1 | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> |
---|
2 | <HTML> |
---|
3 | <HEAD> |
---|
4 | <META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9"> |
---|
5 | <TITLE> LPRng-HOWTO: Permissions and Authentication</TITLE> |
---|
6 | <LINK HREF="LPRng-HOWTO-15.html" REL=next> |
---|
7 | <LINK HREF="LPRng-HOWTO-13.html" REL=previous> |
---|
8 | <LINK HREF="LPRng-HOWTO.html#toc14" REL=contents> |
---|
9 | </HEAD> |
---|
10 | <BODY> |
---|
11 | <A HREF="LPRng-HOWTO-15.html">Next</A> |
---|
12 | <A HREF="LPRng-HOWTO-13.html">Previous</A> |
---|
13 | <A HREF="LPRng-HOWTO.html#toc14">Contents</A> |
---|
14 | <HR> |
---|
15 | <H2><A NAME="lpdpermsref"></A> <A NAME="s14">14. Permissions and Authentication</A></H2> |
---|
16 | |
---|
17 | <P>The contents of the <CODE>/etc/lpd.perms</CODE> file |
---|
18 | is used to specify the restrictions on the use |
---|
19 | of the LPRng software, |
---|
20 | printers, |
---|
21 | and other facilities. |
---|
22 | The model used for permission granting is similar to packet filters. |
---|
23 | An incoming request is tested against a list of rules, |
---|
24 | and the first match found determines the action to be taken. |
---|
25 | The action is either <CODE>ACCEPT</CODE> or the request is granted, |
---|
26 | or <CODE>REJECT</CODE> and the request is denied. |
---|
27 | You can also establish a default action. |
---|
28 | <P>The following is a sample <CODE>lpd.perms</CODE> file. |
---|
29 | <P> |
---|
30 | <BLOCKQUOTE><CODE> |
---|
31 | <PRE> |
---|
32 | # allow root on server to control jobs |
---|
33 | ACCEPT SERVICE=C SERVER REMOTEUSER=root |
---|
34 | REJECT SERVICE=C |
---|
35 | # |
---|
36 | # allow same user on originating host to remove a job |
---|
37 | ACCEPT SERVICE=M SAMEHOST SAMEUSER |
---|
38 | # allow root on server to remove a job |
---|
39 | ACCEPT SERVICE=M SERVER REMOTEUSER=root |
---|
40 | REJECT SERVICE=M |
---|
41 | # all other operations allowed |
---|
42 | DEFAULT ACCEPT |
---|
43 | </PRE> |
---|
44 | </CODE></BLOCKQUOTE> |
---|
45 | <P>A rule will ACCEPT or REJECT a request |
---|
46 | if all of the patterns specified in the rule match. |
---|
47 | If there is a match failure, |
---|
48 | the next rule in sequence will be applied. |
---|
49 | If all of the rules are exhausted, |
---|
50 | then the last specified default authorization will be used. |
---|
51 | <P>The sense of a pattern match can be inverted using the NOT keyword. |
---|
52 | For example, |
---|
53 | the rules with |
---|
54 | <CODE>ACCEPT NOT REMOTEUSER=john,bill</CODE> |
---|
55 | succeeds only if the REMOTEUSER value is defined and |
---|
56 | is not <CODE>john</CODE> or <CODE>bill</CODE>. |
---|
57 | <P>The following patterns and matching are applied. |
---|
58 | <P> |
---|
59 | <CENTER><TABLE BORDER><TR><TD> |
---|
60 | <BR> |
---|
61 | Keyword</TD><TD>Match</TD></TR><TR><TD> |
---|
62 | <CODE>DEFAULT</CODE></TD><TD>default result</TD></TR><TR><TD> |
---|
63 | <CODE>SERVICE</CODE></TD><TD>lpC, lpR, lprM, lpQ requests, and Printing jobs</TD></TR><TR><TD> |
---|
64 | <CODE>USER</CODE></TD><TD>user name in print job.This check will always succeed when checking for spool queue permissions,and only be done when checking for job permissions.</TD></TR><TR><TD> |
---|
65 | <CODE>REMOTEUSER</CODE></TD><TD>user making request</TD></TR><TR><TD> |
---|
66 | <CODE>HOST</CODE></TD><TD>host name in print job.This check will always succeed when checking for spool queue permissions,and only be done when checking for job permissions.</TD></TR><TR><TD> |
