source: trunk/third/moira/gen/cups-cluster.pc @ 24447

Revision 24447, 23.8 KB checked in by broder, 15 years ago (diff)
In moira: * New SVN snapshot.
Line 
1/* $Id: cups-cluster.pc 3996 2010-03-30 15:40:58Z zacheiss $
2 *
3 * This generates printcaps and other files for Athena print servers
4 *
5 * Copyright (C) 1992-1998 by the Massachusetts Institute of Technology.
6 * For copying and distribution information, please see the file
7 * <mit-copyright.h>.
8 */
9
10#include <mit-copyright.h>
11#include <moira.h>
12#include <moira_site.h>
13
14#include <sys/stat.h>
15#include <sys/types.h>
16
17#include <ctype.h>
18#include <stdio.h>
19#include <string.h>
20
21#include <time.h>
22#ifdef HAVE_KRB4
23#include <krb.h>
24#endif
25#include <krb5.h>
26
27#include "util.h"
28
29EXEC SQL INCLUDE sqlca;
30
31RCSID("$HeadURL: svn+ssh://svn.mit.edu/moira/trunk/moira/gen/cups-cluster.pc $ $Id: cups-cluster.pc 3996 2010-03-30 15:40:58Z zacheiss $");
32
33char *whoami = "cups-print.gen";
34char *db = "moira/moira";
35
36const int krbvers = 5;  /* use Kerberos 5 */
37
38/* OMG, I hate this, but it's cleaner, I guess? */
39
40const char *alterjob = "<Limit Hold-Job Release-Job\
41 Restart-Job Purge-Jobs Reprocess-Job Set-Job-Attributes\
42 Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>";
43const char *submitjob = "<Limit Create-Job Print-Job Print-URI \
44 Set-Job-Attributes Send-URI Create-Job-Subscription Renew-Subscription\
45 Cancel-Subscription Get-Notifications CUPS-Move-Job CUPS-Authenticate-Job>";
46const char *alterpntr = "<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer\
47 CUPS-Add-Modify-Class CUPS-Delete-Class>";
48const char *lpcpntr = "<Limit Pause-Printer Resume-Printer Enable-Printer\
49 Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs\
50 Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer\
51 Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After\
52 CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>";
53const char *canceljob = "<Limit Cancel-Job>";
54const char *catchall = "<Limit All>";
55const char *phost = "cluster-printers.MIT.EDU";
56
57void do_host(char *host);
58void sqlerr(void);
59#ifndef MAX
60#define MAX(a, b) ( (a) > (b) ? (a) : (b) )
61#endif
62
63int main(int argc, char **argv)
64{
65  EXEC SQL BEGIN DECLARE SECTION;
66  char name[MACHINE_NAME_SIZE];
67  EXEC SQL END DECLARE SECTION;
68
69  init_acls();
70
71  EXEC SQL CONNECT :db;
72
73  EXEC SQL WHENEVER SQLERROR DO sqlerr();
74
75  EXEC SQL DECLARE csr_hosts CURSOR FOR
76    SELECT m.name FROM machine m, serverhosts sh
77    WHERE m.mach_id = sh.mach_id AND sh.service = 'CUPS-CLUSTER' AND sh.enable = 1;
78  EXEC SQL OPEN csr_hosts;
79  while (1)
80    {
81      EXEC SQL FETCH csr_hosts INTO :name;
82      if (sqlca.sqlcode)
83        break;
84
85      strtrim(name);
86      do_host(name);
87    }
88  EXEC SQL CLOSE csr_hosts;
89
90  exit(MR_SUCCESS);
91}
92
93void printer_user_list(FILE *out, char *type, int id, char *str, int striprealm)
94{
95  struct save_queue *sq;
96  struct imember *m;
97  char kbuf[MAX_K_NAME_SZ];
98  char *cp;
99
100  sq = get_acl(type, id, NULL);
101  while (sq_remove_data(sq, &m))
102    {
103      if (m->type != 'S' && m->type != 0) {
104        /* CUPS wants mmanley/root, not mmanley.root@ATHENA.MIT.EDU */
105        canon_krb(m, krbvers, kbuf, sizeof(kbuf));
106
107        /* now, take out all the @realm */
108        if (striprealm) {
109        for (cp=kbuf; *cp; cp++) {
110          if (*cp == '@') *cp = '\0';
111        }
112        }
113        fprintf(out, "%s %s\n", str, kbuf);
114      }
115      freeimember(m);
116    }
117  sq_destroy(sq);
118}
119
120void do_host(char *host)
121{
122  EXEC SQL BEGIN DECLARE SECTION;
123  char rp[PRINTERS_RP_SIZE], name[PRINTERS_NAME_SIZE];
124  char duplexname[PRINTERS_DUPLEXNAME_SIZE], location[PRINTERS_LOCATION_SIZE];
125  char hwtype[PRINTERS_HWTYPE_SIZE], lowerhwtype[PRINTERS_HWTYPE_SIZE];
