source: trunk/third/moira/gen/cups-cluster.pc @ 24250

Revision 24250, 23.0 KB checked in by broder, 15 years ago (diff)
New Moira snapshot from subversion. Sorry for the large diff - looks like all of the keywords changed in the SVN import process.
RevLine 
[24234]1/* $Id: cups-cluster.pc,v 1.4 2009-12-07 20:28:34 zacheiss Exp $
[24191]2 *
3 * This generates printcaps and other files for Athena print servers
4 *
5 * Copyright (C) 1992-1998 by the Massachusetts Institute of Technology.
6 * For copying and distribution information, please see the file
7 * <mit-copyright.h>.
8 */
9
10#include <mit-copyright.h>
11#include <moira.h>
12#include <moira_site.h>
13
14#include <sys/stat.h>
15#include <sys/types.h>
16
17#include <ctype.h>
18#include <stdio.h>
19#include <string.h>
20
21#include <time.h>
22#ifdef HAVE_KRB4
23#include <krb.h>
24#endif
25#include <krb5.h>
26
27#include "util.h"
28
29EXEC SQL INCLUDE sqlca;
30
[24250]31RCSID("$Header: /afs/.athena.mit.edu/astaff/project/moiradev/repository/moira/gen/cups-cluster.pc,v 1.4 2009-12-07 20:28:34 zacheiss Exp $");
[24191]32
33char *whoami = "cups-print.gen";
34char *db = "moira/moira";
35
36const int krbvers = 5;  /* use Kerberos 5 */
37
38/* OMG, I hate this, but it's cleaner, I guess? */
39
40const char *alterjob = "<Limit Hold-Job Release-Job\
41 Restart-Job Purge-Jobs Reprocess-Job Set-Job-Attributes\
42 Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>";
[24234]43const char *submitjob = "<Limit Create-Job Print-Job Print-URI \
[24191]44 Set-Job-Attributes Send-URI Create-Job-Subscription Renew-Subscription\
[24234]45 Cancel-Subscription Get-Notifications CUPS-Move-Job CUPS-Authenticate-Job>";
[24191]46const char *alterpntr = "<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer\
[24234]47 CUPS-Add-Modify-Class CUPS-Delete-Class>";
[24191]48const char *lpcpntr = "<Limit Pause-Printer Resume-Printer Enable-Printer\
49 Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs\
50 Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer\
51 Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After\
[24234]52 CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>";
53const char *canceljob = "<Limit Cancel-Job>";
[24191]54const char *catchall = "<Limit All>";
[24234]55const char *phost = "cluster-printers.MIT.EDU";
56const char *svrlist = "cups-hosts";
[24191]57
58void do_host(char *host);
59void sqlerr(void);
60#ifndef MAX
61#define MAX(a, b) ( (a) > (b) ? (a) : (b) )
62#endif
63
64int main(int argc, char **argv)
65{
66  EXEC SQL BEGIN DECLARE SECTION;
67  char name[MACHINE_NAME_SIZE];
68  EXEC SQL END DECLARE SECTION;
69
70  init_acls();
71
72  EXEC SQL CONNECT :db;
73
74  EXEC SQL WHENEVER SQLERROR DO sqlerr();
75
76  EXEC SQL DECLARE csr_hosts CURSOR FOR
77    SELECT m.name FROM machine m, serverhosts sh
78    WHERE m.mach_id = sh.mach_id AND sh.service = 'CUPS-CLUSTER' AND sh.enable = 1;
79  EXEC SQL OPEN csr_hosts;
80  while (1)
81    {
82      EXEC SQL FETCH csr_hosts INTO :name;
83      if (sqlca.sqlcode)
84        break;
85
86      strtrim(name);
87      do_host(name);
88    }
89  EXEC SQL CLOSE csr_hosts;
90
91  exit(MR_SUCCESS);
92}
93
[24234]94void printer_user_list(FILE *out, char *type, int id, char *str, int striprealm)
