Context Navigation

cups-print.pc @ 25817

Visit:

Revision 25817, 23.7 KB checked in by jdreed, 11 years ago (diff)
In moira: * Re-snapshot moira at r4097 to pick up Status 10 (Suspended) (Trac: #1295) * Remove our addusr.1 and namespace.1 in favor of upstreams (Trac: #918) * Build-dep on OpenSSL and pass new configure flag per moira r4091

Line
1	/* $Id: cups-print.pc 4092 2013-01-18 15:36:33Z zacheiss $
2	*
3	* This generates printcaps and other files for Athena print servers
4	*
5	* Copyright (C) 1992-1998 by the Massachusetts Institute of Technology.
6	* For copying and distribution information, please see the file
7	* <mit-copyright.h>.
8	*/
9
10	#include <mit-copyright.h>
11	#include <moira.h>
12	#include <moira_site.h>
13
14	#include <sys/stat.h>
15	#include <sys/types.h>
16
17	#include <ctype.h>
18	#include <stdio.h>
19	#include <string.h>
20
21	#include <time.h>
22	#ifdef HAVE_KRB4
23	#include <krb.h>
24	#else
25	#include <mr_krb.h>
26	#endif
27	#include <krb5.h>
28
29	#include "util.h"
30
31	EXEC SQL INCLUDE sqlca;
32
33	RCSID("$HeadURL: svn+ssh://svn.mit.edu/moira/trunk/moira/gen/cups-print.pc $ $Id: cups-print.pc 4092 2013-01-18 15:36:33Z zacheiss $");
34
35	char *whoami = "cups-print.gen";
36	char *db = "moira/moira";
37
38	const int krbvers = 5; /* use Kerberos 5 */
39
40	/* OMG, I hate this, but it's cleaner, I guess? */
41
42	const char *alterjob = "<Limit Hold-Job Release-Job\
43	Restart-Job Purge-Jobs Reprocess-Job Set-Job-Attributes\
44	Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>";
45	const char *submitjob = "<Limit Create-Job Print-Job Print-URI\
46	Set-Job-Attributes Send-URI Create-Job-Subscription Renew-Subscription\
47	Cancel-Subscription Get-Notifications CUPS-Move-Job CUPS-Authenticate-Job>";
48	const char *alterpntr = "<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer\
49	CUPS-Add-Modify-Class CUPS-Delete-Class>";
50	const char *lpcpntr = "<Limit Pause-Printer Resume-Printer Enable-Printer\
51	Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs\
52	Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer\
53	Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After\
54	CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>";
55	const char *canceljob = "<Limit Cancel-Job>";
56	const char *catchall = "<Limit All>";
57	const char *phost = "printers.MIT.EDU";
58
59	void do_host(char *host);
60	void sqlerr(void);
61	#ifndef MAX
62	#define MAX(a, b) ( (a) > (b) ? (a) : (b) )
63	#endif
64
65	int main(int argc, char **argv)
66	{
67	EXEC SQL BEGIN DECLARE SECTION;
68	char name[MACHINE_NAME_SIZE];
69	EXEC SQL END DECLARE SECTION;
70
71	init_acls();
72
73	EXEC SQL CONNECT :db;
74
75	EXEC SQL WHENEVER SQLERROR DO sqlerr();
76
77	EXEC SQL DECLARE csr_hosts CURSOR FOR
78	SELECT m.name FROM machine m, serverhosts sh
79	WHERE m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER')
80	AND sh.enable = 1;
81	EXEC SQL OPEN csr_hosts;
82	while (1)
83	{
84	EXEC SQL FETCH csr_hosts INTO :name;
85	if (sqlca.sqlcode)
86	break;
87
88	strtrim(name);
89	do_host(name);
90	}
91	EXEC SQL CLOSE csr_hosts;
92
93	exit(MR_SUCCESS);
94	}
95
96	void printer_user_list(FILE out, char type, int id, char *str, int striprealm)
97	{
98	struct save_queue *sq;
99	struct imember *m;
100	char kbuf[MAX_K_NAME_SZ];
101	char *cp;
102
103	sq = get_acl(type, id, NULL);
104	while (sq_remove_data(sq, &m))
105	{
106	if (m->type != 'S' && m->type != 0) {
107	/* CUPS wants mmanley/root, not mmanley.root@ATHENA.MIT.EDU */
108	canon_krb(m, krbvers, kbuf, sizeof(kbuf));
109
110	/* now, take out all the @realm */
111	if (striprealm) {
