]> andersk Git - moira.git/blame - gen/cups-print.pc
andersk / moira.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Alas, LDAP.
[moira.git] / gen / cups-print.pc
CommitLineData
f50216d7 1/* $Id$
2 *
3 * This generates printcaps and other files for Athena print servers
4 *
5 * Copyright (C) 1992-1998 by the Massachusetts Institute of Technology.
6 * For copying and distribution information, please see the file
7 * <mit-copyright.h>.
8 */
9
10#include <mit-copyright.h>
11#include <moira.h>
12#include <moira_site.h>
13
14#include <sys/stat.h>
15#include <sys/types.h>
16
17#include <ctype.h>
18#include <stdio.h>
19#include <string.h>
20
21#include <time.h>
cb974713 22#ifdef HAVE_KRB4
f50216d7 23#include <krb.h>
cb974713 24#endif
f50216d7 25#include <krb5.h>
26
27#include "util.h"
28
f50216d7 29EXEC SQL INCLUDE sqlca;
30
31RCSID("$Header$");
32
33char *whoami = "cups-print.gen";
34char *db = "moira/moira";
35
f57294a2 36const int krbvers = 5; /* use Kerberos 5 */
37
f50216d7 38/* OMG, I hate this, but it's cleaner, I guess? */
39
ea998f5e 40const char *alterjob = "<Limit Hold-Job Release-Job\
41 Restart-Job Purge-Jobs Reprocess-Job Set-Job-Attributes\
f50216d7 42 Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>";
ea998f5e 43const char *submitjob = "<Limit Create-Job Print-Job Print-URI Send-Document\
44 Set-Job-Attributes Send-URI Create-Job-Subscription Renew-Subscription\
45 Cancel-Subscription Get-Notifications CUPS-Move-Job>";
f50216d7 46const char *alterpntr = "<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer\
47 CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>";
48const char *lpcpntr = "<Limit Pause-Printer Resume-Printer Enable-Printer\
49 Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs\
50 Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer\
51 Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After\
52 CUPS-Accept-Jobs CUPS-Reject-Jobs>";
53const char *canceljob = "<Limit Cancel-Job CUPS-Authenticate-Job>";
54const char *catchall = "<Limit All>";
200545fb 55const char *phost = "printers.MIT.EDU";
f50216d7 56
57void do_host(char *host);
58void sqlerr(void);
59#ifndef MAX
60#define MAX(a, b) ( (a) > (b) ? (a) : (b) )
61#endif
62
63int main(int argc, char **argv)
64{
65 EXEC SQL BEGIN DECLARE SECTION;
66 char name[MACHINE_NAME_SIZE];
67 EXEC SQL END DECLARE SECTION;
68
69 init_acls();
70
71 EXEC SQL CONNECT :db;
72
73 EXEC SQL WHENEVER SQLERROR DO sqlerr();
74
75 EXEC SQL DECLARE csr_hosts CURSOR FOR
76 SELECT m.name FROM machine m, serverhosts sh
c3c53552 77 WHERE m.mach_id = sh.mach_id AND sh.service = 'CUPS-PRINT' AND sh.enable = 1;
f50216d7 78 EXEC SQL OPEN csr_hosts;
79 while (1)
80 {
81 EXEC SQL FETCH csr_hosts INTO :name;
82 if (sqlca.sqlcode)
83 break;
84
85 strtrim(name);
86 do_host(name);
87 }
88 EXEC SQL CLOSE csr_hosts;
89
90 exit(MR_SUCCESS);
91}
92
93void printer_user_list(FILE *out, char *type, int id, char *str)
94{
95 struct save_queue *sq;