[24191]95{
96  struct save_queue *sq;
97  struct imember *m;
98  char kbuf[MAX_K_NAME_SZ];
99  char *cp;
100
101  sq = get_acl(type, id, NULL);
102  while (sq_remove_data(sq, &m))
103    {
104      if (m->type != 'S' && m->type != NULL) {
105        /* CUPS wants mmanley/root, not mmanley.root@ATHENA.MIT.EDU */
106        canon_krb(m, krbvers, kbuf, sizeof(kbuf));
107
108        /* now, take out all the @realm */
[24234]109        if (striprealm) {
[24191]110        for (cp=kbuf; *cp; cp++) {
111          if (*cp == '@') *cp = '\0';
112        }
[24234]113        }
[24191]114        fprintf(out, "%s %s\n", str, kbuf);
115      }
116      freeimember(m);
117    }
118  sq_destroy(sq);
119}
120
121void do_host(char *host)
122{
123  EXEC SQL BEGIN DECLARE SECTION;
124  char rp[PRINTERS_RP_SIZE], name[PRINTERS_NAME_SIZE];
125  char duplexname[PRINTERS_DUPLEXNAME_SIZE], location[PRINTERS_LOCATION_SIZE];
126  char hwtype[PRINTERS_HWTYPE_SIZE], lowerhwtype[PRINTERS_HWTYPE_SIZE];
127  char modtime[PRINTERS_MODTIME_SIZE], lmodtime[LIST_MODTIME_SIZE];
128  char contact[PRINTERS_CONTACT_SIZE], hostname[MACHINE_NAME_SIZE];
129  char cupshosts[MACHINE_NAME_SIZE], prtype [PRINTERS_TYPE_SIZE];
[24234]130  char service[SERVERHOSTS_SERVICE_SIZE];
[24191]131  char *spoolhost = host, *unixtime_fmt = UNIXTIME_FMT, *p;
132  char *lhost;
133  int ka, pc, ac, lpc_acl, top_lpc_acl, banner, rm;
134  EXEC SQL END DECLARE SECTION;
135  TARFILE *tf;
136  FILE *out;
137  char filename[MAXPATHLEN], *duptc;
138  time_t mtime, now = time(NULL);
139
140  lhost = (char *) strdup (host);
141  for (p = lhost; *p; p++)
142     *p = tolower(*p);
143
144  EXEC SQL SELECT mach_id INTO :rm FROM machine
145    WHERE name = :spoolhost;
146
147  sprintf(filename, "%s/cups-cluster/%s", DCM_DIR, host);
148  tf = tarfile_open(filename);
149
150  /* printers.conf entries for locally run queues */
151  out = tarfile_start(tf, "/etc/cups/printers.conf", 0644, 0, 0,
152                      "lp", "lp", now);
153
154  EXEC SQL DECLARE csr_printers CURSOR FOR
155    SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
156    m.name, pr.banner, pr.location, pr.contact, pr.ka,
157    pr.ac, pr.lpc_acl
158    FROM printers pr, machine m
159    WHERE pr.rm = :rm AND m.mach_id = pr.mach_id
160    AND (pr.type = 'DORM' or pr.type = 'CLUSTER');
161  EXEC SQL OPEN csr_printers;
162  while (1)
163    {
164      EXEC SQL FETCH csr_printers INTO :rp, :name, :duplexname,
165        :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl;
166      if (sqlca.sqlcode)
167        break;
168
169      strtrim(rp);
170      strtrim(name);
171      strtrim(duplexname);
172      strtrim(hwtype);
173      strtrim(hostname);
174      strtrim(location);
175      strtrim(contact);
176      strcpy(lowerhwtype, hwtype);
177      for (p = rp; *p; p++)     /* Because uppercased printer names suck */
178        *p = tolower(*p);
179      for (p = lowerhwtype; *p; p++)
180        *p = tolower(*p);
181
182      fprintf(out, "<Printer %s>\n",rp);
183      fprintf(out, "Info %s:%s\n", rp, hwtype);
184      /* Note the use of "beh" to keep the CUPS from disabling print queues
185       * should they not respond versus discarding the job. 
186       * See the "beh" page for details. 