112	for (cp=kbuf; *cp; cp++) {
113	if (cp == '@') cp = '\0';
114	}
115	}
116	fprintf(out, "%s %s\n", str, kbuf);
117	}
118	freeimember(m);
119	}
120	sq_destroy(sq);
121	}
122
123
124
125	void do_host(char *host)
126	{
127	EXEC SQL BEGIN DECLARE SECTION;
128	char rp[PRINTERS_RP_SIZE], name[PRINTERS_NAME_SIZE];
129	char duplexname[PRINTERS_DUPLEXNAME_SIZE], location[PRINTERS_LOCATION_SIZE];
130	char hwtype[PRINTERS_HWTYPE_SIZE], lowerhwtype[PRINTERS_HWTYPE_SIZE];
131	char modtime[PRINTERS_MODTIME_SIZE], lmodtime[LIST_MODTIME_SIZE];
132	char contact[PRINTERS_CONTACT_SIZE], hostname[MACHINE_NAME_SIZE];
133	char cupshosts[MACHINE_NAME_SIZE], prtype [PRINTERS_TYPE_SIZE];
134	char service[SERVERHOSTS_SERVICE_SIZE];
135	char spoolhost = host, unixtime_fmt = UNIXTIME_FMT, *p;
136	char *lhost;
137	int ka, pc, ac, lpc_acl, top_lpc_acl, banner, rm, svrlist_id, duplexdefault, holddefault;
138	EXEC SQL END DECLARE SECTION;
139	TARFILE *tf;
140	FILE *out;
141	char filename[MAXPATHLEN], *duptc;
142	time_t mtime, now = time(NULL);
143
144	lhost = (char *) strdup (host);
145	for (p = lhost; *p; p++)
146	p = tolower(p);
147
148	EXEC SQL SELECT mach_id INTO :rm FROM machine
149	WHERE name = :spoolhost;
150
151	sprintf(filename, "%s/cups-print/%s", DCM_DIR, host);
152	tf = tarfile_open(filename);
153
154	/* printers.conf entries for locally run queues */
155	out = tarfile_start(tf, "/etc/cups/printers.conf", 0644, 0, 0,
156	"lp", "lp", now);
157
158	EXEC SQL DECLARE csr_printers CURSOR FOR
159	SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
160	m.name, pr.banner, pr.location, pr.contact, pr.ka,
161	pr.ac, pr.lpc_acl, pr.duplexdefault, pr.holddefault
162	FROM printers pr, machine m
163	WHERE pr.rm = :rm AND m.mach_id = pr.mach_id
164	AND (pr.status = 1 OR pr.status = 2) AND m.status !=3
165	AND pr.type != 'ALIAS';
166	EXEC SQL OPEN csr_printers;
167	while (1)
168	{
169	EXEC SQL FETCH csr_printers INTO :rp, :name, :duplexname,
170	:hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl,
171	:duplexdefault, :holddefault;
172	if (sqlca.sqlcode)
173	break;
174
175	strtrim(rp);
176	strtrim(name);
177	strtrim(duplexname);
178	strtrim(hwtype);
179	strtrim(hostname);
180	strtrim(location);
181	strtrim(contact);
182	strcpy(lowerhwtype, hwtype);
183	for (p = rp; p; p++) / Because uppercased printer names suck */
184	p = tolower(p);
185	for (p = lowerhwtype; *p; p++)
186	p = tolower(p);
187	for (p = name; *p; p++)
188	p = tolower(p);
189
190	fprintf(out, "<Printer %s>\n",name);
191	fprintf(out, "Info %s:%s\n", name, hwtype);
192	if (!strncmp(hwtype, "HP", 2))
193	fprintf(out, "DeviceURI accsnmp://socket://%s:9100\n", hostname);
194	else if (!strncmp(hwtype, "LPR", 3))
195	fprintf(out, "DeviceURI lpd://%s/%s\n", hostname, rp);
196	else
197	fprintf(out, "DeviceURI accsnmp://socket://%s\n", hostname);
198	fprintf(out, "State Idle\n"); /* Always with the Idle */
199	fprintf(out, "StateTime %ld\n", (long)time(NULL));
200	if (holddefault)
201	fprintf(out, "Option job-hold-until indefinite\n");
202	fprintf(out, "Accepting Yes\n");
203	fprintf(out, "Shared Yes\n");
204	fprintf(out, "QuotaPeriod 0\n");
205	fprintf(out, "PageLimit 0\n");
206	fprintf(out, "Klimit 0\n");
207	if (duplexdefault)
208	fprintf(out, "Option sides two-sided-long-edge\n");
209	else
210	fprintf(out, "Option sides one-sided\n");
211	fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
212	fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
213	fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
214	fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
