launchd & launchctl Aqua session type on OSX Tiger

Grant Erickson wrote:
On 10/9/09 7:00 AM, launchd-dev-request@... wrote:

I have a script which I can successfully schedule using on OSX Leopard
as follows :-

launchctl load -w -S Aqua com.floehopper.script
Apparently I need the Aqua session type because the script accesses the
keychain using the SecKeychainFindGenericPassword function. If I don't
set the session type to Aqua, I get a errSecInteractionNotAllowed
"Interaction with the Security Server is not allowed" error (-25308).

However, I also want to schedule the script on OSX Tiger, but the
session type -S option is not available for launchctl.

I've tried calling the SecKeychainSetUserInteractionAllowed function
with the state parameter set to false, but then I end up with a
errSecAuthFailed "Authorization/Authentication failed" error (-25293).

Does anyone have any ideas how I might get this working on OSX Tiger?

James:

I'd recommend you read:

    http://developer.apple.com/mac/library/technotes/tn2005/tn2083.html

LaunchAgents are, unfortunately, DOA (dead on arrival) in Tiger.

Hi Grant,

Thanks for your reply. I've read the Apple technical note, but I'm a
little confused. 
I want to use my Launch Agent as a scheduled
task, not as something
that happens at login. Also I only want to support systems where a
single user is logging in via the GUI and not via ssh. The warning
below seems to imply that I should not have any problems. Or am I
missing something?

WARNING: Prior to Mac OS X 10.5, launchd
agents were not particularly useful because there was no way for the
agent to specify the type of login session that the agent required (r.
4255854) . Thus, you couldn't use a launchd agent as the equivalent of
a global login item because it might be launched in the context of
non-GUI login session. Mac OS X 10.5 has addressed this limitation, as
described below. However, if you have to support older systems, you
should investigate some of the alternative technologies described in
Deprecated Daemonomicon.

Also even in Leopard, I found I needed to set the session type to Aqua,
whereas the technical note implies that the session type should default
to Aqua.

To run your agent in a particular session type,
use the session type strings from Table 1 as the value of the
LimitLoadToSessionType property in your agent's property list file. If
you want to run in more than one session type, you can set
LimitLoadToSessionType to an array, where each element is a session
type string. If you don't specify the LimitLoadToSessionType property,
launchd assumes a value of Aqua.

I have to admit I don't really understand why I need to set the session
type to Aqua to access the keychain programmatically in the first place!

Regards, James.

