]>
Commit | Line | Data |
---|---|---|
fa2a7b63 | 1 | /* $Id$ |
2 | * | |
3 | * This generates printcaps and other files for Athena print servers | |
4 | * | |
5 | * Copyright (C) 1992-1998 by the Massachusetts Institute of Technology. | |
6 | * For copying and distribution information, please see the file | |
7 | * <mit-copyright.h>. | |
8 | */ | |
9 | ||
10 | #include <mit-copyright.h> | |
11 | #include <moira.h> | |
12 | #include <moira_site.h> | |
13 | ||
14 | #include <sys/stat.h> | |
15 | #include <sys/types.h> | |
16 | ||
17 | #include <ctype.h> | |
18 | #include <stdio.h> | |
19 | #include <string.h> | |
20 | ||
21 | #include <time.h> | |
22 | #ifdef HAVE_KRB4 | |
23 | #include <krb.h> | |
24 | #endif | |
25 | #include <krb5.h> | |
26 | ||
27 | #include "util.h" | |
28 | ||
29 | EXEC SQL INCLUDE sqlca; | |
30 | ||
31 | RCSID("$Header$"); | |
32 | ||
33 | char *whoami = "cups-print.gen"; | |
34 | char *db = "moira/moira"; | |
35 | ||
36 | const int krbvers = 5; /* use Kerberos 5 */ | |
37 | ||
38 | /* OMG, I hate this, but it's cleaner, I guess? */ | |
39 | ||
40 | const char *alterjob = "<Limit Hold-Job Release-Job\ | |
41 | Restart-Job Purge-Jobs Reprocess-Job Set-Job-Attributes\ | |
42 | Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>"; | |
43 | const char *submitjob = "<Limit Create-Job Print-Job Print-URI Send-Document\ | |
44 | Set-Job-Attributes Send-URI Create-Job-Subscription Renew-Subscription\ | |
45 | Cancel-Subscription Get-Notifications CUPS-Move-Job>"; | |
46 | const char *alterpntr = "<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer\ | |
47 | CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>"; | |
48 | const char *lpcpntr = "<Limit Pause-Printer Resume-Printer Enable-Printer\ | |
49 | Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs\ | |
50 | Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer\ | |
51 | Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After\ | |
52 | CUPS-Accept-Jobs CUPS-Reject-Jobs>"; | |
53 | const char *canceljob = "<Limit Cancel-Job CUPS-Authenticate-Job>"; | |
54 | const char *catchall = "<Limit All>"; | |
55 | const char *phost = "printers.MIT.EDU"; | |
56 | ||
57 | void do_host(char *host); | |
58 | void sqlerr(void); | |
59 | #ifndef MAX | |
60 | #define MAX(a, b) ( (a) > (b) ? (a) : (b) ) | |
61 | #endif | |
62 | ||
63 | int main(int argc, char **argv) | |
64 | { | |
65 | EXEC SQL BEGIN DECLARE SECTION; | |
66 | char name[MACHINE_NAME_SIZE]; | |
67 | EXEC SQL END DECLARE SECTION; | |
68 | ||
69 | init_acls(); | |
70 | ||
71 | EXEC SQL CONNECT :db; | |
72 | ||
73 | EXEC SQL WHENEVER SQLERROR DO sqlerr(); | |
74 | ||
75 | EXEC SQL DECLARE csr_hosts CURSOR FOR | |
76 | SELECT m.name FROM machine m, serverhosts sh | |
77 | WHERE m.mach_id = sh.mach_id AND sh.service = 'CUPS-CLUSTER' AND sh.enable = 1; | |
78 | EXEC SQL OPEN csr_hosts; | |
79 | while (1) | |
80 | { | |
81 | EXEC SQL FETCH csr_hosts INTO :name; | |
82 | if (sqlca.sqlcode) | |
83 | break; | |
84 | ||
85 | strtrim(name); | |
86 | do_host(name); | |
87 | } | |
88 | EXEC SQL CLOSE csr_hosts; | |
89 | ||
90 | exit(MR_SUCCESS); | |
91 | } | |
92 | ||
93 | void printer_user_list(FILE *out, char *type, int id, char *str) | |
94 | { | |
