]>
Commit | Line | Data |
---|---|---|
f50216d7 | 1 | /* $Id$ |
2 | * | |
3 | * This generates printcaps and other files for Athena print servers | |
4 | * | |
5 | * Copyright (C) 1992-1998 by the Massachusetts Institute of Technology. | |
6 | * For copying and distribution information, please see the file | |
7 | * <mit-copyright.h>. | |
8 | */ | |
9 | ||
10 | #include <mit-copyright.h> | |
11 | #include <moira.h> | |
12 | #include <moira_site.h> | |
13 | ||
14 | #include <sys/stat.h> | |
15 | #include <sys/types.h> | |
16 | ||
17 | #include <ctype.h> | |
18 | #include <stdio.h> | |
19 | #include <string.h> | |
20 | ||
21 | #include <time.h> | |
cb974713 | 22 | #ifdef HAVE_KRB4 |
f50216d7 | 23 | #include <krb.h> |
cb974713 | 24 | #endif |
f50216d7 | 25 | #include <krb5.h> |
26 | ||
27 | #include "util.h" | |
28 | ||
f50216d7 | 29 | EXEC SQL INCLUDE sqlca; |
30 | ||
31 | RCSID("$Header$"); | |
32 | ||
33 | char *whoami = "cups-print.gen"; | |
34 | char *db = "moira/moira"; | |
35 | ||
f57294a2 | 36 | const int krbvers = 5; /* use Kerberos 5 */ |
37 | ||
f50216d7 | 38 | /* OMG, I hate this, but it's cleaner, I guess? */ |
39 | ||
ea998f5e | 40 | const char *alterjob = "<Limit Hold-Job Release-Job\ |
41 | Restart-Job Purge-Jobs Reprocess-Job Set-Job-Attributes\ | |
f50216d7 | 42 | Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>"; |
ea998f5e | 43 | const char *submitjob = "<Limit Create-Job Print-Job Print-URI Send-Document\ |
44 | Set-Job-Attributes Send-URI Create-Job-Subscription Renew-Subscription\ | |
45 | Cancel-Subscription Get-Notifications CUPS-Move-Job>"; | |
f50216d7 | 46 | const char *alterpntr = "<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer\ |
47 | CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>"; | |
48 | const char *lpcpntr = "<Limit Pause-Printer Resume-Printer Enable-Printer\ | |
49 | Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs\ | |
50 | Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer\ | |
51 | Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After\ | |
52 | CUPS-Accept-Jobs CUPS-Reject-Jobs>"; | |
53 | const char *canceljob = "<Limit Cancel-Job CUPS-Authenticate-Job>"; | |
54 | const char *catchall = "<Limit All>"; | |
200545fb | 55 | const char *phost = "printers.MIT.EDU"; |
f50216d7 | 56 | |
57 | void do_host(char *host); | |
58 | void sqlerr(void); | |
59 | #ifndef MAX | |
60 | #define MAX(a, b) ( (a) > (b) ? (a) : (b) ) | |
61 | #endif | |
62 | ||
63 | int main(int argc, char **argv) | |
64 | { | |
65 | EXEC SQL BEGIN DECLARE SECTION; | |
66 | char name[MACHINE_NAME_SIZE]; | |
67 | EXEC SQL END DECLARE SECTION; | |
68 | ||
69 | init_acls(); | |
70 | ||
71 | EXEC SQL CONNECT :db; | |
72 | ||
73 | EXEC SQL WHENEVER SQLERROR DO sqlerr(); | |
74 | ||
75 | EXEC SQL DECLARE csr_hosts CURSOR FOR | |
76 | SELECT m.name FROM machine m, serverhosts sh | |
662cdab2 | 77 | WHERE m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER') |
78 | AND sh.enable = 1; | |
f50216d7 | 79 | EXEC SQL OPEN csr_hosts; |
80 | while (1) | |
81 | { | |
82 | EXEC SQL FETCH csr_hosts INTO :name; | |
83 | if (sqlca.sqlcode) | |
84 | break; | |
85 | ||
86 | strtrim(name); | |
87 | do_host(name); | |
88 | } | |
89 | EXEC SQL CLOSE csr_hosts; | |
90 | ||
91 | exit(MR_SUCCESS); | |
92 | } | |
93 | ||
94 | void printer_user_list(FILE *out, char *type, int id, char *str) | |
