Initial import from http://code.google.com/p/connectbot/ (r416)

[android-x86/packages-apps-ConnectBot.git] / src / com / trilead / ssh2 / channel / RemoteX11AcceptThread.java

\r
package com.trilead.ssh2.channel;\r
\r
import java.io.IOException;\r
import java.io.InputStream;\r
import java.io.OutputStream;\r
import java.net.Socket;\r
\r
import com.trilead.ssh2.log.Logger;\r
\r
\r
/**\r
 * RemoteX11AcceptThread.\r
 * \r
 * @author Christian Plattner, plattner@trilead.com\r
 * @version $Id: RemoteX11AcceptThread.java,v 1.2 2008/04/01 12:38:09 cplattne Exp $\r
 */\r
public class RemoteX11AcceptThread extends Thread\r
{\r
        private static final Logger log = Logger.getLogger(RemoteX11AcceptThread.class);\r
\r
        Channel c;\r
\r
        String remoteOriginatorAddress;\r
        int remoteOriginatorPort;\r
\r
        Socket s;\r
\r
        public RemoteX11AcceptThread(Channel c, String remoteOriginatorAddress, int remoteOriginatorPort)\r
        {\r
                this.c = c;\r
                this.remoteOriginatorAddress = remoteOriginatorAddress;\r
                this.remoteOriginatorPort = remoteOriginatorPort;\r
        }\r
\r
        public void run()\r
        {\r
                try\r
                {\r
                        /* Send Open Confirmation */\r
\r
                        c.cm.sendOpenConfirmation(c);\r
\r
                        /* Read startup packet from client */\r
\r
                        OutputStream remote_os = c.getStdinStream();\r
                        InputStream remote_is = c.getStdoutStream();\r
\r
                        /* The following code is based on the protocol description given in:\r
                         * Scheifler/Gettys,\r
                         * X Windows System: Core and Extension Protocols:\r
                         * X Version 11, Releases 6 and 6.1 ISBN 1-55558-148-X\r
                         */\r
\r
                        /*\r
                         * Client startup:\r
                         * \r
                         * 1 0X42 MSB first/0x6c lSB first - byteorder\r
                         * 1 - unused\r
                         * 2 card16 - protocol-major-version\r
                         * 2 card16 - protocol-minor-version\r
                         * 2 n - lenght of authorization-protocol-name\r
                         * 2 d - lenght of authorization-protocol-data\r
                         * 2 - unused\r
                         * string8 - authorization-protocol-name\r
                         * p - unused, p=pad(n)\r
                         * string8 - authorization-protocol-data\r
                         * q - unused, q=pad(d)\r
                         * \r
                         * pad(X) = (4 - (X mod 4)) mod 4\r
                         * \r
                         * Server response:\r
                         * \r
                         * 1 (0 failed, 2 authenticate, 1 success)\r
                         * ...\r
                         * \r
                         */\r
\r
                        /* Later on we will simply forward the first 6 header bytes to the "real" X11 server */\r
\r
                        byte[] header = new byte[6];\r
\r
                        if (remote_is.read(header) != 6)\r
                                throw new IOException("Unexpected EOF on X11 startup!");\r
\r
                        if ((header[0] != 0x42) && (header[0] != 0x6c)) // 0x42 MSB first, 0x6C LSB first\r
                                throw new IOException("Unknown endian format in X11 message!");\r
\r
                        /* Yes, I came up with this myself - shall I file an application for a patent? =) */\r
                        \r
                        int idxMSB = (header[0] == 0x42) ? 0 : 1;\r
\r
                        /* Read authorization data header */\r
\r
                        byte[] auth_buff = new byte[6];\r
\r
                        if (remote_is.read(auth_buff) != 6)\r
                                throw new IOException("Unexpected EOF on X11 startup!");\r
\r
                        int authProtocolNameLength = ((auth_buff[idxMSB] & 0xff) << 8) | (auth_buff[1 - idxMSB] & 0xff);\r
                        int authProtocolDataLength = ((auth_buff[2 + idxMSB] & 0xff) << 8) | (auth_buff[3 - idxMSB] & 0xff);\r
\r
                        if ((authProtocolNameLength > 256) || (authProtocolDataLength > 256))\r
                                throw new IOException("Buggy X11 authorization data");\r
\r
                        int authProtocolNamePadding = ((4 - (authProtocolNameLength % 4)) % 4);\r
                        int authProtocolDataPadding = ((4 - (authProtocolDataLength % 4)) % 4);\r
\r
                        byte[] authProtocolName = new byte[authProtocolNameLength];\r
                        byte[] authProtocolData = new byte[authProtocolDataLength];\r
\r
                        byte[] paddingBuffer = new byte[4];\r
\r
                        if (remote_is.read(authProtocolName) != authProtocolNameLength)\r
                                throw new IOException("Unexpected EOF on X11 startup! (authProtocolName)");\r
\r
                        if (remote_is.read(paddingBuffer, 0, authProtocolNamePadding) != authProtocolNamePadding)\r
                                throw new IOException("Unexpected EOF on X11 startup! (authProtocolNamePadding)");\r
\r
                        if (remote_is.read(authProtocolData) != authProtocolDataLength)\r
                                throw new IOException("Unexpected EOF on X11 startup! (authProtocolData)");\r
\r
