Context Navigation

cups-print.pc @ 24319

Visit:

Revision 24319, 22.9 KB checked in by broder, 14 years ago (diff)
New Moira snapshot from SVN.

Line
1	/* $Id: cups-print.pc 3963 2010-01-07 07:09:01Z zacheiss $
2	*
3	* This generates printcaps and other files for Athena print servers
4	*
5	* Copyright (C) 1992-1998 by the Massachusetts Institute of Technology.
6	* For copying and distribution information, please see the file
7	* <mit-copyright.h>.
8	*/
9
10	#include <mit-copyright.h>
11	#include <moira.h>
12	#include <moira_site.h>
13
14	#include <sys/stat.h>
15	#include <sys/types.h>
16
17	#include <ctype.h>
18	#include <stdio.h>
19	#include <string.h>
20
21	#include <time.h>
22	#ifdef HAVE_KRB4
23	#include <krb.h>
24	#endif
25	#include <krb5.h>
26
27	#include "util.h"
28
29	EXEC SQL INCLUDE sqlca;
30
31	RCSID("$HeadURL: svn+ssh://svn.mit.edu/moira/trunk/moira/gen/cups-print.pc $ $Id: cups-print.pc 3963 2010-01-07 07:09:01Z zacheiss $");
32
33	char *whoami = "cups-print.gen";
34	char *db = "moira/moira";
35
36	const int krbvers = 5; /* use Kerberos 5 */
37
38	/* OMG, I hate this, but it's cleaner, I guess? */
39
40	const char *alterjob = "<Limit Hold-Job Release-Job\
41	Restart-Job Purge-Jobs Reprocess-Job Set-Job-Attributes\
42	Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>";
43	const char *submitjob = "<Limit Create-Job Print-Job Print-URI\
44	Set-Job-Attributes Send-URI Create-Job-Subscription Renew-Subscription\
45	Cancel-Subscription Get-Notifications CUPS-Move-Job CUPS-Authenticate-Job>";
46	const char *alterpntr = "<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer\
47	CUPS-Add-Modify-Class CUPS-Delete-Class>";
48	const char *lpcpntr = "<Limit Pause-Printer Resume-Printer Enable-Printer\
49	Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs\
50	Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer\
51	Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After\
52	CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>";
53	const char *canceljob = "<Limit Cancel-Job>";
54	const char *catchall = "<Limit All>";
55	const char *phost = "printers.MIT.EDU";
56	const char *svrlist = "cups-servers";
57
58	void do_host(char *host);
59	void sqlerr(void);
60	#ifndef MAX
61	#define MAX(a, b) ( (a) > (b) ? (a) : (b) )
62	#endif
63
64	int main(int argc, char **argv)
65	{
66	EXEC SQL BEGIN DECLARE SECTION;
67	char name[MACHINE_NAME_SIZE];
68	EXEC SQL END DECLARE SECTION;
69
70	init_acls();
71
72	EXEC SQL CONNECT :db;
73
74	EXEC SQL WHENEVER SQLERROR DO sqlerr();
75
76	EXEC SQL DECLARE csr_hosts CURSOR FOR
77	SELECT m.name FROM machine m, serverhosts sh
78	WHERE m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER')
79	AND sh.enable = 1;
80	EXEC SQL OPEN csr_hosts;
81	while (1)
82	{
83	EXEC SQL FETCH csr_hosts INTO :name;
84	if (sqlca.sqlcode)
85	break;
86
87	strtrim(name);
88	do_host(name);
89	}
90	EXEC SQL CLOSE csr_hosts;
91
92	exit(MR_SUCCESS);
93	}
94
