]>
Commit | Line | Data |
---|---|---|
fa2a7b63 | 1 | /* $Id$ |
2 | * | |
3 | * This generates printcaps and other files for Athena print servers | |
4 | * | |
5 | * Copyright (C) 1992-1998 by the Massachusetts Institute of Technology. | |
6 | * For copying and distribution information, please see the file | |
7 | * <mit-copyright.h>. | |
8 | */ | |
9 | ||
10 | #include <mit-copyright.h> | |
11 | #include <moira.h> | |
12 | #include <moira_site.h> | |
13 | ||
14 | #include <sys/stat.h> | |
15 | #include <sys/types.h> | |
16 | ||
17 | #include <ctype.h> | |
18 | #include <stdio.h> | |
19 | #include <string.h> | |
20 | ||
21 | #include <time.h> | |
22 | #ifdef HAVE_KRB4 | |
23 | #include <krb.h> | |
24 | #endif | |
25 | #include <krb5.h> | |
26 | ||
27 | #include "util.h" | |
28 | ||
29 | EXEC SQL INCLUDE sqlca; | |
30 | ||
31 | RCSID("$Header$"); | |
32 | ||
33 | char *whoami = "cups-print.gen"; | |
34 | char *db = "moira/moira"; | |
35 | ||
36 | const int krbvers = 5; /* use Kerberos 5 */ | |
37 | ||
38 | /* OMG, I hate this, but it's cleaner, I guess? */ | |
39 | ||
40 | const char *alterjob = "<Limit Hold-Job Release-Job\ | |
41 | Restart-Job Purge-Jobs Reprocess-Job Set-Job-Attributes\ | |
42 | Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>"; | |
e6968581 | 43 | const char *submitjob = "<Limit Create-Job Print-Job Print-URI \ |
fa2a7b63 | 44 | Set-Job-Attributes Send-URI Create-Job-Subscription Renew-Subscription\ |
e6968581 | 45 | Cancel-Subscription Get-Notifications CUPS-Move-Job CUPS-Authenticate-Job>"; |
fa2a7b63 | 46 | const char *alterpntr = "<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer\ |
e6968581 | 47 | CUPS-Add-Modify-Class CUPS-Delete-Class>"; |
fa2a7b63 | 48 | const char *lpcpntr = "<Limit Pause-Printer Resume-Printer Enable-Printer\ |
49 | Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs\ | |
50 | Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer\ | |
51 | Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After\ | |
e6968581 | 52 | CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>"; |
53 | const char *canceljob = "<Limit Cancel-Job>"; | |
fa2a7b63 | 54 | const char *catchall = "<Limit All>"; |
e6968581 | 55 | const char *phost = "cluster-printers.MIT.EDU"; |
56 | const char *svrlist = "cups-hosts"; | |
fa2a7b63 | 57 | |
58 | void do_host(char *host); | |
59 | void sqlerr(void); | |
60 | #ifndef MAX | |
61 | #define MAX(a, b) ( (a) > (b) ? (a) : (b) ) | |
62 | #endif | |
63 | ||
64 | int main(int argc, char **argv) | |
65 | { | |
66 | EXEC SQL BEGIN DECLARE SECTION; | |
67 | char name[MACHINE_NAME_SIZE]; | |
68 | EXEC SQL END DECLARE SECTION; | |
69 | ||
70 | init_acls(); | |
71 | ||
72 | EXEC SQL CONNECT :db; | |
73 | ||
74 | EXEC SQL WHENEVER SQLERROR DO sqlerr(); | |
75 | ||
76 | EXEC SQL DECLARE csr_hosts CURSOR FOR | |
77 | SELECT m.name FROM machine m, serverhosts sh | |
78 | WHERE m.mach_id = sh.mach_id AND sh.service = 'CUPS-CLUSTER' AND sh.enable = 1; | |
79 | EXEC SQL OPEN csr_hosts; | |
80 | while (1) | |
81 | { | |
82 | EXEC SQL FETCH csr_hosts INTO :name; | |
83 | if (sqlca.sqlcode) | |
84 | break; | |
85 | ||
86 | strtrim(name); | |
87 | do_host(name); | |
88 | } | |
89 | EXEC SQL CLOSE csr_hosts; | |
90 | ||
91 | exit(MR_SUCCESS); | |
92 | } | |
93 | ||
e6968581 | 94 | void printer_user_list(FILE *out, char *type, int id, char *str, int striprealm) |
fa2a7b63 | 95 | { |
