search

Macjutsu / super

S.U.P.E.R.M.A.N. optimizes the macOS software update experience.
Apache License 2.0
619 stars 83 forks source link

5.0.0beta2 - User auth workflow has countdown timer - Doesn't persist if no password entered #233

Closed master-vodawagner closed 1 month ago

master-vodawagner commented 1 month ago

I'm testing the User Auth workflow on Apple Silicon

When my device reaches the state of max hard days, MDM fails to start the reboot (intended I disabled the network) and presents the User Auth UI ($display_string_user_auth_deadline_days_hard_body) [I've tweaked the text of said variable too].

I get the 2 minute countdown to enter the password, I was under the impression OR at least in Super V4 the UI persists until a password is entered however I'm not getting that. After 2 minutes the workflow fails and goes to the default 1 hour try again UI.

macOS_Sequoia-Super-08-MDMFailedLocalAuthNeeded-PromptOnly
Macjutsu commented 1 month ago

Depends on your settings.... but if super was told there should be a display timeout... it will timeout the auth dialog just like any other. So what settings are you using?

master-vodawagner commented 1 month ago

I don't think I've got a timeout set for User Auth (DialogTimeoutUserAuth)

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>DeferralTimerDefault</key>
    <string>60</string>
    <key>DisplayIconFile</key>
    <string><ICON></string>
    <key>DisplayIconSize</key>
    <string>90</string>
    <key>DisplayUnmovable</key>
    <string>ALWAYS</string>
    <key>DialogTimeoutDefault</key>
    <string>600</string>
    <key>DeadlineDaysHard</key>
    <string>1</string>
    <key>ScheduledInstallUserChoice</key>
    <true/>
    <key>ScheduledInstallReminder</key>
    <string>60,30,15,5</string>
    <key>AuthJamfComputerID</key>
    <string>$JSSID</string>
    <key>DeferralTimerMenu</key>
    <string>30,60,120,180</string>
    <key>InstallNonSystemUpdatesWithoutRestarting</key>
    <true/>
    <key>DeferralTimerWorkflowRelaunch</key>
    <string>20</string>
    <key>AuthMDMFailoverToUser</key>
    <string>ALWAYS</string>
    <key>DisplayHelpButtonString</key>
    <string>https://support.apple.com/en-gb/HT213895</string>
    <key>InstallRapidSecurityResponses</key>
    <true/>
    <key>VerboseMode</key>
    <true/>
  </dict>
</plist>
Macjutsu commented 1 month ago

Hrm... well this key <key>DialogTimeoutDefault</key> should be setting it to <string>600</string> ten minutes.... so I'm not sure why it's going for only two minutes. You'd have to interrogate the super.log (poissibly in --verbose-mode) to determine why it's doing that.

Either way... if you set a DialogTimeoutDefault timeout it will timeout all dialogs.

master-vodawagner commented 1 month ago

So without DialogTimeoutDefault and we defined the other prompts to timeout but not user auth it would theoretically persist?

Macjutsu commented 1 month ago

Yes, that is how it should work.

master-vodawagner commented 1 month ago

Yep worked, was an obvious transition to V5 that I overlooked