]>
Commit | Line | Data |
---|---|---|
f50216d7 | 1 | /* $Id$ |
2 | * | |
3 | * This generates printcaps and other files for Athena print servers | |
4 | * | |
5 | * Copyright (C) 1992-1998 by the Massachusetts Institute of Technology. | |
6 | * For copying and distribution information, please see the file | |
7 | * <mit-copyright.h>. | |
8 | */ | |
9 | ||
10 | #include <mit-copyright.h> | |
11 | #include <moira.h> | |
12 | #include <moira_site.h> | |
13 | ||
14 | #include <sys/stat.h> | |
15 | #include <sys/types.h> | |
16 | ||
17 | #include <ctype.h> | |
18 | #include <stdio.h> | |
19 | #include <string.h> | |
20 | ||
21 | #include <time.h> | |
cb974713 | 22 | #ifdef HAVE_KRB4 |
f50216d7 | 23 | #include <krb.h> |
cb974713 | 24 | #endif |
f50216d7 | 25 | #include <krb5.h> |
26 | ||
27 | #include "util.h" | |
28 | ||
f50216d7 | 29 | EXEC SQL INCLUDE sqlca; |
30 | ||
31 | RCSID("$Header$"); | |
32 | ||
33 | char *whoami = "cups-print.gen"; | |
34 | char *db = "moira/moira"; | |
35 | ||
f57294a2 | 36 | const int krbvers = 5; /* use Kerberos 5 */ |
37 | ||
f50216d7 | 38 | /* OMG, I hate this, but it's cleaner, I guess? */ |
39 | ||
ea998f5e | 40 | const char *alterjob = "<Limit Hold-Job Release-Job\ |
41 | Restart-Job Purge-Jobs Reprocess-Job Set-Job-Attributes\ | |
f50216d7 | 42 | Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>"; |
e6968581 | 43 | const char *submitjob = "<Limit Create-Job Print-Job Print-URI\ |
ea998f5e | 44 | Set-Job-Attributes Send-URI Create-Job-Subscription Renew-Subscription\ |
e6968581 | 45 | Cancel-Subscription Get-Notifications CUPS-Move-Job CUPS-Authenticate-Job>"; |
f50216d7 | 46 | const char *alterpntr = "<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer\ |
e6968581 | 47 | CUPS-Add-Modify-Class CUPS-Delete-Class>"; |
f50216d7 | 48 | const char *lpcpntr = "<Limit Pause-Printer Resume-Printer Enable-Printer\ |
49 | Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs\ | |
50 | Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer\ | |
51 | Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After\ | |
e6968581 | 52 | CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>"; |
53 | const char *canceljob = "<Limit Cancel-Job>"; | |
f50216d7 | 54 | const char *catchall = "<Limit All>"; |
200545fb | 55 | const char *phost = "printers.MIT.EDU"; |
e6968581 | 56 | const char *svrlist = "cups-servers"; |
f50216d7 | 57 | |
58 | void do_host(char *host); | |
59 | void sqlerr(void); | |
60 | #ifndef MAX | |
61 | #define MAX(a, b) ( (a) > (b) ? (a) : (b) ) | |
62 | #endif | |
63 | ||
64 | int main(int argc, char **argv) | |
65 | { | |
66 | EXEC SQL BEGIN DECLARE SECTION; | |
67 | char name[MACHINE_NAME_SIZE]; | |
68 | EXEC SQL END DECLARE SECTION; | |
69 | ||
70 | init_acls(); | |
71 | ||
72 | EXEC SQL CONNECT :db; | |
73 | ||
74 | EXEC SQL WHENEVER SQLERROR DO sqlerr(); | |
75 | ||
76 | EXEC SQL DECLARE csr_hosts CURSOR FOR | |
77 | SELECT m.name FROM machine m, serverhosts sh | |
662cdab2 | 78 | WHERE m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER') |
79 | AND sh.enable = 1; | |
f50216d7 | 80 | EXEC SQL OPEN csr_hosts; |
81 | while (1) | |
82 | { | |
83 | EXEC SQL FETCH csr_hosts INTO :name; | |
84 | if (sqlca.sqlcode) | |
85 | break; | |
86 | ||
87 | strtrim(name); | |
88 | do_host(name); | |
89 | } | |
90 | EXEC SQL CLOSE csr_hosts; | |
91 | ||
92 | exit(MR_SUCCESS); | |
93 | } | |
94 | ||
e6968581 | 95 | void printer_user_list(FILE *out, char *type, int id, char *str, int striprealm) |
