Xcode - Applescript app

Hi,
I’m trying to create an app that is required to edit a file within /Library/Preferences. I’d like to not include the admin username and pword within the app. Currently the app calls a shellscript to run to do the editing, what would be good if I could run the script with System privileges. Would anyone know of a way to do something of this nature?
I have read the xcode “Performing Privileged Operations With Authorization Services” but its all in C and I have no idea, but from what I’ve read it still requires authentication.

Much appreciated.

Hi,

just use the syntax

do shell script "foo." with administrator privileges

Then the authentication window will appear

Thanx for you fast reply.
I’d like users to run the app and not know/require the Admin details.

Access privileges are a security feature, so it’s unconditionally necessary to have administrator (root) privileges to write into files in /Library or even in /System/Library

Otherwise any program could uncontrolled install malware on your computer :wink:

is there a way to encode the compiled app or script?
If I drop the compiled applescript on a texteditor the username and pword are clear as day.
thanx

A reliable solution is using an encryption/decryption routine.
You have to pre-encrypt the data, so the application has only to decrypt it.

I use jobu’s subroutine from this thread,

Step 1: generate the key
the script generates a list of 3 random strings with each 25 characters,
the literal list will copied to the clipboard

property characterList : "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"

set cryptKey to "{"
repeat 3 times
    set x to ""
    repeat 25 times
        set x to x & some item of characterList
    end repeat
    set cryptKey to cryptKey & quote & x & "\", "
end repeat
set the clipboard to text 1 thru -3 of cryptKey & "}"

Step 2: encrypt username and password

paste the list on the clipboard into the property line, it must look like

property cryptKey : {"ItaY6C3jq7m7wCLrWuS9diYAy", "63S5x8NYiJ5SNmhUJoqj7PfAH", "oNXkmvqplvVthTJ0WCNhTFYf5"}

set user_name to "myUserName"
set pass_word to "mypassword"

set encryptedUsername to (eS(user_name, gK(), "e")) --> save value
set encryptedPassword to (eS(pass_word, gK(), "e")) --> save value

property cryptKey :  {} -- paste list here 

to eS(inS, inK, inM)
    (* 'Encrypt String':
       This handler uses the blowfish encryption available in openssl. 
           The handler is configured to accept the string to be encrypted, the key to use 
           (generated by the 'gK()' handler below), and the mode to pass to the openssl
           call... either encrypt("e") or decrypt("d"). *)
    
    return do shell script ("echo " & (quoted form of inS) & " | openssl enc -bf -" & inM & " -pass pass:" & (quoted form of inK) & " -salt -a")
end eS

to gK()
    (* 'Get Key':
        This handler assembles a password(encryption key) to use with the blowfish script
            This is done to better hide the key in the script, so people reading through a
            compiled, run-only script will have a difficult time determining what the key is. *)
    
    return ((characters 8 through 13 of (item 2 of cryptKey)) & (characters 2 through 6 of (item 3 of cryptKey)) & (characters 19 through 23 of (item 1 of cryptKey))) as string
end gK

Note: you can change the numbers x through y

Step 3: decrypt username and password in your final script
the script uses the same routines eS() and gK() with the generated (pasted) keylist.
It must included in the final script

set user_name to (eS(encryptedUsername, gK(), "d"))
set pass_word to (eS(encryptedPassword, gK(), "d"))

property cryptKey :  {} -- pasted list 

to eS(inS, inK, inM)
    (* 'Encrypt String':
.