Uploading Privileges 1.5.3 source code, which includes new management options for the ReasonRequired management key.

Uploading Privileges 1.5.3 source code, which includes new management options for the ReasonRequired management key. Also uploading an updated Example_ReasonRequired macOS configuration profile which includes the new management options.

Author: rtrouton

application_management/example_profiles/ReasonRequired/Example_ReasonRequired.mobileconfig

@@ -1,83 +1,118 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
-<dict>
-	<key>PayloadContent</key>
-	<array>
-		<dict>
-			<key>PayloadContent</key>
-			<dict>
-				<key>corp.sap.privileges</key>
-				<dict>
-					<key>Forced</key>
-					<array>
-						<dict>
-							<key>mcx_preference_settings</key>
-							<dict>
-  								<!--
-                                    key: ReasonRequired
-                                    value: a boolean
-                                    
-                                    If set to true, the user must provide a reason for needing admin rights.
-                                    The reason will be logged.
-                                -->
-								<key>ReasonRequired</key>
-								<true/>
-								<!--
-                                    key: ReasonMinLength
-                                    value: a positive integer
-                                    
-                                    If "ReasonRequired" is set to true, this key specifies the minimum number 
-                                    of characters the user has to enter as the reason for becoming an admin.
-                                    If not set, the value defaults to 10. The text field is limited to a
-                                    maximum of 100 characters, so values greater than 100 have no effect.
-                                    Please be aware that enabling this option, disables the "Toggle Privileges"
-                                    entry in the Privileges Dock tile menu.
-                                -->
-                                <key>ReasonMinLength</key>
-								<integer>5</integer>
-							</dict>
-						</dict>
-					</array>
-				</dict>
-			</dict>
-			<key>PayloadDescription</key>
-			<string/>
-			<key>PayloadDisplayName</key>
-			<string>Privileges configuration</string>
-			<key>PayloadEnabled</key>
-			<true/>
-			<key>PayloadIdentifier</key>
-			<string>com.apple.ManagedClient.preferences.36132147-235E-4663-ADA8-2664C67C4DD2</string>
-			<key>PayloadOrganization</key>
-			<string>SAP SE</string>
-			<key>PayloadType</key>
-			<string>com.apple.ManagedClient.preferences</string>
-			<key>PayloadUUID</key>
-			<string>36132147-235E-4663-ADA8-2664C67C4DD2</string>
-			<key>PayloadVersion</key>
-			<integer>1</integer>
-		</dict>
-	</array>
-	<key>PayloadDescription</key>
-	<string>Configures the Privileges app.</string>
-	<key>PayloadDisplayName</key>
-	<string>Privileges configuration</string>
-	<key>PayloadEnabled</key>
-	<true/>
-	<key>PayloadIdentifier</key>
-	<string>CF401A42-35CA-4DA6-9123-5A49C87ECB5A</string>
-	<key>PayloadOrganization</key>
-	<string>SAP SE</string>
-	<key>PayloadRemovalDisallowed</key>
-	<true/>
-	<key>PayloadScope</key>
-	<string>System</string>
-	<key>PayloadType</key>
-	<string>Configuration</string>
-	<key>PayloadUUID</key>
-	<string>50870D16-7AAD-478B-BFFE-BED09499F7E0</string>
-	<key>PayloadVersion</key>
-	<integer>1</integer>
-</dict>
-</plist>
+   <dict>
+      <key>PayloadContent</key>
+      <array>
+         <dict>
+            <key>PayloadContent</key>
+            <dict>
+               <key>corp.sap.privileges</key>
+               <dict>
+                  <key>Forced</key>
+                  <array>
+                     <dict>
+                        <key>mcx_preference_settings</key>
+                        <dict>
+                           <!--
+						            key: ReasonRequired
+						            value: a boolean
+						            
+						            If set to true, the user must provide a reason for needing admin rights.
+						            The reason will be logged.
+                           -->
+                           <key>ReasonRequired</key>
+                           <true />
+                           <!--
+						            key: ReasonMinLength
+						            value: a positive integer below 100
+						            
+						            If "ReasonRequired" is set to true, this key specifies the minimum number 
+						            of characters the user has to enter as the reason for becoming an admin.
+						            If not set, the value defaults to 10. The text field is limited to a
+						            maximum of 100 characters, so values greater than 100 have no effect.
+						            Please be aware that enabling this option, disables the "Toggle Privileges"
+						            entry in the Privileges Dock tile menu.
+                           -->
+                           <key>ReasonMinLength</key>
+                           <integer>20</integer>
+                           <!--
+						            key: ReasonMaxLength
+						            value: a positive integer below 100
+						            
+						            If "ReasonRequired" is set to true, this key specifies the maximum number
+						            of characters the user can enter as the reason for becoming an admin.
+						            If not set, the value defaults to 100. If a value > 100 is specified or
+						            if "ReasonMaxLength" is <= "ReasonMinLength", the value is set to default.
+                           -->
+                           <key>ReasonMaxLength</key>
+                           <integer>30</integer>
+                           <!--
+						            key: ReasonPresetList
+						            value: an array of strings
+						            
+						            If "ReasonRequired" is set to true, this key allows to pre-define a list
+						            of possible reasons (for becoming an admin) the user can choose from. If
+						            set, an additional pop-up menu will appear in the dialog box. This only
+						            works for the GUI version of Privileges.
+                           -->
+                           <key>ReasonPresetList</key>
+                           <array>
+                              <dict>
+                                 <key>default</key>
+                                 <string>Just for fun</string>
+                              </dict>
+                              <dict>
+                                 <key>default</key>
+                                 <string>For installing software</string>
+                              </dict>
+                              <dict>
+                                 <key>default</key>
+                                 <string>Don't know</string>
+                              </dict>
+                           </array>
+                        </dict>
+                     </dict>
+                  </array>
+               </dict>
+            </dict>
+            <key>PayloadDescription</key>
+            <string />
+            <key>PayloadDisplayName</key>
+            <string>Privileges configuration</string>
+            <key>PayloadEnabled</key>
+            <true />
+            <key>PayloadIdentifier</key>
+            <string>com.apple.ManagedClient.preferences.36132147-235E-4663-ADA8-2664C67C4DD2</string>
+            <key>PayloadOrganization</key>
+            <string>SAP SE</string>
+            <key>PayloadType</key>
+            <string>com.apple.ManagedClient.preferences</string>
+            <key>PayloadUUID</key>
+            <string>36132147-235E-4663-ADA8-2664C67C4DD2</string>
+            <key>PayloadVersion</key>
+            <integer>1</integer>
+         </dict>
+      </array>
+      <key>PayloadDescription</key>
+      <string>Configures the Privileges app.</string>
+      <key>PayloadDisplayName</key>
+      <string>Privileges configuration</string>
+      <key>PayloadEnabled</key>
+      <true />
+      <key>PayloadIdentifier</key>
+      <string>CF401A42-35CA-4DA6-9123-5A49C87ECB5A</string>
+      <key>PayloadOrganization</key>
+      <string>SAP SE</string>
+      <key>PayloadRemovalDisallowed</key>
+      <true />
+      <key>PayloadScope</key>
+      <string>System</string>
+      <key>PayloadType</key>
+      <string>Configuration</string>
+      <key>PayloadUUID</key>
+      <string>50870D16-7AAD-478B-BFFE-BED09499F7E0</string>
+      <key>PayloadVersion</key>
+      <integer>1</integer>
+   </dict>
+</plist>

