Subversion Repositories Programming Utils

Rev

Details | Last modification | View Log | RSS feed

Rev Author Line No. Line
86 rm5248 1
/*
2
 * Licensed to the Apache Software Foundation (ASF) under one
3
 * or more contributor license agreements.  See the NOTICE file
4
 * distributed with this work for additional information
5
 * regarding copyright ownership.  The ASF licenses this file
6
 * to you under the Apache License, Version 2.0 (the
7
 * "License"); you may not use this file except in compliance
8
 * with the License.  You may obtain a copy of the License at
9
 *
10
 *   http://www.apache.org/licenses/LICENSE-2.0
11
 *
12
 * Unless required by applicable law or agreed to in writing,
13
 * software distributed under the License is distributed on an
14
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15
 * KIND, either express or implied.  See the License for the
16
 * specific language governing permissions and limitations
17
 * under the License.
18
 */
19
package org.apache.sshd.common;
20
 
21
import org.apache.sshd.agent.SshAgent;
22
 
23
/**
24
 * Determines if a forwarding request will be permitted.
25
 *
26
 * @author <a href="mailto:dev@mina.apache.org">Apache MINA SSHD Project</a>
27
 */
28
public interface ForwardingFilter {
29
    /**
30
     * Determine if the session may arrange for agent forwarding.
31
     * <p>
32
     * This server process will open a new listen socket locally and export
33
     * the address in the {@link SshAgent#SSH_AUTHSOCKET_ENV_NAME} environment
34
     * variable.
35
     *
36
     * @param session session requesting permission to forward the agent.
37
     * @return true if the agent forwarding is permitted, false if denied.
38
     */
39
    boolean canForwardAgent(Session session);
40
 
41
    /**
42
     * Determine if the session may arrange for X11 forwarding.
43
     * <p>
44
     * This server process will open a new listen socket locally and export
45
     * the address in the environment so X11 clients can be tunneled to the
46
     * user's X11 display server.
47
     *
48
     * @param session session requesting permission to forward X11 connections.
49
     * @return true if the X11 forwarding is permitted, false if denied.
50
     */
51
    boolean canForwardX11(Session session);
52
 
53
    /**
54
     * Determine if the session may listen for inbound connections.
55
     * <p>
56
     * This server process will open a new listen socket on the address given
57
     * by the client (usually 127.0.0.1 but may be any address).  Any inbound
58
     * connections to this socket will be tunneled over the session to the
59
     * client, which the client will then forward the connection to another
60
     * host on the client's side of the network.
61
     *
62
     * @param address address the client has requested this server listen
63
     *  for inbound connections on, and relay them through the client.
64
     * @param session session requesting permission to listen for connections.
65
     * @return true if the socket is permitted; false if it must be denied.
66
     */
67
    boolean canListen(SshdSocketAddress address, Session session);
68
 
69
    /**
70
     * Determine if the session may create an outbound connection.
71
     * <p>
72
     * This server process will connect to another server listening on the
73
     * address specified by the client.  Usually this is to another port on
74
     * the same host (127.0.0.1) but may be to any other system this server
75
     * can reach on the server's side of the network.
76
     *
77
     * @param address address the client has requested this server listen
78
     *  for inbound connections on, and relay them through the client.
79
     * @param session session requesting permission to listen for connections.
80
     * @return true if the socket is permitted; false if it must be denied.
81
     */
82
    boolean canConnect(SshdSocketAddress address, Session session);
83
}