Context Navigation

cups-cluster.pc @ 25198

Visit:

Revision 25198, 23.9 KB checked in by jdreed, 13 years ago (diff)
In moira: * Snapshot moira@r4042 (6/28/11) * Update version number to include moira revision number

Line
1	/* $Id: cups-cluster.pc 4033 2011-03-15 16:33:20Z zacheiss $
2	*
3	* This generates printcaps and other files for Athena print servers
4	*
5	* Copyright (C) 1992-1998 by the Massachusetts Institute of Technology.
6	* For copying and distribution information, please see the file
7	* <mit-copyright.h>.
8	*/
9
10	#include <mit-copyright.h>
11	#include <moira.h>
12	#include <moira_site.h>
13
14	#include <sys/stat.h>
15	#include <sys/types.h>
16
17	#include <ctype.h>
18	#include <stdio.h>
19	#include <string.h>
20
21	#include <time.h>
22	#ifdef HAVE_KRB4
23	#include <krb.h>
24	#endif
25	#include <krb5.h>
26
27	#include "util.h"
28
29	EXEC SQL INCLUDE sqlca;
30
31	RCSID("$HeadURL: svn+ssh://svn.mit.edu/moira/trunk/moira/gen/cups-cluster.pc $ $Id: cups-cluster.pc 4033 2011-03-15 16:33:20Z zacheiss $");
32
33	char *whoami = "cups-print.gen";
34	char *db = "moira/moira";
35
36	const int krbvers = 5; /* use Kerberos 5 */
37
38	/* OMG, I hate this, but it's cleaner, I guess? */
39
40	const char *alterjob = "<Limit Hold-Job Release-Job\
41	Restart-Job Purge-Jobs Reprocess-Job Set-Job-Attributes\
42	Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>";
43	const char *submitjob = "<Limit Create-Job Print-Job Print-URI \
44	Set-Job-Attributes Send-URI Create-Job-Subscription Renew-Subscription\
45	Cancel-Subscription Get-Notifications CUPS-Move-Job CUPS-Authenticate-Job>";
46	const char *alterpntr = "<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer\
47	CUPS-Add-Modify-Class CUPS-Delete-Class>";
48	const char *lpcpntr = "<Limit Pause-Printer Resume-Printer Enable-Printer\
49	Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs\
50	Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer\
51	Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After\
52	CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>";
53	const char *canceljob = "<Limit Cancel-Job>";
54	const char *catchall = "<Limit All>";
55	const char *phost = "cluster-printers.MIT.EDU";
56
57	void do_host(char *host);
58	void sqlerr(void);
59	#ifndef MAX
60	#define MAX(a, b) ( (a) > (b) ? (a) : (b) )
61	#endif
62
63	int main(int argc, char **argv)
64	{
65	EXEC SQL BEGIN DECLARE SECTION;
66	char name[MACHINE_NAME_SIZE];
67	EXEC SQL END DECLARE SECTION;
68
69	init_acls();
70
71	EXEC SQL CONNECT :db;
72
73	EXEC SQL WHENEVER SQLERROR DO sqlerr();
74
75	EXEC SQL DECLARE csr_hosts CURSOR FOR
76	SELECT m.name FROM machine m, serverhosts sh
77	WHERE m.mach_id = sh.mach_id AND sh.service = 'CUPS-CLUSTER' AND sh.enable = 1;
78	EXEC SQL OPEN csr_hosts;
79	while (1)
80	{
81	EXEC SQL FETCH csr_hosts INTO :name;
82	if (sqlca.sqlcode)
83	break;
84
85	strtrim(name);
86	do_host(name);
87	}
88	EXEC SQL CLOSE csr_hosts;
89
90	exit(MR_SUCCESS);
91	}
92
93	void printer_user_list(FILE out, char type, int id, char *str, int striprealm)
94	{
95	struct save_queue *sq;
96	struct imember *m;
97	char kbuf[MAX_K_NAME_SZ];
98	char *cp;
99
100	sq = get_acl(type, id, NULL);
101	while (sq_remove_data(sq, &m))
102	{
103	if (m->type != 'S' && m->type != 0) {
104	/* CUPS wants mmanley/root, not mmanley.root@ATHENA.MIT.EDU */
105	canon_krb(m, krbvers, kbuf, sizeof(kbuf));
106
107	/* now, take out all the @realm */
108	if (striprealm) {
109	for (cp=kbuf; *cp; cp++) {
110	if (cp == '@') cp = '\0';
111	}
112	}
113	fprintf(out, "%s %s\n", str, kbuf);
114	}
