]> andersk Git - moira.git/blame - gen/cups-cluster.pc
andersk / moira.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Care about CUPS-CLUSTER entries in serverhosts table as well.
[moira.git] / gen / cups-cluster.pc
CommitLineData
fa2a7b63 1/* $Id$
2 *
3 * This generates printcaps and other files for Athena print servers
4 *
5 * Copyright (C) 1992-1998 by the Massachusetts Institute of Technology.
6 * For copying and distribution information, please see the file
7 * <mit-copyright.h>.
8 */
9
10#include <mit-copyright.h>
11#include <moira.h>
12#include <moira_site.h>
13
14#include <sys/stat.h>
15#include <sys/types.h>
16
17#include <ctype.h>
18#include <stdio.h>
19#include <string.h>
20
21#include <time.h>
22#ifdef HAVE_KRB4
23#include <krb.h>
24#endif
25#include <krb5.h>
26
27#include "util.h"
28
29EXEC SQL INCLUDE sqlca;
30
31RCSID("$Header$");
32
33char *whoami = "cups-print.gen";
34char *db = "moira/moira";
35
36const int krbvers = 5; /* use Kerberos 5 */
37
38/* OMG, I hate this, but it's cleaner, I guess? */
39
40const char *alterjob = "<Limit Hold-Job Release-Job\
41 Restart-Job Purge-Jobs Reprocess-Job Set-Job-Attributes\
42 Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>";
43const char *submitjob = "<Limit Create-Job Print-Job Print-URI Send-Document\
44 Set-Job-Attributes Send-URI Create-Job-Subscription Renew-Subscription\
45 Cancel-Subscription Get-Notifications CUPS-Move-Job>";
46const char *alterpntr = "<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer\
47 CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>";
48const char *lpcpntr = "<Limit Pause-Printer Resume-Printer Enable-Printer\
49 Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs\
50 Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer\
51 Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After\
52 CUPS-Accept-Jobs CUPS-Reject-Jobs>";
53const char *canceljob = "<Limit Cancel-Job CUPS-Authenticate-Job>";
54const char *catchall = "<Limit All>";
55const char *phost = "printers.MIT.EDU";
56
57void do_host(char *host);
58void sqlerr(void);
59#ifndef MAX
60#define MAX(a, b) ( (a) > (b) ? (a) : (b) )
61#endif
62
63int main(int argc, char **argv)
64{
65 EXEC SQL BEGIN DECLARE SECTION;
66 char name[MACHINE_NAME_SIZE];
67 EXEC SQL END DECLARE SECTION;
68
69 init_acls();
70
71 EXEC SQL CONNECT :db;
72
73 EXEC SQL WHENEVER SQLERROR DO sqlerr();
74
75 EXEC SQL DECLARE csr_hosts CURSOR FOR
76 SELECT m.name FROM machine m, serverhosts sh
77 WHERE m.mach_id = sh.mach_id AND sh.service = 'CUPS-CLUSTER' AND sh.enable = 1;
78 EXEC SQL OPEN csr_hosts;
79 while (1)
80 {
81 EXEC SQL FETCH csr_hosts INTO :name;
82 if (sqlca.sqlcode)
83 break;
84
85 strtrim(name);
86 do_host(name);
87 }
88 EXEC SQL CLOSE csr_hosts;
89
90 exit(MR_SUCCESS);
91}
92
93void printer_user_list(FILE *out, char *type, int id, char *str)
94{
