--- loncom/lcpasswd	2001/10/23 03:42:30	1.12
+++ loncom/lcpasswd	2002/08/30 13:37:59	1.16
@@ -1,13 +1,21 @@
 #!/usr/bin/perl
+
+# The Learning Online Network with CAPA
+#
+# lcpasswd - LON-CAPA setuid script to synchronously change all
+#            filesystem-related passwords (samba, unix, etc)
 #
-# lcpasswd
+# YEAR=2000
+# 10/27,10/28,10/29,10/30 Scott Harrison
 #
-# Scott Harrison
-# SH: October 27, 2000
-# SH: October 28, 2000
-# SH: October 29, 2000
 # YEAR=2001
-# Scott Harrison 10/22
+# 10/22,10/23,11/13,11/15 Scott Harrison
+# 
+# YEAR=2002
+# 02/19 Matthew Hall
+#
+# $Id: lcpasswd,v 1.16 2002/08/30 13:37:59 matthew Exp $
+###
 
 ###############################################################################
 ##                                                                           ##
@@ -39,7 +47,7 @@ use strict;
 #
 # Standard input usage
 # First line is USERNAME
-# Second line is CURRENT PASSWORD
+# Second line is NEW PASSWORD
 # Third line is NEW PASSWORD
 #
 # Valid passwords must consist of the
@@ -82,7 +90,7 @@ use strict;
 # Security
 $ENV{'PATH'}='/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl'; # Nullify path
                                                                # information
-$ENV{'BASH_ENV'}=''; # Nullify shell environment information.
+delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # nullify potential taints
 
 # Do not print error messages
 my $noprint=1;
@@ -115,7 +123,7 @@ if (@input!=3) {
     unlink('/tmp/lock_lcpasswd');
     exit 3;
 }
-map {chomp} @input;
+foreach (@input) {chomp;}
 
 my ($username,$password1,$password2)=@input;
 $username=~/^(\w+)$/;
@@ -126,8 +134,8 @@ if (($username ne $safeusername) or ($sa
     exit 9;
 }
 my $pbad=0;
-map {if (($_<32)&&($_>126)){$pbad=1;}} (split(//,$password1));
-map {if (($_<32)&&($_>126)){$pbad=1;}} (split(//,$password2));
+foreach (split(//,$password1)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}}
+foreach (split(//,$password2)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}}
 if ($pbad) {
     print "Error. A password entry had an invalid character.\n";
     unlink('/tmp/lock_lcpasswd');
@@ -161,7 +169,7 @@ if ($?) {
 }
 my $userid=getpwnam($safeusername);
 
-unless (-e '/usr/bin/smbpasswd') {
+if (-e '/usr/bin/smbpasswd') {
 
     ($>,$<)=(0,0); # fool smbpasswd here to think this is not a setuid
                    # environment
@@ -187,7 +195,8 @@ unless (-e '/usr/bin/smbpasswd') {
 	close OUT;
     }
 
-    open(OUT,"|/usr/bin/smbpasswd -s $safeusername>/dev/null");
+    open(OUT,"|/usr/bin/smbpasswd -s $safeusername>/dev/null") or
+	die('cannot run smbpasswd');
     print OUT $password2; print OUT "\n";
     print OUT $password2; print OUT "\n";
     close OUT;
@@ -258,3 +267,32 @@ sub try_to_lock {
     close LOCK;
     return 1;
 }
+
+=head1 NAME
+
+lcpasswd - LON-CAPA setuid script to synchronously change all
+           filesystem-related passwords (samba, unix, etc)
+
+=head1 DESCRIPTION
+
+LON-CAPA setuid script to synchronously change all
+filesystem-related passwords (samba, unix, etc)
+
+=head1 README
+
+LON-CAPA setuid script to synchronously change all
+filesystem-related passwords (samba, unix, etc)
+
+=head1 PREREQUISITES
+
+=head1 COREQUISITES
+
+=pod OSNAMES
+
+linux
+
+=pod SCRIPT CATEGORIES
+
+LONCAPA/Administrative
+
+=cut