Applescript confirm sudo password in ssh connection - applescript

I´m opening a ssh connection to an Ubuntu Box with applescript. How can I provide the sudoer password asked by apt:
tell application "Terminal"
set currentTab to do script ("ssh -p" & pnumber & " " & user & "#localhost;")
delay 2
do script ("sudo apt-get update") in currentTab
-- start provide here password for sudo
-- this ends in keystroke cannot be read
keystroke "password"
keystroke return
-- end provide password
do script ("exit;") in currentTab
end tell

try
set resultText to (do shell script "apt-get update" with administrator privileges)
on error e number n
tell application (path to frontmost application as text )
display alert "Something went wrong: " & e & " nr: " & n
end tell
error number -128
end try
tell application (path to frontmost application as text)
display alert resultText
end tell
You'll have to add the full path to apt-get in the do shell script. If you insist of running it in the terminal, then you'll have to write an expect script.

No need for password. Setup a secure RSA key and you will never have to do it again. Then your Applescript will run without a password.
https://help.ubuntu.com/community/SSH/OpenSSH/Keys

Related

How can I retrieve the contents of an iTerm session with Applescript?

I am working on an Applescript to make logging into 2-factor authentication domains a little easier. Long story short, instead of using delays and sending text, I'd like to poll the contents of the current session and enter usernames/passwords/tokencodes as soon as the prompt for them appears. Luckily, iTerm v3.X has a bunch of cool AppleScript stuff:
https://www.iterm2.com/documentation-scripting.html
But I'm having a lot of trouble reading the contents of the terminal session. Here's what I've got so far:
on run
# Start or activate iTerm
tell application "iTerm"
activate
tell the first window
# Create a new tab, which will create a new session inside
set newTab to (create tab with default profile)
tell newTab
# Since we just created the tab, there should only be one session right now.
repeat with aSession in sessions
tell aSession
delay 3
#set myvar to (tty)
#set myvar to (text)
set myvar to (contents)
#do shell script "echo " & myvar & " >> ~/some_file.txt"
#write text (contents)
end tell
end repeat
end tell
end tell
end tell
return myvar
end run
As you can see, I've tried several different things, "contents" seemed like the most promising solution according to the documentation, but crazy stuff comes out, like this:
session id "0986F3BD-D2AF-480F-B517-AB7A43B2A0C4" of tab 3 of window id "window-1" of application "iTerm"
What is this stuff? Why don't I see what I expect, which is something like this:
Last login: Fri Jun 10 18:18:22 on ttys001
me#MacBook-Pro:~|⇒
I got this to work for a good 3-5 times in a row, but as soon as I edited my script again, it started returning that session ID stuff. At that point, I decided that applescript or iTerm's applescript API is just too opaque. I hammered out a workaround that actually seems to work pretty well, here it is for anyone who comes after me:
on grepCountsFor(searchString)
set terminalContents to my getContents()
log "terminal contents: " & terminalContents
set oneline to ""
set allRecords to paragraphs of terminalContents
repeat with aRecord in allRecords
if length of aRecord is greater than 0 then
set variable to aRecord
log "variable: " & variable
set oneline to oneline & variable
end if
end repeat
log "oneline: " & oneline
set command to "echo \"" & oneline & "\" | grep -o \"" & searchString & "\" | wc -l"
log "command: " & command
set counts to do shell script command
return counts as number
end grepCountsFor
on getContents()
#iTerm needs to be in the front for key presses to register.
my waitForWindow("iTerm")
# Mush buttons in the app
tell application "System Events"
keystroke "a" using command down
keystroke "c" using command down
set sessionContents to do shell script "pbpaste"
end tell
return sessionContents
end getContents
# Waits for a window to come into focus
on waitForWindow(appName)
# Poll until "appName" is the active window
set activeApp to "noApp"
repeat until activeApp is appName
set activeApp to (path to frontmost application as Unicode text)
# If the active app name does not contain the target,
# try to activate it again.
if appName is not in activeApp then
tell application appName
activate
end tell
else
# Done
exit repeat
end if
delay 0.1
end repeat
end waitForWindow

How to ensure Applescript dialog focus in OS X 10.10 (Yosemite)?

