source: trunk/third/moira/gen/cups-cluster.pc @ 24250

Revision 24250, 23.0 KB checked in by broder, 15 years ago (diff)
New Moira snapshot from subversion. Sorry for the large diff - looks like all of the keywords changed in the SVN import process.
Line 
1/* $Id: cups-cluster.pc,v 1.4 2009-12-07 20:28:34 zacheiss Exp $
2 *
3 * This generates printcaps and other files for Athena print servers
4 *
5 * Copyright (C) 1992-1998 by the Massachusetts Institute of Technology.
6 * For copying and distribution information, please see the file
7 * <mit-copyright.h>.
8 */
9
10#include <mit-copyright.h>
11#include <moira.h>
12#include <moira_site.h>
13
14#include <sys/stat.h>
15#include <sys/types.h>
16
17#include <ctype.h>
18#include <stdio.h>
19#include <string.h>
20
21#include <time.h>
22#ifdef HAVE_KRB4
23#include <krb.h>
24#endif
25#include <krb5.h>
26
27#include "util.h"
28
29EXEC SQL INCLUDE sqlca;
30
31RCSID("$Header: /afs/.athena.mit.edu/astaff/project/moiradev/repository/moira/gen/cups-cluster.pc,v 1.4 2009-12-07 20:28:34 zacheiss Exp $");
32
33char *whoami = "cups-print.gen";
34char *db = "moira/moira";
35
36const int krbvers = 5;  /* use Kerberos 5 */
37
38/* OMG, I hate this, but it's cleaner, I guess? */
39
40const char *alterjob = "<Limit Hold-Job Release-Job\
41 Restart-Job Purge-Jobs Reprocess-Job Set-Job-Attributes\
42 Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>";
43const char *submitjob = "<Limit Create-Job Print-Job Print-URI \
44 Set-Job-Attributes Send-URI Create-Job-Subscription Renew-Subscription\
45 Cancel-Subscription Get-Notifications CUPS-Move-Job CUPS-Authenticate-Job>";
46const char *alterpntr = "<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer\
47 CUPS-Add-Modify-Class CUPS-Delete-Class>";
48const char *lpcpntr = "<Limit Pause-Printer Resume-Printer Enable-Printer\
49 Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs\
50 Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer\
51 Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After\
52 CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>";
53const char *canceljob = "<Limit Cancel-Job>";
54const char *catchall = "<Limit All>";
55const char *phost = "cluster-printers.MIT.EDU";
56const char *svrlist = "cups-hosts";
57
58void do_host(char *host);
59void sqlerr(void);
60#ifndef MAX
61#define MAX(a, b) ( (a) > (b) ? (a) : (b) )
62#endif
63
64int main(int argc, char **argv)
65{
66  EXEC SQL BEGIN DECLARE SECTION;
67  char name[MACHINE_NAME_SIZE];
68  EXEC SQL END DECLARE SECTION;
69
70  init_acls();
71
72  EXEC SQL CONNECT :db;
73
74  EXEC SQL WHENEVER SQLERROR DO sqlerr();
75
76  EXEC SQL DECLARE csr_hosts CURSOR FOR
77    SELECT m.name FROM machine m, serverhosts sh
78    WHERE m.mach_id = sh.mach_id AND sh.service = 'CUPS-CLUSTER' AND sh.enable = 1;
79  EXEC SQL OPEN csr_hosts;
80  while (1)
81    {
82      EXEC SQL FETCH csr_hosts INTO :name;
83      if (sqlca.sqlcode)
84        break;
85
86      strtrim(name);
87      do_host(name);
88    }
89  EXEC SQL CLOSE csr_hosts;
90
91  exit(MR_SUCCESS);
92}
93
94void printer_user_list(FILE *out, char *type, int id, char *str, int striprealm)
95{
96  struct save_queue *sq;
