#include <string.h>
#include <time.h>
+#ifdef HAVE_KRB4
#include <krb.h>
+#endif
#include <krb5.h>
#include "util.h"
-
-
EXEC SQL INCLUDE sqlca;
RCSID("$Header$");
char *whoami = "cups-print.gen";
char *db = "moira/moira";
+const int krbvers = 5; /* use Kerberos 5 */
+
/* OMG, I hate this, but it's cleaner, I guess? */
-const char *alterjob = "<Limit Send-Document Send-URI Hold-Job Release-Job\
- Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription\
- Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job\
+const char *alterjob = "<Limit Hold-Job Release-Job\
+ Restart-Job Purge-Jobs Reprocess-Job Set-Job-Attributes\
Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>";
-const char *submitjob = "<Limit Create-Job Print-Job Print-URI>";
+const char *submitjob = "<Limit Create-Job Print-Job Print-URI Send-Document\
+ Set-Job-Attributes Send-URI Create-Job-Subscription Renew-Subscription\
+ Cancel-Subscription Get-Notifications CUPS-Move-Job>";
const char *alterpntr = "<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer\
CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>";
const char *lpcpntr = "<Limit Pause-Printer Resume-Printer Enable-Printer\
CUPS-Accept-Jobs CUPS-Reject-Jobs>";
const char *canceljob = "<Limit Cancel-Job CUPS-Authenticate-Job>";
const char *catchall = "<Limit All>";
+const char *phost = "printers.MIT.EDU";
void do_host(char *host);
void sqlerr(void);
{
struct save_queue *sq;
struct imember *m;
+ char kbuf[MAX_K_NAME_SZ];
+ char *cp;
sq = get_acl(type, id, NULL);
while (sq_remove_data(sq, &m))
{
- if (m->type == 'U')
- fprintf(out, "%s %s\n", str, m->name);
+ if (m->type != 'S' && m->type != NULL) {
+ /* CUPS wants mmanley/root, not mmanley.root@ATHENA.MIT.EDU */
+ canon_krb(m, krbvers, kbuf, sizeof(kbuf));
+
+ /* now, take out all the @realm */
+ for (cp=kbuf; *cp; cp++) {
+ if (*cp == '@') *cp = '\0';
+ }
+ fprintf(out, "%s %s\n", str, kbuf);
+ }
freeimember(m);
}
sq_destroy(sq);
/* printers.conf */
out = tarfile_start(tf, "/etc/cups/printers.conf", 0644, 0, 0,
- "root", "lp", now);
+ "lp", "lp", now);
EXEC SQL DECLARE csr_printers CURSOR FOR
SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
m.name, pr.banner, pr.location, pr.contact, pr.ka,
- pr.ac
+ pr.ac, pr.lpc_acl
FROM printers pr, machine m
WHERE pr.rm = :rm AND m.mach_id = pr.mach_id
AND pr.type != 'ALIAS';
while (1)
{
EXEC SQL FETCH csr_printers INTO :rp, :name, :duplexname,
- :hwtype, :hostname, :banner, :location, :contact, :ka, :ac;
+ :hwtype, :hostname, :banner, :location, :contact, :ka, :ac, :lpc_acl;
if (sqlca.sqlcode)
break;
if (location[0])
fprintf(out, "Location %s\n", location);
fprintf(out, "ErrorPolicy abort-job\n");
- if (! ka || ! lpc_acl)
- fprintf(out, "OpPolicy default\n");
- else
+ if (ka || lpc_acl)
fprintf(out, "OpPolicy %s-policy\n", rp);
+ else
+ fprintf(out, "OpPolicy default\n");
/* Access-control list. */
if (ac)
if (ka)
fprintf(out, "AuthType Negotiate\n");
else
- fprintf(out, "AuthType Negotiate\n");
+ fprintf(out, "AuthType Default\n");
printer_user_list(out, "LIST", ac, "AllowUser");
}
/* aliases are in classes.conf */
out = tarfile_start(tf, "/etc/cups/classes.conf", 0644, 0, 0,
- "root", "root", now);
+ "lp", "lp", now);
EXEC SQL DECLARE csr_duplexqs CURSOR FOR
SELECT pr.rp, pr.name, pr.duplexname, pr.hwtype,
m.name, pr.banner, pr.location, pr.contact, pr.ka,
if (location[0])
fprintf(out, "Location %s\n", location);
fprintf(out, "ErrorPolicy abort-job\n");
- if (! ka || ! lpc_acl)
- fprintf(out, "OpPolicy default\n");
- else
+ if (ka || lpc_acl)
