]>
Commit | Line | Data |
---|---|---|
1 | /* $Id$ | |
2 | * | |
3 | * This generates printcaps and other files for Athena print servers | |
4 | * | |
5 | * Copyright (C) 1992-1998 by the Massachusetts Institute of Technology. | |
6 | * For copying and distribution information, please see the file | |
7 | * <mit-copyright.h>. | |
8 | */ | |
9 | ||
10 | #include <mit-copyright.h> | |
11 | #include <moira.h> | |
12 | #include <moira_site.h> | |
13 | ||
14 | #include <sys/stat.h> | |
15 | #include <sys/types.h> | |
16 | ||
17 | #include <ctype.h> | |
18 | #include <stdio.h> | |
19 | #include <string.h> | |
20 | ||
21 | #include <time.h> | |
22 | #ifdef HAVE_KRB4 | |
23 | #include <krb.h> | |
24 | #endif | |
25 | #include <krb5.h> | |
26 | ||
27 | #include "util.h" | |
28 | ||
29 | EXEC SQL INCLUDE sqlca; | |
30 | ||
31 | RCSID("$Header$"); | |
32 | ||
33 | char *whoami = "cups-print.gen"; | |
34 | char *db = "moira/moira"; | |
35 | ||
36 | const int krbvers = 5; /* use Kerberos 5 */ | |
37 | ||
38 | /* OMG, I hate this, but it's cleaner, I guess? */ | |
39 | ||
40 | const char *alterjob = "<Limit Hold-Job Release-Job\ | |
41 | Restart-Job Purge-Jobs Reprocess-Job Set-Job-Attributes\ | |
42 | Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>"; | |
43 | const char *submitjob = "<Limit Create-Job Print-Job Print-URI\ | |
44 | Set-Job-Attributes Send-URI Create-Job-Subscription Renew-Subscription\ | |
45 | Cancel-Subscription Get-Notifications CUPS-Move-Job CUPS-Authenticate-Job>"; | |
46 | const char *alterpntr = "<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer\ | |
47 | CUPS-Add-Modify-Class CUPS-Delete-Class>"; | |
48 | const char *lpcpntr = "<Limit Pause-Printer Resume-Printer Enable-Printer\ | |
49 | Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs\ | |
50 | Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer\ | |
51 | Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After\ | |
52 | CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>"; | |
53 | const char *canceljob = "<Limit Cancel-Job>"; | |
54 | const char *catchall = "<Limit All>"; | |
55 | const char *phost = "printers.MIT.EDU"; | |
56 | const char *svrlist = "cups-servers"; | |
57 | ||
58 | void do_host(char *host); | |
59 | void sqlerr(void); | |
60 | #ifndef MAX | |
61 | #define MAX(a, b) ( (a) > (b) ? (a) : (b) ) | |
62 | #endif | |
63 | ||
64 | int main(int argc, char **argv) | |
65 | { | |
66 | EXEC SQL BEGIN DECLARE SECTION; | |
67 | char name[MACHINE_NAME_SIZE]; | |
68 | EXEC SQL END DECLARE SECTION; | |
69 | ||
70 | init_acls(); | |
71 | ||
72 | EXEC SQL CONNECT :db; | |
73 | ||
74 | EXEC SQL WHENEVER SQLERROR DO sqlerr(); | |
75 | ||
76 | EXEC SQL DECLARE csr_hosts CURSOR FOR | |
77 | SELECT m.name FROM machine m, serverhosts sh | |
78 | WHERE m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER') | |
79 | AND sh.enable = 1; | |
80 | EXEC SQL OPEN csr_hosts; | |
81 | while (1) | |
82 | { | |
83 | EXEC SQL FETCH csr_hosts INTO :name; | |
84 | if (sqlca.sqlcode) | |
85 | break; | |
86 | ||
87 | strtrim(name); | |
88 | do_host(name); | |
89 | } | |
90 | EXEC SQL CLOSE csr_hosts; | |
91 | ||
92 | exit(MR_SUCCESS); | |
93 | } | |
94 | ||
95 | void printer_user_list(FILE *out, char *type, int id, char *str, int striprealm) | |
96 | { | |
97 | struct save_queue *sq; | |
