source: trunk/third/moira/gen/cups-print.pc @ 24250

Revision 24250, 22.8 KB checked in by broder, 15 years ago (diff)
New Moira snapshot from subversion. Sorry for the large diff - looks like all of the keywords changed in the SVN import process.
Line 
1/* $Id: cups-print.pc,v 1.14 2009-12-07 20:28:34 zacheiss Exp $
2 *
3 * This generates printcaps and other files for Athena print servers
4 *
5 * Copyright (C) 1992-1998 by the Massachusetts Institute of Technology.
6 * For copying and distribution information, please see the file
7 * <mit-copyright.h>.
8 */
9
10#include <mit-copyright.h>
11#include <moira.h>
12#include <moira_site.h>
13
14#include <sys/stat.h>
15#include <sys/types.h>
16
17#include <ctype.h>
18#include <stdio.h>
19#include <string.h>
20
21#include <time.h>
22#ifdef HAVE_KRB4
23#include <krb.h>
24#endif
25#include <krb5.h>
26
27#include "util.h"
28
29EXEC SQL INCLUDE sqlca;
30
31RCSID("$Header: /afs/.athena.mit.edu/astaff/project/moiradev/repository/moira/gen/cups-print.pc,v 1.14 2009-12-07 20:28:34 zacheiss Exp $");
32
33char *whoami = "cups-print.gen";
34char *db = "moira/moira";
35
36const int krbvers = 5;  /* use Kerberos 5 */
37
38/* OMG, I hate this, but it's cleaner, I guess? */
39
40const char *alterjob = "<Limit Hold-Job Release-Job\
41 Restart-Job Purge-Jobs Reprocess-Job Set-Job-Attributes\
42 Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>";
43const char *submitjob = "<Limit Create-Job Print-Job Print-URI\
44 Set-Job-Attributes Send-URI Create-Job-Subscription Renew-Subscription\
45 Cancel-Subscription Get-Notifications CUPS-Move-Job CUPS-Authenticate-Job>";
46const char *alterpntr = "<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer\
47 CUPS-Add-Modify-Class CUPS-Delete-Class>";
48const char *lpcpntr = "<Limit Pause-Printer Resume-Printer Enable-Printer\
49 Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs\
50 Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer\
51 Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After\
52 CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>";
53const char *canceljob = "<Limit Cancel-Job>";
54const char *catchall = "<Limit All>";
55const char *phost = "printers.MIT.EDU";
56const char *svrlist = "cups-servers";
57
58void do_host(char *host);
59void sqlerr(void);
60#ifndef MAX
61#define MAX(a, b) ( (a) > (b) ? (a) : (b) )
62#endif
63
64int main(int argc, char **argv)
65{
66  EXEC SQL BEGIN DECLARE SECTION;
67  char name[MACHINE_NAME_SIZE];
68  EXEC SQL END DECLARE SECTION;
69
70  init_acls();
71
72  EXEC SQL CONNECT :db;
73
74  EXEC SQL WHENEVER SQLERROR DO sqlerr();
75
76  EXEC SQL DECLARE csr_hosts CURSOR FOR
77    SELECT m.name FROM machine m, serverhosts sh
78    WHERE m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER')
79    AND sh.enable = 1;
80  EXEC SQL OPEN csr_hosts;
81  while (1)
82    {
83      EXEC SQL FETCH csr_hosts INTO :name;
84      if (sqlca.sqlcode)
85        break;
86
87      strtrim(name);
88      do_host(name);
89    }
90  EXEC SQL CLOSE csr_hosts;
91
92  exit(MR_SUCCESS);
93}
94
95void printer_user_list(FILE *out, char *type, int id, char *str, int striprealm)
96{
97  struct save_queue *sq;
