kopia lustrzana https://gitlab.com/sane-project/website
265 wiersze
8.7 KiB
HTML
265 wiersze
8.7 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
|
|
"http://www.w3.org/TR/REC-html40/loose.dtd">
|
|
<HTML>
|
|
<HEAD>
|
|
<TITLE>sane-devel: Patches for saned/net/scanimage/user-authorization.</TITLE>
|
|
<META NAME="Author" CONTENT="Jochen Eisinger (jochen.eisinger@gno.de)">
|
|
<META NAME="Subject" CONTENT="Patches for saned/net/scanimage/user-authorization....">
|
|
</HEAD>
|
|
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
|
|
<H1>Patches for saned/net/scanimage/user-authorization....</H1>
|
|
<!-- received="Fri Nov 17 09:17:57 2000" -->
|
|
<!-- isoreceived="20001117171757" -->
|
|
<!-- sent="Fri, 17 Nov 2000 11:35:23 +0100" -->
|
|
<!-- isosent="20001117103523" -->
|
|
<!-- name="Jochen Eisinger" -->
|
|
<!-- email="jochen.eisinger@gno.de" -->
|
|
<!-- subject="Patches for saned/net/scanimage/user-authorization...." -->
|
|
<!-- id="3A1509EB.17079626@gno.de" -->
|
|
<STRONG>From:</STRONG> Jochen Eisinger (<A HREF="mailto:jochen.eisinger@gno.de?Subject=Re:%20Patches%20for%20saned/net/scanimage/user-authorization....&In-Reply-To=<3A1509EB.17079626@gno.de>"><EM>jochen.eisinger@gno.de</EM></A>)<BR>
|
|
<STRONG>Date:</STRONG> Fri Nov 17 2000 - 02:35:23 PST
|
|
<P>
|
|
<!-- next="start" -->
|
|
<LI><STRONG>Next message:</STRONG> <A HREF="0217.html">mh: "QuiteInsane"</A>
|
|
<UL>
|
|
<LI><STRONG>Previous message:</STRONG> <A HREF="0215.html">Mitsuru Okaniwa: "The canon-files for FB620S"</A>
|
|
<!-- nextthread="start" -->
|
|
<LI><STRONG>Next in thread:</STRONG> <A HREF="0233.html">Henning Meier-Geinitz: "Re: Patches for saned/net/scanimage/user-authorization...."</A>
|
|
<LI><STRONG>Reply:</STRONG> <A HREF="0233.html">Henning Meier-Geinitz: "Re: Patches for saned/net/scanimage/user-authorization...."</A>
|
|
<!-- reply="end" -->
|
|
<LI><STRONG>Messages sorted by:</STRONG>
|
|
<A HREF="date.html#216">[ date ]</A>
|
|
<A HREF="index.html#216">[ thread ]</A>
|
|
<A HREF="subject.html#216">[ subject ]</A>
|
|
<A HREF="author.html#216">[ author ]</A>
|
|
</UL>
|
|
<HR NOSHADE><P>
|
|
<!-- body="start" -->
|
|
<P>
|
|
Hi all!
|
|
<BR>
|
|
<P>Here are some patches I'd propose to include into SANE:
|
|
<BR>
|
|
<P>SANE Standard (then 1.0.2)
|
|
<BR>
|
|
<P>doc/sane.tex include/sane/sane.h:
|
|
<BR>
|
|
* SANE_MAX_USERNAME_LEN & SANE_MAX_PASSWORD_LEN are now 128 chars
|
|
<BR>
|
|
(instead of 256)
|
|
<BR>
|
|
<P> system routines like getpasswd() just allow 128 chars... if we like to
|
|
<BR>
|
|
use them, we have to restrict ourselves to 128 chars
|
|
<BR>
|
|
<P>doc/net.tex backend/net.c:
|
|
<BR>
|
|
* the SANE_NET_AUTHORIZE RPC can be interpreted in two different ways.
|
|
<BR>
|
|
If a backend uses the auth_callback the sane_call (sane_open,
|
|
<BR>
|
|
sane_control_option, sane_start) could fail, the frontend sends
|
|
<BR>
|
|
username/password and restarts the sane_call (HTTP-Style). Or the
|
|
<BR>
|
|
frontends just answers the username/password and the original sane_call
|
|
<BR>
|
|
continues (Callback-Style).