---|
67 | <CODE>REMOTEHOST</CODE></TD><TD>host making request</TD></TR><TR><TD> |
---|
68 | <CODE>IP</CODE></TD><TD>IP address and mask of host in print jobThis check will always succeed when checking for spool queue permissions,and only be done when checking for job permissions.</TD></TR><TR><TD> |
---|
69 | <CODE>REMOTEIP</CODE></TD><TD>IP address and mask of host making request</TD></TR><TR><TD> |
---|
70 | <CODE>PORT</CODE></TD><TD>TCP/IP port of host making request</TD></TR><TR><TD> |
---|
71 | <CODE>SAMEUSER</CODE></TD><TD>USER and REMOTEUSER same</TD></TR><TR><TD> |
---|
72 | <CODE>SAMEHOST</CODE></TD><TD>HOST and REMOTEHOST same</TD></TR><TR><TD> |
---|
73 | <CODE>SERVER</CODE></TD><TD>request originates on lpd server</TD></TR><TR><TD> |
---|
74 | <CODE>FORWARD</CODE></TD><TD>destination of job is not host</TD></TR><TR><TD> |
---|
75 | <CODE>GROUP</CODE></TD><TD>USER is in the specified group</TD></TR><TR><TD> |
---|
76 | <CODE>LPC</CODE></TD><TD>LPC command in the LPC request.This must be preceeded by SERVICE=C clause.</TD></TR><TR><TD> |
---|
77 | <CODE>REMOTEGROUP</CODE></TD><TD>REMOTEUSER is in the specified group</TD></TR><TR><TD> |
---|
78 | <CODE>CONTROLLINE</CODE></TD><TD>match a line in control file</TD></TR><TR><TD> |
---|
79 | <CODE>AUTH</CODE></TD><TD>authentication type</TD></TR><TR><TD> |
---|
80 | <CODE>AUTHUSER</CODE></TD><TD>authenticated user</TD></TR><TR><TD> |
---|
81 | <CODE>AUTHFROM</CODE></TD><TD>authenticated forwarder</TD></TR><TR><TD> |
---|
82 | <CODE>AUTHJOB</CODE></TD><TD>authenticated job in queue</TD></TR><TR><TD> |
---|
83 | |
---|
84 | </TD></TR></TABLE></CENTER> |
---|
85 | <P>Most of the patterns can be lists of alternative values to match, |
---|
86 | and can even contain wild cards. |
---|
87 | The full details of the rules and keywords are detailed in |
---|
88 | the <CODE>lpd.conf(5)</CODE> man page. |
---|
89 | <H2><A NAME="ss14.1">14.1 Information for matching</A> |
---|
90 | </H2> |
---|
91 | |
---|
92 | <P>In order to do matching, |
---|
93 | the <CODE>lpd</CODE> server obtains and sets up the following information: |
---|
94 | <OL> |
---|
95 | <LI>If the request is coming over a network connection, |
---|
96 | then the IP address (REMOTEIP) |
---|
97 | port (PORT) of the source of the connection and |
---|
98 | FQDN of the remote host (REMOTEHOST) are obtained |
---|
99 | and the indicated values are set. |
---|
100 | To be specific, |
---|
101 | the IP address of the remote host is obtained using |
---|
102 | <CODE>getpeername()</CODE>. |
---|
103 | The <CODE>gethostbyaddr()</CODE> is used to look up the |
---|
104 | host's fully qualified domain name, |
---|
105 | which is then assigned to the REMOTEHOST value. |
---|
106 | The REMOTEIP value is the |
---|
107 | <EM>set</EM> or <EM>list</EM> of IP addresses that could be |
---|
108 | used by this host. |
---|
109 | This is possible in the IPV6 environment.</LI> |
---|
110 | <LI>If the request contains the name of the user, |
---|
111 | then REMOTEUSER is assigned the name.</LI> |
---|
112 | <LI>If the request contains the name of the printer, |
---|
113 | then PRINTER is assigned the name.</LI> |
---|
114 | <LI>If permissions checking is to be done for a particular |
---|
115 | job in a spool queue, |
---|
116 | then the USER, HOST, IP, and PRINTER are set to the |
---|
117 | user name, host, and printer information in the control file for the |
---|
118 | print job. |
---|
