]> andersk Git - moira.git/blame - gen/cups-print.pc
andersk / moira.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Fix lprm.
[moira.git] / gen / cups-print.pc
CommitLineData
f50216d7 1/* $Id$
2 *
3 * This generates printcaps and other files for Athena print servers
4 *
5 * Copyright (C) 1992-1998 by the Massachusetts Institute of Technology.
6 * For copying and distribution information, please see the file
7 * <mit-copyright.h>.
8 */
9
10#include <mit-copyright.h>
11#include <moira.h>
12#include <moira_site.h>
13
14#include <sys/stat.h>
15#include <sys/types.h>
16
17#include <ctype.h>
18#include <stdio.h>
19#include <string.h>
20
21#include <time.h>
cb974713 22#ifdef HAVE_KRB4
f50216d7 23#include <krb.h>
cb974713 24#endif
f50216d7 25#include <krb5.h>
26
27#include "util.h"
28
f50216d7 29EXEC SQL INCLUDE sqlca;
30
31RCSID("$Header$");
32
33char *whoami = "cups-print.gen";
34char *db = "moira/moira";
35
f57294a2 36const int krbvers = 5; /* use Kerberos 5 */
37
f50216d7 38/* OMG, I hate this, but it's cleaner, I guess? */
39
ea998f5e 40const char *alterjob = "<Limit Hold-Job Release-Job\
41 Restart-Job Purge-Jobs Reprocess-Job Set-Job-Attributes\
f50216d7 42 Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>";
e6968581 43const char *submitjob = "<Limit Create-Job Print-Job Print-URI\
ea998f5e 44 Set-Job-Attributes Send-URI Create-Job-Subscription Renew-Subscription\
e6968581 45 Cancel-Subscription Get-Notifications CUPS-Move-Job CUPS-Authenticate-Job>";
f50216d7 46const char *alterpntr = "<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer\
e6968581 47 CUPS-Add-Modify-Class CUPS-Delete-Class>";
f50216d7 48const char *lpcpntr = "<Limit Pause-Printer Resume-Printer Enable-Printer\
49 Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs\
50 Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer\
51 Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After\
e6968581 52 CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>";
53const char *canceljob = "<Limit Cancel-Job>";
f50216d7 54const char *catchall = "<Limit All>";
200545fb 55const char *phost = "printers.MIT.EDU";
e6968581 56const char *svrlist = "cups-servers";
f50216d7 57
58void do_host(char *host);
59void sqlerr(void);
60#ifndef MAX
61#define MAX(a, b) ( (a) > (b) ? (a) : (b) )
62#endif
63
64int main(int argc, char **argv)
65{
66 EXEC SQL BEGIN DECLARE SECTION;
67 char name[MACHINE_NAME_SIZE];
68 EXEC SQL END DECLARE SECTION;
69
70 init_acls();
71
72 EXEC SQL CONNECT :db;
73
74 EXEC SQL WHENEVER SQLERROR DO sqlerr();
75
76 EXEC SQL DECLARE csr_hosts CURSOR FOR
77 SELECT m.name FROM machine m, serverhosts sh
662cdab2 78 WHERE m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER')
79 AND sh.enable = 1;
f50216d7 80 EXEC SQL OPEN csr_hosts;
81 while (1)
82 {
83 EXEC SQL FETCH csr_hosts INTO :name;
84 if (sqlca.sqlcode)
85 break;
86
87 strtrim(name);
88 do_host(name);
89 }
90 EXEC SQL CLOSE csr_hosts;
91
92 exit(MR_SUCCESS);
93}
94
e6968581 95void printer_user_list(FILE *out, char *type, int id, char *str, int striprealm)
f50216d7 96{
97 struct save_queue *sq;
