Context Navigation

cups-print.pc @ 25198

Visit:

Revision 25198, 23.7 KB checked in by jdreed, 13 years ago (diff)
In moira: * Snapshot moira@r4042 (6/28/11) * Update version number to include moira revision number

Line
1	/* $Id: cups-print.pc 4033 2011-03-15 16:33:20Z zacheiss $
2	*
3	* This generates printcaps and other files for Athena print servers
4	*
5	* Copyright (C) 1992-1998 by the Massachusetts Institute of Technology.
6	* For copying and distribution information, please see the file
7	* <mit-copyright.h>.
8	*/
9
10	#include <mit-copyright.h>
11	#include <moira.h>
12	#include <moira_site.h>
13
14	#include <sys/stat.h>
15	#include <sys/types.h>
16
17	#include <ctype.h>
18	#include <stdio.h>
19	#include <string.h>
20
21	#include <time.h>
22	#ifdef HAVE_KRB4
23	#include <krb.h>
24	#endif
25	#include <krb5.h>
26
27	#include "util.h"
28
29	EXEC SQL INCLUDE sqlca;
30
31	RCSID("$HeadURL: svn+ssh://svn.mit.edu/moira/trunk/moira/gen/cups-print.pc $ $Id: cups-print.pc 4033 2011-03-15 16:33:20Z zacheiss $");
32
33	char *whoami = "cups-print.gen";
34	char *db = "moira/moira";
35
36	const int krbvers = 5; /* use Kerberos 5 */
37
38	/* OMG, I hate this, but it's cleaner, I guess? */
39
40	const char *alterjob = "<Limit Hold-Job Release-Job\
41	Restart-Job Purge-Jobs Reprocess-Job Set-Job-Attributes\
42	Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>";
43	const char *submitjob = "<Limit Create-Job Print-Job Print-URI\
44	Set-Job-Attributes Send-URI Create-Job-Subscription Renew-Subscription\
45	Cancel-Subscription Get-Notifications CUPS-Move-Job CUPS-Authenticate-Job>";
46	const char *alterpntr = "<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer\
47	CUPS-Add-Modify-Class CUPS-Delete-Class>";
48	const char *lpcpntr = "<Limit Pause-Printer Resume-Printer Enable-Printer\
49	Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs\
50	Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer\
51	Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After\
52	CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>";
53	const char *canceljob = "<Limit Cancel-Job>";
54	const char *catchall = "<Limit All>";
55	const char *phost = "printers.MIT.EDU";
56
57	void do_host(char *host);
58	void sqlerr(void);
59	#ifndef MAX
60	#define MAX(a, b) ( (a) > (b) ? (a) : (b) )
61	#endif
62
63	int main(int argc, char **argv)
64	{
65	EXEC SQL BEGIN DECLARE SECTION;
66	char name[MACHINE_NAME_SIZE];
67	EXEC SQL END DECLARE SECTION;
68
69	init_acls();
70
71	EXEC SQL CONNECT :db;
72
73	EXEC SQL WHENEVER SQLERROR DO sqlerr();
74
75	EXEC SQL DECLARE csr_hosts CURSOR FOR
76	SELECT m.name FROM machine m, serverhosts sh
77	WHERE m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER')
78	AND sh.enable = 1;
79	EXEC SQL OPEN csr_hosts;
80	while (1)
81	{
82	EXEC SQL FETCH csr_hosts INTO :name;
83	if (sqlca.sqlcode)
84	break;
85
86	strtrim(name);
87	do_host(name);
88	}
89	EXEC SQL CLOSE csr_hosts;
90
91	exit(MR_SUCCESS);
92	}
93
94	void printer_user_list(FILE out, char type, int id, char *str, int striprealm)
95	{
96	struct save_queue *sq;
97	struct imember *m;
98	char kbuf[MAX_K_NAME_SZ];
99	char *cp;
100
101	sq = get_acl(type, id, NULL);
102	while (sq_remove_data(sq, &m))
103	{
104	if (m->type != 'S' && m->type != 0) {
105	/* CUPS wants mmanley/root, not mmanley.root@ATHENA.MIT.EDU */
106	canon_krb(m, krbvers, kbuf, sizeof(kbuf));
107
108	/* now, take out all the @realm */
109	if (striprealm) {
110	for (cp=kbuf; *cp; cp++) {
111	if (cp == '@') cp = '\0';
112	}
113	}
114	fprintf(out, "%s %s\n", str, kbuf);
115	}
