Authorization Schemes always fails
I am trying to verify that the user has the correct access in the authorization scheme. No matter what I put it fails. I currently have it set to pl/sql function returning boolean and the code as:
begin
return true;
end;
I still get the error message for my Authorization Scheme every time. For my application settings I selected the {Not} option, and that fails as well.
Can someone point me in the right direction?
Thanks.
Johnnie,
If you made this an application level authorization then try checking the page. Frankly I don't know how it could have failed when it says always return true... But try something like the following:
DECLARE
l_retval BOOLEAN;
BEGIN
l_retval := nv('APP_PAGE_ID') = 101 OR v('APP_USER') IS NOT NULL;
RETURN l_retval;
END;The first page is checking to see if the user is on the login page. The second condition is really nothing, you'll want to fix it for your application. If you're still having problems, please post an example application on apex.oracle.com so we can take a look under the hood.
Regards,
Dan
Similar Messages
-
Order of evaluation - Authorization scheme or application computation
APEX 4.2.2
A page has a Evaluate for every page view authorizaton scheme of the type Value of item in Expression 1 = Expression 2 with Expression 1=G_ITEM and Expression 2=1. G_ITEM is set using a Before-Header application computation conditioned to fire when G_ITEM is null.
What I see is that the authorization scheme always returns false and the page is not rendered. Inspecting wwv_flow_data shows that G_ITEM is not there. So it would appear that the authorization scheme is evaluated before the application computation and since it returns false, the engine stops.
Does that sound right? Is this order of evaluation of components documented anywhere? There is a Utilities > Page Events screen but that doesn't include Authorization schemes.
ThanksHi Christian - I am referring to a page-level authorization scheme set to be evaluated For each page view
Here are some more details...the application has only one UI (Desktop) and Application XX > User Interfaces > User Interface Details > Home URL is set to f?p=&APP_ID.:30:&SESSION.
When I launch the app using f?p=181::::LEVEL9 this is what I get in apex_debug_messages
init cgi_var_name.count=>29
CGI: PATH_INFO = /f
HTTP://xxx/pls/xxx
QUERY_STRING=p=181::::LEVEL9
REQUEST_METHOD=GET
REMOTE_ADDR=xx.xx.xx.xx
REMOTE_USER=foobar
APEX_LISTENER_VERSION=
REFERER=
Cookies:
S H O W: application="181" page="" workspace="" request="" session=""
Reset NLS settings
alter session set NLS_LANGUAGE="AMERICAN"
alter session set NLS_TERRITORY="AMERICA"
alter session set NLS_CALENDAR="GREGORIAN"
alter session set NLS_SORT="BINARY"
alter session set NLS_COMP="BINARY"
...NLS: Set Decimal separator="."
...NLS: Set NLS Group separator=","
...NLS: Set g_nls_date_format="DD-MON-RR"
...NLS: Set g_nls_timestamp_format="DD-MON-RR HH.MI.SSXFF AM"
...NLS: Set g_nls_timestamp_tz_format="DD-MON-RR HH.MI.SSXFF AM TZR"
no characterset conversion needed
...Setting session time_zone to -04:00
reset_nls_environment
reset
reset
Processing page view with session ID = 0
fetch_flow_info
set_html_escaping_mode p_mode=>E
Language derived from: FLOW_PRIMARY_LANGUAGE, current browser language: en-us
alter session set nls_language="AMERICAN"
alter session set nls_territory="AMERICA"
NLS: CSV charset=WE8MSWIN1252
...NLS: Set Decimal separator="."
...NLS: Set NLS Group separator=","
...NLS: Set g_nls_date_format="DD-MON-RR"
...NLS: Set g_nls_timestamp_format="DD-MON-RR HH.MI.SSXFF AM"
...NLS: Set g_nls_timestamp_tz_format="DD-MON-RR HH.MI.SSXFF AM TZR"
Setting NLS_DATE_FORMAT to application date format: mm/dd/yyyy
...NLS: Set g_nls_date_format="mm/dd/yyyy"
...NLS: Set g_nls_timestamp_format="DD-MON-RR HH.MI.SSXFF AM"
...NLS: Set g_nls_timestamp_tz_format="DD-MON-RR HH.MI.SSXFF AM TZR"
NLS: Language=en-us
fetch_flow_info
set_html_escaping_mode p_mode=>E
Application 181, Authentication: PLUGIN, Page Template: 12902619543947292
authenticate_and_init_session p_app_id=>181
fetch_flow_info
set_html_escaping_mode p_mode=>E
set_g_security_group_id p_security_group_id=>634111608319703,p_check_host_prefix=>true
does_host_prefix_match p_security_group_id=>634111608319703,p_host_prefix=>,c_path_info=>/f
detect_user_interface p_application_id=>181
... "Desktop" is the only UI - no autodetection necessary
... setting ui to "DESKTOP"
... authentication id=252985691712777759, sgid=634111608319703, curr flow sgid=634111608319703
... page is public:null
Authentication check: Login (NATIVE_CUSTOM)
... no page specified: failure
...fetch session state from database
get_current
... DOES NOT EXIST - ignore
fetch items (exact)
Redirecting to f?p=181:30:
Stop APEX Engine detected
Final commit
I am not sure why the engine stops rendering but I get the Access denied by Page security check error on the screen
Next experiment...launch f?p=181:30:::LEVEL9:
That gets me the following debug stack
init cgi_var_name.count=>28
CGI: PATH_INFO = /f
HTTP://xxx/pls/xxx.xx
QUERY_STRING=p=181:30:::LEVEL9:
REQUEST_METHOD=GET
REMOTE_ADDR=xx.xx.xx.xx
REMOTE_USER=foobar
APEX_LISTENER_VERSION=
REFERER=
Cookies:
S H O W: application="181" page="30" workspace="" request="" session=""
Reset NLS settings
alter session set NLS_LANGUAGE="AMERICAN"
alter session set NLS_TERRITORY="AMERICA"
alter session set NLS_CALENDAR="GREGORIAN"
alter session set NLS_SORT="BINARY"
alter session set NLS_COMP="BINARY"
...NLS: Set Decimal separator="."
...NLS: Set NLS Group separator=","
...NLS: Set g_nls_date_format="DD-MON-RR"
...NLS: Set g_nls_timestamp_format="DD-MON-RR HH.MI.SSXFF AM"
...NLS: Set g_nls_timestamp_tz_format="DD-MON-RR HH.MI.SSXFF AM TZR"
no characterset conversion needed
...Setting session time_zone to -04:00
reset_nls_environment
reset
reset
Processing page view with session ID = 0
fetch_flow_info
set_html_escaping_mode p_mode=>E
Language derived from: FLOW_PRIMARY_LANGUAGE, current browser language: en-us
alter session set nls_language="AMERICAN"
alter session set nls_territory="AMERICA"
NLS: CSV charset=WE8MSWIN1252
...NLS: Set Decimal separator="."
...NLS: Set NLS Group separator=","
...NLS: Set g_nls_date_format="DD-MON-RR"
...NLS: Set g_nls_timestamp_format="DD-MON-RR HH.MI.SSXFF AM"
...NLS: Set g_nls_timestamp_tz_format="DD-MON-RR HH.MI.SSXFF AM TZR"
Setting NLS_DATE_FORMAT to application date format: mm/dd/yyyy
...NLS: Set g_nls_date_format="mm/dd/yyyy"
...NLS: Set g_nls_timestamp_format="DD-MON-RR HH.MI.SSXFF AM"
...NLS: Set g_nls_timestamp_tz_format="DD-MON-RR HH.MI.SSXFF AM TZR"
NLS: Language=en-us
fetch_flow_info
set_html_escaping_mode p_mode=>E
Application 181, Authentication: PLUGIN, Page Template: 12902619543947292
authenticate_and_init_session p_app_id=>181
fetch_flow_info
set_html_escaping_mode p_mode=>E
set_g_security_group_id p_security_group_id=>634111608319703,p_check_host_prefix=>true
does_host_prefix_match p_security_group_id=>634111608319703,p_host_prefix=>,c_path_info=>/f
get_login_url p_user_interface_id=>12942041779151719,p_application_id=>181,p_security_group_id=>634111608319703
get_home_url p_user_interface_id=>12942041779151719,p_application_id=>181,p_security_group_id=>634111608319703
... authentication id=252985691712777759, sgid=634111608319703, curr flow sgid=634111608319703
... page is public:false
Authentication check: Login (NATIVE_CUSTOM)
get_current
... DOES NOT EXIST - ignore
builtin_cookie_sentry p_cookie_name=>ORA_WWV_APP_181
get_by_cookie_name p_cookie_name=>ORA_WWV_APP_181
session cookie value for ORA_WWV_APP_181=
... cookie is not set
... failure, session not found
set_db_session_info
...fetch session state from database
get_current
... DOES NOT EXIST - ignore
fetch items (exact)
execute_native_session_sentry p_type=>NATIVE_CUSTOM
...Execute Statement: begin declare
begin
wwv_flow.g_boolean := htmldb_public_user.Modntlm_Page_Sentry;
end;
~
get_cookie_properties 181 -> ORA_WWV_APP_181, ,
get_by_cookie_name p_cookie_name=>ORA_WWV_APP_181
session cookie value for ORA_WWV_APP_181=