98  struct imember *m;
99  char kbuf[MAX_K_NAME_SZ];
100  char *cp;
101
102  sq = get_acl(type, id, NULL);
103  while (sq_remove_data(sq, &m))
104    {
105      if (m->type != 'S' && m->type != NULL) {
106        /* CUPS wants mmanley/root, not mmanley.root@ATHENA.MIT.EDU */
107        canon_krb(m, krbvers, kbuf, sizeof(kbuf));
108
109        /* now, take out all the @realm */
110        if (striprealm) {
111        for (cp=kbuf; *cp; cp++) {
112          if (*cp == '@') *cp = '\0';
113        }
114        }
115        fprintf(out, "%s %s\n", str, kbuf);
116      }
117      freeimember(m);
118    }
119  sq_destroy(sq);
120}
121
122
123
124void do_host(char *host)
125{
126  EXEC SQL BEGIN DECLARE SECTION;
127  char rp[PRINTERS_RP_SIZE], name[PRINTERS_NAME_SIZE];
128  char duplexname[PRINTERS_DUPLEXNAME_SIZE], location[PRINTERS_LOCATION_SIZE];
129  char hwtype[PRINTERS_HWTYPE_SIZE], lowerhwtype[PRINTERS_HWTYPE_SIZE];
130  char modtime[PRINTERS_MODTIME_SIZE], lmodtime[LIST_MODTIME_SIZE];
131  char contact[PRINTERS_CONTACT_SIZE], hostname[MACHINE_NAME_SIZE];
132  char cupshosts[MACHINE_NAME_SIZE], prtype [PRINTERS_TYPE_SIZE];
133  char service[SERVERHOSTS_SERVICE_SIZE];
134  char *spoolhost = host, *unixtime_fmt = UNIXTIME_FMT, *p;
135  char *lhost;
136  int ka, pc, ac, lpc_acl, top_lpc_acl, banner, rm;
137  EXEC SQL END DECLARE SECTION;
138  TARFILE *tf;
139  FILE *out;
140  char filename[MAXPATHLEN], *duptc;
141  time_t mtime, now = time(NULL);
142
143  lhost = (char *) strdup (host);
144  for (p = lhost; *p; p++)
145     *p = tolower(*p);
146
147  EXEC SQL SELECT mach_id INTO :rm FROM machine
148    WHERE name = :spoolhost;
149
150  sprintf(filename, "%s/cups-print/%s", DCM_DIR, host);
151  tf = tarfile_open(filename);
152
153  /* printers.conf entries for locally run queues */
154  out = tarfile_start(tf, "/etc/cups/printers.conf", 0644, 0, 0,
155                      "lp", "lp", now);
156
157  EXEC SQL DECLARE csr_printers CURSOR FOR
158    SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
159    m.name, pr.banner, pr.location, pr.contact, pr.ka,
160    pr.ac, pr.lpc_acl
161    FROM printers pr, machine m
162    WHERE pr.rm = :rm AND m.mach_id = pr.mach_id
163    AND pr.type != 'ALIAS';
164  EXEC SQL OPEN csr_printers;
165  while (1)
166    {
167      EXEC SQL FETCH csr_printers INTO :rp, :name, :duplexname,
168        :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl;
169      if (sqlca.sqlcode)
170        break;
171
172      strtrim(rp);
173      strtrim(name);
174      strtrim(duplexname);
175      strtrim(hwtype);
176      strtrim(hostname);
177      strtrim(location);
178      strtrim(contact);
179      strcpy(lowerhwtype, hwtype);
180      for (p = rp; *p; p++)     /* Because uppercased printer names suck */
181        *p = tolower(*p);
182      for (p = lowerhwtype; *p; p++)
183        *p = tolower(*p);
184
185      fprintf(out, "<Printer %s>\n",rp);
186      fprintf(out, "Info %s:%s\n", rp, hwtype);
187      /* Note the use of "beh" to keep the CUPS from disabling print queues
188       * should they not respond versus discarding the job. 
189       * See the "beh" page for details. 
