bcb27f8859c010c230d2d0af4ba0a) * updaed sample profiles [View](https://github.com/twocanoes/xcreds/commit/5cd70f021fc8a4b7321dbfe7bd5cf1298a901609) * added arbitrary check for password in form [View](https://github.com/twocanoes/xcreds/commit/9d1dadac7750544dffa4db82fc258f0b7ed9663e) * bumped build number [View](https://github.com/twocanoes/xcreds/commit/bb90624c3d9a45870956621f22b41da5434e2bce) * fixed idtoken required values causing failure [View](https://github.com/twocanoes/xcreds/commit/de5dd6affee913fc6f2f65125188a8e894460b65) * added build number when starting up [View](https://github.com/twocanoes/xcreds/commit/2d4b70a192e119352cccc2d7318b8997e3c7fe74) * added build number when starting up in mechnism [View](https://github.com/twocanoes/xcreds/commit/5f6bdd336f311caa991f10c380b15f9acc2f5bb2) * added build number when starting up in mechnism [View](https://github.com/twocanoes/xcreds/commit/26b995a2173376ea6275a037a7866ea154b9ef31) * create user mech [View](https://github.com/twocanoes/xcreds/commit/2bd3cb885f9cfc2557cc709404a8c665e99236f1) * tweaked create user [View](https://github.com/twocanoes/xcreds/commit/4bfdd1017266b30d25e9fb0162decbe54fe3b5a9) * added FDE enable [View](https://github.com/twocanoes/xcreds/commit/2422e5588412d4cc721f93c0695405d939096c42) * updated prefs [View](https://github.com/twocanoes/xcreds/commit/14d39e3fe023b6412a73b6cba2a214b283a1b7d7) * added fde option [View](https://github.com/twocanoes/xcreds/commit/2b022b47d6c23e2bbf6fcd6f0b7bb249df689bc1) * added network changing detection to reload page [View](https://github.com/twocanoes/xcreds/commit/de4acf06e2e7b18c232dd0dcd5ce55e8944d2e2a) * fixed status icon issue; fixed lack of prompting on first launch [View](https://github.com/twocanoes/xcreds/commit/9aa2d77b366fe963aed1ec78c932c467d83f5b63) * added default to create keychain [View](https://github.com/twocanoes/xcreds/commit/27be41527d7716df6fbcd9ed276f542b80e53682) * added better loading at start [View](https://github.com/twocanoes/xcreds/commit/1223e399814d061d9962a75d6c037445cd9862f9) * updated loading message [View](https://github.com/twocanoes/xcreds/commit/d8d1b96e3e2927eb110747155942c4f000c8872c) * smother transitions and background image [View](https://github.com/twocanoes/xcreds/commit/6f6f2b9c7b24a3724440b77b52d86cfaeca3169d) * fixed background image url [View](https://github.com/twocanoes/xcreds/commit/8164b122c71f76b0bea9a3237d386ffac9ec0d30) * fixed overlay not showing [View](https://github.com/twocanoes/xcreds/commit/6cedc60bbaad9747209ae73521a0af480a8301a0) * fixed regression with back to my xcreds [View](https://github.com/twocanoes/xcreds/commit/ff3dee83940377a8544283d207e011f5854be8c3) * add tweak to back to my xcreds [View](https://github.com/twocanoes/xcreds/commit/7aafd66a0d75a3ee09dc6a4cd1c7f211877fb15b) * more tweaks to back to my xcreds [View](https://github.com/twocanoes/xcreds/commit/b2ef99f2db8056933eb2c047f28d6449059103dd) * fixed minor issues with prefs [View](https://github.com/twocanoes/xcreds/commit/18bccee23ceb28e47bd25f7ed38433dea76e787b) * reverted default [View](https://github.com/twocanoes/xcreds/commit/5fe505fa6c90b1ae198bc1d5aeac6068e0e9ecdc) * project update [View](https://github.com/twocanoes/xcreds/commit/4ea4da0da0260d9d9379ea599689d1c5ed1515b5) ## prebeta (2022-06-15) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/7289a72ae79005797fa4651dc61328354aca7c2b) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/07947e9e66f68db049481b6e35373a8a5b5a4bf5) * added support for Google IdP [View](https://github.com/twocanoes/xcreds/commit/4733a6cdeef503db2e08a21bb9443700bfb9526d) --- ## 4.0.6177 (31/12/2023) # What's New in Beta 3 Feature complete for release 4.0. ## 4.0.6177 (2023-12-28) * added date to license agreement to resolve Date not shown on user agreement #134 [View](https://github.com/twocanoes/xcreds/commit/17df8ec0734b9a8eddb2485e4d16af25ddd2df30) * fixed Password reset dialog rendering and text need fixes #133 [View](https://github.com/twocanoes/xcreds/commit/a03c7f1463be0ab89a787d08f2f211c8bb9a6552). Test by resetting password on both AD and Cloud. * Cloud login screen button section pushed to left side #132 [View](https://github.com/twocanoes/xcreds/commit/0a300f842d6ab85e8c28501c9b4b87e57b5e0017). Test with visual verfication. * Active Directory login - blank login after expired user attempts sign-in #114 [View](https://github.com/twocanoes/xcreds/commit/b8d52d586aaa8db98487a8bd8279fbd673992ad8). Test by expiring password in AD and verifying sane UI. * Prompt for Secure Token Admin Login When Required for AD #127 [View](https://github.com/twocanoes/xcreds/commit/42002e66a6d90726e9a5f4132f232afd107736d7). Test: Log in with AD account and change local password. Log out. When prompted to reset password, click button to reset keychain and enter local admin and verify keychain is reset and local password is AD password. * [bug] Build 6023 LocalAD - cancelling Change Password prompt breaks login fields. #129 [View](https://github.com/twocanoes/xcreds/commit/be300977b25f12e409b506de0f0d6fc1addd9ebd). Test: In AD, force a password change on next login. Login and when prompted, click Cancel. * Add ability to select active directory login to select mapped user account #136 [View](https://github.com/twocanoes/xcreds/commit/19260d33f6a35b1564112c9be94e804bf892cb14). Test: Create non admin local user then log in for first time with local AD user. Should prompt to enter login credentials for a local account. Enter credentials and verify that macOS logs in with that user account. Log out and verify that it does not prompt on subsequent logins. * fixed issue with initial focus [View](https://github.com/twocanoes/xcreds/commit/f40cf398168bffd52a75745ab3527b7f9bfc9f20). Test: Reboot and verify you can type without a first click on the textfield. Do this on a non-vm since vm requires window focus. * https://github.com/twocanoes/xcreds/issues/54 [View] (https://github.com/twocanoes/xcreds/commit/270732273500c8d5d1e791b565df25d581f5e0f4) * Request: display user password expiration (days left or specific date) in app. #54 [View](https://github.com/twocanoes/xcreds/commit/2774028c41b4a2b5031296e284d1cde5ae48541f). Test: look at menu item and verify it shows when password expires in AD. verify in AD as well. * Refresh does not change next password check time #88 [View](https://github.com/twocanoes/xcreds/commit/fdcd94b1dd7f99c6baf635af6d7978d0aad30df3). To test: refresh and verify next password check time is updated. * changed cartfile to point to github [View](https://github.com/twocanoes/xcreds/commit/960fa77bb2cb6b21719fb33481febbb594b53f90). No test * removed framework [View](https://github.com/twocanoes/xcreds/commit/ed417781d823012a779fd93c4c29cf46259d0bee) No test * removed framework [View](https://github.com/twocanoes/xcreds/commit/c054c66e231955a396f9f28bd26d8352ae7ed48f) No test * added key for ROPG at login window [View](https://github.com/twocanoes/xcreds/commit/716934b3e90d1f8cc454e7f25232584e3f2b5d3a). To test: Use the xcreds_example_okta_ropg.mobileconfig testfile that has the shouldUseROPGForOIDCLogin key set to true. Verify that you can log in with test Okta user account. * partial refactor wip [View](https://github.com/twocanoes/xcreds/commit/1c0fc161b10042d6f88097ffb255749e682023bf). No test * partial refactor wip [View](https://github.com/twocanoes/xcreds/commit/e24b7e07ec5ceefeacda3cbaa2b92e71a7261ecf) No test * partial refactor wip [View](https://github.com/twocanoes/xcreds/commit/f651bc35965ad5a1a1c713a4ff0a3cd4b20cb00b) No test * ropg at login window initial implementation [View] (https://github.com/twocanoes/xcreds/commit/32ad7b391c89e870fe373cdac46e62744fb79221) No test * cleaned up ropg login code [View](https://github.com/twocanoes/xcreds/commit/e9b12682acdcdd8f5b3bd9f1035c80ca2e359995) No test * hide refresh when on username/password window; move focus to blank password when not entered for username/password window [View](https://github.com/twocanoes/xcreds/commit/b54cf49b000fa8806229300455901955f2f1edf2) Test: verify refresh button only shows on web login screens * fixed menu app password verification [View](https://github.com/twocanoes/xcreds/commit/93ac8b9bfbeefb2d7b5df4585d033005b6907300). Test: select Refresh in menu app and verify you can log in with both the AD, ROPG and OIDC. * added ShareMounter and missing KerbUtil filet [View](https://github.com/twocanoes/xcreds/commit/3f14dc2639807400e8c1b6f8824a05d6ea2b474b) No Test. * added username / password view to prompt in userspace [View](https://github.com/twocanoes/xcreds/commit/a56020e4ba24ef0d2d634f4e3ad71964c561eaad). Change password in cloud and launch userspace app. verify it prompts and you can log in and the icon turns green. * fixed cancel for AD userspace cancel [View](https://github.com/twocanoes/xcreds/commit/8acaf42493adf20b98f132182b7951fae9181976) Test: click cancel when AD prompts to sync local password. * fixed override script in usersapce [View](https://github.com/twocanoes/xcreds/commit/bdd67573335b01e9aa809a8af6570474183751cb). Test: verify having a override script does not cause crash when specified in profile and refresh selected in menu item app. * fixed typo [View](https://github.com/twocanoes/xcreds/commit/48329e1d05488dd2b66820ab8d62b6c540901f41) No Test. --- ## XCreds 4.0 Beta 2 (12/12/2023) # What's New # The major version was bumped to v4. Prior beta (Beta 1) was labeled as 3.3 and should be consider v4 Beta 1. So much goodness could not be contained in a minor version bump and only a major version increase would suffice. ## Beta 2 ## ### fixed Update documented minimum for loginWindowWidth and loginWindowHeight #91 ### Minimum Height and Width is now 150. Anything less than that will change it to 150. What to test: Set to lower and higher values and verify it changes as expected. ### implemented Prompt for Secure Token Admin Login When Required #123 ### When logging in at the cloud login window and the local password is not the same as the cloud password, the user is prompted to enter in the local password. If the user does not know the password and there is no adminUsername/admin password defined in an override script or in preferences, the user will be prompted for admin credentials. If admin credentials are given correctly, the user account will be change to the new password and a new keychain will be created (and the old one moved aside). What to test: Successfully log in as a cloud user and verify all is working. Log out and change cloud password on IdP. Log in again and verify that clicking reset results in correct behavior. Verify cancel buttons work as expected and that bad passwords and username give correct feedback. ### implemented feature request: localad/kebereros support for saving groups to prefs #125 ### When set up to use active directory, logging in as a AD user that is a member of groups will populate the local account with a new attribute called _xcreds_groups and will have the name of the groups as a command separated list. what to test: In active directory, add user to a few groups. Not that the primary group is not a direct membership ("Domain User") and will not show up. Log in and verify new attribute is populated in user account by opening Directory Utility and viewing the account. Change group membership in AD, log out and log back in, and verify AD groups have been updated via Directory Utility. ### fixed ad groups for making admin user ### If the preference key "CreateAdminIfGroupMember" and value of an array of strings is defined, the groups the user is part of in AD will be checked against those values, and if one matches, the user will be an admin. This is updated on each login, so adding and removing should change admin membership/ What to test: Log in as a AD user and verify that they are not an admin. Add the user to a group in AD and add that group name to the CreateAdminIfGroupMember preference. Log back in and verify the user is now admin. Repeat test with a new user and make sure the user is an admin at first login. ### fixed Active Directory issue after password change #112 ### When signing in using XCreds as an Active Directory user, if the AD user password is changed and then the user tries to sign again, XCreds sign-in will fail if the new password is entered. XCreds sign-in will succeed if the old password is entered. What to test: change password and verify correct bahavior. ### adding arbitrary claims to local DS user account ### A new preference key "claimsToAddToLocalUserAccount" with an array of strings as values was added. Adding in a claim will result in that claim be added to the user's local DS account on next login. By default, if this key is not defined, the groups claim will be added automatically. what to test: In preferences, add the claims "ipaddr" and "upn" to the claims and login as a user. Verify that the claims show up as _xcreds_ and the value in Directory Utility for the user. ### updated animation when logging in ### When logging in both as AD and cloud, the button bar should animate by dropping down and the main window should gracefully fade away leaving no trace. A thing of beauty. what to test: Look at it. Love it. ### Detect when no password was entered #17 ### When no password is detected from the cloud login, it used to fail by returning to the login window. Now there is an error message. what to test: set the passwordElementID to something that doesn't match the element (like xyzzy) and try and log in. XCreds should log in to the cloud login and not be able to capture the password. An error should then be shown. ### updated license agreement (issue #90) ### The software license agreement shown when running the installer for v3.1 build 5084 shows last updated date as April 18, 2023. This should be updated to match the SLA provided at https://twocanoes.com/software-license-agreements/ what to test: verify correct date. ### refactored code to add admin to user account based on group membership each login (issue #109) ### in prior version, admin membership was only checked at initial account login. admin membership is now check at each login and the admin group is updated based on preferences. what to test: set the CreateAdminIfGroupMember value to the name of an existing to a group they are a membrer of in the iDp and verify they become admin at next login. Remove and verify that they are removed as local admin. ### added groups claim value to OD record on each login in _xcreds_oidc_groups (issue #117) ### When set up to use OIDC, logging in as a cloud user that is a member of groups will populate the local account with a new attribute called _xcreds_groups and will have the name of the groups as a space separated list. what to test: In OIDC, add user to a few groups. . Log in and verify new attribute is populated in user account by opening Directory Utility and viewing the account. Change group membership in ODIC, log out and log back in, and verify groups have been updated via Directory Utility. ### fixed issue #124: Default behavior wrong for shouldAllowKeyComboForMacLoginWindow ### The manifest defines the default for shouldAllowKeyComboForMacLoginWindow as false but when it is not set in a profile the login window allows the key combo to work. what to test: don't define key and verify it doesn't work, then define and verify it does ## Beta 1: ## [![IMAGE ALT TEXT](http://img.youtube.com/vi/HldRxRRNQEU/0.jpg)](http://www.youtube.com/watch?v=HldRxRRNQEU "Video Title") ### Select Existing User Account During Account Creation ### Using the new preference key “shouldPromptForMigration”, when a new login is detected and there are existing standard user accounts on the system, the user will be prompted for a username and password (#98). If the username and password are successfully entered for an existing account, this local account will then be used when logging in with this cloud account. The local account has 2 new DS attributes added: dsAttrTypeNative:_xcreds_oidc_sub: Subscriber. Unique identifier for account within the current issuer. dsAttrTypeNative:_xcreds_oidc_iss: Issuer In subsequent logins, the user account is selected by matching the sub and iss from the identity token to the values in the local account. Note that the user will only be prompted if there are existing standard accounts on the system and the login does not have a locally mapped account. The dialog for migration has a “Create New Account” button that will allow them to skip migration and create a local account. If a local account using the prior logic exists, it will be mapped. ### Key Combination for showing Standard and Mac login window ### Setting the new preference key “shouldAllowKeyComboForMacLoginWindow” allows switch login between cloud and standard/Mac login using a key combination regardless of the hidden state of the Switch Login Window button (#121). The keys are as follows: Option-Control-Return: Switch between cloud and standard login window. Command-Option-Control-Return: Switch between cloud and Mac login window. ### Account Alias ### When a new preference is set (“aliasName”) to a claim in the identity token, the value in that claim is used to set an alias to the user account, allowing them to login with it. An example: Set the preferences to have aliasName = “upn”. Log in as barney@twocanoes.com. The identity token has a claim called “upn” whose value was “barney@twocanoes.com“. XCreds then adds barney@twocanoes.com that is an alias and the user can login with either barney or barney@twocanoes.com at the local and mac login window. This gives the user a consistent way to log in at the cloud login or the standard / Mac login window. ### New Features ### * Removed logging messages that had a local path from the build system. * Updates postinstall to better handle the setup assistant and userland install scenarios. Thanks to Clkw0rk for the pull request. * Reload login window on network changes. Thanks to Clkw0rk for the pull request and credit to @hurricanehrndz and the CPE Team at Yelp * Reload login window after wifi connected. Thanks to Clkw0rk for the pull request. * add encoding for special characters to tokenmanager. Thanks to Clkw0rk for the pull request. * use default desktop from CoreServices. Thanks to Clkw0rk and the CPE Team at Yelp for the pull request. --- ## XCreds 3.2.1 (12/12/2023) XCreds 3.2 results an issue where the last character was not capture when typing the password very quickly and hitting return right away. --- ## XCreds 3.3 Beta 1 (27/11/2023) [![IMAGE ALT TEXT](http://img.youtube.com/vi/HldRxRRNQEU/0.jpg)](http://www.youtube.com/watch?v=HldRxRRNQEU "Video Title") ### Select Existing User Account During Account Creation ### Using the new preference key “shouldPromptForMigration”, when a new login is detected and there are existing standard user accounts on the system, the user will be prompted for a username and password (#98). If the username and password are successfully entered for an existing account, this local account will then be used when logging in with this cloud account. The local account has 2 new DS attributes added: dsAttrTypeNative:_xcreds_oidc_sub: Subscriber. Unique identifier for account within the current issuer. dsAttrTypeNative:_xcreds_oidc_iss: Issuer In subsequent logins, the user account is selected by matching the sub and iss from the identity token to the values in the local account. Note that the user will only be prompted if there are existing standard accounts on the system and the login does not have a locally mapped account. The dialog for migration has a “Create New Account” button that will allow them to skip migration and create a local account. If a local account using the prior logic exists, it will be mapped. ### Key Combination for showing Standard and Mac login window ### Setting the new preference key “shouldAllowKeyComboForMacLoginWindow” allows switch login between cloud and standard/Mac login using a key combination regardless of the hidden state of the Switch Login Window button (#121). The keys are as follows: Option-Control-Return: Switch between cloud and standard login window. Command-Option-Control-Return: Switch between cloud and Mac login window. ### Account Alias ### When a new preference is set (“aliasName”) to a claim in the identity token, the value in that claim is used to set an alias to the user account, allowing them to login with it. An example: Set the preferences to have aliasName = “upn”. Log in as barney@twocanoes.com. The identity token has a claim called “upn” whose value was “barney@twocanoes.com“. XCreds then adds barney@twocanoes.com that is an alias and the user can login with either barney or barney@twocanoes.com at the local and mac login window. This gives the user a consistent way to log in at the cloud login or the standard / Mac login window. ### New Features ### * Removed logging messages that had a local path from the build system. * Updates postinstall to better handle the setup assistant and userland install scenarios. Thanks to Clkw0rk for the pull request. * Reload login window on network changes. Thanks to Clkw0rk for the pull request and credit to @hurricanehrndz and the CPE Team at Yelp * Reload login window after wifi connected. Thanks to Clkw0rk for the pull request. * add encoding for special characters to tokenmanager. Thanks to Clkw0rk for the pull request. * use default desktop from CoreServices. Thanks to Clkw0rk and the CPE Team at Yelp for the pull request. --- ## XCreds 3.2 (17/10/2023) ROPG XCreds now uses ROPG to verify password when logged in. Very useful with Okta and other IdP that do not support token refresh. Requires preferences ropgClientID, ropgClientSecret, and shouldVerifyPasswordWithRopg. Thanks to hurricanehrndz for this pull request. New Features New preference key to force local login: shouldPreferLocalLoginInsteadOfCloudLogin . Thanks to jamesez for the pull request. New preference key show login window based on detecting network status: shouldDetectNetworkToDetermineLoginWindow. Added self healing for auth rights Added support for keyboard nav for controls Detect offline and automatically switch to local login. Bug Fixes Remove trailing and leading spaces entered in username --- ## XCreds 3.1 (17/07/2023) ## XCreds 3.1 ## ### Active Directory Login ### New username and password window allows logging in with local user or Active Directory (if ADDomain key is defined). ### New Username and Password Window ### We no longer use the macOS login window and use the new XCreds username/password window. This allows for faster switching and Active Directory login. ### Switch to Login Window at Screen Saver ### When the "shouldSwitchToLoginWindowWhenLocked" key is set and XCreds is running in the user session and the screen is locked, the lock screen will fast user switch to the login window. When set to true and the user locks the current session, XCreds will tell the system to switch to Login Window. The current session will stay active but the user will log in with the XCreds Login Window to resume the session. ### Admin Group ### If group membership is returned in the "groups" claim and matches the group defined in the "CreateAdminIfGroupMember" preference, the user will be created as admin. ### kerberos ticket ### When app is first launched and there is a keychain item with an AD account and local password, a kerberos ticket will be attempted. ### Override Preference Script ### Most preferences can now be overwritten by specifying a script at the path defined by "settingsOverrideScriptPath". This script, if it exists, owned by \_securityagent, and has permissions 700 (accessible only by \_securityagent) must return a valid plist that defines the key/value pairs to override in preferences. This allows for basing preferences based on the local state of the machine. It is important for the "localAdminUserName" and "localAdminPassword" keys. See Reset Keychain for more information on this. The override script can also be used for querying the local state and setting preferences. For example, to randomly set the background image, a sample script "settingsOverrideScriptPath" defines a script: #!/bin/sh dir="/System/Library/Desktop Pictures" desktoppicture=`/bin/ls -1 "$dir"/*.heic | sort --random-sort | head -1` cat /usr/local/xcreds/override.plist|sed "s|DESKTOPPICTUREPATH|${desktoppicture}|g" The plist would be defined as: loginWindowBackgroundImageURL file://DESKTOPPICTUREPATH ### Reset Keychain ## In prior versions of XCreds, the ability to reset the keychain if the user forgets their local password would fail due to the lack of an admin user with a secure token. This would cause the "PasswordOverwriteSilent" to fail. The "settingsOverrideScriptPath" (see above) can return the admin username and password of an admin account that has a secure token. This admin user is then used to reset the user's keychain if they forgot their local password. This can either be done with user prompting or silently. The script can find those keys via curl, in system keychain, or in a LAPS file and return the values inside the plist that is returned. This gives flexibility in determining the security required for the local admin username and password. Note that XCreds assumes an admin user with a secure token already exists on the machine and XCreds does not create or manage this user. If you manage local admin via a LAPS system, you can return the password from the local password file. An example of an override script to return username and password are as follows: Override Script: ` #!/bin/sh` ` dir="/System/Library/Desktop Pictures"` ` desktoppicture=/bin/ls -1 "$dir"/*.heic | sort --random-sort | head -1` ` ` ` #this is provided as an example. DO NOT KEEP ADMIN CREDENTIALS ON DISK! Use curl or other method for getting them temporarily.` ` admin_username="tcadmin"` ` admin_password="twocanoes"` ` ` ` cat /usr/local/xcreds/override.plist | sed "s|LOCALADMINUSERNAME|${admin_username}|g" | sed "s|LOCALADMINPASSWORD|${admin_password}|g" ` plist: `` ` ` ` ` ` ` ` localAdminUserName` ` LOCALADMINUSERNAME` ` localAdminPassword` ` LOCALADMINPASSWORD` ` ` ` ` ### Others * added shake to password field * added dialog over login window when in an error state * improved code when local password policy does not allow setting password from cloud. * Added about menu with history ## New Keys **ADDomain** The desired AD domain **usernamePlaceholder** Placeholder text in local / AD login window for username **passwordPlaceholder** Placeholder text in local / AD login window for password **shouldShowLocalOnlyCheckbox** Show the local only checkbox on the local login page **CreateAdminIfGroupMember** List of groups that should have its members created as local administrators. Set as an Array of Strings of the group name. **shouldSwitchToLoginWindowWhenLocked** When set to true and the user locks the current session, XCreds will tell the system to switch to Login Window. The current session will stay active but the user will login with the XCreds Login Window to resume the session. **settingsOverrideScriptPath** Script to override defaults. Must return valid property list with specified defaults. Script must exist at path, be owned by root and only writable by root. **localAdminUserName** Username of local admin user. DO NOT SET THIS IN PREFERENCES. It is recommended to set this with the settingsOverrideScriptPath script. This user is used to reset the keychain if the user forgets their local password and to set up a secure token for newly created users. **localAdminPassword** Password of local admin user. DO NOT SET THIS IN PREFERENCES. It is recommended to set this with the settingsOverrideScriptPath script. This user is used to reset the keychain if the user forgets their local password and to set up a secure token for newly created users. **shouldShowCloudLoginByDefault** Determine if the Mac login window or the cloud login window is shown by default **shouldShowMacLoginButton** Show the Mac Login Window button in XCreds Login **shouldShowTokenUpdateStatus** Show the time when the password will be checked. True by default. --- ## Prerelease 3.1.4144 (08/06/2023) # What's New In XCreds # ## XCreds 3.1 ## ### Active Directory Login ### New username and password window allows logging in with local user or Active Directory (if ADDomain key is defined). ### New Username and Password Window ### We no longer use the macOS login window and use the new XCreds username/password window. This allows for faster switching and Active Directory login. ### Switch to Login Window at Screen Saver ### When the "shouldSwitchToLoginWindowWhenLocked" key is set and XCreds is running in the user session and the screen is locked, the lock screen will fast user switch to the log When set to true and the user locks the current session, XCreds will tell the system to switch to Login Window. The current session will stay active but the user will login with the XCreds Login Window to resume the session. ### Admin Group ### If group membership is returned in the "groups" claim and matches the group defined in the "CreateAdminIfGroupMember" preference, the user will be created as admin. ### kerberos ticket ### When app is first launched and their is a keychain item with a AD account and local password, a kerberos ticket will be attempted. ### Override Preference Script ### Most preferences can now be overwritten by specifying a script at the path defined by "settingsOverrideScriptPath". This script, if it exists, owned by root, and has permissions 755 (writable only by root, readable and executable by all) must return a valid plist that defines the key/value pairs to override in preferences. This allows for basing preferences based on the local state of the machine. It is important for the "localAdminUserName" and "localAdminPassword" keys. See Reset Keychain for more information on this. The overide script can also be used for querying the local state and setting preferences. For example, to randomly set the background image, a sample script "settingsOverrideScriptPath" defines a script: !/bin/sh dir="/System/Library/Desktop Pictures" desktoppicture=`/bin/ls -1 "$dir"/*.heic | sort --random-sort | head -1` cat /usr/local/xcreds/override.plist|sed "s|DESKTOPPICTUREPATH|${desktoppicture}|g" The plist would defined as: loginWindowBackgroundImageURL file://DESKTOPPICTUREPATH ### Reset Keychain ## In prior versions of XCreds, the ability to reset the keychain if the user forgets their local password would fail due to the lack of a admin user with a secure token. This would cause the "PasswordOverwriteSilent" to fail. The "settingsOverrideScriptPath" (see above) can return the admin username and password of an admin account that has a secure token. This admin user is then used to reset the user's keychain if they forgot their local password. This can either be done with user prompting or silently. The script can find those keys via curl, in system keychain, or in a LAPS file and return the values inside the plist that is returned. This gives flexablity in determining the security required for the local admin username and password. Note that XCreds assumes an admin user with a secure token already exists on the machine and XCreds does not create or manage this user. If you manage local admin via a LAPS system, you can return the password from the local password file. An example of an override script to return username and password are as follows: Override Script: ` !/bin/sh` ` dir="/System/Library/Desktop Pictures"` ` desktoppicture=/bin/ls -1 "$dir"/*.heic | sort --random-sort | head -1` ` ` ` #this is provided as an example. DO NOT KEEP ADMIN CREDENTIALS ON DISK! Use curl or other method for getting them temporarily.` ` admin_username="tcadmin"` ` admin_password="twocanoes"` ` ` ` cat /usr/local/xcreds/override.plist | sed "s|LOCALADMINUSERNAME|${admin_username}|g" | sed "s|LOCALADMINPASSWORD|${admin_password}|g" ` plist: `` ` ` ` ` ` ` ` localAdminUserName` ` LOCALADMINUSERNAME` ` localAdminPassword` ` LOCALADMINPASSWORD` ` ` ` ` ### Others * added shake to password field ## New Keys **ADDomain** The desired AD domain **CreateAdminIfGroupMember** List of groups that should have its members created as local administrators. Set as an Array of Strings of the group name. **shouldSwitchToLoginWindowWhenLocked** When set to true and the user locks the current session, XCreds will tell the system to switch to Login Window. The current session will stay active but the user will login with the XCreds Login Window to resume the session. **settingsOverrideScriptPath** Script to override defaults. Must return valid property list with specified defaults. Script must exist at path, be owned by root and only writable by root. **localAdminUserName** Username of local admin user. DO NOT SET THIS IN PREFERENCES. It is recommended to set this with the settingsOverrideScriptPath script. This user is used to reset the keychain if the user forgets their local password and to setup a secure token for newly created users. **localAdminPassword** Password of local admin user. DO NOT SET THIS IN PREFERENCES. It is recommended to set this with the settingsOverrideScriptPath script. This user is used to reset the keychain if the user forgets their local password and to setup a secure token for newly created users. **shouldFindPasswordElement** Selects the password element field in the web page by finding a form element that has bullets (input is password) **shouldShowCloudLoginByDefault** Determine if the mac login window or the cloud login window is shown by default **shouldShowMacLoginButton** Show the Mac Login Window button in XCreds Login ## Version 3.0 Build 3607 ## Released 2023-04-19 - Updated license - Fixed typo - Fixed issue with crash if time is too far off - Fixed regression for password change not capturing new password on Azure - Added trial license - Version 2.4 - Added 802.1x support; added support for pref key for finding password based on type=password - Fixed changing wifi not dismissing dialog - Fixed issue with autorefresh - Added frontmost when prompting for keychain password - Fixed crashing issue due to null refreshview outlet - Fixed names and links in manifest - Tweaked text for user space refresh token window and added pref to show or hide - Updated sample config - Fixed focus issue - Fixed login window size and background image - Added in login window height/width min value of 100 - Added key for customizing return to XCreds; added preference and ability to automatically refresh login window - Updated language on keychain option and added pref in manifest - Added remove keychain option ## Version 2.3 - Added more logging for id token - Removed progress screen overlay because it was hiding filevault - Added sub as local user account if other methods not available; added some additional logging - Removed test time - Fixed edge case when not showing xcreds login when logging out - Fixed shouldShowCloudLoginByDefault not working - Fixed timer issue - Removed show prefs menu - Implemented PasswordOverwriteSilent - Implemented KeychainReset - Added credit to script - Added startup script - Username hint was not being set - Renamed mapped prefs with a prefix - Changed case of keys - Made keys lowercase for mappings - Added new key for OIDC mapping ## Version 2.2 - Added mappings for user info ## Version 2.1 - Initial release --- ## Prerelease 3.1.4081 (27/05/2023) ## XCreds 3.1 ## ### Active Directory Login ### New username and password window allows logging in with local user or Active Directory (if ADDomain key is defined). ### New Username and Password Window ### We no longer use the macOS login window and use the new XCreds username/password window. This allows for faster switching and Active Directory login. ### Admin Group ### If group membership is returned in the "groups" claim and matches the group defined in the "CreateAdminIfGroupMember" preference, the user will be created as admin. ### Override Preference Script ### Most preferences can now be overwritten by specifying a script at the path defined by "settingsOverrideScriptPath". This script, if it exists, owned by root, and has permissions 755 (writable only by root, readable and executable by all) must return a valid plist that defines the key/value pairs to override in preferences. This allows for basing preferences based on the local state of the machine. It is important for the "localAdminUserName" and "localAdminPassword" keys. See Reset Keychain for more information on this. The overide script can also be used for querying the local state and setting preferences. For example, to randomly set the background image, a sample script "settingsOverrideScriptPath" defines a script: !/bin/sh dir="/System/Library/Desktop Pictures" desktoppicture=`/bin/ls -1 "$dir"/*.heic | sort --random-sort | head -1` cat /usr/local/xcreds/override.plist|sed "s|DESKTOPPICTUREPATH|${desktoppicture}|g" The plist would defined as: loginWindowBackgroundImageURL file://DESKTOPPICTUREPATH ### Reset Keychain ## In prior versions of XCreds, the ability to reset the keychain if the user forgets their local password would fail due to the lack of a admin user with a secure token. This would cause the "PasswordOverwriteSilent" to fail. The "settingsOverrideScriptPath" (see above) can return the admin username and password of an admin account that has a secure token. This admin user is then used to reset the user's keychain if they forgot their local password. This can either be done with user prompting or silently. The script can find those keys via curl, in system keychain, or in a LAPS file and return the values inside the plist that is returned. This gives flexablity in determining the security required for the local admin username and password. Note that XCreds assumes an admin user with a secure token already exists on the machine and XCreds does not create or manage this user. If you manage local admin via a LAPS system, you can return the password from the local password file. An example of an override script to return username and password are as follows: Override Script: ` !/bin/sh` ` dir="/System/Library/Desktop Pictures"` ` desktoppicture=/bin/ls -1 "$dir"/*.heic | sort --random-sort | head -1` ` ` ` #this is provided as an example. DO NOT KEEP ADMIN CREDENTIALS ON DISK! Use curl or other method for getting them temporarily.` ` admin_username="tcadmin"` ` admin_password="twocanoes"` ` ` ` cat /usr/local/xcreds/override.plist | sed "s|LOCALADMINUSERNAME|${admin_username}|g" | sed "s|LOCALADMINPASSWORD|${admin_password}|g" ` plist: `` ` ` ` ` ` ` ` localAdminUserName` ` LOCALADMINUSERNAME` ` localAdminPassword` ` LOCALADMINPASSWORD` ` ` ` ` ## New Keys **ADDomain** The desired AD domain **CreateAdminIfGroupMember** List of groups that should have its members created as local administrators. Set as an Array of Strings of the group name. **shouldSwitchToLoginWindowWhenLocked** When set to true and the user locks the current session, XCreds will tell the system to switch to Login Window. The current session will stay active but the user will login with the XCreds Login Window to resume the session. **settingsOverrideScriptPath** Script to override defaults. Must return valid property list with specified defaults. Script must exist at path, be owned by root and only writable by root. **localAdminUserName** Username of local admin user. DO NOT SET THIS IN PREFERENCES. It is recommended to set this with the settingsOverrideScriptPath script. This user is used to reset the keychain if the user forgets their local password and to setup a secure token for newly created users. **localAdminPassword** Password of local admin user. DO NOT SET THIS IN PREFERENCES. It is recommended to set this with the settingsOverrideScriptPath script. This user is used to reset the keychain if the user forgets their local password and to setup a secure token for newly created users. **shouldFindPasswordElement** Selects the password element field in the web page by finding a form element that has bullets (input is password) **shouldShowCloudLoginByDefault** Determine if the mac login window or the cloud login window is shown by default **shouldShowMacLoginButton** Show the Mac Login Window button in XCreds Login
Name Type Required Description
ADDomain string The desired AD domain
clientID string always The OIDC client id public identifier for the app.
clientSecret string Client Secret sometimes required by identity provider.
CreateAdminUser boolean When set to true and the user account is created, the user will be a local admin.
CreateAdminIfGroupMember array List of groups that should have its members created as local administrators. Set as an Array of Strings of the group name.
shouldSwitchToLoginWindowWhenLocked boolean When set to true and the user locks the current session, XCreds will tell the system to switch to Login Window. The current session will stay active but the user will login with the XCreds Login Window to resume the session.
discoveryURL string always The discovery URL provided by your OIDC / Cloud provider.
EnableFDE boolean Enabled FDE enabled at first login on APFS disks.
EnableFDERecoveryKey boolean Save the Personal Recovery Key (PRK) to disk for the MDM Escrow Service to collect.
EnableFDERecoveryKeyPath string Specify a custom path for the recovery key.
EnableFDERekey boolean Rotate the Personal Recovery Key (PRK).
loginWindowWidth integer Login Window webview width (Integer). If this is not defined, it will be full width. Minimum value of 100.
loginWindowHeight integer Login Window webview height (Integer). If this is not defined, it will be full height. Minimum value of 100.
loginWindowBackgroundImageURL string URL to an image to show in the background while logging in.
passwordChangeURL string Add a menu item for changing the password that will open this URL when the menu item is selected.
redirectURI string URI to redirect to when authentication is complete.
refreshRateHours integer Number of hours for checking for password changes. Default is 3 hours. Minimum is 1 hour.
scopes string OIDC Scopes
shouldSetGoogleAccessTypeToOffline boolean When using Google IdP, a refresh token may need be requested in a non-standard way.
shouldShowCloudLoginByDefault boolean Determine if the mac login window or the cloud login window is shown by default
autoRefreshLoginTimer integer Timer for automatically refreshing login screen in seconds. If set to 0, does not automatically refresh.
cloudLoginText string Text for return to cloud login on Mac login screen
shouldShowAboutMenu boolean Show the About Menu
shouldShowRefreshBanner boolean Show text at the top of the prompt window when tokens expire.
shouldShowConfigureWifiButton boolean Show Configure WiFi button in XCreds Login.
shouldShowPreferencesOnStart boolean If no settings are specified, preferences will not be shown on startup.
shouldShowMacLoginButton boolean Show the Mac Login Window button in XCreds Login.
shouldShowSupportStatus boolean Show message in XCreds Login reminding people to buy support.
shouldShowQuitMenu boolean Show Quit Menu Item in the menu.
shouldShowVersionInfo boolean Show the version number and build number in the lower left corner of XCreds Login.
showDebug boolean Show debug local notifications.
username string When a user uses cloud login, XCreds will try and figure out the local username based on the email or other data returned for the IdP. Use this value to force the local username for any cloud login. Provide only the shortname.
KeychainReset boolean Reset the keychain without prompting if the login password doesn't match the local password.
PasswordOverwriteSilent boolean Update the password silently to the new one. Used with the KeychainReset if the user has a secure token.
localAdminUserName string Username of local admin user. DO NOT SET THIS IN PREFERENCES. It is recommended to set this with the settingsOverrideScriptPath script. This user is used to reset the keychain if the user forgets their local password and to setup a secure token for newly created users.
localAdminPassword string Password of local admin user. DO NOT SET THIS IN PREFERENCES. It is recommended to set this with the settingsOverrideScriptPath script. This user is used to reset the keychain if the user forgets their local password and to setup a secure token for newly created users.
verifyPassword boolean Show prompt to verify cloud password before setting keychain and login.
idpHostName string hostname of the page that has the password field.
idpHostNames array array of hostnames of the page that has the password field.
passwordElementID string password element id of the html element that has the password.
map_firstname string Local DS to OIDC Mapping for First Name
map_lastname string Local DS to OIDC Mapping for Last Name
map_fullname string Local DS to OIDC Mapping for Name
map_username string Local DS to OIDC Mapping for Name
settingsOverrideScriptPath string Script to override defaults. Must return valid property list with specified defaults. Script must exist at path ,be owned by root and only writable by root.
--- ## XCreds 3.0 (08/05/2023) Version 3.0 Build 3607 Released 2023-04-19 Updated license Fixed typo Fixed issue with crash if time is too far off Fixed regression for password change not capturing new password on Azure Added trial license --- ## XCreds 2.4 (13/04/2023) - fixed changing wifi not dismissing dialog - fixed issue with autorefresh - added frontmost when prompting for keychain password - fixed crashing issue due to null refreshview outlet - fixed names and links in manifest - tweaked text for user space refresh token window and added pref to show or hide - updated sample configu - fixed focus issue - fixed login window size and background image - added in login window height/width min value of 100 - added key for customizing return to xcreds; added preference and ability to automatically refresh login window - updated language on keychain option and added pref in manifest - added remove keychain option - added more logging for id token and bumped version to 2.3 - remove progress screen overlay because it was hiding filevault - added sub as local user account if other methods not available; added some additional logging - removed test time - fixed edge case when not showing xcreds login when logging out - fixed shouldShowCloudLoginByDefault not working - fixed timer issue - removed show prefs menu - implemented PasswordOverwriteSilent - implemented KeychainReset - added credit to script - added startup script - username hint was not being set - renamed mapped prefs with a prefix - changed case of keys - made keys lowercase for mappings - added new key for OIDC mapping --- ## XCreds 2.2 (11/01/2023) - (origin/develop, develop) remove progress screen overlay because it was hiding filevault - added sub as local user account if other methods not available; added some additional logging - removed test time - fixed edge case when not showing xcreds login when logging out - fixed shouldShowCloudLoginByDefault not working - fixed timer issue - removed show prefs menu - implemented PasswordOverwriteSilent - implemented KeychainReset - added credit to script - added startup script - username hint was not being set - renamed mapped prefs with a prefix - changed case of keys - made keys lowercase for mappings - added new key for OIDC mapping - (origin/feature-mappings, feature-mappings) added mappings for user info - Update README.md - (origin/release-2.1) removed spaces - removed registration reminder - added idhostnames array so you can specify multiple tenants - added shouldShowCloudLoginByDefault user default - fixed notification prompt - removed "prompt":"consent" - added a bit more logging - added okta compatibility - added autologin when fv enabled - Merge pull request #37 from kenchan0130/fix-issue-36 - Merge pull request #38 from kenchan0130/patch-azure-1 - Merge pull request #39 from kenchan0130/patch-2 - If fullname is empty, shortname is used. - Support a Azure AD host - enabled rekeying FileVault implementation - Update README.md - fixed package template issue and updated manifest - changed pref names for custom IDP / ADFS - --- ## XCreds 2.0 (31/08/2022) Login Window log in to OIDC provider Support for Azure, Google Cloud, Okta and any OIDC provider Initial account provisioning WiFi Login Window configuration Restart and shutdown from Login Window Profile manifest available for easy configuration Local password update with IdP password Prompt for IdP password when changed Login Keychain password updating Customizable preferences Easy deployment Uses OpenID Connect Attractive and pleasing menu icon Easy configuration with profile / MDM [Profile Manifest](https://github.com/ProfileCreator/ProfileManifests) for [Profile Creator](https://github.com/ProfileCreator/ProfileCreator) Support Two-Factor and Multi-Factor support --- ## prebeta (15/06/2022) prebeta --- ## Initial Release v1.0.0 (13/06/2022) Initial Release ================================================ FILE: Cartfile ================================================ #binary "https://bitbucket.org/twocanoes/productlicense-public/downloads/productlicense.json" #github "PaddleHQ/Mac-Framework-V4" git "git@bitbucket.org:twocanoes/productlicense.git" "nopaddle" ================================================ FILE: Cartfile.resolved ================================================ git "git@bitbucket.org:twocanoes/productlicense.git" "3c172c1211d98ff39aab8cf73fe2c2e94ae8a8bc" ================================================ FILE: DNSResolver.m ================================================ // // DNSResolver.m // NoMAD // // Created by Boushy, Phillip on 9/28/16. // Copyright © 2016 Orchard & Grove Inc. All rights reserved. // #import "DNSResolver.h" #include #include @interface DNSResolver () @property (nonatomic, assign, readwrite) BOOL finished; @property (nonatomic, copy, readwrite) NSError *error; // Private Properties @property (nonatomic, strong, readonly) NSMutableArray *mutableQueryResponse; @end @implementation DNSResolver { DNSServiceRef _dnsService; CFSocketRef _dnsSocket; } @synthesize queryType = _queryType; @synthesize queryValue = _queryValue; @synthesize delegate = _delegate; - init { self = [super init]; if (self != nil) { self->_mutableQueryResponse = [[NSMutableArray alloc] init]; } return self; } - initWithQueryType:(NSString*)queryType andValue:(NSString*)queryValue { assert(queryType != nil); assert(queryValue != nil); self = [super init]; if (self != nil) { self->_queryType = [queryType copy]; self->_queryValue = [queryValue copy]; self->_mutableQueryResponse = [[NSMutableArray alloc] init]; assert(self->_mutableQueryResponse != nil); } return self; } /* -(void)dealloc { [self stop]; } */ -(void)startQuery { if (self->_dnsService == NULL) { self.error = nil; self.finished = NO; [_mutableQueryResponse removeAllObjects]; [self startInternal]; } } -(uint16_t)getTypeAsInt { uint16_t recordType; if ([self.queryType isEqualToString:@"SRV"]) { recordType = kDNSServiceType_SRV; } else if ([self.queryType isEqualToString:@"PTR"]) { recordType = kDNSServiceType_PTR; } else { recordType = kDNSServiceType_ANY; } return recordType; } -(void)startInternal { DNSServiceErrorType err; const char * dnsNameCStr; int socketProtocol; int flags; // version (always 0), info (self because it's easy to reference?), retain, release, copyDescription CFSocketContext context = { 0, (__bridge void *) self, NULL, NULL, NULL }; CFRunLoopSourceRef runLoopSource; // Start off with no errors. err = kDNSServiceErr_NoError; //Create a C string of the queryValue and verifies it is not empty. dnsNameCStr = [self.queryValue UTF8String]; if (dnsNameCStr == nil) { err = kDNSServiceErr_BadParam; } // Create a query for the type and value if (err == kDNSServiceErr_NoError) { // perform different types of query based on queryType... uint16_t recordType = [self getTypeAsInt]; //uint32_t interfaceIndex = if_nametoindex("utun1"); // check for .local if ( [self.queryValue hasSuffix:@".local"]) { flags = (kDNSServiceFlagsReturnIntermediates + kDNSServiceFlagsTimeout); } else { flags = kDNSServiceFlagsReturnIntermediates; } // Create the DNS Query and reference it in self->_dnsService err = DNSServiceQueryRecord( &self->_dnsService, flags, 0, // query on all interfaces. dnsNameCStr, recordType, kDNSServiceClass_IN, DNSServiceRecordCallback, (__bridge void*) self ); } // Create a socket that listens for incoming messages related to the DNS Query. if (err == kDNSServiceErr_NoError) { socketProtocol = DNSServiceRefSockFD(self->_dnsService); self->_dnsSocket = CFSocketCreateWithNative( NULL, socketProtocol, kCFSocketReadCallBack, DNSSocketCallback, &context ); // Tell the socket to close on invalidation on top of any other flags it already has set. // This is good and the default. CFSocketSetSocketFlags( self->_dnsSocket, CFSocketGetSocketFlags(self->_dnsSocket) & ~ (CFOptionFlags) kCFSocketCloseOnInvalidate ); runLoopSource = CFSocketCreateRunLoopSource(NULL, self->_dnsSocket, 0); assert(runLoopSource != NULL); CFRunLoopAddSource(CFRunLoopGetCurrent(), runLoopSource, kCFRunLoopDefaultMode); CFRelease(runLoopSource); } if (err != kDNSServiceErr_NoError) { [self stopQueryWithDNSServiceError:err]; } } static void DNSServiceRecordCallback( DNSServiceRef dnsService, DNSServiceFlags flags, uint32_t interfaceIndex, DNSServiceErrorType errorCode, const char * fullname, uint16_t recordType, uint16_t recordClass, uint16_t recordLength, const void * recordData, uint32_t ttl, void * context ) { DNSResolver * obj; obj = (__bridge DNSResolver *)context; if (errorCode == kDNSServiceErr_NoError) { // Get Interface Name //char *interfaceNamePtr = alloca(IF_NAMESIZE); //char *interfaceName = if_indextoname(interfaceIndex, interfaceNamePtr); //NSLog(@"Interface Index is: %u. Interface Name is: %s", interfaceIndex, interfaceName); //Process Record [obj processRecord:recordData length:recordLength]; if ( ! (flags & kDNSServiceFlagsMoreComing) ) { [obj stopQueryWithError:nil]; } } else { [obj stopQueryWithDNSServiceError:errorCode]; } } static void DNSSocketCallback( CFSocketRef dnsSocket, CFSocketCallBackType type, CFDataRef address, const void * data, void * info ) { DNSServiceErrorType err; DNSResolver * obj; obj = (__bridge DNSResolver *)info; err = DNSServiceProcessResult(obj->_dnsService); if ( err != kDNSServiceErr_NoError) { [obj stopQueryWithDNSServiceError:err]; } } -(void)processRecord:(const void *)recordData length:(NSUInteger)recordLength { NSMutableData * resourceRecordData; dns_resource_record_t * resourceRecord; uint8_t u8; uint16_t u16; uint32_t u32; //Creating the data to send to dns_parse_resource_record. resourceRecordData = [NSMutableData data]; u8 = 0; [resourceRecordData appendBytes:&u8 length:sizeof(u8)]; // DNS Type uint16_t recordType = [self getTypeAsInt]; u16 = htons(recordType); [resourceRecordData appendBytes:&u16 length:sizeof(u16)]; // DNS Class u16 = htons(kDNSServiceClass_IN); [resourceRecordData appendBytes:&u16 length:sizeof(u16)]; // TTL u32 = htonl(666); [resourceRecordData appendBytes:&u32 length:sizeof(u32)]; // Record Length u16 = htons(recordLength); [resourceRecordData appendBytes:&u16 length:sizeof(u16)]; [resourceRecordData appendBytes:recordData length:recordLength]; //Parse the record resourceRecord = dns_parse_resource_record([resourceRecordData bytes], (uint32_t) [resourceRecordData length]); if (resourceRecord != NULL) { if ([self.queryType isEqualToString:@"SRV"]) { NSString * target = [NSString stringWithCString:resourceRecord->data.SRV->target encoding:NSASCIIStringEncoding]; if (target != nil) { NSDictionary * result; NSIndexSet * resultIndexSet; result = [NSDictionary dictionaryWithObjectsAndKeys: [NSNumber numberWithUnsignedInt:resourceRecord->data.SRV->priority], kSRVResolverPriority, [NSNumber numberWithUnsignedInt:resourceRecord->data.SRV->weight], kSRVResolverWeight, [NSNumber numberWithUnsignedInt:resourceRecord->data.SRV->port], kSRVResolverPort, target, kSRVResolverTarget, nil ]; assert(result != nil); resultIndexSet = [NSIndexSet indexSetWithIndex:self.queryResults.count]; assert(resultIndexSet != nil); [self willChange:NSKeyValueChangeInsertion valuesAtIndexes:resultIndexSet forKey:@"results"]; [self.mutableQueryResponse addObject:result]; [self didChange:NSKeyValueChangeInsertion valuesAtIndexes:resultIndexSet forKey:@"results"]; if ( (self.delegate != nil) && [self.delegate respondsToSelector:@selector(dnsResolver:didReceiveQueryResult:)] ) { [self.delegate dnsResolver:self didReceiveQueryResult:result]; } } } dns_free_resource_record(resourceRecord); } } # pragma mark - Stop Query Methods -(void)stopQuery { if (self->_dnsSocket != NULL) { CFSocketInvalidate(self->_dnsSocket); CFRelease(self->_dnsSocket); self->_dnsSocket = NULL; } if (self->_dnsService != NULL) { DNSServiceRefDeallocate(self->_dnsService); self->_dnsService = NULL; } self.finished = YES; } -(void)stopQueryWithError:(NSError *)error { self.error = error; [self stopQuery]; if ( (self.delegate != nil) && [self.delegate respondsToSelector:@selector(dnsResolver:didStopQueryWithError:)] ) { [self.delegate dnsResolver:self didStopQueryWithError:error]; } } - (void)stopQueryWithDNSServiceError:(DNSServiceErrorType)errorCode { NSError * error; error = nil; if (errorCode != kDNSServiceErr_NoError) { error = [NSError errorWithDomain:kDNSResolverErrorDomain code:errorCode userInfo:nil]; } [self stopQueryWithError:error]; } # pragma mark - Results - (NSArray *)queryResults { return [self.mutableQueryResponse copy]; } @end NSString * kSRVResolverPriority = @"priority"; NSString * kSRVResolverWeight = @"weight"; NSString * kSRVResolverPort = @"port"; NSString * kSRVResolverTarget = @"target"; NSString * kDNSResolverErrorDomain = @"kDNSResolverErrorDomain"; ================================================ FILE: DefaultsOverride.swift ================================================ // // DefaultsOverride.swift // XCreds // // Created by Timothy Perfitt on 5/21/23. // import Cocoa public class DefaultsOverride: UserDefaults { static let standardOverride = DefaultsOverride() private override init?(suiteName suitename: String?) { TCSLogWithMark() super.init(suiteName: suitename) self.refreshCachedPrefs() } private convenience init() { TCSLogWithMark() self.init(suiteName: nil)! } var cachedPrefs=Dictionary() @objc func refreshCachedPrefs() { TCSLogWithMark() cachedPrefs=Dictionary() let prefScriptPath = UserDefaults.standard.string(forKey: PrefKeys.settingsOverrideScriptPath.rawValue) guard let prefScriptPath = prefScriptPath else { TCSLogWithMark("no override defined") return } TCSLogErrorWithMark("Pref script defined at \(prefScriptPath)") if FileManager.default.fileExists(atPath:prefScriptPath)==false{ TCSLogErrorWithMark("Pref script defined but does not exist") return } do { let attributes = try FileManager.default.attributesOfItem(atPath: prefScriptPath) if FileManager.default.isExecutableFile(atPath: prefScriptPath) == false { TCSLogErrorWithMark("override script is not executable") return } guard let ownerID=attributes[.ownerAccountID] as? NSNumber else { TCSLogErrorWithMark("Could not get owner id") return } guard let permission = attributes[.posixPermissions] as? NSNumber else { TCSLogErrorWithMark("Could not get permission") return } if ownerID.uintValue != 92 { TCSLogErrorWithMark("override script is not owned by _securityagent. not running: \(ownerID.debugDescription)") return } let unixPermissions = permission.int16Value if unixPermissions & 0x3f != 0 { TCSLogErrorWithMark("override script cannot be accessible by anyone besides _securityagent. not running: \(unixPermissions)") return } let scriptRes=cliTask(prefScriptPath) if scriptRes.count==0{ TCSLogErrorWithMark("script did not return anything") return } TCSLogWithMark() guard let rawData = scriptRes.data(using: .utf8) else { TCSLogErrorWithMark("could not convert raw data"); return } var format: PropertyListSerialization.PropertyListFormat = .xml TCSLogWithMark() do { TCSLogWithMark() /* guard let propertyListObject = try PropertyListSerialization.propertyList(from: rawData, options: [], format: &format) else { TCSLogErrorWithMark("could not turn to plist") return } */ let propertyListObject = try PropertyListSerialization.propertyList(from: rawData, options: [], format: &format) if let propertyListObject = propertyListObject as? [String: Any] { cachedPrefs=propertyListObject } else { TCSLogWithMark("Could not convert to plist") } } catch { TCSLogErrorWithMark("Error converting script to property list: \(scriptRes)") return } TCSLogWithMark() } catch { TCSLogErrorWithMark(error.localizedDescription) } } override public func string(forKey defaultName: String) -> String? { if let defaultName = cachedPrefs[defaultName] as? String{ return defaultName } return UserDefaults.standard.string(forKey: defaultName) } override public func object(forKey defaultName: String) -> Any? { if let defaultName = cachedPrefs[defaultName]{ return defaultName } return UserDefaults.standard.object(forKey: defaultName) } override public func array(forKey defaultName: String) -> [Any]? { TCSLogWithMark() if let defaultName = cachedPrefs[defaultName] as? [Any]{ return defaultName } return UserDefaults.standard.array(forKey: defaultName) } override public func data(forKey defaultName: String) -> Data? { TCSLogWithMark() if let defaultName = cachedPrefs[defaultName] as? Data { return defaultName } return UserDefaults.standard.data(forKey: defaultName) } override public func integer(forKey defaultName: String) -> Int { if let defaultName = cachedPrefs[defaultName] as? Int { return defaultName } return UserDefaults.standard.integer(forKey: defaultName) } override public func float(forKey defaultName: String) -> Float { TCSLogWithMark() if let defaultName = cachedPrefs[defaultName] as? Float { return defaultName } return UserDefaults.standard.float(forKey: defaultName) } override public func double(forKey defaultName: String) -> Double { if let defaultName = cachedPrefs[defaultName] as? Double { return defaultName } return UserDefaults.standard.double(forKey: defaultName) } override public func bool(forKey defaultName: String) -> Bool { if let defaultName = cachedPrefs[defaultName] as? Bool { TCSLogWithMark("override value \(defaultName)") return defaultName } return UserDefaults.standard.bool(forKey: defaultName) } override public func url(forKey defaultName: String) -> URL? { TCSLogWithMark() if let defaultName = cachedPrefs[defaultName] as? URL { return defaultName } return UserDefaults.standard.url(forKey: defaultName) } } ================================================ FILE: Extensions.swift ================================================ // // Extensions.swift // NoMAD // // Created by Boushy, Phillip on 10/4/16. // Copyright © 2016 Orchard & Grove Inc. All rights reserved. // import Foundation // bitwise convenience prefix operator ~~ prefix func ~~(value: Int) -> Bool { return (value > 0) ? true : false } extension UserDefaults { func sint(forKey defaultName: String) -> Int? { let defaults = UserDefaults.standard let item = defaults.object(forKey: defaultName) if item == nil { return nil } // test to see if it's an Int if let result = item as? Int { return result } else { // it's a String! return Int(item as! String) } } } extension String { func safeURLPath() -> String? { let allowedCharacters = CharacterSet(bitmapRepresentation: CharacterSet.urlPathAllowed.bitmapRepresentation) return addingPercentEncoding(withAllowedCharacters: allowedCharacters) } func trim() -> String { return self.trimmingCharacters(in: CharacterSet.whitespaces) } func containsIgnoringCase(_ find: String) -> Bool { return self.range(of: find, options: NSString.CompareOptions.caseInsensitive) != nil } /* // TODO: move this to UserInfo func variableSwap() -> String { var cleanString = self let domain = defaults.string(forKey: Preferences.aDDomain) ?? "" let fullName = defaults.string(forKey: Preferences.displayName)?.addingPercentEncoding(withAllowedCharacters: CharacterSet.urlQueryAllowed) ?? "" let serial = getSerial().addingPercentEncoding(withAllowedCharacters: CharacterSet.urlQueryAllowed) ?? "" let shortName = defaults.string(forKey: Preferences.userShortName) ?? "" let upn = defaults.string(forKey: Preferences.userUPN) ?? "" let email = defaults.string(forKey: Preferences.userEmail) ?? "" cleanString = cleanString.replacingOccurrences(of: "<>", with: domain) cleanString = cleanString.replacingOccurrences(of: "<>", with: fullName) cleanString = cleanString.replacingOccurrences(of: "<>", with: serial) cleanString = cleanString.replacingOccurrences(of: "<>", with: shortName) cleanString = cleanString.replacingOccurrences(of: "<>", with: upn) cleanString = cleanString.replacingOccurrences(of: "<>", with: email) return cleanString //.addingPercentEncoding(withAllowedCharacters: .alphanumerics) } */ } ================================================ FILE: FileVaultLogin/AppDelegate.swift ================================================ // // AppDelegate.swift // FileVaultLogin // // Created by Timothy Perfitt on 10/8/25. // import Cocoa import os.log import ServiceManagement @main class AppDelegate: NSObject, NSApplicationDelegate { @IBOutlet var window: NSWindow! let helperToolManager = HelperToolManager() func applicationDidFinishLaunching(_ aNotification: Notification) { UserDefaults.standard.addSuite(named: "com.twocanoes.xcreds") TCSLogWithMark() switch helperToolManager.manageHelperTool(action: .install) { case .notRegistered: TCSLogWithMark() NSAlert.showAlert(title: "Error", message:"Service is not registered") return case .enabled: TCSLogWithMark() break case .requiresApproval: TCSLogWithMark("Service requires approval. Please select Allow in the notification or open System Preferences->Login Items and allow the service") SMAppService.openSystemSettingsLoginItems() return case .notFound: NSAlert.showAlert(title: "Error",message:"Service Not Found") return @unknown default: NSAlert.showAlert(title: "Error",message:"Unknown Error") return } TCSLogWithMark() let username = getConsoleUser() let cred = KeychainUtil().findPassword(serviceName: "xcreds local password", accountName: "xcreds local password") TCSLogWithMark() guard let cred = cred else { TCSLogWithMark("no valid password found") // NSAlert.showAlert(title:"Error",message:"No valid password found in keychain. If you have not logged out and logged in, please do so now.") NSApplication.shared.terminate(self) return } helperToolManager.runCommand(username:username, password:cred.password) { success in if success==true{ TCSLogWithMark("runCommand success") NSApplication.shared.terminate(self) } else { TCSLogWithMark() NSAlert.showAlert(title:"Error",message:"Cannot set filevault login") NSApplication.shared.terminate(self) } } TCSLogWithMark() } func applicationWillTerminate(_ aNotification: Notification) { // Insert code here to tear down your application } func applicationSupportsSecureRestorableState(_ app: NSApplication) -> Bool { return true } } ================================================ FILE: FileVaultLogin/Assets.xcassets/AccentColor.colorset/Contents.json ================================================ { "colors" : [ { "idiom" : "universal" } ], "info" : { "author" : "xcode", "version" : 1 } } ================================================ FILE: FileVaultLogin/Assets.xcassets/AppIcon.appiconset/Contents.json ================================================ { "images" : [ { "idiom" : "mac", "scale" : "1x", "size" : "16x16" }, { "idiom" : "mac", "scale" : "2x", "size" : "16x16" }, { "idiom" : "mac", "scale" : "1x", "size" : "32x32" }, { "idiom" : "mac", "scale" : "2x", "size" : "32x32" }, { "idiom" : "mac", "scale" : "1x", "size" : "128x128" }, { "idiom" : "mac", "scale" : "2x", "size" : "128x128" }, { "idiom" : "mac", "scale" : "1x", "size" : "256x256" }, { "idiom" : "mac", "scale" : "2x", "size" : "256x256" }, { "idiom" : "mac", "scale" : "1x", "size" : "512x512" }, { "idiom" : "mac", "scale" : "2x", "size" : "512x512" } ], "info" : { "author" : "xcode", "version" : 1 } } ================================================ FILE: FileVaultLogin/Assets.xcassets/Contents.json ================================================ { "info" : { "author" : "xcode", "version" : 1 } } ================================================ FILE: FileVaultLogin/Base.lproj/MainMenu.xib ================================================ Default Left to Right Right to Left Default Left to Right Right to Left ================================================ FILE: FileVaultLogin/FileVaultLogin.entitlements ================================================ ================================================ FILE: FilevaultLoginHelper/CodesignCheck.swift ================================================ // // CodesignCheck.swift // // Created by Erik Berglund on 2018-10-01. // Copyright © 2018 Erik Berglund. All rights reserved. // import Foundation import Security let kSecCSDefaultFlags = 0 enum CodesignCheckError: Error { case message(String) } struct CodesignCheck { // MARK: - Compare Functions public static func codeSigningMatches(pid: pid_t) throws -> Bool { return try self.codeSigningCertificatesForSelf() == self.codeSigningCertificates(forPID: pid) } // MARK: - Public Functions public static func codeSigningCertificatesForSelf() throws -> [SecCertificate] { guard let secStaticCode = try secStaticCodeSelf() else { return [] } return try codeSigningCertificates(forStaticCode: secStaticCode) } public static func codeSigningCertificates(forPID pid: pid_t) throws -> [SecCertificate] { guard let secStaticCode = try secStaticCode(forPID: pid) else { return [] } return try codeSigningCertificates(forStaticCode: secStaticCode) } public static func codeSigningCertificates(forURL url: URL) throws -> [SecCertificate] { guard let secStaticCode = try secStaticCode(forURL: url) else { return [] } return try codeSigningCertificates(forStaticCode: secStaticCode) } // MARK: - Private Functions private static func executeSecFunction(_ secFunction: () -> (OSStatus) ) throws { let osStatus = secFunction() guard osStatus == errSecSuccess else { throw CodesignCheckError.message(String(describing: SecCopyErrorMessageString(osStatus, nil))) } } private static func secStaticCodeSelf() throws -> SecStaticCode? { var secCodeSelf: SecCode? try executeSecFunction { SecCodeCopySelf(SecCSFlags(rawValue: 0), &secCodeSelf) } guard let secCode = secCodeSelf else { throw CodesignCheckError.message("SecCode returned empty from SecCodeCopySelf") } return try secStaticCode(forSecCode: secCode) } private static func secStaticCode(forPID pid: pid_t) throws -> SecStaticCode? { var secCodePID: SecCode? try executeSecFunction { SecCodeCopyGuestWithAttributes(nil, [kSecGuestAttributePid: pid] as CFDictionary, [], &secCodePID) } guard let secCode = secCodePID else { throw CodesignCheckError.message("SecCode returned empty from SecCodeCopyGuestWithAttributes") } return try secStaticCode(forSecCode: secCode) } private static func secStaticCode(forURL url: URL) throws -> SecStaticCode? { var secStaticCodePath: SecStaticCode? try executeSecFunction { SecStaticCodeCreateWithPath(url as CFURL, [], &secStaticCodePath) } guard let secStaticCode = secStaticCodePath else { throw CodesignCheckError.message("SecStaticCode returned empty from SecStaticCodeCreateWithPath") } return secStaticCode } private static func secStaticCode(forSecCode secCode: SecCode) throws -> SecStaticCode? { var secStaticCodeCopy: SecStaticCode? try executeSecFunction { SecCodeCopyStaticCode(secCode, [], &secStaticCodeCopy) } guard let secStaticCode = secStaticCodeCopy else { throw CodesignCheckError.message("SecStaticCode returned empty from SecCodeCopyStaticCode") } return secStaticCode } private static func isValid(secStaticCode: SecStaticCode) throws { try executeSecFunction { SecStaticCodeCheckValidity(secStaticCode, SecCSFlags(rawValue: kSecCSDoNotValidateResources | kSecCSCheckNestedCode), nil) } } private static func secCodeInfo(forStaticCode secStaticCode: SecStaticCode) throws -> [String: Any]? { try isValid(secStaticCode: secStaticCode) var secCodeInfoCFDict: CFDictionary? try executeSecFunction { SecCodeCopySigningInformation(secStaticCode, SecCSFlags(rawValue: kSecCSSigningInformation), &secCodeInfoCFDict) } guard let secCodeInfo = secCodeInfoCFDict as? [String: Any] else { throw CodesignCheckError.message("CFDictionary returned empty from SecCodeCopySigningInformation") } return secCodeInfo } private static func codeSigningCertificates(forStaticCode secStaticCode: SecStaticCode) throws -> [SecCertificate] { guard let secCodeInfo = try secCodeInfo(forStaticCode: secStaticCode), let secCertificates = secCodeInfo[kSecCodeInfoCertificates as String] as? [SecCertificate] else { return [] } return secCertificates } } ================================================ FILE: FilevaultLoginHelper/main.swift ================================================ // // main.swift // FilevaultLoginHelper // // Created by Timothy Perfitt on 10/3/25. // import Foundation import os.log let log = Logger(subsystem: "com.twocanoes.xcreds", category: "daemon") @objc(HelperToolProtocol) public protocol HelperToolProtocol { func authFV(username:String, password:String, withReply reply: @escaping (Bool) -> Void) func authFVAsAdmin(withReply reply: @escaping (Bool) -> Void) } // XPC Communication setup class HelperToolDelegate: NSObject, NSXPCListenerDelegate, HelperToolProtocol { func GetSecureTokenUserList() -> [String] { let launchPath = "/usr/bin/fdesetup" let args = [ "list" ] let secureTokenListRaw = cliTask(launchPath, arguments: args, waitForTermination: true) let partialList = secureTokenListRaw.components(separatedBy: "\n") var secureTokenUsers = [String]() for entry in partialList { let username = entry.components(separatedBy: ",")[0].trimmingCharacters(in: .whitespacesAndNewlines) if username != ""{ secureTokenUsers.append(entry.components(separatedBy: ",")[0]) } } return secureTokenUsers } // Accept new XPC connections by setting up the exported interface and object. func listener(_ listener: NSXPCListener, shouldAcceptNewConnection newConnection: NSXPCConnection) -> Bool { // Validate that the main app and helper app have the same code signing identity, otherwise return guard isValidClient(connection: newConnection) else { print("Rejected connection from unauthorized client") return false } newConnection.exportedInterface = NSXPCInterface(with: HelperToolProtocol.self) newConnection.exportedObject = self newConnection.resume() return true } // Execute the shell command and reply with output. func authFV(username:String, password:String, withReply reply: @escaping (Bool) -> Void) { let stUsers = GetSecureTokenUserList() guard stUsers.contains(username) else { TCSLogWithMark("user \(username) is not a secure token user. Not enabling authenticated reboot.") reply(false) return } if filevaultAuth(username: username, password: password) == true { TCSLogWithMark("Successfully authenticated with FileVault using local admin.") reply(true) } else { TCSLogWithMark("Error running fdesetup.") reply(false) } } func authFVAsAdmin(withReply reply: @escaping (Bool) -> Void) { do { let secretKeeper = try SecretKeeper(label: "XCreds Encryptor", tag: "XCreds Encryptor") let userManager = UserSecretManager(secretKeeper: secretKeeper) if let adminUser = try userManager.adminCredentials(), !adminUser.username.isEmpty, !adminUser.password.isEmpty { authFV(username: adminUser.username, password: adminUser.password, withReply: reply) } else { TCSLogWithMark("no valid admin credentials found to unlock FV") reply(false) } } catch { TCSLogWithMark("Error with secret keeper:\(error)") reply(false) } } // Check that the codesigning matches between the main app and the helper app private func isValidClient(connection: NSXPCConnection) -> Bool { do { return try CodesignCheck.codeSigningMatches(pid: connection.processIdentifier) } catch { print("Helper code signing check failed with error: \(error)") return false } } } // Set up and start the XPC listener. UserDefaults.standard.addSuite(named: "com.twocanoes.xcreds") let delegate = HelperToolDelegate() let listener = NSXPCListener(machServiceName: "com.twocanoes.FileVaultLoginHelper") listener.delegate = delegate listener.resume() RunLoop.main.run() ================================================ FILE: GoogleLDAP.swift ================================================ // // GoogleLDAP.swift // XCreds // // Created by Timothy Perfitt on 11/24/25. // import Foundation public class GoogleLDAP:NSObject { enum PasswordCheckResult { case PasswordValid case PasswordInvalid case OtherError } func verifyPasswordGoogleLDAP(username:String, password:String) -> PasswordCheckResult{ var arguments: [String] = [String]() arguments.append("-LLL") arguments.append("-H"); arguments.append("ldaps://ldap.google.com") arguments.append("-y"); arguments.append("/dev/stdin") arguments.append("-b"); arguments.append("dc=\(username)") arguments.append("-D"); arguments.append(username) arguments.append(username) let process = Process() process.executableURL = URL(fileURLWithPath: "/usr/bin/ldapsearch") process.arguments = arguments let pipe = Pipe() process.standardOutput = pipe process.standardError = pipe let stdInPipe = Pipe() process.standardInput=stdInPipe do { process.environment=["LDAPTLS_IDENTITY":"LDAP Client"] try process.run() stdInPipe.fileHandleForWriting.write(Data(password.utf8)) try? stdInPipe.fileHandleForWriting.close() process.waitUntilExit() } catch { TCSLogWithMark("Failed to run command: \(error.localizedDescription)") return PasswordCheckResult.OtherError } let data = pipe.fileHandleForReading.readDataToEndOfFile() let output = String(data: data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines) ?? "" TCSLogWithMark(output.isEmpty ? "No output" : output) switch process.terminationStatus { case 0: return PasswordCheckResult.PasswordValid case 49: return PasswordCheckResult.PasswordInvalid default: return PasswordCheckResult.OtherError } } } ================================================ FILE: History.md ================================================ # What's New In XCreds # ## XCreds 5.0 ## fixed HideExpiration in manifest allowLoginIfMemberOfGroup causes screen rendering issue after blocking sign in #233 added build file instructions updated package ref add missing files to repo allowLoginIfMemberOfGroup causes screen rendering issue after blocking sign in #233 Fail on map_username for AD #244 Issue with HomeMountEnabled #236 Clarify manifest descriptions for AD property names #245 XCreds Login Window Overlay Wallpaper not caching? #247 Update manifest description for CreateAdminIfGroupMember #251 Update login window when resolution changes #187 added missing files Enhancement request: Group Membership Zendesk Ticket 69193 #209 more Local login window dims and gets stuck after failed login attempt #242 updated history Expected AD field values not shown in XCreds log #237 updated history keyCodeForLoginWindowChange not working as expected #231 "Change Password" menuitem is now greyed out #239 Allow user to use full name to sign in at XCreds username/password screen #178 Feature Request: HideExpiration key #198 XCreds 5: Unexpected behavior of IP & MAC info via XCReds login window #232 Menubar sign in does not follow shouldUseROPGForMenuLogin #184 improved login animation Customize menu bar app icon #189 Update description for allowLoginIfMemberOfGroup #228 Add LocalFallback to manifest #229 --------- Enhancement Request "Mechanism to force xCreds to reevaluate Login Window Background Image" #227 View Add LocalFallback to manifest #229 View Update description for allowLoginIfMemberOfGroup #228 View Customize menu bar app icon #189 View improved login animation View Menubar sign in does not follow shouldUseROPGForMenuLogin #184 View XCreds 5: Unexpected behavior of IP & MAC info via XCReds login window #232 View Feature Request: HideExpiration key #198 View Allow user to use full name to sign in at XCreds username/password screen #178 View "Change Password" menuitem is now greyed out #239 View keyCodeForLoginWindowChange not working as expected #231 View updated history View Expected AD field values not shown in XCreds log #237 ------- keyCodeForLoginWindowChange not working as expected #231 "Change Password" menuitem is now greyed out #239 Allow user to use full name to sign in at XCreds username/password screen #178 Feature Request: HideExpiration key #198 XCreds 5: Unexpected behavior of IP & MAC info via XCReds login window #232 Menubar sign in does not follow shouldUseROPGForMenuLogin #184 improved login animation Customize menu bar app icon #189 Update description for allowLoginIfMemberOfGroup #228 Add LocalFallback to manifest #229 Enhancement Request "Mechanism to force xCreds to reevaluate Login Window Background Image" #227 ----- [Feature Request] Add a Password Expire date or Days for OIDC users and more #165. To test, set map_password_expiry to a claim in Azure (like street address) with a value in seconds from token issue (like 300 seconds) and verify that menu shows the correct date Custom Mac login window key combo #206 Enhancement request: Group Membership Zendesk Ticket 69193 #209 Setting HomeMountEnabled to false removes the home folder from the XCreds menuitems #213 ---------- Map UID #186 Menubar refresh is delayed when setting shouldPromptForADPasswordChange #195 Fix formatting for systemInfoButtonTitle #221 Corrections for manifest #224 Hang at login after password reset #223 ---------- Customize the XCReds app's native login dialog box #179 [Feature Request] AD User Account Creation Name Mapping #172 [Feature Request] AD - User friendly fail prompts #193 AD attributes #166 systemInfoButtonTitle does not respond to plain text values #220 Clarify key name an description for shouldShowIfLocalOnlyUser #219 changed manifest version back one; added copying DS user attibutes to prefs. Enhancement Request: XCreds app cant update ds #212 ---------- [Feature Request] Add option to customize the Refresh Banner text #176 Feature Request: EnforceSignIn #199 added new preference to manage more buttons on login screen: shouldShowShutdownButton, shouldShowRestartButton, shouldShowSystemInfoButton. Feature Request - Add key to disable showing shutdown and/or restart on login overlay #203 Allow override of killall loginwindow in xcreds postinstall script #181 bumped version of manifest Update manifest pfm_last_modified and pfm_version #164 fixed Fix manifest title for ROPG pref #183 added option for system info button title #154 System Info on XCreds Login Window #154 implemented Feature Request - Change the wording of the password change pop-up #202 ## XCreds 4.1 ## Customization of Menu Adding Menu Items Cloud + Active Directory SMB Share Mounting Admin Removal ## XCreds 4.0 ## Select Existing User Account During Account Creation Allow Admin to Reset User Password at Login Key Combination for Showing Standard and Mac Login Window Account Alias Saving Groups to Account Attributes CreateAdminIfGroupMember Checked At Each Login Add Arbitrary Claims to Local DS User Account Refactored Preferences for ROPG Allowed Users Other New Features and Fixes ## XCreds 3.3 ## ### Select Existing User Account During Account Creation ### Using the new preference key “shouldPromptForMigration”, when a new login is detected and there are existing standard user accounts on the system, the user will be prompted for a username and password (#98). If the username and password are successfully entered for an existing account, this local account will then be used when logging in with this cloud account. The local account has 2 new DS attributes added: dsAttrTypeNative:_xcreds_oidc_sub: Subscriber. Unique identifier for account within the current issuer. dsAttrTypeNative:_xcreds_oidc_iss: Issuer In subsequent logins, the user account is selected by matching the sub and iss from the identity token to the values in the local account. Note that the user will only be prompted if there are existing standard accounts on the system and the login does not have a locally mapped account. The dialog for migration has a “Create New Account” button that will allow them to skip migration and create a local account. If a local account using the prior logic exists, it will be mapped. ### Key Combination for showing Standard and Mac login window ### Setting the new preference key “shouldAllowKeyComboForMacLoginWindow” allows switch login between cloud and standard/Mac login using a key combination regardless of the hidden state of the Switch Login Window button (#121). The keys are as follows: Option-Control-Return: Switch between cloud and standard login window. Command-Option-Control-Return: Switch between cloud and Mac login window. ### Account Alias ### When a new preference is set (“aliasName”) to a claim in the identity token, the value in that claim is used to set an alias to the user account, allowing them to login with it. An example: Set the preferences to have aliasName = “upn”. Log in as barney@twocanoes.com. The identity token has a claim called “upn” whose value was “barney@twocanoes.com“. XCreds then adds barney@twocanoes.com that is an alias and the user can login with either barney or barney@twocanoes.com at the local and mac login window. This gives the user a consistent way to log in at the cloud login or the standard / Mac login window. ### New Features ### * Removed logging messages that had a local path from the build system. * Updates postinstall to better handle the setup assistant and userland install scenarios. Thanks to Clkw0rk for the pull request. * Reload login window on network changes. Thanks to Clkw0rk for the pull request and credit to @hurricanehrndz and the CPE Team at Yelp * Reload login window after wifi connected. Thanks to Clkw0rk for the pull request. * add encoding for special characters to tokenmanager. Thanks to Clkw0rk for the pull request. * use default desktop from CoreServices. Thanks to Clkw0rk and the CPE Team at Yelp for the pull request. ## XCreds 3.2 ## * Support for Okta ROPG * New preference key to force local login: shouldPreferLocalLoginInsteadOfCloudLogin * New preference key show login window based on detecting network status: shouldDetectNetworkToDetermineLoginWindow * Added self healing for auth rights * Added support for keyboard nav for controls * Detect offline and automatically switch to local login * Remove trailing and leading spaces entered in username ## XCreds 3.1 ## ### Active Directory Login ### New username and password window allows logging in with local user or Active Directory (if ADDomain key is defined). ### New Username and Password Window ### We no longer use the macOS login window and use the new XCreds username/password window. This allows for faster switching and Active Directory login. ### Switch to Login Window at Screen Saver ### When the "shouldSwitchToLoginWindowWhenLocked" key is set and XCreds is running in the user session and the screen is locked, the lock screen will fast user switch to the login window. When set to true and the user locks the current session, XCreds will tell the system to switch to Login Window. The current session will stay active but the user will log in with the XCreds Login Window to resume the session. ### Admin Group ### If group membership is returned in the "groups" claim and matches the group defined in the "CreateAdminIfGroupMember" preference, the user will be created as admin. ### kerberos ticket ### When app is first launched and there is a keychain item with an AD account and local password, a kerberos ticket will be attempted. ### Override Preference Script ### Most preferences can now be overwritten by specifying a script at the path defined by "settingsOverrideScriptPath". This script, if it exists, owned by \_securityagent, and has permissions 700 (accessible only by \_securityagent) must return a valid plist that defines the key/value pairs to override in preferences. This allows for basing preferences based on the local state of the machine. It is important for the "localAdminUserName" and "localAdminPassword" keys. See Reset Keychain for more information on this. The override script can also be used for querying the local state and setting preferences. For example, to randomly set the background image, a sample script "settingsOverrideScriptPath" defines a script: #!/bin/sh dir="/System/Library/Desktop Pictures" desktoppicture=`/bin/ls -1 "$dir"/*.heic | sort --random-sort | head -1` cat /usr/local/xcreds/override.plist|sed "s|DESKTOPPICTUREPATH|${desktoppicture}|g" The plist would be defined as: loginWindowBackgroundImageURL file://DESKTOPPICTUREPATH ### Reset Keychain ## In prior versions of XCreds, the ability to reset the keychain if the user forgets their local password would fail due to the lack of an admin user with a secure token. This would cause the "PasswordOverwriteSilent" to fail. The "settingsOverrideScriptPath" (see above) can return the admin username and password of an admin account that has a secure token. This admin user is then used to reset the user's keychain if they forgot their local password. This can either be done with user prompting or silently. The script can find those keys via curl, in system keychain, or in a LAPS file and return the values inside the plist that is returned. This gives flexibility in determining the security required for the local admin username and password. Note that XCreds assumes an admin user with a secure token already exists on the machine and XCreds does not create or manage this user. If you manage local admin via a LAPS system, you can return the password from the local password file. An example of an override script to return username and password are as follows: Override Script: ` #!/bin/sh` ` dir="/System/Library/Desktop Pictures"` ` desktoppicture=/bin/ls -1 "$dir"/*.heic | sort --random-sort | head -1` ` ` ` #this is provided as an example. DO NOT KEEP ADMIN CREDENTIALS ON DISK! Use curl or other method for getting them temporarily.` ` admin_username="tcadmin"` ` admin_password="twocanoes"` ` ` ` cat /usr/local/xcreds/override.plist | sed "s|LOCALADMINUSERNAME|${admin_username}|g" | sed "s|LOCALADMINPASSWORD|${admin_password}|g" ` plist: `` ` ` ` ` ` ` ` localAdminUserName` ` LOCALADMINUSERNAME` ` localAdminPassword` ` LOCALADMINPASSWORD` ` ` ` ` ### Others * added shake to password field * added dialog over login window when in an error state * improved code when local password policy does not allow setting password from cloud. * Added about menu with history ## New Keys **ADDomain** The desired AD domain **usernamePlaceholder** Placeholder text in local / AD login window for username **passwordPlaceholder** Placeholder text in local / AD login window for password **shouldShowLocalOnlyCheckbox** Show the local only checkbox on the local login page **CreateAdminIfGroupMember** List of groups that should have its members created as local administrators. Set as an Array of Strings of the group name. **shouldSwitchToLoginWindowWhenLocked** When set to true and the user locks the current session, XCreds will tell the system to switch to Login Window. The current session will stay active but the user will login with the XCreds Login Window to resume the session. **settingsOverrideScriptPath** Script to override defaults. Must return valid property list with specified defaults. Script must exist at path, be owned by root and only writable by root. **localAdminUserName** Username of local admin user. DO NOT SET THIS IN PREFERENCES. It is recommended to set this with the settingsOverrideScriptPath script. This user is used to reset the keychain if the user forgets their local password and to set up a secure token for newly created users. **localAdminPassword** Password of local admin user. DO NOT SET THIS IN PREFERENCES. It is recommended to set this with the settingsOverrideScriptPath script. This user is used to reset the keychain if the user forgets their local password and to set up a secure token for newly created users. **shouldShowCloudLoginByDefault** Determine if the Mac login window or the cloud login window is shown by default **shouldShowMacLoginButton** Show the Mac Login Window button in XCreds Login **shouldShowTokenUpdateStatus** Show the time when the password will be checked. True by default. ## Version 3.0 Build 3607 ## Released 2023-04-19 - Updated license - Fixed typo - Fixed issue with crash if time is too far off - Fixed regression for password change not capturing new password on Azure - Added trial license - Version 2.4 - Added 802.1x support; added support for pref key for finding password based on type=password - Fixed changing wifi not dismissing dialog - Fixed issue with autorefresh - Added frontmost when prompting for keychain password - Fixed crashing issue due to null refreshview outlet - Fixed names and links in manifest - Tweaked text for user space refresh token window and added pref to show or hide - Updated sample config - Fixed focus issue - Fixed login window size and background image - Added in login window height/width min value of 100 - Added key for customizing return to XCreds; added preference and ability to automatically refresh login window - Updated language on keychain option and added pref in manifest - Added remove keychain option ## Version 2.3 - Added more logging for id token - Removed progress screen overlay because it was hiding filevault - Added sub as local user account if other methods not available; added some additional logging - Removed test time - Fixed edge case when not showing xcreds login when logging out - Fixed shouldShowCloudLoginByDefault not working - Fixed timer issue - Removed show prefs menu - Implemented PasswordOverwriteSilent - Implemented KeychainReset - Added credit to script - Added startup script - Username hint was not being set - Renamed mapped prefs with a prefix - Changed case of keys - Made keys lowercase for mappings - Added new key for OIDC mapping ## Version 2.2 - Added mappings for user info ## Version 2.1 - Initial release ================================================ FILE: Javascript/get_pw/get_pw.html ================================================ Document

Click the button to have JavaScript change page content password fields.

The variable "result" will be logged on each keypress. This variable will contain a JSON object.

The key value for "passwords" will always contain an array with the values of all password fields present.

The key value for "ids" will always return an array with the values of all password field "id" attributes present. If any password elements do not have an "id" attribute set, the array will represent their position with an empty string.

