PDA

View Full Version : Cannot unlock NetInfo Manager


ScottRussell2
02-15-2007, 08:53 AM
Hello everyone,

I have created a hidden admin user script-o-magically using scripts I found from Jeff McCune and others.

Here's the script:

#!/bin/bash
#HiddenAdminCreate

if [[ "$USER" != "root" ]] ; then
echo "Requires root"
exit 1
fi

HiddenAdminCreate()
{
sudo echo "$(date): Creating hiddenAdmin user and group ... "

## Thanks to Jeff McCune for this script
## Slight modifications by SR

# Easily define where we actually want to
# create users in DirectoryService.
DS_ROOT_NODE="/NetInfo"

USERNAME="hiddenadmin"
REAL_NAME="Hidden Administrator"
UNIQUE_ID="499"
ADMIN=true
HOME_DIR="/var/HiddenAdmin"

## Verify that the UNIQUE_ID we want isn't already assigned
## If it is, add or subtract 1 until we get one that is not assigned
ASSIGNED=`dscl localhost -list "${DS_ROOT_NODE}/Users" uid | grep "${UNIQUE_ID}"`

until [[ "x${ASSIGNED}" == "x" ]]
do
if [[ "x${ASSIGNED}" != "x" ]] ; then
if [[ "$UNIQUE_ID" -lt 500 ]] ; then # ... invisible users
let "UNIQUE_ID -= 1"
else # UNIQUE_ID > 500 ... visible users
let "UNIQUE_ID += 1"
fi
fi
ASSIGNED=`dscl localhost -list "${DS_ROOT_NODE}/Users" uid | grep "${UNIQUE_ID}"`
done


## Create the user with the assigned properties
##
dscl localhost -create "${DS_ROOT_NODE}/Users/${USERNAME}" && echo " Creating user \"${USERNAME}\""

for PROPERTY in \
_writers_hint \
_writers_passwd \
_writers_picture \
_writers_realname \
_writers_tim_password
do
dscl localhost -create "${DS_ROOT_NODE}/Users/${USERNAME}" "${PROPERTY}" "${USERNAME}" && echo " merging property $PROPERTY with value ${USERNAME}"
done

dscl localhost -merge "${DS_ROOT_NODE}/Users/${USERNAME}" "AuthenticationAuthority" ";ShadowHash;" && echo " merging property AuthenticationAuthority with value ;ShadowHash;"
dscl localhost -merge "${DS_ROOT_NODE}/Users/${USERNAME}" "AuthenticationHint" "" && echo " merging property AuthenticationHint with value \"\""
dscl localhost -merge "${DS_ROOT_NODE}/Users/${USERNAME}" "NFSHomeDirectory" "${HOME_DIR}" && echo " merging property NFSHomeDirectory with value ${HOME_DIR}"
dscl localhost -merge "${DS_ROOT_NODE}/Users/${USERNAME}" "passwd" "*" && echo " merging property passwd with value *"
dscl localhost -merge "${DS_ROOT_NODE}/Users/${USERNAME}" "Picture" "/Library/User Pictures/Fun/Fortune Cookie.tif" && echo " merging property Picture with value \"/Library/User Pictures/Fun/Fortune Cookie.tif\""
dscl localhost -merge "${DS_ROOT_NODE}/Users/${USERNAME}" "PrimaryGroupID" "${UNIQUE_ID}" && echo " merging property PrimaryGroupID with value ${UNIQUE_ID}"
dscl localhost -merge "${DS_ROOT_NODE}/Users/${USERNAME}" "RealName" "${REAL_NAME}" && echo " merging property RealName with value ${USERNAME}"
dscl localhost -merge "${DS_ROOT_NODE}/Users/${USERNAME}" "UniqueID" "${UNIQUE_ID}" && echo " merging property UniqueID with value ${UNIQUE_ID}"
dscl localhost -merge "${DS_ROOT_NODE}/Users/${USERNAME}" "UserShell" "/bin/bash" && echo " merging property UserShell with value /bin/bash"
dscl localhost -merge "${DS_ROOT_NODE}/Users/${USERNAME}" "sharedDir" "Public" && echo " merging property sharedDir with value Public"

## Create the HiddenAdmin group
dscl localhost -create "${DS_ROOT_NODE}/groups/${USERNAME}" && echo " Creating group ${USERNAME}"
dscl localhost -merge "${DS_ROOT_NODE}/groups/${USERNAME}" name "${USERNAME}" && echo " merging property name with value ${USERNAME} to group ${USERNAME}"
dscl localhost -merge "${DS_ROOT_NODE}/groups/${USERNAME}" passwd "*" && echo " merging property passwd with value * to group ${USERNAME}"
dscl localhost -merge "${DS_ROOT_NODE}/groups/${USERNAME}" gid "${UNIQUE_ID}" && echo " merging property gid with value ${UNIQUE_ID} to group ${USERNAME}"

if [[ "$ADMIN" == true ]] ; then
dscl localhost -merge "${DS_ROOT_NODE}/Groups/admin" GroupMembership "${USERNAME}" && echo " Adding \"${USERNAME}\" to the admin group"
dscl localhost -merge "${DS_ROOT_NODE}/Groups/appserverusr" GroupMembership "${USERNAME}" && echo " Adding \"${USERNAME}\" to the appserverusr group"
dscl localhost -merge "${DS_ROOT_NODE}/Groups/appserveradm" GroupMembership "${USERNAME}" && echo " Adding \"${USERNAME}\" to the appserveradm group"
fi

## Interactively set a password
## Actually, I've got a scriptable way to do this, but this code will work for testing purposes
passwd hiddenadmin
}

HiddenAdminCreate


Works like a champ in that I can:
* successfully login as the new user
* successfully use "sudo -s" in the Terminal to initiate a root shell
* successfully authenticate in the Finder to install software
* successfully authenticate in System Preferences to make changes

What it doesn't do:
In NetInfo Manager, I cannot authenticate and unlock as the new user. I get the message: "You have entered an invalid user name or password. Please try again."

Any ideas as to what's going on? Is there a separate authentication authority for NetInfo Manager somewhere? (I find that hard to believe.)

BTW, same results in 10.3.x and 10.4.x.

Thanks in advance!