116	freeimember(m);
117	}
118	sq_destroy(sq);
119	}
120
121
122
123	void do_host(char *host)
124	{
125	EXEC SQL BEGIN DECLARE SECTION;
126	char rp[PRINTERS_RP_SIZE], name[PRINTERS_NAME_SIZE];
127	char duplexname[PRINTERS_DUPLEXNAME_SIZE], location[PRINTERS_LOCATION_SIZE];
128	char hwtype[PRINTERS_HWTYPE_SIZE], lowerhwtype[PRINTERS_HWTYPE_SIZE];
129	char modtime[PRINTERS_MODTIME_SIZE], lmodtime[LIST_MODTIME_SIZE];
130	char contact[PRINTERS_CONTACT_SIZE], hostname[MACHINE_NAME_SIZE];
131	char cupshosts[MACHINE_NAME_SIZE], prtype [PRINTERS_TYPE_SIZE];
132	char service[SERVERHOSTS_SERVICE_SIZE];
133	char spoolhost = host, unixtime_fmt = UNIXTIME_FMT, *p;
134	char *lhost;
135	int ka, pc, ac, lpc_acl, top_lpc_acl, banner, rm, svrlist_id, duplexdefault, holddefault;
136	EXEC SQL END DECLARE SECTION;
137	TARFILE *tf;
138	FILE *out;
139	char filename[MAXPATHLEN], *duptc;
140	time_t mtime, now = time(NULL);
141
142	lhost = (char *) strdup (host);
143	for (p = lhost; *p; p++)
144	p = tolower(p);
145
146	EXEC SQL SELECT mach_id INTO :rm FROM machine
147	WHERE name = :spoolhost;
148
149	sprintf(filename, "%s/cups-print/%s", DCM_DIR, host);
150	tf = tarfile_open(filename);
151
152	/* printers.conf entries for locally run queues */
153	out = tarfile_start(tf, "/etc/cups/printers.conf", 0644, 0, 0,
154	"lp", "lp", now);
155
156	EXEC SQL DECLARE csr_printers CURSOR FOR
157	SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
158	m.name, pr.banner, pr.location, pr.contact, pr.ka,
159	pr.ac, pr.lpc_acl, pr.duplexdefault, pr.holddefault
160	FROM printers pr, machine m
161	WHERE pr.rm = :rm AND m.mach_id = pr.mach_id
162	AND (pr.status = 1 OR pr.status = 2) AND m.status !=3
163	AND pr.type != 'ALIAS';
164	EXEC SQL OPEN csr_printers;
165	while (1)
166	{
167	EXEC SQL FETCH csr_printers INTO :rp, :name, :duplexname,
168	:hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl,
169	:duplexdefault, :holddefault;
170	if (sqlca.sqlcode)
171	break;
172
173	strtrim(rp);
174	strtrim(name);
175	strtrim(duplexname);
176	strtrim(hwtype);
177	strtrim(hostname);
178	strtrim(location);
179	strtrim(contact);
180	strcpy(lowerhwtype, hwtype);
181	for (p = rp; p; p++) / Because uppercased printer names suck */
182	p = tolower(p);
183	for (p = lowerhwtype; *p; p++)
184	p = tolower(p);
185	for (p = name; *p; p++)
186	p = tolower(p);
187
188	fprintf(out, "<Printer %s>\n",name);
189	fprintf(out, "Info %s:%s\n", name, hwtype);
190	if (!strncmp(hwtype, "HP", 2))
191	fprintf(out, "DeviceURI accsnmp://socket://%s:9100\n", hostname);
192	else if (!strncmp(hwtype, "LPR", 3))
193	fprintf(out, "DeviceURI lpd://%s/%s\n", hostname, rp);
194	else
195	fprintf(out, "DeviceURI accsnmp://socket://%s\n", hostname);
196	fprintf(out, "State Idle\n"); /* Always with the Idle */
197	fprintf(out, "StateTime %ld\n", (long)time(NULL));
198	if (holddefault)
199	fprintf(out, "Option job-hold-until indefinite\n");
200	fprintf(out, "Accepting Yes\n");
201	fprintf(out, "Shared Yes\n");
202	fprintf(out, "QuotaPeriod 0\n");
203	fprintf(out, "PageLimit 0\n");
204	fprintf(out, "Klimit 0\n");
205	if (duplexdefault)
206	fprintf(out, "Option sides two-sided-long-edge\n");
207	else
208	fprintf(out, "Option sides one-sided\n");
209	fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
210	fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
211	fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
212	fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
213	fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
214	if (location[0])
215	fprintf(out, "Location %s\n", location);
