Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry Web Services

Reply
Highlighted
Developer
Posts: 1,068
Registered: ‎11-24-2011
My Device: PlayBook
My Carrier: x
Accepted Solution

Accessing network resources via BES/UDS or whatever you call it

Hello.

I apologize if this is wrong place to post my question please move it to proper one if it is.

Scenario: I have an Z10/Q10 app (ssh client) that perfectly well works without Balance or if installed in Personal zone. Now users want to utilize this app to connect to their servers connected to their LAN in the office. They install the app in Work space but cannot connect to anything. Investigation revealed that when you install an app in Work space only one interface is visible for you - local interface with an IP 127.0.0.1.

Question - how to overcome this? Should I get some authorization from BlackBerry for my app? Or probably BES admins should configure some magic to allow this app use local network resource.

Please give me right direction. I am lost.

Thanks!

 

PS: quote from here https://partners.blackberry.com/web/guest/blackberry-10-faq just does not sound true:

Q: How do I configure my application to gain access to behind the firewall application and web servers?

A: If the BlackBerry 10 smartphone is activated on a BlackBerry Enterprise Service 10 Server then you won't have to be concerned with this. The BlackBerry 10 smartphone will automatically inherit a VPN like connection through the firewall, thanks to the Mobile Data Service component, without all of the complexity of configuring a VPN profile.
Retired
Posts: 2,559
Registered: ‎10-16-2009
My Device: BlackBerry Z10
My Carrier: Bell

Re: Accessing network resources via BES/UDS or whatever you call it

For most pps the networking will be handled transparently, but if using low level code like cURL then you need to explicitly set the proxy details before attempting the connection. The following codee shows how this can be done and works well for both standard (non-proxy) and proxy (such as Work perimeter) scenarios:

https://github.com/blackberry/NDK-Samples/tree/master/HttpProxy

Garett
@garettBeuk
--
Goodbye everybody!
Developer
Posts: 1,068
Registered: ‎11-24-2011
My Device: PlayBook
My Carrier: x

Re: Accessing network resources via BES/UDS or whatever you call it

Thanks Garett! I suspected something like proxy. Now at least I have a direction. Will be digging further.

Developer
Posts: 1,068
Registered: ‎11-24-2011
My Device: PlayBook
My Carrier: x

Re: Accessing network resources via BES/UDS or whatever you call it

I thouroughly examined this example but... netstatus_get_proxy_details() cat give me information only about http, https and ftp proxies. To make ssh connection I need proxying on TCP level - something like SOCKS. Consider general example. There is a server on office network that listens on arbitrary TCP port X. There is a client on BB10 device that needs connection to this server port X. Nothing to do with upper layer protocols HTTP/FTP/etc, it is totally proprietary. How is this implemented? What proxy to use?

BlackBerry Development Advisor
Posts: 143
Registered: ‎03-08-2012
My Device: Z10
My Carrier: Bell

Re: Accessing network resources via BES/UDS or whatever you call it

Hi.

 

You can use the proxy returned by this call for TCP sockets via HTTP CONNECT.  You can use the following code snippet (after filling in some missing details) to initiate a curl connection through the proxy and then to use the socket for SSH or whatever other socket operations you want:

 

   if (proxy_host != NULL && proxy_host[0] != '\0') {
        curlctx = curl_easy_init();
        if (curlctx == NULL) {           
            return ECONNABORTED;
        }
        curl_easy_setopt(conn->curlctx, CURLOPT_PROXY, proxy_host);
        curl_easy_setopt(conn->curlctx, CURLOPT_HTTPPROXYTUNNEL, 1L );
        curl_easy_setopt(conn->curlctx, CURLOPT_CONNECT_ONLY, 1L );
 
        if (src_port) {
            curl_easy_setopt(conn->curlctx, CURLOPT_LOCALPORT, <local port>);
        }
        curl_easy_setopt(conn->curlctx, CURLOPT_URL, <remote host name>);
        curl_easy_setopt(conn->curlctx, CURLOPT_PORT, <remote host port>);
 
        if (proxy_userpwd) {
            curl_easy_setopt(conn->curlctx, CURLOPT_PROXYAUTH, CURLAUTH_BASIC | CURLAUTH_DIGEST | CURLAUTH_NTLM);
            curl_easy_setopt(conn->curlctx, CURLOPT_PROXYUSERPWD, proxy_userpwd);
        }
 
        if ((err = curl_easy_perform(curlctx)) != 0) {
            /* uh-oh, this <remote host> entry probably is invalid */
            if (err == CURLE_RECV_ERROR) {
                // check to see if this is due to invalid credential
                long connect_code;
                curl_easy_getinfo(conn->curlctx, CURLINFO_HTTP_CONNECTCODE, (long *)&connect_code);
                if (connect_code == 407) {
                    …
                }
            }
            curl_easy_cleanup(curlctx);
            curlctx = NULL;
            return ENETUNREACH;
        }
        curl_easy_getinfo(conn->curlctx, CURLINFO_LASTSOCKET, (long *)&sock);
        fcntl(sock, F_SETFL, fcntl(sock, F_GETFL, 0 ) & ~O_NONBLOCK );
       
    }

Let me know if this helps.  I also have code to do something similar without curl although it does not handle authentication.

 

 

 

Developer
Posts: 1,068
Registered: ‎11-24-2011
My Device: PlayBook
My Carrier: x

Re: Accessing network resources via BES/UDS or whatever you call it

Hello again,

thanks for your very detailed explanation (especially about usin CONNECT method). Although I am not using curl (my app is an OpenSSH client ported to BB and running from within sh so the last thing I wanted was to modify its socket stuff) I've come up with a solution utilizing OpenSSH' Host * ProxyCommand approach in .ssh/config file.

Then I've managed to compile for BB10 this tiny beatiful helper http://www.agroman.net/corkscrew/ and it works great with my Apache proxy.

Now the problem is I don't have any means to test BlackBerry Balance, i.e. install my app in Work space.

So cn you pleae confirm that netstatus_get_proxy_details() will return proxy details to be used to connect to network resources connected to LAN where BES is installed (or I suspect any network resource)? Or probably there is a way to test this for me?

I'd hate to publish my app in BB world that would not work -(

Thanks again!

BlackBerry Development Advisor
Posts: 143
Registered: ‎03-08-2012
My Device: Z10
My Carrier: Bell

Re: Accessing network resources via BES/UDS or whatever you call it

Yes, it should return the BES proxy when the app is deployed to the Work perimeter. 

 

Developer
Posts: 1,068
Registered: ‎11-24-2011
My Device: PlayBook
My Carrier: x

Re: Accessing network resources via BES/UDS or whatever you call it

Customer reports no luck -(

Working with proxy settings read from Connection proxy settings in Home area. Does not work in Work area.

 

If anybody has BES10 deployment and can add my Z10 for testing purposes that would be greately appreciated.

 

Developer
Posts: 1,068
Registered: ‎11-24-2011
My Device: PlayBook
My Carrier: x

Re: Accessing network resources via BES/UDS or whatever you call it

Thank you once again.

Everything is working well -)

New Developer
Posts: 3
Registered: ‎02-25-2014
My Device: z10
My Carrier: a1

Re: Accessing network resources via BES/UDS or whatever you call it

hello!

i need some further information about this topic.

i did not find any documentation anywhere else so i hope you can help me out.

what is the best practice for an app installed in work perimeter  to make a raw socket connection to access network resources other than http/ftp behind my company firewall? so i want something like 

 

int sock = socket(AF_INET, SOCK_STREAM,0);

connect(...) //using an host/ip inside my company and port 1234

write(...)

close(sock)