96 struct imember *m;
f57294a2 97 char kbuf[MAX_K_NAME_SZ];
98 char *cp;
f50216d7 99
100 sq = get_acl(type, id, NULL);
101 while (sq_remove_data(sq, &m))
102 {
f57294a2 103 if (m->type != 'S' && m->type != NULL) {
104 /* CUPS wants mmanley/root, not mmanley.root@ATHENA.MIT.EDU */
105 canon_krb(m, krbvers, kbuf, sizeof(kbuf));
106
107 /* now, take out all the @realm */
108 for (cp=kbuf; *cp; cp++) {
109 if (*cp == '@') *cp = '\0';
110 }
111 fprintf(out, "%s %s\n", str, kbuf);
112 }
f50216d7 113 freeimember(m);
114 }
115 sq_destroy(sq);
116}
117
118
119
120void do_host(char *host)
121{
122 EXEC SQL BEGIN DECLARE SECTION;
123 char rp[PRINTERS_RP_SIZE], name[PRINTERS_NAME_SIZE];
124 char duplexname[PRINTERS_DUPLEXNAME_SIZE], location[PRINTERS_LOCATION_SIZE];
125 char hwtype[PRINTERS_HWTYPE_SIZE], lowerhwtype[PRINTERS_HWTYPE_SIZE];
126 char modtime[PRINTERS_MODTIME_SIZE], lmodtime[LIST_MODTIME_SIZE];
127 char contact[PRINTERS_CONTACT_SIZE], hostname[MACHINE_NAME_SIZE];
128 char cupshosts[MACHINE_NAME_SIZE], prtype [PRINTERS_TYPE_SIZE];
129 char *spoolhost = host, *unixtime_fmt = UNIXTIME_FMT, *p;
130 char *lhost;
131 int ka, pc, ac, lpc_acl, top_lpc_acl, banner, rm;
132 EXEC SQL END DECLARE SECTION;
133 TARFILE *tf;
134 FILE *out;
135 char filename[MAXPATHLEN], *duptc;
136 time_t mtime, now = time(NULL);
137
138 lhost = (char *) strdup (host);
139 for (p = lhost; *p; p++)
140 *p = tolower(*p);
141
142 EXEC SQL SELECT mach_id INTO :rm FROM machine
143 WHERE name = :spoolhost;
144
c3c53552 145 sprintf(filename, "%s/cups-print/%s", DCM_DIR, host);
f50216d7 146 tf = tarfile_open(filename);
147
cfba011a 148 /* printers.conf entries for locally run queues */
f50216d7 149 out = tarfile_start(tf, "/etc/cups/printers.conf", 0644, 0, 0,
200545fb 150 "lp", "lp", now);
f50216d7 151
152 EXEC SQL DECLARE csr_printers CURSOR FOR
153 SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
154 m.name, pr.banner, pr.location, pr.contact, pr.ka,
f57294a2 155 pr.ac, pr.lpc_acl
f50216d7 156 FROM printers pr, machine m
157 WHERE pr.rm = :rm AND m.mach_id = pr.mach_id
158 AND pr.type != 'ALIAS';
159 EXEC SQL OPEN csr_printers;
160 while (1)
161 {
162 EXEC SQL FETCH csr_printers INTO :rp, :name, :duplexname,
f57294a2 163 :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl;
f50216d7 164 if (sqlca.sqlcode)
165 break;
166
167 strtrim(rp);
168 strtrim(name);
169 strtrim(duplexname);
170 strtrim(hwtype);
171 strtrim(hostname);
172 strtrim(location);
173 strtrim(contact);
174 strcpy(lowerhwtype, hwtype);
cfba011a 175 for (p = rp; *p; p++) /* Because uppercased printer names suck */
176 *p = tolower(*p);
f50216d7 177 for (p = lowerhwtype; *p; p++)
178 *p = tolower(*p);
179
180 fprintf(out, "<Printer %s>\n",rp);
181 fprintf(out, "Info %s:%s\n", rp, hwtype);
182 /* Note the use of "beh" to keep the CUPS from disabling print queues
183 * should they not respond versus discarding the job.
184 * See the "beh" page for details.
