1 | LPRng - An Enhanced Printer Spooler |
---|
2 | Introduction and Reference Manual |
---|
3 | Version 3.1, Jan. 1, 1997 |
---|
4 | Patrick Powell <papowell@astart.com> |
---|
5 | |
---|
6 | ABSTRACT |
---|
7 | The LPRng software is an enhanced, extended, and |
---|
8 | portable version of the Berkeley LPR software. While |
---|
9 | providing the same general functionality, the imple- |
---|
10 | mentation is completely new and provides support for |
---|
11 | the following features: lightweight (no databases |
---|
12 | needed) lpr, lpc, and lprm programs; dynamic redirec- |
---|
13 | tion of print queues; automatic job holding; highly |
---|
14 | verbose diagnostics; multiple printers serving a sin- |
---|
15 | gle queue; client programs do not need to run SUID |
---|
16 | root; greatly enhanced security checks; and a greatly |
---|
17 | improved permission and authorization mechanism. |
---|
18 | |
---|
19 | Introduction |
---|
20 | Print spooler software is one of the most common and heavily |
---|
21 | used system application programs. While printing may appear to |
---|
22 | be simple on the surface, in practice it is complicated by the |
---|
23 | following problems. Each model of printer has a peculiar set of |
---|
24 | interface and format requirements; this means that the printer |
---|
25 | software must be highly configurable at the device interface |
---|
26 | level. Next, multiple users may want to share the same printer; |
---|
27 | this leads to the need for a spooling system with the associated |
---|
28 | problems of priority and fair use. Printers are notorious for |
---|
29 | failing at the most inopportune times; the spooling software |
---|
30 | needs to report failures and to reconfigure or repair the system |
---|
31 | in a simple manner. Finally, the software should be portable so |
---|
32 | that the same software can be used on different systems; in a |
---|
33 | network based system this introduces the problems of security and |
---|
34 | authentication. |
---|
35 | The LPRng Printer Spooling[Pow95] software is a descendant of |
---|
36 | the 4.3 BSD Line Printer Spooler Software (LPR),[Cam94] but has |
---|
37 | totally redesigned and reimplemented. The evolution started in |
---|
38 | 1986 at the University of Waterloo, where the original 4.3 soft- |
---|
39 | ware was modified to support a variety of new printers. Due to |
---|
40 | restrictions with the original AT&T and Berkeley software license |
---|
41 | these modifications could not be distributed. The problems |
---|
42 | encountered during this process led to the development of the PLP |
---|
43 | (Public Line Printer) software[Pow95a] and PLP Version 3.0 |
---|
44 | (PLP3.0) was released in 1988. The PLP software architecture was |
---|
45 | based on the the original LPR code, but with highly verbose diag- |
---|
46 | nostics and a much more elaborate set of administration func- |
---|
47 | tions. |
---|
48 | From 1988 to 1994 various sites and administrators modified |
---|
49 | and extended the PLP3.0 software. The plp@iona.ie mailing list |
---|
50 | was formed to distribute and coordinate these changes, and in |
---|
51 | 1994 a major programming effort by Justin Mason <jmason@iona.ie> |
---|
52 | restructured the PLP3.0 code, integrated the majority of exten- |
---|
53 | sions, and PLP4.0 was released in 1995. |
---|
54 | Problems with the PLP software were discussed in the |
---|
55 | plp@iona.ie mailing list as well as various USENIX newsgroups. |
---|
56 | Given the current network security issues, client/server based |
---|
57 | applications, and growing administration problems, the PLP4.0 |
---|
58 | software needed extensive revisions. There was general agreement |
---|
59 | on the following design goals. |
---|
60 | |
---|
61 | |
---|
62 | LPRng - Introduction 1 |
---|
63 | |
---|
64 | |
---|
65 | |
---|
66 | |
---|
67 | |
---|
68 | |
---|
69 | |
---|
70 | |
---|
71 | |
---|
72 | First, run time diagnostics and detailed error reporting were |
---|
73 | essential and should be the highest priority. When problems |
---|
74 | occur users and administrators must quickly diagnose the causes, |
---|
75 | and obtaining information is essential. Next, the user interface |
---|
76 | to the printing facilities should change as little as possible. |
---|
77 | This would allow a gradual evolution from LPR and PLP to the new |
---|
78 | software with as least surprises to the users as possible. How- |
---|
79 | ever, the administrative interface could change, and many |
---|
80 | improvements and changes were suggested. It was essential that |
---|
81 | the new software be compatible at the network interface level |
---|
82 | with other implementations of the LPR spooling software. While |
---|
83 | in 1990 the RFC1179 - Line Printer Daemon Protocol[McL90] docu- |
---|
84 | menting the network protocol to be used to transfer print jobs |
---|
85 | and status information between line printer spooling programs was |
---|
86 | published, many of the existing implementations do not conform to |
---|
87 | RFC1179 or have made extensions to the RFC. The existing LPR and |
---|
88 | PLP software uses a set of filter programs to interface to vari- |
---|
89 | ous printers. A major concern of administrators was that these |
---|
90 | vintage filter programs should be usable with the new software. |
---|
91 | Finally, the long list of security, administration, and network- |
---|
92 | ing problems should be eliminated if at all possible. |
---|
93 | These considerations led to the design and development of the |
---|
94 | LPRng software. While it is a totally new design and implementa- |
---|
95 | tion of spooling software, it uses routines and support code from |
---|
96 | the Free Software Foundation GNU Project, and is distributed |
---|
97 | under the GNU Copyleft License.[GNU91] The LPRng software was |
---|
98 | intentionally designed to use as few non-portable or non-standard |
---|
99 | Operating System facilities as possible, or to use them in a |
---|
100 | highly controlled and portable manner. The use of the GNU utili- |
---|
101 | ties such as autoconf and Gnumake allow operating system depen- |
---|
102 | dent versions of various support routines to be selected at com- |
---|
103 | pile time in an automatic manner. |
---|
104 | Since the original release of LPRng in 1994, there has been |
---|
105 | growing use of it for commercial and other business applications. |
---|
106 | The Artisitic license meets the needs of most end users; a com- |
---|
107 | mercial license and support is available for users and institu- |
---|
108 | tions that require it. In addition to the original goals, Ver- |
---|
109 | sion 3.1 of LPRng now provide the following capabilities: |
---|
110 | o Unique identification of user jobs. |
---|
111 | o Long job numbers (up to 6 digits long), which avoids problems |
---|
112 | when spooling a large number of jobs to a single spool queue. |
---|
113 | o Dynamic redirection and routing of jobs. A spool queue can |
---|
114 | now duplication and redirect a job to one or more spool |
---|
115 | queues. This allows dynamic routing of jobs based on load |
---|
116 | conditions and other considerations. |
---|
117 | o Authenticated job and command transfers between users and |
---|
118 | servers. The original LPR protocol as defined in RFC1179 has |
---|
119 | been extended to provide for authentication. The actual |
---|
120 | authentication is separate from LPRng, which provides an |
---|
121 | interface and specification for its use. Currently, PGP and |
---|
122 | Kerberos authentication is supported. |
---|
123 | The following sections discuss the overall architecture of the |
---|
124 | LPRng software, and then deal with the major components. The |
---|
125 | emphasis of this discussion are the added functionality or |
---|
126 | |
---|
127 | |
---|
128 | 2 LPRng - Introduction |
---|
129 | |
---|
130 | |
---|
131 | |
---|
132 | |
---|
133 | |
---|
134 | |
---|
135 | |
---|
136 | |
---|
137 | |
---|
138 | differences of LPRng. The LPRng configuration information, |
---|
139 | extensions to the printcap database, and changes to the lpr and |
---|
140 | other client programs is discussed. The operation of the job |
---|
141 | spool queues and the new algorithm used for job printing is then |
---|
142 | covered, together with a description of the filter interface |
---|
143 | mechanism. Security and associated problems with SETUID ROOT |
---|
144 | programs is briefly discussed, and the summary at the end lists |
---|
145 | some outstanding issues. |
---|
146 | |
---|
147 | LPRng Software Architecture |
---|
148 | The LPRng software architecture is shown in Figure 1. |
---|
149 | |
---|
150 | |
---|
151 | |
---|
152 | |
---|
153 | |
---|
154 | |
---|
155 | |
---|
156 | |
---|
157 | |
---|
158 | |
---|
159 | |
---|
160 | |
---|
161 | |
---|
162 | |
---|
163 | |
---|
164 | |
---|
165 | ------------------------------------------------------------------ |
---|
166 | LPRM LPQ LPC t2 server |
---|
167 | (LPD) Filters |
---|
168 | +++ + +++++ ++ |
---|
169 | +++++ +++++ +++++ ++ |
---|
170 | + |
---|
171 | LPR +++ LPD +++++++++++++ LPD +of |
---|
172 | + |
---|
173 | | | + |
---|
174 | | | +bp |
---|
175 | + |
---|
176 | + |
---|
177 | file t1@h1 t2@h2 + |
---|
178 | +if |
---|
179 | /usr/export/LPD/t1 /usr/spool/t2 + |
---|
180 | Databases control.t2 + |
---|
181 | +++++++++++ + |
---|
182 | + config + cfA003h1 cfA001h1 + |
---|
183 | +++++++++++ dfA003h1 dfA001h1 lp |
---|
184 | +++++++++++ hfA001h1 (/dev/lp) |
---|
185 | +printcap++ dfB003h1 |
---|
186 | +++++++++++ |
---|
187 | permissions cfA006h2.com |
---|
188 | cfA004h1 dfA006h2.com |
---|
189 | dfA004h1 |
---|
190 | |
---|
191 | Figure 1: LPRng Spooling Software Architecture |
---|
192 | |
---|
193 | |
---|
194 | LPRng - Introduction 3 |
---|
195 | |
---|
196 | |
---|
197 | |
---|
198 | |
---|
199 | |
---|
200 | |
---|
201 | |
---|
202 | |
---|
203 | |
---|
204 | While LPRng is similar in structure to the Berkeley LPR software, |
---|
205 | it differs in many important details. The dashed lines indicated |
---|
206 | TCP/IP based communication between two programs; solid lines rep- |
---|
207 | resent access to files or directories. Boxes with dotted out- |
---|
208 | lines represent databases that may be accessed by all programs, |
---|
209 | either as files or by using network facilities. The user pro- |
---|
210 | grams such as the print spooler lpr, the status reporter lpq, the |
---|
211 | job remover lprm, and the control program lpc are client programs |
---|
212 | which connect to one or more lpd server processes using TCP/IP. |
---|
213 | After validation and authentication the servers carry out |
---|
214 | requested activities on files and/or provide status information. |
---|
215 | The configuration and printcap databases provide the information |
---|
216 | needed by both server and client programs. While clients do not |
---|
217 | need access to the printcap database, in many cases a runt |
---|
218 | database is useful for providing printer configuration informa- |
---|
219 | tion. |
---|
220 | As in the LPR software, the lpd server manages one or more |
---|
221 | spool queues where print jobs are stored. These are are imple- |
---|
222 | mented as directories in a file system. A print job consists of |
---|
223 | a control file, which contains user information and printing |
---|
224 | options, and data files which contain the actual information to |
---|
225 | be printed. A spool queue can be a bounce or forwarding queue, |
---|
226 | which temporarily stores print jobs before they are transferred |
---|
227 | to another queue, or a print queue which has an associated |
---|
228 | printer. |
---|
229 | Operation of a spool queues is controlled by information in |
---|
230 | |
---|
231 | |
---|
232 | |
---|
233 | |
---|
234 | |
---|
235 | |
---|
236 | |
---|
237 | |
---|
238 | |
---|
239 | |
---|
240 | |
---|
241 | |
---|
242 | |
---|
243 | |
---|
244 | |
---|
245 | |
---|
246 | |
---|
247 | |
---|
248 | |
---|
249 | |
---|
250 | |
---|
251 | |
---|
252 | |
---|
253 | |
---|
254 | |
---|
255 | |
---|
256 | |
---|
257 | |
---|
258 | |
---|
259 | |
---|
260 | 4 LPRng - Introduction |
---|
261 | |
---|
262 | |
---|
263 | |
---|
264 | |
---|
