SAP / macOS-enterprise-privileges

For Mac users in enterprise environments, this application gives users control over the administration of their machine by elevating their level of access to administrator privileges on macOS. Users can set a timeframe in the application's settings to perform specific tasks, such as installing or removing an application.
Apache License 2.0
1.4k stars 149 forks source link

LimitToUser doesn't work if NSUserName is not lowercase #15

Closed vc5047 closed 2 years ago

vc5047 commented 3 years ago

https://github.com/SAP/macOS-enterprise-privileges/blob/4ab3d190cc827f059e3779a5a09d2921c71b4459/source/Privileges/AppDelegate.m#L370

In an environment where the NSUserName value is not all lowercase, the LimitToUser feature doesn't work, because the input from the config profile automatically gets lower-cased. The case normalization would need to happen on both sides being compared, or better, should do a case-insensitive comparison. Something like: (limitToUser && !([limitToUser caseInsensitiveCompare:_currentUser] == NSOrderedSame))

I wasn't able to test above, due to issues with the linking in the Xcode project I encountered.

mthielemann commented 2 years ago

Thanks. This will be fixed in the next release of Privileges.

vc5047 commented 2 years ago

Thanks, Marc! Great to hear!

rtrouton commented 2 years ago

Addressed as part of Privileges 1.5.3.