source: trunk/third/moira/gen/cups-print.pc @ 24447

Revision 24447, 23.6 KB checked in by broder, 14 years ago (diff)
In moira: * New SVN snapshot.
Line 
1/* $Id: cups-print.pc 3996 2010-03-30 15:40:58Z zacheiss $
2 *
3 * This generates printcaps and other files for Athena print servers
4 *
5 * Copyright (C) 1992-1998 by the Massachusetts Institute of Technology.
6 * For copying and distribution information, please see the file
7 * <mit-copyright.h>.
8 */
9
10#include <mit-copyright.h>
11#include <moira.h>
12#include <moira_site.h>
13
14#include <sys/stat.h>
15#include <sys/types.h>
16
17#include <ctype.h>
18#include <stdio.h>
19#include <string.h>
20
21#include <time.h>
22#ifdef HAVE_KRB4
23#include <krb.h>
24#endif
25#include <krb5.h>
26
27#include "util.h"
28
29EXEC SQL INCLUDE sqlca;
30
31RCSID("$HeadURL: svn+ssh://svn.mit.edu/moira/trunk/moira/gen/cups-print.pc $ $Id: cups-print.pc 3996 2010-03-30 15:40:58Z zacheiss $");
32
33char *whoami = "cups-print.gen";
34char *db = "moira/moira";
35
36const int krbvers = 5;  /* use Kerberos 5 */
37
38/* OMG, I hate this, but it's cleaner, I guess? */
39
40const char *alterjob = "<Limit Hold-Job Release-Job\
41 Restart-Job Purge-Jobs Reprocess-Job Set-Job-Attributes\
42 Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>";
43const char *submitjob = "<Limit Create-Job Print-Job Print-URI\
44 Set-Job-Attributes Send-URI Create-Job-Subscription Renew-Subscription\
45 Cancel-Subscription Get-Notifications CUPS-Move-Job CUPS-Authenticate-Job>";
46const char *alterpntr = "<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer\
47 CUPS-Add-Modify-Class CUPS-Delete-Class>";
48const char *lpcpntr = "<Limit Pause-Printer Resume-Printer Enable-Printer\
49 Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs\
50 Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer\
51 Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After\
52 CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>";
53const char *canceljob = "<Limit Cancel-Job>";
54const char *catchall = "<Limit All>";
55const char *phost = "printers.MIT.EDU";
56
57void do_host(char *host);
58void sqlerr(void);
59#ifndef MAX
60#define MAX(a, b) ( (a) > (b) ? (a) : (b) )
61#endif
62
63int main(int argc, char **argv)
64{
65  EXEC SQL BEGIN DECLARE SECTION;
66  char name[MACHINE_NAME_SIZE];
67  EXEC SQL END DECLARE SECTION;
68
69  init_acls();
70
71  EXEC SQL CONNECT :db;
72
73  EXEC SQL WHENEVER SQLERROR DO sqlerr();
74
75  EXEC SQL DECLARE csr_hosts CURSOR FOR
76    SELECT m.name FROM machine m, serverhosts sh
77    WHERE m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER')
78    AND sh.enable = 1;
79  EXEC SQL OPEN csr_hosts;
80  while (1)
81    {
82      EXEC SQL FETCH csr_hosts INTO :name;
83      if (sqlca.sqlcode)
84        break;
85
86      strtrim(name);
87      do_host(name);
88    }
89  EXEC SQL CLOSE csr_hosts;
90
91  exit(MR_SUCCESS);
92}
93
94void printer_user_list(FILE *out, char *type, int id, char *str, int striprealm)
95{
96  struct save_queue *sq;
97  struct imember *m;
98  char kbuf[MAX_K_NAME_SZ];
99  char *cp;
100
101  sq = get_acl(type, id, NULL);
102  while (sq_remove_data(sq, &m))
103    {
104      if (m->type != 'S' && m->type != 0) {
105        /* CUPS wants mmanley/root, not mmanley.root@ATHENA.MIT.EDU */
106        canon_krb(m, krbvers, kbuf, sizeof(kbuf));
107
108        /* now, take out all the @realm */
109        if (striprealm) {
110        for (cp=kbuf; *cp; cp++) {
111          if (*cp == '@') *cp = '\0';
112        }
113        }
114        fprintf(out, "%s %s\n", str, kbuf);
115      }
116      freeimember(m);
117    }
118  sq_destroy(sq);
119}
120
121
122
123void do_host(char *host)
124{
125  EXEC SQL BEGIN DECLARE SECTION;
126  char rp[PRINTERS_RP_SIZE], name[PRINTERS_NAME_SIZE];
127  char duplexname[PRINTERS_DUPLEXNAME_SIZE], location[PRINTERS_LOCATION_SIZE];