187       * The 1/0/60 says "don't disable/try 20 times/try every 60s */
188      if (!strncmp(hwtype, "HP", 2))
189          fprintf(out, "DeviceURI beh:/1/20/60/socket://%s:9100\n", hostname);
190      else
191          fprintf(out, "DeviceURI beh:/1/20/60/socket://%s\n", hostname);
192      fprintf(out, "State Idle\n");     // Always with the Idle
193      fprintf(out, "StateTime %ld\n", (long)time(NULL));
194      fprintf(out, "Accepting Yes\n");
195      fprintf(out, "Shared Yes\n");
196      fprintf(out, "QuotaPeriod 0\n");
197      fprintf(out, "PageLimit 0\n");
198      fprintf(out, "Klimit 0\n");
199      fprintf(out, "Option sides one-sided\n");
200      fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
201      fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
202      fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
203      fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
204      fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
205      if (location[0])
206        fprintf(out, "Location %s\n", location);
207      fprintf(out, "ErrorPolicy abort-job\n");
208      if (ka || lpc_acl)
209        fprintf(out, "OpPolicy %s-policy\n", rp);
210      else
211        fprintf(out, "OpPolicy default\n");
212
213      /* Access-control list. */
214      if (ac)
215        {
216          if (ka)
217            fprintf(out, "AuthType Negotiate\n");
218          else
219            fprintf(out, "AuthType Default\n");
[24234]220          printer_user_list(out, "LIST", ac, "AllowUser", 0);
[24191]221        }
222
223      if (banner == PRN_BANNER_NONE)
224        fprintf(out, "JobSheets none none\n");
225      else
226        fprintf(out, "JobSheets athena none\n");
227      fprintf(out, "</Printer>\n");
228
229    }
230  EXEC SQL CLOSE csr_printers;
231
232  /* printers.conf entries for non-local CUPS queues */
233  EXEC SQL DECLARE csr_remote_printers CURSOR FOR
234    SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
235    m.name, pr.banner, pr.location, pr.contact, pr.ka,
236    pr.ac, pr.lpc_acl, m.name as cupshosts
237    FROM printers pr, machine m, serverhosts sh
238    WHERE pr.rm = m.mach_id
239    AND (pr.type = 'CLUSTER' or pr.type = 'DORM') AND m.name <> :spoolhost AND
240    m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER') AND
241    sh.enable = 1 AND m.mach_id = sh.mach_id;
242
243  EXEC SQL OPEN csr_remote_printers;
244  while (1)
245    {
246      EXEC SQL FETCH csr_remote_printers INTO :rp, :name, :duplexname,
247        :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl, :cupshosts;
248      if (sqlca.sqlcode)
249        break;
250
251      strtrim(rp);
252      strtrim(name);
253      strtrim(duplexname);
254      strtrim(hwtype);
255      strtrim(hostname);
256      strtrim(location);
257      strtrim(contact);
258      strtrim(cupshosts);
259      strcpy(lowerhwtype, hwtype);
260      for (p = rp; *p; p++)     /* Because uppercased printer names suck */
261        *p = tolower(*p);
262      for (p = lowerhwtype; *p; p++)
263        *p = tolower(*p);
264
265      fprintf(out, "<Printer %s>\n",rp);
266      fprintf(out, "Info %s:%s\n", rp, hwtype);
267      fprintf(out, "DeviceURI ipp://%s:631/printers/%s\n", cupshosts, rp);
268      fprintf(out, "State Idle\n");     // Always with the Idle
269      fprintf(out, "StateTime %ld\n", (long)time(NULL));
270      fprintf(out, "Accepting Yes\n");
271      fprintf(out, "Shared Yes\n");
272      fprintf(out, "QuotaPeriod 0\n");
273      fprintf(out, "PageLimit 0\n");
274      fprintf(out, "Klimit 0\n");
275      fprintf(out, "Option sides one-sided\n");
276      fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
277      fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
278      fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
279      fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
280      fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
281      if (location[0])
282        fprintf(out, "Location %s\n", location);
283      fprintf(out, "ErrorPolicy abort-job\n");
284      if (ka || lpc_acl)
285        fprintf(out, "OpPolicy %s-policy\n", rp);
286      else
287        fprintf(out, "OpPolicy default\n");
288
289      /* Access-control list. */