95 | { | |
96 | struct save_queue *sq; | |
97 | struct imember *m; | |
f57294a2 | 98 | char kbuf[MAX_K_NAME_SZ]; |
99 | char *cp; | |
f50216d7 | 100 | |
101 | sq = get_acl(type, id, NULL); | |
102 | while (sq_remove_data(sq, &m)) | |
103 | { | |
f57294a2 | 104 | if (m->type != 'S' && m->type != NULL) { |
105 | /* CUPS wants mmanley/root, not mmanley.root@ATHENA.MIT.EDU */ | |
106 | canon_krb(m, krbvers, kbuf, sizeof(kbuf)); | |
107 | ||
108 | /* now, take out all the @realm */ | |
109 | for (cp=kbuf; *cp; cp++) { | |
110 | if (*cp == '@') *cp = '\0'; | |
111 | } | |
112 | fprintf(out, "%s %s\n", str, kbuf); | |
113 | } | |
f50216d7 | 114 | freeimember(m); |
115 | } | |
116 | sq_destroy(sq); | |
117 | } | |
118 | ||
119 | ||
120 | ||
121 | void do_host(char *host) | |
122 | { | |
123 | EXEC SQL BEGIN DECLARE SECTION; | |
124 | char rp[PRINTERS_RP_SIZE], name[PRINTERS_NAME_SIZE]; | |
125 | char duplexname[PRINTERS_DUPLEXNAME_SIZE], location[PRINTERS_LOCATION_SIZE]; | |
126 | char hwtype[PRINTERS_HWTYPE_SIZE], lowerhwtype[PRINTERS_HWTYPE_SIZE]; | |
127 | char modtime[PRINTERS_MODTIME_SIZE], lmodtime[LIST_MODTIME_SIZE]; | |
128 | char contact[PRINTERS_CONTACT_SIZE], hostname[MACHINE_NAME_SIZE]; | |
129 | char cupshosts[MACHINE_NAME_SIZE], prtype [PRINTERS_TYPE_SIZE]; | |
130 | char *spoolhost = host, *unixtime_fmt = UNIXTIME_FMT, *p; | |
131 | char *lhost; | |
132 | int ka, pc, ac, lpc_acl, top_lpc_acl, banner, rm; | |
133 | EXEC SQL END DECLARE SECTION; | |
134 | TARFILE *tf; | |
135 | FILE *out; | |
136 | char filename[MAXPATHLEN], *duptc; | |
137 | time_t mtime, now = time(NULL); | |
138 | ||
139 | lhost = (char *) strdup (host); | |
140 | for (p = lhost; *p; p++) | |
141 | *p = tolower(*p); | |
142 | ||
143 | EXEC SQL SELECT mach_id INTO :rm FROM machine | |
144 | WHERE name = :spoolhost; | |
145 | ||
c3c53552 | 146 | sprintf(filename, "%s/cups-print/%s", DCM_DIR, host); |
f50216d7 | 147 | tf = tarfile_open(filename); |
148 | ||
cfba011a | 149 | /* printers.conf entries for locally run queues */ |
f50216d7 | 150 | out = tarfile_start(tf, "/etc/cups/printers.conf", 0644, 0, 0, |
200545fb | 151 | "lp", "lp", now); |
f50216d7 | 152 | |
153 | EXEC SQL DECLARE csr_printers CURSOR FOR | |
154 | SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype, | |
155 | m.name, pr.banner, pr.location, pr.contact, pr.ka, | |
f57294a2 | 156 | pr.ac, pr.lpc_acl |
f50216d7 | 157 | FROM printers pr, machine m |
158 | WHERE pr.rm = :rm AND m.mach_id = pr.mach_id | |
159 | AND pr.type != 'ALIAS'; | |
160 | EXEC SQL OPEN csr_printers; | |
161 | while (1) | |
162 | { | |
163 | EXEC SQL FETCH csr_printers INTO :rp, :name, :duplexname, | |
f57294a2 | 164 | :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl; |
f50216d7 | 165 | if (sqlca.sqlcode) |
166 | break; | |
167 | ||
168 | strtrim(rp); | |
169 | strtrim(name); | |
170 | strtrim(duplexname); | |
171 | strtrim(hwtype); | |
172 | strtrim(hostname); | |
173 | strtrim(location); | |
174 | strtrim(contact); | |
175 | strcpy(lowerhwtype, hwtype); | |
cfba011a | 176 | for (p = rp; *p; p++) /* Because uppercased printer names suck */ |
177 | *p = tolower(*p); | |
f50216d7 | 178 | for (p = lowerhwtype; *p; p++) |
179 | *p = tolower(*p); | |
180 | ||
181 | fprintf(out, "<Printer %s>\n",rp); | |
182 | fprintf(out, "Info %s:%s\n", rp, hwtype); | |