f50216d7 | 96 | { |
97 | struct save_queue *sq; | |
98 | struct imember *m; | |
f57294a2 | 99 | char kbuf[MAX_K_NAME_SZ]; |
100 | char *cp; | |
f50216d7 | 101 | |
102 | sq = get_acl(type, id, NULL); | |
103 | while (sq_remove_data(sq, &m)) | |
104 | { | |
f57294a2 | 105 | if (m->type != 'S' && m->type != NULL) { |
106 | /* CUPS wants mmanley/root, not mmanley.root@ATHENA.MIT.EDU */ | |
107 | canon_krb(m, krbvers, kbuf, sizeof(kbuf)); | |
108 | ||
109 | /* now, take out all the @realm */ | |
e6968581 | 110 | if (striprealm) { |
f57294a2 | 111 | for (cp=kbuf; *cp; cp++) { |
112 | if (*cp == '@') *cp = '\0'; | |
113 | } | |
e6968581 | 114 | } |
f57294a2 | 115 | fprintf(out, "%s %s\n", str, kbuf); |
116 | } | |
f50216d7 | 117 | freeimember(m); |
118 | } | |
119 | sq_destroy(sq); | |
120 | } | |
121 | ||
122 | ||
123 | ||
124 | void do_host(char *host) | |
125 | { | |
126 | EXEC SQL BEGIN DECLARE SECTION; | |
127 | char rp[PRINTERS_RP_SIZE], name[PRINTERS_NAME_SIZE]; | |
128 | char duplexname[PRINTERS_DUPLEXNAME_SIZE], location[PRINTERS_LOCATION_SIZE]; | |
129 | char hwtype[PRINTERS_HWTYPE_SIZE], lowerhwtype[PRINTERS_HWTYPE_SIZE]; | |
130 | char modtime[PRINTERS_MODTIME_SIZE], lmodtime[LIST_MODTIME_SIZE]; | |
131 | char contact[PRINTERS_CONTACT_SIZE], hostname[MACHINE_NAME_SIZE]; | |
132 | char cupshosts[MACHINE_NAME_SIZE], prtype [PRINTERS_TYPE_SIZE]; | |
e6968581 | 133 | char service[SERVERHOSTS_SERVICE_SIZE]; |
f50216d7 | 134 | char *spoolhost = host, *unixtime_fmt = UNIXTIME_FMT, *p; |
135 | char *lhost; | |
136 | int ka, pc, ac, lpc_acl, top_lpc_acl, banner, rm; | |
137 | EXEC SQL END DECLARE SECTION; | |
138 | TARFILE *tf; | |
139 | FILE *out; | |
140 | char filename[MAXPATHLEN], *duptc; | |
141 | time_t mtime, now = time(NULL); | |
142 | ||
143 | lhost = (char *) strdup (host); | |
144 | for (p = lhost; *p; p++) | |
145 | *p = tolower(*p); | |
146 | ||
147 | EXEC SQL SELECT mach_id INTO :rm FROM machine | |
148 | WHERE name = :spoolhost; | |
149 | ||
c3c53552 | 150 | sprintf(filename, "%s/cups-print/%s", DCM_DIR, host); |
f50216d7 | 151 | tf = tarfile_open(filename); |
152 | ||
cfba011a | 153 | /* printers.conf entries for locally run queues */ |
f50216d7 | 154 | out = tarfile_start(tf, "/etc/cups/printers.conf", 0644, 0, 0, |
200545fb | 155 | "lp", "lp", now); |
f50216d7 | 156 | |
157 | EXEC SQL DECLARE csr_printers CURSOR FOR | |
158 | SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype, | |
159 | m.name, pr.banner, pr.location, pr.contact, pr.ka, | |
f57294a2 | 160 | pr.ac, pr.lpc_acl |
f50216d7 | 161 | FROM printers pr, machine m |
162 | WHERE pr.rm = :rm AND m.mach_id = pr.mach_id | |
163 | AND pr.type != 'ALIAS'; | |
164 | EXEC SQL OPEN csr_printers; | |
165 | while (1) | |
166 | { | |
167 | EXEC SQL FETCH csr_printers INTO :rp, :name, :duplexname, | |
f57294a2 | 168 | :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl; |
f50216d7 | 169 | if (sqlca.sqlcode) |
170 | break; | |
171 | ||
172 | strtrim(rp); | |
173 | strtrim(name); | |
174 | strtrim(duplexname); | |
175 | strtrim(hwtype); | |
176 | strtrim(hostname); | |
177 | strtrim(location); | |
178 | strtrim(contact); | |
179 | strcpy(lowerhwtype, hwtype); | |
cfba011a | 180 | for (p = rp; *p; p++) /* Because uppercased printer names suck */ |
181 | *p = tolower(*p); | |
f50216d7 | 182 | for (p = lowerhwtype; *p; p++) |
183 | *p = tolower(*p); | |
184 | ||
185 | fprintf(out, "<Printer %s>\n",rp); | |
186 | fprintf(out, "Info %s:%s\n", rp, hwtype); | |