290      if (ac)
291        {
292          if (ka)
293            fprintf(out, "AuthType Negotiate\n");
294          else
295            fprintf(out, "AuthType Default\n");
[24234]296          printer_user_list(out, "LIST", ac, "AllowUser", 0);
[24191]297        }
298
299      if (banner == PRN_BANNER_NONE)
300        fprintf(out, "JobSheets none none\n");
301      else
302        fprintf(out, "JobSheets athena none\n");
303      fprintf(out, "</Printer>\n");
304
305    }
306  EXEC SQL CLOSE csr_remote_printers;
307
308  /* printers.conf entries for non-local LPRng queues */
309  EXEC SQL DECLARE csr_lprng_printers CURSOR FOR
310    SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
311    m.name, pr.banner, pr.location, pr.contact, pr.ka,
312    pr.ac, pr.lpc_acl, m.name as cupshosts
313    FROM printers pr, machine m, serverhosts sh
314    WHERE pr.rm = m.mach_id
315    AND (pr.type = 'DORM' or pr.type = 'CLUSTER') AND m.name <> :spoolhost AND
316    m.mach_id = sh.mach_id AND sh.service = 'PRINT' AND
317    sh.enable = 1;
318
319  EXEC SQL OPEN csr_lprng_printers;
320  while (1)
321    {
322      EXEC SQL FETCH csr_lprng_printers INTO :rp, :name, :duplexname,
323        :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl, :cupshosts;
324      if (sqlca.sqlcode)
325        break;
326
327      strtrim(rp);
328      strtrim(name);
329      strtrim(duplexname);
330      strtrim(hwtype);
331      strtrim(hostname);
332      strtrim(location);
333      strtrim(contact);
334      strtrim(cupshosts);
335      strcpy(lowerhwtype, hwtype);
336      for (p = rp; *p; p++)     /* Because uppercased printer names suck */
337        *p = tolower(*p);
338      for (p = lowerhwtype; *p; p++)
339        *p = tolower(*p);
340
341      fprintf(out, "<Printer %s>\n",rp);
342      fprintf(out, "Info %s:LPRng Queue on %s\n", rp, cupshosts);
343      fprintf(out, "DeviceURI lpd://%s/%s\n", cupshosts, rp);
344      fprintf(out, "State Idle\n");     // Always with the Idle
345      fprintf(out, "StateTime %ld\n", (long)time(NULL));
346      fprintf(out, "Accepting Yes\n");
347      fprintf(out, "Shared Yes\n");
348      fprintf(out, "QuotaPeriod 0\n");
349      fprintf(out, "PageLimit 0\n");
350      fprintf(out, "Klimit 0\n");
351      fprintf(out, "Option sides one-sided\n");
352      fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
353      fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
354      fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
355      fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
356      fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
357      if (location[0])
358        fprintf(out, "Location %s\n", location);
359      fprintf(out, "ErrorPolicy abort-job\n");
360      fprintf(out, "OpPolicy default\n");
361      fprintf(out, "JobSheets none none\n");
362      fprintf(out, "</Printer>\n");
363
364    }
365  EXEC SQL CLOSE csr_lprng_printers;
366  tarfile_end(tf);
367
368
369  /* aliases are in classes.conf */
370  out = tarfile_start(tf, "/etc/cups/classes.conf", 0644, 0, 0,
371                  "lp", "lp", now);
372  EXEC SQL DECLARE csr_duplexqs CURSOR FOR
373    SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
374    m.name, pr.banner, pr.location, pr.contact, pr.ka,
[24234]375    pr.type as prtype, pr.ac, sh.service
[24191]376    FROM printers pr, machine m, serverhosts sh
377    WHERE pr.rm = m.mach_id
378    AND m.mach_id = sh.mach_id AND sh.enable = 1
379    AND (pr.type = 'DORM' or pr.type = 'CLUSTER')
380    AND (sh.service = 'CUPS-PRINT' OR sh.service = 'PRINT' OR sh.service = 'CUPS-CLUSTER');
381  EXEC SQL OPEN csr_duplexqs;
382  while (1)
383    {
384      EXEC SQL FETCH csr_duplexqs INTO :rp, :name, :duplexname,
[24234]385        :hwtype, :hostname, :banner, :location, :contact, :ka, :prtype, :ac, :service;
[24191]386      if (sqlca.sqlcode)
387        break;
388
389      strtrim(hwtype);
[24234]390      strtrim(service);
[24191]391      strtrim(rp);
392      strtrim(location);
393      strtrim(contact);
394      strtrim(prtype);
395
396      /* Define alias queues as classes to the regular queues for
397       * accounting reasons.  Annoyingly, classes don't always inherit
398       * their printer definitions.