190       * The 1/0/60 says "don't disable/try 20 times/try every 60s */
191      if (!strncmp(hwtype, "HP", 2))
192          fprintf(out, "DeviceURI beh:/1/20/60/socket://%s:9100\n", hostname);
193      else
194          fprintf(out, "DeviceURI beh:/1/20/60/socket://%s\n", hostname);
195      fprintf(out, "State Idle\n");     // Always with the Idle
196      fprintf(out, "StateTime %ld\n", (long)time(NULL));
197      fprintf(out, "Accepting Yes\n");
198      fprintf(out, "Shared Yes\n");
199      fprintf(out, "QuotaPeriod 0\n");
200      fprintf(out, "PageLimit 0\n");
201      fprintf(out, "Klimit 0\n");
202      fprintf(out, "Option sides one-sided\n");
203      fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
204      fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
205      fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
206      fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
207      fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
208      if (location[0])
209        fprintf(out, "Location %s\n", location);
210      fprintf(out, "ErrorPolicy abort-job\n");
211      if (ka || lpc_acl)
212        fprintf(out, "OpPolicy %s-policy\n", rp);
213      else
214        fprintf(out, "OpPolicy default\n");
215
216      /* Access-control list. */
217      if (ac)
218        {
219          if (ka)
220            fprintf(out, "AuthType Negotiate\n");
221          else
222            fprintf(out, "AuthType Default\n");
223          printer_user_list(out, "LIST", ac, "AllowUser", 0);
224        }
225
226      if (banner == PRN_BANNER_NONE)
227        fprintf(out, "JobSheets none none\n");
228      else
229        fprintf(out, "JobSheets athena none\n");
230      fprintf(out, "</Printer>\n");
231
232    }
233  EXEC SQL CLOSE csr_printers;
234
235  /* printers.conf entries for non-local CUPS queues */
236  EXEC SQL DECLARE csr_remote_printers CURSOR FOR
237    SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
238    m.name, pr.banner, pr.location, pr.contact, pr.ka,
239    pr.ac, pr.lpc_acl, m.name as cupshosts
240    FROM printers pr, machine m, serverhosts sh
241    WHERE pr.rm = m.mach_id
242    AND pr.type != 'ALIAS' AND m.name <> :spoolhost AND
243    m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER')
244    AND sh.enable = 1 AND m.mach_id = sh.mach_id;
245
246  EXEC SQL OPEN csr_remote_printers;
247  while (1)
248    {
249      EXEC SQL FETCH csr_remote_printers INTO :rp, :name, :duplexname,
250        :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl, :cupshosts;
251      if (sqlca.sqlcode)
252        break;
253
254      strtrim(rp);
255      strtrim(name);
256      strtrim(duplexname);
257      strtrim(hwtype);
258      strtrim(hostname);
259      strtrim(location);
260      strtrim(contact);
261      strtrim(cupshosts);
262      strcpy(lowerhwtype, hwtype);
263      for (p = rp; *p; p++)     /* Because uppercased printer names suck */
264        *p = tolower(*p);
265      for (p = lowerhwtype; *p; p++)
266        *p = tolower(*p);
267
268      fprintf(out, "<Printer %s>\n",rp);
269      fprintf(out, "Info %s:%s\n", rp, hwtype);
270      fprintf(out, "DeviceURI ipp://%s:631/printers/%s\n", cupshosts, rp);
271      fprintf(out, "State Idle\n");     // Always with the Idle
272      fprintf(out, "StateTime %ld\n", (long)time(NULL));
273      fprintf(out, "Accepting Yes\n");
274      fprintf(out, "Shared Yes\n");
275      fprintf(out, "QuotaPeriod 0\n");
276      fprintf(out, "PageLimit 0\n");
277      fprintf(out, "Klimit 0\n");
278      fprintf(out, "Option sides one-sided\n");
279      fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
280      fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
281      fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
282      fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
283      fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
284      if (location[0])
285        fprintf(out, "Location %s\n", location);
286      fprintf(out, "ErrorPolicy abort-job\n");
287      if (ka || lpc_acl)
288        fprintf(out, "OpPolicy %s-policy\n", rp);
289      else
290        fprintf(out, "OpPolicy default\n");
