]> andersk Git - moira.git/blame_incremental - gen/cups-print.pc
andersk / moira.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
Fix lprm.
[moira.git] / gen / cups-print.pc
... / ...
CommitLineData
1/* $Id$
2 *
3 * This generates printcaps and other files for Athena print servers
4 *
5 * Copyright (C) 1992-1998 by the Massachusetts Institute of Technology.
6 * For copying and distribution information, please see the file
7 * <mit-copyright.h>.
8 */
9
10#include <mit-copyright.h>
11#include <moira.h>
12#include <moira_site.h>
13
14#include <sys/stat.h>
15#include <sys/types.h>
16
17#include <ctype.h>
18#include <stdio.h>
19#include <string.h>
20
21#include <time.h>
22#ifdef HAVE_KRB4
23#include <krb.h>
24#endif
25#include <krb5.h>
26
27#include "util.h"
28
29EXEC SQL INCLUDE sqlca;
30
31RCSID("$Header$");
32
33char *whoami = "cups-print.gen";
34char *db = "moira/moira";
35
36const int krbvers = 5; /* use Kerberos 5 */
37
38/* OMG, I hate this, but it's cleaner, I guess? */
39
40const char *alterjob = "<Limit Hold-Job Release-Job\
41 Restart-Job Purge-Jobs Reprocess-Job Set-Job-Attributes\
42 Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>";
43const char *submitjob = "<Limit Create-Job Print-Job Print-URI\
44 Set-Job-Attributes Send-URI Create-Job-Subscription Renew-Subscription\
45 Cancel-Subscription Get-Notifications CUPS-Move-Job CUPS-Authenticate-Job>";
46const char *alterpntr = "<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer\
47 CUPS-Add-Modify-Class CUPS-Delete-Class>";
48const char *lpcpntr = "<Limit Pause-Printer Resume-Printer Enable-Printer\
49 Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs\
50 Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer\
51 Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After\
52 CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>";
53const char *canceljob = "<Limit Cancel-Job>";
54const char *catchall = "<Limit All>";
55const char *phost = "printers.MIT.EDU";
56const char *svrlist = "cups-servers";
57
58void do_host(char *host);
59void sqlerr(void);
60#ifndef MAX
61#define MAX(a, b) ( (a) > (b) ? (a) : (b) )
62#endif
63
64int main(int argc, char **argv)
65{
66 EXEC SQL BEGIN DECLARE SECTION;
67 char name[MACHINE_NAME_SIZE];
68 EXEC SQL END DECLARE SECTION;
69
70 init_acls();
71
72 EXEC SQL CONNECT :db;
73
74 EXEC SQL WHENEVER SQLERROR DO sqlerr();
75
76 EXEC SQL DECLARE csr_hosts CURSOR FOR
77 SELECT m.name FROM machine m, serverhosts sh
78 WHERE m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER')
79 AND sh.enable = 1;
80 EXEC SQL OPEN csr_hosts;
81 while (1)
82 {
83 EXEC SQL FETCH csr_hosts INTO :name;
84 if (sqlca.sqlcode)
85 break;
86
87 strtrim(name);
88 do_host(name);
89 }
90 EXEC SQL CLOSE csr_hosts;
91
92 exit(MR_SUCCESS);
93}
94
95void printer_user_list(FILE *out, char *type, int id, char *str, int striprealm)
96{
97 struct save_queue *sq;
