[moira.git] / gen / print.pc

/* $Id$
 *
 * This generates printcaps and other files for Athena print servers
 *
 * Copyright (C) 1992-1998 by the Massachusetts Institute of Technology.
 * For copying and distribution information, please see the file
 * <mit-copyright.h>.
 */

#include <mit-copyright.h>
#include <moira.h>
#include <moira_site.h>

#include <sys/stat.h>
#include <sys/types.h>

#include <ctype.h>
#include <stdio.h>
#include <string.h>

#include "util.h"

EXEC SQL INCLUDE sqlca;

RCSID("$Header$");

char *whoami = "print.gen";
char *db = "moira/moira";

void do_host(char *host);
void sqlerr(void);
#ifndef MAX
#define MAX(a, b) ( (a) > (b) ? (a) : (b) )
#endif

int main(int argc, char **argv)
{
  EXEC SQL BEGIN DECLARE SECTION;
  char name[MACHINE_NAME_SIZE];
  EXEC SQL END DECLARE SECTION;

  init_acls();

  EXEC SQL CONNECT :db;

  EXEC SQL WHENEVER SQLERROR DO sqlerr();

  EXEC SQL DECLARE csr_hosts CURSOR FOR
    SELECT m.name FROM machine m, serverhosts sh
    WHERE m.mach_id = sh.mach_id AND sh.service = 'PRINT' AND sh.enable = 1;
  EXEC SQL OPEN csr_hosts;
  while (1)
    {
      EXEC SQL FETCH csr_hosts INTO :name;
      if (sqlca.sqlcode)
	break;

      strtrim(name);
      do_host(name);
    }
  EXEC SQL CLOSE csr_hosts;

  exit(MR_SUCCESS);
}

void do_host(char *host)
{
  EXEC SQL BEGIN DECLARE SECTION;
  char rp[PRINTERS_RP_SIZE], name[PRINTERS_NAME_SIZE];
  char duplexname[PRINTERS_DUPLEXNAME_SIZE], location[PRINTERS_LOCATION_SIZE];
  char hwtype[PRINTERS_HWTYPE_SIZE], lowerhwtype[PRINTERS_HWTYPE_SIZE];
  char modtime[PRINTERS_MODTIME_SIZE], lmodtime[LIST_MODTIME_SIZE];
  char contact[PRINTERS_CONTACT_SIZE], hostname[MACHINE_NAME_SIZE];
  char *spoolhost = host, *unixtime_fmt = UNIXTIME_FMT, *p;
  int ka, pc, ac, lpc_acl, banner, rm;
  EXEC SQL END DECLARE SECTION;
  TARFILE *tf;
  FILE *out;
  char filename[MAXPATHLEN], *duptc;
  time_t mtime, now = time(NULL);

  EXEC SQL SELECT mach_id INTO :rm FROM machine
    WHERE name = :spoolhost;

  sprintf(filename, "%s/print/%s", DCM_DIR, host);
  tf = tarfile_open(filename);

  /* printcap */
  out = tarfile_start(tf, "/etc/printcap.moira", 0644, 0, 0,
		      "root", "root", now);

  EXEC SQL DECLARE csr_printcap CURSOR FOR
    SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
    m.name, pr.banner, pr.location, pr.contact
    FROM printers pr, machine m
    WHERE pr.rm = :rm AND m.mach_id = pr.mach_id
    AND pr.type != 'ALIAS'
    AND ( pr.hwtype LIKE 'HP%' OR pr.hwtype LIKE 'LPR%' );
  EXEC SQL OPEN csr_printcap;
  while (1)
    {
      EXEC SQL FETCH csr_printcap INTO :rp, :name, :duplexname,
	:hwtype, :hostname, :banner, :location, :contact;
      if (sqlca.sqlcode)
	break;

      strtrim(rp);
      strtrim(name);
      strtrim(duplexname);
      strtrim(hwtype);
      strtrim(hostname);
      strtrim(location);
      strtrim(contact);
      strcpy(lowerhwtype, hwtype);
      for (p = lowerhwtype; *p; p++)
	*p = tolower(*p);