95	void printer_user_list(FILE out, char type, int id, char *str, int striprealm)
96	{
97	struct save_queue *sq;
98	struct imember *m;
99	char kbuf[MAX_K_NAME_SZ];
100	char *cp;
101
102	sq = get_acl(type, id, NULL);
103	while (sq_remove_data(sq, &m))
104	{
105	if (m->type != 'S' && m->type != 0) {
106	/* CUPS wants mmanley/root, not mmanley.root@ATHENA.MIT.EDU */
107	canon_krb(m, krbvers, kbuf, sizeof(kbuf));
108
109	/* now, take out all the @realm */
110	if (striprealm) {
111	for (cp=kbuf; *cp; cp++) {
112	if (cp == '@') cp = '\0';
113	}
114	}
115	fprintf(out, "%s %s\n", str, kbuf);
116	}
117	freeimember(m);
118	}
119	sq_destroy(sq);
120	}
121
122
123
124	void do_host(char *host)
125	{
126	EXEC SQL BEGIN DECLARE SECTION;
127	char rp[PRINTERS_RP_SIZE], name[PRINTERS_NAME_SIZE];
128	char duplexname[PRINTERS_DUPLEXNAME_SIZE], location[PRINTERS_LOCATION_SIZE];
129	char hwtype[PRINTERS_HWTYPE_SIZE], lowerhwtype[PRINTERS_HWTYPE_SIZE];
130	char modtime[PRINTERS_MODTIME_SIZE], lmodtime[LIST_MODTIME_SIZE];
131	char contact[PRINTERS_CONTACT_SIZE], hostname[MACHINE_NAME_SIZE];
132	char cupshosts[MACHINE_NAME_SIZE], prtype [PRINTERS_TYPE_SIZE];
133	char service[SERVERHOSTS_SERVICE_SIZE];
134	char spoolhost = host, unixtime_fmt = UNIXTIME_FMT, *p;
135	char *lhost;
136	int ka, pc, ac, lpc_acl, top_lpc_acl, banner, rm, svrlist_id;
137	EXEC SQL END DECLARE SECTION;
138	TARFILE *tf;
139	FILE *out;
140	char filename[MAXPATHLEN], *duptc;
141	time_t mtime, now = time(NULL);
142
143	lhost = (char *) strdup (host);
144	for (p = lhost; *p; p++)
145	p = tolower(p);
146
147	EXEC SQL SELECT mach_id INTO :rm FROM machine
148	WHERE name = :spoolhost;
149
150	sprintf(filename, "%s/cups-print/%s", DCM_DIR, host);
151	tf = tarfile_open(filename);
152
153	/* printers.conf entries for locally run queues */
154	out = tarfile_start(tf, "/etc/cups/printers.conf", 0644, 0, 0,
155	"lp", "lp", now);
156
157	EXEC SQL DECLARE csr_printers CURSOR FOR
158	SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
159	m.name, pr.banner, pr.location, pr.contact, pr.ka,
160	pr.ac, pr.lpc_acl
161	FROM printers pr, machine m
162	WHERE pr.rm = :rm AND m.mach_id = pr.mach_id
163	AND pr.type != 'ALIAS';
164	EXEC SQL OPEN csr_printers;
165	while (1)
166	{
167	EXEC SQL FETCH csr_printers INTO :rp, :name, :duplexname,
168	:hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl;
169	if (sqlca.sqlcode)
170	break;
171
172	strtrim(rp);
173	strtrim(name);
174	strtrim(duplexname);
175	strtrim(hwtype);
176	strtrim(hostname);
177	strtrim(location);
178	strtrim(contact);
179	strcpy(lowerhwtype, hwtype);
180	for (p = rp; p; p++) / Because uppercased printer names suck */
181	p = tolower(p);
182	for (p = lowerhwtype; *p; p++)
183	p = tolower(p);
184
185	fprintf(out, "<Printer %s>\n",rp);
186	fprintf(out, "Info %s:%s\n", rp, hwtype);
187	/* Note the use of "beh" to keep the CUPS from disabling print queues
188	* should they not respond versus discarding the job.
189	* See the "beh" page for details.
