Page 1 of 1

Lock Archicad from mounting AFP libraries

Posted: Thu Dec 02, 2010 12:34 pm
by borgo1971
I'm trying to use Little Snitch to lock Archicad to mount AFP volumes to load it's libraries, because I connected with my office with OpenVPN through ADSL, and the opening of an Archicad project with library loaded through the VPN can need an hour ore more!
This happens because Archicad "remembers" the path of last used libraries, and if I modified the project in office, using libraries on server, it tries to load them again. I found that Archicad uses "NetAuthAgent" to mount AFP volumes, and after that it has mounted the libraries volume, I think it's impossible to lock Archicad form loading them. So I made a rule that Dany connection from "NetAuthAgent" to our server, and that prevent's Archicad to mount the libraries (so it asks were to find it, and I can use local copy of libraries), but prevent's Finder to mount AFP volumes too. At this time I enable/disable this rule on need, but sometime I oblivious to do it so, I must kill Archicad or lose sometime to understand way finder won't connect to server... ok some more attention can prevent this, but it happens. In any case, every time I must modify rule status, so I thought to try to automatize this. I tried to make e rule that locks only Archicad (ArchiCAD 14 via NetAuthAgent) but this won't have any effect. So I thought to make a Service with Automator, so I can right-click on project and open it through the service that should do this:
1. unmount all network volumes, or better our office server
2. enable the Dany rule for "NetAuthAgent"
3. open the project with Archicad
4. disable the Dany rule after project is completely loaded (I can accept a time interval... say two minutes to be sure)
The question is: can this be done? Maybe, using AppleScript ore shells script to enable and disable LittleSnitch rule?
Is there another way to prevent Archicad to mount AFP volumes using "NetAuthAgent", without locking entry system?

Re: Lock Archicad from mounting AFP libraries

Posted: Fri Dec 03, 2010 5:09 pm
by hagen
Are you sure NetAuthAgent is responsible for mounting volumes, and not automount? Or mount_nfs or mount_url? Perhaps NetAuthAgent does authentication, then calls one of the other processes. I might try disabling the protected automount rule, and see what happens.

Sometimes the best strategy is to start with no rule at all for a process or app. This forces Littlesnitch to ask for every connection. By answering with "until quit", you can discover what is happening without making permanent rules. Then make permanent rules as appropriate.

Preferences, security tab, has an option to allow GUI scripting access to Littlesnitch. Doing so is a potential security risk, though.

Re: Lock Archicad from mounting AFP libraries

Posted: Sat Dec 04, 2010 12:42 pm
by borgo1971
No, it's "NetAuthAgent". I found this after disabling all rules and watching wath littlesnich asks if I open a Archicad project edited in office: the unique questions are from Archicad about it's softwareupdate site, and from "NetAuthAgent" that want's to connect our server IP. In any case I tried again disabling automount, mount_nfs and mount_url rules with no effect for my problem, on other hands, if I Dany "NetAuthAgent" to connect to our server, Archicad won't mount the remote volumes, so I guess it's definitely "NetAuthAgent".
The unique alternative instead to enable/disable this rule, is to clear our server Password in Keychin, and at this time I think it's the best solution... until I find a way to dany only Archicad to use "NetAuthAgent" :D
P.S. I know there's an option to allow GUI scripting, but I wasn't able to find how to do it.