96 | struct save_queue *sq; | |
97 | struct imember *m; | |
98 | char kbuf[MAX_K_NAME_SZ]; | |
99 | char *cp; | |
100 | ||
101 | sq = get_acl(type, id, NULL); | |
102 | while (sq_remove_data(sq, &m)) | |
103 | { | |
104 | if (m->type != 'S' && m->type != NULL) { | |
105 | /* CUPS wants mmanley/root, not mmanley.root@ATHENA.MIT.EDU */ | |
106 | canon_krb(m, krbvers, kbuf, sizeof(kbuf)); | |
107 | ||
108 | /* now, take out all the @realm */ | |
e6968581 | 109 | if (striprealm) { |
fa2a7b63 | 110 | for (cp=kbuf; *cp; cp++) { |
111 | if (*cp == '@') *cp = '\0'; | |
112 | } | |
e6968581 | 113 | } |
fa2a7b63 | 114 | fprintf(out, "%s %s\n", str, kbuf); |
115 | } | |
116 | freeimember(m); | |
117 | } | |
118 | sq_destroy(sq); | |
119 | } | |
120 | ||
fa2a7b63 | 121 | void do_host(char *host) |
122 | { | |
123 | EXEC SQL BEGIN DECLARE SECTION; | |
124 | char rp[PRINTERS_RP_SIZE], name[PRINTERS_NAME_SIZE]; | |
125 | char duplexname[PRINTERS_DUPLEXNAME_SIZE], location[PRINTERS_LOCATION_SIZE]; | |
126 | char hwtype[PRINTERS_HWTYPE_SIZE], lowerhwtype[PRINTERS_HWTYPE_SIZE]; | |
127 | char modtime[PRINTERS_MODTIME_SIZE], lmodtime[LIST_MODTIME_SIZE]; | |
128 | char contact[PRINTERS_CONTACT_SIZE], hostname[MACHINE_NAME_SIZE]; | |
129 | char cupshosts[MACHINE_NAME_SIZE], prtype [PRINTERS_TYPE_SIZE]; | |
e6968581 | 130 | char service[SERVERHOSTS_SERVICE_SIZE]; |
fa2a7b63 | 131 | char *spoolhost = host, *unixtime_fmt = UNIXTIME_FMT, *p; |
132 | char *lhost; | |
133 | int ka, pc, ac, lpc_acl, top_lpc_acl, banner, rm; | |
134 | EXEC SQL END DECLARE SECTION; | |
135 | TARFILE *tf; | |
136 | FILE *out; | |
137 | char filename[MAXPATHLEN], *duptc; | |
138 | time_t mtime, now = time(NULL); | |
139 | ||
140 | lhost = (char *) strdup (host); | |
141 | for (p = lhost; *p; p++) | |
142 | *p = tolower(*p); | |
143 | ||
144 | EXEC SQL SELECT mach_id INTO :rm FROM machine | |
145 | WHERE name = :spoolhost; | |
146 | ||
147 | sprintf(filename, "%s/cups-cluster/%s", DCM_DIR, host); | |
148 | tf = tarfile_open(filename); | |
149 | ||
150 | /* printers.conf entries for locally run queues */ | |
151 | out = tarfile_start(tf, "/etc/cups/printers.conf", 0644, 0, 0, | |
152 | "lp", "lp", now); | |
153 | ||
154 | EXEC SQL DECLARE csr_printers CURSOR FOR | |
155 | SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype, | |
156 | m.name, pr.banner, pr.location, pr.contact, pr.ka, | |
157 | pr.ac, pr.lpc_acl | |
158 | FROM printers pr, machine m | |
159 | WHERE pr.rm = :rm AND m.mach_id = pr.mach_id | |
160 | AND (pr.type = 'DORM' or pr.type = 'CLUSTER'); | |
161 | EXEC SQL OPEN csr_printers; | |
162 | while (1) | |
163 | { | |
164 | EXEC SQL FETCH csr_printers INTO :rp, :name, :duplexname, | |
165 | :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl; | |
166 | if (sqlca.sqlcode) | |
167 | break; | |
168 | ||
169 | strtrim(rp); | |
170 | strtrim(name); | |
171 | strtrim(duplexname); | |
172 | strtrim(hwtype); | |
173 | strtrim(hostname); | |
174 | strtrim(location); | |
175 | strtrim(contact); | |
176 | strcpy(lowerhwtype, hwtype); | |
177 | for (p = rp; *p; p++) /* Because uppercased printer names suck */ | |
178 | *p = tolower(*p); | |
179 | for (p = lowerhwtype; *p; p++) | |
180 | *p = tolower(*p); | |
181 | ||
182 | fprintf(out, "<Printer %s>\n",rp); | |
183 | fprintf(out, "Info %s:%s\n", rp, hwtype); | |
184 | /* Note the use of "beh" to keep the CUPS from disabling print queues | |
