OwlCyberSecurity - MANAGER
Edit File: python-wrapper.c
// // python-wrapper.c // // Copyright © 2016 Apple Inc. All rights reserved. // #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include <pwd.h> #include <Python/Python.h> const char * const allowedUsernames[] = { "_calendar", "_devicemgr", "_teamsserver", "_xserverdocs" }; const char* python = "/usr/bin/python2.7"; const char* bin = "/Applications/Server.app/Contents/ServerRoot/Library/CalendarServer/bin"; const char* site = "/Applications/Server.app/Contents/ServerRoot/Library/CalendarServer/lib/python2.7/site-packages"; // Prepend a path to the named environment variable int prependToPath(const char* name, const char* prepend) { const char* old_value = getenv(name); char* new_value = NULL; if (old_value == NULL) { // No existing value - set to the prepend value size_t max_length = strlen(prepend) + 1; new_value = malloc(max_length); strlcpy(new_value, prepend, max_length); } else { // Existing value - so prepend with a ":" in between size_t max_length = strlen(old_value) + strlen(prepend) + 2; new_value = malloc(max_length); strlcpy(new_value, prepend, max_length); strlcat(new_value, ":", max_length); strlcat(new_value, old_value, max_length); } setenv(name, new_value, 1); free(new_value); return 0; } int uidIsAllowed() { // Returns 1 if we're root or any of the whitelisted users; 0 otherwise int uid = getuid(); if (uid == 0) { // Always allow root return 1; } else { // Check the other whitelisted users int i, len; struct passwd* passwdInfo; len = sizeof(allowedUsernames) / sizeof(allowedUsernames[0]); for (i = 0; i < len; i++) { passwdInfo = getpwnam(allowedUsernames[i]); if (passwdInfo != NULL) { if (passwdInfo->pw_uid == uid) { return 1; } } } } // No match return 0; } int main(int argc, const char * argv[]) { if (uidIsAllowed()) { int result; // Update PATH and PYTHONPATH prependToPath("PATH", bin); prependToPath("PYTHONPATH", site); Py_Initialize(); result = Py_Main(argc, (char **)argv); Py_Finalize(); return result; } else { printf("You are not allowed to run this executable.\n"); return 1; } }