Alright guys, so I have a script set up to turn off the "require password on wake" function when I am at home. It pings my phone to see if I am connected to the network, and if not turns on lock to wake. So:
try
do shell script "ping -c2 X.X.X.X"
set theResult to the result
if theResult contains " 2 packets received," then
tell application "System Events"
tell security preferences
get properties
set properties to {require password to wake:false, require password to unlock:false}
end tell
end tell
end if
on error
tell application "System Events"
tell security preferences
get properties
set properties to {require password to wake:true, require password to unlock:true}
end tell
end tell
end try
end
This works just fine, however it asks to authenticate. I don't really want to use the enter text & return route, nor the clipboard route, because I don't want the password in the script... so is there a way to avoid the authentication?
If your goal is to enable/disable "password on wake" rather than to run that particular script without authentication, use either
tell application "System Events"
set require password to wake of security preferences to true
end tell
or
do shell script "defaults write com.apple.screensaver -int 1"
and the same with "to false" and "-int 0" to turn the setting off. None of these require authentication, as they're simply changing a user-level preference (stored in
~/Library/Preferences/com.apple.screensaver.plist
on my system, though this is an implementation detail you shouldn't rely on).
What triggers the authentication dialog in your script is the other property, "require password to unlock", equivalent to the "Require an administrator password to access locked preferences" option in the "Advanced..." part of Security Preferences. Under the hood, this option is equivalent to changing a number of settings in the Authorization Services database,
/private/etc/authorization
controlling whether various system-wide preferences may be left unlocked for unauthenticated changes.
System Events does appear to have a (less serious) bug, however: on my systems, setting "require password to unlock" has no effect, whether I authenticate as an admin or not.
There are two parts to this answer:
there is no way to pass the password, either via the script or via GUI Scripting, to the SecurityAgent application, which is in charge of the prompt (that is by design), nor can you suppress it altogether; this being said,
you can ignore the prompt and dismiss the window without inputting a password – your property settings will be applied even in that case (tested on OS X 10.7.4).
Reported as a Security issue to Apple as rdar://11484075
UPDATE: Apple Product Security does not consider this a security issue, but the bug itself is still tracked (I’ll have to guess, as it is closed as duplicate of another radar, which is not available on Openradar, but I’d expect the spurious dialog appearing to be the issue Apple has its eyes on).
Related
I tried to make an Applescript to enable the "Web Proxy" and "Secure Web Proxy" option in the "advanced.." menu of the "Network" settings in System Preferences.
Here's my applescript so far..
tell application "System Preferences"
activate
set current pane to pane "com.apple.preference.network"
end tell
tell application "System Events"
tell application process "System Preferences"
tell window "Network"
click button "Advanced…"
tell tab group 1 of sheet 1
click radio button "Proxies"
tell group 1
//what to do here to change Web Proxy and Secure Web Proxy Checkboxes?
end tell
end tell
end tell
end tell
end tell
I cannot change the value of the "Web Proxy" and "Secure Web Proxy" settings because, they have no title as shown by Accessibility Inspector.
Is there any other way to enable/disable the checkboxes using an Applescript similar to the one I have tried above?
There is a command line tool called "networksetup" at /usr/sbin/networksetup. I haven't used it much but looking at the man page for it there are several things regarding proxies. Here's a couple I see...
[-getwebproxy networkservice]
[-setwebproxy networkservice domain portnumber authenticated username password]
[-setwebproxystate networkservice on | off]
[-getsecurewebproxy networkservice]
[-setsecurewebproxy networkservice domain portnumber authenticated username password]
[-setsecurewebproxystate networkservice on | off]
So a "do shell script" command using these should do the job. Unfortunately I can't help you with the specific commands but good luck.
