]> andersk Git - moira.git/blame - gen/cups-cluster.pc
andersk / moira.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Fix lprm.
[moira.git] / gen / cups-cluster.pc
CommitLineData
fa2a7b63 1/* $Id$
2 *
3 * This generates printcaps and other files for Athena print servers
4 *
5 * Copyright (C) 1992-1998 by the Massachusetts Institute of Technology.
6 * For copying and distribution information, please see the file
7 * <mit-copyright.h>.
8 */
9
10#include <mit-copyright.h>
11#include <moira.h>
12#include <moira_site.h>
13
14#include <sys/stat.h>
15#include <sys/types.h>
16
17#include <ctype.h>
18#include <stdio.h>
19#include <string.h>
20
21#include <time.h>
22#ifdef HAVE_KRB4
23#include <krb.h>
24#endif
25#include <krb5.h>
26
27#include "util.h"
28
29EXEC SQL INCLUDE sqlca;
30
31RCSID("$Header$");
32
33char *whoami = "cups-print.gen";
34char *db = "moira/moira";
35
36const int krbvers = 5; /* use Kerberos 5 */
37
38/* OMG, I hate this, but it's cleaner, I guess? */
39
40const char *alterjob = "<Limit Hold-Job Release-Job\
41 Restart-Job Purge-Jobs Reprocess-Job Set-Job-Attributes\
42 Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>";
e6968581 43const char *submitjob = "<Limit Create-Job Print-Job Print-URI \
fa2a7b63 44 Set-Job-Attributes Send-URI Create-Job-Subscription Renew-Subscription\
e6968581 45 Cancel-Subscription Get-Notifications CUPS-Move-Job CUPS-Authenticate-Job>";
fa2a7b63 46const char *alterpntr = "<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer\
e6968581 47 CUPS-Add-Modify-Class CUPS-Delete-Class>";
fa2a7b63 48const char *lpcpntr = "<Limit Pause-Printer Resume-Printer Enable-Printer\
49 Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs\
50 Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer\
51 Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After\
e6968581 52 CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>";
53const char *canceljob = "<Limit Cancel-Job>";
fa2a7b63 54const char *catchall = "<Limit All>";
e6968581 55const char *phost = "cluster-printers.MIT.EDU";
56const char *svrlist = "cups-hosts";
fa2a7b63 57
58void do_host(char *host);
59void sqlerr(void);
60#ifndef MAX
61#define MAX(a, b) ( (a) > (b) ? (a) : (b) )
62#endif
63
64int main(int argc, char **argv)
65{
66 EXEC SQL BEGIN DECLARE SECTION;
67 char name[MACHINE_NAME_SIZE];
68 EXEC SQL END DECLARE SECTION;
69
70 init_acls();
71
72 EXEC SQL CONNECT :db;
73
74 EXEC SQL WHENEVER SQLERROR DO sqlerr();
75
76 EXEC SQL DECLARE csr_hosts CURSOR FOR
77 SELECT m.name FROM machine m, serverhosts sh
78 WHERE m.mach_id = sh.mach_id AND sh.service = 'CUPS-CLUSTER' AND sh.enable = 1;
79 EXEC SQL OPEN csr_hosts;
80 while (1)
81 {
82 EXEC SQL FETCH csr_hosts INTO :name;
83 if (sqlca.sqlcode)
84 break;
85
86 strtrim(name);
87 do_host(name);
88 }
89 EXEC SQL CLOSE csr_hosts;
90
91 exit(MR_SUCCESS);
92}
93
e6968581 94void printer_user_list(FILE *out, char *type, int id, char *str, int striprealm)
fa2a7b63 95{