187 | /* Note the use of "beh" to keep the CUPS from disabling print queues | |
188 | * should they not respond versus discarding the job. | |
189 | * See the "beh" page for details. | |
190 | * The 1/0/60 says "don't disable/try 20 times/try every 60s */ | |
191 | if (!strncmp(hwtype, "HP", 2)) | |
192 | fprintf(out, "DeviceURI beh:/1/20/60/socket://%s:9100\n", hostname); | |
193 | else | |
194 | fprintf(out, "DeviceURI beh:/1/20/60/socket://%s\n", hostname); | |
195 | fprintf(out, "State Idle\n"); // Always with the Idle | |
196 | fprintf(out, "StateTime %ld\n", (long)time(NULL)); | |
197 | fprintf(out, "Accepting Yes\n"); | |
198 | fprintf(out, "Shared Yes\n"); | |
199 | fprintf(out, "QuotaPeriod 0\n"); | |
200 | fprintf(out, "PageLimit 0\n"); | |
201 | fprintf(out, "Klimit 0\n"); | |
202 | fprintf(out, "Option sides one-sided\n"); | |
cfba011a | 203 | fprintf(out, "Filter application/vnd.cups-raw 0 -\n"); |
204 | fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n"); | |
205 | fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n"); | |
206 | fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n"); | |
207 | fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n"); | |
f50216d7 | 208 | if (location[0]) |
209 | fprintf(out, "Location %s\n", location); | |
210 | fprintf(out, "ErrorPolicy abort-job\n"); | |
f57294a2 | 211 | if (ka || lpc_acl) |
f50216d7 | 212 | fprintf(out, "OpPolicy %s-policy\n", rp); |
f57294a2 | 213 | else |
214 | fprintf(out, "OpPolicy default\n"); | |
f50216d7 | 215 | |
216 | /* Access-control list. */ | |
217 | if (ac) | |
218 | { | |
219 | if (ka) | |
220 | fprintf(out, "AuthType Negotiate\n"); | |
221 | else | |
f57294a2 | 222 | fprintf(out, "AuthType Default\n"); |
e6968581 | 223 | printer_user_list(out, "LIST", ac, "AllowUser", 0); |
f50216d7 | 224 | } |
225 | ||
226 | if (banner == PRN_BANNER_NONE) | |
227 | fprintf(out, "JobSheets none none\n"); | |
228 | else | |
229 | fprintf(out, "JobSheets athena none\n"); | |
230 | fprintf(out, "</Printer>\n"); | |
231 | ||
232 | } | |
233 | EXEC SQL CLOSE csr_printers; | |
cfba011a | 234 | |
235 | /* printers.conf entries for non-local CUPS queues */ | |
236 | EXEC SQL DECLARE csr_remote_printers CURSOR FOR | |
237 | SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype, | |
238 | m.name, pr.banner, pr.location, pr.contact, pr.ka, | |
239 | pr.ac, pr.lpc_acl, m.name as cupshosts | |
240 | FROM printers pr, machine m, serverhosts sh | |
241 | WHERE pr.rm = m.mach_id | |
242 | AND pr.type != 'ALIAS' AND m.name <> :spoolhost AND | |
662cdab2 | 243 | m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER') |
244 | AND sh.enable = 1 AND m.mach_id = sh.mach_id; | |
cfba011a | 245 | |
246 | EXEC SQL OPEN csr_remote_printers; | |
247 | while (1) | |
248 | { | |
249 | EXEC SQL FETCH csr_remote_printers INTO :rp, :name, :duplexname, | |
250 | :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl, :cupshosts; | |
251 | if (sqlca.sqlcode) | |
252 | break; | |
253 | ||
254 | strtrim(rp); | |
255 | strtrim(name); | |
256 | strtrim(duplexname); | |
257 | strtrim(hwtype); | |
258 | strtrim(hostname); | |
259 | strtrim(location); | |
260 | strtrim(contact); | |
261 | strtrim(cupshosts); | |
262 | strcpy(lowerhwtype, hwtype); | |
263 | for (p = rp; *p; p++) /* Because uppercased printer names suck */ | |
264 | *p = tolower(*p); | |
265 | for (p = lowerhwtype; *p; p++) | |
266 | *p = tolower(*p); | |
267 | ||