95 struct save_queue *sq;
96 struct imember *m;
97 char kbuf[MAX_K_NAME_SZ];
98 char *cp;
99
100 sq = get_acl(type, id, NULL);
101 while (sq_remove_data(sq, &m))
102 {
103 if (m->type != 'S' && m->type != NULL) {
104 /* CUPS wants mmanley/root, not mmanley.root@ATHENA.MIT.EDU */
105 canon_krb(m, krbvers, kbuf, sizeof(kbuf));
106
107 /* now, take out all the @realm */
108 for (cp=kbuf; *cp; cp++) {
109 if (*cp == '@') *cp = '\0';
110 }
111 fprintf(out, "%s %s\n", str, kbuf);
112 }
113 freeimember(m);
114 }
115 sq_destroy(sq);
116}
117
118
119
120void do_host(char *host)
121{
122 EXEC SQL BEGIN DECLARE SECTION;
123 char rp[PRINTERS_RP_SIZE], name[PRINTERS_NAME_SIZE];
124 char duplexname[PRINTERS_DUPLEXNAME_SIZE], location[PRINTERS_LOCATION_SIZE];
125 char hwtype[PRINTERS_HWTYPE_SIZE], lowerhwtype[PRINTERS_HWTYPE_SIZE];
126 char modtime[PRINTERS_MODTIME_SIZE], lmodtime[LIST_MODTIME_SIZE];
127 char contact[PRINTERS_CONTACT_SIZE], hostname[MACHINE_NAME_SIZE];
128 char cupshosts[MACHINE_NAME_SIZE], prtype [PRINTERS_TYPE_SIZE];
129 char *spoolhost = host, *unixtime_fmt = UNIXTIME_FMT, *p;
130 char *lhost;
131 int ka, pc, ac, lpc_acl, top_lpc_acl, banner, rm;
132 EXEC SQL END DECLARE SECTION;
133 TARFILE *tf;
134 FILE *out;
135 char filename[MAXPATHLEN], *duptc;
136 time_t mtime, now = time(NULL);
137
138 lhost = (char *) strdup (host);
139 for (p = lhost; *p; p++)
140 *p = tolower(*p);
141
142 EXEC SQL SELECT mach_id INTO :rm FROM machine
143 WHERE name = :spoolhost;
144
145 sprintf(filename, "%s/cups-cluster/%s", DCM_DIR, host);
146 tf = tarfile_open(filename);
147
148 /* printers.conf entries for locally run queues */
149 out = tarfile_start(tf, "/etc/cups/printers.conf", 0644, 0, 0,
150 "lp", "lp", now);
151
152 EXEC SQL DECLARE csr_printers CURSOR FOR
153 SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
154 m.name, pr.banner, pr.location, pr.contact, pr.ka,
155 pr.ac, pr.lpc_acl
156 FROM printers pr, machine m
157 WHERE pr.rm = :rm AND m.mach_id = pr.mach_id
158 AND (pr.type = 'DORM' or pr.type = 'CLUSTER');
159 EXEC SQL OPEN csr_printers;
160 while (1)
161 {
162 EXEC SQL FETCH csr_printers INTO :rp, :name, :duplexname,
163 :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl;
164 if (sqlca.sqlcode)
165 break;
166
167 strtrim(rp);
168 strtrim(name);
169 strtrim(duplexname);
170 strtrim(hwtype);
171 strtrim(hostname);
172 strtrim(location);
173 strtrim(contact);
174 strcpy(lowerhwtype, hwtype);
175 for (p = rp; *p; p++) /* Because uppercased printer names suck */
176 *p = tolower(*p);
177 for (p = lowerhwtype; *p; p++)
178 *p = tolower(*p);
179
180 fprintf(out, "<Printer %s>\n",rp);
181 fprintf(out, "Info %s:%s\n", rp, hwtype);
182 /* Note the use of "beh" to keep the CUPS from disabling print queues
183 * should they not respond versus discarding the job.
184 * See the "beh" page for details.