================================================ FILE: Javascript/get_pw/get_pw.js ================================================ var elements = new Set(); var result = { "passwords": [], "ids": [], }; function watchWindow(){ var passwordElements = document.querySelectorAll('[type="password"]'); passwordElements.forEach(i=>elements.add(i)); var elementsArray = Array.from(elements); if (elementsArray.length == 0) { console.log("No password fields found"); } result.passwords = elementsArray.map(i=>i.value) .filter(i=>i !== ""); result.ids = elementsArray.map(i=>i.id); result.ids = [...new Set(result.ids)]; console.log(result); } watchWindow(); window.addEventListener('click', watchWindow); window.addEventListener('input', watchWindow); ================================================ FILE: KerbUtil.h ================================================ // // Header.h // NoMAD // // Created by Joel Rennich on 4/26/16. // Copyright © 2016 Orchard & Grove Inc. All rights reserved. // #import #import #import #import #import #import extern OSStatus SecKeychainItemSetAccessWithPassword(SecKeychainItemRef item, SecAccessRef access, UInt32 passLength, const void* password); @interface KerbUtil : NSObject @property (nonatomic, assign, readonly) BOOL finished; // observable - (NSDictionary *)getKerbCredentialWithPassword:password userPrincipal:(NSString *)userPrincipal; - (void)getKerberosCredentials:(NSString *)password :(NSString *)userPrincipal completion:(void(^)(NSDictionary *))callback; - (NSString *)getKerbCredentials:(NSString *)password :(NSString *)userPrincipal; //- (void)changeKerberosPassword:(NSString *)oldPassword :(NSString *)newPassword :(NSString *)userPrincipal completion:(void(^)(NSString *))callback; - (BOOL)changeKerberosPassword:(NSString *)oldPassword :(NSString *)newPassword :(NSString *)userPrincipal error:(NSError **)error; - (int)checkPassword:(NSString *)myPassword; - (int)changeKeychainPassword:(NSString *)oldPassword :(NSString *)newPassword; - (OSStatus)resetKeychain:(NSString *)password; @end ================================================ FILE: KerbUtil.m ================================================ // // KerbUtil.m // NoMAD // // Created by Joel Rennich on 4/26/16. // Copyright © 2016 Orchard & Grove Inc. All rights reserved. // #import "KerbUtil.h" #import #import #import #import #import #import #import "TCTaskHelper.h" #import "NSError+EasyError.h" @interface KerbUtil () //@property (nonatomic, assign, readwrite) BOOL finished; @end @implementation KerbUtil //we declare the private function SecKeychainChangePassword //this is private... so keep that in mind extern OSStatus SecKeychainChangePassword(SecKeychainRef keychainRef, UInt32 oldPasswordLength, const void* oldPassword, UInt32 newPasswordLength, const void* newPassword); extern OSStatus SecKeychainResetLogin(UInt32 passwordLength, const void* password, Boolean resetSearchList); - (void)getKerberosCredentials:(NSString *)password :(NSString *)userPrincipal completion:(void(^)(NSDictionary *))callback { NSDictionary *dict = [self getKerbCredentialWithPassword:password userPrincipal:userPrincipal]; if (!dict) { callback(nil); return; } callback(dict); } - (NSDictionary *)getKerbCredentialWithPassword:password userPrincipal:(NSString *)userPrincipal { OM_uint32 maj_stat; gss_name_t gname = GSS_C_NO_NAME; gss_cred_id_t cred = NULL; CFErrorRef error = NULL; // preflight for spaces in the userPrincipal gname = GSSCreateName((__bridge CFTypeRef _Nonnull)(userPrincipal), GSS_C_NT_USER_NAME, NULL); if (gname == NULL) { return nil; } NSDictionary *attrs = @{ (id)kGSSICPassword : password }; maj_stat = gss_aapl_initial_cred(gname, GSS_KRB5_MECHANISM, (__bridge CFDictionaryRef)attrs, &cred, &error); CFRelease(gname); if (maj_stat) { NSLog(@"error: %d %@", (int)maj_stat, error); NSDictionary *errorDict = CFBridgingRelease(CFErrorCopyUserInfo(error)) ; return errorDict; } CFRelease(cred); return nil ; } - (NSString *)getKerbCredentials:(NSString *)password :(NSString *)userPrincipal { NSDictionary *errorDict = [self getKerbCredentialWithPassword:password userPrincipal:userPrincipal]; if (!errorDict) {return nil;} return [ errorDict valueForKey:@"NSDescription"]; } - (BOOL)changeKerberosPassword:(NSString *)oldPassword :(NSString *)newPassword :(NSString *)userPrincipal error:(NSError **)error{ OM_uint32 maj_stat; gss_name_t gname = GSS_C_NO_NAME; CFErrorRef cferror = NULL; gname = GSSCreateName((__bridge CFTypeRef _Nonnull)(userPrincipal), GSS_C_NT_USER_NAME, NULL); if (gname == NULL) { *error=[NSError easyErrorWithTitle:@"GSSCreateName Error" body:@"error: failed to create GSS name" line:__LINE__ file:@__FILE__]; return NO; } NSDictionary *attrs = @{ (id)kGSSChangePasswordOldPassword: oldPassword, (id)kGSSChangePasswordNewPassword: newPassword }; maj_stat = gss_aapl_change_password(gname, GSS_KRB5_MECHANISM, (__bridge CFDictionaryRef)attrs, &cferror); CFRelease(gname); if (maj_stat) { NSLog(@"error: %d %@", (int)maj_stat, cferror); NSDictionary *errorDict = CFBridgingRelease(CFErrorCopyUserInfo(cferror)); NSString *errorMessage = [errorDict valueForKey:(@"NSDescription")]; *error=[NSError easyErrorWithTitle:@"Change Kerberos Password Error" body:errorMessage line:__LINE__ file:@__FILE__]; return NO; } return YES; } - (NSString *)changeKerbPassword:(NSString *)oldPassword :(NSString *)newPassword :(NSString *)userPrincipal { OM_uint32 maj_stat ; gss_name_t gname = GSS_C_NO_NAME; CFErrorRef error = NULL; gname = GSSCreateName((__bridge CFTypeRef _Nonnull)(userPrincipal), GSS_C_NT_USER_NAME, NULL); if (gname == NULL) return @"Error creating the GSS name."; // now change the password NSDictionary *attrs2 = @{ (id)kGSSChangePasswordOldPassword : oldPassword, (id)kGSSChangePasswordNewPassword : newPassword, }; maj_stat = gss_aapl_change_password(gname, GSS_KRB5_MECHANISM, (__bridge CFDictionaryRef)attrs2, &error); CFRelease(gname); if (maj_stat) { NSLog(@"error: %d %@", (int)maj_stat, error); NSDictionary *errorDict = CFBridgingRelease(CFErrorCopyUserInfo(error)) ; return [ errorDict valueForKey:(@"NSDescription")]; } // CFRelease(error); return nil; } - (int) checkPassword:(NSString *)myPassword { //there's a lot of setup here to check a password //we create an Authorization Right and then test it AuthorizationItem myAuthRight; myAuthRight.name = "system.login.tty"; myAuthRight.value = NULL; myAuthRight.valueLength = 0; myAuthRight.flags = 0; AuthorizationRights authRights; authRights.count = 1; authRights.items = &myAuthRight; //now to setup the authorization environment AuthorizationItem authEnvironmentItems[2]; authEnvironmentItems[0].name = kAuthorizationEnvironmentUsername; authEnvironmentItems[0].valueLength = NSUserName().length; authEnvironmentItems[0].value = (void *)[NSUserName() UTF8String]; authEnvironmentItems[0].flags = 0; authEnvironmentItems[1].name = kAuthorizationEnvironmentPassword; authEnvironmentItems[1].valueLength = myPassword.length; authEnvironmentItems[1].value = (void *)[myPassword UTF8String]; authEnvironmentItems[1].flags = 0; AuthorizationEnvironment authEnvironment; authEnvironment.count = 2; authEnvironment.items = authEnvironmentItems; //and now to actually do the auth OSStatus authStatus = AuthorizationCreate(&authRights, &authEnvironment, kAuthorizationFlagExtendRights, NULL); return (authStatus == errAuthorizationSuccess); } - (int) changeKeychainPassword:(NSString *)oldPassword :(NSString *)newPassword { // Set up some variables SecKeychainRef myDefaultKeychain; OSErr err; // Get the default keychain path, then attempt to change the password on it SecKeychainCopyDefault(&myDefaultKeychain); // Cast to proper types before function call UInt32 oldLength = (UInt32)oldPassword.length; UInt32 newLength = (UInt32)newPassword.length; const char *cStyleOldPassword = [oldPassword UTF8String]; const char *cStyleNewPassword = [newPassword UTF8String]; NSLog(@"Changing keychain password"); err = SecKeychainChangePassword(myDefaultKeychain, oldLength, cStyleOldPassword, newLength, cStyleNewPassword); if (err == noErr) { NSLog(@"Password changed successfully"); return 1; } else if (err == -25293) { // Let's try again because sometimes it returns -25293 error, but password is changed. // No public function that does the same, we need to stick with it. err = SecKeychainChangePassword(myDefaultKeychain, oldLength, cStyleOldPassword, newLength, cStyleNewPassword); if (err == noErr) { NSLog(@"Password changed successfully"); return 1; } else { NSLog(@"Bad password. Keychain change was not successful."); return 0; } } else { NSLog(@"Keychain change error."); return 0; } } - (OSStatus)resetKeychain:(NSString *)password { return SecKeychainResetLogin((UInt32)password.length, [password UTF8String], YES); } @end ================================================ FILE: KlistUtil.swift ================================================ // // KlistUtil.swift // NoMAD // // Created by Joel Rennich on 7/18/16. // Copyright © 2016 Orchard & Grove Inc. All rights reserved. // import Foundation import GSS // Class to parse klist -v --json and return all tickets and times // TODO: Handle multiple caches at the same time // TODO: pack everything into one structure public struct Ticket { var expired: Bool var expires: Date var defaultCache: Bool var principal: String var krb5Cache: krb5_ccache? var GSSItem: GSSItemRef? } // singleton for the class @available(macOS, deprecated: 11) public let klistUtil = KlistUtil() @available(macOS, deprecated: 11) public class KlistUtil { var dateFormatter = DateFormatter() public var tickets = [String:Ticket]() // var tempDict = [String:Ticket]() public var defaultPrincipal: String? public var defaultExpires: Date? public init() { if let adDomainFromPrefs = DefaultsOverride.standardOverride.string(forKey: PrefKeys.aDDomain.rawValue){ createBasicKerbPrefs(realm: adDomainFromPrefs.uppercased()) } dateFormatter.dateFormat = "yyyyMMddHHmmss" } // Create a minimal com.apple.Kerberos file so we don't barf on password change fileprivate func createBasicKerbPrefs(realm: String?) { // get the defaults for com.apple.Kerberos let kerbPrefs = UserDefaults.init(suiteName: "com.apple.Kerberos") // get the list defaults, or create an empty dictionary if there are none let kerbDefaults = kerbPrefs?.dictionary(forKey: "libdefaults") ?? [String:AnyObject]() // test to see if the domain_defaults key already exists, if not build it if kerbDefaults["default_realm"] != nil { TCSLogWithMark("Existing default realm. Skipping adding default realm to Kerberos prefs.") } else { // build a dictionary and add the KDC into it then write it back to defaults let libDefaults = NSMutableDictionary() libDefaults.setValue(realm, forKey: "default_realm") kerbPrefs?.set(libDefaults, forKey: "libdefaults") } } @available(macOS, deprecated: 11) public func returnTickets() -> [Ticket] { // update the tickets klist() var results = [Ticket]() for ticket in tickets { results.append(ticket.value) } return results } // convenience function to return all principals public func returnPrincipals() -> [String] { klist() return tickets.keys.sorted() } // convenience function to return default principal public func returnDefaultPrincipal() -> String { return defaultPrincipal ?? "No Ticket" } public func returnDefaultExpiration() -> Date? { return defaultExpires } @available(macOS, deprecated: 11) public func klist() { let sema = DispatchSemaphore(value: 0) // clear the current cached tickets tickets.removeAll() defaultPrincipal = nil defaultExpires = nil // use krb5 API to get default tickets and all tickets, including expired ones var context: krb5_context? = nil krb5_init_secure_context(&context) var oCache : krb5_ccache? = nil _ = UnsafeMutablePointer.init(oCache) let cname = krb5_cc_default_name(context) let defaultName = String(cString: cname!).replacingOccurrences(of: "API:", with: "") var cursor: krb5_cccol_cursor? = nil // var ret: krb5_error_code? = nil var min_stat = OM_uint32() let _ = krb5_cccol_cursor_new(context, &cursor) while ((krb5_cccol_cursor_next(context, cursor, &oCache) == 0 ) && oCache != nil) { let name = (String(cString: (krb5_cc_get_name(context, oCache)))) var krb5Principal : krb5_principal? = nil _ = krb5_cc_get_principal(context, oCache, &krb5Principal) var krb5PrincName : UnsafeMutablePointer? = nil guard let principal = krb5Principal else { print("Principal is nil, unable to get principal name") continue } krb5_unparse_name(context, principal, &krb5PrincName) guard let princName = krb5PrincName else { print("Principal Name is nil, unable to get tickets") continue } let princNameString = String(cString: princName) tickets[princNameString] = Ticket(expired: true, expires: Date.distantPast, defaultCache: false, principal: princNameString, krb5Cache: oCache, GSSItem: nil) if name == defaultName { //print("Default principal: " + princNameString ) defaultPrincipal = princNameString defaultExpires = Date.distantPast tickets[princNameString]?.defaultCache = true } } // now move to GSS APIs to get expiration times // TODO: move this all to GSS APIs when the GSS API functionality is there gss_iter_creds(&min_stat, 0, nil, { a, cred in _ = OM_uint32() _ = gss_buffer_desc() if cred != nil { let name = GSSCredentialCopyName(cred!) if name != nil { let displayName = GSSNameCreateDisplayString(name!)! let displayNameString = String(describing: displayName.takeRetainedValue()) //print(displayNameString) let lifetime = GSSCredentialGetLifetime(cred!) let expiretime = Date().addingTimeInterval(TimeInterval(lifetime)) //print(self.tickets[displayNameString]) self.tickets[displayNameString]?.expired = false self.tickets[displayNameString]?.expires = expiretime self.tickets[displayNameString]?.GSSItem = cred if self.defaultPrincipal == displayNameString { self.defaultExpires = expiretime } } else { print("Expired credential - ignoring.") } } sema.signal() TCSLogWithMark("Tickets: " + self.tickets.keys.joined(separator: ", ")) }) sema.wait() //return tickets // clean up any expired tickets let ticks = tickets tickets.removeAll() for tick in ticks { if !tick.value.expired { // ticket is not expired add it back tickets[tick.value.principal] = tick.value } } //print(tickets) } @available(macOS, deprecated: 11) public func hasTickets(principal: String) -> Bool { klist() return tickets.keys .map { $0.lowercased() } .contains(principal.lowercased()) } // function to delete a kerb ticket @available(macOS, deprecated: 11) public func kdestroy(princ: String = "" ) { var name = "" if princ == "" { name = defaultPrincipal! } else { name = princ } TCSLogWithMark("Destroying ticket for: " + princ) // update this for GSSAPI when the functionality is there var context: krb5_context? = nil krb5_init_secure_context(&context) krb5_cc_destroy(context, tickets[name]?.krb5Cache) } // function to switch the default cache @available(macOS, deprecated: 11) public func kswitch(princ: String = "" ) { var name = "" var p : krb5_principal? = nil var cache: krb5_ccache? = nil if princ == "" { name = defaultPrincipal! } else { name = princ } var nameInt = Int8(name) TCSLogWithMark("Switching ticket for: " + princ) // update this for GSSAPI when the functionality is there var context: krb5_context? = nil krb5_init_secure_context(&context) krb5_parse_name(context!, &nameInt!, &p) krb5_cc_cache_match(context, p, &cache) // krb5_cc_set_default_name } } ================================================ FILE: LICENSE ================================================ Copyright 2022 Twocanoes Software, Inc Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ================================================ FILE: Logger.swift ================================================ // // Logger.swift // NoMAD // // Created by Joel Rennich on 9/6/16. // Copyright © 2016 Orchard & Grove Inc. All rights reserved. // /// A singleton `Logger` instance for the app to use. let myLogger = Logger() import Foundation import os.log /// The individual logging levels to use when logging in NoMAD /// /// - base: General errors /// - info: Positive info /// - notice: Nice to know issues that may, or may not, cause issues /// - debug: Lots of verbose logging enum LogLevel: Int { /// General errors case base = 0 /// Positive info case info = 1 /// Nice to know issues that may, or may not, cause issues case notice = 2 /// Lots of verbose logging case debug = 3 } var log: OSLog? { if #available(OSX 10.12, *) { return OSLog(subsystem: "menu.nomad.login.ad", category: "framework") } else { return nil } } /// Simple class to handle logging levels. Use the `LogLevel` enum to specify the logging details. class Logger { /// Set to a level from `LogLevel` enum to control what gets logged. var loglevel: LogLevel /// Init method simply check to see if Verbose logging is enabled or not for the Logger object. init() { let defaults = UserDefaults.init(suiteName: "menu.nomad.login.ad") if defaults?.bool(forKey: "Verbose") ?? false { NSLog("Enaging verbose logging") loglevel = .debug } else { loglevel = .base } } /// Simple wrapper around NSLog to provide control of logging. /// /// - Parameters: /// - level: A value from `LogLevel` enum /// - message: A `String` that describes the information to be logged func logit(_ level: LogLevel, message: String) { if (level.rawValue <= loglevel.rawValue) { if #available(OSX 10.12, *) { os_log("%{public}@", log: log!, type: .debug, message) } else { NSLog("level: \(level) - " + message) } } } } ================================================ FILE: NoMADSession.swift ================================================ // // ADUser.swift // nomad-ad // // Created by Joel Rennich on 9/9/17. // Copyright © 2018 Orchard & Grove Inc. All rights reserved. // import Foundation //import NoMADPRIVATE public protocol NoMADUserSession { func getKerberosTicket(principal: String?, completion: @escaping (KerberosTicketResult) -> Void) func authenticate(authTestOnly: Bool) // func changePassword(oldPassword: String, newPassword: String, completion: @escaping (String?) -> Void) func changeKerberosPassword() throws func userInfo() var delegate: NoMADUserSessionDelegate? { get set } var state: NoMADSessionState { get } } public typealias KerberosTicketResult = Result public protocol NoMADUserSessionDelegate: AnyObject { func NoMADAuthenticationSucceeded() func NoMADAuthenticationFailed(error: NoMADSessionError, description: String) func NoMADUserInformation(user: ADUserRecord) } public enum NoMADSessionState { case success case offDomain case siteFailure case networkLookup case passwordChangeRequired case unset case lookupError case kerbError } public enum NoMADSessionError: String, Error { case OffDomain case UnAuthenticated case SiteError case StateError case AuthenticationFailure case KerbError case PasswordExpired = "Password has expired" case UnknownPrincipal case wrongRealm = "Wrong realm" } public enum LDAPType { case AD case OD } public enum GSSErrorKey : String { case mechanismKey = "kGSSMechanism" case mechanismOIDKey = "kGSSMechanismOID" case majorErrorCodeKey = "kGSSMajorErrorCode" case minorErrorCodeKey = "kGSSMinorErrorCode" case descriptionKey = "NSDescription" } public struct GSSError { var mechanism:String var mechanismOID:String var majorErrorCode:Int var minorErrorCode:UInt var description:String } public struct NoMADLDAPServer { var host: String var status: String var priority: Int var weight: Int var timeStamp: Date } // MARK: Start of public class /// A general purpose class that is the main entrypoint for interactions with Active Directory. @available(macOS, deprecated: 11) public class NoMADSession: NSObject { public var state: NoMADSessionState = .offDomain // current state of affairs weak public var delegate: NoMADUserSessionDelegate? // delegate public var site: String = "" // current AD site public var defaultNamingContext: String = "" // current default naming context private var hosts = [NoMADLDAPServer]() // list of LDAP servers private var resolver = DNSResolver() // DNS resolver object private var maxSSF = "" // current security level in place for LDAP lookups private var URIPrefix = "ldap://" // LDAP or LDAPS private var current = 0 // current LDAP server from hosts public var home = "" // current active user home public var ldapServers: [String]? // static DCs to use instead of looking up via DNS records // Base configuration prefs // change these on the object as needed public var domain: String = "" // current LDAP Domain - can be set with init public var kerberosRealm: String = "" // Kerberos realm public var createKerbPrefs: Bool = true // Determines if skeleton Kerb prefs should be set public var siteIgnore: Bool = false // ignore site lookup? public var siteForce: Bool = false // force a site? public var siteForceSite: String = "" // what site to force public var ldaptype: LDAPType = .AD // Type of LDAP server public var port: Int = 389 // LDAP port typically either 389 or 636 public var anonymous: Bool = false // Anonymous LDAP lookup public var useSSL: Bool = false // Toggle SSL public var recursiveGroupLookup : Bool = false // Toggle recursive group lookup // User public var userPrincipal: String = "" // Full user principal public var userPrincipalShort: String = "" // user shortname - necessary for any lookups to happen public var userRecord: ADUserRecord? = nil // ADUserRecordObject containing all user information public var userPass: String = "" // for auth public var oldPass: String = "" // for password changes public var newPass: String = "" // for password changes public var customAttributes : [String]? // conv. init with domain and user /// Convience initializer to create a `NoMADSession` with the given domain, username, and `LDAPType` /// /// - Parameters: /// - domain: The AD domain for the user. /// - user: The user's name. Either the User Principal Short, or the Users Principal name including the @domain syntax are accepted. /// - type: The type of LDAP connection. Defaults to AD. public init(domain: String, user: String, type: LDAPType = .AD) { // configuration parts self.domain = domain self.ldaptype = type // check for the REALM if user.contains("@") { self.userPrincipalShort = user.components(separatedBy: "@").first! self.kerberosRealm = user.components(separatedBy: "@").last!.uppercased() self.userPrincipal = user } else { self.userPrincipalShort = user self.kerberosRealm = domain.uppercased() self.userPrincipal = user + "@\(self.kerberosRealm)" } } // MARK: conv functions // Return the current server var currentServer: String { TCSLogWithMark("Computed currentServer accessed in state: \(String(describing: state))") if state != .offDomain { if hosts.isEmpty { TCSLogWithMark("Make sure we have LDAP servers") getHosts(domain) } TCSLogWithMark("Lookup the current LDAP host in: \(String(describing: hosts))") return hosts[current].host } else { return "" } } // MARK: DNS Main fileprivate func parseSRVReply(_ results: inout [String]) { if (self.resolver.error == nil) { TCSLogWithMark("Did Receive Query Result: " + self.resolver.queryResults.description) TCSLogWithMark("Copy \(resolver.queryResults.count) result to records") let records = self.resolver.queryResults as! [[String:AnyObject]] TCSLogWithMark("records dict ready: " + records.debugDescription) for record: Dictionary in records { TCSLogWithMark("Adding: \(String(describing: record["target"]))") let host = record["target"] as! String TCSLogWithMark("Created host: " + host) results.append(host) TCSLogWithMark("Added host to results: \(String(describing: results))") } } else { TCSLogWithMark("Query Error: " + self.resolver.error.localizedDescription) } } func getSRVRecords(_ domain: String, srv_type: String="_ldap._tcp.") -> [String] { self.resolver.queryType = "SRV" self.resolver.queryValue = srv_type + domain // TODO: Do we need to exclude _kpasswd? if (site != "" && !srv_type.contains("_kpasswd")) { self.resolver.queryValue = srv_type + site + "._sites." + domain } var results = [String]() TCSLogWithMark("Starting DNS query for SRV records.") self.resolver.startQuery() while ( !self.resolver.finished ) { RunLoop.current.run(mode: RunLoop.Mode.default, before: Date.distantFuture) } parseSRVReply(&results) TCSLogWithMark("Returning results: \(String(describing: results))") return results } fileprivate func parseHostsReply() { if (self.resolver.error == nil) { TCSLogWithMark("Did Receive Query Result: " + self.resolver.queryResults.description) var newHosts = [NoMADLDAPServer]() let records = self.resolver.queryResults as! [[String:AnyObject]] for record: Dictionary in records { let host = record["target"] as! String let priority = record["priority"] as! Int let weight = record["weight"] as! Int // let port = record["port"] as! Int let currentServer = NoMADLDAPServer(host: host, status: "found", priority: priority, weight: weight, timeStamp: Date()) newHosts.append(currentServer) } // now to sort them let fallbackHosts = self.hosts self.hosts = newHosts.sorted { (x, y) -> Bool in return ( x.priority <= y.priority ) } // add back in the globally avilable DCs in case the site has gone bust // credit to @mosen for this brilliant idea self.hosts.append(contentsOf: fallbackHosts) state = .success } else { TCSLogWithMark("Query Error: " + self.resolver.error.localizedDescription) state = .siteFailure self.hosts.removeAll() } } fileprivate func getHosts(_ domain: String ) { // check to see if we have static hosts if let servers = ldapServers { TCSLogWithMark("Using static DC list.") var newHosts = [NoMADLDAPServer]() for server in servers { let host = server let priority = 100 let weight = 100 // let port = record["port"] as! Int let currentServer = NoMADLDAPServer(host: host, status: "found", priority: priority, weight: weight, timeStamp: Date()) newHosts.append(currentServer) self.hosts = newHosts.sorted { (x, y) -> Bool in return ( x.priority <= y.priority ) } state = .success // fake a site to put something in site = "STATIC" return } } self.resolver.queryType = "SRV" self.resolver.queryValue = "_ldap._tcp." + domain if (self.site != "") { self.resolver.queryValue = "_ldap._tcp." + self.site + "._sites." + domain } // check for a query already running TCSLogWithMark("Starting DNS query for SRV records.") self.resolver.startQuery() while ( !self.resolver.finished ) { RunLoop.current.run(mode: RunLoop.Mode.default, before: Date.distantFuture) TCSLogWithMark("Waiting for DNS query to return.") } parseHostsReply() } fileprivate func testHosts() { if state == .success { for i in 0...( hosts.count - 1) { if hosts[i].status != "dead" { myLogger.logit(.info, message:"Trying host: " + hosts[i].host) // socket test first - this could be falsely negative // also note that this needs to return stderr let mySocketResult = cliTask("/usr/bin/nc -G 5 -z " + hosts[i].host + " " + String(port)) if mySocketResult.contains("succeeded!") { var attribute = "defaultNamingContext" // if socket test works, then attempt ldapsearch to get default naming context if ldaptype == .OD { attribute = "namingContexts" } // TODO: THINK ABOUT THIS //swapPrincipals(false) var myLDAPResult = "" if anonymous { myLDAPResult = cliTask("/usr/bin/ldapsearch -N -LLL -x " + maxSSF + "-l 3 -s base -H " + URIPrefix + hosts[i].host + " " + String(port) + " " + attribute) } else { myLDAPResult = cliTask("/usr/bin/ldapsearch -N -LLL -Q " + maxSSF + "-l 3 -s base -H " + URIPrefix + hosts[i].host + " " + String(port) + " " + attribute) } // TODO: THINK ABOUT THIS //swapPrincipals(false) if myLDAPResult != "" && !myLDAPResult.contains("GSSAPI Error") && !myLDAPResult.contains("Can't contact") { let ldifResult = cleanLDIF(myLDAPResult) if ( ldifResult.count > 0 ) { defaultNamingContext = getAttributeForSingleRecordFromCleanedLDIF(attribute, ldif: ldifResult) hosts[i].status = "live" hosts[i].timeStamp = Date() myLogger.logit(.base, message:"Current LDAP Server is: " + hosts[i].host ) myLogger.logit(.base, message:"Current default naming context: " + defaultNamingContext ) current = i break } } // We didn't get an actual LDIF Result... so LDAP isn't working. myLogger.logit(.info, message:"Server is dead by way of ldap test: " + hosts[i].host) hosts[i].status = "dead" hosts[i].timeStamp = Date() break } else { myLogger.logit(.info, message:"Server is dead by way of socket test: " + hosts[i].host) hosts[i].status = "dead" hosts[i].timeStamp = Date() } } } } guard ( hosts.count > 0 ) else { return } if hosts.last!.status == "dead" { myLogger.logit(.base, message: "All DCs in are dead! You should really fix this.") state = .offDomain } else { state = .success } } // MARK: Sites // private function to get the AD site fileprivate func findSite() { // backup the defaultNamingContext so we can restore it at the end. let tempDefaultNamingContext = defaultNamingContext // Setting defaultNamingContext to "" because we're doing a search against the RootDSE defaultNamingContext = "" // For info on LDAP Ping: https://msdn.microsoft.com/en-us/library/cc223811.aspx // For information on the values: https://msdn.microsoft.com/en-us/library/cc223122.aspx let attribute = "netlogon" // not sure if we need: (AAC=\00\00\00\00) let searchTerm = "(&(DnsDomain=\(domain))(NtVer=\\06\\00\\00\\00))" //NETLOGON_NT_VERSION_WITH_CLOSEST_SITE guard let ldifResult = try? getLDAPInformation([attribute], baseSearch: true, searchTerm: searchTerm, test: false, overrideDefaultNamingContext: true) else { myLogger.logit(LogLevel.base, message: "LDAP Query failed.") myLogger.logit(.debug, message:"Resetting default naming context to: " + tempDefaultNamingContext) defaultNamingContext = tempDefaultNamingContext return } let ldapPingBase64 = getAttributeForSingleRecordFromCleanedLDIF(attribute, ldif: ldifResult) if ldapPingBase64 == "" { myLogger.logit(LogLevel.base, message: "ldapPingBase64 is empty.") myLogger.logit(.debug, message:"Resetting default naming context to: " + tempDefaultNamingContext) defaultNamingContext = tempDefaultNamingContext return } guard let ldapPing: ADLDAPPing = ADLDAPPing(ldapPingBase64String: ldapPingBase64) else { myLogger.logit(.debug, message:"Resetting default naming context to: " + tempDefaultNamingContext) defaultNamingContext = tempDefaultNamingContext return } // calculate the site if siteIgnore { site = "" myLogger.logit(.debug, message:"Sites being ignored due to preferences.") } else if siteForce { site = siteForceSite myLogger.logit(.debug, message:"Site being forced to site set in preferences.") } else { site = ldapPing.clientSite } if (ldapPing.flags.contains(.DS_CLOSEST_FLAG)) { myLogger.logit(LogLevel.info, message:"The current server is the closest server.") } else { if ( site != "") { myLogger.logit(LogLevel.info, message:"Site \"\(site)\" found.") myLogger.logit(LogLevel.notice, message: "Looking up DCs for site.") //let domain = currentDomain let currentHosts = hosts getHosts(domain) if (hosts[0].host == "") { myLogger.logit(LogLevel.base, message: "Site \"\(site)\" has no DCs configured. Ignoring site. You should fix this.") hosts = currentHosts } testHosts() } else { myLogger.logit(LogLevel.base, message: "Unable to find site") } } myLogger.logit(.debug, message:"Resetting default naming context to: " + tempDefaultNamingContext) defaultNamingContext = tempDefaultNamingContext } // MARK: LDAP Retrieval func getLDAPInformation( _ attributes: [String], baseSearch: Bool=false, searchTerm: String="", test: Bool=true, overrideDefaultNamingContext: Bool=false) throws -> [[String:String]] { if test { guard testSocket(self.currentServer) else { throw NoMADSessionError.StateError } } // TODO: We need to un-comment this and figure out another way to pass a valid empty defaultNamingContext if (overrideDefaultNamingContext == false) { if (defaultNamingContext == "") || (defaultNamingContext.contains("GSSAPI Error")) { testHosts() } } // TODO // ensure we're using the right kerberos credential cache //swapPrincipals(false) let command = "/usr/bin/ldapsearch" var arguments: [String] = [String]() arguments.append("-N") if anonymous { arguments.append("-x") } else { arguments.append("-Q") } arguments.append("-LLL") arguments.append("-o") arguments.append("nettimeout=1") arguments.append("-o") arguments.append("ldif-wrap=no") if baseSearch { arguments.append("-s") arguments.append("base") } if maxSSF != "" { arguments.append("-O") arguments.append("maxssf=0") } arguments.append("-H") arguments.append(URIPrefix + self.currentServer) arguments.append("-b") arguments.append(self.defaultNamingContext) if ( searchTerm != "") { arguments.append(searchTerm) } arguments.append(contentsOf: attributes) let ldapResult = cliTask(command, arguments: arguments) TCSLogWithMark("command: \(command) args: \(arguments)") if (ldapResult.contains("GSSAPI Error") || ldapResult.contains("Can't contact")) { throw NoMADSessionError.StateError } let myResult = cleanLDIF(ldapResult) // TODO //swapPrincipals(true) return myResult } fileprivate func cleanGroups(_ groupsTemp: String?, _ groups: inout [String]) { // clean up groups if groupsTemp != nil { let groupsArray = groupsTemp!.components(separatedBy: ";") for group in groupsArray { let a = group.components(separatedBy: ",") var b = a[0].replacingOccurrences(of: "CN=", with: "") as String b = b.replacingOccurrences(of: "cn=", with: "") as String if b != "" { groups.append(b) } } myLogger.logit(.info, message: "You are a member of: " + groups.joined(separator: ", ") ) } } fileprivate func lookupRecursiveGroups(_ dn: String, _ groupsTemp: inout String?) { // now to get recursive groups if asked if recursiveGroupLookup { let attributes = ["name"] let searchTerm = "(member:1.2.840.113556.1.4.1941:=" + dn.replacingOccurrences(of: "\\", with: "\\\\5c") + ")" if let ldifResult = try? getLDAPInformation(attributes, searchTerm: searchTerm) { groupsTemp = "" for item in ldifResult { for components in item { if components.key == "dn" { groupsTemp?.append(components.value + ";") } } } } } } fileprivate func parseExpirationDate(_ computedExpireDateRaw: String?, _ passwordAging: inout Bool, _ userPasswordExpireDate: inout Date, _ userPasswordUACFlag: String, _ serverPasswordExpirationDefault: inout Double, _ tempPasswordSetDate: Date) { if computedExpireDateRaw != nil { // Windows Server 2008 and Newer if Int(computedExpireDateRaw!) == Int.max { // Password doesn't expire passwordAging = false // Set expiration to far away from now userPasswordExpireDate = Date.distantFuture } else if (Int(computedExpireDateRaw!) == 0) { // password needs to be reset passwordAging = true // set expirate to long ago userPasswordExpireDate = Date.distantPast } else { // Password expires passwordAging = true userPasswordExpireDate = NSDate(timeIntervalSince1970: (Double(computedExpireDateRaw!)!)/10000000-11644473600) as Date } } else { // Older then Windows Server 2008 // need to go old skool var passwordExpirationLength: String let attribute = "maxPwdAge" if let ldifResult = try? getLDAPInformation([attribute], baseSearch: true) { passwordExpirationLength = getAttributeForSingleRecordFromCleanedLDIF(attribute, ldif: ldifResult) } else { passwordExpirationLength = "" } if ( passwordExpirationLength.count > 15 ) { passwordAging = false } else if ( passwordExpirationLength != "" ) && userPasswordUACFlag != "" { if ~~( Int(userPasswordUACFlag)! & 0x10000 ) { passwordAging = false } else { serverPasswordExpirationDefault = Double(abs(Int(passwordExpirationLength)!)/10000000) passwordAging = true } } else { serverPasswordExpirationDefault = Double(0) passwordAging = false } userPasswordExpireDate = tempPasswordSetDate.addingTimeInterval(serverPasswordExpirationDefault) } } fileprivate func extractedFunc(_ attributes: [String], _ searchTerm: String) { if let ldifResult = try? getLDAPInformation(attributes, searchTerm: searchTerm) { let ldapResult = getAttributesForSingleRecordFromCleanedLDIF(attributes, ldif: ldifResult) _ = ldapResult["homeDirectory"] ?? "" _ = ldapResult["displayName"] ?? "" _ = ldapResult["memberOf"] _ = ldapResult["mail"] ?? "" _ = ldapResult["uid"] ?? "" } else { myLogger.logit(.base, message: "Unable to find user.") } } func getUserInformation() -> Bool { // some setup var passwordAging = true var tempPasswordSetDate = Date() var serverPasswordExpirationDefault = 0.0 var userPasswordExpireDate = Date() var groups = [String]() var userHome = "" if ldaptype == .AD { var attributes = ["pwdLastSet", "msDS-UserPasswordExpiryTimeComputed", "userAccountControl", "homeDirectory", "displayName", "memberOf", "mail", "userPrincipalName", "dn", "givenName", "sn", "cn", "msDS-ResultantPSO", "msDS-PrincipalName"] // passwordSetDate, computedExpireDateRaw, userPasswordUACFlag, userHomeTemp, userDisplayName, groupTemp if customAttributes?.count ?? 0 > 0 { attributes.append(contentsOf: customAttributes!) } let searchTerm = "(|(sAMAccountName="+userPrincipalShort+")(userPrincipalName="+userPrincipalShort+"@"+domain+"))" if let ldifResult = try? getLDAPInformation(attributes, searchTerm: searchTerm) { if ldifResult.count>1 { TCSLogWithMark("Multiple records found. exiting") return false } else if ldifResult.count==0 { TCSLogWithMark("no user records found. exiting") return false } let ldapResult = getAttributesForSingleRecordFromCleanedLDIF(attributes, ldif: ldifResult) TCSLogWithMark(ldapResult.description) let passwordSetDate = ldapResult["pwdLastSet"] let computedExpireDateRaw = ldapResult["msDS-UserPasswordExpiryTimeComputed"] let userPasswordUACFlag = ldapResult["userAccountControl"] ?? "" let userHomeTemp = ldapResult["homeDirectory"] ?? "" var userDisplayName = ldapResult["displayName"] ?? "" TCSLogWithMark("userDisplayName: \(userDisplayName)") if let mapKey = DefaultsOverride.standardOverride.object(forKey: PrefKeys.mapFullName.rawValue) as? String, mapKey.count>0, let mapValue = ldapResult[mapKey] { userDisplayName=mapValue TCSLogWithMark("userDisplayName: \(userDisplayName)") } TCSLogWithMark("userDisplayName: \(userDisplayName)") var firstName = ldapResult["givenName"] ?? "" if let mapKey = DefaultsOverride.standardOverride.object(forKey: PrefKeys.mapFirstName.rawValue) as? String, mapKey.count>0, let mapValue = ldapResult[mapKey] { firstName=mapValue } var lastName = ldapResult["sn"] ?? "" if let mapKey = DefaultsOverride.standardOverride.object(forKey: PrefKeys.mapLastName.rawValue) as? String, mapKey.count>0, let mapValue = ldapResult[mapKey] { lastName=mapValue } var shortName = userPrincipalShort if let mapKey = DefaultsOverride.standardOverride.object(forKey: PrefKeys.mapUserName.rawValue) as? String, mapKey.count>0, let mapValue = ldapResult[mapKey] { shortName=mapValue } var groupsTemp = ldapResult["memberOf"] let userEmail = ldapResult["mail"] ?? "" let UPN = ldapResult["userPrincipalName"] ?? "" let dn = ldapResult["dn"] ?? "" let cn = ldapResult["cn"] ?? "" let pso = ldapResult["msDS-ResultantPSO"] ?? "" let ntName = ldapResult["msDS-PrincipalName"] ?? "" var customAttributeResults : [String:Any]? if customAttributes?.count ?? 0 > 0 { var tempCustomAttr = [String:Any]() for key in customAttributes! { tempCustomAttr[key] = ldapResult[key] ?? "" } customAttributeResults = tempCustomAttr } if ldapResult.count == 0 { // we didn't get a result } lookupRecursiveGroups(dn, &groupsTemp) if (passwordSetDate != "") && (passwordSetDate != nil ) { tempPasswordSetDate = NSDate(timeIntervalSince1970: (Double(passwordSetDate!)!)/10000000-11644473600) as Date } parseExpirationDate(computedExpireDateRaw, &passwordAging, &userPasswordExpireDate, userPasswordUACFlag, &serverPasswordExpirationDefault, tempPasswordSetDate) cleanGroups(groupsTemp, &groups) // clean up the home userHome = userHomeTemp.replacingOccurrences(of: "\\", with: "/") userHome = userHome.replacingOccurrences(of: " ", with: "%20") // pack up user record TCSLogWithMark("userDisplayName: \(userDisplayName)") TCSLogWithMark("ldifResult: \(ldifResult.debugDescription)") userRecord = ADUserRecord(userPrincipal: userPrincipal,firstName: firstName, lastName: lastName, fullName: userDisplayName, shortName: shortName, upn: UPN, email: userEmail, groups: groups, homeDirectory: userHome, passwordSet: tempPasswordSetDate, passwordExpire: userPasswordExpireDate, uacFlags: Int(userPasswordUACFlag), passwordAging: passwordAging, computedExireDate: userPasswordExpireDate, updatedLast: Date(), domain: domain, cn: cn, pso: pso, passwordLength: getComplexity(pso: pso), ntName: ntName, customAttributes: customAttributeResults, rawAttributes: ldifResult.first) } else { myLogger.logit(.base, message: "Unable to find user.") } } else { let attributes = [ "homeDirectory", "displayName", "memberOf", "mail", "uid"] // passwordSetDate, computedExpireDateRaw, userPasswordUACFlag, userHomeTemp, userDisplayName, groupTemp // "maxPwdAge" // passwordExpirationLength let searchTerm = "uid=" + userPrincipalShort extractedFunc(attributes, searchTerm) } // pack up the user record return true } // MARK: LDAP cleanup functions fileprivate func cleanLDIF(_ ldif: String) -> [[String:String]] { //var myResult = [[String:String]]() var ldifLines: [String] = ldif.components(separatedBy: CharacterSet.newlines) var records = [[String:String]]() var record = [String:String]() var attributes = Set() for var i in 0.. 0) { records.append(record) } record = [String:String]() } // skip comment if ldifLines[lineIndex].hasPrefix("#") { continue } let attribute = ldifLines[lineIndex].split(separator: ":", maxSplits: 1, omittingEmptySubsequences: false).map(String.init) if attribute.count == 2 { // Get the attribute name (before ;), // then add to attributes array if it doesn't exist. var attributeName = attribute[0].trim() if let index = attributeName.firstIndex(of: ";") { attributeName = String(attributeName[..(start: val.startIndex.successor(), end: val.endIndex.predecessor())) + ";" + attributeValue + "\"" record[attributeName] = val + ";" + attributeValue } else { record[attributeName] = attributeValue } } } // save last record if record.count > 0 { records.append(record) } return records } fileprivate func getAttributeForSingleRecordFromCleanedLDIF(_ attribute: String, ldif: [[String:String]]) -> String { var result: String = "" var foundAttribute = false for record in ldif { for (key, value) in record { if attribute == key { foundAttribute = true result = value break; } } if (foundAttribute == true) { break; } } return result } fileprivate func getAttributesForSingleRecordFromCleanedLDIF(_ attributes: [String], ldif: [[String:String]]) -> [String:String] { var results = [String: String]() var foundAttribute = false for record in ldif { for (key, value) in record { if attributes.contains(key) { foundAttribute = true results[key] = value } } if (foundAttribute == true) { break; } } return results } fileprivate func cleanLDAPResultsMultiple(_ result: String, attribute: String) -> String { let lines = result.components(separatedBy: "\n") var myResult = "" for i in lines { if (i.contains(attribute)) { if myResult == "" { myResult = i.replacingOccurrences( of: attribute + ": ", with: "") } else { myResult = myResult + (", " + i.replacingOccurrences( of: attribute + ": ", with: "")) } } } return myResult } // private function that uses netcat to create a socket connection to the LDAP server to see if it's reachable. // using ldapsearch for this can take a long time to timeout, this returns much quicker fileprivate func testSocket( _ host: String ) -> Bool { let mySocketResult = cliTask("/usr/bin/nc -G 5 -z " + host + " " + String(port)) if mySocketResult.contains("succeeded!") { return true } else { return false } } // private function to test for an LDAP defaultNamingContext from the LDAP server // this tests for LDAP connectivity and gets the default naming context at the same time fileprivate func testLDAP ( _ host: String ) -> Bool { var attribute = "defaultNamingContext" // if socket test works, then attempt ldapsearch to get default naming context if ldaptype == .OD { attribute = "namingContexts" } // TODO //swapPrincipals(false) var myLDAPResult = "" if anonymous { myLDAPResult = cliTask("/usr/bin/ldapsearch -N -LLL -x " + maxSSF + "-l 3 -s base -H " + URIPrefix + host + " " + attribute) } else { myLDAPResult = cliTask("/usr/bin/ldapsearch -N -LLL -Q " + maxSSF + "-l 3 -s base -H " + URIPrefix + host + " " + attribute) } // TODO //swapPrincipals(true) if myLDAPResult != "" && !myLDAPResult.contains("GSSAPI Error") && !myLDAPResult.contains("Can't contact") { let ldifResult = cleanLDIF(myLDAPResult) if ( ldifResult.count > 0 ) { defaultNamingContext = getAttributeForSingleRecordFromCleanedLDIF(attribute, ldif: ldifResult) return true } } return false } // MARK: Kerberos preference file needs to be updated: // This function builds new Kerb prefs with KDC included if possible private func checkKpasswdServer() -> Bool { if hosts.isEmpty { TCSLogWithMark("Make sure we have LDAP servers") getHosts(domain) } TCSLogWithMark("Searching for kerberos srv records") let myKpasswdServers = getSRVRecords(domain, srv_type: "_kpasswd._tcp.") TCSLogWithMark("New kpasswd Servers are: " + myKpasswdServers.description) TCSLogWithMark("Current Server is: " + currentServer) if myKpasswdServers.contains(currentServer) { TCSLogWithMark("Found kpasswd server that matches current LDAP server.") TCSLogWithMark("Attempting to set kpasswd server to ensure Kerberos and LDAP are in sync.") // get the defaults for com.apple.Kerberos let kerbPrefs = UserDefaults.init(suiteName: "com.apple.Kerberos") // get the list defaults, or create an empty dictionary if there are none let kerbDefaults = kerbPrefs?.dictionary(forKey: "libdefaults") ?? [String:AnyObject]() // test to see if the domain_defaults key already exists, if not build it if kerbDefaults["default_realm"] != nil { TCSLogWithMark("Existing default realm. Skipping adding default realm to Kerberos prefs.") } else { // build a dictionary and add the KDC into it then write it back to defaults let libDefaults = NSMutableDictionary() libDefaults.setValue(kerberosRealm, forKey: "default_realm") kerbPrefs?.set(libDefaults, forKey: "libdefaults") } // get the list of domains, or create an empty dictionary if there are none var kerbRealms = kerbPrefs?.dictionary(forKey: "realms") ?? [String:AnyObject]() // test to see if the realm already exists, if not build it if kerbRealms[kerberosRealm] != nil { TCSLogWithMark("Existing Kerberos configuration for realm. Skipping adding KDC to Kerberos prefs.") return false } else { // build a dictionary and add the KDC into it then write it back to defaults let realm = NSMutableDictionary() //realm.setValue(myLDAPServers.currentServer, forKey: "kdc") realm.setValue(currentServer, forKey: "kpasswd_server") kerbRealms[kerberosRealm] = realm kerbPrefs?.set(kerbRealms, forKey: "realms") return true } } else { myLogger.logit(LogLevel.base, message: "Couldn't find kpasswd server that matches current LDAP server. Letting system chose.") return false } } // calculate password complexity fileprivate func getComplexity(pso: String="") -> Int? { if pso == "" { // no PSO for the user, get domain default let result = try? getLDAPInformation([ "minPwdLength"], baseSearch: true, searchTerm: "", test: true, overrideDefaultNamingContext: false) if result == nil { return nil } let resultClean = getAttributesForSingleRecordFromCleanedLDIF([ "minPwdLength"], ldif: result!) let final = resultClean[ "minPwdLength"] ?? "" if final == "" { return nil } else { return Int(final) } } else { // go get the pso let tempDefault = defaultNamingContext defaultNamingContext = pso let result = try? getLDAPInformation(["msDS-MinimumPasswordLength"], baseSearch: false, searchTerm: "(objectClass=msDS-PasswordSettings)") // set the default naming context back defaultNamingContext = tempDefault if result == nil { return nil } let resultClean = getAttributesForSingleRecordFromCleanedLDIF([ "msDS-MinimumPasswordLength"], ldif: result!) let final = resultClean["msDS-MinimumPasswordLength"] ?? "" if final == "" { return nil } else { return Int(final) } } } // Remove a default realm from the Kerb pref file fileprivate func cleanKerbPrefs(clearLibDefaults: Bool=false) { // get the defaults for com.apple.Kerberos let kerbPrefs = UserDefaults.init(suiteName: "com.apple.Kerberos") // get the list of domains, or create an empty dictionary if there are none var kerbRealms = kerbPrefs?.dictionary(forKey: "realms") ?? [String:AnyObject]() // test to see if the realm already exists, if it's already gone we are good if kerbRealms[kerberosRealm] == nil { TCSLogWithMark("No realm in com.apple.Kerberos defaults.") } else { TCSLogWithMark("Removing realm from Kerberos Preferences.") // remove the realm from the realms list kerbRealms.removeValue(forKey: kerberosRealm) // save the dictionary back to the pref file kerbPrefs?.set(kerbRealms, forKey: "realms") if clearLibDefaults { var libDefaults = kerbPrefs?.dictionary(forKey: "libdefaults") ?? [String:AnyObject]() libDefaults.removeValue(forKey: "default_realm") kerbPrefs?.set(libDefaults, forKey: "libdefaults") } } } } @available(macOS, deprecated: 11) extension NoMADSession: NoMADUserSession { public func getKerberosTicket(principal: String? = nil, completion: @escaping (KerberosTicketResult) -> Void) { // Check if system already has tickets if let principal = principal, klistUtil.hasTickets(principal: principal) { shareKerberosResult(completion: completion) return } KerbUtil().getKerberosCredentials(userPass, userPrincipal) { errorDict in self.userPass = "" if let errorDict = errorDict { self.state = .kerbError let sessionError: NoMADSessionError let errorValue = errorDict["NSDescription"] as? String ?? "Unknown error" switch errorValue { case NoMADSessionError.PasswordExpired.rawValue: sessionError = .PasswordExpired case NoMADSessionError.wrongRealm.rawValue: sessionError = .wrongRealm case _ where errorValue.contains("unable to reach any KDC in realm"): sessionError = .OffDomain default: sessionError = .KerbError } completion(.failure(sessionError)) } else { self.processKerberosResult(completion: completion) } } } private func processKerberosResult(completion: @escaping (KerberosTicketResult) -> Void) { state = .offDomain // Get ticket klistUtil.klist() // Check that ticket is valid if !klistUtil.returnDefaultPrincipal().contains(kerberosRealm) && !anonymous { completion(.failure(.UnAuthenticated)) return } if useSSL { URIPrefix = "ldaps://" port = 636 maxSSF = "-O maxssf=0 " } if let server = siteManager.sites[domain] { // use existing server hosts = server state = .success } else { getHosts(domain) guard !hosts.isEmpty else { completion(.failure(.OffDomain)) return } // write found server back to site manager siteManager.sites[domain] = hosts // LDAP Ping to find the correct site if ldaptype == .AD { findSite() guard state == .success else { completion(.failure(.SiteError)) return } } } testHosts() shareKerberosResult(completion: completion) } private func shareKerberosResult(completion: (KerberosTicketResult) -> Void) { let result: KerberosTicketResult if let userRecord = userRecord { result = .success(userRecord) } else { result = .failure(.KerbError) } completion(result) } /// Function to authenticate a user via Kerberos. If only looking to test the password, and not get a ticket, pass (authTestOnly: true). /// /// Note this will kill any pre-existing tickets for this user as well. /// /// - Parameter authTestOnly: Should this authentication attempt only validate the password without getting Kerberos tickets? Defaults to `false`. public func authenticate(authTestOnly: Bool = false) { // authenticate let kerbUtil = KerbUtil() // let kerbError = kerbUtil.getKerbCredentials(userPass, userPrincipal) kerbUtil.getKerberosCredentials(userPass, userPrincipal) { errorDict in // scrub the password field self.userPass = "" if let errorDict = errorDict as? Dictionary, let description = errorDict[GSSErrorKey.descriptionKey.rawValue] as? String, let majorErrorCode = errorDict[GSSErrorKey.majorErrorCodeKey.rawValue] as? Int, let minorErrorCode = errorDict[GSSErrorKey.minorErrorCodeKey.rawValue] as? NSNumber, let mechanism = errorDict[GSSErrorKey.mechanismKey.rawValue] as? String, let mechanismOID = errorDict[GSSErrorKey.mechanismOIDKey.rawValue] as? String { let error = GSSError(mechanism: mechanism, mechanismOID: mechanismOID, majorErrorCode: majorErrorCode, minorErrorCode: UInt(UInt32(truncating:minorErrorCode)), description: description) // error self.state = .kerbError switch error.description { case "Password has expired" : self.delegate?.NoMADAuthenticationFailed(error: NoMADSessionError.PasswordExpired, description: error.description) break case "Wrong realm" : self.delegate?.NoMADAuthenticationFailed(error: NoMADSessionError.wrongRealm, description: error.description) break case _ where error.description.range(of: "unable to reach any KDC in realm") != nil : self.delegate?.NoMADAuthenticationFailed(error: NoMADSessionError.OffDomain, description: error.description) break default: //user not found if error.majorErrorCode == 0x0D0000, error.minorErrorCode == 0x96C73A06, mechanismOID == "1 2 840 113554 1 2 2" { self.delegate?.NoMADAuthenticationFailed(error: NoMADSessionError.UnknownPrincipal, description: error.description) return } //other error self.delegate?.NoMADAuthenticationFailed(error: NoMADSessionError.KerbError, description: error.description) } } else { if authTestOnly { klistUtil.kdestroy(princ: self.userPrincipal) } self.delegate?.NoMADAuthenticationSucceeded() } } } /// Change the password for the current user session via closure // public func changePassword(oldPassword: String, newPassword: String, completion: @escaping (String?) -> Void) { // TCSLogWithMark("Change Kerberos password") // KerbUtil().changeKerberosPassword(oldPassword, newPassword, userPrincipal) { // if let errorValue = $0 { // completion(errorValue) // } else { // completion(nil) // } // } // } /// Change the password for the current user session via delegate. /// public func changeKerberosPassword() throws { // change user's password // check kerb prefs - otherwise we can get an error here if not set TCSLogWithMark("Checking kpassword server.") _ = checkKpasswdServer() // set up the KerbUtil TCSLogWithMark("Init KerbUtil.") let kerbUtil = KerbUtil() TCSLogWithMark("Change password for userPrincipal: \(userPrincipal)") try kerbUtil.changeKerberosPassword(oldPass, newPass, userPrincipal) // If the password change worked then we are online. Reauthenticate with new password. //should update keychain here if we are in userspace self.oldPass = "" self.newPass = "" // clean the kerb prefs so we don't reuse the KDCs self.cleanKerbPrefs() } public func userInfo() { // set state to offDomain on start state = .offDomain // check for valid ticket klistUtil.klist() if !klistUtil.returnDefaultPrincipal().contains(kerberosRealm) && !anonymous { // no ticket for realm delegate?.NoMADAuthenticationFailed(error: NoMADSessionError.UnAuthenticated, description: "No ticket for Kerberos realm \(kerberosRealm)") return } // now some setup if useSSL { URIPrefix = "ldaps://" port = 636 maxSSF = "-O maxssf=0 " } var lookupSite = true // check for connectivity and site if let server = siteManager.sites[domain] { // we have an existing server, let's use it lookupSite = false hosts = server } if lookupSite { getHosts(domain) } else { state = .success } // if no LDAP servers, we're off the domain so bail if hosts.count == 0 { var errorMessage = "No LDAP servers can be reached." switch ldaptype { case .AD: errorMessage = "No AD Domain Controllers can be reached." case .OD: errorMessage = "No Open Directory servers can be reached." //default: errorMessage = "No LDAP servers can be reached." } delegate?.NoMADAuthenticationFailed(error: NoMADSessionError.OffDomain, description: errorMessage) return } // Now for the LDAP Ping to find the correct site if ldaptype == .AD && lookupSite { findSite() // check for errors if state != .success { delegate?.NoMADAuthenticationFailed(error: NoMADSessionError.SiteError, description: "Unable to determine correct site.") return } } testHosts() if lookupSite { // write found server back to site manager siteManager.sites[domain] = hosts } if getUserInformation()==false { delegate?.NoMADAuthenticationFailed(error: NoMADSessionError.UnknownPrincipal, description: "Invalid user account") return } // return the userRecord unless we came back empty if userRecord != nil { delegate?.NoMADUserInformation(user: userRecord!) } } } @available(macOS, deprecated: 11) extension NoMADSession { // MARK: - testHosts with completion functionality // public func testHosts(completion: @escaping (Bool) -> Void) { // // let dispatchGroup = DispatchGroup() // // if state == .success { // for i in 0...( hosts.count - 1) { // dispatchGroup.enter() // if hosts[i].status != "dead" { // myLogger.logit(.info, message:"Trying host: " + hosts[i].host) // // // socket test first - this could be falsely negative // // also note that this needs to return stderr // // let cliTaskString = "/usr/bin/nc -G 5 -z " + hosts[i].host + " " + String(port) // cliTask(cliTaskString) { result in // self.handleSocketResult(result: result, index: i) { // dispatchGroup.leave() // } // } // } // } // } else { // myLogger.logit(.base, message: "status not success but \(state) \n") // completion(false) // } // dispatchGroup.notify(queue: DispatchQueue.global()) { // myLogger.logit(.base, message: "Notifying that testHost groups dispatchGroup has finished their tasks") // completion(self.assertDomainStatus(assertionHosts: self.hosts)) // } // } private func assertDomainStatus(assertionHosts: [NoMADLDAPServer]) -> Bool { guard (assertionHosts.count > 0) else { myLogger.logit(.base, message: "no hosts") return false } if assertionHosts.last!.status == "dead" { myLogger.logit(.base, message: "All DCs in are dead! You should really fix this.") state = .offDomain return false } else { myLogger.logit(.base, message: "on domain!") state = .success return true } } private func handleSocketResult(result: String, index: Int, completion: @escaping () -> Void) { if result.contains("succeeded!") { var attribute = "defaultNamingContext" // if socket test works, then attempt ldapsearch to get default naming context if ldaptype == .OD { attribute = "namingContexts" } // TODO: THINK ABOUT THIS //swapPrincipals(false) if anonymous { let anonymusCliTaskCommand = "/usr/bin/ldapsearch -N -LLL -x " + maxSSF + "-l 3 -s base -H " + URIPrefix + hosts[index].host + " " + String(port) + " " + attribute cliTask(anonymusCliTaskCommand) { result in self.handleSocketResultInternalCliTasks(result: result, index: index, attribute: attribute) completion() } } else { let nonanonymusCliTaskCommand = "/usr/bin/ldapsearch -N -LLL -Q " + maxSSF + "-l 3 -s base -H " + URIPrefix + hosts[index].host + " " + String(port) + " " + attribute cliTask(nonanonymusCliTaskCommand) { result in self.handleSocketResultInternalCliTasks(result: result, index: index, attribute: attribute) completion() } } return } else { myLogger.logit(.info, message:"Server is dead by way of socket test: " + hosts[index].host) hosts[index].status = "dead" hosts[index].timeStamp = Date() completion() } } private func handleSocketResultInternalCliTasks(result: String, index: Int, attribute: String) { // TODO: THINK ABOUT THIS //swapPrincipals(false) if result != "" && !result.contains("GSSAPI Error") && !result.contains("Can't contact") { let ldifResult = cleanLDIF(result) if ( ldifResult.count > 0 ) { defaultNamingContext = getAttributeForSingleRecordFromCleanedLDIF(attribute, ldif: ldifResult) hosts[index].status = "live" hosts[index].timeStamp = Date() myLogger.logit(.base, message:"Current LDAP Server is: " + hosts[index].host ) myLogger.logit(.base, message:"Current default naming context: " + defaultNamingContext ) current = index return } } // We didn't get an actual LDIF Result... so LDAP isn't working. myLogger.logit(.info, message:"Server is dead by way of ldap test: " + hosts[index].host) hosts[index].status = "dead" hosts[index].timeStamp = Date() } } ================================================ FILE: NomadLogin/DS+AD.swift ================================================ // // DS+AD.swift // NoMADLoginAD // // Created by Josh Wisenbaker on 9/20/18. // Copyright © 2018 Orchard & Grove. All rights reserved. // import OpenDirectory enum NoMADQueryErrors: Error { case noMigrationCandidates } // MARK: - NoMAD extensions for the DSQueryable Protocol. extension DSQueryable { /// Check to see if a given local user has the `kODAttributeOktaUser` set on their account. /// /// - Parameter shortName: The shortname of the user to check as a `String`. /// - Returns: `true` if the user has an Okta attribute. Otherwise `false`. /// - Throws: A `ODFrameworkErrors` or a `DSQueryableErrors` if there is an error. public func checkForNoMADUser(_ shortName: String) throws -> Bool { os_log("Checking for AD username", type: .default) do { let userRecord = try getLocalRecord(shortName) let names = try userRecord.values(forAttribute: kODAttributeADUser) if names.isEmpty { return false } return true } catch DSQueryableErrors.notLocalUser { return false } catch { throw error } } /// Search in DSLocal and find any potential migration users. /// /// - Parameter excludeList: An optional `Array` of `String` values to exclude from the candidate list. These are typically set in the `.MigrateUsersHide` preference key. /// - Returns: The shortnames of the users to offer for Okta migration in an `Array` of `String` values. /// - Throws: A `ODFrameworkErrors` or a `DSQueryableErrors` if there is an error. Throws `NoMADQueryErrors.noMigrationCandidates` if no results are found. public func findNoMADMigrationCandidates(excludeList: [String] = [String]()) throws -> [String] { do { os_log("Checking for NoMAD migration users.", type: .default) var candidates = [String]() os_log("Getting all user records.", type: .default) let records = try getAllNonSystemUsers() os_log("Filtering records", type: .default) let filtered = try records.filter({ (record) -> Bool in if excludeList.contains(record.recordName) { os_log("User is exluded", type: .default) return false } if try checkForNoMADUser(record.recordName) { os_log("User has a NoMAD Attribute", type: .default) return false } return true }) for record in filtered { candidates.append(record.recordName) } if candidates.isEmpty { throw NoMADQueryErrors.noMigrationCandidates } return candidates } catch { throw error } } } ================================================ FILE: NomadLogin/DSQueryable.swift ================================================ // // DSQueryable.swift // NoMADLogin-AD // // Created by Josh Wisenbaker on 8/20/18. // Copyright © 2018 Orchard & Grove. All rights reserved. // import OpenDirectory enum DSQueryableResults { case localUser } enum DSQueryableErrors: Error { case notLocalUser case multipleUsersFound } /// The `DSQueryable` protocol allows adopters to easily search and manipulate the DSLocal node of macOS. public protocol DSQueryable {} // MARK: - Implimentations for DSQuerable protocol public extension DSQueryable { /// `ODNode` to DSLocal for queries and account manipulation. var localNode: ODNode? { do { os_log("Finding the DSLocal node", type: .debug) return try ODNode.init(session: ODSession.default(), type: ODNodeType(kODNodeTypeLocalNodes)) } catch { os_log("ODError creating local node.", type: .error, error.localizedDescription) return nil } } /// Conviennce function to discover if a shortname has an existing local account. /// /// - Parameter shortName: The name of the user to search for as a `String`. /// - Returns: `true` if the user exists in DSLocal, `false` if not. /// - Throws: Either an `ODFrameworkErrors` or a `DSQueryableErrors` if there is an error or the user is not local. func isUserLocal(_ shortName: String) throws -> Bool { do { _ = try getLocalRecord(shortName) } catch DSQueryableErrors.notLocalUser { return false } catch { throw error } return true } /// Checks a local username and password to see if they are valid. /// /// - Parameters: /// - userName: The name of the user to search for as a `String`. /// - userPass: The password for the user being tested as a `String`. /// - Returns: `true` if the name and password combo are valid locally. `false` if the validation fails. /// - Throws: Either an `ODFrameworkErrors` or a `DSQueryableErrors` if there is an error. func isLocalPasswordValid(userName: String, userPass: String) throws -> Bool { do { let userRecord = try getLocalRecord(userName) try userRecord.verifyPassword(userPass) } catch { let castError = error as NSError switch castError.code { case Int(kODErrorCredentialsInvalid.rawValue): os_log("Tested password for user account: %{public}@ is not valid.", type: .default, userName) return false default: throw error } } return true } /// Searches DSLocal for an account short name and returns the `ODRecord` for the group if found. /// /// - Parameter name: The name of the group to search for as a `String`. /// - Returns: The `ODRecord` of the group if one is found in DSLocal. /// - Throws: Either an `ODFrameworkErrors` or a `DSQueryableErrors` if there is an error or the user is not local. func getLocalGroupRecord(_ name: String) throws -> ODRecord { do { os_log("Building OD query for name %{public}@", type: .default, name) let query = try ODQuery.init(node: localNode, forRecordTypes: kODRecordTypeGroups, attribute: kODAttributeTypeRecordName, matchType: ODMatchType(kODMatchEqualTo), queryValues: name, returnAttributes: kODAttributeTypeNativeOnly, maximumResults: 1) let records = try query.resultsAllowingPartial(false) as! [ODRecord] if records.count > 1 { os_log("More than one local group found for name.", type: .default) throw DSQueryableErrors.multipleUsersFound } guard let record = records.first else { os_log("No local group found.", type: .default) throw DSQueryableErrors.notLocalUser } // os_log("Found local user: %{public}@", record) return record } catch { os_log("ODError while trying to check for local user: %{public}@", type: .error, error.localizedDescription) throw error } } /// Searches DSLocal for an account short name and returns the `ODRecord` for the user if found. /// /// - Parameter shortName: The name of the user to search for as a `String`. /// - Returns: The `ODRecord` of the user if one is found in DSLocal. /// - Throws: Either an `ODFrameworkErrors` or a `DSQueryableErrors` if there is an error or the user is not local. func getLocalRecord(_ shortName: String) throws -> ODRecord { do { os_log("Building OD query for name %{public}@", type: .default, shortName) let query = try ODQuery.init(node: localNode, forRecordTypes: kODRecordTypeUsers, attribute: kODAttributeTypeRecordName, matchType: ODMatchType(kODMatchEqualTo), queryValues: shortName, returnAttributes: kODAttributeTypeNativeOnly, maximumResults: 0) let records = try query.resultsAllowingPartial(false) as! [ODRecord] if records.count > 1 { os_log("More than one local user found for name.", type: .default) throw DSQueryableErrors.multipleUsersFound } guard let record = records.first else { os_log("No local user found.", type: .default) throw DSQueryableErrors.notLocalUser } // os_log("Found local user: %{public}@", record) return record } catch { os_log("ODError while trying to check for local user: %{public}@", type: .error, error.localizedDescription) throw error } } /// Finds all local user records on the Mac. /// /// - Returns: A `Array` that contains the `ODRecord` for every account in DSLocal. /// - Throws: An error from `ODFrameworkErrors` if something fails. func getAllLocalUserRecords() throws -> [ODRecord] { do { let query = try ODQuery.init(node: localNode, forRecordTypes: kODRecordTypeUsers, attribute: kODAttributeTypeRecordName, matchType: ODMatchType(kODMatchEqualTo), queryValues: kODMatchAny, returnAttributes: kODAttributeTypeAllAttributes, maximumResults: 0) return try query.resultsAllowingPartial(false) as! [ODRecord] } catch { os_log("ODError while finding local users.", type: .error) throw error } } /// Finds OIDC User with specified iss and sub. /// /// - Returns: A `Array` that contains the `ODRecord` for account in DSLocal /// - Throws: An error from `ODFrameworkErrors` if something fails. func getUserRecord(sub:String, iss:String) throws -> ODRecord { do { os_log("getting non system users.", type: .info) let allRecords = try getAllNonSystemUsers() os_log("filtering", type: .info) let matchingRecords = allRecords.filter { (record) -> Bool in guard let issValue = try? record.values(forAttribute: "dsAttrTypeNative:_xcreds_oidc_iss") as? [String] else { return false } guard let subValue = try? record.values(forAttribute: "dsAttrTypeNative:_xcreds_oidc_sub") as? [String] else { return false } os_log("checking \(issValue) \(subValue)", type: .info) return issValue.first == iss && subValue.first == sub } guard let userRecord = matchingRecords.first else { os_log("no users match iss \(iss) and sub \(sub)", type: .info) throw DSQueryableErrors.notLocalUser } return userRecord } catch { os_log("ODError while finding local users.", type: .error) throw error } } func getUserRecord(kerberosPrincipalNameToFind:String) throws -> ODRecord { do { os_log("getting non system users.", type: .info) let allRecords = try getAllNonSystemUsers() os_log("filtering", type: .info) let matchingRecords = allRecords.filter { (record) -> Bool in guard let foundKerberosPrincipal = try? record.values(forAttribute: "dsAttrTypeNative:_xcreds_activedirectory_kerberosPrincipal") as? [String] else { return false } os_log("checking \(foundKerberosPrincipal)", type: .info) return foundKerberosPrincipal.first == kerberosPrincipalNameToFind } guard let userRecord = matchingRecords.first else { TCSLogWithMark("no users match \(kerberosPrincipalNameToFind)") throw DSQueryableErrors.notLocalUser } return userRecord } catch { os_log("ODError while finding local users.", type: .error) throw error } } /// Returns all the non-system users on a system above UID 500. /// /// - Returns: A `Array` that contains the `ODRecord` of all the non-system user accounts in DSLocal. /// - Throws: An error from `ODFrameworkErrors` if something fails. /// func getAllNonSystemUsers() throws -> [ODRecord] { do { let allRecords = try getAllLocalUserRecords() let nonSystem = try allRecords.filter { (record) -> Bool in guard let uid = try record.values(forAttribute: kODAttributeTypeUniqueID) as? [String] else { return false } return Int(uid.first ?? "") ?? 0 > 500 && record.recordName.first != "_" } return nonSystem } catch { os_log("ODError while finding local users.", type: .error) throw error } } func userWithUID(uid:String) throws -> [ODRecord] { do { let query = try ODQuery.init(node: localNode, forRecordTypes: kODRecordTypeUsers, attribute: kODAttributeTypeUniqueID, matchType: ODMatchType(kODMatchEqualTo), queryValues: uid, returnAttributes: kODAttributeTypeAllAttributes, maximumResults: 0) return try query.resultsAllowingPartial(false) as! [ODRecord] } catch { os_log("ODError while user with \(uid).", type: .error) throw error } } func isAdmin(_ user:ODRecord) -> Bool { let adminGroup = try? getLocalGroupRecord("admin") do{ if let adminGroup = adminGroup { try adminGroup.isMemberRecord(user) return true } } catch { } return false } func makeAdmin(_ user:ODRecord) -> Bool { do { os_log("Find the administrators group", type: .debug) let query = try ODQuery.init(node: localNode, forRecordTypes: kODRecordTypeGroups, attribute: kODAttributeTypeRecordName, matchType: ODMatchType(kODMatchEqualTo), queryValues: "admin", returnAttributes: kODAttributeTypeNativeOnly, maximumResults: 1) let results = try query.resultsAllowingPartial(false) as! [ODRecord] let adminGroup = results.first os_log("Adding user to administrators group", type: .debug) try adminGroup?.addMemberRecord(user) try? user.setValue("1", forAttribute: "dsAttrTypeNative:_xcreds_promoted_to_admin") } catch { let errorText = error.localizedDescription os_log("Unable to add user to administrators group: %{public}@", type: .error, errorText) return false } return true } func removeAdmin(_ user:ODRecord) -> Bool { do { if try getAllAdminUsers().count<2 { TCSLogError("Will not remove last admin!!") return false } } catch { TCSLogErrorWithMark("Error when getting all admin users") return false } if isAdmin(user)==false { //user is not an admin already return true } do { os_log("Find the administrators group", type: .debug) let query = try ODQuery.init(node: localNode, forRecordTypes: kODRecordTypeGroups, attribute: kODAttributeTypeRecordName, matchType: ODMatchType(kODMatchEqualTo), queryValues: "admin", returnAttributes: kODAttributeTypeNativeOnly, maximumResults: 1) let results = try query.resultsAllowingPartial(false) as! [ODRecord] let adminGroup = results.first os_log("Remove user to administrators group", type: .debug) try adminGroup?.removeMemberRecord(user) } catch { let errorText = error.localizedDescription os_log("Unable to add user to administrators group: %{public}@", type: .error, errorText) return false } return true } func getAllStandardUsers() throws -> [ODRecord] { let allRecords = try getAllNonSystemUsers() let nonSystem = allRecords.filter { (record) -> Bool in let adminGroup = try? getLocalGroupRecord("admin") do{ if let adminGroup = adminGroup { try adminGroup.isMemberRecord(record) return false } } catch { } return true } return nonSystem } func getAllAdminUsers() throws -> [ODRecord] { let allRecords = try getAllNonSystemUsers() let nonSystemAdminUsers = try allRecords.filter { (record) -> Bool in let adminGroup = try? getLocalGroupRecord("admin") do{ if let adminGroup = adminGroup { try adminGroup.isMemberRecord(record) return true } } catch { TCSLog("error when looking for admin group membership") throw error } return true } return nonSystemAdminUsers } // OD utils func checkUIDandHome(name: String) -> (uid_t?, String?) { os_log("Checking for local username", log: noLoMechlog, type: .debug) var records = [ODRecord]() let odsession = ODSession.default() do { let node = try ODNode.init(session: odsession, type: ODNodeType(kODNodeTypeLocalNodes)) let query = try ODQuery.init(node: node, forRecordTypes: kODRecordTypeUsers, attribute: kODAttributeTypeRecordName, matchType: ODMatchType(kODMatchEqualTo), queryValues: name, returnAttributes: kODAttributeTypeNativeOnly, maximumResults: 0) records = try query.resultsAllowingPartial(false) as! [ODRecord] } catch { _ = error.localizedDescription // os_log("ODError while trying to check for local user: %{public}@", log: noLoMechlog, type: .error, errorText) return (nil, nil) } if records.count > 1 { TCSLogErrorWithMark("More than one record. ") } do { let home = try records.first?.values(forAttribute: kODAttributeTypeNFSHomeDirectory) as? [String] ?? nil let uid = try records.first?.values(forAttribute: kODAttributeTypeUniqueID) as? [String] ?? nil let uidt = uid_t.init(Double.init((uid?.first) ?? "0")! ) return ( uidt, home?.first ?? nil) } catch { TCSLogErrorWithMark("Unable to get home.") return (nil, nil) } } } ================================================ FILE: NomadLogin/LocalCheckAndMigrate.swift ================================================ // // LocalCheckAndMigrate.swift // JamfConnectLogin // // Created by Joel Rennich on 2/19/19. // Copyright © 2019 Jamf Inc. All rights reserved. // import Foundation import OpenDirectory enum MigrationType { case errorSkipMigration(String) // unable to complete migration case fullMigration // perform full migration case skipMigration // no need to migrate case syncPassword // local password needs to be synced with local // case mappedUserFound(ODRecord) case userMatchSkipMigration case complete // all good } // class to handle local checks and migration class LocalCheckAndMigrate : NSObject, DSQueryable { var mech: MechanismRecord? var delegate: XCredsMechanismProtocol? private var user = "" private var pass = "" public var migrationUsers: [String]? var isInUserSpace = false func migrationTypeRequired(userToCheck: String, passToCheck: String, kerberosPrincipalName:String?) -> MigrationType { TCSLogWithMark() user = userToCheck pass = passToCheck var user = userToCheck //if we are in userspace, use the console user. If there not and there is a mapped user acccount with a kerb pricipal name in the DS record, use that. Otherwise, just keep on with the user passed in. if isInUserSpace == true { let consoleUser = getConsoleUser() user=consoleUser } else { if let kerberosPrincipalName = kerberosPrincipalName, let foundRecord = try? getUserRecord(kerberosPrincipalNameToFind: kerberosPrincipalName) { user = foundRecord.recordName } } let shouldPromptToMigrate = DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldPromptForMigration.rawValue) // check local user pass to see if user exists do { if try isLocalPasswordValid(userName: user, userPass: passToCheck) { TCSLogWithMark("Network creds match local creds, nothing to migrate or update.") return .userMatchSkipMigration } else { TCSLogWithMark("Local name matches, but not password") if DefaultsOverride.standardOverride.string(forKey: PrefKeys.localAdminUserName.rawValue) != nil && DefaultsOverride.standardOverride.string(forKey: PrefKeys.localAdminPassword.rawValue) != nil && getManagedPreference(key: .PasswordOverwriteSilent) as? Bool ?? false && isInUserSpace == false { TCSLogWithMark("Set to write keychain silently and we have admin. Skipping.") TCSLogWithMark("Setting password to be overwritten.") delegate?.setHint(type: .passwordOverwrite, hint: true as NSSecureCoding) TCSLogWithMark("Hint set") return .complete } else { TCSLogWithMark("setting to sync password") return .syncPassword } } } catch DSQueryableErrors.notLocalUser { TCSLogWithMark("User is not a local user") if shouldPromptToMigrate == false { return .complete } TCSLogWithMark("prompting to migrate set. checking for local accounts as candidates") // getMigrationCandidates() let standardUsers = try? getAllLocalUserRecords() guard let standardUsers = standardUsers, standardUsers.count>0 else { return .skipMigration } return .fullMigration } catch { TCSLogWithMark("Unknown migration check error. skipping migration:\(error.localizedDescription)") return .errorSkipMigration(error.localizedDescription) } } fileprivate func getMigrationCandidates() { do { if let hiddenMigrationUsers = getManagedPreference(key: .MigrateUsersHide) as? [String] { migrationUsers = try findNoMADMigrationCandidates(excludeList: hiddenMigrationUsers) } else { //os_log("No users are hidden from migration.", log: uiLog, type: .default) migrationUsers = try findNoMADMigrationCandidates() } } catch NoMADQueryErrors.noMigrationCandidates { //os_log("No local users to possibly migrate.", log: uiLog, type: .default) } catch { _ = error.localizedDescription //os_log("Error while determining migration candidate users: %{public}@", log: uiLog, type: .error, errorText) } } func syncPass(oldPass: String) -> Bool { var userRecord: ODRecord? do { userRecord = try getLocalRecord(user) try userRecord?.changePassword(oldPass, toPassword: pass) } catch { if userRecord == nil { //os_log("Unable to obtain local user record.", log: uiLog, type: .default) } else { //os_log("Unable to change local user password.", log: uiLog, type: .default) } return false } //os_log("Local password changed.", log: uiLog, type: .default) delegate?.setHint(type: .existingLocalUserPassword, hint: oldPass as NSSecureCoding) return true } } ================================================ FILE: NomadLogin/SystemInfoHelper.swift ================================================ // // SystemInfoHelper.swift // NoMADLoginAD // // Created by Joel Rennich on 3/31/20. // Copyright © 2020 Orchard & Grove. All rights reserved. // import Foundation import NetworkExtension import IOKit.ps @available(macOS, deprecated: 11) class SystemInfoHelper { enum BatteryError: Error { case error } func appVersion() -> String? { let bundle = Bundle.findBundleWithName(name: "XCreds") if let bundle = bundle { let infoPlist = bundle.infoDictionary if let infoPlist = infoPlist, let verString = infoPlist["CFBundleShortVersionString"], let buildString = infoPlist["CFBundleVersion"] { return "XCreds \(verString) (\(buildString))" } } return nil } func info() -> [String] { var info = [String]() if let versionInfo = appVersion(){ info.append(versionInfo) } info.append(" ⌘ macOS \(ProcessInfo.processInfo.operatingSystemVersionString)") let serial = getSerial() if serial.isEmpty==false { info.append("#️⃣ Serial: \(serial)") } // info.append("MAC: \(getMAC())") info.append("💻 Computer Name: \(Host.current().localizedName!)") info.append("👤 Hostname: \(ProcessInfo.processInfo.hostName)") if let ssid = NetworkManager().getCurrentSSID(){ info.append("🛜 SSID: \(ssid)") } if StateFileHelper().fileExists(.fileVaultLogin)==true{ TCSLogWithMark( "adding FileVault AutoLogin Enabled") info.append("🔑 FileVault AutoLogin Enabled") } else { TCSLogWithMark( "Not showing FileVault AutoLogin Enabled") } let ipAddresses = getIFAddresses() if ipAddresses.count > 0 { info.append("🌐 IP Address: \(ipAddresses.joined(separator: ","))") } if let systemInfoAdditionsArray = DefaultsOverride.standardOverride.array(forKey: PrefKeys.systemInfoAdditionsArray.rawValue) as? Array , systemInfoAdditionsArray.count>0 { for line in systemInfoAdditionsArray { info.append(line) } } return info } func batteryLevel() -> (isCharging:Bool, percent:Int)? { var batteryLevelInt:Int = 0 var isChargingBool:Bool = false do { guard let powerSourceInfo = IOPSCopyPowerSourcesInfo()?.takeRetainedValue() else { throw BatteryError.error } guard let sources: NSArray = IOPSCopyPowerSourcesList(powerSourceInfo)?.takeRetainedValue() else { throw BatteryError.error } if sources.count == 0 { return nil } guard let info: NSDictionary = IOPSGetPowerSourceDescription(powerSourceInfo, sources[0] as CFTypeRef)?.takeUnretainedValue() else { return nil } if let _ = info[kIOPSNameKey] as? String, let state = info[kIOPSIsChargingKey] as? Bool, let capacity = info[kIOPSCurrentCapacityKey] as? Int, let _ = info[kIOPSMaxCapacityKey] as? Int { isChargingBool = state batteryLevelInt=capacity } else { return nil } } catch { print("Unable to get mac battery percent.") return nil } return (isChargingBool, batteryLevelInt) } func ipAddress() -> String? { let ipAddresses = getIFAddresses() if ipAddresses.count>0{ return ipAddresses.joined(separator: ",") } return nil } private func getIFAddresses() -> [String] { var addresses = [String]() // Get list of all interfaces on the local machine: var ifaddr : UnsafeMutablePointer? guard getifaddrs(&ifaddr) == 0 else { return [] } guard let firstAddr = ifaddr else { return [] } // For each interface ... for ptr in sequence(first: firstAddr, next: { $0.pointee.ifa_next }) { let flags = Int32(ptr.pointee.ifa_flags) let addr = ptr.pointee.ifa_addr.pointee // Check for running IPv4, IPv6 interfaces. Skip the loopback interface. if (flags & (IFF_UP|IFF_RUNNING|IFF_LOOPBACK)) == (IFF_UP|IFF_RUNNING) { if addr.sa_family == UInt8(AF_INET) || addr.sa_family == UInt8(AF_INET6) { // Convert interface address to a human readable string: var hostname = [CChar](repeating: 0, count: Int(NI_MAXHOST)) if (getnameinfo(ptr.pointee.ifa_addr, socklen_t(addr.sa_len), &hostname, socklen_t(hostname.count), nil, socklen_t(0), NI_NUMERICHOST) == 0) { let address = String(cString: hostname) if !address.contains(":"){ addresses.append(address) } } } } } freeifaddrs(ifaddr) return addresses } } ================================================ FILE: Profile Manifest/README.md ================================================ ================================================ FILE: Profile Manifest/build.py ================================================ #!/usr/bin/env python3 # Copyright 2021-2024 Elliot Jordan # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. """Given a path to a folder containing profile manifests, this script aims to produce equivalent Jamf JSON schema manifests.""" __author__ = "Elliot Jordan" __version__ = "1.1.0" import argparse import json import os import plistlib import shutil import sys import xml def build_argument_parser(): """Build and return the argument parser.""" parser = argparse.ArgumentParser( description=__doc__, formatter_class=argparse.RawDescriptionHelpFormatter ) parser.add_argument("--version", action="version", version=__version__) parser.add_argument( "input_dir", action="store", help="path to a directory containing profile manifests to be converted", ) parser.add_argument( "-o", "--output-dir", default=os.path.dirname(__file__) + "/manifests", action="store", help="path to output directory of converted Jamf JSON schema manifest files", ) parser.add_argument( "-v", "--verbose", action="count", default=0, help="output verbosity level (may be specified multiple times)", ) parser.add_argument( "--overwrite", action="store_true", help="overwrite output_dir if it already exists", ) parser.add_argument( "--exclude", action="append", help="manifest domains to skip during conversion (may be " "specified multiple times)", ) parser.add_argument( "--property-order-increment", action="store", default="5", help="if set to a positive integer, the order of properties will be preserved during " "conversion and the property_order value will be incremented by this number. If set to " "0, the property_order key will be omitted from the resulting manifest files", ) return parser def validate_args(args): """Do sanity checking and validation on provided input arguments.""" if not os.path.isdir(os.path.expanduser(args.input_dir)): sys.exit("Input path provided is not a directory: %s" % args.input_dir) if os.path.exists(os.path.expanduser(args.output_dir)): if args.overwrite: print("WARNING: Will overwrite output dir: %s" % args.output_dir) else: sys.exit( "Output path already exists: %s\nUse --overwrite to replace contents " "of output path with converted files." % args.output_dir ) try: int(args.property_order_increment) except TypeError: sys.exit("Property order increment must be a positive integer or 0.") return args def read_manifest_plist(path): """Given a path to a profile manifest plist, return the contents of the plist.""" with open(path, "rb") as openfile: try: return plistlib.load(openfile) except xml.parsers.expat.ExpatError: print("Error reading %s" % path) def process_subkeys(subkeys): """Given a list of subkeys, return equivalent JSON schema manifest properties.""" # Skip keys that describe the payload instead of the setting meta_keys = ( "PayloadDescription", "PayloadDisplayName", "PayloadIdentifier", "PayloadType", "PayloadUUID", "PayloadVersion", "PayloadOrganization", ) # Replacements for plist types with equivalent JSON schema types replacements = ( ("dictionary", "object"), ("real", "number"), ("float", "number"), # Omitting "date" since this is handled by json.dumps(default=str) later ) properties = {} for idx, subkey in enumerate(subkeys): # Get subkey name name = "" try: if subkey.get("pfm_name", "") != "": name = subkey["pfm_name"] except AttributeError: print("WARNING: Syntax error. Skipping.") return # Skip specific names if name in meta_keys: continue if name.lower().startswith("pfc_"): continue if name.lower().startswith("pfmx_"): continue # Skip specific types ignored_types = ("data",) if subkey.get("pfm_type") in ignored_types: continue # Type is the only required property # TODO: Is failing back to dictionary too broad an assumption? properties[name] = {"type": subkey.get("pfm_type", "object")} # Replace with JSON schema types for repl in replacements: if properties[name]["type"] == repl[0]: properties[name]["type"] = repl[1] # If type is array, create a dict to store its items if properties[name]["type"] == "array": properties[name]["items"] = {} # Get subkey title, description, and other attributes if subkey.get("pfm_title") not in (None, ""): properties[name]["title"] = subkey["pfm_title"] if subkey.get("pfm_default") not in (None, ""): properties[name]["default"] = subkey["pfm_default"] if subkey.get("pfm_description") not in (None, ""): properties[name]["description"] = subkey["pfm_description"] if subkey.get("pfm_format") not in (None, ""): properties[name]["pattern"] = subkey["pfm_format"] if subkey.get("pfm_documentation_url") not in (None, ""): properties[name]["links"] = [ {"rel": "More information", "href": subkey["pfm_documentation_url"]} ] if subkey.get("pfm_value_placeholder") not in (None, ""): # TODO: Support placeholders. pass # Convert pre-defined lists of values if "pfm_range_list" in subkey: properties[name]["enum"] = subkey["pfm_range_list"] if "pfm_range_list_titles" in subkey: properties[name]["options"] = { "enum_titles": subkey["pfm_range_list_titles"] } # Recurse into sub-sub-keys if "pfm_subkeys" in subkey and not isinstance(subkey["pfm_subkeys"], list): print("WARNING: Not a list: %s" % subkey["pfm_subkeys"]) if isinstance(subkey.get("pfm_subkeys"), list): subprop = process_subkeys(subkey["pfm_subkeys"]) if "items" in properties[name]: # If the parent type was array, we're only expecting a single dict # here, since an array should only contain a single object type. # TODO: Validate this assumption. Some warnings seen in the wild. subprop_keys = list(subprop.keys()) if len(subprop_keys) > 1: print( "WARNING: Array type should only have one subproperty " "key. Skipping all but the first: %s" % subprop_keys ) elif len(subprop_keys) == 0: print("WARNING: No subproperty keys found in %s key." % name) continue array_props = subprop[subprop_keys[0]] properties[name]["items"] = array_props else: properties[name]["properties"] = subprop return properties def convert_to_jamf_manifest(data, property_order_increment=5): """Convert a profile manifest plist object to a Jamf JSON schema manifest. Reference: https://docs.jamf.com/technical-papers/jamf-pro/json-schema/10.19.0/Understanding_the_Structure_of_a_JSON_Schema_Manifest.html """ # Create schema object try: schema = { "title": "{} ({})".format(data["pfm_title"], data["pfm_domain"]), "description": data["pfm_description"], "properties": process_subkeys(data["pfm_subkeys"]), } except KeyError: print("ERROR: Manifest is missing a title, domain, or description.") return # Lock property order if property_order_increment > 0: order = property_order_increment for property in schema["properties"]: schema["properties"][property]["property_order"] = order order += property_order_increment return schema def write_to_file(path, data): """Given a path to a file and JSON data, write the file.""" path_head, path_tail = os.path.split(path) # Create output subfolder if it doesn't exist if not os.path.isdir(path_head): os.makedirs(path_head) # Write file with open(os.path.join(path_head, path_tail), "w", encoding="utf-8") as openfile: openfile.write( json.dumps( data, ensure_ascii=False, indent=4, sort_keys=False, default=str, ) ) def update_readme(count): """Updates README.md file with latest manifest count.""" with open("README.md", encoding="utf-8") as f: readme = f.readlines() for idx, line in enumerate(readme): if line.startswith("![Manifest Count]("): readme[idx] = ( "![Manifest Count](https://img.shields.io/badge/manifests-%d-blue)\n" % count ) break with open("README.md", "w", encoding="utf-8") as f: f.write("".join(readme)) print("Updated README.md") def main(): """Main process.""" # Parse command line arguments. argparser = build_argument_parser() args = validate_args(argparser.parse_args()) # Expand to full paths input_dir = os.path.expanduser(args.input_dir) output_dir = os.path.expanduser(args.output_dir) # Optionally delete and recreate output path if args.overwrite: shutil.rmtree(output_dir) if not os.path.isdir(output_dir): os.makedirs(output_dir) # Iterate through manifests in the input path count = {"done": 0, "skipped": 0} for root, dirs, files in os.walk(input_dir): for name in files: if name.endswith(".plist"): relpath = os.path.relpath(os.path.join(root, name), start=input_dir) # Output filename if in verbose mode if args.verbose > 0: print("Processing %s" % relpath) # Load manifest pfm_data = read_manifest_plist(os.path.join(root, name)) if not pfm_data: count["skipped"] += 1 continue # Convert to Jamf manifest manifest = convert_to_jamf_manifest( pfm_data, int(args.property_order_increment) ) if not manifest: count["skipped"] += 1 continue # Write manifest file output_path = os.path.join( output_dir, relpath.replace(".plist", ".json") ) write_to_file(output_path, manifest) count["done"] += 1 print("Converted %d files. Skipped %d files." % (count["done"], count["skipped"])) update_readme(count["done"]) if __name__ == "__main__": main() ================================================ FILE: Profile Manifest/com.twocanoes.xcreds.plist ================================================ pfm_app_url https://github.com/twocanoes/xcreds pfm_description XCreds 5.8 (9059) OAuth Settings pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_domain com.twocanoes.xcreds pfm_format_version 1 pfm_last_modified 2026-01-08T21:30:08Z pfm_platforms macOS pfm_subkeys pfm_default Configures XCreds configuration preferences pfm_description The human-readable description of this payload. This description appears on the Detail screen. pfm_description_reference Optional. A human-readable description of this payload. This description is shown on the Detail screen. pfm_name PayloadDescription pfm_title Payload Description pfm_type string pfm_default XCreds pfm_description The human-readable name for the profile payload. The name appears on the Detail screen and doesn't need to be unique. pfm_description_reference A human-readable name for the profile payload. This name is displayed on the Detail screen. It does not have to be unique. pfm_name PayloadDisplayName pfm_require always pfm_title Payload Display Name pfm_type string pfm_default com.twocanoes.xcreds pfm_description The reverse-DNS-style identifier for the payload. This identifier is usually the same as the TopLevel value, with an additional appended component. This string must be unique within the profile. During a profile replacement, the system updates payloads with the same 'PayloadIdentifier' and 'PayloadUUID' in the old and new profiles. pfm_description_reference A reverse-DNS-style identifier for the specific payload. It is usually the same identifier as the root-level PayloadIdentifier value with an additional component appended. pfm_name PayloadIdentifier pfm_require always pfm_title Payload Identifier pfm_type string pfm_default com.twocanoes.xcreds pfm_description The payload type, which each payload domain's reference page specifies. pfm_description_reference The payload type. pfm_name PayloadType pfm_require always pfm_title Payload Type pfm_type string pfm_description The globally unique identifier for the payload. The actual content is unimportant, but must be globally unique. In macOS, use 'uuidgen' to generate UUIDs. During a profile replacement, the system updates payloads with the same 'PayloadIdentifier' and 'PayloadUUID' in the old and new profiles. pfm_description_reference A globally unique identifier for the payload. The actual content is unimportant, but it must be globally unique. In macOS, you can use uuidgen to generate reasonable UUIDs. pfm_format ^[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}$ pfm_name PayloadUUID pfm_require always pfm_title Payload UUID pfm_type string pfm_default 1 pfm_description The version of this specific payload. pfm_description_reference The version number of the individual payload. A profile can consist of payloads with different version numbers. For example, changes to the VPN software in iOS might introduce a new payload version to support additional features, but Mail payload versions would not necessarily change in the same release. pfm_name PayloadVersion pfm_require always pfm_title Payload Version pfm_type integer pfm_description The human-readable string containing the name of the organization that provides the profile. This value doesn't need to match the organization payload value in the enclosing dictionary. pfm_name PayloadOrganization pfm_title Payload Organization pfm_type string pfm_description The desired AD domain pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name ADDomain pfm_title ADDomain pfm_type string pfm_description The OIDC claim that has the kerberos principal name. This is used when logging in with OIDC and ADDomain is defined. During login, the claim that contains the kerberos principal name will be read and the local account will set dsAttrTypeNative:_xcreds_activedirectory_kerberosPrincipal to the kerberos principal name. The menu item will then use this value and the password to get a kerberos ticket. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name mapKerberosPrincipalName pfm_title Map Kerberos Principal Name pfm_type string pfm_app_min 5.3 pfm_default pfm_description If the user principal has a domain name and the OpenID token does not match the ADDomain name, replace it with the ADDomain name. For example: bob@sub.example.com -> bob@example.com if ADDomain was example.com. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldUpdateKerberosUserPrincipalADDomain pfm_title Should Update Kerberos User Principal ADDomain pfm_type boolean pfm_description The OIDC client id public identifier for the app. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name clientID pfm_title Client ID pfm_type string pfm_description Client Secret sometimes required by identity provider. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name clientSecret pfm_title Client Secret pfm_type string pfm_default pfm_description When set to true and the user account is created, the user will be a local admin. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name CreateAdminUser pfm_title Create User as Admin pfm_type boolean pfm_app_min 5.5 pfm_default pfm_description When set to true and a new user home is created, the .skipbuddy file will be created at the top of the home folder to skip user setup screens. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name skipUserSetupBuddy pfm_title Skip User Setup Buddy pfm_type boolean pfm_app_min 4.0 pfm_default upn pfm_description The claim that contains the value to check for in the allowedUsersArray. Both must be defined. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name allowUsersClaim pfm_title Allow Users Claim pfm_type string pfm_app_min 4.0 pfm_description List of users that are allowed to log in. An empty array or undefined array means any user can log in as long their cloud credentials are valid. The preference allowUsersClaim must be defined to a claim in the idToken that identifies the users. For example, if the allowUsersClaim is set to upn and the allowedUsersArray is set to an array that contains fred@twocanoes.com and the upn of a logging in user is fred@twocanoes.com, they would be allowed to log in. barney@twocanoes.com would not. pfm_name allowedUsersArray pfm_subkeys pfm_name user pfm_type string pfm_title Allowed Users pfm_type array pfm_app_min 5.0 pfm_description (OIDC Only) List of groups whose members should be allowed to login. If the user is a member of any of these groups they can login regardless (including creating new local account) if authorization succeeds. If a local account exists but the user is no longer part of a group the login will be denied. pfm_name allowLoginIfMemberOfGroup pfm_subkeys pfm_name group pfm_type string pfm_title Allow Login If Member Of Group pfm_type array pfm_description List of groups that should have members be given local administrator status. Local administrator status can be given on first authentication when account created, or on later sign in of existing user when a group member. Administrator status is removed if group membership later revoked. Administrator status is not removed if user is the only XCreds admin user. Set as an Array of Strings of the group identifier. pfm_name CreateAdminIfGroupMember pfm_subkeys pfm_name group pfm_type string pfm_title Create Admin If Group Member pfm_type array pfm_app_min 4.0 pfm_description List of claims that should be added to the user local account. Will be prefixed with _xcreds_oidc_. Set as an Array of Strings of the claim. pfm_name claimsToAddToLocalUserAccount pfm_subkeys pfm_name claim pfm_type string pfm_title Claims To Add To Local User Account pfm_type array pfm_app_min 5.1 pfm_description Items to be added to the System Info Popover at login. Can be made dynamic by using the override script override to provide this setting pfm_name systemInfoAdditionsArray pfm_subkeys pfm_name item pfm_type string pfm_title System Info Additions pfm_type array pfm_default pfm_description When set to true and the user locks the current session, XCreds will tell the system to switch to Login Window. The current session will stay active but the user will login with the XCreds Login Window to resume the session. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldSwitchToLoginWindowWhenLocked pfm_title Should Switch To Login Window When Locked pfm_type boolean pfm_app_min 5.0 pfm_default pfm_description If the user attempts to login as an AD user and the login fails against AD, try against local user account if off domain or AD user not found. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name LocalFallback pfm_title LocalFallback pfm_type boolean pfm_app_min 5.1 pfm_default pfm_description Show the system info popover as active when first starting pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldActivateSystemInfoButton pfm_title Should Activate System Info Button pfm_type boolean pfm_default https://login.microsoftonline.com/common/.well-known/openid-configuration pfm_description The discovery URL provided by your OIDC / Cloud provider. For Google it is typically https://accounts.google.com/.well-known/openid-configuration and for Azure it is typically https://login.microsoftonline.com/common/.well-known/openid-configuration. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name discoveryURL pfm_title Discovery URL pfm_type string pfm_default pfm_description Enabled FDE enabled at first login on APFS disks. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name EnableFDE pfm_title Enable Full Disk Encryption (FDE) pfm_type boolean pfm_default pfm_description Save the Personal Recovery Key (PRK) to disk for the MDM Escrow Service to collect. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name EnableFDERecoveryKey pfm_title Save PRK pfm_type boolean pfm_description Specify a custom path for the recovery key. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name EnableFDERecoveryKeyPath pfm_title FDE Recovery Key Path pfm_type string pfm_default pfm_description Rotate the Personal Recovery Key (PRK). pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name EnableFDERekey pfm_title Enable FDE Rekey pfm_type boolean pfm_description Login Window webview width (Integer). If this is not defined, it will be full width. Minimum value of 150. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name loginWindowWidth pfm_range_min 150 pfm_title Login Window Width pfm_type integer pfm_description Login Window webview height (Integer). If this is not defined, it will be full height. Minimum value of 150. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name loginWindowHeight pfm_range_min 150 pfm_title Login Window Height pfm_type integer pfm_app_min 4.0 pfm_default Please Wait.... pfm_description When no network connection or a profile is not defined, this title is shown in an HTML view to the user when cloud login is configured. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name loadPageTitle pfm_title LoadPage Title pfm_type string pfm_app_min 4.0 pfm_default (or try connecting to network or check preferences) pfm_description When no network connection or a profile is not defined, this text is shown in an HTML view to the user when cloud login is configured. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name loadPageInfo pfm_title LoadPage Info pfm_type string pfm_app_min 5.4 pfm_default pfm_description Hide the login window logo. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldHideLoginWindowLogo pfm_title should Hide Login Window Logo pfm_type boolean pfm_app_min 5.3 pfm_description URL to an image to show icon in the username / password login window pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_format (https?://|file:///).* pfm_name loginWindowLogoPath pfm_title Login Window Logo Path pfm_type string pfm_default file:///System/Library/CoreServices/DefaultDesktop.heic pfm_description URL to an image to show in the background while logging in. Default value: file:///System/Library/Desktop Pictures/Monterey Graphic.heic. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_format (https?://|file:///).* pfm_name loginWindowBackgroundImageURL pfm_title Login Window Background Image URL pfm_type string pfm_app_min 5.3 pfm_default 1 pfm_description Alpha value of loginWindowBackgroundImage. Default value: 1 pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name loginWindowBackgroundImageAlpha pfm_range_max 1 pfm_range_min 0 pfm_title Login Window Background Image Alpha pfm_type real pfm_app_min 5.3 pfm_default file:///System/Library/CoreServices/DefaultDesktop.heic pfm_description URL to an image to show in the background on secondary display while logging in. Default value: file:///System/Library/Desktop Pictures/Monterey Graphic.heic. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_format (https?://|file:///).* pfm_name loginWindowSecondaryMonitorsBackgroundImageURL pfm_title Login Window Secondary Monitors Background Image URL pfm_type string pfm_app_min 5.0 pfm_description Base64 data of icon. Should be 48 x 48. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name menuItemIconData pfm_title Menu Item Icon Data pfm_type data pfm_app_min 5.0 pfm_description Base64 data of icon with checkmark. Should be 48 x 48. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name menuItemIconCheckedData pfm_title Menu Item Icon Checked Data pfm_type data pfm_description URL to an image to show in the background of the window that appears when logged in and prompting for Active Directory username and password. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_format (https?://|file:///).* pfm_name menuItemWindowBackgroundImageURL pfm_title Menu Item Window BackgroundImageURL pfm_type string pfm_app_min 5.3 pfm_default 1 pfm_description Alpha value of menuItemWindowBackgroundImageURL. Default value: 1 pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name menuItemWindowBackgroundImageAlpha pfm_range_max 1 pfm_range_min 0 pfm_title Menu Item Background Image Alpha pfm_type real pfm_default pfm_description Set the background image to Fill Screen rather than Fit to Screen pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldLoginWindowBackgroundImageFillScreen pfm_title Login Window Background Image Fill Screen pfm_type boolean pfm_app_min 5.3 pfm_default pfm_description Set the secondary monitor(s) background image to Fill Screen rather than Fit to Screen pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldLoginWindowSecondaryMonitorsBackgroundImageFillScreen pfm_title Login Window Secondary Monitors Background Image Fill Screen pfm_type boolean pfm_app_min 5.3 pfm_default 1 pfm_description Alpha value of loginWindowSecondaryMonitorsBackground. Default value: 1 pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name loginWindowSecondaryMonitorsBackgroundAlpha pfm_range_max 1 pfm_range_min 0 pfm_title Login Window Secondary Monitors Background Image Alpha pfm_type real pfm_app_min 5.3 pfm_default pfm_description When XCreds is installed, a launch agent is installed to automatically keep the menu item running when a user is logged in. Setting shouldRemoveMenuItemAutoLaunch to true makes XCreds at the login window remove the launchagent plist that was installed. This will cause the launchagent to not launch XCreds menu item on log in. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldRemoveMenuItemAutoLaunch pfm_title Should Remove Menu Item Auto Launch pfm_type boolean pfm_app_min 5.4 pfm_default pfm_description When changing password via menu item, use the native UI to change password in Active Directory. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldUseADNativePasswordChangeMenuItem pfm_title Should Use AD Native Password Change Menu Item pfm_type boolean pfm_description Add a menu item for changing the password that will open this URL when the menu item is selected. If shouldUseADNativePasswordChangeMenuItem is set to true, this value is not used. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_format https?://.* pfm_name passwordChangeURL pfm_title Password Change URL for Menu pfm_type string pfm_default xcreds://auth/ pfm_description The URI passed back to the webview after successful authentication. Default value: xcreds://auth/ pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name redirectURI pfm_title Redirect URI pfm_type string pfm_default pfm_description Determine if the Mac login window or the cloud login window is shown by default. When not set or set to true, show cloud login. If false, shows Mac login. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldShowCloudLoginByDefault pfm_title Show Cloud Login By Default pfm_type boolean pfm_default 3 pfm_description The number of hours between checks. Default value: 3. Minimum value: 0. Max value: 168. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name refreshRateHours pfm_range_max 168 pfm_range_min 0 pfm_title Password Change Check Rate Hours pfm_type integer pfm_value_unit hours pfm_default 0 pfm_description The number of minutes between checks. Default value: 0. Minimum value: 0. Max value: 59. This value is added to refreshRateHours. If refreshRateHours is 0, minimum for refreshRateMinutes becomes 5. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name refreshRateMinutes pfm_range_max 59 pfm_range_min 0 pfm_title Password Change Check Rate Minutes pfm_type integer pfm_value_unit minutes pfm_default profile openid offline_access pfm_description Scopes tell the identify provider what information to return. Note that the values are provided with a single space between them. Provide the following values the follow IdPs: Google: profile openid email Azure: profile openid offline_access Note that Google does not support the offline_access scope so instead use the preference shouldSetGoogleAccessTypeToOffline. Azure provides unique_name which is mapped to the local user account by using the prefix before "@" in unique_name and matching to the short name of a user account. Google provides "email" and is matched in the same way. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name scopes pfm_note All scopes should be lowercase and separated by single spaces pfm_title Scopes pfm_type string pfm_default pfm_description When using Google IdP, a refresh token may need be requested in a non-standard way. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldSetGoogleAccessTypeToOffline pfm_title Request Google Refresh Token pfm_type boolean pfm_default pfm_description Populate HD parameter for OIDC username with Google pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldSetGoogleHDParam pfm_title Should Set Google HD Param pfm_type boolean pfm_default pfm_description If the domain controller returns back that the password is expired or needs to be changed, prompt the user. If this is set to false, login will fail and an error message will be shown. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldPromptForADPasswordChange pfm_title Should Prompt For AD Password Change pfm_type boolean pfm_default pfm_description Determine if the Sign In menu item is shown in the XCreds menu. When not set or set to true, show Sign In. If false, the Sign In menu item is hidden. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldShowSignInMenuItem pfm_title Show Sign In Menu Item pfm_type boolean pfm_app_min 5.2 pfm_default pfm_description Do not prompt for local password. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldSuppressLocalPasswordPrompt pfm_title Should Suppress Local Password Prompt pfm_type boolean pfm_default pfm_description Favor using XCreds' local login screen over the cloud login UI. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldPreferLocalLoginInsteadOfCloudLogin pfm_title Prefer Local Login over Cloud Login pfm_type boolean pfm_app_deprecated 4.0 pfm_app_max 3.2.1 pfm_default pfm_description (Deprecated in v4.0) When verifying password in the menu app, use ROPG. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldVerifyPasswordWithRopg pfm_title Use ROPG when testing password pfm_type boolean pfm_app_min 5.3 pfm_default pfm_description When using ROPG, do basic HTTP auth. Default: false pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldUseBasicAuthWithROPG pfm_title Should Use Basic Auth With ROPG pfm_type boolean pfm_app_deprecated 4.0 pfm_app_max 3.2.1 pfm_description (Removed in v4.0) ROPG Client ID for use when checking password. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name ropgClientID pfm_title ROPG Client ID pfm_type string pfm_app_deprecated 4.0 pfm_app_max 3.2.1 pfm_description (Removed in v4.0) ROPG Client Secret for use when checking password. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name ropgClientSecret pfm_title ROPG Client Secret pfm_type string pfm_default pfm_description When verifying password in the login window, use ROPG. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldUseROPGForLoginWindowLogin pfm_title Use ROPG when logging in at login window pfm_type boolean pfm_app_min 4.0 pfm_default pfm_description When verifying password in the menu app, use ROPG. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldUseROPGForMenuLogin pfm_title Use ROPG for menu login pfm_type boolean pfm_app_min 4.0 pfm_default pfm_description When verifying local password matches cloud password in the background, use ROPG. If set to false, the refresh token will be used to verify password change. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldUseROPGForPasswordChangeChecking pfm_title Should Use ROPG For Password Change Checking pfm_type boolean pfm_app_min 5.8 pfm_default pfm_description When verifying local password matches cloud password in the background, use Google LDAP. If set to false, the refresh token will be used to verify password change. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldUseLDAPForPasswordChangeChecking pfm_title Should Use LDAP For Password Change Checking pfm_type boolean pfm_description Resource URL when using ROPG. Typically needed only for Azure. Common value is https://graph.microsoft.com pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name resource pfm_title ROPG Resource pfm_type string pfm_app_min 5.1 pfm_default interaction_required pfm_description When a ROPG request is completed successfully to verify password, it may return an error that two factor is required. Add the string that is returned for the JSON response. For Azure, it is typically interaction_required. For Okta, the response is usually {"error":"invalid_grant","error_description":"Resource owner password credentials authentication denied by sign on policy."} Can be a string or an array of strings. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name ropgResponseValue pfm_title ROPG Response Value pfm_type string pfm_app_min 4.0 pfm_description Don't show the UI if this key is defined and a file or folder exists at this path. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name hideIfPathExists pfm_title Hide If Path Exists pfm_type string pfm_app_min 4.0 pfm_description Name of OIDC claim that contains an alias to add to a user account. Usually this is the "upn" (eg syd@twocanoes.com) so the user can log in at the standard login window the same as the IdP login window. Adds the value to record name of the user account as an alias. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name aliasName pfm_title Alias Name pfm_type string pfm_default 0 pfm_description Timer for automatically refreshing login screen in seconds. If set to 0, does not automatically refresh. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name autoRefreshLoginTimer pfm_title Automatically Refresh Login Window (seconds) pfm_type integer pfm_default Cloud Login pfm_description Text for return to cloud login on Mac login screen pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name cloudLoginText pfm_title Cloud Login Text pfm_type string pfm_default pfm_description Show the About Menu item menu. Default value: true pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldShowAboutMenu pfm_title Show About Menu pfm_type boolean pfm_default pfm_description Skip FileVault login during startup if FileVault is enabled. The current username and password are used to tell fdesetup to silently use the credentials during next reboot to unlock FileVault. Passthrough is also disabled and the user will see the XCreds Login Window. To avoid the user being prompted for admin credentials, set the "Login And Background Item Management" management item (com.apple.servicemanagement) to allow teamid UXP6YEHSPW to have background tasks. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldSkipFileVaultLogin pfm_title Skip FileVault Login pfm_type boolean pfm_default pfm_description Skip FileVault authentication at startup if FileVault is enabled. The admin credentials will be used to tell fdesetup to silently use the credentials during next reboot to unlock FileVault. Passthrough is also disabled and the user will see the XCreds Login Window. To avoid the user being prompted for admin credentials, set the "Login And Background Item Management" management item (com.apple.servicemanagement) to allow teamid UXP6YEHSPW to have background tasks. Default value: false pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldSkipFileVaultLoginAdmin pfm_title Skip FileVault Login as Admin pfm_type boolean pfm_app_min 5.0 pfm_default pfm_description If the discovery URL is defined and there are no tokens or tickets, the sign in window in the user session will show even if the user did not log in from the XCreds Login Window pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldShowMenuBarSignInWithoutLoginWindowSignin pfm_title Should Show Menu Bar Sign In Without Login Window Sign In pfm_type boolean pfm_app_min 5.0 pfm_default Log in to verify your cloud credentials. After verification, your local user account password will be set to your cloud password. pfm_description Text at top of window shown in user session when prompting for password. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name refreshBannerText pfm_title Refresh Banner Text pfm_type string pfm_default pfm_description Show text at the top of the prompt window when tokens expire. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldShowRefreshBanner pfm_title Show Refresh Banner pfm_type boolean pfm_default pfm_description Show Configure WiFi button in XCreds Login. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldShowConfigureWifiButton pfm_title Show Configure WiFi pfm_type boolean pfm_app_min 5.0 pfm_default pfm_description Show Shutdown button in XCreds Login. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldShowShutdownButton pfm_title Show Shutdown Button pfm_type boolean pfm_app_min 5.0 pfm_default pfm_description Show Restart button in XCreds Login. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldShowRestartButton pfm_title Show Restart Button pfm_type boolean pfm_app_min 5.0 pfm_default pfm_description Show Configure System Info in XCreds Login. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldShowSystemInfoButton pfm_title Show System Info Button pfm_type boolean pfm_default pfm_description Show Settings on start if none are defined. Default value: false pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldShowPreferencesOnStart pfm_title Show Preferences on Startup pfm_type boolean pfm_app_min 4.0 pfm_default pfm_description Prompt for local account username and password if no account was mapped and there are standard users already on the system. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldPromptForMigration pfm_title Should Prompt for Migration pfm_type boolean pfm_app_min 4.0 pfm_default pfm_description Allow key combo (control-option return) to switch logon window. Use command-option-control-return for Mac Login Window. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldAllowKeyComboForMacLoginWindow pfm_title Should Allow Key Combo For Mac Login Window pfm_type boolean pfm_app_min 5.0 pfm_description key code for shouldAllowKeyComboForMacLoginWindow. If not defined, it is return or enter. If this is defined, this key is used with control-option to switch to login window and command-option-control and this key is used to switch to Mac Login Window. Uses CGKeyCode (for example, enter is 76 and return is 36) pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name keyCodeForLoginWindowChange pfm_title Key Code For Login Window Change pfm_type integer pfm_default pfm_description Show the Mac Login Window button in XCreds Login. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldShowMacLoginButton pfm_title Show Mac Login Window button pfm_type boolean pfm_default pfm_description Show the local only checkbox on the local login page pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldShowLocalOnlyCheckbox pfm_title Show Local Only Checkbox pfm_type boolean pfm_description Placeholder text in local / AD login window for username pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name usernamePlaceholder pfm_title Username Placeholder Text pfm_type string pfm_description Placeholder text in local / AD login window for password pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name passwordPlaceholder pfm_title Password Placeholder Text pfm_type string pfm_default pfm_description Show message in XCreds Login reminding people to buy support. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldShowSupportStatus pfm_title Show Support Status Message pfm_type boolean pfm_default pfm_description Show Quit in the menu item menu. Default value: true pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldShowQuitMenu pfm_title Show Quit Menu Item pfm_type boolean pfm_app_deprecated 5.4 pfm_app_max 5.3 pfm_default pfm_description (Removed in v5.4 and replaced by shouldActivateSystemInfoButton) Show the version number and build number in the lower left corner of XCreds Login. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldShowVersionInfo pfm_title Show Version and Build Number pfm_type boolean pfm_default pfm_description Show push notifications for authentication progress. Default value: false pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name showDebug pfm_title Show Debug Message pfm_type boolean pfm_description When a user uses cloud login, XCreds will try and figure out the local username based on the email or other data returned for the IdP. Use this value to force the local username for any cloud login. Provide only the shortname. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name username pfm_title Local Username pfm_type string pfm_app_deprecated 5.4 pfm_app_max 5.3 pfm_default pfm_description When a local user password does not match the cloud or AD password, this key will allow the user to select a Reset button to set their password to match their AD/cloud password, move their current keychain aside and create a new keychain. If XCreds does not have access to local admin credentials set from the XCreds command line tools, the user will prompted to enter local admin credentials. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name KeychainReset pfm_title Keychain Reset pfm_type boolean pfm_default pfm_description Update the local user password silently to match the cloud / AD password. Requires access to admin credentials. See command line help to set admin username and password. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name PasswordOverwriteSilent pfm_title Overwrite Password Silently pfm_type boolean pfm_app_min 5.0 pfm_default pfm_description Hide AD Expiration even if defined in AD Account pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name HideExpiration pfm_title Hide Expiration pfm_type boolean pfm_description Username of local admin user. DO NOT SET THIS IN PREFERENCES. It is recommended to set this with the settingsOverrideScriptPath script. This user is used to reset the keychain if the user forgets their local password and to setup a secure token for newly created users. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name localAdminUserName pfm_title Local Admin User Name pfm_type string pfm_description Password of local admin user. DO NOT SET THIS IN PREFERENCES. It is recommended to set this with the settingsOverrideScriptPath script. This user is used to reset the keychain if the user forgets their local password and to setup a secure token for newly created users. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name localAdminPassword pfm_title Local Admin Password pfm_type string pfm_app_min 5.3 pfm_default Unlock Account pfm_description Title of dialog prompting user to enter in their prior local password when account is locked. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name accountLockedPasswordDialogTitle pfm_title Account Locked Password Dialog Title pfm_type string pfm_app_min 5.3 pfm_default The user account is locked. You can wait for the account to unlock or reset the password by clicking the Reset button below. pfm_description Text of dialog prompting user to enter in their prior local password when account is locked. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name accountLockedPasswordDialogText pfm_title Account Locked Password Dialog Text pfm_type string pfm_app_min 5.0 pfm_default Please enter your local login password to sync your cloud password and login. pfm_description Title of dialog prompting user to enter in their prior local password. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name resetPasswordDialogTitle pfm_title Reset Password Dialog Title pfm_type string pfm_app_min 5.0 pfm_default System Info pfm_description The title of the button for system info in the bottom right corner of the login screen. This can either be plain text or one of these special values: .os, .hostname, .ipaddress, .serial, .mac, .computername, .ssid. Using the special value will populate the associated information as the button title. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name systemInfoButtonTitle pfm_title System Info Button Title pfm_type string pfm_default pfm_description When cloud password is changed and the local keychain password and local user account needs to be changed, a verification dialog can be shown to verify the password. Default value: true pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name verifyPassword pfm_title Verify Cloud Password pfm_type boolean pfm_default pfm_description Check if network is up. If not, select username and password login window. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldDetectNetworkToDetermineLoginWindow pfm_title Should Detect Network To Determine Login Window pfm_type boolean pfm_description Hostname of the page that has the password field. When the user submits the form, XCreds will use idpHostName to identify a page it needs to look for the password field. The password value is identified by an HTML id defined by passwordElementID. If this value is not defined. XCreds will look for login.microsoftonline.com and accounts.google.com. This value is commonly set for other IdP’s and for Azure environments that use ADFS. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name idpHostName pfm_title IDP Host Name pfm_type string pfm_description array of hostnames of the page that has the password field. pfm_name idpHostNames pfm_subkeys pfm_name idpHostName pfm_type string pfm_title IDP Host Names pfm_type array pfm_app_min 5.2 pfm_description array of additional AD domains to accept pfm_name AdditionalADDomains pfm_subkeys pfm_name Domain pfm_type string pfm_title Additional AD Domains pfm_type array pfm_app_min 5.2 pfm_description Name of slot for CCID reader for reading RFID cards pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name ccidSlotName pfm_title CCID Slot Name pfm_type string pfm_app_min 5.2 pfm_default pfm_description If an unknown RFID card is tapped, show option to pair with local account. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shouldAllowLoginCardSetup pfm_title Should Allow Login Card Setup pfm_type boolean pfm_app_min 5.0 pfm_description array of AD user attributes to add to local directory user account pfm_name adUserAttributesToAddToLocalUserAccount pfm_subkeys pfm_name userAttribute pfm_type string pfm_title AD User Attributes To Add To Local User Account pfm_type array pfm_description Password element id of the html element that has the password. It is read by using JavaScript to get the value (for example, for Azure, the JavaScript document.getElementById('i0118').value is sent. If this default is not set, standard values for Azure and Google Cloud will be used. To find out this value, use a browser to inspect the source of the page that has the password on it. Find the id of the textfield that has the password. Fill in the password and then open the JavaScript console. Run: document.getElementById('passwordID').value changing "passwordID" to the correct element ID. If the value you typed into the textfield is returned, this is the correct ID. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name passwordElementID pfm_title Password Element ID pfm_type string pfm_default given_name pfm_description Local DS to OIDC/AD Mapping for First Name. Default value: "given_name" (OIDC), "givenName" (AD). map_firstname should be set to an OIDC claim/AD Attribute for first name. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name map_firstname pfm_note Map firstName to OIDC claim/AD Attribute pfm_title First Name OIDC Mapping/AD Attribute pfm_type string pfm_default family_name pfm_description Local DS to OIDC/AD Mapping for Last Name. Default value: "family_name" (OIDC), "sn" (AD). map_lastname should be set to an OIDC claim for last name. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name map_lastname pfm_note Map lastName to OIDC claim/AD Attribute pfm_title Last Name OIDC Mapping pfm_type string pfm_default name pfm_description Local DS to OIDC/AD Attribute Mapping for Full Name. Default value: "name"(OIDC), "displayName" (AD). map_fullname should be set to an OIDC claim/AD Attribute for full name. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name map_fullname pfm_note Map fullName to OIDC claim/AD Attribute pfm_title Full Name OIDC Mapping/AD Attribute pfm_type string pfm_default name pfm_description Local DS to OIDC Mapping/AD Attribute for Name. Default value: "name" (OIDC), "userPrincipalName" (AD). map_username should be set to an OIDC claim/AD Attribute for name. The macOS username will be set as the portion of this value before an @ symbol if present. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name map_username pfm_note Map Username to OIDC claim/AD Attribute pfm_title Username OIDC Mapping/AD Attribute pfm_type string pfm_app_min 5.0 pfm_default name pfm_description Local DS to OIDC Mapping for Full Username (for example, freddy@twocanoes.com) Default value: "unique_name". map_username should be set to an OIDC claim for full username. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name map_fullusername pfm_note Map Full Username (user@domain) to OIDC claim/AD Attribute pfm_title Full Username OIDC Mapping/AD Attribute pfm_type string pfm_app_min 5.0 pfm_description Local DS to OIDC Mapping/AD Attribute for UID at initial user creation. If not set, the uid will be set to the next available. If the mapped UID is used, login will fail. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name map_uid pfm_note Map UID to OIDC claim/AD Attribute pfm_title Map UID pfm_type string pfm_app_min 5.5 pfm_default 20 pfm_description Primary Group ID when creating a new user. Default value 20. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name primaryGroupID pfm_title Primary Group ID pfm_type string pfm_app_min 5.0 pfm_default pwd_exp pfm_description Password expiry mapping to claim. If this value is set to an OIDC claim, the value in that claim should be the number of seconds from the token issued time (iat) to the expiry date. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name map_password_expiry pfm_note Map OIDC claim to Password Expiry Seconds pfm_title Map OIDC claim to Password Expiry in Seconds pfm_type string pfm_default name pfm_description Script to override defaults. Must return valid property list with specified defaults. Script must exist at path, be owned by _securityagent and writable and executable only by _securityagent. pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name settingsOverrideScriptPath pfm_title Override Script Path pfm_type string pfm_app_min 5.2 pfm_description In some Active Directory environments, users do not use username@domain to login; they use a UPN suffix to make the username easier to use. This setting maps the UPN suffix to the correct AD domain name. For example, if you have an AD domain of foo.com but want users to sign in as user@bar.com, a UPN suffix of foo.com is created in AD and the user account is set to user@foo.com. This setting then would map foo.com to bar.com by setting the key upn to foo.com and the domain key to bar.com. pfm_name upnSuffixToDomainMappings pfm_subkeys pfm_hidden container pfm_subkeys pfm_description UPN pfm_name upn pfm_title UPN pfm_type string pfm_description domain pfm_name domain pfm_title domain pfm_type string pfm_type dictionary pfm_title UPN Suffix To Domain Mappings pfm_type array pfm_description Menu Items pfm_description_reference Optional Array of Additional Menu Items pfm_name menuItems pfm_subkeys pfm_description Menu Item Name pfm_name menuItemName pfm_require always pfm_subkeys pfm_description Menu Item pfm_name menuItemName pfm_require always pfm_title Menu Item Name pfm_type string pfm_value_placeholder Menu Item Name pfm_description Link or App Path pfm_name linkOrAppPath pfm_require always pfm_title Web page URL or local path to app pfm_type string pfm_value_placeholder /System/Applications/Utilities/Keychain Access.app or http://twocanoes.com/info pfm_default pfm_description Separator line before menu item pfm_description_reference Add a line before menu item pfm_name separatorBefore pfm_title Separator Before pfm_type boolean pfm_default pfm_description Separator line after menu item pfm_description_reference Add a line after menu item pfm_name separatorAfter pfm_title Separator After pfm_type boolean pfm_title Optional Menu Items pfm_type dictionary pfm_title Menu Items pfm_type array pfm_description Add menu item and mount/automount shares pfm_name Shares pfm_subkeys pfm_subkeys pfm_description Name of share to show in menu pfm_name Name pfm_title Name pfm_type string pfm_description URL for share (eg smb://server.example.com/share) pfm_name URL pfm_title URL pfm_type string pfm_description pfm_name Groups pfm_title Groups pfm_type array pfm_description Allow mounting only if network connection is detected pfm_name ConnectedOnly pfm_title ConnectedOnly pfm_type boolean pfm_description Automatically mount when XCreds starts pfm_name AutoMount pfm_title AutoMount pfm_type boolean pfm_type dictionary pfm_title Shares pfm_type array pfm_default pfm_description Show and mount home directory from AD profile if defined. pfm_name HomeMountEnabled pfm_title Home Mount Enabled pfm_type boolean pfm_default pfm_description Append the domain name to the share defined in the profile. pfm_name HomeAppendDomain pfm_title Home Append Domain pfm_type boolean pfm_description Name for Shares menu item. Default: "Shares". pfm_documentation_url https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences pfm_name shareMenuItemName pfm_title Share Menu Item Name pfm_type string pfm_targets system user pfm_title XCreds pfm_unique pfm_version 15 ================================================ FILE: Profile Manifest/jamf/com.twocanoes.xcreds.json ================================================ { "title": "XCreds (com.twocanoes.xcreds)", "description": "XCreds 5.8 (9059) OAuth Settings", "properties": { "ADDomain": { "type": "string", "title": "ADDomain", "description": "The desired AD domain", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 5 }, "mapKerberosPrincipalName": { "type": "string", "title": "Map Kerberos Principal Name", "description": "The OIDC claim that has the kerberos principal name. This is used when logging in with OIDC and ADDomain is defined. During login, the claim that contains the kerberos principal name will be read and the local account will set dsAttrTypeNative:_xcreds_activedirectory_kerberosPrincipal to the kerberos principal name. The menu item will then use this value and the password to get a kerberos ticket.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 10 }, "shouldUpdateKerberosUserPrincipalADDomain": { "type": "boolean", "title": "Should Update Kerberos User Principal ADDomain", "default": false, "description": "If the user principal has a domain name and the OpenID token does not match the ADDomain name, replace it with the ADDomain name. For example: bob@sub.example.com -> bob@example.com if ADDomain was example.com.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 15 }, "clientID": { "type": "string", "title": "Client ID", "description": "The OIDC client id public identifier for the app.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 20 }, "clientSecret": { "type": "string", "title": "Client Secret", "description": "Client Secret sometimes required by identity provider.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 25 }, "CreateAdminUser": { "type": "boolean", "title": "Create User as Admin", "default": false, "description": "When set to true and the user account is created, the user will be a local admin.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 30 }, "skipUserSetupBuddy": { "type": "boolean", "title": "Skip User Setup Buddy", "default": false, "description": "When set to true and a new user home is created, the .skipbuddy file will be created at the top of the home folder to skip user setup screens.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 35 }, "allowUsersClaim": { "type": "string", "title": "Allow Users Claim", "default": "upn", "description": "The claim that contains the value to check for in the allowedUsersArray. Both must be defined.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 40 }, "allowedUsersArray": { "type": "array", "items": { "type": "string" }, "title": "Allowed Users", "description": "List of users that are allowed to log in. An empty array or undefined array means any user can log in as long their cloud credentials are valid. The preference allowUsersClaim must be defined to a claim in the idToken that identifies the users. For example, if the allowUsersClaim is set to upn and the allowedUsersArray is set to an array that contains fred@twocanoes.com and the upn of a logging in user is fred@twocanoes.com, they would be allowed to log in. barney@twocanoes.com would not.", "property_order": 45 }, "allowLoginIfMemberOfGroup": { "type": "array", "items": { "type": "string" }, "title": "Allow Login If Member Of Group", "description": "(OIDC Only) List of groups whose members should be allowed to login. If the user is a member of any of these groups they can login regardless (including creating new local account) if authorization succeeds. If a local account exists but the user is no longer part of a group the login will be denied.", "property_order": 50 }, "CreateAdminIfGroupMember": { "type": "array", "items": { "type": "string" }, "title": "Create Admin If Group Member", "description": "List of groups that should have members be given local administrator status. Local administrator status can be given on first authentication when account created, or on later sign in of existing user when a group member. Administrator status is removed if group membership later revoked. Administrator status is not removed if user is the only XCreds admin user. Set as an Array of Strings of the group identifier.", "property_order": 55 }, "claimsToAddToLocalUserAccount": { "type": "array", "items": { "type": "string" }, "title": "Claims To Add To Local User Account", "description": "List of claims that should be added to the user local account. Will be prefixed with _xcreds_oidc_. Set as an Array of Strings of the claim.", "property_order": 60 }, "systemInfoAdditionsArray": { "type": "array", "items": { "type": "string" }, "title": "System Info Additions", "description": "Items to be added to the System Info Popover at login. Can be made dynamic by using the override script override to provide this setting", "property_order": 65 }, "shouldSwitchToLoginWindowWhenLocked": { "type": "boolean", "title": "Should Switch To Login Window When Locked", "default": false, "description": "When set to true and the user locks the current session, XCreds will tell the system to switch to Login Window. The current session will stay active but the user will login with the XCreds Login Window to resume the session.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 70 }, "LocalFallback": { "type": "boolean", "title": "LocalFallback", "default": false, "description": "If the user attempts to login as an AD user and the login fails against AD, try against local user account if off domain or AD user not found.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 75 }, "shouldActivateSystemInfoButton": { "type": "boolean", "title": "Should Activate System Info Button", "default": true, "description": "Show the system info popover as active when first starting", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 80 }, "discoveryURL": { "type": "string", "title": "Discovery URL", "default": "https://login.microsoftonline.com/common/.well-known/openid-configuration", "description": "The discovery URL provided by your OIDC / Cloud provider. For Google it is typically https://accounts.google.com/.well-known/openid-configuration and for Azure it is typically https://login.microsoftonline.com/common/.well-known/openid-configuration.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 85 }, "EnableFDE": { "type": "boolean", "title": "Enable Full Disk Encryption (FDE)", "default": false, "description": "Enabled FDE enabled at first login on APFS disks.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 90 }, "EnableFDERecoveryKey": { "type": "boolean", "title": "Save PRK", "default": false, "description": "Save the Personal Recovery Key (PRK) to disk for the MDM Escrow Service to collect.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 95 }, "EnableFDERecoveryKeyPath": { "type": "string", "title": "FDE Recovery Key Path", "description": "Specify a custom path for the recovery key.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 100 }, "EnableFDERekey": { "type": "boolean", "title": "Enable FDE Rekey", "default": false, "description": "Rotate the Personal Recovery Key (PRK).", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 105 }, "loginWindowWidth": { "type": "integer", "title": "Login Window Width", "description": "Login Window webview width (Integer). If this is not defined, it will be full width. Minimum value of 150.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 110 }, "loginWindowHeight": { "type": "integer", "title": "Login Window Height", "description": "Login Window webview height (Integer). If this is not defined, it will be full height. Minimum value of 150.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 115 }, "loadPageTitle": { "type": "string", "title": "LoadPage Title", "default": "Please Wait....", "description": "When no network connection or a profile is not defined, this title is shown in an HTML view to the user when cloud login is configured.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 120 }, "loadPageInfo": { "type": "string", "title": "LoadPage Info", "default": "(or try connecting to network or check preferences)", "description": "When no network connection or a profile is not defined, this text is shown in an HTML view to the user when cloud login is configured.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 125 }, "shouldHideLoginWindowLogo": { "type": "boolean", "title": "should Hide Login Window Logo", "default": false, "description": "Hide the login window logo.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 130 }, "loginWindowLogoPath": { "type": "string", "title": "Login Window Logo Path", "description": "URL to an image to show icon in the username / password login window", "pattern": "(https?://|file:///).*", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 135 }, "loginWindowBackgroundImageURL": { "type": "string", "title": "Login Window Background Image URL", "default": "file:///System/Library/CoreServices/DefaultDesktop.heic", "description": "URL to an image to show in the background while logging in. Default value: file:///System/Library/Desktop Pictures/Monterey Graphic.heic.", "pattern": "(https?://|file:///).*", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 140 }, "loginWindowBackgroundImageAlpha": { "type": "number", "title": "Login Window Background Image Alpha", "default": 1.0, "description": "Alpha value of loginWindowBackgroundImage. Default value: 1", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 145 }, "loginWindowSecondaryMonitorsBackgroundImageURL": { "type": "string", "title": "Login Window Secondary Monitors Background Image URL", "default": "file:///System/Library/CoreServices/DefaultDesktop.heic", "description": "URL to an image to show in the background on secondary display while logging in. Default value: file:///System/Library/Desktop Pictures/Monterey Graphic.heic.", "pattern": "(https?://|file:///).*", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 150 }, "menuItemWindowBackgroundImageURL": { "type": "string", "title": "Menu Item Window BackgroundImageURL", "description": "URL to an image to show in the background of the window that appears when logged in and prompting for Active Directory username and password.", "pattern": "(https?://|file:///).*", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 155 }, "menuItemWindowBackgroundImageAlpha": { "type": "number", "title": "Menu Item Background Image Alpha", "default": 1.0, "description": "Alpha value of menuItemWindowBackgroundImageURL. Default value: 1", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 160 }, "shouldLoginWindowBackgroundImageFillScreen": { "type": "boolean", "title": "Login Window Background Image Fill Screen", "default": true, "description": "Set the background image to Fill Screen rather than Fit to Screen", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 165 }, "shouldLoginWindowSecondaryMonitorsBackgroundImageFillScreen": { "type": "boolean", "title": "Login Window Secondary Monitors Background Image Fill Screen", "default": true, "description": "Set the secondary monitor(s) background image to Fill Screen rather than Fit to Screen", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 170 }, "loginWindowSecondaryMonitorsBackgroundAlpha": { "type": "number", "title": "Login Window Secondary Monitors Background Image Alpha", "default": 1.0, "description": "Alpha value of loginWindowSecondaryMonitorsBackground. Default value: 1", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 175 }, "shouldRemoveMenuItemAutoLaunch": { "type": "boolean", "title": "Should Remove Menu Item Auto Launch", "default": false, "description": "When XCreds is installed, a launch agent is installed to automatically keep the menu item running when a user is logged in. Setting shouldRemoveMenuItemAutoLaunch to true makes XCreds at the login window remove the launchagent plist that was installed. This will cause the launchagent to not launch XCreds menu item on log in.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 180 }, "shouldUseADNativePasswordChangeMenuItem": { "type": "boolean", "title": "Should Use AD Native Password Change Menu Item", "default": false, "description": "When changing password via menu item, use the native UI to change password in Active Directory.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 185 }, "passwordChangeURL": { "type": "string", "title": "Password Change URL for Menu", "description": "Add a menu item for changing the password that will open this URL when the menu item is selected. If shouldUseADNativePasswordChangeMenuItem is set to true, this value is not used.", "pattern": "https?://.*", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 190 }, "redirectURI": { "type": "string", "title": "Redirect URI", "default": "xcreds://auth/", "description": "The URI passed back to the webview after successful authentication. Default value: xcreds://auth/", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 195 }, "shouldShowCloudLoginByDefault": { "type": "boolean", "title": "Show Cloud Login By Default", "default": true, "description": "Determine if the Mac login window or the cloud login window is shown by default. When not set or set to true, show cloud login. If false, shows Mac login.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 200 }, "refreshRateHours": { "type": "integer", "title": "Password Change Check Rate Hours", "default": 3, "description": "The number of hours between checks. Default value: 3. Minimum value: 0. Max value: 168.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 205 }, "refreshRateMinutes": { "type": "integer", "title": "Password Change Check Rate Minutes", "default": 0, "description": "The number of minutes between checks. Default value: 0. Minimum value: 0. Max value: 59. This value is added to refreshRateHours. If refreshRateHours is 0, minimum for refreshRateMinutes becomes 5.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 210 }, "scopes": { "type": "string", "title": "Scopes", "default": "profile openid offline_access", "description": "Scopes tell the identify provider what information to return. Note that the values are provided with a single space between them.\n\nProvide the following values the follow IdPs:\n\nGoogle: profile openid email\nAzure: profile openid offline_access\n\nNote that Google does not support the offline_access scope so instead use the preference shouldSetGoogleAccessTypeToOffline. Azure provides unique_name which is mapped to the local user account by using the prefix before \"@\" in unique_name and matching to the short name of a user account. Google provides \"email\" and is matched in the same way.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 215 }, "shouldSetGoogleAccessTypeToOffline": { "type": "boolean", "title": "Request Google Refresh Token", "default": false, "description": "When using Google IdP, a refresh token may need be requested in a non-standard way.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 220 }, "shouldPromptForADPasswordChange": { "type": "boolean", "title": "Should Prompt For AD Password Change", "default": true, "description": "If the domain controller returns back that the password is expired or needs to be changed, prompt the user. If this is set to false, login will fail and an error message will be shown.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 225 }, "shouldShowSignInMenuItem": { "type": "boolean", "title": "Show Sign In Menu Item", "default": true, "description": "Determine if the Sign In menu item is shown in the XCreds menu. When not set or set to true, show Sign In. If false, the Sign In menu item is hidden.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 230 }, "shouldSuppressLocalPasswordPrompt": { "type": "boolean", "title": "Should Suppress Local Password Prompt", "default": false, "description": "Do not prompt for local password.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 235 }, "shouldPreferLocalLoginInsteadOfCloudLogin": { "type": "boolean", "title": "Prefer Local Login over Cloud Login", "default": false, "description": "Favor using XCreds' local login screen over the cloud login UI.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 240 }, "shouldVerifyPasswordWithRopg": { "type": "boolean", "title": "Use ROPG when testing password", "default": false, "description": "(Deprecated in v4.0) When verifying password in the menu app, use ROPG.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 245 }, "shouldUseBasicAuthWithROPG": { "type": "boolean", "title": "Should Use Basic Auth With ROPG", "default": false, "description": "When using ROPG, do basic HTTP auth. Default: false", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 250 }, "ropgClientID": { "type": "string", "title": "ROPG Client ID", "description": "(Removed in v4.0) ROPG Client ID for use when checking password.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 255 }, "ropgClientSecret": { "type": "string", "title": "ROPG Client Secret", "description": "(Removed in v4.0) ROPG Client Secret for use when checking password.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 260 }, "shouldUseROPGForLoginWindowLogin": { "type": "boolean", "title": "Use ROPG when logging in at login window", "default": false, "description": "When verifying password in the login window, use ROPG.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 265 }, "shouldUseROPGForMenuLogin": { "type": "boolean", "title": "Use ROPG for menu login", "default": false, "description": "When verifying password in the menu app, use ROPG.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 270 }, "shouldUseROPGForPasswordChangeChecking": { "type": "boolean", "title": "Should Use ROPG For Password Change Checking", "default": false, "description": "When verifying local password matches cloud password in the background, use ROPG. If set to false, the refresh token will be used to verify password change.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 275 }, "shouldUseLDAPForPasswordChangeChecking": { "type": "boolean", "title": "Should Use LDAP For Password Change Checking", "default": false, "description": "When verifying local password matches cloud password in the background, use Google LDAP. If set to false, the refresh token will be used to verify password change.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 280 }, "resource": { "type": "string", "title": "ROPG Resource", "description": "Resource URL when using ROPG. Typically needed only for Azure. Common value is https://graph.microsoft.com", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 285 }, "ropgResponseValue": { "type": "string", "title": "ROPG Response Value", "default": "interaction_required", "description": "When a ROPG request is completed successfully to verify password, it may return an error that two factor is required. Add the string that is returned for the JSON response. For Azure, it is typically interaction_required. For Okta, the response is usually {\"error\":\"invalid_grant\",\"error_description\":\"Resource owner password credentials authentication denied by sign on policy.\"} Can be a string or an array of strings.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 290 }, "hideIfPathExists": { "type": "string", "title": "Hide If Path Exists", "description": "Don't show the UI if this key is defined and a file or folder exists at this path.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 295 }, "aliasName": { "type": "string", "title": "Alias Name", "description": "Name of OIDC claim that contains an alias to add to a user account. Usually this is the \"upn\" (eg syd@twocanoes.com) so the user can log in at the standard login window the same as the IdP login window. Adds the value to record name of the user account as an alias.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 300 }, "autoRefreshLoginTimer": { "type": "integer", "title": "Automatically Refresh Login Window (seconds)", "default": 0, "description": "Timer for automatically refreshing login screen in seconds. If set to 0, does not automatically refresh.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 305 }, "cloudLoginText": { "type": "string", "title": "Cloud Login Text", "default": "Cloud Login", "description": "Text for return to cloud login on Mac login screen", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 310 }, "shouldShowAboutMenu": { "type": "boolean", "title": "Show About Menu", "default": true, "description": "Show the About Menu item menu. Default value: true", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 315 }, "shouldSkipFileVaultLogin": { "type": "boolean", "title": "Skip FileVault Login", "default": false, "description": "Skip FileVault login during startup if FileVault is enabled. The current username and password are used to tell fdesetup to silently use the credentials during next reboot to unlock FileVault. Passthrough is also disabled and the user will see the XCreds Login Window. To avoid the user being prompted for admin credentials, set the \"Login And Background Item Management\" management item (com.apple.servicemanagement) to allow teamid UXP6YEHSPW to have background tasks.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 320 }, "shouldSkipFileVaultLoginAdmin": { "type": "boolean", "title": "Skip FileVault Login as Admin", "default": false, "description": "Skip FileVault authentication at startup if FileVault is enabled. The admin credentials will be used to tell fdesetup to silently use the credentials during next reboot to unlock FileVault. Passthrough is also disabled and the user will see the XCreds Login Window. To avoid the user being prompted for admin credentials, set the \"Login And Background Item Management\" management item (com.apple.servicemanagement) to allow teamid UXP6YEHSPW to have background tasks. Default value: false", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 325 }, "shouldShowMenuBarSignInWithoutLoginWindowSignin": { "type": "boolean", "title": "Should Show Menu Bar Sign In Without Login Window Sign In", "default": false, "description": "If the discovery URL is defined and there are no tokens or tickets, the sign in window in the user session will show even if the user did not log in from the XCreds Login Window", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 330 }, "refreshBannerText": { "type": "string", "title": "Refresh Banner Text", "default": "Log in to verify your cloud credentials. After verification, your local user account password will be set to your cloud password.", "description": "Text at top of window shown in user session when prompting for password.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 335 }, "shouldShowRefreshBanner": { "type": "boolean", "title": "Show Refresh Banner", "default": true, "description": "Show text at the top of the prompt window when tokens expire.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 340 }, "shouldShowConfigureWifiButton": { "type": "boolean", "title": "Show Configure WiFi", "default": true, "description": "Show Configure WiFi button in XCreds Login.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 345 }, "shouldShowShutdownButton": { "type": "boolean", "title": "Show Shutdown Button", "default": true, "description": "Show Shutdown button in XCreds Login.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 350 }, "shouldShowRestartButton": { "type": "boolean", "title": "Show Restart Button", "default": true, "description": "Show Restart button in XCreds Login.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 355 }, "shouldShowSystemInfoButton": { "type": "boolean", "title": "Show System Info Button", "default": true, "description": "Show Configure System Info in XCreds Login.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 360 }, "shouldShowPreferencesOnStart": { "type": "boolean", "title": "Show Preferences on Startup", "default": false, "description": "Show Settings on start if none are defined. Default value: false", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 365 }, "shouldPromptForMigration": { "type": "boolean", "title": "Should Prompt for Migration", "default": false, "description": "Prompt for local account username and password if no account was mapped and there are standard users already on the system.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 370 }, "shouldAllowKeyComboForMacLoginWindow": { "type": "boolean", "title": "Should Allow Key Combo For Mac Login Window", "default": false, "description": "Allow key combo (control-option return) to switch logon window. Use command-option-control-return for Mac Login Window. ", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 375 }, "keyCodeForLoginWindowChange": { "type": "integer", "title": "Key Code For Login Window Change", "description": "key code for shouldAllowKeyComboForMacLoginWindow. If not defined, it is return or enter. If this is defined, this key is used with control-option to switch to login window and command-option-control and this key is used to switch to Mac Login Window. Uses CGKeyCode (for example, enter is 76 and return is 36)", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 380 }, "shouldShowMacLoginButton": { "type": "boolean", "title": "Show Mac Login Window button", "default": true, "description": "Show the Mac Login Window button in XCreds Login.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 385 }, "shouldShowLocalOnlyCheckbox": { "type": "boolean", "title": "Show Local Only Checkbox", "default": true, "description": "Show the local only checkbox on the local login page ", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 390 }, "usernamePlaceholder": { "type": "string", "title": "Username Placeholder Text", "description": "Placeholder text in local / AD login window for username", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 395 }, "passwordPlaceholder": { "type": "string", "title": "Password Placeholder Text", "description": "Placeholder text in local / AD login window for password", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 400 }, "shouldShowSupportStatus": { "type": "boolean", "title": "Show Support Status Message", "default": true, "description": "Show message in XCreds Login reminding people to buy support.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 405 }, "shouldShowQuitMenu": { "type": "boolean", "title": "Show Quit Menu Item", "default": false, "description": "Show Quit in the menu item menu. Default value: true", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 410 }, "shouldShowVersionInfo": { "type": "boolean", "title": "Show Version and Build Number", "default": true, "description": "(Removed in v5.4 and replaced by shouldActivateSystemInfoButton) Show the version number and build number in the lower left corner of XCreds Login.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 415 }, "showDebug": { "type": "boolean", "title": "Show Debug Message", "default": false, "description": "Show push notifications for authentication progress. Default value: false", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 420 }, "username": { "type": "string", "title": "Local Username", "description": "When a user uses cloud login, XCreds will try and figure out the local username based on the email or other data returned for the IdP. Use this value to force the local username for any cloud login. Provide only the shortname.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 425 }, "KeychainReset": { "type": "boolean", "title": "Keychain Reset", "default": false, "description": "When a local user password does not match the cloud or AD password, this key will allow the user to select a Reset button to set their password to match their AD/cloud password, move their current keychain aside and create a new keychain. If XCreds does not have access to local admin credentials set from the XCreds command line tools, the user will prompted to enter local admin credentials.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 430 }, "PasswordOverwriteSilent": { "type": "boolean", "title": "Overwrite Password Silently", "default": false, "description": "Update the local user password silently to match the cloud / AD password. Requires access to admin credentials. See command line help to set admin username and password.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 435 }, "HideExpiration": { "type": "boolean", "title": "Hide Expiration", "default": false, "description": "Hide AD Expiration even if defined in AD Account", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 440 }, "localAdminUserName": { "type": "string", "title": "Local Admin User Name", "description": "Username of local admin user. DO NOT SET THIS IN PREFERENCES. It is recommended to set this with the settingsOverrideScriptPath script. This user is used to reset the keychain if the user forgets their local password and to setup a secure token for newly created users.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 445 }, "localAdminPassword": { "type": "string", "title": "Local Admin Password", "description": "Password of local admin user. DO NOT SET THIS IN PREFERENCES. It is recommended to set this with the settingsOverrideScriptPath script. This user is used to reset the keychain if the user forgets their local password and to setup a secure token for newly created users.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 450 }, "accountLockedPasswordDialogTitle": { "type": "string", "title": "Account Locked Password Dialog Title", "default": "Unlock Account", "description": "Title of dialog prompting user to enter in their prior local password when account is locked.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 455 }, "accountLockedPasswordDialogText": { "type": "string", "title": "Account Locked Password Dialog Text", "default": "The user account is locked. You can wait for the account to unlock or reset the password by clicking the Reset button below.", "description": "Text of dialog prompting user to enter in their prior local password when account is locked.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 460 }, "resetPasswordDialogTitle": { "type": "string", "title": "Reset Password Dialog Title", "default": "Please enter your local login password to sync your cloud password and login.", "description": "Title of dialog prompting user to enter in their prior local password.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 465 }, "systemInfoButtonTitle": { "type": "string", "title": "System Info Button Title", "default": "System Info", "description": "The title of the button for system info in the bottom right corner of the login screen. This can either be plain text or one of these special values: .os, .hostname, .ipaddress, .serial, .mac, .computername, .ssid. Using the special value will populate the associated information as the button title.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 470 }, "verifyPassword": { "type": "boolean", "title": "Verify Cloud Password", "default": true, "description": "When cloud password is changed and the local keychain password and local user account needs to be changed, a verification dialog can be shown to verify the password. Default value: true", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 475 }, "shouldDetectNetworkToDetermineLoginWindow": { "type": "boolean", "title": "Should Detect Network To Determine Login Window", "default": false, "description": "Check if network is up. If not, select username and password login window.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 480 }, "idpHostName": { "type": "string", "title": "IDP Host Name", "description": "Hostname of the page that has the password field. When the user submits the form, XCreds will use idpHostName to identify a page it needs to look for the password field. The password value is identified by an HTML id defined by passwordElementID. If this value is not defined. XCreds will look for login.microsoftonline.com and accounts.google.com. This value is commonly set for other IdP’s and for Azure environments that use ADFS.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 485 }, "idpHostNames": { "type": "array", "items": { "type": "string" }, "title": "IDP Host Names", "description": "array of hostnames of the page that has the password field.", "property_order": 490 }, "AdditionalADDomains": { "type": "array", "items": { "type": "string" }, "title": "Additional AD Domains", "description": "array of additional AD domains to accept", "property_order": 495 }, "ccidSlotName": { "type": "string", "title": "CCID Slot Name", "description": "Name of slot for CCID reader for reading RFID cards", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 500 }, "shouldAllowLoginCardSetup": { "type": "boolean", "title": "Should Allow Login Card Setup", "default": true, "description": "If an unknown RFID card is tapped, show option to pair with local account.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 505 }, "adUserAttributesToAddToLocalUserAccount": { "type": "array", "items": { "type": "string" }, "title": "AD User Attributes To Add To Local User Account", "description": "array of AD user attributes to add to local directory user account", "property_order": 510 }, "passwordElementID": { "type": "string", "title": "Password Element ID", "description": "Password element id of the html element that has the password. It is read by using JavaScript to get the value (for example, for Azure, the JavaScript document.getElementById('i0118').value is sent. If this default is not set, standard values for Azure and Google Cloud will be used. To find out this value, use a browser to inspect the source of the page that has the password on it. Find the id of the textfield that has the password. Fill in the password and then open the JavaScript console. Run:\n\ndocument.getElementById('passwordID').value\n\nchanging \"passwordID\" to the correct element ID. If the value you typed into the textfield is returned, this is the correct ID.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 515 }, "map_firstname": { "type": "string", "title": "First Name OIDC Mapping/AD Attribute", "default": "given_name", "description": "Local DS to OIDC/AD Mapping for First Name. Default value: \"given_name\" (OIDC), \"givenName\" (AD). map_firstname should be set to an OIDC claim/AD Attribute for first name.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 520 }, "map_lastname": { "type": "string", "title": "Last Name OIDC Mapping", "default": "family_name", "description": "Local DS to OIDC/AD Mapping for Last Name. Default value: \"family_name\" (OIDC), \"sn\" (AD). map_lastname should be set to an OIDC claim for last name.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 525 }, "map_fullname": { "type": "string", "title": "Full Name OIDC Mapping/AD Attribute", "default": "name", "description": "Local DS to OIDC/AD Attribute Mapping for Full Name. Default value: \"name\"(OIDC), \"displayName\" (AD). map_fullname should be set to an OIDC claim/AD Attribute for full name.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 530 }, "map_username": { "type": "string", "title": "Username OIDC Mapping/AD Attribute", "default": "name", "description": "Local DS to OIDC Mapping/AD Attribute for Name. Default value: \"name\" (OIDC), \"userPrincipalName\" (AD). map_username should be set to an OIDC claim/AD Attribute for name. The macOS username will be set as the portion of this value before an @ symbol if present.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 535 }, "map_fullusername": { "type": "string", "title": "Full Username OIDC Mapping/AD Attribute", "default": "name", "description": "Local DS to OIDC Mapping for Full Username (for example, freddy@twocanoes.com) Default value: \"unique_name\". map_username should be set to an OIDC claim for full username.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 540 }, "map_uid": { "type": "string", "title": "Map UID", "description": "Local DS to OIDC Mapping/AD Attribute for UID at initial user creation. If not set, the uid will be set to the next available. If the mapped UID is used, login will fail.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 545 }, "primaryGroupID": { "type": "string", "title": "Primary Group ID", "default": "20", "description": "Primary Group ID when creating a new user. Default value 20.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 550 }, "map_password_expiry": { "type": "string", "title": "Map OIDC claim to Password Expiry in Seconds", "default": "pwd_exp", "description": "Password expiry mapping to claim. If this value is set to an OIDC claim, the value in that claim should be the number of seconds from the token issued time (iat) to the expiry date. ", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 555 }, "settingsOverrideScriptPath": { "type": "string", "title": "Override Script Path", "default": "name", "description": "Script to override defaults. Must return valid property list with specified defaults. Script must exist at path, be owned by _securityagent and writable and executable only by _securityagent.", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 560 }, "upnSuffixToDomainMappings": { "type": "array", "items": { "type": "object", "properties": { "upn": { "type": "string", "title": "UPN", "description": "UPN" }, "domain": { "type": "string", "title": "domain", "description": "domain" } } }, "title": "UPN Suffix To Domain Mappings", "description": "In some Active Directory environments, users do not use username@domain to login; they use a UPN suffix to make the username easier to use. This setting maps the UPN suffix to the correct AD domain name. For example, if you have an AD domain of foo.com but want users to sign in as user@bar.com, a UPN suffix of foo.com is created in AD and the user account is set to user@foo.com. This setting then would map foo.com to bar.com by setting the key upn to foo.com and the domain key to bar.com.", "property_order": 565 }, "menuItems": { "type": "array", "items": { "type": "object", "title": "Optional Menu Items", "description": "Menu Item Name", "properties": { "menuItemName": { "type": "string", "title": "Menu Item Name", "description": "Menu Item" }, "linkOrAppPath": { "type": "string", "title": "Web page URL or local path to app", "description": "Link or App Path" }, "separatorBefore": { "type": "boolean", "title": "Separator Before", "default": false, "description": "Separator line before menu item" }, "separatorAfter": { "type": "boolean", "title": "Separator After", "default": false, "description": "Separator line after menu item" } } }, "title": "Menu Items", "description": "Menu Items", "property_order": 570 }, "Shares": { "type": "array", "items": { "type": "object", "properties": { "Name": { "type": "string", "title": "Name", "description": "Name of share to show in menu" }, "URL": { "type": "string", "title": "URL", "description": "URL for share (eg smb://server.example.com/share)" }, "Groups": { "type": "array", "items": {}, "title": "Groups" }, "ConnectedOnly": { "type": "boolean", "title": "ConnectedOnly", "description": "Allow mounting only if network connection is detected" }, "AutoMount": { "type": "boolean", "title": "AutoMount", "description": "Automatically mount when XCreds starts" } } }, "title": "Shares", "description": "Add menu item and mount/automount shares", "property_order": 575 }, "HomeMountEnabled": { "type": "boolean", "title": "Home Mount Enabled", "default": true, "description": "Show and mount home directory from AD profile if defined.", "property_order": 580 }, "HomeAppendDomain": { "type": "boolean", "title": "Home Append Domain", "default": false, "description": "Append the domain name to the share defined in the profile.", "property_order": 585 }, "shareMenuItemName": { "type": "string", "title": "Share Menu Item Name", "description": "Name for Shares menu item. Default: \"Shares\".", "links": [ { "rel": "More information", "href": "https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences" } ], "property_order": 590 } } } ================================================ FILE: README-Resources.md ================================================ Sample configuration profiles, manifest, and share config is located at: https://twocanoes-app-resources.s3.amazonaws.com/xcreds/xcreds-4_0-resources.zip ================================================ FILE: README.md ================================================ # XCreds: Sync Your Cloud Password to your Mac ## How It Works XCreds has 2 components: the XCreds app that runs in user space and XCreds Login Window that is a security agent that runs when the user is logging in to their mac. Both the security agent and the app share keychain items in the user's keychain to key track of the current local password and the tokens from the cloud provider. Both items prompt the user withe a web view to authenticate to their cloud provider, verify log in was successful and then updates the local password and user keychain passwords as needed. ## Requirements XCreds currently works with Azure and Google cloud as an OIDC identity provider. It has been tested on macOS Monterey but should support earlier version of macOS. ## Components XCreds consists of XCreds Login and XCreds app. They do similar tasks but run at different times. ### XCreds Login XCreds Login is a Security Agent that replaces the login window on macOS to provide authentication to the cloud provider. It presents a web view at the login window and fully supports multi-factor authentication. When authentication completes, the web view receives Open Id Connect (OIDC) tokens and stores those tokens in the login keychain. If the local password and the cloud password are different, the local password is updated to match the cloud password and the login keychain password is updated a well. The local password is then stored in the user keychain so that any password changes in the future can be updated silently. Only the security agent and the XCreds app are given permission to access the password and tokens. ### XCreds App The XCreds app runs when the user logs in. On first launch, it checks to see if xcreds tokens as available in the login keychain. If they are, the refresh token is used to see if it is still valid. If it is invalid (due to a remote password change), the user is prompted with a web view to authenticate with their cloud credentials. If they authenticate successfully, the tokens are updated in the login keychain and the password is check to see if it has been changed. If it changed, the local account and login keychain is updated to match the cloud password. ## Setup and Configuration See the [admin guide](https://github.com/twocanoes/xcreds/wiki/AdminGuide) on the wiki. ## Video See the [video on youtube](https://www.youtube.com/watch?v=qtPy5ddp9kg&list=PLFtGGT240LAMYGcueZT76BySBQRFCzdce) ## Support Please join the #xcreds MacAdmins slack channel for any questions you have. ## Thanks Special thanks to North Carolina State University and Everette Allen for supporting this project. OIDCLite is Copyright (c) 2022 Joel Rennich (https://gitlab.com/Mactroll/OIDCLite) under MIT License. XCreds is licensed under BSD Open Source License. ================================================ FILE: Sample Profile/Auth0OIDC.mobileconfig ================================================ PayloadContent PayloadDisplayName XCreds PayloadIdentifier com.github.erikberglund.ProfileCreator.86350731-1130-4F85-AAA8-A99BBBD55F8E.com.twocanoes.xcreds.07C53DE9-CA33-4E52-A008-F5EA5068D819 PayloadOrganization PayloadType com.twocanoes.xcreds PayloadUUID 07C53DE9-CA33-4E52-A008-F5EA5068D819 PayloadVersion 1 clientID R150TTFcwSNIhEg7j9v44DZpISe40R7C clientSecret NoQ1usaOzVMDvPKfTGfW1EF3vdiA-1_xcsBHPJ8IH17jNXraljLsOLJ__5_RNbpM discoveryURL https://dev-4vea1756mp0xnss6.us.auth0.com/.well-known/openid-configuration idpHostName dev-4vea1756mp0xnss6.us.auth0.com redirectURI https://127.0.0.1/xcreds scopes profile openid offline_access xcreds PayloadDisplayName Auth0 OIDC PayloadIdentifier com.github.erikberglund.ProfileCreator.86350731-1130-4F85-AAA8-A99BBBD55F8E PayloadOrganization Twocanoes Software, Inc PayloadScope System PayloadType Configuration PayloadUUID 86350731-1130-4F85-AAA8-A99BBBD55F8E PayloadVersion 1 ================================================ FILE: Sample Profile/xcreds-AD Only Just Domain.mobileconfig ================================================ PayloadContent ADDomain twocanoes.com PayloadDescription Configures XCreds configuration preferences PayloadDisplayName XCreds PayloadIdentifier com.github.erikberglund.ProfileCreator.47F59CD0-E476-4016-A8C6-82837B61C7CE.com.twocanoes.xcreds.F5B79C66-146F-4F8A-9237-CAF10606615C.11BE4B70-7A81-4351-A799-6B6BCBCF0900.C499E48D-61A5-4463-BB5A-FFFB14936411.0C06D77A-983C-43D4-939E-AA6AF0AF9AFA PayloadOrganization PayloadType com.twocanoes.xcreds PayloadUUID 0C06D77A-983C-43D4-939E-AA6AF0AF9AFA PayloadVersion 1 PayloadDescription AD Only PayloadDisplayName xcreds-AD Only PayloadIdentifier com.github.erikberglund.ProfileCreat0C865A8B-0494-42F7-9108-1AAFC2C85B72 PayloadOrganization twocanoes PayloadScope System PayloadType Configuration PayloadUUID 56A788D5-4AFE-48CD-81D0-7F455F2DD5E5 PayloadVersion 1 ================================================ FILE: Sample Profile/xcreds-AD Only backgtround.mobileconfig ================================================ PayloadContent ADDomain twocanoes.com CreateAdminIfGroupMember 93392af1-8e10-4691-9702-a4d5e7f7c781 47b36644-8477-4194-b42d-9e519e9193e7 PasswordOverwriteSilent PayloadDescription Configures XCreds configuration preferences PayloadDisplayName XCreds PayloadIdentifier com.github.erikberglund.ProfileCreator.47F59CD0-E476-4016-A8C6-82837B61C7CE.com.twocanoes.xcreds.F5B79C66-146F-4F8A-9237-CAF10606615C.11BE4B70-7A81-4351-A799-6B6BCBCF0900.C499E48D-61A5-4463-BB5A-FFFB14936411.0C06D77A-983C-43D4-939E-AA6AF0AF9AFA PayloadOrganization PayloadType com.twocanoes.xcreds PayloadUUID 0C06D77A-983C-43D4-939E-AA6AF0AF9AFA PayloadVersion 1 cloudLoginText Back to XCreds loginWindowHeight 500 loginWindowWidth 500 shouldShowConfigureWifiButton shouldShowMacLoginButton shouldShowQuitMenu shouldShowSupportStatus shouldShowVersionInfo shouldSwitchToLoginWindowWhenLocked menuItemWindowBackgroundImageURL https://fastly.picsum.photos/id/372/1500/1500.jpg?hmac=zlpxcyac6DNQTPTFpYVh94P9leqIknZ1ATvb4I-3NSQ shouldLoginWindowBackgroundImageFillScreen settingsOverrideScriptPath /usr/local/xcreds/override.sh PayloadDescription AD Only PayloadDisplayName xcreds-AD Only PayloadIdentifier com.github.erikberglund.ProfileCreat0C865A8B-0494-42F7-9108-1AAFC2C85B72 PayloadOrganization twocanoes PayloadScope System PayloadType Configuration PayloadUUID 56A788D5-4AFE-48CD-81D0-7F455F2DD5E5 PayloadVersion 1 ================================================ FILE: Sample Profile/xcreds-AD Only copy.mobileconfig ================================================ PayloadContent hideExpiration ADDomain twocanoes.com CreateAdminIfGroupMember 93392af1-8e10-4691-9702-a4d5e7f7c781 47b36644-8477-4194-b42d-9e519e9193e7 PasswordOverwriteSilent PayloadDescription Configures XCreds configuration preferences PayloadDisplayName XCreds PayloadIdentifier com.github.erikberglund.ProfileCreator.47F59CD0-E476-4016-A8C6-82837B61C7CE.com.twocanoes.xcreds.F5B79C66-146F-4F8A-9237-CAF10606615C.11BE4B70-7A81-4351-A799-6B6BCBCF0900.C499E48D-61A5-4463-BB5A-FFFB14936411.0C06D77A-983C-43D4-939E-AA6AF0AF9AFA PayloadOrganization PayloadType com.twocanoes.xcreds PayloadUUID 0C06D77A-983C-43D4-939E-AA6AF0AF9AFA PayloadVersion 1 cloudLoginText Back to XCreds loginWindowHeight 500 loginWindowWidth 500 shouldShowConfigureWifiButton shouldShowMacLoginButton shouldShowQuitMenu shouldShowSupportStatus shouldShowVersionInfo shouldSwitchToLoginWindowWhenLocked settingsOverrideScriptPath /usr/local/xcreds/override.sh PayloadDescription AD Only PayloadDisplayName xcreds-AD Only PayloadIdentifier com.github.erikberglund.ProfileCreat0C865A8B-0494-42F7-9108-1AAFC2C85B72 PayloadOrganization twocanoes PayloadScope System PayloadType Configuration PayloadUUID 56A788D5-4AFE-48CD-81D0-7F455F2DD5E5 PayloadVersion 1 ================================================ FILE: Sample Profile/xcreds-AD Only.mobileconfig ================================================ PayloadContent ADDomain twocanoes.com CreateAdminIfGroupMember 93392af1-8e10-4691-9702-a4d5e7f7c781 47b36644-8477-4194-b42d-9e519e9193e7 PasswordOverwriteSilent PayloadDescription Configures XCreds configuration preferences PayloadDisplayName XCreds PayloadIdentifier com.github.erikberglund.ProfileCreator.47F59CD0-E476-4016-A8C6-82837B61C7CE.com.twocanoes.xcreds.F5B79C66-146F-4F8A-9237-CAF10606615C.11BE4B70-7A81-4351-A799-6B6BCBCF0900.C499E48D-61A5-4463-BB5A-FFFB14936411.0C06D77A-983C-43D4-939E-AA6AF0AF9AFA PayloadOrganization PayloadType com.twocanoes.xcreds PayloadUUID 0C06D77A-983C-43D4-939E-AA6AF0AF9AFA PayloadVersion 1 cloudLoginText Back to XCreds loginWindowHeight 500 loginWindowWidth 500 shouldShowConfigureWifiButton shouldShowMacLoginButton shouldShowQuitMenu shouldShowSupportStatus shouldShowVersionInfo shouldSwitchToLoginWindowWhenLocked settingsOverrideScriptPath /usr/local/xcreds/override.sh PayloadDescription AD Only PayloadDisplayName xcreds-AD Only PayloadIdentifier com.github.erikberglund.ProfileCreat0C865A8B-0494-42F7-9108-1AAFC2C85B72 PayloadOrganization twocanoes PayloadScope System PayloadType Configuration PayloadUUID 56A788D5-4AFE-48CD-81D0-7F455F2DD5E5 PayloadVersion 1 ================================================ FILE: Sample Profile/xcreds-AD Only_admin_group.mobileconfig ================================================ PayloadContent ADDomain twocanoes.com CreateAdminIfGroupMember Administrators PasswordOverwriteSilent PayloadDescription Configures XCreds configuration preferences PayloadDisplayName XCreds PayloadIdentifier com.github.erikberglund.ProfileCreator.47F59CD0-E476-4016-A8C6-82837B61C7CE.com.twocanoes.xcreds.F5B79C66-146F-4F8A-9237-CAF10606615C.11BE4B70-7A81-4351-A799-6B6BCBCF0900.C499E48D-61A5-4463-BB5A-FFFB14936411.0C06D77A-983C-43D4-939E-AA6AF0AF9AFA PayloadOrganization PayloadType com.twocanoes.xcreds PayloadUUID 0C06D77A-983C-43D4-939E-AA6AF0AF9AFA PayloadVersion 1 cloudLoginText Back to XCreds loginWindowHeight 500 loginWindowWidth 500 shouldShowConfigureWifiButton shouldShowMacLoginButton shouldShowQuitMenu shouldShowSupportStatus shouldShowVersionInfo shouldSwitchToLoginWindowWhenLocked settingsOverrideScriptPath /usr/local/xcreds/override.sh PayloadDescription AD Only PayloadDisplayName xcreds-AD Only PayloadIdentifier com.github.erikberglund.ProfileCreat0C865A8B-0494-42F7-9108-1AAFC2C85B72 PayloadOrganization twocanoes PayloadScope System PayloadType Configuration PayloadUUID 56A788D5-4AFE-48CD-81D0-7F455F2DD5E5 PayloadVersion 1 ================================================ FILE: Sample Profile/xcreds-AD Onlysubdomain.mobileconfig ================================================ PayloadContent hideExpiration ADDomain twocanoes.com AdditionalADDomains paddle.twocanoes.com PayloadDescription Configures XCreds configuration preferences PayloadDisplayName XCreds PayloadIdentifier com.github.erikberglund.ProfileCreator.47F59CD0-E476-4016-A8C6-82837B61C7CE.com.twocanoes.xcreds.F5B79C66-146F-4F8A-9237-CAF10606615C.11BE4B70-7A81-4351-A799-6B6BCBCF0900.C499E48D-61A5-4463-BB5A-FFFB14936411.0C06D77A-983C-43D4-939E-AA6AF0AF9AFA PayloadOrganization PayloadType com.twocanoes.xcreds PayloadUUID 0C06D77A-983C-43D4-939E-AA6AF0AF9AFA PayloadVersion 1 cloudLoginText Back to XCreds loginWindowHeight 500 loginWindowWidth 500 PayloadDescription AD Only PayloadDisplayName xcreds-AD Only PayloadIdentifier com.github.erikberglund.ProfileCreat0C865A8B-0494-42F7-9108-1AAFC2C85B72 PayloadOrganization twocanoes PayloadScope System PayloadType Configuration PayloadUUID 56A788D5-4AFE-48CD-81D0-7F455F2DD5E5 PayloadVersion 1 ================================================ FILE: Sample Profile/xcreds-AD Onlysubdomain_upn_mappings.mobileconfig ================================================ PayloadContent hideExpiration ADDomain twocanoes.com AdditionalADDomains paddle.twocanoes.com PayloadDescription Configures XCreds configuration preferences PayloadDisplayName XCreds PayloadIdentifier com.github.erikberglund.ProfileCreator.47F59CD0-E476-4016-A8C6-82837B61C7CE.com.twocanoes.xcreds.F5B79C66-146F-4F8A-9237-CAF10606615C.11BE4B70-7A81-4351-A799-6B6BCBCF0900.C499E48D-61A5-4463-BB5A-FFFB14936411.0C06D77A-983C-43D4-939E-AA6AF0AF9AFA PayloadOrganization PayloadType com.twocanoes.xcreds PayloadUUID 0C06D77A-983C-43D4-939E-AA6AF0AF9AFA PayloadVersion 1 cloudLoginText Back to XCreds loginWindowHeight 500 loginWindowWidth 500 upnSuffixToDomainMappings upn naperville.twocanoes.com domain paddle.twocanoes.com upn chicago.twocanoes.com domain twocanoes.com PayloadDescription AD Only PayloadDisplayName xcreds-AD Only PayloadIdentifier com.github.erikberglund.ProfileCreat0C865A8B-0494-42F7-9108-1AAFC2C85B72 PayloadOrganization twocanoes PayloadScope System PayloadType Configuration PayloadUUID 56A788D5-4AFE-48CD-81D0-7F455F2DD5E5 PayloadVersion 1 ================================================ FILE: Sample Profile/xcreds-AD With Menu and Shares.mobileconfig ================================================ PayloadContent ADDomain twocanoes.com CreateAdminIfGroupMember 93392af1-8e10-4691-9702-a4d5e7f7c781 47b36644-8477-4194-b42d-9e519e9193e7 PasswordOverwriteSilent PayloadDescription Configures XCreds configuration preferences PayloadDisplayName XCreds PayloadIdentifier com.github.erikberglund.ProfileCreator.47F59CD0-E476-4016-A8C6-82837B61C7CE.com.twocanoes.xcreds.F5B79C66-146F-4F8A-9237-CAF10606615C.11BE4B70-7A81-4351-A799-6B6BCBCF0900.C499E48D-61A5-4463-BB5A-FFFB14936411.0C06D77A-983C-43D4-939E-AA6AF0AF9AFA PayloadOrganization PayloadType com.twocanoes.xcreds PayloadUUID 0C06D77A-983C-43D4-939E-AA6AF0AF9AFA PayloadVersion 1 cloudLoginText Back to XCreds loginWindowHeight 500 loginWindowWidth 500 HomeMountEnabled HomeMountOptions HomeMountGroups All Shares Groups XCred Shares ConnectedOnly Options LocalMount AutoMount Name server22 files URL smb://server22.twocanoes.com/Files Groups ConnectedOnly Options LocalMount AutoMount Name Home Shares URL smb://dc1.nomad.test/Homes Groups ConnectedOnly Options LocalMount AutoMount Name File Space URL smb://dc1.nomad.test/File Space Groups one Options LocalMount AutoMount Name File Space URL smb://dc1.nomad.test/File Space shouldShowConfigureWifiButton shouldShowMacLoginButton shouldShowQuitMenu shouldShowSupportStatus shouldShowVersionInfo shouldSwitchToLoginWindowWhenLocked settingsOverrideScriptPath /usr/local/xcreds/override.sh menuItems linkOrAppPath https://twocanoes.com menuItemName Home separatorAfter separatorBefore linkOrAppPath /System/Applications/Utilities/Keychain Access.app menuItemName Keychain Access separatorAfter separatorBefore PayloadDescription AD Only PayloadDisplayName xcreds-AD Only PayloadIdentifier com.github.erikberglund.ProfileCreat0C865A8B-0494-42F7-9108-1AAFC2C85B72 PayloadOrganization twocanoes PayloadScope System PayloadType Configuration PayloadUUID 56A788D5-4AFE-48CD-81D0-7F455F2DD5E5 PayloadVersion 1 ================================================ FILE: Sample Profile/xcreds-AD With Menu.mobileconfig ================================================ PayloadContent ADDomain twocanoes.com CreateAdminIfGroupMember 93392af1-8e10-4691-9702-a4d5e7f7c781 47b36644-8477-4194-b42d-9e519e9193e7 passwordChangeURL ADNative PasswordOverwriteSilent PayloadDescription Configures XCreds configuration preferences PayloadDisplayName XCreds PayloadIdentifier com.github.erikberglund.ProfileCreator.47F59CD0-E476-4016-A8C6-82837B61C7CE.com.twocanoes.xcreds.F5B79C66-146F-4F8A-9237-CAF10606615C.11BE4B70-7A81-4351-A799-6B6BCBCF0900.C499E48D-61A5-4463-BB5A-FFFB14936411.0C06D77A-983C-43D4-939E-AA6AF0AF9AFA PayloadOrganization PayloadType com.twocanoes.xcreds PayloadUUID 0C06D77A-983C-43D4-939E-AA6AF0AF9AFA PayloadVersion 1 cloudLoginText Back to XCreds loginWindowHeight 500 loginWindowWidth 500 shouldShowConfigureWifiButton shouldShowMacLoginButton shouldShowQuitMenu shouldShowSupportStatus shouldShowVersionInfo shouldSwitchToLoginWindowWhenLocked settingsOverrideScriptPath /usr/local/xcreds/override.sh refreshRateHours 0 refreshRateMinutes 5 menuItems linkOrAppPath https://twocanoes.com menuItemName Home separatorAfter separatorBefore linkOrAppPath /System/Applications/Utilities/Keychain Access.app menuItemName Keychain Access separatorAfter separatorBefore PayloadDescription AD Only PayloadDisplayName xcreds-AD Only PayloadIdentifier com.github.erikberglund.ProfileCreat0C865A8B-0494-42F7-9108-1AAFC2C85B72 PayloadOrganization twocanoes PayloadScope System PayloadType Configuration PayloadUUID 56A788D5-4AFE-48CD-81D0-7F455F2DD5E5 PayloadVersion 1 ================================================ FILE: Sample Profile/xcreds_example_azure.mobileconfig ================================================ PayloadContent PayloadDescription Configures XCreds configuration preferences PayloadDisplayName XCreds PayloadIdentifier com.github.erikberglund.ProfileCreator.47F59CD0-E476-4016-A8C6-82837B61C7CE.com.twocanoes.xcreds.F5B79C66-146F-4F8A-9237-CAF10606615C.11BE4B70-7A81-4351-A799-6B6BCBCF0900 PayloadOrganization PayloadType com.twocanoes.xcreds PayloadUUID 11BE4B70-7A81-4351-A799-6B6BCBCF0900 PayloadVersion 1 clientID 5487c4cd-949a-402d-9eee-ae8fb696b415 discoveryURL https://login.microsoftonline.com/common/.well-known/openid-configuration redirectURI https://127.0.0.1/xcreds PayloadDescription azure xcreds PayloadDisplayName azure xcreds PayloadIdentifier com.github.erikberglund.ProfileCreatorAF7B74FE-BF9D-4789-9E78-519C49324120 PayloadOrganization twocanoes PayloadScope System PayloadType Configuration PayloadUUID 7620DBF9-295B-4DFF-B0AE-0629207ECF5A PayloadVersion 1 ================================================ FILE: Sample Profile/xcreds_example_azure_allow_fred.mobileconfig ================================================ PayloadContent PayloadDescription Configures XCreds configuration preferences PayloadDisplayName XCreds PayloadIdentifier com.github.erikberglund.ProfileCreator.47F59CD0-E476-4016-A8C6-82837B61C7CE.com.twocanoes.xcreds.F5B79C66-146F-4F8A-9237-CAF10606615C.11BE4B70-7A81-4351-A799-6B6BCBCF0900 PayloadOrganization PayloadType com.twocanoes.xcreds PayloadUUID 11BE4B70-7A81-4351-A799-6B6BCBCF0900 PayloadVersion 1 clientID 5487c4cd-949a-402d-9eee-ae8fb696b415 discoveryURL https://login.microsoftonline.com/common/.well-known/openid-configuration redirectURI https://127.0.0.1/xcreds scopes profile openid email offline_access shouldShowQuitMenu map_firstname given_name map_fullname name map_lastname family_name map_username name cloudLoginText Back to XCreds loginWindowBackgroundImageURL file:///System/Library/Desktop Pictures/Monterey Graphic.heic loginWindowHeight 500 loginWindowWidth 500 shouldShowConfigureWifiButton shouldShowMacLoginButton shouldShowSupportStatus shouldShowVersionInfo allowedUsersArray fred@twocanoes.com allowUsersClaim upn PayloadDescription azure xcreds PayloadDisplayName azure xcreds PayloadIdentifier com.github.erikberglund.ProfileCreatorAF7B74FE-BF9D-4789-9E78-519C49324120 PayloadOrganization twocanoes PayloadScope System PayloadType Configuration PayloadUUID 7620DBF9-295B-4DFF-B0AE-0629207ECF5A PayloadVersion 1 ================================================ FILE: Sample Profile/xcreds_example_azure_background.mobileconfig ================================================ PayloadContent PayloadDescription Configures XCreds configuration preferences PayloadDisplayName XCreds PayloadIdentifier com.github.erikberglund.ProfileCreator.47F59CD0-E476-4016-A8C6-82837B61C7CE.com.twocanoes.xcreds.F5B79C66-146F-4F8A-9237-CAF10606615C.11BE4B70-7A81-4351-A799-6B6BCBCF0900 PayloadOrganization PayloadType com.twocanoes.xcreds PayloadUUID 11BE4B70-7A81-4351-A799-6B6BCBCF0900 PayloadVersion 1 clientID 5487c4cd-949a-402d-9eee-ae8fb696b415 discoveryURL https://login.microsoftonline.com/common/.well-known/openid-configuration redirectURI https://127.0.0.1/xcreds scopes profile openid email offline_access loginWindowBackgroundImageURL file:///Applications/XCreds.app/Contents/Resources/colorline.png loginWindowSecondaryMonitorsBackgroundImageURL file:///Applications/XCreds.app/Contents/Resources/colorline.png loginWindowHeight 500 loginWindowWidth 500 shouldShowVersionInfo shouldLoginWindowBackgroundImageFillScreen shouldLoginWindowSecondaryMonitorsBackgroundImageFillScreen PayloadDescription azure xcreds PayloadDisplayName azure xcreds PayloadIdentifier com.github.erikberglund.ProfileCreatorAF7B74FE-BF9D-4789-9E78-519C49324120 PayloadOrganization twocanoes PayloadScope System PayloadType Configuration PayloadUUID 7620DBF9-295B-4DFF-B0AE-0629207ECF5A PayloadVersion 1 ================================================ FILE: Sample Profile/xcreds_example_azure_hide.mobileconfig ================================================ PayloadContent PayloadDescription Configures XCreds configuration preferences PayloadDisplayName XCreds PayloadIdentifier com.github.erikberglund.ProfileCreator.47F59CD0-E476-4016-A8C6-82837B61C7CE.com.twocanoes.xcreds.F5B79C66-146F-4F8A-9237-CAF10606615C.11BE4B70-7A81-4351-A799-6B6BCBCF0900 PayloadOrganization PayloadType com.twocanoes.xcreds PayloadUUID 11BE4B70-7A81-4351-A799-6B6BCBCF0900 PayloadVersion 1 clientID 5487c4cd-949a-402d-9eee-ae8fb696b415 discoveryURL https://login.microsoftonline.com/common/.well-known/openid-configuration redirectURI https://127.0.0.1/xcreds scopes profile openid email offline_access shouldShowQuitMenu map_firstname given_name map_fullname name map_lastname family_name map_username name cloudLoginText Back to XCreds loginWindowBackgroundImageURL file:///System/Library/Desktop Pictures/Monterey Graphic.heic loginWindowHeight 500 loginWindowWidth 500 shouldShowConfigureWifiButton shouldShowMacLoginButton shouldShowSupportStatus shouldShowVersionInfo hideIfPathExists /tmp/hide PayloadDescription azure xcreds PayloadDisplayName azure xcreds PayloadIdentifier com.github.erikberglund.ProfileCreatorAF7B74FE-BF9D-4789-9E78-519C49324120 PayloadOrganization twocanoes PayloadScope System PayloadType Configuration PayloadUUID 7620DBF9-295B-4DFF-B0AE-0629207ECF5A PayloadVersion 1 ================================================ FILE: Sample Profile/xcreds_example_azure_loadPageTitle_loadPageInfo.mobileconfig ================================================ PayloadContent PayloadDescription Configures XCreds configuration preferences PayloadDisplayName XCreds PayloadIdentifier com.github.erikberglund.ProfileCreator.47F59CD0-E476-4016-A8C6-82837B61C7CE.com.twocanoes.xcreds.F5B79C66-146F-4F8A-9237-CAF10606615C.11BE4B70-7A81-4351-A799-6B6BCBCF0900 PayloadOrganization PayloadType com.twocanoes.xcreds PayloadUUID 11BE4B70-7A81-4351-A799-6B6BCBCF0900 PayloadVersion 1 clientID 5487c4cd-949a-402d-9eee-ae8fb696b415 discoveryURL https://login.microsoftonline.com/common/.well-known/openid-configuration redirectURI https://127.0.0.1/xcreds scopes profile openid email offline_access shouldShowQuitMenu loadPageTitle This is a custom title! loadPageInfo please make sure add in some interest interesting information and let the user to click Refresh.\n\nHi Mom! map_firstname given_name map_fullname name map_lastname family_name map_username name cloudLoginText Back to XCreds loginWindowBackgroundImageURL file:///System/Library/Desktop Pictures/Monterey Graphic.heic loginWindowHeight 500 loginWindowWidth 500 shouldShowConfigureWifiButton shouldShowMacLoginButton shouldShowSupportStatus shouldShowVersionInfo PayloadDescription azure xcreds PayloadDisplayName azure xcreds PayloadIdentifier com.github.erikberglund.ProfileCreatorAF7B74FE-BF9D-4789-9E78-519C49324120 PayloadOrganization twocanoes PayloadScope System PayloadType Configuration PayloadUUID 7620DBF9-295B-4DFF-B0AE-0629207ECF5A PayloadVersion 1 ================================================ FILE: Sample Profile/xcreds_example_azure_ropg.mobileconfig ================================================ PayloadContent PayloadDescription Configures XCreds configuration preferences PayloadDisplayName XCreds PayloadIdentifier com.github.erikberglund.ProfileCreator.47F59CD0-E476-4016-A8C6-82837B61C7CE.com.twocanoes.xcreds.F5B79C66-146F-4F8A-9237-CAF10606615C.11BE4B70-7A81-4351-A799-6B6BCBCF0900 PayloadOrganization PayloadType com.twocanoes.xcreds PayloadUUID 11BE4B70-7A81-4351-A799-6B6BCBCF0900 PayloadVersion 1 clientID 5487c4cd-949a-402d-9eee-ae8fb696b415 discoveryURL https://login.microsoftonline.com/e64a2b5d-3eb1-436e-9e8a-521f0c5cd489/.well-known/openid-configuration redirectURI https://127.0.0.1/xcreds shouldUseROPGForPasswordChangeChecking clientSecret [REDACTED] resource https://graph.microsoft.com PayloadDescription azure xcreds PayloadDisplayName azure xcreds PayloadIdentifier com.github.erikberglund.ProfileCreatorAF7B74FE-BF9D-4789-9E78-519C49324120 PayloadOrganization twocanoes PayloadScope System PayloadType Configuration PayloadUUID 7620DBF9-295B-4DFF-B0AE-0629207ECF5A PayloadVersion 1 ================================================ FILE: Sample Profile/xcreds_example_azure_skip_fv.mobileconfig ================================================ PayloadContent PayloadDescription Configures XCreds configuration preferences PayloadDisplayName XCreds PayloadIdentifier com.github.erikberglund.ProfileCreator.47F59CD0-E476-4016-A8C6-82837B61C7CE.com.twocanoes.xcreds.F5B79C66-146F-4F8A-9237-CAF10606615C.11BE4B70-7A81-4351-A799-6B6BCBCF0900 PayloadOrganization PayloadType com.twocanoes.xcreds PayloadUUID 11BE4B70-7A81-4351-A799-6B6BCBCF0900 PayloadVersion 1 clientID 5487c4cd-949a-402d-9eee-ae8fb696b415 discoveryURL https://login.microsoftonline.com/common/.well-known/openid-configuration redirectURI https://127.0.0.1/xcreds shouldSkipFileVaultLogin shouldSkipFileVaultLoginAdmin PayloadDescription azure xcreds PayloadDisplayName azure xcreds PayloadIdentifier com.github.erikberglund.ProfileCreatorAF7B74FE-BF9D-4789-9E78-519C49324120 PayloadOrganization twocanoes PayloadScope System PayloadType Configuration PayloadUUID 7620DBF9-295B-4DFF-B0AE-0629207ECF5A PayloadVersion 1 ================================================ FILE: Sample Profile/xcreds_example_azure_with_AD.mobileconfig ================================================ PayloadContent PayloadDescription Configures XCreds configuration preferences PayloadDisplayName XCreds PayloadIdentifier com.github.erikberglund.ProfileCreator.47F59CD0-E476-4016-A8C6-82837B61C7CE.com.twocanoes.xcreds.F5B79C66-146F-4F8A-9237-CAF10606615C.11BE4B70-7A81-4351-A799-6B6BCBCF0900 PayloadOrganization PayloadType com.twocanoes.xcreds PayloadUUID 11BE4B70-7A81-4351-A799-6B6BCBCF0900 PayloadVersion 1 clientID 5487c4cd-949a-402d-9eee-ae8fb696b415 discoveryURL https://login.microsoftonline.com/common/.well-known/openid-configuration redirectURI https://127.0.0.1/xcreds ADDomain twocanoes.com PayloadDescription azure xcreds PayloadDisplayName azure xcreds PayloadIdentifier com.github.erikberglund.ProfileCreatorAF7B74FE-BF9D-4789-9E78-519C49324120 PayloadOrganization twocanoes PayloadScope System PayloadType Configuration PayloadUUID 7620DBF9-295B-4DFF-B0AE-0629207ECF5A PayloadVersion 1 ================================================ FILE: Sample Profile/xcreds_example_change_app_settings.mobileconfig ================================================ PayloadContent PayloadDescription Configures XCreds configuration preferences PayloadDisplayName XCreds PayloadIdentifier com.github.erikberglund.ProfileCreator.47F59CD0-E476-4016-A8C6-82837B61C7CE.com.twocanoes.xcreds.F5B79C66-146F-4F8A-9237-CAF10606615C.11BE4B70-7A81-4351-A799-6B6BCBCF0900 PayloadOrganization PayloadType com.twocanoes.xcreds PayloadUUID 11BE4B70-7A81-4351-A799-6B6BCBCF0900 PayloadVersion 1 clientID [redacted] discoveryURL https://login.microsoftonline.com/common/.well-known/openid-configuration redirectURI https://127.0.0.1/xcreds scopes profile openid email offline_access shouldShowQuitMenu map_firstname given_name map_fullname name map_lastname family_name map_username name cloudLoginText Back to XCreds loginWindowBackgroundImageURL file:///System/Library/Desktop Pictures/Monterey Graphic.heic loginWindowHeight 500 loginWindowWidth 500 shouldShowConfigureWifiButton shouldShowMacLoginButton shouldShowSupportStatus shouldShowVersionInfo PayloadDescription azure xcreds PayloadDisplayName azure xcreds PayloadIdentifier com.github.erikberglund.ProfileCreatorAF7B74FE-BF9D-4789-9E78-519C49324120 PayloadOrganization twocanoes PayloadScope System PayloadType Configuration PayloadUUID 7620DBF9-295B-4DFF-B0AE-0629207ECF5A PayloadVersion 1 ================================================ FILE: Sample Profile/xcreds_example_google.mobileconfig ================================================ PayloadContent PayloadDescription Configures XCreds configuration preferences PayloadDisplayName XCreds PayloadIdentifier com.github.erikberglund.ProfileCreator.47F59CD0-E476-4016-A8C6-82837B61C7CE.com.twocanoes.xcreds.F5B79C66-146F-4F8A-9237-CAF10606615C PayloadOrganization PayloadType com.twocanoes.xcreds PayloadUUID F5B79C66-146F-4F8A-9237-CAF10606615C PayloadVersion 1 clientID [redacted] clientSecret [redacted] discoveryURL https://accounts.google.com/.well-known/openid-configuration redirectURI https://127.0.0.1/xcreds PayloadDescription google xcreds PayloadDisplayName google xcreds PayloadIdentifier com.github.erikberglund.ProfileCreator.47F59CD0-E476-4016-A8C6-82837B61C7CE PayloadOrganization twocanoes PayloadScope System PayloadType Configuration PayloadUUID 47F59CD0-E476-4016-A8C6-82837B61C7CE PayloadVersion 1 ================================================ FILE: Sample Profile/xcreds_example_okta.mobileconfig ================================================ PayloadContent PayloadDescription Configures XCreds configuration preferences PayloadDisplayName XCreds PayloadIdentifier com.github.erikberglund.ProfileCreator.47F59CD0-E476-4016-A8C6-82837B61C7CE.com.twocanoes.xcreds.F5B79C66-146F-4F8A-9237-CAF10606615C.11BE4B70-7A81-4351-A799-6B6BCBCF0900 PayloadOrganization PayloadType com.twocanoes.xcreds PayloadUUID 11BE4B70-7A81-4351-A799-6B6BCBCF0900 PayloadVersion 1 clientID 0oae3u4ktuUuqSAcJ5d7 0oae3u4ktuUuqSAcJ5d7 discoveryURL https://twocanoes.okta.com/.well-known/openid-configuration redirectURI https://127.0.0.1/xcreds scopes profile openid email offline_access shouldUseROPGForPasswordChangeChecking PayloadDescription azure xcreds PayloadDisplayName azure xcreds PayloadIdentifier com.github.erikberglund.ProfileCreatorAF7B74FE-BF9D-4789-9E78-519C49324120 PayloadOrganization twocanoes PayloadScope System PayloadType Configuration PayloadUUID 7620DBF9-295B-4DFF-B0AE-0629207ECF5A PayloadVersion 1 ================================================ FILE: Sample Profile/xcreds_example_okta_ropg.mobileconfig ================================================ PayloadContent PayloadDescription Configures XCreds configuration preferences PayloadDisplayName XCreds PayloadIdentifier com.github.erikberglund.ProfileCreator.47F59CD0-E476-4016-A8C6-82837B61C7CE.com.twocanoes.xcreds.F5B79C66-146F-4F8A-9237-CAF10606615C.11BE4B70-7A81-4351-A799-6B6BCBCF0900 PayloadOrganization PayloadType com.twocanoes.xcreds PayloadUUID 11BE4B70-7A81-4351-A799-6B6BCBCF0900 PayloadVersion 1 clientID 0oae3u4ktuUuqSAcJ5d7 discoveryURL https://twocanoes.okta.com/.well-known/openid-configuration redirectURI https://127.0.0.1/xcreds aliasName preferred_username scopes profile openid email offline_access shouldUseROPGForPasswordChangeChecking shouldShowMacLoginButton shouldAllowKeyComboForMacLoginWindow shouldPromptForMigration PayloadDescription okta xcreds PayloadDisplayName okta xcreds PayloadIdentifier com.github.erikberglund.ProfileCreatorAF7B74FE-BF9D-4789-9E78-519C49324120 PayloadOrganization twocanoes PayloadScope System PayloadType Configuration PayloadUUID 7620DBF9-295B-4DFF-B0AE-0629207ECF5A PayloadVersion 1 ================================================ FILE: Sample Profile/xcreds_example_okta_ropg_menu_item.mobileconfig ================================================ PayloadContent PayloadDescription Configures XCreds configuration preferences PayloadDisplayName XCreds PayloadIdentifier com.github.erikberglund.ProfileCreator.47F59CD0-E476-4016-A8C6-82837B61C7CE.com.twocanoes.xcreds.F5B79C66-146F-4F8A-9237-CAF10606615C.11BE4B70-7A81-4351-A799-6B6BCBCF0900 PayloadOrganization PayloadType com.twocanoes.xcreds PayloadUUID 11BE4B70-7A81-4351-A799-6B6BCBCF0900 PayloadVersion 1 clientID 0oae3u4ktuUuqSAcJ5d7 discoveryURL https://twocanoes.okta.com/.well-known/openid-configuration redirectURI https://127.0.0.1/xcreds aliasName preferred_username scopes profile openid email offline_access shouldUseBasicAuthWithROPG shouldUseROPGForPasswordChangeChecking ropgResponseValue {"error":"invalid_grant","error_description":"Resource owner password credentials cannot be used with MFA enabled."} shouldShowMacLoginButton shouldAllowKeyComboForMacLoginWindow shouldPromptForMigration PayloadDescription okta xcreds PayloadDisplayName okta xcreds PayloadIdentifier com.github.erikberglund.ProfileCreatorAF7B74FE-BF9D-4789-9E78-519C49324120 PayloadOrganization twocanoes PayloadScope System PayloadType Configuration PayloadUUID 7620DBF9-295B-4DFF-B0AE-0629207ECF5A PayloadVersion 1 ================================================ FILE: Sample Profile/xcreds_profile_rfid.configprofile ================================================ PayloadContent PayloadDescription Configures XCreds Card configuration preferences PayloadDisplayName XCreds Card Configuration PayloadIdentifier com.github.erikberglund.ProfileCreator.47F59CD0-E476-4016-A8C6-82837B61C7CE.com.twocanoes.taplogin.F5B79C66-146F-4F8A-9237-CAF10606615C.11BE4B70-7A81-4351-A799-6B6BCBCF0900.C499E48D-61A5-4463-BB5A-FFFB14936411.0C06D77A-983C-43D4-939E-AA6AF0AF9AFA PayloadOrganization PayloadType com.twocanoes.xcreds PayloadUUID 0C06D77A-983C-43D4-939E-AA6AF0AF9AFA PayloadVersion 1 shouldShowConfigureWifiButton shouldSuppressLocalPasswordPrompt shouldShowMacLoginButton showDebug ccidSlotName Feitian R502 Contactless Reader shouldSwitchToLoginWindowWhenLocked PayloadDescription Tap PayloadDisplayName XCreds Card Configuration PayloadIdentifier com.twocanoes.t0C865A8B-0494-42F7-9108-1AAFC2C85B72 PayloadOrganization twocanoes PayloadScope System PayloadType Configuration PayloadUUID 56A788D5-4AFE-48CD-81D0-7F455F2DD5E5 PayloadVersion 1 ================================================ FILE: SessionManager.swift ================================================ // // SessionManager.swift // NoMAD-ADAuth // // Created by Joel Rennich on 11/10/17. // Copyright © 2018 Orchard & Grove Inc. All rights reserved. // import Foundation //import NoMADPRIVATE // what we're keeping track of for every user @available(macOS, deprecated: 11) public struct NoMADSessionUserObject { var userPrincipal: String var session: NoMADSession var aging: Bool var expiration: Date? var daysToGo: Int? var userInfo: ADUserRecord? } // class to keep track and manage multiple AD sessions simultaneously @available(macOS, deprecated: 11) public class SessionManager: NoMADUserSessionDelegate { /// The default instance of `SessionManager` to be used. public static let shared = SessionManager() public var sessions = [String : NoMADSessionUserObject]() let dateFormatter = DateFormatter() let myWorkQueue = DispatchQueue(label: "menu.nomad.NoMADADAuth.sessionmanager.background_work_queue", attributes: []) init() { // a bit more setup dateFormatter.dateStyle = .medium dateFormatter.timeStyle = .short // get all of the current principals with tickets self.getList() } // udpate the list public func update(user : String) { if sessions[user] == nil { // We don't know about this user yet return } sessions[user]?.session.delegate = self let _ = sessions[user]?.session.getUserInformation() } // updates all known users public func updateAll() { if sessions.count < 1 { // no sessions so return return } for session in sessions { session.value.session.delegate = self let _ = session.value.session.getUserInformation() } } // gets new list of users public func getList() { klistUtil.klist() let principals = klistUtil.returnPrincipals() if principals.count > 0 { for user in principals { if sessions[user] == nil { // add the account let userSession = NoMADSession.init(domain: user.components(separatedBy: "@").last?.lowercased() ?? "", user: user, type: .AD) myWorkQueue.async { userSession.delegate = self userSession.userInfo() } sessions[user] = NoMADSessionUserObject.init(userPrincipal: user, session: userSession, aging: false, expiration: nil, daysToGo: nil, userInfo: nil) } } } } // manually adds a user with a session public func createEntry(user : String, session : NoMADSession, update: Bool=true) { sessions[user] = NoMADSessionUserObject.init(userPrincipal: user, session: session, aging: false, expiration: nil, daysToGo: nil, userInfo: nil) if update { // update the information session.delegate = self let _ = session.getUserInformation() } } // update a NoMADSessionUserObject object public func updateUser(user : String) { } // Add a new session to the list // PRAGMA: Auth callbacks public func NoMADAuthenticationSucceeded() { // we'll never auth here } public func NoMADAuthenticationFailed(error: NoMADSessionError, description: String) { // we'll never auth here } public func NoMADUserInformation(user: ADUserRecord) { // we shouldn't not already know about this user, but we'll double check if sessions[user.userPrincipal] == nil { return } if user.passwordExpire != nil && user.passwordAging! { sessions[user.userPrincipal]?.daysToGo = Int((user.passwordExpire?.timeIntervalSince(Date()))!)