291
292      /* Access-control list. */
293      if (ac)
294        {
295          if (ka)
296            fprintf(out, "AuthType Negotiate\n");
297          else
298            fprintf(out, "AuthType Default\n");
299          printer_user_list(out, "LIST", ac, "AllowUser", 0);
300        }
301
302      if (banner == PRN_BANNER_NONE)
303        fprintf(out, "JobSheets none none\n");
304      else
305        fprintf(out, "JobSheets athena none\n");
306      fprintf(out, "</Printer>\n");
307
308    }
309  EXEC SQL CLOSE csr_remote_printers;
310
311  /* printers.conf entries for non-local LPRng queues */
312  EXEC SQL DECLARE csr_lprng_printers CURSOR FOR
313    SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
314    m.name, pr.banner, pr.location, pr.contact, pr.ka,
315    pr.ac, pr.lpc_acl, m.name as cupshosts
316    FROM printers pr, machine m, serverhosts sh
317    WHERE pr.rm = m.mach_id
318    AND pr.type != 'ALIAS' AND m.name <> :spoolhost AND
319    m.mach_id = sh.mach_id AND sh.service = 'PRINT' AND
320    sh.enable = 1;
321
322  EXEC SQL OPEN csr_lprng_printers;
323  while (1)
324    {
325      EXEC SQL FETCH csr_lprng_printers INTO :rp, :name, :duplexname,
326        :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl, :cupshosts;
327      if (sqlca.sqlcode)
328        break;
329
330      strtrim(rp);
331      strtrim(name);
332      strtrim(duplexname);
333      strtrim(hwtype);
334      strtrim(hostname);
335      strtrim(location);
336      strtrim(contact);
337      strtrim(cupshosts);
338      strcpy(lowerhwtype, hwtype);
339      for (p = rp; *p; p++)     /* Because uppercased printer names suck */
340        *p = tolower(*p);
341      for (p = lowerhwtype; *p; p++)
342        *p = tolower(*p);
343
344      fprintf(out, "<Printer %s>\n",rp);
345      fprintf(out, "Info %s:LPRng Queue on %s\n", rp, cupshosts);
346      fprintf(out, "DeviceURI lpd://%s/%s\n", cupshosts, rp);
347      fprintf(out, "State Idle\n");     // Always with the Idle
348      fprintf(out, "StateTime %ld\n", (long)time(NULL));
349      fprintf(out, "Accepting Yes\n");
350      fprintf(out, "Shared Yes\n");
351      fprintf(out, "QuotaPeriod 0\n");
352      fprintf(out, "PageLimit 0\n");
353      fprintf(out, "Klimit 0\n");
354      fprintf(out, "Option sides one-sided\n");
355      fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
356      fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
357      fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
358      fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
359      fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
360      if (location[0])
361        fprintf(out, "Location %s\n", location);
362      fprintf(out, "ErrorPolicy abort-job\n");
363      fprintf(out, "OpPolicy default\n");
364      fprintf(out, "JobSheets none none\n");
365      fprintf(out, "</Printer>\n");
366
367    }
368  EXEC SQL CLOSE csr_lprng_printers;
369  tarfile_end(tf);
370
371
372  /* aliases are in classes.conf */
373  out = tarfile_start(tf, "/etc/cups/classes.conf", 0644, 0, 0,
374                  "lp", "lp", now);
375  EXEC SQL DECLARE csr_duplexqs CURSOR FOR
376    SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
377    m.name, pr.banner, pr.location, pr.contact, pr.ka,
378    pr.type as prtype, pr.ac, sh.service
379    FROM printers pr, machine m, serverhosts sh
380    WHERE pr.rm = m.mach_id
381    AND m.mach_id = sh.mach_id AND sh.enable = 1
382    AND (sh.service = 'CUPS-PRINT' OR sh.service = 'PRINT' OR sh.service = 'CUPS-CLUSTER');
383  EXEC SQL OPEN csr_duplexqs;
384  while (1)
385    {
386      EXEC SQL FETCH csr_duplexqs INTO :rp, :name, :duplexname,
387        :hwtype, :hostname, :banner, :location, :contact, :ka, :prtype, :ac, :service;
388      if (sqlca.sqlcode)
389        break;
390
391      strtrim(hwtype);
392      strtrim(service);
393      strtrim(rp);
394      strtrim(location);
395      strtrim(contact);
396      strtrim(prtype);
397
398      /* Define alias queues as classes to the regular queues for
399       * accounting reasons.  Annoyingly, classes don't always inherit
400       * their printer definitions.