215	fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
216	if (location[0])
217	fprintf(out, "Location %s\n", location);
218	fprintf(out, "ErrorPolicy abort-job\n");
219	if (ka \|\| lpc_acl)
220	fprintf(out, "OpPolicy %s-policy\n", rp);
221	else
222	fprintf(out, "OpPolicy default\n");
223
224	/* Access-control list. */
225	if (ac)
226	{
227	if (ka)
228	fprintf(out, "AuthType Negotiate\n");
229	else
230	fprintf(out, "AuthType Default\n");
231	printer_user_list(out, "LIST", ac, "AllowUser", 0);
232	}
233
234	if (banner == PRN_BANNER_NONE)
235	fprintf(out, "JobSheets none none\n");
236	else
237	fprintf(out, "JobSheets athena none\n");
238	fprintf(out, "</Printer>\n");
239
240	}
241	EXEC SQL CLOSE csr_printers;
242
243	/* printers.conf entries for non-local CUPS queues */
244	EXEC SQL DECLARE csr_remote_printers CURSOR FOR
245	SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
246	m.name, pr.banner, pr.location, pr.contact, pr.ka,
247	pr.ac, pr.lpc_acl, m.name as cupshosts, pr.duplexdefault
248	FROM printers pr, machine m, machine m2, serverhosts sh
249	WHERE pr.rm = m.mach_id AND pr.rm <> :rm
250	AND (pr.status = 1 OR pr.status = 2) AND pr.mach_id = m2.mach_id AND m2.status !=3
251	AND pr.type != 'ALIAS' AND m.name <> :spoolhost AND
252	m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER')
253	AND sh.enable = 1 AND m.mach_id = sh.mach_id;
254
255	EXEC SQL OPEN csr_remote_printers;
256	while (1)
257	{
258	EXEC SQL FETCH csr_remote_printers INTO :rp, :name, :duplexname,
259	:hwtype, :hostname, :banner, :location, :contact, :ka, :ac,
260	:lpc_acl, :cupshosts, :duplexdefault;
261	if (sqlca.sqlcode)
262	break;
263
264	strtrim(rp);
265	strtrim(name);
266	strtrim(duplexname);
267	strtrim(hwtype);
268	strtrim(hostname);
269	strtrim(location);
270	strtrim(contact);
271	strtrim(cupshosts);
272	strcpy(lowerhwtype, hwtype);
273	for (p = rp; p; p++) / Because uppercased printer names suck */
274	p = tolower(p);
275	for (p = lowerhwtype; *p; p++)
276	p = tolower(p);
277	for (p = name; *p; p++)
278	p = tolower(p);
279
280	fprintf(out, "<Printer %s>\n",name);
281	fprintf(out, "Info %s:%s\n", name, hwtype);
282	fprintf(out, "DeviceURI ipp://%s:631/printers/%s?waitprinter=false&waitjob=false\n", cupshosts, name);
283	fprintf(out, "State Idle\n"); /* Always with the Idle */
284	fprintf(out, "StateTime %ld\n", (long)time(NULL));
285	fprintf(out, "Accepting Yes\n");
286	fprintf(out, "Shared Yes\n");
287	fprintf(out, "QuotaPeriod 0\n");
288	fprintf(out, "PageLimit 0\n");
289	fprintf(out, "Klimit 0\n");
290	if (duplexdefault)
291	fprintf(out, "Option sides two-sided-long-edge\n");
292	else
293	fprintf(out, "Option sides one-sided\n");
294	fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
295	fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
296	fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
297	fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
298	fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
299	if (location[0])
300	fprintf(out, "Location %s\n", location);
301	fprintf(out, "ErrorPolicy abort-job\n");
302	if (ka \|\| lpc_acl)
303	fprintf(out, "OpPolicy %s-policy\n", rp);
304	else
305	fprintf(out, "OpPolicy default\n");
306
307	/* Access-control list. */
308	if (ac)
309	{
310	if (ka)
311	fprintf(out, "AuthType Negotiate\n");
312	else
313	fprintf(out, "AuthType Default\n");
314	printer_user_list(out, "LIST", ac, "AllowUser", 0);
315	}
316
317	/* Never try to prepend a banner */
318	fprintf(out, "JobSheets none none\n");
319	fprintf(out, "</Printer>\n");
320
321	}
322	EXEC SQL CLOSE csr_remote_printers;
323