185 * The 1/0/60 says "don't disable/try 20 times/try every 60s */
186 if (!strncmp(hwtype, "HP", 2))
187 fprintf(out, "DeviceURI beh:/1/20/60/socket://%s:9100\n", hostname);
188 else
189 fprintf(out, "DeviceURI beh:/1/20/60/socket://%s\n", hostname);
190 fprintf(out, "State Idle\n"); // Always with the Idle
191 fprintf(out, "StateTime %ld\n", (long)time(NULL));
192 fprintf(out, "Accepting Yes\n");
193 fprintf(out, "Shared Yes\n");
194 fprintf(out, "QuotaPeriod 0\n");
195 fprintf(out, "PageLimit 0\n");
196 fprintf(out, "Klimit 0\n");
197 fprintf(out, "Option sides one-sided\n");
198 fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
199 fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
200 fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
201 fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
202 fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
203 if (location[0])
204 fprintf(out, "Location %s\n", location);
205 fprintf(out, "ErrorPolicy abort-job\n");
206 if (ka || lpc_acl)
207 fprintf(out, "OpPolicy %s-policy\n", rp);
208 else
209 fprintf(out, "OpPolicy default\n");
210
211 /* Access-control list. */
212 if (ac)
213 {
214 if (ka)
215 fprintf(out, "AuthType Negotiate\n");
216 else
217 fprintf(out, "AuthType Default\n");
218 printer_user_list(out, "LIST", ac, "AllowUser");
219 }
220
221 if (banner == PRN_BANNER_NONE)
222 fprintf(out, "JobSheets none none\n");
223 else
224 fprintf(out, "JobSheets athena none\n");
225 fprintf(out, "</Printer>\n");
226
227 }
228 EXEC SQL CLOSE csr_printers;
229
230 /* printers.conf entries for non-local CUPS queues */
231 EXEC SQL DECLARE csr_remote_printers CURSOR FOR
232 SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
233 m.name, pr.banner, pr.location, pr.contact, pr.ka,
234 pr.ac, pr.lpc_acl, m.name as cupshosts
235 FROM printers pr, machine m, serverhosts sh
236 WHERE pr.rm = m.mach_id
237 AND (pr.type = 'CLUSTER' or pr.type = 'DORM') AND m.name <> :spoolhost AND
662cdab2 238 m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER') AND
fa2a7b63 239 sh.enable = 1 AND m.mach_id = sh.mach_id;
240
241 EXEC SQL OPEN csr_remote_printers;
242 while (1)
243 {
244 EXEC SQL FETCH csr_remote_printers INTO :rp, :name, :duplexname,
245 :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl, :cupshosts;
246 if (sqlca.sqlcode)
247 break;
248
249 strtrim(rp);
250 strtrim(name);
251 strtrim(duplexname);
252 strtrim(hwtype);
253 strtrim(hostname);
254 strtrim(location);
255 strtrim(contact);
256 strtrim(cupshosts);
257 strcpy(lowerhwtype, hwtype);
258 for (p = rp; *p; p++) /* Because uppercased printer names suck */
259 *p = tolower(*p);
260 for (p = lowerhwtype; *p; p++)
261 *p = tolower(*p);
262
263 fprintf(out, "<Printer %s>\n",rp);
264 fprintf(out, "Info %s:%s\n", rp, hwtype);
265 fprintf(out, "DeviceURI ipp://%s:631/printers/%s\n", cupshosts, rp);
266 fprintf(out, "State Idle\n"); // Always with the Idle
267 fprintf(out, "StateTime %ld\n", (long)time(NULL));
268 fprintf(out, "Accepting Yes\n");
269 fprintf(out, "Shared Yes\n");
270 fprintf(out, "QuotaPeriod 0\n");
271 fprintf(out, "PageLimit 0\n");
272 fprintf(out, "Klimit 0\n");
273 fprintf(out, "Option sides one-sided\n");
274 fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
275 fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
276 fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
277 fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
278 fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
279 if (location[0])
280 fprintf(out, "Location %s\n", location);
281 fprintf(out, "ErrorPolicy abort-job\n");
282 if (ka || lpc_acl)
283 fprintf(out, "OpPolicy %s-policy\n", rp);
284 else
285 fprintf(out, "OpPolicy default\n");
286