      if (location[0])
	fprintf(out, "# %s: %s\n", name, location);
      else
	fprintf(out, "# %s\n", name);
      if (strcmp(location, contact))
	fprintf(out, "# contact: %s\n", contact);

      fprintf(out, "%s\n\t:server:cm=%s %s\n\t", rp, hwtype, location);
      if (banner == PRN_BANNER_NONE)
	fprintf(out, ":sh");
      else if (banner == PRN_BANNER_LAST)
	fprintf(out, ":hl");

      if (!strncmp(hwtype, "HP", 2))
	{
	  fprintf(out, ":lp=%s%%9100:ifhp=model=%s:tc=.hp\n\n",
		  hostname, lowerhwtype);
	  duptc = ".hp2";
	}
      else if (!strncmp(hwtype, "LPR", 3))
	{
	  fprintf(out, ":lp=raw@%s:tc=.apple\n\n", hostname);
	  duptc = ".apple2";
	}

      if (*duplexname)
	{
	  fprintf(out, "%s\n\t:server:bq=%s:cm=%s duplex queue\n\t", 
		  duplexname, rp, rp);
	  if (!strncmp(hwtype, "HP", 2))
	    fprintf(out, ":ifhp=model=%s", lowerhwtype);
	  fprintf(out, ":tc=%s\n\n", duptc);
	}
    }
  EXEC SQL CLOSE csr_printcap;
  tarfile_end(tf);

  /* lpd.perms */
  out = tarfile_start(tf, "/etc/lpd.perms", 0755, 1, 1,
		      "daemon", "daemon", now);
  fprintf(out, "# Allow anybody to connect, get status, list queue, or "
	  "print (once a\n# job is spooled)\n");
  fprintf(out, "ACCEPT SERVICE=X,S,Q,P\nACCEPT LPC=status,lpq,printcap\n\n");

  fprintf(out, "# Only trust certain host keys to forward jobs/commands\n");
  fprintf(out, "REJECT AUTHFROM=?* PRINTER=</var/spool/printer/queues.secure "
	  "NOT AUTHFROM=</var/spool/printer/hostkeys.allow\n");
  fprintf(out, "REJECT AUTHFROM=?* AUTHJOB "
	  "NOT AUTHFROM=</var/spool/printer/hostkeys.allow\n\n");

  fprintf(out, "# Allow root to control and remove jobs\n");
  fprintf(out, "ACCEPT SERVICE=C,R SERVER REMOTEUSER=root\n\n");

  fprintf(out, "# Allow admins to control and remove jobs\n");
  fprintf(out, "ACCEPT SERVICE=C,R AUTH=USER AUTHUSER=</var/spool/printer/lpcaccess.top\n\n");

  fprintf(out, "# Printer-specific LPC ACLs\n");
  EXEC SQL DECLARE csr_lpc CURSOR FOR
    SELECT rp, duplexname FROM printers
    WHERE rm = :rm AND lpc_acl != 0;
  EXEC SQL OPEN csr_lpc;
  while (1)
    {
      EXEC SQL FETCH csr_lpc INTO :name, :duplexname;
      if (sqlca.sqlcode)
	break;

      strtrim(name);
      strtrim(duplexname);
      fprintf(out, "ACCEPT SERVICE=C,R PRINTER=%s%s%s AUTH=USER "
	      "AUTHUSER=</var/spool/printer/%s/lpcaccess\n",
	      name, *duplexname ? "," : "", duplexname, name);
    }
  EXEC SQL CLOSE csr_lpc;
  fprintf(out, "\n");

  fprintf(out, "# Reject jobs from unauthorized users to restricted queues\n");
  EXEC SQL DECLARE csr_ac CURSOR FOR
    SELECT rp, duplexname, ka FROM printers
    WHERE rm = :rm AND ac != 0;
  EXEC SQL OPEN csr_ac;
  while (1)
    {
      EXEC SQL FETCH csr_ac INTO :name, :duplexname, ka;
      if (sqlca.sqlcode)
	break;