185 * The 1/0/60 says "don't disable/try 20 times/try every 60s */
186 if (!strncmp(hwtype, "HP", 2))
187 fprintf(out, "DeviceURI beh:/1/20/60/socket://%s:9100\n", hostname);
188 else
189 fprintf(out, "DeviceURI beh:/1/20/60/socket://%s\n", hostname);
190 fprintf(out, "State Idle\n"); // Always with the Idle
191 fprintf(out, "StateTime %ld\n", (long)time(NULL));
192 fprintf(out, "Accepting Yes\n");
193 fprintf(out, "Shared Yes\n");
194 fprintf(out, "QuotaPeriod 0\n");
195 fprintf(out, "PageLimit 0\n");
196 fprintf(out, "Klimit 0\n");
197 fprintf(out, "Option sides one-sided\n");
cfba011a 198 fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
199 fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
200 fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
201 fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
202 fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
f50216d7 203 if (location[0])
204 fprintf(out, "Location %s\n", location);
205 fprintf(out, "ErrorPolicy abort-job\n");
f57294a2 206 if (ka || lpc_acl)
f50216d7 207 fprintf(out, "OpPolicy %s-policy\n", rp);
f57294a2 208 else
209 fprintf(out, "OpPolicy default\n");
f50216d7 210
211 /* Access-control list. */
212 if (ac)
213 {
214 if (ka)
215 fprintf(out, "AuthType Negotiate\n");
216 else
f57294a2 217 fprintf(out, "AuthType Default\n");
f50216d7 218 printer_user_list(out, "LIST", ac, "AllowUser");
219 }
220
221 if (banner == PRN_BANNER_NONE)
222 fprintf(out, "JobSheets none none\n");
223 else
224 fprintf(out, "JobSheets athena none\n");
225 fprintf(out, "</Printer>\n");
226
227 }
228 EXEC SQL CLOSE csr_printers;
cfba011a 229
230 /* printers.conf entries for non-local CUPS queues */
231 EXEC SQL DECLARE csr_remote_printers CURSOR FOR
232 SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
233 m.name, pr.banner, pr.location, pr.contact, pr.ka,
234 pr.ac, pr.lpc_acl, m.name as cupshosts
235 FROM printers pr, machine m, serverhosts sh
236 WHERE pr.rm = m.mach_id
237 AND pr.type != 'ALIAS' AND m.name <> :spoolhost AND
238 m.mach_id = sh.mach_id AND sh.service = 'CUPS-PRINT' AND
239 sh.enable = 1 AND m.mach_id = sh.mach_id;
240
241 EXEC SQL OPEN csr_remote_printers;
242 while (1)
243 {
244 EXEC SQL FETCH csr_remote_printers INTO :rp, :name, :duplexname,
245 :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl, :cupshosts;
246 if (sqlca.sqlcode)
247 break;
248
249 strtrim(rp);
250 strtrim(name);
251 strtrim(duplexname);
252 strtrim(hwtype);
253 strtrim(hostname);
254 strtrim(location);
255 strtrim(contact);
256 strtrim(cupshosts);
257 strcpy(lowerhwtype, hwtype);
258 for (p = rp; *p; p++) /* Because uppercased printer names suck */
259 *p = tolower(*p);
260 for (p = lowerhwtype; *p; p++)
261 *p = tolower(*p);
262
263 fprintf(out, "<Printer %s>\n",rp);
264 fprintf(out, "Info %s:%s\n", rp, hwtype);
265 fprintf(out, "DeviceURI ipp://%s:631/printers/%s\n", cupshosts, rp);
266 fprintf(out, "State Idle\n"); // Always with the Idle
267 fprintf(out, "StateTime %ld\n", (long)time(NULL));
268 fprintf(out, "Accepting Yes\n");
269 fprintf(out, "Shared Yes\n");
270 fprintf(out, "QuotaPeriod 0\n");
271 fprintf(out, "PageLimit 0\n");
272 fprintf(out, "Klimit 0\n");
273 fprintf(out, "Option sides one-sided\n");
274 fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
275 fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
276 fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
277 fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
278 fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
279 if (location[0])
280 fprintf(out, "Location %s\n", location);
281 fprintf(out, "ErrorPolicy abort-job\n");
282 if (ka || lpc_acl)
283 fprintf(out, "OpPolicy %s-policy\n", rp);
