5 files changed, 150 insertions, 44 deletions
diff --git a/packaging/SGI/README b/packaging/SGI/README
index 02855bb3a2..f13164af4a 100644
--- a/packaging/SGI/README
+++ b/packaging/SGI/README
@@ -12,13 +12,15 @@ binary, and log files are placed in the /usr/samba file hierarchy.
 Man pages are placed in the /usr/share/catman/u_man hierarchy.
 
 The version number of the distribution is a 10 digit number that
-is created from the samba version number plus a release number.
-Each section of the samba version number forms 2 digits of the
-version number (with leading zeros if necessary).
-
-samba version 1.9.16        would become  0109160000
-samba version 1.9.16p9      would become  0109160900
-samba version 1.9.16alpha9  would become  0109160009
+is created from the samba version number. Each section of the samba 
+version number forms 2 digits of the version number (with leading 
+zeros if necessary). The alpha versions add 00 and 2 digits for
+the alpha number. The first release adds 0100. Patch releases add
+2 digits for the patch level plus 1 and 00.
+
+samba version 1.9.18alpha9  would become  0109180009
+samba version 1.9.18        would become  0109180100
+samba version 1.9.18p9      would become  0109181000
 
 You can enable all printers on your system to be used by samba
 by running the script /usr/samba/mkprintcap.sh
diff --git a/packaging/SGI/idb.pl b/packaging/SGI/idb.pl
index 698d566a73..c698a7f60a 100755
--- a/packaging/SGI/idb.pl
+++ b/packaging/SGI/idb.pl
@@ -146,7 +146,7 @@ while (@allfiles) {
     print IDB "d 0755 root sys usr/samba/src/$nextfile $nextfile samba.src.samba\n";
   }
   else {
-    if (grep(/SGI/ & (/\.sh$/ | /\.pl$/ | /mkman$/),$nextfile)) {
+    if (grep((/\.sh$/ | /\.pl$/ | /mkman$/),$nextfile)) {
 	print IDB "f 0755 root sys usr/samba/src/$nextfile $nextfile samba.src.samba\n";
     }
     else {
diff --git a/packaging/SGI/psfixes.pl b/packaging/SGI/psfixes.pl
deleted file mode 100755
index 13e9bdb0a8..0000000000
--- a/packaging/SGI/psfixes.pl
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/usr/bin/perl
-
-while (<>) {
-# strip any ctrl-d's
-    $_ =~ s/^//;
-# get rid of any non-postscript commands
-    if (/^%/) {
-	do {
-	    $_ = <>;
-	} until ( /^%/ ) || eof() ;
-	if (! eof()) {
-	    print;
-	}
-    }
-# fix bug in long titles from MS Word
-    elsif (/^%%Title:/) {
-	    s/.
-$/
-/;
-	    print;
-    }
-# remove VM test
-    elsif (/^\/VM\?/) {
-	print "/VM? { pop } bind def
-\n";
-	do {
-	    $_ = <>;
-	} until (/def
-/) || eof() ;
-    }
-    else {
-	print;
-    }
-}
diff --git a/packaging/SGI/sambalp b/packaging/SGI/sambalp
index cb95ef089f..fd0cef8f93 100644
--- a/packaging/SGI/sambalp
+++ b/packaging/SGI/sambalp
@@ -1,4 +1,24 @@
-#! /bin/sh
+#!/bin/perl
+#
+# Hacked by Alan Stebbens <aks@sgi.com> to setuid to the username if 
+# valid on this system.  Written as a secure Perl script.  To enable,
+#
+#	chown root /usr/samba/bin/sambalp
+#	chmod u+s,+x /usr/samba/bin/sambalp
+#
+# If setuidshells is not enabled on your system, you must also do this:
+#
+#	systune -i
+#	nosuidshells = 0
+#	y
+#	quit
+#
+#	reboot
+#
+# This script will still work as a normal user; it will not try
+# to setuid in this case.
+#
+# If the "$PSFIX" variable is set below...
 #
 # Workaround Win95 printer driver/Impressario bug by removing
 # the PS check for available virtual memory.  Note that this
@@ -15,6 +35,116 @@
 # removed. 
 # 3. The VM fix described above.
 #
+#
+# Modified for Perl4 compatibility.
+#
+
+$PROG = "sambalp";
+
+$PSFIX = 1;			# set to 0 if you don't want to run
+				# the "psfix" portion
+
+# Untaint the PATH variable
+@PATH = split(' ',<<EOF);
+	/usr/sbin /usr/bsd /sbin /usr/bin /bin /usr/lib /usr/local/bin
+EOF
+$ENV{'PATH'} = join(':',@PATH);
+
+if ($#ARGV < 3) {
+    print STDERR "usage: $PROG printer file user system\n";
+    exit;
+}
+
+$printer = $ARGV[0];
+$file    = $ARGV[1];
+$user    = $ARGV[2];
+$system  = $ARGV[3];
+
+open(LPSTAT,"/usr/bin/lpstat -t|") || die("Can't get printer list.\n");
+@printers = ();
+while (<LPSTAT>) {
+    next unless /^printer (\w+)/;
+    push(@printers,$1);
+}
+close LPSTAT;
+# Create a hash list
+@printers{@printers} = @printers;
+    
+# Untaint the printer name
+if (defined($prtname = $printers{$printer})) {
+    $printer = $prtname;
+} else {
+    die("Unknown printer: \"$printer\"\n");
+}
+
+if ($> == 0) {		# are we root?
+    # yes -- then perform a taint checks and possibly do a suid check
+
+    # Untaint the file and system names (pretend to filter them)
+    $file   =   $file =~ /^(.*)/ ? $1 : die("Bad file: $file\n");
+    $system = $system =~ /^(.*)/ ? $1 : die("Bad system: $system\n");
+
+    # Get the valid users
+    setpwent;
+    %users = ();
+    while (@pwe = getpwent()) { 
+	$uids{$pwe[0]} = $pwe[2];
+	$users{$pwe[2]} = $pwe[0];
+    }
+    endpwent();
+
+    # Check out the user -- if the user is a real user on this system,
+    # then become that user so that the  printer header page looks right
+    # otherwise, remain as the default user (probably "nobody").
+
+    if (defined($uid = $uids{$user})) {
+
+	# before we change UID, we must ensure that the file is still
+	# readable after the UID change.
+	chown($uid, 9, $file);	# make the file owned by the user
+
+	# Now, go ahead and become the user
+	$name = $users{$uid};
+	$> = $uid;		# become the user
+	$< = $uid;
+    } else {			# do untaint filtering
+	$name = $user =~ /^(\w+)/ ? $1 : die("Bad user: $user\n");
+    }
+} else {			# otherwise, just be me
+    $name = $user;		# whomever that is
+}
+
+$lpcommand = "/usr/bin/lp -c -d$printer -t'$name on $system'";
+
+# This code is from the original "psfix" but it has been completely
+# rewritten for speed.
+
+if ($PSFIX) {			# are we running a "psfix"?
+    open(FILE, $file) 		|| die("Can't read $file: $!\n");
+    open(LP, "|$lpcommand -")	|| die("Can't open pipe to \"lp\": $!\n");
+    select(LP);
+    while (<FILE>) {		# 
+	$_ =~ s/^\004//;		# strip any ctrl-d's
+	if (/^\e%/) {		# get rid of any non-postscript commands
+	    while (<FILE>) { 	# remove text until next %!PS
+		s/^\001M//;	# lenmark driver prefixes Ctrl-A M to %!PS
+		last if /^%!PS/;
+	    }
+	    last if eof(FILE);
+	} elsif (/^%%Title:/) {	# fix bug in long titles from MS Word
+	    s/.\r$/\r/;		# remove trailing character on the title
+	} elsif (/^\/VM\?/) {	# remove VM test
+	    print "/VM? { pop } bind def\r\n";
+	    while (<FILE>) { last if /def\r/; }
+	    next;		# don't print
+	}
+	print;
+    }
+    close FILE;
+    close LP;
+} else {			# we're not running psfix?
+    system("$lpcommand $file");
+}
 