115	freeimember(m);
116	}
117	sq_destroy(sq);
118	}
119
120	void do_host(char *host)
121	{
122	EXEC SQL BEGIN DECLARE SECTION;
123	char rp[PRINTERS_RP_SIZE], name[PRINTERS_NAME_SIZE];
124	char duplexname[PRINTERS_DUPLEXNAME_SIZE], location[PRINTERS_LOCATION_SIZE];
125	char hwtype[PRINTERS_HWTYPE_SIZE], lowerhwtype[PRINTERS_HWTYPE_SIZE];
126	char modtime[PRINTERS_MODTIME_SIZE], lmodtime[LIST_MODTIME_SIZE];
127	char contact[PRINTERS_CONTACT_SIZE], hostname[MACHINE_NAME_SIZE];
128	char cupshosts[MACHINE_NAME_SIZE], prtype [PRINTERS_TYPE_SIZE];
129	char service[SERVERHOSTS_SERVICE_SIZE];
130	char spoolhost = host, unixtime_fmt = UNIXTIME_FMT, *p;
131	char *lhost;
132	int ka, pc, ac, lpc_acl, top_lpc_acl, banner, rm, duplexdefault, holddefault;
133	EXEC SQL END DECLARE SECTION;
134	TARFILE *tf;
135	FILE *out;
136	char filename[MAXPATHLEN], *duptc;
137	time_t mtime, now = time(NULL);
138
139	lhost = (char *) strdup (host);
140	for (p = lhost; *p; p++)
141	p = tolower(p);
142
143	EXEC SQL SELECT mach_id INTO :rm FROM machine
144	WHERE name = :spoolhost;
145
146	sprintf(filename, "%s/cups-cluster/%s", DCM_DIR, host);
147	tf = tarfile_open(filename);
148
149	/* printers.conf entries for locally run queues */
150	out = tarfile_start(tf, "/etc/cups/printers.conf", 0644, 0, 0,
151	"lp", "lp", now);
152
153	EXEC SQL DECLARE csr_printers CURSOR FOR
154	SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
155	m.name, pr.banner, pr.location, pr.contact, pr.ka,
156	pr.ac, pr.lpc_acl, pr.duplexdefault, pr.holddefault
157	FROM printers pr, machine m
158	WHERE pr.rm = :rm AND m.mach_id = pr.mach_id
159	AND (pr.status = 1 OR pr.status = 2) AND m.status != 3
160	AND (pr.type = 'DORM' or pr.type = 'CLUSTER');
161	EXEC SQL OPEN csr_printers;
162	while (1)
163	{
164	EXEC SQL FETCH csr_printers INTO :rp, :name, :duplexname,
165	:hwtype, :hostname, :banner, :location, :contact, :ka,
166	:ac, :lpc_acl, :duplexdefault, :holddefault;
167	if (sqlca.sqlcode)
168	break;
169
170	strtrim(rp);
171	strtrim(name);
172	strtrim(duplexname);
173	strtrim(hwtype);
174	strtrim(hostname);
175	strtrim(location);
176	strtrim(contact);
177	strcpy(lowerhwtype, hwtype);
178	for (p = rp; p; p++) / Because uppercased printer names suck */
179	p = tolower(p);
180	for (p = lowerhwtype; *p; p++)
181	p = tolower(p);
182	for (p = name; *p; p++)
183	p = tolower(p);
184
185	fprintf(out, "<Printer %s>\n",name);
186	fprintf(out, "Info %s:%s\n", name, hwtype);
187	if (!strncmp(hwtype, "HP", 2))
188	fprintf(out, "DeviceURI accsnmp://socket://%s:9100\n", hostname);
189	else if (!strncmp(hwtype, "LPR", 3))
190	fprintf(out, "DeviceURI lpd://%s/%s\n", hostname, rp);
191	else
192	fprintf(out, "DeviceURI accsnmp://socket://%s\n", hostname);
193	fprintf(out, "State Idle\n"); /* Always with the Idle */
194	fprintf(out, "StateTime %ld\n", (long)time(NULL));
195	if (holddefault)
196	fprintf(out, "Option job-hold-until indefinite\n");
197	fprintf(out, "Accepting Yes\n");
198	fprintf(out, "Shared Yes\n");
199	fprintf(out, "QuotaPeriod 0\n");
200	fprintf(out, "PageLimit 0\n");
201	fprintf(out, "Klimit 0\n");
202	if (duplexdefault)
203	fprintf(out, "Option sides two-sided-long-edge\n");
204	else
205	fprintf(out, "Option sides one-sided\n");
206	fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
207	fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
208	fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
209	fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
210	fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
211	if (location[0])
212	fprintf(out, "Location %s\n", location);