97  struct imember *m;
98  char kbuf[MAX_K_NAME_SZ];
99  char *cp;
100
101  sq = get_acl(type, id, NULL);
102  while (sq_remove_data(sq, &m))
103    {
104      if (m->type != 'S' && m->type != NULL) {
105        /* CUPS wants mmanley/root, not mmanley.root@ATHENA.MIT.EDU */
106        canon_krb(m, krbvers, kbuf, sizeof(kbuf));
107
108        /* now, take out all the @realm */
109        if (striprealm) {
110        for (cp=kbuf; *cp; cp++) {
111          if (*cp == '@') *cp = '\0';
112        }
113        }
114        fprintf(out, "%s %s\n", str, kbuf);
115      }
116      freeimember(m);
117    }
118  sq_destroy(sq);
119}
120
121void do_host(char *host)
122{
123  EXEC SQL BEGIN DECLARE SECTION;
124  char rp[PRINTERS_RP_SIZE], name[PRINTERS_NAME_SIZE];
125  char duplexname[PRINTERS_DUPLEXNAME_SIZE], location[PRINTERS_LOCATION_SIZE];
126  char hwtype[PRINTERS_HWTYPE_SIZE], lowerhwtype[PRINTERS_HWTYPE_SIZE];
127  char modtime[PRINTERS_MODTIME_SIZE], lmodtime[LIST_MODTIME_SIZE];
128  char contact[PRINTERS_CONTACT_SIZE], hostname[MACHINE_NAME_SIZE];
129  char cupshosts[MACHINE_NAME_SIZE], prtype [PRINTERS_TYPE_SIZE];
130  char service[SERVERHOSTS_SERVICE_SIZE];
131  char *spoolhost = host, *unixtime_fmt = UNIXTIME_FMT, *p;
132  char *lhost;
133  int ka, pc, ac, lpc_acl, top_lpc_acl, banner, rm;
134  EXEC SQL END DECLARE SECTION;
135  TARFILE *tf;
136  FILE *out;
137  char filename[MAXPATHLEN], *duptc;
138  time_t mtime, now = time(NULL);
139
140  lhost = (char *) strdup (host);
141  for (p = lhost; *p; p++)
142     *p = tolower(*p);
143
144  EXEC SQL SELECT mach_id INTO :rm FROM machine
145    WHERE name = :spoolhost;
146
147  sprintf(filename, "%s/cups-cluster/%s", DCM_DIR, host);
148  tf = tarfile_open(filename);
149
150  /* printers.conf entries for locally run queues */
151  out = tarfile_start(tf, "/etc/cups/printers.conf", 0644, 0, 0,
152                      "lp", "lp", now);
153
154  EXEC SQL DECLARE csr_printers CURSOR FOR
155    SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
156    m.name, pr.banner, pr.location, pr.contact, pr.ka,
157    pr.ac, pr.lpc_acl
158    FROM printers pr, machine m
159    WHERE pr.rm = :rm AND m.mach_id = pr.mach_id
160    AND (pr.type = 'DORM' or pr.type = 'CLUSTER');
161  EXEC SQL OPEN csr_printers;
162  while (1)
163    {
164      EXEC SQL FETCH csr_printers INTO :rp, :name, :duplexname,
165        :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl;
166      if (sqlca.sqlcode)
167        break;
168
169      strtrim(rp);
170      strtrim(name);
171      strtrim(duplexname);
172      strtrim(hwtype);
173      strtrim(hostname);
174      strtrim(location);
175      strtrim(contact);
176      strcpy(lowerhwtype, hwtype);
177      for (p = rp; *p; p++)     /* Because uppercased printer names suck */
178        *p = tolower(*p);
179      for (p = lowerhwtype; *p; p++)
180        *p = tolower(*p);
181
182      fprintf(out, "<Printer %s>\n",rp);
183      fprintf(out, "Info %s:%s\n", rp, hwtype);
184      /* Note the use of "beh" to keep the CUPS from disabling print queues
185       * should they not respond versus discarding the job. 
186       * See the "beh" page for details. 
