diff options
-rw-r--r-- | packaging/SGI/README | 16 | ||||
-rwxr-xr-x | packaging/SGI/idb.pl | 2 | ||||
-rwxr-xr-x | packaging/SGI/psfixes.pl | 30 | ||||
-rw-r--r-- | packaging/SGI/sambalp | 136 | ||||
-rw-r--r-- | packaging/SGI/smb.conf | 10 |
5 files changed, 150 insertions, 44 deletions
diff --git a/packaging/SGI/README b/packaging/SGI/README index 02855bb3a2..f13164af4a 100644 --- a/packaging/SGI/README +++ b/packaging/SGI/README @@ -12,13 +12,15 @@ binary, and log files are placed in the /usr/samba file hierarchy. Man pages are placed in the /usr/share/catman/u_man hierarchy. The version number of the distribution is a 10 digit number that -is created from the samba version number plus a release number. -Each section of the samba version number forms 2 digits of the -version number (with leading zeros if necessary). - -samba version 1.9.16 would become 0109160000 -samba version 1.9.16p9 would become 0109160900 -samba version 1.9.16alpha9 would become 0109160009 +is created from the samba version number. Each section of the samba +version number forms 2 digits of the version number (with leading +zeros if necessary). The alpha versions add 00 and 2 digits for +the alpha number. The first release adds 0100. Patch releases add +2 digits for the patch level plus 1 and 00. + +samba version 1.9.18alpha9 would become 0109180009 +samba version 1.9.18 would become 0109180100 +samba version 1.9.18p9 would become 0109181000 You can enable all printers on your system to be used by samba by running the script /usr/samba/mkprintcap.sh diff --git a/packaging/SGI/idb.pl b/packaging/SGI/idb.pl index 698d566a73..c698a7f60a 100755 --- a/packaging/SGI/idb.pl +++ b/packaging/SGI/idb.pl @@ -146,7 +146,7 @@ while (@allfiles) { print IDB "d 0755 root sys usr/samba/src/$nextfile $nextfile samba.src.samba\n"; } else { - if (grep(/SGI/ & (/\.sh$/ | /\.pl$/ | /mkman$/),$nextfile)) { + if (grep((/\.sh$/ | /\.pl$/ | /mkman$/),$nextfile)) { print IDB "f 0755 root sys usr/samba/src/$nextfile $nextfile samba.src.samba\n"; } else { diff --git a/packaging/SGI/psfixes.pl b/packaging/SGI/psfixes.pl deleted file mode 100755 index 13e9bdb0a8..0000000000 --- a/packaging/SGI/psfixes.pl +++ /dev/null @@ -1,30 +0,0 @@ -#!/usr/bin/perl - -while (<>) { -# strip any ctrl-d's - $_ =~ s/^//; -# get rid of any non-postscript commands - if (/^%/) { - do { - $_ = <>; - } until ( /^%/ ) || eof() ; - if (! eof()) { - print; - } - } -# fix bug in long titles from MS Word - elsif (/^%%Title:/) { - s/.
$/
/; - print; - } -# remove VM test - elsif (/^\/VM\?/) { - print "/VM? { pop } bind def
\n"; - do { - $_ = <>; - } until (/def
/) || eof() ; - } - else { - print; - } -} diff --git a/packaging/SGI/sambalp b/packaging/SGI/sambalp index cb95ef089f..fd0cef8f93 100644 --- a/packaging/SGI/sambalp +++ b/packaging/SGI/sambalp @@ -1,4 +1,24 @@ -#! /bin/sh +#!/bin/perl +# +# Hacked by Alan Stebbens <aks@sgi.com> to setuid to the username if +# valid on this system. Written as a secure Perl script. To enable, +# +# chown root /usr/samba/bin/sambalp +# chmod u+s,+x /usr/samba/bin/sambalp +# +# If setuidshells is not enabled on your system, you must also do this: +# +# systune -i +# nosuidshells = 0 +# y +# quit +# +# reboot +# +# This script will still work as a normal user; it will not try +# to setuid in this case. +# +# If the "$PSFIX" variable is set below... # # Workaround Win95 printer driver/Impressario bug by removing # the PS check for available virtual memory. Note that this @@ -15,6 +35,116 @@ # removed. # 3. The VM fix described above. # +# +# Modified for Perl4 compatibility. +# + +$PROG = "sambalp"; + +$PSFIX = 1; # set to 0 if you don't want to run + # the "psfix" portion + +# Untaint the PATH variable +@PATH = split(' ',<<EOF); + /usr/sbin /usr/bsd /sbin /usr/bin /bin /usr/lib /usr/local/bin +EOF +$ENV{'PATH'} = join(':',@PATH); + +if ($#ARGV < 3) { + print STDERR "usage: $PROG printer file user system\n"; + exit; +} + +$printer = $ARGV[0]; +$file = $ARGV[1]; +$user = $ARGV[2]; +$system = $ARGV[3]; + +open(LPSTAT,"/usr/bin/lpstat -t|") || die("Can't get printer list.