summaryrefslogtreecommitdiff
path: root/packaging/SGI/sambalp
diff options
context:
space:
mode:
authorHerb Lewis <herb@samba.org>1998-01-14 07:17:37 +0000
committerHerb Lewis <herb@samba.org>1998-01-14 07:17:37 +0000
commit5dd1eb4e32f95bd1d8f5da3ca30c7a0fc4ef87c0 (patch)
tree58bfa99075c698a0690a16c9ed65c57c3a69ba91 /packaging/SGI/sambalp
parent195c36a5d97e46a7a37824fe34065d4be58f73b3 (diff)
downloadsamba-5dd1eb4e32f95bd1d8f5da3ca30c7a0fc4ef87c0.tar.gz
samba-5dd1eb4e32f95bd1d8f5da3ca30c7a0fc4ef87c0.tar.bz2
samba-5dd1eb4e32f95bd1d8f5da3ca30c7a0fc4ef87c0.zip
README describe inst package version number correctly
idb.pl fix some permission problems with shell scripts sambalp new script supplied by Alan Stebbens that can run setuid to properly print banner page for known users. smb.conf use new sambalp by default. psfixes.pl remove - now handled by sambalp (This used to be commit 129aab955c069206109461e31f2b0244d8586908)
Diffstat (limited to 'packaging/SGI/sambalp')
-rw-r--r--packaging/SGI/sambalp136
1 files changed, 133 insertions, 3 deletions
diff --git a/packaging/SGI/sambalp b/packaging/SGI/sambalp
index cb95ef089f..fd0cef8f93 100644
--- a/packaging/SGI/sambalp
+++ b/packaging/SGI/sambalp
@@ -1,4 +1,24 @@
-#! /bin/sh
+#!/bin/perl
+#
+# Hacked by Alan Stebbens <aks@sgi.com> to setuid to the username if
+# valid on this system. Written as a secure Perl script. To enable,
+#
+# chown root /usr/samba/bin/sambalp
+# chmod u+s,+x /usr/samba/bin/sambalp
+#
+# If setuidshells is not enabled on your system, you must also do this:
+#
+# systune -i
+# nosuidshells = 0
+# y
+# quit
+#
+# reboot
+#
+# This script will still work as a normal user; it will not try
+# to setuid in this case.
+#
+# If the "$PSFIX" variable is set below...
#
# Workaround Win95 printer driver/Impressario bug by removing
# the PS check for available virtual memory. Note that this
@@ -15,6 +35,116 @@
# removed.
# 3. The VM fix described above.
#
+#
+# Modified for Perl4 compatibility.
+#
+
+$PROG = "sambalp";
+
+$PSFIX = 1; # set to 0 if you don't want to run
+ # the "psfix" portion
+
+# Untaint the PATH variable
+@PATH = split(' ',<<EOF);
+ /usr/sbin /usr/bsd /sbin /usr/bin /bin /usr/lib /usr/local/bin
+EOF
+$ENV{'PATH'} = join(':',@PATH);
+
+if ($#ARGV < 3) {
+ print STDERR "usage: $PROG printer file user system\n";
+ exit;
+}
+
+$printer = $ARGV[0];
+$file = $ARGV[1];
+$user = $ARGV[2];
+$system = $ARGV[3];
+
+open(LPSTAT,"/usr/bin/lpstat -t|") || die("Can't get printer list.\n");
+@printers = ();
+while (<LPSTAT>) {
+ next unless /^printer (\w+)/;
+ push(@printers,$1);
+}
+close LPSTAT;
+# Create a hash list
+@printers{@printers} = @printers;
+
+# Untaint the printer name
+if (defined($prtname = $printers{$printer})) {
+ $printer = $prtname;
+} else {
+ die("Unknown printer: \"$printer\"\n");
+}
+
+if ($> == 0) { # are we root?
+ # yes -- then perform a taint checks and possibly do a suid check
+
+ # Untaint the file and system names (pretend to filter them)
+ $file = $file =~ /^(.*)/ ? $1 : die("Bad file: $file\n");
+ $system = $system =~ /^(.*)/ ? $1 : die("Bad system: $system\n");
+
+ # Get the valid users
+ setpwent;
+ %users = ();
+ while (@pwe = getpwent()) {
+ $uids{$pwe[0]} = $pwe[2];
+ $users{$pwe[2]} = $pwe[0];
+ }
+ endpwent();
+
+ # Check out the user -- if the user is a real user on this system,
+ # then become that user so that the printer header page looks right
+ # otherwise, remain as the default user (probably "nobody").
+
+ if (defined($uid = $uids{$user})) {
+
+ # before we change UID, we must ensure that the file is still
+ # readable after the UID change.
+ chown($uid, 9, $file); # make the file owned by the user
+
+ # Now, go ahead and become the user
+ $name = $users{$uid};
+ $> = $uid; # become the user
+ $< = $uid;
+ } else { # do untaint filtering
+ $name = $user =~ /^(\w+)/ ? $1 : die("Bad user: $user\n");
+ }
+} else { # otherwise, just be me
+ $name = $user; # whomever that is
+}
+
+$lpcommand = "/usr/bin/lp -c -d$printer -t'$name on $system'";
+
+# This code is from the original "psfix" but it has been completely
+# rewritten for speed.
+
+if ($PSFIX) { # are we running a "psfix"?
+ open(FILE, $file) || die("Can't read $file: $!\n");
+ open(LP, "|$lpcommand -") || die("Can't open pipe to \"lp\": $!\n");
+ select(LP);
+ while (<FILE>) { #
+ $_ =~ s/^\004//; # strip any ctrl-d's
+ if (/^\e%/) { # get rid of any non-postscript commands
+ while (<FILE>) { # remove text until next %!PS
+ s/^\001M//; # lenmark driver prefixes Ctrl-A M to %!PS
+ last if /^%!PS/;
+ }
+ last if eof(FILE);
+ } elsif (/^%%Title:/) { # fix bug in long titles from MS Word
+ s/.\r$/\r/; # remove trailing character on the title
+ } elsif (/^\/VM\?/) { # remove VM test
+ print "/VM? { pop } bind def\r\n";
+ while (<FILE>) { last if /def\r/; }
+ next; # don't print
+ }
+ print;
+ }
+ close FILE;
+ close LP;
+} else { # we're not running psfix?
+ system("$lpcommand $file");
+}
-/usr/samba/bin/psfixes.pl $2 | /usr/bin/lp -c -d$1 -t"$3 on $4"
-rm $2
+# Remove the file only if it lives in /usr/tmp, /tmp, or /var/tmp.
+unlink($file) if $file =~ m=^(/(usr|var))?/tmp=;