... cookie is not set
get_cookie_properties 181 -> ORA_WWV_APP_181, ,
get_by_cookie_name p_cookie_name=>ORA_WWV_APP_181
session cookie value for ORA_WWV_APP_181=
... cookie is not set
generate_unique_session_id
remember_deep_link p_url=>f?p=181:30:::LEVEL9:
get_current
... DOES NOT EXIST - ignore
... insert into wwv_flow_sessions$: 7781513768577
create_new
Session created: 7781513768577 user: foobar
save_by_name p_item_name=>FSP_AFTER_LOGIN_URL,p_item_value=>***
set_builtin_global_item_value p_item_name=>FSP_AFTER_LOGIN_URL,p_value=>f?p=181:30:7781513768577::LEVEL9:
...Session State: Saved Item "FSP_AFTER_LOGIN_URL" New Value="f?p=181:30:7781513768577::LEVEL9:"
login p_uname=>foobar,p_password=>...,p_session_id=>7781513768577,p_flow_page=>181:30,p_entry_point=>POST-LOGIN,p_preserve_case=>false,p_use_secure_cookie=>false
execute_login p_username=>foobar,p_password=>...,p_current_app_id=>181,p_next_app_id=>181,p_next_page_id=>30,p_post_login=>true,p_builder_login_for_workspace=>
...delaying unrecoverable error to the end of execute_login
create_or_reuse_session
get_current
... session=7781513768577, user=foobar, sgid=634111608319703 (from db)
...Session ID 7781513768577 can be used
...New Instance Detected -
get_current
... session=7781513768577, user=foobar, sgid=634111608319703 (from cache)
get_login_url p_user_interface_id=>12942041779151719,p_application_id=>181,p_security_group_id=>634111608319703
get_home_url p_user_interface_id=>12942041779151719,p_application_id=>181,p_security_group_id=>634111608319703
... authentication id=252985691712777759, sgid=634111608319703, curr flow sgid=634111608319703
... page is public:false
... POST LOGIN shortcut, no pre-auth and auth process
... Authentication success
... running post_auth_240111674424380819
...Execute Statement: begin declare
procedure post_auth_240111674424380819 is
begin
post_auth_240111674424380819;
end;
end;
Collection - Begin create_collection_from_query_b, Collection Name: AD_GROUPS
Collection - Begin Create Collection, Collection Name: EM_ROLES
save_by_name p_item_name=>G_APP_USER,p_item_value=>***
find_item_by_name p_name=>G_APP_USER
set_substitution_cache p_id=>8993704979413505,p_value=>***,p_name=>G_APP_USER,p_filter=>Y,p_encrypted=>N
...Session State: Saved Item "G_APP_USER" New Value="foobar"
get_item_value p_item=>FSP_AFTER_LOGIN_URL,p_flow=>181,p_instance=>7781513768577
... l_instance=7781513768577,l_flow_id=181,l_sgid=634111608319703,p_item=FSP_AFTER_LOGIN_URL
get_builtin_global_item_value p_item_name=>FSP_AFTER_LOGIN_URL,p_session_id=>7781513768577
...value="f?p=181:30:7781513768577::LEVEL9:"
save_by_name p_item_name=>FSP_AFTER_LOGIN_URL,p_item_value=>***
set_builtin_global_item_value p_item_name=>FSP_AFTER_LOGIN_URL,p_value=>
...Session State: Saved Item "FSP_AFTER_LOGIN_URL" New Value=""
log_login p_username=>foobar,p_security_group_id=>634111608319703,p_owner=>foobar,p_application_id=>181,p_authentication_method=>Login,p_authentication_result=>0,p_custom_status_text=>
... update session user (foobar) and auth result ()
reset_cache
update_hashed_id -> ORA_WWV-PqmZTwhNdxkMTTqPlY88APZ1, sqlrowcount=1
send name=>ORA_WWV_APP_181,value=>ORA_WWV-PqmZTwhNdxkMTTqPlY88APZ1,expires=>,path=>,domain=>,secure=>,httponly=>HTTPONLY
Redirecting to f?p=181:30:7781513768577::LEVEL9:
...setting g_unrecoverable_error:=true again
Stop APEX Engine detected
Stop APEX Engine detected
Final commit
init cgi_var_name.count=>29
CGI: PATH_INFO = /f
HTTP://xxx/pls/xxx.xx
QUERY_STRING=p=181:30:7781513768577::LEVEL9:
REQUEST_METHOD=GET
REMOTE_ADDR=xx.xx.xx.xx
REMOTE_USER=foobar
APEX_LISTENER_VERSION=
REFERER=
Cookies:
S H O W: application="181" page="30" workspace="" request="" session="7781513768577"
Reset NLS settings
alter session set NLS_LANGUAGE="AMERICAN"
alter session set NLS_TERRITORY="AMERICA"
alter session set NLS_CALENDAR="GREGORIAN"
alter session set NLS_SORT="BINARY"
alter session set NLS_COMP="BINARY"
...NLS: Set Decimal separator="."
...NLS: Set NLS Group separator=","
...NLS: Set g_nls_date_format="DD-MON-RR"
...NLS: Set g_nls_timestamp_format="DD-MON-RR HH.MI.SSXFF AM"
...NLS: Set g_nls_timestamp_tz_format="DD-MON-RR HH.MI.SSXFF AM TZR"
no characterset conversion needed
...Setting session time_zone to -04:00
reset_nls_environment
reset
reset
fetch_flow_info
set_html_escaping_mode p_mode=>E
Language derived from: FLOW_PRIMARY_LANGUAGE, current browser language: en-us
alter session set nls_language="AMERICAN"
alter session set nls_territory="AMERICA"
NLS: CSV charset=WE8MSWIN1252
...NLS: Set Decimal separator="."
...NLS: Set NLS Group separator=","
...NLS: Set g_nls_date_format="DD-MON-RR"
...NLS: Set g_nls_timestamp_format="DD-MON-RR HH.MI.SSXFF AM"
...NLS: Set g_nls_timestamp_tz_format="DD-MON-RR HH.MI.SSXFF AM TZR"
Setting NLS_DATE_FORMAT to application date format: mm/dd/yyyy
...NLS: Set g_nls_date_format="mm/dd/yyyy"
...NLS: Set g_nls_timestamp_format="DD-MON-RR HH.MI.SSXFF AM"
...NLS: Set g_nls_timestamp_tz_format="DD-MON-RR HH.MI.SSXFF AM TZR"
NLS: Language=en-us
fetch_flow_info
set_html_escaping_mode p_mode=>E
Application 181, Authentication: PLUGIN, Page Template: 12902619543947292
authenticate_and_init_session p_app_id=>181
fetch_flow_info
set_html_escaping_mode p_mode=>E
set_g_security_group_id p_security_group_id=>634111608319703,p_check_host_prefix=>true
does_host_prefix_match p_security_group_id=>634111608319703,p_host_prefix=>,c_path_info=>/f
get_login_url p_user_interface_id=>12942041779151719,p_application_id=>181,p_security_group_id=>634111608319703
get_home_url p_user_interface_id=>12942041779151719,p_application_id=>181,p_security_group_id=>634111608319703
... authentication id=252985691712777759, sgid=634111608319703, curr flow sgid=634111608319703
... page is public:false
Authentication check: Login (NATIVE_CUSTOM)
get_current
... session=7781513768577, user=foobar, sgid=634111608319703 (from db)
builtin_cookie_sentry p_cookie_name=>ORA_WWV_APP_181
get_by_cookie_name p_cookie_name=>ORA_WWV_APP_181
session cookie value for ORA_WWV_APP_181=ORA_WWV-PqmZTwhNdxkMTTqPlY88APZ1
... session=7781513768577, user=foobar, sgid=634111608319703 (from cache)
... success, session id and security group id matches
... set user and session id in package globals
set_g_security_group_id p_security_group_id=>634111608319703,p_check_host_prefix=>true
does_host_prefix_match p_security_group_id=>634111608319703,p_host_prefix=>,c_path_info=>/f
set_db_session_info
...fetch session state from database
get_current
... session=7781513768577, user=foobar, sgid=634111608319703 (from cache)
fetch items (exact)
... fetched 8993704979413505: name=G_APP_USER, value=foobar
execute_native_session_sentry p_type=>NATIVE_CUSTOM
...Execute Statement: begin declare
begin
wwv_flow.g_boolean := htmldb_public_user.Modntlm_Page_Sentry;
end;
~
get_cookie_properties 181 -> ORA_WWV_APP_181, ,
get_by_cookie_name p_cookie_name=>ORA_WWV_APP_181
session cookie value for ORA_WWV_APP_181=ORA_WWV-PqmZTwhNdxkMTTqPlY88APZ1
... session=7781513768577, user=foobar, sgid=634111608319703 (from cache)
get_cookie_properties 181 -> ORA_WWV_APP_181, ,
get_by_cookie_name p_cookie_name=>ORA_WWV_APP_181
session cookie value for ORA_WWV_APP_181=ORA_WWV-PqmZTwhNdxkMTTqPlY88APZ1
... session=7781513768577, user=foobar, sgid=634111608319703 (from cache)
get_current
... session=7781513768577, user=foobar, sgid=634111608319703 (from cache)
... sentry success, no verification specified
... sentry+verification success
create_or_reuse_session
get_current
... session=7781513768577, user=foobar, sgid=634111608319703 (from cache)
...Session ID 7781513768577 can be used
...New Instance Detected -
get_by_cookie_name p_cookie_name=>ORA_WWV_USER_61814286625969
session cookie value for ORA_WWV_USER_61814286625969=
... cookie is not set
get_builder_session_id: builder session=null
...Setting session time_zone to -04:00
...Check for session expiration:
get_current
... session=7781513768577, user=foobar, sgid=634111608319703 (from cache)
get_builtin_global_item_value p_item_name=>FSP_SESSION_TIME,p_session_id=>7781513768577
NO_DATA_FOUND!