185 | * should they not respond versus discarding the job. | |
186 | * See the "beh" page for details. | |
187 | * The 1/0/60 says "don't disable/try 20 times/try every 60s */ | |
188 | if (!strncmp(hwtype, "HP", 2)) | |
189 | fprintf(out, "DeviceURI beh:/1/20/60/socket://%s:9100\n", hostname); | |
190 | else | |
191 | fprintf(out, "DeviceURI beh:/1/20/60/socket://%s\n", hostname); | |
192 | fprintf(out, "State Idle\n"); // Always with the Idle | |
193 | fprintf(out, "StateTime %ld\n", (long)time(NULL)); | |
194 | fprintf(out, "Accepting Yes\n"); | |
195 | fprintf(out, "Shared Yes\n"); | |
196 | fprintf(out, "QuotaPeriod 0\n"); | |
197 | fprintf(out, "PageLimit 0\n"); | |
198 | fprintf(out, "Klimit 0\n"); | |
199 | fprintf(out, "Option sides one-sided\n"); | |
200 | fprintf(out, "Filter application/vnd.cups-raw 0 -\n"); | |
201 | fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n"); | |
202 | fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n"); | |
203 | fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n"); | |
204 | fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n"); | |
205 | if (location[0]) | |
206 | fprintf(out, "Location %s\n", location); | |
207 | fprintf(out, "ErrorPolicy abort-job\n"); | |
208 | if (ka || lpc_acl) | |
209 | fprintf(out, "OpPolicy %s-policy\n", rp); | |
210 | else | |
211 | fprintf(out, "OpPolicy default\n"); | |
212 | ||
213 | /* Access-control list. */ | |
214 | if (ac) | |
215 | { | |
216 | if (ka) | |
217 | fprintf(out, "AuthType Negotiate\n"); | |
218 | else | |
219 | fprintf(out, "AuthType Default\n"); | |
e6968581 | 220 | printer_user_list(out, "LIST", ac, "AllowUser", 0); |
fa2a7b63 | 221 | } |
222 | ||
223 | if (banner == PRN_BANNER_NONE) | |
224 | fprintf(out, "JobSheets none none\n"); | |
225 | else | |
226 | fprintf(out, "JobSheets athena none\n"); | |
227 | fprintf(out, "</Printer>\n"); | |
228 | ||
229 | } | |
230 | EXEC SQL CLOSE csr_printers; | |
231 | ||
232 | /* printers.conf entries for non-local CUPS queues */ | |
233 | EXEC SQL DECLARE csr_remote_printers CURSOR FOR | |
234 | SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype, | |
235 | m.name, pr.banner, pr.location, pr.contact, pr.ka, | |
236 | pr.ac, pr.lpc_acl, m.name as cupshosts | |
237 | FROM printers pr, machine m, serverhosts sh | |
238 | WHERE pr.rm = m.mach_id | |
239 | AND (pr.type = 'CLUSTER' or pr.type = 'DORM') AND m.name <> :spoolhost AND | |
662cdab2 | 240 | m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER') AND |
fa2a7b63 | 241 | sh.enable = 1 AND m.mach_id = sh.mach_id; |
242 | ||
243 | EXEC SQL OPEN csr_remote_printers; | |
244 | while (1) | |
245 | { | |
246 | EXEC SQL FETCH csr_remote_printers INTO :rp, :name, :duplexname, | |
247 | :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl, :cupshosts; | |
248 | if (sqlca.sqlcode) | |
249 | break; | |
250 | ||
251 | strtrim(rp); | |
252 | strtrim(name); | |
253 | strtrim(duplexname); | |
254 | strtrim(hwtype); | |
255 | strtrim(hostname); | |
256 | strtrim(location); | |
257 | strtrim(contact); | |
258 | strtrim(cupshosts); | |
259 | strcpy(lowerhwtype, hwtype); | |
260 | for (p = rp; *p; p++) /* Because uppercased printer names suck */ | |
261 | *p = tolower(*p); | |
262 | for (p = lowerhwtype; *p; p++) | |
263 | *p = tolower(*p); | |
264 | ||
265 | fprintf(out, "<Printer %s>\n",rp); | |
266 | fprintf(out, "Info %s:%s\n", rp, hwtype); | |