401      */
402      if (!strcmp(prtype,"ALIAS"))
403        {
404          strtrim(name);
405          fprintf(out, "<Class %s>\n",name);
406          fprintf(out, "Info Alias Queue to %s:%s\n", rp, hwtype);
407          fprintf(out, "Printer %s\n", rp);
408          fprintf(out, "Option sides one-sided\n");
409          fprintf(out, "State Idle\n");     // Always with the Idle
410          fprintf(out, "StateTime %ld\n", (long)time(NULL));
411          fprintf(out, "Accepting Yes\n");
412          fprintf(out, "Shared Yes\n");
413          fprintf(out, "QuotaPeriod 0\n");
414          fprintf(out, "PageLimit 0\n");
415          if (location[0])
416            fprintf(out, "Location %s\n", location);
417          /* do not use custom policies for LPRng printers */
418          if (strcmp(service,"PRINT") && (ka || lpc_acl))
419            fprintf(out, "OpPolicy %s-policy\n", rp);
420          else
421            fprintf(out, "OpPolicy default\n");
422   
423          /* Access-control list. */
424          if (ac)
425            printer_user_list(out, "LIST", ac, "AllowUser", 0);
426   
427          if (banner == PRN_BANNER_NONE)
428            fprintf(out, "JobSheets none none\n");
429          else
430            fprintf(out, "JobSheets athena none\n");
431          fprintf(out, "</Class>\n");
432      }
433
434      /* Define duplex queues as aliases to the regular queues for
435       * accounting reasons.  Annoyingly, classes don't always inherit
436       * their printer definitions.
437      */
438      if (*duplexname)
439        {
440          strtrim(duplexname);
441          fprintf(out, "<Class %s>\n",duplexname);
442          if (!strcmp(prtype,"ALIAS"))
443            fprintf(out, "Info Duplex Alias Queue to %s:%s\n", rp, hwtype);
444          else
445            fprintf(out, "Info Duplex Queue for %s:%s\n", rp, hwtype);
446          fprintf(out, "Option sides two-sided-long-edge\n");   // duplex
447          fprintf(out, "Printer %s\n", rp);
448          fprintf(out, "State Idle\n");     // Always with the Idle
449          fprintf(out, "StateTime %ld\n", (long)time(NULL));
450          fprintf(out, "Accepting Yes\n");
451          fprintf(out, "Shared Yes\n");
452          fprintf(out, "QuotaPeriod 0\n");
453          fprintf(out, "PageLimit 0\n");
454          if (location[0])
455            fprintf(out, "Location %s\n", location);
456          if (strcmp(service,"PRINT") && (ka || lpc_acl))
457            fprintf(out, "OpPolicy %s-policy\n", rp);
458          else
459            fprintf(out, "OpPolicy default\n");
460   
461          /* Access-control list. */
462          if (ac)
463            printer_user_list(out, "LIST", ac, "AllowUser", 0);
464   
465          if (banner == PRN_BANNER_NONE)
466            fprintf(out, "JobSheets none none\n");
467          else if (banner == PRN_BANNER_LAST)
468            fprintf(out, "JobSheets athena none\n");
469          fprintf(out, "</Class>\n");
470        }
471    }
472  EXEC SQL CLOSE csr_duplexqs;
473  tarfile_end(tf);
474
475  /* cups.conf */
476  out = tarfile_start(tf, "/etc/cups/cupsd.conf", 0755, 1, 1,
477                      "root", "lp", now);
478
479  fprintf(out, "LogLevel info\n");
480  fprintf(out, "SystemGroup sys root ops-group\n");
481  fprintf(out, "Port 631\n");
482  fprintf(out, "SSLPort 443\n");
483  fprintf(out, "Listen /var/run/cups/cups.sock\n");
484  fprintf(out, "Browsing On\n");
485  fprintf(out, "BrowseOrder allow,deny\n");
486  fprintf(out, "BrowseAllow all\n");
487  fprintf(out, "BrowseAddress @LOCAL\n");
488  fprintf(out, "DefaultAuthType Negotiate\n");