set_builtin_global_item_value p_item_name=>FSP_SESSION_TIME,p_value=>20130925091227::
...Session State: Saved Item "FSP_SESSION_TIME" New Value="20130925091227::"
Session: Fetch session header information
get_current
... session=7781513768577, user=foobar, sgid=634111608319703 (from cache)
fetch_step_info p_mode=>SHOW
get_home_url p_user_interface_id=>12942041779151719,p_application_id=>181,p_security_group_id=>634111608319703
get_login_url p_user_interface_id=>12942041779151719,p_application_id=>181,p_security_group_id=>634111608319703
get_theme_id p_user_interface_id=>12942041779151719,p_application_id=>181,p_security_group_id=>634111608319703
Branch point: Before Header
Authorization Check: "Administrator" Caching: "BY_USER_BY_PAGE_VIEW" Component: "PAGE"
... failed
setting g_primary_language := en-us
Add error onto error stack
...Error data:
......message: Must be Administrator
......additional_info: Access denied by Page security check
......display_location: ON_ERROR_PAGE
......is_internal_error: true
......apex_error_code: APEX.AUTHORIZATION.ACCESS_DENIED
......error_backtrace: ----- PL/SQL Call Stack -----
object line object
handle number name
0x2d7325bc0 556 package body APEX_040200.WWV_FLOW_ERROR
0x2d7325bc0 607 package body APEX_040200.WWV_FLOW_ERROR
0x2d7325bc0 911 package body APEX_040200.WWV_FLOW_ERROR
0x211e95470 488 package body APEX_040200.WWV_FLOW_AUTHORIZATION
0x2dbf01138 6000 package body APEX_040200.WWV_FLOW
0x2db632be8 249 procedure APEX_040200.F
0x267d27130 31 anonymous block
......component.type: APEX_APPLICATION_AUTHORIZATION
......component.id: 19813621888498766
......component.name: Administrator
...Show Error on Error Page
......Performing rollback
render_error_page
wwv_flow_init_htp_buffer
reset
reset
get_grid_template p_page_template_id=>12901127353947285
emit_page_header
Show page template header
handle_common_placeholders p_placeholder=>#TITLE#
get_title
handle_common_placeholders p_placeholder=>#IMAGE_PREFIX#
handle_common_placeholders p_placeholder=>#IMAGE_PREFIX#
handle_common_placeholders p_placeholder=>#APEX_CSS#
is_desktop_ui p_application_id=>181,p_page_id=>30,p_security_group_id=>634111608319703
get_ui_type p_application_id=>181,p_page_id=>30,p_security_group_id=>634111608319703
...initialize cache
... ui type name=DESKTOP
... true
handle_common_placeholders p_placeholder=>#TEMPLATE_CSS#
handle_common_placeholders p_placeholder=>#THEME_CSS#
handle_common_placeholders p_placeholder=>#PAGE_CSS#
handle_common_placeholders p_placeholder=>#APEX_JAVASCRIPT#
is_desktop_ui p_application_id=>181,p_page_id=>30,p_security_group_id=>634111608319703
get_ui_type p_application_id=>181,p_page_id=>30,p_security_group_id=>634111608319703
...use cache
... ui type name=DESKTOP
... true
handle_common_placeholders p_placeholder=>#TEMPLATE_JAVASCRIPT#
handle_common_placeholders p_placeholder=>#APPLICATION_JAVASCRIPT#
handle_common_placeholders p_placeholder=>#PAGE_JAVASCRIPT#
handle_common_placeholders p_placeholder=>#IMAGE_PREFIX#
handle_common_placeholders p_placeholder=>#IMAGE_PREFIX#
handle_common_placeholders p_placeholder=>#ONLOAD#
handle_common_placeholders p_placeholder=>#OUTDATED_BROWSER#
handle_common_placeholders p_placeholder=>#FORM_OPEN#
Rendering form open tag and internal values
clear_page_checksum
generate_unique_session_id
perform p_process_point=>AFTER_ERROR_HEADER
Processes - point: AFTER_ERROR_HEADER
handle_common_placeholders p_placeholder=>#REGION_POSITION_07#
handle_common_placeholders p_placeholder=>#HOME_LINK#
handle_common_placeholders p_placeholder=>#LOGO#
handle_common_placeholders p_placeholder=>#NAVIGATION_BAR#
handle_common_placeholders p_placeholder=>#REGION_POSITION_08#
handle_common_placeholders p_placeholder=>#REGION_POSITION_04#
handle_common_placeholders p_placeholder=>#REGION_POSITION_01#
handle_common_placeholders p_placeholder=>#SUCCESS_MESSAGE#
handle_common_placeholders p_placeholder=>#NOTIFICATION_MESSAGE#
handle_common_placeholders p_placeholder=>#GLOBAL_NOTIFICATION#
handle_common_placeholders p_placeholder=>#REGION_POSITION_02#
handle_common_placeholders p_placeholder=>#REGION_POSITION_03#
perform p_process_point=>BEFORE_ERROR_FOOTER
Processes - point: BEFORE_ERROR_FOOTER
emit_footer
Show page footer
Show page tempate footer
handle_common_placeholders p_placeholder=>#CUSTOMIZE#
handle_common_placeholders p_placeholder=>#REGION_POSITION_05#
handle_common_placeholders p_placeholder=>#APP_VERSION#
handle_common_placeholders p_placeholder=>#REGION_POSITION_08#
handle_common_placeholders p_placeholder=>#FORM_CLOSE#
Rendering form close tag and page checksum
handle_common_placeholders p_placeholder=>#DEVELOPER_TOOLBAR#
handle_common_placeholders p_placeholder=>#GENERATED_CSS#
handle_common_placeholders p_placeholder=>#GENERATED_JAVASCRIPT#
emit_generated_javascript
Logging exception in final_exception_handler:
Sqlerrm: ORA-20987: APEX - Must be Administrator - Access denied by Page security check
Backtrace: ORA-06512: at "APEX_040200.WWV_FLOW_ERROR", line 861
ORA-06512: at "APEX_040200.WWV_FLOW_ERROR", line 896
ORA-06512: at "APEX_040200.WWV_FLOW_AUTHORIZATION", line 501
ORA-06512: at "APEX_040200.WWV_FLOW", line 6000
Seems to me that the authorization scheme (which uses the value of the application item) is evaluated before the before-header/unconditional application computation sets the value of the application item and since the authorization scheme fails, show processing stops with an error.
What say you? -
Unexpected problem with authorization scheme of type plsql function
Hi,
I have created one authorization scheme of type plsql function returning boolean. Authorization scheme is for pages only. p2_user_priviledge is a textbox on home page which extract privilege (list of pagenos) for login user from database. Home page has no authorization required. AUTHORIZATION SCHEME always returns false. I am not able to trace problem in my code. same code works fine for a textbox's default returning 'c'.
----- CODE FOR AUTHORIZATION SCHEME------------------------------------------------------------
declare
pageid varchar2(10);
privilege varchar2(300);
c number(3);
begin
pageid := ':P'||to_char(:app_page_id)||':' ; ---Pageno get stored in format *:P2:*
privilege := trim(:p2_user_priviledge); ++------Contain list of privilege like :P2:P13:P67:P23: etc+++ select instr(privilege,pageid) into c from dual;
if c>0 then
return true;
else
return false;
end if;
end;
One more problem is again related to authorization scheme.
I created one application and one authorization scheme (auth_aug) which worked finely. Then after some days i added 10 more pages to same application, But now autho_aug was always returning false for new pages. So i copied code from 'autho_aug' to new scheme 'autho_sept', & it worked for new pages. I don't understand if code is same for both scheme, why required to use two different schemes.
Now i have added few more pages to application, and facing problem mentioned earlier.
any solution for both the problems.....Hi,
Let me clear my problem once again.
-->Home page i.e. P2 does not use authorization, So it is displayed along with text item :p2_user_privilege.
-->Then user click on one of the links , Now page :P70: should get displayed.
P70 is using authorization scheme.
-->But :p2_user_priviledge value is not accessible at authorization scheme, I dont know why.
I could not find out where to create Application item , as suggested by you.
& not able to find Developer menu , session at home page as suggested earlier.
And one more question, my application at runtime display
X en us
at bottom
How to make it
USER: X Language: en us
Like in development environment.
Hope I have cleared my problem, waiting for reply.
Edited by: TEJU on Nov 17, 2008 9:25 AM -
Logout fails Authorization Scheme
I'm using the following logout url on the authentication scheme:
wwv_flow_custom_auth_std.logout?p_this_flow=&APP_ID.&p_next_flow_page_sess=140:12
On page 12 the authorization scheme is - No Page Authorization Required - and the Authentication is 'Page is Public'.
Page 12 fails on authentication. I get Access denied by Application security check and the error message for the authentication scheme.
I know it's happening because the authentication scheme is using a query to verify the user exists in a table:
Exists SQL Query
select 1
from Personnel
where upper(USERid) = :APP_USER
:APP_USER is now empty because they logged out.
My question is how can I get the application to skip the authentication scheme? I thought when I picked, 'no page authorization required' and 'page is public' the application no longer checks the authentication and authorization.
Thanks, ElizabethSorry about that. I tried to write it from memory.
I'm using the following logout url on the Authentication Scheme:
wwv_flow_custom_auth_std.logout?p_this_flow=&APP_ID.&p_next_flow_page_sess=140:12
On page 12 the Authorization Scheme is - No Page Authorization Required - and the Authentication is 'Page is Public'.
Page 12 fails on authorization. I get Access denied by Application security check and the error message for the Authorization Scheme.
I know it's happening because the Authorization Scheme is using a query to verify the user exists in a table:
Exists SQL Query
select 1
from Personnel
where upper(USERid) = :APP_USER
:APP_USER is now empty because they logged out.
My question is how can I get the application to skip the Authorization Scheme? I thought when I picked, 'no page authorization required' and 'page is public' the application no longer checks the authentication and authorization.
Thanks, Elizabeth -
Custom handling of authorization scheme failed errors
Is there a way I can catch when someone goes to a page they are not authorized to be on (Authorization Scheme used to enforce it) then instead of stopping cold redirect them to the public page of the application and use global notification to inform the user of the fact he or she is not authorized into the selected page instead of going to the red stop sign X page? I have used global notifications before but I am unsure if there is a way to keep my page secure applying the authorization scheme at the page level and do what I am talking about. Any ideas?
This only happens when the user tampers with the URL, but that does happen.
You can code your authorization scheme to return true when it detects unauthorized access to a page but first have it use owa_util.redirect_url to go to the notification page of your choosing.
Scott -
Authorization Scheme problem using query
Greetings:
I have an application with 4 different roles in my application. Depending on the user role, the access to different pages within the application are filtered. We have 4 group types: admin, general, transactional and read_only; each, with descending levels of authorization.
The application utilizes a two-level tab navigation system in which I hide the tabs that the users are not supposed to see, depending on the level of authorization that they have. I have implemented three authorization schemes for three different types of access depending on the pages within my application. The only page without any auhorization is the login page.
The three created authorization schemes are as follows.
My first scheme (set as scheme type: exists SQL Query):
Select APP_USER_NAME, APP_GROUP_TYPE from APP_USERS
where
APP_USER_NAME = :APP_USER
AND
APP_GROUP_TYPE != 'READ_ONLY'
This one is supposed to negate access to the READ_ONLY group, but allow access to all other groups.
My Second scheme (set as scheme type: exists SQL Query):
Select APP_USER_NAME, APP_GROUP_TYPE from APP_USERS
where
APP_USER_NAME = :APP_USER
AND
(APP_GROUP_TYPE != 'READ_ONLY'
and
APP_GROUP_TYPE != 'transactional')
The second one, I have added the transactional group as to be explicitly negated access.
My Third scheme
Select APP_USER_NAME, APP_GROUP_TYPE from APP_USERS
where
APP_USER_NAME = :APP_USER
AND
(APP_GROUP_TYPE != 'READ_ONLY'
AND
APP_GROUP_TYPE != 'transactional'
AND
APP_GROUP_TYPE != 'general')
the last one, I have added the general group as to be explicitly negated access.
I am thinking that, logically, this would work, but the pages do not display properly. I am always getting the failed authorization page, even with my admin user. Is there something wrong with my methodology? Should I be white-listing instead of black-listing in my queries? Thanks for your support.I appreciate your help Jeff, you helped me a great deal, but not in the way you may think. In your link, there was a post that offered a solution with a simple query. There was one person that posted a query using (upper) to bring the username to uppercase so it can be properly compared to :APP_USER. Yes, the users were entered as lowercase, the logic was ok. I changed the query logic to a white list as to avoid possible users that may be able to authenticate into the application without a proper group configured.
Thanks for your support. Maybe this can help someone on the forums out. -
I am trying to not reinvent the wheel but Oracle DB secuirty as it exists today in APEX. I have successfully setup the authentication using Database account and that works fine, but now I want to have my application only allow special oracle accounts that are signified by Banner, authorized to process the application. I do not want to have to setup any additional security, but use my current DB security that is already setup in the Banner accounts for what can be accessed. I know I have to do something in the Authorization schemes in APEX, but I am not sure what? Any help would be appreciated. Thanks. Joe
It's quite simple really.