265 | |
---|
266 | |
---|
267 | |
---|
268 | |
---|
269 | |
---|
270 | the spool queue printcap entry and the printer control file in |
---|
271 | the spool directory; individual print job may also have a job |
---|
272 | control file as well. |
---|
273 | |
---|
274 | |
---|
275 | |
---|
276 | |
---|
277 | |
---|
278 | |
---|
279 | |
---|
280 | |
---|
281 | |
---|
282 | |
---|
283 | |
---|
284 | |
---|
285 | |
---|
286 | |
---|
287 | |
---|
288 | |
---|
289 | |
---|
290 | |
---|
291 | |
---|
292 | |
---|
293 | |
---|
294 | |
---|
295 | |
---|
296 | |
---|
297 | |
---|
298 | |
---|
299 | -#-ENG-LPRng-Test-Configuration----------------------------------- |
---|
300 | # compile time only: |
---|
301 | #client_configuration_file /etc/lpd.conf:/etc/lpd_client.conf |
---|
302 | #server_configuration_file /etc/lpd.conf |
---|
303 | default_printer t1 |
---|
304 | default_host %H |
---|
305 | default_banner_printer /usr/local/bin/lpbanner |
---|
306 | lockfile /usr/spool/LPD/lpd.lock |
---|
307 | logfile /usr/adm/lpd.log |
---|
308 | #lpd_port printer |
---|
309 | lpd_port 4000 |
---|
310 | originate_port 721 731 |
---|
311 | user daemon |
---|
312 | group daemon |
---|
313 | #printcap_path /etc/printcap:/usr/etc/printcap |
---|
314 | printcap_path /tmp/LPD/printcap.%H |
---|
315 | #printcap_path |/tmp/LPD/pcserver |
---|
316 | #perms_path /tmp/LPD/printer_perms.%H |
---|
317 | #perms_path /etc/printperm:/usr/etc/printperm |
---|
318 | perms_path /tmp/LPD/printer_perms.%H |
---|
319 | #print_perms_path |/tmp/LPD/permserver |
---|
320 | use_info_cache yes |
---|
321 | # include facility |
---|
322 | include /tmp/LPD/common.conf |
---|
323 | Figure 2: Configuration Database Format |
---|
324 | |
---|
325 | |
---|
326 | LPRng - Introduction 5 |
---|
327 | |
---|
328 | |
---|
329 | |
---|
330 | |
---|
331 | |
---|
332 | |
---|
333 | |
---|
334 | |
---|
335 | |
---|
336 | Jobs are submitted to the lpd server by the lpr program which |
---|
337 | transfers the job over a TCP/IP connection. The lpd server then |
---|
338 | forwards the job to another server or print it. The lpq program |
---|
339 | requests and prints job status information, and the lprm program |
---|
340 | removes jobs from the spool queue. The LPRng software uses a |
---|
341 | permissions database and the printcap information to determine if |
---|
342 | a user is authorized to use a facility; authorization can be |
---|
343 | based on originating host, user name, and a variety of other |
---|
344 | attributes. |
---|
345 | After a job is placed in a print queue, lpd creates a server |
---|
346 | process to manage the printing operations. This server process |
---|
347 | then creates one or more filter processes which interface to the |
---|
348 | printer hardware. The data files are passed through the filters |
---|
349 | to the actual printer. |
---|
350 | |
---|
351 | Configuration Information |
---|
352 | Configuration information is used by both the LPRng clients |
---|
353 | and the lpd server. The configuration information controls the |
---|
354 | network behavior of the programs, and provides a set of default |
---|
355 | for commonly specified system information. Compile time defaults |
---|
356 | can be overridden by values read from a configuration file, whose |
---|
357 | format is shown in Figure 2. The configuration file can also be |
---|
358 | used to specify default values for printcap variables. |
---|
359 | In all LPRng database files leading whitespace, blank lines, |
---|
360 | and lines whose first non-whitespace character is a # are treated |
---|
361 | as comments and ignored; a \ as the last character of a non-com- |
---|
362 | ment line will logically continue this line to the next line, |
---|
363 | replacing the \ with one or more spaces. |
---|
364 | |
---|
365 | |
---|
366 | |
---|
367 | |
---|
368 | |
---|
369 | |
---|
370 | |
---|
371 | |
---|
372 | |
---|
373 | |
---|
374 | |
---|
375 | |
---|
376 | |
---|
377 | |
---|
378 | |
---|
379 | |
---|
380 | |
---|
381 | |
---|
382 | |
---|
383 | |
---|
384 | |
---|
385 | |
---|
386 | |
---|
387 | |
---|
388 | |
---|
389 | |
---|
390 | |
---|
391 | |
---|
392 | 6 LPRng - Introduction |
---|
393 | |
---|
394 | |
---|
395 | |
---|
396 | |
---|
397 | |
---|
398 | |
---|
399 | |
---|
400 | |
---|
401 | |
---|
402 | Each line of the configuration file has a configuration vari- |
---|
403 | able and its value. The client_configuration_file and |
---|
404 | server_configuration_file values are used only at startup and |
---|
405 | initialization, and specify the configuration files for the LPRng |
---|
406 | client and lpd server programs. Each of the configuration files |
---|
407 | is read in sequence and variable values are updated as the files |
---|
408 | are read. |
---|
409 | Much of the configuration information provides site dependent |
---|
410 | information or allows configuration for testing. The |
---|
411 | default_printer and default_ host variables set the default |
---|
412 | printer and host to be used by client software; the %h and %H |
---|
413 | strings are replaced with the short or fully qualified domain |
---|
414 | name of the host on which the software is running. The default_ |
---|
415 | banner_printer sets the default banner printing program to be |
---|
416 | used by the lpd server; the lockfile and logfile are used by the |
---|
417 | lpd server to prevent multiple servers from running and to record |
---|
418 | lpd logging information. |
---|
419 | The lpd_port variable specifies the TCP/IP port on which the |
---|
420 | lpd server listens for client requests. In production versions |
---|
421 | this is usually 515 (the printer alias in the network service |
---|
422 | database); by setting it to some other port a test version can be |
---|
423 | run in parallel with production software. |
---|
424 | The originate_port value specifies a range of TCP/IP port num- |
---|
425 | bers for originating connections. RFC1179 specifies that these |
---|
426 | connections should originate from port 721 to 731 inclusive; in |
---|
427 | most UNIX environments these are privileged ports and cannot be |
---|
428 | used unless the program's effective UID is ROOT (0). On a UNIX |
---|
429 | system, if the client software is not SETUID ROOT, then only the |
---|
430 | ROOT user can successfully bind to a privileged port. See Secu- |
---|
431 | rity Considerations for details on problems this may expose. The |
---|
432 | user and group entries specify the effective user and group IDs |
---|
433 | to be used by the lpd server. For this to be effective, the lpd |
---|
434 | server must be SUID root or be started by a root process; see |
---|
435 | Security Considerations for details. |
---|
436 | The printcap_path, lpd_printcap_path, and printer_perms con- |
---|
437 | figuration information specifies where database information will |
---|
438 | be found. All programs use the printcap_path, and printer_perms |
---|
439 | information; the lpd server will use the lpd_printcap_path infor- |
---|
440 | mation after the printcap_path informaiton. The use_info_cache |
---|
441 | option allows the lpd server to read the information once at |
---|
442 | startup and then use a cached copy of this information, as does |
---|
443 | the inet.d server. If lpd receives a SIGHUP signal it rereads |
---|
444 | the database information. This can be done by using the lpc |
---|
445 | reread command. Finally, it is possible to use the include |
---|
446 | facility to read additional configuration files. This facility |
---|
447 | may be removed in later releases of the LPRng software. |
---|
448 | |
---|
449 | Printcap Information |
---|
450 | Entries in the printcap database define spool queues and their |
---|
451 | configuration available to the LPRng software. Figures 3a and 3b |
---|
452 | show a set of client and server printcap database entries. Lead- |
---|
453 | ing whitespace, blank lines, and lines whose first character is |
---|
454 | `#' are ignored. Default values for printcap variables are set |
---|
455 | in the configuration file, using the same tags as the printcap |
---|
456 | |
---|
457 | |
---|
458 | LPRng - Introduction 7 |
---|
459 | |
---|
460 | |
---|
461 | |
---|
462 | |
---|
463 | |
---|
464 | |
---|
465 | |
---|
466 | |
---|
467 | |
---|
468 | file. For compatibility with the historical LPR printcap format, |
---|
469 | \ at the end of a line appends the next line to the current line. |
---|
470 | -#-Client-Printcap-Database--------------------------------------- |
---|
471 | # printer p1@'local host' |
---|
472 | p1 |
---|
473 | # remote printer |
---|
474 | p2 |
---|
475 | |full|double|rotate |
---|
476 | |twosided|XDR Line Printer |
---|
477 | :lp=p2@host |
---|
478 | # remote printer alternative |
---|
479 | p3:rp=p3:rm=host |
---|
480 | # connect to port 2000 |
---|
481 | p4:lp=host%2000 |
---|
482 | # all entry (lpq -a) |
---|
483 | all:all=p1,p2,p3 |
---|
484 | Figure 3a: Client Printcap Examples |
---|
485 | ------------------------------------------------------------------ |
---|
486 | A printcap entry consists of a primary name, an optional set |
---|
487 | of aliases, and a set of variable tag names and values. The pri- |
---|
488 | mary name is the name by which the printer is referred to in |
---|
489 | error messages and status information. The | separator starts an |
---|
490 | alias entry and the : separator starts an variable entry; entries |
---|
491 | extend to the end of line or the next separator character; lead- |
---|
492 | ing and trailing in each entry whitespace is ignored. |
---|
493 | The LPRng client programs need only the lpd server host name |
---|
494 | and target printer on the server. This can be specified on the |
---|
495 | command line using the `-Pprinter' or `-Pprinter@host' option; if |
---|
496 | no default is specified in the configuration information the |
---|
497 | local host is the default server host. In Figure 3a, the simple |
---|
498 | printcap entry p1 means printer p1 on the default host; entry p2 |
---|
499 | has has two aliases, the last of which is really a comment and |
---|
500 | will be used when displaying status information. |
---|
501 | The lp (line printer) tag specifies the printer device or |
---|
502 | host. The form lp=printer@host is printer on host; the form |
---|
503 | lp=printer@host%2000 indicates the lpd server is available on |
---|
504 | port 2000. This last form is extremely useful when running mul- |
---|
505 | tiple versions of spooler software, and for connecting to network |
---|
506 | based printers with specialized needs. A file pathname such as |
---|
507 | lp =/dev/ttya specifies a printer device to be used by the |
---|
508 | server; the form lp=host%2000 indicates port 2000 on host is net- |
---|
509 | work based printing device. |
---|
510 | More printcap information is needed for the lpd server, as is |
---|
511 | shown in Figure 3b. Spool queues have printcap entries with a sd |
---|
512 | (spool directory) tag. The tc tag (recursively) appends a print- |
---|
513 | cap entry to the end of the referencing entry. Multiple tc tags |
---|
514 | may appear in a printcap entry. Printcap entries whose primary |
---|
515 | (first) name starts with a non-alphabetic character are consid- |
---|
516 | ered to be dummy entries and can only be referenced by tc tags. |
---|
517 | ------------------------------------------------------------------ |
---|
518 | # Server/Client Printcap Database |
---|
519 | # file: /etc/printcap |
---|
520 | # clients see p1 as remote pr |
---|
521 | # server use sd tag to get |
---|
522 | |
---|
523 | |
---|
524 | 8 LPRng - Introduction |
---|
525 | |
---|
526 | |
---|
527 | |
---|
528 | |
---|
529 | |
---|
530 | |
---|
531 | |
---|
532 | |
---|
533 | |
---|
534 | # /usr/spool/LPD/p1/printcap |
---|
535 | p1 |
---|
536 | :cm=Test Printer 1 |
---|
537 | :sd=/usr/spool/LPD/p1 |
---|
538 | :lp=p1@host |
---|
539 | # second printer, |
---|
540 | p2 |
---|
541 | :sd=/usr/spool/LPD/p2 |
---|
542 | :tc=@common |
---|
543 | # common information |
---|
544 | @common: |
---|
545 | :lf=log |
---|
546 | :rw |
---|
547 | :of=/tmp/LPD/psof |
---|
548 | :if=/tmp/LPD/psif |
---|
549 | p3:sd=/usr/spool/%P:tc=@common |
---|
550 | |
---|
551 | # Printer specific information |
---|
