1###########################################################################
2# LPRng - An Extended Print Spooler System
3#
4# Copyright 1988-2001 Patrick Powell, San Diego, CA
5#     papowell@lprng.com
6# See LICENSE for conditions of use.
7#
8###########################################################################
9# MODULE: TESTSUPPORT/lpd.perms.proto
10# PURPOSE: prototype printer permissions file
11# $Id: lpd.perms.in,v 1.1.1.1 2008/10/15 03:28:09 james26_jang Exp $
12########################################################################## 
13# Printer permissions data base
14## #
15##                  LPRng - An Enhanced Printer Spooler
16##                     lpd.perms file
17##                   Patrick Powell <papowell@lprng.com>
18##
19## VERSION=3.8.22
20##
21## Access control to the LPRng facilities is controlled by entries
22## in a set of lpd.perms files.  The common location for these files
23## are: /etc/lpd.perms,  /usr/etc/lpd.perms, and  /var/spool/lpd/lpd.perms.
24## The locations of these files are set by the perms_path entry
25## in the lpd.conf file or by compile time defaults in the
26## src/common/defaults.c file.
27## 
28## Each time the lpd server is given a user request or carries out an
29## operation,  it searches to the perms files to determine if the action
30## is ACCEPT or REJECT.  The first ACCEPT or REJECT found terminates the search.
31## If none is found,  then the last DEFAULT action is used.
32## 
33## Permissions are checked by the use of 'keys' and matches.  For each of
34## the following LPR activities,  the following keys have a value. 
35## 
36## Key          Match Connect Job   Job    LPQ  LPRM  LPC
37##                            Spool Print
38## SERVICE      S     'X'     'R'   'P'    'Q'  'M'   'C'
39## USER         S     -       JUSR  JUSR   JUSR JUSR  JUSR
40## HOST         S     RH      JH    JH     JH   JH    JH
41## GROUP        S     -       JUSR  JUSR   JUSR JUSR  JUSR
42## IP           IP    RIP     JIP   JIP    RIP  JIP   JIP
43## PORT         N     PORT    PORT  PORT   PORT PORT  PORT
44## UNIXSOCKET   V     SK      SK    SK     SK   SK    SK
45## REMOTEUSER   S     -       JUSR  JUSR   JUSR CUSR  CUSR
46## REMOTEHOST   S     RH      RH    JH     RH   RH    RH
47## REMOTEGROUP  S     -       JUSR  JUSR   JUSR CUSR  CUSR
48## CONTROLLINE  S     -       CL    CL     CL   CL    CL
49## PRINTER      S     -       PR    PR     PR   PR    PR
50## FORWARD      V     -       SA    -      -    SA    SA
51## SAMEHOST     V     -       SA    -      SA   SA    SA
52## SAMEUSER     V     -       -     -      SU   SU    SU
53## SERVER       V     -       SV    -      SV   SV    SV
54## LPC          S     -       -     -      -    -     LPC
55## AUTH         V     -       AU    AU     AU   AU    AU
56## AUTHTYPE     S     -       AU    AU     AU   AU    AU
57## AUTHUSER     S     -       AU    AU     AU   AU    AU
58## AUTHFROM     S     -       AU    AU     AU   AU    AU
59## AUTHSAMEUSER S     -       AU    AU     AU   AU    AU
60##   REMOTEIP is an alias for REMOTEHOST
61##   REMOTEPORT is an alias for PORT
62##   IP is an alias for HOST
63
64## 
65## KEY:
66##   JH = HOST          IP address/DNS name of host in control file
67##   RH = REMOTEHOST    connecting host IP address/DNS Name
68##   JUSR = USER        user in control file
69##   CUSR = REMOTEUSER  user making control operation request
70##   JIP= IP            IP address/DNS name of host in control file
71##   RIP= REMOTEIP      IP address/DNS name of requesting host
72##   PORT=              connecting host origination port
73##   SK=                true (match) if connection from a unix socket
74##   CONTROLLINE=       pattern match of control line in control file
75##
76##   SA= IP of source of request == IP of host in control file
77##   SU= user name making request == user in control file
78##   SV= IP of source of request = IP of server host or server Localhost
79##   LPC= lpc command globmatched against values
80##   AU= Authorization check on transfer
81##       AUTH will be true (match) if authenticated request
82##       AUTHTYPE will match authentication type of request to pattern
83##       AUTHUSER will match client authentication id to pattern
84##       AUTHFROM will match request originator authentication id to pattern
85##       AUTHSAMEUSER will match requestor authentication id
86##              to authentication id in job
87## 
88## Match: S = globmatch, IP = IPaddress[/netmask],
89##   N = low[-high] number range, V= matching or compatible values
90## SERVICE: 'X' - Connection request; 'R' - lpr request from remote host;
91##    'P' - print job in queue; 'Q' - lpq request, 'M' - lprm request;
92##    'C' - lpc spool control request;
93## NOTE: when printing (P action), the remote and job check values
94##   (i.e. - RUSR, JUSR) are identical.
95## NOTE: the HOST, USER, SAMEUSER and SAMEHOST checks always succeed
96##   when checking permissions for a spool queue;  they are active only when
97##   checking permissions of a spooled job.  
98## 
99## The UNIXSOCKET will match (true) when connection was made over a UNIX
100##   socket.
101## 
102## The SAMEHOST match checks to see that one (or more) of the
103##  IP addresses of the host originating a request is/are the
104##  matches one or more of the IP addresses of the host whose
105##  hostname appears in the control file.
106## The SAMEHOST match checks to see that one (or more) of the
107##  IP addresses of the host originating a request is/are the
108##  matches one or more of the IP addresses of the server.
109## FORWARD  is the same as NOT SAMEHOST, i.e. - request is
110##  forwarded.
111## 
112## The  special key letter=patterns searches the control file
113## line starting with the (upper case) letter, and is usually
114## used  with  printing  and  spooling  checks.  For example,
115## C=A*,B* would check that the class information (i.e.- line
116## in  the control file starting with C) had a value starting
117## with A or B.
118## 
119## A permission line consists of list of tests and an a result value
120## If all of the tests succeed,  then a match has been found and the
121## permission testing completes with the result value.  You use the
122## DEFAULT reserved word to set the default ACCEPT/DENY result.
123## The NOT keyword will reverse the sense of a test.
124## 
125## Each test can have one or more optional values separated by
126## commas. For example USER=john,paul,mark has 3 test values.
127## 
128## The Match type specifies how the matching is done.
129## S = glob type string match OR </path
130##     Format:  string with wildcards (*) and ranges
131##              * matches 0 or more chars
132##              [a-d] matches a or b or c or d
133##     Character comparison is case insensitive.
134##     For example - USER=th*s matches uTHS, This, This, Theses
135##                   USER=[d-f]x matches dx, ex, fx
136##     If the match is </path then the specified file is
137##     opened and read, and the file contents are treated like
138##     S type entries separated by whitespace
139##     
140## 
141## IP = IP address and submask.  IP address must be in dotted form.
142##       OR </path
143##      Format: x.x.x.x[/y.y.y.y]  x.x.x.x is IP address
144##              y.y.y.y is optional submask, default is 255.255.255.255
145##      Match is done by converting to 32 bit x, y, and IP value and using:
146##         success = ((x ^ IP ) & y) == 0   (C language notation)
147##     i.e.- only bits where mask is non-zero are used in comparison.
148##     For example - REMOTEIP=130.191.0.0/255.255.0.0 matches all address 130.191.X.X
149##     If the match is </path then the specified file is
150##     opened and read, and the file contents are treated like
151##     S type entries separated by whitespace
152##          
153## N = numerical range  -  low-high integer range.
154##      Format: low[-high]
155##      Example: PORT=0-1023 matches a port in range 0 - 1023 (privileged)
156## 
157## The SAMEUSER and SAMEHOST are options that form values from information
158## in control files or connections.  The GROUP entry searches the user group 
159## database for group names matching the pattern,  and then searches these
160## for the user name.  If the name is found,  the search is successful.
161## The SERVER entry is successful if the request originated from the current
162## lpd server host.
163## 
164## Note carefully that the USER, HOST, and IP values are based on values found
165## in the control file currently being checked for permissions.  The
166## REMOTEUSER, REMOTEHOST, and REMOTEIP are based on values supplied as part
167## of a connection to the LPD server,  or on the actual TCP/IP connection.
168##
169## The LPC entry matches an LPC command.  For example LPC=topq would match 
170## when an lpc topq command is being executed.  You must still have the
171## SERVICE=C entry to trigger this action.
172##
173## Note: the SERVICE=R and SERVICE=P both check the LPR actions
174## of sending a job.  However, SERVICE=R does it when the job is being
175## sent to the LPD server.  Some LPD (and LPR) implementations cannot
176## handle a job being rejected due to lack of permissions,  and sit in
177## an endless loop trying to resend the job.  This is the reason for
178## the SERVICE=P check.  You can accept the job for printing,  and then
179## have the SERVICE=P check remove the job.
180##
181## NOTE: if you do not have an explicit ACCEPT SERVICE=P or
182## DEFAULT ACCEPT action then your print jobs will be accepted
183## and then quietly discarded.
184## 
185## Example Permissions
186## 
187## # All operations allowed except those specifically forbidden
188## DEFAULT ACCEPT
189## 
190## # Accept connections from hosts on subnet 130.191.0.0 or
191## # from the server.
192##   ACCEPT SERVICE=X REMOTEIP=130.191.0.0/255.255.0.0,\
193##              128.0.0.0/8
194## # from a named set of sites
195##   ACCEPT SERVICE=X REMOTEHOST=engpc*
196## # listed in the /etc/accepthost file
197##   ACCEPT SERVICE=X REMOTEHOST=</etc/accepthost
198##     - /etc/rejecthost contains list of entries separated
199##       by whitespace.  For example:
200##            10.0.0.0/8 128.0.0.0/8
201##            192.168.10.1  192.168.10.2
202##   # don't take them from this particular host
203##   REJECT SERVICE=X REMOTEHOST=badhost.eng.com
204## # Reject all others
205##   REJECT SERVICE=X
206## 
207## #Do not allow anybody but root or papowell on
208## #astart1.astart.com or listed in the /etc/ok file
209## #to use lpc commands:
210##   ACCEPT SERVICE=C SERVER REMOTEUSER=root
211##   ACCEPT SERVICE=C REMOTEHOST=astart1.astart.com \
212##        REMOTEUSER=papowell,</etc/ok
213##     /etc/ok has list of users:
214##         root papowell nobody
215##         user1 user2
216## 
217## #Allow root on talker.astart.com to control printer hpjet
218##   ACCEPT SERVICE=C HOST=talker.astart.com PRINTER=hpjet REMOTEUSER=root
219## #Reject all others
220##   REJECT SERVICE=C
221## 
222## #Do not allow forwarded jobs or requests
223##   REJECT SERVICE=R,C,M FORWARD
224## 
225
226##  If you want to have connections only from programs on
227##  the local host,  then uncomment the next line:
228#REJECT NOT SERVER 
229
230## You can make sure that connections come from a privileged port.
231## Default is to allow them from any port so that non-setuid programs
232#  can do printing.
233#  Totally RFC1179
234#REJECT SERVICE=X NOT PORT=1-1023
235@PRIV_PORTS@REJECT SERVICE=X NOT PORT=1-1023
236#  Privileged
237#REJECT SERVICE=X NOT PORT=721-731
238#
239# allow root on server to control jobs
240ACCEPT SERVICE=C SERVER REMOTEUSER=root
241# allow anybody to get server, status, and printcap
242ACCEPT SERVICE=C LPC=lpd,status,printcap
243# reject all others
244REJECT SERVICE=C
245#
246# allow same user on originating host to remove a job
247ACCEPT SERVICE=M SAMEHOST SAMEUSER
248# allow root on server to remove a job
249ACCEPT SERVICE=M SERVER REMOTEUSER=root
250REJECT SERVICE=M
251# all other operations allowed
252DEFAULT ACCEPT
253