]> andersk Git - moira.git/blame_incremental - gen/cups-print.pc
andersk / moira.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
Alas, LDAP.
[moira.git] / gen / cups-print.pc
... / ...
CommitLineData
1/* $Id$
2 *
3 * This generates printcaps and other files for Athena print servers
4 *
5 * Copyright (C) 1992-1998 by the Massachusetts Institute of Technology.
6 * For copying and distribution information, please see the file
7 * <mit-copyright.h>.
8 */
9
10#include <mit-copyright.h>
11#include <moira.h>
12#include <moira_site.h>
13
14#include <sys/stat.h>
15#include <sys/types.h>
16
17#include <ctype.h>
18#include <stdio.h>
19#include <string.h>
20
21#include <time.h>
22#ifdef HAVE_KRB4
23#include <krb.h>
24#endif
25#include <krb5.h>
26
27#include "util.h"
28
29EXEC SQL INCLUDE sqlca;
30
31RCSID("$Header$");
32
33char *whoami = "cups-print.gen";
34char *db = "moira/moira";
35
36const int krbvers = 5; /* use Kerberos 5 */
37
38/* OMG, I hate this, but it's cleaner, I guess? */
39
40const char *alterjob = "<Limit Hold-Job Release-Job\
41 Restart-Job Purge-Jobs Reprocess-Job Set-Job-Attributes\
42 Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>";
43const char *submitjob = "<Limit Create-Job Print-Job Print-URI Send-Document\
44 Set-Job-Attributes Send-URI Create-Job-Subscription Renew-Subscription\
45 Cancel-Subscription Get-Notifications CUPS-Move-Job>";
46const char *alterpntr = "<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer\
47 CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>";
48const char *lpcpntr = "<Limit Pause-Printer Resume-Printer Enable-Printer\
49 Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs\
50 Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer\
51 Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After\
52 CUPS-Accept-Jobs CUPS-Reject-Jobs>";
53const char *canceljob = "<Limit Cancel-Job CUPS-Authenticate-Job>";
54const char *catchall = "<Limit All>";
55const char *phost = "printers.MIT.EDU";
56
57void do_host(char *host);
58void sqlerr(void);
59#ifndef MAX
60#define MAX(a, b) ( (a) > (b) ? (a) : (b) )
61#endif
62
63int main(int argc, char **argv)
64{
65 EXEC SQL BEGIN DECLARE SECTION;
66 char name[MACHINE_NAME_SIZE];
67 EXEC SQL END DECLARE SECTION;
68
69 init_acls();
70
71 EXEC SQL CONNECT :db;
72
73 EXEC SQL WHENEVER SQLERROR DO sqlerr();
74
75 EXEC SQL DECLARE csr_hosts CURSOR FOR
76 SELECT m.name FROM machine m, serverhosts sh
77 WHERE m.mach_id = sh.mach_id AND sh.service = 'CUPS-PRINT' AND sh.enable = 1;
78 EXEC SQL OPEN csr_hosts;
79 while (1)
80 {
81 EXEC SQL FETCH csr_hosts INTO :name;
82 if (sqlca.sqlcode)
83 break;
84
85 strtrim(name);
86 do_host(name);
87 }
88 EXEC SQL CLOSE csr_hosts;
89
90 exit(MR_SUCCESS);
91}
92
93void printer_user_list(FILE *out, char *type, int id, char *str)
94{
