So basically you need a reverse proxy so that you can securely share a scanner.
+1 as a feature in a separate "proxy" module, next to "net"... although... what scanner is this? On Wed, Aug 10, 2022 at 7:37 AM Guy B <[email protected]> wrote: > > So, I went ahead and gave this a try (specifically, option B) and it seems to > work perfectly well (both via the scanimage commandline and gscan2pdf). I > attempted to rig up enabling this with a flag, but couldn't grok how sane's > flag system worked from just staring at the code. I've included the diff > below in case it is helpful. For now, I'll leave my dodgy "one-random > custom-built so-file" setup in place, but +1 for making this a mainline > feature and thanks for the assistance. It is most appreciated. > > -Guy > > > diff --git a/backend/net.c b/backend/net.c > index d16119a81..4acb92730 100644 > --- a/backend/net.c > +++ b/backend/net.c > @@ -120,6 +120,7 @@ static int client_big_endian; /* 1 == big endian; 0 == > little endian */ > static int server_big_endian; /* 1 == big endian; 0 == little endian */ > static int depth; /* bits per pixel */ > static int connect_timeout = -1; /* timeout for connection to saned */ > +static SANE_Bool reshare_net = SANE_FALSE; /* if true, reshare > network-connected */ > > #ifndef NET_USES_AF_INDEP > static int saned_port; > @@ -1117,6 +1118,14 @@ sane_init (SANE_Int * version_code, SANE_Auth_Callback > authorize) > DBG (2, "sane_init: connect timeout set to %d seconds from env\n", > connect_timeout); > } > > + DBG (2, "sane_init: evaluating environment variable SANE_NET_RESHARE\n"); > + env = getenv("SANE_NET_RESHARE"); > + if (env) > + { > + reshare_net = SANE_TRUE; > + DBG (2, "sane_init: resharing of net scanners enabled\n"); > + } > + > DBG (2, "sane_init: done\n"); > return SANE_STATUS_GOOD; > } > @@ -1220,7 +1229,7 @@ sane_get_devices (const SANE_Device *** device_list, > SANE_Bool local_only) > > DBG (3, "sane_get_devices: local_only = %d\n", local_only); > > - if (local_only) > + if (local_only && !reshare_net) > { > *device_list = empty_devlist; > return SANE_STATUS_GOOD; > > On Sun, Aug 7, 2022 at 7:39 AM Ralph Little <[email protected]> wrote: >> >> Hi, >> >> On 2022-08-02 12:46, Guy B wrote: >> >> I'm trying to determine if this setup can actually be made to function (and >> Googling has given no obvious answer). >> >> Server A - connected to scanner via USB, exposed via network >> ↓ >> Server B - connected to A via the "net" interface, re-exposes scanner to >> another net via "net" interface >> ↓ >> Server C - connects to B via "net" >> >> The reason that I'm trying to do this is because "A" in this use case is >> actually a VM running an ancient version of Ubuntu because that's the only >> place I can make the binary-only drivers work (and I don't want a 10+ year >> old version of Ubuntu exposed to any network). "B" is then a real machine >> that I want to use to expose it to the rest of the network. >> >> While I've had no trouble plumbing things through to "B", I can't figure out >> how (or if it is possible) to re-share the network scanner again. >> >> -Guy >> >> >> So to summarise: >> - Server A (VM) will be running the binary driver and saned, >> - Server B will be running SANE with the "net" backend (configured to >> connect to Server A's saned) and also saned, >> - Server C will be running SANE with the "net" backend (configured to >> connect to Server B's saned). >> >> Although this sounds reasonable, the only issue that I can see with this >> setup is that saned running on Server B will not pick up the devices through >> the "net" backend. >> The reason for this is that saned is intended to advertise local devices >> only and when asking the "net" backend for local devices, it will simply >> return with an empty list. >> Partly the reason for this is to stop deadly embrace loops where the "net" >> backend and saned could conceivably keep re-advertising each other's devices >> in an endless loop. >> >> Without changing code, I don't see an obvious way around this restriction. >> However, there are two ways you could get around this in your circumstance >> if you are willing do some minor code changes and rebuild. >> >> Do one of: >> >> A. Rebuild saned with a small change to the code here around line 1851 of >> saned.c: >> >> sane_get_devices ((const SANE_Device ***) &reply.device_list, >> SANE_TRUE); >> >> to >> >> sane_get_devices ((const SANE_Device ***) &reply.device_list, >> SANE_FALSE); >> >> This removes the restriction on local-only devices. >> >> or: >> >> B. Rebuild the net backend with a small change to the code around line 1223 >> of net.c: >> >> if (local_only) >> { >> *device_list = empty_devlist; >> return SANE_STATUS_GOOD; >> } >> >> ...by removing this code entirely. >> >> If you are willing to give this a try, I would say that changing the net >> backend and using that is probably the easiest solution. >> To give it a go, I would clone the backends repo, make the change, build it, >> take the built net backend files (libsane-net.*) and temporarily replace >> your regular ones on Server B with the built ones so that Server B's saned >> will see them. >> Probably not a good permanent solution but a place to start at least. >> >> Actually, since we have had this question come up a couple of times in the >> past, it might be an optional feature that we could add, switched off by >> default, to the core code. >> >> Anyway, let us know if you need help giving that a try. >> >> Cheers, >> Ralph -- Kelly "STrRedWolf" Price http://redwolf.ws