95 | struct save_queue *sq; | |
96 | struct imember *m; | |
97 | char kbuf[MAX_K_NAME_SZ]; | |
98 | char *cp; | |
99 | ||
100 | sq = get_acl(type, id, NULL); | |
101 | while (sq_remove_data(sq, &m)) | |
102 | { | |
103 | if (m->type != 'S' && m->type != NULL) { | |
104 | /* CUPS wants mmanley/root, not mmanley.root@ATHENA.MIT.EDU */ | |
105 | canon_krb(m, krbvers, kbuf, sizeof(kbuf)); | |
106 | ||
107 | /* now, take out all the @realm */ | |
108 | for (cp=kbuf; *cp; cp++) { | |
109 | if (*cp == '@') *cp = '\0'; | |
110 | } | |
111 | fprintf(out, "%s %s\n", str, kbuf); | |
112 | } | |
113 | freeimember(m); | |
114 | } | |
115 | sq_destroy(sq); | |
116 | } | |
117 | ||
118 | ||
119 | ||
120 | void do_host(char *host) | |
121 | { | |
122 | EXEC SQL BEGIN DECLARE SECTION; | |
123 | char rp[PRINTERS_RP_SIZE], name[PRINTERS_NAME_SIZE]; | |
124 | char duplexname[PRINTERS_DUPLEXNAME_SIZE], location[PRINTERS_LOCATION_SIZE]; | |
125 | char hwtype[PRINTERS_HWTYPE_SIZE], lowerhwtype[PRINTERS_HWTYPE_SIZE]; | |
126 | char modtime[PRINTERS_MODTIME_SIZE], lmodtime[LIST_MODTIME_SIZE]; | |
127 | char contact[PRINTERS_CONTACT_SIZE], hostname[MACHINE_NAME_SIZE]; | |
128 | char cupshosts[MACHINE_NAME_SIZE], prtype [PRINTERS_TYPE_SIZE]; | |
129 | char *spoolhost = host, *unixtime_fmt = UNIXTIME_FMT, *p; | |
130 | char *lhost; | |
131 | int ka, pc, ac, lpc_acl, top_lpc_acl, banner, rm; | |
132 | EXEC SQL END DECLARE SECTION; | |
133 | TARFILE *tf; | |
134 | FILE *out; | |
135 | char filename[MAXPATHLEN], *duptc; | |
136 | time_t mtime, now = time(NULL); | |
137 | ||
138 | lhost = (char *) strdup (host); | |
139 | for (p = lhost; *p; p++) | |
140 | *p = tolower(*p); | |
141 | ||
142 | EXEC SQL SELECT mach_id INTO :rm FROM machine | |
143 | WHERE name = :spoolhost; | |
144 | ||
145 | sprintf(filename, "%s/cups-cluster/%s", DCM_DIR, host); | |
146 | tf = tarfile_open(filename); | |
147 | ||
148 | /* printers.conf entries for locally run queues */ | |
149 | out = tarfile_start(tf, "/etc/cups/printers.conf", 0644, 0, 0, | |
150 | "lp", "lp", now); | |
151 | ||
152 | EXEC SQL DECLARE csr_printers CURSOR FOR | |
153 | SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype, | |
154 | m.name, pr.banner, pr.location, pr.contact, pr.ka, | |
155 | pr.ac, pr.lpc_acl | |
156 | FROM printers pr, machine m | |
157 | WHERE pr.rm = :rm AND m.mach_id = pr.mach_id | |
158 | AND (pr.type = 'DORM' or pr.type = 'CLUSTER'); | |
159 | EXEC SQL OPEN csr_printers; | |
160 | while (1) | |
161 | { | |
162 | EXEC SQL FETCH csr_printers INTO :rp, :name, :duplexname, | |
163 | :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl; | |
164 | if (sqlca.sqlcode) | |
165 | break; | |
166 | ||
167 | strtrim(rp); | |
168 | strtrim(name); | |
169 | strtrim(duplexname); | |
170 | strtrim(hwtype); | |
171 | strtrim(hostname); | |
172 | strtrim(location); | |
173 | strtrim(contact); | |
174 | strcpy(lowerhwtype, hwtype); | |
175 | for (p = rp; *p; p++) /* Because uppercased printer names suck */ | |
176 | *p = tolower(*p); | |
177 | for (p = lowerhwtype; *p; p++) | |
178 | *p = tolower(*p); | |
179 | ||
180 | fprintf(out, "<Printer %s>\n",rp); | |
181 | fprintf(out, "Info %s:%s\n", rp, hwtype); | |
182 | /* Note the use of "beh" to keep the CUPS from disabling print queues | |