126  char modtime[PRINTERS_MODTIME_SIZE], lmodtime[LIST_MODTIME_SIZE];
127  char contact[PRINTERS_CONTACT_SIZE], hostname[MACHINE_NAME_SIZE];
128  char cupshosts[MACHINE_NAME_SIZE], prtype [PRINTERS_TYPE_SIZE];
129  char service[SERVERHOSTS_SERVICE_SIZE];
130  char *spoolhost = host, *unixtime_fmt = UNIXTIME_FMT, *p;
131  char *lhost;
132  int ka, pc, ac, lpc_acl, top_lpc_acl, banner, rm, duplexdefault, holddefault;
133  EXEC SQL END DECLARE SECTION;
134  TARFILE *tf;
135  FILE *out;
136  char filename[MAXPATHLEN], *duptc;
137  time_t mtime, now = time(NULL);
138
139  lhost = (char *) strdup (host);
140  for (p = lhost; *p; p++)
141     *p = tolower(*p);
142
143  EXEC SQL SELECT mach_id INTO :rm FROM machine
144    WHERE name = :spoolhost;
145
146  sprintf(filename, "%s/cups-cluster/%s", DCM_DIR, host);
147  tf = tarfile_open(filename);
148
149  /* printers.conf entries for locally run queues */
150  out = tarfile_start(tf, "/etc/cups/printers.conf", 0644, 0, 0,
151                      "lp", "lp", now);
152
153  EXEC SQL DECLARE csr_printers CURSOR FOR
154    SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
155    m.name, pr.banner, pr.location, pr.contact, pr.ka,
156    pr.ac, pr.lpc_acl, pr.duplexdefault, pr.holddefault
157    FROM printers pr, machine m
158    WHERE pr.rm = :rm AND m.mach_id = pr.mach_id
159    AND pr.status = 1 AND m.status != 3
160    AND (pr.type = 'DORM' or pr.type = 'CLUSTER');
161  EXEC SQL OPEN csr_printers;
162  while (1)
163    {
164      EXEC SQL FETCH csr_printers INTO :rp, :name, :duplexname,
165        :hwtype, :hostname, :banner, :location, :contact, :ka,
166        :ac, :lpc_acl, :duplexdefault, :holddefault;
167      if (sqlca.sqlcode)
168        break;
169
170      strtrim(rp);
171      strtrim(name);
172      strtrim(duplexname);
173      strtrim(hwtype);
174      strtrim(hostname);
175      strtrim(location);
176      strtrim(contact);
177      strcpy(lowerhwtype, hwtype);
178      for (p = rp; *p; p++)     /* Because uppercased printer names suck */
179        *p = tolower(*p);
180      for (p = lowerhwtype; *p; p++)
181        *p = tolower(*p);
182      for (p = name; *p; p++)
183        *p = tolower(*p);
184
185      fprintf(out, "<Printer %s>\n",name);
186      fprintf(out, "Info %s:%s\n", name, hwtype);
187      if (!strncmp(hwtype, "HP", 2))
188          fprintf(out, "DeviceURI accsnmp://socket://%s:9100\n", hostname);
189      else if (!strncmp(hwtype, "LPR", 3))
190          fprintf(out, "DeviceURI lpd://%s/%s\n", hostname, rp);
191      else
192          fprintf(out, "DeviceURI accsnmp://socket://%s\n", hostname);
193      fprintf(out, "State Idle\n");     /* Always with the Idle */
194      fprintf(out, "StateTime %ld\n", (long)time(NULL));
195      if (holddefault)
196          fprintf(out, "Reason hold-new-jobs\n");
197      fprintf(out, "Accepting Yes\n");
198      fprintf(out, "Shared Yes\n");
199      fprintf(out, "QuotaPeriod 0\n");
200      fprintf(out, "PageLimit 0\n");
201      fprintf(out, "Klimit 0\n");
202      if (duplexdefault)
203        fprintf(out, "Option sides two-sided-long-edge\n");
204      else
205        fprintf(out, "Option sides one-sided\n");
206      fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
207      fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
208      fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
209      fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
210      fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
211      if (location[0])
212        fprintf(out, "Location %s\n", location);
213      fprintf(out, "ErrorPolicy abort-job\n");
214      if (ka || lpc_acl)
215        fprintf(out, "OpPolicy %s-policy\n", rp);
216      else
217        fprintf(out, "OpPolicy default\n");
218
219      /* Access-control list. */
220      if (ac)
221        {
222          if (ka)
