search

twocanoes / xcreds

Open Source Project for Syncing IdP password with macOS login password
BSD 3-Clause "New" or "Revised" License
217 stars 24 forks source link

[Feature Request]: Allow XCreds to open a symlinked app? #226

Open dstranathan opened 2 months ago

dstranathan commented 2 months ago

Starting in macoS 15 Sequioa, Keychain Access.app will live in the System folder at /System/Library/CoreServices/Applications/Keychain Access.app.

My XCreds profile includes a link in the menu bar pointing to Keychain Access in /Apps/Utilities as a QA + troubleshooting tool.

Once Sequoia is in production in late 2024, the link from the XCReds menu item (<key>linkOrAppPath</key>) will not be able to open Keychain Access unless I change the linkOrAppPath key with the new app path, but then it would be broken for all OSs older that macOS 15. Im assuming we will still need Keychain Access.app for at least a year or two.

So I created a script/policy that creates an alias of /System/Library/CoreServices/Applications/Keychain Access.app at /Applications/Utilities/Keychain Access.app with POSIX 755

However, XCreds is not able to open this symlink from the menu item. The Finder displays an error "This file cant be found". But Im able to open the Keychain Access alias from the Finder by manually double-clicking it, and I can also open it from the Terminal with 'open -a /Applications/Utilities/Keychain Access.app'

Is there any way to allow XCreds to open a link pointing to an app? Is this a security restriction?

This is very very low priority (and not needed for many months to come obviously), but Im still curious if it's worth looking at?

Screenshot 2024-06-14 at 16 51 47

twocanoes commented 2 months ago

Worked for me. I created a symlink:

sudo ln -s /System/Library/CoreServices/Applications/Directory\ Utility.app /Applications/Utilities/Directory\ Utility.app

Then added to the profile:

linkOrAppPath /Applications/Utilities/Directory Utility.app menuItemName Keychain Access separatorAfter separatorBefore

and selected it from the menu and it worked fine. This was on 14.5 (23F79).

dstranathan commented 2 months ago

I performed the same test as, and the alias/symlink worked fine on Sonoma 14.4.1 + XCreds 4.1.

Tried the same test on macOS 15 Sequoia (dev beta 1) + XCreds 4.1 and it errors with "the file cant be found".

<dict>
    <key>linkOrAppPath</key>
    <string>/System/Applications/Utilities/Keychain Access.app</string>
    <key>menuItemName</key>
    <string>Keychain Access...</string>
    <key>separatorAfter</key>
    <false/>
    <key>separatorBefore</key>
    <false/>
</dict>

Here the file info:

dds@md216fl07f1 ~ % ls -al /Applications/Utilities | grep Keychain
lrwxr-xr-x   1 root  wheel   61 Jun 21 13:55 Keychain Access.app -> /System/Library/CoreServices/Applications/Keychain Access.app

Here's a comprehensive screenshot of the symlink command, the symlink file that gets generated in /Applications/Utilities, the XCreds menu item, and the actual error.

Screenshot 2024-06-21 at 13 57 13

twocanoes commented 1 month ago

will test later seq builds.