view src/ch/ethz/ssh2/ServerAuthenticationCallback.java @ 292:855cdc3b2ced ganymed

start conversion from trilead to ganymed
author Carl Byington <carl@five-ten-sg.com>
date Fri, 18 Jul 2014 20:36:45 -0700
parents 91a31873c42a
children 071eccdff8ea
line wrap: on
line source

/*
 * Copyright (c) 2012-2013 Christian Plattner. All rights reserved.
 * Please refer to the LICENSE.txt for licensing details.
 */

package ch.ethz.ssh2;

/**
 * A callback used during the authentication phase (see RFC 4252) when
 * implementing a SSH server. 
 * 
 * @author Christian Plattner
 * @version 2.50, 03/15/10
 */
public interface ServerAuthenticationCallback
{
	/**
	 * The method name for host-based authentication. 
	 */
	public final String METHOD_HOSTBASED = "hostbased";

	/**
	 * The method name for public-key authentication. 
	 */
	public final String METHOD_PUBLICKEY = "publickey";

	/**
	 * The method name for password authentication. 
	 */
	public final String METHOD_PASSWORD = "password";

	/**
	 * Called when the client enters authentication.
	 * This gives you the chance to set a custom authentication banner
	 * for this SSH-2 session. This is the first method called in this interface.
	 * It will only called at most once per <code>ServerConnection</code>.
	 * 
	 * @param sc The corresponding <code>ServerConnection</code>
	 * @return The authentication banner or <code>NULL</code> in case no banner should be send.
	 */
	public String initAuthentication(ServerConnection sc);

	/**
	 * Return the authentication methods that are currently available to the client.
	 * Be prepared to return this information at any time during the authentication procedure.
	 * <p/>
	 * The returned name-list of 'method names' (see RFC4252) indicate the authentication methods
	 * that may productively continue the authentication dialog.
	 * </p>
	 * It is RECOMMENDED that servers only include those 'method name'
	 * values in the name-list that are actually useful.  However, it is not
	 * illegal to include 'method name' values that cannot be used to
	 * authenticate the user.
	 * <p/>
	 * Already successfully completed authentications SHOULD NOT be included
	 * in the name-list, unless they should be performed again for some reason.
	 * 
	 * @see #METHOD_HOSTBASED
	 * @see #METHOD_PASSWORD
	 * @see #METHOD_PUBLICKEY
	 * 
	 * @param sc
	 * @return A list of method names.
	 */
	public String[] getRemainingAuthMethods(ServerConnection sc);

	/**
	 * Typically, this will be called be the client to get the list of
	 * authentication methods that can continue. You should simply return
	 * {@link AuthenticationResult#FAILURE}.
	 * 
	 * @param sc
	 * @param username Name of the user that wants to log in with the "none" method.
	 * @return
	 */
	public AuthenticationResult authenticateWithNone(ServerConnection sc, String username);

	public AuthenticationResult authenticateWithPassword(ServerConnection sc, String username, String password);

	/**
	 * NOTE: Not implemented yet.
	 * 
	 * @param sc
	 * @param username
	 * @param algorithm
	 * @param publickey
	 * @param signature
	 * @return
	 */
	public AuthenticationResult authenticateWithPublicKey(ServerConnection sc, String username, String algorithm,
			byte[] publickey, byte[] signature);
}