183 | * should they not respond versus discarding the job. | |
184 | * See the "beh" page for details. | |
185 | * The 1/0/60 says "don't disable/try 20 times/try every 60s */ | |
186 | if (!strncmp(hwtype, "HP", 2)) | |
187 | fprintf(out, "DeviceURI beh:/1/20/60/socket://%s:9100\n", hostname); | |
188 | else | |
189 | fprintf(out, "DeviceURI beh:/1/20/60/socket://%s\n", hostname); | |
190 | fprintf(out, "State Idle\n"); // Always with the Idle | |
191 | fprintf(out, "StateTime %ld\n", (long)time(NULL)); | |
192 | fprintf(out, "Accepting Yes\n"); | |
193 | fprintf(out, "Shared Yes\n"); | |
194 | fprintf(out, "QuotaPeriod 0\n"); | |
195 | fprintf(out, "PageLimit 0\n"); | |
196 | fprintf(out, "Klimit 0\n"); | |
197 | fprintf(out, "Option sides one-sided\n"); | |
198 | fprintf(out, "Filter application/vnd.cups-raw 0 -\n"); | |
199 | fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n"); | |
200 | fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n"); | |
201 | fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n"); | |
202 | fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n"); | |
203 | if (location[0]) | |
204 | fprintf(out, "Location %s\n", location); | |
205 | fprintf(out, "ErrorPolicy abort-job\n"); | |
206 | if (ka || lpc_acl) | |
207 | fprintf(out, "OpPolicy %s-policy\n", rp); | |
208 | else | |
209 | fprintf(out, "OpPolicy default\n"); | |
210 | ||
211 | /* Access-control list. */ | |
212 | if (ac) | |
213 | { | |
214 | if (ka) | |
215 | fprintf(out, "AuthType Negotiate\n"); | |
216 | else | |
217 | fprintf(out, "AuthType Default\n"); | |
218 | printer_user_list(out, "LIST", ac, "AllowUser"); | |
219 | } | |
220 | ||
221 | if (banner == PRN_BANNER_NONE) | |
222 | fprintf(out, "JobSheets none none\n"); | |
223 | else | |
224 | fprintf(out, "JobSheets athena none\n"); | |
225 | fprintf(out, "</Printer>\n"); | |
226 | ||
227 | } | |
228 | EXEC SQL CLOSE csr_printers; | |
229 | ||
230 | /* printers.conf entries for non-local CUPS queues */ | |
231 | EXEC SQL DECLARE csr_remote_printers CURSOR FOR | |
232 | SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype, | |
233 | m.name, pr.banner, pr.location, pr.contact, pr.ka, | |
234 | pr.ac, pr.lpc_acl, m.name as cupshosts | |
235 | FROM printers pr, machine m, serverhosts sh | |
236 | WHERE pr.rm = m.mach_id | |
237 | AND (pr.type = 'CLUSTER' or pr.type = 'DORM') AND m.name <> :spoolhost AND | |
238 | m.mach_id = sh.mach_id AND sh.service = 'CUPS-PRINT' AND | |
239 | sh.enable = 1 AND m.mach_id = sh.mach_id; | |
240 | ||
241 | EXEC SQL OPEN csr_remote_printers; | |
242 | while (1) | |
243 | { | |
244 | EXEC SQL FETCH csr_remote_printers INTO :rp, :name, :duplexname, | |
245 | :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl, :cupshosts; | |
246 | if (sqlca.sqlcode) | |
247 | break; | |
248 | ||
249 | strtrim(rp); | |
250 | strtrim(name); | |
251 | strtrim(duplexname); | |
252 | strtrim(hwtype); | |
253 | strtrim(hostname); | |
254 | strtrim(location); | |
255 | strtrim(contact); | |
256 | strtrim(cupshosts); | |
257 | strcpy(lowerhwtype, hwtype); | |
258 | for (p = rp; *p; p++) /* Because uppercased printer names suck */ | |
259 | *p = tolower(*p); | |
260 | for (p = lowerhwtype; *p; p++) | |