267 | fprintf(out, "DeviceURI ipp://%s:631/printers/%s\n", cupshosts, rp); | |
268 | fprintf(out, "State Idle\n"); // Always with the Idle | |
269 | fprintf(out, "StateTime %ld\n", (long)time(NULL)); | |
270 | fprintf(out, "Accepting Yes\n"); | |
271 | fprintf(out, "Shared Yes\n"); | |
272 | fprintf(out, "QuotaPeriod 0\n"); | |
273 | fprintf(out, "PageLimit 0\n"); | |
274 | fprintf(out, "Klimit 0\n"); | |
275 | fprintf(out, "Option sides one-sided\n"); | |
276 | fprintf(out, "Filter application/vnd.cups-raw 0 -\n"); | |
277 | fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n"); | |
278 | fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n"); | |
279 | fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n"); | |
280 | fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n"); | |
281 | if (location[0]) | |
282 | fprintf(out, "Location %s\n", location); | |
283 | fprintf(out, "ErrorPolicy abort-job\n"); | |
284 | if (ka || lpc_acl) | |
285 | fprintf(out, "OpPolicy %s-policy\n", rp); | |
286 | else | |
287 | fprintf(out, "OpPolicy default\n"); | |
288 | ||
289 | /* Access-control list. */ | |
290 | if (ac) | |
291 | { | |
292 | if (ka) | |
293 | fprintf(out, "AuthType Negotiate\n"); | |
294 | else | |
295 | fprintf(out, "AuthType Default\n"); | |
e6968581 | 296 | printer_user_list(out, "LIST", ac, "AllowUser", 0); |
fa2a7b63 | 297 | } |
298 | ||
299 | if (banner == PRN_BANNER_NONE) | |
300 | fprintf(out, "JobSheets none none\n"); | |
301 | else | |
302 | fprintf(out, "JobSheets athena none\n"); | |
303 | fprintf(out, "</Printer>\n"); | |
304 | ||
305 | } | |
306 | EXEC SQL CLOSE csr_remote_printers; | |
307 | ||
308 | /* printers.conf entries for non-local LPRng queues */ | |
309 | EXEC SQL DECLARE csr_lprng_printers CURSOR FOR | |
310 | SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype, | |
311 | m.name, pr.banner, pr.location, pr.contact, pr.ka, | |
312 | pr.ac, pr.lpc_acl, m.name as cupshosts | |
313 | FROM printers pr, machine m, serverhosts sh | |
314 | WHERE pr.rm = m.mach_id | |
315 | AND (pr.type = 'DORM' or pr.type = 'CLUSTER') AND m.name <> :spoolhost AND | |
316 | m.mach_id = sh.mach_id AND sh.service = 'PRINT' AND | |
317 | sh.enable = 1; | |
318 | ||
319 | EXEC SQL OPEN csr_lprng_printers; | |
320 | while (1) | |
321 | { | |
322 | EXEC SQL FETCH csr_lprng_printers INTO :rp, :name, :duplexname, | |
323 | :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl, :cupshosts; | |
324 | if (sqlca.sqlcode) | |
325 | break; | |
326 | ||
327 | strtrim(rp); | |
328 | strtrim(name); | |
329 | strtrim(duplexname); | |
330 | strtrim(hwtype); | |
331 | strtrim(hostname); | |
332 | strtrim(location); | |
333 | strtrim(contact); | |
334 | strtrim(cupshosts); | |
335 | strcpy(lowerhwtype, hwtype); | |
336 | for (p = rp; *p; p++) /* Because uppercased printer names suck */ | |
337 | *p = tolower(*p); | |
338 | for (p = lowerhwtype; *p; p++) | |
339 | *p = tolower(*p); | |
340 | ||
341 | fprintf(out, "<Printer %s>\n",rp); | |
342 | fprintf(out, "Info %s:LPRng Queue on %s\n", rp, cupshosts); | |
343 | fprintf(out, "DeviceURI lpd://%s/%s\n", cupshosts, rp); | |
344 | fprintf(out, "State Idle\n"); // Always with the Idle | |
345 | fprintf(out, "StateTime %ld\n", (long)time(NULL)); | |
346 | fprintf(out, "Accepting Yes\n"); | |
347 | fprintf(out, "Shared Yes\n"); | |
348 | fprintf(out, "QuotaPeriod 0\n"); | |
349 | fprintf(out, "PageLimit 0\n"); | |
350 | fprintf(out, "Klimit 0\n"); | |