/86400 sessions[user.userPrincipal]?.expiration = user.passwordExpire sessions[user.userPrincipal]?.aging = true } else { sessions[user.userPrincipal]?.aging = false } } } ================================================ FILE: ShareMounter.swift ================================================ // // ShareMounter.swift // NoMAD // // Created by Joel on 8/29/16. // Copyright © 2016 Orchard & Grove Inc. All rights reserved. // // mad props to Kyle Crawshaw // since much of this is cribbed from Share Mounter // // ShareMounter.swift // ShareMounterCLI // // Created by Joel Rennich on 7/10/19. // Copyright © 2019 Joel Rennich. All rights reserved. // import Foundation import Cocoa import NetFS enum ShareKeys { static let homeMount = "HomeMountEnabled" static let mount = "Mount" static let shares = "Shares" // static let groups = "Groups" static let connectedOnly = "ConnectedOnly" static let options = "Options" static let name = "Name" static let autoMount = "AutoMount" static let localMount = "LocalMount" static let url = "URL" static let userShares = "UserShares" static let finderMount = "FinderMount" static let slowMount = "SlowMount" static let slowMountDelay = "SlowMountDelay" static let ignoreShareNames = "IgnoreShareNames" } enum mountStatus { case unmounted, toBeMounted, notInGroup, mounting, mounted, errorOnMount } struct share_info { var groups: [String] var originalURL: String var url: URL var name: String var options: [String] var connectedOnly: Bool var mountStatus: mountStatus? var localMount: String? var autoMount: Bool var reqID: AsyncRequestID? var attemptDate: Date? var localMountPoints: String? var isHome=false } struct mounting_shares_info { var share_url: URL var reqID: AsyncRequestID? var mount_time: Date } @available(macOS, deprecated: 11) class ShareMounter { let defaults = UserDefaults.standard let fm = FileManager.default let ws = NSWorkspace.shared let sharePrefs = UserDefaults.standard var mountedShares = [URL]() var mountedOriginalShares = [String]() var mountedSharePaths = [URL:String]() var all_shares = [share_info]() var resolvedShares = [URL:String]() var now = Date() var tickets = false var userPrincipal = "" var connectedState = false var adUserRecord:ADUserRecord? let openOptionsDict : [String : Any] = [ kNAUIOptionKey : kNAUIOptionNoUI, kNetFSUseGuestKey : false, kNetFSForceNewSessionKey : false, kNetFSUseAuthenticationInfoKey : true ] let mountOptionsDict : [String : Any] = [ kNetFSSoftMountKey : true ] func getMounts() { var tempShares = [share_info]() guard let groups = adUserRecord?.groups else { return } if sharePrefs.bool(forKey: ShareKeys.homeMount)==true{ TCSLogWithMark("Evaluating home share for automounts.") if let homePathRaw = adUserRecord?.homeDirectory { if var homePath = URL(string: "smb:" + homePathRaw) { if defaults.bool(forKey: PrefKeys.homeAppendDomain.rawValue) { if let domain = defaults.string(forKey: PrefKeys.aDDomain.rawValue), let host = homePath.host { var newHome = "smb://" + host + "." + domain newHome += homePath.path if let url = URL(string: newHome){ homePath = url } } } let homeShareGroups = sharePrefs.value(forKey: "HomeMountGroups") as? [String] ?? [] let homeShareOptions = sharePrefs.value(forKey: "HomeMountOptions") as? [String] ?? [] var currentShare = share_info(groups: homeShareGroups, originalURL: homePathRaw, url: homePath, name: defaults.string(forKey: PrefKeys.menuHomeDirectory.rawValue) ?? "Network Home", options: homeShareOptions, connectedOnly: true, mountStatus: .unmounted, localMount: nil, autoMount: true, reqID: nil, attemptDate: nil, localMountPoints: nil, isHome:true) for share in all_shares { if share.originalURL == currentShare.originalURL && (mountedOriginalShares.contains(share.originalURL) || share.mountStatus == .mounting) { // share is still mounting, so copy the share if CommandLine.arguments.contains("-shares") { print("Share is still mounting, using existing information") print(share) } currentShare = share } } tempShares.append(currentShare) resolvedShares[currentShare.url] = homePathRaw } } else { TCSLogWithMark("Unable to get home share from preferences.") } } else { TCSLogWithMark("No home mount dictionary") } TCSLogWithMark("evaluating Shares") if let mountsRaw = sharePrefs.array(forKey: ShareKeys.shares) { if mountsRaw.count == 0 { TCSLogWithMark("Mounts Empty") return } for mount in mountsRaw { guard mount is Dictionary else { continue } let mountDict = mount as? [String:AnyObject] ?? [:] let shareGroups = mountDict["Groups"] as? [String] ?? [] let shareLocalMount = mountDict["LocalMount"] as? String ?? "" let shareOptions = mountDict["Options"] as? [String] ?? [] let shareConnectedOnly = mountDict["ConnectedOnly"] as? Bool ?? true if let shareName = mountDict["Name"] as? String, let shareURL = mountDict["URL"] as? String, let shareAutoMount = mountDict["AutoMount"] as? Bool, let urlRaw = subVariables(shareURL) { TCSLogWithMark("checking group membership for mounts") let groupsArray = groups if Set(groupsArray).intersection(Set(shareGroups)).count < 1 && shareGroups.count > 0 { TCSLogWithMark("Not in the right group") continue } guard let url = URL(string: urlRaw) else { continue } var currentShare = share_info(groups: shareGroups, originalURL: shareURL, url: url, name: shareName, options: shareOptions, connectedOnly: shareConnectedOnly, mountStatus: .unmounted, localMount: shareLocalMount, autoMount: shareAutoMount, reqID: nil, attemptDate: nil, localMountPoints: nil) if CommandLine.arguments.contains("-shares") { print("Evaluating share: \(currentShare.originalURL)") } for share in all_shares { if share.originalURL == currentShare.originalURL && (mountedOriginalShares.contains(share.originalURL) || share.mountStatus == .mounting) { // share is still mounting, so copy the share if CommandLine.arguments.contains("-shares") { print("Share is still mounting, using existing information") print(share) } currentShare = share } else { if CommandLine.arguments.contains("-shares") { print("Share: \(share.originalURL) doesn't match current share being evaluated: \(currentShare.originalURL), skipping ") } } } tempShares.append(currentShare) resolvedShares[currentShare.url] = shareURL } } } else { TCSLogWithMark("No mount dictionary") } if CommandLine.arguments.contains("-shares") { print("***all_shares***") print(all_shares) } // do this atomically since other serivces depend on this list all_shares = tempShares } func getMountedShares() { // zero out the currently mounted shares mountedShares.removeAll() mountedSharePaths.removeAll() mountedOriginalShares.removeAll() guard let myShares = fm.mountedVolumeURLs(includingResourceValuesForKeys: nil, options: FileManager.VolumeEnumerationOptions(rawValue: 0)) else { return } TCSLogWithMark("Currently mounted shares: \n" + String(describing: myShares)) // we hardcode .timemachine in here b/c that will always fail on the getFileSystemInfo call var ignoreShares = [".timemachine", "/private/", "System/Volumes"] if let ignoreShareNamesTemp = sharePrefs.array(forKey: ShareKeys.ignoreShareNames) as? [String] { ignoreShares.append(contentsOf: ignoreShareNamesTemp) } for share in myShares { var myDes: NSString? = nil var myType: NSString? = nil // need to watch out for funky VM and TimeMachine shares if ignoreShare(ignoreList: ignoreShares, share: share) { continue } guard ws.getFileSystemInfo(forPath: share.path, isRemovable: nil, isWritable: nil, isUnmountable: nil, description: &myDes, type: &myType) else { TCSLogWithMark("Get File info failed. Probably a synthetic Shared Folder.") // skip this share and move on to the next continue } guard let shareType = myType as String? else { continue } switch shareType { case "smbfs", "afpfs", "nfsfs", "webdavfs" : TCSLogWithMark("Volume: " + share.path + ", is a \(shareType.uppercased()) network volume.") guard let shareURL = getURL(share: share) else { continue } mountedShares.append(shareURL) mountedSharePaths[shareURL] = share.path mountedOriginalShares.append(resolvedShares[shareURL] ?? "NONE") default : // not a remote share TCSLogWithMark("Volume: " + share.path + ", is not a network volume.") } } TCSLogWithMark("Mounted shares: " + String(describing: mountedShares) ) } func mountShares() { if all_shares.count == 0 { TCSLogWithMark("No shares to mount") return } for index in 0...(all_shares.count - 1) { if sharePrefs.bool(forKey: ShareKeys.homeMount)==false && all_shares[index].isHome==true { continue } TCSLogWithMark("Evaluating mount: " + all_shares[index].name) // TODO: ensure the URL is reachable before attempting to mount // loop through all the reasons to not mount this share if all_shares[index].mountStatus == .mounted || mountedShares.contains(all_shares[index].url) { // already mounted if mountedShares.contains(all_shares[index].url) { all_shares[index].mountStatus = .mounted } TCSLogWithMark("Skipping mount because it's already mounted.") continue } else if mountedOriginalShares.contains(all_shares[index].originalURL) { all_shares[index].mountStatus = .mounted TCSLogWithMark("Skipping mount because share is still mounted from a previous variable substitution.") continue } else if all_shares[index].mountStatus == .mounting { TCSLogWithMark("Skipping mount because share is still in the process of being mounted - kick back on a natural for a bit.") if let mountInterval = (all_shares[index].attemptDate?.timeIntervalSinceNow) { if abs(mountInterval) > 5 * 60 { all_shares[index].mountStatus = .toBeMounted } } continue } else { all_shares[index].mountStatus = .unmounted } if !all_shares[index].autoMount { // not to be automounted TCSLogWithMark("Skipping mount because it's not set to Automount.") continue } if all_shares[index].connectedOnly && !connectedState { // not connected TCSLogWithMark("Skipping mount because we're not connected.") continue } if !tickets { // skipping b/c we don't have kerb tickets TCSLogWithMark("Skipping mount because we don't have tickets") continue } if (all_shares[index].mountStatus != .errorOnMount) && (all_shares[index].mountStatus != .mounting) { let openOptions = openOptionsDict var mountOptions = mountOptionsDict if all_shares[index].options.count > 0 { let mountFlagValue = parseOptions(options: all_shares[index].options) TCSLogWithMark("Mount options: (mountFlagValue)") mountOptions[kNetFSMountFlagsKey] = mountFlagValue } var requestID: AsyncRequestID? let queue = DispatchQueue.main TCSLogWithMark("Attempting to mount: " + all_shares[index].url.absoluteString) if sharePrefs.bool(forKey: ShareKeys.slowMount) { let delay: useconds_t delay = useconds_t(1000 * (sharePrefs.integer(forKey: ShareKeys.slowMountDelay))) usleep(delay) TCSLogWithMark("Delaying next Mount by " + String(delay/1000) + " milliseconds since SlowMount is set.") } if sharePrefs.bool(forKey: ShareKeys.finderMount) { TCSLogWithMark("Mounting share via Finder") _ = cliTask("/usr/bin/open \(all_shares[index].url.absoluteString)") all_shares[index].mountStatus = .mounted all_shares[index].reqID = nil all_shares[index].attemptDate = Date() // going for next share continue } _ = NetFSMountURLAsync(all_shares[index].url as CFURL?, nil, userPrincipal as CFString?, nil, (openOptions as! CFMutableDictionary), (mountOptions as! CFMutableDictionary), &requestID, queue) {(stat: Int32, requestID: AsyncRequestID?, mountpoints: CFArray?) -> Void in TCSLogWithMark("Request ID: \(requestID!)") for index in 0...(self.all_shares.count - 1) { if self.all_shares[index].reqID == requestID { if stat == 0 { TCSLogWithMark("Mounted share: " + self.all_shares[index].name) self.all_shares[index].mountStatus = .mounted self.all_shares[index].reqID = nil let mounts = mountpoints as! Array self.all_shares[index].localMountPoints = mounts[0] } else { TCSLogWithMark("Error on mounting share: " + self.all_shares[index].name) self.all_shares[index].mountStatus = .errorOnMount self.all_shares[index].reqID = nil } } } //NotificationCenter.default.post(name: NSNotification.Name(rawValue: "menu.nomad.NoMAD.updateNow"), object: self) // self.mountShares() } all_shares[index].mountStatus = .mounting all_shares[index].reqID = requestID all_shares[index].attemptDate = Date() } else { // clean up any errored mounts let mountInterval = (all_shares[index].attemptDate?.timeIntervalSinceNow)! if abs(mountInterval) > 5 * 60 { all_shares[index].mountStatus = .toBeMounted } } } } func syncMountShare(_ serverAddress: URL, options: [String], open: Bool=false) { let openOptions = openOptionsDict var mountOptions = mountOptionsDict if options.count > 0 { let mountFlagValue = parseOptions(options: options) TCSLogWithMark("Mount options: (mountFlagValue)") mountOptions[kNetFSMountFlagsKey] = mountFlagValue } var mountArray: Unmanaged? = nil let myResult = NetFSMountURLSync(serverAddress as CFURL?, nil, nil, nil, (openOptions as! CFMutableDictionary), (mountOptions as! CFMutableDictionary), &mountArray) TCSLogWithMark(myResult.description) if let mountPoint = mountArray!.takeRetainedValue() as? [String] { if myResult == 0 && open { NSWorkspace.shared.open(URL(fileURLWithPath: mountPoint[0], isDirectory: true)) } } } func asyncMountShare(_ serverAddress: URL, options: [String], open: Bool=false) { let openOptions = openOptionsDict var mountOptions = mountOptionsDict if options.count > 0 { let mountFlagValue = parseOptions(options: options) TCSLogWithMark("Mount options: (mountFlagValue)") mountOptions[kNetFSMountFlagsKey] = mountFlagValue } var requestID: AsyncRequestID? = nil let queue = DispatchQueue.main TCSLogWithMark("Attempting to mount: " + String(describing: serverAddress)) let _ = NetFSMountURLAsync(serverAddress as CFURL?, nil, userPrincipal as CFString?, nil, (openOptions as! CFMutableDictionary), (mountOptions as! CFMutableDictionary), &requestID, queue) {(stat:Int32, requestID:AsyncRequestID?, mountpoints:CFArray?) -> Void in if stat == 0 { TCSLogWithMark("Mounted share: " + String(describing: serverAddress)) if let mountPoint = (mountpoints! as! [String]).first { NSWorkspace.shared.open(URL(fileURLWithPath: mountPoint, isDirectory: true)) } } else { TCSLogWithMark("Error mounting share: " + String(describing: serverAddress)) } } } ///MARK: Helper functions private func getURL(share: URL) -> URL? { let shareURLUnmanaged = NetFSCopyURLForRemountingVolume(share as CFURL) guard let myShare = shareURLUnmanaged else { return nil } let shareURL = myShare.takeUnretainedValue() as URL return URL(string: (shareURL.scheme! + "://" + shareURL.host! + shareURL.path.safeURLPath()!))! } @available(macOS, deprecated: 11) fileprivate func subVariables(_ url: String) -> String? { // TODO: get e-mail address as a variable var createdURL = url guard let domain = adUserRecord?.domain, let fullName = adUserRecord?.fullName.safeURLPath(), let serial = getSerial().safeURLPath(), let shortName = adUserRecord?.shortName else { return nil } // filter out any blank spaces too createdURL = createdURL.replacingOccurrences(of: " ", with: "%20") createdURL = createdURL.replacingOccurrences(of: "<>", with: domain) createdURL = createdURL.replacingOccurrences(of: "<>", with: fullName) createdURL = createdURL.replacingOccurrences(of: "<>", with: serial) createdURL = createdURL.replacingOccurrences(of: "<>", with: shortName) let currentDC = defaults.string(forKey: PrefKeys.aDDomainController.rawValue) ?? "NONE" createdURL = createdURL.replacingOccurrences(of: "<>", with: currentDC) return createdURL } fileprivate func parseOptions(options: [String] ) -> Int { var mountFlagValue = 0 for option in options { switch option { case "MNT_RDONLY" : mountFlagValue += 0x00000001 case "MNT_SYNCHRONOUS" : mountFlagValue += 0x00000002 case "MNT_NOEXEC" : mountFlagValue += 0x00000004 case "MNT_NOSUID" : mountFlagValue += 0x00000008 case "MNT_NODEV" : mountFlagValue += 0x00000010 case "MNT_UNION" : mountFlagValue += 0x00000020 case "MNT_ASYNC" : mountFlagValue += 0x00000040 case "MNT_CPROTECT" : mountFlagValue += 0x00000080 case "MNT_EXPORTED" : mountFlagValue += 0x00000100 case "MNT_QUARANTINE" : mountFlagValue += 0x00000400 case "MNT_LOCAL" : mountFlagValue += 0x00001000 case "MNT_QUOTA" : mountFlagValue += 0x00002000 case "MNT_ROOTFS" : mountFlagValue += 0x00004000 case "MNT_DOVOLFS" : mountFlagValue += 0x00008000 case "MNT_DONTBROWSE" : mountFlagValue += 0x00100000 case "MNT_IGNORE_OWNERSHIP" : mountFlagValue += 0x00200000 case "MNT_AUTOMOUNTED" : mountFlagValue += 0x00400000 case "MNT_JOURNALED" : mountFlagValue += 0x00800000 case "MNT_NOUSERXATTR" : mountFlagValue += 0x01000000 case "MNT_DEFWRITE" : mountFlagValue += 0x02000000 case "MNT_MULTILABEL" : mountFlagValue += 0x04000000 case "MNT_NOATIME" : mountFlagValue += 0x10000000 default : mountFlagValue += 0 } } return mountFlagValue } fileprivate func ignoreShare(ignoreList: [String], share: URL) -> Bool { for ignoreName in ignoreList { if share.path.containsIgnoringCase(ignoreName) { myLogger.logit(.info, message: "Ignoring share: \(share.path) because of share name") return true } } return false } } ================================================ FILE: ShareMounterMenu.swift ================================================ // // ShareMounterMenu.swift // NoMAD // // Created by Joel Rennich on 8/12/17. // Copyright © 2017 Orchard & Grove Inc. All rights reserved. // import Foundation @available(macOS, deprecated: 11) let shareMounterMenu = ShareMounterMenu() let shareMounterQueue = DispatchQueue(label: "menu.nomad.NoMAD.shareMounting", attributes: []) // class to build the share mount menu and accept clicks @available(macOS, deprecated: 11) @objc class ShareMounterMenu: NSObject { let defaults = UserDefaults.standard var shareMounter:ShareMounter? @objc var worksWhenModal = true @objc let myShareMenu = NSMenu() var sharePrefs = UserDefaults.standard @objc func updateShares(connected: Bool=false, tickets: Bool=false) { guard let kerbUser = PasswordUtils().kerberosPrincipalFromCurrentLoggedInUser() else { return } shareMounterQueue.sync(execute: { self.shareMounter?.connectedState = connected self.shareMounter?.tickets = tickets self.shareMounter?.userPrincipal = kerbUser self.shareMounter?.getMountedShares() self.shareMounter?.getMounts() self.shareMounter?.mountShares() }) } @objc func buildMenu(connected: Bool=false) -> NSMenu { guard let shareMounter = shareMounter else { return NSMenu() } klistUtil.klist() if shareMounter.all_shares.count > 0 { // Menu Items and Menu myShareMenu.removeAllItems() if CommandLine.arguments.contains("-shares") { print("***Building Share Menu***") print(shareMounter.all_shares) } for share in shareMounter.all_shares { let myItem = NSMenuItem() myItem.title = share.name myItem.target = self if share.connectedOnly == true && connected == false { myItem.target = nil } myItem.action = #selector(openShareFromMenu(_:)) myItem.toolTip = String(describing: share.url) if share.mountStatus == .mounted { myItem.isEnabled = true myItem.state = NSControl.StateValue(rawValue: 1) } else if share.mountStatus == .mounting { myItem.isEnabled = false myItem.state = NSControl.StateValue(rawValue: 0) } else if share.mountStatus == .unmounted { myItem.isEnabled = true myItem.state = NSControl.StateValue(rawValue: 0) } else if share.mountStatus == .errorOnMount { myItem.isEnabled = false myItem.state = NSControl.StateValue(rawValue: 0) } myShareMenu.addItem(myItem) } } if CommandLine.arguments.contains("-shares") { print("***Share Menu***") print(myShareMenu) } return myShareMenu } @IBAction func openShareFromMenu(_ sender: AnyObject) { guard let shareMounter = shareMounter else { return } for share in shareMounter.all_shares { if share.name == sender.title { if share.mountStatus != .mounted { TCSLogWithMark("Mounting share: " + String(describing: share.url)) //myShareMounter.asyncMountShare(share.url, options: share.options, open: true) //_ = cliTask("open " + DFSResolver.checkAndReplace(url: share.url)) _ = cliTask("open " + share.url.absoluteString.safeURLPath()!) } else if share.mountStatus == .mounted { // open up the local shares // cliTask(“open ” + DFSResolver.checkAndReplace(url: share.url)) if share.localMountPoints != nil { NSWorkspace.shared.open(URL(fileURLWithPath: share.localMountPoints!, isDirectory: true)) } else { _ = cliTask("open " + share.url.absoluteString.safeURLPath()!) } } } } updateShares() } // utility functions @objc func sharesAvilable() -> Bool { if myShareMenu.items.count == 0 { return false } else { return true } } } ================================================ FILE: Shared/AuthRightsHelper.swift ================================================ // // AuthRIghtsHelper.swift // XCreds // // Created by Timothy Perfitt on 5/31/23. // import Foundation class AuthRightsHelper: NSObject { static let rightsArray = [ ["builtin:policy-banner":"XCredsLoginPlugin:UserSetup,privileged"], ["XCredsLoginPlugin:LoginWindow":"XCredsLoginPlugin:PowerControl,privileged"], ["loginwindow:done":"XCredsLoginPlugin:KeychainAdd,privileged"], ["builtin:login-begin":"XCredsLoginPlugin:CreateUser,privileged"], ["loginwindow:done":"XCredsLoginPlugin:EnableFDE,privileged"], ["loginwindow:done":"XCredsLoginPlugin:LoginDone"] ] static func resetRights() ->Bool { TCSLogWithMark("resetting rights") if AuthorizationDBManager.shared.rightExists(right:"XCredsLoginPlugin:LoginWindow")==true { TCSLogWithMark("replacing XCredsLoginPlugin:LoginWindow with loginwindow:login") if AuthorizationDBManager.shared.replace(right: "XCredsLoginPlugin:LoginWindow", withNewRight: "loginwindow:login") == false { TCSLogErrorWithMark("Error removing XCredsLoginPlugin:LoginWindow. bailing") return false } } else if AuthorizationDBManager.shared.rightExists(right: "loginwindow:login")==false { TCSLogErrorWithMark("There was no XCredsLoginPlugin:LoginWindow and no loginwindow:login. Please remove /var/db/auth.db and reboot") return false } for authRight in AuthorizationDBManager.shared.consoleRights() { if authRight.hasPrefix("XCredsLoginPlugin") { TCSLogWithMark("Removing \(authRight)") if AuthorizationDBManager.shared.remove(right: authRight) == false { TCSLogErrorWithMark("Error removing \(authRight)") } } } return true } static func verifyRights() -> Bool { var foundRights=0 for right in rightsArray { if AuthorizationDBManager.shared.rightExists(right: right.values.first!)==true { foundRights = foundRights + 1 } } if foundRights == 0 && AuthorizationDBManager.shared.rightExists(right: "loginwindow:login")==true { // TCSLogWithMark("no xcreds rights but loginwindow:login exists, so we are good") return true } else if foundRights == rightsArray.count && AuthorizationDBManager.shared.rightExists(right: "loginwindow:login")==false{ // TCSLogWithMark("all xcreds found and no loginwindow:login") return true } TCSLogWithMark("verified rights failed.") return false } static func addRights() ->Bool { TCSLogWithMark("Adding rights back in") if AuthorizationDBManager.shared.replace(right: "loginwindow:login", withNewRight: "XCredsLoginPlugin:LoginWindow")==false { TCSLogWithMark("error adding loginwindow:login after XCredsLoginPlugin:LoginWindow. bailing since this shouldn't happen") return false } for right in rightsArray { if AuthorizationDBManager.shared.rightExists(right: right.keys.first!){ if AuthorizationDBManager.shared.rightExists(right:right.values.first!) == false { if AuthorizationDBManager.shared.insertRight(newRight: right.values.first!, afterRight: right.keys.first!) { TCSLogWithMark("adding \(right.values.first!) after \(right.keys.first!)") } else { TCSLogWithMark("right \(right.values.first!) already exists. Skipping") } } else { TCSLogErrorWithMark("\(right.keys.first!) does not exist. not inserting \(right.values.first!)") } } } return true } } ================================================ FILE: Shared/ManagedPreferences.swift ================================================ // // ManagedPreferences.swift // XCreds // // Created by Timothy Perfitt on 7/2/22. // import Foundation class ManagedPreferences { static let shared = ManagedPreferences() init() { } ================================================ FILE: Shared/Tokens.swift ================================================ // // Tokens.swift // XCreds // // Created by Timothy Perfitt on 7/2/22. // import Foundation import OIDCLite struct Creds { var password:String? = "" public var accessToken: String? public var idToken: String? public var refreshToken: String? public var jsonDict: [String:Any]? init(password:String?, tokens:OIDCLite.TokenResponse) { self.accessToken=tokens.accessToken self.idToken=tokens.idToken self.refreshToken=tokens.refreshToken self.password=password self.jsonDict=tokens.jsonDict } init(accessToken:String?, idToken:String?,refreshToken:String?, password:String?,jsonDict:Dictionary ) { self.accessToken=accessToken self.idToken=idToken self.refreshToken=refreshToken self.password=password self.jsonDict=jsonDict } func hasTokens() -> Bool { return (self.accessToken != nil) && (self.idToken != nil) && (self.refreshToken != nil) } func hasAccessAndRefresh() -> Bool { return (self.accessToken != nil) && (self.refreshToken != nil) } func hasAccess() -> Bool { return (self.accessToken != nil) } } ================================================ FILE: Shared/XCredsAudit.swift ================================================ // // Audit.swift // XCreds // // Created by Timothy Perfitt on 1/20/25. // import Foundation @available(macOS, deprecated: 11) class XCredsAudit { struct AuditRecord:Codable { var lastSuccessfulLoginDate:Date? var lastSuccessfulLoginUser:String? var username:String? var identityToken:String? var identityTokenUpdateDate:Date? var refreshTokenUpdateDate:Date? var refreshTokenUpdateSuccess:Bool? var tokenLastUpdatedDate:Date? var lastError:String? var lastErrorDate:Date? } var configFileURL:URL init() { let applicationSupportPath = NSSearchPathForDirectoriesInDomains(.applicationSupportDirectory, .localDomainMask, true) let loginWindowConfigFilePath = ((applicationSupportPath[0] as NSString).appendingPathComponent("XCreds") as NSString).appendingPathComponent("xcredsaudit") if geteuid()==0 { configFileURL = URL(fileURLWithPath: loginWindowConfigFilePath) } else { let home = NSHomeDirectory() let userConfigFilePath = home + "/" + ".xcredsaudit" configFileURL = URL(fileURLWithPath: userConfigFilePath) } } internal func saveAuditRecord(_ auditRecord:AuditRecord){ let encoder = PropertyListEncoder() encoder.outputFormat = .xml do { let data = try encoder.encode(auditRecord) try data.write(to: configFileURL) } catch { TCSLogWithMark(error.localizedDescription) } } func tokensUpdated(idToken:String) { var auditRecord = AuditRecord() var decodedIdToken:String=idToken if let decodedTokenString = try? String(data: TokenManager().idTokenData(jwtString: idToken), encoding: .utf8) { decodedIdToken = decodedTokenString } auditRecord.identityToken = decodedIdToken auditRecord.identityTokenUpdateDate = Date() saveAuditRecord(auditRecord) } func refreshTokenUpdated(_ wasSuccessful:Bool) { var auditRecord = currentAuditRecord() auditRecord.refreshTokenUpdateSuccess = wasSuccessful auditRecord.refreshTokenUpdateDate = Date() saveAuditRecord(auditRecord) } internal func auditError(_ error:String) { var auditRecord = currentAuditRecord() auditRecord.lastError = error saveAuditRecord(auditRecord) } internal func loginWindowLogin(user:String){ var loginWindowAuditRecord = currentAuditRecord() loginWindowAuditRecord.lastSuccessfulLoginUser = user loginWindowAuditRecord.lastSuccessfulLoginDate = Date() saveAuditRecord(loginWindowAuditRecord) } internal func currentAuditRecord() -> AuditRecord { if FileManager.default.fileExists(atPath:configFileURL.path){ if let data = try? Data(contentsOf: configFileURL) { let decoder = PropertyListDecoder() if let auditRecord = try? decoder.decode(AuditRecord.self, from: data) { return auditRecord } } } return AuditRecord() } func auditRecord(path:String) -> AuditRecord? { if FileManager.default.fileExists(atPath:path){ if let data = try? Data(contentsOf: URL(filePath:path)) { let decoder = PropertyListDecoder() if let auditRecord = try? decoder.decode(AuditRecord.self, from: data) { return auditRecord } } } return AuditRecord() } func auditRecordDictionary(_ auditRecord:AuditRecord) -> [String:String]{ var returnDict:[String:String] = [:] if let lastSuccessfulLoginDate = auditRecord.lastSuccessfulLoginDate { returnDict["lastSuccessfulLoginDate"] = lastSuccessfulLoginDate.description } if let lastSuccessfulLoginUser = auditRecord.lastSuccessfulLoginUser { returnDict["lastSuccessfulLoginUser"] = lastSuccessfulLoginUser } if let username = auditRecord.username { returnDict["username"] = username } if let identityToken = auditRecord.identityToken { returnDict["identityToken"] = identityToken } if let identityTokenUpdateDate = auditRecord.identityTokenUpdateDate { returnDict["identityTokenUpdateDate"] = identityTokenUpdateDate.description } if let refreshTokenUpdateDate = auditRecord.refreshTokenUpdateDate { returnDict["refreshTokenUpdateDate"] = refreshTokenUpdateDate.description } if let refreshTokenUpdateSuccess = auditRecord.refreshTokenUpdateSuccess { returnDict["refreshTokenUpdateSuccess"] = refreshTokenUpdateSuccess==true ? "true":"false" } if let tokenLastUpdatedDate = auditRecord.tokenLastUpdatedDate { returnDict["tokenLastUpdatedDate"] = tokenLastUpdatedDate.description } if let lastError = auditRecord.lastError { returnDict["lastError"] = lastError } if let lastErrorDate = auditRecord.lastErrorDate { returnDict["lastErrorDate"] = lastErrorDate.description } return returnDict } } ================================================ FILE: SiteManager.swift ================================================ // // SiteManager.swift // NoMAD // // Created by Joel Rennich on 9/11/17. // Copyright © 2018 Orchard & Grove Inc. All rights reserved. // import Foundation import SystemConfiguration //import NoMADPRIVATE // singleton for the class let siteManager = SiteManager() var updatePending = false var updateTimer: Timer? = nil // simple class to use as a global site manager class SiteManager { // variables var sites = [String:[NoMADLDAPServer]]() // this seems silly to set a notification to notify internally to clearSites... but here goes let changed: SCDynamicStoreCallBack = { dynamicStore, _, _ in // TODO: throttle too many lookups too quickly print("Network change") let updateNotification = Notification(name: Notification.Name(rawValue: "menu.nomad.NoMAD-ADAuth.updateNow")) NotificationQueue.default.enqueue(updateNotification, postingStyle: .now) } func checkNetwork() { var dynamicContext = SCDynamicStoreContext(version: 0, info: nil, retain: nil, release: nil, copyDescription: nil) let dcAddress = withUnsafeMutablePointer(to: &dynamicContext, {UnsafeMutablePointer($0)}) if let dynamicStore = SCDynamicStoreCreate(kCFAllocatorDefault, "menu.nomad.NoMAD.networknotification" as CFString, changed, dcAddress) { let keysArray = ["State:/Network/Global/IPv4" as CFString, "State:/Network/Global/IPv6"] as CFArray SCDynamicStoreSetNotificationKeys(dynamicStore, nil, keysArray) let loop = SCDynamicStoreCreateRunLoopSource(kCFAllocatorDefault, dynamicStore, 0) CFRunLoopAddSource(CFRunLoopGetCurrent(), loop, .defaultMode) } // register for notifications NotificationCenter.default.addObserver(self, selector: #selector(clearSites), name: NSNotification.Name(rawValue: "menu.nomad.NoMAD-ADAuth.updateNow"), object: nil) } @objc func clearSites() { // removes all sites sites.removeAll() } // listen for network changes } ================================================ FILE: StateFileHelper.swift ================================================ // // RunFileHelper.swift // XCreds // // Created by Timothy Perfitt on 11/27/24. // import Foundation class StateFileHelper { enum StateFileHelperError:Error { case FileCreationError } enum StateFileType { case returnType case delayType case fileVaultLogin } func paths(_ fileType:StateFileType) -> (folderPath:String, filePath:String){ var folderPath="" var filePath="" switch fileType { case .returnType: folderPath = "/usr/local/var/" filePath = "xcreds_return" case .delayType: folderPath = "/usr/local/var/" filePath = "xcreds_delay" case .fileVaultLogin: folderPath = "/Library/Application Support/XCreds/statefile/" filePath = "xcreds_filevaultlogin" } return (folderPath, filePath) } func createFile(_ fileType:StateFileType) throws { TCSLogWithMark() let (folderPath, filePath) = paths(fileType) var attributes = [FileAttributeKey : Any]() attributes[.posixPermissions] = 0o770 attributes[.ownerAccountID] = 92 attributes[.groupOwnerAccountID] = 0 if FileManager.default.fileExists(atPath: folderPath)==false { try FileManager.default.createDirectory(atPath: folderPath, withIntermediateDirectories: true, attributes:attributes) } attributes[.posixPermissions] = 0o660 if FileManager.default.createFile(atPath: folderPath+filePath, contents: nil, attributes: attributes)==false { throw StateFileHelperError.FileCreationError } } func fileExists(_ fileType:StateFileType) -> Bool { TCSLogWithMark() let (folderPath, filePath) = paths(fileType) let fullPath = folderPath + filePath return FileManager.default.fileExists(atPath: fullPath) } func removeFile(_ fileType:StateFileType) throws { TCSLogWithMark() let (folderPath, filePath) = paths(fileType) let fullPath = folderPath + filePath if FileManager.default.fileExists(atPath: fullPath){ return try FileManager.default.removeItem(atPath: fullPath) } } func killOrReboot(){ if UserDefaults.standard.bool(forKey:PrefKeys.shouldUseKillWhenLoginWindowSwitching.rawValue)==true{ TCSLogWithMark("killing loginwindow") do { try createFile(.delayType) } catch { TCSLog("could not create delay file") } let _ = cliTask("/usr/bin/killall loginwindow") } else { TCSLogWithMark("Reboot") let _ = cliTask("/sbin/reboot") } } } ================================================ FILE: StatusMenuWindowController.swift ================================================ // // StatusMenuWindowController.swift // XCreds // // Created by Timothy Perfitt on 12/8/23. // import Cocoa class StatusMenuWindowController: NSWindowController { override func windowDidLoad() { super.windowDidLoad() // Implement this method to handle any initialization after your window controller's window has been loaded from its nib file. } } ================================================ FILE: StatusMenuWindowController.xib ================================================ ================================================ FILE: TCSTKSmartCard.h ================================================ // // TCSTKSmartCard.h // Smart Card Utility // // Created by Timothy Perfitt on 11/2/25. // Copyright © 2025 Twocanoes Software. All rights reserved. // #import #import NS_ASSUME_NONNULL_BEGIN @interface TCSTKSmartCard : TKSmartCard @property (retain) TKSmartCard *tkSmartCard; - (instancetype)initFromTKSmartCard:(TKSmartCard *)smartcard ; - (nullable NSData *)sendIns:(UInt8)ins p1:(UInt8)p1 p2:(UInt8)p2 data:(nullable NSData *)requestData le:(nullable NSNumber *)le sw2:(UInt16 *)sw error:(NSError **)error; @end NS_ASSUME_NONNULL_END ================================================ FILE: TCSTKSmartCard.m ================================================ // // TCSTKSmartCard.m // Smart Card Utility // // Created by Timothy Perfitt on 11/2/25. // Copyright © 2025 Twocanoes Software. All rights reserved. // #import "TCSTKSmartCard.h" #import NS_ASSUME_NONNULL_BEGIN @implementation TCSTKSmartCard - (instancetype)initFromTKSmartCard:(TKSmartCard *)smartcard { self = [super init]; if (self) { self.tkSmartCard=smartcard; } return self; } - (nullable NSData *)sendIns:(UInt8)ins p1:(UInt8)p1 p2:(UInt8)p2 data:(nullable NSData *)requestData le:(nullable NSNumber *)le sw2:(UInt16 *)sw error:(NSError **)error{ NSData * res = [self.tkSmartCard sendIns:ins p1:p1 p2:p2 data:requestData le:le sw:sw error:error]; return res; } @end NS_ASSUME_NONNULL_END ================================================ FILE: TCTaskHelper.h ================================================ // // TCTaskHelper.h // // Created by Tim Perfitt on 2/20/17. // Copyright © 2017 Twocanoes Software, Inc. All rights reserved. // #import @interface TCTaskHelper : NSObject +(TCTaskHelper *)sharedTaskHelper; -(NSString *)runCommand:(NSString *)command withOptions:(NSArray *)inOptions; @end ================================================ FILE: UserRecord.swift ================================================ // // UserRecord.swift // nomad-ad // // Created by Joel Rennich on 9/9/17. // Copyright © 2018 Orchard & Grove Inc. All rights reserved. // import Foundation public protocol NoMADUserRecord { var firstName: String { get } var lastName: String { get } var fullName: String { get } var shortName: String { get } var upn: String { get } var email: String? { get } var groups: [String] { get } var homeDirectory: String? { get } var passwordSet: Date { get } var passwordExpire: Date? { get } var uacFlags: Int? { get } } public struct ADUserRecord: NoMADUserRecord, Equatable { public let type : LDAPType = .AD public var userPrincipal : String public var firstName: String public var lastName: String public var fullName: String public var shortName: String public var upn: String public var email: String? public var groups: [String] public var homeDirectory: String? public var passwordSet: Date public var passwordExpire: Date? public var uacFlags: Int? public var passwordAging: Bool? public var computedExireDate: Date? public var updatedLast: Date public var domain: String public var cn: String public var pso: String? public var passwordLength: Int? public var ntName: String public var customAttributes: [String:Any]? public var rawAttributes:[String:String]? public static func ==(lhs: ADUserRecord, rhs: ADUserRecord) -> Bool { return (lhs.firstName == rhs.firstName && lhs.lastName == rhs.lastName) } } ================================================ FILE: XCreds/AboutWindow.xib ================================================ ================================================ FILE: XCreds/AboutWindowController.swift ================================================ // // AboutWindowController.swift // xCreds // // Created by Timothy Perfitt on 4/5/22. // import Foundation import Cocoa class AboutWindowController: NSWindowController { @IBOutlet weak var aboutTextView:NSTextView! @objc override var windowNibName: NSNib.Name { return NSNib.Name("AboutWindow") } override func awakeFromNib() { let infoPlist = Bundle.main.infoDictionary if let infoPlist = infoPlist { let appVersion = Bundle.main.infoDictionary?["CFBundleShortVersionString"] as? String let build = infoPlist["CFBundleVersion"] as? String // let historyPath = Bundle.main.path(forResource: "History", ofType: "md") let creditsPath = Bundle.main.path(forResource: "Credits", ofType: "txt") if let creditsPath = creditsPath ,let creditsString = try? String(contentsOfFile: creditsPath, encoding: .utf8), let build = build, let appVersion = appVersion { aboutTextView.string="XCreds\nCopyright Twocanoes Software, Inc.\nVersion \(appVersion) (\(build))\n\n"+creditsString } } } } ================================================ FILE: XCreds/AppDelegate.swift ================================================ // // AppDelegate.swift // xCreds // // Created by Timothy Perfitt on 4/5/22. // import Cocoa import ArgumentParser import CryptoKit import CryptoTokenKit @main @available(macOS, deprecated: 11) struct xcreds:ParsableCommand { static var configuration = CommandConfiguration( abstract: "Command line interface for XCreds.", subcommands: [Status.self,ImportRFIDUsers.self, ShowTemplate.self,SetRFIDUser.self, ShowRFIDUser.self,ShowRFIDUsers.self, RemoveRFIDUser.self,SetAdminUser.self,ShowAdminUser.self, ClearAdminUser.self,ClearRFIDUsers.self, ListReaders.self,RFIDListener.self, RunApp.self], defaultSubcommand: RunApp.self) } @available(macOS, deprecated: 11) extension xcreds { struct Status:ParsableCommand { @Flag(help:"JSON output") var json:Bool = false static var configuration = CommandConfiguration(abstract: "Get status of XCreds") @Argument(parsing: .allUnrecognized) var other: [String] = [] func run() throws { TCSUnifiedLogger.shared().suppressDebug=true struct XCredsInfo:Codable { var consoleRights:[String]? var userInfo:[String:Dictionary]? var oidcUsers:[[String:String]]? var xcredsVersion:String="" var xcredsBuild:String="" var xcredLicenseStatus:String="" var xcredsLicenseDaysRemaining:String="" init() { let bundle = Bundle.findBundleWithName(name: "XCreds") if let bundle = bundle { let infoPlist = bundle.infoDictionary if let infoPlist = infoPlist, let buildFromInfoPlist = infoPlist["CFBundleVersion"] as? String, let versionFromInfoPlist = infoPlist["CFBundleShortVersionString"] as? String { xcredsBuild = buildFromInfoPlist xcredsVersion = versionFromInfoPlist } } let licenseState = LicenseChecker().currentLicenseState() switch licenseState { case .valid(let secRemaining): let daysRemaining = Int(secRemaining/(24*60*60)) xcredLicenseStatus="Valid" xcredsLicenseDaysRemaining=String(format:"%i",daysRemaining) case .invalid: xcredLicenseStatus="Invalid" case .trial(_): xcredLicenseStatus="Trial" case .trialExpired: xcredLicenseStatus="trialExpired" case .expired: xcredLicenseStatus="expired" } } } enum UserKeys:String { case realName="dsAttrTypeStandard:RealName" case homeDirectory="dsAttrTypeStandard:NFSHomeDirectory" case recordName="dsAttrTypeStandard:RecordName" case authenticationAuthority="dsAttrTypeStandard:AuthenticationAuthority" case oidcUsername="dsAttrTypeNative:_xcreds_oidc_username" case primaryGID="dsAttrTypeStandard:PrimaryGroupID" case shell="dsAttrTypeStandard:UserShell" case uid="dsAttrTypeStandard:UniqueID" } if geteuid() != 0 { print("This operation requires root. Please run with sudo.") NSApplication.shared.terminate(self) } var info = XCredsInfo() let rightsInfo = AuthorizationDBManager().consoleRights() var oidcUsers = [[String:String]]() var usersResult=[String:Dictionary]() info.consoleRights = rightsInfo if !json{ print("----- XCreds Info -----") print(" " + "XCreds Version:" + info.xcredsVersion) print(" " + "XCreds Build number:" + info.xcredsBuild) print(" " + "License Status:" + info.xcredLicenseStatus) if info.xcredLicenseStatus.isEmpty==false { print(" " + "Days Remaining:" + info.xcredsLicenseDaysRemaining) } print("----- Last User Info -----") if let loginWindowAuditRecord = XCredsAudit().auditRecord(path: "/var/db/securityagent/.xcredsaudit") { let auditDict = XCredsAudit().auditRecordDictionary(loginWindowAuditRecord) for (k,v) in auditDict{ if !json { print(" " + k + ": " + v) } } } print("----- CONSOLE RIGHTS -----") for thisRight in rightsInfo { print(" " + thisRight) } } do { let users = try PasswordUtils().getAllNonSystemUsers() var userDetailsInfo = [String:String]() if !json { print("----- OIDC User Info -----") } for user in users { let userDetails = try? user.recordDetails(forAttributes: nil) if let userDetails = userDetails { if let homeDirArray = userDetails["dsAttrTypeStandard:NFSHomeDirectory"] as? Array, homeDirArray.count>0{ let homeDir = homeDirArray[0] if let auditRecord = XCredsAudit().auditRecord(path: homeDir+"/.xcredsaudit") { let auditDict = XCredsAudit().auditRecordDictionary(auditRecord) for (k,v) in auditDict{ userDetailsInfo[k] = v if !json { print(" " + k + ": " + v) } } } } for userDetail in userDetails { if let key = userDetail.key as? String,let _ = UserKeys(rawValue: key), let values = userDetail.value as? [String] { let value = values.joined(separator: "") userDetailsInfo[key] = value if key == UserKeys.oidcUsername.rawValue { oidcUsers.append(["localUsername":user.recordName,"oidcUsername":value]) if !json { print(" " + user.recordName) print(" localUsername" + ":" + user.recordName) print(" oidcUsername" + ": " + value) } } } } } usersResult[user.recordName] = userDetailsInfo } info.oidcUsers=oidcUsers info.userInfo = usersResult let encoder = JSONEncoder() encoder.outputFormatting = .prettyPrinted let jsonOutput = try encoder.encode(info) if json { print(String(data: jsonOutput, encoding: .utf8)!) } } catch { print(error) } return } } } @available(macOS, deprecated: 11) extension xcreds { struct ListReaders:ParsableCommand { static var configuration = CommandConfiguration(abstract: "List currently plugged in RFID readers.") func run() throws { TCSUnifiedLogger.shared().suppressDebug=true let slotNames = TKSmartCardSlotManager.default?.slotNames guard let slotNames = slotNames, slotNames.count>0 else { print("No readers found") return } for slot in slotNames { print(slot) } return } } } @available(macOS, deprecated: 11) extension xcreds { struct RFIDListener:ParsableCommand { static var configuration = CommandConfiguration(abstract: "Listen and print the RFID of scanned cards.") @Option(help: "reader name") var readerName:String func run() throws { TCSUnifiedLogger.shared().suppressDebug=true print("press control-c to exit") let watcher = TKTokenWatcher() watcher.setInsertionHandler({ tokenID in print("card inserted") watcher.addRemovalHandler({ tokenID in print("card removed") }, forTokenID: tokenID) let slotNames = TKSmartCardSlotManager.default?.slotNames guard let slotNames = slotNames, slotNames.count>0 else { return } if slotNames.contains(readerName) == false { print("reader \(readerName) not found") NSApplication.shared.terminate(self) } let slot = TKSmartCardSlotManager.default?.slotNamed(readerName) guard let tkSmartCard = slot?.makeSmartCard() else { print("error finding smartcard in reader \(readerName). Make sure the card was inserted into this reader.") return } let builtInReader = CCIDCardReader(tkSmartCard: tkSmartCard) let returnData = builtInReader.sendAPDU(cla: 0xFF, ins: 0xCA, p1: 0, p2: 0, data: nil) if let returnData=returnData, returnData.count>2{ DispatchQueue.main.async { let hex=returnData[0...returnData.count-3].hexEncodedString() print(hex) } } }) RunLoop.main.run() } } } @available(macOS, deprecated: 11) extension xcreds { struct RunApp:ParsableCommand { static var configuration = CommandConfiguration(abstract: "Start app normally.") @Argument(parsing: .allUnrecognized) var other: [String] = [] func run() throws { //used to register ccid reader as root. no idea why //this is needed. if other.contains("-r") { DispatchQueue.main.asyncAfter(deadline: DispatchTime.now()+5) { NSApplication.shared.terminate(self) } } let app = NSApplication.shared let appDelegate = AppDelegate() app.delegate = appDelegate _ = NSApplicationMain(CommandLine.argc, CommandLine.unsafeArgv) } } } @available(macOS, deprecated: 11) extension xcreds { struct ShowAdminUser:ParsableCommand { static var configuration = CommandConfiguration(abstract: "Show currently set admin user. Used for resetting keychain.") func run() throws { TCSUnifiedLogger.shared().suppressDebug=true if geteuid() != 0 { print("This operation requires root. Please run with sudo.") NSApplication.shared.terminate(self) } let secretKeeper = try SecretKeeper(label: "XCreds Encryptor", tag: "XCreds Encryptor") let userManager = UserSecretManager(secretKeeper: secretKeeper) if let adminUser = try userManager.adminCredentials(), !adminUser.username.isEmpty { print("\(adminUser.username)") } else { print("admin user not set") } } } } @available(macOS, deprecated: 11) extension xcreds { struct ClearRFIDUser:ParsableCommand { static var configuration = CommandConfiguration(abstract: "Clear rfid user.") @Option(help: "Username to remove") var username:String func run() throws { TCSUnifiedLogger.shared().suppressDebug=true if geteuid() != 0 { print("This operation requires root. Please run with sudo.") NSApplication.shared.terminate(self) } let secretKeeper = try SecretKeeper(label: "XCreds Encryptor", tag: "XCreds Encryptor") let userManager = UserSecretManager(secretKeeper: secretKeeper) do { let res = try userManager.removeUIDUser(username: username) if res == true { print("RFID user removed.") } else { print("RFID User could not be removed. Please check the username and try again") } } catch { print(error.localizedDescription) } } } } @available(macOS, deprecated: 11) extension xcreds { struct ClearRFIDUsers:ParsableCommand { static var configuration = CommandConfiguration(abstract: "Clear all users. Does not clear the admin user.") func run() throws { TCSUnifiedLogger.shared().suppressDebug=true if geteuid() != 0 { print("This operation requires root. Please run with sudo.") NSApplication.shared.terminate(self) } let secretKeeper = try SecretKeeper(label: "XCreds Encryptor", tag: "XCreds Encryptor") let userManager = UserSecretManager(secretKeeper: secretKeeper) try userManager.clearUIDUsers() } } } @available(macOS, deprecated: 11) extension xcreds { struct ClearAdminUser:ParsableCommand { static var configuration = CommandConfiguration(abstract: "Clear the current admin user used for resetting keychain.") func run() throws { TCSUnifiedLogger.shared().suppressDebug=true if geteuid() != 0 { print("This operation requires root. Please run with sudo.") NSApplication.shared.terminate(self) } let secretKeeper = try SecretKeeper(label: "XCreds Encryptor", tag: "XCreds Encryptor") let userManager = UserSecretManager(secretKeeper: secretKeeper) try userManager.updateLocalAdminCredentials(user: SecretKeeperUser(fullName: "", username: "", password: "", uid: -1, rfidUID: Data(), pin: nil)) } } } @available(macOS, deprecated: 11) extension xcreds { struct SetAdminUser:ParsableCommand { static var configuration = CommandConfiguration(abstract: "Set the current admin user used for resetting keychain.") @Option(help: "Update Admin username") var adminusername:String @Option(help: "Update Admin password") var adminpassword:String func run() throws { TCSUnifiedLogger.shared().suppressDebug=true if geteuid() != 0 { print("This operation requires root. Please run with sudo.") NSApplication.shared.terminate(self) } let secretKeeper = try SecretKeeper(label: "XCreds Encryptor", tag: "XCreds Encryptor") let userManager = UserSecretManager(secretKeeper: secretKeeper) try userManager.updateLocalAdminCredentials(user: SecretKeeperUser(fullName: "", username: adminusername, password: adminpassword, uid: NSNumber(value: -1), rfidUID: Data(), pin: nil)) } } } @available(macOS, deprecated: 11) extension xcreds { struct SetRFIDUser:ParsableCommand { static var configuration = CommandConfiguration(abstract: "Add an RFID user.") @Argument(parsing: .allUnrecognized) var other: [String] = [] @Option(help: "Update Fullname") var fullname:String @Option(help: "Update username") var username:String @Option(help: "Update Password") var password:String @Option(help: "Update UID") var uid:String = "" @Option(help: "Update RFID-uid") var rfiduid:String @Option(help: "PIN") var pin:String? func run() throws { TCSUnifiedLogger.shared().suppressDebug=true if geteuid() != 0 { print("This operation requires root. Please run with sudo.") NSApplication.shared.terminate(self) } do { if !username.isEmpty && !password.isEmpty && !fullname.isEmpty && !rfiduid.isEmpty{ let secretKeeper = try SecretKeeper(label: "XCreds Encryptor", tag: "XCreds Encryptor") let userManager = UserSecretManager(secretKeeper: secretKeeper) guard let rfidUIDData = Data(fromHexEncodedString: rfiduid) else { print("invalid rfid. Must be hex with no 0x prefix") return } try userManager.setUIDUser(fullName: fullname, rfidUID: rfidUIDData, username: username, password: password, uid: NSNumber(value: Int(uid) ?? -1), pin: pin) print("user set. If this Mac system is at the XCreds login window, please restart (or log in and log out) to use the new user.") } } catch { print(error.localizedDescription) } } } } @available(macOS, deprecated: 11) extension xcreds { struct ShowRFIDUsers:ParsableCommand { static var configuration = CommandConfiguration(abstract: "Show RFID users.") func run() throws { TCSUnifiedLogger.shared().suppressDebug=true if geteuid() != 0 { print("This operation requires root. Please run with sudo.") NSApplication.shared.terminate(self) } do { let secretKeeper = try SecretKeeper(label: "XCreds Encryptor", tag: "XCreds Encryptor") let userManager = UserSecretManager(secretKeeper: secretKeeper) let users = try userManager.uidUsers() print("Full Name:Username:UserID:Requires PIN") guard let rfidUsers = users.userDict else { return } for currKey in rfidUsers.keys{ if let user = rfidUsers[currKey], let fullname = user.fullName,let _ = rfidUsers[currKey]?.password { print("\(fullname):\(user.username):\(user.userUID):\(user.requiresPIN==true ? "Y":"N")") } } } catch { print(error.localizedDescription) } } } } @available(macOS, deprecated: 11) extension xcreds { struct ShowRFIDUser:ParsableCommand { static var configuration = CommandConfiguration(abstract: "Show RFID user.") @Option(help: "RFID-uid in hex with no 0x in front.") var rfidUID:String @Option(help: "PIN") var pin:String? func run() throws { TCSUnifiedLogger.shared().suppressDebug=true if geteuid() != 0 { print("This operation requires root. Please run with sudo.") NSApplication.shared.terminate(self) } do { let rfidUidData = Data(fromHexEncodedString: rfidUID) guard let rfidUidData = rfidUidData else { print("bad RFID rfidUidData") return } let secretKeeper = try SecretKeeper(label: "XCreds Encryptor", tag: "XCreds Encryptor") let userManager = UserSecretManager(secretKeeper: secretKeeper) guard let user = try userManager.uidUser(uid: rfidUidData) else { print("user not found") return } if user.requiresPIN == true && pin == nil { print("you must enter a PIN for this user") return } let password = try PasswordCryptor().passwordDecrypt(encryptedDataWithSalt: user.password, rfidUID: rfidUidData, pin:pin) if password.count>0 { print("Fullname: \(user.fullName ?? "No full name"), Username:\(user.username), UID:\(user.userUID)") } else { print("no password set for user \(user.username)") } } catch { print("failed to find user, valid PIN, or both") } } } } @available(macOS, deprecated: 11) extension xcreds { struct RemoveRFIDUser:ParsableCommand { static var configuration = CommandConfiguration(abstract: "Remove RFID user by rfid-uid.") @Option(help: "RFID-uid in hex with no 0x in front.") var rfidUID:String func run() throws { TCSUnifiedLogger.shared().suppressDebug=true if geteuid() != 0 { print("This operation requires root. Please run with sudo.") NSApplication.shared.terminate(self) } do { let rfidUidData = Data(fromHexEncodedString: rfidUID) guard let rfidUidData = rfidUidData else { print("bad RFID rfidUidData") return } let secretKeeper = try SecretKeeper(label: "XCreds Encryptor", tag: "XCreds Encryptor") let userManager = UserSecretManager(secretKeeper: secretKeeper) guard let _ = try userManager.uidUser(uid: rfidUidData) else { print("user not found") return } if try userManager.removeUIDUser(uid: rfidUidData) == false { print("user could not be removed") } else { print("user removed. If this Mac system is at the XCreds login window, please restart (or log in and log out) to prevent the user from logging in.") } } catch { print(error.localizedDescription) } } } } @available(macOS, deprecated: 11) extension xcreds { struct ImportRFIDUsers:ParsableCommand { static var configuration = CommandConfiguration(abstract: "Import users from a CSV for RFID login. Format:Full Name,Username,Password,RFID-UID,PIN,UID. PIN and UID can be left blank. All imported user data is encrypted and stored in a file located in /usr/local/var/twocanoes. The file is only readable by root.") @Option(help: "file") var file:String func run() throws { TCSUnifiedLogger.shared().suppressDebug=true if !file.isEmpty { if FileManager.default.fileExists(atPath: file)==false { print("\(file) does not exist.") } do { let contentsOfFile = try String(contentsOfFile: file, encoding: .windowsCP1250) _=RFIDUsers(rfidUsers: [:]) let lineArray = contentsOfFile.components(separatedBy:"\n") let secretKeeper = try SecretKeeper(label: "XCreds Encryptor", tag: "XCreds Encryptor") let userManager = UserSecretManager(secretKeeper: secretKeeper) var count = 0 for line in lineArray { if line.count==0 { continue } let userInfo = line.components(separatedBy: ",") if userInfo.count != 6 { print("invalid line. skipping. Line:\"\(line)\"") continue } let fullname = userInfo[0].trimmingCharacters(in: .whitespacesAndNewlines) if fullname == "Full Name" { print("skipping header") continue } var pin:String? let username = userInfo[1].trimmingCharacters(in: .whitespacesAndNewlines) let password = userInfo[2].trimmingCharacters(in: .whitespacesAndNewlines) let rfidUid = userInfo[3].trimmingCharacters(in: .whitespacesAndNewlines) let pinString = userInfo[4].trimmingCharacters(in: .whitespacesAndNewlines) if pinString.isEmpty { pin=nil } else { pin = pinString } let uid = Int(userInfo[5].trimmingCharacters(in: .whitespacesAndNewlines)) ?? -1 print("importing \(rfidUid):\(fullname):\(username):\(uid)") guard let rfidUidData = rfidUid.data(using: .hexadecimal) else { print("invalid uid") return } try userManager.setUIDUser(fullName: fullname, rfidUID: rfidUidData, username: username, password: password, uid: NSNumber(value: Int(uid)), pin: pin) count += 1 } // try userManager.setUIDUsers(rfidUsers) print("\(count) users imported. If this Mac system is at the XCreds login window, please restart (or log in and log out) to use the new users.") } catch { print("\(file) cannot be read. \(error)") } } } } struct ShowTemplate:ParsableCommand { static var configuration = CommandConfiguration(abstract: "Template for importing RFID users. The header row is optional. PIN and UID can be left blank but must contain commas with empty values as show below. John Doe has all values, Sam Doe does not have a PIN, and Jane Doe does not have a PIN or a UID (UID will be automatically selected when the user account is created)") func run() throws { TCSUnifiedLogger.shared().suppressDebug=true print("Full Name,Username,Password,RFID-UID,PIN,UID") print("John Doe,jdoe,password%1!,00124565,000000,601") print("Sam Doe,sam,password@3^,DEADBEEF,,602") print("Jane Doe,jane,password@2^,08091A1B1C1D1E,,") } } } @available(macOS, deprecated: 11) class AppDelegate: NSObject, NSApplicationDelegate, DSQueryable { @IBOutlet weak var loginPasswordWindow: NSWindow! @IBOutlet var window: NSWindow! var mainController:MainController? var screenIsLocked=true var isDisplayAsleep=true var waitForScreenToWake=false @IBOutlet var shareMounterMenu: ShareMounterMenu? @IBOutlet weak var statusMenu: NSMenu! var shareMenu:NSMenu? var statusBarItem:NSStatusItem? var watcher: TKTokenWatcher? func updateShareMenu(adUser:ADUserRecord){ shareMounterMenu?.shareMounter?.adUserRecord = adUser shareMounterMenu?.updateShares(connected: true) shareMenu = shareMounterMenu?.buildMenu(connected: true) if let sharesMenuItem = statusMenu.item(withTag: StatusMenuController.StatusMenuItemType.SharesMenuItem.rawValue) { if shareMenu?.items.count==0{ sharesMenuItem.isHidden=true } else { sharesMenuItem.isHidden=false statusMenu.setSubmenu(shareMenu, for:sharesMenuItem ) } } } func updateStatusMenuExpiration(_ expires:Date?) { ///TODO: implement edge cases return // DispatchQueue.main.async { // // TCSLogWithMark() // // if let expires = expires { // let daysToGo = Int(abs(expires.timeIntervalSinceNow)/86400) // // self.statusBarItem?.button?.title="\(daysToGo)d" // let dateFormatter = DateFormatter() // dateFormatter.dateStyle = .medium // dateFormatter.timeStyle = .short // // // self.statusBarItem?.button?.toolTip = dateFormatter.string(from: expires as Date) // // } // else { // self.statusBarItem?.button?.title="" // self.statusBarItem?.button?.toolTip = "" // } // // // } } func updateStatusMenuIcon(showDot:Bool){ DispatchQueue.main.async { TCSLogWithMark() if showDot==true { TCSLogWithMark("showing with dot") if let iconData=DefaultsOverride.standardOverride.data(forKey: PrefKeys.menuItemIconCheckedData.rawValue), let image = NSImage(data: iconData) { image.size=NSMakeSize(16, 16) self.statusBarItem?.button?.image=image } else { self.statusBarItem?.button?.image=NSImage(named: "xcreds menu icon check") } } else { TCSLogWithMark("showing without dot") if let iconData=DefaultsOverride.standardOverride.data(forKey: PrefKeys.menuItemIconData.rawValue), let image = NSImage(data: iconData) { image.size=NSMakeSize(16, 16) self.statusBarItem?.button?.image=image } else { self.statusBarItem?.button?.image=NSImage(named: "xcreds menu icon") } } } } func applicationDidFinishLaunching(_ aNotification: Notification) { NetworkMonitor.shared.startMonitoring() updatePrefsFromDS() self.statusBarItem = NSStatusBar.system.statusItem(withLength: NSStatusItem.variableLength) statusBarItem?.isVisible=true statusBarItem?.menu = statusMenu if let iconData=DefaultsOverride.standardOverride.data(forKey: PrefKeys.menuItemIconData.rawValue), let image = NSImage(data: iconData) { image.size=NSMakeSize(16, 16) self.statusBarItem?.button?.image=image } else { self.statusBarItem?.button?.image=NSImage(named: "xcreds menu icon") } let shareMounter = ShareMounter() shareMounterMenu = ShareMounterMenu() shareMounterMenu?.shareMounter = shareMounter shareMounterMenu?.updateShares(connected: true) shareMenu = shareMounterMenu?.buildMenu(connected: true) // let defaultsPath = Bundle.main.path(forResource: "defaults", ofType: "plist") if let defaultsPath = defaultsPath { let defaultsDict = NSDictionary(contentsOfFile: defaultsPath) TCSLogWithMark() DefaultsOverride.standardOverride.register(defaults: defaultsDict as! [String : Any]) } VersionCheck.shared.reportLicenseUsage(event: .checkin) { isSuccess in print(isSuccess) } let infoPlist = Bundle.main.infoDictionary if let infoPlist = infoPlist, let build = infoPlist["CFBundleVersion"] { TCSLogWithMark("Build \(build)") } DistributedNotificationCenter.default().addObserver(self, selector: #selector(screenLocked(_:)), name:NSNotification.Name("com.apple.screenIsLocked") , object: nil) DistributedNotificationCenter.default().addObserver(self, selector: #selector(screenUnlocked(_:)), name:NSNotification.Name("com.apple.screenIsUnlocked") , object: nil) NSWorkspace.shared.notificationCenter.addObserver(self, selector: #selector(screenDidSleep(_:)), name:NSWorkspace.screensDidSleepNotification , object: nil) NSWorkspace.shared.notificationCenter.addObserver(self, selector: #selector(screenDidWake(_:)), name:NSWorkspace.screensDidWakeNotification , object: nil) DispatchQueue.global().async{ if var autofillAppPath = Bundle.main.path(forResource: "XCreds Login Autofill", ofType: "app"){ autofillAppPath = autofillAppPath + "/Contents/MacOS/XCreds Login Autofill" if FileManager.default.fileExists(atPath: autofillAppPath){ let _ = TCTaskHelper.shared().runCommand(autofillAppPath, withOptions:["-r"] ) TCSLogWithMark("autofill registered") } } } if UserDefaults.standard.bool(forKey: "checkForUpdates")==true{ checkForUpdates() } mainController = MainController() mainController?.setup() } func checkForUpdates() { let thisAppVersion = Bundle.main.infoDictionary?["CFBundleShortVersionString"] as? String let thisAppBundleID = Bundle.main.bundleIdentifier if let thisAppVersion = thisAppVersion, let thisAppBundleID = thisAppBundleID, let thisAppVersionFloat = Float(thisAppVersion){ VersionCheck.shared.versionForIdentifier(identifier: thisAppBundleID, version: thisAppVersion) { isSuccess, version in if let versionFloat = Float(version),!thisAppVersion.isEmpty, !version.isEmpty, thisAppVersionFloat < versionFloat { TCSLogErrorWithMark("New version available: \(thisAppVersion) < \(version)") } } } } func applicationWillTerminate(_ aNotification: Notification) { // Insert code here to tear down your application } func applicationSupportsSecureRestorableState(_ app: NSApplication) -> Bool { return true } @objc func screenUnlocked(_ sender:Any) { TCSLogWithMark() screenIsLocked=false } @objc func screenLocked(_ sender:Any) { TCSLogWithMark() screenIsLocked=true if isDisplayAsleep==true{ waitForScreenToWake=true } else { waitForScreenToWake=false switchToLoginWindow() } } @objc func screenDidSleep(_ sender:Any) { TCSLogWithMark() isDisplayAsleep=true } @objc func screenDidWake(_ sender:Any) { TCSLogWithMark() isDisplayAsleep=false if waitForScreenToWake==true { waitForScreenToWake=false switchToLoginWindow() } } func switchToLoginWindow() { if DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldSwitchToLoginWindowWhenLocked.rawValue)==true{ TCSLoginWindowUtilities().switchToLoginWindow(self) } } func updatePrefsFromDS(){ if let currentUser = PasswordUtils.getCurrentConsoleUserRecord() { do { let attributesArray = try currentUser.recordDetails(forAttributes: nil) for currAttribute in attributesArray { if let key = currAttribute.key as? String, key.hasPrefix("dsAttrTypeNative:_xcreds"), let value = currAttribute.value as? Array, let lastValue = value.last { let components = key.components(separatedBy: ":") if let strippedKey = components.last{ UserDefaults.standard.set(lastValue, forKey:strippedKey) } } } } catch { TCSLogWithMark("could not get attributes from user") } } } } ================================================ FILE: XCreds/Assets.xcassets/AccentColor.colorset/Contents.json ================================================ { "colors" : [ { "idiom" : "universal" } ], "info" : { "author" : "xcode", "version" : 1 } } ================================================ FILE: XCreds/Assets.xcassets/AppIcon.appiconset/Contents.json ================================================ { "images" : [ { "filename" : "icon_16x16.png", "idiom" : "mac", "scale" : "1x", "size" : "16x16" }, { "filename" : "icon_16x16@2x.png", "idiom" : "mac", "scale" : "2x", "size" : "16x16" }, { "filename" : "icon_32x32.png", "idiom" : "mac", "scale" : "1x", "size" : "32x32" }, { "filename" : "icon_32x32@2x.png", "idiom" : "mac", "scale" : "2x", "size" : "32x32" }, { "filename" : "icon_128x128.png", "idiom" : "mac", "scale" : "1x", "size" : "128x128" }, { "filename" : "icon_128x128@2x.png", "idiom" : "mac", "scale" : "2x", "size" : "128x128" }, { "filename" : "icon_256x256.png", "idiom" : "mac", "scale" : "1x", "size" : "256x256" }, { "filename" : "icon_256x256@2x.png", "idiom" : "mac", "scale" : "2x", "size" : "256x256" }, { "filename" : "icon_512x512.png", "idiom" : "mac", "scale" : "1x", "size" : "512x512" }, { "filename" : "icon_512x512@2x.png", "idiom" : "mac", "scale" : "2x", "size" : "512x512" } ], "info" : { "author" : "xcode", "version" : 1 } } ================================================ FILE: XCreds/Assets.xcassets/Contents.json ================================================ { "info" : { "author" : "xcode", "version" : 1 } } ================================================ FILE: XCreds/Assets.xcassets/refresh symbol.imageset/Contents.json ================================================ { "info" : { "author" : "xcode", "version" : 1 }, "images" : [ { "filename" : "refresh symbol~universal@1x.png", "idiom" : "universal", "scale" : "1x" }, { "filename" : "refresh symbol~universal@2x.png", "scale" : "2x", "idiom" : "universal" }, { "scale" : "3x", "idiom" : "universal", "filename" : "refresh symbol~universal@3x.png" } ] } ================================================ FILE: XCreds/Assets.xcassets/wifi.imageset/Contents.json ================================================ { "info" : { "version" : 1, "author" : "xcode" }, "images" : [ { "filename" : "wifi~universal@1x.png", "idiom" : "universal", "scale" : "1x" }, { "filename" : "wifi~universal@2x.png", "scale" : "2x", "idiom" : "universal" }, { "scale" : "3x", "filename" : "wifi~universal@3x.png", "idiom" : "universal" } ] } ================================================ FILE: XCreds/Assets.xcassets/xcreds menu icon check.imageset/Contents.json ================================================ { "images" : [ { "scale" : "1x", "idiom" : "universal", "filename" : "xcreds menu icon check~universal@1x.png" }, { "idiom" : "universal", "scale" : "2x", "filename" : "xcreds menu icon check~universal@2x.png" }, { "filename" : "xcreds menu icon check~universal@3x.png", "scale" : "3x", "idiom" : "universal" } ], "info" : { "author" : "xcode", "version" : 1 } } ================================================ FILE: XCreds/Assets.xcassets/xcreds menu icon.imageset/Contents.json ================================================ { "images" : [ { "scale" : "1x", "idiom" : "universal", "filename" : "xcreds menu icon~universal@1x.png" }, { "idiom" : "universal", "filename" : "xcreds menu icon~universal@2x.png", "scale" : "2x" }, { "idiom" : "universal", "scale" : "3x", "filename" : "xcreds menu icon~universal@3x.png" } ], "info" : { "author" : "xcode", "version" : 1 } } ================================================ FILE: XCreds/Base.lproj/MainMenu.xib ================================================ Default Left to Right Right to Left Default Left to Right Right to Left ================================================ FILE: XCreds/Credits.txt ================================================ -------------------------------------------------------------------------------------------------------- Special thanks to North Carolina State University and Everette Allen for supporting this project. OIDCLite is Copyright (c) 2022 Joel Rennich (https://gitlab.com/Mactroll/OIDCLite) under MIT License. XCreds is licensed under BSD Open Source License. https://twocanoes.com -------------------------------------------------------------------------------------------------------- ================================================ FILE: XCreds/DefaultsHelper.swift ================================================ // // DefaultsHelper.swift // XCreds // // Created by Timothy Perfitt on 5/13/23. // import Cocoa class DefaultsHelper: NSObject { static func backgroundImage() -> NSImage? { let coreServicesDefaultImagePathUrl: String = "file:///System/Library/CoreServices/DefaultDesktop.heic" TCSLogWithMark() if let imagePathURL = DefaultsOverride.standardOverride.string(forKey: PrefKeys.loginWindowBackgroundImageURL.rawValue), let image = NSImage.imageFromPathOrURL(pathURLString: imagePathURL){ return image } // Try to use default desktop if let coreServicesDefaultImage = NSImage.imageFromPathOrURL(pathURLString: coreServicesDefaultImagePathUrl) { TCSLogWithMark("Using CoreServices Default Desktop image") return coreServicesDefaultImage } return nil } static func secondaryBackgroundImage(includeDefault:Bool=true) -> NSImage? { TCSLogWithMark() if let imagePathURL = DefaultsOverride.standardOverride.string(forKey: PrefKeys.loginWindowSecondaryMonitorsBackgroundImageURL.rawValue), let image = NSImage.imageFromPathOrURL(pathURLString: imagePathURL){ return image } return backgroundImage() } static func desktopPasswordWindowBackgroundImage(includeDefault:Bool=true) -> NSImage? { TCSLogWithMark() if let imagePathURL = DefaultsOverride.standardOverride.string(forKey: PrefKeys.menuItemWindowBackgroundImageURL.rawValue), let image = NSImage.imageFromPathOrURL(pathURLString: imagePathURL){ return image } else { let image = NSImage(named: NSImage.Name("xcredsmenuItemWindowBackgroundImage")) return image } } } ================================================ FILE: XCreds/DesktopLoginWindowController.swift ================================================ // // DesktopLoginWindow.swift // XCreds // // Created by Timothy Perfitt on 12/11/23. // import Cocoa @available(macOS, deprecated: 11) class DesktopLoginWindowController: NSWindowController { @IBOutlet var webViewController: WebViewController! @IBOutlet var backgroundImageView:NSImageView! override class func awakeFromNib() { } override func windowDidLoad() { super.windowDidLoad() let backgroundImage = DefaultsHelper.desktopPasswordWindowBackgroundImage(includeDefault: false) if let backgroundImage = backgroundImage { backgroundImageView.image = backgroundImage backgroundImageView.alphaValue = CGFloat(DefaultsOverride.standardOverride.float(forKey: PrefKeys.menuItemWindowBackgroundImageAlpha.rawValue)) backgroundImageView.image=backgroundImage backgroundImageView.imageScaling = .scaleNone } } } ================================================ FILE: XCreds/DesktopLoginWindowController.xib ================================================ Log in to verify your cloud credentials. After verification, your local user account password will be set to your cloud password. ================================================ FILE: XCreds/FileVaultLogin.swift ================================================ // // FileVaultLogin.swift // XCreds // // Created by Timothy Perfitt on 10/10/25. // import ServiceManagement class FileVaultLoginHelper { static let shared = FileVaultLoginHelper() func skipFileVaultAuthAtNextReboot(completion:@escaping(_ result:Bool, _ error:String?)->Void) { let helperToolManager = HelperToolManager() switch helperToolManager.manageHelperTool(action: .install) { case .notRegistered: TCSLogWithMark() completion(false, "Service is not registered") return case .enabled: TCSLogWithMark() break case .requiresApproval: TCSLogWithMark("Service requires approval. Please select Allow in the notification or open System Preferences->Login Items and allow the service") completion(false, "Service requires approval. Please select Allow in the notification or open System Preferences->Login Items and allow the service") case .notFound: TCSLogWithMark("Service Not Found") completion(false, "Service Not Found") @unknown default: TCSLogWithMark("Unknown Error") completion(false, "Unknown Error") } TCSLogWithMark() let username = getConsoleUser() let cred = KeychainUtil().findPassword(serviceName: PrefKeys.password.rawValue, accountName: PrefKeys.password.rawValue) TCSLogWithMark() guard let cred = cred else { TCSLogWithMark("no valid password found") completion(false, "no valid password found") return } helperToolManager.runCommand(username:username, password:cred.password) { success in if success==true{ TCSLogWithMark("runCommand success") TCSLogWithMark() completion(true, "") } else { TCSLogWithMark() // NSAlert.showAlert(title:"Error",message:"Cannot set filevault login") TCSLogWithMark() completion(false, "Cannot set filevault login") } } } func skipFileVaultAuthAtNextRebootWithAdmin( completion:@escaping(_ result:Bool, _ error:String?)->Void) { let helperToolManager = HelperToolManager() switch helperToolManager.manageHelperTool(action: .install) { case .notRegistered: TCSLogWithMark() completion(false, "Service is not registered") return case .enabled: TCSLogWithMark() break case .requiresApproval: TCSLogWithMark("Service requires approval. Please select Allow in the notification or open System Preferences->Login Items and allow the service") completion(false, "Service requires approval. Please select Allow in the notification or open System Preferences->Login Items and allow the service") case .notFound: TCSLogWithMark("Service Not Found") completion(false, "Service Not Found") @unknown default: TCSLogWithMark("Unknown Error") completion(false, "Unknown Error") } TCSLogWithMark() do { helperToolManager.authFVAsAdmin() { success in if success==true{ TCSLogWithMark("runCommand success") } else { TCSLogWithMark("Cannot set filevault login as admin") // NSAlert.showAlert(title:"Error",message:"Cannot set filevault login as admin") } TCSLogWithMark() completion(success, "") } // } // else { // // TCSLogWithMark("no valid credentials for admin filevault unlock") // completion(false, "no valid credentials for admin filevaulit unlock") // // } } catch { TCSLogWithMark("error setting filevault login as admin") completion(false, "error setting filevault login as admin") } } } ================================================ FILE: XCreds/HelperToolManager.swift ================================================ // // HelperToolManager.swift // HelperToolApp //// import ServiceManagement @objc(HelperToolProtocol) public protocol HelperToolProtocol { func authFV(username:String, password:String, withReply reply: @escaping (Bool) -> Void) func authFVAsAdmin(withReply reply: @escaping (Bool) -> Void) } enum HelperToolAction { case none // Only check status case install // Install the helper tool case uninstall // Uninstall the helper tool } class HelperToolManager: ObservableObject { private var helperConnection: NSXPCConnection? let helperToolIdentifier = "com.twocanoes.FileVaultLoginHelper" var isHelperToolInstalled: Bool = false @Published var message: String = "Checking..." var status: String { return isHelperToolInstalled ? "Registered" : "Not Registered" } // init() { // manageHelperTool() // // } // Function to manage the helper tool installation/uninstallation func manageHelperTool(action: HelperToolAction = .none) -> SMAppService.Status { let plistName = "\(helperToolIdentifier).plist" let service = SMAppService.daemon(plistName: plistName) var occurredError: NSError? // Perform install/uninstall actions if specified switch action { case .install: // Pre-check before registering switch service.status { case .requiresApproval: message = "Registered but requires enabling in System Settings > Login Items." SMAppService.openSystemSettingsLoginItems() case .enabled: message = "Service is already enabled." default: do { try service.register() if service.status == .requiresApproval { SMAppService.openSystemSettingsLoginItems() } } catch let nsError as NSError { occurredError = nsError if nsError.code == 1 { // Operation not permitted message = "Permission required. Enable in System Settings > Login Items." SMAppService.openSystemSettingsLoginItems() } else { message = "Installation failed: \(nsError.localizedDescription)" print("Failed to register helper: \(nsError.localizedDescription)") } } } case .uninstall: do { try service.unregister() // Close any existing connection helperConnection?.invalidate() helperConnection = nil } catch let nsError as NSError { occurredError = nsError print("Failed to unregister helper: \(nsError.localizedDescription)") } case .none: break } updateStatusMessages(with: service, occurredError: occurredError) isHelperToolInstalled = (service.status == .enabled) return service.status } // Function to open Settings > Login Items func openSMSettings() { SMAppService.openSystemSettingsLoginItems() } func authFVAsAdmin(withReply completion: @escaping (Bool) -> Void){ if !isHelperToolInstalled { TCSLogWithMark() completion(false) return } guard let connection = getConnection() else { TCSLogWithMark() completion(false) return } guard let proxy = connection.remoteObjectProxyWithErrorHandler({ error in DispatchQueue.main.async { TCSLogWithMark() completion(false) } }) as? HelperToolProtocol else { TCSLogWithMark() completion(false) return } proxy.authFVAsAdmin() { success in DispatchQueue.main.async { TCSLogWithMark() completion(success) } } } // Function to run privileged commands func runCommand(username:String, password:String, withReply completion: @escaping (Bool) -> Void){ if !isHelperToolInstalled { TCSLogWithMark() completion(false) return } guard let connection = getConnection() else { TCSLogWithMark() completion(false) return } guard let proxy = connection.remoteObjectProxyWithErrorHandler({ error in DispatchQueue.main.async { TCSLogWithMark() completion(false) } }) as? HelperToolProtocol else { TCSLogWithMark() completion(false) return } proxy.authFV(username:username, password:password) { success in DispatchQueue.main.async { TCSLogWithMark() completion(success) } } } // Create/reuse XPC connection private func getConnection() -> NSXPCConnection? { TCSLogWithMark() if let connection = helperConnection { TCSLogWithMark() return connection } let connection = NSXPCConnection(machServiceName: helperToolIdentifier, options: .privileged) connection.remoteObjectInterface = NSXPCInterface(with: HelperToolProtocol.self) connection.invalidationHandler = { [weak self] in self?.helperConnection = nil } TCSLogWithMark() connection.resume() helperConnection = connection return connection } // Helper to update helper status messages func updateStatusMessages(with service: SMAppService, occurredError: NSError?) { if let nsError = occurredError { switch nsError.code { case kSMErrorAlreadyRegistered: message = "Service is already registered and enabled." case kSMErrorLaunchDeniedByUser: message = "User denied permission. Enable in System Settings > Login Items." case kSMErrorInvalidSignature: message = "Invalid signature, ensure proper signing on the application and helper tool." case 1: message = "Authorization required in Settings > Login Items." default: message = "Operation failed: \(nsError.localizedDescription)" } } else { switch service.status { case .notRegistered: message = "Service hasn’t been registered. You may register it now." case .enabled: message = "Service successfully registered and eligible to run." case .requiresApproval: message = "Service registered but requires user approval in Settings > Login Items." case .notFound: message = "Service is not installed." @unknown default: message = "Unknown service status (\(service.status))." } } } } ================================================ FILE: XCreds/Info.plist ================================================ LogFileName xcreds.log ================================================ FILE: XCreds/KeychainUtil.swift ================================================ // // KeychainUtil.swift // NoMAD // // Created by Joel Rennich on 8/7/16. // Copyright © 2016 Trusource Labs. All rights reserved. // // class to manage all keychain interaction enum KeychainError: Error { case notConnected case notLoggedIn case noPasswordExpirationTime case ldapServerLookup case ldapNamingContext case ldapServerPasswordExpiration case ldapConnectionError case userPasswordSetDate case userHome case noStoredPassword case storedPasswordWrong } import OSLog import Foundation import Security struct certDates { var serial : String var expireDate : Date } struct PasswordItem{ var username: String var password: String var keychainItem: SecKeychainItem } class KeychainUtil { // var myErr: OSStatus // let serviceName = "xcreds" // var myKeychainItem: SecKeychainItem? // init() { // myErr = 0 // } // find if there is an existing account password and return it or throw @available(macOS, deprecated: 10.10) func findPassword(serviceName:String, accountName:String?,keychain:SecKeychain?=nil) -> PasswordItem? { var passLength: UInt32 = 0 var passPtr: UnsafeMutableRawPointer? = nil var keychainItem: SecKeychainItem? TCSLogWithMark("Finding \(serviceName) in keychain") var keychainToUse:SecKeychain? var userKeychain:SecKeychain? TCSLogWithMark("find password for account:\(String(describing: accountName)) service:(serviceName)") if let keychain = keychain { os_log("using provided keychain") keychainToUse=keychain } else { os_log("using user keychain") if SecKeychainCopyDomainDefault(SecPreferencesDomain.user, &userKeychain) != errSecSuccess { os_log("error getting user keychain") return nil } if let userKeychain = userKeychain { keychainToUse = userKeychain } else { os_log("keychain is nil. returning.") return nil } } let myErr = SecKeychainFindGenericPassword(keychainToUse, UInt32(serviceName.count), serviceName, UInt32((accountName ?? "").count), accountName, &passLength, &passPtr, &keychainItem) if myErr == OSStatus(errSecSuccess) { let password = NSString(bytes: passPtr!, length: Int(passLength), encoding: String.Encoding.utf8.rawValue) guard let password = password, (password as String).isEmpty == false else { return nil } TCSLogWithMark("\(serviceName) found in keychain") var account="" if let keychainItem=keychainItem { var attributeTags = [SecItemAttr.accountItemAttr.rawValue] var formatConstants = [UInt32(CSSM_DB_ATTRIBUTE_FORMAT_STRING)] var attributeInfo = SecKeychainAttributeInfo(count: 1, tag: &attributeTags, format: &formatConstants) var attrList: UnsafeMutablePointer? = nil let res = SecKeychainItemCopyAttributesAndData(keychainItem, &attributeInfo, nil, &attrList,nil,nil); let accountAttribute = attrList?.pointee.attr?.pointee if let data=accountAttribute?.data { account = String(bytesNoCopy: data, length: Int((accountAttribute?.length)!), encoding: String.Encoding.utf8, freeWhenDone: false)! } TCSLogWithMark() return PasswordItem(username: account, password: password as String, keychainItem: keychainItem) } return nil } else { TCSLogErrorWithMark("\(serviceName) not found in keychain") return nil } } func trustedApps() -> [SecTrustedApplication] { var trust : SecTrustedApplication? = nil var secApps = [ SecTrustedApplication ]() if FileManager.default.fileExists(atPath: "/Applications/XCreds.app", isDirectory: nil) { let status = SecTrustedApplicationCreateFromPath("/Applications/XCreds.app", &trust) if status == 0 { secApps.append(trust!) } else { TCSLogWithMark("error appending trust for XCreds.app") } } if FileManager.default.fileExists(atPath: "/Applications/XCreds.app/Contents/Resources/XCreds Login Autofill.app/Contents/PlugIns/XCreds Login Password.appex", isDirectory: nil) { let res = SecTrustedApplicationCreateFromPath("/Applications/XCreds.app/Contents/Resources/XCreds Login Autofill.app/Contents/PlugIns/XCreds Login Password.appex", &trust) if res == 0 { secApps.append(trust!) } else { TCSLogWithMark("error appending trust for autofill") } } if FileManager.default.fileExists(atPath: "/System/Library/Frameworks/Security.framework/Versions/A/MachServices/authorizationhost.bundle/Contents/XPCServices/authorizationhosthelper.x86_64.xpc", isDirectory: nil) { let res = SecTrustedApplicationCreateFromPath("/System/Library/Frameworks/Security.framework/Versions/A/MachServices/authorizationhost.bundle/Contents/XPCServices/authorizationhosthelper.x86_64.xpc", &trust) if res == 0 { secApps.append(trust!) } else { TCSLogWithMark("error appending trust for authorizationhost") } } if FileManager.default.fileExists(atPath: "/System/Library/Frameworks/Security.framework/Versions/A/MachServices/authorizationhost.bundle/Contents/XPCServices/authorizationhosthelper.arm64.xpc", isDirectory: nil) { let res = SecTrustedApplicationCreateFromPath("/System/Library/Frameworks/Security.framework/Versions/A/MachServices/authorizationhost.bundle/Contents/XPCServices/authorizationhosthelper.arm64.xpc", &trust) if res == 0 { secApps.append(trust!) } else { TCSLogWithMark("error appending trust for authorizationhost") } } return secApps } // set the password func setPassword(serviceName:String, accountName: String, pass: String, keychainPassword:String, keychain:SecKeychain?=nil) -> SecKeychainItem? { let account = accountName let passwordData = pass.data(using: String.Encoding.utf8)! var secAccess:SecAccess? var keychainItem:CFTypeRef? var prompt = SecKeychainPromptSelector() var aclArray : CFArray? = nil var appList: CFArray? = nil var desc: CFString? = nil var keychainToUse:SecKeychain var userKeychain:SecKeychain? TCSLogWithMark("Setting password for account:\(accountName) service:(serviceName)") if let keychain = keychain { os_log("using provided keychain") keychainToUse=keychain } else { os_log("using user keychain") if SecKeychainCopyDomainDefault(SecPreferencesDomain.user, &userKeychain) != errSecSuccess { os_log("error getting user keychain") return nil } if let userKeychain = userKeychain { keychainToUse = userKeychain } else { os_log("keychain is nil. returning.") return nil } } TCSLogWithMark("Creating ACL") //create the default ACLs as SecAccess so we can modify them SecAccessCreate(accountName as CFString, nil, &secAccess) guard let secAccess = secAccess else { TCSLogWithMark("Error setting ACL") return nil } //In order to not get prompted, the app that are allowed to use the // ACLAuthorizationDecrypt operation //must be included when the ACLs are created. //convert the ACLs to a list and then go through them //and modify ACLAuthorizationDecrypt. ACLAuthorizationDecrypt is the right //that is needed to give apps access to a password //adding the app path is not enough; the team id needs to //be added to the partition ACL, but we can't create that ACL. //We have create the ACLs and then the partition ACL gets added. //We then loop over, find it, and modify it. //convert opaque secAccess to an array SecAccessCopyACLList(secAccess, &aclArray) //get a list of the trusted apps to share the password let secApps = trustedApps() //loop over them looking for ACLAuthorizationDecrypt for acl in aclArray as! Array { SecACLCopyContents(acl, &appList, &desc, &prompt) let authArray = SecACLCopyAuthorizations(acl) //set the apps that are allowed to have access to the password item if (authArray as! [String]).contains("ACLAuthorizationDecrypt") { TCSLogWithMark("Found ACLAuthorizationDecrypt.") SecACLSetContents(acl, secApps as CFArray, "" as CFString, prompt) continue } } let attributes: [String: Any] = [kSecClass as String: kSecClassGenericPassword, kSecAttrAccount as String: account, kSecAttrService as String: serviceName, kSecValueData as String: passwordData, kSecAttrAccess as String: secAccess as SecAccess, kSecUseKeychain as String:keychainToUse as Any, kSecReturnRef as String: true ] TCSLogWithMark("Calling SecItemAdd, returning new keychain item (generic password)") let res = SecItemAdd(attributes as CFDictionary, &keychainItem) if res != OSStatus(errSecSuccess) { TCSLogWithMark("Error SecItemAdd: \(res) ") return nil } let secKeychainItem = keychainItem as! SecKeychainItem var accessControlList: SecAccess? = nil var err = SecKeychainItemCopyAccess(secKeychainItem, &accessControlList) guard let accessControlList = accessControlList else { TCSLogWithMark("invalid accessControlList: \(err)") return nil } //turn the opaque accessControlList to an array of secACLs //so we can iterate over them SecAccessCopyACLList(accessControlList, &aclArray) //iterate over the acls in the array //when the acl in the array changes, it changes the items //in the accessControlList but doesn't change the //access control list in the secKeychainItem until //SecKeychainItemSetAccessWithPassword is called for acl in aclArray as! Array { //each ACL has one or more auth operations //a list of apps that have access to those operations //and a prompt selector. the prompt selector is the default //since macOS seems to want to prompt on everything regardless SecACLCopyContents(acl, &appList, &desc, &prompt) //For this ACL, get the operations that it covers let authArray = SecACLCopyAuthorizations(acl) //see if it is ACLAuthorizationPartitionID, which is the //ACL that allows access by team id. if (authArray as! [String]).contains("ACLAuthorizationPartitionID") { TCSLogWithMark("Found ACLAuthorizationPartitionID.") // pull in the description that is a plist let rawData = Data.init(fromHexEncodedString: desc! as String) var format: PropertyListSerialization.PropertyListFormat = .xml var propertyListObject = [ String: [String]]() do { propertyListObject = try PropertyListSerialization.propertyList(from: rawData!, options: [], format: &format) as! [ String: [String]] } catch { TCSLogWithMark("No teamid in ACLAuthorizationPartitionID.") } let teamIds = [ "apple:", "teamid:UXP6YEHSPW" ] propertyListObject["Partitions"] = teamIds // now serialize it back into a plist let xmlObject = try? PropertyListSerialization.data(fromPropertyList: propertyListObject as Any, format: format, options: 0) // now that all ACLs has been adjusted, we can update the item err = SecACLSetContents(acl, secApps as CFArray, xmlObject!.hexEncodedString() as CFString, prompt) if err == 0 { TCSLogWithMark("SecACLSetContents success") } else { TCSLogWithMark("error SecACLSetContents") } } } //we really should be using SecKeychainItemSetAccess but it always errors if you change //the partition ID. err = SecKeychainItemSetAccessWithPassword(secKeychainItem, accessControlList, UInt32(strlen(keychainPassword.cString(using: .utf8) ?? [])), keychainPassword.cString(using: .utf8) ?? [] ) if err == 0 { TCSLogWithMark("SecKeychainItemSetAccessWithPassword success") } else { TCSLogWithMark("error SecKeychainItemSetAccessWithPassword: \(err)") } return secKeychainItem } func updatePassword(serviceName:String, accountName: String, pass: String, keychainPassword:String, keychain:SecKeychain?=nil) -> Bool { let passwordItem = findPassword(serviceName: serviceName, accountName: accountName, keychain: keychain) if let passwordItem = passwordItem { let _ = deletePassword(keychainItem: passwordItem.keychainItem) } TCSLogWithMark("setting new password for \(accountName) \(serviceName)") let secKeychainItem = setPassword(serviceName: serviceName, accountName: accountName, pass: pass, keychainPassword: keychainPassword,keychain: keychain) if secKeychainItem == nil { TCSLogErrorWithMark("setting new password FAILURE: accountname:\(accountName)") return false } TCSLogWithMark("setting new password success") return true } // delete the password from the keychain @available(macOS, deprecated: 11) func deletePassword(keychainItem:SecKeychainItem) -> OSStatus { return SecKeychainItemDelete(keychainItem) } @available(macOS, deprecated: 10.10) func clearPasswords(serviceName:String,keychain:SecKeychain?=nil) -> Bool { findAndDelete(serviceName: serviceName, accountName: nil, keychain: keychain) } // convience functions @available(macOS, deprecated: 11) func findAndDelete(serviceName: String, accountName: String?, keychain:SecKeychain?=nil) -> Bool { while true { guard let passwordItem = findPassword(serviceName: serviceName, accountName:accountName,keychain: keychain) else { break } let res = deletePassword(keychainItem: passwordItem.keychainItem) if res != 0 { return false } } return true //on password found so don't delete and return true } } ================================================ FILE: XCreds/LicenseChecker.swift ================================================ // // LicenseChecker.swift // XCreds // // Created by Timothy Perfitt on 3/28/23. // import Cocoa class LicenseChecker: NSObject { enum LicenseState { case valid(Int) case invalid case trial(Int) case trialExpired case expired } func currentLicenseState() -> LicenseState { let trialDays = 14 if UserDefaults.standard.value(forKey: "tts") == nil { UserDefaults.standard.setValue(Date(), forKey: "tts") } let firstLaunchDate = UserDefaults.standard.value(forKey: "tts") as? Date var trialState = LicenseState.trialExpired if let firstLaunchDate = firstLaunchDate { let secondsPassed = Date().timeIntervalSince(firstLaunchDate) let trialDaysLeft=trialDays-(Int(secondsPassed)/(24*60*60)); if secondsPassed ================================================ FILE: XCreds/MainController.swift ================================================ // // MainController.swift // XCreds // // Created by Timothy Perfitt on 6/3/22. // import Cocoa import OIDCLite @available(macOS, deprecated: 11) class MainController: NSObject, UpdateCredentialsFeedbackProtocol { enum LoginWindowType { case cloud case usernamePassword } let standardFilevaultAutologinText = "FileVault AutoLogin Enabled" var fileVaultMenuItemText = "FileVault AutoLogin Enabled" var shouldShowFilevaultBypassMenuItem = false var passwordCheckTimer:Timer? var feedbackDelegate:TokenManagerFeedbackDelegate? let scheduleManager = ScheduleManager() var adPasswordExpires:String? var cloudPasswordExpires:String? var nextPasswordTokenCheck:String { var dateString:String = "" if scheduleManager.nextTokenCheckTime < Date () { dateString = "When Available" } else { let dateFormatter = DateFormatter() dateFormatter.locale = Locale.current dateFormatter.dateStyle = .medium dateFormatter.timeStyle = .short dateString = dateFormatter.string(from: scheduleManager.nextTokenCheckTime) } return dateString } var nextPasswordADCheck:String { var dateString:String = "" if scheduleManager.nextADCheckTime < Date () { dateString = "When Available" } else { let dateFormatter = DateFormatter() dateFormatter.locale = Locale.current dateFormatter.dateStyle = .medium dateFormatter.timeStyle = .short dateString = dateFormatter.string(from: scheduleManager.nextADCheckTime) } return dateString } var tokenCredentialStatus:String? var kerberosCredentialStatus:String? var hasCredential:Bool? var hasKerberosTicket:Bool? let windowController = DesktopLoginWindowController(windowNibName: "DesktopLoginWindowController") lazy var signInViewController:SignInViewController? = { let bundle = Bundle.findBundleWithName(name: "XCreds") if let bundle = bundle{ TCSLogWithMark("Creating signInViewController") let controller = SignInViewController(nibName: "LocalUsersViewController", bundle:bundle) controller.isInUserSpace = true controller.updateCredentialsFeedbackDelegate=self return controller; } return nil }() init(passwordCheckTimer: Timer? = nil, feedbackDelegate: TokenManagerFeedbackDelegate? = nil, cloudPasswordExpires: String? = nil, adPasswordExpires: String? = nil,nextPasswordCheck: String? = nil, credentialStatus: String? = nil, hasCredential: Bool? = nil, signInViewController: SignInViewController? = nil) { self.passwordCheckTimer = passwordCheckTimer self.feedbackDelegate = feedbackDelegate self.adPasswordExpires = adPasswordExpires self.cloudPasswordExpires = cloudPasswordExpires self.tokenCredentialStatus = credentialStatus self.hasCredential = hasCredential super.init() scheduleManager.feedbackDelegate=self updateFileVaultSkip() let shouldShowMenuBarSignInWithoutLoginWindowSignin = DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldShowMenuBarSignInWithoutLoginWindowSignin.rawValue) if isLocalOnlyAccount() == false || shouldShowMenuBarSignInWithoutLoginWindowSignin==true { let accountAndPassword = localAccountAndPassword() if let password = accountAndPassword.1 { scheduleManager.kerberosPassword = password } self.scheduleManager.startCredentialCheck() } } func isLocalOnlyAccount() -> Bool { let user = getConsoleUser() guard let dsRecord = try? PasswordUtils.getLocalRecord(user) else { return false } let kerbPrinc = try? dsRecord.values(forAttribute:"dsAttrTypeNative:_xcreds_activedirectory_kerberosPrincipal" ) let kerbPrincPrefs = UserDefaults.standard.string(forKey:"_xcreds_activedirectory_kerberosPrincipal" ) let oidcUsername = try? dsRecord.values(forAttribute:"dsAttrTypeNative:_xcreds_oidc_username" ) let oidcUsernamePrefs = UserDefaults.standard.string(forKey:"_xcreds_oidc_username" ) if kerbPrinc == nil && oidcUsername == nil && kerbPrincPrefs == nil && oidcUsernamePrefs == nil { TCSLogWithMark("no kerberos principal and no oidc username in local DS console user/prefs, so skipping showing window") return true } return false } func showSignInWindow(force:Bool=false, forceLoginWindowType:LoginWindowType?=nil, hadPasswordFailure:Bool=false ) { TCSLogWithMark() if isLocalOnlyAccount()==true && force==false{ TCSLogWithMark() return } //put the timers off some we don't get multiple other prompts when user is putting in credentials scheduleManager.setNextCheckTime(timer: .ADTimer ) scheduleManager.setNextCheckTime(timer: .TokenTimer) var forceUsernamePassword = false if let forceLoginWindowType = forceLoginWindowType { TCSLogWithMark() if forceLoginWindowType == .usernamePassword { TCSLogWithMark() forceUsernamePassword = true } } if forceUsernamePassword == false, DefaultsOverride.standardOverride.value(forKey: PrefKeys.discoveryURL.rawValue) != nil, DefaultsOverride.standardOverride.value(forKey: PrefKeys.clientID.rawValue) != nil , DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldUseROPGForMenuLogin.rawValue) == false { TCSLogWithMark() Task{ @MainActor in do{ let tokenManager = TokenManager() try await tokenManager.oidc().getEndpoints() guard let window = windowController.window else { return } window.makeKeyAndOrderFront(self) if let webViewController = windowController.webViewController{ webViewController.webView.isHidden=false TCSLogWithMark() windowController.webViewController.updateCredentialsFeedbackDelegate=self windowController.webViewController?.loadPage() } NSApp.activate(ignoringOtherApps: true) } } } else if (DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldUseROPGForMenuLogin.rawValue) == true || DefaultsOverride.standardOverride.value(forKey: PrefKeys.aDDomain.rawValue) != nil ) { if let webView = windowController.webViewController?.webView { webView.isHidden=true TCSLogWithMark() } guard let window = self.windowController.window, let signInViewController = self.signInViewController else { TCSLogWithMark("No window or signInViewController") return } signInViewController.hadPasswordFailure = hadPasswordFailure DispatchQueue.main.async { TCSLogWithMark("Creating signInViewController") TCSLogWithMark() if let contentView = window.contentView { TCSLogWithMark() self.windowController.webViewController.webView.isHidden=true signInViewController.view.wantsLayer=true if let contentView = window.contentView{ if contentView.subviews.contains(signInViewController.view)==false { contentView.addSubview(signInViewController.view) } } signInViewController.setupLoginAppearance() var x = NSMidX(contentView.frame) var y = NSMidY(contentView.frame) x = x - signInViewController.view.frame.size.width/2 y = y - signInViewController.view.frame.size.height/2 let lowerLeftCorner = NSPoint(x: x, y: y) signInViewController.localOnlyCheckBox.isHidden = true signInViewController.localOnlyCheckBox.isHidden = true signInViewController.view.setFrameOrigin(lowerLeftCorner) } window.makeKeyAndOrderFront(self) NSApp.activate(ignoringOtherApps: true) } } } func checkAndMountShares() { let tickets = KlistUtil().returnTickets() if tickets.count>0{ let appDelegate = NSApp.delegate as? AppDelegate appDelegate?.shareMounterMenu?.updateShares(connected: true, tickets: true) } } func setup() { if let cloudPasswordExpiresDate = OIDCPasswordExpiryDate(){ if OIDCPasswordExpiryDate()?.timeIntervalSinceNow ?? 0<0 { self.cloudPasswordExpires = "Password Expired!" return } if #available(macOS 12.0, *) { self.cloudPasswordExpires=cloudPasswordExpiresDate.formatted(date: .abbreviated, time: .shortened) } else { self.cloudPasswordExpires=cloudPasswordExpiresDate.debugDescription } } NSWorkspace.shared.notificationCenter.addObserver(forName: NSWorkspace.didUnmountNotification, object: nil, queue: nil) { notification in self.scheduleManager.checkKerberosTicket() self.checkAndMountShares() } NotificationCenter.default.addObserver(forName: .connectivityStatus, object: nil, queue: nil) { notification in DispatchQueue.main.asyncAfter(deadline: DispatchTime.now()+10) { self.scheduleManager.checkKerberosTicket() self.checkAndMountShares() } } self.checkAndMountShares() TCSLogWithMark() // make sure we have the local password, else prompt. we don't need to save it // just make sure we prompt if not in the keychain. if the user cancels, then it will // prompt when using OAuth. // don't need to save it. just need to prompt and it gets saved // in the keychain // // scheduleManager.checkADPasswordExpire(password: password) // passwordCheckTimer = Timer.scheduledTimer(withTimeInterval: 3*60*60, repeats: true, block: { _ in // self.scheduleManager.checkADPasswordExpire(password: password) // }) // // } let discoveryURL = DefaultsOverride.standardOverride.string(forKey: PrefKeys.discoveryURL.rawValue) if discoveryURL == nil { return } let shouldShowMenuBarSignInWithoutLoginWindowSignin = DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldShowMenuBarSignInWithoutLoginWindowSignin.rawValue) if shouldShowMenuBarSignInWithoutLoginWindowSignin == true && isLocalOnlyAccount() == true { showSignInWindow(force:true,forceLoginWindowType: .cloud) } } //get local password either from keychain or prompt. If prompt, then it will save in keychain for next time. if keychain, get keychain and test to make sure it is valid. func localAccountAndPassword() -> (String?,String?) { let keychainUtil = KeychainUtil() var accountName="" let passwordItem = keychainUtil.findPassword(serviceName: PrefKeys.password.rawValue,accountName: nil) if let passwordItem=passwordItem { accountName=passwordItem.username let password = passwordItem.password if case .success = PasswordUtils.isLocalPasswordValid(userName: PasswordUtils.currentConsoleUserName, userPass: password){ TCSLogWithMark("account name and password found: \(accountName)") return (accountName,password) } } else { TCSLogWithMark("invalid password item") } TCSLogWithMark() if DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldSuppressLocalPasswordPrompt.rawValue)==true { TCSLogWithMark("Suppressing local password prompt") return (nil,nil) } let promptPasswordWindowController = VerifyLocalPasswordWindowController() promptPasswordWindowController.showResetText=false promptPasswordWindowController.showResetButton=false switch promptPasswordWindowController.promptForLocalAccountAndChangePassword(username: PasswordUtils.currentConsoleUserName, newPassword: nil, shouldUpdatePassword: false) { case .success(let localUsernamePassword): guard let localPassword = localUsernamePassword?.password, let localUsername = localUsernamePassword?.username else { TCSLogWithMark( "No password returned") return (nil,nil) } let err = keychainUtil.updatePassword(serviceName: PrefKeys.password.rawValue,accountName:PrefKeys.password.rawValue, pass:localPassword, keychainPassword: localPassword) if err == false { TCSLogWithMark("Failed to store password in keychain") return (nil,nil) } return (accountName,localPassword) case .accountResetRequested(_): return (nil,nil) case .userCancelled: return (nil,nil) case .error(_): return (nil,nil) } } func passwordExpiryUpdate(_ passwordExpire: Date) { let dateFormatter = DateFormatter() dateFormatter.locale = Locale.current dateFormatter.dateStyle = .medium dateFormatter.timeStyle = .short let dateString = dateFormatter.string(from: passwordExpire) if passwordExpire.timeIntervalSinceNow>10*365*24*60*60{ self.adPasswordExpires="Never" } else { self.adPasswordExpires=dateString } let appDelegate = NSApp.delegate as? AppDelegate appDelegate?.updateStatusMenuExpiration(passwordExpire) } func credentialsUpdated(_ credentials:Creds) { // this gets called with an empty Creds if ROPG is used and we get back a // code that says auth was successfull but we have not tokens so // we proceed DispatchQueue.main.async { UserDefaults.standard.removeObject(forKey: PrefKeys.lastOIDCLoginFailTimestamp.rawValue) self.hasCredential=true self.tokenCredentialStatus="Valid Tokens" (NSApp.delegate as? AppDelegate)?.updateStatusMenuIcon(showDot:true) let tokenManager = TokenManager() if let idTokenInfo = try? tokenManager.tokenInfo(fromCredentials: credentials){ let userInfoResult = tokenManager.setupUserAccountInfo(idTokenInfo: idTokenInfo) switch userInfoResult { case .success(let retUserAccountInfo): let userInfo = retUserAccountInfo if let username = userInfo.username, let fullUsername = userInfo.fullUsername { UserDefaults.standard.set(username, forKey:"_xcreds_oidc_username") UserDefaults.standard.set(fullUsername, forKey:"_xcreds_oidc_full_username") //if user oidc username doesn't exist in DS, write to a file in ~/L/AS for login window to migrate let currentUser = PasswordUtils.getCurrentConsoleUserRecord() if let userNames = try? currentUser?.values(forAttribute: "dsAttrTypeNative:_xcreds_oidc_username") as? [String], userNames.count>0, let username = userNames.first { TCSLogWithMark("Found existing username \(username) in DS") } else { TCSLogWithMark("No _xcreds_oidc_username found in DS so setting migrate file"); let appSupportFolder = NSHomeDirectory() + "/Library/Application Support/XCreds" let plistPath = appSupportFolder + "/ds_info.plist" do { //check to see if appSupportFolder exists and if not, create if !FileManager.default.fileExists(atPath: appSupportFolder) { TCSLogWithMark("Creating appSupport folder") try FileManager.default.createDirectory(atPath: appSupportFolder, withIntermediateDirectories: true, attributes: nil) } if FileManager.default.fileExists(atPath: plistPath) { TCSLogWithMark("plist already exists so remove it so we get the freshes value") try FileManager.default.removeItem(at: URL(filePath: plistPath)) } if let subValue = idTokenInfo["sub"] as? String, let issuerValue = idTokenInfo["iss"] as? String{ var dictToWrite = ["_xcreds_oidc_username":username, "_xcreds_oidc_full_username":fullUsername, "subValue":subValue, "issuerValue":issuerValue, "localuser":PasswordUtils.currentConsoleUserName] if let kerberosPrincipalName = userInfo.kerberosPrincipalName { dictToWrite["_xcreds_activedirectory_kerberosPrincipal"] = kerberosPrincipalName } //write dictToWrite to file as plist TCSLog("writing plist file: \(plistPath)") try PropertyListEncoder().encode(dictToWrite).write(to: URL(fileURLWithPath: plistPath)) } } catch { TCSLogWithMark("Error saving migrate file: \(error)") } } if let kerberosPrincipalName = userInfo.kerberosPrincipalName { UserDefaults.standard.set(kerberosPrincipalName, forKey:"_xcreds_activedirectory_kerberosPrincipal") } } case .error(let message): TCSLogWithMark("Error getting infoResult: \(message)") } } else { TCSLogWithMark("no idTokenInfo because using LDAP, ROPG or issue with OIDC.") } self.windowController.window?.close() let localAccountAndPassword = self.localAccountAndPassword() TCSLogWithMark("local account: \(localAccountAndPassword.0 ?? "")") if credentials.password != nil, let localPassword=localAccountAndPassword.1, localPassword.count>0{ if localPassword != credentials.password{ TCSLogWithMark("localPassword and credentials.password do not match") var updatePassword = true if DefaultsOverride.standardOverride.bool(forKey: PrefKeys.verifyPassword.rawValue)==true { let verifyOIDPassword = VerifyOIDCPasswordWindowController.init(windowNibName: NSNib.Name("VerifyOIDCPassword")) NSApp.activate(ignoringOtherApps: true) while true { let response = NSApp.runModal(for: verifyOIDPassword.window!) if response == .cancel { let alert = NSAlert() alert.addButton(withTitle: "Skip Updating Password") alert.addButton(withTitle: "Cancel") alert.messageText="Are you sure you want to skip updating the local password and keychain? Your local password and keychain will be out of sync with your cloud password. " let resp = alert.runModal() if resp == .alertFirstButtonReturn { NSApp.stopModal(withCode: .cancel) verifyOIDPassword.window?.close() updatePassword=false break } } let verifyCloudPassword = verifyOIDPassword.password if verifyCloudPassword == credentials.password { updatePassword=true verifyOIDPassword.window?.close() break; } else { verifyOIDPassword.window?.shake(self) } } } if updatePassword { if let cloudPassword = credentials.password { try? PasswordUtils.changeLocalUserAndKeychainPassword(localPassword, newPassword: cloudPassword) self.updateFileVaultSkip() } } } } var localPassword = credentials.password if localPassword==nil { localPassword = localAccountAndPassword.1 } if let localPassword = localPassword, TokenManager.saveTokensToKeychain(creds: credentials, keychainPassword:localPassword ) == false { TCSLogErrorWithMark("error saving tokens to keychain") } self.scheduleManager.startCredentialCheck() } //delay startup to give network time to settle. Timer.scheduledTimer(withTimeInterval: 15, repeats: false) { timer in self.scheduleManager.startCredentialCheck() } } func invalidCredentials() { TCSLogWithMark() hasCredential=false tokenCredentialStatus="Invalid Token Credentials" DispatchQueue.main.async { let appDelegate = NSApp.delegate as? AppDelegate appDelegate?.updateStatusMenuIcon(showDot:false) self.showSignInWindow(forceLoginWindowType: .cloud) } } func credentialsCheckFailed() { DispatchQueue.main.async { TCSLogWithMark() self.hasCredential=false self.tokenCredentialStatus="Credentials Check Failed" let appDelegate = NSApp.delegate as? AppDelegate appDelegate?.updateStatusMenuIcon(showDot:false) self.showSignInWindow(forceLoginWindowType: .cloud) } } func updateFileVaultSkip() { if DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldSkipFileVaultLogin.rawValue) == true{ self.shouldShowFilevaultBypassMenuItem=true TCSLogWithMark("Setting filevault to unlock with user") FileVaultLoginHelper.shared.skipFileVaultAuthAtNextReboot { result, error in if result == false { TCSLogWithMark(error ?? "Unknown error") self.fileVaultMenuItemText = self.standardFilevaultAutologinText+" (error. check log)" } else { self.fileVaultMenuItemText = self.standardFilevaultAutologinText } } } if DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldSkipFileVaultLoginAdmin.rawValue) == true{ TCSLogWithMark("Setting filevault to unlock with admin") self.shouldShowFilevaultBypassMenuItem=true FileVaultLoginHelper.shared.skipFileVaultAuthAtNextRebootWithAdmin { result, error in if result == false { self.fileVaultMenuItemText = self.standardFilevaultAutologinText+" (error. check log)" TCSLogWithMark(error ?? "Unknown error") } else { self.fileVaultMenuItemText = self.standardFilevaultAutologinText } } } } func kerberosTicketUpdated() { TCSLogWithMark() hasKerberosTicket=true (NSApp.delegate as? AppDelegate)?.updateStatusMenuIcon(showDot:true) kerberosCredentialStatus="Valid kerberos tickets" updateFileVaultSkip() } func kerberosTicketCheckFailed(_ error: NoMADSessionError) { TCSLogWithMark() hasKerberosTicket=false (NSApp.delegate as? AppDelegate)?.updateStatusMenuIcon(showDot:false) kerberosCredentialStatus="Kerberos Tickets Failed" switch error{ case .OffDomain: TCSLogWithMark("Off domain so not prompting") case .UnknownPrincipal: TCSLogWithMark("UnknownPrincipal so not prompting") default: if signInViewController?.view.window?.isVisible==true { TCSLogWithMark("Already showing sign in window") } else{ showSignInWindow(forceLoginWindowType: .usernamePassword, hadPasswordFailure: true) } } } func adUserUpdated(_ adUser: ADUserRecord) { (NSApp.delegate as? AppDelegate)?.updateShareMenu(adUser: adUser) } func OIDCPasswordExpiryDate() -> Date?{ let keychainUtil = KeychainUtil() guard let passwordItem = keychainUtil.findPassword(serviceName: "xcreds idToken", accountName: "idToken")?.password else { TCSLogWithMark("cannot find ID token") return nil } let idTokenInfo = jwtDecode(value: passwordItem) //dictionary for mapping guard let idTokenInfo = idTokenInfo else { TCSLogWithMark("idTokenInfo invalid") return nil } guard let expiryKey = DefaultsOverride.standardOverride.object(forKey: PrefKeys.mapPasswordExpiry.rawValue) as? String, expiryKey.count>0, let expiryString = idTokenInfo[expiryKey] as? String, let expiryNumber = Int(expiryString) else { TCSLogWithMark("mapPasswordExpiry invalid") return nil } guard let iatInt = idTokenInfo["iat"] as? Int else { TCSLogWithMark("iatInt invalid") return nil } TCSLogWithMark("iatInt: \(iatInt)") TCSLogWithMark("expiryNumber: \(expiryNumber)") let expirySecondsFromEpoch = expiryNumber + iatInt TCSLogWithMark("expirySecondsFromEpoch: \(expirySecondsFromEpoch)") let expiryDate = Date(timeIntervalSince1970: TimeInterval(expirySecondsFromEpoch)) TCSLogWithMark("expiryDate: \(expiryDate)") return expiryDate } } ================================================ FILE: XCreds/MainLoginWindowController.swift ================================================ // // MainLoginWindowController.swift // XCredsLoginPlugin // // Created by Timothy Perfitt on 12/7/23. // import Cocoa @available(macOS, deprecated: 11) class MainLoginWindowController: NSWindowController,NSWindowDelegate { var controlsViewController: ControlsViewController? var setupDone=false @IBOutlet weak var backgroundImageView: NSImageView! // var resolutionObserver:Any? var networkChangeObserver:Any? var centerView:NSView? var mechanism:XCredsMechanismProtocol? var timer:Timer? var windowArray:Array=[] override func windowDidLoad() { TCSLogWithMark() super.windowDidLoad() window?.canBecomeVisibleWithoutLogin=true let screenRect = NSScreen.screens[0].frame window?.setFrame(screenRect, display: true, animate: false) window?.alphaValue=0.95 timer = Timer.scheduledTimer(withTimeInterval: 5, repeats: true, block: { timer in //added this because https://github.com/twocanoes/xcreds/issues/272 if let path = DefaultsOverride.standardOverride.string(forKey: PrefKeys.hideIfPathExists.rawValue), FileManager.default.fileExists(atPath:path ) { if self.window?.isVisible==true { TCSLogWithMark("window is visible and hide path has item at it so hiding window") self.window?.orderOut(self) } } else { // if self.window?.isVisible==false { TCSLogWithMark("window is not visible and default does exist so moving to front") self.window?.makeKeyAndOrderFront(self) } self.window?.forceToFrontAndFocus(self) } }) } override func awakeFromNib() { TCSLogWithMark() //awakeFromNib gets called multiple times. guard against that. if setupDone == false { // updateLoginWindowInfo() setupDone=true setupLoginWindowAppearance() // os_log("Finishing loading loginwindow", log: uiLog, type: .debug) // Disabling due to it causing screen resizing during EULA let notificationCenter = NotificationCenter.default notificationCenter.addObserver(self, selector: #selector(updateWindow), name: NSApplication.didChangeScreenParametersNotification, object: nil) } } @objc func updateWindow() { TCSLogWithMark() DispatchQueue.main.asyncAfter(deadline: .now() + 0.1){ if self.window?.isVisible ?? true { let screenRect = NSScreen.screens[0].frame let screenWidth = screenRect.width let screenHeight = screenRect.height TCSLogWithMark("screenRect: \(screenRect)") self.window?.setFrame(NSMakeRect(0,0 , screenWidth, screenHeight), display: true) if let height = self.controlsViewController?.view.frame.size.height { let rect = NSMakeRect(0, 0, screenWidth,height) self.controlsViewController?.view.frame=rect } self.recenterCenterView() self.updateBackground() } } } func setupLoginWindowAppearance() { TCSLogWithMark("setting up window...") self.window?.backgroundColor = NSColor.black self.window?.titlebarAppearsTransparent = true self.window?.isMovable = false self.window?.canBecomeVisibleWithoutLogin = true self.window?.level = .normal let screenRect = NSScreen.screens[0].frame self.window?.setFrame(screenRect, display: true, animate: false) let rect = NSMakeRect(0, 0, self.window?.contentView?.frame.size.width ?? 100,117) self.controlsViewController?.view.frame=rect TCSLogWithMark() if self.controlsViewController==nil { self.controlsViewController = ControlsViewController.initFromPlugin() } else { self.controlsViewController!.view.removeFromSuperview() } guard let controlsViewController = self.controlsViewController else { return } self.controlsViewController?.delegate=mechanism TCSLogWithMark() self.window?.contentView?.addSubview(controlsViewController.view) if let width = self.window?.frame.size.width { let rect2 = NSMakeRect(0, 0, width,controlsViewController.view.frame.size.height) controlsViewController.view.frame=rect2 } TCSLogWithMark("create background windows") self.updateBackground() TCSLogWithMark() controlsViewController.showPopoverIfNeeded() } func loginTransition( completion:@escaping ()->Void) { DispatchQueue.main.async { if let timer = self.timer, timer.isValid==true { TCSLogWithMark("invalidating timer") timer.invalidate() } TCSLogWithMark() let screenRect = NSScreen.screens[0].frame let progressIndicator=NSProgressIndicator.init(frame: NSMakeRect(0, screenRect.height-3, screenRect.width,3)) progressIndicator.style = .bar progressIndicator.startAnimation(self) self.window?.contentView?.addSubview(progressIndicator) self.window?.canBecomeVisibleWithoutLogin=true NotificationCenter.default.removeObserver(self) if let networkChangeObserver = self.networkChangeObserver { NotificationCenter.default.removeObserver(networkChangeObserver) } self.controlsViewController?.allowPopoverClose=true if self.controlsViewController?.systemInfoPopover.isShown==true { self.controlsViewController?.systemInfoPopover.performClose(self) } NSAnimationContext.runAnimationGroup({ (context) in context.duration = 1.0 context.allowsImplicitAnimation = true self.centerView?.animator().alphaValue = 0.0 let origin = self.controlsViewController?.view.frame.origin let size = self.controlsViewController?.view.frame.size if let origin = origin, let size = size { self.controlsViewController?.view.animator().setFrameOrigin(NSMakePoint(origin.x, origin.y-(2*size.height))) } }, completionHandler: { self.centerView?.alphaValue = 0.0 self.controlsViewController?.view.animator().alphaValue=0.0 self.centerView?.removeFromSuperview() self.controlsViewController?.view.removeFromSuperview() // self.window?.orderOut(self) TCSLogWithMark("completion") completion() }) } } fileprivate func updateBackground() { TCSLogWithMark() if windowArray.count>1{ for i in 1..0{ let newWindow = NSWindow(contentRect: .init(origin: .zero, size: .init(width: screen.frame.width, height: screen.frame.height)), styleMask: [], backing: .buffered, defer: false, screen: screen) newWindow.backgroundColor = NSColor.black newWindow.titlebarAppearsTransparent = true newWindow.isMovable = false newWindow.canBecomeVisibleWithoutLogin = true newWindow.level = .normal windowArray.append(newWindow) } currWindow = windowArray[i] let backgroundImage = DefaultsHelper.backgroundImage() let screenRect = screen.frame var newHeight = screenRect.height var newWidth = screenRect.width if let backgroundImage = backgroundImage{ if i == 0 { if UserDefaults.standard.bool(forKey: PrefKeys.shouldLoginWindowBackgroundImageFillScreen.rawValue) == false { TCSLogWithMark("MainLoginWindowController: Not resizing background image to fill screen") let ratio = backgroundImage.size.width/backgroundImage.size.height newHeight = screenRect.size.height newWidth = screenRect.size.height * ratio if newWidth > screenRect.size.width { newWidth = screenRect.size.width newHeight = screenRect.size.width / ratio } } else { TCSLogWithMark("MainLoginWindowController: resizing background image to fill screen") backgroundImage.size.height = newHeight backgroundImage.size.width = newWidth backgroundImageView.imageScaling = .scaleAxesIndependently backgroundImageView.frame=NSMakeRect(screenRect.origin.x, screenRect.origin.y, screenRect.size.width, screenRect.size.height-100) } //main screen backgroundImageView.imageScaling = .scaleAxesIndependently backgroundImage.size.height = newHeight backgroundImage.size.width = newWidth TCSLogWithMark("Setting background size to width:\(newWidth) height:\(newHeight)") backgroundImageView.frame=NSMakeRect((screenRect.size.width-newWidth)/2, (screenRect.size.height-newHeight)/2, newWidth, newHeight) backgroundImageView.image=backgroundImage backgroundImageView.alphaValue = CGFloat(DefaultsOverride.standardOverride.float(forKey: PrefKeys.loginWindowBackgroundImageAlpha.rawValue)) } else { let newBackgroundImageView = NSImageView() if let secondardBackgroundImage = DefaultsHelper.secondaryBackgroundImage(){ if UserDefaults.standard.bool(forKey: PrefKeys.shouldLoginWindowSecondaryMonitorsBackgroundImageFillScreen.rawValue) == false { TCSLogWithMark("secondaryBackgroundImage: Not resizing secondary background image to fill screen") let ratio = secondardBackgroundImage.size.width/secondardBackgroundImage.size.height newHeight = screenRect.size.height newWidth = screenRect.size.height * ratio if newWidth > screenRect.size.width { newWidth = screenRect.size.width newHeight = screenRect.size.width / ratio } } else { TCSLogWithMark("secondaryBackgroundImage: resizing secondary background image to fill screen") secondardBackgroundImage.size.height = newHeight secondardBackgroundImage.size.width = newWidth newBackgroundImageView.frame=NSMakeRect(screenRect.origin.x, screenRect.origin.y, screenRect.size.width, screenRect.size.height-100) } newBackgroundImageView.imageScaling = .scaleAxesIndependently secondardBackgroundImage.size.height = newHeight secondardBackgroundImage.size.width = newWidth //secondary screens newBackgroundImageView.image=secondardBackgroundImage newBackgroundImageView.alphaValue = CGFloat(DefaultsOverride.standardOverride.float(forKey: PrefKeys.loginWindowSecondaryMonitorsBackgroundAlpha.rawValue)) newBackgroundImageView.imageScaling = .scaleAxesIndependently newBackgroundImageView.frame=NSMakeRect((screenRect.size.width-newWidth)/2, (screenRect.size.height-newHeight)/2, newWidth, newHeight) currWindow.contentView?.addSubview(newBackgroundImageView) currWindow.makeKeyAndOrderFront(self) } } } i += 1 } } func recenterCenterView() { TCSLogWithMark() if let contentView = self.window?.contentView, let centerView = self.centerView { TCSLogWithMark() var x = NSMidX(contentView.frame) var y = NSMidY(contentView.frame) TCSLogWithMark("x:\(x) y:\(y) center width: \(centerView.frame.size.width), centerview height: \(centerView.frame.size.height)") x = x - centerView.frame.size.width/2 y = y - centerView.frame.size.height/2 let lowerLeftCorner = NSPoint(x: x, y: y) centerView.setFrameOrigin(lowerLeftCorner) TCSLogWithMark("\(x):\(y)") } else { TCSLogWithMark("invalid contentView or center view") } if let controlsView = controlsViewController?.view { controlsView.removeFromSuperview() self.window?.contentView?.addSubview(controlsView) } } func addCenterView(_ centerView:NSView){ TCSLogWithMark("re-centering") if self.centerView != nil { self.centerView?.removeFromSuperview() } self.centerView=centerView self.window?.contentView?.addSubview(centerView) recenterCenterView() } } ================================================ FILE: XCreds/NotifyManager.swift ================================================ // // NotifyManager.swift // XCreds // // Created by Timothy Perfitt on 6/3/22. // import Cocoa import UserNotifications class NotifyManager { static let shared = NotifyManager() init() { let center = UNUserNotificationCenter.current() center.requestAuthorization(options: [.alert, .badge, .sound]) { (granted, error) in } } func sendMessage(message:String) { let content = UNMutableNotificationContent() content.title = message let trigger = UNTimeIntervalNotificationTrigger(timeInterval: 1, repeats: false) // choose a random identifier let request = UNNotificationRequest(identifier: UUID().uuidString, content: content, trigger: trigger) // add our notification request UNUserNotificationCenter.current().add(request) } } ================================================ FILE: XCreds/PasswordUtils.swift ================================================ // // PasswordUtils.swift // XCreds // // Created by Timothy Perfitt on 6/3/22. // import Cocoa import SystemConfiguration import SecurityFoundation import OpenDirectory //enum DSQueryableErrors: Error { // case notLocalUser // case multipleUsersFound //} enum PasswordError: Error, CustomStringConvertible { case itemNotFound(String) case invalidParamater(String) case invalidResult(String) case unknownError(String) var description: String { switch self { case .itemNotFound(let message): return message case .invalidParamater(let message): return message case .invalidResult(let message): return message case .unknownError(let message): return message } } } enum PasswordVerificationResult { case success case incorrectPassword case accountDoesNotExist case accountLocked case other(String) } struct SecureTokenCredential { var username:String var password:String } class PasswordUtils: NSObject { static let currentConsoleUserName: String = NSUserName() static let uid: String = String(getuid()) class func getCurrentConsoleUserRecord() -> ODRecord? { // Get ODRecords where record name is equal to the Current Console User's username let session = ODSession.default() var records = [ODRecord]() do { //let node = try ODNode.init(session: session, type: UInt32(kODNodeTypeAuthentication)) let node = try ODNode.init(session: session, type: UInt32(kODNodeTypeLocalNodes)) let query = try ODQuery.init(node: node, forRecordTypes: kODRecordTypeUsers, attribute: kODAttributeTypeRecordName, matchType: UInt32(kODMatchEqualTo), queryValues: currentConsoleUserName, returnAttributes: kODAttributeTypeNativeOnly, maximumResults: 0) records = try query.resultsAllowingPartial(false) as! [ODRecord] } catch { } // We may have gotten multiple ODRecords that match username, // So make sure it also matches the UID. for case let record in records { let attribute = "dsAttrTypeStandard:UniqueID" if let odUid = try? String(describing: record.values(forAttribute: attribute)[0]) { if ( odUid == uid) { return record } } } return nil } // class func verifyUser(name: String, auth: String) -> Bool { // os_log("Finding user record", log: noLoMechlog, type: .debug) // TCSLogWithMark("searching for user \(name) and password with count \(auth.count)") // var records = [ODRecord]() // let odsession = ODSession.default() // var isValid = false // do { // let node = try ODNode.init(session: odsession, type: ODNodeType(kODNodeTypeLocalNodes)) // let query = try ODQuery.init(node: node, forRecordTypes: kODRecordTypeUsers, attribute: kODAttributeTypeRecordName, matchType: ODMatchType(kODMatchEqualTo), queryValues: name, returnAttributes: kODAttributeTypeAllAttributes, maximumResults: 0) // records = try query.resultsAllowingPartial(false) as! [ODRecord] // let result = isLocalPasswordValid(userName: name, userPass: auth) // isValid = ((try records.first?.verifyPassword(auth)) != nil) // } catch { // let errorText = error.localizedDescription // TCSLogErrorWithMark("ODError while trying to check for local user: \(errorText)") // return false // } // return isValid // } // class func verifyPassword(password:String) -> Bool { // let currentUser = PasswordUtils.getCurrentConsoleUserRecord() // do { // try currentUser?.verifyPassword(password) // } // catch { // return false // // } // return true // } // // class func verifyCurrentUserPassword(password:String) -> Bool { // let currentUser = PasswordUtils.getCurrentConsoleUserRecord() // do { // try currentUser?.verifyPassword(password) // } // catch { // return false // // } // return true // } @available(macOS, deprecated: 11) class func verifyKeychainPassword(password: String) throws -> Bool { var getDefaultKeychain: OSStatus var myDefaultKeychain: SecKeychain? var err: OSStatus // get the user's default keychain. (Typically login.keychain) getDefaultKeychain = SecKeychainCopyDefault(&myDefaultKeychain) if ( getDefaultKeychain == errSecNoDefaultKeychain ) { throw PasswordError.itemNotFound("Could not find Default Keychain") } err = SecKeychainUnlock(myDefaultKeychain, UInt32(strlen(password.cString(using: .utf8) ?? [])), password.cString(using: .utf8) ?? [], true) if err != noErr { return false } return true } @available(macOS, deprecated: 11) static func changeLocalUserAndKeychainPassword(_ oldPassword: String, newPassword: String) throws { TCSLogWithMark() var getDefaultKeychain: OSStatus var myDefaultKeychain: SecKeychain? var err: OSStatus // get the user's default keychain. (Typically login.keychain) getDefaultKeychain = SecKeychainCopyDefault(&myDefaultKeychain) if ( getDefaultKeychain == errSecNoDefaultKeychain ) { throw PasswordError.itemNotFound("Could not find Default Keychain") } // Test if the keychain password is correct by trying to unlock it. err = SecKeychainUnlock(myDefaultKeychain, UInt32(strlen(oldPassword.cString(using: .utf8) ?? [])), oldPassword.cString(using: .utf8) ?? [], true) if err != noErr { throw PasswordError.invalidResult("Error unlocking default keychain.") } do { try getCurrentConsoleUserRecord()?.changePassword(oldPassword, toPassword: newPassword) } catch { throw PasswordError.unknownError("error changing password: \(error)") } err = SecKeychainChangePassword(myDefaultKeychain, UInt32(strlen(oldPassword.cString(using: .utf8) ?? [] )), oldPassword.cString(using: .utf8) ?? [], UInt32(strlen(newPassword.cString(using: .utf8) ?? [] )), newPassword.cString(using: .utf8) ?? []) if (err == noErr) { return } else if ( err == errSecAuthFailed ) { return } else { // If we got any other error, we don't know if the password is good or not because we probably couldn't find the keychain. throw PasswordError.unknownError("Unknown error: " + err.description) } } /// `ODNode` to DSLocal for queries and account manipulation. public class var localNode: ODNode? { do { return try ODNode.init(session: ODSession.default(), type: ODNodeType(kODNodeTypeLocalNodes)) } catch { TCSLogWithMark("ODError creating local node.") return nil } } /// Conviennce function to discover if a shortname has an existing local account. /// /// - Parameter shortName: The name of the user to search for as a `String`. /// - Returns: `true` if the user exists in DSLocal, `false` if not. /// - Throws: Either an `ODFrameworkErrors` or a `DSQueryableErrors` if there is an error or the user is not local. public class func isUserLocal(_ shortName: String) throws -> Bool { do { _ = try getLocalRecord(shortName) } catch DSQueryableErrors.notLocalUser { return false } catch { throw error } return true } public class func doesUserHomeExist(_ name: String) throws -> Bool { // first get the user record os_log("Checking for existing home directory", log: noLoMechlog, type: .debug) var records = [ODRecord]() let odsession = ODSession.default() do { let node = try ODNode.init(session: odsession, type: ODNodeType(kODNodeTypeLocalNodes)) let query = try ODQuery.init(node: node, forRecordTypes: kODRecordTypeUsers, attribute: kODAttributeTypeRecordName, matchType: ODMatchType(kODMatchEqualTo), queryValues: name, returnAttributes: kODAttributeTypeAllAttributes, maximumResults: 0) records = try query.resultsAllowingPartial(false) as! [ODRecord] } catch { let errorText = error.localizedDescription os_log("ODError while trying to check for local user: %{public}@", log: noLoMechlog, type: .error, errorText) return true } os_log("Record search returned", log: noLoMechlog, type: .info) if records.isEmpty { os_log("No user found to delete, success!", log: noLoMechlog, type: .debug) return true } else if records.count > 1 { os_log("Multiple users found, failing local user removal", log: noLoMechlog, type: .info) return false } if let homePaths = records.first?.value(forKey: kODAttributeTypeNFSHomeDirectory) as? [String] { os_log("Home path found", log: noLoMechlog, type: .info) let fm = FileManager.default if let homePath = homePaths.first { if fm.fileExists(atPath: homePath) { os_log("Home is: %{public}@", log: noLoMechlog, type: .info, homePath) return true } else { return false } } } return false } /// Checks a local username and password to see if they are valid. /// /// - Parameters: /// - userName: The name of the user to search for as a `String`. /// - userPass: The password for the user being tested as a `String`. /// - Returns: `true` if the name and password combo are valid locally. `false` if the validation fails. /// - Throws: Either an `ODFrameworkErrors` or a `DSQueryableErrors` if there is an error. public class func isLocalPasswordValid(userName: String, userPass: String) -> PasswordVerificationResult { do { TCSLogWithMark("getting local record") let userRecord = try PasswordUtils.getLocalRecord(userName) // TCSLogWithMark("Checking if password is allowed") // try userRecord.passwordChangeAllowed(userPass) TCSLogWithMark("checking password") try userRecord.verifyPassword(userPass) TCSLogWithMark("checking password done, returning success") return .success } catch { let castError = error as NSError switch castError.code { case Int(kODErrorCredentialsInvalid.rawValue): TCSLogWithMark("Tested password for user account: \(userName) is not valid.") return .incorrectPassword case Int(kODErrorCredentialsAccountNotFound.rawValue): TCSLogWithMark("No local account for user: \(userName) is not valid.") return .accountDoesNotExist case Int(kODErrorCredentialsAccountLocked.rawValue): TCSLogWithMark("No Account for user: \(userName) is not locked.") return .accountLocked case Int(kODErrorCredentialsAccountTemporarilyLocked.rawValue): TCSLogWithMark("No local account for user: \(userName) is not valid. Local account temporarily locked. Please wait a bit and try again.") return .accountLocked case Int(kODErrorCredentialsAccountDisabled.rawValue): TCSLogWithMark("No local account for user: \(userName) is not valid. Local account disabled. Please wait a bit and try again.") return .accountLocked case Int(kODErrorCredentialsMethodNotSupported.rawValue): TCSLogWithMark("credential type not supported: \(userName).") return .other("credential type not supported") default: TCSLogWithMark("throw error:\(error.localizedDescription):\(castError.code)") return .accountDoesNotExist } } } func kerberosPrincipalFromCurrentLoggedInUser() -> String? { guard let user = try? PasswordUtils.getLocalRecord(getConsoleUser()), let kerbPrincArray = user.value(forKey: "dsAttrTypeNative:_xcreds_activedirectory_kerberosPrincipal") as? Array , let kerbPrinc = kerbPrincArray.first else { return nil } return kerbPrinc } public class func resolveName(_ name:String) throws -> String{ var record:ODRecord do{ record = try getLocalRecord(name) } catch { record = try getLocalRecord(fullName: name) } return record.recordName } public class func getLocalRecord(fullName: String) throws -> ODRecord { do { TCSLogWithMark("Building OD query for name \(fullName)") let query = try ODQuery.init(node: localNode, forRecordTypes: kODRecordTypeUsers, attribute: kODAttributeTypeFullName, matchType: ODMatchType(kODMatchEqualTo), queryValues: fullName, returnAttributes: kODAttributeTypeNativeOnly, maximumResults: 0) let records = try query.resultsAllowingPartial(false) as! [ODRecord] if records.count > 1 { TCSLogErrorWithMark("More than one local user found for name.") throw DSQueryableErrors.multipleUsersFound } guard let record = records.first else { TCSLogInfoWithMark("No local user found. Passing on demobilizing allow login.") throw DSQueryableErrors.notLocalUser } TCSLogWithMark("Found local user: \(record)") return record } catch { TCSLogErrorWithMark("ODError while trying to check for local user: \(error.localizedDescription)") throw error } } /// Searches DSLocal for an account short name and returns the `ODRecord` for the user if found. /// /// - Parameter shortName: The name of the user to search for as a `String`. /// - Returns: The `ODRecord` of the user if one is found in DSLocal. /// - Throws: Either an `ODFrameworkErrors` or a `DSQueryableErrors` if there is an error or the user is not local. public class func getLocalRecord(_ shortName: String) throws -> ODRecord { do { TCSLogWithMark("Building OD query for name \(shortName)") let query = try ODQuery.init(node: localNode, forRecordTypes: kODRecordTypeUsers, attribute: kODAttributeTypeRecordName, matchType: ODMatchType(kODMatchEqualTo), queryValues: shortName, returnAttributes: kODAttributeTypeNativeOnly, maximumResults: 0) let records = try query.resultsAllowingPartial(false) as! [ODRecord] if records.count > 1 { TCSLogErrorWithMark("More than one local user found for name.") throw DSQueryableErrors.multipleUsersFound } guard let record = records.first else { TCSLogInfoWithMark("No local user found. Passing on demobilizing allow login.") throw DSQueryableErrors.notLocalUser } TCSLogWithMark("Found local user: \(record)") return record } catch { TCSLogErrorWithMark("ODError while trying to check for local user: \(error.localizedDescription)") throw error } } /// Finds all local user records on the Mac. /// /// - Returns: A `Array` that contains the `ODRecord` for every account in DSLocal. /// - Throws: An error from `ODFrameworkErrors` if something fails. public class func getAllLocalUserRecords() throws -> [ODRecord] { do { let query = try ODQuery.init(node: localNode, forRecordTypes: kODRecordTypeUsers, attribute: kODAttributeTypeRecordName, matchType: ODMatchType(kODMatchEqualTo), queryValues: kODMatchAny, returnAttributes: kODAttributeTypeAllAttributes, maximumResults: 0) return try query.resultsAllowingPartial(false) as! [ODRecord] } catch { TCSLogWithMark("ODError while finding local users.") throw error } } /// Returns all the non-system users on a system above UID 500. /// /// - Returns: A `Array` that contains the `ODRecord` of all the non-system user accounts in DSLocal. /// - Throws: An error from `ODFrameworkErrors` if something fails. public func getAllNonSystemUsers() throws -> [ODRecord] { do { let allRecords = try PasswordUtils.getAllLocalUserRecords() let nonSystem = try allRecords.filter { (record) -> Bool in guard let uid = try record.values(forAttribute: kODAttributeTypeUniqueID) as? [String] else { return false } return Int(uid.first ?? "") ?? 0 > 500 && record.recordName.first != "_" } return nonSystem } catch { TCSLogWithMark("ODError while finding local users.") throw error } } } ================================================ FILE: XCreds/PrefKeys.swift ================================================ // // PrefKeys.swift // xCreds // // Created by Timothy Perfitt on 4/5/22. // import Foundation import OSLog enum PrefKeys: String { case clientID, clientSecret, ropgResponseValue, resource, password="xcreds local password",discoveryURL, redirectURI, scopes, accessToken, idToken, refreshToken, tokenEndpoint, expirationDate, invalidToken, refreshRateHours,refreshRateMinutes, showDebug, verifyPassword, shouldShowQuitMenu, shouldShowPreferencesOnStart, shouldSetGoogleAccessTypeToOffline, shouldSetGoogleHDParam,passwordChangeURL, shouldUseADNativePasswordChangeMenuItem, shouldShowAboutMenu, username, idpHostName, passwordElementID, shouldFindPasswordElement, shouldShowSupportStatus,shouldShowConfigureWifiButton,shouldShowMacLoginButton, loginWindowBackgroundImageURL, loginWindowSecondaryMonitorsBackgroundImageURL, loginWindowBackgroundImageAlpha, loginWindowSecondaryMonitorsBackgroundAlpha, shouldShowCloudLoginByDefault, shouldPreferLocalLoginInsteadOfCloudLogin, idpHostNames,autoRefreshLoginTimer, loginWindowWidth, loginWindowHeight, shouldShowRefreshBanner, shouldSwitchToLoginWindowWhenLocked,accounts = "Accounts", windowSignIn = "WindowSignIn", settingsOverrideScriptPath, localAdminUserName, localAdminPassword, usernamePlaceholder, passwordPlaceholder, shouldShowLocalOnlyCheckbox, shouldShowTokenUpdateStatus, shouldDetectNetworkToDetermineLoginWindow, showLoginWindowDelaySeconds, shouldPromptForMigration, shouldAllowKeyComboForMacLoginWindow, aliasName,claimsToAddToLocalUserAccount, loadPageTitle, loadPageInfo,shouldPromptForADPasswordChange, hideIfPathExists, allowedUsersArray, allowUsersClaim, mapKerberosPrincipalName, shouldUpdateKerberosUserPrincipalADDomain, mapFirstName = "map_firstname",mapFullName = "map_fullname", mapUserName = "map_username", mapLastName = "map_lastname",menuItemWindowBackgroundImageURL, menuItemWindowBackgroundImageAlpha, menuItems, shareMenuItemName, shouldShowSignInMenuItem, shouldLoginWindowBackgroundImageFillScreen, shouldLoginWindowSecondaryMonitorsBackgroundImageFillScreen,resetPasswordDialogTitle, systemInfoButtonTitle, shouldShowShutdownButton, shouldShowRestartButton, shouldShowSystemInfoButton, shouldShowMenuBarSignInWithoutLoginWindowSignin, refreshBannerText,adUserAttributesToAddToLocalUserAccount, mapUID = "map_uid", allowLoginIfMemberOfGroup, keyCodeForLoginWindowChange, mapPasswordExpiry = "map_password_expiry", menuItemIconData, menuItemIconCheckedData, mapFullUserName = "map_fullusername", ccidSlotName, shouldSuppressLocalPasswordPrompt,shouldUseKillWhenLoginWindowSwitching, upnSuffixToDomainMappings,shouldAllowLoginCardSetup,accountLockedPasswordDialogTitle,accountLockedPasswordDialogText, OIDCLastLoginTimestamp, lastOIDCLoginFailTimestamp,loginWindowLogoPath, shouldHideLoginWindowLogo, shouldRemoveMenuItemAutoLaunch,primaryGroupID, skipUserSetupBuddy, shouldSkipFileVaultLogin, shouldSkipFileVaultLoginAdmin case shouldUseROPGForPasswordChangeChecking case shouldUseLDAPForPasswordChangeChecking case shouldUseROPGForMenuLogin case shouldUseBasicAuthWithROPG case shouldUseROPGForLoginWindowLogin case shouldActivateSystemInfoButton case actionItemOnly = "ActionItemOnly" case systemInfoAdditionsArray case aDDomain = "ADDomain" case aDSite = "ADSite" case additionalADDomainList = "AdditionalADDomains" case aDDomainController = "ADDomainController" case allowEAPOL = "AllowEAPOL" case allUserInformation = "AllUserInformation" case autoAddAccounts = "AutoAddAccounts" case autoConfigure = "AutoConfigure" case autoRenewCert = "AutoRenewCert" case changePasswordCommand = "ChangePasswordCommand" case changePasswordType = "ChangePasswordType" case changePasswordOptions = "ChangePasswordOptions" case caribouTime = "CaribouTime" case cleanCerts = "CleanCerts" case configureChrome = "ConfigureChrome" case configureChromeDomain = "ConfigureChromeDomain" case customLDAPAttributes = "CustomLDAPAttributes" case customLDAPAttributesResults = "CustomLDAPAttributesResults" case deadLDAPKillTickets = "DeadLDAPKillTickets" // case displayName = "DisplayName" case dontMatchKerbPrefs = "DontMatchKerbPrefs" case dontShowWelcome = "DontShowWelcome" case dontShowWelcomeDefaultOn = "DontShowWelcomeDefaultOn" case exportableKey = "ExportableKey" case firstRunDone = "FirstRunDone" case getCertAutomatically = "GetCertificateAutomatically" case getHelpType = "GetHelpType" case getHelpOptions = "GetHelpOptions" case groups = "Groups" case hicFix = "HicFix" case hideAbout = "HideAbout" case hideAccounts = "HideAccounts" case hideExpiration = "HideExpiration" case hideExpirationMessage = "HideExpirationMessage" case hideCertificateNumber = "HideCertificateNumber" case hideHelp = "HideHelp" case hideGetSoftware = "HideGetSoftware" case hideLastUser = "HideLastUser" case hideLockScreen = "HideLockScreen" case hideRenew = "HideRenew" case hidePrefs = "HidePrefs" case hideSignIn = "HideSignIn" case hideTickets = "HideTickets" case hideQuit = "HideQuit" case hideSignOut = "HideSignOut" case homeAppendDomain = "HomeAppendDomain" case iconOff = "IconOff" case iconOffDark = "IconOffDark" case iconOn = "IconOn" case iconOnDark = "IconOnDark" case kerberosRealm = "KerberosRealm" case keychainItems = "KeychainItems" case keychainItemsInternet = "KeychainItemsInternet" case keychainItemsCreateSerial = "KeychainItemsCreateSerial" case keychainItemsDebug = "KeychainItemsDebug" case keychainMinderWindowTitle = "KeychainMinderWindowTitle" case keychainMinderWindowMessage = "KeychainMinderWindowMessage" case keychainMinderShowReset = "KeychainMinderShowReset" case keychainPasswordMatch = "KeychainPasswordMatch" case lastCertificateExpiration = "LastCertificateExpiration" case lightsOutIKnowWhatImDoing = "LightsOutIKnowWhatImDoing" case loginComamnd = "LoginComamnd" case loginItem = "LoginItem" case ldapAnonymous = "LDAPAnonymous" case lDAPSchema = "LDAPSchema" case lDAPServerList = "LDAPServerList" case lDAPServerListDeny = "LDAPServerListDeny" case lDAPoverSSL = "LDAPOverSSL" case lDAPOnly = "LDAPOnly" case lDAPType = "LDAPType" case localPasswordSync = "LocalPasswordSync" case localPasswordSyncDontSyncLocalUsers = "LocalPasswordSyncDontSyncLocalUsers" case localPasswordSyncDontSyncNetworkUsers = "LocalPasswordSyncDontSyncNetworkUsers" case localPasswordSyncOnMatchOnly = "LocalPasswordSyncOnMatchOnly" case lockedKeychainCheck = "LockedKeychainCheck" case lastUser = "LastUser" case lastPasswordWarning = "LastPasswordWarning" case lastPasswordExpireDate = "LastPasswordExpireDate" case loginLogo = "LoginLogo" case menuAbout = "MenuAbout" case menuAccounts = "MenuAccounts" case menuActions = "MenuActions" case menuChangePassword = "MenuChangePassword" case menuHomeDirectory = "MenuHomeDirectory" case menuGetCertificate = "MenuGetCertificate" case menuGetHelp = "MenuGetHelp" case menuGetSoftware = "MenuGetSoftware" case menuFileServers = "MenuFileServers" case menuPasswordExpires = "MenuPasswordExpires" case menuPreferences = "MenuPreferences" case menuRenewTickets = "MenuRenewTickets" case menuSignIn = "MenuSignIn" case menuSignOut = "MenuSignOut" case menuTickets = "MenuTickets" case menuUserName = "MenuUserName" case menuWelcome = "MenuWelcome" case menuQuit = "MenuQuit" case menuIconColor = "MenuIconColor" case menuIconColorDark = "MenuIconColorDark" case messageLocalSync = "MessageLocalSync" case messageNotConnected = "MessageNotConnected" case messageUPCAlert = "MessageUPCAlert" case messagePasswordChangePolicy = "MessagePasswordChangePolicy" case mountSharesWithFinder = "MountSharesWithFinder" case passwordExpirationDays = "PasswordExpirationDays" case passwordExpireAlertTime = "PasswordExpireAlertTime" case passwordExpireCustomAlert = "PasswordExpireCustomAlert" case passwordExpireCustomWarnTime = "PasswordExpireCustomWarnTime" case passwordExpireCustomAlertTime = "PasswordExpireCustomAlertTime" case passwordPolicy = "PasswordPolicy" case persistExpiration = "PersistExpiration" case profileDone = "ProfileDone" case profileWait = "ProfileWait" case recursiveGroupLookup = "RecursiveGroupLookup" case renewTickets = "RenewTickets" case showHome = "ShowHome" case secondsToRenew = "SecondsToRenew" case selfServicePath = "SelfServicePath" case shareReset = "ShareReset" // clean listing of shares between runs case signInCommand = "SignInCommand" case signInWindowAlert = "SignInWindowAlert" case signInWindowAlertTime = "SignInWindowAlertTime" case signInWindowOnLaunch = "SignInWindowOnLaunch" case signInWindowOnLaunchExclusions = "SignInWindowOnLaunchExclusions" case signedIn = "SignedIn" case signOutCommand = "SignOutCommand" case singleUserMode = "SingleUserMode" case siteIgnore = "SiteIgnore" case siteForce = "SiteForce" case slowMount = "SlowMount" case slowMountDelay = "SlowMountDelay" case stateChangeAction = "StateChangeAction" case switchKerberosUser = "SwitchKerberosUser" case template = "Template" case titleSignIn = "TitleSignIn" case uPCAlert = "UPCAlert" case uPCAlertAction = "UPCAlertAction" case userCN = "UserCN" case userGroups = "UserGroups" case userPrincipal = "UserPrincipal" case userHome = "UserHome" case userPasswordExpireDate = "UserPasswordExpireDate" case userCommandTask1 = "UserCommandTask1" case userCommandName1 = "UserCommandName1" case userCommandHotKey1 = "UserCommandHotKey1" case userPasswordSetDate = "UserPasswordSetDate" case useKeychain = "UseKeychain" case useKeychainPrompt = "UseKeychainPrompt" case userAging = "UserAging" case userAttributes = "UserAttributes" case userEmail = "UserEmail" case userFirstName = "UserFirstName" case userFullName = "UserFullName" case userLastName = "UserLastName" case userLastChecked = "UserLastChecked" case userShortName = "UserShortName" case userSwitch = "UserSwitch" case userUPN = "UserUPN" case verbose = "Verbose" case wifiNetworks = "WifiNetworks" case x509CA = "X509CA" case x509Name = "X509Name" } func getManagedPreference(key: Preferences) -> Any? { if let preference = DefaultsOverride.standardOverride.value(forKey: key.rawValue) { os_log("Found managed preference: %{public}@", type: .debug, key.rawValue) return preference } return nil } enum Preferences: String { /// The desired AD domain as a `String`. case ADDomain /// Allows appending of other domains at the loginwindow. Set as a `Bool` to allow any, or as an Array of Strings to whitelist case AdditionalADDomains /// list of domains to show in the domain pull down case AdditionalADDomainList /// add user's NT domain name as an alias to newly created accounts case AliasNTName /// add user's UPN as an alias to newly created accounts case AliasUPN /// Allow network select button on login window case AllowNetworkSelection /// Allow network text case AllowNetworkText /// A filesystem path to a background image as a `String`. case BackgroundImage /// An image to display as the background image as a Base64 encoded `String`. case BackgroundImageData /// The alpha value of the background image as an `Int`. case BackgroundImageAlpha /// Should new users be created as local administrators? Set as a `Bool`. case CreateAdminUser /// List of groups that should have its members created as local administrators. Set as an Array of Strings of the group name. case CreateAdminIfGroupMember /// Should existing mobile accounts be converted into plain local accounts? Set as a `Bool`. case CustomNoMADLocation /// If defined it specifies the custom location of the application to be given access to the keychain item. Set as a `String` /// case CustomLDAPAttributes case DemobilizeUsers /// Should we always have a password already set up before demobilizing case DemobilizeForcePasswordCheck /// Should we preserve the AltSecurityIdentities OD attribute during demobilization case DemobilizeSaveAltSecurityIdentities /// Dissallow local auth, and always do network authentication case DenyLocal /// Users to allow locally when DenyLocal is on case DenyLocalExcluded /// List of groups that should have it's members allowed to sign in. Set as an Array of Strings of the group name case DenyLoginUnlessGroupMember /// Defines which system inforation should be showed by default. Set as `String`. case DefaultSystemInformation /// Should FDE be enabled at first login on APFS disks? Set as a `Bool`. case EnableFDE /// Should the PRK be saved to disk for the MDM Escrow Service to collect? Set as a `Bool`. case EnableFDERecoveryKey // Specify a custom path for the recovery key case EnableFDERecoveryKeyPath // Should we rotate the PRK case EnableFDERekey /// Path for where the EULA acceptance info goes case EULAPath /// Text for EULA as a `String`. case EULAText /// Headline for EULA as a `String`. case EULATitle /// Subhead for EULA as a `String`. case EULASubTitle /// Allow for guest accounts case GuestUser /// the accounts to allow as an array of strings case GuestUserAccounts /// where to put the guest user password case GuestUserAccountPasswordPath /// First name for the guest user case GuestUserFirst /// Last name for the guest user case GuestUserLast /// Ignore sites in AD. This is a compatibility measure for AD installs that have issues with sites. Set as a `Bool`. case IgnoreSites /// Adds a NoMAD entry into the keychain. `Bool` value. case KeychainAddNoMAD /// Should NoLo create a Keychain if it doesn't exist. `Bool` value. case KeychainCreate /// Should NoLo reset the Keychain if the login pass doesn't match. `Bool` value. case KeychainReset /// Force LDAP lookups to use SSL connections. Requires certificate trust be established. Set as a `Bool`. case LDAPOverSSL /// Force specific LDAP servers instead of finding them via DNS case LDAPServers /// Fallback to local auth if the network is not available case LocalFallback /// A filesystem path to an image to display on the login screen as a `String`. case LoginLogo /// Alpha value for the login logo case LoginLogoAlpha /// A Base64 encoded string of an image to display on the login screen. case LoginLogoData /// Should NoLo display a macOS-style login screen instead of a window? Set as a `Bool`, case LoginScreen /// If the create User mech should manage the SecureTokens with a service account case ManageSecureTokens /// If Notify should add additional logging case NotifyLogStyle /// NT Domain to AD domain mappings case NTtoADDomainMappings /// should we migrate users? case Migrate /// should we hide users when we migrate? case MigrateUsersHide /// If the powercontrol options should be disabled in the SignIn UI case PowerControlDisabled /// should we recursively looku groups at login case RecursiveGroupLookup /// Path to script to run, currently only one script path can be used, if you want to run this multiple times, keep the logic in your script case ScriptPath /// Arguments for the script, if any case ScriptArgs /// Should NoMAD Login enable all users that login with with a secure token as a `Bool` case SecureTokenManagementEnableOnlyAdminUsers /// Path of the icon to be used for the Secure Token management user as `String` case SecureTokenManagementIconPath /// Should NoMAD Login only enable the first admin user that login with with a secure token as a `Bool` case SecureTokenManagementOnlyEnableFirstUser /// Full Name of the Secure Token Management user as a `String` case SecureTokenManagementFullName /// The UID to use for the Management Account as a `Int` or `String` case SecureTokenManagementUID /// The location to save and read the Secure Token management password as a `String` case SecureTokenManagementPasswordLocation /// Length fo the SecureToken Management User's password as an `Int` case SecureTokenManagementPasswordLength /// Username to use to for the securetoken management account as a `String` case SecureTokenManagementUsername /// Tool to use for UID numbers case UIDTool /// Use the CN from AD as the full name case UseCNForFullName /// A string to show as the placeholder in the Username textfield case UseCNForFullNameFallback /// Uses the CN as the fullname on the account when the givenName and sn fields are blank case UserProfileImage case NormalWindowLevel //UserInput bits case UserInputOutputPath case UserInputUI case UserInputLogo case UserInputTitle case UserInputMainText //Messages case MessagePasswordSync // what to show when the password needs to sync //Password update keys case PasswordOverwriteSilent // will silently update user password to new one case PasswordOverwriteOptional // allow the user to stomp on the password if interested } ================================================ FILE: XCreds/PreferencesWindow.xib ================================================ ================================================ FILE: XCreds/PreferencesWindowController.swift ================================================ // // PreferencesWindowController.swift // xCreds // // Created by Timothy Perfitt on 4/5/22. // import Foundation import Cocoa class PreferencesWindowController: NSWindowController { @IBOutlet weak var clearTokenButton: NSButton! @objc override var windowNibName: NSNib.Name { return NSNib.Name("PreferencesWindow") } @available(macOS, deprecated: 11) @IBAction func clearTokensClicked(_ sender: Any) { let keychainUtil = KeychainUtil() let _ = keychainUtil.findAndDelete(serviceName:"xcreds",accountName:PrefKeys.accessToken.rawValue) let _ = keychainUtil.findAndDelete(serviceName:"xcreds",accountName:PrefKeys.idToken.rawValue) let _ = keychainUtil.findAndDelete(serviceName:"xcreds",accountName:PrefKeys.refreshToken.rawValue) // sharedMainMenu.signedIn=false // sharedMainMenu.buildMenu() } } ================================================ FILE: XCreds/ScheduleManager.swift ================================================ // // ScheduleManager.swift // XCreds // // Created by Timothy Perfitt on 6/3/22. // import Cocoa import OIDCLite @available(macOS, deprecated: 11) class ScheduleManager:NoMADUserSessionDelegate { func invalidCredentials() { feedbackDelegate?.invalidCredentials() } func credentialsUpdated(_ credentials: Creds) { feedbackDelegate?.credentialsUpdated(credentials) } func tokenError(_ err: String) { TCSLogErrorWithMark("authFailure: \(err)") feedbackDelegate?.credentialsCheckFailed() XCredsAudit().auditError(err) // // NotificationCenter.default.post(name: Notification.Name("TCSTokensUpdated"), object: self, userInfo:[:]) // if DefaultsOverride.standardOverride.bool(forKey: PrefKeys.showDebug.rawValue) == true { // // NotifyManager.shared.sendMessage(message: "Password changed or not set") // } // DispatchQueue.main.async { // //// sharedMainMenu.signInMenuItem.showSigninWindow() // } } var session:NoMADSession? var feedbackDelegate:UpdateCredentialsFeedbackProtocol? // static let shared=ScheduleManager() var tokenManager=TokenManager() var nextADCheckTime = Date() var nextTokenCheckTime = Date() var timer:Timer? var kerberosPassword:String? enum CheckTimer { case ADTimer case TokenTimer } // var feedbackDelegate:TokenManagerFeedbackDelegate? func setNextCheckTime(timer:CheckTimer) { var rate = DefaultsOverride.standardOverride.double(forKey: PrefKeys.refreshRateHours.rawValue) var minutesRate = DefaultsOverride.standardOverride.double(forKey: PrefKeys.refreshRateMinutes.rawValue) if minutesRate < 0 { minutesRate=0 } else if minutesRate > 60 { minutesRate=60 } if rate < 0 { rate = 0 } else if rate > 168 { rate = 168 } if rate == 0 && minutesRate == 0 { rate=3 } switch timer { case .ADTimer: nextADCheckTime = Date(timeIntervalSinceNow: (rate*60+minutesRate)*60) case .TokenTimer: nextTokenCheckTime = Date(timeIntervalSinceNow: (rate*60+minutesRate)*60) } } func checkADPasswordExpire(password:String) { TCSLogWithMark() let adDomainFromPrefs = DefaultsOverride.standardOverride.string(forKey: PrefKeys.aDDomain.rawValue) var allDomainsFromPrefs = DefaultsOverride.standardOverride.array(forKey: PrefKeys.additionalADDomainList.rawValue) as? [String] ?? [] if let adDomainFromPrefs=adDomainFromPrefs { allDomainsFromPrefs.append(adDomainFromPrefs) } allDomainsFromPrefs = allDomainsFromPrefs.map { currVal in currVal.uppercased() } guard let user = try? PasswordUtils.getLocalRecord(getConsoleUser()), let kerbPrincArray = user.value(forKey: "dsAttrTypeNative:_xcreds_activedirectory_kerberosPrincipal") as? Array , var kerbPrinc = kerbPrincArray.first else { return } if kerbPrinc.contains("@") == false, let adDomainFromPrefs = adDomainFromPrefs { kerbPrinc = kerbPrinc + "@" + adDomainFromPrefs.stripped } if allDomainsFromPrefs.count>0, let shortName = kerbPrinc.components(separatedBy: "@").first, let specifiedDomain = kerbPrinc.components(separatedBy: "@").last, specifiedDomain.isEmpty==false, shortName.isEmpty==false, allDomainsFromPrefs.contains(specifiedDomain.uppercased())==true { session = NoMADSession.init(domain: specifiedDomain, user: shortName) TCSLogWithMark("NoMAD Login User: \(shortName), Domain: \(specifiedDomain)") guard let session = session else { TCSLogErrorWithMark("Could not create NoMADSession from SignIn window") return } session.useSSL = getManagedPreference(key: .LDAPOverSSL) as? Bool ?? false session.userPass = password session.delegate = self session.recursiveGroupLookup = getManagedPreference(key: .RecursiveGroupLookup) as? Bool ?? false if let ignoreSites = getManagedPreference(key: .IgnoreSites) as? Bool { session.siteIgnore = ignoreSites } if let ldapServers = getManagedPreference(key: .LDAPServers) as? [String] { TCSLogWithMark("Adding custom LDAP servers") session.ldapServers = ldapServers } TCSLogWithMark("Attempt to authenticate user") session.authenticate() } } func startCredentialCheck() { TCSLogWithMark() // NotificationCenter.default.post(name: NSNotification.Name("KerberosPasswordChanged"), object: ["updatedPassword":newPassword]) NotificationCenter.default.addObserver(forName: NSNotification.Name("KerberosPasswordChanged"), object: nil, queue: .main, using: { notification in if let newPassword = notification.object as? [String:String], let newPassword = newPassword["updatedPassword"] { TCSLogWithMark("new kerb password received:") self.kerberosPassword=newPassword } }) if let timer = timer, timer.isValid==true { return } nextADCheckTime=Date() nextTokenCheckTime=Date() timer=Timer.scheduledTimer(withTimeInterval: 30, repeats: true, block: { timer in //check every 30 seconds self.checkToken() }) self.checkToken() } func stopCredentialCheck() { if let timer = timer, timer.isValid==true { timer.invalidate() } } func checkKerberosTicket(){ let domainName = DefaultsOverride.standardOverride.string(forKey: PrefKeys.aDDomain.rawValue) if let _ = domainName, let kerberosPassword = kerberosPassword { TCSLogWithMark("checking for kerberos ticket") checkADPasswordExpire(password: kerberosPassword) } else { TCSLogWithMark("not checking for kerberos ticket") } } func checkToken() { TCSLogWithMark("checking token if needed") if nextADCheckTime>Date() && nextTokenCheckTime > Date() { TCSLogWithMark("Not time to check yet. AD Token will be checked at \(nextADCheckTime) and OIDC token will be checked at \(nextTokenCheckTime)") return } if nextADCheckTime lastOIDCLoginFailTimestampDate { TCSLogWithMark("Login success at login window so we can go ahead and try to authenticate.") isLoginInFailedState=false } } if isLoginInFailedState==true { TCSLogWithMark("***** Invalid credentials from prior attempts. Prompting user ******") feedbackDelegate?.invalidCredentials() return } Task{ if hasValidRefreshToken || DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldUseROPGForPasswordChangeChecking.rawValue) == true { do{ try await tokenManager.oidc().getEndpoints() TCSLogWithMark("requesting new access token") let tokenResponse = try await tokenManager.getNewAccessToken() TCSLogWithMark("success. Setting new token.") ud.removeObject(forKey: PrefKeys.lastOIDCLoginFailTimestamp.rawValue) feedbackDelegate?.credentialsUpdated(Creds(accessToken: tokenResponse?.accessToken, idToken: tokenResponse?.idToken, refreshToken: tokenResponse?.refreshToken, password:tokenResponse?.password, jsonDict: [:])) } catch let error { TCSLogWithMark("Error") switch error { case OIDCLiteError.authFailure(let mesg): TCSLogWithMark("invalid credentials: \(mesg)") TCSLogWithMark("Setting last failed login timestamp to now.") ud.setValue(ISO8601DateFormatter().string(from: Date()), forKey: PrefKeys.lastOIDCLoginFailTimestamp.rawValue) feedbackDelegate?.invalidCredentials() default: TCSLogWithMark("Delaying check for oidc tokens because endpoints are not available yet. Error: \(error)") nextTokenCheckTime=Date.distantPast } } } else if DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldUseLDAPForPasswordChangeChecking.rawValue) == true { let localCredFromKeychain = keychainUtil.findPassword(serviceName: PrefKeys.password.rawValue,accountName:PrefKeys.password.rawValue) guard let username = tokenManager.currOidcUsername(), let password = localCredFromKeychain?.password else { TCSLogWithMark("no oidc username or password found so punting on checking via LDAP") return } TCSLogWithMark("Checking password via Google LDAP") switch GoogleLDAP().verifyPasswordGoogleLDAP(username: username, password: password) { case .PasswordValid: TCSLogWithMark("Password Valid") feedbackDelegate?.credentialsUpdated(Creds(accessToken: nil, idToken: nil, refreshToken: nil, password:password, jsonDict: [:])) case .PasswordInvalid: TCSLogWithMark("invalid credentials via ldap") TCSLogWithMark("Setting last failed login timestamp to now.") ud.setValue(ISO8601DateFormatter().string(from: Date()), forKey: PrefKeys.lastOIDCLoginFailTimestamp.rawValue) feedbackDelegate?.invalidCredentials() case .OtherError: TCSLogWithMark("Delaying check for ldap didn't get success or failure.") nextTokenCheckTime=Date.distantPast } } } } } } func NoMADAuthenticationSucceeded() { TCSLogWithMark() if let userPrinc = session?.userPrincipal { TCTaskHelper.shared().runCommand("/usr/bin/kswitch", withOptions: ["-p", userPrinc]) // let _ = cliTask("/usr/bin/kswitch -p " + userPrinc) } feedbackDelegate?.kerberosTicketUpdated() session?.userInfo() } func NoMADAuthenticationFailed(error: NoMADSessionError, description: String) { TCSLogErrorWithMark("AuthenticationFailed:\(description)") switch error { case .OffDomain: nextADCheckTime=Date.distantPast default: break } feedbackDelegate?.kerberosTicketCheckFailed(error) } func NoMADUserInformation(user: ADUserRecord) { TCSLogWithMark("AD user password expires: \(user.passwordExpire?.description ?? "unknown")") let dateFormatter = DateFormatter() dateFormatter.locale = Locale.current dateFormatter.dateStyle = .medium dateFormatter.timeStyle = .short if let passExpired = user.passwordExpire { // let dateString = dateFormatter.string(from: passExpired) feedbackDelegate?.passwordExpiryUpdate(passExpired) feedbackDelegate?.adUserUpdated(user) } } } ================================================ FILE: XCreds/SecurityPrivateAPI.h ================================================ // // SecurityPrivateAPI.h // NoMAD // // Created by Phillip Boushy on 4/26/16. // Copyright © 2016 Trusource Labs. All rights reserved. // #ifndef SecurityPrivateAPI_h #define SecurityPrivateAPI_h // So we can use SecKeychainChangePassword() #import extern OSStatus SecKeychainChangePassword(SecKeychainRef keychainRef, UInt32 oldPasswordLength, const void* oldPassword, UInt32 newPasswordLength, const void* newPassword); OSStatus SecKeychainLogin(UInt32 nameLength, const void* name, UInt32 passwordLength, const void* password); #endif /* SecurityPrivateAPI_h */ ================================================ FILE: XCreds/SelectLocalAccountWindowController.swift ================================================ // // VerifyLocalCredentialsWindowController.swift // XCredsLoginPlugin // // Created by Timothy Perfitt on 11/25/23. // import Cocoa class SelectLocalAccountWindowController: NSWindowController, NSWindowDelegate { @IBOutlet weak private var usernameTextField: NSTextField! @IBOutlet weak private var passwordTextField: NSSecureTextField! @IBOutlet weak private var createNewAccountButton: NSButton! var username:String? var password:String? var shouldCreateNewAccount:Bool?=false var shouldShowCreateNewAccountButton:Bool?=true enum VerifyLocalCredentialsResult { case successful(String) case canceled case createNewAccount case error(String) } static func selectLocalAccountAndUpdate(newPassword:String) -> VerifyLocalCredentialsResult{ let verifyLocalCredentialsWindowController = SelectLocalAccountWindowController.init(windowNibName: NSNib.Name("SelectLocalAccountWindowController")) verifyLocalCredentialsWindowController.window?.canBecomeVisibleWithoutLogin=true verifyLocalCredentialsWindowController.window?.isMovable = false verifyLocalCredentialsWindowController.window?.level = NSWindow.Level(rawValue: NSWindow.Level.floating.rawValue) var isDone = false while (!isDone){ DispatchQueue.main.async{ TCSLogWithMark("resetting level") verifyLocalCredentialsWindowController.window?.level = NSWindow.Level(rawValue: NSWindow.Level.floating.rawValue) } let response = NSApp.runModal(for: verifyLocalCredentialsWindowController.window!) verifyLocalCredentialsWindowController.window?.close() if response == .cancel { isDone=true TCSLogWithMark("User cancelled. Denying login") // mechanism.denyLogin(message:nil) return .canceled } let localUsername = verifyLocalCredentialsWindowController.username let localPassword = verifyLocalCredentialsWindowController.password let shouldCreateNewAccount = verifyLocalCredentialsWindowController.shouldCreateNewAccount guard let localUsername = localUsername, let localPassword = localPassword, let shouldCreateNewAccount = shouldCreateNewAccount else { TCSLogWithMark("local username, password or shouldCreateNewAccount not set") // mechanism.denyLogin(message:nil) return .canceled } if shouldCreateNewAccount == false { let isValidPassword = PasswordUtils.isLocalPasswordValid(userName: localUsername, userPass: localPassword) switch isValidPassword { case .success: isDone = true let localUser = try? PasswordUtils.getLocalRecord(localUsername) guard let localUser = localUser else { isDone = true TCSLogErrorWithMark("localUser is not set") return .error("local user not set") } do { TCSLogWithMark("Changing password") if localPassword == newPassword { TCSLogWithMark("cloud password is already the local password.") return .successful(localUsername) } try localUser.changePassword(localPassword, toPassword: newPassword) TCSLogWithMark("local password set successfully to network / cloud password") return .successful(localUsername) } catch { TCSLogErrorWithMark("Error setting local password to cloud password") return .error("Error setting local password to cloud password") } case .accountLocked: TCSLogErrorWithMark("Account Locked") case .incorrectPassword: //don't return b/c we just loop and ask again TCSLogErrorWithMark("Incorrect Password") case .accountDoesNotExist: TCSLogErrorWithMark("Account \(localUsername) does not exist") case .other(let err): isDone = true TCSLogErrorWithMark("Other err: \(err)") return .error(err) } } else { isDone = true return .createNewAccount } } } override func windowDidLoad() { super.windowDidLoad() if let shouldShowCreateNewAccountButton = shouldShowCreateNewAccountButton{ createNewAccountButton.isHidden = !shouldShowCreateNewAccountButton } } func windowDidBecomeKey(_ notification: Notification) { if let shouldShowCreateNewAccountButton = shouldShowCreateNewAccountButton{ createNewAccountButton.isHidden = !shouldShowCreateNewAccountButton } } @IBAction func okButtonPressed(_ sender: Any) { if self.window?.isModalPanel==true { username = usernameTextField.stringValue password=passwordTextField.stringValue NSApp.stopModal(withCode: .OK) } } @IBAction func cancelButtonPressed(_ sender: Any) { if self.window?.isModalPanel==true { NSApp.stopModal(withCode: .cancel) } } @IBAction func createNewAccountButtonPressed(_ sender: Any) { shouldCreateNewAccount=true username = "" password = "" if self.window?.isModalPanel==true { NSApp.stopModal(withCode: .OK) } } } ================================================ FILE: XCreds/SelectLocalAccountWindowController.xib ================================================ NSAllRomanInputSourcesLocaleIdentifier ================================================ FILE: XCreds/StatusMenuController.swift ================================================ // // MainMenu.swift // xCreds // // Created by Timothy Perfitt on 4/5/22. // import Foundation import Cocoa @available(macOS, deprecated: 11) class StatusMenuController: NSObject, NSMenuItemValidation { enum StatusMenuItemType:Int { case AboutMenuItem=1 case OIDCUsername=2 case KerberosUsername=3 case NextADPasswordCheckMenuItem=4 case NextTokenPasswordCheckMenuItem=5 case ADCredentialStatusMenuItem=6 case CloudPasswordExpires=7 case ADPasswordExpires=8 case SignInMenuItem=9 case ChangePasswordMenuItem=10 case SharesMenuItem=11 case QuitMenuItem=12 case Additional=13 case SetupCardMenuItem=14 case OIDCCredentialStatusMenuItem=15 case FileVaultAutoLoginMenuItem=16 } enum MenuElements:String { case linkOrAppPath case menuItemName case separatorAfter case separatorBefore } struct StatusMenuItem { var name:String var path:String } var signedIn = false var aboutWindowController: AboutWindowController? var oidcUsername = "" var kerberosPrincipalName = "" @IBOutlet var signinMenuItem:NSMenuItem! @IBOutlet var changePasswordMenuItem:NSMenuItem! @IBOutlet var quitMenuItem:NSMenuItem! @IBOutlet var quitMenuItemSeparator:NSMenuItem! @IBOutlet var aboutMenuItem:NSMenuItem! @IBOutlet var aboutMenuItemSeparator:NSMenuItem! @IBOutlet var nextPasswordCheckMenuItem:NSMenuItem! @IBOutlet var credentialStatusMenuItem:NSMenuItem! @IBOutlet var statusMenu:NSMenu! @IBOutlet var sharesMenuItem:NSMenuItem! @IBOutlet weak var filevaultLoginEnabledMenuItem: NSMenuItem! override func awakeFromNib() { let currentUser = PasswordUtils.getCurrentConsoleUserRecord() if let userNames = try? currentUser?.values(forAttribute: "dsAttrTypeNative:_xcreds_oidc_username") as? [String], userNames.count>0, let username = userNames.first { oidcUsername = username } else if let oidcUsernamePrefs = UserDefaults.standard.string(forKey:"_xcreds_oidc_username" ) { oidcUsername = oidcUsernamePrefs } if let userNames = try? currentUser?.values(forAttribute: "dsAttrTypeNative:_xcreds_activedirectory_kerberosPrincipal") as? [String], userNames.count>0, let username = userNames.first { kerberosPrincipalName = username } if let menuItems = DefaultsOverride.standardOverride.value(forKey: PrefKeys.menuItems.rawValue) as? Array> { let insertPos = StatusMenuItemType.OIDCCredentialStatusMenuItem.rawValue+1 var index = 0 for item in menuItems { if let name = item[MenuElements.menuItemName.rawValue] as? String, let path = item[MenuElements.linkOrAppPath.rawValue] as? String, let separatorBefore = item[MenuElements.separatorBefore.rawValue] as? Bool, let separatorAfter = item[MenuElements.separatorAfter.rawValue] as? Bool { let menuItem = NSMenuItem(title: name, action:#selector(additionalMenuItemSelected(_:)) , keyEquivalent: "") menuItem.target=self menuItem.tag=StatusMenuItemType.Additional.rawValue menuItem.representedObject=StatusMenuItem(name: name, path: path) if separatorBefore == true { statusMenu.insertItem(NSMenuItem.separator(), at: insertPos+index) index+=1 } statusMenu.insertItem(menuItem, at:insertPos+index) index+=1 if separatorAfter == true { statusMenu.insertItem(NSMenuItem.separator(), at:insertPos+index) index+=1 } } } } } @objc func additionalMenuItemSelected(_ sender:NSMenuItem){ guard let menuItemInfo = sender.representedObject as? StatusMenuItem else { return } let pathString = menuItemInfo.path if pathString.hasPrefix("http") || pathString.hasPrefix("mailto"), let url = URL(string: pathString){ NSWorkspace.shared.open(url) } else { let fileUrl = URL(fileURLWithPath: pathString) NSWorkspace.shared.openApplication(at: fileUrl, configuration: NSWorkspace.OpenConfiguration()) } } func validateMenuItem(_ menuItem: NSMenuItem) -> Bool { var adSetup = false var oidcSetup = false if let adDomainFromPrefs = DefaultsOverride.standardOverride.string(forKey: PrefKeys.aDDomain.rawValue){ if adDomainFromPrefs.isEmpty==false, adDomainFromPrefs.count>0 { adSetup=true } } if let oidcDiscoveryFromPrefs = DefaultsOverride.standardOverride.string(forKey: PrefKeys.discoveryURL.rawValue){ if oidcDiscoveryFromPrefs.isEmpty==false, oidcDiscoveryFromPrefs.count>0 { oidcSetup=true } } let appDelegate = NSApp.delegate as? AppDelegate let mainController = appDelegate?.mainController let tag = menuItem.tag guard let menuType = StatusMenuItemType(rawValue: tag) else { return false } switch menuType { case .SetupCardMenuItem: return true case .AboutMenuItem: if DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldShowAboutMenu.rawValue) == false { aboutMenuItem.isHidden=true aboutMenuItemSeparator.isHidden=true return false } aboutMenuItem.isHidden=false aboutMenuItemSeparator.isHidden=false let infoPlist = Bundle.main.infoDictionary if let infoPlist = infoPlist, let build = infoPlist["CFBundleVersion"], let appVersion = infoPlist["CFBundleShortVersionString"]{ menuItem.title="About XCreds \(appVersion) (\(build))" } case .NextADPasswordCheckMenuItem: menuItem.isHidden=false if adSetup==false { menuItem.isHidden=true return false } if let nextADPassCheck = mainController?.nextPasswordADCheck { menuItem.title="Next AD Check: \(nextADPassCheck)" } return false case .NextTokenPasswordCheckMenuItem: menuItem.isHidden=false if oidcSetup==false { menuItem.isHidden=true return false } if let nextTokenPassCheck = mainController?.nextPasswordTokenCheck { menuItem.title="Next OIDC Check: \(nextTokenPassCheck)" } return false case .ADCredentialStatusMenuItem: menuItem.isHidden=false if adSetup==false { menuItem.isHidden=true return false } if let status = mainController?.kerberosCredentialStatus { menuItem.title="Active Directory Credentials Status: \(status)" } return false case .FileVaultAutoLoginMenuItem: menuItem.isHidden=true if mainController?.shouldShowFilevaultBypassMenuItem==true{ menuItem.isHidden=false menuItem.title=mainController?.fileVaultMenuItemText ?? "" // menuItem.isEnabled=false return false } break case .OIDCCredentialStatusMenuItem: menuItem.isHidden=false if oidcSetup==false { menuItem.isHidden=true return false } if let status = mainController?.tokenCredentialStatus { menuItem.title="Credentials Status: \(status)" } return false case .SignInMenuItem: print("SignInMenuItem") if DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldShowSignInMenuItem.rawValue) == false { signinMenuItem.isHidden=true return false } signinMenuItem.isHidden=false case .ChangePasswordMenuItem: print("ChangePasswordMenuItem") if let passwordChangeURLString = DefaultsOverride.standardOverride.value(forKey: PrefKeys.passwordChangeURL.rawValue) as? String, passwordChangeURLString.count>0 { menuItem.isHidden=false return true } else if DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldUseADNativePasswordChangeMenuItem.rawValue) == true { menuItem.isHidden=false return true } else { menuItem.isHidden=true return false } case .QuitMenuItem: if DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldShowQuitMenu.rawValue)==false{ quitMenuItem.isHidden=true quitMenuItemSeparator.isHidden=true } else { quitMenuItem.isHidden=false quitMenuItemSeparator.isHidden=false } case .CloudPasswordExpires: menuItem.isHidden=false if oidcSetup==false { menuItem.isHidden=true return false } if let passwordExpires = mainController?.cloudPasswordExpires { menuItem.isHidden=false menuItem.title="OIDC Password Expires: \(passwordExpires)" } else { menuItem.isHidden=true } return false case .ADPasswordExpires: menuItem.isHidden=false if adSetup==false { menuItem.isHidden=true return false } if let passwordExpires = mainController?.adPasswordExpires, DefaultsOverride.standardOverride.bool(forKey: PrefKeys.hideExpiration.rawValue)==false { TCSLogWithMark("Unhiding password expires") menuItem.isHidden=false menuItem.title="AD Password Expires: \(passwordExpires)" } else { TCSLogWithMark("hiding password expires") menuItem.isHidden=true } return false case .SharesMenuItem: menuItem.isHidden=false if adSetup==false { menuItem.isHidden=true return false } if let shareMenuItemTitle = DefaultsOverride.standardOverride.value(forKey: PrefKeys.shareMenuItemName.rawValue) as? String { menuItem.title = shareMenuItemTitle } return true case .Additional: return true case .OIDCUsername: menuItem.isHidden=false if oidcSetup==false { menuItem.isHidden=true return false } var userName = "None" if oidcUsername.isEmpty == false { menuItem.isHidden=false userName = oidcUsername menuItem.title = "OIDC Username: \(userName) " } else { menuItem.isHidden=true } return false case .KerberosUsername: menuItem.isHidden=false if adSetup==false { menuItem.isHidden=true return false } var userName = "None" if kerberosPrincipalName.isEmpty == false { menuItem.isHidden=false userName = kerberosPrincipalName menuItem.title = "Active Directory Username: \(userName) " } else { menuItem.isHidden=true } //grayed out return false } return true } @IBAction func aboutMenuItemSelected(_ sender:Any?){ if aboutWindowController == nil { aboutWindowController = AboutWindowController() } aboutWindowController?.window!.forceToFrontAndFocus(nil) NSApp.activate(ignoringOtherApps: true) } @IBAction func changePasswordMenuItemSelected(_ sender:Any?) { if DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldUseADNativePasswordChangeMenuItem.rawValue)==true { let appDelegate = NSApp.delegate as? AppDelegate if let mainController = appDelegate?.mainController, let signInViewController = mainController.signInViewController{ do { try signInViewController.showResetUI() TCSLogWithMark("reset password") } catch SignInViewController.SignInViewControllerResetPasswordError.cancelled { TCSLogWithMark("user cancelled") } catch { NSAlert.showAlert(title: "Error resetting password", message: "There was an error resetting your password. \(error)") } } } else if let passwordChangeURLString = DefaultsOverride.standardOverride.value(forKey: PrefKeys.passwordChangeURL.rawValue) as? String, passwordChangeURLString.count>0 { if let url = URL(string: passwordChangeURLString) { NSWorkspace.shared.open(url) } } } @IBAction func quitMenuItemSelected(_ sender:Any?) { NSApp.terminate(self) } @IBAction func fileVaultAutoLoginEnabledMenuItemSelected(_ sender:Any?) { } @IBAction func nextPasswordCheckTimeMenuItemSelected(_ sender:Any?) { } @IBAction func credentialStatusMenuItemSelected(_ sender:Any?) { } @IBAction func signInMenuItemSelected(_ sender:Any?) { let appDelegate = NSApp.delegate as? AppDelegate let mainController = appDelegate?.mainController mainController?.showSignInWindow(force: true) } } ================================================ FILE: XCreds/TCSLoginWindowUtilities.h ================================================ // // TCSLoginWindowUtilities.h // XCreds // // Created by Timothy Perfitt on 5/11/23. // #import NS_ASSUME_NONNULL_BEGIN @interface TCSLoginWindowUtilities : NSObject -(void)switchToLoginWindow:(id)sender; @end NS_ASSUME_NONNULL_END ================================================ FILE: XCreds/TCSLoginWindowUtilities.m ================================================ // // TCSLoginWindowUtilities.m // XCreds // // Created by Timothy Perfitt on 5/11/23. // #import #import "TCSLoginWindowUtilities.h" @protocol LFSessionAgentListenerInterface - (void)SACLOFinishDelayedLogout:(NSDictionary *)arg1 reply:(void (^)(int))arg2; - (void)SACLORegisterLogoutStatusCallacks:(NSDictionary *)arg1 reply:(void (^)(int))arg2; - (void)SACLOStartLogoutWithOptions:(int)arg1 subType:(int)arg2 showConfirmation:(BOOL)arg3 countDownTime:(int)arg4 talOptions:(int)arg5 logoutOptions:(NSDictionary *)arg6 reply:(void (^)(int))arg7; - (void)SACLOStartLogout:(int)arg1 subType:(int)arg2 showConfirmation:(BOOL)arg3 talOptions:(int)arg4 reply:(void (^)(int))arg5; - (void)SACLogoutComplete:(NSDictionary *)arg1 reply:(void (^)(int))arg2; - (void)SACNewSessionSignalReady:(void (^)(int))arg1; - (void)SACStartSessionForUser:(unsigned int)arg1 reply:(void (^)(int))arg2; - (void)SACStopSessionForLoginWindow:(void (^)(int))arg1; - (void)SACStartSessionForLoginWindow:(void (^)(int))arg1; - (void)SACSaveSetupUserScreenShots:(void (^)(int))arg1; - (void)SACMiniBuddySignalFinishedStage1WithOptions:(NSDictionary *)arg1 reply:(void (^)(int))arg2; - (void)SACMiniBuddyCopyUpgradeDictionary:(void (^)(int, NSDictionary *))arg1; - (void)SACSetFinalSnapshot:(BOOL)arg1 reply:(void (^)(int))arg2; - (void)SACStopProgressIndicator:(void (^)(int))arg1; - (void)SACStartProgressIndicator:(NSDictionary *)arg1 reply:(void (^)(int))arg2; - (void)SACBeginLoginTransition:(NSDictionary *)arg1 reply:(void (^)(int))arg2; - (void)SACSwitchToLoginWindow:(void (^)(int))arg1; - (void)SACSwitchToUser:(NSDictionary *)arg1 reply:(void (^)(int))arg2; - (void)SACSetKeyboardType:(int)arg1 productID:(int)arg2 vendorID:(int)arg3 countryCode:(int)arg4 reply:(void (^)(int))arg5; - (void)SACSetAutologinPassword:(NSString *)arg1 reply:(void (^)(int))arg2; - (void)SACSetAppleIDForUser:(NSString *)arg1 verified:(BOOL)arg2 reply:(void (^)(int))arg3; - (void)SACUpdateAppleIDUserLogin:(NSString *)arg1 reply:(void (^)(int))arg2; - (void)SACRestartForUser:(NSString *)arg1 reply:(void (^)(int))arg2; - (void)SACScreenSaverDidFadeInBackground:(BOOL)arg1 psnHi:(unsigned int)arg2 psnLow:(unsigned int)arg3 reply:(void (^)(int))arg4; - (void)SACScreenSaverIsRunningInBackground:(void (^)(int, BOOL))arg1; - (void)SACScreenSaverTimeRemaining:(void (^)(int, double))arg1; - (void)SACScreenSaverStopNowWithOptions:(NSDictionary *)arg1 reply:(void (^)(int))arg2; - (void)SACScreenSaverStopNow:(void (^)(int))arg1; - (void)SACScreenSaverStartNow:(void (^)(int))arg1; - (void)SACSetScreenSaverCanRun:(BOOL)arg1 reply:(void (^)(int))arg2; - (void)SACScreenSaverCanRun:(void (^)(int, BOOL))arg1; - (void)SACScreenSaverIsRunning:(void (^)(int, BOOL))arg1; - (void)SACShieldWindowShowing:(void (^)(int, BOOL))arg1; - (void)SACScreenLockEnabled:(void (^)(int, BOOL))arg1; - (void)SACLockScreenImmediate:(void (^)(int))arg1; - (void)SACScreenLockPreferencesChanged:(void (^)(int))arg1; - (void)SACFaceTimeCallRingStop:(void (^)(int))arg1; - (void)SACFaceTimeCallRingStart:(void (^)(int))arg1; @end @protocol LFLogindListenerLookupInterface - (void)SMMoveSessionToConsoleTemporaryBridge:(NSDictionary *)arg1 reply:(void (^)(int))arg2; - (void)SMReleaseSessionTemporaryBridge:(NSDictionary *)arg1 reply:(void (^)(int))arg2; - (void)SMCreateSessionTemporaryBridge:(NSDictionary *)arg1 reply:(void (^)(int, unsigned int))arg2; - (void)SMGetSessionAgentConnection:(void (^)(int, NSXPCListenerEndpoint *))arg1; @end static NSString* XPCHelperMachServiceName = @"com.apple.logind"; @implementation TCSLoginWindowUtilities -(void)switchToLoginWindow:(id)sender{ NSString* service_name = XPCHelperMachServiceName; NSXPCConnection* connection = [[NSXPCConnection alloc] initWithMachServiceName:service_name options:0x1000]; NSXPCInterface* interface = [NSXPCInterface interfaceWithProtocol:@protocol(LFLogindListenerLookupInterface)]; [connection setRemoteObjectInterface:interface]; [connection resume]; id obj = [connection remoteObjectProxyWithErrorHandler:^(NSError* error) { NSLog(@"[-] Something went wrong"); NSLog(@"[-] Error: %@", error); }]; NSLog(@"obj: %@", obj); NSLog(@"conn: %@", connection); [obj SMGetSessionAgentConnection:^(int b, NSXPCListenerEndpoint * endpoint){ NSLog(@"SMGetSessionAgentConnection Response: %d", b); NSXPCConnection* SAConnection = [[NSXPCConnection alloc] initWithListenerEndpoint:endpoint]; [SAConnection setRemoteObjectInterface:[NSXPCInterface interfaceWithProtocol:@protocol(LFSessionAgentListenerInterface)]]; [SAConnection resume]; id login_window = [SAConnection remoteObjectProxy]; [login_window SACSwitchToLoginWindow:^(int val) { }]; }]; [NSThread sleepForTimeInterval:10.0f]; NSLog(@"Done"); } @end ================================================ FILE: XCreds/TokenManager.swift ================================================ // // TokenManager.swift // xCreds // // Created by Timothy Perfitt on 4/5/22. // import Foundation import OIDCLite struct IDToken:Decodable { let iss,sub:String let aud:StringOrArray let iat, exp:Int let email:String? let unique_name, given_name,family_name,name:String? enum CodingKeys: String, CodingKey { case iss,sub,aud,name,given_name,family_name,email,iat,exp, unique_name } } enum StringOrArray:Decodable{ case string(String) case array([String]) init(from decoder: Decoder) throws { let container = try decoder.singleValueContainer() if let x = try? container.decode(String.self) { self = .string(x) return } if let x = try? container.decode([String].self) { self = .array(x) return } throw DecodingError.typeMismatch(StringOrArray.self, DecodingError.Context(codingPath: decoder.codingPath, debugDescription: "Wrong type for Names")) } } protocol TokenManagerFeedbackDelegate { func tokenError(_ err:String) func credentialsUpdated(_ credentials:Creds) func invalidCredentials() } @available(macOS, deprecated: 11) class TokenManager:DSQueryable { struct UserAccountInfo { var fullName:String? var firstName:String? var lastName:String? var username:String? var fullUsername:String? var groups:Array? var alias:String? var kerberosPrincipalName:String? var uid:String? } enum ParseHintsResult:Error { case error(String) } enum ProcessTokenResult:Error { case error(String) case invalidCredentials } enum CalculateUserAccountInfoResult { case success(UserAccountInfo) case error(String) } var feedbackDelegate:TokenManagerFeedbackDelegate? let defaults = DefaultsOverride.standard private var oidcLocal:OIDCLite? func oidc() async throws -> OIDCLite { var scopes: [String]? var additionalParameters:[String:String] = [:] if let oidcPrivate = oidcLocal { try await oidcPrivate.getEndpoints() return oidcPrivate } let clientSecret = DefaultsOverride.standardOverride.string(forKey: PrefKeys.clientSecret.rawValue) let clientID = DefaultsOverride.standardOverride.string(forKey: PrefKeys.clientID.rawValue) let resource = DefaultsOverride.standardOverride.string(forKey: PrefKeys.resource.rawValue) if let scopesRaw = DefaultsOverride.standardOverride.string(forKey: PrefKeys.scopes.rawValue) { scopes = scopesRaw.components(separatedBy: " ") } // if DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldSetGoogleAccessTypeToOffline.rawValue) == true { additionalParameters["access_type"]="offline" } if DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldSetGoogleHDParam.rawValue) == true, let oidcUsernamePrefs = UserDefaults.standard.string(forKey:"_xcreds_oidc_username" ) { additionalParameters = ["hd":oidcUsernamePrefs] } let oidcLite = OIDCLite(discoveryURL: DefaultsOverride.standardOverride.string(forKey: PrefKeys.discoveryURL.rawValue) ?? "NONE", clientID: clientID ?? "NONE", clientSecret: clientSecret, redirectURI: DefaultsOverride.standardOverride.string(forKey: PrefKeys.redirectURI.rawValue), scopes: scopes, additionalParameters:additionalParameters.count==0 ? nil:additionalParameters, resource: resource) try await oidcLite.getEndpoints() oidcLocal = oidcLite return oidcLite } static func saveTokensToKeychain(creds:Creds, keychainPassword:String) -> Bool { let keychainUtil = KeychainUtil() if let password = creds.password, password.count>0{ TCSLogWithMark("Saving cloud password") TCSLogWithMark() if keychainUtil.updatePassword(serviceName: PrefKeys.password.rawValue,accountName:PrefKeys.password.rawValue, pass: password, keychainPassword:keychainPassword) == false { TCSLogErrorWithMark("Error Updating password") return false } } if let accessToken = creds.accessToken, accessToken.count>0{ TCSLogWithMark("Saving Access Token") if keychainUtil.updatePassword(serviceName: "xcreds ".appending(PrefKeys.accessToken.rawValue),accountName:PrefKeys.accessToken.rawValue, pass: accessToken, keychainPassword:keychainPassword) == false { TCSLogErrorWithMark("Error Updating Access Token") return false } } if let idToken = creds.idToken, idToken.count>0{ TCSLogWithMark("Saving idToken Token") if keychainUtil.updatePassword(serviceName: "xcreds ".appending(PrefKeys.idToken.rawValue),accountName:PrefKeys.idToken.rawValue, pass: idToken, keychainPassword:keychainPassword) == false { TCSLogErrorWithMark("Error Updating idToken Token") return false } } if let refreshToken = creds.refreshToken, refreshToken.count>0 { TCSLogWithMark("Saving refresh Token") if keychainUtil.updatePassword(serviceName: "xcreds ".appending(PrefKeys.refreshToken.rawValue),accountName:PrefKeys.refreshToken.rawValue, pass: refreshToken, keychainPassword:keychainPassword) == false { TCSLogErrorWithMark("Error Updating refreshToken Token") return false } } return true } func tokenEndpoint() async throws -> String? { let prefTokenEndpoint = DefaultsOverride.standardOverride.string(forKey: PrefKeys.tokenEndpoint.rawValue) if prefTokenEndpoint != nil { return prefTokenEndpoint } if let tokenEndpoint = try await oidc().OIDCTokenEndpoint { return tokenEndpoint } return nil } func getNewAccessToken() { Task{ do { //just care if we throw let _ = try await getNewAccessToken() } catch let error as OIDCLiteError { switch error { case .unableToFindCode: break case .unableToLoadEndpoint: break case .unableToParseEndpoint: break case .tokenError(_): break case .authFailure(_): break } } } } func getNewAccessToken() async throws -> Creds? { TCSLogWithMark() let keychainUtil = KeychainUtil() TCSLogWithMark() let clientID = defaults.string(forKey: PrefKeys.clientID.rawValue) let localCredFromKeychain = keychainUtil.findPassword(serviceName: PrefKeys.password.rawValue,accountName:PrefKeys.password.rawValue) TCSLogWithMark() //ropg if let localCredFromKeychain = localCredFromKeychain, DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldUseROPGForPasswordChangeChecking.rawValue) == true{ TCSLogWithMark("Checking credentials using ROPG") guard let oidcUsername = currOidcUsername() else { throw ProcessTokenResult.error("no username for oidc config") } let shouldUseBasicAuthWithROPG = DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldUseBasicAuthWithROPG.rawValue) var overrrideErrorArray = [String]() let ropgResponseValue = DefaultsOverride.standardOverride.string(forKey: PrefKeys.ropgResponseValue.rawValue) if let ropgResponseValue = ropgResponseValue { overrrideErrorArray.append(ropgResponseValue) TCSLogWithMark("ropgResponseValue: \(ropgResponseValue)") } else if let ropgResponseValueArray = DefaultsOverride.standardOverride.array(forKey: PrefKeys.ropgResponseValue.rawValue) as? [String] { overrrideErrorArray.append(contentsOf: ropgResponseValueArray) } let tokenResponse = try await oidc().requestTokenWithROPG(username: oidcUsername, password: localCredFromKeychain.password, basicAuth: shouldUseBasicAuthWithROPG, overrideErrors: overrrideErrorArray) TCSLogWithMark("ROPG successful. Returning credentials for tokenInfo") if let tokenResponse = tokenResponse { return Creds(password: localCredFromKeychain.password, tokens:tokenResponse ) } return nil } //use the refresh token else if let refreshTokenFromKeychain = keychainUtil.findPassword(serviceName: "xcreds ".appending(PrefKeys.refreshToken.rawValue),accountName:PrefKeys.refreshToken.rawValue){ let refreshToken = refreshTokenFromKeychain.password TCSLogWithMark("Using refresh token") let tokenInfo = try await oidc().refreshTokens(refreshToken) TCSLogWithMark("Got tokens") return Creds(password: localCredFromKeychain?.password, tokens: tokenInfo) } // nothing. let delegate know else if DefaultsOverride.standardOverride.value(forKey: PrefKeys.discoveryURL.rawValue) == nil { throw ProcessTokenResult.error("no discovery URL defined") } else { TCSLogWithMark("clientID or refreshToken blank, or not foud it keychain. clientid: \(clientID ?? "empty")") throw ProcessTokenResult.error("no refresh token") } } func currOidcUsername() -> String?{ let currentUser = PasswordUtils.getCurrentConsoleUserRecord() if let userNames = try? currentUser?.values(forAttribute: "dsAttrTypeNative:_xcreds_oidc_full_username") as? [String], userNames.count>0, let username = userNames.first { return username } else if let oidcUsernamePrefs = UserDefaults.standard.string(forKey:"_xcreds_oidc_full_username" ), oidcUsernamePrefs.isEmpty == false { return oidcUsernamePrefs } return nil } func idTokenData(jwtString:String) throws -> Data { let array = jwtString.components(separatedBy: ".") if array.count != 3 { TCSLogErrorWithMark("idToken is invalid") throw ProcessTokenResult.error("The identity token is incorrect length.") // mechanismDelegate.denyLogin(message:"The identity token is incorrect length.") } let body = array[1] TCSLogWithMark("base64 encoded IDToken: \(body)"); guard let data = base64UrlDecode(value:body ) else { TCSLogErrorWithMark("error decoding id token base64") throw ProcessTokenResult.error("The identity token could not be decoded from base64.") } return data } func tokenInfo(fromCredentials credentials:Creds) throws -> Dictionary? { //if we have tokens, that means that authentication was successful. guard let idToken = credentials.idToken else { TCSLogErrorWithMark("invalid idToken") throw ProcessTokenResult.error("invalid idToken") } let data = try idTokenData(jwtString: idToken) if let decodedTokenString = String(data: data, encoding: .utf8) { TCSLogWithMark("IDToken:\(decodedTokenString)") } let decoder = JSONDecoder() var idTokenObject:IDToken do { idTokenObject = try decoder.decode(IDToken.self, from: data) } catch { TCSLogErrorWithMark("error decoding idtoken::") TCSLogErrorWithMark("Token:\(data)") throw ProcessTokenResult.error("The identity token could not be decoded from json") } let idTokenInfo = jwtDecode(value: idToken) //dictionary for mapping guard var idTokenInfo = idTokenInfo else { throw ProcessTokenResult.error("No idTokenInfo found") // mechanismDelegate.denyLogin(message:"No idTokenInfo found.") // return } idTokenInfo["idToken"]=idTokenObject return idTokenInfo } func findUserAndUpdatePassword(idTokenInfo:Dictionary,newPassword:String) -> SelectLocalAccountWindowController.VerifyLocalCredentialsResult?{ TCSLogWithMark() guard let subValue = idTokenInfo["sub"] as? String, let issuerValue = idTokenInfo["iss"] as? String else { TCSLogWithMark("no sub or iss") return nil } TCSLogWithMark("getting users") let nonSystemUsers = try? getAllNonSystemUsers() let existingUser = try? getUserRecord(sub: subValue, iss: issuerValue) let shouldPromptForMigration = DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldPromptForMigration.rawValue) if shouldPromptForMigration == false { TCSLogWithMark("not prompting for migration") } if let existingUser = existingUser, let odUsername = existingUser.recordName { TCSLogWithMark("prior local user found. using.") return .successful(odUsername) } else if let nonSystemUsers = nonSystemUsers, nonSystemUsers.count>0, shouldPromptForMigration == true { TCSLogWithMark("Preference set to prompt for migration and there are existing users, so prompting") return SelectLocalAccountWindowController.selectLocalAccountAndUpdate(newPassword: newPassword) } return .createNewAccount } func setupUserAccountInfo(idTokenInfo:Dictionary) -> CalculateUserAccountInfoResult { TCSLogWithMark() var userAccountInfo = UserAccountInfo() guard let idTokenObject = idTokenInfo["idToken"] as? IDToken else { return .error("invalid token object") } let defaultsUsername = DefaultsOverride.standardOverride.string(forKey: PrefKeys.username.rawValue) // username static map if let defaultsUsername = defaultsUsername, defaultsUsername.count>0 { userAccountInfo.username = defaultsUsername } else if let mapKey = DefaultsOverride.standardOverride.object(forKey: PrefKeys.mapUserName.rawValue) as? String, mapKey.count>0, let mapValue = idTokenInfo[mapKey] as? String, let leftSide = mapValue.components(separatedBy: "@").first, leftSide.count>0{ TCSLogWithMark() userAccountInfo.username = leftSide.replacingOccurrences(of: " ", with: "_").stripped TCSLogWithMark("mapped username found: \(mapValue) clean version:\(userAccountInfo.username ?? "nil")") } else { TCSLogWithMark() var emailString:String if let email = idTokenObject.email, email.count>0 { emailString=email.lowercased() } else if let uniqueName=idTokenObject.unique_name, uniqueName.count>0 { emailString=uniqueName } else { TCSLogWithMark("no username found. Using sub.") emailString=idTokenObject.sub } guard let tUsername = emailString.components(separatedBy: "@").first?.lowercased() else { TCSLogErrorWithMark("email address invalid") return .error("The email address from the identity token is invalid") } TCSLogWithMark("username found: \(tUsername)") userAccountInfo.username = tUsername } if let mapKey = DefaultsOverride.standardOverride.object(forKey: PrefKeys.mapFullUserName.rawValue) as? String, mapKey.count>0, let mapValue = idTokenInfo[mapKey] as? String { TCSLogWithMark("setting fullUsername to \(mapValue)") userAccountInfo.fullUsername = mapValue } else if let email = idTokenObject.email { TCSLogWithMark() userAccountInfo.fullUsername = email.lowercased() } else if let mapValue = idTokenInfo["upn"] as? String { TCSLogWithMark() userAccountInfo.fullUsername = mapValue } //kerberos principal name //mapKerberosPrincipalName if let mapKey = DefaultsOverride.standardOverride.object(forKey: PrefKeys.mapKerberosPrincipalName.rawValue) as? String, mapKey.count>0, let mapValue = idTokenInfo[mapKey] as? String { //we have a mapping so use that. TCSLogWithMark("mapKerberosPrincipalName name mapped to: \(mapKey)") userAccountInfo.kerberosPrincipalName = mapValue } if DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldUpdateKerberosUserPrincipalADDomain.rawValue) == true, let adDomain = DefaultsOverride.standardOverride.string(forKey: PrefKeys.aDDomain.rawValue) { if userAccountInfo.kerberosPrincipalName?.uppercased().hasSuffix(adDomain.uppercased())==false{ TCSLogWithMark("kerberosPrincipalName name does not end with \(adDomain). Updating...") let principalNameWithoutDomain = userAccountInfo.kerberosPrincipalName?.split(separator: "@").first ?? "" userAccountInfo.kerberosPrincipalName = principalNameWithoutDomain + "@" + adDomain TCSLogWithMark("kerberosPrincipalName name is now \(userAccountInfo.kerberosPrincipalName ?? "")") } } //full name TCSLogWithMark("checking map_fullname") if let mapKey = DefaultsOverride.standardOverride.object(forKey: PrefKeys.mapFullName.rawValue) as? String, mapKey.count>0, let mapValue = idTokenInfo[mapKey] as? String { //we have a mapping so use that. TCSLogWithMark("full name mapped to: \(mapKey)") userAccountInfo.fullName = mapValue } else if let firstName = idTokenObject.given_name, let lastName = idTokenObject.family_name { TCSLogWithMark("firstName: \(firstName)") TCSLogWithMark("lastName: \(lastName)") userAccountInfo.fullName = "\(firstName) \(lastName)" } //first name if let mapKey = DefaultsOverride.standardOverride.object(forKey: PrefKeys.mapFirstName.rawValue) as? String, mapKey.count>0, let mapValue = idTokenInfo[mapKey] as? String { //we have a mapping for username, so use that. TCSLogWithMark("first name mapped to: \(mapKey)") userAccountInfo.firstName = mapValue } else if let given_name = idTokenObject.given_name { TCSLogWithMark("firstName from token: \(given_name)") userAccountInfo.firstName = given_name } //last name TCSLogWithMark("checking map_lastname") if let mapKey = DefaultsOverride.standardOverride.object(forKey: PrefKeys.mapLastName.rawValue) as? String, mapKey.count>0, let mapValue = idTokenInfo[mapKey] as? String { //we have a mapping for lastName, so use that. TCSLogWithMark("last name mapped to: \(mapKey)") userAccountInfo.lastName = mapValue } else if let familyName = idTokenObject.family_name { TCSLogWithMark("lastName from token: \(familyName)") userAccountInfo.lastName = familyName } //groups if let mapValue = idTokenInfo["groups"] as? Array { TCSLogWithMark("setting groups: \(mapValue)") userAccountInfo.groups = mapValue } else { TCSLogWithMark("No groups found") } let aliasClaim = DefaultsOverride.standardOverride.string(forKey: PrefKeys.aliasName.rawValue) if let aliasClaim = aliasClaim, let aliasClaimValue = idTokenInfo[aliasClaim] as? String { TCSLogWithMark("found alias claim: \(aliasClaim):\(aliasClaimValue)") userAccountInfo.alias = aliasClaimValue } else { TCSLogWithMark("no alias claim: \(aliasClaim ?? "none")") } //uid let mapUID = DefaultsOverride.standardOverride.string(forKey: PrefKeys.mapUID.rawValue) if let mapUID = mapUID, let uid = idTokenInfo[mapUID] as? String { if let mapValueInt = Int(uid), mapValueInt > 499 { TCSLogWithMark("setting uid: \(uid)") userAccountInfo.uid = uid } else { TCSLogWithMark("invalid uid mapping value") } } else { TCSLogWithMark("No uid mapping") } return .success(userAccountInfo) } } // MARK: OIDC Lite Delegate Functions @available(macOS, deprecated: 11) extension TokenManager { func ropgSuccess(errorMessage: String) { TCSLogWithMark("ropgSuccess: \(errorMessage)") feedbackDelegate?.tokenError(errorMessage) } func authFailure(message: String) { XCredsAudit().auditError(message) TCSLogWithMark("authFailure: \(message)") feedbackDelegate?.tokenError(message) } func tokenResponse(tokens: OIDCLite.TokenResponse) { TCSLogWithMark("======== tokenResponse =========") RunLoop.main.perform { let googleAuth = DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldSetGoogleAccessTypeToOffline.rawValue) let xcredCreds = Creds(password: nil, tokens: tokens) if xcredCreds.hasAccessAndRefresh() { TCSLogWithMark("Found access and refresh token") } if googleAuth { TCSLogWithMark("Found google auth") } if xcredCreds.hasAccess() { TCSLogWithMark("found access token") } if googleAuth && xcredCreds.hasAccess() { TCSLogWithMark("Found google auth and access token") } if xcredCreds.hasAccessAndRefresh() || (googleAuth && xcredCreds.hasAccess()) { XCredsAudit().refreshTokenUpdated(true) self.feedbackDelegate?.credentialsUpdated(xcredCreds) } // else if let dict = tokens.jsonDict, let error = dict["error"] as? String, error == ropgResponseValue ?? "interaction_required" { // TCSLogWithMark("ropgResponseValue matched to \(error)") // XCredsAudit().refreshTokenUpdated(true) // // self.feedbackDelegate?.credentialsUpdated(xcredCreds) // } else if let dict = tokens.jsonDict, let error = dict["error"] as? String, error == "invalid_grant" { TCSLogWithMark("invalid grant, so password wrong: \(error)") XCredsAudit().auditError(error) self.feedbackDelegate?.invalidCredentials() } else { let err = "error gettings tokens: jsonDict:\(String(describing: tokens.jsonDict?.debugDescription))" self.feedbackDelegate?.tokenError(err) } } } } ================================================ FILE: XCreds/UpdatePasswordWindowController.swift ================================================ // // UpdatePasswordWindowController.swift // XCredsLoginPlugin // // Created by Timothy Perfitt on 12/1/23. // import Cocoa class UpdatePasswordWindowController: NSWindowController { @IBOutlet var currentPasswordTextField:NSTextField! @IBOutlet var passwordTextField:NSTextField! @IBOutlet var verifyPasswordTextField:NSTextField! @IBOutlet var passwordMatchWarningLabel:NSTextField! var password:String? var currentPassword:String? override func windowDidLoad() { super.windowDidLoad() self.window?.makeFirstResponder(currentPasswordTextField) passwordMatchWarningLabel.isHidden=true // Implement this method to handle any initialization after your window controller's window has been loaded from its nib file. } @IBAction func changePasswordButtonPressed(_ sender: Any) { if passwordTextField.stringValue.count==0 || verifyPasswordTextField.stringValue.count == 0 || currentPasswordTextField.stringValue.count == 0 { return } if passwordTextField.stringValue != verifyPasswordTextField.stringValue { passwordMatchWarningLabel.isHidden=false return } if self.window?.isModalPanel==true { password=passwordTextField.stringValue currentPassword=currentPasswordTextField.stringValue NSApp.stopModal(withCode: .OK) } } @IBAction func cancelButtonPressed(_ sender: Any) { if self.window?.isModalPanel==true { password=nil NSApp.stopModal(withCode: .cancel) } } } ================================================ FILE: XCreds/UpdatePasswordWindowController.xib ================================================ NSAllRomanInputSourcesLocaleIdentifier NSAllRomanInputSourcesLocaleIdentifier NSAllRomanInputSourcesLocaleIdentifier ================================================ FILE: XCreds/VerifyLocalPasswordWindowController.swift ================================================ // // LoginPasswordWindowController.swift // XCreds // // Created by Timothy Perfitt on 6/4/22. // import Cocoa class VerifyLocalPasswordWindowController: NSWindowController, DSQueryable { enum LocalUsernamePasswordResult { case success(LocalAdminCredentials?) case accountResetRequested(LocalAdminCredentials?) case userCancelled case error(String) } @IBOutlet weak var passwordTextField: NSSecureTextField! @IBOutlet weak var adminUsernameTextField: NSTextField! @IBOutlet weak var adminPasswordTextField: NSSecureTextField! @IBOutlet weak var adminCredentialsWindow: NSWindow! @IBOutlet weak var resetButton: NSButton! @IBOutlet weak var resetText: NSTextField! @IBOutlet weak var resetTitle: NSTextField! @IBOutlet weak var usernameTextField: NSTextField! var showResetButton = true var showResetText = true var shouldPromptForAdmin=false var passwordEntered:String? var resetKeychain = false var adminUsername:String? var adminPassword:String? var currentUsername:String? var isAccountLocked:Bool=false override var windowNibName: NSNib.Name { return "VerifyLocalPasswordWindowController" } override func awakeFromNib() { if isAccountLocked { resetTitle.stringValue="Unlock Account" resetText.stringValue="The user account is locked. You can wait for the account to unlock or reset the password by clicking the Reset button below." if let accountLockedPasswordDialogTitle = DefaultsOverride.standardOverride.string(forKey: PrefKeys.accountLockedPasswordDialogTitle.rawValue),accountLockedPasswordDialogTitle.count>0{ resetTitle.stringValue=accountLockedPasswordDialogTitle } if let accountLockedPasswordDialogText = DefaultsOverride.standardOverride.string(forKey: PrefKeys.accountLockedPasswordDialogText.rawValue),accountLockedPasswordDialogText.count>0{ resetText.stringValue=accountLockedPasswordDialogText } } resetButton.isHidden = !showResetButton resetText.isHidden = !showResetText if let currentUsername = currentUsername { usernameTextField.stringValue = currentUsername } if let resetPasswordDialogTitle = DefaultsOverride.standardOverride.string(forKey: PrefKeys.resetPasswordDialogTitle.rawValue), resetPasswordDialogTitle.count>0{ resetTitle.stringValue=resetPasswordDialogTitle } } func promptForLocalAccountAndChangePassword(username:String, newPassword:String?, shouldUpdatePassword:Bool, showResetButton:Bool=true) -> LocalUsernamePasswordResult { currentUsername = username if newPassword == nil { TCSLogWithMark("new password is nil") } self.showResetButton = showResetButton window?.canBecomeVisibleWithoutLogin=true window?.isMovable = true window?.canBecomeVisibleWithoutLogin = true window?.level = NSWindow.Level(rawValue: NSWindow.Level.floating.rawValue) var isDone = false while (!isDone){ DispatchQueue.main.async{ TCSLogWithMark("resetting level") self.window?.level = NSWindow.Level(rawValue: NSWindow.Level.floating.rawValue) } let response = NSApp.runModal(for: window!) window?.close() if response == .cancel { isDone=true TCSLogWithMark("User cancelled resetting keychain or entering password.") return .userCancelled } if resetKeychain == true { //user clicked reset isDone=true if let adminUsername = adminUsername, let adminPassword = adminPassword { return .accountResetRequested(LocalAdminCredentials(username: adminUsername, password: adminPassword)) } return .error("no admin username or password set") } else { TCSLogWithMark("user gave old password. checking...") let passwordEntered = self.passwordEntered guard let passwordEntered = passwordEntered else { TCSLogWithMark("No password entered, looping...") continue } let isValidPassword = PasswordUtils.isLocalPasswordValid(userName: username, userPass: passwordEntered) switch isValidPassword { case .success: TCSLogWithMark("Password check successful") let localUser = try? PasswordUtils.getLocalRecord(username) guard let localUser = localUser else { TCSLogErrorWithMark("invalid local user") return .error("The local user \(username) could not be found") } TCSLogWithMark() if shouldUpdatePassword==false { TCSLogWithMark("shouldUpdatePassword set to false") return .success(LocalAdminCredentials(username:username,password: passwordEntered)) } TCSLogWithMark() guard let newPassword = newPassword else { TCSLogWithMark("Password not provided for changing") return .error("Password not provided for changing") } TCSLogWithMark() do { TCSLogWithMark("attempting to change password") try localUser.changePassword(passwordEntered, toPassword: newPassword) } catch { TCSLogErrorWithMark("Error setting local password to cloud password") return .error("Error setting local password to cloud password: \(error.localizedDescription)") } isDone=true window?.close() TCSLogWithMark("returning success with local password") return .success(LocalAdminCredentials(username:username,password: passwordEntered)) default: window?.shake(self) } } } } override func windowDidLoad() { super.windowDidLoad() TCSLogWithMark() } @IBAction func removeKeychainButtonPressed(_ sender: Any) { TCSLogWithMark() //override or prefs has admin username / password so don't prompt if let _ = adminUsername, let _ = adminPassword{ TCSLogWithMark() if self.window?.isModalPanel==true { TCSLogWithMark() resetKeychain=true NSApp.stopModal(withCode: .OK) } TCSLogWithMark() } else { //prompt TCSLogWithMark() self.adminCredentialsWindow?.canBecomeVisibleWithoutLogin = true self.window?.beginSheet(adminCredentialsWindow) { res in if res == .OK { self.resetKeychain=true TCSLogWithMark("got admin username and password") self.window?.endSheet(self.adminCredentialsWindow) if self.window?.isModalPanel==true { TCSLogWithMark("Prompt for local password window is modal so stopping") NSApp.stopModal(withCode: .OK) } } else { //user hit cancel TCSLogWithMark("cancelled admin") self.window?.endSheet(self.adminCredentialsWindow) } } } } @IBAction func updateButtonPressed(_ sender: Any) { passwordEntered=passwordTextField.stringValue if self.window?.isModalPanel==true { NSApp.stopModal(withCode: .OK) } } @IBAction func cancelButtonPressed(_ sender: Any) { if self.window?.isModalPanel==true { NSApp.stopModal(withCode: .cancel) } } @IBAction func adminCancelButtonPressed(_ sender: Any) { window?.endSheet(adminCredentialsWindow, returnCode: .cancel) } @IBAction func adminResetButtonPressed(_ sender: Any) { self.adminUsername=nil self.adminPassword=nil let adminUserName = adminUsernameTextField.stringValue let adminPassword = adminPasswordTextField.stringValue if adminUserName == "" { adminUsernameTextField.shake(self) return } else if adminPassword == "" { adminPasswordTextField.shake(self) return } let user = try? getLocalRecord(adminUserName) if user == nil { adminUsernameTextField.shake(self) return } let res = PasswordUtils.isLocalPasswordValid(userName: adminUserName, userPass: adminPassword) switch res { case .success: self.adminUsername=adminUserName self.adminPassword=adminPassword window?.endSheet(adminCredentialsWindow, returnCode: .OK) default: adminPasswordTextField.shake(self) } } } ================================================ FILE: XCreds/VerifyLocalPasswordWindowController.xib ================================================ NSAllRomanInputSourcesLocaleIdentifier NSAllRomanInputSourcesLocaleIdentifier ================================================ FILE: XCreds/VerifyOIDCPassword.xib ================================================ Your local login password and keychain will now be updated to your cloud password. Please enter in your cloud password to verify it is correct. NSAllRomanInputSourcesLocaleIdentifier ================================================ FILE: XCreds/VerifyOIDCPasswordWindowController.swift ================================================ // // VerifyOIDCPassword.swift // XCreds // // Created by Timothy Perfitt on 6/4/22. // import Cocoa class VerifyOIDCPasswordWindowController: NSWindowController { @IBOutlet weak var passwordTextField: NSSecureTextField! var password:String? override func windowDidLoad() { super.windowDidLoad() } @IBAction func updateButtonPressed(_ sender: Any) { if self.window?.isModalPanel==true { password=passwordTextField.stringValue NSApp.stopModal(withCode: .OK) } } @IBAction func cancelButtonPressed(_ sender: Any) { if self.window?.isModalPanel==true { NSApp.stopModal(withCode: .cancel) self.window?.close() } } } ================================================ FILE: XCreds/View+Shake.swift ================================================ // // NSView+Shake.swift // XCreds // // Created by Timothy Perfitt on 6/4/22. // //https://onmyway133.com/posts/how-to-shake-nsview-in-macos/ import Foundation import Cocoa extension NSView { @objc func shake(_ sender: AnyObject?) { let midX = self.layer?.position.x ?? 0 let midY = self.layer?.position.y ?? 0 let animation = CABasicAnimation(keyPath: "position") animation.duration = 0.1 animation.repeatCount = 2 animation.autoreverses = true animation.fromValue = CGPoint(x: midX - 10, y: midY) animation.toValue = CGPoint(x: midX + 10, y: midY) self.layer?.add(animation, forKey: "position") } } ================================================ FILE: XCreds/WebViewController.swift ================================================ // // WebView.swift // xCreds // // Created by Timothy Perfitt on 4/5/22. // import Foundation import Cocoa @preconcurrency import WebKit import OIDCLite @available(macOS, deprecated: 11) class WebViewController: NSViewController, TokenManagerFeedbackDelegate { struct WebViewControllerError:Error { var errorDescription: String } func invalidCredentials() { } func authenticationSuccessful() { } func credentialsUpdated(_ credentials: Creds) { TCSLogWithMark() var credWithPass = credentials credWithPass.password = self.password // NotificationCenter.default.post(name: Notification.Name("TCSTokensUpdated"), object: self, userInfo:["credentials":credWithPass] // ) updateCredentialsFeedbackDelegate?.credentialsUpdated(credWithPass) } @IBOutlet weak var refreshTitleTextField: NSTextField? @IBOutlet weak var webView: WKWebView! @IBOutlet weak var cancelButton: NSButton! @available(macOS, deprecated: 11) var tokenManager=TokenManager() var password:String? var updateCredentialsFeedbackDelegate: UpdateCredentialsFeedbackProtocol? override func viewWillAppear() { if let refreshTitleTextField = self.refreshTitleTextField { refreshTitleTextField.isHidden = !DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldShowRefreshBanner.rawValue) if let refreshBannerText = DefaultsOverride.standardOverride.string(forKey: PrefKeys.refreshBannerText.rawValue) { self.refreshTitleTextField?.stringValue = refreshBannerText } } } func loadPage() { Task{ @MainActor in TCSLogWithMark("Clearing cookies") self.webView.cleanAllCookies() TCSLogWithMark() let licenseState = LicenseChecker().currentLicenseState() self.webView.navigationDelegate = self self.tokenManager.feedbackDelegate=self // TokenManager.shared.oidc().delegate = self self.clearCookies() TCSLogWithMark() switch licenseState { case .valid(let sec): let daysRemaining = Int(sec/(24*60*60)) TCSLogWithMark("valid license. Days remaining: \(daysRemaining) (\(sec) seconds)") if daysRemaining < 14 { } break; case .trial(_): break case .invalid,.trialExpired, .expired: let bundle = Bundle.findBundleWithName(name: "XCreds") if let bundle = bundle { let loadPageURL = bundle.url(forResource: "errorpage", withExtension: "html") if let loadPageURL = loadPageURL { self.webView.load(URLRequest(url:loadPageURL)) } } return } NotificationCenter.default.addObserver(self, selector: #selector(self.connectivityStatusHandler(notification:)), name: NSNotification.Name.connectivityStatus, object: nil) // let discoveryURL = DefaultsOverride.standardOverride.string(forKey: PrefKeys.discoveryURL.rawValue) NetworkMonitor.shared.startMonitoring() TCSLogWithMark("Network monitor: adding connectivity status change observer") do { // guard let discoveryURL = discoveryURL else { // TCSLogWithMark("discoveryURL not defined"); // // throw WebViewControllerError(errorDescription: "The discovery URL not defined in settings. Verify that settings have been configured and scoped to the system (not user).") // } TCSLogWithMark("getOidcLoginURL"); let url = try await self.getOidcLoginURL() TCSLogWithMark("URL: \(url)"); self.webView.load(URLRequest(url: url)) NetworkMonitor.shared.stopMonitoring() } catch { TCSLogWithMark("error: \(error)"); let loadPageTitle = DefaultsOverride.standardOverride.string(forKey: PrefKeys.loadPageTitle.rawValue)?.stripped ?? "loadPageTitle" var loadPageInfo = DefaultsOverride.standardOverride.string(forKey: PrefKeys.loadPageInfo.rawValue)?.stripped ?? "loadPageInfo" loadPageInfo = loadPageInfo + "