187       * The 1/0/60 says "don't disable/try 20 times/try every 60s */
188      if (!strncmp(hwtype, "HP", 2))
189          fprintf(out, "DeviceURI beh:/1/20/60/socket://%s:9100\n", hostname);
190      else
191          fprintf(out, "DeviceURI beh:/1/20/60/socket://%s\n", hostname);
192      fprintf(out, "State Idle\n");     // Always with the Idle
193      fprintf(out, "StateTime %ld\n", (long)time(NULL));
194      fprintf(out, "Accepting Yes\n");
195      fprintf(out, "Shared Yes\n");
196      fprintf(out, "QuotaPeriod 0\n");
197      fprintf(out, "PageLimit 0\n");
198      fprintf(out, "Klimit 0\n");
199      fprintf(out, "Option sides one-sided\n");
200      fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
201      fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
202      fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
203      fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
204      fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
205      if (location[0])
206        fprintf(out, "Location %s\n", location);
207      fprintf(out, "ErrorPolicy abort-job\n");
208      if (ka || lpc_acl)
209        fprintf(out, "OpPolicy %s-policy\n", rp);
210      else
211        fprintf(out, "OpPolicy default\n");
212
213      /* Access-control list. */
214      if (ac)
215        {
216          if (ka)
217            fprintf(out, "AuthType Negotiate\n");
218          else
219            fprintf(out, "AuthType Default\n");
220          printer_user_list(out, "LIST", ac, "AllowUser", 0);
221        }
222
223      if (banner == PRN_BANNER_NONE)
224        fprintf(out, "JobSheets none none\n");
225      else
226        fprintf(out, "JobSheets athena none\n");
227      fprintf(out, "</Printer>\n");
228
229    }
230  EXEC SQL CLOSE csr_printers;
231
232  /* printers.conf entries for non-local CUPS queues */
233  EXEC SQL DECLARE csr_remote_printers CURSOR FOR
234    SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
235    m.name, pr.banner, pr.location, pr.contact, pr.ka,
236    pr.ac, pr.lpc_acl, m.name as cupshosts
237    FROM printers pr, machine m, serverhosts sh
238    WHERE pr.rm = m.mach_id
239    AND (pr.type = 'CLUSTER' or pr.type = 'DORM') AND m.name <> :spoolhost AND
240    m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER') AND
241    sh.enable = 1 AND m.mach_id = sh.mach_id;
242
243  EXEC SQL OPEN csr_remote_printers;
244  while (1)
245    {
246      EXEC SQL FETCH csr_remote_printers INTO :rp, :name, :duplexname,
247        :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl, :cupshosts;
248      if (sqlca.sqlcode)
249        break;
250
251      strtrim(rp);
252      strtrim(name);
253      strtrim(duplexname);
254      strtrim(hwtype);
255      strtrim(hostname);
256      strtrim(location);
257      strtrim(contact);
258      strtrim(cupshosts);
259      strcpy(lowerhwtype, hwtype);
260      for (p = rp; *p; p++)     /* Because uppercased printer names suck */
261        *p = tolower(*p);
262      for (p = lowerhwtype; *p; p++)
263        *p = tolower(*p);
264
265      fprintf(out, "<Printer %s>\n",rp);
266      fprintf(out, "Info %s:%s\n", rp, hwtype);
267      fprintf(out, "DeviceURI ipp://%s:631/printers/%s\n", cupshosts, rp);
268      fprintf(out, "State Idle\n");     // Always with the Idle
269      fprintf(out, "StateTime %ld\n", (long)time(NULL));
270      fprintf(out, "Accepting Yes\n");
271      fprintf(out, "Shared Yes\n");
272      fprintf(out, "QuotaPeriod 0\n");
273      fprintf(out, "PageLimit 0\n");
274      fprintf(out, "Klimit 0\n");
275      fprintf(out, "Option sides one-sided\n");
276      fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
277      fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
278      fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
279      fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
280      fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
281      if (location[0])
282        fprintf(out, "Location %s\n", location);
283      fprintf(out, "ErrorPolicy abort-job\n");
284      if (ka || lpc_acl)
285        fprintf(out, "OpPolicy %s-policy\n", rp);
286      else
287        fprintf(out, "OpPolicy default\n");
288