552 | # used by server, |
---|
553 | # file: /usr/spool/LPD/\ |
---|
554 | # p1/printcap |
---|
555 | # Alternately, this information |
---|
556 | # could be part of the |
---|
557 | # /etc/lpd_printcap file |
---|
558 | p1 |
---|
559 | # override previous value |
---|
560 | :lp=/dev/ttya |
---|
561 | :lf=log |
---|
562 | :rw |
---|
563 | :of=/tmp/LPD/psof |
---|
564 | :if=/tmp/LPD/psif |
---|
565 | # debug |
---|
566 | # :db=9,remote=10 |
---|
567 | # autohold - hold all jobs on submission |
---|
568 | # :ah |
---|
569 | Figure 3b: Server/Client Printcap Examples |
---|
570 | ------------------------------------------------------------------ |
---|
571 | The lpd server checks to see if a printcap file is in the |
---|
572 | spool directory, and will read the printcap information from this |
---|
573 | file, overridding existing information. This allows a single |
---|
574 | master printcap database to be used by both clients and servers; |
---|
575 | the clients ignore the sd tags and the server gets printer spe- |
---|
576 | cific information from the printcap file in the spool directory. |
---|
577 | The oh (options for host) entry can be used to specify that |
---|
578 | the printcap entry is used only by a host whose IP address |
---|
579 | matches the IP address of the entry. For example, if |
---|
580 | oh=astart2.astart.com, then only hosts with the same IP address |
---|
581 | as astart2.astart.com would use the printcap entry. By using the |
---|
582 | oh entry in the server printcap entry a single printcap database |
---|
583 | file can be used. |
---|
584 | A major administration problem is the distribution of printcap |
---|
585 | information. One solution is to use a network database such as |
---|
586 | Sun Microsystems NIS, HESIOD, Sybase, etc. Rather than build in |
---|
587 | a specific database access method the LPRng software uses the |
---|
588 | |
---|
589 | |
---|
590 | LPRng - Introduction 9 |
---|
591 | |
---|
592 | |
---|
593 | |
---|
594 | |
---|
595 | |
---|
596 | |
---|
597 | |
---|
598 | |
---|
599 | |
---|
600 | concept of database filters to access the information. In Figure |
---|
601 | 2, the configuration printcap_path value |/tmp/LPD/dbserver spec- |
---|
602 | ifies using a filter program to get printcap information. |
---|
603 | The filter program is started by the client or server process |
---|
604 | and a string containing the name of the desired printcap entry is |
---|
605 | sent to the filter's stdin port; the returned printcap informa- |
---|
606 | tion is read from the filter's stdout port. By convention, a all |
---|
607 | request returns either all the available printcap entries, or an |
---|
608 | all printcap entry whose all tag contains a list of available |
---|
609 | printers. |
---|
610 | |
---|
611 | |
---|
612 | |
---|
613 | |
---|
614 | |
---|
615 | |
---|
616 | |
---|
617 | |
---|
618 | |
---|
619 | Key----------Match-Connect-Job---Job----LPQ--LPRM--LPC------------ |
---|
620 | Spool Print |
---|
621 | SERVICE S 'X' 'R' 'P' 'Q' 'M' 'C,S' |
---|
622 | USER S - JUSR JUSR JUSR JUSR JUSR |
---|
623 | HOST S RH JH JH JH JH JH |
---|
624 | GROUP S - JUSR JUSR JUSR JUSR JUSR |
---|
625 | IP IP RIP JIP JIP RIP JIP JIP |
---|
626 | PORT N PORT PORT - PORT PORT PORT |
---|
627 | REMOTEUSER S - JUSR JUSR JUSR CUSR CUSR |
---|
628 | REMOTEHOST S RH RH JH RH RH RH |
---|
629 | REMOTEGROUP S - JUSR JUSR JUSR CUSR CUSR |
---|
630 | REMOTEIP IP RIP RIP JIP RIP RIP RIP |
---|
631 | CONTROLLINE S - CL CL CL CL CL |
---|
632 | PRINTER S - PR PR PR PR PR |
---|
633 | FORWARD V - - SA - SA SA |
---|
634 | SAMEHOST V - SA - SA SA SA |
---|
635 | SAMEUSER V - - - SU SU SU |
---|
636 | SERVER V - SV - SV SV SV |
---|
637 | KEY: |
---|
638 | JH = HOST host in control file |
---|
639 | RH = REMOTEHOST connecting host name |
---|
640 | JUSR = USER user in control file |
---|
641 | CUSR = REMOTEUSER user from control request |
---|
642 | JIP= IP IP address of host in control file |
---|
643 | RIP= REMOTEIP IP address of requesting host |
---|
644 | PORT= N connecting host origination port |
---|
645 | CONTROLLINE= pattern match of control line in control file |
---|
646 | FW= IP of source of request = IP of host in control file |
---|
647 | SA= IP of source of request = IP of host in control file |
---|
648 | SU= user from request = user in control file |
---|
649 | SA= IP of source of request = IP of server host |
---|
650 | Match: S = string with glob wild card, IP = IPaddress[/netmask], |
---|
651 | i.e.- x.y.z.w/a.b.c.d or x.y.z.w/N where N is length of mask |
---|
652 | N = low[-high] number range; NOT negates the test status |
---|
653 | Figure 4: Permission Attributes |
---|
654 | |
---|
655 | |
---|
656 | 10 LPRng - Introduction |
---|
657 | |
---|
658 | |
---|
659 | |
---|
660 | |
---|
661 | |
---|
662 | |
---|
663 | |
---|
664 | |
---|
665 | |
---|
666 | The Sun NIS database can be access by using a simple shell |
---|
667 | script and the ypmatch program; HESIOD, DBII, Sybase, and other |
---|
668 | databases can be supported in the same manner. |
---|
669 | The actual printcap expansion algorithm is as follows. The |
---|
670 | list of printcap files specified by the configuration database |
---|
671 | values printcap_path and on the LPD server the additional |
---|
672 | lpd_printcap_path are searched. These values should be semicolon |
---|
673 | or comma separated lists of files, or the command for a filter. |
---|
674 | The files are read, and any include files are read at the indi- |
---|
675 | cated points. (This is similar to the manner in which the C lan- |
---|
676 | guage preprocessor operates.) Next, the input is parsed into |
---|
677 | printcap fields, and organized into raw printcap entries. The |
---|
678 | raw entries are then sorted and joined together to form the final |
---|
679 | printcap entries. As each entry is added, it is checked for a tc |
---|
680 | field and the specified entry is recursively processed. |
---|
681 | Strings with %X in them will be processed and the string sub- |
---|
682 | stitions will be made. Currently, %P, %H, %h, %R, %M are |
---|
683 | replaced by the printer name, fully qualified host name, short |
---|
684 | |
---|
685 | |
---|
686 | |
---|
687 | |
---|
688 | |
---|
689 | |
---|
690 | |
---|
691 | |
---|
692 | |
---|
693 | |
---|
694 | |
---|
695 | |
---|
696 | |
---|
697 | |
---|
698 | |
---|
699 | |
---|
700 | |
---|
701 | |
---|
702 | |
---|
703 | |
---|
704 | |
---|
705 | |
---|
706 | |
---|
707 | |
---|
708 | |
---|
709 | |
---|
710 | |
---|
711 | |
---|
712 | |
---|
713 | |
---|
714 | |
---|
715 | |
---|
716 | |
---|
717 | |
---|
718 | |
---|
719 | |
---|
720 | |
---|
721 | |
---|
722 | LPRng - Introduction 11 |
---|
723 | |
---|
724 | |
---|
725 | |
---|
726 | |
---|
727 | |
---|
728 | |
---|
729 | |
---|
730 | |
---|
731 | |
---|
732 | host name, remote printer, and remote host respectively. The |
---|
733 | result of this process will be a set of printcap entries whose |
---|
734 | values are organized in sorted order. The resulting printcap |
---|
735 | entry can be examined using the lpc program printcap command. |
---|
736 | The printcap database is consulted only when actual informa- |
---|
737 | tion about a printer is needed. When an actual printcap entry is |
---|
738 | needed, the database is checked to see if a printcap entry with |
---|
739 | the printer name is present. If it is not and a filter has been |
---|
740 | specified in the printcap_path configuration information, then |
---|
741 | the filter started and the required printer name is made avail- |
---|
742 | able on the filter stdin (file descriptor 0). The filter will |
---|
743 | write information to its stdout (file descriptor 1), which is in |
---|
744 | turn read by the LPRng software. The result is then parsed and |
---|
745 | checked as for the printcap entries obtained from files. |
---|
746 | When the tc entry to be expanded is not in the printcap |
---|
747 | database and a filter is available, then the filter will be |
---|
748 | invoked to obtain the entry. If the first printer name in the |
---|
749 | printcaps entry is non-alphabetic character, then the entry can |
---|
750 | only be used as a reference for tc. |
---|
751 | |
---|
752 | Job Submission |
---|
753 | The lpr client program submits jobs to the lpd server by sim- |
---|
754 | ply using a TCP/IP connection and sending the files to the |
---|
755 | server. The only information the client needs is the printer and |
---|
756 | hostname, and can run as a user application. |
---|
757 | If the printer output is piped to the lpr client, then RFC1179 |
---|
758 | allows the output to be directly copied from the client to the |
---|
759 | server by using the lpr -k (for seKure) option. While LPRng sup- |
---|
760 | ports this option, many other LPR server implementations are |
---|
761 | defective or do not support this capability. This is useful when |
---|
762 | creating large jobs, or there is are security related problems |
---|
763 | with creating a temporary file on the client host. |
---|
764 | The LPRng clients can run as ordinary user processes; elimi- |
---|
765 | nates any problems with unauthorized access to files, as the |
---|
766 | client has no permission except those of the user. |
---|
767 | However, for the lpr client to be compatible with vintage LPR |
---|
768 | spooling software (i.e.- SUN Microsystems), it must originate a |
---|
769 | connection from a privileged port. For this reason, when run as |
---|
770 | a SETUID ROOT program, after making a connection to the the |
---|
771 | server, the lpr client uses setuid(2) to drop the root permis- |
---|
772 | sions, and operates as an ordinary user program. |
---|
773 | Several of the vintage lpr options such as the `-s' (use sym- |
---|
774 | bolic links) are not supported; the symbolic link option has no |
---|
775 | effect as files are transferred directly to the server. |
---|
776 | |
---|
777 | Permissions and Authorization Checking |
---|
778 | One of the requirements of any printer spooling system is to |
---|
779 | deny access to unauthorized users and to record accounting infor- |
---|
780 | mation for authorized users. The LPRng software uses a rather |
---|
781 | elaborate permissions and authorization mechanism, similar to the |
---|
782 | ones used by computer network firewalls. |
---|
783 | Since all spooling operations are carried out by the lpd |
---|
784 | server, it is the only process that needs to perform permissions |
---|
785 | checks. Permissions are checked when a connection is made to the |
---|
786 | |
---|
787 | |
---|
788 | 12 LPRng - Introduction |
---|
789 | |
---|
790 | |
---|
791 | |
---|
792 | |
---|
793 | |
---|
794 | |
---|
795 | |
---|
796 | |
---|
797 | |
---|
798 | server, and before the server performs and action or provides |
---|
799 | information requested by the various client programs. In addi- |
---|
800 | tion, the server checks job permissions before it prints a job as |
---|
801 | well as when the job is submitted. This allows NFS based printer |
---|
802 | spooler software, which copies control and data files directly to |
---|
803 | a spool directory, to be used with the LPRng software. See the |
---|
804 | Security Considerations section for a discussion of problems |
---|
805 | related to allowing this type of activity. |
---|
806 | |
---|
807 | |
---|
808 | |
---|
809 | |
---|
810 | |
---|
811 | |
---|
812 | |
---|
813 | |
---|
814 | |
---|
815 | |
---|
816 | |
---|
817 | |
---|
818 | |
---|
819 | |
---|
820 | |
---|
821 | |
---|
822 | |
---|
823 | |
---|
824 | |
---|
825 | |
---|
826 | |
---|
827 | |
---|
828 | |
---|
829 | |
---|
830 | |
---|
831 | |
---|
832 | |
---|
833 | -#-Permissions-Database------------------------------------------- |
---|
834 | # Reject connections not in our subnet |
---|
835 | REJECT SERVICE=X NOT IP=130.191.0.0/255.255.0.0 |
---|
836 | # Allow root on trusted hosts or server |
---|
837 | # to have control and removal capability |
---|
838 | # and users on the same host to remove their jobs |
---|
839 | ACCEPT SERVICE=C,M HOST=hop.sdsu.edu,skip.sdsu.edu \ |
---|
840 | PORT=721-731 USER=root |
---|
841 | ACCEPT SERVICE=C,M SERVER USER=root |
---|
842 | ACCEPT SERVICE=M SAMEUSER SAMEHOST |
---|
843 | REJECT SERVICE=C,M |
---|
