Create silent-oauth.sh

2026-02-03 14:03:22 +00:00 · 2025-05-21 17:17:14 +01:00
parent 4d40910f33
commit 761c16e82e
1 changed files with 232 additions and 0 deletions
--- a/Mac/silent-oauth.sh
+++ b/Mac/silent-oauth.sh
@@ -0,0 +1,232 @@
+#!/bin/sh
+echo "____________________________________________"
+echo "Start: TAILSCALE SILENT AUTH SCRIPT"
+###############################################################################################
+#
+#                                                        ******
+#                                        *...../    /    ******
+# **************  *****/  *****/*****/***/*************/ ******  /**********
+# ******/..*****/ *****/  *****/********//******/ ,*****/******,*****  ,*****/
+# *****/    ***** *****/  *****/*****/    *****/   /**************************
+# *******//*****/ *************/*****/    *********************/*******./*/*  ())
+# *************    ******/*****/*****/    *****/******/. ******   ********** (()))
+# *****/                                  *****/                              ())
+# *****/                                  *****/
+#
+###############################################################################################
+# NOTICE: MAC SPECIFIC SCRIPT, USING MOSYLE VARIABLES
+###############################################################################################
+
+# DEFAULT VARIABLES
+APPNA="Tailscale"
+DIR="/Applications/$APPNA.app"
+IP1=8.8.8.8
+IP2=$(echo "$TSSERVERIP")
+DT0=$(date "+%D %T")
+echo "Execution Record for $DT0"
+echo 
+
+# SOURCES USER INFO FOR RUNASUSER COMMAND BELOW
+currentUser=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ { print $3 }' )
+uid=$(id -u "$currentUser")
+
+MODEL_INFO=$(system_profiler SPHardwareDataType | grep "Model Name" | sed 's/^ *//')
+PRETTY_MODEL=${MODEL_INFO/"Model Name: "/}
+SERIAL_INFO=$(system_profiler SPHardwareDataType | grep "Serial Number (system)" | sed 's/^ *//')
+PRETTY_SERIAL=${SERIAL_INFO/"Serial Number (system): "/}
+
+
+if [ "$USEMODELANDSERIAL" == "Y" ]; then
+	echo "• Organisation includes Model and Serial in Hostname"
+	if [[ -z "$TSUNAME" ]]; then
+		TSUSER=$(echo "$currentUser-$PRETTY_MODEL-$PRETTY_SERIAL" | tr 'A-Z' 'a-z' | sed 's/ /-/g')
+	else
+		TSUSER=$(echo "$TSUNAME-$PRETTY_MODEL-$PRETTY_SERIAL" | tr 'A-Z' 'a-z' | sed 's/ /-/g')
+  		OLDTSUSER=$(echo "$TSUNAME" | tr 'A-Z' 'a-z' | sed 's/ //g')
+	fi
+else
+	echo "• Organisation uses only Username in Hostname"
+	if [[ -z "$TSUNAME" ]]; then
+		TSUSER=$(echo "$currentUser" | tr 'A-Z' 'a-z' | sed 's/ /-/g')
+	else
+		TSUSER=$(echo "$TSUNAME" | tr 'A-Z' 'a-z' | sed 's/ /-/g')
+  		OLDTSUSER=$(echo "$TSUNAME" | tr 'A-Z' 'a-z' | sed 's/ //g')
+	fi
+fi
+
+# SIMPLIFIES RUN AS USER COMMAND FOR STANDARD USER ACCOUNTS WITHOUT SUDO RIGHTS
+runAsUser() {
+  if [ "$currentUser" != "loginwindow" ]; then
+	launchctl asuser "$uid" sudo -u "$currentUser" "$@"
+  else
+	  echo 
+	echo "• No user is logged in"
+	echo 
+	echo "End: TAILSCALE SILENT AUTH SCRIPT"
+	echo "____________________________________________"
+	echo 
+	exit 1
+  fi
+}
+
+# CHECKS TAILSCALE IS PRESENT ON THE DEVICE
+if [ -d "$DIR" ]; then
+  ### Take action if $DIR exists ###
+  echo "• $APPNA is installed."