128  char hwtype[PRINTERS_HWTYPE_SIZE], lowerhwtype[PRINTERS_HWTYPE_SIZE];
129  char modtime[PRINTERS_MODTIME_SIZE], lmodtime[LIST_MODTIME_SIZE];
130  char contact[PRINTERS_CONTACT_SIZE], hostname[MACHINE_NAME_SIZE];
131  char cupshosts[MACHINE_NAME_SIZE], prtype [PRINTERS_TYPE_SIZE];
132  char service[SERVERHOSTS_SERVICE_SIZE];
133  char *spoolhost = host, *unixtime_fmt = UNIXTIME_FMT, *p;
134  char *lhost;
135  int ka, pc, ac, lpc_acl, top_lpc_acl, banner, rm, svrlist_id, duplexdefault, holddefault;
136  EXEC SQL END DECLARE SECTION;
137  TARFILE *tf;
138  FILE *out;
139  char filename[MAXPATHLEN], *duptc;
140  time_t mtime, now = time(NULL);
141
142  lhost = (char *) strdup (host);
143  for (p = lhost; *p; p++)
144     *p = tolower(*p);
145
146  EXEC SQL SELECT mach_id INTO :rm FROM machine
147    WHERE name = :spoolhost;
148
149  sprintf(filename, "%s/cups-print/%s", DCM_DIR, host);
150  tf = tarfile_open(filename);
151
152  /* printers.conf entries for locally run queues */
153  out = tarfile_start(tf, "/etc/cups/printers.conf", 0644, 0, 0,
154                      "lp", "lp", now);
155
156  EXEC SQL DECLARE csr_printers CURSOR FOR
157    SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
158    m.name, pr.banner, pr.location, pr.contact, pr.ka,
159    pr.ac, pr.lpc_acl, pr.duplexdefault, pr.holddefault
160    FROM printers pr, machine m
161    WHERE pr.rm = :rm AND m.mach_id = pr.mach_id
162    AND pr.status = 1 AND m.status !=3
163    AND pr.type != 'ALIAS';
164  EXEC SQL OPEN csr_printers;
165  while (1)
166    {
167      EXEC SQL FETCH csr_printers INTO :rp, :name, :duplexname,
168        :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl,
169        :duplexdefault, :holddefault;
170      if (sqlca.sqlcode)
171        break;
172
173      strtrim(rp);
174      strtrim(name);
175      strtrim(duplexname);
176      strtrim(hwtype);
177      strtrim(hostname);
178      strtrim(location);
179      strtrim(contact);
180      strcpy(lowerhwtype, hwtype);
181      for (p = rp; *p; p++)     /* Because uppercased printer names suck */
182        *p = tolower(*p);
183      for (p = lowerhwtype; *p; p++)
184        *p = tolower(*p);
185      for (p = name; *p; p++)
186        *p = tolower(*p);
187
188      fprintf(out, "<Printer %s>\n",name);
189      fprintf(out, "Info %s:%s\n", name, hwtype);
190      if (!strncmp(hwtype, "HP", 2))
191          fprintf(out, "DeviceURI accsnmp://socket://%s:9100\n", hostname);
192      else if (!strncmp(hwtype, "LPR", 3))
193          fprintf(out, "DeviceURI lpd://%s/%s\n", hostname, rp);
194      else
195          fprintf(out, "DeviceURI accsnmp://socket://%s\n", hostname);
196      fprintf(out, "State Idle\n");     /* Always with the Idle */
197      fprintf(out, "StateTime %ld\n", (long)time(NULL));
198      if (holddefault)
199          fprintf(out, "Reason hold-new-jobs\n");
200      fprintf(out, "Accepting Yes\n");
201      fprintf(out, "Shared Yes\n");
202      fprintf(out, "QuotaPeriod 0\n");
203      fprintf(out, "PageLimit 0\n");
204      fprintf(out, "Klimit 0\n");
205      if (duplexdefault)
206          fprintf(out, "Option sides two-sided-long-edge\n");
207      else
208          fprintf(out, "Option sides one-sided\n");
209      fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
210      fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
211      fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
212      fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
213      fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
214      if (location[0])
215        fprintf(out, "Location %s\n", location);
216      fprintf(out, "ErrorPolicy abort-job\n");
217      if (ka || lpc_acl)
218        fprintf(out, "OpPolicy %s-policy\n", rp);
219      else
220        fprintf(out, "OpPolicy default\n");
221
222      /* Access-control list. */
223      if (ac)
224        {
225          if (ka)