844 | # do not allow forwarded jobs from anybody but dickory |
---|
845 | ALLOW SERVICE=R NOT SAMEHOST HOST=dickory.sdsu.edu |
---|
846 | REJECT SERVICE=R NOT SAMEHOST |
---|
847 | # Allow PC lab to spool to laserwriter |
---|
848 | ACCEPT SERVICE=R,P,Q PRINTER=lw4 HOST=*.eng.sdsu.edu |
---|
849 | # if no match in other database then you fail |
---|
850 | DEFAULT REJECT |
---|
851 | Figure 5: Sample Permissions Database |
---|
852 | |
---|
853 | |
---|
854 | LPRng - Introduction 13 |
---|
855 | |
---|
856 | |
---|
857 | |
---|
858 | |
---|
859 | |
---|
860 | |
---|
861 | |
---|
862 | |
---|
863 | |
---|
864 | Each request for service has a set of attributes and values; a |
---|
865 | list of these attributes is shown in Figure 4. Figure 5 shows a |
---|
866 | sample permissions database. Each line in the database consists |
---|
867 | of a match result and a list of attribute names and match pat- |
---|
868 | terns. Permissions checking is done by scanning the database in |
---|
869 | order, checking each line for a match. If all the entries on |
---|
870 | line match, then the result is the match result for the line or |
---|
871 | the current default. Note that each entry can have several |
---|
872 | alternate patterns; these patterns are tried in order until a |
---|
873 | match is found. |
---|
874 | The default_permission configuration variable specifies an |
---|
875 | initial (default) permission database entry; additional permis- |
---|
876 | sion databases are specified by the perms_path configuration |
---|
877 | variable. When checking permissions for a spool queue with |
---|
878 | printcap entry, the xu printcap tag provides an additional set of |
---|
879 | databases to be searched as well. One of the database entries |
---|
880 | can be a filter, which is invoked with the filter_options speci- |
---|
881 | fied in the configuration database, and has the name of the |
---|
882 | printer written to its standard input. The filter options |
---|
883 | include the print job user name, which can be used to search a |
---|
884 | database to determine if the user has permission to access a |
---|
885 | file. The filter output is used as an additional permission file |
---|
886 | for permissions checking. |
---|
887 | For a complete list of keys and tags, see the manual page for |
---|
888 | details. If no match is found after searching all specified |
---|
889 | databases then the last specified default permission will be |
---|
890 | used. |
---|
891 | Permission attributes are treated as string, integer, or IP |
---|
892 | address values. The string patterns are based on the simple glob |
---|
893 | patterns of the Bourne and C shells, and use case insensitive |
---|
894 | matching with only the * metacharacter. For example, the pattern |
---|
895 | A*b will match Ab, and AthisB. IP address patterns are an |
---|
896 | address (ADDR) followed by an optional netmask (NM) which |
---|
897 | defaults to 255.255.255.255; the match succeeds if (using C |
---|
898 | |
---|
899 | |
---|
900 | |
---|
901 | |
---|
902 | |
---|
903 | |
---|
904 | |
---|
905 | |
---|
906 | |
---|
907 | |
---|
908 | |
---|
909 | |
---|
910 | |
---|
911 | |
---|
912 | |
---|
913 | |
---|
914 | |
---|
915 | |
---|
916 | |
---|
917 | |
---|
918 | |
---|
919 | |
---|
920 | 14 LPRng - Introduction |
---|
921 | |
---|
922 | |
---|
923 | |
---|
924 | |
---|
925 | |
---|
926 | |
---|
927 | |
---|
928 | |
---|
929 | |
---|
930 | language notation) (IP^ADDR)&NM is zero. For example, the pat- |
---|
931 | tern 130.191.163.0 / 255.255.255.0 matches all of the addresses |
---|
932 | in the 130.191.163.0 subnet range. The netmask can also be spec- |
---|
933 | ified by the number of most significant non-zero bits. For exam- |
---|
934 | ple, 130.191.163.0/255.255.255.0 and 130.191.163.0/24 are the |
---|
935 | same address/mask pair. Number patters are a low to (optional) |
---|
936 | high integer range. |
---|
937 | The special pattern char= pattern matches the char line in the |
---|
938 | job control file against pattern. For example, C=A*,B*,C* will |
---|
939 | check the C (class) information line for a string starting with |
---|
940 | A, B, or C. The special pattern NULL matches missing or no |
---|
941 | information; for example the permissions entry ALLOW SERVICE=R,P |
---|
942 | USER=NULL,* allows anonymous job spooling and printing. |
---|
943 | |
---|
944 | Spool Queues and Job Files |
---|
945 | The main activity of the lpd server is centered on managing |
---|
946 | print jobs in the spool queues. A print job consists of a con- |
---|
947 | trol file, containing user and other information, and data files |
---|
948 | containing the information to be printed. The control file for- |
---|
949 | mat is specified by RFC1179; a sample job control file is shown |
---|
950 | in Figure 6. Control file names have the format cfXnnnHOST, |
---|
951 | where X is a letter, nnn is a 3 digit job number, and HOST is a |
---|
952 | host identifier. Data files names have the format dfXnnnHOST, |
---|
953 | where X is a letter, and nnn and HOST are identical to the corre- |
---|
954 | sponding control file. |
---|
955 | -Htaco.astart.com------------------------------------------------- |
---|
956 | Ppapowell |
---|
957 | J(stdin) |
---|
958 | CA |
---|
959 | Lpapowell |
---|
960 | Qt1 |
---|
961 | fdfA917taco.astart.com |
---|
962 | N(stdin) |
---|
963 | UdfA917taco.astart.com |
---|
964 | Figure 6: Job Control File |
---|
965 | ------------------------------------------------------------------ |
---|
966 | Control file lines starting with an upper case letter provide |
---|
967 | information and those starting with lower case letters specify a |
---|
968 | format and a data file to be printed with the format. For exam- |
---|
969 | ple, the P (person) and H (host) lines give the originating user |
---|
970 | and host name; the I (indent) and L (banner name) are used when |
---|
971 | printing the job. |
---|
972 | The LPRng software extends the basic RFC1179 control file |
---|
973 | entries by adding Z (output filters options), Q (original queue), |
---|
974 | and A (identification) options. The value of these options are |
---|
975 | passed to the filters that format and print the data files. For |
---|
976 | example, Figure 3a shows an example of a printcap entry (p2) with |
---|
977 | several aliases. The lpr command lpr -Q -Pdouble -Zheavy_paper |
---|
978 | will create a control file with the Qdouble and Zheavy_paper |
---|
979 | entries and sends it to the p2 printer. The output printing can |
---|
980 | use the Q and Z entries to select various paper and format |
---|
981 | options. |
---|
982 | |
---|
983 | |
---|
984 | |
---|
985 | |
---|
986 | LPRng - Introduction 15 |
---|
987 | |
---|
988 | |
---|
989 | |
---|
990 | |
---|
991 | |
---|
992 | |
---|
993 | |
---|
994 | |
---|
995 | |
---|
996 | LPD Server Operations |
---|
997 | The lpd server creates queue server process for each spool |
---|
998 | queue, and then waits for connections from clients. Each time a |
---|
999 | request arrives the server will create a new process to handle |
---|
1000 | the requests. The max_servers_active configuration variable can |
---|
1001 | be used to limit the number of active servers. The queue server |
---|
1002 | process uses the printcap entry information and a set of control |
---|
1003 | files in the spool directory to control its activities and report |
---|
1004 | its actions (Figure 1). In the discussion below, printer is |
---|
1005 | stands for the primary printer name; all files are in the spool |
---|
1006 | directory unless otherwise indicated. |
---|
1007 | The Server lock file (printer) is used to ensure that only one |
---|
1008 | server process is active at a time. The spool control file (con- |
---|
1009 | trol.printer) has the format shown in Figure 7a, and controls one |
---|
1010 | or more of the spool queue related activities. Entries in this |
---|
1011 | file override defaults and values in the printcap database. |
---|
1012 | Note: the information shown in this file may not be present at |
---|
1013 | all times. |
---|
1014 | The control file spooling_disabled and printing_ disabled |
---|
1015 | entries disable spooling to the queue and printing from the queue |
---|
1016 | respectively. The redirect entry causes the server to transfer |
---|
1017 | all spool jobs to the specified remote printer. When holdall is |
---|
1018 | enabled, the server will not process a jobs until it is released |
---|
1019 | by a request from the lpc program. The printcap ah (automati- |
---|
1020 | cally hold) flag can be used to set job holding on by default, or |
---|
1021 | it can be enabled/disabled by using the lpc holdall or noholdall |
---|
1022 | commands. If the ah flag is on, it cannot be overriden by the |
---|
1023 | lpc holdall/noholdall commands. |
---|
1024 | -printing_disabled-0---------------------------------------------- |
---|
1025 | spooling_disabled 1 |
---|
1026 | debug 10,remote=5,log=/tmp/log |
---|
1027 | redirect p3@mentor |
---|
1028 | holdall off |
---|
1029 | class A,B |
---|
1030 | Figure 7a: Spool Control File |
---|
1031 | ------------------------------------------------------------------ |
---|
1032 | The class entry restricts the printable jobs to the specified |
---|
1033 | class. This facility allows special forms to be mounted on a |
---|
1034 | printer and only jobs which need them to be printed. The special |
---|
1035 | pattern char=patterns restricts printing to jobs with a control |
---|
1036 | file line starting with char which matches pattern. For example, |
---|
1037 | P=accounting could be used to restrict printing to jobs from the |
---|
1038 | accounting user. |
---|
1039 | The debug entry is a diagnostic and testing aid. The set of |
---|
1040 | options are used used by the server to enable or disable specific |
---|
1041 | testing functions. For example, 10,remote=5,log= /tmp/log speci- |
---|
1042 | fies a general debugging level of 10, setting the remote flag to |
---|
1043 | 5, and logging to the /tmp/log file. |
---|
1044 | The lpc (line printer control) program is used to request the |
---|
1045 | lpd server to change the spool control file values and take other |
---|
1046 | actions, such as starting or stopping server processes. The lpc |
---|
1047 | program can also request (brutal) spool server process termina- |
---|
1048 | tion, and (gentle) restarting of spooling activities. The lpc |
---|
1049 | stop and start commands are used to enable and disable printing; |
---|
1050 | |
---|
1051 | |
---|
1052 | 16 LPRng - Introduction |
---|
1053 | |
---|
1054 | |
---|
1055 | |
---|
1056 | |
---|
1057 | |
---|
1058 | |
---|
1059 | |
---|
1060 | |
---|
1061 | |
---|
1062 | enable and disable is used to enable and disable spooling. The |
---|
1063 | abort command will attempt to brutally stop printing of the cur- |
---|
1064 | rent job and remove it; the kill command will stop printing and |
---|
1065 | then attempt to restart the last job. There are similar commands |
---|
1066 | to modify the various fields in the control file; see the lpc man |
---|
1067 | page for details. |
---|
1068 | The spool server process scans the spool queue, ordering jobs |
---|
1069 | to be serviced in a first-in, first-out order within priority |
---|
1070 | classes. Class A is the lowest (default) priority, and Z is the |
---|
1071 | highest. When a job is selected for for servicing, the spool |
---|
1072 | server forks a subserver process to carry out the actual work.. |
---|
1073 | The reason for using a subserver process for per job servicing |
---|
1074 | is based on experiences with a variety of UNIX implementations. |
---|
1075 | Some of these implementations have memory leaks or file descrip- |
---|
1076 | tor leaks associated with various database and networking rou- |
---|
1077 | tines; each time a process uses these routines they open a new |
---|
1078 | file descriptor or allocate some temporary storage. Unfortu- |
---|
1079 | nately, these descriptors are never closed the descriptors or |
---|
1080 | reclaim the storage. These defective functions are firewalled in |
---|
1081 | a subserver process, which only exists while a particular job is |
---|
1082 | processed. Note that the same problems exist in the lpd server, |