190	* The 1/0/60 says "don't disable/try 20 times/try every 60s */
191	if (!strncmp(hwtype, "HP", 2))
192	fprintf(out, "DeviceURI beh:/1/20/60/socket://%s:9100\n", hostname);
193	else
194	fprintf(out, "DeviceURI beh:/1/20/60/socket://%s\n", hostname);
195	fprintf(out, "State Idle\n"); // Always with the Idle
196	fprintf(out, "StateTime %ld\n", (long)time(NULL));
197	fprintf(out, "Accepting Yes\n");
198	fprintf(out, "Shared Yes\n");
199	fprintf(out, "QuotaPeriod 0\n");
200	fprintf(out, "PageLimit 0\n");
201	fprintf(out, "Klimit 0\n");
202	fprintf(out, "Option sides one-sided\n");
203	fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
204	fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
205	fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
206	fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
207	fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
208	if (location[0])
209	fprintf(out, "Location %s\n", location);
210	fprintf(out, "ErrorPolicy abort-job\n");
211	if (ka \|\| lpc_acl)
212	fprintf(out, "OpPolicy %s-policy\n", rp);
213	else
214	fprintf(out, "OpPolicy default\n");
215
216	/* Access-control list. */
217	if (ac)
218	{
219	if (ka)
220	fprintf(out, "AuthType Negotiate\n");
221	else
222	fprintf(out, "AuthType Default\n");
223	printer_user_list(out, "LIST", ac, "AllowUser", 0);
224	}
225
226	if (banner == PRN_BANNER_NONE)
227	fprintf(out, "JobSheets none none\n");
228	else
229	fprintf(out, "JobSheets athena none\n");
230	fprintf(out, "</Printer>\n");
231
232	}
233	EXEC SQL CLOSE csr_printers;
234
235	/* printers.conf entries for non-local CUPS queues */
236	EXEC SQL DECLARE csr_remote_printers CURSOR FOR
237	SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
238	m.name, pr.banner, pr.location, pr.contact, pr.ka,
239	pr.ac, pr.lpc_acl, m.name as cupshosts
240	FROM printers pr, machine m, serverhosts sh
241	WHERE pr.rm = m.mach_id
242	AND pr.type != 'ALIAS' AND m.name <> :spoolhost AND
243	m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER')
244	AND sh.enable = 1 AND m.mach_id = sh.mach_id;
245
246	EXEC SQL OPEN csr_remote_printers;
247	while (1)
248	{
249	EXEC SQL FETCH csr_remote_printers INTO :rp, :name, :duplexname,
250	:hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl, :cupshosts;
251	if (sqlca.sqlcode)
252	break;
253
254	strtrim(rp);
255	strtrim(name);
256	strtrim(duplexname);
257	strtrim(hwtype);
258	strtrim(hostname);
259	strtrim(location);
260	strtrim(contact);
261	strtrim(cupshosts);
262	strcpy(lowerhwtype, hwtype);
263	for (p = rp; p; p++) / Because uppercased printer names suck */
264	p = tolower(p);
265	for (p = lowerhwtype; *p; p++)
266	p = tolower(p);
267
268	fprintf(out, "<Printer %s>\n",rp);
269	fprintf(out, "Info %s:%s\n", rp, hwtype);
270	fprintf(out, "DeviceURI ipp://%s:631/printers/%s\n", cupshosts, rp);
271	fprintf(out, "State Idle\n"); // Always with the Idle
272	fprintf(out, "StateTime %ld\n", (long)time(NULL));
273	fprintf(out, "Accepting Yes\n");
274	fprintf(out, "Shared Yes\n");
275	fprintf(out, "QuotaPeriod 0\n");
276	fprintf(out, "PageLimit 0\n");
277	fprintf(out, "Klimit 0\n");
278	fprintf(out, "Option sides one-sided\n");
279	fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
280	fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
281	fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
282	fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
283	fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
284	if (location[0])
285	fprintf(out, "Location %s\n", location);
286	fprintf(out, "ErrorPolicy abort-job\n");
287	if (ka \|\| lpc_acl)
288	fprintf(out, "OpPolicy %s-policy\n", rp);
289	else
290	fprintf(out, "OpPolicy default\n");
291