98 struct imember *m;
f57294a2 99 char kbuf[MAX_K_NAME_SZ];
100 char *cp;
f50216d7 101
102 sq = get_acl(type, id, NULL);
103 while (sq_remove_data(sq, &m))
104 {
f57294a2 105 if (m->type != 'S' && m->type != NULL) {
106 /* CUPS wants mmanley/root, not mmanley.root@ATHENA.MIT.EDU */
107 canon_krb(m, krbvers, kbuf, sizeof(kbuf));
108
109 /* now, take out all the @realm */
e6968581 110 if (striprealm) {
f57294a2 111 for (cp=kbuf; *cp; cp++) {
112 if (*cp == '@') *cp = '\0';
113 }
e6968581 114 }
f57294a2 115 fprintf(out, "%s %s\n", str, kbuf);
116 }
f50216d7 117 freeimember(m);
118 }
119 sq_destroy(sq);
120}
121
122
123
124void do_host(char *host)
125{
126 EXEC SQL BEGIN DECLARE SECTION;
127 char rp[PRINTERS_RP_SIZE], name[PRINTERS_NAME_SIZE];
128 char duplexname[PRINTERS_DUPLEXNAME_SIZE], location[PRINTERS_LOCATION_SIZE];
129 char hwtype[PRINTERS_HWTYPE_SIZE], lowerhwtype[PRINTERS_HWTYPE_SIZE];
130 char modtime[PRINTERS_MODTIME_SIZE], lmodtime[LIST_MODTIME_SIZE];
131 char contact[PRINTERS_CONTACT_SIZE], hostname[MACHINE_NAME_SIZE];
132 char cupshosts[MACHINE_NAME_SIZE], prtype [PRINTERS_TYPE_SIZE];
e6968581 133 char service[SERVERHOSTS_SERVICE_SIZE];
f50216d7 134 char *spoolhost = host, *unixtime_fmt = UNIXTIME_FMT, *p;
135 char *lhost;
136 int ka, pc, ac, lpc_acl, top_lpc_acl, banner, rm;
137 EXEC SQL END DECLARE SECTION;
138 TARFILE *tf;
139 FILE *out;
140 char filename[MAXPATHLEN], *duptc;
141 time_t mtime, now = time(NULL);
142
143 lhost = (char *) strdup (host);
144 for (p = lhost; *p; p++)
145 *p = tolower(*p);
146
147 EXEC SQL SELECT mach_id INTO :rm FROM machine
148 WHERE name = :spoolhost;
149
c3c53552 150 sprintf(filename, "%s/cups-print/%s", DCM_DIR, host);
f50216d7 151 tf = tarfile_open(filename);
152
cfba011a 153 /* printers.conf entries for locally run queues */
f50216d7 154 out = tarfile_start(tf, "/etc/cups/printers.conf", 0644, 0, 0,
200545fb 155 "lp", "lp", now);
f50216d7 156
157 EXEC SQL DECLARE csr_printers CURSOR FOR
158 SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
159 m.name, pr.banner, pr.location, pr.contact, pr.ka,
f57294a2 160 pr.ac, pr.lpc_acl
f50216d7 161 FROM printers pr, machine m
162 WHERE pr.rm = :rm AND m.mach_id = pr.mach_id
163 AND pr.type != 'ALIAS';
164 EXEC SQL OPEN csr_printers;
165 while (1)
166 {
167 EXEC SQL FETCH csr_printers INTO :rp, :name, :duplexname,
f57294a2 168 :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl;
f50216d7 169 if (sqlca.sqlcode)
170 break;
171
172 strtrim(rp);
173 strtrim(name);
174 strtrim(duplexname);
175 strtrim(hwtype);
176 strtrim(hostname);
177 strtrim(location);
178 strtrim(contact);
179 strcpy(lowerhwtype, hwtype);
cfba011a 180 for (p = rp; *p; p++) /* Because uppercased printer names suck */
181 *p = tolower(*p);
f50216d7 182 for (p = lowerhwtype; *p; p++)
183 *p = tolower(*p);
184
185 fprintf(out, "<Printer %s>\n",rp);
186 fprintf(out, "Info %s:%s\n", rp, hwtype);
187 /* Note the use of "beh" to keep the CUPS from disabling print queues
188 * should they not respond versus discarding the job.
189 * See the "beh" page for details.