Create the scheme and the bottom line is that the scheme has to return TRUE or FALSE. TRUE means that they pass the test and can do whatever it is, FALSE means they fail the test and should get an error.
99.9% of the time I create a boolean-returning function in the database and I call it in the scheme like this (assume myfunction() takes the value of the signed-on user and does something with it to check if this user passes the test or not):
RETURN myfunction(:APP_USER);If TRUE comes back, they pass security validation, else it will fail them.
If you are just testing the user name itself, try this:
RETURN (:APP_USER like '%BANNER');...or whatever else returns TRUE/FALSE to evaluate your test.
Then, after you define the scheme, attach it to whatever needs protection.
There is an application-level to place the authorization scheme to restrict all access to all pages but I've never gotten it to effectivelly work because if you do the above example, it will even protect the login page because the APP_USER isn't yet set to the person who is going to log in. So I've always had to put the authorization at each page.
However you might be able to manage it at the application level if you do it this way (I never tried but I guess this would work...assume 101 is the login page):
RETURN :APP_PAGE_ID='101' OR (:APP_PAGE_ID != '101' AND :APP_USER like '%BANNER');So anytime page 101 (login) is accessed, the user passes security test to render the page. Else if it's not page 101, their username has to end in BANNER in order to pass the test. -
Page Restriction - Authorization Scheme
I have an application 8736 this application as 3 tabs
TAB1: information TAB2: department TAB3: Admin
TAB3 as a form in which SHOULD be only be view by users which authorisation rights. I have been trying to do this for sometimes now and it is not work. I have a table called users
TABLE:users
username access_level
john919 2
sarah765 0
For the page in TAB3 if you have an access level of 2. You should be able to view this page and if not they you should get an error message saying "sorry you cant view this page".
In this case "john919" should be able to view the page in tab "Tab3" and "sarah765 " SHOULD NOT.
I have this query in the Authorization Scheme and the scheme type: pl/sql function returning boolean
DECLARE
v_access_level NUMBER (2);
BEGIN
IF (:APP_PAGE_ID = 61)
THEN
SELECT MAX (ADMIN_LEVEL)
INTO v_access_level
FROM USERS
WHERE USER_NAME = :APP_USER;
IF v_access_level = 2
THEN
RETURN TRUE;
ELSE
RETURN FALSE;
END IF;
ELSE
RETURN TRUE;
END IF;
END
I have never try this before and I have being asking around and alot of people tell me this should check the admin_level in the USERS table using the current username of the person looking in to see if they have access to this page. SO far this is as fail me. Please helpIf you only have one access level per user then try changing your authorization scheme code to
DECLARE
v_access_level NUMBER (2);
BEGIN
SELECT ADMIN_LEVEL
INTO v_access_level
FROM USERS
WHERE USER_NAME = :APP_USER;
IF v_access_level = 2
THEN
RETURN TRUE;
ELSE
RETURN FALSE;
END IF;
END;
now apply this scheme to tab3 -
Authorization scheme for display/read only conditions on item level
Hi All,
I have question. I want to use an authorization scheme to manage if users with a certain role have the permission to either update an item or have the persmission to only see the item or that they don't have permission to see it at all.
So, the input for the scheme would be: 1. user role 2. the current page 3. the current item.
The output would be: 0 (update) 1 (read only) 2 (not displayed).
I think I can manage that.
And I can attach this schema to the items.
So far so good.
But how can I make it so that the 0,1 and the 2 will actually do what they need to do?
I have been thinking about making a function like GET_AUTHORISATON(ROLE,PAGE,ITEM) output: 0,1,2 but I still can't figure out how to connect this with the functionality I want to achieve.
Can somebody give me a hint?
AndreThanks Hari,
Thanks, it works, almost, but what if items are mandatory on a page, but not always mandatory?
If a user has a certain role, some fields are manadatory, otherwise not.
Again, a function would do the trick as far as the input and output information
something like IS_MANDATORY(USER_ROLE, CURRENT_PAGE, CURRENT_ITEM) but how can I make it work?
I guess a PL/SQL validation like:
IF IS_MANDATORY(USER_ROLE, CURRENT_PAGE, CURRENT_ITEM) THEN ITEM IS NOT NULL
END IF;
Andre
PS: personally I think item level security is not something you wish to implement in your system. I prefer different screens for different roles.
Far more straightforeward. Easy for maintenance. When something disfunctions, it's far more easy to pinpoint the location of the cause. -
Why do i always fail to run: RSPC_API_CHAIN_START
Dear All,
Do u ever have this problem?
I have an external program (Ms. Excel) having objective to run RFC.
The RFC is to run function : RSPC_API_CHAIN_START (running Process Chain).
But why for login ID for my user always fail to run it. I think it's regarding authorization, but i've already checked it out by t-code SU53, i still get no clues from there.
And i've already tried to debug, i just got this error:
error code: 022
error msg: RSPC
And i've already checked it out to t-code ST22, i also found nothing.
Do you know what authorization i should be giving to that login ID ??
Do you know how to trace it ??
Best regards,
Niel.Tks for ur response..
I execute it from Ms. Office Excel.
This excel call RFC, where the RFC call FM: RSPC_API_CHAIN_START.
The abnormal one, my login id (developer user-id) capable to run smoothly (from Ms. Office Excel).
But when i tried use my client login id, it is unable to run it.
I've also tried to use our client login id to run the RFC by t-code se37 (i asked basis team to grant that authorization), but when i run it, i still get the error, and after i check by t-code SU53, i still can't get any clues there.
Do u have any idea ??
Best regards,
Niel. -
BEFW11S4 - Constantly prompts for password submission and always fails
I decided to do a full reset (45s button on back). I promptly reset the admin password on first login. All subsequent "APPY" actions in the admin console forces me to a popup login screen where I have to enter password. This always fails and eventually I'm redirected to a 401 page (see below). For example if I want to disable wireless or set a WEP key on the main page a popup appears for password but it always results in a 401. I've tried clearing all browser information and attempted this on both IE 7 and Firefox 2.0.0.9 with similar results.
1. I don't remember always getting prompted for password before; after initial login.
2. Popup submission of password on subsequent authorizations always results in a 401.
Thanks in advance!
" 401 Authorization RequiredThis server could not verify that you are authorized to access. Either you supplied the wrong credentials(e.g., bad password), or your browser doesn't understand how to supply the credentials required."I managed to fix this...
I found another support thread that indicated "disabling" Norton Internet Security prior to accessing the Linksys console. It appears NIS was filtering or preventing the username/password being sent in the clear.
How I did it...
1. Right click the NIS icon in the desktop tray.
2. Select "disable" NIS from the menu and enter a time from the drop-down (i.e. 5 minutes).
3. Return to IE. Clear all cached data (just in case).
4. Proceed to login to Linksys!
Cheers
James -
Find All Occurrences always fails within loop
Dear forumers,
There's this strange problem that requires a fix.
Finding all occurences of '#' works fine here:-
REPORT zz_test.
DATA: lv_text TYPE string,
ls_result TYPE match_result,
et_release type table of yytc_release,
lt_result TYPE match_result_tab.
lv_text = '"RFC-1234#Create ""Payroll"" under NL directory"'.
FIND ALL OCCURRENCES OF REGEX '#'
IN lv_text
RESULTS lt_result IGNORING CASE IN CHARACTER MODE.
IF sy-subrc = 0. " SY-SUBRC is always 0
READ TABLE lt_result INTO ls_result INDEX 1.
WRITE :'Offset: ' .
WRITE: ls_result-offset .
WRITE: lv_text+00(ls_result-offset).
ENDIF.
But it always fails here, within a loop at an internal table:-
SELECT * .... INTO TABLE it_jira ...
LOOP AT it_jira ASSIGNING <jira>.
<release>-summary = <jira>-summary.
IF <release>-type CS 'Subtask'.
" <release>-summary is of data type CHAR255
PERFORM get_subtask USING <release>-summary.
ENDIF.
ENDLOOP.
FORM get_subtask USING pv_summary TYPE yytc_release-summary.
DATA:
lv_string TYPE char255,
lv_final TYPE char255,
lv_summary TYPE string,
lv_strlen TYPE i,
lt_result TYPE match_result_tab.
lv_string = pv_summary. " LV_STRING = '"RFC-1234#Create ""Payroll"" under NL directory"''
CONDENSE lv_string.
lv_strlen = STRLEN( lv_string ).
lv_strlen = lv_strlen - 1.
IF lv_string+0(1) = '"' AND lv_string+lv_strlen(1) = '"'.
lv_strlen = lv_strlen - 1.
WRITE lv_string+1(lv_strlen) TO lv_final+1(254).
ENDIF.
lv_summary = lv_final.
" FIND ALL OCCURRENCES OF '#'
" IN lv_summary
" RESULTS lt_result IGNORING CASE. * SY-SUBRC is always 4 here too
FIND ALL OCCURRENCES OF REGEX '#'
IN lv_summary
RESULTS lt_result IGNORING CASE IN CHARACTER MODE.
IF sy-subrc = 0. " SY-SUBRC is always 4 here - why?! :(
ENDIF.
CLEAR: lv_string,
lt_result.
ENDFORM. " GET_SUBTASK
Only when the string LV_SUMMARY is edited from within the debugger (add space to the string prefix, etc), the SY-SUBRC will be 0 and there'll be data found in LT_RESULT.
How can I resolve this issue? Please do help. Thanks.I think the subtle difference is that in your first example the character is actually '#' whereas in the second example it is actually another (unprintable)value such-as line-feed and only APPEARS to be '#'.
You must find out what the value in question is(will it always be the same value?) and then replace that instead of '#'. -
im trying to install new version of itunes in my macbook but always failed.i can download it but failed to install and always says to contact with software manufacturer for assistance...please heblp me i couldn’t connect my iphone to iktunes..please coz in my mac their is old version of i tunes.....
Welcome to the Apple Support Communities
See if your computer is supported > http://support.apple.com/kb/sp575 Buy Snow Leopard > http://store.apple.com/us/product/MC573/mac-os-x-106-snow-leopard Then, make a backup, insert the DVD and upgrade. Finally, go to > Software Update and update to the latest version.
If your computer is compatible, you can use Mountain Lion. Open App Store and purchase Mountain Lion. Check if your programs are supported > http://www.roaringapps.com -
Report Link + Authorization Scheme
I have an authorization scheme that checks whether a certain person has privileges to edit a record on Page 2 by referring to the :P2_ID in the authorization scheme. Page 1 has a report with a report link, but the user can see both items they are able to edit and items they are not. I know I can make the link dynamically in the sql but wanted to see if there was an easy way to use an authorization scheme, but pass the #REPORT_COL# value in the report over to an authorization scheme to show or hide the icon for me so I can get the link out of the sql.