119 | The HOST entry in the control file is used by |
---|
120 | <CODE>gethostbyname()</CODE> to get the fully qualified domain name of the host. |
---|
121 | The IP value is assigned a |
---|
122 | <EM>set</EM> or <EM>list</EM> of IP addresses that could be |
---|
123 | used by this host.</LI> |
---|
124 | <LI>If one of the optional authentication methods is being used, |
---|
125 | (see |
---|
126 | <A HREF="LPRng-HOWTO-16.html#authref">Authentication and Encryption</A>), |
---|
127 | then AUTH is true and |
---|
128 | AUTHTYPE is set to the type of authentication used. |
---|
129 | AUTHUSER to the authenticated originating user of the request |
---|
130 | and AUTHFROM is when the originating program is a server. |
---|
131 | The AUTHSAMEUSER will be true when the remote client authentication information |
---|
132 | matches the authentication information used to create the job on the server. |
---|
133 | The AUTHJOB will be true when checking for job permissions and the job |
---|
134 | has been authenticated.</LI> |
---|
135 | </OL> |
---|
136 | <H2><A NAME="ss14.2">14.2 Permission Checks</A> |
---|
137 | </H2> |
---|
138 | |
---|
139 | <P>When a connection is made to the <CODE>lpd</CODE> server, |
---|
140 | the originating site's IP address and hostname are determined, |
---|
141 | and a check with <CODE>SERVICE=X</CODE> |
---|
142 | and valid REMOTEHOST, |
---|
143 | REMOTEIP, |
---|
144 | and PORT information is done. |
---|
145 | <P>If the connection was not rejected, |
---|
146 | then the request information is read |
---|
147 | and the |
---|
148 | SERVICE, |
---|
149 | REMOTEUSER, |
---|
150 | REMOTEHOST, |
---|
151 | REMOTEIP, |
---|
152 | PORT, |
---|
153 | PRINTER, |
---|
154 | and other authentication values will be defined. |
---|
155 | The SERVICE value will be Q, R, M, or C for |
---|
156 | <CODE>lpq</CODE>, |
---|
157 | <CODE>lpr</CODE>, |
---|
158 | <CODE>lprm</CODE>, |
---|
159 | or |
---|
160 | <CODE>lpc</CODE> respectively. |
---|
161 | The permissions file will be scanned to determine if the |
---|
162 | request should be immediately discarded based on the print queue |
---|
163 | it is for. |
---|
164 | During this stage of processing, |
---|
165 | permissions checks which require information from jobs in spool queues |
---|
166 | will be ignored and treated as though a match had succeeded. |
---|
167 | <P>If the request is not rejected, |
---|
168 | then it will be processed or carried out. |
---|
169 | If the request is for an operation on one or more user jobs in |
---|
170 | a spool queue, |
---|
171 | then the spool queue for the jobs are scanned and permissions are |
---|
172 | again checked against individual jobs. |
---|
173 | At this stage in the processing, |
---|
174 | the |
---|
175 | USER and |
---|
176 | HOST |
---|
177 | information obtained from the job file will be used in permissions checking. |
---|
178 | This two levels of checks are necessary in order to allow |
---|
179 | find control over individual jobs and users. |
---|
180 | <P>There is a problem with permissions checking for <CODE>lpq</CODE> (SERVICE=Q) |
---|
181 | requests. |
---|
182 | Since the user name is not passed as part of the request, |
---|
183 | it is impossible to use the REMOTEUSER clause to restrict <CODE>lpq</CODE> |
---|
184 | operations. |
---|
185 | <P>The <CODE>SERVICE=R</CODE> and <CODE>SERVICE=P</CODE> |
---|
186 | facilities are provided to handle problems with print spoolers that |
---|
187 | do not recognize a <I>lack of permission</I> error code, |