190 * The 1/0/60 says "don't disable/try 20 times/try every 60s */
191 if (!strncmp(hwtype, "HP", 2))
192 fprintf(out, "DeviceURI beh:/1/20/60/socket://%s:9100\n", hostname);
193 else
194 fprintf(out, "DeviceURI beh:/1/20/60/socket://%s\n", hostname);
195 fprintf(out, "State Idle\n"); // Always with the Idle
196 fprintf(out, "StateTime %ld\n", (long)time(NULL));
197 fprintf(out, "Accepting Yes\n");
198 fprintf(out, "Shared Yes\n");
199 fprintf(out, "QuotaPeriod 0\n");
200 fprintf(out, "PageLimit 0\n");
201 fprintf(out, "Klimit 0\n");
202 fprintf(out, "Option sides one-sided\n");
cfba011a 203 fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
204 fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
205 fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
206 fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
207 fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
f50216d7 208 if (location[0])
209 fprintf(out, "Location %s\n", location);
210 fprintf(out, "ErrorPolicy abort-job\n");
f57294a2 211 if (ka || lpc_acl)
f50216d7 212 fprintf(out, "OpPolicy %s-policy\n", rp);
f57294a2 213 else
214 fprintf(out, "OpPolicy default\n");
f50216d7 215
216 /* Access-control list. */
217 if (ac)
218 {
219 if (ka)
220 fprintf(out, "AuthType Negotiate\n");
221 else
f57294a2 222 fprintf(out, "AuthType Default\n");
e6968581 223 printer_user_list(out, "LIST", ac, "AllowUser", 0);
f50216d7 224 }
225
226 if (banner == PRN_BANNER_NONE)
227 fprintf(out, "JobSheets none none\n");
228 else
229 fprintf(out, "JobSheets athena none\n");
230 fprintf(out, "</Printer>\n");
231
232 }
233 EXEC SQL CLOSE csr_printers;
cfba011a 234
235 /* printers.conf entries for non-local CUPS queues */
236 EXEC SQL DECLARE csr_remote_printers CURSOR FOR
237 SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
238 m.name, pr.banner, pr.location, pr.contact, pr.ka,
239 pr.ac, pr.lpc_acl, m.name as cupshosts
240 FROM printers pr, machine m, serverhosts sh
241 WHERE pr.rm = m.mach_id
242 AND pr.type != 'ALIAS' AND m.name <> :spoolhost AND
662cdab2 243 m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER')
244 AND sh.enable = 1 AND m.mach_id = sh.mach_id;
cfba011a 245
246 EXEC SQL OPEN csr_remote_printers;
247 while (1)
248 {
249 EXEC SQL FETCH csr_remote_printers INTO :rp, :name, :duplexname,
250 :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl, :cupshosts;
251 if (sqlca.sqlcode)
252 break;
253
254 strtrim(rp);
255 strtrim(name);
256 strtrim(duplexname);
257 strtrim(hwtype);
258 strtrim(hostname);
259 strtrim(location);
260 strtrim(contact);
261 strtrim(cupshosts);
262 strcpy(lowerhwtype, hwtype);
263 for (p = rp; *p; p++) /* Because uppercased printer names suck */
264 *p = tolower(*p);
265 for (p = lowerhwtype; *p; p++)
266 *p = tolower(*p);
267
268 fprintf(out, "<Printer %s>\n",rp);
269 fprintf(out, "Info %s:%s\n", rp, hwtype);
270 fprintf(out, "DeviceURI ipp://%s:631/printers/%s\n", cupshosts, rp);
271 fprintf(out, "State Idle\n"); // Always with the Idle
272 fprintf(out, "StateTime %ld\n", (long)time(NULL));
273 fprintf(out, "Accepting Yes\n");
274 fprintf(out, "Shared Yes\n");
275 fprintf(out, "QuotaPeriod 0\n");
276 fprintf(out, "PageLimit 0\n");
277 fprintf(out, "Klimit 0\n");
278 fprintf(out, "Option sides one-sided\n");
279 fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
280 fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
281 fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
282 fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
283 fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
284 if (location[0])
285 fprintf(out, "Location %s\n", location);
286 fprintf(out, "ErrorPolicy abort-job\n");
287 if (ka || lpc_acl)
288 fprintf(out, "OpPolicy %s-policy\n", rp);
289 else
290 fprintf(out, "OpPolicy default\n");
291