284 else
285 fprintf(out, "OpPolicy default\n");
286
287 /* Access-control list. */
288 if (ac)
289 {
290 if (ka)
291 fprintf(out, "AuthType Negotiate\n");
292 else
293 fprintf(out, "AuthType Default\n");
294 printer_user_list(out, "LIST", ac, "AllowUser");
295 }
296
297 if (banner == PRN_BANNER_NONE)
298 fprintf(out, "JobSheets none none\n");
299 else
300 fprintf(out, "JobSheets athena none\n");
301 fprintf(out, "</Printer>\n");
302
303 }
304 EXEC SQL CLOSE csr_remote_printers;
305
306 /* printers.conf entries for non-local LPRng queues */
307 EXEC SQL DECLARE csr_lprng_printers CURSOR FOR
308 SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
309 m.name, pr.banner, pr.location, pr.contact, pr.ka,
310 pr.ac, pr.lpc_acl, m.name as cupshosts
311 FROM printers pr, machine m, serverhosts sh
312 WHERE pr.rm = m.mach_id
313 AND pr.type != 'ALIAS' AND m.name <> :spoolhost AND
314 m.mach_id = sh.mach_id AND sh.service = 'PRINT' AND
315 sh.enable = 1;
316
317 EXEC SQL OPEN csr_lprng_printers;
318 while (1)
319 {
320 EXEC SQL FETCH csr_lprng_printers INTO :rp, :name, :duplexname,
321 :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl, :cupshosts;
322 if (sqlca.sqlcode)
323 break;
324
325 strtrim(rp);
326 strtrim(name);
327 strtrim(duplexname);
328 strtrim(hwtype);
329 strtrim(hostname);
330 strtrim(location);
331 strtrim(contact);
332 strtrim(cupshosts);
333 strcpy(lowerhwtype, hwtype);
334 for (p = rp; *p; p++) /* Because uppercased printer names suck */
335 *p = tolower(*p);
336 for (p = lowerhwtype; *p; p++)
337 *p = tolower(*p);
338
339 fprintf(out, "<Printer %s>\n",rp);
340 fprintf(out, "Info %s:LPRng Queue on %s\n", rp, cupshosts);
341 fprintf(out, "DeviceURI lpd://%s/%s\n", cupshosts, rp);
342 fprintf(out, "State Idle\n"); // Always with the Idle
343 fprintf(out, "StateTime %ld\n", (long)time(NULL));
344 fprintf(out, "Accepting Yes\n");
345 fprintf(out, "Shared Yes\n");
346 fprintf(out, "QuotaPeriod 0\n");
347 fprintf(out, "PageLimit 0\n");
348 fprintf(out, "Klimit 0\n");
349 fprintf(out, "Option sides one-sided\n");
350 fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
351 fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
352 fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
353 fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
354 fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
355 if (location[0])
356 fprintf(out, "Location %s\n", location);
357 fprintf(out, "ErrorPolicy abort-job\n");
358 fprintf(out, "OpPolicy default\n");
359 fprintf(out, "JobSheets none none\n");
360 fprintf(out, "</Printer>\n");
361
362 }
363 EXEC SQL CLOSE csr_lprng_printers;
f50216d7 364 tarfile_end(tf);
365
366
367 /* aliases are in classes.conf */
368 out = tarfile_start(tf, "/etc/cups/classes.conf", 0644, 0, 0,
200545fb 369 "lp", "lp", now);
f50216d7 370 EXEC SQL DECLARE csr_duplexqs CURSOR FOR
371 SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
372 m.name, pr.banner, pr.location, pr.contact, pr.ka,
373 pr.type as prtype, pr.ac
cfba011a 374 FROM printers pr, machine m, serverhosts sh
375 WHERE pr.rm = m.mach_id
376 AND m.mach_id = sh.mach_id AND sh.enable = 1
377 AND (sh.service = 'CUPS-PRINT' OR sh.service = 'PRINT');
f50216d7 378 EXEC SQL OPEN csr_duplexqs;
379 while (1)
380 {
381 EXEC SQL FETCH csr_duplexqs INTO :rp, :name, :duplexname,
382 :hwtype, :hostname, :banner, :location, :contact, :ka, :prtype, :ac;
383 if (sqlca.sqlcode)
384 break;
385
386 strtrim(hwtype);
387 strtrim(rp);
388 strtrim(location);
389 strtrim(contact);
390 strtrim(prtype);
391
392 /* Define alias queues as classes to the regular queues for
393 * accounting reasons. Annoyingly, classes don't always inherit
394 * their printer definitions.
