remove admin if we made them admin

NomadLogin/DSQueryable.swift

@@ -272,7 +272,10 @@ public extension DSQueryable {
             let adminGroup = results.first
 
             os_log("Adding user to administrators group", type: .debug)
+
             try adminGroup?.addMemberRecord(user)
+            try? user.setValue("1", forAttribute: "dsAttrTypeNative:_xcreds_promoted_to_admin")
+
 
         } catch {
             let errorText = error.localizedDescription

Profile Manifest/com.twocanoes.xcreds.plist

@@ -5,7 +5,7 @@
 	<key>pfm_app_url</key>
 	<string>https://github.com/twocanoes/xcreds</string>
 	<key>pfm_description</key>
-	<string>XCreds 4.1 (6276) OAuth Settings</string>
+	<string>XCreds 4.1 (6278) OAuth Settings</string>
 	<key>pfm_documentation_url</key>
 	<string>https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences</string>
 	<key>pfm_domain</key>

ShareMounter.swift

@@ -345,7 +345,7 @@ class ShareMounter {
 
                 }
 
-                if true {
+                if sharePrefs?.bool(forKey: ShareKeys.finderMount) ?? false {
 
                     myLogger.logit(.debug, message: "Mounting share via Finder")
                     _ = cliTask("/usr/bin/open \(all_shares[index].url.absoluteString)")

XCredsLoginPlugIn/Mechanisms/XCredsCreateUser.swift

@@ -71,7 +71,7 @@ class XCredsCreateUser: XCredsBaseMechanism, DSQueryable {
         }
         TCSLogWithMark("user:\(xcredsUser ?? "")")
         var isAdmin = false
-//        var shouldRemoveAdmin = false
+        var shouldRemoveAdmin = false
         if let createAdmin = getManagedPreference(key: .CreateAdminUser) as? Bool {
             isAdmin = createAdmin
             TCSLog("Found a createLocalAdmin key value: \(isAdmin.description)")
@@ -87,9 +87,10 @@ class XCredsCreateUser: XCredsBaseMechanism, DSQueryable {
                     TCSLogWithMark("User is a member of \(group) group. Setting isAdmin = true ")
                 }
             }
-//            if isAdmin == false {
-//                shouldRemoveAdmin = true
-//            }
+            if isAdmin == false {
+                TCSLogWithMark("admin groups defined but user is not a member, so marking remove if it exists and we created it")
+                shouldRemoveAdmin = true
+            }
 
         }
 
@@ -220,12 +221,24 @@ class XCredsCreateUser: XCredsBaseMechanism, DSQueryable {
 
                     }
                 }
-//                else if shouldRemoveAdmin == true {
-//                    if removeAdmin(record)==false {
-//                        os_log("failed to remove user an admin", log: createUserLog, type: .error)
-//
-//                    }
-//                }
+                else if shouldRemoveAdmin == true {
+                    TCSLogWithMark("removing admin if xcreds created")
+
+                    if let promotedToAdminArray = try record.values(forAttribute: "dsAttrTypeNative:_xcreds_promoted_to_admin") as? [String],promotedToAdminArray.count==1, promotedToAdminArray[0]=="1"  {
+                        TCSLogWithMark("we promoted so removing admin")
+
+                        if removeAdmin(record)==false {
+                            TCSLogErrorWithMark("failed to remove user an admin")
+
+                        }
+                        else { // success so remove attribute
+                            TCSLogWithMark("removing _xcreds_promoted_to_admin from record")
+
+                            try record.removeValues(forAttribute: "dsAttrTypeNative:_xcreds_promoted_to_admin")
+                        }
+
+                    }
+                }
             }
 