213	fprintf(out, "ErrorPolicy abort-job\n");
214	if (ka \|\| lpc_acl)
215	fprintf(out, "OpPolicy %s-policy\n", rp);
216	else
217	fprintf(out, "OpPolicy default\n");
218
219	/* Access-control list. */
220	if (ac)
221	{
222	if (ka)
223	fprintf(out, "AuthType Negotiate\n");
224	else
225	fprintf(out, "AuthType Default\n");
226	printer_user_list(out, "LIST", ac, "AllowUser", 0);
227	}
228
229	if (banner == PRN_BANNER_NONE)
230	fprintf(out, "JobSheets none none\n");
231	else
232	fprintf(out, "JobSheets athena none\n");
233	fprintf(out, "</Printer>\n");
234
235	}
236	EXEC SQL CLOSE csr_printers;
237
238	/* printers.conf entries for non-local CUPS queues */
239	EXEC SQL DECLARE csr_remote_printers CURSOR FOR
240	SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
241	m.name, pr.banner, pr.location, pr.contact, pr.ka,
242	pr.ac, pr.lpc_acl, m.name as cupshosts
243	FROM printers pr, machine m, machine m2, serverhosts sh
244	WHERE pr.rm = m.mach_id AND pr.rm <> :rm
245	AND (pr.status = 1 OR pr.status = 2) AND pr.mach_id = m2.mach_id AND m2.status !=3
246	AND (pr.type = 'CLUSTER' or pr.type = 'DORM') AND m.name <> :spoolhost AND
247	m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER') AND
248	sh.enable = 1 AND m.mach_id = sh.mach_id;
249
250	EXEC SQL OPEN csr_remote_printers;
251	while (1)
252	{
253	EXEC SQL FETCH csr_remote_printers INTO :rp, :name, :duplexname,
254	:hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl, :cupshosts;
255	if (sqlca.sqlcode)
256	break;
257
258	strtrim(rp);
259	strtrim(name);
260	strtrim(duplexname);
261	strtrim(hwtype);
262	strtrim(hostname);
263	strtrim(location);
264	strtrim(contact);
265	strtrim(cupshosts);
266	strcpy(lowerhwtype, hwtype);
267	for (p = rp; p; p++) / Because uppercased printer names suck */
268	p = tolower(p);
269	for (p = lowerhwtype; *p; p++)
270	p = tolower(p);
271	for (p = name; *p; p++)
272	p = tolower(p);
273
274	fprintf(out, "<Printer %s>\n",name);
275	fprintf(out, "Info %s:%s\n", name, hwtype);
276	fprintf(out, "DeviceURI ipp://%s:631/printers/%s?waitprinter=false&waitjob=false\n", cupshosts, name);
277	fprintf(out, "State Idle\n"); /* Always with the Idle */
278	fprintf(out, "StateTime %ld\n", (long)time(NULL));
279	fprintf(out, "Accepting Yes\n");
280	fprintf(out, "Shared Yes\n");
281	fprintf(out, "QuotaPeriod 0\n");
282	fprintf(out, "PageLimit 0\n");
283	fprintf(out, "Klimit 0\n");
284	if (duplexdefault)
285	fprintf(out, "Option sides two-sided-long-edge\n");
286	else
287	fprintf(out, "Option sides one-sided\n");
288	fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
289	fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
290	fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
291	fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
292	fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
293	if (location[0])
294	fprintf(out, "Location %s\n", location);
295	fprintf(out, "ErrorPolicy abort-job\n");
296	if (ka \|\| lpc_acl)
297	fprintf(out, "OpPolicy %s-policy\n", rp);
298	else
299	fprintf(out, "OpPolicy default\n");
300
301	/* Access-control list. */
302	if (ac)
303	{
304	if (ka)
305	fprintf(out, "AuthType Negotiate\n");
306	else
307	fprintf(out, "AuthType Default\n");
308	printer_user_list(out, "LIST", ac, "AllowUser", 0);
309	}
310
311	/* Never try to prepend a banner */
312	fprintf(out, "JobSheets none none\n");
313	fprintf(out, "</Printer>\n");
314
315	}
316	EXEC SQL CLOSE csr_remote_printers;
317
318	/* printers.conf entries for non-local LPRng queues */
319	EXEC SQL DECLARE csr_lprng_printers CURSOR FOR