183 | /* Note the use of "beh" to keep the CUPS from disabling print queues | |
184 | * should they not respond versus discarding the job. | |
185 | * See the "beh" page for details. | |
186 | * The 1/0/60 says "don't disable/try 20 times/try every 60s */ | |
187 | if (!strncmp(hwtype, "HP", 2)) | |
188 | fprintf(out, "DeviceURI beh:/1/20/60/socket://%s:9100\n", hostname); | |
189 | else | |
190 | fprintf(out, "DeviceURI beh:/1/20/60/socket://%s\n", hostname); | |
191 | fprintf(out, "State Idle\n"); // Always with the Idle | |
192 | fprintf(out, "StateTime %ld\n", (long)time(NULL)); | |
193 | fprintf(out, "Accepting Yes\n"); | |
194 | fprintf(out, "Shared Yes\n"); | |
195 | fprintf(out, "QuotaPeriod 0\n"); | |
196 | fprintf(out, "PageLimit 0\n"); | |
197 | fprintf(out, "Klimit 0\n"); | |
198 | fprintf(out, "Option sides one-sided\n"); | |
cfba011a | 199 | fprintf(out, "Filter application/vnd.cups-raw 0 -\n"); |
200 | fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n"); | |
201 | fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n"); | |
202 | fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n"); | |
203 | fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n"); | |
f50216d7 | 204 | if (location[0]) |
205 | fprintf(out, "Location %s\n", location); | |
206 | fprintf(out, "ErrorPolicy abort-job\n"); | |
f57294a2 | 207 | if (ka || lpc_acl) |
f50216d7 | 208 | fprintf(out, "OpPolicy %s-policy\n", rp); |
f57294a2 | 209 | else |
210 | fprintf(out, "OpPolicy default\n"); | |
f50216d7 | 211 | |
212 | /* Access-control list. */ | |
213 | if (ac) | |
214 | { | |
215 | if (ka) | |
216 | fprintf(out, "AuthType Negotiate\n"); | |
217 | else | |
f57294a2 | 218 | fprintf(out, "AuthType Default\n"); |
f50216d7 | 219 | printer_user_list(out, "LIST", ac, "AllowUser"); |
220 | } | |
221 | ||
222 | if (banner == PRN_BANNER_NONE) | |
223 | fprintf(out, "JobSheets none none\n"); | |
224 | else | |
225 | fprintf(out, "JobSheets athena none\n"); | |
226 | fprintf(out, "</Printer>\n"); | |
227 | ||
228 | } | |
229 | EXEC SQL CLOSE csr_printers; | |
cfba011a | 230 | |
231 | /* printers.conf entries for non-local CUPS queues */ | |
232 | EXEC SQL DECLARE csr_remote_printers CURSOR FOR | |
233 | SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype, | |
234 | m.name, pr.banner, pr.location, pr.contact, pr.ka, | |
235 | pr.ac, pr.lpc_acl, m.name as cupshosts | |
236 | FROM printers pr, machine m, serverhosts sh | |
237 | WHERE pr.rm = m.mach_id | |
238 | AND pr.type != 'ALIAS' AND m.name <> :spoolhost AND | |
662cdab2 | 239 | m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER') |
240 | AND sh.enable = 1 AND m.mach_id = sh.mach_id; | |
cfba011a | 241 | |
242 | EXEC SQL OPEN csr_remote_printers; | |
243 | while (1) | |
244 | { | |
245 | EXEC SQL FETCH csr_remote_printers INTO :rp, :name, :duplexname, | |
246 | :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl, :cupshosts; | |
247 | if (sqlca.sqlcode) | |
248 | break; | |
249 | ||
250 | strtrim(rp); | |
251 | strtrim(name); | |
252 | strtrim(duplexname); | |
253 | strtrim(hwtype); | |
254 | strtrim(hostname); | |
255 | strtrim(location); | |
256 | strtrim(contact); | |
257 | strtrim(cupshosts); | |
258 | strcpy(lowerhwtype, hwtype); | |
259 | for (p = rp; *p; p++) /* Because uppercased printer names suck */ | |