292	/* Access-control list. */
293	if (ac)
294	{
295	if (ka)
296	fprintf(out, "AuthType Negotiate\n");
297	else
298	fprintf(out, "AuthType Default\n");
299	printer_user_list(out, "LIST", ac, "AllowUser", 0);
300	}
301
302	if (banner == PRN_BANNER_NONE)
303	fprintf(out, "JobSheets none none\n");
304	else
305	fprintf(out, "JobSheets athena none\n");
306	fprintf(out, "</Printer>\n");
307
308	}
309	EXEC SQL CLOSE csr_remote_printers;
310
311	/* printers.conf entries for non-local LPRng queues */
312	EXEC SQL DECLARE csr_lprng_printers CURSOR FOR
313	SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
314	m.name, pr.banner, pr.location, pr.contact, pr.ka,
315	pr.ac, pr.lpc_acl, m.name as cupshosts
316	FROM printers pr, machine m, serverhosts sh
317	WHERE pr.rm = m.mach_id
318	AND pr.type != 'ALIAS' AND m.name <> :spoolhost AND
319	m.mach_id = sh.mach_id AND sh.service = 'PRINT' AND
320	sh.enable = 1;
321
322	EXEC SQL OPEN csr_lprng_printers;
323	while (1)
324	{
325	EXEC SQL FETCH csr_lprng_printers INTO :rp, :name, :duplexname,
326	:hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl, :cupshosts;
327	if (sqlca.sqlcode)
328	break;
329
330	strtrim(rp);
331	strtrim(name);
332	strtrim(duplexname);
333	strtrim(hwtype);
334	strtrim(hostname);
335	strtrim(location);
336	strtrim(contact);
337	strtrim(cupshosts);
338	strcpy(lowerhwtype, hwtype);
339	for (p = rp; p; p++) / Because uppercased printer names suck */
340	p = tolower(p);
341	for (p = lowerhwtype; *p; p++)
342	p = tolower(p);
343
344	fprintf(out, "<Printer %s>\n",rp);
345	fprintf(out, "Info %s:LPRng Queue on %s\n", rp, cupshosts);
346	fprintf(out, "DeviceURI lpd://%s/%s\n", cupshosts, rp);
347	fprintf(out, "State Idle\n"); // Always with the Idle
348	fprintf(out, "StateTime %ld\n", (long)time(NULL));
349	fprintf(out, "Accepting Yes\n");
350	fprintf(out, "Shared Yes\n");
351	fprintf(out, "QuotaPeriod 0\n");
352	fprintf(out, "PageLimit 0\n");
353	fprintf(out, "Klimit 0\n");
354	fprintf(out, "Option sides one-sided\n");
355	fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
356	fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
357	fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
358	fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
359	fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
360	if (location[0])
361	fprintf(out, "Location %s\n", location);
362	fprintf(out, "ErrorPolicy abort-job\n");
363	fprintf(out, "OpPolicy default\n");
364	fprintf(out, "JobSheets none none\n");
365	fprintf(out, "</Printer>\n");
366
367	}
368	EXEC SQL CLOSE csr_lprng_printers;
369	tarfile_end(tf);
370
371
372	/* aliases are in classes.conf */
373	out = tarfile_start(tf, "/etc/cups/classes.conf", 0644, 0, 0,
374	"lp", "lp", now);
375	EXEC SQL DECLARE csr_duplexqs CURSOR FOR
376	SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
377	m.name, pr.banner, pr.location, pr.contact, pr.ka,
378	pr.type as prtype, pr.ac, sh.service
379	FROM printers pr, machine m, serverhosts sh
380	WHERE pr.rm = m.mach_id
381	AND m.mach_id = sh.mach_id AND sh.enable = 1
382	AND (sh.service = 'CUPS-PRINT' OR sh.service = 'PRINT' OR sh.service = 'CUPS-CLUSTER');
383	EXEC SQL OPEN csr_duplexqs;
384	while (1)
385	{
386	EXEC SQL FETCH csr_duplexqs INTO :rp, :name, :duplexname,
387	:hwtype, :hostname, :banner, :location, :contact, :ka, :prtype, :ac, :service;
388	if (sqlca.sqlcode)
389	break;
390
391	strtrim(hwtype);
392	strtrim(service);
393	strtrim(rp);
394	strtrim(location);
395	strtrim(contact);
396	strtrim(prtype);
397
398	/* Define alias queues as classes to the regular queues for
399	* accounting reasons. Annoyingly, classes don't always inherit
400	* their printer definitions.