                        if (remote_is.read(paddingBuffer, 0, authProtocolDataPadding) != authProtocolDataPadding)\r
                                throw new IOException("Unexpected EOF on X11 startup! (authProtocolDataPadding)");\r
\r
                        if ("MIT-MAGIC-COOKIE-1".equals(new String(authProtocolName, "ISO-8859-1")) == false)\r
                                throw new IOException("Unknown X11 authorization protocol!");\r
\r
                        if (authProtocolDataLength != 16)\r
                                throw new IOException("Wrong data length for X11 authorization data!");\r
\r
                        StringBuffer tmp = new StringBuffer(32);\r
                        for (int i = 0; i < authProtocolData.length; i++)\r
                        {\r
                                String digit2 = Integer.toHexString(authProtocolData[i] & 0xff);\r
                                tmp.append((digit2.length() == 2) ? digit2 : "0" + digit2);\r
                        }\r
                        String hexEncodedFakeCookie = tmp.toString();\r
\r
                        /* Order is very important here - it may be that a certain x11 forwarding\r
                         * gets disabled right in the moment when we check and register our connection\r
                         * */\r
\r
                        synchronized (c)\r
                        {\r
                                /* Please read the comment in Channel.java */\r
                                c.hexX11FakeCookie = hexEncodedFakeCookie;\r
                        }\r
\r
                        /* Now check our fake cookie directory to see if we produced this cookie */\r
\r
                        X11ServerData sd = c.cm.checkX11Cookie(hexEncodedFakeCookie);\r
\r
                        if (sd == null)\r
                                throw new IOException("Invalid X11 cookie received.");\r
\r
                        /* If the session which corresponds to this cookie is closed then we will\r
                         * detect this: the session's close code will close all channels\r
                         * with the session's assigned x11 fake cookie.\r
                         */\r
\r
                        s = new Socket(sd.hostname, sd.port);\r
\r
                        OutputStream x11_os = s.getOutputStream();\r
                        InputStream x11_is = s.getInputStream();\r
\r
                        /* Now we are sending the startup packet to the real X11 server */\r
\r
                        x11_os.write(header);\r
\r
                        if (sd.x11_magic_cookie == null)\r
                        {\r
                                byte[] emptyAuthData = new byte[6];\r
                                /* empty auth data, hopefully you are connecting to localhost =) */\r
                                x11_os.write(emptyAuthData);\r
                        }\r
                        else\r
                        {\r
                                if (sd.x11_magic_cookie.length != 16)\r
                                        throw new IOException("The real X11 cookie has an invalid length!");\r
\r
                                /* send X11 cookie specified by client */\r
                                x11_os.write(auth_buff);\r
                                x11_os.write(authProtocolName); /* re-use */\r
                                x11_os.write(paddingBuffer, 0, authProtocolNamePadding);\r
                                x11_os.write(sd.x11_magic_cookie);\r
                                x11_os.write(paddingBuffer, 0, authProtocolDataPadding);\r
                        }\r
\r
                        x11_os.flush();\r
\r
                        /* Start forwarding traffic */\r
\r
                        StreamForwarder r2l = new StreamForwarder(c, null, null, remote_is, x11_os, "RemoteToX11");\r
                        StreamForwarder l2r = new StreamForwarder(c, null, null, x11_is, remote_os, "X11ToRemote");\r
\r
                        /* No need to start two threads, one can be executed in the current thread */\r
\r
                        r2l.setDaemon(true);\r
                        r2l.start();\r
                        l2r.run();\r
\r
                        while (r2l.isAlive())\r
                        {\r
                                try\r
                                {\r
                                        r2l.join();\r
                                }\r
                                catch (InterruptedException e)\r
                                {\r
                                }\r
                        }\r
\r
                        /* If the channel is already closed, then this is a no-op */\r
\r
                        c.cm.closeChannel(c, "EOF on both X11 streams reached.", true);\r
                        s.close();\r
                }\r
                catch (IOException e)\r
                {\r
                        log.log(50, "IOException in X11 proxy code: " + e.getMessage());\r
\r
                        try\r
                        {\r
                                c.cm.closeChannel(c, "IOException in X11 proxy code (" + e.getMessage() + ")", true);\r
                        }\r
                        catch (IOException e1)\r
                        {\r
                        }\r
                        try\r
                        {\r
                                if (s != null)\r
                                        s.close();\r
                        }\r
                        catch (IOException e1)\r
                        {\r
                        }\r
                }\r
        }\r
}\r