96 struct save_queue *sq;
97 struct imember *m;
98 char kbuf[MAX_K_NAME_SZ];
99 char *cp;
100
101 sq = get_acl(type, id, NULL);
102 while (sq_remove_data(sq, &m))
103 {
104 if (m->type != 'S' && m->type != NULL) {
105 /* CUPS wants mmanley/root, not mmanley.root@ATHENA.MIT.EDU */
106 canon_krb(m, krbvers, kbuf, sizeof(kbuf));
107
108 /* now, take out all the @realm */
e6968581 109 if (striprealm) {
fa2a7b63 110 for (cp=kbuf; *cp; cp++) {
111 if (*cp == '@') *cp = '\0';
112 }
e6968581 113 }
fa2a7b63 114 fprintf(out, "%s %s\n", str, kbuf);
115 }
116 freeimember(m);
117 }
118 sq_destroy(sq);
119}
120
fa2a7b63 121void do_host(char *host)
122{
123 EXEC SQL BEGIN DECLARE SECTION;
124 char rp[PRINTERS_RP_SIZE], name[PRINTERS_NAME_SIZE];
125 char duplexname[PRINTERS_DUPLEXNAME_SIZE], location[PRINTERS_LOCATION_SIZE];
126 char hwtype[PRINTERS_HWTYPE_SIZE], lowerhwtype[PRINTERS_HWTYPE_SIZE];
127 char modtime[PRINTERS_MODTIME_SIZE], lmodtime[LIST_MODTIME_SIZE];
128 char contact[PRINTERS_CONTACT_SIZE], hostname[MACHINE_NAME_SIZE];
129 char cupshosts[MACHINE_NAME_SIZE], prtype [PRINTERS_TYPE_SIZE];
e6968581 130 char service[SERVERHOSTS_SERVICE_SIZE];
fa2a7b63 131 char *spoolhost = host, *unixtime_fmt = UNIXTIME_FMT, *p;
132 char *lhost;
133 int ka, pc, ac, lpc_acl, top_lpc_acl, banner, rm;
134 EXEC SQL END DECLARE SECTION;
135 TARFILE *tf;
136 FILE *out;
137 char filename[MAXPATHLEN], *duptc;
138 time_t mtime, now = time(NULL);
139
140 lhost = (char *) strdup (host);
141 for (p = lhost; *p; p++)
142 *p = tolower(*p);
143
144 EXEC SQL SELECT mach_id INTO :rm FROM machine
145 WHERE name = :spoolhost;
146
147 sprintf(filename, "%s/cups-cluster/%s", DCM_DIR, host);
148 tf = tarfile_open(filename);
149
150 /* printers.conf entries for locally run queues */
151 out = tarfile_start(tf, "/etc/cups/printers.conf", 0644, 0, 0,
152 "lp", "lp", now);
153
154 EXEC SQL DECLARE csr_printers CURSOR FOR
155 SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
156 m.name, pr.banner, pr.location, pr.contact, pr.ka,
157 pr.ac, pr.lpc_acl
158 FROM printers pr, machine m
159 WHERE pr.rm = :rm AND m.mach_id = pr.mach_id
160 AND (pr.type = 'DORM' or pr.type = 'CLUSTER');
161 EXEC SQL OPEN csr_printers;
162 while (1)
163 {
164 EXEC SQL FETCH csr_printers INTO :rp, :name, :duplexname,
165 :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl;
166 if (sqlca.sqlcode)
167 break;
168
169 strtrim(rp);
170 strtrim(name);
171 strtrim(duplexname);
172 strtrim(hwtype);
173 strtrim(hostname);
174 strtrim(location);
175 strtrim(contact);
176 strcpy(lowerhwtype, hwtype);
177 for (p = rp; *p; p++) /* Because uppercased printer names suck */
178 *p = tolower(*p);
179 for (p = lowerhwtype; *p; p++)
180 *p = tolower(*p);
181
182 fprintf(out, "<Printer %s>\n",rp);
183 fprintf(out, "Info %s:%s\n", rp, hwtype);
184 /* Note the use of "beh" to keep the CUPS from disabling print queues
185 * should they not respond versus discarding the job.
186 * See the "beh" page for details.