289      /* Access-control list. */
290      if (ac)
291        {
292          if (ka)
293            fprintf(out, "AuthType Negotiate\n");
294          else
295            fprintf(out, "AuthType Default\n");
296          printer_user_list(out, "LIST", ac, "AllowUser", 0);
297        }
298
299      if (banner == PRN_BANNER_NONE)
300        fprintf(out, "JobSheets none none\n");
301      else
302        fprintf(out, "JobSheets athena none\n");
303      fprintf(out, "</Printer>\n");
304
305    }
306  EXEC SQL CLOSE csr_remote_printers;
307
308  /* printers.conf entries for non-local LPRng queues */
309  EXEC SQL DECLARE csr_lprng_printers CURSOR FOR
310    SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
311    m.name, pr.banner, pr.location, pr.contact, pr.ka,
312    pr.ac, pr.lpc_acl, m.name as cupshosts
313    FROM printers pr, machine m, serverhosts sh
314    WHERE pr.rm = m.mach_id
315    AND (pr.type = 'DORM' or pr.type = 'CLUSTER') AND m.name <> :spoolhost AND
316    m.mach_id = sh.mach_id AND sh.service = 'PRINT' AND
317    sh.enable = 1;
318
319  EXEC SQL OPEN csr_lprng_printers;
320  while (1)
321    {
322      EXEC SQL FETCH csr_lprng_printers INTO :rp, :name, :duplexname,
323        :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl, :cupshosts;
324      if (sqlca.sqlcode)
325        break;
326
327      strtrim(rp);
328      strtrim(name);
329      strtrim(duplexname);
330      strtrim(hwtype);
331      strtrim(hostname);
332      strtrim(location);
333      strtrim(contact);
334      strtrim(cupshosts);
335      strcpy(lowerhwtype, hwtype);
336      for (p = rp; *p; p++)     /* Because uppercased printer names suck */
337        *p = tolower(*p);
338      for (p = lowerhwtype; *p; p++)
339        *p = tolower(*p);
340
341      fprintf(out, "<Printer %s>\n",rp);
342      fprintf(out, "Info %s:LPRng Queue on %s\n", rp, cupshosts);
343      fprintf(out, "DeviceURI lpd://%s/%s\n", cupshosts, rp);
344      fprintf(out, "State Idle\n");     // Always with the Idle
345      fprintf(out, "StateTime %ld\n", (long)time(NULL));
346      fprintf(out, "Accepting Yes\n");
347      fprintf(out, "Shared Yes\n");
348      fprintf(out, "QuotaPeriod 0\n");
349      fprintf(out, "PageLimit 0\n");
350      fprintf(out, "Klimit 0\n");
351      fprintf(out, "Option sides one-sided\n");
352      fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
353      fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
354      fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
355      fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
356      fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
357      if (location[0])
358        fprintf(out, "Location %s\n", location);
359      fprintf(out, "ErrorPolicy abort-job\n");
360      fprintf(out, "OpPolicy default\n");
361      fprintf(out, "JobSheets none none\n");
362      fprintf(out, "</Printer>\n");
363
364    }
365  EXEC SQL CLOSE csr_lprng_printers;
366  tarfile_end(tf);
367
368
369  /* aliases are in classes.conf */
370  out = tarfile_start(tf, "/etc/cups/classes.conf", 0644, 0, 0,
371                  "lp", "lp", now);
372  EXEC SQL DECLARE csr_duplexqs CURSOR FOR
373    SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
374    m.name, pr.banner, pr.location, pr.contact, pr.ka,
375    pr.type as prtype, pr.ac, sh.service
376    FROM printers pr, machine m, serverhosts sh
377    WHERE pr.rm = m.mach_id
378    AND m.mach_id = sh.mach_id AND sh.enable = 1
379    AND (pr.type = 'DORM' or pr.type = 'CLUSTER')
380    AND (sh.service = 'CUPS-PRINT' OR sh.service = 'PRINT' OR sh.service = 'CUPS-CLUSTER');
381  EXEC SQL OPEN csr_duplexqs;
382  while (1)
383    {
384      EXEC SQL FETCH csr_duplexqs INTO :rp, :name, :duplexname,
385        :hwtype, :hostname, :banner, :location, :contact, :ka, :prtype, :ac, :service;
386      if (sqlca.sqlcode)
387        break;
388
389      strtrim(hwtype);
390      strtrim(service);
391      strtrim(rp);
392      strtrim(location);
393      strtrim(contact);
394      strtrim(prtype);
395
396      /* Define alias queues as classes to the regular queues for
397       * accounting reasons.  Annoyingly, classes don't always inherit
398       * their printer definitions.