216	fprintf(out, "ErrorPolicy abort-job\n");
217	if (ka \|\| lpc_acl)
218	fprintf(out, "OpPolicy %s-policy\n", rp);
219	else
220	fprintf(out, "OpPolicy default\n");
221
222	/* Access-control list. */
223	if (ac)
224	{
225	if (ka)
226	fprintf(out, "AuthType Negotiate\n");
227	else
228	fprintf(out, "AuthType Default\n");
229	printer_user_list(out, "LIST", ac, "AllowUser", 0);
230	}
231
232	if (banner == PRN_BANNER_NONE)
233	fprintf(out, "JobSheets none none\n");
234	else
235	fprintf(out, "JobSheets athena none\n");
236	fprintf(out, "</Printer>\n");
237
238	}
239	EXEC SQL CLOSE csr_printers;
240
241	/* printers.conf entries for non-local CUPS queues */
242	EXEC SQL DECLARE csr_remote_printers CURSOR FOR
243	SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
244	m.name, pr.banner, pr.location, pr.contact, pr.ka,
245	pr.ac, pr.lpc_acl, m.name as cupshosts, pr.duplexdefault
246	FROM printers pr, machine m, machine m2, serverhosts sh
247	WHERE pr.rm = m.mach_id AND pr.rm <> :rm
248	AND (pr.status = 1 OR pr.status = 2) AND pr.mach_id = m2.mach_id AND m2.status !=3
249	AND pr.type != 'ALIAS' AND m.name <> :spoolhost AND
250	m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER')
251	AND sh.enable = 1 AND m.mach_id = sh.mach_id;
252
253	EXEC SQL OPEN csr_remote_printers;
254	while (1)
255	{
256	EXEC SQL FETCH csr_remote_printers INTO :rp, :name, :duplexname,
257	:hwtype, :hostname, :banner, :location, :contact, :ka, :ac,
258	:lpc_acl, :cupshosts, :duplexdefault;
259	if (sqlca.sqlcode)
260	break;
261
262	strtrim(rp);
263	strtrim(name);
264	strtrim(duplexname);
265	strtrim(hwtype);
266	strtrim(hostname);
267	strtrim(location);
268	strtrim(contact);
269	strtrim(cupshosts);
270	strcpy(lowerhwtype, hwtype);
271	for (p = rp; p; p++) / Because uppercased printer names suck */
272	p = tolower(p);
273	for (p = lowerhwtype; *p; p++)
274	p = tolower(p);
275	for (p = name; *p; p++)
276	p = tolower(p);
277
278	fprintf(out, "<Printer %s>\n",name);
279	fprintf(out, "Info %s:%s\n", name, hwtype);
280	fprintf(out, "DeviceURI ipp://%s:631/printers/%s?waitprinter=false&waitjob=false\n", cupshosts, name);
281	fprintf(out, "State Idle\n"); /* Always with the Idle */
282	fprintf(out, "StateTime %ld\n", (long)time(NULL));
283	fprintf(out, "Accepting Yes\n");
284	fprintf(out, "Shared Yes\n");
285	fprintf(out, "QuotaPeriod 0\n");
286	fprintf(out, "PageLimit 0\n");
287	fprintf(out, "Klimit 0\n");
288	if (duplexdefault)
289	fprintf(out, "Option sides two-sided-long-edge\n");
290	else
291	fprintf(out, "Option sides one-sided\n");
292	fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
293	fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
294	fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
295	fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
296	fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
297	if (location[0])
298	fprintf(out, "Location %s\n", location);
299	fprintf(out, "ErrorPolicy abort-job\n");
300	if (ka \|\| lpc_acl)
301	fprintf(out, "OpPolicy %s-policy\n", rp);
302	else
303	fprintf(out, "OpPolicy default\n");
304
305	/* Access-control list. */
306	if (ac)
307	{
308	if (ka)
309	fprintf(out, "AuthType Negotiate\n");
310	else
311	fprintf(out, "AuthType Default\n");
312	printer_user_list(out, "LIST", ac, "AllowUser", 0);
313	}
314
315	/* Never try to prepend a banner */
316	fprintf(out, "JobSheets none none\n");
317	fprintf(out, "</Printer>\n");
318
319	}
320	EXEC SQL CLOSE csr_remote_printers;
321
322	/* printers.conf entries for non-local LPRng queues */