|
|
<BR>
|
|
<P>Neither worked with net.c... I've changed this to the Callback-Style
|
|
<BR>
|
|
(which works now)
|
|
<BR>
|
|
<P>doc/net.tex:
|
|
<BR>
|
|
<P>the biggest problem with SANE user authorization is that the password is
|
|
<BR>
|
|
transmitted in plain-text. To avoid this Andreas Beck, Oliver Rauch and
|
|
<BR>
|
|
myself developed the following idea...
|
|
<BR>
|
|
<P>the "old" way is this:
|
|
<BR>
|
|
======================
|
|
<BR>
|
|
<P>1. backend (saned) requests a username/password for resource "res"
|
|
<BR>
|
|
<P>2. the frontend (xsane & frontend/test.c is capable of doing this) asks
|
|
<BR>
|
|
the user for his or her username/password and sends them to the backend
|
|
<BR>
|
|
(in plain-text)
|
|
<BR>
|
|
<P>3. the backend compares the res/username/password combination with a
|
|
<BR>
|
|
password-file, etc...
|
|
<BR>
|
|
<P>the "new" way is:
|
|
<BR>
|
|
=================
|
|
<BR>
|
|
<P>1. the backend requests a username/password for resource "res", but it
|
|
<BR>
|
|
appends the string "$MD5$" and a random string to the resource-name
|
|
<BR>
|
|
("res$MD5$iamarandomstring")
|
|
<BR>
|
|
<P>2.1. a dumb frontend displays this "strange" resource-name, asks the
|
|
<BR>
|
|
user for his name, etc... and returns all in plain-text
|
|
<BR>
|
|
<P>2.2 a intelligent frontend displays only the "res", asks the user for
|
|
<BR>
|
|
his name/password and returns username and the MD5 digest of
|
|
<BR>
|
|
randomstring + password
|
|
<BR>
|
|
<P>if the password is "mypass" the returned password would be
|
|
<BR>
|
|
<P>md5sum ("iamarandomstringmypass") = ea1075c68434ca93b98b74ae1fcb4842
|
|
<BR>
|
|
<P>To signal the backend that the frontend used MD5, it prepends the md5
|
|
<BR>
|
|
digest of the password with the string "$MD5$". In this case, it would
|
|
<BR>
|
|
return
|
|
<BR>
|
|
<P>username:$MD5$ea1075c68434ca93b98b74ae1fcb4842
|
|
<BR>
|
|
<P>3.1 If the frontend receives a plain-text reply, it compares the
|
|
<BR>
|
|
username/password with its list
|
|
<BR>
|
|
<P>3.2 it the frontend receives a md5-reply, it calculates the md5 of the
|
|
<BR>
|
|
password it has in its list and compares it with the password received
|
|
<BR>
|
|
from the frontend
|
|
<BR>
|
|
<P>===========
|
|
<BR>
|
|
<P>This has the advantage, that the password isn't transmitted over the
|
|
<BR>
|
|
network... a disadvantage is that the passwords are stored in plain-text
|
|
<BR>
|
|
on the server...
|
|
<BR>
|
|
<P>To make it possible to include this kind of user-authorization easily,
|
|
<BR>
|
|
there is a new interface:
|
|
<BR>
|
|
<P><P><P>lib/md5.c include/md5.h include/sane/sanei_auth.h sanei/sanei_auth.c:
|
|
<BR>
|
|
<P> * These files implement the above proposed user authentification. A
|
|
<BR>
|
|
backend just has to call
|
|
<BR>
|
|
<P> sanei_authorize ("resource-name", STRINGIFY(BACKEND_NAME),
|
|
<BR>
|
|
auth_callback);
|
|
<BR>
|
|
<P> if a file SANEI_CONFIG_DIR/BACKEND_NAME.users exist containing lines
|
|
<BR>
|
|
of the form
|
|
<BR>
|
|
<P>resource:username:password
|
|
<BR>
|
|
<P>the sanei_authorize calls the auth_callback and checks whether the user
|
|
<BR>
|
|
is allowed to access this resource. If the authorization fails, the
|
|
<BR>
|
|
procedure returns SANE_STATUS_ACCESS_DENIED in all other cases it
|
|
<BR>
|
|
returns SANE_STATUS_GOOD.
