Jamf Nation Community

sebastiannz · ‎09-26-2017

Hi all

I'm trying to create a policy in self service which displays a dialogue box with the computer's current IP address or addresses.

Having done a bit of reading around, the way JAMF runs AppleScript as the root user can cause issues getting the results to the currently logged-in user.

My script below runs the script in bash as the currently logged in user, and I have tested it to work fine in Mac OSX as a script.sh file, but when I try to run it in JAMF I get nothing, the JAMF log simply says:

Executing Policy Network Status
Wed Sep 27 11:58:29 MacBook Pro jamf[18349]: Checking for policy ID 852...

#!/bin/sh


currentUser=$( ls -l /dev/console | cut -d " " -f4 )
sudo -u $currentUser osascript <<EOD
tell application "System Events"
delay 0
set myIPAddress to (do shell script "ifconfig | grep 'inet ' | grep -v 'inet 127' | cut -c1-21")
display dialog "IP Address Details: " & myIPAddress
end tell
EOD

Am I missing something obvious here? Any help would be greatly appreciated.

Thanks,

Sebastian.

tlarkin · ‎09-26-2017

I wrote this years and years ago as a POC for someone else when at a previous job. Your post reminded me of it. Note it isn't very pretty and I would probably rewrite it, but I just ran it on my 10.12.6 box as root and it worked.

bash-3.2# whoami
root
bash-3.2# bash /Users/tlarkin/Documents/scripts/network_info.sh 
button returned:OK

artisan shell script:

#!/bin/bash

# dispaly information to end user

# set IFS for new line
# use unset IFS to reset it to default value

IFS=$'
'

# get list of networkservices exlcuding disabled services

NetServices=$(networksetup -listallnetworkservices | grep -v '*')


for service in ${NetServices} ; do
    netservinfo=$(networksetup -getinfo ${service} | awk '/IP address:/ { gsub("[a-z]", ""); print $3 }' | sed 's/://g')
    if [[ "${netservinfo}" != '' ]]
        then echo "${service} is currently assigned:  ${netservinfo}" >> /tmp/netinfo.txt
    fi

done

# applescript to display dialog

osascript <<AppleScript
tell application "Finder"
 activate
 display dialog "Your Network Information is:
$(cat /tmp/netinfo.txt)" buttons {"OK"} default button 1
end tell
AppleScript

unset IFS

# clean our temp file

rm /tmp/netinfo.txt

Note that this probably isn't the right or even an elegant solution but hopefully it can maybe help you kick around some ideas. I have not tested this in the Jamf Pro Server either, but only locally as the root user on my box.

edit - forgot good old screen shot

View solution in original post

mm2270 · ‎09-27-2017

Yeah, no issue with the way the script is set up. It's totally valid to use a bash script with Applescript (osascript) inside it. Just as it's possible to call shell commands inside an Applescript.

@sebastiannz I don't think it's necessary to call the Applescript display dialog portion as the user. The only time I've seen it necessary to run AS stuff as the user is if the dialog mode requires user interaction, such as a choose from list or enter text field style window. If it's a standard window with a message and some buttons, it usually works fine when run as root. I say *usually* because there doesn't seem to be an exact science to this, so test that out and don't just take my word for it.

The only other thing I would change is to get the IP address in the shell portion and simply echo that back in the Applescript to create an Applescript variable. For example.

#!/bin/bash

CurrentIP=$(ipconfig getifaddr $(/usr/sbin/netstat -rn -f inet | awk '/default/{print $NF; exit}'ipaddr))

/usr/bin/osascript <<EOF
set myIPAddress to do shell script "echo $CurrentIP"
tell app "System Events"
activate
display dialog "IP Address Details: " & myIPAddress buttons {"OK"} default button 1
end tell
EOF

You can swap out the shell command for CurrentIP above for the one you have if you want. There's not a big difference in them. The above is just something I picked up from another script I wrote a while back.