323	EXEC SQL DECLARE csr_lprng_printers CURSOR FOR
324	SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
325	m.name, pr.banner, pr.location, pr.contact, pr.ka,
326	pr.ac, pr.lpc_acl, m.name, pr.duplexdefault as cupshosts
327	FROM printers pr, machine m, machine m2, printservers ps
328	WHERE pr.rm = m.mach_id AND ps.kind <> 'CUPS' AND m.mach_id = ps.mach_id
329	AND (pr.status = 1 OR pr.status = 2) AND pr.mach_id = m2.mach_id AND m2.status != 3
330	AND pr.type != 'ALIAS';
331
332	EXEC SQL OPEN csr_lprng_printers;
333	while (1)
334	{
335	EXEC SQL FETCH csr_lprng_printers INTO :rp, :name, :duplexname,
336	:hwtype, :hostname, :banner, :location, :contact, :ka, :ac,
337	:lpc_acl, :cupshosts, :duplexdefault;
338	if (sqlca.sqlcode)
339	break;
340
341	strtrim(rp);
342	strtrim(name);
343	strtrim(duplexname);
344	strtrim(hwtype);
345	strtrim(hostname);
346	strtrim(location);
347	strtrim(contact);
348	strtrim(cupshosts);
349	strcpy(lowerhwtype, hwtype);
350	for (p = rp; p; p++) / Because uppercased printer names suck */
351	p = tolower(p);
352	for (p = lowerhwtype; *p; p++)
353	p = tolower(p);
354	for (p = name; *p; p++)
355	p = tolower(p);
356
357	fprintf(out, "<Printer %s>\n",name);
358	fprintf(out, "Info %s:LPRng Queue on %s\n", name, cupshosts);
359	fprintf(out, "DeviceURI lpd://%s/%s\n", cupshosts, rp);
360	fprintf(out, "State Idle\n"); /* Always with the Idle */
361	fprintf(out, "StateTime %ld\n", (long)time(NULL));
362	fprintf(out, "Accepting Yes\n");
363	fprintf(out, "Shared Yes\n");
364	fprintf(out, "QuotaPeriod 0\n");
365	fprintf(out, "PageLimit 0\n");
366	fprintf(out, "Klimit 0\n");
367	if (duplexdefault)
368	fprintf(out, "Option sides two-sided-long-edge\n");
369	else
370	fprintf(out, "Option sides one-sided\n");
371	fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
372	fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
373	fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
374	fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
375	fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
376	if (location[0])
377	fprintf(out, "Location %s\n", location);
378	fprintf(out, "ErrorPolicy abort-job\n");
379	fprintf(out, "OpPolicy default\n");
380	fprintf(out, "JobSheets none none\n");
381	fprintf(out, "</Printer>\n");
382
383	}
384	EXEC SQL CLOSE csr_lprng_printers;
385	tarfile_end(tf);
386
387
388	/* aliases are in classes.conf */
389	out = tarfile_start(tf, "/etc/cups/classes.conf", 0644, 0, 0,
390	"lp", "lp", now);
391	EXEC SQL DECLARE csr_duplexqs CURSOR FOR
392	SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
393	m.name, pr.banner, pr.location, pr.contact, pr.ka,
394	pr.type as prtype, pr.ac, sh.service, pr.duplexdefault
395	FROM printers pr, machine m, machine m2, serverhosts sh
396	WHERE pr.rm = m.mach_id
397	AND (pr.status = 1 OR pr.status = 2) AND pr.mach_id = m2.mach_id AND m2.status !=3
398	AND m.mach_id = sh.mach_id AND sh.enable = 1
399	AND (sh.service = 'CUPS-PRINT' OR sh.service = 'PRINT' OR sh.service = 'CUPS-CLUSTER');
400	EXEC SQL OPEN csr_duplexqs;
401	while (1)
402	{
403	EXEC SQL FETCH csr_duplexqs INTO :rp, :name, :duplexname,
404	:hwtype, :hostname, :banner, :location, :contact, :ka,
405	:prtype, :ac, :service, :duplexdefault;
406	if (sqlca.sqlcode)
407	break;
408
409	strtrim(hwtype);
410	strtrim(service);
411	strtrim(rp);
412	strtrim(location);
413	strtrim(contact);
414	strtrim(prtype);
415
416	/* Define alias queues as classes to the regular queues for
417	* accounting reasons. Annoyingly, classes don't always inherit
418	* their printer definitions.