223            fprintf(out, "AuthType Negotiate\n");
224          else
225            fprintf(out, "AuthType Default\n");
226          printer_user_list(out, "LIST", ac, "AllowUser", 0);
227        }
228
229      if (banner == PRN_BANNER_NONE)
230        fprintf(out, "JobSheets none none\n");
231      else
232        fprintf(out, "JobSheets athena none\n");
233      fprintf(out, "</Printer>\n");
234
235    }
236  EXEC SQL CLOSE csr_printers;
237
238  /* printers.conf entries for non-local CUPS queues */
239  EXEC SQL DECLARE csr_remote_printers CURSOR FOR
240    SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
241    m.name, pr.banner, pr.location, pr.contact, pr.ka,
242    pr.ac, pr.lpc_acl, m.name as cupshosts
243    FROM printers pr, machine m, machine m2, serverhosts sh
244    WHERE pr.rm = m.mach_id
245    AND pr.status = 1 AND pr.mach_id = m2.mach_id AND m2.status !=3
246    AND (pr.type = 'CLUSTER' or pr.type = 'DORM') AND m.name <> :spoolhost AND
247    m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER') AND
248    sh.enable = 1 AND m.mach_id = sh.mach_id;
249
250  EXEC SQL OPEN csr_remote_printers;
251  while (1)
252    {
253      EXEC SQL FETCH csr_remote_printers INTO :rp, :name, :duplexname,
254        :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl, :cupshosts;
255      if (sqlca.sqlcode)
256        break;
257
258      strtrim(rp);
259      strtrim(name);
260      strtrim(duplexname);
261      strtrim(hwtype);
262      strtrim(hostname);
263      strtrim(location);
264      strtrim(contact);
265      strtrim(cupshosts);
266      strcpy(lowerhwtype, hwtype);
267      for (p = rp; *p; p++)     /* Because uppercased printer names suck */
268        *p = tolower(*p);
269      for (p = lowerhwtype; *p; p++)
270        *p = tolower(*p);
271      for (p = name; *p; p++)
272        *p = tolower(*p);
273
274      fprintf(out, "<Printer %s>\n",name);
275      fprintf(out, "Info %s:%s\n", name, hwtype);
276      fprintf(out, "DeviceURI ipp://%s:631/printers/%s?waitprinter=false&waitjob=false\n", cupshosts, name);
277      fprintf(out, "State Idle\n");     /* Always with the Idle */
278      fprintf(out, "StateTime %ld\n", (long)time(NULL));
279      fprintf(out, "Accepting Yes\n");
280      fprintf(out, "Shared Yes\n");
281      fprintf(out, "QuotaPeriod 0\n");
282      fprintf(out, "PageLimit 0\n");
283      fprintf(out, "Klimit 0\n");
284      if (duplexdefault)
285        fprintf(out, "Option sides two-sided-long-edge\n");
286      else
287        fprintf(out, "Option sides one-sided\n");
288      fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
289      fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
290      fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
291      fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
292      fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
293      if (location[0])
294        fprintf(out, "Location %s\n", location);
295      fprintf(out, "ErrorPolicy abort-job\n");
296      if (ka || lpc_acl)
297        fprintf(out, "OpPolicy %s-policy\n", rp);
298      else
299        fprintf(out, "OpPolicy default\n");
300
301      /* Access-control list. */
302      if (ac)
303        {
304          if (ka)
305            fprintf(out, "AuthType Negotiate\n");
306          else
307            fprintf(out, "AuthType Default\n");
308          printer_user_list(out, "LIST", ac, "AllowUser", 0);
309        }
310
311      if (banner == PRN_BANNER_NONE)
312        fprintf(out, "JobSheets none none\n");
313      else
314        fprintf(out, "JobSheets athena none\n");
315      fprintf(out, "</Printer>\n");
316
317    }
318  EXEC SQL CLOSE csr_remote_printers;
319
320  /* printers.conf entries for non-local LPRng queues */
321  EXEC SQL DECLARE csr_lprng_printers CURSOR FOR
322    SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
323    m.name, pr.banner, pr.location, pr.contact, pr.ka,