Before OS X 10.10 (Yosemite), I could ensure an applescript dialog had focus by telling the "current application" to activate:
tell current application
activate
set output to (do shell script "printf '" & hostsLine & commentString & "' >> /private/etc/hosts" with administrator privileges)
end tell
This would bring the password dialog to the front to type in. The dialog no longer appears with focus in Yosemite and you have to click on it before you can type.
Searching on stack exchange and elsewhere hasn't provided any solutions/workarounds.
Does anyone have a way that works in OS X 10.10?
UPDATE 1: In case anyone else runs into this problem, it appears to be a new sandboxing issue. A non-password dialog box gets focus properly. In fact, a non-password dialog before the "with administrator privileges" password dialog will cause the password dialog to also have focus. I added a dialog to confirm Safari was still the front app while testing and discovered this. As a workaround, I have added a preceding dialog with timeout of 1 (second) until a better solution can be found.
tell me -- alternate method: tell current application
activate
display dialog "Trying to get focus…" with title "Can't focus in Yosemite" buttons {"Cancel", "Idle"} cancel button "Cancel" giving up after (1)
set output to (do shell script "printf '" & hostsLine & commentString & "' >> /etc/hosts" with administrator privileges)
end tell
Interestingly, BBedit's Authenticated Save helper script (for the MAS version of the app) uses a "with administrator privileges" password dialog. But it gets focus properly in Yosemite. Something different between a native app call to applescript vs. an Applescript tell command for an app to do so?
on documentShouldFinalizeAuthenticatedSave(theDocument, tempFilePath, destinationPath)
-- on input: tempFilePath points to the contents of the document written to a temp file, ready to move to the destination; destinationPath is where the file should be copied.
-- on exit: if the operation succeeded, delete the temp file (or else the application will assume the operation failed) and return YES for success
-- this is pretty straightforward: "cp tmpFilePath destinationPath"
do shell script "cp" & " " & quoted form of tempFilePath & " " & quoted form of destinationPath with administrator privileges
-- now remove the temp file, this indicates to the application that we did the work
do shell script "rm" & " " & quoted form of tempFilePath
return true
end documentShouldFinalizeAuthenticatedSave
UPDATE 2: If anyone is curious, this part of a Safari helper script for my wife to block spammy popup ad sites like mackeeper.zeobit.com that have modal dialog boxes. Editing /etc/hosts was a little too complicated/daunting and she wanted a turnkey solution. I can post the whole script if there's interest. It works fine under 10.9, but the focus for password issue is annoying in 10.10.
You could try... Tell me instead of Tell current application. "Tell me" basically tells the applescript to activate and run the "do shell script" command. This makes more sense. "do shell script" is an applescript command so it makes sense to ask applescript to run it. Maybe this will help with your problem.
Good luck.
Personally, I would remove the need to enter a password. The simplest way to do this is to append the following line to the /private/etc/sudoers file.
wife_user_name ALL=(ALL) NOPASSWD:ALL
To remove the need for a password for all Administrator accounts, change the following line in the /private/etc/sudoers file from
%admin ALL=(ALL) ALL
to
%admin ALL=(ALL) NOPASSWD: ALL
Next, change your applescript line from
set output to (do shell script "printf '" & hostsLine & commentString & "' >> /private/etc/hosts" with administrator privileges)
to
set output to (do shell script "sudo printf '" & hostsLine & commentString & "' >> /private/etc/hosts")
Changes to the /private/etc/sudoers file can be accomplished by using the Terminal and TextEdit applications. Open the Terminal application and type the following commands:
cd ~/desktop
sudo cp -n /etc/sudoers /etc/sudoers.orignal
sudo cp /etc/sudoers sudoers.txt
sudo chmod ug+w sudoers.txt
open sudoers.txt
visudo -c -f sudoers.txt
sudo cp -X sudoers.txt /etc/sudoers
When done, the sudoers.txt file on your desktop can be put in the trash.
To undo your changes, use the command:
sudo cp /etc/sudoers.original /etc/sudoers
This was tested using OS X 10.10.1
Below is a brief explanation of what each command does:
cd ~/desktop
This makes sure you are working from your desktop folder.
sudo cp -n /etc/sudoers /etc/sudoers.original
This backups your sudoers file. The backup can be used to undo your changes. The -n option insures that an existing sudoers.original file will not be overwritten.
sudo cp /etc/sudoers sudoers.txt
Copies the sudoers file to your desktop. The .txt extension is added so OS X will know this is a text file.
sudo chmod ug+w sudoers.txt
Changes the file’s permissions to allow write access.
open sudoers.txt
Opens the file in the TextEdit application. You need to edit the file and save the changes.
visudo -c -f sudoers.txt
Checks the edited file for syntax errors. The output should be sudoers.txt: parsed OK.