268 | fprintf(out, "<Printer %s>\n",rp); | |
269 | fprintf(out, "Info %s:%s\n", rp, hwtype); | |
270 | fprintf(out, "DeviceURI ipp://%s:631/printers/%s\n", cupshosts, rp); | |
271 | fprintf(out, "State Idle\n"); // Always with the Idle | |
272 | fprintf(out, "StateTime %ld\n", (long)time(NULL)); | |
273 | fprintf(out, "Accepting Yes\n"); | |
274 | fprintf(out, "Shared Yes\n"); | |
275 | fprintf(out, "QuotaPeriod 0\n"); | |
276 | fprintf(out, "PageLimit 0\n"); | |
277 | fprintf(out, "Klimit 0\n"); | |
278 | fprintf(out, "Option sides one-sided\n"); | |
279 | fprintf(out, "Filter application/vnd.cups-raw 0 -\n"); | |
280 | fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n"); | |
281 | fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n"); | |
282 | fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n"); | |
283 | fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n"); | |
284 | if (location[0]) | |
285 | fprintf(out, "Location %s\n", location); | |
286 | fprintf(out, "ErrorPolicy abort-job\n"); | |
287 | if (ka || lpc_acl) | |
288 | fprintf(out, "OpPolicy %s-policy\n", rp); | |
289 | else | |
290 | fprintf(out, "OpPolicy default\n"); | |
291 | ||
292 | /* Access-control list. */ | |
293 | if (ac) | |
294 | { | |
295 | if (ka) | |
296 | fprintf(out, "AuthType Negotiate\n"); | |
297 | else | |
298 | fprintf(out, "AuthType Default\n"); | |
e6968581 | 299 | printer_user_list(out, "LIST", ac, "AllowUser", 0); |
cfba011a | 300 | } |
301 | ||
302 | if (banner == PRN_BANNER_NONE) | |
303 | fprintf(out, "JobSheets none none\n"); | |
304 | else | |
305 | fprintf(out, "JobSheets athena none\n"); | |
306 | fprintf(out, "</Printer>\n"); | |
307 | ||
308 | } | |
309 | EXEC SQL CLOSE csr_remote_printers; | |
310 | ||
311 | /* printers.conf entries for non-local LPRng queues */ | |
312 | EXEC SQL DECLARE csr_lprng_printers CURSOR FOR | |
313 | SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype, | |
314 | m.name, pr.banner, pr.location, pr.contact, pr.ka, | |
315 | pr.ac, pr.lpc_acl, m.name as cupshosts | |
316 | FROM printers pr, machine m, serverhosts sh | |
317 | WHERE pr.rm = m.mach_id | |
318 | AND pr.type != 'ALIAS' AND m.name <> :spoolhost AND | |
319 | m.mach_id = sh.mach_id AND sh.service = 'PRINT' AND | |
320 | sh.enable = 1; | |
321 | ||
322 | EXEC SQL OPEN csr_lprng_printers; | |
323 | while (1) | |
324 | { | |
325 | EXEC SQL FETCH csr_lprng_printers INTO :rp, :name, :duplexname, | |
326 | :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl, :cupshosts; | |
327 | if (sqlca.sqlcode) | |
328 | break; | |
329 | ||
330 | strtrim(rp); | |
331 | strtrim(name); | |
332 | strtrim(duplexname); | |
333 | strtrim(hwtype); | |
334 | strtrim(hostname); | |
335 | strtrim(location); | |
336 | strtrim(contact); | |
337 | strtrim(cupshosts); | |
338 | strcpy(lowerhwtype, hwtype); | |
339 | for (p = rp; *p; p++) /* Because uppercased printer names suck */ | |
340 | *p = tolower(*p); | |
341 | for (p = lowerhwtype; *p; p++) | |
342 | *p = tolower(*p); | |
343 | ||
344 | fprintf(out, "<Printer %s>\n",rp); | |
345 | fprintf(out, "Info %s:LPRng Queue on %s\n", rp, cupshosts); | |
346 | fprintf(out, "DeviceURI lpd://%s/%s\n", cupshosts, rp); | |
347 | fprintf(out, "State Idle\n"); // Always with the Idle | |
348 | fprintf(out, "StateTime %ld\n", (long)time(NULL)); | |
349 | fprintf(out, "Accepting Yes\n"); | |
350 | fprintf(out, "Shared Yes\n"); | |
351 | fprintf(out, "QuotaPeriod 0\n"); | |
352 | fprintf(out, "PageLimit 0\n"); | |