" + (error as? WebViewControllerError ?? WebViewControllerError(errorDescription: error.localizedDescription)).errorDescription let html = "

\(loadPageTitle)

\(loadPageInfo)

" self.webView.loadHTMLString(html, baseURL: nil) } } } @objc func connectivityStatusHandler(notification: Notification) { TCSLogWithMark("Network monitor: handling connectivity status update") Task { try? await tokenManager.oidc().getEndpoints() TCSLogWithMark("Refresh webview login") loadPage() } } private func getOidcLoginURL() async throws -> URL { if let url = try await tokenManager.oidc().createLoginURL() { return url } throw WebViewControllerError(errorDescription: "Error getting OIDC URL") } private func clearCookies() { let dataStore = WKWebsiteDataStore.default() dataStore.fetchDataRecords(ofTypes: WKWebsiteDataStore.allWebsiteDataTypes()) { records in dataStore.removeData(ofTypes: WKWebsiteDataStore.allWebsiteDataTypes(), for: records, completionHandler: { print("Removing Cookie") }) } if let cookies = HTTPCookieStorage.shared.cookies { for cookie in cookies { HTTPCookieStorage.shared.deleteCookie(cookie) } } } func showErrorMessageAndDeny(_ message:String){ } func tokenError(_ err: String) { TCSLogErrorWithMark("authFailure: \(err)") XCredsAudit().auditError(err) //TODO: need to post this? NotificationCenter.default.post(name: Notification.Name("TCSTokensUpdated"), object: self, userInfo:["error":err]) } } @available(macOS, deprecated: 11) extension WebViewController: WKNavigationDelegate { public func webView(_ webView: WKWebView, decidePolicyFor navigationAction: WKNavigationAction, decisionHandler: @escaping (WKNavigationActionPolicy) -> Void) { let idpHostName = DefaultsOverride.standardOverride.value(forKey: PrefKeys.idpHostName.rawValue) var idpHostNames = DefaultsOverride.standardOverride.value(forKey: PrefKeys.idpHostNames.rawValue) if idpHostNames == nil && idpHostName != nil { idpHostNames=[idpHostName] } let passwordElementID:String? = DefaultsOverride.standardOverride.value(forKey: PrefKeys.passwordElementID.rawValue) as? String TCSLogWithMark("inserting javascript to get password") webView.evaluateJavaScript("result", completionHandler: { response, error in if error != nil { // TCSLogWithMark(error?.localizedDescription ?? "unknown error") TCSLogWithMark("password not found") } else { if let responseDict = response as? NSDictionary, let ids = responseDict["ids"] as? Array, let passwords = responseDict["passwords"] as? Array { guard passwords.count > 0 else { TCSLogWithMark("No passwords set") return } TCSLogWithMark("found password elements with ids:\(ids)") guard let host = navigationAction.request.url?.host else { return } var foundHostname = "" if let idpHostNames = idpHostNames as? Array, idpHostNames.contains(host) { foundHostname=host } else if ["login.microsoftonline.com", "login.live.com", "accounts.google.com"].contains(host) || host.contains("okta.com"){ foundHostname=host } else { TCSLogWithMark("hostname (\(host)) not matched so not looking for password") return } TCSLogWithMark("host matches custom idpHostName \(foundHostname)") if passwords.count==3, passwords[1]==passwords[2] { TCSLogWithMark("found 3 password fields. so it is a reset password situation") TCSLogWithMark("========= password set===========") self.password=passwords[2] } else if passwords.count==2, passwords[0]==passwords[1] { TCSLogWithMark("found 2 password fields. so it is a reset password situation") TCSLogWithMark("========= password set===========") self.password=passwords[1] } else if let passwordElementID = passwordElementID{ TCSLogWithMark("the id is defined in prefs (\(passwordElementID)) so seeing if that field is on the page.") // we have a mapped field defined in prefs so only check this. if ids.count==1, ids[0]==passwordElementID, passwords.count==1 { TCSLogWithMark("========= password set===========") self.password=passwords[0] } else { TCSLogWithMark("did not find a single password field on the page with the specified ID so not setting password") } } // else if passwords.count==1 { TCSLogWithMark("found 1 password field on the specified page with the set idpHostName. setting password.") TCSLogWithMark("========= password set===========") self.password=passwords[0] } else { TCSLogWithMark("No passwords found on page") } } else { TCSLogWithMark("password not set") } } }) decisionHandler(.allow) } // func setupAppearance() { // let screenRect = NSScreen.screens[0].frame // // let screenWidth = screenRect.width // let screenHeight = screenRect.height // // // self.view.frame=NSMakeRect((screenWidth-CGFloat(loginWindowWidth))/2,(screenHeight-CGFloat(loginWindowHeight))/2, CGFloat(loginWindowWidth), CGFloat(loginWindowHeight)) // TCSLogWithMark() // // } func webView(_ webView: WKWebView, didFinish navigation: WKNavigation!) { //this inserts javascript to copy passwords to a variable. Sometimes the //div gets removed before we can evaluate it so this helps. It works by // attaching to keydown. At each keydown, it attaches to password elements // for keyup. When a key is released, it copies all the passwords to an array // to be read later. TCSLogWithMark("adding listener for password") var pathURL:URL? let bundle = Bundle.findBundleWithName(name: "XCreds") if let bundle = bundle { TCSLogWithMark() pathURL = bundle.url(forResource: "get_pw", withExtension: "js") } guard let pathURL = pathURL else { TCSLogErrorWithMark("get_pw.js not found") return } let javascript = try? String(contentsOf: pathURL, encoding: .utf8) guard let javascript = javascript else { return } webView.evaluateJavaScript(javascript, completionHandler: { response, error in if (error != nil){ TCSLogWithMark(error?.localizedDescription ?? "unknown listener error") if UserDefaults.standard.bool(forKey: "reloadPageOnError")==true { TCSLogWithMark("reloading page") self.loadPage() } } else { TCSLogWithMark("inserted javascript for password setup") } }) } func webView(_ webView: WKWebView, didCommit navigation: WKNavigation!) { } func webView(_ webView: WKWebView, didFail navigation: WKNavigation!, withError error: Error) { TCSLogErrorWithMark(error.localizedDescription) } func webView(_ webView: WKWebView, didFailProvisionalNavigation navigation: WKNavigation!, withError error: Error) { TCSLogWithMark("Redirect error. if the error is \"Could not connect to the server.\", it is probably safe to ignore. If the error is \"unsupported URL\", please check your redirectURL in prefs matches the one defined in your OIDC app. Error: \(error.localizedDescription)") } func webView(_ webView: WKWebView, didReceiveServerRedirectForProvisionalNavigation navigation: WKNavigation!) { Task{ guard let url = webView.url else { return } TCSLogWithMark("WebDel:: Did Receive Redirect for: \(url.absoluteString)") TCSLogWithMark("URL: \(url.absoluteString)") let redirectURI = try await tokenManager.oidc().redirectURI TCSLogWithMark("URL: \(url.absoluteString)") TCSLogWithMark("redirectURI: \(redirectURI)") if (url.absoluteString.starts(with: (redirectURI))) { TCSLogWithMark("got redirect URI match. separating URL") var code = "" let fullCommand = url.absoluteString let pathParts = fullCommand.components(separatedBy: "&") for part in pathParts { if part.contains("code=") { TCSLogWithMark("found code=. cleaning up.") code = part.replacingOccurrences(of: redirectURI + "?" , with: "").replacingOccurrences(of: "code=", with: "") TCSLogWithMark("getting tokens") let tokenResponse = try await tokenManager.oidc().getToken(code: code) TCSLogWithMark("got token. Token ID: \(tokenResponse.idToken ?? "" )") tokenManager.tokenResponse(tokens: tokenResponse) return } } } } } private func queryToDict(query: String) -> [String:String]? { let components = query.components(separatedBy: "&") var dictionary = [String:String]() for pairs in components { let pair = pairs.components(separatedBy: "=") if pair.count == 2 { dictionary[pair[0]] = pair[1] } } if dictionary.count == 0 { return nil } return dictionary } } //TODO: Integrate? //extension WebViewController: OIDCLiteDelegate { // //// func authFailure(message: String) { //// TCSLogErrorWithMark("authFailure: \(message)") //// NotificationCenter.default.post(name: Notification.Name("TCSTokensUpdated"), object: self, userInfo:[:]) //// //// } // // //} extension String { func sanitized() -> String { // see for ressoning on charachrer sets https://superuser.com/a/358861 let invalidCharacters = CharacterSet(charactersIn: "\\/:*?\"<>| ") .union(.newlines) .union(.illegalCharacters) .union(.controlCharacters) return self .components(separatedBy: invalidCharacters) .joined(separator: "") } mutating func sanitize() -> Void { self = self.sanitized() } } extension WKWebView { func cleanAllCookies() { HTTPCookieStorage.shared.removeCookies(since: Date.distantPast) print("All cookies deleted") WKWebsiteDataStore.default().fetchDataRecords(ofTypes: WKWebsiteDataStore.allWebsiteDataTypes()) { records in records.forEach { record in WKWebsiteDataStore.default().removeData(ofTypes: record.dataTypes, for: [record], completionHandler: {}) print("Cookie ::: \(record) deleted") } } } func refreshCookies() { self.configuration.processPool = WKProcessPool() } } ================================================ FILE: XCreds/Window+ForceToFront.swift ================================================ // // Window+ForceToFront.swift // xCreds // // Created by Timothy Perfitt on 4/5/22. // import Foundation import Cocoa extension NSWindow { @objc func forceToFrontAndFocus(_ sender: AnyObject?) { NSApp.activate(ignoringOtherApps: true) self.makeKeyAndOrderFront(sender); } } ================================================ FILE: XCreds/Window+Shake.swift ================================================ // // Window+Shake.swift // XCreds // // Created by Timothy Perfitt on 6/4/22. // // https://stackoverflow.com/a/50267597 // thanks to Mike James https://stackoverflow.com/users/531419/mike-james import Foundation import Cocoa extension NSWindow { @objc func shake(_ sender: AnyObject?) { let numberOfShakes = 3 let durationOfShake = 0.4 let vigourOfShake : CGFloat = 0.03 let frame : CGRect = (self.frame) let shakeAnimation :CAKeyframeAnimation = CAKeyframeAnimation() let shakePath = CGMutablePath() shakePath.move( to: CGPoint(x:NSMinX(frame), y:NSMinY(frame))) for _ in 0...numberOfShakes-1 { shakePath.addLine(to: CGPoint(x:NSMinX(frame) - frame.size.width * vigourOfShake, y:NSMinY(frame))) shakePath.addLine(to: CGPoint(x:NSMinX(frame) + frame.size.width * vigourOfShake, y:NSMinY(frame))) } shakePath.closeSubpath() shakeAnimation.path = shakePath shakeAnimation.duration = durationOfShake let animations = [NSAnimatablePropertyKey( "frameOrigin") : shakeAnimation] self.animations = animations self.animator().setFrameOrigin(NSPoint(x: frame.minX, y: frame.minY)) } } ================================================ FILE: XCreds/XCreds-Bridging-Header.h ================================================ // // XCreds-Bridging-Header.h // XCreds // // Created by Timothy Perfitt on 6/3/22. // #ifndef XCreds_Bridging_Header_h #define XCreds_Bridging_Header_h #import "SecurityPrivateAPI.h" #import "XCredsLoginPlugin.h" #import "TCSKeychain.h" #import "TCSUnifiedLogger.h" #import "TCTaskHelper.h" #if !defined(AUTOFILL_TARGET) && !defined(FILEVAULTLOGIN_TARGET) && !defined(FILEVAULTLOGINHELPER_TARGET) #import #endif #import "TCSLoginWindowUtilities.h" #import "DNSResolver.h" #import "TCTaskWrapperWithBlocks.h" // Kerb bits #import "KerbUtil.h" #import "GSSItem.h" #import "krb5.h" #include #import "TCSTKSmartCard.h" #endif /* XCreds_Bridging_Header_h */ ================================================ FILE: XCreds/XCredsLoginPlugin-Bridging-Header.h ================================================ // // Use this file to import your target's public headers that you would like to expose to Swift. // #import "XCredsLoginPlugin.h" #import "TCSUnifiedLogger.h" #import "TCSReturnWindow.h" #import "TCSKeychain.h" #import #include #import "DNSResolver.h" #import "TCTaskWrapperWithBlocks.h" // Kerb bits #import "KerbUtil.h" #import "GSSItem.h" #import "krb5.h" #import "TCSTKSmartCard.h" ================================================ FILE: XCreds/XCredsMechanismProtocol.swift ================================================ // // XCredsMechanismProtocol.swift // XCreds // // Created by Timothy Perfitt on 12/24/23. // enum ErrorResult { case success case failure(String) case userCancelled } protocol XCredsMechanismProtocol { func allowLogin() func denyLogin(message:String?) func setHints(_ hints:[HintType:Any]) func setContextStrings(_ contentStrings: [String : String]) func setContextString(type: String, value: String) func setStickyContextString(type: String, value: String) func setHint(type: HintType, hint: NSSecureCoding) func setHintData(type: HintType, data: Data) func getHint(type: HintType) -> Any? func reload() func run() func setupHints(fromCredentials credentials:Creds, password:String) -> ErrorResult func unsyncedPasswordPrompt(username: String, password: String,accountLocked:Bool, localAdmin: LocalAdminCredentials?, showResetButton:Bool) ->ErrorResult } ================================================ FILE: XCreds/defaults.plist ================================================ redirectURI xcreds://auth/ refreshRateHours 3 refreshRateMinutes 0 showDebug verifyPassword LogFileName xcreds.log shouldShowPreferencesOnStart shouldSetGoogleAccessTypeToOffline shouldShowAboutMenu shouldShowQuitMenu shouldFindPasswordElement shouldShowSupportStatus 1 shouldShowConfigureWifiButton shouldShowShutdownButton shouldShowRestartButton shouldHideIfLocalOnlyUser NO shouldShowSystemInfoButton shouldShowMacLoginButton 1 shouldShowRefreshBanner KeychainCreate shouldSwitchToLoginWindowWhenLocked shouldShowCloudLoginByDefault shouldPreferLocalLoginInsteadOfCloudLogin shouldShowTokenUpdateStatus autoRefreshLoginTimer 0 usernamePlaceholder Enter Username shouldShowLocalOnlyCheckbox shouldDetectNetworkToDetermineLoginWindow shouldUseROPGForPasswordChangeChecking checkForUpdates shouldUseROPGForMenuLogin shouldUseROPGForLoginWindowLogin passwordPlaceholder Password versionCheckURL https://paypro.twocanoes.com/api/version_info licenseActivityURL https://paypro.twocanoes.com/api/license_activity refreshBannerText Log in to verify your cloud credentials. After verification, your local user account password will be set to your cloud password. shouldPromptForMigration shouldAllowKeyComboForMacLoginWindow claimsToAddToLocalUserAccount groups adUserAttributesToAddToLocalUserAccount userPrincipalName dn loadPageTitle Waiting for Network... loadPageInfo If this page does not reload with the login screen in a few seconds, please check the network connection. shouldPromptForADPasswordChange allowUsersClaim upn shareMenuItemName Shares shouldUseBasicAuthWithROPG map_password_expiry pwd_exp map_fullusername unique_name shouldShowSignInMenuItem shouldLoginWindowBackgroundImageFillScreen shouldLoginWindowSecondaryMonitorsBackgroundImageFillScreen shouldActivateSystemInfoButton ropgResponseValue interaction_required menuItemWindowBackgroundImageAlpha 1 loginWindowBackgroundImageAlpha 1 loginWindowSecondaryMonitorsBackgroundAlpha 1 shouldSuppressLocalPasswordPrompt overlayDelaySecs 10 shouldUseKillWhenLoginWindowSwitching shouldAllowLoginCardSetup shouldDisableMenuItemAutoLaunch shouldUseADNativePasswordChangeMenuItem shouldHideLoginWindowLogo primaryGroupID 20 ================================================ FILE: XCreds/tap-Bridging-Header.h ================================================ // // XCreds-Bridging-Header.h // XCreds // // Created by Timothy Perfitt on 6/3/22. // #ifndef XCreds_Bridging_Header_h #define XCreds_Bridging_Header_h #import "SecurityPrivateAPI.h" #import "XCredsLoginPlugin.h" #import "TCSKeychain.h" #import "TCSUnifiedLogger.h" #ifndef AUTOFILL_TARGET #endif #import "TCSLoginWindowUtilities.h" #import "DNSResolver.h" #import "TCTaskWrapperWithBlocks.h" // Kerb bits #import "KerbUtil.h" #import "GSSItem.h" #import "krb5.h" #include #endif /* XCreds_Bridging_Header_h */ ================================================ FILE: XCreds/xCreds.entitlements ================================================ com.apple.security.smartcard ================================================ FILE: XCreds AutoFill/AppDelegate.swift ================================================ // // AppDelegate.swift // XCreds AutoFill // // Created by Timothy Perfitt on 6/5/24. // import Cocoa @main class AppDelegate: NSObject, NSApplicationDelegate { static func main() { if CommandLine.arguments.contains("-r") { DispatchQueue.main.asyncAfter(deadline: DispatchTime.now()+5) { NSApplication.shared.terminate(self) } } let app = NSApplication.shared let appDelegate = AppDelegate() app.delegate = appDelegate _ = NSApplicationMain(CommandLine.argc, CommandLine.unsafeArgv) } func applicationDidFinishLaunching(_ aNotification: Notification) { // Insert code here to initialize your application } func applicationWillTerminate(_ aNotification: Notification) { // Insert code here to tear down your application } func applicationSupportsSecureRestorableState(_ app: NSApplication) -> Bool { return true } } ================================================ FILE: XCreds AutoFill/Base.lproj/Main.storyboard ================================================ Default Left to Right Right to Left Default Left to Right Right to Left ================================================ FILE: XCreds AutoFill/ViewController.swift ================================================ // // ViewController.swift // XCreds AutoFill // // Created by Timothy Perfitt on 6/5/24. // import Cocoa class ViewController: NSViewController { override func viewDidLoad() { super.viewDidLoad() // Do any additional setup after loading the view. } override var representedObject: Any? { didSet { // Update the view, if already loaded. } } } ================================================ FILE: XCreds AutoFill/XCreds_AutoFill.entitlements ================================================ com.apple.developer.authentication-services.autofill-credential-provider ================================================ FILE: XCreds AutoFill Extension/Base.lproj/CredentialProviderViewController.xib ================================================ ================================================ FILE: XCreds AutoFill Extension/CredentialProviderViewController.swift ================================================ // // CredentialProviderViewController.swift // XCreds AutoFill Extension // // Created by Timothy Perfitt on 6/5/24. // import AuthenticationServices import LocalAuthentication @available(macOS, deprecated: 11) class CredentialProviderViewController: ASCredentialProviderViewController { /* Prepare your UI to list available credentials for the user to choose from. The items in 'serviceIdentifiers' describe the service the user is logging in to, so your extension can prioritize the most relevant credentials in the list. */ override func prepareCredentialList(for serviceIdentifiers: [ASCredentialServiceIdentifier]) { } /* Implement this method if your extension supports showing credentials in the QuickType bar. When the user selects a credential from your app, this method will be called with the ASPasswordCredentialIdentity your app has previously saved to the ASCredentialIdentityStore. Provide the password by completing the extension request with the associated ASPasswordCredential. If using the credential would require showing custom UI for authenticating the user, cancel the request with error code ASExtensionError.userInteractionRequired. override func provideCredentialWithoutUserInteraction(for credentialIdentity: ASPasswordCredentialIdentity) { let databaseIsUnlocked = true if (databaseIsUnlocked) { let passwordCredential = ASPasswordCredential(user: "j_appleseed", password: "apple1234") self.extensionContext.completeRequest(withSelectedCredential: passwordCredential, completionHandler: nil) } else { self.extensionContext.cancelRequest(withError: NSError(domain: ASExtensionErrorDomain, code:ASExtensionError.userInteractionRequired.rawValue)) } } */ /* Implement this method if provideCredentialWithoutUserInteraction(for:) can fail with ASExtensionError.userInteractionRequired. In this case, the system may present your extension's UI and call this method. Show appropriate UI for authenticating the user then provide the password by completing the extension request with the associated ASPasswordCredential. override func prepareInterfaceToProvideCredential(for credentialIdentity: ASPasswordCredentialIdentity) { } */ override func viewDidAppear() { passwordSelected(self) } @IBAction func cancel(_ sender: AnyObject?) { self.extensionContext.cancelRequest(withError: NSError(domain: ASExtensionErrorDomain, code: ASExtensionError.userCanceled.rawValue)) } @IBAction func passwordSelected(_ sender: AnyObject?) { let keychainUtil = KeychainUtil() let passwordItem = keychainUtil.findPassword(serviceName: PrefKeys.password.rawValue,accountName:PrefKeys.password.rawValue) guard let passwordItem = passwordItem else { TCSLogWithMark("No keychainAccountAndPassword") self.extensionContext.cancelRequest(withError: NSError(domain: "none", code: -1)) return } var dsUsername:String? let currentUser = PasswordUtils.getCurrentConsoleUserRecord() if let userNames = try? currentUser?.values(forAttribute: "dsAttrTypeNative:_xcreds_oidc_full_username") as? [String], userNames.count>0, let username = userNames.first { TCSLogWithMark() dsUsername = username } else if let userNames = try? currentUser?.values(forAttribute: "dsAttrTypeNative:_xcreds_activedirectory_kerberosPrincipal") as? [String], userNames.count>0, let username = userNames.first { TCSLogWithMark() dsUsername = username } else { dsUsername=currentUser?.recordName } guard let dsUsername = dsUsername else { TCSLogWithMark("Invalid dsUsername") self.extensionContext.cancelRequest(withError: NSError(domain: "none", code: -1)) return } let passwordCredential = ASPasswordCredential(user: dsUsername, password: passwordItem.password) let context = LAContext() var error: NSError? if context.canEvaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, error: &error) { let reason = "XCreds Login Password" context.evaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, localizedReason: reason) { [weak self] success, authenticationError in DispatchQueue.main.async { if success { self?.extensionContext.completeRequest(withSelectedCredential: passwordCredential, completionHandler: nil) } else { self?.extensionContext.cancelRequest(withError: NSError(domain: "none", code: -1)) } } } } else if context.canEvaluatePolicy(.deviceOwnerAuthentication, error: &error) { let reason = "XCreds Login Password" context.evaluatePolicy(.deviceOwnerAuthentication, localizedReason: reason) { [weak self] success, authenticationError in DispatchQueue.main.async { if success { self?.extensionContext.completeRequest(withSelectedCredential: passwordCredential, completionHandler: nil) } else { self?.extensionContext.cancelRequest(withError: NSError(domain: "none", code: -1)) } } } } else { self.extensionContext.cancelRequest(withError: NSError(domain: "none", code: -1)) } } } ================================================ FILE: XCreds AutoFill Extension/Info.plist ================================================ NSExtension NSExtensionAttributes ASCredentialProviderExtensionShowsConfigurationUI NSExtensionPointIdentifier com.apple.authentication-services-credential-provider-ui NSExtensionPrincipalClass $(PRODUCT_MODULE_NAME).CredentialProviderViewController ================================================ FILE: XCreds AutoFill Extension/XCreds_AutoFill_Extension.entitlements ================================================ com.apple.developer.authentication-services.autofill-credential-provider com.apple.security.app-sandbox ================================================ FILE: XCreds Login Overlay/AppDelegate.swift ================================================ // // AppDelegate.swift // XCreds Login Overlay // // Created by Timothy Perfitt on 7/16/22. // import Cocoa import AppKit @main class App { static func main() { if let ud = UserDefaults(suiteName: "com.twocanoes.xcreds") { var delay = ud.integer(forKey: "overlayDelaySecs") if delay<10 { delay = 10 } TCSLogWithMark("delaying overlay by \(delay) secs"); sleep(UInt32(delay)) } _ = NSApplicationMain(CommandLine.argc, CommandLine.unsafeArgv) } } class AppDelegate: NSObject, NSApplicationDelegate { @IBOutlet weak var cloudLoginTextField: NSTextField! @IBOutlet var window: NSWindow! @IBOutlet var waitWindow: NSWindow! var returnFileExistedOnStart = false var timer:Timer? @IBAction func cloudLoginButtonPressed(_ sender: Any) { var shouldSwitch = true if UserDefaults.standard.bool(forKey:PrefKeys.shouldUseKillWhenLoginWindowSwitching.rawValue)==false{ let alert = NSAlert() alert.addButton(withTitle: "Restart") alert.addButton(withTitle: "Cancel") alert.messageText="Switching login windows requires a restart. Do you want to restart now?" alert.window.canBecomeVisibleWithoutLogin=true alert.icon=Bundle.main.image(forResource: NSImage.Name("icon_128x128")) if alert.runModal() == .alertSecondButtonReturn { shouldSwitch=false } } if shouldSwitch == false { return } waitWindow.level = .modalPanel waitWindow.canBecomeVisibleWithoutLogin = true let screenRect = NSScreen.screens[0].visibleFrame let screenWidth = screenRect.width let screenHeight = screenRect.height let waitWindowWidth = waitWindow.frame.width let newPos = NSMakePoint(screenWidth/2-waitWindowWidth/2, screenHeight/2) waitWindow.setFrameOrigin(newPos) waitWindow.makeKeyAndOrderFront(self) DispatchQueue.main.asyncAfter(deadline: .now() + 0.5) { TCSLogWithMark("creating return file so XCreds does not return to mac login if it is set to go to mac login window by default.") do { try StateFileHelper().createFile(.returnType) } catch { TCSLogWithMark("not create xcreds_return file:\(error)") } if UserDefaults.standard.bool(forKey: "slowReboot")==true { sleep(30) } let _ = AuthRightsHelper.addRights() StateFileHelper().killOrReboot() } } /* (void)showStatusBar:(__unused id)sender{ [self updateStatus:self]; [self.returnToBootRunnerWindow setLevel:NSScreenSaverWindowLevel]; [self.returnToBootRunnerWindow setCanBecomeVisibleWithoutLogin:YES]; [self.returnToBootRunnerWindow setHidesOnDeactivate:NO]; [self.returnToBootRunnerWindow setOpaque:NO]; [self.returnToBootRunnerWindow orderFront:self]; NSRect statusWindowRect=self.returnToBootRunnerWindow.frame; NSRect screenRect=[[[NSScreen screens] objectAtIndex:0] visibleFrame]; statusWindowRect.size.width=screenRect.size.width; statusWindowRect.origin=screenRect.origin; [self.returnToBootRunnerWindow setFrame:statusWindowRect display:YES]; } */ func setupWindow() { var statusWindowRect=window.frame let screenRect = NSScreen.screens[0].visibleFrame statusWindowRect.size.width=screenRect.size.width statusWindowRect.origin=screenRect.origin; window.setFrame(statusWindowRect, display: true, animate: false) window.canBecomeVisibleWithoutLogin=true window.hidesOnDeactivate=false window.isOpaque=false window.level = .modalPanel if let ud = UserDefaults(suiteName: "com.twocanoes.xcreds"), let customTextString = ud.value(forKey: "cloudLoginText") { cloudLoginTextField.stringValue = customTextString as! String cloudLoginTextField.sizeToFit() } } func applicationDidFinishLaunching(_ aNotification: Notification) { TCSLogWithMark("starting overlay") UserDefaults.standard.addSuite(named: "com.twocanoes.xcreds") do { if StateFileHelper().fileExists(.returnType) == true { returnFileExistedOnStart = true try StateFileHelper().removeFile(.returnType) } } catch { TCSLogWithMark("Error removing return file: \(error)") } self.checkStatus() DispatchQueue.main.async { self.timer = Timer.scheduledTimer(withTimeInterval: 10, repeats: true) { timer in self.checkStatus() } } } func checkStatus() { if AuthRightsHelper.verifyRights() == false { TCSLogWithMark("rights are not correct. Fixing setting to xcloud. if mac login window is forced, will bounce back there after the cloud window shows.") let _ = AuthRightsHelper.resetRights() StateFileHelper().killOrReboot() return } if let ud = UserDefaults(suiteName: "com.twocanoes.xcreds"){ if ud.bool(forKey: "shouldShowCloudLoginByDefault") == true, returnFileExistedOnStart == false, AuthorizationDBManager.shared.rightExists(right: "loginwindow:login")==true { TCSLogWithMark("we should be at XCreds window but we are at mac login window. Resetting and rebooting") let _ = AuthRightsHelper.addRights() TCSLogWithMark("XCreds rights added. Rebooting") if UserDefaults.standard.bool(forKey: "slowReboot")==true { sleep(30) } StateFileHelper().killOrReboot() return } } // else { // TCSLogWithMark("rights correct") // } if AuthorizationDBManager.shared.rightExists(right: "loginwindow:login") == true { TCSLogWithMark("moving to front") NSApp.activate(ignoringOtherApps: true) self.setupWindow() NSApp.activate(ignoringOtherApps: true) self.window.orderFrontRegardless() } // else { // TCSLogWithMark("loginwindow:login does not exist so we are at xcreds login") // } } func applicationWillTerminate(_ aNotification: Notification) { // Insert code here to tear down your application } func applicationSupportsSecureRestorableState(_ app: NSApplication) -> Bool { return true } } ================================================ FILE: XCreds Login Overlay/Assets.xcassets/AccentColor.colorset/Contents.json ================================================ { "colors" : [ { "color" : { "color-space" : "srgb", "components" : { "alpha" : "1.000", "blue" : "1.000", "green" : "1.000", "red" : "1.000" } }, "idiom" : "universal" }, { "appearances" : [ { "appearance" : "luminosity", "value" : "dark" } ], "color" : { "color-space" : "srgb", "components" : { "alpha" : "1.000", "blue" : "1.000", "green" : "1.000", "red" : "1.000" } }, "idiom" : "universal" } ], "info" : { "author" : "xcode", "version" : 1 } } ================================================ FILE: XCreds Login Overlay/Assets.xcassets/AppIcon.appiconset/Contents.json ================================================ { "images" : [ { "filename" : "icon_16x16.png", "idiom" : "mac", "scale" : "1x", "size" : "16x16" }, { "filename" : "icon_16x16@2x.png", "idiom" : "mac", "scale" : "2x", "size" : "16x16" }, { "filename" : "icon_32x32.png", "idiom" : "mac", "scale" : "1x", "size" : "32x32" }, { "filename" : "icon_32x32@2x.png", "idiom" : "mac", "scale" : "2x", "size" : "32x32" }, { "filename" : "icon_128x128.png", "idiom" : "mac", "scale" : "1x", "size" : "128x128" }, { "filename" : "icon_128x128@2x.png", "idiom" : "mac", "scale" : "2x", "size" : "128x128" }, { "filename" : "icon_256x256.png", "idiom" : "mac", "scale" : "1x", "size" : "256x256" }, { "filename" : "icon_256x256@2x.png", "idiom" : "mac", "scale" : "2x", "size" : "256x256" }, { "filename" : "icon_512x512.png", "idiom" : "mac", "scale" : "1x", "size" : "512x512" }, { "filename" : "icon_512x512@2x.png", "idiom" : "mac", "scale" : "2x", "size" : "512x512" } ], "info" : { "author" : "xcode", "version" : 1 } } ================================================ FILE: XCreds Login Overlay/Assets.xcassets/Contents.json ================================================ { "info" : { "author" : "xcode", "version" : 1 } } ================================================ FILE: XCreds Login Overlay/Base.lproj/MainMenu.xib ================================================ Default Left to Right Right to Left Default Left to Right Right to Left ================================================ FILE: XCreds Login Overlay/TCSXCredsLoginOverlayWindow.swift ================================================ // // TCSXCredsLoginOverlayWindow.swift // XCreds Login Overlay // // Created by Timothy Perfitt on 7/16/22. // import Cocoa class TCSXCredsLoginOverlayWindow: NSWindow { override init(contentRect: NSRect, styleMask style: NSWindow.StyleMask, backing backingStoreType: NSWindow.BackingStoreType, defer flag: Bool) { super.init(contentRect:contentRect, styleMask: style, backing: backingStoreType, defer: flag) alphaValue=1.0 backgroundColor=NSColor.clear } } ================================================ FILE: XCreds Login Overlay/XCreds_Login_Overlay.entitlements ================================================ ================================================ FILE: XCreds Login Overlay/com.twocanoes.xcreds-overlay.plist ================================================ Label com.twocanoes.xcreds-overlay ThrottleInterval 30 LimitLoadToSessionType LoginWindow OnDemand ProgramArguments /Applications/XCreds.app/Contents/Resources/XCreds Login Overlay.app/Contents/MacOS/XCreds Login Overlay ================================================ FILE: XCreds-Login-Overlay-Info.plist ================================================ LSUIElement 1 LogFileName xcreds.log ================================================ FILE: XCreds.xcodeproj/project.pbxproj ================================================ // !$*UTF8*$! { archiveVersion = 1; classes = { }; objectVersion = 70; objects = { /* Begin PBXBuildFile section */ 54848E8F2B47336D000DF420 /* KerbUtil.m in Sources */ = {isa = PBXBuildFile; fileRef = 76C4BABA2B353B4B007B2C57 /* KerbUtil.m */; }; 54848E902B47336D000DF420 /* KerbUtil.m in Sources */ = {isa = PBXBuildFile; fileRef = 76C4BABA2B353B4B007B2C57 /* KerbUtil.m */; }; 760291E32C116E450075FBD8 /* AppDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760291E22C116E450075FBD8 /* AppDelegate.swift */; }; 760291E52C116E450075FBD8 /* ViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760291E42C116E450075FBD8 /* ViewController.swift */; }; 760291EA2C116E470075FBD8 /* Base in Resources */ = {isa = PBXBuildFile; fileRef = 760291E92C116E470075FBD8 /* Base */; }; 760291EF2C116E5F0075FBD8 /* XCreds Login Autofill.app in Resources */ = {isa = PBXBuildFile; fileRef = 760291E02C116E450075FBD8 /* XCreds Login Autofill.app */; }; 760291F52C116EDB0075FBD8 /* AuthenticationServices.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 760291CB2C1166870075FBD8 /* AuthenticationServices.framework */; }; 760291F82C116EDB0075FBD8 /* CredentialProviderViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760291F72C116EDB0075FBD8 /* CredentialProviderViewController.swift */; }; 760291FB2C116EDB0075FBD8 /* Base in Resources */ = {isa = PBXBuildFile; fileRef = 760291FA2C116EDB0075FBD8 /* Base */; }; 760292002C116EDB0075FBD8 /* XCreds Login Password.appex in Embed Foundation Extensions */ = {isa = PBXBuildFile; fileRef = 760291F42C116EDB0075FBD8 /* XCreds Login Password.appex */; settings = {ATTRIBUTES = (RemoveHeadersOnCopy, ); }; }; 760292072C11751E0075FBD8 /* KeychainUtil.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116B2284B045800CCD6FF /* KeychainUtil.swift */; }; 7602920B2C1175620075FBD8 /* PrefKeys.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AD27FD1DC3009E0F3A /* PrefKeys.swift */; }; 7602920D2C1175D20075FBD8 /* DefaultsOverride.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766FD60C2A1B06AC00C8F244 /* DefaultsOverride.swift */; }; 7602920E2C1175D20075FBD8 /* DefaultsOverride.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766FD60C2A1B06AC00C8F244 /* DefaultsOverride.swift */; }; 760292112C1176010075FBD8 /* UNIXUtilities.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DED82B351B5B003A23DB /* UNIXUtilities.swift */; }; 760292122C1176010075FBD8 /* UNIXUtilities.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DED82B351B5B003A23DB /* UNIXUtilities.swift */; }; 760292132C11763B0075FBD8 /* PrefKeys.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AD27FD1DC3009E0F3A /* PrefKeys.swift */; }; 760292142C1176450075FBD8 /* LogShim.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632E3A02873497C00E37923 /* LogShim.swift */; }; 760292152C1176450075FBD8 /* LogShim.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632E3A02873497C00E37923 /* LogShim.swift */; }; 760292172C1176BE0075FBD8 /* DataExtension.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632909B2876673500CF8857 /* DataExtension.swift */; }; 760292182C1176BF0075FBD8 /* DataExtension.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632909B2876673500CF8857 /* DataExtension.swift */; }; 7602921B2C117B3F0075FBD8 /* PasswordUtils.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116AB284AB4C000CCD6FF /* PasswordUtils.swift */; }; 7602921C2C117B400075FBD8 /* PasswordUtils.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116AB284AB4C000CCD6FF /* PasswordUtils.swift */; }; 7602921D2C117B490075FBD8 /* DSQueryable.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418D62A1332660051411B /* DSQueryable.swift */; }; 7602921E2C117B490075FBD8 /* DSQueryable.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418D62A1332660051411B /* DSQueryable.swift */; }; 760418D22A1332210051411B /* SignInWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418CF2A1332210051411B /* SignInWindowController.swift */; }; 760418D52A1332520051411B /* DS+AD.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418D42A1332520051411B /* DS+AD.swift */; }; 760418D72A1332660051411B /* DSQueryable.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418D62A1332660051411B /* DSQueryable.swift */; }; 760418D92A1332770051411B /* SystemInfoHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418D82A1332770051411B /* SystemInfoHelper.swift */; }; 760418E02A133A370051411B /* DSQueryable.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418D62A1332660051411B /* DSQueryable.swift */; }; 760769C12D9120C1006A1F4E /* com.twocanoes.xcreds-launchagent.plist in Resources */ = {isa = PBXBuildFile; fileRef = 760769C02D9120C1006A1F4E /* com.twocanoes.xcreds-launchagent.plist */; }; 760B6B732EE890FE000C7E9B /* FDESetupHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76A35FD12EAC0DC400099940 /* FDESetupHelper.swift */; }; 760D8D5A2EC5757B00252828 /* UserSecretManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EAAFD92CEFED3800A5FEE3 /* UserSecretManager.swift */; }; 760D8D5B2EC575A100252828 /* SecretKeeper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EAAFD82CEFED3800A5FEE3 /* SecretKeeper.swift */; }; 760D8D5C2EC5760E00252828 /* UsernamePassword.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766D67772E96249A009CE2BF /* UsernamePassword.swift */; }; 760D8D5D2EC5769B00252828 /* DataExtension.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632909B2876673500CF8857 /* DataExtension.swift */; }; 760D8D5E2EC576B300252828 /* UNIXUtilities.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DED82B351B5B003A23DB /* UNIXUtilities.swift */; }; 761121B62B3D24FE005F7D02 /* SignInWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418CF2A1332210051411B /* SignInWindowController.swift */; }; 761121B72B3D26EE005F7D02 /* SystemInfoHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418D82A1332770051411B /* SystemInfoHelper.swift */; }; 761121B82B3D26F5005F7D02 /* LocalCheckAndMigrate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418DA2A13328C0051411B /* LocalCheckAndMigrate.swift */; }; 761121B92B3D26FB005F7D02 /* DS+AD.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418D42A1332520051411B /* DS+AD.swift */; }; 7611CEC0288B75140063A644 /* XCredsCreateUser.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7611CEBF288B75140063A644 /* XCredsCreateUser.swift */; }; 7611CEC2288B96760063A644 /* XCredsEnableFDE.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7611CEC1288B96760063A644 /* XCredsEnableFDE.swift */; }; 7613FDF7289E114F00340CCD /* loadpage.html in Resources */ = {isa = PBXBuildFile; fileRef = 7613FDF6289E114F00340CCD /* loadpage.html */; }; 7614D03C2B181A5D006EAF36 /* icon_128x128.png in Resources */ = {isa = PBXBuildFile; fileRef = 7614D03B2B181A5D006EAF36 /* icon_128x128.png */; }; 76189C782E9A021D00BEF023 /* com.twocanoes.FileVaultLoginHelper.plist in Copy LaunchDaemons Property Lists */ = {isa = PBXBuildFile; fileRef = 76189C6F2E99FF8800BEF023 /* com.twocanoes.FileVaultLoginHelper.plist */; }; 761B486C28A3575000C6A02B /* XCredsLoginDone.swift in Sources */ = {isa = PBXBuildFile; fileRef = 761B486B28A3575000C6A02B /* XCredsLoginDone.swift */; }; 762177E62B7144460051B756 /* OIDCLite in Frameworks */ = {isa = PBXBuildFile; productRef = 762177E52B7144460051B756 /* OIDCLite */; }; 7623384C2B53029D00F2D714 /* ShareMounterMenu.swift in Sources */ = {isa = PBXBuildFile; fileRef = 763DDF152B4F100D000D48CC /* ShareMounterMenu.swift */; }; 7623384D2B53029D00F2D714 /* ShareMounter.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76C4ACBE2B3D0F8D003B3605 /* ShareMounter.swift */; }; 762761602B294A7C0067D1D4 /* icon_128x128.png in Resources */ = {isa = PBXBuildFile; fileRef = 7614D03B2B181A5D006EAF36 /* icon_128x128.png */; }; 76319360287D22C700D36BF7 /* authrights.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7631935F287D22C700D36BF7 /* authrights.swift */; }; 76319366287D24E100D36BF7 /* ArgumentParser in Frameworks */ = {isa = PBXBuildFile; productRef = 76319365287D24E100D36BF7 /* ArgumentParser */; }; 76319369287D24F600D36BF7 /* ArgumentParser in Frameworks */ = {isa = PBXBuildFile; productRef = 76319368287D24F600D36BF7 /* ArgumentParser */; }; 7631936C287D29B700D36BF7 /* AuthorizationDBManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */; }; 76319373287E18BF00D36BF7 /* DataExtension.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632909B2876673500CF8857 /* DataExtension.swift */; }; 76319374287E198C00D36BF7 /* XCredsLoginPlugin.bundle in Resources */ = {isa = PBXBuildFile; fileRef = 766355BD2870CA6A002E3867 /* XCredsLoginPlugin.bundle */; }; 76319377287E1FAF00D36BF7 /* authrights in Resources */ = {isa = PBXBuildFile; fileRef = 7631935D287D22C700D36BF7 /* authrights */; }; 7632909D2876674100CF8857 /* DataExtension.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632909B2876673500CF8857 /* DataExtension.swift */; }; 7632E39F287347C100E37923 /* XCredsKeychainAdd.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632E39E287347C100E37923 /* XCredsKeychainAdd.swift */; }; 7632E3A12873497C00E37923 /* LogShim.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632E3A02873497C00E37923 /* LogShim.swift */; }; 7632E3A2287357CC00E37923 /* TokenManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AB27FD1D92009E0F3A /* TokenManager.swift */; }; 7632E3A32873581100E37923 /* KeychainUtil.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116B2284B045800CCD6FF /* KeychainUtil.swift */; }; 76342E5A2B282653007D4F29 /* DesktopLoginWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76342E592B282653007D4F29 /* DesktopLoginWindowController.swift */; }; 763AEFDF2C156E1E0059A83D /* WhitePopoverBackgroundView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 763AEFDE2C156E1E0059A83D /* WhitePopoverBackgroundView.swift */; }; 763C039A2D965607000C061F /* icon_64x64.png in Resources */ = {isa = PBXBuildFile; fileRef = 76833EF12D95D4B500375CA4 /* icon_64x64.png */; }; 763DDF1A2B4F1DD4000D48CC /* GSS.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 763DDF192B4F1DD4000D48CC /* GSS.framework */; }; 764297AB2D015AB800678928 /* SetupCardWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 764297AA2D015AB800678928 /* SetupCardWindowController.xib */; }; 764297AD2D015AB800678928 /* SetupCardWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 764297A92D015AB800678928 /* SetupCardWindowController.swift */; }; 764297AE2D015AB800678928 /* SetupCardWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 764297AA2D015AB800678928 /* SetupCardWindowController.xib */; }; 764446FD2CF80CD800E6289E /* StateFileHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 764446FC2CF80CD800E6289E /* StateFileHelper.swift */; }; 764446FE2CF80CD800E6289E /* StateFileHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 764446FC2CF80CD800E6289E /* StateFileHelper.swift */; }; 764447142CF825C500E6289E /* AuthRightsHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76786F4E2A27C31400AA8DB9 /* AuthRightsHelper.swift */; }; 764447152CF825D500E6289E /* AuthRightsHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76786F4E2A27C31400AA8DB9 /* AuthRightsHelper.swift */; }; 764447212CF8307200E6289E /* StateFileHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 764446FC2CF80CD800E6289E /* StateFileHelper.swift */; }; 764447222CF830A700E6289E /* PrefKeys.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AD27FD1DC3009E0F3A /* PrefKeys.swift */; }; 764447232CF830CB00E6289E /* DefaultsOverride.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766FD60C2A1B06AC00C8F244 /* DefaultsOverride.swift */; }; 76477E042C626B5D00F01D56 /* OIDCLite in Frameworks */ = {isa = PBXBuildFile; productRef = 76477E032C626B5D00F01D56 /* OIDCLite */; }; 764859F22B2FA2E800507C16 /* Window+ForceToFront.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AF27FD1DD8009E0F3A /* Window+ForceToFront.swift */; }; 7649056F2B6CADA9008B552F /* xcredsmenuItemWindowBackgroundImage.png in Resources */ = {isa = PBXBuildFile; fileRef = 7649056E2B6CADA9008B552F /* xcredsmenuItemWindowBackgroundImage.png */; }; 764D8126284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 764D8124284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.swift */; }; 764D8127284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 764D8125284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.xib */; }; 764D8129284BCAB100B3EE54 /* Window+Shake.swift in Sources */ = {isa = PBXBuildFile; fileRef = 764D8128284BCAB100B3EE54 /* Window+Shake.swift */; }; 764D812C284BCC7400B3EE54 /* VerifyOIDCPasswordWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 764D812A284BCC7400B3EE54 /* VerifyOIDCPasswordWindowController.swift */; }; 764D812D284BCC7400B3EE54 /* VerifyOIDCPassword.xib in Resources */ = {isa = PBXBuildFile; fileRef = 764D812B284BCC7400B3EE54 /* VerifyOIDCPassword.xib */; }; 764D812F284C06AB00B3EE54 /* defaults.plist in Resources */ = {isa = PBXBuildFile; fileRef = 764D812E284C06AB00B3EE54 /* defaults.plist */; }; 764D8133284D14A500B3EE54 /* Credits.txt in Resources */ = {isa = PBXBuildFile; fileRef = 764D8132284D14A500B3EE54 /* Credits.txt */; }; 7651EDED2A1451590075980B /* LocalUsersViewController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 7651EDEC2A1451590075980B /* LocalUsersViewController.xib */; }; 7651EDF72A1474330075980B /* LoginWebViewController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 7651EDF62A1474330075980B /* LoginWebViewController.xib */; }; 765348872E973B0800FECD7C /* LoggerHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766D66622E961F8F009CE2BF /* LoggerHelper.swift */; }; 765348882E973B0F00FECD7C /* TCSUnifiedLogger.m in Sources */ = {isa = PBXBuildFile; fileRef = 766D66732E961F8F009CE2BF /* TCSUnifiedLogger.m */; }; 765348962E973C7200FECD7C /* NSFileManager+TCSRealHomeFolder.m in Sources */ = {isa = PBXBuildFile; fileRef = 766D666C2E961F8F009CE2BF /* NSFileManager+TCSRealHomeFolder.m */; }; 7657DEAF2B3503BF003A23DB /* SessionManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEAE2B3503BF003A23DB /* SessionManager.swift */; }; 7657DEB02B3503BF003A23DB /* SessionManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEAE2B3503BF003A23DB /* SessionManager.swift */; }; 7657DEB32B350476003A23DB /* NoMADSession.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEB22B350476003A23DB /* NoMADSession.swift */; }; 7657DEB42B350476003A23DB /* NoMADSession.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEB22B350476003A23DB /* NoMADSession.swift */; }; 7657DEB62B3504A6003A23DB /* UserRecord.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEB52B3504A6003A23DB /* UserRecord.swift */; }; 7657DEB72B3504A6003A23DB /* UserRecord.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEB52B3504A6003A23DB /* UserRecord.swift */; }; 7657DEBC2B35055F003A23DB /* Logger.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEBB2B35055F003A23DB /* Logger.swift */; }; 7657DEBD2B35055F003A23DB /* Logger.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEBB2B35055F003A23DB /* Logger.swift */; }; 7657DEC02B3505A3003A23DB /* DNSResolver.m in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEBE2B3505A3003A23DB /* DNSResolver.m */; }; 7657DEC32B3505CB003A23DB /* ADLDAPPing.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEC22B3505CB003A23DB /* ADLDAPPing.swift */; }; 7657DEC42B3505CB003A23DB /* ADLDAPPing.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEC22B3505CB003A23DB /* ADLDAPPing.swift */; }; 7657DEC62B3505EB003A23DB /* Extensions.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEC52B3505EB003A23DB /* Extensions.swift */; }; 7657DEC72B3505EB003A23DB /* Extensions.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEC52B3505EB003A23DB /* Extensions.swift */; }; 7657DEC92B350606003A23DB /* KlistUtil.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEC82B350606003A23DB /* KlistUtil.swift */; }; 7657DECC2B35061E003A23DB /* SiteManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DECB2B35061E003A23DB /* SiteManager.swift */; }; 7657DECD2B35061E003A23DB /* SiteManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DECB2B35061E003A23DB /* SiteManager.swift */; }; 7657DED92B351B5B003A23DB /* UNIXUtilities.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DED82B351B5B003A23DB /* UNIXUtilities.swift */; }; 7657DEDA2B351B5B003A23DB /* UNIXUtilities.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DED82B351B5B003A23DB /* UNIXUtilities.swift */; }; 766184B82DCE5DB5009D5A8C /* colorline.png in Resources */ = {isa = PBXBuildFile; fileRef = 766184B72DCE5DB5009D5A8C /* colorline.png */; }; 766184B92DCE5DB5009D5A8C /* colorline.png in Resources */ = {isa = PBXBuildFile; fileRef = 766184B72DCE5DB5009D5A8C /* colorline.png */; }; 76634F372D05FFA3000A63E8 /* LogOnly.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76634F362D05FFA3000A63E8 /* LogOnly.swift */; }; 766355C32870CB6F002E3867 /* XCredsLoginPlugin.m in Sources */ = {isa = PBXBuildFile; fileRef = 766355C22870CB6F002E3867 /* XCredsLoginPlugin.m */; }; 766355CC2870E9AD002E3867 /* WebViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06B327FD1E5F009E0F3A /* WebViewController.swift */; }; 766355CE2870E9D3002E3867 /* OIDCLite in Frameworks */ = {isa = PBXBuildFile; productRef = 766355CD2870E9D3002E3867 /* OIDCLite */; }; 766355CF2870E9E7002E3867 /* PrefKeys.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AD27FD1DC3009E0F3A /* PrefKeys.swift */; }; 766355D12870EBAD002E3867 /* VerifyOIDCPassword.xib in Resources */ = {isa = PBXBuildFile; fileRef = 764D812B284BCC7400B3EE54 /* VerifyOIDCPassword.xib */; }; 766355D928711C51002E3867 /* defaults.plist in Resources */ = {isa = PBXBuildFile; fileRef = 764D812E284C06AB00B3EE54 /* defaults.plist */; }; 766355DB287132E9002E3867 /* LoginWebViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766355DA287132E9002E3867 /* LoginWebViewController.swift */; }; 766355DC287133C7002E3867 /* WebViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06B327FD1E5F009E0F3A /* WebViewController.swift */; }; 766355E328713C4A002E3867 /* LoginWindow.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766355E128713C47002E3867 /* LoginWindow.swift */; }; 766355E5287148C1002E3867 /* Tokens.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766355E4287148C1002E3867 /* Tokens.swift */; }; 766355E6287148C1002E3867 /* Tokens.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766355E4287148C1002E3867 /* Tokens.swift */; }; 76673CD229D3CFF900452848 /* errorpage.html in Resources */ = {isa = PBXBuildFile; fileRef = 766CC43729D3AED2009BC526 /* errorpage.html */; }; 76673CD529D3D5F500452848 /* LicenseChecker.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76673CD429D3D5F500452848 /* LicenseChecker.swift */; }; 76673CD629D3D5F500452848 /* LicenseChecker.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76673CD429D3D5F500452848 /* LicenseChecker.swift */; }; 766C602D2D3F409D0033E274 /* XCredsAudit.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766C602C2D3F409D0033E274 /* XCredsAudit.swift */; }; 766C602E2D3F409D0033E274 /* XCredsAudit.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766C602C2D3F409D0033E274 /* XCredsAudit.swift */; }; 766CC43829D3AED2009BC526 /* errorpage.html in Resources */ = {isa = PBXBuildFile; fileRef = 766CC43729D3AED2009BC526 /* errorpage.html */; }; 766D66792E961FA9009CE2BF /* CCIDCardReader.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766D66612E961F8F009CE2BF /* CCIDCardReader.swift */; }; 766D667A2E961FA9009CE2BF /* CCIDCardReader.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766D66612E961F8F009CE2BF /* CCIDCardReader.swift */; }; 766D667B2E961FDB009CE2BF /* LoggerHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766D66622E961F8F009CE2BF /* LoggerHelper.swift */; }; 766D667C2E961FDB009CE2BF /* LoggerHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766D66622E961F8F009CE2BF /* LoggerHelper.swift */; }; 766D667D2E961FDB009CE2BF /* LoggerHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766D66622E961F8F009CE2BF /* LoggerHelper.swift */; }; 766D667E2E961FDB009CE2BF /* LoggerHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766D66622E961F8F009CE2BF /* LoggerHelper.swift */; }; 766D667F2E961FDB009CE2BF /* LoggerHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766D66622E961F8F009CE2BF /* LoggerHelper.swift */; }; 766D66802E961FDB009CE2BF /* LoggerHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766D66622E961F8F009CE2BF /* LoggerHelper.swift */; }; 766D66812E961FDB009CE2BF /* LoggerHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766D66622E961F8F009CE2BF /* LoggerHelper.swift */; }; 766D66822E961FDB009CE2BF /* LoggerHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766D66622E961F8F009CE2BF /* LoggerHelper.swift */; }; 766D66832E962019009CE2BF /* NSAlert+showAlert.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766D66642E961F8F009CE2BF /* NSAlert+showAlert.swift */; }; 766D66842E96203C009CE2BF /* NetworkManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766D66632E961F8F009CE2BF /* NetworkManager.swift */; }; 766D66852E96203C009CE2BF /* NetworkManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766D66632E961F8F009CE2BF /* NetworkManager.swift */; }; 766D66872E9620AC009CE2BF /* NetworkMonitor.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766D66862E96209F009CE2BF /* NetworkMonitor.swift */; }; 766D66882E9620AC009CE2BF /* NetworkMonitor.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766D66862E96209F009CE2BF /* NetworkMonitor.swift */; }; 766D66892E9620C6009CE2BF /* NSBundle+FindBundlePath.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766D66652E961F8F009CE2BF /* NSBundle+FindBundlePath.swift */; }; 766D668A2E9620C6009CE2BF /* NSBundle+FindBundlePath.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766D66652E961F8F009CE2BF /* NSBundle+FindBundlePath.swift */; }; 766D668B2E9620D9009CE2BF /* NSButton+Color.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766D66662E961F8F009CE2BF /* NSButton+Color.swift */; }; 766D668C2E9620D9009CE2BF /* NSButton+Color.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766D66662E961F8F009CE2BF /* NSButton+Color.swift */; }; 766D668D2E9620F5009CE2BF /* NSData+SHA1.m in Sources */ = {isa = PBXBuildFile; fileRef = 766D666A2E961F8F009CE2BF /* NSData+SHA1.m */; }; 766D668E2E9620F5009CE2BF /* NSData+SHA1.m in Sources */ = {isa = PBXBuildFile; fileRef = 766D666A2E961F8F009CE2BF /* NSData+SHA1.m */; }; 766D668F2E9620FA009CE2BF /* NSData+HexString.m in Sources */ = {isa = PBXBuildFile; fileRef = 766D66682E961F8F009CE2BF /* NSData+HexString.m */; }; 766D66902E9620FA009CE2BF /* NSData+HexString.m in Sources */ = {isa = PBXBuildFile; fileRef = 766D66682E961F8F009CE2BF /* NSData+HexString.m */; }; 766D66912E962120009CE2BF /* NSFileManager+TCSRealHomeFolder.m in Sources */ = {isa = PBXBuildFile; fileRef = 766D666C2E961F8F009CE2BF /* NSFileManager+TCSRealHomeFolder.m */; }; 766D66922E962120009CE2BF /* NSFileManager+TCSRealHomeFolder.m in Sources */ = {isa = PBXBuildFile; fileRef = 766D666C2E961F8F009CE2BF /* NSFileManager+TCSRealHomeFolder.m */; }; 766D66932E962120009CE2BF /* NSFileManager+TCSRealHomeFolder.m in Sources */ = {isa = PBXBuildFile; fileRef = 766D666C2E961F8F009CE2BF /* NSFileManager+TCSRealHomeFolder.m */; }; 766D66942E962120009CE2BF /* NSFileManager+TCSRealHomeFolder.m in Sources */ = {isa = PBXBuildFile; fileRef = 766D666C2E961F8F009CE2BF /* NSFileManager+TCSRealHomeFolder.m */; }; 766D66952E962120009CE2BF /* NSFileManager+TCSRealHomeFolder.m in Sources */ = {isa = PBXBuildFile; fileRef = 766D666C2E961F8F009CE2BF /* NSFileManager+TCSRealHomeFolder.m */; }; 766D66962E962120009CE2BF /* NSFileManager+TCSRealHomeFolder.m in Sources */ = {isa = PBXBuildFile; fileRef = 766D666C2E961F8F009CE2BF /* NSFileManager+TCSRealHomeFolder.m */; }; 766D66972E962120009CE2BF /* NSFileManager+TCSRealHomeFolder.m in Sources */ = {isa = PBXBuildFile; fileRef = 766D666C2E961F8F009CE2BF /* NSFileManager+TCSRealHomeFolder.m */; }; 766D66982E962120009CE2BF /* NSFileManager+TCSRealHomeFolder.m in Sources */ = {isa = PBXBuildFile; fileRef = 766D666C2E961F8F009CE2BF /* NSFileManager+TCSRealHomeFolder.m */; }; 766D66992E962133009CE2BF /* NSImage+String.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766D666D2E961F8F009CE2BF /* NSImage+String.swift */; }; 766D669A2E962133009CE2BF /* NSImage+String.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766D666D2E961F8F009CE2BF /* NSImage+String.swift */; }; 766D669E2E962157009CE2BF /* String+Base64URLEncoded.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766D666F2E961F8F009CE2BF /* String+Base64URLEncoded.swift */; }; 766D669F2E962157009CE2BF /* String+Base64URLEncoded.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766D666F2E961F8F009CE2BF /* String+Base64URLEncoded.swift */; }; 766D66A02E96216E009CE2BF /* TCSKeychain.m in Sources */ = {isa = PBXBuildFile; fileRef = 766D66712E961F8F009CE2BF /* TCSKeychain.m */; }; 766D66A12E96216E009CE2BF /* TCSKeychain.m in Sources */ = {isa = PBXBuildFile; fileRef = 766D66712E961F8F009CE2BF /* TCSKeychain.m */; }; 766D66A22E962186009CE2BF /* TCSUnifiedLogger.m in Sources */ = {isa = PBXBuildFile; fileRef = 766D66732E961F8F009CE2BF /* TCSUnifiedLogger.m */; }; 766D66A32E962186009CE2BF /* TCSUnifiedLogger.m in Sources */ = {isa = PBXBuildFile; fileRef = 766D66732E961F8F009CE2BF /* TCSUnifiedLogger.m */; }; 766D66A42E962186009CE2BF /* TCSUnifiedLogger.m in Sources */ = {isa = PBXBuildFile; fileRef = 766D66732E961F8F009CE2BF /* TCSUnifiedLogger.m */; }; 766D66A52E962186009CE2BF /* TCSUnifiedLogger.m in Sources */ = {isa = PBXBuildFile; fileRef = 766D66732E961F8F009CE2BF /* TCSUnifiedLogger.m */; }; 766D66A62E962186009CE2BF /* TCSUnifiedLogger.m in Sources */ = {isa = PBXBuildFile; fileRef = 766D66732E961F8F009CE2BF /* TCSUnifiedLogger.m */; }; 766D66A72E962186009CE2BF /* TCSUnifiedLogger.m in Sources */ = {isa = PBXBuildFile; fileRef = 766D66732E961F8F009CE2BF /* TCSUnifiedLogger.m */; }; 766D66A82E962186009CE2BF /* TCSUnifiedLogger.m in Sources */ = {isa = PBXBuildFile; fileRef = 766D66732E961F8F009CE2BF /* TCSUnifiedLogger.m */; }; 766D66A92E962186009CE2BF /* TCSUnifiedLogger.m in Sources */ = {isa = PBXBuildFile; fileRef = 766D66732E961F8F009CE2BF /* TCSUnifiedLogger.m */; }; 766D66AA2E962198009CE2BF /* TCTaskHelper.m in Sources */ = {isa = PBXBuildFile; fileRef = 766D66752E961F8F009CE2BF /* TCTaskHelper.m */; }; 766D66AB2E962198009CE2BF /* TCTaskHelper.m in Sources */ = {isa = PBXBuildFile; fileRef = 766D66752E961F8F009CE2BF /* TCTaskHelper.m */; }; 766D66AC2E962198009CE2BF /* TCTaskHelper.m in Sources */ = {isa = PBXBuildFile; fileRef = 766D66752E961F8F009CE2BF /* TCTaskHelper.m */; }; 766D66AD2E9621EC009CE2BF /* TCTaskWrapperWithBlocks.m in Sources */ = {isa = PBXBuildFile; fileRef = 766D66772E961F8F009CE2BF /* TCTaskWrapperWithBlocks.m */; }; 766D66AE2E9621EC009CE2BF /* TCTaskWrapperWithBlocks.m in Sources */ = {isa = PBXBuildFile; fileRef = 766D66772E961F8F009CE2BF /* TCTaskWrapperWithBlocks.m */; }; 766D66B12E962231009CE2BF /* NSError+EasyError.m in Sources */ = {isa = PBXBuildFile; fileRef = 766D66B02E962231009CE2BF /* NSError+EasyError.m */; }; 766D66B22E962231009CE2BF /* NSError+EasyError.m in Sources */ = {isa = PBXBuildFile; fileRef = 766D66B02E962231009CE2BF /* NSError+EasyError.m */; }; 766D67782E96249A009CE2BF /* UsernamePassword.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766D67772E96249A009CE2BF /* UsernamePassword.swift */; }; 766D67792E96249A009CE2BF /* UsernamePassword.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766D67772E96249A009CE2BF /* UsernamePassword.swift */; }; 766F1E562D495BBF00AA5637 /* com.twocanoes.xcreds.json in Resources */ = {isa = PBXBuildFile; fileRef = 766F1E552D495BBF00AA5637 /* com.twocanoes.xcreds.json */; }; 766F4C4B2883AFD90021F548 /* pleaseWaitGraphic.png in Resources */ = {isa = PBXBuildFile; fileRef = 766F4C4A2883AFD90021F548 /* pleaseWaitGraphic.png */; }; 766FD60D2A1B06AC00C8F244 /* DefaultsOverride.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766FD60C2A1B06AC00C8F244 /* DefaultsOverride.swift */; }; 767116A7284AABC500CCD6FF /* NotifyManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116A6284AABC500CCD6FF /* NotifyManager.swift */; }; 767116A9284AAE2B00CCD6FF /* ScheduleManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116A8284AAE2B00CCD6FF /* ScheduleManager.swift */; }; 767116AC284AB4C000CCD6FF /* PasswordUtils.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116AB284AB4C000CCD6FF /* PasswordUtils.swift */; }; 767116B1284B021500CCD6FF /* MainController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116B0284B021500CCD6FF /* MainController.swift */; }; 767116B3284B045800CCD6FF /* KeychainUtil.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116B2284B045800CCD6FF /* KeychainUtil.swift */; }; 7677908628908E40004E7085 /* WifiWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7677908328908E40004E7085 /* WifiWindowController.swift */; }; 7677908828908E40004E7085 /* WifiWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 7677908528908E40004E7085 /* WifiWindowController.xib */; }; 76786F562A27C36A00AA8DB9 /* main.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76786F552A27C36A00AA8DB9 /* main.swift */; }; 76786F5A2A27C37100AA8DB9 /* AuthRightsHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76786F4E2A27C31400AA8DB9 /* AuthRightsHelper.swift */; }; 76786F5B2A27C38800AA8DB9 /* AuthorizationDBManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */; }; 767916FE2E994EA100D99062 /* FileVaultLoginHelper in Embed Helper Tools */ = {isa = PBXBuildFile; fileRef = 765348762E97363900FECD7C /* FileVaultLoginHelper */; settings = {ATTRIBUTES = (CodeSignOnCopy, ); }; }; 767917042E994F8D00D99062 /* HelperToolManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767916F02E994E2200D99062 /* HelperToolManager.swift */; }; 767917072E994FF200D99062 /* FileVaultLogin.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767917062E994FE100D99062 /* FileVaultLogin.swift */; }; 767B939C2A28279E0038935E /* View+Shake.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767B939B2A28279E0038935E /* View+Shake.swift */; }; 767B939D2A28289E0038935E /* View+Shake.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767B939B2A28279E0038935E /* View+Shake.swift */; }; 767C42842AC6645700542099 /* AuthRightsHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76786F4E2A27C31400AA8DB9 /* AuthRightsHelper.swift */; }; 767CB2D02B13B92B006CA2AC /* OpenDirectory.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 767CB2CF2B13B92B006CA2AC /* OpenDirectory.framework */; }; 7681FEC52A4C8B9000F91CD1 /* AboutWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7681FEC42A4C8B9000F91CD1 /* AboutWindowController.swift */; }; 7681FEC72A4C8BC800F91CD1 /* AboutWindow.xib in Resources */ = {isa = PBXBuildFile; fileRef = 7681FEC62A4C8BC800F91CD1 /* AboutWindow.xib */; }; 7681FEC92A4CFEA200F91CD1 /* com.twocanoes.xcreds.plist in Resources */ = {isa = PBXBuildFile; fileRef = 7681FEC82A4CFEA200F91CD1 /* com.twocanoes.xcreds.plist */; }; 76833EF22D95D4B500375CA4 /* icon_64x64.png in Resources */ = {isa = PBXBuildFile; fileRef = 76833EF12D95D4B500375CA4 /* icon_64x64.png */; }; 76873E2F2A107736001418A9 /* DefaultsHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76873E2E2A107736001418A9 /* DefaultsHelper.swift */; }; 76873E302A107736001418A9 /* DefaultsHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76873E2E2A107736001418A9 /* DefaultsHelper.swift */; }; 76A247552C22747400859E0A /* CryptoTokenKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 76A247542C22747400859E0A /* CryptoTokenKit.framework */; }; 76A247582C22747400859E0A /* Token.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76A247572C22747400859E0A /* Token.swift */; }; 76A2475A2C22747400859E0A /* TokenDriver.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76A247592C22747400859E0A /* TokenDriver.swift */; }; 76A2475C2C22747400859E0A /* TokenSession.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76A2475B2C22747400859E0A /* TokenSession.swift */; }; 76A35FD22EAC0DC400099940 /* FDESetupHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76A35FD12EAC0DC400099940 /* FDESetupHelper.swift */; }; 76A35FD32EAC0DC400099940 /* FDESetupHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76A35FD12EAC0DC400099940 /* FDESetupHelper.swift */; }; 76A52FDB2CF625EC00591252 /* Logger.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEBB2B35055F003A23DB /* Logger.swift */; }; 76AB89E12A12FAF900529D90 /* OIDCLite in Frameworks */ = {isa = PBXBuildFile; productRef = 76AB89E02A12FAF900529D90 /* OIDCLite */; }; 76AB89E32A12FB4900529D90 /* ArgumentParser in Frameworks */ = {isa = PBXBuildFile; productRef = 76AB89E22A12FB4900529D90 /* ArgumentParser */; }; 76B040A428EFC788002A289B /* Helper+JWTDecode.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76B040A328EFC788002A289B /* Helper+JWTDecode.swift */; }; 76B040A528EFC788002A289B /* Helper+JWTDecode.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76B040A328EFC788002A289B /* Helper+JWTDecode.swift */; }; 76B83A662C75711E00709C17 /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 76EE069F27FD1D01009E0F3A /* Assets.xcassets */; }; 76BE1DA12ED526AC001A4BE8 /* GoogleLDAP.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BE1DA02ED526AC001A4BE8 /* GoogleLDAP.swift */; }; 76BE1DA22ED526AC001A4BE8 /* GoogleLDAP.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BE1DA02ED526AC001A4BE8 /* GoogleLDAP.swift */; }; 76BEF7DD2871F5F00013E2A1 /* TCSReturnWindow.m in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7DB2871F5F00013E2A1 /* TCSReturnWindow.m */; }; 76BEF7E12871F74D0013E2A1 /* ControlsViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7E02871F74D0013E2A1 /* ControlsViewController.swift */; }; 76BEF7E4287202090013E2A1 /* RestartX.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7E2287202080013E2A1 /* RestartX.png */; }; 76BEF7E5287202090013E2A1 /* RestartX@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7E3287202080013E2A1 /* RestartX@2x.png */; }; 76BEF7E8287202AF0013E2A1 /* ShutdownX.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7E6287202AF0013E2A1 /* ShutdownX.png */; }; 76BEF7E9287202AF0013E2A1 /* ShutdownX@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7E7287202AF0013E2A1 /* ShutdownX@2x.png */; }; 76BEF7EC28724A0B0013E2A1 /* XCredsLoginMechanism.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7EA28724A0B0013E2A1 /* XCredsLoginMechanism.swift */; }; 76BEF7ED28724A0C0013E2A1 /* XCredsBaseMechanism.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7EB28724A0B0013E2A1 /* XCredsBaseMechanism.swift */; }; 76BEF7F328724F120013E2A1 /* XCredsPowerControlMechanism.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F228724F120013E2A1 /* XCredsPowerControlMechanism.swift */; }; 76BEF7F82872504C0013E2A1 /* ContextAndHintHandling.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F72872504C0013E2A1 /* ContextAndHintHandling.swift */; }; 76BEF7FA28726C700013E2A1 /* AuthorizationDBManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */; }; 76BEF8002872A3030013E2A1 /* loginwindow@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7FE2872A3030013E2A1 /* loginwindow@2x.png */; }; 76BEF8012872A3030013E2A1 /* loginwindow.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7FF2872A3030013E2A1 /* loginwindow.png */; }; 76C0840B2A9A311E008039FA /* ControlsViewController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76C084092A9A2635008039FA /* ControlsViewController.xib */; }; 76C4BAB02B353A30007B2C57 /* KlistUtil.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEC82B350606003A23DB /* KlistUtil.swift */; }; 76C4BAB12B353A3A007B2C57 /* DNSResolver.m in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEBE2B3505A3003A23DB /* DNSResolver.m */; }; 76C4BAB32B353AD7007B2C57 /* libresolv.tbd in Frameworks */ = {isa = PBXBuildFile; fileRef = 76C4BAB22B353AD7007B2C57 /* libresolv.tbd */; }; 76C4BAB42B353ADD007B2C57 /* libresolv.tbd in Frameworks */ = {isa = PBXBuildFile; fileRef = 76C4BAB22B353AD7007B2C57 /* libresolv.tbd */; }; 76C4BAB62B353AF7007B2C57 /* Kerberos.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 76C4BAB52B353AF7007B2C57 /* Kerberos.framework */; }; 76C4BAB72B353AFD007B2C57 /* Kerberos.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 76C4BAB52B353AF7007B2C57 /* Kerberos.framework */; }; 76C4BABC2B3544C6007B2C57 /* UNIXUtilities.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DED82B351B5B003A23DB /* UNIXUtilities.swift */; }; 76C63A322A22872700810C53 /* History.md in Resources */ = {isa = PBXBuildFile; fileRef = 76C63A312A22872700810C53 /* History.md */; }; 76C661D82D3974910005F2CD /* PinPromptWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76C661D72D3974910005F2CD /* PinPromptWindowController.xib */; }; 76C661D92D3974910005F2CD /* PinPromptWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76C661D62D3974910005F2CD /* PinPromptWindowController.swift */; }; 76C661DA2D3974F30005F2CD /* SetupCardWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 764297A92D015AB800678928 /* SetupCardWindowController.swift */; }; 76C661DB2D3975010005F2CD /* PinPromptWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76C661D62D3974910005F2CD /* PinPromptWindowController.swift */; }; 76C840882D03BFF400E41802 /* PinSetWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76C840872D03BFF400E41802 /* PinSetWindowController.xib */; }; 76C840892D03BFF400E41802 /* PinSetWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76C840862D03BFF400E41802 /* PinSetWindowController.swift */; }; 76C8408A2D03BFF400E41802 /* PinSetWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76C840872D03BFF400E41802 /* PinSetWindowController.xib */; }; 76C8408B2D03BFF400E41802 /* PinSetWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76C840862D03BFF400E41802 /* PinSetWindowController.swift */; }; 76CA72BA2D0794D800C209A1 /* xcredstap.appex in Embed Foundation Extensions */ = {isa = PBXBuildFile; fileRef = 76A247532C22747400859E0A /* xcredstap.appex */; settings = {ATTRIBUTES = (RemoveHeadersOnCopy, ); }; }; 76CB9077287FBEEA00C70D0C /* Helper+URLDecode.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76CB9076287FBEEA00C70D0C /* Helper+URLDecode.swift */; }; 76CB9078287FBEEA00C70D0C /* Helper+URLDecode.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76CB9076287FBEEA00C70D0C /* Helper+URLDecode.swift */; }; 76CB907B2880E41E00C70D0C /* LogShim.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632E3A02873497C00E37923 /* LogShim.swift */; }; 76CB907E288112C200C70D0C /* xcreds_login.sh in Resources */ = {isa = PBXBuildFile; fileRef = 76CB907C288112AF00C70D0C /* xcreds_login.sh */; }; 76CCF5442B12E478003F85E9 /* SelectLocalAccountWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76CCF5422B12E478003F85E9 /* SelectLocalAccountWindowController.swift */; }; 76CCF5452B12E478003F85E9 /* SelectLocalAccountWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76CCF5432B12E478003F85E9 /* SelectLocalAccountWindowController.xib */; }; 76D1756A2B23C28700E64A62 /* MainLoginWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76FDC5D52B22D47A0035D61E /* MainLoginWindowController.xib */; }; 76D175712B23C2DB00E64A62 /* AuthorizationDBManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */; }; 76D175742B23C57500E64A62 /* LocalUsersViewController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 7651EDEC2A1451590075980B /* LocalUsersViewController.xib */; }; 76D175772B23C62A00E64A62 /* UpdatePasswordWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76E466642B1A4C16006529B6 /* UpdatePasswordWindowController.swift */; }; 76D1757E2B24096C00E64A62 /* MainLoginWindow.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76D1757D2B24096C00E64A62 /* MainLoginWindow.swift */; }; 76D925D32894ADB4005C3245 /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 76EE069F27FD1D01009E0F3A /* Assets.xcassets */; }; 76DB5CF42A09AE9A0014F8E1 /* get_pw.js in Resources */ = {isa = PBXBuildFile; fileRef = 76DB5CF32A09AE9A0014F8E1 /* get_pw.js */; }; 76DB5CF52A09AE9A0014F8E1 /* get_pw.js in Resources */ = {isa = PBXBuildFile; fileRef = 76DB5CF32A09AE9A0014F8E1 /* get_pw.js */; }; 76DC0A6828836EB1007C42B2 /* AppDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76DC0A6728836EB1007C42B2 /* AppDelegate.swift */; }; 76DC0A6A28836EB2007C42B2 /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 76DC0A6928836EB2007C42B2 /* Assets.xcassets */; }; 76DC0A6D28836EB2007C42B2 /* MainMenu.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76DC0A6B28836EB2007C42B2 /* MainMenu.xib */; }; 76DC0A7328836EFE007C42B2 /* TCSReturnWindow.m in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7DB2871F5F00013E2A1 /* TCSReturnWindow.m */; }; 76DC0A7428836F45007C42B2 /* RestartX@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7E3287202080013E2A1 /* RestartX@2x.png */; }; 76DC0A79288370BA007C42B2 /* com.twocanoes.xcreds-overlay.plist in Resources */ = {isa = PBXBuildFile; fileRef = 76DC0A78288370BA007C42B2 /* com.twocanoes.xcreds-overlay.plist */; }; 76DC0A7C28837158007C42B2 /* XCreds Login Overlay.app in Resources */ = {isa = PBXBuildFile; fileRef = 76DC0A6528836EB1007C42B2 /* XCreds Login Overlay.app */; }; 76DC0A7E288376BC007C42B2 /* TCSXCredsLoginOverlayWindow.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76DC0A7D288376BC007C42B2 /* TCSXCredsLoginOverlayWindow.swift */; }; 76DC0A83288382D2007C42B2 /* returnArrow.png in Resources */ = {isa = PBXBuildFile; fileRef = 76DC0A7628837028007C42B2 /* returnArrow.png */; }; 76DC0A8428838375007C42B2 /* AuthorizationDBManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */; }; 76DD6D17285997F300A700ED /* OIDCLite in Frameworks */ = {isa = PBXBuildFile; productRef = 76DD6D16285997F300A700ED /* OIDCLite */; }; 76DF1D5B2A2AD42C00770690 /* LocalCheckAndMigrate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418DA2A13328C0051411B /* LocalCheckAndMigrate.swift */; }; 76DF50B62A1C5EFF007BC708 /* DefaultsOverride.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766FD60C2A1B06AC00C8F244 /* DefaultsOverride.swift */; }; 76DF7FD52B50FA9A00B3B543 /* UpdatePasswordWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76E466652B1A4C16006529B6 /* UpdatePasswordWindowController.xib */; }; 76E466662B1A4C16006529B6 /* UpdatePasswordWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76E466642B1A4C16006529B6 /* UpdatePasswordWindowController.swift */; }; 76E466672B1A4C16006529B6 /* UpdatePasswordWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76E466652B1A4C16006529B6 /* UpdatePasswordWindowController.xib */; }; 76E74DCF2B3902F0004C6429 /* XCredsMechanismProtocol.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76E74DCE2B3902F0004C6429 /* XCredsMechanismProtocol.swift */; }; 76E74DD02B3902F0004C6429 /* XCredsMechanismProtocol.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76E74DCE2B3902F0004C6429 /* XCredsMechanismProtocol.swift */; }; 76E74DD12B390327004C6429 /* ContextAndHintHandling.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F72872504C0013E2A1 /* ContextAndHintHandling.swift */; }; 76E74DD22B39034B004C6429 /* SelectLocalAccountWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76CCF5422B12E478003F85E9 /* SelectLocalAccountWindowController.swift */; }; 76E74DD32B390358004C6429 /* LoginWebViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766355DA287132E9002E3867 /* LoginWebViewController.swift */; }; 76E9CE702A0DC6E30060220C /* TCSLoginWindowUtilities.m in Sources */ = {isa = PBXBuildFile; fileRef = 76E9CE6F2A0DC6E30060220C /* TCSLoginWindowUtilities.m */; }; 76EAAFD72CEFE22100A5FEE3 /* XCredsUserSetup.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EAAFD62CEFE22000A5FEE3 /* XCredsUserSetup.swift */; }; 76EAAFDA2CEFED3800A5FEE3 /* SecretKeeper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EAAFD82CEFED3800A5FEE3 /* SecretKeeper.swift */; }; 76EAAFDB2CEFED3800A5FEE3 /* UserSecretManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EAAFD92CEFED3800A5FEE3 /* UserSecretManager.swift */; }; 76EAAFDC2CEFED3800A5FEE3 /* SecretKeeper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EAAFD82CEFED3800A5FEE3 /* SecretKeeper.swift */; }; 76EAAFDD2CEFED3800A5FEE3 /* UserSecretManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EAAFD92CEFED3800A5FEE3 /* UserSecretManager.swift */; }; 76EB23E02CC898D7003F82CB /* ProductLicense.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42229D3A321009BC526 /* ProductLicense.framework */; }; 76EB23E12CC898D7003F82CB /* ProductLicense.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42229D3A321009BC526 /* ProductLicense.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; }; 76EB23E22CC8A232003F82CB /* ProductLicense.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42229D3A321009BC526 /* ProductLicense.framework */; }; 76EB23E32CC8A232003F82CB /* ProductLicense.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42229D3A321009BC526 /* ProductLicense.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; }; 76EB23E42CC8A3CB003F82CB /* ProductLicense.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42229D3A321009BC526 /* ProductLicense.framework */; }; 76EB23E52CC8A3CB003F82CB /* ProductLicense.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42229D3A321009BC526 /* ProductLicense.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; }; 76EE069E27FD1D00009E0F3A /* AppDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE069D27FD1D00009E0F3A /* AppDelegate.swift */; }; 76EE06A027FD1D01009E0F3A /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 76EE069F27FD1D01009E0F3A /* Assets.xcassets */; }; 76EE06A327FD1D01009E0F3A /* MainMenu.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76EE06A127FD1D01009E0F3A /* MainMenu.xib */; }; 76EE06AC27FD1D92009E0F3A /* TokenManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AB27FD1D92009E0F3A /* TokenManager.swift */; }; 76EE06AE27FD1DC3009E0F3A /* PrefKeys.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AD27FD1DC3009E0F3A /* PrefKeys.swift */; }; 76EE06B027FD1DD8009E0F3A /* Window+ForceToFront.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AF27FD1DD8009E0F3A /* Window+ForceToFront.swift */; }; 76EE06B227FD1E24009E0F3A /* DesktopLoginWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76EE06B127FD1E24009E0F3A /* DesktopLoginWindowController.xib */; }; 76EE06B627FD1E79009E0F3A /* PreferencesWindow.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76EE06B527FD1E79009E0F3A /* PreferencesWindow.xib */; }; 76EE06B827FD1EB7009E0F3A /* PreferencesWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06B727FD1EB7009E0F3A /* PreferencesWindowController.swift */; }; 76EE06C227FD1F50009E0F3A /* StatusMenuController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06C127FD1F50009E0F3A /* StatusMenuController.swift */; }; 76EECCFB2873DFFB00483C66 /* PasswordUtils.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116AB284AB4C000CCD6FF /* PasswordUtils.swift */; }; 76EECCFC2873E6E200483C66 /* VerifyLocalPasswordWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 764D8125284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.xib */; }; 76EECCFD2873E9ED00483C66 /* VerifyLocalPasswordWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 764D8124284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.swift */; }; 76EECCFE2873EA6500483C66 /* Window+Shake.swift in Sources */ = {isa = PBXBuildFile; fileRef = 764D8128284BCAB100B3EE54 /* Window+Shake.swift */; }; 76EECD0228752C1F00483C66 /* LoginWindow.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766355E128713C47002E3867 /* LoginWindow.swift */; }; 76F0B6E02B421FC8008F7D71 /* loadpage.html in Resources */ = {isa = PBXBuildFile; fileRef = 7613FDF6289E114F00340CCD /* loadpage.html */; }; 76F0D8552EBBECFF001DAC01 /* TCSTKSmartCard.m in Sources */ = {isa = PBXBuildFile; fileRef = 76F0D8542EBBECFF001DAC01 /* TCSTKSmartCard.m */; }; 76F0D8562EBBEF2B001DAC01 /* TCSTKSmartCard.m in Sources */ = {isa = PBXBuildFile; fileRef = 76F0D8542EBBECFF001DAC01 /* TCSTKSmartCard.m */; }; 76FDC5D62B22D47A0035D61E /* MainLoginWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76FDC5D42B22D47A0035D61E /* MainLoginWindowController.swift */; }; 76FDC5D72B22D47A0035D61E /* MainLoginWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76FDC5D52B22D47A0035D61E /* MainLoginWindowController.xib */; }; 76FDC5DA2B235A4F0035D61E /* StatusMenuWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76FDC5D82B235A4F0035D61E /* StatusMenuWindowController.swift */; }; 76FDC5DB2B235A4F0035D61E /* StatusMenuWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76FDC5D92B235A4F0035D61E /* StatusMenuWindowController.xib */; }; /* End PBXBuildFile section */ /* Begin PBXContainerItemProxy section */ 760291FE2C116EDB0075FBD8 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 76EE069227FD1D00009E0F3A /* Project object */; proxyType = 1; remoteGlobalIDString = 760291F32C116EDB0075FBD8; remoteInfo = "XCreds AutoFill Extension"; }; 760292052C116EEE0075FBD8 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 76EE069227FD1D00009E0F3A /* Project object */; proxyType = 1; remoteGlobalIDString = 760291DF2C116E450075FBD8; remoteInfo = "XCreds AutoFill"; }; 76319375287E19A500D36BF7 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 76EE069227FD1D00009E0F3A /* Project object */; proxyType = 1; remoteGlobalIDString = 766355BC2870CA6A002E3867; remoteInfo = XCredsLoginPlugin; }; 76319378287E204500D36BF7 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 76EE069227FD1D00009E0F3A /* Project object */; proxyType = 1; remoteGlobalIDString = 7631935C287D22C700D36BF7; remoteInfo = authrights; }; 767917022E994F0300D99062 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 76EE069227FD1D00009E0F3A /* Project object */; proxyType = 1; remoteGlobalIDString = 765348752E97363900FECD7C; remoteInfo = FileVaultLoginHelper; }; 76A2475F2C22747400859E0A /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 76EE069227FD1D00009E0F3A /* Project object */; proxyType = 1; remoteGlobalIDString = 76A247522C22747400859E0A; remoteInfo = tapgo; }; 76DC0A7A28837152007C42B2 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 76EE069227FD1D00009E0F3A /* Project object */; proxyType = 1; remoteGlobalIDString = 76DC0A6428836EB1007C42B2; remoteInfo = "XCreds Login Overlay"; }; /* End PBXContainerItemProxy section */ /* Begin PBXCopyFilesBuildPhase section */ 760292042C116EDB0075FBD8 /* Embed Foundation Extensions */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; dstPath = ""; dstSubfolderSpec = 13; files = ( 760292002C116EDB0075FBD8 /* XCreds Login Password.appex in Embed Foundation Extensions */, ); name = "Embed Foundation Extensions"; runOnlyForDeploymentPostprocessing = 0; }; 7631935B287D22C700D36BF7 /* CopyFiles */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; dstPath = /usr/share/man/man1/; dstSubfolderSpec = 0; files = ( ); runOnlyForDeploymentPostprocessing = 1; }; 765348742E97363900FECD7C /* CopyFiles */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; dstPath = /usr/share/man/man1/; dstSubfolderSpec = 0; files = ( ); runOnlyForDeploymentPostprocessing = 1; }; 766CC42C29D3A3DC009BC526 /* Embed Frameworks */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; dstPath = ""; dstSubfolderSpec = 10; files = ( 76EB23E12CC898D7003F82CB /* ProductLicense.framework in Embed Frameworks */, ); name = "Embed Frameworks"; runOnlyForDeploymentPostprocessing = 0; }; 766CC43129D3A3EC009BC526 /* Embed Frameworks */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; dstPath = ""; dstSubfolderSpec = 10; files = ( 76EB23E52CC8A3CB003F82CB /* ProductLicense.framework in Embed Frameworks */, ); name = "Embed Frameworks"; runOnlyForDeploymentPostprocessing = 0; }; 766CC43629D3A3F8009BC526 /* Embed Frameworks */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; dstPath = ""; dstSubfolderSpec = 10; files = ( 76EB23E32CC8A232003F82CB /* ProductLicense.framework in Embed Frameworks */, ); name = "Embed Frameworks"; runOnlyForDeploymentPostprocessing = 0; }; 76786F512A27C36A00AA8DB9 /* CopyFiles */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; dstPath = /usr/share/man/man1/; dstSubfolderSpec = 0; files = ( ); runOnlyForDeploymentPostprocessing = 1; }; 767916FD2E994E8C00D99062 /* Embed Helper Tools */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; dstPath = ""; dstSubfolderSpec = 6; files = ( 767916FE2E994EA100D99062 /* FileVaultLoginHelper in Embed Helper Tools */, ); name = "Embed Helper Tools"; runOnlyForDeploymentPostprocessing = 0; }; 767916FF2E994EC300D99062 /* Copy LaunchDaemons Property Lists */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; dstPath = Contents/Library/LaunchDaemons; dstSubfolderSpec = 1; files = ( 76189C782E9A021D00BEF023 /* com.twocanoes.FileVaultLoginHelper.plist in Copy LaunchDaemons Property Lists */, ); name = "Copy LaunchDaemons Property Lists"; runOnlyForDeploymentPostprocessing = 0; }; 76A247622C22747400859E0A /* Embed Foundation Extensions */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 12; dstPath = ""; dstSubfolderSpec = 13; files = ( 76CA72BA2D0794D800C209A1 /* xcredstap.appex in Embed Foundation Extensions */, ); name = "Embed Foundation Extensions"; runOnlyForDeploymentPostprocessing = 0; }; /* End PBXCopyFilesBuildPhase section */ /* Begin PBXFileReference section */ 760291CB2C1166870075FBD8 /* AuthenticationServices.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = AuthenticationServices.framework; path = System/Library/Frameworks/AuthenticationServices.framework; sourceTree = SDKROOT; }; 760291E02C116E450075FBD8 /* XCreds Login Autofill.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = "XCreds Login Autofill.app"; sourceTree = BUILT_PRODUCTS_DIR; }; 760291E22C116E450075FBD8 /* AppDelegate.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppDelegate.swift; sourceTree = ""; }; 760291E42C116E450075FBD8 /* ViewController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ViewController.swift; sourceTree = ""; }; 760291E92C116E470075FBD8 /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.storyboard; name = Base; path = Base.lproj/Main.storyboard; sourceTree = ""; }; 760291EB2C116E470075FBD8 /* XCreds_AutoFill.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = XCreds_AutoFill.entitlements; sourceTree = ""; }; 760291F42C116EDB0075FBD8 /* XCreds Login Password.appex */ = {isa = PBXFileReference; explicitFileType = "wrapper.app-extension"; includeInIndex = 0; path = "XCreds Login Password.appex"; sourceTree = BUILT_PRODUCTS_DIR; }; 760291F72C116EDB0075FBD8 /* CredentialProviderViewController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CredentialProviderViewController.swift; sourceTree = ""; }; 760291FA2C116EDB0075FBD8 /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = Base; path = Base.lproj/CredentialProviderViewController.xib; sourceTree = ""; }; 760291FC2C116EDB0075FBD8 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; 760291FD2C116EDB0075FBD8 /* XCreds_AutoFill_Extension.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = XCreds_AutoFill_Extension.entitlements; sourceTree = ""; }; 760418CF2A1332210051411B /* SignInWindowController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = SignInWindowController.swift; sourceTree = ""; }; 760418D42A1332520051411B /* DS+AD.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "DS+AD.swift"; sourceTree = ""; }; 760418D62A1332660051411B /* DSQueryable.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = DSQueryable.swift; sourceTree = ""; }; 760418D82A1332770051411B /* SystemInfoHelper.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = SystemInfoHelper.swift; sourceTree = ""; }; 760418DA2A13328C0051411B /* LocalCheckAndMigrate.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = LocalCheckAndMigrate.swift; sourceTree = ""; }; 760769C02D9120C1006A1F4E /* com.twocanoes.xcreds-launchagent.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = "com.twocanoes.xcreds-launchagent.plist"; sourceTree = ""; }; 7611CEBF288B75140063A644 /* XCredsCreateUser.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = XCredsCreateUser.swift; sourceTree = ""; }; 7611CEC1288B96760063A644 /* XCredsEnableFDE.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = XCredsEnableFDE.swift; sourceTree = ""; }; 7613FDF6289E114F00340CCD /* loadpage.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = loadpage.html; sourceTree = ""; }; 7614D03B2B181A5D006EAF36 /* icon_128x128.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; name = icon_128x128.png; path = XCreds/Assets.xcassets/AppIcon.appiconset/icon_128x128.png; sourceTree = ""; }; 76189C6F2E99FF8800BEF023 /* com.twocanoes.FileVaultLoginHelper.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = com.twocanoes.FileVaultLoginHelper.plist; sourceTree = ""; }; 761B486728A34CC900C6A02B /* LoginProgressWindowController.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; name = LoginProgressWindowController.xib; path = XCredsLoginPlugIn/LoginProgressWindowController.xib; sourceTree = SOURCE_ROOT; }; 761B486B28A3575000C6A02B /* XCredsLoginDone.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = XCredsLoginDone.swift; sourceTree = ""; }; 7631935D287D22C700D36BF7 /* authrights */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = authrights; sourceTree = BUILT_PRODUCTS_DIR; }; 7631935F287D22C700D36BF7 /* authrights.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = authrights.swift; sourceTree = ""; }; 7632909B2876673500CF8857 /* DataExtension.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = DataExtension.swift; sourceTree = ""; }; 7632E39E287347C100E37923 /* XCredsKeychainAdd.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = XCredsKeychainAdd.swift; sourceTree = ""; }; 7632E3A02873497C00E37923 /* LogShim.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = LogShim.swift; path = Mechanisms/LogShim.swift; sourceTree = ""; }; 76342E592B282653007D4F29 /* DesktopLoginWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = DesktopLoginWindowController.swift; sourceTree = ""; }; 763AEFDE2C156E1E0059A83D /* WhitePopoverBackgroundView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = WhitePopoverBackgroundView.swift; sourceTree = ""; }; 763DDF152B4F100D000D48CC /* ShareMounterMenu.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ShareMounterMenu.swift; sourceTree = ""; }; 763DDF192B4F1DD4000D48CC /* GSS.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = GSS.framework; path = System/Library/Frameworks/GSS.framework; sourceTree = SDKROOT; }; 764297A92D015AB800678928 /* SetupCardWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SetupCardWindowController.swift; sourceTree = ""; }; 764297AA2D015AB800678928 /* SetupCardWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = SetupCardWindowController.xib; sourceTree = ""; }; 764446FC2CF80CD800E6289E /* StateFileHelper.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = StateFileHelper.swift; sourceTree = SOURCE_ROOT; }; 7649056E2B6CADA9008B552F /* xcredsmenuItemWindowBackgroundImage.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = xcredsmenuItemWindowBackgroundImage.png; sourceTree = ""; }; 764D8124284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = VerifyLocalPasswordWindowController.swift; sourceTree = ""; }; 764D8125284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = VerifyLocalPasswordWindowController.xib; sourceTree = ""; }; 764D8128284BCAB100B3EE54 /* Window+Shake.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "Window+Shake.swift"; sourceTree = ""; }; 764D812A284BCC7400B3EE54 /* VerifyOIDCPasswordWindowController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = VerifyOIDCPasswordWindowController.swift; sourceTree = ""; }; 764D812B284BCC7400B3EE54 /* VerifyOIDCPassword.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; path = VerifyOIDCPassword.xib; sourceTree = ""; }; 764D812E284C06AB00B3EE54 /* defaults.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = defaults.plist; sourceTree = ""; }; 764D8132284D14A500B3EE54 /* Credits.txt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = Credits.txt; sourceTree = ""; }; 7651EDEC2A1451590075980B /* LocalUsersViewController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = LocalUsersViewController.xib; sourceTree = ""; }; 7651EDF62A1474330075980B /* LoginWebViewController.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; path = LoginWebViewController.xib; sourceTree = ""; }; 765348762E97363900FECD7C /* FileVaultLoginHelper */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = FileVaultLoginHelper; sourceTree = BUILT_PRODUCTS_DIR; }; 7657DEAE2B3503BF003A23DB /* SessionManager.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = SessionManager.swift; sourceTree = ""; }; 7657DEB22B350476003A23DB /* NoMADSession.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = NoMADSession.swift; sourceTree = ""; }; 7657DEB52B3504A6003A23DB /* UserRecord.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = UserRecord.swift; sourceTree = ""; }; 7657DEBB2B35055F003A23DB /* Logger.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = Logger.swift; sourceTree = ""; }; 7657DEBE2B3505A3003A23DB /* DNSResolver.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = DNSResolver.m; sourceTree = ""; }; 7657DEBF2B3505A3003A23DB /* DNSResolver.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DNSResolver.h; sourceTree = ""; }; 7657DEC22B3505CB003A23DB /* ADLDAPPing.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ADLDAPPing.swift; sourceTree = ""; }; 7657DEC52B3505EB003A23DB /* Extensions.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = Extensions.swift; sourceTree = ""; }; 7657DEC82B350606003A23DB /* KlistUtil.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = KlistUtil.swift; sourceTree = ""; }; 7657DECB2B35061E003A23DB /* SiteManager.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = SiteManager.swift; sourceTree = ""; }; 7657DED22B350644003A23DB /* GSSItem.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = GSSItem.h; sourceTree = ""; }; 7657DED32B35064E003A23DB /* krb5.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = krb5.h; sourceTree = ""; }; 7657DED52B351A67003A23DB /* KerbUtil.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = KerbUtil.h; sourceTree = ""; }; 7657DED82B351B5B003A23DB /* UNIXUtilities.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = UNIXUtilities.swift; sourceTree = ""; }; 766184B72DCE5DB5009D5A8C /* colorline.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = colorline.png; sourceTree = ""; }; 76634F362D05FFA3000A63E8 /* LogOnly.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = LogOnly.swift; sourceTree = ""; }; 766355BD2870CA6A002E3867 /* XCredsLoginPlugin.bundle */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = XCredsLoginPlugin.bundle; sourceTree = BUILT_PRODUCTS_DIR; }; 766355C12870CB6F002E3867 /* XCredsLoginPlugin.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = XCredsLoginPlugin.h; path = XCredsLoginPlugIn/XCredsLoginPlugin.h; sourceTree = SOURCE_ROOT; }; 766355C22870CB6F002E3867 /* XCredsLoginPlugin.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; name = XCredsLoginPlugin.m; path = XCredsLoginPlugIn/XCredsLoginPlugin.m; sourceTree = SOURCE_ROOT; }; 766355C42870CCC3002E3867 /* XCredsLoginPlugin-Bridging-Header.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "XCredsLoginPlugin-Bridging-Header.h"; sourceTree = ""; }; 766355DA287132E9002E3867 /* LoginWebViewController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; name = LoginWebViewController.swift; path = XCredsLoginPlugIn/LoginWindow/LoginWebViewController.swift; sourceTree = SOURCE_ROOT; }; 766355E128713C47002E3867 /* LoginWindow.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = LoginWindow.swift; sourceTree = ""; }; 766355E4287148C1002E3867 /* Tokens.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = Tokens.swift; path = Shared/Tokens.swift; sourceTree = SOURCE_ROOT; }; 76673CD429D3D5F500452848 /* LicenseChecker.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = LicenseChecker.swift; sourceTree = ""; }; 766C602C2D3F409D0033E274 /* XCredsAudit.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = XCredsAudit.swift; path = ../Shared/XCredsAudit.swift; sourceTree = ""; }; 766CC42129D3A320009BC526 /* Paddle.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Paddle.framework; path = Carthage/Build/Mac/Paddle.framework; sourceTree = ""; }; 766CC42229D3A321009BC526 /* ProductLicense.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = ProductLicense.framework; path = Carthage/Build/Mac/ProductLicense.framework; sourceTree = ""; }; 766CC43729D3AED2009BC526 /* errorpage.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = errorpage.html; sourceTree = ""; }; 766D66612E961F8F009CE2BF /* CCIDCardReader.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CCIDCardReader.swift; sourceTree = ""; }; 766D66622E961F8F009CE2BF /* LoggerHelper.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = LoggerHelper.swift; sourceTree = ""; }; 766D66632E961F8F009CE2BF /* NetworkManager.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = NetworkManager.swift; sourceTree = ""; }; 766D66642E961F8F009CE2BF /* NSAlert+showAlert.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "NSAlert+showAlert.swift"; sourceTree = ""; }; 766D66652E961F8F009CE2BF /* NSBundle+FindBundlePath.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "NSBundle+FindBundlePath.swift"; sourceTree = ""; }; 766D66662E961F8F009CE2BF /* NSButton+Color.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "NSButton+Color.swift"; sourceTree = ""; }; 766D66672E961F8F009CE2BF /* NSData+HexString.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "NSData+HexString.h"; sourceTree = ""; }; 766D66682E961F8F009CE2BF /* NSData+HexString.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = "NSData+HexString.m"; sourceTree = ""; }; 766D66692E961F8F009CE2BF /* NSData+SHA1.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "NSData+SHA1.h"; sourceTree = ""; }; 766D666A2E961F8F009CE2BF /* NSData+SHA1.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = "NSData+SHA1.m"; sourceTree = ""; }; 766D666B2E961F8F009CE2BF /* NSFileManager+TCSRealHomeFolder.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "NSFileManager+TCSRealHomeFolder.h"; sourceTree = ""; }; 766D666C2E961F8F009CE2BF /* NSFileManager+TCSRealHomeFolder.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = "NSFileManager+TCSRealHomeFolder.m"; sourceTree = ""; }; 766D666D2E961F8F009CE2BF /* NSImage+String.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "NSImage+String.swift"; sourceTree = ""; }; 766D666F2E961F8F009CE2BF /* String+Base64URLEncoded.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "String+Base64URLEncoded.swift"; sourceTree = ""; }; 766D66702E961F8F009CE2BF /* TCSKeychain.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = TCSKeychain.h; sourceTree = ""; }; 766D66712E961F8F009CE2BF /* TCSKeychain.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = TCSKeychain.m; sourceTree = ""; }; 766D66722E961F8F009CE2BF /* TCSUnifiedLogger.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = TCSUnifiedLogger.h; sourceTree = ""; }; 766D66732E961F8F009CE2BF /* TCSUnifiedLogger.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = TCSUnifiedLogger.m; sourceTree = ""; }; 766D66742E961F8F009CE2BF /* TCTaskHelper.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = TCTaskHelper.h; sourceTree = ""; }; 766D66752E961F8F009CE2BF /* TCTaskHelper.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = TCTaskHelper.m; sourceTree = ""; }; 766D66762E961F8F009CE2BF /* TCTaskWrapperWithBlocks.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = TCTaskWrapperWithBlocks.h; sourceTree = ""; }; 766D66772E961F8F009CE2BF /* TCTaskWrapperWithBlocks.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = TCTaskWrapperWithBlocks.m; sourceTree = ""; }; 766D66862E96209F009CE2BF /* NetworkMonitor.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = NetworkMonitor.swift; sourceTree = ""; }; 766D66AF2E962231009CE2BF /* NSError+EasyError.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "NSError+EasyError.h"; sourceTree = ""; }; 766D66B02E962231009CE2BF /* NSError+EasyError.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = "NSError+EasyError.m"; sourceTree = ""; }; 766D67772E96249A009CE2BF /* UsernamePassword.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = UsernamePassword.swift; sourceTree = ""; }; 766F1E552D495BBF00AA5637 /* com.twocanoes.xcreds.json */ = {isa = PBXFileReference; lastKnownFileType = text.json; name = com.twocanoes.xcreds.json; path = "../Profile Manifest/jamf/com.twocanoes.xcreds.json"; sourceTree = ""; }; 766F4C4A2883AFD90021F548 /* pleaseWaitGraphic.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = pleaseWaitGraphic.png; sourceTree = ""; }; 766FD60C2A1B06AC00C8F244 /* DefaultsOverride.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = DefaultsOverride.swift; sourceTree = ""; }; 767116A6284AABC500CCD6FF /* NotifyManager.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = NotifyManager.swift; sourceTree = ""; }; 767116A8284AAE2B00CCD6FF /* ScheduleManager.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ScheduleManager.swift; sourceTree = ""; }; 767116AB284AB4C000CCD6FF /* PasswordUtils.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = PasswordUtils.swift; sourceTree = ""; }; 767116AD284AB59400CCD6FF /* SecurityPrivateAPI.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecurityPrivateAPI.h; sourceTree = ""; }; 767116AE284AB5D900CCD6FF /* XCreds-Bridging-Header.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "XCreds-Bridging-Header.h"; sourceTree = ""; }; 767116B0284B021500CCD6FF /* MainController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MainController.swift; sourceTree = ""; }; 767116B2284B045800CCD6FF /* KeychainUtil.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = KeychainUtil.swift; sourceTree = ""; }; 7675444428918CD100613840 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist; name = Info.plist; path = XCredsLoginPlugin/Info.plist; sourceTree = ""; }; 7677908328908E40004E7085 /* WifiWindowController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = WifiWindowController.swift; sourceTree = ""; }; 7677908528908E40004E7085 /* WifiWindowController.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; path = WifiWindowController.xib; sourceTree = ""; }; 767832732C234A6200E31295 /* tap-Bridging-Header.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "tap-Bridging-Header.h"; sourceTree = ""; }; 76786F4E2A27C31400AA8DB9 /* AuthRightsHelper.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = AuthRightsHelper.swift; path = Shared/AuthRightsHelper.swift; sourceTree = SOURCE_ROOT; }; 76786F532A27C36A00AA8DB9 /* auth_mech_fixup */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = auth_mech_fixup; sourceTree = BUILT_PRODUCTS_DIR; }; 76786F552A27C36A00AA8DB9 /* main.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = main.swift; sourceTree = ""; }; 76786F6A2A27C72900AA8DB9 /* auth_mech_fixup-Bridging-Header.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = "auth_mech_fixup-Bridging-Header.h"; path = "auth_mech_fixup/auth_mech_fixup-Bridging-Header.h"; sourceTree = SOURCE_ROOT; }; 767916F02E994E2200D99062 /* HelperToolManager.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = HelperToolManager.swift; sourceTree = ""; }; 767917062E994FE100D99062 /* FileVaultLogin.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = FileVaultLogin.swift; sourceTree = ""; }; 767B939B2A28279E0038935E /* View+Shake.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "View+Shake.swift"; sourceTree = ""; }; 767CB2CC2B13B8EB006CA2AC /* libinfo.tbd */ = {isa = PBXFileReference; lastKnownFileType = "sourcecode.text-based-dylib-definition"; name = libinfo.tbd; path = usr/lib/libinfo.tbd; sourceTree = SDKROOT; }; 767CB2CE2B13B913006CA2AC /* libsystem_info.tbd */ = {isa = PBXFileReference; lastKnownFileType = "sourcecode.text-based-dylib-definition"; name = libsystem_info.tbd; path = usr/lib/system/libsystem_info.tbd; sourceTree = SDKROOT; }; 767CB2CF2B13B92B006CA2AC /* OpenDirectory.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = OpenDirectory.framework; path = System/Library/Frameworks/OpenDirectory.framework; sourceTree = SDKROOT; }; 7681FEC42A4C8B9000F91CD1 /* AboutWindowController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = AboutWindowController.swift; sourceTree = ""; }; 7681FEC62A4C8BC800F91CD1 /* AboutWindow.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; path = AboutWindow.xib; sourceTree = ""; }; 7681FEC82A4CFEA200F91CD1 /* com.twocanoes.xcreds.plist */ = {isa = PBXFileReference; explicitFileType = text.plist.info; fileEncoding = 4; name = com.twocanoes.xcreds.plist; path = "Profile Manifest/com.twocanoes.xcreds.plist"; sourceTree = ""; }; 76833EF12D95D4B500375CA4 /* icon_64x64.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = icon_64x64.png; sourceTree = ""; }; 76873E2E2A107736001418A9 /* DefaultsHelper.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = DefaultsHelper.swift; sourceTree = ""; }; 76A247532C22747400859E0A /* xcredstap.appex */ = {isa = PBXFileReference; explicitFileType = "wrapper.app-extension"; includeInIndex = 0; path = xcredstap.appex; sourceTree = BUILT_PRODUCTS_DIR; }; 76A247542C22747400859E0A /* CryptoTokenKit.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CryptoTokenKit.framework; path = System/Library/Frameworks/CryptoTokenKit.framework; sourceTree = SDKROOT; }; 76A247572C22747400859E0A /* Token.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Token.swift; sourceTree = ""; }; 76A247592C22747400859E0A /* TokenDriver.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = TokenDriver.swift; sourceTree = ""; }; 76A2475B2C22747400859E0A /* TokenSession.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = TokenSession.swift; sourceTree = ""; }; 76A2475D2C22747400859E0A /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; 76A2475E2C22747400859E0A /* tap.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = tap.entitlements; sourceTree = ""; }; 76A35FD12EAC0DC400099940 /* FDESetupHelper.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = FDESetupHelper.swift; sourceTree = ""; }; 76B040A328EFC788002A289B /* Helper+JWTDecode.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "Helper+JWTDecode.swift"; sourceTree = ""; }; 76BE1DA02ED526AC001A4BE8 /* GoogleLDAP.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = GoogleLDAP.swift; sourceTree = ""; }; 76BEF7DB2871F5F00013E2A1 /* TCSReturnWindow.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = TCSReturnWindow.m; sourceTree = ""; }; 76BEF7DC2871F5F00013E2A1 /* TCSReturnWindow.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TCSReturnWindow.h; sourceTree = ""; }; 76BEF7E02871F74D0013E2A1 /* ControlsViewController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ControlsViewController.swift; sourceTree = ""; }; 76BEF7E2287202080013E2A1 /* RestartX.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = RestartX.png; sourceTree = ""; }; 76BEF7E3287202080013E2A1 /* RestartX@2x.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = "RestartX@2x.png"; sourceTree = ""; }; 76BEF7E6287202AF0013E2A1 /* ShutdownX.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = ShutdownX.png; sourceTree = ""; }; 76BEF7E7287202AF0013E2A1 /* ShutdownX@2x.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = "ShutdownX@2x.png"; sourceTree = ""; }; 76BEF7EA28724A0B0013E2A1 /* XCredsLoginMechanism.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = XCredsLoginMechanism.swift; sourceTree = ""; }; 76BEF7EB28724A0B0013E2A1 /* XCredsBaseMechanism.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = XCredsBaseMechanism.swift; sourceTree = ""; }; 76BEF7F228724F120013E2A1 /* XCredsPowerControlMechanism.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = XCredsPowerControlMechanism.swift; sourceTree = ""; }; 76BEF7F72872504C0013E2A1 /* ContextAndHintHandling.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ContextAndHintHandling.swift; sourceTree = ""; }; 76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = AuthorizationDBManager.swift; path = XCredsLoginPlugIn/LoginWindow/AuthorizationDBManager.swift; sourceTree = SOURCE_ROOT; }; 76BEF7FE2872A3030013E2A1 /* loginwindow@2x.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = "loginwindow@2x.png"; sourceTree = ""; }; 76BEF7FF2872A3030013E2A1 /* loginwindow.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = loginwindow.png; sourceTree = ""; }; 76C084092A9A2635008039FA /* ControlsViewController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = ControlsViewController.xib; sourceTree = ""; }; 76C4ACBE2B3D0F8D003B3605 /* ShareMounter.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ShareMounter.swift; sourceTree = ""; }; 76C4BAB22B353AD7007B2C57 /* libresolv.tbd */ = {isa = PBXFileReference; lastKnownFileType = "sourcecode.text-based-dylib-definition"; name = libresolv.tbd; path = usr/lib/libresolv.tbd; sourceTree = SDKROOT; }; 76C4BAB52B353AF7007B2C57 /* Kerberos.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Kerberos.framework; path = System/Library/Frameworks/Kerberos.framework; sourceTree = SDKROOT; }; 76C4BABA2B353B4B007B2C57 /* KerbUtil.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = KerbUtil.m; sourceTree = ""; }; 76C63A312A22872700810C53 /* History.md */ = {isa = PBXFileReference; lastKnownFileType = net.daringfireball.markdown; path = History.md; sourceTree = ""; }; 76C661D62D3974910005F2CD /* PinPromptWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = PinPromptWindowController.swift; sourceTree = ""; }; 76C661D72D3974910005F2CD /* PinPromptWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = PinPromptWindowController.xib; sourceTree = ""; }; 76C840862D03BFF400E41802 /* PinSetWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = PinSetWindowController.swift; sourceTree = ""; }; 76C840872D03BFF400E41802 /* PinSetWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = PinSetWindowController.xib; sourceTree = ""; }; 76CB9076287FBEEA00C70D0C /* Helper+URLDecode.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "Helper+URLDecode.swift"; sourceTree = ""; }; 76CB907C288112AF00C70D0C /* xcreds_login.sh */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; path = xcreds_login.sh; sourceTree = ""; }; 76CCF5422B12E478003F85E9 /* SelectLocalAccountWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SelectLocalAccountWindowController.swift; sourceTree = ""; }; 76CCF5432B12E478003F85E9 /* SelectLocalAccountWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = SelectLocalAccountWindowController.xib; sourceTree = ""; }; 76D1757D2B24096C00E64A62 /* MainLoginWindow.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MainLoginWindow.swift; sourceTree = ""; }; 76DB5CF32A09AE9A0014F8E1 /* get_pw.js */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.javascript; name = get_pw.js; path = Javascript/get_pw/get_pw.js; sourceTree = ""; }; 76DC0A6528836EB1007C42B2 /* XCreds Login Overlay.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = "XCreds Login Overlay.app"; sourceTree = BUILT_PRODUCTS_DIR; }; 76DC0A6728836EB1007C42B2 /* AppDelegate.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppDelegate.swift; sourceTree = ""; }; 76DC0A6928836EB2007C42B2 /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Assets.xcassets; sourceTree = ""; }; 76DC0A6C28836EB2007C42B2 /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = Base; path = Base.lproj/MainMenu.xib; sourceTree = ""; }; 76DC0A6E28836EB2007C42B2 /* XCreds_Login_Overlay.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = XCreds_Login_Overlay.entitlements; sourceTree = ""; }; 76DC0A7628837028007C42B2 /* returnArrow.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = returnArrow.png; sourceTree = ""; }; 76DC0A78288370BA007C42B2 /* com.twocanoes.xcreds-overlay.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = "com.twocanoes.xcreds-overlay.plist"; sourceTree = ""; }; 76DC0A7D288376BC007C42B2 /* TCSXCredsLoginOverlayWindow.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = TCSXCredsLoginOverlayWindow.swift; sourceTree = ""; }; 76DC0A7F2883785A007C42B2 /* XCreds-Login-Overlay-Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist; path = "XCreds-Login-Overlay-Info.plist"; sourceTree = SOURCE_ROOT; }; 76DD6D122859978F00A700ED /* OIDCLite */ = {isa = PBXFileReference; lastKnownFileType = wrapper; name = OIDCLite; path = ../OIDCLite; sourceTree = ""; }; 76E466642B1A4C16006529B6 /* UpdatePasswordWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = UpdatePasswordWindowController.swift; sourceTree = ""; }; 76E466652B1A4C16006529B6 /* UpdatePasswordWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = UpdatePasswordWindowController.xib; sourceTree = ""; }; 76E74DCE2B3902F0004C6429 /* XCredsMechanismProtocol.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = XCredsMechanismProtocol.swift; sourceTree = ""; }; 76E9CE6E2A0DC6E30060220C /* TCSLoginWindowUtilities.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = TCSLoginWindowUtilities.h; sourceTree = ""; }; 76E9CE6F2A0DC6E30060220C /* TCSLoginWindowUtilities.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = TCSLoginWindowUtilities.m; sourceTree = ""; }; 76EAAFD62CEFE22000A5FEE3 /* XCredsUserSetup.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = XCredsUserSetup.swift; sourceTree = ""; }; 76EAAFD82CEFED3800A5FEE3 /* SecretKeeper.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SecretKeeper.swift; sourceTree = ""; }; 76EAAFD92CEFED3800A5FEE3 /* UserSecretManager.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = UserSecretManager.swift; sourceTree = ""; }; 76EE069A27FD1D00009E0F3A /* XCreds.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = XCreds.app; sourceTree = BUILT_PRODUCTS_DIR; }; 76EE069D27FD1D00009E0F3A /* AppDelegate.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppDelegate.swift; sourceTree = ""; }; 76EE069F27FD1D01009E0F3A /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Assets.xcassets; sourceTree = ""; }; 76EE06A227FD1D01009E0F3A /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = Base; path = Base.lproj/MainMenu.xib; sourceTree = ""; }; 76EE06A427FD1D01009E0F3A /* xCreds.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = xCreds.entitlements; sourceTree = ""; }; 76EE06AA27FD1D66009E0F3A /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist; path = Info.plist; sourceTree = ""; }; 76EE06AB27FD1D92009E0F3A /* TokenManager.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = TokenManager.swift; sourceTree = ""; }; 76EE06AD27FD1DC3009E0F3A /* PrefKeys.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = PrefKeys.swift; sourceTree = ""; }; 76EE06AF27FD1DD8009E0F3A /* Window+ForceToFront.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "Window+ForceToFront.swift"; sourceTree = ""; }; 76EE06B127FD1E24009E0F3A /* DesktopLoginWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = DesktopLoginWindowController.xib; sourceTree = ""; }; 76EE06B327FD1E5F009E0F3A /* WebViewController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = WebViewController.swift; sourceTree = ""; }; 76EE06B527FD1E79009E0F3A /* PreferencesWindow.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = PreferencesWindow.xib; sourceTree = ""; }; 76EE06B727FD1EB7009E0F3A /* PreferencesWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = PreferencesWindowController.swift; sourceTree = ""; }; 76EE06C127FD1F50009E0F3A /* StatusMenuController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = StatusMenuController.swift; sourceTree = ""; }; 76F0D8532EBBECFF001DAC01 /* TCSTKSmartCard.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = TCSTKSmartCard.h; sourceTree = ""; }; 76F0D8542EBBECFF001DAC01 /* TCSTKSmartCard.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = TCSTKSmartCard.m; sourceTree = ""; }; 76FDC5D42B22D47A0035D61E /* MainLoginWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = MainLoginWindowController.swift; path = XCreds/MainLoginWindowController.swift; sourceTree = SOURCE_ROOT; }; 76FDC5D52B22D47A0035D61E /* MainLoginWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = MainLoginWindowController.xib; path = XCredsLoginPlugIn/LoginWindow/MainLoginWindowController.xib; sourceTree = SOURCE_ROOT; }; 76FDC5D82B235A4F0035D61E /* StatusMenuWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = StatusMenuWindowController.swift; sourceTree = SOURCE_ROOT; }; 76FDC5D92B235A4F0035D61E /* StatusMenuWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = StatusMenuWindowController.xib; sourceTree = SOURCE_ROOT; }; /* End PBXFileReference section */ /* Begin PBXFileSystemSynchronizedRootGroup section */ 765348662E97361F00FECD7C /* FileVaultLogin */ = {isa = PBXFileSystemSynchronizedRootGroup; explicitFileTypes = {}; explicitFolders = (); path = FileVaultLogin; sourceTree = ""; }; 765348772E97363900FECD7C /* FilevaultLoginHelper */ = {isa = PBXFileSystemSynchronizedRootGroup; explicitFileTypes = {}; explicitFolders = (); path = FilevaultLoginHelper; sourceTree = ""; }; /* End PBXFileSystemSynchronizedRootGroup section */ /* Begin PBXFrameworksBuildPhase section */ 760291DD2C116E450075FBD8 /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( ); runOnlyForDeploymentPostprocessing = 0; }; 760291F12C116EDB0075FBD8 /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( 760291F52C116EDB0075FBD8 /* AuthenticationServices.framework in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; }; 7631935A287D22C700D36BF7 /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( 76AB89E32A12FB4900529D90 /* ArgumentParser in Frameworks */, 76AB89E12A12FAF900529D90 /* OIDCLite in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; }; 765348732E97363900FECD7C /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( ); runOnlyForDeploymentPostprocessing = 0; }; 766355BA2870CA6A002E3867 /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( 76EB23E42CC8A3CB003F82CB /* ProductLicense.framework in Frameworks */, 76C4BAB62B353AF7007B2C57 /* Kerberos.framework in Frameworks */, 76C4BAB42B353ADD007B2C57 /* libresolv.tbd in Frameworks */, 766355CE2870E9D3002E3867 /* OIDCLite in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; }; 76786F502A27C36A00AA8DB9 /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( ); runOnlyForDeploymentPostprocessing = 0; }; 76A247502C22747400859E0A /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( 76A247552C22747400859E0A /* CryptoTokenKit.framework in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; }; 76DC0A6228836EB1007C42B2 /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( 76EB23E22CC8A232003F82CB /* ProductLicense.framework in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; }; 76EE069727FD1D00009E0F3A /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( 76477E042C626B5D00F01D56 /* OIDCLite in Frameworks */, 76C4BAB72B353AFD007B2C57 /* Kerberos.framework in Frameworks */, 762177E62B7144460051B756 /* OIDCLite in Frameworks */, 76C4BAB32B353AD7007B2C57 /* libresolv.tbd in Frameworks */, 763DDF1A2B4F1DD4000D48CC /* GSS.framework in Frameworks */, 76EB23E02CC898D7003F82CB /* ProductLicense.framework in Frameworks */, 767CB2D02B13B92B006CA2AC /* OpenDirectory.framework in Frameworks */, 76319369287D24F600D36BF7 /* ArgumentParser in Frameworks */, 76319366287D24E100D36BF7 /* ArgumentParser in Frameworks */, 76DD6D17285997F300A700ED /* OIDCLite in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; }; /* End PBXFrameworksBuildPhase section */ /* Begin PBXGroup section */ 760291E12C116E450075FBD8 /* XCreds AutoFill */ = { isa = PBXGroup; children = ( 760291E22C116E450075FBD8 /* AppDelegate.swift */, 760291E42C116E450075FBD8 /* ViewController.swift */, 760291E82C116E470075FBD8 /* Main.storyboard */, 760291EB2C116E470075FBD8 /* XCreds_AutoFill.entitlements */, ); path = "XCreds AutoFill"; sourceTree = ""; }; 760291F62C116EDB0075FBD8 /* XCreds AutoFill Extension */ = { isa = PBXGroup; children = ( 760291F72C116EDB0075FBD8 /* CredentialProviderViewController.swift */, 760291F92C116EDB0075FBD8 /* CredentialProviderViewController.xib */, 760291FC2C116EDB0075FBD8 /* Info.plist */, 760291FD2C116EDB0075FBD8 /* XCreds_AutoFill_Extension.entitlements */, ); path = "XCreds AutoFill Extension"; sourceTree = ""; }; 760418CC2A1331710051411B /* NomadLogin */ = { isa = PBXGroup; children = ( 760418DA2A13328C0051411B /* LocalCheckAndMigrate.swift */, 760418D82A1332770051411B /* SystemInfoHelper.swift */, 760418D62A1332660051411B /* DSQueryable.swift */, 760418D42A1332520051411B /* DS+AD.swift */, ); path = NomadLogin; sourceTree = ""; }; 7631935E287D22C700D36BF7 /* authrights */ = { isa = PBXGroup; children = ( 76786F4E2A27C31400AA8DB9 /* AuthRightsHelper.swift */, 7631935F287D22C700D36BF7 /* authrights.swift */, ); path = authrights; sourceTree = ""; }; 7657DEDC2B351BF9003A23DB /* headers */ = { isa = PBXGroup; children = ( 7657DEBF2B3505A3003A23DB /* DNSResolver.h */, 7657DED32B35064E003A23DB /* krb5.h */, 7657DED22B350644003A23DB /* GSSItem.h */, ); path = headers; sourceTree = ""; }; 766355C72870D1B5002E3867 /* XCredsLogin */ = { isa = PBXGroup; children = ( 764297A92D015AB800678928 /* SetupCardWindowController.swift */, 764297AA2D015AB800678928 /* SetupCardWindowController.xib */, 7613FDF6289E114F00340CCD /* loadpage.html */, 766CC43729D3AED2009BC526 /* errorpage.html */, 7677908328908E40004E7085 /* WifiWindowController.swift */, 7677908528908E40004E7085 /* WifiWindowController.xib */, 7632E3A02873497C00E37923 /* LogShim.swift */, 76BEF7F72872504C0013E2A1 /* ContextAndHintHandling.swift */, 766355C12870CB6F002E3867 /* XCredsLoginPlugin.h */, 764446FC2CF80CD800E6289E /* StateFileHelper.swift */, 766355C22870CB6F002E3867 /* XCredsLoginPlugin.m */, 76BEF7F028724E520013E2A1 /* LoginWindow */, 76BEF7EF28724E280013E2A1 /* Mechanisms */, 76C840862D03BFF400E41802 /* PinSetWindowController.swift */, 76C840872D03BFF400E41802 /* PinSetWindowController.xib */, 76C661D62D3974910005F2CD /* PinPromptWindowController.swift */, 76C661D72D3974910005F2CD /* PinPromptWindowController.xib */, ); name = XCredsLogin; path = XCredsLoginPlugIn; sourceTree = ""; }; 766D66782E961F8F009CE2BF /* tools */ = { isa = PBXGroup; children = ( 76A35FD12EAC0DC400099940 /* FDESetupHelper.swift */, 7657DED82B351B5B003A23DB /* UNIXUtilities.swift */, 766D67772E96249A009CE2BF /* UsernamePassword.swift */, 76EAAFD92CEFED3800A5FEE3 /* UserSecretManager.swift */, 76EAAFD82CEFED3800A5FEE3 /* SecretKeeper.swift */, 76CB9076287FBEEA00C70D0C /* Helper+URLDecode.swift */, 7632909B2876673500CF8857 /* DataExtension.swift */, 76B040A328EFC788002A289B /* Helper+JWTDecode.swift */, 766D66AF2E962231009CE2BF /* NSError+EasyError.h */, 766D66B02E962231009CE2BF /* NSError+EasyError.m */, 766D66612E961F8F009CE2BF /* CCIDCardReader.swift */, 766D66862E96209F009CE2BF /* NetworkMonitor.swift */, 766D66622E961F8F009CE2BF /* LoggerHelper.swift */, 766D66632E961F8F009CE2BF /* NetworkManager.swift */, 766D66642E961F8F009CE2BF /* NSAlert+showAlert.swift */, 766D66652E961F8F009CE2BF /* NSBundle+FindBundlePath.swift */, 766D66662E961F8F009CE2BF /* NSButton+Color.swift */, 766D66672E961F8F009CE2BF /* NSData+HexString.h */, 766D66682E961F8F009CE2BF /* NSData+HexString.m */, 766D66692E961F8F009CE2BF /* NSData+SHA1.h */, 766D666A2E961F8F009CE2BF /* NSData+SHA1.m */, 766D666B2E961F8F009CE2BF /* NSFileManager+TCSRealHomeFolder.h */, 766D666C2E961F8F009CE2BF /* NSFileManager+TCSRealHomeFolder.m */, 766D666D2E961F8F009CE2BF /* NSImage+String.swift */, 766D666F2E961F8F009CE2BF /* String+Base64URLEncoded.swift */, 766D66702E961F8F009CE2BF /* TCSKeychain.h */, 766D66712E961F8F009CE2BF /* TCSKeychain.m */, 766D66722E961F8F009CE2BF /* TCSUnifiedLogger.h */, 766D66732E961F8F009CE2BF /* TCSUnifiedLogger.m */, 766D66742E961F8F009CE2BF /* TCTaskHelper.h */, 766D66752E961F8F009CE2BF /* TCTaskHelper.m */, 766D66762E961F8F009CE2BF /* TCTaskWrapperWithBlocks.h */, 766D66772E961F8F009CE2BF /* TCTaskWrapperWithBlocks.m */, ); name = tools; path = tcsopensourcetools/TCSOpenSourceTools/tools; sourceTree = ""; }; 76786F542A27C36A00AA8DB9 /* auth_mech_fixup */ = { isa = PBXGroup; children = ( 76786F6A2A27C72900AA8DB9 /* auth_mech_fixup-Bridging-Header.h */, 76786F552A27C36A00AA8DB9 /* main.swift */, ); path = auth_mech_fixup; sourceTree = ""; }; 76A247562C22747400859E0A /* tap */ = { isa = PBXGroup; children = ( 76A247572C22747400859E0A /* Token.swift */, 76A247592C22747400859E0A /* TokenDriver.swift */, 76A2475B2C22747400859E0A /* TokenSession.swift */, 76A2475D2C22747400859E0A /* Info.plist */, 76A2475E2C22747400859E0A /* tap.entitlements */, ); path = tap; sourceTree = ""; }; 76BEF7EF28724E280013E2A1 /* Mechanisms */ = { isa = PBXGroup; children = ( 76634F362D05FFA3000A63E8 /* LogOnly.swift */, 76EAAFD62CEFE22000A5FEE3 /* XCredsUserSetup.swift */, 761B486B28A3575000C6A02B /* XCredsLoginDone.swift */, 7611CEC1288B96760063A644 /* XCredsEnableFDE.swift */, 7611CEBF288B75140063A644 /* XCredsCreateUser.swift */, 7632E39E287347C100E37923 /* XCredsKeychainAdd.swift */, 76BEF7F228724F120013E2A1 /* XCredsPowerControlMechanism.swift */, 76BEF7EA28724A0B0013E2A1 /* XCredsLoginMechanism.swift */, 76BEF7EB28724A0B0013E2A1 /* XCredsBaseMechanism.swift */, ); path = Mechanisms; sourceTree = ""; }; 76BEF7F028724E520013E2A1 /* LoginWindow */ = { isa = PBXGroup; children = ( 766355DA287132E9002E3867 /* LoginWebViewController.swift */, 760418CF2A1332210051411B /* SignInWindowController.swift */, 761B486728A34CC900C6A02B /* LoginProgressWindowController.xib */, 76FDC5D52B22D47A0035D61E /* MainLoginWindowController.xib */, 76CB907C288112AF00C70D0C /* xcreds_login.sh */, 76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */, 76BEF7DC2871F5F00013E2A1 /* TCSReturnWindow.h */, 76BEF7DB2871F5F00013E2A1 /* TCSReturnWindow.m */, 76C084092A9A2635008039FA /* ControlsViewController.xib */, 763AEFDE2C156E1E0059A83D /* WhitePopoverBackgroundView.swift */, 76BEF7E02871F74D0013E2A1 /* ControlsViewController.swift */, 766355E128713C47002E3867 /* LoginWindow.swift */, 7651EDEC2A1451590075980B /* LocalUsersViewController.xib */, 76D1757D2B24096C00E64A62 /* MainLoginWindow.swift */, 76BEF7F128724EB60013E2A1 /* images */, ); path = LoginWindow; sourceTree = ""; }; 76BEF7F128724EB60013E2A1 /* images */ = { isa = PBXGroup; children = ( 7649056E2B6CADA9008B552F /* xcredsmenuItemWindowBackgroundImage.png */, 76BEF7FF2872A3030013E2A1 /* loginwindow.png */, 76BEF7FE2872A3030013E2A1 /* loginwindow@2x.png */, 76BEF7E6287202AF0013E2A1 /* ShutdownX.png */, 76BEF7E7287202AF0013E2A1 /* ShutdownX@2x.png */, 76BEF7E2287202080013E2A1 /* RestartX.png */, 76BEF7E3287202080013E2A1 /* RestartX@2x.png */, ); path = images; sourceTree = ""; }; 76C4BAB92B353B3F007B2C57 /* NoMAD */ = { isa = PBXGroup; children = ( 763DDF152B4F100D000D48CC /* ShareMounterMenu.swift */, 76C4ACBE2B3D0F8D003B3605 /* ShareMounter.swift */, 7657DEAE2B3503BF003A23DB /* SessionManager.swift */, 7657DED52B351A67003A23DB /* KerbUtil.h */, 76C4BABA2B353B4B007B2C57 /* KerbUtil.m */, 7657DEDC2B351BF9003A23DB /* headers */, 7657DECB2B35061E003A23DB /* SiteManager.swift */, 7657DEC82B350606003A23DB /* KlistUtil.swift */, 7657DEC52B3505EB003A23DB /* Extensions.swift */, 7657DEC22B3505CB003A23DB /* ADLDAPPing.swift */, 7657DEBE2B3505A3003A23DB /* DNSResolver.m */, 7657DEBB2B35055F003A23DB /* Logger.swift */, 7657DEB52B3504A6003A23DB /* UserRecord.swift */, 7657DEB22B350476003A23DB /* NoMADSession.swift */, 76BE1DA02ED526AC001A4BE8 /* GoogleLDAP.swift */, ); name = NoMAD; sourceTree = ""; }; 76DC0A6628836EB1007C42B2 /* XCreds Login Overlay */ = { isa = PBXGroup; children = ( 766F4C4A2883AFD90021F548 /* pleaseWaitGraphic.png */, 76DC0A7F2883785A007C42B2 /* XCreds-Login-Overlay-Info.plist */, 76DC0A7D288376BC007C42B2 /* TCSXCredsLoginOverlayWindow.swift */, 76DC0A78288370BA007C42B2 /* com.twocanoes.xcreds-overlay.plist */, 76DC0A7628837028007C42B2 /* returnArrow.png */, 76DC0A6728836EB1007C42B2 /* AppDelegate.swift */, 76DC0A6928836EB2007C42B2 /* Assets.xcassets */, 76DC0A6B28836EB2007C42B2 /* MainMenu.xib */, 76DC0A6E28836EB2007C42B2 /* XCreds_Login_Overlay.entitlements */, ); path = "XCreds Login Overlay"; sourceTree = ""; }; 76DD6D112859978F00A700ED /* Packages */ = { isa = PBXGroup; children = ( 76DD6D122859978F00A700ED /* OIDCLite */, ); name = Packages; sourceTree = ""; }; 76DD6D15285997F300A700ED /* Frameworks */ = { isa = PBXGroup; children = ( 763DDF192B4F1DD4000D48CC /* GSS.framework */, 76C4BAB52B353AF7007B2C57 /* Kerberos.framework */, 76C4BAB22B353AD7007B2C57 /* libresolv.tbd */, 767CB2CF2B13B92B006CA2AC /* OpenDirectory.framework */, 767CB2CE2B13B913006CA2AC /* libsystem_info.tbd */, 767CB2CC2B13B8EB006CA2AC /* libinfo.tbd */, 766CC42129D3A320009BC526 /* Paddle.framework */, 766CC42229D3A321009BC526 /* ProductLicense.framework */, 760291CB2C1166870075FBD8 /* AuthenticationServices.framework */, 76A247542C22747400859E0A /* CryptoTokenKit.framework */, ); name = Frameworks; sourceTree = ""; }; 76EE069127FD1D00009E0F3A = { isa = PBXGroup; children = ( 76F0D8532EBBECFF001DAC01 /* TCSTKSmartCard.h */, 76F0D8542EBBECFF001DAC01 /* TCSTKSmartCard.m */, 76189C6F2E99FF8800BEF023 /* com.twocanoes.FileVaultLoginHelper.plist */, 766D66782E961F8F009CE2BF /* tools */, 760769C02D9120C1006A1F4E /* com.twocanoes.xcreds-launchagent.plist */, 76C4BAB92B353B3F007B2C57 /* NoMAD */, 7681FEC82A4CFEA200F91CD1 /* com.twocanoes.xcreds.plist */, 76C63A312A22872700810C53 /* History.md */, 760418CC2A1331710051411B /* NomadLogin */, 760291E12C116E450075FBD8 /* XCreds AutoFill */, 76DB5CF32A09AE9A0014F8E1 /* get_pw.js */, 7614D03B2B181A5D006EAF36 /* icon_128x128.png */, 76833EF12D95D4B500375CA4 /* icon_64x64.png */, 766FD60C2A1B06AC00C8F244 /* DefaultsOverride.swift */, 7675444428918CD100613840 /* Info.plist */, 760291F62C116EDB0075FBD8 /* XCreds AutoFill Extension */, 76A247562C22747400859E0A /* tap */, 765348662E97361F00FECD7C /* FileVaultLogin */, 765348772E97363900FECD7C /* FilevaultLoginHelper */, 76DD6D15285997F300A700ED /* Frameworks */, 76DD6D112859978F00A700ED /* Packages */, 766355C72870D1B5002E3867 /* XCredsLogin */, 76EE069C27FD1D00009E0F3A /* XCreds */, 7631935E287D22C700D36BF7 /* authrights */, 76DC0A6628836EB1007C42B2 /* XCreds Login Overlay */, 76786F542A27C36A00AA8DB9 /* auth_mech_fixup */, 76EE069B27FD1D00009E0F3A /* Products */, ); sourceTree = ""; }; 76EE069B27FD1D00009E0F3A /* Products */ = { isa = PBXGroup; children = ( 76EE069A27FD1D00009E0F3A /* XCreds.app */, 766355BD2870CA6A002E3867 /* XCredsLoginPlugin.bundle */, 7631935D287D22C700D36BF7 /* authrights */, 76DC0A6528836EB1007C42B2 /* XCreds Login Overlay.app */, 76786F532A27C36A00AA8DB9 /* auth_mech_fixup */, 760291E02C116E450075FBD8 /* XCreds Login Autofill.app */, 760291F42C116EDB0075FBD8 /* XCreds Login Password.appex */, 76A247532C22747400859E0A /* xcredstap.appex */, 765348762E97363900FECD7C /* FileVaultLoginHelper */, ); name = Products; sourceTree = ""; }; 76EE069C27FD1D00009E0F3A /* XCreds */ = { isa = PBXGroup; children = ( 767916F02E994E2200D99062 /* HelperToolManager.swift */, 767917062E994FE100D99062 /* FileVaultLogin.swift */, 76E9CE6E2A0DC6E30060220C /* TCSLoginWindowUtilities.h */, 76E9CE6F2A0DC6E30060220C /* TCSLoginWindowUtilities.m */, 766C602C2D3F409D0033E274 /* XCredsAudit.swift */, 766F1E552D495BBF00AA5637 /* com.twocanoes.xcreds.json */, 766184B72DCE5DB5009D5A8C /* colorline.png */, 76673CD429D3D5F500452848 /* LicenseChecker.swift */, 76FDC5D42B22D47A0035D61E /* MainLoginWindowController.swift */, 764D8125284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.xib */, 76CCF5432B12E478003F85E9 /* SelectLocalAccountWindowController.xib */, 76CCF5422B12E478003F85E9 /* SelectLocalAccountWindowController.swift */, 76FDC5D92B235A4F0035D61E /* StatusMenuWindowController.xib */, 76E466652B1A4C16006529B6 /* UpdatePasswordWindowController.xib */, 7651EDF62A1474330075980B /* LoginWebViewController.xib */, 764D812B284BCC7400B3EE54 /* VerifyOIDCPassword.xib */, 76FDC5D82B235A4F0035D61E /* StatusMenuWindowController.swift */, 764D812A284BCC7400B3EE54 /* VerifyOIDCPasswordWindowController.swift */, 764D8124284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.swift */, 764D8132284D14A500B3EE54 /* Credits.txt */, 76E466642B1A4C16006529B6 /* UpdatePasswordWindowController.swift */, 767116B2284B045800CCD6FF /* KeychainUtil.swift */, 767116AD284AB59400CCD6FF /* SecurityPrivateAPI.h */, 76EE06AB27FD1D92009E0F3A /* TokenManager.swift */, 76E74DCE2B3902F0004C6429 /* XCredsMechanismProtocol.swift */, 76EE06AD27FD1DC3009E0F3A /* PrefKeys.swift */, 764D8128284BCAB100B3EE54 /* Window+Shake.swift */, 767B939B2A28279E0038935E /* View+Shake.swift */, 76EE06B127FD1E24009E0F3A /* DesktopLoginWindowController.xib */, 76342E592B282653007D4F29 /* DesktopLoginWindowController.swift */, 76EE06B327FD1E5F009E0F3A /* WebViewController.swift */, 766355E4287148C1002E3867 /* Tokens.swift */, 7681FEC62A4C8BC800F91CD1 /* AboutWindow.xib */, 767116AB284AB4C000CCD6FF /* PasswordUtils.swift */, 76EE06B527FD1E79009E0F3A /* PreferencesWindow.xib */, 764D812E284C06AB00B3EE54 /* defaults.plist */, 767832732C234A6200E31295 /* tap-Bridging-Header.h */, 767116AE284AB5D900CCD6FF /* XCreds-Bridging-Header.h */, 76EE06B727FD1EB7009E0F3A /* PreferencesWindowController.swift */, 7681FEC42A4C8B9000F91CD1 /* AboutWindowController.swift */, 76EE06AF27FD1DD8009E0F3A /* Window+ForceToFront.swift */, 767116A8284AAE2B00CCD6FF /* ScheduleManager.swift */, 76EE06C127FD1F50009E0F3A /* StatusMenuController.swift */, 76EE06AA27FD1D66009E0F3A /* Info.plist */, 76EE069D27FD1D00009E0F3A /* AppDelegate.swift */, 767116B0284B021500CCD6FF /* MainController.swift */, 767116A6284AABC500CCD6FF /* NotifyManager.swift */, 76EE069F27FD1D01009E0F3A /* Assets.xcassets */, 76EE06A127FD1D01009E0F3A /* MainMenu.xib */, 76EE06A427FD1D01009E0F3A /* xCreds.entitlements */, 766355C42870CCC3002E3867 /* XCredsLoginPlugin-Bridging-Header.h */, 76873E2E2A107736001418A9 /* DefaultsHelper.swift */, ); path = XCreds; sourceTree = ""; }; /* End PBXGroup section */ /* Begin PBXNativeTarget section */ 760291DF2C116E450075FBD8 /* XCreds Login Autofill */ = { isa = PBXNativeTarget; buildConfigurationList = 760291EC2C116E470075FBD8 /* Build configuration list for PBXNativeTarget "XCreds Login Autofill" */; buildPhases = ( 760291DC2C116E450075FBD8 /* Sources */, 760291DD2C116E450075FBD8 /* Frameworks */, 760291DE2C116E450075FBD8 /* Resources */, 760292042C116EDB0075FBD8 /* Embed Foundation Extensions */, ); buildRules = ( ); dependencies = ( 760291FF2C116EDB0075FBD8 /* PBXTargetDependency */, ); name = "XCreds Login Autofill"; productName = "XCreds AutoFill"; productReference = 760291E02C116E450075FBD8 /* XCreds Login Autofill.app */; productType = "com.apple.product-type.application"; }; 760291F32C116EDB0075FBD8 /* XCreds Login Password */ = { isa = PBXNativeTarget; buildConfigurationList = 760292012C116EDB0075FBD8 /* Build configuration list for PBXNativeTarget "XCreds Login Password" */; buildPhases = ( 760291F02C116EDB0075FBD8 /* Sources */, 760291F12C116EDB0075FBD8 /* Frameworks */, 760291F22C116EDB0075FBD8 /* Resources */, ); buildRules = ( ); dependencies = ( ); name = "XCreds Login Password"; productName = "XCreds AutoFill Extension"; productReference = 760291F42C116EDB0075FBD8 /* XCreds Login Password.appex */; productType = "com.apple.product-type.app-extension"; }; 7631935C287D22C700D36BF7 /* authrights */ = { isa = PBXNativeTarget; buildConfigurationList = 76319363287D22C700D36BF7 /* Build configuration list for PBXNativeTarget "authrights" */; buildPhases = ( 76319359287D22C700D36BF7 /* Sources */, 7631935A287D22C700D36BF7 /* Frameworks */, 7631935B287D22C700D36BF7 /* CopyFiles */, ); buildRules = ( ); dependencies = ( ); name = authrights; packageProductDependencies = ( 76AB89E02A12FAF900529D90 /* OIDCLite */, 76AB89E22A12FB4900529D90 /* ArgumentParser */, ); productName = authrights; productReference = 7631935D287D22C700D36BF7 /* authrights */; productType = "com.apple.product-type.tool"; }; 765348752E97363900FECD7C /* FileVaultLoginHelper */ = { isa = PBXNativeTarget; buildConfigurationList = 7653487A2E97363900FECD7C /* Build configuration list for PBXNativeTarget "FileVaultLoginHelper" */; buildPhases = ( 765348722E97363900FECD7C /* Sources */, 765348732E97363900FECD7C /* Frameworks */, 765348742E97363900FECD7C /* CopyFiles */, ); buildRules = ( ); dependencies = ( ); fileSystemSynchronizedGroups = ( 765348772E97363900FECD7C /* FilevaultLoginHelper */, ); name = FileVaultLoginHelper; packageProductDependencies = ( ); productName = FilevaultLoginHelper; productReference = 765348762E97363900FECD7C /* FileVaultLoginHelper */; productType = "com.apple.product-type.tool"; }; 766355BC2870CA6A002E3867 /* XCredsLoginPlugin */ = { isa = PBXNativeTarget; buildConfigurationList = 766355C02870CA6A002E3867 /* Build configuration list for PBXNativeTarget "XCredsLoginPlugin" */; buildPhases = ( 766355B92870CA6A002E3867 /* Sources */, 766355BA2870CA6A002E3867 /* Frameworks */, 766355BB2870CA6A002E3867 /* Resources */, 766CC43129D3A3EC009BC526 /* Embed Frameworks */, ); buildRules = ( ); dependencies = ( ); name = XCredsLoginPlugin; packageProductDependencies = ( 766355CD2870E9D3002E3867 /* OIDCLite */, ); productName = XCredsLoginPlugin; productReference = 766355BD2870CA6A002E3867 /* XCredsLoginPlugin.bundle */; productType = "com.apple.product-type.bundle"; }; 76786F522A27C36A00AA8DB9 /* auth_mech_fixup */ = { isa = PBXNativeTarget; buildConfigurationList = 76786F572A27C36A00AA8DB9 /* Build configuration list for PBXNativeTarget "auth_mech_fixup" */; buildPhases = ( 76786F4F2A27C36A00AA8DB9 /* Sources */, 76786F502A27C36A00AA8DB9 /* Frameworks */, 76786F512A27C36A00AA8DB9 /* CopyFiles */, ); buildRules = ( ); dependencies = ( ); name = auth_mech_fixup; productName = auth_mech_fixup; productReference = 76786F532A27C36A00AA8DB9 /* auth_mech_fixup */; productType = "com.apple.product-type.tool"; }; 76A247522C22747400859E0A /* xcredstap */ = { isa = PBXNativeTarget; buildConfigurationList = 76A247652C22747400859E0A /* Build configuration list for PBXNativeTarget "xcredstap" */; buildPhases = ( 76A2474F2C22747400859E0A /* Sources */, 76A247502C22747400859E0A /* Frameworks */, 76A247512C22747400859E0A /* Resources */, ); buildRules = ( ); dependencies = ( ); name = xcredstap; productName = tapgo; productReference = 76A247532C22747400859E0A /* xcredstap.appex */; productType = "com.apple.product-type.app-extension"; }; 76DC0A6428836EB1007C42B2 /* XCreds Login Overlay */ = { isa = PBXNativeTarget; buildConfigurationList = 76DC0A6F28836EB2007C42B2 /* Build configuration list for PBXNativeTarget "XCreds Login Overlay" */; buildPhases = ( 76DC0A6128836EB1007C42B2 /* Sources */, 76DC0A6228836EB1007C42B2 /* Frameworks */, 76DC0A6328836EB1007C42B2 /* Resources */, 766CC43629D3A3F8009BC526 /* Embed Frameworks */, ); buildRules = ( ); dependencies = ( ); name = "XCreds Login Overlay"; productName = "XCreds Login Overlay"; productReference = 76DC0A6528836EB1007C42B2 /* XCreds Login Overlay.app */; productType = "com.apple.product-type.application"; }; 76EE069927FD1D00009E0F3A /* XCreds */ = { isa = PBXNativeTarget; buildConfigurationList = 76EE06A727FD1D01009E0F3A /* Build configuration list for PBXNativeTarget "XCreds" */; buildPhases = ( 76EE069627FD1D00009E0F3A /* Sources */, 76EE069727FD1D00009E0F3A /* Frameworks */, 76EE069827FD1D00009E0F3A /* Resources */, 766CC42C29D3A3DC009BC526 /* Embed Frameworks */, 76A247622C22747400859E0A /* Embed Foundation Extensions */, 767916FD2E994E8C00D99062 /* Embed Helper Tools */, 767916FF2E994EC300D99062 /* Copy LaunchDaemons Property Lists */, ); buildRules = ( ); dependencies = ( 767917032E994F0300D99062 /* PBXTargetDependency */, 760292062C116EEE0075FBD8 /* PBXTargetDependency */, 76DC0A7B28837152007C42B2 /* PBXTargetDependency */, 76319376287E19A500D36BF7 /* PBXTargetDependency */, 76319379287E204500D36BF7 /* PBXTargetDependency */, 76A247602C22747400859E0A /* PBXTargetDependency */, ); name = XCreds; packageProductDependencies = ( 76DD6D16285997F300A700ED /* OIDCLite */, 76319365287D24E100D36BF7 /* ArgumentParser */, 76319368287D24F600D36BF7 /* ArgumentParser */, 762177E52B7144460051B756 /* OIDCLite */, 76477E032C626B5D00F01D56 /* OIDCLite */, ); productName = xCreds; productReference = 76EE069A27FD1D00009E0F3A /* XCreds.app */; productType = "com.apple.product-type.application"; }; /* End PBXNativeTarget section */ /* Begin PBXProject section */ 76EE069227FD1D00009E0F3A /* Project object */ = { isa = PBXProject; attributes = { BuildIndependentTargetsInParallel = 1; LastSwiftUpdateCheck = 1640; LastUpgradeCheck = 1330; TargetAttributes = { 760291DF2C116E450075FBD8 = { CreatedOnToolsVersion = 15.4; }; 760291F32C116EDB0075FBD8 = { CreatedOnToolsVersion = 15.4; }; 7631935C287D22C700D36BF7 = { CreatedOnToolsVersion = 13.4.1; }; 765348752E97363900FECD7C = { CreatedOnToolsVersion = 16.4; }; 766355BC2870CA6A002E3867 = { CreatedOnToolsVersion = 13.4.1; LastSwiftMigration = 1340; }; 76786F522A27C36A00AA8DB9 = { CreatedOnToolsVersion = 14.3; }; 76A247522C22747400859E0A = { CreatedOnToolsVersion = 15.4; }; 76DC0A6428836EB1007C42B2 = { CreatedOnToolsVersion = 13.4.1; }; 76EE069927FD1D00009E0F3A = { CreatedOnToolsVersion = 13.3; }; }; }; buildConfigurationList = 76EE069527FD1D00009E0F3A /* Build configuration list for PBXProject "XCreds" */; compatibilityVersion = "Xcode 13.0"; developmentRegion = en; hasScannedForEncodings = 0; knownRegions = ( en, Base, ); mainGroup = 76EE069127FD1D00009E0F3A; packageReferences = ( 76319364287D24E100D36BF7 /* XCRemoteSwiftPackageReference "swift-argument-parser" */, 76477E022C626B5D00F01D56 /* XCRemoteSwiftPackageReference "OIDCLite" */, ); productRefGroup = 76EE069B27FD1D00009E0F3A /* Products */; projectDirPath = ""; projectRoot = ""; targets = ( 76EE069927FD1D00009E0F3A /* XCreds */, 766355BC2870CA6A002E3867 /* XCredsLoginPlugin */, 7631935C287D22C700D36BF7 /* authrights */, 76DC0A6428836EB1007C42B2 /* XCreds Login Overlay */, 76786F522A27C36A00AA8DB9 /* auth_mech_fixup */, 760291DF2C116E450075FBD8 /* XCreds Login Autofill */, 760291F32C116EDB0075FBD8 /* XCreds Login Password */, 76A247522C22747400859E0A /* xcredstap */, 765348752E97363900FECD7C /* FileVaultLoginHelper */, ); }; /* End PBXProject section */ /* Begin PBXResourcesBuildPhase section */ 760291DE2C116E450075FBD8 /* Resources */ = { isa = PBXResourcesBuildPhase; buildActionMask = 2147483647; files = ( 76B83A662C75711E00709C17 /* Assets.xcassets in Resources */, 760291EA2C116E470075FBD8 /* Base in Resources */, ); runOnlyForDeploymentPostprocessing = 0; }; 760291F22C116EDB0075FBD8 /* Resources */ = { isa = PBXResourcesBuildPhase; buildActionMask = 2147483647; files = ( 760291FB2C116EDB0075FBD8 /* Base in Resources */, ); runOnlyForDeploymentPostprocessing = 0; }; 766355BB2870CA6A002E3867 /* Resources */ = { isa = PBXResourcesBuildPhase; buildActionMask = 2147483647; files = ( 76BEF8002872A3030013E2A1 /* loginwindow@2x.png in Resources */, 764297AE2D015AB800678928 /* SetupCardWindowController.xib in Resources */, 766355D928711C51002E3867 /* defaults.plist in Resources */, 7613FDF7289E114F00340CCD /* loadpage.html in Resources */, 76CCF5452B12E478003F85E9 /* SelectLocalAccountWindowController.xib in Resources */, 7651EDED2A1451590075980B /* LocalUsersViewController.xib in Resources */, 766184B92DCE5DB5009D5A8C /* colorline.png in Resources */, 766CC43829D3AED2009BC526 /* errorpage.html in Resources */, 76833EF22D95D4B500375CA4 /* icon_64x64.png in Resources */, 7614D03C2B181A5D006EAF36 /* icon_128x128.png in Resources */, 76BEF7E4287202090013E2A1 /* RestartX.png in Resources */, 76D925D32894ADB4005C3245 /* Assets.xcassets in Resources */, 76BEF8012872A3030013E2A1 /* loginwindow.png in Resources */, 766355D12870EBAD002E3867 /* VerifyOIDCPassword.xib in Resources */, 76EECCFC2873E6E200483C66 /* VerifyLocalPasswordWindowController.xib in Resources */, 76BEF7E8287202AF0013E2A1 /* ShutdownX.png in Resources */, 76C840882D03BFF400E41802 /* PinSetWindowController.xib in Resources */, 76C661D82D3974910005F2CD /* PinPromptWindowController.xib in Resources */, 76FDC5D72B22D47A0035D61E /* MainLoginWindowController.xib in Resources */, 76E466672B1A4C16006529B6 /* UpdatePasswordWindowController.xib in Resources */, 76C0840B2A9A311E008039FA /* ControlsViewController.xib in Resources */, 76BEF7E5287202090013E2A1 /* RestartX@2x.png in Resources */, 7651EDF72A1474330075980B /* LoginWebViewController.xib in Resources */, 7677908828908E40004E7085 /* WifiWindowController.xib in Resources */, 76DB5CF52A09AE9A0014F8E1 /* get_pw.js in Resources */, 76BEF7E9287202AF0013E2A1 /* ShutdownX@2x.png in Resources */, ); runOnlyForDeploymentPostprocessing = 0; }; 76A247512C22747400859E0A /* Resources */ = { isa = PBXResourcesBuildPhase; buildActionMask = 2147483647; files = ( ); runOnlyForDeploymentPostprocessing = 0; }; 76DC0A6328836EB1007C42B2 /* Resources */ = { isa = PBXResourcesBuildPhase; buildActionMask = 2147483647; files = ( 76DC0A83288382D2007C42B2 /* returnArrow.png in Resources */, 76DC0A6A28836EB2007C42B2 /* Assets.xcassets in Resources */, 76DC0A6D28836EB2007C42B2 /* MainMenu.xib in Resources */, 76DC0A79288370BA007C42B2 /* com.twocanoes.xcreds-overlay.plist in Resources */, 76DC0A7428836F45007C42B2 /* RestartX@2x.png in Resources */, 766F4C4B2883AFD90021F548 /* pleaseWaitGraphic.png in Resources */, ); runOnlyForDeploymentPostprocessing = 0; }; 76EE069827FD1D00009E0F3A /* Resources */ = { isa = PBXResourcesBuildPhase; buildActionMask = 2147483647; files = ( 766F1E562D495BBF00AA5637 /* com.twocanoes.xcreds.json in Resources */, 766184B82DCE5DB5009D5A8C /* colorline.png in Resources */, 760769C12D9120C1006A1F4E /* com.twocanoes.xcreds-launchagent.plist in Resources */, 760291EF2C116E5F0075FBD8 /* XCreds Login Autofill.app in Resources */, 76DC0A7C28837158007C42B2 /* XCreds Login Overlay.app in Resources */, 76DB5CF42A09AE9A0014F8E1 /* get_pw.js in Resources */, 762761602B294A7C0067D1D4 /* icon_128x128.png in Resources */, 76CB907E288112C200C70D0C /* xcreds_login.sh in Resources */, 76319377287E1FAF00D36BF7 /* authrights in Resources */, 76319374287E198C00D36BF7 /* XCredsLoginPlugin.bundle in Resources */, 76D175742B23C57500E64A62 /* LocalUsersViewController.xib in Resources */, 76EE06B627FD1E79009E0F3A /* PreferencesWindow.xib in Resources */, 76EE06A027FD1D01009E0F3A /* Assets.xcassets in Resources */, 76C8408A2D03BFF400E41802 /* PinSetWindowController.xib in Resources */, 764D812F284C06AB00B3EE54 /* defaults.plist in Resources */, 764297AB2D015AB800678928 /* SetupCardWindowController.xib in Resources */, 763C039A2D965607000C061F /* icon_64x64.png in Resources */, 764D8133284D14A500B3EE54 /* Credits.txt in Resources */, 7681FEC72A4C8BC800F91CD1 /* AboutWindow.xib in Resources */, 76673CD229D3CFF900452848 /* errorpage.html in Resources */, 764D812D284BCC7400B3EE54 /* VerifyOIDCPassword.xib in Resources */, 76FDC5DB2B235A4F0035D61E /* StatusMenuWindowController.xib in Resources */, 76C63A322A22872700810C53 /* History.md in Resources */, 764D8127284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.xib in Resources */, 76DF7FD52B50FA9A00B3B543 /* UpdatePasswordWindowController.xib in Resources */, 7649056F2B6CADA9008B552F /* xcredsmenuItemWindowBackgroundImage.png in Resources */, 76EE06A327FD1D01009E0F3A /* MainMenu.xib in Resources */, 76D1756A2B23C28700E64A62 /* MainLoginWindowController.xib in Resources */, 76EE06B227FD1E24009E0F3A /* DesktopLoginWindowController.xib in Resources */, 7681FEC92A4CFEA200F91CD1 /* com.twocanoes.xcreds.plist in Resources */, 76F0B6E02B421FC8008F7D71 /* loadpage.html in Resources */, ); runOnlyForDeploymentPostprocessing = 0; }; /* End PBXResourcesBuildPhase section */ /* Begin PBXSourcesBuildPhase section */ 760291DC2C116E450075FBD8 /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 760292132C11763B0075FBD8 /* PrefKeys.swift in Sources */, 766D66A72E962186009CE2BF /* TCSUnifiedLogger.m in Sources */, 760292142C1176450075FBD8 /* LogShim.swift in Sources */, 7602921C2C117B400075FBD8 /* PasswordUtils.swift in Sources */, 760291E52C116E450075FBD8 /* ViewController.swift in Sources */, 766D66962E962120009CE2BF /* NSFileManager+TCSRealHomeFolder.m in Sources */, 7602921D2C117B490075FBD8 /* DSQueryable.swift in Sources */, 760291E32C116E450075FBD8 /* AppDelegate.swift in Sources */, 760292112C1176010075FBD8 /* UNIXUtilities.swift in Sources */, 766D66802E961FDB009CE2BF /* LoggerHelper.swift in Sources */, 760292172C1176BE0075FBD8 /* DataExtension.swift in Sources */, 7602920E2C1175D20075FBD8 /* DefaultsOverride.swift in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; 760291F02C116EDB0075FBD8 /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 760291F82C116EDB0075FBD8 /* CredentialProviderViewController.swift in Sources */, 766D66A82E962186009CE2BF /* TCSUnifiedLogger.m in Sources */, 7602920B2C1175620075FBD8 /* PrefKeys.swift in Sources */, 7602921B2C117B3F0075FBD8 /* PasswordUtils.swift in Sources */, 760292072C11751E0075FBD8 /* KeychainUtil.swift in Sources */, 760292152C1176450075FBD8 /* LogShim.swift in Sources */, 766D66972E962120009CE2BF /* NSFileManager+TCSRealHomeFolder.m in Sources */, 7602921E2C117B490075FBD8 /* DSQueryable.swift in Sources */, 7602920D2C1175D20075FBD8 /* DefaultsOverride.swift in Sources */, 766D66812E961FDB009CE2BF /* LoggerHelper.swift in Sources */, 766D66AC2E962198009CE2BF /* TCTaskHelper.m in Sources */, 760292182C1176BF0075FBD8 /* DataExtension.swift in Sources */, 760292122C1176010075FBD8 /* UNIXUtilities.swift in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; 76319359287D22C700D36BF7 /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 76319360287D22C700D36BF7 /* authrights.swift in Sources */, 7631936C287D29B700D36BF7 /* AuthorizationDBManager.swift in Sources */, 766D66932E962120009CE2BF /* NSFileManager+TCSRealHomeFolder.m in Sources */, 766D66A42E962186009CE2BF /* TCSUnifiedLogger.m in Sources */, 766D667D2E961FDB009CE2BF /* LoggerHelper.swift in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; 765348722E97363900FECD7C /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 765348872E973B0800FECD7C /* LoggerHelper.swift in Sources */, 765348882E973B0F00FECD7C /* TCSUnifiedLogger.m in Sources */, 760D8D5A2EC5757B00252828 /* UserSecretManager.swift in Sources */, 760D8D5C2EC5760E00252828 /* UsernamePassword.swift in Sources */, 760D8D5B2EC575A100252828 /* SecretKeeper.swift in Sources */, 760D8D5D2EC5769B00252828 /* DataExtension.swift in Sources */, 760D8D5E2EC576B300252828 /* UNIXUtilities.swift in Sources */, 760B6B732EE890FE000C7E9B /* FDESetupHelper.swift in Sources */, 765348962E973C7200FECD7C /* NSFileManager+TCSRealHomeFolder.m in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; 766355B92870CA6A002E3867 /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 7632E3A32873581100E37923 /* KeychainUtil.swift in Sources */, 76CCF5442B12E478003F85E9 /* SelectLocalAccountWindowController.swift in Sources */, 766D669A2E962133009CE2BF /* NSImage+String.swift in Sources */, 54848E8F2B47336D000DF420 /* KerbUtil.m in Sources */, 766D66922E962120009CE2BF /* NSFileManager+TCSRealHomeFolder.m in Sources */, 76BEF7DD2871F5F00013E2A1 /* TCSReturnWindow.m in Sources */, 76EECCFB2873DFFB00483C66 /* PasswordUtils.swift in Sources */, 76DF50B62A1C5EFF007BC708 /* DefaultsOverride.swift in Sources */, 766D66B12E962231009CE2BF /* NSError+EasyError.m in Sources */, 76F0D8562EBBEF2B001DAC01 /* TCSTKSmartCard.m in Sources */, 7657DEB02B3503BF003A23DB /* SessionManager.swift in Sources */, 766D669F2E962157009CE2BF /* String+Base64URLEncoded.swift in Sources */, 766D668E2E9620F5009CE2BF /* NSData+SHA1.m in Sources */, 7657DEB72B3504A6003A23DB /* UserRecord.swift in Sources */, 7632E3A12873497C00E37923 /* LogShim.swift in Sources */, 760418D52A1332520051411B /* DS+AD.swift in Sources */, 76FDC5D62B22D47A0035D61E /* MainLoginWindowController.swift in Sources */, 76C4BAB12B353A3A007B2C57 /* DNSResolver.m in Sources */, 766D66A12E96216E009CE2BF /* TCSKeychain.m in Sources */, 766D66AE2E9621EC009CE2BF /* TCTaskWrapperWithBlocks.m in Sources */, 76BEF7ED28724A0C0013E2A1 /* XCredsBaseMechanism.swift in Sources */, 766355CF2870E9E7002E3867 /* PrefKeys.swift in Sources */, 7657DEB42B350476003A23DB /* NoMADSession.swift in Sources */, 7657DEC42B3505CB003A23DB /* ADLDAPPing.swift in Sources */, 766D66852E96203C009CE2BF /* NetworkManager.swift in Sources */, 760418D72A1332660051411B /* DSQueryable.swift in Sources */, 76DF1D5B2A2AD42C00770690 /* LocalCheckAndMigrate.swift in Sources */, 761B486C28A3575000C6A02B /* XCredsLoginDone.swift in Sources */, 76C661D92D3974910005F2CD /* PinPromptWindowController.swift in Sources */, 766D66AB2E962198009CE2BF /* TCTaskHelper.m in Sources */, 7657DEC72B3505EB003A23DB /* Extensions.swift in Sources */, 764297AD2D015AB800678928 /* SetupCardWindowController.swift in Sources */, 76BEF7F328724F120013E2A1 /* XCredsPowerControlMechanism.swift in Sources */, 76873E302A107736001418A9 /* DefaultsHelper.swift in Sources */, 76B040A528EFC788002A289B /* Helper+JWTDecode.swift in Sources */, 766D67782E96249A009CE2BF /* UsernamePassword.swift in Sources */, 7632909D2876674100CF8857 /* DataExtension.swift in Sources */, 766C602E2D3F409D0033E274 /* XCredsAudit.swift in Sources */, 7677908628908E40004E7085 /* WifiWindowController.swift in Sources */, 76E466662B1A4C16006529B6 /* UpdatePasswordWindowController.swift in Sources */, 766D66902E9620FA009CE2BF /* NSData+HexString.m in Sources */, 76EECCFD2873E9ED00483C66 /* VerifyLocalPasswordWindowController.swift in Sources */, 76EAAFD72CEFE22100A5FEE3 /* XCredsUserSetup.swift in Sources */, 76BEF7EC28724A0B0013E2A1 /* XCredsLoginMechanism.swift in Sources */, 76C4BAB02B353A30007B2C57 /* KlistUtil.swift in Sources */, 764446FD2CF80CD800E6289E /* StateFileHelper.swift in Sources */, 76CB9078287FBEEA00C70D0C /* Helper+URLDecode.swift in Sources */, 766355E328713C4A002E3867 /* LoginWindow.swift in Sources */, 76BEF7F82872504C0013E2A1 /* ContextAndHintHandling.swift in Sources */, 766355E6287148C1002E3867 /* Tokens.swift in Sources */, 766D668C2E9620D9009CE2BF /* NSButton+Color.swift in Sources */, 766D667C2E961FDB009CE2BF /* LoggerHelper.swift in Sources */, 766355CC2870E9AD002E3867 /* WebViewController.swift in Sources */, 76EAAFDA2CEFED3800A5FEE3 /* SecretKeeper.swift in Sources */, 76EAAFDB2CEFED3800A5FEE3 /* UserSecretManager.swift in Sources */, 760418D92A1332770051411B /* SystemInfoHelper.swift in Sources */, 76673CD629D3D5F500452848 /* LicenseChecker.swift in Sources */, 767B939D2A28289E0038935E /* View+Shake.swift in Sources */, 760418D22A1332210051411B /* SignInWindowController.swift in Sources */, 7611CEC0288B75140063A644 /* XCredsCreateUser.swift in Sources */, 764859F22B2FA2E800507C16 /* Window+ForceToFront.swift in Sources */, 76BE1DA22ED526AC001A4BE8 /* GoogleLDAP.swift in Sources */, 766355C32870CB6F002E3867 /* XCredsLoginPlugin.m in Sources */, 7632E39F287347C100E37923 /* XCredsKeychainAdd.swift in Sources */, 76D1757E2B24096C00E64A62 /* MainLoginWindow.swift in Sources */, 766D668A2E9620C6009CE2BF /* NSBundle+FindBundlePath.swift in Sources */, 76BEF7FA28726C700013E2A1 /* AuthorizationDBManager.swift in Sources */, 766D66882E9620AC009CE2BF /* NetworkMonitor.swift in Sources */, 76BEF7E12871F74D0013E2A1 /* ControlsViewController.swift in Sources */, 76C840892D03BFF400E41802 /* PinSetWindowController.swift in Sources */, 7611CEC2288B96760063A644 /* XCredsEnableFDE.swift in Sources */, 766D667A2E961FA9009CE2BF /* CCIDCardReader.swift in Sources */, 7657DEBD2B35055F003A23DB /* Logger.swift in Sources */, 76EECCFE2873EA6500483C66 /* Window+Shake.swift in Sources */, 7632E3A2287357CC00E37923 /* TokenManager.swift in Sources */, 764447142CF825C500E6289E /* AuthRightsHelper.swift in Sources */, 7657DECD2B35061E003A23DB /* SiteManager.swift in Sources */, 76E74DD02B3902F0004C6429 /* XCredsMechanismProtocol.swift in Sources */, 766355DB287132E9002E3867 /* LoginWebViewController.swift in Sources */, 7657DEDA2B351B5B003A23DB /* UNIXUtilities.swift in Sources */, 76634F372D05FFA3000A63E8 /* LogOnly.swift in Sources */, 76A35FD32EAC0DC400099940 /* FDESetupHelper.swift in Sources */, 763AEFDF2C156E1E0059A83D /* WhitePopoverBackgroundView.swift in Sources */, 766D66A32E962186009CE2BF /* TCSUnifiedLogger.m in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; 76786F4F2A27C36A00AA8DB9 /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 76786F5A2A27C37100AA8DB9 /* AuthRightsHelper.swift in Sources */, 766D66A62E962186009CE2BF /* TCSUnifiedLogger.m in Sources */, 766D667F2E961FDB009CE2BF /* LoggerHelper.swift in Sources */, 76786F5B2A27C38800AA8DB9 /* AuthorizationDBManager.swift in Sources */, 76786F562A27C36A00AA8DB9 /* main.swift in Sources */, 766D66952E962120009CE2BF /* NSFileManager+TCSRealHomeFolder.m in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; 76A2474F2C22747400859E0A /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 76A2475C2C22747400859E0A /* TokenSession.swift in Sources */, 766D66A92E962186009CE2BF /* TCSUnifiedLogger.m in Sources */, 766D66822E961FDB009CE2BF /* LoggerHelper.swift in Sources */, 76A247582C22747400859E0A /* Token.swift in Sources */, 76A2475A2C22747400859E0A /* TokenDriver.swift in Sources */, 766D66982E962120009CE2BF /* NSFileManager+TCSRealHomeFolder.m in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; 76DC0A6128836EB1007C42B2 /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 764447232CF830CB00E6289E /* DefaultsOverride.swift in Sources */, 76A52FDB2CF625EC00591252 /* Logger.swift in Sources */, 76DC0A7328836EFE007C42B2 /* TCSReturnWindow.m in Sources */, 76DC0A8428838375007C42B2 /* AuthorizationDBManager.swift in Sources */, 76DC0A7E288376BC007C42B2 /* TCSXCredsLoginOverlayWindow.swift in Sources */, 766D66A52E962186009CE2BF /* TCSUnifiedLogger.m in Sources */, 767C42842AC6645700542099 /* AuthRightsHelper.swift in Sources */, 764447212CF8307200E6289E /* StateFileHelper.swift in Sources */, 766D667E2E961FDB009CE2BF /* LoggerHelper.swift in Sources */, 764447222CF830A700E6289E /* PrefKeys.swift in Sources */, 76C4BABC2B3544C6007B2C57 /* UNIXUtilities.swift in Sources */, 76DC0A6828836EB1007C42B2 /* AppDelegate.swift in Sources */, 766D66942E962120009CE2BF /* NSFileManager+TCSRealHomeFolder.m in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; 76EE069627FD1D00009E0F3A /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 767917072E994FF200D99062 /* FileVaultLogin.swift in Sources */, 766D66842E96203C009CE2BF /* NetworkManager.swift in Sources */, 76E74DD32B390358004C6429 /* LoginWebViewController.swift in Sources */, 76EECD0228752C1F00483C66 /* LoginWindow.swift in Sources */, 76673CD529D3D5F500452848 /* LicenseChecker.swift in Sources */, 761121B82B3D26F5005F7D02 /* LocalCheckAndMigrate.swift in Sources */, 76E74DD22B39034B004C6429 /* SelectLocalAccountWindowController.swift in Sources */, 767116A7284AABC500CCD6FF /* NotifyManager.swift in Sources */, 76EE06B827FD1EB7009E0F3A /* PreferencesWindowController.swift in Sources */, 76F0D8552EBBECFF001DAC01 /* TCSTKSmartCard.m in Sources */, 76EE06AE27FD1DC3009E0F3A /* PrefKeys.swift in Sources */, 766D66AD2E9621EC009CE2BF /* TCTaskWrapperWithBlocks.m in Sources */, 767116B3284B045800CCD6FF /* KeychainUtil.swift in Sources */, 76CB907B2880E41E00C70D0C /* LogShim.swift in Sources */, 7657DEC92B350606003A23DB /* KlistUtil.swift in Sources */, 766D66892E9620C6009CE2BF /* NSBundle+FindBundlePath.swift in Sources */, 764D812C284BCC7400B3EE54 /* VerifyOIDCPasswordWindowController.swift in Sources */, 7623384D2B53029D00F2D714 /* ShareMounter.swift in Sources */, 766D66872E9620AC009CE2BF /* NetworkMonitor.swift in Sources */, 7657DEB32B350476003A23DB /* NoMADSession.swift in Sources */, 760418E02A133A370051411B /* DSQueryable.swift in Sources */, 764447152CF825D500E6289E /* AuthRightsHelper.swift in Sources */, 766C602D2D3F409D0033E274 /* XCredsAudit.swift in Sources */, 76C661DA2D3974F30005F2CD /* SetupCardWindowController.swift in Sources */, 767917042E994F8D00D99062 /* HelperToolManager.swift in Sources */, 76C8408B2D03BFF400E41802 /* PinSetWindowController.swift in Sources */, 764446FE2CF80CD800E6289E /* StateFileHelper.swift in Sources */, 76319373287E18BF00D36BF7 /* DataExtension.swift in Sources */, 76E74DD12B390327004C6429 /* ContextAndHintHandling.swift in Sources */, 54848E902B47336D000DF420 /* KerbUtil.m in Sources */, 76873E2F2A107736001418A9 /* DefaultsHelper.swift in Sources */, 76D175772B23C62A00E64A62 /* UpdatePasswordWindowController.swift in Sources */, 76FDC5DA2B235A4F0035D61E /* StatusMenuWindowController.swift in Sources */, 766D66A02E96216E009CE2BF /* TCSKeychain.m in Sources */, 766D669E2E962157009CE2BF /* String+Base64URLEncoded.swift in Sources */, 761121B92B3D26FB005F7D02 /* DS+AD.swift in Sources */, 76CB9077287FBEEA00C70D0C /* Helper+URLDecode.swift in Sources */, 764D8129284BCAB100B3EE54 /* Window+Shake.swift in Sources */, 764D8126284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.swift in Sources */, 766D67792E96249A009CE2BF /* UsernamePassword.swift in Sources */, 76EE069E27FD1D00009E0F3A /* AppDelegate.swift in Sources */, 76EAAFDC2CEFED3800A5FEE3 /* SecretKeeper.swift in Sources */, 76EAAFDD2CEFED3800A5FEE3 /* UserSecretManager.swift in Sources */, 7657DEBC2B35055F003A23DB /* Logger.swift in Sources */, 7657DEB62B3504A6003A23DB /* UserRecord.swift in Sources */, 761121B62B3D24FE005F7D02 /* SignInWindowController.swift in Sources */, 761121B72B3D26EE005F7D02 /* SystemInfoHelper.swift in Sources */, 7657DEAF2B3503BF003A23DB /* SessionManager.swift in Sources */, 7681FEC52A4C8B9000F91CD1 /* AboutWindowController.swift in Sources */, 7657DED92B351B5B003A23DB /* UNIXUtilities.swift in Sources */, 76E74DCF2B3902F0004C6429 /* XCredsMechanismProtocol.swift in Sources */, 76EE06C227FD1F50009E0F3A /* StatusMenuController.swift in Sources */, 76EE06B027FD1DD8009E0F3A /* Window+ForceToFront.swift in Sources */, 767116B1284B021500CCD6FF /* MainController.swift in Sources */, 766D668B2E9620D9009CE2BF /* NSButton+Color.swift in Sources */, 7657DECC2B35061E003A23DB /* SiteManager.swift in Sources */, 76B040A428EFC788002A289B /* Helper+JWTDecode.swift in Sources */, 767116A9284AAE2B00CCD6FF /* ScheduleManager.swift in Sources */, 766D66912E962120009CE2BF /* NSFileManager+TCSRealHomeFolder.m in Sources */, 766FD60D2A1B06AC00C8F244 /* DefaultsOverride.swift in Sources */, 767116AC284AB4C000CCD6FF /* PasswordUtils.swift in Sources */, 76BE1DA12ED526AC001A4BE8 /* GoogleLDAP.swift in Sources */, 766D66992E962133009CE2BF /* NSImage+String.swift in Sources */, 76C661DB2D3975010005F2CD /* PinPromptWindowController.swift in Sources */, 766D667B2E961FDB009CE2BF /* LoggerHelper.swift in Sources */, 766D668F2E9620FA009CE2BF /* NSData+HexString.m in Sources */, 766355E5287148C1002E3867 /* Tokens.swift in Sources */, 7657DEC32B3505CB003A23DB /* ADLDAPPing.swift in Sources */, 76EE06AC27FD1D92009E0F3A /* TokenManager.swift in Sources */, 766D668D2E9620F5009CE2BF /* NSData+SHA1.m in Sources */, 7623384C2B53029D00F2D714 /* ShareMounterMenu.swift in Sources */, 766D66B22E962231009CE2BF /* NSError+EasyError.m in Sources */, 7657DEC02B3505A3003A23DB /* DNSResolver.m in Sources */, 76E9CE702A0DC6E30060220C /* TCSLoginWindowUtilities.m in Sources */, 766D66A22E962186009CE2BF /* TCSUnifiedLogger.m in Sources */, 766D66AA2E962198009CE2BF /* TCTaskHelper.m in Sources */, 76342E5A2B282653007D4F29 /* DesktopLoginWindowController.swift in Sources */, 7657DEC62B3505EB003A23DB /* Extensions.swift in Sources */, 766355DC287133C7002E3867 /* WebViewController.swift in Sources */, 76D175712B23C2DB00E64A62 /* AuthorizationDBManager.swift in Sources */, 767B939C2A28279E0038935E /* View+Shake.swift in Sources */, 76A35FD22EAC0DC400099940 /* FDESetupHelper.swift in Sources */, 766D66792E961FA9009CE2BF /* CCIDCardReader.swift in Sources */, 766D66832E962019009CE2BF /* NSAlert+showAlert.swift in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; /* End PBXSourcesBuildPhase section */ /* Begin PBXTargetDependency section */ 760291FF2C116EDB0075FBD8 /* PBXTargetDependency */ = { isa = PBXTargetDependency; target = 760291F32C116EDB0075FBD8 /* XCreds Login Password */; targetProxy = 760291FE2C116EDB0075FBD8 /* PBXContainerItemProxy */; }; 760292062C116EEE0075FBD8 /* PBXTargetDependency */ = { isa = PBXTargetDependency; target = 760291DF2C116E450075FBD8 /* XCreds Login Autofill */; targetProxy = 760292052C116EEE0075FBD8 /* PBXContainerItemProxy */; }; 76319376287E19A500D36BF7 /* PBXTargetDependency */ = { isa = PBXTargetDependency; target = 766355BC2870CA6A002E3867 /* XCredsLoginPlugin */; targetProxy = 76319375287E19A500D36BF7 /* PBXContainerItemProxy */; }; 76319379287E204500D36BF7 /* PBXTargetDependency */ = { isa = PBXTargetDependency; target = 7631935C287D22C700D36BF7 /* authrights */; targetProxy = 76319378287E204500D36BF7 /* PBXContainerItemProxy */; }; 767917032E994F0300D99062 /* PBXTargetDependency */ = { isa = PBXTargetDependency; target = 765348752E97363900FECD7C /* FileVaultLoginHelper */; targetProxy = 767917022E994F0300D99062 /* PBXContainerItemProxy */; }; 76A247602C22747400859E0A /* PBXTargetDependency */ = { isa = PBXTargetDependency; target = 76A247522C22747400859E0A /* xcredstap */; targetProxy = 76A2475F2C22747400859E0A /* PBXContainerItemProxy */; }; 76DC0A7B28837152007C42B2 /* PBXTargetDependency */ = { isa = PBXTargetDependency; target = 76DC0A6428836EB1007C42B2 /* XCreds Login Overlay */; targetProxy = 76DC0A7A28837152007C42B2 /* PBXContainerItemProxy */; }; /* End PBXTargetDependency section */ /* Begin PBXVariantGroup section */ 760291E82C116E470075FBD8 /* Main.storyboard */ = { isa = PBXVariantGroup; children = ( 760291E92C116E470075FBD8 /* Base */, ); name = Main.storyboard; sourceTree = ""; }; 760291F92C116EDB0075FBD8 /* CredentialProviderViewController.xib */ = { isa = PBXVariantGroup; children = ( 760291FA2C116EDB0075FBD8 /* Base */, ); name = CredentialProviderViewController.xib; sourceTree = ""; }; 76DC0A6B28836EB2007C42B2 /* MainMenu.xib */ = { isa = PBXVariantGroup; children = ( 76DC0A6C28836EB2007C42B2 /* Base */, ); name = MainMenu.xib; sourceTree = ""; }; 76EE06A127FD1D01009E0F3A /* MainMenu.xib */ = { isa = PBXVariantGroup; children = ( 76EE06A227FD1D01009E0F3A /* Base */, ); name = MainMenu.xib; sourceTree = ""; }; /* End PBXVariantGroup section */ /* Begin XCBuildConfiguration section */ 760291ED2C116E470075FBD8 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES; ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CODE_SIGN_ENTITLEMENTS = "XCreds AutoFill/XCreds_AutoFill.entitlements"; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; CURRENT_PROJECT_VERSION = 9059; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; ENABLE_USER_SCRIPT_SANDBOXING = YES; GCC_C_LANGUAGE_STANDARD = gnu17; GCC_PREPROCESSOR_DEFINITIONS = ( "AUTOFILL_TARGET=1", "DEBUG=1", "$(inherited)", ); GENERATE_INFOPLIST_FILE = YES; INFOPLIST_KEY_LSBackgroundOnly = YES; INFOPLIST_KEY_NSMainStoryboardFile = Main; INFOPLIST_KEY_NSPrincipalClass = NSApplication; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", ); LOCALIZATION_PREFERS_STRING_CATALOGS = YES; MARKETING_VERSION = 5.8; PRODUCT_BUNDLE_IDENTIFIER = "com.twocanoes.xcreds.XCreds-AutoFill"; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; SWIFT_ACTIVE_COMPILATION_CONDITIONS = "DEBUG $(inherited)"; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Debug; }; 760291EE2C116E470075FBD8 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES; ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CODE_SIGN_ENTITLEMENTS = "XCreds AutoFill/XCreds_AutoFill.entitlements"; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; CURRENT_PROJECT_VERSION = 9059; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; ENABLE_USER_SCRIPT_SANDBOXING = YES; GCC_C_LANGUAGE_STANDARD = gnu17; GCC_PREPROCESSOR_DEFINITIONS = "AUTOFILL_TARGET=1"; GENERATE_INFOPLIST_FILE = YES; INFOPLIST_KEY_LSBackgroundOnly = YES; INFOPLIST_KEY_NSMainStoryboardFile = Main; INFOPLIST_KEY_NSPrincipalClass = NSApplication; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", ); LOCALIZATION_PREFERS_STRING_CATALOGS = YES; MARKETING_VERSION = 5.8; PRODUCT_BUNDLE_IDENTIFIER = "com.twocanoes.xcreds.XCreds-AutoFill"; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Release; }; 760292022C116EDB0075FBD8 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES; CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CODE_SIGN_ENTITLEMENTS = "XCreds AutoFill Extension/XCreds_AutoFill_Extension.entitlements"; CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 9059; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; ENABLE_USER_SCRIPT_SANDBOXING = YES; GCC_C_LANGUAGE_STANDARD = gnu17; GCC_PREPROCESSOR_DEFINITIONS = ( "DEBUG=1", "AUTOFILL_TARGET=1", "$(inherited)", ); GENERATE_INFOPLIST_FILE = YES; INFOPLIST_FILE = "XCreds AutoFill Extension/Info.plist"; INFOPLIST_KEY_CFBundleDisplayName = "XCreds AutoFill Extension"; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", "@executable_path/../../../../Frameworks", ); LOCALIZATION_PREFERS_STRING_CATALOGS = YES; MARKETING_VERSION = 5.8; PRODUCT_BUNDLE_IDENTIFIER = "com.twocanoes.xcreds.XCreds-AutoFill.XCreds-AutoFill-Extension"; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; SWIFT_ACTIVE_COMPILATION_CONDITIONS = "DEBUG $(inherited)"; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Debug; }; 760292032C116EDB0075FBD8 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES; CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CODE_SIGN_ENTITLEMENTS = "XCreds AutoFill Extension/XCreds_AutoFill_Extension.entitlements"; CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 9059; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; ENABLE_USER_SCRIPT_SANDBOXING = YES; GCC_C_LANGUAGE_STANDARD = gnu17; GCC_PREPROCESSOR_DEFINITIONS = "AUTOFILL_TARGET=1"; GENERATE_INFOPLIST_FILE = YES; INFOPLIST_FILE = "XCreds AutoFill Extension/Info.plist"; INFOPLIST_KEY_CFBundleDisplayName = "XCreds AutoFill Extension"; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", "@executable_path/../../../../Frameworks", ); LOCALIZATION_PREFERS_STRING_CATALOGS = YES; MARKETING_VERSION = 5.8; PRODUCT_BUNDLE_IDENTIFIER = "com.twocanoes.xcreds.XCreds-AutoFill.XCreds-AutoFill-Extension"; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Release; }; 76319361287D22C700D36BF7 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 9059; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = "\"$(SRCROOT)/Carthage/Build/Mac\""; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCredsLoginPlugin-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Debug; }; 76319362287D22C700D36BF7 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 9059; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = "\"$(SRCROOT)/Carthage/Build/Mac\""; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCredsLoginPlugin-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Release; }; 7653487B2E97363900FECD7C /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES; CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 9059; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; ENABLE_USER_SCRIPT_SANDBOXING = YES; GCC_C_LANGUAGE_STANDARD = gnu17; GCC_PREPROCESSOR_DEFINITIONS = ( "FILEVAULTLOGINHELPER_TARGET=1", "DEBUG=1", "$(inherited)", ); LOCALIZATION_PREFERS_STRING_CATALOGS = YES; MACOSX_DEPLOYMENT_TARGET = 13.5; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; SWIFT_ACTIVE_COMPILATION_CONDITIONS = "DEBUG $(inherited)"; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Debug; }; 7653487C2E97363900FECD7C /* Release */ = { isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES; CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 9059; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; ENABLE_USER_SCRIPT_SANDBOXING = YES; GCC_C_LANGUAGE_STANDARD = gnu17; GCC_PREPROCESSOR_DEFINITIONS = "FILEVAULTLOGINHELPER_TARGET=1"; LOCALIZATION_PREFERS_STRING_CATALOGS = YES; MACOSX_DEPLOYMENT_TARGET = 13.5; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Release; }; 766355BE2870CA6A002E3867 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { CODE_SIGN_ENTITLEMENTS = XCreds/xCreds.entitlements; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; CURRENT_PROJECT_VERSION = 9059; DEFINES_MODULE = YES; DEVELOPMENT_TEAM = UXP6YEHSPW; FRAMEWORK_SEARCH_PATHS = ( "\"$(SRCROOT)/Carthage/Build/Mac\"", "$(PROJECT_DIR)/Carthage/Build/Mac", ); GENERATE_INFOPLIST_FILE = YES; HEADER_SEARCH_PATHS = headers; INFOPLIST_FILE = XCredsLoginPlugin/Info.plist; INFOPLIST_KEY_NSHumanReadableCopyright = "© 2025 Twocanoes Software, Inc"; INFOPLIST_KEY_NSLocalNetworkUsageDescription = "Detect if there is a connection to the internet"; INFOPLIST_KEY_NSPrincipalClass = ""; INSTALL_PATH = "$(LOCAL_LIBRARY_DIR)/Bundles"; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", "@loader_path/../Frameworks", ); MARKETING_VERSION = 5.8; PRODUCT_BUNDLE_IDENTIFIER = com.twocanoes.XCredsLoginPlugin; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCredsLoginPlugin-Bridging-Header.h"; SWIFT_VERSION = 5.0; WRAPPER_EXTENSION = bundle; }; name = Debug; }; 766355BF2870CA6A002E3867 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { CODE_SIGN_ENTITLEMENTS = XCreds/xCreds.entitlements; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; CURRENT_PROJECT_VERSION = 9059; DEFINES_MODULE = YES; DEVELOPMENT_TEAM = UXP6YEHSPW; FRAMEWORK_SEARCH_PATHS = ( "\"$(SRCROOT)/Carthage/Build/Mac\"", "$(PROJECT_DIR)/Carthage/Build/Mac", ); GENERATE_INFOPLIST_FILE = YES; HEADER_SEARCH_PATHS = headers; INFOPLIST_FILE = XCredsLoginPlugin/Info.plist; INFOPLIST_KEY_NSHumanReadableCopyright = "© 2025 Twocanoes Software, Inc"; INFOPLIST_KEY_NSLocalNetworkUsageDescription = "Detect if there is a connection to the internet"; INFOPLIST_KEY_NSPrincipalClass = ""; INSTALL_PATH = "$(LOCAL_LIBRARY_DIR)/Bundles"; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", "@loader_path/../Frameworks", ); MARKETING_VERSION = 5.8; PRODUCT_BUNDLE_IDENTIFIER = com.twocanoes.XCredsLoginPlugin; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCredsLoginPlugin-Bridging-Header.h"; SWIFT_VERSION = 5.0; WRAPPER_EXTENSION = bundle; }; name = Release; }; 76786F582A27C36A00AA8DB9 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 9059; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; PRODUCT_NAME = "$(TARGET_NAME)"; SWIFT_OBJC_BRIDGING_HEADER = "auth_mech_fixup/auth_mech_fixup-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Debug; }; 76786F592A27C36A00AA8DB9 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 9059; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; PRODUCT_NAME = "$(TARGET_NAME)"; SWIFT_OBJC_BRIDGING_HEADER = "auth_mech_fixup/auth_mech_fixup-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Release; }; 76A247632C22747400859E0A /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES; CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CODE_SIGN_ENTITLEMENTS = tap/tap.entitlements; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; CURRENT_PROJECT_VERSION = 9059; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; ENABLE_USER_SCRIPT_SANDBOXING = YES; GCC_C_LANGUAGE_STANDARD = gnu17; GENERATE_INFOPLIST_FILE = YES; INFOPLIST_FILE = tap/Info.plist; INFOPLIST_KEY_CFBundleDisplayName = xcredstap; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", "@executable_path/../../../../Frameworks", ); LOCALIZATION_PREFERS_STRING_CATALOGS = YES; MARKETING_VERSION = 5.8; PRODUCT_BUNDLE_IDENTIFIER = com.twocanoes.xcreds.tap; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; SWIFT_ACTIVE_COMPILATION_CONDITIONS = "DEBUG $(inherited)"; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/tap-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Debug; }; 76A247642C22747400859E0A /* Release */ = { isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES; CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CODE_SIGN_ENTITLEMENTS = tap/tap.entitlements; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; CURRENT_PROJECT_VERSION = 9059; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; ENABLE_USER_SCRIPT_SANDBOXING = YES; GCC_C_LANGUAGE_STANDARD = gnu17; GENERATE_INFOPLIST_FILE = YES; INFOPLIST_FILE = tap/Info.plist; INFOPLIST_KEY_CFBundleDisplayName = xcredstap; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", "@executable_path/../../../../Frameworks", ); LOCALIZATION_PREFERS_STRING_CATALOGS = YES; MARKETING_VERSION = 5.8; PRODUCT_BUNDLE_IDENTIFIER = com.twocanoes.xcreds.tap; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/tap-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Release; }; 76DC0A7028836EB2007C42B2 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; CODE_SIGN_ENTITLEMENTS = "XCreds Login Overlay/XCreds_Login_Overlay.entitlements"; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; CURRENT_PROJECT_VERSION = 9059; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = ( "\"$(SRCROOT)/Carthage/Build/Mac\"", "$(PROJECT_DIR)/Carthage/Build/Mac", ); GENERATE_INFOPLIST_FILE = YES; INFOPLIST_FILE = "XCreds-Login-Overlay-Info.plist"; INFOPLIST_KEY_NSMainNibFile = MainMenu; INFOPLIST_KEY_NSPrincipalClass = NSApplication; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", ); MARKETING_VERSION = 5.8; PRODUCT_BUNDLE_IDENTIFIER = "com.twocanoes.XCreds-Login-Overlay"; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Debug; }; 76DC0A7128836EB2007C42B2 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; CODE_SIGN_ENTITLEMENTS = "XCreds Login Overlay/XCreds_Login_Overlay.entitlements"; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; CURRENT_PROJECT_VERSION = 9059; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = ( "\"$(SRCROOT)/Carthage/Build/Mac\"", "$(PROJECT_DIR)/Carthage/Build/Mac", ); GENERATE_INFOPLIST_FILE = YES; INFOPLIST_FILE = "XCreds-Login-Overlay-Info.plist"; INFOPLIST_KEY_NSMainNibFile = MainMenu; INFOPLIST_KEY_NSPrincipalClass = NSApplication; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", ); MARKETING_VERSION = 5.8; PRODUCT_BUNDLE_IDENTIFIER = "com.twocanoes.XCreds-Login-Overlay"; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Release; }; 76EE06A527FD1D01009E0F3A /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { ALWAYS_SEARCH_USER_PATHS = NO; CLANG_ANALYZER_NONNULL = YES; CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; CLANG_CXX_LANGUAGE_STANDARD = "gnu++17"; CLANG_ENABLE_MODULES = YES; CLANG_ENABLE_OBJC_ARC = YES; CLANG_ENABLE_OBJC_WEAK = YES; CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; CLANG_WARN_BOOL_CONVERSION = YES; CLANG_WARN_COMMA = YES; CLANG_WARN_CONSTANT_CONVERSION = YES; CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = NO; CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; CLANG_WARN_DOCUMENTATION_COMMENTS = YES; CLANG_WARN_EMPTY_BODY = YES; CLANG_WARN_ENUM_CONVERSION = YES; CLANG_WARN_INFINITE_RECURSION = YES; CLANG_WARN_INT_CONVERSION = YES; CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES; CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; CLANG_WARN_STRICT_PROTOTYPES = YES; CLANG_WARN_SUSPICIOUS_MOVE = YES; CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; CLANG_WARN_UNREACHABLE_CODE = YES; CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; COPY_PHASE_STRIP = NO; CURRENT_PROJECT_VERSION = 9059; DEBUG_INFORMATION_FORMAT = dwarf; ENABLE_STRICT_OBJC_MSGSEND = YES; ENABLE_TESTABILITY = YES; GCC_C_LANGUAGE_STANDARD = gnu11; GCC_DYNAMIC_NO_PIC = NO; GCC_NO_COMMON_BLOCKS = YES; GCC_OPTIMIZATION_LEVEL = 0; GCC_PREPROCESSOR_DEFINITIONS = ( "DEBUG=1", "$(inherited)", ); GCC_WARN_64_TO_32_BIT_CONVERSION = YES; GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO; GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; GCC_WARN_UNDECLARED_SELECTOR = YES; GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; GCC_WARN_UNUSED_FUNCTION = YES; GCC_WARN_UNUSED_VARIABLE = YES; INFOPLIST_KEY_NSHumanReadableCopyright = "© 2025 Twocanoes Software, Inc"; INFOPLIST_KEY_NSLocalNetworkUsageDescription = "Detect if there is a connection to the internets"; MACOSX_DEPLOYMENT_TARGET = 13.5; MARKETING_VERSION = 5.4; MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE; MTL_FAST_MATH = YES; ONLY_ACTIVE_ARCH = YES; SDKROOT = macosx; STRIP_SWIFT_SYMBOLS = NO; SWIFT_ACTIVE_COMPILATION_CONDITIONS = DEBUG; SWIFT_OPTIMIZATION_LEVEL = "-Onone"; }; name = Debug; }; 76EE06A627FD1D01009E0F3A /* Release */ = { isa = XCBuildConfiguration; buildSettings = { ALWAYS_SEARCH_USER_PATHS = NO; CLANG_ANALYZER_NONNULL = YES; CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; CLANG_CXX_LANGUAGE_STANDARD = "gnu++17"; CLANG_ENABLE_MODULES = YES; CLANG_ENABLE_OBJC_ARC = YES; CLANG_ENABLE_OBJC_WEAK = YES; CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; CLANG_WARN_BOOL_CONVERSION = YES; CLANG_WARN_COMMA = YES; CLANG_WARN_CONSTANT_CONVERSION = YES; CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = NO; CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; CLANG_WARN_DOCUMENTATION_COMMENTS = YES; CLANG_WARN_EMPTY_BODY = YES; CLANG_WARN_ENUM_CONVERSION = YES; CLANG_WARN_INFINITE_RECURSION = YES; CLANG_WARN_INT_CONVERSION = YES; CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES; CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; CLANG_WARN_STRICT_PROTOTYPES = YES; CLANG_WARN_SUSPICIOUS_MOVE = YES; CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; CLANG_WARN_UNREACHABLE_CODE = YES; CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; COPY_PHASE_STRIP = NO; CURRENT_PROJECT_VERSION = 9059; DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; ENABLE_NS_ASSERTIONS = NO; ENABLE_STRICT_OBJC_MSGSEND = YES; GCC_C_LANGUAGE_STANDARD = gnu11; GCC_NO_COMMON_BLOCKS = YES; GCC_WARN_64_TO_32_BIT_CONVERSION = YES; GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO; GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; GCC_WARN_UNDECLARED_SELECTOR = YES; GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; GCC_WARN_UNUSED_FUNCTION = YES; GCC_WARN_UNUSED_VARIABLE = YES; INFOPLIST_KEY_NSHumanReadableCopyright = "© 2025 Twocanoes Software, Inc"; INFOPLIST_KEY_NSLocalNetworkUsageDescription = "Detect if there is a connection to the internets"; MACOSX_DEPLOYMENT_TARGET = 13.5; MARKETING_VERSION = 5.4; MTL_ENABLE_DEBUG_INFO = NO; MTL_FAST_MATH = YES; SDKROOT = macosx; STRIP_SWIFT_SYMBOLS = NO; SWIFT_COMPILATION_MODE = wholemodule; SWIFT_OPTIMIZATION_LEVEL = "-O"; }; name = Release; }; 76EE06A827FD1D01009E0F3A /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; ASSETCATALOG_COMPILER_INCLUDE_ALL_APPICON_ASSETS = NO; CODE_SIGN_ENTITLEMENTS = XCreds/xCreds.entitlements; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; CURRENT_PROJECT_VERSION = 9059; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = ( "\"$(SRCROOT)/Carthage/Build/Mac\"", "$(PROJECT_DIR)/Carthage/Build/Mac", "$(PROJECT_DIR)", ); GENERATE_INFOPLIST_FILE = YES; HEADER_SEARCH_PATHS = headers; INFOPLIST_FILE = XCreds/Info.plist; INFOPLIST_KEY_LSUIElement = YES; INFOPLIST_KEY_NSMainNibFile = MainMenu; INFOPLIST_KEY_NSPrincipalClass = NSApplication; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", ); LIBRARY_SEARCH_PATHS = ( "$(inherited)", "$(SDKROOT)/usr/lib/system", ); MACOSX_DEPLOYMENT_TARGET = 13.5; MARKETING_VERSION = 5.8; PRODUCT_BUNDLE_IDENTIFIER = com.twocanoes.xcreds; PRODUCT_NAME = "$(TARGET_NAME)"; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Debug; }; 76EE06A927FD1D01009E0F3A /* Release */ = { isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; ASSETCATALOG_COMPILER_INCLUDE_ALL_APPICON_ASSETS = NO; CODE_SIGN_ENTITLEMENTS = XCreds/xCreds.entitlements; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; CURRENT_PROJECT_VERSION = 9059; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = ( "\"$(SRCROOT)/Carthage/Build/Mac\"", "$(PROJECT_DIR)/Carthage/Build/Mac", "$(PROJECT_DIR)", ); GENERATE_INFOPLIST_FILE = YES; HEADER_SEARCH_PATHS = headers; INFOPLIST_FILE = XCreds/Info.plist; INFOPLIST_KEY_LSUIElement = YES; INFOPLIST_KEY_NSMainNibFile = MainMenu; INFOPLIST_KEY_NSPrincipalClass = NSApplication; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", ); LIBRARY_SEARCH_PATHS = ( "$(inherited)", "$(SDKROOT)/usr/lib/system", ); MACOSX_DEPLOYMENT_TARGET = 13.5; MARKETING_VERSION = 5.8; PRODUCT_BUNDLE_IDENTIFIER = com.twocanoes.xcreds; PRODUCT_NAME = "$(TARGET_NAME)"; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Release; }; /* End XCBuildConfiguration section */ /* Begin XCConfigurationList section */ 760291EC2C116E470075FBD8 /* Build configuration list for PBXNativeTarget "XCreds Login Autofill" */ = { isa = XCConfigurationList; buildConfigurations = ( 760291ED2C116E470075FBD8 /* Debug */, 760291EE2C116E470075FBD8 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 760292012C116EDB0075FBD8 /* Build configuration list for PBXNativeTarget "XCreds Login Password" */ = { isa = XCConfigurationList; buildConfigurations = ( 760292022C116EDB0075FBD8 /* Debug */, 760292032C116EDB0075FBD8 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 76319363287D22C700D36BF7 /* Build configuration list for PBXNativeTarget "authrights" */ = { isa = XCConfigurationList; buildConfigurations = ( 76319361287D22C700D36BF7 /* Debug */, 76319362287D22C700D36BF7 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 7653487A2E97363900FECD7C /* Build configuration list for PBXNativeTarget "FileVaultLoginHelper" */ = { isa = XCConfigurationList; buildConfigurations = ( 7653487B2E97363900FECD7C /* Debug */, 7653487C2E97363900FECD7C /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 766355C02870CA6A002E3867 /* Build configuration list for PBXNativeTarget "XCredsLoginPlugin" */ = { isa = XCConfigurationList; buildConfigurations = ( 766355BE2870CA6A002E3867 /* Debug */, 766355BF2870CA6A002E3867 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 76786F572A27C36A00AA8DB9 /* Build configuration list for PBXNativeTarget "auth_mech_fixup" */ = { isa = XCConfigurationList; buildConfigurations = ( 76786F582A27C36A00AA8DB9 /* Debug */, 76786F592A27C36A00AA8DB9 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 76A247652C22747400859E0A /* Build configuration list for PBXNativeTarget "xcredstap" */ = { isa = XCConfigurationList; buildConfigurations = ( 76A247632C22747400859E0A /* Debug */, 76A247642C22747400859E0A /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 76DC0A6F28836EB2007C42B2 /* Build configuration list for PBXNativeTarget "XCreds Login Overlay" */ = { isa = XCConfigurationList; buildConfigurations = ( 76DC0A7028836EB2007C42B2 /* Debug */, 76DC0A7128836EB2007C42B2 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 76EE069527FD1D00009E0F3A /* Build configuration list for PBXProject "XCreds" */ = { isa = XCConfigurationList; buildConfigurations = ( 76EE06A527FD1D01009E0F3A /* Debug */, 76EE06A627FD1D01009E0F3A /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 76EE06A727FD1D01009E0F3A /* Build configuration list for PBXNativeTarget "XCreds" */ = { isa = XCConfigurationList; buildConfigurations = ( 76EE06A827FD1D01009E0F3A /* Debug */, 76EE06A927FD1D01009E0F3A /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; /* End XCConfigurationList section */ /* Begin XCRemoteSwiftPackageReference section */ 76319364287D24E100D36BF7 /* XCRemoteSwiftPackageReference "swift-argument-parser" */ = { isa = XCRemoteSwiftPackageReference; repositoryURL = "https://github.com/apple/swift-argument-parser.git"; requirement = { kind = upToNextMajorVersion; minimumVersion = 1.0.0; }; }; 76477E022C626B5D00F01D56 /* XCRemoteSwiftPackageReference "OIDCLite" */ = { isa = XCRemoteSwiftPackageReference; repositoryURL = "https://github.com/twocanoes/OIDCLite.git"; requirement = { branch = develop; kind = branch; }; }; /* End XCRemoteSwiftPackageReference section */ /* Begin XCSwiftPackageProductDependency section */ 762177E52B7144460051B756 /* OIDCLite */ = { isa = XCSwiftPackageProductDependency; productName = OIDCLite; }; 76319365287D24E100D36BF7 /* ArgumentParser */ = { isa = XCSwiftPackageProductDependency; package = 76319364287D24E100D36BF7 /* XCRemoteSwiftPackageReference "swift-argument-parser" */; productName = ArgumentParser; }; 76319368287D24F600D36BF7 /* ArgumentParser */ = { isa = XCSwiftPackageProductDependency; package = 76319364287D24E100D36BF7 /* XCRemoteSwiftPackageReference "swift-argument-parser" */; productName = ArgumentParser; }; 76477E032C626B5D00F01D56 /* OIDCLite */ = { isa = XCSwiftPackageProductDependency; package = 76477E022C626B5D00F01D56 /* XCRemoteSwiftPackageReference "OIDCLite" */; productName = OIDCLite; }; 766355CD2870E9D3002E3867 /* OIDCLite */ = { isa = XCSwiftPackageProductDependency; productName = OIDCLite; }; 76AB89E02A12FAF900529D90 /* OIDCLite */ = { isa = XCSwiftPackageProductDependency; productName = OIDCLite; }; 76AB89E22A12FB4900529D90 /* ArgumentParser */ = { isa = XCSwiftPackageProductDependency; package = 76319364287D24E100D36BF7 /* XCRemoteSwiftPackageReference "swift-argument-parser" */; productName = ArgumentParser; }; 76DD6D16285997F300A700ED /* OIDCLite */ = { isa = XCSwiftPackageProductDependency; productName = OIDCLite; }; /* End XCSwiftPackageProductDependency section */ }; rootObject = 76EE069227FD1D00009E0F3A /* Project object */; } ================================================ FILE: XCreds.xcodeproj/project.xcworkspace/contents.xcworkspacedata ================================================ ================================================ FILE: XCreds.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist ================================================ IDEDidComputeMac32BitWarning ================================================ FILE: XCreds.xcodeproj/project.xcworkspace/xcshareddata/WorkspaceSettings.xcsettings ================================================ PreviewsEnabled ================================================ FILE: XCreds.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved ================================================ { "object": { "pins": [ { "package": "swift-argument-parser", "repositoryURL": "https://github.com/apple/swift-argument-parser.git", "state": { "branch": null, "revision": "309a47b2b1d9b5e991f36961c983ecec72275be3", "version": "1.6.1" } } ] }, "version": 1 } ================================================ FILE: XCreds.xcodeproj/project.xcworkspace/xcuserdata/tperfitt.xcuserdatad/Bookmarks/bookmarks.plist ================================================ top-level-items destination rebasable-url base workspace payload relative-path XCredsLoginPlugIn/LoginWindow/NetworkMonitor.swift type DVTDocumentLocation type bookmark ================================================ FILE: XCreds.xcodeproj/project.xcworkspace/xcuserdata/tperfitt.xcuserdatad/IDEFindNavigatorScopes.plist ================================================ ================================================ FILE: XCreds.xcodeproj/project.xcworkspace/xcuserdata/tperfitt.xcuserdatad/WorkspaceSettings.xcsettings ================================================ BuildLocationStyle UseAppPreferences CustomBuildLocationType RelativeToDerivedData DerivedDataCustomLocation /Applications/Build DerivedDataLocationStyle AbsolutePath IssueFilterStyle ShowActiveSchemeOnly LiveSourceIssuesEnabled ShowSharedSchemesAutomaticallyEnabled ================================================ FILE: XCreds.xcodeproj/project_BACKUP_63385.pbxproj ================================================ // !$*UTF8*$! { archiveVersion = 1; classes = { }; objectVersion = 55; objects = { /* Begin PBXBuildFile section */ 089B22F12AFAED280006B6BC /* NetworkMonitor.swift in Sources */ = {isa = PBXBuildFile; fileRef = 089B22F02AFAED280006B6BC /* NetworkMonitor.swift */; }; 089B22F22AFAED810006B6BC /* NetworkMonitor.swift in Sources */ = {isa = PBXBuildFile; fileRef = 089B22F02AFAED280006B6BC /* NetworkMonitor.swift */; }; 54848E8F2B47336D000DF420 /* KerbUtil.m in Sources */ = {isa = PBXBuildFile; fileRef = 76C4BABA2B353B4B007B2C57 /* KerbUtil.m */; }; 54848E902B47336D000DF420 /* KerbUtil.m in Sources */ = {isa = PBXBuildFile; fileRef = 76C4BABA2B353B4B007B2C57 /* KerbUtil.m */; }; 760148A92B23639D00E119A2 /* NSBundle+FindBundlePath.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760148A82B23639D00E119A2 /* NSBundle+FindBundlePath.swift */; }; 760148AA2B2365F100E119A2 /* NSBundle+FindBundlePath.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760148A82B23639D00E119A2 /* NSBundle+FindBundlePath.swift */; }; 760418D22A1332210051411B /* SignInWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418CF2A1332210051411B /* SignInWindowController.swift */; }; 760418D52A1332520051411B /* DS+AD.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418D42A1332520051411B /* DS+AD.swift */; }; 760418D72A1332660051411B /* DSQueryable.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418D62A1332660051411B /* DSQueryable.swift */; }; 760418D92A1332770051411B /* SystemInfoHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418D82A1332770051411B /* SystemInfoHelper.swift */; }; 760418E02A133A370051411B /* DSQueryable.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418D62A1332660051411B /* DSQueryable.swift */; }; 761121B62B3D24FE005F7D02 /* SignInWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418CF2A1332210051411B /* SignInWindowController.swift */; }; 761121B72B3D26EE005F7D02 /* SystemInfoHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418D82A1332770051411B /* SystemInfoHelper.swift */; }; 761121B82B3D26F5005F7D02 /* LocalCheckAndMigrate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418DA2A13328C0051411B /* LocalCheckAndMigrate.swift */; }; 761121B92B3D26FB005F7D02 /* DS+AD.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418D42A1332520051411B /* DS+AD.swift */; }; 7611CEC0288B75140063A644 /* XCredsCreateUser.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7611CEBF288B75140063A644 /* XCredsCreateUser.swift */; }; 7611CEC2288B96760063A644 /* XCredsEnableFDE.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7611CEC1288B96760063A644 /* XCredsEnableFDE.swift */; }; 7613FDF7289E114F00340CCD /* loadpage.html in Resources */ = {isa = PBXBuildFile; fileRef = 7613FDF6289E114F00340CCD /* loadpage.html */; }; 7614D03C2B181A5D006EAF36 /* icon_128x128.png in Resources */ = {isa = PBXBuildFile; fileRef = 7614D03B2B181A5D006EAF36 /* icon_128x128.png */; }; 761B486928A34CC900C6A02B /* LoginProgressWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 761B486728A34CC900C6A02B /* LoginProgressWindowController.xib */; }; 761B486A28A34CC900C6A02B /* LoginProgressWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 761B486828A34CC900C6A02B /* LoginProgressWindowController.swift */; }; 761B486C28A3575000C6A02B /* XCredsLoginDone.swift in Sources */ = {isa = PBXBuildFile; fileRef = 761B486B28A3575000C6A02B /* XCredsLoginDone.swift */; }; 762177E62B7144460051B756 /* OIDCLite in Frameworks */ = {isa = PBXBuildFile; productRef = 762177E52B7144460051B756 /* OIDCLite */; }; 7623384C2B53029D00F2D714 /* ShareMounterMenu.swift in Sources */ = {isa = PBXBuildFile; fileRef = 763DDF152B4F100D000D48CC /* ShareMounterMenu.swift */; }; 7623384D2B53029D00F2D714 /* ShareMounter.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76C4ACBE2B3D0F8D003B3605 /* ShareMounter.swift */; }; 762761602B294A7C0067D1D4 /* icon_128x128.png in Resources */ = {isa = PBXBuildFile; fileRef = 7614D03B2B181A5D006EAF36 /* icon_128x128.png */; }; 76319360287D22C700D36BF7 /* authrights.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7631935F287D22C700D36BF7 /* authrights.swift */; }; 76319366287D24E100D36BF7 /* ArgumentParser in Frameworks */ = {isa = PBXBuildFile; productRef = 76319365287D24E100D36BF7 /* ArgumentParser */; }; 76319369287D24F600D36BF7 /* ArgumentParser in Frameworks */ = {isa = PBXBuildFile; productRef = 76319368287D24F600D36BF7 /* ArgumentParser */; }; 7631936C287D29B700D36BF7 /* AuthorizationDBManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */; }; 7631936D287D2A6200D36BF7 /* LoggerHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EECCFF2875135900483C66 /* LoggerHelper.swift */; }; 7631936E287D2AB100D36BF7 /* TCSUnifiedLogger.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADF9284EB15000332EBC /* TCSUnifiedLogger.m */; }; 76319370287DE24D00D36BF7 /* NSFileManager+TCSRealHomeFolder.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADFC284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m */; }; 76319373287E18BF00D36BF7 /* DataExtension.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632909B2876673500CF8857 /* DataExtension.swift */; }; 76319374287E198C00D36BF7 /* XCredsLoginPlugin.bundle in Resources */ = {isa = PBXBuildFile; fileRef = 766355BD2870CA6A002E3867 /* XCredsLoginPlugin.bundle */; }; 76319377287E1FAF00D36BF7 /* authrights in Resources */ = {isa = PBXBuildFile; fileRef = 7631935D287D22C700D36BF7 /* authrights */; }; 7632909D2876674100CF8857 /* DataExtension.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632909B2876673500CF8857 /* DataExtension.swift */; }; 7632E39F287347C100E37923 /* XCredsKeychainAdd.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632E39E287347C100E37923 /* XCredsKeychainAdd.swift */; }; 7632E3A12873497C00E37923 /* LogShim.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632E3A02873497C00E37923 /* LogShim.swift */; }; 7632E3A2287357CC00E37923 /* TokenManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AB27FD1D92009E0F3A /* TokenManager.swift */; }; 7632E3A32873581100E37923 /* KeychainUtil.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116B2284B045800CCD6FF /* KeychainUtil.swift */; }; 76342E5A2B282653007D4F29 /* DesktopLoginWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76342E592B282653007D4F29 /* DesktopLoginWindowController.swift */; }; 763AEFDF2C156E1E0059A83D /* WhitePopoverBackgroundView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 763AEFDE2C156E1E0059A83D /* WhitePopoverBackgroundView.swift */; }; 763DDF1A2B4F1DD4000D48CC /* GSS.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 763DDF192B4F1DD4000D48CC /* GSS.framework */; }; 76477E042C626B5D00F01D56 /* OIDCLite in Frameworks */ = {isa = PBXBuildFile; productRef = 76477E032C626B5D00F01D56 /* OIDCLite */; }; 764859F22B2FA2E800507C16 /* Window+ForceToFront.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AF27FD1DD8009E0F3A /* Window+ForceToFront.swift */; }; 7649056F2B6CADA9008B552F /* xcredsmenuItemWindowBackgroundImage.png in Resources */ = {isa = PBXBuildFile; fileRef = 7649056E2B6CADA9008B552F /* xcredsmenuItemWindowBackgroundImage.png */; }; 764D8126284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 764D8124284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.swift */; }; 764D8127284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 764D8125284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.xib */; }; 764D8129284BCAB100B3EE54 /* Window+Shake.swift in Sources */ = {isa = PBXBuildFile; fileRef = 764D8128284BCAB100B3EE54 /* Window+Shake.swift */; }; 764D812C284BCC7400B3EE54 /* VerifyOIDCPasswordWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 764D812A284BCC7400B3EE54 /* VerifyOIDCPasswordWindowController.swift */; }; 764D812D284BCC7400B3EE54 /* VerifyOIDCPassword.xib in Resources */ = {isa = PBXBuildFile; fileRef = 764D812B284BCC7400B3EE54 /* VerifyOIDCPassword.xib */; }; 764D812F284C06AB00B3EE54 /* defaults.plist in Resources */ = {isa = PBXBuildFile; fileRef = 764D812E284C06AB00B3EE54 /* defaults.plist */; }; 764D8133284D14A500B3EE54 /* Credits.txt in Resources */ = {isa = PBXBuildFile; fileRef = 764D8132284D14A500B3EE54 /* Credits.txt */; }; 7651EDED2A1451590075980B /* LocalUsersViewController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 7651EDEC2A1451590075980B /* LocalUsersViewController.xib */; }; 7651EDF72A1474330075980B /* LoginWebViewController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 7651EDF62A1474330075980B /* LoginWebViewController.xib */; }; 7657DEAF2B3503BF003A23DB /* SessionManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEAE2B3503BF003A23DB /* SessionManager.swift */; }; 7657DEB02B3503BF003A23DB /* SessionManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEAE2B3503BF003A23DB /* SessionManager.swift */; }; 7657DEB32B350476003A23DB /* NoMADSession.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEB22B350476003A23DB /* NoMADSession.swift */; }; 7657DEB42B350476003A23DB /* NoMADSession.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEB22B350476003A23DB /* NoMADSession.swift */; }; 7657DEB62B3504A6003A23DB /* UserRecord.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEB52B3504A6003A23DB /* UserRecord.swift */; }; 7657DEB72B3504A6003A23DB /* UserRecord.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEB52B3504A6003A23DB /* UserRecord.swift */; }; 7657DEBC2B35055F003A23DB /* Logger.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEBB2B35055F003A23DB /* Logger.swift */; }; 7657DEBD2B35055F003A23DB /* Logger.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEBB2B35055F003A23DB /* Logger.swift */; }; 7657DEC02B3505A3003A23DB /* DNSResolver.m in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEBE2B3505A3003A23DB /* DNSResolver.m */; }; 7657DEC32B3505CB003A23DB /* ADLDAPPing.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEC22B3505CB003A23DB /* ADLDAPPing.swift */; }; 7657DEC42B3505CB003A23DB /* ADLDAPPing.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEC22B3505CB003A23DB /* ADLDAPPing.swift */; }; 7657DEC62B3505EB003A23DB /* Extensions.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEC52B3505EB003A23DB /* Extensions.swift */; }; 7657DEC72B3505EB003A23DB /* Extensions.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEC52B3505EB003A23DB /* Extensions.swift */; }; 7657DEC92B350606003A23DB /* KlistUtil.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEC82B350606003A23DB /* KlistUtil.swift */; }; 7657DECC2B35061E003A23DB /* SiteManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DECB2B35061E003A23DB /* SiteManager.swift */; }; 7657DECD2B35061E003A23DB /* SiteManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DECB2B35061E003A23DB /* SiteManager.swift */; }; 7657DED92B351B5B003A23DB /* UNIXUtilities.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DED82B351B5B003A23DB /* UNIXUtilities.swift */; }; 7657DEDA2B351B5B003A23DB /* UNIXUtilities.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DED82B351B5B003A23DB /* UNIXUtilities.swift */; }; 7659CA07298E1BB6005D1AA3 /* DefaultBackground.png in Resources */ = {isa = PBXBuildFile; fileRef = 7659CA06298E1BB6005D1AA3 /* DefaultBackground.png */; }; 766355C32870CB6F002E3867 /* XCredsLoginPlugin.m in Sources */ = {isa = PBXBuildFile; fileRef = 766355C22870CB6F002E3867 /* XCredsLoginPlugin.m */; }; 766355CA2870DCF5002E3867 /* TCSUnifiedLogger.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADF9284EB15000332EBC /* TCSUnifiedLogger.m */; }; 766355CB2870E5E9002E3867 /* NSFileManager+TCSRealHomeFolder.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADFC284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m */; }; 766355CC2870E9AD002E3867 /* WebViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06B327FD1E5F009E0F3A /* WebViewController.swift */; }; 766355CE2870E9D3002E3867 /* OIDCLite in Frameworks */ = {isa = PBXBuildFile; productRef = 766355CD2870E9D3002E3867 /* OIDCLite */; }; 766355CF2870E9E7002E3867 /* PrefKeys.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AD27FD1DC3009E0F3A /* PrefKeys.swift */; }; 766355D12870EBAD002E3867 /* VerifyOIDCPassword.xib in Resources */ = {isa = PBXBuildFile; fileRef = 764D812B284BCC7400B3EE54 /* VerifyOIDCPassword.xib */; }; 766355D42870F29A002E3867 /* TestWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766355D22870F29A002E3867 /* TestWindowController.swift */; }; 766355D52870F29A002E3867 /* TestWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 766355D32870F29A002E3867 /* TestWindowController.xib */; }; 766355D928711C51002E3867 /* defaults.plist in Resources */ = {isa = PBXBuildFile; fileRef = 764D812E284C06AB00B3EE54 /* defaults.plist */; }; 766355DB287132E9002E3867 /* LoginWebViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766355DA287132E9002E3867 /* LoginWebViewController.swift */; }; 766355DC287133C7002E3867 /* WebViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06B327FD1E5F009E0F3A /* WebViewController.swift */; }; 766355E328713C4A002E3867 /* LoginWindow.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766355E128713C47002E3867 /* LoginWindow.swift */; }; 766355E5287148C1002E3867 /* Tokens.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766355E4287148C1002E3867 /* Tokens.swift */; }; 766355E6287148C1002E3867 /* Tokens.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766355E4287148C1002E3867 /* Tokens.swift */; }; 76673CD229D3CFF900452848 /* errorpage.html in Resources */ = {isa = PBXBuildFile; fileRef = 766CC43729D3AED2009BC526 /* errorpage.html */; }; 76673CD529D3D5F500452848 /* LicenseChecker.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76673CD429D3D5F500452848 /* LicenseChecker.swift */; }; 76673CD629D3D5F500452848 /* LicenseChecker.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76673CD429D3D5F500452848 /* LicenseChecker.swift */; }; 766CC42829D3A3DC009BC526 /* ProductLicense.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42229D3A321009BC526 /* ProductLicense.framework */; }; 766CC42929D3A3DC009BC526 /* ProductLicense.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42229D3A321009BC526 /* ProductLicense.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; }; 766CC42A29D3A3DC009BC526 /* Paddle.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42129D3A320009BC526 /* Paddle.framework */; }; 766CC42B29D3A3DC009BC526 /* Paddle.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42129D3A320009BC526 /* Paddle.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; }; 766CC42D29D3A3EC009BC526 /* ProductLicense.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42229D3A321009BC526 /* ProductLicense.framework */; }; 766CC42E29D3A3EC009BC526 /* ProductLicense.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42229D3A321009BC526 /* ProductLicense.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; }; 766CC42F29D3A3EC009BC526 /* Paddle.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42129D3A320009BC526 /* Paddle.framework */; }; 766CC43029D3A3EC009BC526 /* Paddle.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42129D3A320009BC526 /* Paddle.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; }; 766CC43229D3A3F8009BC526 /* ProductLicense.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42229D3A321009BC526 /* ProductLicense.framework */; }; 766CC43329D3A3F8009BC526 /* ProductLicense.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42229D3A321009BC526 /* ProductLicense.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; }; 766CC43429D3A3F8009BC526 /* Paddle.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42129D3A320009BC526 /* Paddle.framework */; }; 766CC43529D3A3F8009BC526 /* Paddle.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42129D3A320009BC526 /* Paddle.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; }; 766CC43829D3AED2009BC526 /* errorpage.html in Resources */ = {isa = PBXBuildFile; fileRef = 766CC43729D3AED2009BC526 /* errorpage.html */; }; 766F4C4B2883AFD90021F548 /* pleaseWaitGraphic.png in Resources */ = {isa = PBXBuildFile; fileRef = 766F4C4A2883AFD90021F548 /* pleaseWaitGraphic.png */; }; 766FD60D2A1B06AC00C8F244 /* DefaultsOverride.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766FD60C2A1B06AC00C8F244 /* DefaultsOverride.swift */; }; 767116A7284AABC500CCD6FF /* NotifyManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116A6284AABC500CCD6FF /* NotifyManager.swift */; }; 767116A9284AAE2B00CCD6FF /* ScheduleManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116A8284AAE2B00CCD6FF /* ScheduleManager.swift */; }; 767116AC284AB4C000CCD6FF /* PasswordUtils.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116AB284AB4C000CCD6FF /* PasswordUtils.swift */; }; 767116B1284B021500CCD6FF /* MainController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116B0284B021500CCD6FF /* MainController.swift */; }; 767116B3284B045800CCD6FF /* KeychainUtil.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116B2284B045800CCD6FF /* KeychainUtil.swift */; }; 7677908628908E40004E7085 /* WifiWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7677908328908E40004E7085 /* WifiWindowController.swift */; }; 7677908728908E40004E7085 /* WifiManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7677908428908E40004E7085 /* WifiManager.swift */; }; 7677908828908E40004E7085 /* WifiWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 7677908528908E40004E7085 /* WifiWindowController.xib */; }; 76786F562A27C36A00AA8DB9 /* main.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76786F552A27C36A00AA8DB9 /* main.swift */; }; 76786F5A2A27C37100AA8DB9 /* AuthRightsHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76786F4E2A27C31400AA8DB9 /* AuthRightsHelper.swift */; }; 76786F5B2A27C38800AA8DB9 /* AuthorizationDBManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */; }; 76786F5D2A27C3B300AA8DB9 /* TCSUnifiedLogger.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADF9284EB15000332EBC /* TCSUnifiedLogger.m */; }; 76786F5E2A27C60800AA8DB9 /* LoggerHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EECCFF2875135900483C66 /* LoggerHelper.swift */; }; 76786F662A27C62D00AA8DB9 /* main.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76786F652A27C62D00AA8DB9 /* main.swift */; }; 76786F6B2A27C79100AA8DB9 /* NSFileManager+TCSRealHomeFolder.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADFC284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m */; }; 767B939C2A28279E0038935E /* View+Shake.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767B939B2A28279E0038935E /* View+Shake.swift */; }; 767B939D2A28289E0038935E /* View+Shake.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767B939B2A28279E0038935E /* View+Shake.swift */; }; 767C42842AC6645700542099 /* AuthRightsHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76786F4E2A27C31400AA8DB9 /* AuthRightsHelper.swift */; }; 767CB2D02B13B92B006CA2AC /* OpenDirectory.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 767CB2CF2B13B92B006CA2AC /* OpenDirectory.framework */; }; 7681FEC52A4C8B9000F91CD1 /* AboutWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7681FEC42A4C8B9000F91CD1 /* AboutWindowController.swift */; }; 7681FEC72A4C8BC800F91CD1 /* AboutWindow.xib in Resources */ = {isa = PBXBuildFile; fileRef = 7681FEC62A4C8BC800F91CD1 /* AboutWindow.xib */; }; 7681FEC92A4CFEA200F91CD1 /* com.twocanoes.xcreds.plist in Resources */ = {isa = PBXBuildFile; fileRef = 7681FEC82A4CFEA200F91CD1 /* com.twocanoes.xcreds.plist */; }; 7683973129A854EC003D9B9F /* NSImage+String.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7683973029A854EC003D9B9F /* NSImage+String.swift */; }; 7683973229A854EC003D9B9F /* NSImage+String.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7683973029A854EC003D9B9F /* NSImage+String.swift */; }; 768633D92AFC4908004065E5 /* WifiManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7677908428908E40004E7085 /* WifiManager.swift */; }; 76873E2F2A107736001418A9 /* DefaultsHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76873E2E2A107736001418A9 /* DefaultsHelper.swift */; }; 76873E302A107736001418A9 /* DefaultsHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76873E2E2A107736001418A9 /* DefaultsHelper.swift */; }; 76A8A4E32A0DF7C700AA6054 /* NSTaskWrapper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F528724FA80013E2A1 /* NSTaskWrapper.swift */; }; 76AB89E12A12FAF900529D90 /* OIDCLite in Frameworks */ = {isa = PBXBuildFile; productRef = 76AB89E02A12FAF900529D90 /* OIDCLite */; }; 76AB89E32A12FB4900529D90 /* ArgumentParser in Frameworks */ = {isa = PBXBuildFile; productRef = 76AB89E22A12FB4900529D90 /* ArgumentParser */; }; 76B040A428EFC788002A289B /* Helper+JWTDecode.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76B040A328EFC788002A289B /* Helper+JWTDecode.swift */; }; 76B040A528EFC788002A289B /* Helper+JWTDecode.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76B040A328EFC788002A289B /* Helper+JWTDecode.swift */; }; 76B882AA29CCFD7A00BB8186 /* TCSKeychain.m in Sources */ = {isa = PBXBuildFile; fileRef = 76B882A829CCFD7900BB8186 /* TCSKeychain.m */; }; 76B882AB29CCFD7A00BB8186 /* TCSKeychain.m in Sources */ = {isa = PBXBuildFile; fileRef = 76B882A829CCFD7900BB8186 /* TCSKeychain.m */; }; 76B882AE29CCFDAE00BB8186 /* NSData+SHA1.m in Sources */ = {isa = PBXBuildFile; fileRef = 76B882AC29CCFDAE00BB8186 /* NSData+SHA1.m */; }; 76B882AF29CCFDAE00BB8186 /* NSData+SHA1.m in Sources */ = {isa = PBXBuildFile; fileRef = 76B882AC29CCFDAE00BB8186 /* NSData+SHA1.m */; }; 76B882B229CCFDBA00BB8186 /* NSData+HexString.m in Sources */ = {isa = PBXBuildFile; fileRef = 76B882B029CCFDBA00BB8186 /* NSData+HexString.m */; }; 76B882B329CCFDBA00BB8186 /* NSData+HexString.m in Sources */ = {isa = PBXBuildFile; fileRef = 76B882B029CCFDBA00BB8186 /* NSData+HexString.m */; }; 76BEF7DD2871F5F00013E2A1 /* TCSReturnWindow.m in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7DB2871F5F00013E2A1 /* TCSReturnWindow.m */; }; 76BEF7E12871F74D0013E2A1 /* ControlsViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7E02871F74D0013E2A1 /* ControlsViewController.swift */; }; 76BEF7E4287202090013E2A1 /* RestartX.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7E2287202080013E2A1 /* RestartX.png */; }; 76BEF7E5287202090013E2A1 /* RestartX@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7E3287202080013E2A1 /* RestartX@2x.png */; }; 76BEF7E8287202AF0013E2A1 /* ShutdownX.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7E6287202AF0013E2A1 /* ShutdownX.png */; }; 76BEF7E9287202AF0013E2A1 /* ShutdownX@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7E7287202AF0013E2A1 /* ShutdownX@2x.png */; }; 76BEF7EC28724A0B0013E2A1 /* XCredsLoginMechanism.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7EA28724A0B0013E2A1 /* XCredsLoginMechanism.swift */; }; 76BEF7ED28724A0C0013E2A1 /* XCredsBaseMechanism.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7EB28724A0B0013E2A1 /* XCredsBaseMechanism.swift */; }; 76BEF7F328724F120013E2A1 /* XCredsPowerControlMechanism.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F228724F120013E2A1 /* XCredsPowerControlMechanism.swift */; }; 76BEF7F628724FA80013E2A1 /* NSTaskWrapper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F528724FA80013E2A1 /* NSTaskWrapper.swift */; }; 76BEF7F82872504C0013E2A1 /* ContextAndHintHandling.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F72872504C0013E2A1 /* ContextAndHintHandling.swift */; }; 76BEF7FA28726C700013E2A1 /* AuthorizationDBManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */; }; 76BEF8002872A3030013E2A1 /* loginwindow@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7FE2872A3030013E2A1 /* loginwindow@2x.png */; }; 76BEF8012872A3030013E2A1 /* loginwindow.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7FF2872A3030013E2A1 /* loginwindow.png */; }; 76C0840B2A9A311E008039FA /* ControlsViewController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76C084092A9A2635008039FA /* ControlsViewController.xib */; }; 76C4BAB02B353A30007B2C57 /* KlistUtil.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEC82B350606003A23DB /* KlistUtil.swift */; }; 76C4BAB12B353A3A007B2C57 /* DNSResolver.m in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEBE2B3505A3003A23DB /* DNSResolver.m */; }; 76C4BAB32B353AD7007B2C57 /* libresolv.tbd in Frameworks */ = {isa = PBXBuildFile; fileRef = 76C4BAB22B353AD7007B2C57 /* libresolv.tbd */; }; 76C4BAB42B353ADD007B2C57 /* libresolv.tbd in Frameworks */ = {isa = PBXBuildFile; fileRef = 76C4BAB22B353AD7007B2C57 /* libresolv.tbd */; }; 76C4BAB62B353AF7007B2C57 /* Kerberos.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 76C4BAB52B353AF7007B2C57 /* Kerberos.framework */; }; 76C4BAB72B353AFD007B2C57 /* Kerberos.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 76C4BAB52B353AF7007B2C57 /* Kerberos.framework */; }; 76C4BABC2B3544C6007B2C57 /* UNIXUtilities.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DED82B351B5B003A23DB /* UNIXUtilities.swift */; }; 76C63A322A22872700810C53 /* History.md in Resources */ = {isa = PBXBuildFile; fileRef = 76C63A312A22872700810C53 /* History.md */; }; 76CB9077287FBEEA00C70D0C /* Helper+URLDecode.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76CB9076287FBEEA00C70D0C /* Helper+URLDecode.swift */; }; 76CB9078287FBEEA00C70D0C /* Helper+URLDecode.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76CB9076287FBEEA00C70D0C /* Helper+URLDecode.swift */; }; 76CB907B2880E41E00C70D0C /* LogShim.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632E3A02873497C00E37923 /* LogShim.swift */; }; 76CB907E288112C200C70D0C /* xcreds_login.sh in Resources */ = {isa = PBXBuildFile; fileRef = 76CB907C288112AF00C70D0C /* xcreds_login.sh */; }; 76CCF5442B12E478003F85E9 /* SelectLocalAccountWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76CCF5422B12E478003F85E9 /* SelectLocalAccountWindowController.swift */; }; 76CCF5452B12E478003F85E9 /* SelectLocalAccountWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76CCF5432B12E478003F85E9 /* SelectLocalAccountWindowController.xib */; }; 76D1756A2B23C28700E64A62 /* MainLoginWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76FDC5D52B22D47A0035D61E /* MainLoginWindowController.xib */; }; 76D175712B23C2DB00E64A62 /* AuthorizationDBManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */; }; 76D175742B23C57500E64A62 /* LocalUsersViewController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 7651EDEC2A1451590075980B /* LocalUsersViewController.xib */; }; 76D175772B23C62A00E64A62 /* UpdatePasswordWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76E466642B1A4C16006529B6 /* UpdatePasswordWindowController.swift */; }; 76D1757E2B24096C00E64A62 /* MainLoginWindow.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76D1757D2B24096C00E64A62 /* MainLoginWindow.swift */; }; 76D4726D2B43B8FB0064380C /* TCTaskWrapperWithBlocks.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D4726C2B43B8FB0064380C /* TCTaskWrapperWithBlocks.m */; }; 76D4726E2B43B8FB0064380C /* TCTaskWrapperWithBlocks.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D4726C2B43B8FB0064380C /* TCTaskWrapperWithBlocks.m */; }; 76D7ADFB284EB15100332EBC /* TCSUnifiedLogger.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADF9284EB15000332EBC /* TCSUnifiedLogger.m */; }; 76D7ADFE284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADFC284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m */; }; 76D925D32894ADB4005C3245 /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 76EE069F27FD1D01009E0F3A /* Assets.xcassets */; }; 76DB5CF42A09AE9A0014F8E1 /* get_pw.js in Resources */ = {isa = PBXBuildFile; fileRef = 76DB5CF32A09AE9A0014F8E1 /* get_pw.js */; }; 76DB5CF52A09AE9A0014F8E1 /* get_pw.js in Resources */ = {isa = PBXBuildFile; fileRef = 76DB5CF32A09AE9A0014F8E1 /* get_pw.js */; }; 76DC0A6828836EB1007C42B2 /* AppDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76DC0A6728836EB1007C42B2 /* AppDelegate.swift */; }; 76DC0A6A28836EB2007C42B2 /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 76DC0A6928836EB2007C42B2 /* Assets.xcassets */; }; 76DC0A6D28836EB2007C42B2 /* MainMenu.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76DC0A6B28836EB2007C42B2 /* MainMenu.xib */; }; 76DC0A7328836EFE007C42B2 /* TCSReturnWindow.m in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7DB2871F5F00013E2A1 /* TCSReturnWindow.m */; }; 76DC0A7428836F45007C42B2 /* RestartX@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7E3287202080013E2A1 /* RestartX@2x.png */; }; 76DC0A79288370BA007C42B2 /* com.twocanoes.xcreds-overlay.plist in Resources */ = {isa = PBXBuildFile; fileRef = 76DC0A78288370BA007C42B2 /* com.twocanoes.xcreds-overlay.plist */; }; 76DC0A7C28837158007C42B2 /* XCreds Login Overlay.app in Resources */ = {isa = PBXBuildFile; fileRef = 76DC0A6528836EB1007C42B2 /* XCreds Login Overlay.app */; }; 76DC0A7E288376BC007C42B2 /* TCSXCredsLoginOverlayWindow.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76DC0A7D288376BC007C42B2 /* TCSXCredsLoginOverlayWindow.swift */; }; 76DC0A83288382D2007C42B2 /* returnArrow.png in Resources */ = {isa = PBXBuildFile; fileRef = 76DC0A7628837028007C42B2 /* returnArrow.png */; }; 76DC0A8428838375007C42B2 /* AuthorizationDBManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */; }; 76DC0A8528838467007C42B2 /* LoggerHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EECCFF2875135900483C66 /* LoggerHelper.swift */; }; 76DC0A8628838656007C42B2 /* TCSUnifiedLogger.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADF9284EB15000332EBC /* TCSUnifiedLogger.m */; }; 76DC0A87288386FA007C42B2 /* NSTaskWrapper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F528724FA80013E2A1 /* NSTaskWrapper.swift */; }; 76DC0A88288387D8007C42B2 /* NSFileManager+TCSRealHomeFolder.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADFC284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m */; }; 76DD6D17285997F300A700ED /* OIDCLite in Frameworks */ = {isa = PBXBuildFile; productRef = 76DD6D16285997F300A700ED /* OIDCLite */; }; 76DF1D5B2A2AD42C00770690 /* LocalCheckAndMigrate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418DA2A13328C0051411B /* LocalCheckAndMigrate.swift */; }; 76DF50B62A1C5EFF007BC708 /* DefaultsOverride.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766FD60C2A1B06AC00C8F244 /* DefaultsOverride.swift */; }; 76DF7FD52B50FA9A00B3B543 /* UpdatePasswordWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76E466652B1A4C16006529B6 /* UpdatePasswordWindowController.xib */; }; 76E466662B1A4C16006529B6 /* UpdatePasswordWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76E466642B1A4C16006529B6 /* UpdatePasswordWindowController.swift */; }; 76E466672B1A4C16006529B6 /* UpdatePasswordWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76E466652B1A4C16006529B6 /* UpdatePasswordWindowController.xib */; }; 76E74DCF2B3902F0004C6429 /* XCredsMechanismProtocol.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76E74DCE2B3902F0004C6429 /* XCredsMechanismProtocol.swift */; }; 76E74DD02B3902F0004C6429 /* XCredsMechanismProtocol.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76E74DCE2B3902F0004C6429 /* XCredsMechanismProtocol.swift */; }; 76E74DD12B390327004C6429 /* ContextAndHintHandling.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F72872504C0013E2A1 /* ContextAndHintHandling.swift */; }; 76E74DD22B39034B004C6429 /* SelectLocalAccountWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76CCF5422B12E478003F85E9 /* SelectLocalAccountWindowController.swift */; }; 76E74DD32B390358004C6429 /* LoginWebViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766355DA287132E9002E3867 /* LoginWebViewController.swift */; }; 76E74DD42B39037A004C6429 /* LoginProgressWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 761B486828A34CC900C6A02B /* LoginProgressWindowController.swift */; }; 76E9CE702A0DC6E30060220C /* TCSLoginWindowUtilities.m in Sources */ = {isa = PBXBuildFile; fileRef = 76E9CE6F2A0DC6E30060220C /* TCSLoginWindowUtilities.m */; }; 76EE069E27FD1D00009E0F3A /* AppDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE069D27FD1D00009E0F3A /* AppDelegate.swift */; }; 76EE06A027FD1D01009E0F3A /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 76EE069F27FD1D01009E0F3A /* Assets.xcassets */; }; 76EE06A327FD1D01009E0F3A /* MainMenu.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76EE06A127FD1D01009E0F3A /* MainMenu.xib */; }; 76EE06AC27FD1D92009E0F3A /* TokenManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AB27FD1D92009E0F3A /* TokenManager.swift */; }; 76EE06AE27FD1DC3009E0F3A /* PrefKeys.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AD27FD1DC3009E0F3A /* PrefKeys.swift */; }; 76EE06B027FD1DD8009E0F3A /* Window+ForceToFront.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AF27FD1DD8009E0F3A /* Window+ForceToFront.swift */; }; 76EE06B227FD1E24009E0F3A /* DesktopLoginWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76EE06B127FD1E24009E0F3A /* DesktopLoginWindowController.xib */; }; 76EE06B627FD1E79009E0F3A /* PreferencesWindow.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76EE06B527FD1E79009E0F3A /* PreferencesWindow.xib */; }; 76EE06B827FD1EB7009E0F3A /* PreferencesWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06B727FD1EB7009E0F3A /* PreferencesWindowController.swift */; }; 76EE06C227FD1F50009E0F3A /* StatusMenuController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06C127FD1F50009E0F3A /* StatusMenuController.swift */; }; 76EECCFB2873DFFB00483C66 /* PasswordUtils.