351 | fprintf(out, "Option sides one-sided\n"); | |
352 | fprintf(out, "Filter application/vnd.cups-raw 0 -\n"); | |
353 | fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n"); | |
354 | fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n"); | |
355 | fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n"); | |
356 | fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n"); | |
357 | if (location[0]) | |
358 | fprintf(out, "Location %s\n", location); | |
359 | fprintf(out, "ErrorPolicy abort-job\n"); | |
360 | fprintf(out, "OpPolicy default\n"); | |
361 | fprintf(out, "JobSheets none none\n"); | |
362 | fprintf(out, "</Printer>\n"); | |
363 | ||
364 | } | |
365 | EXEC SQL CLOSE csr_lprng_printers; | |
366 | tarfile_end(tf); | |
367 | ||
368 | ||
369 | /* aliases are in classes.conf */ | |
370 | out = tarfile_start(tf, "/etc/cups/classes.conf", 0644, 0, 0, | |
371 | "lp", "lp", now); | |
372 | EXEC SQL DECLARE csr_duplexqs CURSOR FOR | |
373 | SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype, | |
374 | m.name, pr.banner, pr.location, pr.contact, pr.ka, | |
e6968581 | 375 | pr.type as prtype, pr.ac, sh.service |
fa2a7b63 | 376 | FROM printers pr, machine m, serverhosts sh |
377 | WHERE pr.rm = m.mach_id | |
378 | AND m.mach_id = sh.mach_id AND sh.enable = 1 | |
379 | AND (pr.type = 'DORM' or pr.type = 'CLUSTER') | |
662cdab2 | 380 | AND (sh.service = 'CUPS-PRINT' OR sh.service = 'PRINT' OR sh.service = 'CUPS-CLUSTER'); |
fa2a7b63 | 381 | EXEC SQL OPEN csr_duplexqs; |
382 | while (1) | |
383 | { | |
384 | EXEC SQL FETCH csr_duplexqs INTO :rp, :name, :duplexname, | |
e6968581 | 385 | :hwtype, :hostname, :banner, :location, :contact, :ka, :prtype, :ac, :service; |
fa2a7b63 | 386 | if (sqlca.sqlcode) |
387 | break; | |
388 | ||
389 | strtrim(hwtype); | |
e6968581 | 390 | strtrim(service); |
fa2a7b63 | 391 | strtrim(rp); |
392 | strtrim(location); | |
393 | strtrim(contact); | |
394 | strtrim(prtype); | |
395 | ||
396 | /* Define alias queues as classes to the regular queues for | |
397 | * accounting reasons. Annoyingly, classes don't always inherit | |
398 | * their printer definitions. | |
399 | */ | |
400 | if (!strcmp(prtype,"ALIAS")) | |
401 | { | |
402 | strtrim(name); | |
403 | fprintf(out, "<Class %s>\n",name); | |
404 | fprintf(out, "Info Alias Queue to %s:%s\n", rp, hwtype); | |
405 | fprintf(out, "Printer %s\n", rp); | |
406 | fprintf(out, "Option sides one-sided\n"); | |
407 | fprintf(out, "State Idle\n"); // Always with the Idle | |
408 | fprintf(out, "StateTime %ld\n", (long)time(NULL)); | |
409 | fprintf(out, "Accepting Yes\n"); | |
410 | fprintf(out, "Shared Yes\n"); | |
411 | fprintf(out, "QuotaPeriod 0\n"); | |
412 | fprintf(out, "PageLimit 0\n"); | |
413 | if (location[0]) | |
414 | fprintf(out, "Location %s\n", location); | |
e6968581 | 415 | /* do not use custom policies for LPRng printers */ |
416 | if (strcmp(service,"PRINT") && (ka || lpc_acl)) | |
fa2a7b63 | 417 | fprintf(out, "OpPolicy %s-policy\n", rp); |
418 | else | |
419 | fprintf(out, "OpPolicy default\n"); | |
420 | ||
421 | /* Access-control list. */ | |
422 | if (ac) | |
e6968581 | 423 | printer_user_list(out, "LIST", ac, "AllowUser", 0); |
fa2a7b63 | 424 | |
425 | if (banner == PRN_BANNER_NONE) | |
426 | fprintf(out, "JobSheets none none\n"); | |
427 | else | |
428 | fprintf(out, "JobSheets athena none\n"); | |
429 | fprintf(out, "</Class>\n"); | |
