Saturday, January 20, 2018

#1 2014-08-14 07:03:34 am

dajames
Member
Registered: 2014-07-04
Posts: 9

Script to fix Keychain issues in Mavericks

I have posted before on here with scripts I am working on to support a College coming up with some tools to manage Macs with some configuration scripts.

Anyone who has criticisms/comments for my script here, please: I'm glad to hear it.  I'm fairly new at this.

Basically, I wanted to come up with a way of fixing the annoying "login keychain needs access to your local items" which comes up.  I, myself, had the annoying problem of being pestered by keychain warnings after I changed my password on my account.  My account is a network account that is a local instance of a Windows Active directory account.  After my MacBook picked up the password change, it reflected it for the login, but I was being pestered constantly for the Keychain password which necessitated that I used the old password to "allow" access for various pieces of the Keychain.  Rather than fix it, I set about creating this script to create a tool which I hoped could work for any user.

This script first creates a folder on logged-in user's desktop, names it with specifics of the logged in user and puts a date on it.

It then goes into local user's Keychains, ~/Library/Keychains/ and specifically finds what should be the folder with the long alphanumeric name (which is always different, right?)  It dumps the keychain contents into a variable and looks at the first paragraph, which should be the alphanumeric folder.

It then uses the name of that first paragraph to pinpoint copying the alpha-numeric folder into the desktop backup folder.  Then it does a recursive, forced removal of that folder with the local settings.

The last thing I have yet to do is to also do a pop up reminder telling the user to reboot.

Obviously, this is removing Keychain items, so I consider it a highly dangerous experiment.

Applescript:


(*

Help from: [url]http://macscripter.net/viewtopic.php?id=24737[/url]
and from [url]http://macscripter.net/viewtopic.php?id=42880[/url]
*)



display dialog "We are going to trash your current Keychain" with icon note buttons {"groovy", "lol, whu? NO!"} default button 1 cancel button 2


set doshellresults to do shell script "ls -l /dev/console"
set punter to word 3 of doshellresults -- fancy way of setting punter to logged in user

set pittedDate to do shell script "date '+%Y%m%d'"
-- this is a variable that puts todays date in an ASCII friendly way
-- such as 20140812

-- we're going to trash keychain settings
-- but to be safe, I am putting them in a folder on the desktop
-- i'm calling the variable 'Dumpster'
set Dumpster to punter & "_keychain_" & pittedDate

tell application "Finder"
   set folderExists to exists of (container Dumpster of (path to desktop))
   if folderExists is true then delete container Dumpster
end tell
-- we are going to yank out the keychain and toss it in our temporary dumpster
-- if the dumpster folder exists, already, this command will delete it

try
   tell application "Finder"
       make new folder at (path to desktop as text) with properties {name:Dumpster}
   end tell
end try

delay 1

-- now's the unforgiving part

try
   set keyHole to do shell script "ls -1 ~/Library/Keychains/"
   -- ls with the switch -1 (that's number one) to avoid listing invisible items with dots at the beginning
   set gaGa to paragraph 1 of keyHole
   -- if all goes correctly, this should be the long argle bargle folder with all annoying local settings
   -- has to be without administrator privileges. I found doing it with admin privileges doesn't seem to to work correctly
end try



try
   do shell script "cp -R ~/Library/Keychains/" & gaGa & " ~/Desktop/" & Dumpster & "/" with administrator privileges
   do shell script "rm -rf ~/Library/Keychains/" & gaGa with administrator privileges
end try



Offline

 

#2 2014-08-14 07:37:24 am

StefanK
Member
From:: St. Gallen, Switzerland
Registered: 2006-10-21
Posts: 11483
Website

Re: Script to fix Keychain issues in Mavericks

Hi,

there are some things which can be accomplished much easier and faster with pure AppleScript rather than using a shell script

Applescript:


set doshellresults to do shell script "ls -l /dev/console"
set punter to word 3 of doshellresults -- fancy way of setting punter to logged in user

is the same as

Applescript:

set punter to short user name of (system info)

This

Applescript:


try
   set keyHole to do shell script "ls -1 ~/Library/Keychains/"
   set gaGa to paragraph 1 of keyHole
end try

can be replaced with

Applescript:


set keychainFolder to path to keychain folder
try
   tell application "Finder" to set gaGa to name of first folder of keychainFolder
end try

As the desktop folder is the default location of the Finder you can replace

Applescript:


tell application "Finder"
   set folderExists to exists of (container Dumpster of (path to desktop))
   if folderExists is true then delete container Dumpster
end tell
try
   tell application "Finder"
       make new folder at (path to desktop as text) with properties {name:Dumpster}
   end tell
end try

with

Applescript:


tell application "Finder"
   if exists folder Dumpster then
       delete every item of folder Dumpster
   else
       make new folder with properties {name:Dumpster}
   end if
end tell

If the folder exists, all items in the folder are deleted instead of deleting and recreating the folder


regards

Stefan

Offline

 

#3 2014-08-14 08:23:05 am

dajames
Member
Registered: 2014-07-04
Posts: 9

Re: Script to fix Keychain issues in Mavericks

All of those edits work wonderfully.  Thanks for your help!

Cheers,

Ð

Offline

 

Board footer

Powered by FluxBB

RSS (new topics) RSS (active topics)