324    pr.ac, pr.lpc_acl, m.name as cupshosts, pr.duplexdefault
325    FROM printers pr, machine m, machine m2, serverhosts sh
326    WHERE pr.rm = m.mach_id
327    AND pr.status = 1 and pr.mach_id = m2.mach_id AND m2.status !=3
328    AND (pr.type = 'DORM' or pr.type = 'CLUSTER') AND m.name <> :spoolhost AND
329    m.mach_id = sh.mach_id AND sh.service = 'PRINT' AND
330    sh.enable = 1;
331
332  EXEC SQL OPEN csr_lprng_printers;
333  while (1)
334    {
335      EXEC SQL FETCH csr_lprng_printers INTO :rp, :name, :duplexname,
336        :hwtype, :hostname, :banner, :location, :contact, :ka,
337        :ac, :lpc_acl, :cupshosts, :duplexdefault;
338      if (sqlca.sqlcode)
339        break;
340
341      strtrim(rp);
342      strtrim(name);
343      strtrim(duplexname);
344      strtrim(hwtype);
345      strtrim(hostname);
346      strtrim(location);
347      strtrim(contact);
348      strtrim(cupshosts);
349      strcpy(lowerhwtype, hwtype);
350      for (p = rp; *p; p++)     /* Because uppercased printer names suck */
351        *p = tolower(*p);
352      for (p = lowerhwtype; *p; p++)
353        *p = tolower(*p);
354      for (p = name; *p; p++)
355        *p = tolower(*p);
356
357      fprintf(out, "<Printer %s>\n",name);
358      fprintf(out, "Info %s:LPRng Queue on %s\n", name, cupshosts);
359      fprintf(out, "DeviceURI lpd://%s/%s\n", cupshosts, rp);
360      fprintf(out, "State Idle\n");     /* Always with the Idle */
361      fprintf(out, "StateTime %ld\n", (long)time(NULL));
362      fprintf(out, "Accepting Yes\n");
363      fprintf(out, "Shared Yes\n");
364      fprintf(out, "QuotaPeriod 0\n");
365      fprintf(out, "PageLimit 0\n");
366      fprintf(out, "Klimit 0\n");
367      if (duplexdefault)
368        fprintf(out, "Option sides two-sided-long-edge\n");
369      else
370        fprintf(out, "Option sides one-sided\n");
371      fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
372      fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
373      fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
374      fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
375      fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
376      if (location[0])
377        fprintf(out, "Location %s\n", location);
378      fprintf(out, "ErrorPolicy abort-job\n");
379      fprintf(out, "OpPolicy default\n");
380      fprintf(out, "JobSheets none none\n");
381      fprintf(out, "</Printer>\n");
382
383    }
384  EXEC SQL CLOSE csr_lprng_printers;
385  tarfile_end(tf);
386
387
388  /* aliases are in classes.conf */
389  out = tarfile_start(tf, "/etc/cups/classes.conf", 0644, 0, 0,
390                  "lp", "lp", now);
391  EXEC SQL DECLARE csr_duplexqs CURSOR FOR
392    SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
393    m.name, pr.banner, pr.location, pr.contact, pr.ka,
394    pr.type as prtype, pr.ac, sh.service, pr.duplexdefault
395    FROM printers pr, machine m, machine m2, serverhosts sh
396    WHERE pr.rm = m.mach_id
397    AND pr.status = 1 and pr.mach_id = m2.mach_id AND m2.status !=3
398    AND m.mach_id = sh.mach_id AND sh.enable = 1
399    AND (pr.type = 'DORM' or pr.type = 'CLUSTER')
400    AND (sh.service = 'CUPS-PRINT' OR sh.service = 'PRINT' OR sh.service = 'CUPS-CLUSTER');
401  EXEC SQL OPEN csr_duplexqs;
402  while (1)
403    {
404      EXEC SQL FETCH csr_duplexqs INTO :rp, :name, :duplexname,
405        :hwtype, :hostname, :banner, :location, :contact, :ka, :prtype,
406        :ac, :service, :duplexdefault;
407      if (sqlca.sqlcode)
408        break;
409
410      strtrim(hwtype);
411      strtrim(service);
412      strtrim(rp);
413      strtrim(location);
414      strtrim(contact);
415      strtrim(prtype);
416
417      /* Define alias queues as classes to the regular queues for
418       * accounting reasons.  Annoyingly, classes don't always inherit
419       * their printer definitions.