226            fprintf(out, "AuthType Negotiate\n");
227          else
228            fprintf(out, "AuthType Default\n");
229          printer_user_list(out, "LIST", ac, "AllowUser", 0);
230        }
231
232      if (banner == PRN_BANNER_NONE)
233        fprintf(out, "JobSheets none none\n");
234      else
235        fprintf(out, "JobSheets athena none\n");
236      fprintf(out, "</Printer>\n");
237
238    }
239  EXEC SQL CLOSE csr_printers;
240
241  /* printers.conf entries for non-local CUPS queues */
242  EXEC SQL DECLARE csr_remote_printers CURSOR FOR
243    SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
244    m.name, pr.banner, pr.location, pr.contact, pr.ka,
245    pr.ac, pr.lpc_acl, m.name as cupshosts, pr.duplexdefault
246    FROM printers pr, machine m, machine m2, serverhosts sh
247    WHERE pr.rm = m.mach_id
248    AND pr.status = 1 AND pr.mach_id = m2.mach_id AND m2.status !=3
249    AND pr.type != 'ALIAS' AND m.name <> :spoolhost AND
250    m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER')
251    AND sh.enable = 1 AND m.mach_id = sh.mach_id;
252
253  EXEC SQL OPEN csr_remote_printers;
254  while (1)
255    {
256      EXEC SQL FETCH csr_remote_printers INTO :rp, :name, :duplexname,
257        :hwtype, :hostname, :banner, :location, :contact, :ka, :ac,
258        :lpc_acl, :cupshosts, :duplexdefault;
259      if (sqlca.sqlcode)
260        break;
261
262      strtrim(rp);
263      strtrim(name);
264      strtrim(duplexname);
265      strtrim(hwtype);
266      strtrim(hostname);
267      strtrim(location);
268      strtrim(contact);
269      strtrim(cupshosts);
270      strcpy(lowerhwtype, hwtype);
271      for (p = rp; *p; p++)     /* Because uppercased printer names suck */
272        *p = tolower(*p);
273      for (p = lowerhwtype; *p; p++)
274        *p = tolower(*p);
275      for (p = name; *p; p++)
276        *p = tolower(*p);
277
278      fprintf(out, "<Printer %s>\n",name);
279      fprintf(out, "Info %s:%s\n", name, hwtype);
280      fprintf(out, "DeviceURI ipp://%s:631/printers/%s?waitprinter=false&waitjob=false\n", cupshosts, name);
281      fprintf(out, "State Idle\n");     /* Always with the Idle */
282      fprintf(out, "StateTime %ld\n", (long)time(NULL));
283      fprintf(out, "Accepting Yes\n");
284      fprintf(out, "Shared Yes\n");
285      fprintf(out, "QuotaPeriod 0\n");
286      fprintf(out, "PageLimit 0\n");
287      fprintf(out, "Klimit 0\n");
288      if (duplexdefault)
289          fprintf(out, "Option sides two-sided-long-edge\n");
290      else
291          fprintf(out, "Option sides one-sided\n");
292      fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
293      fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
294      fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
295      fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
296      fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
297      if (location[0])
298        fprintf(out, "Location %s\n", location);
299      fprintf(out, "ErrorPolicy abort-job\n");
300      if (ka || lpc_acl)
301        fprintf(out, "OpPolicy %s-policy\n", rp);
302      else
303        fprintf(out, "OpPolicy default\n");
304
305      /* Access-control list. */
306      if (ac)
307        {
308          if (ka)
309            fprintf(out, "AuthType Negotiate\n");
310          else
311            fprintf(out, "AuthType Default\n");
312          printer_user_list(out, "LIST", ac, "AllowUser", 0);
313        }
314
315      if (banner == PRN_BANNER_NONE)
316        fprintf(out, "JobSheets none none\n");
317      else
318        fprintf(out, "JobSheets athena none\n");
319      fprintf(out, "</Printer>\n");
320
321    }
322  EXEC SQL CLOSE csr_remote_printers;
323
324  /* printers.conf entries for non-local LPRng queues */
325  EXEC SQL DECLARE csr_lprng_printers CURSOR FOR
326    SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
