From: mike <mike@7a7537e8-13f0-0310-91df-b6672ffda945>
Date: Tue, 4 Mar 2003 21:41:40 +0000 (+0000)
Subject: Add support for -u allow/deny:@groupname.
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=29470950eaca4950cd4cbdd4ce4c8ed2ce2e1992;p=thirdparty%2Fcups.git

Add support for -u allow/deny:@groupname.


git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@3423 7a7537e8-13f0-0310-91df-b6672ffda945
---

diff --git a/CHANGES.txt b/CHANGES.txt
index 4995b0a73f..7a8e10d297 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -3,6 +3,8 @@ CHANGES.txt - 03/04/2003
 
 CHANGES IN CUPS V1.1.19
 
+	- The lpadmin command now allows printer access control
+	  by group name as well as user name.
 	- "lpoptions -l" got in an infinite loop if no default
 	  printer was available.
 	- The scheduler now logs the job-originating-host-name
diff --git a/doc/sam.shtml b/doc/sam.shtml
index 962e14769d..583f24b02b 100644
--- a/doc/sam.shtml
+++ b/doc/sam.shtml
@@ -1,7 +1,7 @@
 <HTML>
 <HEAD>
 	<META NAME="COPYRIGHT" CONTENT="Copyright 1997-2003, All Rights Reserved">
-	<META NAME="DOCNUMBER" CONTENT="CUPS-SAM-1.1.18">
+	<META NAME="DOCNUMBER" CONTENT="CUPS-SAM-1.1.19">
 	<META NAME="Author" CONTENT="Easy Software Products">
 	<TITLE>CUPS Software Administrators Manual</TITLE>
 </HEAD>
@@ -11,7 +11,7 @@
 
 <P>This software administrators manual provides printer administration
 information for the Common UNIX Printing System<SUP>TM</SUP>
-("CUPS<SUP>TM</SUP>"), version 1.1.18.
+("CUPS<SUP>TM</SUP>"), version 1.1.19.
 
 <EMBED SRC="system-overview.shtml">
 
@@ -666,6 +666,18 @@ printer, but all other users cannot print. The command:</P>
 <P>has the opposite effect. All users except peter, paul, and mary will
 be able to print to the named printer.</P>
 
+<P>You can control access by UNIX groups as well by placing an
+"@" character before each group name. The command:</P>
+
+<UL>
+<PRE>
+<B>/usr/sbin/lpadmin -p <I>printer</I> -u allow:peter,paul,mary,@printgods <I>ENTER</I></B>
+</PRE>
+</UL>
+
+<P>allows the users peter, paul, and mary to print, as well as
+any user in the printgods group to print.
+
 <CENTER>
 <TABLE BGCOLOR="#cccccc" BORDER="1" CELLPADDING="5" WIDTH="80%">
 <TR>
diff --git a/man/lpadmin.man b/man/lpadmin.man
index 6b2c79b862..56de25547b 100644
--- a/man/lpadmin.man
+++ b/man/lpadmin.man
@@ -1,5 +1,5 @@
 .\"
-.\" "$Id: lpadmin.man,v 1.10 2003/01/31 20:09:23 mike Exp $"
+.\" "$Id: lpadmin.man,v 1.11 2003/03/04 21:41:39 mike Exp $"
 .\"
 .\"   lpadmin man page for the Common UNIX Printing System (CUPS).
 .\"
@@ -111,12 +111,13 @@ None, BCP, or TBCP. The default protocol is None.
 Removes the named \fIprinter\fR from \fIclass\fR.  If the resulting class
 becomes empty it is removed.
 .TP 5
-\-u \fIallow:user,user\fR
-\-u \fIdeny:user,user\fR
+\-u \fIallow:user,user,@group\fR
+\-u \fIdeny:user,user,@group\fR
 \-u \fIallow:all\fR
 \-u \fIdeny:none\fR
 .br
-Sets user-level access control on a printer. The latter two forms turn
+Sets user-level access control on a printer. Names starting with
+"@" are interpreted as UNIX groups. The latter two forms turn
 user-level access control off.
 .TP 5
 \-v \fIdevice-uri\fR
@@ -158,5 +159,5 @@ http://localhost:631/documentation.html
 .SH COPYRIGHT
 Copyright 1993-2003 by Easy Software Products, All Rights Reserved.
 .\"
-.\" End of "$Id: lpadmin.man,v 1.10 2003/01/31 20:09:23 mike Exp $".
+.\" End of "$Id: lpadmin.man,v 1.11 2003/03/04 21:41:39 mike Exp $".
 .\"
diff --git a/scheduler/ipp.c b/scheduler/ipp.c
index 54da16d3e3..c6500470d4 100644
--- a/scheduler/ipp.c
+++ b/scheduler/ipp.c
@@ -1,5 +1,5 @@
 /*
- * "$Id: ipp.c,v 1.189 2003/02/26 19:49:24 mike Exp $"
+ * "$Id: ipp.c,v 1.190 2003/03/04 21:41:40 mike Exp $"
  *
  *   IPP routines for the Common UNIX Printing System (CUPS) scheduler.
  *
@@ -1777,10 +1777,12 @@ static int			/* O - 1 if OK, 0 if not */
 check_quotas(client_t  *con,	/* I - Client connection */
              printer_t *p)	/* I - Printer or class */
 {
-  int		i;		/* Looping var */
+  int		i, j;		/* Looping vars */
   ipp_attribute_t *attr;	/* Current attribute */
   char		username[33];	/* Username */
   quota_t	*q;		/* Quota data */
+  struct passwd	*pw;		/* User password data */
+  struct group	*grp;		/* Group data */
 
 
   LogMessage(L_DEBUG2, "check_quotas(%p[%d], %p[%s])\n",
@@ -1850,8 +1852,41 @@ check_quotas(client_t  *con,	/* I - Client connection */
 
   if (p->num_users)
   {
+    pw = getpwnam(username);
+    endpwent();
+
     for (i = 0; i < p->num_users; i ++)
-      if (strcasecmp(username, p->users[i]) == 0)
+      if (p->users[i][0] == '@')
+      {
+       /*
+        * Check group membership...
+	*/
+
+        grp = getgrnam(p->users[i] + 1);
+	endgrent();
+
+        if (grp)
+	{
+	 /*
+	  * Check primary group...
+	  */
+
+	  if (pw && grp->gr_gid == pw->pw_gid)
+	    break;
+
+         /*
+	  * Check usernames in group...
+	  */
+
+          for (j = 0; grp->gr_mem[j]; j ++)
+	    if (!strcmp(username, grp->gr_mem[j]))
+	      break;
+
+          if (grp->gr_mem[j])
+	    break;
+	}
+      }
+      else if (!strcasecmp(username, p->users[i]))
 	break;
 
     if ((i < p->num_users) == p->deny_users)
@@ -6069,5 +6104,5 @@ validate_user(client_t   *con,		/* I - Client connection */
 
 
 /*
- * End of "$Id: ipp.c,v 1.189 2003/02/26 19:49:24 mike Exp $".
+ * End of "$Id: ipp.c,v 1.190 2003/03/04 21:41:40 mike Exp $".
  */