Source: sane-backends Version: 1.0.25-2 Severity: wishlist Tags: patch Dear Maintainer,
Recently I needed to implement access control to a network-attached scanner and found out saned can be used for that if it's made to report network-attached devices. Then I found that a patch to implement this feature was sent upstream in 2014 but it has not been included yet. After some minor changes I've applied that patch to the current sane-backends source and I've verified that it works as expected; the network-attached scanner is reported by saned and it can successfully be used with xsane. Attached you will find a debdiff with the updated patch. I think that the possibility of implementing access control to a network-attached device is an useful feature that may be considered for inclusion ahead of upstream. Best regards, -- System Information: Debian Release: 8.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=es_VE.UTF-8, LC_CTYPE=es_VE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- Dhionel Díaz Centro Nacional de Desarrollo e Investigación en Tecnologías Libres Ministerio del Poder Popular para Educación Universitaria, Ciencia y Tecnología
diff -Nru sane-backends-1.0.25/debian/patches/0233-saned-remotescanners.patch sane-backends-1.0.25/debian/patches/0233-saned-remotescanners.patch --- sane-backends-1.0.25/debian/patches/0233-saned-remotescanners.patch 1969-12-31 20:00:00.000000000 -0400 +++ sane-backends-1.0.25/debian/patches/0233-saned-remotescanners.patch 2016-04-13 18:38:35.000000000 -0430 @@ -0,0 +1,159 @@ +Description: saned option to report network-attached devices to clients +Author: Jens-U. Mozdzen <jmozd...@nde.ag> +Author: Dhionel DÃaz <dd...@cenditel.gob.ve> +Bug: https://alioth.debian.org/tracker/index.php?func=detail&aid=314768&group_id=30186&atid=410366 +Last-Update: 2016-04-13 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/doc/saned.man ++++ b/doc/saned.man +@@ -10,6 +10,7 @@ + .I [ n ] + .B | \-s + .I [ n ] ++.B | \-r + .B | \-h + .B ] + .SH DESCRIPTION +@@ -37,6 +38,14 @@ + .B saned + will drop root privileges and run as this user (and group). + .PP ++If the ++.B \-r ++flag is specified, saned will also report remote scanners (those that are accessed ++via saned's "net" backend) when receiving an inquiry to list all devices. As the ++remote scanner may not be available at the time of the request, enabling this ++option may cause a significant delay, experienced by the remote client. ++Default is not to report those scanners. ++.PP + The + .B \-d + and +@@ -94,6 +103,14 @@ + machine, we strongly recommend using the Netfilter + \fInf_conntrack_sane\fP module instead. + .PP ++\fBreexport_remote_scanners\fP = \fI[ true | yes | 1 ]\fP ++Enables reporting remote scanners (those accessed via saned's "net" ++backend) to clients. As the remote scanner may not be available at ++the time of the request, enabling this option may cause a significant ++delay, experienced by the remote client. ++Any value other than "true", "yes" or "1" will keep this option disabled, ++which is the default when this option nor the command line flag "-r" is specified. ++.PP + The access list is a list of host names, IP addresses or IP subnets + (CIDR notation) that are permitted to use local SANE devices. IPv6 + addresses must be enclosed in brackets, and should always be specified +--- a/frontend/saned.c ++++ b/frontend/saned.c +@@ -246,6 +246,7 @@ + static int