---|
1083 | which also takes care to isolate these actions in a subserver |
---|
1084 | process. |
---|
1085 | -active-----2743-------------------------------------------------- |
---|
1086 | hold 1 |
---|
1087 | priority 0x873486 |
---|
1088 | remove 1 |
---|
1089 | redirect p4@mentor |
---|
1090 | error Printer timed out |
---|
1091 | Figure 7b: Job Hold File |
---|
1092 | ------------------------------------------------------------------ |
---|
1093 | When a job is selected for service, the subserver process cre- |
---|
1094 | ates a job hold file to record information; job cfA001mentor will |
---|
1095 | have hold file hfA001mentor. The hold file has the format shown |
---|
1096 | in Figure 7b. |
---|
1097 | The active entry records the process ID of the subserver pro- |
---|
1098 | cess, and indicates that the job is active. A non-zero hold |
---|
1099 | entry indicates that the job is being held by administrative |
---|
1100 | actions; a hold value of 0 allows a job to be printed. The lpc |
---|
1101 | hold and release commands can be used to hold and release jobs. |
---|
1102 | The priority field specifies an additional level of job prior- |
---|
1103 | ity; jobs with non-zero priority fields are serviced before jobs |
---|
1104 | with 0 fields; the lpc topq command updates the priority value. |
---|
1105 | The redirect entry supplements the spool queue redirect infor- |
---|
1106 | mation. This entry allows individual jobs to be moved to another |
---|
1107 | spool queue. The lpc move command updates the redirect value. |
---|
1108 | The remove and error entries are used to solve a problem with |
---|
1109 | defective or misconfigured printing software. After a job is |
---|
1110 | serviced its files are removed from the spool directory. How- |
---|
1111 | ever, sometimes due to accident or intent, the files cannot be |
---|
1112 | deleted, resulting in the job being endlessly printed and pre- |
---|
1113 | venting normal operations. When a job is serviced, the job hold |
---|
1114 | file is created and written in the spool directory; if the hold |
---|
1115 | file cannot be modified the job is not serviced. After the job |
---|
1116 | |
---|
1117 | |
---|
1118 | LPRng - Introduction 17 |
---|
1119 | |
---|
1120 | |
---|
1121 | |
---|
1122 | |
---|
1123 | |
---|
1124 | |
---|
1125 | |
---|
1126 | |
---|
1127 | |
---|
1128 | has been serviced the remove field is set to a non-zero value; |
---|
1129 | this prevents the job from being reprinted, and the error field |
---|
1130 | records any error conditions that might inhibit retrying servic- |
---|
1131 | ing the job. This information is displayed by the lpq (line |
---|
1132 | printer queue) program. After the job files have been successful |
---|
1133 | removed, the server then removes the job hold file. |
---|
1134 | A bounce queue is used to temporarily hold jobs until they can |
---|
1135 | be forwarded to a remote printer. This is useful when sending |
---|
1136 | jobs to a network printer. The LPRng software lpr and lpd pro- |
---|
1137 | grams use the same algorithm to check file permissions and acces- |
---|
1138 | sibility when sending jobs to a remote printer. Normally, data |
---|
1139 | files are not modified when forwarding, but if the printcap |
---|
1140 | bq=destsystem flag is set and there is an appropriate format fil- |
---|
1141 | ter, the data files will be processed by the filter before trans- |
---|
1142 | fering to the destination system. Note that for correct opera- |
---|
1143 | tion, the printcap lp flag should be set to the name/host combi- |
---|
1144 | nation of the bounce queue, i.e.- |
---|
1145 | |
---|
1146 | |
---|
1147 | |
---|
1148 | |
---|
1149 | |
---|
1150 | |
---|
1151 | |
---|
1152 | |
---|
1153 | |
---|
1154 | -LP-=-open(-'lp'-);--//-open-device------------------------------- |
---|
1155 | OF = IF = LP; // set defaults |
---|
1156 | if( 'of' ) OF = filter( 'of' ) -> LP; |
---|
1157 | // make OF filter |
---|
1158 | if( accounting at start 'as') |
---|
1159 | do accounting; |
---|
1160 | if( leader on open 'ld' ) `ld` -> OF; |
---|
1161 | // send leader |
---|
1162 | if( FF on open 'fo' ) `fo` -> OF; |
---|
1163 | // send FF |
---|
1164 | // check to see if banner required |
---|
1165 | do_banner = |
---|
1166 | (always banner 'ab' |
---|
1167 | || (!suppress banner 'sb' |
---|
1168 | && control file 'L' )); |
---|
1169 | if( ! header last 'hl' && do_banner ){ |
---|
1170 | BP = OF; bnr = null; |
---|
1171 | if( banner start 'bs' ) bnr = 'bs' |
---|
1172 | else if( banner program 'bp' ) bnr = 'bp' |
---|
1173 | if( bnr ){ |
---|
1174 | BP = filter( bnr ) -> OF; |
---|
1175 | } |
---|
1176 | short banner info -> BP; |
---|
1177 | if( BP != OF ) close( BP ); |
---|
1178 | } |
---|
1179 | // suspend the OF filter |
---|
1180 | if( OF != LP ) suspend OF filter; |
---|
1181 | Figure 8a: Printing algorithm used by LPRng |
---|
1182 | |
---|
1183 | |
---|
1184 | 18 LPRng - Introduction |
---|
1185 | |
---|
1186 | |
---|
1187 | |
---|
1188 | |
---|
1189 | |
---|
1190 | |
---|
1191 | |
---|
1192 | |
---|
1193 | |
---|
1194 | bqname:lp=bqname@host |
---|
1195 | :bq=destq@host |
---|
1196 | :sd=/var/... |
---|
1197 | :if=/if_filter |
---|
1198 | The :lpr_bounce: printcap flag will cause the LPR program to |
---|
1199 | perform filtering before sending the jobs to a server. This can |
---|
1200 | have unexpected results if the filters are not available on the |
---|
1201 | local host. |
---|
1202 | |
---|
1203 | Printing Algorithm |
---|
1204 | On the surface, dealing with the printer hardware should be |
---|
1205 | quite simple: the printer device is opened, the job data files |
---|
1206 | are sent to the device, and the printing device is then closed. |
---|
1207 | The actual algorithm used by the lpd server for printing a job is |
---|
1208 | rather complex, in order to deal with the following problems. |
---|
1209 | 1. Each printer usually has specific requirements for connection |
---|
1210 | and initialization, not to mention the actual transmission of |
---|
1211 | data. |
---|
1212 | 2. If the connection to the printer is a serial line, stty(1) |
---|
1213 | (or a similar function) must set the speed, format, and other |
---|
1214 | characteristics. When a serial line is closed and reopened |
---|
1215 | the line characteristics may be reset to some default value, |
---|
1216 | requiring the line to be held open throughout the printing |
---|
1217 | process. |
---|
1218 | 3 The effects of the failure printing a job job should be |
---|
1219 | |
---|
1220 | |
---|
1221 | |
---|
1222 | |
---|
1223 | |
---|
1224 | |
---|
1225 | |
---|
1226 | |
---|
1227 | |
---|
1228 | |
---|
1229 | |
---|
1230 | |
---|
1231 | |
---|
1232 | |
---|
1233 | |
---|
1234 | |
---|
1235 | |
---|
1236 | |
---|
1237 | |
---|
1238 | |
---|
1239 | |
---|
1240 | |
---|
1241 | |
---|
1242 | |
---|
1243 | |
---|
1244 | |
---|
1245 | |
---|
1246 | |
---|
1247 | |
---|
1248 | |
---|
1249 | |
---|
1250 | LPRng - Introduction 19 |
---|
1251 | |
---|
1252 | |
---|
1253 | |
---|
1254 | |
---|
1255 | |
---|
1256 | |
---|
1257 | |
---|
1258 | |
---|
1259 | |
---|
1260 | localized to that job. |
---|
1261 | |
---|
1262 | |
---|
1263 | |
---|
1264 | |
---|
1265 | |
---|
1266 | |
---|
1267 | |
---|
1268 | |
---|
1269 | |
---|
1270 | |
---|
1271 | |
---|
1272 | |
---|
1273 | |
---|
1274 | |
---|
1275 | |
---|
1276 | |
---|
1277 | |
---|
1278 | |
---|
1279 | |
---|
1280 | |
---|
1281 | |
---|
1282 | |
---|
1283 | |
---|
1284 | |
---|
1285 | |
---|
1286 | |
---|
1287 | |
---|
1288 | |
---|
1289 | -for-each-data-file-df-in-job-do---------------------------------- |
---|
1290 | // send FF between files of job |
---|
1291 | if( !first job && ! suppress FF 'sf' ){ |
---|
1292 | if( OF != LP ) wake up OF filter; |
---|
1293 | 'ff' -> OF; |
---|
1294 | if( OF != LP ) suspend OF filter; |
---|
1295 | } |
---|
1296 | // get filter for job |
---|
1297 | ?F = LP; // default - no filter |
---|
1298 | format = jobformat; |
---|
1299 | if( jobformat == 'f' or |
---|
1300 | jobformat = 'l' ){ |
---|
1301 | format = 'f'; |
---|
1302 | } |
---|
1303 | filter = format filter from printcap; |
---|
1304 | if( filter ){ |
---|
1305 | ?F = filter( filter ) -> LP; |
---|
1306 | } |
---|
1307 | // send data file to printer |
---|
1308 | // through filter |
---|
1309 | data file -> ?F; |
---|
1310 | // kill filter |
---|
1311 | if( ?F != LP ) close( ?F ) |
---|
1312 | endfor |
---|
1313 | Figure 8b: Printing algorithm used by LPRng |
---|
1314 | |
---|
1315 | |
---|
1316 | 20 LPRng - Introduction |
---|
1317 | |
---|
1318 | |
---|
1319 | |
---|
1320 | |
---|
1321 | |
---|
1322 | |
---|
1323 | |
---|
1324 | |
---|
1325 | |
---|
1326 | 4 Different types of output such as raster plots, PostScript |
---|
1327 | files, text files, etc., may require different handling when |
---|
1328 | printing. This can be very device specific. |
---|
1329 | 5 Multiple users may use the same printer; jobs need to be care- |
---|
1330 | fully separated, banner pages provided, and other administra- |
---|
1331 | tive functions performed. |
---|
1332 | 6 Administrators have a strong desire to record the printer |
---|
1333 | usage so that users can be billed appropriately. |
---|
1334 | 7 Some serial line devices must be opened in a nonblocking mode |
---|
1335 | so that configuration operations can be performed. |
---|
1336 | In order to handle printer specific problems, each printer has |
---|
1337 | a set of filters or support programs which provide support for |
---|
1338 | specific operations. For example the of filter will print ban- |
---|
1339 | ners, page separators, and other high level queue control func- |
---|
1340 | tions. Files whose print format is the (lower case) character ? |
---|
1341 | will be printed using a ?f filter; the programs corresponding to |
---|
1342 | each format are found in the printcap file. |
---|
1343 | The algorithm used by LPRng is shown in Figure 8. It is similar |
---|
1344 | to the original Berkeley algorithm, but not identical. Names |
---|
1345 | such as `of' refer to entries in the printcap database and OF is |
---|
1346 | a filter process created from the `of' information; OF = fil- |
---|
1347 | ter('of') -> LP means create the OF filter from the of informa- |
---|
1348 | tion in the printcap file, and send it output to the LP filter or |
---|
1349 | device. |
---|
1350 | While the algorithm used by LPRng is similar to the original |
---|
1351 | Berkeley LPR algorithm, there are some subtle differences. |
---|
1352 | Before the job is printed, it is checked for the formats it uses. |
---|
1353 | If there is no filter available for a data file the job is not |
---|
1354 | |
---|
1355 | |
---|
1356 | |
---|
1357 | |
---|
1358 | |
---|
1359 | |
---|
1360 | |
---|
1361 | |
---|
1362 | |
---|
1363 | |
---|
1364 | |
---|
1365 | |
---|
1366 | |
---|
1367 | |
---|
1368 | |
---|
1369 | |
---|
1370 | |
---|
1371 | |
---|
1372 | |
---|
1373 | |
---|
1374 | |
---|
1375 | |
---|
1376 | |
---|
1377 | |
---|
1378 | |
---|
1379 | |
---|
1380 | |
---|
1381 | |
---|
1382 | LPRng - Introduction 21 |
---|
1383 | |
---|
1384 | |
---|
1385 | |
---|
1386 | |
---|
1387 | |
---|
1388 | |
---|
1389 | |
---|
1390 | |
---|
1391 | |
---|
1392 | printed and only an error message is generated. |
---|
1393 | |
---|
1394 | |
---|
1395 | |
---|
1396 | |
---|
1397 | |
---|
1398 | |
---|
1399 | |
---|
1400 | |
---|
1401 | |
---|
1402 | |
---|
1403 | |
---|
1404 | |
---|
1405 | |
---|
1406 | |
---|
1407 | |
---|
1408 | |
---|
1409 | |
---|
1410 | |
---|
1411 | |
---|
1412 | |
---|
1413 | |
---|
1414 | |
---|
1415 | |
---|
1416 | |
---|
1417 | |
---|
1418 | |
---|
1419 | |
---|
1420 | |
---|
1421 | |
---|
1422 | |
---|
1423 | |
---|
1424 | |
---|
1425 | |
---|
1426 | -//-finish-printing----------------------------------------------- |
---|
1427 | if( OF != LP ) wake up OF filter; |
---|
1428 | if( header last 'hl' && do_banner ){ |
---|
1429 | if( ! no FF separator 'sf' ) |
---|
1430 | 'ff' -> OF; |
---|
1431 | BP = OF; bnr = null; |
---|
1432 | if( banner end program 'be' ) bnr = 'be' |
---|
1433 | else if( banner program 'bp' ) bnr = 'bp' |
---|
1434 | if( bnr ){ |
---|
1435 | BP = filter( bnr ) -> OF; |
---|
1436 | } |
---|
1437 | short banner info -> BP; |
---|
1438 | if( BP != OF ) close( BP ); |