261 | *p = tolower(*p); | |
262 | ||
263 | fprintf(out, "<Printer %s>\n",rp); | |
264 | fprintf(out, "Info %s:%s\n", rp, hwtype); | |
265 | fprintf(out, "DeviceURI ipp://%s:631/printers/%s\n", cupshosts, rp); | |
266 | fprintf(out, "State Idle\n"); // Always with the Idle | |
267 | fprintf(out, "StateTime %ld\n", (long)time(NULL)); | |
268 | fprintf(out, "Accepting Yes\n"); | |
269 | fprintf(out, "Shared Yes\n"); | |
270 | fprintf(out, "QuotaPeriod 0\n"); | |
271 | fprintf(out, "PageLimit 0\n"); | |
272 | fprintf(out, "Klimit 0\n"); | |
273 | fprintf(out, "Option sides one-sided\n"); | |
274 | fprintf(out, "Filter application/vnd.cups-raw 0 -\n"); | |
275 | fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n"); | |
276 | fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n"); | |
277 | fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n"); | |
278 | fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n"); | |
279 | if (location[0]) | |
280 | fprintf(out, "Location %s\n", location); | |
281 | fprintf(out, "ErrorPolicy abort-job\n"); | |
282 | if (ka || lpc_acl) | |
283 | fprintf(out, "OpPolicy %s-policy\n", rp); | |
284 | else | |
285 | fprintf(out, "OpPolicy default\n"); | |
286 | ||
287 | /* Access-control list. */ | |
288 | if (ac) | |
289 | { | |
290 | if (ka) | |
291 | fprintf(out, "AuthType Negotiate\n"); | |
292 | else | |
293 | fprintf(out, "AuthType Default\n"); | |
294 | printer_user_list(out, "LIST", ac, "AllowUser"); | |
295 | } | |
296 | ||
297 | if (banner == PRN_BANNER_NONE) | |
298 | fprintf(out, "JobSheets none none\n"); | |
299 | else | |
300 | fprintf(out, "JobSheets athena none\n"); | |
301 | fprintf(out, "</Printer>\n"); | |
302 | ||
303 | } | |
304 | EXEC SQL CLOSE csr_remote_printers; | |
305 | ||
306 | /* printers.conf entries for non-local LPRng queues */ | |
307 | EXEC SQL DECLARE csr_lprng_printers CURSOR FOR | |
308 | SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype, | |
309 | m.name, pr.banner, pr.location, pr.contact, pr.ka, | |
310 | pr.ac, pr.lpc_acl, m.name as cupshosts | |
311 | FROM printers pr, machine m, serverhosts sh | |
312 | WHERE pr.rm = m.mach_id | |
313 | AND (pr.type = 'DORM' or pr.type = 'CLUSTER') AND m.name <> :spoolhost AND | |
314 | m.mach_id = sh.mach_id AND sh.service = 'PRINT' AND | |
315 | sh.enable = 1; | |
316 | ||
317 | EXEC SQL OPEN csr_lprng_printers; | |
318 | while (1) | |
319 | { | |
320 | EXEC SQL FETCH csr_lprng_printers INTO :rp, :name, :duplexname, | |
321 | :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl, :cupshosts; | |
322 | if (sqlca.sqlcode) | |
323 | break; | |
324 | ||
325 | strtrim(rp); | |
326 | strtrim(name); | |
327 | strtrim(duplexname); | |
328 | strtrim(hwtype); | |
329 | strtrim(hostname); | |
330 | strtrim(location); | |
331 | strtrim(contact); | |
332 | strtrim(cupshosts); | |
333 | strcpy(lowerhwtype, hwtype); | |
334 | for (p = rp; *p; p++) /* Because uppercased printer names suck */ | |
335 | *p = tolower(*p); | |
336 | for (p = lowerhwtype; *p; p++) | |
337 | *p = tolower(*p); | |
338 | ||
339 | fprintf(out, "<Printer %s>\n",rp); | |
340 | fprintf(out, "Info %s:LPRng Queue on %s\n", rp, cupshosts); | |
341 | fprintf(out, "DeviceURI lpd://%s/%s\n", cupshosts, rp); | |
