Hi Fabian On Wednesday 29 February 2012 14:07:01 Fabian Knittel wrote: > Let's see whether I understood the design. After initial setup, the > GUI has a connection via the mgmt interface to OpenVPN and OpenVPN has > a connection via the "privilege interface" to the "interactive > service". OpenVPN basically runs in the same context as the GUI, i.e. > without permission to change the network configuration (change routes, > etc.). The "interactive service" runs in a context with permissions to > change the network configuration. Any privileged operations are > requested by OpenVPN via the "privilege interface" and performed by > the "interactive service". (There must be something missing, otherwise > I don't get why you call it "interactive service" ...?)
It's interactive in contrast to the other already existing service, that just starts all openvpn connections that it finds at the time the service itself is started. I internally called that service automatic. The GUI and openvpn interact with the interactive service, hence the name. And partially because I couldn't come up with something that made more sense. > Why does the "interactive service" need to start OpenVPN? Why not let > the GUI start OpenVPN and let OpenVPN connect to the "interactive > service"? The key point here is the inheritance of the client end of the named pipe that's being used to request privileged operations. If there would just be a named pipe anyone could connect to, anyone could modify i.e. the routing table. Something MS tries to prevent obviously. > OTOH, if you're going to start OpenVPN as a service anyway, > it probably doesn't really make much of a difference. Although this > could mean that you can keep the GUI-facing side of OpenVPN identical > to what it is now... the "interactive service" would just be an > implementation detail of how openvpn performs its privileged > operations. I got lost at "going to start OpenVPN as a service anyway". Openvpn isn't started as a service, the service starts openvpn. Openvpn is not running with same token the service runs, but the token of the GUI that invoked the service. > Does creating a tun/tap device belong to the operations that need > special privileges under windows? If so, this sounds a lot like an > interface that might also allow splitting off most of the system > specific code ... as in, this could also work on Android, no? No, that example was a spin off to my lengthy and highly fictional NetworkManager story. =) Essentially you're right, though. It could be used as such. Usually I#d say that stuff that can be setup before privileges are dropped should be done at that time. Setting of routes can only be done after privdrop and that's the main use for the new interface. Regards Heiko -- Heiko Hund | Software Engineer | Phone +49-721-25516-237 | Fax -200 Astaro a Sophos Company | Amalienbadstr. 41 Bau 52 | 76227 Karlsruhe | Germany Commercial Register: Mannheim HRA 702710 | Headquarter Location: Karlsruhe Represented by the General Partner Astaro Verwaltungs GmbH Amalienbadstraße 41 Bau 52 | 76227 Karlsruhe | Germany Commercial Register: Mannheim HRB 708248 | Executive Board: Gert Hansen, Markus Hennig, Jan Hichert, Günter Junk, Dr. Frank Nellissen