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116AB284AB4C000CCD6FF /* PasswordUtils.swift */; }; 76EECCFC2873E6E200483C66 /* VerifyLocalPasswordWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 764D8125284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.xib */; }; 76EECCFD2873E9ED00483C66 /* VerifyLocalPasswordWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 764D8124284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.swift */; }; 76EECCFE2873EA6500483C66 /* Window+Shake.swift in Sources */ = {isa = PBXBuildFile; fileRef = 764D8128284BCAB100B3EE54 /* Window+Shake.swift */; }; 76EECD002875135900483C66 /* LoggerHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EECCFF2875135900483C66 /* LoggerHelper.swift */; }; 76EECD012875135900483C66 /* LoggerHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EECCFF2875135900483C66 /* LoggerHelper.swift */; }; 76EECD0228752C1F00483C66 /* LoginWindow.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766355E128713C47002E3867 /* LoginWindow.swift */; }; 76EECD0428753C7F00483C66 /* String+Base64URLEncoded.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EECD0328753C7F00483C66 /* String+Base64URLEncoded.swift */; }; 76EECD0528753C7F00483C66 /* String+Base64URLEncoded.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EECD0328753C7F00483C66 /* String+Base64URLEncoded.swift */; }; 76F0B6E02B421FC8008F7D71 /* loadpage.html in Resources */ = {isa = PBXBuildFile; fileRef = 7613FDF6289E114F00340CCD /* loadpage.html */; }; 76FDC5D62B22D47A0035D61E /* MainLoginWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76FDC5D42B22D47A0035D61E /* MainLoginWindowController.swift */; }; 76FDC5D72B22D47A0035D61E /* MainLoginWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76FDC5D52B22D47A0035D61E /* MainLoginWindowController.xib */; }; 76FDC5DA2B235A4F0035D61E /* StatusMenuWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76FDC5D82B235A4F0035D61E /* StatusMenuWindowController.swift */; }; 76FDC5DB2B235A4F0035D61E /* StatusMenuWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76FDC5D92B235A4F0035D61E /* StatusMenuWindowController.xib */; }; /* End PBXBuildFile section */ /* Begin PBXContainerItemProxy section */ 76319375287E19A500D36BF7 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 76EE069227FD1D00009E0F3A /* Project object */; proxyType = 1; remoteGlobalIDString = 766355BC2870CA6A002E3867; remoteInfo = XCredsLoginPlugin; }; 76319378287E204500D36BF7 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 76EE069227FD1D00009E0F3A /* Project object */; proxyType = 1; remoteGlobalIDString = 7631935C287D22C700D36BF7; remoteInfo = authrights; }; 76DC0A7A28837152007C42B2 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 76EE069227FD1D00009E0F3A /* Project object */; proxyType = 1; remoteGlobalIDString = 76DC0A6428836EB1007C42B2; remoteInfo = "XCreds Login Overlay"; }; /* End PBXContainerItemProxy section */ /* Begin PBXCopyFilesBuildPhase section */ 7631935B287D22C700D36BF7 /* CopyFiles */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; dstPath = /usr/share/man/man1/; dstSubfolderSpec = 0; files = ( ); runOnlyForDeploymentPostprocessing = 1; }; 766CC42C29D3A3DC009BC526 /* Embed Frameworks */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; dstPath = ""; dstSubfolderSpec = 10; files = ( 766CC42B29D3A3DC009BC526 /* Paddle.framework in Embed Frameworks */, 766CC42929D3A3DC009BC526 /* ProductLicense.framework in Embed Frameworks */, ); name = "Embed Frameworks"; runOnlyForDeploymentPostprocessing = 0; }; 766CC43129D3A3EC009BC526 /* Embed Frameworks */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; dstPath = ""; dstSubfolderSpec = 10; files = ( 766CC43029D3A3EC009BC526 /* Paddle.framework in Embed Frameworks */, 766CC42E29D3A3EC009BC526 /* ProductLicense.framework in Embed Frameworks */, ); name = "Embed Frameworks"; runOnlyForDeploymentPostprocessing = 0; }; 766CC43629D3A3F8009BC526 /* Embed Frameworks */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; dstPath = ""; dstSubfolderSpec = 10; files = ( 766CC43529D3A3F8009BC526 /* Paddle.framework in Embed Frameworks */, 766CC43329D3A3F8009BC526 /* ProductLicense.framework in Embed Frameworks */, ); name = "Embed Frameworks"; runOnlyForDeploymentPostprocessing = 0; }; 76786F512A27C36A00AA8DB9 /* CopyFiles */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; dstPath = /usr/share/man/man1/; dstSubfolderSpec = 0; files = ( ); runOnlyForDeploymentPostprocessing = 1; }; 76786F612A27C62D00AA8DB9 /* CopyFiles */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; dstPath = /usr/share/man/man1/; dstSubfolderSpec = 0; files = ( ); runOnlyForDeploymentPostprocessing = 1; }; /* End PBXCopyFilesBuildPhase section */ /* Begin PBXFileReference section */ 089B22F02AFAED280006B6BC /* NetworkMonitor.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; name = NetworkMonitor.swift; path = XCredsLoginPlugIn/LoginWindow/NetworkMonitor.swift; sourceTree = SOURCE_ROOT; }; 760148A82B23639D00E119A2 /* NSBundle+FindBundlePath.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "NSBundle+FindBundlePath.swift"; sourceTree = ""; }; 760418CE2A1332210051411B /* SignIn.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; path = SignIn.xib; sourceTree = ""; }; 760418CF2A1332210051411B /* SignInWindowController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = SignInWindowController.swift; sourceTree = ""; }; 760418D42A1332520051411B /* DS+AD.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "DS+AD.swift"; sourceTree = ""; }; 760418D62A1332660051411B /* DSQueryable.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = DSQueryable.swift; sourceTree = ""; }; 760418D82A1332770051411B /* SystemInfoHelper.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = SystemInfoHelper.swift; sourceTree = ""; }; 760418DA2A13328C0051411B /* LocalCheckAndMigrate.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = LocalCheckAndMigrate.swift; sourceTree = ""; }; 760418DC2A1334210051411B /* NoLoMechanism.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = NoLoMechanism.swift; sourceTree = ""; }; 760418DE2A1334D00051411B /* CheckAD.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = CheckAD.swift; sourceTree = ""; }; 7611CEBF288B75140063A644 /* XCredsCreateUser.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = XCredsCreateUser.swift; sourceTree = ""; }; 7611CEC1288B96760063A644 /* XCredsEnableFDE.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = XCredsEnableFDE.swift; sourceTree = ""; }; 7613FDF6289E114F00340CCD /* loadpage.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = loadpage.html; sourceTree = ""; }; 7614D03B2B181A5D006EAF36 /* icon_128x128.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; name = icon_128x128.png; path = XCreds/Assets.xcassets/AppIcon.appiconset/icon_128x128.png; sourceTree = ""; }; 761B486728A34CC900C6A02B /* LoginProgressWindowController.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; name = LoginProgressWindowController.xib; path = XCredsLoginPlugIn/LoginProgressWindowController.xib; sourceTree = SOURCE_ROOT; }; 761B486828A34CC900C6A02B /* LoginProgressWindowController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; name = LoginProgressWindowController.swift; path = XCredsLoginPlugIn/LoginProgressWindowController.swift; sourceTree = SOURCE_ROOT; }; 761B486B28A3575000C6A02B /* XCredsLoginDone.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = XCredsLoginDone.swift; sourceTree = ""; }; 7631935D287D22C700D36BF7 /* authrights */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = authrights; sourceTree = BUILT_PRODUCTS_DIR; }; 7631935F287D22C700D36BF7 /* authrights.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = authrights.swift; sourceTree = ""; }; 7632909B2876673500CF8857 /* DataExtension.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = DataExtension.swift; sourceTree = ""; }; 7632E39E287347C100E37923 /* XCredsKeychainAdd.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = XCredsKeychainAdd.swift; sourceTree = ""; }; 7632E3A02873497C00E37923 /* LogShim.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = LogShim.swift; path = Mechanisms/LogShim.swift; sourceTree = ""; }; 76342E592B282653007D4F29 /* DesktopLoginWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = DesktopLoginWindowController.swift; sourceTree = ""; }; 763AEFDE2C156E1E0059A83D /* WhitePopoverBackgroundView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = WhitePopoverBackgroundView.swift; sourceTree = ""; }; 763DDF152B4F100D000D48CC /* ShareMounterMenu.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ShareMounterMenu.swift; sourceTree = ""; }; 763DDF192B4F1DD4000D48CC /* GSS.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = GSS.framework; path = System/Library/Frameworks/GSS.framework; sourceTree = SDKROOT; }; 7649056E2B6CADA9008B552F /* xcredsmenuItemWindowBackgroundImage.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = xcredsmenuItemWindowBackgroundImage.png; sourceTree = ""; }; 764D8124284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = VerifyLocalPasswordWindowController.swift; sourceTree = ""; }; 764D8125284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = VerifyLocalPasswordWindowController.xib; sourceTree = ""; }; 764D8128284BCAB100B3EE54 /* Window+Shake.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "Window+Shake.swift"; sourceTree = ""; }; 764D812A284BCC7400B3EE54 /* VerifyOIDCPasswordWindowController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = VerifyOIDCPasswordWindowController.swift; sourceTree = ""; }; 764D812B284BCC7400B3EE54 /* VerifyOIDCPassword.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; path = VerifyOIDCPassword.xib; sourceTree = ""; }; 764D812E284C06AB00B3EE54 /* defaults.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = defaults.plist; sourceTree = ""; }; 764D8132284D14A500B3EE54 /* Credits.txt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = Credits.txt; sourceTree = ""; }; 7651EDEC2A1451590075980B /* LocalUsersViewController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = LocalUsersViewController.xib; sourceTree = ""; }; 7651EDF62A1474330075980B /* LoginWebViewController.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; path = LoginWebViewController.xib; sourceTree = ""; }; 7657DEAE2B3503BF003A23DB /* SessionManager.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = SessionManager.swift; sourceTree = ""; }; 7657DEB22B350476003A23DB /* NoMADSession.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = NoMADSession.swift; sourceTree = ""; }; 7657DEB52B3504A6003A23DB /* UserRecord.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = UserRecord.swift; sourceTree = ""; }; 7657DEBB2B35055F003A23DB /* Logger.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = Logger.swift; sourceTree = ""; }; 7657DEBE2B3505A3003A23DB /* DNSResolver.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = DNSResolver.m; sourceTree = ""; }; 7657DEBF2B3505A3003A23DB /* DNSResolver.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DNSResolver.h; sourceTree = ""; }; 7657DEC22B3505CB003A23DB /* ADLDAPPing.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ADLDAPPing.swift; sourceTree = ""; }; 7657DEC52B3505EB003A23DB /* Extensions.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = Extensions.swift; sourceTree = ""; }; 7657DEC82B350606003A23DB /* KlistUtil.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = KlistUtil.swift; sourceTree = ""; }; 7657DECB2B35061E003A23DB /* SiteManager.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = SiteManager.swift; sourceTree = ""; }; 7657DED22B350644003A23DB /* GSSItem.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = GSSItem.h; sourceTree = ""; }; 7657DED32B35064E003A23DB /* krb5.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = krb5.h; sourceTree = ""; }; 7657DED52B351A67003A23DB /* KerbUtil.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = KerbUtil.h; sourceTree = ""; }; 7657DED82B351B5B003A23DB /* UNIXUtilities.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = UNIXUtilities.swift; sourceTree = ""; }; 7659CA06298E1BB6005D1AA3 /* DefaultBackground.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = DefaultBackground.png; sourceTree = ""; }; 766355BD2870CA6A002E3867 /* XCredsLoginPlugin.bundle */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = XCredsLoginPlugin.bundle; sourceTree = BUILT_PRODUCTS_DIR; }; 766355C12870CB6F002E3867 /* XCredsLoginPlugin.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = XCredsLoginPlugin.h; path = XCredsLoginPlugIn/XCredsLoginPlugin.h; sourceTree = SOURCE_ROOT; }; 766355C22870CB6F002E3867 /* XCredsLoginPlugin.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; name = XCredsLoginPlugin.m; path = XCredsLoginPlugIn/XCredsLoginPlugin.m; sourceTree = SOURCE_ROOT; }; 766355C42870CCC3002E3867 /* XCredsLoginPlugin-Bridging-Header.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "XCredsLoginPlugin-Bridging-Header.h"; sourceTree = ""; }; 766355D22870F29A002E3867 /* TestWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = TestWindowController.swift; path = XCredsLoginPlugIn/TestWindowController.swift; sourceTree = ""; }; 766355D32870F29A002E3867 /* TestWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = TestWindowController.xib; path = XCredsLoginPlugIn/TestWindowController.xib; sourceTree = ""; }; 766355DA287132E9002E3867 /* LoginWebViewController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; name = LoginWebViewController.swift; path = XCredsLoginPlugIn/LoginWindow/LoginWebViewController.swift; sourceTree = SOURCE_ROOT; }; 766355E128713C47002E3867 /* LoginWindow.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = LoginWindow.swift; sourceTree = ""; }; 766355E4287148C1002E3867 /* Tokens.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = Tokens.swift; path = Shared/Tokens.swift; sourceTree = SOURCE_ROOT; }; 76673CD429D3D5F500452848 /* LicenseChecker.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = LicenseChecker.swift; sourceTree = ""; }; 766CC42129D3A320009BC526 /* Paddle.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Paddle.framework; path = Carthage/Build/Mac/Paddle.framework; sourceTree = ""; }; 766CC42229D3A321009BC526 /* ProductLicense.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = ProductLicense.framework; path = Carthage/Build/Mac/ProductLicense.framework; sourceTree = ""; }; 766CC43729D3AED2009BC526 /* errorpage.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = errorpage.html; sourceTree = ""; }; 766F4C4A2883AFD90021F548 /* pleaseWaitGraphic.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = pleaseWaitGraphic.png; sourceTree = ""; }; 766FD60C2A1B06AC00C8F244 /* DefaultsOverride.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = DefaultsOverride.swift; sourceTree = ""; }; 767116A6284AABC500CCD6FF /* NotifyManager.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = NotifyManager.swift; sourceTree = ""; }; 767116A8284AAE2B00CCD6FF /* ScheduleManager.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ScheduleManager.swift; sourceTree = ""; }; 767116AB284AB4C000CCD6FF /* PasswordUtils.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = PasswordUtils.swift; sourceTree = ""; }; 767116AD284AB59400CCD6FF /* SecurityPrivateAPI.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecurityPrivateAPI.h; sourceTree = ""; }; 767116AE284AB5D900CCD6FF /* XCreds-Bridging-Header.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "XCreds-Bridging-Header.h"; sourceTree = ""; }; 767116B0284B021500CCD6FF /* MainController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MainController.swift; sourceTree = ""; }; 767116B2284B045800CCD6FF /* KeychainUtil.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = KeychainUtil.swift; sourceTree = ""; }; 7675444428918CD100613840 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist; name = Info.plist; path = XCredsLoginPlugin/Info.plist; sourceTree = ""; }; 7677908328908E40004E7085 /* WifiWindowController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = WifiWindowController.swift; sourceTree = ""; }; 7677908428908E40004E7085 /* WifiManager.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = WifiManager.swift; sourceTree = ""; }; 7677908528908E40004E7085 /* WifiWindowController.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; path = WifiWindowController.xib; sourceTree = ""; }; 76786F4E2A27C31400AA8DB9 /* AuthRightsHelper.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = AuthRightsHelper.swift; path = Shared/AuthRightsHelper.swift; sourceTree = SOURCE_ROOT; }; 76786F532A27C36A00AA8DB9 /* auth_mech_fixup */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = auth_mech_fixup; sourceTree = BUILT_PRODUCTS_DIR; }; 76786F552A27C36A00AA8DB9 /* main.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = main.swift; sourceTree = ""; }; 76786F632A27C62D00AA8DB9 /* test */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = test; sourceTree = BUILT_PRODUCTS_DIR; }; 76786F652A27C62D00AA8DB9 /* main.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = main.swift; sourceTree = ""; }; 76786F6A2A27C72900AA8DB9 /* auth_mech_fixup-Bridging-Header.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = "auth_mech_fixup-Bridging-Header.h"; path = "auth_mech_fixup/auth_mech_fixup-Bridging-Header.h"; sourceTree = SOURCE_ROOT; }; 767B939B2A28279E0038935E /* View+Shake.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "View+Shake.swift"; sourceTree = ""; }; 767CB2CC2B13B8EB006CA2AC /* libinfo.tbd */ = {isa = PBXFileReference; lastKnownFileType = "sourcecode.text-based-dylib-definition"; name = libinfo.tbd; path = usr/lib/libinfo.tbd; sourceTree = SDKROOT; }; 767CB2CE2B13B913006CA2AC /* libsystem_info.tbd */ = {isa = PBXFileReference; lastKnownFileType = "sourcecode.text-based-dylib-definition"; name = libsystem_info.tbd; path = usr/lib/system/libsystem_info.tbd; sourceTree = SDKROOT; }; 767CB2CF2B13B92B006CA2AC /* OpenDirectory.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = OpenDirectory.framework; path = System/Library/Frameworks/OpenDirectory.framework; sourceTree = SDKROOT; }; 7681FEC42A4C8B9000F91CD1 /* AboutWindowController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = AboutWindowController.swift; sourceTree = ""; }; 7681FEC62A4C8BC800F91CD1 /* AboutWindow.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; path = AboutWindow.xib; sourceTree = ""; }; 7681FEC82A4CFEA200F91CD1 /* com.twocanoes.xcreds.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; name = com.twocanoes.xcreds.plist; path = "Profile Manifest/com.twocanoes.xcreds.plist"; sourceTree = ""; }; 7683973029A854EC003D9B9F /* NSImage+String.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "NSImage+String.swift"; sourceTree = ""; }; 76873E2E2A107736001418A9 /* DefaultsHelper.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = DefaultsHelper.swift; path = XCreds/DefaultsHelper.swift; sourceTree = ""; }; 76B040A328EFC788002A289B /* Helper+JWTDecode.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = "Helper+JWTDecode.swift"; path = "XCreds/Helper+JWTDecode.swift"; sourceTree = ""; }; 76B882A829CCFD7900BB8186 /* TCSKeychain.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = TCSKeychain.m; sourceTree = ""; }; 76B882A929CCFD7A00BB8186 /* TCSKeychain.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TCSKeychain.h; sourceTree = ""; }; 76B882AC29CCFDAE00BB8186 /* NSData+SHA1.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "NSData+SHA1.m"; sourceTree = ""; }; 76B882AD29CCFDAE00BB8186 /* NSData+SHA1.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "NSData+SHA1.h"; sourceTree = ""; }; 76B882B029CCFDBA00BB8186 /* NSData+HexString.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "NSData+HexString.m"; sourceTree = ""; }; 76B882B129CCFDBA00BB8186 /* NSData+HexString.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "NSData+HexString.h"; sourceTree = ""; }; 76BEF7D42871F36C0013E2A1 /* main.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = main.swift; sourceTree = ""; }; 76BEF7DB2871F5F00013E2A1 /* TCSReturnWindow.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = TCSReturnWindow.m; sourceTree = ""; }; 76BEF7DC2871F5F00013E2A1 /* TCSReturnWindow.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TCSReturnWindow.h; sourceTree = ""; }; 76BEF7E02871F74D0013E2A1 /* ControlsViewController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ControlsViewController.swift; sourceTree = ""; }; 76BEF7E2287202080013E2A1 /* RestartX.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = RestartX.png; sourceTree = ""; }; 76BEF7E3287202080013E2A1 /* RestartX@2x.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = "RestartX@2x.png"; sourceTree = ""; }; 76BEF7E6287202AF0013E2A1 /* ShutdownX.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = ShutdownX.png; sourceTree = ""; }; 76BEF7E7287202AF0013E2A1 /* ShutdownX@2x.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = "ShutdownX@2x.png"; sourceTree = ""; }; 76BEF7EA28724A0B0013E2A1 /* XCredsLoginMechanism.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = XCredsLoginMechanism.swift; sourceTree = ""; }; 76BEF7EB28724A0B0013E2A1 /* XCredsBaseMechanism.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = XCredsBaseMechanism.swift; sourceTree = ""; }; 76BEF7F228724F120013E2A1 /* XCredsPowerControlMechanism.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = XCredsPowerControlMechanism.swift; sourceTree = ""; }; 76BEF7F528724FA80013E2A1 /* NSTaskWrapper.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = NSTaskWrapper.swift; sourceTree = ""; }; 76BEF7F72872504C0013E2A1 /* ContextAndHintHandling.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ContextAndHintHandling.swift; sourceTree = ""; }; 76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = AuthorizationDBManager.swift; path = XCredsLoginPlugIn/LoginWindow/AuthorizationDBManager.swift; sourceTree = SOURCE_ROOT; }; 76BEF7FE2872A3030013E2A1 /* loginwindow@2x.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = "loginwindow@2x.png"; sourceTree = ""; }; 76BEF7FF2872A3030013E2A1 /* loginwindow.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = loginwindow.png; sourceTree = ""; }; 76C084092A9A2635008039FA /* ControlsViewController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = ControlsViewController.xib; sourceTree = ""; }; 76C4ACBE2B3D0F8D003B3605 /* ShareMounter.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ShareMounter.swift; sourceTree = ""; }; 76C4BAB22B353AD7007B2C57 /* libresolv.tbd */ = {isa = PBXFileReference; lastKnownFileType = "sourcecode.text-based-dylib-definition"; name = libresolv.tbd; path = usr/lib/libresolv.tbd; sourceTree = SDKROOT; }; 76C4BAB52B353AF7007B2C57 /* Kerberos.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Kerberos.framework; path = System/Library/Frameworks/Kerberos.framework; sourceTree = SDKROOT; }; 76C4BABA2B353B4B007B2C57 /* KerbUtil.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = KerbUtil.m; sourceTree = ""; }; 76C63A312A22872700810C53 /* History.md */ = {isa = PBXFileReference; lastKnownFileType = net.daringfireball.markdown; path = History.md; sourceTree = ""; }; 76CB9076287FBEEA00C70D0C /* Helper+URLDecode.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "Helper+URLDecode.swift"; sourceTree = ""; }; 76CB907C288112AF00C70D0C /* xcreds_login.sh */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; path = xcreds_login.sh; sourceTree = ""; }; 76CCF5422B12E478003F85E9 /* SelectLocalAccountWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SelectLocalAccountWindowController.swift; sourceTree = ""; }; 76CCF5432B12E478003F85E9 /* SelectLocalAccountWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = SelectLocalAccountWindowController.xib; sourceTree = ""; }; 76D1757D2B24096C00E64A62 /* MainLoginWindow.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MainLoginWindow.swift; sourceTree = ""; }; 76D4726B2B43B8FA0064380C /* TCTaskWrapperWithBlocks.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TCTaskWrapperWithBlocks.h; sourceTree = ""; }; 76D4726C2B43B8FB0064380C /* TCTaskWrapperWithBlocks.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = TCTaskWrapperWithBlocks.m; sourceTree = ""; }; 76D7ADF9284EB15000332EBC /* TCSUnifiedLogger.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = TCSUnifiedLogger.m; sourceTree = ""; }; 76D7ADFA284EB15100332EBC /* TCSUnifiedLogger.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TCSUnifiedLogger.h; sourceTree = ""; }; 76D7ADFC284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "NSFileManager+TCSRealHomeFolder.m"; sourceTree = ""; }; 76D7ADFD284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "NSFileManager+TCSRealHomeFolder.h"; sourceTree = ""; }; 76DB5CF32A09AE9A0014F8E1 /* get_pw.js */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.javascript; name = get_pw.js; path = Javascript/get_pw/get_pw.js; sourceTree = ""; }; 76DC0A6528836EB1007C42B2 /* XCreds Login Overlay.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = "XCreds Login Overlay.app"; sourceTree = BUILT_PRODUCTS_DIR; }; 76DC0A6728836EB1007C42B2 /* AppDelegate.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppDelegate.swift; sourceTree = ""; }; 76DC0A6928836EB2007C42B2 /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Assets.xcassets; sourceTree = ""; }; 76DC0A6C28836EB2007C42B2 /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = Base; path = Base.lproj/MainMenu.xib; sourceTree = ""; }; 76DC0A6E28836EB2007C42B2 /* XCreds_Login_Overlay.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = XCreds_Login_Overlay.entitlements; sourceTree = ""; }; 76DC0A7628837028007C42B2 /* returnArrow.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = returnArrow.png; sourceTree = ""; }; 76DC0A78288370BA007C42B2 /* com.twocanoes.xcreds-overlay.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = "com.twocanoes.xcreds-overlay.plist"; sourceTree = ""; }; 76DC0A7D288376BC007C42B2 /* TCSXCredsLoginOverlayWindow.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = TCSXCredsLoginOverlayWindow.swift; sourceTree = ""; }; 76DC0A7F2883785A007C42B2 /* XCreds-Login-Overlay-Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist; path = "XCreds-Login-Overlay-Info.plist"; sourceTree = SOURCE_ROOT; }; 76DD6D122859978F00A700ED /* OIDCLite */ = {isa = PBXFileReference; lastKnownFileType = wrapper; name = OIDCLite; path = ../OIDCLite; sourceTree = ""; }; 76E466642B1A4C16006529B6 /* UpdatePasswordWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = UpdatePasswordWindowController.swift; sourceTree = ""; }; 76E466652B1A4C16006529B6 /* UpdatePasswordWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = UpdatePasswordWindowController.xib; sourceTree = ""; }; 76E74DCE2B3902F0004C6429 /* XCredsMechanismProtocol.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = XCredsMechanismProtocol.swift; sourceTree = ""; }; 76E9CE6E2A0DC6E30060220C /* TCSLoginWindowUtilities.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = TCSLoginWindowUtilities.h; path = XCreds/TCSLoginWindowUtilities.h; sourceTree = ""; }; 76E9CE6F2A0DC6E30060220C /* TCSLoginWindowUtilities.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; name = TCSLoginWindowUtilities.m; path = XCreds/TCSLoginWindowUtilities.m; sourceTree = ""; }; 76EE069A27FD1D00009E0F3A /* XCreds.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = XCreds.app; sourceTree = BUILT_PRODUCTS_DIR; }; 76EE069D27FD1D00009E0F3A /* AppDelegate.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppDelegate.swift; sourceTree = ""; }; 76EE069F27FD1D01009E0F3A /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Assets.xcassets; sourceTree = ""; }; 76EE06A227FD1D01009E0F3A /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = Base; path = Base.lproj/MainMenu.xib; sourceTree = ""; }; 76EE06A427FD1D01009E0F3A /* xCreds.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = xCreds.entitlements; sourceTree = ""; }; 76EE06AA27FD1D66009E0F3A /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist; path = Info.plist; sourceTree = ""; }; 76EE06AB27FD1D92009E0F3A /* TokenManager.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = TokenManager.swift; sourceTree = ""; }; 76EE06AD27FD1DC3009E0F3A /* PrefKeys.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = PrefKeys.swift; sourceTree = ""; }; 76EE06AF27FD1DD8009E0F3A /* Window+ForceToFront.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "Window+ForceToFront.swift"; sourceTree = ""; }; 76EE06B127FD1E24009E0F3A /* DesktopLoginWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = DesktopLoginWindowController.xib; sourceTree = ""; }; 76EE06B327FD1E5F009E0F3A /* WebViewController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = WebViewController.swift; sourceTree = ""; }; 76EE06B527FD1E79009E0F3A /* PreferencesWindow.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = PreferencesWindow.xib; sourceTree = ""; }; 76EE06B727FD1EB7009E0F3A /* PreferencesWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = PreferencesWindowController.swift; sourceTree = ""; }; 76EE06C127FD1F50009E0F3A /* StatusMenuController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = StatusMenuController.swift; sourceTree = ""; }; 76EECCFF2875135900483C66 /* LoggerHelper.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = LoggerHelper.swift; sourceTree = ""; }; 76EECD0328753C7F00483C66 /* String+Base64URLEncoded.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "String+Base64URLEncoded.swift"; sourceTree = ""; }; 76FDC5D42B22D47A0035D61E /* MainLoginWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = MainLoginWindowController.swift; path = XCreds/MainLoginWindowController.swift; sourceTree = SOURCE_ROOT; }; 76FDC5D52B22D47A0035D61E /* MainLoginWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = MainLoginWindowController.xib; path = XCredsLoginPlugIn/LoginWindow/MainLoginWindowController.xib; sourceTree = SOURCE_ROOT; }; 76FDC5D82B235A4F0035D61E /* StatusMenuWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = StatusMenuWindowController.swift; sourceTree = SOURCE_ROOT; }; 76FDC5D92B235A4F0035D61E /* StatusMenuWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = StatusMenuWindowController.xib; sourceTree = SOURCE_ROOT; }; /* End PBXFileReference section */ /* Begin PBXFrameworksBuildPhase section */ 7631935A287D22C700D36BF7 /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( 76AB89E32A12FB4900529D90 /* ArgumentParser in Frameworks */, 76AB89E12A12FAF900529D90 /* OIDCLite in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; }; 766355BA2870CA6A002E3867 /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( 76C4BAB62B353AF7007B2C57 /* Kerberos.framework in Frameworks */, 76C4BAB42B353ADD007B2C57 /* libresolv.tbd in Frameworks */, 766CC42D29D3A3EC009BC526 /* ProductLicense.framework in Frameworks */, 766CC42F29D3A3EC009BC526 /* Paddle.framework in Frameworks */, 766355CE2870E9D3002E3867 /* OIDCLite in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; }; 76786F502A27C36A00AA8DB9 /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( ); runOnlyForDeploymentPostprocessing = 0; }; 76786F602A27C62D00AA8DB9 /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( ); runOnlyForDeploymentPostprocessing = 0; }; 76DC0A6228836EB1007C42B2 /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( 766CC43429D3A3F8009BC526 /* Paddle.framework in Frameworks */, 766CC43229D3A3F8009BC526 /* ProductLicense.framework in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; }; 76EE069727FD1D00009E0F3A /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( 76477E042C626B5D00F01D56 /* OIDCLite in Frameworks */, 76C4BAB72B353AFD007B2C57 /* Kerberos.framework in Frameworks */, 762177E62B7144460051B756 /* OIDCLite in Frameworks */, 76C4BAB32B353AD7007B2C57 /* libresolv.tbd in Frameworks */, 763DDF1A2B4F1DD4000D48CC /* GSS.framework in Frameworks */, 766CC42829D3A3DC009BC526 /* ProductLicense.framework in Frameworks */, 766CC42A29D3A3DC009BC526 /* Paddle.framework in Frameworks */, 767CB2D02B13B92B006CA2AC /* OpenDirectory.framework in Frameworks */, 76319369287D24F600D36BF7 /* ArgumentParser in Frameworks */, 76319366287D24E100D36BF7 /* ArgumentParser in Frameworks */, 76DD6D17285997F300A700ED /* OIDCLite in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; }; /* End PBXFrameworksBuildPhase section */ /* Begin PBXGroup section */ 760418CC2A1331710051411B /* NomadLogin */ = { isa = PBXGroup; children = ( 760418DE2A1334D00051411B /* CheckAD.swift */, 760418DC2A1334210051411B /* NoLoMechanism.swift */, 760418DA2A13328C0051411B /* LocalCheckAndMigrate.swift */, 760418D82A1332770051411B /* SystemInfoHelper.swift */, 760418D62A1332660051411B /* DSQueryable.swift */, 760418D42A1332520051411B /* DS+AD.swift */, 760418CD2A1332210051411B /* UI */, ); path = NomadLogin; sourceTree = ""; }; 760418CD2A1332210051411B /* UI */ = { isa = PBXGroup; children = ( 760418CE2A1332210051411B /* SignIn.xib */, ); path = UI; sourceTree = ""; }; 7631935E287D22C700D36BF7 /* authrights */ = { isa = PBXGroup; children = ( 76786F4E2A27C31400AA8DB9 /* AuthRightsHelper.swift */, 7631935F287D22C700D36BF7 /* authrights.swift */, ); path = authrights; sourceTree = ""; }; 7657DEDC2B351BF9003A23DB /* headers */ = { isa = PBXGroup; children = ( 7657DEBF2B3505A3003A23DB /* DNSResolver.h */, 7657DED32B35064E003A23DB /* krb5.h */, 7657DED22B350644003A23DB /* GSSItem.h */, ); path = headers; sourceTree = ""; }; 766355C72870D1B5002E3867 /* XCredsLogin */ = { isa = PBXGroup; children = ( 76B882B129CCFDBA00BB8186 /* NSData+HexString.h */, 76B882B029CCFDBA00BB8186 /* NSData+HexString.m */, 76B882AD29CCFDAE00BB8186 /* NSData+SHA1.h */, 76B882AC29CCFDAE00BB8186 /* NSData+SHA1.m */, 76B882A929CCFD7A00BB8186 /* TCSKeychain.h */, 76B882A829CCFD7900BB8186 /* TCSKeychain.m */, 7613FDF6289E114F00340CCD /* loadpage.html */, 766CC43729D3AED2009BC526 /* errorpage.html */, 7677908428908E40004E7085 /* WifiManager.swift */, 7677908328908E40004E7085 /* WifiWindowController.swift */, 7677908528908E40004E7085 /* WifiWindowController.xib */, 76EECD0328753C7F00483C66 /* String+Base64URLEncoded.swift */, 7632E3A02873497C00E37923 /* LogShim.swift */, 76BEF7F72872504C0013E2A1 /* ContextAndHintHandling.swift */, 76BEF7F528724FA80013E2A1 /* NSTaskWrapper.swift */, 766355C12870CB6F002E3867 /* XCredsLoginPlugin.h */, 766355C22870CB6F002E3867 /* XCredsLoginPlugin.m */, 76BEF7F028724E520013E2A1 /* LoginWindow */, 76BEF7EF28724E280013E2A1 /* Mechanisms */, ); name = XCredsLogin; path = XCredsLoginPlugIn; sourceTree = ""; }; 76786F542A27C36A00AA8DB9 /* auth_mech_fixup */ = { isa = PBXGroup; children = ( 76786F6A2A27C72900AA8DB9 /* auth_mech_fixup-Bridging-Header.h */, 76786F552A27C36A00AA8DB9 /* main.swift */, ); path = auth_mech_fixup; sourceTree = ""; }; 76786F642A27C62D00AA8DB9 /* test */ = { isa = PBXGroup; children = ( 76786F652A27C62D00AA8DB9 /* main.swift */, ); path = test; sourceTree = ""; }; 76BEF7D32871F36C0013E2A1 /* FakeTrue */ = { isa = PBXGroup; children = ( 76BEF7D42871F36C0013E2A1 /* main.swift */, ); path = FakeTrue; sourceTree = ""; }; 76BEF7EF28724E280013E2A1 /* Mechanisms */ = { isa = PBXGroup; children = ( 761B486B28A3575000C6A02B /* XCredsLoginDone.swift */, 7611CEC1288B96760063A644 /* XCredsEnableFDE.swift */, 7611CEBF288B75140063A644 /* XCredsCreateUser.swift */, 7632E39E287347C100E37923 /* XCredsKeychainAdd.swift */, 76BEF7F228724F120013E2A1 /* XCredsPowerControlMechanism.swift */, 76BEF7EA28724A0B0013E2A1 /* XCredsLoginMechanism.swift */, 76BEF7EB28724A0B0013E2A1 /* XCredsBaseMechanism.swift */, ); path = Mechanisms; sourceTree = ""; }; 76BEF7F028724E520013E2A1 /* LoginWindow */ = { isa = PBXGroup; children = ( 766355DA287132E9002E3867 /* LoginWebViewController.swift */, 760418CF2A1332210051411B /* SignInWindowController.swift */, 761B486828A34CC900C6A02B /* LoginProgressWindowController.swift */, 089B22F02AFAED280006B6BC /* NetworkMonitor.swift */, 761B486728A34CC900C6A02B /* LoginProgressWindowController.xib */, 76FDC5D52B22D47A0035D61E /* MainLoginWindowController.xib */, 76CB907C288112AF00C70D0C /* xcreds_login.sh */, 76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */, 76BEF7DC2871F5F00013E2A1 /* TCSReturnWindow.h */, 76BEF7DB2871F5F00013E2A1 /* TCSReturnWindow.m */, 76C084092A9A2635008039FA /* ControlsViewController.xib */, 763AEFDE2C156E1E0059A83D /* WhitePopoverBackgroundView.swift */, 76BEF7E02871F74D0013E2A1 /* ControlsViewController.swift */, 766355E128713C47002E3867 /* LoginWindow.swift */, 7651EDEC2A1451590075980B /* LocalUsersViewController.xib */, 76D1757D2B24096C00E64A62 /* MainLoginWindow.swift */, 76BEF7F128724EB60013E2A1 /* images */, ); path = LoginWindow; sourceTree = ""; }; 76BEF7F128724EB60013E2A1 /* images */ = { isa = PBXGroup; children = ( 7649056E2B6CADA9008B552F /* xcredsmenuItemWindowBackgroundImage.png */, 76BEF7FF2872A3030013E2A1 /* loginwindow.png */, 76BEF7FE2872A3030013E2A1 /* loginwindow@2x.png */, 76BEF7E6287202AF0013E2A1 /* ShutdownX.png */, 76BEF7E7287202AF0013E2A1 /* ShutdownX@2x.png */, 76BEF7E2287202080013E2A1 /* RestartX.png */, 76BEF7E3287202080013E2A1 /* RestartX@2x.png */, ); path = images; sourceTree = ""; }; 76C4BAB92B353B3F007B2C57 /* NoMAD */ = { isa = PBXGroup; children = ( 7657DEAE2B3503BF003A23DB /* SessionManager.swift */, 7657DED82B351B5B003A23DB /* UNIXUtilities.swift */, 7657DED52B351A67003A23DB /* KerbUtil.h */, 76C4BABA2B353B4B007B2C57 /* KerbUtil.m */, 7657DEDC2B351BF9003A23DB /* headers */, 7657DECB2B35061E003A23DB /* SiteManager.swift */, 7657DEC82B350606003A23DB /* KlistUtil.swift */, 7657DEC52B3505EB003A23DB /* Extensions.swift */, 7657DEC22B3505CB003A23DB /* ADLDAPPing.swift */, 7657DEBE2B3505A3003A23DB /* DNSResolver.m */, 7657DEBB2B35055F003A23DB /* Logger.swift */, 7657DEB52B3504A6003A23DB /* UserRecord.swift */, 7657DEB22B350476003A23DB /* NoMADSession.swift */, ); name = NoMAD; sourceTree = ""; }; 76DC0A6628836EB1007C42B2 /* XCreds Login Overlay */ = { isa = PBXGroup; children = ( 766F4C4A2883AFD90021F548 /* pleaseWaitGraphic.png */, 76DC0A7F2883785A007C42B2 /* XCreds-Login-Overlay-Info.plist */, 76DC0A7D288376BC007C42B2 /* TCSXCredsLoginOverlayWindow.swift */, 76DC0A78288370BA007C42B2 /* com.twocanoes.xcreds-overlay.plist */, 76DC0A7628837028007C42B2 /* returnArrow.png */, 76DC0A6728836EB1007C42B2 /* AppDelegate.swift */, 76DC0A6928836EB2007C42B2 /* Assets.xcassets */, 76DC0A6B28836EB2007C42B2 /* MainMenu.xib */, 76DC0A6E28836EB2007C42B2 /* XCreds_Login_Overlay.entitlements */, ); path = "XCreds Login Overlay"; sourceTree = ""; }; 76DD6D112859978F00A700ED /* Packages */ = { isa = PBXGroup; children = ( 76DD6D122859978F00A700ED /* OIDCLite */, ); name = Packages; sourceTree = ""; }; 76DD6D15285997F300A700ED /* Frameworks */ = { isa = PBXGroup; children = ( 763DDF192B4F1DD4000D48CC /* GSS.framework */, 76C4BAB52B353AF7007B2C57 /* Kerberos.framework */, 76C4BAB22B353AD7007B2C57 /* libresolv.tbd */, 767CB2CF2B13B92B006CA2AC /* OpenDirectory.framework */, 767CB2CE2B13B913006CA2AC /* libsystem_info.tbd */, 767CB2CC2B13B8EB006CA2AC /* libinfo.tbd */, 766CC42129D3A320009BC526 /* Paddle.framework */, 766CC42229D3A321009BC526 /* ProductLicense.framework */, ); name = Frameworks; sourceTree = ""; }; 76EE069127FD1D00009E0F3A = { isa = PBXGroup; children = ( 76D4726B2B43B8FA0064380C /* TCTaskWrapperWithBlocks.h */, 76D4726C2B43B8FB0064380C /* TCTaskWrapperWithBlocks.m */, 763DDF152B4F100D000D48CC /* ShareMounterMenu.swift */, 76C4ACBE2B3D0F8D003B3605 /* ShareMounter.swift */, 76C4BAB92B353B3F007B2C57 /* NoMAD */, 760148A82B23639D00E119A2 /* NSBundle+FindBundlePath.swift */, 7614D03B2B181A5D006EAF36 /* icon_128x128.png */, 7681FEC82A4CFEA200F91CD1 /* com.twocanoes.xcreds.plist */, 76C63A312A22872700810C53 /* History.md */, 760418CC2A1331710051411B /* NomadLogin */, 76873E2E2A107736001418A9 /* DefaultsHelper.swift */, 76E9CE6E2A0DC6E30060220C /* TCSLoginWindowUtilities.h */, 76E9CE6F2A0DC6E30060220C /* TCSLoginWindowUtilities.m */, 76673CD429D3D5F500452848 /* LicenseChecker.swift */, 7683973029A854EC003D9B9F /* NSImage+String.swift */, 76DB5CF32A09AE9A0014F8E1 /* get_pw.js */, 7659CA06298E1BB6005D1AA3 /* DefaultBackground.png */, 766FD60C2A1B06AC00C8F244 /* DefaultsOverride.swift */, 7675444428918CD100613840 /* Info.plist */, 76DD6D15285997F300A700ED /* Frameworks */, 76CB9076287FBEEA00C70D0C /* Helper+URLDecode.swift */, 76B040A328EFC788002A289B /* Helper+JWTDecode.swift */, 7632909B2876673500CF8857 /* DataExtension.swift */, 766355D22870F29A002E3867 /* TestWindowController.swift */, 766355D32870F29A002E3867 /* TestWindowController.xib */, 76DD6D112859978F00A700ED /* Packages */, 766355C72870D1B5002E3867 /* XCredsLogin */, 76EE069C27FD1D00009E0F3A /* XCreds */, 76BEF7D32871F36C0013E2A1 /* FakeTrue */, 7631935E287D22C700D36BF7 /* authrights */, 76DC0A6628836EB1007C42B2 /* XCreds Login Overlay */, 76786F542A27C36A00AA8DB9 /* auth_mech_fixup */, 76786F642A27C62D00AA8DB9 /* test */, 76EE069B27FD1D00009E0F3A /* Products */, ); sourceTree = ""; }; 76EE069B27FD1D00009E0F3A /* Products */ = { isa = PBXGroup; children = ( 76EE069A27FD1D00009E0F3A /* XCreds.app */, 766355BD2870CA6A002E3867 /* XCredsLoginPlugin.bundle */, 7631935D287D22C700D36BF7 /* authrights */, 76DC0A6528836EB1007C42B2 /* XCreds Login Overlay.app */, 76786F532A27C36A00AA8DB9 /* auth_mech_fixup */, 76786F632A27C62D00AA8DB9 /* test */, ); name = Products; sourceTree = ""; }; 76EE069C27FD1D00009E0F3A /* XCreds */ = { isa = PBXGroup; children = ( 76FDC5D42B22D47A0035D61E /* MainLoginWindowController.swift */, 764D8125284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.xib */, 76CCF5432B12E478003F85E9 /* SelectLocalAccountWindowController.xib */, 76CCF5422B12E478003F85E9 /* SelectLocalAccountWindowController.swift */, 76FDC5D92B235A4F0035D61E /* StatusMenuWindowController.xib */, 76E466652B1A4C16006529B6 /* UpdatePasswordWindowController.xib */, 7651EDF62A1474330075980B /* LoginWebViewController.xib */, 764D812B284BCC7400B3EE54 /* VerifyOIDCPassword.xib */, 76FDC5D82B235A4F0035D61E /* StatusMenuWindowController.swift */, 76D7ADFD284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.h */, 76D7ADFC284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m */, 76D7ADFA284EB15100332EBC /* TCSUnifiedLogger.h */, 76D7ADF9284EB15000332EBC /* TCSUnifiedLogger.m */, 76EECCFF2875135900483C66 /* LoggerHelper.swift */, 764D812A284BCC7400B3EE54 /* VerifyOIDCPasswordWindowController.swift */, 764D8124284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.swift */, 764D8132284D14A500B3EE54 /* Credits.txt */, 76E466642B1A4C16006529B6 /* UpdatePasswordWindowController.swift */, 767116B2284B045800CCD6FF /* KeychainUtil.swift */, 767116AD284AB59400CCD6FF /* SecurityPrivateAPI.h */, 76EE06AB27FD1D92009E0F3A /* TokenManager.swift */, 76E74DCE2B3902F0004C6429 /* XCredsMechanismProtocol.swift */, 76EE06AD27FD1DC3009E0F3A /* PrefKeys.swift */, 764D8128284BCAB100B3EE54 /* Window+Shake.swift */, 767B939B2A28279E0038935E /* View+Shake.swift */, 76EE06B127FD1E24009E0F3A /* DesktopLoginWindowController.xib */, 76342E592B282653007D4F29 /* DesktopLoginWindowController.swift */, 76EE06B327FD1E5F009E0F3A /* WebViewController.swift */, 766355E4287148C1002E3867 /* Tokens.swift */, 7681FEC62A4C8BC800F91CD1 /* AboutWindow.xib */, 767116AB284AB4C000CCD6FF /* PasswordUtils.swift */, 76EE06B527FD1E79009E0F3A /* PreferencesWindow.xib */, 764D812E284C06AB00B3EE54 /* defaults.plist */, 767116AE284AB5D900CCD6FF /* XCreds-Bridging-Header.h */, 76EE06B727FD1EB7009E0F3A /* PreferencesWindowController.swift */, 7681FEC42A4C8B9000F91CD1 /* AboutWindowController.swift */, 76EE06AF27FD1DD8009E0F3A /* Window+ForceToFront.swift */, 767116A8284AAE2B00CCD6FF /* ScheduleManager.swift */, 76EE06C127FD1F50009E0F3A /* StatusMenuController.swift */, 76EE06AA27FD1D66009E0F3A /* Info.plist */, 76EE069D27FD1D00009E0F3A /* AppDelegate.swift */, 767116B0284B021500CCD6FF /* MainController.swift */, 767116A6284AABC500CCD6FF /* NotifyManager.swift */, 76EE069F27FD1D01009E0F3A /* Assets.xcassets */, 76EE06A127FD1D01009E0F3A /* MainMenu.xib */, 76EE06A427FD1D01009E0F3A /* xCreds.entitlements */, 766355C42870CCC3002E3867 /* XCredsLoginPlugin-Bridging-Header.h */, ); path = XCreds; sourceTree = ""; }; /* End PBXGroup section */ /* Begin PBXLegacyTarget section */ 766F4C4C2883B88F0021F548 /* Send To Test */ = { isa = PBXLegacyTarget; buildArgumentsString = "app_to_test.sh mba.local"; buildConfigurationList = 766F4C4D2883B88F0021F548 /* Build configuration list for PBXLegacyTarget "Send To Test" */; buildPhases = ( ); buildToolPath = /bin/bash; buildWorkingDirectory = /Users/tperfitt/Documents/Projects/xcreds; dependencies = ( ); name = "Send To Test"; passBuildSettingsInEnvironment = 1; productName = "Send To Test"; }; /* End PBXLegacyTarget section */ /* Begin PBXNativeTarget section */ 7631935C287D22C700D36BF7 /* authrights */ = { isa = PBXNativeTarget; buildConfigurationList = 76319363287D22C700D36BF7 /* Build configuration list for PBXNativeTarget "authrights" */; buildPhases = ( 76319359287D22C700D36BF7 /* Sources */, 7631935A287D22C700D36BF7 /* Frameworks */, 7631935B287D22C700D36BF7 /* CopyFiles */, ); buildRules = ( ); dependencies = ( ); name = authrights; packageProductDependencies = ( 76AB89E02A12FAF900529D90 /* OIDCLite */, 76AB89E22A12FB4900529D90 /* ArgumentParser */, ); productName = authrights; productReference = 7631935D287D22C700D36BF7 /* authrights */; productType = "com.apple.product-type.tool"; }; 766355BC2870CA6A002E3867 /* XCredsLoginPlugin */ = { isa = PBXNativeTarget; buildConfigurationList = 766355C02870CA6A002E3867 /* Build configuration list for PBXNativeTarget "XCredsLoginPlugin" */; buildPhases = ( 766355B92870CA6A002E3867 /* Sources */, 766355BA2870CA6A002E3867 /* Frameworks */, 766355BB2870CA6A002E3867 /* Resources */, 766CC43129D3A3EC009BC526 /* Embed Frameworks */, ); buildRules = ( ); dependencies = ( ); name = XCredsLoginPlugin; packageProductDependencies = ( 766355CD2870E9D3002E3867 /* OIDCLite */, ); productName = XCredsLoginPlugin; productReference = 766355BD2870CA6A002E3867 /* XCredsLoginPlugin.bundle */; productType = "com.apple.product-type.bundle"; }; 76786F522A27C36A00AA8DB9 /* auth_mech_fixup */ = { isa = PBXNativeTarget; buildConfigurationList = 76786F572A27C36A00AA8DB9 /* Build configuration list for PBXNativeTarget "auth_mech_fixup" */; buildPhases = ( 76786F4F2A27C36A00AA8DB9 /* Sources */, 76786F502A27C36A00AA8DB9 /* Frameworks */, 76786F512A27C36A00AA8DB9 /* CopyFiles */, ); buildRules = ( ); dependencies = ( ); name = auth_mech_fixup; productName = auth_mech_fixup; productReference = 76786F532A27C36A00AA8DB9 /* auth_mech_fixup */; productType = "com.apple.product-type.tool"; }; 76786F622A27C62D00AA8DB9 /* test */ = { isa = PBXNativeTarget; buildConfigurationList = 76786F672A27C62D00AA8DB9 /* Build configuration list for PBXNativeTarget "test" */; buildPhases = ( 76786F5F2A27C62D00AA8DB9 /* Sources */, 76786F602A27C62D00AA8DB9 /* Frameworks */, 76786F612A27C62D00AA8DB9 /* CopyFiles */, ); buildRules = ( ); dependencies = ( ); name = test; productName = test; productReference = 76786F632A27C62D00AA8DB9 /* test */; productType = "com.apple.product-type.tool"; }; 76DC0A6428836EB1007C42B2 /* XCreds Login Overlay */ = { isa = PBXNativeTarget; buildConfigurationList = 76DC0A6F28836EB2007C42B2 /* Build configuration list for PBXNativeTarget "XCreds Login Overlay" */; buildPhases = ( 76DC0A6128836EB1007C42B2 /* Sources */, 76DC0A6228836EB1007C42B2 /* Frameworks */, 76DC0A6328836EB1007C42B2 /* Resources */, 766CC43629D3A3F8009BC526 /* Embed Frameworks */, ); buildRules = ( ); dependencies = ( ); name = "XCreds Login Overlay"; productName = "XCreds Login Overlay"; productReference = 76DC0A6528836EB1007C42B2 /* XCreds Login Overlay.app */; productType = "com.apple.product-type.application"; }; 76EE069927FD1D00009E0F3A /* XCreds */ = { isa = PBXNativeTarget; buildConfigurationList = 76EE06A727FD1D01009E0F3A /* Build configuration list for PBXNativeTarget "XCreds" */; buildPhases = ( 76EE069627FD1D00009E0F3A /* Sources */, 76EE069727FD1D00009E0F3A /* Frameworks */, 76EE069827FD1D00009E0F3A /* Resources */, 766CC42C29D3A3DC009BC526 /* Embed Frameworks */, ); buildRules = ( ); dependencies = ( 76DC0A7B28837152007C42B2 /* PBXTargetDependency */, 76319376287E19A500D36BF7 /* PBXTargetDependency */, 76319379287E204500D36BF7 /* PBXTargetDependency */, ); name = XCreds; packageProductDependencies = ( 76DD6D16285997F300A700ED /* OIDCLite */, 76319365287D24E100D36BF7 /* ArgumentParser */, 76319368287D24F600D36BF7 /* ArgumentParser */, 762177E52B7144460051B756 /* OIDCLite */, 76477E032C626B5D00F01D56 /* OIDCLite */, ); productName = xCreds; productReference = 76EE069A27FD1D00009E0F3A /* XCreds.app */; productType = "com.apple.product-type.application"; }; /* End PBXNativeTarget section */ /* Begin PBXProject section */ 76EE069227FD1D00009E0F3A /* Project object */ = { isa = PBXProject; attributes = { BuildIndependentTargetsInParallel = 1; LastSwiftUpdateCheck = 1430; LastUpgradeCheck = 1330; TargetAttributes = { 7631935C287D22C700D36BF7 = { CreatedOnToolsVersion = 13.4.1; }; 766355BC2870CA6A002E3867 = { CreatedOnToolsVersion = 13.4.1; LastSwiftMigration = 1340; }; 766F4C4C2883B88F0021F548 = { CreatedOnToolsVersion = 13.4.1; }; 76786F522A27C36A00AA8DB9 = { CreatedOnToolsVersion = 14.3; }; 76786F622A27C62D00AA8DB9 = { CreatedOnToolsVersion = 14.3; }; 76DC0A6428836EB1007C42B2 = { CreatedOnToolsVersion = 13.4.1; }; 76EE069927FD1D00009E0F3A = { CreatedOnToolsVersion = 13.3; }; }; }; buildConfigurationList = 76EE069527FD1D00009E0F3A /* Build configuration list for PBXProject "XCreds" */; compatibilityVersion = "Xcode 13.0"; developmentRegion = en; hasScannedForEncodings = 0; knownRegions = ( en, Base, ); mainGroup = 76EE069127FD1D00009E0F3A; packageReferences = ( 76319364287D24E100D36BF7 /* XCRemoteSwiftPackageReference "swift-argument-parser" */, 76477E022C626B5D00F01D56 /* XCRemoteSwiftPackageReference "OIDCLite" */, ); productRefGroup = 76EE069B27FD1D00009E0F3A /* Products */; projectDirPath = ""; projectRoot = ""; targets = ( 76EE069927FD1D00009E0F3A /* XCreds */, 766355BC2870CA6A002E3867 /* XCredsLoginPlugin */, 7631935C287D22C700D36BF7 /* authrights */, 76DC0A6428836EB1007C42B2 /* XCreds Login Overlay */, 766F4C4C2883B88F0021F548 /* Send To Test */, 76786F522A27C36A00AA8DB9 /* auth_mech_fixup */, 76786F622A27C62D00AA8DB9 /* test */, ); }; /* End PBXProject section */ /* Begin PBXResourcesBuildPhase section */ 766355BB2870CA6A002E3867 /* Resources */ = { isa = PBXResourcesBuildPhase; buildActionMask = 2147483647; files = ( 76BEF8002872A3030013E2A1 /* loginwindow@2x.png in Resources */, 766355D928711C51002E3867 /* defaults.plist in Resources */, 7613FDF7289E114F00340CCD /* loadpage.html in Resources */, 7659CA07298E1BB6005D1AA3 /* DefaultBackground.png in Resources */, 766355D52870F29A002E3867 /* TestWindowController.xib in Resources */, 76CCF5452B12E478003F85E9 /* SelectLocalAccountWindowController.xib in Resources */, 7651EDED2A1451590075980B /* LocalUsersViewController.xib in Resources */, 761B486928A34CC900C6A02B /* LoginProgressWindowController.xib in Resources */, 766CC43829D3AED2009BC526 /* errorpage.html in Resources */, 7614D03C2B181A5D006EAF36 /* icon_128x128.png in Resources */, 76BEF7E4287202090013E2A1 /* RestartX.png in Resources */, 76D925D32894ADB4005C3245 /* Assets.xcassets in Resources */, 76BEF8012872A3030013E2A1 /* loginwindow.png in Resources */, 766355D12870EBAD002E3867 /* VerifyOIDCPassword.xib in Resources */, 76EECCFC2873E6E200483C66 /* VerifyLocalPasswordWindowController.xib in Resources */, 76BEF7E8287202AF0013E2A1 /* ShutdownX.png in Resources */, 76FDC5D72B22D47A0035D61E /* MainLoginWindowController.xib in Resources */, 76E466672B1A4C16006529B6 /* UpdatePasswordWindowController.xib in Resources */, 76C0840B2A9A311E008039FA /* ControlsViewController.xib in Resources */, 76BEF7E5287202090013E2A1 /* RestartX@2x.png in Resources */, 7651EDF72A1474330075980B /* LoginWebViewController.xib in Resources */, 7677908828908E40004E7085 /* WifiWindowController.xib in Resources */, 76DB5CF52A09AE9A0014F8E1 /* get_pw.js in Resources */, 76BEF7E9287202AF0013E2A1 /* ShutdownX@2x.png in Resources */, ); runOnlyForDeploymentPostprocessing = 0; }; 76DC0A6328836EB1007C42B2 /* Resources */ = { isa = PBXResourcesBuildPhase; buildActionMask = 2147483647; files = ( 76DC0A83288382D2007C42B2 /* returnArrow.png in Resources */, 76DC0A6A28836EB2007C42B2 /* Assets.xcassets in Resources */, 76DC0A6D28836EB2007C42B2 /* MainMenu.xib in Resources */, 76DC0A79288370BA007C42B2 /* com.twocanoes.xcreds-overlay.plist in Resources */, 76DC0A7428836F45007C42B2 /* RestartX@2x.png in Resources */, 766F4C4B2883AFD90021F548 /* pleaseWaitGraphic.png in Resources */, ); runOnlyForDeploymentPostprocessing = 0; }; 76EE069827FD1D00009E0F3A /* Resources */ = { isa = PBXResourcesBuildPhase; buildActionMask = 2147483647; files = ( 76DC0A7C28837158007C42B2 /* XCreds Login Overlay.app in Resources */, 76DB5CF42A09AE9A0014F8E1 /* get_pw.js in Resources */, 762761602B294A7C0067D1D4 /* icon_128x128.png in Resources */, 76CB907E288112C200C70D0C /* xcreds_login.sh in Resources */, 76319377287E1FAF00D36BF7 /* authrights in Resources */, 76319374287E198C00D36BF7 /* XCredsLoginPlugin.bundle in Resources */, 76D175742B23C57500E64A62 /* LocalUsersViewController.xib in Resources */, 76EE06B627FD1E79009E0F3A /* PreferencesWindow.xib in Resources */, 76EE06A027FD1D01009E0F3A /* Assets.xcassets in Resources */, 764D812F284C06AB00B3EE54 /* defaults.plist in Resources */, 764D8133284D14A500B3EE54 /* Credits.txt in Resources */, 7681FEC72A4C8BC800F91CD1 /* AboutWindow.xib in Resources */, 76673CD229D3CFF900452848 /* errorpage.html in Resources */, 764D812D284BCC7400B3EE54 /* VerifyOIDCPassword.xib in Resources */, 76FDC5DB2B235A4F0035D61E /* StatusMenuWindowController.xib in Resources */, 76C63A322A22872700810C53 /* History.md in Resources */, 764D8127284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.xib in Resources */, 76DF7FD52B50FA9A00B3B543 /* UpdatePasswordWindowController.xib in Resources */, 7649056F2B6CADA9008B552F /* xcredsmenuItemWindowBackgroundImage.png in Resources */, 76EE06A327FD1D01009E0F3A /* MainMenu.xib in Resources */, 76D1756A2B23C28700E64A62 /* MainLoginWindowController.xib in Resources */, 76EE06B227FD1E24009E0F3A /* DesktopLoginWindowController.xib in Resources */, 7681FEC92A4CFEA200F91CD1 /* com.twocanoes.xcreds.plist in Resources */, 76F0B6E02B421FC8008F7D71 /* loadpage.html in Resources */, ); runOnlyForDeploymentPostprocessing = 0; }; /* End PBXResourcesBuildPhase section */ /* Begin PBXSourcesBuildPhase section */ 76319359287D22C700D36BF7 /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 76319360287D22C700D36BF7 /* authrights.swift in Sources */, 7631936D287D2A6200D36BF7 /* LoggerHelper.swift in Sources */, 7631936C287D29B700D36BF7 /* AuthorizationDBManager.swift in Sources */, 7631936E287D2AB100D36BF7 /* TCSUnifiedLogger.m in Sources */, 76319370287DE24D00D36BF7 /* NSFileManager+TCSRealHomeFolder.m in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; 766355B92870CA6A002E3867 /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 7632E3A32873581100E37923 /* KeychainUtil.swift in Sources */, 76CCF5442B12E478003F85E9 /* SelectLocalAccountWindowController.swift in Sources */, 76B882AB29CCFD7A00BB8186 /* TCSKeychain.m in Sources */, 54848E8F2B47336D000DF420 /* KerbUtil.m in Sources */, 76BEF7DD2871F5F00013E2A1 /* TCSReturnWindow.m in Sources */, 76EECCFB2873DFFB00483C66 /* PasswordUtils.swift in Sources */, 76DF50B62A1C5EFF007BC708 /* DefaultsOverride.swift in Sources */, 7657DEB02B3503BF003A23DB /* SessionManager.swift in Sources */, 7657DEB72B3504A6003A23DB /* UserRecord.swift in Sources */, 7632E3A12873497C00E37923 /* LogShim.swift in Sources */, 760418D52A1332520051411B /* DS+AD.swift in Sources */, 76FDC5D62B22D47A0035D61E /* MainLoginWindowController.swift in Sources */, 76C4BAB12B353A3A007B2C57 /* DNSResolver.m in Sources */, 76BEF7ED28724A0C0013E2A1 /* XCredsBaseMechanism.swift in Sources */, 766355CF2870E9E7002E3867 /* PrefKeys.swift in Sources */, 7657DEB42B350476003A23DB /* NoMADSession.swift in Sources */, 7657DEC42B3505CB003A23DB /* ADLDAPPing.swift in Sources */, 760418D72A1332660051411B /* DSQueryable.swift in Sources */, 76DF1D5B2A2AD42C00770690 /* LocalCheckAndMigrate.swift in Sources */, 761B486C28A3575000C6A02B /* XCredsLoginDone.swift in Sources */, 7657DEC72B3505EB003A23DB /* Extensions.swift in Sources */, 76BEF7F328724F120013E2A1 /* XCredsPowerControlMechanism.swift in Sources */, 76873E302A107736001418A9 /* DefaultsHelper.swift in Sources */, 76B040A528EFC788002A289B /* Helper+JWTDecode.swift in Sources */, 7632909D2876674100CF8857 /* DataExtension.swift in Sources */, 7683973229A854EC003D9B9F /* NSImage+String.swift in Sources */, 761B486A28A34CC900C6A02B /* LoginProgressWindowController.swift in Sources */, 7677908628908E40004E7085 /* WifiWindowController.swift in Sources */, 76E466662B1A4C16006529B6 /* UpdatePasswordWindowController.swift in Sources */, 76EECCFD2873E9ED00483C66 /* VerifyLocalPasswordWindowController.swift in Sources */, 76D4726E2B43B8FB0064380C /* TCTaskWrapperWithBlocks.m in Sources */, 76BEF7EC28724A0B0013E2A1 /* XCredsLoginMechanism.swift in Sources */, 766355CA2870DCF5002E3867 /* TCSUnifiedLogger.m in Sources */, 76C4BAB02B353A30007B2C57 /* KlistUtil.swift in Sources */, 76CB9078287FBEEA00C70D0C /* Helper+URLDecode.swift in Sources */, 766355E328713C4A002E3867 /* LoginWindow.swift in Sources */, 76B882AF29CCFDAE00BB8186 /* NSData+SHA1.m in Sources */, 76BEF7F82872504C0013E2A1 /* ContextAndHintHandling.swift in Sources */, 766355E6287148C1002E3867 /* Tokens.swift in Sources */, 766355CC2870E9AD002E3867 /* WebViewController.swift in Sources */, 760418D92A1332770051411B /* SystemInfoHelper.swift in Sources */, 76673CD629D3D5F500452848 /* LicenseChecker.swift in Sources */, 767B939D2A28289E0038935E /* View+Shake.swift in Sources */, 760418D22A1332210051411B /* SignInWindowController.swift in Sources */, 7611CEC0288B75140063A644 /* XCredsCreateUser.swift in Sources */, 764859F22B2FA2E800507C16 /* Window+ForceToFront.swift in Sources */, 766355D42870F29A002E3867 /* TestWindowController.swift in Sources */, 766355C32870CB6F002E3867 /* XCredsLoginPlugin.m in Sources */, 766355CB2870E5E9002E3867 /* NSFileManager+TCSRealHomeFolder.m in Sources */, 7632E39F287347C100E37923 /* XCredsKeychainAdd.swift in Sources */, 76D1757E2B24096C00E64A62 /* MainLoginWindow.swift in Sources */, 7677908728908E40004E7085 /* WifiManager.swift in Sources */, 76BEF7FA28726C700013E2A1 /* AuthorizationDBManager.swift in Sources */, 76BEF7E12871F74D0013E2A1 /* ControlsViewController.swift in Sources */, 76EECD012875135900483C66 /* LoggerHelper.swift in Sources */, 7611CEC2288B96760063A644 /* XCredsEnableFDE.swift in Sources */, 7657DEBD2B35055F003A23DB /* Logger.swift in Sources */, 76EECCFE2873EA6500483C66 /* Window+Shake.swift in Sources */, 76B882B329CCFDBA00BB8186 /* NSData+HexString.m in Sources */, 7632E3A2287357CC00E37923 /* TokenManager.swift in Sources */, 76BEF7F628724FA80013E2A1 /* NSTaskWrapper.swift in Sources */, 76EECD0528753C7F00483C66 /* String+Base64URLEncoded.swift in Sources */, 7657DECD2B35061E003A23DB /* SiteManager.swift in Sources */, 760148A92B23639D00E119A2 /* NSBundle+FindBundlePath.swift in Sources */, 76E74DD02B3902F0004C6429 /* XCredsMechanismProtocol.swift in Sources */, 766355DB287132E9002E3867 /* LoginWebViewController.swift in Sources */, 7657DEDA2B351B5B003A23DB /* UNIXUtilities.swift in Sources */, 089B22F12AFAED280006B6BC /* NetworkMonitor.swift in Sources */, 763AEFDF2C156E1E0059A83D /* WhitePopoverBackgroundView.swift in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; 76786F4F2A27C36A00AA8DB9 /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 76786F5E2A27C60800AA8DB9 /* LoggerHelper.swift in Sources */, 76786F5A2A27C37100AA8DB9 /* AuthRightsHelper.swift in Sources */, 76786F6B2A27C79100AA8DB9 /* NSFileManager+TCSRealHomeFolder.m in Sources */, 76786F5D2A27C3B300AA8DB9 /* TCSUnifiedLogger.m in Sources */, 76786F5B2A27C38800AA8DB9 /* AuthorizationDBManager.swift in Sources */, 76786F562A27C36A00AA8DB9 /* main.swift in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; 76786F5F2A27C62D00AA8DB9 /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 76786F662A27C62D00AA8DB9 /* main.swift in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; 76DC0A6128836EB1007C42B2 /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 76DC0A8528838467007C42B2 /* LoggerHelper.swift in Sources */, 76DC0A7328836EFE007C42B2 /* TCSReturnWindow.m in Sources */, 76DC0A88288387D8007C42B2 /* NSFileManager+TCSRealHomeFolder.m in Sources */, 76DC0A8428838375007C42B2 /* AuthorizationDBManager.swift in Sources */, 76DC0A8628838656007C42B2 /* TCSUnifiedLogger.m in Sources */, 76DC0A7E288376BC007C42B2 /* TCSXCredsLoginOverlayWindow.swift in Sources */, 767C42842AC6645700542099 /* AuthRightsHelper.swift in Sources */, 76DC0A87288386FA007C42B2 /* NSTaskWrapper.swift in Sources */, 76C4BABC2B3544C6007B2C57 /* UNIXUtilities.swift in Sources */, 76DC0A6828836EB1007C42B2 /* AppDelegate.swift in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; 76EE069627FD1D00009E0F3A /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 760148AA2B2365F100E119A2 /* NSBundle+FindBundlePath.swift in Sources */, 76E74DD32B390358004C6429 /* LoginWebViewController.swift in Sources */, 089B22F22AFAED810006B6BC /* NetworkMonitor.swift in Sources */, 76EECD0228752C1F00483C66 /* LoginWindow.swift in Sources */, 76673CD529D3D5F500452848 /* LicenseChecker.swift in Sources */, 761121B82B3D26F5005F7D02 /* LocalCheckAndMigrate.swift in Sources */, 76E74DD22B39034B004C6429 /* SelectLocalAccountWindowController.swift in Sources */, 767116A7284AABC500CCD6FF /* NotifyManager.swift in Sources */, 76EE06B827FD1EB7009E0F3A /* PreferencesWindowController.swift in Sources */, 76A8A4E32A0DF7C700AA6054 /* NSTaskWrapper.swift in Sources */, 76EE06AE27FD1DC3009E0F3A /* PrefKeys.swift in Sources */, 767116B3284B045800CCD6FF /* KeychainUtil.swift in Sources */, 76CB907B2880E41E00C70D0C /* LogShim.swift in Sources */, 7657DEC92B350606003A23DB /* KlistUtil.swift in Sources */, 764D812C284BCC7400B3EE54 /* VerifyOIDCPasswordWindowController.swift in Sources */, 76E74DD42B39037A004C6429 /* LoginProgressWindowController.swift in Sources */, 7623384D2B53029D00F2D714 /* ShareMounter.swift in Sources */, 7657DEB32B350476003A23DB /* NoMADSession.swift in Sources */, 760418E02A133A370051411B /* DSQueryable.swift in Sources */, 76319373287E18BF00D36BF7 /* DataExtension.swift in Sources */, 76E74DD12B390327004C6429 /* ContextAndHintHandling.swift in Sources */, 76EECD002875135900483C66 /* LoggerHelper.swift in Sources */, 54848E902B47336D000DF420 /* KerbUtil.m in Sources */, 76873E2F2A107736001418A9 /* DefaultsHelper.swift in Sources */, 76D175772B23C62A00E64A62 /* UpdatePasswordWindowController.swift in Sources */, 7683973129A854EC003D9B9F /* NSImage+String.swift in Sources */, 76FDC5DA2B235A4F0035D61E /* StatusMenuWindowController.swift in Sources */, 761121B92B3D26FB005F7D02 /* DS+AD.swift in Sources */, 76CB9077287FBEEA00C70D0C /* Helper+URLDecode.swift in Sources */, 764D8129284BCAB100B3EE54 /* Window+Shake.swift in Sources */, 764D8126284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.swift in Sources */, 76EE069E27FD1D00009E0F3A /* AppDelegate.swift in Sources */, 76D7ADFB284EB15100332EBC /* TCSUnifiedLogger.m in Sources */, 7657DEBC2B35055F003A23DB /* Logger.swift in Sources */, 7657DEB62B3504A6003A23DB /* UserRecord.swift in Sources */, 761121B62B3D24FE005F7D02 /* SignInWindowController.swift in Sources */, 761121B72B3D26EE005F7D02 /* SystemInfoHelper.swift in Sources */, 7657DEAF2B3503BF003A23DB /* SessionManager.swift in Sources */, 7681FEC52A4C8B9000F91CD1 /* AboutWindowController.swift in Sources */, 768633D92AFC4908004065E5 /* WifiManager.swift in Sources */, 7657DED92B351B5B003A23DB /* UNIXUtilities.swift in Sources */, 76E74DCF2B3902F0004C6429 /* XCredsMechanismProtocol.swift in Sources */, 76EE06C227FD1F50009E0F3A /* StatusMenuController.swift in Sources */, 76EE06B027FD1DD8009E0F3A /* Window+ForceToFront.swift in Sources */, 76D4726D2B43B8FB0064380C /* TCTaskWrapperWithBlocks.m in Sources */, 767116B1284B021500CCD6FF /* MainController.swift in Sources */, 7657DECC2B35061E003A23DB /* SiteManager.swift in Sources */, 76B040A428EFC788002A289B /* Helper+JWTDecode.swift in Sources */, 767116A9284AAE2B00CCD6FF /* ScheduleManager.swift in Sources */, 766FD60D2A1B06AC00C8F244 /* DefaultsOverride.swift in Sources */, 767116AC284AB4C000CCD6FF /* PasswordUtils.swift in Sources */, 76B882AA29CCFD7A00BB8186 /* TCSKeychain.m in Sources */, 766355E5287148C1002E3867 /* Tokens.swift in Sources */, 7657DEC32B3505CB003A23DB /* ADLDAPPing.swift in Sources */, 76EE06AC27FD1D92009E0F3A /* TokenManager.swift in Sources */, 76B882B229CCFDBA00BB8186 /* NSData+HexString.m in Sources */, 7623384C2B53029D00F2D714 /* ShareMounterMenu.swift in Sources */, 7657DEC02B3505A3003A23DB /* DNSResolver.m in Sources */, 76E9CE702A0DC6E30060220C /* TCSLoginWindowUtilities.m in Sources */, 76342E5A2B282653007D4F29 /* DesktopLoginWindowController.swift in Sources */, 76D7ADFE284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m in Sources */, 76EECD0428753C7F00483C66 /* String+Base64URLEncoded.swift in Sources */, 7657DEC62B3505EB003A23DB /* Extensions.swift in Sources */, 766355DC287133C7002E3867 /* WebViewController.swift in Sources */, 76D175712B23C2DB00E64A62 /* AuthorizationDBManager.swift in Sources */, 767B939C2A28279E0038935E /* View+Shake.swift in Sources */, 76B882AE29CCFDAE00BB8186 /* NSData+SHA1.m in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; /* End PBXSourcesBuildPhase section */ /* Begin PBXTargetDependency section */ 76319376287E19A500D36BF7 /* PBXTargetDependency */ = { isa = PBXTargetDependency; target = 766355BC2870CA6A002E3867 /* XCredsLoginPlugin */; targetProxy = 76319375287E19A500D36BF7 /* PBXContainerItemProxy */; }; 76319379287E204500D36BF7 /* PBXTargetDependency */ = { isa = PBXTargetDependency; target = 7631935C287D22C700D36BF7 /* authrights */; targetProxy = 76319378287E204500D36BF7 /* PBXContainerItemProxy */; }; 76DC0A7B28837152007C42B2 /* PBXTargetDependency */ = { isa = PBXTargetDependency; target = 76DC0A6428836EB1007C42B2 /* XCreds Login Overlay */; targetProxy = 76DC0A7A28837152007C42B2 /* PBXContainerItemProxy */; }; /* End PBXTargetDependency section */ /* Begin PBXVariantGroup section */ 76DC0A6B28836EB2007C42B2 /* MainMenu.xib */ = { isa = PBXVariantGroup; children = ( 76DC0A6C28836EB2007C42B2 /* Base */, ); name = MainMenu.xib; sourceTree = ""; }; 76EE06A127FD1D01009E0F3A /* MainMenu.xib */ = { isa = PBXVariantGroup; children = ( 76EE06A227FD1D01009E0F3A /* Base */, ); name = MainMenu.xib; sourceTree = ""; }; /* End PBXVariantGroup section */ /* Begin XCBuildConfiguration section */ <<<<<<< HEAD ======= 760291ED2C116E470075FBD8 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES = YES; ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES; ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CODE_SIGN_ENTITLEMENTS = "XCreds AutoFill/XCreds_AutoFill.entitlements"; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; CURRENT_PROJECT_VERSION = 7144; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; ENABLE_USER_SCRIPT_SANDBOXING = YES; GCC_C_LANGUAGE_STANDARD = gnu17; GCC_PREPROCESSOR_DEFINITIONS = ( "AUTOFILL_TARGET=1", "DEBUG=1", "$(inherited)", ); GENERATE_INFOPLIST_FILE = YES; INFOPLIST_KEY_NSHumanReadableCopyright = ""; INFOPLIST_KEY_NSMainStoryboardFile = Main; INFOPLIST_KEY_NSPrincipalClass = NSApplication; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", ); LOCALIZATION_PREFERS_STRING_CATALOGS = YES; MACOSX_DEPLOYMENT_TARGET = 13.0; MARKETING_VERSION = 5.0; PRODUCT_BUNDLE_IDENTIFIER = "com.twocanoes.xcreds.XCreds-AutoFill"; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; SWIFT_ACTIVE_COMPILATION_CONDITIONS = "DEBUG $(inherited)"; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Debug; }; 760291EE2C116E470075FBD8 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES = YES; ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES; ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CODE_SIGN_ENTITLEMENTS = "XCreds AutoFill/XCreds_AutoFill.entitlements"; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; CURRENT_PROJECT_VERSION = 7144; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; ENABLE_USER_SCRIPT_SANDBOXING = YES; GCC_C_LANGUAGE_STANDARD = gnu17; GCC_PREPROCESSOR_DEFINITIONS = "AUTOFILL_TARGET=1"; GENERATE_INFOPLIST_FILE = YES; INFOPLIST_KEY_NSHumanReadableCopyright = ""; INFOPLIST_KEY_NSMainStoryboardFile = Main; INFOPLIST_KEY_NSPrincipalClass = NSApplication; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", ); LOCALIZATION_PREFERS_STRING_CATALOGS = YES; MACOSX_DEPLOYMENT_TARGET = 13.0; MARKETING_VERSION = 5.0; PRODUCT_BUNDLE_IDENTIFIER = "com.twocanoes.xcreds.XCreds-AutoFill"; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Release; }; 760292022C116EDB0075FBD8 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES; CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CODE_SIGN_ENTITLEMENTS = "XCreds AutoFill Extension/XCreds_AutoFill_Extension.entitlements"; CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 7144; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; ENABLE_USER_SCRIPT_SANDBOXING = YES; GCC_C_LANGUAGE_STANDARD = gnu17; GCC_PREPROCESSOR_DEFINITIONS = ( "DEBUG=1", "AUTOFILL_TARGET=1", "$(inherited)", ); GENERATE_INFOPLIST_FILE = YES; INFOPLIST_FILE = "XCreds AutoFill Extension/Info.plist"; INFOPLIST_KEY_CFBundleDisplayName = "XCreds AutoFill Extension"; INFOPLIST_KEY_NSHumanReadableCopyright = ""; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", "@executable_path/../../../../Frameworks", ); LOCALIZATION_PREFERS_STRING_CATALOGS = YES; MACOSX_DEPLOYMENT_TARGET = 13.0; MARKETING_VERSION = 5.0; PRODUCT_BUNDLE_IDENTIFIER = "com.twocanoes.xcreds.XCreds-AutoFill.XCreds-AutoFill-Extension"; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; SWIFT_ACTIVE_COMPILATION_CONDITIONS = "DEBUG $(inherited)"; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Debug; }; 760292032C116EDB0075FBD8 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES; CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CODE_SIGN_ENTITLEMENTS = "XCreds AutoFill Extension/XCreds_AutoFill_Extension.entitlements"; CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 7144; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; ENABLE_USER_SCRIPT_SANDBOXING = YES; GCC_C_LANGUAGE_STANDARD = gnu17; GCC_PREPROCESSOR_DEFINITIONS = "AUTOFILL_TARGET=1"; GENERATE_INFOPLIST_FILE = YES; INFOPLIST_FILE = "XCreds AutoFill Extension/Info.plist"; INFOPLIST_KEY_CFBundleDisplayName = "XCreds AutoFill Extension"; INFOPLIST_KEY_NSHumanReadableCopyright = ""; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", "@executable_path/../../../../Frameworks", ); LOCALIZATION_PREFERS_STRING_CATALOGS = YES; MACOSX_DEPLOYMENT_TARGET = 13.0; MARKETING_VERSION = 5.0; PRODUCT_BUNDLE_IDENTIFIER = "com.twocanoes.xcreds.XCreds-AutoFill.XCreds-AutoFill-Extension"; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Release; }; >>>>>>> develop 76319361287D22C700D36BF7 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 7144; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = "\"$(SRCROOT)/Carthage/Build/Mac\""; MACOSX_DEPLOYMENT_TARGET = 11.0; MARKETING_VERSION = 5.0; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCredsLoginPlugin-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Debug; }; 76319362287D22C700D36BF7 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 7144; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = "\"$(SRCROOT)/Carthage/Build/Mac\""; MACOSX_DEPLOYMENT_TARGET = 11.0; MARKETING_VERSION = 5.0; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCredsLoginPlugin-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Release; }; 766355BE2870CA6A002E3867 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; <<<<<<< HEAD CURRENT_PROJECT_VERSION = 6409; ======= CURRENT_PROJECT_VERSION = 7144; >>>>>>> develop DEFINES_MODULE = YES; DEVELOPMENT_TEAM = UXP6YEHSPW; FRAMEWORK_SEARCH_PATHS = ( "\"$(SRCROOT)/Carthage/Build/Mac\"", "$(PROJECT_DIR)/Carthage/Build/Mac", ); GENERATE_INFOPLIST_FILE = YES; HEADER_SEARCH_PATHS = headers; INFOPLIST_FILE = XCredsLoginPlugin/Info.plist; INFOPLIST_KEY_NSHumanReadableCopyright = ""; INFOPLIST_KEY_NSPrincipalClass = ""; INSTALL_PATH = "$(LOCAL_LIBRARY_DIR)/Bundles"; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", "@loader_path/../Frameworks", ); MACOSX_DEPLOYMENT_TARGET = 11.0; MARKETING_VERSION = 5.0; PRODUCT_BUNDLE_IDENTIFIER = com.twocanoes.XCredsLoginPlugin; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCredsLoginPlugin-Bridging-Header.h"; SWIFT_VERSION = 5.0; WRAPPER_EXTENSION = bundle; }; name = Debug; }; 766355BF2870CA6A002E3867 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; <<<<<<< HEAD CURRENT_PROJECT_VERSION = 6409; ======= CURRENT_PROJECT_VERSION = 7144; >>>>>>> develop DEFINES_MODULE = YES; DEVELOPMENT_TEAM = UXP6YEHSPW; FRAMEWORK_SEARCH_PATHS = ( "\"$(SRCROOT)/Carthage/Build/Mac\"", "$(PROJECT_DIR)/Carthage/Build/Mac", ); GENERATE_INFOPLIST_FILE = YES; HEADER_SEARCH_PATHS = headers; INFOPLIST_FILE = XCredsLoginPlugin/Info.plist; INFOPLIST_KEY_NSHumanReadableCopyright = ""; INFOPLIST_KEY_NSPrincipalClass = ""; INSTALL_PATH = "$(LOCAL_LIBRARY_DIR)/Bundles"; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", "@loader_path/../Frameworks", ); MACOSX_DEPLOYMENT_TARGET = 11.0; MARKETING_VERSION = 5.0; PRODUCT_BUNDLE_IDENTIFIER = com.twocanoes.XCredsLoginPlugin; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCredsLoginPlugin-Bridging-Header.h"; SWIFT_VERSION = 5.0; WRAPPER_EXTENSION = bundle; }; name = Release; }; 766F4C4E2883B88F0021F548 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 7144; DEBUGGING_SYMBOLS = YES; DEBUG_INFORMATION_FORMAT = dwarf; DEVELOPMENT_TEAM = UXP6YEHSPW; GCC_GENERATE_DEBUGGING_SYMBOLS = YES; GCC_OPTIMIZATION_LEVEL = 0; OTHER_CFLAGS = ""; OTHER_LDFLAGS = ""; PRODUCT_NAME = "$(TARGET_NAME)"; }; name = Debug; }; 766F4C4F2883B88F0021F548 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 7144; DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; DEVELOPMENT_TEAM = UXP6YEHSPW; OTHER_CFLAGS = ""; OTHER_LDFLAGS = ""; PRODUCT_NAME = "$(TARGET_NAME)"; }; name = Release; }; 76786F582A27C36A00AA8DB9 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 7144; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; MACOSX_DEPLOYMENT_TARGET = 13.3; MARKETING_VERSION = 5.0; PRODUCT_NAME = "$(TARGET_NAME)"; SWIFT_OBJC_BRIDGING_HEADER = "auth_mech_fixup/auth_mech_fixup-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Debug; }; 76786F592A27C36A00AA8DB9 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 7144; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; MACOSX_DEPLOYMENT_TARGET = 13.3; MARKETING_VERSION = 5.0; PRODUCT_NAME = "$(TARGET_NAME)"; SWIFT_OBJC_BRIDGING_HEADER = "auth_mech_fixup/auth_mech_fixup-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Release; }; 76786F682A27C62D00AA8DB9 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 7144; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; MACOSX_DEPLOYMENT_TARGET = 13.3; MARKETING_VERSION = 5.0; PRODUCT_NAME = "$(TARGET_NAME)"; SWIFT_VERSION = 5.0; }; name = Debug; }; 76786F692A27C62D00AA8DB9 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 7144; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; MACOSX_DEPLOYMENT_TARGET = 13.3; MARKETING_VERSION = 5.0; PRODUCT_NAME = "$(TARGET_NAME)"; SWIFT_VERSION = 5.0; }; name = Release; }; 76DC0A7028836EB2007C42B2 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; CODE_SIGN_ENTITLEMENTS = "XCreds Login Overlay/XCreds_Login_Overlay.entitlements"; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; <<<<<<< HEAD CURRENT_PROJECT_VERSION = 6409; ======= CURRENT_PROJECT_VERSION = 7144; >>>>>>> develop DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = ( "\"$(SRCROOT)/Carthage/Build/Mac\"", "$(PROJECT_DIR)/Carthage/Build/Mac", ); GENERATE_INFOPLIST_FILE = YES; INFOPLIST_FILE = "XCreds-Login-Overlay-Info.plist"; INFOPLIST_KEY_NSHumanReadableCopyright = ""; INFOPLIST_KEY_NSMainNibFile = MainMenu; INFOPLIST_KEY_NSPrincipalClass = NSApplication; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", ); MACOSX_DEPLOYMENT_TARGET = 11.0; MARKETING_VERSION = 5.0; PRODUCT_BUNDLE_IDENTIFIER = "com.twocanoes.XCreds-Login-Overlay"; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Debug; }; 76DC0A7128836EB2007C42B2 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; CODE_SIGN_ENTITLEMENTS = "XCreds Login Overlay/XCreds_Login_Overlay.entitlements"; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; <<<<<<< HEAD CURRENT_PROJECT_VERSION = 6409; ======= CURRENT_PROJECT_VERSION = 7144; >>>>>>> develop DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = ( "\"$(SRCROOT)/Carthage/Build/Mac\"", "$(PROJECT_DIR)/Carthage/Build/Mac", ); GENERATE_INFOPLIST_FILE = YES; INFOPLIST_FILE = "XCreds-Login-Overlay-Info.plist"; INFOPLIST_KEY_NSHumanReadableCopyright = ""; INFOPLIST_KEY_NSMainNibFile = MainMenu; INFOPLIST_KEY_NSPrincipalClass = NSApplication; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", ); MACOSX_DEPLOYMENT_TARGET = 11.0; MARKETING_VERSION = 5.0; PRODUCT_BUNDLE_IDENTIFIER = "com.twocanoes.XCreds-Login-Overlay"; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Release; }; 76EE06A527FD1D01009E0F3A /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { ALWAYS_SEARCH_USER_PATHS = NO; CLANG_ANALYZER_NONNULL = YES; CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; CLANG_CXX_LANGUAGE_STANDARD = "gnu++17"; CLANG_ENABLE_MODULES = YES; CLANG_ENABLE_OBJC_ARC = YES; CLANG_ENABLE_OBJC_WEAK = YES; CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; CLANG_WARN_BOOL_CONVERSION = YES; CLANG_WARN_COMMA = YES; CLANG_WARN_CONSTANT_CONVERSION = YES; CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; CLANG_WARN_DOCUMENTATION_COMMENTS = YES; CLANG_WARN_EMPTY_BODY = YES; CLANG_WARN_ENUM_CONVERSION = YES; CLANG_WARN_INFINITE_RECURSION = YES; CLANG_WARN_INT_CONVERSION = YES; CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES; CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; CLANG_WARN_STRICT_PROTOTYPES = YES; CLANG_WARN_SUSPICIOUS_MOVE = YES; CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; CLANG_WARN_UNREACHABLE_CODE = YES; CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; COPY_PHASE_STRIP = NO; DEBUG_INFORMATION_FORMAT = dwarf; ENABLE_STRICT_OBJC_MSGSEND = YES; ENABLE_TESTABILITY = YES; GCC_C_LANGUAGE_STANDARD = gnu11; GCC_DYNAMIC_NO_PIC = NO; GCC_NO_COMMON_BLOCKS = YES; GCC_OPTIMIZATION_LEVEL = 0; GCC_PREPROCESSOR_DEFINITIONS = ( "DEBUG=1", "$(inherited)", ); GCC_WARN_64_TO_32_BIT_CONVERSION = YES; GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; GCC_WARN_UNDECLARED_SELECTOR = YES; GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; GCC_WARN_UNUSED_FUNCTION = YES; GCC_WARN_UNUSED_VARIABLE = YES; MACOSX_DEPLOYMENT_TARGET = 11.0; MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE; MTL_FAST_MATH = YES; ONLY_ACTIVE_ARCH = YES; SDKROOT = macosx; SWIFT_ACTIVE_COMPILATION_CONDITIONS = DEBUG; SWIFT_OPTIMIZATION_LEVEL = "-Onone"; }; name = Debug; }; 76EE06A627FD1D01009E0F3A /* Release */ = { isa = XCBuildConfiguration; buildSettings = { ALWAYS_SEARCH_USER_PATHS = NO; CLANG_ANALYZER_NONNULL = YES; CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; CLANG_CXX_LANGUAGE_STANDARD = "gnu++17"; CLANG_ENABLE_MODULES = YES; CLANG_ENABLE_OBJC_ARC = YES; CLANG_ENABLE_OBJC_WEAK = YES; CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; CLANG_WARN_BOOL_CONVERSION = YES; CLANG_WARN_COMMA = YES; CLANG_WARN_CONSTANT_CONVERSION = YES; CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; CLANG_WARN_DOCUMENTATION_COMMENTS = YES; CLANG_WARN_EMPTY_BODY = YES; CLANG_WARN_ENUM_CONVERSION = YES; CLANG_WARN_INFINITE_RECURSION = YES; CLANG_WARN_INT_CONVERSION = YES; CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES; CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; CLANG_WARN_STRICT_PROTOTYPES = YES; CLANG_WARN_SUSPICIOUS_MOVE = YES; CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; CLANG_WARN_UNREACHABLE_CODE = YES; CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; COPY_PHASE_STRIP = NO; DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; ENABLE_NS_ASSERTIONS = NO; ENABLE_STRICT_OBJC_MSGSEND = YES; GCC_C_LANGUAGE_STANDARD = gnu11; GCC_NO_COMMON_BLOCKS = YES; GCC_WARN_64_TO_32_BIT_CONVERSION = YES; GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; GCC_WARN_UNDECLARED_SELECTOR = YES; GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; GCC_WARN_UNUSED_FUNCTION = YES; GCC_WARN_UNUSED_VARIABLE = YES; MACOSX_DEPLOYMENT_TARGET = 11.0; MTL_ENABLE_DEBUG_INFO = NO; MTL_FAST_MATH = YES; SDKROOT = macosx; SWIFT_COMPILATION_MODE = wholemodule; SWIFT_OPTIMIZATION_LEVEL = "-O"; }; name = Release; }; 76EE06A827FD1D01009E0F3A /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; CODE_SIGN_ENTITLEMENTS = XCreds/xCreds.entitlements; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; <<<<<<< HEAD CURRENT_PROJECT_VERSION = 6409; ======= CURRENT_PROJECT_VERSION = 7144; >>>>>>> develop DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = ( "\"$(SRCROOT)/Carthage/Build/Mac\"", "$(PROJECT_DIR)/Carthage/Build/Mac", "$(PROJECT_DIR)", ); GENERATE_INFOPLIST_FILE = YES; HEADER_SEARCH_PATHS = headers; INFOPLIST_FILE = XCreds/Info.plist; INFOPLIST_KEY_NSHumanReadableCopyright = "© 2022 Twocanoes Software, Inc"; INFOPLIST_KEY_NSMainNibFile = MainMenu; INFOPLIST_KEY_NSPrincipalClass = NSApplication; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", ); LIBRARY_SEARCH_PATHS = ( "$(inherited)", "$(SDKROOT)/usr/lib/system", ); MACOSX_DEPLOYMENT_TARGET = 11.0; MARKETING_VERSION = 5.0; PRODUCT_BUNDLE_IDENTIFIER = com.twocanoes.xcreds; PRODUCT_NAME = "$(TARGET_NAME)"; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Debug; }; 76EE06A927FD1D01009E0F3A /* Release */ = { isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; CODE_SIGN_ENTITLEMENTS = XCreds/xCreds.entitlements; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; <<<<<<< HEAD CURRENT_PROJECT_VERSION = 6409; ======= CURRENT_PROJECT_VERSION = 7144; >>>>>>> develop DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = ( "\"$(SRCROOT)/Carthage/Build/Mac\"", "$(PROJECT_DIR)/Carthage/Build/Mac", "$(PROJECT_DIR)", ); GENERATE_INFOPLIST_FILE = YES; HEADER_SEARCH_PATHS = headers; INFOPLIST_FILE = XCreds/Info.plist; INFOPLIST_KEY_NSHumanReadableCopyright = "© 2022 Twocanoes Software, Inc"; INFOPLIST_KEY_NSMainNibFile = MainMenu; INFOPLIST_KEY_NSPrincipalClass = NSApplication; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", ); LIBRARY_SEARCH_PATHS = ( "$(inherited)", "$(SDKROOT)/usr/lib/system", ); MACOSX_DEPLOYMENT_TARGET = 11.0; MARKETING_VERSION = 5.0; PRODUCT_BUNDLE_IDENTIFIER = com.twocanoes.xcreds; PRODUCT_NAME = "$(TARGET_NAME)"; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Release; }; /* End XCBuildConfiguration section */ /* Begin XCConfigurationList section */ 76319363287D22C700D36BF7 /* Build configuration list for PBXNativeTarget "authrights" */ = { isa = XCConfigurationList; buildConfigurations = ( 76319361287D22C700D36BF7 /* Debug */, 76319362287D22C700D36BF7 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 766355C02870CA6A002E3867 /* Build configuration list for PBXNativeTarget "XCredsLoginPlugin" */ = { isa = XCConfigurationList; buildConfigurations = ( 766355BE2870CA6A002E3867 /* Debug */, 766355BF2870CA6A002E3867 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 766F4C4D2883B88F0021F548 /* Build configuration list for PBXLegacyTarget "Send To Test" */ = { isa = XCConfigurationList; buildConfigurations = ( 766F4C4E2883B88F0021F548 /* Debug */, 766F4C4F2883B88F0021F548 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 76786F572A27C36A00AA8DB9 /* Build configuration list for PBXNativeTarget "auth_mech_fixup" */ = { isa = XCConfigurationList; buildConfigurations = ( 76786F582A27C36A00AA8DB9 /* Debug */, 76786F592A27C36A00AA8DB9 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 76786F672A27C62D00AA8DB9 /* Build configuration list for PBXNativeTarget "test" */ = { isa = XCConfigurationList; buildConfigurations = ( 76786F682A27C62D00AA8DB9 /* Debug */, 76786F692A27C62D00AA8DB9 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 76DC0A6F28836EB2007C42B2 /* Build configuration list for PBXNativeTarget "XCreds Login Overlay" */ = { isa = XCConfigurationList; buildConfigurations = ( 76DC0A7028836EB2007C42B2 /* Debug */, 76DC0A7128836EB2007C42B2 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 76EE069527FD1D00009E0F3A /* Build configuration list for PBXProject "XCreds" */ = { isa = XCConfigurationList; buildConfigurations = ( 76EE06A527FD1D01009E0F3A /* Debug */, 76EE06A627FD1D01009E0F3A /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 76EE06A727FD1D01009E0F3A /* Build configuration list for PBXNativeTarget "XCreds" */ = { isa = XCConfigurationList; buildConfigurations = ( 76EE06A827FD1D01009E0F3A /* Debug */, 76EE06A927FD1D01009E0F3A /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; /* End XCConfigurationList section */ /* Begin XCRemoteSwiftPackageReference section */ 76319364287D24E100D36BF7 /* XCRemoteSwiftPackageReference "swift-argument-parser" */ = { isa = XCRemoteSwiftPackageReference; repositoryURL = "https://github.com/apple/swift-argument-parser.git"; requirement = { kind = upToNextMajorVersion; minimumVersion = 1.0.0; }; }; 76477E022C626B5D00F01D56 /* XCRemoteSwiftPackageReference "OIDCLite" */ = { isa = XCRemoteSwiftPackageReference; repositoryURL = "https://github.com/twocanoes/OIDCLite.git"; requirement = { branch = main; kind = branch; }; }; /* End XCRemoteSwiftPackageReference section */ /* Begin XCSwiftPackageProductDependency section */ 762177E52B7144460051B756 /* OIDCLite */ = { isa = XCSwiftPackageProductDependency; productName = OIDCLite; }; 76319365287D24E100D36BF7 /* ArgumentParser */ = { isa = XCSwiftPackageProductDependency; package = 76319364287D24E100D36BF7 /* XCRemoteSwiftPackageReference "swift-argument-parser" */; productName = ArgumentParser; }; 76319368287D24F600D36BF7 /* ArgumentParser */ = { isa = XCSwiftPackageProductDependency; package = 76319364287D24E100D36BF7 /* XCRemoteSwiftPackageReference "swift-argument-parser" */; productName = ArgumentParser; }; 76477E032C626B5D00F01D56 /* OIDCLite */ = { isa = XCSwiftPackageProductDependency; package = 76477E022C626B5D00F01D56 /* XCRemoteSwiftPackageReference "OIDCLite" */; productName = OIDCLite; }; 766355CD2870E9D3002E3867 /* OIDCLite */ = { isa = XCSwiftPackageProductDependency; productName = OIDCLite; }; 76AB89E02A12FAF900529D90 /* OIDCLite */ = { isa = XCSwiftPackageProductDependency; productName = OIDCLite; }; 76AB89E22A12FB4900529D90 /* ArgumentParser */ = { isa = XCSwiftPackageProductDependency; package = 76319364287D24E100D36BF7 /* XCRemoteSwiftPackageReference "swift-argument-parser" */; productName = ArgumentParser; }; 76DD6D16285997F300A700ED /* OIDCLite */ = { isa = XCSwiftPackageProductDependency; productName = OIDCLite; }; /* End XCSwiftPackageProductDependency section */ }; rootObject = 76EE069227FD1D00009E0F3A /* Project object */; } ================================================ FILE: XCreds.xcodeproj/project_BASE_63385.pbxproj ================================================ // !$*UTF8*$! { archiveVersion = 1; classes = { }; objectVersion = 60; objects = { /* Begin PBXBuildFile section */ 089B22F12AFAED280006B6BC /* NetworkMonitor.swift in Sources */ = {isa = PBXBuildFile; fileRef = 089B22F02AFAED280006B6BC /* NetworkMonitor.swift */; }; 089B22F22AFAED810006B6BC /* NetworkMonitor.swift in Sources */ = {isa = PBXBuildFile; fileRef = 089B22F02AFAED280006B6BC /* NetworkMonitor.swift */; }; 54848E8F2B47336D000DF420 /* KerbUtil.m in Sources */ = {isa = PBXBuildFile; fileRef = 76C4BABA2B353B4B007B2C57 /* KerbUtil.m */; }; 54848E902B47336D000DF420 /* KerbUtil.m in Sources */ = {isa = PBXBuildFile; fileRef = 76C4BABA2B353B4B007B2C57 /* KerbUtil.m */; }; 760148A92B23639D00E119A2 /* NSBundle+FindBundlePath.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760148A82B23639D00E119A2 /* NSBundle+FindBundlePath.swift */; }; 760148AA2B2365F100E119A2 /* NSBundle+FindBundlePath.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760148A82B23639D00E119A2 /* NSBundle+FindBundlePath.swift */; }; 760291E32C116E450075FBD8 /* AppDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760291E22C116E450075FBD8 /* AppDelegate.swift */; }; 760291E52C116E450075FBD8 /* ViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760291E42C116E450075FBD8 /* ViewController.swift */; }; 760291E72C116E470075FBD8 /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 760291E62C116E470075FBD8 /* Assets.xcassets */; }; 760291EA2C116E470075FBD8 /* Base in Resources */ = {isa = PBXBuildFile; fileRef = 760291E92C116E470075FBD8 /* Base */; }; 760291EF2C116E5F0075FBD8 /* XCreds Login Autofill.app in Resources */ = {isa = PBXBuildFile; fileRef = 760291E02C116E450075FBD8 /* XCreds Login Autofill.app */; }; 760291F52C116EDB0075FBD8 /* AuthenticationServices.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 760291CB2C1166870075FBD8 /* AuthenticationServices.framework */; }; 760291F82C116EDB0075FBD8 /* CredentialProviderViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760291F72C116EDB0075FBD8 /* CredentialProviderViewController.swift */; }; 760291FB2C116EDB0075FBD8 /* Base in Resources */ = {isa = PBXBuildFile; fileRef = 760291FA2C116EDB0075FBD8 /* Base */; }; 760292002C116EDB0075FBD8 /* XCreds Login Password.appex in Embed Foundation Extensions */ = {isa = PBXBuildFile; fileRef = 760291F42C116EDB0075FBD8 /* XCreds Login Password.appex */; settings = {ATTRIBUTES = (RemoveHeadersOnCopy, ); }; }; 760292072C11751E0075FBD8 /* KeychainUtil.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116B2284B045800CCD6FF /* KeychainUtil.swift */; }; 760292092C1175360075FBD8 /* TCSUnifiedLogger.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADF9284EB15000332EBC /* TCSUnifiedLogger.m */; }; 7602920B2C1175620075FBD8 /* PrefKeys.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AD27FD1DC3009E0F3A /* PrefKeys.swift */; }; 7602920D2C1175D20075FBD8 /* DefaultsOverride.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766FD60C2A1B06AC00C8F244 /* DefaultsOverride.swift */; }; 7602920E2C1175D20075FBD8 /* DefaultsOverride.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766FD60C2A1B06AC00C8F244 /* DefaultsOverride.swift */; }; 7602920F2C1175DA0075FBD8 /* LoggerHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EECCFF2875135900483C66 /* LoggerHelper.swift */; }; 760292102C1175DA0075FBD8 /* LoggerHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EECCFF2875135900483C66 /* LoggerHelper.swift */; }; 760292112C1176010075FBD8 /* UNIXUtilities.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DED82B351B5B003A23DB /* UNIXUtilities.swift */; }; 760292122C1176010075FBD8 /* UNIXUtilities.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DED82B351B5B003A23DB /* UNIXUtilities.swift */; }; 760292132C11763B0075FBD8 /* PrefKeys.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AD27FD1DC3009E0F3A /* PrefKeys.swift */; }; 760292142C1176450075FBD8 /* LogShim.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632E3A02873497C00E37923 /* LogShim.swift */; }; 760292152C1176450075FBD8 /* LogShim.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632E3A02873497C00E37923 /* LogShim.swift */; }; 760292162C1176A90075FBD8 /* TCSUnifiedLogger.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADF9284EB15000332EBC /* TCSUnifiedLogger.m */; }; 760292172C1176BE0075FBD8 /* DataExtension.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632909B2876673500CF8857 /* DataExtension.swift */; }; 760292182C1176BF0075FBD8 /* DataExtension.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632909B2876673500CF8857 /* DataExtension.swift */; }; 760292192C1178090075FBD8 /* NSFileManager+TCSRealHomeFolder.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADFC284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m */; }; 7602921A2C1178090075FBD8 /* NSFileManager+TCSRealHomeFolder.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADFC284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m */; }; 7602921B2C117B3F0075FBD8 /* PasswordUtils.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116AB284AB4C000CCD6FF /* PasswordUtils.swift */; }; 7602921C2C117B400075FBD8 /* PasswordUtils.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116AB284AB4C000CCD6FF /* PasswordUtils.swift */; }; 7602921D2C117B490075FBD8 /* DSQueryable.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418D62A1332660051411B /* DSQueryable.swift */; }; 7602921E2C117B490075FBD8 /* DSQueryable.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418D62A1332660051411B /* DSQueryable.swift */; }; 760418D22A1332210051411B /* SignInWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418CF2A1332210051411B /* SignInWindowController.swift */; }; 760418D52A1332520051411B /* DS+AD.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418D42A1332520051411B /* DS+AD.swift */; }; 760418D72A1332660051411B /* DSQueryable.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418D62A1332660051411B /* DSQueryable.swift */; }; 760418D92A1332770051411B /* SystemInfoHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418D82A1332770051411B /* SystemInfoHelper.swift */; }; 760418E02A133A370051411B /* DSQueryable.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418D62A1332660051411B /* DSQueryable.swift */; }; 761121B62B3D24FE005F7D02 /* SignInWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418CF2A1332210051411B /* SignInWindowController.swift */; }; 761121B72B3D26EE005F7D02 /* SystemInfoHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418D82A1332770051411B /* SystemInfoHelper.swift */; }; 761121B82B3D26F5005F7D02 /* LocalCheckAndMigrate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418DA2A13328C0051411B /* LocalCheckAndMigrate.swift */; }; 761121B92B3D26FB005F7D02 /* DS+AD.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418D42A1332520051411B /* DS+AD.swift */; }; 7611CEC0288B75140063A644 /* XCredsCreateUser.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7611CEBF288B75140063A644 /* XCredsCreateUser.swift */; }; 7611CEC2288B96760063A644 /* XCredsEnableFDE.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7611CEC1288B96760063A644 /* XCredsEnableFDE.swift */; }; 7613FDF7289E114F00340CCD /* loadpage.html in Resources */ = {isa = PBXBuildFile; fileRef = 7613FDF6289E114F00340CCD /* loadpage.html */; }; 7614D03C2B181A5D006EAF36 /* icon_128x128.png in Resources */ = {isa = PBXBuildFile; fileRef = 7614D03B2B181A5D006EAF36 /* icon_128x128.png */; }; 761B486928A34CC900C6A02B /* LoginProgressWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 761B486728A34CC900C6A02B /* LoginProgressWindowController.xib */; }; 761B486A28A34CC900C6A02B /* LoginProgressWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 761B486828A34CC900C6A02B /* LoginProgressWindowController.swift */; }; 761B486C28A3575000C6A02B /* XCredsLoginDone.swift in Sources */ = {isa = PBXBuildFile; fileRef = 761B486B28A3575000C6A02B /* XCredsLoginDone.swift */; }; 762177E62B7144460051B756 /* OIDCLite in Frameworks */ = {isa = PBXBuildFile; productRef = 762177E52B7144460051B756 /* OIDCLite */; }; 7623384C2B53029D00F2D714 /* ShareMounterMenu.swift in Sources */ = {isa = PBXBuildFile; fileRef = 763DDF152B4F100D000D48CC /* ShareMounterMenu.swift */; }; 7623384D2B53029D00F2D714 /* ShareMounter.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76C4ACBE2B3D0F8D003B3605 /* ShareMounter.swift */; }; 762761602B294A7C0067D1D4 /* icon_128x128.png in Resources */ = {isa = PBXBuildFile; fileRef = 7614D03B2B181A5D006EAF36 /* icon_128x128.png */; }; 76319360287D22C700D36BF7 /* authrights.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7631935F287D22C700D36BF7 /* authrights.swift */; }; 76319366287D24E100D36BF7 /* ArgumentParser in Frameworks */ = {isa = PBXBuildFile; productRef = 76319365287D24E100D36BF7 /* ArgumentParser */; }; 76319369287D24F600D36BF7 /* ArgumentParser in Frameworks */ = {isa = PBXBuildFile; productRef = 76319368287D24F600D36BF7 /* ArgumentParser */; }; 7631936C287D29B700D36BF7 /* AuthorizationDBManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */; }; 7631936D287D2A6200D36BF7 /* LoggerHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EECCFF2875135900483C66 /* LoggerHelper.swift */; }; 7631936E287D2AB100D36BF7 /* TCSUnifiedLogger.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADF9284EB15000332EBC /* TCSUnifiedLogger.m */; }; 76319370287DE24D00D36BF7 /* NSFileManager+TCSRealHomeFolder.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADFC284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m */; }; 76319373287E18BF00D36BF7 /* DataExtension.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632909B2876673500CF8857 /* DataExtension.swift */; }; 76319374287E198C00D36BF7 /* XCredsLoginPlugin.bundle in Resources */ = {isa = PBXBuildFile; fileRef = 766355BD2870CA6A002E3867 /* XCredsLoginPlugin.bundle */; }; 76319377287E1FAF00D36BF7 /* authrights in Resources */ = {isa = PBXBuildFile; fileRef = 7631935D287D22C700D36BF7 /* authrights */; }; 7632909D2876674100CF8857 /* DataExtension.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632909B2876673500CF8857 /* DataExtension.swift */; }; 7632E39F287347C100E37923 /* XCredsKeychainAdd.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632E39E287347C100E37923 /* XCredsKeychainAdd.swift */; }; 7632E3A12873497C00E37923 /* LogShim.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632E3A02873497C00E37923 /* LogShim.swift */; }; 7632E3A2287357CC00E37923 /* TokenManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AB27FD1D92009E0F3A /* TokenManager.swift */; }; 7632E3A32873581100E37923 /* KeychainUtil.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116B2284B045800CCD6FF /* KeychainUtil.swift */; }; 76342E5A2B282653007D4F29 /* DesktopLoginWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76342E592B282653007D4F29 /* DesktopLoginWindowController.swift */; }; 763DDF1A2B4F1DD4000D48CC /* GSS.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 763DDF192B4F1DD4000D48CC /* GSS.framework */; }; 764859F22B2FA2E800507C16 /* Window+ForceToFront.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AF27FD1DD8009E0F3A /* Window+ForceToFront.swift */; }; 7649056F2B6CADA9008B552F /* xcredsmenuItemWindowBackgroundImage.png in Resources */ = {isa = PBXBuildFile; fileRef = 7649056E2B6CADA9008B552F /* xcredsmenuItemWindowBackgroundImage.png */; }; 764D8126284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 764D8124284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.swift */; }; 764D8127284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 764D8125284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.xib */; }; 764D8129284BCAB100B3EE54 /* Window+Shake.swift in Sources */ = {isa = PBXBuildFile; fileRef = 764D8128284BCAB100B3EE54 /* Window+Shake.swift */; }; 764D812C284BCC7400B3EE54 /* VerifyOIDCPasswordWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 764D812A284BCC7400B3EE54 /* VerifyOIDCPasswordWindowController.swift */; }; 764D812D284BCC7400B3EE54 /* VerifyOIDCPassword.xib in Resources */ = {isa = PBXBuildFile; fileRef = 764D812B284BCC7400B3EE54 /* VerifyOIDCPassword.xib */; }; 764D812F284C06AB00B3EE54 /* defaults.plist in Resources */ = {isa = PBXBuildFile; fileRef = 764D812E284C06AB00B3EE54 /* defaults.plist */; }; 764D8133284D14A500B3EE54 /* Credits.txt in Resources */ = {isa = PBXBuildFile; fileRef = 764D8132284D14A500B3EE54 /* Credits.txt */; }; 7651EDED2A1451590075980B /* LocalUsersViewController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 7651EDEC2A1451590075980B /* LocalUsersViewController.xib */; }; 7651EDF72A1474330075980B /* LoginWebViewController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 7651EDF62A1474330075980B /* LoginWebViewController.xib */; }; 7657DEAF2B3503BF003A23DB /* SessionManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEAE2B3503BF003A23DB /* SessionManager.swift */; }; 7657DEB02B3503BF003A23DB /* SessionManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEAE2B3503BF003A23DB /* SessionManager.swift */; }; 7657DEB32B350476003A23DB /* NoMADSession.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEB22B350476003A23DB /* NoMADSession.swift */; }; 7657DEB42B350476003A23DB /* NoMADSession.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEB22B350476003A23DB /* NoMADSession.swift */; }; 7657DEB62B3504A6003A23DB /* UserRecord.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEB52B3504A6003A23DB /* UserRecord.swift */; }; 7657DEB72B3504A6003A23DB /* UserRecord.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEB52B3504A6003A23DB /* UserRecord.swift */; }; 7657DEBC2B35055F003A23DB /* Logger.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEBB2B35055F003A23DB /* Logger.swift */; }; 7657DEBD2B35055F003A23DB /* Logger.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEBB2B35055F003A23DB /* Logger.swift */; }; 7657DEC02B3505A3003A23DB /* DNSResolver.m in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEBE2B3505A3003A23DB /* DNSResolver.m */; }; 7657DEC32B3505CB003A23DB /* ADLDAPPing.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEC22B3505CB003A23DB /* ADLDAPPing.swift */; }; 7657DEC42B3505CB003A23DB /* ADLDAPPing.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEC22B3505CB003A23DB /* ADLDAPPing.swift */; }; 7657DEC62B3505EB003A23DB /* Extensions.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEC52B3505EB003A23DB /* Extensions.swift */; }; 7657DEC72B3505EB003A23DB /* Extensions.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEC52B3505EB003A23DB /* Extensions.swift */; }; 7657DEC92B350606003A23DB /* KlistUtil.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEC82B350606003A23DB /* KlistUtil.swift */; }; 7657DECC2B35061E003A23DB /* SiteManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DECB2B35061E003A23DB /* SiteManager.swift */; }; 7657DECD2B35061E003A23DB /* SiteManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DECB2B35061E003A23DB /* SiteManager.swift */; }; 7657DED92B351B5B003A23DB /* UNIXUtilities.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DED82B351B5B003A23DB /* UNIXUtilities.swift */; }; 7657DEDA2B351B5B003A23DB /* UNIXUtilities.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DED82B351B5B003A23DB /* UNIXUtilities.swift */; }; 7659CA07298E1BB6005D1AA3 /* DefaultBackground.png in Resources */ = {isa = PBXBuildFile; fileRef = 7659CA06298E1BB6005D1AA3 /* DefaultBackground.png */; }; 766355C32870CB6F002E3867 /* XCredsLoginPlugin.m in Sources */ = {isa = PBXBuildFile; fileRef = 766355C22870CB6F002E3867 /* XCredsLoginPlugin.m */; }; 766355CA2870DCF5002E3867 /* TCSUnifiedLogger.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADF9284EB15000332EBC /* TCSUnifiedLogger.m */; }; 766355CB2870E5E9002E3867 /* NSFileManager+TCSRealHomeFolder.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADFC284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m */; }; 766355CC2870E9AD002E3867 /* WebViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06B327FD1E5F009E0F3A /* WebViewController.swift */; }; 766355CE2870E9D3002E3867 /* OIDCLite in Frameworks */ = {isa = PBXBuildFile; productRef = 766355CD2870E9D3002E3867 /* OIDCLite */; }; 766355CF2870E9E7002E3867 /* PrefKeys.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AD27FD1DC3009E0F3A /* PrefKeys.swift */; }; 766355D12870EBAD002E3867 /* VerifyOIDCPassword.xib in Resources */ = {isa = PBXBuildFile; fileRef = 764D812B284BCC7400B3EE54 /* VerifyOIDCPassword.xib */; }; 766355D42870F29A002E3867 /* TestWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766355D22870F29A002E3867 /* TestWindowController.swift */; }; 766355D52870F29A002E3867 /* TestWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 766355D32870F29A002E3867 /* TestWindowController.xib */; }; 766355D928711C51002E3867 /* defaults.plist in Resources */ = {isa = PBXBuildFile; fileRef = 764D812E284C06AB00B3EE54 /* defaults.plist */; }; 766355DB287132E9002E3867 /* LoginWebViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766355DA287132E9002E3867 /* LoginWebViewController.swift */; }; 766355DC287133C7002E3867 /* WebViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06B327FD1E5F009E0F3A /* WebViewController.swift */; }; 766355E328713C4A002E3867 /* LoginWindow.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766355E128713C47002E3867 /* LoginWindow.swift */; }; 766355E5287148C1002E3867 /* Tokens.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766355E4287148C1002E3867 /* Tokens.swift */; }; 766355E6287148C1002E3867 /* Tokens.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766355E4287148C1002E3867 /* Tokens.swift */; }; 76673CD229D3CFF900452848 /* errorpage.html in Resources */ = {isa = PBXBuildFile; fileRef = 766CC43729D3AED2009BC526 /* errorpage.html */; }; 76673CD529D3D5F500452848 /* LicenseChecker.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76673CD429D3D5F500452848 /* LicenseChecker.swift */; }; 76673CD629D3D5F500452848 /* LicenseChecker.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76673CD429D3D5F500452848 /* LicenseChecker.swift */; }; 766CC42829D3A3DC009BC526 /* ProductLicense.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42229D3A321009BC526 /* ProductLicense.framework */; }; 766CC42929D3A3DC009BC526 /* ProductLicense.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42229D3A321009BC526 /* ProductLicense.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; }; 766CC42A29D3A3DC009BC526 /* Paddle.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42129D3A320009BC526 /* Paddle.framework */; }; 766CC42B29D3A3DC009BC526 /* Paddle.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42129D3A320009BC526 /* Paddle.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; }; 766CC42D29D3A3EC009BC526 /* ProductLicense.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42229D3A321009BC526 /* ProductLicense.framework */; }; 766CC42E29D3A3EC009BC526 /* ProductLicense.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42229D3A321009BC526 /* ProductLicense.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; }; 766CC42F29D3A3EC009BC526 /* Paddle.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42129D3A320009BC526 /* Paddle.framework */; }; 766CC43029D3A3EC009BC526 /* Paddle.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42129D3A320009BC526 /* Paddle.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; }; 766CC43229D3A3F8009BC526 /* ProductLicense.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42229D3A321009BC526 /* ProductLicense.framework */; }; 766CC43329D3A3F8009BC526 /* ProductLicense.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42229D3A321009BC526 /* ProductLicense.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; }; 766CC43429D3A3F8009BC526 /* Paddle.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42129D3A320009BC526 /* Paddle.framework */; }; 766CC43529D3A3F8009BC526 /* Paddle.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42129D3A320009BC526 /* Paddle.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; }; 766CC43829D3AED2009BC526 /* errorpage.html in Resources */ = {isa = PBXBuildFile; fileRef = 766CC43729D3AED2009BC526 /* errorpage.html */; }; 766F4C4B2883AFD90021F548 /* pleaseWaitGraphic.png in Resources */ = {isa = PBXBuildFile; fileRef = 766F4C4A2883AFD90021F548 /* pleaseWaitGraphic.png */; }; 766FD60D2A1B06AC00C8F244 /* DefaultsOverride.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766FD60C2A1B06AC00C8F244 /* DefaultsOverride.swift */; }; 767116A7284AABC500CCD6FF /* NotifyManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116A6284AABC500CCD6FF /* NotifyManager.swift */; }; 767116A9284AAE2B00CCD6FF /* ScheduleManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116A8284AAE2B00CCD6FF /* ScheduleManager.swift */; }; 767116AC284AB4C000CCD6FF /* PasswordUtils.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116AB284AB4C000CCD6FF /* PasswordUtils.swift */; }; 767116B1284B021500CCD6FF /* MainController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116B0284B021500CCD6FF /* MainController.swift */; }; 767116B3284B045800CCD6FF /* KeychainUtil.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116B2284B045800CCD6FF /* KeychainUtil.swift */; }; 7677908628908E40004E7085 /* WifiWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7677908328908E40004E7085 /* WifiWindowController.swift */; }; 7677908728908E40004E7085 /* WifiManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7677908428908E40004E7085 /* WifiManager.swift */; }; 7677908828908E40004E7085 /* WifiWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 7677908528908E40004E7085 /* WifiWindowController.xib */; }; 76786F562A27C36A00AA8DB9 /* main.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76786F552A27C36A00AA8DB9 /* main.swift */; }; 76786F5A2A27C37100AA8DB9 /* AuthRightsHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76786F4E2A27C31400AA8DB9 /* AuthRightsHelper.swift */; }; 76786F5B2A27C38800AA8DB9 /* AuthorizationDBManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */; }; 76786F5D2A27C3B300AA8DB9 /* TCSUnifiedLogger.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADF9284EB15000332EBC /* TCSUnifiedLogger.m */; }; 76786F5E2A27C60800AA8DB9 /* LoggerHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EECCFF2875135900483C66 /* LoggerHelper.swift */; }; 76786F662A27C62D00AA8DB9 /* main.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76786F652A27C62D00AA8DB9 /* main.swift */; }; 76786F6B2A27C79100AA8DB9 /* NSFileManager+TCSRealHomeFolder.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADFC284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m */; }; 767B939C2A28279E0038935E /* View+Shake.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767B939B2A28279E0038935E /* View+Shake.swift */; }; 767B939D2A28289E0038935E /* View+Shake.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767B939B2A28279E0038935E /* View+Shake.swift */; }; 767C42842AC6645700542099 /* AuthRightsHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76786F4E2A27C31400AA8DB9 /* AuthRightsHelper.swift */; }; 767CB2D02B13B92B006CA2AC /* OpenDirectory.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 767CB2CF2B13B92B006CA2AC /* OpenDirectory.framework */; }; 7681FEC52A4C8B9000F91CD1 /* AboutWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7681FEC42A4C8B9000F91CD1 /* AboutWindowController.swift */; }; 7681FEC72A4C8BC800F91CD1 /* AboutWindow.xib in Resources */ = {isa = PBXBuildFile; fileRef = 7681FEC62A4C8BC800F91CD1 /* AboutWindow.xib */; }; 7681FEC92A4CFEA200F91CD1 /* com.twocanoes.xcreds.plist in Resources */ = {isa = PBXBuildFile; fileRef = 7681FEC82A4CFEA200F91CD1 /* com.twocanoes.xcreds.plist */; }; 7683973129A854EC003D9B9F /* NSImage+String.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7683973029A854EC003D9B9F /* NSImage+String.swift */; }; 7683973229A854EC003D9B9F /* NSImage+String.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7683973029A854EC003D9B9F /* NSImage+String.swift */; }; 768633D92AFC4908004065E5 /* WifiManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7677908428908E40004E7085 /* WifiManager.swift */; }; 76873E2F2A107736001418A9 /* DefaultsHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76873E2E2A107736001418A9 /* DefaultsHelper.swift */; }; 76873E302A107736001418A9 /* DefaultsHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76873E2E2A107736001418A9 /* DefaultsHelper.swift */; }; 76A8A4E32A0DF7C700AA6054 /* NSTaskWrapper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F528724FA80013E2A1 /* NSTaskWrapper.swift */; }; 76AB89E12A12FAF900529D90 /* OIDCLite in Frameworks */ = {isa = PBXBuildFile; productRef = 76AB89E02A12FAF900529D90 /* OIDCLite */; }; 76AB89E32A12FB4900529D90 /* ArgumentParser in Frameworks */ = {isa = PBXBuildFile; productRef = 76AB89E22A12FB4900529D90 /* ArgumentParser */; }; 76B040A428EFC788002A289B /* Helper+JWTDecode.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76B040A328EFC788002A289B /* Helper+JWTDecode.swift */; }; 76B040A528EFC788002A289B /* Helper+JWTDecode.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76B040A328EFC788002A289B /* Helper+JWTDecode.swift */; }; 76B882AA29CCFD7A00BB8186 /* TCSKeychain.m in Sources */ = {isa = PBXBuildFile; fileRef = 76B882A829CCFD7900BB8186 /* TCSKeychain.m */; }; 76B882AB29CCFD7A00BB8186 /* TCSKeychain.m in Sources */ = {isa = PBXBuildFile; fileRef = 76B882A829CCFD7900BB8186 /* TCSKeychain.m */; }; 76B882AE29CCFDAE00BB8186 /* NSData+SHA1.m in Sources */ = {isa = PBXBuildFile; fileRef = 76B882AC29CCFDAE00BB8186 /* NSData+SHA1.m */; }; 76B882AF29CCFDAE00BB8186 /* NSData+SHA1.m in Sources */ = {isa = PBXBuildFile; fileRef = 76B882AC29CCFDAE00BB8186 /* NSData+SHA1.m */; }; 76B882B229CCFDBA00BB8186 /* NSData+HexString.m in Sources */ = {isa = PBXBuildFile; fileRef = 76B882B029CCFDBA00BB8186 /* NSData+HexString.m */; }; 76B882B329CCFDBA00BB8186 /* NSData+HexString.m in Sources */ = {isa = PBXBuildFile; fileRef = 76B882B029CCFDBA00BB8186 /* NSData+HexString.m */; }; 76BEF7DD2871F5F00013E2A1 /* TCSReturnWindow.m in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7DB2871F5F00013E2A1 /* TCSReturnWindow.m */; }; 76BEF7E12871F74D0013E2A1 /* ControlsViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7E02871F74D0013E2A1 /* ControlsViewController.swift */; }; 76BEF7E4287202090013E2A1 /* RestartX.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7E2287202080013E2A1 /* RestartX.png */; }; 76BEF7E5287202090013E2A1 /* RestartX@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7E3287202080013E2A1 /* RestartX@2x.png */; }; 76BEF7E8287202AF0013E2A1 /* ShutdownX.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7E6287202AF0013E2A1 /* ShutdownX.png */; }; 76BEF7E9287202AF0013E2A1 /* ShutdownX@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7E7287202AF0013E2A1 /* ShutdownX@2x.png */; }; 76BEF7EC28724A0B0013E2A1 /* XCredsLoginMechanism.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7EA28724A0B0013E2A1 /* XCredsLoginMechanism.swift */; }; 76BEF7ED28724A0C0013E2A1 /* XCredsBaseMechanism.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7EB28724A0B0013E2A1 /* XCredsBaseMechanism.swift */; }; 76BEF7F328724F120013E2A1 /* XCredsPowerControlMechanism.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F228724F120013E2A1 /* XCredsPowerControlMechanism.swift */; }; 76BEF7F628724FA80013E2A1 /* NSTaskWrapper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F528724FA80013E2A1 /* NSTaskWrapper.swift */; }; 76BEF7F82872504C0013E2A1 /* ContextAndHintHandling.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F72872504C0013E2A1 /* ContextAndHintHandling.swift */; }; 76BEF7FA28726C700013E2A1 /* AuthorizationDBManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */; }; 76BEF8002872A3030013E2A1 /* loginwindow@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7FE2872A3030013E2A1 /* loginwindow@2x.png */; }; 76BEF8012872A3030013E2A1 /* loginwindow.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7FF2872A3030013E2A1 /* loginwindow.png */; }; 76C0840B2A9A311E008039FA /* ControlsViewController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76C084092A9A2635008039FA /* ControlsViewController.xib */; }; 76C4BAB02B353A30007B2C57 /* KlistUtil.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEC82B350606003A23DB /* KlistUtil.swift */; }; 76C4BAB12B353A3A007B2C57 /* DNSResolver.m in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEBE2B3505A3003A23DB /* DNSResolver.m */; }; 76C4BAB32B353AD7007B2C57 /* libresolv.tbd in Frameworks */ = {isa = PBXBuildFile; fileRef = 76C4BAB22B353AD7007B2C57 /* libresolv.tbd */; }; 76C4BAB42B353ADD007B2C57 /* libresolv.tbd in Frameworks */ = {isa = PBXBuildFile; fileRef = 76C4BAB22B353AD7007B2C57 /* libresolv.tbd */; }; 76C4BAB62B353AF7007B2C57 /* Kerberos.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 76C4BAB52B353AF7007B2C57 /* Kerberos.framework */; }; 76C4BAB72B353AFD007B2C57 /* Kerberos.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 76C4BAB52B353AF7007B2C57 /* Kerberos.framework */; }; 76C4BABC2B3544C6007B2C57 /* UNIXUtilities.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DED82B351B5B003A23DB /* UNIXUtilities.swift */; }; 76C63A322A22872700810C53 /* History.md in Resources */ = {isa = PBXBuildFile; fileRef = 76C63A312A22872700810C53 /* History.md */; }; 76CB9077287FBEEA00C70D0C /* Helper+URLDecode.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76CB9076287FBEEA00C70D0C /* Helper+URLDecode.swift */; }; 76CB9078287FBEEA00C70D0C /* Helper+URLDecode.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76CB9076287FBEEA00C70D0C /* Helper+URLDecode.swift */; }; 76CB907B2880E41E00C70D0C /* LogShim.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632E3A02873497C00E37923 /* LogShim.swift */; }; 76CB907E288112C200C70D0C /* xcreds_login.sh in Resources */ = {isa = PBXBuildFile; fileRef = 76CB907C288112AF00C70D0C /* xcreds_login.sh */; }; 76CCF5442B12E478003F85E9 /* SelectLocalAccountWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76CCF5422B12E478003F85E9 /* SelectLocalAccountWindowController.swift */; }; 76CCF5452B12E478003F85E9 /* SelectLocalAccountWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76CCF5432B12E478003F85E9 /* SelectLocalAccountWindowController.xib */; }; 76D1756A2B23C28700E64A62 /* MainLoginWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76FDC5D52B22D47A0035D61E /* MainLoginWindowController.xib */; }; 76D175712B23C2DB00E64A62 /* AuthorizationDBManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */; }; 76D175742B23C57500E64A62 /* LocalUsersViewController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 7651EDEC2A1451590075980B /* LocalUsersViewController.xib */; }; 76D175772B23C62A00E64A62 /* UpdatePasswordWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76E466642B1A4C16006529B6 /* UpdatePasswordWindowController.swift */; }; 76D1757E2B24096C00E64A62 /* MainLoginWindow.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76D1757D2B24096C00E64A62 /* MainLoginWindow.swift */; }; 76D4726D2B43B8FB0064380C /* TCTaskWrapperWithBlocks.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D4726C2B43B8FB0064380C /* TCTaskWrapperWithBlocks.m */; }; 76D4726E2B43B8FB0064380C /* TCTaskWrapperWithBlocks.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D4726C2B43B8FB0064380C /* TCTaskWrapperWithBlocks.m */; }; 76D7ADFB284EB15100332EBC /* TCSUnifiedLogger.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADF9284EB15000332EBC /* TCSUnifiedLogger.m */; }; 76D7ADFE284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADFC284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m */; }; 76D925D32894ADB4005C3245 /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 76EE069F27FD1D01009E0F3A /* Assets.xcassets */; }; 76DB5CF42A09AE9A0014F8E1 /* get_pw.js in Resources */ = {isa = PBXBuildFile; fileRef = 76DB5CF32A09AE9A0014F8E1 /* get_pw.js */; }; 76DB5CF52A09AE9A0014F8E1 /* get_pw.js in Resources */ = {isa = PBXBuildFile; fileRef = 76DB5CF32A09AE9A0014F8E1 /* get_pw.js */; }; 76DC0A6828836EB1007C42B2 /* AppDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76DC0A6728836EB1007C42B2 /* AppDelegate.swift */; }; 76DC0A6A28836EB2007C42B2 /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 76DC0A6928836EB2007C42B2 /* Assets.xcassets */; }; 76DC0A6D28836EB2007C42B2 /* MainMenu.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76DC0A6B28836EB2007C42B2 /* MainMenu.xib */; }; 76DC0A7328836EFE007C42B2 /* TCSReturnWindow.m in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7DB2871F5F00013E2A1 /* TCSReturnWindow.m */; }; 76DC0A7428836F45007C42B2 /* RestartX@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7E3287202080013E2A1 /* RestartX@2x.png */; }; 76DC0A79288370BA007C42B2 /* com.twocanoes.xcreds-overlay.plist in Resources */ = {isa = PBXBuildFile; fileRef = 76DC0A78288370BA007C42B2 /* com.twocanoes.xcreds-overlay.plist */; }; 76DC0A7C28837158007C42B2 /* XCreds Login Overlay.app in Resources */ = {isa = PBXBuildFile; fileRef = 76DC0A6528836EB1007C42B2 /* XCreds Login Overlay.app */; }; 76DC0A7E288376BC007C42B2 /* TCSXCredsLoginOverlayWindow.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76DC0A7D288376BC007C42B2 /* TCSXCredsLoginOverlayWindow.swift */; }; 76DC0A83288382D2007C42B2 /* returnArrow.png in Resources */ = {isa = PBXBuildFile; fileRef = 76DC0A7628837028007C42B2 /* returnArrow.png */; }; 76DC0A8428838375007C42B2 /* AuthorizationDBManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */; }; 76DC0A8528838467007C42B2 /* LoggerHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EECCFF2875135900483C66 /* LoggerHelper.swift */; }; 76DC0A8628838656007C42B2 /* TCSUnifiedLogger.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADF9284EB15000332EBC /* TCSUnifiedLogger.m */; }; 76DC0A87288386FA007C42B2 /* NSTaskWrapper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F528724FA80013E2A1 /* NSTaskWrapper.swift */; }; 76DC0A88288387D8007C42B2 /* NSFileManager+TCSRealHomeFolder.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADFC284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m */; }; 76DD6D17285997F300A700ED /* OIDCLite in Frameworks */ = {isa = PBXBuildFile; productRef = 76DD6D16285997F300A700ED /* OIDCLite */; }; 76DF1D5B2A2AD42C00770690 /* LocalCheckAndMigrate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418DA2A13328C0051411B /* LocalCheckAndMigrate.swift */; }; 76DF50B62A1C5EFF007BC708 /* DefaultsOverride.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766FD60C2A1B06AC00C8F244 /* DefaultsOverride.swift */; }; 76DF7FD52B50FA9A00B3B543 /* UpdatePasswordWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76E466652B1A4C16006529B6 /* UpdatePasswordWindowController.xib */; }; 76E466662B1A4C16006529B6 /* UpdatePasswordWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76E466642B1A4C16006529B6 /* UpdatePasswordWindowController.swift */; }; 76E466672B1A4C16006529B6 /* UpdatePasswordWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76E466652B1A4C16006529B6 /* UpdatePasswordWindowController.xib */; }; 76E74DCF2B3902F0004C6429 /* XCredsMechanismProtocol.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76E74DCE2B3902F0004C6429 /* XCredsMechanismProtocol.swift */; }; 76E74DD02B3902F0004C6429 /* XCredsMechanismProtocol.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76E74DCE2B3902F0004C6429 /* XCredsMechanismProtocol.swift */; }; 76E74DD12B390327004C6429 /* ContextAndHintHandling.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F72872504C0013E2A1 /* ContextAndHintHandling.swift */; }; 76E74DD22B39034B004C6429 /* SelectLocalAccountWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76CCF5422B12E478003F85E9 /* SelectLocalAccountWindowController.swift */; }; 76E74DD32B390358004C6429 /* LoginWebViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766355DA287132E9002E3867 /* LoginWebViewController.swift */; }; 76E74DD42B39037A004C6429 /* LoginProgressWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 761B486828A34CC900C6A02B /* LoginProgressWindowController.swift */; }; 76E9CE702A0DC6E30060220C /* TCSLoginWindowUtilities.m in Sources */ = {isa = PBXBuildFile; fileRef = 76E9CE6F2A0DC6E30060220C /* TCSLoginWindowUtilities.m */; }; 76EE069E27FD1D00009E0F3A /* AppDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE069D27FD1D00009E0F3A /* AppDelegate.swift */; }; 76EE06A027FD1D01009E0F3A /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 76EE069F27FD1D01009E0F3A /* Assets.xcassets */; }; 76EE06A327FD1D01009E0F3A /* MainMenu.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76EE06A127FD1D01009E0F3A /* MainMenu.xib */; }; 76EE06AC27FD1D92009E0F3A /* TokenManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AB27FD1D92009E0F3A /* TokenManager.swift */; }; 76EE06AE27FD1DC3009E0F3A /* PrefKeys.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AD27FD1DC3009E0F3A /* PrefKeys.swift */; }; 76EE06B027FD1DD8009E0F3A /* Window+ForceToFront.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AF27FD1DD8009E0F3A /* Window+ForceToFront.swift */; }; 76EE06B227FD1E24009E0F3A /* DesktopLoginWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76EE06B127FD1E24009E0F3A /* DesktopLoginWindowController.xib */; }; 76EE06B627FD1E79009E0F3A /* PreferencesWindow.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76EE06B527FD1E79009E0F3A /* PreferencesWindow.xib */; }; 76EE06B827FD1EB7009E0F3A /* PreferencesWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06B727FD1EB7009E0F3A /* PreferencesWindowController.swift */; }; 76EE06C227FD1F50009E0F3A /* StatusMenuController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06C127FD1F50009E0F3A /* StatusMenuController.swift */; }; 76EECCFB2873DFFB00483C66 /* PasswordUtils.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116AB284AB4C000CCD6FF /* PasswordUtils.swift */; }; 76EECCFC2873E6E200483C66 /* VerifyLocalPasswordWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 764D8125284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.xib */; }; 76EECCFD2873E9ED00483C66 /* VerifyLocalPasswordWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 764D8124284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.swift */; }; 76EECCFE2873EA6500483C66 /* Window+Shake.swift in Sources */ = {isa = PBXBuildFile; fileRef = 764D8128284BCAB100B3EE54 /* Window+Shake.swift */; }; 76EECD002875135900483C66 /* LoggerHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EECCFF2875135900483C66 /* LoggerHelper.swift */; }; 76EECD012875135900483C66 /* LoggerHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EECCFF2875135900483C66 /* LoggerHelper.swift */; }; 76EECD0228752C1F00483C66 /* LoginWindow.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766355E128713C47002E3867 /* LoginWindow.swift */; }; 76EECD0428753C7F00483C66 /* String+Base64URLEncoded.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EECD0328753C7F00483C66 /* String+Base64URLEncoded.swift */; }; 76EECD0528753C7F00483C66 /* String+Base64URLEncoded.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EECD0328753C7F00483C66 /* String+Base64URLEncoded.swift */; }; 76F0B6E02B421FC8008F7D71 /* loadpage.html in Resources */ = {isa = PBXBuildFile; fileRef = 7613FDF6289E114F00340CCD /* loadpage.html */; }; 76FDC5D62B22D47A0035D61E /* MainLoginWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76FDC5D42B22D47A0035D61E /* MainLoginWindowController.swift */; }; 76FDC5D72B22D47A0035D61E /* MainLoginWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76FDC5D52B22D47A0035D61E /* MainLoginWindowController.xib */; }; 76FDC5DA2B235A4F0035D61E /* StatusMenuWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76FDC5D82B235A4F0035D61E /* StatusMenuWindowController.swift */; }; 76FDC5DB2B235A4F0035D61E /* StatusMenuWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76FDC5D92B235A4F0035D61E /* StatusMenuWindowController.xib */; }; /* End PBXBuildFile section */ /* Begin PBXContainerItemProxy section */ 760291FE2C116EDB0075FBD8 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 76EE069227FD1D00009E0F3A /* Project object */; proxyType = 1; remoteGlobalIDString = 760291F32C116EDB0075FBD8; remoteInfo = "XCreds AutoFill Extension"; }; 760292052C116EEE0075FBD8 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 76EE069227FD1D00009E0F3A /* Project object */; proxyType = 1; remoteGlobalIDString = 760291DF2C116E450075FBD8; remoteInfo = "XCreds AutoFill"; }; 76319375287E19A500D36BF7 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 76EE069227FD1D00009E0F3A /* Project object */; proxyType = 1; remoteGlobalIDString = 766355BC2870CA6A002E3867; remoteInfo = XCredsLoginPlugin; }; 76319378287E204500D36BF7 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 76EE069227FD1D00009E0F3A /* Project object */; proxyType = 1; remoteGlobalIDString = 7631935C287D22C700D36BF7; remoteInfo = authrights; }; 76DC0A7A28837152007C42B2 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 76EE069227FD1D00009E0F3A /* Project object */; proxyType = 1; remoteGlobalIDString = 76DC0A6428836EB1007C42B2; remoteInfo = "XCreds Login Overlay"; }; /* End PBXContainerItemProxy section */ /* Begin PBXCopyFilesBuildPhase section */ 760292042C116EDB0075FBD8 /* Embed Foundation Extensions */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; dstPath = ""; dstSubfolderSpec = 13; files = ( 760292002C116EDB0075FBD8 /* XCreds Login Password.appex in Embed Foundation Extensions */, ); name = "Embed Foundation Extensions"; runOnlyForDeploymentPostprocessing = 0; }; 7631935B287D22C700D36BF7 /* CopyFiles */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; dstPath = /usr/share/man/man1/; dstSubfolderSpec = 0; files = ( ); runOnlyForDeploymentPostprocessing = 1; }; 766CC42C29D3A3DC009BC526 /* Embed Frameworks */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; dstPath = ""; dstSubfolderSpec = 10; files = ( 766CC42B29D3A3DC009BC526 /* Paddle.framework in Embed Frameworks */, 766CC42929D3A3DC009BC526 /* ProductLicense.framework in Embed Frameworks */, ); name = "Embed Frameworks"; runOnlyForDeploymentPostprocessing = 0; }; 766CC43129D3A3EC009BC526 /* Embed Frameworks */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; dstPath = ""; dstSubfolderSpec = 10; files = ( 766CC43029D3A3EC009BC526 /* Paddle.framework in Embed Frameworks */, 766CC42E29D3A3EC009BC526 /* ProductLicense.framework in Embed Frameworks */, ); name = "Embed Frameworks"; runOnlyForDeploymentPostprocessing = 0; }; 766CC43629D3A3F8009BC526 /* Embed Frameworks */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; dstPath = ""; dstSubfolderSpec = 10; files = ( 766CC43529D3A3F8009BC526 /* Paddle.framework in Embed Frameworks */, 766CC43329D3A3F8009BC526 /* ProductLicense.framework in Embed Frameworks */, ); name = "Embed Frameworks"; runOnlyForDeploymentPostprocessing = 0; }; 76786F512A27C36A00AA8DB9 /* CopyFiles */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; dstPath = /usr/share/man/man1/; dstSubfolderSpec = 0; files = ( ); runOnlyForDeploymentPostprocessing = 1; }; 76786F612A27C62D00AA8DB9 /* CopyFiles */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; dstPath = /usr/share/man/man1/; dstSubfolderSpec = 0; files = ( ); runOnlyForDeploymentPostprocessing = 1; }; /* End PBXCopyFilesBuildPhase section */ /* Begin PBXFileReference section */ 089B22F02AFAED280006B6BC /* NetworkMonitor.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; name = NetworkMonitor.swift; path = XCredsLoginPlugIn/LoginWindow/NetworkMonitor.swift; sourceTree = SOURCE_ROOT; }; 760148A82B23639D00E119A2 /* NSBundle+FindBundlePath.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "NSBundle+FindBundlePath.swift"; sourceTree = ""; }; 760291CB2C1166870075FBD8 /* AuthenticationServices.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = AuthenticationServices.framework; path = System/Library/Frameworks/AuthenticationServices.framework; sourceTree = SDKROOT; }; 760291E02C116E450075FBD8 /* XCreds Login Autofill.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = "XCreds Login Autofill.app"; sourceTree = BUILT_PRODUCTS_DIR; }; 760291E22C116E450075FBD8 /* AppDelegate.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppDelegate.swift; sourceTree = ""; }; 760291E42C116E450075FBD8 /* ViewController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ViewController.swift; sourceTree = ""; }; 760291E62C116E470075FBD8 /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Assets.xcassets; sourceTree = ""; }; 760291E92C116E470075FBD8 /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.storyboard; name = Base; path = Base.lproj/Main.storyboard; sourceTree = ""; }; 760291EB2C116E470075FBD8 /* XCreds_AutoFill.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = XCreds_AutoFill.entitlements; sourceTree = ""; }; 760291F42C116EDB0075FBD8 /* XCreds Login Password.appex */ = {isa = PBXFileReference; explicitFileType = "wrapper.app-extension"; includeInIndex = 0; path = "XCreds Login Password.appex"; sourceTree = BUILT_PRODUCTS_DIR; }; 760291F72C116EDB0075FBD8 /* CredentialProviderViewController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CredentialProviderViewController.swift; sourceTree = ""; }; 760291FA2C116EDB0075FBD8 /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = Base; path = Base.lproj/CredentialProviderViewController.xib; sourceTree = ""; }; 760291FC2C116EDB0075FBD8 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; 760291FD2C116EDB0075FBD8 /* XCreds_AutoFill_Extension.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = XCreds_AutoFill_Extension.entitlements; sourceTree = ""; }; 760418CE2A1332210051411B /* SignIn.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; path = SignIn.xib; sourceTree = ""; }; 760418CF2A1332210051411B /* SignInWindowController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = SignInWindowController.swift; sourceTree = ""; }; 760418D42A1332520051411B /* DS+AD.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "DS+AD.swift"; sourceTree = ""; }; 760418D62A1332660051411B /* DSQueryable.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = DSQueryable.swift; sourceTree = ""; }; 760418D82A1332770051411B /* SystemInfoHelper.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = SystemInfoHelper.swift; sourceTree = ""; }; 760418DA2A13328C0051411B /* LocalCheckAndMigrate.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = LocalCheckAndMigrate.swift; sourceTree = ""; }; 760418DC2A1334210051411B /* NoLoMechanism.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = NoLoMechanism.swift; sourceTree = ""; }; 760418DE2A1334D00051411B /* CheckAD.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = CheckAD.swift; sourceTree = ""; }; 7611CEBF288B75140063A644 /* XCredsCreateUser.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = XCredsCreateUser.swift; sourceTree = ""; }; 7611CEC1288B96760063A644 /* XCredsEnableFDE.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = XCredsEnableFDE.swift; sourceTree = ""; }; 7613FDF6289E114F00340CCD /* loadpage.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = loadpage.html; sourceTree = ""; }; 7614D03B2B181A5D006EAF36 /* icon_128x128.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; name = icon_128x128.png; path = XCreds/Assets.xcassets/AppIcon.appiconset/icon_128x128.png; sourceTree = ""; }; 761B486728A34CC900C6A02B /* LoginProgressWindowController.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; name = LoginProgressWindowController.xib; path = XCredsLoginPlugIn/LoginProgressWindowController.xib; sourceTree = SOURCE_ROOT; }; 761B486828A34CC900C6A02B /* LoginProgressWindowController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; name = LoginProgressWindowController.swift; path = XCredsLoginPlugIn/LoginProgressWindowController.swift; sourceTree = SOURCE_ROOT; }; 761B486B28A3575000C6A02B /* XCredsLoginDone.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = XCredsLoginDone.swift; sourceTree = ""; }; 7631935D287D22C700D36BF7 /* authrights */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = authrights; sourceTree = BUILT_PRODUCTS_DIR; }; 7631935F287D22C700D36BF7 /* authrights.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = authrights.swift; sourceTree = ""; }; 7632909B2876673500CF8857 /* DataExtension.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = DataExtension.swift; sourceTree = ""; }; 7632E39E287347C100E37923 /* XCredsKeychainAdd.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = XCredsKeychainAdd.swift; sourceTree = ""; }; 7632E3A02873497C00E37923 /* LogShim.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = LogShim.swift; path = Mechanisms/LogShim.swift; sourceTree = ""; }; 76342E592B282653007D4F29 /* DesktopLoginWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = DesktopLoginWindowController.swift; sourceTree = ""; }; 763DDF152B4F100D000D48CC /* ShareMounterMenu.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ShareMounterMenu.swift; sourceTree = ""; }; 763DDF192B4F1DD4000D48CC /* GSS.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = GSS.framework; path = System/Library/Frameworks/GSS.framework; sourceTree = SDKROOT; }; 7649056E2B6CADA9008B552F /* xcredsmenuItemWindowBackgroundImage.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = xcredsmenuItemWindowBackgroundImage.png; sourceTree = ""; }; 764D8124284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = VerifyLocalPasswordWindowController.swift; sourceTree = ""; }; 764D8125284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = VerifyLocalPasswordWindowController.xib; sourceTree = ""; }; 764D8128284BCAB100B3EE54 /* Window+Shake.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "Window+Shake.swift"; sourceTree = ""; }; 764D812A284BCC7400B3EE54 /* VerifyOIDCPasswordWindowController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = VerifyOIDCPasswordWindowController.swift; sourceTree = ""; }; 764D812B284BCC7400B3EE54 /* VerifyOIDCPassword.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; path = VerifyOIDCPassword.xib; sourceTree = ""; }; 764D812E284C06AB00B3EE54 /* defaults.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = defaults.plist; sourceTree = ""; }; 764D8132284D14A500B3EE54 /* Credits.txt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = Credits.txt; sourceTree = ""; }; 7651EDEC2A1451590075980B /* LocalUsersViewController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = LocalUsersViewController.xib; sourceTree = ""; }; 7651EDF62A1474330075980B /* LoginWebViewController.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; path = LoginWebViewController.xib; sourceTree = ""; }; 7657DEAE2B3503BF003A23DB /* SessionManager.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = SessionManager.swift; sourceTree = ""; }; 7657DEB22B350476003A23DB /* NoMADSession.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = NoMADSession.swift; sourceTree = ""; }; 7657DEB52B3504A6003A23DB /* UserRecord.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = UserRecord.swift; sourceTree = ""; }; 7657DEBB2B35055F003A23DB /* Logger.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = Logger.swift; sourceTree = ""; }; 7657DEBE2B3505A3003A23DB /* DNSResolver.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = DNSResolver.m; sourceTree = ""; }; 7657DEBF2B3505A3003A23DB /* DNSResolver.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DNSResolver.h; sourceTree = ""; }; 7657DEC22B3505CB003A23DB /* ADLDAPPing.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ADLDAPPing.swift; sourceTree = ""; }; 7657DEC52B3505EB003A23DB /* Extensions.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = Extensions.swift; sourceTree = ""; }; 7657DEC82B350606003A23DB /* KlistUtil.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = KlistUtil.swift; sourceTree = ""; }; 7657DECB2B35061E003A23DB /* SiteManager.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = SiteManager.swift; sourceTree = ""; }; 7657DED22B350644003A23DB /* GSSItem.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = GSSItem.h; sourceTree = ""; }; 7657DED32B35064E003A23DB /* krb5.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = krb5.h; sourceTree = ""; }; 7657DED52B351A67003A23DB /* KerbUtil.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = KerbUtil.h; sourceTree = ""; }; 7657DED82B351B5B003A23DB /* UNIXUtilities.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = UNIXUtilities.swift; sourceTree = ""; }; 7659CA06298E1BB6005D1AA3 /* DefaultBackground.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = DefaultBackground.png; sourceTree = ""; }; 766355BD2870CA6A002E3867 /* XCredsLoginPlugin.bundle */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = XCredsLoginPlugin.bundle; sourceTree = BUILT_PRODUCTS_DIR; }; 766355C12870CB6F002E3867 /* XCredsLoginPlugin.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = XCredsLoginPlugin.h; path = XCredsLoginPlugIn/XCredsLoginPlugin.h; sourceTree = SOURCE_ROOT; }; 766355C22870CB6F002E3867 /* XCredsLoginPlugin.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; name = XCredsLoginPlugin.m; path = XCredsLoginPlugIn/XCredsLoginPlugin.m; sourceTree = SOURCE_ROOT; }; 766355C42870CCC3002E3867 /* XCredsLoginPlugin-Bridging-Header.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "XCredsLoginPlugin-Bridging-Header.h"; sourceTree = ""; }; 766355D22870F29A002E3867 /* TestWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = TestWindowController.swift; path = XCredsLoginPlugIn/TestWindowController.swift; sourceTree = ""; }; 766355D32870F29A002E3867 /* TestWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = TestWindowController.xib; path = XCredsLoginPlugIn/TestWindowController.xib; sourceTree = ""; }; 766355DA287132E9002E3867 /* LoginWebViewController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; name = LoginWebViewController.swift; path = XCredsLoginPlugIn/LoginWindow/LoginWebViewController.swift; sourceTree = SOURCE_ROOT; }; 766355E128713C47002E3867 /* LoginWindow.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = LoginWindow.swift; sourceTree = ""; }; 766355E4287148C1002E3867 /* Tokens.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = Tokens.swift; path = Shared/Tokens.swift; sourceTree = SOURCE_ROOT; }; 76673CD429D3D5F500452848 /* LicenseChecker.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = LicenseChecker.swift; sourceTree = ""; }; 766CC42129D3A320009BC526 /* Paddle.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Paddle.framework; path = Carthage/Build/Mac/Paddle.framework; sourceTree = ""; }; 766CC42229D3A321009BC526 /* ProductLicense.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = ProductLicense.framework; path = Carthage/Build/Mac/ProductLicense.framework; sourceTree = ""; }; 766CC43729D3AED2009BC526 /* errorpage.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = errorpage.html; sourceTree = ""; }; 766F4C4A2883AFD90021F548 /* pleaseWaitGraphic.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = pleaseWaitGraphic.png; sourceTree = ""; }; 766FD60C2A1B06AC00C8F244 /* DefaultsOverride.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = DefaultsOverride.swift; sourceTree = ""; }; 767116A6284AABC500CCD6FF /* NotifyManager.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = NotifyManager.swift; sourceTree = ""; }; 767116A8284AAE2B00CCD6FF /* ScheduleManager.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ScheduleManager.swift; sourceTree = ""; }; 767116AB284AB4C000CCD6FF /* PasswordUtils.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = PasswordUtils.swift; sourceTree = ""; }; 767116AD284AB59400CCD6FF /* SecurityPrivateAPI.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecurityPrivateAPI.h; sourceTree = ""; }; 767116AE284AB5D900CCD6FF /* XCreds-Bridging-Header.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "XCreds-Bridging-Header.h"; sourceTree = ""; }; 767116B0284B021500CCD6FF /* MainController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MainController.swift; sourceTree = ""; }; 767116B2284B045800CCD6FF /* KeychainUtil.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = KeychainUtil.swift; sourceTree = ""; }; 7675444428918CD100613840 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist; name = Info.plist; path = XCredsLoginPlugin/Info.plist; sourceTree = ""; }; 7677908328908E40004E7085 /* WifiWindowController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = WifiWindowController.swift; sourceTree = ""; }; 7677908428908E40004E7085 /* WifiManager.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = WifiManager.swift; sourceTree = ""; }; 7677908528908E40004E7085 /* WifiWindowController.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; path = WifiWindowController.xib; sourceTree = ""; }; 76786F4E2A27C31400AA8DB9 /* AuthRightsHelper.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = AuthRightsHelper.swift; path = Shared/AuthRightsHelper.swift; sourceTree = SOURCE_ROOT; }; 76786F532A27C36A00AA8DB9 /* auth_mech_fixup */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = auth_mech_fixup; sourceTree = BUILT_PRODUCTS_DIR; }; 76786F552A27C36A00AA8DB9 /* main.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = main.swift; sourceTree = ""; }; 76786F632A27C62D00AA8DB9 /* test */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = test; sourceTree = BUILT_PRODUCTS_DIR; }; 76786F652A27C62D00AA8DB9 /* main.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = main.swift; sourceTree = ""; }; 76786F6A2A27C72900AA8DB9 /* auth_mech_fixup-Bridging-Header.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = "auth_mech_fixup-Bridging-Header.h"; path = "auth_mech_fixup/auth_mech_fixup-Bridging-Header.h"; sourceTree = SOURCE_ROOT; }; 767B939B2A28279E0038935E /* View+Shake.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "View+Shake.swift"; sourceTree = ""; }; 767CB2CC2B13B8EB006CA2AC /* libinfo.tbd */ = {isa = PBXFileReference; lastKnownFileType = "sourcecode.text-based-dylib-definition"; name = libinfo.tbd; path = usr/lib/libinfo.tbd; sourceTree = SDKROOT; }; 767CB2CE2B13B913006CA2AC /* libsystem_info.tbd */ = {isa = PBXFileReference; lastKnownFileType = "sourcecode.text-based-dylib-definition"; name = libsystem_info.tbd; path = usr/lib/system/libsystem_info.tbd; sourceTree = SDKROOT; }; 767CB2CF2B13B92B006CA2AC /* OpenDirectory.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = OpenDirectory.framework; path = System/Library/Frameworks/OpenDirectory.framework; sourceTree = SDKROOT; }; 7681FEC42A4C8B9000F91CD1 /* AboutWindowController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = AboutWindowController.swift; sourceTree = ""; }; 7681FEC62A4C8BC800F91CD1 /* AboutWindow.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; path = AboutWindow.xib; sourceTree = ""; }; 7681FEC82A4CFEA200F91CD1 /* com.twocanoes.xcreds.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; name = com.twocanoes.xcreds.plist; path = "Profile Manifest/com.twocanoes.xcreds.plist"; sourceTree = ""; }; 7683973029A854EC003D9B9F /* NSImage+String.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "NSImage+String.swift"; sourceTree = ""; }; 76873E2E2A107736001418A9 /* DefaultsHelper.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = DefaultsHelper.swift; path = XCreds/DefaultsHelper.swift; sourceTree = ""; }; 76B040A328EFC788002A289B /* Helper+JWTDecode.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = "Helper+JWTDecode.swift"; path = "XCreds/Helper+JWTDecode.swift"; sourceTree = ""; }; 76B882A829CCFD7900BB8186 /* TCSKeychain.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = TCSKeychain.m; sourceTree = ""; }; 76B882A929CCFD7A00BB8186 /* TCSKeychain.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TCSKeychain.h; sourceTree = ""; }; 76B882AC29CCFDAE00BB8186 /* NSData+SHA1.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "NSData+SHA1.m"; sourceTree = ""; }; 76B882AD29CCFDAE00BB8186 /* NSData+SHA1.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "NSData+SHA1.h"; sourceTree = ""; }; 76B882B029CCFDBA00BB8186 /* NSData+HexString.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "NSData+HexString.m"; sourceTree = ""; }; 76B882B129CCFDBA00BB8186 /* NSData+HexString.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "NSData+HexString.h"; sourceTree = ""; }; 76BEF7D42871F36C0013E2A1 /* main.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = main.swift; sourceTree = ""; }; 76BEF7DB2871F5F00013E2A1 /* TCSReturnWindow.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = TCSReturnWindow.m; sourceTree = ""; }; 76BEF7DC2871F5F00013E2A1 /* TCSReturnWindow.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TCSReturnWindow.h; sourceTree = ""; }; 76BEF7E02871F74D0013E2A1 /* ControlsViewController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ControlsViewController.swift; sourceTree = ""; }; 76BEF7E2287202080013E2A1 /* RestartX.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = RestartX.png; sourceTree = ""; }; 76BEF7E3287202080013E2A1 /* RestartX@2x.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = "RestartX@2x.png"; sourceTree = ""; }; 76BEF7E6287202AF0013E2A1 /* ShutdownX.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = ShutdownX.png; sourceTree = ""; }; 76BEF7E7287202AF0013E2A1 /* ShutdownX@2x.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = "ShutdownX@2x.png"; sourceTree = ""; }; 76BEF7EA28724A0B0013E2A1 /* XCredsLoginMechanism.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = XCredsLoginMechanism.swift; sourceTree = ""; }; 76BEF7EB28724A0B0013E2A1 /* XCredsBaseMechanism.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = XCredsBaseMechanism.swift; sourceTree = ""; }; 76BEF7F228724F120013E2A1 /* XCredsPowerControlMechanism.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = XCredsPowerControlMechanism.swift; sourceTree = ""; }; 76BEF7F528724FA80013E2A1 /* NSTaskWrapper.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = NSTaskWrapper.swift; sourceTree = ""; }; 76BEF7F72872504C0013E2A1 /* ContextAndHintHandling.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ContextAndHintHandling.swift; sourceTree = ""; }; 76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = AuthorizationDBManager.swift; path = XCredsLoginPlugIn/LoginWindow/AuthorizationDBManager.swift; sourceTree = SOURCE_ROOT; }; 76BEF7FE2872A3030013E2A1 /* loginwindow@2x.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = "loginwindow@2x.png"; sourceTree = ""; }; 76BEF7FF2872A3030013E2A1 /* loginwindow.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = loginwindow.png; sourceTree = ""; }; 76C084092A9A2635008039FA /* ControlsViewController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = ControlsViewController.xib; sourceTree = ""; }; 76C4ACBE2B3D0F8D003B3605 /* ShareMounter.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ShareMounter.swift; sourceTree = ""; }; 76C4BAB22B353AD7007B2C57 /* libresolv.tbd */ = {isa = PBXFileReference; lastKnownFileType = "sourcecode.text-based-dylib-definition"; name = libresolv.tbd; path = usr/lib/libresolv.tbd; sourceTree = SDKROOT; }; 76C4BAB52B353AF7007B2C57 /* Kerberos.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Kerberos.framework; path = System/Library/Frameworks/Kerberos.framework; sourceTree = SDKROOT; }; 76C4BABA2B353B4B007B2C57 /* KerbUtil.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = KerbUtil.m; sourceTree = ""; }; 76C63A312A22872700810C53 /* History.md */ = {isa = PBXFileReference; lastKnownFileType = net.daringfireball.markdown; path = History.md; sourceTree = ""; }; 76CB9076287FBEEA00C70D0C /* Helper+URLDecode.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "Helper+URLDecode.swift"; sourceTree = ""; }; 76CB907C288112AF00C70D0C /* xcreds_login.sh */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; path = xcreds_login.sh; sourceTree = ""; }; 76CCF5422B12E478003F85E9 /* SelectLocalAccountWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SelectLocalAccountWindowController.swift; sourceTree = ""; }; 76CCF5432B12E478003F85E9 /* SelectLocalAccountWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = SelectLocalAccountWindowController.xib; sourceTree = ""; }; 76D1757D2B24096C00E64A62 /* MainLoginWindow.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MainLoginWindow.swift; sourceTree = ""; }; 76D4726B2B43B8FA0064380C /* TCTaskWrapperWithBlocks.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TCTaskWrapperWithBlocks.h; sourceTree = ""; }; 76D4726C2B43B8FB0064380C /* TCTaskWrapperWithBlocks.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = TCTaskWrapperWithBlocks.m; sourceTree = ""; }; 76D7ADF9284EB15000332EBC /* TCSUnifiedLogger.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = TCSUnifiedLogger.m; sourceTree = ""; }; 76D7ADFA284EB15100332EBC /* TCSUnifiedLogger.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TCSUnifiedLogger.h; sourceTree = ""; }; 76D7ADFC284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "NSFileManager+TCSRealHomeFolder.m"; sourceTree = ""; }; 76D7ADFD284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "NSFileManager+TCSRealHomeFolder.h"; sourceTree = ""; }; 76DB5CF32A09AE9A0014F8E1 /* get_pw.js */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.javascript; name = get_pw.js; path = Javascript/get_pw/get_pw.js; sourceTree = ""; }; 76DC0A6528836EB1007C42B2 /* XCreds Login Overlay.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = "XCreds Login Overlay.app"; sourceTree = BUILT_PRODUCTS_DIR; }; 76DC0A6728836EB1007C42B2 /* AppDelegate.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppDelegate.swift; sourceTree = ""; }; 76DC0A6928836EB2007C42B2 /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Assets.xcassets; sourceTree = ""; }; 76DC0A6C28836EB2007C42B2 /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = Base; path = Base.lproj/MainMenu.xib; sourceTree = ""; }; 76DC0A6E28836EB2007C42B2 /* XCreds_Login_Overlay.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = XCreds_Login_Overlay.entitlements; sourceTree = ""; }; 76DC0A7628837028007C42B2 /* returnArrow.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = returnArrow.png; sourceTree = ""; }; 76DC0A78288370BA007C42B2 /* com.twocanoes.xcreds-overlay.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = "com.twocanoes.xcreds-overlay.plist"; sourceTree = ""; }; 76DC0A7D288376BC007C42B2 /* TCSXCredsLoginOverlayWindow.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = TCSXCredsLoginOverlayWindow.swift; sourceTree = ""; }; 76DC0A7F2883785A007C42B2 /* XCreds-Login-Overlay-Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist; path = "XCreds-Login-Overlay-Info.plist"; sourceTree = SOURCE_ROOT; }; 76DD6D122859978F00A700ED /* OIDCLite */ = {isa = PBXFileReference; lastKnownFileType = wrapper; name = OIDCLite; path = ../OIDCLite; sourceTree = ""; }; 76E466642B1A4C16006529B6 /* UpdatePasswordWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = UpdatePasswordWindowController.swift; sourceTree = ""; }; 76E466652B1A4C16006529B6 /* UpdatePasswordWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = UpdatePasswordWindowController.xib; sourceTree = ""; }; 76E74DCE2B3902F0004C6429 /* XCredsMechanismProtocol.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = XCredsMechanismProtocol.swift; sourceTree = ""; }; 76E9CE6E2A0DC6E30060220C /* TCSLoginWindowUtilities.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = TCSLoginWindowUtilities.h; path = XCreds/TCSLoginWindowUtilities.h; sourceTree = ""; }; 76E9CE6F2A0DC6E30060220C /* TCSLoginWindowUtilities.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; name = TCSLoginWindowUtilities.m; path = XCreds/TCSLoginWindowUtilities.m; sourceTree = ""; }; 76EE069A27FD1D00009E0F3A /* XCreds.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = XCreds.app; sourceTree = BUILT_PRODUCTS_DIR; }; 76EE069D27FD1D00009E0F3A /* AppDelegate.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppDelegate.swift; sourceTree = ""; }; 76EE069F27FD1D01009E0F3A /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Assets.xcassets; sourceTree = ""; }; 76EE06A227FD1D01009E0F3A /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = Base; path = Base.lproj/MainMenu.xib; sourceTree = ""; }; 76EE06A427FD1D01009E0F3A /* xCreds.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = xCreds.entitlements; sourceTree = ""; }; 76EE06AA27FD1D66009E0F3A /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist; path = Info.plist; sourceTree = ""; }; 76EE06AB27FD1D92009E0F3A /* TokenManager.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = TokenManager.swift; sourceTree = ""; }; 76EE06AD27FD1DC3009E0F3A /* PrefKeys.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = PrefKeys.swift; sourceTree = ""; }; 76EE06AF27FD1DD8009E0F3A /* Window+ForceToFront.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "Window+ForceToFront.swift"; sourceTree = ""; }; 76EE06B127FD1E24009E0F3A /* DesktopLoginWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = DesktopLoginWindowController.xib; sourceTree = ""; }; 76EE06B327FD1E5F009E0F3A /* WebViewController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = WebViewController.swift; sourceTree = ""; }; 76EE06B527FD1E79009E0F3A /* PreferencesWindow.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = PreferencesWindow.xib; sourceTree = ""; }; 76EE06B727FD1EB7009E0F3A /* PreferencesWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = PreferencesWindowController.swift; sourceTree = ""; }; 76EE06C127FD1F50009E0F3A /* StatusMenuController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = StatusMenuController.swift; sourceTree = ""; }; 76EECCFF2875135900483C66 /* LoggerHelper.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = LoggerHelper.swift; sourceTree = ""; }; 76EECD0328753C7F00483C66 /* String+Base64URLEncoded.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "String+Base64URLEncoded.swift"; sourceTree = ""; }; 76FDC5D42B22D47A0035D61E /* MainLoginWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = MainLoginWindowController.swift; path = XCreds/MainLoginWindowController.swift; sourceTree = SOURCE_ROOT; }; 76FDC5D52B22D47A0035D61E /* MainLoginWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = MainLoginWindowController.xib; path = XCredsLoginPlugIn/LoginWindow/MainLoginWindowController.xib; sourceTree = SOURCE_ROOT; }; 76FDC5D82B235A4F0035D61E /* StatusMenuWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = StatusMenuWindowController.swift; sourceTree = SOURCE_ROOT; }; 76FDC5D92B235A4F0035D61E /* StatusMenuWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = StatusMenuWindowController.xib; sourceTree = SOURCE_ROOT; }; /* End PBXFileReference section */ /* Begin PBXFrameworksBuildPhase section */ 760291DD2C116E450075FBD8 /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( ); runOnlyForDeploymentPostprocessing = 0; }; 760291F12C116EDB0075FBD8 /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( 760291F52C116EDB0075FBD8 /* AuthenticationServices.framework in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; }; 7631935A287D22C700D36BF7 /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( 76AB89E32A12FB4900529D90 /* ArgumentParser in Frameworks */, 76AB89E12A12FAF900529D90 /* OIDCLite in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; }; 766355BA2870CA6A002E3867 /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( 76C4BAB62B353AF7007B2C57 /* Kerberos.framework in Frameworks */, 76C4BAB42B353ADD007B2C57 /* libresolv.tbd in Frameworks */, 766CC42D29D3A3EC009BC526 /* ProductLicense.framework in Frameworks */, 766CC42F29D3A3EC009BC526 /* Paddle.framework in Frameworks */, 766355CE2870E9D3002E3867 /* OIDCLite in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; }; 76786F502A27C36A00AA8DB9 /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( ); runOnlyForDeploymentPostprocessing = 0; }; 76786F602A27C62D00AA8DB9 /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( ); runOnlyForDeploymentPostprocessing = 0; }; 76DC0A6228836EB1007C42B2 /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( 766CC43429D3A3F8009BC526 /* Paddle.framework in Frameworks */, 766CC43229D3A3F8009BC526 /* ProductLicense.framework in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; }; 76EE069727FD1D00009E0F3A /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( 76C4BAB72B353AFD007B2C57 /* Kerberos.framework in Frameworks */, 762177E62B7144460051B756 /* OIDCLite in Frameworks */, 76C4BAB32B353AD7007B2C57 /* libresolv.tbd in Frameworks */, 763DDF1A2B4F1DD4000D48CC /* GSS.framework in Frameworks */, 766CC42829D3A3DC009BC526 /* ProductLicense.framework in Frameworks */, 766CC42A29D3A3DC009BC526 /* Paddle.framework in Frameworks */, 767CB2D02B13B92B006CA2AC /* OpenDirectory.framework in Frameworks */, 76319369287D24F600D36BF7 /* ArgumentParser in Frameworks */, 76319366287D24E100D36BF7 /* ArgumentParser in Frameworks */, 76DD6D17285997F300A700ED /* OIDCLite in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; }; /* End PBXFrameworksBuildPhase section */ /* Begin PBXGroup section */ 760291E12C116E450075FBD8 /* XCreds AutoFill */ = { isa = PBXGroup; children = ( 760291E22C116E450075FBD8 /* AppDelegate.swift */, 760291E42C116E450075FBD8 /* ViewController.swift */, 760291E62C116E470075FBD8 /* Assets.xcassets */, 760291E82C116E470075FBD8 /* Main.storyboard */, 760291EB2C116E470075FBD8 /* XCreds_AutoFill.entitlements */, ); path = "XCreds AutoFill"; sourceTree = ""; }; 760291F62C116EDB0075FBD8 /* XCreds AutoFill Extension */ = { isa = PBXGroup; children = ( 760291F72C116EDB0075FBD8 /* CredentialProviderViewController.swift */, 760291F92C116EDB0075FBD8 /* CredentialProviderViewController.xib */, 760291FC2C116EDB0075FBD8 /* Info.plist */, 760291FD2C116EDB0075FBD8 /* XCreds_AutoFill_Extension.entitlements */, ); path = "XCreds AutoFill Extension"; sourceTree = ""; }; 760418CC2A1331710051411B /* NomadLogin */ = { isa = PBXGroup; children = ( 760418DE2A1334D00051411B /* CheckAD.swift */, 760418DC2A1334210051411B /* NoLoMechanism.swift */, 760418DA2A13328C0051411B /* LocalCheckAndMigrate.swift */, 760418D82A1332770051411B /* SystemInfoHelper.swift */, 760418D62A1332660051411B /* DSQueryable.swift */, 760418D42A1332520051411B /* DS+AD.swift */, 760418CD2A1332210051411B /* UI */, ); path = NomadLogin; sourceTree = ""; }; 760418CD2A1332210051411B /* UI */ = { isa = PBXGroup; children = ( 760418CE2A1332210051411B /* SignIn.xib */, ); path = UI; sourceTree = ""; }; 7631935E287D22C700D36BF7 /* authrights */ = { isa = PBXGroup; children = ( 76786F4E2A27C31400AA8DB9 /* AuthRightsHelper.swift */, 7631935F287D22C700D36BF7 /* authrights.swift */, ); path = authrights; sourceTree = ""; }; 7657DEDC2B351BF9003A23DB /* headers */ = { isa = PBXGroup; children = ( 7657DEBF2B3505A3003A23DB /* DNSResolver.h */, 7657DED32B35064E003A23DB /* krb5.h */, 7657DED22B350644003A23DB /* GSSItem.h */, ); path = headers; sourceTree = ""; }; 766355C72870D1B5002E3867 /* XCredsLogin */ = { isa = PBXGroup; children = ( 76B882B129CCFDBA00BB8186 /* NSData+HexString.h */, 76B882B029CCFDBA00BB8186 /* NSData+HexString.m */, 76B882AD29CCFDAE00BB8186 /* NSData+SHA1.h */, 76B882AC29CCFDAE00BB8186 /* NSData+SHA1.m */, 76B882A929CCFD7A00BB8186 /* TCSKeychain.h */, 76B882A829CCFD7900BB8186 /* TCSKeychain.m */, 7613FDF6289E114F00340CCD /* loadpage.html */, 766CC43729D3AED2009BC526 /* errorpage.html */, 7677908428908E40004E7085 /* WifiManager.swift */, 7677908328908E40004E7085 /* WifiWindowController.swift */, 7677908528908E40004E7085 /* WifiWindowController.xib */, 76EECD0328753C7F00483C66 /* String+Base64URLEncoded.swift */, 7632E3A02873497C00E37923 /* LogShim.swift */, 76BEF7F72872504C0013E2A1 /* ContextAndHintHandling.swift */, 76BEF7F528724FA80013E2A1 /* NSTaskWrapper.swift */, 766355C12870CB6F002E3867 /* XCredsLoginPlugin.h */, 766355C22870CB6F002E3867 /* XCredsLoginPlugin.m */, 76BEF7F028724E520013E2A1 /* LoginWindow */, 76BEF7EF28724E280013E2A1 /* Mechanisms */, ); name = XCredsLogin; path = XCredsLoginPlugIn; sourceTree = ""; }; 76786F542A27C36A00AA8DB9 /* auth_mech_fixup */ = { isa = PBXGroup; children = ( 76786F6A2A27C72900AA8DB9 /* auth_mech_fixup-Bridging-Header.h */, 76786F552A27C36A00AA8DB9 /* main.swift */, ); path = auth_mech_fixup; sourceTree = ""; }; 76786F642A27C62D00AA8DB9 /* test */ = { isa = PBXGroup; children = ( 76786F652A27C62D00AA8DB9 /* main.swift */, ); path = test; sourceTree = ""; }; 76BEF7D32871F36C0013E2A1 /* FakeTrue */ = { isa = PBXGroup; children = ( 76BEF7D42871F36C0013E2A1 /* main.swift */, ); path = FakeTrue; sourceTree = ""; }; 76BEF7EF28724E280013E2A1 /* Mechanisms */ = { isa = PBXGroup; children = ( 761B486B28A3575000C6A02B /* XCredsLoginDone.swift */, 7611CEC1288B96760063A644 /* XCredsEnableFDE.swift */, 7611CEBF288B75140063A644 /* XCredsCreateUser.swift */, 7632E39E287347C100E37923 /* XCredsKeychainAdd.swift */, 76BEF7F228724F120013E2A1 /* XCredsPowerControlMechanism.swift */, 76BEF7EA28724A0B0013E2A1 /* XCredsLoginMechanism.swift */, 76BEF7EB28724A0B0013E2A1 /* XCredsBaseMechanism.swift */, ); path = Mechanisms; sourceTree = ""; }; 76BEF7F028724E520013E2A1 /* LoginWindow */ = { isa = PBXGroup; children = ( 766355DA287132E9002E3867 /* LoginWebViewController.swift */, 760418CF2A1332210051411B /* SignInWindowController.swift */, 761B486828A34CC900C6A02B /* LoginProgressWindowController.swift */, 089B22F02AFAED280006B6BC /* NetworkMonitor.swift */, 761B486728A34CC900C6A02B /* LoginProgressWindowController.xib */, 76FDC5D52B22D47A0035D61E /* MainLoginWindowController.xib */, 76CB907C288112AF00C70D0C /* xcreds_login.sh */, 76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */, 76BEF7DC2871F5F00013E2A1 /* TCSReturnWindow.h */, 76BEF7DB2871F5F00013E2A1 /* TCSReturnWindow.m */, 76C084092A9A2635008039FA /* ControlsViewController.xib */, 76BEF7E02871F74D0013E2A1 /* ControlsViewController.swift */, 766355E128713C47002E3867 /* LoginWindow.swift */, 7651EDEC2A1451590075980B /* LocalUsersViewController.xib */, 76D1757D2B24096C00E64A62 /* MainLoginWindow.swift */, 76BEF7F128724EB60013E2A1 /* images */, ); path = LoginWindow; sourceTree = ""; }; 76BEF7F128724EB60013E2A1 /* images */ = { isa = PBXGroup; children = ( 7649056E2B6CADA9008B552F /* xcredsmenuItemWindowBackgroundImage.png */, 76BEF7FF2872A3030013E2A1 /* loginwindow.png */, 76BEF7FE2872A3030013E2A1 /* loginwindow@2x.png */, 76BEF7E6287202AF0013E2A1 /* ShutdownX.png */, 76BEF7E7287202AF0013E2A1 /* ShutdownX@2x.png */, 76BEF7E2287202080013E2A1 /* RestartX.png */, 76BEF7E3287202080013E2A1 /* RestartX@2x.png */, ); path = images; sourceTree = ""; }; 76C4BAB92B353B3F007B2C57 /* NoMAD */ = { isa = PBXGroup; children = ( 7657DEAE2B3503BF003A23DB /* SessionManager.swift */, 7657DED82B351B5B003A23DB /* UNIXUtilities.swift */, 7657DED52B351A67003A23DB /* KerbUtil.h */, 76C4BABA2B353B4B007B2C57 /* KerbUtil.m */, 7657DEDC2B351BF9003A23DB /* headers */, 7657DECB2B35061E003A23DB /* SiteManager.swift */, 7657DEC82B350606003A23DB /* KlistUtil.swift */, 7657DEC52B3505EB003A23DB /* Extensions.swift */, 7657DEC22B3505CB003A23DB /* ADLDAPPing.swift */, 7657DEBE2B3505A3003A23DB /* DNSResolver.m */, 7657DEBB2B35055F003A23DB /* Logger.swift */, 7657DEB52B3504A6003A23DB /* UserRecord.swift */, 7657DEB22B350476003A23DB /* NoMADSession.swift */, ); name = NoMAD; sourceTree = ""; }; 76DC0A6628836EB1007C42B2 /* XCreds Login Overlay */ = { isa = PBXGroup; children = ( 766F4C4A2883AFD90021F548 /* pleaseWaitGraphic.png */, 76DC0A7F2883785A007C42B2 /* XCreds-Login-Overlay-Info.plist */, 76DC0A7D288376BC007C42B2 /* TCSXCredsLoginOverlayWindow.swift */, 76DC0A78288370BA007C42B2 /* com.twocanoes.xcreds-overlay.plist */, 76DC0A7628837028007C42B2 /* returnArrow.png */, 76DC0A6728836EB1007C42B2 /* AppDelegate.swift */, 76DC0A6928836EB2007C42B2 /* Assets.xcassets */, 76DC0A6B28836EB2007C42B2 /* MainMenu.xib */, 76DC0A6E28836EB2007C42B2 /* XCreds_Login_Overlay.entitlements */, ); path = "XCreds Login Overlay"; sourceTree = ""; }; 76DD6D112859978F00A700ED /* Packages */ = { isa = PBXGroup; children = ( 76DD6D122859978F00A700ED /* OIDCLite */, ); name = Packages; sourceTree = ""; }; 76DD6D15285997F300A700ED /* Frameworks */ = { isa = PBXGroup; children = ( 763DDF192B4F1DD4000D48CC /* GSS.framework */, 76C4BAB52B353AF7007B2C57 /* Kerberos.framework */, 76C4BAB22B353AD7007B2C57 /* libresolv.tbd */, 767CB2CF2B13B92B006CA2AC /* OpenDirectory.framework */, 767CB2CE2B13B913006CA2AC /* libsystem_info.tbd */, 767CB2CC2B13B8EB006CA2AC /* libinfo.tbd */, 766CC42129D3A320009BC526 /* Paddle.framework */, 766CC42229D3A321009BC526 /* ProductLicense.framework */, 760291CB2C1166870075FBD8 /* AuthenticationServices.framework */, ); name = Frameworks; sourceTree = ""; }; 76EE069127FD1D00009E0F3A = { isa = PBXGroup; children = ( 76D4726B2B43B8FA0064380C /* TCTaskWrapperWithBlocks.h */, 76D4726C2B43B8FB0064380C /* TCTaskWrapperWithBlocks.m */, 763DDF152B4F100D000D48CC /* ShareMounterMenu.swift */, 76C4ACBE2B3D0F8D003B3605 /* ShareMounter.swift */, 76C4BAB92B353B3F007B2C57 /* NoMAD */, 760148A82B23639D00E119A2 /* NSBundle+FindBundlePath.swift */, 7614D03B2B181A5D006EAF36 /* icon_128x128.png */, 7681FEC82A4CFEA200F91CD1 /* com.twocanoes.xcreds.plist */, 76C63A312A22872700810C53 /* History.md */, 760418CC2A1331710051411B /* NomadLogin */, 76873E2E2A107736001418A9 /* DefaultsHelper.swift */, 76E9CE6E2A0DC6E30060220C /* TCSLoginWindowUtilities.h */, 76E9CE6F2A0DC6E30060220C /* TCSLoginWindowUtilities.m */, 76673CD429D3D5F500452848 /* LicenseChecker.swift */, 7683973029A854EC003D9B9F /* NSImage+String.swift */, 76DB5CF32A09AE9A0014F8E1 /* get_pw.js */, 7659CA06298E1BB6005D1AA3 /* DefaultBackground.png */, 766FD60C2A1B06AC00C8F244 /* DefaultsOverride.swift */, 7675444428918CD100613840 /* Info.plist */, 760291E12C116E450075FBD8 /* XCreds AutoFill */, 760291F62C116EDB0075FBD8 /* XCreds AutoFill Extension */, 76DD6D15285997F300A700ED /* Frameworks */, 76CB9076287FBEEA00C70D0C /* Helper+URLDecode.swift */, 76B040A328EFC788002A289B /* Helper+JWTDecode.swift */, 7632909B2876673500CF8857 /* DataExtension.swift */, 766355D22870F29A002E3867 /* TestWindowController.swift */, 766355D32870F29A002E3867 /* TestWindowController.xib */, 76DD6D112859978F00A700ED /* Packages */, 766355C72870D1B5002E3867 /* XCredsLogin */, 76EE069C27FD1D00009E0F3A /* XCreds */, 76BEF7D32871F36C0013E2A1 /* FakeTrue */, 7631935E287D22C700D36BF7 /* authrights */, 76DC0A6628836EB1007C42B2 /* XCreds Login Overlay */, 76786F542A27C36A00AA8DB9 /* auth_mech_fixup */, 76786F642A27C62D00AA8DB9 /* test */, 76EE069B27FD1D00009E0F3A /* Products */, ); sourceTree = ""; }; 76EE069B27FD1D00009E0F3A /* Products */ = { isa = PBXGroup; children = ( 76EE069A27FD1D00009E0F3A /* XCreds.app */, 766355BD2870CA6A002E3867 /* XCredsLoginPlugin.bundle */, 7631935D287D22C700D36BF7 /* authrights */, 76DC0A6528836EB1007C42B2 /* XCreds Login Overlay.app */, 76786F532A27C36A00AA8DB9 /* auth_mech_fixup */, 76786F632A27C62D00AA8DB9 /* test */, 760291E02C116E450075FBD8 /* XCreds Login Autofill.app */, 760291F42C116EDB0075FBD8 /* XCreds Login Password.appex */, ); name = Products; sourceTree = ""; }; 76EE069C27FD1D00009E0F3A /* XCreds */ = { isa = PBXGroup; children = ( 76FDC5D42B22D47A0035D61E /* MainLoginWindowController.swift */, 764D8125284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.xib */, 76CCF5432B12E478003F85E9 /* SelectLocalAccountWindowController.xib */, 76CCF5422B12E478003F85E9 /* SelectLocalAccountWindowController.swift */, 76FDC5D92B235A4F0035D61E /* StatusMenuWindowController.xib */, 76E466652B1A4C16006529B6 /* UpdatePasswordWindowController.xib */, 7651EDF62A1474330075980B /* LoginWebViewController.xib */, 764D812B284BCC7400B3EE54 /* VerifyOIDCPassword.xib */, 76FDC5D82B235A4F0035D61E /* StatusMenuWindowController.swift */, 76D7ADFD284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.h */, 76D7ADFC284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m */, 76D7ADFA284EB15100332EBC /* TCSUnifiedLogger.h */, 76D7ADF9284EB15000332EBC /* TCSUnifiedLogger.m */, 76EECCFF2875135900483C66 /* LoggerHelper.swift */, 764D812A284BCC7400B3EE54 /* VerifyOIDCPasswordWindowController.swift */, 764D8124284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.swift */, 764D8132284D14A500B3EE54 /* Credits.txt */, 76E466642B1A4C16006529B6 /* UpdatePasswordWindowController.swift */, 767116B2284B045800CCD6FF /* KeychainUtil.swift */, 767116AD284AB59400CCD6FF /* SecurityPrivateAPI.h */, 76EE06AB27FD1D92009E0F3A /* TokenManager.swift */, 76E74DCE2B3902F0004C6429 /* XCredsMechanismProtocol.swift */, 76EE06AD27FD1DC3009E0F3A /* PrefKeys.swift */, 764D8128284BCAB100B3EE54 /* Window+Shake.swift */, 767B939B2A28279E0038935E /* View+Shake.swift */, 76EE06B127FD1E24009E0F3A /* DesktopLoginWindowController.xib */, 76342E592B282653007D4F29 /* DesktopLoginWindowController.swift */, 76EE06B327FD1E5F009E0F3A /* WebViewController.swift */, 766355E4287148C1002E3867 /* Tokens.swift */, 7681FEC62A4C8BC800F91CD1 /* AboutWindow.xib */, 767116AB284AB4C000CCD6FF /* PasswordUtils.swift */, 76EE06B527FD1E79009E0F3A /* PreferencesWindow.xib */, 764D812E284C06AB00B3EE54 /* defaults.plist */, 767116AE284AB5D900CCD6FF /* XCreds-Bridging-Header.h */, 76EE06B727FD1EB7009E0F3A /* PreferencesWindowController.swift */, 7681FEC42A4C8B9000F91CD1 /* AboutWindowController.swift */, 76EE06AF27FD1DD8009E0F3A /* Window+ForceToFront.swift */, 767116A8284AAE2B00CCD6FF /* ScheduleManager.swift */, 76EE06C127FD1F50009E0F3A /* StatusMenuController.swift */, 76EE06AA27FD1D66009E0F3A /* Info.plist */, 76EE069D27FD1D00009E0F3A /* AppDelegate.swift */, 767116B0284B021500CCD6FF /* MainController.swift */, 767116A6284AABC500CCD6FF /* NotifyManager.swift */, 76EE069F27FD1D01009E0F3A /* Assets.xcassets */, 76EE06A127FD1D01009E0F3A /* MainMenu.xib */, 76EE06A427FD1D01009E0F3A /* xCreds.entitlements */, 766355C42870CCC3002E3867 /* XCredsLoginPlugin-Bridging-Header.h */, ); path = XCreds; sourceTree = ""; }; /* End PBXGroup section */ /* Begin PBXLegacyTarget section */ 766F4C4C2883B88F0021F548 /* Send To Test */ = { isa = PBXLegacyTarget; buildArgumentsString = "app_to_test.sh mba.local"; buildConfigurationList = 766F4C4D2883B88F0021F548 /* Build configuration list for PBXLegacyTarget "Send To Test" */; buildPhases = ( ); buildToolPath = /bin/bash; buildWorkingDirectory = /Users/tperfitt/Documents/Projects/xcreds; dependencies = ( ); name = "Send To Test"; passBuildSettingsInEnvironment = 1; productName = "Send To Test"; }; /* End PBXLegacyTarget section */ /* Begin PBXNativeTarget section */ 760291DF2C116E450075FBD8 /* XCreds Login Autofill */ = { isa = PBXNativeTarget; buildConfigurationList = 760291EC2C116E470075FBD8 /* Build configuration list for PBXNativeTarget "XCreds Login Autofill" */; buildPhases = ( 760291DC2C116E450075FBD8 /* Sources */, 760291DD2C116E450075FBD8 /* Frameworks */, 760291DE2C116E450075FBD8 /* Resources */, 760292042C116EDB0075FBD8 /* Embed Foundation Extensions */, ); buildRules = ( ); dependencies = ( 760291FF2C116EDB0075FBD8 /* PBXTargetDependency */, ); name = "XCreds Login Autofill"; productName = "XCreds AutoFill"; productReference = 760291E02C116E450075FBD8 /* XCreds Login Autofill.app */; productType = "com.apple.product-type.application"; }; 760291F32C116EDB0075FBD8 /* XCreds Login Password */ = { isa = PBXNativeTarget; buildConfigurationList = 760292012C116EDB0075FBD8 /* Build configuration list for PBXNativeTarget "XCreds Login Password" */; buildPhases = ( 760291F02C116EDB0075FBD8 /* Sources */, 760291F12C116EDB0075FBD8 /* Frameworks */, 760291F22C116EDB0075FBD8 /* Resources */, ); buildRules = ( ); dependencies = ( ); name = "XCreds Login Password"; productName = "XCreds AutoFill Extension"; productReference = 760291F42C116EDB0075FBD8 /* XCreds Login Password.appex */; productType = "com.apple.product-type.app-extension"; }; 7631935C287D22C700D36BF7 /* authrights */ = { isa = PBXNativeTarget; buildConfigurationList = 76319363287D22C700D36BF7 /* Build configuration list for PBXNativeTarget "authrights" */; buildPhases = ( 76319359287D22C700D36BF7 /* Sources */, 7631935A287D22C700D36BF7 /* Frameworks */, 7631935B287D22C700D36BF7 /* CopyFiles */, ); buildRules = ( ); dependencies = ( ); name = authrights; packageProductDependencies = ( 76AB89E02A12FAF900529D90 /* OIDCLite */, 76AB89E22A12FB4900529D90 /* ArgumentParser */, ); productName = authrights; productReference = 7631935D287D22C700D36BF7 /* authrights */; productType = "com.apple.product-type.tool"; }; 766355BC2870CA6A002E3867 /* XCredsLoginPlugin */ = { isa = PBXNativeTarget; buildConfigurationList = 766355C02870CA6A002E3867 /* Build configuration list for PBXNativeTarget "XCredsLoginPlugin" */; buildPhases = ( 766355B92870CA6A002E3867 /* Sources */, 766355BA2870CA6A002E3867 /* Frameworks */, 766355BB2870CA6A002E3867 /* Resources */, 766CC43129D3A3EC009BC526 /* Embed Frameworks */, ); buildRules = ( ); dependencies = ( ); name = XCredsLoginPlugin; packageProductDependencies = ( 766355CD2870E9D3002E3867 /* OIDCLite */, ); productName = XCredsLoginPlugin; productReference = 766355BD2870CA6A002E3867 /* XCredsLoginPlugin.bundle */; productType = "com.apple.product-type.bundle"; }; 76786F522A27C36A00AA8DB9 /* auth_mech_fixup */ = { isa = PBXNativeTarget; buildConfigurationList = 76786F572A27C36A00AA8DB9 /* Build configuration list for PBXNativeTarget "auth_mech_fixup" */; buildPhases = ( 76786F4F2A27C36A00AA8DB9 /* Sources */, 76786F502A27C36A00AA8DB9 /* Frameworks */, 76786F512A27C36A00AA8DB9 /* CopyFiles */, ); buildRules = ( ); dependencies = ( ); name = auth_mech_fixup; productName = auth_mech_fixup; productReference = 76786F532A27C36A00AA8DB9 /* auth_mech_fixup */; productType = "com.apple.product-type.tool"; }; 76786F622A27C62D00AA8DB9 /* test */ = { isa = PBXNativeTarget; buildConfigurationList = 76786F672A27C62D00AA8DB9 /* Build configuration list for PBXNativeTarget "test" */; buildPhases = ( 76786F5F2A27C62D00AA8DB9 /* Sources */, 76786F602A27C62D00AA8DB9 /* Frameworks */, 76786F612A27C62D00AA8DB9 /* CopyFiles */, ); buildRules = ( ); dependencies = ( ); name = test; productName = test; productReference = 76786F632A27C62D00AA8DB9 /* test */; productType = "com.apple.product-type.tool"; }; 76DC0A6428836EB1007C42B2 /* XCreds Login Overlay */ = { isa = PBXNativeTarget; buildConfigurationList = 76DC0A6F28836EB2007C42B2 /* Build configuration list for PBXNativeTarget "XCreds Login Overlay" */; buildPhases = ( 76DC0A6128836EB1007C42B2 /* Sources */, 76DC0A6228836EB1007C42B2 /* Frameworks */, 76DC0A6328836EB1007C42B2 /* Resources */, 766CC43629D3A3F8009BC526 /* Embed Frameworks */, ); buildRules = ( ); dependencies = ( ); name = "XCreds Login Overlay"; productName = "XCreds Login Overlay"; productReference = 76DC0A6528836EB1007C42B2 /* XCreds Login Overlay.app */; productType = "com.apple.product-type.application"; }; 76EE069927FD1D00009E0F3A /* XCreds */ = { isa = PBXNativeTarget; buildConfigurationList = 76EE06A727FD1D01009E0F3A /* Build configuration list for PBXNativeTarget "XCreds" */; buildPhases = ( 76EE069627FD1D00009E0F3A /* Sources */, 76EE069727FD1D00009E0F3A /* Frameworks */, 76EE069827FD1D00009E0F3A /* Resources */, 766CC42C29D3A3DC009BC526 /* Embed Frameworks */, ); buildRules = ( ); dependencies = ( 760292062C116EEE0075FBD8 /* PBXTargetDependency */, 76DC0A7B28837152007C42B2 /* PBXTargetDependency */, 76319376287E19A500D36BF7 /* PBXTargetDependency */, 76319379287E204500D36BF7 /* PBXTargetDependency */, ); name = XCreds; packageProductDependencies = ( 76DD6D16285997F300A700ED /* OIDCLite */, 76319365287D24E100D36BF7 /* ArgumentParser */, 76319368287D24F600D36BF7 /* ArgumentParser */, 762177E52B7144460051B756 /* OIDCLite */, ); productName = xCreds; productReference = 76EE069A27FD1D00009E0F3A /* XCreds.app */; productType = "com.apple.product-type.application"; }; /* End PBXNativeTarget section */ /* Begin PBXProject section */ 76EE069227FD1D00009E0F3A /* Project object */ = { isa = PBXProject; attributes = { BuildIndependentTargetsInParallel = 1; LastSwiftUpdateCheck = 1540; LastUpgradeCheck = 1330; TargetAttributes = { 760291DF2C116E450075FBD8 = { CreatedOnToolsVersion = 15.4; }; 760291F32C116EDB0075FBD8 = { CreatedOnToolsVersion = 15.4; }; 7631935C287D22C700D36BF7 = { CreatedOnToolsVersion = 13.4.1; }; 766355BC2870CA6A002E3867 = { CreatedOnToolsVersion = 13.4.1; LastSwiftMigration = 1340; }; 766F4C4C2883B88F0021F548 = { CreatedOnToolsVersion = 13.4.1; }; 76786F522A27C36A00AA8DB9 = { CreatedOnToolsVersion = 14.3; }; 76786F622A27C62D00AA8DB9 = { CreatedOnToolsVersion = 14.3; }; 76DC0A6428836EB1007C42B2 = { CreatedOnToolsVersion = 13.4.1; }; 76EE069927FD1D00009E0F3A = { CreatedOnToolsVersion = 13.3; }; }; }; buildConfigurationList = 76EE069527FD1D00009E0F3A /* Build configuration list for PBXProject "XCreds" */; compatibilityVersion = "Xcode 13.0"; developmentRegion = en; hasScannedForEncodings = 0; knownRegions = ( en, Base, ); mainGroup = 76EE069127FD1D00009E0F3A; packageReferences = ( 76319364287D24E100D36BF7 /* XCRemoteSwiftPackageReference "swift-argument-parser" */, 762177E42B7144460051B756 /* XCLocalSwiftPackageReference "../OIDCLite" */, ); productRefGroup = 76EE069B27FD1D00009E0F3A /* Products */; projectDirPath = ""; projectRoot = ""; targets = ( 76EE069927FD1D00009E0F3A /* XCreds */, 766355BC2870CA6A002E3867 /* XCredsLoginPlugin */, 7631935C287D22C700D36BF7 /* authrights */, 76DC0A6428836EB1007C42B2 /* XCreds Login Overlay */, 766F4C4C2883B88F0021F548 /* Send To Test */, 76786F522A27C36A00AA8DB9 /* auth_mech_fixup */, 76786F622A27C62D00AA8DB9 /* test */, 760291DF2C116E450075FBD8 /* XCreds Login Autofill */, 760291F32C116EDB0075FBD8 /* XCreds Login Password */, ); }; /* End PBXProject section */ /* Begin PBXResourcesBuildPhase section */ 760291DE2C116E450075FBD8 /* Resources */ = { isa = PBXResourcesBuildPhase; buildActionMask = 2147483647; files = ( 760291E72C116E470075FBD8 /* Assets.xcassets in Resources */, 760291EA2C116E470075FBD8 /* Base in Resources */, ); runOnlyForDeploymentPostprocessing = 0; }; 760291F22C116EDB0075FBD8 /* Resources */ = { isa = PBXResourcesBuildPhase; buildActionMask = 2147483647; files = ( 760291FB2C116EDB0075FBD8 /* Base in Resources */, ); runOnlyForDeploymentPostprocessing = 0; }; 766355BB2870CA6A002E3867 /* Resources */ = { isa = PBXResourcesBuildPhase; buildActionMask = 2147483647; files = ( 76BEF8002872A3030013E2A1 /* loginwindow@2x.png in Resources */, 766355D928711C51002E3867 /* defaults.plist in Resources */, 7613FDF7289E114F00340CCD /* loadpage.html in Resources */, 7659CA07298E1BB6005D1AA3 /* DefaultBackground.png in Resources */, 766355D52870F29A002E3867 /* TestWindowController.xib in Resources */, 76CCF5452B12E478003F85E9 /* SelectLocalAccountWindowController.xib in Resources */, 7651EDED2A1451590075980B /* LocalUsersViewController.xib in Resources */, 761B486928A34CC900C6A02B /* LoginProgressWindowController.xib in Resources */, 766CC43829D3AED2009BC526 /* errorpage.html in Resources */, 7614D03C2B181A5D006EAF36 /* icon_128x128.png in Resources */, 76BEF7E4287202090013E2A1 /* RestartX.png in Resources */, 76D925D32894ADB4005C3245 /* Assets.xcassets in Resources */, 76BEF8012872A3030013E2A1 /* loginwindow.png in Resources */, 766355D12870EBAD002E3867 /* VerifyOIDCPassword.xib in Resources */, 76EECCFC2873E6E200483C66 /* VerifyLocalPasswordWindowController.xib in Resources */, 76BEF7E8287202AF0013E2A1 /* ShutdownX.png in Resources */, 76FDC5D72B22D47A0035D61E /* MainLoginWindowController.xib in Resources */, 76E466672B1A4C16006529B6 /* UpdatePasswordWindowController.xib in Resources */, 76C0840B2A9A311E008039FA /* ControlsViewController.xib in Resources */, 76BEF7E5287202090013E2A1 /* RestartX@2x.png in Resources */, 7651EDF72A1474330075980B /* LoginWebViewController.xib in Resources */, 7677908828908E40004E7085 /* WifiWindowController.xib in Resources */, 76DB5CF52A09AE9A0014F8E1 /* get_pw.js in Resources */, 76BEF7E9287202AF0013E2A1 /* ShutdownX@2x.png in Resources */, ); runOnlyForDeploymentPostprocessing = 0; }; 76DC0A6328836EB1007C42B2 /* Resources */ = { isa = PBXResourcesBuildPhase; buildActionMask = 2147483647; files = ( 76DC0A83288382D2007C42B2 /* returnArrow.png in Resources */, 76DC0A6A28836EB2007C42B2 /* Assets.xcassets in Resources */, 76DC0A6D28836EB2007C42B2 /* MainMenu.xib in Resources */, 76DC0A79288370BA007C42B2 /* com.twocanoes.xcreds-overlay.plist in Resources */, 76DC0A7428836F45007C42B2 /* RestartX@2x.png in Resources */, 766F4C4B2883AFD90021F548 /* pleaseWaitGraphic.png in Resources */, ); runOnlyForDeploymentPostprocessing = 0; }; 76EE069827FD1D00009E0F3A /* Resources */ = { isa = PBXResourcesBuildPhase; buildActionMask = 2147483647; files = ( 760291EF2C116E5F0075FBD8 /* XCreds Login Autofill.app in Resources */, 76DC0A7C28837158007C42B2 /* XCreds Login Overlay.app in Resources */, 76DB5CF42A09AE9A0014F8E1 /* get_pw.js in Resources */, 762761602B294A7C0067D1D4 /* icon_128x128.png in Resources */, 76CB907E288112C200C70D0C /* xcreds_login.sh in Resources */, 76319377287E1FAF00D36BF7 /* authrights in Resources */, 76319374287E198C00D36BF7 /* XCredsLoginPlugin.bundle in Resources */, 76D175742B23C57500E64A62 /* LocalUsersViewController.xib in Resources */, 76EE06B627FD1E79009E0F3A /* PreferencesWindow.xib in Resources */, 76EE06A027FD1D01009E0F3A /* Assets.xcassets in Resources */, 764D812F284C06AB00B3EE54 /* defaults.plist in Resources */, 764D8133284D14A500B3EE54 /* Credits.txt in Resources */, 7681FEC72A4C8BC800F91CD1 /* AboutWindow.xib in Resources */, 76673CD229D3CFF900452848 /* errorpage.html in Resources */, 764D812D284BCC7400B3EE54 /* VerifyOIDCPassword.xib in Resources */, 76FDC5DB2B235A4F0035D61E /* StatusMenuWindowController.xib in Resources */, 76C63A322A22872700810C53 /* History.md in Resources */, 764D8127284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.xib in Resources */, 76DF7FD52B50FA9A00B3B543 /* UpdatePasswordWindowController.xib in Resources */, 7649056F2B6CADA9008B552F /* xcredsmenuItemWindowBackgroundImage.png in Resources */, 76EE06A327FD1D01009E0F3A /* MainMenu.xib in Resources */, 76D1756A2B23C28700E64A62 /* MainLoginWindowController.xib in Resources */, 76EE06B227FD1E24009E0F3A /* DesktopLoginWindowController.xib in Resources */, 7681FEC92A4CFEA200F91CD1 /* com.twocanoes.xcreds.plist in Resources */, 76F0B6E02B421FC8008F7D71 /* loadpage.html in Resources */, ); runOnlyForDeploymentPostprocessing = 0; }; /* End PBXResourcesBuildPhase section */ /* Begin PBXSourcesBuildPhase section */ 760291DC2C116E450075FBD8 /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 760292132C11763B0075FBD8 /* PrefKeys.swift in Sources */, 760292142C1176450075FBD8 /* LogShim.swift in Sources */, 7602921C2C117B400075FBD8 /* PasswordUtils.swift in Sources */, 760291E52C116E450075FBD8 /* ViewController.swift in Sources */, 760292162C1176A90075FBD8 /* TCSUnifiedLogger.m in Sources */, 7602921D2C117B490075FBD8 /* DSQueryable.swift in Sources */, 760292192C1178090075FBD8 /* NSFileManager+TCSRealHomeFolder.m in Sources */, 7602920F2C1175DA0075FBD8 /* LoggerHelper.swift in Sources */, 760291E32C116E450075FBD8 /* AppDelegate.swift in Sources */, 760292112C1176010075FBD8 /* UNIXUtilities.swift in Sources */, 760292172C1176BE0075FBD8 /* DataExtension.swift in Sources */, 7602920E2C1175D20075FBD8 /* DefaultsOverride.swift in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; 760291F02C116EDB0075FBD8 /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 760291F82C116EDB0075FBD8 /* CredentialProviderViewController.swift in Sources */, 7602920B2C1175620075FBD8 /* PrefKeys.swift in Sources */, 7602921B2C117B3F0075FBD8 /* PasswordUtils.swift in Sources */, 760292072C11751E0075FBD8 /* KeychainUtil.swift in Sources */, 760292152C1176450075FBD8 /* LogShim.swift in Sources */, 7602921E2C117B490075FBD8 /* DSQueryable.swift in Sources */, 7602921A2C1178090075FBD8 /* NSFileManager+TCSRealHomeFolder.m in Sources */, 760292092C1175360075FBD8 /* TCSUnifiedLogger.m in Sources */, 7602920D2C1175D20075FBD8 /* DefaultsOverride.swift in Sources */, 760292102C1175DA0075FBD8 /* LoggerHelper.swift in Sources */, 760292182C1176BF0075FBD8 /* DataExtension.swift in Sources */, 760292122C1176010075FBD8 /* UNIXUtilities.swift in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; 76319359287D22C700D36BF7 /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 76319360287D22C700D36BF7 /* authrights.swift in Sources */, 7631936D287D2A6200D36BF7 /* LoggerHelper.swift in Sources */, 7631936C287D29B700D36BF7 /* AuthorizationDBManager.swift in Sources */, 7631936E287D2AB100D36BF7 /* TCSUnifiedLogger.m in Sources */, 76319370287DE24D00D36BF7 /* NSFileManager+TCSRealHomeFolder.m in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; 766355B92870CA6A002E3867 /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 7632E3A32873581100E37923 /* KeychainUtil.swift in Sources */, 76CCF5442B12E478003F85E9 /* SelectLocalAccountWindowController.swift in Sources */, 76B882AB29CCFD7A00BB8186 /* TCSKeychain.m in Sources */, 54848E8F2B47336D000DF420 /* KerbUtil.m in Sources */, 76BEF7DD2871F5F00013E2A1 /* TCSReturnWindow.m in Sources */, 76EECCFB2873DFFB00483C66 /* PasswordUtils.swift in Sources */, 76DF50B62A1C5EFF007BC708 /* DefaultsOverride.swift in Sources */, 7657DEB02B3503BF003A23DB /* SessionManager.swift in Sources */, 7657DEB72B3504A6003A23DB /* UserRecord.swift in Sources */, 7632E3A12873497C00E37923 /* LogShim.swift in Sources */, 760418D52A1332520051411B /* DS+AD.swift in Sources */, 76FDC5D62B22D47A0035D61E /* MainLoginWindowController.swift in Sources */, 76C4BAB12B353A3A007B2C57 /* DNSResolver.m in Sources */, 76BEF7ED28724A0C0013E2A1 /* XCredsBaseMechanism.swift in Sources */, 766355CF2870E9E7002E3867 /* PrefKeys.swift in Sources */, 7657DEB42B350476003A23DB /* NoMADSession.swift in Sources */, 7657DEC42B3505CB003A23DB /* ADLDAPPing.swift in Sources */, 760418D72A1332660051411B /* DSQueryable.swift in Sources */, 76DF1D5B2A2AD42C00770690 /* LocalCheckAndMigrate.swift in Sources */, 761B486C28A3575000C6A02B /* XCredsLoginDone.swift in Sources */, 7657DEC72B3505EB003A23DB /* Extensions.swift in Sources */, 76BEF7F328724F120013E2A1 /* XCredsPowerControlMechanism.swift in Sources */, 76873E302A107736001418A9 /* DefaultsHelper.swift in Sources */, 76B040A528EFC788002A289B /* Helper+JWTDecode.swift in Sources */, 7632909D2876674100CF8857 /* DataExtension.swift in Sources */, 7683973229A854EC003D9B9F /* NSImage+String.swift in Sources */, 761B486A28A34CC900C6A02B /* LoginProgressWindowController.swift in Sources */, 7677908628908E40004E7085 /* WifiWindowController.swift in Sources */, 76E466662B1A4C16006529B6 /* UpdatePasswordWindowController.swift in Sources */, 76EECCFD2873E9ED00483C66 /* VerifyLocalPasswordWindowController.swift in Sources */, 76D4726E2B43B8FB0064380C /* TCTaskWrapperWithBlocks.m in Sources */, 76BEF7EC28724A0B0013E2A1 /* XCredsLoginMechanism.swift in Sources */, 766355CA2870DCF5002E3867 /* TCSUnifiedLogger.m in Sources */, 76C4BAB02B353A30007B2C57 /* KlistUtil.swift in Sources */, 76CB9078287FBEEA00C70D0C /* Helper+URLDecode.swift in Sources */, 766355E328713C4A002E3867 /* LoginWindow.swift in Sources */, 76B882AF29CCFDAE00BB8186 /* NSData+SHA1.m in Sources */, 76BEF7F82872504C0013E2A1 /* ContextAndHintHandling.swift in Sources */, 766355E6287148C1002E3867 /* Tokens.swift in Sources */, 766355CC2870E9AD002E3867 /* WebViewController.swift in Sources */, 760418D92A1332770051411B /* SystemInfoHelper.swift in Sources */, 76673CD629D3D5F500452848 /* LicenseChecker.swift in Sources */, 767B939D2A28289E0038935E /* View+Shake.swift in Sources */, 760418D22A1332210051411B /* SignInWindowController.swift in Sources */, 7611CEC0288B75140063A644 /* XCredsCreateUser.swift in Sources */, 764859F22B2FA2E800507C16 /* Window+ForceToFront.swift in Sources */, 766355D42870F29A002E3867 /* TestWindowController.swift in Sources */, 766355C32870CB6F002E3867 /* XCredsLoginPlugin.m in Sources */, 766355CB2870E5E9002E3867 /* NSFileManager+TCSRealHomeFolder.m in Sources */, 7632E39F287347C100E37923 /* XCredsKeychainAdd.swift in Sources */, 76D1757E2B24096C00E64A62 /* MainLoginWindow.swift in Sources */, 7677908728908E40004E7085 /* WifiManager.swift in Sources */, 76BEF7FA28726C700013E2A1 /* AuthorizationDBManager.swift in Sources */, 76BEF7E12871F74D0013E2A1 /* ControlsViewController.swift in Sources */, 76EECD012875135900483C66 /* LoggerHelper.swift in Sources */, 7611CEC2288B96760063A644 /* XCredsEnableFDE.swift in Sources */, 7657DEBD2B35055F003A23DB /* Logger.swift in Sources */, 76EECCFE2873EA6500483C66 /* Window+Shake.swift in Sources */, 76B882B329CCFDBA00BB8186 /* NSData+HexString.m in Sources */, 7632E3A2287357CC00E37923 /* TokenManager.swift in Sources */, 76BEF7F628724FA80013E2A1 /* NSTaskWrapper.swift in Sources */, 76EECD0528753C7F00483C66 /* String+Base64URLEncoded.swift in Sources */, 7657DECD2B35061E003A23DB /* SiteManager.swift in Sources */, 760148A92B23639D00E119A2 /* NSBundle+FindBundlePath.swift in Sources */, 76E74DD02B3902F0004C6429 /* XCredsMechanismProtocol.swift in Sources */, 766355DB287132E9002E3867 /* LoginWebViewController.swift in Sources */, 7657DEDA2B351B5B003A23DB /* UNIXUtilities.swift in Sources */, 089B22F12AFAED280006B6BC /* NetworkMonitor.swift in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; 76786F4F2A27C36A00AA8DB9 /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 76786F5E2A27C60800AA8DB9 /* LoggerHelper.swift in Sources */, 76786F5A2A27C37100AA8DB9 /* AuthRightsHelper.swift in Sources */, 76786F6B2A27C79100AA8DB9 /* NSFileManager+TCSRealHomeFolder.m in Sources */, 76786F5D2A27C3B300AA8DB9 /* TCSUnifiedLogger.m in Sources */, 76786F5B2A27C38800AA8DB9 /* AuthorizationDBManager.swift in Sources */, 76786F562A27C36A00AA8DB9 /* main.swift in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; 76786F5F2A27C62D00AA8DB9 /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 76786F662A27C62D00AA8DB9 /* main.swift in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; 76DC0A6128836EB1007C42B2 /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 76DC0A8528838467007C42B2 /* LoggerHelper.swift in Sources */, 76DC0A7328836EFE007C42B2 /* TCSReturnWindow.m in Sources */, 76DC0A88288387D8007C42B2 /* NSFileManager+TCSRealHomeFolder.m in Sources */, 76DC0A8428838375007C42B2 /* AuthorizationDBManager.swift in Sources */, 76DC0A8628838656007C42B2 /* TCSUnifiedLogger.m in Sources */, 76DC0A7E288376BC007C42B2 /* TCSXCredsLoginOverlayWindow.swift in Sources */, 767C42842AC6645700542099 /* AuthRightsHelper.swift in Sources */, 76DC0A87288386FA007C42B2 /* NSTaskWrapper.swift in Sources */, 76C4BABC2B3544C6007B2C57 /* UNIXUtilities.swift in Sources */, 76DC0A6828836EB1007C42B2 /* AppDelegate.swift in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; 76EE069627FD1D00009E0F3A /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 760148AA2B2365F100E119A2 /* NSBundle+FindBundlePath.swift in Sources */, 76E74DD32B390358004C6429 /* LoginWebViewController.swift in Sources */, 089B22F22AFAED810006B6BC /* NetworkMonitor.swift in Sources */, 76EECD0228752C1F00483C66 /* LoginWindow.swift in Sources */, 76673CD529D3D5F500452848 /* LicenseChecker.swift in Sources */, 761121B82B3D26F5005F7D02 /* LocalCheckAndMigrate.swift in Sources */, 76E74DD22B39034B004C6429 /* SelectLocalAccountWindowController.swift in Sources */, 767116A7284AABC500CCD6FF /* NotifyManager.swift in Sources */, 76EE06B827FD1EB7009E0F3A /* PreferencesWindowController.swift in Sources */, 76A8A4E32A0DF7C700AA6054 /* NSTaskWrapper.swift in Sources */, 76EE06AE27FD1DC3009E0F3A /* PrefKeys.swift in Sources */, 767116B3284B045800CCD6FF /* KeychainUtil.swift in Sources */, 76CB907B2880E41E00C70D0C /* LogShim.swift in Sources */, 7657DEC92B350606003A23DB /* KlistUtil.swift in Sources */, 764D812C284BCC7400B3EE54 /* VerifyOIDCPasswordWindowController.swift in Sources */, 76E74DD42B39037A004C6429 /* LoginProgressWindowController.swift in Sources */, 7623384D2B53029D00F2D714 /* ShareMounter.swift in Sources */, 7657DEB32B350476003A23DB /* NoMADSession.swift in Sources */, 760418E02A133A370051411B /* DSQueryable.swift in Sources */, 76319373287E18BF00D36BF7 /* DataExtension.swift in Sources */, 76E74DD12B390327004C6429 /* ContextAndHintHandling.swift in Sources */, 76EECD002875135900483C66 /* LoggerHelper.swift in Sources */, 54848E902B47336D000DF420 /* KerbUtil.m in Sources */, 76873E2F2A107736001418A9 /* DefaultsHelper.swift in Sources */, 76D175772B23C62A00E64A62 /* UpdatePasswordWindowController.swift in Sources */, 7683973129A854EC003D9B9F /* NSImage+String.swift in Sources */, 76FDC5DA2B235A4F0035D61E /* StatusMenuWindowController.swift in Sources */, 761121B92B3D26FB005F7D02 /* DS+AD.swift in Sources */, 76CB9077287FBEEA00C70D0C /* Helper+URLDecode.swift in Sources */, 764D8129284BCAB100B3EE54 /* Window+Shake.swift in Sources */, 764D8126284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.swift in Sources */, 76EE069E27FD1D00009E0F3A /* AppDelegate.swift in Sources */, 76D7ADFB284EB15100332EBC /* TCSUnifiedLogger.m in Sources */, 7657DEBC2B35055F003A23DB /* Logger.swift in Sources */, 7657DEB62B3504A6003A23DB /* UserRecord.swift in Sources */, 761121B62B3D24FE005F7D02 /* SignInWindowController.swift in Sources */, 761121B72B3D26EE005F7D02 /* SystemInfoHelper.swift in Sources */, 7657DEAF2B3503BF003A23DB /* SessionManager.swift in Sources */, 7681FEC52A4C8B9000F91CD1 /* AboutWindowController.swift in Sources */, 768633D92AFC4908004065E5 /* WifiManager.swift in Sources */, 7657DED92B351B5B003A23DB /* UNIXUtilities.swift in Sources */, 76E74DCF2B3902F0004C6429 /* XCredsMechanismProtocol.swift in Sources */, 76EE06C227FD1F50009E0F3A /* StatusMenuController.swift in Sources */, 76EE06B027FD1DD8009E0F3A /* Window+ForceToFront.swift in Sources */, 76D4726D2B43B8FB0064380C /* TCTaskWrapperWithBlocks.m in Sources */, 767116B1284B021500CCD6FF /* MainController.swift in Sources */, 7657DECC2B35061E003A23DB /* SiteManager.swift in Sources */, 76B040A428EFC788002A289B /* Helper+JWTDecode.swift in Sources */, 767116A9284AAE2B00CCD6FF /* ScheduleManager.swift in Sources */, 766FD60D2A1B06AC00C8F244 /* DefaultsOverride.swift in Sources */, 767116AC284AB4C000CCD6FF /* PasswordUtils.swift in Sources */, 76B882AA29CCFD7A00BB8186 /* TCSKeychain.m in Sources */, 766355E5287148C1002E3867 /* Tokens.swift in Sources */, 7657DEC32B3505CB003A23DB /* ADLDAPPing.swift in Sources */, 76EE06AC27FD1D92009E0F3A /* TokenManager.swift in Sources */, 76B882B229CCFDBA00BB8186 /* NSData+HexString.m in Sources */, 7623384C2B53029D00F2D714 /* ShareMounterMenu.swift in Sources */, 7657DEC02B3505A3003A23DB /* DNSResolver.m in Sources */, 76E9CE702A0DC6E30060220C /* TCSLoginWindowUtilities.m in Sources */, 76342E5A2B282653007D4F29 /* DesktopLoginWindowController.swift in Sources */, 76D7ADFE284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m in Sources */, 76EECD0428753C7F00483C66 /* String+Base64URLEncoded.swift in Sources */, 7657DEC62B3505EB003A23DB /* Extensions.swift in Sources */, 766355DC287133C7002E3867 /* WebViewController.swift in Sources */, 76D175712B23C2DB00E64A62 /* AuthorizationDBManager.swift in Sources */, 767B939C2A28279E0038935E /* View+Shake.swift in Sources */, 76B882AE29CCFDAE00BB8186 /* NSData+SHA1.m in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; /* End PBXSourcesBuildPhase section */ /* Begin PBXTargetDependency section */ 760291FF2C116EDB0075FBD8 /* PBXTargetDependency */ = { isa = PBXTargetDependency; target = 760291F32C116EDB0075FBD8 /* XCreds Login Password */; targetProxy = 760291FE2C116EDB0075FBD8 /* PBXContainerItemProxy */; }; 760292062C116EEE0075FBD8 /* PBXTargetDependency */ = { isa = PBXTargetDependency; target = 760291DF2C116E450075FBD8 /* XCreds Login Autofill */; targetProxy = 760292052C116EEE0075FBD8 /* PBXContainerItemProxy */; }; 76319376287E19A500D36BF7 /* PBXTargetDependency */ = { isa = PBXTargetDependency; target = 766355BC2870CA6A002E3867 /* XCredsLoginPlugin */; targetProxy = 76319375287E19A500D36BF7 /* PBXContainerItemProxy */; }; 76319379287E204500D36BF7 /* PBXTargetDependency */ = { isa = PBXTargetDependency; target = 7631935C287D22C700D36BF7 /* authrights */; targetProxy = 76319378287E204500D36BF7 /* PBXContainerItemProxy */; }; 76DC0A7B28837152007C42B2 /* PBXTargetDependency */ = { isa = PBXTargetDependency; target = 76DC0A6428836EB1007C42B2 /* XCreds Login Overlay */; targetProxy = 76DC0A7A28837152007C42B2 /* PBXContainerItemProxy */; }; /* End PBXTargetDependency section */ /* Begin PBXVariantGroup section */ 760291E82C116E470075FBD8 /* Main.storyboard */ = { isa = PBXVariantGroup; children = ( 760291E92C116E470075FBD8 /* Base */, ); name = Main.storyboard; sourceTree = ""; }; 760291F92C116EDB0075FBD8 /* CredentialProviderViewController.xib */ = { isa = PBXVariantGroup; children = ( 760291FA2C116EDB0075FBD8 /* Base */, ); name = CredentialProviderViewController.xib; sourceTree = ""; }; 76DC0A6B28836EB2007C42B2 /* MainMenu.xib */ = { isa = PBXVariantGroup; children = ( 76DC0A6C28836EB2007C42B2 /* Base */, ); name = MainMenu.xib; sourceTree = ""; }; 76EE06A127FD1D01009E0F3A /* MainMenu.xib */ = { isa = PBXVariantGroup; children = ( 76EE06A227FD1D01009E0F3A /* Base */, ); name = MainMenu.xib; sourceTree = ""; }; /* End PBXVariantGroup section */ /* Begin XCBuildConfiguration section */ 760291ED2C116E470075FBD8 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES = YES; ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES; ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CODE_SIGN_ENTITLEMENTS = "XCreds AutoFill/XCreds_AutoFill.entitlements"; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; CURRENT_PROJECT_VERSION = 10; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; ENABLE_USER_SCRIPT_SANDBOXING = YES; GCC_C_LANGUAGE_STANDARD = gnu17; GCC_PREPROCESSOR_DEFINITIONS = ( "AUTOFILL_TARGET=1", "DEBUG=1", "$(inherited)", ); GENERATE_INFOPLIST_FILE = YES; INFOPLIST_KEY_NSHumanReadableCopyright = ""; INFOPLIST_KEY_NSMainStoryboardFile = Main; INFOPLIST_KEY_NSPrincipalClass = NSApplication; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", ); LOCALIZATION_PREFERS_STRING_CATALOGS = YES; MACOSX_DEPLOYMENT_TARGET = 13.0; MARKETING_VERSION = 1.0; PRODUCT_BUNDLE_IDENTIFIER = "com.twocanoes.xcreds.XCreds-AutoFill"; PRODUCT_NAME = "$(TARGET_NAME)"; SWIFT_ACTIVE_COMPILATION_CONDITIONS = "DEBUG $(inherited)"; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Debug; }; 760291EE2C116E470075FBD8 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES = YES; ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES; ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CODE_SIGN_ENTITLEMENTS = "XCreds AutoFill/XCreds_AutoFill.entitlements"; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; CURRENT_PROJECT_VERSION = 10; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; ENABLE_USER_SCRIPT_SANDBOXING = YES; GCC_C_LANGUAGE_STANDARD = gnu17; GCC_PREPROCESSOR_DEFINITIONS = "AUTOFILL_TARGET=1"; GENERATE_INFOPLIST_FILE = YES; INFOPLIST_KEY_NSHumanReadableCopyright = ""; INFOPLIST_KEY_NSMainStoryboardFile = Main; INFOPLIST_KEY_NSPrincipalClass = NSApplication; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", ); LOCALIZATION_PREFERS_STRING_CATALOGS = YES; MACOSX_DEPLOYMENT_TARGET = 13.0; MARKETING_VERSION = 1.0; PRODUCT_BUNDLE_IDENTIFIER = "com.twocanoes.xcreds.XCreds-AutoFill"; PRODUCT_NAME = "$(TARGET_NAME)"; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Release; }; 760292022C116EDB0075FBD8 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES; CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CODE_SIGN_ENTITLEMENTS = "XCreds AutoFill Extension/XCreds_AutoFill_Extension.entitlements"; CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 10; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; ENABLE_USER_SCRIPT_SANDBOXING = YES; GCC_C_LANGUAGE_STANDARD = gnu17; GCC_PREPROCESSOR_DEFINITIONS = ( "DEBUG=1", "AUTOFILL_TARGET=1", "$(inherited)", ); GENERATE_INFOPLIST_FILE = YES; INFOPLIST_FILE = "XCreds AutoFill Extension/Info.plist"; INFOPLIST_KEY_CFBundleDisplayName = "XCreds AutoFill Extension"; INFOPLIST_KEY_NSHumanReadableCopyright = ""; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", "@executable_path/../../../../Frameworks", ); LOCALIZATION_PREFERS_STRING_CATALOGS = YES; MACOSX_DEPLOYMENT_TARGET = 13.0; MARKETING_VERSION = 1.0; PRODUCT_BUNDLE_IDENTIFIER = "com.twocanoes.xcreds.XCreds-AutoFill.XCreds-AutoFill-Extension"; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; SWIFT_ACTIVE_COMPILATION_CONDITIONS = "DEBUG $(inherited)"; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Debug; }; 760292032C116EDB0075FBD8 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES; CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CODE_SIGN_ENTITLEMENTS = "XCreds AutoFill Extension/XCreds_AutoFill_Extension.entitlements"; CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 10; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; ENABLE_USER_SCRIPT_SANDBOXING = YES; GCC_C_LANGUAGE_STANDARD = gnu17; GCC_PREPROCESSOR_DEFINITIONS = "AUTOFILL_TARGET=1"; GENERATE_INFOPLIST_FILE = YES; INFOPLIST_FILE = "XCreds AutoFill Extension/Info.plist"; INFOPLIST_KEY_CFBundleDisplayName = "XCreds AutoFill Extension"; INFOPLIST_KEY_NSHumanReadableCopyright = ""; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", "@executable_path/../../../../Frameworks", ); LOCALIZATION_PREFERS_STRING_CATALOGS = YES; MACOSX_DEPLOYMENT_TARGET = 13.0; MARKETING_VERSION = 1.0; PRODUCT_BUNDLE_IDENTIFIER = "com.twocanoes.xcreds.XCreds-AutoFill.XCreds-AutoFill-Extension"; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Release; }; 76319361287D22C700D36BF7 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { CODE_SIGN_STYLE = Automatic; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = "\"$(SRCROOT)/Carthage/Build/Mac\""; MACOSX_DEPLOYMENT_TARGET = 11.0; MARKETING_VERSION = 4.2; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCredsLoginPlugin-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Debug; }; 76319362287D22C700D36BF7 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { CODE_SIGN_STYLE = Automatic; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = "\"$(SRCROOT)/Carthage/Build/Mac\""; MACOSX_DEPLOYMENT_TARGET = 11.0; MARKETING_VERSION = 4.2; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCredsLoginPlugin-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Release; }; 766355BE2870CA6A002E3867 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; <<<<<<<<< Temporary merge branch 1 CURRENT_PROJECT_VERSION = 10; ========= CURRENT_PROJECT_VERSION = 6409; >>>>>>>>> Temporary merge branch 2 DEFINES_MODULE = YES; DEVELOPMENT_TEAM = UXP6YEHSPW; FRAMEWORK_SEARCH_PATHS = ( "\"$(SRCROOT)/Carthage/Build/Mac\"", "$(PROJECT_DIR)/Carthage/Build/Mac", ); GENERATE_INFOPLIST_FILE = YES; HEADER_SEARCH_PATHS = headers; INFOPLIST_FILE = XCredsLoginPlugin/Info.plist; INFOPLIST_KEY_NSHumanReadableCopyright = ""; INFOPLIST_KEY_NSPrincipalClass = ""; INSTALL_PATH = "$(LOCAL_LIBRARY_DIR)/Bundles"; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", "@loader_path/../Frameworks", ); MACOSX_DEPLOYMENT_TARGET = 11.0; MARKETING_VERSION = 4.2; PRODUCT_BUNDLE_IDENTIFIER = com.twocanoes.XCredsLoginPlugin; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCredsLoginPlugin-Bridging-Header.h"; SWIFT_VERSION = 5.0; WRAPPER_EXTENSION = bundle; }; name = Debug; }; 766355BF2870CA6A002E3867 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; <<<<<<<<< Temporary merge branch 1 CURRENT_PROJECT_VERSION = 10; ========= CURRENT_PROJECT_VERSION = 6409; >>>>>>>>> Temporary merge branch 2 DEFINES_MODULE = YES; DEVELOPMENT_TEAM = UXP6YEHSPW; FRAMEWORK_SEARCH_PATHS = ( "\"$(SRCROOT)/Carthage/Build/Mac\"", "$(PROJECT_DIR)/Carthage/Build/Mac", ); GENERATE_INFOPLIST_FILE = YES; HEADER_SEARCH_PATHS = headers; INFOPLIST_FILE = XCredsLoginPlugin/Info.plist; INFOPLIST_KEY_NSHumanReadableCopyright = ""; INFOPLIST_KEY_NSPrincipalClass = ""; INSTALL_PATH = "$(LOCAL_LIBRARY_DIR)/Bundles"; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", "@loader_path/../Frameworks", ); MACOSX_DEPLOYMENT_TARGET = 11.0; MARKETING_VERSION = 4.2; PRODUCT_BUNDLE_IDENTIFIER = com.twocanoes.XCredsLoginPlugin; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCredsLoginPlugin-Bridging-Header.h"; SWIFT_VERSION = 5.0; WRAPPER_EXTENSION = bundle; }; name = Release; }; 766F4C4E2883B88F0021F548 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { CODE_SIGN_STYLE = Automatic; DEBUGGING_SYMBOLS = YES; DEBUG_INFORMATION_FORMAT = dwarf; DEVELOPMENT_TEAM = UXP6YEHSPW; GCC_GENERATE_DEBUGGING_SYMBOLS = YES; GCC_OPTIMIZATION_LEVEL = 0; OTHER_CFLAGS = ""; OTHER_LDFLAGS = ""; PRODUCT_NAME = "$(TARGET_NAME)"; }; name = Debug; }; 766F4C4F2883B88F0021F548 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { CODE_SIGN_STYLE = Automatic; DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; DEVELOPMENT_TEAM = UXP6YEHSPW; OTHER_CFLAGS = ""; OTHER_LDFLAGS = ""; PRODUCT_NAME = "$(TARGET_NAME)"; }; name = Release; }; 76786F582A27C36A00AA8DB9 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CODE_SIGN_STYLE = Automatic; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; MACOSX_DEPLOYMENT_TARGET = 13.3; PRODUCT_NAME = "$(TARGET_NAME)"; SWIFT_OBJC_BRIDGING_HEADER = "auth_mech_fixup/auth_mech_fixup-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Debug; }; 76786F592A27C36A00AA8DB9 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CODE_SIGN_STYLE = Automatic; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; MACOSX_DEPLOYMENT_TARGET = 13.3; PRODUCT_NAME = "$(TARGET_NAME)"; SWIFT_OBJC_BRIDGING_HEADER = "auth_mech_fixup/auth_mech_fixup-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Release; }; 76786F682A27C62D00AA8DB9 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CODE_SIGN_STYLE = Automatic; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; MACOSX_DEPLOYMENT_TARGET = 13.3; PRODUCT_NAME = "$(TARGET_NAME)"; SWIFT_VERSION = 5.0; }; name = Debug; }; 76786F692A27C62D00AA8DB9 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CODE_SIGN_STYLE = Automatic; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; MACOSX_DEPLOYMENT_TARGET = 13.3; PRODUCT_NAME = "$(TARGET_NAME)"; SWIFT_VERSION = 5.0; }; name = Release; }; 76DC0A7028836EB2007C42B2 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; CODE_SIGN_ENTITLEMENTS = "XCreds Login Overlay/XCreds_Login_Overlay.entitlements"; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; <<<<<<<<< Temporary merge branch 1 CURRENT_PROJECT_VERSION = 10; ========= CURRENT_PROJECT_VERSION = 6409; >>>>>>>>> Temporary merge branch 2 DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = ( "\"$(SRCROOT)/Carthage/Build/Mac\"", "$(PROJECT_DIR)/Carthage/Build/Mac", ); GENERATE_INFOPLIST_FILE = YES; INFOPLIST_FILE = "XCreds-Login-Overlay-Info.plist"; INFOPLIST_KEY_NSHumanReadableCopyright = ""; INFOPLIST_KEY_NSMainNibFile = MainMenu; INFOPLIST_KEY_NSPrincipalClass = NSApplication; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", ); MACOSX_DEPLOYMENT_TARGET = 11.0; MARKETING_VERSION = 4.2; PRODUCT_BUNDLE_IDENTIFIER = "com.twocanoes.XCreds-Login-Overlay"; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Debug; }; 76DC0A7128836EB2007C42B2 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; CODE_SIGN_ENTITLEMENTS = "XCreds Login Overlay/XCreds_Login_Overlay.entitlements"; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; <<<<<<<<< Temporary merge branch 1 CURRENT_PROJECT_VERSION = 10; ========= CURRENT_PROJECT_VERSION = 6409; >>>>>>>>> Temporary merge branch 2 DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = ( "\"$(SRCROOT)/Carthage/Build/Mac\"", "$(PROJECT_DIR)/Carthage/Build/Mac", ); GENERATE_INFOPLIST_FILE = YES; INFOPLIST_FILE = "XCreds-Login-Overlay-Info.plist"; INFOPLIST_KEY_NSHumanReadableCopyright = ""; INFOPLIST_KEY_NSMainNibFile = MainMenu; INFOPLIST_KEY_NSPrincipalClass = NSApplication; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", ); MACOSX_DEPLOYMENT_TARGET = 11.0; MARKETING_VERSION = 4.2; PRODUCT_BUNDLE_IDENTIFIER = "com.twocanoes.XCreds-Login-Overlay"; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Release; }; 76EE06A527FD1D01009E0F3A /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { ALWAYS_SEARCH_USER_PATHS = NO; CLANG_ANALYZER_NONNULL = YES; CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; CLANG_CXX_LANGUAGE_STANDARD = "gnu++17"; CLANG_ENABLE_MODULES = YES; CLANG_ENABLE_OBJC_ARC = YES; CLANG_ENABLE_OBJC_WEAK = YES; CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; CLANG_WARN_BOOL_CONVERSION = YES; CLANG_WARN_COMMA = YES; CLANG_WARN_CONSTANT_CONVERSION = YES; CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; CLANG_WARN_DOCUMENTATION_COMMENTS = YES; CLANG_WARN_EMPTY_BODY = YES; CLANG_WARN_ENUM_CONVERSION = YES; CLANG_WARN_INFINITE_RECURSION = YES; CLANG_WARN_INT_CONVERSION = YES; CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES; CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; CLANG_WARN_STRICT_PROTOTYPES = YES; CLANG_WARN_SUSPICIOUS_MOVE = YES; CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; CLANG_WARN_UNREACHABLE_CODE = YES; CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; COPY_PHASE_STRIP = NO; DEBUG_INFORMATION_FORMAT = dwarf; ENABLE_STRICT_OBJC_MSGSEND = YES; ENABLE_TESTABILITY = YES; GCC_C_LANGUAGE_STANDARD = gnu11; GCC_DYNAMIC_NO_PIC = NO; GCC_NO_COMMON_BLOCKS = YES; GCC_OPTIMIZATION_LEVEL = 0; GCC_PREPROCESSOR_DEFINITIONS = ( "DEBUG=1", "$(inherited)", ); GCC_WARN_64_TO_32_BIT_CONVERSION = YES; GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; GCC_WARN_UNDECLARED_SELECTOR = YES; GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; GCC_WARN_UNUSED_FUNCTION = YES; GCC_WARN_UNUSED_VARIABLE = YES; MACOSX_DEPLOYMENT_TARGET = 11.0; MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE; MTL_FAST_MATH = YES; ONLY_ACTIVE_ARCH = YES; SDKROOT = macosx; SWIFT_ACTIVE_COMPILATION_CONDITIONS = DEBUG; SWIFT_OPTIMIZATION_LEVEL = "-Onone"; }; name = Debug; }; 76EE06A627FD1D01009E0F3A /* Release */ = { isa = XCBuildConfiguration; buildSettings = { ALWAYS_SEARCH_USER_PATHS = NO; CLANG_ANALYZER_NONNULL = YES; CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; CLANG_CXX_LANGUAGE_STANDARD = "gnu++17"; CLANG_ENABLE_MODULES = YES; CLANG_ENABLE_OBJC_ARC = YES; CLANG_ENABLE_OBJC_WEAK = YES; CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; CLANG_WARN_BOOL_CONVERSION = YES; CLANG_WARN_COMMA = YES; CLANG_WARN_CONSTANT_CONVERSION = YES; CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; CLANG_WARN_DOCUMENTATION_COMMENTS = YES; CLANG_WARN_EMPTY_BODY = YES; CLANG_WARN_ENUM_CONVERSION = YES; CLANG_WARN_INFINITE_RECURSION = YES; CLANG_WARN_INT_CONVERSION = YES; CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES; CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; CLANG_WARN_STRICT_PROTOTYPES = YES; CLANG_WARN_SUSPICIOUS_MOVE = YES; CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; CLANG_WARN_UNREACHABLE_CODE = YES; CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; COPY_PHASE_STRIP = NO; DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; ENABLE_NS_ASSERTIONS = NO; ENABLE_STRICT_OBJC_MSGSEND = YES; GCC_C_LANGUAGE_STANDARD = gnu11; GCC_NO_COMMON_BLOCKS = YES; GCC_WARN_64_TO_32_BIT_CONVERSION = YES; GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; GCC_WARN_UNDECLARED_SELECTOR = YES; GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; GCC_WARN_UNUSED_FUNCTION = YES; GCC_WARN_UNUSED_VARIABLE = YES; MACOSX_DEPLOYMENT_TARGET = 11.0; MTL_ENABLE_DEBUG_INFO = NO; MTL_FAST_MATH = YES; SDKROOT = macosx; SWIFT_COMPILATION_MODE = wholemodule; SWIFT_OPTIMIZATION_LEVEL = "-O"; }; name = Release; }; 76EE06A827FD1D01009E0F3A /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES = YES; ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; CODE_SIGN_ENTITLEMENTS = XCreds/xCreds.entitlements; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; <<<<<<<<< Temporary merge branch 1 CURRENT_PROJECT_VERSION = 10; ========= CURRENT_PROJECT_VERSION = 6409; >>>>>>>>> Temporary merge branch 2 DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = ( "\"$(SRCROOT)/Carthage/Build/Mac\"", "$(PROJECT_DIR)/Carthage/Build/Mac", "$(PROJECT_DIR)", ); GENERATE_INFOPLIST_FILE = YES; HEADER_SEARCH_PATHS = headers; INFOPLIST_FILE = XCreds/Info.plist; INFOPLIST_KEY_LSUIElement = YES; INFOPLIST_KEY_NSHumanReadableCopyright = "© 2022 Twocanoes Software, Inc"; INFOPLIST_KEY_NSMainNibFile = MainMenu; INFOPLIST_KEY_NSPrincipalClass = NSApplication; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", ); LIBRARY_SEARCH_PATHS = ( "$(inherited)", "$(SDKROOT)/usr/lib/system", ); MACOSX_DEPLOYMENT_TARGET = 11.0; MARKETING_VERSION = 4.2; PRODUCT_BUNDLE_IDENTIFIER = com.twocanoes.xcreds; PRODUCT_NAME = "$(TARGET_NAME)"; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Debug; }; 76EE06A927FD1D01009E0F3A /* Release */ = { isa = XCBuildConfiguration; buildSettings = { ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES = YES; ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; CODE_SIGN_ENTITLEMENTS = XCreds/xCreds.entitlements; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; <<<<<<<<< Temporary merge branch 1 CURRENT_PROJECT_VERSION = 10; ========= CURRENT_PROJECT_VERSION = 6409; >>>>>>>>> Temporary merge branch 2 DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = ( "\"$(SRCROOT)/Carthage/Build/Mac\"", "$(PROJECT_DIR)/Carthage/Build/Mac", "$(PROJECT_DIR)", ); GENERATE_INFOPLIST_FILE = YES; HEADER_SEARCH_PATHS = headers; INFOPLIST_FILE = XCreds/Info.plist; INFOPLIST_KEY_LSUIElement = YES; INFOPLIST_KEY_NSHumanReadableCopyright = "© 2022 Twocanoes Software, Inc"; INFOPLIST_KEY_NSMainNibFile = MainMenu; INFOPLIST_KEY_NSPrincipalClass = NSApplication; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", ); LIBRARY_SEARCH_PATHS = ( "$(inherited)", "$(SDKROOT)/usr/lib/system", ); MACOSX_DEPLOYMENT_TARGET = 11.0; MARKETING_VERSION = 4.2; PRODUCT_BUNDLE_IDENTIFIER = com.twocanoes.xcreds; PRODUCT_NAME = "$(TARGET_NAME)"; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Release; }; /* End XCBuildConfiguration section */ /* Begin XCConfigurationList section */ 760291EC2C116E470075FBD8 /* Build configuration list for PBXNativeTarget "XCreds Login Autofill" */ = { isa = XCConfigurationList; buildConfigurations = ( 760291ED2C116E470075FBD8 /* Debug */, 760291EE2C116E470075FBD8 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 760292012C116EDB0075FBD8 /* Build configuration list for PBXNativeTarget "XCreds Login Password" */ = { isa = XCConfigurationList; buildConfigurations = ( 760292022C116EDB0075FBD8 /* Debug */, 760292032C116EDB0075FBD8 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 76319363287D22C700D36BF7 /* Build configuration list for PBXNativeTarget "authrights" */ = { isa = XCConfigurationList; buildConfigurations = ( 76319361287D22C700D36BF7 /* Debug */, 76319362287D22C700D36BF7 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 766355C02870CA6A002E3867 /* Build configuration list for PBXNativeTarget "XCredsLoginPlugin" */ = { isa = XCConfigurationList; buildConfigurations = ( 766355BE2870CA6A002E3867 /* Debug */, 766355BF2870CA6A002E3867 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 766F4C4D2883B88F0021F548 /* Build configuration list for PBXLegacyTarget "Send To Test" */ = { isa = XCConfigurationList; buildConfigurations = ( 766F4C4E2883B88F0021F548 /* Debug */, 766F4C4F2883B88F0021F548 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 76786F572A27C36A00AA8DB9 /* Build configuration list for PBXNativeTarget "auth_mech_fixup" */ = { isa = XCConfigurationList; buildConfigurations = ( 76786F582A27C36A00AA8DB9 /* Debug */, 76786F592A27C36A00AA8DB9 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 76786F672A27C62D00AA8DB9 /* Build configuration list for PBXNativeTarget "test" */ = { isa = XCConfigurationList; buildConfigurations = ( 76786F682A27C62D00AA8DB9 /* Debug */, 76786F692A27C62D00AA8DB9 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 76DC0A6F28836EB2007C42B2 /* Build configuration list for PBXNativeTarget "XCreds Login Overlay" */ = { isa = XCConfigurationList; buildConfigurations = ( 76DC0A7028836EB2007C42B2 /* Debug */, 76DC0A7128836EB2007C42B2 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 76EE069527FD1D00009E0F3A /* Build configuration list for PBXProject "XCreds" */ = { isa = XCConfigurationList; buildConfigurations = ( 76EE06A527FD1D01009E0F3A /* Debug */, 76EE06A627FD1D01009E0F3A /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 76EE06A727FD1D01009E0F3A /* Build configuration list for PBXNativeTarget "XCreds" */ = { isa = XCConfigurationList; buildConfigurations = ( 76EE06A827FD1D01009E0F3A /* Debug */, 76EE06A927FD1D01009E0F3A /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; /* End XCConfigurationList section */ /* Begin XCLocalSwiftPackageReference section */ 762177E42B7144460051B756 /* XCLocalSwiftPackageReference "../OIDCLite" */ = { isa = XCLocalSwiftPackageReference; relativePath = ../OIDCLite; }; /* End XCLocalSwiftPackageReference section */ /* Begin XCRemoteSwiftPackageReference section */ 76319364287D24E100D36BF7 /* XCRemoteSwiftPackageReference "swift-argument-parser" */ = { isa = XCRemoteSwiftPackageReference; repositoryURL = "https://github.com/apple/swift-argument-parser.git"; requirement = { kind = upToNextMajorVersion; minimumVersion = 1.0.0; }; }; /* End XCRemoteSwiftPackageReference section */ /* Begin XCSwiftPackageProductDependency section */ 762177E52B7144460051B756 /* OIDCLite */ = { isa = XCSwiftPackageProductDependency; productName = OIDCLite; }; 76319365287D24E100D36BF7 /* ArgumentParser */ = { isa = XCSwiftPackageProductDependency; package = 76319364287D24E100D36BF7 /* XCRemoteSwiftPackageReference "swift-argument-parser" */; productName = ArgumentParser; }; 76319368287D24F600D36BF7 /* ArgumentParser */ = { isa = XCSwiftPackageProductDependency; package = 76319364287D24E100D36BF7 /* XCRemoteSwiftPackageReference "swift-argument-parser" */; productName = ArgumentParser; }; 766355CD2870E9D3002E3867 /* OIDCLite */ = { isa = XCSwiftPackageProductDependency; productName = OIDCLite; }; 76AB89E02A12FAF900529D90 /* OIDCLite */ = { isa = XCSwiftPackageProductDependency; productName = OIDCLite; }; 76AB89E22A12FB4900529D90 /* ArgumentParser */ = { isa = XCSwiftPackageProductDependency; package = 76319364287D24E100D36BF7 /* XCRemoteSwiftPackageReference "swift-argument-parser" */; productName = ArgumentParser; }; 76DD6D16285997F300A700ED /* OIDCLite */ = { isa = XCSwiftPackageProductDependency; productName = OIDCLite; }; /* End XCSwiftPackageProductDependency section */ }; rootObject = 76EE069227FD1D00009E0F3A /* Project object */; } ================================================ FILE: XCreds.xcodeproj/project_LOCAL_63385.pbxproj ================================================ // !$*UTF8*$! { archiveVersion = 1; classes = { }; objectVersion = 60; objects = { /* Begin PBXBuildFile section */ 089B22F12AFAED280006B6BC /* NetworkMonitor.swift in Sources */ = {isa = PBXBuildFile; fileRef = 089B22F02AFAED280006B6BC /* NetworkMonitor.swift */; }; 089B22F22AFAED810006B6BC /* NetworkMonitor.swift in Sources */ = {isa = PBXBuildFile; fileRef = 089B22F02AFAED280006B6BC /* NetworkMonitor.swift */; }; 54848E8F2B47336D000DF420 /* KerbUtil.m in Sources */ = {isa = PBXBuildFile; fileRef = 76C4BABA2B353B4B007B2C57 /* KerbUtil.m */; }; 54848E902B47336D000DF420 /* KerbUtil.m in Sources */ = {isa = PBXBuildFile; fileRef = 76C4BABA2B353B4B007B2C57 /* KerbUtil.m */; }; 760148A92B23639D00E119A2 /* NSBundle+FindBundlePath.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760148A82B23639D00E119A2 /* NSBundle+FindBundlePath.swift */; }; 760148AA2B2365F100E119A2 /* NSBundle+FindBundlePath.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760148A82B23639D00E119A2 /* NSBundle+FindBundlePath.swift */; }; 760418D22A1332210051411B /* SignInWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418CF2A1332210051411B /* SignInWindowController.swift */; }; 760418D52A1332520051411B /* DS+AD.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418D42A1332520051411B /* DS+AD.swift */; }; 760418D72A1332660051411B /* DSQueryable.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418D62A1332660051411B /* DSQueryable.swift */; }; 760418D92A1332770051411B /* SystemInfoHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418D82A1332770051411B /* SystemInfoHelper.swift */; }; 760418E02A133A370051411B /* DSQueryable.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418D62A1332660051411B /* DSQueryable.swift */; }; 761121B62B3D24FE005F7D02 /* SignInWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418CF2A1332210051411B /* SignInWindowController.swift */; }; 761121B72B3D26EE005F7D02 /* SystemInfoHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418D82A1332770051411B /* SystemInfoHelper.swift */; }; 761121B82B3D26F5005F7D02 /* LocalCheckAndMigrate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418DA2A13328C0051411B /* LocalCheckAndMigrate.swift */; }; 761121B92B3D26FB005F7D02 /* DS+AD.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418D42A1332520051411B /* DS+AD.swift */; }; 7611CEC0288B75140063A644 /* XCredsCreateUser.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7611CEBF288B75140063A644 /* XCredsCreateUser.swift */; }; 7611CEC2288B96760063A644 /* XCredsEnableFDE.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7611CEC1288B96760063A644 /* XCredsEnableFDE.swift */; }; 7613FDF7289E114F00340CCD /* loadpage.html in Resources */ = {isa = PBXBuildFile; fileRef = 7613FDF6289E114F00340CCD /* loadpage.html */; }; 7614D03C2B181A5D006EAF36 /* icon_128x128.png in Resources */ = {isa = PBXBuildFile; fileRef = 7614D03B2B181A5D006EAF36 /* icon_128x128.png */; }; 761B486928A34CC900C6A02B /* LoginProgressWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 761B486728A34CC900C6A02B /* LoginProgressWindowController.xib */; }; 761B486A28A34CC900C6A02B /* LoginProgressWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 761B486828A34CC900C6A02B /* LoginProgressWindowController.swift */; }; 761B486C28A3575000C6A02B /* XCredsLoginDone.swift in Sources */ = {isa = PBXBuildFile; fileRef = 761B486B28A3575000C6A02B /* XCredsLoginDone.swift */; }; 762177E62B7144460051B756 /* OIDCLite in Frameworks */ = {isa = PBXBuildFile; productRef = 762177E52B7144460051B756 /* OIDCLite */; }; 7623384C2B53029D00F2D714 /* ShareMounterMenu.swift in Sources */ = {isa = PBXBuildFile; fileRef = 763DDF152B4F100D000D48CC /* ShareMounterMenu.swift */; }; 7623384D2B53029D00F2D714 /* ShareMounter.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76C4ACBE2B3D0F8D003B3605 /* ShareMounter.swift */; }; 762761602B294A7C0067D1D4 /* icon_128x128.png in Resources */ = {isa = PBXBuildFile; fileRef = 7614D03B2B181A5D006EAF36 /* icon_128x128.png */; }; 76319360287D22C700D36BF7 /* authrights.