      strtrim(name);
      strtrim(duplexname);
      fprintf(out, "REJECT SERVICE=R PRINTER=%s%s%s NOT "
	      "%sUSER=</var/spool/printer/%s/restrict.list\n",
	      name, *duplexname ? "," : "", duplexname,
	      ka ? "AUTH" : "", name);
    }
  EXEC SQL CLOSE csr_ac;
  fprintf(out, "\n");

  fprintf(out, "# Accept authenticated jobs to all other printers\n");
  fprintf(out, "ACCEPT SERVICE=R AUTH=USER,FWD\n");
  fprintf(out, "# Allow authenticated users to lprm their jobs\n");
  fprintf(out, "ACCEPT SERVICE=M AUTH=USER,FWD AUTHJOB AUTHSAMEUSER\n\n");

  fprintf(out, "# Reject unauthentic print/lprm requests to authenticated queues\n");
  fprintf(out, "REJECT SERVICE=R,M "
	  "PRINTER=</var/spool/printer/queues.secure\n\n");

  fprintf(out, "# Reject unauthentic print requests from off MITnet\n");
  fprintf(out, "REJECT SERVICE=R NOT REMOTEIP=</var/spool/printer/masks.allow\n\n\n");

  fprintf(out, "# Accept unauthentic print requests if same user and on MITnet\n");
  fprintf(out, "ACCEPT SERVICE=M NOT AUTHJOB SAMEUSER REMOTEIP=</var/spool/printer/masks.allow\n\n");
  
  fprintf(out, "# Reject any other lpc, or lprm. Accept all else\n");
  fprintf(out, "REJECT SERVICE=C,M\n");
  fprintf(out, "DEFAULT ACCEPT");
  tarfile_end(tf);

  /* list of kerberized queues */
  out = tarfile_start(tf, "/var/spool/printer/queues.secure", 0755, 1, 1,
		     "daemon", "daemon", now);
  EXEC SQL DECLARE csr_kq CURSOR FOR
    SELECT rp, duplexname FROM printers
    WHERE rm = :rm AND ka = 1;
  EXEC SQL OPEN csr_kq;
  while (1)
    {
      EXEC SQL FETCH csr_kq INTO :name, :duplexname;
      if (sqlca.sqlcode)
	break;

      strtrim(name);
      strtrim(duplexname);
      fprintf(out, "%s\n", name);
      if (*duplexname)
	fprintf(out, "%s\n", duplexname);
    }
  tarfile_end(tf);

  /* restrict lists and lpcaccess files */
  EXEC SQL DECLARE csr_spool CURSOR FOR
    SELECT UNIQUE rp, ka, ac, lpc_acl
    FROM printers
    WHERE rm = :rm AND ( ac != 0 OR lpc_acl != 0);
  EXEC SQL OPEN csr_spool;
  while (1)
    {
      EXEC SQL FETCH csr_spool INTO :name, :ka, :ac, :lpc_acl;
      if (sqlca.sqlcode)
	break;

      strtrim(name);

      sprintf(filename, "/var/spool/printer/%s", name);
      tarfile_mkdir(tf, filename, 0755, 1, 1, "daemon", "daemon", now);

      /* The ac and lpc_acl lists may have sublists, and changes to those
       * won't affect the superlist's modtime. So we just set the modtime
       * to now.
       */

      /* Access-control list. */
      if (ac)
	{
	  sprintf(filename, "/var/spool/printer/%s/restrict.list", name);
	  out = tarfile_start(tf, filename, 0755, 1, 1, "daemon", "daemon",
			      now);
	  if (ka)
	    dump_krb_acl(out, "LIST", ac, 5);
	  else
	    dump_user_list(out, "LIST", ac);
	  tarfile_end(tf);
	}

      /* printer-specific lpc access. */
      if (lpc_acl)
	{
	  sprintf(filename, "/var/spool/printer/%s/lpcaccess", name);
	  out = tarfile_start(tf, filename, 0755, 1, 1, "daemon", "daemon",
			      now);
	  dump_krb_acl(out, "LIST", lpc_acl, 5);
	  tarfile_end(tf);
	}
    }