399      */
400      if (!strcmp(prtype,"ALIAS"))
401        {
402          strtrim(name);
403          fprintf(out, "<Class %s>\n",name);
404          fprintf(out, "Info Alias Queue to %s:%s\n", rp, hwtype);
405          fprintf(out, "Printer %s\n", rp);
406          fprintf(out, "Option sides one-sided\n");
407          fprintf(out, "State Idle\n");     // Always with the Idle
408          fprintf(out, "StateTime %ld\n", (long)time(NULL));
409          fprintf(out, "Accepting Yes\n");
410          fprintf(out, "Shared Yes\n");
411          fprintf(out, "QuotaPeriod 0\n");
412          fprintf(out, "PageLimit 0\n");
413          if (location[0])
414            fprintf(out, "Location %s\n", location);
415          /* do not use custom policies for LPRng printers */
416          if (strcmp(service,"PRINT") && (ka || lpc_acl))
417            fprintf(out, "OpPolicy %s-policy\n", rp);
418          else
419            fprintf(out, "OpPolicy default\n");
420   
421          /* Access-control list. */
422          if (ac)
423            printer_user_list(out, "LIST", ac, "AllowUser", 0);
424   
425          if (banner == PRN_BANNER_NONE)
426            fprintf(out, "JobSheets none none\n");
427          else
428            fprintf(out, "JobSheets athena none\n");
429          fprintf(out, "</Class>\n");
430      }
431
432      /* Define duplex queues as aliases to the regular queues for
433       * accounting reasons.  Annoyingly, classes don't always inherit
434       * their printer definitions.
435      */
436      if (*duplexname)
437        {
438          strtrim(duplexname);
439          fprintf(out, "<Class %s>\n",duplexname);
440          if (!strcmp(prtype,"ALIAS"))
441            fprintf(out, "Info Duplex Alias Queue to %s:%s\n", rp, hwtype);
442          else
443            fprintf(out, "Info Duplex Queue for %s:%s\n", rp, hwtype);
444          fprintf(out, "Option sides two-sided-long-edge\n");   // duplex
445          fprintf(out, "Printer %s\n", rp);
446          fprintf(out, "State Idle\n");     // Always with the Idle
447          fprintf(out, "StateTime %ld\n", (long)time(NULL));
448          fprintf(out, "Accepting Yes\n");
449          fprintf(out, "Shared Yes\n");
450          fprintf(out, "QuotaPeriod 0\n");
451          fprintf(out, "PageLimit 0\n");
452          if (location[0])
453            fprintf(out, "Location %s\n", location);
454          /* do not use custom policies for LPRng printers */
455          if (strcmp(service,"PRINT") && (ka || lpc_acl))
456            fprintf(out, "OpPolicy %s-policy\n", rp);
457          else
458            fprintf(out, "OpPolicy default\n");
459   
460          /* Access-control list. */
461          if (ac)
462            printer_user_list(out, "LIST", ac, "AllowUser", 0);
463   
464          if (banner == PRN_BANNER_NONE)
465            fprintf(out, "JobSheets none none\n");
466          else if (banner == PRN_BANNER_LAST)
467            fprintf(out, "JobSheets athena none\n");
468          fprintf(out, "</Class>\n");
469        }
470    }
471  EXEC SQL CLOSE csr_duplexqs;
472  tarfile_end(tf);
473
474  /* cups.conf */
475  out = tarfile_start(tf, "/etc/cups/cupsd.conf", 0755, 1, 1,
476                      "root", "lp", now);
477
478  fprintf(out, "LogLevel info\n");
479  fprintf(out, "SystemGroup sys root ops-group\n");
480  fprintf(out, "Port 631\n");
481  fprintf(out, "SSLPort 443\n");
482  fprintf(out, "Listen /var/run/cups/cups.sock\n");
483  fprintf(out, "Browsing On\n");
484  fprintf(out, "BrowseOrder allow,deny\n");
485  fprintf(out, "BrowseAllow all\n");
486  fprintf(out, "BrowseAddress @LOCAL\n");
487  fprintf(out, "DefaultAuthType Negotiate\n");