98 | struct imember *m; | |
99 | char kbuf[MAX_K_NAME_SZ]; | |
100 | char *cp; | |
101 | ||
102 | sq = get_acl(type, id, NULL); | |
103 | while (sq_remove_data(sq, &m)) | |
104 | { | |
105 | if (m->type != 'S' && m->type != NULL) { | |
106 | /* CUPS wants mmanley/root, not mmanley.root@ATHENA.MIT.EDU */ | |
107 | canon_krb(m, krbvers, kbuf, sizeof(kbuf)); | |
108 | ||
109 | /* now, take out all the @realm */ | |
110 | if (striprealm) { | |
111 | for (cp=kbuf; *cp; cp++) { | |
112 | if (*cp == '@') *cp = '\0'; | |
113 | } | |
114 | } | |
115 | fprintf(out, "%s %s\n", str, kbuf); | |
116 | } | |
117 | freeimember(m); | |
118 | } | |
119 | sq_destroy(sq); | |
120 | } | |
121 | ||
122 | ||
123 | ||
124 | void do_host(char *host) | |
125 | { | |
126 | EXEC SQL BEGIN DECLARE SECTION; | |
127 | char rp[PRINTERS_RP_SIZE], name[PRINTERS_NAME_SIZE]; | |
128 | char duplexname[PRINTERS_DUPLEXNAME_SIZE], location[PRINTERS_LOCATION_SIZE]; | |
129 | char hwtype[PRINTERS_HWTYPE_SIZE], lowerhwtype[PRINTERS_HWTYPE_SIZE]; | |
130 | char modtime[PRINTERS_MODTIME_SIZE], lmodtime[LIST_MODTIME_SIZE]; | |
131 | char contact[PRINTERS_CONTACT_SIZE], hostname[MACHINE_NAME_SIZE]; | |
132 | char cupshosts[MACHINE_NAME_SIZE], prtype [PRINTERS_TYPE_SIZE]; | |
133 | char service[SERVERHOSTS_SERVICE_SIZE]; | |
134 | char *spoolhost = host, *unixtime_fmt = UNIXTIME_FMT, *p; | |
135 | char *lhost; | |
136 | int ka, pc, ac, lpc_acl, top_lpc_acl, banner, rm; | |
137 | EXEC SQL END DECLARE SECTION; | |
138 | TARFILE *tf; | |
139 | FILE *out; | |
140 | char filename[MAXPATHLEN], *duptc; | |
141 | time_t mtime, now = time(NULL); | |
142 | ||
143 | lhost = (char *) strdup (host); | |
144 | for (p = lhost; *p; p++) | |
145 | *p = tolower(*p); | |
146 | ||
147 | EXEC SQL SELECT mach_id INTO :rm FROM machine | |
148 | WHERE name = :spoolhost; | |
149 | ||
150 | sprintf(filename, "%s/cups-print/%s", DCM_DIR, host); | |
151 | tf = tarfile_open(filename); | |
152 | ||
153 | /* printers.conf entries for locally run queues */ | |
154 | out = tarfile_start(tf, "/etc/cups/printers.conf", 0644, 0, 0, | |
155 | "lp", "lp", now); | |
156 | ||
157 | EXEC SQL DECLARE csr_printers CURSOR FOR | |
158 | SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype, | |
159 | m.name, pr.banner, pr.location, pr.contact, pr.ka, | |
160 | pr.ac, pr.lpc_acl | |
161 | FROM printers pr, machine m | |
162 | WHERE pr.rm = :rm AND m.mach_id = pr.mach_id | |
163 | AND pr.type != 'ALIAS'; | |
164 | EXEC SQL OPEN csr_printers; | |
165 | while (1) | |
166 | { | |
167 | EXEC SQL FETCH csr_printers INTO :rp, :name, :duplexname, | |
168 | :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl; | |
169 | if (sqlca.sqlcode) | |
170 | break; | |
171 | ||
172 | strtrim(rp); | |
173 | strtrim(name); | |
174 | strtrim(duplexname); | |
175 | strtrim(hwtype); | |
176 | strtrim(hostname); | |
177 | strtrim(location); | |
178 | strtrim(contact); | |
179 | strcpy(lowerhwtype, hwtype); | |
180 | for (p = rp; *p; p++) /* Because uppercased printer names suck */ | |
181 | *p = tolower(*p); | |
182 | for (p = lowerhwtype; *p; p++) | |
183 | *p = tolower(*p); | |
184 | ||
185 | fprintf(out, "<Printer %s>\n",rp); | |
186 | fprintf(out, "Info %s:%s\n", rp, hwtype); | |
187 | /* Note the use of "beh" to keep the CUPS from disabling print queues | |