324	/* printers.conf entries for non-local LPRng queues */
325	EXEC SQL DECLARE csr_lprng_printers CURSOR FOR
326	SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
327	m.name, pr.banner, pr.location, pr.contact, pr.ka,
328	pr.ac, pr.lpc_acl, m.name, pr.duplexdefault as cupshosts
329	FROM printers pr, machine m, machine m2, printservers ps
330	WHERE pr.rm = m.mach_id AND ps.kind <> 'CUPS' AND m.mach_id = ps.mach_id
331	AND (pr.status = 1 OR pr.status = 2) AND pr.mach_id = m2.mach_id AND m2.status != 3
332	AND pr.type != 'ALIAS';
333
334	EXEC SQL OPEN csr_lprng_printers;
335	while (1)
336	{
337	EXEC SQL FETCH csr_lprng_printers INTO :rp, :name, :duplexname,
338	:hwtype, :hostname, :banner, :location, :contact, :ka, :ac,
339	:lpc_acl, :cupshosts, :duplexdefault;
340	if (sqlca.sqlcode)
341	break;
342
343	strtrim(rp);
344	strtrim(name);
345	strtrim(duplexname);
346	strtrim(hwtype);
347	strtrim(hostname);
348	strtrim(location);
349	strtrim(contact);
350	strtrim(cupshosts);
351	strcpy(lowerhwtype, hwtype);
352	for (p = rp; p; p++) / Because uppercased printer names suck */
353	p = tolower(p);
354	for (p = lowerhwtype; *p; p++)
355	p = tolower(p);
356	for (p = name; *p; p++)
357	p = tolower(p);
358
359	fprintf(out, "<Printer %s>\n",name);
360	fprintf(out, "Info %s:LPRng Queue on %s\n", name, cupshosts);
361	fprintf(out, "DeviceURI lpd://%s/%s\n", cupshosts, rp);
362	fprintf(out, "State Idle\n"); /* Always with the Idle */
363	fprintf(out, "StateTime %ld\n", (long)time(NULL));
364	fprintf(out, "Accepting Yes\n");
365	fprintf(out, "Shared Yes\n");
366	fprintf(out, "QuotaPeriod 0\n");
367	fprintf(out, "PageLimit 0\n");
368	fprintf(out, "Klimit 0\n");
369	if (duplexdefault)
370	fprintf(out, "Option sides two-sided-long-edge\n");
371	else
372	fprintf(out, "Option sides one-sided\n");
373	fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
374	fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
375	fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
376	fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
377	fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
378	if (location[0])
379	fprintf(out, "Location %s\n", location);
380	fprintf(out, "ErrorPolicy abort-job\n");
381	fprintf(out, "OpPolicy default\n");
382	fprintf(out, "JobSheets none none\n");
383	fprintf(out, "</Printer>\n");
384
385	}
386	EXEC SQL CLOSE csr_lprng_printers;
387	tarfile_end(tf);
388
389
390	/* aliases are in classes.conf */
391	out = tarfile_start(tf, "/etc/cups/classes.conf", 0644, 0, 0,
392	"lp", "lp", now);
393	EXEC SQL DECLARE csr_duplexqs CURSOR FOR
394	SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
395	m.name, pr.banner, pr.location, pr.contact, pr.ka,
396	pr.type as prtype, pr.ac, sh.service, pr.duplexdefault
397	FROM printers pr, machine m, machine m2, serverhosts sh
398	WHERE pr.rm = m.mach_id
399	AND (pr.status = 1 OR pr.status = 2) AND pr.mach_id = m2.mach_id AND m2.status !=3
400	AND m.mach_id = sh.mach_id AND sh.enable = 1
401	AND (sh.service = 'CUPS-PRINT' OR sh.service = 'PRINT' OR sh.service = 'CUPS-CLUSTER');
402	EXEC SQL OPEN csr_duplexqs;
403	while (1)
404	{
405	EXEC SQL FETCH csr_duplexqs INTO :rp, :name, :duplexname,
406	:hwtype, :hostname, :banner, :location, :contact, :ka,
407	:prtype, :ac, :service, :duplexdefault;
408	if (sqlca.sqlcode)
409	break;
410
411	strtrim(hwtype);
412	strtrim(service);
413	strtrim(rp);
414	strtrim(location);
415	strtrim(contact);
416	strtrim(prtype);
417
418	/* Define alias queues as classes to the regular queues for
419	* accounting reasons. Annoyingly, classes don't always inherit
420	* their printer definitions.