By the way, down in the examples on the man page it shows these...
networksetup -setwebproxy "Built-in Ethernet" proxy.company.com 80
networksetup -setwebproxy "Built-In Ethernet" proxy.company.com 80 On authusername authpassword
I'm trying to send the spacebar key to an application without activating it first. The following code almost does what I want but it brings the application to the foreground first.
tell application "X"
activate
tell application "System Events" to key code 49
end tell
I don't think you can send a keystroke to an inactive application, but you can hide an app immediately after activating it and executing code for it. This does however, cause the app to briefly flash before it hides.
tell application "System Events"
tell application "X" to activate
key code 49
set visible of process "X" to false
end tell
Sending a keystroke can basically be seen as using a keyboard, but the only difference is that the keys that need to be pressed are already predefined. The rest of the process revolving around this doesn't change. This means that the application itself still needs to be opened and activated before you can actually send keystrokes to it.
Depending on the application however, it might be possible to use certain Applescript functions in the application's API to send different inputs to the application without having to activate it first. Take the Messages API for instance:
tell application "Messages"
set theBuddy to buddy "someone#mac.com" of service "iMessage"
send "Hi there" to theBuddy
end tell
How about deactivating it afterwards?
activate application "X"
tell application "System Events" to key code 49
activate me
Position is offscreen to prevent it from flashing where the user can see it or reduce its opacity.
There are courses of investigation.
If the application is one you have developed yourself you have the following options:
*simply have a public property exposed and set that to the key you want to send it.
*have your application polling a folder for a file and you send your instructions via that.
With a windows API hook of some type you can get control of the application without activating it. I am pretty certain if I put my mind to it I could take control of anything on the computer.
In simple terms think out of the box, it does not necessarily need to be a key press you send, you just want to instruct it to do something. There is loads of options Interface Marshalling, Interops, OLE, DDE, looks like I have turned up on this site just in time!
In Mac OS, I've created a few AppleScripts to add and remove start up applications (Login Items, under the Accounts system pane).
#!/bin/bash
/usr/bin/osascript -e "tell application \"System Events\" to make new login item with properties { path: \"$1\", hidden:false } at end"
Usage would be like this:
./addloginitem.sh /Applications/TextEdit.app
I'm curious if it's possible to have startup items that use arguments? I have a program that I would like to pass a "startup" argument to if it is running directly after a login.
It is possible however not by using "Login Items". You can use launchd to run commands when you login. It's a little complicated to use compared to login items but they're much more flexible and can do as you request. Just google for launchd instructions, setup the required plist file, and you'd have a powerful method for launching things at login.
I have a Mail rule set up to launch the following applescript:
using terms from application "Mail"
on perform mail action with messages theMessages for rule theRule
tell application "Mail"
-- do stuff, including...
CheckAddressBook(theName, theAddress)
end tell
end perform mail action with messages
end using terms from
on CheckAddressBook(theName, theAddress)
tell application "Address Book"
-- do stuff
end tell
end CheckAddressBook
Whenever this mail rule executes, it launches address book. Its not activated, but it suddenly shows up on my desktop. My question is, can tell blocks be instructed to launch the application silently, and quit when complete?
AppleScript can't control an application without it running. That's just the way it works. There are other methods you might use to access the Address Book database without launching the application, but if you're using AppleScript to get data from your Address Book database the application has to launch. My recommendation would be to simply add a quit command as suggested by Fábio.
To read the Address Book Database without launching "Address Book.app" I´d suggest to have a look at the command line tool "contacts" available for free here. You would then run it from Applescript like do shell script "/usr/bin/contacts Peter" and handle the values returned.
I'm looking for a way to dump (export) the contents of an OS X keychain into a file that I can easily process elsewhere, such as tab-delimited plaintext or something of the sort.
The Keychain Access app does not offer any such functionality, and getting a key's data involves opening each in turn, and having to type in the keychain's password to see the password stored with the key, every time.
After a bit of digging, I found somebody's solution by using AppleScript and the Keychain Scripting app to access keychains (can't link to individual post; scroll down about two thirds to the end of the page):
http://discussions.apple.com/thread.jspa?threadID=1398759
Using Keychain scripting, you can access all data fields of all the keys – including the plaintext password! – and it's fairly easy to dump this data into a text file etc. I've tested it and it works well.
However, this solution still involves having to confirm access to each key by clicking OK on a dialog. This is much better than having to type in the keychain's password every time, but it's still irritating. Furthermore, you have to confirm access twice for each key; once for Script Editor (or the script itself if it's running as an app) and once for Keychain Scripting. So, if you're processing a keychain with 100 keys, you have to manually click OK on 200 dialogs.