419	*/
420	if (!strcmp(prtype,"ALIAS"))
421	{
422	strtrim(name);
423	fprintf(out, "<Class %s>\n",name);
424	fprintf(out, "Info Alias Queue to %s:%s\n", rp, hwtype);
425	fprintf(out, "Printer %s\n", rp);
426	if (duplexdefault)
427	fprintf(out, "Option sides two-sided-long-edge\n");
428	else
429	fprintf(out, "Option sides one-sided\n");
430	fprintf(out, "State Idle\n"); /* Always with the Idle */
431	fprintf(out, "StateTime %ld\n", (long)time(NULL));
432	fprintf(out, "Accepting Yes\n");
433	fprintf(out, "Shared Yes\n");
434	fprintf(out, "QuotaPeriod 0\n");
435	fprintf(out, "PageLimit 0\n");
436	if (location[0])
437	fprintf(out, "Location %s\n", location);
438	/* do not use custom policies for LPRng printers */
439	if (strcmp(service,"PRINT") && (ka \|\| lpc_acl))
440	fprintf(out, "OpPolicy %s-policy\n", rp);
441	else
442	fprintf(out, "OpPolicy default\n");
443
444	/* Access-control list. */
445	if (ac)
446	printer_user_list(out, "LIST", ac, "AllowUser", 0);
447
448	if (banner == PRN_BANNER_NONE)
449	fprintf(out, "JobSheets none none\n");
450	else
451	fprintf(out, "JobSheets athena none\n");
452	fprintf(out, "</Class>\n");
453	}
454
455	/* Define duplex queues as aliases to the regular queues for
456	* accounting reasons. Annoyingly, classes don't always inherit
457	* their printer definitions.
458	*/
459	if (*duplexname && !duplexdefault)
460	{
461	strtrim(duplexname);
462	fprintf(out, "<Class %s>\n",duplexname);
463	if (!strcmp(prtype,"ALIAS"))
464	fprintf(out, "Info Duplex Alias Queue to %s:%s\n", rp, hwtype);
465	else
466	fprintf(out, "Info Duplex Queue for %s:%s\n", rp, hwtype);
467	fprintf(out, "Option sides two-sided-long-edge\n"); // duplex
468	fprintf(out, "Printer %s\n", rp);
469	fprintf(out, "State Idle\n"); /* Always with the Idle */
470	fprintf(out, "StateTime %ld\n", (long)time(NULL));
471	fprintf(out, "Accepting Yes\n");
472	fprintf(out, "Shared Yes\n");
473	fprintf(out, "QuotaPeriod 0\n");
474	fprintf(out, "PageLimit 0\n");
475	if (location[0])
476	fprintf(out, "Location %s\n", location);
477	if (strcmp(service,"PRINT") && (ka \|\| lpc_acl))
478	fprintf(out, "OpPolicy %s-policy\n", rp);
479	else
480	fprintf(out, "OpPolicy default\n");
481
482	/* Access-control list. */
483	if (ac)
484	printer_user_list(out, "LIST", ac, "AllowUser", 0);
485
486	if (banner == PRN_BANNER_NONE)
487	fprintf(out, "JobSheets none none\n");
488	else if (banner == PRN_BANNER_LAST)
489	fprintf(out, "JobSheets athena none\n");
490	fprintf(out, "</Class>\n");
491	}
492	}
493	EXEC SQL CLOSE csr_duplexqs;
494	tarfile_end(tf);
495
496	/* cups.conf */
497	out = tarfile_start(tf, "/etc/cups/cupsd.conf", 0755, 1, 1,
498	"root", "lp", now);
499
500	fprintf(out, "LogLevel error\n");
501	fprintf(out, "SystemGroup sys root ops-group\n");
502	fprintf(out, "Port 631\n");
503	fprintf(out, "SSLPort 443\n");
504	fprintf(out, "Listen /var/run/cups/cups.sock\n");
505	fprintf(out, "Browsing On\n");
506	fprintf(out, "BrowseOrder allow,deny\n");
507	fprintf(out, "BrowseAllow all\n");
508	fprintf(out, "BrowseAddress @LOCAL\n");
509	fprintf(out, "DefaultAuthType Negotiate\n");
510	fprintf(out, "ServerCertificate /etc/cups/ssl/%s-ipp-crt.pem\n", lhost);
511	fprintf(out, "ServerKey /etc/cups/ssl/%s-ipp-key.pem\n", lhost);
512	fprintf(out, "ServerName %s\n", lhost);