260 | *p = tolower(*p); | |
261 | for (p = lowerhwtype; *p; p++) | |
262 | *p = tolower(*p); | |
263 | ||
264 | fprintf(out, "<Printer %s>\n",rp); | |
265 | fprintf(out, "Info %s:%s\n", rp, hwtype); | |
266 | fprintf(out, "DeviceURI ipp://%s:631/printers/%s\n", cupshosts, rp); | |
267 | fprintf(out, "State Idle\n"); // Always with the Idle | |
268 | fprintf(out, "StateTime %ld\n", (long)time(NULL)); | |
269 | fprintf(out, "Accepting Yes\n"); | |
270 | fprintf(out, "Shared Yes\n"); | |
271 | fprintf(out, "QuotaPeriod 0\n"); | |
272 | fprintf(out, "PageLimit 0\n"); | |
273 | fprintf(out, "Klimit 0\n"); | |
274 | fprintf(out, "Option sides one-sided\n"); | |
275 | fprintf(out, "Filter application/vnd.cups-raw 0 -\n"); | |
276 | fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n"); | |
277 | fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n"); | |
278 | fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n"); | |
279 | fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n"); | |
280 | if (location[0]) | |
281 | fprintf(out, "Location %s\n", location); | |
282 | fprintf(out, "ErrorPolicy abort-job\n"); | |
283 | if (ka || lpc_acl) | |
284 | fprintf(out, "OpPolicy %s-policy\n", rp); | |
285 | else | |
286 | fprintf(out, "OpPolicy default\n"); | |
287 | ||
288 | /* Access-control list. */ | |
289 | if (ac) | |
290 | { | |
291 | if (ka) | |
292 | fprintf(out, "AuthType Negotiate\n"); | |
293 | else | |
294 | fprintf(out, "AuthType Default\n"); | |
295 | printer_user_list(out, "LIST", ac, "AllowUser"); | |
296 | } | |
297 | ||
298 | if (banner == PRN_BANNER_NONE) | |
299 | fprintf(out, "JobSheets none none\n"); | |
300 | else | |
301 | fprintf(out, "JobSheets athena none\n"); | |
302 | fprintf(out, "</Printer>\n"); | |
303 | ||
304 | } | |
305 | EXEC SQL CLOSE csr_remote_printers; | |
306 | ||
307 | /* printers.conf entries for non-local LPRng queues */ | |
308 | EXEC SQL DECLARE csr_lprng_printers CURSOR FOR | |
309 | SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype, | |
310 | m.name, pr.banner, pr.location, pr.contact, pr.ka, | |
311 | pr.ac, pr.lpc_acl, m.name as cupshosts | |
312 | FROM printers pr, machine m, serverhosts sh | |
313 | WHERE pr.rm = m.mach_id | |
314 | AND pr.type != 'ALIAS' AND m.name <> :spoolhost AND | |
315 | m.mach_id = sh.mach_id AND sh.service = 'PRINT' AND | |
316 | sh.enable = 1; | |
317 | ||
318 | EXEC SQL OPEN csr_lprng_printers; | |
319 | while (1) | |
320 | { | |
321 | EXEC SQL FETCH csr_lprng_printers INTO :rp, :name, :duplexname, | |
322 | :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl, :cupshosts; | |
323 | if (sqlca.sqlcode) | |
324 | break; | |
325 | ||
326 | strtrim(rp); | |
327 | strtrim(name); | |
328 | strtrim(duplexname); | |
329 | strtrim(hwtype); | |
330 | strtrim(hostname); | |
331 | strtrim(location); | |
332 | strtrim(contact); | |
333 | strtrim(cupshosts); | |
334 | strcpy(lowerhwtype, hwtype); | |
335 | for (p = rp; *p; p++) /* Because uppercased printer names suck */ | |
336 | *p = tolower(*p); | |
337 | for (p = lowerhwtype; *p; p++) | |
338 | *p = tolower(*p); | |
339 | ||
340 | fprintf(out, "<Printer %s>\n",rp); | |
341 | fprintf(out, "Info %s:LPRng Queue on %s\n", rp, cupshosts); | |
342 | fprintf(out, "DeviceURI lpd://%s/%s\n", cupshosts, rp); | |
343 | fprintf(out, "State Idle\n"); // Always with the Idle | |
