Bug 32055 - deny access to printer based on client ip addresses
deny access to printer based on client ip addresses
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Printserver
UCS 3.1
Other Linux
: P5 normal (vote)
: UCS 3.1-1-errata
Assigned To: Erik Damrose
Felix Botner
:
Depends on: 31902
Blocks: 32009
  Show dependency treegraph
 
Reported: 2013-07-24 15:08 CEST by Felix Botner
Modified: 2013-07-25 10:52 CEST (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Felix Botner univentionstaff 2013-07-24 15:08:53 CEST
+++ This bug was initially created as a clone of Bug #31902 +++

The UCC integration into UCS@school should also cover the printer moderation.

Software on the UCC client is able to use the CUPS server on the school slave by simply setting the environment variable CUPS_SERVER.
→ automatic configuration of the printserver on the UCC client

Since all printer restrictions are done via samba shares, the UCC client would bypass these restrictions when connecting directly to the CUPS server.
→ the UCC client has to be subject to all regular UCS@school print restrictions
   Possible solutions for 2):
   - add the same restrictions to the CUPS config
   - the UCC client uses the samba printer shares#

univention-printserver 6.0.21-2.613.201307181044, build in errata3.1-1
2013-07-18-univention-printserver.yaml
Comment 1 Felix Botner univentionstaff 2013-07-24 15:30:26 CEST
FAIL - add UCRV description for cups/printmode/hosts/none

FAIL - please create bug for merge into 3.2

OK - errata3.1-1

univention-printserver 10.200.7.51
client                 10.200.7.55
client2                10.200.7.50

51-> ucr set cups/printmode/hosts/none="10.200.7.56 10.200.7.55"
51-> /etc/init.d/cups restart
51-> more /etc/cups/cups-access-limit.conf
<Policy default>
        <Limit All>
                Order deny,allow
                Deny from 10.200.7.56 10.200.7.55
        </Limit>
</Policy>

50-> lp -h 10.200.7.51 -d printer1 /etc/fstab
Anfrage-ID ist printer1–4 (1 Datei(en))

55-> lp -h 10.200.7.51 -d printer1 /etc/fstab
lp: Verboten

OK - YAML
Comment 2 Erik Damrose univentionstaff 2013-07-24 15:58:54 CEST
UCR variable description added: univention-printserver 6.0.21-3.615.201307241546 build in errata3.1-1
YAML file updated (Bugnumber and Version)

There was already a build for 3.2; It has been updated with the UCRV description and the changelog was changed to mention the current bug number.
univention-printserver 7.0.3-2.616.201307241554
Comment 3 Felix Botner univentionstaff 2013-07-24 16:15:54 CEST
(In reply to Erik Damrose from comment #2)
> UCR variable description added: univention-printserver
> 6.0.21-3.615.201307241546 build in errata3.1-1
> YAML file updated (Bugnumber and Version)

OK

> 
> There was already a build for 3.2; It has been updated with the UCRV
> description and the changelog was changed to mention the current bug number.
> univention-printserver 7.0.3-2.616.201307241554

OK
Comment 4 Moritz Muehlenhoff univentionstaff 2013-07-25 10:52:48 CEST
http://errata.univention.de/ucs/3.1/153.html