287 /* Access-control list. */
288 if (ac)
289 {
290 if (ka)
291 fprintf(out, "AuthType Negotiate\n");
292 else
293 fprintf(out, "AuthType Default\n");
294 printer_user_list(out, "LIST", ac, "AllowUser");
295 }
296
297 if (banner == PRN_BANNER_NONE)
298 fprintf(out, "JobSheets none none\n");
299 else
300 fprintf(out, "JobSheets athena none\n");
301 fprintf(out, "</Printer>\n");
302
303 }
304 EXEC SQL CLOSE csr_remote_printers;
305
306 /* printers.conf entries for non-local LPRng queues */
307 EXEC SQL DECLARE csr_lprng_printers CURSOR FOR
308 SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
309 m.name, pr.banner, pr.location, pr.contact, pr.ka,
310 pr.ac, pr.lpc_acl, m.name as cupshosts
311 FROM printers pr, machine m, serverhosts sh
312 WHERE pr.rm = m.mach_id
313 AND (pr.type = 'DORM' or pr.type = 'CLUSTER') AND m.name <> :spoolhost AND
314 m.mach_id = sh.mach_id AND sh.service = 'PRINT' AND
315 sh.enable = 1;
316
317 EXEC SQL OPEN csr_lprng_printers;
318 while (1)
319 {
320 EXEC SQL FETCH csr_lprng_printers INTO :rp, :name, :duplexname,
321 :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl, :cupshosts;
322 if (sqlca.sqlcode)
323 break;
324
325 strtrim(rp);
326 strtrim(name);
327 strtrim(duplexname);
328 strtrim(hwtype);
329 strtrim(hostname);
330 strtrim(location);
331 strtrim(contact);
332 strtrim(cupshosts);
333 strcpy(lowerhwtype, hwtype);
334 for (p = rp; *p; p++) /* Because uppercased printer names suck */
335 *p = tolower(*p);
336 for (p = lowerhwtype; *p; p++)
337 *p = tolower(*p);
338
339 fprintf(out, "<Printer %s>\n",rp);
340 fprintf(out, "Info %s:LPRng Queue on %s\n", rp, cupshosts);
341 fprintf(out, "DeviceURI lpd://%s/%s\n", cupshosts, rp);
342 fprintf(out, "State Idle\n"); // Always with the Idle
343 fprintf(out, "StateTime %ld\n", (long)time(NULL));
344 fprintf(out, "Accepting Yes\n");
345 fprintf(out, "Shared Yes\n");
346 fprintf(out, "QuotaPeriod 0\n");
347 fprintf(out, "PageLimit 0\n");
348 fprintf(out, "Klimit 0\n");
349 fprintf(out, "Option sides one-sided\n");
350 fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
351 fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
352 fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
353 fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
354 fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
355 if (location[0])
356 fprintf(out, "Location %s\n", location);
357 fprintf(out, "ErrorPolicy abort-job\n");
358 fprintf(out, "OpPolicy default\n");
359 fprintf(out, "JobSheets none none\n");
360 fprintf(out, "</Printer>\n");
361
362 }
363 EXEC SQL CLOSE csr_lprng_printers;
364 tarfile_end(tf);
365
366
367 /* aliases are in classes.conf */
368 out = tarfile_start(tf, "/etc/cups/classes.conf", 0644, 0, 0,
369 "lp", "lp", now);
370 EXEC SQL DECLARE csr_duplexqs CURSOR FOR
371 SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
372 m.name, pr.banner, pr.location, pr.contact, pr.ka,
373 pr.type as prtype, pr.ac
374 FROM printers pr, machine m, serverhosts sh
375 WHERE pr.rm = m.mach_id
376 AND m.mach_id = sh.mach_id AND sh.enable = 1
377 AND (pr.type = 'DORM' or pr.type = 'CLUSTER')
662cdab2 378 AND (sh.service = 'CUPS-PRINT' OR sh.service = 'PRINT' OR sh.service = 'CUPS-CLUSTER');
fa2a7b63 379 EXEC SQL OPEN csr_duplexqs;
380 while (1)
381 {
382 EXEC SQL FETCH csr_duplexqs INTO :rp, :name, :duplexname,
383 :hwtype, :hostname, :banner, :location, :contact, :ka, :prtype, :ac;
384 if (sqlca.sqlcode)
385 break;
386
387 strtrim(hwtype);
388 strtrim(rp);
389 strtrim(location);
390 strtrim(contact);
391 strtrim(prtype);
392
393 /* Define alias queues as classes to the regular queues for
394 * accounting reasons. Annoyingly, classes don't always inherit
395 * their printer definitions.