---|
1439 | } |
---|
1440 | if( ff on close 'fq' ) 'ff' -> OF; |
---|
1441 | if( trailer on close 'tr' ) tr -> OF; |
---|
1442 | if( accounting at end 'ae') do accounting; |
---|
1443 | if( OF != LP ) close( OF ); |
---|
1444 | close( LP ); |
---|
1445 | Figure 8c: Printing algorithm used by LPRng |
---|
1446 | |
---|
1447 | |
---|
1448 | 22 LPRng - Introduction |
---|
1449 | |
---|
1450 | |
---|
1451 | |
---|
1452 | |
---|
1453 | |
---|
1454 | |
---|
1455 | |
---|
1456 | |
---|
1457 | |
---|
1458 | The printing device is opened and closed for each print job. |
---|
1459 | This eliminates a set of problems of printer failure; when vari- |
---|
1460 | ous network and other printers will fail printing a file, they |
---|
1461 | will not work correctly until reset by a network reconnection or |
---|
1462 | a device open. In addition, the 'nb' printcap entry forces a |
---|
1463 | nonblocking open to be done on a device. |
---|
1464 | The as and ae printcap entries specify a filter or format to |
---|
1465 | be used to record accounting information at the beginning or end |
---|
1466 | of a job respectively, and the af printcap entry specifies the |
---|
1467 | accounting file where accounting information should be sent. For |
---|
1468 | example, for a 230 byte long job spooled to printer p1 by john on |
---|
1469 | pc1 the entry as=start $P $u $H $b will write start p1 john pc1 |
---|
1470 | 230 in the accounting file. The entry as=|/usr/local/psaccnt |
---|
1471 | start will run the psaccnt program, with the additional options |
---|
1472 | specified by the filter_options configuration variable and waits |
---|
1473 | for it to terminate. If the program terminates with a non-zero |
---|
1474 | error status then the job will not be printed. Any error message |
---|
1475 | printed by the program on its stderr output will be placed in the |
---|
1476 | log file. The program stdout will be connected directly to the |
---|
1477 | printer device or filter specified by the lp field. This allows |
---|
1478 | any specialized probing of the printer to be done by the account- |
---|
1479 | ing program. The ae field specifies the string or filter to be |
---|
1480 | used at the end of a job. Similar action is taken at the end of |
---|
1481 | a job using the ae printcap entry. |
---|
1482 | In addition to the accounting done by the lpd program, filters |
---|
1483 | can also do accounting and write their results to the accounting |
---|
1484 | file. By convention, the name of this file will be passed to the |
---|
1485 | filter, and FD 3 will be connected to the file. |
---|
1486 | In addition to these file and program based facilities, if the |
---|
1487 | accounting file has the form af =host%port then it is assumed to |
---|
1488 | specify a host and port for a remote accounting server. The lpd |
---|
1489 | program will make a connection to the specified host and port, |
---|
1490 | and then send the as string (with expanded options) to the |
---|
1491 | |
---|
1492 | |
---|
1493 | |
---|
1494 | |
---|
1495 | |
---|
1496 | |
---|
1497 | |
---|
1498 | |
---|
1499 | |
---|
1500 | |
---|
1501 | |
---|
1502 | |
---|
1503 | |
---|
1504 | |
---|
1505 | |
---|
1506 | |
---|
1507 | |
---|
1508 | |
---|
1509 | |
---|
1510 | |
---|
1511 | |
---|
1512 | |
---|
1513 | |
---|
1514 | LPRng - Introduction 23 |
---|
1515 | |
---|
1516 | |
---|
1517 | |
---|
1518 | |
---|
1519 | |
---|
1520 | |
---|
1521 | |
---|
1522 | |
---|
1523 | |
---|
1524 | server. If the accounting_check flag is TRUE, the server will |
---|
1525 | check for a ACCEPT reply from the server, and will reject the job |
---|
1526 | if it is not received. The connection will be passed to filters |
---|
1527 | as FD 3, and they can also send accounting information to the |
---|
1528 | server. |
---|
1529 | Each site usually has a different set of needs for banner |
---|
1530 | printing. LPRng has removed fancy bannner printing from the lpd |
---|
1531 | server to a separate program. The bp (banner printer) program |
---|
1532 | generates a banner for a job; users can modify the banner without |
---|
1533 | modify the LPRng software. Note that banners can be printed at |
---|
1534 | the beginning and end of jobs. All banner output is passed |
---|
1535 | through the of filter if it is present. |
---|
1536 | LPRng can use vintage filters available for LPR and other |
---|
1537 | spooling systems with a minimum of changes. The section on Fil- |
---|
1538 | ters discusses how they are accommodated. |
---|
1539 | |
---|
1540 | |
---|
1541 | |
---|
1542 | |
---|
1543 | |
---|
1544 | |
---|
1545 | |
---|
1546 | |
---|
1547 | |
---|
1548 | |
---|
1549 | |
---|
1550 | |
---|
1551 | |
---|
1552 | |
---|
1553 | |
---|
1554 | |
---|
1555 | |
---|
1556 | |
---|
1557 | |
---|
1558 | |
---|
1559 | |
---|
1560 | |
---|
1561 | |
---|
1562 | |
---|
1563 | -Filter-specification:-------------------------------------------- |
---|
1564 | path arg1 arg2 $P $w $l $x $y |
---|
1565 | $K $L $c $i \ |
---|
1566 | $Z $C $J $R \ |
---|
1567 | $0n $0h $F $-a |
---|
1568 | Expanded Specification |
---|
1569 | path arg1 arg2 \ |
---|
1570 | -PPrinter -wpw -lpl -xpx -ypy \ |
---|
1571 | -Kcontrolfilename -LLogname -iIndent \ |
---|
1572 | -ZZoptions -CClass -JJobinfo -RRaccountname \ |
---|
1573 | -n Person -h Host -Fformat af |
---|
1574 | Note: pw, pw, etc. are from printcap entries, |
---|
1575 | Printer, Logname, etc. are from control file lines, |
---|
1576 | other information generated by server. |
---|
1577 | Figure 9: Filter Specification and Expansion |
---|
1578 | |
---|
1579 | |
---|
1580 | 24 LPRng - Introduction |
---|
1581 | |
---|
1582 | |
---|
1583 | |
---|
1584 | |
---|
1585 | |
---|
1586 | |
---|
1587 | |
---|
1588 | |
---|
1589 | |
---|
1590 | LPRng supports multiple printers serving a single print queue. |
---|
1591 | The master print queue has a sv=server1,server2,... (servers) |
---|
1592 | printcap entry listing the server printer names; server printers |
---|
1593 | have a corresponding ss=master (serves) printcap entry. The mas- |
---|
1594 | ter spool queue server process creates a subserver process for |
---|
1595 | each slave printer; the subserver processes print all of the jobs |
---|
1596 | in the server spool queue and then terminate. As each of the |
---|
1597 | subservers processes terminates, the master select a job from the |
---|
1598 | master spool queue and then create a new subserver process. This |
---|
1599 | subserver process will copy the job to the server spool queue and |
---|
1600 | then process the job. Note that print jobs can be directly |
---|
1601 | spooled to slave spool queues, allowing users to send jobs to a |
---|
1602 | server printer as well as to the master spool queue. |
---|
1603 | |
---|
1604 | Filters |
---|
1605 | The LPRng software makes heavy use of filter processes for |
---|
1606 | printing and other operations. A filter specification has the |
---|
1607 | form |
---|
1608 | | [-$] path optionsP |
---|
1609 | Printcap printer filter entries usually drop the `|' filter indi- |
---|
1610 | cation. Filters run with EUID and RUID daemon; the ROOT keyword |
---|
1611 | runs EUID ROOT. See Security Considerations for details. |
---|
1612 | The path entry specifies the absolute pathname of an exe- |
---|
1613 | cutable file and the options are a set of options to invoke the |
---|
1614 | filter with. In addition to the user specified options, the |
---|
1615 | LPRng software will append the configuration variable fil- |
---|
1616 | ter_options unless suppressed by the -$ flag. |
---|
1617 | The options are scanned for variable substitutions indicated |
---|
1618 | by $ characters, followed by zero or more of the format indica- |
---|
1619 | tion characters ' (single quote), - (minus), or 0 (zero). If key |
---|
1620 | has a non-zero length string value X, then $key expands to |
---|
1621 | -key'X'; the 0 format key add as space between the key letter and |
---|
1622 | the value, ' suppresses quotation marks, and - suppresses the key |
---|
1623 | flag. |
---|
1624 | $0key expands to -key 'X' |
---|
1625 | $-key expands to 'X' |
---|
1626 | $'key expands to -key X |
---|
1627 | $-'key expands to X |
---|
1628 | |
---|
1629 | |
---|
1630 | |
---|
1631 | |
---|
1632 | |
---|
1633 | |
---|
1634 | |
---|
1635 | |
---|
1636 | |
---|
1637 | |
---|
1638 | |
---|
1639 | |
---|
1640 | |
---|
1641 | |
---|
1642 | |
---|
1643 | |
---|
1644 | |
---|
1645 | |
---|
1646 | LPRng - Introduction 25 |
---|
1647 | |
---|
1648 | |
---|
1649 | |
---|
1650 | |
---|
1651 | |
---|
1652 | |
---|
1653 | |
---|
1654 | |
---|
1655 | |
---|
1656 | The $c key should be used only for printing filters. If the data |
---|
1657 | file format is l (i.e.- binary) $c expands -c otherwise it is the |
---|
1658 | empty string and does not appear in the output. The following is |
---|
1659 | a list of keys and their corresponding values (:x: indicates a |
---|
1660 | printcap value, control file is a line from the job control |
---|
1661 | file). |
---|
1662 | Key Source Value |
---|
1663 | a :af: accounting file |
---|
1664 | b data file data file size |
---|
1665 | c control file data file format (see above). |
---|
1666 | d LPD control directory |
---|
1667 | e LPD pathname of data file in spool queue |
---|
1668 | f control file data file original file name |
---|
1669 | h control file short form of originating host name |
---|
1670 | i control file indent specified to LPR |
---|
1671 | j control file job number |
---|
1672 | l :pl: page length |
---|
1673 | m :cf: page cost factor for accounting |
---|
1674 | n control file user name |
---|
1675 | s :ps: printer status file |
---|
1676 | t LPD current time |
---|
1677 | w :pw: page width |
---|
1678 | x :px: page x dimension |
---|
1679 | F data file format |
---|
1680 | P LPD printer name |
---|
1681 | S :cm: comment tag |
---|
1682 | Upper Case Character |
---|
1683 | control file Corresponding control file field |
---|
1684 | If there is no corresponding value for any of these keys, the |
---|
1685 | result is a null (empty) string. The substitution formats allow |
---|
1686 | the user to create interfaces to vintage printer filters with a |
---|
1687 | minimum of effort; see below for an example. As a further aid, |
---|
1688 | The printcap bkf (backwards filter) flag appends a list of |
---|
1689 | options which are compatible with most vintage printer filters. |
---|
1690 | The environment variables for filters are highly restricted, |
---|
1691 | due to the possibility for abuse by users. The following vari- |
---|
1692 | ables are set: |
---|
1693 | USER and LOGNAME user name or daemon name. |
---|
1694 | LOGDIR home directory of user or daemon. |
---|
1695 | PATH from the filter_path configuration variable. |
---|
1696 | LD_LIBRARY_PATH from the filter_ld_path configuration variable. |
---|
1697 | SHELL set to /bin/sh |
---|
1698 | IFS set to blank and tab. |
---|
1699 | TZ the TZ environment variable. |
---|
1700 | SPOOL_DIR the spool directory for the printer |
---|
1701 | CONTROL_DIR the control directory for the printer |
---|
1702 | PRINTCAP the printcap entry for the printer |
---|
1703 | CONTROL the control file for the print job |
---|
1704 | pass_env environment variables Values of environment variables |
---|
1705 | listed in the pass_env configuration variable. |
---|
1706 | |
---|
1707 | |
---|
1708 | The LPRng software provides several methods of performing |
---|
1709 | accounting. |
---|
1710 | |
---|
1711 | |
---|
1712 | 26 LPRng - Introduction |
---|
1713 | |
---|
1714 | |
---|
1715 | |
---|
1716 | |
---|
1717 | |
---|
1718 | |
---|
1719 | |
---|
1720 | |
---|
1721 | |
---|
1722 | The printcap af (accounting field), as and ae (accounting start |
---|
1723 | and end), and achk (accounting check) provide a basic set of |
---|
1724 | facilities. The af field specifies a file, filter, or TCP net- |
---|
1725 | work connection to an accounting server. If af has the form |
---|
1726 | |filter or |-$ filter then a filter will be started and all |
---|
1727 | accounting information will be sent to the filter. The first |
---|
1728 | form passes the filter the command line options specified by the |
---|
1729 | filter_options configuration variable and the second suppresses |
---|