327    m.name, pr.banner, pr.location, pr.contact, pr.ka,
328    pr.ac, pr.lpc_acl, m.name, pr.duplexdefault as cupshosts
329    FROM printers pr, machine m, machine m2, serverhosts sh
330    WHERE pr.rm = m.mach_id
331    AND pr.status = 1 AND pr.mach_id = m2.mach_id AND m2.status != 3
332    AND pr.type != 'ALIAS' AND m.name <> :spoolhost AND
333    m.mach_id = sh.mach_id AND sh.service = 'PRINT' AND
334    sh.enable = 1;
335
336  EXEC SQL OPEN csr_lprng_printers;
337  while (1)
338    {
339      EXEC SQL FETCH csr_lprng_printers INTO :rp, :name, :duplexname,
340        :hwtype, :hostname, :banner, :location, :contact, :ka, :ac,
341        :lpc_acl, :cupshosts, :duplexdefault;
342      if (sqlca.sqlcode)
343        break;
344
345      strtrim(rp);
346      strtrim(name);
347      strtrim(duplexname);
348      strtrim(hwtype);
349      strtrim(hostname);
350      strtrim(location);
351      strtrim(contact);
352      strtrim(cupshosts);
353      strcpy(lowerhwtype, hwtype);
354      for (p = rp; *p; p++)     /* Because uppercased printer names suck */
355        *p = tolower(*p);
356      for (p = lowerhwtype; *p; p++)
357        *p = tolower(*p);
358      for (p = name; *p; p++)
359        *p = tolower(*p);
360
361      fprintf(out, "<Printer %s>\n",name);
362      fprintf(out, "Info %s:LPRng Queue on %s\n", name, cupshosts);
363      fprintf(out, "DeviceURI lpd://%s/%s\n", cupshosts, rp);
364      fprintf(out, "State Idle\n");     /* Always with the Idle */
365      fprintf(out, "StateTime %ld\n", (long)time(NULL));
366      fprintf(out, "Accepting Yes\n");
367      fprintf(out, "Shared Yes\n");
368      fprintf(out, "QuotaPeriod 0\n");
369      fprintf(out, "PageLimit 0\n");
370      fprintf(out, "Klimit 0\n");
371      if (duplexdefault)
372          fprintf(out, "Option sides two-sided-long-edge\n");
373      else
374          fprintf(out, "Option sides one-sided\n");
375      fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
376      fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
377      fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
378      fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
379      fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
380      if (location[0])
381        fprintf(out, "Location %s\n", location);
382      fprintf(out, "ErrorPolicy abort-job\n");
383      fprintf(out, "OpPolicy default\n");
384      fprintf(out, "JobSheets none none\n");
385      fprintf(out, "</Printer>\n");
386
387    }
388  EXEC SQL CLOSE csr_lprng_printers;
389  tarfile_end(tf);
390
391
392  /* aliases are in classes.conf */
393  out = tarfile_start(tf, "/etc/cups/classes.conf", 0644, 0, 0,
394                  "lp", "lp", now);
395  EXEC SQL DECLARE csr_duplexqs CURSOR FOR
396    SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
397    m.name, pr.banner, pr.location, pr.contact, pr.ka,
398    pr.type as prtype, pr.ac, sh.service, pr.duplexdefault
399    FROM printers pr, machine m, machine m2, serverhosts sh
400    WHERE pr.rm = m.mach_id
401    AND pr.status = 1 AND pr.mach_id = m2.mach_id AND m2.status !=3
402    AND m.mach_id = sh.mach_id AND sh.enable = 1
403    AND (sh.service = 'CUPS-PRINT' OR sh.service = 'PRINT' OR sh.service = 'CUPS-CLUSTER');
404  EXEC SQL OPEN csr_duplexqs;
405  while (1)
406    {
407      EXEC SQL FETCH csr_duplexqs INTO :rp, :name, :duplexname,
408        :hwtype, :hostname, :banner, :location, :contact, :ka,
409        :prtype, :ac, :service, :duplexdefault;
410      if (sqlca.sqlcode)
411        break;
412
413      strtrim(hwtype);
414      strtrim(service);
415      strtrim(rp);
416      strtrim(location);
417      strtrim(contact);
418      strtrim(prtype);
419
420      /* Define alias queues as classes to the regular queues for
421       * accounting reasons.  Annoyingly, classes don't always inherit
422       * their printer definitions.
