--- loncom/lond	2002/02/07 10:22:44	1.70
+++ loncom/lond	2002/02/19 21:52:54	1.72
@@ -2,7 +2,7 @@
 # The LearningOnline Network
 # lond "LON Daemon" Server (port "LOND" 5663)
 #
-# $Id: lond,v 1.70 2002/02/07 10:22:44 harris41 Exp $
+# $Id: lond,v 1.72 2002/02/19 21:52:54 matthew Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -48,6 +48,9 @@
 # 12/22 Gerd Kortemeyer
 # YEAR=2002
 # 01/20/02,02/05 Gerd Kortemeyer
+# 02/05 Guy Albertelli
+# 02/07 Scott Harrison
+# 02/12 Gerd Kortemeyer
 ###
 
 # based on "Perl Cookbook" ISBN 1-56592-243-3
@@ -637,10 +640,13 @@ sub make_new_child {
 				  $pwdcorrect=!$?;
 			      }
                           } elsif ($howpwd eq 'krb4') {
+                             $null=pack("C",0);
+			     unless ($upass=~/$null/) {
                               $pwdcorrect=(
                                  Authen::Krb4::get_pw_in_tkt($uname,"",
                                         $contentpwd,'krbtgt',$contentpwd,1,
 							     $upass) == 0);
+			     } else { $pwdcorrect=0; }
                           } elsif ($howpwd eq 'localauth') {
 			    $pwdcorrect=&localauth::localauth($uname,$upass,
 							      $contentpwd);
@@ -664,7 +670,8 @@ sub make_new_child {
                        chomp($npass);
                        $upass=&unescape($upass);
                        $npass=&unescape($npass);
-                       my $proname=propath($udom,$uname);
+		       &logthis("Trying to change password for $uname");
+		       my $proname=propath($udom,$uname);
                        my $passfilename="$proname/passwd";
                        if (-e $passfilename) {
 			   my $realpasswd;
@@ -679,11 +686,42 @@ sub make_new_child {
 			     my $ncpass=crypt($npass,$salt);
                              { my $pf = IO::File->new(">$passfilename");
  	  		       print $pf "internal:$ncpass\n"; }             
+			     &logthis("Result of password change for $uname: pwchange_success");
                              print $client "ok\n";
                            } else {
                              print $client "non_authorized\n";
                            }
-                          } else {
+                          } elsif ($howpwd eq 'unix') {
+			      # Unix means we have to access /etc/password
+			      # one way or another.
+			      # First: Make sure the current password is
+			      #        correct
+			      $contentpwd=(getpwnam($uname))[1];
+			      my $pwdcorrect = "0";
+			      my $pwauth_path="/usr/local/sbin/pwauth";
+			      unless ($contentpwd eq 'x') {
+				  $pwdcorrect=
+                                    (crypt($upass,$contentpwd) eq $contentpwd);
+			      } elsif (-e $pwauth_path) {
+				  open PWAUTH, "|$pwauth_path" or
+				      die "Cannot invoke authentication";
+				  print PWAUTH "$uname\n$upass\n";
+				  close PWAUTH;
+				  $pwdcorrect=!$?;
+			      }
+			     if ($pwdcorrect) {
+				 my $execdir=$perlvar{'lonDaemons'};
+				 my $pf = IO::File->new("|$execdir/lcpasswd");
+				 print $pf "$uname\n$npass\n$npass\n";
+				 close $pf;
+				 my $result = ($?>0 ? 'pwchange_failure' 
+					       : 'ok');
+				 &logthis("Result of password change for $uname: $result");
+				 print $client "$result\n";
+			     } else {
+				 print $client "non_authorized\n";
+			     }
+			  } else {
                             print $client "auth_mode_error\n";
                           }  
 		       } else {
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to complete
your request.</p>
<p>Please contact the server administrator at 
 root@localhost to inform them of the time this error occurred,
 and the actions you performed just before this error.</p>
<p>More information about this error may be available
in the server error log.</p>
</body></html>