This script:
- Checks if the Rocketman tool is installed.
- Retrieves the backdoor admin username from a managed preferences plist file and uses it to fetch the password from the keychain via Rocketman.
- Handles potential errors during password retrieval, providing specific error messages for different scenarios (e.g., no password set, unknown errors).
- Returns the result in a format suitable for Jamf Pro inventory data.
#!/bin/zsh
# Define the username of the backdoor admin account
BreakglassAdminUsername=$(defaults read "/Library/Managed Preferences/tech.rocketman.breakglass.plist" shortName)
# Check if rocketman (RCC) is installed
if ! command -v rocketman &>/dev/null; then
echo "<result>RCC Not Installed</result>"
exit 0
fi
# Retrieve the password from the keychain
BreakglassAdminPassword=$(rocketman GetBackdoorAdminPasswordFromKeychain --shortName "${BreakglassAdminUsername}" 2>/dev/null)
exitCode=$?
# Evaluate the result
if [[ $exitCode -eq 0 && -n "$BreakglassAdminPassword" ]]; then
# Successfully retrieved password
echo "<result>$BreakglassAdminPassword</result>"
elif [[ $exitCode -eq 1 ]]; then
# Tool indicates no password set
echo "<result>No Backdoor Admin Password Set</result>"
else
# Any other non-zero exit code is considered an unknown error
echo "<result>Other Error Occurred</result>"
fi