sudo cp -X sudoers.txt /etc/sudoers
Copies the file back to the /etc directory.
I stumbled upon this post trying to get the password dialog to get focus in an Alfred script that I am working on. I finally got it to work reliably by adding tell me to activate prior to my shell command. The resultant script was:
tell me to activate
do shell script "<command>" with administrator privileges
Hope this works for you.
2015-01-08 Edit
Mike, I understand your question as: "I have an AppleScript with a do shell script that asks for an admin password, but I have to click on the password dialog before I can type in it. How can I ensure the dialog has focus, saving me the nuisance of clicking it?"
My response to you is: "What if your AppleScript never asked for a password in the first place? Wouldn't you be happier?"
If so, then here's a solution. That question demonstrates how you can bypass the dialog by supplying a password parameter along with the with administrator privileges parameter.
Ok, Mike this is my second try at an answer.
Instead of using
tell current application
activate
set output to (do shell script "printf '" & hostsLine & commentString & "' >> /private/etc/hosts" with administrator privileges)
end tell
as you proposed at the start of your above question, try using
tell current application
activate
tell me to set output to (doShellScript for "printf '" & hostsLine & commentString & "' >> /private/etc/hosts" with administratorPrivileges)
end tell
where the doShellScript handler would be
on doShellScript for command as text given administratorPrivileges:adminPriv as boolean : false
if adminPriv then
set message to (name of current application) & " wants to make changes. Type your password to allow this."
set again to ""
set pw to ""
set icn to 1
repeat
set fullCommand to "printf '%s\\n' " & (quoted form of pw) & " | sudo -p '' -S " & command
try
return do shell script fullCommand
on error eStr number eNum partial result rList from badObj to expectedType
set errorMessage to "Sorry, try again." & return & return & "sudo: 1 incorrect password attempt"
if eStr ≠ errorMessage or eNum ≠ 1 then
error eStr number eNum partial result rList from badObj to expectedType
end if
end try
set actual to again & message
set values to display dialog actual default answer "" with icon icn with hidden answer
set again to "Sorry, incorrect passord. Try again." & linefeed
set pw to text returned of values
set icn to 2
end repeat
end if
return do shell script command
end doShellScript
An example dialog is shown below.
Your application name and icon will be different. The main thing is that the focus will be on the password text box when the dialog pops up.
dave.
I had a similar issue for which I had an applescript execute a continuous ping in Terminal, and then a dialog box would pop up in order for user to click OK to kill that ping and start a different one. The issue was similar as the dialog box kept showing behind the Terminal window. As I would have to execute this script numerous times in an urgent situation with very limited time, this was very annoying. I was finally able to resolve it by telling System Events to wait 1 second after it starts the continuous ping, and then keystroke CMD+Tab to switch back to the running script before opening the dialog box. The CMD+Tab initially only intermittently resolved it until I added the delay 1.
Example of issue:
tell application "Terminal" to do script pingCommand
set userDialog to display dialog "Client Connection Test Completed" buttons {"Ping Server", "Cancel"}
With above code, the dialog would always come behind the Terminal window.
Example of resolution:
tell application "Terminal" to do script pingCommand
delay 1
tell application "System Events" to key code 48 using {command down}
set userDialog to display dialog "Client Connection Test Completed" buttons {"Ping Server", "Cancel"}
I was facing the same problem, and created a solution that would bring my applet's dialog to the front.
I wrote a function called ActivateMe() that replaces the "activate" or "tell me to activate" commands that would proceed the "display dialog" command.
This function gets the current process name, and then executes the following AppleScript commands via a shell script.
delay 0.1
tell application "System Events"
set frontmost of process \"" & processName & "\" to true
end tell"
Here's the function. Enjoy.
on ActivateMe()
set myPath to path to me as text
if myPath ends with ":" then
set n to -2
else
set n to -1
end if
set AppleScript's text item delimiters to ":"
set processName to text item n of myPath
if (processName contains ".") then
set AppleScript's text item delimiters to "."
set processName to text 1 thru text item -2 of processName
end if
set AppleScript's text item delimiters to ""
set a to "delay 0.1"
set b to "tell application \"System Events\""
set c to "set frontmost of process \"" & processName & "\" to true"
set d to "end tell"
do shell script "osascript -e '" & a & "' -e '" & b & "' -e '" & c & "' -e '" & d & "'"
end ActivateMe
Appears to be a bug in 10.10.x most likely due to sandboxing. Fixed in 10.11 (El Cap) as the unmodified script gets focus from the activate command once again like it did in 10.9 and earlier versions.