342 | fprintf(out, "State Idle\n"); // Always with the Idle | |
343 | fprintf(out, "StateTime %ld\n", (long)time(NULL)); | |
344 | fprintf(out, "Accepting Yes\n"); | |
345 | fprintf(out, "Shared Yes\n"); | |
346 | fprintf(out, "QuotaPeriod 0\n"); | |
347 | fprintf(out, "PageLimit 0\n"); | |
348 | fprintf(out, "Klimit 0\n"); | |
349 | fprintf(out, "Option sides one-sided\n"); | |
350 | fprintf(out, "Filter application/vnd.cups-raw 0 -\n"); | |
351 | fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n"); | |
352 | fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n"); | |
353 | fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n"); | |
354 | fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n"); | |
355 | if (location[0]) | |
356 | fprintf(out, "Location %s\n", location); | |
357 | fprintf(out, "ErrorPolicy abort-job\n"); | |
358 | fprintf(out, "OpPolicy default\n"); | |
359 | fprintf(out, "JobSheets none none\n"); | |
360 | fprintf(out, "</Printer>\n"); | |
361 | ||
362 | } | |
363 | EXEC SQL CLOSE csr_lprng_printers; | |
364 | tarfile_end(tf); | |
365 | ||
366 | ||
367 | /* aliases are in classes.conf */ | |
368 | out = tarfile_start(tf, "/etc/cups/classes.conf", 0644, 0, 0, | |
369 | "lp", "lp", now); | |
370 | EXEC SQL DECLARE csr_duplexqs CURSOR FOR | |
371 | SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype, | |
372 | m.name, pr.banner, pr.location, pr.contact, pr.ka, | |
373 | pr.type as prtype, pr.ac | |
374 | FROM printers pr, machine m, serverhosts sh | |
375 | WHERE pr.rm = m.mach_id | |
376 | AND m.mach_id = sh.mach_id AND sh.enable = 1 | |
377 | AND (pr.type = 'DORM' or pr.type = 'CLUSTER') | |
378 | AND (sh.service = 'CUPS-PRINT' OR sh.service = 'PRINT'); | |
379 | EXEC SQL OPEN csr_duplexqs; | |
380 | while (1) | |
381 | { | |
382 | EXEC SQL FETCH csr_duplexqs INTO :rp, :name, :duplexname, | |
383 | :hwtype, :hostname, :banner, :location, :contact, :ka, :prtype, :ac; | |
384 | if (sqlca.sqlcode) | |
385 | break; | |
386 | ||
387 | strtrim(hwtype); | |
388 | strtrim(rp); | |
389 | strtrim(location); | |
390 | strtrim(contact); | |
391 | strtrim(prtype); | |
392 | ||
393 | /* Define alias queues as classes to the regular queues for | |
394 | * accounting reasons. Annoyingly, classes don't always inherit | |
395 | * their printer definitions. | |
396 | */ | |
397 | if (!strcmp(prtype,"ALIAS")) | |
398 | { | |
399 | strtrim(name); | |
400 | fprintf(out, "<Class %s>\n",name); | |
401 | fprintf(out, "Info Alias Queue to %s:%s\n", rp, hwtype); | |
402 | fprintf(out, "Printer %s\n", rp); | |
403 | fprintf(out, "Option sides one-sided\n"); | |
404 | fprintf(out, "State Idle\n"); // Always with the Idle | |
405 | fprintf(out, "StateTime %ld\n", (long)time(NULL)); | |
406 | fprintf(out, "Accepting Yes\n"); | |
407 | fprintf(out, "Shared Yes\n"); | |
408 | fprintf(out, "QuotaPeriod 0\n"); | |
409 | fprintf(out, "PageLimit 0\n"); | |
410 | if (location[0]) | |
411 | fprintf(out, "Location %s\n", location); | |
412 | /* fprintf(out, "ErrorPolicy abort-job\n"); */ | |
413 | if (ka || lpc_acl) | |
414 | fprintf(out, "OpPolicy %s-policy\n", rp); | |
415 | else | |
416 | fprintf(out, "OpPolicy default\n"); | |
417 | ||
418 | /* Access-control list. */ | |