353 | fprintf(out, "Klimit 0\n"); | |
354 | fprintf(out, "Option sides one-sided\n"); | |
355 | fprintf(out, "Filter application/vnd.cups-raw 0 -\n"); | |
356 | fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n"); | |
357 | fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n"); | |
358 | fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n"); | |
359 | fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n"); | |
360 | if (location[0]) | |
361 | fprintf(out, "Location %s\n", location); | |
362 | fprintf(out, "ErrorPolicy abort-job\n"); | |
363 | fprintf(out, "OpPolicy default\n"); | |
364 | fprintf(out, "JobSheets none none\n"); | |
365 | fprintf(out, "</Printer>\n"); | |
366 | ||
367 | } | |
368 | EXEC SQL CLOSE csr_lprng_printers; | |
f50216d7 | 369 | tarfile_end(tf); |
370 | ||
371 | ||
372 | /* aliases are in classes.conf */ | |
373 | out = tarfile_start(tf, "/etc/cups/classes.conf", 0644, 0, 0, | |
200545fb | 374 | "lp", "lp", now); |
f50216d7 | 375 | EXEC SQL DECLARE csr_duplexqs CURSOR FOR |
376 | SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype, | |
377 | m.name, pr.banner, pr.location, pr.contact, pr.ka, | |
e6968581 | 378 | pr.type as prtype, pr.ac, sh.service |
cfba011a | 379 | FROM printers pr, machine m, serverhosts sh |
380 | WHERE pr.rm = m.mach_id | |
381 | AND m.mach_id = sh.mach_id AND sh.enable = 1 | |
662cdab2 | 382 | AND (sh.service = 'CUPS-PRINT' OR sh.service = 'PRINT' OR sh.service = 'CUPS-CLUSTER'); |
f50216d7 | 383 | EXEC SQL OPEN csr_duplexqs; |
384 | while (1) | |
385 | { | |
386 | EXEC SQL FETCH csr_duplexqs INTO :rp, :name, :duplexname, | |
e6968581 | 387 | :hwtype, :hostname, :banner, :location, :contact, :ka, :prtype, :ac, :service; |
f50216d7 | 388 | if (sqlca.sqlcode) |
389 | break; | |
390 | ||
391 | strtrim(hwtype); | |
e6968581 | 392 | strtrim(service); |
f50216d7 | 393 | strtrim(rp); |
394 | strtrim(location); | |
395 | strtrim(contact); | |
396 | strtrim(prtype); | |
397 | ||
398 | /* Define alias queues as classes to the regular queues for | |
399 | * accounting reasons. Annoyingly, classes don't always inherit | |
400 | * their printer definitions. | |
401 | */ | |
402 | if (!strcmp(prtype,"ALIAS")) | |
403 | { | |
404 | strtrim(name); | |
405 | fprintf(out, "<Class %s>\n",name); | |
406 | fprintf(out, "Info Alias Queue to %s:%s\n", rp, hwtype); | |
407 | fprintf(out, "Printer %s\n", rp); | |
408 | fprintf(out, "Option sides one-sided\n"); | |
409 | fprintf(out, "State Idle\n"); // Always with the Idle | |
410 | fprintf(out, "StateTime %ld\n", (long)time(NULL)); | |
411 | fprintf(out, "Accepting Yes\n"); | |
412 | fprintf(out, "Shared Yes\n"); | |
413 | fprintf(out, "QuotaPeriod 0\n"); | |
414 | fprintf(out, "PageLimit 0\n"); | |
415 | if (location[0]) | |
416 | fprintf(out, "Location %s\n", location); | |
e6968581 | 417 | /* do not use custom policies for LPRng printers */ |
418 | if (strcmp(service,"PRINT") && (ka || lpc_acl)) | |
f50216d7 | 419 | fprintf(out, "OpPolicy %s-policy\n", rp); |
f57294a2 | 420 | else |
421 | fprintf(out, "OpPolicy default\n"); | |
f50216d7 | 422 | |
423 | /* Access-control list. */ | |
424 | if (ac) | |
e6968581 | 425 | printer_user_list(out, "LIST", ac, "AllowUser", 0); |
f50216d7 | 426 | |
427 | if (banner == PRN_BANNER_NONE) | |
428 | fprintf(out, "JobSheets none none\n"); | |
429 | else | |
430 | fprintf(out, "JobSheets athena none\n"); | |
431 | fprintf(out, "</Class>\n"); | |
432 | } | |
433 | ||
