[Pythonmac-SIG] ANN: Authorization 0.1 - Wrapper for Apple's Authorization API

[Bob Ippolito]

Authorization is a wrapper for Apple's Authorization API.  Basically, 
it allows you to spawn an arbitrary process as root after successfully 
authenticating an administrator.  This is useful for installers, 
twiddling kernel settings (via sysctl or the like), etc.

You can fetch the source from:
http://undefined.org/python/Authorization-0.1.tar.gz  (You'll need 
Pyrex 0.9 to build)

Or you can install it from my Package Manager repository:
http://undefined.org/python/pimp/ (for instructions and HTML package 
listing)

All of Apple's examples for using the Authorization API are pretty 
convoluted.. I did get Python versions of them to work, but this is the 
usage pattern that I felt maintained the most security and makes the 
most sense for Python (this is also the test/test.py file in the source 
distribution).  I haven't tested on Panther yet, but I'm relatively 
sure it should still work.

-bob

#!/usr/bin/env python
import os, sys, struct, tempfile
from Authorization import Authorization, kAuthorizationFlagDestroyRights

AUTHORIZEDTOOL = "#!%s\n%s" % (sys.executable,
r"""
import os
print os.getuid(), os.geteuid()
os.setuid(0)
print "I'm root!"
""")

def main():
     auth = 
Authorization(destroyflags=(kAuthorizationFlagDestroyRights,))
     fd, name = tempfile.mkstemp('.py')
     os.write(fd, AUTHORIZEDTOOL)
     os.close(fd)
     os.chmod(name, 0700)
     try:
         pipe = auth.executeWithPrivileges(name)
         sys.stdout.write(pipe.read())
         pipe.close()
     finally:
         os.unlink(name)

if __name__=='__main__':
     main()