188 | * should they not respond versus discarding the job. | |
189 | * See the "beh" page for details. | |
190 | * The 1/0/60 says "don't disable/try 20 times/try every 60s */ | |
191 | if (!strncmp(hwtype, "HP", 2)) | |
192 | fprintf(out, "DeviceURI beh:/1/20/60/socket://%s:9100\n", hostname); | |
193 | else | |
194 | fprintf(out, "DeviceURI beh:/1/20/60/socket://%s\n", hostname); | |
195 | fprintf(out, "State Idle\n"); // Always with the Idle | |
196 | fprintf(out, "StateTime %ld\n", (long)time(NULL)); | |
197 | fprintf(out, "Accepting Yes\n"); | |
198 | fprintf(out, "Shared Yes\n"); | |
199 | fprintf(out, "QuotaPeriod 0\n"); | |
200 | fprintf(out, "PageLimit 0\n"); | |
201 | fprintf(out, "Klimit 0\n"); | |
202 | fprintf(out, "Option sides one-sided\n"); | |
203 | fprintf(out, "Filter application/vnd.cups-raw 0 -\n"); | |
204 | fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n"); | |
205 | fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n"); | |
206 | fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n"); | |
207 | fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n"); | |
208 | if (location[0]) | |
209 | fprintf(out, "Location %s\n", location); | |
210 | fprintf(out, "ErrorPolicy abort-job\n"); | |
211 | if (ka || lpc_acl) | |
212 | fprintf(out, "OpPolicy %s-policy\n", rp); | |
213 | else | |
214 | fprintf(out, "OpPolicy default\n"); | |
215 | ||
216 | /* Access-control list. */ | |
217 | if (ac) | |
218 | { | |
219 | if (ka) | |
220 | fprintf(out, "AuthType Negotiate\n"); | |
221 | else | |
222 | fprintf(out, "AuthType Default\n"); | |
223 | printer_user_list(out, "LIST", ac, "AllowUser", 0); | |
224 | } | |
225 | ||
226 | if (banner == PRN_BANNER_NONE) | |
227 | fprintf(out, "JobSheets none none\n"); | |
228 | else | |
229 | fprintf(out, "JobSheets athena none\n"); | |
230 | fprintf(out, "</Printer>\n"); | |
231 | ||
232 | } | |
233 | EXEC SQL CLOSE csr_printers; | |
234 | ||
235 | /* printers.conf entries for non-local CUPS queues */ | |
236 | EXEC SQL DECLARE csr_remote_printers CURSOR FOR | |
237 | SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype, | |
238 | m.name, pr.banner, pr.location, pr.contact, pr.ka, | |
239 | pr.ac, pr.lpc_acl, m.name as cupshosts | |
240 | FROM printers pr, machine m, serverhosts sh | |
241 | WHERE pr.rm = m.mach_id | |
242 | AND pr.type != 'ALIAS' AND m.name <> :spoolhost AND | |
243 | m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER') | |
244 | AND sh.enable = 1 AND m.mach_id = sh.mach_id; | |
245 | ||
246 | EXEC SQL OPEN csr_remote_printers; | |
247 | while (1) | |
248 | { | |
249 | EXEC SQL FETCH csr_remote_printers INTO :rp, :name, :duplexname, | |
250 | :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl, :cupshosts; | |
251 | if (sqlca.sqlcode) | |
252 | break; | |
253 | ||
254 | strtrim(rp); | |
255 | strtrim(name); | |
256 | strtrim(duplexname); | |
257 | strtrim(hwtype); | |
258 | strtrim(hostname); | |
259 | strtrim(location); | |
260 | strtrim(contact); | |
261 | strtrim(cupshosts); | |
262 | strcpy(lowerhwtype, hwtype); | |
263 | for (p = rp; *p; p++) /* Because uppercased printer names suck */ | |
264 | *p = tolower(*p); | |
265 | for (p = lowerhwtype; *p; p++) | |
266 | *p = tolower(*p); | |
267 | ||
268 | fprintf(out, "<Printer %s>\n",rp); | |
269 | fprintf(out, "Info %s:%s\n", rp, hwtype); | |