434 | /* Define duplex queues as aliases to the regular queues for | |
435 | * accounting reasons. Annoyingly, classes don't always inherit | |
436 | * their printer definitions. | |
437 | */ | |
438 | if (*duplexname) | |
439 | { | |
440 | strtrim(duplexname); | |
441 | fprintf(out, "<Class %s>\n",duplexname); | |
442 | if (!strcmp(prtype,"ALIAS")) | |
443 | fprintf(out, "Info Duplex Alias Queue to %s:%s\n", rp, hwtype); | |
444 | else | |
445 | fprintf(out, "Info Duplex Queue for %s:%s\n", rp, hwtype); | |
446 | fprintf(out, "Option sides two-sided-long-edge\n"); // duplex | |
447 | fprintf(out, "Printer %s\n", rp); | |
448 | fprintf(out, "State Idle\n"); // Always with the Idle | |
449 | fprintf(out, "StateTime %ld\n", (long)time(NULL)); | |
450 | fprintf(out, "Accepting Yes\n"); | |
451 | fprintf(out, "Shared Yes\n"); | |
452 | fprintf(out, "QuotaPeriod 0\n"); | |
453 | fprintf(out, "PageLimit 0\n"); | |
454 | if (location[0]) | |
455 | fprintf(out, "Location %s\n", location); | |
e6968581 | 456 | if (strcmp(service,"PRINT") && (ka || lpc_acl)) |
f50216d7 | 457 | fprintf(out, "OpPolicy %s-policy\n", rp); |
f57294a2 | 458 | else |
459 | fprintf(out, "OpPolicy default\n"); | |
f50216d7 | 460 | |
461 | /* Access-control list. */ | |
462 | if (ac) | |
e6968581 | 463 | printer_user_list(out, "LIST", ac, "AllowUser", 0); |
f50216d7 | 464 | |
465 | if (banner == PRN_BANNER_NONE) | |
466 | fprintf(out, "JobSheets none none\n"); | |
467 | else if (banner == PRN_BANNER_LAST) | |
468 | fprintf(out, "JobSheets athena none\n"); | |
469 | fprintf(out, "</Class>\n"); | |
470 | } | |
471 | } | |
472 | EXEC SQL CLOSE csr_duplexqs; | |
473 | tarfile_end(tf); | |
474 | ||
475 | /* cups.conf */ | |
476 | out = tarfile_start(tf, "/etc/cups/cupsd.conf", 0755, 1, 1, | |
477 | "root", "lp", now); | |
478 | ||
479 | fprintf(out, "LogLevel info\n"); | |
480 | fprintf(out, "SystemGroup sys root ops-group\n"); | |
481 | fprintf(out, "Port 631\n"); | |
e6968581 | 482 | fprintf(out, "SSLPort 443\n"); |
f50216d7 | 483 | fprintf(out, "Listen /var/run/cups/cups.sock\n"); |
484 | fprintf(out, "Browsing On\n"); | |
485 | fprintf(out, "BrowseOrder allow,deny\n"); | |
486 | fprintf(out, "BrowseAllow all\n"); | |
487 | fprintf(out, "BrowseAddress @LOCAL\n"); | |
488 | fprintf(out, "DefaultAuthType Negotiate\n"); | |
489 | fprintf(out, "ServerCertificate /etc/cups/ssl/%s-ipp-crt.pem\n", lhost); | |
490 | fprintf(out, "ServerKey /etc/cups/ssl/%s-ipp-key.pem\n", lhost); | |
491 | fprintf(out, "ServerName %s\n", lhost); | |
200545fb | 492 | fprintf(out, "ServerAlias %s\n", phost); |
e6968581 | 493 | /* fprintf(out, "Krb5Keytab /etc/krb5-ipp.keytab\n"); */ |
f50216d7 | 494 | |
495 | /* The other CUPS servers should be aware of the other hosts' | |
496 | queues, so we'll let them browse each other. */ | |
72a62bdc | 497 | fprintf(out, "Include cups.local.conf\n"); |
72a62bdc | 498 | fprintf(out, "Include cups.locations.conf\n"); |
499 | fprintf(out, "Include cups.policies.conf\n"); | |
500 | tarfile_end(tf); | |
f50216d7 | 501 | |
72a62bdc | 502 | /* cups.hosts.conf */ |
503 | out = tarfile_start(tf, "/etc/cups/cups.hosts.conf", 0755, 1, 1, | |
504 | "root", "lp", now); | |
f50216d7 | 505 | EXEC SQL DECLARE csr_cupshosts CURSOR FOR |
506 | SELECT m.name AS cupshosts FROM machine m, printservers ps | |
507 | WHERE m.mach_id = ps.mach_id AND ps.kind = 'CUPS'; | |
508 | EXEC SQL OPEN csr_cupshosts; | |
509 | while (1) | |
510 | { | |
511 | EXEC SQL FETCH csr_cupshosts INTO :cupshosts; | |
