1/* sane - Scanner Access Now Easy.
2   Copyright (C) 2000 Jochen Eisinger <jochen.eisinger@gmx.net>
3   This file is part of the SANE package.
4
5   This program is free software; you can redistribute it and/or
6   modify it under the terms of the GNU General Public License as
7   published by the Free Software Foundation; either version 2 of the
8   License, or (at your option) any later version.
9
10   This program is distributed in the hope that it will be useful, but
11   WITHOUT ANY WARRANTY; without even the implied warranty of
12   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
13   General Public License for more details.
14
15   You should have received a copy of the GNU General Public License
16   along with this program.  If not, see <https://www.gnu.org/licenses/>.
17
18   As a special exception, the authors of SANE give permission for
19   additional uses of the libraries contained in this release of SANE.
20
21   The exception is that, if you link a SANE library with other files
22   to produce an executable, this does not by itself cause the
23   resulting executable to be covered by the GNU General Public
24   License.  Your use of that executable is in no way restricted on
25   account of linking the SANE library code into it.
26
27   This exception does not, however, invalidate any other reasons why
28   the executable file might be covered by the GNU General Public
29   License.
30
31   If you submit changes to SANE to the maintainers to be included in
32   a subsequent release, you agree by submitting the changes that
33   those changes may be distributed with this exception intact.
34
35   If you write modifications of your own for SANE, it is your choice
36   whether to permit this exception to apply to your modifications.
37   If you do not wish that, delete this exception notice.
38*/
39
40/** @file sanei_auth.h
41 * Interface for authorization of resources
42 *
43 * This file implements an interface for user authorization. The authorization
44 * call is forwarded to the frontend which asks for a username and password.
45 * An MD5 digest is used if supported by the frontend.
46 *
47 * @sa sanei.h sanei_backend.h
48 */
49
50#ifndef sanei_auth_h
51#define sanei_auth_h
52
53#include "../include/sane/sane.h"
54
55/** Check authorization for a resource
56 *
57 * This function looks for the file SANE_CONFIG_DIR/backend.users.
58 * If this file doesn't exist, sanei_authorize always returns SANE_STATUS_GOOD.
59 * The file backend.users contains a list of usernames, passwords, and
60 * resources:
61 *
62 * username:password:resource
63 * username:password:resource
64 *
65 * If the requested resource isn't listed in this file, sanei_authorize
66 * return SANE_SATUS_GOOD. In all other cases, sanei_authorize sends a
67 * challenge to the frontend of the form
68 *
69 * resource$MD5$randomstring
70 *
71 * where randomstring consists of the PID, the time, and some random
72 * characters. It accepts two forms of answers
73 *
74 * std: username:password
75 * md5: username:$MD5$m5digest
76 *
77 * where md5digest is md5(randomstring password).
78 *
79 * If this username/password/resource triple is listed in backend.users
80 * sanei_authorize returns SANE_STATUS_GOOD, in all other cases it returns
81 * SANE_STATUS_ACCESS_DENIED.
82 *
83 * @param resource resource to authorize
84 * @param backend backend name
85 * @param authorize auth callback
86 *
87 * @return
88 * - SANE_STATUS_GOOD - access is granted
89 * - SANE_STATUS_ACCESS_DENIED - access is denied
90 */
91
92SANE_Status
93sanei_authorize (const char *resource,
94		 const char *backend, SANE_Auth_Callback authorize);
95
96#endif /* sanei_auth_h */
97