419 | if (ac) | |
420 | { | |
421 | if (ka) | |
422 | fprintf(out, "AuthType Negotiate\n"); | |
423 | else | |
424 | fprintf(out, "AuthType Default\n"); | |
425 | printer_user_list(out, "LIST", ac, "AllowUser"); | |
426 | } | |
427 | ||
428 | if (banner == PRN_BANNER_NONE) | |
429 | fprintf(out, "JobSheets none none\n"); | |
430 | else | |
431 | fprintf(out, "JobSheets athena none\n"); | |
432 | fprintf(out, "</Class>\n"); | |
433 | } | |
434 | ||
435 | /* Define duplex queues as aliases to the regular queues for | |
436 | * accounting reasons. Annoyingly, classes don't always inherit | |
437 | * their printer definitions. | |
438 | */ | |
439 | if (*duplexname) | |
440 | { | |
441 | strtrim(duplexname); | |
442 | fprintf(out, "<Class %s>\n",duplexname); | |
443 | if (!strcmp(prtype,"ALIAS")) | |
444 | fprintf(out, "Info Duplex Alias Queue to %s:%s\n", rp, hwtype); | |
445 | else | |
446 | fprintf(out, "Info Duplex Queue for %s:%s\n", rp, hwtype); | |
447 | fprintf(out, "Option sides two-sided-long-edge\n"); // duplex | |
448 | fprintf(out, "Printer %s\n", rp); | |
449 | fprintf(out, "State Idle\n"); // Always with the Idle | |
450 | fprintf(out, "StateTime %ld\n", (long)time(NULL)); | |
451 | fprintf(out, "Accepting Yes\n"); | |
452 | fprintf(out, "Shared Yes\n"); | |
453 | fprintf(out, "QuotaPeriod 0\n"); | |
454 | fprintf(out, "PageLimit 0\n"); | |
455 | if (location[0]) | |
456 | fprintf(out, "Location %s\n", location); | |
457 | fprintf(out, "ErrorPolicy abort-job\n"); | |
458 | if (ka || lpc_acl) | |
459 | fprintf(out, "OpPolicy %s-policy\n", rp); | |
460 | else | |
461 | fprintf(out, "OpPolicy default\n"); | |
462 | ||
463 | /* Access-control list. */ | |
464 | if (ac) | |
465 | { | |
466 | if (ka) | |
467 | fprintf(out, "AuthType Negotiate\n"); | |
468 | else | |
469 | fprintf(out, "AuthType Default\n"); | |
470 | printer_user_list(out, "LIST", ac, "AllowUser"); | |
471 | } | |
472 | ||
473 | if (banner == PRN_BANNER_NONE) | |
474 | fprintf(out, "JobSheets none none\n"); | |
475 | else if (banner == PRN_BANNER_LAST) | |
476 | fprintf(out, "JobSheets athena none\n"); | |
477 | fprintf(out, "</Class>\n"); | |
478 | } | |
479 | } | |
480 | EXEC SQL CLOSE csr_duplexqs; | |
481 | tarfile_end(tf); | |
482 | ||
483 | /* cups.conf */ | |
484 | out = tarfile_start(tf, "/etc/cups/cupsd.conf", 0755, 1, 1, | |
485 | "root", "lp", now); | |
486 | ||
487 | fprintf(out, "LogLevel info\n"); | |
488 | fprintf(out, "SystemGroup sys root ops-group\n"); | |
489 | fprintf(out, "Port 631\n"); | |
490 | fprintf(out, "Listen /var/run/cups/cups.sock\n"); | |
491 | fprintf(out, "Browsing On\n"); | |
492 | fprintf(out, "BrowseOrder allow,deny\n"); | |
493 | fprintf(out, "BrowseAllow all\n"); | |
494 | fprintf(out, "BrowseAddress @LOCAL\n"); | |
495 | fprintf(out, "DefaultAuthType Negotiate\n"); | |
496 | fprintf(out, "ServerCertificate /etc/cups/ssl/%s-ipp-crt.pem\n", lhost); | |
497 | fprintf(out, "ServerKey /etc/cups/ssl/%s-ipp-key.pem\n", lhost); | |
498 | fprintf(out, "ServerName %s\n", lhost); | |
499 | fprintf(out, "ServerAlias %s\n", phost); | |
500 | fprintf(out, "Krb5Keytab /etc/krb5-ipp.keytab\n"); | |
501 | ||
502 | /* The other CUPS servers should be aware of the other hosts' | |