489  fprintf(out, "ServerCertificate /etc/cups/ssl/%s-ipp-crt.pem\n", lhost);
490  fprintf(out, "ServerKey /etc/cups/ssl/%s-ipp-key.pem\n", lhost);
491  fprintf(out, "ServerName %s\n", lhost);
492  fprintf(out, "ServerAlias %s\n", phost);
493  /* fprintf(out, "Krb5Keytab /etc/krb5-ipp.keytab\n"); */
494
495  /* The other CUPS servers should be aware of the other hosts'
496     queues, so we'll let them browse each other. */
497  fprintf(out, "Include cups.local.conf\n");
498  fprintf(out, "Include cups.locations.conf\n");
499  fprintf(out, "Include cups.policies.conf\n");
500  tarfile_end(tf);
501
502  /* cups.hosts.conf */
503  out = tarfile_start(tf, "/etc/cups/cups.hosts.conf", 0755, 1, 1,
504                      "root", "lp", now);
505  EXEC SQL DECLARE csr_cupshosts CURSOR FOR
506    SELECT m.name AS cupshosts FROM machine m, printservers ps
507    WHERE m.mach_id = ps.mach_id AND ps.kind = 'CUPS';
508  EXEC SQL OPEN csr_cupshosts;
509  while (1)
510    {
511      EXEC SQL FETCH csr_cupshosts INTO :cupshosts;
512      if (sqlca.sqlcode)
513        break;
514
515      strtrim(cupshosts);
516
517      /* Don't poll yourself looking for answers! */
518      if (strcmp(cupshosts,host))
519         fprintf(out, "BrowsePoll %s\n", cupshosts);
520    }
521  EXEC SQL CLOSE csr_cupshosts;
522
523  tarfile_end(tf);
524
525  /* cups.policies.conf */
526  out = tarfile_start(tf, "/etc/cups/cups.policies.conf", 0755, 1, 1,
527                      "root", "lp", now);
528  fprintf(out, "# Printer-specific LPC and LPR ACLs\n");
529  /* lpcaccess.top */
530  EXEC SQL SELECT ps.lpc_acl INTO :top_lpc_acl
531    FROM printservers ps, machine m
532    WHERE m.name = :spoolhost AND m.mach_id = ps.mach_id;
533
534  /* first, what's our defaults? */
535      fprintf (out, "<Policy default>\n");
536      fprintf (out, "%s\n", alterjob);
537      fprintf (out, "AuthType Default\n");
538      fprintf (out, "Require user @OWNER @SYSTEM\n");
539  printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
540  fprintf (out, "Order deny,allow\n");
541  fprintf (out, "</Limit>\n");
542  fprintf (out, "<Limit Send-Document CUPS-Get-Document>\n");
543  fprintf (out, "AuthType None\n");
544  fprintf (out, "Require user @OWNER @SYSTEM\n");
545      fprintf (out, "Order deny,allow\n");
546  fprintf (out, "Allow from all\n");
547      fprintf (out, "</Limit>\n");
548      fprintf (out, "%s\n", submitjob);
549      fprintf (out, "AuthType None\n");
550      fprintf (out, "Order deny,allow\n");
551      fprintf (out, "Allow from all\n");
552      fprintf (out, "</Limit>\n");
553      fprintf (out, "%s\n", alterpntr);
554      fprintf (out, "AuthType Default\n");
555      fprintf (out, "Require user @SYSTEM\n");
556      fprintf (out, "Order deny,allow\n");
557      fprintf (out, "</Limit>\n");
558      fprintf (out, "%s\n", lpcpntr);
559      fprintf (out, "AuthType Default\n");
560      fprintf (out, "Require user @SYSTEM\n");
561  printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
562      fprintf (out, "Order deny,allow\n");
563      fprintf (out, "</Limit>\n");
564      fprintf (out, "%s\n", canceljob);
565      fprintf (out, "AuthType Default\n");
566      fprintf (out, "Require user @OWNER @SYSTEM\n");
567  printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
568      fprintf (out, "Order deny,allow\n");
569      fprintf (out, "Allow from all\n");
570      fprintf (out, "</Limit>\n");
571      fprintf (out, "%s\n", catchall);
572      fprintf (out, "AuthType None\n");
573      fprintf (out, "Order deny,allow\n");
574      fprintf (out, "Allow from all\n");
575      fprintf (out, "</Limit>\n");
576      fprintf (out, "</Policy>\n");