95 struct save_queue *sq;
96 struct imember *m;
97 char kbuf[MAX_K_NAME_SZ];
98 char *cp;
99
100 sq = get_acl(type, id, NULL);
101 while (sq_remove_data(sq, &m))
102 {
103 if (m->type != 'S' && m->type != NULL) {
104 /* CUPS wants mmanley/root, not mmanley.root@ATHENA.MIT.EDU */
105 canon_krb(m, krbvers, kbuf, sizeof(kbuf));
106
107 /* now, take out all the @realm */
108 for (cp=kbuf; *cp; cp++) {
109 if (*cp == '@') *cp = '\0';
110 }
111 fprintf(out, "%s %s\n", str, kbuf);
112 }
113 freeimember(m);
114 }
115 sq_destroy(sq);
116}
117
118
119
120void do_host(char *host)
121{
122 EXEC SQL BEGIN DECLARE SECTION;
123 char rp[PRINTERS_RP_SIZE], name[PRINTERS_NAME_SIZE];
124 char duplexname[PRINTERS_DUPLEXNAME_SIZE], location[PRINTERS_LOCATION_SIZE];
125 char hwtype[PRINTERS_HWTYPE_SIZE], lowerhwtype[PRINTERS_HWTYPE_SIZE];
126 char modtime[PRINTERS_MODTIME_SIZE], lmodtime[LIST_MODTIME_SIZE];
127 char contact[PRINTERS_CONTACT_SIZE], hostname[MACHINE_NAME_SIZE];
128 char cupshosts[MACHINE_NAME_SIZE], prtype [PRINTERS_TYPE_SIZE];
129 char *spoolhost = host, *unixtime_fmt = UNIXTIME_FMT, *p;
130 char *lhost;
131 int ka, pc, ac, lpc_acl, top_lpc_acl, banner, rm;
132 EXEC SQL END DECLARE SECTION;
133 TARFILE *tf;
134 FILE *out;
135 char filename[MAXPATHLEN], *duptc;
136 time_t mtime, now = time(NULL);
137
138 lhost = (char *) strdup (host);
139 for (p = lhost; *p; p++)
140 *p = tolower(*p);
141
142 EXEC SQL SELECT mach_id INTO :rm FROM machine
143 WHERE name = :spoolhost;
144
145 sprintf(filename, "%s/cups-print/%s", DCM_DIR, host);
146 tf = tarfile_open(filename);
147
148 /* printers.conf entries for locally run queues */
149 out = tarfile_start(tf, "/etc/cups/printers.conf", 0644, 0, 0,
150 "lp", "lp", now);
151
152 EXEC SQL DECLARE csr_printers CURSOR FOR
153 SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
154 m.name, pr.banner, pr.location, pr.contact, pr.ka,
155 pr.ac, pr.lpc_acl
156 FROM printers pr, machine m
157 WHERE pr.rm = :rm AND m.mach_id = pr.mach_id
158 AND pr.type != 'ALIAS';
159 EXEC SQL OPEN csr_printers;
160 while (1)
161 {
162 EXEC SQL FETCH csr_printers INTO :rp, :name, :duplexname,
163 :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl;
164 if (sqlca.sqlcode)
165 break;
166
167 strtrim(rp);
168 strtrim(name);
169 strtrim(duplexname);
170 strtrim(hwtype);
171 strtrim(hostname);
172 strtrim(location);
173 strtrim(contact);
174 strcpy(lowerhwtype, hwtype);
175 for (p = rp; *p; p++) /* Because uppercased printer names suck */
176 *p = tolower(*p);
177 for (p = lowerhwtype; *p; p++)
178 *p = tolower(*p);
179
180 fprintf(out, "<Printer %s>\n",rp);
181 fprintf(out, "Info %s:%s\n", rp, hwtype);
182 /* Note the use of "beh" to keep the CUPS from disabling print queues
183 * should they not respond versus discarding the job.
184 * See the "beh" page for details.