488  fprintf(out, "ServerCertificate /etc/cups/ssl/%s-ipp-crt.pem\n", lhost);
489  fprintf(out, "ServerKey /etc/cups/ssl/%s-ipp-key.pem\n", lhost);
490  fprintf(out, "ServerName %s\n", lhost);
491  fprintf(out, "ServerAlias %s\n", phost);
492  /* fprintf(out, "Krb5Keytab /etc/krb5-ipp.keytab\n"); */
493
494  /* The other CUPS servers should be aware of the other hosts'
495     queues, so we'll let them browse each other. */
496  fprintf(out, "Include cups.local.conf\n");
497  fprintf(out, "Include cups.locations.conf\n");
498  fprintf(out, "Include cups.policies.conf\n");
499  tarfile_end(tf);
500
501  /* cups.hosts.conf */
502  out = tarfile_start(tf, "/etc/cups/cups.hosts.conf", 0755, 1, 1,
503                      "root", "lp", now);
504  EXEC SQL DECLARE csr_cupshosts CURSOR FOR
505    SELECT m.name AS cupshosts FROM machine m, printservers ps
506    WHERE m.mach_id = ps.mach_id AND ps.kind = 'CUPS';
507  EXEC SQL OPEN csr_cupshosts;
508  while (1)
509    {
510      EXEC SQL FETCH csr_cupshosts INTO :cupshosts;
511      if (sqlca.sqlcode)
512        break;
513
514      strtrim(cupshosts);
515
516      /* Don't poll yourself looking for answers! */
517      if (strcmp(cupshosts,host))
518         fprintf(out, "BrowsePoll %s\n", cupshosts);
519    }
520  EXEC SQL CLOSE csr_cupshosts;
521
522  tarfile_end(tf);
523
524  /* cups.policies.conf */
525  out = tarfile_start(tf, "/etc/cups/cups.policies.conf", 0755, 1, 1,
526                      "root", "lp", now);
527  fprintf(out, "# Printer-specific LPC and LPR ACLs\n");
528  /* lpcaccess.top */
529  EXEC SQL SELECT ps.lpc_acl INTO :top_lpc_acl
530    FROM printservers ps, machine m
531    WHERE m.name = :spoolhost AND m.mach_id = ps.mach_id;
532      fprintf (out, "<Policy default>\n");
533      fprintf (out, "%s\n", alterjob);
534      fprintf (out, "AuthType Default\n");
535      fprintf (out, "Require user @OWNER @SYSTEM\n");
536  printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
537  fprintf (out, "Order deny,allow\n");
538  fprintf (out, "</Limit>\n");
539  fprintf (out, "<Limit Send-Document CUPS-Get-Document>\n");
540  fprintf (out, "AuthType None\n");
541  fprintf (out, "Require user @OWNER @SYSTEM\n");
542      fprintf (out, "Order deny,allow\n");
543  fprintf (out, "Allow from all\n");
544      fprintf (out, "</Limit>\n");
545      fprintf (out, "%s\n", submitjob);
546      fprintf (out, "AuthType None\n");
547      fprintf (out, "Order deny,allow\n");
548      fprintf (out, "Allow from all\n");
549      fprintf (out, "</Limit>\n");
550      fprintf (out, "%s\n", alterpntr);
551      fprintf (out, "AuthType Default\n");
552      fprintf (out, "Require user @SYSTEM\n");
553      fprintf (out, "Order deny,allow\n");
554      fprintf (out, "</Limit>\n");
555      fprintf (out, "%s\n", lpcpntr);
556      fprintf (out, "AuthType Default\n");
557      fprintf (out, "Require user @SYSTEM\n");
558  printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
559      fprintf (out, "Order deny,allow\n");
560      fprintf (out, "</Limit>\n");
561      fprintf (out, "%s\n", canceljob);
562      fprintf (out, "AuthType Default\n");
563      fprintf (out, "Require user @OWNER @SYSTEM\n");
564  printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
565      fprintf (out, "Order deny,allow\n");
566      fprintf (out, "Allow from all\n");
567      fprintf (out, "</Limit>\n");
568      fprintf (out, "%s\n", catchall);
569      fprintf (out, "AuthType None\n");
570      fprintf (out, "Order deny,allow\n");
571      fprintf (out, "Allow from all\n");
572      fprintf (out, "</Limit>\n");
573      fprintf (out, "</Policy>\n");
574
