i want to startup an application (.app) at startup in a GUEST ACCOUNT in mac(snow leopard). THe app disables all shortcuts and dock as well(using kiosk). The user must enter a token number to login . I have made the app but i cant force every other service to stop . If i put it in boot sequence through system->services, the app does not come at front. instead it is launched but is in the doc and i have to left click it to launch it in front. :(
(i want to do this programmatically by editing the boot sequence of mac OS )
Problem is I used kiosk and it only works when my application is in front.
So i need to perform this that i cant figure out.
1) run my app only(after login and NO OTHER SERVICE) and rest of the mac should boot once my app has exited.
Thanks in advance
for any help that u can provide
I already tried to tell you in your previous question that you are probably going the wrong way. If you put something into a user´s login items, it can easily be deactivated by holding "shift" while logging in (which you probably do not want); also, completely hacking your Mac OS Startup routine (if it can be done) is a bit too much in my eyes.
You should seriously consider
using a login/policy banner (realised for example here) which would pop up over the loginwindow (so a user has to agree)
using a loginwindow hook combined with a logout hook to change the user password (e.g. based on a hidden password-list and using dscl -passwd or pwpolicy) once the user logs out. This way you should be able to generate passwords based on a list and validate them (token system)
Yours, Asmus
P.S.: on your previous question you commented on mipadi´s answer that you have found a great link, thought it´s missing. Could you maybe add this, as this might be interesting for other people in the future.
Related
I have a unique requirement, I have setup a PC which would auto login to a particular user id say 'autologinuser', when ever we switch on the PC it would automatically logs into 'autologinuser' as configured.
During the login, it would show which using is getting logged in with welcome text under it.
I would like to hide the user name and don't want to visible during auto login process, only windows text should be visible.
Can this be possible?
Thanks & Regards,
-Anil Katta
Looks like windows operating system don't provide this feature at this point of time, and there is no specific registry to do so.
May be this feature good to expect in future releases.
I'm writting remote login app and I want to include the possibility to start new GUI session for different user. Goal is similar to what is done on Screen Sharing.app when user (different than already logged in) is connected - he can create new desktop without messing with session currently displayed. Is there an API for this? Maybe could You give me some useful links? I can't find anything to point me to the right direction so far.
Edit:
I am already able to connect to running "background" GUI sessions. Now I want to have a possibility to create session for user which is not logged in yet.
Edit: Spawning loginwindow under WindowServer process will also do the trick. When only one user is logged in, loginwindow process is terminated. Additionally - maybe there's a possibility to prevent loginwindow termination?
Edit:
I've tracked down function from private API which executes new loginwindow process under WindowServer and it works OK. Function is called CGSCreateLoginSessionWithDataAndVisibility, the problem is - this is private function I don't know what parameters it takes. Now I call it like this:
CGSSessionID outSession = 1;
CGSCreateLoginSessionWithDataAndVisibility(&outSession, NULL, false);
Does anyone know what arguments are used in CGSCreateLoginSessionWithDataAndVisibility or is there another way to achieve what I want?
Short of reverse engineering fast user switching and some hackage, I'm not too sure this could be accomplished. AFAIK there are not any public APIs other than some notifications and session states that can be observed for when the user switches users. Some info here on how to observe those notifications (you can do it through Cocoa or Carbon) and how to fetch the current sessions information.
Hope this helps, sorry for not being more helpful!
I'm trying to override the default login/lock screen in OS X to allow the user to login in other way than providing a password (think fingerprint scanner or how "Knock to unlock" works), and I'm looking for a way to do it for hours now - all I found that looks useful is the Authorization Plugin ADC reference and this example: https://developer.apple.com/library/mac/samplecode/NameAndPassword/Introduction/Intro.html#//apple_ref/doc/uid/DTS10004022
This NameAndPassword xcode project is a little outdated, but I managed to build it simply by specifying the Base SDK (there was a hardcoded wrong path), then I put the resulting .bundle file into /Library/Security/SecurityAgentPlugins directory. Nothing changed after I locked my screen, but I know I need to add the authorization role to /etc/authorization file, which I know no longer exists in Mavericks (there is this auth.db file and the whole auth API), but I'm therefore stuck here - I don't know how to put NameAndPassword inside this database.