320	SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
321	m.name, pr.banner, pr.location, pr.contact, pr.ka,
322	pr.ac, pr.lpc_acl, m.name, pr.duplexdefault as cupshosts
323	FROM printers pr, machine m, machine m2, serverhosts sh
324	WHERE pr.rm = m.mach_id
325	AND (pr.status = 1 OR pr.status = 2) AND pr.mach_id = m2.mach_id AND m2.status != 3
326	AND sh.service = 'PRINT' AND m.mach_id = sh.mach_id
327	AND (pr.type = 'DORM' or pr.type = 'CLUSTER');
328
329	EXEC SQL OPEN csr_lprng_printers;
330	while (1)
331	{
332	EXEC SQL FETCH csr_lprng_printers INTO :rp, :name, :duplexname,
333	:hwtype, :hostname, :banner, :location, :contact, :ka,
334	:ac, :lpc_acl, :cupshosts, :duplexdefault;
335	if (sqlca.sqlcode)
336	break;
337
338	strtrim(rp);
339	strtrim(name);
340	strtrim(duplexname);
341	strtrim(hwtype);
342	strtrim(hostname);
343	strtrim(location);
344	strtrim(contact);
345	strtrim(cupshosts);
346	strcpy(lowerhwtype, hwtype);
347	for (p = rp; p; p++) / Because uppercased printer names suck */
348	p = tolower(p);
349	for (p = lowerhwtype; *p; p++)
350	p = tolower(p);
351	for (p = name; *p; p++)
352	p = tolower(p);
353
354	fprintf(out, "<Printer %s>\n",name);
355	fprintf(out, "Info %s:LPRng Queue on %s\n", name, cupshosts);
356	fprintf(out, "DeviceURI lpd://%s/%s\n", cupshosts, rp);
357	fprintf(out, "State Idle\n"); /* Always with the Idle */
358	fprintf(out, "StateTime %ld\n", (long)time(NULL));
359	fprintf(out, "Accepting Yes\n");
360	fprintf(out, "Shared Yes\n");
361	fprintf(out, "QuotaPeriod 0\n");
362	fprintf(out, "PageLimit 0\n");
363	fprintf(out, "Klimit 0\n");
364	if (duplexdefault)
365	fprintf(out, "Option sides two-sided-long-edge\n");
366	else
367	fprintf(out, "Option sides one-sided\n");
368	fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
369	fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
370	fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
371	fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
372	fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
373	if (location[0])
374	fprintf(out, "Location %s\n", location);
375	fprintf(out, "ErrorPolicy abort-job\n");
376	fprintf(out, "OpPolicy default\n");
377	fprintf(out, "JobSheets none none\n");
378	fprintf(out, "</Printer>\n");
379
380	}
381	EXEC SQL CLOSE csr_lprng_printers;
382	tarfile_end(tf);
383
384
385	/* aliases are in classes.conf */
386	out = tarfile_start(tf, "/etc/cups/classes.conf", 0644, 0, 0,
387	"lp", "lp", now);
388	EXEC SQL DECLARE csr_duplexqs CURSOR FOR
389	SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
390	m.name, pr.banner, pr.location, pr.contact, pr.ka,
391	pr.type as prtype, pr.ac, sh.service, pr.duplexdefault
392	FROM printers pr, machine m, machine m2, serverhosts sh
393	WHERE pr.rm = m.mach_id
394	AND (pr.status = 1 OR pr.status = 2) and pr.mach_id = m2.mach_id AND m2.status !=3
395	AND m.mach_id = sh.mach_id AND sh.enable = 1
396	AND (pr.type = 'DORM' or pr.type = 'CLUSTER')
397	AND (sh.service = 'CUPS-PRINT' OR sh.service = 'PRINT' OR sh.service = 'CUPS-CLUSTER');
398	EXEC SQL OPEN csr_duplexqs;
399	while (1)
400	{
401	EXEC SQL FETCH csr_duplexqs INTO :rp, :name, :duplexname,
402	:hwtype, :hostname, :banner, :location, :contact, :ka, :prtype,
403	:ac, :service, :duplexdefault;
404	if (sqlca.sqlcode)
405	break;
406
407	strtrim(hwtype);
408	strtrim(service);
409	strtrim(rp);
410	strtrim(location);
411	strtrim(contact);
412	strtrim(prtype);
413
414	/* Define alias queues as classes to the regular queues for
415	* accounting reasons. Annoyingly, classes don't always inherit
416	* their printer definitions.