	launchd & launchctl Aqua session type on OSX Tiger by James Mead :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message I have a script which I can successfully schedule using on OSX Leopard as follows :- launchctl load -w -S Aqua com.floehopper.script Apparently I need the Aqua session type because the script accesses the keychain using the SecKeychainFindGenericPassword function. If I don't set the session type to Aqua, I get a errSecInteractionNotAllowed "Interaction with the Security Server is not allowed" error (-25308). However, I also want to schedule the script on OSX Tiger, but the session type -S option is not available for launchctl. I've tried calling the SecKeychainSetUserInteractionAllowed function with the state parameter set to false, but then I end up with a errSecAuthFailed "Authorization/Authentication failed" error (-25293). Does anyone have any ideas how I might get this working on OSX Tiger? _______________________________________________ launchd-dev mailing list launchd-dev@... http://lists.macosforge.org/mailman/listinfo.cgi/launchd-dev
	Re: launchd & launchctl Aqua session type on OSX Tiger by Grant Erickson :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On 10/9/09 7:00 AM, launchd-dev-request@... wrote: > I have a script which I can successfully schedule using on OSX Leopard > as follows :- > > launchctl load -w -S Aqua com.floehopper.script > Apparently I need the Aqua session type because the script accesses the > keychain using the SecKeychainFindGenericPassword function. If I don't > set the session type to Aqua, I get a errSecInteractionNotAllowed > "Interaction with the Security Server is not allowed" error (-25308). > > However, I also want to schedule the script on OSX Tiger, but the > session type -S option is not available for launchctl. > > I've tried calling the SecKeychainSetUserInteractionAllowed function > with the state parameter set to false, but then I end up with a > errSecAuthFailed "Authorization/Authentication failed" error (-25293). > > Does anyone have any ideas how I might get this working on OSX Tiger? James: I'd recommend you read: http://developer.apple.com/mac/library/technotes/tn2005/tn2083.html LaunchAgents are, unfortunately, DOA (dead on arrival) in Tiger. Regards, Grant _______________________________________________ launchd-dev mailing list launchd-dev@... http://lists.macosforge.org/mailman/listinfo.cgi/launchd-dev
	Re: launchd & launchctl Aqua session type on OSX Tiger by Damien Sorresso :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Oct 9, 2009, at 7:43 AM, Grant Erickson wrote: > On 10/9/09 7:00 AM, launchd-dev-request@... wrote: >> I have a script which I can successfully schedule using on OSX Leopard >> as follows :- >> >> launchctl load -w -S Aqua com.floehopper.script >> Apparently I need the Aqua session type because the script accesses the >> keychain using the SecKeychainFindGenericPassword function. If I don't >> set the session type to Aqua, I get a errSecInteractionNotAllowed >> "Interaction with the Security Server is not allowed" error (-25308). >> >> However, I also want to schedule the script on OSX Tiger, but the >> session type -S option is not available for launchctl. >> >> I've tried calling the SecKeychainSetUserInteractionAllowed function >> with the state parameter set to false, but then I end up with a >> errSecAuthFailed "Authorization/Authentication failed" error (-25293). >> >> Does anyone have any ideas how I might get this working on OSX Tiger? > > James: > > I'd recommend you read: > > http://developer.apple.com/mac/library/technotes/tn2005/tn2083.html > > LaunchAgents are, unfortunately, DOA (dead on arrival) in Tiger. To be pedantic, they were never alive on Tiger in the first place. :) -- Damien Sorresso BSD Engineering Apple Inc. _______________________________________________ launchd-dev mailing list launchd-dev@... http://lists.macosforge.org/mailman/listinfo.cgi/launchd-dev
	Re: launchd & launchctl Aqua session type on OSX Tiger by James Mead :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message `Grant Erickson wrote:` `On 10/9/09 7:00 AM, launchd-dev-request@... wrote:` I have a script which I can successfully schedule using on OSX Leopard as follows :- launchctl load -w -S Aqua com.floehopper.script Apparently I need the Aqua session type because the script accesses the keychain using the SecKeychainFindGenericPassword function. If I don't set the session type to Aqua, I get a errSecInteractionNotAllowed "Interaction with the Security Server is not allowed" error (-25308). However, I also want to schedule the script on OSX Tiger, but the session type -S option is not available for launchctl. I've tried calling the SecKeychainSetUserInteractionAllowed function with the state parameter set to false, but then I end up with a errSecAuthFailed "Authorization/Authentication failed" error (-25293). Does anyone have any ideas how I might get this working on OSX Tiger? `James: I'd recommend you read: http://developer.apple.com/mac/library/technotes/tn2005/tn2083.html LaunchAgents are, unfortunately, DOA (dead on arrival) in Tiger.` `Hi Grant, Thanks for your reply. I've read the Apple technical note, but I'm a little confused.I want to use my Launch Agent as a scheduled task, not as something that happens at login. Also I only want to support systems where a single user is logging in via the GUI and not via ssh. The warning below seems to imply that I should not have any problems. Or am I missing something?` WARNING: Prior to Mac OS X 10.5, launchd agents were not particularly useful because there was no way for the agent to specify the type of login session that the agent required (r. 4255854) . Thus, you couldn't use a launchd agent as the equivalent of a global login item because it might be launched in the context of non-GUI login session. Mac OS X 10.5 has addressed this limitation, as described below. However, if you have to support older systems, you should investigate some of the alternative technologies described in Deprecated Daemonomicon. Also even in Leopard, I found I needed to set the session type to Aqua, whereas the technical note implies that the session type should default to Aqua. To run your agent in a particular session type, use the session type strings from Table 1 as the value of the LimitLoadToSessionType property in your agent's property list file. If you want to run in more than one session type, you can set LimitLoadToSessionType to an array, where each element is a session type string. If you don't specify the LimitLoadToSessionType property, launchd assumes a value of Aqua. I have to admit I don't really understand why I need to set the session type to Aqua to access the keychain programmatically in the first place! Regards, James. _______________________________________________ launchd-dev mailing list launchd-dev@... http://lists.macosforge.org/mailman/listinfo.cgi/launchd-dev

launchd & launchctl Aqua session type on OSX Tiger

launchd & launchctl Aqua session type on OSX Tiger

Re: launchd & launchctl Aqua session type on OSX Tiger

Re: launchd & launchctl Aqua session type on OSX Tiger

Re: launchd & launchctl Aqua session type on OSX Tiger