187 * The 1/0/60 says "don't disable/try 20 times/try every 60s */
188 if (!strncmp(hwtype, "HP", 2))
189 fprintf(out, "DeviceURI beh:/1/20/60/socket://%s:9100\n", hostname);
190 else
191 fprintf(out, "DeviceURI beh:/1/20/60/socket://%s\n", hostname);
192 fprintf(out, "State Idle\n"); // Always with the Idle
193 fprintf(out, "StateTime %ld\n", (long)time(NULL));
194 fprintf(out, "Accepting Yes\n");
195 fprintf(out, "Shared Yes\n");
196 fprintf(out, "QuotaPeriod 0\n");
197 fprintf(out, "PageLimit 0\n");
198 fprintf(out, "Klimit 0\n");
199 fprintf(out, "Option sides one-sided\n");
200 fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
201 fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
202 fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
203 fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
204 fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
205 if (location[0])
206 fprintf(out, "Location %s\n", location);
207 fprintf(out, "ErrorPolicy abort-job\n");
208 if (ka || lpc_acl)
209 fprintf(out, "OpPolicy %s-policy\n", rp);
210 else
211 fprintf(out, "OpPolicy default\n");
212
213 /* Access-control list. */
214 if (ac)
215 {
216 if (ka)
217 fprintf(out, "AuthType Negotiate\n");
218 else
219 fprintf(out, "AuthType Default\n");
e6968581 220 printer_user_list(out, "LIST", ac, "AllowUser", 0);
fa2a7b63 221 }
222
223 if (banner == PRN_BANNER_NONE)
224 fprintf(out, "JobSheets none none\n");
225 else
226 fprintf(out, "JobSheets athena none\n");
227 fprintf(out, "</Printer>\n");
228
229 }
230 EXEC SQL CLOSE csr_printers;
231
232 /* printers.conf entries for non-local CUPS queues */
233 EXEC SQL DECLARE csr_remote_printers CURSOR FOR
234 SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
235 m.name, pr.banner, pr.location, pr.contact, pr.ka,
236 pr.ac, pr.lpc_acl, m.name as cupshosts
237 FROM printers pr, machine m, serverhosts sh
238 WHERE pr.rm = m.mach_id
239 AND (pr.type = 'CLUSTER' or pr.type = 'DORM') AND m.name <> :spoolhost AND
662cdab2 240 m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER') AND
fa2a7b63 241 sh.enable = 1 AND m.mach_id = sh.mach_id;
242
243 EXEC SQL OPEN csr_remote_printers;
244 while (1)
245 {
246 EXEC SQL FETCH csr_remote_printers INTO :rp, :name, :duplexname,
247 :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl, :cupshosts;
248 if (sqlca.sqlcode)
249 break;
250
251 strtrim(rp);
252 strtrim(name);
253 strtrim(duplexname);
254 strtrim(hwtype);
255 strtrim(hostname);
256 strtrim(location);
257 strtrim(contact);
258 strtrim(cupshosts);
259 strcpy(lowerhwtype, hwtype);
260 for (p = rp; *p; p++) /* Because uppercased printer names suck */
261 *p = tolower(*p);
262 for (p = lowerhwtype; *p; p++)
263 *p = tolower(*p);
264
265 fprintf(out, "<Printer %s>\n",rp);
266 fprintf(out, "Info %s:%s\n", rp, hwtype);
267 fprintf(out, "DeviceURI ipp://%s:631/printers/%s\n", cupshosts, rp);
268 fprintf(out, "State Idle\n"); // Always with the Idle
269 fprintf(out, "StateTime %ld\n", (long)time(NULL));
270 fprintf(out, "Accepting Yes\n");
271 fprintf(out, "Shared Yes\n");
272 fprintf(out, "QuotaPeriod 0\n");
273 fprintf(out, "PageLimit 0\n");
274 fprintf(out, "Klimit 0\n");
275 fprintf(out, "Option sides one-sided\n");
276 fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
277 fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
278 fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
279 fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
280 fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
281 if (location[0])
282 fprintf(out, "Location %s\n", location);
283 fprintf(out, "ErrorPolicy abort-job\n");
284 if (ka || lpc_acl)
285 fprintf(out, "OpPolicy %s-policy\n", rp);
286 else
287 fprintf(out, "OpPolicy default\n");
288
289 /* Access-control list. */
290 if (ac)
291 {