512 | if (sqlca.sqlcode) | |
513 | break; | |
514 | ||
515 | strtrim(cupshosts); | |
516 | ||
517 | /* Don't poll yourself looking for answers! */ | |
518 | if (strcmp(cupshosts,host)) | |
519 | fprintf(out, "BrowsePoll %s\n", cupshosts); | |
520 | } | |
521 | EXEC SQL CLOSE csr_cupshosts; | |
f50216d7 | 522 | |
523 | tarfile_end(tf); | |
524 | ||
525 | /* cups.policies.conf */ | |
526 | out = tarfile_start(tf, "/etc/cups/cups.policies.conf", 0755, 1, 1, | |
527 | "root", "lp", now); | |
528 | fprintf(out, "# Printer-specific LPC and LPR ACLs\n"); | |
529 | /* lpcaccess.top */ | |
530 | EXEC SQL SELECT ps.lpc_acl INTO :top_lpc_acl | |
531 | FROM printservers ps, machine m | |
532 | WHERE m.name = :spoolhost AND m.mach_id = ps.mach_id; | |
e6968581 | 533 | |
534 | /* first, what's our defaults? */ | |
f50216d7 | 535 | fprintf (out, "<Policy default>\n"); |
536 | fprintf (out, "%s\n", alterjob); | |
537 | fprintf (out, "AuthType Default\n"); | |
538 | fprintf (out, "Require user @OWNER @SYSTEM\n"); | |
e6968581 | 539 | printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1); |
540 | fprintf (out, "Order deny,allow\n"); | |
541 | fprintf (out, "</Limit>\n"); | |
542 | fprintf (out, "<Limit Send-Document CUPS-Get-Document>\n"); | |
543 | fprintf (out, "AuthType None\n"); | |
544 | fprintf (out, "Require user @OWNER @SYSTEM\n"); | |
f50216d7 | 545 | fprintf (out, "Order deny,allow\n"); |
e6968581 | 546 | fprintf (out, "Allow from all\n"); |
f50216d7 | 547 | fprintf (out, "</Limit>\n"); |
548 | fprintf (out, "%s\n", submitjob); | |
11bc6bdc | 549 | fprintf (out, "AuthType None\n"); |
f50216d7 | 550 | fprintf (out, "Order deny,allow\n"); |
11bc6bdc | 551 | fprintf (out, "Allow from all\n"); |
f50216d7 | 552 | fprintf (out, "</Limit>\n"); |
553 | fprintf (out, "%s\n", alterpntr); | |
554 | fprintf (out, "AuthType Default\n"); | |
555 | fprintf (out, "Require user @SYSTEM\n"); | |
556 | fprintf (out, "Order deny,allow\n"); | |
557 | fprintf (out, "</Limit>\n"); | |
558 | fprintf (out, "%s\n", lpcpntr); | |
559 | fprintf (out, "AuthType Default\n"); | |
560 | fprintf (out, "Require user @SYSTEM\n"); | |
e6968581 | 561 | printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1); |
f50216d7 | 562 | fprintf (out, "Order deny,allow\n"); |
563 | fprintf (out, "</Limit>\n"); | |
564 | fprintf (out, "%s\n", canceljob); | |
565 | fprintf (out, "AuthType Default\n"); | |
566 | fprintf (out, "Require user @OWNER @SYSTEM\n"); | |
e6968581 | 567 | printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1); |
f50216d7 | 568 | fprintf (out, "Order deny,allow\n"); |
03e05c1a | 569 | fprintf (out, "Allow from all\n"); |
f50216d7 | 570 | fprintf (out, "</Limit>\n"); |
571 | fprintf (out, "%s\n", catchall); | |
81b41491 | 572 | fprintf (out, "AuthType None\n"); |
f50216d7 | 573 | fprintf (out, "Order deny,allow\n"); |
11bc6bdc | 574 | fprintf (out, "Allow from all\n"); |
f50216d7 | 575 | fprintf (out, "</Limit>\n"); |
576 | fprintf (out, "</Policy>\n"); | |
f50216d7 | 577 | |
578 | /* restrict lists and lpcaccess policies. Sadly, we have to put the | |
579 | top level for each new policy since CUPS doesn't have a way of | |
580 | doing it otherwise (well, Unix groups, but not moira) */ | |
581 | EXEC SQL DECLARE csr_lpc CURSOR FOR | |
582 | SELECT UNIQUE rp, ka, ac, lpc_acl | |
583 | FROM printers | |
cfba011a | 584 | WHERE (ac != 0 OR lpc_acl != 0) AND rm in (SELECT m.mach_id FROM machine m, serverhosts sh |
