]> andersk Git - moira.git/blame - gen/cups-print.pc
Care about CUPS-CLUSTER entries in serverhosts table as well.
[moira.git] / gen / cups-print.pc
CommitLineData
f50216d7 1/* $Id$
2 *
3 * This generates printcaps and other files for Athena print servers
4 *
5 * Copyright (C) 1992-1998 by the Massachusetts Institute of Technology.
6 * For copying and distribution information, please see the file
7 * <mit-copyright.h>.
8 */
9
10#include <mit-copyright.h>
11#include <moira.h>
12#include <moira_site.h>
13
14#include <sys/stat.h>
15#include <sys/types.h>
16
17#include <ctype.h>
18#include <stdio.h>
19#include <string.h>
20
21#include <time.h>
cb974713 22#ifdef HAVE_KRB4
f50216d7 23#include <krb.h>
cb974713 24#endif
f50216d7 25#include <krb5.h>
26
27#include "util.h"
28
f50216d7 29EXEC SQL INCLUDE sqlca;
30
31RCSID("$Header$");
32
33char *whoami = "cups-print.gen";
34char *db = "moira/moira";
35
f57294a2 36const int krbvers = 5; /* use Kerberos 5 */
37
f50216d7 38/* OMG, I hate this, but it's cleaner, I guess? */
39
ea998f5e 40const char *alterjob = "<Limit Hold-Job Release-Job\
41 Restart-Job Purge-Jobs Reprocess-Job Set-Job-Attributes\
f50216d7 42 Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>";
ea998f5e 43const char *submitjob = "<Limit Create-Job Print-Job Print-URI Send-Document\
44 Set-Job-Attributes Send-URI Create-Job-Subscription Renew-Subscription\
45 Cancel-Subscription Get-Notifications CUPS-Move-Job>";
f50216d7 46const char *alterpntr = "<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer\
47 CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>";
48const char *lpcpntr = "<Limit Pause-Printer Resume-Printer Enable-Printer\
49 Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs\
50 Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer\
51 Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After\
52 CUPS-Accept-Jobs CUPS-Reject-Jobs>";
53const char *canceljob = "<Limit Cancel-Job CUPS-Authenticate-Job>";
54const char *catchall = "<Limit All>";
200545fb 55const char *phost = "printers.MIT.EDU";
f50216d7 56
57void do_host(char *host);
58void sqlerr(void);
59#ifndef MAX
60#define MAX(a, b) ( (a) > (b) ? (a) : (b) )
61#endif
62
63int main(int argc, char **argv)
64{
65 EXEC SQL BEGIN DECLARE SECTION;
66 char name[MACHINE_NAME_SIZE];
67 EXEC SQL END DECLARE SECTION;
68
69 init_acls();
70
71 EXEC SQL CONNECT :db;
72
73 EXEC SQL WHENEVER SQLERROR DO sqlerr();
74
75 EXEC SQL DECLARE csr_hosts CURSOR FOR
76 SELECT m.name FROM machine m, serverhosts sh
662cdab2 77 WHERE m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER')
78 AND sh.enable = 1;
f50216d7 79 EXEC SQL OPEN csr_hosts;
80 while (1)
81 {
82 EXEC SQL FETCH csr_hosts INTO :name;
83 if (sqlca.sqlcode)
84 break;
85
86 strtrim(name);
87 do_host(name);
88 }
89 EXEC SQL CLOSE csr_hosts;
90
91 exit(MR_SUCCESS);
92}
93
94void printer_user_list(FILE *out, char *type, int id, char *str)
95{
96 struct save_queue *sq;
