|
1 # |
|
2 # CDDL HEADER START |
|
3 # |
|
4 # The contents of this file are subject to the terms of the |
|
5 # Common Development and Distribution License (the "License"). |
|
6 # You may not use this file except in compliance with the License. |
|
7 # |
|
8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
|
9 # or http://www.opensolaris.org/os/licensing. |
|
10 # See the License for the specific language governing permissions |
|
11 # and limitations under the License. |
|
12 # |
|
13 # When distributing Covered Code, include this CDDL HEADER in each |
|
14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
|
15 # If applicable, add the following below this CDDL HEADER, with the |
|
16 # fields enclosed by brackets "[]" replaced with your own identifying |
|
17 # information: Portions Copyright [yyyy] [name of copyright owner] |
|
18 # |
|
19 # CDDL HEADER END |
|
20 # |
|
21 # Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. |
|
22 # |
|
23 |
|
24 SETTING UP TEST ENVIRONMENT |
|
25 --------------------------- |
|
26 The following steps should be followed for setting up the test environment |
|
27 for Trusted Solaris: |
|
28 |
|
29 1. Install trusted packages |
|
30 # pkg install system/trusted |
|
31 # pkg install system/trusted/trusted-global-zone |
|
32 # pkg install trusted-extensions |
|
33 |
|
34 2. Enable labeld service |
|
35 # svcadm enable -s labeld |
|
36 |
|
37 3. Verify that the service is enabled. |
|
38 # svcs -x labeld |
|
39 svc:/system/labeld:default (Trusted Extensions) |
|
40 State: online since weekday month date hour:minute:second year |
|
41 See: labeld(1M) |
|
42 Impact: None. |
|
43 |
|
44 4. This step is required in case you want to install your own |
|
45 label_encodings file. |
|
46 |
|
47 To test labels greater than 80 characters, you will have to use |
|
48 large labels_encodings file. |
|
49 i) Copy the label_encodings file to the disk. |
|
50 ii) Check the syntax of the file and make it the active |
|
51 label_encodings file. |
|
52 a) Run the chk_encodings command. |
|
53 # /usr/sbin/chk_encodings /full-pathname-of-label-encodings-file |
|
54 b) Make the file the active label_encodings file. |
|
55 # cp /full-pathname-of-label-encodings-file \ |
|
56 /etc/security/tsol/label.encodings.site |
|
57 # cd /etc/security/tsol |
|
58 # cp label_encodings label_encodings.tx.orig |
|
59 # cp label.encodings.site label_encodings |
|
60 Your label_encodings file must pass the Check Encodings test before |
|
61 you continue. |
|
62 |
|
63 5. Reboot the system. |
|
64 |
|
65 6. Once the system is up after reboot, create labeled zones. |
|
66 Labeled zones can be created using '/usr/sbin/txzonemgr' command. |
|
67 For details refer to 'txzonemgr(1M)' manpage. |
|
68 |
|
69 Documentation on 'Printing in Trusted extensions environment' can be found at: |
|
70 http://docs.oracle.com/cd/E23824_01/html/821-1482/manageprint-1.html#scrolltoc |
|
71 |
|
72 -------------------------------------------------------------------------------------------- |
|
73 |
|
74 TEST CASES |
|
75 ---------- |
|
76 All the following test cases should be run in Trusted Solaris environment. |
|
77 |
|
78 1. Run printing test suite for CUPS. |
|
79 Details on printing test-suite can be found at: |
|
80 https://stbeehive.oracle.com/teamcollab/wiki/Solaris+Printing:CUPS+Printing+Test+Suite |
|
81 |
|
82 2. Printing from labeled zones to network printer directly. |
|
83 3. Printing from labeled zones to network printer via Global zone. |
|
84 4. Printing from global zone to directly attached USB printer. |
|
85 5. Printing from global zone to network printer. |
|
86 6. Print in different orientations. (Should be tested for both Image & Text files) |
|
87 The -o landscape option will rotate the page 90 degrees to print in landscape |
|
88 orientation: |
|
89 lp -o landscape filename |
|
90 lpr -o landscape filename |
|
91 |
|
92 The -o orientation-requested=N option rotates the page depending on the value of N: |
|
93 |
|
94 -o orientation-requested=3 - portrait orientation (no rotation) |
|
95 -o orientation-requested=4 - landscape orientation (90 degrees) |
|
96 -o orientation-requested=5 - reverse landscape or seascape orientation (270 degrees) |
|
97 -o orientation-requested=6 - reverse portrait or upside-down orientation |
|
98 (180 degrees) |
|
99 |
|
100 -o number-up=2 |
|
101 -o number-up=6 |
|
102 this should be landscape by default |
|
103 |
|
104 rest number-up should be portrait |
|
105 |
|
106 Mix -o number-up & orientation-requested. |
|
107 |
|
108 7. Printing On Both Sides of the Paper |
|
109 |
|
110 -o sides=two-sided-short-edge |
|
111 -o sides=two-sided-long-edge |
|
112 These options will enable two-sided printing on the printer if the printer supports it. |