Please let me know how do I do it right, or if you know some other way to achieve my goal.
I found a way to edit the database - at first, I tried direct /var/private/db/auth.db sqlite modifications, but it didn't work, so after some time I managed to do this easier than I thought I will:
security authorizationdb read system.login.console > outfile.plist
After this, you need to modify the resulting outfile.plist as it's said in the NullAuthPlugin readme:
<key>mechanisms</key>
<array>
<string>NameAndPassword:invoke</string>
(the last line is the one you need to add to the file).
Then, to save it to the database:
security authorizationdb write system.login.console < outfile.plist
Then the changes should be visible on any login/lock screen of your system, but be careful!
You will not be able to authenticate with current version of NameAndPassword example!
Be sure to estabilish a working SSH connection to your Mac before you modify the database, so you will be able to revert the changes using other device (just repeat the db modification process but this time remove the line you added before).
I am building an application that simulates user input (command+c and command+v). Before sandboxing it, everything worked fine, but now I am getting these errors from the console:
Firstly, when I fire it up:
5/27/13 1:35:11.980 AM appleeventsd[54]: A sandboxed application with pid 5343, "CopyBoard" checked in with appleeventsd, but its code signature could not be validated ( either because it was corrupt, or could not be read by appleeventsd ) and so it cannot receive AppleEvents targeted by name, bundle id, or signature. Error=ERROR: #100013 { "NSDescription"="SecCodeCopyGuestWithAttributes() returned 100013, -." } (handleMessage()/appleEventsD.cp #1755) com.apple.coreservices.appleevents.peer.0x7fa9b0411260.xpcq
Then, when I try to simulate command+c, I get:
5/27/13 1:52:22.980 AM WindowServer[85]: post_filtered_event_tap_data: Sender is prohibited from synthesizing events
5/27/13 1:52:23.000 AM kernel[0]: Sandbox: sandboxd(6515) deny mach-lookup com.apple.coresymbolicationd
5/27/13 1:52:24.252 AM sandboxd[6515]: ([5343]) CopyBoard(5343) deny hid-control
I'm looking for a solution that would allow me to copy and paste globally in a sandboxed environment. Is it possible that the Accessibility API is a good answer? Has my problem got anything to do with how I'm simulating user input? I'm very confused, thank you very much for helping.
The sandbox is designed to prevent exactly what you seem to be trying - allowing an application to simulate a user is defined as a security issue. If you have a narrow requirement which can be done safely you can submit it to Apple thorough bug reporter as an needed improvement to the sandbox.
The Accessibility API is not supported in general for this reason - no playing with other apps! This did not go down so well with all the developers which used it...
You can use AppleEvents in limited constrained circumstances and with the appropriate entitlements.
You'll probably need to go to developer.apple.com and read all the documents/view videos/etc you can find to see if what you wish is going to be possible.
The only point of hope I can offer you is that the sandbox is a moving target, so you may find you can do more than the above suggests. Go read. Good luck.
I am taking photo by invoking the camera, and as many have explained I get back to the app using...
EventInjector.KeyEvent inject = new EventInjector.KeyEvent(EventInjector.KeyEvent.KEY_DOWN, Characters.ESCAPE, 0);
inject.post();
inject.post();
... in a FileSystemJournalListener.
This works on the simulator but does not on my device (Bold 9900). How do I set the permission for the app programatically so that this will work on a device without the user having to set permissions manually?
Cheers
You have to test for the permissions you have, then request the ones you don't have but need. Here's a hint. Don't be a shmuck like so many other app developers. Ask for permissions on first run and take what you're given. If you aren't given a permission that you need inform the user that you can't run without that permission, and give them the option of going through your permission dialog again. If you don't get a permission which is not critical, and InputSimulation is far to dangerous a permission IMHO to be considered critical to put the camera away, run but inform the user (at the appropriate time) that s/he has to do some manual stuff. Like put the camera away after taking a picture.
The classes you will need to use are ApplicationPermission, ApplicationPermissionManager and ReasonProvider.