-
Notifications
You must be signed in to change notification settings - Fork 0
/
LocalItems-Keychain-Solver.sh
147 lines (119 loc) · 3.74 KB
/
LocalItems-Keychain-Solver.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
#! /bin/sh
# Identify the name of the local items keychain folder.
# localkc=$(ls /Users/$USER/Library/Keychains/ | head -n 1)
localkc=$(system_profiler SPHardwareDataType | grep "Hardware UUID" | awk '{print $3}')
echo "Determined the name of the local items keychain folder."
echo "..."
# Determine if the folder already exists.
# if [ -d "/Users/$USER/Library/Keychains/$localkc" ]
if [ -f "/Users/$USER/Library/Keychains/$localkc/keychain-2.db" ]
then
# If the the local items keychain folder exists look for Safari
if ps -Ac | grep "Safari"
then
# If not then find Safari by PID and kill it.
osascript -e 'tell application "Safari" to quit'
result=1
echo "Determined the state of Safari and closed Safari."
echo "..."
else
# If Safari isn't open then we make a note of it.
result=0
echo "Safari was not open. Just making a note."
echo "..."
fi
# Make a backup of the local items keychain
# Make folder for the keychain in /tmp
mkdir /tmp/lkcbackup
# Copy the files to the folder
cp /Users/$USER/Library/Keychains/$localkc/keychain* /tmp/lkcbackup/
# Sync the WAL file back to the database.
sqlite3 /tmp/lkcbackup/keychain-2.db "PRAGMA wal_checkpoint"
# Remove the WAL file and SHM file.
rm /tmp/lkcbackup/keychain-2.db-*
# Destroy the folder.
rm -R /Users/$USER/Library/Keychains/$localkc
else
# If the folder doesn't exist, then we exit. No need to do this if no local items keychain.
exit
fi
echo "Local items keychain is now backed up."
echo "..."
echo "Waiting on the OS."
echo "..."
# Wait for the OS
sleep 5
echo "Stopping services."
echo "..."
# Launchctl Restart
launchctl stop com.apple.secd
launchctl stop com.apple.trustd.agent
echo "Wating on the OS again."
echo "..."
# Wait for the OS
sleep 2
echo "Starting the services up again."
echo "..."
launchctl start com.apple.secd
launchctl start com.apple.trustd.agent
echo "Activating Safari."
echo "..."
# Now open Safari to sync things up.
osascript -e 'tell application "Safari" to activate'
echo "Wating for the OS again..."
echo "..."
# Wait for the OS
sleep 5
echo "Removing and replacing the local items keychain."
echo "..."
# Remove the new keychain automatically created.
rm /Users/$USER/Library/Keychains/$localkc/keychain*
# Move the orignal keychain back to retain the user's password.
cp /tmp/lkcbackup/keychain* /Users/$USER/Library/Keychains/$localkc/
echo "Restart them services again."
echo "..."
# Launchctl Restart again
launchctl stop com.apple.secd
launchctl stop com.apple.trustd.agent
echo "More waiting on the os..."
echo "..."
# Wait for the OS
sleep 2
echo "Services are back."
echo "..."
launchctl start com.apple.secd
launchctl start com.apple.trustd.agent
echo "Double-checking our work, and making sure everything is back to the way it should be."
echo "..."
# Check if the local items keychain is open by secd and or trustd
if lsof | grep keychain-2.db | grep -Eq 'secd|trustd'
then
# If it is then delete the backup we don't need it.
rm -R /tmp/lkcbackup
# Check if Safari was open.
if [ $result -eq 0 ]
then
# If not then find Safari by PID and kill it.
osascript -e 'tell application "Safari" to quit'
else
osascript -e 'tell application "Safari" to activate'
fi
else
# If it isn't open, then restart the services again.
launchctl stop com.apple.secd
launchctl stop com.apple.trustd.agent
sleep 2
launchctl start com.apple.secd
launchctl start com.apple.trustd.agent
# Now delete the backup.
rm -R /tmp/lkcbackup
# Also don't forget to kill Safari if need be.
if [ $result -eq 0 ]
then
# If not then find Safari by PID and kill it.
osascript -e 'tell application "Safari" to quit'
else
osascript -e 'tell application "Safari" to activate'
fi
fi
exit