97 struct imember *m;
f57294a2 98 char kbuf[MAX_K_NAME_SZ];
99 char *cp;
f50216d7 100
101 sq = get_acl(type, id, NULL);
102 while (sq_remove_data(sq, &m))
103 {
f57294a2 104 if (m->type != 'S' && m->type != NULL) {
105 /* CUPS wants mmanley/root, not mmanley.root@ATHENA.MIT.EDU */
106 canon_krb(m, krbvers, kbuf, sizeof(kbuf));
107
108 /* now, take out all the @realm */
109 for (cp=kbuf; *cp; cp++) {
110 if (*cp == '@') *cp = '\0';
111 }
112 fprintf(out, "%s %s\n", str, kbuf);
113 }
f50216d7 114 freeimember(m);
115 }
116 sq_destroy(sq);
117}
118
119
120
121void do_host(char *host)
122{
123 EXEC SQL BEGIN DECLARE SECTION;
124 char rp[PRINTERS_RP_SIZE], name[PRINTERS_NAME_SIZE];
125 char duplexname[PRINTERS_DUPLEXNAME_SIZE], location[PRINTERS_LOCATION_SIZE];
126 char hwtype[PRINTERS_HWTYPE_SIZE], lowerhwtype[PRINTERS_HWTYPE_SIZE];
127 char modtime[PRINTERS_MODTIME_SIZE], lmodtime[LIST_MODTIME_SIZE];
128 char contact[PRINTERS_CONTACT_SIZE], hostname[MACHINE_NAME_SIZE];
129 char cupshosts[MACHINE_NAME_SIZE], prtype [PRINTERS_TYPE_SIZE];
130 char *spoolhost = host, *unixtime_fmt = UNIXTIME_FMT, *p;
131 char *lhost;
132 int ka, pc, ac, lpc_acl, top_lpc_acl, banner, rm;
133 EXEC SQL END DECLARE SECTION;
134 TARFILE *tf;
135 FILE *out;
136 char filename[MAXPATHLEN], *duptc;
137 time_t mtime, now = time(NULL);
138
139 lhost = (char *) strdup (host);
140 for (p = lhost; *p; p++)
141 *p = tolower(*p);
142
143 EXEC SQL SELECT mach_id INTO :rm FROM machine
144 WHERE name = :spoolhost;
145
c3c53552 146 sprintf(filename, "%s/cups-print/%s", DCM_DIR, host);
f50216d7 147 tf = tarfile_open(filename);
148
cfba011a 149 /* printers.conf entries for locally run queues */
f50216d7 150 out = tarfile_start(tf, "/etc/cups/printers.conf", 0644, 0, 0,
200545fb 151 "lp", "lp", now);
f50216d7 152
153 EXEC SQL DECLARE csr_printers CURSOR FOR
154 SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
155 m.name, pr.banner, pr.location, pr.contact, pr.ka,
f57294a2 156 pr.ac, pr.lpc_acl
f50216d7 157 FROM printers pr, machine m
158 WHERE pr.rm = :rm AND m.mach_id = pr.mach_id
159 AND pr.type != 'ALIAS';
160 EXEC SQL OPEN csr_printers;
161 while (1)
162 {
163 EXEC SQL FETCH csr_printers INTO :rp, :name, :duplexname,
f57294a2 164 :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl;
f50216d7 165 if (sqlca.sqlcode)
166 break;
167
168 strtrim(rp);
169 strtrim(name);
170 strtrim(duplexname);
171 strtrim(hwtype);
172 strtrim(hostname);
173 strtrim(location);
174 strtrim(contact);
175 strcpy(lowerhwtype, hwtype);
cfba011a 176 for (p = rp; *p; p++) /* Because uppercased printer names suck */
177 *p = tolower(*p);
f50216d7 178 for (p = lowerhwtype; *p; p++)
179 *p = tolower(*p);
180
181 fprintf(out, "<Printer %s>\n",rp);
182 fprintf(out, "Info %s:%s\n", rp, hwtype);
183 /* Note the use of "beh" to keep the CUPS from disabling print queues
184 * should they not respond versus discarding the job.
185 * See the "beh" page for details.
