10 Replies Latest reply: Nov 16, 2011 6:58 AM by dermodyr
dermodyr Level 1 Level 1 (0 points)

Hi,

 

Ive been happily adding "generic" and "application" entries to my login keychain by running an applescript on the login script.

 

e.g.

 

set MyName to do shell script "whoami"

set ThePassword to ""

set A4 to "Y009P001"

set A3 to "Y009P002"

 

try

    set ThePassword to text returned of (display dialog "Please re-enter your password to connect to Shared Folders,  and Printers." default answer "" with hidden answer)

 

    do shell script "security add-generic-password -a MYDOMAIN" & "\\\\" & MyName & " -s " & A4 & " -w " & ThePassword & " -A"

    do shell script "security add-generic-password -a MYDMAIN" & "\\\\" & MyName & " -s " & A3 & " -w " & ThePassword & " -A"

 

    tell application "Finder"

        mount volume "smb://MYDOMAIN;" & MyName & ":" & ThePassword & "@nas-w403" & "/" & MyName

        mount volume "smb://MYDOMAIN;" & MyName & ":" & ThePassword & "@staffwx/staffcommon"

    end tell   

end try

 

However I really need to add a SMB "network" password to the login keychain but security command-line doesnt seem to support it.

 

Can anybody help me please


iMac, Mac OS X (10.7.2)
  • dermodyr Level 1 Level 1 (0 points)

    Anybody?

  • twtwtw Level 5 Level 5 (4,900 points)

    a couple of points:

     

    on Snow Leopard (I haven't looked at my Lion partition yet) security as an add-internet-password command.  Is this not what you're looking for?

     

    also, you need to decide whether you are writing a shell script or an applescript - constant use of do shell script is ugly code and introduces a lot of opportunities for breakage.  Both shell scripts and applescripts are fine, but trying to do both is a headache in the making.

     

    the applescript version looks like this:

     

    set MyName to short user name of (system info)

    set ThePassword to ""

    set A4 to "Y009P001"

    set A3 to "Y009P002"

     

    try

              set ThePassword to text returned of (display dialog "Please re-enter your password to connect to Shared Folders,  and Printers." default answer "" with hidden answer)

     

              tell application "Keychain Scripting"

                        set newKey to make new Internet key with properties {name:"SMB password 1 for some org", account:MyName, service:A4, password:ThePassword, protocol:SMB}

                        set newKey to make new Internet key with properties {name:"SMB password 2 for some org", account:MyName, service:A3, password:ThePassword, protocol:SMB}

              end tell

              mount volume "smb://MYDOMAIN;" & MyName & ":" & ThePassword & "@nas-w403" & "/" & MyName

              mount volume "smb://MYDOMAIN;" & MyName & ":" & ThePassword & "@staffwx/staffcommon"

    end try

     

    To make it a shell script write it as a shell script and run the display dialog command through osascript.

  • dermodyr Level 1 Level 1 (0 points)

    Hi tw,

     

    Thanks for your reply. Yes this is on Lion, on SL the Internet key seemed to work fine for me however now its a "network" key. I've tried your script above (eventually got Keychain Scripting app onto Lion) but I still get the same problem.

     

    Basically its a windows network printer Im connecting to. Here is a screenshot.

    The key on the left is the key I create though the script and the key on the right is the key I need to create.

     

    /___sbsstatic___/migration-images/167/16735288-1.png

  • twtwtw Level 5 Level 5 (4,900 points)

    Well, it's not a completely sound idea to import old utility apps into a new OS - results can be unpredictable. sorry, I hadn't realized that the new Keychain app (Keychain Access) dropped the applescript dictionary entirely.  Apple developers needing a head-smacking...

     

    at any rate, if it works, it works.  but either way, I think you're overthinking this.  the 'kind' field is just a text field.  in unix you specify its contents with the -D option

     

    -D 'network password'

     

    in Keychain Scripting use the description property:

     

    set newKey to make new Internet key with properties {..., description:"network password"}

  • dermodyr Level 1 Level 1 (0 points)

    Thanks for your help tw, Im very close. I think my final problem is the "where" field. You can see in the screenshots above that I need "smb://staffwx" but Im only getting "smb://"

     

    Can I set this through keychain scripting?

     

    Many thanks

  • twtwtw Level 5 Level 5 (4,900 points)

    add staffwx to the server key (-s staffwx in unix, the server:"staffwx" property in keychain scripting).  You've looked at the applescript dictionary, right? 

  • dermodyr Level 1 Level 1 (0 points)

    Agghh... Now it prompts

     

    "NetAuthAgent wants to use your confidential information stored in "staffwx" in your keychain. Do you want to allow access to this item?" Always Allow - Deny - Allow.

     

    I need to be able to set " Allow all applications to access this item" on this key through keychain scripting.

  • dermodyr Level 1 Level 1 (0 points)

    Ok I can set access control if I apply the -A flag to the shell script

     

    do shell script "security add-internet-password -a " & "\\" & MyName & " -s " & A4 & " -w " & ThePassword & " -D " & TheKind & " -A"

     

    However I cant seem to set the "where" attribute without changing the key name.

     

    So I tried to create the key using the shell script and then edit it through keychain scripting to add the "where" attribute tw showed me earlier. But it doesnt work.

     

        do shell script "security add-internet-password -a " & "\\" & MyName & " -s " & W403P001 & " -w " & ThePassword & " -D " & TheKind & " -A"

       

        tell application "Keychain Scripting"

            launch

            tell current keychain

                tell (some Internet key whose name is "W403P001") to set server to "staffwx"

            end tell

        end tell

     

    Any ideas anybody?

  • twtwtw Level 5 Level 5 (4,900 points)

    derm, you're starting to perplex me.  are you reading the man page at all?  the 'name' attribute defaults to the 'where' attribute unless you set it using the 'label' key (-l option).  I also don't understand why the backslash is getting thrown into the mix (a " & "\\" & MyName) - do all your account names begin with backslashes?

     

    at any rate, try something like this (and note the changes: multi-line string build so it's easier to see where errors creep in, avoiding variables except where they are strictly needed.  these things make debugging do shell script much easier).

     

    set cmd to "security add-internet-password"

    set cmd to cmd & " -a " & myname

    set cmd to cmd & " -l 'staff server'"

    set cmd to cmd & " -s staffwx"

    set cmd to cmd & " -r 'smb '"

    set cmd to cmd & " -w " & ThePassword

    set cmd to cmd & " -D 'network password'"

    set cmd to cmd & " -A"

     

    do shell script cmd

  • dermodyr Level 1 Level 1 (0 points)

    Thanks for your help and patience TW.

    The catcher was the "- r" setting.

     

    That worked great.