399      */
400      if (!strcmp(prtype,"ALIAS"))
401        {
402          strtrim(name);
403          fprintf(out, "<Class %s>\n",name);
404          fprintf(out, "Info Alias Queue to %s:%s\n", rp, hwtype);
405          fprintf(out, "Printer %s\n", rp);
406          fprintf(out, "Option sides one-sided\n");
407          fprintf(out, "State Idle\n");     // Always with the Idle
408          fprintf(out, "StateTime %ld\n", (long)time(NULL));
409          fprintf(out, "Accepting Yes\n");
410          fprintf(out, "Shared Yes\n");
411          fprintf(out, "QuotaPeriod 0\n");
412          fprintf(out, "PageLimit 0\n");
413          if (location[0])
414            fprintf(out, "Location %s\n", location);
[24234]415          /* do not use custom policies for LPRng printers */
416          if (strcmp(service,"PRINT") && (ka || lpc_acl))
[24191]417            fprintf(out, "OpPolicy %s-policy\n", rp);
418          else
419            fprintf(out, "OpPolicy default\n");
420   
421          /* Access-control list. */
422          if (ac)
[24234]423            printer_user_list(out, "LIST", ac, "AllowUser", 0);
[24191]424   
425          if (banner == PRN_BANNER_NONE)
426            fprintf(out, "JobSheets none none\n");
427          else
428            fprintf(out, "JobSheets athena none\n");
429          fprintf(out, "</Class>\n");
430      }
431
432      /* Define duplex queues as aliases to the regular queues for
433       * accounting reasons.  Annoyingly, classes don't always inherit
434       * their printer definitions.
435      */
436      if (*duplexname)
437        {
438          strtrim(duplexname);
439          fprintf(out, "<Class %s>\n",duplexname);
440          if (!strcmp(prtype,"ALIAS"))
441            fprintf(out, "Info Duplex Alias Queue to %s:%s\n", rp, hwtype);
442          else
443            fprintf(out, "Info Duplex Queue for %s:%s\n", rp, hwtype);
444          fprintf(out, "Option sides two-sided-long-edge\n");   // duplex
445          fprintf(out, "Printer %s\n", rp);
446          fprintf(out, "State Idle\n");     // Always with the Idle
447          fprintf(out, "StateTime %ld\n", (long)time(NULL));
448          fprintf(out, "Accepting Yes\n");
449          fprintf(out, "Shared Yes\n");
450          fprintf(out, "QuotaPeriod 0\n");
451          fprintf(out, "PageLimit 0\n");
452          if (location[0])
453            fprintf(out, "Location %s\n", location);
[24234]454          /* do not use custom policies for LPRng printers */
455          if (strcmp(service,"PRINT") && (ka || lpc_acl))
[24191]456            fprintf(out, "OpPolicy %s-policy\n", rp);
457          else
458            fprintf(out, "OpPolicy default\n");
459   
460          /* Access-control list. */
461          if (ac)
[24234]462            printer_user_list(out, "LIST", ac, "AllowUser", 0);
[24191]463   
464          if (banner == PRN_BANNER_NONE)
465            fprintf(out, "JobSheets none none\n");
466          else if (banner == PRN_BANNER_LAST)
467            fprintf(out, "JobSheets athena none\n");
468          fprintf(out, "</Class>\n");
469        }
470    }
471  EXEC SQL CLOSE csr_duplexqs;
472  tarfile_end(tf);
473
474  /* cups.conf */
475  out = tarfile_start(tf, "/etc/cups/cupsd.conf", 0755, 1, 1,
476                      "root", "lp", now);
477
478  fprintf(out, "LogLevel info\n");
479  fprintf(out, "SystemGroup sys root ops-group\n");
480  fprintf(out, "Port 631\n");
[24234]481  fprintf(out, "SSLPort 443\n");
[24191]482  fprintf(out, "Listen /var/run/cups/cups.sock\n");
483  fprintf(out, "Browsing On\n");
484  fprintf(out, "BrowseOrder allow,deny\n");
485  fprintf(out, "BrowseAllow all\n");
486  fprintf(out, "BrowseAddress @LOCAL\n");
487  fprintf(out, "DefaultAuthType Negotiate\n");