---|
188 | and will indefinately retry sending a job to the <CODE>lpd</CODE> server. |
---|
189 | If this is the case, |
---|
190 | then the <CODE>SERVICE=R</CODE> clause can be used to accept jobs, |
---|
191 | and then the <CODE>SERVICE=P</CODE> clause will cause the <CODE>lpd</CODE> |
---|
192 | server to remove of the job when it is scheduled for printing. |
---|
193 | <H2><A NAME="ss14.3">14.3 Match Procedure</A> |
---|
194 | </H2> |
---|
195 | |
---|
196 | <P> |
---|
197 | <BLOCKQUOTE><CODE> |
---|
198 | <PRE> |
---|
199 | key=pattern substring match |
---|
200 | key=pattern1,pattern2,pattern3,... glob and exact |
---|
201 | key=IP1/mask1,IP2/mask2,... IP address |
---|
202 | </PRE> |
---|
203 | </CODE></BLOCKQUOTE> |
---|
204 | <P>Each of the indicated values is matched against a list of patterns. |
---|
205 | The following types of matches are used: |
---|
206 | <OL> |
---|
207 | <LI>substring match. |
---|
208 | The indicated entry is present as a substring in the pattern.</LI> |
---|
209 | <LI>GLOB matches. |
---|
210 | The pattern is interpreted as a GLOB style pattern, |
---|
211 | where * matches 0 or more characters, |
---|
212 | and ? matches a single character, |
---|
213 | and |
---|
214 | <CODE>[L-H]</CODE> |
---|
215 | specifies a range of characters from |
---|
216 | <CODE>L</CODE> to <CODE>H</CODE>, |
---|
217 | in ASCII order.</LI> |
---|
218 | <LI>IP address match. The address must be specified in the |
---|
219 | standard <CODE>nn.nn.nn.nn</CODE> format. |
---|
220 | The mask must be either an integer number |
---|
221 | corresponding to the number of significant bits, |
---|
222 | or in the standard <CODE>nn.nn.nn.nn</CODE> format. |
---|
223 | Addresses are compared by doing |
---|
224 | <BLOCKQUOTE><CODE> |
---|
225 | <PRE> |
---|
226 | ( IPaddr XOR IP ) AND mask |
---|
227 | </PRE> |
---|
228 | </CODE></BLOCKQUOTE> |
---|
229 | |
---|
230 | <P>If the result is 0, then a match results. |
---|
231 | Note that there may be one or more addresses being checked for; |
---|
232 | this can occur when a host may have multiple IP addresses assigned to it. |
---|
233 | </LI> |
---|
234 | <LI>integer range match. |
---|
235 | The pattern has the form <CODE>low-high</CODE>, |
---|
236 | where low and high are integer numbers. |
---|
237 | The match succeeds if the value is in the specified range.</LI> |
---|
238 | <LI>Same IP Address Match. |
---|
239 | This compares two lists of IP addresses; |
---|
240 | a match is found when there is one or more common addresses.</LI> |
---|
241 | </OL> |
---|
242 | <H3>DEFAULT</H3> |
---|
243 | |
---|
244 | <P> |
---|
245 | <BLOCKQUOTE><CODE> |
---|
246 | <PRE> |
---|
247 | DEFAULT ACCEPT |
---|
248 | DEFAULT REJECT |
---|
249 | </PRE> |
---|
250 | </CODE></BLOCKQUOTE> |
---|
251 | <P>The DEFAULT rule specifies the default if no rule matches. |
---|
252 | Normally, |
---|
253 | there is one DEFAULT entry in a permissions file. |
---|
254 | <H3>SERVICE</H3> |
---|
255 | |
---|
256 | <P>Match type: substring |
---|
257 | <P>The SERVICE key is based on the type of request. |
---|
258 | <CENTER><TABLE BORDER><TR><TD> |
---|
259 | <BR> |
---|
260 | Key</TD><TD>Request</TD></TR><TR><TD> |
---|
261 | <CODE>C</CODE></TD><TD>LPC Control Request</TD></TR><TR><TD> |
---|
262 | <CODE>M</CODE></TD><TD>LPRM Removal Request</TD></TR><TR><TD> |
---|
263 | <CODE>P</CODE></TD><TD>Job Printing</TD></TR><TR><TD> |
---|
264 | <CODE>Q</CODE></TD><TD>LPQ Status Request</TD></TR><TR><TD> |