  /* lpcaccess.top */
  EXEC SQL SELECT ps.lpc_acl INTO :lpc_acl
    FROM printservers ps, machine m
    WHERE m.name = :spoolhost AND m.mach_id = ps.mach_id;
  if (!sqlca.sqlcode && lpc_acl)
    {
      out = tarfile_start(tf, "/var/spool/printer/lpcaccess.top",
			  0755, 1, 1, "daemon", "daemon", now);
      dump_krb_acl(out, "LIST", lpc_acl, 5);
      tarfile_end(tf);
    }

  EXEC SQL CLOSE csr_spool;

  tarfile_close(tf);
}

void sqlerr(void)
{
  db_error(sqlca.sqlcode);
}
Commit	Line	Data
bc275f50	1	/* $Id$
	2	*
	3	* This generates printcaps and other files for Athena print servers
	4	*
	5	* Copyright (C) 1992-1998 by the Massachusetts Institute of Technology.
	6	* For copying and distribution information, please see the file
	7	* <mit-copyright.h>.
	8	*/
	9
	10	#include <mit-copyright.h>
	11	#include <moira.h>
	12	#include <moira_site.h>
	13
	14	#include <sys/stat.h>
	15	#include <sys/types.h>
	16
	17	#include <ctype.h>
	18	#include <stdio.h>
	19	#include <string.h>
	20
	21	#include "util.h"
	22
	23	EXEC SQL INCLUDE sqlca;
	24
	25	RCSID("$Header$");
	26
	27	char *whoami = "print.gen";
	28	char *db = "moira/moira";
	29
	30	void do_host(char *host);
bc275f50	31	void sqlerr(void);
	32	#ifndef MAX
	33	#define MAX(a, b) ( (a) > (b) ? (a) : (b) )
	34	#endif
	35
	36	int main(int argc, char **argv)
	37	{
	38	EXEC SQL BEGIN DECLARE SECTION;
	39	char name[MACHINE_NAME_SIZE];
	40	EXEC SQL END DECLARE SECTION;
	41
5647f157	42	init_acls();
5647f157	43
bc275f50	44	EXEC SQL CONNECT :db;
	45
	46	EXEC SQL WHENEVER SQLERROR DO sqlerr();
	47
	48	EXEC SQL DECLARE csr_hosts CURSOR FOR
	49	SELECT m.name FROM machine m, serverhosts sh
	50	WHERE m.mach_id = sh.mach_id AND sh.service = 'PRINT' AND sh.enable = 1;
	51	EXEC SQL OPEN csr_hosts;
	52	while (1)
	53	{
	54	EXEC SQL FETCH csr_hosts INTO :name;
	55	if (sqlca.sqlcode)
	56	break;
	57
	58	strtrim(name);
	59	do_host(name);
	60	}
	61	EXEC SQL CLOSE csr_hosts;
	62
	63	exit(MR_SUCCESS);
	64	}
	65
	66	void do_host(char *host)
	67	{
	68	EXEC SQL BEGIN DECLARE SECTION;
	69	char rp[PRINTERS_RP_SIZE], name[PRINTERS_NAME_SIZE];
	70	char duplexname[PRINTERS_DUPLEXNAME_SIZE], location[PRINTERS_LOCATION_SIZE];
720fc638	71	char hwtype[PRINTERS_HWTYPE_SIZE], lowerhwtype[PRINTERS_HWTYPE_SIZE];
bc275f50	72	char modtime[PRINTERS_MODTIME_SIZE], lmodtime[LIST_MODTIME_SIZE];
720fc638	73	char contact[PRINTERS_CONTACT_SIZE], hostname[MACHINE_NAME_SIZE];
	74	char spoolhost = host, unixtime_fmt = UNIXTIME_FMT, *p;
	75	int ka, pc, ac, lpc_acl, banner, rm;
bc275f50	76	EXEC SQL END DECLARE SECTION;
	77	TARFILE *tf;
	78	FILE *out;
720fc638	79	char filename[MAXPATHLEN], *duptc;
20e540e7	80	time_t mtime, now = time(NULL);
bc275f50	81