420      */
421      if (!strcmp(prtype,"ALIAS"))
422        {
423          strtrim(name);
424          fprintf(out, "<Class %s>\n",name);
425          fprintf(out, "Info Alias Queue to %s:%s\n", name, hwtype);
426          fprintf(out, "Printer %s\n", rp);
427          if (duplexdefault)
428            fprintf(out, "Option sides two-sided-long-edge\n");
429          else
430            fprintf(out, "Option sides one-sided\n");
431          fprintf(out, "State Idle\n");     /* Always with the Idle */
432          fprintf(out, "StateTime %ld\n", (long)time(NULL));
433          fprintf(out, "Accepting Yes\n");
434          fprintf(out, "Shared Yes\n");
435          fprintf(out, "QuotaPeriod 0\n");
436          fprintf(out, "PageLimit 0\n");
437          if (location[0])
438            fprintf(out, "Location %s\n", location);
439          /* do not use custom policies for LPRng printers */
440          if (strcmp(service,"PRINT") && (ka || lpc_acl))
441            fprintf(out, "OpPolicy %s-policy\n", rp);
442          else
443            fprintf(out, "OpPolicy default\n");
444   
445          /* Access-control list. */
446          if (ac)
447            printer_user_list(out, "LIST", ac, "AllowUser", 0);
448   
449          if (banner == PRN_BANNER_NONE)
450            fprintf(out, "JobSheets none none\n");
451          else
452            fprintf(out, "JobSheets athena none\n");
453          fprintf(out, "</Class>\n");
454      }
455
456      /* Define duplex queues as aliases to the regular queues for
457       * accounting reasons.  Annoyingly, classes don't always inherit
458       * their printer definitions.
459      */
460      if (*duplexname && !duplexdefault)
461        {
462          strtrim(duplexname);
463          fprintf(out, "<Class %s>\n",duplexname);
464          if (!strcmp(prtype,"ALIAS"))
465            fprintf(out, "Info Duplex Alias Queue to %s:%s\n", name, hwtype);
466          else
467            fprintf(out, "Info Duplex Queue for %s:%s\n", name, hwtype);
468          fprintf(out, "Option sides two-sided-long-edge\n");   // duplex
469          fprintf(out, "Printer %s\n", rp);
470          fprintf(out, "State Idle\n");     /* Always with the Idle */
471          fprintf(out, "StateTime %ld\n", (long)time(NULL));
472          fprintf(out, "Accepting Yes\n");
473          fprintf(out, "Shared Yes\n");
474          fprintf(out, "QuotaPeriod 0\n");
475          fprintf(out, "PageLimit 0\n");
476          if (location[0])
477            fprintf(out, "Location %s\n", location);
478          /* do not use custom policies for LPRng printers */
479          if (strcmp(service,"PRINT") && (ka || lpc_acl))
480            fprintf(out, "OpPolicy %s-policy\n", rp);
481          else
482            fprintf(out, "OpPolicy default\n");
483   
484          /* Access-control list. */
485          if (ac)
486            printer_user_list(out, "LIST", ac, "AllowUser", 0);
487   
488          if (banner == PRN_BANNER_NONE)
489            fprintf(out, "JobSheets none none\n");
490          else if (banner == PRN_BANNER_LAST)
491            fprintf(out, "JobSheets athena none\n");
492          fprintf(out, "</Class>\n");
493        }
494    }
495  EXEC SQL CLOSE csr_duplexqs;
496  tarfile_end(tf);
497
498  /* cups.conf */
499  out = tarfile_start(tf, "/etc/cups/cupsd.conf", 0755, 1, 1,
500                      "root", "lp", now);
501
502  fprintf(out, "LogLevel error\n");
503  fprintf(out, "SystemGroup sys root ops-group\n");
504  fprintf(out, "Port 631\n");
505  fprintf(out, "SSLPort 443\n");
506  fprintf(out, "Listen /var/run/cups/cups.sock\n");
507  fprintf(out, "Browsing On\n");
