diff --git a/api.rst b/api.rst index 77f1cc3..7321f55 100644 --- a/api.rst +++ b/api.rst @@ -775,8 +775,8 @@ The authentication function type has the following declaration: :: - #define SANE_MAX_USERNAME_LEN 256 - #define SANE_MAX_PASSWORD_LEN 256 + #define SANE_MAX_USERNAME_LEN 128 + #define SANE_MAX_PASSWORD_LEN 128 typedef void (*SANE_Authorization_Callback) (SANE_String_Const resource, diff --git a/conf.py b/conf.py index 2901052..cae666c 100644 --- a/conf.py +++ b/conf.py @@ -20,7 +20,7 @@ import os project = 'SANE Standard' copyright = '' author = '' -version = 'Version 1.01' +version = 'Version 1.02' release = version # -- General configuration --------------------------------------------------- @@ -53,7 +53,7 @@ numfig_format = { 'section': '%s' } -today_fmt = 'November 12, 2000' +today_fmt = 'November 14, 2000' highlight_language = 'c' diff --git a/net.rst b/net.rst index 325b7c3..91fd3b1 100644 --- a/net.rst +++ b/net.rst @@ -198,7 +198,7 @@ authentication calls. In the reply, :data:`status` indicates the completion status. If the value is anything other than :macro:`SANE_STATUS_SUCCESS`, the remainder of the reply has -undefined values. [2]_ The :data:`version_code` argument +undefined values. [1]_ The :data:`version_code` argument returns the SANE version-code that the network daemon supports. See the comments in the previous paragraph on the meaning of the build-revision in this version code. @@ -527,12 +527,24 @@ returned in the :data:`resource` argument of the RPC reply that required this authorization call. The :data:`username` and :data:`password` are the name of the user that is accessing the resource and the password for the specified resource/user -pair. [1]_ +pair. + +Since the password is not encrypted during network transmission, it is +recommended to use the following extension: + +If the server adds the string ``$MD5$`` to the resource-name followed +by a random string not longer then 128 bytes, the client may answer +with the MD5 digest of the concatenation of the password and the +random string. To differentiate between the MD5 digest and a strange +password the client prepends the MD5 digest with the string ``$MD5$``. In the reply, :data:`dummy` is completely unused. Note that there is no direct failure indication. This is unnecessary since a net client will retry the RPC that resulted in the authorization request -until that call succeeds (or until the request is cancelled). +until that call succeeds (or until the request is cancelled). The RPC +that resulted in the authorization request continues after the reply +from the client and may fail with :macro:`SANE_STATUS_ACCESS_DENIED`. + .. index:: SANE_NET_EXIT @@ -545,9 +557,5 @@ the connection between the client and the server that was established by the :data:`SANE_NET_INIT` call will be closed. .. [1] - The sane network daemon should be careful not to leak information in - the undefined portion of the reply. - -.. [2] The username and password should be encrypted before network transmission but currently they are always in plain text.