417	*/
418	if (!strcmp(prtype,"ALIAS"))
419	{
420	strtrim(name);
421	fprintf(out, "<Class %s>\n",name);
422	fprintf(out, "Info Alias Queue to %s:%s\n", name, hwtype);
423	fprintf(out, "Printer %s\n", rp);
424	if (duplexdefault)
425	fprintf(out, "Option sides two-sided-long-edge\n");
426	else
427	fprintf(out, "Option sides one-sided\n");
428	fprintf(out, "State Idle\n"); /* Always with the Idle */
429	fprintf(out, "StateTime %ld\n", (long)time(NULL));
430	fprintf(out, "Accepting Yes\n");
431	fprintf(out, "Shared Yes\n");
432	fprintf(out, "QuotaPeriod 0\n");
433	fprintf(out, "PageLimit 0\n");
434	if (location[0])
435	fprintf(out, "Location %s\n", location);
436	/* do not use custom policies for LPRng printers */
437	if (strcmp(service,"PRINT") && (ka \|\| lpc_acl))
438	fprintf(out, "OpPolicy %s-policy\n", rp);
439	else
440	fprintf(out, "OpPolicy default\n");
441
442	/* Access-control list. */
443	if (ac)
444	printer_user_list(out, "LIST", ac, "AllowUser", 0);
445
446	if (banner == PRN_BANNER_NONE)
447	fprintf(out, "JobSheets none none\n");
448	else
449	fprintf(out, "JobSheets athena none\n");
450	fprintf(out, "</Class>\n");
451	}
452
453	/* Define duplex queues as aliases to the regular queues for
454	* accounting reasons. Annoyingly, classes don't always inherit
455	* their printer definitions.
456	*/
457	if (*duplexname && !duplexdefault)
458	{
459	strtrim(duplexname);
460	fprintf(out, "<Class %s>\n",duplexname);
461	if (!strcmp(prtype,"ALIAS"))
462	fprintf(out, "Info Duplex Alias Queue to %s:%s\n", name, hwtype);
463	else
464	fprintf(out, "Info Duplex Queue for %s:%s\n", name, hwtype);
465	fprintf(out, "Option sides two-sided-long-edge\n"); // duplex
466	fprintf(out, "Printer %s\n", rp);
467	fprintf(out, "State Idle\n"); /* Always with the Idle */
468	fprintf(out, "StateTime %ld\n", (long)time(NULL));
469	fprintf(out, "Accepting Yes\n");
470	fprintf(out, "Shared Yes\n");
471	fprintf(out, "QuotaPeriod 0\n");
472	fprintf(out, "PageLimit 0\n");
473	if (location[0])
474	fprintf(out, "Location %s\n", location);
475	/* do not use custom policies for LPRng printers */
476	if (strcmp(service,"PRINT") && (ka \|\| lpc_acl))
477	fprintf(out, "OpPolicy %s-policy\n", rp);
478	else
479	fprintf(out, "OpPolicy default\n");
480
481	/* Access-control list. */
482	if (ac)
483	printer_user_list(out, "LIST", ac, "AllowUser", 0);
484
485	if (banner == PRN_BANNER_NONE)
486	fprintf(out, "JobSheets none none\n");
487	else if (banner == PRN_BANNER_LAST)
488	fprintf(out, "JobSheets athena none\n");
489	fprintf(out, "</Class>\n");
490	}
491	}
492	EXEC SQL CLOSE csr_duplexqs;
493	tarfile_end(tf);
494
495	/* cups.conf */
496	out = tarfile_start(tf, "/etc/cups/cupsd.conf", 0755, 1, 1,
497	"root", "lp", now);
498
499	fprintf(out, "LogLevel error\n");
500	fprintf(out, "SystemGroup sys root ops-group\n");
501	fprintf(out, "Port 631\n");
502	fprintf(out, "SSLPort 443\n");
503	fprintf(out, "Listen /var/run/cups/cups.sock\n");
504	fprintf(out, "Browsing On\n");
505	fprintf(out, "BrowseOrder allow,deny\n");
506	fprintf(out, "BrowseAllow all\n");
507	fprintf(out, "BrowseAddress @LOCAL\n");
508	fprintf(out, "DefaultAuthType Negotiate\n");
509	fprintf(out, "ServerCertificate /etc/cups/ssl/%s-ipp-crt.pem\n", lhost);
510	fprintf(out, "ServerKey /etc/cups/ssl/%s-ipp-key.pem\n", lhost);