396 */
397 if (!strcmp(prtype,"ALIAS"))
398 {
399 strtrim(name);
400 fprintf(out, "<Class %s>\n",name);
401 fprintf(out, "Info Alias Queue to %s:%s\n", rp, hwtype);
402 fprintf(out, "Printer %s\n", rp);
403 fprintf(out, "Option sides one-sided\n");
404 fprintf(out, "State Idle\n"); // Always with the Idle
405 fprintf(out, "StateTime %ld\n", (long)time(NULL));
406 fprintf(out, "Accepting Yes\n");
407 fprintf(out, "Shared Yes\n");
408 fprintf(out, "QuotaPeriod 0\n");
409 fprintf(out, "PageLimit 0\n");
410 if (location[0])
411 fprintf(out, "Location %s\n", location);
412 /* fprintf(out, "ErrorPolicy abort-job\n"); */
413 if (ka || lpc_acl)
414 fprintf(out, "OpPolicy %s-policy\n", rp);
415 else
416 fprintf(out, "OpPolicy default\n");
417
418 /* Access-control list. */
419 if (ac)
420 {
421 if (ka)
422 fprintf(out, "AuthType Negotiate\n");
423 else
424 fprintf(out, "AuthType Default\n");
425 printer_user_list(out, "LIST", ac, "AllowUser");
426 }
427
428 if (banner == PRN_BANNER_NONE)
429 fprintf(out, "JobSheets none none\n");
430 else
431 fprintf(out, "JobSheets athena none\n");
432 fprintf(out, "</Class>\n");
433 }
434
435 /* Define duplex queues as aliases to the regular queues for
436 * accounting reasons. Annoyingly, classes don't always inherit
437 * their printer definitions.
438 */
439 if (*duplexname)
440 {
441 strtrim(duplexname);
442 fprintf(out, "<Class %s>\n",duplexname);
443 if (!strcmp(prtype,"ALIAS"))
444 fprintf(out, "Info Duplex Alias Queue to %s:%s\n", rp, hwtype);
445 else
446 fprintf(out, "Info Duplex Queue for %s:%s\n", rp, hwtype);
447 fprintf(out, "Option sides two-sided-long-edge\n"); // duplex
448 fprintf(out, "Printer %s\n", rp);
449 fprintf(out, "State Idle\n"); // Always with the Idle
450 fprintf(out, "StateTime %ld\n", (long)time(NULL));
451 fprintf(out, "Accepting Yes\n");
452 fprintf(out, "Shared Yes\n");
453 fprintf(out, "QuotaPeriod 0\n");
454 fprintf(out, "PageLimit 0\n");
455 if (location[0])
456 fprintf(out, "Location %s\n", location);
457 fprintf(out, "ErrorPolicy abort-job\n");
458 if (ka || lpc_acl)
459 fprintf(out, "OpPolicy %s-policy\n", rp);
460 else
461 fprintf(out, "OpPolicy default\n");
462
463 /* Access-control list. */
464 if (ac)
465 {
466 if (ka)
467 fprintf(out, "AuthType Negotiate\n");
468 else
469 fprintf(out, "AuthType Default\n");
470 printer_user_list(out, "LIST", ac, "AllowUser");
471 }
472
473 if (banner == PRN_BANNER_NONE)
474 fprintf(out, "JobSheets none none\n");
475 else if (banner == PRN_BANNER_LAST)
476 fprintf(out, "JobSheets athena none\n");
477 fprintf(out, "</Class>\n");
478 }
479 }
480 EXEC SQL CLOSE csr_duplexqs;
481 tarfile_end(tf);
482
483 /* cups.conf */
484 out = tarfile_start(tf, "/etc/cups/cupsd.conf", 0755, 1, 1,
485 "root", "lp", now);
486
487 fprintf(out, "LogLevel info\n");
488 fprintf(out, "SystemGroup sys root ops-group\n");
489 fprintf(out, "Port 631\n");
490 fprintf(out, "Listen /var/run/cups/cups.sock\n");
491 fprintf(out, "Browsing On\n");
492 fprintf(out, "BrowseOrder allow,deny\n");
493 fprintf(out, "BrowseAllow all\n");