185 * The 1/0/60 says "don't disable/try 20 times/try every 60s */
186 if (!strncmp(hwtype, "HP", 2))
187 fprintf(out, "DeviceURI beh:/1/20/60/socket://%s:9100\n", hostname);
188 else
189 fprintf(out, "DeviceURI beh:/1/20/60/socket://%s\n", hostname);
190 fprintf(out, "State Idle\n"); // Always with the Idle
191 fprintf(out, "StateTime %ld\n", (long)time(NULL));
192 fprintf(out, "Accepting Yes\n");
193 fprintf(out, "Shared Yes\n");
194 fprintf(out, "QuotaPeriod 0\n");
195 fprintf(out, "PageLimit 0\n");
196 fprintf(out, "Klimit 0\n");
197 fprintf(out, "Option sides one-sided\n");
198 fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
199 fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
200 fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
201 fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
202 fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
203 if (location[0])
204 fprintf(out, "Location %s\n", location);
205 fprintf(out, "ErrorPolicy abort-job\n");
206 if (ka || lpc_acl)
207 fprintf(out, "OpPolicy %s-policy\n", rp);
208 else
209 fprintf(out, "OpPolicy default\n");
210
211 /* Access-control list. */
212 if (ac)
213 {
214 if (ka)
215 fprintf(out, "AuthType Negotiate\n");
216 else
217 fprintf(out, "AuthType Default\n");
218 printer_user_list(out, "LIST", ac, "AllowUser");
219 }
220
221 if (banner == PRN_BANNER_NONE)
222 fprintf(out, "JobSheets none none\n");
223 else
224 fprintf(out, "JobSheets athena none\n");
225 fprintf(out, "</Printer>\n");
226
227 }
228 EXEC SQL CLOSE csr_printers;
229
230 /* printers.conf entries for non-local CUPS queues */
231 EXEC SQL DECLARE csr_remote_printers CURSOR FOR
232 SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
233 m.name, pr.banner, pr.location, pr.contact, pr.ka,
234 pr.ac, pr.lpc_acl, m.name as cupshosts
235 FROM printers pr, machine m, serverhosts sh
236 WHERE pr.rm = m.mach_id
237 AND pr.type != 'ALIAS' AND m.name <> :spoolhost AND
238 m.mach_id = sh.mach_id AND sh.service = 'CUPS-PRINT' AND
239 sh.enable = 1 AND m.mach_id = sh.mach_id;
240
241 EXEC SQL OPEN csr_remote_printers;
242 while (1)
243 {
244 EXEC SQL FETCH csr_remote_printers INTO :rp, :name, :duplexname,
245 :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl, :cupshosts;
246 if (sqlca.sqlcode)
247 break;
248
249 strtrim(rp);
250 strtrim(name);
251 strtrim(duplexname);
252 strtrim(hwtype);
253 strtrim(hostname);
254 strtrim(location);
255 strtrim(contact);
256 strtrim(cupshosts);
257 strcpy(lowerhwtype, hwtype);
258 for (p = rp; *p; p++) /* Because uppercased printer names suck */
259 *p = tolower(*p);
260 for (p = lowerhwtype; *p; p++)
261 *p = tolower(*p);
262
263 fprintf(out, "<Printer %s>\n",rp);
264 fprintf(out, "Info %s:%s\n", rp, hwtype);
265 fprintf(out, "DeviceURI ipp://%s:631/printers/%s\n", cupshosts, rp);
266 fprintf(out, "State Idle\n"); // Always with the Idle
267 fprintf(out, "StateTime %ld\n", (long)time(NULL));
268 fprintf(out, "Accepting Yes\n");
269 fprintf(out, "Shared Yes\n");
270 fprintf(out, "QuotaPeriod 0\n");
271 fprintf(out, "PageLimit 0\n");
272 fprintf(out, "Klimit 0\n");
273 fprintf(out, "Option sides one-sided\n");
274 fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
275 fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
276 fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
277 fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
278 fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
279 if (location[0])
280 fprintf(out, "Location %s\n", location);
281 fprintf(out, "ErrorPolicy abort-job\n");
282 if (ka || lpc_acl)
283 fprintf(out, "OpPolicy %s-policy\n", rp);
284 else