395 */
396 if (!strcmp(prtype,"ALIAS"))
397 {
398 strtrim(name);
399 fprintf(out, "<Class %s>\n",name);
400 fprintf(out, "Info Alias Queue to %s:%s\n", rp, hwtype);
401 fprintf(out, "Printer %s\n", rp);
402 fprintf(out, "Option sides one-sided\n");
403 fprintf(out, "State Idle\n"); // Always with the Idle
404 fprintf(out, "StateTime %ld\n", (long)time(NULL));
405 fprintf(out, "Accepting Yes\n");
406 fprintf(out, "Shared Yes\n");
407 fprintf(out, "QuotaPeriod 0\n");
408 fprintf(out, "PageLimit 0\n");
409 if (location[0])
410 fprintf(out, "Location %s\n", location);
cfba011a 411 /* fprintf(out, "ErrorPolicy abort-job\n"); */
f57294a2 412 if (ka || lpc_acl)
f50216d7 413 fprintf(out, "OpPolicy %s-policy\n", rp);
f57294a2 414 else
415 fprintf(out, "OpPolicy default\n");
f50216d7 416
417 /* Access-control list. */
418 if (ac)
419 {
420 if (ka)
421 fprintf(out, "AuthType Negotiate\n");
422 else
f57294a2 423 fprintf(out, "AuthType Default\n");
f50216d7 424 printer_user_list(out, "LIST", ac, "AllowUser");
425 }
426
427 if (banner == PRN_BANNER_NONE)
428 fprintf(out, "JobSheets none none\n");
429 else
430 fprintf(out, "JobSheets athena none\n");
431 fprintf(out, "</Class>\n");
432 }
433
434 /* Define duplex queues as aliases to the regular queues for
435 * accounting reasons. Annoyingly, classes don't always inherit
436 * their printer definitions.
437 */
438 if (*duplexname)
439 {
440 strtrim(duplexname);
441 fprintf(out, "<Class %s>\n",duplexname);
442 if (!strcmp(prtype,"ALIAS"))
443 fprintf(out, "Info Duplex Alias Queue to %s:%s\n", rp, hwtype);
444 else
445 fprintf(out, "Info Duplex Queue for %s:%s\n", rp, hwtype);
446 fprintf(out, "Option sides two-sided-long-edge\n"); // duplex
447 fprintf(out, "Printer %s\n", rp);
448 fprintf(out, "State Idle\n"); // Always with the Idle
449 fprintf(out, "StateTime %ld\n", (long)time(NULL));
450 fprintf(out, "Accepting Yes\n");
451 fprintf(out, "Shared Yes\n");
452 fprintf(out, "QuotaPeriod 0\n");
453 fprintf(out, "PageLimit 0\n");
454 if (location[0])
455 fprintf(out, "Location %s\n", location);
456 fprintf(out, "ErrorPolicy abort-job\n");
f57294a2 457 if (ka || lpc_acl)
f50216d7 458 fprintf(out, "OpPolicy %s-policy\n", rp);
f57294a2 459 else
460 fprintf(out, "OpPolicy default\n");
f50216d7 461
462 /* Access-control list. */
463 if (ac)
464 {
465 if (ka)
466 fprintf(out, "AuthType Negotiate\n");
467 else
f57294a2 468 fprintf(out, "AuthType Default\n");
f50216d7 469 printer_user_list(out, "LIST", ac, "AllowUser");
470 }
471
472 if (banner == PRN_BANNER_NONE)
473 fprintf(out, "JobSheets none none\n");
474 else if (banner == PRN_BANNER_LAST)
475 fprintf(out, "JobSheets athena none\n");
476 fprintf(out, "</Class>\n");
477 }
478 }
479 EXEC SQL CLOSE csr_duplexqs;
480 tarfile_end(tf);
481
482 /* cups.conf */
483 out = tarfile_start(tf, "/etc/cups/cupsd.conf", 0755, 1, 1,
484 "root", "lp", now);
485
486 fprintf(out, "LogLevel info\n");
487 fprintf(out, "SystemGroup sys root ops-group\n");
488 fprintf(out, "Port 631\n");
489 fprintf(out, "Listen /var/run/cups/cups.sock\n");
490 fprintf(out, "Browsing On\n");
491 fprintf(out, "BrowseOrder allow,deny\n");
492 fprintf(out, "BrowseAllow all\n");