270 | fprintf(out, "DeviceURI ipp://%s:631/printers/%s\n", cupshosts, rp); | |
271 | fprintf(out, "State Idle\n"); // Always with the Idle | |
272 | fprintf(out, "StateTime %ld\n", (long)time(NULL)); | |
273 | fprintf(out, "Accepting Yes\n"); | |
274 | fprintf(out, "Shared Yes\n"); | |
275 | fprintf(out, "QuotaPeriod 0\n"); | |
276 | fprintf(out, "PageLimit 0\n"); | |
277 | fprintf(out, "Klimit 0\n"); | |
278 | fprintf(out, "Option sides one-sided\n"); | |
279 | fprintf(out, "Filter application/vnd.cups-raw 0 -\n"); | |
280 | fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n"); | |
281 | fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n"); | |
282 | fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n"); | |
283 | fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n"); | |
284 | if (location[0]) | |
285 | fprintf(out, "Location %s\n", location); | |
286 | fprintf(out, "ErrorPolicy abort-job\n"); | |
287 | if (ka || lpc_acl) | |
288 | fprintf(out, "OpPolicy %s-policy\n", rp); | |
289 | else | |
290 | fprintf(out, "OpPolicy default\n"); | |
291 | ||
292 | /* Access-control list. */ | |
293 | if (ac) | |
294 | { | |
295 | if (ka) | |
296 | fprintf(out, "AuthType Negotiate\n"); | |
297 | else | |
298 | fprintf(out, "AuthType Default\n"); | |
299 | printer_user_list(out, "LIST", ac, "AllowUser", 0); | |
300 | } | |
301 | ||
302 | if (banner == PRN_BANNER_NONE) | |
303 | fprintf(out, "JobSheets none none\n"); | |
304 | else | |
305 | fprintf(out, "JobSheets athena none\n"); | |
306 | fprintf(out, "</Printer>\n"); | |
307 | ||
308 | } | |
309 | EXEC SQL CLOSE csr_remote_printers; | |
310 | ||
311 | /* printers.conf entries for non-local LPRng queues */ | |
312 | EXEC SQL DECLARE csr_lprng_printers CURSOR FOR | |
313 | SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype, | |
314 | m.name, pr.banner, pr.location, pr.contact, pr.ka, | |
315 | pr.ac, pr.lpc_acl, m.name as cupshosts | |
316 | FROM printers pr, machine m, serverhosts sh | |
317 | WHERE pr.rm = m.mach_id | |
318 | AND pr.type != 'ALIAS' AND m.name <> :spoolhost AND | |
319 | m.mach_id = sh.mach_id AND sh.service = 'PRINT' AND | |
320 | sh.enable = 1; | |
321 | ||
322 | EXEC SQL OPEN csr_lprng_printers; | |
323 | while (1) | |
324 | { | |
325 | EXEC SQL FETCH csr_lprng_printers INTO :rp, :name, :duplexname, | |
326 | :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl, :cupshosts; | |
327 | if (sqlca.sqlcode) | |
328 | break; | |
329 | ||
330 | strtrim(rp); | |
331 | strtrim(name); | |
332 | strtrim(duplexname); | |
333 | strtrim(hwtype); | |
334 | strtrim(hostname); | |
335 | strtrim(location); | |
336 | strtrim(contact); | |
337 | strtrim(cupshosts); | |
338 | strcpy(lowerhwtype, hwtype); | |
339 | for (p = rp; *p; p++) /* Because uppercased printer names suck */ | |
340 | *p = tolower(*p); | |
341 | for (p = lowerhwtype; *p; p++) | |
342 | *p = tolower(*p); | |
343 | ||
344 | fprintf(out, "<Printer %s>\n",rp); | |
345 | fprintf(out, "Info %s:LPRng Queue on %s\n", rp, cupshosts); | |
346 | fprintf(out, "DeviceURI lpd://%s/%s\n", cupshosts, rp); | |
347 | fprintf(out, "State Idle\n"); // Always with the Idle | |
348 | fprintf(out, "StateTime %ld\n", (long)time(NULL)); | |
349 | fprintf(out, "Accepting Yes\n"); | |
350 | fprintf(out, "Shared Yes\n"); | |