source/Constants.h

@@ -0,0 +1,42 @@
+/*
+ Constants.h
+ Copyright 2022 SAP SE
+ 
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */
+
+#define kMTAdminGroupID                 80
+#define kMTDockTimeoutDefault           20
+#define kMTReasonMinLengthDefault       10
+#define kMTReasonMaxLengthDefault       100
+#define kMTFixedTimeoutValues           @[@0, @5, @10, @20, @60]
+
+#define kMTDefaultsToggleTimeout        @"DockToggleTimeout"
+#define kMTDefaultsToggleMaxTimeout     @"DockToggleMaxTimeout"
+#define kMTDefaultsEnforcePrivileges    @"EnforcePrivileges"
+#define kMTDefaultsAuthRequired         @"RequireAuthentication"
+#define kMTDefaultsLimitToUser          @"LimitToUser"
+#define kMTDefaultsLimitToGroup         @"LimitToGroup"
+#define kMTDefaultsRequireReason        @"ReasonRequired"
+#define kMTDefaultsReasonMinLength      @"ReasonMinLength"
+#define kMTDefaultsReasonMaxLength      @"ReasonMaxLength"
+#define kMTDefaultsReasonPresets        @"ReasonPresetList"
+#define kMTDefaultsRemoteLogging        @"RemoteLogging"
+#define kMTDefaultsRLServerType         @"ServerType"
+#define kMTDefaultsRLServerAddress      @"ServerAddress"
+#define kMTDefaultsRLServerPort         @"ServerPort"
+#define kMTDefaultsRLEnableTCP          @"EnableTCP"
+#define kMTDefaultsRLSyslogOptions      @"SyslogOptions"
+#define kMTDefaultsRLSyslogFacility     @"LogFacility"
+#define kMTDefaultsRLSyslogSeverity     @"LogSeverity"
+#define kMTDefaultsRLSyslogMaxSize      @"MaximumMessageSize"

source/MTAuthCommon.h

@@ -1,6 +1,6 @@
 /*
  MTAuthCommon.h
- Copyright 2016-2020 SAP SE
+ Copyright 2016-2022 SAP SE
  
  Licensed under the Apache License, Version 2.0 (the "License");
  you may not use this file except in compliance with the License.
@@ -62,8 +62,4 @@
 */
 + (NSString*)getSigningAuthorityWithError:(NSError**)error;
 
-#define ADMIN_GROUP_ID 80
-#define DEFAULT_DOCK_TIMEOUT 20
-#define FIXED_TIMEOUT_VALUES {0, 5, 10, 20, 60}
-
 @end

source/MTAuthCommon.m

@@ -1,6 +1,6 @@
 /*
  MTAuthCommon.m
- Copyright 2016-2020 SAP SE
+ Copyright 2016-2022 SAP SE
  
  Licensed under the Apache License, Version 2.0 (the "License");
  you may not use this file except in compliance with the License.

source/MTIdentity.h

@@ -1,6 +1,6 @@
 /*
  MTIdentity.h
- Copyright 2016-2020 SAP SE
+ Copyright 2016-2022 SAP SE
  
  Licensed under the Apache License, Version 2.0 (the "License");
  you may not use this file except in compliance with the License.

source/MTIdentity.m

@@ -1,6 +1,6 @@
 /*
  MTIdentity.m
- Copyright 2016-2020 SAP SE
+ Copyright 2016-2022 SAP SE
  
  Licensed under the Apache License, Version 2.0 (the "License");
  you may not use this file except in compliance with the License.