292 /* Access-control list. */
293 if (ac)
294 {
295 if (ka)
296 fprintf(out, "AuthType Negotiate\n");
297 else
298 fprintf(out, "AuthType Default\n");
e6968581 299 printer_user_list(out, "LIST", ac, "AllowUser", 0);
cfba011a 300 }
301
302 if (banner == PRN_BANNER_NONE)
303 fprintf(out, "JobSheets none none\n");
304 else
305 fprintf(out, "JobSheets athena none\n");
306 fprintf(out, "</Printer>\n");
307
308 }
309 EXEC SQL CLOSE csr_remote_printers;
310
311 /* printers.conf entries for non-local LPRng queues */
312 EXEC SQL DECLARE csr_lprng_printers CURSOR FOR
313 SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
314 m.name, pr.banner, pr.location, pr.contact, pr.ka,
315 pr.ac, pr.lpc_acl, m.name as cupshosts
316 FROM printers pr, machine m, serverhosts sh
317 WHERE pr.rm = m.mach_id
318 AND pr.type != 'ALIAS' AND m.name <> :spoolhost AND
319 m.mach_id = sh.mach_id AND sh.service = 'PRINT' AND
320 sh.enable = 1;
321
322 EXEC SQL OPEN csr_lprng_printers;
323 while (1)
324 {
325 EXEC SQL FETCH csr_lprng_printers INTO :rp, :name, :duplexname,
326 :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl, :cupshosts;
327 if (sqlca.sqlcode)
328 break;
329
330 strtrim(rp);
331 strtrim(name);
332 strtrim(duplexname);
333 strtrim(hwtype);
334 strtrim(hostname);
335 strtrim(location);
336 strtrim(contact);
337 strtrim(cupshosts);
338 strcpy(lowerhwtype, hwtype);
339 for (p = rp; *p; p++) /* Because uppercased printer names suck */
340 *p = tolower(*p);
341 for (p = lowerhwtype; *p; p++)
342 *p = tolower(*p);
343
344 fprintf(out, "<Printer %s>\n",rp);
345 fprintf(out, "Info %s:LPRng Queue on %s\n", rp, cupshosts);
346 fprintf(out, "DeviceURI lpd://%s/%s\n", cupshosts, rp);
347 fprintf(out, "State Idle\n"); // Always with the Idle
348 fprintf(out, "StateTime %ld\n", (long)time(NULL));
349 fprintf(out, "Accepting Yes\n");
350 fprintf(out, "Shared Yes\n");
351 fprintf(out, "QuotaPeriod 0\n");
352 fprintf(out, "PageLimit 0\n");
353 fprintf(out, "Klimit 0\n");
354 fprintf(out, "Option sides one-sided\n");
355 fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
356 fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
357 fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
358 fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
359 fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
360 if (location[0])
361 fprintf(out, "Location %s\n", location);
362 fprintf(out, "ErrorPolicy abort-job\n");
363 fprintf(out, "OpPolicy default\n");
364 fprintf(out, "JobSheets none none\n");
365 fprintf(out, "</Printer>\n");
366
367 }
368 EXEC SQL CLOSE csr_lprng_printers;
f50216d7 369 tarfile_end(tf);
370
371
372 /* aliases are in classes.conf */
373 out = tarfile_start(tf, "/etc/cups/classes.conf", 0644, 0, 0,
200545fb 374 "lp", "lp", now);
f50216d7 375 EXEC SQL DECLARE csr_duplexqs CURSOR FOR
376 SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
377 m.name, pr.banner, pr.location, pr.contact, pr.ka,
e6968581 378 pr.type as prtype, pr.ac, sh.service
cfba011a 379 FROM printers pr, machine m, serverhosts sh
380 WHERE pr.rm = m.mach_id
381 AND m.mach_id = sh.mach_id AND sh.enable = 1
662cdab2 382 AND (sh.service = 'CUPS-PRINT' OR sh.service = 'PRINT' OR sh.service = 'CUPS-CLUSTER');
f50216d7 383 EXEC SQL OPEN csr_duplexqs;
384 while (1)
385 {
386 EXEC SQL FETCH csr_duplexqs INTO :rp, :name, :duplexname,
e6968581 387 :hwtype, :hostname, :banner, :location, :contact, :ka, :prtype, :ac, :service;
f50216d7 388 if (sqlca.sqlcode)
389 break;
390
391 strtrim(hwtype);
e6968581 392 strtrim(service);
f50216d7 393 strtrim(rp);
394 strtrim(location);
395 strtrim(contact);
396 strtrim(prtype);
397
398 /* Define alias queues as classes to the regular queues for
399 * accounting reasons. Annoyingly, classes don't always inherit
400 * their printer definitions.