513	fprintf(out, "ServerAlias %s\n", phost);
514	/* fprintf(out, "Krb5Keytab /etc/krb5-ipp.keytab\n"); */
515
516	/* The other CUPS servers should be aware of the other hosts'
517	queues, so we'll let them browse each other. */
518	fprintf(out, "Include cups.local.conf\n");
519	fprintf(out, "Include cups.locations.conf\n");
520	fprintf(out, "Include cups.policies.conf\n");
521	tarfile_end(tf);
522
523	/* cups.hosts.conf */
524	out = tarfile_start(tf, "/etc/cups/cups.hosts.conf", 0755, 1, 1,
525	"root", "lp", now);
526	EXEC SQL DECLARE csr_cupshosts CURSOR FOR
527	SELECT m.name AS cupshosts FROM machine m, printservers ps
528	WHERE m.mach_id = ps.mach_id AND ps.kind = 'CUPS';
529	EXEC SQL OPEN csr_cupshosts;
530	while (1)
531	{
532	EXEC SQL FETCH csr_cupshosts INTO :cupshosts;
533	if (sqlca.sqlcode)
534	break;
535
536	strtrim(cupshosts);
537
538	/* Don't poll yourself looking for answers! */
539	if (strcmp(cupshosts,host))
540	fprintf(out, "BrowsePoll %s\n", cupshosts);
541	}
542	EXEC SQL CLOSE csr_cupshosts;
543
544	tarfile_end(tf);
545
546	/* cups.policies.conf */
547	out = tarfile_start(tf, "/etc/cups/cups.policies.conf", 0755, 1, 1,
548	"root", "lp", now);
549	fprintf(out, "# Printer-specific LPC and LPR ACLs\n");
550	/* lpcaccess.top */
551	EXEC SQL SELECT ps.lpc_acl INTO :top_lpc_acl
552	FROM printservers ps, machine m
553	WHERE m.name = :spoolhost AND m.mach_id = ps.mach_id;
554
555	/* first, what's our defaults? */
556	fprintf (out, "<Policy default>\n");
557	fprintf (out, "%s\n", alterjob);
558	fprintf (out, "AuthType Default\n");
559	fprintf (out, "Require user @OWNER @SYSTEM\n");
560	printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
561	fprintf (out, "Order deny,allow\n");
562	fprintf (out, "</Limit>\n");
563	fprintf (out, "<Limit Send-Document CUPS-Get-Document>\n");
564	fprintf (out, "AuthType None\n");
565	fprintf (out, "Require user @OWNER @SYSTEM\n");
566	fprintf (out, "Order deny,allow\n");
567	fprintf (out, "Allow from all\n");
568	fprintf (out, "</Limit>\n");
569	fprintf (out, "%s\n", submitjob);
570	fprintf (out, "AuthType None\n");
571	fprintf (out, "Order deny,allow\n");
572	fprintf (out, "Allow from all\n");
573	fprintf (out, "</Limit>\n");
574	fprintf (out, "%s\n", alterpntr);
575	fprintf (out, "AuthType Default\n");
576	fprintf (out, "Require user @SYSTEM\n");
577	fprintf (out, "Order deny,allow\n");
578	fprintf (out, "</Limit>\n");
579	fprintf (out, "%s\n", lpcpntr);
580	fprintf (out, "AuthType Default\n");
581	fprintf (out, "Require user @SYSTEM\n");
582	printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
583	fprintf (out, "Order deny,allow\n");
584	fprintf (out, "</Limit>\n");
585	fprintf (out, "%s\n", canceljob);
586	fprintf (out, "AuthType Default\n");
587	fprintf (out, "Require user @OWNER @SYSTEM\n");
588	printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
589	fprintf (out, "Order deny,allow\n");
590	fprintf (out, "Allow from all\n");
591	fprintf (out, "</Limit>\n");
592	fprintf (out, "%s\n", catchall);
593	fprintf (out, "AuthType None\n");
594	fprintf (out, "Order deny,allow\n");
595	fprintf (out, "Allow from all\n");
596	fprintf (out, "</Limit>\n");
597	fprintf (out, "</Policy>\n");
598
599	/* restrict lists and lpcaccess policies. Sadly, we have to put the