             catch {

xCreds.xcodeproj/project.pbxproj

@@ -1436,7 +1436,7 @@
 			buildSettings = {
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 6276;
+				CURRENT_PROJECT_VERSION = 6281;
 				DEFINES_MODULE = YES;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1473,7 +1473,7 @@
 			buildSettings = {
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 6276;
+				CURRENT_PROJECT_VERSION = 6281;
 				DEFINES_MODULE = YES;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1594,7 +1594,7 @@
 				CODE_SIGN_ENTITLEMENTS = "XCreds Login Overlay/XCreds_Login_Overlay.entitlements";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 6276;
+				CURRENT_PROJECT_VERSION = 6281;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1631,7 +1631,7 @@
 				CODE_SIGN_ENTITLEMENTS = "XCreds Login Overlay/XCreds_Login_Overlay.entitlements";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 6276;
+				CURRENT_PROJECT_VERSION = 6281;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1781,7 +1781,7 @@
 				CODE_SIGN_ENTITLEMENTS = XCreds/xCreds.entitlements;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 6276;
+				CURRENT_PROJECT_VERSION = 6281;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1823,7 +1823,7 @@
 				CODE_SIGN_ENTITLEMENTS = XCreds/xCreds.entitlements;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 6276;
+				CURRENT_PROJECT_VERSION = 6281;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				FRAMEWORK_SEARCH_PATHS = (

xCreds.xcodeproj/xcuserdata/tperfitt.xcuserdatad/xcdebugger/Breakpoints_v2.xcbkptlist