401	*/
402	if (!strcmp(prtype,"ALIAS"))
403	{
404	strtrim(name);
405	fprintf(out, "<Class %s>\n",name);
406	fprintf(out, "Info Alias Queue to %s:%s\n", rp, hwtype);
407	fprintf(out, "Printer %s\n", rp);
408	fprintf(out, "Option sides one-sided\n");
409	fprintf(out, "State Idle\n"); // Always with the Idle
410	fprintf(out, "StateTime %ld\n", (long)time(NULL));
411	fprintf(out, "Accepting Yes\n");
412	fprintf(out, "Shared Yes\n");
413	fprintf(out, "QuotaPeriod 0\n");
414	fprintf(out, "PageLimit 0\n");
415	if (location[0])
416	fprintf(out, "Location %s\n", location);
417	/* do not use custom policies for LPRng printers */
418	if (strcmp(service,"PRINT") && (ka \|\| lpc_acl))
419	fprintf(out, "OpPolicy %s-policy\n", rp);
420	else
421	fprintf(out, "OpPolicy default\n");
422
423	/* Access-control list. */
424	if (ac)
425	printer_user_list(out, "LIST", ac, "AllowUser", 0);
426
427	if (banner == PRN_BANNER_NONE)
428	fprintf(out, "JobSheets none none\n");
429	else
430	fprintf(out, "JobSheets athena none\n");
431	fprintf(out, "</Class>\n");
432	}
433
434	/* Define duplex queues as aliases to the regular queues for
435	* accounting reasons. Annoyingly, classes don't always inherit
436	* their printer definitions.
437	*/
438	if (*duplexname)
439	{
440	strtrim(duplexname);
441	fprintf(out, "<Class %s>\n",duplexname);
442	if (!strcmp(prtype,"ALIAS"))
443	fprintf(out, "Info Duplex Alias Queue to %s:%s\n", rp, hwtype);
444	else
445	fprintf(out, "Info Duplex Queue for %s:%s\n", rp, hwtype);
446	fprintf(out, "Option sides two-sided-long-edge\n"); // duplex
447	fprintf(out, "Printer %s\n", rp);
448	fprintf(out, "State Idle\n"); // Always with the Idle
449	fprintf(out, "StateTime %ld\n", (long)time(NULL));
450	fprintf(out, "Accepting Yes\n");
451	fprintf(out, "Shared Yes\n");
452	fprintf(out, "QuotaPeriod 0\n");
453	fprintf(out, "PageLimit 0\n");
454	if (location[0])
455	fprintf(out, "Location %s\n", location);
456	if (strcmp(service,"PRINT") && (ka \|\| lpc_acl))
457	fprintf(out, "OpPolicy %s-policy\n", rp);
458	else
459	fprintf(out, "OpPolicy default\n");
460
461	/* Access-control list. */
462	if (ac)
463	printer_user_list(out, "LIST", ac, "AllowUser", 0);
464
465	if (banner == PRN_BANNER_NONE)
466	fprintf(out, "JobSheets none none\n");
467	else if (banner == PRN_BANNER_LAST)
468	fprintf(out, "JobSheets athena none\n");
469	fprintf(out, "</Class>\n");
470	}
471	}
472	EXEC SQL CLOSE csr_duplexqs;
473	tarfile_end(tf);
474
475	/* cups.conf */
476	out = tarfile_start(tf, "/etc/cups/cupsd.conf", 0755, 1, 1,
477	"root", "lp", now);
478
479	fprintf(out, "LogLevel info\n");
480	fprintf(out, "SystemGroup sys root ops-group\n");
481	fprintf(out, "Port 631\n");
482	fprintf(out, "SSLPort 443\n");
483	fprintf(out, "Listen /var/run/cups/cups.sock\n");
484	fprintf(out, "Browsing On\n");
485	fprintf(out, "BrowseOrder allow,deny\n");
486	fprintf(out, "BrowseAllow all\n");
487	fprintf(out, "BrowseAddress @LOCAL\n");
488	fprintf(out, "DefaultAuthType Negotiate\n");
489	fprintf(out, "ServerCertificate /etc/cups/ssl/%s-ipp-crt.pem\n", lhost);
490	fprintf(out, "ServerKey /etc/cups/ssl/%s-ipp-key.pem\n", lhost);
491	fprintf(out, "ServerName %s\n", lhost);
492	fprintf(out, "ServerAlias %s\n", phost);
493	/* fprintf(out, "Krb5Keytab /etc/krb5-ipp.keytab\n"); */