---|
265 | <CODE>R</CODE></TD><TD>LPR Job Transfer</TD></TR><TR><TD> |
---|
266 | <CODE>X</CODE></TD><TD>Connection Request</TD></TR><TR><TD> |
---|
267 | |
---|
268 | </TD></TR></TABLE></CENTER> |
---|
269 | <P>Each of the above codes corresponds either directly to the user command, |
---|
270 | or a set of subcommands. |
---|
271 | <P>If you have an LPC request, |
---|
272 | you can add an <CODE>LPC=xxx</CODE> clause to refine the |
---|
273 | permissions checking to allow or disallow |
---|
274 | <CODE>lpc</CODE> commands such as <CODE>lpc status, printcap, active, </CODE>. |
---|
275 | <H3>USER</H3> |
---|
276 | |
---|
277 | <P>Match type: GLOB |
---|
278 | <P>The USER information is taken from the <CODE>P</CODE> (person or logname) |
---|
279 | information in the print job control file. |
---|
280 | <H3>REMOTEUSER</H3> |
---|
281 | |
---|
282 | <P>Match type: GLOB |
---|
283 | <P>The REMOTEUSER information is taken from the user information sent |
---|
284 | with a service request. |
---|
285 | <P>Note that one of the flaws of |
---|
286 | <A HREF="LPRng-HOWTO-6.html#rfc1179">RFC1179</A> |
---|
287 | is that an LPQ (print status) |
---|
288 | request does not provide a REMOTEUSER name. |
---|
289 | <H3>HOST</H3> |
---|
290 | |
---|
291 | <P>Match type: GLOB |
---|
292 | <P>The HOST information is taken from the <CODE>H</CODE> (host) |
---|
293 | information in the print job control file. |
---|
294 | <H3>REMOTEHOST</H3> |
---|
295 | |
---|
296 | <P>Match type: GLOB |
---|
297 | <P>The REMOTEHOST information is obtained by doing a reverse IP name lookup |
---|
298 | on the remote host address. |
---|
299 | If there is no FQDN available, |
---|
300 | then the IP address in text form will be used. |
---|
301 | <H3>PORT</H3> |
---|
302 | |
---|
303 | <P>Match type: integer range |
---|
304 | <P>The PORT value is obtained from the originating port of the TCP/IP |
---|
305 | connection. |
---|
306 | The match succeeds if it is in the specified range. |
---|
307 | <H3>IP</H3> |
---|
308 | |
---|
309 | <P>Match type: IPaddr |
---|
310 | <P>The IP information is obtained by doing a DNS lookup on the |
---|
311 | H (host) information in the control file. |
---|
312 | If there is no host information, the IP address is undefined. |
---|
313 | Note that for a single host name there may be multiple IP addresses; |
---|
314 | address matches are performed against the list of addresses and succeeds |
---|
315 | if there is one or more individual address matches. |
---|
316 | <H3>REMOTEIP</H3> |
---|
317 | |
---|
318 | <P>Match type: IPaddr |
---|
319 | <P>The REMOTEIP information is the IP address of the host making the |
---|
320 | service request. |
---|
321 | Note that the REMOTEIP value is obtained by using the |
---|
322 | <CODE>gethostbyaddr</CODE> lookup to obtain the DNS information for the |
---|
323 | remote host. This information may include multiple IP addresses; |
---|
324 | address matches are performed against the list of addresses and succeeds |
---|
325 | if there is one or more individual address matches. |
---|
326 | <H3>LPC</H3> |
---|
327 | |
---|
328 | <P>Match type: GLOB |
---|
329 | <P>If you are doing an LPC command, |
---|
330 | this matches the command. |
---|
331 | This allows the following permissions line to be used: |
---|
332 | <BLOCKQUOTE><CODE> |
---|
333 | <PRE> |
---|
334 | #allow remoteuser admin on server to use LPC topq and hold |
---|
335 | ACCEPT LPC=topq,hold SERVER REMOTEUSER=x |
---|
336 | </PRE> |