488  fprintf(out, "ServerCertificate /etc/cups/ssl/%s-ipp-crt.pem\n", lhost);
489  fprintf(out, "ServerKey /etc/cups/ssl/%s-ipp-key.pem\n", lhost);
490  fprintf(out, "ServerName %s\n", lhost);
491  fprintf(out, "ServerAlias %s\n", phost);
[24234]492  /* fprintf(out, "Krb5Keytab /etc/krb5-ipp.keytab\n"); */
[24191]493
494  /* The other CUPS servers should be aware of the other hosts'
495     queues, so we'll let them browse each other. */
496  fprintf(out, "Include cups.local.conf\n");
497  fprintf(out, "Include cups.locations.conf\n");
498  fprintf(out, "Include cups.policies.conf\n");
499  tarfile_end(tf);
500
501  /* cups.hosts.conf */
502  out = tarfile_start(tf, "/etc/cups/cups.hosts.conf", 0755, 1, 1,
503                      "root", "lp", now);
504  EXEC SQL DECLARE csr_cupshosts CURSOR FOR
505    SELECT m.name AS cupshosts FROM machine m, printservers ps
506    WHERE m.mach_id = ps.mach_id AND ps.kind = 'CUPS';
507  EXEC SQL OPEN csr_cupshosts;
508  while (1)
509    {
510      EXEC SQL FETCH csr_cupshosts INTO :cupshosts;
511      if (sqlca.sqlcode)
512        break;
513
514      strtrim(cupshosts);
515
516      /* Don't poll yourself looking for answers! */
517      if (strcmp(cupshosts,host))
518         fprintf(out, "BrowsePoll %s\n", cupshosts);
519    }
520  EXEC SQL CLOSE csr_cupshosts;
521
522  tarfile_end(tf);
523
524  /* cups.policies.conf */
525  out = tarfile_start(tf, "/etc/cups/cups.policies.conf", 0755, 1, 1,
526                      "root", "lp", now);
527  fprintf(out, "# Printer-specific LPC and LPR ACLs\n");
528  /* lpcaccess.top */
529  EXEC SQL SELECT ps.lpc_acl INTO :top_lpc_acl
530    FROM printservers ps, machine m
531    WHERE m.name = :spoolhost AND m.mach_id = ps.mach_id;
532      fprintf (out, "<Policy default>\n");
533      fprintf (out, "%s\n", alterjob);
534      fprintf (out, "AuthType Default\n");
535      fprintf (out, "Require user @OWNER @SYSTEM\n");
[24234]536  printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
537  fprintf (out, "Order deny,allow\n");
538  fprintf (out, "</Limit>\n");
539  fprintf (out, "<Limit Send-Document CUPS-Get-Document>\n");
540  fprintf (out, "AuthType None\n");
541  fprintf (out, "Require user @OWNER @SYSTEM\n");
[24191]542      fprintf (out, "Order deny,allow\n");
[24234]543  fprintf (out, "Allow from all\n");
[24191]544      fprintf (out, "</Limit>\n");
545      fprintf (out, "%s\n", submitjob);
546      fprintf (out, "AuthType None\n");
547      fprintf (out, "Order deny,allow\n");
548      fprintf (out, "Allow from all\n");
549      fprintf (out, "</Limit>\n");
550      fprintf (out, "%s\n", alterpntr);
551      fprintf (out, "AuthType Default\n");
552      fprintf (out, "Require user @SYSTEM\n");
553      fprintf (out, "Order deny,allow\n");
554      fprintf (out, "</Limit>\n");
555      fprintf (out, "%s\n", lpcpntr);
556      fprintf (out, "AuthType Default\n");
557      fprintf (out, "Require user @SYSTEM\n");
[24234]558  printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
[24191]559      fprintf (out, "Order deny,allow\n");
560      fprintf (out, "</Limit>\n");
561      fprintf (out, "%s\n", canceljob);
562      fprintf (out, "AuthType Default\n");
563      fprintf (out, "Require user @OWNER @SYSTEM\n");
[24234]564  printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
[24191]565      fprintf (out, "Order deny,allow\n");
566      fprintf (out, "Allow from all\n");
567      fprintf (out, "</Limit>\n");
568      fprintf (out, "%s\n", catchall);
569      fprintf (out, "AuthType None\n");
570      fprintf (out, "Order deny,allow\n");
571      fprintf (out, "Allow from all\n");
572      fprintf (out, "</Limit>\n");
573      fprintf (out, "</Policy>\n");
574