|
|
<BR>
|
|
<P>The random-string used by the sanei_authorize is the PID of the backend,
|
|
<BR>
|
|
the time(NULL) and some random bytes taken from /dev/urandom (or from
|
|
<BR>
|
|
rand() if /dev/urandom doesn't exist - this is checked by the configure
|
|
<BR>
|
|
script)
|
|
<BR>
|
|
<P><P><P>frontend/scanimage.c frontend/saned.c doc/saned.man doc/scanimage.man:
|
|
<BR>
|
|
<P>furthermore, I've modified scanimage to handle such requests... if a
|
|
<BR>
|
|
file ~/.sane/pass exists, it is used to automate the process
|
|
<BR>
|
|
(permissions must be 0600 at least, the format is the same as for
|
|
<BR>
|
|
sanei_authorize). To make sure the frontend isn't replying to old
|
|
<BR>
|
|
unsecures password-request, you can use the command-line option
|
|
<BR>
|
|
--accept-md5-only.
|
|
<BR>
|
|
<P>saned is modifed to restrict access for certain backends... if a file
|
|
<BR>
|
|
SANE_CONFIG_DIR/saned.users exists (contain lines of the form
|
|
<BR>
|
|
<P>backend:username:password
|
|
<BR>
|
|
<P>like
|
|
<BR>
|
|
<P>mustek_pp:jochen:mysecret
|
|
<BR>
|
|
mustek_pp:guest:nosecret
|
|
<BR>
|
|
mustek:henning:better secret!!!
|
|
<BR>
|
|
<P>) only these users are allowed to access these backends... note that all
|
|
<BR>
|
|
other backends can be accessed by everybody.
|
|
<BR>
|
|
<P>hmm...
|
|
<BR>
|
|
<P>I hope I made myself clear...
|
|
<BR>
|
|
<P>please send feedback!!
|
|
<BR>
|
|
<P>I've attached a tar-ball of all modified files... (I modified the
|
|
<BR>
|
|
version available from CVS at Nov-16 (3 pm CET)
|
|
<BR>
|
|
<P>-- jochen
|
|
<BR>
|
|
|
|
<BR><HR NOSHADE>
|
|
<UL>
|
|
<LI>application/x-gzip attachment: <A HREF="att-0216/01-sane-auth.tar.gz">sane-auth.tar.gz</A>
|
|
</UL>
|
|
<!-- attachment="01-sane-auth.tar.gz" -->
|
|
<P><P><PRE>
|
|
--
|
|
Source code, list archive, and docs: <A HREF="http://www.mostang.com/sane/">http://www.mostang.com/sane/</A>
|
|
To unsubscribe: echo unsubscribe sane-devel | mail <A HREF="mailto:majordomo@mostang.com?Subject=Re:%20Patches%20for%20saned/net/scanimage/user-authorization....&In-Reply-To=<3A1509EB.17079626@gno.de>">majordomo@mostang.com</A>
|
|
</PRE>
|
|
<P><!-- body="end" -->
|
|
<HR NOSHADE>
|
|
<UL>
|
|
<!-- next="start" -->
|
|
<LI><STRONG>Next message:</STRONG> <A HREF="0217.html">mh: "QuiteInsane"</A>
|
|
<LI><STRONG>Previous message:</STRONG> <A HREF="0215.html">Mitsuru Okaniwa: "The canon-files for FB620S"</A>
|
|
<!-- nextthread="start" -->
|
|
<LI><STRONG>Next in thread:</STRONG> <A HREF="0233.html">Henning Meier-Geinitz: "Re: Patches for saned/net/scanimage/user-authorization...."</A>
|
|
<LI><STRONG>Reply:</STRONG> <A HREF="0233.html">Henning Meier-Geinitz: "Re: Patches for saned/net/scanimage/user-authorization...."</A>
|
|
<!-- reply="end" -->
|
|
<LI><STRONG>Messages sorted by:</STRONG>
|
|
<A HREF="date.html#216">[ date ]</A>
|
|
<A HREF="index.html#216">[ thread ]</A>
|
|
<A HREF="subject.html#216">[ subject ]</A>
|
|
<A HREF="author.html#216">[ author ]</A>
|
|
</UL>
|
|
<!-- trailer="footer" -->
|
|
<HR NOSHADE>
|
|
<P>
|
|
<SMALL>
|
|
<EM>
|
|
This archive was generated by <A HREF="http://www.hypermail.org/">hypermail 2b29</A>
|
|
: <EM>Fri Nov 17 2000 - 09:26:07 PST</EM>
|
|
</EM>
|
|
</SMALL>
|
|
</BODY>
|
|
</HTML>
|