Improve network script to support 10.11+

Munki/Auth/UnlockNetwork/installcheck.py

@@ -14,39 +14,38 @@
 
 groups = out.split('.')
 
-v = groups[0].strip() + '.' + groups[1].strip()
+v = int(groups[1].strip())
 
 command = ['/usr/bin/security', 'authorizationdb', 'read', 'system.preferences.network']
 
 task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
 (out, err) = task.communicate()
 
-formatted = plistlib.readPlistFromString(out)
+networkPreferences = plistlib.readPlistFromString(out)
 
 command = ['/usr/bin/security', 'authorizationdb', 'read', 'system.services.systemconfiguration.network']
 
 task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
 (out, err) = task.communicate()
 
-formatted2 = plistlib.readPlistFromString(out)
+systemConfig = plistlib.readPlistFromString(out)
 
 # Need to check the group for 10.9, and the rule for 10.8
 # if group matches for both rights, exit 1 as we don't need to install
-if v == '10.9' or v == '10.10':  
-    try:
+if v >= 9:
+    if 'group' in networkPreferences and 'group' in systemConfig:
         # There are two formats for this plist. WAT?
-        if formatted['group'] == group and formatted2['group'] == group:
+        if networkPreferences['group'] == group and systemConfig['group'] == group:
             sys.exit(1)
         else:
             # if it doesn't we're exiting with 0 as we need to perform the install
             sys.exit(0)
-    except:
+    else:
         # the group might not be set, let's do it
         sys.exit(0)
-
-if v == '10.8':
-    if formatted['group'] == group and formatted2['rule'] == 'allow':
+elif v <= 8:
+    if networkPreferences['group'] == group and systemConfig['rule'] == 'allow':
         sys.exit(1)
     else:
         # if it doesn't we're exiting with 0 as we need to perform the install
-        sys.exit(0)
+        sys.exit(0)

Munki/Auth/UnlockNetwork/postinstall.py

@@ -14,7 +14,8 @@
 
 groups = out.split('.')
 
-v = groups[0].strip() + '.' + groups[1].strip()
+v = int(groups[1].strip())
+
 command = ['/usr/bin/security', 'authorizationdb', 'read', 'system.services.systemconfiguration.network']
 
 task = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
@@ -24,7 +25,7 @@
 
 # If we're on 10.9 or 10.10 and the group doesn't match, we're going to correct it.
 
-if v == '10.9' or v == '10.10':
+if v >= 9:
     if formatted['group'] != group:
         formatted['group'] = group
         # Convert back to plist
@@ -35,7 +36,7 @@
         (out, err) = task.communicate(input=input_plist)
 
 # If we're on 10.8 and the rule doesn't match, we're going to correct it.
-if v == '10.8':
+elif v <= 8:
     if formatted['rule'] != 'allow':
         formatted['rule'] = 'allow'
         # Convert back to plist

Munki/Auth/UnlockNetwork/uninstall.py

@@ -14,7 +14,7 @@
 
 groups = out.split('.')
 
-v = groups[0].strip() + '.' + groups[1].strip()
+v = int(groups[1].strip())
 
 command = ['/usr/bin/security', 'authorizationdb', 'read', 'system.services.systemconfiguration.network']
 
@@ -23,7 +23,7 @@
 formatted = plistlib.readPlistFromString(out)
 
 # If we're on 10.9 and the group doesn't match, we're going to correct it.
-if v == '10.9' or v == '10.10':
+if v >= 9:
     if formatted['group'] != group:
         formatted['group'] = group
         # Convert back to plist
@@ -34,7 +34,7 @@
         (out, err) = task.communicate(input=input_plist)
 
 # If we're on 10.8 and the rule doesn't match, we're going to correct it.
-if v == '10.8':
+elif v <= 8:
     if formatted['rule'] != 'root-or-entitled-admin-or-app-specific-admin':
         formatted['rule'] = 'root-or-entitled-admin-or-app-specific-admin'
         # Convert back to plist