java/com/tigervnc/vncviewer/tunnel.java

/*
 *  Copyright (C) 2012 Brian P. Hinz.  All Rights Reserved.
 *  Copyright (C) 2000 Const Kaplinsky.  All Rights Reserved.
 *  Copyright (C) 1999 AT&T Laboratories Cambridge.  All Rights Reserved.
 *
 *  This is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This software is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this software; if not, write to the Free Software
 *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
 *  USA.
 */

/*
 * tunnel.java - SSH tunneling support
 */

package com.tigervnc.vncviewer;

import java.io.File;
import java.lang.Character;
import java.util.ArrayList;
import java.util.Iterator;

import com.tigervnc.rdr.*;
import com.tigervnc.rfb.*;
import com.tigervnc.network.*;

import com.jcraft.jsch.JSch;
import com.jcraft.jsch.Session;

public class tunnel
{
  private final static Integer SERVER_PORT_OFFSET = 5900;;
  private final static String DEFAULT_SSH_CMD = "/usr/bin/ssh";
  private final static String DEFAULT_TUNNEL_CMD
    = DEFAULT_SSH_CMD+" -f -L %L:localhost:%R %H sleep 20";
  private final static String DEFAULT_VIA_CMD
    = DEFAULT_SSH_CMD+" -f -L %L:%H:%R %G sleep 20";

  private final static int H = 17;
  private final static int G = 16;
  private final static int R = 27;
  private final static int L = 21;

  /* True if there was -tunnel or -via option in the command line. */
  private static boolean tunnelSpecified = false;

  /* True if it was -tunnel, not -via option. */
  private static boolean tunnelOption = false;

  /* "Hostname:display" pair in the command line will be substituted
     by this fake argument when tunneling is used. */
  private static String lastArgv;

  private static String tunnelEndpoint;

  public static Boolean
  createTunnel(int pargc, String[] argv, int tunnelArgIndex)
  {
    char[] pattern;
    char[] cmd = new char[1024];
    int[] localPort = new int[1];
    int[] remotePort = new int[1];
    char[] localPortStr = new char[8];
    char[] remotePortStr = new char[8];
    StringBuilder gatewayHost = new StringBuilder("");
    StringBuilder remoteHost = new StringBuilder("localhost");

    tunnelSpecified = true;
    if (argv[tunnelArgIndex].equalsIgnoreCase("-tunnel"))
      tunnelOption = true;

    pattern = getCmdPattern();
    if (pattern == null)
      return false;

    localPort[0] = TcpSocket.findFreeTcpPort();
    if (localPort[0] == 0)
      return false;

    if (tunnelOption) {
      processTunnelArgs(remoteHost, remotePort, localPort,
  		      pargc, argv, tunnelArgIndex);
    } else {
      processViaArgs(gatewayHost, remoteHost, remotePort, localPort,
  		   pargc, argv, tunnelArgIndex);
    }

    localPortStr = Integer.toString(localPort[0]).toCharArray();
    remotePortStr = Integer.toString(remotePort[0]).toCharArray();

    if (!fillCmdPattern(cmd, pattern, gatewayHost.toString().toCharArray(),
		remoteHost.toString().toCharArray(), remotePortStr, localPortStr))
      return false;

    if (!runCommand(new String(cmd)))
      return false;

    return true;
  }

  private static void
  processTunnelArgs(StringBuilder remoteHost, int[] remotePort,
                    int[] localPort, int pargc, String[] argv,
                    int tunnelArgIndex)
  {
    String pdisplay;

    if (tunnelArgIndex >= pargc - 1)
      VncViewer.usage();

    pdisplay = argv[pargc - 1].split(":")[1];
    if (pdisplay == null || pdisplay == argv[pargc - 1])
      VncViewer.usage();

    if (pdisplay.matches("/[^0-9]/"))
      VncViewer.usage();

    remotePort[0] = Integer.parseInt(pdisplay);
    if (remotePort[0] < 100)
      remotePort[0] = remotePort[0] + SERVER_PORT_OFFSET;

    lastArgv = new String("localhost::"+localPort[0]);

    remoteHost.setLength(0);
    remoteHost.insert(0, argv[pargc - 1].split(":")[0]);
    argv[pargc - 1] = lastArgv;

    //removeArgs(pargc, argv, tunnelArgIndex, 1);
  }

  private static void
  processViaArgs(StringBuilder gatewayHost, StringBuilder remoteHost,
  	       int[] remotePort, int[] localPort,
  	       int pargc, String[] argv, int tunnelArgIndex)
  {
    String colonPos;
    int len, portOffset;
    int disp;

    if (tunnelArgIndex >= pargc - 2)
      VncViewer.usage();

    colonPos = argv[pargc - 1].split(":", 2)[1];
    if (colonPos == null) {
      /* No colon -- use default port number */
      remotePort[0] = SERVER_PORT_OFFSET;
    } else {
      len = colonPos.length();
      portOffset = SERVER_PORT_OFFSET;
      if (colonPos.startsWith(":")) {
        /* Two colons -- interpret as a port number */
        colonPos.replaceFirst(":", "");
        len--;
        portOffset = 0;
      }
      if (len == 0 || colonPos.matches("/[^0-9]/")) {
        VncViewer.usage();
      }
      disp = Integer.parseInt(colonPos);
      if (portOffset != 0 && disp >= 100)
        portOffset = 0;
      remotePort[0] = disp + portOffset;
    }

    lastArgv = "localhost::"+localPort[0];

    gatewayHost.setLength(0);
    gatewayHost.insert(0, argv[tunnelArgIndex + 1]);

    if (!argv[pargc - 1].split(":", 2)[0].equals("")) {
      remoteHost.setLength(0);
      remoteHost.insert(0, argv[pargc - 1].split(":", 2)[0]);
    }

    argv[pargc - 1] = lastArgv;