351 | fprintf(out, "QuotaPeriod 0\n"); | |
352 | fprintf(out, "PageLimit 0\n"); | |
353 | fprintf(out, "Klimit 0\n"); | |
354 | fprintf(out, "Option sides one-sided\n"); | |
355 | fprintf(out, "Filter application/vnd.cups-raw 0 -\n"); | |
356 | fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n"); | |
357 | fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n"); | |
358 | fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n"); | |
359 | fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n"); | |
360 | if (location[0]) | |
361 | fprintf(out, "Location %s\n", location); | |
362 | fprintf(out, "ErrorPolicy abort-job\n"); | |
363 | fprintf(out, "OpPolicy default\n"); | |
364 | fprintf(out, "JobSheets none none\n"); | |
365 | fprintf(out, "</Printer>\n"); | |
366 | ||
367 | } | |
368 | EXEC SQL CLOSE csr_lprng_printers; | |
369 | tarfile_end(tf); | |
370 | ||
371 | ||
372 | /* aliases are in classes.conf */ | |
373 | out = tarfile_start(tf, "/etc/cups/classes.conf", 0644, 0, 0, | |
374 | "lp", "lp", now); | |
375 | EXEC SQL DECLARE csr_duplexqs CURSOR FOR | |
376 | SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype, | |
377 | m.name, pr.banner, pr.location, pr.contact, pr.ka, | |
378 | pr.type as prtype, pr.ac, sh.service | |
379 | FROM printers pr, machine m, serverhosts sh | |
380 | WHERE pr.rm = m.mach_id | |
381 | AND m.mach_id = sh.mach_id AND sh.enable = 1 | |
382 | AND (sh.service = 'CUPS-PRINT' OR sh.service = 'PRINT' OR sh.service = 'CUPS-CLUSTER'); | |
383 | EXEC SQL OPEN csr_duplexqs; | |
384 | while (1) | |
385 | { | |
386 | EXEC SQL FETCH csr_duplexqs INTO :rp, :name, :duplexname, | |
387 | :hwtype, :hostname, :banner, :location, :contact, :ka, :prtype, :ac, :service; | |
388 | if (sqlca.sqlcode) | |
389 | break; | |
390 | ||
391 | strtrim(hwtype); | |
392 | strtrim(service); | |
393 | strtrim(rp); | |
394 | strtrim(location); | |
395 | strtrim(contact); | |
396 | strtrim(prtype); | |
397 | ||
398 | /* Define alias queues as classes to the regular queues for | |
399 | * accounting reasons. Annoyingly, classes don't always inherit | |
400 | * their printer definitions. | |
401 | */ | |
402 | if (!strcmp(prtype,"ALIAS")) | |
403 | { | |
404 | strtrim(name); | |
405 | fprintf(out, "<Class %s>\n",name); | |
406 | fprintf(out, "Info Alias Queue to %s:%s\n", rp, hwtype); | |
407 | fprintf(out, "Printer %s\n", rp); | |
408 | fprintf(out, "Option sides one-sided\n"); | |
409 | fprintf(out, "State Idle\n"); // Always with the Idle | |
410 | fprintf(out, "StateTime %ld\n", (long)time(NULL)); | |
411 | fprintf(out, "Accepting Yes\n"); | |
412 | fprintf(out, "Shared Yes\n"); | |
413 | fprintf(out, "QuotaPeriod 0\n"); | |
414 | fprintf(out, "PageLimit 0\n"); | |
415 | if (location[0]) | |
416 | fprintf(out, "Location %s\n", location); | |
417 | /* do not use custom policies for LPRng printers */ | |
418 | if (strcmp(service,"PRINT") && (ka || lpc_acl)) | |
419 | fprintf(out, "OpPolicy %s-policy\n", rp); | |
420 | else | |
421 | fprintf(out, "OpPolicy default\n"); | |
422 | ||
423 | /* Access-control list. */ | |
424 | if (ac) | |
425 | printer_user_list(out, "LIST", ac, "AllowUser", 0); | |
426 | ||
427 | if (banner == PRN_BANNER_NONE) | |
428 | fprintf(out, "JobSheets none none\n"); | |
429 | else | |
430 | fprintf(out, "JobSheets athena none\n"); | |