Applescript Execute Shell with Input and Admin Privileges

I'm trying to write an automator service to fire up virtualhost.sh in a terminal.
Using the Services context menu the dialog opens to ask for the name of virtual host, then runs an applescript to launch terminal and pass in the input text.
What I want is to pass in my username and password to admin privileges so that I don't need to pass it in the terminal with sudo.
This can be done with do shell script but that executes a bin/sh and the virtualhost.sh is a bash script so I get the error bin/sh: virtualhost.sh command not found
Alternately I can use do script with command but this doesn't allow me to pass in the user name and password.
My code looks like so:
on run {input, parameters}
set vhost to "virtualhost.sh " & input
tell application "Terminal"
activate
do shell script vhost user name "user" password "pass" with
administrator privileges
end tell
end run
This produces the bin/sh error previously mentioned.
With do script with command
on run {input, parameters}
set vhost to "virtualhost.sh " & input
tell application "Terminal"
activate
do script with command vhost user name "user" password "pass" with
administrator privileges
end tell
end run
This produces an escaping error: Expected end of line, etc. but found property.
Is there a way to do this correctly?
Not specifically familiar with AppleScript Studio, but you can do it in plain old AppleScript (which appears to have the same issue) if you provide a full path to virtualhost.sh. (Also, Terminal is not required with "do shell script".) Example:
set vhost to "/usr/local/bin/virtualhost.sh " & input
do shell script vhost user name "user" password "pass" ¬
with administrator privileges
You can also extend $PATH (which is by default /usr/bin:/bin:/usr/sbin:/sbin with "do shell script") to include the path to virtualhost.sh, e.g.:
set vhost to "{ PATH=$PATH:/usr/local/bin; virtualhost.sh " & input & "; }"
do shell script vhost user name "user" password "pass" ¬
with administrator privileges
If you want a relative path, you can put virtualhost.sh inside the script application or bundle (e.g. in Contents/Resources), either in Terminal or by control-clicking and choosing "Show Package Contents". Then use "path to me":
set vhostPath to "'" & POSIX path of (path to me) & ¬
"/Contents/Resources/virtualhost.sh" & "'"
set vhost to vhostPath & space & input
do shell script vhost user name "user" password "pass" ¬
with administrator privileges
Per the comment on my other answer, I'm posting a secondary answer more in the spirit of that there's a will, there's a way, but it's a different, more dangerous approach. However, it's the only solution I can think of to this particular requirement (to get the interactivity of Terminal, but without having to prompt for an administrator password while running a script as administrator).
This solution runs Terminal as root, which is what do shell script "command" with administrator privileges does. This is dangerous because you have an open Terminal window with root access, so carefully weigh benefits against potential consequences of, say, opening a new Terminal window and being at the Bash prompt as root.
For this reason, the Terminal instance that is opened is killed upon completion of the script; if the "kill" command is removed, be aware you'll get multiple instances of Terminal, rather than multiple windows within the same instance.
No idea if this works in AppleScript Studio (it works in AppleScript Editor), but I can't think of any reason why it wouldn't.
set input to "some_input"
set vhost to "/usr/local/bin/virtualhost.sh " & input
set kill to ¬
"terminal_pid=$(</tmp/terminal_pid); rm /tmp/terminal_pid; kill $terminal_pid"
-- launch Terminal as root, and save its process ID in /tmp/terminal_pid
tell application "Finder" to set beforeProcesses to processes
do shell script ¬
"/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal " & ¬
"&> /dev/null & echo $! > /tmp/terminal_pid" user name "user" password ¬
"pass" with administrator privileges
-- wait until the new Terminal is confirmed to be running
tell application "Finder"
repeat while (processes is equal to beforeProcesses)
do shell script "sleep 0.5"
end repeat
end tell
-- Perform script in root Terminal window that we just opened,
-- and kill Terminal when done to prevent open root prompt
-- and multiple processes.
tell application "Terminal"
activate
do script vhost & "; " & kill
end tell
-- optional: wait until Terminal is gone before continuing
do shell script "while [[ ( -f /tmp/terminal_pid ) " & ¬
"&& ( \"$(ps -p $(</tmp/terminal_pid) -o%cpu='')\" ) ]]; do sleep 0.5; done"