|
113 |
|
114 '-o sides=two-sided-short-edge' option is suitable for landscape pages, |
|
115 while '-o sides=two-sided-long-edge' option is suitable for portrait pages: |
|
116 |
|
117 lp -o sides=two-sided-short-edge filename |
|
118 lp -o sides=two-sided-long-edge filename |
|
119 lpr -o sides=two-sided-long-edge filename |
|
120 |
|
121 The default is to print single-sided: |
|
122 |
|
123 lp -o sides=one-sided filename |
|
124 lpr -o sides=one-sided filename |
|
125 |
|
126 8. Labels greater than 80 characters. |
|
127 Labels greater than 80 characters would be truncated at the right by '->' |
|
128 |
|
129 9. Printing to a printer in same subnet. |
|
130 If the printer is in the same subnet, then add it using cups web interface |
|
131 at localhost:631 |
|
132 |
|
133 10. Printing to a printer in different subnet. |
|
134 You should be able to ping the printer ip address. |
|
135 |
|
136 Adding the printer: |
|
137 lpadmin -p printer_name -E -v socket://<ip-addr-of-printer> -m <model> |
|
138 |
|
139 You can find your printer model using |
|
140 lpinfo -m | grep -i <model name> |
|
141 |
|
142 model example: "foomatic-db-ppds/Ricoh/PS/Ricoh-Aficio_MP_5000_PS.ppd.gz" |
|
143 |
|
144 e.g: |
|
145 lpadmin -p printer -E -v socket://10.163.198.77 -m foomatic-db-ppds/Ricoh/PS/Ricoh-Aficio_MP_5000_PS.ppd.gz |
|
146 |
|
147 11. Printing without banner and trailer pages and also without page-labels. |
|
148 |
|
149 -o nolabels |
|
150 Does not print job labels |
|
151 |
|
152 -o job-sheets=none |
|
153 -o job-sheets=none, none |
|
154 -o job-sheets=none,<any-label> |
|
155 The above three work same. No banner and trailer pages get printed. |
|
156 |
|
157 -o job-sheets=<any-label>,none |
|
158 -o job-sheets=<any-label>,<any-label> |
|
159 The above two work same. Both banner and trailer pages get printed. |
|
160 |
|
161 -o job-sheets=none -o nolabels |
|
162 No banner and trailer page and no job-labels |
|
163 |
|
164 12. Test following authorizations: |
|
165 solaris.print.admin |
|
166 solaris.print.unlabeled |
|
167 solaris.print.nobanner |
|
168 solaris.print.list |
|
169 |
|
170 Following command can be used to list the user authorizations: |
|
171 $ auths <user> |
|
172 |
|
173 For eg: |
|
174 Printing from a labeled zone as root. |
|
175 |
|
176 $ lp -d public -o job-sheets=none,none /etc/release |
|
177 request id is public-19 (1 file(s)) |
|
178 |
|
179 This request is submitted to the server as 'remroot'. In this case both |
|
180 banner and trailer pages get printed, as 'remroot' does not have the |
|
181 solaris.print.nobanner authorization. |
|
182 |
|
183 solaris.print.list |
|
184 # lp -d test /etc/release |
|
185 request id is test-313 (1 file(s)) |
|
186 |
|
187 # lpstat test |
|
188 test-313 root 3072 Fri Mar 30 07:42:58 2012 |
|
189 |
|
190 ---> Login as 'remroot' <--- |
|
191 # su - remroot |
|
192 Oracle Corporation SunOS 5.11 11.0 November 2011 |
|
193 |
|
194 ---> 'remroot' doesn't have solaris.print.list authorization so it cannot list |
|
195 the jobs for printer test <--- |
|
196 $ lpstat test |
|
197 |
|
198 $ lp -d test /etc/release |
|
199 request id is test-314 (1 file(s)) |
|
200 |
|
201 ---> For 'remroot', 'lpstat' lists only the jobs requested by 'remroot' <--- |
|
202 $ lpstat test |
|
203 test-314 remroot 3072 Fri Mar 30 07:43:44 2012 |
|
204 |
|
205 $ logout |
|
206 |
|
207 ---> For 'root', 'lpstat' lists all the jobs <--- |
|
208 # lpstat test |
|
209 test-313 root 3072 Fri Mar 30 07:42:58 2012 |
|
210 test-314 remroot 3072 Fri Mar 30 07:43:44 2012 |
|
211 |
|
212 ---> Give remroot solaris.print.list authorization <--- |
|
213 # usermod -A solaris.print.list remroot |
|
214 Found user in files repository. |
|
215 |
|
216 ---> Login as 'remroot' |
|
217 root@txx2270-05:/var/log/cups# su - remroot |
|
218 Oracle Corporation SunOS 5.11 11.0 November 2011 |
|
219 |
|
220 ---> Now for 'root', 'lpstat' lists all the jobs <--- |
|
221 -bash-4.1$ lpstat test |
|
222 test-313 root 3072 Fri Mar 30 07:42:58 2012 |
|
223 test-314 remroot 3072 Fri Mar 30 07:43:44 2012 |
|
224 |
|
225 13. Printing to a printer which is outside the labeled range. |
|
226 E.g: Printing from a 'Public Zone' to a printer labeled 'Confidential' |
|
227 |
|
228 $ lp -d hp /etc/release |
|
229 lp: label violation. |
|
230 |
|
231 14. Cascade printing |
|
232 Print from a system which is accessible from local zone, to a printer which |
|
233 is accessible to the GZ only. |
|
234 Print request goes from the system to LZ to GZ to Printer. |
|
235 |
|
236 Note: For cascading to work printer must be shared on both LZ and GZ. |
|
237 |
|
238 Printer can be shared from command line as: |
|
239 $ lpadmin -p <printer> -o printer-is-shared=true |