Great example Scott! However, I'd would caution the other Sc0tt that calling functions in a SQL statement is fine for a small number of rows, but can CRUSH performance for medium to large result sets. Even if the function is fast, you're still context-switching between SQL and PL/SQL for every row. Make sure you test this with the volume of data you expect your users to encounter. If it's a problem, you might force the user to apply some filters before running the query.
If you're running 11g you can at least minimize the hit of the function with "Function Result Cache". Even if you're not on 11g yet, you can use the following code in 10g and it will switch-on result cache when you compile it in 11g:
create or replace function auth_user(p_key in number)
return varchar2
$IF not dbms_db_version.ver_le_10_2 $THEN
result_cache
$END
as
begin
pkg.g_value := p_key;
if apex_application.public_security_check (p_security_scheme => 'AUTH_USER_COLUMN') then
return '1';
else
return '0';
end if;
end;
/ If it is a reasonable result set, Scott's solution is perfect.
Thanks,
Tyler -
System Image Utility always fails, why?
Hi everyone,
on my clean and fresh install of 10.7.4 Server the System Image Utility always fails to create an image. I want to create a NetInstall image and have put the OS X Lion Installer in /Applications. I can select it in SIU and choose to create a NetInstall image. It asks for the admin pw and always presents an error at the very end: Image creation failed. An unknown error has occured.
If I select to create a NetBoot image instead it fails directly after clicking on the Create button with this slightly different message: Image creation failed. An error has occured. At least it’s no unknown error…
Any ideas what might be causing this? I have succesfully created NetInstall images with 10.6 Server and 10.8 Server, but 10.7 Server somehow won’t play nice.
Thanks
BjörnHi Brian,
I first deleted the Installer and redownloaded it from the App Store, just to make sure there was no problem with it. Even though I now have the 10.7.4 Installer (had 10.7.0 before) nothing has changed. I then went on to set the log level as suggested. I now get different errors based on the chosen log level.
Log level set to debug:
Image creation failed.
*** -[__NSArrayM insertObject:atIndex:]: object cannot be nil
Log level set to verbose:
Image creation failed.
An unknown error has occurred.
I did not see anything helpful in the logs unfortunately. The only noticeable thing mentioned was: Failed to create image from installer media.
Any additional ideas? I will attach both logs here, just in case.
VERBOSE LOG:
Starting image creation.
Workflow Started (2012-09-08 14:08:00 +0200)
Mac OS X Server 10.7.4 (11E53), System Image Utility 10.7.3 (543)
Starting action: Define Image Source (1.3)
Finished running action: Define Image Source
Starting action: Create Image (1.6.2)
Starting image creation process...
Create NetInstall Image
Initiating NetInstall from Installer media.
Creating working path at /Users/vm/Desktop/NetInstall of Install Mac OS X Lion
Creating disk image (Size: 4062 MB)
Finalizing disk image.
created: /Users/vm/Desktop/NetInstall of Install Mac OS X Lion/NetInstall.dmg
Attaching disk image
Copying /Volumes/Mac OS X Install ESD
Preparing the kernel and boot loader for the boot image
/Users/vm/Desktop/NetInstall of Install Mac OS X Lion/i386
/Users/vm/Desktop/NetInstall of Install Mac OS X Lion/i386/x86_64
Copying /Volumes/Mac OS X Install ESD/boot.efi
Copying /Volumes/Mac OS X Install ESD/System/Library/CoreServices/PlatformSupport.plist
Performing post install cleanup
Detaching disk image
"disk4" unmounted.
"disk4" ejected.
Correcting permissions. 501:20 /Users/vm/Desktop/NetInstall of Install Mac OS X Lion
Script is done.
Failed to create image from installer media.
An unknown error has occurred.
NetInstall creation failed.
Image creation process finished...
Stopping image creation.
Image creation failed.
DEBUG LOG:
Starting image creation.
Workflow Started (2012-09-08 13:59:22 +0200)
Mac OS X Server 10.7.4 (11E53), System Image Utility 10.7.3 (543)
Starting action: Define Image Source (1.3)
Finished running action: Define Image Source
Starting action: Create Image (1.6.2)
Starting image creation process...
Create NetInstall Image
Initiating NetInstall from Installer media.
progressPrefix="_progress"
++ progressPrefix=_progress
scriptsDebugKey="DEBUG"
++ scriptsDebugKey=DEBUG
imageIsUDIFKey="1"
++ imageIsUDIFKey=1
mountPoint=""
++ mountPoint=
ownershipInfoKey="501:20"
++ ownershipInfoKey=501:20
destVolFSType="HFS+"
++ destVolFSType=HFS+
installSource="/Volumes/Mac OS X Install ESD"
++ installSource='/Volumes/Mac OS X Install ESD'
dmgTarget="NetInstall"
++ dmgTarget=NetInstall
destPath="/Users/vm/Desktop/NetInstall of Install Mac OS X Lion"
++ destPath='/Users/vm/Desktop/NetInstall of Install Mac OS X Lion'
dmgVolName="NetInstall"
++ dmgVolName=NetInstall
. "${1}/createCommon.sh"
+ . /tmp/niutemp.Yv8Z6Mqx/createCommon.sh
# createCommon.sh
# Common functionality for the Image creation process.
# sourced in by the various SIU scripts
# Copyright © 2007-2011 Apple Inc. All rights reserved.
# Using dscl, create a user account
AddLocalUser()
# $1 volume whose local node database to modify
# $2 long name
# $3 short name
# $4 isAdminUser key
# $5 password data
# $6 password hint
# $7 user picture path
# $8 Language string
local databasePath="/Local/Default/Users/${3}"
local targetVol="${1}"
# Find a free UID between 501 and 599
for ((i=501; i<600; i++)); do
output=`/usr/bin/dscl -f "${targetVol}/var/db/dslocal/nodes/Default" localonly -search /Local/Default/Users UniqueID $i`
# If there is already an account dscl returns it, so we're looking for an empty return value.
if [ "$output" == "" ]; then
break
fi
done
# Create the user record
/usr/bin/dscl -f "${targetVol}/var/db/dslocal/nodes/Default" localonly -create $databasePath
if [ $? != 0 ]; then
echo "Failed to create '${databasePath}'."
return 1
fi
# Add long name
/usr/bin/dscl -f "${targetVol}/var/db/dslocal/nodes/Default" localonly -append $databasePath RealName "${2}"
if [ $? != 0 ]; then
echo "Failed to set the RealName."
return 1
fi
# Add PrimaryGroupID
if [ "${4}" == 1 ]; then
/usr/bin/dscl -f "${targetVol}/var/db/dslocal/nodes/Default" localonly -append $databasePath PrimaryGroupID 80
else
/usr/bin/dscl -f "${targetVol}/var/db/dslocal/nodes/Default" localonly -append $databasePath PrimaryGroupID 20
fi
if [ $? != 0 ]; then
echo "Failed to set the PrimaryGroupID."
return 1
fi
# Add UniqueID
/usr/bin/dscl -f "${targetVol}/var/db/dslocal/nodes/Default" localonly -append $databasePath UniqueID ${i}
if [ $? != 0 ]; then
echo "Failed to set the UniqueID."
return 1
fi
# Add Home Directory entry
/usr/bin/dscl -f "${targetVol}/var/db/dslocal/nodes/Default" localonly -append $databasePath NFSHomeDirectory /Users/${3}
if [ $? != 0 ]; then
echo "Failed to set the NFSHomeDirectory."
fi
if [ "${6}" != "" ]; then
/usr/bin/dscl -f "${targetVol}/var/db/dslocal/nodes/Default" localonly -append $databasePath AuthenticationHint "${6}"
if [ $? != 0 ]; then
echo "Failed to set the AuthenticationHint."
return 1
fi
fi
/usr/bin/dscl -f "${targetVol}/var/db/dslocal/nodes/Default" localonly -append $databasePath picture "${7}"
if [ $? != 0 ]; then
echo "Failed to set the picture."
return 1
fi
/usr/bin/dscl -f "${targetVol}/var/db/dslocal/nodes/Default" localonly -passwd $databasePath "${5}"
if [ $? != 0 ]; then
echo "Failed to set the passwd."
return 1
fi
# Add shell
/usr/bin/dscl -f "${targetVol}/var/db/dslocal/nodes/Default" localonly -append $databasePath UserShell "/bin/bash"
if [ $? != 0 ]; then
echo "Failed to set the UserShell."
return 1
fi
# Create Home directory
if [ -e "/System/Library/User Template/${8}.lproj/" ]; then
/usr/bin/ditto "/System/Library/User Template/${8}.lproj/" "${targetVol}/Users/${3}"
else
/usr/bin/ditto "/System/Library/User Template/English.lproj/" "${targetVol}/Users/${3}"
fi
if [ $? != 0 ]; then
echo "Failed to copy the User Template."
return 1
fi
/usr/sbin/chown -R $i:$i "${targetVol}/Users/${3}"
if [ $? != 0 ]; then
echo "Failed to set ownership on the User folder."
return 1
fi
# Copies a list of files (full paths contained in the file at $1) from source to the path specified in $2
CopyEntriesFromFileToPath()
local theFile="$1"
local theDest="$2"
local opt=""
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
opt="-v"
fi
while read FILE
do
if [ -e "${FILE}" ]; then
local leafName=`basename "${FILE}"`
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
echo "Copying ${FILE}."
fi
/usr/bin/ditto $opt "${FILE}" "${theDest}/${leafName}" || return 1
fi
done < "${theFile}"
return 0
# Copies a list of packages (full path, destination pairs contained in the file at $1) from source to .../System/Installation/Packages/
CopyPackagesWithDestinationsFromFile()
local theFile="$1"
local opt=""
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
opt="-v"
fi
while read FILE
do
if [ -e "${FILE}" ]; then
local leafName=`basename "${FILE}"`
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
echo "Copying ${FILE}."
fi
read SUB_PATH
/usr/bin/ditto $opt "${FILE}" "${mountPoint}/Packages/${SUB_PATH}${leafName}" || return 1
fi
done < "${theFile}"
return 0
# Create an installer package in ${1} wrapping the supplied script ${2}
CreateInstallPackageForScript()
local tempDir="$1"
local scriptPath="$2"
local scriptName=`basename "${scriptPath}"`
local entryDir=`pwd`
local opt=""
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
echo "Create installer for script ${scriptName}"
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
opt="-v"
fi
fi
# shouldn't exist on entry...
if [ -e "${tempDir}/emptyDir" ]; then
/bin/rm -rf "${tempDir}/emptyDir"
fi
# make some directories to work in
/bin/mkdir $opt -p "${tempDir}/${scriptName}.pkg/Contents/Resources" || return 1
/bin/mkdir $opt "${tempDir}/emptyDir" || return 1
# Create Archive.pax.gz
cd "${tempDir}/emptyDir"
/bin/pax -w -x cpio -f "${tempDir}/${scriptName}.pkg/Contents/Archive.pax" .