401 */
402 if (!strcmp(prtype,"ALIAS"))
403 {
404 strtrim(name);
405 fprintf(out, "<Class %s>\n",name);
406 fprintf(out, "Info Alias Queue to %s:%s\n", rp, hwtype);
407 fprintf(out, "Printer %s\n", rp);
408 fprintf(out, "Option sides one-sided\n");
409 fprintf(out, "State Idle\n"); // Always with the Idle
410 fprintf(out, "StateTime %ld\n", (long)time(NULL));
411 fprintf(out, "Accepting Yes\n");
412 fprintf(out, "Shared Yes\n");
413 fprintf(out, "QuotaPeriod 0\n");
414 fprintf(out, "PageLimit 0\n");
415 if (location[0])
416 fprintf(out, "Location %s\n", location);
e6968581 417 /* do not use custom policies for LPRng printers */
418 if (strcmp(service,"PRINT") && (ka || lpc_acl))
f50216d7 419 fprintf(out, "OpPolicy %s-policy\n", rp);
f57294a2 420 else
421 fprintf(out, "OpPolicy default\n");
f50216d7 422
423 /* Access-control list. */
424 if (ac)
e6968581 425 printer_user_list(out, "LIST", ac, "AllowUser", 0);
f50216d7 426
427 if (banner == PRN_BANNER_NONE)
428 fprintf(out, "JobSheets none none\n");
429 else
430 fprintf(out, "JobSheets athena none\n");
431 fprintf(out, "</Class>\n");
432 }
433
434 /* Define duplex queues as aliases to the regular queues for
435 * accounting reasons. Annoyingly, classes don't always inherit
436 * their printer definitions.
437 */
438 if (*duplexname)
439 {
440 strtrim(duplexname);
441 fprintf(out, "<Class %s>\n",duplexname);
442 if (!strcmp(prtype,"ALIAS"))
443 fprintf(out, "Info Duplex Alias Queue to %s:%s\n", rp, hwtype);
444 else
445 fprintf(out, "Info Duplex Queue for %s:%s\n", rp, hwtype);
446 fprintf(out, "Option sides two-sided-long-edge\n"); // duplex
447 fprintf(out, "Printer %s\n", rp);
448 fprintf(out, "State Idle\n"); // Always with the Idle
449 fprintf(out, "StateTime %ld\n", (long)time(NULL));
450 fprintf(out, "Accepting Yes\n");
451 fprintf(out, "Shared Yes\n");
452 fprintf(out, "QuotaPeriod 0\n");
453 fprintf(out, "PageLimit 0\n");
454 if (location[0])
455 fprintf(out, "Location %s\n", location);
e6968581 456 if (strcmp(service,"PRINT") && (ka || lpc_acl))
f50216d7 457 fprintf(out, "OpPolicy %s-policy\n", rp);
f57294a2 458 else
459 fprintf(out, "OpPolicy default\n");
f50216d7 460
461 /* Access-control list. */
462 if (ac)
e6968581 463 printer_user_list(out, "LIST", ac, "AllowUser", 0);
f50216d7 464
465 if (banner == PRN_BANNER_NONE)
466 fprintf(out, "JobSheets none none\n");
467 else if (banner == PRN_BANNER_LAST)
468 fprintf(out, "JobSheets athena none\n");
469 fprintf(out, "</Class>\n");
470 }
471 }
472 EXEC SQL CLOSE csr_duplexqs;
473 tarfile_end(tf);
474
475 /* cups.conf */
476 out = tarfile_start(tf, "/etc/cups/cupsd.conf", 0755, 1, 1,
477 "root", "lp", now);
478
479 fprintf(out, "LogLevel info\n");
480 fprintf(out, "SystemGroup sys root ops-group\n");
481 fprintf(out, "Port 631\n");
e6968581 482 fprintf(out, "SSLPort 443\n");
f50216d7 483 fprintf(out, "Listen /var/run/cups/cups.sock\n");
484 fprintf(out, "Browsing On\n");
485 fprintf(out, "BrowseOrder allow,deny\n");
486 fprintf(out, "BrowseAllow all\n");
487 fprintf(out, "BrowseAddress @LOCAL\n");
488 fprintf(out, "DefaultAuthType Negotiate\n");
489 fprintf(out, "ServerCertificate /etc/cups/ssl/%s-ipp-crt.pem\n", lhost);
490 fprintf(out, "ServerKey /etc/cups/ssl/%s-ipp-key.pem\n", lhost);
491 fprintf(out, "ServerName %s\n", lhost);
200545fb 492 fprintf(out, "ServerAlias %s\n", phost);
e6968581 493 /* fprintf(out, "Krb5Keytab /etc/krb5-ipp.keytab\n"); */