---|
337 | </CODE></BLOCKQUOTE> |
---|
338 | <P> |
---|
339 | <H3>SAMEUSER</H3> |
---|
340 | |
---|
341 | <P>Match type: exact string match |
---|
342 | <P>Both the REMOTEUSER and USER information must be present and identical. |
---|
343 | <H3>SAMEHOST</H3> |
---|
344 | |
---|
345 | <P>Match type: Same IP Address |
---|
346 | <P>The REMOTEHOST and HOST address lists are checked; |
---|
347 | if there is a common value the match succeeds. |
---|
348 | <H3>SERVER</H3> |
---|
349 | |
---|
350 | <P>Match type: Same IP Address |
---|
351 | <P>One of the REMOTEHOST addresses |
---|
352 | must be the same as one of the addresses of the <CODE>lpd</CODE> server host, |
---|
353 | or must be one of the addresses found by looking up the <CODE>localhost</CODE> |
---|
354 | name using <CODE>gethostbyname()</CODE>. |
---|
355 | <H3>FORWARD</H3> |
---|
356 | |
---|
357 | <P>Match type: Address Match |
---|
358 | <P>The list of REMOTEHOST and HOST addresses must not have a common entry. |
---|
359 | This is identical to NOT SAMEHOST. |
---|
360 | This is usually the case when a remote <CODE>lpd</CODE> server is forwarding |
---|
361 | jobs to the <CODE>lpd</CODE> server. |
---|
362 | <H3>GROUP</H3> |
---|
363 | |
---|
364 | <P>Match type: modified GLOB |
---|
365 | <P>If the pattern does not start with a <CODE>@</CODE> character, |
---|
366 | then the USER information must be present |
---|
367 | and the USER must be present in |
---|
368 | one of the groups in <CODE>/etc/group</CODE> or whatever permissions mechanism is used |
---|
369 | to determine group ownership |
---|
370 | which matches the GLOB pattern. |
---|
371 | <P>If the pattern starts with a <CODE>@</CODE> character, |
---|
372 | then the USER information must be present |
---|
373 | and the user must be in the specified <CODE>netgroup</CODE>. |
---|
374 | This match will be performed only if the <CODE>netgroup</CODE> |
---|
375 | mechanism is supported on the system and the specified netgroup |
---|
376 | exists. |
---|
377 | No wildcard match will be done for netgroups. |
---|
378 | <H3>REMOTEGROUP</H3> |
---|
379 | |
---|
380 | <P>The same rules as for GROUP, |
---|
381 | but using the REMOTEUSER value. |
---|
382 | <H3>CONTROLLINE</H3> |
---|
383 | |
---|
384 | <P>Match type: GLOB |
---|
385 | <P>A <CODE>CONTROLLINE</CODE> pattern has the form |
---|
386 | <BLOCKQUOTE><CODE> |
---|
387 | <PRE> |
---|
388 | X=pattern1,pattern2,... |
---|
389 | </PRE> |
---|
390 | </CODE></BLOCKQUOTE> |
---|
391 | <P>X is a single upper case letter. |
---|
392 | The corresponding line must be present in a control file, |
---|
393 | and the pattern is applied to the line contents. |
---|
394 | <P>This pattern can be used to select only files with specific control |
---|
395 | file information for printing. |
---|
396 | <H3>AUTH</H3> |
---|
397 | |
---|
398 | <P>Match type: GLOB |
---|
399 | <P>The AUTH value can be NONE, |
---|
400 | indicating that no authentication was done. |
---|
401 | If authentication was done, |
---|
402 | then AUTH=USER checks to see if there was user information, |
---|
403 | and AUTH=FWD checks to see if there was forwarding system identification. |
---|
404 | <H3>AUTHUSER</H3> |
---|
405 | |
---|
406 | <P>Match type: GLOB |
---|
407 | <P>If AUTH=USER check succeeds, |
---|
408 | the AUTHUSER rule will check to see if the user identification |
---|
409 | matches the pattern. |
---|
410 | <H3>FWDUSER</H3> |
---|
411 | |
---|
412 | <P>Match type: GLOB |
---|
413 | <P>If AUTH=FWD check succeeds, |