344 | fprintf(out, "StateTime %ld\n", (long)time(NULL)); | |
345 | fprintf(out, "Accepting Yes\n"); | |
346 | fprintf(out, "Shared Yes\n"); | |
347 | fprintf(out, "QuotaPeriod 0\n"); | |
348 | fprintf(out, "PageLimit 0\n"); | |
349 | fprintf(out, "Klimit 0\n"); | |
350 | fprintf(out, "Option sides one-sided\n"); | |
351 | fprintf(out, "Filter application/vnd.cups-raw 0 -\n"); | |
352 | fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n"); | |
353 | fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n"); | |
354 | fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n"); | |
355 | fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n"); | |
356 | if (location[0]) | |
357 | fprintf(out, "Location %s\n", location); | |
358 | fprintf(out, "ErrorPolicy abort-job\n"); | |
359 | fprintf(out, "OpPolicy default\n"); | |
360 | fprintf(out, "JobSheets none none\n"); | |
361 | fprintf(out, "</Printer>\n"); | |
362 | ||
363 | } | |
364 | EXEC SQL CLOSE csr_lprng_printers; | |
f50216d7 | 365 | tarfile_end(tf); |
366 | ||
367 | ||
368 | /* aliases are in classes.conf */ | |
369 | out = tarfile_start(tf, "/etc/cups/classes.conf", 0644, 0, 0, | |
200545fb | 370 | "lp", "lp", now); |
f50216d7 | 371 | EXEC SQL DECLARE csr_duplexqs CURSOR FOR |
372 | SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype, | |
373 | m.name, pr.banner, pr.location, pr.contact, pr.ka, | |
374 | pr.type as prtype, pr.ac | |
cfba011a | 375 | FROM printers pr, machine m, serverhosts sh |
376 | WHERE pr.rm = m.mach_id | |
377 | AND m.mach_id = sh.mach_id AND sh.enable = 1 | |
662cdab2 | 378 | AND (sh.service = 'CUPS-PRINT' OR sh.service = 'PRINT' OR sh.service = 'CUPS-CLUSTER'); |
f50216d7 | 379 | EXEC SQL OPEN csr_duplexqs; |
380 | while (1) | |
381 | { | |
382 | EXEC SQL FETCH csr_duplexqs INTO :rp, :name, :duplexname, | |
383 | :hwtype, :hostname, :banner, :location, :contact, :ka, :prtype, :ac; | |
384 | if (sqlca.sqlcode) | |
385 | break; | |
386 | ||
387 | strtrim(hwtype); | |
388 | strtrim(rp); | |
389 | strtrim(location); | |
390 | strtrim(contact); | |
391 | strtrim(prtype); | |
392 | ||
393 | /* Define alias queues as classes to the regular queues for | |
394 | * accounting reasons. Annoyingly, classes don't always inherit | |
395 | * their printer definitions. | |
396 | */ | |
397 | if (!strcmp(prtype,"ALIAS")) | |
398 | { | |
399 | strtrim(name); | |
400 | fprintf(out, "<Class %s>\n",name); | |
401 | fprintf(out, "Info Alias Queue to %s:%s\n", rp, hwtype); | |
402 | fprintf(out, "Printer %s\n", rp); | |
403 | fprintf(out, "Option sides one-sided\n"); | |
404 | fprintf(out, "State Idle\n"); // Always with the Idle | |
405 | fprintf(out, "StateTime %ld\n", (long)time(NULL)); | |
406 | fprintf(out, "Accepting Yes\n"); | |
407 | fprintf(out, "Shared Yes\n"); | |
408 | fprintf(out, "QuotaPeriod 0\n"); | |
409 | fprintf(out, "PageLimit 0\n"); | |
410 | if (location[0]) | |
411 | fprintf(out, "Location %s\n", location); | |
cfba011a | 412 | /* fprintf(out, "ErrorPolicy abort-job\n"); */ |
f57294a2 | 413 | if (ka || lpc_acl) |
f50216d7 | 414 | fprintf(out, "OpPolicy %s-policy\n", rp); |
f57294a2 | 415 | else |
416 | fprintf(out, "OpPolicy default\n"); | |
f50216d7 | 417 | |
418 | /* Access-control list. */ | |
419 | if (ac) | |
420 | { | |
421 | if (ka) | |
422 | fprintf(out, "AuthType Negotiate\n"); | |