292 if (ka)
293 fprintf(out, "AuthType Negotiate\n");
294 else
295 fprintf(out, "AuthType Default\n");
e6968581 296 printer_user_list(out, "LIST", ac, "AllowUser", 0);
fa2a7b63 297 }
298
299 if (banner == PRN_BANNER_NONE)
300 fprintf(out, "JobSheets none none\n");
301 else
302 fprintf(out, "JobSheets athena none\n");
303 fprintf(out, "</Printer>\n");
304
305 }
306 EXEC SQL CLOSE csr_remote_printers;
307
308 /* printers.conf entries for non-local LPRng queues */
309 EXEC SQL DECLARE csr_lprng_printers CURSOR FOR
310 SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
311 m.name, pr.banner, pr.location, pr.contact, pr.ka,
312 pr.ac, pr.lpc_acl, m.name as cupshosts
313 FROM printers pr, machine m, serverhosts sh
314 WHERE pr.rm = m.mach_id
315 AND (pr.type = 'DORM' or pr.type = 'CLUSTER') AND m.name <> :spoolhost AND
316 m.mach_id = sh.mach_id AND sh.service = 'PRINT' AND
317 sh.enable = 1;
318
319 EXEC SQL OPEN csr_lprng_printers;
320 while (1)
321 {
322 EXEC SQL FETCH csr_lprng_printers INTO :rp, :name, :duplexname,
323 :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl, :cupshosts;
324 if (sqlca.sqlcode)
325 break;
326
327 strtrim(rp);
328 strtrim(name);
329 strtrim(duplexname);
330 strtrim(hwtype);
331 strtrim(hostname);
332 strtrim(location);
333 strtrim(contact);
334 strtrim(cupshosts);
335 strcpy(lowerhwtype, hwtype);
336 for (p = rp; *p; p++) /* Because uppercased printer names suck */
337 *p = tolower(*p);
338 for (p = lowerhwtype; *p; p++)
339 *p = tolower(*p);
340
341 fprintf(out, "<Printer %s>\n",rp);
342 fprintf(out, "Info %s:LPRng Queue on %s\n", rp, cupshosts);
343 fprintf(out, "DeviceURI lpd://%s/%s\n", cupshosts, rp);
344 fprintf(out, "State Idle\n"); // Always with the Idle
345 fprintf(out, "StateTime %ld\n", (long)time(NULL));
346 fprintf(out, "Accepting Yes\n");
347 fprintf(out, "Shared Yes\n");
348 fprintf(out, "QuotaPeriod 0\n");
349 fprintf(out, "PageLimit 0\n");
350 fprintf(out, "Klimit 0\n");
351 fprintf(out, "Option sides one-sided\n");
352 fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
353 fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
354 fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
355 fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
356 fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
357 if (location[0])
358 fprintf(out, "Location %s\n", location);
359 fprintf(out, "ErrorPolicy abort-job\n");
360 fprintf(out, "OpPolicy default\n");
361 fprintf(out, "JobSheets none none\n");
362 fprintf(out, "</Printer>\n");
363
364 }
365 EXEC SQL CLOSE csr_lprng_printers;
366 tarfile_end(tf);
367
368
369 /* aliases are in classes.conf */
370 out = tarfile_start(tf, "/etc/cups/classes.conf", 0644, 0, 0,
371 "lp", "lp", now);
372 EXEC SQL DECLARE csr_duplexqs CURSOR FOR
373 SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
374 m.name, pr.banner, pr.location, pr.contact, pr.ka,
e6968581 375 pr.type as prtype, pr.ac, sh.service
fa2a7b63 376 FROM printers pr, machine m, serverhosts sh
377 WHERE pr.rm = m.mach_id
378 AND m.mach_id = sh.mach_id AND sh.enable = 1
379 AND (pr.type = 'DORM' or pr.type = 'CLUSTER')
662cdab2 380 AND (sh.service = 'CUPS-PRINT' OR sh.service = 'PRINT' OR sh.service = 'CUPS-CLUSTER');
fa2a7b63 381 EXEC SQL OPEN csr_duplexqs;
382 while (1)
383 {
384 EXEC SQL FETCH csr_duplexqs INTO :rp, :name, :duplexname,
e6968581 385 :hwtype, :hostname, :banner, :location, :contact, :ka, :prtype, :ac, :service;
fa2a7b63 386 if (sqlca.sqlcode)
387 break;
388
389 strtrim(hwtype);
e6968581 390 strtrim(service);
fa2a7b63 391 strtrim(rp);
392 strtrim(location);
393 strtrim(contact);
394 strtrim(prtype);
395
396 /* Define alias queues as classes to the regular queues for
397 * accounting reasons. Annoyingly, classes don't always inherit
398 * their printer definitions.