431 | fprintf(out, "</Class>\n"); | |
432 | } | |
433 | ||
434 | /* Define duplex queues as aliases to the regular queues for | |
435 | * accounting reasons. Annoyingly, classes don't always inherit | |
436 | * their printer definitions. | |
437 | */ | |
438 | if (*duplexname) | |
439 | { | |
440 | strtrim(duplexname); | |
441 | fprintf(out, "<Class %s>\n",duplexname); | |
442 | if (!strcmp(prtype,"ALIAS")) | |
443 | fprintf(out, "Info Duplex Alias Queue to %s:%s\n", rp, hwtype); | |
444 | else | |
445 | fprintf(out, "Info Duplex Queue for %s:%s\n", rp, hwtype); | |
446 | fprintf(out, "Option sides two-sided-long-edge\n"); // duplex | |
447 | fprintf(out, "Printer %s\n", rp); | |
448 | fprintf(out, "State Idle\n"); // Always with the Idle | |
449 | fprintf(out, "StateTime %ld\n", (long)time(NULL)); | |
450 | fprintf(out, "Accepting Yes\n"); | |
451 | fprintf(out, "Shared Yes\n"); | |
452 | fprintf(out, "QuotaPeriod 0\n"); | |
453 | fprintf(out, "PageLimit 0\n"); | |
454 | if (location[0]) | |
455 | fprintf(out, "Location %s\n", location); | |
456 | if (strcmp(service,"PRINT") && (ka || lpc_acl)) | |
457 | fprintf(out, "OpPolicy %s-policy\n", rp); | |
458 | else | |
459 | fprintf(out, "OpPolicy default\n"); | |
460 | ||
461 | /* Access-control list. */ | |
462 | if (ac) | |
463 | printer_user_list(out, "LIST", ac, "AllowUser", 0); | |
464 | ||
465 | if (banner == PRN_BANNER_NONE) | |
466 | fprintf(out, "JobSheets none none\n"); | |
467 | else if (banner == PRN_BANNER_LAST) | |
468 | fprintf(out, "JobSheets athena none\n"); | |
469 | fprintf(out, "</Class>\n"); | |
470 | } | |
471 | } | |
472 | EXEC SQL CLOSE csr_duplexqs; | |
473 | tarfile_end(tf); | |
474 | ||
475 | /* cups.conf */ | |
476 | out = tarfile_start(tf, "/etc/cups/cupsd.conf", 0755, 1, 1, | |
477 | "root", "lp", now); | |
478 | ||
479 | fprintf(out, "LogLevel info\n"); | |
480 | fprintf(out, "SystemGroup sys root ops-group\n"); | |
481 | fprintf(out, "Port 631\n"); | |
482 | fprintf(out, "SSLPort 443\n"); | |
483 | fprintf(out, "Listen /var/run/cups/cups.sock\n"); | |
484 | fprintf(out, "Browsing On\n"); | |
485 | fprintf(out, "BrowseOrder allow,deny\n"); | |
486 | fprintf(out, "BrowseAllow all\n"); | |
487 | fprintf(out, "BrowseAddress @LOCAL\n"); | |
488 | fprintf(out, "DefaultAuthType Negotiate\n"); | |
489 | fprintf(out, "ServerCertificate /etc/cups/ssl/%s-ipp-crt.pem\n", lhost); | |
490 | fprintf(out, "ServerKey /etc/cups/ssl/%s-ipp-key.pem\n", lhost); | |
491 | fprintf(out, "ServerName %s\n", lhost); | |
492 | fprintf(out, "ServerAlias %s\n", phost); | |
493 | /* fprintf(out, "Krb5Keytab /etc/krb5-ipp.keytab\n"); */ | |
494 | ||
495 | /* The other CUPS servers should be aware of the other hosts' | |
496 | queues, so we'll let them browse each other. */ | |
497 | fprintf(out, "Include cups.local.conf\n"); | |
498 | fprintf(out, "Include cups.locations.conf\n"); | |
499 | fprintf(out, "Include cups.policies.conf\n"); | |
500 | tarfile_end(tf); | |
501 | ||
502 | /* cups.hosts.conf */ | |
503 | out = tarfile_start(tf, "/etc/cups/cups.hosts.conf", 0755, 1, 1, | |
504 | "root", "lp", now); | |
505 | EXEC SQL DECLARE csr_cupshosts CURSOR FOR | |
506 | SELECT m.name AS cupshosts FROM machine m, printservers ps | |
507 | WHERE m.mach_id = ps.mach_id AND ps.kind = 'CUPS'; | |
508 | EXEC SQL OPEN csr_cupshosts; | |
