FAH Application Filter (early beta)
Posted: Sat Aug 24, 2013 6:50 am
just in case someone need a similar solution: an application filter for FAH client.
Why I hacked it tougher ? I have normally a VPN into my network; but for some app review with Apple I need to provide them access to a folding client. So I could provide them access into my VPN or I just open temporary a port in the firewall and do port forwarding. The later one is easier and faster to establish; of course more insecure.
Since the socket port could be addressed from outside with any telnet and allow all remote command I wanted a bit more (semi) security. That should be delivered by this python script.
It will establish itself a server to be targeted by the port forwarding and will itself be the client for the remote API to the FAH client.
Also I don't want all commands to be used by externals so I filter those commands usefull and block all other.
In case you have similar needs here the code (if you have any suggestions those are more then welcome !!)
Update: played more and its quite bumpy ; specially if a connection get disconnected
Why I hacked it tougher ? I have normally a VPN into my network; but for some app review with Apple I need to provide them access to a folding client. So I could provide them access into my VPN or I just open temporary a port in the firewall and do port forwarding. The later one is easier and faster to establish; of course more insecure.
Since the socket port could be addressed from outside with any telnet and allow all remote command I wanted a bit more (semi) security. That should be delivered by this python script.
It will establish itself a server to be targeted by the port forwarding and will itself be the client for the remote API to the FAH client.
Also I don't want all commands to be used by externals so I filter those commands usefull and block all other.
In case you have similar needs here the code (if you have any suggestions those are more then welcome !!)
Code: Select all
#! /usr/bin/env python
#
# (c) Christian Lohmann, 2013
#
# a little application-level filter for remote FAH client access
# potentially usefull when port forwarding from outside to internal FAH clients
# manage a positive list of commands accepted to be routed from outside to the FAH client
#
import os
import sys
import time
import socket
import select
import string
def FAHFilterAgent(hn):
HOST, PORT = hn, 36330
HOST, PORTs = hn, 36333
backlog = 5
size = 1024
print "FAHFilter for:", hn, "port", PORTs
#
# establish proxy server on the give host and port
sockProxy = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sockProxy.setblocking(0)
sockProxy.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
sockProxy.bind((HOST, PORTs))
sockProxy.listen(backlog)
# connect to the FAH client (right now same host; different port)
sockFAH = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sockFAH.connect((HOST, PORT))
# lists of sockets
input = [sockProxy, sockFAH, sys.stdin]
clientList = []
running = 1
while running:
try:
ready_to_read, ready_to_write, in_error = \
select.select(input, [], [])
for s in ready_to_read:
if s == sockProxy:
# a new client want to conncet
client, adress = sockProxy.accept()
input.append(client)
clientList.append(client)
print "connection ", client, adress, "established"
elif s == sockFAH:
# read a data block
data = s.recv(size)
for c in clientList:
c.send(data)
elif s == sys.stdin:
# close all client connections
junk = sys.stdin.readline()
for s in clientList:
print "close connection", s
s.shutdown(socket.SHUT_RDWR)
s.close()
running = 0
break
else:
# read a data block
data = s.recv(size)
sn = s.getsockname()
print "from", s
if data:
print data, "from", s
if data.startswith("auth"): sockFAH.send(data)
elif data.startswith("info"): sockFAH.send(data)
elif data.startswith("exit"): sockFAH.send(data)
elif data.startswith("sleep"): sockFAH.send(data)
elif data.startswith("updates"): sockFAH.send(data)
elif data.startswith("log-updates"): sockFAH.send(data)
elif data.startswith("pause"): sockFAH.send(data)
elif data.startswith("unpause"): sockFAH.send(data)
elif data.startswith("finish"): sockFAH.send(data)
else: print "command", data, "ignored"
else:
s.close()
input.remove(s)
except IOError as e:
print e
sockProxy.close()
sockFAH.close()
FAHFilterAgent("donation")