I'm now looking for a solution to get around this. I realize that as it's the purpose of keychains to safeguard the sensitive data and prevent precisely the kind of thing I'm trying to do, any such solution would probably involve some kind of hack.
I'd be very interested in your ideas!
Allright, I'm stupid. There's a command-line tool called security that does just this (and lots of other actions on keychains).
An example usage:
security dump-keychain -d login.keychain
This will dump all the data in the login.keychain (the default keychain for a user) as plaintext, including the passwords. You still have to confirm access , but only once for each key, and it's much faster than (and doesn't throw weird errors when trying to access certain fields) using AppleScript. And it's no hack.
Without the -d option, it will dump all the fields except for the password.
The dumped data for a key looks like this (for an internet key; program keys and certificates have other fields, but the format is the same):
keychain: "/Users/<username>/Library/Keychains/login.keychain"
class: "inet"
attributes:
0x00000007 <blob>="tech.slashdot.org (<username for this web login>)"
0x00000008 <blob>=<NULL>
"acct"<blob>="<username for this web login>"
"atyp"<blob>="form"
"cdat"<timedate>=0x32303038303432333038323730355A00 "20080423082705Z\000"
"crtr"<uint32>=<NULL>
"cusi"<sint32>=<NULL>
"desc"<blob>="Kennwort des Web-Formulars"
"icmt"<blob>="default"
"invi"<sint32>=<NULL>
"mdat"<timedate>=0x32303038303432333038323730355A00 "20080423082705Z\000"
"nega"<sint32>=<NULL>
"path"<blob>=<NULL>
"port"<uint32>=0x00000000
"prot"<blob>=<NULL>
"ptcl"<uint32>="http"
"scrp"<sint32>=<NULL>
"sdmn"<blob>=<NULL>
"srvr"<blob>="tech.slashdot.org"
"type"<uint32>=<NULL>
data:
"<the plaintext password for this key>"
Please read this: https://gist.github.com/rmondello/b933231b1fcc83a7db0b
Ignore:-----
I found a sollution to the "Always Allow" dialog in each key!
Just run the previous command with sudo.
sudo security dump-keychain -d login.keychain
This way you'll only need to enter your password two times. One on the Terminal to sudo and another to unlock the keychain! ;)
Have a nice day!
Update, there is now a tool that does this nicely:
Keychaindump is a proof-of-concept tool for reading OS X keychain passwords as root. It hunts for unlocked keychain master keys located in the memory space of the securityd process, and uses them to decrypt keychain files.
Source: https://github.com/juuso/keychaindump
Actually I was just looking for the same:
Modified applescript from github somebody posted. To be run in ScriptEditor and must be allowed in Preferences & Security.
set keychainPassword to "yourpasswordgoeshere"
tell application "System Events"
repeat while exists (processes where name is "SecurityAgent")
tell process "SecurityAgent"
delay 0.1
try
set value of text field 1 of window 1 to keychainPassword
click button "Allow" of window 1
end try
end tell
end repeat
end tell
You must click each window separetly in order to activate them. For that I used tool "murgaa auto clicker" I had known from runescape many years ago (http://www.murgaa.com/auto-clicker-mac/ seems still active). You just set shortcut for autoclicking (eg. Command+R) and set timer to 10ms and it works like charm.
Keysafe
Keysafe reads and decrypts Apple Keychain files. Use Keysafe to securely access your passwords and credentials without a Mac.
I wrote a tool called Keysafe to extract the contents of Keychain files. The tool is available on Mac, Windows, and Linux.
Keysafe is not free; a licence is required to fully decrypt a Keychain. Without a licence the contents are still extracted but the decrypted values are partially redacted and secure notes are not post-processed into RTFD files.
If you have a Keychain that does not "just work" with Keysafe, please get in touch. The Keychain format is expansive and finding edge cases is always interesting.
I found solution for not clicking "Allow" multiple times
sudo su
security dump-keychain -d /Users/YourUsername/Library/Keychains/login.keychain