423 | else | |
f57294a2 | 424 | fprintf(out, "AuthType Default\n"); |
f50216d7 | 425 | printer_user_list(out, "LIST", ac, "AllowUser"); |
426 | } | |
427 | ||
428 | if (banner == PRN_BANNER_NONE) | |
429 | fprintf(out, "JobSheets none none\n"); | |
430 | else | |
431 | fprintf(out, "JobSheets athena none\n"); | |
432 | fprintf(out, "</Class>\n"); | |
433 | } | |
434 | ||
435 | /* Define duplex queues as aliases to the regular queues for | |
436 | * accounting reasons. Annoyingly, classes don't always inherit | |
437 | * their printer definitions. | |
438 | */ | |
439 | if (*duplexname) | |
440 | { | |
441 | strtrim(duplexname); | |
442 | fprintf(out, "<Class %s>\n",duplexname); | |
443 | if (!strcmp(prtype,"ALIAS")) | |
444 | fprintf(out, "Info Duplex Alias Queue to %s:%s\n", rp, hwtype); | |
445 | else | |
446 | fprintf(out, "Info Duplex Queue for %s:%s\n", rp, hwtype); | |
447 | fprintf(out, "Option sides two-sided-long-edge\n"); // duplex | |
448 | fprintf(out, "Printer %s\n", rp); | |
449 | fprintf(out, "State Idle\n"); // Always with the Idle | |
450 | fprintf(out, "StateTime %ld\n", (long)time(NULL)); | |
451 | fprintf(out, "Accepting Yes\n"); | |
452 | fprintf(out, "Shared Yes\n"); | |
453 | fprintf(out, "QuotaPeriod 0\n"); | |
454 | fprintf(out, "PageLimit 0\n"); | |
455 | if (location[0]) | |
456 | fprintf(out, "Location %s\n", location); | |
457 | fprintf(out, "ErrorPolicy abort-job\n"); | |
f57294a2 | 458 | if (ka || lpc_acl) |
f50216d7 | 459 | fprintf(out, "OpPolicy %s-policy\n", rp); |
f57294a2 | 460 | else |
461 | fprintf(out, "OpPolicy default\n"); | |
f50216d7 | 462 | |
463 | /* Access-control list. */ | |
464 | if (ac) | |
465 | { | |
466 | if (ka) | |
467 | fprintf(out, "AuthType Negotiate\n"); | |
468 | else | |
f57294a2 | 469 | fprintf(out, "AuthType Default\n"); |
f50216d7 | 470 | printer_user_list(out, "LIST", ac, "AllowUser"); |
471 | } | |
472 | ||
473 | if (banner == PRN_BANNER_NONE) | |
474 | fprintf(out, "JobSheets none none\n"); | |
475 | else if (banner == PRN_BANNER_LAST) | |
476 | fprintf(out, "JobSheets athena none\n"); | |
477 | fprintf(out, "</Class>\n"); | |
478 | } | |
479 | } | |
480 | EXEC SQL CLOSE csr_duplexqs; | |
481 | tarfile_end(tf); | |
482 | ||
483 | /* cups.conf */ | |
484 | out = tarfile_start(tf, "/etc/cups/cupsd.conf", 0755, 1, 1, | |
485 | "root", "lp", now); | |
486 | ||
487 | fprintf(out, "LogLevel info\n"); | |
488 | fprintf(out, "SystemGroup sys root ops-group\n"); | |
489 | fprintf(out, "Port 631\n"); | |
490 | fprintf(out, "Listen /var/run/cups/cups.sock\n"); | |
491 | fprintf(out, "Browsing On\n"); | |
492 | fprintf(out, "BrowseOrder allow,deny\n"); | |
493 | fprintf(out, "BrowseAllow all\n"); | |
494 | fprintf(out, "BrowseAddress @LOCAL\n"); | |
495 | fprintf(out, "DefaultAuthType Negotiate\n"); | |
496 | fprintf(out, "ServerCertificate /etc/cups/ssl/%s-ipp-crt.pem\n", lhost); | |
497 | fprintf(out, "ServerKey /etc/cups/ssl/%s-ipp-key.pem\n", lhost); | |
498 | fprintf(out, "ServerName %s\n", lhost); | |
200545fb | 499 | fprintf(out, "ServerAlias %s\n", phost); |
f50216d7 | 500 | fprintf(out, "Krb5Keytab /etc/krb5-ipp.keytab\n"); |
f50216d7 | 501 | |
502 | /* The other CUPS servers should be aware of the other hosts' | |
503 | queues, so we'll let them browse each other. */ | |