399 */
400 if (!strcmp(prtype,"ALIAS"))
401 {
402 strtrim(name);
403 fprintf(out, "<Class %s>\n",name);
404 fprintf(out, "Info Alias Queue to %s:%s\n", rp, hwtype);
405 fprintf(out, "Printer %s\n", rp);
406 fprintf(out, "Option sides one-sided\n");
407 fprintf(out, "State Idle\n"); // Always with the Idle
408 fprintf(out, "StateTime %ld\n", (long)time(NULL));
409 fprintf(out, "Accepting Yes\n");
410 fprintf(out, "Shared Yes\n");
411 fprintf(out, "QuotaPeriod 0\n");
412 fprintf(out, "PageLimit 0\n");
413 if (location[0])
414 fprintf(out, "Location %s\n", location);
e6968581 415 /* do not use custom policies for LPRng printers */
416 if (strcmp(service,"PRINT") && (ka || lpc_acl))
fa2a7b63 417 fprintf(out, "OpPolicy %s-policy\n", rp);
418 else
419 fprintf(out, "OpPolicy default\n");
420
421 /* Access-control list. */
422 if (ac)
e6968581 423 printer_user_list(out, "LIST", ac, "AllowUser", 0);
fa2a7b63 424
425 if (banner == PRN_BANNER_NONE)
426 fprintf(out, "JobSheets none none\n");
427 else
428 fprintf(out, "JobSheets athena none\n");
429 fprintf(out, "</Class>\n");
430 }
431
432 /* Define duplex queues as aliases to the regular queues for
433 * accounting reasons. Annoyingly, classes don't always inherit
434 * their printer definitions.
435 */
436 if (*duplexname)
437 {
438 strtrim(duplexname);
439 fprintf(out, "<Class %s>\n",duplexname);
440 if (!strcmp(prtype,"ALIAS"))
441 fprintf(out, "Info Duplex Alias Queue to %s:%s\n", rp, hwtype);
442 else
443 fprintf(out, "Info Duplex Queue for %s:%s\n", rp, hwtype);
444 fprintf(out, "Option sides two-sided-long-edge\n"); // duplex
445 fprintf(out, "Printer %s\n", rp);
446 fprintf(out, "State Idle\n"); // Always with the Idle
447 fprintf(out, "StateTime %ld\n", (long)time(NULL));
448 fprintf(out, "Accepting Yes\n");
449 fprintf(out, "Shared Yes\n");
450 fprintf(out, "QuotaPeriod 0\n");
451 fprintf(out, "PageLimit 0\n");
452 if (location[0])
453 fprintf(out, "Location %s\n", location);
e6968581 454 /* do not use custom policies for LPRng printers */
455 if (strcmp(service,"PRINT") && (ka || lpc_acl))
fa2a7b63 456 fprintf(out, "OpPolicy %s-policy\n", rp);
457 else
458 fprintf(out, "OpPolicy default\n");
459
460 /* Access-control list. */
461 if (ac)
e6968581 462 printer_user_list(out, "LIST", ac, "AllowUser", 0);
fa2a7b63 463
464 if (banner == PRN_BANNER_NONE)
465 fprintf(out, "JobSheets none none\n");
466 else if (banner == PRN_BANNER_LAST)
467 fprintf(out, "JobSheets athena none\n");
468 fprintf(out, "</Class>\n");
469 }
470 }
471 EXEC SQL CLOSE csr_duplexqs;
472 tarfile_end(tf);
473
474 /* cups.conf */
475 out = tarfile_start(tf, "/etc/cups/cupsd.conf", 0755, 1, 1,
476 "root", "lp", now);
477
478 fprintf(out, "LogLevel info\n");
479 fprintf(out, "SystemGroup sys root ops-group\n");
480 fprintf(out, "Port 631\n");
e6968581 481 fprintf(out, "SSLPort 443\n");
fa2a7b63 482 fprintf(out, "Listen /var/run/cups/cups.sock\n");
483 fprintf(out, "Browsing On\n");
484 fprintf(out, "BrowseOrder allow,deny\n");
485 fprintf(out, "BrowseAllow all\n");
486 fprintf(out, "BrowseAddress @LOCAL\n");
487 fprintf(out, "DefaultAuthType Negotiate\n");
488 fprintf(out, "ServerCertificate /etc/cups/ssl/%s-ipp-crt.pem\n", lhost);
489 fprintf(out, "ServerKey /etc/cups/ssl/%s-ipp-key.pem\n", lhost);
490 fprintf(out, "ServerName %s\n", lhost);
491 fprintf(out, "ServerAlias %s\n", phost);