430 | } | |
431 | ||
432 | /* Define duplex queues as aliases to the regular queues for | |
433 | * accounting reasons. Annoyingly, classes don't always inherit | |
434 | * their printer definitions. | |
435 | */ | |
436 | if (*duplexname) | |
437 | { | |
438 | strtrim(duplexname); | |
439 | fprintf(out, "<Class %s>\n",duplexname); | |
440 | if (!strcmp(prtype,"ALIAS")) | |
441 | fprintf(out, "Info Duplex Alias Queue to %s:%s\n", rp, hwtype); | |
442 | else | |
443 | fprintf(out, "Info Duplex Queue for %s:%s\n", rp, hwtype); | |
444 | fprintf(out, "Option sides two-sided-long-edge\n"); // duplex | |
445 | fprintf(out, "Printer %s\n", rp); | |
446 | fprintf(out, "State Idle\n"); // Always with the Idle | |
447 | fprintf(out, "StateTime %ld\n", (long)time(NULL)); | |
448 | fprintf(out, "Accepting Yes\n"); | |
449 | fprintf(out, "Shared Yes\n"); | |
450 | fprintf(out, "QuotaPeriod 0\n"); | |
451 | fprintf(out, "PageLimit 0\n"); | |
452 | if (location[0]) | |
453 | fprintf(out, "Location %s\n", location); | |
e6968581 | 454 | /* do not use custom policies for LPRng printers */ |
455 | if (strcmp(service,"PRINT") && (ka || lpc_acl)) | |
fa2a7b63 | 456 | fprintf(out, "OpPolicy %s-policy\n", rp); |
457 | else | |
458 | fprintf(out, "OpPolicy default\n"); | |
459 | ||
460 | /* Access-control list. */ | |
461 | if (ac) | |
e6968581 | 462 | printer_user_list(out, "LIST", ac, "AllowUser", 0); |
fa2a7b63 | 463 | |
464 | if (banner == PRN_BANNER_NONE) | |
465 | fprintf(out, "JobSheets none none\n"); | |
466 | else if (banner == PRN_BANNER_LAST) | |
467 | fprintf(out, "JobSheets athena none\n"); | |
468 | fprintf(out, "</Class>\n"); | |
469 | } | |
470 | } | |
471 | EXEC SQL CLOSE csr_duplexqs; | |
472 | tarfile_end(tf); | |
473 | ||
474 | /* cups.conf */ | |
475 | out = tarfile_start(tf, "/etc/cups/cupsd.conf", 0755, 1, 1, | |
476 | "root", "lp", now); | |
477 | ||
478 | fprintf(out, "LogLevel info\n"); | |
479 | fprintf(out, "SystemGroup sys root ops-group\n"); | |
480 | fprintf(out, "Port 631\n"); | |
e6968581 | 481 | fprintf(out, "SSLPort 443\n"); |
fa2a7b63 | 482 | fprintf(out, "Listen /var/run/cups/cups.sock\n"); |
483 | fprintf(out, "Browsing On\n"); | |
484 | fprintf(out, "BrowseOrder allow,deny\n"); | |
485 | fprintf(out, "BrowseAllow all\n"); | |
486 | fprintf(out, "BrowseAddress @LOCAL\n"); | |
487 | fprintf(out, "DefaultAuthType Negotiate\n"); | |
488 | fprintf(out, "ServerCertificate /etc/cups/ssl/%s-ipp-crt.pem\n", lhost); | |
489 | fprintf(out, "ServerKey /etc/cups/ssl/%s-ipp-key.pem\n", lhost); | |
490 | fprintf(out, "ServerName %s\n", lhost); | |
491 | fprintf(out, "ServerAlias %s\n", phost); | |
e6968581 | 492 | /* fprintf(out, "Krb5Keytab /etc/krb5-ipp.keytab\n"); */ |
fa2a7b63 | 493 | |
494 | /* The other CUPS servers should be aware of the other hosts' | |
495 | queues, so we'll let them browse each other. */ | |
496 | fprintf(out, "Include cups.local.conf\n"); | |
497 | fprintf(out, "Include cups.locations.conf\n"); | |
498 | fprintf(out, "Include cups.policies.conf\n"); | |
499 | tarfile_end(tf); | |
500 | ||
501 | /* cups.hosts.conf */ | |
502 | out = tarfile_start(tf, "/etc/cups/cups.hosts.conf", 0755, 1, 1, | |
503 | "root", "lp", now); | |
504 | EXEC SQL DECLARE csr_cupshosts CURSOR FOR | |
505 | SELECT m.name AS cupshosts FROM machine m, printservers ps | |
506 | WHERE m.mach_id = ps.mach_id AND ps.kind = 'CUPS'; | |