---|
414 | the FWDUSER rule will check to see if the forwarding system identification |
---|
415 | matches the pattern. |
---|
416 | <H3>IFIP</H3> |
---|
417 | |
---|
418 | <P>Match type: IPmatch, but for IPV6 as well as IPV4 |
---|
419 | <P>There is a subtle problem with names and IP addresses which are |
---|
420 | obtained for 'multi-homed hosts', i.e. - those with multiple |
---|
421 | ethernet interfaces, and for IPV6 (IP Version 6), in which a host |
---|
422 | can have multiple addresses, and for the normal host which can have |
---|
423 | both a short name and a fully qualified domain name. |
---|
424 | <P>The IFIP (interface IP) field can be used to check the IP address |
---|
425 | of the origination of the request, as reported by the information |
---|
426 | returned by the accept() system call. Note that this information may |
---|
427 | be IPV4 or IPV6 information, depending on the origination of the |
---|
428 | system. This information is used by gethostbyaddr() to obtain the |
---|
429 | originating host fully qualified domain name (FQDN) and set of IP addresses. |
---|
430 | Note that this FQDN will be for the originating interface, and may |
---|
431 | not be the canonical host name. Some systems which use the Domain Name Server |
---|
432 | (DNS) system may add the canonical system name as an alias. |
---|
433 | <H2><A NAME="permspath"></A> <A NAME="ss14.4">14.4 Permission File Location</A> |
---|
434 | </H2> |
---|
435 | |
---|
436 | <P>Options used: |
---|
437 | <UL> |
---|
438 | <LI> <CODE>perms_path=</CODE><EM> directory path list</EM></LI> |
---|
439 | </UL> |
---|
440 | <P>The <CODE>perms_path=</CODE> configuration variable specifies the |
---|
441 | location of the default permissions file. |
---|
442 | The default value is: |
---|
443 | <BLOCKQUOTE><CODE> |
---|
444 | <PRE> |
---|
445 | perms_path=/etc/lpd.perms:/usr/etc/lpd.perms |
---|
446 | </PRE> |
---|
447 | </CODE></BLOCKQUOTE> |
---|
448 | <P>The <CODE>lpd.perms</CODE> file can be obtained by running a program, |
---|
449 | in a similar manner to the <CODE>/etc/printcap</CODE> file. |
---|
450 | See |
---|
451 | <A HREF="LPRng-HOWTO-13.html#secfilter">Filters</A> for details on how |
---|
452 | the program would be invoked. |
---|
453 | For example, assume the configuration information specified: |
---|
454 | <BLOCKQUOTE><CODE> |
---|
455 | <PRE> |
---|
456 | perms_path=|/usr/local/libexec/get_perms |
---|
457 | </PRE> |
---|
458 | </CODE></BLOCKQUOTE> |
---|
459 | <P>Then the <CODE>get_perms</CODE> program would be invoked with STDIN attached |
---|
460 | to <CODE>/dev/null</CODE> and the complete set of permission information |
---|
461 | would be read from its STDOUT. |
---|
462 | <H2><A NAME="ss14.5">14.5 Example Permission File</A> |
---|
463 | </H2> |
---|
464 | |
---|
465 | <P> |
---|
466 | <BLOCKQUOTE><CODE> |
---|
467 | <PRE> |
---|
468 | # allow root on server to control jobs |
---|
469 | ACCEPT SERVICE=C SERVER REMOTEUSER=root |
---|
470 | REJECT SERVICE=C |
---|
471 | # |
---|
472 | # allow same user on originating host to remove a job |
---|
473 | ACCEPT SERVICE=M SAMEHOST SAMEUSER |
---|
474 | # allow root on server to remove a job |
---|
475 | ACCEPT SERVICE=M SERVER REMOTEUSER=root |
---|
476 | REJECT SERVICE=M |
---|
477 | # all other operations allowed |
---|
478 | DEFAULT ACCEPT |
---|
479 | </PRE> |
---|
480 | </CODE></BLOCKQUOTE> |
---|
481 | <P>In the above sample, we first specify that |
---|
482 | lp<CODE>C</CODE> |
