On 06/19/07 11:23 AM, "Doug Adams" <email@hidden> wrote:
> I have a script app which gets the account and password from a
> particular generic key from the Keychain at startup. When the
account
> and/or password is changed by the app, the _next_ time the script is
> run Keychain asks for permission to access. All OK when "Allow Once"
> or "Always Allow" button is clicked. When "Deny" is clicked,
Keychain
> Scripting freezes and app does not proceed.
>
> How do I catch the "Deny" button response?
>
> Here is the code I am using:
>
> --
> to get_keychain_info(k)
> my startKeychainScripting() -- Apple's routine to jump start
Keychain
> tell application "Keychain Scripting"
> launch
> tell current keychain
> repeat with this_key in (get every generic key)
> if (get service of this_key) is k then
> return {this_key's account, this_key's password}
> exit repeat
> end if
> end repeat
> return {"", ""}
> end tell
> end tell
> end get_keychain_info--
>
> Any thoughts appreciated.
>
> Cheers,
> Doug
> --
> Doug's AppleScripts for iTunes
> http://www.dougscripts.com/itunes/
This isn't pretty. It makes you enter a password then gives you 20
seconds no matter what button you push.
set tmpfile to "/tmp/execme"
set process_name to "Keychain Scripting"
set dscript to "ps -Ac | egrep" & space & quoted form of
process_name & space & "| awk '{print $1}'"
set Process_id to (do shell script dscript)
--do shell script "kill" & space & Process_id
set shell_kil_command to "kill" & space & Process_id
do shell script "pwd" with administrator privileges
set theShellScript to "sleep 20
sudo" & space & shell_kil_command
do shell script "echo " & quoted form of theShellScript & " > "
& tmpfile
do shell script "chmod +x" & space & tmpfile
do shell script tmpfile & space & "> /dev/null 2>&1 &" with
administrator privileges
get_keychain_info(k)
--
Laine Lee
Thanks Laine. Very interesting and not pretty :) But also not quite
what I'm looking for. The snippet you posted first asks for Admin
privs and then asks for permissions to the key, which adds more user
interaction to my pile than I think is necessary. Also, it didn't
beat the freeze after hitting "Deny".
What I believe should happen after a user clicks "Deny" is that an
empty list should be returned (or something nullish) from my handler,
instead of the actual {account, password} list, and then Keychain
Scripting should be quit to lose that Deny/Once/Always dialog. As it
is now, during experiments, I have to force quit Keychain Scripting
from Activity Monitor when Deny is clicked.
As an aside, short of changing a key's Access Control manually (to
"Allow all apps to access this item"), can UNIX "security" help? I
haven't found it to be much use in this case yet, really.