511	fprintf(out, "ServerName %s\n", lhost);
512	fprintf(out, "ServerAlias %s\n", phost);
513	/* fprintf(out, "Krb5Keytab /etc/krb5-ipp.keytab\n"); */
514
515	/* The other CUPS servers should be aware of the other hosts'
516	queues, so we'll let them browse each other. */
517	fprintf(out, "Include cups.local.conf\n");
518	fprintf(out, "Include cups.locations.conf\n");
519	fprintf(out, "Include cups.policies.conf\n");
520	tarfile_end(tf);
521
522	/* cups.hosts.conf */
523	out = tarfile_start(tf, "/etc/cups/cups.hosts.conf", 0755, 1, 1,
524	"root", "lp", now);
525	EXEC SQL DECLARE csr_cupshosts CURSOR FOR
526	SELECT m.name AS cupshosts FROM machine m, printservers ps
527	WHERE m.mach_id = ps.mach_id AND ps.kind = 'CUPS';
528	EXEC SQL OPEN csr_cupshosts;
529	while (1)
530	{
531	EXEC SQL FETCH csr_cupshosts INTO :cupshosts;
532	if (sqlca.sqlcode)
533	break;
534
535	strtrim(cupshosts);
536
537	/* Don't poll yourself looking for answers! */
538	if (strcmp(cupshosts,host))
539	fprintf(out, "BrowsePoll %s\n", cupshosts);
540	}
541	EXEC SQL CLOSE csr_cupshosts;
542
543	tarfile_end(tf);
544
545	/* cups.policies.conf */
546	out = tarfile_start(tf, "/etc/cups/cups.policies.conf", 0755, 1, 1,
547	"root", "lp", now);
548	fprintf(out, "# Printer-specific LPC and LPR ACLs\n");
549	/* lpcaccess.top */
550	EXEC SQL SELECT ps.lpc_acl INTO :top_lpc_acl
551	FROM printservers ps, machine m
552	WHERE m.name = :spoolhost AND m.mach_id = ps.mach_id AND m.status != 3;
553	fprintf (out, "<Policy default>\n");
554	fprintf (out, "%s\n", alterjob);
555	fprintf (out, "AuthType Default\n");
556	fprintf (out, "Require user @OWNER @SYSTEM\n");
557	printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
558	fprintf (out, "Order deny,allow\n");
559	fprintf (out, "</Limit>\n");
560	fprintf (out, "<Limit Send-Document CUPS-Get-Document>\n");
561	fprintf (out, "AuthType None\n");
562	fprintf (out, "Require user @OWNER @SYSTEM\n");
563	fprintf (out, "Order deny,allow\n");
564	fprintf (out, "Allow from all\n");
565	fprintf (out, "</Limit>\n");
566	fprintf (out, "%s\n", submitjob);
567	fprintf (out, "AuthType None\n");
568	fprintf (out, "Order deny,allow\n");
569	fprintf (out, "Allow from all\n");
570	fprintf (out, "</Limit>\n");
571	fprintf (out, "%s\n", alterpntr);
572	fprintf (out, "AuthType Default\n");
573	fprintf (out, "Require user @SYSTEM\n");
574	fprintf (out, "Order deny,allow\n");
575	fprintf (out, "</Limit>\n");
576	fprintf (out, "%s\n", lpcpntr);
577	fprintf (out, "AuthType Default\n");
578	fprintf (out, "Require user @SYSTEM\n");
579	printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
580	fprintf (out, "Order deny,allow\n");
581	fprintf (out, "</Limit>\n");
582	fprintf (out, "%s\n", canceljob);
583	fprintf (out, "AuthType Default\n");
584	fprintf (out, "Require user @OWNER @SYSTEM\n");
585	printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
586	fprintf (out, "Order deny,allow\n");
587	fprintf (out, "Allow from all\n");
588	fprintf (out, "</Limit>\n");
589	fprintf (out, "%s\n", catchall);
590	fprintf (out, "AuthType None\n");
591	fprintf (out, "Order deny,allow\n");
592	fprintf (out, "Allow from all\n");
593	fprintf (out, "</Limit>\n");
594	fprintf (out, "</Policy>\n");
595
596	/* restrict lists and lpcaccess policies. Sadly, we have to put the