Applescript to ping test each client prior to ssh connection

I'm trying to make an Applescript that connects to a list local ssh machines, with each connection opening in a new terminal window. Prior to attempting the ssh connection, I'd like to ping the client to see if it's available: if it is, run the ssh command, if not then iterates to the next client. When I run the script it seems to work for the first connection but then gives me --> error number -10004 for the remaining clients (and hangs the debugger). Any feedback would be greatly appreciated, thanks!
set hosts to {"10.2.0.199", "10.2.0.11", "10.2.0.91", "10.2.1.591", "10.2.0.41"}
set uname to {"asus_client01", "asrock_comp", "msi003", "gigabyte4", "intel05client"}
tell application "Terminal"
activate
repeat with i from 1 to the count of hosts
set this_uname to item i of uname --extract individual username
set this_host to item i of hosts as string --extract iPv4
set uname_host to this_uname & "#" & this_host
set hostUp to true
try
do shell script "ping -c 1 -t 5 " & this_host
on error
set hostUp to false
display dialog this_host & " seems to be down."
delay 2
end try
if hostUp then
do shell script "ssh " & uname_host
end if
end repeat
end tell
There is a difference between do shell script and do script. The difference is that do shell script is part of the standard script addition and will open an non-interactive shell, execute the given string, and return stdout back to you without any help from another application like Terminal. do shell script should never been used in any other tell application block except itself (me) because you violate some AppleScript securities you can find in AppleScript release and technical notes. do script command is part of AppleScript command in the application Terminal. do script will enter the given string in the targeted window and execute that like you have typed in Terminal yourself. do script is only supported by Terminal application and can't be used outside of it.
So it's either do shell script:
do shell script "ping -o stackoverflow.com
or do script by using the Terminal
tell application "Terminal"
do script "ping -o stackoverflow.com"
end tell
So the total script could look something like this:
set hosts to {"10.2.0.199", "10.2.0.11", "10.2.0.91", "10.2.1.591", "10.2.0.41"}
set uname to {"asus_client01", "asrock_comp", "msi003", "gigabyte4", "intel05client"}
--security check: hosts list can't be longer than uname
if (count of hosts) > (count of uname) then return
repeat with i from 1 to count hosts
repeat 1 times -- simulate continue
set currentAddress to item i of hosts
set currentHostname to item i of uname
if not ((do shell script "ping -o -t 5 " & currentAddress & "&>dev/null && echo yes || echo no") as boolean) then
exit repeat -- continue
end if
tell application "Terminal"
do script "ssh " & currentHostname
end tell
end repeat
end repeat

Why does this preinstall script just partly run?

I use PackageMaker to create an installation package. The following is my preinstall script to be called by Installer:
#!/bin/sh
/usr/bin/osascript <<EOF
tell application "System Events"
if exists (application process "Dictionary") then
tell application "Dictionary" to quit
end if
end tell
set theFolder to (path to library folder as text) & "Dictionaries:"
set fileNames to {"dict1.dictionary", "dict2.dictionary", "dict3.dictionary", "dict_n.dictionary"}
set dict to {}
repeat with aFile in fileNames
tell application "Finder"
if exists file (theFolder & aFile as text) then set end of dict to aFile & return
end tell
end repeat
try
tell application "System Events"
if dict ≠ {} then display alert "You have XYZ installed" message "Choose 'Upgrade' to install the new version or 'Cancel' if you want to stay with the current version." & return & dict buttons {"Cancel", "Upgrade"} default button "Upgrade"
if the button returned of the result is "Cancel" then
tell current application
set app_name to "Installer"
set the_pid to (do shell script "ps ax | grep " & (quoted form of app_name) & " | grep -v grep | awk '{print $1}'")
if the_pid is not "" then do shell script ("kill -9 " & the_pid)
end tell
end if
end tell
end try
EOF
This script works well in AppleScript Editor as well as in Terminal, i.e. it closes Dictionary app if it's running and force quits Installer if user chooses Cancel.
However, when called during the installation process, it just partly runs: it closes Dictionary app but bypasses force quitting Installer when Cancel button is chosen. Note that I have done chmod 755 the preinstall file.
What have I missed? What have I done wrongly? Can you please give a little help?
Thank you very much.

Resources