186 * The 1/0/60 says "don't disable/try 20 times/try every 60s */
187 if (!strncmp(hwtype, "HP", 2))
188 fprintf(out, "DeviceURI beh:/1/20/60/socket://%s:9100\n", hostname);
189 else
190 fprintf(out, "DeviceURI beh:/1/20/60/socket://%s\n", hostname);
191 fprintf(out, "State Idle\n"); // Always with the Idle
192 fprintf(out, "StateTime %ld\n", (long)time(NULL));
193 fprintf(out, "Accepting Yes\n");
194 fprintf(out, "Shared Yes\n");
195 fprintf(out, "QuotaPeriod 0\n");
196 fprintf(out, "PageLimit 0\n");
197 fprintf(out, "Klimit 0\n");
198 fprintf(out, "Option sides one-sided\n");
cfba011a 199 fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
200 fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
201 fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
202 fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
203 fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
f50216d7 204 if (location[0])
205 fprintf(out, "Location %s\n", location);
206 fprintf(out, "ErrorPolicy abort-job\n");
f57294a2 207 if (ka || lpc_acl)
f50216d7 208 fprintf(out, "OpPolicy %s-policy\n", rp);
f57294a2 209 else
210 fprintf(out, "OpPolicy default\n");
f50216d7 211
212 /* Access-control list. */
213 if (ac)
214 {
215 if (ka)
216 fprintf(out, "AuthType Negotiate\n");
217 else
f57294a2 218 fprintf(out, "AuthType Default\n");
f50216d7 219 printer_user_list(out, "LIST", ac, "AllowUser");
220 }
221
222 if (banner == PRN_BANNER_NONE)
223 fprintf(out, "JobSheets none none\n");
224 else
225 fprintf(out, "JobSheets athena none\n");
226 fprintf(out, "</Printer>\n");
227
228 }
229 EXEC SQL CLOSE csr_printers;
cfba011a 230
231 /* printers.conf entries for non-local CUPS queues */
232 EXEC SQL DECLARE csr_remote_printers CURSOR FOR
233 SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
234 m.name, pr.banner, pr.location, pr.contact, pr.ka,
235 pr.ac, pr.lpc_acl, m.name as cupshosts
236 FROM printers pr, machine m, serverhosts sh
237 WHERE pr.rm = m.mach_id
238 AND pr.type != 'ALIAS' AND m.name <> :spoolhost AND
662cdab2 239 m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER')
240 AND sh.enable = 1 AND m.mach_id = sh.mach_id;
cfba011a 241
242 EXEC SQL OPEN csr_remote_printers;
243 while (1)
244 {
245 EXEC SQL FETCH csr_remote_printers INTO :rp, :name, :duplexname,
246 :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl, :cupshosts;
247 if (sqlca.sqlcode)
248 break;
249
250 strtrim(rp);
251 strtrim(name);
252 strtrim(duplexname);
253 strtrim(hwtype);
254 strtrim(hostname);
255 strtrim(location);
256 strtrim(contact);
257 strtrim(cupshosts);
258 strcpy(lowerhwtype, hwtype);
259 for (p = rp; *p; p++) /* Because uppercased printer names suck */
260 *p = tolower(*p);
261 for (p = lowerhwtype; *p; p++)
262 *p = tolower(*p);
263
264 fprintf(out, "<Printer %s>\n",rp);
265 fprintf(out, "Info %s:%s\n", rp, hwtype);
266 fprintf(out, "DeviceURI ipp://%s:631/printers/%s\n", cupshosts, rp);
267 fprintf(out, "State Idle\n"); // Always with the Idle
268 fprintf(out, "StateTime %ld\n", (long)time(NULL));
269 fprintf(out, "Accepting Yes\n");
270 fprintf(out, "Shared Yes\n");
271 fprintf(out, "QuotaPeriod 0\n");
272 fprintf(out, "PageLimit 0\n");
273 fprintf(out, "Klimit 0\n");
274 fprintf(out, "Option sides one-sided\n");
275 fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
276 fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
277 fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
278 fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
279 fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
280 if (location[0])
281 fprintf(out, "Location %s\n", location);
282 fprintf(out, "ErrorPolicy abort-job\n");
283 if (ka || lpc_acl)
284 fprintf(out, "OpPolicy %s-policy\n", rp);
285 else