72a62bdc | 504 | fprintf(out, "Include cups.local.conf\n"); |
72a62bdc | 505 | fprintf(out, "Include cups.locations.conf\n"); |
506 | fprintf(out, "Include cups.policies.conf\n"); | |
507 | tarfile_end(tf); | |
f50216d7 | 508 | |
72a62bdc | 509 | /* cups.hosts.conf */ |
510 | out = tarfile_start(tf, "/etc/cups/cups.hosts.conf", 0755, 1, 1, | |
511 | "root", "lp", now); | |
f50216d7 | 512 | EXEC SQL DECLARE csr_cupshosts CURSOR FOR |
513 | SELECT m.name AS cupshosts FROM machine m, printservers ps | |
514 | WHERE m.mach_id = ps.mach_id AND ps.kind = 'CUPS'; | |
515 | EXEC SQL OPEN csr_cupshosts; | |
516 | while (1) | |
517 | { | |
518 | EXEC SQL FETCH csr_cupshosts INTO :cupshosts; | |
519 | if (sqlca.sqlcode) | |
520 | break; | |
521 | ||
522 | strtrim(cupshosts); | |
523 | ||
524 | /* Don't poll yourself looking for answers! */ | |
525 | if (strcmp(cupshosts,host)) | |
526 | fprintf(out, "BrowsePoll %s\n", cupshosts); | |
527 | } | |
528 | EXEC SQL CLOSE csr_cupshosts; | |
f50216d7 | 529 | |
530 | tarfile_end(tf); | |
531 | ||
532 | /* cups.policies.conf */ | |
533 | out = tarfile_start(tf, "/etc/cups/cups.policies.conf", 0755, 1, 1, | |
534 | "root", "lp", now); | |
535 | fprintf(out, "# Printer-specific LPC and LPR ACLs\n"); | |
536 | /* lpcaccess.top */ | |
537 | EXEC SQL SELECT ps.lpc_acl INTO :top_lpc_acl | |
538 | FROM printservers ps, machine m | |
539 | WHERE m.name = :spoolhost AND m.mach_id = ps.mach_id; | |
540 | if (!sqlca.sqlcode && lpc_acl) | |
541 | { | |
542 | fprintf (out, "<Policy default>\n"); | |
543 | fprintf (out, "%s\n", alterjob); | |
544 | fprintf (out, "AuthType Default\n"); | |
545 | fprintf (out, "Require user @OWNER @SYSTEM\n"); | |
546 | printer_user_list(out, "LIST", top_lpc_acl, "Require user"); | |
547 | fprintf (out, "Order deny,allow\n"); | |
548 | fprintf (out, "</Limit>\n"); | |
549 | fprintf (out, "%s\n", submitjob); | |
11bc6bdc | 550 | fprintf (out, "AuthType None\n"); |
f50216d7 | 551 | fprintf (out, "Order deny,allow\n"); |
11bc6bdc | 552 | fprintf (out, "Allow from all\n"); |
f50216d7 | 553 | fprintf (out, "</Limit>\n"); |
554 | fprintf (out, "%s\n", alterpntr); | |
555 | fprintf (out, "AuthType Default\n"); | |
556 | fprintf (out, "Require user @SYSTEM\n"); | |
557 | fprintf (out, "Order deny,allow\n"); | |
558 | fprintf (out, "</Limit>\n"); | |
559 | fprintf (out, "%s\n", lpcpntr); | |
560 | fprintf (out, "AuthType Default\n"); | |
561 | fprintf (out, "Require user @SYSTEM\n"); | |
562 | printer_user_list(out, "LIST", top_lpc_acl, "Require user"); | |
563 | fprintf (out, "Order deny,allow\n"); | |
564 | fprintf (out, "</Limit>\n"); | |
565 | fprintf (out, "%s\n", canceljob); | |
566 | fprintf (out, "AuthType Default\n"); | |
567 | fprintf (out, "Require user @OWNER @SYSTEM\n"); | |
568 | printer_user_list(out, "LIST", top_lpc_acl, "Require user"); | |
569 | fprintf (out, "Order deny,allow\n"); | |
03e05c1a | 570 | fprintf (out, "Allow from all\n"); |
f50216d7 | 571 | fprintf (out, "</Limit>\n"); |
572 | fprintf (out, "%s\n", catchall); | |
81b41491 | 573 | fprintf (out, "AuthType None\n"); |
f50216d7 | 574 | fprintf (out, "Order deny,allow\n"); |
11bc6bdc | 575 | fprintf (out, "Allow from all\n"); |
f50216d7 | 576 | fprintf (out, "</Limit>\n"); |
577 | fprintf (out, "</Policy>\n"); | |
578 | } | |
579 | ||
580 | /* restrict lists and lpcaccess policies. Sadly, we have to put the | |
