Embedded OpenVPN executable in Mac Application (Qt)
Posted: Wed Apr 08, 2015 5:31 pm
Hi there,
I'm trying to embed the community version of OpenVPN into my Qt Application, it's working great on Windows but I have some issue on Mac related to admin right and DNS/DomainSearch.
I build OpenVPN as a static library, and embed it in my Mac Application bundle. I have few issues :
- DNS and SearchDomains are not automatically setup after connection, I'm using the up / down script to do it inspired by the script provided by TunnelBlick. This works if I run the openVPN with sudo command, but I don't want to do it on my application. My app write few config file and don't want the owner of the file change to root. I would like to run only openVPN executable from my app with correct admin rights.
- I would like to give OpenVPN program sudo right, but ask the user for its password only once. I used setuid technique by changing permission on OpenVPN executable to 4755 and owner to root. It then run ok without asking sudo anytime, but the up/down script doesn't work anymore. Probably because the sudo right apply only to the openVPN executable and not to all the commands that are executed by the script.
- If my application bundle is deploy in a USB device, then the setuid tricks can't work anymore because the Volumes is mounted with -nosuid flag.
I'm happy to listen to other options I have to launch my OpenVPN executable from my application with requestion admin right only once. I'm using QProcess to interact with OpenVPN process and read the output, it's very convenient because the openVPN process become a child process so I would try to keep it this way.
Thanks a lot for your help,
I'm trying to embed the community version of OpenVPN into my Qt Application, it's working great on Windows but I have some issue on Mac related to admin right and DNS/DomainSearch.
I build OpenVPN as a static library, and embed it in my Mac Application bundle. I have few issues :
- DNS and SearchDomains are not automatically setup after connection, I'm using the up / down script to do it inspired by the script provided by TunnelBlick. This works if I run the openVPN with sudo command, but I don't want to do it on my application. My app write few config file and don't want the owner of the file change to root. I would like to run only openVPN executable from my app with correct admin rights.
- I would like to give OpenVPN program sudo right, but ask the user for its password only once. I used setuid technique by changing permission on OpenVPN executable to 4755 and owner to root. It then run ok without asking sudo anytime, but the up/down script doesn't work anymore. Probably because the sudo right apply only to the openVPN executable and not to all the commands that are executed by the script.
- If my application bundle is deploy in a USB device, then the setuid tricks can't work anymore because the Volumes is mounted with -nosuid flag.
I'm happy to listen to other options I have to launch my OpenVPN executable from my application with requestion admin right only once. I'm using QProcess to interact with OpenVPN process and read the output, it's very convenient because the openVPN process become a child process so I would try to keep it this way.
Thanks a lot for your help,