98 struct imember *m;
99 char kbuf[MAX_K_NAME_SZ];
100 char *cp;
101
102 sq = get_acl(type, id, NULL);
103 while (sq_remove_data(sq, &m))
104 {
105 if (m->type != 'S' && m->type != NULL) {
106 /* CUPS wants mmanley/root, not mmanley.root@ATHENA.MIT.EDU */
107 canon_krb(m, krbvers, kbuf, sizeof(kbuf));
108
109 /* now, take out all the @realm */
110 if (striprealm) {
111 for (cp=kbuf; *cp; cp++) {
112 if (*cp == '@') *cp = '\0';
113 }
114 }
115 fprintf(out, "%s %s\n", str, kbuf);
116 }
117 freeimember(m);
118 }
119 sq_destroy(sq);
120}
121
122
123
124void do_host(char *host)
125{
126 EXEC SQL BEGIN DECLARE SECTION;
127 char rp[PRINTERS_RP_SIZE], name[PRINTERS_NAME_SIZE];
128 char duplexname[PRINTERS_DUPLEXNAME_SIZE], location[PRINTERS_LOCATION_SIZE];
129 char hwtype[PRINTERS_HWTYPE_SIZE], lowerhwtype[PRINTERS_HWTYPE_SIZE];
130 char modtime[PRINTERS_MODTIME_SIZE], lmodtime[LIST_MODTIME_SIZE];
131 char contact[PRINTERS_CONTACT_SIZE], hostname[MACHINE_NAME_SIZE];
132 char cupshosts[MACHINE_NAME_SIZE], prtype [PRINTERS_TYPE_SIZE];
133 char service[SERVERHOSTS_SERVICE_SIZE];
134 char *spoolhost = host, *unixtime_fmt = UNIXTIME_FMT, *p;
135 char *lhost;
136 int ka, pc, ac, lpc_acl, top_lpc_acl, banner, rm;
137 EXEC SQL END DECLARE SECTION;
138 TARFILE *tf;
139 FILE *out;
140 char filename[MAXPATHLEN], *duptc;
141 time_t mtime, now = time(NULL);
142
143 lhost = (char *) strdup (host);
144 for (p = lhost; *p; p++)
145 *p = tolower(*p);
146
147 EXEC SQL SELECT mach_id INTO :rm FROM machine
148 WHERE name = :spoolhost;
149
150 sprintf(filename, "%s/cups-print/%s", DCM_DIR, host);
151 tf = tarfile_open(filename);
152
153 /* printers.conf entries for locally run queues */
154 out = tarfile_start(tf, "/etc/cups/printers.conf", 0644, 0, 0,
155 "lp", "lp", now);
156
157 EXEC SQL DECLARE csr_printers CURSOR FOR
158 SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
159 m.name, pr.banner, pr.location, pr.contact, pr.ka,
160 pr.ac, pr.lpc_acl
161 FROM printers pr, machine m
162 WHERE pr.rm = :rm AND m.mach_id = pr.mach_id
163 AND pr.type != 'ALIAS';
164 EXEC SQL OPEN csr_printers;
165 while (1)
166 {
167 EXEC SQL FETCH csr_printers INTO :rp, :name, :duplexname,
168 :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl;
169 if (sqlca.sqlcode)
170 break;
171
172 strtrim(rp);
173 strtrim(name);
174 strtrim(duplexname);
175 strtrim(hwtype);
176 strtrim(hostname);
177 strtrim(location);
178 strtrim(contact);
179 strcpy(lowerhwtype, hwtype);
180 for (p = rp; *p; p++) /* Because uppercased printer names suck */
181 *p = tolower(*p);
182 for (p = lowerhwtype; *p; p++)
183 *p = tolower(*p);
184
185 fprintf(out, "<Printer %s>\n",rp);
186 fprintf(out, "Info %s:%s\n", rp, hwtype);
187 /* Note the use of "beh" to keep the CUPS from disabling print queues
188 * should they not respond versus discarding the job.
189 * See the "beh" page for details.