285 fprintf(out, "OpPolicy default\n");
286
287 /* Access-control list. */
288 if (ac)
289 {
290 if (ka)
291 fprintf(out, "AuthType Negotiate\n");
292 else
293 fprintf(out, "AuthType Default\n");
294 printer_user_list(out, "LIST", ac, "AllowUser");
295 }
296
297 if (banner == PRN_BANNER_NONE)
298 fprintf(out, "JobSheets none none\n");
299 else
300 fprintf(out, "JobSheets athena none\n");
301 fprintf(out, "</Printer>\n");
302
303 }
304 EXEC SQL CLOSE csr_remote_printers;
305
306 /* printers.conf entries for non-local LPRng queues */
307 EXEC SQL DECLARE csr_lprng_printers CURSOR FOR
308 SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
309 m.name, pr.banner, pr.location, pr.contact, pr.ka,
310 pr.ac, pr.lpc_acl, m.name as cupshosts
311 FROM printers pr, machine m, serverhosts sh
312 WHERE pr.rm = m.mach_id
313 AND pr.type != 'ALIAS' AND m.name <> :spoolhost AND
314 m.mach_id = sh.mach_id AND sh.service = 'PRINT' AND
315 sh.enable = 1;
316
317 EXEC SQL OPEN csr_lprng_printers;
318 while (1)
319 {
320 EXEC SQL FETCH csr_lprng_printers INTO :rp, :name, :duplexname,
321 :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl, :cupshosts;
322 if (sqlca.sqlcode)
323 break;
324
325 strtrim(rp);
326 strtrim(name);
327 strtrim(duplexname);
328 strtrim(hwtype);
329 strtrim(hostname);
330 strtrim(location);
331 strtrim(contact);
332 strtrim(cupshosts);
333 strcpy(lowerhwtype, hwtype);
334 for (p = rp; *p; p++) /* Because uppercased printer names suck */
335 *p = tolower(*p);
336 for (p = lowerhwtype; *p; p++)
337 *p = tolower(*p);
338
339 fprintf(out, "<Printer %s>\n",rp);
340 fprintf(out, "Info %s:LPRng Queue on %s\n", rp, cupshosts);
341 fprintf(out, "DeviceURI lpd://%s/%s\n", cupshosts, rp);
342 fprintf(out, "State Idle\n"); // Always with the Idle
343 fprintf(out, "StateTime %ld\n", (long)time(NULL));
344 fprintf(out, "Accepting Yes\n");
345 fprintf(out, "Shared Yes\n");
346 fprintf(out, "QuotaPeriod 0\n");
347 fprintf(out, "PageLimit 0\n");
348 fprintf(out, "Klimit 0\n");
349 fprintf(out, "Option sides one-sided\n");
350 fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
351 fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
352 fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
353 fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
354 fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
355 if (location[0])
356 fprintf(out, "Location %s\n", location);
357 fprintf(out, "ErrorPolicy abort-job\n");
358 fprintf(out, "OpPolicy default\n");
359 fprintf(out, "JobSheets none none\n");
360 fprintf(out, "</Printer>\n");
361
362 }
363 EXEC SQL CLOSE csr_lprng_printers;
364 tarfile_end(tf);
365
366
367 /* aliases are in classes.conf */
368 out = tarfile_start(tf, "/etc/cups/classes.conf", 0644, 0, 0,
369 "lp", "lp", now);
370 EXEC SQL DECLARE csr_duplexqs CURSOR FOR
371 SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
372 m.name, pr.banner, pr.location, pr.contact, pr.ka,
373 pr.type as prtype, pr.ac
374 FROM printers pr, machine m, serverhosts sh
375 WHERE pr.rm = m.mach_id
376 AND m.mach_id = sh.mach_id AND sh.enable = 1
377 AND (sh.service = 'CUPS-PRINT' OR sh.service = 'PRINT');
378 EXEC SQL OPEN csr_duplexqs;
379 while (1)
380 {
381 EXEC SQL FETCH csr_duplexqs INTO :rp, :name, :duplexname,
382 :hwtype, :hostname, :banner, :location, :contact, :ka, :prtype, :ac;
383 if (sqlca.sqlcode)
384 break;
385
386 strtrim(hwtype);
387 strtrim(rp);
388 strtrim(location);
389 strtrim(contact);
390 strtrim(prtype);
391
392 /* Define alias queues as classes to the regular queues for
393 * accounting reasons. Annoyingly, classes don't always inherit
394 * their printer definitions.