503 | queues, so we'll let them browse each other. */ | |
504 | fprintf(out, "Include cups.local.conf\n"); | |
505 | fprintf(out, "Include cups.locations.conf\n"); | |
506 | fprintf(out, "Include cups.policies.conf\n"); | |
507 | tarfile_end(tf); | |
508 | ||
509 | /* cups.hosts.conf */ | |
510 | out = tarfile_start(tf, "/etc/cups/cups.hosts.conf", 0755, 1, 1, | |
511 | "root", "lp", now); | |
512 | EXEC SQL DECLARE csr_cupshosts CURSOR FOR | |
513 | SELECT m.name AS cupshosts FROM machine m, printservers ps | |
514 | WHERE m.mach_id = ps.mach_id AND ps.kind = 'CUPS'; | |
515 | EXEC SQL OPEN csr_cupshosts; | |
516 | while (1) | |
517 | { | |
518 | EXEC SQL FETCH csr_cupshosts INTO :cupshosts; | |
519 | if (sqlca.sqlcode) | |
520 | break; | |
521 | ||
522 | strtrim(cupshosts); | |
523 | ||
524 | /* Don't poll yourself looking for answers! */ | |
525 | if (strcmp(cupshosts,host)) | |
526 | fprintf(out, "BrowsePoll %s\n", cupshosts); | |
527 | } | |
528 | EXEC SQL CLOSE csr_cupshosts; | |
529 | ||
530 | tarfile_end(tf); | |
531 | ||
532 | /* cups.policies.conf */ | |
533 | out = tarfile_start(tf, "/etc/cups/cups.policies.conf", 0755, 1, 1, | |
534 | "root", "lp", now); | |
535 | fprintf(out, "# Printer-specific LPC and LPR ACLs\n"); | |
536 | /* lpcaccess.top */ | |
537 | EXEC SQL SELECT ps.lpc_acl INTO :top_lpc_acl | |
538 | FROM printservers ps, machine m | |
539 | WHERE m.name = :spoolhost AND m.mach_id = ps.mach_id; | |
540 | if (!sqlca.sqlcode && lpc_acl) | |
541 | { | |
542 | fprintf (out, "<Policy default>\n"); | |
543 | fprintf (out, "%s\n", alterjob); | |
544 | fprintf (out, "AuthType Default\n"); | |
545 | fprintf (out, "Require user @OWNER @SYSTEM\n"); | |
546 | printer_user_list(out, "LIST", top_lpc_acl, "Require user"); | |
547 | fprintf (out, "Order deny,allow\n"); | |
548 | fprintf (out, "</Limit>\n"); | |
549 | fprintf (out, "%s\n", submitjob); | |
550 | fprintf (out, "AuthType None\n"); | |
551 | fprintf (out, "Order deny,allow\n"); | |
552 | fprintf (out, "Allow from all\n"); | |
553 | fprintf (out, "</Limit>\n"); | |
554 | fprintf (out, "%s\n", alterpntr); | |
555 | fprintf (out, "AuthType Default\n"); | |
556 | fprintf (out, "Require user @SYSTEM\n"); | |
557 | fprintf (out, "Order deny,allow\n"); | |
558 | fprintf (out, "</Limit>\n"); | |
559 | fprintf (out, "%s\n", lpcpntr); | |
560 | fprintf (out, "AuthType Default\n"); | |
561 | fprintf (out, "Require user @SYSTEM\n"); | |
562 | printer_user_list(out, "LIST", top_lpc_acl, "Require user"); | |
563 | fprintf (out, "Order deny,allow\n"); | |
564 | fprintf (out, "</Limit>\n"); | |
565 | fprintf (out, "%s\n", canceljob); | |
566 | fprintf (out, "AuthType Default\n"); | |
567 | fprintf (out, "Require user @OWNER @SYSTEM\n"); | |
568 | printer_user_list(out, "LIST", top_lpc_acl, "Require user"); | |
569 | fprintf (out, "Order deny,allow\n"); | |
570 | fprintf (out, "Allow from all\n"); | |
571 | fprintf (out, "</Limit>\n"); | |
572 | fprintf (out, "%s\n", catchall); | |
573 | fprintf (out, "AuthType None\n"); | |
574 | fprintf (out, "Order deny,allow\n"); | |
575 | fprintf (out, "Allow from all\n"); | |
576 | fprintf (out, "</Limit>\n"); | |
577 | fprintf (out, "</Policy>\n"); | |
578 | } | |
579 | ||