190 * The 1/0/60 says "don't disable/try 20 times/try every 60s */
191 if (!strncmp(hwtype, "HP", 2))
192 fprintf(out, "DeviceURI beh:/1/20/60/socket://%s:9100\n", hostname);
193 else
194 fprintf(out, "DeviceURI beh:/1/20/60/socket://%s\n", hostname);
195 fprintf(out, "State Idle\n"); // Always with the Idle
196 fprintf(out, "StateTime %ld\n", (long)time(NULL));
197 fprintf(out, "Accepting Yes\n");
198 fprintf(out, "Shared Yes\n");
199 fprintf(out, "QuotaPeriod 0\n");
200 fprintf(out, "PageLimit 0\n");
201 fprintf(out, "Klimit 0\n");
202 fprintf(out, "Option sides one-sided\n");
203 fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
204 fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
205 fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
206 fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
207 fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
208 if (location[0])
209 fprintf(out, "Location %s\n", location);
210 fprintf(out, "ErrorPolicy abort-job\n");
211 if (ka || lpc_acl)
212 fprintf(out, "OpPolicy %s-policy\n", rp);
213 else
214 fprintf(out, "OpPolicy default\n");
215
216 /* Access-control list. */
217 if (ac)
218 {
219 if (ka)
220 fprintf(out, "AuthType Negotiate\n");
221 else
222 fprintf(out, "AuthType Default\n");
223 printer_user_list(out, "LIST", ac, "AllowUser", 0);
224 }
225
226 if (banner == PRN_BANNER_NONE)
227 fprintf(out, "JobSheets none none\n");
228 else
229 fprintf(out, "JobSheets athena none\n");
230 fprintf(out, "</Printer>\n");
231
232 }
233 EXEC SQL CLOSE csr_printers;
234
235 /* printers.conf entries for non-local CUPS queues */
236 EXEC SQL DECLARE csr_remote_printers CURSOR FOR
237 SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
238 m.name, pr.banner, pr.location, pr.contact, pr.ka,
239 pr.ac, pr.lpc_acl, m.name as cupshosts
240 FROM printers pr, machine m, serverhosts sh
241 WHERE pr.rm = m.mach_id
242 AND pr.type != 'ALIAS' AND m.name <> :spoolhost AND
243 m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER')
244 AND sh.enable = 1 AND m.mach_id = sh.mach_id;
245
246 EXEC SQL OPEN csr_remote_printers;
247 while (1)
248 {
249 EXEC SQL FETCH csr_remote_printers INTO :rp, :name, :duplexname,
250 :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl, :cupshosts;
251 if (sqlca.sqlcode)
252 break;
253
254 strtrim(rp);
255 strtrim(name);
256 strtrim(duplexname);
257 strtrim(hwtype);
258 strtrim(hostname);
259 strtrim(location);
260 strtrim(contact);
261 strtrim(cupshosts);
262 strcpy(lowerhwtype, hwtype);
263 for (p = rp; *p; p++) /* Because uppercased printer names suck */
264 *p = tolower(*p);
265 for (p = lowerhwtype; *p; p++)
266 *p = tolower(*p);
267
268 fprintf(out, "<Printer %s>\n",rp);
269 fprintf(out, "Info %s:%s\n", rp, hwtype);
270 fprintf(out, "DeviceURI ipp://%s:631/printers/%s\n", cupshosts, rp);
271 fprintf(out, "State Idle\n"); // Always with the Idle
272 fprintf(out, "StateTime %ld\n", (long)time(NULL));
273 fprintf(out, "Accepting Yes\n");
274 fprintf(out, "Shared Yes\n");
275 fprintf(out, "QuotaPeriod 0\n");
276 fprintf(out, "PageLimit 0\n");
277 fprintf(out, "Klimit 0\n");
278 fprintf(out, "Option sides one-sided\n");
279 fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
280 fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
281 fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
282 fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
283 fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
284 if (location[0])
285 fprintf(out, "Location %s\n", location);
286 fprintf(out, "ErrorPolicy abort-job\n");
287 if (ka || lpc_acl)
288 fprintf(out, "OpPolicy %s-policy\n", rp);
289 else
290 fprintf(out, "OpPolicy default\n");
291
292 /* Access-control list. */