423      */
424      if (!strcmp(prtype,"ALIAS"))
425        {
426          strtrim(name);
427          fprintf(out, "<Class %s>\n",name);
428          fprintf(out, "Info Alias Queue to %s:%s\n", rp, hwtype);
429          fprintf(out, "Printer %s\n", rp);
430          if (duplexdefault)
431            fprintf(out, "Option sides two-sided-long-edge\n");
432          else
433            fprintf(out, "Option sides one-sided\n");
434          fprintf(out, "State Idle\n"); /* Always with the Idle */
435          fprintf(out, "StateTime %ld\n", (long)time(NULL));
436          fprintf(out, "Accepting Yes\n");
437          fprintf(out, "Shared Yes\n");
438          fprintf(out, "QuotaPeriod 0\n");
439          fprintf(out, "PageLimit 0\n");
440          if (location[0])
441            fprintf(out, "Location %s\n", location);
442          /* do not use custom policies for LPRng printers */
443          if (strcmp(service,"PRINT") && (ka || lpc_acl))
444            fprintf(out, "OpPolicy %s-policy\n", rp);
445          else
446            fprintf(out, "OpPolicy default\n");
447   
448          /* Access-control list. */
449          if (ac)
450            printer_user_list(out, "LIST", ac, "AllowUser", 0);
451   
452          if (banner == PRN_BANNER_NONE)
453            fprintf(out, "JobSheets none none\n");
454          else
455            fprintf(out, "JobSheets athena none\n");
456          fprintf(out, "</Class>\n");
457      }
458
459      /* Define duplex queues as aliases to the regular queues for
460       * accounting reasons.  Annoyingly, classes don't always inherit
461       * their printer definitions.
462      */
463      if (*duplexname && !duplexdefault)
464        {
465          strtrim(duplexname);
466          fprintf(out, "<Class %s>\n",duplexname);
467          if (!strcmp(prtype,"ALIAS"))
468            fprintf(out, "Info Duplex Alias Queue to %s:%s\n", rp, hwtype);
469          else
470            fprintf(out, "Info Duplex Queue for %s:%s\n", rp, hwtype);
471          fprintf(out, "Option sides two-sided-long-edge\n");   // duplex
472          fprintf(out, "Printer %s\n", rp);
473          fprintf(out, "State Idle\n"); /* Always with the Idle */
474          fprintf(out, "StateTime %ld\n", (long)time(NULL));
475          fprintf(out, "Accepting Yes\n");
476          fprintf(out, "Shared Yes\n");
477          fprintf(out, "QuotaPeriod 0\n");
478          fprintf(out, "PageLimit 0\n");
479          if (location[0])
480            fprintf(out, "Location %s\n", location);
481          if (strcmp(service,"PRINT") && (ka || lpc_acl))
482            fprintf(out, "OpPolicy %s-policy\n", rp);
483          else
484            fprintf(out, "OpPolicy default\n");
485   
486          /* Access-control list. */
487          if (ac)
488            printer_user_list(out, "LIST", ac, "AllowUser", 0);
489   
490          if (banner == PRN_BANNER_NONE)
491            fprintf(out, "JobSheets none none\n");
492          else if (banner == PRN_BANNER_LAST)
493            fprintf(out, "JobSheets athena none\n");
494          fprintf(out, "</Class>\n");
495        }
496    }
497  EXEC SQL CLOSE csr_duplexqs;
498  tarfile_end(tf);
499
500  /* cups.conf */
501  out = tarfile_start(tf, "/etc/cups/cupsd.conf", 0755, 1, 1,
502                      "root", "lp", now);
503
504  fprintf(out, "LogLevel error\n");
505  fprintf(out, "SystemGroup sys root ops-group\n");
506  fprintf(out, "Port 631\n");
507  fprintf(out, "SSLPort 443\n");
508  fprintf(out, "Listen /var/run/cups/cups.sock\n");
509  fprintf(out, "Browsing On\n");
510  fprintf(out, "BrowseOrder allow,deny\n");