286 fprintf(out, "OpPolicy default\n");
287
288 /* Access-control list. */
289 if (ac)
290 {
291 if (ka)
292 fprintf(out, "AuthType Negotiate\n");
293 else
294 fprintf(out, "AuthType Default\n");
295 printer_user_list(out, "LIST", ac, "AllowUser");
296 }
297
298 if (banner == PRN_BANNER_NONE)
299 fprintf(out, "JobSheets none none\n");
300 else
301 fprintf(out, "JobSheets athena none\n");
302 fprintf(out, "</Printer>\n");
303
304 }
305 EXEC SQL CLOSE csr_remote_printers;
306
307 /* printers.conf entries for non-local LPRng queues */
308 EXEC SQL DECLARE csr_lprng_printers CURSOR FOR
309 SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
310 m.name, pr.banner, pr.location, pr.contact, pr.ka,
311 pr.ac, pr.lpc_acl, m.name as cupshosts
312 FROM printers pr, machine m, serverhosts sh
313 WHERE pr.rm = m.mach_id
314 AND pr.type != 'ALIAS' AND m.name <> :spoolhost AND
315 m.mach_id = sh.mach_id AND sh.service = 'PRINT' AND
316 sh.enable = 1;
317
318 EXEC SQL OPEN csr_lprng_printers;
319 while (1)
320 {
321 EXEC SQL FETCH csr_lprng_printers INTO :rp, :name, :duplexname,
322 :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl, :cupshosts;
323 if (sqlca.sqlcode)
324 break;
325
326 strtrim(rp);
327 strtrim(name);
328 strtrim(duplexname);
329 strtrim(hwtype);
330 strtrim(hostname);
331 strtrim(location);
332 strtrim(contact);
333 strtrim(cupshosts);
334 strcpy(lowerhwtype, hwtype);
335 for (p = rp; *p; p++) /* Because uppercased printer names suck */
336 *p = tolower(*p);
337 for (p = lowerhwtype; *p; p++)
338 *p = tolower(*p);
339
340 fprintf(out, "<Printer %s>\n",rp);
341 fprintf(out, "Info %s:LPRng Queue on %s\n", rp, cupshosts);
342 fprintf(out, "DeviceURI lpd://%s/%s\n", cupshosts, rp);
343 fprintf(out, "State Idle\n"); // Always with the Idle
344 fprintf(out, "StateTime %ld\n", (long)time(NULL));
345 fprintf(out, "Accepting Yes\n");
346 fprintf(out, "Shared Yes\n");
347 fprintf(out, "QuotaPeriod 0\n");
348 fprintf(out, "PageLimit 0\n");
349 fprintf(out, "Klimit 0\n");
350 fprintf(out, "Option sides one-sided\n");
351 fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
352 fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
353 fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
354 fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
355 fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
356 if (location[0])
357 fprintf(out, "Location %s\n", location);
358 fprintf(out, "ErrorPolicy abort-job\n");
359 fprintf(out, "OpPolicy default\n");
360 fprintf(out, "JobSheets none none\n");
361 fprintf(out, "</Printer>\n");
362
363 }
364 EXEC SQL CLOSE csr_lprng_printers;
f50216d7 365 tarfile_end(tf);
366
367
368 /* aliases are in classes.conf */
369 out = tarfile_start(tf, "/etc/cups/classes.conf", 0644, 0, 0,
200545fb 370 "lp", "lp", now);
f50216d7 371 EXEC SQL DECLARE csr_duplexqs CURSOR FOR
372 SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
373 m.name, pr.banner, pr.location, pr.contact, pr.ka,
374 pr.type as prtype, pr.ac
cfba011a 375 FROM printers pr, machine m, serverhosts sh
376 WHERE pr.rm = m.mach_id
377 AND m.mach_id = sh.mach_id AND sh.enable = 1
662cdab2 378 AND (sh.service = 'CUPS-PRINT' OR sh.service = 'PRINT' OR sh.service = 'CUPS-CLUSTER');
f50216d7 379 EXEC SQL OPEN csr_duplexqs;
380 while (1)
381 {
382 EXEC SQL FETCH csr_duplexqs INTO :rp, :name, :duplexname,
383 :hwtype, :hostname, :banner, :location, :contact, :ka, :prtype, :ac;
384 if (sqlca.sqlcode)
385 break;
386
387 strtrim(hwtype);
388 strtrim(rp);
389 strtrim(location);
390 strtrim(contact);
391 strtrim(prtype);
392
393 /* Define alias queues as classes to the regular queues for
394 * accounting reasons. Annoyingly, classes don't always inherit
395 * their printer definitions.