f50216d7 494
495 /* The other CUPS servers should be aware of the other hosts'
496 queues, so we'll let them browse each other. */
72a62bdc 497 fprintf(out, "Include cups.local.conf\n");
72a62bdc 498 fprintf(out, "Include cups.locations.conf\n");
499 fprintf(out, "Include cups.policies.conf\n");
500 tarfile_end(tf);
f50216d7 501
72a62bdc 502 /* cups.hosts.conf */
503 out = tarfile_start(tf, "/etc/cups/cups.hosts.conf", 0755, 1, 1,
504 "root", "lp", now);
f50216d7 505 EXEC SQL DECLARE csr_cupshosts CURSOR FOR
506 SELECT m.name AS cupshosts FROM machine m, printservers ps
507 WHERE m.mach_id = ps.mach_id AND ps.kind = 'CUPS';
508 EXEC SQL OPEN csr_cupshosts;
509 while (1)
510 {
511 EXEC SQL FETCH csr_cupshosts INTO :cupshosts;
512 if (sqlca.sqlcode)
513 break;
514
515 strtrim(cupshosts);
516
517 /* Don't poll yourself looking for answers! */
518 if (strcmp(cupshosts,host))
519 fprintf(out, "BrowsePoll %s\n", cupshosts);
520 }
521 EXEC SQL CLOSE csr_cupshosts;
f50216d7 522
523 tarfile_end(tf);
524
525 /* cups.policies.conf */
526 out = tarfile_start(tf, "/etc/cups/cups.policies.conf", 0755, 1, 1,
527 "root", "lp", now);
528 fprintf(out, "# Printer-specific LPC and LPR ACLs\n");
529 /* lpcaccess.top */
530 EXEC SQL SELECT ps.lpc_acl INTO :top_lpc_acl
531 FROM printservers ps, machine m
532 WHERE m.name = :spoolhost AND m.mach_id = ps.mach_id;
e6968581 533
534 /* first, what's our defaults? */
f50216d7 535 fprintf (out, "<Policy default>\n");
536 fprintf (out, "%s\n", alterjob);
537 fprintf (out, "AuthType Default\n");
538 fprintf (out, "Require user @OWNER @SYSTEM\n");
e6968581 539 printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
540 fprintf (out, "Order deny,allow\n");
541 fprintf (out, "</Limit>\n");
542 fprintf (out, "<Limit Send-Document CUPS-Get-Document>\n");
543 fprintf (out, "AuthType None\n");
544 fprintf (out, "Require user @OWNER @SYSTEM\n");
f50216d7 545 fprintf (out, "Order deny,allow\n");
e6968581 546 fprintf (out, "Allow from all\n");
f50216d7 547 fprintf (out, "</Limit>\n");
548 fprintf (out, "%s\n", submitjob);
11bc6bdc 549 fprintf (out, "AuthType None\n");
f50216d7 550 fprintf (out, "Order deny,allow\n");
11bc6bdc 551 fprintf (out, "Allow from all\n");
f50216d7 552 fprintf (out, "</Limit>\n");
553 fprintf (out, "%s\n", alterpntr);
554 fprintf (out, "AuthType Default\n");
555 fprintf (out, "Require user @SYSTEM\n");
556 fprintf (out, "Order deny,allow\n");
557 fprintf (out, "</Limit>\n");
558 fprintf (out, "%s\n", lpcpntr);
559 fprintf (out, "AuthType Default\n");
560 fprintf (out, "Require user @SYSTEM\n");
e6968581 561 printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
f50216d7 562 fprintf (out, "Order deny,allow\n");
563 fprintf (out, "</Limit>\n");
564 fprintf (out, "%s\n", canceljob);
565 fprintf (out, "AuthType Default\n");
566 fprintf (out, "Require user @OWNER @SYSTEM\n");
e6968581 567 printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
f50216d7 568 fprintf (out, "Order deny,allow\n");
03e05c1a 569 fprintf (out, "Allow from all\n");
f50216d7 570 fprintf (out, "</Limit>\n");
571 fprintf (out, "%s\n", catchall);
81b41491 572 fprintf (out, "AuthType None\n");
f50216d7 573 fprintf (out, "Order deny,allow\n");
11bc6bdc 574 fprintf (out, "Allow from all\n");
f50216d7 575 fprintf (out, "</Limit>\n");
576 fprintf (out, "</Policy>\n");
f50216d7 577
578 /* restrict lists and lpcaccess policies. Sadly, we have to put the