421	*/
422	if (!strcmp(prtype,"ALIAS"))
423	{
424	strtrim(name);
425	fprintf(out, "<Class %s>\n",name);
426	fprintf(out, "Info Alias Queue to %s:%s\n", rp, hwtype);
427	fprintf(out, "Printer %s\n", rp);
428	if (duplexdefault)
429	fprintf(out, "Option sides two-sided-long-edge\n");
430	else
431	fprintf(out, "Option sides one-sided\n");
432	fprintf(out, "State Idle\n"); /* Always with the Idle */
433	fprintf(out, "StateTime %ld\n", (long)time(NULL));
434	fprintf(out, "Accepting Yes\n");
435	fprintf(out, "Shared Yes\n");
436	fprintf(out, "QuotaPeriod 0\n");
437	fprintf(out, "PageLimit 0\n");
438	if (location[0])
439	fprintf(out, "Location %s\n", location);
440	/* do not use custom policies for LPRng printers */
441	if (strcmp(service,"PRINT") && (ka \|\| lpc_acl))
442	fprintf(out, "OpPolicy %s-policy\n", rp);
443	else
444	fprintf(out, "OpPolicy default\n");
445
446	/* Access-control list. */
447	if (ac)
448	printer_user_list(out, "LIST", ac, "AllowUser", 0);
449
450	if (banner == PRN_BANNER_NONE)
451	fprintf(out, "JobSheets none none\n");
452	else
453	fprintf(out, "JobSheets athena none\n");
454	fprintf(out, "</Class>\n");
455	}
456
457	/* Define duplex queues as aliases to the regular queues for
458	* accounting reasons. Annoyingly, classes don't always inherit
459	* their printer definitions.
460	*/
461	if (*duplexname && !duplexdefault)
462	{
463	strtrim(duplexname);
464	fprintf(out, "<Class %s>\n",duplexname);
465	if (!strcmp(prtype,"ALIAS"))
466	fprintf(out, "Info Duplex Alias Queue to %s:%s\n", rp, hwtype);
467	else
468	fprintf(out, "Info Duplex Queue for %s:%s\n", rp, hwtype);
469	fprintf(out, "Option sides two-sided-long-edge\n"); // duplex
470	fprintf(out, "Printer %s\n", rp);
471	fprintf(out, "State Idle\n"); /* Always with the Idle */
472	fprintf(out, "StateTime %ld\n", (long)time(NULL));
473	fprintf(out, "Accepting Yes\n");
474	fprintf(out, "Shared Yes\n");
475	fprintf(out, "QuotaPeriod 0\n");
476	fprintf(out, "PageLimit 0\n");
477	if (location[0])
478	fprintf(out, "Location %s\n", location);
479	if (strcmp(service,"PRINT") && (ka \|\| lpc_acl))
480	fprintf(out, "OpPolicy %s-policy\n", rp);
481	else
482	fprintf(out, "OpPolicy default\n");
483
484	/* Access-control list. */
485	if (ac)
486	printer_user_list(out, "LIST", ac, "AllowUser", 0);
487
488	if (banner == PRN_BANNER_NONE)
489	fprintf(out, "JobSheets none none\n");
490	else if (banner == PRN_BANNER_LAST)
491	fprintf(out, "JobSheets athena none\n");
492	fprintf(out, "</Class>\n");
493	}
494	}
495	EXEC SQL CLOSE csr_duplexqs;
496	tarfile_end(tf);
497
498	/* cups.conf */
499	out = tarfile_start(tf, "/etc/cups/cupsd.conf", 0755, 1, 1,
500	"root", "lp", now);
501
502	fprintf(out, "LogLevel error\n");
503	fprintf(out, "SystemGroup sys root ops-group\n");
504	fprintf(out, "Port 631\n");
505	fprintf(out, "SSLPort 443\n");
506	fprintf(out, "Listen /var/run/cups/cups.sock\n");
507	fprintf(out, "Browsing On\n");
508	fprintf(out, "BrowseOrder allow,deny\n");
509	fprintf(out, "BrowseAllow all\n");
510	fprintf(out, "BrowseAddress @LOCAL\n");
511	fprintf(out, "DefaultAuthType Negotiate\n");
512	fprintf(out, "ServerCertificate /etc/cups/ssl/%s-ipp-crt.pem\n", lhost);
513	fprintf(out, "ServerKey /etc/cups/ssl/%s-ipp-key.pem\n", lhost);
514	fprintf(out, "ServerName %s\n", lhost);