/usr/bin/gzip "${tempDir}/${scriptName}.pkg/Contents/Archive.pax"
cd "${entryDir}"
# Create the Archive.bom file
/usr/bin/mkbom "${tempDir}/emptyDir/" "${tempDir}/${scriptName}.pkg/Contents/Archive.bom" || return 1
# Create the Info.plist
/bin/cat > "${tempDir}/${scriptName}.pkg/Contents/Info.plist" << END
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleIdentifier</key>
<string>com.apple.server.SystemImageUtility.${scriptName}</string>
<key>CFBundleShortVersionString</key>
<string>1</string>
<key>IFMajorVersion</key>
<integer>1</integer>
<key>IFMinorVersion</key>
<integer>0</integer>
<key>IFPkgFlagDefaultLocation</key>
<string>/tmp</string>
<key>IFPkgFlagInstallFat</key>
<false/>
<key>IFPkgFlagIsRequired</key>
<false/>
<key>IFPkgFormatVersion</key>
<real>0.10000000149011612</real>
</dict>
</plist>
END
echo "pkmkrpkg1" > "${tempDir}/${scriptName}.pkg/Contents/PkgInfo"
echo "major: 1\nminor: 0" > "${tempDir}/${scriptName}.pkg/Contents/Resources/package_version"
# Copy the script
/bin/cp "$scriptPath" "${tempDir}/${scriptName}.pkg/Contents/Resources/postflight"
# clean up
/bin/rm -r "${tempDir}/emptyDir"
return 0
# Validate or create the requested directory
CreateOrValidatePath()
local targetDir="$1"
if [ ! -d "${targetDir}" ]; then
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
echo "Creating working path at ${targetDir}"
fi
/bin/mkdir -p "${targetDir}" || return 1
fi
# If any exist, apply any user accounts
CreateUserAccounts()
# $1 volume whose local node database to modify
local count="${#userFullName[*]}"
local targetVol="${1}"
if [ $count -gt 0 ]; then
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
echo "Adding $count user account(s) to the image"
fi
for ((index=0; index<$count; index++)); do
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
echo "Adding user ${userFullName[$index]}"
fi
#lay down user here
AddLocalUser "${targetVol}" "${userFullName[$index]}" "${userUnixName[$index]}" "${userIsAdmin[$index]}" "${userPassword[$index]}" "${userPassHint[$index]}" "${userImagePath[$index]}" "${userLanguage[$index]}"
if [ $? != 0 ]; then
echo "Failed to create the User '${userUnixName[$index]}'."
return 1
fi
done
# "touch"
/usr/bin/touch "${targetVol}/private/var/db/.AppleSetupDone"
/usr/bin/touch "${targetVol}/Library/Receipts/.SetupRegComplete"
fi
# retry the hdiutil detach until we either time out or it succeeds
retry_hdiutil_detach()
local mount_point="${1}"
local tries=0
local forceAt=0
local limit=24
local opt=""
forceAt=$(($limit - 1))
while [ $tries -lt $limit ]; do
tries=$(( tries + 1 ))
/bin/sleep 5
echo "Attempting to detach the disk image again..."
/usr/bin/hdiutil detach "${mount_point}" $opt
if [ $? -ne 0 ]; then
# Dump a list of any still open files on the mountPoint
if [ "${scriptsDebugKey}" == "DEBUG" ]; then
/usr/sbin/lsof +fg "${mount_point}"
fi
if [ $tries -eq $forceAt ]; then
echo "Failed to detach disk image at '${mount_point}' normally, adding -force."
opt="-force"
fi
if [ $tries -eq $limit ]; then
echo "Failed to detach disk image at '${mount_point}'."
exit 1
fi
else
tries=$limit
fi
done
# Create the dyld shared cache files
DetachAndRemoveMount()
local theMount="${1}"
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
echo "Detaching disk image"
# Dump a list of any still open files on the mountPoint
if [ "${scriptsDebugKey}" == "DEBUG" ]; then
/usr/sbin/lsof +fg "${theMount}"
fi
fi
# Finally detach the image and dispose the mountPoint directory
/usr/bin/hdiutil detach "${theMount}" || retry_hdiutil_detach "${theMount}" || return 1
/bin/rmdir "${theMount}" || return 1
return 0
# If the pieces exist, enable remote access for the shell image
EnableRemoteAccess()
local srcVol="${1}"
local opt=""
if [ -e "${srcVol}/usr/lib/pam/pam_serialnumber.so.2" ]; then
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
echo "Enabling shell image remote access support"
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
opt="-v"
fi
fi
# install some things (again which aren't part of BaseSystem) needed for remote ASR installs
/usr/bin/ditto $opt "${srcVol}/usr/lib/pam/pam_serialnumber.so.2" "${mountPoint}/usr/lib/pam/pam_serialnumber.so.2" || return 1
if [ -e "${srcVol}/usr/sbin/installer" ]; then
/usr/bin/ditto $opt "${srcVol}/usr/sbin/installer" "${mountPoint}/usr/sbin/installer" || return 1
fi
# copy the sshd config and add our keys to the end of it
if [ -e "${srcVol}/etc/sshd_config" ]; then
/bin/cat "${srcVol}/etc/sshd_config" - > "${mountPoint}/etc/sshd_config" << END
HostKey /private/var/tmp/ssh_host_key
HostKey /private/var/tmp/ssh_host_rsa_key
HostKey /private/var/tmp/ssh_host_dsa_key
END
fi
fi
return 0
# If it exists, install the sharing names and/or directory binding support to the install image
HandleNetBootClientHelper()
local tempDir="${1}"
local targetVol="${2}"
local opt=""
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
opt="-v"
fi
if [ -e "${tempDir}/bindingNames.plist" ]; then
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
echo "Installing Directory Service binding information"
fi
/usr/bin/ditto $opt "${tempDir}/bindingNames.plist" "${targetVol}/etc/bindingNames.plist" || return 1
/usr/sbin/chown root:wheel "${targetVol}/etc/bindingNames.plist"
/bin/chmod 644 "${targetVol}/etc/bindingNames.plist"
fi
if [ -e "${tempDir}/sharingNames.plist" ]; then
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
echo "Installing Sharing Names support"
fi
/usr/bin/ditto $opt "${tempDir}/sharingNames.plist" "${targetVol}/etc/sharingNames.plist" || return 1
/usr/sbin/chown root:wheel "${targetVol}/etc/sharingNames.plist"
/bin/chmod 644 "${targetVol}/etc/sharingNames.plist"
fi
if [ -e "${tempDir}/NetBootClientHelper" ]; then
/usr/bin/ditto $opt "${tempDir}/NetBootClientHelper" "${targetVol}/usr/sbin/NetBootClientHelper" || return 1
/usr/sbin/chown root:wheel "${targetVol}/usr/sbin/NetBootClientHelper"
/bin/chmod 555 "${targetVol}/usr/sbin/NetBootClientHelper"
/usr/bin/ditto $opt "${tempDir}/com.apple.NetBootClientHelper.plist" "${targetVol}/System/Library/LaunchDaemons/com.apple.NetBootClientHelper.plist" || return 1
/usr/sbin/chown root:wheel "${targetVol}/System/Library/LaunchDaemons/com.apple.NetBootClientHelper.plist"
/bin/chmod 644 "${targetVol}/System/Library/LaunchDaemons/com.apple.NetBootClientHelper.plist"
# finally, make sure it isn't disabled...
/usr/libexec/PlistBuddy -c "Delete :com.apple.NetBootClientHelper" "${targetVol}/var/db/launchd.db/com.apple.launchd/overrides.plist" > /dev/null 2>&1
fi
return 0
# If any exist, install configuration profiles to the install image
InstallConfigurationProfiles()
local tempDir="${1}"
local targetVol="${2}"
local profilesDir="${targetVol}/var/db/ConfigurationProfiles"
local opt=""
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
opt="-v"
fi
if [ -e "${tempDir}/configProfiles.txt" ]; then
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
echo "Installing Configuration Profiles"
fi
/bin/mkdir -p "${profilesDir}/Setup" || return 1
# Make sure the perms are correct
/usr/sbin/chown root:wheel "${profilesDir}"
/bin/chmod 755 "${profilesDir}"
/usr/sbin/chown root:wheel "${profilesDir}/Setup"
/bin/chmod 755 "${profilesDir}/Setup"
/usr/bin/touch "${profilesDir}/.profilesAreInstalled"
CopyEntriesFromFileToPath "${tempDir}/configProfiles.txt" "${profilesDir}/Setup" || return 1
# Enable MCX debugging
if [ 1 == 1 ]; then
if [ -e "${targetVol}/Library/Preferences/com.apple.MCXDebug.plist" ]; then
/usr/libexec/PlistBuddy -c "Delete :debugOutput" "${targetVol}/Library/Preferences/com.apple.MCXDebug.plist" > /dev/null 2>&1
/usr/libexec/PlistBuddy -c "Delete :collateLogs" "${targetVol}/Library/Preferences/com.apple.MCXDebug.plist" > /dev/null 2>&1
fi
/usr/libexec/PlistBuddy -c "Add :debugOutput string -2" "${targetVol}/Library/Preferences/com.apple.MCXDebug.plist" > /dev/null 2>&1
/usr/libexec/PlistBuddy -c "Add :collateLogs string 1" "${targetVol}/Library/Preferences/com.apple.MCXDebug.plist" > /dev/null 2>&1
fi
fi
# Converts a list of scripts (full paths contained in the file at $1) into packages in $3
InstallScriptsFromFile()
local tempDir="${1}"
local theFile="${2}"
local targetDir="${3}"
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
echo "Converting scripts into install packages"
fi
while read FILE
do
if [ -e "${FILE}" ]; then
# make an installer package out of the script
CreateInstallPackageForScript "$tempDir" "${FILE}" || return 1
# copy the resulting package to the Packages directory
local leafName=`basename "${FILE}"`
/usr/bin/ditto $opt "${tempDir}/${leafName}.pkg" "${targetDir}/${leafName}.pkg" || return 1
# clean up
/bin/rm -r "${tempDir}/${leafName}.pkg"
fi
done < "${theFile}"
return 0
# Prepare the source by deleting stuff we don't want to copy if sourcing a volume
PostFlightDestination()
local tempDir="${1}"
local destDir="${2}"
local opt=""
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
echo "Performing post install cleanup"
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ] ; then
opt="-v"
fi
fi
# delete the DS indices to force reindexing...
if [ -e "${mountPoint}/var/db/dslocal/indices/Default/index" ]; then
/bin/rm $opt "${mountPoint}/var/db/dslocal/indices/Default/index"
fi
# detach the disk and remove the mount folder
DetachAndRemoveMount "${mountPoint}"
if [ $? != 0 ]; then
echo "Failed to detach and clean up the mount at '${mountPoint}'."