1730 | option passing. If af has the form host%port then a TCP connec- |
---|
1731 | tion will be opened to the port on the specified host and |
---|
1732 | accounting information sent there. All other forms will be |
---|
1733 | treated as a pathname relative to the queue spool directory. |
---|
1734 | When af specifies a filter or network connection and the achk |
---|
1735 | flag is set, then after writting the initial accounting informa- |
---|
1736 | tion (see as printcap field below) the server will wait for a |
---|
1737 | reply of the form ACCEPT from the filter or server. If not |
---|
1738 | received, the job will not be printed. |
---|
1739 | The as (accounting start) and ae (accounting end) fields can |
---|
1740 | specify a string to be printed or a filter. Options in the |
---|
1741 | string will be expanded as for filters, and the strings printed |
---|
1742 | to either the accounting information destination. If the as |
---|
1743 | field specifies a filter, then the print server will wait for the |
---|
1744 | filter to exit before printing the job. If the exit status is 0 |
---|
1745 | (successful), the job will be printed. A non-zero JREMOVE status |
---|
1746 | will remove the job, while any other status will terminate queue |
---|
1747 | printing operations. After printing the job, the ae filter will |
---|
1748 | be started and the server will wait for it to complete before |
---|
1749 | printing the next job. |
---|
1750 | The as and ae filters will have STDOUT set to the printing |
---|
1751 | device and or filter, and the STDERR set to the error log file |
---|
1752 | for the print queue, and fild descriptor 3 set to the destination |
---|
1753 | specified by the af field. |
---|
1754 | As a convenience, all format filters for printing will be |
---|
1755 | started with file descriptor 3 set to the destination (file or |
---|
1756 | filter) specified by the printcap af field. This allows special |
---|
1757 | filters which can query devices for page counts to pass their |
---|
1758 | information directly to an accounting program. The descriptor |
---|
1759 | will READ/WRITE, allowing filters to query the accounting program |
---|
1760 | and/or update the information directly. |
---|
1761 | By convention filters read input from stdin, write to stdout, |
---|
1762 | and write errors to stderr. The error output is usually directed |
---|
1763 | to the error logging file for the printer. Print filters have |
---|
1764 | their current directory set to the printer spool directory. |
---|
1765 | |
---|
1766 | Security Considerations |
---|
1767 | Security considerations were a major factor in the design of |
---|
1768 | the LPRng software. Many of the problems center on the following |
---|
1769 | issues. |
---|
1770 | 1. Users trying to use the printer spooler software to exploit |
---|
1771 | bugs in the operating system and gain root access. |
---|
1772 | 2. Users trying to use the printer spooler software to gain |
---|
1773 | unauthorized access to other users files, |
---|
1774 | 3. Users trying to gain illegal access to printing facilities. |
---|
1775 | 4. Users trying to avoid accounting procedures. |
---|
1776 | |
---|
1777 | |
---|
1778 | LPRng - Introduction 27 |
---|
1779 | |
---|
1780 | |
---|
1781 | |
---|
1782 | |
---|
1783 | |
---|
1784 | |
---|
1785 | |
---|
1786 | |
---|
1787 | |
---|
1788 | 5. Denial of service attacks. |
---|
1789 | The first issue to be dealt with is the problem of ROOT per- |
---|
1790 | missions. All of the client LPRng programs can run as ordinary |
---|
1791 | users; this eliminates a large number of attacks on system secu- |
---|
1792 | rity by trying to exploit various defects in the system based on |
---|
1793 | SUID root programs. The LPD server is the only program that |
---|
1794 | absolutely needs to run with real UID (RUID) ROOT as it uses a |
---|
1795 | privileged TCP/IP port to listen for incoming connections, and in |
---|
1796 | most UNIX systems bind(2) requires EUID ROOT permissions to bind |
---|
1797 | to a privileged port. (It is not recommended that a non-privi- |
---|
1798 | leged port be used as a trojan horse user program can bind to it |
---|
1799 | and impersonate the LPRng software.) According to RFC1179 a con- |
---|
1800 | nection to a server must originate from a (privileged) port in |
---|
1801 | the range 721-731. |
---|
1802 | Given this need for ROOT permissions, the LPRng code goes to |
---|
1803 | extreme lengths to ensure that only the bind(2) calls are made |
---|
1804 | with EUID root, and that all other operations are done either as |
---|
1805 | daemon (server) or as user (clients). It is strongly recommended |
---|
1806 | that the lpd program not be SUID root, but should started up by |
---|
1807 | the system initialization rc(4) scripts or a root user. |
---|
1808 | It is recommended that all client programs be run as user (non |
---|
1809 | privileged) jobs. Only files accessible to the user will be read |
---|
1810 | or transferred to the server. If a user wants to access a |
---|
1811 | printer that requires privileged ports, it is a simple matter to |
---|
1812 | create a bounce queue on a server that will forward a job to the |
---|
1813 | remote system. |
---|
1814 | The checkpc (check printcap) program scans the printcap and |
---|
1815 | permissions databases, spool queues, and checks permissions of |
---|
1816 | files and directories. If run by ROOT with the -f (fix) flag |
---|
1817 | set, it will try to change ownerships, create files and/or direc- |
---|
1818 | tories, and remove junk or old job files from spool queues. This |
---|
1819 | program also has some portability tests built into it, and can be |
---|
1820 | used to check that the target system can safely run the LPRng |
---|
1821 | software. |
---|
1822 | Most efforts to circumvent accounting and permissions checks |
---|
1823 | are based on forging or impersonation of another user or network |
---|
1824 | host. The current version of the LPRng software depends on the |
---|
1825 | various system configuration and database utilities to provide |
---|
1826 | user authentication and system authentication. This is clearly |
---|
1827 | inadequate, and LPRng support encryption based authentication; |
---|
1828 | support for using Kerberos (version 5) is built into the system. |
---|
1829 | PGP and other forms of authentication are supported by using the |
---|
1830 | filter mechanism to invoke a set of authentication programs |
---|
1831 | rather than directly incorporating the code into the LPRng soft- |
---|
1832 | ware. Details of the exact interface for authentication can be |
---|
1833 | found in the lpd(8) man page documentation. |
---|
1834 | One of the arguments for running client programs SUID ROOT is |
---|
1835 | that it allows them to connect to the server from a privileged |
---|
1836 | port, and the information provided will be authenticated in some |
---|
1837 | manner by use of the operating system facilities. Unfortunately, |
---|
1838 | the LPRng software uses various network databases to obtain con- |
---|
1839 | necting host information; by attacking the the system by spoofing |
---|
1840 | database (DNS) server activities, it is possible to forge authen- |
---|
1841 | tication. |
---|
1842 | |
---|
1843 | |
---|
1844 | 28 LPRng - Introduction |
---|
1845 | |
---|
1846 | |
---|
1847 | |
---|
1848 | |
---|
1849 | |
---|
1850 | |
---|
1851 | |
---|
1852 | |
---|
1853 | |
---|
1854 | The use of NFS exported and mounted spool directories exposes |
---|
1855 | the LPRng software to extreme attack. One of the assumptions |
---|
1856 | made by most spooling systems is that only the trusted spooling |
---|
1857 | software or trusted application programs will have write access |
---|
1858 | to the spool directory; when the directory is NFS mounted or |
---|
1859 | exported this may no longer be true. Several spooling systems |
---|
1860 | operate by writing job control and data files into an NFS mounted |
---|
1861 | spool directory. By appropriately forging network identifica- |
---|
1862 | tion, credentials, and various RPC calls, attackers can create or |
---|
1863 | modify unprotected files in the spooling directory. The ability |
---|
1864 | to read information in job or other files may also give them the |
---|
1865 | ability to launch other forms of attack. One of the more mali- |
---|
1866 | cious denial of service attacks is to create a file that cannot |
---|
1867 | be removed or modified; the spooler software may end up repeat- |
---|
1868 | edly attempting to print the file, blocking other users from |
---|
1869 | using the spool queue and consuming printer resources. |
---|
1870 | In order to protect the LPRng software from NFS spoofing based |
---|
1871 | attacks, the printcap cd=directory entry specifies a separate |
---|
1872 | control file directory to be used by lpd for all spool queue |
---|
1873 | files except the job and data files. This directory should not |
---|
1874 | be NFS mounted or exported, and should reside on the local host |
---|
1875 | file system. This directory should be carefully created so as to |
---|
1876 | be accessible only by user daemon. Printcap and other informa- |
---|
1877 | tion can be safely placed in this directory as it cannot be modi- |
---|
1878 | fied by NFS operations. |
---|
1879 | Avoiding printing accounting procedures has long been a tradi- |
---|
1880 | tion at educational institutions; while minor infringements are |
---|
1881 | usually ignored, persistent and blatant offenses are worrisome. |
---|
1882 | In addition, once an individual discovers a method then it appar- |
---|
1883 | ently is rapidly copied by others, leading to widespread abuse. |
---|
1884 | One difficulty faced by administrators is determining the |
---|
1885 | resources used by a job. As part of the printing algorithm, the |
---|
1886 | LPRng software provides a set of hooks to allow the invocation of |
---|
1887 | accounting programs before and after the actual job is printed. |
---|
1888 | For example, most PostScript printers have a page count register |
---|
1889 | whose value can be easily read by a simple Postscript Program. |
---|
1890 | By reading this before and after a job the total usage can be |
---|
1891 | calculated. |
---|
1892 | However, some students have discovered that by aborting a job |
---|
1893 | in the middle of its printing or by printing a job that contains |
---|
1894 | information that causes the printer to hang and not report the |
---|
1895 | total pages used at the end of a job they can avoid the normal |
---|
1896 | accounting procedures. By recording information before as well |
---|
1897 | as after a job completes such incomplete jobs can be found. |
---|
1898 | Filters are a major security loophole, as most filters are |
---|
1899 | shell scripts and inherit shell script vulnerabilities. To com- |
---|
1900 | bat this, the LPRng software defaults to running all filters |
---|
1901 | either as the user or as daemon, and provides a predefined and |
---|
1902 | limited set of environment variables. Some network printer fil- |
---|
1903 | ters need to open a privileged port and must have root permis- |
---|
1904 | sions. This is a serious vulnerability, and the lp=host%port |
---|
1905 | printer specification has been provided to ameliorate this prob- |
---|
1906 | lem. It has been recommended that filters run as user nobody, |
---|
1907 | restricting capabilities to an even greater exent, and this |
---|
1908 | |
---|
1909 | |
---|
1910 | LPRng - Introduction 29 |
---|
1911 | |
---|
1912 | |
---|
1913 | |
---|
1914 | |
---|
1915 | |
---|
1916 | |
---|
1917 | |
---|
1918 | |
---|
1919 | |
---|
1920 | consideration is under study. |
---|
1921 | If it is absolutely necessary that a filter execute with ROOT |
---|
1922 | permissions, then the adminstrator should install the filter SUID |
---|
1923 | root, but only allowing execution by group daemon. For example: |
---|
1924 | chown root $filter |
---|
1925 | chgrp daemon $filter |
---|
1926 | chmod 4010 $filter |
---|
1927 | Filters which are actually shell scripts are vulnerable to |
---|
1928 | attacks using metacharacters in option strings. To combat this, |
---|
1929 | the LPRng software ruthlessly purges all non-alphanumberic, |
---|