515	fprintf(out, "ServerAlias %s\n", phost);
516	/* fprintf(out, "Krb5Keytab /etc/krb5-ipp.keytab\n"); */
517
518	/* The other CUPS servers should be aware of the other hosts'
519	queues, so we'll let them browse each other. */
520	fprintf(out, "Include cups.local.conf\n");
521	fprintf(out, "Include cups.locations.conf\n");
522	fprintf(out, "Include cups.policies.conf\n");
523	tarfile_end(tf);
524
525	/* cups.hosts.conf */
526	out = tarfile_start(tf, "/etc/cups/cups.hosts.conf", 0755, 1, 1,
527	"root", "lp", now);
528	EXEC SQL DECLARE csr_cupshosts CURSOR FOR
529	SELECT m.name AS cupshosts FROM machine m, printservers ps
530	WHERE m.mach_id = ps.mach_id AND ps.kind = 'CUPS';
531	EXEC SQL OPEN csr_cupshosts;
532	while (1)
533	{
534	EXEC SQL FETCH csr_cupshosts INTO :cupshosts;
535	if (sqlca.sqlcode)
536	break;
537
538	strtrim(cupshosts);
539
540	/* Don't poll yourself looking for answers! */
541	if (strcmp(cupshosts,host))
542	fprintf(out, "BrowsePoll %s\n", cupshosts);
543	}
544	EXEC SQL CLOSE csr_cupshosts;
545
546	tarfile_end(tf);
547
548	/* cups.policies.conf */
549	out = tarfile_start(tf, "/etc/cups/cups.policies.conf", 0755, 1, 1,
550	"root", "lp", now);
551	fprintf(out, "# Printer-specific LPC and LPR ACLs\n");
552	/* lpcaccess.top */
553	EXEC SQL SELECT ps.lpc_acl INTO :top_lpc_acl
554	FROM printservers ps, machine m
555	WHERE m.name = :spoolhost AND m.mach_id = ps.mach_id;
556
557	/* first, what's our defaults? */
558	fprintf (out, "<Policy default>\n");
559	fprintf (out, "%s\n", alterjob);
560	fprintf (out, "AuthType Default\n");
561	fprintf (out, "Require user @OWNER @SYSTEM\n");
562	printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
563	fprintf (out, "Order deny,allow\n");
564	fprintf (out, "</Limit>\n");
565	fprintf (out, "<Limit Send-Document CUPS-Get-Document>\n");
566	fprintf (out, "AuthType None\n");
567	fprintf (out, "Require user @OWNER @SYSTEM\n");
568	fprintf (out, "Order deny,allow\n");
569	fprintf (out, "Allow from all\n");
570	fprintf (out, "</Limit>\n");
571	fprintf (out, "%s\n", submitjob);
572	fprintf (out, "AuthType None\n");
573	fprintf (out, "Order deny,allow\n");
574	fprintf (out, "Allow from all\n");
575	fprintf (out, "</Limit>\n");
576	fprintf (out, "%s\n", alterpntr);
577	fprintf (out, "AuthType Default\n");
578	fprintf (out, "Require user @SYSTEM\n");
579	fprintf (out, "Order deny,allow\n");
580	fprintf (out, "</Limit>\n");
581	fprintf (out, "%s\n", lpcpntr);
582	fprintf (out, "AuthType Default\n");
583	fprintf (out, "Require user @SYSTEM\n");
584	printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
585	fprintf (out, "Order deny,allow\n");
586	fprintf (out, "</Limit>\n");
587	fprintf (out, "%s\n", canceljob);
588	fprintf (out, "AuthType Default\n");
589	fprintf (out, "Require user @OWNER @SYSTEM\n");
590	printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
591	fprintf (out, "Order deny,allow\n");
592	fprintf (out, "Allow from all\n");
593	fprintf (out, "</Limit>\n");
594	fprintf (out, "%s\n", catchall);
595	fprintf (out, "AuthType None\n");
596	fprintf (out, "Order deny,allow\n");
597	fprintf (out, "Allow from all\n");
598	fprintf (out, "</Limit>\n");
599	fprintf (out, "</Policy>\n");
600
601	/* restrict lists and lpcaccess policies. Sadly, we have to put the
