[1698] in Moira
print.gen changes
daemon@ATHENA.MIT.EDU (Garry Zacheiss)
Thu Nov 16 00:52:13 2000
Message-Id: <200011160552.AAA21495@hodge-podge.mit.edu>
To: moiradev@MIT.EDU
Date: Thu, 16 Nov 2000 00:52:10 -0500
From: Garry Zacheiss <zacheiss@MIT.EDU>
These are needed due to apparent semantic changes in the parsing
of lpd.perms between lprng 3.6.1 and 3.6.13. They appear to work
correctly with the 8.3 and 8.4 lpds.
Garry
Index: print.pc
===================================================================
RCS file: /afs/athena.mit.edu/astaff/project/moiradev/repository/moira/gen/print.pc,v
retrieving revision 1.7
diff -c -r1.7 print.pc
*** print.pc 2000/02/09 22:55:13 1.7
--- print.pc 2000/11/16 05:33:12
***************
*** 160,169 ****
fprintf(out, "ACCEPT SERVICE=X,S,Q,P\nACCEPT LPC=status,lpq,printcap\n\n");
fprintf(out, "# Only trust certain host keys to forward jobs/commands\n");
! fprintf(out, "REJECT AUTHFROM=?* PRINTER=</var/spool/printer/queues.secure "
! "NOT AUTHFROM=</var/spool/printer/hostkeys.allow\n");
! fprintf(out, "REJECT AUTHFROM=?* AUTHJOB "
! "NOT AUTHFROM=</var/spool/printer/hostkeys.allow\n\n");
fprintf(out, "# Allow root to control and remove jobs\n");
fprintf(out, "ACCEPT SERVICE=C,R SERVER REMOTEUSER=root\n\n");
--- 160,170 ----
fprintf(out, "ACCEPT SERVICE=X,S,Q,P\nACCEPT LPC=status,lpq,printcap\n\n");
fprintf(out, "# Only trust certain host keys to forward jobs/commands\n");
! fprintf(out, "REJECT SERVICE=R AUTHFROM=?* "
! "PRINTER=</var/spool/printer/queues.secure "
! "NOT AUTHFROM=</var/spool/printer/hostkeys.allow FORWARD\n");
! fprintf(out, "REJECT SERVICE=R AUTHFROM=?* AUTHJOB "
! "NOT AUTHFROM=</var/spool/printer/hostkeys.allow FORWARD\n\n");
fprintf(out, "# Allow root to control and remove jobs\n");
fprintf(out, "ACCEPT SERVICE=C,R SERVER REMOTEUSER=root\n\n");
***************
*** 218,224 ****
fprintf(out, "ACCEPT SERVICE=M AUTH=USER,FWD AUTHJOB AUTHSAMEUSER\n\n");
fprintf(out, "# Reject unauthentic print/lprm requests to authenticated queues\n");
! fprintf(out, "REJECT SERVICE=R,M "
"PRINTER=</var/spool/printer/queues.secure\n\n");
fprintf(out, "# Reject unauthentic print requests from off MITnet\n");
--- 219,225 ----
fprintf(out, "ACCEPT SERVICE=M AUTH=USER,FWD AUTHJOB AUTHSAMEUSER\n\n");
fprintf(out, "# Reject unauthentic print/lprm requests to authenticated queues\n");
! fprintf(out, "REJECT SERVICE=R,M NOT AUTH"
"PRINTER=</var/spool/printer/queues.secure\n\n");
fprintf(out, "# Reject unauthentic print requests from off MITnet\n");
***************
*** 229,235 ****
fprintf(out, "# Reject any other lpc, or lprm. Accept all else\n");
fprintf(out, "REJECT SERVICE=C,M\n");
! fprintf(out, "DEFAULT ACCEPT");
tarfile_end(tf);
/* list of kerberized queues */
--- 230,236 ----
fprintf(out, "# Reject any other lpc, or lprm. Accept all else\n");
fprintf(out, "REJECT SERVICE=C,M\n");
! fprintf(out, "DEFAULT ACCEPT\n");
tarfile_end(tf);
/* list of kerberized queues */