@@ -7,112 +7,64 @@
       <BreakpointProxy
          BreakpointExtensionID = "Xcode.Breakpoint.FileBreakpoint">
          <BreakpointContent
-            uuid = "AD703F2B-DAF1-4738-899C-11CCB6497F34"
+            uuid = "65CFC0FC-92F4-4EBE-B39C-06BAAED98738"
             shouldBeEnabled = "Yes"
             ignoreCount = "0"
             continueAfterRunningActions = "No"
-            filePath = "NoMADSession.swift"
+            filePath = "ShareMounter.swift"
             startingColumnNumber = "9223372036854775807"
             endingColumnNumber = "9223372036854775807"
-            startingLineNumber = "1236"
-            endingLineNumber = "1236"
-            landmarkName = "userInfo()"
+            startingLineNumber = "360"
+            endingLineNumber = "360"
+            landmarkName = "mountShares()"
             landmarkType = "7">
          </BreakpointContent>
       </BreakpointProxy>
       <BreakpointProxy
          BreakpointExtensionID = "Xcode.Breakpoint.FileBreakpoint">
          <BreakpointContent
-            uuid = "E7ACFAB4-E5A6-4D48-B4F7-0BC0DC6ED882"
+            uuid = "85E4B5A0-AC59-4F34-9569-31C68C501F17"
             shouldBeEnabled = "Yes"
             ignoreCount = "0"
             continueAfterRunningActions = "No"
-            filePath = "XCreds/MainController.swift"
+            filePath = "ShareMounter.swift"
             startingColumnNumber = "9223372036854775807"
             endingColumnNumber = "9223372036854775807"
-            startingLineNumber = "115"
-            endingLineNumber = "115"
-            landmarkName = "checkAndMountShares()"
+            startingLineNumber = "371"
+            endingLineNumber = "371"
+            landmarkName = "mountShares()"
             landmarkType = "7">
          </BreakpointContent>
       </BreakpointProxy>
       <BreakpointProxy
          BreakpointExtensionID = "Xcode.Breakpoint.FileBreakpoint">
          <BreakpointContent
-            uuid = "00C34C5C-60B1-4C30-94C8-534B87C9B374"
+            uuid = "9EDF5B33-D76B-4DC7-A3D1-879A37CA1F48"
             shouldBeEnabled = "Yes"
             ignoreCount = "0"
             continueAfterRunningActions = "No"
-            filePath = "XCreds/ScheduleManager.swift"
+            filePath = "ShareMounter.swift"
             startingColumnNumber = "9223372036854775807"
             endingColumnNumber = "9223372036854775807"
-            startingLineNumber = "171"
-            endingLineNumber = "171"
-            landmarkName = "NoMADUserInformation(user:)"
+            startingLineNumber = "370"
+            endingLineNumber = "370"
+            landmarkName = "mountShares()"
             landmarkType = "7">
          </BreakpointContent>
       </BreakpointProxy>
       <BreakpointProxy
          BreakpointExtensionID = "Xcode.Breakpoint.FileBreakpoint">
          <BreakpointContent
-            uuid = "1A014A3F-393F-4FE5-9A83-79C8DE3F3295"
+            uuid = "28403DD2-8F25-45DC-A10C-EC0AB0526E1D"
             shouldBeEnabled = "Yes"
             ignoreCount = "0"
             continueAfterRunningActions = "No"
-            filePath = "XCreds/ScheduleManager.swift"
+            filePath = "ShareMounter.swift"
             startingColumnNumber = "9223372036854775807"
             endingColumnNumber = "9223372036854775807"
-            startingLineNumber = "159"
-            endingLineNumber = "159"
-            landmarkName = "NoMADAuthenticationSucceded()"
-            landmarkType = "7">
-         </BreakpointContent>
-      </BreakpointProxy>
-      <BreakpointProxy
-         BreakpointExtensionID = "Xcode.Breakpoint.FileBreakpoint">
-         <BreakpointContent
-            uuid = "895D5BFA-B444-4C09-BBEB-274B6989EC37"
-            shouldBeEnabled = "Yes"
-            ignoreCount = "0"
-            continueAfterRunningActions = "No"
-            filePath = "XCredsLoginPlugIn/LoginWindow/SignInWindowController.swift"
-            startingColumnNumber = "9223372036854775807"
-            endingColumnNumber = "9223372036854775807"
-            startingLineNumber = "792"
-            endingLineNumber = "792"
-            landmarkName = "NoMADAuthenticationSucceded()"
-            landmarkType = "7">
-         </BreakpointContent>
-      </BreakpointProxy>
-      <BreakpointProxy
-         BreakpointExtensionID = "Xcode.Breakpoint.FileBreakpoint">
-         <BreakpointContent
-            uuid = "E50B6015-51C1-47D9-B267-0BF80EDEFC66"
-            shouldBeEnabled = "Yes"
-            ignoreCount = "0"
-            continueAfterRunningActions = "No"
-            filePath = "XCreds/ScheduleManager.swift"
-            startingColumnNumber = "9223372036854775807"
-            endingColumnNumber = "9223372036854775807"
-            startingLineNumber = "166"
-            endingLineNumber = "166"
-            landmarkName = "NoMADAuthenticationFailed(error:description:)"
-            landmarkType = "7">
-         </BreakpointContent>
-      </BreakpointProxy>
-      <BreakpointProxy
-         BreakpointExtensionID = "Xcode.Breakpoint.FileBreakpoint">
-         <BreakpointContent
-            uuid = "E0705EEB-075C-4FA0-A500-BD7C34B7F800"
-            shouldBeEnabled = "Yes"
-            ignoreCount = "0"
-            continueAfterRunningActions = "No"
-            filePath = "NoMADSession.swift"
-            startingColumnNumber = "9223372036854775807"
-            endingColumnNumber = "9223372036854775807"
-            startingLineNumber = "1149"
-            endingLineNumber = "1149"
-            landmarkName = "authenticate(authTestOnly:)"
+            startingLineNumber = "379"
+            endingLineNumber = "379"
+            landmarkName = "mountShares()"
             landmarkType = "7">
          </BreakpointContent>
       </BreakpointProxy>

xCreds.xcodeproj/xcuserdata/tperfitt.xcuserdatad/xcschemes/xcschememanagement.plist

@@ -32,7 +32,7 @@
 		<key>auth_mech_fixup.xcscheme_^#shared#^_</key>
 		<dict>
 			<key>orderHint</key>
-			<integer>7</integer>
+			<integer>6</integer>
 		</dict>
 		<key>authrights.xcscheme_^#shared#^_</key>
 		<dict>
@@ -42,7 +42,7 @@
 		<key>test.xcscheme_^#shared#^_</key>
 		<dict>
 			<key>orderHint</key>
-			<integer>6</integer>
+			<integer>7</integer>
 		</dict>
 	</dict>
 	<key>SuppressBuildableAutocreation</key>