From: Dobrica Pavlinusic Date: Wed, 6 Mar 2019 18:04:04 +0000 (+0100) Subject: cups-pdf PostProcessing script to get users from pGina X-Git-Url: http://git.rot13.org/?p=safeq;a=commitdiff_plain;h=7234eee102128f066d5c5681b82186d0561e2199;hp=0ff435332637b7f8f756b1c3eb9a8c9412432353 cups-pdf PostProcessing script to get users from pGina --- diff --git a/cups-pdf-find-owner.pl b/cups-pdf-find-owner.pl new file mode 100755 index 0000000..54fafcc --- /dev/null +++ b/cups-pdf-find-owner.pl @@ -0,0 +1,56 @@ +#!/usr/bin/perl +use warnings; +use strict; +use autodie; + +use Data::Dump qw(dump); +use File::Slurp; +use DBI; + +my ($file, $local_user, $remote_user) = @ARGV; + +my $job_id = $1 if ( $file =~ m/job_(\d+)/ ); + +die "can't find job_id in [$file]" unless $job_id; + +my $c_file = sprintf "/var/spool/cups/c%05d", $job_id; + +my $blob = read_file $c_file; + +my (undef,$ip) = split(/job-originating-host-name\x00/, $blob, 2); +my $len = ord(substr($ip,0,1)); +$ip = substr($ip,1,$len); + +my $database = 'pGinaDB'; +my $hostname = '10.60.4.9'; +my $port = 3306; +my $user = 'pGina'; +my $password = 'secret'; + +my $dsn = "DBI:mysql:database=$database;host=$hostname;port=$port"; +my $dbh = DBI->connect($dsn, $user, $password); + +my $sth = $dbh->prepare(qq{ + select * from pGinaSession where ipaddress = ? and logoutstamp is null order by loginstamp desc +}) or die "prepare statement failed: $dbh->errstr()"; +$sth->execute($ip) or die "execution failed: $dbh->errstr()"; +if ( $sth->rows < 1 ) { + die "can't find IP for job $job_id"; +} elsif ( $sth->rows > 1 ) { + warn "ERROR: found $sth->rows() rows for $job_id, usng first one\n"; +} +my $row = $sth->fetchrow_hashref(); +warn "## row = ",dump($row); + +$sth->finish; + +my $username = $row->{username} || die "no username in row = ",dump($row); + +my $spool = '/var/spool/cups-pdf/'; +mkdir "$spool/$username" if ( ! -e "$spool/$username" ); +my $filename_only = $file; +$filename_only =~ s/^.*\///; # basename + +rename $file, "$spool/$username/$filename_only"; + +exit 0; diff --git a/debian-install.sh b/debian-install.sh index 672a471..56b2d23 100755 --- a/debian-install.sh +++ b/debian-install.sh @@ -3,6 +3,7 @@ test `id -u` -ne 0 && exec sudo $0 apt-get install curl libdata-dump-perl cups printer-driver-fujixerox cups-ipp-utils printer-driver-cups-pdf snmp snmp-mibs-downloader +# ntp samba smbclient # enable mibs grep -i '^mibs :' /etc/snmp/snmp.conf && perl -p -i -n -e 's/^mibs :.*/mibs +ALL/' /etc/snmp/snmp.conf diff --git a/doc/cups-pdf.txt b/doc/cups-pdf.txt new file mode 100644 index 0000000..19dd752 --- /dev/null +++ b/doc/cups-pdf.txt @@ -0,0 +1,25 @@ +We are using cups-pdf to create printer which is shared on windows using ipp. + +Since we are not getting users from windows in our setup, we need cups-pdf +PostProcessing hook to look find user from pGinaSessions. + + +sudo vi /etc/cups/cups-pdf.conf + +PostProcessing /srv/safeq/cups-pdf-find-owner.pl + + +To make this work, you also have to edit apparmor: + +sudo vi /etc/apparmor.d/usr.sbin.cupsd + +edit end of file, under /usr/lib/cups/backend/cups-pdf { +add permission for script execution: +... + /var/spool/cups/** r, + /var/spool/cups-pdf/** rw, + + # safeq ffzg -- added to allow execution of PostProcessing + /srv/safeq/cups-pdf-find-owner.pl uxr, +} +