395 */
396 if (!strcmp(prtype,"ALIAS"))
397 {
398 strtrim(name);
399 fprintf(out, "<Class %s>\n",name);
400 fprintf(out, "Info Alias Queue to %s:%s\n", rp, hwtype);
401 fprintf(out, "Printer %s\n", rp);
402 fprintf(out, "Option sides one-sided\n");
403 fprintf(out, "State Idle\n"); // Always with the Idle
404 fprintf(out, "StateTime %ld\n", (long)time(NULL));
405 fprintf(out, "Accepting Yes\n");
406 fprintf(out, "Shared Yes\n");
407 fprintf(out, "QuotaPeriod 0\n");
408 fprintf(out, "PageLimit 0\n");
409 if (location[0])
410 fprintf(out, "Location %s\n", location);
411 /* fprintf(out, "ErrorPolicy abort-job\n"); */
412 if (ka || lpc_acl)
413 fprintf(out, "OpPolicy %s-policy\n", rp);
414 else
415 fprintf(out, "OpPolicy default\n");
416
417 /* Access-control list. */
418 if (ac)
419 {
420 if (ka)
421 fprintf(out, "AuthType Negotiate\n");
422 else
423 fprintf(out, "AuthType Default\n");
424 printer_user_list(out, "LIST", ac, "AllowUser");
425 }
426
427 if (banner == PRN_BANNER_NONE)
428 fprintf(out, "JobSheets none none\n");
429 else
430 fprintf(out, "JobSheets athena none\n");
431 fprintf(out, "</Class>\n");
432 }
433
434 /* Define duplex queues as aliases to the regular queues for
435 * accounting reasons. Annoyingly, classes don't always inherit
436 * their printer definitions.
437 */
438 if (*duplexname)
439 {
440 strtrim(duplexname);
441 fprintf(out, "<Class %s>\n",duplexname);
442 if (!strcmp(prtype,"ALIAS"))
443 fprintf(out, "Info Duplex Alias Queue to %s:%s\n", rp, hwtype);
444 else
445 fprintf(out, "Info Duplex Queue for %s:%s\n", rp, hwtype);
446 fprintf(out, "Option sides two-sided-long-edge\n"); // duplex
447 fprintf(out, "Printer %s\n", rp);
448 fprintf(out, "State Idle\n"); // Always with the Idle
449 fprintf(out, "StateTime %ld\n", (long)time(NULL));
450 fprintf(out, "Accepting Yes\n");
451 fprintf(out, "Shared Yes\n");
452 fprintf(out, "QuotaPeriod 0\n");
453 fprintf(out, "PageLimit 0\n");
454 if (location[0])
455 fprintf(out, "Location %s\n", location);
456 fprintf(out, "ErrorPolicy abort-job\n");
457 if (ka || lpc_acl)
458 fprintf(out, "OpPolicy %s-policy\n", rp);
459 else
460 fprintf(out, "OpPolicy default\n");
461
462 /* Access-control list. */
463 if (ac)
464 {
465 if (ka)
466 fprintf(out, "AuthType Negotiate\n");
467 else
468 fprintf(out, "AuthType Default\n");
469 printer_user_list(out, "LIST", ac, "AllowUser");
470 }
471
472 if (banner == PRN_BANNER_NONE)
473 fprintf(out, "JobSheets none none\n");
474 else if (banner == PRN_BANNER_LAST)
475 fprintf(out, "JobSheets athena none\n");
476 fprintf(out, "</Class>\n");
477 }
478 }
479 EXEC SQL CLOSE csr_duplexqs;
480 tarfile_end(tf);
481
482 /* cups.conf */
483 out = tarfile_start(tf, "/etc/cups/cupsd.conf", 0755, 1, 1,
484 "root", "lp", now);
485
486 fprintf(out, "LogLevel info\n");
487 fprintf(out, "SystemGroup sys root ops-group\n");
488 fprintf(out, "Port 631\n");
489 fprintf(out, "Listen /var/run/cups/cups.sock\n");
490 fprintf(out, "Browsing On\n");
491 fprintf(out, "BrowseOrder allow,deny\n");
492 fprintf(out, "BrowseAllow all\n");
