在command或AppleScript中删除system.keychain中的项目有什么想法吗？

Question

目前，我正在开发一个小应用程序，我想删除机场设置。

首先使用外壳命令networksetup删除首选网络，然后通过AppleScript删除密钥链中记录的密码。但我发现机场的密码都记录在system.keychain和login.keychain中。我编写的AppleScript如下：

tell application "Keychain Scripting"
set keychainName to "Login.keychain" -- "system.keychain"
set gkeyCount to count generic key of keychain keychainName

repeat with keyIndex from 1 to gkeyCount
    log keyIndex
    if (account of generic key keyIndex of keychain keychainName is "ABCD") then
        delete generic key keyIndex of keychain keychainName
        log "find the key"
    end if
end repeat

结束讲述

对于密钥链"login.keychain"，没有问题，但是对于密钥链"System.keychain"，它失败了，弹出"Keychain Scripting got an error: File not open with write permission“。

有什么想法吗？

Answer 1

编辑：这不起作用。啊，好吧，这只是个猜测。我把答案留给子孙后代。

我的猜测是，问题是系统密钥链被锁定了。我不能真的测试这一点，因为我不想从我的密钥链中删除东西，但我确实确认了我的系统密钥链默认是锁定的，这似乎是那种会导致你看到的错误的事情。因此，我会这样做：

tell application "Keychain Scripting"
    set keychainName to "Login.keychain" -- "system.keychain"
    set doRelock to false
    set kc to keychain keychainName
    if locked of kc then
        unlock kc
        set doRelock to true
    end if
    try
        set gkeyCount to count generic key of kc

        repeat with keyIndex from 1 to gkeyCount
            log keyIndex
            if (account of generic key keyIndex of kc is "ABCD") then
                delete generic key keyIndex of keychain keychainName
                log "find the key"
            end if
        end repeat
        if doRelock then
            lock kc
            set doRelock to false
        end if
    on error
        if doRelock then lock kc
    end try
end tell

我们的想法是，如果需要，首先解锁钥匙链，然后确保在解锁完成后重新锁定它。让我知道这是否工作-就像我说的，我没有什么我想测试的。

Answer 2

您需要以写入权限打开文件:请参阅来自AppleScript的books_google_com：Mac上脚本编写和自动化的综合指南

Answer 3

我得到了Objective-C的解决方案：

BOOL deleteItemOfSystemKeychain(NSArray *accountList)
{
OSStatus retVal;
SecKeychainRef systemKeychainRef;
SecKeychainItemRef kcItem;
AuthorizationRef authRef;
AuthorizationItem right = { "system.keychain.modify", 0, NULL, 0 };
AuthorizationRights rightSet = { 1, &right };

/* Create authorization to access the system.keychain */
retVal = AuthorizationCreate(&rightSet, kAuthorizationEmptyEnvironment, kAuthorizationFlagExtendRights | kAuthorizationFlagInteractionAllowed, &authRef);

if (retVal != errSecSuccess) {
    NSLog(@"Failed to get right to modify system keychain %@", SecCopyErrorMessageString(retVal, NULL));
    return FALSE;
}

SecKeychainSetUserInteractionAllowed(TRUE);
retVal = SecKeychainOpen("/Library/Keychains/System.keychain", &systemKeychainRef);
if (retVal != errSecSuccess) {
    NSLog(@"Failed to open System keychain %@", SecCopyErrorMessageString(retVal, NULL));
    return FALSE;
}

retVal = SecKeychainUnlock(systemKeychainRef, 0, NULL, FALSE);
    if (retVal != errSecSuccess) {
    NSLog(@"Failed to unlock System keychain %@", SecCopyErrorMessageString(retVal, NULL));
    return FALSE;
}

//  retVal = SecKeychainSetSearchList(CFArrayRef searchList);

/* Search the item we wanna to delete */
CFArrayRef arrayRef;
SecKeychainCopySearchList(&arrayRef);
SecKeychainSetSearchList(arrayRef);
CFRelease(arrayRef);

SecKeychainSearchRef searchRef;
SecKeychainSearchCreateFromAttributes(NULL,
                                      kSecGenericPasswordItemClass,
                                      NULL,
                                      &searchRef);  

while (errSecItemNotFound != SecKeychainSearchCopyNext(searchRef, &kcItem))
{
    static int iCount = 1;
    SecKeychainAttributeInfo *info;
    SecKeychainAttributeInfoForItemID(systemKeychainRef, 
                                      CSSM_DL_DB_RECORD_GENERIC_PASSWORD,
                                      &info);
    SecKeychainAttributeList *attributes;
    SecKeychainItemCopyAttributesAndData(kcItem, info, NULL, &attributes, 0, NULL);


    for (int i = 0; i < attributes->count; i ++)
    {
        SecKeychainAttribute attr = attributes->attr[i];

        char attr_tag[5] = {0};
        attr_tag[0] = ((char *)&attr.tag)[3];
        attr_tag[1] = ((char *)&attr.tag)[2];
        attr_tag[2] = ((char *)&attr.tag)[1];
        attr_tag[3] = ((char *)&attr.tag)[0];

        NSString *attrTag = [NSString stringWithCString:attr_tag encoding:NSUTF8StringEncoding];
        NSString *attrValue = [[[NSString alloc] initWithData:[NSData dataWithBytes:attr.data
                                                                             length:attr.length]
                                                     encoding:NSUTF8StringEncoding] autorelease];

        if ([attrTag isEqualToString:@"acct"])
        {
            NSLog(@"Check Item %d:%@:%@", iCount++, attrTag, attrValue);
            for (NSString *str in accountList)  
            {
                if ([attrValue isEqualToString:str])
                {
                    NSLog(@"delete %@...", str);
                    retVal = SecKeychainItemDelete(kcItem);
                    if (retVal != errSecSuccess)
                    {
                        NSLog(@"delete %@ failed...", str);
                    }
                }
            }
        }
    }
}

return TRUE;

}

注意:以root/admin身份运行此命令。

:)