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7631935F287D22C700D36BF7 /* authrights.swift */; }; 76319366287D24E100D36BF7 /* ArgumentParser in Frameworks */ = {isa = PBXBuildFile; productRef = 76319365287D24E100D36BF7 /* ArgumentParser */; }; 76319369287D24F600D36BF7 /* ArgumentParser in Frameworks */ = {isa = PBXBuildFile; productRef = 76319368287D24F600D36BF7 /* ArgumentParser */; }; 7631936C287D29B700D36BF7 /* AuthorizationDBManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */; }; 7631936D287D2A6200D36BF7 /* LoggerHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EECCFF2875135900483C66 /* LoggerHelper.swift */; }; 7631936E287D2AB100D36BF7 /* TCSUnifiedLogger.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADF9284EB15000332EBC /* TCSUnifiedLogger.m */; }; 76319370287DE24D00D36BF7 /* NSFileManager+TCSRealHomeFolder.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADFC284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m */; }; 76319373287E18BF00D36BF7 /* DataExtension.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632909B2876673500CF8857 /* DataExtension.swift */; }; 76319374287E198C00D36BF7 /* XCredsLoginPlugin.bundle in Resources */ = {isa = PBXBuildFile; fileRef = 766355BD2870CA6A002E3867 /* XCredsLoginPlugin.bundle */; }; 76319377287E1FAF00D36BF7 /* authrights in Resources */ = {isa = PBXBuildFile; fileRef = 7631935D287D22C700D36BF7 /* authrights */; }; 7632909D2876674100CF8857 /* DataExtension.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632909B2876673500CF8857 /* DataExtension.swift */; }; 7632E39F287347C100E37923 /* XCredsKeychainAdd.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632E39E287347C100E37923 /* XCredsKeychainAdd.swift */; }; 7632E3A12873497C00E37923 /* LogShim.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632E3A02873497C00E37923 /* LogShim.swift */; }; 7632E3A2287357CC00E37923 /* TokenManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AB27FD1D92009E0F3A /* TokenManager.swift */; }; 7632E3A32873581100E37923 /* KeychainUtil.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116B2284B045800CCD6FF /* KeychainUtil.swift */; }; 76342E5A2B282653007D4F29 /* DesktopLoginWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76342E592B282653007D4F29 /* DesktopLoginWindowController.swift */; }; 763DDF1A2B4F1DD4000D48CC /* GSS.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 763DDF192B4F1DD4000D48CC /* GSS.framework */; }; 764859F22B2FA2E800507C16 /* Window+ForceToFront.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AF27FD1DD8009E0F3A /* Window+ForceToFront.swift */; }; 7649056F2B6CADA9008B552F /* xcredsmenuItemWindowBackgroundImage.png in Resources */ = {isa = PBXBuildFile; fileRef = 7649056E2B6CADA9008B552F /* xcredsmenuItemWindowBackgroundImage.png */; }; 764D8126284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 764D8124284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.swift */; }; 764D8127284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 764D8125284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.xib */; }; 764D8129284BCAB100B3EE54 /* Window+Shake.swift in Sources */ = {isa = PBXBuildFile; fileRef = 764D8128284BCAB100B3EE54 /* Window+Shake.swift */; }; 764D812C284BCC7400B3EE54 /* VerifyOIDCPasswordWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 764D812A284BCC7400B3EE54 /* VerifyOIDCPasswordWindowController.swift */; }; 764D812D284BCC7400B3EE54 /* VerifyOIDCPassword.xib in Resources */ = {isa = PBXBuildFile; fileRef = 764D812B284BCC7400B3EE54 /* VerifyOIDCPassword.xib */; }; 764D812F284C06AB00B3EE54 /* defaults.plist in Resources */ = {isa = PBXBuildFile; fileRef = 764D812E284C06AB00B3EE54 /* defaults.plist */; }; 764D8133284D14A500B3EE54 /* Credits.txt in Resources */ = {isa = PBXBuildFile; fileRef = 764D8132284D14A500B3EE54 /* Credits.txt */; }; 7651EDED2A1451590075980B /* LocalUsersViewController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 7651EDEC2A1451590075980B /* LocalUsersViewController.xib */; }; 7651EDF72A1474330075980B /* LoginWebViewController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 7651EDF62A1474330075980B /* LoginWebViewController.xib */; }; 7657DEAF2B3503BF003A23DB /* SessionManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEAE2B3503BF003A23DB /* SessionManager.swift */; }; 7657DEB02B3503BF003A23DB /* SessionManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEAE2B3503BF003A23DB /* SessionManager.swift */; }; 7657DEB32B350476003A23DB /* NoMADSession.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEB22B350476003A23DB /* NoMADSession.swift */; }; 7657DEB42B350476003A23DB /* NoMADSession.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEB22B350476003A23DB /* NoMADSession.swift */; }; 7657DEB62B3504A6003A23DB /* UserRecord.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEB52B3504A6003A23DB /* UserRecord.swift */; }; 7657DEB72B3504A6003A23DB /* UserRecord.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEB52B3504A6003A23DB /* UserRecord.swift */; }; 7657DEBC2B35055F003A23DB /* Logger.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEBB2B35055F003A23DB /* Logger.swift */; }; 7657DEBD2B35055F003A23DB /* Logger.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEBB2B35055F003A23DB /* Logger.swift */; }; 7657DEC02B3505A3003A23DB /* DNSResolver.m in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEBE2B3505A3003A23DB /* DNSResolver.m */; }; 7657DEC32B3505CB003A23DB /* ADLDAPPing.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEC22B3505CB003A23DB /* ADLDAPPing.swift */; }; 7657DEC42B3505CB003A23DB /* ADLDAPPing.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEC22B3505CB003A23DB /* ADLDAPPing.swift */; }; 7657DEC62B3505EB003A23DB /* Extensions.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEC52B3505EB003A23DB /* Extensions.swift */; }; 7657DEC72B3505EB003A23DB /* Extensions.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEC52B3505EB003A23DB /* Extensions.swift */; }; 7657DEC92B350606003A23DB /* KlistUtil.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEC82B350606003A23DB /* KlistUtil.swift */; }; 7657DECC2B35061E003A23DB /* SiteManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DECB2B35061E003A23DB /* SiteManager.swift */; }; 7657DECD2B35061E003A23DB /* SiteManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DECB2B35061E003A23DB /* SiteManager.swift */; }; 7657DED92B351B5B003A23DB /* UNIXUtilities.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DED82B351B5B003A23DB /* UNIXUtilities.swift */; }; 7657DEDA2B351B5B003A23DB /* UNIXUtilities.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DED82B351B5B003A23DB /* UNIXUtilities.swift */; }; 7659CA07298E1BB6005D1AA3 /* DefaultBackground.png in Resources */ = {isa = PBXBuildFile; fileRef = 7659CA06298E1BB6005D1AA3 /* DefaultBackground.png */; }; 766355C32870CB6F002E3867 /* XCredsLoginPlugin.m in Sources */ = {isa = PBXBuildFile; fileRef = 766355C22870CB6F002E3867 /* XCredsLoginPlugin.m */; }; 766355CA2870DCF5002E3867 /* TCSUnifiedLogger.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADF9284EB15000332EBC /* TCSUnifiedLogger.m */; }; 766355CB2870E5E9002E3867 /* NSFileManager+TCSRealHomeFolder.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADFC284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m */; }; 766355CC2870E9AD002E3867 /* WebViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06B327FD1E5F009E0F3A /* WebViewController.swift */; }; 766355CE2870E9D3002E3867 /* OIDCLite in Frameworks */ = {isa = PBXBuildFile; productRef = 766355CD2870E9D3002E3867 /* OIDCLite */; }; 766355CF2870E9E7002E3867 /* PrefKeys.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AD27FD1DC3009E0F3A /* PrefKeys.swift */; }; 766355D12870EBAD002E3867 /* VerifyOIDCPassword.xib in Resources */ = {isa = PBXBuildFile; fileRef = 764D812B284BCC7400B3EE54 /* VerifyOIDCPassword.xib */; }; 766355D42870F29A002E3867 /* TestWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766355D22870F29A002E3867 /* TestWindowController.swift */; }; 766355D52870F29A002E3867 /* TestWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 766355D32870F29A002E3867 /* TestWindowController.xib */; }; 766355D928711C51002E3867 /* defaults.plist in Resources */ = {isa = PBXBuildFile; fileRef = 764D812E284C06AB00B3EE54 /* defaults.plist */; }; 766355DB287132E9002E3867 /* LoginWebViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766355DA287132E9002E3867 /* LoginWebViewController.swift */; }; 766355DC287133C7002E3867 /* WebViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06B327FD1E5F009E0F3A /* WebViewController.swift */; }; 766355E328713C4A002E3867 /* LoginWindow.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766355E128713C47002E3867 /* LoginWindow.swift */; }; 766355E5287148C1002E3867 /* Tokens.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766355E4287148C1002E3867 /* Tokens.swift */; }; 766355E6287148C1002E3867 /* Tokens.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766355E4287148C1002E3867 /* Tokens.swift */; }; 76673CD229D3CFF900452848 /* errorpage.html in Resources */ = {isa = PBXBuildFile; fileRef = 766CC43729D3AED2009BC526 /* errorpage.html */; }; 76673CD529D3D5F500452848 /* LicenseChecker.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76673CD429D3D5F500452848 /* LicenseChecker.swift */; }; 76673CD629D3D5F500452848 /* LicenseChecker.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76673CD429D3D5F500452848 /* LicenseChecker.swift */; }; 766CC42829D3A3DC009BC526 /* ProductLicense.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42229D3A321009BC526 /* ProductLicense.framework */; }; 766CC42929D3A3DC009BC526 /* ProductLicense.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42229D3A321009BC526 /* ProductLicense.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; }; 766CC42A29D3A3DC009BC526 /* Paddle.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42129D3A320009BC526 /* Paddle.framework */; }; 766CC42B29D3A3DC009BC526 /* Paddle.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42129D3A320009BC526 /* Paddle.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; }; 766CC42D29D3A3EC009BC526 /* ProductLicense.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42229D3A321009BC526 /* ProductLicense.framework */; }; 766CC42E29D3A3EC009BC526 /* ProductLicense.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42229D3A321009BC526 /* ProductLicense.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; }; 766CC42F29D3A3EC009BC526 /* Paddle.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42129D3A320009BC526 /* Paddle.framework */; }; 766CC43029D3A3EC009BC526 /* Paddle.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42129D3A320009BC526 /* Paddle.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; }; 766CC43229D3A3F8009BC526 /* ProductLicense.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42229D3A321009BC526 /* ProductLicense.framework */; }; 766CC43329D3A3F8009BC526 /* ProductLicense.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42229D3A321009BC526 /* ProductLicense.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; }; 766CC43429D3A3F8009BC526 /* Paddle.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42129D3A320009BC526 /* Paddle.framework */; }; 766CC43529D3A3F8009BC526 /* Paddle.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42129D3A320009BC526 /* Paddle.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; }; 766CC43829D3AED2009BC526 /* errorpage.html in Resources */ = {isa = PBXBuildFile; fileRef = 766CC43729D3AED2009BC526 /* errorpage.html */; }; 766F4C4B2883AFD90021F548 /* pleaseWaitGraphic.png in Resources */ = {isa = PBXBuildFile; fileRef = 766F4C4A2883AFD90021F548 /* pleaseWaitGraphic.png */; }; 766FD60D2A1B06AC00C8F244 /* DefaultsOverride.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766FD60C2A1B06AC00C8F244 /* DefaultsOverride.swift */; }; 767116A7284AABC500CCD6FF /* NotifyManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116A6284AABC500CCD6FF /* NotifyManager.swift */; }; 767116A9284AAE2B00CCD6FF /* ScheduleManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116A8284AAE2B00CCD6FF /* ScheduleManager.swift */; }; 767116AC284AB4C000CCD6FF /* PasswordUtils.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116AB284AB4C000CCD6FF /* PasswordUtils.swift */; }; 767116B1284B021500CCD6FF /* MainController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116B0284B021500CCD6FF /* MainController.swift */; }; 767116B3284B045800CCD6FF /* KeychainUtil.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116B2284B045800CCD6FF /* KeychainUtil.swift */; }; 7677908628908E40004E7085 /* WifiWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7677908328908E40004E7085 /* WifiWindowController.swift */; }; 7677908728908E40004E7085 /* WifiManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7677908428908E40004E7085 /* WifiManager.swift */; }; 7677908828908E40004E7085 /* WifiWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 7677908528908E40004E7085 /* WifiWindowController.xib */; }; 76786F562A27C36A00AA8DB9 /* main.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76786F552A27C36A00AA8DB9 /* main.swift */; }; 76786F5A2A27C37100AA8DB9 /* AuthRightsHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76786F4E2A27C31400AA8DB9 /* AuthRightsHelper.swift */; }; 76786F5B2A27C38800AA8DB9 /* AuthorizationDBManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */; }; 76786F5D2A27C3B300AA8DB9 /* TCSUnifiedLogger.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADF9284EB15000332EBC /* TCSUnifiedLogger.m */; }; 76786F5E2A27C60800AA8DB9 /* LoggerHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EECCFF2875135900483C66 /* LoggerHelper.swift */; }; 76786F662A27C62D00AA8DB9 /* main.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76786F652A27C62D00AA8DB9 /* main.swift */; }; 76786F6B2A27C79100AA8DB9 /* NSFileManager+TCSRealHomeFolder.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADFC284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m */; }; 767B939C2A28279E0038935E /* View+Shake.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767B939B2A28279E0038935E /* View+Shake.swift */; }; 767B939D2A28289E0038935E /* View+Shake.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767B939B2A28279E0038935E /* View+Shake.swift */; }; 767C42842AC6645700542099 /* AuthRightsHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76786F4E2A27C31400AA8DB9 /* AuthRightsHelper.swift */; }; 767CB2D02B13B92B006CA2AC /* OpenDirectory.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 767CB2CF2B13B92B006CA2AC /* OpenDirectory.framework */; }; 7681FEC52A4C8B9000F91CD1 /* AboutWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7681FEC42A4C8B9000F91CD1 /* AboutWindowController.swift */; }; 7681FEC72A4C8BC800F91CD1 /* AboutWindow.xib in Resources */ = {isa = PBXBuildFile; fileRef = 7681FEC62A4C8BC800F91CD1 /* AboutWindow.xib */; }; 7681FEC92A4CFEA200F91CD1 /* com.twocanoes.xcreds.plist in Resources */ = {isa = PBXBuildFile; fileRef = 7681FEC82A4CFEA200F91CD1 /* com.twocanoes.xcreds.plist */; }; 7683973129A854EC003D9B9F /* NSImage+String.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7683973029A854EC003D9B9F /* NSImage+String.swift */; }; 7683973229A854EC003D9B9F /* NSImage+String.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7683973029A854EC003D9B9F /* NSImage+String.swift */; }; 768633D92AFC4908004065E5 /* WifiManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7677908428908E40004E7085 /* WifiManager.swift */; }; 76873E2F2A107736001418A9 /* DefaultsHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76873E2E2A107736001418A9 /* DefaultsHelper.swift */; }; 76873E302A107736001418A9 /* DefaultsHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76873E2E2A107736001418A9 /* DefaultsHelper.swift */; }; 76A8A4E32A0DF7C700AA6054 /* NSTaskWrapper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F528724FA80013E2A1 /* NSTaskWrapper.swift */; }; 76AB89E12A12FAF900529D90 /* OIDCLite in Frameworks */ = {isa = PBXBuildFile; productRef = 76AB89E02A12FAF900529D90 /* OIDCLite */; }; 76AB89E32A12FB4900529D90 /* ArgumentParser in Frameworks */ = {isa = PBXBuildFile; productRef = 76AB89E22A12FB4900529D90 /* ArgumentParser */; }; 76B040A428EFC788002A289B /* Helper+JWTDecode.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76B040A328EFC788002A289B /* Helper+JWTDecode.swift */; }; 76B040A528EFC788002A289B /* Helper+JWTDecode.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76B040A328EFC788002A289B /* Helper+JWTDecode.swift */; }; 76B882AA29CCFD7A00BB8186 /* TCSKeychain.m in Sources */ = {isa = PBXBuildFile; fileRef = 76B882A829CCFD7900BB8186 /* TCSKeychain.m */; }; 76B882AB29CCFD7A00BB8186 /* TCSKeychain.m in Sources */ = {isa = PBXBuildFile; fileRef = 76B882A829CCFD7900BB8186 /* TCSKeychain.m */; }; 76B882AE29CCFDAE00BB8186 /* NSData+SHA1.m in Sources */ = {isa = PBXBuildFile; fileRef = 76B882AC29CCFDAE00BB8186 /* NSData+SHA1.m */; }; 76B882AF29CCFDAE00BB8186 /* NSData+SHA1.m in Sources */ = {isa = PBXBuildFile; fileRef = 76B882AC29CCFDAE00BB8186 /* NSData+SHA1.m */; }; 76B882B229CCFDBA00BB8186 /* NSData+HexString.m in Sources */ = {isa = PBXBuildFile; fileRef = 76B882B029CCFDBA00BB8186 /* NSData+HexString.m */; }; 76B882B329CCFDBA00BB8186 /* NSData+HexString.m in Sources */ = {isa = PBXBuildFile; fileRef = 76B882B029CCFDBA00BB8186 /* NSData+HexString.m */; }; 76BEF7DD2871F5F00013E2A1 /* TCSReturnWindow.m in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7DB2871F5F00013E2A1 /* TCSReturnWindow.m */; }; 76BEF7E12871F74D0013E2A1 /* ControlsViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7E02871F74D0013E2A1 /* ControlsViewController.swift */; }; 76BEF7E4287202090013E2A1 /* RestartX.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7E2287202080013E2A1 /* RestartX.png */; }; 76BEF7E5287202090013E2A1 /* RestartX@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7E3287202080013E2A1 /* RestartX@2x.png */; }; 76BEF7E8287202AF0013E2A1 /* ShutdownX.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7E6287202AF0013E2A1 /* ShutdownX.png */; }; 76BEF7E9287202AF0013E2A1 /* ShutdownX@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7E7287202AF0013E2A1 /* ShutdownX@2x.png */; }; 76BEF7EC28724A0B0013E2A1 /* XCredsLoginMechanism.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7EA28724A0B0013E2A1 /* XCredsLoginMechanism.swift */; }; 76BEF7ED28724A0C0013E2A1 /* XCredsBaseMechanism.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7EB28724A0B0013E2A1 /* XCredsBaseMechanism.swift */; }; 76BEF7F328724F120013E2A1 /* XCredsPowerControlMechanism.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F228724F120013E2A1 /* XCredsPowerControlMechanism.swift */; }; 76BEF7F628724FA80013E2A1 /* NSTaskWrapper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F528724FA80013E2A1 /* NSTaskWrapper.swift */; }; 76BEF7F82872504C0013E2A1 /* ContextAndHintHandling.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F72872504C0013E2A1 /* ContextAndHintHandling.swift */; }; 76BEF7FA28726C700013E2A1 /* AuthorizationDBManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */; }; 76BEF8002872A3030013E2A1 /* loginwindow@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7FE2872A3030013E2A1 /* loginwindow@2x.png */; }; 76BEF8012872A3030013E2A1 /* loginwindow.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7FF2872A3030013E2A1 /* loginwindow.png */; }; 76C0840B2A9A311E008039FA /* ControlsViewController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76C084092A9A2635008039FA /* ControlsViewController.xib */; }; 76C4BAB02B353A30007B2C57 /* KlistUtil.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEC82B350606003A23DB /* KlistUtil.swift */; }; 76C4BAB12B353A3A007B2C57 /* DNSResolver.m in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEBE2B3505A3003A23DB /* DNSResolver.m */; }; 76C4BAB32B353AD7007B2C57 /* libresolv.tbd in Frameworks */ = {isa = PBXBuildFile; fileRef = 76C4BAB22B353AD7007B2C57 /* libresolv.tbd */; }; 76C4BAB42B353ADD007B2C57 /* libresolv.tbd in Frameworks */ = {isa = PBXBuildFile; fileRef = 76C4BAB22B353AD7007B2C57 /* libresolv.tbd */; }; 76C4BAB62B353AF7007B2C57 /* Kerberos.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 76C4BAB52B353AF7007B2C57 /* Kerberos.framework */; }; 76C4BAB72B353AFD007B2C57 /* Kerberos.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 76C4BAB52B353AF7007B2C57 /* Kerberos.framework */; }; 76C4BABC2B3544C6007B2C57 /* UNIXUtilities.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DED82B351B5B003A23DB /* UNIXUtilities.swift */; }; 76C63A322A22872700810C53 /* History.md in Resources */ = {isa = PBXBuildFile; fileRef = 76C63A312A22872700810C53 /* History.md */; }; 76CB9077287FBEEA00C70D0C /* Helper+URLDecode.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76CB9076287FBEEA00C70D0C /* Helper+URLDecode.swift */; }; 76CB9078287FBEEA00C70D0C /* Helper+URLDecode.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76CB9076287FBEEA00C70D0C /* Helper+URLDecode.swift */; }; 76CB907B2880E41E00C70D0C /* LogShim.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632E3A02873497C00E37923 /* LogShim.swift */; }; 76CB907E288112C200C70D0C /* xcreds_login.sh in Resources */ = {isa = PBXBuildFile; fileRef = 76CB907C288112AF00C70D0C /* xcreds_login.sh */; }; 76CCF5442B12E478003F85E9 /* SelectLocalAccountWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76CCF5422B12E478003F85E9 /* SelectLocalAccountWindowController.swift */; }; 76CCF5452B12E478003F85E9 /* SelectLocalAccountWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76CCF5432B12E478003F85E9 /* SelectLocalAccountWindowController.xib */; }; 76D1756A2B23C28700E64A62 /* MainLoginWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76FDC5D52B22D47A0035D61E /* MainLoginWindowController.xib */; }; 76D175712B23C2DB00E64A62 /* AuthorizationDBManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */; }; 76D175742B23C57500E64A62 /* LocalUsersViewController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 7651EDEC2A1451590075980B /* LocalUsersViewController.xib */; }; 76D175772B23C62A00E64A62 /* UpdatePasswordWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76E466642B1A4C16006529B6 /* UpdatePasswordWindowController.swift */; }; 76D1757E2B24096C00E64A62 /* MainLoginWindow.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76D1757D2B24096C00E64A62 /* MainLoginWindow.swift */; }; 76D4726D2B43B8FB0064380C /* TCTaskWrapperWithBlocks.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D4726C2B43B8FB0064380C /* TCTaskWrapperWithBlocks.m */; }; 76D4726E2B43B8FB0064380C /* TCTaskWrapperWithBlocks.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D4726C2B43B8FB0064380C /* TCTaskWrapperWithBlocks.m */; }; 76D7ADFB284EB15100332EBC /* TCSUnifiedLogger.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADF9284EB15000332EBC /* TCSUnifiedLogger.m */; }; 76D7ADFE284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADFC284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m */; }; 76D925D32894ADB4005C3245 /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 76EE069F27FD1D01009E0F3A /* Assets.xcassets */; }; 76DB5CF42A09AE9A0014F8E1 /* get_pw.js in Resources */ = {isa = PBXBuildFile; fileRef = 76DB5CF32A09AE9A0014F8E1 /* get_pw.js */; }; 76DB5CF52A09AE9A0014F8E1 /* get_pw.js in Resources */ = {isa = PBXBuildFile; fileRef = 76DB5CF32A09AE9A0014F8E1 /* get_pw.js */; }; 76DC0A6828836EB1007C42B2 /* AppDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76DC0A6728836EB1007C42B2 /* AppDelegate.swift */; }; 76DC0A6A28836EB2007C42B2 /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 76DC0A6928836EB2007C42B2 /* Assets.xcassets */; }; 76DC0A6D28836EB2007C42B2 /* MainMenu.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76DC0A6B28836EB2007C42B2 /* MainMenu.xib */; }; 76DC0A7328836EFE007C42B2 /* TCSReturnWindow.m in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7DB2871F5F00013E2A1 /* TCSReturnWindow.m */; }; 76DC0A7428836F45007C42B2 /* RestartX@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7E3287202080013E2A1 /* RestartX@2x.png */; }; 76DC0A79288370BA007C42B2 /* com.twocanoes.xcreds-overlay.plist in Resources */ = {isa = PBXBuildFile; fileRef = 76DC0A78288370BA007C42B2 /* com.twocanoes.xcreds-overlay.plist */; }; 76DC0A7C28837158007C42B2 /* XCreds Login Overlay.app in Resources */ = {isa = PBXBuildFile; fileRef = 76DC0A6528836EB1007C42B2 /* XCreds Login Overlay.app */; }; 76DC0A7E288376BC007C42B2 /* TCSXCredsLoginOverlayWindow.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76DC0A7D288376BC007C42B2 /* TCSXCredsLoginOverlayWindow.swift */; }; 76DC0A83288382D2007C42B2 /* returnArrow.png in Resources */ = {isa = PBXBuildFile; fileRef = 76DC0A7628837028007C42B2 /* returnArrow.png */; }; 76DC0A8428838375007C42B2 /* AuthorizationDBManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */; }; 76DC0A8528838467007C42B2 /* LoggerHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EECCFF2875135900483C66 /* LoggerHelper.swift */; }; 76DC0A8628838656007C42B2 /* TCSUnifiedLogger.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADF9284EB15000332EBC /* TCSUnifiedLogger.m */; }; 76DC0A87288386FA007C42B2 /* NSTaskWrapper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F528724FA80013E2A1 /* NSTaskWrapper.swift */; }; 76DC0A88288387D8007C42B2 /* NSFileManager+TCSRealHomeFolder.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADFC284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m */; }; 76DD6D17285997F300A700ED /* OIDCLite in Frameworks */ = {isa = PBXBuildFile; productRef = 76DD6D16285997F300A700ED /* OIDCLite */; }; 76DF1D5B2A2AD42C00770690 /* LocalCheckAndMigrate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418DA2A13328C0051411B /* LocalCheckAndMigrate.swift */; }; 76DF50B62A1C5EFF007BC708 /* DefaultsOverride.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766FD60C2A1B06AC00C8F244 /* DefaultsOverride.swift */; }; 76DF7FD52B50FA9A00B3B543 /* UpdatePasswordWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76E466652B1A4C16006529B6 /* UpdatePasswordWindowController.xib */; }; 76E466662B1A4C16006529B6 /* UpdatePasswordWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76E466642B1A4C16006529B6 /* UpdatePasswordWindowController.swift */; }; 76E466672B1A4C16006529B6 /* UpdatePasswordWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76E466652B1A4C16006529B6 /* UpdatePasswordWindowController.xib */; }; 76E74DCF2B3902F0004C6429 /* XCredsMechanismProtocol.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76E74DCE2B3902F0004C6429 /* XCredsMechanismProtocol.swift */; }; 76E74DD02B3902F0004C6429 /* XCredsMechanismProtocol.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76E74DCE2B3902F0004C6429 /* XCredsMechanismProtocol.swift */; }; 76E74DD12B390327004C6429 /* ContextAndHintHandling.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F72872504C0013E2A1 /* ContextAndHintHandling.swift */; }; 76E74DD22B39034B004C6429 /* SelectLocalAccountWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76CCF5422B12E478003F85E9 /* SelectLocalAccountWindowController.swift */; }; 76E74DD32B390358004C6429 /* LoginWebViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766355DA287132E9002E3867 /* LoginWebViewController.swift */; }; 76E74DD42B39037A004C6429 /* LoginProgressWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 761B486828A34CC900C6A02B /* LoginProgressWindowController.swift */; }; 76E9CE702A0DC6E30060220C /* TCSLoginWindowUtilities.m in Sources */ = {isa = PBXBuildFile; fileRef = 76E9CE6F2A0DC6E30060220C /* TCSLoginWindowUtilities.m */; }; 76EE069E27FD1D00009E0F3A /* AppDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE069D27FD1D00009E0F3A /* AppDelegate.swift */; }; 76EE06A027FD1D01009E0F3A /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 76EE069F27FD1D01009E0F3A /* Assets.xcassets */; }; 76EE06A327FD1D01009E0F3A /* MainMenu.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76EE06A127FD1D01009E0F3A /* MainMenu.xib */; }; 76EE06AC27FD1D92009E0F3A /* TokenManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AB27FD1D92009E0F3A /* TokenManager.swift */; }; 76EE06AE27FD1DC3009E0F3A /* PrefKeys.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AD27FD1DC3009E0F3A /* PrefKeys.swift */; }; 76EE06B027FD1DD8009E0F3A /* Window+ForceToFront.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AF27FD1DD8009E0F3A /* Window+ForceToFront.swift */; }; 76EE06B227FD1E24009E0F3A /* DesktopLoginWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76EE06B127FD1E24009E0F3A /* DesktopLoginWindowController.xib */; }; 76EE06B627FD1E79009E0F3A /* PreferencesWindow.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76EE06B527FD1E79009E0F3A /* PreferencesWindow.xib */; }; 76EE06B827FD1EB7009E0F3A /* PreferencesWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06B727FD1EB7009E0F3A /* PreferencesWindowController.swift */; }; 76EE06C227FD1F50009E0F3A /* StatusMenuController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06C127FD1F50009E0F3A /* StatusMenuController.swift */; }; 76EECCFB2873DFFB00483C66 /* PasswordUtils.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116AB284AB4C000CCD6FF /* PasswordUtils.swift */; }; 76EECCFC2873E6E200483C66 /* VerifyLocalPasswordWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 764D8125284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.xib */; }; 76EECCFD2873E9ED00483C66 /* VerifyLocalPasswordWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 764D8124284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.swift */; }; 76EECCFE2873EA6500483C66 /* Window+Shake.swift in Sources */ = {isa = PBXBuildFile; fileRef = 764D8128284BCAB100B3EE54 /* Window+Shake.swift */; }; 76EECD002875135900483C66 /* LoggerHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EECCFF2875135900483C66 /* LoggerHelper.swift */; }; 76EECD012875135900483C66 /* LoggerHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EECCFF2875135900483C66 /* LoggerHelper.swift */; }; 76EECD0228752C1F00483C66 /* LoginWindow.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766355E128713C47002E3867 /* LoginWindow.swift */; }; 76EECD0428753C7F00483C66 /* String+Base64URLEncoded.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EECD0328753C7F00483C66 /* String+Base64URLEncoded.swift */; }; 76EECD0528753C7F00483C66 /* String+Base64URLEncoded.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EECD0328753C7F00483C66 /* String+Base64URLEncoded.swift */; }; 76F0B6E02B421FC8008F7D71 /* loadpage.html in Resources */ = {isa = PBXBuildFile; fileRef = 7613FDF6289E114F00340CCD /* loadpage.html */; }; 76FDC5D62B22D47A0035D61E /* MainLoginWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76FDC5D42B22D47A0035D61E /* MainLoginWindowController.swift */; }; 76FDC5D72B22D47A0035D61E /* MainLoginWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76FDC5D52B22D47A0035D61E /* MainLoginWindowController.xib */; }; 76FDC5DA2B235A4F0035D61E /* StatusMenuWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76FDC5D82B235A4F0035D61E /* StatusMenuWindowController.swift */; }; 76FDC5DB2B235A4F0035D61E /* StatusMenuWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76FDC5D92B235A4F0035D61E /* StatusMenuWindowController.xib */; }; /* End PBXBuildFile section */ /* Begin PBXContainerItemProxy section */ 76319375287E19A500D36BF7 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 76EE069227FD1D00009E0F3A /* Project object */; proxyType = 1; remoteGlobalIDString = 766355BC2870CA6A002E3867; remoteInfo = XCredsLoginPlugin; }; 76319378287E204500D36BF7 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 76EE069227FD1D00009E0F3A /* Project object */; proxyType = 1; remoteGlobalIDString = 7631935C287D22C700D36BF7; remoteInfo = authrights; }; 76DC0A7A28837152007C42B2 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 76EE069227FD1D00009E0F3A /* Project object */; proxyType = 1; remoteGlobalIDString = 76DC0A6428836EB1007C42B2; remoteInfo = "XCreds Login Overlay"; }; /* End PBXContainerItemProxy section */ /* Begin PBXCopyFilesBuildPhase section */ 7631935B287D22C700D36BF7 /* CopyFiles */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; dstPath = /usr/share/man/man1/; dstSubfolderSpec = 0; files = ( ); runOnlyForDeploymentPostprocessing = 1; }; 766CC42C29D3A3DC009BC526 /* Embed Frameworks */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; dstPath = ""; dstSubfolderSpec = 10; files = ( 766CC42B29D3A3DC009BC526 /* Paddle.framework in Embed Frameworks */, 766CC42929D3A3DC009BC526 /* ProductLicense.framework in Embed Frameworks */, ); name = "Embed Frameworks"; runOnlyForDeploymentPostprocessing = 0; }; 766CC43129D3A3EC009BC526 /* Embed Frameworks */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; dstPath = ""; dstSubfolderSpec = 10; files = ( 766CC43029D3A3EC009BC526 /* Paddle.framework in Embed Frameworks */, 766CC42E29D3A3EC009BC526 /* ProductLicense.framework in Embed Frameworks */, ); name = "Embed Frameworks"; runOnlyForDeploymentPostprocessing = 0; }; 766CC43629D3A3F8009BC526 /* Embed Frameworks */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; dstPath = ""; dstSubfolderSpec = 10; files = ( 766CC43529D3A3F8009BC526 /* Paddle.framework in Embed Frameworks */, 766CC43329D3A3F8009BC526 /* ProductLicense.framework in Embed Frameworks */, ); name = "Embed Frameworks"; runOnlyForDeploymentPostprocessing = 0; }; 76786F512A27C36A00AA8DB9 /* CopyFiles */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; dstPath = /usr/share/man/man1/; dstSubfolderSpec = 0; files = ( ); runOnlyForDeploymentPostprocessing = 1; }; 76786F612A27C62D00AA8DB9 /* CopyFiles */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; dstPath = /usr/share/man/man1/; dstSubfolderSpec = 0; files = ( ); runOnlyForDeploymentPostprocessing = 1; }; /* End PBXCopyFilesBuildPhase section */ /* Begin PBXFileReference section */ 089B22F02AFAED280006B6BC /* NetworkMonitor.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; name = NetworkMonitor.swift; path = XCredsLoginPlugIn/LoginWindow/NetworkMonitor.swift; sourceTree = SOURCE_ROOT; }; 760148A82B23639D00E119A2 /* NSBundle+FindBundlePath.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "NSBundle+FindBundlePath.swift"; sourceTree = ""; }; 760418CE2A1332210051411B /* SignIn.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; path = SignIn.xib; sourceTree = ""; }; 760418CF2A1332210051411B /* SignInWindowController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = SignInWindowController.swift; sourceTree = ""; }; 760418D42A1332520051411B /* DS+AD.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "DS+AD.swift"; sourceTree = ""; }; 760418D62A1332660051411B /* DSQueryable.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = DSQueryable.swift; sourceTree = ""; }; 760418D82A1332770051411B /* SystemInfoHelper.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = SystemInfoHelper.swift; sourceTree = ""; }; 760418DA2A13328C0051411B /* LocalCheckAndMigrate.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = LocalCheckAndMigrate.swift; sourceTree = ""; }; 760418DC2A1334210051411B /* NoLoMechanism.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = NoLoMechanism.swift; sourceTree = ""; }; 760418DE2A1334D00051411B /* CheckAD.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = CheckAD.swift; sourceTree = ""; }; 7611CEBF288B75140063A644 /* XCredsCreateUser.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = XCredsCreateUser.swift; sourceTree = ""; }; 7611CEC1288B96760063A644 /* XCredsEnableFDE.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = XCredsEnableFDE.swift; sourceTree = ""; }; 7613FDF6289E114F00340CCD /* loadpage.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = loadpage.html; sourceTree = ""; }; 7614D03B2B181A5D006EAF36 /* icon_128x128.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; name = icon_128x128.png; path = XCreds/Assets.xcassets/AppIcon.appiconset/icon_128x128.png; sourceTree = ""; }; 761B486728A34CC900C6A02B /* LoginProgressWindowController.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; name = LoginProgressWindowController.xib; path = XCredsLoginPlugIn/LoginProgressWindowController.xib; sourceTree = SOURCE_ROOT; }; 761B486828A34CC900C6A02B /* LoginProgressWindowController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; name = LoginProgressWindowController.swift; path = XCredsLoginPlugIn/LoginProgressWindowController.swift; sourceTree = SOURCE_ROOT; }; 761B486B28A3575000C6A02B /* XCredsLoginDone.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = XCredsLoginDone.swift; sourceTree = ""; }; 7631935D287D22C700D36BF7 /* authrights */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = authrights; sourceTree = BUILT_PRODUCTS_DIR; }; 7631935F287D22C700D36BF7 /* authrights.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = authrights.swift; sourceTree = ""; }; 7632909B2876673500CF8857 /* DataExtension.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = DataExtension.swift; sourceTree = ""; }; 7632E39E287347C100E37923 /* XCredsKeychainAdd.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = XCredsKeychainAdd.swift; sourceTree = ""; }; 7632E3A02873497C00E37923 /* LogShim.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = LogShim.swift; path = Mechanisms/LogShim.swift; sourceTree = ""; }; 76342E592B282653007D4F29 /* DesktopLoginWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = DesktopLoginWindowController.swift; sourceTree = ""; }; 763DDF152B4F100D000D48CC /* ShareMounterMenu.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ShareMounterMenu.swift; sourceTree = ""; }; 763DDF192B4F1DD4000D48CC /* GSS.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = GSS.framework; path = System/Library/Frameworks/GSS.framework; sourceTree = SDKROOT; }; 7649056E2B6CADA9008B552F /* xcredsmenuItemWindowBackgroundImage.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = xcredsmenuItemWindowBackgroundImage.png; sourceTree = ""; }; 764D8124284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = VerifyLocalPasswordWindowController.swift; sourceTree = ""; }; 764D8125284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = VerifyLocalPasswordWindowController.xib; sourceTree = ""; }; 764D8128284BCAB100B3EE54 /* Window+Shake.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "Window+Shake.swift"; sourceTree = ""; }; 764D812A284BCC7400B3EE54 /* VerifyOIDCPasswordWindowController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = VerifyOIDCPasswordWindowController.swift; sourceTree = ""; }; 764D812B284BCC7400B3EE54 /* VerifyOIDCPassword.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; path = VerifyOIDCPassword.xib; sourceTree = ""; }; 764D812E284C06AB00B3EE54 /* defaults.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = defaults.plist; sourceTree = ""; }; 764D8132284D14A500B3EE54 /* Credits.txt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = Credits.txt; sourceTree = ""; }; 7651EDEC2A1451590075980B /* LocalUsersViewController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = LocalUsersViewController.xib; sourceTree = ""; }; 7651EDF62A1474330075980B /* LoginWebViewController.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; path = LoginWebViewController.xib; sourceTree = ""; }; 7657DEAE2B3503BF003A23DB /* SessionManager.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = SessionManager.swift; sourceTree = ""; }; 7657DEB22B350476003A23DB /* NoMADSession.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = NoMADSession.swift; sourceTree = ""; }; 7657DEB52B3504A6003A23DB /* UserRecord.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = UserRecord.swift; sourceTree = ""; }; 7657DEBB2B35055F003A23DB /* Logger.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = Logger.swift; sourceTree = ""; }; 7657DEBE2B3505A3003A23DB /* DNSResolver.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = DNSResolver.m; sourceTree = ""; }; 7657DEBF2B3505A3003A23DB /* DNSResolver.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DNSResolver.h; sourceTree = ""; }; 7657DEC22B3505CB003A23DB /* ADLDAPPing.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ADLDAPPing.swift; sourceTree = ""; }; 7657DEC52B3505EB003A23DB /* Extensions.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = Extensions.swift; sourceTree = ""; }; 7657DEC82B350606003A23DB /* KlistUtil.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = KlistUtil.swift; sourceTree = ""; }; 7657DECB2B35061E003A23DB /* SiteManager.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = SiteManager.swift; sourceTree = ""; }; 7657DED22B350644003A23DB /* GSSItem.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = GSSItem.h; sourceTree = ""; }; 7657DED32B35064E003A23DB /* krb5.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = krb5.h; sourceTree = ""; }; 7657DED52B351A67003A23DB /* KerbUtil.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = KerbUtil.h; sourceTree = ""; }; 7657DED82B351B5B003A23DB /* UNIXUtilities.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = UNIXUtilities.swift; sourceTree = ""; }; 7659CA06298E1BB6005D1AA3 /* DefaultBackground.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = DefaultBackground.png; sourceTree = ""; }; 766355BD2870CA6A002E3867 /* XCredsLoginPlugin.bundle */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = XCredsLoginPlugin.bundle; sourceTree = BUILT_PRODUCTS_DIR; }; 766355C12870CB6F002E3867 /* XCredsLoginPlugin.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = XCredsLoginPlugin.h; path = XCredsLoginPlugIn/XCredsLoginPlugin.h; sourceTree = SOURCE_ROOT; }; 766355C22870CB6F002E3867 /* XCredsLoginPlugin.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; name = XCredsLoginPlugin.m; path = XCredsLoginPlugIn/XCredsLoginPlugin.m; sourceTree = SOURCE_ROOT; }; 766355C42870CCC3002E3867 /* XCredsLoginPlugin-Bridging-Header.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "XCredsLoginPlugin-Bridging-Header.h"; sourceTree = ""; }; 766355D22870F29A002E3867 /* TestWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = TestWindowController.swift; path = XCredsLoginPlugIn/TestWindowController.swift; sourceTree = ""; }; 766355D32870F29A002E3867 /* TestWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = TestWindowController.xib; path = XCredsLoginPlugIn/TestWindowController.xib; sourceTree = ""; }; 766355DA287132E9002E3867 /* LoginWebViewController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; name = LoginWebViewController.swift; path = XCredsLoginPlugIn/LoginWindow/LoginWebViewController.swift; sourceTree = SOURCE_ROOT; }; 766355E128713C47002E3867 /* LoginWindow.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = LoginWindow.swift; sourceTree = ""; }; 766355E4287148C1002E3867 /* Tokens.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = Tokens.swift; path = Shared/Tokens.swift; sourceTree = SOURCE_ROOT; }; 76673CD429D3D5F500452848 /* LicenseChecker.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = LicenseChecker.swift; sourceTree = ""; }; 766CC42129D3A320009BC526 /* Paddle.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Paddle.framework; path = Carthage/Build/Mac/Paddle.framework; sourceTree = ""; }; 766CC42229D3A321009BC526 /* ProductLicense.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = ProductLicense.framework; path = Carthage/Build/Mac/ProductLicense.framework; sourceTree = ""; }; 766CC43729D3AED2009BC526 /* errorpage.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = errorpage.html; sourceTree = ""; }; 766F4C4A2883AFD90021F548 /* pleaseWaitGraphic.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = pleaseWaitGraphic.png; sourceTree = ""; }; 766FD60C2A1B06AC00C8F244 /* DefaultsOverride.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = DefaultsOverride.swift; sourceTree = ""; }; 767116A6284AABC500CCD6FF /* NotifyManager.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = NotifyManager.swift; sourceTree = ""; }; 767116A8284AAE2B00CCD6FF /* ScheduleManager.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ScheduleManager.swift; sourceTree = ""; }; 767116AB284AB4C000CCD6FF /* PasswordUtils.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = PasswordUtils.swift; sourceTree = ""; }; 767116AD284AB59400CCD6FF /* SecurityPrivateAPI.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecurityPrivateAPI.h; sourceTree = ""; }; 767116AE284AB5D900CCD6FF /* XCreds-Bridging-Header.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "XCreds-Bridging-Header.h"; sourceTree = ""; }; 767116B0284B021500CCD6FF /* MainController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MainController.swift; sourceTree = ""; }; 767116B2284B045800CCD6FF /* KeychainUtil.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = KeychainUtil.swift; sourceTree = ""; }; 7675444428918CD100613840 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist; name = Info.plist; path = XCredsLoginPlugin/Info.plist; sourceTree = ""; }; 7677908328908E40004E7085 /* WifiWindowController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = WifiWindowController.swift; sourceTree = ""; }; 7677908428908E40004E7085 /* WifiManager.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = WifiManager.swift; sourceTree = ""; }; 7677908528908E40004E7085 /* WifiWindowController.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; path = WifiWindowController.xib; sourceTree = ""; }; 76786F4E2A27C31400AA8DB9 /* AuthRightsHelper.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = AuthRightsHelper.swift; path = Shared/AuthRightsHelper.swift; sourceTree = SOURCE_ROOT; }; 76786F532A27C36A00AA8DB9 /* auth_mech_fixup */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = auth_mech_fixup; sourceTree = BUILT_PRODUCTS_DIR; }; 76786F552A27C36A00AA8DB9 /* main.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = main.swift; sourceTree = ""; }; 76786F632A27C62D00AA8DB9 /* test */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = test; sourceTree = BUILT_PRODUCTS_DIR; }; 76786F652A27C62D00AA8DB9 /* main.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = main.swift; sourceTree = ""; }; 76786F6A2A27C72900AA8DB9 /* auth_mech_fixup-Bridging-Header.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = "auth_mech_fixup-Bridging-Header.h"; path = "auth_mech_fixup/auth_mech_fixup-Bridging-Header.h"; sourceTree = SOURCE_ROOT; }; 767B939B2A28279E0038935E /* View+Shake.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "View+Shake.swift"; sourceTree = ""; }; 767CB2CC2B13B8EB006CA2AC /* libinfo.tbd */ = {isa = PBXFileReference; lastKnownFileType = "sourcecode.text-based-dylib-definition"; name = libinfo.tbd; path = usr/lib/libinfo.tbd; sourceTree = SDKROOT; }; 767CB2CE2B13B913006CA2AC /* libsystem_info.tbd */ = {isa = PBXFileReference; lastKnownFileType = "sourcecode.text-based-dylib-definition"; name = libsystem_info.tbd; path = usr/lib/system/libsystem_info.tbd; sourceTree = SDKROOT; }; 767CB2CF2B13B92B006CA2AC /* OpenDirectory.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = OpenDirectory.framework; path = System/Library/Frameworks/OpenDirectory.framework; sourceTree = SDKROOT; }; 7681FEC42A4C8B9000F91CD1 /* AboutWindowController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = AboutWindowController.swift; sourceTree = ""; }; 7681FEC62A4C8BC800F91CD1 /* AboutWindow.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; path = AboutWindow.xib; sourceTree = ""; }; 7681FEC82A4CFEA200F91CD1 /* com.twocanoes.xcreds.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; name = com.twocanoes.xcreds.plist; path = "Profile Manifest/com.twocanoes.xcreds.plist"; sourceTree = ""; }; 7683973029A854EC003D9B9F /* NSImage+String.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "NSImage+String.swift"; sourceTree = ""; }; 76873E2E2A107736001418A9 /* DefaultsHelper.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = DefaultsHelper.swift; path = XCreds/DefaultsHelper.swift; sourceTree = ""; }; 76B040A328EFC788002A289B /* Helper+JWTDecode.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = "Helper+JWTDecode.swift"; path = "XCreds/Helper+JWTDecode.swift"; sourceTree = ""; }; 76B882A829CCFD7900BB8186 /* TCSKeychain.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = TCSKeychain.m; sourceTree = ""; }; 76B882A929CCFD7A00BB8186 /* TCSKeychain.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TCSKeychain.h; sourceTree = ""; }; 76B882AC29CCFDAE00BB8186 /* NSData+SHA1.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "NSData+SHA1.m"; sourceTree = ""; }; 76B882AD29CCFDAE00BB8186 /* NSData+SHA1.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "NSData+SHA1.h"; sourceTree = ""; }; 76B882B029CCFDBA00BB8186 /* NSData+HexString.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "NSData+HexString.m"; sourceTree = ""; }; 76B882B129CCFDBA00BB8186 /* NSData+HexString.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "NSData+HexString.h"; sourceTree = ""; }; 76BEF7D42871F36C0013E2A1 /* main.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = main.swift; sourceTree = ""; }; 76BEF7DB2871F5F00013E2A1 /* TCSReturnWindow.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = TCSReturnWindow.m; sourceTree = ""; }; 76BEF7DC2871F5F00013E2A1 /* TCSReturnWindow.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TCSReturnWindow.h; sourceTree = ""; }; 76BEF7E02871F74D0013E2A1 /* ControlsViewController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ControlsViewController.swift; sourceTree = ""; }; 76BEF7E2287202080013E2A1 /* RestartX.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = RestartX.png; sourceTree = ""; }; 76BEF7E3287202080013E2A1 /* RestartX@2x.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = "RestartX@2x.png"; sourceTree = ""; }; 76BEF7E6287202AF0013E2A1 /* ShutdownX.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = ShutdownX.png; sourceTree = ""; }; 76BEF7E7287202AF0013E2A1 /* ShutdownX@2x.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = "ShutdownX@2x.png"; sourceTree = ""; }; 76BEF7EA28724A0B0013E2A1 /* XCredsLoginMechanism.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = XCredsLoginMechanism.swift; sourceTree = ""; }; 76BEF7EB28724A0B0013E2A1 /* XCredsBaseMechanism.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = XCredsBaseMechanism.swift; sourceTree = ""; }; 76BEF7F228724F120013E2A1 /* XCredsPowerControlMechanism.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = XCredsPowerControlMechanism.swift; sourceTree = ""; }; 76BEF7F528724FA80013E2A1 /* NSTaskWrapper.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = NSTaskWrapper.swift; sourceTree = ""; }; 76BEF7F72872504C0013E2A1 /* ContextAndHintHandling.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ContextAndHintHandling.swift; sourceTree = ""; }; 76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = AuthorizationDBManager.swift; path = XCredsLoginPlugIn/LoginWindow/AuthorizationDBManager.swift; sourceTree = SOURCE_ROOT; }; 76BEF7FE2872A3030013E2A1 /* loginwindow@2x.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = "loginwindow@2x.png"; sourceTree = ""; }; 76BEF7FF2872A3030013E2A1 /* loginwindow.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = loginwindow.png; sourceTree = ""; }; 76C084092A9A2635008039FA /* ControlsViewController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = ControlsViewController.xib; sourceTree = ""; }; 76C4ACBE2B3D0F8D003B3605 /* ShareMounter.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ShareMounter.swift; sourceTree = ""; }; 76C4BAB22B353AD7007B2C57 /* libresolv.tbd */ = {isa = PBXFileReference; lastKnownFileType = "sourcecode.text-based-dylib-definition"; name = libresolv.tbd; path = usr/lib/libresolv.tbd; sourceTree = SDKROOT; }; 76C4BAB52B353AF7007B2C57 /* Kerberos.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Kerberos.framework; path = System/Library/Frameworks/Kerberos.framework; sourceTree = SDKROOT; }; 76C4BABA2B353B4B007B2C57 /* KerbUtil.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = KerbUtil.m; sourceTree = ""; }; 76C63A312A22872700810C53 /* History.md */ = {isa = PBXFileReference; lastKnownFileType = net.daringfireball.markdown; path = History.md; sourceTree = ""; }; 76CB9076287FBEEA00C70D0C /* Helper+URLDecode.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "Helper+URLDecode.swift"; sourceTree = ""; }; 76CB907C288112AF00C70D0C /* xcreds_login.sh */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; path = xcreds_login.sh; sourceTree = ""; }; 76CCF5422B12E478003F85E9 /* SelectLocalAccountWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SelectLocalAccountWindowController.swift; sourceTree = ""; }; 76CCF5432B12E478003F85E9 /* SelectLocalAccountWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = SelectLocalAccountWindowController.xib; sourceTree = ""; }; 76D1757D2B24096C00E64A62 /* MainLoginWindow.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MainLoginWindow.swift; sourceTree = ""; }; 76D4726B2B43B8FA0064380C /* TCTaskWrapperWithBlocks.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TCTaskWrapperWithBlocks.h; sourceTree = ""; }; 76D4726C2B43B8FB0064380C /* TCTaskWrapperWithBlocks.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = TCTaskWrapperWithBlocks.m; sourceTree = ""; }; 76D7ADF9284EB15000332EBC /* TCSUnifiedLogger.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = TCSUnifiedLogger.m; sourceTree = ""; }; 76D7ADFA284EB15100332EBC /* TCSUnifiedLogger.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TCSUnifiedLogger.h; sourceTree = ""; }; 76D7ADFC284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "NSFileManager+TCSRealHomeFolder.m"; sourceTree = ""; }; 76D7ADFD284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "NSFileManager+TCSRealHomeFolder.h"; sourceTree = ""; }; 76DB5CF32A09AE9A0014F8E1 /* get_pw.js */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.javascript; name = get_pw.js; path = Javascript/get_pw/get_pw.js; sourceTree = ""; }; 76DC0A6528836EB1007C42B2 /* XCreds Login Overlay.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = "XCreds Login Overlay.app"; sourceTree = BUILT_PRODUCTS_DIR; }; 76DC0A6728836EB1007C42B2 /* AppDelegate.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppDelegate.swift; sourceTree = ""; }; 76DC0A6928836EB2007C42B2 /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Assets.xcassets; sourceTree = ""; }; 76DC0A6C28836EB2007C42B2 /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = Base; path = Base.lproj/MainMenu.xib; sourceTree = ""; }; 76DC0A6E28836EB2007C42B2 /* XCreds_Login_Overlay.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = XCreds_Login_Overlay.entitlements; sourceTree = ""; }; 76DC0A7628837028007C42B2 /* returnArrow.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = returnArrow.png; sourceTree = ""; }; 76DC0A78288370BA007C42B2 /* com.twocanoes.xcreds-overlay.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = "com.twocanoes.xcreds-overlay.plist"; sourceTree = ""; }; 76DC0A7D288376BC007C42B2 /* TCSXCredsLoginOverlayWindow.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = TCSXCredsLoginOverlayWindow.swift; sourceTree = ""; }; 76DC0A7F2883785A007C42B2 /* XCreds-Login-Overlay-Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist; path = "XCreds-Login-Overlay-Info.plist"; sourceTree = SOURCE_ROOT; }; 76DD6D122859978F00A700ED /* OIDCLite */ = {isa = PBXFileReference; lastKnownFileType = wrapper; name = OIDCLite; path = ../OIDCLite; sourceTree = ""; }; 76E466642B1A4C16006529B6 /* UpdatePasswordWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = UpdatePasswordWindowController.swift; sourceTree = ""; }; 76E466652B1A4C16006529B6 /* UpdatePasswordWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = UpdatePasswordWindowController.xib; sourceTree = ""; }; 76E74DCE2B3902F0004C6429 /* XCredsMechanismProtocol.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = XCredsMechanismProtocol.swift; sourceTree = ""; }; 76E9CE6E2A0DC6E30060220C /* TCSLoginWindowUtilities.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = TCSLoginWindowUtilities.h; path = XCreds/TCSLoginWindowUtilities.h; sourceTree = ""; }; 76E9CE6F2A0DC6E30060220C /* TCSLoginWindowUtilities.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; name = TCSLoginWindowUtilities.m; path = XCreds/TCSLoginWindowUtilities.m; sourceTree = ""; }; 76EE069A27FD1D00009E0F3A /* XCreds.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = XCreds.app; sourceTree = BUILT_PRODUCTS_DIR; }; 76EE069D27FD1D00009E0F3A /* AppDelegate.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppDelegate.swift; sourceTree = ""; }; 76EE069F27FD1D01009E0F3A /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Assets.xcassets; sourceTree = ""; }; 76EE06A227FD1D01009E0F3A /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = Base; path = Base.lproj/MainMenu.xib; sourceTree = ""; }; 76EE06A427FD1D01009E0F3A /* xCreds.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = xCreds.entitlements; sourceTree = ""; }; 76EE06AA27FD1D66009E0F3A /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist; path = Info.plist; sourceTree = ""; }; 76EE06AB27FD1D92009E0F3A /* TokenManager.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = TokenManager.swift; sourceTree = ""; }; 76EE06AD27FD1DC3009E0F3A /* PrefKeys.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = PrefKeys.swift; sourceTree = ""; }; 76EE06AF27FD1DD8009E0F3A /* Window+ForceToFront.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "Window+ForceToFront.swift"; sourceTree = ""; }; 76EE06B127FD1E24009E0F3A /* DesktopLoginWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = DesktopLoginWindowController.xib; sourceTree = ""; }; 76EE06B327FD1E5F009E0F3A /* WebViewController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = WebViewController.swift; sourceTree = ""; }; 76EE06B527FD1E79009E0F3A /* PreferencesWindow.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = PreferencesWindow.xib; sourceTree = ""; }; 76EE06B727FD1EB7009E0F3A /* PreferencesWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = PreferencesWindowController.swift; sourceTree = ""; }; 76EE06C127FD1F50009E0F3A /* StatusMenuController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = StatusMenuController.swift; sourceTree = ""; }; 76EECCFF2875135900483C66 /* LoggerHelper.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = LoggerHelper.swift; sourceTree = ""; }; 76EECD0328753C7F00483C66 /* String+Base64URLEncoded.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "String+Base64URLEncoded.swift"; sourceTree = ""; }; 76FDC5D42B22D47A0035D61E /* MainLoginWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = MainLoginWindowController.swift; path = XCreds/MainLoginWindowController.swift; sourceTree = SOURCE_ROOT; }; 76FDC5D52B22D47A0035D61E /* MainLoginWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = MainLoginWindowController.xib; path = XCredsLoginPlugIn/LoginWindow/MainLoginWindowController.xib; sourceTree = SOURCE_ROOT; }; 76FDC5D82B235A4F0035D61E /* StatusMenuWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = StatusMenuWindowController.swift; sourceTree = SOURCE_ROOT; }; 76FDC5D92B235A4F0035D61E /* StatusMenuWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = StatusMenuWindowController.xib; sourceTree = SOURCE_ROOT; }; /* End PBXFileReference section */ /* Begin PBXFrameworksBuildPhase section */ 7631935A287D22C700D36BF7 /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( 76AB89E32A12FB4900529D90 /* ArgumentParser in Frameworks */, 76AB89E12A12FAF900529D90 /* OIDCLite in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; }; 766355BA2870CA6A002E3867 /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( 76C4BAB62B353AF7007B2C57 /* Kerberos.framework in Frameworks */, 76C4BAB42B353ADD007B2C57 /* libresolv.tbd in Frameworks */, 766CC42D29D3A3EC009BC526 /* ProductLicense.framework in Frameworks */, 766CC42F29D3A3EC009BC526 /* Paddle.framework in Frameworks */, 766355CE2870E9D3002E3867 /* OIDCLite in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; }; 76786F502A27C36A00AA8DB9 /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( ); runOnlyForDeploymentPostprocessing = 0; }; 76786F602A27C62D00AA8DB9 /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( ); runOnlyForDeploymentPostprocessing = 0; }; 76DC0A6228836EB1007C42B2 /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( 766CC43429D3A3F8009BC526 /* Paddle.framework in Frameworks */, 766CC43229D3A3F8009BC526 /* ProductLicense.framework in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; }; 76EE069727FD1D00009E0F3A /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( 76C4BAB72B353AFD007B2C57 /* Kerberos.framework in Frameworks */, 762177E62B7144460051B756 /* OIDCLite in Frameworks */, 76C4BAB32B353AD7007B2C57 /* libresolv.tbd in Frameworks */, 763DDF1A2B4F1DD4000D48CC /* GSS.framework in Frameworks */, 766CC42829D3A3DC009BC526 /* ProductLicense.framework in Frameworks */, 766CC42A29D3A3DC009BC526 /* Paddle.framework in Frameworks */, 767CB2D02B13B92B006CA2AC /* OpenDirectory.framework in Frameworks */, 76319369287D24F600D36BF7 /* ArgumentParser in Frameworks */, 76319366287D24E100D36BF7 /* ArgumentParser in Frameworks */, 76DD6D17285997F300A700ED /* OIDCLite in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; }; /* End PBXFrameworksBuildPhase section */ /* Begin PBXGroup section */ 760418CC2A1331710051411B /* NomadLogin */ = { isa = PBXGroup; children = ( 760418DE2A1334D00051411B /* CheckAD.swift */, 760418DC2A1334210051411B /* NoLoMechanism.swift */, 760418DA2A13328C0051411B /* LocalCheckAndMigrate.swift */, 760418D82A1332770051411B /* SystemInfoHelper.swift */, 760418D62A1332660051411B /* DSQueryable.swift */, 760418D42A1332520051411B /* DS+AD.swift */, 760418CD2A1332210051411B /* UI */, ); path = NomadLogin; sourceTree = ""; }; 760418CD2A1332210051411B /* UI */ = { isa = PBXGroup; children = ( 760418CE2A1332210051411B /* SignIn.xib */, ); path = UI; sourceTree = ""; }; 7631935E287D22C700D36BF7 /* authrights */ = { isa = PBXGroup; children = ( 76786F4E2A27C31400AA8DB9 /* AuthRightsHelper.swift */, 7631935F287D22C700D36BF7 /* authrights.swift */, ); path = authrights; sourceTree = ""; }; 7657DEDC2B351BF9003A23DB /* headers */ = { isa = PBXGroup; children = ( 7657DEBF2B3505A3003A23DB /* DNSResolver.h */, 7657DED32B35064E003A23DB /* krb5.h */, 7657DED22B350644003A23DB /* GSSItem.h */, ); path = headers; sourceTree = ""; }; 766355C72870D1B5002E3867 /* XCredsLogin */ = { isa = PBXGroup; children = ( 76B882B129CCFDBA00BB8186 /* NSData+HexString.h */, 76B882B029CCFDBA00BB8186 /* NSData+HexString.m */, 76B882AD29CCFDAE00BB8186 /* NSData+SHA1.h */, 76B882AC29CCFDAE00BB8186 /* NSData+SHA1.m */, 76B882A929CCFD7A00BB8186 /* TCSKeychain.h */, 76B882A829CCFD7900BB8186 /* TCSKeychain.m */, 7613FDF6289E114F00340CCD /* loadpage.html */, 766CC43729D3AED2009BC526 /* errorpage.html */, 7677908428908E40004E7085 /* WifiManager.swift */, 7677908328908E40004E7085 /* WifiWindowController.swift */, 7677908528908E40004E7085 /* WifiWindowController.xib */, 76EECD0328753C7F00483C66 /* String+Base64URLEncoded.swift */, 7632E3A02873497C00E37923 /* LogShim.swift */, 76BEF7F72872504C0013E2A1 /* ContextAndHintHandling.swift */, 76BEF7F528724FA80013E2A1 /* NSTaskWrapper.swift */, 766355C12870CB6F002E3867 /* XCredsLoginPlugin.h */, 766355C22870CB6F002E3867 /* XCredsLoginPlugin.m */, 76BEF7F028724E520013E2A1 /* LoginWindow */, 76BEF7EF28724E280013E2A1 /* Mechanisms */, ); name = XCredsLogin; path = XCredsLoginPlugIn; sourceTree = ""; }; 76786F542A27C36A00AA8DB9 /* auth_mech_fixup */ = { isa = PBXGroup; children = ( 76786F6A2A27C72900AA8DB9 /* auth_mech_fixup-Bridging-Header.h */, 76786F552A27C36A00AA8DB9 /* main.swift */, ); path = auth_mech_fixup; sourceTree = ""; }; 76786F642A27C62D00AA8DB9 /* test */ = { isa = PBXGroup; children = ( 76786F652A27C62D00AA8DB9 /* main.swift */, ); path = test; sourceTree = ""; }; 76BEF7D32871F36C0013E2A1 /* FakeTrue */ = { isa = PBXGroup; children = ( 76BEF7D42871F36C0013E2A1 /* main.swift */, ); path = FakeTrue; sourceTree = ""; }; 76BEF7EF28724E280013E2A1 /* Mechanisms */ = { isa = PBXGroup; children = ( 761B486B28A3575000C6A02B /* XCredsLoginDone.swift */, 7611CEC1288B96760063A644 /* XCredsEnableFDE.swift */, 7611CEBF288B75140063A644 /* XCredsCreateUser.swift */, 7632E39E287347C100E37923 /* XCredsKeychainAdd.swift */, 76BEF7F228724F120013E2A1 /* XCredsPowerControlMechanism.swift */, 76BEF7EA28724A0B0013E2A1 /* XCredsLoginMechanism.swift */, 76BEF7EB28724A0B0013E2A1 /* XCredsBaseMechanism.swift */, ); path = Mechanisms; sourceTree = ""; }; 76BEF7F028724E520013E2A1 /* LoginWindow */ = { isa = PBXGroup; children = ( 766355DA287132E9002E3867 /* LoginWebViewController.swift */, 760418CF2A1332210051411B /* SignInWindowController.swift */, 761B486828A34CC900C6A02B /* LoginProgressWindowController.swift */, 089B22F02AFAED280006B6BC /* NetworkMonitor.swift */, 761B486728A34CC900C6A02B /* LoginProgressWindowController.xib */, 76FDC5D52B22D47A0035D61E /* MainLoginWindowController.xib */, 76CB907C288112AF00C70D0C /* xcreds_login.sh */, 76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */, 76BEF7DC2871F5F00013E2A1 /* TCSReturnWindow.h */, 76BEF7DB2871F5F00013E2A1 /* TCSReturnWindow.m */, 76C084092A9A2635008039FA /* ControlsViewController.xib */, 76BEF7E02871F74D0013E2A1 /* ControlsViewController.swift */, 766355E128713C47002E3867 /* LoginWindow.swift */, 7651EDEC2A1451590075980B /* LocalUsersViewController.xib */, 76D1757D2B24096C00E64A62 /* MainLoginWindow.swift */, 76BEF7F128724EB60013E2A1 /* images */, ); path = LoginWindow; sourceTree = ""; }; 76BEF7F128724EB60013E2A1 /* images */ = { isa = PBXGroup; children = ( 7649056E2B6CADA9008B552F /* xcredsmenuItemWindowBackgroundImage.png */, 76BEF7FF2872A3030013E2A1 /* loginwindow.png */, 76BEF7FE2872A3030013E2A1 /* loginwindow@2x.png */, 76BEF7E6287202AF0013E2A1 /* ShutdownX.png */, 76BEF7E7287202AF0013E2A1 /* ShutdownX@2x.png */, 76BEF7E2287202080013E2A1 /* RestartX.png */, 76BEF7E3287202080013E2A1 /* RestartX@2x.png */, ); path = images; sourceTree = ""; }; 76C4BAB92B353B3F007B2C57 /* NoMAD */ = { isa = PBXGroup; children = ( 7657DEAE2B3503BF003A23DB /* SessionManager.swift */, 7657DED82B351B5B003A23DB /* UNIXUtilities.swift */, 7657DED52B351A67003A23DB /* KerbUtil.h */, 76C4BABA2B353B4B007B2C57 /* KerbUtil.m */, 7657DEDC2B351BF9003A23DB /* headers */, 7657DECB2B35061E003A23DB /* SiteManager.swift */, 7657DEC82B350606003A23DB /* KlistUtil.swift */, 7657DEC52B3505EB003A23DB /* Extensions.swift */, 7657DEC22B3505CB003A23DB /* ADLDAPPing.swift */, 7657DEBE2B3505A3003A23DB /* DNSResolver.m */, 7657DEBB2B35055F003A23DB /* Logger.swift */, 7657DEB52B3504A6003A23DB /* UserRecord.swift */, 7657DEB22B350476003A23DB /* NoMADSession.swift */, ); name = NoMAD; sourceTree = ""; }; 76DC0A6628836EB1007C42B2 /* XCreds Login Overlay */ = { isa = PBXGroup; children = ( 766F4C4A2883AFD90021F548 /* pleaseWaitGraphic.png */, 76DC0A7F2883785A007C42B2 /* XCreds-Login-Overlay-Info.plist */, 76DC0A7D288376BC007C42B2 /* TCSXCredsLoginOverlayWindow.swift */, 76DC0A78288370BA007C42B2 /* com.twocanoes.xcreds-overlay.plist */, 76DC0A7628837028007C42B2 /* returnArrow.png */, 76DC0A6728836EB1007C42B2 /* AppDelegate.swift */, 76DC0A6928836EB2007C42B2 /* Assets.xcassets */, 76DC0A6B28836EB2007C42B2 /* MainMenu.xib */, 76DC0A6E28836EB2007C42B2 /* XCreds_Login_Overlay.entitlements */, ); path = "XCreds Login Overlay"; sourceTree = ""; }; 76DD6D112859978F00A700ED /* Packages */ = { isa = PBXGroup; children = ( 76DD6D122859978F00A700ED /* OIDCLite */, ); name = Packages; sourceTree = ""; }; 76DD6D15285997F300A700ED /* Frameworks */ = { isa = PBXGroup; children = ( 763DDF192B4F1DD4000D48CC /* GSS.framework */, 76C4BAB52B353AF7007B2C57 /* Kerberos.framework */, 76C4BAB22B353AD7007B2C57 /* libresolv.tbd */, 767CB2CF2B13B92B006CA2AC /* OpenDirectory.framework */, 767CB2CE2B13B913006CA2AC /* libsystem_info.tbd */, 767CB2CC2B13B8EB006CA2AC /* libinfo.tbd */, 766CC42129D3A320009BC526 /* Paddle.framework */, 766CC42229D3A321009BC526 /* ProductLicense.framework */, ); name = Frameworks; sourceTree = ""; }; 76EE069127FD1D00009E0F3A = { isa = PBXGroup; children = ( 76D4726B2B43B8FA0064380C /* TCTaskWrapperWithBlocks.h */, 76D4726C2B43B8FB0064380C /* TCTaskWrapperWithBlocks.m */, 763DDF152B4F100D000D48CC /* ShareMounterMenu.swift */, 76C4ACBE2B3D0F8D003B3605 /* ShareMounter.swift */, 76C4BAB92B353B3F007B2C57 /* NoMAD */, 760148A82B23639D00E119A2 /* NSBundle+FindBundlePath.swift */, 7614D03B2B181A5D006EAF36 /* icon_128x128.png */, 7681FEC82A4CFEA200F91CD1 /* com.twocanoes.xcreds.plist */, 76C63A312A22872700810C53 /* History.md */, 760418CC2A1331710051411B /* NomadLogin */, 76873E2E2A107736001418A9 /* DefaultsHelper.swift */, 76E9CE6E2A0DC6E30060220C /* TCSLoginWindowUtilities.h */, 76E9CE6F2A0DC6E30060220C /* TCSLoginWindowUtilities.m */, 76673CD429D3D5F500452848 /* LicenseChecker.swift */, 7683973029A854EC003D9B9F /* NSImage+String.swift */, 76DB5CF32A09AE9A0014F8E1 /* get_pw.js */, 7659CA06298E1BB6005D1AA3 /* DefaultBackground.png */, 766FD60C2A1B06AC00C8F244 /* DefaultsOverride.swift */, 7675444428918CD100613840 /* Info.plist */, 76DD6D15285997F300A700ED /* Frameworks */, 76CB9076287FBEEA00C70D0C /* Helper+URLDecode.swift */, 76B040A328EFC788002A289B /* Helper+JWTDecode.swift */, 7632909B2876673500CF8857 /* DataExtension.swift */, 766355D22870F29A002E3867 /* TestWindowController.swift */, 766355D32870F29A002E3867 /* TestWindowController.xib */, 76DD6D112859978F00A700ED /* Packages */, 766355C72870D1B5002E3867 /* XCredsLogin */, 76EE069C27FD1D00009E0F3A /* XCreds */, 76BEF7D32871F36C0013E2A1 /* FakeTrue */, 7631935E287D22C700D36BF7 /* authrights */, 76DC0A6628836EB1007C42B2 /* XCreds Login Overlay */, 76786F542A27C36A00AA8DB9 /* auth_mech_fixup */, 76786F642A27C62D00AA8DB9 /* test */, 76EE069B27FD1D00009E0F3A /* Products */, ); sourceTree = ""; }; 76EE069B27FD1D00009E0F3A /* Products */ = { isa = PBXGroup; children = ( 76EE069A27FD1D00009E0F3A /* XCreds.app */, 766355BD2870CA6A002E3867 /* XCredsLoginPlugin.bundle */, 7631935D287D22C700D36BF7 /* authrights */, 76DC0A6528836EB1007C42B2 /* XCreds Login Overlay.app */, 76786F532A27C36A00AA8DB9 /* auth_mech_fixup */, 76786F632A27C62D00AA8DB9 /* test */, ); name = Products; sourceTree = ""; }; 76EE069C27FD1D00009E0F3A /* XCreds */ = { isa = PBXGroup; children = ( 76FDC5D42B22D47A0035D61E /* MainLoginWindowController.swift */, 764D8125284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.xib */, 76CCF5432B12E478003F85E9 /* SelectLocalAccountWindowController.xib */, 76CCF5422B12E478003F85E9 /* SelectLocalAccountWindowController.swift */, 76FDC5D92B235A4F0035D61E /* StatusMenuWindowController.xib */, 76E466652B1A4C16006529B6 /* UpdatePasswordWindowController.xib */, 7651EDF62A1474330075980B /* LoginWebViewController.xib */, 764D812B284BCC7400B3EE54 /* VerifyOIDCPassword.xib */, 76FDC5D82B235A4F0035D61E /* StatusMenuWindowController.swift */, 76D7ADFD284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.h */, 76D7ADFC284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m */, 76D7ADFA284EB15100332EBC /* TCSUnifiedLogger.h */, 76D7ADF9284EB15000332EBC /* TCSUnifiedLogger.m */, 76EECCFF2875135900483C66 /* LoggerHelper.swift */, 764D812A284BCC7400B3EE54 /* VerifyOIDCPasswordWindowController.swift */, 764D8124284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.swift */, 764D8132284D14A500B3EE54 /* Credits.txt */, 76E466642B1A4C16006529B6 /* UpdatePasswordWindowController.swift */, 767116B2284B045800CCD6FF /* KeychainUtil.swift */, 767116AD284AB59400CCD6FF /* SecurityPrivateAPI.h */, 76EE06AB27FD1D92009E0F3A /* TokenManager.swift */, 76E74DCE2B3902F0004C6429 /* XCredsMechanismProtocol.swift */, 76EE06AD27FD1DC3009E0F3A /* PrefKeys.swift */, 764D8128284BCAB100B3EE54 /* Window+Shake.swift */, 767B939B2A28279E0038935E /* View+Shake.swift */, 76EE06B127FD1E24009E0F3A /* DesktopLoginWindowController.xib */, 76342E592B282653007D4F29 /* DesktopLoginWindowController.swift */, 76EE06B327FD1E5F009E0F3A /* WebViewController.swift */, 766355E4287148C1002E3867 /* Tokens.swift */, 7681FEC62A4C8BC800F91CD1 /* AboutWindow.xib */, 767116AB284AB4C000CCD6FF /* PasswordUtils.swift */, 76EE06B527FD1E79009E0F3A /* PreferencesWindow.xib */, 764D812E284C06AB00B3EE54 /* defaults.plist */, 767116AE284AB5D900CCD6FF /* XCreds-Bridging-Header.h */, 76EE06B727FD1EB7009E0F3A /* PreferencesWindowController.swift */, 7681FEC42A4C8B9000F91CD1 /* AboutWindowController.swift */, 76EE06AF27FD1DD8009E0F3A /* Window+ForceToFront.swift */, 767116A8284AAE2B00CCD6FF /* ScheduleManager.swift */, 76EE06C127FD1F50009E0F3A /* StatusMenuController.swift */, 76EE06AA27FD1D66009E0F3A /* Info.plist */, 76EE069D27FD1D00009E0F3A /* AppDelegate.swift */, 767116B0284B021500CCD6FF /* MainController.swift */, 767116A6284AABC500CCD6FF /* NotifyManager.swift */, 76EE069F27FD1D01009E0F3A /* Assets.xcassets */, 76EE06A127FD1D01009E0F3A /* MainMenu.xib */, 76EE06A427FD1D01009E0F3A /* xCreds.entitlements */, 766355C42870CCC3002E3867 /* XCredsLoginPlugin-Bridging-Header.h */, ); path = XCreds; sourceTree = ""; }; /* End PBXGroup section */ /* Begin PBXLegacyTarget section */ 766F4C4C2883B88F0021F548 /* Send To Test */ = { isa = PBXLegacyTarget; buildArgumentsString = "app_to_test.sh mba.local"; buildConfigurationList = 766F4C4D2883B88F0021F548 /* Build configuration list for PBXLegacyTarget "Send To Test" */; buildPhases = ( ); buildToolPath = /bin/bash; buildWorkingDirectory = /Users/tperfitt/Documents/Projects/xcreds; dependencies = ( ); name = "Send To Test"; passBuildSettingsInEnvironment = 1; productName = "Send To Test"; }; /* End PBXLegacyTarget section */ /* Begin PBXNativeTarget section */ 7631935C287D22C700D36BF7 /* authrights */ = { isa = PBXNativeTarget; buildConfigurationList = 76319363287D22C700D36BF7 /* Build configuration list for PBXNativeTarget "authrights" */; buildPhases = ( 76319359287D22C700D36BF7 /* Sources */, 7631935A287D22C700D36BF7 /* Frameworks */, 7631935B287D22C700D36BF7 /* CopyFiles */, ); buildRules = ( ); dependencies = ( ); name = authrights; packageProductDependencies = ( 76AB89E02A12FAF900529D90 /* OIDCLite */, 76AB89E22A12FB4900529D90 /* ArgumentParser */, ); productName = authrights; productReference = 7631935D287D22C700D36BF7 /* authrights */; productType = "com.apple.product-type.tool"; }; 766355BC2870CA6A002E3867 /* XCredsLoginPlugin */ = { isa = PBXNativeTarget; buildConfigurationList = 766355C02870CA6A002E3867 /* Build configuration list for PBXNativeTarget "XCredsLoginPlugin" */; buildPhases = ( 766355B92870CA6A002E3867 /* Sources */, 766355BA2870CA6A002E3867 /* Frameworks */, 766355BB2870CA6A002E3867 /* Resources */, 766CC43129D3A3EC009BC526 /* Embed Frameworks */, ); buildRules = ( ); dependencies = ( ); name = XCredsLoginPlugin; packageProductDependencies = ( 766355CD2870E9D3002E3867 /* OIDCLite */, ); productName = XCredsLoginPlugin; productReference = 766355BD2870CA6A002E3867 /* XCredsLoginPlugin.bundle */; productType = "com.apple.product-type.bundle"; }; 76786F522A27C36A00AA8DB9 /* auth_mech_fixup */ = { isa = PBXNativeTarget; buildConfigurationList = 76786F572A27C36A00AA8DB9 /* Build configuration list for PBXNativeTarget "auth_mech_fixup" */; buildPhases = ( 76786F4F2A27C36A00AA8DB9 /* Sources */, 76786F502A27C36A00AA8DB9 /* Frameworks */, 76786F512A27C36A00AA8DB9 /* CopyFiles */, ); buildRules = ( ); dependencies = ( ); name = auth_mech_fixup; productName = auth_mech_fixup; productReference = 76786F532A27C36A00AA8DB9 /* auth_mech_fixup */; productType = "com.apple.product-type.tool"; }; 76786F622A27C62D00AA8DB9 /* test */ = { isa = PBXNativeTarget; buildConfigurationList = 76786F672A27C62D00AA8DB9 /* Build configuration list for PBXNativeTarget "test" */; buildPhases = ( 76786F5F2A27C62D00AA8DB9 /* Sources */, 76786F602A27C62D00AA8DB9 /* Frameworks */, 76786F612A27C62D00AA8DB9 /* CopyFiles */, ); buildRules = ( ); dependencies = ( ); name = test; productName = test; productReference = 76786F632A27C62D00AA8DB9 /* test */; productType = "com.apple.product-type.tool"; }; 76DC0A6428836EB1007C42B2 /* XCreds Login Overlay */ = { isa = PBXNativeTarget; buildConfigurationList = 76DC0A6F28836EB2007C42B2 /* Build configuration list for PBXNativeTarget "XCreds Login Overlay" */; buildPhases = ( 76DC0A6128836EB1007C42B2 /* Sources */, 76DC0A6228836EB1007C42B2 /* Frameworks */, 76DC0A6328836EB1007C42B2 /* Resources */, 766CC43629D3A3F8009BC526 /* Embed Frameworks */, ); buildRules = ( ); dependencies = ( ); name = "XCreds Login Overlay"; productName = "XCreds Login Overlay"; productReference = 76DC0A6528836EB1007C42B2 /* XCreds Login Overlay.app */; productType = "com.apple.product-type.application"; }; 76EE069927FD1D00009E0F3A /* XCreds */ = { isa = PBXNativeTarget; buildConfigurationList = 76EE06A727FD1D01009E0F3A /* Build configuration list for PBXNativeTarget "XCreds" */; buildPhases = ( 76EE069627FD1D00009E0F3A /* Sources */, 76EE069727FD1D00009E0F3A /* Frameworks */, 76EE069827FD1D00009E0F3A /* Resources */, 766CC42C29D3A3DC009BC526 /* Embed Frameworks */, ); buildRules = ( ); dependencies = ( 76DC0A7B28837152007C42B2 /* PBXTargetDependency */, 76319376287E19A500D36BF7 /* PBXTargetDependency */, 76319379287E204500D36BF7 /* PBXTargetDependency */, ); name = XCreds; packageProductDependencies = ( 76DD6D16285997F300A700ED /* OIDCLite */, 76319365287D24E100D36BF7 /* ArgumentParser */, 76319368287D24F600D36BF7 /* ArgumentParser */, 762177E52B7144460051B756 /* OIDCLite */, ); productName = xCreds; productReference = 76EE069A27FD1D00009E0F3A /* XCreds.app */; productType = "com.apple.product-type.application"; }; /* End PBXNativeTarget section */ /* Begin PBXProject section */ 76EE069227FD1D00009E0F3A /* Project object */ = { isa = PBXProject; attributes = { BuildIndependentTargetsInParallel = 1; LastSwiftUpdateCheck = 1430; LastUpgradeCheck = 1330; TargetAttributes = { 7631935C287D22C700D36BF7 = { CreatedOnToolsVersion = 13.4.1; }; 766355BC2870CA6A002E3867 = { CreatedOnToolsVersion = 13.4.1; LastSwiftMigration = 1340; }; 766F4C4C2883B88F0021F548 = { CreatedOnToolsVersion = 13.4.1; }; 76786F522A27C36A00AA8DB9 = { CreatedOnToolsVersion = 14.3; }; 76786F622A27C62D00AA8DB9 = { CreatedOnToolsVersion = 14.3; }; 76DC0A6428836EB1007C42B2 = { CreatedOnToolsVersion = 13.4.1; }; 76EE069927FD1D00009E0F3A = { CreatedOnToolsVersion = 13.3; }; }; }; buildConfigurationList = 76EE069527FD1D00009E0F3A /* Build configuration list for PBXProject "XCreds" */; compatibilityVersion = "Xcode 13.0"; developmentRegion = en; hasScannedForEncodings = 0; knownRegions = ( en, Base, ); mainGroup = 76EE069127FD1D00009E0F3A; packageReferences = ( 76319364287D24E100D36BF7 /* XCRemoteSwiftPackageReference "swift-argument-parser" */, 762177E42B7144460051B756 /* XCLocalSwiftPackageReference "../OIDCLite" */, ); productRefGroup = 76EE069B27FD1D00009E0F3A /* Products */; projectDirPath = ""; projectRoot = ""; targets = ( 76EE069927FD1D00009E0F3A /* XCreds */, 766355BC2870CA6A002E3867 /* XCredsLoginPlugin */, 7631935C287D22C700D36BF7 /* authrights */, 76DC0A6428836EB1007C42B2 /* XCreds Login Overlay */, 766F4C4C2883B88F0021F548 /* Send To Test */, 76786F522A27C36A00AA8DB9 /* auth_mech_fixup */, 76786F622A27C62D00AA8DB9 /* test */, ); }; /* End PBXProject section */ /* Begin PBXResourcesBuildPhase section */ 766355BB2870CA6A002E3867 /* Resources */ = { isa = PBXResourcesBuildPhase; buildActionMask = 2147483647; files = ( 76BEF8002872A3030013E2A1 /* loginwindow@2x.png in Resources */, 766355D928711C51002E3867 /* defaults.plist in Resources */, 7613FDF7289E114F00340CCD /* loadpage.html in Resources */, 7659CA07298E1BB6005D1AA3 /* DefaultBackground.png in Resources */, 766355D52870F29A002E3867 /* TestWindowController.xib in Resources */, 76CCF5452B12E478003F85E9 /* SelectLocalAccountWindowController.xib in Resources */, 7651EDED2A1451590075980B /* LocalUsersViewController.xib in Resources */, 761B486928A34CC900C6A02B /* LoginProgressWindowController.xib in Resources */, 766CC43829D3AED2009BC526 /* errorpage.html in Resources */, 7614D03C2B181A5D006EAF36 /* icon_128x128.png in Resources */, 76BEF7E4287202090013E2A1 /* RestartX.png in Resources */, 76D925D32894ADB4005C3245 /* Assets.xcassets in Resources */, 76BEF8012872A3030013E2A1 /* loginwindow.png in Resources */, 766355D12870EBAD002E3867 /* VerifyOIDCPassword.xib in Resources */, 76EECCFC2873E6E200483C66 /* VerifyLocalPasswordWindowController.xib in Resources */, 76BEF7E8287202AF0013E2A1 /* ShutdownX.png in Resources */, 76FDC5D72B22D47A0035D61E /* MainLoginWindowController.xib in Resources */, 76E466672B1A4C16006529B6 /* UpdatePasswordWindowController.xib in Resources */, 76C0840B2A9A311E008039FA /* ControlsViewController.xib in Resources */, 76BEF7E5287202090013E2A1 /* RestartX@2x.png in Resources */, 7651EDF72A1474330075980B /* LoginWebViewController.xib in Resources */, 7677908828908E40004E7085 /* WifiWindowController.xib in Resources */, 76DB5CF52A09AE9A0014F8E1 /* get_pw.js in Resources */, 76BEF7E9287202AF0013E2A1 /* ShutdownX@2x.png in Resources */, ); runOnlyForDeploymentPostprocessing = 0; }; 76DC0A6328836EB1007C42B2 /* Resources */ = { isa = PBXResourcesBuildPhase; buildActionMask = 2147483647; files = ( 76DC0A83288382D2007C42B2 /* returnArrow.png in Resources */, 76DC0A6A28836EB2007C42B2 /* Assets.xcassets in Resources */, 76DC0A6D28836EB2007C42B2 /* MainMenu.xib in Resources */, 76DC0A79288370BA007C42B2 /* com.twocanoes.xcreds-overlay.plist in Resources */, 76DC0A7428836F45007C42B2 /* RestartX@2x.png in Resources */, 766F4C4B2883AFD90021F548 /* pleaseWaitGraphic.png in Resources */, ); runOnlyForDeploymentPostprocessing = 0; }; 76EE069827FD1D00009E0F3A /* Resources */ = { isa = PBXResourcesBuildPhase; buildActionMask = 2147483647; files = ( 76DC0A7C28837158007C42B2 /* XCreds Login Overlay.app in Resources */, 76DB5CF42A09AE9A0014F8E1 /* get_pw.js in Resources */, 762761602B294A7C0067D1D4 /* icon_128x128.png in Resources */, 76CB907E288112C200C70D0C /* xcreds_login.sh in Resources */, 76319377287E1FAF00D36BF7 /* authrights in Resources */, 76319374287E198C00D36BF7 /* XCredsLoginPlugin.bundle in Resources */, 76D175742B23C57500E64A62 /* LocalUsersViewController.xib in Resources */, 76EE06B627FD1E79009E0F3A /* PreferencesWindow.xib in Resources */, 76EE06A027FD1D01009E0F3A /* Assets.xcassets in Resources */, 764D812F284C06AB00B3EE54 /* defaults.plist in Resources */, 764D8133284D14A500B3EE54 /* Credits.txt in Resources */, 7681FEC72A4C8BC800F91CD1 /* AboutWindow.xib in Resources */, 76673CD229D3CFF900452848 /* errorpage.html in Resources */, 764D812D284BCC7400B3EE54 /* VerifyOIDCPassword.xib in Resources */, 76FDC5DB2B235A4F0035D61E /* StatusMenuWindowController.xib in Resources */, 76C63A322A22872700810C53 /* History.md in Resources */, 764D8127284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.xib in Resources */, 76DF7FD52B50FA9A00B3B543 /* UpdatePasswordWindowController.xib in Resources */, 7649056F2B6CADA9008B552F /* xcredsmenuItemWindowBackgroundImage.png in Resources */, 76EE06A327FD1D01009E0F3A /* MainMenu.xib in Resources */, 76D1756A2B23C28700E64A62 /* MainLoginWindowController.xib in Resources */, 76EE06B227FD1E24009E0F3A /* DesktopLoginWindowController.xib in Resources */, 7681FEC92A4CFEA200F91CD1 /* com.twocanoes.xcreds.plist in Resources */, 76F0B6E02B421FC8008F7D71 /* loadpage.html in Resources */, ); runOnlyForDeploymentPostprocessing = 0; }; /* End PBXResourcesBuildPhase section */ /* Begin PBXSourcesBuildPhase section */ 76319359287D22C700D36BF7 /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 76319360287D22C700D36BF7 /* authrights.swift in Sources */, 7631936D287D2A6200D36BF7 /* LoggerHelper.swift in Sources */, 7631936C287D29B700D36BF7 /* AuthorizationDBManager.swift in Sources */, 7631936E287D2AB100D36BF7 /* TCSUnifiedLogger.m in Sources */, 76319370287DE24D00D36BF7 /* NSFileManager+TCSRealHomeFolder.m in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; 766355B92870CA6A002E3867 /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 7632E3A32873581100E37923 /* KeychainUtil.swift in Sources */, 76CCF5442B12E478003F85E9 /* SelectLocalAccountWindowController.swift in Sources */, 76B882AB29CCFD7A00BB8186 /* TCSKeychain.m in Sources */, 54848E8F2B47336D000DF420 /* KerbUtil.m in Sources */, 76BEF7DD2871F5F00013E2A1 /* TCSReturnWindow.m in Sources */, 76EECCFB2873DFFB00483C66 /* PasswordUtils.swift in Sources */, 76DF50B62A1C5EFF007BC708 /* DefaultsOverride.swift in Sources */, 7657DEB02B3503BF003A23DB /* SessionManager.swift in Sources */, 7657DEB72B3504A6003A23DB /* UserRecord.swift in Sources */, 7632E3A12873497C00E37923 /* LogShim.swift in Sources */, 760418D52A1332520051411B /* DS+AD.swift in Sources */, 76FDC5D62B22D47A0035D61E /* MainLoginWindowController.swift in Sources */, 76C4BAB12B353A3A007B2C57 /* DNSResolver.m in Sources */, 76BEF7ED28724A0C0013E2A1 /* XCredsBaseMechanism.swift in Sources */, 766355CF2870E9E7002E3867 /* PrefKeys.swift in Sources */, 7657DEB42B350476003A23DB /* NoMADSession.swift in Sources */, 7657DEC42B3505CB003A23DB /* ADLDAPPing.swift in Sources */, 760418D72A1332660051411B /* DSQueryable.swift in Sources */, 76DF1D5B2A2AD42C00770690 /* LocalCheckAndMigrate.swift in Sources */, 761B486C28A3575000C6A02B /* XCredsLoginDone.swift in Sources */, 7657DEC72B3505EB003A23DB /* Extensions.swift in Sources */, 76BEF7F328724F120013E2A1 /* XCredsPowerControlMechanism.swift in Sources */, 76873E302A107736001418A9 /* DefaultsHelper.swift in Sources */, 76B040A528EFC788002A289B /* Helper+JWTDecode.swift in Sources */, 7632909D2876674100CF8857 /* DataExtension.swift in Sources */, 7683973229A854EC003D9B9F /* NSImage+String.swift in Sources */, 761B486A28A34CC900C6A02B /* LoginProgressWindowController.swift in Sources */, 7677908628908E40004E7085 /* WifiWindowController.swift in Sources */, 76E466662B1A4C16006529B6 /* UpdatePasswordWindowController.swift in Sources */, 76EECCFD2873E9ED00483C66 /* VerifyLocalPasswordWindowController.swift in Sources */, 76D4726E2B43B8FB0064380C /* TCTaskWrapperWithBlocks.m in Sources */, 76BEF7EC28724A0B0013E2A1 /* XCredsLoginMechanism.swift in Sources */, 766355CA2870DCF5002E3867 /* TCSUnifiedLogger.m in Sources */, 76C4BAB02B353A30007B2C57 /* KlistUtil.swift in Sources */, 76CB9078287FBEEA00C70D0C /* Helper+URLDecode.swift in Sources */, 766355E328713C4A002E3867 /* LoginWindow.swift in Sources */, 76B882AF29CCFDAE00BB8186 /* NSData+SHA1.m in Sources */, 76BEF7F82872504C0013E2A1 /* ContextAndHintHandling.swift in Sources */, 766355E6287148C1002E3867 /* Tokens.swift in Sources */, 766355CC2870E9AD002E3867 /* WebViewController.swift in Sources */, 760418D92A1332770051411B /* SystemInfoHelper.swift in Sources */, 76673CD629D3D5F500452848 /* LicenseChecker.swift in Sources */, 767B939D2A28289E0038935E /* View+Shake.swift in Sources */, 760418D22A1332210051411B /* SignInWindowController.swift in Sources */, 7611CEC0288B75140063A644 /* XCredsCreateUser.swift in Sources */, 764859F22B2FA2E800507C16 /* Window+ForceToFront.swift in Sources */, 766355D42870F29A002E3867 /* TestWindowController.swift in Sources */, 766355C32870CB6F002E3867 /* XCredsLoginPlugin.m in Sources */, 766355CB2870E5E9002E3867 /* NSFileManager+TCSRealHomeFolder.m in Sources */, 7632E39F287347C100E37923 /* XCredsKeychainAdd.swift in Sources */, 76D1757E2B24096C00E64A62 /* MainLoginWindow.swift in Sources */, 7677908728908E40004E7085 /* WifiManager.swift in Sources */, 76BEF7FA28726C700013E2A1 /* AuthorizationDBManager.swift in Sources */, 76BEF7E12871F74D0013E2A1 /* ControlsViewController.swift in Sources */, 76EECD012875135900483C66 /* LoggerHelper.swift in Sources */, 7611CEC2288B96760063A644 /* XCredsEnableFDE.swift in Sources */, 7657DEBD2B35055F003A23DB /* Logger.swift in Sources */, 76EECCFE2873EA6500483C66 /* Window+Shake.swift in Sources */, 76B882B329CCFDBA00BB8186 /* NSData+HexString.m in Sources */, 7632E3A2287357CC00E37923 /* TokenManager.swift in Sources */, 76BEF7F628724FA80013E2A1 /* NSTaskWrapper.swift in Sources */, 76EECD0528753C7F00483C66 /* String+Base64URLEncoded.swift in Sources */, 7657DECD2B35061E003A23DB /* SiteManager.swift in Sources */, 760148A92B23639D00E119A2 /* NSBundle+FindBundlePath.swift in Sources */, 76E74DD02B3902F0004C6429 /* XCredsMechanismProtocol.swift in Sources */, 766355DB287132E9002E3867 /* LoginWebViewController.swift in Sources */, 7657DEDA2B351B5B003A23DB /* UNIXUtilities.swift in Sources */, 089B22F12AFAED280006B6BC /* NetworkMonitor.swift in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; 76786F4F2A27C36A00AA8DB9 /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 76786F5E2A27C60800AA8DB9 /* LoggerHelper.swift in Sources */, 76786F5A2A27C37100AA8DB9 /* AuthRightsHelper.swift in Sources */, 76786F6B2A27C79100AA8DB9 /* NSFileManager+TCSRealHomeFolder.m in Sources */, 76786F5D2A27C3B300AA8DB9 /* TCSUnifiedLogger.m in Sources */, 76786F5B2A27C38800AA8DB9 /* AuthorizationDBManager.swift in Sources */, 76786F562A27C36A00AA8DB9 /* main.swift in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; 76786F5F2A27C62D00AA8DB9 /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 76786F662A27C62D00AA8DB9 /* main.swift in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; 76DC0A6128836EB1007C42B2 /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 76DC0A8528838467007C42B2 /* LoggerHelper.swift in Sources */, 76DC0A7328836EFE007C42B2 /* TCSReturnWindow.m in Sources */, 76DC0A88288387D8007C42B2 /* NSFileManager+TCSRealHomeFolder.m in Sources */, 76DC0A8428838375007C42B2 /* AuthorizationDBManager.swift in Sources */, 76DC0A8628838656007C42B2 /* TCSUnifiedLogger.m in Sources */, 76DC0A7E288376BC007C42B2 /* TCSXCredsLoginOverlayWindow.swift in Sources */, 767C42842AC6645700542099 /* AuthRightsHelper.swift in Sources */, 76DC0A87288386FA007C42B2 /* NSTaskWrapper.swift in Sources */, 76C4BABC2B3544C6007B2C57 /* UNIXUtilities.swift in Sources */, 76DC0A6828836EB1007C42B2 /* AppDelegate.swift in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; 76EE069627FD1D00009E0F3A /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 760148AA2B2365F100E119A2 /* NSBundle+FindBundlePath.swift in Sources */, 76E74DD32B390358004C6429 /* LoginWebViewController.swift in Sources */, 089B22F22AFAED810006B6BC /* NetworkMonitor.swift in Sources */, 76EECD0228752C1F00483C66 /* LoginWindow.swift in Sources */, 76673CD529D3D5F500452848 /* LicenseChecker.swift in Sources */, 761121B82B3D26F5005F7D02 /* LocalCheckAndMigrate.swift in Sources */, 76E74DD22B39034B004C6429 /* SelectLocalAccountWindowController.swift in Sources */, 767116A7284AABC500CCD6FF /* NotifyManager.swift in Sources */, 76EE06B827FD1EB7009E0F3A /* PreferencesWindowController.swift in Sources */, 76A8A4E32A0DF7C700AA6054 /* NSTaskWrapper.swift in Sources */, 76EE06AE27FD1DC3009E0F3A /* PrefKeys.swift in Sources */, 767116B3284B045800CCD6FF /* KeychainUtil.swift in Sources */, 76CB907B2880E41E00C70D0C /* LogShim.swift in Sources */, 7657DEC92B350606003A23DB /* KlistUtil.swift in Sources */, 764D812C284BCC7400B3EE54 /* VerifyOIDCPasswordWindowController.swift in Sources */, 76E74DD42B39037A004C6429 /* LoginProgressWindowController.swift in Sources */, 7623384D2B53029D00F2D714 /* ShareMounter.swift in Sources */, 7657DEB32B350476003A23DB /* NoMADSession.swift in Sources */, 760418E02A133A370051411B /* DSQueryable.swift in Sources */, 76319373287E18BF00D36BF7 /* DataExtension.swift in Sources */, 76E74DD12B390327004C6429 /* ContextAndHintHandling.swift in Sources */, 76EECD002875135900483C66 /* LoggerHelper.swift in Sources */, 54848E902B47336D000DF420 /* KerbUtil.m in Sources */, 76873E2F2A107736001418A9 /* DefaultsHelper.swift in Sources */, 76D175772B23C62A00E64A62 /* UpdatePasswordWindowController.swift in Sources */, 7683973129A854EC003D9B9F /* NSImage+String.swift in Sources */, 76FDC5DA2B235A4F0035D61E /* StatusMenuWindowController.swift in Sources */, 761121B92B3D26FB005F7D02 /* DS+AD.swift in Sources */, 76CB9077287FBEEA00C70D0C /* Helper+URLDecode.swift in Sources */, 764D8129284BCAB100B3EE54 /* Window+Shake.swift in Sources */, 764D8126284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.swift in Sources */, 76EE069E27FD1D00009E0F3A /* AppDelegate.swift in Sources */, 76D7ADFB284EB15100332EBC /* TCSUnifiedLogger.m in Sources */, 7657DEBC2B35055F003A23DB /* Logger.swift in Sources */, 7657DEB62B3504A6003A23DB /* UserRecord.swift in Sources */, 761121B62B3D24FE005F7D02 /* SignInWindowController.swift in Sources */, 761121B72B3D26EE005F7D02 /* SystemInfoHelper.swift in Sources */, 7657DEAF2B3503BF003A23DB /* SessionManager.swift in Sources */, 7681FEC52A4C8B9000F91CD1 /* AboutWindowController.swift in Sources */, 768633D92AFC4908004065E5 /* WifiManager.swift in Sources */, 7657DED92B351B5B003A23DB /* UNIXUtilities.swift in Sources */, 76E74DCF2B3902F0004C6429 /* XCredsMechanismProtocol.swift in Sources */, 76EE06C227FD1F50009E0F3A /* StatusMenuController.swift in Sources */, 76EE06B027FD1DD8009E0F3A /* Window+ForceToFront.swift in Sources */, 76D4726D2B43B8FB0064380C /* TCTaskWrapperWithBlocks.m in Sources */, 767116B1284B021500CCD6FF /* MainController.swift in Sources */, 7657DECC2B35061E003A23DB /* SiteManager.swift in Sources */, 76B040A428EFC788002A289B /* Helper+JWTDecode.swift in Sources */, 767116A9284AAE2B00CCD6FF /* ScheduleManager.swift in Sources */, 766FD60D2A1B06AC00C8F244 /* DefaultsOverride.swift in Sources */, 767116AC284AB4C000CCD6FF /* PasswordUtils.swift in Sources */, 76B882AA29CCFD7A00BB8186 /* TCSKeychain.m in Sources */, 766355E5287148C1002E3867 /* Tokens.swift in Sources */, 7657DEC32B3505CB003A23DB /* ADLDAPPing.swift in Sources */, 76EE06AC27FD1D92009E0F3A /* TokenManager.swift in Sources */, 76B882B229CCFDBA00BB8186 /* NSData+HexString.m in Sources */, 7623384C2B53029D00F2D714 /* ShareMounterMenu.swift in Sources */, 7657DEC02B3505A3003A23DB /* DNSResolver.m in Sources */, 76E9CE702A0DC6E30060220C /* TCSLoginWindowUtilities.m in Sources */, 76342E5A2B282653007D4F29 /* DesktopLoginWindowController.swift in Sources */, 76D7ADFE284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m in Sources */, 76EECD0428753C7F00483C66 /* String+Base64URLEncoded.swift in Sources */, 7657DEC62B3505EB003A23DB /* Extensions.swift in Sources */, 766355DC287133C7002E3867 /* WebViewController.swift in Sources */, 76D175712B23C2DB00E64A62 /* AuthorizationDBManager.swift in Sources */, 767B939C2A28279E0038935E /* View+Shake.swift in Sources */, 76B882AE29CCFDAE00BB8186 /* NSData+SHA1.m in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; /* End PBXSourcesBuildPhase section */ /* Begin PBXTargetDependency section */ 76319376287E19A500D36BF7 /* PBXTargetDependency */ = { isa = PBXTargetDependency; target = 766355BC2870CA6A002E3867 /* XCredsLoginPlugin */; targetProxy = 76319375287E19A500D36BF7 /* PBXContainerItemProxy */; }; 76319379287E204500D36BF7 /* PBXTargetDependency */ = { isa = PBXTargetDependency; target = 7631935C287D22C700D36BF7 /* authrights */; targetProxy = 76319378287E204500D36BF7 /* PBXContainerItemProxy */; }; 76DC0A7B28837152007C42B2 /* PBXTargetDependency */ = { isa = PBXTargetDependency; target = 76DC0A6428836EB1007C42B2 /* XCreds Login Overlay */; targetProxy = 76DC0A7A28837152007C42B2 /* PBXContainerItemProxy */; }; /* End PBXTargetDependency section */ /* Begin PBXVariantGroup section */ 76DC0A6B28836EB2007C42B2 /* MainMenu.xib */ = { isa = PBXVariantGroup; children = ( 76DC0A6C28836EB2007C42B2 /* Base */, ); name = MainMenu.xib; sourceTree = ""; }; 76EE06A127FD1D01009E0F3A /* MainMenu.xib */ = { isa = PBXVariantGroup; children = ( 76EE06A227FD1D01009E0F3A /* Base */, ); name = MainMenu.xib; sourceTree = ""; }; /* End PBXVariantGroup section */ /* Begin XCBuildConfiguration section */ 76319361287D22C700D36BF7 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { CODE_SIGN_STYLE = Automatic; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = "\"$(SRCROOT)/Carthage/Build/Mac\""; MACOSX_DEPLOYMENT_TARGET = 11.0; MARKETING_VERSION = 4.2; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCredsLoginPlugin-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Debug; }; 76319362287D22C700D36BF7 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { CODE_SIGN_STYLE = Automatic; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = "\"$(SRCROOT)/Carthage/Build/Mac\""; MACOSX_DEPLOYMENT_TARGET = 11.0; MARKETING_VERSION = 4.2; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCredsLoginPlugin-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Release; }; 766355BE2870CA6A002E3867 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; CURRENT_PROJECT_VERSION = 6409; DEFINES_MODULE = YES; DEVELOPMENT_TEAM = UXP6YEHSPW; FRAMEWORK_SEARCH_PATHS = ( "\"$(SRCROOT)/Carthage/Build/Mac\"", "$(PROJECT_DIR)/Carthage/Build/Mac", ); GENERATE_INFOPLIST_FILE = YES; HEADER_SEARCH_PATHS = headers; INFOPLIST_FILE = XCredsLoginPlugin/Info.plist; INFOPLIST_KEY_NSHumanReadableCopyright = ""; INFOPLIST_KEY_NSPrincipalClass = ""; INSTALL_PATH = "$(LOCAL_LIBRARY_DIR)/Bundles"; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", "@loader_path/../Frameworks", ); MACOSX_DEPLOYMENT_TARGET = 11.0; MARKETING_VERSION = 4.2; PRODUCT_BUNDLE_IDENTIFIER = com.twocanoes.XCredsLoginPlugin; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCredsLoginPlugin-Bridging-Header.h"; SWIFT_VERSION = 5.0; WRAPPER_EXTENSION = bundle; }; name = Debug; }; 766355BF2870CA6A002E3867 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; CURRENT_PROJECT_VERSION = 6409; DEFINES_MODULE = YES; DEVELOPMENT_TEAM = UXP6YEHSPW; FRAMEWORK_SEARCH_PATHS = ( "\"$(SRCROOT)/Carthage/Build/Mac\"", "$(PROJECT_DIR)/Carthage/Build/Mac", ); GENERATE_INFOPLIST_FILE = YES; HEADER_SEARCH_PATHS = headers; INFOPLIST_FILE = XCredsLoginPlugin/Info.plist; INFOPLIST_KEY_NSHumanReadableCopyright = ""; INFOPLIST_KEY_NSPrincipalClass = ""; INSTALL_PATH = "$(LOCAL_LIBRARY_DIR)/Bundles"; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", "@loader_path/../Frameworks", ); MACOSX_DEPLOYMENT_TARGET = 11.0; MARKETING_VERSION = 4.2; PRODUCT_BUNDLE_IDENTIFIER = com.twocanoes.XCredsLoginPlugin; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCredsLoginPlugin-Bridging-Header.h"; SWIFT_VERSION = 5.0; WRAPPER_EXTENSION = bundle; }; name = Release; }; 766F4C4E2883B88F0021F548 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { CODE_SIGN_STYLE = Automatic; DEBUGGING_SYMBOLS = YES; DEBUG_INFORMATION_FORMAT = dwarf; DEVELOPMENT_TEAM = UXP6YEHSPW; GCC_GENERATE_DEBUGGING_SYMBOLS = YES; GCC_OPTIMIZATION_LEVEL = 0; OTHER_CFLAGS = ""; OTHER_LDFLAGS = ""; PRODUCT_NAME = "$(TARGET_NAME)"; }; name = Debug; }; 766F4C4F2883B88F0021F548 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { CODE_SIGN_STYLE = Automatic; DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; DEVELOPMENT_TEAM = UXP6YEHSPW; OTHER_CFLAGS = ""; OTHER_LDFLAGS = ""; PRODUCT_NAME = "$(TARGET_NAME)"; }; name = Release; }; 76786F582A27C36A00AA8DB9 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CODE_SIGN_STYLE = Automatic; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; MACOSX_DEPLOYMENT_TARGET = 13.3; PRODUCT_NAME = "$(TARGET_NAME)"; SWIFT_OBJC_BRIDGING_HEADER = "auth_mech_fixup/auth_mech_fixup-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Debug; }; 76786F592A27C36A00AA8DB9 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CODE_SIGN_STYLE = Automatic; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; MACOSX_DEPLOYMENT_TARGET = 13.3; PRODUCT_NAME = "$(TARGET_NAME)"; SWIFT_OBJC_BRIDGING_HEADER = "auth_mech_fixup/auth_mech_fixup-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Release; }; 76786F682A27C62D00AA8DB9 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CODE_SIGN_STYLE = Automatic; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; MACOSX_DEPLOYMENT_TARGET = 13.3; PRODUCT_NAME = "$(TARGET_NAME)"; SWIFT_VERSION = 5.0; }; name = Debug; }; 76786F692A27C62D00AA8DB9 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CODE_SIGN_STYLE = Automatic; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; MACOSX_DEPLOYMENT_TARGET = 13.3; PRODUCT_NAME = "$(TARGET_NAME)"; SWIFT_VERSION = 5.0; }; name = Release; }; 76DC0A7028836EB2007C42B2 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; CODE_SIGN_ENTITLEMENTS = "XCreds Login Overlay/XCreds_Login_Overlay.entitlements"; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; CURRENT_PROJECT_VERSION = 6409; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = ( "\"$(SRCROOT)/Carthage/Build/Mac\"", "$(PROJECT_DIR)/Carthage/Build/Mac", ); GENERATE_INFOPLIST_FILE = YES; INFOPLIST_FILE = "XCreds-Login-Overlay-Info.plist"; INFOPLIST_KEY_NSHumanReadableCopyright = ""; INFOPLIST_KEY_NSMainNibFile = MainMenu; INFOPLIST_KEY_NSPrincipalClass = NSApplication; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", ); MACOSX_DEPLOYMENT_TARGET = 11.0; MARKETING_VERSION = 4.2; PRODUCT_BUNDLE_IDENTIFIER = "com.twocanoes.XCreds-Login-Overlay"; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Debug; }; 76DC0A7128836EB2007C42B2 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; CODE_SIGN_ENTITLEMENTS = "XCreds Login Overlay/XCreds_Login_Overlay.entitlements"; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; CURRENT_PROJECT_VERSION = 6409; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = ( "\"$(SRCROOT)/Carthage/Build/Mac\"", "$(PROJECT_DIR)/Carthage/Build/Mac", ); GENERATE_INFOPLIST_FILE = YES; INFOPLIST_FILE = "XCreds-Login-Overlay-Info.plist"; INFOPLIST_KEY_NSHumanReadableCopyright = ""; INFOPLIST_KEY_NSMainNibFile = MainMenu; INFOPLIST_KEY_NSPrincipalClass = NSApplication; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", ); MACOSX_DEPLOYMENT_TARGET = 11.0; MARKETING_VERSION = 4.2; PRODUCT_BUNDLE_IDENTIFIER = "com.twocanoes.XCreds-Login-Overlay"; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Release; }; 76EE06A527FD1D01009E0F3A /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { ALWAYS_SEARCH_USER_PATHS = NO; CLANG_ANALYZER_NONNULL = YES; CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; CLANG_CXX_LANGUAGE_STANDARD = "gnu++17"; CLANG_ENABLE_MODULES = YES; CLANG_ENABLE_OBJC_ARC = YES; CLANG_ENABLE_OBJC_WEAK = YES; CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; CLANG_WARN_BOOL_CONVERSION = YES; CLANG_WARN_COMMA = YES; CLANG_WARN_CONSTANT_CONVERSION = YES; CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; CLANG_WARN_DOCUMENTATION_COMMENTS = YES; CLANG_WARN_EMPTY_BODY = YES; CLANG_WARN_ENUM_CONVERSION = YES; CLANG_WARN_INFINITE_RECURSION = YES; CLANG_WARN_INT_CONVERSION = YES; CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES; CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; CLANG_WARN_STRICT_PROTOTYPES = YES; CLANG_WARN_SUSPICIOUS_MOVE = YES; CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; CLANG_WARN_UNREACHABLE_CODE = YES; CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; COPY_PHASE_STRIP = NO; DEBUG_INFORMATION_FORMAT = dwarf; ENABLE_STRICT_OBJC_MSGSEND = YES; ENABLE_TESTABILITY = YES; GCC_C_LANGUAGE_STANDARD = gnu11; GCC_DYNAMIC_NO_PIC = NO; GCC_NO_COMMON_BLOCKS = YES; GCC_OPTIMIZATION_LEVEL = 0; GCC_PREPROCESSOR_DEFINITIONS = ( "DEBUG=1", "$(inherited)", ); GCC_WARN_64_TO_32_BIT_CONVERSION = YES; GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; GCC_WARN_UNDECLARED_SELECTOR = YES; GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; GCC_WARN_UNUSED_FUNCTION = YES; GCC_WARN_UNUSED_VARIABLE = YES; MACOSX_DEPLOYMENT_TARGET = 11.0; MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE; MTL_FAST_MATH = YES; ONLY_ACTIVE_ARCH = YES; SDKROOT = macosx; SWIFT_ACTIVE_COMPILATION_CONDITIONS = DEBUG; SWIFT_OPTIMIZATION_LEVEL = "-Onone"; }; name = Debug; }; 76EE06A627FD1D01009E0F3A /* Release */ = { isa = XCBuildConfiguration; buildSettings = { ALWAYS_SEARCH_USER_PATHS = NO; CLANG_ANALYZER_NONNULL = YES; CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; CLANG_CXX_LANGUAGE_STANDARD = "gnu++17"; CLANG_ENABLE_MODULES = YES; CLANG_ENABLE_OBJC_ARC = YES; CLANG_ENABLE_OBJC_WEAK = YES; CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; CLANG_WARN_BOOL_CONVERSION = YES; CLANG_WARN_COMMA = YES; CLANG_WARN_CONSTANT_CONVERSION = YES; CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; CLANG_WARN_DOCUMENTATION_COMMENTS = YES; CLANG_WARN_EMPTY_BODY = YES; CLANG_WARN_ENUM_CONVERSION = YES; CLANG_WARN_INFINITE_RECURSION = YES; CLANG_WARN_INT_CONVERSION = YES; CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES; CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; CLANG_WARN_STRICT_PROTOTYPES = YES; CLANG_WARN_SUSPICIOUS_MOVE = YES; CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; CLANG_WARN_UNREACHABLE_CODE = YES; CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; COPY_PHASE_STRIP = NO; DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; ENABLE_NS_ASSERTIONS = NO; ENABLE_STRICT_OBJC_MSGSEND = YES; GCC_C_LANGUAGE_STANDARD = gnu11; GCC_NO_COMMON_BLOCKS = YES; GCC_WARN_64_TO_32_BIT_CONVERSION = YES; GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; GCC_WARN_UNDECLARED_SELECTOR = YES; GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; GCC_WARN_UNUSED_FUNCTION = YES; GCC_WARN_UNUSED_VARIABLE = YES; MACOSX_DEPLOYMENT_TARGET = 11.0; MTL_ENABLE_DEBUG_INFO = NO; MTL_FAST_MATH = YES; SDKROOT = macosx; SWIFT_COMPILATION_MODE = wholemodule; SWIFT_OPTIMIZATION_LEVEL = "-O"; }; name = Release; }; 76EE06A827FD1D01009E0F3A /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; CODE_SIGN_ENTITLEMENTS = XCreds/xCreds.entitlements; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; CURRENT_PROJECT_VERSION = 6409; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = ( "\"$(SRCROOT)/Carthage/Build/Mac\"", "$(PROJECT_DIR)/Carthage/Build/Mac", "$(PROJECT_DIR)", ); GENERATE_INFOPLIST_FILE = YES; HEADER_SEARCH_PATHS = headers; INFOPLIST_FILE = XCreds/Info.plist; INFOPLIST_KEY_NSHumanReadableCopyright = "© 2022 Twocanoes Software, Inc"; INFOPLIST_KEY_NSMainNibFile = MainMenu; INFOPLIST_KEY_NSPrincipalClass = NSApplication; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", ); LIBRARY_SEARCH_PATHS = ( "$(inherited)", "$(SDKROOT)/usr/lib/system", ); MACOSX_DEPLOYMENT_TARGET = 11.0; MARKETING_VERSION = 4.2; PRODUCT_BUNDLE_IDENTIFIER = com.twocanoes.xcreds; PRODUCT_NAME = "$(TARGET_NAME)"; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Debug; }; 76EE06A927FD1D01009E0F3A /* Release */ = { isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; CODE_SIGN_ENTITLEMENTS = XCreds/xCreds.entitlements; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; CURRENT_PROJECT_VERSION = 6409; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = ( "\"$(SRCROOT)/Carthage/Build/Mac\"", "$(PROJECT_DIR)/Carthage/Build/Mac", "$(PROJECT_DIR)", ); GENERATE_INFOPLIST_FILE = YES; HEADER_SEARCH_PATHS = headers; INFOPLIST_FILE = XCreds/Info.plist; INFOPLIST_KEY_NSHumanReadableCopyright = "© 2022 Twocanoes Software, Inc"; INFOPLIST_KEY_NSMainNibFile = MainMenu; INFOPLIST_KEY_NSPrincipalClass = NSApplication; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", ); LIBRARY_SEARCH_PATHS = ( "$(inherited)", "$(SDKROOT)/usr/lib/system", ); MACOSX_DEPLOYMENT_TARGET = 11.0; MARKETING_VERSION = 4.2; PRODUCT_BUNDLE_IDENTIFIER = com.twocanoes.xcreds; PRODUCT_NAME = "$(TARGET_NAME)"; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Release; }; /* End XCBuildConfiguration section */ /* Begin XCConfigurationList section */ 76319363287D22C700D36BF7 /* Build configuration list for PBXNativeTarget "authrights" */ = { isa = XCConfigurationList; buildConfigurations = ( 76319361287D22C700D36BF7 /* Debug */, 76319362287D22C700D36BF7 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 766355C02870CA6A002E3867 /* Build configuration list for PBXNativeTarget "XCredsLoginPlugin" */ = { isa = XCConfigurationList; buildConfigurations = ( 766355BE2870CA6A002E3867 /* Debug */, 766355BF2870CA6A002E3867 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 766F4C4D2883B88F0021F548 /* Build configuration list for PBXLegacyTarget "Send To Test" */ = { isa = XCConfigurationList; buildConfigurations = ( 766F4C4E2883B88F0021F548 /* Debug */, 766F4C4F2883B88F0021F548 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 76786F572A27C36A00AA8DB9 /* Build configuration list for PBXNativeTarget "auth_mech_fixup" */ = { isa = XCConfigurationList; buildConfigurations = ( 76786F582A27C36A00AA8DB9 /* Debug */, 76786F592A27C36A00AA8DB9 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 76786F672A27C62D00AA8DB9 /* Build configuration list for PBXNativeTarget "test" */ = { isa = XCConfigurationList; buildConfigurations = ( 76786F682A27C62D00AA8DB9 /* Debug */, 76786F692A27C62D00AA8DB9 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 76DC0A6F28836EB2007C42B2 /* Build configuration list for PBXNativeTarget "XCreds Login Overlay" */ = { isa = XCConfigurationList; buildConfigurations = ( 76DC0A7028836EB2007C42B2 /* Debug */, 76DC0A7128836EB2007C42B2 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 76EE069527FD1D00009E0F3A /* Build configuration list for PBXProject "XCreds" */ = { isa = XCConfigurationList; buildConfigurations = ( 76EE06A527FD1D01009E0F3A /* Debug */, 76EE06A627FD1D01009E0F3A /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 76EE06A727FD1D01009E0F3A /* Build configuration list for PBXNativeTarget "XCreds" */ = { isa = XCConfigurationList; buildConfigurations = ( 76EE06A827FD1D01009E0F3A /* Debug */, 76EE06A927FD1D01009E0F3A /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; /* End XCConfigurationList section */ /* Begin XCLocalSwiftPackageReference section */ 762177E42B7144460051B756 /* XCLocalSwiftPackageReference "../OIDCLite" */ = { isa = XCLocalSwiftPackageReference; relativePath = ../OIDCLite; }; /* End XCLocalSwiftPackageReference section */ /* Begin XCRemoteSwiftPackageReference section */ 76319364287D24E100D36BF7 /* XCRemoteSwiftPackageReference "swift-argument-parser" */ = { isa = XCRemoteSwiftPackageReference; repositoryURL = "https://github.com/apple/swift-argument-parser.git"; requirement = { kind = upToNextMajorVersion; minimumVersion = 1.0.0; }; }; /* End XCRemoteSwiftPackageReference section */ /* Begin XCSwiftPackageProductDependency section */ 762177E52B7144460051B756 /* OIDCLite */ = { isa = XCSwiftPackageProductDependency; productName = OIDCLite; }; 76319365287D24E100D36BF7 /* ArgumentParser */ = { isa = XCSwiftPackageProductDependency; package = 76319364287D24E100D36BF7 /* XCRemoteSwiftPackageReference "swift-argument-parser" */; productName = ArgumentParser; }; 76319368287D24F600D36BF7 /* ArgumentParser */ = { isa = XCSwiftPackageProductDependency; package = 76319364287D24E100D36BF7 /* XCRemoteSwiftPackageReference "swift-argument-parser" */; productName = ArgumentParser; }; 766355CD2870E9D3002E3867 /* OIDCLite */ = { isa = XCSwiftPackageProductDependency; productName = OIDCLite; }; 76AB89E02A12FAF900529D90 /* OIDCLite */ = { isa = XCSwiftPackageProductDependency; productName = OIDCLite; }; 76AB89E22A12FB4900529D90 /* ArgumentParser */ = { isa = XCSwiftPackageProductDependency; package = 76319364287D24E100D36BF7 /* XCRemoteSwiftPackageReference "swift-argument-parser" */; productName = ArgumentParser; }; 76DD6D16285997F300A700ED /* OIDCLite */ = { isa = XCSwiftPackageProductDependency; productName = OIDCLite; }; /* End XCSwiftPackageProductDependency section */ }; rootObject = 76EE069227FD1D00009E0F3A /* Project object */; } ================================================ FILE: XCreds.xcodeproj/project_REMOTE_63385.pbxproj ================================================ // !$*UTF8*$! { archiveVersion = 1; classes = { }; objectVersion = 55; objects = { /* Begin PBXBuildFile section */ 089B22F12AFAED280006B6BC /* NetworkMonitor.swift in Sources */ = {isa = PBXBuildFile; fileRef = 089B22F02AFAED280006B6BC /* NetworkMonitor.swift */; }; 089B22F22AFAED810006B6BC /* NetworkMonitor.swift in Sources */ = {isa = PBXBuildFile; fileRef = 089B22F02AFAED280006B6BC /* NetworkMonitor.swift */; }; 54848E8F2B47336D000DF420 /* KerbUtil.m in Sources */ = {isa = PBXBuildFile; fileRef = 76C4BABA2B353B4B007B2C57 /* KerbUtil.m */; }; 54848E902B47336D000DF420 /* KerbUtil.m in Sources */ = {isa = PBXBuildFile; fileRef = 76C4BABA2B353B4B007B2C57 /* KerbUtil.m */; }; 760148A92B23639D00E119A2 /* NSBundle+FindBundlePath.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760148A82B23639D00E119A2 /* NSBundle+FindBundlePath.swift */; }; 760148AA2B2365F100E119A2 /* NSBundle+FindBundlePath.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760148A82B23639D00E119A2 /* NSBundle+FindBundlePath.swift */; }; 760291E32C116E450075FBD8 /* AppDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760291E22C116E450075FBD8 /* AppDelegate.swift */; }; 760291E52C116E450075FBD8 /* ViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760291E42C116E450075FBD8 /* ViewController.swift */; }; 760291E72C116E470075FBD8 /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 760291E62C116E470075FBD8 /* Assets.xcassets */; }; 760291EA2C116E470075FBD8 /* Base in Resources */ = {isa = PBXBuildFile; fileRef = 760291E92C116E470075FBD8 /* Base */; }; 760291EF2C116E5F0075FBD8 /* XCreds Login Autofill.app in Resources */ = {isa = PBXBuildFile; fileRef = 760291E02C116E450075FBD8 /* XCreds Login Autofill.app */; }; 760291F52C116EDB0075FBD8 /* AuthenticationServices.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 760291CB2C1166870075FBD8 /* AuthenticationServices.framework */; }; 760291F82C116EDB0075FBD8 /* CredentialProviderViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760291F72C116EDB0075FBD8 /* CredentialProviderViewController.swift */; }; 760291FB2C116EDB0075FBD8 /* Base in Resources */ = {isa = PBXBuildFile; fileRef = 760291FA2C116EDB0075FBD8 /* Base */; }; 760292002C116EDB0075FBD8 /* XCreds Login Password.appex in Embed Foundation Extensions */ = {isa = PBXBuildFile; fileRef = 760291F42C116EDB0075FBD8 /* XCreds Login Password.appex */; settings = {ATTRIBUTES = (RemoveHeadersOnCopy, ); }; }; 760292072C11751E0075FBD8 /* KeychainUtil.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116B2284B045800CCD6FF /* KeychainUtil.swift */; }; 760292092C1175360075FBD8 /* TCSUnifiedLogger.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADF9284EB15000332EBC /* TCSUnifiedLogger.m */; }; 7602920B2C1175620075FBD8 /* PrefKeys.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AD27FD1DC3009E0F3A /* PrefKeys.swift */; }; 7602920D2C1175D20075FBD8 /* DefaultsOverride.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766FD60C2A1B06AC00C8F244 /* DefaultsOverride.swift */; }; 7602920E2C1175D20075FBD8 /* DefaultsOverride.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766FD60C2A1B06AC00C8F244 /* DefaultsOverride.swift */; }; 7602920F2C1175DA0075FBD8 /* LoggerHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EECCFF2875135900483C66 /* LoggerHelper.swift */; }; 760292102C1175DA0075FBD8 /* LoggerHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EECCFF2875135900483C66 /* LoggerHelper.swift */; }; 760292112C1176010075FBD8 /* UNIXUtilities.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DED82B351B5B003A23DB /* UNIXUtilities.swift */; }; 760292122C1176010075FBD8 /* UNIXUtilities.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DED82B351B5B003A23DB /* UNIXUtilities.swift */; }; 760292132C11763B0075FBD8 /* PrefKeys.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AD27FD1DC3009E0F3A /* PrefKeys.swift */; }; 760292142C1176450075FBD8 /* LogShim.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632E3A02873497C00E37923 /* LogShim.swift */; }; 760292152C1176450075FBD8 /* LogShim.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632E3A02873497C00E37923 /* LogShim.swift */; }; 760292162C1176A90075FBD8 /* TCSUnifiedLogger.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADF9284EB15000332EBC /* TCSUnifiedLogger.m */; }; 760292172C1176BE0075FBD8 /* DataExtension.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632909B2876673500CF8857 /* DataExtension.swift */; }; 760292182C1176BF0075FBD8 /* DataExtension.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632909B2876673500CF8857 /* DataExtension.swift */; }; 760292192C1178090075FBD8 /* NSFileManager+TCSRealHomeFolder.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADFC284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m */; }; 7602921A2C1178090075FBD8 /* NSFileManager+TCSRealHomeFolder.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADFC284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m */; }; 7602921B2C117B3F0075FBD8 /* PasswordUtils.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116AB284AB4C000CCD6FF /* PasswordUtils.swift */; }; 7602921C2C117B400075FBD8 /* PasswordUtils.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116AB284AB4C000CCD6FF /* PasswordUtils.swift */; }; 7602921D2C117B490075FBD8 /* DSQueryable.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418D62A1332660051411B /* DSQueryable.swift */; }; 7602921E2C117B490075FBD8 /* DSQueryable.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418D62A1332660051411B /* DSQueryable.swift */; }; 760418D22A1332210051411B /* SignInWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418CF2A1332210051411B /* SignInWindowController.swift */; }; 760418D52A1332520051411B /* DS+AD.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418D42A1332520051411B /* DS+AD.swift */; }; 760418D72A1332660051411B /* DSQueryable.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418D62A1332660051411B /* DSQueryable.swift */; }; 760418D92A1332770051411B /* SystemInfoHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418D82A1332770051411B /* SystemInfoHelper.swift */; }; 760418E02A133A370051411B /* DSQueryable.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418D62A1332660051411B /* DSQueryable.swift */; }; 761121B62B3D24FE005F7D02 /* SignInWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418CF2A1332210051411B /* SignInWindowController.swift */; }; 761121B72B3D26EE005F7D02 /* SystemInfoHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418D82A1332770051411B /* SystemInfoHelper.swift */; }; 761121B82B3D26F5005F7D02 /* LocalCheckAndMigrate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418DA2A13328C0051411B /* LocalCheckAndMigrate.swift */; }; 761121B92B3D26FB005F7D02 /* DS+AD.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418D42A1332520051411B /* DS+AD.swift */; }; 7611CEC0288B75140063A644 /* XCredsCreateUser.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7611CEBF288B75140063A644 /* XCredsCreateUser.swift */; }; 7611CEC2288B96760063A644 /* XCredsEnableFDE.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7611CEC1288B96760063A644 /* XCredsEnableFDE.swift */; }; 7613FDF7289E114F00340CCD /* loadpage.html in Resources */ = {isa = PBXBuildFile; fileRef = 7613FDF6289E114F00340CCD /* loadpage.html */; }; 7614D03C2B181A5D006EAF36 /* icon_128x128.png in Resources */ = {isa = PBXBuildFile; fileRef = 7614D03B2B181A5D006EAF36 /* icon_128x128.png */; }; 761B486928A34CC900C6A02B /* LoginProgressWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 761B486728A34CC900C6A02B /* LoginProgressWindowController.xib */; }; 761B486A28A34CC900C6A02B /* LoginProgressWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 761B486828A34CC900C6A02B /* LoginProgressWindowController.swift */; }; 761B486C28A3575000C6A02B /* XCredsLoginDone.swift in Sources */ = {isa = PBXBuildFile; fileRef = 761B486B28A3575000C6A02B /* XCredsLoginDone.swift */; }; 762177E62B7144460051B756 /* OIDCLite in Frameworks */ = {isa = PBXBuildFile; productRef = 762177E52B7144460051B756 /* OIDCLite */; }; 7623384C2B53029D00F2D714 /* ShareMounterMenu.swift in Sources */ = {isa = PBXBuildFile; fileRef = 763DDF152B4F100D000D48CC /* ShareMounterMenu.swift */; }; 7623384D2B53029D00F2D714 /* ShareMounter.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76C4ACBE2B3D0F8D003B3605 /* ShareMounter.swift */; }; 762761602B294A7C0067D1D4 /* icon_128x128.png in Resources */ = {isa = PBXBuildFile; fileRef = 7614D03B2B181A5D006EAF36 /* icon_128x128.png */; }; 76319360287D22C700D36BF7 /* authrights.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7631935F287D22C700D36BF7 /* authrights.swift */; }; 76319366287D24E100D36BF7 /* ArgumentParser in Frameworks */ = {isa = PBXBuildFile; productRef = 76319365287D24E100D36BF7 /* ArgumentParser */; }; 76319369287D24F600D36BF7 /* ArgumentParser in Frameworks */ = {isa = PBXBuildFile; productRef = 76319368287D24F600D36BF7 /* ArgumentParser */; }; 7631936C287D29B700D36BF7 /* AuthorizationDBManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */; }; 7631936D287D2A6200D36BF7 /* LoggerHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EECCFF2875135900483C66 /* LoggerHelper.swift */; }; 7631936E287D2AB100D36BF7 /* TCSUnifiedLogger.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADF9284EB15000332EBC /* TCSUnifiedLogger.m */; }; 76319370287DE24D00D36BF7 /* NSFileManager+TCSRealHomeFolder.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADFC284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m */; }; 76319373287E18BF00D36BF7 /* DataExtension.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632909B2876673500CF8857 /* DataExtension.swift */; }; 76319374287E198C00D36BF7 /* XCredsLoginPlugin.bundle in Resources */ = {isa = PBXBuildFile; fileRef = 766355BD2870CA6A002E3867 /* XCredsLoginPlugin.bundle */; }; 76319377287E1FAF00D36BF7 /* authrights in Resources */ = {isa = PBXBuildFile; fileRef = 7631935D287D22C700D36BF7 /* authrights */; }; 7632909D2876674100CF8857 /* DataExtension.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632909B2876673500CF8857 /* DataExtension.swift */; }; 7632E39F287347C100E37923 /* XCredsKeychainAdd.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632E39E287347C100E37923 /* XCredsKeychainAdd.swift */; }; 7632E3A12873497C00E37923 /* LogShim.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632E3A02873497C00E37923 /* LogShim.swift */; }; 7632E3A2287357CC00E37923 /* TokenManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AB27FD1D92009E0F3A /* TokenManager.swift */; }; 7632E3A32873581100E37923 /* KeychainUtil.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116B2284B045800CCD6FF /* KeychainUtil.swift */; }; 76342E5A2B282653007D4F29 /* DesktopLoginWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76342E592B282653007D4F29 /* DesktopLoginWindowController.swift */; }; 763AEFDF2C156E1E0059A83D /* WhitePopoverBackgroundView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 763AEFDE2C156E1E0059A83D /* WhitePopoverBackgroundView.swift */; }; 763DDF1A2B4F1DD4000D48CC /* GSS.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 763DDF192B4F1DD4000D48CC /* GSS.framework */; }; 76477E042C626B5D00F01D56 /* OIDCLite in Frameworks */ = {isa = PBXBuildFile; productRef = 76477E032C626B5D00F01D56 /* OIDCLite */; }; 764859F22B2FA2E800507C16 /* Window+ForceToFront.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AF27FD1DD8009E0F3A /* Window+ForceToFront.swift */; }; 7649056F2B6CADA9008B552F /* xcredsmenuItemWindowBackgroundImage.png in Resources */ = {isa = PBXBuildFile; fileRef = 7649056E2B6CADA9008B552F /* xcredsmenuItemWindowBackgroundImage.png */; }; 764D8126284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 764D8124284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.swift */; }; 764D8127284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 764D8125284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.xib */; }; 764D8129284BCAB100B3EE54 /* Window+Shake.swift in Sources */ = {isa = PBXBuildFile; fileRef = 764D8128284BCAB100B3EE54 /* Window+Shake.swift */; }; 764D812C284BCC7400B3EE54 /* VerifyOIDCPasswordWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 764D812A284BCC7400B3EE54 /* VerifyOIDCPasswordWindowController.swift */; }; 764D812D284BCC7400B3EE54 /* VerifyOIDCPassword.xib in Resources */ = {isa = PBXBuildFile; fileRef = 764D812B284BCC7400B3EE54 /* VerifyOIDCPassword.xib */; }; 764D812F284C06AB00B3EE54 /* defaults.plist in Resources */ = {isa = PBXBuildFile; fileRef = 764D812E284C06AB00B3EE54 /* defaults.plist */; }; 764D8133284D14A500B3EE54 /* Credits.txt in Resources */ = {isa = PBXBuildFile; fileRef = 764D8132284D14A500B3EE54 /* Credits.txt */; }; 7651EDED2A1451590075980B /* LocalUsersViewController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 7651EDEC2A1451590075980B /* LocalUsersViewController.xib */; }; 7651EDF72A1474330075980B /* LoginWebViewController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 7651EDF62A1474330075980B /* LoginWebViewController.xib */; }; 7657DEAF2B3503BF003A23DB /* SessionManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEAE2B3503BF003A23DB /* SessionManager.swift */; }; 7657DEB02B3503BF003A23DB /* SessionManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEAE2B3503BF003A23DB /* SessionManager.swift */; }; 7657DEB32B350476003A23DB /* NoMADSession.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEB22B350476003A23DB /* NoMADSession.swift */; }; 7657DEB42B350476003A23DB /* NoMADSession.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEB22B350476003A23DB /* NoMADSession.swift */; }; 7657DEB62B3504A6003A23DB /* UserRecord.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEB52B3504A6003A23DB /* UserRecord.swift */; }; 7657DEB72B3504A6003A23DB /* UserRecord.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEB52B3504A6003A23DB /* UserRecord.swift */; }; 7657DEBC2B35055F003A23DB /* Logger.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEBB2B35055F003A23DB /* Logger.swift */; }; 7657DEBD2B35055F003A23DB /* Logger.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEBB2B35055F003A23DB /* Logger.swift */; }; 7657DEC02B3505A3003A23DB /* DNSResolver.m in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEBE2B3505A3003A23DB /* DNSResolver.m */; }; 7657DEC32B3505CB003A23DB /* ADLDAPPing.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEC22B3505CB003A23DB /* ADLDAPPing.swift */; }; 7657DEC42B3505CB003A23DB /* ADLDAPPing.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEC22B3505CB003A23DB /* ADLDAPPing.swift */; }; 7657DEC62B3505EB003A23DB /* Extensions.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEC52B3505EB003A23DB /* Extensions.swift */; }; 7657DEC72B3505EB003A23DB /* Extensions.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEC52B3505EB003A23DB /* Extensions.swift */; }; 7657DEC92B350606003A23DB /* KlistUtil.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEC82B350606003A23DB /* KlistUtil.swift */; }; 7657DECC2B35061E003A23DB /* SiteManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DECB2B35061E003A23DB /* SiteManager.swift */; }; 7657DECD2B35061E003A23DB /* SiteManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DECB2B35061E003A23DB /* SiteManager.swift */; }; 7657DED92B351B5B003A23DB /* UNIXUtilities.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DED82B351B5B003A23DB /* UNIXUtilities.swift */; }; 7657DEDA2B351B5B003A23DB /* UNIXUtilities.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DED82B351B5B003A23DB /* UNIXUtilities.swift */; }; 7659CA07298E1BB6005D1AA3 /* DefaultBackground.png in Resources */ = {isa = PBXBuildFile; fileRef = 7659CA06298E1BB6005D1AA3 /* DefaultBackground.png */; }; 766355C32870CB6F002E3867 /* XCredsLoginPlugin.m in Sources */ = {isa = PBXBuildFile; fileRef = 766355C22870CB6F002E3867 /* XCredsLoginPlugin.m */; }; 766355CA2870DCF5002E3867 /* TCSUnifiedLogger.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADF9284EB15000332EBC /* TCSUnifiedLogger.m */; }; 766355CB2870E5E9002E3867 /* NSFileManager+TCSRealHomeFolder.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADFC284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m */; }; 766355CC2870E9AD002E3867 /* WebViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06B327FD1E5F009E0F3A /* WebViewController.swift */; }; 766355CE2870E9D3002E3867 /* OIDCLite in Frameworks */ = {isa = PBXBuildFile; productRef = 766355CD2870E9D3002E3867 /* OIDCLite */; }; 766355CF2870E9E7002E3867 /* PrefKeys.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AD27FD1DC3009E0F3A /* PrefKeys.swift */; }; 766355D12870EBAD002E3867 /* VerifyOIDCPassword.xib in Resources */ = {isa = PBXBuildFile; fileRef = 764D812B284BCC7400B3EE54 /* VerifyOIDCPassword.xib */; }; 766355D42870F29A002E3867 /* TestWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766355D22870F29A002E3867 /* TestWindowController.swift */; }; 766355D52870F29A002E3867 /* TestWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 766355D32870F29A002E3867 /* TestWindowController.xib */; }; 766355D928711C51002E3867 /* defaults.plist in Resources */ = {isa = PBXBuildFile; fileRef = 764D812E284C06AB00B3EE54 /* defaults.plist */; }; 766355DB287132E9002E3867 /* LoginWebViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766355DA287132E9002E3867 /* LoginWebViewController.swift */; }; 766355DC287133C7002E3867 /* WebViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06B327FD1E5F009E0F3A /* WebViewController.swift */; }; 766355E328713C4A002E3867 /* LoginWindow.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766355E128713C47002E3867 /* LoginWindow.swift */; }; 766355E5287148C1002E3867 /* Tokens.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766355E4287148C1002E3867 /* Tokens.swift */; }; 766355E6287148C1002E3867 /* Tokens.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766355E4287148C1002E3867 /* Tokens.swift */; }; 76673CD229D3CFF900452848 /* errorpage.html in Resources */ = {isa = PBXBuildFile; fileRef = 766CC43729D3AED2009BC526 /* errorpage.html */; }; 76673CD529D3D5F500452848 /* LicenseChecker.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76673CD429D3D5F500452848 /* LicenseChecker.swift */; }; 76673CD629D3D5F500452848 /* LicenseChecker.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76673CD429D3D5F500452848 /* LicenseChecker.swift */; }; 766CC42829D3A3DC009BC526 /* ProductLicense.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42229D3A321009BC526 /* ProductLicense.framework */; }; 766CC42929D3A3DC009BC526 /* ProductLicense.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42229D3A321009BC526 /* ProductLicense.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; }; 766CC42A29D3A3DC009BC526 /* Paddle.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42129D3A320009BC526 /* Paddle.framework */; }; 766CC42B29D3A3DC009BC526 /* Paddle.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42129D3A320009BC526 /* Paddle.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; }; 766CC42D29D3A3EC009BC526 /* ProductLicense.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42229D3A321009BC526 /* ProductLicense.framework */; }; 766CC42E29D3A3EC009BC526 /* ProductLicense.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42229D3A321009BC526 /* ProductLicense.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; }; 766CC42F29D3A3EC009BC526 /* Paddle.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42129D3A320009BC526 /* Paddle.framework */; }; 766CC43029D3A3EC009BC526 /* Paddle.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42129D3A320009BC526 /* Paddle.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; }; 766CC43229D3A3F8009BC526 /* ProductLicense.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42229D3A321009BC526 /* ProductLicense.framework */; }; 766CC43329D3A3F8009BC526 /* ProductLicense.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42229D3A321009BC526 /* ProductLicense.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; }; 766CC43429D3A3F8009BC526 /* Paddle.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42129D3A320009BC526 /* Paddle.framework */; }; 766CC43529D3A3F8009BC526 /* Paddle.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 766CC42129D3A320009BC526 /* Paddle.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; }; 766CC43829D3AED2009BC526 /* errorpage.html in Resources */ = {isa = PBXBuildFile; fileRef = 766CC43729D3AED2009BC526 /* errorpage.html */; }; 766F4C4B2883AFD90021F548 /* pleaseWaitGraphic.png in Resources */ = {isa = PBXBuildFile; fileRef = 766F4C4A2883AFD90021F548 /* pleaseWaitGraphic.png */; }; 766FD60D2A1B06AC00C8F244 /* DefaultsOverride.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766FD60C2A1B06AC00C8F244 /* DefaultsOverride.swift */; }; 767116A7284AABC500CCD6FF /* NotifyManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116A6284AABC500CCD6FF /* NotifyManager.swift */; }; 767116A9284AAE2B00CCD6FF /* ScheduleManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116A8284AAE2B00CCD6FF /* ScheduleManager.swift */; }; 767116AC284AB4C000CCD6FF /* PasswordUtils.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116AB284AB4C000CCD6FF /* PasswordUtils.swift */; }; 767116B1284B021500CCD6FF /* MainController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116B0284B021500CCD6FF /* MainController.swift */; }; 767116B3284B045800CCD6FF /* KeychainUtil.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116B2284B045800CCD6FF /* KeychainUtil.swift */; }; 7677908628908E40004E7085 /* WifiWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7677908328908E40004E7085 /* WifiWindowController.swift */; }; 7677908728908E40004E7085 /* WifiManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7677908428908E40004E7085 /* WifiManager.swift */; }; 7677908828908E40004E7085 /* WifiWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 7677908528908E40004E7085 /* WifiWindowController.xib */; }; 76786F562A27C36A00AA8DB9 /* main.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76786F552A27C36A00AA8DB9 /* main.swift */; }; 76786F5A2A27C37100AA8DB9 /* AuthRightsHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76786F4E2A27C31400AA8DB9 /* AuthRightsHelper.swift */; }; 76786F5B2A27C38800AA8DB9 /* AuthorizationDBManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */; }; 76786F5D2A27C3B300AA8DB9 /* TCSUnifiedLogger.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADF9284EB15000332EBC /* TCSUnifiedLogger.m */; }; 76786F5E2A27C60800AA8DB9 /* LoggerHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EECCFF2875135900483C66 /* LoggerHelper.swift */; }; 76786F662A27C62D00AA8DB9 /* main.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76786F652A27C62D00AA8DB9 /* main.swift */; }; 76786F6B2A27C79100AA8DB9 /* NSFileManager+TCSRealHomeFolder.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADFC284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m */; }; 767B939C2A28279E0038935E /* View+Shake.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767B939B2A28279E0038935E /* View+Shake.swift */; }; 767B939D2A28289E0038935E /* View+Shake.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767B939B2A28279E0038935E /* View+Shake.swift */; }; 767C42842AC6645700542099 /* AuthRightsHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76786F4E2A27C31400AA8DB9 /* AuthRightsHelper.swift */; }; 767CB2D02B13B92B006CA2AC /* OpenDirectory.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 767CB2CF2B13B92B006CA2AC /* OpenDirectory.framework */; }; 7681FEC52A4C8B9000F91CD1 /* AboutWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7681FEC42A4C8B9000F91CD1 /* AboutWindowController.swift */; }; 7681FEC72A4C8BC800F91CD1 /* AboutWindow.xib in Resources */ = {isa = PBXBuildFile; fileRef = 7681FEC62A4C8BC800F91CD1 /* AboutWindow.xib */; }; 7681FEC92A4CFEA200F91CD1 /* com.twocanoes.xcreds.plist in Resources */ = {isa = PBXBuildFile; fileRef = 7681FEC82A4CFEA200F91CD1 /* com.twocanoes.xcreds.plist */; }; 7683973129A854EC003D9B9F /* NSImage+String.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7683973029A854EC003D9B9F /* NSImage+String.swift */; }; 7683973229A854EC003D9B9F /* NSImage+String.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7683973029A854EC003D9B9F /* NSImage+String.swift */; }; 768633D92AFC4908004065E5 /* WifiManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7677908428908E40004E7085 /* WifiManager.swift */; }; 76873E2F2A107736001418A9 /* DefaultsHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76873E2E2A107736001418A9 /* DefaultsHelper.swift */; }; 76873E302A107736001418A9 /* DefaultsHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76873E2E2A107736001418A9 /* DefaultsHelper.swift */; }; 76A8A4E32A0DF7C700AA6054 /* NSTaskWrapper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F528724FA80013E2A1 /* NSTaskWrapper.swift */; }; 76AB89E12A12FAF900529D90 /* OIDCLite in Frameworks */ = {isa = PBXBuildFile; productRef = 76AB89E02A12FAF900529D90 /* OIDCLite */; }; 76AB89E32A12FB4900529D90 /* ArgumentParser in Frameworks */ = {isa = PBXBuildFile; productRef = 76AB89E22A12FB4900529D90 /* ArgumentParser */; }; 76B040A428EFC788002A289B /* Helper+JWTDecode.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76B040A328EFC788002A289B /* Helper+JWTDecode.swift */; }; 76B040A528EFC788002A289B /* Helper+JWTDecode.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76B040A328EFC788002A289B /* Helper+JWTDecode.swift */; }; 76B882AA29CCFD7A00BB8186 /* TCSKeychain.m in Sources */ = {isa = PBXBuildFile; fileRef = 76B882A829CCFD7900BB8186 /* TCSKeychain.m */; }; 76B882AB29CCFD7A00BB8186 /* TCSKeychain.m in Sources */ = {isa = PBXBuildFile; fileRef = 76B882A829CCFD7900BB8186 /* TCSKeychain.m */; }; 76B882AE29CCFDAE00BB8186 /* NSData+SHA1.m in Sources */ = {isa = PBXBuildFile; fileRef = 76B882AC29CCFDAE00BB8186 /* NSData+SHA1.m */; }; 76B882AF29CCFDAE00BB8186 /* NSData+SHA1.m in Sources */ = {isa = PBXBuildFile; fileRef = 76B882AC29CCFDAE00BB8186 /* NSData+SHA1.m */; }; 76B882B229CCFDBA00BB8186 /* NSData+HexString.m in Sources */ = {isa = PBXBuildFile; fileRef = 76B882B029CCFDBA00BB8186 /* NSData+HexString.m */; }; 76B882B329CCFDBA00BB8186 /* NSData+HexString.m in Sources */ = {isa = PBXBuildFile; fileRef = 76B882B029CCFDBA00BB8186 /* NSData+HexString.m */; }; 76BEF7DD2871F5F00013E2A1 /* TCSReturnWindow.m in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7DB2871F5F00013E2A1 /* TCSReturnWindow.m */; }; 76BEF7E12871F74D0013E2A1 /* ControlsViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7E02871F74D0013E2A1 /* ControlsViewController.swift */; }; 76BEF7E4287202090013E2A1 /* RestartX.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7E2287202080013E2A1 /* RestartX.png */; }; 76BEF7E5287202090013E2A1 /* RestartX@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7E3287202080013E2A1 /* RestartX@2x.png */; }; 76BEF7E8287202AF0013E2A1 /* ShutdownX.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7E6287202AF0013E2A1 /* ShutdownX.png */; }; 76BEF7E9287202AF0013E2A1 /* ShutdownX@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7E7287202AF0013E2A1 /* ShutdownX@2x.png */; }; 76BEF7EC28724A0B0013E2A1 /* XCredsLoginMechanism.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7EA28724A0B0013E2A1 /* XCredsLoginMechanism.swift */; }; 76BEF7ED28724A0C0013E2A1 /* XCredsBaseMechanism.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7EB28724A0B0013E2A1 /* XCredsBaseMechanism.swift */; }; 76BEF7F328724F120013E2A1 /* XCredsPowerControlMechanism.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F228724F120013E2A1 /* XCredsPowerControlMechanism.swift */; }; 76BEF7F628724FA80013E2A1 /* NSTaskWrapper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F528724FA80013E2A1 /* NSTaskWrapper.swift */; }; 76BEF7F82872504C0013E2A1 /* ContextAndHintHandling.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F72872504C0013E2A1 /* ContextAndHintHandling.swift */; }; 76BEF7FA28726C700013E2A1 /* AuthorizationDBManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */; }; 76BEF8002872A3030013E2A1 /* loginwindow@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7FE2872A3030013E2A1 /* loginwindow@2x.png */; }; 76BEF8012872A3030013E2A1 /* loginwindow.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7FF2872A3030013E2A1 /* loginwindow.png */; }; 76C0840B2A9A311E008039FA /* ControlsViewController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76C084092A9A2635008039FA /* ControlsViewController.xib */; }; 76C4BAB02B353A30007B2C57 /* KlistUtil.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEC82B350606003A23DB /* KlistUtil.swift */; }; 76C4BAB12B353A3A007B2C57 /* DNSResolver.m in Sources */ = {isa = PBXBuildFile; fileRef = 7657DEBE2B3505A3003A23DB /* DNSResolver.m */; }; 76C4BAB32B353AD7007B2C57 /* libresolv.tbd in Frameworks */ = {isa = PBXBuildFile; fileRef = 76C4BAB22B353AD7007B2C57 /* libresolv.tbd */; }; 76C4BAB42B353ADD007B2C57 /* libresolv.tbd in Frameworks */ = {isa = PBXBuildFile; fileRef = 76C4BAB22B353AD7007B2C57 /* libresolv.tbd */; }; 76C4BAB62B353AF7007B2C57 /* Kerberos.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 76C4BAB52B353AF7007B2C57 /* Kerberos.framework */; }; 76C4BAB72B353AFD007B2C57 /* Kerberos.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 76C4BAB52B353AF7007B2C57 /* Kerberos.framework */; }; 76C4BABC2B3544C6007B2C57 /* UNIXUtilities.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7657DED82B351B5B003A23DB /* UNIXUtilities.swift */; }; 76C63A322A22872700810C53 /* History.md in Resources */ = {isa = PBXBuildFile; fileRef = 76C63A312A22872700810C53 /* History.md */; }; 76CB9077287FBEEA00C70D0C /* Helper+URLDecode.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76CB9076287FBEEA00C70D0C /* Helper+URLDecode.swift */; }; 76CB9078287FBEEA00C70D0C /* Helper+URLDecode.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76CB9076287FBEEA00C70D0C /* Helper+URLDecode.swift */; }; 76CB907B2880E41E00C70D0C /* LogShim.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7632E3A02873497C00E37923 /* LogShim.swift */; }; 76CB907E288112C200C70D0C /* xcreds_login.sh in Resources */ = {isa = PBXBuildFile; fileRef = 76CB907C288112AF00C70D0C /* xcreds_login.sh */; }; 76CCF5442B12E478003F85E9 /* SelectLocalAccountWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76CCF5422B12E478003F85E9 /* SelectLocalAccountWindowController.swift */; }; 76CCF5452B12E478003F85E9 /* SelectLocalAccountWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76CCF5432B12E478003F85E9 /* SelectLocalAccountWindowController.xib */; }; 76D1756A2B23C28700E64A62 /* MainLoginWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76FDC5D52B22D47A0035D61E /* MainLoginWindowController.xib */; }; 76D175712B23C2DB00E64A62 /* AuthorizationDBManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */; }; 76D175742B23C57500E64A62 /* LocalUsersViewController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 7651EDEC2A1451590075980B /* LocalUsersViewController.xib */; }; 76D175772B23C62A00E64A62 /* UpdatePasswordWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76E466642B1A4C16006529B6 /* UpdatePasswordWindowController.swift */; }; 76D1757E2B24096C00E64A62 /* MainLoginWindow.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76D1757D2B24096C00E64A62 /* MainLoginWindow.swift */; }; 76D4726D2B43B8FB0064380C /* TCTaskWrapperWithBlocks.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D4726C2B43B8FB0064380C /* TCTaskWrapperWithBlocks.m */; }; 76D4726E2B43B8FB0064380C /* TCTaskWrapperWithBlocks.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D4726C2B43B8FB0064380C /* TCTaskWrapperWithBlocks.m */; }; 76D7ADFB284EB15100332EBC /* TCSUnifiedLogger.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADF9284EB15000332EBC /* TCSUnifiedLogger.m */; }; 76D7ADFE284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADFC284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m */; }; 76D925D32894ADB4005C3245 /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 76EE069F27FD1D01009E0F3A /* Assets.xcassets */; }; 76DB5CF42A09AE9A0014F8E1 /* get_pw.js in Resources */ = {isa = PBXBuildFile; fileRef = 76DB5CF32A09AE9A0014F8E1 /* get_pw.js */; }; 76DB5CF52A09AE9A0014F8E1 /* get_pw.js in Resources */ = {isa = PBXBuildFile; fileRef = 76DB5CF32A09AE9A0014F8E1 /* get_pw.js */; }; 76DC0A6828836EB1007C42B2 /* AppDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76DC0A6728836EB1007C42B2 /* AppDelegate.swift */; }; 76DC0A6A28836EB2007C42B2 /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 76DC0A6928836EB2007C42B2 /* Assets.xcassets */; }; 76DC0A6D28836EB2007C42B2 /* MainMenu.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76DC0A6B28836EB2007C42B2 /* MainMenu.xib */; }; 76DC0A7328836EFE007C42B2 /* TCSReturnWindow.m in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7DB2871F5F00013E2A1 /* TCSReturnWindow.m */; }; 76DC0A7428836F45007C42B2 /* RestartX@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7E3287202080013E2A1 /* RestartX@2x.png */; }; 76DC0A79288370BA007C42B2 /* com.twocanoes.xcreds-overlay.plist in Resources */ = {isa = PBXBuildFile; fileRef = 76DC0A78288370BA007C42B2 /* com.twocanoes.xcreds-overlay.plist */; }; 76DC0A7C28837158007C42B2 /* XCreds Login Overlay.app in Resources */ = {isa = PBXBuildFile; fileRef = 76DC0A6528836EB1007C42B2 /* XCreds Login Overlay.app */; }; 76DC0A7E288376BC007C42B2 /* TCSXCredsLoginOverlayWindow.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76DC0A7D288376BC007C42B2 /* TCSXCredsLoginOverlayWindow.swift */; }; 76DC0A83288382D2007C42B2 /* returnArrow.png in Resources */ = {isa = PBXBuildFile; fileRef = 76DC0A7628837028007C42B2 /* returnArrow.png */; }; 76DC0A8428838375007C42B2 /* AuthorizationDBManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */; }; 76DC0A8528838467007C42B2 /* LoggerHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EECCFF2875135900483C66 /* LoggerHelper.swift */; }; 76DC0A8628838656007C42B2 /* TCSUnifiedLogger.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADF9284EB15000332EBC /* TCSUnifiedLogger.m */; }; 76DC0A87288386FA007C42B2 /* NSTaskWrapper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F528724FA80013E2A1 /* NSTaskWrapper.swift */; }; 76DC0A88288387D8007C42B2 /* NSFileManager+TCSRealHomeFolder.m in Sources */ = {isa = PBXBuildFile; fileRef = 76D7ADFC284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m */; }; 76DD6D17285997F300A700ED /* OIDCLite in Frameworks */ = {isa = PBXBuildFile; productRef = 76DD6D16285997F300A700ED /* OIDCLite */; }; 76DF1D5B2A2AD42C00770690 /* LocalCheckAndMigrate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 760418DA2A13328C0051411B /* LocalCheckAndMigrate.swift */; }; 76DF50B62A1C5EFF007BC708 /* DefaultsOverride.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766FD60C2A1B06AC00C8F244 /* DefaultsOverride.swift */; }; 76DF7FD52B50FA9A00B3B543 /* UpdatePasswordWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76E466652B1A4C16006529B6 /* UpdatePasswordWindowController.xib */; }; 76E466662B1A4C16006529B6 /* UpdatePasswordWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76E466642B1A4C16006529B6 /* UpdatePasswordWindowController.swift */; }; 76E466672B1A4C16006529B6 /* UpdatePasswordWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76E466652B1A4C16006529B6 /* UpdatePasswordWindowController.xib */; }; 76E74DCF2B3902F0004C6429 /* XCredsMechanismProtocol.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76E74DCE2B3902F0004C6429 /* XCredsMechanismProtocol.swift */; }; 76E74DD02B3902F0004C6429 /* XCredsMechanismProtocol.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76E74DCE2B3902F0004C6429 /* XCredsMechanismProtocol.swift */; }; 76E74DD12B390327004C6429 /* ContextAndHintHandling.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7F72872504C0013E2A1 /* ContextAndHintHandling.swift */; }; 76E74DD22B39034B004C6429 /* SelectLocalAccountWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76CCF5422B12E478003F85E9 /* SelectLocalAccountWindowController.swift */; }; 76E74DD32B390358004C6429 /* LoginWebViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766355DA287132E9002E3867 /* LoginWebViewController.swift */; }; 76E74DD42B39037A004C6429 /* LoginProgressWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 761B486828A34CC900C6A02B /* LoginProgressWindowController.swift */; }; 76E9CE702A0DC6E30060220C /* TCSLoginWindowUtilities.m in Sources */ = {isa = PBXBuildFile; fileRef = 76E9CE6F2A0DC6E30060220C /* TCSLoginWindowUtilities.m */; }; 76EE069E27FD1D00009E0F3A /* AppDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE069D27FD1D00009E0F3A /* AppDelegate.swift */; }; 76EE06A027FD1D01009E0F3A /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 76EE069F27FD1D01009E0F3A /* Assets.xcassets */; }; 76EE06A327FD1D01009E0F3A /* MainMenu.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76EE06A127FD1D01009E0F3A /* MainMenu.xib */; }; 76EE06AC27FD1D92009E0F3A /* TokenManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AB27FD1D92009E0F3A /* TokenManager.swift */; }; 76EE06AE27FD1DC3009E0F3A /* PrefKeys.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AD27FD1DC3009E0F3A /* PrefKeys.swift */; }; 76EE06B027FD1DD8009E0F3A /* Window+ForceToFront.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06AF27FD1DD8009E0F3A /* Window+ForceToFront.swift */; }; 76EE06B227FD1E24009E0F3A /* DesktopLoginWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76EE06B127FD1E24009E0F3A /* DesktopLoginWindowController.xib */; }; 76EE06B627FD1E79009E0F3A /* PreferencesWindow.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76EE06B527FD1E79009E0F3A /* PreferencesWindow.xib */; }; 76EE06B827FD1EB7009E0F3A /* PreferencesWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06B727FD1EB7009E0F3A /* PreferencesWindowController.swift */; }; 76EE06C227FD1F50009E0F3A /* StatusMenuController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EE06C127FD1F50009E0F3A /* StatusMenuController.swift */; }; 76EECCFB2873DFFB00483C66 /* PasswordUtils.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767116AB284AB4C000CCD6FF /* PasswordUtils.swift */; }; 76EECCFC2873E6E200483C66 /* VerifyLocalPasswordWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 764D8125284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.xib */; }; 76EECCFD2873E9ED00483C66 /* VerifyLocalPasswordWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 764D8124284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.swift */; }; 76EECCFE2873EA6500483C66 /* Window+Shake.swift in Sources */ = {isa = PBXBuildFile; fileRef = 764D8128284BCAB100B3EE54 /* Window+Shake.swift */; }; 76EECD002875135900483C66 /* LoggerHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EECCFF2875135900483C66 /* LoggerHelper.swift */; }; 76EECD012875135900483C66 /* LoggerHelper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EECCFF2875135900483C66 /* LoggerHelper.swift */; }; 76EECD0228752C1F00483C66 /* LoginWindow.swift in Sources */ = {isa = PBXBuildFile; fileRef = 766355E128713C47002E3867 /* LoginWindow.swift */; }; 76EECD0428753C7F00483C66 /* String+Base64URLEncoded.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EECD0328753C7F00483C66 /* String+Base64URLEncoded.swift */; }; 76EECD0528753C7F00483C66 /* String+Base64URLEncoded.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76EECD0328753C7F00483C66 /* String+Base64URLEncoded.swift */; }; 76F0B6E02B421FC8008F7D71 /* loadpage.html in Resources */ = {isa = PBXBuildFile; fileRef = 7613FDF6289E114F00340CCD /* loadpage.html */; }; 76FDC5D62B22D47A0035D61E /* MainLoginWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76FDC5D42B22D47A0035D61E /* MainLoginWindowController.swift */; }; 76FDC5D72B22D47A0035D61E /* MainLoginWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76FDC5D52B22D47A0035D61E /* MainLoginWindowController.xib */; }; 76FDC5DA2B235A4F0035D61E /* StatusMenuWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76FDC5D82B235A4F0035D61E /* StatusMenuWindowController.swift */; }; 76FDC5DB2B235A4F0035D61E /* StatusMenuWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76FDC5D92B235A4F0035D61E /* StatusMenuWindowController.xib */; }; /* End PBXBuildFile section */ /* Begin PBXContainerItemProxy section */ 760291FE2C116EDB0075FBD8 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 76EE069227FD1D00009E0F3A /* Project object */; proxyType = 1; remoteGlobalIDString = 760291F32C116EDB0075FBD8; remoteInfo = "XCreds AutoFill Extension"; }; 760292052C116EEE0075FBD8 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 76EE069227FD1D00009E0F3A /* Project object */; proxyType = 1; remoteGlobalIDString = 760291DF2C116E450075FBD8; remoteInfo = "XCreds AutoFill"; }; 76319375287E19A500D36BF7 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 76EE069227FD1D00009E0F3A /* Project object */; proxyType = 1; remoteGlobalIDString = 766355BC2870CA6A002E3867; remoteInfo = XCredsLoginPlugin; }; 76319378287E204500D36BF7 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 76EE069227FD1D00009E0F3A /* Project object */; proxyType = 1; remoteGlobalIDString = 7631935C287D22C700D36BF7; remoteInfo = authrights; }; 76DC0A7A28837152007C42B2 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 76EE069227FD1D00009E0F3A /* Project object */; proxyType = 1; remoteGlobalIDString = 76DC0A6428836EB1007C42B2; remoteInfo = "XCreds Login Overlay"; }; /* End PBXContainerItemProxy section */ /* Begin PBXCopyFilesBuildPhase section */ 760292042C116EDB0075FBD8 /* Embed Foundation Extensions */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; dstPath = ""; dstSubfolderSpec = 13; files = ( 760292002C116EDB0075FBD8 /* XCreds Login Password.appex in Embed Foundation Extensions */, ); name = "Embed Foundation Extensions"; runOnlyForDeploymentPostprocessing = 0; }; 7631935B287D22C700D36BF7 /* CopyFiles */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; dstPath = /usr/share/man/man1/; dstSubfolderSpec = 0; files = ( ); runOnlyForDeploymentPostprocessing = 1; }; 766CC42C29D3A3DC009BC526 /* Embed Frameworks */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; dstPath = ""; dstSubfolderSpec = 10; files = ( 766CC42B29D3A3DC009BC526 /* Paddle.framework in Embed Frameworks */, 766CC42929D3A3DC009BC526 /* ProductLicense.framework in Embed Frameworks */, ); name = "Embed Frameworks"; runOnlyForDeploymentPostprocessing = 0; }; 766CC43129D3A3EC009BC526 /* Embed Frameworks */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; dstPath = ""; dstSubfolderSpec = 10; files = ( 766CC43029D3A3EC009BC526 /* Paddle.framework in Embed Frameworks */, 766CC42E29D3A3EC009BC526 /* ProductLicense.framework in Embed Frameworks */, ); name = "Embed Frameworks"; runOnlyForDeploymentPostprocessing = 0; }; 766CC43629D3A3F8009BC526 /* Embed Frameworks */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; dstPath = ""; dstSubfolderSpec = 10; files = ( 766CC43529D3A3F8009BC526 /* Paddle.framework in Embed Frameworks */, 766CC43329D3A3F8009BC526 /* ProductLicense.framework in Embed Frameworks */, ); name = "Embed Frameworks"; runOnlyForDeploymentPostprocessing = 0; }; 76786F512A27C36A00AA8DB9 /* CopyFiles */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; dstPath = /usr/share/man/man1/; dstSubfolderSpec = 0; files = ( ); runOnlyForDeploymentPostprocessing = 1; }; 76786F612A27C62D00AA8DB9 /* CopyFiles */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; dstPath = /usr/share/man/man1/; dstSubfolderSpec = 0; files = ( ); runOnlyForDeploymentPostprocessing = 1; }; /* End PBXCopyFilesBuildPhase section */ /* Begin PBXFileReference section */ 089B22F02AFAED280006B6BC /* NetworkMonitor.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; name = NetworkMonitor.swift; path = XCredsLoginPlugIn/LoginWindow/NetworkMonitor.swift; sourceTree = SOURCE_ROOT; }; 760148A82B23639D00E119A2 /* NSBundle+FindBundlePath.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "NSBundle+FindBundlePath.swift"; sourceTree = ""; }; 760291CB2C1166870075FBD8 /* AuthenticationServices.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = AuthenticationServices.framework; path = System/Library/Frameworks/AuthenticationServices.framework; sourceTree = SDKROOT; }; 760291E02C116E450075FBD8 /* XCreds Login Autofill.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = "XCreds Login Autofill.app"; sourceTree = BUILT_PRODUCTS_DIR; }; 760291E22C116E450075FBD8 /* AppDelegate.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppDelegate.swift; sourceTree = ""; }; 760291E42C116E450075FBD8 /* ViewController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ViewController.swift; sourceTree = ""; }; 760291E62C116E470075FBD8 /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Assets.xcassets; sourceTree = ""; }; 760291E92C116E470075FBD8 /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.storyboard; name = Base; path = Base.lproj/Main.storyboard; sourceTree = ""; }; 760291EB2C116E470075FBD8 /* XCreds_AutoFill.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = XCreds_AutoFill.entitlements; sourceTree = ""; }; 760291F42C116EDB0075FBD8 /* XCreds Login Password.appex */ = {isa = PBXFileReference; explicitFileType = "wrapper.app-extension"; includeInIndex = 0; path = "XCreds Login Password.appex"; sourceTree = BUILT_PRODUCTS_DIR; }; 760291F72C116EDB0075FBD8 /* CredentialProviderViewController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CredentialProviderViewController.swift; sourceTree = ""; }; 760291FA2C116EDB0075FBD8 /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = Base; path = Base.lproj/CredentialProviderViewController.xib; sourceTree = ""; }; 760291FC2C116EDB0075FBD8 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; 760291FD2C116EDB0075FBD8 /* XCreds_AutoFill_Extension.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = XCreds_AutoFill_Extension.entitlements; sourceTree = ""; }; 760418CE2A1332210051411B /* SignIn.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; path = SignIn.xib; sourceTree = ""; }; 760418CF2A1332210051411B /* SignInWindowController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = SignInWindowController.swift; sourceTree = ""; }; 760418D42A1332520051411B /* DS+AD.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "DS+AD.swift"; sourceTree = ""; }; 760418D62A1332660051411B /* DSQueryable.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = DSQueryable.swift; sourceTree = ""; }; 760418D82A1332770051411B /* SystemInfoHelper.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = SystemInfoHelper.swift; sourceTree = ""; }; 760418DA2A13328C0051411B /* LocalCheckAndMigrate.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = LocalCheckAndMigrate.swift; sourceTree = ""; }; 760418DC2A1334210051411B /* NoLoMechanism.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = NoLoMechanism.swift; sourceTree = ""; }; 760418DE2A1334D00051411B /* CheckAD.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = CheckAD.swift; sourceTree = ""; }; 7611CEBF288B75140063A644 /* XCredsCreateUser.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = XCredsCreateUser.swift; sourceTree = ""; }; 7611CEC1288B96760063A644 /* XCredsEnableFDE.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = XCredsEnableFDE.swift; sourceTree = ""; }; 7613FDF6289E114F00340CCD /* loadpage.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = loadpage.html; sourceTree = ""; }; 7614D03B2B181A5D006EAF36 /* icon_128x128.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; name = icon_128x128.png; path = XCreds/Assets.xcassets/AppIcon.appiconset/icon_128x128.png; sourceTree = ""; }; 761B486728A34CC900C6A02B /* LoginProgressWindowController.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; name = LoginProgressWindowController.xib; path = XCredsLoginPlugIn/LoginProgressWindowController.xib; sourceTree = SOURCE_ROOT; }; 761B486828A34CC900C6A02B /* LoginProgressWindowController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; name = LoginProgressWindowController.swift; path = XCredsLoginPlugIn/LoginProgressWindowController.swift; sourceTree = SOURCE_ROOT; }; 761B486B28A3575000C6A02B /* XCredsLoginDone.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = XCredsLoginDone.swift; sourceTree = ""; }; 7631935D287D22C700D36BF7 /* authrights */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = authrights; sourceTree = BUILT_PRODUCTS_DIR; }; 7631935F287D22C700D36BF7 /* authrights.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = authrights.swift; sourceTree = ""; }; 7632909B2876673500CF8857 /* DataExtension.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = DataExtension.swift; sourceTree = ""; }; 7632E39E287347C100E37923 /* XCredsKeychainAdd.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = XCredsKeychainAdd.swift; sourceTree = ""; }; 7632E3A02873497C00E37923 /* LogShim.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = LogShim.swift; path = Mechanisms/LogShim.swift; sourceTree = ""; }; 76342E592B282653007D4F29 /* DesktopLoginWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = DesktopLoginWindowController.swift; sourceTree = ""; }; 763AEFDE2C156E1E0059A83D /* WhitePopoverBackgroundView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = WhitePopoverBackgroundView.swift; sourceTree = ""; }; 763DDF152B4F100D000D48CC /* ShareMounterMenu.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ShareMounterMenu.swift; sourceTree = ""; }; 763DDF192B4F1DD4000D48CC /* GSS.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = GSS.framework; path = System/Library/Frameworks/GSS.framework; sourceTree = SDKROOT; }; 7649056E2B6CADA9008B552F /* xcredsmenuItemWindowBackgroundImage.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = xcredsmenuItemWindowBackgroundImage.png; sourceTree = ""; }; 764D8124284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = VerifyLocalPasswordWindowController.swift; sourceTree = ""; }; 764D8125284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = VerifyLocalPasswordWindowController.xib; sourceTree = ""; }; 764D8128284BCAB100B3EE54 /* Window+Shake.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "Window+Shake.swift"; sourceTree = ""; }; 764D812A284BCC7400B3EE54 /* VerifyOIDCPasswordWindowController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = VerifyOIDCPasswordWindowController.swift; sourceTree = ""; }; 764D812B284BCC7400B3EE54 /* VerifyOIDCPassword.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; path = VerifyOIDCPassword.xib; sourceTree = ""; }; 764D812E284C06AB00B3EE54 /* defaults.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = defaults.plist; sourceTree = ""; }; 764D8132284D14A500B3EE54 /* Credits.txt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = Credits.txt; sourceTree = ""; }; 7651EDEC2A1451590075980B /* LocalUsersViewController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = LocalUsersViewController.xib; sourceTree = ""; }; 7651EDF62A1474330075980B /* LoginWebViewController.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; path = LoginWebViewController.xib; sourceTree = ""; }; 7657DEAE2B3503BF003A23DB /* SessionManager.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = SessionManager.swift; sourceTree = ""; }; 7657DEB22B350476003A23DB /* NoMADSession.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = NoMADSession.swift; sourceTree = ""; }; 7657DEB52B3504A6003A23DB /* UserRecord.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = UserRecord.swift; sourceTree = ""; }; 7657DEBB2B35055F003A23DB /* Logger.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = Logger.swift; sourceTree = ""; }; 7657DEBE2B3505A3003A23DB /* DNSResolver.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = DNSResolver.m; sourceTree = ""; }; 7657DEBF2B3505A3003A23DB /* DNSResolver.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DNSResolver.h; sourceTree = ""; }; 7657DEC22B3505CB003A23DB /* ADLDAPPing.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ADLDAPPing.swift; sourceTree = ""; }; 7657DEC52B3505EB003A23DB /* Extensions.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = Extensions.swift; sourceTree = ""; }; 7657DEC82B350606003A23DB /* KlistUtil.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = KlistUtil.swift; sourceTree = ""; }; 7657DECB2B35061E003A23DB /* SiteManager.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = SiteManager.swift; sourceTree = ""; }; 7657DED22B350644003A23DB /* GSSItem.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = GSSItem.h; sourceTree = ""; }; 7657DED32B35064E003A23DB /* krb5.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = krb5.h; sourceTree = ""; }; 7657DED52B351A67003A23DB /* KerbUtil.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = KerbUtil.h; sourceTree = ""; }; 7657DED82B351B5B003A23DB /* UNIXUtilities.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = UNIXUtilities.swift; sourceTree = ""; }; 7659CA06298E1BB6005D1AA3 /* DefaultBackground.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = DefaultBackground.png; sourceTree = ""; }; 766355BD2870CA6A002E3867 /* XCredsLoginPlugin.bundle */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = XCredsLoginPlugin.bundle; sourceTree = BUILT_PRODUCTS_DIR; }; 766355C12870CB6F002E3867 /* XCredsLoginPlugin.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = XCredsLoginPlugin.h; path = XCredsLoginPlugIn/XCredsLoginPlugin.h; sourceTree = SOURCE_ROOT; }; 766355C22870CB6F002E3867 /* XCredsLoginPlugin.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; name = XCredsLoginPlugin.m; path = XCredsLoginPlugIn/XCredsLoginPlugin.m; sourceTree = SOURCE_ROOT; }; 766355C42870CCC3002E3867 /* XCredsLoginPlugin-Bridging-Header.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "XCredsLoginPlugin-Bridging-Header.h"; sourceTree = ""; }; 766355D22870F29A002E3867 /* TestWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = TestWindowController.swift; path = XCredsLoginPlugIn/TestWindowController.swift; sourceTree = ""; }; 766355D32870F29A002E3867 /* TestWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = TestWindowController.xib; path = XCredsLoginPlugIn/TestWindowController.xib; sourceTree = ""; }; 766355DA287132E9002E3867 /* LoginWebViewController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; name = LoginWebViewController.swift; path = XCredsLoginPlugIn/LoginWindow/LoginWebViewController.swift; sourceTree = SOURCE_ROOT; }; 766355E128713C47002E3867 /* LoginWindow.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = LoginWindow.swift; sourceTree = ""; }; 766355E4287148C1002E3867 /* Tokens.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = Tokens.swift; path = Shared/Tokens.swift; sourceTree = SOURCE_ROOT; }; 76673CD429D3D5F500452848 /* LicenseChecker.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = LicenseChecker.swift; sourceTree = ""; }; 766CC42129D3A320009BC526 /* Paddle.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Paddle.framework; path = Carthage/Build/Mac/Paddle.framework; sourceTree = ""; }; 766CC42229D3A321009BC526 /* ProductLicense.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = ProductLicense.framework; path = Carthage/Build/Mac/ProductLicense.framework; sourceTree = ""; }; 766CC43729D3AED2009BC526 /* errorpage.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = errorpage.html; sourceTree = ""; }; 766F4C4A2883AFD90021F548 /* pleaseWaitGraphic.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = pleaseWaitGraphic.png; sourceTree = ""; }; 766FD60C2A1B06AC00C8F244 /* DefaultsOverride.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = DefaultsOverride.swift; sourceTree = ""; }; 767116A6284AABC500CCD6FF /* NotifyManager.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = NotifyManager.swift; sourceTree = ""; }; 767116A8284AAE2B00CCD6FF /* ScheduleManager.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ScheduleManager.swift; sourceTree = ""; }; 767116AB284AB4C000CCD6FF /* PasswordUtils.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = PasswordUtils.swift; sourceTree = ""; }; 767116AD284AB59400CCD6FF /* SecurityPrivateAPI.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecurityPrivateAPI.h; sourceTree = ""; }; 767116AE284AB5D900CCD6FF /* XCreds-Bridging-Header.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "XCreds-Bridging-Header.h"; sourceTree = ""; }; 767116B0284B021500CCD6FF /* MainController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MainController.swift; sourceTree = ""; }; 767116B2284B045800CCD6FF /* KeychainUtil.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = KeychainUtil.swift; sourceTree = ""; }; 7675444428918CD100613840 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist; name = Info.plist; path = XCredsLoginPlugin/Info.plist; sourceTree = ""; }; 7677908328908E40004E7085 /* WifiWindowController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = WifiWindowController.swift; sourceTree = ""; }; 7677908428908E40004E7085 /* WifiManager.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = WifiManager.swift; sourceTree = ""; }; 7677908528908E40004E7085 /* WifiWindowController.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; path = WifiWindowController.xib; sourceTree = ""; }; 76786F4E2A27C31400AA8DB9 /* AuthRightsHelper.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = AuthRightsHelper.swift; path = Shared/AuthRightsHelper.swift; sourceTree = SOURCE_ROOT; }; 76786F532A27C36A00AA8DB9 /* auth_mech_fixup */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = auth_mech_fixup; sourceTree = BUILT_PRODUCTS_DIR; }; 76786F552A27C36A00AA8DB9 /* main.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = main.swift; sourceTree = ""; }; 76786F632A27C62D00AA8DB9 /* test */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = test; sourceTree = BUILT_PRODUCTS_DIR; }; 76786F652A27C62D00AA8DB9 /* main.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = main.swift; sourceTree = ""; }; 76786F6A2A27C72900AA8DB9 /* auth_mech_fixup-Bridging-Header.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = "auth_mech_fixup-Bridging-Header.h"; path = "auth_mech_fixup/auth_mech_fixup-Bridging-Header.h"; sourceTree = SOURCE_ROOT; }; 767B939B2A28279E0038935E /* View+Shake.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "View+Shake.swift"; sourceTree = ""; }; 767CB2CC2B13B8EB006CA2AC /* libinfo.tbd */ = {isa = PBXFileReference; lastKnownFileType = "sourcecode.text-based-dylib-definition"; name = libinfo.tbd; path = usr/lib/libinfo.tbd; sourceTree = SDKROOT; }; 767CB2CE2B13B913006CA2AC /* libsystem_info.tbd */ = {isa = PBXFileReference; lastKnownFileType = "sourcecode.text-based-dylib-definition"; name = libsystem_info.tbd; path = usr/lib/system/libsystem_info.tbd; sourceTree = SDKROOT; }; 767CB2CF2B13B92B006CA2AC /* OpenDirectory.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = OpenDirectory.framework; path = System/Library/Frameworks/OpenDirectory.framework; sourceTree = SDKROOT; }; 7681FEC42A4C8B9000F91CD1 /* AboutWindowController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = AboutWindowController.swift; sourceTree = ""; }; 7681FEC62A4C8BC800F91CD1 /* AboutWindow.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; path = AboutWindow.xib; sourceTree = ""; }; 7681FEC82A4CFEA200F91CD1 /* com.twocanoes.xcreds.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; name = com.twocanoes.xcreds.plist; path = "Profile Manifest/com.twocanoes.xcreds.plist"; sourceTree = ""; }; 7683973029A854EC003D9B9F /* NSImage+String.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "NSImage+String.swift"; sourceTree = ""; }; 76873E2E2A107736001418A9 /* DefaultsHelper.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = DefaultsHelper.swift; path = XCreds/DefaultsHelper.swift; sourceTree = ""; }; 76B040A328EFC788002A289B /* Helper+JWTDecode.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = "Helper+JWTDecode.swift"; path = "XCreds/Helper+JWTDecode.swift"; sourceTree = ""; }; 76B882A829CCFD7900BB8186 /* TCSKeychain.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = TCSKeychain.m; sourceTree = ""; }; 76B882A929CCFD7A00BB8186 /* TCSKeychain.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TCSKeychain.h; sourceTree = ""; }; 76B882AC29CCFDAE00BB8186 /* NSData+SHA1.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "NSData+SHA1.m"; sourceTree = ""; }; 76B882AD29CCFDAE00BB8186 /* NSData+SHA1.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "NSData+SHA1.h"; sourceTree = ""; }; 76B882B029CCFDBA00BB8186 /* NSData+HexString.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "NSData+HexString.m"; sourceTree = ""; }; 76B882B129CCFDBA00BB8186 /* NSData+HexString.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "NSData+HexString.h"; sourceTree = ""; }; 76BEF7D42871F36C0013E2A1 /* main.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = main.swift; sourceTree = ""; }; 76BEF7DB2871F5F00013E2A1 /* TCSReturnWindow.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = TCSReturnWindow.m; sourceTree = ""; }; 76BEF7DC2871F5F00013E2A1 /* TCSReturnWindow.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TCSReturnWindow.h; sourceTree = ""; }; 76BEF7E02871F74D0013E2A1 /* ControlsViewController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ControlsViewController.swift; sourceTree = ""; }; 76BEF7E2287202080013E2A1 /* RestartX.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = RestartX.png; sourceTree = ""; }; 76BEF7E3287202080013E2A1 /* RestartX@2x.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = "RestartX@2x.png"; sourceTree = ""; }; 76BEF7E6287202AF0013E2A1 /* ShutdownX.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = ShutdownX.png; sourceTree = ""; }; 76BEF7E7287202AF0013E2A1 /* ShutdownX@2x.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = "ShutdownX@2x.png"; sourceTree = ""; }; 76BEF7EA28724A0B0013E2A1 /* XCredsLoginMechanism.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = XCredsLoginMechanism.swift; sourceTree = ""; }; 76BEF7EB28724A0B0013E2A1 /* XCredsBaseMechanism.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = XCredsBaseMechanism.swift; sourceTree = ""; }; 76BEF7F228724F120013E2A1 /* XCredsPowerControlMechanism.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = XCredsPowerControlMechanism.swift; sourceTree = ""; }; 76BEF7F528724FA80013E2A1 /* NSTaskWrapper.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = NSTaskWrapper.swift; sourceTree = ""; }; 76BEF7F72872504C0013E2A1 /* ContextAndHintHandling.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ContextAndHintHandling.swift; sourceTree = ""; }; 76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = AuthorizationDBManager.swift; path = XCredsLoginPlugIn/LoginWindow/AuthorizationDBManager.swift; sourceTree = SOURCE_ROOT; }; 76BEF7FE2872A3030013E2A1 /* loginwindow@2x.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = "loginwindow@2x.png"; sourceTree = ""; }; 76BEF7FF2872A3030013E2A1 /* loginwindow.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = loginwindow.png; sourceTree = ""; }; 76C084092A9A2635008039FA /* ControlsViewController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = ControlsViewController.xib; sourceTree = ""; }; 76C4ACBE2B3D0F8D003B3605 /* ShareMounter.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ShareMounter.swift; sourceTree = ""; }; 76C4BAB22B353AD7007B2C57 /* libresolv.tbd */ = {isa = PBXFileReference; lastKnownFileType = "sourcecode.text-based-dylib-definition"; name = libresolv.tbd; path = usr/lib/libresolv.tbd; sourceTree = SDKROOT; }; 76C4BAB52B353AF7007B2C57 /* Kerberos.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Kerberos.framework; path = System/Library/Frameworks/Kerberos.framework; sourceTree = SDKROOT; }; 76C4BABA2B353B4B007B2C57 /* KerbUtil.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = KerbUtil.m; sourceTree = ""; }; 76C63A312A22872700810C53 /* History.md */ = {isa = PBXFileReference; lastKnownFileType = net.daringfireball.markdown; path = History.md; sourceTree = ""; }; 76CB9076287FBEEA00C70D0C /* Helper+URLDecode.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "Helper+URLDecode.swift"; sourceTree = ""; }; 76CB907C288112AF00C70D0C /* xcreds_login.sh */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; path = xcreds_login.sh; sourceTree = ""; }; 76CCF5422B12E478003F85E9 /* SelectLocalAccountWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SelectLocalAccountWindowController.swift; sourceTree = ""; }; 76CCF5432B12E478003F85E9 /* SelectLocalAccountWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = SelectLocalAccountWindowController.xib; sourceTree = ""; }; 76D1757D2B24096C00E64A62 /* MainLoginWindow.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MainLoginWindow.swift; sourceTree = ""; }; 76D4726B2B43B8FA0064380C /* TCTaskWrapperWithBlocks.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TCTaskWrapperWithBlocks.h; sourceTree = ""; }; 76D4726C2B43B8FB0064380C /* TCTaskWrapperWithBlocks.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = TCTaskWrapperWithBlocks.m; sourceTree = ""; }; 76D7ADF9284EB15000332EBC /* TCSUnifiedLogger.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = TCSUnifiedLogger.m; sourceTree = ""; }; 76D7ADFA284EB15100332EBC /* TCSUnifiedLogger.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TCSUnifiedLogger.h; sourceTree = ""; }; 76D7ADFC284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "NSFileManager+TCSRealHomeFolder.m"; sourceTree = ""; }; 76D7ADFD284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "NSFileManager+TCSRealHomeFolder.h"; sourceTree = ""; }; 76DB5CF32A09AE9A0014F8E1 /* get_pw.js */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.javascript; name = get_pw.js; path = Javascript/get_pw/get_pw.js; sourceTree = ""; }; 76DC0A6528836EB1007C42B2 /* XCreds Login Overlay.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = "XCreds Login Overlay.app"; sourceTree = BUILT_PRODUCTS_DIR; }; 76DC0A6728836EB1007C42B2 /* AppDelegate.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppDelegate.swift; sourceTree = ""; }; 76DC0A6928836EB2007C42B2 /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Assets.xcassets; sourceTree = ""; }; 76DC0A6C28836EB2007C42B2 /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = Base; path = Base.lproj/MainMenu.xib; sourceTree = ""; }; 76DC0A6E28836EB2007C42B2 /* XCreds_Login_Overlay.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = XCreds_Login_Overlay.entitlements; sourceTree = ""; }; 76DC0A7628837028007C42B2 /* returnArrow.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = returnArrow.png; sourceTree = ""; }; 76DC0A78288370BA007C42B2 /* com.twocanoes.xcreds-overlay.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = "com.twocanoes.xcreds-overlay.plist"; sourceTree = ""; }; 76DC0A7D288376BC007C42B2 /* TCSXCredsLoginOverlayWindow.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = TCSXCredsLoginOverlayWindow.swift; sourceTree = ""; }; 76DC0A7F2883785A007C42B2 /* XCreds-Login-Overlay-Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist; path = "XCreds-Login-Overlay-Info.plist"; sourceTree = SOURCE_ROOT; }; 76DD6D122859978F00A700ED /* OIDCLite */ = {isa = PBXFileReference; lastKnownFileType = wrapper; name = OIDCLite; path = ../OIDCLite; sourceTree = ""; }; 76E466642B1A4C16006529B6 /* UpdatePasswordWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = UpdatePasswordWindowController.swift; sourceTree = ""; }; 76E466652B1A4C16006529B6 /* UpdatePasswordWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = UpdatePasswordWindowController.xib; sourceTree = ""; }; 76E74DCE2B3902F0004C6429 /* XCredsMechanismProtocol.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = XCredsMechanismProtocol.swift; sourceTree = ""; }; 76E9CE6E2A0DC6E30060220C /* TCSLoginWindowUtilities.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = TCSLoginWindowUtilities.h; path = XCreds/TCSLoginWindowUtilities.h; sourceTree = ""; }; 76E9CE6F2A0DC6E30060220C /* TCSLoginWindowUtilities.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; name = TCSLoginWindowUtilities.m; path = XCreds/TCSLoginWindowUtilities.m; sourceTree = ""; }; 76EE069A27FD1D00009E0F3A /* XCreds.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = XCreds.app; sourceTree = BUILT_PRODUCTS_DIR; }; 76EE069D27FD1D00009E0F3A /* AppDelegate.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppDelegate.swift; sourceTree = ""; }; 76EE069F27FD1D01009E0F3A /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Assets.xcassets; sourceTree = ""; }; 76EE06A227FD1D01009E0F3A /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = Base; path = Base.lproj/MainMenu.xib; sourceTree = ""; }; 76EE06A427FD1D01009E0F3A /* xCreds.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = xCreds.entitlements; sourceTree = ""; }; 76EE06AA27FD1D66009E0F3A /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist; path = Info.plist; sourceTree = ""; }; 76EE06AB27FD1D92009E0F3A /* TokenManager.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = TokenManager.swift; sourceTree = ""; }; 76EE06AD27FD1DC3009E0F3A /* PrefKeys.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = PrefKeys.swift; sourceTree = ""; }; 76EE06AF27FD1DD8009E0F3A /* Window+ForceToFront.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "Window+ForceToFront.swift"; sourceTree = ""; }; 76EE06B127FD1E24009E0F3A /* DesktopLoginWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = DesktopLoginWindowController.xib; sourceTree = ""; }; 76EE06B327FD1E5F009E0F3A /* WebViewController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = WebViewController.swift; sourceTree = ""; }; 76EE06B527FD1E79009E0F3A /* PreferencesWindow.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = PreferencesWindow.xib; sourceTree = ""; }; 76EE06B727FD1EB7009E0F3A /* PreferencesWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = PreferencesWindowController.swift; sourceTree = ""; }; 76EE06C127FD1F50009E0F3A /* StatusMenuController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = StatusMenuController.swift; sourceTree = ""; }; 76EECCFF2875135900483C66 /* LoggerHelper.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = LoggerHelper.swift; sourceTree = ""; }; 76EECD0328753C7F00483C66 /* String+Base64URLEncoded.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "String+Base64URLEncoded.swift"; sourceTree = ""; }; 76FDC5D42B22D47A0035D61E /* MainLoginWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = MainLoginWindowController.swift; path = XCreds/MainLoginWindowController.swift; sourceTree = SOURCE_ROOT; }; 76FDC5D52B22D47A0035D61E /* MainLoginWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = MainLoginWindowController.xib; path = XCredsLoginPlugIn/LoginWindow/MainLoginWindowController.xib; sourceTree = SOURCE_ROOT; }; 76FDC5D82B235A4F0035D61E /* StatusMenuWindowController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = StatusMenuWindowController.swift; sourceTree = SOURCE_ROOT; }; 76FDC5D92B235A4F0035D61E /* StatusMenuWindowController.xib */ = {isa = PBXFileReference; lastKnownFileType = file.xib; path = StatusMenuWindowController.xib; sourceTree = SOURCE_ROOT; }; /* End PBXFileReference section */ /* Begin PBXFrameworksBuildPhase section */ 760291DD2C116E450075FBD8 /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( ); runOnlyForDeploymentPostprocessing = 0; }; 760291F12C116EDB0075FBD8 /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( 760291F52C116EDB0075FBD8 /* AuthenticationServices.framework in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; }; 7631935A287D22C700D36BF7 /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( 76AB89E32A12FB4900529D90 /* ArgumentParser in Frameworks */, 76AB89E12A12FAF900529D90 /* OIDCLite in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; }; 766355BA2870CA6A002E3867 /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( 76C4BAB62B353AF7007B2C57 /* Kerberos.framework in Frameworks */, 76C4BAB42B353ADD007B2C57 /* libresolv.tbd in Frameworks */, 766CC42D29D3A3EC009BC526 /* ProductLicense.framework in Frameworks */, 766CC42F29D3A3EC009BC526 /* Paddle.framework in Frameworks */, 766355CE2870E9D3002E3867 /* OIDCLite in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; }; 76786F502A27C36A00AA8DB9 /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( ); runOnlyForDeploymentPostprocessing = 0; }; 76786F602A27C62D00AA8DB9 /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( ); runOnlyForDeploymentPostprocessing = 0; }; 76DC0A6228836EB1007C42B2 /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( 766CC43429D3A3F8009BC526 /* Paddle.framework in Frameworks */, 766CC43229D3A3F8009BC526 /* ProductLicense.framework in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; }; 76EE069727FD1D00009E0F3A /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( 76477E042C626B5D00F01D56 /* OIDCLite in Frameworks */, 76C4BAB72B353AFD007B2C57 /* Kerberos.framework in Frameworks */, 762177E62B7144460051B756 /* OIDCLite in Frameworks */, 76C4BAB32B353AD7007B2C57 /* libresolv.tbd in Frameworks */, 763DDF1A2B4F1DD4000D48CC /* GSS.framework in Frameworks */, 766CC42829D3A3DC009BC526 /* ProductLicense.framework in Frameworks */, 766CC42A29D3A3DC009BC526 /* Paddle.framework in Frameworks */, 767CB2D02B13B92B006CA2AC /* OpenDirectory.framework in Frameworks */, 76319369287D24F600D36BF7 /* ArgumentParser in Frameworks */, 76319366287D24E100D36BF7 /* ArgumentParser in Frameworks */, 76DD6D17285997F300A700ED /* OIDCLite in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; }; /* End PBXFrameworksBuildPhase section */ /* Begin PBXGroup section */ 760291E12C116E450075FBD8 /* XCreds AutoFill */ = { isa = PBXGroup; children = ( 760291E22C116E450075FBD8 /* AppDelegate.swift */, 760291E42C116E450075FBD8 /* ViewController.swift */, 760291E62C116E470075FBD8 /* Assets.xcassets */, 760291E82C116E470075FBD8 /* Main.storyboard */, 760291EB2C116E470075FBD8 /* XCreds_AutoFill.entitlements */, ); path = "XCreds AutoFill"; sourceTree = ""; }; 760291F62C116EDB0075FBD8 /* XCreds AutoFill Extension */ = { isa = PBXGroup; children = ( 760291F72C116EDB0075FBD8 /* CredentialProviderViewController.swift */, 760291F92C116EDB0075FBD8 /* CredentialProviderViewController.xib */, 760291FC2C116EDB0075FBD8 /* Info.plist */, 760291FD2C116EDB0075FBD8 /* XCreds_AutoFill_Extension.entitlements */, ); path = "XCreds AutoFill Extension"; sourceTree = ""; }; 760418CC2A1331710051411B /* NomadLogin */ = { isa = PBXGroup; children = ( 760418DE2A1334D00051411B /* CheckAD.swift */, 760418DC2A1334210051411B /* NoLoMechanism.swift */, 760418DA2A13328C0051411B /* LocalCheckAndMigrate.swift */, 760418D82A1332770051411B /* SystemInfoHelper.swift */, 760418D62A1332660051411B /* DSQueryable.swift */, 760418D42A1332520051411B /* DS+AD.swift */, 760418CD2A1332210051411B /* UI */, ); path = NomadLogin; sourceTree = ""; }; 760418CD2A1332210051411B /* UI */ = { isa = PBXGroup; children = ( 760418CE2A1332210051411B /* SignIn.xib */, ); path = UI; sourceTree = ""; }; 7631935E287D22C700D36BF7 /* authrights */ = { isa = PBXGroup; children = ( 76786F4E2A27C31400AA8DB9 /* AuthRightsHelper.swift */, 7631935F287D22C700D36BF7 /* authrights.swift */, ); path = authrights; sourceTree = ""; }; 7657DEDC2B351BF9003A23DB /* headers */ = { isa = PBXGroup; children = ( 7657DEBF2B3505A3003A23DB /* DNSResolver.h */, 7657DED32B35064E003A23DB /* krb5.h */, 7657DED22B350644003A23DB /* GSSItem.h */, ); path = headers; sourceTree = ""; }; 766355C72870D1B5002E3867 /* XCredsLogin */ = { isa = PBXGroup; children = ( 76B882B129CCFDBA00BB8186 /* NSData+HexString.h */, 76B882B029CCFDBA00BB8186 /* NSData+HexString.m */, 76B882AD29CCFDAE00BB8186 /* NSData+SHA1.h */, 76B882AC29CCFDAE00BB8186 /* NSData+SHA1.m */, 76B882A929CCFD7A00BB8186 /* TCSKeychain.h */, 76B882A829CCFD7900BB8186 /* TCSKeychain.m */, 7613FDF6289E114F00340CCD /* loadpage.html */, 766CC43729D3AED2009BC526 /* errorpage.html */, 7677908428908E40004E7085 /* WifiManager.swift */, 7677908328908E40004E7085 /* WifiWindowController.swift */, 7677908528908E40004E7085 /* WifiWindowController.xib */, 76EECD0328753C7F00483C66 /* String+Base64URLEncoded.swift */, 7632E3A02873497C00E37923 /* LogShim.swift */, 76BEF7F72872504C0013E2A1 /* ContextAndHintHandling.swift */, 76BEF7F528724FA80013E2A1 /* NSTaskWrapper.swift */, 766355C12870CB6F002E3867 /* XCredsLoginPlugin.h */, 766355C22870CB6F002E3867 /* XCredsLoginPlugin.m */, 76BEF7F028724E520013E2A1 /* LoginWindow */, 76BEF7EF28724E280013E2A1 /* Mechanisms */, ); name = XCredsLogin; path = XCredsLoginPlugIn; sourceTree = ""; }; 76786F542A27C36A00AA8DB9 /* auth_mech_fixup */ = { isa = PBXGroup; children = ( 76786F6A2A27C72900AA8DB9 /* auth_mech_fixup-Bridging-Header.h */, 76786F552A27C36A00AA8DB9 /* main.swift */, ); path = auth_mech_fixup; sourceTree = ""; }; 76786F642A27C62D00AA8DB9 /* test */ = { isa = PBXGroup; children = ( 76786F652A27C62D00AA8DB9 /* main.swift */, ); path = test; sourceTree = ""; }; 76BEF7D32871F36C0013E2A1 /* FakeTrue */ = { isa = PBXGroup; children = ( 76BEF7D42871F36C0013E2A1 /* main.swift */, ); path = FakeTrue; sourceTree = ""; }; 76BEF7EF28724E280013E2A1 /* Mechanisms */ = { isa = PBXGroup; children = ( 761B486B28A3575000C6A02B /* XCredsLoginDone.swift */, 7611CEC1288B96760063A644 /* XCredsEnableFDE.swift */, 7611CEBF288B75140063A644 /* XCredsCreateUser.swift */, 7632E39E287347C100E37923 /* XCredsKeychainAdd.swift */, 76BEF7F228724F120013E2A1 /* XCredsPowerControlMechanism.swift */, 76BEF7EA28724A0B0013E2A1 /* XCredsLoginMechanism.swift */, 76BEF7EB28724A0B0013E2A1 /* XCredsBaseMechanism.swift */, ); path = Mechanisms; sourceTree = ""; }; 76BEF7F028724E520013E2A1 /* LoginWindow */ = { isa = PBXGroup; children = ( 766355DA287132E9002E3867 /* LoginWebViewController.swift */, 760418CF2A1332210051411B /* SignInWindowController.swift */, 761B486828A34CC900C6A02B /* LoginProgressWindowController.swift */, 089B22F02AFAED280006B6BC /* NetworkMonitor.swift */, 761B486728A34CC900C6A02B /* LoginProgressWindowController.xib */, 76FDC5D52B22D47A0035D61E /* MainLoginWindowController.xib */, 76CB907C288112AF00C70D0C /* xcreds_login.sh */, 76BEF7F928726C700013E2A1 /* AuthorizationDBManager.swift */, 76BEF7DC2871F5F00013E2A1 /* TCSReturnWindow.h */, 76BEF7DB2871F5F00013E2A1 /* TCSReturnWindow.m */, 76C084092A9A2635008039FA /* ControlsViewController.xib */, 763AEFDE2C156E1E0059A83D /* WhitePopoverBackgroundView.swift */, 76BEF7E02871F74D0013E2A1 /* ControlsViewController.swift */, 766355E128713C47002E3867 /* LoginWindow.swift */, 7651EDEC2A1451590075980B /* LocalUsersViewController.xib */, 76D1757D2B24096C00E64A62 /* MainLoginWindow.swift */, 76BEF7F128724EB60013E2A1 /* images */, ); path = LoginWindow; sourceTree = ""; }; 76BEF7F128724EB60013E2A1 /* images */ = { isa = PBXGroup; children = ( 7649056E2B6CADA9008B552F /* xcredsmenuItemWindowBackgroundImage.png */, 76BEF7FF2872A3030013E2A1 /* loginwindow.png */, 76BEF7FE2872A3030013E2A1 /* loginwindow@2x.png */, 76BEF7E6287202AF0013E2A1 /* ShutdownX.png */, 76BEF7E7287202AF0013E2A1 /* ShutdownX@2x.png */, 76BEF7E2287202080013E2A1 /* RestartX.png */, 76BEF7E3287202080013E2A1 /* RestartX@2x.png */, ); path = images; sourceTree = ""; }; 76C4BAB92B353B3F007B2C57 /* NoMAD */ = { isa = PBXGroup; children = ( 7657DEAE2B3503BF003A23DB /* SessionManager.swift */, 7657DED82B351B5B003A23DB /* UNIXUtilities.swift */, 7657DED52B351A67003A23DB /* KerbUtil.h */, 76C4BABA2B353B4B007B2C57 /* KerbUtil.m */, 7657DEDC2B351BF9003A23DB /* headers */, 7657DECB2B35061E003A23DB /* SiteManager.swift */, 7657DEC82B350606003A23DB /* KlistUtil.swift */, 7657DEC52B3505EB003A23DB /* Extensions.swift */, 7657DEC22B3505CB003A23DB /* ADLDAPPing.swift */, 7657DEBE2B3505A3003A23DB /* DNSResolver.m */, 7657DEBB2B35055F003A23DB /* Logger.swift */, 7657DEB52B3504A6003A23DB /* UserRecord.swift */, 7657DEB22B350476003A23DB /* NoMADSession.swift */, ); name = NoMAD; sourceTree = ""; }; 76DC0A6628836EB1007C42B2 /* XCreds Login Overlay */ = { isa = PBXGroup; children = ( 766F4C4A2883AFD90021F548 /* pleaseWaitGraphic.png */, 76DC0A7F2883785A007C42B2 /* XCreds-Login-Overlay-Info.plist */, 76DC0A7D288376BC007C42B2 /* TCSXCredsLoginOverlayWindow.swift */, 76DC0A78288370BA007C42B2 /* com.twocanoes.xcreds-overlay.plist */, 76DC0A7628837028007C42B2 /* returnArrow.png */, 76DC0A6728836EB1007C42B2 /* AppDelegate.swift */, 76DC0A6928836EB2007C42B2 /* Assets.xcassets */, 76DC0A6B28836EB2007C42B2 /* MainMenu.xib */, 76DC0A6E28836EB2007C42B2 /* XCreds_Login_Overlay.entitlements */, ); path = "XCreds Login Overlay"; sourceTree = ""; }; 76DD6D112859978F00A700ED /* Packages */ = { isa = PBXGroup; children = ( 76DD6D122859978F00A700ED /* OIDCLite */, ); name = Packages; sourceTree = ""; }; 76DD6D15285997F300A700ED /* Frameworks */ = { isa = PBXGroup; children = ( 763DDF192B4F1DD4000D48CC /* GSS.framework */, 76C4BAB52B353AF7007B2C57 /* Kerberos.framework */, 76C4BAB22B353AD7007B2C57 /* libresolv.tbd */, 767CB2CF2B13B92B006CA2AC /* OpenDirectory.framework */, 767CB2CE2B13B913006CA2AC /* libsystem_info.tbd */, 767CB2CC2B13B8EB006CA2AC /* libinfo.tbd */, 766CC42129D3A320009BC526 /* Paddle.framework */, 766CC42229D3A321009BC526 /* ProductLicense.framework */, 760291CB2C1166870075FBD8 /* AuthenticationServices.framework */, ); name = Frameworks; sourceTree = ""; }; 76EE069127FD1D00009E0F3A = { isa = PBXGroup; children = ( 76D4726B2B43B8FA0064380C /* TCTaskWrapperWithBlocks.h */, 76D4726C2B43B8FB0064380C /* TCTaskWrapperWithBlocks.m */, 763DDF152B4F100D000D48CC /* ShareMounterMenu.swift */, 76C4ACBE2B3D0F8D003B3605 /* ShareMounter.swift */, 76C4BAB92B353B3F007B2C57 /* NoMAD */, 760148A82B23639D00E119A2 /* NSBundle+FindBundlePath.swift */, 7614D03B2B181A5D006EAF36 /* icon_128x128.png */, 7681FEC82A4CFEA200F91CD1 /* com.twocanoes.xcreds.plist */, 76C63A312A22872700810C53 /* History.md */, 760418CC2A1331710051411B /* NomadLogin */, 76873E2E2A107736001418A9 /* DefaultsHelper.swift */, 76E9CE6E2A0DC6E30060220C /* TCSLoginWindowUtilities.h */, 76E9CE6F2A0DC6E30060220C /* TCSLoginWindowUtilities.m */, 76673CD429D3D5F500452848 /* LicenseChecker.swift */, 7683973029A854EC003D9B9F /* NSImage+String.swift */, 76DB5CF32A09AE9A0014F8E1 /* get_pw.js */, 7659CA06298E1BB6005D1AA3 /* DefaultBackground.png */, 766FD60C2A1B06AC00C8F244 /* DefaultsOverride.swift */, 7675444428918CD100613840 /* Info.plist */, 760291E12C116E450075FBD8 /* XCreds AutoFill */, 760291F62C116EDB0075FBD8 /* XCreds AutoFill Extension */, 76DD6D15285997F300A700ED /* Frameworks */, 76CB9076287FBEEA00C70D0C /* Helper+URLDecode.swift */, 76B040A328EFC788002A289B /* Helper+JWTDecode.swift */, 7632909B2876673500CF8857 /* DataExtension.swift */, 766355D22870F29A002E3867 /* TestWindowController.swift */, 766355D32870F29A002E3867 /* TestWindowController.xib */, 76DD6D112859978F00A700ED /* Packages */, 766355C72870D1B5002E3867 /* XCredsLogin */, 76EE069C27FD1D00009E0F3A /* XCreds */, 76BEF7D32871F36C0013E2A1 /* FakeTrue */, 7631935E287D22C700D36BF7 /* authrights */, 76DC0A6628836EB1007C42B2 /* XCreds Login Overlay */, 76786F542A27C36A00AA8DB9 /* auth_mech_fixup */, 76786F642A27C62D00AA8DB9 /* test */, 76EE069B27FD1D00009E0F3A /* Products */, ); sourceTree = ""; }; 76EE069B27FD1D00009E0F3A /* Products */ = { isa = PBXGroup; children = ( 76EE069A27FD1D00009E0F3A /* XCreds.app */, 766355BD2870CA6A002E3867 /* XCredsLoginPlugin.bundle */, 7631935D287D22C700D36BF7 /* authrights */, 76DC0A6528836EB1007C42B2 /* XCreds Login Overlay.app */, 76786F532A27C36A00AA8DB9 /* auth_mech_fixup */, 76786F632A27C62D00AA8DB9 /* test */, 760291E02C116E450075FBD8 /* XCreds Login Autofill.app */, 760291F42C116EDB0075FBD8 /* XCreds Login Password.appex */, ); name = Products; sourceTree = ""; }; 76EE069C27FD1D00009E0F3A /* XCreds */ = { isa = PBXGroup; children = ( 76FDC5D42B22D47A0035D61E /* MainLoginWindowController.swift */, 764D8125284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.xib */, 76CCF5432B12E478003F85E9 /* SelectLocalAccountWindowController.xib */, 76CCF5422B12E478003F85E9 /* SelectLocalAccountWindowController.swift */, 76FDC5D92B235A4F0035D61E /* StatusMenuWindowController.xib */, 76E466652B1A4C16006529B6 /* UpdatePasswordWindowController.xib */, 7651EDF62A1474330075980B /* LoginWebViewController.xib */, 764D812B284BCC7400B3EE54 /* VerifyOIDCPassword.xib */, 76FDC5D82B235A4F0035D61E /* StatusMenuWindowController.swift */, 76D7ADFD284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.h */, 76D7ADFC284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m */, 76D7ADFA284EB15100332EBC /* TCSUnifiedLogger.h */, 76D7ADF9284EB15000332EBC /* TCSUnifiedLogger.m */, 76EECCFF2875135900483C66 /* LoggerHelper.swift */, 764D812A284BCC7400B3EE54 /* VerifyOIDCPasswordWindowController.swift */, 764D8124284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.swift */, 764D8132284D14A500B3EE54 /* Credits.txt */, 76E466642B1A4C16006529B6 /* UpdatePasswordWindowController.swift */, 767116B2284B045800CCD6FF /* KeychainUtil.swift */, 767116AD284AB59400CCD6FF /* SecurityPrivateAPI.h */, 76EE06AB27FD1D92009E0F3A /* TokenManager.swift */, 76E74DCE2B3902F0004C6429 /* XCredsMechanismProtocol.swift */, 76EE06AD27FD1DC3009E0F3A /* PrefKeys.swift */, 764D8128284BCAB100B3EE54 /* Window+Shake.swift */, 767B939B2A28279E0038935E /* View+Shake.swift */, 76EE06B127FD1E24009E0F3A /* DesktopLoginWindowController.xib */, 76342E592B282653007D4F29 /* DesktopLoginWindowController.swift */, 76EE06B327FD1E5F009E0F3A /* WebViewController.swift */, 766355E4287148C1002E3867 /* Tokens.swift */, 7681FEC62A4C8BC800F91CD1 /* AboutWindow.xib */, 767116AB284AB4C000CCD6FF /* PasswordUtils.swift */, 76EE06B527FD1E79009E0F3A /* PreferencesWindow.xib */, 764D812E284C06AB00B3EE54 /* defaults.plist */, 767116AE284AB5D900CCD6FF /* XCreds-Bridging-Header.h */, 76EE06B727FD1EB7009E0F3A /* PreferencesWindowController.swift */, 7681FEC42A4C8B9000F91CD1 /* AboutWindowController.swift */, 76EE06AF27FD1DD8009E0F3A /* Window+ForceToFront.swift */, 767116A8284AAE2B00CCD6FF /* ScheduleManager.swift */, 76EE06C127FD1F50009E0F3A /* StatusMenuController.swift */, 76EE06AA27FD1D66009E0F3A /* Info.plist */, 76EE069D27FD1D00009E0F3A /* AppDelegate.swift */, 767116B0284B021500CCD6FF /* MainController.swift */, 767116A6284AABC500CCD6FF /* NotifyManager.swift */, 76EE069F27FD1D01009E0F3A /* Assets.xcassets */, 76EE06A127FD1D01009E0F3A /* MainMenu.xib */, 76EE06A427FD1D01009E0F3A /* xCreds.entitlements */, 766355C42870CCC3002E3867 /* XCredsLoginPlugin-Bridging-Header.h */, ); path = XCreds; sourceTree = ""; }; /* End PBXGroup section */ /* Begin PBXLegacyTarget section */ 766F4C4C2883B88F0021F548 /* Send To Test */ = { isa = PBXLegacyTarget; buildArgumentsString = "app_to_test.sh mba.local"; buildConfigurationList = 766F4C4D2883B88F0021F548 /* Build configuration list for PBXLegacyTarget "Send To Test" */; buildPhases = ( ); buildToolPath = /bin/bash; buildWorkingDirectory = /Users/tperfitt/Documents/Projects/xcreds; dependencies = ( ); name = "Send To Test"; passBuildSettingsInEnvironment = 1; productName = "Send To Test"; }; /* End PBXLegacyTarget section */ /* Begin PBXNativeTarget section */ 760291DF2C116E450075FBD8 /* XCreds Login Autofill */ = { isa = PBXNativeTarget; buildConfigurationList = 760291EC2C116E470075FBD8 /* Build configuration list for PBXNativeTarget "XCreds Login Autofill" */; buildPhases = ( 760291DC2C116E450075FBD8 /* Sources */, 760291DD2C116E450075FBD8 /* Frameworks */, 760291DE2C116E450075FBD8 /* Resources */, 760292042C116EDB0075FBD8 /* Embed Foundation Extensions */, ); buildRules = ( ); dependencies = ( 760291FF2C116EDB0075FBD8 /* PBXTargetDependency */, ); name = "XCreds Login Autofill"; productName = "XCreds AutoFill"; productReference = 760291E02C116E450075FBD8 /* XCreds Login Autofill.app */; productType = "com.apple.product-type.application"; }; 760291F32C116EDB0075FBD8 /* XCreds Login Password */ = { isa = PBXNativeTarget; buildConfigurationList = 760292012C116EDB0075FBD8 /* Build configuration list for PBXNativeTarget "XCreds Login Password" */; buildPhases = ( 760291F02C116EDB0075FBD8 /* Sources */, 760291F12C116EDB0075FBD8 /* Frameworks */, 760291F22C116EDB0075FBD8 /* Resources */, ); buildRules = ( ); dependencies = ( ); name = "XCreds Login Password"; productName = "XCreds AutoFill Extension"; productReference = 760291F42C116EDB0075FBD8 /* XCreds Login Password.appex */; productType = "com.apple.product-type.app-extension"; }; 7631935C287D22C700D36BF7 /* authrights */ = { isa = PBXNativeTarget; buildConfigurationList = 76319363287D22C700D36BF7 /* Build configuration list for PBXNativeTarget "authrights" */; buildPhases = ( 76319359287D22C700D36BF7 /* Sources */, 7631935A287D22C700D36BF7 /* Frameworks */, 7631935B287D22C700D36BF7 /* CopyFiles */, ); buildRules = ( ); dependencies = ( ); name = authrights; packageProductDependencies = ( 76AB89E02A12FAF900529D90 /* OIDCLite */, 76AB89E22A12FB4900529D90 /* ArgumentParser */, ); productName = authrights; productReference = 7631935D287D22C700D36BF7 /* authrights */; productType = "com.apple.product-type.tool"; }; 766355BC2870CA6A002E3867 /* XCredsLoginPlugin */ = { isa = PBXNativeTarget; buildConfigurationList = 766355C02870CA6A002E3867 /* Build configuration list for PBXNativeTarget "XCredsLoginPlugin" */; buildPhases = ( 766355B92870CA6A002E3867 /* Sources */, 766355BA2870CA6A002E3867 /* Frameworks */, 766355BB2870CA6A002E3867 /* Resources */, 766CC43129D3A3EC009BC526 /* Embed Frameworks */, ); buildRules = ( ); dependencies = ( ); name = XCredsLoginPlugin; packageProductDependencies = ( 766355CD2870E9D3002E3867 /* OIDCLite */, ); productName = XCredsLoginPlugin; productReference = 766355BD2870CA6A002E3867 /* XCredsLoginPlugin.bundle */; productType = "com.apple.product-type.bundle"; }; 76786F522A27C36A00AA8DB9 /* auth_mech_fixup */ = { isa = PBXNativeTarget; buildConfigurationList = 76786F572A27C36A00AA8DB9 /* Build configuration list for PBXNativeTarget "auth_mech_fixup" */; buildPhases = ( 76786F4F2A27C36A00AA8DB9 /* Sources */, 76786F502A27C36A00AA8DB9 /* Frameworks */, 76786F512A27C36A00AA8DB9 /* CopyFiles */, ); buildRules = ( ); dependencies = ( ); name = auth_mech_fixup; productName = auth_mech_fixup; productReference = 76786F532A27C36A00AA8DB9 /* auth_mech_fixup */; productType = "com.apple.product-type.tool"; }; 76786F622A27C62D00AA8DB9 /* test */ = { isa = PBXNativeTarget; buildConfigurationList = 76786F672A27C62D00AA8DB9 /* Build configuration list for PBXNativeTarget "test" */; buildPhases = ( 76786F5F2A27C62D00AA8DB9 /* Sources */, 76786F602A27C62D00AA8DB9 /* Frameworks */, 76786F612A27C62D00AA8DB9 /* CopyFiles */, ); buildRules = ( ); dependencies = ( ); name = test; productName = test; productReference = 76786F632A27C62D00AA8DB9 /* test */; productType = "com.apple.product-type.tool"; }; 76DC0A6428836EB1007C42B2 /* XCreds Login Overlay */ = { isa = PBXNativeTarget; buildConfigurationList = 76DC0A6F28836EB2007C42B2 /* Build configuration list for PBXNativeTarget "XCreds Login Overlay" */; buildPhases = ( 76DC0A6128836EB1007C42B2 /* Sources */, 76DC0A6228836EB1007C42B2 /* Frameworks */, 76DC0A6328836EB1007C42B2 /* Resources */, 766CC43629D3A3F8009BC526 /* Embed Frameworks */, ); buildRules = ( ); dependencies = ( ); name = "XCreds Login Overlay"; productName = "XCreds Login Overlay"; productReference = 76DC0A6528836EB1007C42B2 /* XCreds Login Overlay.app */; productType = "com.apple.product-type.application"; }; 76EE069927FD1D00009E0F3A /* XCreds */ = { isa = PBXNativeTarget; buildConfigurationList = 76EE06A727FD1D01009E0F3A /* Build configuration list for PBXNativeTarget "XCreds" */; buildPhases = ( 76EE069627FD1D00009E0F3A /* Sources */, 76EE069727FD1D00009E0F3A /* Frameworks */, 76EE069827FD1D00009E0F3A /* Resources */, 766CC42C29D3A3DC009BC526 /* Embed Frameworks */, ); buildRules = ( ); dependencies = ( 760292062C116EEE0075FBD8 /* PBXTargetDependency */, 76DC0A7B28837152007C42B2 /* PBXTargetDependency */, 76319376287E19A500D36BF7 /* PBXTargetDependency */, 76319379287E204500D36BF7 /* PBXTargetDependency */, ); name = XCreds; packageProductDependencies = ( 76DD6D16285997F300A700ED /* OIDCLite */, 76319365287D24E100D36BF7 /* ArgumentParser */, 76319368287D24F600D36BF7 /* ArgumentParser */, 762177E52B7144460051B756 /* OIDCLite */, 76477E032C626B5D00F01D56 /* OIDCLite */, ); productName = xCreds; productReference = 76EE069A27FD1D00009E0F3A /* XCreds.app */; productType = "com.apple.product-type.application"; }; /* End PBXNativeTarget section */ /* Begin PBXProject section */ 76EE069227FD1D00009E0F3A /* Project object */ = { isa = PBXProject; attributes = { BuildIndependentTargetsInParallel = 1; LastSwiftUpdateCheck = 1540; LastUpgradeCheck = 1330; TargetAttributes = { 760291DF2C116E450075FBD8 = { CreatedOnToolsVersion = 15.4; }; 760291F32C116EDB0075FBD8 = { CreatedOnToolsVersion = 15.4; }; 7631935C287D22C700D36BF7 = { CreatedOnToolsVersion = 13.4.1; }; 766355BC2870CA6A002E3867 = { CreatedOnToolsVersion = 13.4.1; LastSwiftMigration = 1340; }; 766F4C4C2883B88F0021F548 = { CreatedOnToolsVersion = 13.4.1; }; 76786F522A27C36A00AA8DB9 = { CreatedOnToolsVersion = 14.3; }; 76786F622A27C62D00AA8DB9 = { CreatedOnToolsVersion = 14.3; }; 76DC0A6428836EB1007C42B2 = { CreatedOnToolsVersion = 13.4.1; }; 76EE069927FD1D00009E0F3A = { CreatedOnToolsVersion = 13.3; }; }; }; buildConfigurationList = 76EE069527FD1D00009E0F3A /* Build configuration list for PBXProject "XCreds" */; compatibilityVersion = "Xcode 13.0"; developmentRegion = en; hasScannedForEncodings = 0; knownRegions = ( en, Base, ); mainGroup = 76EE069127FD1D00009E0F3A; packageReferences = ( 76319364287D24E100D36BF7 /* XCRemoteSwiftPackageReference "swift-argument-parser" */, 76477E022C626B5D00F01D56 /* XCRemoteSwiftPackageReference "OIDCLite" */, ); productRefGroup = 76EE069B27FD1D00009E0F3A /* Products */; projectDirPath = ""; projectRoot = ""; targets = ( 76EE069927FD1D00009E0F3A /* XCreds */, 766355BC2870CA6A002E3867 /* XCredsLoginPlugin */, 7631935C287D22C700D36BF7 /* authrights */, 76DC0A6428836EB1007C42B2 /* XCreds Login Overlay */, 766F4C4C2883B88F0021F548 /* Send To Test */, 76786F522A27C36A00AA8DB9 /* auth_mech_fixup */, 76786F622A27C62D00AA8DB9 /* test */, 760291DF2C116E450075FBD8 /* XCreds Login Autofill */, 760291F32C116EDB0075FBD8 /* XCreds Login Password */, ); }; /* End PBXProject section */ /* Begin PBXResourcesBuildPhase section */ 760291DE2C116E450075FBD8 /* Resources */ = { isa = PBXResourcesBuildPhase; buildActionMask = 2147483647; files = ( 760291E72C116E470075FBD8 /* Assets.xcassets in Resources */, 760291EA2C116E470075FBD8 /* Base in Resources */, ); runOnlyForDeploymentPostprocessing = 0; }; 760291F22C116EDB0075FBD8 /* Resources */ = { isa = PBXResourcesBuildPhase; buildActionMask = 2147483647; files = ( 760291FB2C116EDB0075FBD8 /* Base in Resources */, ); runOnlyForDeploymentPostprocessing = 0; }; 766355BB2870CA6A002E3867 /* Resources */ = { isa = PBXResourcesBuildPhase; buildActionMask = 2147483647; files = ( 76BEF8002872A3030013E2A1 /* loginwindow@2x.png in Resources */, 766355D928711C51002E3867 /* defaults.plist in Resources */, 7613FDF7289E114F00340CCD /* loadpage.html in Resources */, 7659CA07298E1BB6005D1AA3 /* DefaultBackground.png in Resources */, 766355D52870F29A002E3867 /* TestWindowController.xib in Resources */, 76CCF5452B12E478003F85E9 /* SelectLocalAccountWindowController.xib in Resources */, 7651EDED2A1451590075980B /* LocalUsersViewController.xib in Resources */, 761B486928A34CC900C6A02B /* LoginProgressWindowController.xib in Resources */, 766CC43829D3AED2009BC526 /* errorpage.html in Resources */, 7614D03C2B181A5D006EAF36 /* icon_128x128.png in Resources */, 76BEF7E4287202090013E2A1 /* RestartX.png in Resources */, 76D925D32894ADB4005C3245 /* Assets.xcassets in Resources */, 76BEF8012872A3030013E2A1 /* loginwindow.png in Resources */, 766355D12870EBAD002E3867 /* VerifyOIDCPassword.xib in Resources */, 76EECCFC2873E6E200483C66 /* VerifyLocalPasswordWindowController.xib in Resources */, 76BEF7E8287202AF0013E2A1 /* ShutdownX.png in Resources */, 76FDC5D72B22D47A0035D61E /* MainLoginWindowController.xib in Resources */, 76E466672B1A4C16006529B6 /* UpdatePasswordWindowController.xib in Resources */, 76C0840B2A9A311E008039FA /* ControlsViewController.xib in Resources */, 76BEF7E5287202090013E2A1 /* RestartX@2x.png in Resources */, 7651EDF72A1474330075980B /* LoginWebViewController.xib in Resources */, 7677908828908E40004E7085 /* WifiWindowController.xib in Resources */, 76DB5CF52A09AE9A0014F8E1 /* get_pw.js in Resources */, 76BEF7E9287202AF0013E2A1 /* ShutdownX@2x.png in Resources */, ); runOnlyForDeploymentPostprocessing = 0; }; 76DC0A6328836EB1007C42B2 /* Resources */ = { isa = PBXResourcesBuildPhase; buildActionMask = 2147483647; files = ( 76DC0A83288382D2007C42B2 /* returnArrow.png in Resources */, 76DC0A6A28836EB2007C42B2 /* Assets.xcassets in Resources */, 76DC0A6D28836EB2007C42B2 /* MainMenu.xib in Resources */, 76DC0A79288370BA007C42B2 /* com.twocanoes.xcreds-overlay.plist in Resources */, 76DC0A7428836F45007C42B2 /* RestartX@2x.png in Resources */, 766F4C4B2883AFD90021F548 /* pleaseWaitGraphic.png in Resources */, ); runOnlyForDeploymentPostprocessing = 0; }; 76EE069827FD1D00009E0F3A /* Resources */ = { isa = PBXResourcesBuildPhase; buildActionMask = 2147483647; files = ( 760291EF2C116E5F0075FBD8 /* XCreds Login Autofill.app in Resources */, 76DC0A7C28837158007C42B2 /* XCreds Login Overlay.app in Resources */, 76DB5CF42A09AE9A0014F8E1 /* get_pw.js in Resources */, 762761602B294A7C0067D1D4 /* icon_128x128.png in Resources */, 76CB907E288112C200C70D0C /* xcreds_login.sh in Resources */, 76319377287E1FAF00D36BF7 /* authrights in Resources */, 76319374287E198C00D36BF7 /* XCredsLoginPlugin.bundle in Resources */, 76D175742B23C57500E64A62 /* LocalUsersViewController.xib in Resources */, 76EE06B627FD1E79009E0F3A /* PreferencesWindow.xib in Resources */, 76EE06A027FD1D01009E0F3A /* Assets.xcassets in Resources */, 764D812F284C06AB00B3EE54 /* defaults.plist in Resources */, 764D8133284D14A500B3EE54 /* Credits.txt in Resources */, 7681FEC72A4C8BC800F91CD1 /* AboutWindow.xib in Resources */, 76673CD229D3CFF900452848 /* errorpage.html in Resources */, 764D812D284BCC7400B3EE54 /* VerifyOIDCPassword.xib in Resources */, 76FDC5DB2B235A4F0035D61E /* StatusMenuWindowController.xib in Resources */, 76C63A322A22872700810C53 /* History.md in Resources */, 764D8127284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.xib in Resources */, 76DF7FD52B50FA9A00B3B543 /* UpdatePasswordWindowController.xib in Resources */, 7649056F2B6CADA9008B552F /* xcredsmenuItemWindowBackgroundImage.png in Resources */, 76EE06A327FD1D01009E0F3A /* MainMenu.xib in Resources */, 76D1756A2B23C28700E64A62 /* MainLoginWindowController.xib in Resources */, 76EE06B227FD1E24009E0F3A /* DesktopLoginWindowController.xib in Resources */, 7681FEC92A4CFEA200F91CD1 /* com.twocanoes.xcreds.plist in Resources */, 76F0B6E02B421FC8008F7D71 /* loadpage.html in Resources */, ); runOnlyForDeploymentPostprocessing = 0; }; /* End PBXResourcesBuildPhase section */ /* Begin PBXSourcesBuildPhase section */ 760291DC2C116E450075FBD8 /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 760292132C11763B0075FBD8 /* PrefKeys.swift in Sources */, 760292142C1176450075FBD8 /* LogShim.swift in Sources */, 7602921C2C117B400075FBD8 /* PasswordUtils.swift in Sources */, 760291E52C116E450075FBD8 /* ViewController.swift in Sources */, 760292162C1176A90075FBD8 /* TCSUnifiedLogger.m in Sources */, 7602921D2C117B490075FBD8 /* DSQueryable.swift in Sources */, 760292192C1178090075FBD8 /* NSFileManager+TCSRealHomeFolder.m in Sources */, 7602920F2C1175DA0075FBD8 /* LoggerHelper.swift in Sources */, 760291E32C116E450075FBD8 /* AppDelegate.swift in Sources */, 760292112C1176010075FBD8 /* UNIXUtilities.swift in Sources */, 760292172C1176BE0075FBD8 /* DataExtension.swift in Sources */, 7602920E2C1175D20075FBD8 /* DefaultsOverride.swift in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; 760291F02C116EDB0075FBD8 /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 760291F82C116EDB0075FBD8 /* CredentialProviderViewController.swift in Sources */, 7602920B2C1175620075FBD8 /* PrefKeys.swift in Sources */, 7602921B2C117B3F0075FBD8 /* PasswordUtils.swift in Sources */, 760292072C11751E0075FBD8 /* KeychainUtil.swift in Sources */, 760292152C1176450075FBD8 /* LogShim.swift in Sources */, 7602921E2C117B490075FBD8 /* DSQueryable.swift in Sources */, 7602921A2C1178090075FBD8 /* NSFileManager+TCSRealHomeFolder.m in Sources */, 760292092C1175360075FBD8 /* TCSUnifiedLogger.m in Sources */, 7602920D2C1175D20075FBD8 /* DefaultsOverride.swift in Sources */, 760292102C1175DA0075FBD8 /* LoggerHelper.swift in Sources */, 760292182C1176BF0075FBD8 /* DataExtension.swift in Sources */, 760292122C1176010075FBD8 /* UNIXUtilities.swift in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; 76319359287D22C700D36BF7 /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 76319360287D22C700D36BF7 /* authrights.swift in Sources */, 7631936D287D2A6200D36BF7 /* LoggerHelper.swift in Sources */, 7631936C287D29B700D36BF7 /* AuthorizationDBManager.swift in Sources */, 7631936E287D2AB100D36BF7 /* TCSUnifiedLogger.m in Sources */, 76319370287DE24D00D36BF7 /* NSFileManager+TCSRealHomeFolder.m in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; 766355B92870CA6A002E3867 /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 7632E3A32873581100E37923 /* KeychainUtil.swift in Sources */, 76CCF5442B12E478003F85E9 /* SelectLocalAccountWindowController.swift in Sources */, 76B882AB29CCFD7A00BB8186 /* TCSKeychain.m in Sources */, 54848E8F2B47336D000DF420 /* KerbUtil.m in Sources */, 76BEF7DD2871F5F00013E2A1 /* TCSReturnWindow.m in Sources */, 76EECCFB2873DFFB00483C66 /* PasswordUtils.swift in Sources */, 76DF50B62A1C5EFF007BC708 /* DefaultsOverride.swift in Sources */, 7657DEB02B3503BF003A23DB /* SessionManager.swift in Sources */, 7657DEB72B3504A6003A23DB /* UserRecord.swift in Sources */, 7632E3A12873497C00E37923 /* LogShim.swift in Sources */, 760418D52A1332520051411B /* DS+AD.swift in Sources */, 76FDC5D62B22D47A0035D61E /* MainLoginWindowController.swift in Sources */, 76C4BAB12B353A3A007B2C57 /* DNSResolver.m in Sources */, 76BEF7ED28724A0C0013E2A1 /* XCredsBaseMechanism.swift in Sources */, 766355CF2870E9E7002E3867 /* PrefKeys.swift in Sources */, 7657DEB42B350476003A23DB /* NoMADSession.swift in Sources */, 7657DEC42B3505CB003A23DB /* ADLDAPPing.swift in Sources */, 760418D72A1332660051411B /* DSQueryable.swift in Sources */, 76DF1D5B2A2AD42C00770690 /* LocalCheckAndMigrate.swift in Sources */, 761B486C28A3575000C6A02B /* XCredsLoginDone.swift in Sources */, 7657DEC72B3505EB003A23DB /* Extensions.swift in Sources */, 76BEF7F328724F120013E2A1 /* XCredsPowerControlMechanism.swift in Sources */, 76873E302A107736001418A9 /* DefaultsHelper.swift in Sources */, 76B040A528EFC788002A289B /* Helper+JWTDecode.swift in Sources */, 7632909D2876674100CF8857 /* DataExtension.swift in Sources */, 7683973229A854EC003D9B9F /* NSImage+String.swift in Sources */, 761B486A28A34CC900C6A02B /* LoginProgressWindowController.swift in Sources */, 7677908628908E40004E7085 /* WifiWindowController.swift in Sources */, 76E466662B1A4C16006529B6 /* UpdatePasswordWindowController.swift in Sources */, 76EECCFD2873E9ED00483C66 /* VerifyLocalPasswordWindowController.swift in Sources */, 76D4726E2B43B8FB0064380C /* TCTaskWrapperWithBlocks.m in Sources */, 76BEF7EC28724A0B0013E2A1 /* XCredsLoginMechanism.swift in Sources */, 766355CA2870DCF5002E3867 /* TCSUnifiedLogger.m in Sources */, 76C4BAB02B353A30007B2C57 /* KlistUtil.swift in Sources */, 76CB9078287FBEEA00C70D0C /* Helper+URLDecode.swift in Sources */, 766355E328713C4A002E3867 /* LoginWindow.swift in Sources */, 76B882AF29CCFDAE00BB8186 /* NSData+SHA1.m in Sources */, 76BEF7F82872504C0013E2A1 /* ContextAndHintHandling.swift in Sources */, 766355E6287148C1002E3867 /* Tokens.swift in Sources */, 766355CC2870E9AD002E3867 /* WebViewController.swift in Sources */, 760418D92A1332770051411B /* SystemInfoHelper.swift in Sources */, 76673CD629D3D5F500452848 /* LicenseChecker.swift in Sources */, 767B939D2A28289E0038935E /* View+Shake.swift in Sources */, 760418D22A1332210051411B /* SignInWindowController.swift in Sources */, 7611CEC0288B75140063A644 /* XCredsCreateUser.swift in Sources */, 764859F22B2FA2E800507C16 /* Window+ForceToFront.swift in Sources */, 766355D42870F29A002E3867 /* TestWindowController.swift in Sources */, 766355C32870CB6F002E3867 /* XCredsLoginPlugin.m in Sources */, 766355CB2870E5E9002E3867 /* NSFileManager+TCSRealHomeFolder.m in Sources */, 7632E39F287347C100E37923 /* XCredsKeychainAdd.swift in Sources */, 76D1757E2B24096C00E64A62 /* MainLoginWindow.swift in Sources */, 7677908728908E40004E7085 /* WifiManager.swift in Sources */, 76BEF7FA28726C700013E2A1 /* AuthorizationDBManager.swift in Sources */, 76BEF7E12871F74D0013E2A1 /* ControlsViewController.swift in Sources */, 76EECD012875135900483C66 /* LoggerHelper.swift in Sources */, 7611CEC2288B96760063A644 /* XCredsEnableFDE.swift in Sources */, 7657DEBD2B35055F003A23DB /* Logger.swift in Sources */, 76EECCFE2873EA6500483C66 /* Window+Shake.swift in Sources */, 76B882B329CCFDBA00BB8186 /* NSData+HexString.m in Sources */, 7632E3A2287357CC00E37923 /* TokenManager.swift in Sources */, 76BEF7F628724FA80013E2A1 /* NSTaskWrapper.swift in Sources */, 76EECD0528753C7F00483C66 /* String+Base64URLEncoded.swift in Sources */, 7657DECD2B35061E003A23DB /* SiteManager.swift in Sources */, 760148A92B23639D00E119A2 /* NSBundle+FindBundlePath.swift in Sources */, 76E74DD02B3902F0004C6429 /* XCredsMechanismProtocol.swift in Sources */, 766355DB287132E9002E3867 /* LoginWebViewController.swift in Sources */, 7657DEDA2B351B5B003A23DB /* UNIXUtilities.swift in Sources */, 089B22F12AFAED280006B6BC /* NetworkMonitor.swift in Sources */, 763AEFDF2C156E1E0059A83D /* WhitePopoverBackgroundView.swift in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; 76786F4F2A27C36A00AA8DB9 /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 76786F5E2A27C60800AA8DB9 /* LoggerHelper.swift in Sources */, 76786F5A2A27C37100AA8DB9 /* AuthRightsHelper.swift in Sources */, 76786F6B2A27C79100AA8DB9 /* NSFileManager+TCSRealHomeFolder.m in Sources */, 76786F5D2A27C3B300AA8DB9 /* TCSUnifiedLogger.m in Sources */, 76786F5B2A27C38800AA8DB9 /* AuthorizationDBManager.swift in Sources */, 76786F562A27C36A00AA8DB9 /* main.swift in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; 76786F5F2A27C62D00AA8DB9 /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 76786F662A27C62D00AA8DB9 /* main.swift in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; 76DC0A6128836EB1007C42B2 /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 76DC0A8528838467007C42B2 /* LoggerHelper.swift in Sources */, 76DC0A7328836EFE007C42B2 /* TCSReturnWindow.m in Sources */, 76DC0A88288387D8007C42B2 /* NSFileManager+TCSRealHomeFolder.m in Sources */, 76DC0A8428838375007C42B2 /* AuthorizationDBManager.swift in Sources */, 76DC0A8628838656007C42B2 /* TCSUnifiedLogger.m in Sources */, 76DC0A7E288376BC007C42B2 /* TCSXCredsLoginOverlayWindow.swift in Sources */, 767C42842AC6645700542099 /* AuthRightsHelper.swift in Sources */, 76DC0A87288386FA007C42B2 /* NSTaskWrapper.swift in Sources */, 76C4BABC2B3544C6007B2C57 /* UNIXUtilities.swift in Sources */, 76DC0A6828836EB1007C42B2 /* AppDelegate.swift in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; 76EE069627FD1D00009E0F3A /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( 760148AA2B2365F100E119A2 /* NSBundle+FindBundlePath.swift in Sources */, 76E74DD32B390358004C6429 /* LoginWebViewController.swift in Sources */, 089B22F22AFAED810006B6BC /* NetworkMonitor.swift in Sources */, 76EECD0228752C1F00483C66 /* LoginWindow.swift in Sources */, 76673CD529D3D5F500452848 /* LicenseChecker.swift in Sources */, 761121B82B3D26F5005F7D02 /* LocalCheckAndMigrate.swift in Sources */, 76E74DD22B39034B004C6429 /* SelectLocalAccountWindowController.swift in Sources */, 767116A7284AABC500CCD6FF /* NotifyManager.swift in Sources */, 76EE06B827FD1EB7009E0F3A /* PreferencesWindowController.swift in Sources */, 76A8A4E32A0DF7C700AA6054 /* NSTaskWrapper.swift in Sources */, 76EE06AE27FD1DC3009E0F3A /* PrefKeys.swift in Sources */, 767116B3284B045800CCD6FF /* KeychainUtil.swift in Sources */, 76CB907B2880E41E00C70D0C /* LogShim.swift in Sources */, 7657DEC92B350606003A23DB /* KlistUtil.swift in Sources */, 764D812C284BCC7400B3EE54 /* VerifyOIDCPasswordWindowController.swift in Sources */, 76E74DD42B39037A004C6429 /* LoginProgressWindowController.swift in Sources */, 7623384D2B53029D00F2D714 /* ShareMounter.swift in Sources */, 7657DEB32B350476003A23DB /* NoMADSession.swift in Sources */, 760418E02A133A370051411B /* DSQueryable.swift in Sources */, 76319373287E18BF00D36BF7 /* DataExtension.swift in Sources */, 76E74DD12B390327004C6429 /* ContextAndHintHandling.swift in Sources */, 76EECD002875135900483C66 /* LoggerHelper.swift in Sources */, 54848E902B47336D000DF420 /* KerbUtil.m in Sources */, 76873E2F2A107736001418A9 /* DefaultsHelper.swift in Sources */, 76D175772B23C62A00E64A62 /* UpdatePasswordWindowController.swift in Sources */, 7683973129A854EC003D9B9F /* NSImage+String.swift in Sources */, 76FDC5DA2B235A4F0035D61E /* StatusMenuWindowController.swift in Sources */, 761121B92B3D26FB005F7D02 /* DS+AD.swift in Sources */, 76CB9077287FBEEA00C70D0C /* Helper+URLDecode.swift in Sources */, 764D8129284BCAB100B3EE54 /* Window+Shake.swift in Sources */, 764D8126284BC1C300B3EE54 /* VerifyLocalPasswordWindowController.swift in Sources */, 76EE069E27FD1D00009E0F3A /* AppDelegate.swift in Sources */, 76D7ADFB284EB15100332EBC /* TCSUnifiedLogger.m in Sources */, 7657DEBC2B35055F003A23DB /* Logger.swift in Sources */, 7657DEB62B3504A6003A23DB /* UserRecord.swift in Sources */, 761121B62B3D24FE005F7D02 /* SignInWindowController.swift in Sources */, 761121B72B3D26EE005F7D02 /* SystemInfoHelper.swift in Sources */, 7657DEAF2B3503BF003A23DB /* SessionManager.swift in Sources */, 7681FEC52A4C8B9000F91CD1 /* AboutWindowController.swift in Sources */, 768633D92AFC4908004065E5 /* WifiManager.swift in Sources */, 7657DED92B351B5B003A23DB /* UNIXUtilities.swift in Sources */, 76E74DCF2B3902F0004C6429 /* XCredsMechanismProtocol.swift in Sources */, 76EE06C227FD1F50009E0F3A /* StatusMenuController.swift in Sources */, 76EE06B027FD1DD8009E0F3A /* Window+ForceToFront.swift in Sources */, 76D4726D2B43B8FB0064380C /* TCTaskWrapperWithBlocks.m in Sources */, 767116B1284B021500CCD6FF /* MainController.swift in Sources */, 7657DECC2B35061E003A23DB /* SiteManager.swift in Sources */, 76B040A428EFC788002A289B /* Helper+JWTDecode.swift in Sources */, 767116A9284AAE2B00CCD6FF /* ScheduleManager.swift in Sources */, 766FD60D2A1B06AC00C8F244 /* DefaultsOverride.swift in Sources */, 767116AC284AB4C000CCD6FF /* PasswordUtils.swift in Sources */, 76B882AA29CCFD7A00BB8186 /* TCSKeychain.m in Sources */, 766355E5287148C1002E3867 /* Tokens.swift in Sources */, 7657DEC32B3505CB003A23DB /* ADLDAPPing.swift in Sources */, 76EE06AC27FD1D92009E0F3A /* TokenManager.swift in Sources */, 76B882B229CCFDBA00BB8186 /* NSData+HexString.m in Sources */, 7623384C2B53029D00F2D714 /* ShareMounterMenu.swift in Sources */, 7657DEC02B3505A3003A23DB /* DNSResolver.m in Sources */, 76E9CE702A0DC6E30060220C /* TCSLoginWindowUtilities.m in Sources */, 76342E5A2B282653007D4F29 /* DesktopLoginWindowController.swift in Sources */, 76D7ADFE284EB18600332EBC /* NSFileManager+TCSRealHomeFolder.m in Sources */, 76EECD0428753C7F00483C66 /* String+Base64URLEncoded.swift in Sources */, 7657DEC62B3505EB003A23DB /* Extensions.swift in Sources */, 766355DC287133C7002E3867 /* WebViewController.swift in Sources */, 76D175712B23C2DB00E64A62 /* AuthorizationDBManager.swift in Sources */, 767B939C2A28279E0038935E /* View+Shake.swift in Sources */, 76B882AE29CCFDAE00BB8186 /* NSData+SHA1.m in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; /* End PBXSourcesBuildPhase section */ /* Begin PBXTargetDependency section */ 760291FF2C116EDB0075FBD8 /* PBXTargetDependency */ = { isa = PBXTargetDependency; target = 760291F32C116EDB0075FBD8 /* XCreds Login Password */; targetProxy = 760291FE2C116EDB0075FBD8 /* PBXContainerItemProxy */; }; 760292062C116EEE0075FBD8 /* PBXTargetDependency */ = { isa = PBXTargetDependency; target = 760291DF2C116E450075FBD8 /* XCreds Login Autofill */; targetProxy = 760292052C116EEE0075FBD8 /* PBXContainerItemProxy */; }; 76319376287E19A500D36BF7 /* PBXTargetDependency */ = { isa = PBXTargetDependency; target = 766355BC2870CA6A002E3867 /* XCredsLoginPlugin */; targetProxy = 76319375287E19A500D36BF7 /* PBXContainerItemProxy */; }; 76319379287E204500D36BF7 /* PBXTargetDependency */ = { isa = PBXTargetDependency; target = 7631935C287D22C700D36BF7 /* authrights */; targetProxy = 76319378287E204500D36BF7 /* PBXContainerItemProxy */; }; 76DC0A7B28837152007C42B2 /* PBXTargetDependency */ = { isa = PBXTargetDependency; target = 76DC0A6428836EB1007C42B2 /* XCreds Login Overlay */; targetProxy = 76DC0A7A28837152007C42B2 /* PBXContainerItemProxy */; }; /* End PBXTargetDependency section */ /* Begin PBXVariantGroup section */ 760291E82C116E470075FBD8 /* Main.storyboard */ = { isa = PBXVariantGroup; children = ( 760291E92C116E470075FBD8 /* Base */, ); name = Main.storyboard; sourceTree = ""; }; 760291F92C116EDB0075FBD8 /* CredentialProviderViewController.xib */ = { isa = PBXVariantGroup; children = ( 760291FA2C116EDB0075FBD8 /* Base */, ); name = CredentialProviderViewController.xib; sourceTree = ""; }; 76DC0A6B28836EB2007C42B2 /* MainMenu.xib */ = { isa = PBXVariantGroup; children = ( 76DC0A6C28836EB2007C42B2 /* Base */, ); name = MainMenu.xib; sourceTree = ""; }; 76EE06A127FD1D01009E0F3A /* MainMenu.xib */ = { isa = PBXVariantGroup; children = ( 76EE06A227FD1D01009E0F3A /* Base */, ); name = MainMenu.xib; sourceTree = ""; }; /* End PBXVariantGroup section */ /* Begin XCBuildConfiguration section */ 760291ED2C116E470075FBD8 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES = YES; ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES; ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CODE_SIGN_ENTITLEMENTS = "XCreds AutoFill/XCreds_AutoFill.entitlements"; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; CURRENT_PROJECT_VERSION = 7144; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; ENABLE_USER_SCRIPT_SANDBOXING = YES; GCC_C_LANGUAGE_STANDARD = gnu17; GCC_PREPROCESSOR_DEFINITIONS = ( "AUTOFILL_TARGET=1", "DEBUG=1", "$(inherited)", ); GENERATE_INFOPLIST_FILE = YES; INFOPLIST_KEY_NSHumanReadableCopyright = ""; INFOPLIST_KEY_NSMainStoryboardFile = Main; INFOPLIST_KEY_NSPrincipalClass = NSApplication; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", ); LOCALIZATION_PREFERS_STRING_CATALOGS = YES; MACOSX_DEPLOYMENT_TARGET = 13.0; MARKETING_VERSION = 5.0; PRODUCT_BUNDLE_IDENTIFIER = "com.twocanoes.xcreds.XCreds-AutoFill"; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; SWIFT_ACTIVE_COMPILATION_CONDITIONS = "DEBUG $(inherited)"; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Debug; }; 760291EE2C116E470075FBD8 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES = YES; ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES; ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CODE_SIGN_ENTITLEMENTS = "XCreds AutoFill/XCreds_AutoFill.entitlements"; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; CURRENT_PROJECT_VERSION = 7144; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; ENABLE_USER_SCRIPT_SANDBOXING = YES; GCC_C_LANGUAGE_STANDARD = gnu17; GCC_PREPROCESSOR_DEFINITIONS = "AUTOFILL_TARGET=1"; GENERATE_INFOPLIST_FILE = YES; INFOPLIST_KEY_NSHumanReadableCopyright = ""; INFOPLIST_KEY_NSMainStoryboardFile = Main; INFOPLIST_KEY_NSPrincipalClass = NSApplication; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", ); LOCALIZATION_PREFERS_STRING_CATALOGS = YES; MACOSX_DEPLOYMENT_TARGET = 13.0; MARKETING_VERSION = 5.0; PRODUCT_BUNDLE_IDENTIFIER = "com.twocanoes.xcreds.XCreds-AutoFill"; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Release; }; 760292022C116EDB0075FBD8 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES; CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CODE_SIGN_ENTITLEMENTS = "XCreds AutoFill Extension/XCreds_AutoFill_Extension.entitlements"; CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 7144; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; ENABLE_USER_SCRIPT_SANDBOXING = YES; GCC_C_LANGUAGE_STANDARD = gnu17; GCC_PREPROCESSOR_DEFINITIONS = ( "DEBUG=1", "AUTOFILL_TARGET=1", "$(inherited)", ); GENERATE_INFOPLIST_FILE = YES; INFOPLIST_FILE = "XCreds AutoFill Extension/Info.plist"; INFOPLIST_KEY_CFBundleDisplayName = "XCreds AutoFill Extension"; INFOPLIST_KEY_NSHumanReadableCopyright = ""; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", "@executable_path/../../../../Frameworks", ); LOCALIZATION_PREFERS_STRING_CATALOGS = YES; MACOSX_DEPLOYMENT_TARGET = 13.0; MARKETING_VERSION = 5.0; PRODUCT_BUNDLE_IDENTIFIER = "com.twocanoes.xcreds.XCreds-AutoFill.XCreds-AutoFill-Extension"; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; SWIFT_ACTIVE_COMPILATION_CONDITIONS = "DEBUG $(inherited)"; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Debug; }; 760292032C116EDB0075FBD8 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES; CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CODE_SIGN_ENTITLEMENTS = "XCreds AutoFill Extension/XCreds_AutoFill_Extension.entitlements"; CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 7144; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; ENABLE_USER_SCRIPT_SANDBOXING = YES; GCC_C_LANGUAGE_STANDARD = gnu17; GCC_PREPROCESSOR_DEFINITIONS = "AUTOFILL_TARGET=1"; GENERATE_INFOPLIST_FILE = YES; INFOPLIST_FILE = "XCreds AutoFill Extension/Info.plist"; INFOPLIST_KEY_CFBundleDisplayName = "XCreds AutoFill Extension"; INFOPLIST_KEY_NSHumanReadableCopyright = ""; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", "@executable_path/../../../../Frameworks", ); LOCALIZATION_PREFERS_STRING_CATALOGS = YES; MACOSX_DEPLOYMENT_TARGET = 13.0; MARKETING_VERSION = 5.0; PRODUCT_BUNDLE_IDENTIFIER = "com.twocanoes.xcreds.XCreds-AutoFill.XCreds-AutoFill-Extension"; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Release; }; 76319361287D22C700D36BF7 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 7144; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = "\"$(SRCROOT)/Carthage/Build/Mac\""; MACOSX_DEPLOYMENT_TARGET = 11.0; MARKETING_VERSION = 5.0; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCredsLoginPlugin-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Debug; }; 76319362287D22C700D36BF7 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 7144; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = "\"$(SRCROOT)/Carthage/Build/Mac\""; MACOSX_DEPLOYMENT_TARGET = 11.0; MARKETING_VERSION = 5.0; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCredsLoginPlugin-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Release; }; 766355BE2870CA6A002E3867 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; CURRENT_PROJECT_VERSION = 7144; DEFINES_MODULE = YES; DEVELOPMENT_TEAM = UXP6YEHSPW; FRAMEWORK_SEARCH_PATHS = ( "\"$(SRCROOT)/Carthage/Build/Mac\"", "$(PROJECT_DIR)/Carthage/Build/Mac", ); GENERATE_INFOPLIST_FILE = YES; HEADER_SEARCH_PATHS = headers; INFOPLIST_FILE = XCredsLoginPlugin/Info.plist; INFOPLIST_KEY_NSHumanReadableCopyright = ""; INFOPLIST_KEY_NSPrincipalClass = ""; INSTALL_PATH = "$(LOCAL_LIBRARY_DIR)/Bundles"; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", "@loader_path/../Frameworks", ); MACOSX_DEPLOYMENT_TARGET = 11.0; MARKETING_VERSION = 5.0; PRODUCT_BUNDLE_IDENTIFIER = com.twocanoes.XCredsLoginPlugin; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCredsLoginPlugin-Bridging-Header.h"; SWIFT_VERSION = 5.0; WRAPPER_EXTENSION = bundle; }; name = Debug; }; 766355BF2870CA6A002E3867 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; CURRENT_PROJECT_VERSION = 7144; DEFINES_MODULE = YES; DEVELOPMENT_TEAM = UXP6YEHSPW; FRAMEWORK_SEARCH_PATHS = ( "\"$(SRCROOT)/Carthage/Build/Mac\"", "$(PROJECT_DIR)/Carthage/Build/Mac", ); GENERATE_INFOPLIST_FILE = YES; HEADER_SEARCH_PATHS = headers; INFOPLIST_FILE = XCredsLoginPlugin/Info.plist; INFOPLIST_KEY_NSHumanReadableCopyright = ""; INFOPLIST_KEY_NSPrincipalClass = ""; INSTALL_PATH = "$(LOCAL_LIBRARY_DIR)/Bundles"; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", "@loader_path/../Frameworks", ); MACOSX_DEPLOYMENT_TARGET = 11.0; MARKETING_VERSION = 5.0; PRODUCT_BUNDLE_IDENTIFIER = com.twocanoes.XCredsLoginPlugin; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCredsLoginPlugin-Bridging-Header.h"; SWIFT_VERSION = 5.0; WRAPPER_EXTENSION = bundle; }; name = Release; }; 766F4C4E2883B88F0021F548 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 7144; DEBUGGING_SYMBOLS = YES; DEBUG_INFORMATION_FORMAT = dwarf; DEVELOPMENT_TEAM = UXP6YEHSPW; GCC_GENERATE_DEBUGGING_SYMBOLS = YES; GCC_OPTIMIZATION_LEVEL = 0; OTHER_CFLAGS = ""; OTHER_LDFLAGS = ""; PRODUCT_NAME = "$(TARGET_NAME)"; }; name = Debug; }; 766F4C4F2883B88F0021F548 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 7144; DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; DEVELOPMENT_TEAM = UXP6YEHSPW; OTHER_CFLAGS = ""; OTHER_LDFLAGS = ""; PRODUCT_NAME = "$(TARGET_NAME)"; }; name = Release; }; 76786F582A27C36A00AA8DB9 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 7144; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; MACOSX_DEPLOYMENT_TARGET = 13.3; MARKETING_VERSION = 5.0; PRODUCT_NAME = "$(TARGET_NAME)"; SWIFT_OBJC_BRIDGING_HEADER = "auth_mech_fixup/auth_mech_fixup-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Debug; }; 76786F592A27C36A00AA8DB9 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 7144; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; MACOSX_DEPLOYMENT_TARGET = 13.3; MARKETING_VERSION = 5.0; PRODUCT_NAME = "$(TARGET_NAME)"; SWIFT_OBJC_BRIDGING_HEADER = "auth_mech_fixup/auth_mech_fixup-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Release; }; 76786F682A27C62D00AA8DB9 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 7144; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; MACOSX_DEPLOYMENT_TARGET = 13.3; MARKETING_VERSION = 5.0; PRODUCT_NAME = "$(TARGET_NAME)"; SWIFT_VERSION = 5.0; }; name = Debug; }; 76786F692A27C62D00AA8DB9 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 7144; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; MACOSX_DEPLOYMENT_TARGET = 13.3; MARKETING_VERSION = 5.0; PRODUCT_NAME = "$(TARGET_NAME)"; SWIFT_VERSION = 5.0; }; name = Release; }; 76DC0A7028836EB2007C42B2 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; CODE_SIGN_ENTITLEMENTS = "XCreds Login Overlay/XCreds_Login_Overlay.entitlements"; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; CURRENT_PROJECT_VERSION = 7144; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = ( "\"$(SRCROOT)/Carthage/Build/Mac\"", "$(PROJECT_DIR)/Carthage/Build/Mac", ); GENERATE_INFOPLIST_FILE = YES; INFOPLIST_FILE = "XCreds-Login-Overlay-Info.plist"; INFOPLIST_KEY_NSHumanReadableCopyright = ""; INFOPLIST_KEY_NSMainNibFile = MainMenu; INFOPLIST_KEY_NSPrincipalClass = NSApplication; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", ); MACOSX_DEPLOYMENT_TARGET = 11.0; MARKETING_VERSION = 5.0; PRODUCT_BUNDLE_IDENTIFIER = "com.twocanoes.XCreds-Login-Overlay"; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Debug; }; 76DC0A7128836EB2007C42B2 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; CODE_SIGN_ENTITLEMENTS = "XCreds Login Overlay/XCreds_Login_Overlay.entitlements"; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; CURRENT_PROJECT_VERSION = 7144; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = ( "\"$(SRCROOT)/Carthage/Build/Mac\"", "$(PROJECT_DIR)/Carthage/Build/Mac", ); GENERATE_INFOPLIST_FILE = YES; INFOPLIST_FILE = "XCreds-Login-Overlay-Info.plist"; INFOPLIST_KEY_NSHumanReadableCopyright = ""; INFOPLIST_KEY_NSMainNibFile = MainMenu; INFOPLIST_KEY_NSPrincipalClass = NSApplication; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", ); MACOSX_DEPLOYMENT_TARGET = 11.0; MARKETING_VERSION = 5.0; PRODUCT_BUNDLE_IDENTIFIER = "com.twocanoes.XCreds-Login-Overlay"; PRODUCT_NAME = "$(TARGET_NAME)"; SKIP_INSTALL = YES; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Release; }; 76EE06A527FD1D01009E0F3A /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { ALWAYS_SEARCH_USER_PATHS = NO; CLANG_ANALYZER_NONNULL = YES; CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; CLANG_CXX_LANGUAGE_STANDARD = "gnu++17"; CLANG_ENABLE_MODULES = YES; CLANG_ENABLE_OBJC_ARC = YES; CLANG_ENABLE_OBJC_WEAK = YES; CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; CLANG_WARN_BOOL_CONVERSION = YES; CLANG_WARN_COMMA = YES; CLANG_WARN_CONSTANT_CONVERSION = YES; CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; CLANG_WARN_DOCUMENTATION_COMMENTS = YES; CLANG_WARN_EMPTY_BODY = YES; CLANG_WARN_ENUM_CONVERSION = YES; CLANG_WARN_INFINITE_RECURSION = YES; CLANG_WARN_INT_CONVERSION = YES; CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES; CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; CLANG_WARN_STRICT_PROTOTYPES = YES; CLANG_WARN_SUSPICIOUS_MOVE = YES; CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; CLANG_WARN_UNREACHABLE_CODE = YES; CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; COPY_PHASE_STRIP = NO; DEBUG_INFORMATION_FORMAT = dwarf; ENABLE_STRICT_OBJC_MSGSEND = YES; ENABLE_TESTABILITY = YES; GCC_C_LANGUAGE_STANDARD = gnu11; GCC_DYNAMIC_NO_PIC = NO; GCC_NO_COMMON_BLOCKS = YES; GCC_OPTIMIZATION_LEVEL = 0; GCC_PREPROCESSOR_DEFINITIONS = ( "DEBUG=1", "$(inherited)", ); GCC_WARN_64_TO_32_BIT_CONVERSION = YES; GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; GCC_WARN_UNDECLARED_SELECTOR = YES; GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; GCC_WARN_UNUSED_FUNCTION = YES; GCC_WARN_UNUSED_VARIABLE = YES; MACOSX_DEPLOYMENT_TARGET = 11.0; MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE; MTL_FAST_MATH = YES; ONLY_ACTIVE_ARCH = YES; SDKROOT = macosx; SWIFT_ACTIVE_COMPILATION_CONDITIONS = DEBUG; SWIFT_OPTIMIZATION_LEVEL = "-Onone"; }; name = Debug; }; 76EE06A627FD1D01009E0F3A /* Release */ = { isa = XCBuildConfiguration; buildSettings = { ALWAYS_SEARCH_USER_PATHS = NO; CLANG_ANALYZER_NONNULL = YES; CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; CLANG_CXX_LANGUAGE_STANDARD = "gnu++17"; CLANG_ENABLE_MODULES = YES; CLANG_ENABLE_OBJC_ARC = YES; CLANG_ENABLE_OBJC_WEAK = YES; CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; CLANG_WARN_BOOL_CONVERSION = YES; CLANG_WARN_COMMA = YES; CLANG_WARN_CONSTANT_CONVERSION = YES; CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; CLANG_WARN_DOCUMENTATION_COMMENTS = YES; CLANG_WARN_EMPTY_BODY = YES; CLANG_WARN_ENUM_CONVERSION = YES; CLANG_WARN_INFINITE_RECURSION = YES; CLANG_WARN_INT_CONVERSION = YES; CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES; CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; CLANG_WARN_STRICT_PROTOTYPES = YES; CLANG_WARN_SUSPICIOUS_MOVE = YES; CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; CLANG_WARN_UNREACHABLE_CODE = YES; CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; COPY_PHASE_STRIP = NO; DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; ENABLE_NS_ASSERTIONS = NO; ENABLE_STRICT_OBJC_MSGSEND = YES; GCC_C_LANGUAGE_STANDARD = gnu11; GCC_NO_COMMON_BLOCKS = YES; GCC_WARN_64_TO_32_BIT_CONVERSION = YES; GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; GCC_WARN_UNDECLARED_SELECTOR = YES; GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; GCC_WARN_UNUSED_FUNCTION = YES; GCC_WARN_UNUSED_VARIABLE = YES; MACOSX_DEPLOYMENT_TARGET = 11.0; MTL_ENABLE_DEBUG_INFO = NO; MTL_FAST_MATH = YES; SDKROOT = macosx; SWIFT_COMPILATION_MODE = wholemodule; SWIFT_OPTIMIZATION_LEVEL = "-O"; }; name = Release; }; 76EE06A827FD1D01009E0F3A /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES = YES; ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; CODE_SIGN_ENTITLEMENTS = XCreds/xCreds.entitlements; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; CURRENT_PROJECT_VERSION = 7144; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = ( "\"$(SRCROOT)/Carthage/Build/Mac\"", "$(PROJECT_DIR)/Carthage/Build/Mac", "$(PROJECT_DIR)", ); GENERATE_INFOPLIST_FILE = YES; HEADER_SEARCH_PATHS = headers; INFOPLIST_FILE = XCreds/Info.plist; INFOPLIST_KEY_LSUIElement = YES; INFOPLIST_KEY_NSHumanReadableCopyright = "© 2022 Twocanoes Software, Inc"; INFOPLIST_KEY_NSMainNibFile = MainMenu; INFOPLIST_KEY_NSPrincipalClass = NSApplication; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", ); LIBRARY_SEARCH_PATHS = ( "$(inherited)", "$(SDKROOT)/usr/lib/system", ); MACOSX_DEPLOYMENT_TARGET = 11.0; MARKETING_VERSION = 5.0; PRODUCT_BUNDLE_IDENTIFIER = com.twocanoes.xcreds; PRODUCT_NAME = "$(TARGET_NAME)"; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Debug; }; 76EE06A927FD1D01009E0F3A /* Release */ = { isa = XCBuildConfiguration; buildSettings = { ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES = YES; ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; CODE_SIGN_ENTITLEMENTS = XCreds/xCreds.entitlements; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; CURRENT_PROJECT_VERSION = 7144; DEVELOPMENT_TEAM = UXP6YEHSPW; ENABLE_HARDENED_RUNTIME = YES; FRAMEWORK_SEARCH_PATHS = ( "\"$(SRCROOT)/Carthage/Build/Mac\"", "$(PROJECT_DIR)/Carthage/Build/Mac", "$(PROJECT_DIR)", ); GENERATE_INFOPLIST_FILE = YES; HEADER_SEARCH_PATHS = headers; INFOPLIST_FILE = XCreds/Info.plist; INFOPLIST_KEY_LSUIElement = YES; INFOPLIST_KEY_NSHumanReadableCopyright = "© 2022 Twocanoes Software, Inc"; INFOPLIST_KEY_NSMainNibFile = MainMenu; INFOPLIST_KEY_NSPrincipalClass = NSApplication; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", ); LIBRARY_SEARCH_PATHS = ( "$(inherited)", "$(SDKROOT)/usr/lib/system", ); MACOSX_DEPLOYMENT_TARGET = 11.0; MARKETING_VERSION = 5.0; PRODUCT_BUNDLE_IDENTIFIER = com.twocanoes.xcreds; PRODUCT_NAME = "$(TARGET_NAME)"; STRIP_INSTALLED_PRODUCT = NO; STRIP_SWIFT_SYMBOLS = NO; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Release; }; /* End XCBuildConfiguration section */ /* Begin XCConfigurationList section */ 760291EC2C116E470075FBD8 /* Build configuration list for PBXNativeTarget "XCreds Login Autofill" */ = { isa = XCConfigurationList; buildConfigurations = ( 760291ED2C116E470075FBD8 /* Debug */, 760291EE2C116E470075FBD8 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 760292012C116EDB0075FBD8 /* Build configuration list for PBXNativeTarget "XCreds Login Password" */ = { isa = XCConfigurationList; buildConfigurations = ( 760292022C116EDB0075FBD8 /* Debug */, 760292032C116EDB0075FBD8 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 76319363287D22C700D36BF7 /* Build configuration list for PBXNativeTarget "authrights" */ = { isa = XCConfigurationList; buildConfigurations = ( 76319361287D22C700D36BF7 /* Debug */, 76319362287D22C700D36BF7 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 766355C02870CA6A002E3867 /* Build configuration list for PBXNativeTarget "XCredsLoginPlugin" */ = { isa = XCConfigurationList; buildConfigurations = ( 766355BE2870CA6A002E3867 /* Debug */, 766355BF2870CA6A002E3867 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 766F4C4D2883B88F0021F548 /* Build configuration list for PBXLegacyTarget "Send To Test" */ = { isa = XCConfigurationList; buildConfigurations = ( 766F4C4E2883B88F0021F548 /* Debug */, 766F4C4F2883B88F0021F548 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 76786F572A27C36A00AA8DB9 /* Build configuration list for PBXNativeTarget "auth_mech_fixup" */ = { isa = XCConfigurationList; buildConfigurations = ( 76786F582A27C36A00AA8DB9 /* Debug */, 76786F592A27C36A00AA8DB9 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 76786F672A27C62D00AA8DB9 /* Build configuration list for PBXNativeTarget "test" */ = { isa = XCConfigurationList; buildConfigurations = ( 76786F682A27C62D00AA8DB9 /* Debug */, 76786F692A27C62D00AA8DB9 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 76DC0A6F28836EB2007C42B2 /* Build configuration list for PBXNativeTarget "XCreds Login Overlay" */ = { isa = XCConfigurationList; buildConfigurations = ( 76DC0A7028836EB2007C42B2 /* Debug */, 76DC0A7128836EB2007C42B2 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 76EE069527FD1D00009E0F3A /* Build configuration list for PBXProject "XCreds" */ = { isa = XCConfigurationList; buildConfigurations = ( 76EE06A527FD1D01009E0F3A /* Debug */, 76EE06A627FD1D01009E0F3A /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; 76EE06A727FD1D01009E0F3A /* Build configuration list for PBXNativeTarget "XCreds" */ = { isa = XCConfigurationList; buildConfigurations = ( 76EE06A827FD1D01009E0F3A /* Debug */, 76EE06A927FD1D01009E0F3A /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; /* End XCConfigurationList section */ /* Begin XCRemoteSwiftPackageReference section */ 76319364287D24E100D36BF7 /* XCRemoteSwiftPackageReference "swift-argument-parser" */ = { isa = XCRemoteSwiftPackageReference; repositoryURL = "https://github.com/apple/swift-argument-parser.git"; requirement = { kind = upToNextMajorVersion; minimumVersion = 1.0.0; }; }; 76477E022C626B5D00F01D56 /* XCRemoteSwiftPackageReference "OIDCLite" */ = { isa = XCRemoteSwiftPackageReference; repositoryURL = "https://github.com/twocanoes/OIDCLite.git"; requirement = { branch = main; kind = branch; }; }; /* End XCRemoteSwiftPackageReference section */ /* Begin XCSwiftPackageProductDependency section */ 762177E52B7144460051B756 /* OIDCLite */ = { isa = XCSwiftPackageProductDependency; productName = OIDCLite; }; 76319365287D24E100D36BF7 /* ArgumentParser */ = { isa = XCSwiftPackageProductDependency; package = 76319364287D24E100D36BF7 /* XCRemoteSwiftPackageReference "swift-argument-parser" */; productName = ArgumentParser; }; 76319368287D24F600D36BF7 /* ArgumentParser */ = { isa = XCSwiftPackageProductDependency; package = 76319364287D24E100D36BF7 /* XCRemoteSwiftPackageReference "swift-argument-parser" */; productName = ArgumentParser; }; 76477E032C626B5D00F01D56 /* OIDCLite */ = { isa = XCSwiftPackageProductDependency; package = 76477E022C626B5D00F01D56 /* XCRemoteSwiftPackageReference "OIDCLite" */; productName = OIDCLite; }; 766355CD2870E9D3002E3867 /* OIDCLite */ = { isa = XCSwiftPackageProductDependency; productName = OIDCLite; }; 76AB89E02A12FAF900529D90 /* OIDCLite */ = { isa = XCSwiftPackageProductDependency; productName = OIDCLite; }; 76AB89E22A12FB4900529D90 /* ArgumentParser */ = { isa = XCSwiftPackageProductDependency; package = 76319364287D24E100D36BF7 /* XCRemoteSwiftPackageReference "swift-argument-parser" */; productName = ArgumentParser; }; 76DD6D16285997F300A700ED /* OIDCLite */ = { isa = XCSwiftPackageProductDependency; productName = OIDCLite; }; /* End XCSwiftPackageProductDependency section */ }; rootObject = 76EE069227FD1D00009E0F3A /* Project object */; } ================================================ FILE: XCreds.xcodeproj/xcshareddata/xcschemes/Send To Test.xcscheme ================================================ ================================================ FILE: XCreds.xcodeproj/xcshareddata/xcschemes/XCreds Login Autofill.xcscheme ================================================ ================================================ FILE: XCreds.xcodeproj/xcshareddata/xcschemes/XCreds Login Overlay.xcscheme ================================================ ================================================ FILE: XCreds.xcodeproj/xcshareddata/xcschemes/XCreds Login Password.xcscheme ================================================ ================================================ FILE: XCreds.xcodeproj/xcshareddata/xcschemes/XCreds.xcscheme ================================================ ================================================ FILE: XCreds.xcodeproj/xcshareddata/xcschemes/XCredsLoginPlugin.xcscheme ================================================ ================================================ FILE: XCreds.xcodeproj/xcshareddata/xcschemes/XCredsLoginPlugin_TestDeploy.xcscheme ================================================ ================================================ FILE: XCreds.xcodeproj/xcshareddata/xcschemes/authrights.xcscheme ================================================ ================================================ FILE: XCreds.xcodeproj/xcshareddata/xcschemes/xcredstap.xcscheme ================================================ ================================================ FILE: XCreds.xcodeproj/xcuserdata/tperfitt.xcuserdatad/xcdebugger/Breakpoints_v2.xcbkptlist ================================================ ================================================ FILE: XCreds.xcodeproj/xcuserdata/tperfitt.xcuserdatad/xcschemes/xcschememanagement.plist ================================================ SchemeUserState FileVaultLoginHelper.xcscheme_^#shared#^_ orderHint 10 FilevaultLoginHelper.xcscheme_^#shared#^_ orderHint 11 Send To Test.xcscheme_^#shared#^_ orderHint 5 XCreds AutoFill Extension.xcscheme_^#shared#^_ orderHint 10 XCreds AutoFill.xcscheme_^#shared#^_ orderHint 9 XCreds Login Autofill.xcscheme_^#shared#^_ orderHint 6 XCreds Login Overlay.xcscheme_^#shared#^_ orderHint 4 XCreds Login Password.xcscheme_^#shared#^_ orderHint 7 XCreds.xcscheme_^#shared#^_ orderHint 0 XCredsLoginPlugin.xcscheme_^#shared#^_ orderHint 1 XCredsLoginPlugin_TestDeploy.xcscheme_^#shared#^_ orderHint 3 auth_mech_fixup.xcscheme_^#shared#^_ orderHint 9 authrights.xcscheme_^#shared#^_ orderHint 2 tapgo.xcscheme_^#shared#^_ orderHint 9 xcredstap.xcscheme_^#shared#^_ orderHint 8 SuppressBuildableAutocreation 760291DF2C116E450075FBD8 primary 760291F32C116EDB0075FBD8 primary 7631935C287D22C700D36BF7 primary 766355BC2870CA6A002E3867 primary 766F4C4C2883B88F0021F548 primary 76A247522C22747400859E0A primary 76BEF7D12871F36C0013E2A1 primary 76DC0A6428836EB1007C42B2 primary 76EE069927FD1D00009E0F3A primary ================================================ FILE: XCredsLoginPlugIn/Bundle.swift ================================================ // // Bundle.swift // NoMADLoginAD // // Created by Joel Rennich on 3/31/20. // Copyright © 2020 Orchard & Grove. All rights reserved. // extension Bundle { static var mainLogin: Bundle { return Bundle(for: XCredsLoginPlugin.self) } } ================================================ FILE: XCredsLoginPlugIn/ContextAndHintHandling.swift ================================================ // // ContextAndHintHandling.swift // NoMADLoginAD // // Created by Josh Wisenbaker on 12/18/17. // Copyright © 2017 NoMAD. All rights reserved. // enum HintType: String,CaseIterable { case uid case gid case longname case shell case authorizeright = "authorize-right" case authorize_rule = "authorize-rule" case client_path = "client-path" case client_pid = "client-pid" case client_type = "client-type" case client_uid = "client-uid" case tries case suggested_user = "suggested-user" case require_user_in_group = "require-user-in-group" case reason case token_name = "token-name" case afp_dir case kerberos_principal = "kerberos-principal" case mountpoint case new_password case show_add_to_keychain = "show-add-to-keychain" case add_to_keuychain = "add-to-keuychain" case Home_Dir_Mount_Result case homeDirType case noMADUser case noMADFirst case noMADLast case noMADFull case username case ap_pam_service_name = "ap-pam-service-name" case ctk case ap_user_name = "ap-user-name" case password case authenticated_token_id = "authenticated-token-id" case ap_token case hsh case uti case uth case apsso_kcp = "apsso-kcp" case apsso_up = "apsso-up" case userSecretTriesLeft case noMADDomain case tokens case passwordOverwrite // stomp on the password case ntName case aliasName case claimsToAddToLocalUserAccount case adUserAttributesToAddToLocalUserAccount case guestUser case existingLocalUserPassword case existingLocalUserName case networkSignIn case user case fullusername case domain case pass case firstName case lastName case fullName case groups case rfidUsers case rfidEnabled case localAdmin case rfidUid case localLogin case allADAttributes case rfidPIN case oidcLastLoginTimestamp case isAccountCreationPending } // attribute statics let kODAttributeADUser = "dsAttrTypeStandard:ADUser" let kODAttributeNetworkSignIn = "dsAttrTypeStandard:NetworkSignIn" protocol ContextAndHintHandling { var mech: MechanismRecord? {get} func setContextString(type: String, value: String) func setHint(type: HintType, hint: NSSecureCoding) func getContextString(type: String) -> String? func getHint(type: HintType) -> Any? } //extension ContextAndHintHandling { // /// Set a NoMAD Login Authorization mechanism hint. // /// // /// - Parameters: // /// - type: A value from `HintType` representing the NoMad Login value to set. // /// - hint: The hint value to set. Can be `String` or `[String]` // func setHint(type: HintType, hint: Any) { // TCSLogWithMark() // guard (hint is String || hint is [String] || hint is Bool) else { //// os_log("NoMAD Login Set hint failed: data type of hint is not supported", log: uiLog, type: .debug) // return // } // TCSLogWithMark() // let data = NSKeyedArchiver.archivedData(withRootObject: hint) // TCSLogWithMark() // var value = AuthorizationValue(length: data.count, data: UnsafeMutableRawPointer(mutating: (data as NSData).bytes.bindMemory(to: Void.self, capacity: data.count))) // TCSLogWithMark() // let err = (mech?.fPlugin.pointee.fCallbacks.pointee.SetHintValue((mech?.fEngine)!, type.rawValue, &value))! // TCSLogWithMark() // guard err == errSecSuccess else { //// os_log("NoMAD Login Set hint failed with: %{public}@", log: uiLog, type: .debug, err) // return // } // } // // func getHint(type: HintType) -> Any? { // var value : UnsafePointer? = nil // var err: OSStatus = noErr // err = (mech?.fPlugin.pointee.fCallbacks.pointee.GetHintValue((mech?.fEngine)!, type.rawValue, &value))! // if err != errSecSuccess { //// os_log("Couldn't retrieve hint value: %{public}@", log: uiLog, type: .debug, type.rawValue) // return nil // } // let outputdata = Data.init(bytes: value!.pointee.data!, count: value!.pointee.length) // guard let result = NSKeyedUnarchiver.unarchiveObject(with: outputdata) // else { //// os_log("Couldn't unpack hint value: %{public}@", log: uiLog, type: .debug, type.rawValue) // return nil // } // return result // } // // /// Set one of the known `AuthorizationTags` values to be used during mechanism evaluation. // /// // /// - Parameters: // /// - type: A `String` constant from AuthorizationTags.h representing the value to set. // /// - value: A `String` value of the context value to set. // func setContextString(type: String, value: String) { // let tempdata = value + "\0" // let data = tempdata.data(using: .utf8) // var value = AuthorizationValue(length: (data?.count)!, data: UnsafeMutableRawPointer(mutating: (data! as NSData).bytes.bindMemory(to: Void.self, capacity: (data?.count)!))) // let err = (mech?.fPlugin.pointee.fCallbacks.pointee.SetContextValue((mech?.fEngine)!, type, .extractable, &value))! // guard err == errSecSuccess else { //// os_log("Set context value failed with: %{public}@", log: uiLog, type: .debug, err) // return // } // } // // func getContextString(type: String) -> String? { // var value: UnsafePointer? // var flags = AuthorizationContextFlags() // let err = mech?.fPlugin.pointee.fCallbacks.pointee.GetContextValue((mech?.fEngine)!, type, &flags, &value) // if err != errSecSuccess { //// os_log("Couldn't retrieve context value: %{public}@", log: uiLog, type: .debug, type) // return nil // } // if type == "longname" { // return String.init(bytesNoCopy: value!.pointee.data!, length: value!.pointee.length, encoding: .utf8, freeWhenDone: false) // } else { // let item = Data.init(bytes: value!.pointee.data!, count: value!.pointee.length) //// os_log("get context error: %{public}@", log: uiLog, type: .debug, item.description) // } // // return nil // } //} ================================================ FILE: XCredsLoginPlugIn/Info.plist ================================================ LogFileName xcreds.log ================================================ FILE: XCredsLoginPlugIn/LoginProgressWindowController.xib ================================================ ================================================ FILE: XCredsLoginPlugIn/LoginWindow/AuthorizationDBManager.swift ================================================ // // AuthorizationDBManager.swift // XCredsLoginPlugin // // Created by Timothy Perfitt on 7/3/22. // import Foundation import Security.AuthorizationDB class AuthorizationDBManager: NSObject { static let shared = AuthorizationDBManager() private func getAuth() -> AuthorizationRef? { if NSUserName() != "root" { print("Not Running as root, please execute with sudo privilege to do this function") exit(1) } var authRef : AuthorizationRef? = nil let err = AuthorizationCreate(nil, nil, AuthorizationFlags(rawValue: 0), &authRef) if err != noErr { TCSLogErrorWithMark("error getting rights to write authdb") return nil } return authRef! } func rightsInfo() -> Dictionary? { var rightsInfo: CFDictionary? let err = AuthorizationRightGet("system.login.console", &rightsInfo) if err != noErr { TCSLogErrorWithMark("error getting right") return nil } let rightInfo = rightsInfo as? Dictionary return rightInfo } func consoleRights() -> Array { guard let rightInfo = rightsInfo() else { TCSLogErrorWithMark("error getting rightsInfo") return [] } guard let rightsArray = rightInfo["mechanisms"] else{ TCSLogErrorWithMark("error getting mechanisms") return [] } guard let rightsArray = rightsArray as? Array else { TCSLogErrorWithMark("error getting rightsArray") return [] } return rightsArray } func setConsoleRights(rights:Array) -> Bool { var rightInfo: CFDictionary? let err = AuthorizationRightGet("system.login.console", &rightInfo) if err != noErr { TCSLogErrorWithMark("error AuthorizationRightGet") return false } guard var rightInfo = rightInfo as? Dictionary else { TCSLogErrorWithMark("error rightInfo") return false } rightInfo["mechanisms"] = rights guard let auth = getAuth() else { TCSLogErrorWithMark("error getAuth") return false } let r = rightInfo as CFTypeRef let err2 = AuthorizationRightSet(auth, "system.login.console",r, nil, nil, nil) if err2 != noErr { TCSLogErrorWithMark("error AuthorizationRightSet") return false } return true } func replace(right:String, withNewRight newRight:String) -> Bool { var consoleRights = consoleRights() let positionOfOldRight = consoleRights.firstIndex(of: right) guard let positionOfOldRight = positionOfOldRight else { return false } consoleRights[positionOfOldRight] = newRight return setConsoleRights(rights: consoleRights) } func remove(right:String) -> Bool { var consoleRights = consoleRights() let positionOfOldRight = consoleRights.firstIndex(of: right) guard let positionOfOldRight = positionOfOldRight else { return false } consoleRights.remove(at: positionOfOldRight) return setConsoleRights(rights: consoleRights) } func rightExists(right:String)->Bool{ let consoleRights = consoleRights() let positionOfRight = consoleRights.firstIndex(of: right) if positionOfRight == nil { return false } return true } func insertRight(newRight:String, afterRight right:String) -> Bool { var consoleRights = consoleRights() let positionOfRight = consoleRights.firstIndex(of: right) guard let positionOfRight = positionOfRight else { TCSLogErrorWithMark("error positionOfRight. Not defined") return false } if positionOfRight+1 == consoleRights.count || consoleRights[positionOfRight+1] != newRight { consoleRights.insert(newRight, at: positionOfRight+1) } // else { // print("right already exists") // } return setConsoleRights(rights: consoleRights) } func insertRight(newRight:String, beforeRight right:String) -> Bool { var consoleRights = consoleRights() let positionOfRight = consoleRights.firstIndex(of: right) guard let positionOfRight = positionOfRight else { TCSLogWithMark("error positionOfRight. Not defined") return false } //makes sure it is not last and then check to see if it already exists if positionOfRight==0 || consoleRights[positionOfRight-1] != newRight { consoleRights.insert(newRight, at: positionOfRight) } // else { // print("right already exists") // } let success = setConsoleRights(rights: consoleRights) return success } } ================================================ FILE: XCredsLoginPlugIn/LoginWindow/ControlsViewController.swift ================================================ // // LoginWindowControlsWindowController.swift // XCredsLoginPlugin // // Created by Timothy Perfitt on 7/3/22. // import Cocoa import CoreGraphics @available(macOS, deprecated: 11) class ControlsViewController: NSViewController, NSPopoverDelegate { @IBOutlet var systemInfoPopover: NSPopover! @IBOutlet var systemInfoPopoverViewController: NSViewController! var delegate: XCredsMechanismProtocol? @IBOutlet weak var buttonGridView: NSGridView! @IBOutlet weak var refreshGridColumn: NSGridColumn? @IBOutlet weak var shutdownGridColumn: NSGridColumn? @IBOutlet weak var restartGridColumn: NSGridColumn? @IBOutlet weak var systemInfoButton: NSButton! @IBOutlet weak var macLoginWindowGridColumn: NSGridColumn? @IBOutlet weak var wifiGridColumn: NSGridColumn? @IBOutlet weak var toolsView: NSView? let uiLog = "uiLog" @IBOutlet weak var systemInfoTextField: NSTextField? var loadPageURL:URL? var wifiWindowController:WifiWindowController? @IBOutlet weak var trialVersionStatusTextField: NSTextField! var refreshTimer:Timer? var commandKeyDown = false var optionKeyDown = false var controlKeyDown = false var allowPopoverClose:Bool = true var keyCodesPressed:[UInt16:Bool]=[:] static func initFromPlugin() -> ControlsViewController?{ let bundle = Bundle.findBundleWithName(name: "XCreds") guard let bundle = bundle else { return nil } let controlsViewController = ControlsViewController.init(nibName: NSNib.Name("ControlsViewController"), bundle: bundle) return controlsViewController } func commandKey(evt: NSEvent) -> NSEvent{ let flags = evt.modifierFlags.rawValue & NSEvent.ModifierFlags.command.rawValue if flags != 0 { //key code for command is 55 commandKeyDown = true } else { commandKeyDown=false } let optionKeyFlags = evt.modifierFlags.rawValue & NSEvent.ModifierFlags.option.rawValue if optionKeyFlags != 0 { optionKeyDown=true } else { optionKeyDown=false } let controlKeyFlags = evt.modifierFlags.rawValue & NSEvent.ModifierFlags.control.rawValue if controlKeyFlags != 0 { controlKeyDown=true } else { controlKeyDown=false } return evt } func keyUp(key: NSEvent) -> NSEvent?{ keyCodesPressed.removeValue(forKey: key.keyCode) return key } @IBAction func showSystemInfoButtonPressed(_ sender: NSButton) { TCSLogWithMark("showSystemInfoButtonPressed") if systemInfoPopover.isShown==true { TCSLogWithMark("closing") systemInfoPopover.performClose(self) return } var sysInfo = SystemInfoHelper().info().joined(separator: "\n") if let prefDomainName=getManagedPreference(key: .ADDomain) as? String{ let adSession = NoMADSession(domain:prefDomainName , user: "") let ldapServers = adSession.getSRVRecords(prefDomainName) if ldapServers.count>0{ sysInfo.append("\nAD Domain:\(prefDomainName) (Reachable)") } else { sysInfo.append("\nAD Domain: \(prefDomainName) (Not Reachable)") } } let bold14:NSFont = NSFont.systemFont(ofSize: 14.0) let textColor:NSColor = NSColor.black let textParagraph:NSMutableParagraphStyle = NSMutableParagraphStyle() textParagraph.lineSpacing = 10.0 /*this sets the space BETWEEN lines to 10points*/ textParagraph.maximumLineHeight = 12.0/*this sets the MAXIMUM height of the lines to 12points*/ let attribs = [NSAttributedString.Key.font:bold14,NSAttributedString.Key.foregroundColor:textColor,NSAttributedString.Key.paragraphStyle:textParagraph] let attrString:NSAttributedString = NSAttributedString.init(string: sysInfo, attributes: attribs) self.systemInfoTextField?.attributedStringValue = attrString // self.systemInfoTextField?.stringValue = sysInfo self.systemInfoPopover.delegate=self systemInfoPopover.show(relativeTo: sender.bounds, of: sender, preferredEdge: .maxY) } func keyDown(key: NSEvent) -> NSEvent?{ keyCodesPressed[key.keyCode]=true var correctKeyPressed = false let keyCodeOverride = DefaultsOverride.standardOverride.integer(forKey: PrefKeys.keyCodeForLoginWindowChange.rawValue) if keyCodeOverride > 0 { if keyCodesPressed[UInt16(keyCodeOverride)] == true{ correctKeyPressed=true } } else { if keyCodesPressed[76]==true || keyCodesPressed[36]==true { correctKeyPressed=true } } if correctKeyPressed && controlKeyDown==true && optionKeyDown==true { guard let delegate = delegate else { TCSLogWithMark("No delegate set for restart") return key } let allowCombo = DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldAllowKeyComboForMacLoginWindow.rawValue) if allowCombo == true { keyCodesPressed.removeAll() if commandKeyDown == false { NotificationCenter.default.post(name: NSNotification.Name("SwitchLoginWindow"), object: self) } else { delegate.setContextString(type: kAuthorizationEnvironmentUsername, value: SpecialUsers.standardLoginWindow.rawValue) delegate.allowLogin() } return nil } } return key } func setupSystemInfoButton() { let systemInfoButtonTitle = DefaultsOverride.standardOverride.string(forKey: PrefKeys.systemInfoButtonTitle.rawValue) switch systemInfoButtonTitle { case ".os": systemInfoButton.title = "macOS " + ProcessInfo.processInfo.operatingSystemVersionString case ".hostname": systemInfoButton.title = "Hostname: " + ProcessInfo.processInfo.hostName case ".ipaddress": systemInfoButton.title = "IP Address: " + (SystemInfoHelper().ipAddress() ?? "No IPAddress") case ".serial": systemInfoButton.title = "Serial: " + getSerial() // case ".mac": // systemInfoButton.title = "MAC Address:" + getMAC() case ".computername": systemInfoButton.title = "Computer Name:" + (Host.current().localizedName ?? "unknown computername") case ".ssid": systemInfoButton.title="SSID: " + (NetworkManager().getCurrentSSID() ?? "no SSID") default: if let systemInfoButtonTitle = systemInfoButtonTitle, systemInfoButtonTitle.count<21 { systemInfoButton.title = systemInfoButtonTitle } else if let appVersion = SystemInfoHelper().appVersion(){ systemInfoButton.title = appVersion } } } func popoverShouldClose(_ popover: NSPopover) -> Bool { if DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldActivateSystemInfoButton.rawValue)==true && allowPopoverClose==false{ TCSLogWithMark("preventing popover from closing") return false } return true } override func awakeFromNib() { TCSLogWithMark() systemInfoPopover.delegate = self super.awakeFromNib() NSEvent.addLocalMonitorForEvents(matching: .keyDown, handler: keyDown(key:)) NSEvent.addLocalMonitorForEvents(matching: .keyUp, handler: keyUp(key:)) setupSystemInfoButton() NSEvent.addLocalMonitorForEvents(matching: .flagsChanged, handler: commandKey(evt:)) let licenseState = LicenseChecker().currentLicenseState() self.trialVersionStatusTextField?.isHidden = false switch licenseState { case .valid(let secRemaining): self.trialVersionStatusTextField?.isHidden = true let daysRemaining = Int(secRemaining/(24*60*60)) TCSLogWithMark("valid license. Days remaining: \(daysRemaining) (\(secRemaining) seconds)") if daysRemaining < 14 { self.trialVersionStatusTextField.stringValue = "License Expires in \(daysRemaining) days" self.trialVersionStatusTextField?.isHidden = false } break; case .expired: self.trialVersionStatusTextField?.isHidden = false self.trialVersionStatusTextField.stringValue = "License Expired. Please visit twocanoes.com for more information." case .trial(let daysRemaining): TCSLogWithMark("Trial") self.trialVersionStatusTextField?.isHidden = false if daysRemaining==1 { self.trialVersionStatusTextField.stringValue = "XCreds Trial. One day remaining." } else { self.trialVersionStatusTextField.stringValue = "XCreds Trial. \(daysRemaining) days remaining." } case .trialExpired: TCSLogErrorWithMark("Trial Expired. Purchase a license at twocanoes.com") self.trialVersionStatusTextField?.isHidden = false self.trialVersionStatusTextField.stringValue = "Trial Expired. Purchase a license at twocanoes.com" case .invalid: TCSLogErrorWithMark("invalid license") self.trialVersionStatusTextField?.isHidden = false self.trialVersionStatusTextField.stringValue = "Invalid License. Please visit twocanoes.com for more information." } TCSLogWithMark() setupLoginWindowControlsAppearance() // resolutionObserver = NotificationCenter.default.addObserver(forName:NSApplication.didChangeScreenParametersNotification, object: nil, queue: nil) { notification in // TCSLogWithMark("Resolution changed. Resetting size") // self.setupLoginWindowControlsAppearance() // // // } let refreshTimerSecs = DefaultsOverride.standardOverride.integer(forKey: PrefKeys.autoRefreshLoginTimer.rawValue) if refreshTimerSecs > 0 { TCSLogWithMark("Setting refresh timer") refreshTimer = Timer.scheduledTimer(withTimeInterval: TimeInterval(refreshTimerSecs), repeats: true, block: { [self] timer in let idleTime = CGEventSource.secondsSinceLastEventType(CGEventSourceStateID.combinedSessionState, eventType: CGEventType.keyDown) if idleTime>30{ TCSLogWithMark("refreshing in timer") delegate?.reload() } else { TCSLogWithMark("skipping refresh because activity detected in last 30 seconds") } }) } } fileprivate func setupLoginWindowControlsAppearance() { TCSLogWithMark() DispatchQueue.main.async { self.view.wantsLayer=true self.view.layer?.backgroundColor = CGColor(red: 0.3, green: 0.3, blue: 0.3, alpha: 0.4) TCSLogWithMark() self.wifiGridColumn?.isHidden = !DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldShowConfigureWifiButton.rawValue) self.shutdownGridColumn?.isHidden = !DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldShowShutdownButton.rawValue) self.restartGridColumn?.isHidden = !DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldShowRestartButton.rawValue) self.systemInfoButton?.isHidden = !DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldShowSystemInfoButton.rawValue) TCSLogWithMark() self.macLoginWindowGridColumn?.isHidden = !DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldShowMacLoginButton.rawValue) } } func showPopoverIfNeeded(){ if self.systemInfoButton?.isHidden == false, DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldActivateSystemInfoButton.rawValue)==true{ DispatchQueue.main.asyncAfter(deadline: .now() + 5.0) { self.showSystemInfoButtonPressed(self.systemInfoButton) } } } @IBAction func showNetworkConnection(_ sender: Any) { // username.isHidden = true TCSLogWithMark() wifiWindowController = WifiWindowController(windowNibName: NSNib.Name("WifiWindowController")) TCSLogWithMark() guard let windowController = wifiWindowController, let window = windowController.window else { TCSLogWithMark("no window for wifi") return } windowController.delegate=self.delegate TCSLogWithMark("setting window level") // let colorValue=0.9 // let alpha=0.95 // window.backgroundColor=NSColor(deviceRed: colorValue, green: colorValue, blue: colorValue, alpha: alpha) if let level = self.view.window?.level { window.level = level+1 } TCSLogWithMark("wifiWindowController ordering controls front") window.orderFrontRegardless() TCSLogWithMark() // window.titlebarAppearsTransparent = true window.isMovable = true window.canBecomeVisibleWithoutLogin = true window.makeKeyAndOrderFront(self) // window.titlebarAppearsTransparent = true let screenRect = NSScreen.screens[0].frame window.setFrame(screenRect, display: true, animate: false) TCSLogWithMark() // guard let wifiWindowController = WifiWindowViewController.createFr.createFromNib(in: .mainLogin) else { // os_log("Error showing network selection.", log: uiLog, type: .debug) // return // } // // wifiView.frame = windowContentView.frame // let completion = { // os_log("Finished working with wireless networks", log: self.uiLog, type: .debug) //// self.username.isHidden = false //// self.username.becomeFirstResponder() // } // wifiView.set(completionHandler: completion) // windowContentView.addSubview(wifiView) } @IBAction func refreshButtonPressed(_ sender: Any) { TCSLogWithMark("refreshButtonPressed") DefaultsOverride.standardOverride.refreshCachedPrefs() guard let delegate = delegate else { TCSLogWithMark("No delegate set for refresh") return } TCSLogWithMark("refreshing") delegate.reload() } @IBAction func restartClick(_ sender: Any) { TCSLogWithMark("Setting restart user") guard let delegate = delegate else { TCSLogWithMark("No delegate set for restart") return } delegate.setContextString(type: kAuthorizationEnvironmentUsername, value: SpecialUsers.restart.rawValue) delegate.allowLogin() } @IBAction func shutdownClick(_ sender: Any) { TCSLogWithMark("Setting shutdown user") guard let delegate = delegate else { TCSLogErrorWithMark("No delegate set for shutdown") return } delegate.setContextString(type: kAuthorizationEnvironmentUsername, value: SpecialUsers.shutdown.rawValue) TCSLogWithMark("calling allowLogin") delegate.allowLogin() } @IBAction func resetToStandardLoginWindow(_ sender: Any) { var shouldSwitch = true TCSLogWithMark("switch login window") if commandKeyDown == false { NotificationCenter.default.post(name: NSNotification.Name("SwitchLoginWindow"), object: self) return } if UserDefaults.standard.bool(forKey:PrefKeys.shouldUseKillWhenLoginWindowSwitching.rawValue)==false{ let alert = NSAlert() alert.addButton(withTitle: "Restart") alert.addButton(withTitle: "Cancel") alert.messageText="Switching login windows requires a restart. Do you want to restart now?" alert.window.canBecomeVisibleWithoutLogin=true let bundle = Bundle.findBundleWithName(name: "XCreds") if let bundle = bundle { TCSLogWithMark("Found bundle") alert.icon=bundle.image(forResource: NSImage.Name("icon_128x128")) } if alert.runModal() == .alertSecondButtonReturn { shouldSwitch=false } } if shouldSwitch == true { guard let delegate = delegate else { TCSLogErrorWithMark("No delegate set for resetToStandardLoginWindow") return } delegate.setContextString(type: kAuthorizationEnvironmentUsername, value: SpecialUsers.standardLoginWindow.rawValue) delegate.allowLogin() } } } ================================================ FILE: XCredsLoginPlugIn/LoginWindow/ControlsViewController.xib ================================================ ================================================ FILE: XCredsLoginPlugIn/LoginWindow/LocalUsersViewController.xib ================================================ NSAllRomanInputSourcesLocaleIdentifier ================================================ FILE: XCredsLoginPlugIn/LoginWindow/LoginWebViewController.swift ================================================ // // WebView.swift // xCreds // // Created by Timothy Perfitt on 4/5/22. // import Foundation import Cocoa import WebKit import OIDCLite import OpenDirectory @available(macOS, deprecated: 11) class LoginWebViewController: WebViewController, DSQueryable { let uiLog = "uiLog" // var internalDelegate:XCredsMechanismProtocol? var mechanismDelegate:XCredsMechanismProtocol? // } @IBOutlet weak var backgroundImageView: NSImageView! override func awakeFromNib() { // NotificationCenter.default.addObserver(forName:NSApplication.didChangeScreenParametersNotification, object: nil, queue: nil) { notification in // TCSLogWithMark("Updating view") // self.updateView() // } TCSLogWithMark() updateView() NSWorkspace.shared.notificationCenter.addObserver(forName: NSWorkspace.didWakeNotification, object: nil, queue: nil) { not in TCSLogWithMark("Waking from sleep, so refreshing view") self.updateView() } } override func viewDidLayout() { TCSLogWithMark() } override func viewWillLayout() { TCSLogWithMark() updateView() } func updateView(){ self.view.layer?.cornerRadius=15 let screenRect = NSScreen.screens[0].frame let screenWidth = screenRect.width let screenHeight = screenRect.height var loginWindowWidth = screenWidth //start with full size var loginWindowHeight = screenHeight //start with full size if DefaultsOverride.standardOverride.object(forKey: PrefKeys.loginWindowWidth.rawValue) != nil { let val = CGFloat(DefaultsOverride.standardOverride.float(forKey: PrefKeys.loginWindowWidth.rawValue)) if val > 149 { TCSLogWithMark("setting loginWindowWidth to \(val)") loginWindowWidth = val } } if DefaultsOverride.standardOverride.object(forKey: PrefKeys.loginWindowHeight.rawValue) != nil { let val = CGFloat(DefaultsOverride.standardOverride.float(forKey: PrefKeys.loginWindowHeight.rawValue)) if val > 149 { TCSLogWithMark("setting loginWindowHeight to \(val)") loginWindowHeight = val } } TCSLogWithMark("setting loginWindowWidth to \(loginWindowWidth)") TCSLogWithMark("setting loginWindowHeight to \(loginWindowHeight)") view.setFrameSize(NSMakeSize(loginWindowWidth, loginWindowHeight)) loadPage() } override func viewDidAppear() { TCSLogWithMark("loading page") //if prefs define smaller, then resize window TCSLogWithMark("checking for custom height and width") updateView() } override func showErrorMessageAndDeny(_ message:String){ mechanismDelegate?.denyLogin(message:message) return } override func credentialsUpdated(_ credentials:Creds){ if let res = mechanismDelegate?.setupHints(fromCredentials: credentials, password: password ?? "" ){ switch res { case .success: break case .failure(let message): TCSLogWithMark("error setting up hints, reloading page:\(message)") let alert = NSAlert() alert.addButton(withTitle: "OK") alert.messageText=message alert.window.canBecomeVisibleWithoutLogin=true let bundle = Bundle.findBundleWithName(name: "XCreds") if let bundle = bundle { TCSLogWithMark("Found bundle") alert.icon=bundle.image(forResource: NSImage.Name("icon_128x128")) } alert.runModal() self.updateView() case .userCancelled: TCSLogWithMark("user cancelled") self.updateView() } } } } extension String { var stripped: String { let okayChars = Set("abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLKMNOPQRSTUVWXYZ1234567890+-._") return self.filter {okayChars.contains($0) } } } ================================================ FILE: XCredsLoginPlugIn/LoginWindow/LoginWindow.swift ================================================ // // LoginWindow.swift // XCredsLoginPlugin // // Created by Timothy Perfitt on 7/2/22. // import Cocoa class LoginWindow: NSWindow { override var canBecomeKey: Bool { return true } } ================================================ FILE: XCredsLoginPlugIn/LoginWindow/MainLoginWindow.swift ================================================ // // MainLoginWIndow.swift // XCredsLoginPlugin // // Created by Timothy Perfitt on 12/8/23. // import Cocoa class MainLoginWindow: NSWindow { override var canBecomeKey: Bool { return true } } ================================================ FILE: XCredsLoginPlugIn/LoginWindow/MainLoginWindowController.xib ================================================ ================================================ FILE: XCredsLoginPlugIn/LoginWindow/SignInWindowController.swift ================================================ // // SignIn.swift // NoMADLogin // // Created by Joel Rennich on 9/20/17. // Copyright © 2017 Joel Rennich. All rights reserved. // import Cocoa import Security.AuthorizationPlugin import os.log import OpenDirectory import OIDCLite import CryptoTokenKit import CryptoKit let uiLog = OSLog(subsystem: "menu.nomad.login.ad", category: "UI") let checkADLog = OSLog(subsystem: "menu.nomad.login.ad", category: "CheckADMech") protocol UpdateCredentialsFeedbackProtocol { func passwordExpiryUpdate(_ passwordExpires:Date) func credentialsUpdated(_ credentials:Creds) func credentialsCheckFailed() func invalidCredentials() func kerberosTicketUpdated() func kerberosTicketCheckFailed(_ error:NoMADSessionError) func adUserUpdated(_ adUser:ADUserRecord) } @available(macOS, deprecated: 11) @objc class SignInViewController: NSViewController, DSQueryable, TokenManagerFeedbackDelegate { enum SignInViewControllerResetPasswordError:Error { case failedToResetPassword(String) case cancelled } //MARK: - setup properties var mech: MechanismRecord? var nomadSession: NoMADSession? var shortName = "" var domainName = "" var passString = "" var newPassword = "" var isDomainManaged = false var isSSLRequired = false let sysInfo = SystemInfoHelper().info() var sysInfoIndex = 0 let tokenManager = TokenManager() var cardLoginFailedAttempts = 0 var localAdmin:LocalAdminCredentials? var rfidUsers:RFIDUsers? var updateCredentialsFeedbackDelegate: UpdateCredentialsFeedbackProtocol? var isInUserSpace = false var watcher:TKTokenWatcher? var isResetPasswordInProgress = false var shouldIgnoreInsertion=false var hadPasswordFailure:Bool=false @objc var visible = true override var acceptsFirstResponder: Bool { return true } //MARK: - IB outlets @IBOutlet weak var usernameTextField: NSTextField! @IBOutlet weak var passwordTextField: NSSecureTextField! @IBOutlet weak var localOnlyCheckBox: NSButton! // @IBOutlet weak var localOnlyView: NSView! @IBOutlet var alertTextField:NSTextField! @IBOutlet var tapLoginLabel:NSTextField! @IBOutlet weak var loginCardSetupButton: NSButton! // @IBOutlet weak var loginCardSetupView: NSView! var unprovisionedRfidUid:String? @IBOutlet weak var stackView: NSStackView! // @IBOutlet weak var domain: NSPopUpButton! @IBOutlet weak var signIn: NSButton! @IBOutlet weak var imageView: NSImageView! // var setupCardWindowController:SetupCardWindowController? @IBOutlet weak var logoImageView: NSImageView! var mechanismDelegate:XCredsMechanismProtocol? override var nibName: NSNib.Name{ return "LocalUsersViewController" } func invalidCredentials() { updateCredentialsFeedbackDelegate?.invalidCredentials() TCSLogWithMark("Token error: Invalid credentials") XCredsAudit().auditError("Token error: Invalid credentials") shakeWindowAndShowError() } func tokenError(_ err:String){ updateCredentialsFeedbackDelegate?.credentialsCheckFailed() TCSLogWithMark("Token error: \(err)") XCredsAudit().auditError(err) shakeWindowAndShowError() } func credentialsUpdated(_ credentials:Creds){ updateCredentialsFeedbackDelegate?.credentialsUpdated(credentials) if let res = mechanismDelegate?.setupHints(fromCredentials: credentials, password: passString ){ switch res { case .success, .userCancelled: break case .failure(let msg): TCSLogWithMark(msg) TCSLogWithMark("error setting up hints, reloading page:\(msg)") let alert = NSAlert() alert.addButton(withTitle: "OK") alert.messageText=msg alert.window.canBecomeVisibleWithoutLogin=true let bundle = Bundle.findBundleWithName(name: "XCreds") if let bundle = bundle { TCSLogWithMark("Found bundle") alert.icon=bundle.image(forResource: NSImage.Name("icon_128x128")) } alert.runModal() } } var credWithPass = credentials credWithPass.password = self.passString NotificationCenter.default.post(name: Notification.Name("TCSTokensUpdated"), object: self, userInfo:["credentials":credWithPass]) } // var mechanism:XCredsMechanismProtocol? { // set { // TCSLogWithMark() // mechanismDelegate=newValue // } // get { // return mechanismDelegate // } // } //MARK: - Migrate Box IB outlets var migrate = false var migrateUserRecord : ODRecord? // var didUpdateFail = false var setupDone=false var cardInserted = false //MARK: - UI Methods override func awakeFromNib() { super.awakeFromNib() //awakeFromNib gets called multiple times. guard against that. if setupDone==true { return } setupDone=true TCSLogWithMark() alertTextField.isHidden=true if let prefDomainName=getManagedPreference(key: .ADDomain) as? String{ domainName = prefDomainName } setupLoginAppearance() TCSLogWithMark("setting up smart card listener") watcher = TKTokenWatcher() watcher?.setInsertionHandler({ tokenID in TCSLogWithMark("card inserted") //sometimes we get multiple events, so track and skip self.watcher?.addRemovalHandler({ tokenID in self.loginCardSetupButton.isHidden=true self.loginCardSetupButton.state = .off self.unprovisionedRfidUid=nil self.cardInserted=false TCSLogWithMark("card removed") }, forTokenID: tokenID) if self.cardInserted == true { return } self.cardInserted=true if self.shouldIgnoreInsertion == true { return } if self.cardLoginFailedAttempts>2 { DispatchQueue.main.async { self.alertTextField.stringValue = "Tap Login Disabled" self.alertTextField.isHidden = false } return } let slotNames = TKSmartCardSlotManager.default?.slotNames guard let slotNames = slotNames, slotNames.count>0 else { TCSLogWithMark("No rfid readers") return } guard let ccidSlotName = DefaultsOverride.standardOverride.string(forKey: PrefKeys.ccidSlotName.rawValue) else { TCSLogWithMark("No slotname defined in prefs. Slot names found: \(slotNames)") return } let slotName=slotNames.first { currString in currString == ccidSlotName } guard let slotName = slotName else { TCSLogWithMark("no matches found for slotname \(ccidSlotName)") return } TCSLogWithMark() let slot = TKSmartCardSlotManager.default?.slotNamed(slotName) TCSLogWithMark() guard let tkSmartCard = slot?.makeSmartCard() else { TCSLogWithMark("Could not setup reader") self.cardInserted=false return } TCSLogWithMark() let builtInReader = CCIDCardReader(tkSmartCard: tkSmartCard) TCSLogWithMark() let returnData = builtInReader.sendAPDU(cla: 0xFF, ins: 0xCA, p1: 0, p2: 0, data: nil) TCSLogWithMark() if let returnData=returnData, returnData.count>2{ TCSLogWithMark() print(returnData[0...returnData.count-3].hexEncodedString()) DispatchQueue.main.async { TCSLogWithMark() var pin:String? let hex=returnData[0...returnData.count-3].hexEncodedString() do { let secretKeeper = try SecretKeeper(label: "XCreds Encryptor", tag: "XCreds Encryptor") let userManager = UserSecretManager(secretKeeper: secretKeeper) if let uidData = Data(fromHexEncodedString: hex) { TCSLogWithMark("got UID Data") if let user = try userManager.uidUser(uid: uidData, rfidUsers: self.rfidUsers){ TCSLogWithMark("Found user. looking if pin required") if user.requiresPIN == true { let pinPromptWindowController = PinPromptWindowController(windowNibName: "PinPromptWindowController") let res = NSApp.runModal(for: pinPromptWindowController.window!) pinPromptWindowController.window?.close() if res == .OK { pin = pinPromptWindowController.pin } else if res == .cancel { return } } } } self.cardLogin(uid: hex, pin:pin) } catch { TCSLogWithMark("error: "+error.localizedDescription) } } } }) } func cardLogin(uid:String, pin:String?) { var hashedUID:Data let shouldAllowLoginCardSetup = DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldAllowLoginCardSetup.rawValue) TCSLogWithMark("RFID UID \"\(uid)\" detected") guard let rfidUsers = rfidUsers else { if shouldAllowLoginCardSetup == true { loginCardSetupButton.isHidden=false self.loginCardSetupButton.state = .on unprovisionedRfidUid=uid } else { TCSLogWithMark("No RFID Users defined. run /Applications/XCreds.app/Contents/MacOS/XCreds -h for help on adding users.") passwordTextField.shake(self) } return } guard let rfidUidData = Data(fromHexEncodedString: uid) else { TCSLogWithMark("error in RFID UID") return } do { (hashedUID,_) = try PasswordCryptor().hashSecretWithKeyStretchingAndSalt(secret: rfidUidData, salt: rfidUsers.salt) } catch { TCSLogWithMark("error hashing key: \(error.localizedDescription)") return } guard let rfidUserDict = rfidUsers.userDict, let rfidUser = rfidUserDict[hashedUID] else { TCSLogWithMark("No RFID user with uid: \(uid)") if shouldAllowLoginCardSetup==true { loginCardSetupButton.isHidden=false self.loginCardSetupButton.state = .on unprovisionedRfidUid=uid } else { passwordTextField.shake(self) } return } shortName = rfidUser.username let encryptedPasswordData = rfidUser.password guard let rfidUIDdata = Data(fromHexEncodedString: uid) else { TCSLogWithMark("invalid UID Data") passwordTextField.shake(self) return } guard let passwordData = try? PasswordCryptor().passwordDecrypt(encryptedDataWithSalt: encryptedPasswordData, rfidUID: rfidUIDdata, pin:pin) else { TCSLogWithMark("error decrypting password") cardLoginFailedAttempts += 1 passwordTextField.shake(self) return } cardLoginFailedAttempts = 0 passString = String(decoding: passwordData, as: UTF8.self) let fullName = rfidUser.fullName let useruid = rfidUser.userUID TCSLogWithMark("UserID: \(useruid.stringValue)") let userExists = try? PasswordUtils.isUserLocal(shortName) guard let userExists = userExists else { TCSLogWithMark("DS error") passwordTextField.shake(self) return } if (userExists==true){ TCSLogWithMark() processLogin(inShortname: shortName, inPassword: passString) return } //user is defined in rfid user file but never logged in. so new user, // so we populate the needed values for the account and move along setRequiredHintsAndContext() if let fullName = fullName { TCSLogWithMark("Setting fullName to \(fullName)") mechanismDelegate?.setHint(type: .fullName, hint: fullName as NSSecureCoding) } if useruid.intValue>499 { TCSLogWithMark("Setting uid to \(useruid.stringValue)") mechanismDelegate?.setHint(type: .uid, hint: useruid.stringValue as NSSecureCoding) } else if useruid.intValue != -1 { TCSLogWithMark("invalid uid. selecting next available UID.") } completeLogin(authResult:.allow) } func updateSize(){ self.view.frame = CGRectMake(self.view.frame.origin.x, self.view.frame.origin.y, self.view.frame.size.width, self.stackView.frame.size.height + 64) } override func viewDidLayout() { TCSLogWithMark("viewDidLayout") updateSize() } @objc func setupLoginAppearance() { TCSLogWithMark() self.view.layer?.cornerRadius=15 let ccidSlotName = DefaultsOverride.standardOverride.string(forKey: PrefKeys.ccidSlotName.rawValue) let shouldAllowLoginCardSetup = DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldAllowLoginCardSetup.rawValue) tapLoginLabel.isHidden=true loginCardSetupButton.isHidden=true self.loginCardSetupButton.state = .off if let _ = ccidSlotName { if let _ = rfidUsers { //we have users so show text tapLoginLabel.isHidden=false } else { tapLoginLabel.isHidden=true } if shouldAllowLoginCardSetup == true { tapLoginLabel.isHidden=false } } alertTextField.isHidden=true self.usernameTextField.stringValue="" self.passwordTextField.stringValue="" logoImageView.isHidden=false if DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldHideLoginWindowLogo.rawValue) == true { logoImageView.isHidden=true } else if let loginWindowLogoPath = DefaultsOverride.standardOverride.string(forKey: PrefKeys.loginWindowLogoPath.rawValue){ if let image = NSImage.imageFromPathOrURL(pathURLString: loginWindowLogoPath){ logoImageView.image=image } } self.usernameTextField.wantsLayer=true self.view.wantsLayer=true // self.view.frame=CGRectInset(self.view.frame, 0,32+128-logoImageView.frame.height) self.view.layer?.backgroundColor = CGColor(red: 1.0, green: 1.0, blue: 1.0, alpha: 0.7) localOnlyCheckBox.isEnabled=true localOnlyCheckBox.isHidden=false // make things look better TCSLogWithMark("Tweaking appearance") if let usernamePlaceholder = UserDefaults.standard.string(forKey: PrefKeys.usernamePlaceholder.rawValue){ TCSLogWithMark("Setting username placeholder: \(usernamePlaceholder)") self.usernameTextField.placeholderString=usernamePlaceholder } self.usernameTextField.isEnabled=true if let passwordPlaceholder = UserDefaults.standard.string(forKey: PrefKeys.passwordPlaceholder.rawValue){ TCSLogWithMark("Setting password placeholder") self.passwordTextField.placeholderString=passwordPlaceholder } passwordTextField.isEnabled=true signIn.isEnabled=true TCSLogWithMark("Domain is \(domainName)") if UserDefaults.standard.bool(forKey: PrefKeys.shouldShowLocalOnlyCheckbox.rawValue) == false { TCSLogWithMark("hiding local only") self.localOnlyCheckBox.isHidden = true self.localOnlyCheckBox.isHidden = true } else { //show based on if there is an AD domain or not let isLocalOnly = self.domainName.isEmpty == true && UserDefaults.standard.bool(forKey: PrefKeys.shouldUseROPGForLoginWindowLogin.rawValue) == false self.localOnlyCheckBox.isHidden = isLocalOnly } } func showResetUI() throws { TCSLogWithMark() let changePasswordWindowController = UpdatePasswordWindowController.init(windowNibName: NSNib.Name("UpdatePasswordWindowController")) changePasswordWindowController.window?.canBecomeVisibleWithoutLogin=true changePasswordWindowController.window?.isMovable = true changePasswordWindowController.window?.canBecomeVisibleWithoutLogin = true changePasswordWindowController.window?.level = NSWindow.Level(rawValue: NSWindow.Level.floating.rawValue) TCSLogWithMark("resetting level") changePasswordWindowController.window?.level = NSWindow.Level(rawValue: NSWindow.Level.floating.rawValue) changePasswordWindowController.window?.forceToFrontAndFocus(self) let response = NSApp.runModal(for: changePasswordWindowController.window!) changePasswordWindowController.window?.close() TCSLogWithMark("response: \(response.rawValue)") if response == .cancel { throw SignInViewControllerResetPasswordError.cancelled } if let pass = changePasswordWindowController.password { newPassword = pass } if let currPassword = changePasswordWindowController.currentPassword { passString=currPassword } isResetPasswordInProgress=true networkAuth() } fileprivate func shakeWindowAndShowError(_ message: String?=nil) { XCredsAudit().auditError(message ?? "Empty") TCSLogWithMark(message ?? "") nomadSession = nil passwordTextField.stringValue = "" passwordTextField.shake(self) alertTextField.isHidden=false if message?.lowercased() == "preauthentication failed" { alertTextField.stringValue = "Authentication Failed" } else if message?.lowercased() == "unknown ad user" { alertTextField.stringValue = "Authentication Failed" } else { alertTextField.stringValue = message ?? "Authentication Failed" } setLoginWindowState(enabled: true) view.window?.makeFirstResponder(passwordTextField) } /// Simple toggle to change the state of the NoLo window UI between active and inactive. fileprivate func setLoginWindowState(enabled:Bool) { TCSLogWithMark() if signIn != nil && usernameTextField != nil && passwordTextField != nil && localOnlyCheckBox != nil { signIn.isEnabled = enabled TCSLogWithMark() usernameTextField.isEnabled = enabled passwordTextField.isEnabled = enabled localOnlyCheckBox.isEnabled = enabled TCSLogWithMark() } } func setupLoginCard(completion:(_ result:Bool, _ pin:String?)->Void) { let pinSetWindowController = PinSetWindowController(windowNibName: "PinSetWindowController") let res = NSApp.runModal(for: pinSetWindowController.window!) if res == .cancel { pinSetWindowController.window?.close() completion(false,nil) return } else { completion(true,pinSetWindowController.pin) } // if setupCardWindowController == nil { // setupCardWindowController = SetupCardWindowController(windowNibName:"SetupCardWindowController") // } // setupCardWindowController?.window?.canBecomeVisibleWithoutLogin=true // if let setupCardWindow = setupCardWindowController?.window { // let res = NSApp.runModal(for: setupCardWindow) // if res == .OK { // if let uid = setupCardWindowController?.uid { // completion(true, uid, setupCardWindowController?.pin) // } // else { // TCSLogWithMark("no uid") // } // } // else { // TCSLogWithMark("result is not ok") // setupCardWindowController=nil // completion(false,nil, nil) // // } // } } /// When the sign in button is clicked we check a few things. /// /// 1. Check to see if the username field is blank, bail if it is. If not, animate the UI and process the user strings. /// /// 2. Check the user shortname and see if the account already exists in DSLocal. If so, simply set the hints and pass on. /// /// 3. Create a `NoMADSession` and see if we can authenticate as the user. @IBAction func signInButtonPressed(_ sender: Any) { TCSLogWithMark("Sign In button pressed") let strippedUsername = usernameTextField.stringValue.trimmingCharacters(in: CharacterSet.whitespaces) if strippedUsername.isEmpty { usernameTextField.shake(self) TCSLogWithMark("No username entered") return } else if passString.isEmpty { passwordTextField.shake(self) view.window?.makeFirstResponder(passwordTextField) TCSLogWithMark("No password entered") return } if (self.localOnlyCheckBox.state == .off) { updateLoginWindowInfo() } else { shortName = strippedUsername } processLogin(inShortname: shortName, inPassword: passString) } func processLogin(inShortname:String, inPassword:String) { TCSLogWithMark() setLoginWindowState(enabled: false) if (self.domainName.isEmpty==true && UserDefaults.standard.bool(forKey: PrefKeys.shouldUseROPGForLoginWindowLogin.rawValue) == false) || self.localOnlyCheckBox.state == .on{ TCSLogWithMark("do local auth only") guard let resolvedName = try? PasswordUtils.resolveName(shortName) else { usernameTextField.shake(self) passwordTextField.shake(self) TCSLogWithMark("No user found for user \(shortName)") shakeWindowAndShowError() return } shortName = resolvedName switch PasswordUtils.isLocalPasswordValid(userName: shortName, userPass: passString) { case .success: setRequiredHintsAndContext() mechanismDelegate?.setHint(type: .localLogin, hint: true as NSSecureCoding ) if loginCardSetupButton.state == .on, let uid = unprovisionedRfidUid { shouldIgnoreInsertion=true setupLoginCard { result,pin in if result==true{ TCSLogWithMark("setting rfid uid: \(uid)") mechanismDelegate?.setHint(type: .rfidUid, hint: uid as NSSecureCoding) if let pin = pin { TCSLogWithMark("setting pin") mechanismDelegate?.setHint(type: .rfidPIN, hint: pin as NSSecureCoding) } shouldIgnoreInsertion=false completeLogin(authResult:.allow) } else { shouldIgnoreInsertion=false TCSLogWithMark("failed to set up Login card") shakeWindowAndShowError("Login Card Setup Failed") return } } } else { completeLogin(authResult:.allow) return } case .incorrectPassword: TCSLogWithMark("incorrectPassword") shakeWindowAndShowError() return case .accountDoesNotExist: TCSLogWithMark("accountDoesNotExist") shakeWindowAndShowError() return case .accountLocked: TCSLogWithMark("accountLocked so we prompt") if let mech = mechanismDelegate { let localAdmin = mech.getHint(type: .localAdmin) as? LocalAdminCredentials self.localAdmin = localAdmin switch mech.unsyncedPasswordPrompt(username: inShortname, password: inPassword, accountLocked: true, localAdmin: localAdmin, showResetButton: true){ case .success: setRequiredHintsAndContext() mechanismDelegate?.setHint(type: .localLogin, hint: true as NSSecureCoding ) completeLogin(authResult:.allow) break case .failure(_): shakeWindowAndShowError("account locked auth failure") return case .userCancelled: shakeWindowAndShowError("Account locked, user cancelled") return } } else { TCSLogWithMark("the mechanism delegate is nil") shakeWindowAndShowError() return } case .other(let mesg ): TCSLogWithMark("message: \(mesg)") shakeWindowAndShowError() return } } else if UserDefaults.standard.bool(forKey: PrefKeys.shouldUseROPGForLoginWindowLogin.rawValue) == true { TCSLogWithMark("Checking credentials using ROPG") tokenManager.feedbackDelegate=self shortName = inShortname let shouldUseBasicAuthWithROPG = DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldUseBasicAuthWithROPG.rawValue) var overrrideErrorArray = [String]() let ropgResponseValue = DefaultsOverride.standardOverride.string(forKey: PrefKeys.ropgResponseValue.rawValue) if let ropgResponseValue = ropgResponseValue { overrrideErrorArray.append(ropgResponseValue) } Task{ //Try with ROPG. We cannot override errors because otherwise we don't get a token back so that is bad. //so that means no MFA, but that is fine since we are interactive login and if you wanted MFA, you can //use a different OIDC flow with a web view. do{ let tokenResponse = try await tokenManager.oidc().requestTokenWithROPG(username: inShortname, password: inPassword, basicAuth: shouldUseBasicAuthWithROPG, overrideErrors: nil) // if tokenResponse==nil { tokenError("ROPG failed. No token returned.") return } if let tokenResponse = tokenResponse { _ = Creds(password: inPassword, tokens: tokenResponse) completeLogin(authResult:.allow) } } catch { shakeWindowAndShowError("ROPG failed: \(error.localizedDescription)") } } } else { // AD. So auth TCSLogWithMark("network auth.") networkAuth() } } fileprivate func networkAuth() { if shortName.isEmpty { if let user = try? PasswordUtils.getLocalRecord(getConsoleUser()), let kerbPrincArray = user.value(forKey: "dsAttrTypeNative:_xcreds_activedirectory_kerberosPrincipal") as? Array , let kerbPrinc = kerbPrincArray.first { shortName=kerbPrinc } } if domainName.isEmpty, let prefDomainName=getManagedPreference(key: .ADDomain) as? String{ domainName = prefDomainName } nomadSession = NoMADSession.init(domain: domainName, user: shortName) TCSLogWithMark("NoMAD Login User: \(shortName), Domain: \(domainName)") guard let session = nomadSession else { TCSLogErrorWithMark("Could not create NoMADSession") return } session.useSSL = isSSLRequired session.userPass = passString session.delegate = self session.recursiveGroupLookup = getManagedPreference(key: .RecursiveGroupLookup) as? Bool ?? false if let customLDAPAttributes = getManagedPreference(key: .CustomLDAPAttributes) as? Array { TCSLogWithMark("Adding requested Custom Attributes:\(customLDAPAttributes)") session.customAttributes=customLDAPAttributes } if let ignoreSites = getManagedPreference(key: .IgnoreSites) as? Bool { os_log("Ignoring AD sites", log: uiLog, type: .debug) session.siteIgnore = ignoreSites } if let ldapServers = getManagedPreference(key: .LDAPServers) as? [String] { TCSLogWithMark("Adding custom LDAP servers") session.ldapServers = ldapServers } TCSLogWithMark("Attempt to authenticate user") session.authenticate() } /// Format the user and domain from the login window depending on the mode the window is in. /// /// I.e. are we picking a domain from a list, using a managed domain, or putting it on the user name with '@'. fileprivate func updateLoginWindowInfo() { TCSLogWithMark("Format user and domain strings") TCSLogWithMark() domainName = "" let strippedUsername = usernameTextField.stringValue.trimmingCharacters(in: CharacterSet.whitespaces) shortName = strippedUsername TCSLogWithMark() let adDomainFromPrefs = DefaultsOverride.standardOverride.string(forKey: PrefKeys.aDDomain.rawValue) var allDomainsFromPrefs = DefaultsOverride.standardOverride.array(forKey: PrefKeys.additionalADDomainList.rawValue) as? [String] ?? [] if let adDomainFromPrefs=adDomainFromPrefs { allDomainsFromPrefs.append(adDomainFromPrefs) } allDomainsFromPrefs = allDomainsFromPrefs.map { currVal in currVal.uppercased() } if strippedUsername.range(of:"@") != nil { shortName = (strippedUsername.components(separatedBy: "@").first)! if let providedDomainName = (strippedUsername.components(separatedBy: "@").last)?.uppercased(){ domainName = providedDomainName } } if let upnMappings = DefaultsOverride.standardOverride.array(forKey: PrefKeys.upnSuffixToDomainMappings.rawValue) as? [[String:String]]{ for upnMapping in upnMappings { if let upn = upnMapping["upn"]?.uppercased(), let mappedDomain = upnMapping["domain"]?.uppercased(), upn == domainName.uppercased() { TCSLogWithMark("changing domain from \(domainName) to \(mappedDomain)") domainName = mappedDomain break } } } if domainName != "", allDomainsFromPrefs.contains(domainName.uppercased())==false { TCSLogWithMark("domain \(domainName) is not the adDomain or in additionalADDomainList.") domainName = "" } if domainName == "", let managedDomain = getManagedPreference(key: .ADDomain) as? String { TCSLogWithMark("Defaulting to managed domain as there is nothing else") domainName = managedDomain TCSLogWithMark("Using domain from managed domain") } return } //MARK: - Login Context Functions /// Set the authorization and context hints. These are the basics we need to passthrough to the next mechanism. fileprivate func setRequiredHintsAndContext() { TCSLogWithMark() TCSLogWithMark("Setting hints for user: \(shortName)") TCSLogWithMark("Setting user to \(shortName)") mechanismDelegate?.setHint(type: .user, hint: shortName as NSSecureCoding) mechanismDelegate?.setHint(type: .pass, hint: passString as NSSecureCoding) TCSLogWithMark() os_log("Setting context values for user: %{public}@", log: uiLog, type: .debug, shortName) mechanismDelegate?.setContextString(type: kAuthorizationEnvironmentUsername, value: shortName) mechanismDelegate?.setContextString(type: kAuthorizationEnvironmentPassword, value: passString) TCSLogWithMark() } /// Complete the login process and either continue to the next Authorization Plugin or reset the NoLo window. /// /// - Parameter authResult:`Authorizationresult` enum value that indicates if login should proceed. fileprivate func completeLogin(authResult: AuthorizationResult) { switch authResult { case .allow: TCSLogWithMark("Complete login process with allow") XCredsAudit().loginWindowLogin(user:shortName) mechanismDelegate?.allowLogin() case .deny: TCSLogWithMark("Complete login process with deny") mechanismDelegate?.denyLogin(message:nil) NotificationCenter.default.post(name: Notification.Name("TCSTokensUpdated"), object: self, userInfo:["error":"Login Denied","cause":authResult]) case .userCanceled: TCSLogWithMark("Complete login process with deny") mechanismDelegate?.denyLogin(message:nil) NotificationCenter.default.post(name: Notification.Name("TCSTokensUpdated"), object: self, userInfo:["error":"User Cancelled", "cause":authResult]) default: TCSLogWithMark("deny login process with unknown error") mechanismDelegate?.denyLogin(message:nil) NotificationCenter.default.post(name: Notification.Name("TCSTokensUpdated"), object: self, userInfo:["error":"Unknown error","cause":authResult]) } TCSLogWithMark() // NSApp.stopModal() } //MARK: - Update Local User Account Methods // fileprivate func showPasswordSync() { // // hide other possible boxes // TCSLogWithMark() // // let passwordWindowController = PromptForLocalPasswordWindowController.init(windowNibName: NSNib.Name("LoginPasswordWindowController")) // // passwordWindowController.window?.canBecomeVisibleWithoutLogin=true // passwordWindowController.window?.isMovable = false // passwordWindowController.window?.canBecomeVisibleWithoutLogin = true // passwordWindowController.window?.level = NSWindow.Level(rawValue: NSWindow.Level.floating.rawValue) // var isDone = false // while (!isDone){ // DispatchQueue.main.async{ // TCSLogWithMark("resetting level") // passwordWindowController.window?.level = NSWindow.Level(rawValue: NSWindow.Level.floating.rawValue) // } // // let response = NSApp.runModal(for: passwordWindowController.window!) // passwordWindowController.window?.close() // // if response == .cancel { // isDone=true // TCSLogWithMark("User cancelled resetting keychain or entering password. Denying login") // completeLogin(authResult: .deny) // // return // } // // let localPassword = passwordWindowController.password // guard let localPassword = localPassword else { // continue // } // do { // os_log("Password doesn't match existing local. Try to change local pass to match.", log: uiLog, type: .default) // let localUser = try getLocalRecord(shortName) // try localUser.changePassword(localPassword, toPassword: passString) // os_log("Password sync worked, allowing login", log: uiLog, type: .default) // // isDone=true // mechanism?.setHint(type: .existingLocalUserPassword, hint: localPassword) // completeLogin(authResult: .allow) // return // } catch { // os_log("Unable to sync local password to Network password. Reload and try again", log: uiLog, type: .error) // return // } // // // } // // } fileprivate func showMigration(password:String) { TCSLogWithMark() switch SelectLocalAccountWindowController.selectLocalAccountAndUpdate(newPassword: password) { case .successful(let username): TCSLogWithMark("Successful local account verification. Allowing") shortName = username setRequiredHintsAndContext() completeLogin(authResult: .allow) return case .canceled: TCSLogWithMark("selectLocalAccountAndUpdate cancelled") completeLogin(authResult: .deny) return case .createNewAccount: TCSLogWithMark("selectLocalAccountAndUpdate createNewAccount") completeLogin(authResult: .allow) case .error(let error): TCSLogWithMark("selectLocalAccountAndUpdate error:\(error)") completeLogin(authResult: .deny) } //need to prompt for username and passsword to select an account. Perhaps use code from the cloud login. // //RunLoop.main.perform { // // hide other possible boxes // os_log("Showing migration box", log: uiLog, type: .default) // // self.loginStack.isHidden = true // self.signIn.isHidden = true // self.signIn.isEnabled = true // // // show migration box // self.migrateBox.isHidden = false // self.migrateSpinner.isHidden = false // self.migrateUsers.addItems(withTitles: self.localCheck.migrationUsers ?? [""]) // //} } // @IBAction func clickMigrationOK(_ sender: Any) { // RunLoop.main.perform { // self.migrateSpinner.isHidden = false // self.migrateSpinner.startAnimation(nil) // } // // let migrateUIPass = self.migratePassword.stringValue // if migrateUIPass.isEmpty { // os_log("No password was entered", log: uiLog, type: .error) // RunLoop.main.perform { // self.migrateSpinner.isHidden = true // self.migrateSpinner.stopAnimation(nil) // } // return // } // // // Take a look to see if we are syncing passwords. Until the next refactor the easiest way to tell is if the picklist is hidden. // if self.migrateUsers.isHidden { // do { // os_log("Password doesn't match existing local. Try to change local pass to match.", log: uiLog, type: .default) // let localUser = try getLocalRecord(shortName) // try localUser.changePassword(migrateUIPass, toPassword: passString) // didUpdateFail = false // passChanged = false // os_log("Password sync worked, allowing login", log: uiLog, type: .default) // delegate?.setHint(type: .existingLocalUserPassword, hint: migrateUIPass) // completeLogin(authResult: .allow) // return // } catch { // os_log("Unable to sync local password to Network password. Reload and try again", log: uiLog, type: .error) // didUpdateFail = true // showPasswordSync() // return // } // } // guard let migrateToUser = self.migrateUsers.selectedItem?.title else { // os_log("Could not select user to migrate from pick list.", log: uiLog, type: .error) // return // } // do { // os_log("Getting user record for %{public}@", log: uiLog, type: .default, migrateToUser) // migrateUserRecord = try getLocalRecord(migrateToUser) // os_log("Checking existing password for %{public}@", log: uiLog, type: .default, migrateToUser) // if migrateUIPass != passString { // os_log("No match. Upating local password for %{public}@", log: uiLog, type: .default, migrateToUser) // try migrateUserRecord?.changePassword(migrateUIPass, toPassword: passString) // } else { // os_log("Okta and local passwords matched for %{public}@", log: uiLog, type: .default, migrateToUser) // } // // Mark the record to add an alias if required // os_log("Setting hints for %{public}@", log: uiLog, type: .default, migrateToUser) // delegate?.setHint(type: .existingLocalUserName, hint: migrateToUser) // delegate?.setHint(type: .existingLocalUserPassword, hint: migrateUIPass) // os_log("Allowing login", log: uiLog, type: .default, migrateToUser) // completeLogin(authResult: .allow) // } catch { // os_log("Migration failed with: %{public}@", log: uiLog, type: .error, error.localizedDescription) // return // } // // // if we are here, the password didn't work // os_log("Unable to migrate user.", log: uiLog, type: .error) // self.migrateSpinner.isHidden = true // self.migrateSpinner.stopAnimation(nil) // self.migratePassword.stringValue = "" // self.completeLogin(authResult: .deny) // } // // @IBAction func clickMigrationCancel(_ sender: Any) { // passChanged = false // didUpdateFail = false // completeLogin(authResult: .deny) // } // // @IBAction func clickMigrationNo(_ sender: Any) { // // user doesn't want to migrate, so create a new account // completeLogin(authResult: .allow) // } // @IBAction func clickMigrationOverwrite(_ sender: Any) { // // user wants to overwrite their current password // os_log("Password Overwrite selected", log: uiLog, type: .default) // localCheck.mech = self.mech // delegate?.setHint(type: .passwordOverwrite, hint: true) // completeLogin(authResult: .allow) // } // @IBAction func showNetworkConnection(_ sender: Any) { // username.isHidden = true // guard let windowContentView = self.window?.contentView, let wifiView = WifiView.createFromNib(in: .mainLogin) else { // os_log("Error showing network selection.", log: uiLog, type: .debug) // return // } // // wifiView.frame = windowContentView.frame // let completion = { // os_log("Finished working with wireless networks", log: uiLog, type: .debug) // self.username.isHidden = false // self.username.becomeFirstResponder() // } // wifiView.set(completionHandler: completion) // windowContentView.addSubview(wifiView) // } // // @IBAction func clickInfo(_ sender: Any) { // if sysInfo.count > sysInfoIndex + 1 { // sysInfoIndex += 1 // } else { // sysInfoIndex = 0 // } // // systemInfo.title = sysInfo[sysInfoIndex] // os_log("System information toggled", log: uiLog, type: .debug) // } // func verify() { // // if XCredsBaseMechanism.checkForLocalUser(name: shortName) { // TCSLogWithMark() // os_log("Verify local user login for %{public}@", log: uiLog, type: .default, shortName) // // if getManagedPreference(key: .DenyLocal) as? Bool ?? false { // os_log("DenyLocal is enabled, looking for %{public}@ in excluded users", log: uiLog, type: .default, shortName) // // var exclude = false // // if let excludedUsers = getManagedPreference(key: .DenyLocalExcluded) as? [String] { // if excludedUsers.contains(shortName) { // os_log("Allowing local sign in via exclusions %{public}@", log: uiLog, type: .default, shortName) // exclude = true // } // } // // if !exclude { // os_log("No exclusions for %{public}@, denying local login. Forcing network auth", log: uiLog, type: .default, shortName) // networkAuth() // return // } // } // TCSLogWithMark() // if PasswordUtils.verifyUser(name: shortName, auth: passString) { // TCSLogWithMark() // os_log("Allowing local user login for %{public}@", log: uiLog, type: .default, shortName) // setRequiredHintsAndContext() // TCSLogWithMark() // completeLogin(authResult: .allow) // return // } else { // os_log("Could not verify %{public}@", log: uiLog, type: .default, shortName) // authFail() // return // } // } // // } } //MARK: - NoMADUserSessionDelegate @available(macOS, deprecated: 11) extension SignInViewController: NoMADUserSessionDelegate { func NoMADAuthenticationFailed(error: NoMADSessionError, description: String) { if isResetPasswordInProgress==true { isResetPasswordInProgress=false if error == .PasswordExpired { TCSLogWithMark("Password expired so go ahead and changing it") changePassword() return } else { let alert = NSAlert() alert.addButton(withTitle: "OK") alert.messageText="Your current password is invalid. Please try again." alert.window.canBecomeVisibleWithoutLogin=true let bundle = Bundle.findBundleWithName(name: "XCreds") if let bundle = bundle { TCSLogWithMark("Found bundle") alert.icon=bundle.image(forResource: NSImage.Name("icon_128x128")) } alert.runModal() return } } updateCredentialsFeedbackDelegate?.kerberosTicketCheckFailed(error) TCSLogWithMark("AuthenticationFailed: \(description)") switch error { case .PasswordExpired: TCSLogErrorWithMark("Password is expired or requires change.") if DefaultsOverride().bool(forKey: PrefKeys.shouldPromptForADPasswordChange.rawValue) == false { shakeWindowAndShowError("Password is expired or requires change.") return } do { try showResetUI() } catch { TCSLogWithMark("\(error)") setLoginWindowState(enabled: true) } case .OffDomain, .UnknownPrincipal: TCSLogErrorWithMark("\(error)") if getManagedPreference(key: .LocalFallback) as? Bool ?? false, case .success = PasswordUtils.isLocalPasswordValid(userName: shortName, userPass: passString) { mechanismDelegate?.setHint(type: .localLogin, hint: true as NSSecureCoding) setRequiredHintsAndContext() completeLogin(authResult: .allow) } else { if error == .OffDomain { TCSLogErrorWithMark("AD authentication failed, off domain.") shakeWindowAndShowError("Cannot reach domain controller") } else if error == .UnknownPrincipal { TCSLogErrorWithMark("AD authentication failed, Unknown AD User.") shakeWindowAndShowError("Unknown AD User") } else { TCSLogErrorWithMark("Unknown Error") shakeWindowAndShowError("Unknown Error") } } default: TCSLogErrorWithMark("NoMAD Login Authentication failed with: \(description):\(error.rawValue)") shakeWindowAndShowError(description) // return } } func NoMADAuthenticationSucceeded() { updateCredentialsFeedbackDelegate?.kerberosTicketUpdated() if getManagedPreference(key: .RecursiveGroupLookup) as? Bool ?? false { nomadSession?.recursiveGroupLookup = true } if isResetPasswordInProgress==true { TCSLogWithMark("changing password and then returning") isResetPasswordInProgress = false changePassword() return } // need to ensure the right password is stashed if isInUserSpace==true { if hadPasswordFailure==true { TCSLogWithMark("had password failure, updating keychain with new password") hadPasswordFailure = false try? updateCurrentUserKeychain(updatedPassword: passString) } self.view.window?.close() } TCSLogWithMark("Authentication succeeded, requesting user info") nomadSession?.userInfo() } func changePassword() { TCSLogWithMark("Changing password") guard let session = nomadSession else { TCSLogWithMark("invalid session") return } session.oldPass = passString session.newPass = newPassword os_log("Attempting password change for %{public}@", log: uiLog, type: .debug, shortName) TCSLogWithMark("Attempting password change") do { try session.changeKerberosPassword() if isInUserSpace==true { try updateCurrentUserKeychain(updatedPassword: newPassword) passString = newPassword NotificationCenter.default.post(name: NSNotification.Name("KerberosPasswordChanged"), object: ["updatedPassword":newPassword]) let alert = NSAlert() alert.addButton(withTitle: "OK") alert.messageText="Password changed successfully." alert.window.canBecomeVisibleWithoutLogin=true let bundle = Bundle.findBundleWithName(name: "XCreds") if let bundle = bundle { TCSLogWithMark("Found bundle") alert.icon=bundle.image(forResource: NSImage.Name("icon_128x128")) } alert.runModal() session.userPass = newPassword session.authenticate(authTestOnly: false) } else { TCSLogWithMark("Setting current password to change later and authenticating with new password") let localUser = try getLocalRecord(shortName) //try to change the password, but if the admin changed it out of band, we don't //fail here and prompt later try? localUser.changePassword(passString, toPassword: newPassword) mechanismDelegate?.setHint(type: .existingLocalUserPassword, hint: passString as NSSecureCoding) passString = newPassword session.userPass = newPassword session.authenticate(authTestOnly: false) } } catch { TCSLogWithMark("Error changing password: \(error)") let alert = NSAlert() alert.addButton(withTitle: "OK") alert.messageText="Error changing password" alert.window.canBecomeVisibleWithoutLogin=true let bundle = Bundle.findBundleWithName(name: "XCreds") if let bundle = bundle { TCSLogWithMark("Found bundle") alert.icon=bundle.image(forResource: NSImage.Name("icon_128x128")) } alert.runModal() setLoginWindowState(enabled: true) } } func updateCurrentUserKeychain(updatedPassword:String) throws { let accountInfo = KeychainUtil().findPassword(serviceName: PrefKeys.password.rawValue,accountName: nil) TCSLogWithMark("Getting account info.") guard let password = accountInfo?.password else { TCSLogWithMark("no password in keychain.") throw PasswordError.invalidResult("no password in keychain") } //change password on keychain and local account TCSLogWithMark("change password on keychain and local account.") try PasswordUtils.changeLocalUserAndKeychainPassword(password, newPassword: updatedPassword) //change entry in keychain to match new password TCSLogWithMark("change entry in keychain to match new password") if KeychainUtil().updatePassword(serviceName: PrefKeys.password.rawValue,accountName:PrefKeys.password.rawValue, pass:updatedPassword, keychainPassword: updatedPassword) == false { throw PasswordError.invalidResult("Error updating password in keychain") } } //callback from ADAuth framework when userInfo returns func NoMADUserInformation(user: ADUserRecord) { TCSLogWithMark("User Info:\(user)") TCSLogWithMark("Groups:\(user.groups)") var allowedLogin = true if let passExpired = user.passwordExpire { updateCredentialsFeedbackDelegate?.passwordExpiryUpdate(passExpired) } updateCredentialsFeedbackDelegate?.adUserUpdated(user) TCSLogWithMark("Checking for DenyLogin groupsChecking for DenyLogin groups") if let allowedGroups = getManagedPreference(key: .DenyLoginUnlessGroupMember) as? [String] { TCSLogErrorWithMark("Found a DenyLoginUnlessGroupMember key value: \(allowedGroups.debugDescription)") // set the allowed login to false for now allowedLogin = false user.groups.forEach { group in if allowedGroups.contains(group) { allowedLogin = true TCSLogErrorWithMark("User is a member of %{public}@ group. Setting allowedLogin = true ") } } } let mapUID = DefaultsOverride.standardOverride.string(forKey: PrefKeys.mapUID.rawValue) if let mapUID = mapUID, let rawAttributes = user.rawAttributes, let uidString = rawAttributes[mapUID] { mechanismDelegate?.setHint(type: .uid, hint: uidString as NSSecureCoding) } if let ntName = user.customAttributes?["msDS-PrincipalName"] as? String { TCSLogWithMark("Found NT User Name: \(ntName)") mechanismDelegate?.setHint(type: .ntName, hint: ntName as NSSecureCoding) } if allowedLogin { setHints(user: user) // check for any migration and local auth requirements let localCheck = LocalCheckAndMigrate() localCheck.isInUserSpace = self.isInUserSpace localCheck.delegate = mechanismDelegate switch localCheck.migrationTypeRequired(userToCheck: user.shortName, passToCheck: passString, kerberosPrincipalName:user.userPrincipal) { case .fullMigration: TCSLogWithMark() showMigration(password:passString) case .syncPassword: // first check to see if we can resolve this ourselves TCSLogWithMark("Sync password called.") let promptPasswordWindowController = VerifyLocalPasswordWindowController() promptPasswordWindowController.showResetText=true promptPasswordWindowController.showResetButton=true if isInUserSpace==true{ promptPasswordWindowController.showResetText=false promptPasswordWindowController.showResetButton=false } var currUser = user.shortName TCSLogWithMark("switch promptPasswordWindowController") if isInUserSpace == true { let consoleUser = getConsoleUser() currUser=consoleUser } else { if let localAdmin = mechanismDelegate?.getHint(type: .localAdmin) as? LocalAdminCredentials, localAdmin.username.isEmpty==false { promptPasswordWindowController.adminUsername=localAdmin.username promptPasswordWindowController.adminPassword=localAdmin.password } } switch promptPasswordWindowController.promptForLocalAccountAndChangePassword(username: currUser, newPassword: passString, shouldUpdatePassword: true) { case .success(let enteredUsernamePassword): TCSLogWithMark("setting original password to use to unlock keychain later") if let enteredUsernamePassword = enteredUsernamePassword{ mechanismDelegate?.setHint(type: .existingLocalUserPassword, hint:enteredUsernamePassword.password as NSSecureCoding ) } completeLogin(authResult: .allow) case .accountResetRequested(let usernamePasswordCredentials): TCSLogWithMark("resetKeychainRequested") if let adminUsername = usernamePasswordCredentials?.username, let adminPassword = usernamePasswordCredentials?.password { let localAdmin = LocalAdminCredentials(username: adminUsername, password: adminPassword) TCSLogWithMark("Setting local admin from settings") mechanismDelegate?.setHint(type: .localAdmin, hint:localAdmin as NSSecureCoding ) mechanismDelegate?.setHint(type: .passwordOverwrite, hint: true as NSSecureCoding) completeLogin(authResult: .allow) } else { completeLogin(authResult: .deny) } case .userCancelled: TCSLogWithMark("userCancelled") completeLogin(authResult: .userCanceled) case .error(_): TCSLogWithMark("error") completeLogin(authResult: .deny) } case .errorSkipMigration(let mesg): mechanismDelegate?.denyLogin(message:mesg) case .skipMigration, .userMatchSkipMigration, .complete: completeLogin(authResult: .allow) // case .mappedUserFound(let foundODUserRecord): // shortName = foundODUserRecord.recordName // TCSLogWithMark("Mapped user found: \(shortName)") // setRequiredHintsAndContext() // completeLogin(authResult: .allow) } } else { shakeWindowAndShowError() TCSLogWithMark("auth fail") // alertText.stringValue = "Not authorized to login." // showResetUI() } } fileprivate func setHints(user: ADUserRecord) { TCSLogWithMark() TCSLogWithMark("NoMAD Login Looking up info"); setRequiredHintsAndContext() mechanismDelegate?.setHint(type: .firstName, hint: user.firstName as NSSecureCoding) mechanismDelegate?.setHint(type: .lastName, hint: user.lastName as NSSecureCoding) TCSLogWithMark("Setting user to \(user.shortName)") mechanismDelegate?.setHint(type: .user, hint: user.shortName as NSSecureCoding) mechanismDelegate?.setContextString(type: kAuthorizationEnvironmentUsername, value: user.shortName) mechanismDelegate?.setHint(type: .noMADDomain, hint: domainName as NSSecureCoding) mechanismDelegate?.setHint(type: .groups, hint: user.groups as NSSecureCoding) mechanismDelegate?.setHint(type: .fullName, hint: user.fullName as NSSecureCoding) TCSLogWithMark("setting kerberos principal to \(user.userPrincipal)") mechanismDelegate?.setHint(type: .kerberos_principal, hint: user.userPrincipal as NSSecureCoding) mechanismDelegate?.setHint(type: .ntName, hint: user.ntName as NSSecureCoding) // set the network auth time to be added to the user record mechanismDelegate?.setHint(type: .networkSignIn, hint: String(describing: Date.init().description) as NSSecureCoding) if let userAttributes = user.rawAttributes{ TCSLogWithMark("Setting AD user attributes") mechanismDelegate?.setHint(type: .allADAttributes, hint:userAttributes as NSSecureCoding ) } } } //MARK: - NSTextField Delegate @available(macOS, deprecated: 11) extension SignInViewController: NSTextFieldDelegate { public func controlTextDidChange(_ obj: Notification) { let passField = obj.object as! NSTextField if passField.tag == 99 { passString = passField.stringValue } } } //MARK: - ContextAndHintHandling Protocol //extension SignIn: ContextAndHintHandling {} extension NSWindow { func shakeWindow(){ let numberOfShakes = 3 let durationOfShake = 0.25 let vigourOfShake : CGFloat = 0.015 let frame : CGRect = self.frame let shakeAnimation :CAKeyframeAnimation = CAKeyframeAnimation() let shakePath = CGMutablePath() shakePath.move(to: CGPoint(x: frame.minX, y: frame.minY)) for _ in 0...numberOfShakes-1 { shakePath.addLine(to: CGPoint(x: frame.minX - frame.size.width * vigourOfShake, y: frame.minY)) shakePath.addLine(to: CGPoint(x: frame.minX + frame.size.width * vigourOfShake, y: frame.minY)) } shakePath.closeSubpath() shakeAnimation.path = shakePath; shakeAnimation.duration = durationOfShake; self.animations = [NSAnimatablePropertyKey("frameOrigin"):shakeAnimation] self.animator().setFrameOrigin(self.frame.origin) } } ================================================ FILE: XCredsLoginPlugIn/LoginWindow/TCSReturnWindow.h ================================================ // // TCSReturnWindow.h // // Created by Tim Perfitt on 9/6/17. // // #import @interface TCSReturnWindow : NSWindow @end ================================================ FILE: XCredsLoginPlugIn/LoginWindow/TCSReturnWindow.m ================================================ // // TCSReturnWindow.m // // Created by Tim Perfitt on 9/6/17. // // #import "TCSReturnWindow.h" @implementation TCSReturnWindow - (id)initWithContentRect:(NSRect)contentRect styleMask:(__unused NSWindowStyleMask)aStyle backing:(__unused NSBackingStoreType)bufferingType defer:(__unused BOOL)flag { // Using NSBorderlessWindowMask results in a window without a title bar. self = [super initWithContentRect:contentRect styleMask:NSBorderlessWindowMask backing:NSBackingStoreBuffered defer:NO]; if (self != nil) { // Start with no transparency for all drawing into the window [self setAlphaValue:0.5]; //Set backgroundColor to clearColor self.backgroundColor = NSColor.grayColor; // Turn off opacity so that the parts of the window that are not drawn into are transparent. // [self setOpaque:NO]; } return self; } @end ================================================ FILE: XCredsLoginPlugIn/LoginWindow/WhitePopoverBackgroundView.swift ================================================ // // WhitePopoverBackgroundView.swift // XCredsLoginPlugin // // Created by Timothy Perfitt on 6/8/24. // import Cocoa class WhitePopoverBackgroundView: NSView { override func draw(_ dirtyRect: NSRect) { super.draw(dirtyRect) NSColor.white.set() bounds.fill() // Drawing code here. } } ================================================ FILE: XCredsLoginPlugIn/LoginWindow/xcreds_login.sh ================================================ #!/bin/bash script_path="$0" script_folder=$(dirname "${script_path}") authrights_path="${script_folder}"/authrights plugin_path="${script_folder}"/XCredsLoginPlugin.bundle plugin_resources_path="${plugin_path}"/Contents/Resources overlay_path="${script_folder}"/"XCreds Login Overlay.app" overlay_resources_path="${overlay_path}"/Contents/Resources auth_backup_folder=/Library/"Application Support"/xcreds rights_backup_path="${auth_backup_folder}"/rights.bak launch_agent_config_name="com.twocanoes.xcreds-overlay.plist" app_launch_agent_config_name="com.twocanoes.xcreds-launchagent.plist" launch_agent_destination_path="/Library/LaunchAgents/" launch_agent_source_path="${overlay_resources_path}"/"${launch_agent_config_name}" app_launch_agent_source_path="${script_folder}"/"${app_launch_agent_config_name}" autofill_path="${target_path}/Applications/XCreds.app/Contents/Resources/XCreds Login Autofill.app/Contents/PlugIns/XCreds Login Password.appex" f_install=0 f_remove=0 f_restore=0 remove_rights () { "${authrights_path}" -d "XCredsLoginPlugin:UserSetup,privileged" "${authrights_path}" -r "XCredsLoginPlugin:LoginWindow" "loginwindow:login" > /dev/null "${authrights_path}" -d "XCredsLoginPlugin:PowerControl,privileged" "${authrights_path}" -d "XCredsLoginPlugin:KeychainAdd,privileged" "${authrights_path}" -d "XCredsLoginPlugin:CreateUser,privileged" "${authrights_path}" -d "XCredsLoginPlugin:EnableFDE,privileged" "${authrights_path}" -d "XCredsLoginPlugin:LoginDone" } while getopts ":ire" o; do case "${o}" in i) f_install=1 ;; r) f_remove=1 ;; e) f_restore=1 ;; esac done if [ $(id -u) -ne 0 ]; then echo please run with sudo exit -1 fi if [ $f_install -eq 1 ] && [ $f_remove -eq 1 ]; then echo "you can't specify both -i and -r" exit -1 fi if [ $f_install -eq 1 ]; then if [ ! -e "${auth_backup_folder}" ]; then mkdir -p "${auth_backup_folder}" fi if [ ! -e "${rights_backup_path}" ]; then security authorizationdb read system.login.console > "${rights_backup_path}" fi if [ -e "${autofill_path}" ]; then /usr/bin/pluginkit -a "${autofill_path}" fi if [ -e "${plugin_path}" ]; then cp -R "${plugin_path}" "${target_volume}"/Library/Security/SecurityAgentPlugins/ chown -R root:wheel "${target_volume}"/Library/Security/SecurityAgentPlugins/XCredsLoginPlugin.bundle fi #app_launch_agent_source_path if [ ! -e "${launch_agent_destination_path}"/"${app_launch_agent_config_name}" ]; then cp "${app_launch_agent_source_path}" "${launch_agent_destination_path}" fi if [ ! -e "${launch_agent_destination_path}"/"${launch_agent_config_name}" ]; then cp "${launch_agent_source_path}" "${launch_agent_destination_path}" fi if [ -e ${authrights_path} ]; then remove_rights "${authrights_path}" -b "loginwindow:login" "XCredsLoginPlugin:UserSetup,privileged" "${authrights_path}" -r "loginwindow:login" "XCredsLoginPlugin:LoginWindow" "${authrights_path}" -a "XCredsLoginPlugin:LoginWindow" "XCredsLoginPlugin:PowerControl,privileged" "${authrights_path}" -a "loginwindow:done" "XCredsLoginPlugin:KeychainAdd,privileged" "${authrights_path}" -a "builtin:login-begin" "XCredsLoginPlugin:CreateUser,privileged" "${authrights_path}" -a "loginwindow:done" "XCredsLoginPlugin:EnableFDE,privileged" "${authrights_path}" -a "loginwindow:done" "XCredsLoginPlugin:LoginDone" else echo "could not find authrights tool" exit -1 fi elif [ $f_remove -eq 1 ]; then remove_rights if [ -e "/Library/Security/SecurityAgentPlugins/XCredsLoginPlugin.bundle" ]; then rm -rf "/Library/Security/SecurityAgentPlugins/XCredsLoginPlugin.bundle" fi if [ -e "${launch_agent_destination_path}"/"${launch_agent_config_name}" ]; then rm "${launch_agent_destination_path}"/"${launch_agent_config_name}" fi if [ -e "${launch_agent_destination_path}"/"${app_launch_agent_config_name}" ]; then rm "${launch_agent_destination_path}"/"${app_launch_agent_config_name}" fi elif [ $f_restore -eq 1 ]; then if [ -e "${rights_backup_path}" ]; then security authorizationdb write system.login.console < "${rights_backup_path}" else echo "no backup found to restore at \"${rights_backup_path}\"" fi else echo "you must specify -i (install right), -r (remove right), or -e (restore all rights from backup)." exit -1 fi ================================================ FILE: XCredsLoginPlugIn/Mechanisms/LogOnly.swift ================================================ // // LogOnly.swift // NoMADLogin // // Created by Joel Rennich on 9/23/17. // Copyright © 2017 Joel Rennich. All rights reserved. // import Foundation import Security.AuthorizationTags import SecurityInterface.SFAuthorizationPluginView import os.log import LocalAuthentication /// AuthorizationPlugin mechanism that simply logs the hint and context values that are being passed around. @available(macOS, deprecated: 11) class LogOnly : XCredsBaseMechanism { let contextKeys = [kAuthorizationEnvironmentUsername, kAuthorizationEnvironmentPassword, kAuthorizationEnvironmentShared, kAuthorizationRightExecute, kAuthorizationEnvironmentIcon, kAuthorizationEnvironmentPrompt] // class to iterate anything in the context and hits and print them out // heavily influenced by the Apple NullAuth sample code @objc override func run() { TCSLogErrorWithMark("LogOnly mech starting") TCSLogErrorWithMark("Printing security context arguments") getArguments() TCSLogErrorWithMark("Printing LAContext Tokens") // getTokens() TCSLogErrorWithMark("Printing all context values:") for item in contextKeys { // TCSLogErrorWithMark("\(item)") if let result = getContextString(type: item) { TCSLogErrorWithMark("Context item \(item):\(result)") } } TCSLogErrorWithMark("Printing all hint values:") let hintKeys = HintType.allCases.map{$0.rawValue} for item in hintKeys { // TCSLogErrorWithMark("\(item)") if let hintType = HintType(rawValue: item) { if let result = getHint(type: hintType) as? String { TCSLogErrorWithMark("Hint item \(item):\(result)") } } } TCSLogErrorWithMark("LogOnly mech complete") let _ = allowLogin() TCSLogErrorWithMark("LogOnly mech complete") } func getArguments() { var value : UnsafePointer? = nil let error = mechCallbacks.GetArguments(mechEngine, &value) if error != noErr { // TCSLogErrorWithMark("getArguments: \(error)") } } // log only func getTokens() { TCSLogErrorWithMark() if #available(OSX 10.13, *) { TCSLogErrorWithMark("GetLAContext") var value : Unmanaged? // defer {value?.release()} // public var GetTokenIdentities: @convention(c) (AuthorizationEngineRef, CFTypeRef, UnsafeMutablePointer?>?) -> OSStatus // public var GetLAContext: @convention(c) (AuthorizationEngineRef, UnsafeMutablePointer?>?) -> OSStatus var laContext:Unmanaged? let status = mechCallbacks.GetLAContext(mechEngine,&laContext) if status != noErr{ } else { TCSLogErrorWithMark("no error") let error = mechCallbacks.GetTokenIdentities(mechEngine, laContext as CFTypeRef, &value) TCSLogWithMark( "Got TokenIdentities2") if error != noErr { TCSLogErrorWithMark("GetTokenIdentities error:") } else { TCSLogWithMark( "Got TokenIdentities") // TCSLogWithMark(value.debugDescription) } } } else { os_log("Tokens are not supported on this version of macOS", log: noLoMechlog, type: .default) } } } ================================================ FILE: XCredsLoginPlugIn/Mechanisms/LogShim.swift ================================================ // // LogShim.swift // XCredsLoginPlugin // // Created by Timothy Perfitt on 7/4/22. // import Foundation let noLoMechlog = "" enum ErrorType { case error case info case noLoMechlog case createUserLog case `default` case debug case uiLog } func os_log(_ msg:String,log:String="",type:ErrorType = .info, _ extra1:String?="",_ extra2:String?="",_ extra3:String?="",_ extra4:String?="",_ extra5:String?="",_ extra6:String?="",_ extra7:String?="",_ extra8:String?="") { TCSLogWithMark("\(msg):\(extra1 ?? ""):\(extra2 ?? ""):\(extra3 ?? ""):\(extra4 ?? ""):\(extra5 ?? ""):\(extra6 ?? ""):\(extra7 ?? ""):\(extra8 ?? "")") } ================================================ FILE: XCredsLoginPlugIn/Mechanisms/XCredsBaseMechanism.swift ================================================ import Cocoa import OpenDirectory @available(macOS, deprecated: 11) @objc class XCredsBaseMechanism: NSObject, XCredsMechanismProtocol, DSQueryable { func reload() { fatalError() } let mechCallbacks: AuthorizationCallbacks let mechEngine: AuthorizationEngineRef let mech: MechanismRecord? @objc init(mechanism: UnsafePointer) { TCSLogWithMark() self.mech = mechanism.pointee self.mechCallbacks = mechanism.pointee.fPlugin.pointee.fCallbacks.pointee self.mechEngine = mechanism.pointee.fEngine super.init() TCSLogWithMark("Setting up prefs") setupPrefs() } func run(){ fatalError("superclass must implement") } func setupHints(fromCredentials credentials:Creds, password:String) -> ErrorResult { TCSLogWithMark("Checking for allow login preference") let tokenManager = TokenManager() let idTokenInfo = try? tokenManager.tokenInfo(fromCredentials: credentials) if let allowUsersClaim = DefaultsOverride.standardOverride.string(forKey: PrefKeys.allowUsersClaim.rawValue), let allowedUsersArray = DefaultsOverride.standardOverride.array(forKey: PrefKeys.allowedUsersArray.rawValue) as? Array, allowedUsersArray.count>0, let tokenInfo = idTokenInfo, let userValue = tokenInfo[allowUsersClaim] as? String { TCSLogWithMark("allowUsersClaim defined as \(allowUsersClaim) and allowedUsersArray as \(allowedUsersArray.debugDescription)") if allowedUsersArray.contains(userValue)==false { TCSLogWithMark("user is not allowed to login") //no need to send back message because failure will show it. denyLogin(message: nil) return .failure("The user \"\(userValue)\" is not allowed to login") } else { TCSLogWithMark("user allowed to login") } } do { let tokenManager = TokenManager() let idTokenInfo = try tokenManager.tokenInfo(fromCredentials: credentials) //no need to send back message because failure will show it. guard let idTokenInfo = idTokenInfo else { denyLogin(message: nil) return .failure("invalid idtoken") } let currentDate = ISO8601DateFormatter().string(from: Date()) setHint(type: .oidcLastLoginTimestamp, hint: currentDate as NSSecureCoding) let userInfoResult = tokenManager.setupUserAccountInfo(idTokenInfo: idTokenInfo) var userInfo:TokenManager.UserAccountInfo switch userInfoResult { case .success(let retUserAccountInfo): userInfo = retUserAccountInfo case .error(let message): //no need to send back message because failure will show it. denyLogin(message:nil) return .failure(message) } if let allowedGroupsArray = DefaultsOverride.standardOverride.array(forKey: PrefKeys.allowLoginIfMemberOfGroup.rawValue) as? Array, allowedGroupsArray.count>0 { TCSLogWithMark("allowedGroupsArray as \(allowedGroupsArray.debugDescription)") var isMemberOfAllowedGroup=false userInfo.groups?.map({ group in group.lowercased() }).forEach({ userGroup in if allowedGroupsArray.contains(userGroup.lowercased()){ TCSLogWithMark("user is in group \(userGroup)") isMemberOfAllowedGroup=true return } }) if isMemberOfAllowedGroup==false { TCSLogWithMark("user is not allowed to login. not in member of allowed group.") return .failure("The user is not allowed to log in because they are not a member of an allowed group.") } else { TCSLogWithMark("user allowed to login") } } if let firstname = userInfo.firstName { setHint(type: .firstName, hint: firstname as NSSecureCoding) } if let lastName = userInfo.lastName { setHint(type: .lastName, hint: lastName as NSSecureCoding) } if let username = userInfo.username { TCSLogWithMark("set shortname to \(username)") setHint(type: .user, hint: username as NSSecureCoding) } if let fullUsername = userInfo.fullUsername { setHint(type: .fullusername, hint: fullUsername as NSSecureCoding) } if let fullName = userInfo.fullName { setHint(type: .fullName, hint: fullName as NSSecureCoding) } if let groups = userInfo.groups { setHint(type: .groups, hint: groups as NSSecureCoding) } if let aliasName = userInfo.alias { setHint(type: .aliasName, hint: aliasName as NSSecureCoding) } if let kerberosPrincipalName = userInfo.kerberosPrincipalName { setHint(type: .kerberos_principal, hint: kerberosPrincipalName as NSSecureCoding) } if let uid = userInfo.uid { setHint(type: .uid, hint: uid as NSSecureCoding ) } let findUserAndUpdatePasswordResult = tokenManager.findUserAndUpdatePassword(idTokenInfo: idTokenInfo, newPassword: password) guard let findUserAndUpdatePasswordResult = findUserAndUpdatePasswordResult else { //no need to send back message because failure will show it. denyLogin(message:nil) return .failure("could not find local user with findUserAndUpdatePassword") } switch findUserAndUpdatePasswordResult { case .successful(let username): userInfo.username = username break case .canceled: //no need to send back message because failure will show it. denyLogin(message:nil) return .failure("cancelled") case .createNewAccount: break case .error(let mesg): //no need to send back message because failure will show it. denyLogin(message:nil) return .failure(mesg) } guard let username = userInfo.username else { TCSLogErrorWithMark("username or password are not set") //no need to send back message because failure will show it. denyLogin(message:nil) return .failure("username or password are not set") } if password.isEmpty { TCSLogWithMark("Empty password. Failing"); let message = "Password not set. Verify username mapping in configuration is correct and you are not using passwordless login." //no need to send back message because failure will show it. denyLogin(message: nil) return .failure(message) } TCSLogWithMark("checking local password for username:\(username)"); let passwordCheckStatus = PasswordUtils.isLocalPasswordValid(userName: username, userPass: password) var accountLocked = false var isSuspect = false if let subValue = idTokenInfo["sub"] as? String, let issuerValue = idTokenInfo["iss"] as? String ,let existingUser = try? getUserRecord(sub: subValue, iss: issuerValue), let _ = try? existingUser.values(forAttribute: "dsAttrTypeNative:_xcreds_oidc_updatedfromlocal") as? [String] { TCSLogWithMark("setting isSuspect to true.") isSuspect=true } switch passwordCheckStatus { case .success: TCSLogWithMark("Local password matches cloud password ") case .accountLocked: accountLocked=true fallthrough case .incorrectPassword: TCSLogWithMark("incorrectPassword called.") let localAdmin = getHint(type: .localAdmin) as? LocalAdminCredentials if getManagedPreference(key: .PasswordOverwriteSilent) as? Bool ?? false, let localAdmin = localAdmin, localAdmin.hasEmptyValues()==false,isSuspect==false { TCSLogWithMark("setting passwordOverwrite") setHint(type: .passwordOverwrite, hint: true as NSSecureCoding) } else { TCSLogWithMark("prompting for password") //if the info in DS was provided from a user account file, we don't want to allow admin override to force the user to prove they know //the password to the account. switch unsyncedPasswordPrompt(username: username, password: password, accountLocked: accountLocked, localAdmin: isSuspect==false ? localAdmin : nil,showResetButton: !isSuspect){ case .success: break case .failure( let mesg): return .failure(mesg) case .userCancelled: return .userCancelled } } case .accountDoesNotExist: TCSLogWithMark("user account doesn't exist yet") case .other(let mesg): TCSLogWithMark("password check error:\(mesg)") //no need to send back message because failure will show it. denyLogin(message:nil) return .failure(mesg) } TCSLogWithMark("passing username:\(username), password, and tokens") TCSLogWithMark("setting kAuthorizationEnvironmentUsername") setContextString(type: kAuthorizationEnvironmentUsername, value: username) TCSLogWithMark("setting kAuthorizationEnvironmentPassword") setContextString(type: kAuthorizationEnvironmentPassword, value: password) TCSLogWithMark("setting username") TCSLogWithMark("setting username to \(username)") setHint(type: .user, hint: username as NSSecureCoding) TCSLogWithMark("setting tokens.password") setHint(type: .pass, hint: password as NSSecureCoding) TCSLogWithMark("setting tokens") setHint(type: .tokens, hint: [credentials.idToken ?? "",credentials.refreshToken ?? "",credentials.accessToken ?? ""] as NSSecureCoding) TCSLogWithMark("calling allowLogin") XCredsAudit().loginWindowLogin(user:username) allowLogin() return .success } catch TokenManager.ProcessTokenResult.error(let msg){ TCSLogWithMark("invalid idToken:\(msg)") denyLogin(message: nil) return .failure(msg) } catch { TCSLogWithMark("Error:\(error.localizedDescription)") //no need to send back message because failure will show it. denyLogin(message:nil) return .failure("credentialsUpdated error") } } func unsyncedPasswordPrompt(username: String, password: String,accountLocked:Bool, localAdmin: LocalAdminCredentials?, showResetButton:Bool=true) ->ErrorResult { TCSLogWithMark() let promptPasswordWindowController = VerifyLocalPasswordWindowController() promptPasswordWindowController.isAccountLocked=accountLocked promptPasswordWindowController.showResetText=true promptPasswordWindowController.showResetButton=true if let localAdmin = localAdmin, localAdmin.hasEmptyValues()==false { TCSLogWithMark("setting local admin and password") promptPasswordWindowController.adminUsername = localAdmin.username promptPasswordWindowController.adminPassword = localAdmin.password } switch promptPasswordWindowController.promptForLocalAccountAndChangePassword(username: username, newPassword: password, shouldUpdatePassword: true, showResetButton: showResetButton) { case .success(let enteredCredentials): TCSLogWithMark("setting original password to use to unlock keychain later") if let enteredCredentials = enteredCredentials, !enteredCredentials.password.isEmpty { setHint(type: .existingLocalUserPassword, hint:enteredCredentials.password as NSSecureCoding ) } return .success case .accountResetRequested(let localAdminCredentials): TCSLogWithMark("accountResetRequested") if let localAdminCredentials = localAdminCredentials { TCSLogWithMark("setting localAdminCredentials hint") setHint(type: .localAdmin, hint:localAdminCredentials) } TCSLogWithMark("setting passwordOverwrite hint") setHint(type: .passwordOverwrite, hint: true as NSSecureCoding) return .success case .userCancelled: return .userCancelled case .error(let errMsg): TCSLogWithMark("Error prompting: \(errMsg)") return .failure(errMsg) } } func setupPrefs(){ TCSLogWithMark() UserDefaults.standard.addSuite(named: "com.twocanoes.xcreds") let defaultsPath = Bundle(for: type(of: self)).path(forResource: "defaults", ofType: "plist") if let defaultsPath = defaultsPath { let defaultsDict = NSDictionary(contentsOfFile: defaultsPath) UserDefaults.standard.register(defaults: defaultsDict as! [String : Any]) } } var xcredsPass: String? { get { guard let userPass = getHint(type: .pass) as? String else { return nil } os_log("Computed xcredsPass accessed: %@", log: noLoMechlog, type: .debug) return userPass } } var xcredsFirst: String? { get { guard let firstName = getHint(type: .firstName) as? String else { return "" } os_log("Computed firstName accessed: %{public}@", log: noLoMechlog, type: .debug, firstName) return firstName } } var xcredsLast: String? { get { guard let lastName = getHint(type: .lastName) as? String else { return "" } os_log("Computed lastName accessed: %{public}@", log: noLoMechlog, type: .debug, lastName) return lastName } } var xcredsUser: String? { get { guard let userName = getHint(type: .user) as? String else { TCSLogWithMark("no usernames") return nil } TCSLogWithMark("username is \(userName)") return userName } } var usernameContext: String? { get { var value : UnsafePointer? = nil var flags = AuthorizationContextFlags() var err: OSStatus = noErr err = mechCallbacks.GetContextValue( mechEngine, kAuthorizationEnvironmentUsername, &flags, &value) if err != errSecSuccess { return nil } guard let username = NSString.init(bytes: value!.pointee.data!, length: value!.pointee.length, encoding: String.Encoding.utf8.rawValue) else { return nil } return username.trimmingCharacters(in: CharacterSet.whitespaces.union(CharacterSet(["\0"]))) } } var passwordContext: String? { get { var value : UnsafePointer? = nil var flags = AuthorizationContextFlags() var err: OSStatus = noErr err = mechCallbacks.GetContextValue( mechEngine, kAuthorizationEnvironmentPassword, &flags, &value) if err != errSecSuccess { return nil } guard let pass = NSString.init(bytes: value!.pointee.data!, length: value!.pointee.length, encoding: String.Encoding.utf8.rawValue) else { return nil } return pass.trimmingCharacters(in: CharacterSet.whitespaces.union(CharacterSet(["\0"]))) } } func allowLogin() { TCSLogWithMark("================== Mech Complete ==================") let error = mechCallbacks.SetResult(mechEngine, .allow) if error != noErr { TCSLogErrorWithMark("Error: \(error)") } } // disallow login func denyLogin(message: String?) { TCSLogErrorWithMark("***************** DENYING LOGIN ********************"); if let message = message { setStickyContextString(type: "ErrorMessage", value: message) } let error = mechCallbacks.SetResult(mechEngine, .deny) if error != noErr { TCSLogWithMark("Error: \(error)") } } func setHints(_ hints:[HintType:Any]){ for hint in hints { if let hintValue = hint.value as? NSSecureCoding{ setHint(type: hint.key, hint:hintValue ) } else { TCSLogErrorWithMark("hint \(hint.key) does not conform to NSSecureCoding") } } } func setContextStrings(_ contentStrings: [String : String]){ for contextString in contentStrings { setContextString(type: contextString.key, value:contextString.value) } } func setHint(type: HintType, hint: NSSecureCoding) { guard let data = try? NSKeyedArchiver.archivedData(withRootObject: hint, requiringSecureCoding: true) else { TCSLogErrorWithMark("Login Set hint failed: cant archive data to a data object") return } var value = AuthorizationValue(length: data.count, data: UnsafeMutableRawPointer(mutating: (data as NSData).bytes.bindMemory(to: Void.self, capacity: data.count))) let err = mechCallbacks.SetHintValue((mech?.fEngine)!, type.rawValue, &value) guard err == errSecSuccess else { TCSLogWithMark("XCred Login Set hint failed with: %{public}@") return } } func setHintData(type: HintType, data: Data) { var value = AuthorizationValue(length: data.count, data: UnsafeMutableRawPointer(mutating: (data as NSData).bytes.bindMemory(to: Void.self, capacity: data.count))) let err = mechCallbacks.SetHintValue((mech?.fEngine)!, type.rawValue, &value) guard err == errSecSuccess else { TCSLogWithMark("XCred Login Set hint failed with: %{public}@") return } } var groups: [String]? { get { guard let userGroups = getHint(type: .groups) as? [String] else { os_log("groups value is empty", log: noLoMechlog, type: .debug) return nil } return userGroups } } func getHint(type: HintType) -> Any? { var value : UnsafePointer? = nil var err: OSStatus = noErr err = mechCallbacks.GetHintValue((mech?.fEngine)!, type.rawValue, &value) if err != errSecSuccess { // TCSLogWithMark("No hint retrieved for: \(type.rawValue)") return nil } let outputdata = Data.init(bytes: value!.pointee.data!, count: value!.pointee.length) guard let result = NSKeyedUnarchiver.unarchiveObject(with: outputdata) else { return nil } return result } /// Adds a new alias to an existing local record /// /// - Parameters: /// - name: the shortname of the user to check as a `String`. /// - alias: The password of the user to check as a `String`. /// - Returns: `true` if user:pass combo is valid, false if not. class func addAlias(name: String, alias: String) -> Bool { os_log("Checking for local username", log: noLoMechlog, type: .error) var records = [ODRecord]() let odsession = ODSession.default() do { let node = try ODNode.init(session: odsession, type: ODNodeType(kODNodeTypeLocalNodes)) let query = try ODQuery.init(node: node, forRecordTypes: kODRecordTypeUsers, attribute: kODAttributeTypeRecordName, matchType: ODMatchType(kODMatchEqualTo), queryValues: name, returnAttributes: kODAttributeTypeAllAttributes, maximumResults: 0) records = try query.resultsAllowingPartial(false) as! [ODRecord] } catch { let errorText = error.localizedDescription os_log("ODError while trying to check for local user: %{public}@", log: noLoMechlog, type: .error, errorText) return false } let isLocal = records.isEmpty ? false : true os_log("Results of local user check %{public}@", log: noLoMechlog, type: .error, isLocal.description) if !isLocal { return isLocal } // now to update the alias do { if let currentAlias = try records.first?.values(forAttribute: kODAttributeTypeRecordName) as? [String] { if !currentAlias.contains(alias) { try records.first?.addValue(alias, toAttribute: kODAttributeTypeRecordName) } } else { try records.first?.addValue(alias, toAttribute: kODAttributeTypeRecordName) } } catch { os_log("Unable to add alias to record") return false } return true } /// Updates a timestamp on a local account /// /// - Parameters: /// - name: the shortname of the user to check as a `String`. /// - time: The time to add as a `String`. /// - Returns: `true` if time attribute can be added, false if not. class func updateSignIn(name: String, time: AnyObject ) -> Bool { os_log("Checking for local username", log: noLoMechlog, type: .default) var records = [ODRecord]() let odsession = ODSession.default() do { let node = try ODNode.init(session: odsession, type: ODNodeType(kODNodeTypeLocalNodes)) let query = try ODQuery.init(node: node, forRecordTypes: kODRecordTypeUsers, attribute: kODAttributeTypeRecordName, matchType: ODMatchType(kODMatchEqualTo), queryValues: name, returnAttributes: kODAttributeTypeAllAttributes, maximumResults: 0) records = try query.resultsAllowingPartial(false) as! [ODRecord] } catch { let errorText = error.localizedDescription os_log("ODError while trying to check for local user: %{public}@", log: noLoMechlog, type: .error, errorText) return false } let isLocal = records.isEmpty ? false : true os_log("Results of local user check %{public}@", log: noLoMechlog, type: .default, isLocal.description) if !isLocal { return isLocal } // now to update the attribute do { try records.first?.setValue(time, forAttribute: kODAttributeNetworkSignIn) } catch { os_log("Unable to add sign in time to record", log: noLoMechlog, type: .error) return false } return true } /// Set one of the known `AuthorizationTags` values to be used during mechanism evaluation. /// /// - Parameters: /// - type: A `String` constant from AuthorizationTags.h representing the value to set. /// - value: A `String` value of the context value to set. func setContextString(type: String, value: String) { let tempdata = value + "\0" let data = tempdata.data(using: .utf8) var value = AuthorizationValue(length: (data?.count)!, data: UnsafeMutableRawPointer(mutating: (data! as NSData).bytes.bindMemory(to: Void.self, capacity: (data?.count)!))) let err = mechCallbacks.SetContextValue((mech?.fEngine)!, type, .extractable, &value) guard err == errSecSuccess else { TCSLogWithMark("Set context value failed with: %{public}@") return } } func setStickyContextString(type: String, value: String) { TCSLogWithMark("Setting stick context \(type) value: \(value)") let tempdata = value + "\0" let data = tempdata.data(using: .utf8) var value = AuthorizationValue(length: (data?.count)!, data: UnsafeMutableRawPointer(mutating: (data! as NSData).bytes.bindMemory(to: Void.self, capacity: (data?.count)!))) let err = mechCallbacks.SetContextValue((mech?.fEngine)!, type, .sticky, &value) guard err == errSecSuccess else { TCSLogWithMark("Set context value failed with: %{public}@") return } } func getContextString(type: String) -> String? { TCSLogWithMark() var value: UnsafePointer? var flags = AuthorizationContextFlags() let err = mech?.fPlugin.pointee.fCallbacks.pointee.GetContextValue((mech?.fEngine)!, type, &flags, &value) if err != errSecSuccess { TCSLogWithMark("No context string for \(type)") return nil } return String(bytesNoCopy: value!.pointee.data!, length: value!.pointee.length, encoding: .utf8, freeWhenDone: false) } func runDict() -> Dictionary? { do { let data = NSData(contentsOfFile: "/tmp/xcredsrun") as? Data guard let data = data else { return nil } let dict = try NSKeyedUnarchiver.unarchivedObject(ofClass: NSDictionary.self, from: data) as? Dictionary return dict } catch { TCSLogWithMark("error creating xcrun dict: \(error)") return nil } } func updateRunDict(dict:Dictionary) { // let emptyDictionary=Dictionary() do { let data = try NSKeyedArchiver.archivedData(withRootObject: dict, requiringSecureCoding: true) try data.write(to: URL.init(fileURLWithPath: "/tmp/xcredsrun")) } catch { TCSLogWithMark("error creating xcrun dict: \(error)") } } //MARK: - Directory Service Utilities /// Checks to see if a given user exits in the DSLocal OD node. /// /// - Parameter name: The shortname of the user to check as a `String`. /// - Returns: `true` if the user already exists locally. Otherwise `false`. class func checkForLocalUser(name: String) -> Bool { os_log("Checking for local username", log: noLoMechlog, type: .debug) var records = [ODRecord]() let odsession = ODSession.default() do { let node = try ODNode.init(session: odsession, type: ODNodeType(kODNodeTypeLocalNodes)) let query = try ODQuery.init(node: node, forRecordTypes: kODRecordTypeUsers, attribute: kODAttributeTypeRecordName, matchType: ODMatchType(kODMatchEqualTo), queryValues: name, returnAttributes: kODAttributeTypeAllAttributes, maximumResults: 0) records = try query.resultsAllowingPartial(false) as! [ODRecord] } catch { let errorText = error.localizedDescription os_log("ODError while trying to check for local user: %{public}@", log: noLoMechlog, type: .error, errorText) return false } let isLocal = records.isEmpty ? false : true // os_log("Results of local user check %{public}@", log: noLoMechlog, type: .debug, isLocal.description) return isLocal } /// Gets shortname from a UUID /// /// - Parameters: /// - uuid: the uuid of the user to check as a `String`. /// - Returns: shortname of the user or nil. class func getShortname(uuid: String) -> String? { os_log("Checking for username from UUID", log: noLoMechlog, type: .debug) var records = [ODRecord]() let odsession = ODSession.default() do { let node = try ODNode.init(session: odsession, type: ODNodeType(kODNodeTypeLocalNodes)) let query = try ODQuery.init(node: node, forRecordTypes: kODRecordTypeUsers, attribute: kODAttributeTypeGUID, matchType: ODMatchType(kODMatchEqualTo), queryValues: uuid, returnAttributes: kODAttributeTypeAllAttributes, maximumResults: 0) records = try query.resultsAllowingPartial(false) as! [ODRecord] } catch { _ = error.localizedDescription // os_log("ODError while trying to check for local user: %{public}@", log: noLoMechlog, type: .error, errorText) return nil } if records.count != 1 { return nil } else { return records.first?.recordName } } } ================================================ FILE: XCredsLoginPlugIn/Mechanisms/XCredsCreateUser.swift ================================================ // // CreateUser.swift // NoMADLogin // // Created by Joel Rennich on 9/21/17. // Copyright © 2017 Joel Rennich. All rights reserved. // import OpenDirectory /// Mechanism to create a local user and homefolder. @available(macOS, deprecated: 11) class XCredsCreateUser: XCredsBaseMechanism { let createUserLog = "createUserLog" let uiLog = "uiLog" //MARK: - Properties let session = ODSession.default() enum CreateUserError:Error { case userCreateError(String) case userPasswordSetError(String) } /// Native attributes that are all set to the user's shortname on account creation to give them /// the ability to update the items later. var nativeAttrsWriters = ["dsAttrTypeNative:_writers_AvatarRepresentation", "dsAttrTypeNative:_writers_hint", "dsAttrTypeNative:_writers_jpegphoto", "dsAttrTypeNative:_writers_picture", "dsAttrTypeNative:_writers_unlockOptions", "dsAttrTypeNative:_writers_UserCertificate", "dsAttrTypeNative:_writers_realname"] /// Native attributes that are simply set to OS defaults on account creation. let nativeAttrsDetails = ["dsAttrTypeNative:AvatarRepresentation": "", "dsAttrTypeNative:unlockOptions": "0"] @objc override func run() { var localLogin=false TCSLogWithMark("~~~~~~~~~~~~~~~~~~~ CreateUser mech starting mech starting ~~~~~~~~~~~~~~~~~~~") if let localLoginHintValue = getHint(type: .localLogin) as? Bool, localLoginHintValue==true{ TCSLogWithMark("Local Login Detected") localLogin=true } if let xcredsGroups = groups { TCSLogWithMark("group: \(xcredsGroups)") } // check if we are a guest account // if so, remove any existing user/home for the guest // then allow the mech to create a new user/home if (getHint(type: .guestUser) as? String == "true") { TCSLog("Setting up a guest account") guard let password = passwordContext else { TCSLogErrorWithMark("No password, denying login") denyLogin(message:"No password passed.") return } let result = cliTask("/usr/sbin/sysadminctl", arguments: ["-deleteUser", xcredsUser ?? "NONE"], waitForTermination: true) try? result.write(toFile: "/tmp/sysadminctl.output", atomically: true, encoding: String.Encoding.utf8) if let path = getManagedPreference(key: .GuestUserAccountPasswordPath) as? String { do { let pass = password + "\n" try pass.write(toFile: path + "-\(xcredsUser!)", atomically: true, encoding: String.Encoding.utf8) } catch { TCSLog("Unable to write out guest password") } } } TCSLogWithMark("user:\(xcredsUser ?? "")") var isAdmin = false var shouldRemoveAdmin = false if let createAdmin = getManagedPreference(key: .CreateAdminUser) as? Bool { isAdmin = createAdmin TCSLog("Found a createLocalAdmin key value: \(isAdmin.description)") } TCSLogWithMark("Checking for CreateAdminIfGroupMember groups") if let adminGroups = getManagedPreference(key: .CreateAdminIfGroupMember) as? [String] { TCSLogWithMark("Found a CreateAdminIfGroupMember key value: \(String(describing: groups))") groups?.forEach { group in if adminGroups.contains(group) { isAdmin = true TCSLogWithMark("User is a member of \(group) group. Setting isAdmin = true ") } } if isAdmin == false, localLogin==false { TCSLogWithMark("admin groups defined but user is not a member, so marking remove if it exists and we created it") shouldRemoveAdmin = true } } var fullname:String? if let fullnameHint = getHint(type: .fullName) as? String, fullnameHint.isEmpty == false { fullname=fullnameHint } if let xcredsPass=xcredsPass,let xcredsUser = xcredsUser, XCredsCreateUser.checkForLocalUser(name: xcredsUser)==false{ TCSLogWithMark("Setting hint to create new user") setHint(type: .isAccountCreationPending, hint: true as NSSecureCoding) let isAccountCreationPending = getHint(type: .isAccountCreationPending) as? Bool if isAccountCreationPending==true { TCSLogWithMark("isAccountCreationPending==true") } else { TCSLogWithMark("isAccountCreationPending==false") } var uid:String? if let hintUID = getHint(type: .uid) as? String{ if let hintUIDInt = Int(hintUID), hintUIDInt>499 { do { let user = try userWithUID(uid: hintUID) if user.count==0 { TCSLogWithMark("setting uid to \(hintUID) from mapped value)") uid = hintUID } else { TCSLogWithMark("user already exists with uid of \(hintUID).") denyLogin(message: "Could not create new user. Existing user already using uid of \(hintUID)") } } catch { TCSLogWithMark("Unable to lookup user with uid \(hintUID)") denyLogin(message: "Unable to lookup user with uid \(hintUID)") } } else { TCSLogWithMark("Invalid UID provided in mapping") } } else { guard let firstAvailableUid = findFirstAvailableUID() else { TCSLogErrorWithMark("Could not find an available UID") denyLogin(message: "invalid UID") return } uid = firstAvailableUid } TCSLog("Checking for createLocalAdmin key") var customAttributes = [String: String]() let metaPrefix = "_xcreds" customAttributes["dsAttrTypeNative:\(metaPrefix)_didCreateUser"] = "1" let currentDate = ISO8601DateFormatter().string(from: Date()) customAttributes["dsAttrTypeNative:\(metaPrefix)_creationDate"] = currentDate guard let xcredsFirst=xcredsFirst, let xcredsLast = xcredsLast else { TCSLogErrorWithMark("first or last name not defined. bailing") denyLogin(message:"first or last name not defined.") return } guard let uid = uid else { denyLogin(message:"bad uid.") return } do { let primaryGroupID = (DefaultsOverride.standardOverride.string(forKey: PrefKeys.primaryGroupID.rawValue) ?? "20") try createUser(shortName: xcredsUser, first: xcredsFirst , last: xcredsLast, fullName: fullname, pass: xcredsPass, uid: uid, gid: primaryGroupID, canChangePass: true, isAdmin: isAdmin, customAttributes: customAttributes ) } catch CreateUserError.userPasswordSetError(let mesg){ denyLogin(message:mesg) //create home anyways because account has issues if not created even if a password is not set. createHome(xcredsUser:xcredsUser, uid:uid) return } catch{ denyLogin(message:error.localizedDescription) } createHome(xcredsUser:xcredsUser, uid:uid) } else { TCSLogWithMark("Checking to see if we are doing a password overwrite") // Checking to see if we are doing a overwrite if getHint(type: .passwordOverwrite) as? Bool == true { TCSLogWithMark("Password Overwrite enabled and triggered, starting evaluation") TCSLogWithMark("trying to getting admin user and password") if let localAdmin = getHint(type: .localAdmin) as? LocalAdminCredentials { TCSLogWithMark("resetting password with admin username and password") resetUserPassword(adminUserName: localAdmin.username, adminPassword: localAdmin.password) } else { TCSLogWithMark("password overwrite set but could not get admin username and password. this should not happen") denyLogin(message:"password overwrite set but could not get admin username and password. this should not happen") return } } else { // no user to create let username = usernameContext ?? "" TCSLogWithMark("Checking if we think this is a first login") let (_, home) = checkUIDandHome(name: username) if let home = home { if FileManager.default.fileExists(atPath: home+"/.Trash")==false { TCSLogWithMark("Looks like a first login, setting pending flag") setHint(type: .isAccountCreationPending, hint: true as NSSecureCoding) } } os_log("Skipping local account creation", log: createUserLog, type: .default) } } var alias:String? if let aliasHint = getHint(type: .aliasName) as? String { alias=aliasHint } // Set the xcreds attributes to stamp this account as the mapped one setTimestampFor(xcredsUser ?? "") let _ = updateOIDCInfo(user: xcredsUser ?? "", localOnly: localLogin) TCSLogWithMark("seeing if we have an alias") if let alias = alias, let xcredsUser = xcredsUser { TCSLogWithMark("adding alias: \(alias)") if XCredsCreateUser.addAlias(name: xcredsUser, alias: alias)==false { os_log("error adding alias", log: createUserLog, type: .debug) } } TCSLogWithMark("Checking if user should be made admin") if let xcredsUser = xcredsUser { do { let record = try getLocalRecord(xcredsUser) if isAdmin == true { TCSLogWithMark("Making admin user") if makeAdmin(record)==false { os_log("failed to make user an admin", log: createUserLog, type: .error) } } else if shouldRemoveAdmin == true { TCSLogWithMark("removing admin if xcreds created") if let promotedToAdminArray = try record.values(forAttribute: "dsAttrTypeNative:_xcreds_promoted_to_admin") as? [String],promotedToAdminArray.count==1, promotedToAdminArray[0]=="1" { TCSLogWithMark("we promoted so removing admin") if removeAdmin(record)==false { TCSLogErrorWithMark("failed to remove user an admin") } else { // success so remove attribute TCSLogWithMark("removing _xcreds_promoted_to_admin from record") try record.removeValues(forAttribute: "dsAttrTypeNative:_xcreds_promoted_to_admin") } } } } catch { os_log("error finding user to make admin", log: createUserLog, type: .error) } } if let rfidUID = getHint(type: .rfidUid) as? String { TCSLogWithMark("got RFIDuid: \(rfidUID)") let rfidPIN = getHint(type: .rfidPIN) as? String do { let secretKeeper = try SecretKeeper(label: "XCreds Encryptor", tag: "XCreds Encryptor") let userManager = UserSecretManager(secretKeeper: secretKeeper) guard let rfidUIDData = Data(fromHexEncodedString: rfidUID) else { print("invalid rfid. Must be hex with no 0x in front") return } if let username = xcredsUser, let password = xcredsPass{ let fullname = fullname ?? "" try userManager.setUIDUser(fullName: fullname, rfidUID: rfidUIDData, username: username, password:password, uid: NSNumber(value: -1), pin: rfidPIN) } } catch { TCSLogWithMark("Error: \(error.localizedDescription)") denyLogin(message:error.localizedDescription ) } } os_log("Allowing login", log: createUserLog, type: .debug) let _ = allowLogin() os_log("CreateUser mech complete", log: createUserLog, type: .debug) } func resetUserPassword(adminUserName:String, adminPassword:String) { do { TCSLogWithMark("secure token admin user \(adminUserName) and password obtained") let node = try ODNode.init(session: session, type: ODNodeType(kODNodeTypeLocalNodes)) TCSLogWithMark() let user = try node.record(withRecordType: kODRecordTypeUsers, name: xcredsUser!, attributes: kODAttributeTypeRecordName) TCSLogWithMark() try user.setNodeCredentials(adminUserName, password: adminPassword) TCSLogWithMark() TCSLogWithMark("changing password with secure token admin") try user.changePassword(nil, toPassword: xcredsPass!) TCSLogWithMark() } catch { TCSLogErrorWithMark("error: \(error.localizedDescription)") } } func updateOIDCInfo(user: String, localOnly: Bool) -> Bool { TCSLogWithMark("Checking for local username") var records = [ODRecord]() let odsession = ODSession.default() do { let node = try ODNode.init(session: odsession, type: ODNodeType(kODNodeTypeLocalNodes)) let query = try ODQuery.init(node: node, forRecordTypes: kODRecordTypeUsers, attribute: kODAttributeTypeRecordName, matchType: ODMatchType(kODMatchEqualTo), queryValues: user, returnAttributes: kODAttributeTypeAllAttributes, maximumResults: 0) records = try query.resultsAllowingPartial(false) as! [ODRecord] } catch { let errorText = error.localizedDescription os_log("ODError while trying to check for local user: %{public}@", log: noLoMechlog, type: .error, errorText) return false } let isLocal = records.isEmpty ? false : true os_log("Results of local user check %{public}@", log: noLoMechlog, type: .default, isLocal.description) if !isLocal { return false } // now to update the attribute TCSLogWithMark("updating info in DS") TCSLogWithMark("removing _xcreds_oidc_updatedfromlocal from record if needed") try? records.first?.removeValues(forAttribute: "dsAttrTypeNative:_xcreds_oidc_updatedfromlocal") let claimsToDSArray = (DefaultsOverride.standardOverride.array(forKey: PrefKeys.claimsToAddToLocalUserAccount.rawValue) ?? []) as? [String] TCSLogWithMark("Checking if member of group") let userGroups = getHint(type: .groups) as? [String] if let userGroups = userGroups, userGroups.count>0 { TCSLogWithMark("is a member of \(userGroups.count) groups. Adding to OD record.") let groupsString = userGroups.joined(separator: ",") try? records.first?.setValue(groupsString, forAttribute: "dsAttrTypeNative:_xcreds_groups") } TCSLogWithMark("checking for kerberos principal") let kerberosPrincipal = getHint(type: .kerberos_principal) as? String if let kerberosPrincipal = kerberosPrincipal { TCSLogWithMark("saving kerberos principal to user DS record") try? records.first?.setValue(kerberosPrincipal, forAttribute: "dsAttrTypeNative:_xcreds_activedirectory_kerberosPrincipal") } TCSLogWithMark("setting oidc full username to DS") let fullUserName = getHint(type: .fullusername) as? String if let fullUserName = fullUserName { TCSLogWithMark("setting fullUserName") try? records.first?.setValue(fullUserName, forAttribute: "dsAttrTypeNative:_xcreds_oidc_full_username") } //oidcLastLoginTimestamp if let oidcLastLoginTimestampString = getHint(type: .oidcLastLoginTimestamp) as? String{ try? records.first?.setValue(oidcLastLoginTimestampString, forAttribute: "dsAttrTypeNative:_xcreds_oidc_lastLoginTimestamp") } TCSLogWithMark("checking for alias to add as a username for rogp") let alias = getHint(type: .aliasName) as? String if let alias = alias { TCSLogWithMark("saving alias to DS as a username for ropg as needed") try? records.first?.setValue(alias, forAttribute: "dsAttrTypeNative:_xcreds_oidc_username") } else if localOnly==false { TCSLogWithMark("Fallback,saving account name to DS as username for ropg as needed") try? records.first?.setValue(user, forAttribute: "dsAttrTypeNative:_xcreds_oidc_username") } let adAttributes = getHint(type: .allADAttributes) as? Dictionary let adUserAttributesToAddToLocalUserAccount = (DefaultsOverride.standardOverride.array(forKey: PrefKeys.adUserAttributesToAddToLocalUserAccount.rawValue) ?? []) as? [String] if let adAttributes = adAttributes { TCSLogWithMark("AD Attributes: \(adAttributes)") for adAttribute in adAttributes { let key = adAttribute.key let value = adAttribute.value if let adUserAttributesToAddToLocalUserAccount = adUserAttributesToAddToLocalUserAccount, adUserAttributesToAddToLocalUserAccount.contains(key){ TCSLogWithMark("Found Matching AD attribute: \(key)") let sanitizedKey = key.oidc_allowed_chars if sanitizedKey.count<50 && value.count<256 { TCSLogWithMark("Adding \(sanitizedKey) = \(value)") try? records.first?.setValue(value, forAttribute: "dsAttrTypeNative:_xcreds_activedirectory_\(sanitizedKey)") } } } } else { TCSLogWithMark("No AD Attributes") } let tokenArray = getHint(type: .tokens) as? Array if let tokenArray = tokenArray , tokenArray.count>0{ TCSLogWithMark("Found claims") let idToken = tokenArray[0] let idTokenInfo = jwtDecode(value: idToken) //dictionary for mapping if let idTokenInfo = idTokenInfo { TCSLogWithMark("Decoded Claims") if var claimsToDSArray = claimsToDSArray { claimsToDSArray.append("iss") claimsToDSArray.append("sub") for currClaim in claimsToDSArray { TCSLogWithMark("Found Matching Claim: \(currClaim)") if let value = idTokenInfo[currClaim] as? String { let sanitizedKey = currClaim.oidc_allowed_chars if sanitizedKey.count<50 && value.count<256 { TCSLogWithMark("Adding \(sanitizedKey) = \(value)") try? records.first?.setValue(value, forAttribute: "dsAttrTypeNative:_xcreds_oidc_\(sanitizedKey)") } else { TCSLogWithMark("key or value too long to put into DS") } } else if let value = idTokenInfo[currClaim] as? Array { let sanitizedKey = currClaim.oidc_allowed_chars let oneLine = value.joined(separator: ";") if sanitizedKey.count<256 || oneLine.count<20 { TCSLogWithMark("Adding \(sanitizedKey) = \(oneLine)") try? records.first?.setValue(oneLine, forAttribute: "dsAttrTypeNative:_xcreds_oidc_\(sanitizedKey)") } else { TCSLogWithMark("key or value too long to put into DS") } } } } } } // var sub:String? // var iss:String? // if let oidcSubHint = getHint(type: .oidcSub) as? String { // sub=oidcSubHint // } // if let oidcIssHint = getHint(type: .oidcIssuer) as? String { // iss=oidcIssHint // } // // if let oidcSubHint = getHint(type: .oidcSub) as? String { // customAttributes["dsAttrTypeNative:\(metaPrefix)_oidc_sub"] = oidcSubHint // } // if let oidcIssHint = getHint(type: .oidcIssuer) as? String { // customAttributes["dsAttrTypeNative:\(metaPrefix)_oidc_iss"] = oidcIssHint // } // do { // os_log("updating sub",log: noLoMechlog, type: .error) // // try records.first?.setValue(sub, forAttribute: "dsAttrTypeNative:_xcreds_oidc_sub") // // // os_log("updating iss",log: noLoMechlog, type: .error) // // try records.first?.setValue(iss, forAttribute: "dsAttrTypeNative:_xcreds_oidc_iss") // // //// if let groups = groups?.joined(separator: ";") { //// try records.first?.setValue(groups, forAttribute: "dsAttrTypeNative:_xcreds_oidc_groups") //// //// } // } catch { // os_log("Unable to add OIDC Info", log: noLoMechlog, type: .error) // return false // } return true } func createHome(xcredsUser:String, uid:String) { TCSLogWithMark("Creating local homefolder for \(xcredsUser)") createHomeDirFor(xcredsUser) TCSLogWithMark("Fixup home permissions for: \(xcredsUser)") let _ = cliTask("/usr/sbin/diskutil resetUserPermissions / \(uid)", arguments: nil, waitForTermination: true) TCSLogWithMark("Account creation complete, allowing login") } // mark utility functions func createUser(shortName: String, first: String, last: String, fullName:String?, pass: String?, uid: String, gid: String, canChangePass: Bool, isAdmin: Bool, customAttributes: [String:String]) throws { var newRecord: ODRecord? os_log("Creating new local account for: %{public}@", log: createUserLog, type: .default, shortName) // note for anyone following behind me // you need to specify the attribute values in an array // regardless of if there's more than one value or not os_log("Checking for UserProfileImage key", log: createUserLog, type: .debug) var userFullName = [first, last].joined(separator: " ").trimmingCharacters(in: .whitespaces) if let fullName = fullName { userFullName=fullName } if userFullName.isEmpty { userFullName = shortName } var userPicture = getManagedPreference(key: .UserProfileImage) as? String ?? "" if userPicture.isEmpty && !FileManager.default.fileExists(atPath: userPicture) { os_log("Key did not contain an image, randomly picking one", log: createUserLog, type: .debug) userPicture = randomUserPic() } os_log("userPicture is: %{public}@", log: createUserLog, type: .debug, userPicture) // Adds kODAttributeTypeJPEGPhoto as data, seems to be necessary for the profile pic to appear everywhere expected. // Does not necessarily have to be in JPEG format. TIF and PNG both tested okay // Apple seems to populate both kODAttributeTypePicture and kODAttributeTypeJPEGPhoto from the GUI user creator // Removing to test for @nstrauss // let picURL = URL(fileURLWithPath: userPicture) // let picData = NSData(contentsOf: picURL) // let picString = picData?.description ?? "" var attrs: [AnyHashable:Any] = [ kODAttributeTypeFullName: [userFullName], kODAttributeTypeNFSHomeDirectory: [ "/Users/" + shortName ], kODAttributeTypeUserShell: ["/bin/bash"], kODAttributeTypeUniqueID: [uid], kODAttributeTypePrimaryGroupID: [gid], kODAttributeTypeAuthenticationHint: [""], kODAttributeTypePicture: [userPicture], //kODAttributeTypeJPEGPhoto: [picString], kODAttributeADUser: [getHint(type: .kerberos_principal) as? String ?? ""] ] if #available(macOS 10.15, *) { os_log("Replacing default bash shell with zsh for Catalina and above", log: createUserLog, type: .debug) attrs[kODAttributeTypeUserShell] = ["/bin/zsh"] } if getManagedPreference(key: .UseCNForFullName) as? Bool ?? false { attrs[kODAttributeTypeFullName] = [getHint(type: .fullName) as? String ?? ""] } else if getManagedPreference(key: .UseCNForFullNameFallback) as? Bool ?? false && "\(first) \(last)" == " " { attrs[kODAttributeTypeFullName] = [getHint(type: .fullName) as? String ?? ""] } if let signInTime = getHint(type: .networkSignIn) { attrs[kODAttributeNetworkSignIn] = [signInTime] } os_log("New user attributes. first: %{public}@, last: %{public}@, uid: %{public}@, gid: %{public}@, canChangePass: %{public}@, isAdmin: %{public}@, customAttributes: %{public}@", log: createUserLog, type: .debug, first, last, uid, gid, canChangePass.description, isAdmin.description, attrs.debugDescription) do { os_log("Creating user account in local ODNode", log: createUserLog, type: .debug) let node = try ODNode.init(session: session, type: ODNodeType(kODNodeTypeLocalNodes)) newRecord = try node.createRecord(withRecordType: kODRecordTypeUsers, name: shortName, attributes: attrs) } catch { let errorText = error.localizedDescription os_log("Unable to create account. Error: %{public}@", log: createUserLog, type: .error, errorText) throw CreateUserError.userCreateError(error.localizedDescription) } os_log("Local ODNode user created successfully", log: createUserLog, type: .debug) os_log("Setting native attributes", log: createUserLog, type: .debug) if #available(macOS 10.13, *) { os_log("We are on 10.13 so drop the _writers_realname", log: createUserLog, type: .debug) nativeAttrsWriters.removeLast() } for item in nativeAttrsWriters { do { os_log("Setting %{public}@ attribute for new local user", log: createUserLog, type: .debug, item) try newRecord?.addValue(shortName, toAttribute: item) } catch { os_log("Failed to set attribute: %{public}@", log: createUserLog, type: .error, item) } } for item in nativeAttrsDetails { do { os_log("Setting %{public}@ attribute for new local user", log: createUserLog, type: .debug, item.key) try newRecord?.addValue(item.value, toAttribute: item.key) } catch { os_log("Failed to set attribute: %{public}@", log: createUserLog, type: .error, item.key) } } if canChangePass { do { os_log("Setting _writers_passwd for new local user", log: createUserLog, type: .debug) try newRecord?.addValue(shortName, toAttribute: "dsAttrTypeNative:_writers_passwd") } catch { os_log("Unable to set _writers_passwd", log: createUserLog, type: .error) } } if let password = pass { do { os_log("Setting password for new local user", log: createUserLog, type: .debug) try newRecord?.changePassword(nil, toPassword: password) } catch { os_log("Error setting password for new local user", log: createUserLog, type: .error) // self.updateRunDict(dict: T##Dictionary) throw CreateUserError.userPasswordSetError(error.localizedDescription) } } if customAttributes.isEmpty == false { os_log("Setting additional attributes for new local user", log: createUserLog, type: .debug) for item in customAttributes { do { os_log("Setting %{public}@ attribute for new local user, value: %{public}@", log: createUserLog, type: .debug, item.key, item.value) try newRecord?.addValue(item.value, toAttribute: item.key) } catch { os_log("Failed to set additional attribute: %{public}@", log: createUserLog, type: .error, item.key) } } } if isAdmin, let newRecord = newRecord { if makeAdmin(newRecord)==false { os_log("failed to make user an admin", log: createUserLog, type: .error) } } os_log("Checking for aliases to add...", log: createUserLog, type: .debug) if getManagedPreference(key: .AliasUPN) as? Bool ?? false { if let upn = getHint(type: .kerberos_principal) as? String { os_log("Adding UPN as an alias: %{public}@", log: createUserLog, type: .debug, upn) let result = XCredsCreateUser.addAlias(name: shortName, alias: upn.lowercased()) os_log("Adding UPN result: %{public}@", log: createUserLog, type: .debug, result.description) } } if let aliasHint = getHint(type: .aliasName) as? String { if XCredsCreateUser.addAlias(name: shortName, alias: aliasHint)==false { os_log("error adding alias", log: createUserLog, type: .debug) } } if getManagedPreference(key: .AliasNTName) as? Bool ?? false { if let ntName = getHint(type: .ntName) as? String { os_log("Adding NTName as an alias: %{public}@", log: createUserLog, type: .debug, ntName) let result = XCredsCreateUser.addAlias(name: shortName, alias: ntName) os_log("Adding NTName result: %{public}@", log: createUserLog, type: .debug, result.description) } } os_log("User creation complete for: %{public}@", log: createUserLog, type: .debug, shortName) } // func to get a random string func randomString(length: Int) -> String { let letters : NSString = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()" let len = UInt32(letters.length) var randomString = "" for _ in 0 ..< length { let rand = arc4random_uniform(len) var nextChar = letters.character(at: Int(rand)) randomString += NSString(characters: &nextChar, length: 1) as String } return randomString } //TODO: Change to throws instead of optional. /// Finds the first avaliable UID in the DSLocal domain above 500 and returns it as a `String` /// /// - Returns: `String` representing the UID func findFirstAvailableUID() -> String? { var newUID = "" os_log("Checking for available UID", log: createUserLog, type: .debug) if let uidToolpath = getManagedPreference(key: .UIDTool) as? String { os_log("Checking UIDTool", log: createUserLog, type: .debug) if FileManager.default.isExecutableFile(atPath: uidToolpath) { os_log("Calling UIDTool", log: createUserLog, type: .debug) let uid = cliTask(uidToolpath, arguments: [xcredsUser ?? "NONE" ], waitForTermination: true) if uid != "" { os_log("Found custom uid, using: %{public}@", log: createUserLog, type: .debug, uid) return uid.trimmingCharacters(in: CharacterSet.whitespacesAndNewlines) } } } for potentialUID in 501... { do { let node = try ODNode.init(session: session, type: ODNodeType(kODNodeTypeLocalNodes)) let query = try ODQuery.init(node: node, forRecordTypes: kODRecordTypeUsers, attribute: kODAttributeTypeUniqueID, matchType: ODMatchType(kODMatchEqualTo), queryValues: String(potentialUID), returnAttributes: kODAttributeTypeNativeOnly, maximumResults: 0) let records = try query.resultsAllowingPartial(false) as! [ODRecord] if records.isEmpty { newUID = String(potentialUID) break } } catch { let errorText = error.localizedDescription os_log("ODError searching for avaliable UID: %{public}@", log: createUserLog, type: .error, errorText) return nil } } os_log("Found first available UID: %{public}@", log: createUserLog, type: .default, newUID) return newUID } //TODO: Convert to throws /// Finds the local homefolder template that corresponds to the locale of the system and copies it into place. /// /// - Parameter user: The shortname of the user to create a home for as a `String`. func createHomeDirFor(_ user: String) { let res=cliTask("/usr/sbin/createhomedir -c -u \(user)") if DefaultsOverride.standardOverride.bool(forKey: PrefKeys.skipUserSetupBuddy.rawValue) == true { if FileManager.default.fileExists(atPath: "/Users/\(user)") { FileManager.default.createFile(atPath: "/Users/\(user)/.skipbuddy", contents: nil) } } TCSLogWithMark(res) // os_log("Find system locale...", log: createUserLog, type: .debug) // let currentLanguage = Locale.current.languageCode ?? "Non_localized" // os_log("System language is: %{public}@", log: createUserLog, type: .debug, currentLanguage) // let templateName = templateForLang(currentLanguage) // let sourceURL = URL(fileURLWithPath: "/System/Library/User Template/" + templateName) // let homeDirLocations = ["Desktop", "Downloads", "Documents", "Movies", "Music", "Pictures", "Public"] // do { // os_log("Initializing the user home directory", log: createUserLog, type: .debug) // try FileManager.default.copyItem(at: sourceURL, to: URL(fileURLWithPath: "/Users/" + user)) // // os_log("Copying non-localized folders to new home", log: createUserLog, type: .debug) // for location in homeDirLocations { // try FileManager.default.copyItem(at: URL(fileURLWithPath: "/System/Library/User Template/Non_localized/\(location)"), to: URL(fileURLWithPath: "/Users/" + user + "/\(location)")) // } // // os_log("Copying language template", log: createUserLog, type: .debug) // try FileManager.default.copyItem(at: sourceURL, to: URL(fileURLWithPath: "/Users/" + user)) // } catch { // os_log("Home template copy failed with: %{public}@", log: createUserLog, type: .error, error.localizedDescription) // } } /// Looks at the Apple provided User Pictures directory, recurses it, and delivers a random picture path. /// /// - Returns: A `String` path to a random user picture. If there is a failure it returns an empty `String`. func randomUserPic() -> String { let libraryDir = FileManager.default.urls(for: .libraryDirectory, in: .localDomainMask) guard let library = libraryDir.first else { return "" } let picturePath = library.appendingPathComponent("User Pictures", isDirectory: true) let picDirs = (try? FileManager.default.contentsOfDirectory(at: picturePath, includingPropertiesForKeys: [URLResourceKey.isDirectoryKey], options: .skipsHiddenFiles)) ?? [] let pics = picDirs.flatMap {(try? FileManager.default.contentsOfDirectory(at: $0, includingPropertiesForKeys: [URLResourceKey.isRegularFileKey], options: .skipsHiddenFiles)) ?? []} return pics[Int(arc4random_uniform(UInt32(pics.count)))].path } /// Given an connonical ISO language code, find and return the macOS home folder template name that is appropriate. /// /// - Parameter code: The `languageCode` of the current user `Locale`. /// You can find the current language with `Locale.current.languageCode` /// - Returns: A `String` that is the name of the localized home folder template on macOS. If the language code doesn't /// map to one of the default macOS home templates the `Non_localized` name will be returned. func templateForLang(_ code: String) -> String { let templateName = ".lproj" switch code { case "es": return "Spanish" + templateName case "nl": return "Dutch" + templateName case "en": return "English" + templateName case "fr": return "French" + templateName case "it": return "Italian" + templateName case "de": return "German" + templateName case "ja": return "Japanese" + templateName case "ar": return "ar" + templateName case "ca": return "ca" + templateName case "cs": return "cs" + templateName case "da": return "da" + templateName case "el": return "el" + templateName case "es-419": return "es_419" + templateName case "fi": return "fi" + templateName case "he": return "he" + templateName case "hi": return "hi" + templateName case "hr": return "hr" + templateName case "hu": return "hu" + templateName case "id": return "id" + templateName case "ko": return "ko" + templateName case "ms": return "ms" + templateName case "nb": return "no" + templateName case "pl": return "pl" + templateName case "pt": return "pt" + templateName case "pt-PT": return "pt_PT" + templateName case "ro": return "ro" + templateName case "ru": return "ru" + templateName case "sk": return "sk" + templateName case "sv": return "sv" + templateName case "th": return "th" + templateName case "tr": return "tr" + templateName case "uk": return "uk" + templateName case "vi": return "vi" + templateName case "zh-Hans": return "zh_CN" + templateName case "zh-Hant": return "zh_TW" + templateName default: return "Non_localized" } } fileprivate func setTimestampFor(_ nomadUser: String) { // Add network sign in stamp if let signInTime = getHint(type: .networkSignIn) { if XCredsCreateUser.updateSignIn(name: nomadUser, time: signInTime as AnyObject) { os_log("Sign in time updated", log: createUserLog, type: .default) } else { os_log("Could not add timestamp", log: createUserLog, type: .error) } } } fileprivate func addSecureToken(_ username: String, _ userPass: String?,_ adminUsername: String,_ adminPassword: String?) { //MARK: 10.14 fix // check for 10.14 // check for no existing local users? // - perhaps looking for diskutil apfs listcryptousers / // if a user already has a token, this will fail anyway // - gate behind a pref key? // attempt to add token to user os_log("Attempting to add a token to new user.", log: createUserLog, type: .default) let launchPath = "/usr/sbin/sysadminctl" var args = [ "-secureTokenOn", username, "-password", userPass ?? "", "-adminUser", adminUsername, "-adminPassword", adminPassword ?? "" ] let result = cliTask(launchPath, arguments: args, waitForTermination: true) os_log("sysdaminctl result: %{public}@", log: createUserLog, type: .debug, result) args = [ "********", "********", "********", "********", "********", "********", "********", "********" ] } fileprivate func isFdeEnabled() -> Bool { // check to see if FV is already running let launchPath = "/usr/bin/fdesetup" let args = [ "status" ] if cliTask(launchPath, arguments: args, waitForTermination: true).contains("FileVault is Off") { return false } else { return true } } // fileprivate func CreateSecureTokenManagementUser(_ username: String,_ passwordLocation: String) -> Bool{ // // // Generating a random password string and assigning that as the password to the user // let password = randomString(length: getManagedPreference(key: .SecureTokenManagementPasswordLength) as? Int ?? 16) // // // Checking if the account exists // if cliTask("/usr/bin/dscl", arguments: [".", "-list", "/Users"], waitForTermination: true).components(separatedBy: "\n").contains(username){ // // User already exists, should rotate the password // os_log("Secure Token management account exists, rotating password", log: createUserLog, type: .default) // // // Getting the old password // let oldPassword = String(data: FileManager.default.contents(atPath: passwordLocation)!, encoding: .ascii)! // // // rotating the password // let launchPath = "/usr/sbin/sysadminctl" // let args = [ // "-resetPasswordFor", // "\(username)", // "-newPassword", // "\(password)", // "-adminUser", // "\(username)", // "-adminPassword", // "\(oldPassword)" // ] // _ = cliTask(launchPath, arguments: args, waitForTermination: true) // // } else { // os_log("Secure Token management account being created", log: createUserLog, type: .default) // // // Creating the user record with sysadminctl becuase it does the magic that allows it to delegate tokens vs manually creating via dscl // var launchPath = "/usr/sbin/sysadminctl" // var args = [ // "-addUser", // "\(username)", // "-password", // "\(password)", // "-UID", // getManagedPreference(key: .SecureTokenManagementUID) as? String ?? "400", // "-fullName", // getManagedPreference(key: .SecureTokenManagementFullName) as? String ?? "NoMAD Login", // "-home", // "/private/var/_nomadlogin", // "-admin", // "-picture", // getManagedPreference(key: .SecureTokenManagementIconPath) as? String ?? "/Library/Security/SecurityAgentPlugins/NoMADLoginAD.bundle/Contents/Resources/NoMADFDEIcon.png" // ] // _ = cliTask(launchPath, arguments: args, waitForTermination: true) // // // Making the user hiddem // launchPath = "/usr/bin/dscl" // args = [ // ".", // "-create", // "/Users/\(username)", // "IsHidden", // "1" // ] // _ = cliTask(launchPath, arguments: args, waitForTermination: true) // // } // // // Saving that password to the password location // do { // try password.write(toFile: passwordLocation, atomically: true, encoding: String.Encoding.ascii) // var attributes = [FileAttributeKey : Any]() // attributes[.posixPermissions] = 0o600 // try FileManager.default.setAttributes(attributes, ofItemAtPath: passwordLocation) // } catch { // os_log("Error writing password to: %{public}@", log: createUserLog, type: .debug, passwordLocation) // return false // } // return true // } } extension String { var oidc_allowed_chars: String { var allowed = CharacterSet() allowed.formUnion(CharacterSet.alphanumerics) allowed.insert(charactersIn: "_#") return self.components(separatedBy: allowed.inverted).joined() } } ================================================ FILE: XCredsLoginPlugIn/Mechanisms/XCredsEnableFDE.swift ================================================ // // EnableFDE.swift // NoMADLoginAD // // Created by Admin on 2/5/18. // Copyright © 2018 NoMAD. All rights reserved. // import Cocoa @available(macOS, deprecated: 11) class XCredsEnableFDE : XCredsBaseMechanism { let enableFDELog = "enableFDELog" // basic mech to enable FileVault // needs to be a separate mech b/c it needs to run after loginwindow:done @objc override func run() { TCSLogWithMark("~~~~~~~~~~~~~~~~~~~ EnableFDE mech starting mech starting ~~~~~~~~~~~~~~~~~~~") // FileVault if getManagedPreference(key: .EnableFDE) as? Bool == true { // check to see if we're already FileVaulted if isFdeEnabled() { os_log("Checking to see if we should rekey", log: enableFDELog, type: .default) if getManagedPreference(key: .EnableFDERekey) as? Bool ?? false { rekey() } os_log("FileVault is already enabled, skipping mechanism.", log: enableFDELog, type: .debug) } else { enableFDE() } } // Always let login through let _ = allowLogin() } fileprivate func rekey() { os_log("Rekeying FileVault", log: enableFDELog, type: .default) let userArgs = [ "Username" : xcredsUser ?? "", "Password" : xcredsPass ?? "", ] var userInfo : Data do { userInfo = try PropertyListSerialization.data(fromPropertyList: userArgs, format: PropertyListSerialization.PropertyListFormat.xml, options: 0) } catch { os_log("Unable to create fdesetup arguments.", log: enableFDELog, type: .error) return } let inPipe = Pipe.init() let outPipe = Pipe.init() let errorPipe = Pipe.init() let task = Process.init() task.launchPath = "/usr/bin/fdesetup" task.arguments = ["changerecovery", "-outputplist", "-inputplist"] task.standardInput = inPipe task.standardOutput = outPipe task.standardError = errorPipe task.launch() inPipe.fileHandleForWriting.write(userInfo) inPipe.fileHandleForWriting.closeFile() task.waitUntilExit() let outputData = outPipe.fileHandleForReading.readDataToEndOfFile() outPipe.fileHandleForReading.closeFile() let errorData = errorPipe.fileHandleForReading.readDataToEndOfFile() let errorMessage = String(data: errorData, encoding: .utf8) errorPipe.fileHandleForReading.closeFile() let output = NSString(data: outputData, encoding: String.Encoding.utf8.rawValue)! as String // write out the PRK if asked to if getManagedPreference(key: .EnableFDERecoveryKey) as? Bool == true { var recoveryPath = "/var/db/FDE" if let newPath = getManagedPreference(key: .EnableFDERecoveryKeyPath) as? String { recoveryPath = newPath } let fm = FileManager.default if !fm.fileExists(atPath: recoveryPath, isDirectory: nil) { do { os_log("Creating folder for recovery key storage.", log: enableFDELog) try fm.createDirectory(atPath: recoveryPath, withIntermediateDirectories: true, attributes: [FileAttributeKey.posixPermissions : 0o750]) } catch { os_log("Unable to create file path for PRK, defaulting to /var/db/", log: enableFDELog) // reset recovery path to something we know will exist recoveryPath = "/var/db/" } } recoveryPath += "/FDESetup.plist" do { os_log("Attempting to write key to: %{public}@", log: enableFDELog, type: .default, recoveryPath) try output.write(toFile: recoveryPath, atomically: true, encoding: String.Encoding.ascii) } catch { os_log("Unable to finish fdesetup: %{public}@", log: enableFDELog, type: .error, errorMessage ?? "Unkown error") } } } fileprivate func enableFDE() { // check to see if boot volume is AFPS, otherwise do nothing if volumeAPFS() { // enable FDE on volume by using fdesetup os_log("Enabling FileVault", log: enableFDELog, type: .default) let userArgs = [ "Username" : xcredsUser ?? "", "Password" : xcredsPass ?? "", ] var userInfo : Data do { userInfo = try PropertyListSerialization.data(fromPropertyList: userArgs, format: PropertyListSerialization.PropertyListFormat.xml, options: 0) } catch { os_log("Unable to create fdesetup arguments.", log: enableFDELog, type: .error) return } let inPipe = Pipe.init() let outPipe = Pipe.init() let errorPipe = Pipe.init() let task = Process.init() task.launchPath = "/usr/bin/fdesetup" task.arguments = ["enable", "-outputplist", "-inputplist"] task.standardInput = inPipe task.standardOutput = outPipe task.standardError = errorPipe task.launch() inPipe.fileHandleForWriting.write(userInfo) inPipe.fileHandleForWriting.closeFile() task.waitUntilExit() let outputData = outPipe.fileHandleForReading.readDataToEndOfFile() outPipe.fileHandleForReading.closeFile() let errorData = errorPipe.fileHandleForReading.readDataToEndOfFile() let errorMessage = String(data: errorData, encoding: .utf8) errorPipe.fileHandleForReading.closeFile() let output = NSString(data: outputData, encoding: String.Encoding.utf8.rawValue)! as String // write out the PRK if asked to // write out the PRK if asked to if getManagedPreference(key: .EnableFDERecoveryKey) as? Bool == true { var recoveryPath = "/var/db/FDE" if let newPath = getManagedPreference(key: .EnableFDERecoveryKeyPath) as? String { recoveryPath = newPath } let fm = FileManager.default if !fm.fileExists(atPath: recoveryPath, isDirectory: nil) { do { os_log("Creating folder for recovery key storage.", log: enableFDELog) try fm.createDirectory(atPath: recoveryPath, withIntermediateDirectories: true, attributes: [FileAttributeKey.posixPermissions : 0o750]) } catch { os_log("Unable to create file path for PRK, defaulting to /var/db/", log: enableFDELog) // reset recovery path to something we know will exist recoveryPath = "/var/db/" } } recoveryPath += "/FDESetup.plist" do { os_log("Attempting to write key to: %{public}@", log: enableFDELog, type: .default, recoveryPath) try output.write(toFile: recoveryPath, atomically: true, encoding: String.Encoding.ascii) } catch { os_log("Unable to finish fdesetup: %{public}@", log: enableFDELog, type: .error, errorMessage ?? "Unkown error") } } } else { os_log("Boot volume is not APFS, skipping FDE.", log: enableFDELog, type: .debug) } } fileprivate func volumeAPFS() -> Bool { // get shared workspace manager let ws = NSWorkspace.shared var description: NSString? var type: NSString? let err = ws.getFileSystemInfo(forPath: "/", isRemovable: nil, isWritable: nil, isUnmountable: nil, description: &description, type: &type) if !err { os_log("Error determining file system", log: enableFDELog, type: .error) return false } if type == "apfs" { os_log("Filesystem is APFS, enabling FileVault", log: enableFDELog) return true } else { os_log("Filesystem is not APFS, skipping FileVault", log: enableFDELog, type: .error) return false } } fileprivate func isFdeEnabled() -> Bool { // determine if FV is already running if cliTask("/usr/bin/fdesetup", arguments: ["status"]).contains("FileVault is Off") { return false } else { return true } } } ================================================ FILE: XCredsLoginPlugIn/Mechanisms/XCredsKeychainAdd.swift ================================================ // // KeychainAdd.swift // NoMADLoginAD // // Created by Joel Rennich on 1/30/18. // Copyright © 2018 Orchard & Grove Inc. All rights reserved. // import Cocoa import Security import OpenDirectory // headless mech to add items to a keychain @available(macOS, deprecated: 11) class XCredsKeychainAdd : XCredsBaseMechanism { let fm = FileManager.default var username = "" var userpass = "" let kItemName = "xcreds" @objc override func run() { TCSLogWithMark("~~~~~~~~~~~~~~~~~~~ XCredsKeychainAdd mech starting starting mech starting ~~~~~~~~~~~~~~~~~~~") // get username and password // get reference to user's keychain // add items var err : OSStatus? var userKeychainTemp : SecKeychain? var userKeychain: SecKeychain? username = usernameContext ?? "" userpass = passwordContext ?? "" TCSLogWithMark("Getting Home Dir") let (uid, home) = checkUIDandHome(name: username) TCSLogWithMark("uid: \(uid ?? 9999 )") guard let homeDir = home as? NSString else { TCSLogErrorWithMark("Unable to get home directory path.") allowLogin() return } TCSLogWithMark("checking UID") guard let userUID = uid else { TCSLogErrorWithMark("Unable to get uid.") allowLogin() return } // switch uid to user so we have access to home directory and other things TCSLogWithMark() seteuid(userUID) TCSLogWithMark() // check to ensure the keychain is there let userKeychainPath = homeDir.appendingPathComponent("Library/Keychains/login.keychain-db") TCSLogWithMark("finding path") if fm.fileExists(atPath: userKeychainPath) == false { // if we're not set to create a keychain, move on if getManagedPreference(key: .KeychainCreate) as? Bool == true { os_log("No login.keychain-db, creating one", log: "keychainAddLog") SecKeychainResetLogin(UInt32(strlen(userpass.cString(using: .utf8) ?? [])), userpass.cString(using: .utf8) ?? [], true) } else { os_log("No login.keychain-db, skipping KeychainAdd", log: "keychainAddLog", type: .default) allowLogin() return } } // now test it we can unlock the keychain let tempPath = userKeychainPath + Date().timeIntervalSinceNow.description TCSLogWithMark("Link old keychain") // need to do this on a hardlink to not prevent the keychain reset from working by leaving a handle open link(userKeychainPath, tempPath) TCSLogWithMark("Getting Temp Keychain reference.") err = SecKeychainOpen(tempPath, &userKeychainTemp) TCSLogWithMark("Unlocking Temp Keychain.") err = SecKeychainUnlock(userKeychainTemp, UInt32(strlen(userpass.cString(using: .utf8) ?? [] )), userpass.cString(using: .utf8) ?? [] , true) // remove the link first unlink(tempPath) userKeychainTemp = nil if err != noErr { TCSLogErrorWithMark("Unable to unlock keychain reference.") // check if we should reset if let resetPass = getHint(type: .existingLocalUserPassword) as? String { TCSLogWithMark("Resetting keychain with migrated user/pass.") var myKeychain : SecKeychain? err = SecKeychainOpen(userKeychainPath, &myKeychain) err = SecKeychainChangePassword(myKeychain, UInt32(resetPass.count), resetPass, UInt32(strlen(userpass.cString(using: .utf8) ?? [] )), userpass.cString(using: .utf8) ?? [] ) if err != 0 { TCSLogWithMark("Unable to reset keychain with migrated user/pass.") } } else if (getManagedPreference(key: .KeychainReset) as? Bool ?? true ) { os_log("Resetting keychain password.", log: "", type: .info) clearKeychain(path: homeDir as String) } else { TCSLogErrorWithMark("Keychain is locked, exiting.") allowLogin() return } } // keychain unlock worked, now to get the real one TCSLogWithMark("Getting Keychain reference.") err = SecKeychainOpen(userKeychainPath, &userKeychain) TCSLogWithMark("Unlocking Keychain.") err = SecKeychainUnlock(userKeychain, UInt32(strlen(userpass.cString(using: .utf8) ?? [] )), userpass.cString(using: .utf8) ?? [] , true) if err != noErr { TCSLogErrorWithMark("error unlocking keychain!") } let tokenArray = getHint(type: .tokens) as? Array let domainName = getHint(type: .noMADDomain) as? String let shortName = getHint(type: .user) as? String TCSLogWithMark("got shortname of \(shortName ?? "Unknown")") if let tokenArray = tokenArray, tokenArray.count>2 { TCSLogWithMark("We have tokens, so cloud login") XCredsAudit().tokensUpdated(idToken:tokenArray[0]) let xcredsCreds = Creds(accessToken: tokenArray[2], idToken: tokenArray[0], refreshToken: tokenArray[1], password: userpass, jsonDict: Dictionary()) TCSLogWithMark("saving tokens to keychain") if TokenManager.saveTokensToKeychain(creds: xcredsCreds, keychainPassword:userpass )==false { TCSLogErrorWithMark("Error saving tokens to keychain") } allowLogin() } else if let domainName = domainName, domainName.count>0{ TCSLogWithMark("AD Login with domain: \(domainName)") if KeychainUtil().updatePassword(serviceName: PrefKeys.password.rawValue,accountName:PrefKeys.password.rawValue, pass: userpass, keychainPassword:userpass) == false { TCSLogErrorWithMark("Error Updating password in keychain") } allowLogin() } else { TCSLogWithMark("Local login so saving password to keychain and passing through") if KeychainUtil().updatePassword(serviceName: PrefKeys.password.rawValue,accountName:PrefKeys.password.rawValue, pass: userpass, keychainPassword:userpass) == false { TCSLogErrorWithMark("Error Updating password in keychain") } allowLogin() } } // Create keychain item fileprivate func createKeychainItem() { } func clearKeychain(path: String) { // find the hardware UUID to kill the local items keychain let service = IOServiceGetMatchingService(kIOMasterPortDefault, IOServiceMatching("IOPlatformExpertDevice")) guard let hardwareRaw = IORegistryEntryCreateCFProperty(service, kIOPlatformUUIDKey as CFString, kCFAllocatorDefault, 0) else { return } let uuid = hardwareRaw.takeRetainedValue() as? String ?? "" if uuid != "" { // we have a uuid, now delete the folder os_log("Removing local items keychain in order to purge it.", log: "") do { try fm.removeItem(atPath: path + "/Library/Keychains/" + uuid) } catch { os_log("Unable to remove Local Items folder.", log: "") } } os_log("Resetting keychain.", log: "") SecKeychainResetLogin(UInt32(userpass.count), userpass, true) } } ================================================ FILE: XCredsLoginPlugIn/Mechanisms/XCredsLoginDone.swift ================================================ // // @available(macOS, deprecated: 11) class XCredsLoginDone: XCredsBaseMechanism { override init(mechanism: UnsafePointer) { super.init(mechanism: mechanism) } @objc override func run() { TCSLogWithMark("XCredsLoginDone mech starting") let isAccountCreationPending = getHint(type: .isAccountCreationPending) as? Bool ?? false if isAccountCreationPending==true { TCSLogWithMark("isAccountCreationPending==true") } else { TCSLogWithMark("isAccountCreationPending==false") } if isAccountCreationPending == false { TCSLogWithMark("Hiding background") for window in NSApp.windows { window.close() } } else { TCSLogWithMark("Not hiding progress indicator to avoid black screen") } allowLogin() } @objc func tearDown() { TCSLogWithMark("Got teardown request in XCredsLoginDone") } } ================================================ FILE: XCredsLoginPlugIn/Mechanisms/XCredsLoginMechanism.swift ================================================ import Cocoa import CryptoTokenKit import Network @available(macOS, deprecated: 11) @objc class XCredsLoginMechanism: XCredsBaseMechanism { var loginWebViewController: LoginWebViewController? @objc var signInViewController: SignInViewController? enum LoginWindowType { case cloud case usernamePassword } var timer:Timer? let checkADLog = "checkADLog" var loginWindowType = LoginWindowType.cloud var mainLoginWindowController:MainLoginWindowController? override init(mechanism: UnsafePointer) { super.init(mechanism: mechanism) // SwitchLoginWindow TCSLogWithMark("Setting up notification for switch") NotificationCenter.default.addObserver(forName: Notification.Name("SwitchLoginWindow"), object: nil, queue: nil) { notification in TCSLogWithMark("switch pressed") switch self.loginWindowType { case .cloud: self.showLoginWindowType(loginWindowType: .usernamePassword) case .usernamePassword: self.showLoginWindowType(loginWindowType: .cloud) } } } @objc func tearDown() { TCSLogWithMark("Got teardown request") } override func reload() { if self.loginWindowType == .cloud { TCSLogWithMark("reload in controller") mainLoginWindowController?.setupLoginWindowAppearance() mainLoginWindowController?.controlsViewController?.refreshGridColumn?.isHidden=false loginWebViewController?.loadPage() } else { mainLoginWindowController?.controlsViewController?.refreshGridColumn?.isHidden=true } } func useAutologin() -> Bool { if UserDefaults(suiteName: "com.apple.loginwindow")?.bool(forKey: "DisableFDEAutoLogin") ?? false { os_log("FDE AutoLogin Disabled per loginwindow preference key", log: checkADLog, type: .debug) return false } TCSLogWithMark("Checking for autologin.") if FileManager.default.fileExists(atPath: "/tmp/xcredsrun") { os_log("XCreds has run once already. Load regular window as this isn't a reboot", log: checkADLog, type: .debug) return false } os_log("XCreds, trying autologin", log: checkADLog, type: .debug) updateRunDict(dict: Dictionary()) if let username = getContextString(type: "fvusername") { TCSLogWithMark("got username = \(username)") } else { TCSLogWithMark("no username found") } if let _ = getContextString(type: "fvpassword") { TCSLogWithMark("got fvpassword ") } else { TCSLogWithMark("no password found") } if let username = getContextString(type: "fvusername"), let password = getContextString(type: "fvpassword") { os_log("Found username in context, doing autologin", log: checkADLog, type: .debug) setContextString(type: kAuthorizationEnvironmentUsername, value: username) setContextString(type: kAuthorizationEnvironmentPassword, value: password) return true } else { if let uuid = getEFIUUID() { if let name = XCredsBaseMechanism.getShortname(uuid: uuid) { os_log("Found username in EFI, doing autologin", log: checkADLog, type: .debug) setContextString(type: kAuthorizationEnvironmentUsername, value: name) return true } } } return true } fileprivate func getEFIUUID() -> String? { TCSLogWithMark("getEFIUUID") let chosen = IORegistryEntryFromPath(kIOMasterPortDefault, "IODeviceTree:/chosen") var properties : Unmanaged? let err = IORegistryEntryCreateCFProperties(chosen, &properties, kCFAllocatorDefault, IOOptionBits.init(bitPattern: 0)) if err != 0 { TCSLogWithMark("getEFIUUID error") return nil } guard let props = properties!.takeRetainedValue() as? [ String : AnyHashable ] else { TCSLogWithMark("getEFIUUID error props") return nil } guard let uuid = props["efilogin-unlock-ident"] as? Data else { TCSLogWithMark("getEFIUUID error uuid") return nil } TCSLogWithMark("uuid=\(uuid.hexEncodedString())") return String.init(data: uuid, encoding: String.Encoding.utf8) } func selectAndShowLoginWindow(){ TCSLogWithMark() if let window = mainLoginWindowController?.window { window.makeKeyAndOrderFront(self) window.orderFrontRegardless() } else { TCSLogWithMark("NO MAIN WINDOW FOUND") } let discoveryURL=DefaultsOverride.standardOverride.value(forKey: PrefKeys.discoveryURL.rawValue) let preferLocalLogin = DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldPreferLocalLoginInsteadOfCloudLogin.rawValue) let shouldDetectNetwork = DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldDetectNetworkToDetermineLoginWindow.rawValue) let useROPG = DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldUseROPGForLoginWindowLogin .rawValue) TCSLogWithMark("checking if local login") if preferLocalLogin == false, let _ = discoveryURL { // oidc is configured TCSLogWithMark("discovery url set and prefer local login is false, so seeing if we need to check network") // //ROPG: show username password // if useROPG == true { TCSLogWithMark("using ROPG so showing username/password") showLoginWindowType(loginWindowType: .usernamePassword) } else { Task{ @MainActor in do { try await TokenManager().oidc().getEndpoints() //have network TCSLogWithMark("network available, showing cloud") showLoginWindowType(loginWindowType: .cloud) } catch{ //no network if shouldDetectNetwork == true { TCSLogWithMark("endpoints not available so showing username password login window") showLoginWindowType(loginWindowType: .usernamePassword) } else { TCSLogWithMark("no network and not checking so showing cloud") showLoginWindowType(loginWindowType: .cloud) } } } } } else { TCSLogWithMark("preferring showing local") showLoginWindowType(loginWindowType: .usernamePassword) } } @objc override func run() { TCSLogWithMark("~~~~~~~~~~~~~~~~~~~ XCredsLoginMechanism mech starting ~~~~~~~~~~~~~~~~~~~") loginWebViewController=nil signInViewController=nil if useAutologin() { os_log("Using autologin", log: checkADLog, type: .debug) super.allowLogin() return } if mainLoginWindowController == nil { mainLoginWindowController = MainLoginWindowController.init(windowNibName: "MainLoginWindowController") } mainLoginWindowController?.mechanism=self let showLoginWindowDelaySeconds = DefaultsOverride.standardOverride.integer(forKey: PrefKeys.showLoginWindowDelaySeconds.rawValue) if showLoginWindowDelaySeconds > 0 { TCSLogWithMark("Delaying showing window by \(showLoginWindowDelaySeconds) seconds") sleep(UInt32(showLoginWindowDelaySeconds)) } NetworkMonitor.shared.startMonitoring() selectAndShowLoginWindow() TCSLogWithMark("Verifying if we should show cloud login.") if (StateFileHelper().fileExists(.returnType)==true){ TCSLogWithMark("xcreds_return exists") } else { TCSLogWithMark("xcreds_return does NOT exist") } if StateFileHelper().fileExists(.returnType) == false, DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldShowCloudLoginByDefault.rawValue) == false { setContextString(type: kAuthorizationEnvironmentUsername, value: SpecialUsers.standardLoginWindow.rawValue) TCSLogWithMark("marking to show standard login window") do { try StateFileHelper().createFile(.returnType) } catch { TCSLogWithMark("error creating return file") } allowLogin() return } if StateFileHelper().fileExists(.returnType)==true{ TCSLogWithMark("xcreds_return exists, removing") do { try StateFileHelper().removeFile(.returnType) } catch { TCSLogWithMark("Could not remove /usr/local/var/xcreds_return") } } TCSLogWithMark("Showing XCreds Login Window") //for some reason, software update activates and gets in the way. so we delay for 3 seconds before coming back to front timer = Timer.scheduledTimer(withTimeInterval: 3, repeats: false) { timer in NSApp.activate(ignoringOtherApps: true) } if let runDict = runDict() { TCSLogWithMark("Run dict = \(runDict.debugDescription)") } if let errorMessage = getContextString(type: "ErrorMessage"){ TCSLogWithMark("Sticky error message = \(errorMessage)") let alert = NSAlert() alert.addButton(withTitle: "OK") alert.messageText=errorMessage alert.window.canBecomeVisibleWithoutLogin=true let bundle = Bundle.findBundleWithName(name: "XCreds") if let bundle = bundle { TCSLogWithMark("Found bundle") alert.icon=bundle.image(forResource: NSImage.Name("icon_128x128")) } alert.runModal() } } override func allowLogin() { TCSLogWithMark("Allowing Login") if loginWebViewController != nil || signInViewController != nil { TCSLogWithMark("Dismissing loginWindowWindowController") mainLoginWindowController?.loginTransition { super.allowLogin() } } else { TCSLogWithMark("calling allowLogin") super.allowLogin() } } override func denyLogin(message:String?) { loginWebViewController?.loadPage() TCSLog("***************** DENYING LOGIN FROM LOGIN MECH ********************"); super.denyLogin(message: message) } func showLoginWindowType(loginWindowType:LoginWindowType) { TCSLogWithMark() switch loginWindowType { case .cloud: self.loginWindowType = LoginWindowType.cloud self.mainLoginWindowController?.controlsViewController?.refreshGridColumn?.isHidden=false if loginWebViewController==nil{ let bundle = Bundle.findBundleWithName(name: "XCreds") if let bundle = bundle{ loginWebViewController = LoginWebViewController(nibName: "LoginWebViewController", bundle: bundle) } } guard let loginWebViewController = loginWebViewController else { TCSLogWithMark("could not create loginWebViewController") return } loginWebViewController.mechanismDelegate=self mainLoginWindowController?.addCenterView(loginWebViewController.view) loginWebViewController.webView.nextKeyView=mainLoginWindowController?.controlsViewController?.view case .usernamePassword: self.mainLoginWindowController?.controlsViewController?.refreshGridColumn?.isHidden=true // NetworkMonitor.shared.stopMonitoring() self.loginWindowType = .usernamePassword if signInViewController == nil { let bundle = Bundle.findBundleWithName(name: "XCreds") if let bundle = bundle{ TCSLogWithMark("Creating signInViewController") signInViewController = SignInViewController(nibName: "LocalUsersViewController", bundle:bundle) } } guard let signInViewController = signInViewController else { TCSLogWithMark("could not create signInViewController") return } TCSLogWithMark() if let rfidUsers = getHint(type: .rfidUsers) as? RFIDUsers { signInViewController.rfidUsers = rfidUsers TCSLogWithMark("rfidUsers! \(rfidUsers.userDict?.count ?? 0)") } else { TCSLogWithMark("no rfidUsers in hints") } if let localAdmin = getHint(type: .localAdmin) as? LocalAdminCredentials { signInViewController.localAdmin = localAdmin } else { TCSLogWithMark("no localAdmin found in hints") } mainLoginWindowController?.addCenterView(signInViewController.view) TCSLogWithMark() mainLoginWindowController?.window?.makeFirstResponder(signInViewController.view) signInViewController.mechanismDelegate=self if signInViewController.usernameTextField != nil { signInViewController.usernameTextField.isEnabled=true } if signInViewController.passwordTextField != nil { signInViewController.passwordTextField.isEnabled=true signInViewController.passwordTextField.stringValue="" } if signInViewController.signIn != nil { signInViewController.signIn.isEnabled = true } if signInViewController.localOnlyCheckBox != nil { signInViewController.localOnlyCheckBox.isEnabled = true } mainLoginWindowController?.window?.forceToFrontAndFocus(self) mainLoginWindowController?.window?.makeFirstResponder(signInViewController.usernameTextField) signInViewController.signIn.nextKeyView=mainLoginWindowController?.controlsViewController?.view mainLoginWindowController?.updateWindow() } } } ================================================ FILE: XCredsLoginPlugIn/Mechanisms/XCredsPowerControlMechanism.swift ================================================ // // PowerControl.swift // NoMADLoginAD // // Created by Josh Wisenbaker on 2/9/18. // Copyright © 2018 NoMAD. All rights reserved. // import IOKit import IOKit.pwr_mgt enum SpecialUsers: String { case sleep case restart case shutdown case standardLoginWindow } @available(macOS, deprecated: 11) class XCredsPowerControlMechanism: XCredsBaseMechanism { @objc override func run() { TCSLogWithMark("~~~~~~~~~~~~~~~~~~~ XCredsPowerControlMechanism mech starting starting mech starting ~~~~~~~~~~~~~~~~~~~") // if AuthorizationDBManager.shared.rightExists(right: "loginwindow:login"){ // TCSLogWithMark("setting standard login back to XCreds login") // let _ = AuthorizationDBManager.shared.replace(right:"loginwindow:login", withNewRight: "XCredsLoginPlugin:LoginWindow") // } guard let userName = usernameContext else { TCSLogWithMark("No username was set somehow, pass the login to the next mech.") let _ = allowLogin() return } switch userName { case SpecialUsers.sleep.rawValue: TCSLogWithMark("Sleeping system.") let port = IOPMFindPowerManagement(mach_port_t(MACH_PORT_NULL)) IOPMSleepSystem(port) IOServiceClose(port) case SpecialUsers.shutdown.rawValue: TCSLogWithMark("Shutting system down system") let _ = cliTask("/sbin/shutdown -h now") case SpecialUsers.restart.rawValue: TCSLogWithMark("Restarting system") let _ = cliTask("/sbin/shutdown -r now") case SpecialUsers.standardLoginWindow.rawValue: TCSLogWithMark("mechanism right to boot back to mac login window (SpecialUsers.standardLoginWindow)") try? StateFileHelper().createFile(.returnType) let _ = AuthRightsHelper.resetRights() if UserDefaults.standard.bool(forKey: "slowReboot")==true { sleep(30) } StateFileHelper().killOrReboot() default: TCSLogWithMark("No special users named. pass login to the next mech.") let _ = allowLogin() } } } ================================================ FILE: XCredsLoginPlugIn/Mechanisms/XCredsUserSetup.swift ================================================ // // XCredsUserSetup.swift // // import ProductLicense @available(macOS, deprecated: 11) class XCredsUserSetup: XCredsBaseMechanism{ @objc override func run() { TCSLogWithMark("~~~~~~~~~~~~~~~~~~~ XCredsUserSetup mech starting ~~~~~~~~~~~~~~~~~~~") let bundle = Bundle.findBundleWithName(name: "XCreds") if let bundle = bundle { let infoPlist = bundle.infoDictionary if let infoPlist = infoPlist, let build = infoPlist["CFBundleVersion"] as? String, let version = infoPlist["CFBundleShortVersionString"] as? String { VersionCheck.shared.reportLicenseUsage(identifier: "com.twocanoes.xcreds", appVersion:version,buildNumber: build, event: .checkin) { isSuccess in print(isSuccess) } TCSLogInfoWithMark("------------------------------------------------------------------") TCSLogInfoWithMark("XCreds Login \(version).\(build)") if DefaultsOverride.standardOverride.bool(forKey: "showDebug")==false { TCSLogInfoWithMark("Log showing only basic info and errors.") TCSLogInfoWithMark("Set debugLogging to true to show verbose logging with") TCSLogInfoWithMark("sudo defaults write /Library/Preferences/com.twocanoes.xcreds showDebug -bool true") } else { TCSLogInfoWithMark("To disable verbose logging:") TCSLogInfoWithMark("sudo defaults delete /Library/Preferences/com.twocanoes.xcreds showDebug") } TCSLogInfoWithMark("To see all logging options, go to https://twocanoes.com/knowledge-base/capturing-xcreds-logs/") TCSLogInfoWithMark("------------------------------------------------------------------") } } TCSLogWithMark("checking to see if launchagent should be removed...") let fm = FileManager.default let launchAgentPath = "/Library/LaunchAgents/com.twocanoes.xcreds-launchagent.plist" let launchAgentExists = fm.fileExists(atPath: launchAgentPath) if DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldRemoveMenuItemAutoLaunch.rawValue)==true, launchAgentExists == true { do { TCSLogWithMark("removing launch agent...") try fm.removeItem(atPath: launchAgentPath) } catch { TCSLogWithMark("error removing launch agent: \(error)") } } do { let secretKeeper = try SecretKeeper(label: "XCreds Encryptor", tag: "XCreds Encryptor") let userManager = UserSecretManager(secretKeeper: secretKeeper) let users = try userManager.uidUsers() if let keys = users.userDict?.keys, keys.count>0{ TCSLogWithMark("setting up tap users"); self.setHint(type: .rfidUsers, hint: users as NSSecureCoding) } TCSLogWithMark("checking to see if we should set admin credentials") if let adminUser = try userManager.adminCredentials(){ TCSLogWithMark("Setting Admin User from secure file for keychain reset") self.setHint(type: .localAdmin, hint: adminUser ) } else if let aUsername = DefaultsOverride.standardOverride.string(forKey: PrefKeys.localAdminUserName.rawValue), let aPassword = DefaultsOverride.standardOverride.string(forKey: PrefKeys.localAdminPassword.rawValue), aUsername.isEmpty==false, aPassword.isEmpty==false{ TCSLogWithMark("Setting Admin User from prefs / override script for keychain reset") let localAdmin = LocalAdminCredentials(username: aUsername, password: aPassword) self.setHint(type: .localAdmin, hint: localAdmin) } try? StateFileHelper().removeFile(.fileVaultLogin) if let credentials = getHint(type: .localAdmin) as? LocalAdminCredentials { TCSLogWithMark("local admin set in hints") TCSLogWithMark("checking to see if we should skip filevault login by seeing if shouldSkipFileVaultLoginAdmin pref is true") if DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldSkipFileVaultLoginAdmin.rawValue)==true, filevaultAuth(username: credentials.username, password: credentials.password) == true { TCSLogWithMark("Successfully authenticated with FileVault using local admin.") try? StateFileHelper().createFile(.fileVaultLogin) } } else { TCSLogWithMark("local admin not set in hints") } if let aUsername = DefaultsOverride.standardOverride.string(forKey: PrefKeys.localAdminUserName.rawValue){ TCSLogWithMark("localAdminUserName set: \(aUsername)") } else { TCSLogWithMark("localAdminUserName not set") } if let _ = DefaultsOverride.standardOverride.string(forKey: PrefKeys.localAdminPassword.rawValue){ TCSLogWithMark("localAdminPassword set") } else { TCSLogWithMark("localAdminPassword not set") } } catch { TCSLogWithMark(error.localizedDescription) } updateDSRecords() let _ = allowLogin() } func updateDSRecords() { guard let nonSystemUsers = try? getAllNonSystemUsers() else{ TCSLogWithMark("could not get non system users") return } for odRecord in nonSystemUsers { let userDetails = try? odRecord.recordDetails(forAttributes: nil) if let userDetails = userDetails { if let _ = try? odRecord.values(forAttribute: "dsAttrTypeNative:_xcreds_oidc_full_username") as? [String]{ TCSLogWithMark("user already has oidc full username") continue } TCSLogWithMark("searching for user in user account") if let homeDirArray = userDetails["dsAttrTypeStandard:NFSHomeDirectory"] as? Array, homeDirArray.count>0{ let homeDir = homeDirArray[0] TCSLogWithMark("looking in \(homeDir) for ds_info.plist") let appSupportFolder = homeDir + "/Library/Application Support/XCreds" let plistPath = appSupportFolder + "/ds_info.plist" TCSLogWithMark("looking in path \(plistPath)") if FileManager.default.fileExists(atPath: plistPath){ TCSLogWithMark("found ds_info.plist") do { TCSLogWithMark("reading plist") let dict = try PropertyListDecoder().decode([String:String].self, from: Data(contentsOf: URL(fileURLWithPath: plistPath))) TCSLogWithMark("got plist") if let currOIDCFullUsername = dict["_xcreds_oidc_full_username"], let oidcUsername = dict["_xcreds_oidc_username"], let subValue = dict["subValue"], let issuerValue = dict["issuerValue"] { TCSLogWithMark("updating user account info") try odRecord.setValue("1", forAttribute: "dsAttrTypeNative:_xcreds_oidc_updatedfromlocal") try odRecord.setValue(currOIDCFullUsername, forAttribute: "dsAttrTypeNative:_xcreds_oidc_full_username") try odRecord.setValue(oidcUsername, forAttribute: "dsAttrTypeNative:_xcreds_oidc_username") try odRecord.setValue(subValue, forAttribute: "dsAttrTypeNative:_xcreds_oidc_sub") try odRecord.setValue(issuerValue, forAttribute: "dsAttrTypeNative:_xcreds_oidc_iss") if let currKerberosPrincipal = dict["_xcreds_activedirectory_kerberosPrincipal"] { try odRecord.setValue(currKerberosPrincipal, forAttribute: "dsAttrTypeNative:_xcreds_activedirectory_kerberosPrincipal") } TCSLogWithMark("removing file") try FileManager.default.removeItem(atPath: plistPath) } } catch { TCSLogWithMark("error decoding propertylist: \(error)") } } } } } } } ================================================ FILE: XCredsLoginPlugIn/PinPromptWindowController.swift ================================================ // // PinPromptWindowController.swift // XCredsLoginPlugin // // Created by Timothy Perfitt on 12/6/24. // import Cocoa class PinPromptWindowController: NSWindowController { @IBOutlet weak var pinTextField: NSSecureTextField! var pin:String? override func windowDidLoad() { super.windowDidLoad() self.window?.canBecomeVisibleWithoutLogin=true } @IBAction func cancelButtonPressed(_ sender: NSButton) { NSApp.stopModal(withCode: .cancel) } @IBAction func okButtonPressed(_ sender: NSButton) { if !pinTextField.stringValue.isEmpty { pin = pinTextField.stringValue NSApp.stopModal(withCode: .OK) } } } ================================================ FILE: XCredsLoginPlugIn/PinPromptWindowController.xib ================================================ NSAllRomanInputSourcesLocaleIdentifier ================================================ FILE: XCredsLoginPlugIn/PinSetWindowController.swift ================================================ // // PinPromptWindowController.swift // XCredsLoginPlugin // // Created by Timothy Perfitt on 12/6/24. // import Cocoa class PinSetWindowController: NSWindowController { @IBOutlet weak var pinTextField: NSSecureTextField! @IBOutlet weak var verifyPinTextField: NSSecureTextField! var pin:String? override func windowDidLoad() { super.windowDidLoad() self.window?.canBecomeVisibleWithoutLogin=true } @IBAction func skipPINButtonPressed(_ sender: NSButton) { pin=nil NSApp.stopModal(withCode: .alertThirdButtonReturn) } @IBAction func cancelButtonPressed(_ sender: NSButton) { NSApp.stopModal(withCode: .cancel) } @IBAction func okButtonPressed(_ sender: NSButton) { if !pinTextField.stringValue.isEmpty, !verifyPinTextField.stringValue.isEmpty, pinTextField.stringValue == verifyPinTextField.stringValue { pin = pinTextField.stringValue NSApp.stopModal(withCode: .OK) } else { self.window?.shakeWindow() } } } ================================================ FILE: XCredsLoginPlugIn/PinSetWindowController.xib ================================================ NSAllRomanInputSourcesLocaleIdentifier NSAllRomanInputSourcesLocaleIdentifier ================================================ FILE: XCredsLoginPlugIn/SetupCardWindowController.swift ================================================ // // SetupCardWindowController.swift // XCreds // // Created by Timothy Perfitt on 12/4/24. // import Cocoa import CryptoTokenKit class SetupCardWindowController: NSWindowController { var pin:String? override func windowDidLoad() { super.windowDidLoad() TCSLogWithMark() TCSLogWithMark() self.window?.close() NSApp.stopModal(withCode: NSApplication.ModalResponse.OK) // guard let readerName = DefaultsOverride.standardOverride.string(forKey: PrefKeys.ccidSlotName.rawValue) else { // TCSLogWithMark("No ccid slot name") // return // } // let watcher = TKTokenWatcher() // // // watcher.setInsertionHandler({ tokenID in // watcher.addRemovalHandler({ tokenID in // TCSLogWithMark("card removed") // }, forTokenID: tokenID) // // let slotNames = TKSmartCardSlotManager.default?.slotNames // // guard let slotNames = slotNames, slotNames.count>0 else { // return // } // // if slotNames.contains(readerName) == false { // TCSLogWithMark("reader \(readerName) not found") // } // let slot = TKSmartCardSlotManager.default?.slotNamed(readerName) // guard let tkSmartCard = slot?.makeSmartCard() else { // return // } // TCSLogWithMark("card inserted") // // let builtInReader = CCIDCardReader(tkSmartCard: tkSmartCard) // TCSLogWithMark() // // let returnData = builtInReader.sendAPDU(cla: 0xFF, ins: 0xCA, p1: 0, p2: 0, data: nil) // TCSLogWithMark() // if let returnData=returnData, returnData.count>2{ // DispatchQueue.main.async { // TCSLogWithMark() // let hex=returnData[0...returnData.count-3].hexEncodedString() // // let pinSetWindowController = PinSetWindowController(windowNibName: "PinSetWindowController") // let res = NSApp.runModal(for: pinSetWindowController.window!) // // if res == .OK{ // self.pin = pinSetWindowController.pin // // } // // if res == .cancel { // pinSetWindowController.window?.close() // return // } // // pinSetWindowController.window?.close() // // // self.uid = hex // TCSLogWithMark() // self.window?.close() // NSApp.stopModal(withCode: NSApplication.ModalResponse.OK) // } // } // // }) } @IBAction func cancelButtonPressed(_ sender: NSButton) { self.window?.close() NSApp.stopModal(withCode: .cancel) } } ================================================ FILE: XCredsLoginPlugIn/SetupCardWindowController.xib ================================================ To pair an RFID card to your user account, tap the card to the reader now. The card can then be used instead of entering your password when logging in to this Mac. You will be prompted to optionally set a PIN that will be required when tapping to log in. Using a PIN helps secure your password and prevents someone who has your card but does not know your PIN from logging in. ================================================ FILE: XCredsLoginPlugIn/WifiWindowController.swift ================================================ // // WifiView.swift import Cocoa import CoreWLAN class OKTabPopUpButton: NSPopUpButton { override var canBecomeKeyView: Bool {return true} // } @available(macOS, deprecated: 11) class WifiWindowController: NSWindowController, NetworkManagerDelegate, NSMenuDelegate { // @IBOutlet weak var backgroundView: NonBleedingView! // @IBOutlet weak var mainView: NonBleedingView! @IBOutlet weak var certificateLabel: NSTextField! @IBOutlet weak var wifiCredentialTitleLabel: NSTextField? @IBOutlet weak var networkSearch: NSButton? @IBOutlet weak var networkPassword: NSSecureTextField? @IBOutlet weak var networkUsername: NSTextField? @IBOutlet weak var networkConnectButton: NSButton? @IBOutlet weak var networkstatusLabel: NSTextField? @IBOutlet weak var networkWifiPopup: NSPopUpButton? // @IBOutlet weak var networkOpenStatusLabel: NSTextField! @IBOutlet weak var certificatePopupButton: NSPopUpButton! @IBOutlet weak var networkPasswordLabel: NSTextField! // @IBOutlet weak var dismissButton: NSButton! @IBOutlet var credentialsWindow: NSWindow! @IBOutlet weak var networkConnectionSpinner: NSProgressIndicator? @IBOutlet weak var addSSIDMenuButton: NSButton? @IBOutlet weak var addSSIDButton: NSButton? @IBOutlet weak var addSSIDText: NSTextField? @IBOutlet weak var addSSIDLabel: NSTextField? @IBOutlet weak var wifiSwitch: NSSwitch! @IBOutlet weak var networkUsernameLabel: NSTextField! @IBOutlet weak var wifiPopupMenu: NSMenu! @IBAction func help(_ sender: Any) { } @IBOutlet weak var networkUsernameView: NSView? @IBOutlet weak var networkPasswordView: NSView? var networks: Set = [] var selectedNetwork:CWNetwork? let wifiLog = "wifiLog" private var defaultFadeDuration: TimeInterval = 0.1 private var completionHandler: (() -> Void)? var delegate: XCredsMechanismProtocol? let networkManager = NetworkManager() @IBAction func wifiCredentialCancelButtonPressed(_ sender: NSButton) { NSApp.stopModal() credentialsWindow.orderOut(self) updateNetworks() } override func awakeFromNib() { TCSLogWithMark() super.awakeFromNib() TCSLogWithMark() configureAppearance() TCSLogWithMark() updateAvailableNetworks() self.networkUsernameView?.isHidden=true self.networkPasswordView?.isHidden=true certificatePopupButton.removeAllItems() certificatePopupButton.addItem(withTitle: "None") TCSLogWithMark("adding wifi networks") certificatePopupButton.addItems(withTitles: NetworkManager().identityCommonNames()) networkManager.wifiState() { state in switch state { case .off: self.wifiSwitch.state = .off case .on: self.wifiSwitch.state = .on } } } @IBAction func menuItemSelected(_ popupButton: NSPopUpButton) { if popupButton.titleOfSelectedItem == networkManager.getCurrentSSID() { print("selected current"); } else { if let network = popupButton.selectedItem?.representedObject as? CWNetwork { selectedNetwork = network configureUIForSelectedNetwork(network: network) } } } func menuNeedsUpdate(_ menu: NSMenu) { updateNetworks() } @objc func updateAvailableNetworks() { DispatchQueue.global().async { DispatchQueue.main.async { self.networkWifiPopup?.isEnabled=false self.networkConnectionSpinner?.startAnimation(true) self.networkConnectionSpinner?.isHidden=false } if let availableNetworks = self.networkManager.findNetworks() { self.networks=availableNetworks } DispatchQueue.main.async { self.networkWifiPopup?.isEnabled=true self.networkConnectionSpinner?.stopAnimation(self) self.networkConnectionSpinner?.isHidden=true self.updateNetworks() } } } func updateNetworks() { os_log("Remove allItems") self.networkWifiPopup?.removeAllItems() if networks.count == 0 { os_log("Unable to find any networks", log: wifiLog, type: .debug) self.networkWifiPopup?.addItem(withTitle: "No networks") } for network in networks { if let networkName = network.ssid { self.networkWifiPopup?.addItem(withTitle: networkName) self.networkWifiPopup?.lastItem?.representedObject=network self.networks.insert(network) } } self.networkWifiPopup?.selectItem(withTitle: networkManager.getCurrentSSID() ?? "") configCurrentNetwork() } func configCurrentNetwork() { TCSLogWithMark() if let currentNetworkName = networkManager.getCurrentSSID() { self.networkstatusLabel?.stringValue = "Connected to: \(currentNetworkName)" } else { self.networkstatusLabel?.stringValue = "Connected via Ethernet" } TCSLogWithMark() } private func configureAppearance() { TCSLogWithMark() self.networkWifiPopup?.removeAllItems() self.networkWifiPopup?.addItem(withTitle: "Choose Network...") } func set(completionHandler: (() -> Void)?) { self.completionHandler = completionHandler } @IBAction func dismissButton(_ sender: Any) { TCSLogWithMark("closing window") DispatchQueue.main.async { TCSLogWithMark("Triggering login window reload") self.delegate?.reload() self.window?.close() } } @IBAction func connect(_ sender: Any) { if let selectedNetwork = selectedNetwork { let userPassword = self.networkPassword?.stringValue let username = self.networkUsername?.stringValue var identity:SecIdentity? if certificatePopupButton.indexOfSelectedItem>0{ let cn = certificatePopupButton.title TCSLogWithMark("using cert \(cn)") let identityFromCN = TCSKeychain.findIdentity(withSubject: cn) TCSLogWithMark("using cert2 \(identityFromCN.debugDescription)") identity = identityFromCN?.takeRetainedValue() TCSLogWithMark("using identity: \(cn)") TCSLogWithMark("identity: \(identity.debugDescription)") } TCSLogWithMark("connectWiFi") let connected = networkManager.connectWifi(with: selectedNetwork, password: userPassword, username: username, identity: identity) TCSLogWithMark("done connectWifi") if connected { TCSLogWithMark("connected") NSApp.stopModal() credentialsWindow.orderOut(self) networkManager.delegate = self networkManager.internetConnected() return } else { TCSLogWithMark("not connected") credentialsWindow.shake(self) } } } @IBAction func wifiButtonPressed(_ sender: NSSwitch) { if sender.state == .off { networkManager.setWiFiState(.off) { self.updateAvailableNetworks() } } else { networkManager.setWiFiState(.on) { self.networkWifiPopup?.isEnabled=false self.networkConnectionSpinner?.startAnimation(true) self.networkConnectionSpinner?.isHidden=false DispatchQueue.main.asyncAfter(deadline: .now() + 3) { self.updateAvailableNetworks() } } } TCSLogWithMark("Wifi Button Switch changed") } func configureUIForSelectedNetwork(network: CWNetwork) { self.networkUsername?.stringValue = "" self.networkPassword?.stringValue = "" let securityType = networkManager.networkSecurityType(network) switch securityType { case .none: connect(self) return case .password: self.networkUsername?.isHidden = true networkUsernameLabel.isHidden = true certificateLabel.isHidden = true self.certificatePopupButton.isHidden = true self.networkPassword?.isHidden = false networkPasswordLabel?.isHidden = false case .enterpriseUserPassword: self.networkUsername?.isHidden = false networkUsernameLabel.isHidden = false self.networkPassword?.isHidden = false networkPasswordLabel?.isHidden = false certificateLabel.isHidden = false self.certificatePopupButton.isHidden = false } wifiCredentialTitleLabel?.stringValue = "The wifi network \"\(network.ssid ?? "" )\" requires login:" credentialsWindow.canBecomeVisibleWithoutLogin = true DispatchQueue.main.asyncAfter(deadline: .now() + 0.5) { self.credentialsWindow.level = .screenSaver+10 } NSApp.runModal(for: credentialsWindow) } @IBAction func searchButton(_ sender: Any) { self.updateAvailableNetworks() } @IBAction func addSSIDMenuButton(_ sender: Any){ // Hiding the other UI networkUsernameView?.isHidden = true networkPasswordView?.isHidden = true // Making the add SSID options appear addSSIDText?.isHidden = false addSSIDLabel?.isHidden = false addSSIDButton?.isHidden = false } @IBAction func addSSIDButton(_ sender: Any){ // Searching for a WiFi of that name let results = networkManager.findNetworkWithSSID(ssid: addSSIDText?.stringValue ?? "Unknown SSID" ) ?? [] // Adding the SSID to the network list for network in results { self.networkWifiPopup?.addItem(withTitle: network.ssid ?? "Unknown SSID") self.networkWifiPopup?.selectItem(withTitle: network.ssid ?? "Unknown SSID") } networks.formUnion(results) // Making the other views accessible again networkUsernameView?.isHidden = false networkPasswordView?.isHidden = false // Hiding the add SSID options addSSIDText?.isHidden = true addSSIDLabel?.isHidden = true addSSIDButton?.isHidden = true // Updating the network changed UI // self.configureUIForSelectedNetwork() } // In order to prevent a NSView from bleeding it's mouse events to the parent, one must implement the empty methods. // MARK: - NetworkManager Delegates func networkManagerFullyFinishedInternetConnectionTimer() { // self.enableUI() self.networkUsername?.stringValue = "" self.networkPassword?.stringValue = "" } func networkManagerConnectedToNetwork() { TCSLogWithMark("WiFi successfully connected leaving manager") self.dismissButton(self) } } ================================================ FILE: XCredsLoginPlugIn/WifiWindowController.xib ================================================ NSAllRomanInputSourcesLocaleIdentifier ================================================ FILE: XCredsLoginPlugIn/XCredsLoginPlugin.h ================================================ // // XCredsLoginPlugin.h // XCredsLoginPlugin // // Created by Timothy Perfitt on 7/2/22. // #import @import Foundation; @import Security.AuthorizationPlugin; @import Security.AuthSession; extern OSStatus SecKeychainChangePassword(SecKeychainRef keychainRef, UInt32 oldPasswordLength, const void* oldPassword, UInt32 newPasswordLength, const void* newPassword); extern OSStatus SecKeychainResetLogin(UInt32 passwordLength, const void* password, Boolean resetSearchList); extern OSStatus SecKeychainItemSetAccessWithPassword(SecKeychainItemRef item, SecAccessRef access, UInt32 passLength, const void* password); // Plugin constants enum { kPluginMagic = 'PlgN' }; struct PluginRecord { OSType fMagic; const AuthorizationCallbacks *fCallbacks; }; typedef struct PluginRecord PluginRecord; #pragma mark - Mechanism enum { kMechanismMagic = 'Mchn' }; struct MechanismRecord { OSType fMagic; AuthorizationEngineRef fEngine; const PluginRecord * fPlugin; AuthorizationString fMechID; Boolean fCheckAD; Boolean fUserSetup; Boolean fLoginWindow; Boolean fPowerControl; Boolean fEnableFDE; Boolean fKeychainAdd; Boolean fCreateUser; Boolean fLoginDone; }; typedef struct MechanismRecord MechanismRecord; #pragma mark #pragma mark ObjC AuthPlugin Wrapper @interface XCredsLoginPlugin : NSObject - (OSStatus)MechanismCreate:(AuthorizationPluginRef)inPlugin EngineRef:(AuthorizationEngineRef)inEngine MechanismId:(AuthorizationMechanismId)mechanismId MechanismRef:(AuthorizationMechanismRef *)outMechanism; // Starts authentication - (OSStatus)MechanismInvoke:(AuthorizationMechanismRef)inMechanism; // Decactive mechanism - (OSStatus)MechanismDeactivate:(AuthorizationMechanismRef)inMechanism; // Destroys mechanism - (OSStatus)MechanismDestroy:(AuthorizationMechanismRef)inMechanism; // Plugin parts // Destroy plugin - (OSStatus)PluginDestroy:(AuthorizationPluginRef)inPlugin; // Creates plugin - (OSStatus)AuthorizationPluginCreate:(const AuthorizationCallbacks *)callbacks PluginRef:(AuthorizationPluginRef *)outPlugin PluginInterface:(const AuthorizationPluginInterface **)outPluginInterface; @end ================================================ FILE: XCredsLoginPlugIn/XCredsLoginPlugin.m ================================================ // // XCredsLoginPlugin.m // XCredsLoginPlugin // // Created by Timothy Perfitt on 7/2/22. // #import "XCredsLoginPlugin.h" #import "XCredsLoginPlugin-Swift.h" #import XCredsLoginPlugin *authorizationPlugin = nil; //os_log_t pluginLog = nil; XCredsLoginMechanism *loginWindowMechanism = nil; XCredsLoginDone *loginDone = nil; static OSStatus PluginDestroy(AuthorizationPluginRef inPlugin) { TCSLog([NSString stringWithFormat:@"%s %s:%d",__FUNCTION__, [[[NSString stringWithCString:__FILE__ encoding:NSUTF8StringEncoding] lastPathComponent] cStringUsingEncoding:NSUTF8StringEncoding],__LINE__]); return [authorizationPlugin PluginDestroy:inPlugin]; } static OSStatus MechanismCreate(AuthorizationPluginRef inPlugin, AuthorizationEngineRef inEngine, AuthorizationMechanismId mechanismId, AuthorizationMechanismRef *outMechanism) { TCSLog([NSString stringWithFormat:@"%s %s:%d id:%s",__FUNCTION__, [[[NSString stringWithCString:__FILE__ encoding:NSUTF8StringEncoding] lastPathComponent] cStringUsingEncoding:NSUTF8StringEncoding] ,__LINE__,mechanismId]); return [authorizationPlugin MechanismCreate:inPlugin EngineRef:inEngine MechanismId:mechanismId MechanismRef:outMechanism]; } static OSStatus MechanismInvoke(AuthorizationMechanismRef inMechanism) { MechanismRecord *mechanism = (MechanismRecord *)inMechanism; // mechanism->fMechID = mechanismId; TCSLog([NSString stringWithFormat:@"%s %s:%d id:%s",__FUNCTION__, [[[NSString stringWithCString:__FILE__ encoding:NSUTF8StringEncoding] lastPathComponent] cStringUsingEncoding:NSUTF8StringEncoding],__LINE__,mechanism->fMechID]); return [authorizationPlugin MechanismInvoke:inMechanism]; } static OSStatus MechanismDeactivate(AuthorizationMechanismRef inMechanism) { MechanismRecord *mechanism = (MechanismRecord *)inMechanism; TCSLog([NSString stringWithFormat:@"%s %s:%d id:%s",__FUNCTION__, [[[NSString stringWithCString:__FILE__ encoding:NSUTF8StringEncoding] lastPathComponent] cStringUsingEncoding:NSUTF8StringEncoding],__LINE__,mechanism->fMechID]); return [authorizationPlugin MechanismDeactivate:inMechanism]; } static OSStatus MechanismDestroy(AuthorizationMechanismRef inMechanism) { MechanismRecord *mechanism = (MechanismRecord *)inMechanism; TCSLog([NSString stringWithFormat:@"%s %s:%d id:%s",__FUNCTION__, [[[NSString stringWithCString:__FILE__ encoding:NSUTF8StringEncoding] lastPathComponent] cStringUsingEncoding:NSUTF8StringEncoding],__LINE__,mechanism->fMechID]); return [authorizationPlugin MechanismDestroy:inMechanism]; } static AuthorizationPluginInterface gPluginInterface = { kAuthorizationPluginInterfaceVersion, &PluginDestroy, &MechanismCreate, &MechanismInvoke, &MechanismDeactivate, &MechanismDestroy }; extern OSStatus AuthorizationPluginCreate(const AuthorizationCallbacks *callbacks, AuthorizationPluginRef *outPlugin, const AuthorizationPluginInterface **outPluginInterface) { TCSLog([NSString stringWithFormat:@"%s %s:%d",__FUNCTION__, [[[NSString stringWithCString:__FILE__ encoding:NSUTF8StringEncoding] lastPathComponent] cStringUsingEncoding:NSUTF8StringEncoding],__LINE__]); if (authorizationPlugin == nil) { authorizationPlugin = [[XCredsLoginPlugin alloc] init]; } return [authorizationPlugin AuthorizationPluginCreate:callbacks PluginRef:outPlugin PluginInterface:outPluginInterface]; } // Implementation @implementation XCredsLoginPlugin - (OSStatus)AuthorizationPluginCreate:(const AuthorizationCallbacks *)callbacks PluginRef:(AuthorizationPluginRef *)outPlugin PluginInterface:(const AuthorizationPluginInterface **)outPluginInterface { TCSLog([NSString stringWithFormat:@"%s %s:%d",__FUNCTION__, [[[NSString stringWithCString:__FILE__ encoding:NSUTF8StringEncoding] lastPathComponent] cStringUsingEncoding:NSUTF8StringEncoding],__LINE__]); PluginRecord *plugin = (PluginRecord *) malloc(sizeof(*plugin)); if (plugin == NULL) return errSecMemoryError; plugin->fMagic = kPluginMagic; plugin->fCallbacks = callbacks; *outPlugin = plugin; *outPluginInterface = &gPluginInterface; return errSecSuccess; } - (OSStatus)MechanismCreate:(AuthorizationPluginRef)inPlugin EngineRef:(AuthorizationEngineRef)inEngine MechanismId:(AuthorizationMechanismId)mechanismId MechanismRef:(AuthorizationMechanismRef *)outMechanism { TCSLog([NSString stringWithFormat:@"%s %s:%d",__FUNCTION__, [[[NSString stringWithCString:__FILE__ encoding:NSUTF8StringEncoding] lastPathComponent] cStringUsingEncoding:NSUTF8StringEncoding],__LINE__]); MechanismRecord *mechanism = (MechanismRecord *)malloc(sizeof(MechanismRecord)); if (mechanism == NULL) return errSecMemoryError; TCSLog([NSString stringWithFormat:@"==========> Authorization Plugin %s Mechanism created.<===========\n",mechanismId]); mechanism->fMagic = kMechanismMagic; mechanism->fEngine = inEngine; mechanism->fPlugin = (PluginRecord *)inPlugin; mechanism->fMechID = mechanismId; mechanism->fUserSetup = (strcmp(mechanismId, "UserSetup") == 0); mechanism->fLoginWindow = (strcmp(mechanismId, "LoginWindow") == 0); mechanism->fPowerControl = (strcmp(mechanismId, "PowerControl") == 0); mechanism->fEnableFDE = (strcmp(mechanismId, "EnableFDE") == 0); mechanism->fKeychainAdd = (strcmp(mechanismId, "KeychainAdd") == 0); mechanism->fCreateUser = (strcmp(mechanismId, "CreateUser") == 0); mechanism->fLoginDone = (strcmp(mechanismId, "LoginDone") == 0); *outMechanism = mechanism; return errSecSuccess; } - (OSStatus)MechanismInvoke:(AuthorizationMechanismRef)inMechanism { TCSLog([NSString stringWithFormat:@"%s %s:%d",__FUNCTION__, [[[NSString stringWithCString:__FILE__ encoding:NSUTF8StringEncoding] lastPathComponent] cStringUsingEncoding:NSUTF8StringEncoding],__LINE__]); MechanismRecord *mechanism = (MechanismRecord *)inMechanism; if (mechanism->fLoginWindow) { if (loginWindowMechanism==nil){ loginWindowMechanism = [[XCredsLoginMechanism alloc] initWithMechanism:mechanism]; } [loginWindowMechanism run]; } else if (mechanism->fUserSetup){ XCredsUserSetup *userSetup = [[XCredsUserSetup alloc] initWithMechanism:mechanism]; [userSetup run]; } else if (mechanism->fPowerControl){ XCredsPowerControlMechanism *powerControl = [[XCredsPowerControlMechanism alloc] initWithMechanism:mechanism]; [powerControl run]; } else if (mechanism->fEnableFDE){ XCredsEnableFDE *fdeMech = [[XCredsEnableFDE alloc] initWithMechanism:mechanism]; [fdeMech run]; } else if (mechanism->fKeychainAdd){ XCredsKeychainAdd *keychainAdd = [[XCredsKeychainAdd alloc] initWithMechanism:mechanism]; [keychainAdd run]; } else if (mechanism->fCreateUser){ XCredsCreateUser *createUser = [[XCredsCreateUser alloc] initWithMechanism:mechanism]; [createUser run]; } else if (mechanism->fLoginDone){ loginDone = [[XCredsLoginDone alloc] initWithMechanism:mechanism]; [loginDone run]; } return noErr; } - (OSStatus)MechanismDeactivate:(AuthorizationMechanismRef)inMechanism { TCSLog([NSString stringWithFormat:@"%s %s:%d",__FUNCTION__, [[[NSString stringWithCString:__FILE__ encoding:NSUTF8StringEncoding] lastPathComponent] cStringUsingEncoding:NSUTF8StringEncoding],__LINE__]); OSStatus err; MechanismRecord *mechanism = (MechanismRecord *)inMechanism; err = mechanism->fPlugin->fCallbacks->DidDeactivate(mechanism->fEngine); return err; } - (OSStatus)MechanismDestroy:(AuthorizationMechanismRef)inMechanism { TCSLog([NSString stringWithFormat:@"%s %s:%d",__FUNCTION__, [[[NSString stringWithCString:__FILE__ encoding:NSUTF8StringEncoding] lastPathComponent] cStringUsingEncoding:NSUTF8StringEncoding],__LINE__]); MechanismRecord *mechanism = (MechanismRecord *)inMechanism; if (mechanism->fLoginWindow) { [loginWindowMechanism tearDown]; } if (mechanism->fLoginDone) { [loginDone tearDown]; } free(mechanism); return noErr; } - (OSStatus)PluginDestroy:(AuthorizationPluginRef)inPlugin { TCSLog([NSString stringWithFormat:@"%s %s:%d",__FUNCTION__, [[[NSString stringWithCString:__FILE__ encoding:NSUTF8StringEncoding] lastPathComponent] cStringUsingEncoding:NSUTF8StringEncoding],__LINE__]); free(inPlugin); return noErr; } @end ================================================ FILE: XCredsLoginPlugIn/errorpage.html ================================================

