1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
|
#!/bin/perl
#
# Hacked by Alan Stebbens <aks@sgi.com> to setuid to the username if
# valid on this system. Written as a secure Perl script. To enable,
#
# chown root /usr/samba/bin/sambalp
# chmod u+s,+x /usr/samba/bin/sambalp
#
# If setuidshells is not enabled on your system, you must also do this:
#
# systune -i
# nosuidshells = 0
# y
# quit
#
# reboot
#
# This script will still work as a normal user; it will not try
# to setuid in this case.
#
# If the "$PSFIX" variable is set below...
#
# Workaround Win95 printer driver/Impressario bug by removing
# the PS check for available virtual memory. Note that this
# bug appears to be in all Win95 print drivers that generate
# PostScript; but is for certain there with a QMS-PS 810 (the
# printer type I configure on the Win95-side for printing with
# Samba).
#
# the perl script fixes 3 different bugs.
# 1. remove the JCL statements added by some HP printer drivers to the
# beginning of the postscript output.
# 2. Fix a bug in output from word files with long filenames. A non-printing
# character added to the end of the title comment by word is
# removed.
# 3. The VM fix described above.
#
#
# Modified for Perl4 compatibility.
#
$PROG = "sambalp";
$PSFIX = 1; # set to 0 if you don't want to run
# the "psfix" portion
# Untaint the PATH variable
@PATH = split(' ',<<EOF);
/usr/sbin /usr/bsd /sbin /usr/bin /bin /usr/lib /usr/local/bin
EOF
$ENV{'PATH'} = join(':',@PATH);
if ($#ARGV < 3) {
print STDERR "usage: $PROG printer file user system\n";
exit;
}
$printer = $ARGV[0];
$file = $ARGV[1];
$user = $ARGV[2];
$system = $ARGV[3];
open(LPSTAT,"/usr/bin/lpstat -t|") || die("Can't get printer list.\n");
@printers = ();
while (<LPSTAT>) {
next unless /^printer (\w+)/;
push(@printers,$1);
}
close LPSTAT;
# Create a hash list
@printers{@printers} = @printers;
# Untaint the printer name
if (defined($prtname = $printers{$printer})) {
$printer = $prtname;
} else {
die("Unknown printer: \"$printer\"\n");
}
if ($> == 0) { # are we root?
# yes -- then perform a taint checks and possibly do a suid check
# Untaint the file and system names (pretend to filter them)
$file = $file =~ /^(.*)/ ? $1 : die("Bad file: $file\n");
$system = $system =~ /^(.*)/ ? $1 : die("Bad system: $system\n");
# Get the valid users
setpwent;
%users = ();
while (@pwe = getpwent()) {
$uids{$pwe[0]} = $pwe[2];
$users{$pwe[2]} = $pwe[0];
}
endpwent();
# Check out the user -- if the user is a real user on this system,
# then become that user so that the printer header page looks right
# otherwise, remain as the default user (probably "nobody").
if (defined($uid = $uids{$user})) {
# before we change UID, we must ensure that the file is still
# readable after the UID change.
chown($uid, 9, $file); # make the file owned by the user
# Now, go ahead and become the user
$name = $users{$uid};
$> = $uid; # become the user
$< = $uid;
} else { # do untaint filtering
$name = $user =~ /^(\w+)/ ? $1 : die("Bad user: $user\n");
}
} else { # otherwise, just be me
$name = $user; # whomever that is
}
$lpcommand = "/usr/bin/lp -c -d$printer -t'$name on $system'";
# This code is from the original "psfix" but it has been completely
# rewritten for speed.
if ($PSFIX) { # are we running a "psfix"?
open(FILE, $file) || die("Can't read $file: $!\n");
open(LP, "|$lpcommand -") || die("Can't open pipe to \"lp\": $!\n");
select(LP);
while (<FILE>) { #
$_ =~ s/^\004//; # strip any ctrl-d's
if (/^\e%/) { # get rid of any non-postscript commands
while (<FILE>) { # remove text until next %!PS
s/^\001M//; # lenmark driver prefixes Ctrl-A M to %!PS
last if /^%!PS/;
}
last if eof(FILE);
} elsif (/^%%Title:/) { # fix bug in long titles from MS Word
s/.\r$/\r/; # remove trailing character on the title
} elsif (/^\/VM\?/) { # remove VM test
print "/VM? { pop } bind def\r\n";
while (<FILE>) { last if /def\r/; }
next; # don't print
}
print;
}
close FILE;
close LP;
} else { # we're not running psfix?
system("$lpcommand $file");
}
if ($file =~ m(^/)) {
# $file is a fully specified path
# Remove the file only if it lives in a directory ending in /tmp.
unlink($file) if ($file =~ m(/tmp/[^/]+$));
} else {
# $file is NOT a fully specified path
# Remove the file only if current directory ends in /tmp.
unlink($file) if (`pwd` =~ m(/tmp$));
}
|