508  fprintf(out, "BrowseOrder allow,deny\n");
509  fprintf(out, "BrowseAllow all\n");
510  fprintf(out, "BrowseAddress @LOCAL\n");
511  fprintf(out, "DefaultAuthType Negotiate\n");
512  fprintf(out, "ServerCertificate /etc/cups/ssl/%s-ipp-crt.pem\n", lhost);
513  fprintf(out, "ServerKey /etc/cups/ssl/%s-ipp-key.pem\n", lhost);
514  fprintf(out, "ServerName %s\n", lhost);
515  fprintf(out, "ServerAlias %s\n", phost);
516  /* fprintf(out, "Krb5Keytab /etc/krb5-ipp.keytab\n"); */
517
518  /* The other CUPS servers should be aware of the other hosts'
519     queues, so we'll let them browse each other. */
520  fprintf(out, "Include cups.local.conf\n");
521  fprintf(out, "Include cups.locations.conf\n");
522  fprintf(out, "Include cups.policies.conf\n");
523  tarfile_end(tf);
524
525  /* cups.hosts.conf */
526  out = tarfile_start(tf, "/etc/cups/cups.hosts.conf", 0755, 1, 1,
527                      "root", "lp", now);
528  EXEC SQL DECLARE csr_cupshosts CURSOR FOR
529    SELECT m.name AS cupshosts FROM machine m, printservers ps
530    WHERE m.mach_id = ps.mach_id AND ps.kind = 'CUPS';
531  EXEC SQL OPEN csr_cupshosts;
532  while (1)
533    {
534      EXEC SQL FETCH csr_cupshosts INTO :cupshosts;
535      if (sqlca.sqlcode)
536        break;
537
538      strtrim(cupshosts);
539
540      /* Don't poll yourself looking for answers! */
541      if (strcmp(cupshosts,host))
542         fprintf(out, "BrowsePoll %s\n", cupshosts);
543    }
544  EXEC SQL CLOSE csr_cupshosts;
545
546  tarfile_end(tf);
547
548  /* cups.policies.conf */
549  out = tarfile_start(tf, "/etc/cups/cups.policies.conf", 0755, 1, 1,
550                      "root", "lp", now);
551  fprintf(out, "# Printer-specific LPC and LPR ACLs\n");
552  /* lpcaccess.top */
553  EXEC SQL SELECT ps.lpc_acl INTO :top_lpc_acl
554    FROM printservers ps, machine m
555    WHERE m.name = :spoolhost AND m.mach_id = ps.mach_id AND m.status != 3;
556  fprintf (out, "<Policy default>\n");
557  fprintf (out, "%s\n", alterjob);
558  fprintf (out, "AuthType Default\n");
559  fprintf (out, "Require user @OWNER @SYSTEM\n");
560  printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
561  fprintf (out, "Order deny,allow\n");
562  fprintf (out, "</Limit>\n");
563  fprintf (out, "<Limit Send-Document CUPS-Get-Document>\n");
564  fprintf (out, "AuthType None\n");
565  fprintf (out, "Require user @OWNER @SYSTEM\n");
566  fprintf (out, "Order deny,allow\n");
567  fprintf (out, "Allow from all\n");
568  fprintf (out, "</Limit>\n");
569  fprintf (out, "%s\n", submitjob);
570  fprintf (out, "AuthType None\n");
571  fprintf (out, "Order deny,allow\n");
572  fprintf (out, "Allow from all\n");
573  fprintf (out, "</Limit>\n");
574  fprintf (out, "%s\n", alterpntr);
575  fprintf (out, "AuthType Default\n");
576  fprintf (out, "Require user @SYSTEM\n");
577  fprintf (out, "Order deny,allow\n");
578  fprintf (out, "</Limit>\n");
579  fprintf (out, "%s\n", lpcpntr);
580  fprintf (out, "AuthType Default\n");
581  fprintf (out, "Require user @SYSTEM\n");
582  printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
583  fprintf (out, "Order deny,allow\n");
584  fprintf (out, "</Limit>\n");
585  fprintf (out, "%s\n", canceljob);
586  fprintf (out, "AuthType Default\n");
587  fprintf (out, "Require user @OWNER @SYSTEM\n");
588  printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
589  fprintf (out, "Order deny,allow\n");
590  fprintf (out, "Allow from all\n");
591  fprintf (out, "</Limit>\n");
592  fprintf (out, "%s\n", catchall);
593  fprintf (out, "AuthType None\n");
594  fprintf (out, "Order deny,allow\n");
595  fprintf (out, "Allow from all\n");
596  fprintf (out, "</Limit>\n");