511  fprintf(out, "BrowseAllow all\n");
512  fprintf(out, "BrowseAddress @LOCAL\n");
513  fprintf(out, "DefaultAuthType Negotiate\n");
514  fprintf(out, "ServerCertificate /etc/cups/ssl/%s-ipp-crt.pem\n", lhost);
515  fprintf(out, "ServerKey /etc/cups/ssl/%s-ipp-key.pem\n", lhost);
516  fprintf(out, "ServerName %s\n", lhost);
517  fprintf(out, "ServerAlias %s\n", phost);
518  /* fprintf(out, "Krb5Keytab /etc/krb5-ipp.keytab\n"); */
519
520  /* The other CUPS servers should be aware of the other hosts'
521     queues, so we'll let them browse each other. */
522  fprintf(out, "Include cups.local.conf\n");
523  fprintf(out, "Include cups.locations.conf\n");
524  fprintf(out, "Include cups.policies.conf\n");
525  tarfile_end(tf);
526
527  /* cups.hosts.conf */
528  out = tarfile_start(tf, "/etc/cups/cups.hosts.conf", 0755, 1, 1,
529                      "root", "lp", now);
530  EXEC SQL DECLARE csr_cupshosts CURSOR FOR
531    SELECT m.name AS cupshosts FROM machine m, printservers ps
532    WHERE m.mach_id = ps.mach_id AND ps.kind = 'CUPS';
533  EXEC SQL OPEN csr_cupshosts;
534  while (1)
535    {
536      EXEC SQL FETCH csr_cupshosts INTO :cupshosts;
537      if (sqlca.sqlcode)
538        break;
539
540      strtrim(cupshosts);
541
542      /* Don't poll yourself looking for answers! */
543      if (strcmp(cupshosts,host))
544         fprintf(out, "BrowsePoll %s\n", cupshosts);
545    }
546  EXEC SQL CLOSE csr_cupshosts;
547
548  tarfile_end(tf);
549
550  /* cups.policies.conf */
551  out = tarfile_start(tf, "/etc/cups/cups.policies.conf", 0755, 1, 1,
552                      "root", "lp", now);
553  fprintf(out, "# Printer-specific LPC and LPR ACLs\n");
554  /* lpcaccess.top */
555  EXEC SQL SELECT ps.lpc_acl INTO :top_lpc_acl
556    FROM printservers ps, machine m
557    WHERE m.name = :spoolhost AND m.mach_id = ps.mach_id;
558
559  /* first, what's our defaults? */
560  fprintf (out, "<Policy default>\n");
561  fprintf (out, "%s\n", alterjob);
562  fprintf (out, "AuthType Default\n");
563  fprintf (out, "Require user @OWNER @SYSTEM\n");
564  printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
565  fprintf (out, "Order deny,allow\n");
566  fprintf (out, "</Limit>\n");
567  fprintf (out, "<Limit Send-Document CUPS-Get-Document>\n");
568  fprintf (out, "AuthType None\n");
569  fprintf (out, "Require user @OWNER @SYSTEM\n");
570  fprintf (out, "Order deny,allow\n");
571  fprintf (out, "Allow from all\n");
572  fprintf (out, "</Limit>\n");
573  fprintf (out, "%s\n", submitjob);
574  fprintf (out, "AuthType None\n");
575  fprintf (out, "Order deny,allow\n");
576  fprintf (out, "Allow from all\n");
577  fprintf (out, "</Limit>\n");
578  fprintf (out, "%s\n", alterpntr);
579  fprintf (out, "AuthType Default\n");
580  fprintf (out, "Require user @SYSTEM\n");
581  fprintf (out, "Order deny,allow\n");
582  fprintf (out, "</Limit>\n");
583  fprintf (out, "%s\n", lpcpntr);
584  fprintf (out, "AuthType Default\n");
585  fprintf (out, "Require user @SYSTEM\n");
586  printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
587  fprintf (out, "Order deny,allow\n");
588  fprintf (out, "</Limit>\n");
589  fprintf (out, "%s\n", canceljob);
590  fprintf (out, "AuthType Default\n");
591  fprintf (out, "Require user @OWNER @SYSTEM\n");
592  printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
593  fprintf (out, "Order deny,allow\n");
594  fprintf (out, "Allow from all\n");
595  fprintf (out, "</Limit>\n");
596  fprintf (out, "%s\n", catchall);
597  fprintf (out, "AuthType None\n");
598  fprintf (out, "Order deny,allow\n");
599  fprintf (out, "Allow from all\n");
600  fprintf (out, "</Limit>\n");
