Posted on 04-13-2021 09:41 AM
I need help fixing a problem in a script that is supposed to trigger an osascript notification whenever a user tries to connect to a banned SSID. The notification should only occur when the user is either already connected or is trying to connect to one of the banned SSIDs.
I though the problem was due to the fact that the script is being run by launchd, and so is running as root, however, even after running the notification command as the logged in user, no notification occurs even as the rest of the script works fine.
Secondarily, we are also unable to remove credentials for a banned SSID from the local items keychain, but as is, the script has the desired effect of kicking the machine off a banned network if connected and preventing the machine from automatically connecting in the future. We are able to remove the credentials from the System Keychain, but it would be nice to find a way to also remove the item from the Local Items keychain as well.
Anyway, the main issue occurs at line 47 of the modified code below. Any help in fixing either of these issues would be greatly appreciated.
This snippet has been modified to more easily identify the offending command:
#!/bin/bash
#
# This script will find all saved SSIDs, compare them to a list of banned SSIDs and if found, removes them
#
# If the client is connected to a banned SSID, Wi-Fi is toggled to allow automatic connection to a non-banned SSID
#
# Script is only able to remove SSID from System keychain as delete-generic-password is not "Local Items" aware
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Change Internal Field Seperator to " " to allow for SSIDs that contain spaces in array "bannedNetworks"
IFS=' '
# Get current logged in user
loggedInUser=`ls -l /dev/console | cut -d " " -f 4`
# Determine the Wi-Fi interface
interface=$(networksetup -listallhardwareports | grep -E '(Wi-Fi|AirPort)' -A 1 | grep -o en.)
# Get all saved SSIDs
savedNetworks=($(networksetup -listpreferredwirelessnetworks $interface | tail -n +2))
# SSIDs to be removed
bannedNetworks=("SSIDone" "SSIDtwo" "SSIDthree")
# Power cycle wireless adapter if connected to a banned network, then remove it
for i in "${bannedNetworks[@]}"
do
if [[ $(networksetup -getairportnetwork $interface | cut -d ":" -f 2 | cut -c 2-) != $i ]]; then
echo "Not connected to $i"
else
networksetup -removepreferredwirelessnetwork $interface $i
sudo security delete-generic-password -l $i "/Library/Keychains/System.keychain" >/dev/null 2>&1
# Update savedNetworks variable to prevent "…not found" error as the connected network has already been removed yet remains in the array
savedNetworks=($(networksetup -listpreferredwirelessnetworks $interface | tail -n +2))
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Notify the user: Doesn't trigger properly, even when run as the logged in user
sudo -u $loggedInUser osascript -e 'display notification "The Wi-Fi network you selected is not for use with district devices. If "ApprovedNetwork" fails, please use "BackupNetwork."" with title "Blocked Network"'
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
networksetup -setairportpower $interface off
sleep 5
networksetup -setairportpower $interface on
fi
done
Solved! Go to Solution.
Posted on 04-13-2021 12:19 PM
have you tried using launchctl? You'd have to get the UID for the logged in user
USER_ID=$(id -u "$loggedInUser")
and then run your notification like this: launchctl asuser "$USER_ID" osascript -e.....
Posted on 04-13-2021 12:19 PM
have you tried using launchctl? You'd have to get the UID for the logged in user
USER_ID=$(id -u "$loggedInUser")
and then run your notification like this: launchctl asuser "$USER_ID" osascript -e.....