+else
+  ###  Control will jump here if $DIR does NOT exists ###
+  echo 
+  echo "• $APPNA is not installed."
+  echo 
+  echo "End: TAILSCALE SILENT AUTH SCRIPT"
+  echo "____________________________________________"
+  echo 
+  exit 1
+fi
+
+runAsUser defaults write io.tailscale.ipn.macos TailscaleOnboardingSeen 1
+runAsUser defaults write io.tailscale.ipn.macos TailscaleStartOnLogin 1
+defaults write io.tailscale.ipn.macos ManagedByOrganizationName "Purple Computing"  
+
+sleep 3
+
+# OPENS TAILSCALE BEFORE CHECKS
+runAsUser osascript -e 'tell application "Tailscale"' -e 'activate' -e 'end tell'
+
+# GIVES TAILSCALE TIME TO OPEN AND CONNECT IF EMPLOYEE AUTHED
+sleep 6
+
+# PING GOOGLE FOR NEXT CHECK
+PING1=$(ping -c 1 "$IP1" | grep -c from)
+sleep 2
+
+# PING TAILSCALE VPR FOR FIRST ATTEMPT
+echo "• "Tailscale Ping Address":" "$IP2"
+PING2=$(ping -c 1 "$IP2" | grep -c from)
+
+# INTERNET CHECK
+if [ "$PING1" -eq "1" ]; then
+	echo "• Internet is working"
+else
+	echo 
+	echo "• NO INTERNET... Exit.."
+	echo 
+	echo "End: TAILSCALE SILENT AUTH SCRIPT"
+	echo "____________________________________________"
+	echo 
+	exit 1
+fi
+
+# TAILSCALE ALREADY AUTHED CHECK
+if [ "$PING2" -eq "1" ]; then
+	runAsUser /Applications/Tailscale.app/Contents/MacOS/Tailscale set --hostname "$TSUSER"
+	echo "• Tailscale Ping Address: $IP2 is reachable"
+	echo "• Internet is working"
+	TSMNetName="$(runAsUser /Applications/Tailscale.app/Contents/MacOS/Tailscale status | head -n 1 | awk '{print $3}' | awk -F'.' '{print $2}')"
+	TSMHostname="$(runAsUser /Applications/Tailscale.app/Contents/MacOS/Tailscale status | head -n 1 | awk '{print $2}' | awk -F'.' '{print $1}')"
+	TSMIP="$(runAsUser /Applications/Tailscale.app/Contents/MacOS/Tailscale status | head -n 1 | awk '{print $1}')"
+	echo "• User is Authenticated"
+ 	if [ "$TSEXITNODE" == "N" ]; then
+		echo "• Exit Node NOT Enforced"
+	else
+		if [[ -z "$TSEXITNODE" ]]; then
+			echo "• Exit Node NOT Enforced"
+		else
+			echo "• Exit Node Enforced"
+			runAsUser /Applications/Tailscale.app/Contents/MacOS/Tailscale set --exit-node=$TSEXITNODE
+		fi
+	fi
+	echo 
+	echo NO INTERVENTION WAS NEEDED
+	 echo
+	 echo "Tailnet: $TSMNetName"
+	  echo "Hostname: $TSMHostname"
+	   echo "IP: $TSMIP"
+	echo 
+	echo "End: TAILSCALE SILENT AUTH SCRIPT"
+	echo "____________________________________________"
+	echo 
+	exit 0
+
+else
+	echo 
+	echo ATTEMPT"1:" NO AUTH AUTHENTICATING...