494 fprintf(out, "BrowseAddress @LOCAL\n");
495 fprintf(out, "DefaultAuthType Negotiate\n");
496 fprintf(out, "ServerCertificate /etc/cups/ssl/%s-ipp-crt.pem\n", lhost);
497 fprintf(out, "ServerKey /etc/cups/ssl/%s-ipp-key.pem\n", lhost);
498 fprintf(out, "ServerName %s\n", lhost);
499 fprintf(out, "ServerAlias %s\n", phost);
500 fprintf(out, "Krb5Keytab /etc/krb5-ipp.keytab\n");
501
502 /* The other CUPS servers should be aware of the other hosts'
503 queues, so we'll let them browse each other. */
504 fprintf(out, "Include cups.local.conf\n");
505 fprintf(out, "Include cups.locations.conf\n");
506 fprintf(out, "Include cups.policies.conf\n");
507 tarfile_end(tf);
508
509 /* cups.hosts.conf */
510 out = tarfile_start(tf, "/etc/cups/cups.hosts.conf", 0755, 1, 1,
511 "root", "lp", now);
512 EXEC SQL DECLARE csr_cupshosts CURSOR FOR
513 SELECT m.name AS cupshosts FROM machine m, printservers ps
514 WHERE m.mach_id = ps.mach_id AND ps.kind = 'CUPS';
515 EXEC SQL OPEN csr_cupshosts;
516 while (1)
517 {
518 EXEC SQL FETCH csr_cupshosts INTO :cupshosts;
519 if (sqlca.sqlcode)
520 break;
521
522 strtrim(cupshosts);
523
524 /* Don't poll yourself looking for answers! */
525 if (strcmp(cupshosts,host))
526 fprintf(out, "BrowsePoll %s\n", cupshosts);
527 }
528 EXEC SQL CLOSE csr_cupshosts;
529
530 tarfile_end(tf);
531
532 /* cups.policies.conf */
533 out = tarfile_start(tf, "/etc/cups/cups.policies.conf", 0755, 1, 1,
534 "root", "lp", now);
535 fprintf(out, "# Printer-specific LPC and LPR ACLs\n");
536 /* lpcaccess.top */
537 EXEC SQL SELECT ps.lpc_acl INTO :top_lpc_acl
538 FROM printservers ps, machine m
539 WHERE m.name = :spoolhost AND m.mach_id = ps.mach_id;
540 if (!sqlca.sqlcode && lpc_acl)
541 {
542 fprintf (out, "<Policy default>\n");
543 fprintf (out, "%s\n", alterjob);
544 fprintf (out, "AuthType Default\n");
545 fprintf (out, "Require user @OWNER @SYSTEM\n");
546 printer_user_list(out, "LIST", top_lpc_acl, "Require user");
547 fprintf (out, "Order deny,allow\n");
548 fprintf (out, "</Limit>\n");
549 fprintf (out, "%s\n", submitjob);
550 fprintf (out, "AuthType None\n");
551 fprintf (out, "Order deny,allow\n");
552 fprintf (out, "Allow from all\n");
553 fprintf (out, "</Limit>\n");
554 fprintf (out, "%s\n", alterpntr);
555 fprintf (out, "AuthType Default\n");
556 fprintf (out, "Require user @SYSTEM\n");
557 fprintf (out, "Order deny,allow\n");
558 fprintf (out, "</Limit>\n");
559 fprintf (out, "%s\n", lpcpntr);
560 fprintf (out, "AuthType Default\n");
561 fprintf (out, "Require user @SYSTEM\n");
562 printer_user_list(out, "LIST", top_lpc_acl, "Require user");
563 fprintf (out, "Order deny,allow\n");
564 fprintf (out, "</Limit>\n");
565 fprintf (out, "%s\n", canceljob);
566 fprintf (out, "AuthType Default\n");
567 fprintf (out, "Require user @OWNER @SYSTEM\n");
568 printer_user_list(out, "LIST", top_lpc_acl, "Require user");
569 fprintf (out, "Order deny,allow\n");
570 fprintf (out, "Allow from all\n");
571 fprintf (out, "</Limit>\n");
572 fprintf (out, "%s\n", catchall);
573 fprintf (out, "AuthType None\n");