View solution in original post

tlarkin · ‎09-26-2017

I wrote this years and years ago as a POC for someone else when at a previous job. Your post reminded me of it. Note it isn't very pretty and I would probably rewrite it, but I just ran it on my 10.12.6 box as root and it worked.

bash-3.2# whoami
root
bash-3.2# bash /Users/tlarkin/Documents/scripts/network_info.sh 
button returned:OK

artisan shell script:

#!/bin/bash

# dispaly information to end user

# set IFS for new line
# use unset IFS to reset it to default value

IFS=$'
'

# get list of networkservices exlcuding disabled services

NetServices=$(networksetup -listallnetworkservices | grep -v '*')


for service in ${NetServices} ; do
    netservinfo=$(networksetup -getinfo ${service} | awk '/IP address:/ { gsub("[a-z]", ""); print $3 }' | sed 's/://g')
    if [[ "${netservinfo}" != '' ]]
        then echo "${service} is currently assigned:  ${netservinfo}" >> /tmp/netinfo.txt
    fi

done

# applescript to display dialog

osascript <<AppleScript
tell application "Finder"
 activate
 display dialog "Your Network Information is:
$(cat /tmp/netinfo.txt)" buttons {"OK"} default button 1
end tell
AppleScript

unset IFS

# clean our temp file

rm /tmp/netinfo.txt

Note that this probably isn't the right or even an elegant solution but hopefully it can maybe help you kick around some ideas. I have not tested this in the Jamf Pro Server either, but only locally as the root user on my box.

edit - forgot good old screen shot

mschroder · ‎09-27-2017

The obvious thing I see is that you have a shell script in which you are using a mix of shell and applescript commands. I don't think the shell knows about 'tell' and 'display'. You should make up your mind whether you want to use a shell script (#!/bin/sh; shell commands) or an applescript (#!/usr/bin/osascript; applescript commands).

Hope this helps,

Matthias

Asnyder · ‎09-27-2017

@mschroder They way he's doing it is fine. He's using bash to get the current logged in user and then telling bash to use applescript until it sees EOD in the file.

mschroder · ‎09-27-2017

Oops, you are right, I did not see the redirection. I blame it on massive lack of coffee.

mm2270 · ‎09-27-2017

Yeah, no issue with the way the script is set up. It's totally valid to use a bash script with Applescript (osascript) inside it. Just as it's possible to call shell commands inside an Applescript.

@sebastiannz I don't think it's necessary to call the Applescript display dialog portion as the user. The only time I've seen it necessary to run AS stuff as the user is if the dialog mode requires user interaction, such as a choose from list or enter text field style window. If it's a standard window with a message and some buttons, it usually works fine when run as root. I say *usually* because there doesn't seem to be an exact science to this, so test that out and don't just take my word for it.

The only other thing I would change is to get the IP address in the shell portion and simply echo that back in the Applescript to create an Applescript variable. For example.

#!/bin/bash

CurrentIP=$(ipconfig getifaddr $(/usr/sbin/netstat -rn -f inet | awk '/default/{print $NF; exit}'ipaddr))

/usr/bin/osascript <<EOF
set myIPAddress to do shell script "echo $CurrentIP"
tell app "System Events"
activate
display dialog "IP Address Details: " & myIPAddress buttons {"OK"} default button 1
end tell
EOF

You can swap out the shell command for CurrentIP above for the one you have if you want. There's not a big difference in them. The above is just something I picked up from another script I wrote a while back.

sebastiannz · ‎09-27-2017

Thank you everyone for all your responses! @mm2270 your alterations to my script worked a treat, thank you!

Also @tlarkin thankyou for your sophisticated script. I gave it a go and it worked a treat, all I'll need to do is remove interfaces such as Bluetooth DUNs or iPhone USB interfaces that might be present on some machines with grep and it'll be perfect for my needs.

Everyone's time has been very much appreciated.

Thanks again,

Sebastian.

Jamf Nation Community

Running Apple Script Via Self Service