577
578  /* restrict lists and lpcaccess policies.  Sadly, we have to put the
579     top level for each new policy since CUPS doesn't have a way of
580     doing it otherwise (well, Unix groups, but not moira) */
581  EXEC SQL DECLARE csr_lpc CURSOR FOR
582    SELECT UNIQUE rp, ka, ac, lpc_acl
583    FROM printers
584    WHERE (ac != 0 OR lpc_acl != 0) AND rm in (SELECT m.mach_id FROM machine m, serverhosts sh
585    WHERE m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER')
586    AND sh.enable = 1);
587  EXEC SQL OPEN csr_lpc;
588  while (1)
589    {
590      EXEC SQL FETCH csr_lpc INTO :name, :ka, :ac, :lpc_acl;
591      if (sqlca.sqlcode)
592        break;
593
594      strtrim(name);
595
596      fprintf (out, "<Policy %s-policy>\n", name);
597      fprintf (out, "%s\n", alterjob);
598      fprintf (out, "AuthType Default\n");
599      fprintf (out, "Require user @OWNER @SYSTEM\n");
600      printer_user_list(out, "LIST", lpc_acl, "Require user", 1);
601      printer_user_list(out, "LIST", svrlist, "Require user", 1);
602      fprintf (out, "Order deny,allow\n");
603      fprintf (out, "Allow from all\n");
604      fprintf (out, "</Limit>\n");
605      fprintf (out, "<Limit Send-Document CUPS-Get-Document>\n");
606      fprintf (out, "AuthType None\n");
607      fprintf (out, "Require user @OWNER @SYSTEM\n");
608      fprintf (out, "Order deny,allow\n");
609      fprintf (out, "Allow from all\n");
610      fprintf (out, "</Limit>\n");
611      fprintf (out, "%s\n", submitjob);
612      /* If the printer is Kerberized? */
613      if (ka)
614        fprintf (out, "AuthType Negotiate\n");
615      else
616        fprintf (out, "AuthType None\n");
617      /* Access-control list. */
618      if (ac) {
619        printer_user_list(out, "LIST", ac, "Require user", 1);
620        printer_user_list(out, "LIST", svrlist, "Require user", 1);
621      }
622      else if (ka)
623        fprintf (out, "Require valid-user\n");
624      fprintf (out, "Order deny,allow\n");
625      fprintf (out, "Allow from all\n");
626      fprintf (out, "</Limit>\n");
627      fprintf (out, "%s\n", alterpntr);
628      fprintf (out, "AuthType Default\n");
629      fprintf (out, "Require user @SYSTEM\n");
630      fprintf (out, "Order deny,allow\n");
631      fprintf (out, "</Limit>\n");
632      fprintf (out, "%s\n", lpcpntr);
633      fprintf (out, "AuthType Default\n");
634      fprintf (out, "Require user @SYSTEM\n");
635      /* printer-specific lpc access. */
636      if (lpc_acl)
637        printer_user_list(out, "LIST", lpc_acl, "Require user", 1);
638      printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
639      fprintf (out, "Order deny,allow\n");
640      fprintf (out, "</Limit>\n");
641      fprintf (out, "%s\n", canceljob);
642      fprintf (out, "AuthType Default\n");
643      fprintf (out, "Require user @OWNER @SYSTEM\n");
644      printer_user_list(out, "LIST", lpc_acl, "Require user", 1);
645      printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
646      fprintf (out, "Order deny,allow\n");
647      fprintf (out, "Allow from all\n");
648      fprintf (out, "</Limit>\n");
649      fprintf (out, "%s\n", catchall);
650      fprintf (out, "AuthType None\n");
651      fprintf (out, "Order deny,allow\n");
652      fprintf (out, "Allow from all\n");
653      fprintf (out, "</Limit>\n");
654      fprintf (out, "</Policy>\n");
655    }
656  EXEC SQL CLOSE csr_lpc;
657  fprintf(out, "\n");
658  tarfile_end(tf);
659  tarfile_close(tf);
660}
661
662void sqlerr(void)
663{
664  db_error(sqlca.sqlcode);
665}
Note: See TracBrowser for help on using the repository browser.