600	top level for each new policy since CUPS doesn't have a way of
601	doing it otherwise (well, Unix groups, but not moira) */
602	EXEC SQL DECLARE csr_lpc CURSOR FOR
603	SELECT UNIQUE pr.rp, pr.ka, pr.ac, pr.lpc_acl
604	FROM printers pr, machine m
605	WHERE (pr.ac != 0 OR pr.lpc_acl != 0)
606	AND (pr.status = 1 OR pr.status = 2) and pr.mach_id = m.mach_id AND m.status !=3
607	AND pr.rm in (SELECT m.mach_id FROM machine m, serverhosts sh
608	WHERE m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER')
609	AND sh.enable = 1);
610	EXEC SQL OPEN csr_lpc;
611	while (1)
612	{
613	EXEC SQL FETCH csr_lpc INTO :name, :ka, :ac, :lpc_acl;
614	if (sqlca.sqlcode)
615	break;
616
617	strtrim(name);
618
619	fprintf (out, "<Policy %s-policy>\n", name);
620	fprintf (out, "%s\n", alterjob);
621	fprintf (out, "AuthType Default\n");
622	fprintf (out, "Require user @OWNER @SYSTEM\n");
623	printer_user_list(out, "LIST", lpc_acl, "Require user", 1);
624	printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
625	fprintf (out, "Order deny,allow\n");
626	fprintf (out, "Allow from all\n");
627	fprintf (out, "</Limit>\n");
628	fprintf (out, "<Limit Send-Document CUPS-Get-Document>\n");
629	fprintf (out, "AuthType None\n");
630	fprintf (out, "Require user @OWNER @SYSTEM\n");
631	fprintf (out, "Order deny,allow\n");
632	fprintf (out, "Allow from all\n");
633	fprintf (out, "</Limit>\n");
634	fprintf (out, "%s\n", submitjob);
635	/* If the printer is Kerberized? */
636	if (ka)
637	fprintf (out, "AuthType Negotiate\n");
638	else
639	fprintf (out, "AuthType None\n");
640	/* Access-control list. */
641	if (ac)
642	printer_user_list(out, "LIST", ac, "Require user", 1);
643	else if (ka)
644	fprintf (out, "Require valid-user\n");
645	fprintf (out, "Order deny,allow\n");
646	fprintf (out, "Allow from all\n");
647	fprintf (out, "</Limit>\n");
648	fprintf (out, "%s\n", alterpntr);
649	fprintf (out, "AuthType Default\n");
650	fprintf (out, "Require user @SYSTEM\n");
651	fprintf (out, "Order deny,allow\n");
652	fprintf (out, "</Limit>\n");
653	fprintf (out, "%s\n", lpcpntr);
654	fprintf (out, "AuthType Default\n");
655	fprintf (out, "Require user @SYSTEM\n");
656	/* printer-specific lpc access. */
657	if (lpc_acl)
658	printer_user_list(out, "LIST", lpc_acl, "Require user", 1);
659	printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
660	fprintf (out, "Order deny,allow\n");
661	fprintf (out, "</Limit>\n");
662	fprintf (out, "%s\n", canceljob);
663	fprintf (out, "AuthType Default\n");
664	fprintf (out, "Require user @OWNER @SYSTEM\n");
665	printer_user_list(out, "LIST", lpc_acl, "Require user", 1);
666	printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
667	fprintf (out, "Order deny,allow\n");
668	fprintf (out, "Allow from all\n");
669	fprintf (out, "</Limit>\n");
670	fprintf (out, "%s\n", catchall);
671	fprintf (out, "AuthType None\n");
672	fprintf (out, "Order deny,allow\n");
673	fprintf (out, "Allow from all\n");
674	fprintf (out, "</Limit>\n");
675	fprintf (out, "</Policy>\n");
676	}
677	EXEC SQL CLOSE csr_lpc;
678	fprintf(out, "\n");
679	tarfile_end(tf);
680	tarfile_close(tf);
681	}
682
683	void sqlerr(void)
684	{
685	db_error(sqlca.sqlcode);
686	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format