601  fprintf (out, "</Policy>\n");
602
603  /* restrict lists and lpcaccess policies.  Sadly, we have to put the
604     top level for each new policy since CUPS doesn't have a way of
605     doing it otherwise (well, Unix groups, but not moira) */
606  EXEC SQL DECLARE csr_lpc CURSOR FOR
607    SELECT UNIQUE pr.rp, pr.ka, pr.ac, pr.lpc_acl
608    FROM printers pr, machine m
609    WHERE (pr.ac != 0 OR pr.lpc_acl != 0)
610    AND pr.status = 1 and pr.mach_id = m.mach_id AND m.status !=3
611    AND pr.rm in (SELECT m.mach_id FROM machine m, serverhosts sh
612    WHERE m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER')
613    AND sh.enable = 1);
614  EXEC SQL OPEN csr_lpc;
615  while (1)
616    {
617      EXEC SQL FETCH csr_lpc INTO :name, :ka, :ac, :lpc_acl;
618      if (sqlca.sqlcode)
619        break;
620
621      strtrim(name);
622
623      fprintf (out, "<Policy %s-policy>\n", name);
624      fprintf (out, "%s\n", alterjob);
625      fprintf (out, "AuthType Default\n");
626      fprintf (out, "Require user @OWNER @SYSTEM\n");
627      printer_user_list(out, "LIST", lpc_acl, "Require user", 1);
628      fprintf (out, "Order deny,allow\n");
629      fprintf (out, "Allow from all\n");
630      fprintf (out, "</Limit>\n");
631      fprintf (out, "<Limit Send-Document CUPS-Get-Document>\n");
632      fprintf (out, "AuthType None\n");
633      fprintf (out, "Require user @OWNER @SYSTEM\n");
634      fprintf (out, "Order deny,allow\n");
635      fprintf (out, "Allow from all\n");
636      fprintf (out, "</Limit>\n");
637      fprintf (out, "%s\n", submitjob);
638      /* If the printer is Kerberized? */
639      if (ka)
640        fprintf (out, "AuthType Negotiate\n");
641      else
642        fprintf (out, "AuthType None\n");
643      /* Access-control list. */
644      if (ac)
645        printer_user_list(out, "LIST", ac, "Require user", 1);
646      else if (ka)
647        fprintf (out, "Require valid-user\n");
648      fprintf (out, "Order deny,allow\n");
649      fprintf (out, "Allow from all\n");
650      fprintf (out, "</Limit>\n");
651      fprintf (out, "%s\n", alterpntr);
652      fprintf (out, "AuthType Default\n");
653      fprintf (out, "Require user @SYSTEM\n");
654      fprintf (out, "Order deny,allow\n");
655      fprintf (out, "</Limit>\n");
656      fprintf (out, "%s\n", lpcpntr);
657      fprintf (out, "AuthType Default\n");
658      fprintf (out, "Require user @SYSTEM\n");
659      /* printer-specific lpc access. */
660      if (lpc_acl)
661        printer_user_list(out, "LIST", lpc_acl, "Require user", 1);
662      printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
663      fprintf (out, "Order deny,allow\n");
664      fprintf (out, "</Limit>\n");
665      fprintf (out, "%s\n", canceljob);
666      fprintf (out, "AuthType Default\n");
667      fprintf (out, "Require user @OWNER @SYSTEM\n");
668      printer_user_list(out, "LIST", lpc_acl, "Require user", 1);
669      printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
670      fprintf (out, "Order deny,allow\n");
671      fprintf (out, "Allow from all\n");
672      fprintf (out, "</Limit>\n");
673      fprintf (out, "%s\n", catchall);
674      fprintf (out, "AuthType None\n");
675      fprintf (out, "Order deny,allow\n");
676      fprintf (out, "Allow from all\n");
677      fprintf (out, "</Limit>\n");
678      fprintf (out, "</Policy>\n");
679    }
680  EXEC SQL CLOSE csr_lpc;
681  fprintf(out, "\n");
682  tarfile_end(tf);
683  tarfile_close(tf);
684}
685
686void sqlerr(void)
687{
688  db_error(sqlca.sqlcode);
689}
Note: See TracBrowser for help on using the repository browser.