fprintf(out, "OpPolicy %s-policy\n", rp);
+ else
+ fprintf(out, "OpPolicy default\n");
/* Access-control list. */
if (ac)
if (ka)
fprintf(out, "AuthType Negotiate\n");
else
- fprintf(out, "AuthType Negotiate\n");
+ fprintf(out, "AuthType Default\n");
printer_user_list(out, "LIST", ac, "AllowUser");
}
if (location[0])
fprintf(out, "Location %s\n", location);
fprintf(out, "ErrorPolicy abort-job\n");
- if (! ka || ! lpc_acl)
- fprintf(out, "OpPolicy default\n");
- else
+ if (ka || lpc_acl)
fprintf(out, "OpPolicy %s-policy\n", rp);
+ else
+ fprintf(out, "OpPolicy default\n");
/* Access-control list. */
if (ac)
if (ka)
fprintf(out, "AuthType Negotiate\n");
else
- fprintf(out, "AuthType Negotiate\n");
+ fprintf(out, "AuthType Default\n");
printer_user_list(out, "LIST", ac, "AllowUser");
}
fprintf(out, "ServerCertificate /etc/cups/ssl/%s-ipp-crt.pem\n", lhost);
fprintf(out, "ServerKey /etc/cups/ssl/%s-ipp-key.pem\n", lhost);
fprintf(out, "ServerName %s\n", lhost);
+ fprintf(out, "ServerAlias %s\n", phost);
fprintf(out, "Krb5Keytab /etc/krb5-ipp.keytab\n");
- fprintf(out, "Browsing On\n");
- fprintf(out, "BrowseProtocols cups\n");
/* The other CUPS servers should be aware of the other hosts'
queues, so we'll let them browse each other. */
+ fprintf(out, "Include cups.local.conf\n");
+ fprintf(out, "Include cups.locations.conf\n");
+ fprintf(out, "Include cups.policies.conf\n");
+ tarfile_end(tf);
+ /* cups.hosts.conf */
+ out = tarfile_start(tf, "/etc/cups/cups.hosts.conf", 0755, 1, 1,
+ "root", "lp", now);
EXEC SQL DECLARE csr_cupshosts CURSOR FOR
SELECT m.name AS cupshosts FROM machine m, printservers ps
WHERE m.mach_id = ps.mach_id AND ps.kind = 'CUPS';
fprintf(out, "BrowsePoll %s\n", cupshosts);
}
EXEC SQL CLOSE csr_cupshosts;
- fprintf(out, "Include cups.locations.conf\n");
- fprintf(out, "Include cups.policies.conf\n");
tarfile_end(tf);
fprintf (out, "Order deny,allow\n");
fprintf (out, "</Limit>\n");
fprintf (out, "%s\n", submitjob);
- fprintf (out, "AuthType Default\n");
+ fprintf (out, "AuthType None\n");
fprintf (out, "Order deny,allow\n");
+ fprintf (out, "Allow from all\n");
fprintf (out, "</Limit>\n");
fprintf (out, "%s\n", alterpntr);
fprintf (out, "AuthType Default\n");
fprintf (out, "Require user @OWNER @SYSTEM\n");
printer_user_list(out, "LIST", top_lpc_acl, "Require user");
fprintf (out, "Order deny,allow\n");
+ fprintf (out, "Allow from all\n");
fprintf (out, "</Limit>\n");
fprintf (out, "%s\n", catchall);
+ fprintf (out, "AuthType None\n");
fprintf (out, "Order deny,allow\n");
+ fprintf (out, "Allow from all\n");
fprintf (out, "</Limit>\n");
fprintf (out, "</Policy>\n");
}
fprintf (out, "Require user @OWNER @SYSTEM\n");
printer_user_list(out, "LIST", lpc_acl, "Require user");
fprintf (out, "Order deny,allow\n");
+ fprintf (out, "Allow from all\n");
fprintf (out, "</Limit>\n");
fprintf (out, "%s\n", submitjob);
/* If the printer is Kerberized? */
else if (ka)
fprintf (out, "Require valid-user\n");
fprintf (out, "Order deny,allow\n");
+ fprintf (out, "Allow from all\n");
fprintf (out, "</Limit>\n");
fprintf (out, "%s\n", alterpntr);
fprintf (out, "AuthType Default\n");
printer_user_list(out, "LIST", lpc_acl, "Require user");
printer_user_list(out, "LIST", top_lpc_acl, "Require user");
fprintf (out, "Order deny,allow\n");
+ fprintf (out, "Allow from all\n");
fprintf (out, "</Limit>\n");
fprintf (out, "%s\n", catchall);
+ fprintf (out, "AuthType None\n");
fprintf (out, "Order deny,allow\n");
+ fprintf (out, "Allow from all\n");
fprintf (out, "</Limit>\n");
fprintf (out, "</Policy>\n");
}