579 top level for each new policy since CUPS doesn't have a way of
580 doing it otherwise (well, Unix groups, but not moira) */
581 EXEC SQL DECLARE csr_lpc CURSOR FOR
582 SELECT UNIQUE rp, ka, ac, lpc_acl
583 FROM printers
cfba011a 584 WHERE (ac != 0 OR lpc_acl != 0) AND rm in (SELECT m.mach_id FROM machine m, serverhosts sh
662cdab2 585 WHERE m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER')
586 AND sh.enable = 1);
f50216d7 587 EXEC SQL OPEN csr_lpc;
588 while (1)
589 {
590 EXEC SQL FETCH csr_lpc INTO :name, :ka, :ac, :lpc_acl;
591 if (sqlca.sqlcode)
592 break;
593
594 strtrim(name);
595
596 fprintf (out, "<Policy %s-policy>\n", name);
597 fprintf (out, "%s\n", alterjob);
598 fprintf (out, "AuthType Default\n");
599 fprintf (out, "Require user @OWNER @SYSTEM\n");
e6968581 600 printer_user_list(out, "LIST", lpc_acl, "Require user", 1);
601 printer_user_list(out, "LIST", svrlist, "Require user", 1);
602 fprintf (out, "Order deny,allow\n");
603 fprintf (out, "Allow from all\n");
604 fprintf (out, "</Limit>\n");
605 fprintf (out, "<Limit Send-Document CUPS-Get-Document>\n");
606 fprintf (out, "AuthType None\n");
607 fprintf (out, "Require user @OWNER @SYSTEM\n");
f50216d7 608 fprintf (out, "Order deny,allow\n");
03e05c1a 609 fprintf (out, "Allow from all\n");
f50216d7 610 fprintf (out, "</Limit>\n");
611 fprintf (out, "%s\n", submitjob);
612 /* If the printer is Kerberized? */
613 if (ka)
614 fprintf (out, "AuthType Negotiate\n");
615 else
616 fprintf (out, "AuthType None\n");
617 /* Access-control list. */
e6968581 618 if (ac) {
619 printer_user_list(out, "LIST", ac, "Require user", 1);
620 printer_user_list(out, "LIST", svrlist, "Require user", 1);
621 }
f50216d7 622 else if (ka)
623 fprintf (out, "Require valid-user\n");
624 fprintf (out, "Order deny,allow\n");
11bc6bdc 625 fprintf (out, "Allow from all\n");
f50216d7 626 fprintf (out, "</Limit>\n");
627 fprintf (out, "%s\n", alterpntr);
628 fprintf (out, "AuthType Default\n");
629 fprintf (out, "Require user @SYSTEM\n");
630 fprintf (out, "Order deny,allow\n");
631 fprintf (out, "</Limit>\n");
632 fprintf (out, "%s\n", lpcpntr);
633 fprintf (out, "AuthType Default\n");
634 fprintf (out, "Require user @SYSTEM\n");
635 /* printer-specific lpc access. */
636 if (lpc_acl)
e6968581 637 printer_user_list(out, "LIST", lpc_acl, "Require user", 1);
638 printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
f50216d7 639 fprintf (out, "Order deny,allow\n");
640 fprintf (out, "</Limit>\n");
641 fprintf (out, "%s\n", canceljob);
642 fprintf (out, "AuthType Default\n");
643 fprintf (out, "Require user @OWNER @SYSTEM\n");
e6968581 644 printer_user_list(out, "LIST", lpc_acl, "Require user", 1);
645 printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
f50216d7 646 fprintf (out, "Order deny,allow\n");
11bc6bdc 647 fprintf (out, "Allow from all\n");
f50216d7 648 fprintf (out, "</Limit>\n");
649 fprintf (out, "%s\n", catchall);
11bc6bdc 650 fprintf (out, "AuthType None\n");
f50216d7 651 fprintf (out, "Order deny,allow\n");
11bc6bdc 652 fprintf (out, "Allow from all\n");
f50216d7 653 fprintf (out, "</Limit>\n");
654 fprintf (out, "</Policy>\n");
655 }
656 EXEC SQL CLOSE csr_lpc;
657 fprintf(out, "\n");
658 tarfile_end(tf);
659 tarfile_close(tf);
660}
661
662void sqlerr(void)
663{
664 db_error(sqlca.sqlcode);
665}
Moira, the Athena Service Management system
This page took 0.141963 seconds and 5 git commands to generate.