575  /* restrict lists and lpcaccess policies.  Sadly, we have to put the
576     top level for each new policy since CUPS doesn't have a way of
577     doing it otherwise (well, Unix groups, but not moira) */
578  EXEC SQL DECLARE csr_lpc CURSOR FOR
579    SELECT UNIQUE rp, ka, ac, lpc_acl
580    FROM printers
581    WHERE (ac != 0 OR lpc_acl != 0) AND rm in (SELECT m.mach_id FROM machine m, serverhosts sh
[24234]582    WHERE m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' or sh.service = 'CUPS-CLUSTER')
583    AND sh.enable = 1);
[24191]584  EXEC SQL OPEN csr_lpc;
585  while (1)
586    {
587      EXEC SQL FETCH csr_lpc INTO :name, :ka, :ac, :lpc_acl;
588      if (sqlca.sqlcode)
589        break;
590
591      strtrim(name);
592
593      fprintf (out, "<Policy %s-policy>\n", name);
594      fprintf (out, "%s\n", alterjob);
595      fprintf (out, "AuthType Default\n");
596      fprintf (out, "Require user @OWNER @SYSTEM\n");
[24234]597      printer_user_list(out, "LIST", lpc_acl, "Require user", 1);
598      printer_user_list(out, "LIST", svrlist, "Require user", 1);
[24191]599      fprintf (out, "Order deny,allow\n");
600      fprintf (out, "Allow from all\n");
601      fprintf (out, "</Limit>\n");
[24234]602      fprintf (out, "<Limit Send-Document CUPS-Get-Document>\n");
603      fprintf (out, "AuthType None\n");
604      fprintf (out, "Require user @OWNER @SYSTEM\n");
605      fprintf (out, "Order deny,allow\n");
606      fprintf (out, "Allow from all\n");
607      fprintf (out, "</Limit>\n");
[24191]608      fprintf (out, "%s\n", submitjob);
609      /* If the printer is Kerberized? */
610      if (ka)
611        fprintf (out, "AuthType Negotiate\n");
612      else
613        fprintf (out, "AuthType None\n");
614      /* Access-control list. */
[24234]615      if (ac) {
616        printer_user_list(out, "LIST", ac, "Require user", 1);
617        printer_user_list(out, "LIST", svrlist, "Require user", 1);
618      }
[24191]619      else if (ka)
620        fprintf (out, "Require valid-user\n");
621      fprintf (out, "Order deny,allow\n");
622      fprintf (out, "Allow from all\n");
623      fprintf (out, "</Limit>\n");
624      fprintf (out, "%s\n", alterpntr);
625      fprintf (out, "AuthType Default\n");
626      fprintf (out, "Require user @SYSTEM\n");
627      fprintf (out, "Order deny,allow\n");
628      fprintf (out, "</Limit>\n");
629      fprintf (out, "%s\n", lpcpntr);
630      fprintf (out, "AuthType Default\n");
631      fprintf (out, "Require user @SYSTEM\n");
632      /* printer-specific lpc access. */
633      if (lpc_acl)
[24234]634        printer_user_list(out, "LIST", lpc_acl, "Require user", 1);
635      printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
[24191]636      fprintf (out, "Order deny,allow\n");
637      fprintf (out, "</Limit>\n");
638      fprintf (out, "%s\n", canceljob);
639      fprintf (out, "AuthType Default\n");
640      fprintf (out, "Require user @OWNER @SYSTEM\n");
[24234]641      printer_user_list(out, "LIST", lpc_acl, "Require user", 1);
642      printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
[24191]643      fprintf (out, "Order deny,allow\n");
644      fprintf (out, "Allow from all\n");
645      fprintf (out, "</Limit>\n");
646      fprintf (out, "%s\n", catchall);
647      fprintf (out, "AuthType None\n");
648      fprintf (out, "Order deny,allow\n");
649      fprintf (out, "Allow from all\n");
650      fprintf (out, "</Limit>\n");
651      fprintf (out, "</Policy>\n");
652    }
653  EXEC SQL CLOSE csr_lpc;
654  fprintf(out, "\n");
655  tarfile_end(tf);
656  tarfile_close(tf);
657}
658
659void sqlerr(void)
660{
661  db_error(sqlca.sqlcode);
662}
Note: See TracBrowser for help on using the repository browser.