575  /* restrict lists and lpcaccess policies.  Sadly, we have to put the
576     top level for each new policy since CUPS doesn't have a way of
577     doing it otherwise (well, Unix groups, but not moira) */
578  EXEC SQL DECLARE csr_lpc CURSOR FOR
579    SELECT UNIQUE rp, ka, ac, lpc_acl
580    FROM printers
581    WHERE (ac != 0 OR lpc_acl != 0) AND rm in (SELECT m.mach_id FROM machine m, serverhosts sh
582    WHERE m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' or sh.service = 'CUPS-CLUSTER')
583    AND sh.enable = 1);
584  EXEC SQL OPEN csr_lpc;
585  while (1)
586    {
587      EXEC SQL FETCH csr_lpc INTO :name, :ka, :ac, :lpc_acl;
588      if (sqlca.sqlcode)
589        break;
590
591      strtrim(name);
592
593      fprintf (out, "<Policy %s-policy>\n", name);
594      fprintf (out, "%s\n", alterjob);
595      fprintf (out, "AuthType Default\n");
596      fprintf (out, "Require user @OWNER @SYSTEM\n");
597      printer_user_list(out, "LIST", lpc_acl, "Require user", 1);
598      printer_user_list(out, "LIST", svrlist, "Require user", 1);
599      fprintf (out, "Order deny,allow\n");
600      fprintf (out, "Allow from all\n");
601      fprintf (out, "</Limit>\n");
602      fprintf (out, "<Limit Send-Document CUPS-Get-Document>\n");
603      fprintf (out, "AuthType None\n");
604      fprintf (out, "Require user @OWNER @SYSTEM\n");
605      fprintf (out, "Order deny,allow\n");
606      fprintf (out, "Allow from all\n");
607      fprintf (out, "</Limit>\n");
608      fprintf (out, "%s\n", submitjob);
609      /* If the printer is Kerberized? */
610      if (ka)
611        fprintf (out, "AuthType Negotiate\n");
612      else
613        fprintf (out, "AuthType None\n");
614      /* Access-control list. */
615      if (ac) {
616        printer_user_list(out, "LIST", ac, "Require user", 1);
617        printer_user_list(out, "LIST", svrlist, "Require user", 1);
618      }
619      else if (ka)
620        fprintf (out, "Require valid-user\n");
621      fprintf (out, "Order deny,allow\n");
622      fprintf (out, "Allow from all\n");
623      fprintf (out, "</Limit>\n");
624      fprintf (out, "%s\n", alterpntr);
625      fprintf (out, "AuthType Default\n");
626      fprintf (out, "Require user @SYSTEM\n");
627      fprintf (out, "Order deny,allow\n");
628      fprintf (out, "</Limit>\n");
629      fprintf (out, "%s\n", lpcpntr);
630      fprintf (out, "AuthType Default\n");
631      fprintf (out, "Require user @SYSTEM\n");
632      /* printer-specific lpc access. */
633      if (lpc_acl)
634        printer_user_list(out, "LIST", lpc_acl, "Require user", 1);
635      printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
636      fprintf (out, "Order deny,allow\n");
637      fprintf (out, "</Limit>\n");
638      fprintf (out, "%s\n", canceljob);
639      fprintf (out, "AuthType Default\n");
640      fprintf (out, "Require user @OWNER @SYSTEM\n");
641      printer_user_list(out, "LIST", lpc_acl, "Require user", 1);
642      printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
643      fprintf (out, "Order deny,allow\n");
644      fprintf (out, "Allow from all\n");
645      fprintf (out, "</Limit>\n");
646      fprintf (out, "%s\n", catchall);
647      fprintf (out, "AuthType None\n");
648      fprintf (out, "Order deny,allow\n");
649      fprintf (out, "Allow from all\n");
650      fprintf (out, "</Limit>\n");
651      fprintf (out, "</Policy>\n");
652    }
653  EXEC SQL CLOSE csr_lpc;
654  fprintf(out, "\n");
655  tarfile_end(tf);
656  tarfile_close(tf);
657}
658
659void sqlerr(void)
660{
661  db_error(sqlca.sqlcode);
662}
Note: See TracBrowser for help on using the repository browser.