720fc638	82	EXEC SQL SELECT mach_id INTO :rm FROM machine
	83	WHERE name = :spoolhost;
	84
bc275f50	85	sprintf(filename, "%s/print/%s", DCM_DIR, host);
	86	tf = tarfile_open(filename);
	87
720fc638	88	/* printcap */
bc275f50	89	out = tarfile_start(tf, "/etc/printcap.moira", 0644, 0, 0,
	90	"root", "root", now);
	91
	92	EXEC SQL DECLARE csr_printcap CURSOR FOR
	93	SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
720fc638	94	m.name, pr.banner, pr.location, pr.contact
	95	FROM printers pr, machine m
	96	WHERE pr.rm = :rm AND m.mach_id = pr.mach_id
	97	AND pr.type != 'ALIAS'
	98	AND ( pr.hwtype LIKE 'HP%' OR pr.hwtype LIKE 'LPR%' );
bc275f50	99	EXEC SQL OPEN csr_printcap;
	100	while (1)
	101	{
	102	EXEC SQL FETCH csr_printcap INTO :rp, :name, :duplexname,
720fc638	103	:hwtype, :hostname, :banner, :location, :contact;
bc275f50	104	if (sqlca.sqlcode)
	105	break;
	106
	107	strtrim(rp);
	108	strtrim(name);
	109	strtrim(duplexname);
	110	strtrim(hwtype);
	111	strtrim(hostname);
bc275f50	112	strtrim(location);
bc275f50	113	strtrim(contact);
720fc638	114	strcpy(lowerhwtype, hwtype);
	115	for (p = lowerhwtype; *p; p++)
	116	p = tolower(p);
bc275f50	117
	118	if (location[0])
	119	fprintf(out, "# %s: %s\n", name, location);
	120	else
	121	fprintf(out, "# %s\n", name);
	122	if (strcmp(location, contact))
	123	fprintf(out, "# contact: %s\n", contact);
	124
720fc638	125	fprintf(out, "%s\n\t:server:cm=%s %s\n\t", rp, hwtype, location);
	126	if (banner == PRN_BANNER_NONE)
	127	fprintf(out, ":sh");
	128	else if (banner == PRN_BANNER_LAST)
	129	fprintf(out, ":hl");
bc275f50	130
a1112064	131	if (!strncmp(hwtype, "HP", 2))
bc275f50	132	{
720fc638	133	fprintf(out, ":lp=%s%%9100:ifhp=model=%s:tc=.hp\n\n",
	134	hostname, lowerhwtype);
	135	duptc = ".hp2";
	136	}
	137	else if (!strncmp(hwtype, "LPR", 3))
	138	{
	139	fprintf(out, ":lp=raw@%s:tc=.apple\n\n", hostname);
	140	duptc = ".apple2";
	141	}
	142
	143	if (*duplexname)
	144	{
	145	fprintf(out, "%s\n\t:server:bq=%s:cm=%s duplex queue\n\t",
	146	duplexname, rp, rp);
	147	if (!strncmp(hwtype, "HP", 2))
	148	fprintf(out, ":ifhp=model=%s", lowerhwtype);
	149	fprintf(out, ":tc=%s\n\n", duptc);
bc275f50	150	}
bc275f50	151	}
	152	EXEC SQL CLOSE csr_printcap;
	153	tarfile_end(tf);
	154
720fc638	155	/* lpd.perms */
	156	out = tarfile_start(tf, "/etc/lpd.perms", 0755, 1, 1,
	157	"daemon", "daemon", now);
	158	fprintf(out, "# Allow anybody to connect, get status, list queue, or "
	159	"print (once a\n# job is spooled)\n");
5647f157	160	fprintf(out, "ACCEPT SERVICE=X,S,Q,P\nACCEPT LPC=status,lpq,printcap\n\n");
720fc638	161
	162	fprintf(out, "# Only trust certain host keys to forward jobs/commands\n");
	163	fprintf(out, "REJECT AUTHFROM=?* PRINTER=</var/spool/printer/queues.secure "