num_handles; + static int debug; + static int run_mode; ++static SANE_Bool reexport_remote_scanners_disabled = SANE_TRUE; + static Handle *handle; + static union + { +@@ -1834,7 +1835,7 @@ + + reply.status = + sane_get_devices ((const SANE_Device ***) &reply.device_list, +- SANE_TRUE); ++ reexport_remote_scanners_disabled); + sanei_w_reply (w, (WireCodecFunc) sanei_w_get_devices_reply, &reply); + } + break; +@@ -2697,6 +2698,23 @@ + DBG (DBG_INFO, "read_config: data port range: %d - %d\n", data_port_lo, data_port_hi); + } + } ++ else if (strstr(config_line, "reexport_remote_scanners") != NULL) ++ { ++ optval = sanei_config_skip_whitespace (++optval); ++ if ((optval != NULL) && (*optval != '\0')) ++ { ++ if (optval == endval) ++ { ++ DBG (DBG_ERR, "read_config: invalid value for data_portrange\n"); ++ continue; ++ } ++ else if ((strcmp( optval, "yes") == 0) || (strcmp( optval, "true") == 0) ||(strcmp( optval, "1") == 0)) ++ { ++ reexport_remote_scanners_disabled = SANE_FALSE; ++ DBG (DBG_INFO, "main: enabled serving remote scanner devices\n"); ++ } ++ } ++ } + } + fclose (fp); + DBG (DBG_INFO, "read_config: done reading config\n"); +@@ -3274,35 +3292,43 @@ + numchildren = 0; + run_mode = SANED_RUN_INETD; + +- if (argc >= 2) +- { +- if (strncmp (argv[1], "-a", 2) == 0) +- run_mode = SANED_RUN_ALONE; +- else if (strncmp (argv[1], "-d", 2) == 0) +- { +- run_mode = SANED_RUN_DEBUG; +- log_to_syslog = SANE_FALSE; +- } +- else if (strncmp (argv[1], "-s", 2) == 0) +- run_mode = SANED_RUN_DEBUG; +- else +- { +- printf ("Usage: saned [ -a [ username ] | -d [ n ] | -s [ n ] ] | -h\n"); +- if ((strncmp (argv[1], "-h", 2) == 0) || +- (strncmp (argv[1], "--help", 6) == 0)) +- exit (EXIT_SUCCESS); +- else +- exit (EXIT_FAILURE); +- } +- } ++ int optc; + +- if (run_mode == SANED_RUN_DEBUG) +- { +- if (argv[1][2]) +- debug = atoi (argv[1] + 2); ++ opterr = 0; /* wir wollen keine fremden Ausgaben */ ++ ++ do { ++ switch (optc = getopt(argc, argv, "ad:s:r")) { ++ ++ case 'a': /* stand-alone */ ++ run_mode = SANED_RUN_ALONE; ++ break; ++ case 'd': /* debug */ ++ run_mode = SANED_RUN_DEBUG; ++ log_to_syslog = SANE_FALSE; + ++ debug = atoi( optarg); + DBG (DBG_WARN, "main: starting debug mode (level %d)\n", debug); ++ break; ++ case 's': /* debug to syslog */ ++ run_mode = SANED_RUN_DEBUG; ++ ++ debug = atoi( optarg); ++ DBG (DBG_WARN, "main: starting debug mode (level %d)\n", debug); ++ break; ++ case 'r': /* re-export network-attached scanners */ ++ reexport_remote_scanners_disabled = SANE_FALSE; ++ DBG (DBG_INFO, "main: enabled serving remote scanner devices\n"); ++ break; ++ case '?': /* unknown option */ ++ printf ("Usage: saned [ -a [ username ] | -d [ n ] | -s [ n ] ] | -r | -h\n"); ++ if ((strncmp (argv[1], "-h", 2) == 0) || ++ (strncmp (argv[1], "--help", 6) == 0)) ++ exit (EXIT_SUCCESS); ++ else ++ exit (EXIT_FAILURE); ++ break; + } ++ } while (optc != -1); + + if (log_to_syslog) + openlog ("saned", LOG_PID | LOG_CONS, LOG_DAEMON); diff -Nru sane-backends-1.0.25/debian/patches/series sane-backends-1.0.25/debian/patches/series --- sane-backends-1.0.25/debian/patches/series 2015-11-06 22:58:19.000000000 -0430 +++ sane-backends-1.0.25/debian/patches/series 2016-04-16 19:37:14.000000000 -0430 @@ -16,3 +16,4 @@ 0705-kfreebsd.patch 0710-sane-desc.c_debian_mods.patch 0125-multiarch_dll_search_path.patch +0233-saned-remotescanners.patch
signature.asc
Description: OpenPGP digital signature