e6968581 492 /* fprintf(out, "Krb5Keytab /etc/krb5-ipp.keytab\n"); */
fa2a7b63 493
494 /* The other CUPS servers should be aware of the other hosts'
495 queues, so we'll let them browse each other. */
496 fprintf(out, "Include cups.local.conf\n");
497 fprintf(out, "Include cups.locations.conf\n");
498 fprintf(out, "Include cups.policies.conf\n");
499 tarfile_end(tf);
500
501 /* cups.hosts.conf */
502 out = tarfile_start(tf, "/etc/cups/cups.hosts.conf", 0755, 1, 1,
503 "root", "lp", now);
504 EXEC SQL DECLARE csr_cupshosts CURSOR FOR
505 SELECT m.name AS cupshosts FROM machine m, printservers ps
506 WHERE m.mach_id = ps.mach_id AND ps.kind = 'CUPS';
507 EXEC SQL OPEN csr_cupshosts;
508 while (1)
509 {
510 EXEC SQL FETCH csr_cupshosts INTO :cupshosts;
511 if (sqlca.sqlcode)
512 break;
513
514 strtrim(cupshosts);
515
516 /* Don't poll yourself looking for answers! */
517 if (strcmp(cupshosts,host))
518 fprintf(out, "BrowsePoll %s\n", cupshosts);
519 }
520 EXEC SQL CLOSE csr_cupshosts;
521
522 tarfile_end(tf);
523
524 /* cups.policies.conf */
525 out = tarfile_start(tf, "/etc/cups/cups.policies.conf", 0755, 1, 1,
526 "root", "lp", now);
527 fprintf(out, "# Printer-specific LPC and LPR ACLs\n");
528 /* lpcaccess.top */
529 EXEC SQL SELECT ps.lpc_acl INTO :top_lpc_acl
530 FROM printservers ps, machine m
531 WHERE m.name = :spoolhost AND m.mach_id = ps.mach_id;
fa2a7b63 532 fprintf (out, "<Policy default>\n");
533 fprintf (out, "%s\n", alterjob);
534 fprintf (out, "AuthType Default\n");
535 fprintf (out, "Require user @OWNER @SYSTEM\n");
e6968581 536 printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
537 fprintf (out, "Order deny,allow\n");
538 fprintf (out, "</Limit>\n");
539 fprintf (out, "<Limit Send-Document CUPS-Get-Document>\n");
540 fprintf (out, "AuthType None\n");
541 fprintf (out, "Require user @OWNER @SYSTEM\n");
fa2a7b63 542 fprintf (out, "Order deny,allow\n");
e6968581 543 fprintf (out, "Allow from all\n");
fa2a7b63 544 fprintf (out, "</Limit>\n");
545 fprintf (out, "%s\n", submitjob);
546 fprintf (out, "AuthType None\n");
547 fprintf (out, "Order deny,allow\n");
548 fprintf (out, "Allow from all\n");
549 fprintf (out, "</Limit>\n");
550 fprintf (out, "%s\n", alterpntr);
551 fprintf (out, "AuthType Default\n");
552 fprintf (out, "Require user @SYSTEM\n");
553 fprintf (out, "Order deny,allow\n");
554 fprintf (out, "</Limit>\n");
555 fprintf (out, "%s\n", lpcpntr);
556 fprintf (out, "AuthType Default\n");
557 fprintf (out, "Require user @SYSTEM\n");
e6968581 558 printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
fa2a7b63 559 fprintf (out, "Order deny,allow\n");
560 fprintf (out, "</Limit>\n");
561 fprintf (out, "%s\n", canceljob);
562 fprintf (out, "AuthType Default\n");
563 fprintf (out, "Require user @OWNER @SYSTEM\n");
e6968581 564 printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
fa2a7b63 565 fprintf (out, "Order deny,allow\n");
566 fprintf (out, "Allow from all\n");
567 fprintf (out, "</Limit>\n");
568 fprintf (out, "%s\n", catchall);
569 fprintf (out, "AuthType None\n");
570 fprintf (out, "Order deny,allow\n");
571 fprintf (out, "Allow from all\n");
572 fprintf (out, "</Limit>\n");
573 fprintf (out, "</Policy>\n");
fa2a7b63 574
575 /* restrict lists and lpcaccess policies. Sadly, we have to put the