	164	"NOT AUTHFROM=</var/spool/printer/hostkeys.allow\n");
	165	fprintf(out, "REJECT AUTHFROM=?* AUTHJOB "
	166	"NOT AUTHFROM=</var/spool/printer/hostkeys.allow\n\n");
	167
5647f157	168	fprintf(out, "# Allow root to control and remove jobs\n");
	169	fprintf(out, "ACCEPT SERVICE=C,R SERVER REMOTEUSER=root\n\n");
	170
	171	fprintf(out, "# Allow admins to control and remove jobs\n");
	172	fprintf(out, "ACCEPT SERVICE=C,R AUTH=USER AUTHUSER=</var/spool/printer/lpcaccess.top\n\n");
	173
	174	fprintf(out, "# Printer-specific LPC ACLs\n");
	175	EXEC SQL DECLARE csr_lpc CURSOR FOR
	176	SELECT rp, duplexname FROM printers
	177	WHERE rm = :rm AND lpc_acl != 0;
	178	EXEC SQL OPEN csr_lpc;
	179	while (1)
	180	{
	181	EXEC SQL FETCH csr_lpc INTO :name, :duplexname;
	182	if (sqlca.sqlcode)
	183	break;
	184
	185	strtrim(name);
	186	strtrim(duplexname);
	187	fprintf(out, "ACCEPT SERVICE=C,R PRINTER=%s%s%s AUTH=USER "
	188	"AUTHUSER=</var/spool/printer/%s/lpcaccess\n",
	189	name, *duplexname ? "," : "", duplexname, name);
	190	}
	191	EXEC SQL CLOSE csr_lpc;
	192	fprintf(out, "\n");
	193
720fc638	194	fprintf(out, "# Reject jobs from unauthorized users to restricted queues\n");
	195	EXEC SQL DECLARE csr_ac CURSOR FOR
	196	SELECT rp, duplexname, ka FROM printers
	197	WHERE rm = :rm AND ac != 0;
	198	EXEC SQL OPEN csr_ac;
bc275f50	199	while (1)
bc275f50	200	{
720fc638	201	EXEC SQL FETCH csr_ac INTO :name, :duplexname, ka;
bc275f50	202	if (sqlca.sqlcode)
	203	break;
	204
	205	strtrim(name);
	206	strtrim(duplexname);
720fc638	207	fprintf(out, "REJECT SERVICE=R PRINTER=%s%s%s NOT "
	208	"%sUSER=</var/spool/printer/%s/restrict.list\n",
	209	name, *duplexname ? "," : "", duplexname,
	210	ka ? "AUTH" : "", name);
	211	}
	212	EXEC SQL CLOSE csr_ac;
	213	fprintf(out, "\n");
	214
	215	fprintf(out, "# Accept authenticated jobs to all other printers\n");
	216	fprintf(out, "ACCEPT SERVICE=R AUTH=USER,FWD\n");
	217	fprintf(out, "# Allow authenticated users to lprm their jobs\n");
	218	fprintf(out, "ACCEPT SERVICE=M AUTH=USER,FWD AUTHJOB AUTHSAMEUSER\n\n");
	219
	220	fprintf(out, "# Reject unauthentic print/lprm requests to authenticated queues\n");
	221	fprintf(out, "REJECT SERVICE=R,M "
	222	"PRINTER=</var/spool/printer/queues.secure\n\n");
	223
	224	fprintf(out, "# Reject unauthentic print requests from off MITnet\n");
	225	fprintf(out, "REJECT SERVICE=R NOT REMOTEIP=</var/spool/printer/masks.allow\n\n\n");
	226
	227	fprintf(out, "# Accept unauthentic print requests if same user and on MITnet\n");
	228	fprintf(out, "ACCEPT SERVICE=M NOT AUTHJOB SAMEUSER REMOTEIP=</var/spool/printer/masks.allow\n\n");
	229
720fc638	230	fprintf(out, "# Reject any other lpc, or lprm. Accept all else\n");