494
495	/* The other CUPS servers should be aware of the other hosts'
496	queues, so we'll let them browse each other. */
497	fprintf(out, "Include cups.local.conf\n");
498	fprintf(out, "Include cups.locations.conf\n");
499	fprintf(out, "Include cups.policies.conf\n");
500	tarfile_end(tf);
501
502	/* cups.hosts.conf */
503	out = tarfile_start(tf, "/etc/cups/cups.hosts.conf", 0755, 1, 1,
504	"root", "lp", now);
505	EXEC SQL DECLARE csr_cupshosts CURSOR FOR
506	SELECT m.name AS cupshosts FROM machine m, printservers ps
507	WHERE m.mach_id = ps.mach_id AND ps.kind = 'CUPS';
508	EXEC SQL OPEN csr_cupshosts;
509	while (1)
510	{
511	EXEC SQL FETCH csr_cupshosts INTO :cupshosts;
512	if (sqlca.sqlcode)
513	break;
514
515	strtrim(cupshosts);
516
517	/* Don't poll yourself looking for answers! */
518	if (strcmp(cupshosts,host))
519	fprintf(out, "BrowsePoll %s\n", cupshosts);
520	}
521	EXEC SQL CLOSE csr_cupshosts;
522
523	tarfile_end(tf);
524
525	/* cups.policies.conf */
526	out = tarfile_start(tf, "/etc/cups/cups.policies.conf", 0755, 1, 1,
527	"root", "lp", now);
528	fprintf(out, "# Printer-specific LPC and LPR ACLs\n");
529	/* lpcaccess.top */
530	EXEC SQL SELECT ps.lpc_acl INTO :top_lpc_acl
531	FROM printservers ps, machine m
532	WHERE m.name = :spoolhost AND m.mach_id = ps.mach_id;
533
534	/* svrlist */
535	EXEC SQL SELECT list_id INTO :svrlist_id
536	FROM list l WHERE l.name = :svrlist;
537
538	/* first, what's our defaults? */
539	fprintf (out, "<Policy default>\n");
540	fprintf (out, "%s\n", alterjob);
541	fprintf (out, "AuthType Default\n");
542	fprintf (out, "Require user @OWNER @SYSTEM\n");
543	printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
544	fprintf (out, "Order deny,allow\n");
545	fprintf (out, "</Limit>\n");
546	fprintf (out, "<Limit Send-Document CUPS-Get-Document>\n");
547	fprintf (out, "AuthType None\n");
548	fprintf (out, "Require user @OWNER @SYSTEM\n");
549	fprintf (out, "Order deny,allow\n");
550	fprintf (out, "Allow from all\n");
551	fprintf (out, "</Limit>\n");
552	fprintf (out, "%s\n", submitjob);
553	fprintf (out, "AuthType None\n");
554	fprintf (out, "Order deny,allow\n");
555	fprintf (out, "Allow from all\n");
556	fprintf (out, "</Limit>\n");
557	fprintf (out, "%s\n", alterpntr);
558	fprintf (out, "AuthType Default\n");
559	fprintf (out, "Require user @SYSTEM\n");
560	fprintf (out, "Order deny,allow\n");
561	fprintf (out, "</Limit>\n");
562	fprintf (out, "%s\n", lpcpntr);
563	fprintf (out, "AuthType Default\n");
564	fprintf (out, "Require user @SYSTEM\n");
565	printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
566	fprintf (out, "Order deny,allow\n");
567	fprintf (out, "</Limit>\n");
568	fprintf (out, "%s\n", canceljob);
569	fprintf (out, "AuthType Default\n");
570	fprintf (out, "Require user @OWNER @SYSTEM\n");
571	printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
572	fprintf (out, "Order deny,allow\n");
573	fprintf (out, "Allow from all\n");
574	fprintf (out, "</Limit>\n");
575	fprintf (out, "%s\n", catchall);
576	fprintf (out, "AuthType None\n");
577	fprintf (out, "Order deny,allow\n");
578	fprintf (out, "Allow from all\n");
579	fprintf (out, "</Limit>\n");
580	fprintf (out, "</Policy>\n");
581