    //removeArgs(pargc, argv, tunnelArgIndex, 2);
  }

  private static char[]
  getCmdPattern()
  {
    String pattern = "";

    try {
      if (tunnelOption) {
        pattern = System.getProperty("VNC_TUNNEL_CMD");
      } else {
        pattern = System.getProperty("VNC_VIA_CMD");
      }
    } catch (java.lang.Exception e) {
      vlog.info(e.toString());
    }
    if (pattern == null || pattern.equals(""))
      pattern = (tunnelOption) ? DEFAULT_TUNNEL_CMD : DEFAULT_VIA_CMD;

    return pattern.toCharArray();
  }

  /* Note: in fillCmdPattern() result points to a 1024-byte buffer */

  private static boolean
  fillCmdPattern(char[] result, char[] pattern,
  	       char[] gatewayHost, char[] remoteHost,
  	       char[] remotePort, char[] localPort)
  {
    int i, j;
    boolean H_found = false, G_found = false, R_found = false, L_found = false;

    for (i=0, j=0; i < pattern.length && j<1023; i++, j++) {
      if (pattern[i] == '%') {
        switch (pattern[++i]) {
        case 'H':
  	System.arraycopy(remoteHost, 0, result, j, remoteHost.length);
  	j += remoteHost.length;
  	H_found = true;
        tunnelEndpoint = new String(remoteHost);
  	continue;
        case 'G':
  	System.arraycopy(gatewayHost, 0, result, j, gatewayHost.length);
  	j += gatewayHost.length;
  	G_found = true;
        tunnelEndpoint = new String(gatewayHost);
  	continue;
        case 'R':
  	System.arraycopy(remotePort, 0, result, j, remotePort.length);
  	j += remotePort.length;
  	R_found = true;
  	continue;
        case 'L':
  	System.arraycopy(localPort, 0, result, j, localPort.length);
  	j += localPort.length;
  	L_found = true;
  	continue;
        case '\0':
  	i--;
  	continue;
        }
      }
      result[j] = pattern[i];
    }

    if (pattern.length > 1024) {
      vlog.error("Tunneling command is too long.");
      return false;
    }

    if (!H_found || !R_found || !L_found) {
      vlog.error("%H, %R or %L absent in tunneling command.");
      return false;
    }
    if (!tunnelOption && !G_found) {
      vlog.error("%G pattern absent in tunneling command.");
      return false;
    }

    return true;
  }

  private static Boolean
  runCommand(String cmd)
  {
    try{
      JSch jsch=new JSch();
      String homeDir = new String("");
      try {
        homeDir = System.getProperty("user.home");
      } catch(java.security.AccessControlException e) {
        System.out.println("Cannot access user.home system property");
      }
      // NOTE: jsch does not support all ciphers.  User may be
      //       prompted to accept host key authenticy even if
      //       the key is in the known_hosts file.
      File knownHosts = new File(homeDir+"/.ssh/known_hosts");
      if (knownHosts.exists() && knownHosts.canRead())
	      jsch.setKnownHosts(knownHosts.getAbsolutePath());
      ArrayList<File> privateKeys = new ArrayList<File>();
      privateKeys.add(new File(homeDir+"/.ssh/id_rsa"));
      privateKeys.add(new File(homeDir+"/.ssh/id_dsa"));
      for (Iterator<File> i = privateKeys.iterator(); i.hasNext();) {
        File privateKey = (File)i.next();
        if (privateKey.exists() && privateKey.canRead())
	        jsch.addIdentity(privateKey.getAbsolutePath());
      }
      // username and passphrase will be given via UserInfo interface.
      PasswdDialog dlg = new PasswdDialog(new String("SSH Authentication"), false, false);
      dlg.promptPassword(new String("SSH Authentication"));

      Session session=jsch.getSession(dlg.userEntry.getText(), tunnelEndpoint, 22);
      session.setPassword(new String(dlg.passwdEntry.getPassword()));
      session.connect();

      String[] tokens = cmd.split("\\s");
      for (int i = 0; i < tokens.length; i++) {
        if (tokens[i].equals("-L")) {
          String[] par = tokens[++i].split(":");
          int localPort = Integer.parseInt(par[0].trim());
          String remoteHost = par[1].trim();
          int remotePort = Integer.parseInt(par[2].trim());
          session.setPortForwardingL(localPort, remoteHost, remotePort);
        } else if (tokens[i].equals("-R")) {
          String[] par = tokens[++i].split(":");
          int remotePort = Integer.parseInt(par[0].trim());
          String localHost = par[1].trim();
          int localPort = Integer.parseInt(par[2].trim());
          session.setPortForwardingR(remotePort, localHost, localPort);
        }
      }
    } catch (java.lang.Exception e) {
      System.out.println(" Tunneling command failed: "+e.toString());
      return false;
    }
    return true;
  }

  static LogWriter vlog = new LogWriter("tunnel");
}