Alte_Skripte/de.ing.activate_FV_rotate_Recovery_key_with_prompt.sh

#!/bin/bash
##########################################################################
# Script		:	Change FW-PW
# Autor			:	Andreas Vogel
# Copyright		:	macenterprise gmbh, 2020
##########################################################################
unset setpassword_fv
unset rotatepassword_fv
unset adduser_fv

############################################# Jamf Hepler Messanger #############################################################

jamfHelper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"
jamf="/usr/local/bin/jamf"

ErrorIcon="/Library/Application Support/JAMF/ING/France_road_sign_A14.svg.png"
Error="An unexpected error has occurred. The encryption does not work properly. Please contact Mac support."
MessageIcon="/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/ToolbarCustomizeIcon.icns"
Message="The Filevault setting must be updated. Please enter your current Windows password in the next window."


############################################# Variablen #########################################################################
Status=$(fdesetup status | head -1 | cut -d ' ' -f 3)

user=$(stat -f '%u %Su' /dev/console | cut -d ' ' -f 2)

DecryptString() {
# Usage: ~$ DecryptString "Encrypted String" "Salt" "Passphrase"
echo "${1}" | /usr/bin/openssl enc -aes256 -d -a -A -S "${2}" -k "${3}"
}

adminName="$7"
adminPass=$(DecryptString "$4" "$5" "$6")

############################################# Funktion #########################################################################

enable_fv () {
expect <<EOF
spawn fdesetup enable
expect "Enter the user name:"
send "$adminName\r"
expect "Enter the password for user $user:"
send "$adminPass\r"
expect EOF
EOF
}


rotatepassword_fv () {
expect <<EOF
spawn fdesetup changerecovery -personal
expect "Enter the user name:"
send "$adminName\r"
expect "Enter the password for user $adminName:"
send "$adminPass\r"
expect EOF
EOF
}

adduser_fv () {
expect <<EOF
spawn fdesetup add -usertoadd $user
expect "Enter the primary user name:"
send $adminName\r
expect "Enter the password for the user $adminName:"
send $adminPass\r
expect "Enter the password for the added user $user:"
send $APASS\r
expect
EOF
}


ask_pw () {
loggedInUser=$(stat -f%Su /dev/console)
loggedInUID=$(id -u $loggedInUser)

# Abfrage, dass nicht ROOT angemeldet ist
if [[ "$loggedInUser" != "root" ]] && [[ "$loggedInUser" != "_mbsetup" ]]
then

## Create local script
cat << EOD > /private/tmp/WN_PW.sh
#!/bin/bash

WN_PW=\$(/usr/bin/osascript -e 'text returned of (display dialog "Please enter your current Windows password" with hidden answer default answer "" buttons {"OK"} default button 1)')

printf "\${WN_PW}" > /private/tmp/WN_PW.txt

EOD
/bin/chmod +x /private/tmp/WN_PW.sh
/bin/launchctl asuser "$loggedInUID" sudo -iu "$loggedInUser" "/private/tmp/WN_PW.sh"	
APASS=$(cat /tmp/WN_PW.txt)

fi

}



############################################# Ausführung #############################################################################

if [[ $Status == "Off." ]]
	then
		HELPER=$("$jamfHelper" -windowType utility -icon "$MessageIcon" -title "Error" -description "$Message" -button1 "OK" -defaultButton 1)
		echo "Exit Code: FileVault is disabled and will now be enabled."
		
		ask_pw
		
		if enable_fv
			then 	
				sleep 60

				if adduser_fv
					then
						rm -f /private/tmp/WN_PW.sh
						rm -f /private/tmp/WN_PW.txt
						
						jamf recon
					else
						printf HELPER=$("$jamfHelper" -windowType utility -icon "$ErrorIcon" -title "Error" -description "$Error" -button1 "OK" -defaultButton 1)
						echo "Exit Code: FileVault 2 wurde aktiviert. User konnte nicht hinzugefügt werden."
						rm -f /private/tmp/WN_PW.sh
						rm -f /private/tmp/WN_PW.txt
				fi
							
			else
						printf HELPER=$("$jamfHelper" -windowType utility -icon "$ErrorIcon" -title "Error" -description "$Error" -button1 "OK" -defaultButton 1)
						echo "Exit Code: FileVault 2 konnte nicht aktiviert werden."
						rm -f /private/tmp/WN_PW.sh
						rm -f /private/tmp/WN_PW.txt
				fi					
	else
		echo "FileVault is active. The key is changed"
		rotatepassword_fv
		jamf recon
		rm -f /private/tmp/WN_PW.sh
		rm -f /private/tmp/WN_PW.txt
fi