--- loncom/lcpasswd	2000/10/27 19:50:24	1.1
+++ loncom/lcpasswd	2000/10/27 22:02:23	1.2
@@ -14,7 +14,7 @@ use strict;
 # Third line is NEW PASSWORD
 
 # Security
-$ENV{'PATH'}=""; # Nullify path information.
+$ENV{'PATH'}="/bin:/usr/bin"; # Nullify path information except for what smbpasswd needs
 $ENV{'BASH_ENV'}=""; # Nullify shell environment information.
 
 open (IN, "</etc/passwd");
@@ -30,6 +30,7 @@ if ($wwwid!=$<) {
     print("User ID mismatch.  This program must be run as user 'www'\n");
     exit 0;
 }
+&disable_root_capability;
 if (@ARGV) {
     print("Error. This program does not accept command-line arguments.\n");
     exit 0;
@@ -70,44 +71,63 @@ if (crypt($oldpwd,$useroldcryptpwd) ne $
     exit 0;
 }
 
-# Construct new password entry
-my $newcryptpwd=crypt($newpwd,$newpwd);
+# Construct new password entry (random salt)
+my $newcryptpwd=crypt($newpwd,(join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64]));
 $U[1]=$newcryptpwd;
 my $userline=join(":",@U);
-print $newcryptpwd;
-print $userline;
-#my $rootid=&enable_root_capability;
-#if ($rootid!=0) {
-#    print "Error.  Root was not successfully enabled.\n";
-#    exit 0;
-#}
-# open SAMBAPASSWORDFILE, ">/etc/smbpasswd";
-	($<,$>)=($>,$<);
-	($(,$))=($),$();
-open PASSWORDFILE, "/tmp/passwd2" or die("Cannot open /etc/passwd!");
+my $rootid=&enable_root_capability;
+if ($rootid!=0) {
+    print "Error.  Root was not successfully enabled.\n";
+    exit 0;
+}
+open PASSWORDFILE, ">/etc/passwd" or die("Cannot open /etc/passwd!");
 for my $l (@lines) {
     @F=split(/\:/,$l);
     if ($F[0] eq $username) {print PASSWORDFILE "$userline\n";}
     else {print PASSWORDFILE "$l\n";}
 }
 close PASSWORDFILE;
-# close SAMBAPASSWORDFILE;
+$username=~/^(\w+)$/;
+my $safeusername=$1;
+($>,$<)=(0,0); # fool smbpasswd here to think this is not a setuid environment
+unless (-e "/etc/smbpasswd") {
+    open (OUT,">/etc/smbpasswd"); close OUT;
+}
+my $smbexist=0;
+open (IN, "</etc/smbpasswd");
+my @lines=<IN>;
+close IN;
+for my $l (@lines) {
+    chop $l;
+    my @F=split(/\:/,$l);
+    if ($F[0] eq $username) {$smbexist=1;}
+}
+unless ($smbexist) {
+    open(OUT,">>/etc/smbpasswd");
+    print OUT join(":",($safeusername,$userid,'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX','','/home/'.$safeusername,'/bin/bash')) . "\n";
+    close OUT;
+}
+open(OUT,"|/usr/bin/smbpasswd -s $safeusername>/dev/null");
+print OUT $newpwd; print OUT "\n";
+print OUT $newpwd; print OUT "\n";
+close OUT;
+$<=$wwwid; # unfool the program
 &disable_root_capability;
 unlink("/tmp/lock_lcpasswd");
 
 sub enable_root_capability {
-    if ($wwwid==$<) {
+    if ($wwwid==$>) {
 	($<,$>)=($>,$<);
 	($(,$))=($),$();
     }
     else {
 	# root capability is already enabled
     }
-    return $<;
+    return $>;
 }
 
 sub disable_root_capability {
-    if ($wwwid==$>) {
+    if ($wwwid==$<) {
 	($<,$>)=($>,$<);
 	($(,$))=($),$();
     }