diff options
| author | Herb Lewis <herb@samba.org> | 1998-01-14 07:17:37 +0000 |
|---|---|---|
| committer | Herb Lewis <herb@samba.org> | 1998-01-14 07:17:37 +0000 |
| commit | 5dd1eb4e32f95bd1d8f5da3ca30c7a0fc4ef87c0 (patch) | |
| tree | 58bfa99075c698a0690a16c9ed65c57c3a69ba91 /packaging/SGI/sambalp | |
| parent | 195c36a5d97e46a7a37824fe34065d4be58f73b3 (diff) | |
| download | samba-5dd1eb4e32f95bd1d8f5da3ca30c7a0fc4ef87c0.tar.gz samba-5dd1eb4e32f95bd1d8f5da3ca30c7a0fc4ef87c0.tar.bz2 samba-5dd1eb4e32f95bd1d8f5da3ca30c7a0fc4ef87c0.zip | |
README describe inst package version number correctly
idb.pl fix some permission problems with shell scripts
sambalp new script supplied by Alan Stebbens that can run setuid to
properly print banner page for known users.
smb.conf use new sambalp by default.
psfixes.pl remove - now handled by sambalp
(This used to be commit 129aab955c069206109461e31f2b0244d8586908)
Diffstat (limited to 'packaging/SGI/sambalp')
| -rw-r--r-- | packaging/SGI/sambalp | 136 |
1 files changed, 133 insertions, 3 deletions
diff --git a/packaging/SGI/sambalp b/packaging/SGI/sambalp index cb95ef089f..fd0cef8f93 100644 --- a/packaging/SGI/sambalp +++ b/packaging/SGI/sambalp @@ -1,4 +1,24 @@ -#! /bin/sh +#!/bin/perl +# +# Hacked by Alan Stebbens <aks@sgi.com> to setuid to the username if +# valid on this system. Written as a secure Perl script. To enable, +# +# chown root /usr/samba/bin/sambalp +# chmod u+s,+x /usr/samba/bin/sambalp +# +# If setuidshells is not enabled on your system, you must also do this: +# +# systune -i +# nosuidshells = 0 +# y +# quit +# +# reboot +# +# This script will still work as a normal user; it will not try +# to setuid in this case. +# +# If the "$PSFIX" variable is set below... # # Workaround Win95 printer driver/Impressario bug by removing # the PS check for available virtual memory. Note that this @@ -15,6 +35,116 @@ # removed. # 3. The VM fix described above. # +# +# Modified for Perl4 compatibility. +# + +$PROG = "sambalp"; + +$PSFIX = 1; # set to 0 if you don't want to run + # the "psfix" portion + +# Untaint the PATH variable +@PATH = split(' ',<<EOF); + /usr/sbin /usr/bsd /sbin /usr/bin /bin /usr/lib /usr/local/bin +EOF +$ENV{'PATH'} = join(':',@PATH); + +if ($#ARGV < 3) { + print STDERR "usage: $PROG printer file user system\n"; + exit; +} + +$printer = $ARGV[0]; +$file = $ARGV[1]; +$user = $ARGV[2]; +$system = $ARGV[3]; + +open(LPSTAT,"/usr/bin/lpstat -t|") || die("Can't get printer list.\n"); +@printers = (); +while (<LPSTAT>) { + next unless /^printer (\w+)/; + push(@printers,$1); +} +close LPSTAT; +# Create a hash list +@printers{@printers} = @printers; + +# Untaint the printer name +if (defined($prtname = $printers{$printer})) { + $printer = $prtname; +} else { + die("Unknown printer: \"$printer\"\n"); +} + +if ($> == 0) { # are we root? + # yes -- then perform a taint checks and possibly do a suid check + + # Untaint the file and system names (pretend to filter them) + $file = $file =~ /^(.*)/ ? $1 : die("Bad file: $file\n"); + $system = $system =~ /^(.*)/ ? $1 : die("Bad system: $system\n"); + + # Get the valid users + setpwent; + %users = (); + while (@pwe = getpwent()) { + $uids{$pwe[0]} = $pwe[2]; + $users{$pwe[2]} = $pwe[0]; + } + endpwent(); + + # Check out the user -- if the user is a real user on this system, + # then become that user so that the printer header page looks right + # otherwise, remain as the default user (probably "nobody"). + + if (defined($uid = $uids{$user})) { + + # before we change UID, we must ensure that the file is still + # readable after the UID change. + chown($uid, 9, $file); # make the file owned by the user + + # Now, go ahead and become the user + $name = $users{$uid}; + $> = $uid; # become the user + $< = $uid; + } else { # do untaint filtering + $name = $user =~ /^(\w+)/ ? $1 : die("Bad user: $user\n"); + } +} else { # otherwise, just be me + $name = $user; # whomever that is +} + +$lpcommand = "/usr/bin/lp -c -d$printer -t'$name on $system'"; + +# This code is from the original "psfix" but it has been completely +# rewritten for speed. + +if ($PSFIX) { # are we running a "psfix"? + open(FILE, $file) || die("Can't read $file: $!\n"); + open(LP, "|$lpcommand -") || die("Can't open pipe to \"lp\": $!\n"); + select(LP); + while (<FILE>) { # + $_ =~ s/^\004//; # strip any ctrl-d's + if (/^\e%/) { # get rid of any non-postscript commands + while (<FILE>) { # remove text until next %!PS + s/^\001M//; # lenmark driver prefixes Ctrl-A M to %!PS + last if /^%!PS/; + } + last if eof(FILE); + } elsif (/^%%Title:/) { # fix bug in long titles from MS Word + s/.\r$/\r/; # remove trailing character on the title + } elsif (/^\/VM\?/) { # remove VM test + print "/VM? { pop } bind def\r\n"; + while (<FILE>) { last if /def\r/; } + next; # don't print + } + print; + } + close FILE; + close LP; +} else { # we're not running psfix? + system("$lpcommand $file"); +} -/usr/samba/bin/psfixes.pl $2 | /usr/bin/lp -c -d$1 -t"$3 on $4" -rm $2 +# Remove the file only if it lives in /usr/tmp, /tmp, or /var/tmp. +unlink($file) if $file =~ m=^(/(usr|var))?/tmp=; |