576 top level for each new policy since CUPS doesn't have a way of
577 doing it otherwise (well, Unix groups, but not moira) */
578 EXEC SQL DECLARE csr_lpc CURSOR FOR
579 SELECT UNIQUE rp, ka, ac, lpc_acl
580 FROM printers
581 WHERE (ac != 0 OR lpc_acl != 0) AND rm in (SELECT m.mach_id FROM machine m, serverhosts sh
e6968581 582 WHERE m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' or sh.service = 'CUPS-CLUSTER')
583 AND sh.enable = 1);
fa2a7b63 584 EXEC SQL OPEN csr_lpc;
585 while (1)
586 {
587 EXEC SQL FETCH csr_lpc INTO :name, :ka, :ac, :lpc_acl;
588 if (sqlca.sqlcode)
589 break;
590
591 strtrim(name);
592
593 fprintf (out, "<Policy %s-policy>\n", name);
594 fprintf (out, "%s\n", alterjob);
595 fprintf (out, "AuthType Default\n");
596 fprintf (out, "Require user @OWNER @SYSTEM\n");
e6968581 597 printer_user_list(out, "LIST", lpc_acl, "Require user", 1);
598 printer_user_list(out, "LIST", svrlist, "Require user", 1);
599 fprintf (out, "Order deny,allow\n");
600 fprintf (out, "Allow from all\n");
601 fprintf (out, "</Limit>\n");
602 fprintf (out, "<Limit Send-Document CUPS-Get-Document>\n");
603 fprintf (out, "AuthType None\n");
604 fprintf (out, "Require user @OWNER @SYSTEM\n");
fa2a7b63 605 fprintf (out, "Order deny,allow\n");
606 fprintf (out, "Allow from all\n");
607 fprintf (out, "</Limit>\n");
608 fprintf (out, "%s\n", submitjob);
609 /* If the printer is Kerberized? */
610 if (ka)
611 fprintf (out, "AuthType Negotiate\n");
612 else
613 fprintf (out, "AuthType None\n");
614 /* Access-control list. */
e6968581 615 if (ac) {
616 printer_user_list(out, "LIST", ac, "Require user", 1);
617 printer_user_list(out, "LIST", svrlist, "Require user", 1);
618 }
fa2a7b63 619 else if (ka)
620 fprintf (out, "Require valid-user\n");
621 fprintf (out, "Order deny,allow\n");
622 fprintf (out, "Allow from all\n");
623 fprintf (out, "</Limit>\n");
624 fprintf (out, "%s\n", alterpntr);
625 fprintf (out, "AuthType Default\n");
626 fprintf (out, "Require user @SYSTEM\n");
627 fprintf (out, "Order deny,allow\n");
628 fprintf (out, "</Limit>\n");
629 fprintf (out, "%s\n", lpcpntr);
630 fprintf (out, "AuthType Default\n");
631 fprintf (out, "Require user @SYSTEM\n");
632 /* printer-specific lpc access. */
633 if (lpc_acl)
e6968581 634 printer_user_list(out, "LIST", lpc_acl, "Require user", 1);
635 printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
fa2a7b63 636 fprintf (out, "Order deny,allow\n");
637 fprintf (out, "</Limit>\n");
638 fprintf (out, "%s\n", canceljob);
639 fprintf (out, "AuthType Default\n");
640 fprintf (out, "Require user @OWNER @SYSTEM\n");
e6968581 641 printer_user_list(out, "LIST", lpc_acl, "Require user", 1);
642 printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
fa2a7b63 643 fprintf (out, "Order deny,allow\n");
644 fprintf (out, "Allow from all\n");
645 fprintf (out, "</Limit>\n");
646 fprintf (out, "%s\n", catchall);
647 fprintf (out, "AuthType None\n");
648 fprintf (out, "Order deny,allow\n");
649 fprintf (out, "Allow from all\n");
650 fprintf (out, "</Limit>\n");
651 fprintf (out, "</Policy>\n");
652 }
653 EXEC SQL CLOSE csr_lpc;
654 fprintf(out, "\n");
655 tarfile_end(tf);
656 tarfile_close(tf);
657}
658
659void sqlerr(void)
660{
661 db_error(sqlca.sqlcode);
662}
Moira, the Athena Service Management system
This page took 0.222048 seconds and 5 git commands to generate.