293 if (ac)
294 {
295 if (ka)
296 fprintf(out, "AuthType Negotiate\n");
297 else
298 fprintf(out, "AuthType Default\n");
299 printer_user_list(out, "LIST", ac, "AllowUser", 0);
300 }
301
302 if (banner == PRN_BANNER_NONE)
303 fprintf(out, "JobSheets none none\n");
304 else
305 fprintf(out, "JobSheets athena none\n");
306 fprintf(out, "</Printer>\n");
307
308 }
309 EXEC SQL CLOSE csr_remote_printers;
310
311 /* printers.conf entries for non-local LPRng queues */
312 EXEC SQL DECLARE csr_lprng_printers CURSOR FOR
313 SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
314 m.name, pr.banner, pr.location, pr.contact, pr.ka,
315 pr.ac, pr.lpc_acl, m.name as cupshosts
316 FROM printers pr, machine m, serverhosts sh
317 WHERE pr.rm = m.mach_id
318 AND pr.type != 'ALIAS' AND m.name <> :spoolhost AND
319 m.mach_id = sh.mach_id AND sh.service = 'PRINT' AND
320 sh.enable = 1;
321
322 EXEC SQL OPEN csr_lprng_printers;
323 while (1)
324 {
325 EXEC SQL FETCH csr_lprng_printers INTO :rp, :name, :duplexname,
326 :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl, :cupshosts;
327 if (sqlca.sqlcode)
328 break;
329
330 strtrim(rp);
331 strtrim(name);
332 strtrim(duplexname);
333 strtrim(hwtype);
334 strtrim(hostname);
335 strtrim(location);
336 strtrim(contact);
337 strtrim(cupshosts);
338 strcpy(lowerhwtype, hwtype);
339 for (p = rp; *p; p++) /* Because uppercased printer names suck */
340 *p = tolower(*p);
341 for (p = lowerhwtype; *p; p++)
342 *p = tolower(*p);
343
344 fprintf(out, "<Printer %s>\n",rp);
345 fprintf(out, "Info %s:LPRng Queue on %s\n", rp, cupshosts);
346 fprintf(out, "DeviceURI lpd://%s/%s\n", cupshosts, rp);
347 fprintf(out, "State Idle\n"); // Always with the Idle
348 fprintf(out, "StateTime %ld\n", (long)time(NULL));
349 fprintf(out, "Accepting Yes\n");
350 fprintf(out, "Shared Yes\n");
351 fprintf(out, "QuotaPeriod 0\n");
352 fprintf(out, "PageLimit 0\n");
353 fprintf(out, "Klimit 0\n");
354 fprintf(out, "Option sides one-sided\n");
355 fprintf(out, "Filter application/vnd.cups-raw 0 -\n");
356 fprintf(out, "Filter application/vnd.cups-postscript 100 foomatic-rip\n");
357 fprintf(out, "Filter application/vnd.cups-pdf 0 foomatic-rip\n");
358 fprintf(out, "Filter application/vnd.apple-pdf 25 foomatic-rip\n");
359 fprintf(out, "Filter application/vnd.cups-command 0 commandtops\n");
360 if (location[0])
361 fprintf(out, "Location %s\n", location);
362 fprintf(out, "ErrorPolicy abort-job\n");
363 fprintf(out, "OpPolicy default\n");
364 fprintf(out, "JobSheets none none\n");
365 fprintf(out, "</Printer>\n");
366
367 }
368 EXEC SQL CLOSE csr_lprng_printers;
369 tarfile_end(tf);
370
371
372 /* aliases are in classes.conf */
373 out = tarfile_start(tf, "/etc/cups/classes.conf", 0644, 0, 0,
374 "lp", "lp", now);
375 EXEC SQL DECLARE csr_duplexqs CURSOR FOR
376 SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
377 m.name, pr.banner, pr.location, pr.contact, pr.ka,
378 pr.type as prtype, pr.ac, sh.service
379 FROM printers pr, machine m, serverhosts sh
380 WHERE pr.rm = m.mach_id
381 AND m.mach_id = sh.mach_id AND sh.enable = 1
382 AND (sh.service = 'CUPS-PRINT' OR sh.service = 'PRINT' OR sh.service = 'CUPS-CLUSTER');
383 EXEC SQL OPEN csr_duplexqs;
384 while (1)
385 {
386 EXEC SQL FETCH csr_duplexqs INTO :rp, :name, :duplexname,
387 :hwtype, :hostname, :banner, :location, :contact, :ka, :prtype, :ac, :service;
388 if (sqlca.sqlcode)
389 break;
390
391 strtrim(hwtype);
392 strtrim(service);
393 strtrim(rp);
394 strtrim(location);
395 strtrim(contact);
396 strtrim(prtype);
397
398 /* Define alias queues as classes to the regular queues for
399 * accounting reasons. Annoyingly, classes don't always inherit
400 * their printer definitions.
401 */
402 if (!strcmp(prtype,"ALIAS"))
403 {
404 strtrim(name);
405 fprintf(out, "<Class %s>\n",name);
406 fprintf(out, "Info Alias Queue to %s:%s\n", rp, hwtype);
407 fprintf(out, "Printer %s\n", rp);
408 fprintf(out, "Option sides one-sided\n");
409 fprintf(out, "State Idle\n"); // Always with the Idle
410 fprintf(out, "StateTime %ld\n", (long)time(NULL));
411 fprintf(out, "Accepting Yes\n");
412 fprintf(out, "Shared Yes\n");
413 fprintf(out, "QuotaPeriod 0\n");
414 fprintf(out, "PageLimit 0\n");
415 if (location[0])
416 fprintf(out, "Location %s\n", location);
417 /* do not use custom policies for LPRng printers */
418 if (strcmp(service,"PRINT") && (ka || lpc_acl))
419 fprintf(out, "OpPolicy %s-policy\n", rp);
420 else
421 fprintf(out, "OpPolicy default\n");
422
423 /* Access-control list. */
424 if (ac)
425 printer_user_list(out, "LIST", ac, "AllowUser", 0);
426
427 if (banner == PRN_BANNER_NONE)
428 fprintf(out, "JobSheets none none\n");
429 else
430 fprintf(out, "JobSheets athena none\n");
431 fprintf(out, "</Class>\n");
432 }
433
434 /* Define duplex queues as aliases to the regular queues for
435 * accounting reasons. Annoyingly, classes don't always inherit
436 * their printer definitions.
437 */
438 if (*duplexname)
439 {
440 strtrim(duplexname);
441 fprintf(out, "<Class %s>\n",duplexname);
442 if (!strcmp(prtype,"ALIAS"))
443 fprintf(out, "Info Duplex Alias Queue to %s:%s\n", rp, hwtype);
444 else
445 fprintf(out, "Info Duplex Queue for %s:%s\n", rp, hwtype);
446 fprintf(out, "Option sides two-sided-long-edge\n"); // duplex
447 fprintf(out, "Printer %s\n", rp);
448 fprintf(out, "State Idle\n"); // Always with the Idle
449 fprintf(out, "StateTime %ld\n", (long)time(NULL));
450 fprintf(out, "Accepting Yes\n");
451 fprintf(out, "Shared Yes\n");
452 fprintf(out, "QuotaPeriod 0\n");
453 fprintf(out, "PageLimit 0\n");
454 if (location[0])
455 fprintf(out, "Location %s\n", location);
456 if (strcmp(service,"PRINT") && (ka || lpc_acl))
457 fprintf(out, "OpPolicy %s-policy\n", rp);
458 else
459 fprintf(out, "OpPolicy default\n");
460
461 /* Access-control list. */
462 if (ac)
463 printer_user_list(out, "LIST", ac, "AllowUser", 0);
464
465 if (banner == PRN_BANNER_NONE)
466 fprintf(out, "JobSheets none none\n");
467 else if (banner == PRN_BANNER_LAST)
468 fprintf(out, "JobSheets athena none\n");
469 fprintf(out, "</Class>\n");
470 }
471 }
472 EXEC SQL CLOSE csr_duplexqs;
473 tarfile_end(tf);
474
475 /* cups.conf */
476 out = tarfile_start(tf, "/etc/cups/cupsd.conf", 0755, 1, 1,
477 "root", "lp", now);
478
479 fprintf(out, "LogLevel info\n");
480 fprintf(out, "SystemGroup sys root ops-group\n");
481 fprintf(out, "Port 631\n");
482 fprintf(out, "SSLPort 443\n");
483 fprintf(out, "Listen /var/run/cups/cups.sock\n");
484 fprintf(out, "Browsing On\n");
485 fprintf(out, "BrowseOrder allow,deny\n");
486 fprintf(out, "BrowseAllow all\n");
487 fprintf(out, "BrowseAddress @LOCAL\n");
488 fprintf(out, "DefaultAuthType Negotiate\n");
489 fprintf(out, "ServerCertificate /etc/cups/ssl/%s-ipp-crt.pem\n", lhost);
490 fprintf(out, "ServerKey /etc/cups/ssl/%s-ipp-key.pem\n", lhost);
491 fprintf(out, "ServerName %s\n", lhost);
492 fprintf(out, "ServerAlias %s\n", phost);
