Skip to content

Instantly share code, notes, and snippets.

@pudquick
Last active October 26, 2021 23:45
Show Gist options
  • Save pudquick/bc1ad98e7ee0a50fba94 to your computer and use it in GitHub Desktop.
Save pudquick/bc1ad98e7ee0a50fba94 to your computer and use it in GitHub Desktop.
from ctypes import CDLL, Structure, POINTER, c_char_p, c_size_t, c_void_p, c_uint32, pointer, byref
Security = CDLL('/System/Library/Frameworks/Security.framework/Versions/Current/Security')
class OpaqueType(Structure):
pass
OpaqueTypeRef = POINTER(OpaqueType)
AuthorizationRef = OpaqueTypeRef
kSMRightModifySystemDaemons = "com.apple.ServiceManagement.daemons.modify"
kSMRightBlessPrivilegedHelper = "com.apple.ServiceManagement.blesshelper"
kAuthorizationEmptyEnvironment = None
kAuthorizationFlagDefaults = 0
kAuthorizationFlagInteractionAllowed = (1 << 0)
kAuthorizationFlagExtendRights = (1 << 1)
kAuthorizationFlagPartialRights = (1 << 2)
kAuthorizationFlagDestroyRights = (1 << 3)
kAuthorizationFlagPreAuthorize = (1 << 4)
class AuthorizationItem(Structure):
_fields_ = [('name', c_char_p),
('valueLength', c_size_t),
('value', c_void_p),
('flags', c_uint32),
]
class AuthorizationItemSet(Structure):
_fields_ = [('count', c_uint32),
('items', POINTER(AuthorizationItem)),
]
AuthorizationCreate = Security.AuthorizationCreate
AuthorizationCopyRights = Security.AuthorizationCopyRights
authref = AuthorizationRef()
result = AuthorizationCreate(None, kAuthorizationEmptyEnvironment, kAuthorizationFlagDefaults, byref(authref))
multi_right = (AuthorizationItem*2)()
multi_right[0].name = kSMRightModifySystemDaemons
multi_right[1].name = kSMRightBlessPrivilegedHelper
rights = AuthorizationItemSet()
rights.count = 2
rights.items = pointer(multi_right[0])
flags = kAuthorizationFlagDefaults | kAuthorizationFlagPreAuthorize | kAuthorizationFlagExtendRights | kAuthorizationFlagInteractionAllowed
result = AuthorizationCopyRights(authref, byref(rights), kAuthorizationEmptyEnvironment, flags, None)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment