1########################################################################### 2# LPRng - An Extended Print Spooler System 3# 4# Copyright 1988-2001 Patrick Powell, San Diego, CA 5# papowell@lprng.com 6# See LICENSE for conditions of use. 7# 8########################################################################### 9# MODULE: TESTSUPPORT/lpd.perms.proto 10# PURPOSE: prototype printer permissions file 11# $Id: lpd.perms.in,v 1.1.1.1 2008/10/15 03:28:09 james26_jang Exp $ 12########################################################################## 13# Printer permissions data base 14## # 15## LPRng - An Enhanced Printer Spooler 16## lpd.perms file 17## Patrick Powell <papowell@lprng.com> 18## 19## VERSION=3.8.22 20## 21## Access control to the LPRng facilities is controlled by entries 22## in a set of lpd.perms files. The common location for these files 23## are: /etc/lpd.perms, /usr/etc/lpd.perms, and /var/spool/lpd/lpd.perms. 24## The locations of these files are set by the perms_path entry 25## in the lpd.conf file or by compile time defaults in the 26## src/common/defaults.c file. 27## 28## Each time the lpd server is given a user request or carries out an 29## operation, it searches to the perms files to determine if the action 30## is ACCEPT or REJECT. The first ACCEPT or REJECT found terminates the search. 31## If none is found, then the last DEFAULT action is used. 32## 33## Permissions are checked by the use of 'keys' and matches. For each of 34## the following LPR activities, the following keys have a value. 35## 36## Key Match Connect Job Job LPQ LPRM LPC 37## Spool Print 38## SERVICE S 'X' 'R' 'P' 'Q' 'M' 'C' 39## USER S - JUSR JUSR JUSR JUSR JUSR 40## HOST S RH JH JH JH JH JH 41## GROUP S - JUSR JUSR JUSR JUSR JUSR 42## IP IP RIP JIP JIP RIP JIP JIP 43## PORT N PORT PORT PORT PORT PORT PORT 44## UNIXSOCKET V SK SK SK SK SK SK 45## REMOTEUSER S - JUSR JUSR JUSR CUSR CUSR 46## REMOTEHOST S RH RH JH RH RH RH 47## REMOTEGROUP S - JUSR JUSR JUSR CUSR CUSR 48## CONTROLLINE S - CL CL CL CL CL 49## PRINTER S - PR PR PR PR PR 50## FORWARD V - SA - - SA SA 51## SAMEHOST V - SA - SA SA SA 52## SAMEUSER V - - - SU SU SU 53## SERVER V - SV - SV SV SV 54## LPC S - - - - - LPC 55## AUTH V - AU AU AU AU AU 56## AUTHTYPE S - AU AU AU AU AU 57## AUTHUSER S - AU AU AU AU AU 58## AUTHFROM S - AU AU AU AU AU 59## AUTHSAMEUSER S - AU AU AU AU AU 60## REMOTEIP is an alias for REMOTEHOST 61## REMOTEPORT is an alias for PORT 62## IP is an alias for HOST 63 64## 65## KEY: 66## JH = HOST IP address/DNS name of host in control file 67## RH = REMOTEHOST connecting host IP address/DNS Name 68## JUSR = USER user in control file 69## CUSR = REMOTEUSER user making control operation request 70## JIP= IP IP address/DNS name of host in control file 71## RIP= REMOTEIP IP address/DNS name of requesting host 72## PORT= connecting host origination port 73## SK= true (match) if connection from a unix socket 74## CONTROLLINE= pattern match of control line in control file 75## 76## SA= IP of source of request == IP of host in control file 77## SU= user name making request == user in control file 78## SV= IP of source of request = IP of server host or server Localhost 79## LPC= lpc command globmatched against values 80## AU= Authorization check on transfer 81## AUTH will be true (match) if authenticated request 82## AUTHTYPE will match authentication type of request to pattern 83## AUTHUSER will match client authentication id to pattern 84## AUTHFROM will match request originator authentication id to pattern 85## AUTHSAMEUSER will match requestor authentication id 86## to authentication id in job 87## 88## Match: S = globmatch, IP = IPaddress[/netmask], 89## N = low[-high] number range, V= matching or compatible values 90## SERVICE: 'X' - Connection request; 'R' - lpr request from remote host; 91## 'P' - print job in queue; 'Q' - lpq request, 'M' - lprm request; 92## 'C' - lpc spool control request; 93## NOTE: when printing (P action), the remote and job check values 94## (i.e. - RUSR, JUSR) are identical. 95## NOTE: the HOST, USER, SAMEUSER and SAMEHOST checks always succeed 96## when checking permissions for a spool queue; they are active only when 97## checking permissions of a spooled job. 98## 99## The UNIXSOCKET will match (true) when connection was made over a UNIX 100## socket. 101## 102## The SAMEHOST match checks to see that one (or more) of the 103## IP addresses of the host originating a request is/are the 104## matches one or more of the IP addresses of the host whose 105## hostname appears in the control file. 106## The SAMEHOST match checks to see that one (or more) of the 107## IP addresses of the host originating a request is/are the 108## matches one or more of the IP addresses of the server. 109## FORWARD is the same as NOT SAMEHOST, i.e. - request is 110## forwarded. 111## 112## The special key letter=patterns searches the control file 113## line starting with the (upper case) letter, and is usually 114## used with printing and spooling checks. For example, 115## C=A*,B* would check that the class information (i.e.- line 116## in the control file starting with C) had a value starting 117## with A or B. 118## 119## A permission line consists of list of tests and an a result value 120## If all of the tests succeed, then a match has been found and the 121## permission testing completes with the result value. You use the 122## DEFAULT reserved word to set the default ACCEPT/DENY result. 123## The NOT keyword will reverse the sense of a test. 124## 125## Each test can have one or more optional values separated by 126## commas. For example USER=john,paul,mark has 3 test values. 127## 128## The Match type specifies how the matching is done. 129## S = glob type string match OR </path 130## Format: string with wildcards (*) and ranges 131## * matches 0 or more chars 132## [a-d] matches a or b or c or d 133## Character comparison is case insensitive. 134## For example - USER=th*s matches uTHS, This, This, Theses 135## USER=[d-f]x matches dx, ex, fx 136## If the match is </path then the specified file is 137## opened and read, and the file contents are treated like 138## S type entries separated by whitespace 139## 140## 141## IP = IP address and submask. IP address must be in dotted form. 142## OR </path 143## Format: x.x.x.x[/y.y.y.y] x.x.x.x is IP address 144## y.y.y.y is optional submask, default is 255.255.255.255 145## Match is done by converting to 32 bit x, y, and IP value and using: 146## success = ((x ^ IP ) & y) == 0 (C language notation) 147## i.e.- only bits where mask is non-zero are used in comparison. 148## For example - REMOTEIP=130.191.0.0/255.255.0.0 matches all address 130.191.X.X 149## If the match is </path then the specified file is 150## opened and read, and the file contents are treated like 151## S type entries separated by whitespace 152## 153## N = numerical range - low-high integer range. 154## Format: low[-high] 155## Example: PORT=0-1023 matches a port in range 0 - 1023 (privileged) 156## 157## The SAMEUSER and SAMEHOST are options that form values from information 158## in control files or connections. The GROUP entry searches the user group 159## database for group names matching the pattern, and then searches these 160## for the user name. If the name is found, the search is successful. 161## The SERVER entry is successful if the request originated from the current 162## lpd server host. 163## 164## Note carefully that the USER, HOST, and IP values are based on values found 165## in the control file currently being checked for permissions. The 166## REMOTEUSER, REMOTEHOST, and REMOTEIP are based on values supplied as part 167## of a connection to the LPD server, or on the actual TCP/IP connection. 168## 169## The LPC entry matches an LPC command. For example LPC=topq would match 170## when an lpc topq command is being executed. You must still have the 171## SERVICE=C entry to trigger this action. 172## 173## Note: the SERVICE=R and SERVICE=P both check the LPR actions 174## of sending a job. However, SERVICE=R does it when the job is being 175## sent to the LPD server. Some LPD (and LPR) implementations cannot 176## handle a job being rejected due to lack of permissions, and sit in 177## an endless loop trying to resend the job. This is the reason for 178## the SERVICE=P check. You can accept the job for printing, and then 179## have the SERVICE=P check remove the job. 180## 181## NOTE: if you do not have an explicit ACCEPT SERVICE=P or 182## DEFAULT ACCEPT action then your print jobs will be accepted 183## and then quietly discarded. 184## 185## Example Permissions 186## 187## # All operations allowed except those specifically forbidden 188## DEFAULT ACCEPT 189## 190## # Accept connections from hosts on subnet 130.191.0.0 or 191## # from the server. 192## ACCEPT SERVICE=X REMOTEIP=130.191.0.0/255.255.0.0,\ 193## 128.0.0.0/8 194## # from a named set of sites 195## ACCEPT SERVICE=X REMOTEHOST=engpc* 196## # listed in the /etc/accepthost file 197## ACCEPT SERVICE=X REMOTEHOST=</etc/accepthost 198## - /etc/rejecthost contains list of entries separated 199## by whitespace. For example: 200## 10.0.0.0/8 128.0.0.0/8 201## 192.168.10.1 192.168.10.2 202## # don't take them from this particular host 203## REJECT SERVICE=X REMOTEHOST=badhost.eng.com 204## # Reject all others 205## REJECT SERVICE=X 206## 207## #Do not allow anybody but root or papowell on 208## #astart1.astart.com or listed in the /etc/ok file 209## #to use lpc commands: 210## ACCEPT SERVICE=C SERVER REMOTEUSER=root 211## ACCEPT SERVICE=C REMOTEHOST=astart1.astart.com \ 212## REMOTEUSER=papowell,</etc/ok 213## /etc/ok has list of users: 214## root papowell nobody 215## user1 user2 216## 217## #Allow root on talker.astart.com to control printer hpjet 218## ACCEPT SERVICE=C HOST=talker.astart.com PRINTER=hpjet REMOTEUSER=root 219## #Reject all others 220## REJECT SERVICE=C 221## 222## #Do not allow forwarded jobs or requests 223## REJECT SERVICE=R,C,M FORWARD 224## 225 226## If you want to have connections only from programs on 227## the local host, then uncomment the next line: 228#REJECT NOT SERVER 229 230## You can make sure that connections come from a privileged port. 231## Default is to allow them from any port so that non-setuid programs 232# can do printing. 233# Totally RFC1179 234#REJECT SERVICE=X NOT PORT=1-1023 235@PRIV_PORTS@REJECT SERVICE=X NOT PORT=1-1023 236# Privileged 237#REJECT SERVICE=X NOT PORT=721-731 238# 239# allow root on server to control jobs 240ACCEPT SERVICE=C SERVER REMOTEUSER=root 241# allow anybody to get server, status, and printcap 242ACCEPT SERVICE=C LPC=lpd,status,printcap 243# reject all others 244REJECT SERVICE=C 245# 246# allow same user on originating host to remove a job 247ACCEPT SERVICE=M SAMEHOST SAMEUSER 248# allow root on server to remove a job 249ACCEPT SERVICE=M SERVER REMOTEUSER=root 250REJECT SERVICE=M 251# all other operations allowed 252DEFAULT ACCEPT 253