---|
483 | commands from user <CODE>root</CODE> on the lpd server will be accepted. |
---|
484 | This is traditionally the way that most lpc commands operate. |
---|
485 | <P>Next, we reject any other lpc requests. |
---|
486 | <P>We accept |
---|
487 | lpr<CODE>M</CODE> |
---|
488 | requests from the host and user that submitted the job, |
---|
489 | as well as from root on the server, |
---|
490 | and reject any others. |
---|
491 | <P>Finally, |
---|
492 | all other types of commands (lpq, lpr) are allowed by default. |
---|
493 | <H2><A NAME="ss14.6">14.6 Complex Permission Checking</A> |
---|
494 | </H2> |
---|
495 | |
---|
496 | <P>One of the more useful types of permission checking is to |
---|
497 | restrict access to your printers from users outside your |
---|
498 | networks. |
---|
499 | The IP pattern can specify a list of IP addresses and netmasks |
---|
500 | to apply to them. |
---|
501 | <P>For example |
---|
502 | <CODE>IP=10.3.4.0/24</CODE> would match all hosts with the IP |
---|
503 | addresses |
---|
504 | <CODE>IP=10.3.4.0</CODE> to |
---|
505 | <CODE>IP=10.3.4.255</CODE>. |
---|
506 | <P>Similarly, the HOST pattern can specify a set of hostnames |
---|
507 | or patterns to match against based on the GLOB notation. |
---|
508 | <P>For example |
---|
509 | <CODE>REMOTEHOST=*.astart.com</CODE> |
---|
510 | would match all hosts with a DNS entry which ended with |
---|
511 | <CODE>astart.com</CODE>. |
---|
512 | <P>The NOT keyword reverses the match sense. For example |
---|
513 | <CODE>REJECT NOT REMOTEHOST=*.astart.com,*.murphy.com</CODE> |
---|
514 | would reject all requests from hosts which did not have a DNS entry |
---|
515 | ending in |
---|
516 | <CODE>astart.com</CODE> |
---|
517 | or |
---|
518 | <CODE>murphy.com</CODE>. |
---|
519 | <H2><A NAME="ss14.7">14.7 More Examples</A> |
---|
520 | </H2> |
---|
521 | |
---|
522 | <P>The following is a more complex lpd.perms file. |
---|
523 | <BLOCKQUOTE><CODE> |
---|
524 | <PRE> |
---|
525 | # All operations allowed except those specifically forbidden |
---|
526 | DEFAULT ACCEPT |
---|
527 | #Reject connections which do not originate from hosts with an |
---|
528 | # address on 130.191.0.0 or from localhost, |
---|
529 | # or name is not assigned to Engineering pc's |
---|
530 | REJECT SERVICE=X NOT IFIP=130.191.0.0/16,127.0.0.1/32 |
---|
531 | REJECT SERVICE=X NOT REMOTEHOST=engpc* |
---|
532 | #Do not allow anybody but root or papowell on |
---|
533 | #astart1.astart.com or the server to use control |
---|
534 | #facilities. |
---|
535 | ACCEPT SERVICE=C SERVER REMOTEUSER=root |
---|
536 | ACCEPT SERVICE=C REMOTEHOST=astart1.astart.com REMOTEUSER=papowell |
---|
537 | #Allow root on talker.astart.com to control printer hpjet |
---|
538 | ACCEPT SERVICE=C HOST=talker.astart.com PRINTER=hpjet REMOTEUSER=root |
---|
539 | #Reject all others |
---|
540 | REJECT SERVICE=C |
---|
541 | #Do not allow forwarded jobs or requests |
---|
542 | REJECT SERVICE=R,C,M FORWARD |
---|
543 | # allow same user on originating host to remove a job |
---|
544 | ACCEPT SERVICE=M SAMEHOST SAMEUSER |
---|
545 | # allow root on server to remove a job |
---|
546 | ACCEPT SERVICE=M SERVER REMOTEUSER=root |
---|
547 | </PRE> |
---|
548 | </CODE></BLOCKQUOTE> |
---|
549 | <HR> |
---|
550 | <A HREF="LPRng-HOWTO-15.html">Next</A> |
---|
551 | <A HREF="LPRng-HOWTO-13.html">Previous</A> |
---|
552 | <A HREF="LPRng-HOWTO.html#toc14">Contents</A> |
---|
553 | </BODY> |
---|
554 | </HTML> |
---|