493 fprintf(out, "BrowseAddress @LOCAL\n");
494 fprintf(out, "DefaultAuthType Negotiate\n");
495 fprintf(out, "ServerCertificate /etc/cups/ssl/%s-ipp-crt.pem\n", lhost);
496 fprintf(out, "ServerKey /etc/cups/ssl/%s-ipp-key.pem\n", lhost);
497 fprintf(out, "ServerName %s\n", lhost);
498 fprintf(out, "ServerAlias %s\n", phost);
499 fprintf(out, "Krb5Keytab /etc/krb5-ipp.keytab\n");
500
501 /* The other CUPS servers should be aware of the other hosts'
502 queues, so we'll let them browse each other. */
503 fprintf(out, "Include cups.local.conf\n");
504 fprintf(out, "Include cups.locations.conf\n");
505 fprintf(out, "Include cups.policies.conf\n");
506 tarfile_end(tf);
507
508 /* cups.hosts.conf */
509 out = tarfile_start(tf, "/etc/cups/cups.hosts.conf", 0755, 1, 1,
510 "root", "lp", now);
511 EXEC SQL DECLARE csr_cupshosts CURSOR FOR
512 SELECT m.name AS cupshosts FROM machine m, printservers ps
513 WHERE m.mach_id = ps.mach_id AND ps.kind = 'CUPS';
514 EXEC SQL OPEN csr_cupshosts;
515 while (1)
516 {
517 EXEC SQL FETCH csr_cupshosts INTO :cupshosts;
518 if (sqlca.sqlcode)
519 break;
520
521 strtrim(cupshosts);
522
523 /* Don't poll yourself looking for answers! */
524 if (strcmp(cupshosts,host))
525 fprintf(out, "BrowsePoll %s\n", cupshosts);
526 }
527 EXEC SQL CLOSE csr_cupshosts;
528
529 tarfile_end(tf);
530
531 /* cups.policies.conf */
532 out = tarfile_start(tf, "/etc/cups/cups.policies.conf", 0755, 1, 1,
533 "root", "lp", now);
534 fprintf(out, "# Printer-specific LPC and LPR ACLs\n");
535 /* lpcaccess.top */
536 EXEC SQL SELECT ps.lpc_acl INTO :top_lpc_acl
537 FROM printservers ps, machine m
538 WHERE m.name = :spoolhost AND m.mach_id = ps.mach_id;
539 if (!sqlca.sqlcode && lpc_acl)
540 {
541 fprintf (out, "<Policy default>\n");
542 fprintf (out, "%s\n", alterjob);
543 fprintf (out, "AuthType Default\n");
544 fprintf (out, "Require user @OWNER @SYSTEM\n");
545 printer_user_list(out, "LIST", top_lpc_acl, "Require user");
546 fprintf (out, "Order deny,allow\n");
547 fprintf (out, "</Limit>\n");
548 fprintf (out, "%s\n", submitjob);
549 fprintf (out, "AuthType None\n");
550 fprintf (out, "Order deny,allow\n");
551 fprintf (out, "Allow from all\n");
552 fprintf (out, "</Limit>\n");
553 fprintf (out, "%s\n", alterpntr);
554 fprintf (out, "AuthType Default\n");
555 fprintf (out, "Require user @SYSTEM\n");
556 fprintf (out, "Order deny,allow\n");
557 fprintf (out, "</Limit>\n");
558 fprintf (out, "%s\n", lpcpntr);
559 fprintf (out, "AuthType Default\n");
560 fprintf (out, "Require user @SYSTEM\n");
561 printer_user_list(out, "LIST", top_lpc_acl, "Require user");
562 fprintf (out, "Order deny,allow\n");
563 fprintf (out, "</Limit>\n");
564 fprintf (out, "%s\n", canceljob);
565 fprintf (out, "AuthType Default\n");
566 fprintf (out, "Require user @OWNER @SYSTEM\n");
567 printer_user_list(out, "LIST", top_lpc_acl, "Require user");
568 fprintf (out, "Order deny,allow\n");
569 fprintf (out, "Allow from all\n");
570 fprintf (out, "</Limit>\n");
571 fprintf (out, "%s\n", catchall);
572 fprintf (out, "AuthType None\n");