+	# killall Tailscale
+	sleep 3
+	runAsUser osascript -e 'tell application "Tailscale"' -e 'activate' -e 'end tell'
+	sleep 6
+  	runAsUser /Applications/Tailscale.app/Contents/MacOS/Tailscale switch "$TAILSCALENET"
+   	sleep 1
+    	runAsUser /Applications/Tailscale.app/Contents/MacOS/Tailscale set --hostname "$TSUSER"
+	echo 
+fi
+sleep 7
+# PING TAILSCALE VPR AFTER THE FIRST ATTEMPT
+PING3=$(ping -c 1 "$IP2" | grep -c from)
+
+# TAILSCALE FINAL AUTH CHECK
+if [ "$PING3" -eq "1" ]; then
+	echo "• Tailscale Ping Address: $IP2 is reachable"
+	 echo "• Internet is working"
+	 TSMNetName="$(runAsUser /Applications/Tailscale.app/Contents/MacOS/Tailscale status | head -n 1 | awk '{print $3}' | awk -F'.' '{print $2}')"
+	  TSMHostname="$(runAsUser /Applications/Tailscale.app/Contents/MacOS/Tailscale status | head -n 1 | awk '{print $2}' | awk -F'.' '{print $1}')"
+	   TSMIP="$(runAsUser /Applications/Tailscale.app/Contents/MacOS/Tailscale status | head -n 1 | awk '{print $1}')"
+	echo "• User is Authenticated"
+	if [ "$TSEXITNODE" == "N" ]; then
+		echo "• Exit Node NOT Enforced"
+	else
+		if [[ -z "$TSEXITNODE" ]]; then
+			echo "• Exit Node NOT Enforced"
+		else
+			echo "• Exit Node Enforced"
+			runAsUser /Applications/Tailscale.app/Contents/MacOS/Tailscale set --exit-node=$TSEXITNODE
+		fi
+	fi
+ 	echo 
+	echo "ATTEMPT 1:" AUTHENTICATED SUCCESSFULLY
+	echo
+	echo "Tailnet: $TSMNetName"
+	echo "Hostname: $TSMHostname"
+	echo "IP: $TSMIP"
+	echo 
+	echo "End: TAILSCALE SILENT AUTH SCRIPT"
+	echo "____________________________________________"
+	echo 
+	exit 0
+else
+	echo 
+	echo ATTEMPT"2:" NO AUTH... AUTHING WITH RESET...
+	sleep 2.5
+	runAsUser osascript -e 'tell application "Tailscale"' -e 'activate' -e 'end tell'
+	if [[ -z "$HOOKHELPER" ]]; then
+		echo "• No Webhooks to Fire. Continuing..."
+	else
+		echo "• Cleaning up Existing Node in TS Admin Portal"
+		curl -s --request POST "$HOOKHELPER" -H "Content-Type: application/json; charset=UTF-8" -d '{"tailnet": "'"$TAILSCALENET"'", "apikey": "'"$TAILSCALEAPIKEY"'", "targetname": "'"$TSUSER"'"}'
+		curl -s --request POST "$HOOKHELPER" -H "Content-Type: application/json; charset=UTF-8" -d '{"tailnet": "'"$TAILSCALENET"'", "apikey": "'"$TAILSCALEAPIKEY"'", "targetname": "'"$OLDTSUSER"'"}'
+	fi
+	sleep 2.5
+ 	curl -s https://raw.githubusercontent.com/PurpleComputing/Tailscale-scripts/main/Mac/logout-all.sh | bash
+  	runAsUser /Applications/Tailscale.app/Contents/MacOS/Tailscale up --authkey "$TAILSCALEAUTHKEY" --hostname "$TSUSER" --advertise-tags=tag:$TSTAG
+   	sleep 1.5
+	runAsUser /Applications/Tailscale.app/Contents/MacOS/Tailscale up --authkey "$TAILSCALEAUTHKEY" --hostname "$TSUSER" --advertise-tags=tag:$TSTAG
+ 	runAsUser /Applications/Tailscale.app/Contents/MacOS/Tailscale set --hostname "$TSUSER"
+	echo 
+fi
+ 	
+if [ "$TSEXITNODE" == "N" ]; then
+	echo "• Exit Node NOT Enforced"
+else
+	if [[ -z "$TSEXITNODE" ]]; then
+	 echo "• Exit Node NOT Enforced"
+	else
+	 echo "• Exit Node Enforced"
+	 runAsUser /Applications/Tailscale.app/Contents/MacOS/Tailscale set --exit-node=$TSEXITNODE
+	fi
+fi
+ 
+echo "End: TAILSCALE SILENT AUTH SCRIPT"
+echo "____________________________________________"
+
+
+exit 0