509 | while (1) | |
510 | { | |
511 | EXEC SQL FETCH csr_cupshosts INTO :cupshosts; | |
512 | if (sqlca.sqlcode) | |
513 | break; | |
514 | ||
515 | strtrim(cupshosts); | |
516 | ||
517 | /* Don't poll yourself looking for answers! */ | |
518 | if (strcmp(cupshosts,host)) | |
519 | fprintf(out, "BrowsePoll %s\n", cupshosts); | |
520 | } | |
521 | EXEC SQL CLOSE csr_cupshosts; | |
522 | ||
523 | tarfile_end(tf); | |
524 | ||
525 | /* cups.policies.conf */ | |
526 | out = tarfile_start(tf, "/etc/cups/cups.policies.conf", 0755, 1, 1, | |
527 | "root", "lp", now); | |
528 | fprintf(out, "# Printer-specific LPC and LPR ACLs\n"); | |
529 | /* lpcaccess.top */ | |
530 | EXEC SQL SELECT ps.lpc_acl INTO :top_lpc_acl | |
531 | FROM printservers ps, machine m | |
532 | WHERE m.name = :spoolhost AND m.mach_id = ps.mach_id; | |
533 | ||
534 | /* first, what's our defaults? */ | |
535 | fprintf (out, "<Policy default>\n"); | |
536 | fprintf (out, "%s\n", alterjob); | |
537 | fprintf (out, "AuthType Default\n"); | |
538 | fprintf (out, "Require user @OWNER @SYSTEM\n"); | |
539 | printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1); | |
540 | fprintf (out, "Order deny,allow\n"); | |
541 | fprintf (out, "</Limit>\n"); | |
542 | fprintf (out, "<Limit Send-Document CUPS-Get-Document>\n"); | |
543 | fprintf (out, "AuthType None\n"); | |
544 | fprintf (out, "Require user @OWNER @SYSTEM\n"); | |
545 | fprintf (out, "Order deny,allow\n"); | |
546 | fprintf (out, "Allow from all\n"); | |
547 | fprintf (out, "</Limit>\n"); | |
548 | fprintf (out, "%s\n", submitjob); | |
549 | fprintf (out, "AuthType None\n"); | |
550 | fprintf (out, "Order deny,allow\n"); | |
551 | fprintf (out, "Allow from all\n"); | |
552 | fprintf (out, "</Limit>\n"); | |
553 | fprintf (out, "%s\n", alterpntr); | |
554 | fprintf (out, "AuthType Default\n"); | |
555 | fprintf (out, "Require user @SYSTEM\n"); | |
556 | fprintf (out, "Order deny,allow\n"); | |
557 | fprintf (out, "</Limit>\n"); | |
558 | fprintf (out, "%s\n", lpcpntr); | |
559 | fprintf (out, "AuthType Default\n"); | |
560 | fprintf (out, "Require user @SYSTEM\n"); | |
561 | printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1); | |
562 | fprintf (out, "Order deny,allow\n"); | |
563 | fprintf (out, "</Limit>\n"); | |
564 | fprintf (out, "%s\n", canceljob); | |
565 | fprintf (out, "AuthType Default\n"); | |
566 | fprintf (out, "Require user @OWNER @SYSTEM\n"); | |
567 | printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1); | |
568 | fprintf (out, "Order deny,allow\n"); | |
569 | fprintf (out, "Allow from all\n"); | |
570 | fprintf (out, "</Limit>\n"); | |
571 | fprintf (out, "%s\n", catchall); | |
572 | fprintf (out, "AuthType None\n"); | |
573 | fprintf (out, "Order deny,allow\n"); | |
574 | fprintf (out, "Allow from all\n"); | |
575 | fprintf (out, "</Limit>\n"); | |
576 | fprintf (out, "</Policy>\n"); | |
577 | ||
578 | /* restrict lists and lpcaccess policies. Sadly, we have to put the | |
579 | top level for each new policy since CUPS doesn't have a way of | |
580 | doing it otherwise (well, Unix groups, but not moira) */ | |
581 | EXEC SQL DECLARE csr_lpc CURSOR FOR | |
582 | SELECT UNIQUE rp, ka, ac, lpc_acl | |
583 | FROM printers | |
584 | WHERE (ac != 0 OR lpc_acl != 0) AND rm in (SELECT m.mach_id FROM machine m, serverhosts sh | |
