--- loncom/lond	2004/03/23 11:50:12	1.178.2.13
+++ loncom/lond	2004/04/26 10:37:47	1.178.2.19
@@ -2,7 +2,7 @@
 # The LearningOnline Network
 # lond "LON Daemon" Server (port "LOND" 5663)
 #
-# $Id: lond,v 1.178.2.13 2004/03/23 11:50:12 foxr Exp $
+# $Id: lond,v 1.178.2.19 2004/04/26 10:37:47 foxr Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -53,7 +53,7 @@ my $DEBUG = 1;		       # Non zero to ena
 my $status='';
 my $lastlog='';
 
-my $VERSION='$Revision: 1.178.2.13 $'; #' stupid emacs
+my $VERSION='$Revision: 1.178.2.19 $'; #' stupid emacs
 my $remoteVERSION;
 my $currenthostid;
 my $currentdomainid;
@@ -796,7 +796,7 @@ sub ChangePasswordHandler {
     # First require that the user can be authenticated with their
     # old password:
 
-    my $validated = ValidUser($udom, $uname, $upass);
+    my $validated = ValidateUser($udom, $uname, $upass);
     if($validated) {
 	my $realpasswd  = GetAuthType($udom, $uname); # Defined since authd.
 	
@@ -890,6 +890,7 @@ sub AddUserHandler {
 	    for (my $i=3;$i<= ($#fpparts-1);$i++) {
 		$fpnow.='/'.$fpparts[$i]; 
 		unless (-e $fpnow) {
+		    &logthis("mkdir $fpnow");
 		    unless (mkdir($fpnow,0777)) {
 			$fperror="error: ".($!+0)." mkdir failed while attempting "
 			    ."makeuser";
@@ -989,7 +990,7 @@ sub IsHomeHandler {
    
     my ($udom,$uname)=split(/:/,$tail);
     chomp($uname);
-    my $passfile = PasswordPath($udom, $uname);
+    my $passfile = PasswordFilename($udom, $uname);
     if($passfile) {
 	Reply( $client, "found\n", $userinput);
     } else {
@@ -1137,10 +1138,7 @@ sub FetchUserFileHandler {
 }
 RegisterHandler("fetchuserfile", \&FetchUserFileHandler, 0, 1, 0);
 #
-#   Authenticate access to a user file.  Question?   The token for athentication
-#   is allowed to be sent as cleartext is this really what we want?  This token
-#   represents the user's session id.  Once it is forged does this allow too much 
-#   access??
+#   Authenticate access to a user file. 
 #
 # Parameters:
 #    $cmd      - The command that got us here.
@@ -1412,9 +1410,9 @@ sub RolesPutHandler {
     my $client     = shift;
     my $userinput  = "$cmd:$tail";
 
-    my ($exedom,$exeuser,$udom,$uname,$what)   =split(/:/,$tail);
-    &Debug("cmd = ".$cmd." exedom= ".$exedom."user = ".$exeuser." udom=".$udom.
-	   "what = ".$what);
+    my ( $exedom, $exeuser, $udom, $uname,  $what) = split(/:/,$tail);
+    
+
     my $namespace='roles';
     chomp($what);
     my $hashref = TieUserHash($udom, $uname, $namespace,
@@ -1616,7 +1614,7 @@ sub GetProfileEntryEncrypted {
     
     return 1;
 }
-RegisterHandler("eget", \&GetProfileEncrypted, 0, 1, 0);
+RegisterHandler("eget", \&GetProfileEntryEncrypted, 0, 1, 0);
 
 #
 #   Deletes a key in a user profile database.
@@ -1847,7 +1845,8 @@ sub DumpWithRegexp {
 }
 RegisterHandler("dump", \&DumpWithRegexp, 0, 1, 0);
 
-#  Store an aitem in any database but the roles database.
+#  Store an aitem in any resource meta data(?) or database with
+#  versioning?
 #
 #  Parameters:
 #    $cmd                - Request command keyword.
@@ -2222,19 +2221,24 @@ sub DumpCourseIdHandler {
     }
     unless (defined($since)) { $since=0; }
     my $qresult='';
-
+    logthis(" Looking for $description  since $since");
     my $hashref = TieDomainHash($udom, "nohist_courseids", &GDBM_WRCREAT());
     if ($hashref) {
 	while (my ($key,$value) = each(%$hashref)) {
 	    my ($descr,$lasttime)=split(/\:/,$value);
+	    logthis("Got:  key = $key descr = $descr time: $lasttime");
 	    if ($lasttime<$since) { 
+		logthis("Skipping .. too early");
 		next; 
 	    }
 	    if ($description eq '.') {
+		logthis("Adding wildcard match");
 		$qresult.=$key.'='.$descr.'&';
 	    } else {
 		my $unescapeVal = &unescape($descr);
+		logthis("Matching with $unescapeVal");
 		if (eval('$unescapeVal=~/$description/i')) {
+		    logthis("Adding on match");
 		    $qresult.="$key=$descr&";
 		}
 	    }
@@ -2492,10 +2496,15 @@ sub LsHandler {
 
     my $userinput = "$cmd:$ulsdir";
 