493 fprintf(out, "BrowseAddress @LOCAL\n");
494 fprintf(out, "DefaultAuthType Negotiate\n");
495 fprintf(out, "ServerCertificate /etc/cups/ssl/%s-ipp-crt.pem\n", lhost);
496 fprintf(out, "ServerKey /etc/cups/ssl/%s-ipp-key.pem\n", lhost);
497 fprintf(out, "ServerName %s\n", lhost);
200545fb 498 fprintf(out, "ServerAlias %s\n", phost);
f50216d7 499 fprintf(out, "Krb5Keytab /etc/krb5-ipp.keytab\n");
f50216d7 500
501 /* The other CUPS servers should be aware of the other hosts'
502 queues, so we'll let them browse each other. */
72a62bdc 503 fprintf(out, "Include cups.local.conf\n");
72a62bdc 504 fprintf(out, "Include cups.locations.conf\n");
505 fprintf(out, "Include cups.policies.conf\n");
506 tarfile_end(tf);
f50216d7 507
72a62bdc 508 /* cups.hosts.conf */
509 out = tarfile_start(tf, "/etc/cups/cups.hosts.conf", 0755, 1, 1,
510 "root", "lp", now);
f50216d7 511 EXEC SQL DECLARE csr_cupshosts CURSOR FOR
512 SELECT m.name AS cupshosts FROM machine m, printservers ps
513 WHERE m.mach_id = ps.mach_id AND ps.kind = 'CUPS';
514 EXEC SQL OPEN csr_cupshosts;
515 while (1)
516 {
517 EXEC SQL FETCH csr_cupshosts INTO :cupshosts;
518 if (sqlca.sqlcode)
519 break;
520
521 strtrim(cupshosts);
522
523 /* Don't poll yourself looking for answers! */
524 if (strcmp(cupshosts,host))
525 fprintf(out, "BrowsePoll %s\n", cupshosts);
526 }
527 EXEC SQL CLOSE csr_cupshosts;
f50216d7 528
529 tarfile_end(tf);
530
531 /* cups.policies.conf */
532 out = tarfile_start(tf, "/etc/cups/cups.policies.conf", 0755, 1, 1,
533 "root", "lp", now);
534 fprintf(out, "# Printer-specific LPC and LPR ACLs\n");
535 /* lpcaccess.top */
536 EXEC SQL SELECT ps.lpc_acl INTO :top_lpc_acl
537 FROM printservers ps, machine m
538 WHERE m.name = :spoolhost AND m.mach_id = ps.mach_id;
539 if (!sqlca.sqlcode && lpc_acl)
540 {
541 fprintf (out, "<Policy default>\n");
542 fprintf (out, "%s\n", alterjob);
543 fprintf (out, "AuthType Default\n");
544 fprintf (out, "Require user @OWNER @SYSTEM\n");
545 printer_user_list(out, "LIST", top_lpc_acl, "Require user");
546 fprintf (out, "Order deny,allow\n");
547 fprintf (out, "</Limit>\n");
548 fprintf (out, "%s\n", submitjob);
11bc6bdc 549 fprintf (out, "AuthType None\n");
f50216d7 550 fprintf (out, "Order deny,allow\n");
11bc6bdc 551 fprintf (out, "Allow from all\n");
f50216d7 552 fprintf (out, "</Limit>\n");
553 fprintf (out, "%s\n", alterpntr);
554 fprintf (out, "AuthType Default\n");
555 fprintf (out, "Require user @SYSTEM\n");
556 fprintf (out, "Order deny,allow\n");
557 fprintf (out, "</Limit>\n");
558 fprintf (out, "%s\n", lpcpntr);
559 fprintf (out, "AuthType Default\n");
560 fprintf (out, "Require user @SYSTEM\n");
561 printer_user_list(out, "LIST", top_lpc_acl, "Require user");
562 fprintf (out, "Order deny,allow\n");
563 fprintf (out, "</Limit>\n");
564 fprintf (out, "%s\n", canceljob);
565 fprintf (out, "AuthType Default\n");
566 fprintf (out, "Require user @OWNER @SYSTEM\n");
567 printer_user_list(out, "LIST", top_lpc_acl, "Require user");
568 fprintf (out, "Order deny,allow\n");
03e05c1a 569 fprintf (out, "Allow from all\n");
f50216d7 570 fprintf (out, "</Limit>\n");
571 fprintf (out, "%s\n", catchall);
81b41491 572 fprintf (out, "AuthType None\n");