\n"); +@printers = (); +while (<LPSTAT>) { + next unless /^printer (\w+)/; + push(@printers,$1); +} +close LPSTAT; +# Create a hash list +@printers{@printers} = @printers; + +# Untaint the printer name +if (defined($prtname = $printers{$printer})) { + $printer = $prtname; +} else { + die("Unknown printer: \"$printer\"\n"); +} + +if ($> == 0) { # are we root? + # yes -- then perform a taint checks and possibly do a suid check + + # Untaint the file and system names (pretend to filter them) + $file = $file =~ /^(.*)/ ? $1 : die("Bad file: $file\n"); + $system = $system =~ /^(.*)/ ? $1 : die("Bad system: $system\n"); + + # Get the valid users + setpwent; + %users = (); + while (@pwe = getpwent()) { + $uids{$pwe[0]} = $pwe[2]; + $users{$pwe[2]} = $pwe[0]; + } + endpwent(); + + # Check out the user -- if the user is a real user on this system, + # then become that user so that the printer header page looks right + # otherwise, remain as the default user (probably "nobody"). + + if (defined($uid = $uids{$user})) { + + # before we change UID, we must ensure that the file is still + # readable after the UID change. + chown($uid, 9, $file); # make the file owned by the user + + # Now, go ahead and become the user + $name = $users{$uid}; + $> = $uid; # become the user + $< = $uid; + } else { # do untaint filtering + $name = $user =~ /^(\w+)/ ? $1 : die("Bad user: $user\n"); + } +} else { # otherwise, just be me + $name = $user; # whomever that is +} + +$lpcommand = "/usr/bin/lp -c -d$printer -t'$name on $system'"; + +# This code is from the original "psfix" but it has been completely +# rewritten for speed. + +if ($PSFIX) { # are we running a "psfix"? + open(FILE, $file) || die("Can't read $file: $!\n"); + open(LP, "|$lpcommand -") || die("Can't open pipe to \"lp\": $!\n"); + select(LP); + while (<FILE>) { # + $_ =~ s/^\004//; # strip any ctrl-d's + if (/^\e%/) { # get rid of any non-postscript commands + while (<FILE>) { # remove text until next %!PS + s/^\001M//; # lenmark driver prefixes Ctrl-A M to %!PS + last if /^%!PS/; + } + last if eof(FILE); + } elsif (/^%%Title:/) { # fix bug in long titles from MS Word + s/.\r$/\r/; # remove trailing character on the title + } elsif (/^\/VM\?/) { # remove VM test + print "/VM? { pop } bind def\r\n"; + while (<FILE>) { last if /def\r/; } + next; # don't print + } + print; + } + close FILE; + close LP; +} else { # we're not running psfix? + system("$lpcommand $file"); +} -/usr/samba/bin/psfixes.pl $2 | /usr/bin/lp -c -d$1 -t"$3 on $4" -rm $2 +# Remove the file only if it lives in /usr/tmp, /tmp, or /var/tmp. +unlink($file) if $file =~ m=^(/(usr|var))?/tmp=; diff --git a/packaging/SGI/smb.conf b/packaging/SGI/smb.conf index eb7139c136..bdd8806c96 100644 --- a/packaging/SGI/smb.conf +++ b/packaging/SGI/smb.conf @@ -29,10 +29,14 @@ ; script strips out the vmstatus check. BTW, when using this ; setup to print be sure to configure a Windows printer driver ; that generates PostScript--QMS-PS 810 is one that should work -; with the sambalp script. +; with the sambalp script. This version of sambalp (if installed +; as a setuid script - see the comments at the beginning of the +; script) will setuid to the username if valid on the system. This +; makes the banner pages print the proper username. You can disable +; the PostScript fixes by changing a variable in sambalp. ; -; print command = /usr/samba/bin/sambalp %p %s %U %m - print command = /usr/bin/lp -c -d%p -t"%U on machine %m" %s ; rm %s + print command = /usr/samba/bin/sambalp %p %s %U %m +; print command = /usr/bin/lp -c -d%p -t"%U on machine %m" %s ; rm %s load printers = yes guest account = nobody |