Trial or License Expired

please visit twocanoes.com for more information

================================================ FILE: XCredsLoginPlugIn/loadpage.html ================================================

Please Wait....

(or try connecting to network or check preferences)

================================================ FILE: app_to_test.sh ================================================ #!/bin/sh -e set -e set -x a=123 BUILD_DIR="/tmp/xcreds" DERIVED_DATA_DIR="${BUILD_DIR}/DerivedData" if [ "${1}" ]; then REMOTE_MAC=$1 else REMOTE_MAC="test.local" fi agvtool bump xcodebuild -scheme "XCreds" -configuration "Release" -derivedDataPath "${DERIVED_DATA_DIR}" ssh root@"${REMOTE_MAC}" 'bash -c "if [ -e "/Applications/XCreds.app" ] ; then echo removing; rm -rf "/Applications/XCreds.app"; fi"' if [ -e /tmp/xcreds/xcreds.zip ]; then rm /tmp/xcreds/xcreds.zip fi pushd /tmp/xcreds/DerivedData/Build/Products/Release/ zip -r /tmp/xcreds/xcreds.zip XCreds.app popd ssh root@"${REMOTE_MAC}" 'bash -c "if [ -e "/tmp/xcreds.zip" ] ; then echo removing; rm -rf "/tmp/xcreds.zip"; fi"' scp -Cr /tmp/xcreds/xcreds.zip root@"${REMOTE_MAC}":/tmp/xcreds.zip ssh root@"${REMOTE_MAC}" unzip /tmp/xcreds.zip -d /Applications #scp -r /tmp/xcreds/DerivedData/Build/Products/Release/XCreds.app root@"${REMOTE_MAC}":/Applications ssh root@"${REMOTE_MAC}" /Applications/XCreds.app/Contents/Resources/xcreds_login.sh -r ssh root@"${REMOTE_MAC}" /Applications/XCreds.app/Contents/Resources/xcreds_login.sh -i #ssh root@"${REMOTE_MAC}" killall -9 SecurityAgent || echo "unable to kill" ssh root@"${REMOTE_MAC}" reboot exit 0 ================================================ FILE: auth_mech_fixup/auth_mech_fixup-Bridging-Header.h ================================================ // // XCreds-Bridging-Header.h // XCreds // // Created by Timothy Perfitt on 6/3/22. // #ifndef XCreds_Bridging_Header_h #define XCreds_Bridging_Header_h #import "TCSUnifiedLogger.h" #endif /* XCreds_Bridging_Header_h */ ================================================ FILE: auth_mech_fixup/main.swift ================================================ // // main.swift // auth_mech_fixup // // Created by Timothy Perfitt on 5/31/23. // import Foundation if AuthorizationDBManager.shared.rightExists(right: "XCredsLoginPlugin:LoginWindow") == true { TCSLogWithMark("XCreds auth rights already installed.") exit(0) } TCSLogErrorWithMark("XCreds rights do not exist. Fixing and rebooting") if AuthRightsHelper.resetRights()==false { TCSLogErrorWithMark("error resetting rights") exit(1) } if AuthRightsHelper.addRights()==false { TCSLogErrorWithMark("error adding rights") exit(1) } ================================================ FILE: authrights/authrights.swift ================================================ // // main.swift // authrights // // Created by Timothy Perfitt on 7/11/22. // import ArgumentParser @main struct AuthRights: ParsableCommand { @Flag(name: .shortAndLong, help: "print rights") var printRights:Int @Flag(name: .shortAndLong, help: "delete right") var deleteRight:Int @Option(name: .shortAndLong, help: "insert before this rule") var beforeThisRight: String? @Option(name: .shortAndLong, help: "insert after this rule") var afterThisRight: String? @Option(name: .shortAndLong, help: "replace this rule") var replaceThisRight: String? @Argument(help: "Rule to insert") var right: String? mutating func run() throws { let manager = AuthorizationDBManager.shared if (printRights == 1) { let info = manager.consoleRights().joined(separator: "\n") print(info) return } guard let right = right else { print("must specify right") return } if deleteRight == 1 { if manager.remove(right: right)==false { // print("error removing right") } } else if beforeThisRight != nil { if manager.insertRight(newRight:right , beforeRight: beforeThisRight!)==false{ print("error inserting before right") } } else if afterThisRight != nil { // print("inserting right after") if manager.insertRight(newRight: right, afterRight: afterThisRight!)==false{ print("error inserting after right") } } else if replaceThisRight != nil { if manager.replace(right: replaceThisRight!, withNewRight: right)==false{ print("error replacing right") } } else { print("No placement option specified") } } } ================================================ FILE: build.sh ================================================ #!/bin/bash set -e echo "post to github? (Y/n)" read should_upload if [ "${should_upload}" = "n" ]; then echo "not uploading" else export upload=1 echo "uploading to github when done" fi echo "updated manifest version? (y/N)" read should_update_manifest if [ "${should_update_manifest}" = "y" ]; then export update_manifest=1 echo "updating manifest" fi pushd ./build_resources/buildscripts/ SKIP_DMG=1 ./build.sh popd ================================================ FILE: build_resources/DropDMG/XCreds/Info.plist ================================================ content identifier Layout.ED28A313-0EA9-4192-9652-7AA315AA59ED options fontSize 12 iconSize 128 layoutItems identifier LayoutItem.1F40890E-6379-429C-902A-F52E81C1B604 name XCreds.pkg position {304, 96} type file identifier LayoutItem.9F03F118-1251-4179-9D61-1091A7F850A6 name Documentation position {144, 320} type file identifier LayoutItem.3125D295-9961-40A5-A990-E098A423D71A name Uninstaller position {320, 320} type file identifier LayoutItem.19C61CBE-0A4A-4AFC-87F7-228B0913D85C name Legal position {512, 320} type file identifier LayoutItem.0AEAED19-1696-44FA-B375-05AEF81CA833 position {75.078125, 458.642578125} rtf {\rtf1\ansi\ansicpg1252\cocoartf2511 \cocoatextscaling0\cocoaplatform0{\fonttbl\f0\fswiss\fcharset0 Helvetica;} {\colortbl;\red255\green255\blue255;} {\*\expandedcolortbl;;} \pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\pardirnatural\partightenfactor0 \f0\fs24 \cf0 $\{DATE\}} size {118.15625, 21.28515625} type text identifier LayoutItem.5747FF97-6356-4318-84CF-6B8008FD617F position {442.083984375, 462.75} rtf {\rtf1\ansi\ansicpg1252\cocoartf1671\cocoasubrtf400 {\fonttbl\f0\fswiss\fcharset0 Helvetica;} {\colortbl;\red255\green255\blue255;} {\*\expandedcolortbl;;} \pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\pardirnatural\qr\partightenfactor0 \f0\fs24 \cf0 Version: $\{APP_VERSION\} ($\{APP_SHORT_VERSION_STRING\})} size {340.14453125, 37.203125} type text identifier LayoutItem.3430069F-246D-45AB-BCEF-B9C85FDFD038 position {392, 505} rtf {\rtf1\ansi\ansicpg1252\cocoartf1138\cocoasubrtf320 {\fonttbl\f0\fswiss\fcharset0 Helvetica;} {\colortbl;\red255\green255\blue255;} \pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\pardirnatural\qr \f0\fs24 \cf0 $\{APP_BASENAME\} $\{APP_VERSION\}} size {240, 18} type text identifier LayoutItem.7FDD4C8D-1A72-4322-91F7-A52C239C0996 position {384.5, 424} rtf {\rtf1\ansi\ansicpg1252\cocoartf1138\cocoasubrtf320 {\fonttbl} {\colortbl;\red255\green255\blue255;} } size {129, 16} type text windowInsets {0, 0} windowOriginTopLeft {100, 100} documentCreator DropDMG 3.6.4b1 documentType com.c-command.DropDMG.Layout formatVersion 1 ================================================ FILE: build_resources/Legal/License Agreements.txt ================================================ Copyright 2022 Twocanoes Software, Inc Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ================================================ FILE: build_resources/Packages/XCreds/License Agreements.txt ================================================ XCreds Support Agreement This is a XCreds Support Agreement (“Agreement”) between Customer and Twocanoes. By clicking on the "accept" button, Customer is consenting to be legally bound by and are becoming a party to this Agreement with Twocanoes. If Customer does not agree to all of the terms of this Agreement, click the "disagree" button. In addition to and apart from clicking “accept,” payment of the applicable Support Service Fees and receipt by Twocanoes of those Support Service Fees will constitute Customer’s acceptance of the terms of this Agreement. 1. Definitions 1.1. Documentation means any specifications, such as technical or other specifications, or documentation that Twocanoes may make available to Customer regarding or for use with the Software. 1.2. Software means the software (including source code and object code) data, files, and other materials provided or made available by Twocanoes for use in authentication on Apple computers to Open ID Connect Identity Providers. 1.3. Support Hours are generally 9 am to 5 pm central time, Monday through Friday, excluding holidays. 1.4. Support Time means the sum total of the hours or fractions of hours one or more persons affiliated with Twocanoes spend in providing Support Services to a Customer under this Agreement. 1.5. Support Request means a request by the Customer for Support Services under this Agreement. 1.6. Support Period means a one year period starting upon payment of the Support Service Fee and acceptance of this Agreement and any subsequent renewal periods. 1.7. Support Services means the provision of technical support, technical assistance, technical guidance, and/or bug fixes, available under the purchased Level of Service, under this Agreement. 1.8. Service Fees means the fees for Support Services under this Agreement specified in a Twocanoes invoice or checkout webpage or screen. 1.9. Customer means the person, entity, or company who is entering to this Agreement. If you are entering into this Agreement on behalf of Customer company, educational institution, or other entity, you represent and warrant that you have full legal authority to bind Customer company, educational institution, or other entity to this Agreement and Customer also refers to Customer company, educational institution, or entity. If you do not have the requisite authority, you may not accept this Agreement or use the Support Services. 1.10. Twocanoes means Twocanoes Software, Inc., an Illinois Corporation, having a place of business at 34 W. Chicago Avenue, Naperville, IL 60540. 2. Service 2.1. Support Services. Subject to the terms of this Agreement, Twocanoes will, during the Support Period, provide Customer with Support Services for the Software during Support Hours at the applicable Level of Service purchased by the Customer. 2.2. Level of Service means the support service level purchased by the Customer. There are the following Levels of Service: 2.2.1.Basic. Under the Basic Level of Service, Twocanoes will respond to up to two Support Requests per month (“Basic Support Limit”). Twocanoes will initially respond to a Support Request within the Basic Support Limit within three business days. This does not guarantee that the issue for which support was requested will be resolved within three business days. However, Twocanoes is committed to resolving the support issue in a timely fashion. If the identified issue will not be resolved within three business days, Twocanoes will communicate an estimated timeline for resolution. 2.2.2.Premium. Under the Premium Level of Service, Twocanoes will respond to up to five Support Requests per calendar month (“Premium Support Limit”). Twocanoes will initially respond to a Support Request within the Premium Support Limit within one business day. This does not guarantee that the issue for which support was requested will be resolved within one business day. However, Twocanoes is committed to resolving the support issue in a timely fashion. If the identified issue will not be resolved within one business day, Twocanoes will communicate an estimated timeline for resolution. In addition, Twocanoes will provide the following additional support, under the Premium Level of Service, when requested by the Customer in a Support Request, so long as it is within the Premium Support Limit: 2.2.2.1. Deployment Assistance and Support. Twocanoes will be available for a pre- deployment plan phone call with customer or customer’s representative of up to one hour. During the call Twocanoes will discuss a deployment plan with the customer and will offer practices and/or suggestions for deployment plan appropriate for the customer’s circumstances. Twocanoes will also be available to provide up to 8 hours of Support Time for issues rising during the customer’s testing and deployment using the Software. 2.2.2.2. Software Customization. Twocanoes will provide up to 8 hours of Support Time to add additional related features to software features for the purpose of streamlining and optimizing customer deployments and authentication. 2.2.2.3. Software Support. Twocanoes will provide up to 8 hours of Support Time to add additional related features to the Software for the purpose of streamlining and optimizing customer workflows. 2.2.2.4. Documentation. Twocanoes will provide up to 8 hours of Support Time to review and comment on customer developed documentation before, during, or after deployment. 2.3. Customer Responsibilities 2.3.1.Customer will provide Twocanoes with all information, access, and participation by Customer reasonably requested by Twocanoes to respond to the Support Request and enable Twocanoes to provide Support Services. 2.3.2.Customer will promptly report problems with the Software to Twocanoes. 2.3.3.Customer will promptly implement and deploy solutions provided by Twocanoes. The Customer may need to upgrade to the newest or a newer version of the Software in order to resolve or partially resolve an issue raised in a Support Request. 2.3.4.Customer is responsible for backing up the data on the computers where the Software is used. The Customer should ensure such a backup is complete before or at the time a Support Request is made. 2.3.5.Customer is responsible for maintaining equipment, software, and services to access and use the Software, such as Arduino hardware, computers, operating systems, and network access. Support Services do not include repair of defective hardware, including Arduino hardware. 2.4. Exclusions 2.4.1.Support Services do not cover problems caused by: (a) misuse, (b) abuse, (c) neglect, (d) accident, (e) causes other than ordinary use, (f) user or third party customization or modification of the Software or the code thereof (g), improper installation of the Software not in accordance with the Documentation, or (h) third party software. 2.4.2.If Customer has not paid the applicable Service Fees or is not in compliance with this Agreement, Twocanoes is not obligated to provide Support Services. 2.4.3.The Software is not to be used for nuclear activities, chemical or biological weapons, or missile projects or where the deployment failure could lead to death, personal injury, property damage or environmental damage. Therefore, Support Services do not cover problems with the Software when the Software is used in such situations. 2.5. Intellectual Property. Any suggestion, idea, improvement, customization, change, or additional functionality or feature suggested, provided, or made by Customer to Twocanoes for the Software or Arduino firmware in connection with a Support Request (“Improvement”) will be owned by Twocanoes. Customer hereby assigns all of Customer’s right, title, and interest in any Improvement to Twocanoes and agrees to execute all reasonable documents necessary or advisable to perfect such ownership in the Improvement to Twocanoes. 3. Fees 3.1. Service Fees are due on the Effective Date. In the case of renewal, Service Fees are due by the beginning of the renewal period or as otherwise provided on the applicable invoice or checkout webpage. 3.2. Except as otherwise stated herein, Service Fees are non-refundable. 3.3. Service Fees do not include any taxes or similar that may imposed, required, or levied by any unit of government by reason of the services under this Agreement. The payment of such taxes or similar, if any, shall be the obligation of the Customer. 4. Term 4.1. This Agreement takes effect upon the first of (1) Customer clicking on the “accept” button or (2) payment of the applicable Support Service Fees and receipt by Twocanoes of those Support Service Fees will constitute Customer acceptance of the terms of this Agreement (“Effective Date”). This agreement will terminate one year from the Effective Date for Premium support and thirty days from the Effective Date for Basic support. This Agreement may be renewed upon a renewal offer by Twocanoes and acceptance and payment of the then existing Support Service Fees by Customer. 4.2. Customer may terminate this Agreement at any time by providing written notice to Twocanoes. The Service Fees paid are nonrefundable. 4.3. Twocanoes may at any time terminate this Agreement with Customer if: (a) Customer fails to comply with any term of this Agreement, including the timely payment of Support Fees; or (b) Twocanoes is required by law to do so. 4.4. Twocanoes may, within 60 days notice of Customer, terminate this Agreement if Twocanoes decides to no longer support the Software or a version of the Software. 4.5. Notwithstanding any termination of this Agreement, the provisions of this agreement that are intended to survive, will survive the termination of this Agreement, including the provisions of section 6 through 9. 5. Modifications 5.1. Twocanoes can modify this Agreement upon 30 days written notice to Customer. The subsequent request for Support Services after receipt of written notice by Customer will be deemed acceptance of the modification. This Agreement shall not be modified by any purchase order or acknowledgement by Customer. 6. WARRANTIES AND DISCLAIMER OF WARRANTIES 6.1. Twocanoes warrants the Support Services will be provided professionally within industry standards for software support. 6.2. Customer shall notify Twocanoes of any defects or deficiencies in the Support Services within 30 days of when the defective or deficient Support Service were provided. 6.3. Twocanoes does not warrant that the Software will operate uninterrupted or error-free. The Software may contain errors that could cause failures or loss of data. Twocanoes does not warrant that Twocanoes will correct all errors in the Software or that the Software will be compatible with future Twocanoes or Apple products or software. 6.4. Written or oral advice provided by Twocanoes does not create a warranty. 6.5. TO THE FULLEST EXTENT PERMITTED BY LAW, THE WARRANTY OF SECTION 6.1 IS THE EXCLUSIVE WARRANTY, AND TWOCANOES DISCLAIMS ALL OTHER WARRANTIES EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATIONS THE WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, SATISFACTORY QUALITY, ACCURACY, TIMELINESS, AND NON- INFRINGEMENT OF THIRD-PARTY RIGHTS, regardless of whether Twocanoes knows or had reason to know of Customers’ particular needs. 6.6. If Customer requests Arduino flashing under section 2.2.3.5, then Customer warrants that Customer has all rights necessary for Twocanoes to flash any customer-provided Arduino firmware on Arduino units and Customer hereby grants and provides to Twocanoes all such rights necessary for Twocanoes to flash any customer-provided custom Arduino firmware on Arduino units for the Customer. 6.7. If Customer requests Arduino customization, software customization/support, or package customization, or other improvement to the Software or firmware, then Customer warrants that Customer has all rights necessary for Twocanoes to carry out and implement such request. 7. LIMITATION OF LIABILITY 7.1. Twocanoes’ complete and entire liability for any breach of a warranty under section 6.1 shall be only: (a) correcting errors in the Software that cause the breach or if Twocanoes cannot substantially correct the errors upon the application of reasonable effort the Customer may terminate this Agreement and receive a prorated portion of the unused Service Fees paid to Twocanoes for the then existing Service Period, or (b) having the Support Services that are asserted to be deficient performed again. 7.2. Except to the extent provided in section 7.1 for breach of section 6.1 warranty, to the fullest extent permitted by law, Customer agrees that Twocanoes, its subsidiaries, its affiliates, and their respective officers, employees, agents, and independent contractors shall not be liable to Customer for any direct, incidental, consequential, special, exemplary, indirect, or punitive damages of any kind, including but not limited to, damages for loss of data, goodwill, profits, attorney’s fees or other intangible losses or personal injury, even if Twocanoes had been advised of the possibility of such loss or damages or any claim by a third party, arising out of or in any way related to this Agreement or the Support Services. 8. Indemnification 8.1. To the maximum extent permitted by law, Customer agrees to indemnify, defend and hold harmless Twocanoes, its subsidiaries, its affiliates, and their respective officers, employees, agents, and independent contractors (each is an “Indemnified Party”) from all losses, liabilities, claims, damages, expenses and costs, including attorneys’ fees and court costs (collectively “Losses”) incurred by an Indemnified Party as a result of (a) Customer’s breach or non-compliance of this Agreement, (b) a customization, modification, feature, packaging, or development request or customer-provided firmware made or provided under subsections section 2.2.3.1 to 2.2.3.6, and (c) any claims any install package created with the Software violates or infringes any third party intellectual property rights or defames any person or violates their rights of publicity or privacy. 8.2. The Software is not intended for use application, deployments, or situations, where (i) inaccuracies or errors in the information, data or content provided by the Software is important, or (ii) Software or deployment failure could lead to death, personal injury, property damage or environmental damage. Customer agree to indemnify, defend and hold harmless each Indemnified Party from any Losses incurred by such Indemnified Party by reason of any such use. 9. General 9.1. Choice of Law and Forum. This Agreement will be governed by the laws of the State of Illinois in the United States of America, without regard to its choice of law rules. Any action to enforce this agreement shall be brought in a court of competent jurisdiction located in DuPage County, Illinois or in the United States District Court for the Northern District of Illinois, Eastern Division. 9.2. Severability. If any provision of this Agreement is held to be legally invalid, illegal or unenforceable the remaining provisions shall nevertheless remain in full force and effect. 9.3. No Waiver. The waiver or failure of either party to exercise in any respect any right provided for herein shall not be deemed a waiver of any further right hereunder. 9.4. Merger and Integration. This written Agreement is the exclusive agreement between Customer and Twocanoes concerning the support services covered by this Agreement and supersedes and merges any and all prior oral or written agreements, negotiations or other dealings between the parties concerning such support services. 9.5. Titles and Headings. The Section headings in this Agreement have no legal or contractual effect and are only for convenience. 9.6. Notice to Customer. Twocanoes may provide Customer with notice related to this Agreement or the Software via the email address or other contact information Customer provides to Twocanoes. 9.7. Notice to Twocanoes. Customer can provide Twocanoes notice under this Agreement by email at support@twocanoes.com. Updated May 5, 2023 ================================================ FILE: build_resources/Packages/XCreds/Success.rtfd/TXT.rtf ================================================ {\rtf1\ansi\ansicpg1252\cocoartf2577 \cocoatextscaling0\cocoaplatform0{\fonttbl\f0\fswiss\fcharset0 Helvetica;} {\colortbl;\red255\green255\blue255;} {\*\expandedcolortbl;;} \margl1440\margr1440\vieww24660\viewh15820\viewkind0 \pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural\qc\partightenfactor0 \f0\fs48 \cf0 \ \pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural\qc\partightenfactor0 \fs24 \cf0 {{\NeXTGraphic Pasted Graphic.png \width2500 \height2100 \appleattachmentpadding0 \appleembedtype0 \appleaqc }}\pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural\qc\partightenfactor0 \cf0 \ \pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural\partightenfactor0 \cf0 \ \pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural\qc\partightenfactor0 \fs48 \cf0 The installation was successful. \fs24 \ \pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural\partightenfactor0 \cf0 \ } ================================================ FILE: build_resources/Packages/XCreds/XCreds_template.pkgproj ================================================ PACKAGES MUST-CLOSE-APPLICATION-ITEMS MUST-CLOSE-APPLICATIONS PACKAGE_FILES DEFAULT_INSTALL_LOCATION / HIERARCHY CHILDREN CHILDREN CHILDREN GID 80 PATH Utilities PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 BUNDLE_CAN_DOWNGRADE BUNDLE_POSTINSTALL_PATH PATH_TYPE 0 BUNDLE_PREINSTALL_PATH PATH_TYPE 0 CHILDREN GID 80 PATH XCreds.app PATH_TYPE 3 PERMISSIONS 493 TYPE 3 UID 0 GID 80 PATH Applications PATH_TYPE 0 PERMISSIONS 509 TYPE 1 UID 0 CHILDREN GID 0 PATH bin PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 CHILDREN CHILDREN GID 80 PATH Application Support PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Audio PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Automator PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH ColorPickers PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Documentation PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Extensions PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Filesystems PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 80 PATH Fonts PATH_TYPE 0 PERMISSIONS 1021 TYPE 1 UID 0 CHILDREN GID 0 PATH Frameworks PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Input Methods PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Internet Plug-Ins PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH LaunchAgents PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH PreferencePanes PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Preferences PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 80 PATH Printers PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH PrivilegedHelperTools PATH_TYPE 0 PERMISSIONS 1005 TYPE 1 UID 0 CHILDREN GID 0 PATH QuickLook PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH QuickTime PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Screen Savers PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Scripts PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Services PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Widgets PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 GID 0 PATH Library PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN CHILDREN GID 0 PATH etc PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 CHILDREN GID 0 PATH var PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 GID 0 PATH private PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 CHILDREN GID 0 PATH sbin PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 CHILDREN CHILDREN CHILDREN GID 0 PATH Extensions PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 GID 0 PATH Library PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 GID 0 PATH System PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN CHILDREN GID 0 PATH Shared PATH_TYPE 0 PERMISSIONS 1023 TYPE 1 UID 0 GID 80 PATH Users PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN CHILDREN GID 0 PATH bin PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 CHILDREN GID 0 PATH include PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 CHILDREN GID 0 PATH lib PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 CHILDREN CHILDREN GID 0 PATH bin PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 GID 0 PATH local PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 CHILDREN GID 0 PATH sbin PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 CHILDREN GID 0 PATH share PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 GID 0 PATH usr PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 GID 0 PATH / PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 PAYLOAD_TYPE 0 PRESERVE_EXTENDED_ATTRIBUTES SHOW_INVISIBLE SPLIT_FORKS TREAT_MISSING_FILES_AS_WARNING VERSION 5 PACKAGE_SCRIPTS POSTINSTALL_PATH PATH scripts/postinstall.sh PATH_TYPE 1 PREINSTALL_PATH PATH scripts/preinstall.sh PATH_TYPE 1 RESOURCES PACKAGE_SETTINGS AUTHENTICATION 1 CONCLUSION_ACTION 0 FOLLOW_SYMBOLIC_LINKS IDENTIFIER com.twocanoes.pkg.secureremoteaccess LOCATION 0 NAME XCreds OVERWRITE_PERMISSIONS PAYLOAD_SIZE -1 REFERENCE_PATH RELOCATABLE USE_HFS+_COMPRESSION VERSION {pkgversion} TYPE 0 UUID 159A1918-3691-445B-AAE5-744196155DEC PROJECT PROJECT_COMMENTS NOTES PROJECT_PRESENTATION BACKGROUND APPAREANCES DARK_AQUA LIGHT_AQUA SHARED_SETTINGS_FOR_ALL_APPAREANCES INSTALLATION TYPE HIERARCHIES INSTALLER LIST CHILDREN DESCRIPTION OPTIONS HIDDEN STATE 1 PACKAGE_UUID 159A1918-3691-445B-AAE5-744196155DEC TITLE TYPE 0 UUID D37049DF-3918-47ED-9C84-35D20546CC02 REMOVED MODE 0 INSTALLATION_STEPS ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS ICPresentationViewIntroductionController INSTALLER_PLUGIN Introduction LIST_TITLE_KEY InstallerSectionTitle ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS ICPresentationViewReadMeController INSTALLER_PLUGIN ReadMe LIST_TITLE_KEY InstallerSectionTitle ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS ICPresentationViewLicenseController INSTALLER_PLUGIN License LIST_TITLE_KEY InstallerSectionTitle ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS ICPresentationViewDestinationSelectController INSTALLER_PLUGIN TargetSelect LIST_TITLE_KEY InstallerSectionTitle ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS ICPresentationViewInstallationTypeController INSTALLER_PLUGIN PackageSelection LIST_TITLE_KEY InstallerSectionTitle ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS ICPresentationViewInstallationController INSTALLER_PLUGIN Install LIST_TITLE_KEY InstallerSectionTitle ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS ICPresentationViewSummaryController INSTALLER_PLUGIN Summary LIST_TITLE_KEY InstallerSectionTitle INTRODUCTION LOCALIZATIONS LICENSE LOCALIZATIONS LANGUAGE English VALUE PATH License Agreements.txt PATH_TYPE 1 MODE 0 README LOCALIZATIONS SUMMARY LOCALIZATIONS LANGUAGE English VALUE PATH Success.rtfd PATH_TYPE 1 TITLE LOCALIZATIONS LANGUAGE English VALUE XCreds PROJECT_REQUIREMENTS LIST BEHAVIOR 3 DICTIONARY IC_REQUIREMENT_OS_DISK_TYPE 0 IC_REQUIREMENT_OS_DISTRIBUTION_TYPE 0 IC_REQUIREMENT_OS_MINIMUM_VERSION 110000 IC_REQUIREMENT_CHECK_TYPE 1 IDENTIFIER fr.whitebox.Packages.requirement.os MESSAGE NAME Operating System STATE RESOURCES ROOT_VOLUME_ONLY PROJECT_SETTINGS ADVANCED_OPTIONS installer-script.options:hostArchitectures arm64,x86_64 BUILD_FORMAT 0 BUILD_PATH PATH build PATH_TYPE 3 CERTIFICATE NAME Developer ID Installer: Twocanoes Software, Inc. (UXP6YEHSPW) PATH /Users/tperfitt/Library/Keychains/login.keychain EXCLUDED_FILES PATTERNS_ARRAY REGULAR_EXPRESSION STRING .DS_Store TYPE 0 PROTECTED PROXY_NAME Remove .DS_Store files PROXY_TOOLTIP Remove ".DS_Store" files created by the Finder. STATE PATTERNS_ARRAY REGULAR_EXPRESSION STRING .pbdevelopment TYPE 0 PROTECTED PROXY_NAME Remove .pbdevelopment files PROXY_TOOLTIP Remove ".pbdevelopment" files created by ProjectBuilder or Xcode. STATE PATTERNS_ARRAY REGULAR_EXPRESSION STRING CVS TYPE 1 REGULAR_EXPRESSION STRING .cvsignore TYPE 0 REGULAR_EXPRESSION STRING .cvspass TYPE 0 REGULAR_EXPRESSION STRING .svn TYPE 1 REGULAR_EXPRESSION STRING .git TYPE 1 REGULAR_EXPRESSION STRING .gitignore TYPE 0 PROTECTED PROXY_NAME Remove SCM metadata PROXY_TOOLTIP Remove helper files and folders used by the CVS, SVN or Git Source Code Management systems. STATE PATTERNS_ARRAY REGULAR_EXPRESSION STRING classes.nib TYPE 0 REGULAR_EXPRESSION STRING designable.db TYPE 0 REGULAR_EXPRESSION STRING info.nib TYPE 0 PROTECTED PROXY_NAME Optimize nib files PROXY_TOOLTIP Remove "classes.nib", "info.nib" and "designable.nib" files within .nib bundles. STATE PATTERNS_ARRAY REGULAR_EXPRESSION STRING Resources Disabled TYPE 1 PROTECTED PROXY_NAME Remove Resources Disabled folders PROXY_TOOLTIP Remove "Resources Disabled" folders. STATE SEPARATOR NAME XCreds PAYLOAD_ONLY REFERENCE_FOLDER_PATH /private/tmp/pGqhe/packages_reference TREAT_MISSING_PRESENTATION_DOCUMENTS_AS_WARNING TYPE 0 VERSION 2 ================================================ FILE: build_resources/Packages/XCreds/scripts/postinstall.sh ================================================ #!/bin/bash set -e set -x script_path="${0}" package_path="${1}" target_path="${2}" target_volume="${3}" xcreds_login_script="${target_path}"/Applications/XCreds.app/Contents/Resources/xcreds_login.sh plugin_path="${target_path}"/Applications/XCreds.app/Contents/Resources/XCredsLoginPlugin.bundle auth_backup_folder="${target_path}"/Library/"Application Support"/xcreds rights_backup_path="${auth_backup_folder}"/rights.bak if [ ! -e "${auth_backup_folder}" ]; then mkdir -p "${auth_backup_folder}" fi if [ ! -e "${rights_backup_path}" ]; then security authorizationdb read system.login.console > "${rights_backup_path}" fi if [ -e "${plugin_path}" ]; then if [ -e "${target_volume}"/Library/Security/SecurityAgentPlugins/XCredsLoginPlugin.bundle ]; then rm -rf "${target_volume}"/Library/Security/SecurityAgentPlugins/XCredsLoginPlugin.bundle fi cp -R "${plugin_path}" "${target_volume}"/Library/Security/SecurityAgentPlugins/ chown -R root:wheel "${target_volume}"/Library/Security/SecurityAgentPlugins/XCredsLoginPlugin.bundle fi if [ -e ${xcreds_login_script} ]; then "${xcreds_login_script}" -i else echo "could not find xcreds_login_script tool" exit -1 fi if /usr/bin/pgrep -q "Setup Assistant"; then # loginwindow hasn't been displayed yet - exit successfully /usr/bin/logger "XCreds: authorization mechanic setup complete" echo "XCreds: authorization mechanic setup complete" exit 0 fi while [[ ! -f "/var/db/.AppleSetupDone" ]]; do sleep 1 /usr/bin/logger "Waiting for Setup Assistant to complete" echo "Waiting for Setup Assistant to complete" done #if [ -e "${target_volume}"/Applications/XCreds.app/Contents/MacOS/XCreds ]; then # # echo "briefly starting up XCreds app to register CCID extension" # "${target_volume}"/Applications/XCreds.app/Contents/MacOS/XCreds -r # #fi # if Finder is not loaded and override file doesn't exist, reload the loginwindow if /usr/bin/pgrep -q "Finder" || [ -f /Users/Shared/.xcredsPreventLoginWindowKill ]; then exit 0 else /usr/bin/logger "XCreds: Reload loginwindow" /usr/bin/killall -9 loginwindow fi ================================================ FILE: build_resources/Packages/XCreds/scripts/preinstall.sh ================================================ #!/bin/sh killall XCreds if [ -d "/Applications/XCreds.app" ] ; then rm -rf "/Applications/XCreds.app" fi ================================================ FILE: build_resources/Packages/XCreds/template.pkgproj ================================================ PACKAGES MUST-CLOSE-APPLICATION-ITEMS MUST-CLOSE-APPLICATIONS PACKAGE_FILES DEFAULT_INSTALL_LOCATION / HIERARCHY CHILDREN CHILDREN CHILDREN GID 80 PATH Utilities PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 BUNDLE_CAN_DOWNGRADE BUNDLE_POSTINSTALL_PATH PATH_TYPE 0 BUNDLE_PREINSTALL_PATH PATH_TYPE 0 CHILDREN GID 80 PATH XCreds.app PATH_TYPE 3 PERMISSIONS 493 TYPE 3 UID 0 GID 80 PATH Applications PATH_TYPE 0 PERMISSIONS 509 TYPE 1 UID 0 CHILDREN GID 0 PATH bin PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 CHILDREN CHILDREN GID 80 PATH Application Support PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Audio PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Automator PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH ColorPickers PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Documentation PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Extensions PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Filesystems PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 80 PATH Fonts PATH_TYPE 0 PERMISSIONS 1021 TYPE 1 UID 0 CHILDREN GID 0 PATH Frameworks PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Input Methods PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Internet Plug-Ins PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH LaunchAgents PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH PreferencePanes PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Preferences PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 80 PATH Printers PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH PrivilegedHelperTools PATH_TYPE 0 PERMISSIONS 1005 TYPE 1 UID 0 CHILDREN GID 0 PATH QuickLook PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH QuickTime PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Screen Savers PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Scripts PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Services PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Widgets PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 GID 0 PATH Library PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN CHILDREN GID 0 PATH etc PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 CHILDREN GID 0 PATH var PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 GID 0 PATH private PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 CHILDREN GID 0 PATH sbin PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 CHILDREN CHILDREN CHILDREN GID 0 PATH Extensions PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 GID 0 PATH Library PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 GID 0 PATH System PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN CHILDREN GID 0 PATH Shared PATH_TYPE 0 PERMISSIONS 1023 TYPE 1 UID 0 GID 80 PATH Users PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN CHILDREN GID 0 PATH bin PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 CHILDREN GID 0 PATH include PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 CHILDREN GID 0 PATH lib PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 CHILDREN CHILDREN GID 0 PATH bin PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 GID 0 PATH local PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 CHILDREN GID 0 PATH sbin PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 CHILDREN GID 0 PATH share PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 GID 0 PATH usr PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 GID 0 PATH / PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 PAYLOAD_TYPE 0 PRESERVE_EXTENDED_ATTRIBUTES SHOW_INVISIBLE SPLIT_FORKS TREAT_MISSING_FILES_AS_WARNING VERSION 5 PACKAGE_SCRIPTS POSTINSTALL_PATH PATH scripts/postinstall.sh PATH_TYPE 1 PREINSTALL_PATH PATH scripts/preinstall.sh PATH_TYPE 1 RESOURCES PACKAGE_SETTINGS AUTHENTICATION 1 CONCLUSION_ACTION 0 FOLLOW_SYMBOLIC_LINKS IDENTIFIER com.twocanoes.pkg.secureremoteaccess LOCATION 0 NAME XCreds OVERWRITE_PERMISSIONS PAYLOAD_SIZE -1 REFERENCE_PATH RELOCATABLE USE_HFS+_COMPRESSION VERSION {pkgversion} TYPE 0 UUID 159A1918-3691-445B-AAE5-744196155DEC PROJECT PROJECT_COMMENTS NOTES PROJECT_PRESENTATION BACKGROUND APPAREANCES DARK_AQUA LIGHT_AQUA SHARED_SETTINGS_FOR_ALL_APPAREANCES INSTALLATION TYPE HIERARCHIES INSTALLER LIST CHILDREN DESCRIPTION OPTIONS HIDDEN STATE 1 PACKAGE_UUID 159A1918-3691-445B-AAE5-744196155DEC TITLE TYPE 0 UUID D37049DF-3918-47ED-9C84-35D20546CC02 REMOVED MODE 0 INSTALLATION_STEPS ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS ICPresentationViewIntroductionController INSTALLER_PLUGIN Introduction LIST_TITLE_KEY InstallerSectionTitle ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS ICPresentationViewReadMeController INSTALLER_PLUGIN ReadMe LIST_TITLE_KEY InstallerSectionTitle ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS ICPresentationViewLicenseController INSTALLER_PLUGIN License LIST_TITLE_KEY InstallerSectionTitle ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS ICPresentationViewDestinationSelectController INSTALLER_PLUGIN TargetSelect LIST_TITLE_KEY InstallerSectionTitle ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS ICPresentationViewInstallationTypeController INSTALLER_PLUGIN PackageSelection LIST_TITLE_KEY InstallerSectionTitle ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS ICPresentationViewInstallationController INSTALLER_PLUGIN Install LIST_TITLE_KEY InstallerSectionTitle ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS ICPresentationViewSummaryController INSTALLER_PLUGIN Summary LIST_TITLE_KEY InstallerSectionTitle INTRODUCTION LOCALIZATIONS LICENSE LOCALIZATIONS LANGUAGE English VALUE PATH License Agreements.txt PATH_TYPE 1 MODE 0 README LOCALIZATIONS SUMMARY LOCALIZATIONS LANGUAGE English VALUE PATH Success.rtfd PATH_TYPE 1 TITLE LOCALIZATIONS LANGUAGE English VALUE XCreds PROJECT_REQUIREMENTS LIST BEHAVIOR 3 DICTIONARY IC_REQUIREMENT_OS_DISK_TYPE 0 IC_REQUIREMENT_OS_DISTRIBUTION_TYPE 0 IC_REQUIREMENT_OS_MINIMUM_VERSION 110000 IC_REQUIREMENT_CHECK_TYPE 1 IDENTIFIER fr.whitebox.Packages.requirement.os MESSAGE NAME Operating System STATE RESOURCES ROOT_VOLUME_ONLY PROJECT_SETTINGS ADVANCED_OPTIONS installer-script.options:hostArchitectures arm64,x86_64 BUILD_FORMAT 0 BUILD_PATH PATH build PATH_TYPE 3 CERTIFICATE NAME Developer ID Installer: Twocanoes Software, Inc. (UXP6YEHSPW) PATH /Users/tperfitt/Library/Keychains/login.keychain EXCLUDED_FILES PATTERNS_ARRAY REGULAR_EXPRESSION STRING .DS_Store TYPE 0 PROTECTED PROXY_NAME Remove .DS_Store files PROXY_TOOLTIP Remove ".DS_Store" files created by the Finder. STATE PATTERNS_ARRAY REGULAR_EXPRESSION STRING .pbdevelopment TYPE 0 PROTECTED PROXY_NAME Remove .pbdevelopment files PROXY_TOOLTIP Remove ".pbdevelopment" files created by ProjectBuilder or Xcode. STATE PATTERNS_ARRAY REGULAR_EXPRESSION STRING CVS TYPE 1 REGULAR_EXPRESSION STRING .cvsignore TYPE 0 REGULAR_EXPRESSION STRING .cvspass TYPE 0 REGULAR_EXPRESSION STRING .svn TYPE 1 REGULAR_EXPRESSION STRING .git TYPE 1 REGULAR_EXPRESSION STRING .gitignore TYPE 0 PROTECTED PROXY_NAME Remove SCM metadata PROXY_TOOLTIP Remove helper files and folders used by the CVS, SVN or Git Source Code Management systems. STATE PATTERNS_ARRAY REGULAR_EXPRESSION STRING classes.nib TYPE 0 REGULAR_EXPRESSION STRING designable.db TYPE 0 REGULAR_EXPRESSION STRING info.nib TYPE 0 PROTECTED PROXY_NAME Optimize nib files PROXY_TOOLTIP Remove "classes.nib", "info.nib" and "designable.nib" files within .nib bundles. STATE PATTERNS_ARRAY REGULAR_EXPRESSION STRING Resources Disabled TYPE 1 PROTECTED PROXY_NAME Remove Resources Disabled folders PROXY_TOOLTIP Remove "Resources Disabled" folders. STATE SEPARATOR NAME XCreds PAYLOAD_ONLY REFERENCE_FOLDER_PATH /private/tmp/pGqhe/packages_reference TREAT_MISSING_PRESENTATION_DOCUMENTS_AS_WARNING TYPE 0 VERSION 2 ================================================ FILE: build_resources/Packages/XCreds Launch Agent/XCreds Launch Agent.pkgproj ================================================ PACKAGES MUST-CLOSE-APPLICATION-ITEMS MUST-CLOSE-APPLICATIONS PACKAGE_FILES DEFAULT_INSTALL_LOCATION / HIERARCHY CHILDREN CHILDREN GID 80 PATH Applications PATH_TYPE 0 PERMISSIONS 509 TYPE 1 UID 0 CHILDREN CHILDREN GID 80 PATH Application Support PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Automator PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Documentation PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Extensions PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Filesystems PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Frameworks PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Input Methods PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Internet Plug-Ins PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Keyboard Layouts PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN CHILDREN GID 0 PATH agent/com.twocanoes.xcreds-launchagent.plist PATH_TYPE 1 PERMISSIONS 420 TYPE 3 UID 0 GID 0 PATH LaunchAgents PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH LaunchDaemons PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH PreferencePanes PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Preferences PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 80 PATH Printers PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH PrivilegedHelperTools PATH_TYPE 0 PERMISSIONS 1005 TYPE 1 UID 0 CHILDREN GID 0 PATH QuickLook PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH QuickTime PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Screen Savers PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Scripts PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Services PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Widgets PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 GID 0 PATH Library PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN CHILDREN GID 0 PATH Shared PATH_TYPE 0 PERMISSIONS 1023 TYPE 1 UID 0 GID 80 PATH Users PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 GID 0 PATH / PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 PAYLOAD_TYPE 0 PRESERVE_EXTENDED_ATTRIBUTES SHOW_INVISIBLE SPLIT_FORKS TREAT_MISSING_FILES_AS_WARNING VERSION 5 PACKAGE_SETTINGS AUTHENTICATION 1 CONCLUSION_ACTION 0 FOLLOW_SYMBOLIC_LINKS IDENTIFIER com.twocanoes.pkg.XCredsLaunchAgent LOCATION 0 NAME XCreds Launch Agent OVERWRITE_PERMISSIONS PAYLOAD_SIZE -1 REFERENCE_PATH RELOCATABLE USE_HFS+_COMPRESSION VERSION 1.0 TYPE 0 UUID 6D2A2863-F3EC-4EF4-A1B4-CFAA44FE45F4 PROJECT PROJECT_COMMENTS NOTES PROJECT_PRESENTATION BACKGROUND APPAREANCES DARK_AQUA LIGHT_AQUA SHARED_SETTINGS_FOR_ALL_APPAREANCES INSTALLATION_STEPS ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS ICPresentationViewIntroductionController INSTALLER_PLUGIN Introduction LIST_TITLE_KEY InstallerSectionTitle ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS ICPresentationViewReadMeController INSTALLER_PLUGIN ReadMe LIST_TITLE_KEY InstallerSectionTitle ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS ICPresentationViewLicenseController INSTALLER_PLUGIN License LIST_TITLE_KEY InstallerSectionTitle ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS ICPresentationViewDestinationSelectController INSTALLER_PLUGIN TargetSelect LIST_TITLE_KEY InstallerSectionTitle ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS ICPresentationViewInstallationTypeController INSTALLER_PLUGIN PackageSelection LIST_TITLE_KEY InstallerSectionTitle ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS ICPresentationViewInstallationController INSTALLER_PLUGIN Install LIST_TITLE_KEY InstallerSectionTitle ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS ICPresentationViewSummaryController INSTALLER_PLUGIN Summary LIST_TITLE_KEY InstallerSectionTitle INTRODUCTION LOCALIZATIONS TITLE LOCALIZATIONS LANGUAGE English VALUE XCreds Launch Agent PROJECT_SETTINGS BUILD_FORMAT 0 BUILD_PATH PATH build PATH_TYPE 1 CERTIFICATE NAME Developer ID Installer: Twocanoes Software, Inc. (UXP6YEHSPW) PATH /Users/tperfitt/Library/Keychains/login.keychain EXCLUDED_FILES PATTERNS_ARRAY REGULAR_EXPRESSION STRING .DS_Store TYPE 0 PROTECTED PROXY_NAME Remove .DS_Store files PROXY_TOOLTIP Remove ".DS_Store" files created by the Finder. STATE PATTERNS_ARRAY REGULAR_EXPRESSION STRING .pbdevelopment TYPE 0 PROTECTED PROXY_NAME Remove .pbdevelopment files PROXY_TOOLTIP Remove ".pbdevelopment" files created by ProjectBuilder or Xcode. STATE PATTERNS_ARRAY REGULAR_EXPRESSION STRING CVS TYPE 1 REGULAR_EXPRESSION STRING .cvsignore TYPE 0 REGULAR_EXPRESSION STRING .cvspass TYPE 0 REGULAR_EXPRESSION STRING .svn TYPE 1 REGULAR_EXPRESSION STRING .git TYPE 1 REGULAR_EXPRESSION STRING .gitignore TYPE 0 PROTECTED PROXY_NAME Remove SCM metadata PROXY_TOOLTIP Remove helper files and folders used by the CVS, SVN or Git Source Code Management systems. STATE PATTERNS_ARRAY REGULAR_EXPRESSION STRING classes.nib TYPE 0 REGULAR_EXPRESSION STRING designable.db TYPE 0 REGULAR_EXPRESSION STRING info.nib TYPE 0 PROTECTED PROXY_NAME Optimize nib files PROXY_TOOLTIP Remove "classes.nib", "info.nib" and "designable.nib" files within .nib bundles. STATE PATTERNS_ARRAY REGULAR_EXPRESSION STRING Resources Disabled TYPE 1 PROTECTED PROXY_NAME Remove Resources Disabled folders PROXY_TOOLTIP Remove "Resources Disabled" folders. STATE SEPARATOR NAME XCreds Launch Agent PAYLOAD_ONLY TREAT_MISSING_PRESENTATION_DOCUMENTS_AS_WARNING TYPE 0 VERSION 2 ================================================ FILE: build_resources/Packages/XCreds Launch Agent/agent/com.twocanoes.xcreds-launchagent.plist ================================================ Label com.twocanoes.xcreds-launchagent ProcessType Interactive ProgramArguments /Applications/XCreds.app/Contents/MacOS/XCreds RunAtLoad ================================================ FILE: build_resources/Packages/XCreds Uninstaller/Scripts/postinstall.sh ================================================ #!/bin/bash set -e set -x script_path="${0}" package_path="${1}" target_path="${2}" target_volume="${3}" authrights_path="${target_path}"/Applications/XCreds.app/Contents/Resources/authrights plugin_path="${target_path}"/Applications/XCreds.app/Contents/Resources/XCredsLoginPlugin.bundle auth_backup_folder="${target_volume}"/Library/"Application Support"/xcreds rights_backup_path="${auth_backup_folder}"/rights.bak if [ -e "${rights_backup_path}" ]; then security authorizationdb write system.login.console < "${rights_backup_path}" fi if [ -e "${target_volume}"/Library/Security/SecurityAgentPlugins/XCredsLoginPlugin.bundle ]; then rm -rf "${target_volume}"/Library/Security/SecurityAgentPlugins/XCredsLoginPlugin.bundle fi if [ -e "${target_volume}"/Applications/XCreds.app ]; then rm -rf "${target_volume}"/Applications/XCreds.app fi ================================================ FILE: build_resources/Packages/XCreds Uninstaller/XCreds Uninstaller.pkgproj ================================================ PACKAGES MUST-CLOSE-APPLICATION-ITEMS MUST-CLOSE-APPLICATIONS PACKAGE_FILES DEFAULT_INSTALL_LOCATION /private/tmp HIERARCHY CHILDREN CHILDREN CHILDREN GID 80 PATH Utilities PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 GID 80 PATH Applications PATH_TYPE 0 PERMISSIONS 509 TYPE 1 UID 0 CHILDREN GID 0 PATH bin PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 CHILDREN CHILDREN GID 80 PATH Application Support PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Audio PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH ColorPickers PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Documentation PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Filesystems PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 80 PATH Fonts PATH_TYPE 0 PERMISSIONS 1021 TYPE 1 UID 0 CHILDREN GID 0 PATH Frameworks PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Input Methods PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Internet Plug-Ins PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH LaunchAgents PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH LaunchDaemons PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH PreferencePanes PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Preferences PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 80 PATH Printers PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH PrivilegedHelperTools PATH_TYPE 0 PERMISSIONS 1005 TYPE 1 UID 0 CHILDREN GID 0 PATH QuickLook PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH QuickTime PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Screen Savers PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Scripts PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Services PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Widgets PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Automator PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN GID 0 PATH Extensions PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 GID 0 PATH Library PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN CHILDREN GID 0 PATH etc PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 CHILDREN GID 0 PATH tmp PATH_TYPE 2 PERMISSIONS 509 TYPE 2 UID 0 CHILDREN GID 0 PATH var PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 GID 0 PATH private PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 CHILDREN GID 0 PATH sbin PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 CHILDREN CHILDREN CHILDREN GID 0 PATH Extensions PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 GID 0 PATH Library PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 GID 0 PATH System PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN CHILDREN GID 0 PATH Shared PATH_TYPE 0 PERMISSIONS 1023 TYPE 1 UID 0 GID 80 PATH Users PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 CHILDREN CHILDREN GID 0 PATH bin PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 CHILDREN GID 0 PATH include PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 CHILDREN GID 0 PATH lib PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 CHILDREN CHILDREN GID 0 PATH bin PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 GID 0 PATH local PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 CHILDREN GID 0 PATH sbin PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 CHILDREN GID 0 PATH share PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 GID 0 PATH usr PATH_TYPE 0 PERMISSIONS 493 TYPE -1 UID 0 GID 0 PATH / PATH_TYPE 0 PERMISSIONS 493 TYPE 1 UID 0 PAYLOAD_TYPE 0 PRESERVE_EXTENDED_ATTRIBUTES SHOW_INVISIBLE SPLIT_FORKS TREAT_MISSING_FILES_AS_WARNING VERSION 5 PACKAGE_SCRIPTS POSTINSTALL_PATH PATH Scripts/postinstall.sh PATH_TYPE 1 PREINSTALL_PATH PATH_TYPE 0 RESOURCES PACKAGE_SETTINGS AUTHENTICATION 1 CONCLUSION_ACTION 0 FOLLOW_SYMBOLIC_LINKS IDENTIFIER com.twocanoes.pkgXCreds LOCATION 0 NAME Uninstall XCreds OVERWRITE_PERMISSIONS PAYLOAD_SIZE -1 REFERENCE_PATH RELOCATABLE USE_HFS+_COMPRESSION VERSION {pkg_version} TYPE 0 UUID A2BD87BA-4D9E-4570-955E-0EFCEF409EEA PROJECT PROJECT_COMMENTS NOTES PCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBIVE1M IDQuMDEvL0VOIiAiaHR0cDovL3d3dy53My5vcmcvVFIvaHRtbDQv c3RyaWN0LmR0ZCI+CjxodG1sPgo8aGVhZD4KPG1ldGEgaHR0cC1l cXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7 IGNoYXJzZXQ9VVRGLTgiPgo8bWV0YSBodHRwLWVxdWl2PSJDb250 ZW50LVN0eWxlLVR5cGUiIGNvbnRlbnQ9InRleHQvY3NzIj4KPHRp dGxlPjwvdGl0bGU+CjxtZXRhIG5hbWU9IkdlbmVyYXRvciIgY29u dGVudD0iQ29jb2EgSFRNTCBXcml0ZXIiPgo8bWV0YSBuYW1lPSJD b2NvYVZlcnNpb24iIGNvbnRlbnQ9IjE1MDQuODMiPgo8c3R5bGUg dHlwZT0idGV4dC9jc3MiPgo8L3N0eWxlPgo8L2hlYWQ+Cjxib2R5 Pgo8L2JvZHk+CjwvaHRtbD4K PROJECT_PRESENTATION BACKGROUND APPAREANCES DARK_AQUA ALIGNMENT 6 BACKGROUND_PATH PATH icon_512x512.png PATH_TYPE 1 CUSTOM LAYOUT_DIRECTION 0 SCALING 0 LIGHT_AQUA SHARED_SETTINGS_FOR_ALL_APPAREANCES INSTALLATION TYPE HIERARCHIES INSTALLER LIST CHILDREN DESCRIPTION OPTIONS HIDDEN STATE 1 PACKAGE_UUID A2BD87BA-4D9E-4570-955E-0EFCEF409EEA TITLE TYPE 0 UUID C163E7C4-1DF1-468E-89F2-35B04AC6824F REMOVED MODE 0 INSTALLATION_STEPS ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS ICPresentationViewIntroductionController INSTALLER_PLUGIN Introduction LIST_TITLE_KEY InstallerSectionTitle ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS ICPresentationViewReadMeController INSTALLER_PLUGIN ReadMe LIST_TITLE_KEY InstallerSectionTitle ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS ICPresentationViewLicenseController INSTALLER_PLUGIN License LIST_TITLE_KEY InstallerSectionTitle ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS ICPresentationViewDestinationSelectController INSTALLER_PLUGIN TargetSelect LIST_TITLE_KEY InstallerSectionTitle ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS ICPresentationViewInstallationTypeController INSTALLER_PLUGIN PackageSelection LIST_TITLE_KEY InstallerSectionTitle ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS ICPresentationViewInstallationController INSTALLER_PLUGIN Install LIST_TITLE_KEY InstallerSectionTitle ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS ICPresentationViewSummaryController INSTALLER_PLUGIN Summary LIST_TITLE_KEY InstallerSectionTitle INTRODUCTION LOCALIZATIONS LICENSE LOCALIZATIONS MODE 0 README LOCALIZATIONS SUMMARY LOCALIZATIONS TITLE LOCALIZATIONS LANGUAGE English VALUE Secure Remote Access (Uninstall) PROJECT_REQUIREMENTS LIST BEHAVIOR 3 DICTIONARY IC_REQUIREMENT_OS_DISK_TYPE 0 IC_REQUIREMENT_OS_DISTRIBUTION_TYPE 0 IC_REQUIREMENT_OS_MINIMUM_VERSION 101100 IC_REQUIREMENT_CHECK_TYPE 1 IDENTIFIER fr.whitebox.Packages.requirement.os MESSAGE LANGUAGE English VALUE Winclone 6 Requires OS X 10.11 or greater. Please send an email to support@twocanoes.com for help. NAME Operating System STATE RESOURCES ROOT_VOLUME_ONLY PROJECT_SETTINGS BUILD_FORMAT 0 BUILD_PATH PATH PATH_TYPE 3 CERTIFICATE NAME Developer ID Installer: Twocanoes Software, Inc. (UXP6YEHSPW) PATH /Users/tperfitt/Library/Keychains/login.keychain EXCLUDED_FILES PATTERNS_ARRAY REGULAR_EXPRESSION STRING .DS_Store TYPE 0 PROTECTED PROXY_NAME Remove .DS_Store files PROXY_TOOLTIP Remove ".DS_Store" files created by the Finder. STATE PATTERNS_ARRAY REGULAR_EXPRESSION STRING .pbdevelopment TYPE 0 PROTECTED PROXY_NAME Remove .pbdevelopment files PROXY_TOOLTIP Remove ".pbdevelopment" files created by ProjectBuilder or Xcode. STATE PATTERNS_ARRAY REGULAR_EXPRESSION STRING CVS TYPE 1 REGULAR_EXPRESSION STRING .cvsignore TYPE 0 REGULAR_EXPRESSION STRING .cvspass TYPE 0 REGULAR_EXPRESSION STRING .svn TYPE 1 REGULAR_EXPRESSION STRING .git TYPE 1 REGULAR_EXPRESSION STRING .gitignore TYPE 0 PROTECTED PROXY_NAME Remove SCM metadata PROXY_TOOLTIP Remove helper files and folders used by the CVS, SVN or Git Source Code Management systems. STATE PATTERNS_ARRAY REGULAR_EXPRESSION STRING classes.nib TYPE 0 REGULAR_EXPRESSION STRING designable.db TYPE 0 REGULAR_EXPRESSION STRING info.nib TYPE 0 PROTECTED PROXY_NAME Optimize nib files PROXY_TOOLTIP Remove "classes.nib", "info.nib" and "designable.nib" files within .nib bundles. STATE PATTERNS_ARRAY REGULAR_EXPRESSION STRING Resources Disabled TYPE 1 PROTECTED PROXY_NAME Remove Resources Disabled folders PROXY_TOOLTIP Remove "Resources Disabled" folders. STATE SEPARATOR NAME Uninstall XCreds PAYLOAD_ONLY TREAT_MISSING_PRESENTATION_DOCUMENTS_AS_WARNING TYPE 0 VERSION 2 ================================================ FILE: build_resources/buildscripts/build.sh ================================================ #!/bin/sh set -e #export SKIP_NOTARY=1 PRODUCT_NAME="XCreds" SCRIPT_FOLDER="$(dirname $0)" PROJECT_FOLDER="../../" SRC_PATH="../../" echo manifest: $update_manifest echo upload: $upload ########################### if [ -e "${SRC_PATH}/../build/bitbucket_creds.sh" ] ; then source "${SRC_PATH}/../build/bitbucket_creds.sh" fi if [ -e /Applications/DropDMG.app ]; then osascript -e 'tell application "DropDMG" to get version' fi pushd ../.. if [ "${1}" == "--force" ] ; then echo skipping clean check else if output="$(git status --porcelain)" && [ -z "$output" ]; then echo "'git status --porcelain' had no errors AND the working directory" \ "is clean." else echo "Working directory has UNCOMMITTED CHANGES." exit -1 fi fi carthage update xcodebuild -resolvePackageDependencies agvtool next-version -all buildNumber=$(agvtool what-version -terse) version=$(xcodebuild -showBuildSettings |grep MARKETING_VERSION|tr -d 'MARKETING_VERSION =') ./release_notes.sh > release-notes.md buildNumber=$(agvtool what-version -terse) popd marketing_version=$(sed -n '/MARKETING_VERSION/{s/MARKETING_VERSION = //;s/;//;s/^[[:space:]]*//;p;q;}' "${PROJECT_FOLDER}"/XCreds.xcodeproj/project.pbxproj) date=$(date) /usr/libexec/PlistBuddy -c "Set :pfm_last_modified \"${date}\"" "${PROJECT_FOLDER}/Profile Manifest/com.twocanoes.xcreds.plist" /usr/libexec/PlistBuddy -c "Set :pfm_description \"XCreds ${marketing_version} (${buildNumber}) OAuth Settings\"" "${PROJECT_FOLDER}/Profile Manifest/com.twocanoes.xcreds.plist" if [ -n "${update_manifest}" ]; then echo "getting current manifest version" curr_vers=$(/usr/libexec/PlistBuddy -c "Print :pfm_version" "${PROJECT_FOLDER}/Profile Manifest/com.twocanoes.xcreds.plist") curr_vers=$((${curr_vers}+1)) echo "setting version to : ${curr_vers}" /usr/libexec/PlistBuddy -c "Set :pfm_version ${curr_vers}" "${PROJECT_FOLDER}/Profile Manifest/com.twocanoes.xcreds.plist" fi temp_folder=$(mktemp -d "/tmp/${PRODUCT_NAME}.XXXXXXXX") BUILD_FOLDER="${temp_folder}/build" pushd "${PROJECT_FOLDER}/Profile Manifest" ./build.py . -o ./jamf/ --overwrite popd git commit -a -m 'updated build number, manifest and other build files' git tag -a "tag-${version}(${buildNumber})" -m "tag-${version}(${buildNumber})" git push --tags git push xcodebuild archive -project "${SRC_PATH}/${PRODUCT_NAME}.xcodeproj" -scheme "${PRODUCT_NAME}" -archivePath "${temp_folder}/${PRODUCT_NAME}.xcarchive" xcodebuild -exportArchive -archivePath "${temp_folder}/${PRODUCT_NAME}.xcarchive" -exportOptionsPlist "${SRC_PATH}/build_resources/exportOptions.plist" -exportPath "${BUILD_FOLDER}" -allowProvisioningUpdates echo saving symbols mkdir -p "${PROJECT_FOLDER}/products/symbols/${buildNumber}" cp -R "${temp_folder}/${PRODUCT_NAME}.xcarchive/dSYMs/" "${PROJECT_FOLDER}/products/symbols/${buildNumber}/" cp -Rv "${SRC_PATH}/build_resources/" "${BUILD_FOLDER}" echo "output is in ${BUILD_FOLDER}" if [ -e /Users/tperfitt/Documents/Projects/build/build.sh ] ; then /Users/tperfitt/Documents/Projects/build/build.sh "${BUILD_FOLDER}" "${temp_folder}" "${PRODUCT_NAME}" "${BUILD_FOLDER}/XCreds.app" "${SCRIPT_FOLDER}/build_post.sh" fi ================================================ FILE: build_resources/buildscripts/build_post.sh ================================================ #!/bin/sh set -x prebeta_filename="${1}" if [ ! -e Builds ] ; then mkdir Builds fi cp "${prebeta_filename}" ../../products/builds/ open ../../products/builds/ filename="${prebeta_filename}" this_dir=$(dirname $0) source ${this_dir}/../../../build/github_creds.sh #echo "Uploading ${prebeta_filename}" if [ -f "${prebeta_filename}" ] && [ -n "${upload}" ]; then # curl --progress-bar -X POST "https://${bitbucket_username}:${bitbucket_password}@api.bitbucket.org/2.0/repositories/twocanoes/xcreds/downloads" --form files=@"${prebeta_filename}" > /tmp/curl.log owner="twocanoes" GH_API="https://api.github.com" repo="xcreds" tag="prebeta" GH_REPO="$GH_API/repos/$owner/$repo" GH_TAGS="$GH_REPO/releases/tags/$tag" AUTH="Authorization: token $github_api_token" if [[ "$tag" == 'LATEST' ]]; then GH_TAGS="$GH_REPO/releases/latest" fi curl -o /dev/null -sH "$AUTH" $GH_REPO || { echo "Error: Invalid repo, token or network issue!"; exit 1; } response=$(curl -sH "$AUTH" $GH_TAGS) # Get ID of the asset based on given filename. eval $(echo "$response" | grep -m 1 "id.:" | grep -w id | tr : = | tr -cd '[[:alnum:]]=') [ "$id" ] || { echo "Error: Failed to get release id for tag: $tag"; echo "$response" | awk 'length($0)<100' >&2; exit 1; } # Upload asset echo "Uploading asset... " # Construct url GH_ASSET="https://uploads.github.com/repos/$owner/$repo/releases/$id/assets?name=$(basename $filename)" curl --data-binary @"$filename" -H "Authorization: token $github_api_token" -H "Content-Type: application/octet-stream" $GH_ASSET fi ================================================ FILE: build_resources/exportOptions.plist ================================================ method developer-id ================================================ FILE: com.twocanoes.FileVaultLoginHelper.plist ================================================ Label com.twocanoes.FileVaultLoginHelper BundleProgram Contents/MacOS/FileVaultLoginHelper MachServices com.twocanoes.FileVaultLoginHelper ================================================ FILE: com.twocanoes.xcreds-launchagent.plist ================================================ KeepAlive Label com.twocanoes.xcreds-launchagent ProcessType Interactive ProgramArguments /Applications/XCreds.app/Contents/MacOS/XCreds RunAtLoad ================================================ FILE: com.twocanoes.xcreds-overlay.plist ================================================ Label com.twocanoes.xcreds-overlay ThrottleInterval 30 LimitLoadToSessionType LoginWindow OnDemand ProgramArguments /Applications/XCreds.app/Contents/Resources/XCreds Login Overlay.app/Contents/MacOS/XCreds Login Overlay ================================================ FILE: headers/DNSResolver.h ================================================ // // DNSResolver.h // NoMAD // // Created by Boushy, Phillip on 9/28/16. // Copyright © 2016 Orchard & Grove Inc. All rights reserved. // #import #import @protocol DNSResolverDelegate; @interface DNSResolver : NSObject - initWithQueryType:(NSString*)queryType andValue:(NSString*)queryValue; // Setup by init... @property NSString * queryType; //SRV, @property NSString * queryValue; // hostname, IP, or SRV url // Changeable any time. @property (nonatomic, weak, readwrite) id delegate; // Properties set by class methods. @property (nonatomic, assign, readonly) BOOL finished; // observable @property (nonatomic, copy, readonly) NSError * error; // observable @property (readonly) NSArray * queryResults; -(void)startQuery; -(void)stopQuery; -(void)stopQueryWithError:(NSError *)error; @end // Keys for the dictionaries in the results array: extern NSString * kSRVResolverPriority; // NSNumber, host byte order extern NSString * kSRVResolverWeight; // NSNumber, host byte order extern NSString * kSRVResolverPort; // NSNumber, host byte order extern NSString * kSRVResolverTarget; // NSString extern NSString * kDNSResolverErrorDomain; //Figure out what the heck this means... @protocol DNSResolverDelegate @optional - (void)dnsResolver:(DNSResolver *)resolver didReceiveQueryResult:(NSDictionary *)queryResult; // Called when we've successfully receive an answer. The result parameter is a copy // of the dictionary that we just added to the results array. This callback can be // called multiple times if there are multiple results. You learn that the last // result was delivered by way of the -srvResolver:didStopWithError: callback. - (void)dnsResolver:(DNSResolver *)resolver didStopQueryWithError:(NSError *)error; // Called when the query stops (except when you stop it yourself by calling -stop), // either because it's received all the results (error is nil) or there's been an // error (error is not nil). @end ================================================ FILE: headers/GSSItem.h ================================================ /* * Copyright (c) 2011 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Portions Copyright (c) 2011 Apple Inc. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include #include #include /* * Type is any of the kGSSAttrTypeNNN credential types below, type are * strings */ extern const CFTypeRef kGSSAttrClass __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); extern const CFStringRef kGSSAttrClassKerberos __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); extern const CFStringRef kGSSAttrClassNTLM __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); extern const CFStringRef kGSSAttrClassIAKerb __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); /* * Item supports acquiring a gss_cred_id_t with GSSItemOperation */ extern const CFTypeRef kGSSAttrSupportGSSCredential __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); /* * kGSSAttrNameGSSExportedName, kGSSAttrNameGSSUsername, * kGSSAttrNameGSSServiceBasedHostname, can set and will be returned * * kGSSAttrNameDisplay can only be returned, constructed from the * other name types after creation. */ extern const CFTypeRef kGSSAttrNameType __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); extern const CFTypeRef kGSSAttrNameTypeGSSExportedName /* CFDataRef */ __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); extern const CFTypeRef kGSSAttrNameTypeGSSUsername /* CFStringRef */ __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); extern const CFTypeRef kGSSAttrNameTypeGSSHostBasedService /* CFStringRef */ __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); extern const CFTypeRef kGSSAttrName __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); /* name suiteable to display to user */ extern const CFTypeRef kGSSAttrNameDisplay /* CFStringRef */ __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); /* * Unique UUID for this entry */ extern const CFTypeRef kGSSAttrUUID /* CFUUIDRef */ __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); /* * If the item is a transient credential it can have associated * expiration time. */ extern const CFTypeRef kGSSAttrTransientExpire /* CFDateRef */ __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); extern const CFTypeRef kGSSAttrTransientDefaultInClass /* CFBooleanRef */ __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); /* * Credential to use to use when acquiring with with * GSSItemOperation(kGSSOperationAcquire) or when dealing with a * persistant credential. * * The credentials is not exportable and will always show up as * the cfobject kGSSAttrCredentialExists when queried. */ extern const CFTypeRef kGSSAttrCredentialPassword /* CFStringRef */ __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); extern const CFTypeRef kGSSAttrCredentialStore /* CFBooleanRef */ __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); extern const CFTypeRef kGSSAttrCredentialSecIdentity /* SecIdentityRef */ __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); extern const CFTypeRef kGSSAttrCredentialExists __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); /* * Status of a credentials */ extern const CFTypeRef kGSSAttrStatusPersistant __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); extern const CFTypeRef kGSSAttrStatusAutoAcquire __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); extern const CFTypeRef kGSSAttrStatusAutoAcquireStatus __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); extern const CFTypeRef kGSSAttrStatusTransient __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); /* * Create/Modify/Delete/Search GSS items * * Credentials needs a type, name */ typedef struct GSSItem *GSSItemRef; GSSItemRef GSSItemAdd(CFDictionaryRef attributes, CFErrorRef *error) __attribute__((cf_returns_retained)) __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); Boolean GSSItemUpdate(CFDictionaryRef query, CFDictionaryRef attributesToUpdate, CFErrorRef *error) __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); Boolean GSSItemDelete(CFDictionaryRef query, CFErrorRef *error) __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); Boolean GSSItemDeleteItem(GSSItemRef item, CFErrorRef *error) __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); /** * Will never return a zero length array, GSSItemCopyMatching() will return more then one entry or a NULL pointer. */ CFArrayRef GSSItemCopyMatching(CFDictionaryRef query, CFErrorRef *error) __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); /* * Use a GSSItem to convert to either another type or to perform an * operation with the credential. * */ typedef struct __GSSOperationType const * GSSOperation; extern const struct __GSSOperationType __kGSSOperationAcquire /* NULL, NULL|error */ __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); #define kGSSOperationAcquire (&__kGSSOperationAcquire) extern const struct __GSSOperationType __kGSSOperationRenewCredential __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); #define kGSSOperationRenewCredential (&__kGSSOperationRenewCredential) extern const struct __GSSOperationType __kGSSOperationGetGSSCredential /* gss_cred_it_t, NULL|error */ __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); #define kGSSOperationGetGSSCredential (&__kGSSOperationGetGSSCredential) extern const struct __GSSOperationType __kGSSOperationDestoryTransient /* kCFBoolean{True,False}, NULL|error */ __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); extern const struct __GSSOperationType __kGSSOperationDestroyTransient /* kCFBoolean{True,False}, NULL|error */ __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); #define kGSSOperationDestoryTransient (&__kGSSOperationDestroyTransient) #define kGSSOperationDestroyTransient (&__kGSSOperationDestroyTransient) extern const struct __GSSOperationType __kGSSOperationRemoveBackingCredential /* kCFBoolean{True,False}, NULL|error */ __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); #define kGSSOperationRemoveBackingCredential (&__kGSSOperationRemoveBackingCredential) extern const struct __GSSOperationType __kGSSOperationChangePassword __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); #define kGSSOperationChangePassword (&__kGSSOperationChangePassword) extern const CFTypeRef kGSSOperationChangePasswordOldPassword __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); extern const CFTypeRef kGSSOperationChangePasswordNewPassword __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); extern const struct __GSSOperationType __kGSSOperationCredentialDiagnostics __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); #define kGSSOperationCredentialDiagnostics (&__kGSSOperationCredentialDiagnostics) extern const struct __GSSOperationType __kGSSOperationSetDefault __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); #define kGSSOperationSetDefault (&__kGSSOperationSetDefault) typedef void (^GSSItemOperationCallbackBlock)(CFTypeRef result, CFErrorRef error); Boolean GSSItemOperation(GSSItemRef item, GSSOperation op, CFDictionaryRef options, dispatch_queue_t q, GSSItemOperationCallbackBlock fun) __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); CFTypeRef GSSItemGetValue(GSSItemRef item, CFStringRef key) __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); CFTypeID GSSItemGetTypeID(void) __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); ================================================ FILE: headers/krb5.h ================================================ /* * This file is auto generated. Please do not edit it. */ #ifndef __KERBEROS5__ #define __KERBEROS5__ /* This file is generated, please don't edit it directly. */ #ifndef KRB5_KRB5_H_INCLUDED #define KRB5_KRB5_H_INCLUDED /* -*- c -*- * include/krb5.h * * Copyright 1989,1990,1995,2001, 2003, 2007 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright notice and * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior * permission. Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a * fashion that it might be confused with the original M.I.T. software. * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. * * * General definitions for Kerberos version 5. */ /* * Copyright (C) 1998 by the FundsXpress, INC. * * All rights reserved. * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright notice and * this permission notice appear in supporting documentation, and that * the name of FundsXpress. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ #ifndef __has_extension #define __has_extension(x) 0 #endif #ifndef KERBEROS_APPLE_DEPRECATED #if __has_extension(attribute_deprecated_with_message) #define KERBEROS_APPLE_DEPRECATED(x) __attribute__((deprecated(x))) #else #if !defined(__GNUC__) && !defined(__attribute__) #define __attribute__(x) #endif #define KERBEROS_APPLE_DEPRECATED(x) __attribute__((deprecated)) #endif #endif #ifndef KRB5_GENERAL__ #define KRB5_GENERAL__ /* By default, do not expose deprecated interfaces. */ #ifndef KRB5_DEPRECATED #define KRB5_DEPRECATED 0 #endif #if defined(__MACH__) && defined(__APPLE__) # include # if TARGET_RT_MAC_CFM # error "Use KfM 4.0 SDK headers for CFM compilation." # endif #endif #if defined(_MSDOS) || defined(_WIN32) #include #endif #ifndef KRB5_CONFIG__ #ifndef KRB5_CALLCONV #define KRB5_CALLCONV #define KRB5_CALLCONV_C #endif /* !KRB5_CALLCONV */ #endif /* !KRB5_CONFIG__ */ #ifndef KRB5_CALLCONV_WRONG #define KRB5_CALLCONV_WRONG #endif #ifndef THREEPARAMOPEN #define THREEPARAMOPEN(x,y,z) open(x,y,z) #endif #define KRB5_OLD_CRYPTO #include #include /* for *_MAX */ #include #ifndef KRB5INT_BEGIN_DECLS #if defined(__cplusplus) #define KRB5INT_BEGIN_DECLS extern "C" { #define KRB5INT_END_DECLS } #else #define KRB5INT_BEGIN_DECLS #define KRB5INT_END_DECLS #endif #endif KRB5INT_BEGIN_DECLS #if TARGET_OS_MAC # pragma pack(push,2) #endif #if (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) >= 30203 # define KRB5_ATTR_DEPRECATED __attribute__((deprecated)) #elif defined _WIN32 # define KRB5_ATTR_DEPRECATED __declspec(deprecated) #else # define KRB5_ATTR_DEPRECATED #endif /* from profile.h */ struct _profile_t; /* typedef struct _profile_t *profile_t; */ /* * begin wordsize.h */ /* * Word-size related definition. */ typedef unsigned char krb5_octet; #if INT_MAX == 0x7fff typedef int krb5_int16; typedef unsigned int krb5_ui_2; #elif SHRT_MAX == 0x7fff typedef short krb5_int16; typedef unsigned short krb5_ui_2; #else #error undefined 16 bit type #endif #if INT_MAX == 0x7fffffffL typedef int krb5_int32; typedef unsigned int krb5_ui_4; #elif LONG_MAX == 0x7fffffffL typedef long krb5_int32; typedef unsigned long krb5_ui_4; #elif SHRT_MAX == 0x7fffffffL typedef short krb5_int32; typedef unsigned short krb5_ui_4; #else #error: undefined 32 bit type #endif #define VALID_INT_BITS INT_MAX #define VALID_UINT_BITS UINT_MAX #define KRB5_INT32_MAX 2147483647 /* this strange form is necessary since - is a unary operator, not a sign indicator */ #define KRB5_INT32_MIN (-KRB5_INT32_MAX-1) #define KRB5_INT16_MAX 65535 /* this strange form is necessary since - is a unary operator, not a sign indicator */ #define KRB5_INT16_MIN (-KRB5_INT16_MAX-1) /* * end wordsize.h */ /* * begin "base-defs.h" */ /* * Basic definitions for Kerberos V5 library */ #ifndef FALSE #define FALSE 0 #endif #ifndef TRUE #define TRUE 1 #endif typedef unsigned int krb5_boolean; typedef unsigned int krb5_msgtype; typedef unsigned int krb5_kvno; typedef krb5_int32 krb5_addrtype; typedef krb5_int32 krb5_enctype; typedef krb5_int32 krb5_cksumtype; typedef krb5_int32 krb5_authdatatype; typedef krb5_int32 krb5_keyusage; typedef krb5_int32 krb5_preauthtype; /* This may change, later on */ typedef krb5_int32 krb5_flags; typedef krb5_int32 krb5_timestamp; typedef krb5_int32 krb5_error_code; typedef krb5_int32 krb5_deltat; typedef krb5_error_code krb5_magic; typedef struct _krb5_data { krb5_magic magic; unsigned int length; char *data; } krb5_data; typedef struct _krb5_octet_data { krb5_magic magic; unsigned int length; krb5_octet *data; } krb5_octet_data; /* * Hack length for crypto library to use the afs_string_to_key It is * equivalent to -1 without possible sign extension * We also overload for an unset salt type length - which is also -1, but * hey, why not.... */ #define SALT_TYPE_AFS_LENGTH UINT_MAX #define SALT_TYPE_NO_LENGTH UINT_MAX typedef void * krb5_pointer; typedef void const * krb5_const_pointer; typedef struct krb5_principal_data { krb5_magic magic; krb5_data realm; krb5_data *data; /* An array of strings */ krb5_int32 length; krb5_int32 type; } krb5_principal_data; typedef krb5_principal_data * krb5_principal; /* * Per V5 spec on definition of principal types */ /* Name type not known */ #define KRB5_NT_UNKNOWN 0 /* Just the name of the principal as in DCE, or for users */ #define KRB5_NT_PRINCIPAL 1 /* Service and other unique instance (krbtgt) */ #define KRB5_NT_SRV_INST 2 /* Service with host name as instance (telnet, rcommands) */ #define KRB5_NT_SRV_HST 3 /* Service with host as remaining components */ #define KRB5_NT_SRV_XHST 4 /* Unique ID */ #define KRB5_NT_UID 5 /* PKINIT */ #define KRB5_NT_X500_PRINCIPAL 6 /* Name in form of SMTP email name */ #define KRB5_NT_SMTP_NAME 7 /* Windows 2000 UPN */ #define KRB5_NT_ENTERPRISE_PRINCIPAL 10 /* Windows 2000 UPN and SID */ #define KRB5_NT_MS_PRINCIPAL -128 /* NT 4 style name */ #define KRB5_NT_MS_PRINCIPAL_AND_ID -129 /* NT 4 style name and SID */ #define KRB5_NT_ENT_PRINCIPAL_AND_ID -130 /* constant version thereof: */ typedef const krb5_principal_data *krb5_const_principal; #define krb5_princ_realm(context, princ) (&(princ)->realm) #define krb5_princ_set_realm(context, princ,value) ((princ)->realm = *(value)) #define krb5_princ_set_realm_length(context, princ,value) (princ)->realm.length = (value) #define krb5_princ_set_realm_data(context, princ,value) (princ)->realm.data = (value) #define krb5_princ_size(context, princ) (princ)->length #define krb5_princ_type(context, princ) (princ)->type #define krb5_princ_name(context, princ) (princ)->data #define krb5_princ_component(context, princ,i) \ (((i) < krb5_princ_size(context, princ)) \ ? (princ)->data + (i) \ : NULL) /* * Constants for realm referrals. */ #define KRB5_REFERRAL_REALM "" /* * Referral-specific functions. */ krb5_boolean KRB5_CALLCONV krb5_is_referral_realm(const krb5_data *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); /* * end "base-defs.h" */ /* * begin "hostaddr.h" */ /* structure for address */ typedef struct _krb5_address { krb5_magic magic; krb5_addrtype addrtype; unsigned int length; krb5_octet *contents; } krb5_address; /* per Kerberos v5 protocol spec */ #define ADDRTYPE_INET 0x0002 #define ADDRTYPE_CHAOS 0x0005 #define ADDRTYPE_XNS 0x0006 #define ADDRTYPE_ISO 0x0007 #define ADDRTYPE_DDP 0x0010 #define ADDRTYPE_INET6 0x0018 /* not yet in the spec... */ #define ADDRTYPE_ADDRPORT 0x0100 #define ADDRTYPE_IPPORT 0x0101 /* macros to determine if a type is a local type */ #define ADDRTYPE_IS_LOCAL(addrtype) (addrtype & 0x8000) /* * end "hostaddr.h" */ struct _krb5_context; typedef struct _krb5_context * krb5_context; struct _krb5_auth_context; typedef struct _krb5_auth_context * krb5_auth_context; struct _krb5_cryptosystem_entry; /* * begin "encryption.h" */ typedef struct _krb5_keyblock { krb5_magic magic; krb5_enctype enctype; unsigned int length; krb5_octet *contents; } krb5_keyblock; #ifdef KRB5_OLD_CRYPTO typedef struct _krb5_encrypt_block { krb5_magic magic; krb5_enctype crypto_entry; /* to call krb5_encrypt_size, you need this. it was a pointer, but it doesn't have to be. gross. */ krb5_keyblock *key; } krb5_encrypt_block; #endif typedef struct _krb5_checksum { krb5_magic magic; krb5_cksumtype checksum_type; /* checksum type */ unsigned int length; krb5_octet *contents; } krb5_checksum; typedef struct _krb5_enc_data { krb5_magic magic; krb5_enctype enctype; krb5_kvno kvno; krb5_data ciphertext; } krb5_enc_data; /* per Kerberos v5 protocol spec */ #define ENCTYPE_NULL 0x0000 #define ENCTYPE_DES_CBC_CRC 0x0001 /* DES cbc mode with CRC-32 */ #define ENCTYPE_DES_CBC_MD4 0x0002 /* DES cbc mode with RSA-MD4 */ #define ENCTYPE_DES_CBC_MD5 0x0003 /* DES cbc mode with RSA-MD5 */ #define ENCTYPE_DES_CBC_RAW 0x0004 /* DES cbc mode raw */ /* XXX deprecated? */ #define ENCTYPE_DES3_CBC_SHA 0x0005 /* DES-3 cbc mode with NIST-SHA */ #define ENCTYPE_DES3_CBC_RAW 0x0006 /* DES-3 cbc mode raw */ #define ENCTYPE_DES_HMAC_SHA1 0x0008 /* PKINIT */ #define ENCTYPE_DSA_SHA1_CMS 0x0009 /* DSA with SHA1, CMS signature */ #define ENCTYPE_MD5_RSA_CMS 0x000a /* MD5 with RSA, CMS signature */ #define ENCTYPE_SHA1_RSA_CMS 0x000b /* SHA1 with RSA, CMS signature */ #define ENCTYPE_RC2_CBC_ENV 0x000c /* RC2 cbc mode, CMS enveloped data */ #define ENCTYPE_RSA_ENV 0x000d /* RSA encryption, CMS enveloped data */ #define ENCTYPE_RSA_ES_OAEP_ENV 0x000e /* RSA w/OEAP encryption, CMS enveloped data */ #define ENCTYPE_DES3_CBC_ENV 0x000f /* DES-3 cbc mode, CMS enveloped data */ #define ENCTYPE_DES3_CBC_SHA1 0x0010 #define ENCTYPE_AES128_CTS_HMAC_SHA1_96 0x0011 #define ENCTYPE_AES256_CTS_HMAC_SHA1_96 0x0012 #define ENCTYPE_ARCFOUR_HMAC 0x0017 #define ENCTYPE_ARCFOUR_HMAC_EXP 0x0018 #define ENCTYPE_UNKNOWN 0x01ff #define CKSUMTYPE_CRC32 0x0001 #define CKSUMTYPE_RSA_MD4 0x0002 #define CKSUMTYPE_RSA_MD4_DES 0x0003 #define CKSUMTYPE_DESCBC 0x0004 /* des-mac-k */ /* rsa-md4-des-k */ #define CKSUMTYPE_RSA_MD5 0x0007 #define CKSUMTYPE_RSA_MD5_DES 0x0008 #define CKSUMTYPE_NIST_SHA 0x0009 #define CKSUMTYPE_HMAC_SHA1_DES3 0x000c #define CKSUMTYPE_HMAC_SHA1_96_AES128 0x000f #define CKSUMTYPE_HMAC_SHA1_96_AES256 0x0010 #define CKSUMTYPE_HMAC_MD5_ARCFOUR -138 /*Microsoft md5 hmac cksumtype*/ /* The following are entropy source designations. Whenever * krb5_C_random_add_entropy is called, one of these source ids is passed * in. This allows the library to better estimate bits of * entropy in the sample and to keep track of what sources of entropy have * contributed enough entropy. Sources marked internal MUST NOT be * used by applications outside the Kerberos library */ enum { KRB5_C_RANDSOURCE_OLDAPI = 0, /*calls to krb5_C_RANDOM_SEED (INTERNAL)*/ KRB5_C_RANDSOURCE_OSRAND = 1, /* /dev/random or equivalent (internal)*/ KRB5_C_RANDSOURCE_TRUSTEDPARTY = 2, /* From KDC or other trusted party*/ /*This source should be used carefully; data in this category * should be from a third party trusted to give random bits * For example keys issued by the KDC in the application server. */ KRB5_C_RANDSOURCE_TIMING = 3, /* Timing of operations*/ KRB5_C_RANDSOURCE_EXTERNAL_PROTOCOL = 4, /*Protocol data possibly from attacker*/ KRB5_C_RANDSOURCE_MAX = 5 /*Do not use; maximum source ID*/ }; #ifndef krb5_roundup /* round x up to nearest multiple of y */ #define krb5_roundup(x, y) ((((x) + (y) - 1)/(y))*(y)) #endif /* roundup */ /* macro function definitions to help clean up code */ #if 1 #define krb5_x(ptr,args) ((ptr)?((*(ptr)) args):(abort(),1)) #define krb5_xc(ptr,args) ((ptr)?((*(ptr)) args):(abort(),(char*)0)) #else #define krb5_x(ptr,args) ((*(ptr)) args) #define krb5_xc(ptr,args) ((*(ptr)) args) #endif krb5_error_code KRB5_CALLCONV krb5_c_encrypt (krb5_context context, const krb5_keyblock *key, krb5_keyusage usage, const krb5_data *cipher_state, const krb5_data *input, krb5_enc_data *output) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_c_decrypt (krb5_context context, const krb5_keyblock *key, krb5_keyusage usage, const krb5_data *cipher_state, const krb5_enc_data *input, krb5_data *output) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_c_encrypt_length (krb5_context context, krb5_enctype enctype, size_t inputlen, size_t *length) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_c_block_size (krb5_context context, krb5_enctype enctype, size_t *blocksize) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_c_keylengths (krb5_context context, krb5_enctype enctype, size_t *keybytes, size_t *keylength) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_c_init_state (krb5_context context, const krb5_keyblock *key, krb5_keyusage usage, krb5_data *new_state) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_c_free_state (krb5_context context, const krb5_keyblock *key, krb5_data *state) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_c_prf (krb5_context, const krb5_keyblock *, krb5_data *in, krb5_data *out) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_c_prf_length (krb5_context, krb5_enctype, size_t *outlen) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_c_make_random_key (krb5_context context, krb5_enctype enctype, krb5_keyblock *k5_random_key) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_c_random_to_key (krb5_context context, krb5_enctype enctype, krb5_data *random_data, krb5_keyblock *k5_random_key) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); /* Register a new entropy sample with the PRNG. may cause * the PRNG to be reseeded, although this is not guaranteed. See previous randsource definitions * for information on how each source should be used. */ krb5_error_code KRB5_CALLCONV krb5_c_random_add_entropy (krb5_context context, unsigned int randsource_id, const krb5_data *data) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_c_random_make_octets (krb5_context context, krb5_data *data) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); /* * Collect entropy from the OS if possible. strong requests that as strong * of a source of entropy as available be used. Setting strong may * increase the probability of blocking and should not be used for normal * applications. Good uses include seeding the PRNG for kadmind * and realm setup. * If successful is non-null, then successful is set to 1 if the OS provided * entropy else zero. */ krb5_error_code KRB5_CALLCONV krb5_c_random_os_entropy (krb5_context context, int strong, int *success) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); /*deprecated*/ krb5_error_code KRB5_CALLCONV krb5_c_random_seed (krb5_context context, krb5_data *data) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_c_string_to_key (krb5_context context, krb5_enctype enctype, const krb5_data *string, const krb5_data *salt, krb5_keyblock *key) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_c_string_to_key_with_params(krb5_context context, krb5_enctype enctype, const krb5_data *string, const krb5_data *salt, const krb5_data *params, krb5_keyblock *key) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_c_enctype_compare (krb5_context context, krb5_enctype e1, krb5_enctype e2, krb5_boolean *similar) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_c_make_checksum (krb5_context context, krb5_cksumtype cksumtype, const krb5_keyblock *key, krb5_keyusage usage, const krb5_data *input, krb5_checksum *cksum) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_c_verify_checksum (krb5_context context, const krb5_keyblock *key, krb5_keyusage usage, const krb5_data *data, const krb5_checksum *cksum, krb5_boolean *valid) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_c_checksum_length (krb5_context context, krb5_cksumtype cksumtype, size_t *length) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_c_keyed_checksum_types (krb5_context context, krb5_enctype enctype, unsigned int *count, krb5_cksumtype **cksumtypes) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); #define KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS 1 #define KRB5_KEYUSAGE_KDC_REP_TICKET 2 #define KRB5_KEYUSAGE_AS_REP_ENCPART 3 #define KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY 4 #define KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY 5 #define KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM 6 #define KRB5_KEYUSAGE_TGS_REQ_AUTH 7 #define KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY 8 #define KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY 9 #define KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM 10 #define KRB5_KEYUSAGE_AP_REQ_AUTH 11 #define KRB5_KEYUSAGE_AP_REP_ENCPART 12 #define KRB5_KEYUSAGE_KRB_PRIV_ENCPART 13 #define KRB5_KEYUSAGE_KRB_CRED_ENCPART 14 #define KRB5_KEYUSAGE_KRB_SAFE_CKSUM 15 #define KRB5_KEYUSAGE_APP_DATA_ENCRYPT 16 #define KRB5_KEYUSAGE_APP_DATA_CKSUM 17 #define KRB5_KEYUSAGE_KRB_ERROR_CKSUM 18 #define KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM 19 #define KRB5_KEYUSAGE_AD_MTE 20 #define KRB5_KEYUSAGE_AD_ITE 21 /* XXX need to register these */ #define KRB5_KEYUSAGE_GSS_TOK_MIC 22 #define KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG 23 #define KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV 24 /* Defined in hardware preauth draft */ #define KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM 25 #define KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID 26 #define KRB5_KEYUSAGE_PA_SAM_RESPONSE 27 /* Defined in KDC referrals draft */ #define KRB5_KEYUSAGE_PA_REFERRAL 26 /* XXX note conflict with above */ krb5_boolean KRB5_CALLCONV krb5_c_valid_enctype (krb5_enctype ktype) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_boolean KRB5_CALLCONV krb5_c_valid_cksumtype (krb5_cksumtype ctype) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_boolean KRB5_CALLCONV krb5_c_is_coll_proof_cksum (krb5_cksumtype ctype) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_boolean KRB5_CALLCONV krb5_c_is_keyed_cksum (krb5_cksumtype ctype) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); #ifdef KRB5_OLD_CRYPTO /* * old cryptosystem routine prototypes. These are now layered * on top of the functions above. */ krb5_error_code KRB5_CALLCONV krb5_encrypt (krb5_context context, krb5_const_pointer inptr, krb5_pointer outptr, size_t size, krb5_encrypt_block * eblock, krb5_pointer ivec) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_decrypt (krb5_context context, krb5_const_pointer inptr, krb5_pointer outptr, size_t size, krb5_encrypt_block * eblock, krb5_pointer ivec) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_process_key (krb5_context context, krb5_encrypt_block * eblock, const krb5_keyblock * key) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_finish_key (krb5_context context, krb5_encrypt_block * eblock) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_string_to_key (krb5_context context, const krb5_encrypt_block * eblock, krb5_keyblock * keyblock, const krb5_data * data, const krb5_data * salt) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_init_random_key (krb5_context context, const krb5_encrypt_block * eblock, const krb5_keyblock * keyblock, krb5_pointer * ptr) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_finish_random_key (krb5_context context, const krb5_encrypt_block * eblock, krb5_pointer * ptr) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_random_key (krb5_context context, const krb5_encrypt_block * eblock, krb5_pointer ptr, krb5_keyblock ** keyblock) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_enctype KRB5_CALLCONV krb5_eblock_enctype (krb5_context context, const krb5_encrypt_block * eblock) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_use_enctype (krb5_context context, krb5_encrypt_block * eblock, krb5_enctype enctype) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); size_t KRB5_CALLCONV krb5_encrypt_size (size_t length, krb5_enctype crypto) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); size_t KRB5_CALLCONV krb5_checksum_size (krb5_context context, krb5_cksumtype ctype) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_calculate_checksum (krb5_context context, krb5_cksumtype ctype, krb5_const_pointer in, size_t in_length, krb5_const_pointer seed, size_t seed_length, krb5_checksum * outcksum) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_verify_checksum (krb5_context context, krb5_cksumtype ctype, const krb5_checksum * cksum, krb5_const_pointer in, size_t in_length, krb5_const_pointer seed, size_t seed_length) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); #endif /* KRB5_OLD_CRYPTO */ /* * end "encryption.h" */ /* * begin "fieldbits.h" */ /* kdc_options for kdc_request */ /* options is 32 bits; each host is responsible to put the 4 bytes representing these bits into net order before transmission */ /* #define KDC_OPT_RESERVED 0x80000000 */ #define KDC_OPT_FORWARDABLE 0x40000000 #define KDC_OPT_FORWARDED 0x20000000 #define KDC_OPT_PROXIABLE 0x10000000 #define KDC_OPT_PROXY 0x08000000 #define KDC_OPT_ALLOW_POSTDATE 0x04000000 #define KDC_OPT_POSTDATED 0x02000000 /* #define KDC_OPT_UNUSED 0x01000000 */ #define KDC_OPT_RENEWABLE 0x00800000 /* #define KDC_OPT_UNUSED 0x00400000 */ /* #define KDC_OPT_RESERVED 0x00200000 */ /* #define KDC_OPT_RESERVED 0x00100000 */ /* #define KDC_OPT_RESERVED 0x00080000 */ /* #define KDC_OPT_RESERVED 0x00040000 */ #define KDC_OPT_REQUEST_ANONYMOUS 0x00020000 #define KDC_OPT_CANONICALIZE 0x00010000 /* #define KDC_OPT_RESERVED 0x00008000 */ /* #define KDC_OPT_RESERVED 0x00004000 */ /* #define KDC_OPT_RESERVED 0x00002000 */ /* #define KDC_OPT_RESERVED 0x00001000 */ /* #define KDC_OPT_RESERVED 0x00000800 */ /* #define KDC_OPT_RESERVED 0x00000400 */ /* #define KDC_OPT_RESERVED 0x00000200 */ /* #define KDC_OPT_RESERVED 0x00000100 */ /* #define KDC_OPT_RESERVED 0x00000080 */ /* #define KDC_OPT_RESERVED 0x00000040 */ #define KDC_OPT_DISABLE_TRANSITED_CHECK 0x00000020 #define KDC_OPT_RENEWABLE_OK 0x00000010 #define KDC_OPT_ENC_TKT_IN_SKEY 0x00000008 /* #define KDC_OPT_UNUSED 0x00000004 */ #define KDC_OPT_RENEW 0x00000002 #define KDC_OPT_VALIDATE 0x00000001 /* * Mask of ticket flags in the TGT which should be converted into KDC * options when using the TGT to get derivitive tickets. * * New mask = KDC_OPT_FORWARDABLE | KDC_OPT_PROXIABLE | * KDC_OPT_ALLOW_POSTDATE | KDC_OPT_RENEWABLE */ #define KDC_TKT_COMMON_MASK 0x54800000 /* definitions for ap_options fields */ /* ap_options are 32 bits; each host is responsible to put the 4 bytes representing these bits into net order before transmission */ #define AP_OPTS_RESERVED 0x80000000 #define AP_OPTS_USE_SESSION_KEY 0x40000000 #define AP_OPTS_MUTUAL_REQUIRED 0x20000000 /* #define AP_OPTS_RESERVED 0x10000000 */ /* #define AP_OPTS_RESERVED 0x08000000 */ /* #define AP_OPTS_RESERVED 0x04000000 */ /* #define AP_OPTS_RESERVED 0x02000000 */ /* #define AP_OPTS_RESERVED 0x01000000 */ /* #define AP_OPTS_RESERVED 0x00800000 */ /* #define AP_OPTS_RESERVED 0x00400000 */ /* #define AP_OPTS_RESERVED 0x00200000 */ /* #define AP_OPTS_RESERVED 0x00100000 */ /* #define AP_OPTS_RESERVED 0x00080000 */ /* #define AP_OPTS_RESERVED 0x00040000 */ /* #define AP_OPTS_RESERVED 0x00020000 */ /* #define AP_OPTS_RESERVED 0x00010000 */ /* #define AP_OPTS_RESERVED 0x00008000 */ /* #define AP_OPTS_RESERVED 0x00004000 */ /* #define AP_OPTS_RESERVED 0x00002000 */ /* #define AP_OPTS_RESERVED 0x00001000 */ /* #define AP_OPTS_RESERVED 0x00000800 */ /* #define AP_OPTS_RESERVED 0x00000400 */ /* #define AP_OPTS_RESERVED 0x00000200 */ /* #define AP_OPTS_RESERVED 0x00000100 */ /* #define AP_OPTS_RESERVED 0x00000080 */ /* #define AP_OPTS_RESERVED 0x00000040 */ /* #define AP_OPTS_RESERVED 0x00000020 */ /* #define AP_OPTS_RESERVED 0x00000010 */ /* #define AP_OPTS_RESERVED 0x00000008 */ /* #define AP_OPTS_RESERVED 0x00000004 */ /* #define AP_OPTS_RESERVED 0x00000002 */ #define AP_OPTS_USE_SUBKEY 0x00000001 #define AP_OPTS_WIRE_MASK 0xfffffff0 /* definitions for ad_type fields. */ #define AD_TYPE_RESERVED 0x8000 #define AD_TYPE_EXTERNAL 0x4000 #define AD_TYPE_REGISTERED 0x2000 #define AD_TYPE_FIELD_TYPE_MASK 0x1fff /* Ticket flags */ /* flags are 32 bits; each host is responsible to put the 4 bytes representing these bits into net order before transmission */ /* #define TKT_FLG_RESERVED 0x80000000 */ #define TKT_FLG_FORWARDABLE 0x40000000 #define TKT_FLG_FORWARDED 0x20000000 #define TKT_FLG_PROXIABLE 0x10000000 #define TKT_FLG_PROXY 0x08000000 #define TKT_FLG_MAY_POSTDATE 0x04000000 #define TKT_FLG_POSTDATED 0x02000000 #define TKT_FLG_INVALID 0x01000000 #define TKT_FLG_RENEWABLE 0x00800000 #define TKT_FLG_INITIAL 0x00400000 #define TKT_FLG_PRE_AUTH 0x00200000 #define TKT_FLG_HW_AUTH 0x00100000 #define TKT_FLG_TRANSIT_POLICY_CHECKED 0x00080000 #define TKT_FLG_OK_AS_DELEGATE 0x00040000 #define TKT_FLG_ANONYMOUS 0x00020000 /* #define TKT_FLG_RESERVED 0x00010000 */ /* #define TKT_FLG_RESERVED 0x00008000 */ /* #define TKT_FLG_RESERVED 0x00004000 */ /* #define TKT_FLG_RESERVED 0x00002000 */ /* #define TKT_FLG_RESERVED 0x00001000 */ /* #define TKT_FLG_RESERVED 0x00000800 */ /* #define TKT_FLG_RESERVED 0x00000400 */ /* #define TKT_FLG_RESERVED 0x00000200 */ /* #define TKT_FLG_RESERVED 0x00000100 */ /* #define TKT_FLG_RESERVED 0x00000080 */ /* #define TKT_FLG_RESERVED 0x00000040 */ /* #define TKT_FLG_RESERVED 0x00000020 */ /* #define TKT_FLG_RESERVED 0x00000010 */ /* #define TKT_FLG_RESERVED 0x00000008 */ /* #define TKT_FLG_RESERVED 0x00000004 */ /* #define TKT_FLG_RESERVED 0x00000002 */ /* #define TKT_FLG_RESERVED 0x00000001 */ /* definitions for lr_type fields. */ #define LR_TYPE_THIS_SERVER_ONLY 0x8000 #define LR_TYPE_INTERPRETATION_MASK 0x7fff /* definitions for ad_type fields. */ #define AD_TYPE_EXTERNAL 0x4000 #define AD_TYPE_REGISTERED 0x2000 #define AD_TYPE_FIELD_TYPE_MASK 0x1fff #define AD_TYPE_INTERNAL_MASK 0x3fff /* definitions for msec direction bit for KRB_SAFE, KRB_PRIV */ #define MSEC_DIRBIT 0x8000 #define MSEC_VAL_MASK 0x7fff /* * end "fieldbits.h" */ /* * begin "proto.h" */ /* Protocol version number */ #define KRB5_PVNO 5 /* Message types */ #define KRB5_AS_REQ ((krb5_msgtype)10) /* Req for initial authentication */ #define KRB5_AS_REP ((krb5_msgtype)11) /* Response to KRB_AS_REQ request */ #define KRB5_TGS_REQ ((krb5_msgtype)12) /* TGS request to server */ #define KRB5_TGS_REP ((krb5_msgtype)13) /* Response to KRB_TGS_REQ req */ #define KRB5_AP_REQ ((krb5_msgtype)14) /* application request to server */ #define KRB5_AP_REP ((krb5_msgtype)15) /* Response to KRB_AP_REQ_MUTUAL */ #define KRB5_SAFE ((krb5_msgtype)20) /* Safe application message */ #define KRB5_PRIV ((krb5_msgtype)21) /* Private application message */ #define KRB5_CRED ((krb5_msgtype)22) /* Credential forwarding message */ #define KRB5_ERROR ((krb5_msgtype)30) /* Error response */ /* LastReq types */ #define KRB5_LRQ_NONE 0 #define KRB5_LRQ_ALL_LAST_TGT 1 #define KRB5_LRQ_ONE_LAST_TGT (-1) #define KRB5_LRQ_ALL_LAST_INITIAL 2 #define KRB5_LRQ_ONE_LAST_INITIAL (-2) #define KRB5_LRQ_ALL_LAST_TGT_ISSUED 3 #define KRB5_LRQ_ONE_LAST_TGT_ISSUED (-3) #define KRB5_LRQ_ALL_LAST_RENEWAL 4 #define KRB5_LRQ_ONE_LAST_RENEWAL (-4) #define KRB5_LRQ_ALL_LAST_REQ 5 #define KRB5_LRQ_ONE_LAST_REQ (-5) #define KRB5_LRQ_ALL_PW_EXPTIME 6 #define KRB5_LRQ_ONE_PW_EXPTIME (-6) /* PADATA types */ #define KRB5_PADATA_NONE 0 #define KRB5_PADATA_AP_REQ 1 #define KRB5_PADATA_TGS_REQ KRB5_PADATA_AP_REQ #define KRB5_PADATA_ENC_TIMESTAMP 2 #define KRB5_PADATA_PW_SALT 3 #if 0 /* Not used */ #define KRB5_PADATA_ENC_ENCKEY 4 /* Key encrypted within itself */ #endif #define KRB5_PADATA_ENC_UNIX_TIME 5 /* timestamp encrypted in key */ #define KRB5_PADATA_ENC_SANDIA_SECURID 6 /* SecurId passcode */ #define KRB5_PADATA_SESAME 7 /* Sesame project */ #define KRB5_PADATA_OSF_DCE 8 /* OSF DCE */ #define KRB5_CYBERSAFE_SECUREID 9 /* Cybersafe */ #define KRB5_PADATA_AFS3_SALT 10 /* Cygnus */ #define KRB5_PADATA_ETYPE_INFO 11 /* Etype info for preauth */ #define KRB5_PADATA_SAM_CHALLENGE 12 /* draft challenge system */ #define KRB5_PADATA_SAM_RESPONSE 13 /* draft challenge system response */ #define KRB5_PADATA_PK_AS_REQ_OLD 14 /* PKINIT */ #define KRB5_PADATA_PK_AS_REP_OLD 15 /* PKINIT */ #define KRB5_PADATA_PK_AS_REQ 16 /* PKINIT */ #define KRB5_PADATA_PK_AS_REP 17 /* PKINIT */ #define KRB5_PADATA_ETYPE_INFO2 19 #define KRB5_PADATA_USE_SPECIFIED_KVNO 20 #define KRB5_PADATA_SAM_REDIRECT 21 #define KRB5_PADATA_GET_FROM_TYPED_DATA 22 #define KRB5_PADATA_REFERRAL 25 /* draft referral system */ #define KRB5_PADATA_SAM_CHALLENGE_2 30 /* draft challenge system, updated */ #define KRB5_PADATA_SAM_RESPONSE_2 31 /* draft challenge system, updated */ #define KRB5_PADATA_PK_AS_09_BINDING 132 #define KRB5_SAM_USE_SAD_AS_KEY 0x80000000 #define KRB5_SAM_SEND_ENCRYPTED_SAD 0x40000000 #define KRB5_SAM_MUST_PK_ENCRYPT_SAD 0x20000000 /* currently must be zero */ /* Reserved for SPX pre-authentication. */ #define KRB5_PADATA_DASS 16 /* Transited encoding types */ #define KRB5_DOMAIN_X500_COMPRESS 1 /* alternate authentication types */ #define KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE 64 /* authorization data types */ #define KRB5_AUTHDATA_IF_RELEVANT 1 #define KRB5_AUTHDATA_KDC_ISSUED 4 #define KRB5_AUTHDATA_AND_OR 5 #define KRB5_AUTHDATA_MANDATORY_FOR_KDC 8 #define KRB5_AUTHDATA_INITIAL_VERIFIED_CAS 9 #define KRB5_AUTHDATA_OSF_DCE 64 #define KRB5_AUTHDATA_SESAME 65 /* password change constants */ #define KRB5_KPASSWD_SUCCESS 0 #define KRB5_KPASSWD_MALFORMED 1 #define KRB5_KPASSWD_HARDERROR 2 #define KRB5_KPASSWD_AUTHERROR 3 #define KRB5_KPASSWD_SOFTERROR 4 /* These are Microsoft's extensions in RFC 3244, and it looks like they'll become standardized, possibly with other additions. */ #define KRB5_KPASSWD_ACCESSDENIED 5 /* unused */ #define KRB5_KPASSWD_BAD_VERSION 6 #define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7 /* unused */ /* * end "proto.h" */ /* Time set */ typedef struct _krb5_ticket_times { krb5_timestamp authtime; /* XXX ? should ktime in KDC_REP == authtime in ticket? otherwise client can't get this */ krb5_timestamp starttime; /* optional in ticket, if not present, use authtime */ krb5_timestamp endtime; krb5_timestamp renew_till; } krb5_ticket_times; /* structure for auth data */ typedef struct _krb5_authdata { krb5_magic magic; krb5_authdatatype ad_type; unsigned int length; krb5_octet *contents; } krb5_authdata; /* structure for transited encoding */ typedef struct _krb5_transited { krb5_magic magic; krb5_octet tr_type; krb5_data tr_contents; } krb5_transited; typedef struct _krb5_enc_tkt_part { krb5_magic magic; /* to-be-encrypted portion */ krb5_flags flags; /* flags */ krb5_keyblock *session; /* session key: includes enctype */ krb5_principal client; /* client name/realm */ krb5_transited transited; /* list of transited realms */ krb5_ticket_times times; /* auth, start, end, renew_till */ krb5_address **caddrs; /* array of ptrs to addresses */ krb5_authdata **authorization_data; /* auth data */ } krb5_enc_tkt_part; typedef struct _krb5_ticket { krb5_magic magic; /* cleartext portion */ krb5_principal server; /* server name/realm */ krb5_enc_data enc_part; /* encryption type, kvno, encrypted encoding */ krb5_enc_tkt_part *enc_part2; /* ptr to decrypted version, if available */ } krb5_ticket; /* the unencrypted version */ typedef struct _krb5_authenticator { krb5_magic magic; krb5_principal client; /* client name/realm */ krb5_checksum *checksum; /* checksum, includes type, optional */ krb5_int32 cusec; /* client usec portion */ krb5_timestamp ctime; /* client sec portion */ krb5_keyblock *subkey; /* true session key, optional */ krb5_ui_4 seq_number; /* sequence #, optional */ krb5_authdata **authorization_data; /* New add by Ari, auth data */ } krb5_authenticator; typedef struct _krb5_tkt_authent { krb5_magic magic; krb5_ticket *ticket; krb5_authenticator *authenticator; krb5_flags ap_options; } krb5_tkt_authent; /* credentials: Ticket, session key, etc. */ typedef struct _krb5_creds { krb5_magic magic; krb5_principal client; /* client's principal identifier */ krb5_principal server; /* server's principal identifier */ krb5_keyblock keyblock; /* session encryption key info */ krb5_ticket_times times; /* lifetime info */ krb5_boolean is_skey; /* true if ticket is encrypted in another ticket's skey */ krb5_flags ticket_flags; /* flags in ticket */ krb5_address **addresses; /* addrs in ticket */ krb5_data ticket; /* ticket string itself */ krb5_data second_ticket; /* second ticket, if related to ticket (via DUPLICATE-SKEY or ENC-TKT-IN-SKEY) */ krb5_authdata **authdata; /* authorization data */ } krb5_creds; /* Last request fields */ typedef struct _krb5_last_req_entry { krb5_magic magic; krb5_int32 lr_type; krb5_timestamp value; } krb5_last_req_entry; /* pre-authentication data */ typedef struct _krb5_pa_data { krb5_magic magic; krb5_preauthtype pa_type; unsigned int length; krb5_octet *contents; } krb5_pa_data; typedef struct _krb5_kdc_req { krb5_magic magic; krb5_msgtype msg_type; /* AS_REQ or TGS_REQ? */ krb5_pa_data **padata; /* e.g. encoded AP_REQ */ /* real body */ krb5_flags kdc_options; /* requested options */ krb5_principal client; /* includes realm; optional */ krb5_principal server; /* includes realm (only used if no client) */ krb5_timestamp from; /* requested starttime */ krb5_timestamp till; /* requested endtime */ krb5_timestamp rtime; /* (optional) requested renew_till */ krb5_int32 nonce; /* nonce to match request/response */ int nktypes; /* # of ktypes, must be positive */ krb5_enctype *ktype; /* requested enctype(s) */ krb5_address **addresses; /* requested addresses, optional */ krb5_enc_data authorization_data; /* encrypted auth data; OPTIONAL */ krb5_authdata **unenc_authdata; /* unencrypted auth data, if available */ krb5_ticket **second_ticket;/* second ticket array; OPTIONAL */ } krb5_kdc_req; typedef struct _krb5_enc_kdc_rep_part { krb5_magic magic; /* encrypted part: */ krb5_msgtype msg_type; /* krb5 message type */ krb5_keyblock *session; /* session key */ krb5_last_req_entry **last_req; /* array of ptrs to entries */ krb5_int32 nonce; /* nonce from request */ krb5_timestamp key_exp; /* expiration date */ krb5_flags flags; /* ticket flags */ krb5_ticket_times times; /* lifetime info */ krb5_principal server; /* server's principal identifier */ krb5_address **caddrs; /* array of ptrs to addresses, optional */ } krb5_enc_kdc_rep_part; typedef struct _krb5_kdc_rep { krb5_magic magic; /* cleartext part: */ krb5_msgtype msg_type; /* AS_REP or KDC_REP? */ krb5_pa_data **padata; /* preauthentication data from KDC */ krb5_principal client; /* client's principal identifier */ krb5_ticket *ticket; /* ticket */ krb5_enc_data enc_part; /* encryption type, kvno, encrypted encoding */ krb5_enc_kdc_rep_part *enc_part2;/* unencrypted version, if available */ } krb5_kdc_rep; /* error message structure */ typedef struct _krb5_error { krb5_magic magic; /* some of these may be meaningless in certain contexts */ krb5_timestamp ctime; /* client sec portion; optional */ krb5_int32 cusec; /* client usec portion; optional */ krb5_int32 susec; /* server usec portion */ krb5_timestamp stime; /* server sec portion */ krb5_ui_4 error; /* error code (protocol error #'s) */ krb5_principal client; /* client's principal identifier; optional */ krb5_principal server; /* server's principal identifier */ krb5_data text; /* descriptive text */ krb5_data e_data; /* additional error-describing data */ } krb5_error; typedef struct _krb5_ap_req { krb5_magic magic; krb5_flags ap_options; /* requested options */ krb5_ticket *ticket; /* ticket */ krb5_enc_data authenticator; /* authenticator (already encrypted) */ } krb5_ap_req; typedef struct _krb5_ap_rep { krb5_magic magic; krb5_enc_data enc_part; } krb5_ap_rep; typedef struct _krb5_ap_rep_enc_part { krb5_magic magic; krb5_timestamp ctime; /* client time, seconds portion */ krb5_int32 cusec; /* client time, microseconds portion */ krb5_keyblock *subkey; /* true session key, optional */ krb5_ui_4 seq_number; /* sequence #, optional */ } krb5_ap_rep_enc_part; typedef struct _krb5_response { krb5_magic magic; krb5_octet message_type; krb5_data response; krb5_int32 expected_nonce; /* The expected nonce for KDC_REP messages */ krb5_timestamp request_time; /* When we made the request */ } krb5_response; typedef struct _krb5_cred_info { krb5_magic magic; krb5_keyblock *session; /* session key used to encrypt */ /* ticket */ krb5_principal client; /* client name/realm, optional */ krb5_principal server; /* server name/realm, optional */ krb5_flags flags; /* ticket flags, optional */ krb5_ticket_times times; /* auth, start, end, renew_till, */ /* optional */ krb5_address **caddrs; /* array of ptrs to addresses */ } krb5_cred_info; typedef struct _krb5_cred_enc_part { krb5_magic magic; krb5_int32 nonce; /* nonce, optional */ krb5_timestamp timestamp; /* client time */ krb5_int32 usec; /* microsecond portion of time */ krb5_address *s_address; /* sender address, optional */ krb5_address *r_address; /* recipient address, optional */ krb5_cred_info **ticket_info; } krb5_cred_enc_part; typedef struct _krb5_cred { krb5_magic magic; krb5_ticket **tickets; /* tickets */ krb5_enc_data enc_part; /* encrypted part */ krb5_cred_enc_part *enc_part2; /* unencrypted version, if available*/ } krb5_cred; /* Sandia password generation structures */ typedef struct _passwd_phrase_element { krb5_magic magic; krb5_data *passwd; krb5_data *phrase; } passwd_phrase_element; typedef struct _krb5_pwd_data { krb5_magic magic; int sequence_count; passwd_phrase_element **element; } krb5_pwd_data; /* these need to be here so the typedefs are available for the prototypes */ /* * begin "safepriv.h" */ #define KRB5_AUTH_CONTEXT_DO_TIME 0x00000001 #define KRB5_AUTH_CONTEXT_RET_TIME 0x00000002 #define KRB5_AUTH_CONTEXT_DO_SEQUENCE 0x00000004 #define KRB5_AUTH_CONTEXT_RET_SEQUENCE 0x00000008 #define KRB5_AUTH_CONTEXT_PERMIT_ALL 0x00000010 #define KRB5_AUTH_CONTEXT_USE_SUBKEY 0x00000020 typedef struct krb5_replay_data { krb5_timestamp timestamp; krb5_int32 usec; krb5_ui_4 seq; } krb5_replay_data; /* flags for krb5_auth_con_genaddrs() */ #define KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR 0x00000001 #define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR 0x00000002 #define KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR 0x00000004 #define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR 0x00000008 /* type of function used as a callback to generate checksum data for * mk_req */ typedef krb5_error_code (KRB5_CALLCONV * krb5_mk_req_checksum_func) (krb5_context, krb5_auth_context , void *, krb5_data **) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); /* * end "safepriv.h" */ /* * begin "ccache.h" */ typedef krb5_pointer krb5_cc_cursor; /* cursor for sequential lookup */ struct _krb5_ccache; typedef struct _krb5_ccache *krb5_ccache; struct _krb5_cc_ops; typedef struct _krb5_cc_ops krb5_cc_ops; /* * Cursor for iterating over all ccaches */ struct _krb5_cccol_cursor; typedef struct _krb5_cccol_cursor *krb5_cccol_cursor; /* for retrieve_cred */ #define KRB5_TC_MATCH_TIMES 0x00000001 #define KRB5_TC_MATCH_IS_SKEY 0x00000002 #define KRB5_TC_MATCH_FLAGS 0x00000004 #define KRB5_TC_MATCH_TIMES_EXACT 0x00000008 #define KRB5_TC_MATCH_FLAGS_EXACT 0x00000010 #define KRB5_TC_MATCH_AUTHDATA 0x00000020 #define KRB5_TC_MATCH_SRV_NAMEONLY 0x00000040 #define KRB5_TC_MATCH_2ND_TKT 0x00000080 #define KRB5_TC_MATCH_KTYPE 0x00000100 #define KRB5_TC_SUPPORTED_KTYPES 0x00000200 /* for set_flags and other functions */ #define KRB5_TC_OPENCLOSE 0x00000001 #define KRB5_TC_NOTICKET 0x00000002 const char * KRB5_CALLCONV krb5_cc_get_name (krb5_context context, krb5_ccache cache) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_cc_gen_new (krb5_context context, krb5_ccache *cache) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_cc_initialize(krb5_context context, krb5_ccache cache, krb5_principal principal) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_cc_destroy (krb5_context context, krb5_ccache cache) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_cc_close (krb5_context context, krb5_ccache cache) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_cc_store_cred (krb5_context context, krb5_ccache cache, krb5_creds *creds) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_cc_retrieve_cred (krb5_context context, krb5_ccache cache, krb5_flags flags, krb5_creds *mcreds, krb5_creds *creds) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_cc_get_principal (krb5_context context, krb5_ccache cache, krb5_principal *principal) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_cc_start_seq_get (krb5_context context, krb5_ccache cache, krb5_cc_cursor *cursor) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_cc_next_cred (krb5_context context, krb5_ccache cache, krb5_cc_cursor *cursor, krb5_creds *creds) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_cc_end_seq_get (krb5_context context, krb5_ccache cache, krb5_cc_cursor *cursor) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_cc_remove_cred (krb5_context context, krb5_ccache cache, krb5_flags flags, krb5_creds *creds) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_cc_set_flags (krb5_context context, krb5_ccache cache, krb5_flags flags) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_cc_get_flags (krb5_context context, krb5_ccache cache, krb5_flags *flags) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); const char * KRB5_CALLCONV krb5_cc_get_type (krb5_context context, krb5_ccache cache) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_cc_move (krb5_context context, krb5_ccache src, krb5_ccache dst) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_cc_last_change_time ( krb5_context context, krb5_ccache ccache, krb5_timestamp *change_time) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_cc_lock (krb5_context context, krb5_ccache ccache) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_cc_unlock (krb5_context context, krb5_ccache ccache) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_cc_cache_match (krb5_context context, krb5_principal client, krb5_ccache *id) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_cccol_cursor_new(krb5_context context, krb5_cccol_cursor *cursor) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_cccol_cursor_next( krb5_context context, krb5_cccol_cursor cursor, krb5_ccache *ccache) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_cccol_cursor_free(krb5_context context, krb5_cccol_cursor *cursor) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_cccol_last_change_time(krb5_context context, krb5_timestamp *change_time) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_cccol_lock(krb5_context context) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_cccol_unlock(krb5_context context) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_cc_new_unique( krb5_context context, const char *type, const char *hint, krb5_ccache *id) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); /* * end "ccache.h" */ /* * begin "rcache.h" */ struct krb5_rc_st; typedef struct krb5_rc_st *krb5_rcache; /* * end "rcache.h" */ /* * begin "keytab.h" */ /* XXX */ #define MAX_KEYTAB_NAME_LEN 1100 /* Long enough for MAXPATHLEN + some extra */ typedef krb5_pointer krb5_kt_cursor; /* XXX */ typedef struct krb5_keytab_entry_st { krb5_magic magic; krb5_principal principal; /* principal of this key */ krb5_timestamp timestamp; /* time entry written to keytable */ krb5_kvno vno; /* key version number */ krb5_keyblock key; /* the secret key */ } krb5_keytab_entry; struct _krb5_kt; typedef struct _krb5_kt *krb5_keytab; const char * KRB5_CALLCONV krb5_kt_get_type (krb5_context, krb5_keytab keytab) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_kt_get_name(krb5_context context, krb5_keytab keytab, char *name, unsigned int namelen) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_kt_close(krb5_context context, krb5_keytab keytab) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_kt_get_entry(krb5_context context, krb5_keytab keytab, krb5_const_principal principal, krb5_kvno vno, krb5_enctype enctype, krb5_keytab_entry *entry) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_kt_start_seq_get(krb5_context context, krb5_keytab keytab, krb5_kt_cursor *cursor) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_kt_next_entry(krb5_context context, krb5_keytab keytab, krb5_keytab_entry *entry, krb5_kt_cursor *cursor) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_kt_end_seq_get(krb5_context context, krb5_keytab keytab, krb5_kt_cursor *cursor) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); /* * end "keytab.h" */ /* * begin "func-proto.h" */ krb5_error_code KRB5_CALLCONV krb5_init_context (krb5_context *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_init_secure_context (krb5_context *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); void KRB5_CALLCONV krb5_free_context (krb5_context) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_copy_context (krb5_context, krb5_context *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_set_default_tgs_enctypes (krb5_context, const krb5_enctype *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_get_permitted_enctypes (krb5_context, krb5_enctype **) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_boolean KRB5_CALLCONV krb5_is_thread_safe(void) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); /* libkrb.spec */ krb5_error_code KRB5_CALLCONV krb5_server_decrypt_ticket_keytab (krb5_context context, const krb5_keytab kt, krb5_ticket *ticket) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); void KRB5_CALLCONV krb5_free_tgt_creds (krb5_context, krb5_creds **) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); /* XXX too hard to do with const */ #define KRB5_GC_USER_USER 1 /* want user-user ticket */ #define KRB5_GC_CACHED 2 /* want cached ticket only */ krb5_error_code KRB5_CALLCONV krb5_get_credentials (krb5_context, krb5_flags, krb5_ccache, krb5_creds *, krb5_creds **) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_get_credentials_validate (krb5_context, krb5_flags, krb5_ccache, krb5_creds *, krb5_creds **) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_get_credentials_renew (krb5_context, krb5_flags, krb5_ccache, krb5_creds *, krb5_creds **) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_mk_req (krb5_context, krb5_auth_context *, krb5_flags, char *, char *, krb5_data *, krb5_ccache, krb5_data * ) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_mk_req_extended (krb5_context, krb5_auth_context *, krb5_flags, krb5_data *, krb5_creds *, krb5_data * ) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_mk_rep (krb5_context, krb5_auth_context, krb5_data *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_rd_rep (krb5_context, krb5_auth_context, const krb5_data *, krb5_ap_rep_enc_part **) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_mk_error (krb5_context, const krb5_error *, krb5_data * ) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_rd_error (krb5_context, const krb5_data *, krb5_error ** ) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_rd_safe (krb5_context, krb5_auth_context, const krb5_data *, krb5_data *, krb5_replay_data *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_rd_priv (krb5_context, krb5_auth_context, const krb5_data *, krb5_data *, krb5_replay_data *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_parse_name (krb5_context, const char *, krb5_principal * ) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); #define KRB5_PRINCIPAL_PARSE_NO_REALM 0x1 #define KRB5_PRINCIPAL_PARSE_REQUIRE_REALM 0x2 #define KRB5_PRINCIPAL_PARSE_ENTERPRISE 0x4 krb5_error_code KRB5_CALLCONV krb5_parse_name_flags (krb5_context, const char *, int, krb5_principal * ) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_unparse_name (krb5_context, krb5_const_principal, char ** ) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_unparse_name_ext (krb5_context, krb5_const_principal, char **, unsigned int *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); #define KRB5_PRINCIPAL_UNPARSE_SHORT 0x1 #define KRB5_PRINCIPAL_UNPARSE_NO_REALM 0x2 #define KRB5_PRINCIPAL_UNPARSE_DISPLAY 0x4 krb5_error_code KRB5_CALLCONV krb5_unparse_name_flags (krb5_context, krb5_const_principal, int, char **) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_unparse_name_flags_ext (krb5_context, krb5_const_principal, int, char **, unsigned int *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_set_principal_realm (krb5_context, krb5_principal, const char *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_boolean KRB5_CALLCONV_WRONG krb5_address_search (krb5_context, const krb5_address *, krb5_address * const *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_boolean KRB5_CALLCONV krb5_address_compare (krb5_context, const krb5_address *, const krb5_address *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); int KRB5_CALLCONV krb5_address_order (krb5_context, const krb5_address *, const krb5_address *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_boolean KRB5_CALLCONV krb5_realm_compare (krb5_context, krb5_const_principal, krb5_const_principal) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_boolean KRB5_CALLCONV krb5_principal_compare (krb5_context, krb5_const_principal, krb5_const_principal) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_init_keyblock (krb5_context, krb5_enctype enctype, size_t length, krb5_keyblock **out) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); /* Initialize a new keyblock and allocate storage * for the contents of the key, which will be freed along * with the keyblock when krb5_free_keyblock is called. * It is legal to pass in a length of 0, in which * case contents are left unallocated. */ krb5_error_code KRB5_CALLCONV krb5_copy_keyblock (krb5_context, const krb5_keyblock *, krb5_keyblock **) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_copy_keyblock_contents (krb5_context, const krb5_keyblock *, krb5_keyblock *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_copy_creds (krb5_context, const krb5_creds *, krb5_creds **) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_copy_data (krb5_context, const krb5_data *, krb5_data **) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_copy_principal (krb5_context, krb5_const_principal, krb5_principal *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_copy_addresses (krb5_context, krb5_address * const *, krb5_address ***) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_copy_ticket (krb5_context, const krb5_ticket *, krb5_ticket **) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_copy_authdata (krb5_context, krb5_authdata * const *, krb5_authdata ***) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_copy_authenticator (krb5_context, const krb5_authenticator *, krb5_authenticator **) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_copy_checksum (krb5_context, const krb5_checksum *, krb5_checksum **) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_get_server_rcache (krb5_context, const krb5_data *, krb5_rcache *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV_C krb5_build_principal_ext (krb5_context, krb5_principal *, unsigned int, const char *, ...) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV_C krb5_build_principal (krb5_context, krb5_principal *, unsigned int, const char *, ...) #if __GNUC__ >= 4 __attribute__ ((sentinel)) #endif ; #if KRB5_DEPRECATED KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV krb5_build_principal_va (krb5_context, krb5_principal, unsigned int, const char *, va_list) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); #endif /* Version of krb5_build_principal_va which allocates krb5_principal_data */ krb5_error_code KRB5_CALLCONV krb5_build_principal_alloc_va (krb5_context, krb5_principal *, unsigned int, const char *, va_list) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_425_conv_principal (krb5_context, const char *name, const char *instance, const char *realm, krb5_principal *princ) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_524_conv_principal (krb5_context context, krb5_const_principal princ, char *name, char *inst, char *realm) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); struct credentials; int KRB5_CALLCONV krb5_524_convert_creds (krb5_context context, krb5_creds *v5creds, struct credentials *v4creds) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); #if KRB5_DEPRECATED #define krb524_convert_creds_kdc krb5_524_convert_creds #define krb524_init_ets(x) (0) #endif /* libkt.spec */ krb5_error_code KRB5_CALLCONV krb5_kt_resolve (krb5_context, const char *, krb5_keytab * ) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_kt_default_name (krb5_context, char *, int ) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_kt_default (krb5_context, krb5_keytab * ) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_free_keytab_entry_contents (krb5_context, krb5_keytab_entry * ) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); /* remove and add are functions, so that they can return NOWRITE if not a writable keytab */ krb5_error_code KRB5_CALLCONV krb5_kt_remove_entry (krb5_context, krb5_keytab, krb5_keytab_entry * ) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_kt_add_entry (krb5_context, krb5_keytab, krb5_keytab_entry * ) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV_WRONG krb5_principal2salt (krb5_context, krb5_const_principal, krb5_data *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); /* librc.spec--see rcache.h */ /* libcc.spec */ krb5_error_code KRB5_CALLCONV krb5_cc_resolve (krb5_context, const char *, krb5_ccache * ) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); const char * KRB5_CALLCONV krb5_cc_default_name (krb5_context) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_cc_set_default_name (krb5_context, const char *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_cc_default (krb5_context, krb5_ccache *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_cc_copy_creds (krb5_context context, krb5_ccache incc, krb5_ccache outcc) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_cc_get_config(krb5_context, krb5_ccache, krb5_const_principal, const char *, krb5_data *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_cc_set_config(krb5_context, krb5_ccache, krb5_const_principal, const char *, krb5_data *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_boolean KRB5_CALLCONV krb5_is_config_principal(krb5_context, krb5_const_principal) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); /* krb5_free.c */ void KRB5_CALLCONV krb5_free_principal (krb5_context, krb5_principal ) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); void KRB5_CALLCONV krb5_free_authenticator (krb5_context, krb5_authenticator * ) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); void KRB5_CALLCONV krb5_free_addresses (krb5_context, krb5_address ** ) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); void KRB5_CALLCONV krb5_free_authdata (krb5_context, krb5_authdata ** ) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); void KRB5_CALLCONV krb5_free_ticket (krb5_context, krb5_ticket * ) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); void KRB5_CALLCONV krb5_free_error (krb5_context, krb5_error * ) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); void KRB5_CALLCONV krb5_free_creds (krb5_context, krb5_creds *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); void KRB5_CALLCONV krb5_free_cred_contents (krb5_context, krb5_creds *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); void KRB5_CALLCONV krb5_free_checksum (krb5_context, krb5_checksum *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); void KRB5_CALLCONV krb5_free_checksum_contents (krb5_context, krb5_checksum *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); void KRB5_CALLCONV krb5_free_keyblock (krb5_context, krb5_keyblock *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); void KRB5_CALLCONV krb5_free_keyblock_contents (krb5_context, krb5_keyblock *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); void KRB5_CALLCONV krb5_free_ap_rep_enc_part (krb5_context, krb5_ap_rep_enc_part *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); void KRB5_CALLCONV krb5_free_data (krb5_context, krb5_data *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); void KRB5_CALLCONV krb5_free_data_contents (krb5_context, krb5_data *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); void KRB5_CALLCONV krb5_free_unparsed_name (krb5_context, char *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); void KRB5_CALLCONV krb5_free_cksumtypes (krb5_context, krb5_cksumtype *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); /* From krb5/os but needed but by the outside world */ krb5_error_code KRB5_CALLCONV krb5_us_timeofday (krb5_context, krb5_timestamp *, krb5_int32 * ) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_timeofday (krb5_context, krb5_timestamp * ) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); /* get all the addresses of this host */ krb5_error_code KRB5_CALLCONV krb5_os_localaddr (krb5_context, krb5_address ***) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_get_default_realm (krb5_context, char ** ) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_set_default_realm (krb5_context, const char * ) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); void KRB5_CALLCONV krb5_free_default_realm (krb5_context, char * ) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_sname_to_principal (krb5_context, const char *, const char *, krb5_int32, krb5_principal *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_change_password (krb5_context context, krb5_creds *creds, char *newpw, int *result_code, krb5_data *result_code_string, krb5_data *result_string) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_set_password (krb5_context context, krb5_creds *creds, char *newpw, krb5_principal change_password_for, int *result_code, krb5_data *result_code_string, krb5_data *result_string) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_set_password_using_ccache (krb5_context context, krb5_ccache ccache, char *newpw, krb5_principal change_password_for, int *result_code, krb5_data *result_code_string, krb5_data *result_string) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_get_profile (krb5_context, struct _profile_t * /* profile_t */ *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); #if KRB5_DEPRECATED KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV krb5_get_in_tkt (krb5_context, krb5_flags, krb5_address * const *, krb5_enctype *, krb5_preauthtype *, krb5_error_code ( * )(krb5_context, krb5_enctype, krb5_data *, krb5_const_pointer, krb5_keyblock **), krb5_const_pointer, krb5_error_code ( * )(krb5_context, const krb5_keyblock *, krb5_const_pointer, krb5_kdc_rep * ), krb5_const_pointer, krb5_creds *, krb5_ccache, krb5_kdc_rep ** ) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_password (krb5_context, krb5_flags, krb5_address * const *, krb5_enctype *, krb5_preauthtype *, const char *, krb5_ccache, krb5_creds *, krb5_kdc_rep ** ) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_skey (krb5_context, krb5_flags, krb5_address * const *, krb5_enctype *, krb5_preauthtype *, const krb5_keyblock *, krb5_ccache, krb5_creds *, krb5_kdc_rep ** ) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_keytab (krb5_context, krb5_flags, krb5_address * const *, krb5_enctype *, krb5_preauthtype *, krb5_keytab, krb5_ccache, krb5_creds *, krb5_kdc_rep ** ) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); #endif /* KRB5_DEPRECATED */ krb5_error_code KRB5_CALLCONV krb5_rd_req (krb5_context, krb5_auth_context *, const krb5_data *, krb5_const_principal, krb5_keytab, krb5_flags *, krb5_ticket **) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_kt_read_service_key (krb5_context, krb5_pointer, krb5_principal, krb5_kvno, krb5_enctype, krb5_keyblock **) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_mk_safe (krb5_context, krb5_auth_context, const krb5_data *, krb5_data *, krb5_replay_data *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_mk_priv (krb5_context, krb5_auth_context, const krb5_data *, krb5_data *, krb5_replay_data *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_sendauth (krb5_context, krb5_auth_context *, krb5_pointer, char *, krb5_principal, krb5_principal, krb5_flags, krb5_data *, krb5_creds *, krb5_ccache, krb5_error **, krb5_ap_rep_enc_part **, krb5_creds **) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_recvauth (krb5_context, krb5_auth_context *, krb5_pointer, char *, krb5_principal, krb5_int32, krb5_keytab, krb5_ticket **) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_recvauth_version (krb5_context, krb5_auth_context *, krb5_pointer, krb5_principal, krb5_int32, krb5_keytab, krb5_ticket **, krb5_data *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_mk_ncred (krb5_context, krb5_auth_context, krb5_creds **, krb5_data **, krb5_replay_data *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_mk_1cred (krb5_context, krb5_auth_context, krb5_creds *, krb5_data **, krb5_replay_data *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_rd_cred (krb5_context, krb5_auth_context, krb5_data *, krb5_creds ***, krb5_replay_data *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_fwd_tgt_creds (krb5_context, krb5_auth_context, char *, krb5_principal, krb5_principal, krb5_ccache, int forwardable, krb5_data *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_auth_con_init (krb5_context, krb5_auth_context *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_auth_con_free (krb5_context, krb5_auth_context) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_auth_con_setflags (krb5_context, krb5_auth_context, krb5_int32) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_auth_con_getflags (krb5_context, krb5_auth_context, krb5_int32 *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_auth_con_set_checksum_func (krb5_context, krb5_auth_context, krb5_mk_req_checksum_func, void *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_auth_con_get_checksum_func( krb5_context, krb5_auth_context, krb5_mk_req_checksum_func *, void **) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV_WRONG krb5_auth_con_setaddrs (krb5_context, krb5_auth_context, krb5_address *, krb5_address *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_auth_con_getaddrs (krb5_context, krb5_auth_context, krb5_address **, krb5_address **) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_auth_con_setports (krb5_context, krb5_auth_context, krb5_address *, krb5_address *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_auth_con_setuseruserkey (krb5_context, krb5_auth_context, krb5_keyblock *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_auth_con_getkey (krb5_context, krb5_auth_context, krb5_keyblock **) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_auth_con_getsendsubkey( krb5_context, krb5_auth_context, krb5_keyblock **) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_auth_con_getrecvsubkey( krb5_context, krb5_auth_context, krb5_keyblock **) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_auth_con_setsendsubkey( krb5_context, krb5_auth_context, krb5_keyblock *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_auth_con_setrecvsubkey( krb5_context, krb5_auth_context, krb5_keyblock *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); #if KRB5_DEPRECATED KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV krb5_auth_con_getlocalsubkey (krb5_context, krb5_auth_context, krb5_keyblock **) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV krb5_auth_con_getremotesubkey (krb5_context, krb5_auth_context, krb5_keyblock **) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); #endif krb5_error_code KRB5_CALLCONV krb5_auth_con_getlocalseqnumber (krb5_context, krb5_auth_context, krb5_int32 *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_auth_con_getremoteseqnumber (krb5_context, krb5_auth_context, krb5_int32 *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); #if KRB5_DEPRECATED KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV krb5_auth_con_initivector (krb5_context, krb5_auth_context) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); #endif krb5_error_code KRB5_CALLCONV krb5_auth_con_setrcache (krb5_context, krb5_auth_context, krb5_rcache) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV_WRONG krb5_auth_con_getrcache (krb5_context, krb5_auth_context, krb5_rcache *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_auth_con_getauthenticator (krb5_context, krb5_auth_context, krb5_authenticator **) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); #define KRB5_REALM_BRANCH_CHAR '.' /* * end "func-proto.h" */ /* * begin stuff from libos.h */ krb5_error_code KRB5_CALLCONV krb5_read_password (krb5_context, const char *, const char *, char *, unsigned int * ) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_aname_to_localname (krb5_context, krb5_const_principal, int, char * ) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_get_host_realm (krb5_context, const char *, char *** ) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_get_fallback_host_realm (krb5_context, krb5_data *, char *** ) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_free_host_realm (krb5_context, char * const * ) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_boolean KRB5_CALLCONV krb5_kuserok (krb5_context, krb5_principal, const char *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_auth_con_genaddrs (krb5_context, krb5_auth_context, int, int) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_set_real_time (krb5_context, krb5_timestamp, krb5_int32) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_get_time_offsets (krb5_context, krb5_timestamp *, krb5_int32 *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); /* str_conv.c */ krb5_error_code KRB5_CALLCONV krb5_string_to_enctype (char *, krb5_enctype *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_string_to_salttype (char *, krb5_int32 *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_string_to_cksumtype (char *, krb5_cksumtype *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_string_to_timestamp (char *, krb5_timestamp *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_string_to_deltat (char *, krb5_deltat *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_enctype_to_string (krb5_enctype, char *, size_t) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_salttype_to_string (krb5_int32, char *, size_t) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_cksumtype_to_string (krb5_cksumtype, char *, size_t) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_timestamp_to_string (krb5_timestamp, char *, size_t) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_timestamp_to_sfstring (krb5_timestamp, char *, size_t, char *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_deltat_to_string (krb5_deltat, char *, size_t) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); /* The name of the Kerberos ticket granting service... and its size */ #define KRB5_TGS_NAME "krbtgt" #define KRB5_TGS_NAME_SIZE 6 /* flags for recvauth */ #define KRB5_RECVAUTH_SKIP_VERSION 0x0001 #define KRB5_RECVAUTH_BADAUTHVERS 0x0002 /* initial ticket api functions */ typedef struct _krb5_prompt { char *prompt; int hidden; krb5_data *reply; } krb5_prompt; typedef krb5_error_code (KRB5_CALLCONV *krb5_prompter_fct)(krb5_context context, void *data, const char *name, const char *banner, int num_prompts, krb5_prompt prompts[]) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_prompter_posix (krb5_context context, void *data, const char *name, const char *banner, int num_prompts, krb5_prompt prompts[]) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); typedef struct _krb5_get_init_creds_opt { krb5_flags flags; krb5_deltat tkt_life; krb5_deltat renew_life; int forwardable; int proxiable; krb5_enctype *etype_list; int etype_list_length; krb5_address **address_list; krb5_preauthtype *preauth_list; int preauth_list_length; krb5_data *salt; } krb5_get_init_creds_opt; #define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE 0x0001 #define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE 0x0002 #define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE 0x0004 #define KRB5_GET_INIT_CREDS_OPT_PROXIABLE 0x0008 #define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST 0x0010 #define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST 0x0020 #define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST 0x0040 #define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080 #define KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT 0x0100 #define KRB5_GET_INIT_CREDS_OPT_CANONICALIZE 0x0200 krb5_error_code KRB5_CALLCONV krb5_get_init_creds_opt_alloc (krb5_context context, krb5_get_init_creds_opt **opt) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); void KRB5_CALLCONV krb5_get_init_creds_opt_free (krb5_context context, krb5_get_init_creds_opt *opt) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); void KRB5_CALLCONV krb5_get_init_creds_opt_init (krb5_get_init_creds_opt *opt) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); void KRB5_CALLCONV krb5_get_init_creds_opt_set_tkt_life (krb5_get_init_creds_opt *opt, krb5_deltat tkt_life) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); void KRB5_CALLCONV krb5_get_init_creds_opt_set_renew_life (krb5_get_init_creds_opt *opt, krb5_deltat renew_life) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); void KRB5_CALLCONV krb5_get_init_creds_opt_set_forwardable (krb5_get_init_creds_opt *opt, int forwardable) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); void KRB5_CALLCONV krb5_get_init_creds_opt_set_proxiable (krb5_get_init_creds_opt *opt, int proxiable) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); void KRB5_CALLCONV krb5_get_init_creds_opt_set_canonicalize (krb5_get_init_creds_opt *opt, int canonicalize) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); void KRB5_CALLCONV krb5_get_init_creds_opt_set_etype_list (krb5_get_init_creds_opt *opt, krb5_enctype *etype_list, int etype_list_length) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); void KRB5_CALLCONV krb5_get_init_creds_opt_set_address_list (krb5_get_init_creds_opt *opt, krb5_address **addresses) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); void KRB5_CALLCONV krb5_get_init_creds_opt_set_preauth_list (krb5_get_init_creds_opt *opt, krb5_preauthtype *preauth_list, int preauth_list_length) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); void KRB5_CALLCONV krb5_get_init_creds_opt_set_salt (krb5_get_init_creds_opt *opt, krb5_data *salt) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); void KRB5_CALLCONV krb5_get_init_creds_opt_set_change_password_prompt (krb5_get_init_creds_opt *opt, int prompt) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); /* Generic preauth option attribute/value pairs */ typedef struct _krb5_gic_opt_pa_data { char *attr; char *value; } krb5_gic_opt_pa_data; /* * This function allows the caller to supply options to preauth * plugins. Preauth plugin modules are given a chance to look * at each option at the time this function is called in ordre * to check the validity of the option. * The 'opt' pointer supplied to this function must have been * obtained using krb5_get_init_creds_opt_alloc() */ krb5_error_code KRB5_CALLCONV krb5_get_init_creds_opt_set_pa (krb5_context context, krb5_get_init_creds_opt *opt, const char *attr, const char *value) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); typedef krb5_error_code (*krb5_gic_process_last_req)(krb5_context, krb5_last_req_entry **, void *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_get_init_creds_opt_set_process_last_req(krb5_context, krb5_get_init_creds_opt *, krb5_gic_process_last_req, void *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_get_init_creds_password (krb5_context context, krb5_creds *creds, krb5_principal client, char *password, krb5_prompter_fct prompter, void *data, krb5_deltat start_time, char *in_tkt_service, krb5_get_init_creds_opt *k5_gic_options) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_get_init_creds_keytab (krb5_context context, krb5_creds *creds, krb5_principal client, krb5_keytab arg_keytab, krb5_deltat start_time, char *in_tkt_service, krb5_get_init_creds_opt *k5_gic_options) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); typedef struct _krb5_verify_init_creds_opt { krb5_flags flags; int ap_req_nofail; } krb5_verify_init_creds_opt; #define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL 0x0001 void KRB5_CALLCONV krb5_verify_init_creds_opt_init (krb5_verify_init_creds_opt *k5_vic_options) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); void KRB5_CALLCONV krb5_verify_init_creds_opt_set_ap_req_nofail (krb5_verify_init_creds_opt *k5_vic_options, int ap_req_nofail) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_verify_init_creds (krb5_context context, krb5_creds *creds, krb5_principal ap_req_server, krb5_keytab ap_req_keytab, krb5_ccache *ccache, krb5_verify_init_creds_opt *k5_vic_options) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_get_validated_creds (krb5_context context, krb5_creds *creds, krb5_principal client, krb5_ccache ccache, char *in_tkt_service) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_get_renewed_creds (krb5_context context, krb5_creds *creds, krb5_principal client, krb5_ccache ccache, char *in_tkt_service) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); krb5_error_code KRB5_CALLCONV krb5_decode_ticket (const krb5_data *code, krb5_ticket **rep) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); void KRB5_CALLCONV krb5_appdefault_string (krb5_context context, const char *appname, const krb5_data *realm, const char *option, const char *default_value, char ** ret_value) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); void KRB5_CALLCONV krb5_appdefault_boolean (krb5_context context, const char *appname, const krb5_data *realm, const char *option, int default_value, int *ret_value) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); /* * Prompter enhancements */ #define KRB5_PROMPT_TYPE_PASSWORD 0x1 #define KRB5_PROMPT_TYPE_NEW_PASSWORD 0x2 #define KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN 0x3 #define KRB5_PROMPT_TYPE_PREAUTH 0x4 typedef krb5_int32 krb5_prompt_type; krb5_prompt_type* KRB5_CALLCONV krb5_get_prompt_types (krb5_context context) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); /* Error reporting */ void KRB5_CALLCONV_C krb5_set_error_message (krb5_context, krb5_error_code, const char *, ...) #if !defined(__cplusplus) && (__GNUC__ > 2) __attribute__((__format__(__printf__, 3, 4))) #endif ; void KRB5_CALLCONV krb5_vset_error_message (krb5_context, krb5_error_code, const char *, va_list) #if !defined(__cplusplus) && (__GNUC__ > 2) __attribute__((__format__(__printf__, 3, 0))) #endif ; /* * The behavior of krb5_get_error_message is only defined the first * time it is called after a failed call to a krb5 function using the * same context, and only when the error code passed in is the same as * that returned by the krb5 function. Future versions may return the * same string for the second and following calls. * * The string returned by this function must be freed using * krb5_free_error_message. */ const char * KRB5_CALLCONV krb5_get_error_message (krb5_context, krb5_error_code) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); void KRB5_CALLCONV krb5_free_error_message (krb5_context, const char *) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); void KRB5_CALLCONV krb5_clear_error_message (krb5_context) KERBEROS_APPLE_DEPRECATED("use GSS.framework"); #if TARGET_OS_MAC # pragma pack(pop) #endif KRB5INT_END_DECLS /* Don't use this! We're going to phase it out. It's just here to keep applications from breaking right away. */ #define krb5_const const #undef KRB5_ATTR_DEPRECATED #endif /* KRB5_GENERAL__ */ /* * et-h-krb5_err.h: * This file is automatically generated; please do not edit it. */ #define KRB5KDC_ERR_NONE (-1765328384L) #define KRB5KDC_ERR_NAME_EXP (-1765328383L) #define KRB5KDC_ERR_SERVICE_EXP (-1765328382L) #define KRB5KDC_ERR_BAD_PVNO (-1765328381L) #define KRB5KDC_ERR_C_OLD_MAST_KVNO (-1765328380L) #define KRB5KDC_ERR_S_OLD_MAST_KVNO (-1765328379L) #define KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN (-1765328378L) #define KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN (-1765328377L) #define KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE (-1765328376L) #define KRB5KDC_ERR_NULL_KEY (-1765328375L) #define KRB5KDC_ERR_CANNOT_POSTDATE (-1765328374L) #define KRB5KDC_ERR_NEVER_VALID (-1765328373L) #define KRB5KDC_ERR_POLICY (-1765328372L) #define KRB5KDC_ERR_BADOPTION (-1765328371L) #define KRB5KDC_ERR_ETYPE_NOSUPP (-1765328370L) #define KRB5KDC_ERR_SUMTYPE_NOSUPP (-1765328369L) #define KRB5KDC_ERR_PADATA_TYPE_NOSUPP (-1765328368L) #define KRB5KDC_ERR_TRTYPE_NOSUPP (-1765328367L) #define KRB5KDC_ERR_CLIENT_REVOKED (-1765328366L) #define KRB5KDC_ERR_SERVICE_REVOKED (-1765328365L) #define KRB5KDC_ERR_TGT_REVOKED (-1765328364L) #define KRB5KDC_ERR_CLIENT_NOTYET (-1765328363L) #define KRB5KDC_ERR_SERVICE_NOTYET (-1765328362L) #define KRB5KDC_ERR_KEY_EXP (-1765328361L) #define KRB5KDC_ERR_PREAUTH_FAILED (-1765328360L) #define KRB5KDC_ERR_PREAUTH_REQUIRED (-1765328359L) #define KRB5KDC_ERR_SERVER_NOMATCH (-1765328358L) #define KRB5KDC_ERR_MUST_USE_USER2USER (-1765328357L) #define KRB5KDC_ERR_PATH_NOT_ACCEPTED (-1765328356L) #define KRB5KDC_ERR_SVC_UNAVAILABLE (-1765328355L) #define KRB5PLACEHOLD_30 (-1765328354L) #define KRB5KRB_AP_ERR_BAD_INTEGRITY (-1765328353L) #define KRB5KRB_AP_ERR_TKT_EXPIRED (-1765328352L) #define KRB5KRB_AP_ERR_TKT_NYV (-1765328351L) #define KRB5KRB_AP_ERR_REPEAT (-1765328350L) #define KRB5KRB_AP_ERR_NOT_US (-1765328349L) #define KRB5KRB_AP_ERR_BADMATCH (-1765328348L) #define KRB5KRB_AP_ERR_SKEW (-1765328347L) #define KRB5KRB_AP_ERR_BADADDR (-1765328346L) #define KRB5KRB_AP_ERR_BADVERSION (-1765328345L) #define KRB5KRB_AP_ERR_MSG_TYPE (-1765328344L) #define KRB5KRB_AP_ERR_MODIFIED (-1765328343L) #define KRB5KRB_AP_ERR_BADORDER (-1765328342L) #define KRB5KRB_AP_ERR_ILL_CR_TKT (-1765328341L) #define KRB5KRB_AP_ERR_BADKEYVER (-1765328340L) #define KRB5KRB_AP_ERR_NOKEY (-1765328339L) #define KRB5KRB_AP_ERR_MUT_FAIL (-1765328338L) #define KRB5KRB_AP_ERR_BADDIRECTION (-1765328337L) #define KRB5KRB_AP_ERR_METHOD (-1765328336L) #define KRB5KRB_AP_ERR_BADSEQ (-1765328335L) #define KRB5KRB_AP_ERR_INAPP_CKSUM (-1765328334L) #define KRB5KRB_AP_PATH_NOT_ACCEPTED (-1765328333L) #define KRB5KRB_ERR_RESPONSE_TOO_BIG (-1765328332L) #define KRB5PLACEHOLD_53 (-1765328331L) #define KRB5PLACEHOLD_54 (-1765328330L) #define KRB5PLACEHOLD_55 (-1765328329L) #define KRB5PLACEHOLD_56 (-1765328328L) #define KRB5PLACEHOLD_57 (-1765328327L) #define KRB5PLACEHOLD_58 (-1765328326L) #define KRB5PLACEHOLD_59 (-1765328325L) #define KRB5KRB_ERR_GENERIC (-1765328324L) #define KRB5KRB_ERR_FIELD_TOOLONG (-1765328323L) #define KRB5KDC_ERR_CLIENT_NOT_TRUSTED (-1765328322L) #define KRB5KDC_ERR_KDC_NOT_TRUSTED (-1765328321L) #define KRB5KDC_ERR_INVALID_SIG (-1765328320L) #define KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED (-1765328319L) #define KRB5KDC_ERR_CERTIFICATE_MISMATCH (-1765328318L) #define KRB5KRB_AP_ERR_NO_TGT (-1765328317L) #define KRB5KDC_ERR_WRONG_REALM (-1765328316L) #define KRB5KRB_AP_ERR_USER_TO_USER_REQUIRED (-1765328315L) #define KRB5KDC_ERR_CANT_VERIFY_CERTIFICATE (-1765328314L) #define KRB5KDC_ERR_INVALID_CERTIFICATE (-1765328313L) #define KRB5KDC_ERR_REVOKED_CERTIFICATE (-1765328312L) #define KRB5KDC_ERR_REVOCATION_STATUS_UNKNOWN (-1765328311L) #define KRB5KDC_ERR_REVOCATION_STATUS_UNAVAILABLE (-1765328310L) #define KRB5KDC_ERR_CLIENT_NAME_MISMATCH (-1765328309L) #define KRB5KDC_ERR_KDC_NAME_MISMATCH (-1765328308L) #define KRB5KDC_ERR_INCONSISTENT_KEY_PURPOSE (-1765328307L) #define KRB5KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED (-1765328306L) #define KRB5KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED (-1765328305L) #define KRB5KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED (-1765328304L) #define KRB5KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED (-1765328303L) #define KRB5PLACEHOLD_82 (-1765328302L) #define KRB5PLACEHOLD_83 (-1765328301L) #define KRB5PLACEHOLD_84 (-1765328300L) #define KRB5PLACEHOLD_85 (-1765328299L) #define KRB5PLACEHOLD_86 (-1765328298L) #define KRB5PLACEHOLD_87 (-1765328297L) #define KRB5PLACEHOLD_88 (-1765328296L) #define KRB5PLACEHOLD_89 (-1765328295L) #define KRB5PLACEHOLD_90 (-1765328294L) #define KRB5PLACEHOLD_91 (-1765328293L) #define KRB5PLACEHOLD_92 (-1765328292L) #define KRB5PLACEHOLD_93 (-1765328291L) #define KRB5PLACEHOLD_94 (-1765328290L) #define KRB5PLACEHOLD_95 (-1765328289L) #define KRB5PLACEHOLD_96 (-1765328288L) #define KRB5PLACEHOLD_97 (-1765328287L) #define KRB5PLACEHOLD_98 (-1765328286L) #define KRB5PLACEHOLD_99 (-1765328285L) #define KRB5PLACEHOLD_100 (-1765328284L) #define KRB5PLACEHOLD_101 (-1765328283L) #define KRB5PLACEHOLD_102 (-1765328282L) #define KRB5PLACEHOLD_103 (-1765328281L) #define KRB5PLACEHOLD_104 (-1765328280L) #define KRB5PLACEHOLD_105 (-1765328279L) #define KRB5PLACEHOLD_106 (-1765328278L) #define KRB5PLACEHOLD_107 (-1765328277L) #define KRB5PLACEHOLD_108 (-1765328276L) #define KRB5PLACEHOLD_109 (-1765328275L) #define KRB5PLACEHOLD_110 (-1765328274L) #define KRB5PLACEHOLD_111 (-1765328273L) #define KRB5PLACEHOLD_112 (-1765328272L) #define KRB5PLACEHOLD_113 (-1765328271L) #define KRB5PLACEHOLD_114 (-1765328270L) #define KRB5PLACEHOLD_115 (-1765328269L) #define KRB5PLACEHOLD_116 (-1765328268L) #define KRB5PLACEHOLD_117 (-1765328267L) #define KRB5PLACEHOLD_118 (-1765328266L) #define KRB5PLACEHOLD_119 (-1765328265L) #define KRB5PLACEHOLD_120 (-1765328264L) #define KRB5PLACEHOLD_121 (-1765328263L) #define KRB5PLACEHOLD_122 (-1765328262L) #define KRB5PLACEHOLD_123 (-1765328261L) #define KRB5PLACEHOLD_124 (-1765328260L) #define KRB5PLACEHOLD_125 (-1765328259L) #define KRB5PLACEHOLD_126 (-1765328258L) #define KRB5PLACEHOLD_127 (-1765328257L) #define KRB5_ERR_RCSID (-1765328256L) #define KRB5_LIBOS_BADLOCKFLAG (-1765328255L) #define KRB5_LIBOS_CANTREADPWD (-1765328254L) #define KRB5_LIBOS_BADPWDMATCH (-1765328253L) #define KRB5_LIBOS_PWDINTR (-1765328252L) #define KRB5_PARSE_ILLCHAR (-1765328251L) #define KRB5_PARSE_MALFORMED (-1765328250L) #define KRB5_CONFIG_CANTOPEN (-1765328249L) #define KRB5_CONFIG_BADFORMAT (-1765328248L) #define KRB5_CONFIG_NOTENUFSPACE (-1765328247L) #define KRB5_BADMSGTYPE (-1765328246L) #define KRB5_CC_BADNAME (-1765328245L) #define KRB5_CC_UNKNOWN_TYPE (-1765328244L) #define KRB5_CC_NOTFOUND (-1765328243L) #define KRB5_CC_END (-1765328242L) #define KRB5_NO_TKT_SUPPLIED (-1765328241L) #define KRB5KRB_AP_WRONG_PRINC (-1765328240L) #define KRB5KRB_AP_ERR_TKT_INVALID (-1765328239L) #define KRB5_PRINC_NOMATCH (-1765328238L) #define KRB5_KDCREP_MODIFIED (-1765328237L) #define KRB5_KDCREP_SKEW (-1765328236L) #define KRB5_IN_TKT_REALM_MISMATCH (-1765328235L) #define KRB5_PROG_ETYPE_NOSUPP (-1765328234L) #define KRB5_PROG_KEYTYPE_NOSUPP (-1765328233L) #define KRB5_WRONG_ETYPE (-1765328232L) #define KRB5_PROG_SUMTYPE_NOSUPP (-1765328231L) #define KRB5_REALM_UNKNOWN (-1765328230L) #define KRB5_SERVICE_UNKNOWN (-1765328229L) #define KRB5_KDC_UNREACH (-1765328228L) #define KRB5_NO_LOCALNAME (-1765328227L) #define KRB5_MUTUAL_FAILED (-1765328226L) #define KRB5_RC_TYPE_EXISTS (-1765328225L) #define KRB5_RC_MALLOC (-1765328224L) #define KRB5_RC_TYPE_NOTFOUND (-1765328223L) #define KRB5_RC_UNKNOWN (-1765328222L) #define KRB5_RC_REPLAY (-1765328221L) #define KRB5_RC_IO (-1765328220L) #define KRB5_RC_NOIO (-1765328219L) #define KRB5_RC_PARSE (-1765328218L) #define KRB5_RC_IO_EOF (-1765328217L) #define KRB5_RC_IO_MALLOC (-1765328216L) #define KRB5_RC_IO_PERM (-1765328215L) #define KRB5_RC_IO_IO (-1765328214L) #define KRB5_RC_IO_UNKNOWN (-1765328213L) #define KRB5_RC_IO_SPACE (-1765328212L) #define KRB5_TRANS_CANTOPEN (-1765328211L) #define KRB5_TRANS_BADFORMAT (-1765328210L) #define KRB5_LNAME_CANTOPEN (-1765328209L) #define KRB5_LNAME_NOTRANS (-1765328208L) #define KRB5_LNAME_BADFORMAT (-1765328207L) #define KRB5_CRYPTO_INTERNAL (-1765328206L) #define KRB5_KT_BADNAME (-1765328205L) #define KRB5_KT_UNKNOWN_TYPE (-1765328204L) #define KRB5_KT_NOTFOUND (-1765328203L) #define KRB5_KT_END (-1765328202L) #define KRB5_KT_NOWRITE (-1765328201L) #define KRB5_KT_IOERR (-1765328200L) #define KRB5_NO_TKT_IN_RLM (-1765328199L) #define KRB5DES_BAD_KEYPAR (-1765328198L) #define KRB5DES_WEAK_KEY (-1765328197L) #define KRB5_BAD_ENCTYPE (-1765328196L) #define KRB5_BAD_KEYSIZE (-1765328195L) #define KRB5_BAD_MSIZE (-1765328194L) #define KRB5_CC_TYPE_EXISTS (-1765328193L) #define KRB5_KT_TYPE_EXISTS (-1765328192L) #define KRB5_CC_IO (-1765328191L) #define KRB5_FCC_PERM (-1765328190L) #define KRB5_FCC_NOFILE (-1765328189L) #define KRB5_FCC_INTERNAL (-1765328188L) #define KRB5_CC_WRITE (-1765328187L) #define KRB5_CC_NOMEM (-1765328186L) #define KRB5_CC_FORMAT (-1765328185L) #define KRB5_CC_NOT_KTYPE (-1765328184L) #define KRB5_INVALID_FLAGS (-1765328183L) #define KRB5_NO_2ND_TKT (-1765328182L) #define KRB5_NOCREDS_SUPPLIED (-1765328181L) #define KRB5_SENDAUTH_BADAUTHVERS (-1765328180L) #define KRB5_SENDAUTH_BADAPPLVERS (-1765328179L) #define KRB5_SENDAUTH_BADRESPONSE (-1765328178L) #define KRB5_SENDAUTH_REJECTED (-1765328177L) #define KRB5_PREAUTH_BAD_TYPE (-1765328176L) #define KRB5_PREAUTH_NO_KEY (-1765328175L) #define KRB5_PREAUTH_FAILED (-1765328174L) #define KRB5_RCACHE_BADVNO (-1765328173L) #define KRB5_CCACHE_BADVNO (-1765328172L) #define KRB5_KEYTAB_BADVNO (-1765328171L) #define KRB5_PROG_ATYPE_NOSUPP (-1765328170L) #define KRB5_RC_REQUIRED (-1765328169L) #define KRB5_ERR_BAD_HOSTNAME (-1765328168L) #define KRB5_ERR_HOST_REALM_UNKNOWN (-1765328167L) #define KRB5_SNAME_UNSUPP_NAMETYPE (-1765328166L) #define KRB5KRB_AP_ERR_V4_REPLY (-1765328165L) #define KRB5_REALM_CANT_RESOLVE (-1765328164L) #define KRB5_TKT_NOT_FORWARDABLE (-1765328163L) #define KRB5_FWD_BAD_PRINCIPAL (-1765328162L) #define KRB5_GET_IN_TKT_LOOP (-1765328161L) #define KRB5_CONFIG_NODEFREALM (-1765328160L) #define KRB5_SAM_UNSUPPORTED (-1765328159L) #define KRB5_SAM_INVALID_ETYPE (-1765328158L) #define KRB5_SAM_NO_CHECKSUM (-1765328157L) #define KRB5_SAM_BAD_CHECKSUM (-1765328156L) #define KRB5_KT_NAME_TOOLONG (-1765328155L) #define KRB5_KT_KVNONOTFOUND (-1765328154L) #define KRB5_APPL_EXPIRED (-1765328153L) #define KRB5_LIB_EXPIRED (-1765328152L) #define KRB5_CHPW_PWDNULL (-1765328151L) #define KRB5_CHPW_FAIL (-1765328150L) #define KRB5_KT_FORMAT (-1765328149L) #define KRB5_NOPERM_ETYPE (-1765328148L) #define KRB5_CONFIG_ETYPE_NOSUPP (-1765328147L) #define KRB5_OBSOLETE_FN (-1765328146L) #define KRB5_EAI_FAIL (-1765328145L) #define KRB5_EAI_NODATA (-1765328144L) #define KRB5_EAI_NONAME (-1765328143L) #define KRB5_EAI_SERVICE (-1765328142L) #define KRB5_ERR_NUMERIC_REALM (-1765328141L) #define KRB5_ERR_BAD_S2K_PARAMS (-1765328140L) #define KRB5_ERR_NO_SERVICE (-1765328139L) #define KRB5_CC_READONLY (-1765328138L) #define KRB5_CC_NOSUPP (-1765328137L) #define KRB5_DELTAT_BADFORMAT (-1765328136L) #define KRB5_PLUGIN_NO_HANDLE (-1765328135L) #define KRB5_PLUGIN_OP_NOTSUPP (-1765328134L) #define ERROR_TABLE_BASE_krb5 (-1765328384L) extern const struct error_table et_krb5_error_table; #if !defined(_WIN32) /* for compatibility with older versions... */ extern void initialize_krb5_error_table (void) /*@modifies internalState@*/; #else #define initialize_krb5_error_table() #endif #if !defined(_WIN32) #define init_krb5_err_tbl initialize_krb5_error_table #define krb5_err_base ERROR_TABLE_BASE_krb5 #endif /* * et-h-kdb5_err.h: * This file is automatically generated; please do not edit it. */ #define KRB5_KDB_RCSID (-1780008448L) #define KRB5_KDB_INUSE (-1780008447L) #define KRB5_KDB_UK_SERROR (-1780008446L) #define KRB5_KDB_UK_RERROR (-1780008445L) #define KRB5_KDB_UNAUTH (-1780008444L) #define KRB5_KDB_NOENTRY (-1780008443L) #define KRB5_KDB_ILL_WILDCARD (-1780008442L) #define KRB5_KDB_DB_INUSE (-1780008441L) #define KRB5_KDB_DB_CHANGED (-1780008440L) #define KRB5_KDB_TRUNCATED_RECORD (-1780008439L) #define KRB5_KDB_RECURSIVELOCK (-1780008438L) #define KRB5_KDB_NOTLOCKED (-1780008437L) #define KRB5_KDB_BADLOCKMODE (-1780008436L) #define KRB5_KDB_DBNOTINITED (-1780008435L) #define KRB5_KDB_DBINITED (-1780008434L) #define KRB5_KDB_ILLDIRECTION (-1780008433L) #define KRB5_KDB_NOMASTERKEY (-1780008432L) #define KRB5_KDB_BADMASTERKEY (-1780008431L) #define KRB5_KDB_INVALIDKEYSIZE (-1780008430L) #define KRB5_KDB_CANTREAD_STORED (-1780008429L) #define KRB5_KDB_BADSTORED_MKEY (-1780008428L) #define KRB5_KDB_CANTLOCK_DB (-1780008427L) #define KRB5_KDB_DB_CORRUPT (-1780008426L) #define KRB5_KDB_BAD_VERSION (-1780008425L) #define KRB5_KDB_BAD_SALTTYPE (-1780008424L) #define KRB5_KDB_BAD_ENCTYPE (-1780008423L) #define KRB5_KDB_BAD_CREATEFLAGS (-1780008422L) #define KRB5_KDB_NO_PERMITTED_KEY (-1780008421L) #define KRB5_KDB_NO_MATCHING_KEY (-1780008420L) #define KRB5_KDB_DBTYPE_NOTFOUND (-1780008419L) #define KRB5_KDB_DBTYPE_NOSUP (-1780008418L) #define KRB5_KDB_DBTYPE_INIT (-1780008417L) #define KRB5_KDB_SERVER_INTERNAL_ERR (-1780008416L) #define KRB5_KDB_ACCESS_ERROR (-1780008415L) #define KRB5_KDB_INTERNAL_ERROR (-1780008414L) #define KRB5_KDB_CONSTRAINT_VIOLATION (-1780008413L) #define KRB5_LOG_CONV (-1780008412L) #define KRB5_LOG_UNSTABLE (-1780008411L) #define KRB5_LOG_CORRUPT (-1780008410L) #define KRB5_LOG_ERROR (-1780008409L) #define ERROR_TABLE_BASE_kdb5 (-1780008448L) extern const struct error_table et_kdb5_error_table; #if !defined(_WIN32) /* for compatibility with older versions... */ extern void initialize_kdb5_error_table (void) /*@modifies internalState@*/; #else #define initialize_kdb5_error_table() #endif #if !defined(_WIN32) #define init_kdb5_err_tbl initialize_kdb5_error_table #define kdb5_err_base ERROR_TABLE_BASE_kdb5 #endif /* * et-h-kv5m_err.h: * This file is automatically generated; please do not edit it. */ //#include #define KV5M_NONE (-1760647424L) #define KV5M_PRINCIPAL (-1760647423L) #define KV5M_DATA (-1760647422L) #define KV5M_KEYBLOCK (-1760647421L) #define KV5M_CHECKSUM (-1760647420L) #define KV5M_ENCRYPT_BLOCK (-1760647419L) #define KV5M_ENC_DATA (-1760647418L) #define KV5M_CRYPTOSYSTEM_ENTRY (-1760647417L) #define KV5M_CS_TABLE_ENTRY (-1760647416L) #define KV5M_CHECKSUM_ENTRY (-1760647415L) #define KV5M_AUTHDATA (-1760647414L) #define KV5M_TRANSITED (-1760647413L) #define KV5M_ENC_TKT_PART (-1760647412L) #define KV5M_TICKET (-1760647411L) #define KV5M_AUTHENTICATOR (-1760647410L) #define KV5M_TKT_AUTHENT (-1760647409L) #define KV5M_CREDS (-1760647408L) #define KV5M_LAST_REQ_ENTRY (-1760647407L) #define KV5M_PA_DATA (-1760647406L) #define KV5M_KDC_REQ (-1760647405L) #define KV5M_ENC_KDC_REP_PART (-1760647404L) #define KV5M_KDC_REP (-1760647403L) #define KV5M_ERROR (-1760647402L) #define KV5M_AP_REQ (-1760647401L) #define KV5M_AP_REP (-1760647400L) #define KV5M_AP_REP_ENC_PART (-1760647399L) #define KV5M_RESPONSE (-1760647398L) #define KV5M_SAFE (-1760647397L) #define KV5M_PRIV (-1760647396L) #define KV5M_PRIV_ENC_PART (-1760647395L) #define KV5M_CRED (-1760647394L) #define KV5M_CRED_INFO (-1760647393L) #define KV5M_CRED_ENC_PART (-1760647392L) #define KV5M_PWD_DATA (-1760647391L) #define KV5M_ADDRESS (-1760647390L) #define KV5M_KEYTAB_ENTRY (-1760647389L) #define KV5M_CONTEXT (-1760647388L) #define KV5M_OS_CONTEXT (-1760647387L) #define KV5M_ALT_METHOD (-1760647386L) #define KV5M_ETYPE_INFO_ENTRY (-1760647385L) #define KV5M_DB_CONTEXT (-1760647384L) #define KV5M_AUTH_CONTEXT (-1760647383L) #define KV5M_KEYTAB (-1760647382L) #define KV5M_RCACHE (-1760647381L) #define KV5M_CCACHE (-1760647380L) #define KV5M_PREAUTH_OPS (-1760647379L) #define KV5M_SAM_CHALLENGE (-1760647378L) #define KV5M_SAM_CHALLENGE_2 (-1760647377L) #define KV5M_SAM_KEY (-1760647376L) #define KV5M_ENC_SAM_RESPONSE_ENC (-1760647375L) #define KV5M_ENC_SAM_RESPONSE_ENC_2 (-1760647374L) #define KV5M_SAM_RESPONSE (-1760647373L) #define KV5M_SAM_RESPONSE_2 (-1760647372L) #define KV5M_PREDICTED_SAM_RESPONSE (-1760647371L) #define KV5M_PASSWD_PHRASE_ELEMENT (-1760647370L) #define KV5M_GSS_OID (-1760647369L) #define KV5M_GSS_QUEUE (-1760647368L) #define ERROR_TABLE_BASE_kv5m (-1760647424L) extern const struct error_table et_kv5m_error_table; #if !defined(_WIN32) /* for compatibility with older versions... */ extern void initialize_kv5m_error_table (void) /*@modifies internalState@*/; #else #define initialize_kv5m_error_table() #endif #if !defined(_WIN32) #define init_kv5m_err_tbl initialize_kv5m_error_table #define kv5m_err_base ERROR_TABLE_BASE_kv5m #endif /* * et-h-krb524_err.h: * This file is automatically generated; please do not edit it. */ //#include #define KRB524_BADKEY (-1750206208L) #define KRB524_BADADDR (-1750206207L) #define KRB524_BADPRINC (-1750206206L) #define KRB524_BADREALM (-1750206205L) #define KRB524_V4ERR (-1750206204L) #define KRB524_ENCFULL (-1750206203L) #define KRB524_DECEMPTY (-1750206202L) #define KRB524_NOTRESP (-1750206201L) #define KRB524_KRB4_DISABLED (-1750206200L) #define ERROR_TABLE_BASE_k524 (-1750206208L) extern const struct error_table et_k524_error_table; #if !defined(_WIN32) /* for compatibility with older versions... */ extern void initialize_k524_error_table (void) /*@modifies internalState@*/; #else #define initialize_k524_error_table() #endif #if !defined(_WIN32) #define init_k524_err_tbl initialize_k524_error_table #define k524_err_base ERROR_TABLE_BASE_k524 #endif /* * et-h-asn1_err.h: * This file is automatically generated; please do not edit it. */ //#include #define ASN1_BAD_TIMEFORMAT (1859794432L) #define ASN1_MISSING_FIELD (1859794433L) #define ASN1_MISPLACED_FIELD (1859794434L) #define ASN1_TYPE_MISMATCH (1859794435L) #define ASN1_OVERFLOW (1859794436L) #define ASN1_OVERRUN (1859794437L) #define ASN1_BAD_ID (1859794438L) #define ASN1_BAD_LENGTH (1859794439L) #define ASN1_BAD_FORMAT (1859794440L) #define ASN1_PARSE_ERROR (1859794441L) #define ASN1_BAD_GMTIME (1859794442L) #define ASN1_MISMATCH_INDEF (1859794443L) #define ASN1_MISSING_EOC (1859794444L) #define ERROR_TABLE_BASE_asn1 (1859794432L) extern const struct error_table et_asn1_error_table; #if !defined(_WIN32) /* for compatibility with older versions... */ extern void initialize_asn1_error_table (void) /*@modifies internalState@*/; #else #define initialize_asn1_error_table() #endif #if !defined(_WIN32) #define init_asn1_err_tbl initialize_asn1_error_table #define asn1_err_base ERROR_TABLE_BASE_asn1 #endif #endif /* KRB5_KRB5_H_INCLUDED */ #endif /* __KERBEROS5__ */ ================================================ FILE: push_to_test.sh ================================================ #!/bin/bash +x set -x SECURITY_PLUGIN_PATH="/Library/Security/SecurityAgentPlugins/XCredsLoginPlugin.bundle" if [ "${1}" ]; then REMOTE_MAC=$1 else REMOTE_MAC="test.local" fi echo running ssh ssh "root@${REMOTE_MAC}" rm -rf "${SECURITY_PLUGIN_PATH}" echo copying files scp -r "${BUILD_ROOT}/Release/XCredsLoginPlugin.bundle" "root@${REMOTE_MAC}":"${SECURITY_PLUGIN_PATH}" ssh "root@${REMOTE_MAC}" killall -9 SecurityAgent exit 0 ================================================ FILE: release-notes.md ================================================ ## tag-5.8(9058) (2025-12-09) * added error message for fv not skipped [View](https://github.com/twocanoes/xcreds/commit/e99aae77f256b73568ab63b1feb6d96d366efcbb) * updated build number, manifest and other build files [View](https://github.com/twocanoes/xcreds/commit/d14cba7ebf125d81b9bac2af5ab39079fb8a3622) ## tag-5.8(9057) (2025-12-09) * added error message for fv not skipped [View](https://github.com/twocanoes/xcreds/commit/375954f4e6cf797f1aa88b7bff6d6edd232138e2) * updated build number, manifest and other build files [View](https://github.com/twocanoes/xcreds/commit/ca7e7a9d6e2eeec84500e60d689078b487559602) ## tag-5.8(9056) (2025-12-09) * updated build number, manifest and other build files [View](https://github.com/twocanoes/xcreds/commit/c33928f67341be20344c0f9de3feb2405932548a) ## tag-5.8(9055) (2025-12-09) * fixed refactor issue [View](https://github.com/twocanoes/xcreds/commit/acaf8e24cbc7408f157cc7650690ae213d3145a0) * updated build number, manifest and other build files [View](https://github.com/twocanoes/xcreds/commit/b41547b22ff2505430be4ebecd88c0c89fac1284) ## tag-5.8(9054) (2025-12-09) * fixed plist [View](https://github.com/twocanoes/xcreds/commit/2b073e43781130a2f3178877826b60a24d35f39e) * updated build number, manifest and other build files [View](https://github.com/twocanoes/xcreds/commit/23f97d5f94e34bfd9c28de290bb4ddfb159450a0) ## tag-5.8(9053) (2025-12-09) * fixed fdesetup [View](https://github.com/twocanoes/xcreds/commit/7e90c73d7cba021073bbf0ad3cff625fac151eb2) * updated build number, manifest and other build files [View](https://github.com/twocanoes/xcreds/commit/a11dc2499dfaf5bb293df58f346d44e66d52fa17) ## tag-5.8(9052) (2025-12-05) * updated build number, manifest and other build files [View](https://github.com/twocanoes/xcreds/commit/b40b50b8c2b10183dc90f5fd5c7f4820dfe12d80) ## tag-5.8(9051) (2025-12-05) * updated oss tools [View](https://github.com/twocanoes/xcreds/commit/cd58a599764a11604a90bff11a1ea27ab0a6c399) * fixed refresh token when not LDAP or ROPG [View](https://github.com/twocanoes/xcreds/commit/0c9baba20c3c17f4f23dc9a813d52190d01fb30b) * updated build number, manifest and other build files [View](https://github.com/twocanoes/xcreds/commit/faf6edc93eecf31555e61ae00bbe37bb3ef641ac) ## tag-5.8(9050) (2025-11-24) * added password check with google ldap [View](https://github.com/twocanoes/xcreds/commit/5d8e9c480dc43d563c4ce03e526028fdad671e5b) * updated build number, manifest and other build files [View](https://github.com/twocanoes/xcreds/commit/57b17e5a8323b2dc28110a9f74ba4f75c3c9ec26) ## tag-5.7(9047) (2025-11-17) * fixed term status of fdesetup [View](https://github.com/twocanoes/xcreds/commit/4710a271b6a1ccae6a985a3101c91284b5f3f22c) * updated build number, manifest and other build files [View](https://github.com/twocanoes/xcreds/commit/ab11496bf65746b085b0e13f61e5f576c580fe94) ## tag-5.7(9046) (2025-11-17) * removed auth fv failure message [View](https://github.com/twocanoes/xcreds/commit/8e9814eac13c2426493f9323a1e4579adab82d56) * updated build number, manifest and other build files [View](https://github.com/twocanoes/xcreds/commit/d75b420bf640599f901d65149d8f4c9d2eb0594e) ## tag-5.7(9045) (2025-11-17) * fixed issue where auth fv is always true [View](https://github.com/twocanoes/xcreds/commit/26734d5b93ec1b87d109b25400f34f9c12bed965) * updated build number, manifest and other build files [View](https://github.com/twocanoes/xcreds/commit/bdedf07891bf775b21cbae674addb1a89ee5e9ed) ## tag-5.7(9044) (2025-11-17) * check for securetoken user [View](https://github.com/twocanoes/xcreds/commit/e03e7c88d07c85e90350a7ba522213567f9021f2) * updated build number, manifest and other build files [View](https://github.com/twocanoes/xcreds/commit/c93b6f2011681b48f7b83c55bd77d2fa8e121820) ## tag-5.7(9043) (2025-11-13) * updated trusted apps [View](https://github.com/twocanoes/xcreds/commit/27acbfdbbac014e725e466997826f0821b712dee) * updated tools [View](https://github.com/twocanoes/xcreds/commit/57b813f1b8cc079b94c24a7a36674910be90cc39) * updated build number, manifest and other build files [View](https://github.com/twocanoes/xcreds/commit/6f048ccee6a0dd4e44b31485cc96784fb9760bbe) ## tag-5.7(9042) (2025-11-13) * updated trusted apps [View](https://github.com/twocanoes/xcreds/commit/91fe95e249b0dc38f6bfbbb3bc3398df4f75e843) * updated build number, manifest and other build files [View](https://github.com/twocanoes/xcreds/commit/769f6087894692cc8bc6d29840887755a310c06d) ## tag-5.7(9041) (2025-11-12) * fixed fv auth [View](https://github.com/twocanoes/xcreds/commit/77efa902d8e7977350a491cef99c47e4b9e4097d) * updated build number, manifest and other build files [View](https://github.com/twocanoes/xcreds/commit/f1044dfa67b36391e959492d2fb67af32a20aa11) ## tag-5.7(9038) (2025-11-12) * updated build number, manifest and other build files [View](https://github.com/twocanoes/xcreds/commit/d80dfc95388af248aca3b945d145451304e752dd) ## tag-5.7(9037) (2025-11-12) * fixed FV unlock as admin when setup [View](https://github.com/twocanoes/xcreds/commit/a049f13e068e6bf56ea9a19e9f5e14d10581704b) * updated build number, manifest and other build files [View](https://github.com/twocanoes/xcreds/commit/f51112000a0340ece11c6f46d6acd3e385ac36b9) ## tag-5.7(9036) (2025-11-12) * added more logging [View](https://github.com/twocanoes/xcreds/commit/c2dac3ba6d052a7bd215c9bacfa4200ac4c8c4d6) * updated build number, manifest and other build files [View](https://github.com/twocanoes/xcreds/commit/f82ca5967e33fc2a94773176365d12ca8ad6fcfa) ## tag-5.7(9035) (2025-11-11) * added emojis to popover to make it fancy [View](https://github.com/twocanoes/xcreds/commit/de4a4eed7eb22adc0cff953ca4eec1f2b0f6d63b) * updated build number, manifest and other build files [View](https://github.com/twocanoes/xcreds/commit/a658da59e4da3704ea1a84cd0861550772c69a81) ## tag-5.7(9022) (2025-11-11) * added FV login indicator at login window and menu item [View](https://github.com/twocanoes/xcreds/commit/59a56aa533b233ca0cb6f130ebe78a1b5fa55bf5) * added sample profile for fv skip [View](https://github.com/twocanoes/xcreds/commit/4209457d6a6f3b4715955268c87145d6fe59f82e) * updated build number, manifest and other build files [View](https://github.com/twocanoes/xcreds/commit/a892668be9e504dba44e9150e469b5beb11d10fa) ## tag-5.7(9020) (2025-11-11) * fixed issue with copying info to ds [View](https://github.com/twocanoes/xcreds/commit/7f51197c0ee91df24dd5e3ef748959654055f53a) * updated build number, manifest and other build files [View](https://github.com/twocanoes/xcreds/commit/38032c9649161e09451b103f6a33243c5e76fbf1) ## tag-5.7(9016) (2025-11-10) * fixed regression of DS migrate [View](https://github.com/twocanoes/xcreds/commit/5aae0f125c70e46a6f5f193986d16cec94263fbf) * updated build number, manifest and other build files [View](https://github.com/twocanoes/xcreds/commit/46098e1e2a7eb6d768c8b7bcb683fcc17489431b) ## tag-5.7(9015) (2025-11-05) * updated js; fixed ctk shim for tahoe [View](https://github.com/twocanoes/xcreds/commit/036bd7ac69a84d4e855713f40c42a4888574541b) * updated open source tools [View](https://github.com/twocanoes/xcreds/commit/5e0a72ea62f7f3809d3d1cf5fbd8b801d789e84e) * updated build number, manifest and other build files [View](https://github.com/twocanoes/xcreds/commit/93e60e1f67c192098b232330d2cb3538ac71b158) ## tag-5.7(9014) (2025-11-05) * bumped manifest version: Bump manifest version #362 [View](https://github.com/twocanoes/xcreds/commit/f0fb5c810e9cdcc878205a4a235158c231c33de1) * Fix typos for shouldSkipFileVaultLogin and shouldSkipFileVaultLoginAdmin descriptions #361 [View](https://github.com/twocanoes/xcreds/commit/046aa51a5e5160bb2dfd051dbe14510d1e18b6ac) * Cloud password detection can fail if login form has option to show password #358 [View](https://github.com/twocanoes/xcreds/commit/f045b4323e434a0d0aa4aaaf3cc5ba056d85fb45) * updated build number, manifest and other build files [View](https://github.com/twocanoes/xcreds/commit/97d5b3c9a6bd0fab0b34b18d3cae3fb71f483629) ## tag-5.7(9013) (2025-10-28) * updated js [View](https://github.com/twocanoes/xcreds/commit/91a9e47fddef2ece7f1855f727d4f2793f5ab78c) * updated build number, manifest and other build files [View](https://github.com/twocanoes/xcreds/commit/284ac6f723e68ec0c633a17c4736d94b4324649a) ## tag-5.7(9012) (2025-10-28) * reverted trustedapp code due to bad merge [View](https://github.com/twocanoes/xcreds/commit/f219029e817aa1d549bb863c976a207ed039677d) * updated build number, manifest and other build files [View](https://github.com/twocanoes/xcreds/commit/8a3284cb46559dac26369eb478254e79b5ec4db5) ## tag-5.7(9011) (2025-10-27) * reverted js [View](https://github.com/twocanoes/xcreds/commit/b43685451bb787cc0eb5e1f8c2fa93a275dd62ee) * updated build number, manifest and other build files [View](https://github.com/twocanoes/xcreds/commit/1dfd3d63618f7c01994e4fe7508d883108d24a52) ## tag-5.7(9010) (2025-10-24) * added skip FV as admin pref and implemented [View](https://github.com/twocanoes/xcreds/commit/1bff20ee2a9b0f558e876efb3f46dc161026e22e) * added javascript update issue #358: Cloud password detection can fail if login form has option to show password #358 [View](https://github.com/twocanoes/xcreds/commit/9cabc425bab0a833e12c2fb3c770b5ce4edc1160) * updated build number, manifest and other build files [View](https://github.com/twocanoes/xcreds/commit/fc5a0376860e95f301ff3e0ae160d54b53132a42) ## tag-5.7(9009) (2025-10-24) * fixed default value for shouldSkipFileVaultLogin [View](https://github.com/twocanoes/xcreds/commit/47e2282a3255e27d16c7a3010a0b98d6ab5d97b6) * updated build number, manifest and other build files [View](https://github.com/twocanoes/xcreds/commit/1b5089b1869ae214a5d1591781d10491c1002aa0) ## tag-5.7(9008) (2025-10-11) * updated build info [View](https://github.com/twocanoes/xcreds/commit/ee0b960b4f42df74e90347c3b108da903a072445) * updated build number, manifest and other build files [View](https://github.com/twocanoes/xcreds/commit/9d353132acbfd0096d369f64b0c5cc96163e842c) ## tag-5.7(9007) (2025-10-11) * updated build info [View](https://github.com/twocanoes/xcreds/commit/1a32f1c44d84c64cf661858ec7123a0afeb27cf2) * updated build number, manifest and other build files [View](https://github.com/twocanoes/xcreds/commit/9522d01a296ca20a64a833defd2bdf86b5af5038) ## tag-5.7(9006) (2025-10-11) * updated build script [View](https://github.com/twocanoes/xcreds/commit/7b8c10567ffe64291f02a908246821d6fbedbf94) * updated build number [View](https://github.com/twocanoes/xcreds/commit/106843bb816077f5936c99e78ae3e3793d13bd44) * updated build number [View](https://github.com/twocanoes/xcreds/commit/4d81b4c6d5d41686450ce5c16b091e9543c1c198) ## tag-5.7(9005) (2025-10-11) * changed project name case; minor fix in autofill for nonxcreds user [View](https://github.com/twocanoes/xcreds/commit/302d7efc640e1a37c50d116dbadfe1d5140884df) ## tag-5.7(9004) (2025-10-10) * remove unused image [View](https://github.com/twocanoes/xcreds/commit/23d5d1597b5e33cf5273cd8c672951145d8b9989) * save password to user keychain for local users [View](https://github.com/twocanoes/xcreds/commit/b352e2e349d62c9e784df3136b237bd938616f02) * bump [View](https://github.com/twocanoes/xcreds/commit/3a28398f8f1adcce2ad7ad5bf02e075b6c45f9bd) ## tag-5.7(9003) (2025-10-10) * moved filevaultlogin to main app [View](https://github.com/twocanoes/xcreds/commit/1ab0adfac89e3340d3d32adb174edab038d896bc) * bump [View](https://github.com/twocanoes/xcreds/commit/b4ef828176d23cee17777e2119b35d294bce55ea) ## tag-5.7(9001) (2025-10-09) * fixed build number [View](https://github.com/twocanoes/xcreds/commit/68e5141e5ce00f73dd461a1139d9e1979b3d2c80) * fixed build number [View](https://github.com/twocanoes/xcreds/commit/73f70a0f9cd97aac25992257a39625ed43ed1224) ## tag-5.7(30) (2025-10-09) * set skip install on new targets [View](https://github.com/twocanoes/xcreds/commit/acd16de3fe0cc8f9a902c281a112423980371d37) ## tag-5.7(29) (2025-10-09) * fixed ropg prompting issue [View](https://github.com/twocanoes/xcreds/commit/58633f3a0e5716a154fc31c12a26d282c999ad8b) * fixed build number [View](https://github.com/twocanoes/xcreds/commit/fb82b4096acd045a205ab6347f2a2a0879b31d9c) ## tag-5.7(8992) (2025-10-08) * fixed issue with not prompting and password changing [View](https://github.com/twocanoes/xcreds/commit/a1e5efa2f9b786244f431e5b332b0d1b9384f227) ## tag-5.7(8981) (2025-10-07) * reorged projecdt [View](https://github.com/twocanoes/xcreds/commit/20dbeded4e35e385def5ad612a2a309bf69c6d21) ## tag-5.7(8980) (2025-10-07) * bumped to 5.7 [View](https://github.com/twocanoes/xcreds/commit/917a61d740f358edda392085412d923c4f5909e1) * updated cartfile to use binary [View](https://github.com/twocanoes/xcreds/commit/2a9161c914568370d746d3bed0ab4c2c41cc3cb2) ## tag-5.6(8979) (2025-10-07) * added save to system keychain [View](https://github.com/twocanoes/xcreds/commit/ef40190c5c18394599babbb27264f7228e57a846) * fixed issue setting new password in keychain [View](https://github.com/twocanoes/xcreds/commit/a2f727ac2552c35d4d55315f174b9cc77ff3013d) ## tag-5.6(8978) (2025-09-29) * reverted issue #355 due to keychain prompting issues; removed logging statement [View](https://github.com/twocanoes/xcreds/commit/76517681f918a0f4e9ae59fd7cf309abc47c9ddd) ## tag-5.6(8977) (2025-09-26) * fixed dont replace good password #355 [View](https://github.com/twocanoes/xcreds/commit/22494f104e33afb5d294987f14354055c62523ec) ## tag-5.6(8976) (2025-09-26) * bump [View](https://github.com/twocanoes/xcreds/commit/9bf44ea57ecfcc1dee139ade914e395310ef7fbc) ## tag-5.6(8975) (2025-09-26) * fixed issue with initial login password prompt [View](https://github.com/twocanoes/xcreds/commit/aa1ee07acb2890218331ddb8d69b87a4ccbe9119) * fixed issue with initial login password prompt [View](https://github.com/twocanoes/xcreds/commit/16396110e09d6f1c1f2a05774effa0a408366952) * fixed issue with initial login password prompt [View](https://github.com/twocanoes/xcreds/commit/9f87cb98981d24cd11cbb66db90194b320d24899) * bump [View](https://github.com/twocanoes/xcreds/commit/366f8c4c1c1cc399f890f9a917a8653ddd5a900d) * bump [View](https://github.com/twocanoes/xcreds/commit/3f18acb5cc5378da2e7379f5949fa8b95d68c3bd) ## tag-5.6(8974) (2025-09-26) * fixed issue with initial login password prompt [View](https://github.com/twocanoes/xcreds/commit/aa1ee07acb2890218331ddb8d69b87a4ccbe9119) ## tag-5.6(8970) (2025-09-26) * fixed typo [View](https://github.com/twocanoes/xcreds/commit/91890600eb68f45222fdf5c55e57c2084defc634) ## tag-5.6(8969) (2025-09-26) * updated manifest [View](https://github.com/twocanoes/xcreds/commit/6f1119cbf44bfb4800c5ee5bbbefeedf6d40acce) ## tag-5.6(8968) (2025-09-26) * updated OIDCLite for better ROPG/Entra support [View](https://github.com/twocanoes/xcreds/commit/dd651e2f776ebfc7a5b2c3f8dfe598f4d1570274) ## tag-5.6(8967) (2025-09-26) * fixing error checking [View](https://github.com/twocanoes/xcreds/commit/72459545788c73c41dbb4674cf0f5b48175b0e89) ## tag-5.6(8966) (2025-09-26) * added more error messages [View](https://github.com/twocanoes/xcreds/commit/119277a843f1126855ef68236c398da76c3e8493) ## tag-5.6(8965) (2025-09-26) * added more error messages [View](https://github.com/twocanoes/xcreds/commit/1067d4ab8d380328f9bdd38d4dfee254c215383e) ## tag-5.6(8964) (2025-09-25) * updated manifest with max and deprecated [View](https://github.com/twocanoes/xcreds/commit/8ce9ebf3de98fc0bf69ebbd6efd6f1f93045cac1) * resolved issue #355 dont replace good password [View](https://github.com/twocanoes/xcreds/commit/f03a810a964671a012661d094f96a4e2e66d785a) * [Feature Request] Better handling of deployment to FileVault-enabled laptops #354 [View](https://github.com/twocanoes/xcreds/commit/eda1f963313b6d9e0f820e24f44e82fdbc81b426) * Clarify manifest #352 [View](https://github.com/twocanoes/xcreds/commit/b6f367d206bfdc68b027bcdc446a63ba244d5693) * [Feature Request] Add an extra line or two in the UI for resetPasswordDialogTitle #350 [View](https://github.com/twocanoes/xcreds/commit/2446f9936e2b823ee07c348f7a3cb5bf2123afb3) ## tag-5.6(8963) (2025-09-23) * bumped [View](https://github.com/twocanoes/xcreds/commit/b24eee69e9ebd29cf9b6a32a5b00322aaae9fbc7) * updated profile with fixes when getting ready to submit [View](https://github.com/twocanoes/xcreds/commit/92fd8dfbfdd080e26213888bcdba4bff387ebbc1) * fixed issue with tahoe 26.1 [View](https://github.com/twocanoes/xcreds/commit/4b98046158426b12014d4ec1d791924513d86a97) * cleaned up test code [View](https://github.com/twocanoes/xcreds/commit/17218d01f5cebb033a261aea8ce37599af70ba13) * more cleanup [View](https://github.com/twocanoes/xcreds/commit/c1215216a9e914ad51950429d4ce4b6a4d8dac81) ## tag-5.6(8920) (2025-09-11) * bumped build to 9000 [View](https://github.com/twocanoes/xcreds/commit/6cabaa338c049d6887d23f466e42bca7d4e4850a) ## tag-5.6(8919) (2025-09-11) * only show id token in log [View](https://github.com/twocanoes/xcreds/commit/e8d94102eb8663186e1706acc109ef2656a6b48d) ## tag-5.6(8918) (2025-09-11) * fixed issue with select account in AD [View](https://github.com/twocanoes/xcreds/commit/3e378272a36162c0b35838dce0bcdc0fddad5783) ## tag-5.5(8916) (2025-09-11) * added logging statement [View](https://github.com/twocanoes/xcreds/commit/f530f1e07f1e6fe70c13b695591851244d7e5e3d) * fixed keychain password reset moving keychain aside issue [View](https://github.com/twocanoes/xcreds/commit/a4d2d6f0dce8820be0b4926371bd915b1e59f6d0) * bumped [View](https://github.com/twocanoes/xcreds/commit/7ea958960354fdf6fc119b39eaf92911f8e18767) ## tag-5.5(8915) (2025-09-11) * added logging statement [View](https://github.com/twocanoes/xcreds/commit/f530f1e07f1e6fe70c13b695591851244d7e5e3d) ## tag-5.5(8914) (2025-09-10) * fixed min version [View](https://github.com/twocanoes/xcreds/commit/8a9150af3dc3265b41d054e2cdb63d28fca3ee47) ## tag-5.5(8913) (2025-09-10) * reverted password js [View](https://github.com/twocanoes/xcreds/commit/87e876a60d6cc29157db2c303fd73ddcbaab7a0e) ## tag-5.5(8912) (2025-09-09) * updated javascript to get password [View](https://github.com/twocanoes/xcreds/commit/330746ca5ba691cf8c3bd843941ea1b264ab876b) ## tag-5.5(8911) (2025-09-09) * skipping refresh if typing detected in last 30 seconds [View](https://github.com/twocanoes/xcreds/commit/132b5981ade67143236baadf45310fa50b1ef7a5) ## tag-5.5(8910) (2025-09-09) * reverted un/pw to last release [View](https://github.com/twocanoes/xcreds/commit/287baf8add86a691a5a64a2a2a3abc30d768922d) ## tag-5.5(8902) (2025-09-09) * fixed image on un/pw window [View](https://github.com/twocanoes/xcreds/commit/b0dda03afe0bfd78aeee2fcba9a3f70d3a5c9b58) ## tag-5.5(8888) (2025-08-29) * updated login window appearance [View](https://github.com/twocanoes/xcreds/commit/e4fb55901cc7b0603f3ee919a1cccb7c7ee8d3e2) ## tag-5.5(8832) (2025-08-28) * fixed regression when login window not showing [View](https://github.com/twocanoes/xcreds/commit/7086af2af4ae81ed062a72eb5f3f25e5432e25b6) * bumped [View](https://github.com/twocanoes/xcreds/commit/fa11aba4723f64fe302b5f05667d0f45568bfd2b) ## tag-5.5(8831) (2025-08-28) * updated manfest; added refresh after wake [View](https://github.com/twocanoes/xcreds/commit/6a95b84a0961f805471003c95a56d302eab6df8b) * updated versioncheck to use framework [View](https://github.com/twocanoes/xcreds/commit/b2773d2b276e53a50ff70a104628ed4bae7d8263) * changed manifest version [View](https://github.com/twocanoes/xcreds/commit/607aabcc0d53be3239d956c7665d659b209805d3) * bumped [View](https://github.com/twocanoes/xcreds/commit/91c2decb24719eed16904d06ef650bc7aee5658e) * changed build script to check git earlier [View](https://github.com/twocanoes/xcreds/commit/cf7ef53ec75238ef82ba91d1884285ab63ba3b0c) ## tag-5.5(8786) (2025-08-24) * cleared up warnings [View](https://github.com/twocanoes/xcreds/commit/26ae43b58002a37e22ae2f2120a0ca2fb835228a) * cleaned up logging a bit [View](https://github.com/twocanoes/xcreds/commit/a4f9377255b15782b625de9ea9b9cf865a9a40ac) ## tag-5.5(8780) (2025-08-22) * bumped version [View](https://github.com/twocanoes/xcreds/commit/83234752970d91eddc8389e2588efa06ae4b1c16) ## tag-5.5(8779) (2025-08-22) * put in pref to reload page [View](https://github.com/twocanoes/xcreds/commit/0f3d2574881ff3c3324abc2732cf97cec9cd774f) * added in more logging [View](https://github.com/twocanoes/xcreds/commit/d841927cc8fcc869f70b6061ac97c36ec595be63) * fixed hanging issue [View](https://github.com/twocanoes/xcreds/commit/1e412b6b855c991e23b9dcbb2cd8ef5f1059f8de) * wip [View](https://github.com/twocanoes/xcreds/commit/b6d81607cf0782c5ce5ba3070fce8b06298fc01b) ## tag-5.5(8776) (2025-08-20) * wip [View](https://github.com/twocanoes/xcreds/commit/c1efd367be841bfea1d761a34ff7ee4a84925b34) * added license activity and more logging [View](https://github.com/twocanoes/xcreds/commit/81832d95502c09fc3f1e0a90252c8d43640ca7f0) ## tag-5.5(8771) (2025-08-13) * added new key to skip user setup buddy and code to do just that [View](https://github.com/twocanoes/xcreds/commit/85cc848d248169ed2e98abad34b8cf5380f2d078) ## tag-5.5(8769) (2025-08-13) * fixed utf8 password encoding for keychain [View](https://github.com/twocanoes/xcreds/commit/1ebdc5b5015e3d2cf37c4e8c8e3d86969a5c95f6) ## tag-5.5(8757) (2025-08-12) * added check for first login for local user [View](https://github.com/twocanoes/xcreds/commit/f22d82c665a42cae6865311bbdb61220b1217813) ## tag-5.5(8742) (2025-08-12) * made progress indicator a bar at top [View](https://github.com/twocanoes/xcreds/commit/c2a1f0ee45757dbeb9d0597cf6cec7a2f830dbe5) ## tag-5.5(8729) (2025-08-12) * wip [View](https://github.com/twocanoes/xcreds/commit/bc286b3a89f014b42dabe36162b8eebc9c9614ed) ## tag-5.5(8728) (2025-08-12) * more fix for black screen [View](https://github.com/twocanoes/xcreds/commit/fb1da0ac91617eded0e59125fe679a176d6fece9) ## tag-5.5(8722) (2025-08-12) * fix for black screen [View](https://github.com/twocanoes/xcreds/commit/953502857ad759c21b7ae87e632a5be7ef351354) ## tag-5.5(8716) (2025-08-11) * wip [View](https://github.com/twocanoes/xcreds/commit/6f843b7e66d95abb7b9289692fa015ce1f330ea3) ## tag-5.5(8715) (2025-08-11) * wip [View](https://github.com/twocanoes/xcreds/commit/88b2483eb0571564a654da14ec79ecbfc76b81d8) * added dont hide background during first login [View](https://github.com/twocanoes/xcreds/commit/52652451a66afa078d63ce0ca16649b1a347bd29) * wip [View](https://github.com/twocanoes/xcreds/commit/af4fba25331e3b9cc06a1fbcc40762fd68811f3d) ## tag-5.5(8710) (2025-06-27) * fixed #340: [Feature Request] XCreds should use shouldUpdateKerberosUserPrincipalADDomain "here" [View](https://github.com/twocanoes/xcreds/commit/447ad1aabee7acc143fd6d44433c066a5ced11f4) ## tag-5.5(8709) (2025-06-08) * refactored local oidc first login [View](https://github.com/twocanoes/xcreds/commit/d284da29d764bcbb1c441764a2d9a7482c8c83d0) ## tag-5.5(8696) (2025-06-07) * fixed window showing briefly when force showing but valid credentials [View](https://github.com/twocanoes/xcreds/commit/017ae28f66ec765dba3988311d5c9662ad0b9ae7) ## tag-5.5(8694) (2025-06-07) * fixed issue with oidc username and ropg [View](https://github.com/twocanoes/xcreds/commit/41d6bea7e5db91a90dce3417101e0d47762ba7ca) ## tag-5.5(8686) (2025-06-07) * updated to use oidc_username from prefs if not in DS when checking for token refresh [View](https://github.com/twocanoes/xcreds/commit/f2b7843941f1c7e32dc704a4a7129e50a7e67591) ## tag-5.5(8685) (2025-05-27) * release notes updated [View](https://github.com/twocanoes/xcreds/commit/e6c3fc85dfc308afbddd0e4a321cc936ef6034f9) * fixed default values on new keys [View](https://github.com/twocanoes/xcreds/commit/5862dc8745f45e82dba2b345cdaa60588a5bb0bc) * fixed type in profile [View](https://github.com/twocanoes/xcreds/commit/b579c67d13373fe8cbf69045071e9272d66a4717) * added new pref for primaryGroupID [View](https://github.com/twocanoes/xcreds/commit/af1fffb58e9a3faf18e3b8dd9cb4618ae7fa4bf8) ## tag-5.4(8684) (2025-05-12) * shouldLoginWindowSecondaryMonitorsBackgroundImageFillScreen does not change background #323 [View](https://github.com/twocanoes/xcreds/commit/3965c4080826b61207746990832eac3219cac04f) ## tag-5.4(8683) (2025-05-09) * fixed secondary fill [View](https://github.com/twocanoes/xcreds/commit/6dcb759f10fd66407c670d8ad2b579d4a8680ae0) ## tag-5.4(8681) (2025-05-09) * Clarify AD native password change textbox label #333 [View](https://github.com/twocanoes/xcreds/commit/b73ec3183ff1da878d9c86ab2de308dfe3de6106) * Restore manifest format requirement for passwordChangeURL #332 [View](https://github.com/twocanoes/xcreds/commit/ee516abdcfb2095fa8b391964d6ef9b6253abba1) * shouldLoginWindowSecondaryMonitorsBackgroundImageFillScreen does not change background #323 [View](https://github.com/twocanoes/xcreds/commit/8488385fa8b6b82df19835182e3cefb84f8fb0a7) * shouldLoginWindowSecondaryMonitorsBackgroundImageFillScreen does not change background #323 [View](https://github.com/twocanoes/xcreds/commit/3847c54fa3ec2b0ebbdd5f00751308a935dd28f6) * Update default background image urls #335 [View](https://github.com/twocanoes/xcreds/commit/7d80f4f8ce31f6683750b864ec16cd7b104bfbfc) ## tag-5.4(8653) (2025-05-07) * AD user is prompted by menubar app for prior local password #321 [View](https://github.com/twocanoes/xcreds/commit/a6e841536eda9b83057dfaeac58bc94f6f76767a) * passwordChangeURL has error when http not present in url #331 [View](https://github.com/twocanoes/xcreds/commit/6db87c2c5a7b5b486464334e0ed4e251617552a4) * Local Login Window Logo #329 [View](https://github.com/twocanoes/xcreds/commit/68cbec0df62fa9175cfdc41c0a2c473549bdc694) * Update manifest pfm_version #330 [View](https://github.com/twocanoes/xcreds/commit/2b95ecd9959cc39985d4a58ff7cd62032cf55f68) * system info button does not stay open #322 [View](https://github.com/twocanoes/xcreds/commit/8db4c9ad197a9e5924fca2522cfbfce6755338ec) * shouldLoginWindowSecondaryMonitorsBackgroundImageFillScreen does not change background #323 [View](https://github.com/twocanoes/xcreds/commit/b2590373800701f77458ecb55a34d0d4c73176c7) * Alias is not used at UNPW login screen #325 [View](https://github.com/twocanoes/xcreds/commit/eda83890c62d0b5ecf05829513b40934fac1bf3f) * fixed typo [View](https://github.com/twocanoes/xcreds/commit/d984e5bfadd5a6874f10d69e9c3cb110bbd6c17d) ## tag-5.4(8642) (2025-05-06) * if logo is blank string, then remove logo [View](https://github.com/twocanoes/xcreds/commit/1f27e8a33be254c787f4a23548a80e99d8d0762f) * if logo is blank string, then remove logo. loginWindowLogoPath, that is [View](https://github.com/twocanoes/xcreds/commit/ede08957505033d433d9e1990f6343fc1076b654) ## tag-5.4(8640) (2025-05-06) * fixed schedule issue where change in kerberos password prompted for local password at next check [View](https://github.com/twocanoes/xcreds/commit/fdb717d1b9a046bd9972c0986c15343bcf84d01b) ## tag-5.4(8638) (2025-05-06) * fixed crash when changing AD password; made focus on password; fixed main window opening when password changing password fails [View](https://github.com/twocanoes/xcreds/commit/b6dd18a996bb585c5ff22827629fae51b950504e) ## tag-5.4(8631) (2025-05-05) * fixed small issue where error caused ui to not reset [View](https://github.com/twocanoes/xcreds/commit/36d45a2a989067ab65e40681b2eee829cf5140b5) ## tag-5.4(8628) (2025-05-05) * fixed password reset for AD [View](https://github.com/twocanoes/xcreds/commit/39c84e7e42b29a7a06cf419f2a6b1780659d372a) * fixed password reset for AD [View](https://github.com/twocanoes/xcreds/commit/5fd09a6bfdba319c30f6cce5b6418d90e107f058) ## tag-5.4(8608) (2025-05-04) * fixed encoding issue in ropg in oidclite [View](https://github.com/twocanoes/xcreds/commit/31fd85a5da8edf2cf19ef446d6104bf1ef58d863) ## tag-5.4(8607) (2025-04-30) * added support for array of aud in json [View](https://github.com/twocanoes/xcreds/commit/986c1f79196684f6b4e0dda1ca0c0db5e0caf8c8) ## tag-5.4(8605) (2025-04-15) * Add "Reset Password" option to menu for AD password reset #320 [View](https://github.com/twocanoes/xcreds/commit/cc0096ac31389f7d786e9e1abc8592f80d4064a2) ## tag-5.3(8604) (2025-04-13) * fixed issue with error message when no network connection [View](https://github.com/twocanoes/xcreds/commit/18dc4493671746723ff49f47383c3904ccbc33f2) * fixed User is asked twice for local password after a reset #319 [View](https://github.com/twocanoes/xcreds/commit/648601535ebcfacb6712a1f2bf5f000bf4ddd88e) * fixed Update manifest default for shouldShowQuitMenu #315 [View](https://github.com/twocanoes/xcreds/commit/292b7a5286bfd5a8926345a73ef4bcde87d5a5d1) ## tag-5.3(8579) (2025-04-04) * fixed password reset in AD when account is requiring password reset [View](https://github.com/twocanoes/xcreds/commit/42ac2733731c7e5a47e3a1c7237b40b345fed3be) ## tag-5.3(8578) (2025-04-04) * fixed issue with admin override in AD login [View](https://github.com/twocanoes/xcreds/commit/839fdbc1f165a7a33bd9c6c3eab45799c1e205e4) ## tag-5.3(8577) (2025-04-04) * fixed issue with WebViewController not showing text from defaults for refreshTitleTextField [View](https://github.com/twocanoes/xcreds/commit/41c48f016e2e6c6eeff7604fd11407fefbc0bdaa) ## tag-5.3(8576) (2025-04-03) * fixed password setting in keychain when AD password changed [View](https://github.com/twocanoes/xcreds/commit/f9abe96208420aa1cdaffb13fed9da4ced408500) ## tag-5.3(8566) (2025-04-03) * fixed extra prompt when changing password and not updating local passowrd; slight change of order of menu items [View](https://github.com/twocanoes/xcreds/commit/ecfb9d05245b7c1a2ebbb291cd68d2d435455373) ## tag-5.3(8562) (2025-04-01) * fixed pixelated refresh button [View](https://github.com/twocanoes/xcreds/commit/d6d53aee3e3e9073bfd6e906b4baed14c57b48da) ## tag-5.3(8559) (2025-03-31) * added shouldRemoveMenuItemAutoLaunch to remove menu item autolaunch launchagent [View](https://github.com/twocanoes/xcreds/commit/e3469a6ef003fc3e69f3ed9dc106dbb9b79af9b2) * update gitignore [View](https://github.com/twocanoes/xcreds/commit/2dd18baaa183a44b1d01101552e10cc0228d6038) * update gitignore [View](https://github.com/twocanoes/xcreds/commit/581146a9b4dca00102756e36f16fc1ad610ce4fc) ## tag-5.3(8558) (2025-03-30) * added new pref to update kerberos principal if principal domain is not the same as the addomain. shouldUpdateKerberosUserPrincipalADDomain. [View](https://github.com/twocanoes/xcreds/commit/2d0d90f2f2e155bfd5288ce99cec8582e16e972d) * fixed centering of logo [View](https://github.com/twocanoes/xcreds/commit/3696dca7aedda26bf2f947c5a80b6433b3255a81) * wip [View](https://github.com/twocanoes/xcreds/commit/53739ef047c22cd765aeb242cefa53c12a14f5b2) * logo resizing. now default 128x256 [View](https://github.com/twocanoes/xcreds/commit/9b16f2ad29089c56e768d7e720440f3ffbdafcb5) * made password have focus for local username / password when incorrect password [View](https://github.com/twocanoes/xcreds/commit/0de7ba06169a555f5ff4fbd1bf6cf40655897201) * added version check [View](https://github.com/twocanoes/xcreds/commit/f92ea603c537ac3b14011254c51c51005e35de6f) * fixed crashing issue due to timer show window not on main thread [View](https://github.com/twocanoes/xcreds/commit/f4abf8dcbfbe0d2b6cda9f0ed1e698731fece383) * fixed crash due to main run loop and UI [View](https://github.com/twocanoes/xcreds/commit/94da4dab380e96b056f5a70af53e0b8d445a2311) * added shouldUpdateKerberosUserPrincipalADDomain to manifest [View](https://github.com/twocanoes/xcreds/commit/b19d703db188700e6ec18518f2759520631cc00a) * fixed kerberos message in menu; updated Sign In to open sign in window [View](https://github.com/twocanoes/xcreds/commit/44e8df7f82fd817e0b132796cf06386b87ae1baa) * added sample profile for cloud + AD [View](https://github.com/twocanoes/xcreds/commit/4bba49ebf5f70841b0f0dfec3ab069b8db019809) * updated ropgResponseValue [View](https://github.com/twocanoes/xcreds/commit/e100d0dfe3270e4ce90b60cd9faf5a94e0a41029) * fixed placement of additional menu items and added app icon as default icon in UN/PW window [View](https://github.com/twocanoes/xcreds/commit/4a85b8b805a8c0cd70104294db9ced0851f94cdb) * added sample icon for un/pw to target show it actually shows [View](https://github.com/twocanoes/xcreds/commit/6b61b2e72eccd5353ead43a66213f383ad6a440b) * better updating of screen after refresh and rounded corners [View](https://github.com/twocanoes/xcreds/commit/549dfbd1ba9612cb275225907e99c04b4f17c0a4) * added a bit more spacing to the UN/PW top and bottom [View](https://github.com/twocanoes/xcreds/commit/1a0eb33ae5c262fba3d4df8199d54847132ceadf) * added icon for UN/PW to menu native control login [View](https://github.com/twocanoes/xcreds/commit/31335f46b6521bc65154e606744012187f84ecb6) * localized dates [View](https://github.com/twocanoes/xcreds/commit/fd6ed325fd0405b71eedfa53d11b826a44e077ce) * checkpoint [View](https://github.com/twocanoes/xcreds/commit/a19a9cb3875f5206eda42866db775e8e6f8d9d95) * refactored locked out account code [View](https://github.com/twocanoes/xcreds/commit/2d1877dafd9b853a31e4037afb406e734769cc9e) * Fix manifest description for shouldUpdateKerberosUserPrincipalADDomain #312 [View](https://github.com/twocanoes/xcreds/commit/c1acde6209f01aba15b95c7fc704150b89298198) * Change default for shouldShowQuitMenu #311 [View](https://github.com/twocanoes/xcreds/commit/684dcae78476d8d99f866eaae7117773c39ae353) * Manifest fixes #310 [View](https://github.com/twocanoes/xcreds/commit/2d4cc560c969738febfda6eec12ba0ae581d93db) * wip [View](https://github.com/twocanoes/xcreds/commit/c743752a30a01a97de3c1c418c2ccb21e01a7f81) ## 5.3.8427 (2025-03-24) * added kswitch after getting kerb credentials [View](https://github.com/twocanoes/xcreds/commit/4a7b39fdabdbc7132fd80b9dfe98e899beef1367) * moved settings to project level [View](https://github.com/twocanoes/xcreds/commit/feb35883a9bad95300809732e9051913bf2b848e) * added ability to recover from locked account [View](https://github.com/twocanoes/xcreds/commit/f63acb2717da18937ef02f9b417d5e730b4991db) * removed password prompt as root when installing [View](https://github.com/twocanoes/xcreds/commit/60348cec0aac6c9271a9a82a426335205c809451) * Customize Dialog #306 [View](https://github.com/twocanoes/xcreds/commit/7c7c181a2adec01e6512abec5a67aade11685658) * updated manifest [View](https://github.com/twocanoes/xcreds/commit/93299970d0fcb4174eda069fcb57fdb212830aef) * fixed up manifest for standard descriptions [View](https://github.com/twocanoes/xcreds/commit/9188605c012b0d357b85d3045a3c496b828a17e6) * fixed shadow and login artifacts from background [View](https://github.com/twocanoes/xcreds/commit/94e86beb32ff999629e06eabbb3b276c23c007c1) * Okta sometimes uses only two passwords fields [View](https://github.com/twocanoes/xcreds/commit/ab9bd57c45191b192316fedbf0bbb0eb7d7c5886) * add loginWindowSecondaryMonitorsBackgroundImageURL and friends [View](https://github.com/twocanoes/xcreds/commit/35992456f6d4af37ab55e616ffd8b02d03fb5bec) * fixing updating kerberos password [View](https://github.com/twocanoes/xcreds/commit/a678fa4162b6635ade60fe9b7087d02ece87e836) * redid timers and network check [View](https://github.com/twocanoes/xcreds/commit/3c1f7957edfc6c7add7926c936716932ba9204a0) * integraetd updated OIDC package [View](https://github.com/twocanoes/xcreds/commit/64087a69ca4dc8c2621e5ae03a6f4784d1168c09) * set timestamp for last oidc user in DS to use as reference to not prompt on menu item launch [View](https://github.com/twocanoes/xcreds/commit/dcc7decc8f415b0cbd85e8fef2f615b4db9200b9) * added test to prevent lockout if invalid password [View](https://github.com/twocanoes/xcreds/commit/d06eaa20e3fdcd575ec4183d524b9c3046a647cd) * fixed date parsing because OMG dates [View](https://github.com/twocanoes/xcreds/commit/a8e851e886f87d859154680249afbff0d10c7297) * updated manifest [View](https://github.com/twocanoes/xcreds/commit/0bdb0985ee3815cbf5f5e7bec78266c4db4a05bd) * changed background color to white from black to make alpha look better [View](https://github.com/twocanoes/xcreds/commit/c798feb61aff207c5db5669f2b2567c32e266a58) * adjusted colors; added autolaunching and keepalive [View](https://github.com/twocanoes/xcreds/commit/8265203df1d5c865dc9e27cf6cafa3eeadf5fd69) ## 5.2.8270 (2025-02-04) * fixed issue with admin username / password in prefs/override script [View](https://github.com/twocanoes/xcreds/commit/b682714b27b2ab602b9fe463b10398e9551e113f) * fixed issue with detecting network is up [View](https://github.com/twocanoes/xcreds/commit/5a4ce888550faf503b92031f915adb99efd8e3d0) * fixed issue with shouldDetectNetworkToDetermineLoginWindow [View](https://github.com/twocanoes/xcreds/commit/b1d0997d2505f0ea12509e71eafe591191097317) * put files under scm [View](https://github.com/twocanoes/xcreds/commit/0127a523a7b93963b3e63e595d857632d7d851a0) * fixed issue where popover cant be closed [View](https://github.com/twocanoes/xcreds/commit/2f723e87357ccf7e058af698bf4fed636d36b0c7) ## 5.2.8251 (2025-01-29) * fixed issue with mapping kerberos domain; fixed local admin override in local secure store [View](https://github.com/twocanoes/xcreds/commit/1c14b7732cca9ba73479de78608e5d15cec28815) * show popover on start [View](https://github.com/twocanoes/xcreds/commit/2be2614507b02ceac516b5f5b10c9218f8abe214) ## 5.2.8214 (2025-01-27) * added rfid [View](https://github.com/twocanoes/xcreds/commit/3dc09cf436901e019c793809827114649882688d) * added rfid [View](https://github.com/twocanoes/xcreds/commit/def4a61c03e67427efc7505fdf4ca6d8927b582f) * wip [View](https://github.com/twocanoes/xcreds/commit/1baa7e0b06e99ddf39bde1729463fdbd9252e95c) * wip [View](https://github.com/twocanoes/xcreds/commit/176bbc4fd7a39a68ce667c9ceb7f9c17d5c245b6) * added user db [View](https://github.com/twocanoes/xcreds/commit/e6d522e58ed381ce6fbf0733058ab283a0810816) * added new mech to read from user db [View](https://github.com/twocanoes/xcreds/commit/d056914e22ba304ce046a0a7f77653c3c224b49f) * cleanup [View](https://github.com/twocanoes/xcreds/commit/150b38b370203e6f80d9009b93a4b1ae6956c4f2) * fixed issue with nsarchive class names [View](https://github.com/twocanoes/xcreds/commit/87720b18808bc8e0b3e14073236d7db859838be5) * implemented rfid user and local admin hints [View](https://github.com/twocanoes/xcreds/commit/f4e487d646c17d1de13d829028869ee4f3342558) * added login with rfid and local admin keychain overide with secure users [View](https://github.com/twocanoes/xcreds/commit/c435e58909f9c40152762a2f82011fd9665d95e9) * added uid and full name to RFID login [View](https://github.com/twocanoes/xcreds/commit/75c495e5826426d5968e1c695e437eb014e4a5d5) * wip [View](https://github.com/twocanoes/xcreds/commit/1749e419ce6fd94d7a68d1ee09b64b1a1e676024) * bumped to 5.2 [View](https://github.com/twocanoes/xcreds/commit/a679ab589677317ac59656d92ac86ca3d4001e16) * added -r to allow registering of CTK extension as root [View](https://github.com/twocanoes/xcreds/commit/90c16ec1e82f2ecae8ff00de72967ce3dc8b1e3b) * updated rfid user passwords and updated network up test code [View](https://github.com/twocanoes/xcreds/commit/5d9cc6ace5e3a049d33614b0f2d00414af289c07) * cleaned up login window switching (mac native to xcreds) [View](https://github.com/twocanoes/xcreds/commit/d2d899cb44c6f2b5ff6bc4feceda89fc4e8b2bd1) * added command line rfid tools [View](https://github.com/twocanoes/xcreds/commit/3fa642be5765ff604c37233ccfde586a1fdc9ba5) * removed debug output [View](https://github.com/twocanoes/xcreds/commit/4a2c2bf0546129edf184c8b190d6d85d2a7cc2bd) * added command line status output [View](https://github.com/twocanoes/xcreds/commit/f1bc9cda39860ac47553b229ce0c99bdd34246aa) * WIP [View](https://github.com/twocanoes/xcreds/commit/d9412e052ac9010da4a41a057d3ab472ccdfacb7) * added subdomain support [View](https://github.com/twocanoes/xcreds/commit/35c207ac1e5f245588748bfa8819e387537e887e) * added sample profile [View](https://github.com/twocanoes/xcreds/commit/5d9ffcf8ac94e72aa00310b6897c6a5400d8c8fd) * cleaned up sample profile [View](https://github.com/twocanoes/xcreds/commit/624c3aa4cd94d6b86be588e1a7cd0ebaff60fc48) * updated build number [View](https://github.com/twocanoes/xcreds/commit/ae1cfbb2e84c104d62b241d556b6248d9d7bd82b) * fixed kerberos ticket for subdomain [View](https://github.com/twocanoes/xcreds/commit/6fd54132170b81e1d9557695e01b8c85757c861f) * added upn mapping and sample profile [View](https://github.com/twocanoes/xcreds/commit/1815d083d6527ac1bc18feaaa819dcd4114afa3b) * added ability to setup card login [View](https://github.com/twocanoes/xcreds/commit/a61f68db298bc99fffff94b1d283d9610d18c1a0) * card login [View](https://github.com/twocanoes/xcreds/commit/0f0dc00cac287bda240890028c9d63f51fdc2f88) * local admin in new security db [View](https://github.com/twocanoes/xcreds/commit/1488e41441e034407735c83ddf96e4febfdb9a08) * issue #287 Add AdditionalADDomains to manifest and issue #290 Checkbox for Offline Authentication needs association with label [View](https://github.com/twocanoes/xcreds/commit/08b0b9c5beb977272fa2851f16c536ca71902f21) * Typo in CLI help description #283 [View](https://github.com/twocanoes/xcreds/commit/4dd27c3366230827fd3665876cc697d7814edf19) * Update manifest with min version info for new keys #284 [View](https://github.com/twocanoes/xcreds/commit/1cd63e4d2a6d782482f609ac7682591758d7c65d) * Add command line option for clear single user #286 [View](https://github.com/twocanoes/xcreds/commit/43c395c11529399fd23d19a2b3623da121d997fd) * wip [View](https://github.com/twocanoes/xcreds/commit/36c851d3b49ffbef432cb5961519fc9bfb6a177d) * Resolve issue with secrets.bin file #285 [View](https://github.com/twocanoes/xcreds/commit/9b8d90b0135f0d0fa2c0966cb74e5a6e9aa73988) * mailto: links in XCreds menu #282 [View](https://github.com/twocanoes/xcreds/commit/934aacf3cdad58882e056bbd777626f1be3603af) * added error message when inserting to wrong reader [View](https://github.com/twocanoes/xcreds/commit/8a13f936c4eda738f689a462b1d5d16e614a4144) * added setting pin fix for rfid card [View](https://github.com/twocanoes/xcreds/commit/e69995fdeb71d0a7ac0f0b3f037c9540f72de31b) * added Auth0 sample profile [View](https://github.com/twocanoes/xcreds/commit/2b3a57ea2140b4720fe3d5de512109e7d95c6eda) * typo fixed [View](https://github.com/twocanoes/xcreds/commit/c793b18f39c86be28cf495856f6718e036def96e) * made provisioning login card dynamic [View](https://github.com/twocanoes/xcreds/commit/603093cf2883a1bc22ab072885213bbaa103a4e4) * Typo in manifest for shouldAllowLoginCardSetup #296 [View](https://github.com/twocanoes/xcreds/commit/23622455bcbd76c5a3d72cc5421f8d5ec62c8d9a) * Typo in description for upnSuffixToDomainMappings #295 [View](https://github.com/twocanoes/xcreds/commit/4341b339eabfa7e93cc4eb0df4a23d25092cfbd2) * Error parsing some csv files for cli user import #293 [View](https://github.com/twocanoes/xcreds/commit/2b6b4aff0d035d62400b0cc5e0461ce26a93ac35) * Typo in description for upnSuffixToDomainMappings #295 [View](https://github.com/twocanoes/xcreds/commit/802c67f68db7a493e072138a9c211f9d640f956a) * Show/hide "Setup Login Card" checkbox #292 [View](https://github.com/twocanoes/xcreds/commit/0ff9d544a9915fb96ef4309dcfd562a15b6c2d9e) * added more command line options; added more status update options [View](https://github.com/twocanoes/xcreds/commit/6e8ed3fd474230bd1663144b2bb3332c5220b263) * cleaned up cli output [View](https://github.com/twocanoes/xcreds/commit/1b222e4b36e7000bb2ba0b6f4c4fc89b74ef9b0a) * changed target name [View](https://github.com/twocanoes/xcreds/commit/9280d9e1a3a9d66b68f6a3ad19e0a7c4c5b6f16c) * Fixes for command line output #298 [View](https://github.com/twocanoes/xcreds/commit/49f90c20690a6204bd05e4b427b35cbadc412702) * fixed issue with blank screen with multiple monitors; added background to multiple display setup [View](https://github.com/twocanoes/xcreds/commit/e7995c6b7905e0557106842527d290fea61cee9d) ## release-5.1 (2024-10-27) * Manifest default for ropgResponseValue needs change #279 [View](https://github.com/twocanoes/xcreds/commit/150d63efb8b8159c41182d1c7278676b0432f39d) * fixed linking issue; fixed artifacts showing during FV passthrough [View](https://github.com/twocanoes/xcreds/commit/7f8d8594c658602f40bd954c142288952f816515) * fixed issue with productlicense framework [View](https://github.com/twocanoes/xcreds/commit/ff69ec573dad335dbd3604bb51e270ab26e49e64) * changed shouldActivateSystemInfoButton to no by default [View](https://github.com/twocanoes/xcreds/commit/d975c6347451108185beac2dfb530cdbbafad3fe) * bumped version [View](https://github.com/twocanoes/xcreds/commit/193e6b033aed7d4067190359acc5f6a01acad9b6) ## 5.1.7250 (2024-10-22) * updated readme [View](https://github.com/twocanoes/xcreds/commit/4f27ddcd3d2a3a8e47f51a40a7631a7bf3343d88) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/e99abc0bb097c042f0ce0283547045ec1916db63) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/70082e7da4df6b71284735eb788b992df4c8ca40) * Add Okta example profile [View](https://github.com/twocanoes/xcreds/commit/02d1538cc004121ec610f7604e4ad3ac36a2ced9) * Update example profiles for identity provider settings [View](https://github.com/twocanoes/xcreds/commit/90e753b95094ce7004b9afd3f33bc1fab41a0df7) * Add example profile for change app settings [View](https://github.com/twocanoes/xcreds/commit/4d678af8f5bc765a1afeff561b5beb4bbdd668ee) * add encoding for special characters to tokenmanager [View](https://github.com/twocanoes/xcreds/commit/73aa03134cf7287353be41be6f74d0763fd07ad5) * fixed menu app password verification [View](https://github.com/twocanoes/xcreds/commit/eaf319e143d9b6d25270981c7acb0f050506902b) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/d3322b7498584bf9dee1b9120cc25049b724eefe) * updated map for full username [View](https://github.com/twocanoes/xcreds/commit/219fdde8358bf5c9a56fb323d898538a222cb946) * updated release notes [View](https://github.com/twocanoes/xcreds/commit/f5e583d16706ede019ef35ba9d0575bfcefed61e) * updated manifest version [View](https://github.com/twocanoes/xcreds/commit/e665d9312578a3ef37ffee8eeab1356f923eb446) * updated manifest version [View](https://github.com/twocanoes/xcreds/commit/a621ee74c9955018457b56d1ecc6b14e5eca6dbd) * added showing 14 day notice when license expiring; fixed tab navigatin [View](https://github.com/twocanoes/xcreds/commit/bdaaf6ae293f9db5304aded0f5a1c243848e3f81) * bumped version number [View](https://github.com/twocanoes/xcreds/commit/404b4514a4a6d2e4fb78a25f908b2136a6af457c) * added more logging [View](https://github.com/twocanoes/xcreds/commit/e4c539bc2965460d875d33c7d82087b83a2a8dde) * updated sample config profile [View](https://github.com/twocanoes/xcreds/commit/41380808a82fa192f5d5cf4aeceb2f9cc27bb7db) * Provide ability to override status popover with own info #241 [View](https://github.com/twocanoes/xcreds/commit/b8e83b01f362bf80d42716e2bfb48ba04bbd5bec) * Error dialog rendered twice for passwordElementID warning #263; User login restriction dialog rendered twice #262 [View](https://github.com/twocanoes/xcreds/commit/178045607aaf81f0a199c21b820d12ea9fa758d4) * Add key to popup system info by default #273 [View](https://github.com/twocanoes/xcreds/commit/a10cfb0526b9544f545ad65d7a42087c5bc6e355) * added support for Azure ROPG [View](https://github.com/twocanoes/xcreds/commit/a476aaddcf76ae6f429122fd7053d7ed44bbde36) * make autofill registration async [View](https://github.com/twocanoes/xcreds/commit/3372de1f42d211aacbc5caf6fc4ceb5c570a02b7) * added better handling of license issues [View](https://github.com/twocanoes/xcreds/commit/c53b086c335d97a601b4506b047ebf476d7ecafe) * Mouse Disappearing on XCreds Login Screen #272 [View](https://github.com/twocanoes/xcreds/commit/49c7adac7617c5770c4d40e7746406989f596bda) * Mouse Disappearing on XCreds Login Screen #272 [View](https://github.com/twocanoes/xcreds/commit/5c774d41531d6bdb212522a062f798ca53e84492) * Mouse Disappearing on XCreds Login Screen #272 [View](https://github.com/twocanoes/xcreds/commit/ad2d41856f74d31273c97664b8dc1dde8fcb290d) * made shouldActivateSystemInfoButton always keep popover showing [View](https://github.com/twocanoes/xcreds/commit/79df8d50be0ad37df96dcf183c2912ae9dc7945b) * fixed issue in ropgResponseValue value in manifest [View](https://github.com/twocanoes/xcreds/commit/0f42ce305a9bc3d4541b03b32aec0c14a4024a35) * added app min for manifest for ropgResponseValue [View](https://github.com/twocanoes/xcreds/commit/8b82c5ba5121f2872c277e900e6a9e8f3c3e51d1) * removed product license ref [View](https://github.com/twocanoes/xcreds/commit/4f67a19dfa63636a567554c11fc42ee878eadda4) * removed client secret from sample profile [View](https://github.com/twocanoes/xcreds/commit/fc16a3c5b796442c3e259fe4a3bed297ce4e26af) ## 5.0.7176 (2024-08-28) * fixed issue with green dot [View](https://github.com/twocanoes/xcreds/commit/9bf6d0379105220e2f9de3f435f301c0ac5f81ae) * fixed initial off center of main view at login window [View](https://github.com/twocanoes/xcreds/commit/5c1e3b392b8837ee1595dd01d40ea644782c7533) * added autofill plugin registration in setup script [View](https://github.com/twocanoes/xcreds/commit/c387a5c4f841112c45a65df4a7afb8ca42d72331) * Fix manifest description for settingsOverrideScriptPath #261 [View](https://github.com/twocanoes/xcreds/commit/0961143a8e5ea0a2ab2eaea8188594c36ad88459) * Fix description for allowLoginIfMemberOfGroup #260 [View](https://github.com/twocanoes/xcreds/commit/024a639ad64d13afb47e734419496c2edc075ca0) * fixed autofill [View](https://github.com/twocanoes/xcreds/commit/bb5aa802af0904d153a4ea0a305960aa8af8c1b7) * fixed autofill launching [View](https://github.com/twocanoes/xcreds/commit/1aec12c21b55fbe3b9024cac36a608e03462b196) * 5.0.7176 [View](https://github.com/twocanoes/xcreds/commit/1968fdeac3f816661c66d5f362e71544984ffedc) ## 5.0.7144 (2024-08-15) * migration changed to include admin user [View](https://github.com/twocanoes/xcreds/commit/7fcc359648de23b1f3791b4039f93cdc04eece3b) * allowLoginIfMemberOfGroup causes screen rendering issue after blocking sign in #233 [View](https://github.com/twocanoes/xcreds/commit/ea51cd295018d3b2c777914106567b0560f61afe) * Update login window when resolution changes #187 [View](https://github.com/twocanoes/xcreds/commit/1d787bad242af35c9641785980fd1510afb15a90) * [Feature Request] AD User Account Creation Name Mapping #172 [View](https://github.com/twocanoes/xcreds/commit/01ce07dcf0fce9f293b6503d487f72ef0f72de83) * updated mapping and removed menu bar date [View](https://github.com/twocanoes/xcreds/commit/f2dd672911e16c680079830d907cfe3813b84e89) ## 5.0.7130 (2024-08-06) * Local login window dims and gets stuck after failed login attempt #242 [View](https://github.com/twocanoes/xcreds/commit/2863934334eeb86af7ef28359d0d1c91494c6de3) * more [View](https://github.com/twocanoes/xcreds/commit/5a0a65001f834780a40dfca224bca6dd12bbc1ee) * Enhancement request: Group Membership Zendesk Ticket 69193 #209 [View](https://github.com/twocanoes/xcreds/commit/25bed7fe823cd769306480868aca1b3eb419fdc1) * added missing files [View](https://github.com/twocanoes/xcreds/commit/f3790316276340cf4c4e70580a8918a6493a230b) * Update login window when resolution changes #187 [View](https://github.com/twocanoes/xcreds/commit/314909800a150e3556d01ded46181fc2167107ef) * Update manifest description for CreateAdminIfGroupMember #251 [View](https://github.com/twocanoes/xcreds/commit/81da5019f98edf50b04a5af7990049b9fc4a7ed3) * XCreds Login Window Overlay Wallpaper not caching? #247 [View](https://github.com/twocanoes/xcreds/commit/a566de45b7bed7107f709b302bbf51759eacc538) * Clarify manifest descriptions for AD property names #245 [View](https://github.com/twocanoes/xcreds/commit/d248361497cc5dc453954cca8b2ba90ad477c67f) * Issue with HomeMountEnabled #236 [View](https://github.com/twocanoes/xcreds/commit/e98fab1e44f012f6806d42d718d1d89106a7c9f9) * Issue with HomeMountEnabled #236 [View](https://github.com/twocanoes/xcreds/commit/b469dc0227068311056001b4755f584585e809fa) * Fail on map_username for AD #244 [View](https://github.com/twocanoes/xcreds/commit/c14a5453fffbf882ce39ad61c7b870dae56f565e) * allowLoginIfMemberOfGroup causes screen rendering issue after blocking sign in #233 [View](https://github.com/twocanoes/xcreds/commit/f66645cb663ef8ccaa18f1d08b78212e0b8e81e8) * add missing files to repo [View](https://github.com/twocanoes/xcreds/commit/e973bdcd827275c7b4369e2f320d9c54e5cd782e) * updated package ref [View](https://github.com/twocanoes/xcreds/commit/42b1452296f468ba052996f895372357a7530f3d) * added build file instructions [View](https://github.com/twocanoes/xcreds/commit/c0910425056906c6c45c5b547247b03d0abe7116) * allowLoginIfMemberOfGroup causes screen rendering issue after blocking sign in #233 [View](https://github.com/twocanoes/xcreds/commit/4f91b5d63e63ad0b6c201fc5ce7ac12b36a1d581) * fixed HideExpiration in manifest [View](https://github.com/twocanoes/xcreds/commit/a59caeb19edabfbfa4942036363bb016af218522) * updated history [View](https://github.com/twocanoes/xcreds/commit/c559c3b74998fab81eb225deaaa6d1b4d743a474) ## 5.0.7087 (2024-06-24) * Enhancement Request "Mechanism to force xCreds to reevaluate Login Window Background Image" #227 [View](https://github.com/twocanoes/xcreds/commit/ad1b403b4deb2d8e0cb52a1e5fc4c595e2897744) * Add LocalFallback to manifest #229 [View](https://github.com/twocanoes/xcreds/commit/390e36a0993d2c51f38dabc223b926b4ecc99037) * Update description for allowLoginIfMemberOfGroup #228 [View](https://github.com/twocanoes/xcreds/commit/d52eb5b22c3674fd060f4d48c988794551115e0f) * Customize menu bar app icon #189 [View](https://github.com/twocanoes/xcreds/commit/7f8ee246d25d714671bcbba1556d11e1ea535a4e) * improved login animation [View](https://github.com/twocanoes/xcreds/commit/77bd03ce4c06b45add40f421c0ba18f8ddb8770a) * Menubar sign in does not follow shouldUseROPGForMenuLogin #184 [View](https://github.com/twocanoes/xcreds/commit/fc111b579ec9a64b5dafdc1a3bb8ef9b6a48df92) * XCreds 5: Unexpected behavior of IP & MAC info via XCReds login window #232 [View](https://github.com/twocanoes/xcreds/commit/36a32958a8c949b1eeb32520081f9dc9444ef100) * Feature Request: HideExpiration key #198 [View](https://github.com/twocanoes/xcreds/commit/94be9ce97b9348230bfbecddfdcbe664a09a24f1) * Allow user to use full name to sign in at XCreds username/password screen #178 [View](https://github.com/twocanoes/xcreds/commit/1f66e9cba9ef73d5fbf566a7a4ae1c435c4b2091) * "Change Password" menuitem is now greyed out #239 [View](https://github.com/twocanoes/xcreds/commit/8252c5f9505ea187207a36e1f445e39bdb0a0964) * keyCodeForLoginWindowChange not working as expected #231 [View](https://github.com/twocanoes/xcreds/commit/250955b0bae1d6d10357110628f072b05107f161) * updated history [View](https://github.com/twocanoes/xcreds/commit/d35d876c237bb2a18f1b1e9beeb62d2c3d7ea64c) * Expected AD field values not shown in XCreds log #237 [View](https://github.com/twocanoes/xcreds/commit/498d0f563a1d9d7cfd9991994152b3f3faa04cf6) * updated history [View](https://github.com/twocanoes/xcreds/commit/15233e01b8e56fcd1428681333bf74bbc47f17ea) ## 5.0.7066 (2024-06-16) * fixed fixed size image [View](https://github.com/twocanoes/xcreds/commit/f1a2e7217811677734ad94c9cf692fb10a262fe2) * fixed issue with google redirect [View](https://github.com/twocanoes/xcreds/commit/e2daed192268a7e41a68b1c65e40526d37647bff) * added credential provider [View](https://github.com/twocanoes/xcreds/commit/0336c04ae5b18598dfba2452a566e63456b08d65) * added missing resources [View](https://github.com/twocanoes/xcreds/commit/503622ce9a6057e8f116c36f9d7f640a10095d55) * wip [View](https://github.com/twocanoes/xcreds/commit/24ddcc3d6c04a515050a4da219c413300d98cfe3) * implemented Feature Request - Change the wording of the password change pop-up #202 [View](https://github.com/twocanoes/xcreds/commit/c5e672199726bf5331f39d88d61e290e17c5c759) * System Info on XCreds Login Window #154 [View](https://github.com/twocanoes/xcreds/commit/af63d9f32f4f19bd37d2887de38c57ca6cc16b33) * updated version to 5 [View](https://github.com/twocanoes/xcreds/commit/b6f73cfb06ea8f4f712ebb11242c00ef6d4b1ce2) * added option for system info button title #154 [View](https://github.com/twocanoes/xcreds/commit/f04ee39d4c813b0cbbafe817b96fc7d4564ac09a) * fixed Fix manifest title for ROPG pref #183 [View](https://github.com/twocanoes/xcreds/commit/86ac4201a1b282166c5a94a222d5cf3e2307d7c6) * bumped version of manifest Update manifest pfm_last_modified and pfm_version #164 [View](https://github.com/twocanoes/xcreds/commit/93916f5714450e2cdd923a1b07106014c0a14d92) * Allow override of killall loginwindow in xcreds postinstall script #181 [View](https://github.com/twocanoes/xcreds/commit/3a0057a18f3c3ab77de180c30d8b059565f087aa) * added new preference to manage more buttons on login screen: shouldShowShutdownButton, shouldShowRestartButton, shouldShowSystemInfoButton. Feature Request - Add key to disable showing shutdown and/or restart on login overlay #203 [View](https://github.com/twocanoes/xcreds/commit/7304170591be5e9848dcd4d496c1bd54ab5f07cf) * Feature Request: EnforceSignIn #199 [View](https://github.com/twocanoes/xcreds/commit/7ef5ac3262fe9b2a905077cd96895ed47a68c033) * [Feature Request] Add option to customize the Refresh Banner text #176 [View](https://github.com/twocanoes/xcreds/commit/baab351ec2de975b2c4f9942941d5c173ecfde4e) * updated history [View](https://github.com/twocanoes/xcreds/commit/92117943a1688581ac509eff239af15de9ad82de) * changed manifest version back one; added copying DS user attibutes to prefs. Enhancement Request: XCreds app cant update ds #212 [View](https://github.com/twocanoes/xcreds/commit/4d5515cb974327f18ccc3db65ab8eb81ebe37bfe) * Clarify key name an description for shouldShowIfLocalOnlyUser #219 [View](https://github.com/twocanoes/xcreds/commit/5a6d888aa27e429d5f52417dc5af7ded5dbe9dc9) * systemInfoButtonTitle does not respond to plain text values #220 [View](https://github.com/twocanoes/xcreds/commit/22876caddaaa3f4a1b50df6b30a44d2a462d4e3c) * AD attributes #166 [View](https://github.com/twocanoes/xcreds/commit/c2fa08ed471fdcd16563e835dfb1ffb160732569) * [Feature Request] AD - User friendly fail prompts #193 [View](https://github.com/twocanoes/xcreds/commit/8e171587f1a346e11eeade5522eb06de5726807c) * [Feature Request] AD User Account Creation Name Mapping #172 [View](https://github.com/twocanoes/xcreds/commit/46415fde1ece8c3eb308fd7f30a8b917d6129997) * [Feature Request] Customize the XCReds app's native login dialog box #179 [View](https://github.com/twocanoes/xcreds/commit/77561251ef95717253ca8bafe7cc5fe6cfab921b) * updated readme [View](https://github.com/twocanoes/xcreds/commit/4f9957663cd973a37666f2abb27d4c28df1c61be) * Hang at login after password reset #223 [View](https://github.com/twocanoes/xcreds/commit/a4b4d30008346e7aa57e8aea30e7f68c409ccc77) * Corrections for manifest #224 [View](https://github.com/twocanoes/xcreds/commit/8c7024e642b402b842f2c3fc78a76a83552d65c4) * Fix formatting for systemInfoButtonTitle #221 [View](https://github.com/twocanoes/xcreds/commit/dbbb158ac7099010eae570d6190e723c2aca404d) * Menubar refresh is delayed when setting shouldPromptForADPasswordChange #195 [View](https://github.com/twocanoes/xcreds/commit/89c81d527962b821213f8346a8f1104d1da9c047) * Map UID #186 [View](https://github.com/twocanoes/xcreds/commit/1f107437dc5447f97112780c898ceace221a78f5) * updated history [View](https://github.com/twocanoes/xcreds/commit/2a262065704baee6cd3dfd59899e9eb5c3aacc88) * Setting HomeMountEnabled to false removes the home folder from the XCreds menuitems #213 [View](https://github.com/twocanoes/xcreds/commit/8e2afaf513e2453ae0b03e4581a26ba22207ed70) * Enhancement request: Group Membership Zendesk Ticket 69193 #209 [View](https://github.com/twocanoes/xcreds/commit/a611f2e23ff3c4af44d03b8ee1f642a207c03c01) * Custom Mac login window key combo #206 [View](https://github.com/twocanoes/xcreds/commit/b148e494644ea9c7266a3ffac18d4bc966a945fb) * [Feature Request] Add a Password Expire date or Days for OIDC users and more #165. To test, set map_password_expiry to a claim in Azure (like street address) with a value in seconds from token issue (like 300 seconds) and verify that menu shows the correct date [View](https://github.com/twocanoes/xcreds/commit/5983f9320c4e792f40ba06b43276847013d2a1c7) * added battery function [View](https://github.com/twocanoes/xcreds/commit/f1745fab048f8bd0f5193172782d22fb77e772b2) * added battery function [View](https://github.com/twocanoes/xcreds/commit/390b06e8ff4ff971f221f9dedb8dc4eb22ee3856) ## 4.1.6375 (2024-02-28) * updated release notes, fixed script typo [View](https://github.com/twocanoes/xcreds/commit/cdd59f8bfe7b6153c038fb2bbfcc2e2b663b8380) * updated release notes [View](https://github.com/twocanoes/xcreds/commit/88c96dff9b1de5199bf8511c4cf04c21bb42daa8) * added remounting and refresh kerb ticket after network change [View](https://github.com/twocanoes/xcreds/commit/8db9ec64dab9655635cf7b5cd4f0a5911c1e344a) * fixed "Sign in" window issue (OIDC and AD Configured) #170 and Admin user set to Standard user on Local Login #173 [View](https://github.com/twocanoes/xcreds/commit/0b8d9feab4e8dc9bf2d3c31377d2d7bacd49cb01) * Sign in prompted (While not connected to a network) #168 [View](https://github.com/twocanoes/xcreds/commit/4ccca1c62d3308a1bcbefe9caf3af83a8c5ad7d9) * updated profile manifest [View](https://github.com/twocanoes/xcreds/commit/fb8ca59c9951b13c458cb2a2391527dcd221085a) * [Feature Request] Local User Behavior #174 [View](https://github.com/twocanoes/xcreds/commit/009d1bfc6d2c849194f207e0106cdafe5226e179) * fixed crash on menu and edge case with both web and username password views showing [View](https://github.com/twocanoes/xcreds/commit/d6a1b173fc42c3a9724c3e484ab3f06afb26ba9c) * bumped version [View](https://github.com/twocanoes/xcreds/commit/d5840c37a8410fbf4076ee362d720da4910ff2dd) ## 4.1.6346 (2024-02-13) * added fix for override still prompting when overridesilent set [View](https://github.com/twocanoes/xcreds/commit/dec4a69c78ff5ee8876c6b00d33a1a09400ced92) * fixed silentoverride issue [View](https://github.com/twocanoes/xcreds/commit/253a29c608e728c6177bd86e4ec70339611e95a8) * fixed multiple share mounting [View](https://github.com/twocanoes/xcreds/commit/fbc40e45085a2c338f671f5fb827828e2683950d) * fixed Update manifest pfm_last_modified and pfm_version #164 [View](https://github.com/twocanoes/xcreds/commit/a9f5ccc89dd7a7b673d3886aedef8073fe87c980) * implemented [Feature Request] AD - Option to hide Sign-In menu item #150 [View](https://github.com/twocanoes/xcreds/commit/629dfe117cd0665192a536f6f984dbf00a31ee57) * implemented [Feature Request] Standard wallpaper options for default background #155 [View](https://github.com/twocanoes/xcreds/commit/81509683f4e54462c6cc697331132980ee7b58a1) ## 4.1.6313 (2024-02-06) * fixed issue with menu item not updating tokens [View](https://github.com/twocanoes/xcreds/commit/7661fc2d703c065a9a71b0751a6427f1b636783e) * fixed automount [View](https://github.com/twocanoes/xcreds/commit/8a9f8c2aa143ab3138e2741e2ce6061cdd35419b) * remove admin if we made them admin [View](https://github.com/twocanoes/xcreds/commit/e87ec92d5bdb3ace68060f6db3469d76d0dbf0cc) * added check for not removing last admin user [View](https://github.com/twocanoes/xcreds/commit/fbe883413f83d7f96fb5ba0da68ca93ced5e9484) * fixed prompting when both AD and cloud are configured [View](https://github.com/twocanoes/xcreds/commit/32f2bebb4707ed70e21ccfb50f30d09eff076ce9) * added kerberosprincipalname pref and getting kerb ticket with oidc login [View](https://github.com/twocanoes/xcreds/commit/c14fd13e6e347d9be49a709531ecb24b08bafb96) * added menuItemWindowBackgroundImageURL [View](https://github.com/twocanoes/xcreds/commit/7c81253b3643a76c0468d4424344f61fe578d520) * better selection of menu item prompting if both AD and OIDC is setup [View](https://github.com/twocanoes/xcreds/commit/a4140ace5ca7f22d26bf502da72fd928dc4388c6) * fixed issue with ACL on tokens in keychain [View](https://github.com/twocanoes/xcreds/commit/4aeda19969b358ae27baa02aec067ac0f9318a29) * added custom menu item pref [View](https://github.com/twocanoes/xcreds/commit/9453fbd3a3b09887ffd1807dee6ae9e6e8eb574a) * ability to customize Share menu item; added username for AD and OIDC in menu [View](https://github.com/twocanoes/xcreds/commit/b67970aaa2a5ef450cb6d5888338ce4536a2e891) * added pref for shares [View](https://github.com/twocanoes/xcreds/commit/9c8d920744cd44a2b27163db2c1a84d81c5665b3) * added better descriptions to share manifest [View](https://github.com/twocanoes/xcreds/commit/2004767b7c99782c41f3b0a43079ce92daa22374) * updated whats new [View](https://github.com/twocanoes/xcreds/commit/f81c831706a7fdbf124a5d0926fe790b728a4366) * updated manifest [View](https://github.com/twocanoes/xcreds/commit/a3ca6493d51a71006d2e612df747ea1c1747acb9) ## release-4.0 (2024-01-29) ## 4.0.6274 (2024-01-29) * fixed issue with local password update [View](https://github.com/twocanoes/xcreds/commit/b12e859184f6812080906256315d1d7b2f29e496) * updated ropg prefs and checking [View](https://github.com/twocanoes/xcreds/commit/e3149de819f2b72a7e11f9891815de5d5c6511b9) * Minor fixes for ropg [View](https://github.com/twocanoes/xcreds/commit/f99bdd5aa288331c469bd8d6fca83af3642fd622) * fixed passwordElementID preference can cause issue with setting local password #161 [View](https://github.com/twocanoes/xcreds/commit/5b547377d591c7e8dcfc6165197fcf5d94bd881b) * PasswordOverwriteSilent does not prevent user prompt for password #160 [View](https://github.com/twocanoes/xcreds/commit/a438d09a10fa35c914877559a8bab415083a428a) * shouldUseROPGForMenuLogin hides offline login option at XCreds login window #158 [View](https://github.com/twocanoes/xcreds/commit/17f24dd92b8c83bb591b5cd9bb50e41c9ac4086f) * Improvement for refreshRateMinutes description #157 [View](https://github.com/twocanoes/xcreds/commit/cc6e736f0429bb78ac0a925395b305f21d98af4a) * Typos in manifest descriptions #156 [View](https://github.com/twocanoes/xcreds/commit/eae6dff1654237d13bbab857a5e1d8c30c5ffe11) * added release notes [View](https://github.com/twocanoes/xcreds/commit/af102f94dd2fdf999b775f6c01cc2fbd98935819) ## 4.0.6261 (2024-01-15) * built release notes [View](https://github.com/twocanoes/xcreds/commit/7440e188957a5c489891d75513dad33df2ec6aec) * applied patch from Jim Zajkowski to fix integration issues [View](https://github.com/twocanoes/xcreds/commit/278862f63decc361c2dcc1e99da541c431b7099d) * fixed up kerb ticket status in menu [View](https://github.com/twocanoes/xcreds/commit/93371b9a3b32c7f09e23d1b55fb1c783ffd580de) * refactored menu code [View](https://github.com/twocanoes/xcreds/commit/a76b7f843d4a156233abeb9039152748e2dc52c9) * fixed issue with updating keychain [View](https://github.com/twocanoes/xcreds/commit/d0b70c3142e385a51c79c1f94812393a6067e178) * more attempt at sharemounter integration [View](https://github.com/twocanoes/xcreds/commit/18e44d1d6b156ffb63686db8d52905e287dc5f24) * implemented shares [View](https://github.com/twocanoes/xcreds/commit/8bd74a3ac8fe78088e280c19d9ee80eeb1658129) * added additional sample profiles [View](https://github.com/twocanoes/xcreds/commit/721bf74a6f58cce0b09b1aa2e88f6317b643bede) * fixed home mounting [View](https://github.com/twocanoes/xcreds/commit/b4ffa8ff9788cdd76694174c54dd0bc3ce9ddbcc) * fixed enabing window state with AD [View](https://github.com/twocanoes/xcreds/commit/24d17c9845baa29acbd7ec408c02553dd4d7ea3d) * pointed package to main branch for oidclite [View](https://github.com/twocanoes/xcreds/commit/7f23a07412363c7d45ce093eaff0bbac644265bb) * Allow forcing of webview login window [View](https://github.com/twocanoes/xcreds/commit/88eaaf49ff27a7fb38c879d15e597912f06c0d29) * Support separate client ID and secret for ropg [View](https://github.com/twocanoes/xcreds/commit/4e008168bbf206d6678d7c1649e26ec7424928a3) * wip [View](https://github.com/twocanoes/xcreds/commit/7d5fba55eab2430038c2a86b79c08f714316e57b) * fixed issue with ropg clientid/secret selection [View](https://github.com/twocanoes/xcreds/commit/1642241ea03ddc43b4a04b7e9a4f0885113ab4dc) * Keychain is reset on cloud password change when user enters old local password #148 [View](https://github.com/twocanoes/xcreds/commit/79f1bb531ce5fa20389b4fed319bac3539314e96) * Admin status does not change after removed from group #145 [View](https://github.com/twocanoes/xcreds/commit/f9821f992afe305d2be9bec0ee0aec9e1b5dbdca) * Fix manifest key name for loadPageInfo #143 [View](https://github.com/twocanoes/xcreds/commit/b747d621e864a40906b13b85e6d184ead1fb485c) * bumped version [View](https://github.com/twocanoes/xcreds/commit/aad768b0f0b76345a3e7ee2ea0d02fbcf6e953b1) ## 4.0.6203 (2024-01-01) * added release notes and script to generate release notes [View](https://github.com/twocanoes/xcreds/commit/ff9dc64fea8e6f438755e1d72837fce4391d167c) * Feature Request: Allow "loadpage.html" to be customized. #126. To test, add in new keys "loadPageTitle" and "loadPageInfo" or try the xcreds_example_azure_loadPageTitle_loadPageInfo.mobileconfig [View](https://github.com/twocanoes/xcreds/commit/37c7477f66362c1823c49138b49afcad388abbc5) * Update description in manifest for loginWindowWidth and loginWindowHeight #138 [View](https://github.com/twocanoes/xcreds/commit/5951d753b391fda49534c5dda13d508479e66fd8) * [feature request] LocalAD - make sync password with AD optional with preference key #130. To test, set the shouldPromptForADPasswordChange to false and set the user account to require password change on next login and verify the user is not prompted [View](https://github.com/twocanoes/xcreds/commit/0b85b4ffb8e95b8d79ffcf455ac034c05ce4d4f4) * XCreds breaking Munki's logout/install @loginscreen logic #102. Test by defining hideIfPathExists to a path like /tmp/hide and then add/remove and UI should show /hide. Or use sample profile xcreds_example_azure_hide.mobileconfig [View](https://github.com/twocanoes/xcreds/commit/770c179262658ccfd27f9de3808b931cc69a86e4) * Option to enforce account to log in #21. To test, create allowedUsersArray with name of user allowed to log in and define allowUsersClaim with an OIDC claim that contains that value. Or use the xcreds_example_azure_allow_fred.mobileconfig to test [View](https://github.com/twocanoes/xcreds/commit/ee95927865f1e912898c4d030cb367fd589db114) * Feature Request: Force Wi-Fi on option or Wi-Fi on/off switch in "Configure Wi-Fi" #58 [View](https://github.com/twocanoes/xcreds/commit/bfa28014c7d0c000369d49bf9a3896128616901a) * added removeadmin function but not used since it can cause local admins to unadmin [View](https://github.com/twocanoes/xcreds/commit/cc322befaf88bf3440a9d086089468660a4354f3) * loginWindowBackgroundImageURL image should be cached if not a file:// URL #72 [View](https://github.com/twocanoes/xcreds/commit/b2cfd643ac6419904cc30037eaceaf5bb939cc7b) * bumped build number [View](https://github.com/twocanoes/xcreds/commit/500575b7dfa81c7a9a7231aeac88bd3cfe6a5497) ## 4.0.6177 (2023-12-28) * added date to license agreement to resolve Date not shown on user agreement #134 [View](https://github.com/twocanoes/xcreds/commit/17df8ec0734b9a8eddb2485e4d16af25ddd2df30) * fixed Password reset dialog rendering and text need fixes #133 [View](https://github.com/twocanoes/xcreds/commit/a03c7f1463be0ab89a787d08f2f211c8bb9a6552) * Cloud login screen button section pushed to left side #132 [View](https://github.com/twocanoes/xcreds/commit/0a300f842d6ab85e8c28501c9b4b87e57b5e0017) * Active Directory login - blank login after expired user attempts sign-in #114 [View](https://github.com/twocanoes/xcreds/commit/b8d52d586aaa8db98487a8bd8279fbd673992ad8) * Prompt for Secure Token Admin Login When Required for AD #127 [View](https://github.com/twocanoes/xcreds/commit/42002e66a6d90726e9a5f4132f232afd107736d7) * [bug] Build 6023 LocalAD - cancelling Change Password prompt breaks login fields. #129 [View](https://github.com/twocanoes/xcreds/commit/be300977b25f12e409b506de0f0d6fc1addd9ebd) * Add ability to select active directory login to select mapped user account #136 [View](https://github.com/twocanoes/xcreds/commit/19260d33f6a35b1564112c9be94e804bf892cb14) * fixed issue with initial focus [View](https://github.com/twocanoes/xcreds/commit/f40cf398168bffd52a75745ab3527b7f9bfc9f20) * https://github.com/twocanoes/xcreds/issues/54 [View](https://github.com/twocanoes/xcreds/commit/270732273500c8d5d1e791b565df25d581f5e0f4) * Request: display user password expiration (days left or specific date) in app. #54 [View](https://github.com/twocanoes/xcreds/commit/2774028c41b4a2b5031296e284d1cde5ae48541f) * Refresh does not change next password check time #88 [View](https://github.com/twocanoes/xcreds/commit/fdcd94b1dd7f99c6baf635af6d7978d0aad30df3) * changed cartfile to point to github [View](https://github.com/twocanoes/xcreds/commit/960fa77bb2cb6b21719fb33481febbb594b53f90) * removed framework [View](https://github.com/twocanoes/xcreds/commit/ed417781d823012a779fd93c4c29cf46259d0bee) * removed framework [View](https://github.com/twocanoes/xcreds/commit/c054c66e231955a396f9f28bd26d8352ae7ed48f) * added key for ROPG at login window [View](https://github.com/twocanoes/xcreds/commit/716934b3e90d1f8cc454e7f25232584e3f2b5d3a) * partial refactor wip [View](https://github.com/twocanoes/xcreds/commit/1c0fc161b10042d6f88097ffb255749e682023bf) * partial refactor wip [View](https://github.com/twocanoes/xcreds/commit/e24b7e07ec5ceefeacda3cbaa2b92e71a7261ecf) * partial refactor wip [View](https://github.com/twocanoes/xcreds/commit/f651bc35965ad5a1a1c713a4ff0a3cd4b20cb00b) * ropg at login window initial implementation [View](https://github.com/twocanoes/xcreds/commit/32ad7b391c89e870fe373cdac46e62744fb79221) * cleaned up ropg login code [View](https://github.com/twocanoes/xcreds/commit/e9b12682acdcdd8f5b3bd9f1035c80ca2e359995) * hide refresh when on username/password window; move focus to blank password when not entered for username/password window [View](https://github.com/twocanoes/xcreds/commit/b54cf49b000fa8806229300455901955f2f1edf2) * fixed menu app password verification [View](https://github.com/twocanoes/xcreds/commit/93ac8b9bfbeefb2d7b5df4585d033005b6907300) * added ShareMounter and missing KerbUtil filet [View](https://github.com/twocanoes/xcreds/commit/3f14dc2639807400e8c1b6f8824a05d6ea2b474b) * added username / password view to prompt in userspace [View](https://github.com/twocanoes/xcreds/commit/a56020e4ba24ef0d2d634f4e3ad71964c561eaad) * fixed cancel for AD userspace cancel [View](https://github.com/twocanoes/xcreds/commit/8acaf42493adf20b98f132182b7951fae9181976) * fixed override script in usersapce [View](https://github.com/twocanoes/xcreds/commit/bdd67573335b01e9aa809a8af6570474183751cb) * fixed typo [View](https://github.com/twocanoes/xcreds/commit/48329e1d05488dd2b66820ab8d62b6c540901f41) ## 4.0.6023 (2023-12-12) * use default desktop from CoreServices [View](https://github.com/twocanoes/xcreds/commit/c2c99e2657bc7c4e77aa12628c00a1cec35e65dc) * reload the login window when wifi is connected [View](https://github.com/twocanoes/xcreds/commit/64b6876f8ba181c57d1a4ecb9ab8276cc7acb173) * fix conflicts in XCreds app [View](https://github.com/twocanoes/xcreds/commit/e29288a7b32a91a9dabe978caadaa41cce0549f6) * Add new NetworkMonitor and reload webview on network changes [View](https://github.com/twocanoes/xcreds/commit/e6fd5e31e6b573eaeec5d9df9cb8d7545e4d693e) * add new networkmonitor [View](https://github.com/twocanoes/xcreds/commit/0ede34aef5b8ec9c41c41f4a57526cfd2be6b06c) * better handling of loginwindow reload [View](https://github.com/twocanoes/xcreds/commit/472754db230ba77da0ff36c07ccb0a76ebc88dd7) * bumped version [View](https://github.com/twocanoes/xcreds/commit/0a130f4456899320bc2106dc3ee8d0179abf87c6) * bumped version [View](https://github.com/twocanoes/xcreds/commit/bec80f2ecde022f94e1bb6297b7c0d22b4b57d04) * Resolves #111 by only refreshing when on cloud login [View](https://github.com/twocanoes/xcreds/commit/ca8e9851796b02efdcf0b8237cef4fe03622cbf0) * removed tperfitt from logging. issu #108 [View](https://github.com/twocanoes/xcreds/commit/0f75ef578c89f3cfab35e83e1d863b3b281a88b7) * added info in DS for sub and iss when user is logging in and account is created [View](https://github.com/twocanoes/xcreds/commit/a16e2f5b40d2dcdc35e15c864a7887959720f64c) * initial implementation of allow user to select account to map to #98 [View](https://github.com/twocanoes/xcreds/commit/9b4b781714778a0346cb4047a61b5c6b0ce8e4fe) * added preference shouldAllowKeyComboForMacLoginWindow and key combo (control-option return) to switch logon window. command-option-control return for mac login window. Feature Request: Show / Hide the switch login button with a pref key. #121 [View](https://github.com/twocanoes/xcreds/commit/71b874ecf39fcafd7e794306e3a8dfafbcb69ce8) * Log shows tperfitt user profile path #108 [View](https://github.com/twocanoes/xcreds/commit/beb62fab79a1631780e12742763041c15f6aaecb) * Feature Request: Option to alias IdP username to local DS user account #59 [View](https://github.com/twocanoes/xcreds/commit/dd428a9717546b5ea12d7c8677fa99084ce2cccf) * add missing Credits.txt file [View](https://github.com/twocanoes/xcreds/commit/ccadd3398bc60d7b11807980f306dfbd8453c59f) * fixed typo [View](https://github.com/twocanoes/xcreds/commit/0e668f6af5873f5b7ff8770cc34b6ac6138d8e94) * updated manifest for new keys [View](https://github.com/twocanoes/xcreds/commit/f418394373ad7c62d3e297c7f5cd224aaf8d19f9) * showed Create New Account button in migration modal [View](https://github.com/twocanoes/xcreds/commit/59ab7e8d1dae2c1972041eb1e2b7082a98737ae6) * fixed issue #124: Default behavior wrong for shouldAllowKeyComboForMacLoginWindow [View](https://github.com/twocanoes/xcreds/commit/6f3737257205f4d2faa035b6f051bf6bfed2074b) * refactored code to add admin to user account based on group membership each login (issue #109); added groups claim value to OD record on each login in _xcreds_oidc_groups (issue #117) [View](https://github.com/twocanoes/xcreds/commit/8376942e6e23f8804bd5cec3cfff383792391031) * updated license agreement (issue #90) [View](https://github.com/twocanoes/xcreds/commit/f41411c5a51706ba7b33776edc845a409400bf1e) * Detect when no password was entered #17 [View](https://github.com/twocanoes/xcreds/commit/7cf2837f3d653a893f2f5c031c0a72298340aa70) * updated animation when logging in [View](https://github.com/twocanoes/xcreds/commit/51387b15384032bc5f4e82a5d6fea8a49c6e2625) * adding arbitrary claims to local DS user account [View](https://github.com/twocanoes/xcreds/commit/e47832e21a76d3ae86af3e7e5fee41f29772436f) * fixed Active Directory issue after password change #112 [View](https://github.com/twocanoes/xcreds/commit/14e2a7c1e1d15e8655f44bef182a2e14bc0892ce) * partial fix for #114 [View](https://github.com/twocanoes/xcreds/commit/856a3549bec86c6c52b4ed368b2e59d25c38c5a7) * refactored windows to views [View](https://github.com/twocanoes/xcreds/commit/8a0994c7dfbe071ce5397d52070c2a4c9ab9a309) * fixed centering and cloud login sizing [View](https://github.com/twocanoes/xcreds/commit/f83d523c57cf9f65f6f1b7931bdf34ad5a04c090) * fixing timing for animation when logging in; tweaked UI [View](https://github.com/twocanoes/xcreds/commit/9c659dbb4a12c9ee4cbe396119a058d2594e6827) * streamlined startup process [View](https://github.com/twocanoes/xcreds/commit/1895f0365a3aba91fc9c43961bca78ee6a9482e6) * refactored dialogs for prompting for user info; fixed ad groups for making admin user [View](https://github.com/twocanoes/xcreds/commit/7c5af73cb91a83c8f323edc1d8bd9538b02fbd71) * added missing template for package [View](https://github.com/twocanoes/xcreds/commit/281fe86d7bb33c7f278f05117794069c991efb47) * fixed showing offline button [View](https://github.com/twocanoes/xcreds/commit/72ffc3fd5434eb742e1cffa3cb073228f4883292) * implemented feature request: localad/kebereros support for saving groups to prefs #125 [View](https://github.com/twocanoes/xcreds/commit/1d3e2be0a87c3e5d2843767db28de90894bc12cc) * fixed enabling views when logging in [View](https://github.com/twocanoes/xcreds/commit/3ac6e3739200a3ae6f708be731c4d7acdf279e7e) * fixed javascript to key on input instead of keydown/keyup [View](https://github.com/twocanoes/xcreds/commit/3d41a199cfd92f233677cc6859f837ede388311c) * implemented Prompt for Secure Token Admin Login When Required #123 [View](https://github.com/twocanoes/xcreds/commit/32b118fe0c96b6cee8bd8a37bcff22611f28e55b) * fixed Update documented minimum for loginWindowWidth and loginWindowHeight #91 [View](https://github.com/twocanoes/xcreds/commit/21814425a055f0240fb4c11c37c0d01045620fd6) * wip [View](https://github.com/twocanoes/xcreds/commit/a5aca79363b6f3cc974442534bbc7818b0e4775b) * fixed issue with updating password in userspace [View](https://github.com/twocanoes/xcreds/commit/9e483c451eccac80fc533f993fe21a526970fd9e) * bumped build number [View](https://github.com/twocanoes/xcreds/commit/867fc0f3337cde76a06cb821471de2bcd6fb9506) ## v3.2.1.6002 (2023-12-11) * use default desktop from CoreServices [View](https://github.com/twocanoes/xcreds/commit/c2c99e2657bc7c4e77aa12628c00a1cec35e65dc) * reload the login window when wifi is connected [View](https://github.com/twocanoes/xcreds/commit/64b6876f8ba181c57d1a4ecb9ab8276cc7acb173) * fix conflicts in XCreds app [View](https://github.com/twocanoes/xcreds/commit/e29288a7b32a91a9dabe978caadaa41cce0549f6) * Add new NetworkMonitor and reload webview on network changes [View](https://github.com/twocanoes/xcreds/commit/e6fd5e31e6b573eaeec5d9df9cb8d7545e4d693e) * add new networkmonitor [View](https://github.com/twocanoes/xcreds/commit/0ede34aef5b8ec9c41c41f4a57526cfd2be6b06c) * better handling of loginwindow reload [View](https://github.com/twocanoes/xcreds/commit/472754db230ba77da0ff36c07ccb0a76ebc88dd7) * bumped version [View](https://github.com/twocanoes/xcreds/commit/0a130f4456899320bc2106dc3ee8d0179abf87c6) * bumped version [View](https://github.com/twocanoes/xcreds/commit/bec80f2ecde022f94e1bb6297b7c0d22b4b57d04) * Resolves #111 by only refreshing when on cloud login [View](https://github.com/twocanoes/xcreds/commit/ca8e9851796b02efdcf0b8237cef4fe03622cbf0) * removed tperfitt from logging. issu #108 [View](https://github.com/twocanoes/xcreds/commit/0f75ef578c89f3cfab35e83e1d863b3b281a88b7) * added info in DS for sub and iss when user is logging in and account is created [View](https://github.com/twocanoes/xcreds/commit/a16e2f5b40d2dcdc35e15c864a7887959720f64c) * initial implementation of allow user to select account to map to #98 [View](https://github.com/twocanoes/xcreds/commit/9b4b781714778a0346cb4047a61b5c6b0ce8e4fe) * added preference shouldAllowKeyComboForMacLoginWindow and key combo (control-option return) to switch logon window. command-option-control return for mac login window. Feature Request: Show / Hide the switch login button with a pref key. #121 [View](https://github.com/twocanoes/xcreds/commit/71b874ecf39fcafd7e794306e3a8dfafbcb69ce8) * Log shows tperfitt user profile path #108 [View](https://github.com/twocanoes/xcreds/commit/beb62fab79a1631780e12742763041c15f6aaecb) * Feature Request: Option to alias IdP username to local DS user account #59 [View](https://github.com/twocanoes/xcreds/commit/dd428a9717546b5ea12d7c8677fa99084ce2cccf) * add missing Credits.txt file [View](https://github.com/twocanoes/xcreds/commit/ccadd3398bc60d7b11807980f306dfbd8453c59f) * fixed typo [View](https://github.com/twocanoes/xcreds/commit/0e668f6af5873f5b7ff8770cc34b6ac6138d8e94) * updated manifest for new keys [View](https://github.com/twocanoes/xcreds/commit/f418394373ad7c62d3e297c7f5cd224aaf8d19f9) * showed Create New Account button in migration modal [View](https://github.com/twocanoes/xcreds/commit/59ab7e8d1dae2c1972041eb1e2b7082a98737ae6) * updated js [View](https://github.com/twocanoes/xcreds/commit/e621f6a8da59c6923f0ba12b6a3abf5c9a916f34) * bumped version and build [View](https://github.com/twocanoes/xcreds/commit/7140e72c2e619e26b2db99e21f917f6b3147570a) * adde missing credits file [View](https://github.com/twocanoes/xcreds/commit/81f8e48a696c1eeab46bbcb4f36eea66fe6113f4) ## v3.3.5269 (2023-11-27) * use default desktop from CoreServices [View](https://github.com/twocanoes/xcreds/commit/c2c99e2657bc7c4e77aa12628c00a1cec35e65dc) * reload the login window when wifi is connected [View](https://github.com/twocanoes/xcreds/commit/64b6876f8ba181c57d1a4ecb9ab8276cc7acb173) * fix conflicts in XCreds app [View](https://github.com/twocanoes/xcreds/commit/e29288a7b32a91a9dabe978caadaa41cce0549f6) * Add new NetworkMonitor and reload webview on network changes [View](https://github.com/twocanoes/xcreds/commit/e6fd5e31e6b573eaeec5d9df9cb8d7545e4d693e) * add new networkmonitor [View](https://github.com/twocanoes/xcreds/commit/0ede34aef5b8ec9c41c41f4a57526cfd2be6b06c) * better handling of loginwindow reload [View](https://github.com/twocanoes/xcreds/commit/472754db230ba77da0ff36c07ccb0a76ebc88dd7) * bumped version [View](https://github.com/twocanoes/xcreds/commit/0a130f4456899320bc2106dc3ee8d0179abf87c6) * bumped version [View](https://github.com/twocanoes/xcreds/commit/bec80f2ecde022f94e1bb6297b7c0d22b4b57d04) * Resolves #111 by only refreshing when on cloud login [View](https://github.com/twocanoes/xcreds/commit/ca8e9851796b02efdcf0b8237cef4fe03622cbf0) * removed tperfitt from logging. issu #108 [View](https://github.com/twocanoes/xcreds/commit/0f75ef578c89f3cfab35e83e1d863b3b281a88b7) * added info in DS for sub and iss when user is logging in and account is created [View](https://github.com/twocanoes/xcreds/commit/a16e2f5b40d2dcdc35e15c864a7887959720f64c) * initial implementation of allow user to select account to map to #98 [View](https://github.com/twocanoes/xcreds/commit/9b4b781714778a0346cb4047a61b5c6b0ce8e4fe) * added preference shouldAllowKeyComboForMacLoginWindow and key combo (control-option return) to switch logon window. command-option-control return for mac login window. Feature Request: Show / Hide the switch login button with a pref key. #121 [View](https://github.com/twocanoes/xcreds/commit/71b874ecf39fcafd7e794306e3a8dfafbcb69ce8) * Log shows tperfitt user profile path #108 [View](https://github.com/twocanoes/xcreds/commit/beb62fab79a1631780e12742763041c15f6aaecb) * Feature Request: Option to alias IdP username to local DS user account #59 [View](https://github.com/twocanoes/xcreds/commit/dd428a9717546b5ea12d7c8677fa99084ce2cccf) * add missing Credits.txt file [View](https://github.com/twocanoes/xcreds/commit/ccadd3398bc60d7b11807980f306dfbd8453c59f) * fixed typo [View](https://github.com/twocanoes/xcreds/commit/0e668f6af5873f5b7ff8770cc34b6ac6138d8e94) * updated manifest for new keys [View](https://github.com/twocanoes/xcreds/commit/f418394373ad7c62d3e297c7f5cd224aaf8d19f9) * showed Create New Account button in migration modal [View](https://github.com/twocanoes/xcreds/commit/59ab7e8d1dae2c1972041eb1e2b7082a98737ae6) ## v3.2.5197 (2023-10-17) * updated readme [View](https://github.com/twocanoes/xcreds/commit/4f27ddcd3d2a3a8e47f51a40a7631a7bf3343d88) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/e99abc0bb097c042f0ce0283547045ec1916db63) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/70082e7da4df6b71284735eb788b992df4c8ca40) * updated url in profile manifest [View](https://github.com/twocanoes/xcreds/commit/33ef0c9f2f30afc4260526b27ee4e6995e94fcfa) * fixed issue 95: whitespace characters in password and username [View](https://github.com/twocanoes/xcreds/commit/63f4ca53c2c1ba31fd93fd4921042d21284570c6) * shouldPreferLocalLoginInsteadOfCloudLogin [View](https://github.com/twocanoes/xcreds/commit/79e798afab9162255b7a019b74bbb3122330e83a) * another attempt at fixing https://github.com/twocanoes/xcreds/issues/95 [View](https://github.com/twocanoes/xcreds/commit/819e9a047f8d1e9e6d5a4f26b32238cb7fc9da88) * wip [View](https://github.com/twocanoes/xcreds/commit/4ac36cbc2d085ee32bd8d82a66feeb925ff118fb) * fixed keyboard nav for controls [View](https://github.com/twocanoes/xcreds/commit/c5c0cad10f5d5f22f8b6ce3d0993f5f1f72d8f3b) * issue #100: Detect Offline [View](https://github.com/twocanoes/xcreds/commit/fe804f167446fc4b22e128cca576ddd7276fd96f) * Add ability to check passwords via ROPG [View](https://github.com/twocanoes/xcreds/commit/f7c62c0466106cbc26f9f67be441dad847c32ecf) * Rename prefkey to be more boolean [View](https://github.com/twocanoes/xcreds/commit/2909f625588fe25c2082fbf2ff88df468e19c79d) * update to profile manifest [View](https://github.com/twocanoes/xcreds/commit/7fcb0a392b0e8d8c19e81f8e827d6de996da75c4) * fixed typo in function name [View](https://github.com/twocanoes/xcreds/commit/8c12d454e393cc0c52a0feb314a67c357bbac1c9) * added a smidge more logging [View](https://github.com/twocanoes/xcreds/commit/86256a2825eeeebf6eb63fe26451c372e149c2a2) * added self healing for auth rights [View](https://github.com/twocanoes/xcreds/commit/9b43e1cb382cfea1b40a2f40b6cdf6189fed385b) * updated manifest [View](https://github.com/twocanoes/xcreds/commit/7cdf884f2aed100080069e9b3a589af736062c99) ## release_3_1 (2023-07-14) * updated readme [View](https://github.com/twocanoes/xcreds/commit/4f27ddcd3d2a3a8e47f51a40a7631a7bf3343d88) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/e99abc0bb097c042f0ce0283547045ec1916db63) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/70082e7da4df6b71284735eb788b992df4c8ca40) * updated history.md [View](https://github.com/twocanoes/xcreds/commit/85b71172d3192616371ccc30ea16fb6dd092a54e) * fixed check timer to still work if mac sleeps [View](https://github.com/twocanoes/xcreds/commit/af491f5febf433bfeb8478d71a2fa29309676765) * fixed issue with token update time [View](https://github.com/twocanoes/xcreds/commit/0d14279e4003400a0fef812247f3c790fc802f5e) * fixed fade; cleaned up user mappings for weird characters [View](https://github.com/twocanoes/xcreds/commit/c6304954d6b02109d4ff90ed2d3b94963f761461) * final touches [View](https://github.com/twocanoes/xcreds/commit/df5f1110c5800ac8aa31293ac509817a62fedfbc) * bumped to 3.2; added some additional logging [View](https://github.com/twocanoes/xcreds/commit/5a544859855835a6c1d8bfb35a39aeb30cda5962) * bumped build number to 5000 [View](https://github.com/twocanoes/xcreds/commit/6250fdf999d7e57bfd51fe55186fde6fce92a3c0) * updated permission for override_script [View](https://github.com/twocanoes/xcreds/commit/fac2af918a65d5f92c211e4707e9e14d36e5bee1) * changed version back to 3.1; added better about window with history; changed override script requirments to be owned by _securityagent and be 700 [View](https://github.com/twocanoes/xcreds/commit/2f8dd4e599a71d02a88fa4a66814e419c71c0e65) * added command click login window for mac login window [View](https://github.com/twocanoes/xcreds/commit/f0a5b1fc76c133f199da75f31202401476da2af1) * text fixes [View](https://github.com/twocanoes/xcreds/commit/97c383e24729982c364e456ba5c3d49aa983060a) * updated build script [View](https://github.com/twocanoes/xcreds/commit/b4fd79d1d43d922fac3581282c7eb9126d33ed8c) * added back sample profie [View](https://github.com/twocanoes/xcreds/commit/6aa3ec4a58842f9a4dd748cd129ed4c14226888a) * fixed timer minutes [View](https://github.com/twocanoes/xcreds/commit/e78b306018cd996176b9530ba302689bd1d3e358) ## v3.1.4144 (2023-06-08) * updated AD support: kerb ticket now obtained at user space app launch from password in keychain. udpated profile manifest with better comments; delete cookes on webview each time it appears; added local login button; shows username password if discoveryURL is not defined [View](https://github.com/twocanoes/xcreds/commit/d17509bd2ce49313561632e15bc2698e38f09721) ## v3.1.4143 (2023-06-07) * updated fullname [View](https://github.com/twocanoes/xcreds/commit/627199474b42349bd42f6dc47c4cd442b9c3357a) * added shake to password field [View](https://github.com/twocanoes/xcreds/commit/d2370669893dc37937617be59a5601109915e991) * added shake to password field [View](https://github.com/twocanoes/xcreds/commit/d0f4efdbf886cbe9a21e449fe8d47f1ed671bdcd) * get kerb ticket on login [View](https://github.com/twocanoes/xcreds/commit/b7f7ad622ceaa57d27e419fa3fad10f0e040f8e3) ## v3.1.4081 (2023-05-27) * updated readme [View](https://github.com/twocanoes/xcreds/commit/4f27ddcd3d2a3a8e47f51a40a7631a7bf3343d88) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/e99abc0bb097c042f0ce0283547045ec1916db63) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/70082e7da4df6b71284735eb788b992df4c8ca40) * added Package.resolved [View](https://github.com/twocanoes/xcreds/commit/91fb7f3da5e789dabb37a5a8585592c69c1a732c) * added XCredsLoginPlugIn/errorpage.html [View](https://github.com/twocanoes/xcreds/commit/7bf66a34a1ef091f532959de62247ba1fbead13e) * cleaned up build system a bit [View](https://github.com/twocanoes/xcreds/commit/f99ec4a8ae38ff00adabe9b43c1ff8577c803dd1) * improved javascript parsing [View](https://github.com/twocanoes/xcreds/commit/ecf710eb181fd3f6dbdce7aedf511b8840e33ca6) * fixed issue with initial javascript listener [View](https://github.com/twocanoes/xcreds/commit/574a51b5b8329be4cc2ec8c045f710548aecf7d6) * cleaned up logging a bit [View](https://github.com/twocanoes/xcreds/commit/dfbf57f4a3d9649e2b35231bfedc6d591a7c3e41) * removed reset option [View](https://github.com/twocanoes/xcreds/commit/3150fa654f3b8a55018f0a1e0390aa6ec541e125) * removed KeychainReset and PasswordOverwriteSilent because it makes things worse [View](https://github.com/twocanoes/xcreds/commit/39362899ee0c0813f416057cad203061869daa84) * added lock screen switch to login window [View](https://github.com/twocanoes/xcreds/commit/77c52ad11ab01b1afd5e011b38a06b3de9527196) * fixed window levels, progress screen, background and boot runner issues [View](https://github.com/twocanoes/xcreds/commit/4c887fbdc82a0f63fcd8876aa662c6bc96ef7bbd) * improved logging [View](https://github.com/twocanoes/xcreds/commit/e92ffe9e65f1a95b4b3e9f1c8ea1089ae7720863) * checkpoint [View](https://github.com/twocanoes/xcreds/commit/488b66494c65e8460eefdf5bbb8c0d271102f298) * added override script and secure token admin reset [View](https://github.com/twocanoes/xcreds/commit/6717b3aa2cd0ef9d387484e7571183e6f8ffbb5d) * removed shouldFindPasswordElement since that is defaulit fallback behavior [View](https://github.com/twocanoes/xcreds/commit/2825ee7b6db005f6aa8ca6d60c72210ae7343af4) * cleaned up ui a bit [View](https://github.com/twocanoes/xcreds/commit/b64496bcb55573dff889a9ab92be2ed3f9cdd5e3) * dont refresh prefs so much [View](https://github.com/twocanoes/xcreds/commit/91ee8dcd371fe9e2182fd421674f9fcd484e4d81) * added check for group membership in oidc claim [View](https://github.com/twocanoes/xcreds/commit/2c03586a59821a04948692dcb9a41006ebf735f7) * added history file [View](https://github.com/twocanoes/xcreds/commit/5fa6c0436a58535e03fd457de9dd720186274a38) ## release-3.0 (2023-05-08) * updated readme [View](https://github.com/twocanoes/xcreds/commit/4f27ddcd3d2a3a8e47f51a40a7631a7bf3343d88) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/e99abc0bb097c042f0ce0283547045ec1916db63) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/70082e7da4df6b71284735eb788b992df4c8ca40) ## release_3_0 (2023-04-18) * added trial license beginnings [View](https://github.com/twocanoes/xcreds/commit/5a6cc5a91715e909dc8f9510f800dfffe485b7d6) * fixed regression for password change not capturing new password on azure [View](https://github.com/twocanoes/xcreds/commit/8db379d829d925409abfea85da72a788ead43d22) * bumped version to 3600 [View](https://github.com/twocanoes/xcreds/commit/f9601726f3d7255414d4ad44e20b9ac526af0f7c) * fixed issue with crash if time is far off [View](https://github.com/twocanoes/xcreds/commit/9c1d0d81ed62f525614b79e3a3dbc4b4bed3964b) * fixed typo [View](https://github.com/twocanoes/xcreds/commit/f309f95218424ca8f67177b0daed79d98344e943) * updated license [View](https://github.com/twocanoes/xcreds/commit/534be3e278d1daae48218952d20194e4e03b17b4) * fixed focus issue [View](https://github.com/twocanoes/xcreds/commit/e3c87a548a9e682b75ec01b4216ddfdda8a2ced2) ## release_v2_4 (2023-03-28) * updated readme [View](https://github.com/twocanoes/xcreds/commit/4f27ddcd3d2a3a8e47f51a40a7631a7bf3343d88) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/e99abc0bb097c042f0ce0283547045ec1916db63) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/70082e7da4df6b71284735eb788b992df4c8ca40) * added more logging for id token and bumped version to 2.3 [View](https://github.com/twocanoes/xcreds/commit/b8494ee343dab510fba1c1f304623efc985455a0) * added remove keychain option [View](https://github.com/twocanoes/xcreds/commit/19032d8df58c0bdd6197fc47f9f3aa2d8d6694ea) * updated language on keychain option and added pref in manifest [View](https://github.com/twocanoes/xcreds/commit/709a7f29e696c088cc8e13959dadba8f9c0f8c8e) * added key for customizing return to xcreds; added preference and ability to automatically refresh login window [View](https://github.com/twocanoes/xcreds/commit/514a1ba5ddaec55bfb8e40ca3e6c98a43c50ec7b) * added in login window height/width [View](https://github.com/twocanoes/xcreds/commit/18e974e67f2833862a1a6913a6c4563e339d4239) * added in login window height/width min value of 100 [View](https://github.com/twocanoes/xcreds/commit/6090d5ec4895045448920e774e16dc0614223919) * added in login window height/width min value of 100 [View](https://github.com/twocanoes/xcreds/commit/0a7dad70364bd830b8028da2cadd62c98b79271d) * fixed login window size and background image [View](https://github.com/twocanoes/xcreds/commit/339a66e7fdf6e8484da8f7c0a5c2ee6eed0aaef7) * fixed focus issue [View](https://github.com/twocanoes/xcreds/commit/992512bb1ac27f36c655d1e1a02eafdbd47a2b80) * updated sample configu [View](https://github.com/twocanoes/xcreds/commit/cd482e69520c8a7994eb8233e26c8a008c5048e7) * tweaked text for user space refresh token window and added pref to show or hide [View](https://github.com/twocanoes/xcreds/commit/9f29893203caef8799683cc2ded3345f306c4528) * fixed names and links in manifest [View](https://github.com/twocanoes/xcreds/commit/e759138ca72f2a4153fbea02f7b0b5cfd031bd01) * fixed crashing issue due to null refreshview outlet [View](https://github.com/twocanoes/xcreds/commit/d3931983b53633c91c33494fc1fcccd7614948ad) * added frontmost when prompting for keychain password [View](https://github.com/twocanoes/xcreds/commit/92ee6ed5c41dfefc798f1c839193aaa4a4a09f67) * fixed issue with autorefresh [View](https://github.com/twocanoes/xcreds/commit/d7126a026281afaac27c9381a9c4e42d472b4b31) * fixed changing wifi not dismissing dialog [View](https://github.com/twocanoes/xcreds/commit/7a3d45178e299b52014fb3dd0adf6c180667222f) * fixed changing wifi not dismissing dialog [View](https://github.com/twocanoes/xcreds/commit/9ef84939d56cce29c9b8e3a84b0f070a30f7e30c) * added 802.1x support; added support for pref key for finding password based on type=password [View](https://github.com/twocanoes/xcreds/commit/38ddeff5cd86d0cd43a97844c9d160da0ee446f3) * wip [View](https://github.com/twocanoes/xcreds/commit/72da3de9c054f4fb35fb19c9bb6ffd5c2ebbb47a) ## release_v2_1 (2023-01-11) ## realease_v2_2 (2023-01-11) * updated readme [View](https://github.com/twocanoes/xcreds/commit/4f27ddcd3d2a3a8e47f51a40a7631a7bf3343d88) * support getting password with get and adfs [View](https://github.com/twocanoes/xcreds/commit/494fdf75c79d8aa3b2c3cc6dc947f4423b2b3674) * Revert "support getting password with get and adfs" [View](https://github.com/twocanoes/xcreds/commit/425bda9a9323fd7eb9437f09f9da63747db9dc8d) * changed pref names for custom IDP / ADFS [View](https://github.com/twocanoes/xcreds/commit/83947497ec00cdfd7ec3b9a3683fa3b8e007aadf) * fixed package template issue and updated manifest [View](https://github.com/twocanoes/xcreds/commit/f2540a6c64b5bc9971833e8fa859821d4822af9c) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/e99abc0bb097c042f0ce0283547045ec1916db63) * enabled rekeying FileVault implementation [View](https://github.com/twocanoes/xcreds/commit/2ba233e3695b8a7bda297b0908da933d24bec1c4) * Support a Azure AD host [View](https://github.com/twocanoes/xcreds/commit/c0415863273f9797808d32633d3e800d630f9a0f) * If fullname is empty, shorname is used. [View](https://github.com/twocanoes/xcreds/commit/7764740647f8e4450b411fa08849e5f4cceba078) * added autologin when fv enabled [View](https://github.com/twocanoes/xcreds/commit/c8b394e055e2aa176af8a7f9e8cce53a3066f408) * added okta compatibility [View](https://github.com/twocanoes/xcreds/commit/5f38e70e641bc2c8129e940ae7e9f710380fea5b) * added a bit more logging [View](https://github.com/twocanoes/xcreds/commit/e2d2330a5050ab419290de466cef9f0b63407215) * removed "prompt":"consent" [View](https://github.com/twocanoes/xcreds/commit/3e0a5e6de6342f36c9622aba3ad55d2db4488942) * fixed notification prompt [View](https://github.com/twocanoes/xcreds/commit/40423c3b3ba271483826e49b6010f95e5b5683c7) * added shouldShowCloudLoginByDefault user default [View](https://github.com/twocanoes/xcreds/commit/d8658f333726d8151c2486a7fe38f94cc29cacb2) * added idhostnames array so you can specify multiple tenants [View](https://github.com/twocanoes/xcreds/commit/663dfa99b6bfb54487ca5cbc8d83618c8d180496) * removed registration reminder [View](https://github.com/twocanoes/xcreds/commit/738dff1ab4396e14d701da2dcb79c5c657533433) * removed spaces [View](https://github.com/twocanoes/xcreds/commit/180c2b9f4c267479723810a22a1dcc7715d992ce) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/70082e7da4df6b71284735eb788b992df4c8ca40) * added mappings for user info [View](https://github.com/twocanoes/xcreds/commit/074ac99d5b3b72f3a8fb553670968f6e67da8f10) * bumped version to 2.2 and build [View](https://github.com/twocanoes/xcreds/commit/23d902d5227eab2f3e61a6c931ccf63b94bc0ccb) * added new key for OIDC mapping [View](https://github.com/twocanoes/xcreds/commit/485be954afebf7cbe808a8b23e0be6a7c5efa495) * made keys lowercase for mappings [View](https://github.com/twocanoes/xcreds/commit/7432620d1a5c7e22e98975a5e806b73a9140d5ee) * changed case of keys [View](https://github.com/twocanoes/xcreds/commit/ecac4002bd45677fa72386cc73a56bfe6d3f53ed) * renamed mapped prefs with a prefix [View](https://github.com/twocanoes/xcreds/commit/aadd1445d92ac12e084946e1b40d97cf9f5aa6c7) * username hint was not being set [View](https://github.com/twocanoes/xcreds/commit/aba884ce568c39653fec406f7c95b21b1c554642) * added startup script [View](https://github.com/twocanoes/xcreds/commit/9c374670c37ba1b522e1247ec96a850a4e663b8e) * added credit to script [View](https://github.com/twocanoes/xcreds/commit/e36e74db471c955bd356f150dbc9b19d240a50d4) * implemented KeychainReset [View](https://github.com/twocanoes/xcreds/commit/0c34708fdeb9c9aa4303daa8382948d4e7d8143d) * implemented PasswordOverwriteSilent [View](https://github.com/twocanoes/xcreds/commit/8fcee904d23440051516c74228213a64b4ead348) * removed show prefs menu [View](https://github.com/twocanoes/xcreds/commit/d34328d71ec93b2663b75c080e41c8e0707b1f8e) * fixed timer issue [View](https://github.com/twocanoes/xcreds/commit/1d37d90a8ce81a142b90874b5d35641db4a9c1a8) * fixed shouldShowCloudLoginByDefault not working [View](https://github.com/twocanoes/xcreds/commit/570576b00c63db1f11ab5d7799301c9faed7f1e9) * fixed edge case when not showing xcreds login when logging out [View](https://github.com/twocanoes/xcreds/commit/3447f7be9e35a5e894911c0fa7366be4fa0d3b05) * removed test time [View](https://github.com/twocanoes/xcreds/commit/5bd5f84563b2a05fd4c2c169e1601cf5c270d8a9) * added sub as local user account if other methods not available; added some additional logging [View](https://github.com/twocanoes/xcreds/commit/fd4067d3a54850244f5f456825cbb531800dca85) * remove progress screen overlay because it was hiding filevault [View](https://github.com/twocanoes/xcreds/commit/453a9b79a19bbd05c4d638c01337b4752943898d) ## release_v2_0 (2022-08-30) * bumped version to 1.1 [View](https://github.com/twocanoes/xcreds/commit/d6a4c915da4e771335915c6aa1dae53d94c8c039) * added sample profile for google [View](https://github.com/twocanoes/xcreds/commit/342c8590fd5392822a9a57dd9a3293aa5f276eb6) * Cloud password verification dialog not centered... #15 [View](https://github.com/twocanoes/xcreds/commit/b1d8ee6069a92e6b231b8bce944f684fa36ec68e) * add "have token" indicator #10 [View](https://github.com/twocanoes/xcreds/commit/db746fd65ae1623e1d69f3c075391f474c9ccc3e) * Hide "About XCreds" menu item #18; Ability to add a custom URL and menu item for "Change Password #18 [View](https://github.com/twocanoes/xcreds/commit/f1c4593b4ad1b73899f9bc2cbfe61cd2d37eac11) * start of login window [View](https://github.com/twocanoes/xcreds/commit/ce6cc87d6f5e0ee87ecea89514865fd7b92df476) * pass username and password for login window [View](https://github.com/twocanoes/xcreds/commit/6addc7950cf499fb9bdeee098af1e0f9d35bfb63) * added fade to login window complete [View](https://github.com/twocanoes/xcreds/commit/3fd2f6dd2f69f8ec41e7eda52937e98cf0a30738) * restart and shutdown buttons [View](https://github.com/twocanoes/xcreds/commit/fde13dea140cf02043c8f9404c08917868bb5ecc) * implemented swiching back to mac login window [View](https://github.com/twocanoes/xcreds/commit/85545c29a8ad7c2b28daef1f8e8024bf377761ba) * wip [View](https://github.com/twocanoes/xcreds/commit/e755e305eb936a965cb0ef133d9f7c1cfb7cc765) * fixed xcreds breakage due to refactoring for xcreds login window [View](https://github.com/twocanoes/xcreds/commit/f41778819ed0d04325880e641799f723732ca6f3) * added keychain updating with tokens [View](https://github.com/twocanoes/xcreds/commit/2e3114e4f657761addd714abe7de790350623c83) * xcreds login window [View](https://github.com/twocanoes/xcreds/commit/03e929f9fa582b394686bb7669b28d0e906c4cd9) * added return to cloud login and wait message [View](https://github.com/twocanoes/xcreds/commit/f29ea30d43e51b6ef44bfbdad7d0ccd1d650a6b3) * bumped version [View](https://github.com/twocanoes/xcreds/commit/7fb698159e5f0b6cd54057d0938ddd0a448bd321) * updated manifest [View](https://github.com/twocanoes/xcreds/commit/ce8b9197c101d106605d5ea8e6bf87f5b52412ac) * added username to manifest [View](https://github.com/twocanoes/xcreds/commit/aa7945756f9c0a0573cf79b48c677c35dfbe7469) * fixed install scripts [View](https://github.com/twocanoes/xcreds/commit/ad2152c8e24b03dd685627d052b3116e5badfd62) * updated readme [View](https://github.com/twocanoes/xcreds/commit/690e6966e81bcb27f8859c010c230d2d0af4ba0a) * updaed sample profiles [View](https://github.com/twocanoes/xcreds/commit/5cd70f021fc8a4b7321dbfe7bd5cf1298a901609) * added arbitrary check for password in form [View](https://github.com/twocanoes/xcreds/commit/9d1dadac7750544dffa4db82fc258f0b7ed9663e) * bumped build number [View](https://github.com/twocanoes/xcreds/commit/bb90624c3d9a45870956621f22b41da5434e2bce) * fixed idtoken required values causing failure [View](https://github.com/twocanoes/xcreds/commit/de5dd6affee913fc6f2f65125188a8e894460b65) * added build number when starting up [View](https://github.com/twocanoes/xcreds/commit/2d4b70a192e119352cccc2d7318b8997e3c7fe74) * added build number when starting up in mechnism [View](https://github.com/twocanoes/xcreds/commit/5f6bdd336f311caa991f10c380b15f9acc2f5bb2) * added build number when starting up in mechnism [View](https://github.com/twocanoes/xcreds/commit/26b995a2173376ea6275a037a7866ea154b9ef31) * create user mech [View](https://github.com/twocanoes/xcreds/commit/2bd3cb885f9cfc2557cc709404a8c665e99236f1) * tweaked create user [View](https://github.com/twocanoes/xcreds/commit/4bfdd1017266b30d25e9fb0162decbe54fe3b5a9) * added FDE enable [View](https://github.com/twocanoes/xcreds/commit/2422e5588412d4cc721f93c0695405d939096c42) * updated prefs [View](https://github.com/twocanoes/xcreds/commit/14d39e3fe023b6412a73b6cba2a214b283a1b7d7) * added fde option [View](https://github.com/twocanoes/xcreds/commit/2b022b47d6c23e2bbf6fcd6f0b7bb249df689bc1) * added network changing detection to reload page [View](https://github.com/twocanoes/xcreds/commit/de4acf06e2e7b18c232dd0dcd5ce55e8944d2e2a) * fixed status icon issue; fixed lack of prompting on first launch [View](https://github.com/twocanoes/xcreds/commit/9aa2d77b366fe963aed1ec78c932c467d83f5b63) * added default to create keychain [View](https://github.com/twocanoes/xcreds/commit/27be41527d7716df6fbcd9ed276f542b80e53682) * added better loading at start [View](https://github.com/twocanoes/xcreds/commit/1223e399814d061d9962a75d6c037445cd9862f9) * updated loading message [View](https://github.com/twocanoes/xcreds/commit/d8d1b96e3e2927eb110747155942c4f000c8872c) * smother transitions and background image [View](https://github.com/twocanoes/xcreds/commit/6f6f2b9c7b24a3724440b77b52d86cfaeca3169d) * fixed background image url [View](https://github.com/twocanoes/xcreds/commit/8164b122c71f76b0bea9a3237d386ffac9ec0d30) * fixed overlay not showing [View](https://github.com/twocanoes/xcreds/commit/6cedc60bbaad9747209ae73521a0af480a8301a0) * fixed regression with back to my xcreds [View](https://github.com/twocanoes/xcreds/commit/ff3dee83940377a8544283d207e011f5854be8c3) * add tweak to back to my xcreds [View](https://github.com/twocanoes/xcreds/commit/7aafd66a0d75a3ee09dc6a4cd1c7f211877fb15b) * more tweaks to back to my xcreds [View](https://github.com/twocanoes/xcreds/commit/b2ef99f2db8056933eb2c047f28d6449059103dd) * fixed minor issues with prefs [View](https://github.com/twocanoes/xcreds/commit/18bccee23ceb28e47bd25f7ed38433dea76e787b) * reverted default [View](https://github.com/twocanoes/xcreds/commit/5fe505fa6c90b1ae198bc1d5aeac6068e0e9ecdc) * project update [View](https://github.com/twocanoes/xcreds/commit/4ea4da0da0260d9d9379ea599689d1c5ed1515b5) ## prebeta (2022-06-15) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/7289a72ae79005797fa4651dc61328354aca7c2b) * Update README.md [View](https://github.com/twocanoes/xcreds/commit/07947e9e66f68db049481b6e35373a8a5b5a4bf5) * added support for Google IdP [View](https://github.com/twocanoes/xcreds/commit/4733a6cdeef503db2e08a21bb9443700bfb9526d) ================================================ FILE: release_notes.sh ================================================ #!/usr/bin/env bash previous_tag=0 for current_tag in $(git tag --sort=-creatordate) do if [ "$previous_tag" != 0 ];then tag_date=$(git log -1 --pretty=format:'%ad' --date=short ${previous_tag}) printf "## ${previous_tag} (${tag_date})\n\n" git log ${current_tag}...${previous_tag} --pretty=format:'* %s [View](https://github.com/twocanoes/xcreds/commit/%H)' --reverse | grep -v Merge printf "\n\n" fi previous_tag=${current_tag} done ================================================ FILE: release_notes_plain.sh ================================================ #!/usr/bin/env bash previous_tag=0 for current_tag in $(git tag --sort=-creatordate) do if [ "$previous_tag" != 0 ];then tag_date=$(git log -1 --pretty=format:'%ad' --date=short ${previous_tag}) printf "## ${previous_tag} (${tag_date})\n\n" git log ${current_tag}...${previous_tag} --pretty=format:'* %s' --reverse | grep -v Merge printf "\n\n" fi previous_tag=${current_tag} done ================================================ FILE: run_script.sh ================================================ #!/bin/sh exit 0 ================================================ FILE: scripts/setup_xcreds_autostart.sh ================================================ #!/bin/bash -e #thanks to Simon Andersen for crafting the core of this. if [ ! -d "/Library/LaunchAgents" ]; then mkdir /Library/LaunchAgents fi if [ -e "/Library/LaunchAgents/local.xcreds.plist" ]; then echo "/Library/LaunchAgents/local.xcreds.plist already exists. exiting." else /usr/libexec/PlistBuddy -c "Add :Label string local.xcreds" /Library/LaunchAgents/local.xcreds.plist /usr/libexec/PlistBuddy -c "Add :ProgramArguments array" /Library/LaunchAgents/local.xcreds.plist /usr/libexec/PlistBuddy -c "Add :ProgramArguments:0 string /Applications/XCreds.app/Contents/MacOS/XCreds" /Library/LaunchAgents/local.xcreds.plist /usr/libexec/PlistBuddy -c "Add :KeepAlive bool YES" /Library/LaunchAgents/local.xcreds.plist echo "successfully set up xcreds to launch at login for every user." fi ================================================ FILE: tap/Info.plist ================================================ NSExtension NSExtensionAttributes com.apple.ctk.class-id com.twocanoes.xcreds.tap com.apple.ctk.driver-class $(PRODUCT_MODULE_NAME).TokenDriver com.apple.ctk.token-type smartcard NSExtensionPointIdentifier com.apple.ctk-tokens ================================================ FILE: tap/Token.swift ================================================ // // Token.swift // // Created by Timothy Perfitt on 6/18/24. // import CryptoTokenKit class Token: TKSmartCardToken, TKTokenDelegate { init(smartCard: TKSmartCard, aid AID: Data?, tokenDriver: TKSmartCardTokenDriver) throws { let instanceID = "xcredstap" // Fill in a unique persistent identifier of the token instance. super.init(smartCard: smartCard, aid:nil, instanceID:instanceID, tokenDriver: tokenDriver) } func createSession(_ token: TKToken) throws -> TKTokenSession { return TokenSession(token:self) } } ================================================ FILE: tap/TokenDriver.swift ================================================ // // TokenDriver.swift // // Created by Timothy Perfitt on 6/18/24. // import CryptoTokenKit class TokenDriver: TKSmartCardTokenDriver, TKSmartCardTokenDriverDelegate { func tokenDriver(_ driver: TKSmartCardTokenDriver, createTokenFor smartCard: TKSmartCard, aid AID: Data?) throws -> TKSmartCardToken { return try Token(smartCard: smartCard, aid: nil, tokenDriver: self) } } ================================================ FILE: tap/TokenSession.swift ================================================ // // TokenSession.swift // // Created by Timothy Perfitt on 6/18/24. // import CryptoTokenKit class TokenSession: TKSmartCardTokenSession, TKTokenSessionDelegate { func tokenSession(_ session: TKTokenSession, beginAuthFor operation: TKTokenOperation, constraint: Any) throws -> TKTokenAuthOperation { return TKTokenSmartCardPINAuthOperation() } func tokenSession(_ session: TKTokenSession, supports operation: TKTokenOperation, keyObjectID: Any, algorithm: TKTokenKeyAlgorithm) -> Bool { // Indicate whether the given key supports the specified operation and algorithm. return true } func tokenSession(_ session: TKTokenSession, sign dataToSign: Data, keyObjectID: Any, algorithm: TKTokenKeyAlgorithm) throws -> Data { var signature: Data? // Insert code here to sign data using the specified key and algorithm. signature = nil if let signature = signature { return signature } else { // If the operation failed for some reason, fill in an appropriate error like objectNotFound, corruptedData, etc. // Note that responding with TKErrorCodeAuthenticationNeeded will trigger user authentication after which the current operation will be re-attempted. throw NSError(domain: TKErrorDomain, code: TKError.Code.authenticationNeeded.rawValue, userInfo: nil) } } func tokenSession(_ session: TKTokenSession, decrypt ciphertext: Data, keyObjectID: Any, algorithm: TKTokenKeyAlgorithm) throws -> Data { var plaintext: Data? // Insert code here to decrypt the ciphertext using the specified key and algorithm. plaintext = nil if let plaintext = plaintext { return plaintext } else { // If the operation failed for some reason, fill in an appropriate error like objectNotFound, corruptedData, etc. // Note that responding with TKErrorCodeAuthenticationNeeded will trigger user authentication after which the current operation will be re-attempted. throw NSError(domain: TKErrorDomain, code: TKError.Code.authenticationNeeded.rawValue, userInfo: nil) } } func tokenSession(_ session: TKTokenSession, performKeyExchange otherPartyPublicKeyData: Data, keyObjectID objectID: Any, algorithm: TKTokenKeyAlgorithm, parameters: TKTokenKeyExchangeParameters) throws -> Data { var secret: Data? // Insert code here to perform Diffie-Hellman style key exchange. secret = nil if let secret = secret { return secret } else { // If the operation failed for some reason, fill in an appropriate error like objectNotFound, corruptedData, etc. // Note that responding with TKErrorCodeAuthenticationNeeded will trigger user authentication after which the current operation will be re-attempted. throw NSError(domain: TKErrorDomain, code: TKError.Code.authenticationNeeded.rawValue, userInfo: nil) } } } ================================================ FILE: tap/tap.entitlements ================================================ com.apple.security.app-sandbox com.apple.security.smartcard