return 1
fi
echo "Correcting permissions. ${ownershipInfoKey} $destDir"
/usr/sbin/chown -R "${ownershipInfoKey}" "$destDir"
# Prepare the source by deleting stuff we don't want to copy if sourcing a volume
PreCleanSource()
local srcVol="$1"
local opt=""
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ] ; then
opt="-v"
fi
fi
if [ -e "$srcVol/private/var/vm/swapfile*" ]; then
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
echo "Removing swapfiles on $1"
fi
/bin/rm $opt "$srcVol/private/var/vm/swapfile*"
fi
if [ -d "$srcVol/private/tmp" ]; then
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
echo "Cleaning out /private/tmp on $1"
fi
/bin/rm -r $opt "$srcVol/private/tmp/*"
fi
if [ -d "$srcVol/private/var/tmp" ]; then
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
echo "Cleaning out /private/var/tmp on $1"
fi
/bin/rm -r $opt "$srcVol/private/var/tmp/*"
fi
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
echo "Cleaning out devices and volumes on $1"
fi
if [ -d "$srcVol/Volumes" ]; then
/bin/rm -r $opt "$srcVol/Volumes/*"
fi
if [ -d "$srcVol/dev" ]; then
/bin/rm $opt "$srcVol/dev/*"
fi
if [ -d "$srcVol/private/var/run" ]; then
/bin/rm -r $opt "$srcVol/private/var/run/*"
fi
# Copy kernel and build the kext cache on the boot image
PrepareKernelAndKextCache()
local srcDir="$1"
local destDir="$2"
local opt=""
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
echo "Preparing the kernel and kext cache for t /bin/rmdir "${theMount}" || return 1
return 0
# If the pieces exist, enable remote access for the shell image
EnableRemoteAccess()
local srcVol="${1}"
local opt=""
if [ -e "${srcVol}/usr/lib/pam/pam_serialnumber.so.2" ]; then
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
echo "Enabling shell image remote access support"
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
opt="-v"
fi
fi
# install some things (again which aren't part of BaseSystem) needed for remote ASR installs
/usr/bin/ditto $opt "${srcVol}/usr/lib/pam/pam_serialnumber.so.2" "${mountPoint}/usr/lib/pam/pam_serialnumber.so.2" || return 1
if [ -e "${srcVol}/usr/sbin/installer" ]; then
/usr/bin/ditto $opt "${srcVol}/usr/sbin/installer" "${mountPoint}/usr/sbin/installer" || return 1
fi
# copy the sshd config and add our keys to the end of it
if [ -e "${srcVol}/etc/sshd_config" ]; then
/bin/cat "${srcVol}/etc/sshd_config" - > "${mountPoint}/etc/sshd_config" << END
HostKey /private/var/tmp/ssh_host_key
HostKey /private/var/tmp/ssh_host_rsa_key
HostKey /private/var/tmp/ssh_host_dsa_key
END
fi
fi
return 0
# If it exists, install the sharing names and/or directory binding support to the install image
HandleNetBootClientHelper()
local tempDir="${1}"
local targetVol="${2}"
local opt=""
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
opt="-v"
fi
if [ -e "${tempDir}/bindingNames.plist" ]; then
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
echo "Installing Directory Service binding information"
fi
/usr/bin/ditto $opt "${tempDir}/bindingNames.plist" "${targetVol}/etc/bindingNames.plist" || return 1
/usr/sbin/chown root:wheel "${targetVol}/etc/bindingNames.plist"
/bin/chmod 644 "${targetVol}/etc/bindingNames.plist"
fi
if [ -e "${tempDir}/sharingNames.plist" ]; then
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
echo "Installing Sharing Names support"
fi
/usr/bin/ditto $opt "${tempDir}/sharingNames.plist" "${targetVol}/etc/sharingNames.plist" || return 1
/usr/sbin/chown root:wheel "${targetVol}/etc/sharingNames.plist"
/bin/chmod 644 "${targetVol}/etc/sharingNames.plist"
fi
if [ -e "${tempDir}/NetBootClientHelper" ]; then
/usr/bin/ditto $opt "${tempDir}/NetBootClientHelper" "${targetVol}/usr/sbin/NetBootClientHelper" || return 1
/usr/sbin/chown root:wheel "${targetVol}/usr/sbin/NetBootClientHelper"
/bin/chmod 555 "${targetVol}/usr/sbin/NetBootClientHelper"
/usr/bin/ditto $opt "${tempDir}/com.apple.NetBootClientHelper.plist" "${targetVol}/System/Library/LaunchDaemons/com.apple.NetBootClientHelper.plist" || return 1
/usr/sbin/chown root:wheel "${targetVol}/System/Library/LaunchDaemons/com.apple.NetBootClientHelper.plist"
/bin/chmod 644 "${targetVol}/System/Library/LaunchDaemons/com.apple.NetBootClientHelper.plist"
# finally, make sure it isn't disabled...
/usr/libexmountPoint=`mktemp -d "/tmp/mnt.XXXXXXXX"`
errExit()
echo "Execution of '`basename ${0}`' failed. Cleaning up."
# detach the disk and remove the mount folder
DetachAndRemoveMount "${mountPoint}"
/bin/rm -r "${destPath}"
exit 1
# Set up for script debugging
debug_opt=""
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ] ; then
debug_opt="-v"
fi
# Prepare the destination
CreateOrValidatePath "$destPath" || errExit
# update progress information
echo "${progressPrefix}_creatingImage_"
if [ -e "${installSource}/BaseSystem.dmg" ]; then
size=$2
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ] ; then
echo "Creating disk image (Size: $size MB)"
fi
/usr/bin/hdiutil create "$destPath/$dmgTarget" -megabytes $size -volname "${dmgVolName}" -uid 0 -gid 80 -mode 1775 -layout "SPUD" -fs "$destVolFSType" -stretch 500g -ov -puppetstrings || errExit
echo "${progressPrefix}_copyingSource_"
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ] ; then
echo "Attaching disk image"
fi
/usr/bin/hdiutil attach "${destPath}/${dmgTarget}.dmg" -owners on -nobrowse -noautoopen -mountpoint "${mountPoint}" -quiet || errExit
# Copy source Volume base system to
/usr/bin/ditto $debug_opt "${installSource}" "${mountPoint}" || errExit
else
echo "This does not appear to be a Mac OS X Install DVD."
errExit
fi
# If adding any additional packages or scripts
if [ -e "${1}/OSInstall.collection" ]; then
/usr/bin/ditto $debug_opt "${1}/OSInstall.collection" "${mountPoint}/Packages/OSInstall.collection" || errExit
/usr/sbin/chown root:wheel "${mountPoint}/Packages/OSInstall.collection"
# If adding any additional packages
if [ -e "${1}/additionalPackages.txt" ]; then
CopyPackagesWithDestinationsFromFile "${1}/additionalPackages.txt" || errExit
fi
# If adding any scripts
if [ -e "${1}/additionalScripts.txt" ]; then
InstallScriptsFromFile "${1}" "${1}/additionalScripts.txt" "${mountPoint}/Packages" || errExit
fi
fi
# If it exists, install the partition data onto the install image
ProcessAutoPartition "${1}" || errExit
# If it exists, install minstallconfig.xml (AutoInstall data) onto the install image
ProcessMinInstall "${1}" || errExit
# update progress information
echo "${progressPrefix}_buildingBooter_"
# Copy kernel and boot loader
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
echo "Preparing the kernel and boot loader for the boot image"
fi
# make sure this doesn't exist
if [ -e "${destPath}/i386" ]; then
/bin/rm -rf "${destPath}/i386"
fi
/bin/mkdir -p $debug_opt "${destPath}/i386/x86_64" || errExit
# copy these directly off the install media
/usr/bin/ditto $debug_opt "${installSource}/boot.efi" "${destPath}/i386/booter" || errExit
/usr/bin/chflags nohidden "${destPath}/i386/booter"
# Grab the relevant portion of the com.apple.Boot.plist
kernelFlags=`/usr/libexec/PlistBuddy -c "print :'Kernel Flags'" "${installSource}/Library/Preferences/SystemConfiguration/com.apple.Boot.plist"`
/usr/libexec/PlistBuddy -c "add :'Kernel Flags' string ${kernelFlags}" "${destPath}/i386/com.apple.Boot.plist" > /dev/null 2>&1
/usr/bin/ditto $debug_opt "${installSource}/System/Library/CoreServices/PlatformSupport.plist" "${destPath}/i386/PlatformSupport.plist" || errExit
# extract the kernel & kernelcache for the boot shell
/usr/bin/lipo -extract i386 "${mountPoint}/kernelcache" -output "${destPath}/i386/kernelcache" || errExit
/usr/bin/lipo -extract x86_64 "${mountPoint}/kernelcache" -output "${destPath}/i386/x86_64/kernelcache" || errExit
# Apply choice changes, if any
if [ -e "${1}/MacOSXInstaller.choiceChanges" ]; then
echo "Copy over package choice selection."
/usr/bin/ditto $debug_opt "${1}/MacOSXInstaller.choiceChanges" "${mountPoint}/Packages/Extras/MacOSXInstaller.choiceChanges"
fi
# update progress information
echo "${progressPrefix}_finishingUp_"
# perform the final cleanup
PostFlightDestination "${1}" "$destPath" || errExit
errExit
Vol/private/tmp" ]; then
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
echo "Cleaning out /private/tmp on $1"
fi
/bin/rm -r $opt "$srcVol/private/tmp/*"
fi
if [ -d "$srcVol/private/var/tmp" ]; then
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
echo "Cleaning out /private/var/tmp on $1"
fi
/bin/rm -r $opt "$srcVol/private/var/tmp/*"
fi
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
echo "Cleaning out devices and volumes on $1"
fi
if [ -d "$srcVol/Volumes" ]; then
/bin/rm -r $opt "$srcVol/Volumes/*"
fi
if [ -d "$srcVol/dev" ]; then
/bin/rm $opt "$srcVol/dev/*"
fi
if [ -d "$srcVol/private/var/run" ]; then
/bin/rm -r $opt "$srcVol/private/var/run/*"
fi
# Copy kernel and build the kext cache on the boot image
PrepareKernelAndKextCache()
local srcDir="$1"
local destDir="$2"
local opt=""
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
echo "Preparing the kernel and kext cache for tPERCENT:0.000000
PERCENT:4.332841
PERCENT:8.985722
PERCENT:12.358444
PERCENT:14.524864
PERCENT:16.617430
PERCENT:19.522402
PERCENT:21.614967
PERCENT:23.535204
PERCENT:26.070902
PERCENT:29.271296
PERCENT:33.111767
PERCENT:38.847858
PERCENT:42.343674
PERCENT:44.707043
PERCENT:46.578041
PERCENT:49.138355
PERCENT:51.772526
PERCENT:55.563763
PERCENT:58.567207
PERCENT:62.210735
PERCENT:64.795670
PERCENT:69.719353
PERCENT:74.741508
PERCENT:77.055641
PERCENT:79.591331
PERCENT:83.013290
PERCENT:85.548988
PERCENT:88.010834
PERCENT:91.728210
PERCENT:97.710487
PERCENT:100.000000
PERCENT:-1.000000
Finalizing disk image.
