0

目标设备:macOS Catalina 及更高版本

我可以使用一些帮助来解决脚本中的问题,该脚本应该在用户尝试连接到被禁止的 SSID 时触发 osascript 通知。仅当用户已连接或正在尝试连接到被禁止的 SSID 之一时,才会发出通知。

我虽然问题是由于脚本由launchd运行,因此以root身份运行,但是,即使在以登录用户身份运行通知命令之后,即使脚本的其余部分工作也不会发生通知美好的。

其次,我们也无法从本地项目钥匙串中删除被禁止的 SSID 的凭据,但是,如果已连接,该脚本具有将机器踢出被禁止的网络并防止机器将来自动连接的预期效果。我们能够从系统钥匙串中删除凭据,但如果能找到一种方法也可以从本地项目钥匙串中删除该项目,那就太好了。

无论如何,主要问题发生在下面修改后的代码的第 47 行。任何解决这些问题的帮助将不胜感激。

此代码段已被修改,以便更轻松地识别有问题的命令:

#
# This script will find all saved SSIDs, compare them to a list of banned SSIDs and if found, removes them
#
# If the client is connected to a banned SSID, Wi-Fi is toggled to allow automatic connection to a non-banned SSID
#
# Script is only able to remove SSID from System keychain as delete-generic-password is not "Local Items" aware
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

# Change Internal Field Seperator to "  " to allow for SSIDs that contain spaces in array "bannedNetworks"
IFS='   '

# Get current logged in user
loggedInUser=`ls -l /dev/console | cut -d " " -f 4`

# Determine the Wi-Fi interface
interface=$(networksetup -listallhardwareports | grep -E '(Wi-Fi|AirPort)' -A 1 | grep -o en.)

# Get all saved SSIDs
savedNetworks=($(networksetup -listpreferredwirelessnetworks $interface | tail -n +2))

# SSIDs to be removed
bannedNetworks=("SSIDone" "SSIDtwo" "SSIDthree")

# Power cycle wireless adapter if connected to a banned network, then remove it
for i in "${bannedNetworks[@]}"
do
    if [[ $(networksetup -getairportnetwork $interface | cut -d ":" -f 2 | cut -c 2-) != $i ]]; then
        
        echo "Not connected to $i"
    else
        networksetup -removepreferredwirelessnetwork $interface $i
        
        sudo security delete-generic-password -l $i "/Library/Keychains/System.keychain" >/dev/null 2>&1
        
        # Update savedNetworks variable to prevent "…not found" error as the connected network has already been removed yet remains in the array
        savedNetworks=($(networksetup -listpreferredwirelessnetworks $interface | tail -n +2))
        
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

        
        
        
        
        
        # Notify the user: Doesn't trigger properly, even when run as the logged in user
        sudo -u $loggedInUser osascript -e 'display notification "The Wi-Fi network you selected is not for use with district devices. If \"ApprovedNetwork\" fails, please use \"BackupNetwork.\"" with title "Blocked Network"'

        
        
        
        
        
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

        networksetup -setairportpower $interface off
        
        sleep 5
        
        networksetup -setairportpower $interface on
        
    fi
done```
4

1 回答 1

1

好吧,您遇到的来自守护程序的通知的问题是设计使然。

它与 macOS 如何处理不同的会话有关,您可以在此处此处阅读以获取更多信息。

您现在需要知道的是,当作为守护进程运行时,您无法默认访问用户 GUI 会话,即使使用 sudo -u 也是如此。

但是,有一些方法可以从您的上下文中访问用户 GUI 会话,如此处所述

总结一下,你需要做的是:

  1. 更改

sudo -u $loggedInUser osascript -e ...

sudo launchctl asuser $userId osascript -e ...

其中 $userId 是这样的:

userId=`sudo -u $USER id -u`

(我不是很喜欢 bash,它可以以更清晰的方式完成)

  1. 检查 sh 在安全首选项中被授予全盘访问权限(或者沙盒配置文件不允许您阅读 sh 脚本)
于 2021-04-13T20:01:05.973 回答