-/usr/samba/bin/psfixes.pl $2 | /usr/bin/lp -c -d$1 -t"$3 on $4"
-rm $2
+# Remove the file only if it lives in /usr/tmp, /tmp, or /var/tmp.
+unlink($file) if $file =~ m=^(/(usr|var))?/tmp=;
diff --git a/packaging/SGI/smb.conf b/packaging/SGI/smb.conf
index eb7139c136..bdd8806c96 100644
--- a/packaging/SGI/smb.conf
+++ b/packaging/SGI/smb.conf
@@ -29,10 +29,14 @@
 ; script strips out the vmstatus check.  BTW, when using this
 ; setup to print be sure to configure a Windows printer driver
 ; that generates PostScript--QMS-PS 810 is one that should work
-; with the sambalp script.
+; with the sambalp script. This version of sambalp (if installed
+; as a setuid script - see the comments at the beginning of the
+; script) will setuid to the username if valid on the system. This
+; makes the banner pages print the proper username. You can disable
+; the PostScript fixes by changing a variable in sambalp.
 ;
-;   print command = /usr/samba/bin/sambalp %p %s %U %m
-   print command = /usr/bin/lp -c -d%p -t"%U on machine %m" %s ; rm %s
+   print command = /usr/samba/bin/sambalp %p %s %U %m
+;   print command = /usr/bin/lp -c -d%p -t"%U on machine %m" %s ; rm %s
 
    load printers = yes
    guest account = nobody