585 | WHERE m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER') | |
586 | AND sh.enable = 1); | |
587 | EXEC SQL OPEN csr_lpc; | |
588 | while (1) | |
589 | { | |
590 | EXEC SQL FETCH csr_lpc INTO :name, :ka, :ac, :lpc_acl; | |
591 | if (sqlca.sqlcode) | |
592 | break; | |
593 | ||
594 | strtrim(name); | |
595 | ||
596 | fprintf (out, "<Policy %s-policy>\n", name); | |
597 | fprintf (out, "%s\n", alterjob); | |
598 | fprintf (out, "AuthType Default\n"); | |
599 | fprintf (out, "Require user @OWNER @SYSTEM\n"); | |
600 | printer_user_list(out, "LIST", lpc_acl, "Require user", 1); | |
601 | printer_user_list(out, "LIST", svrlist, "Require user", 1); | |
602 | fprintf (out, "Order deny,allow\n"); | |
603 | fprintf (out, "Allow from all\n"); | |
604 | fprintf (out, "</Limit>\n"); | |
605 | fprintf (out, "<Limit Send-Document CUPS-Get-Document>\n"); | |
606 | fprintf (out, "AuthType None\n"); | |
607 | fprintf (out, "Require user @OWNER @SYSTEM\n"); | |
608 | fprintf (out, "Order deny,allow\n"); | |
609 | fprintf (out, "Allow from all\n"); | |
610 | fprintf (out, "</Limit>\n"); | |
611 | fprintf (out, "%s\n", submitjob); | |
612 | /* If the printer is Kerberized? */ | |
613 | if (ka) | |
614 | fprintf (out, "AuthType Negotiate\n"); | |
615 | else | |
616 | fprintf (out, "AuthType None\n"); | |
617 | /* Access-control list. */ | |
618 | if (ac) { | |
619 | printer_user_list(out, "LIST", ac, "Require user", 1); | |
620 | printer_user_list(out, "LIST", svrlist, "Require user", 1); | |
621 | } | |
622 | else if (ka) | |
623 | fprintf (out, "Require valid-user\n"); | |
624 | fprintf (out, "Order deny,allow\n"); | |
625 | fprintf (out, "Allow from all\n"); | |
626 | fprintf (out, "</Limit>\n"); | |
627 | fprintf (out, "%s\n", alterpntr); | |
628 | fprintf (out, "AuthType Default\n"); | |
629 | fprintf (out, "Require user @SYSTEM\n"); | |
630 | fprintf (out, "Order deny,allow\n"); | |
631 | fprintf (out, "</Limit>\n"); | |
632 | fprintf (out, "%s\n", lpcpntr); | |
633 | fprintf (out, "AuthType Default\n"); | |
634 | fprintf (out, "Require user @SYSTEM\n"); | |
635 | /* printer-specific lpc access. */ | |
636 | if (lpc_acl) | |
637 | printer_user_list(out, "LIST", lpc_acl, "Require user", 1); | |
638 | printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1); | |
639 | fprintf (out, "Order deny,allow\n"); | |
640 | fprintf (out, "</Limit>\n"); | |
641 | fprintf (out, "%s\n", canceljob); | |
642 | fprintf (out, "AuthType Default\n"); | |
643 | fprintf (out, "Require user @OWNER @SYSTEM\n"); | |
644 | printer_user_list(out, "LIST", lpc_acl, "Require user", 1); | |
645 | printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1); | |
646 | fprintf (out, "Order deny,allow\n"); | |
647 | fprintf (out, "Allow from all\n"); | |
648 | fprintf (out, "</Limit>\n"); | |
649 | fprintf (out, "%s\n", catchall); | |
650 | fprintf (out, "AuthType None\n"); | |
651 | fprintf (out, "Order deny,allow\n"); | |
652 | fprintf (out, "Allow from all\n"); | |
653 | fprintf (out, "</Limit>\n"); | |
654 | fprintf (out, "</Policy>\n"); | |
655 | } | |
656 | EXEC SQL CLOSE csr_lpc; | |
657 | fprintf(out, "\n"); | |
658 | tarfile_end(tf); | |
659 | tarfile_close(tf); | |
660 | } | |
661 | ||
662 | void sqlerr(void) | |
663 | { | |
664 | db_error(sqlca.sqlcode); | |
665 | } |