602	top level for each new policy since CUPS doesn't have a way of
603	doing it otherwise (well, Unix groups, but not moira) */
604	EXEC SQL DECLARE csr_lpc CURSOR FOR
605	SELECT UNIQUE pr.rp, pr.ka, pr.ac, pr.lpc_acl
606	FROM printers pr, machine m
607	WHERE (pr.ac != 0 OR pr.lpc_acl != 0)
608	AND (pr.status = 1 OR pr.status = 2) and pr.mach_id = m.mach_id AND m.status !=3
609	AND pr.rm in (SELECT m.mach_id FROM machine m, serverhosts sh
610	WHERE m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER')
611	AND sh.enable = 1);
612	EXEC SQL OPEN csr_lpc;
613	while (1)
614	{
615	EXEC SQL FETCH csr_lpc INTO :name, :ka, :ac, :lpc_acl;
616	if (sqlca.sqlcode)
617	break;
618
619	strtrim(name);
620
621	fprintf (out, "<Policy %s-policy>\n", name);
622	fprintf (out, "%s\n", alterjob);
623	fprintf (out, "AuthType Default\n");
624	fprintf (out, "Require user @OWNER @SYSTEM\n");
625	printer_user_list(out, "LIST", lpc_acl, "Require user", 1);
626	printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
627	fprintf (out, "Order deny,allow\n");
628	fprintf (out, "Allow from all\n");
629	fprintf (out, "</Limit>\n");
630	fprintf (out, "<Limit Send-Document CUPS-Get-Document>\n");
631	fprintf (out, "AuthType None\n");
632	fprintf (out, "Require user @OWNER @SYSTEM\n");
633	fprintf (out, "Order deny,allow\n");
634	fprintf (out, "Allow from all\n");
635	fprintf (out, "</Limit>\n");
636	fprintf (out, "%s\n", submitjob);
637	/* If the printer is Kerberized? */
638	if (ka)
639	fprintf (out, "AuthType Negotiate\n");
640	else
641	fprintf (out, "AuthType None\n");
642	/* Access-control list. */
643	if (ac)
644	printer_user_list(out, "LIST", ac, "Require user", 1);
645	else if (ka)
646	fprintf (out, "Require valid-user\n");
647	fprintf (out, "Order deny,allow\n");
648	fprintf (out, "Allow from all\n");
649	fprintf (out, "</Limit>\n");
650	fprintf (out, "%s\n", alterpntr);
651	fprintf (out, "AuthType Default\n");
652	fprintf (out, "Require user @SYSTEM\n");
653	fprintf (out, "Order deny,allow\n");
654	fprintf (out, "</Limit>\n");
655	fprintf (out, "%s\n", lpcpntr);
656	fprintf (out, "AuthType Default\n");
657	fprintf (out, "Require user @SYSTEM\n");
658	/* printer-specific lpc access. */
659	if (lpc_acl)
660	printer_user_list(out, "LIST", lpc_acl, "Require user", 1);
661	printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
662	fprintf (out, "Order deny,allow\n");
663	fprintf (out, "</Limit>\n");
664	fprintf (out, "%s\n", canceljob);
665	fprintf (out, "AuthType Default\n");
666	fprintf (out, "Require user @OWNER @SYSTEM\n");
667	printer_user_list(out, "LIST", lpc_acl, "Require user", 1);
668	printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
669	fprintf (out, "Order deny,allow\n");
670	fprintf (out, "Allow from all\n");
671	fprintf (out, "</Limit>\n");
672	fprintf (out, "%s\n", catchall);
673	fprintf (out, "AuthType None\n");
674	fprintf (out, "Order deny,allow\n");
675	fprintf (out, "Allow from all\n");
676	fprintf (out, "</Limit>\n");
677	fprintf (out, "</Policy>\n");
678	}
679	EXEC SQL CLOSE csr_lpc;
680	fprintf(out, "\n");
681	tarfile_end(tf);
682	tarfile_close(tf);
683	}
684
685	void sqlerr(void)
686	{
687	db_error(sqlca.sqlcode);
688	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format