[sane-devel] Chained Network Sane?

Kelly Price strredwolf at gmail.com
Wed Aug 10 12:50:14 BST 2022

So basically you need a reverse proxy so that you can securely share a scanner.

+1 as a feature in a separate "proxy" module, next to "net"...
although... what scanner is this?

On Wed, Aug 10, 2022 at 7:37 AM Guy B <guy at guyblade.com> wrote:
> So, I went ahead and gave this a try (specifically, option B) and it seems to work perfectly well (both via the scanimage commandline and gscan2pdf). I attempted to rig up enabling this with a flag, but couldn't grok how sane's flag system worked from just staring at the code. I've included the diff below in case it is helpful. For now, I'll leave my dodgy "one-random custom-built so-file" setup in place, but +1 for making this a mainline feature and thanks for the assistance. It is most appreciated.
> -Guy
> diff --git a/backend/net.c b/backend/net.c
> index d16119a81..4acb92730 100644
> --- a/backend/net.c
> +++ b/backend/net.c
> @@ -120,6 +120,7 @@ static int client_big_endian; /* 1 == big endian; 0 == little endian */
> static int server_big_endian; /* 1 == big endian; 0 == little endian */
> static int depth; /* bits per pixel */
> static int connect_timeout = -1; /* timeout for connection to saned */
> +static SANE_Bool reshare_net = SANE_FALSE; /* if true, reshare network-connected */
> static int saned_port;
> @@ -1117,6 +1118,14 @@ sane_init (SANE_Int * version_code, SANE_Auth_Callback authorize)
>       DBG (2, "sane_init: connect timeout set to %d seconds from env\n", connect_timeout);
>     }
> +  DBG (2, "sane_init: evaluating environment variable SANE_NET_RESHARE\n");
> +  env = getenv("SANE_NET_RESHARE");
> +  if (env)
> +    {
> +      reshare_net = SANE_TRUE;
> +      DBG (2, "sane_init: resharing of net scanners enabled\n");
> +    }
> +
>   DBG (2, "sane_init: done\n");
>   return SANE_STATUS_GOOD;
> }
> @@ -1220,7 +1229,7 @@ sane_get_devices (const SANE_Device *** device_list, SANE_Bool local_only)
>   DBG (3, "sane_get_devices: local_only = %d\n", local_only);
> -  if (local_only)
> +  if (local_only && !reshare_net)
>     {
>       *device_list = empty_devlist;
>       return SANE_STATUS_GOOD;
> On Sun, Aug 7, 2022 at 7:39 AM Ralph Little <skelband at gmail.com> wrote:
>> Hi,
>> On 2022-08-02 12:46, Guy B wrote:
>> I'm trying to determine if this setup can actually be made to function (and Googling has given no obvious answer).
>> Server A - connected to scanner via USB, exposed via network
>>>> Server B - connected to A via the "net" interface, re-exposes scanner to another net via "net" interface
>>>> Server C - connects to B via "net"
>> The reason that I'm trying to do this is because "A" in this use case is actually a VM running an ancient version of Ubuntu because that's the only place I can make the binary-only drivers work (and I don't want a 10+ year old version of Ubuntu exposed to any network). "B" is then a real machine that I want to use to expose it to the rest of the network.
>> While I've had no trouble plumbing things through to "B", I can't figure out how (or if it is possible) to re-share the network scanner again.
>> -Guy
>> So to summarise:
>>     - Server A (VM) will be running the binary driver and saned,
>>     - Server B will be running SANE with the "net" backend (configured to connect to Server A's saned) and also saned,
>>     - Server C will be running SANE with the "net" backend (configured to connect to Server B's saned).
>> Although this sounds reasonable, the only issue that I can see with this setup is that saned running on Server B will not pick up the devices through the "net" backend.
>> The reason for this is that saned is intended to advertise local devices only and when asking the "net" backend for local devices, it will simply return with an empty list.
>> Partly the reason for this is to stop deadly embrace loops where the "net" backend and saned could conceivably keep re-advertising each other's devices in an endless loop.
>> Without changing code, I don't see an obvious way around this restriction. However, there are two ways you could get around this in your circumstance if you are willing do some minor code changes and rebuild.
>> Do one of:
>> A. Rebuild saned with a small change to the code here around line 1851 of saned.c:
>>       sane_get_devices ((const SANE_Device ***) &reply.device_list,
>>                 SANE_TRUE);
>> to
>>       sane_get_devices ((const SANE_Device ***) &reply.device_list,
>>                 SANE_FALSE);
>> This removes the restriction on local-only devices.
>> or:
>> B. Rebuild the net backend with a small change to the code around line 1223 of net.c:
>>   if (local_only)
>>     {
>>       *device_list = empty_devlist;
>>       return SANE_STATUS_GOOD;
>>     }
>> ...by removing this code entirely.
>> If you are willing to give this a try, I would say that changing the net backend and using that is probably the easiest solution.
>> To give it a go, I would clone the backends repo, make the change, build it, take the built net backend files (libsane-net.*) and temporarily replace your regular ones on Server B with the built ones so that Server B's saned will see them.
>> Probably not a good permanent solution but a place to start at least.
>> Actually, since we have had this question come up a couple of times in the past, it might be an optional feature that we could add, switched off by default, to the core code.
>> Anyway, let us know if you need help giving that a try.
>> Cheers,
>> Ralph

Kelly "STrRedWolf" Price

More information about the sane-devel mailing list