597  fprintf (out, "</Policy>\n");
598
599  /* restrict lists and lpcaccess policies.  Sadly, we have to put the
600     top level for each new policy since CUPS doesn't have a way of
601     doing it otherwise (well, Unix groups, but not moira) */
602  EXEC SQL DECLARE csr_lpc CURSOR FOR
603    SELECT UNIQUE pr.rp, pr.ka, pr.ac, pr.lpc_acl
604     FROM printers pr, machine m
605     WHERE (pr.ac != 0 OR pr.lpc_acl != 0)
606     AND pr.status = 1 and pr.mach_id = m.mach_id AND m.status !=3
607     AND pr.rm in (SELECT m.mach_id FROM machine m, serverhosts sh
608     WHERE m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' or sh.service = 'CUPS-CLUSTER')
609     AND sh.enable = 1 and m.status != 3);
610  EXEC SQL OPEN csr_lpc;
611  while (1)
612    {
613      EXEC SQL FETCH csr_lpc INTO :name, :ka, :ac, :lpc_acl;
614      if (sqlca.sqlcode)
615        break;
616
617      strtrim(name);
618
619      fprintf (out, "<Policy %s-policy>\n", name);
620      fprintf (out, "%s\n", alterjob);
621      fprintf (out, "AuthType Default\n");
622      fprintf (out, "Require user @OWNER @SYSTEM\n");
623      printer_user_list(out, "LIST", lpc_acl, "Require user", 1);
624      fprintf (out, "Order deny,allow\n");
625      fprintf (out, "Allow from all\n");
626      fprintf (out, "</Limit>\n");
627      fprintf (out, "<Limit Send-Document CUPS-Get-Document>\n");
628      fprintf (out, "AuthType None\n");
629      fprintf (out, "Require user @OWNER @SYSTEM\n");
630      fprintf (out, "Order deny,allow\n");
631      fprintf (out, "Allow from all\n");
632      fprintf (out, "</Limit>\n");
633      fprintf (out, "%s\n", submitjob);
634      /* If the printer is Kerberized? */
635      if (ka)
636        fprintf (out, "AuthType Negotiate\n");
637      else
638        fprintf (out, "AuthType None\n");
639      /* Access-control list. */
640      if (ac)
641        printer_user_list(out, "LIST", ac, "Require user", 1);
642      else if (ka)
643        fprintf (out, "Require valid-user\n");
644      fprintf (out, "Order deny,allow\n");
645      fprintf (out, "Allow from all\n");
646      fprintf (out, "</Limit>\n");
647      fprintf (out, "%s\n", alterpntr);
648      fprintf (out, "AuthType Default\n");
649      fprintf (out, "Require user @SYSTEM\n");
650      fprintf (out, "Order deny,allow\n");
651      fprintf (out, "</Limit>\n");
652      fprintf (out, "%s\n", lpcpntr);
653      fprintf (out, "AuthType Default\n");
654      fprintf (out, "Require user @SYSTEM\n");
655      /* printer-specific lpc access. */
656      if (lpc_acl)
657        printer_user_list(out, "LIST", lpc_acl, "Require user", 1);
658      printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
659      fprintf (out, "Order deny,allow\n");
660      fprintf (out, "</Limit>\n");
661      fprintf (out, "%s\n", canceljob);
662      fprintf (out, "AuthType Default\n");
663      fprintf (out, "Require user @OWNER @SYSTEM\n");
664      printer_user_list(out, "LIST", lpc_acl, "Require user", 1);
665      printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
666      fprintf (out, "Order deny,allow\n");
667      fprintf (out, "Allow from all\n");
668      fprintf (out, "</Limit>\n");
669      fprintf (out, "%s\n", catchall);
670      fprintf (out, "AuthType None\n");
671      fprintf (out, "Order deny,allow\n");
672      fprintf (out, "Allow from all\n");
673      fprintf (out, "</Limit>\n");
674      fprintf (out, "</Policy>\n");
675    }
676  EXEC SQL CLOSE csr_lpc;
677  fprintf(out, "\n");
678  tarfile_end(tf);
679  tarfile_close(tf);
680}
681
682void sqlerr(void)
683{
684  db_error(sqlca.sqlcode);
685}
Note: See TracBrowser for help on using the repository browser.