+    chomp($ulsdir);
+
     my $ulsout='';
     my $ulsfn;
+    logthis("ls for '$ulsdir'");
     if (-e $ulsdir) {
+	logthis("ls - directory exists");
 	if(-d $ulsdir) {
+	    logthis("ls  $ulsdir is a file");
 	    if (opendir(LSDIR,$ulsdir)) {
 		while ($ulsfn=readdir(LSDIR)) {
 		    my @ulsstats=stat($ulsdir.'/'.$ulsfn);
@@ -2679,6 +2688,8 @@ sub ProcessRequest {
     # Split off the request keyword from the rest of the stuff.
    
     my ($command, $tail) = split(/:/, $userinput, 2);
+    chomp($command);
+    chomp($tail);
 
     Debug("Command received: $command, encoded = $wasenc");
 
@@ -2720,7 +2731,7 @@ sub ProcessRequest {
 	    $KeepGoing = &$Handler($command, $tail, $client);
 	} else {
 	    Debug("Refusing to dispatch because ok is false");
-	    Failure($client, "refused", $userinput);
+	    Failure($client, "refused\n", $userinput);
 	}
 
 
@@ -4035,7 +4046,7 @@ sub ManagePermissions {
     my $authtype= shift;
 
     # See if the request is of the form /$domain/_au
-    &logthis("ruequest is $request");
+    &logthis("request is $request");
     if($request =~ /^(\/$domain\/_au)$/) { # It's an author rolesput...
 	my $execdir = $perlvar{'lonDaemons'};
 	my $userhome= "/home/$user" ;
@@ -4185,7 +4196,7 @@ sub ValidateUser {
 	    $validated = (crypt($password, $contentpwd) eq $contentpwd);
 	}
 	elsif ($howpwd eq "unix") { # User is a normal unix user.
-	    $contentpwd = (getpwname($user))[1];
+	    $contentpwd = (getpwnam($user))[1];
 	    if($contentpwd) {
 		if($contentpwd eq 'x') { # Shadow password file...
 		    my $pwauth_path = "/usr/local/sbin/pwauth";
@@ -4487,23 +4498,35 @@ sub make_passwd_file {
 	    print $pf "localauth:$npass\n";
 	}
     } elsif ($umode eq 'unix') {
-	{
-	    my $execpath="$perlvar{'lonDaemons'}/"."lcuseradd";
-	    {
-		&Debug("Executing external: ".$execpath);
-		&Debug("user  = ".$uname.", Password =". $npass);
-		my $se = IO::File->new("|$execpath > $perlvar{'lonDaemons'}/logs/lcuseradd.log");
-		print $se "$uname\n";
-		print $se "$npass\n";
-		print $se "$npass\n";
-	    }
-	    my $useraddok = $?;
-	    if($useraddok > 0) {
-		&logthis("Failed lcuseradd: ".&lcuseraddstrerror($useraddok));
-	    }
-	    my $pf = IO::File->new(">$passfilename");
-	    print $pf "unix:\n";
+	#
+	#  Don't allow the creation of privileged accounts!!! that would
+	#  be real bad!!!
+	#
+	my $uid = getpwnam($uname);
+	if((defined $uid) && ($uid == 0)) {
+	    &logthis(">>>Attempted add of privileged account blocked<<<");
+	    return "no_priv_account_error\n";
 	}
+
+	#
+	my $execpath="$perlvar{'lonDaemons'}/"."lcuseradd";
+	
+	&Debug("Executing external: ".$execpath);
+	&Debug("user  = ".$uname.", Password =". $npass);
+	my $se = IO::File->new("|$execpath > $perlvar{'lonDaemons'}/logs/lcuseradd.log");
+	print $se "$uname\n";
+	print $se "$npass\n";
+	print $se "$npass\n";
+	
+	my $useraddok = $?;
+	if($useraddok > 0) {
+	    my $lcstring = lcuseraddstrerror($useraddok);
+	    &logthis("Failed lcuseradd: $lcstring");
+	    return "error: lcuseradd failed: $lcstring\n";
+	}
+	my $pf = IO::File->new(">$passfilename");
+	print $pf "unix:\n";
+ 
     } elsif ($umode eq 'none') {
 	{
 	    my $pf = IO::File->new(">$passfilename");
@@ -4517,8 +4540,10 @@ sub make_passwd_file {
 
 sub sethost {
     my ($remotereq) = @_;
+    Debug("sethost got $remotereq");
     my (undef,$hostid)=split(/:/,$remotereq);
     if (!defined($hostid)) { $hostid=$perlvar{'lonHostID'}; }
+    Debug("sethost attempting to set host $hostid");
     if ($hostip{$perlvar{'lonHostID'}} eq $hostip{$hostid}) {
 	$currenthostid=$hostid;
 	$currentdomainid=$hostdom{$hostid};