493 /* fprintf(out, "Krb5Keytab /etc/krb5-ipp.keytab\n"); */
494
495 /* The other CUPS servers should be aware of the other hosts'
496 queues, so we'll let them browse each other. */
497 fprintf(out, "Include cups.local.conf\n");
498 fprintf(out, "Include cups.locations.conf\n");
499 fprintf(out, "Include cups.policies.conf\n");
500 tarfile_end(tf);
501
502 /* cups.hosts.conf */
503 out = tarfile_start(tf, "/etc/cups/cups.hosts.conf", 0755, 1, 1,
504 "root", "lp", now);
505 EXEC SQL DECLARE csr_cupshosts CURSOR FOR
506 SELECT m.name AS cupshosts FROM machine m, printservers ps
507 WHERE m.mach_id = ps.mach_id AND ps.kind = 'CUPS';
508 EXEC SQL OPEN csr_cupshosts;
509 while (1)
510 {
511 EXEC SQL FETCH csr_cupshosts INTO :cupshosts;
512 if (sqlca.sqlcode)
513 break;
514
515 strtrim(cupshosts);
516
517 /* Don't poll yourself looking for answers! */
518 if (strcmp(cupshosts,host))
519 fprintf(out, "BrowsePoll %s\n", cupshosts);
520 }
521 EXEC SQL CLOSE csr_cupshosts;
522
523 tarfile_end(tf);
524
525 /* cups.policies.conf */
526 out = tarfile_start(tf, "/etc/cups/cups.policies.conf", 0755, 1, 1,
527 "root", "lp", now);
528 fprintf(out, "# Printer-specific LPC and LPR ACLs\n");
529 /* lpcaccess.top */
530 EXEC SQL SELECT ps.lpc_acl INTO :top_lpc_acl
531 FROM printservers ps, machine m
532 WHERE m.name = :spoolhost AND m.mach_id = ps.mach_id;
533
534 /* first, what's our defaults? */
535 fprintf (out, "<Policy default>\n");
536 fprintf (out, "%s\n", alterjob);
537 fprintf (out, "AuthType Default\n");
538 fprintf (out, "Require user @OWNER @SYSTEM\n");
539 printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
540 fprintf (out, "Order deny,allow\n");
541 fprintf (out, "</Limit>\n");
542 fprintf (out, "<Limit Send-Document CUPS-Get-Document>\n");
543 fprintf (out, "AuthType None\n");
544 fprintf (out, "Require user @OWNER @SYSTEM\n");
545 fprintf (out, "Order deny,allow\n");
546 fprintf (out, "Allow from all\n");
547 fprintf (out, "</Limit>\n");
548 fprintf (out, "%s\n", submitjob);
549 fprintf (out, "AuthType None\n");
550 fprintf (out, "Order deny,allow\n");
551 fprintf (out, "Allow from all\n");
552 fprintf (out, "</Limit>\n");
553 fprintf (out, "%s\n", alterpntr);
554 fprintf (out, "AuthType Default\n");
555 fprintf (out, "Require user @SYSTEM\n");
556 fprintf (out, "Order deny,allow\n");
557 fprintf (out, "</Limit>\n");
558 fprintf (out, "%s\n", lpcpntr);
559 fprintf (out, "AuthType Default\n");
560 fprintf (out, "Require user @SYSTEM\n");
561 printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
562 fprintf (out, "Order deny,allow\n");
563 fprintf (out, "</Limit>\n");
564 fprintf (out, "%s\n", canceljob);
565 fprintf (out, "AuthType Default\n");
566 fprintf (out, "Require user @OWNER @SYSTEM\n");
567 printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
568 fprintf (out, "Order deny,allow\n");
569 fprintf (out, "Allow from all\n");
570 fprintf (out, "</Limit>\n");
571 fprintf (out, "%s\n", catchall);
572 fprintf (out, "AuthType None\n");
573 fprintf (out, "Order deny,allow\n");
574 fprintf (out, "Allow from all\n");
575 fprintf (out, "</Limit>\n");
576 fprintf (out, "</Policy>\n");
577
578 /* restrict lists and lpcaccess policies. Sadly, we have to put the
579 top level for each new policy since CUPS doesn't have a way of
