def build_configuration_profile(enrolled_machine):
payload_content = {
"PayloadContent": {
"ManagedInstalls": {
"Forced": [{
"mcx_preference_settings":
build_configuration(enrolled_machine)
}]
}
},
"PayloadEnabled": True,
"PayloadIdentifier": get_payload_identifier("monolith.settings.0"),
"PayloadUUID": generate_payload_uuid(),
"PayloadType": "com.apple.ManagedClient.preferences",
"PayloadVersion": 1
}
configuration_profile_data = {
"PayloadContent": [payload_content],
"PayloadDescription": "Munki settings for Zentral/Monolith",
"PayloadDisplayName": "Zentral - Munki settings",
"PayloadIdentifier": get_payload_identifier("monolith.settings"),
"PayloadOrganization": "Zentral",
"PayloadRemovalDisallowed": True,
"PayloadScope": "System",
"PayloadType": "Configuration",
"PayloadUUID": generate_payload_uuid(),
"PayloadVersion": 1
}
content = sign_payload_openssl(plistlib.dumps(configuration_profile_data))
return (get_payload_identifier("monolith.settings.mobileconfig"), content)
def build_configuration_profile(enrollment):
identifier = get_payload_identifier("santa_configuration")
payload_content = {
"PayloadContent": {
"com.google.santa": {
"Forced": [{
"mcx_preference_settings":
build_santa_enrollment_configuration(enrollment)
}]
}
},
"PayloadEnabled": True,
"PayloadIdentifier": identifier,
"PayloadUUID": generate_payload_uuid(),
'PayloadType': 'com.apple.ManagedClient.preferences',
'PayloadVersion': 1
}
configuration_profile_data = {
"PayloadContent": [payload_content],
"PayloadDisplayName": "Zentral - Santa configuration",
"PayloadDescription": "Google Santa configuration for Zentral",
"PayloadIdentifier": identifier,
"PayloadOrganization": "Zentral",
"PayloadRemovalDisallowed": True,
"PayloadScope": "System",
"PayloadType": "Configuration",
"PayloadUUID": generate_payload_uuid(),
"PayloadVersion": 1
}
content = sign_payload_openssl(plistlib.dumps(configuration_profile_data))
return "{}.mobileconfig".format(identifier), content
def build_configuration_profile(enrolled_machine):
configuration = enrolled_machine.enrollment.configuration
payload_content = {"PayloadContent": {"com.google.santa": {"Forced": [
{"mcx_preference_settings": build_santa_configuration_dict(enrolled_machine)}
]}},
"PayloadEnabled": True,
"PayloadIdentifier": get_payload_identifier("santa.configuration.{}".format(configuration.pk)),
"PayloadUUID": generate_payload_uuid(),
'PayloadType': 'com.apple.ManagedClient.preferences',
'PayloadVersion': 1}
configuration_profile_data = {"PayloadContent": [payload_content],
"PayloadDescription": "Google santa configuration",
"PayloadDisplayName": "Google santa configuration",
"PayloadIdentifier": "com.google.santa",
"PayloadOrganization": "Zentral",
"PayloadRemovalDisallowed": True,
"PayloadScope": "System",
"PayloadType": "Configuration",
"PayloadUUID": generate_payload_uuid(),
"PayloadVersion": 1}
content = plistlib.dumps(configuration_profile_data)
return "com.google.santa.zentral.mobileconfig", content.decode("utf-8")
def build_payload(payload_type, payload_display_name, suffix, content, payload_version=1, encapsulate_content=False):
payload = {"PayloadUUID": generate_payload_uuid(),
"PayloadType": payload_type,
"PayloadDisplayName": payload_display_name,
"PayloadIdentifier": get_payload_identifier(suffix),
"PayloadVersion": payload_version}
if encapsulate_content:
# for scep, certificates TODO: what else ?
payload["PayloadContent"] = content
else:
payload.update(content)
return payload
def build_profile(display_name, suffix, content,
payload_type="Configuration", payload_description=None,
sign=True, encrypt=False):
profile = {"PayloadUUID": generate_payload_uuid(),
"PayloadIdentifier": get_payload_identifier(suffix),
"PayloadVersion": 1,
"PayloadDisplayName": display_name,
"PayloadType": payload_type, # Only known exception: "Profile Service"
"PayloadContent": content}
if payload_description:
profile["PayloadDescription"] = payload_description
data = plistlib.dumps(profile)
if sign:
data = sign_payload_openssl(data)
return data
def build_payload(display_name,
suffix,
content,
payload_type="Configuration",
payload_description=None,
merge_content=False):
payload = {
"PayloadUUID": generate_payload_uuid(),
"PayloadIdentifier": get_payload_identifier(suffix),
"PayloadVersion": 1,
"PayloadDisplayName": display_name,
"PayloadType": payload_type
}
if payload_description:
payload["PayloadDescription"] = payload_description
if merge_content:
payload.update(content)
else:
payload["PayloadContent"] = content
return payload
