Hi All,
I have been using slightly better authorization model sample program for executing OpenVPN command from the shell. It seems that while adding the IP into the routing table, I get the following error at Leopard ( 10.6.8 ) - "route: must be root to alter routing table". In Lion ( 10.7.2 ) the same authorization model works fine for me. There is no routing table insertion error as above. Is there any difference between the AuthorizationCreate() & AuthorizationExecuteWithPrivileges() calls on Lion and Leopard? If I want to stick with the same authorization elevation model, will there be any additional flag(s) to be set for Leopard program? Below are my current flag setting :
int main() {
OSStatus myStatus;
AuthorizationFlags myFlags = kAuthorizationFlagDefaults; // 1
AuthorizationRef myAuthorizationRef; // 2
myStatus = AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment, // 3
myFlags, &myAuthorizationRef);
if (myStatus != errAuthorizationSuccess)
return myStatus;
{
AuthorizationItem myItems = {kAuthorizationRightExecute, 0, // 4
NULL, 0};
AuthorizationRights myRights = {1, &myItems}; // 5
myFlags = kAuthorizationFlagDefaults | // 6
kAuthorizationFlagInteractionAllowed |
kAuthorizationFlagPreAuthorize |
kAuthorizationFlagExtendRights;
myStatus = AuthorizationCopyRights (myAuthorizationRef, // 7
&myRights, NULL, myFlags, NULL );
}
if (myStatus != errAuthorizationSuccess) goto DoneWorking;
{
char myToolPath[] = "/Applications/MyApp/MyApp.app/Contents/Resources/openvpn";
char *myArguments[] = { "--remote","us1.vpn.testnw.com", "1194", "udp" , "--config", "/Applications/MyApp/MyApp.app/Contents/Resources/cfg/myapp_openvpn160.conf", NULL };
FILE *myCommunicationsPipe = NULL;
char myReadBuffer[128];
myFlags = kAuthorizationFlagDefaults; // 8
myStatus = AuthorizationExecuteWithPrivileges // 9
(myAuthorizationRef, myToolPath, myFlags, myArguments,
&myCommunicationsPipe);
if (myStatus == errAuthorizationSuccess)
for(;
{
int bytesRead = read (fileno (myCommunicationsPipe),
( unsigned char * ) myReadBuffer, sizeof (myReadBuffer));
if (bytesRead < 1) goto DoneWorking;
write (fileno (stdout), (unsigned char * ) myReadBuffer, bytesRead);
}
}
DoneWorking:
AuthorizationFree (myAuthorizationRef, kAuthorizationFlagDefaults); // 10
if (myStatus) printf("Status: %ld\n", myStatus);
return myStatus;
}
I am struck with this problem for more than 2 days. Any help on this is more appreciated.
Thanks,
Globalian
I have been using slightly better authorization model sample program for executing OpenVPN command from the shell. It seems that while adding the IP into the routing table, I get the following error at Leopard ( 10.6.8 ) - "route: must be root to alter routing table". In Lion ( 10.7.2 ) the same authorization model works fine for me. There is no routing table insertion error as above. Is there any difference between the AuthorizationCreate() & AuthorizationExecuteWithPrivileges() calls on Lion and Leopard? If I want to stick with the same authorization elevation model, will there be any additional flag(s) to be set for Leopard program? Below are my current flag setting :
int main() {
OSStatus myStatus;
AuthorizationFlags myFlags = kAuthorizationFlagDefaults; // 1
AuthorizationRef myAuthorizationRef; // 2
myStatus = AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment, // 3
myFlags, &myAuthorizationRef);
if (myStatus != errAuthorizationSuccess)
return myStatus;
{
AuthorizationItem myItems = {kAuthorizationRightExecute, 0, // 4
NULL, 0};
AuthorizationRights myRights = {1, &myItems}; // 5
myFlags = kAuthorizationFlagDefaults | // 6
kAuthorizationFlagInteractionAllowed |
kAuthorizationFlagPreAuthorize |
kAuthorizationFlagExtendRights;
myStatus = AuthorizationCopyRights (myAuthorizationRef, // 7
&myRights, NULL, myFlags, NULL );
}
if (myStatus != errAuthorizationSuccess) goto DoneWorking;
{
char myToolPath[] = "/Applications/MyApp/MyApp.app/Contents/Resources/openvpn";
char *myArguments[] = { "--remote","us1.vpn.testnw.com", "1194", "udp" , "--config", "/Applications/MyApp/MyApp.app/Contents/Resources/cfg/myapp_openvpn160.conf", NULL };
FILE *myCommunicationsPipe = NULL;
char myReadBuffer[128];
myFlags = kAuthorizationFlagDefaults; // 8
myStatus = AuthorizationExecuteWithPrivileges // 9
(myAuthorizationRef, myToolPath, myFlags, myArguments,
&myCommunicationsPipe);
if (myStatus == errAuthorizationSuccess)
for(;
{
int bytesRead = read (fileno (myCommunicationsPipe),
( unsigned char * ) myReadBuffer, sizeof (myReadBuffer));
if (bytesRead < 1) goto DoneWorking;
write (fileno (stdout), (unsigned char * ) myReadBuffer, bytesRead);
}
}
DoneWorking:
AuthorizationFree (myAuthorizationRef, kAuthorizationFlagDefaults); // 10
if (myStatus) printf("Status: %ld\n", myStatus);
return myStatus;
}
I am struck with this problem for more than 2 days. Any help on this is more appreciated.
Thanks,
Globalian