	231	fprintf(out, "REJECT SERVICE=C,M\n");
	232	fprintf(out, "DEFAULT ACCEPT");
	233	tarfile_end(tf);
	234
	235	/* list of kerberized queues */
	236	out = tarfile_start(tf, "/var/spool/printer/queues.secure", 0755, 1, 1,
	237	"daemon", "daemon", now);
	238	EXEC SQL DECLARE csr_kq CURSOR FOR
	239	SELECT rp, duplexname FROM printers
	240	WHERE rm = :rm AND ka = 1;
	241	EXEC SQL OPEN csr_kq;
	242	while (1)
	243	{
	244	EXEC SQL FETCH csr_kq INTO :name, :duplexname;
	245	if (sqlca.sqlcode)
	246	break;
bc275f50	247
720fc638	248	strtrim(name);
	249	strtrim(duplexname);
	250	fprintf(out, "%s\n", name);
bc275f50	251	if (*duplexname)
720fc638	252	fprintf(out, "%s\n", duplexname);
	253	}
	254	tarfile_end(tf);
	255
	256	/* restrict lists and lpcaccess files */
	257	EXEC SQL DECLARE csr_spool CURSOR FOR
	258	SELECT UNIQUE rp, ka, ac, lpc_acl
	259	FROM printers
	260	WHERE rm = :rm AND ( ac != 0 OR lpc_acl != 0);
	261	EXEC SQL OPEN csr_spool;
	262	while (1)
	263	{
	264	EXEC SQL FETCH csr_spool INTO :name, :ka, :ac, :lpc_acl;
	265	if (sqlca.sqlcode)
	266	break;
	267
	268	strtrim(name);
	269
	270	sprintf(filename, "/var/spool/printer/%s", name);
	271	tarfile_mkdir(tf, filename, 0755, 1, 1, "daemon", "daemon", now);
bc275f50	272
20e540e7	273	/* The ac and lpc_acl lists may have sublists, and changes to those
	274	* won't affect the superlist's modtime. So we just set the modtime
	275	* to now.
	276	*/
	277
bc275f50	278	/* Access-control list. */
	279	if (ac)
	280	{
bc275f50	281	sprintf(filename, "/var/spool/printer/%s/restrict.list", name);
bc275f50	282	out = tarfile_start(tf, filename, 0755, 1, 1, "daemon", "daemon",
20e540e7	283	now);
883e2e2b	284	if (ka)
	285	dump_krb_acl(out, "LIST", ac, 5);
	286	else
	287	dump_user_list(out, "LIST", ac);
bc275f50	288	tarfile_end(tf);
	289	}
	290
	291	/* printer-specific lpc access. */
	292	if (lpc_acl)
	293	{
720fc638	294	sprintf(filename, "/var/spool/printer/%s/lpcaccess", name);
bc275f50	295	out = tarfile_start(tf, filename, 0755, 1, 1, "daemon", "daemon",
20e540e7	296	now);
883e2e2b	297	dump_krb_acl(out, "LIST", lpc_acl, 5);
bc275f50	298	tarfile_end(tf);
bc275f50	299	}
bc275f50	300	}
720fc638	301
	302	/* lpcaccess.top */
	303	EXEC SQL SELECT ps.lpc_acl INTO :lpc_acl
	304	FROM printservers ps, machine m
	305	WHERE m.name = :spoolhost AND m.mach_id = ps.mach_id;
	306	if (!sqlca.sqlcode && lpc_acl)
	307	{
	308	out = tarfile_start(tf, "/var/spool/printer/lpcaccess.top",
	309	0755, 1, 1, "daemon", "daemon", now);
883e2e2b	310	dump_krb_acl(out, "LIST", lpc_acl, 5);
720fc638	311	tarfile_end(tf);
	312	}
	313
bc275f50	314	EXEC SQL CLOSE csr_spool;
	315
	316	tarfile_close(tf);
	317	}
	318
bc275f50	319	void sqlerr(void)
	320	{
	321	db_error(sqlca.sqlcode);
	322	}