On 01/09/16 21:56, David Sommerseth wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 01/09/16 22:14, debbie10t wrote: >> * If it sounds too good to be true .. then it probably is. > There's a good intro to D-Bus programming here, with focus on C: > <https://leonardoce.wordpress.com/2015/04/01/dbus-tutorial-a-simple-serv > er/> > > Here's one I haven't looked too careful at, but related to Python: > <https://georgemuraruc.wordpress.com/2015/07/16/d-bus-tutorial-for-pytho > n/> > > And for some good shell fun: > (this should work on most modern Linux distros) > > $ gdbus call --system -d org.freedesktop.NetworkManager \ > -o /org/freedesktop/NetworkManager \ > -m org.freedesktop.NetworkManager.GetDevices > Returns on my laptop: > > ([objectpath '/org/freedesktop/NetworkManager/Devices/0', > '/org/freedesktop/NetworkManager/Devices/1', > '/org/freedesktop/NetworkManager/Devices/2'],) > > To query everything about one of the devices, to see all methods, > signals and properties available you do this: > > $ gdbus introspect --system -d org.freedesktop.NetworkManager \ > -o /org/freedesktop/NetworkManager/Devices/1 > > Through gdbus, you can do a lot of fun stuff. If you are on a systemd > based system, you can even start and stop services through D-Bus calls > - - if you have the right privileges. > > D-Bus has been around for over a decade and is very stable and widely > used, at least on the Linux side - but I believe it's a requirement if > you use GNOME or KDE too, regardless if it is Linux or not. > >> If it is possible; a run time option eg. --dbus enabled|disabled or >> at least a compile time option --enable-dbus might be preferable. > Okay, there will be two ways to enable/disable. D-Bus will be > disabled by default. > > To enable D-Bus you must first compile it with D-Bus support, that > will be done via ./configure --enable-dbus > > Then to enable the D-Bus API, where OpenVPN will connect and register > to the D-Bus, you will need --management-dbus in your config. This > option will only be available if built with --enable-dbus when running > ./configure. > >> For me personally, it sounds like a lot of openvpn 'control' is >> being handed over to another entity and I am not convinced that is >> ideal. > It is completely optional. Without activating D-Bus, OpenVPN will > work just as before. But there are use cases where the interfacing > possibilities to managing OpenVPN are very limited - and if not > limited, it is hard to accomplish. I want to lower this barrier, to > allow simpler integration with tools and which is more agnostic to > programming languages and scripts. > > D-Bus is first of all an API for interprocess communication (IPC), but > it has standardised how services are offered through that API so you > don't need to re-invent the wheel each time you want to do anything new. > > In regards to handing over 'control', this is not much more different > than using the script hooks or enabling third-party plugins. The > difference is that you can integrate using an API which is available > through the most common programming and scripting languages (C/C++, > Java, C#, golang, Python, Ruby, Perl, Haskel, Erlang, LUA, etc, etc). > > And I emphasize again: D-Bus provides a much better control over whom > can do what on services provided over the D-Bus. Every user or > process accessing a service is authenticated and access control is > managed through polkit policies. Thus you can actually improve the > overall security by using D-Bus compared to using script hooks or even > plug-ins - where they at least run with the same privileges as the > openvpn process, if they haven't fork()ed out a root process (like the > down-root plugin does). > > David,
consider me convinced; I cannot possibly argue against your incredibly well informed opinion and, in fact, I look forward to testing it for myself. No doubt there will be teething problems but, judging by your enthusiasm, I expect they will be easily weaned. /me is reading a lot more about dbus now ! Regards ------------------------------------------------------------------------------ _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