396 */
397 if (!strcmp(prtype,"ALIAS"))
398 {
399 strtrim(name);
400 fprintf(out, "<Class %s>\n",name);
401 fprintf(out, "Info Alias Queue to %s:%s\n", rp, hwtype);
402 fprintf(out, "Printer %s\n", rp);
403 fprintf(out, "Option sides one-sided\n");
404 fprintf(out, "State Idle\n"); // Always with the Idle
405 fprintf(out, "StateTime %ld\n", (long)time(NULL));
406 fprintf(out, "Accepting Yes\n");
407 fprintf(out, "Shared Yes\n");
408 fprintf(out, "QuotaPeriod 0\n");
409 fprintf(out, "PageLimit 0\n");
410 if (location[0])
411 fprintf(out, "Location %s\n", location);
cfba011a 412 /* fprintf(out, "ErrorPolicy abort-job\n"); */
f57294a2 413 if (ka || lpc_acl)
f50216d7 414 fprintf(out, "OpPolicy %s-policy\n", rp);
f57294a2 415 else
416 fprintf(out, "OpPolicy default\n");
f50216d7 417
418 /* Access-control list. */
419 if (ac)
420 {
421 if (ka)
422 fprintf(out, "AuthType Negotiate\n");
423 else
f57294a2 424 fprintf(out, "AuthType Default\n");
f50216d7 425 printer_user_list(out, "LIST", ac, "AllowUser");
426 }
427
428 if (banner == PRN_BANNER_NONE)
429 fprintf(out, "JobSheets none none\n");
430 else
431 fprintf(out, "JobSheets athena none\n");
432 fprintf(out, "</Class>\n");
433 }
434
435 /* Define duplex queues as aliases to the regular queues for
436 * accounting reasons. Annoyingly, classes don't always inherit
437 * their printer definitions.
438 */
439 if (*duplexname)
440 {
441 strtrim(duplexname);
442 fprintf(out, "<Class %s>\n",duplexname);
443 if (!strcmp(prtype,"ALIAS"))
444 fprintf(out, "Info Duplex Alias Queue to %s:%s\n", rp, hwtype);
445 else
446 fprintf(out, "Info Duplex Queue for %s:%s\n", rp, hwtype);
447 fprintf(out, "Option sides two-sided-long-edge\n"); // duplex
448 fprintf(out, "Printer %s\n", rp);
449 fprintf(out, "State Idle\n"); // Always with the Idle
450 fprintf(out, "StateTime %ld\n", (long)time(NULL));
451 fprintf(out, "Accepting Yes\n");
452 fprintf(out, "Shared Yes\n");
453 fprintf(out, "QuotaPeriod 0\n");
454 fprintf(out, "PageLimit 0\n");
455 if (location[0])
456 fprintf(out, "Location %s\n", location);
457 fprintf(out, "ErrorPolicy abort-job\n");
f57294a2 458 if (ka || lpc_acl)
f50216d7 459 fprintf(out, "OpPolicy %s-policy\n", rp);
f57294a2 460 else
461 fprintf(out, "OpPolicy default\n");
f50216d7 462
463 /* Access-control list. */
464 if (ac)
465 {
466 if (ka)
467 fprintf(out, "AuthType Negotiate\n");
468 else
f57294a2 469 fprintf(out, "AuthType Default\n");
f50216d7 470 printer_user_list(out, "LIST", ac, "AllowUser");
471 }
472
473 if (banner == PRN_BANNER_NONE)
474 fprintf(out, "JobSheets none none\n");
475 else if (banner == PRN_BANNER_LAST)
476 fprintf(out, "JobSheets athena none\n");
477 fprintf(out, "</Class>\n");
478 }
479 }
480 EXEC SQL CLOSE csr_duplexqs;
481 tarfile_end(tf);
482
483 /* cups.conf */
484 out = tarfile_start(tf, "/etc/cups/cupsd.conf", 0755, 1, 1,
485 "root", "lp", now);
486
487 fprintf(out, "LogLevel info\n");
488 fprintf(out, "SystemGroup sys root ops-group\n");
489 fprintf(out, "Port 631\n");
490 fprintf(out, "Listen /var/run/cups/cups.sock\n");
491 fprintf(out, "Browsing On\n");
492 fprintf(out, "BrowseOrder allow,deny\n");
493 fprintf(out, "BrowseAllow all\n");