507 | EXEC SQL OPEN csr_cupshosts; | |
508 | while (1) | |
509 | { | |
510 | EXEC SQL FETCH csr_cupshosts INTO :cupshosts; | |
511 | if (sqlca.sqlcode) | |
512 | break; | |
513 | ||
514 | strtrim(cupshosts); | |
515 | ||
516 | /* Don't poll yourself looking for answers! */ | |
517 | if (strcmp(cupshosts,host)) | |
518 | fprintf(out, "BrowsePoll %s\n", cupshosts); | |
519 | } | |
520 | EXEC SQL CLOSE csr_cupshosts; | |
521 | ||
522 | tarfile_end(tf); | |
523 | ||
524 | /* cups.policies.conf */ | |
525 | out = tarfile_start(tf, "/etc/cups/cups.policies.conf", 0755, 1, 1, | |
526 | "root", "lp", now); | |
527 | fprintf(out, "# Printer-specific LPC and LPR ACLs\n"); | |
528 | /* lpcaccess.top */ | |
529 | EXEC SQL SELECT ps.lpc_acl INTO :top_lpc_acl | |
530 | FROM printservers ps, machine m | |
531 | WHERE m.name = :spoolhost AND m.mach_id = ps.mach_id; | |
fa2a7b63 | 532 | fprintf (out, "<Policy default>\n"); |
533 | fprintf (out, "%s\n", alterjob); | |
534 | fprintf (out, "AuthType Default\n"); | |
535 | fprintf (out, "Require user @OWNER @SYSTEM\n"); | |
e6968581 | 536 | printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1); |
537 | fprintf (out, "Order deny,allow\n"); | |
538 | fprintf (out, "</Limit>\n"); | |
539 | fprintf (out, "<Limit Send-Document CUPS-Get-Document>\n"); | |
540 | fprintf (out, "AuthType None\n"); | |
541 | fprintf (out, "Require user @OWNER @SYSTEM\n"); | |
fa2a7b63 | 542 | fprintf (out, "Order deny,allow\n"); |
e6968581 | 543 | fprintf (out, "Allow from all\n"); |
fa2a7b63 | 544 | fprintf (out, "</Limit>\n"); |
545 | fprintf (out, "%s\n", submitjob); | |
546 | fprintf (out, "AuthType None\n"); | |
547 | fprintf (out, "Order deny,allow\n"); | |
548 | fprintf (out, "Allow from all\n"); | |
549 | fprintf (out, "</Limit>\n"); | |
550 | fprintf (out, "%s\n", alterpntr); | |
551 | fprintf (out, "AuthType Default\n"); | |
552 | fprintf (out, "Require user @SYSTEM\n"); | |
553 | fprintf (out, "Order deny,allow\n"); | |
554 | fprintf (out, "</Limit>\n"); | |
555 | fprintf (out, "%s\n", lpcpntr); | |
556 | fprintf (out, "AuthType Default\n"); | |
557 | fprintf (out, "Require user @SYSTEM\n"); | |
e6968581 | 558 | printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1); |
fa2a7b63 | 559 | fprintf (out, "Order deny,allow\n"); |
560 | fprintf (out, "</Limit>\n"); | |
561 | fprintf (out, "%s\n", canceljob); | |
562 | fprintf (out, "AuthType Default\n"); | |
563 | fprintf (out, "Require user @OWNER @SYSTEM\n"); | |
e6968581 | 564 | printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1); |
fa2a7b63 | 565 | fprintf (out, "Order deny,allow\n"); |
566 | fprintf (out, "Allow from all\n"); | |
567 | fprintf (out, "</Limit>\n"); | |
568 | fprintf (out, "%s\n", catchall); | |
569 | fprintf (out, "AuthType None\n"); | |
570 | fprintf (out, "Order deny,allow\n"); | |
571 | fprintf (out, "Allow from all\n"); | |
572 | fprintf (out, "</Limit>\n"); | |
573 | fprintf (out, "</Policy>\n"); | |
fa2a7b63 | 574 | |
575 | /* restrict lists and lpcaccess policies. Sadly, we have to put the | |
576 | top level for each new policy since CUPS doesn't have a way of | |
577 | doing it otherwise (well, Unix groups, but not moira) */ | |
578 | EXEC SQL DECLARE csr_lpc CURSOR FOR | |
579 | SELECT UNIQUE rp, ka, ac, lpc_acl | |
580 | FROM printers | |
581 | WHERE (ac != 0 OR lpc_acl != 0) AND rm in (SELECT m.mach_id FROM machine m, serverhosts sh | |