581 | top level for each new policy since CUPS doesn't have a way of | |
582 | doing it otherwise (well, Unix groups, but not moira) */ | |
583 | EXEC SQL DECLARE csr_lpc CURSOR FOR | |
584 | SELECT UNIQUE rp, ka, ac, lpc_acl | |
585 | FROM printers | |
cfba011a | 586 | WHERE (ac != 0 OR lpc_acl != 0) AND rm in (SELECT m.mach_id FROM machine m, serverhosts sh |
662cdab2 | 587 | WHERE m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER') |
588 | AND sh.enable = 1); | |
f50216d7 | 589 | EXEC SQL OPEN csr_lpc; |
590 | while (1) | |
591 | { | |
592 | EXEC SQL FETCH csr_lpc INTO :name, :ka, :ac, :lpc_acl; | |
593 | if (sqlca.sqlcode) | |
594 | break; | |
595 | ||
596 | strtrim(name); | |
597 | ||
598 | fprintf (out, "<Policy %s-policy>\n", name); | |
599 | fprintf (out, "%s\n", alterjob); | |
600 | fprintf (out, "AuthType Default\n"); | |
601 | fprintf (out, "Require user @OWNER @SYSTEM\n"); | |
602 | printer_user_list(out, "LIST", lpc_acl, "Require user"); | |
603 | fprintf (out, "Order deny,allow\n"); | |
03e05c1a | 604 | fprintf (out, "Allow from all\n"); |
f50216d7 | 605 | fprintf (out, "</Limit>\n"); |
606 | fprintf (out, "%s\n", submitjob); | |
607 | /* If the printer is Kerberized? */ | |
608 | if (ka) | |
609 | fprintf (out, "AuthType Negotiate\n"); | |
610 | else | |
611 | fprintf (out, "AuthType None\n"); | |
612 | /* Access-control list. */ | |
613 | if (ac) | |
614 | printer_user_list(out, "LIST", ac, "Require user"); | |
615 | else if (ka) | |
616 | fprintf (out, "Require valid-user\n"); | |
617 | fprintf (out, "Order deny,allow\n"); | |
11bc6bdc | 618 | fprintf (out, "Allow from all\n"); |
f50216d7 | 619 | fprintf (out, "</Limit>\n"); |
620 | fprintf (out, "%s\n", alterpntr); | |
621 | fprintf (out, "AuthType Default\n"); | |
622 | fprintf (out, "Require user @SYSTEM\n"); | |
623 | fprintf (out, "Order deny,allow\n"); | |
624 | fprintf (out, "</Limit>\n"); | |
625 | fprintf (out, "%s\n", lpcpntr); | |
626 | fprintf (out, "AuthType Default\n"); | |
627 | fprintf (out, "Require user @SYSTEM\n"); | |
628 | /* printer-specific lpc access. */ | |
629 | if (lpc_acl) | |
630 | printer_user_list(out, "LIST", lpc_acl, "Require user"); | |
631 | printer_user_list(out, "LIST", top_lpc_acl, "Require user"); | |
632 | fprintf (out, "Order deny,allow\n"); | |
633 | fprintf (out, "</Limit>\n"); | |
634 | fprintf (out, "%s\n", canceljob); | |
635 | fprintf (out, "AuthType Default\n"); | |
636 | fprintf (out, "Require user @OWNER @SYSTEM\n"); | |
637 | printer_user_list(out, "LIST", lpc_acl, "Require user"); | |
638 | printer_user_list(out, "LIST", top_lpc_acl, "Require user"); | |
639 | fprintf (out, "Order deny,allow\n"); | |
11bc6bdc | 640 | fprintf (out, "Allow from all\n"); |
f50216d7 | 641 | fprintf (out, "</Limit>\n"); |
642 | fprintf (out, "%s\n", catchall); | |
11bc6bdc | 643 | fprintf (out, "AuthType None\n"); |
f50216d7 | 644 | fprintf (out, "Order deny,allow\n"); |
11bc6bdc | 645 | fprintf (out, "Allow from all\n"); |
f50216d7 | 646 | fprintf (out, "</Limit>\n"); |
647 | fprintf (out, "</Policy>\n"); | |
648 | } | |
649 | EXEC SQL CLOSE csr_lpc; | |
650 | fprintf(out, "\n"); | |
651 | tarfile_end(tf); | |
652 | tarfile_close(tf); | |
653 | } | |
654 | ||
655 | void sqlerr(void) | |
656 | { | |
657 | db_error(sqlca.sqlcode); | |
658 | } |