662cdab2 | 585 | WHERE m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER') |
586 | AND sh.enable = 1); | |
f50216d7 | 587 | EXEC SQL OPEN csr_lpc; |
588 | while (1) | |
589 | { | |
590 | EXEC SQL FETCH csr_lpc INTO :name, :ka, :ac, :lpc_acl; | |
591 | if (sqlca.sqlcode) | |
592 | break; | |
593 | ||
594 | strtrim(name); | |
595 | ||
596 | fprintf (out, "<Policy %s-policy>\n", name); | |
597 | fprintf (out, "%s\n", alterjob); | |
598 | fprintf (out, "AuthType Default\n"); | |
599 | fprintf (out, "Require user @OWNER @SYSTEM\n"); | |
e6968581 | 600 | printer_user_list(out, "LIST", lpc_acl, "Require user", 1); |
601 | printer_user_list(out, "LIST", svrlist, "Require user", 1); | |
602 | fprintf (out, "Order deny,allow\n"); | |
603 | fprintf (out, "Allow from all\n"); | |
604 | fprintf (out, "</Limit>\n"); | |
605 | fprintf (out, "<Limit Send-Document CUPS-Get-Document>\n"); | |
606 | fprintf (out, "AuthType None\n"); | |
607 | fprintf (out, "Require user @OWNER @SYSTEM\n"); | |
f50216d7 | 608 | fprintf (out, "Order deny,allow\n"); |
03e05c1a | 609 | fprintf (out, "Allow from all\n"); |
f50216d7 | 610 | fprintf (out, "</Limit>\n"); |
611 | fprintf (out, "%s\n", submitjob); | |
612 | /* If the printer is Kerberized? */ | |
613 | if (ka) | |
614 | fprintf (out, "AuthType Negotiate\n"); | |
615 | else | |
616 | fprintf (out, "AuthType None\n"); | |
617 | /* Access-control list. */ | |
e6968581 | 618 | if (ac) { |
619 | printer_user_list(out, "LIST", ac, "Require user", 1); | |
620 | printer_user_list(out, "LIST", svrlist, "Require user", 1); | |
621 | } | |
f50216d7 | 622 | else if (ka) |
623 | fprintf (out, "Require valid-user\n"); | |
624 | fprintf (out, "Order deny,allow\n"); | |
11bc6bdc | 625 | fprintf (out, "Allow from all\n"); |
f50216d7 | 626 | fprintf (out, "</Limit>\n"); |
627 | fprintf (out, "%s\n", alterpntr); | |
628 | fprintf (out, "AuthType Default\n"); | |
629 | fprintf (out, "Require user @SYSTEM\n"); | |
630 | fprintf (out, "Order deny,allow\n"); | |
631 | fprintf (out, "</Limit>\n"); | |
632 | fprintf (out, "%s\n", lpcpntr); | |
633 | fprintf (out, "AuthType Default\n"); | |
634 | fprintf (out, "Require user @SYSTEM\n"); | |
635 | /* printer-specific lpc access. */ | |
636 | if (lpc_acl) | |
e6968581 | 637 | printer_user_list(out, "LIST", lpc_acl, "Require user", 1); |
638 | printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1); | |
f50216d7 | 639 | fprintf (out, "Order deny,allow\n"); |
640 | fprintf (out, "</Limit>\n"); | |
641 | fprintf (out, "%s\n", canceljob); | |
642 | fprintf (out, "AuthType Default\n"); | |
643 | fprintf (out, "Require user @OWNER @SYSTEM\n"); | |
e6968581 | 644 | printer_user_list(out, "LIST", lpc_acl, "Require user", 1); |
645 | printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1); | |
f50216d7 | 646 | fprintf (out, "Order deny,allow\n"); |
11bc6bdc | 647 | fprintf (out, "Allow from all\n"); |
f50216d7 | 648 | fprintf (out, "</Limit>\n"); |
649 | fprintf (out, "%s\n", catchall); | |
11bc6bdc | 650 | fprintf (out, "AuthType None\n"); |
f50216d7 | 651 | fprintf (out, "Order deny,allow\n"); |
11bc6bdc | 652 | fprintf (out, "Allow from all\n"); |
f50216d7 | 653 | fprintf (out, "</Limit>\n"); |
654 | fprintf (out, "</Policy>\n"); | |
655 | } | |
656 | EXEC SQL CLOSE csr_lpc; | |
657 | fprintf(out, "\n"); | |
658 | tarfile_end(tf); | |
659 | tarfile_close(tf); | |
660 | } | |
661 | ||
662 | void sqlerr(void) | |
663 | { | |
664 | db_error(sqlca.sqlcode); | |
665 | } |