574 fprintf (out, "Order deny,allow\n");
575 fprintf (out, "Allow from all\n");
576 fprintf (out, "</Limit>\n");
577 fprintf (out, "</Policy>\n");
578 }
579
580 /* restrict lists and lpcaccess policies. Sadly, we have to put the
581 top level for each new policy since CUPS doesn't have a way of
582 doing it otherwise (well, Unix groups, but not moira) */
583 EXEC SQL DECLARE csr_lpc CURSOR FOR
584 SELECT UNIQUE rp, ka, ac, lpc_acl
585 FROM printers
586 WHERE (ac != 0 OR lpc_acl != 0) AND rm in (SELECT m.mach_id FROM machine m, serverhosts sh
662cdab2 587 WHERE m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER') AND sh.enable = 1);
fa2a7b63 588 EXEC SQL OPEN csr_lpc;
589 while (1)
590 {
591 EXEC SQL FETCH csr_lpc INTO :name, :ka, :ac, :lpc_acl;
592 if (sqlca.sqlcode)
593 break;
594
595 strtrim(name);
596
597 fprintf (out, "<Policy %s-policy>\n", name);
598 fprintf (out, "%s\n", alterjob);
599 fprintf (out, "AuthType Default\n");
600 fprintf (out, "Require user @OWNER @SYSTEM\n");
601 printer_user_list(out, "LIST", lpc_acl, "Require user");
602 fprintf (out, "Order deny,allow\n");
603 fprintf (out, "Allow from all\n");
604 fprintf (out, "</Limit>\n");
605 fprintf (out, "%s\n", submitjob);
606 /* If the printer is Kerberized? */
607 if (ka)
608 fprintf (out, "AuthType Negotiate\n");
609 else
610 fprintf (out, "AuthType None\n");
611 /* Access-control list. */
612 if (ac)
613 printer_user_list(out, "LIST", ac, "Require user");
614 else if (ka)
615 fprintf (out, "Require valid-user\n");
616 fprintf (out, "Order deny,allow\n");
617 fprintf (out, "Allow from all\n");
618 fprintf (out, "</Limit>\n");
619 fprintf (out, "%s\n", alterpntr);
620 fprintf (out, "AuthType Default\n");
621 fprintf (out, "Require user @SYSTEM\n");
622 fprintf (out, "Order deny,allow\n");
623 fprintf (out, "</Limit>\n");
624 fprintf (out, "%s\n", lpcpntr);
625 fprintf (out, "AuthType Default\n");
626 fprintf (out, "Require user @SYSTEM\n");
627 /* printer-specific lpc access. */
628 if (lpc_acl)
629 printer_user_list(out, "LIST", lpc_acl, "Require user");
630 printer_user_list(out, "LIST", top_lpc_acl, "Require user");
631 fprintf (out, "Order deny,allow\n");
632 fprintf (out, "</Limit>\n");
633 fprintf (out, "%s\n", canceljob);
634 fprintf (out, "AuthType Default\n");
635 fprintf (out, "Require user @OWNER @SYSTEM\n");
636 printer_user_list(out, "LIST", lpc_acl, "Require user");
637 printer_user_list(out, "LIST", top_lpc_acl, "Require user");
638 fprintf (out, "Order deny,allow\n");
639 fprintf (out, "Allow from all\n");
640 fprintf (out, "</Limit>\n");
641 fprintf (out, "%s\n", catchall);
642 fprintf (out, "AuthType None\n");
643 fprintf (out, "Order deny,allow\n");
644 fprintf (out, "Allow from all\n");
645 fprintf (out, "</Limit>\n");
646 fprintf (out, "</Policy>\n");
647 }
648 EXEC SQL CLOSE csr_lpc;
649 fprintf(out, "\n");
650 tarfile_end(tf);
651 tarfile_close(tf);
652}
653
654void sqlerr(void)
655{
656 db_error(sqlca.sqlcode);
657}
Moira, the Athena Service Management system
This page took 0.130729 seconds and 5 git commands to generate.