573 fprintf (out, "Order deny,allow\n");
574 fprintf (out, "Allow from all\n");
575 fprintf (out, "</Limit>\n");
576 fprintf (out, "</Policy>\n");
577 }
578
579 /* restrict lists and lpcaccess policies. Sadly, we have to put the
580 top level for each new policy since CUPS doesn't have a way of
581 doing it otherwise (well, Unix groups, but not moira) */
582 EXEC SQL DECLARE csr_lpc CURSOR FOR
583 SELECT UNIQUE rp, ka, ac, lpc_acl
584 FROM printers
585 WHERE (ac != 0 OR lpc_acl != 0) AND rm in (SELECT m.mach_id FROM machine m, serverhosts sh
586 WHERE m.mach_id = sh.mach_id AND sh.service = 'CUPS-PRINT' AND sh.enable = 1);
587 EXEC SQL OPEN csr_lpc;
588 while (1)
589 {
590 EXEC SQL FETCH csr_lpc INTO :name, :ka, :ac, :lpc_acl;
591 if (sqlca.sqlcode)
592 break;
593
594 strtrim(name);
595
596 fprintf (out, "<Policy %s-policy>\n", name);
597 fprintf (out, "%s\n", alterjob);
598 fprintf (out, "AuthType Default\n");
599 fprintf (out, "Require user @OWNER @SYSTEM\n");
600 printer_user_list(out, "LIST", lpc_acl, "Require user");
601 fprintf (out, "Order deny,allow\n");
602 fprintf (out, "Allow from all\n");
603 fprintf (out, "</Limit>\n");
604 fprintf (out, "%s\n", submitjob);
605 /* If the printer is Kerberized? */
606 if (ka)
607 fprintf (out, "AuthType Negotiate\n");
608 else
609 fprintf (out, "AuthType None\n");
610 /* Access-control list. */
611 if (ac)
612 printer_user_list(out, "LIST", ac, "Require user");
613 else if (ka)
614 fprintf (out, "Require valid-user\n");
615 fprintf (out, "Order deny,allow\n");
616 fprintf (out, "Allow from all\n");
617 fprintf (out, "</Limit>\n");
618 fprintf (out, "%s\n", alterpntr);
619 fprintf (out, "AuthType Default\n");
620 fprintf (out, "Require user @SYSTEM\n");
621 fprintf (out, "Order deny,allow\n");
622 fprintf (out, "</Limit>\n");
623 fprintf (out, "%s\n", lpcpntr);
624 fprintf (out, "AuthType Default\n");
625 fprintf (out, "Require user @SYSTEM\n");
626 /* printer-specific lpc access. */
627 if (lpc_acl)
628 printer_user_list(out, "LIST", lpc_acl, "Require user");
629 printer_user_list(out, "LIST", top_lpc_acl, "Require user");
630 fprintf (out, "Order deny,allow\n");
631 fprintf (out, "</Limit>\n");
632 fprintf (out, "%s\n", canceljob);
633 fprintf (out, "AuthType Default\n");
634 fprintf (out, "Require user @OWNER @SYSTEM\n");
635 printer_user_list(out, "LIST", lpc_acl, "Require user");
636 printer_user_list(out, "LIST", top_lpc_acl, "Require user");
637 fprintf (out, "Order deny,allow\n");
638 fprintf (out, "Allow from all\n");
639 fprintf (out, "</Limit>\n");
640 fprintf (out, "%s\n", catchall);
641 fprintf (out, "AuthType None\n");
642 fprintf (out, "Order deny,allow\n");
643 fprintf (out, "Allow from all\n");
644 fprintf (out, "</Limit>\n");
645 fprintf (out, "</Policy>\n");
646 }
647 EXEC SQL CLOSE csr_lpc;
648 fprintf(out, "\n");
649 tarfile_end(tf);
650 tarfile_close(tf);
651}
652
653void sqlerr(void)
654{
655 db_error(sqlca.sqlcode);
656}
Moira, the Athena Service Management system
This page took 0.047179 seconds and 5 git commands to generate.