580 doing it otherwise (well, Unix groups, but not moira) */
581 EXEC SQL DECLARE csr_lpc CURSOR FOR
582 SELECT UNIQUE rp, ka, ac, lpc_acl
583 FROM printers
584 WHERE (ac != 0 OR lpc_acl != 0) AND rm in (SELECT m.mach_id FROM machine m, serverhosts sh
585 WHERE m.mach_id = sh.mach_id AND (sh.service = 'CUPS-PRINT' OR sh.service = 'CUPS-CLUSTER')
586 AND sh.enable = 1);
587 EXEC SQL OPEN csr_lpc;
588 while (1)
589 {
590 EXEC SQL FETCH csr_lpc INTO :name, :ka, :ac, :lpc_acl;
591 if (sqlca.sqlcode)
592 break;
593
594 strtrim(name);
595
596 fprintf (out, "<Policy %s-policy>\n", name);
597 fprintf (out, "%s\n", alterjob);
598 fprintf (out, "AuthType Default\n");
599 fprintf (out, "Require user @OWNER @SYSTEM\n");
600 printer_user_list(out, "LIST", lpc_acl, "Require user", 1);
601 printer_user_list(out, "LIST", svrlist, "Require user", 1);
602 fprintf (out, "Order deny,allow\n");
603 fprintf (out, "Allow from all\n");
604 fprintf (out, "</Limit>\n");
605 fprintf (out, "<Limit Send-Document CUPS-Get-Document>\n");
606 fprintf (out, "AuthType None\n");
607 fprintf (out, "Require user @OWNER @SYSTEM\n");
608 fprintf (out, "Order deny,allow\n");
609 fprintf (out, "Allow from all\n");
610 fprintf (out, "</Limit>\n");
611 fprintf (out, "%s\n", submitjob);
612 /* If the printer is Kerberized? */
613 if (ka)
614 fprintf (out, "AuthType Negotiate\n");
615 else
616 fprintf (out, "AuthType None\n");
617 /* Access-control list. */
618 if (ac) {
619 printer_user_list(out, "LIST", ac, "Require user", 1);
620 printer_user_list(out, "LIST", svrlist, "Require user", 1);
621 }
622 else if (ka)
623 fprintf (out, "Require valid-user\n");
624 fprintf (out, "Order deny,allow\n");
625 fprintf (out, "Allow from all\n");
626 fprintf (out, "</Limit>\n");
627 fprintf (out, "%s\n", alterpntr);
628 fprintf (out, "AuthType Default\n");
629 fprintf (out, "Require user @SYSTEM\n");
630 fprintf (out, "Order deny,allow\n");
631 fprintf (out, "</Limit>\n");
632 fprintf (out, "%s\n", lpcpntr);
633 fprintf (out, "AuthType Default\n");
634 fprintf (out, "Require user @SYSTEM\n");
635 /* printer-specific lpc access. */
636 if (lpc_acl)
637 printer_user_list(out, "LIST", lpc_acl, "Require user", 1);
638 printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
639 fprintf (out, "Order deny,allow\n");
640 fprintf (out, "</Limit>\n");
641 fprintf (out, "%s\n", canceljob);
642 fprintf (out, "AuthType Default\n");
643 fprintf (out, "Require user @OWNER @SYSTEM\n");
644 printer_user_list(out, "LIST", lpc_acl, "Require user", 1);
645 printer_user_list(out, "LIST", top_lpc_acl, "Require user", 1);
646 fprintf (out, "Order deny,allow\n");
647 fprintf (out, "Allow from all\n");
648 fprintf (out, "</Limit>\n");
649 fprintf (out, "%s\n", catchall);
650 fprintf (out, "AuthType None\n");
651 fprintf (out, "Order deny,allow\n");
652 fprintf (out, "Allow from all\n");
653 fprintf (out, "</Limit>\n");
654 fprintf (out, "</Policy>\n");
655 }
656 EXEC SQL CLOSE csr_lpc;
657 fprintf(out, "\n");
658 tarfile_end(tf);
659 tarfile_close(tf);
660}
661
662void sqlerr(void)
663{
664 db_error(sqlca.sqlcode);
665}
Moira, the Athena Service Management system
This page took 0.038718 seconds and 5 git commands to generate.