597	top level for each new policy since CUPS doesn't have a way of
598	doing it otherwise (well, Unix groups, but not moira) */
599	EXEC SQL DECLARE csr_lpc CURSOR FOR
600	SELECT UNIQUE pr.rp, pr.ka, pr.ac, pr.lpc_acl
601	FROM printers pr, machine m
602	WHERE (pr.ac != 0 OR pr.lpc_acl != 0)
603	AND (pr.status = 1 OR pr.status = 2) and pr.mach_id = m.mach_id AND m.status !=3
604	AND pr.rm in (SELECT m.mach_id FROM machine m, serverhosts sh
605	WHERE m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' or sh.service = 'CUPS-CLUSTER')
606	AND sh.enable = 1 and m.status != 3);
607	EXEC SQL OPEN csr_lpc;
608	while (1)
609	{
610	EXEC SQL FETCH csr_lpc INTO :name, :ka, :ac, :lpc_acl;
611	if (sqlca.sqlcode)
612	break;
613
614	strtrim(name);
615
616	fprintf (out, "<Policy %s-policy>\n", name);
617	fprintf (out, "%s\n", alterjob);
618	fprintf (out, "AuthType Default\n");
619	fprintf (out, "Require user @OWNER @SYSTEM\n");
620	printer_user_list(out, "LIST", lpc_acl, "Require user", 1);
621	printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
622	fprintf (out, "Order deny,allow\n");
623	fprintf (out, "Allow from all\n");
624	fprintf (out, "</Limit>\n");
625	fprintf (out, "<Limit Send-Document CUPS-Get-Document>\n");
626	fprintf (out, "AuthType None\n");
627	fprintf (out, "Require user @OWNER @SYSTEM\n");
628	fprintf (out, "Order deny,allow\n");
629	fprintf (out, "Allow from all\n");
630	fprintf (out, "</Limit>\n");
631	fprintf (out, "%s\n", submitjob);
632	/* If the printer is Kerberized? */
633	if (ka)
634	fprintf (out, "AuthType Negotiate\n");
635	else
636	fprintf (out, "AuthType None\n");
637	/* Access-control list. */
638	if (ac)
639	printer_user_list(out, "LIST", ac, "Require user", 1);
640	else if (ka)
641	fprintf (out, "Require valid-user\n");
642	fprintf (out, "Order deny,allow\n");
643	fprintf (out, "Allow from all\n");
644	fprintf (out, "</Limit>\n");
645	fprintf (out, "%s\n", alterpntr);
646	fprintf (out, "AuthType Default\n");
647	fprintf (out, "Require user @SYSTEM\n");
648	fprintf (out, "Order deny,allow\n");
649	fprintf (out, "</Limit>\n");
650	fprintf (out, "%s\n", lpcpntr);
651	fprintf (out, "AuthType Default\n");
652	fprintf (out, "Require user @SYSTEM\n");
653	/* printer-specific lpc access. */
654	if (lpc_acl)
655	printer_user_list(out, "LIST", lpc_acl, "Require user", 1);
656	printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
657	fprintf (out, "Order deny,allow\n");
658	fprintf (out, "</Limit>\n");
659	fprintf (out, "%s\n", canceljob);
660	fprintf (out, "AuthType Default\n");
661	fprintf (out, "Require user @OWNER @SYSTEM\n");
662	printer_user_list(out, "LIST", lpc_acl, "Require user", 1);
663	printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
664	fprintf (out, "Order deny,allow\n");
665	fprintf (out, "Allow from all\n");
666	fprintf (out, "</Limit>\n");
667	fprintf (out, "%s\n", catchall);
668	fprintf (out, "AuthType None\n");
669	fprintf (out, "Order deny,allow\n");
670	fprintf (out, "Allow from all\n");
671	fprintf (out, "</Limit>\n");
672	fprintf (out, "</Policy>\n");
673	}
674	EXEC SQL CLOSE csr_lpc;
675	fprintf(out, "\n");
676	tarfile_end(tf);
677	tarfile_close(tf);
678	}
679
680	void sqlerr(void)
681	{
682	db_error(sqlca.sqlcode);
683	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format