494 fprintf(out, "BrowseAddress @LOCAL\n");
495 fprintf(out, "DefaultAuthType Negotiate\n");
496 fprintf(out, "ServerCertificate /etc/cups/ssl/%s-ipp-crt.pem\n", lhost);
497 fprintf(out, "ServerKey /etc/cups/ssl/%s-ipp-key.pem\n", lhost);
498 fprintf(out, "ServerName %s\n", lhost);
200545fb 499 fprintf(out, "ServerAlias %s\n", phost);
f50216d7 500 fprintf(out, "Krb5Keytab /etc/krb5-ipp.keytab\n");
f50216d7 501
502 /* The other CUPS servers should be aware of the other hosts'
503 queues, so we'll let them browse each other. */
72a62bdc 504 fprintf(out, "Include cups.local.conf\n");
72a62bdc 505 fprintf(out, "Include cups.locations.conf\n");
506 fprintf(out, "Include cups.policies.conf\n");
507 tarfile_end(tf);
f50216d7 508
72a62bdc 509 /* cups.hosts.conf */
510 out = tarfile_start(tf, "/etc/cups/cups.hosts.conf", 0755, 1, 1,
511 "root", "lp", now);
f50216d7 512 EXEC SQL DECLARE csr_cupshosts CURSOR FOR
513 SELECT m.name AS cupshosts FROM machine m, printservers ps
514 WHERE m.mach_id = ps.mach_id AND ps.kind = 'CUPS';
515 EXEC SQL OPEN csr_cupshosts;
516 while (1)
517 {
518 EXEC SQL FETCH csr_cupshosts INTO :cupshosts;
519 if (sqlca.sqlcode)
520 break;
521
522 strtrim(cupshosts);
523
524 /* Don't poll yourself looking for answers! */
525 if (strcmp(cupshosts,host))
526 fprintf(out, "BrowsePoll %s\n", cupshosts);
527 }
528 EXEC SQL CLOSE csr_cupshosts;
f50216d7 529
530 tarfile_end(tf);
531
532 /* cups.policies.conf */
533 out = tarfile_start(tf, "/etc/cups/cups.policies.conf", 0755, 1, 1,
534 "root", "lp", now);
535 fprintf(out, "# Printer-specific LPC and LPR ACLs\n");
536 /* lpcaccess.top */
537 EXEC SQL SELECT ps.lpc_acl INTO :top_lpc_acl
538 FROM printservers ps, machine m
539 WHERE m.name = :spoolhost AND m.mach_id = ps.mach_id;
540 if (!sqlca.sqlcode && lpc_acl)
541 {
542 fprintf (out, "<Policy default>\n");
543 fprintf (out, "%s\n", alterjob);
544 fprintf (out, "AuthType Default\n");
545 fprintf (out, "Require user @OWNER @SYSTEM\n");
546 printer_user_list(out, "LIST", top_lpc_acl, "Require user");
547 fprintf (out, "Order deny,allow\n");
548 fprintf (out, "</Limit>\n");
549 fprintf (out, "%s\n", submitjob);
11bc6bdc 550 fprintf (out, "AuthType None\n");
f50216d7 551 fprintf (out, "Order deny,allow\n");
11bc6bdc 552 fprintf (out, "Allow from all\n");
f50216d7 553 fprintf (out, "</Limit>\n");
554 fprintf (out, "%s\n", alterpntr);
555 fprintf (out, "AuthType Default\n");
556 fprintf (out, "Require user @SYSTEM\n");
557 fprintf (out, "Order deny,allow\n");
558 fprintf (out, "</Limit>\n");
559 fprintf (out, "%s\n", lpcpntr);
560 fprintf (out, "AuthType Default\n");
561 fprintf (out, "Require user @SYSTEM\n");
562 printer_user_list(out, "LIST", top_lpc_acl, "Require user");
563 fprintf (out, "Order deny,allow\n");
564 fprintf (out, "</Limit>\n");
565 fprintf (out, "%s\n", canceljob);
566 fprintf (out, "AuthType Default\n");
567 fprintf (out, "Require user @OWNER @SYSTEM\n");
568 printer_user_list(out, "LIST", top_lpc_acl, "Require user");
569 fprintf (out, "Order deny,allow\n");
03e05c1a 570 fprintf (out, "Allow from all\n");
f50216d7 571 fprintf (out, "</Limit>\n");
572 fprintf (out, "%s\n", catchall);
81b41491 573 fprintf (out, "AuthType None\n");