f50216d7 573 fprintf (out, "Order deny,allow\n");
11bc6bdc 574 fprintf (out, "Allow from all\n");
f50216d7 575 fprintf (out, "</Limit>\n");
576 fprintf (out, "</Policy>\n");
577 }
578
579 /* restrict lists and lpcaccess policies. Sadly, we have to put the
580 top level for each new policy since CUPS doesn't have a way of
581 doing it otherwise (well, Unix groups, but not moira) */
582 EXEC SQL DECLARE csr_lpc CURSOR FOR
583 SELECT UNIQUE rp, ka, ac, lpc_acl
584 FROM printers
cfba011a 585 WHERE (ac != 0 OR lpc_acl != 0) AND rm in (SELECT m.mach_id FROM machine m, serverhosts sh
586 WHERE m.mach_id = sh.mach_id AND sh.service = 'CUPS-PRINT' AND sh.enable = 1);
f50216d7 587 EXEC SQL OPEN csr_lpc;
588 while (1)
589 {
590 EXEC SQL FETCH csr_lpc INTO :name, :ka, :ac, :lpc_acl;
591 if (sqlca.sqlcode)
592 break;
593
594 strtrim(name);
595
596 fprintf (out, "<Policy %s-policy>\n", name);
597 fprintf (out, "%s\n", alterjob);
598 fprintf (out, "AuthType Default\n");
599 fprintf (out, "Require user @OWNER @SYSTEM\n");
600 printer_user_list(out, "LIST", lpc_acl, "Require user");
601 fprintf (out, "Order deny,allow\n");
03e05c1a 602 fprintf (out, "Allow from all\n");
f50216d7 603 fprintf (out, "</Limit>\n");
604 fprintf (out, "%s\n", submitjob);
605 /* If the printer is Kerberized? */
606 if (ka)
607 fprintf (out, "AuthType Negotiate\n");
608 else
609 fprintf (out, "AuthType None\n");
610 /* Access-control list. */
611 if (ac)
612 printer_user_list(out, "LIST", ac, "Require user");
613 else if (ka)
614 fprintf (out, "Require valid-user\n");
615 fprintf (out, "Order deny,allow\n");
11bc6bdc 616 fprintf (out, "Allow from all\n");
f50216d7 617 fprintf (out, "</Limit>\n");
618 fprintf (out, "%s\n", alterpntr);
619 fprintf (out, "AuthType Default\n");
620 fprintf (out, "Require user @SYSTEM\n");
621 fprintf (out, "Order deny,allow\n");
622 fprintf (out, "</Limit>\n");
623 fprintf (out, "%s\n", lpcpntr);
624 fprintf (out, "AuthType Default\n");
625 fprintf (out, "Require user @SYSTEM\n");
626 /* printer-specific lpc access. */
627 if (lpc_acl)
628 printer_user_list(out, "LIST", lpc_acl, "Require user");
629 printer_user_list(out, "LIST", top_lpc_acl, "Require user");
630 fprintf (out, "Order deny,allow\n");
631 fprintf (out, "</Limit>\n");
632 fprintf (out, "%s\n", canceljob);
633 fprintf (out, "AuthType Default\n");
634 fprintf (out, "Require user @OWNER @SYSTEM\n");
635 printer_user_list(out, "LIST", lpc_acl, "Require user");
636 printer_user_list(out, "LIST", top_lpc_acl, "Require user");
637 fprintf (out, "Order deny,allow\n");
11bc6bdc 638 fprintf (out, "Allow from all\n");
f50216d7 639 fprintf (out, "</Limit>\n");
640 fprintf (out, "%s\n", catchall);
11bc6bdc 641 fprintf (out, "AuthType None\n");
f50216d7 642 fprintf (out, "Order deny,allow\n");
11bc6bdc 643 fprintf (out, "Allow from all\n");
f50216d7 644 fprintf (out, "</Limit>\n");
645 fprintf (out, "</Policy>\n");
646 }
647 EXEC SQL CLOSE csr_lpc;
648 fprintf(out, "\n");
649 tarfile_end(tf);
650 tarfile_close(tf);
651}
652
653void sqlerr(void)
654{
655 db_error(sqlca.sqlcode);
656}
Moira, the Athena Service Management system
This page took 0.240505 seconds and 5 git commands to generate.