Letting any user remove jobs
Anders Blomdell
anders.blomdell at control.lth.se
Thu Oct 21 10:57:19 PDT 2004
I need to allow any user to modify the print queues on my cups server, but the only way I could come up with required a patch (A) and a modified cupsd.conf (B). Isn't there a simpler way?
Regards
Anders
A. Patch
--- cups-1.1.22rc2/scheduler/auth.c 2004-10-11 21:29:40.000000000 +0200
+++ cups-1.1.22rc2.mod/scheduler/auth.c 2004-10-21 19:15:29.529417056 +0200
@@ -180,6 +180,10 @@
loc->num_names ++;
}
+void RunAs(location_t *loc, char *user) {
+ loc->run_as = strdup(user);
+ LogMessage(L_DEBUG, "RunAs: %s", user);
+}
/*
* 'AllowHost()' - Add a host name that is allowed to access the location.
@@ -200,6 +204,7 @@
if (strcasecmp(name, "@LOCAL") == 0)
{
/*
+
* Allow *interface*...
*/
diff -urb cups-1.1.22rc2/scheduler/auth.h cups-1.1.22rc2.mod/scheduler/auth.h
--- cups-1.1.22rc2/scheduler/auth.h 2004-08-23 20:00:59.000000000 +0200
+++ cups-1.1.22rc2.mod/scheduler/auth.h 2004-10-21 18:57:17.414443768 +0200
@@ -98,6 +98,7 @@
int num_deny; /* Number of Deny lines */
authmask_t *deny; /* Deny lines */
http_encryption_t encryption; /* To encrypt or not to encrypt... */
+ char *run_as;
} location_t;
@@ -132,7 +133,7 @@
extern char *GetMD5Passwd(const char *username, const char *group,
char passwd[33]);
extern http_status_t IsAuthorized(client_t *con);
-
+extern void RunAs(location_t *loc, char *name);
/*
* End of "$Id: auth.h,v 1.24 2004/08/23 18:00:59 mike Exp $".
diff -urb cups-1.1.22rc2/scheduler/client.c cups-1.1.22rc2.mod/scheduler/client.c
--- cups-1.1.22rc2/scheduler/client.c 2004-10-04 21:40:35.000000000 +0200
+++ cups-1.1.22rc2.mod/scheduler/client.c 2004-10-21 19:20:32.453365616 +0200
@@ -1129,6 +1129,7 @@
decode_auth(con);
+
if (strncmp(con->http.fields[HTTP_FIELD_CONNECTION], "Keep-Alive", 10) == 0 &&
KeepAlive)
con->http.keep_alive = HTTP_KEEPALIVE_ON;
@@ -1227,6 +1228,14 @@
SendError(con, status);
return (CloseClient(con));
}
+ {
+ best = FindBest(con->uri, con->http.state);
+ if (best->run_as != NULL) {
+ strlcpy(con->username, best->run_as, sizeof(con->username));
+ }
+ LogMessage(L_DEBUG2, "user: %s\n", con->username);
+
+ }
switch (con->http.state)
{
diff -urb cups-1.1.22rc2/scheduler/conf.c cups-1.1.22rc2.mod/scheduler/conf.c
--- cups-1.1.22rc2/scheduler/conf.c 2004-08-23 20:00:59.000000000 +0200
+++ cups-1.1.22rc2.mod/scheduler/conf.c 2004-10-21 18:56:27.361053040 +0200
@@ -1983,6 +1983,8 @@
}
else if (strcasecmp(name, "AuthGroupName") == 0)
AddName(loc, value);
+ else if (strcasecmp(name, "RunAs") == 0)
+ RunAs(loc, value);
else if (strcasecmp(name, "Require") == 0)
{
/*
B. Part of config file:
<Location /jobs/?op>
# Allow anybody to modify jobs
RunAs root
Allow From x.y.z.w/24
</Location>
<Location /admin/?op=stop-printer>
# Allow anybody to stop printers
Allow From x.y.z.w/24
</Location>
<Location /admin/?op=start-printer>
# Allow anybody to start printers
Allow From x.y.z.w/24
</Location>
<Location /admin/>
# Necessary to prevent above to go into infinite loop
Allow From 130.235.83.0/24
</Location>
<Location /admin/?op>
# Disallow all not explicitly allowed printer ops
Deny From 130.235.83.0/24
</Location>
More information about the cups-devel
mailing list