created: /Users/vm/Desktop/NetInstall of Install Mac OS X Lion/NetInstall.dmg
/bin/rmdir "${theMount}" || return 1
return 0
# If the pieces exist, enable remote access for the shell image
EnableRemoteAccess()
local srcVol="${1}"
local opt=""
if [ -e "${srcVol}/usr/lib/pam/pam_serialnumber.so.2" ]; then
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
echo "Enabling shell image remote access support"
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
opt="-v"
fi
fi
# install some things (again which aren't part of BaseSystem) needed for remote ASR installs
/usr/bin/ditto $opt "${srcVol}/usr/lib/pam/pam_serialnumber.so.2" "${mountPoint}/usr/lib/pam/pam_serialnumber.so.2" || return 1
if [ -e "${srcVol}/usr/sbin/installer" ]; then
/usr/bin/ditto $opt "${srcVol}/usr/sbin/installer" "${mountPoint}/usr/sbin/installer" || return 1
fi
# copy the sshd config and add our keys to the end of it
if [ -e "${srcVol}/etc/sshd_config" ]; then
/bin/cat "${srcVol}/etc/sshd_config" - > Creating working path at /Users/vm/Desktop/NetInstall of Install Mac OS X Lion
Creating disk image (Size: 4062 MB)
/tmp/ssh_host_dsa_key
END
fi
fi
return 0
# If it exists, install the sharing names and/or directory binding support to the install image
HandleNetBootClientHelper()
local tempDir="${1}"
local targetVol="${2}"
local opt=""
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
opt="-v"
fi
if [ -e "${tempDir}/bindingNames.plist" ]; then
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
echo "Installing Directory Service binding information"
fi
/usr/bin/ditto $opt "${tempDir}/bindingNames.plist" "${targetVol}/etc/bindingNames.plist" || return 1
/usr/sbin/chown root:wheel "${targetVol}/etc/bindingNames.plist"
/bin/chmod 644 "${targetVol}/etc/bindingNames.plist"
fi
if [ -e "${tempDir}/sharingNames.plist" ]; then
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
echo "Installing Sharing Names support"
fi
/usr/bin/ditto $opt "${tempDir}/sharingNames.plist" "${targetVol}/etc/sharingNames.plist" || return 1
/usr/sbin/chown root:wheel "${targetVol}/etc/sharingNames.plist"
/bin/chmod 644 "${targetVol}/etc/sharingNames.plist"
fi
if [ -e "${tempDir}/NetBootClientHelper" ]; then
/usr/bin/ditto $opt "${tempDir}/NetBootClientHelper" "${targetVol}/usr/sbin/NetBootClientHelper" || return 1
/usr/sbin/chown root:wheel "${targetVol}/usr/sbin/NetBootClientHelper"
/bin/chmod 555 "${targetVol}/usr/sbin/NetBootClientHelper"
/usr/bin/ditto $opt "${tempDir}/com.apple.NetBootClientHelper.plist" "${targetVol}/System/Library/LaunchDaemons/com.apple.NetBootClientHelper.plist" || return 1
/usr/sbin/chown root:wheel "${targetVol}/System/Library/LaunchDaemons/com.apple.NetBootClientHelper.plist"
/bin/chmod 644 "${targetVol}/System/Library/LaunchDaemons/com.apple.NetBootClientHelper.plist"
# finally, make sure it isn't disabled...
/usr/libex
# update progress information
echo "${progressPrefix}_creatingImage_"
if [ -e "${installSource}/BaseSystem.dmg" ]; then
size=$2
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ] ; then
echo "Creating disk image (Size: $size MB)"
fi
/usr/bin/hdiutil create "$destPath/$dmgTarget" -megabytes $size -volname "${dmgVolName}" -uid 0 -gid 80 -mode 1775 -layout "SPUD" -fs "$destVolFSType" -stretch 500g -ov -puppetstrings || errExit
echo "${progressPrefix}_copyingSource_"
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ] ; then
echo "Attaching disk image"
fi
/usr/bin/hdiutil attach "${destPath}/${dmgTarget}.dmg" -owners on -nobrowse -noautoopen -mountpoint "${mountPoint}" -quiet || errExit
# Copy source Volume base system to
/usr/bin/ditto $debug_opt "${installSource}" "${mountPoint}" || errExit
else
echo "This does not appear to be a Mac OS X Install DVD."
errExit
fi
# If adding any additional packages or scripts
if [ -e "${1}/OSInstall.collection" ]; then
/usr/bin/ditto $debug_opt "${1}/OSInstall.collection" "${mountPoint}/Packages/OSInstall.collection" || errExit
/usr/sbin/chown root:wheel "${mountPoint}/Packages/OSInstall.collection"
# If adding any additional packages
if [ -e "${1}/additionalPackages.txt" ]; then
CopyPackagesWithDestinationsFromFile "${1}/additionalPackages.txt" || errExit
fi
# If adding any scripts
if [ -e "${1}/additionalScripts.txt" ]; then
InstallScriptsFromFile "${1}" "${1}/additionalScripts.txt" "${mountPoint}/Packages" || errExit
fi
fi
# If it exists, install the partition data onto the install image
ProcessAutoPartition "${1}" || errExit
# If it exists, install minstallconfig.xml (AutoInstall data) onto the install image
ProcessMinInstall "${1}" || errExit
# update progress information
echo "${progressPrefix}_buildingBooter_"
# Copy kernel and boot loader
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
echo "Preparing the kernel and boot loader for the boot image"
fi
# make sure this doesn't exist
if [ -e "${destPath}/i386" ]; then
/bin/rm -rf "${destPath}/i386"
fi
/bin/mkdir -p $debug_opt "${destPath}/i386/x86_64" || errExit
# copy these directly off the install media
/usr/bin/ditto $debug_opt "${installSource}/boot.efi" "${destPath}/i386/booter" || errExit
/usr/bin/chflags nohidden "${destPath}/i386/booter"
# Grab the relevant portion of the com.apple.Boot.plist
kernelFlags=`/usr/libexec/PlistBuddy -c "print :'Kernel Flags'" "${installSource}/Library/Preferences/SystemConfiguration/com.apple.Boot.plist"`
/usr/libexec/PlistBuddy -c "add :'Kernel Flags' string ${kernelFlags}" "${destPath}/i386/com.apple.Boot.plist" > /dev/null 2>&1
/usr/bin/ditto $debug_opt "${installSource}/System/Library/CoreServices/PlatformSupport.plist" "${destPath}/i386/PlatformSupport.plist" || errExit
# extract the kernel & kernelcache for the boot shell
/usr/bin/lipo -extract i386 "${mountPoint}/kernelcache" -output "${destPath}/i386/kernelcache" || errExit
/usr/bin/lipo -extract x86_64 "${mountPoint}/kernelcache" -output "${destPath}/i386/x86_64/kernelcache" || errExit
# Apply choice changes, if any
if [ -e "${1}/MacOSXInstaller.choiceChanges" ]; then
echo "Copy over package choice selection."
/usr/bin/ditto $debug_opt "${1}/MacOSXInstaller.choiceChanges" "${mountPoint}/Packages/Extras/MacOSXInstaller.choiceChanges"
fi
# update progress information
echo "${progressPrefix}_finishingUp_"
# perform the final cleanup
PostFlightDestination "${1}" "$destPath" || errExit
rrExit
# Apply choice changes, if any
if [ -e "${1}/MacOSXInstaller.choiceChanges" ]; then
echo "Copy over package choice selection."
/usr/bin/ditto $debug_opt "${1}/MacOSXInstaller.choiceChanges" "${mountPoint}/Packages/Extras/MacOSXInstaller.choiceChanges"
fi
# update progress information
echo "${progressPrefix}_finishingUp_"
# perform the final cleanup
PostFlightDestination "${1}" "$destPath" || errExit
tDestination "${1}" "$destPath" || errExit
errExit
Vol/private/tmp" ]; then
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
echo "Cleaning out /private/tmp on $1"
fi
/bin/rm -r $opt "$srcVol/private/tmp/*"
fi
if [ -d "$srcVol/private/var/tmp" ]; then
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
echo "Cleaning out /private/var/tmp on $1"
fi
/bin/rm -r $opt "$srcVol/private/var/tmp/*"
fi
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
echo "Cleaning out devices and volumes on $1"
fi
if [ -d "$srcVol/Volumes" ]; then
/bin/rm -r $opt "$srcVol/Volumes/*"
fi
if [ -d "$srcVol/dev" ]; then
/bin/rm $opt "$srcVol/dev/*"
fi
if [ -d "$srcVol/private/var/run" ]; then
/bin/rm -r $opt "$srcVol/private/var/run/*"
fi
# Copy kernel and build the kext cache on the boot image
PrepareKernelAndKextCache()
local srcDir="$1"
local destDir="$2"
local opt=""
if [ "${scriptsDebugKey}" == "VERBOSE" -o "${scriptsDebugKey}" == "DEBUG" ]; then
Stopping image creation.
Terminating script!
Image creation failed.
Maybe you are looking for
-
In Bookmarks I used to be able to right click on a bookmark and in a menu box I could click on, SORT BY NAME, sort by name is no longer in the right click menu. I don't want to have to drag to sort bookmarks as I have too many. How do I get "SORT BY
-
Printer driver for Hp Color LaserJet 1600 ???
I have an Hp Color LaserJet 1600 printer. Best printer i ever had. Where can I find printer driver ? Checked a few Hp and apple site and every printer inthe world except this one seem to have a driver. my OS is 10.8.4
-
Photoshop Elements 8 and Camera Raw
I have Elements 8 installed on my Dell notebook (INSPIRON mini) I have installed the Camera Raw 5.5 plug-in and I am using a Nikon D90 camera. The plug-in has been installed in "Program files/Adobe/Photoshop Elements 8/Plug-Ins/File Formats/ and the
-
Itunes will not open on macbook. says requires quicktime 7.5.5 or later.
Have a macbook and when I try to open itunes it says that itunes requires quicktime 7.5.5 or later. I try to download quicktime as i have 7.5 and it tells me to manage software through the software update function. The software update function will
-
Hello. I have a problem. I have bought an iPad 3rd generation and my added applications do not work. Could anyone help me with that? Thank you.