582	/* restrict lists and lpcaccess policies. Sadly, we have to put the
583	top level for each new policy since CUPS doesn't have a way of
584	doing it otherwise (well, Unix groups, but not moira) */
585	EXEC SQL DECLARE csr_lpc CURSOR FOR
586	SELECT UNIQUE rp, ka, ac, lpc_acl
587	FROM printers
588	WHERE (ac != 0 OR lpc_acl != 0) AND rm in (SELECT m.mach_id FROM machine m, serverhosts sh
589	WHERE m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER')
590	AND sh.enable = 1);
591	EXEC SQL OPEN csr_lpc;
592	while (1)
593	{
594	EXEC SQL FETCH csr_lpc INTO :name, :ka, :ac, :lpc_acl;
595	if (sqlca.sqlcode)
596	break;
597
598	strtrim(name);
599
600	fprintf (out, "<Policy %s-policy>\n", name);
601	fprintf (out, "%s\n", alterjob);
602	fprintf (out, "AuthType Default\n");
603	fprintf (out, "Require user @OWNER @SYSTEM\n");
604	printer_user_list(out, "LIST", lpc_acl, "Require user", 1);
605	printer_user_list(out, "LIST", svrlist_id, "Require user", 1);
606	fprintf (out, "Order deny,allow\n");
607	fprintf (out, "Allow from all\n");
608	fprintf (out, "</Limit>\n");
609	fprintf (out, "<Limit Send-Document CUPS-Get-Document>\n");
610	fprintf (out, "AuthType None\n");
611	fprintf (out, "Require user @OWNER @SYSTEM\n");
612	fprintf (out, "Order deny,allow\n");
613	fprintf (out, "Allow from all\n");
614	fprintf (out, "</Limit>\n");
615	fprintf (out, "%s\n", submitjob);
616	/* If the printer is Kerberized? */
617	if (ka)
618	fprintf (out, "AuthType Negotiate\n");
619	else
620	fprintf (out, "AuthType None\n");
621	/* Access-control list. */
622	if (ac) {
623	printer_user_list(out, "LIST", ac, "Require user", 1);
624	printer_user_list(out, "LIST", svrlist_id, "Require user", 1);
625	}
626	else if (ka)
627	fprintf (out, "Require valid-user\n");
628	fprintf (out, "Order deny,allow\n");
629	fprintf (out, "Allow from all\n");
630	fprintf (out, "</Limit>\n");
631	fprintf (out, "%s\n", alterpntr);
632	fprintf (out, "AuthType Default\n");
633	fprintf (out, "Require user @SYSTEM\n");
634	fprintf (out, "Order deny,allow\n");
635	fprintf (out, "</Limit>\n");
636	fprintf (out, "%s\n", lpcpntr);
637	fprintf (out, "AuthType Default\n");
638	fprintf (out, "Require user @SYSTEM\n");
639	/* printer-specific lpc access. */
640	if (lpc_acl)
641	printer_user_list(out, "LIST", lpc_acl, "Require user", 1);
642	printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
643	fprintf (out, "Order deny,allow\n");
644	fprintf (out, "</Limit>\n");
645	fprintf (out, "%s\n", canceljob);
646	fprintf (out, "AuthType Default\n");
647	fprintf (out, "Require user @OWNER @SYSTEM\n");
648	printer_user_list(out, "LIST", lpc_acl, "Require user", 1);
649	printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
650	fprintf (out, "Order deny,allow\n");
651	fprintf (out, "Allow from all\n");
652	fprintf (out, "</Limit>\n");
653	fprintf (out, "%s\n", catchall);
654	fprintf (out, "AuthType None\n");
655	fprintf (out, "Order deny,allow\n");
656	fprintf (out, "Allow from all\n");
657	fprintf (out, "</Limit>\n");
658	fprintf (out, "</Policy>\n");
659	}
660	EXEC SQL CLOSE csr_lpc;
661	fprintf(out, "\n");
662	tarfile_end(tf);
663	tarfile_close(tf);
664	}
665
666	void sqlerr(void)
667	{
668	db_error(sqlca.sqlcode);
669	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format