f50216d7 574 fprintf (out, "Order deny,allow\n");
11bc6bdc 575 fprintf (out, "Allow from all\n");
f50216d7 576 fprintf (out, "</Limit>\n");
577 fprintf (out, "</Policy>\n");
578 }
579
580 /* restrict lists and lpcaccess policies. Sadly, we have to put the
581 top level for each new policy since CUPS doesn't have a way of
582 doing it otherwise (well, Unix groups, but not moira) */
583 EXEC SQL DECLARE csr_lpc CURSOR FOR
584 SELECT UNIQUE rp, ka, ac, lpc_acl
585 FROM printers
cfba011a 586 WHERE (ac != 0 OR lpc_acl != 0) AND rm in (SELECT m.mach_id FROM machine m, serverhosts sh
662cdab2 587 WHERE m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER')
588 AND sh.enable = 1);
f50216d7 589 EXEC SQL OPEN csr_lpc;
590 while (1)
591 {
592 EXEC SQL FETCH csr_lpc INTO :name, :ka, :ac, :lpc_acl;
593 if (sqlca.sqlcode)
594 break;
595
596 strtrim(name);
597
598 fprintf (out, "<Policy %s-policy>\n", name);
599 fprintf (out, "%s\n", alterjob);
600 fprintf (out, "AuthType Default\n");
601 fprintf (out, "Require user @OWNER @SYSTEM\n");
602 printer_user_list(out, "LIST", lpc_acl, "Require user");
603 fprintf (out, "Order deny,allow\n");
03e05c1a 604 fprintf (out, "Allow from all\n");
f50216d7 605 fprintf (out, "</Limit>\n");
606 fprintf (out, "%s\n", submitjob);
607 /* If the printer is Kerberized? */
608 if (ka)
609 fprintf (out, "AuthType Negotiate\n");
610 else
611 fprintf (out, "AuthType None\n");
612 /* Access-control list. */
613 if (ac)
614 printer_user_list(out, "LIST", ac, "Require user");
615 else if (ka)
616 fprintf (out, "Require valid-user\n");
617 fprintf (out, "Order deny,allow\n");
11bc6bdc 618 fprintf (out, "Allow from all\n");
f50216d7 619 fprintf (out, "</Limit>\n");
620 fprintf (out, "%s\n", alterpntr);
621 fprintf (out, "AuthType Default\n");
622 fprintf (out, "Require user @SYSTEM\n");
623 fprintf (out, "Order deny,allow\n");
624 fprintf (out, "</Limit>\n");
625 fprintf (out, "%s\n", lpcpntr);
626 fprintf (out, "AuthType Default\n");
627 fprintf (out, "Require user @SYSTEM\n");
628 /* printer-specific lpc access. */
629 if (lpc_acl)
630 printer_user_list(out, "LIST", lpc_acl, "Require user");
631 printer_user_list(out, "LIST", top_lpc_acl, "Require user");
632 fprintf (out, "Order deny,allow\n");
633 fprintf (out, "</Limit>\n");
634 fprintf (out, "%s\n", canceljob);
635 fprintf (out, "AuthType Default\n");
636 fprintf (out, "Require user @OWNER @SYSTEM\n");
637 printer_user_list(out, "LIST", lpc_acl, "Require user");
638 printer_user_list(out, "LIST", top_lpc_acl, "Require user");
639 fprintf (out, "Order deny,allow\n");
11bc6bdc 640 fprintf (out, "Allow from all\n");
f50216d7 641 fprintf (out, "</Limit>\n");
642 fprintf (out, "%s\n", catchall);
11bc6bdc 643 fprintf (out, "AuthType None\n");
f50216d7 644 fprintf (out, "Order deny,allow\n");
11bc6bdc 645 fprintf (out, "Allow from all\n");
f50216d7 646 fprintf (out, "</Limit>\n");
647 fprintf (out, "</Policy>\n");
648 }
649 EXEC SQL CLOSE csr_lpc;
650 fprintf(out, "\n");
651 tarfile_end(tf);
652 tarfile_close(tf);
653}
654
655void sqlerr(void)
656{
657 db_error(sqlca.sqlcode);
658}
This page took 0.145664 seconds and 5 git commands to generate.