1930 | whitespace and simple punctuation (minus, equal, period, slash, |
---|
1931 | and comma) characters from filter options. The raw option infor- |
---|
1932 | mation is available in the PRINTCAP and CONTROL_FILE environment |
---|
1933 | variables. Administrators would be wise to examine shell based |
---|
1934 | printer filters for similar security loopholes. |
---|
1935 | Deliberate denial of service attacks are almost impossible to |
---|
1936 | avoid. However, heavy usage of the printer system can produce |
---|
1937 | almost the same symptoms. For example, when a large number of |
---|
1938 | print jobs are queued it is possible to exhaust the spool queue |
---|
1939 | file space. The printcap mx (maximum job size) entry specifies |
---|
1940 | the maximum job size (in Kbytes) to be queued and the mi (minimum |
---|
1941 | free space) entry specifies the minimum free space (in Kbytes) |
---|
1942 | needed. |
---|
1943 | |
---|
1944 | Example Printcap Files |
---|
1945 | The following is a typical set of LPRng printcap files that could |
---|
1946 | be used With the psfilter programs. We assume we are talking to |
---|
1947 | a HP IV printer, ecepr3, it us using a Jetdirect card which |
---|
1948 | allows a direct printer connection on port 9100. We have |
---|
1949 | installed the filter software as follows: |
---|
1950 | /usr/local/lib/ - directory |
---|
1951 | psif - IF filter |
---|
1952 | psof - OF filter |
---|
1953 | bannerx - banner printer |
---|
1954 | Version 1: |
---|
1955 | by default, the psof filter will print a banner using information |
---|
1956 | on the short banner line and/or parameters passed by LPRng. |
---|
1957 | # LPRng printcap files |
---|
1958 | # HP LaserJet 4m+ |
---|
1959 | lw4|lp|HP LaserJet 4M |
---|
1960 | # job size information |
---|
1961 | :mx#0 |
---|
1962 | # spool directory |
---|
1963 | :sd=/usr/spool/cca_4mp: |
---|
1964 | # device network address |
---|
1965 | :lp=ecepr3%9100 |
---|
1966 | :rw |
---|
1967 | # set up status and |
---|
1968 | # accounting files |
---|
1969 | :sf=status |
---|
1970 | :af=acct |
---|
1971 | :lf=log |
---|
1972 | # page information size |
---|
1973 | :pl#60:pw#80: |
---|
1974 | |
---|
1975 | |
---|
1976 | 30 LPRng - Introduction |
---|
1977 | |
---|
1978 | |
---|
1979 | |
---|
1980 | |
---|
1981 | |
---|
1982 | |
---|
1983 | |
---|
1984 | |
---|
1985 | |
---|
1986 | # you need SHORT BANNER |
---|
1987 | # specify the SHORT BANNER |
---|
1988 | # line format |
---|
1989 | :sb |
---|
1990 | :bl=Seq\: $-'j \ |
---|
1991 | Class\: \ $-'C \ |
---|
1992 | User\: $-'n Job\: $-'J \ |
---|
1993 | Date\: $-'t |
---|
1994 | # turn FF off |
---|
1995 | :sf |
---|
1996 | # filters |
---|
1997 | :if=/usr/local/lib/psif |
---|
1998 | :of=/usr/local/lib/psof |
---|
1999 | Version 2: |
---|
2000 | You want to have a special banner, so you specify a BP banner |
---|
2001 | printers explicitly and turn of the psof banner generation. |
---|
2002 | Make the following changes to Version 1. |
---|
2003 | REMOVE: |
---|
2004 | :sb (you want full banners) |
---|
2005 | ADD: |
---|
2006 | # use new banner printer |
---|
2007 | :bp=/usr/local/lib/bannerx |
---|
2008 | CHANGE |
---|
2009 | # pass option to filter to |
---|
2010 | # turn of banner generation and |
---|
2011 | # pass through text |
---|
2012 | :of=/usr/local/lib/psof -Tbanner=off |
---|
2013 | Version 3: |
---|
2014 | Printer is on /dev/ttya serial line. Note: the stty options are |
---|
2015 | taken from an actual functioning printer connection and should |
---|
2016 | work for HP printer on a serial line). Make the following |
---|
2017 | changes to Version 1. |
---|
2018 | CHANGE: |
---|
2019 | :lp=/dev/ttya |
---|
2020 | ADD: |
---|
2021 | :sy=38400 -echo -crmod \ |
---|
2022 | -raw -oddp -evenp \ |
---|
2023 | pass8 cbreak ixon |
---|
2024 | Version 4: you do not want banner pages at all. Make the follow- |
---|
2025 | ing changes to Version 1. |
---|
2026 | # LPRng printcap files |
---|
2027 | ADD: |
---|
2028 | # suppress all header info |
---|
2029 | :sh |
---|
2030 | |
---|
2031 | Summary and Acknowledgments |
---|
2032 | The LPRng software continues to evolve as users find problems |
---|
2033 | and develop new printing requirements. One of the areas to be |
---|
2034 | pursued is the use of encryption for end to end authentication of |
---|
2035 | users and print jobs. Another is adding interfaces to other net- |
---|
2036 | work based spooling systems. Finally, documentation and auto- |
---|
2037 | mated management continues to be pursued. |
---|
2038 | The network based interfaces for client programs makes user |
---|
2039 | developed GUI systems almost trivial to develop. PERL scripts |
---|
2040 | |
---|
2041 | |
---|
2042 | LPRng - Introduction 31 |
---|
2043 | |
---|
2044 | |
---|
2045 | |
---|
2046 | |
---|
2047 | |
---|
2048 | |
---|
2049 | |
---|
2050 | |
---|
2051 | |
---|
2052 | and Tkl/Tk based front ends can be developed rapidly and with |
---|
2053 | little effort. |
---|
2054 | The development of the PLP and LPRng software would not have |
---|
2055 | been possible without the aid and assistance of literally hun- |
---|
2056 | dreds of users. The main developer of the software was Patrick |
---|
2057 | Powell <papowell@ astart.com>, and Justin Mason <jmason@ iona.ie> |
---|
2058 | generated the PLP4.0 distribution, contributed much of the porta- |
---|
2059 | bility code, and organized the plp@iona.ie mailing list. Sub- |
---|
2060 | scribe by sending email to plp-request@ iona.ie with the word |
---|
2061 | subscribe in the body. Marty Leisner <leisner@ |
---|
2062 | sdsp.mc.xerox.com>, Ken Lalonde <ken@ cs.toronto.edu>, and |
---|
2063 | Michael Joosten <joost@ ori.cadlab.de> performed invaluable |
---|
2064 | portability testing and debugging of the LPRng Alpha Minus |
---|
2065 | release; they discovered and provided fixes for literally hun- |
---|
2066 | dreds of bugs. |
---|
2067 | LPRng was based on PLP Release 4.0, to which the following |
---|
2068 | people (in alphabetical order) contributed: |
---|
2069 | Alan F Lundin <aflundi@sandia.gov> |
---|
2070 | Alan Shutko <ats@shep1.wustl.edu> |
---|
2071 | Andrew Leahy <A.Leahy@st.nepean.uws.edu.au>, |
---|
2072 | Andrew Richards <physajr@phys.canterbury.ac.nz> |
---|
2073 | Angus Duggan <angus@harlequin.co.uk> |
---|
2074 | Avery Earle <ae@play.psych.mun.ca> |
---|
2075 | Baba Z Buehler <baba@beckman.uiuc.edu> |
---|
2076 | Bertrand Decouty-INRIA Rennes-France <Bertrand.Decouty@irisa.fr> |
---|
2077 | Bertrand Wallrich <Bertrand.Wallrich@loria.fr> |
---|
2078 | Bjarne Steinsbo <bjarne@hsr.no> |
---|
2079 | Brad Greer <brad@cac.washington.edu> |
---|
2080 | Carl Hilton <chilton@dns2.sac.usace.army.mil> |
---|
2081 | Chao-Wen Young <kiki@eng.dowjones.com> |
---|
2082 | Corey Minyard <minyard@wf-rch.cirr.com> |
---|
2083 | Dave Alden <alden@math.ohio-state.edu> |
---|
2084 | David M Clarke <dmc900@durras.anu.edu.au> |
---|
2085 | Desmond Macauley <desmondm@eng.dowjones.com> |
---|
2086 | Dirk Wrocklage <dirkw@uni-paderborn.de> |
---|
2087 | Dorab Patel <dorab@twinsun.com> |
---|
2088 | Doug White <dwhite@gdi.uoregon.edu>, |
---|
2089 | Dwaine C. Gonyier <virtual@panthra.catt.ncsu.edu> |
---|
2090 | Ed Santiago <esm@lanl.gov> |
---|
2091 | Elliot Lee <sopwith@cuc.edu> |
---|
2092 | Eric C Hagberg <hagberg@mail.med.cornell.edu> |
---|
2093 | Geoff Ballinger <geoff@chemeng.ed.ac.uk> |
---|
2094 | George Harrach <ghharrac@ouray.Denver.Colorado.EDU> |
---|
2095 | George Lindholm <lindholm@ucs.ubc.ca> |
---|
2096 | Greg Wohletz <greg@cs.unlv.edu> |
---|
2097 | Harlan Stenn <Harlan.Stenn@pfcs.com> |
---|
2098 | Helmut Jarausch <jarausch@igpm.igpm.rwth-aachen.de> |
---|
2099 | Hendrik Klompmaker <Hendrik.Klompmaker@Beheer.zod.wau.nl> |
---|
2100 | Jan Barte <yann@uni-paderborn.de> |
---|
2101 | Jarrod Douglas <jarrod@cs.curtin.edu.au> |
---|
2102 | Jens Thiel <thielj@athene.informatik.uni-bonn.de> |
---|
2103 | Jon E. Ferguson <jon@media.mit.edu> |
---|
2104 | Jos Backus <jos@oce.nl> |
---|
2105 | Julian Anderson <jules@comp.vuw.ac.nz> |
---|
2106 | |
---|
2107 | |
---|
2108 | 32 LPRng - Introduction |
---|
2109 | |
---|
2110 | |
---|
2111 | |
---|
2112 | |
---|
2113 | |
---|
2114 | |
---|
2115 | |
---|
2116 | |
---|
2117 | |
---|
2118 | Julian Turnbull <jst@dcs.edinburgh.ac.uk> |
---|
2119 | Klaus Steinberger <Klaus.Steinberger@Physik.Uni-Muenchen.DE> |
---|
2120 | Lothar Butsch <but@unibw-hamburg.de> |
---|
2121 | Marc Baudoin <Marc.Baudoin@hsc.fr.net> |
---|
2122 | Martin Forssen <maf@math.chalmers.se> |
---|
2123 | Marty Leisner <leisner@sdsp.mc.xerox.com> |
---|
2124 | Michael Haardt <u31b3hs@POOL.Informatik.RWTH-Aachen.DE> |
---|
2125 | Michael Joosten <joost@ori.cadlab.de> |
---|
2126 | Michel Robitaille <robitail@IRO.UMontreal.CA> |
---|
2127 | Ole Benner <olb@kom.auc.dk> |
---|
2128 | Panos Dimakopoulos <dimakop@cti.gr> |
---|
2129 | Paul Burry <rpburry@magi.com> |
---|
2130 | Paul Eggert <eggert@twinsun.com> |
---|
2131 | Paul Haldane <Paul.Haldane@edinburgh.ac.uk> |
---|
2132 | Per Foreby <perf@efd.lth.se> |
---|
2133 | QingLong <qinglong@Bolizm.ihep.su> |
---|
2134 | Rick Martin <rickm@cs.umb.edu> |
---|
2135 | Ron Roskens <roskens@cs.umn.edu> |
---|
2136 | Scott Sutherland <scott@math.sunysb.edu> |
---|
2137 | Sherwood Botsford <sherwood@space.ualberta.ca> |
---|
2138 | Stefan Monnier <stefan.monnier@lia.di.epfl.ch> |
---|
2139 | Stefano Ianigro <w_stef@unibw-hamburg.de> |
---|
2140 | Stuart Kemp <stuart@cs.jcu.edu.au> |
---|
2141 | Sven Rudolph <sr1@inf.tu-dresden.de> |
---|
2142 | Todd C. Miller <Todd.Miller@cs.colorado.edu> |
---|
2143 | Zygo Blaxell <zblaxell@myrus.com> |
---|
2144 | |
---|
2145 | Author Information |
---|
2146 | Patrick Powell <papowell@astart.com> is the CEO of Astart |
---|
2147 | Technologies in San Diego, a consulting firm specializing in net- |
---|
2148 | work and system management. |
---|
2149 | |
---|
2150 | References |
---|
2151 | Pow96. Patrick A. Powell, LPRng Version 3.1 - README and MAN |
---|
2152 | Pages, Dept. of Electrical and Computer Engineering, San Diego |
---|
2153 | State University, San Diego, CA 92182, 1997. |
---|
2154 | FTP://ftp.iona.ie /pub/LPRng/, FTP:// ftp.astart.com |
---|
2155 | /pub/LPRng/ |
---|
2156 | Pow95. Patrick A. Powell, LPRng - Introduction and Reference Man- |
---|
2157 | ual, Dept. of Electrical and Computer Engineering, San Diego |
---|
2158 | State University, San Diego, CA 92182, 1995. |
---|
2159 | FTP://ftp.iona.ie /pub/LPRng/, FTP:// ftp.astart.com |
---|
2160 | /pub/LPRng/ |
---|
2161 | Cam94. Ralph Campbell, ``4.3BSD Line Printer Spooler Manual,'' |
---|
2162 | 4.4 Berkeley Software Distribution, Computer Systems Research |
---|
2163 | Group, U.C. Berkeley, Berkeley CA, 1994. USENIX Association |
---|
2164 | and O'Reilly & Associates, Inc. |
---|
2165 | Pow95a. Patrick A. Powell, ``PLP - The Public Line Printer |
---|
2166 | Spooler Reference Manual,'' PLP 4.0 Software Distribution, |
---|
2167 | 1995. FTP://ftp. iona.ie/pub/plp-4.0 |
---|
2168 | McL90. Leo J. McLaughlin III, RFC1179 Line Printer Daemon Proto- |
---|
2169 | col, Internet Advisory Board, 1990. |
---|
2170 | GNU91. GNU, GNU General Public License, Free Software Foundation, |
---|
2171 | Inc., 675 Mass. Ave. Cambridge, MA 02139, 1991. |
---|
2172 | |
---|
2173 | |
---|
2174 | LPRng - Introduction 33 |
---|
2175 | |
---|
2176 | |
---|
2177 | |
---|
2178 | |
---|
2179 | |
---|
2180 | |
---|
2181 | |
---|
2182 | |
---|
2183 | |
---|
2184 | |
---|
2185 | |
---|
2186 | |
---|
2187 | |
---|
2188 | |
---|
2189 | |
---|
2190 | |
---|
2191 | |
---|
2192 | |
---|
2193 | |
---|
2194 | |
---|
2195 | |
---|
2196 | |
---|
2197 | |
---|
2198 | |
---|
2199 | |
---|
2200 | |
---|
2201 | |
---|
2202 | |
---|
2203 | |
---|
2204 | |
---|
2205 | |
---|
2206 | |
---|
2207 | |
---|
2208 | |
---|
2209 | |
---|
2210 | |
---|
2211 | |
---|
2212 | |
---|
2213 | |
---|
2214 | |
---|
2215 | |
---|
2216 | |
---|
2217 | |
---|
2218 | |
---|
2219 | |
---|
2220 | |
---|
2221 | |
---|
2222 | |
---|
2223 | |
---|
2224 | |
---|
2225 | |
---|
2226 | |
---|
2227 | |
---|
2228 | |
---|
2229 | |
---|
2230 | |
---|
2231 | |
---|
2232 | |
---|
2233 | |
---|
2234 | |
---|
2235 | |
---|
2236 | |
---|
2237 | |
---|
2238 | |
---|
2239 | |
---|
2240 | 34 LPRng - Introduction |
---|
2241 | |
---|
2242 | |
---|
2243 | |
---|
2244 | |
---|