580 | /* restrict lists and lpcaccess policies. Sadly, we have to put the | |
581 | top level for each new policy since CUPS doesn't have a way of | |
582 | doing it otherwise (well, Unix groups, but not moira) */ | |
583 | EXEC SQL DECLARE csr_lpc CURSOR FOR | |
584 | SELECT UNIQUE rp, ka, ac, lpc_acl | |
585 | FROM printers | |
586 | WHERE (ac != 0 OR lpc_acl != 0) AND rm in (SELECT m.mach_id FROM machine m, serverhosts sh | |
587 | WHERE m.mach_id = sh.mach_id AND sh.service = 'CUPS-PRINT' AND sh.enable = 1); | |
588 | EXEC SQL OPEN csr_lpc; | |
589 | while (1) | |
590 | { | |
591 | EXEC SQL FETCH csr_lpc INTO :name, :ka, :ac, :lpc_acl; | |
592 | if (sqlca.sqlcode) | |
593 | break; | |
594 | ||
595 | strtrim(name); | |
596 | ||
597 | fprintf (out, "<Policy %s-policy>\n", name); | |
598 | fprintf (out, "%s\n", alterjob); | |
599 | fprintf (out, "AuthType Default\n"); | |
600 | fprintf (out, "Require user @OWNER @SYSTEM\n"); | |
601 | printer_user_list(out, "LIST", lpc_acl, "Require user"); | |
602 | fprintf (out, "Order deny,allow\n"); | |
603 | fprintf (out, "Allow from all\n"); | |
604 | fprintf (out, "</Limit>\n"); | |
605 | fprintf (out, "%s\n", submitjob); | |
606 | /* If the printer is Kerberized? */ | |
607 | if (ka) | |
608 | fprintf (out, "AuthType Negotiate\n"); | |
609 | else | |
610 | fprintf (out, "AuthType None\n"); | |
611 | /* Access-control list. */ | |
612 | if (ac) | |
613 | printer_user_list(out, "LIST", ac, "Require user"); | |
614 | else if (ka) | |
615 | fprintf (out, "Require valid-user\n"); | |
616 | fprintf (out, "Order deny,allow\n"); | |
617 | fprintf (out, "Allow from all\n"); | |
618 | fprintf (out, "</Limit>\n"); | |
619 | fprintf (out, "%s\n", alterpntr); | |
620 | fprintf (out, "AuthType Default\n"); | |
621 | fprintf (out, "Require user @SYSTEM\n"); | |
622 | fprintf (out, "Order deny,allow\n"); | |
623 | fprintf (out, "</Limit>\n"); | |
624 | fprintf (out, "%s\n", lpcpntr); | |
625 | fprintf (out, "AuthType Default\n"); | |
626 | fprintf (out, "Require user @SYSTEM\n"); | |
627 | /* printer-specific lpc access. */ | |
628 | if (lpc_acl) | |
629 | printer_user_list(out, "LIST", lpc_acl, "Require user"); | |
630 | printer_user_list(out, "LIST", top_lpc_acl, "Require user"); | |
631 | fprintf (out, "Order deny,allow\n"); | |
632 | fprintf (out, "</Limit>\n"); | |
633 | fprintf (out, "%s\n", canceljob); | |
634 | fprintf (out, "AuthType Default\n"); | |
635 | fprintf (out, "Require user @OWNER @SYSTEM\n"); | |
636 | printer_user_list(out, "LIST", lpc_acl, "Require user"); | |
637 | printer_user_list(out, "LIST", top_lpc_acl, "Require user"); | |
638 | fprintf (out, "Order deny,allow\n"); | |
639 | fprintf (out, "Allow from all\n"); | |
640 | fprintf (out, "</Limit>\n"); | |
641 | fprintf (out, "%s\n", catchall); | |
642 | fprintf (out, "AuthType None\n"); | |
643 | fprintf (out, "Order deny,allow\n"); | |
644 | fprintf (out, "Allow from all\n"); | |
645 | fprintf (out, "</Limit>\n"); | |
646 | fprintf (out, "</Policy>\n"); | |
647 | } | |
648 | EXEC SQL CLOSE csr_lpc; | |
649 | fprintf(out, "\n"); | |
650 | tarfile_end(tf); | |
651 | tarfile_close(tf); | |
652 | } | |
653 | ||
654 | void sqlerr(void) | |
655 | { | |
656 | db_error(sqlca.sqlcode); | |
657 | } |