Bug 32055 – deny access to printer based on client ip addresses

Bug 32055 - deny access to printer based on client ip addresses


Summary:	deny access to printer based on client ip addresses

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Printserver
Version:	UCS 3.1
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 3.1-1-errata
Assigned To:	Erik Damrose
QA Contact:	Felix Botner

URL:
Keywords:

Depends on:	31902
Blocks:	32009
	Show dependency tree / graph

Reported:	2013-07-24 15:08 CEST by Felix Botner
Modified:	2013-07-25 10:52 CEST (History)
CC List:	2 users (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Felix Botner

2013-07-24 15:08:53 CEST

+++ This bug was initially created as a clone of Bug #31902 +++

The UCC integration into UCS@school should also cover the printer moderation.

Software on the UCC client is able to use the CUPS server on the school slave by simply setting the environment variable CUPS_SERVER.
→ automatic configuration of the printserver on the UCC client

Since all printer restrictions are done via samba shares, the UCC client would bypass these restrictions when connecting directly to the CUPS server.
→ the UCC client has to be subject to all regular UCS@school print restrictions
   Possible solutions for 2):
   - add the same restrictions to the CUPS config
   - the UCC client uses the samba printer shares#

univention-printserver 6.0.21-2.613.201307181044, build in errata3.1-1
2013-07-18-univention-printserver.yaml

Comment 1 Felix Botner

2013-07-24 15:30:26 CEST

FAIL - add UCRV description for cups/printmode/hosts/none

FAIL - please create bug for merge into 3.2

OK - errata3.1-1

univention-printserver 10.200.7.51
client                 10.200.7.55
client2                10.200.7.50

51-> ucr set cups/printmode/hosts/none="10.200.7.56 10.200.7.55"
51-> /etc/init.d/cups restart
51-> more /etc/cups/cups-access-limit.conf
<Policy default>
        <Limit All>
                Order deny,allow
                Deny from 10.200.7.56 10.200.7.55
        </Limit>
</Policy>

50-> lp -h 10.200.7.51 -d printer1 /etc/fstab
Anfrage-ID ist printer1–4 (1 Datei(en))

55-> lp -h 10.200.7.51 -d printer1 /etc/fstab
lp: Verboten

OK - YAML

Comment 2 Erik Damrose

2013-07-24 15:58:54 CEST

UCR variable description added: univention-printserver 6.0.21-3.615.201307241546 build in errata3.1-1
YAML file updated (Bugnumber and Version)

There was already a build for 3.2; It has been updated with the UCRV description and the changelog was changed to mention the current bug number.
univention-printserver 7.0.3-2.616.201307241554

Comment 3 Felix Botner

2013-07-24 16:15:54 CEST

(In reply to Erik Damrose from comment #2)
> UCR variable description added: univention-printserver
> 6.0.21-3.615.201307241546 build in errata3.1-1
> YAML file updated (Bugnumber and Version)

OK

> 
> There was already a build for 3.2; It has been updated with the UCRV
> description and the changelog was changed to mention the current bug number.
> univention-printserver 7.0.3-2.616.201307241554

OK

Comment 4 Moritz Muehlenhoff

2013-07-25 10:52:48 CEST

http://errata.univention.de/ucs/3.1/153.html