[1312] in Moira

home help back first fref pref prev next nref lref last post

print.gen updates

daemon@ATHENA.MIT.EDU (Mike Whitson)
Wed Feb 2 20:10:42 2000

Date: Wed, 2 Feb 2000 20:10:37 -0500 (EST)
Message-Id: <200002030110.UAA331057@athyra.mit.edu>
From: Mike Whitson <mwhitson@MIT.EDU>
To: moiradev@MIT.EDU

[Note: after discussion with rbasch, now that Dan's gone, I'm going to
start to use moiradev as a patch-review list, akin to
source-reviewers.]

This patch does three things:

     - adds a missing init_acls() call to print.pc, the lack of which
       caused print.gen to dump core
     - changes the generated lpd.perms files to allow the world to use
       the "lpc printcap" call.
     - changes the generated lpd.perms files such that being on the
       lpc acl gives one implicit ability to print to a queue.

Index: print.pc
===================================================================
RCS file: /afs/athena.mit.edu/astaff/project/moiradev/repository/moira/gen/print.pc,v
retrieving revision 1.6
diff -c -r1.6 print.pc
*** print.pc	2000/01/06 21:13:51	1.6
--- print.pc	2000/02/03 01:01:14
***************
*** 38,43 ****
--- 38,44 ----
    EXEC SQL BEGIN DECLARE SECTION;
    char name[MACHINE_NAME_SIZE];
    EXEC SQL END DECLARE SECTION;
+   init_acls();
  
    EXEC SQL CONNECT :db;
  
***************
*** 155,161 ****
  		      "daemon", "daemon", now);
    fprintf(out, "# Allow anybody to connect, get status, list queue, or "
  	  "print (once a\n# job is spooled)\n");
!   fprintf(out, "ACCEPT SERVICE=X,S,Q,P\nACCEPT LPC=status,lpq\n\n");
  
    fprintf(out, "# Only trust certain host keys to forward jobs/commands\n");
    fprintf(out, "REJECT AUTHFROM=?* PRINTER=</var/spool/printer/queues.secure "
--- 156,162 ----
  		      "daemon", "daemon", now);
    fprintf(out, "# Allow anybody to connect, get status, list queue, or "
  	  "print (once a\n# job is spooled)\n");
!   fprintf(out, "ACCEPT SERVICE=X,S,Q,P\nACCEPT LPC=status,lpq,printcap\n\n");
  
    fprintf(out, "# Only trust certain host keys to forward jobs/commands\n");
    fprintf(out, "REJECT AUTHFROM=?* PRINTER=</var/spool/printer/queues.secure "
***************
*** 163,168 ****
--- 164,195 ----
    fprintf(out, "REJECT AUTHFROM=?* AUTHJOB "
  	  "NOT AUTHFROM=</var/spool/printer/hostkeys.allow\n\n");
  
+   fprintf(out, "# Allow root to control and remove jobs\n");
+   fprintf(out, "ACCEPT SERVICE=C,R SERVER REMOTEUSER=root\n\n");
+ 
+   fprintf(out, "# Allow admins to control and remove jobs\n");
+   fprintf(out, "ACCEPT SERVICE=C,R AUTH=USER AUTHUSER=</var/spool/printer/lpcaccess.top\n\n");
+ 
+   fprintf(out, "# Printer-specific LPC ACLs\n");
+   EXEC SQL DECLARE csr_lpc CURSOR FOR
+     SELECT rp, duplexname FROM printers
+     WHERE rm = :rm AND lpc_acl != 0;
+   EXEC SQL OPEN csr_lpc;
+   while (1)
+     {
+       EXEC SQL FETCH csr_lpc INTO :name, :duplexname;
+       if (sqlca.sqlcode)
+ 	break;
+ 
+       strtrim(name);
+       strtrim(duplexname);
+       fprintf(out, "ACCEPT SERVICE=C,R PRINTER=%s%s%s AUTH=USER "
+ 	      "AUTHUSER=</var/spool/printer/%s/lpcaccess\n",
+ 	      name, *duplexname ? "," : "", duplexname, name);
+     }
+   EXEC SQL CLOSE csr_lpc;
+   fprintf(out, "\n");
+ 
    fprintf(out, "# Reject jobs from unauthorized users to restricted queues\n");
    EXEC SQL DECLARE csr_ac CURSOR FOR
      SELECT rp, duplexname, ka FROM printers
***************
*** 199,230 ****
    fprintf(out, "# Accept unauthentic print requests if same user and on MITnet\n");
    fprintf(out, "ACCEPT SERVICE=M NOT AUTHJOB SAMEUSER REMOTEIP=</var/spool/printer/masks.allow\n\n");
    
-   fprintf(out, "# Allow root to control and remove jobs\n");
-   fprintf(out, "ACCEPT SERVICE=C SERVER REMOTEUSER=root\n\n");
- 
-   fprintf(out, "# Allow admins to control and remove jobs\n");
-   fprintf(out, "ACCEPT SERVICE=C AUTH=USER AUTHUSER=</var/spool/printer/lpcaccess.top\n\n");
- 
-   fprintf(out, "# Printer-specific LPC ACLs\n");
-   EXEC SQL DECLARE csr_lpc CURSOR FOR
-     SELECT rp, duplexname FROM printers
-     WHERE rm = :rm AND lpc_acl != 0;
-   EXEC SQL OPEN csr_lpc;
-   while (1)
-     {
-       EXEC SQL FETCH csr_lpc INTO :name, :duplexname;
-       if (sqlca.sqlcode)
- 	break;
- 
-       strtrim(name);
-       strtrim(duplexname);
-       fprintf(out, "ACCEPT SERVICE=C PRINTER=%s%s%s AUTH=USER "
- 	      "AUTHUSER=</var/spool/printer/%s/lpcaccess\n",
- 	      name, *duplexname ? "," : "", duplexname, name);
-     }
-   EXEC SQL CLOSE csr_lpc;
-   fprintf(out, "\n");
- 
    fprintf(out, "# Reject any other lpc, or lprm. Accept all else\n");
    fprintf(out, "REJECT SERVICE=C,M\n");
    fprintf(out, "DEFAULT ACCEPT");
--- 226,231 ----

home help back first fref pref prev next nref lref last post