e6968581 | 582 | WHERE m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' or sh.service = 'CUPS-CLUSTER') |
583 | AND sh.enable = 1); | |
fa2a7b63 | 584 | EXEC SQL OPEN csr_lpc; |
585 | while (1) | |
586 | { | |
587 | EXEC SQL FETCH csr_lpc INTO :name, :ka, :ac, :lpc_acl; | |
588 | if (sqlca.sqlcode) | |
589 | break; | |
590 | ||
591 | strtrim(name); | |
592 | ||
593 | fprintf (out, "<Policy %s-policy>\n", name); | |
594 | fprintf (out, "%s\n", alterjob); | |
595 | fprintf (out, "AuthType Default\n"); | |
596 | fprintf (out, "Require user @OWNER @SYSTEM\n"); | |
e6968581 | 597 | printer_user_list(out, "LIST", lpc_acl, "Require user", 1); |
598 | printer_user_list(out, "LIST", svrlist, "Require user", 1); | |
599 | fprintf (out, "Order deny,allow\n"); | |
600 | fprintf (out, "Allow from all\n"); | |
601 | fprintf (out, "</Limit>\n"); | |
602 | fprintf (out, "<Limit Send-Document CUPS-Get-Document>\n"); | |
603 | fprintf (out, "AuthType None\n"); | |
604 | fprintf (out, "Require user @OWNER @SYSTEM\n"); | |
fa2a7b63 | 605 | fprintf (out, "Order deny,allow\n"); |
606 | fprintf (out, "Allow from all\n"); | |
607 | fprintf (out, "</Limit>\n"); | |
608 | fprintf (out, "%s\n", submitjob); | |
609 | /* If the printer is Kerberized? */ | |
610 | if (ka) | |
611 | fprintf (out, "AuthType Negotiate\n"); | |
612 | else | |
613 | fprintf (out, "AuthType None\n"); | |
614 | /* Access-control list. */ | |
e6968581 | 615 | if (ac) { |
616 | printer_user_list(out, "LIST", ac, "Require user", 1); | |
617 | printer_user_list(out, "LIST", svrlist, "Require user", 1); | |
618 | } | |
fa2a7b63 | 619 | else if (ka) |
620 | fprintf (out, "Require valid-user\n"); | |
621 | fprintf (out, "Order deny,allow\n"); | |
622 | fprintf (out, "Allow from all\n"); | |
623 | fprintf (out, "</Limit>\n"); | |
624 | fprintf (out, "%s\n", alterpntr); | |
625 | fprintf (out, "AuthType Default\n"); | |
626 | fprintf (out, "Require user @SYSTEM\n"); | |
627 | fprintf (out, "Order deny,allow\n"); | |
628 | fprintf (out, "</Limit>\n"); | |
629 | fprintf (out, "%s\n", lpcpntr); | |
630 | fprintf (out, "AuthType Default\n"); | |
631 | fprintf (out, "Require user @SYSTEM\n"); | |
632 | /* printer-specific lpc access. */ | |
633 | if (lpc_acl) | |
e6968581 | 634 | printer_user_list(out, "LIST", lpc_acl, "Require user", 1); |
635 | printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1); | |
fa2a7b63 | 636 | fprintf (out, "Order deny,allow\n"); |
637 | fprintf (out, "</Limit>\n"); | |
638 | fprintf (out, "%s\n", canceljob); | |
639 | fprintf (out, "AuthType Default\n"); | |
640 | fprintf (out, "Require user @OWNER @SYSTEM\n"); | |
e6968581 | 641 | printer_user_list(out, "LIST", lpc_acl, "Require user", 1); |
642 | printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1); | |
fa2a7b63 | 643 | fprintf (out, "Order deny,allow\n"); |
644 | fprintf (out, "Allow from all\n"); | |
645 | fprintf (out, "</Limit>\n"); | |
646 | fprintf (out, "%s\n", catchall); | |
647 | fprintf (out, "AuthType None\n"); | |
648 | fprintf (out, "Order deny,allow\n"); | |
649 | fprintf (out, "Allow from all\n"); | |
650 | fprintf (out, "</Limit>\n"); | |
651 | fprintf (out, "</Policy>\n"); | |
652 | } | |
653 | EXEC SQL CLOSE csr_lpc; | |
654 | fprintf(out, "\n"); | |
655 | tarfile_end(tf); | |
656 | tarfile_close(tf); | |
657 | } | |
658 | ||
659 | void sqlerr(void) | |
660 | { | |
661 | db_error(sqlca.sqlcode); | |
662 | } |