--- loncom/lond	2005/06/24 18:00:55	1.286
+++ loncom/lond	2005/08/26 19:40:38	1.292
@@ -2,7 +2,7 @@
 # The LearningOnline Network
 # lond "LON Daemon" Server (port "LOND" 5663)
 #
-# $Id: lond,v 1.286 2005/06/24 18:00:55 albertel Exp $
+# $Id: lond,v 1.292 2005/08/26 19:40:38 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -48,6 +48,7 @@ use localauth;
 use localenroll;
 use localstudentphoto;
 use File::Copy;
+use File::Find;
 use LONCAPA::ConfigFileEdit;
 use LONCAPA::lonlocal;
 use LONCAPA::lonssl;
@@ -58,7 +59,7 @@ my $DEBUG = 0;		       # Non zero to ena
 my $status='';
 my $lastlog='';
 
-my $VERSION='$Revision: 1.286 $'; #' stupid emacs
+my $VERSION='$Revision: 1.292 $'; #' stupid emacs
 my $remoteVERSION;
 my $currenthostid="default";
 my $currentdomainid;
@@ -112,20 +113,20 @@ my %Dispatcher;
 #
 my $lastpwderror    = 13;		# Largest error number from lcpasswd.
 my @passwderrors = ("ok",
-		   "lcpasswd must be run as user 'www'",
-		   "lcpasswd got incorrect number of arguments",
-		   "lcpasswd did not get the right nubmer of input text lines",
-		   "lcpasswd too many simultaneous pwd changes in progress",
-		   "lcpasswd User does not exist.",
-		   "lcpasswd Incorrect current passwd",
-		   "lcpasswd Unable to su to root.",
-		   "lcpasswd Cannot set new passwd.",
-		   "lcpasswd Username has invalid characters",
-		   "lcpasswd Invalid characters in password",
-		   "lcpasswd User already exists", 
-                   "lcpasswd Something went wrong with user addition.",
-		    "lcpasswd Password mismatch",
-		    "lcpasswd Error filename is invalid");
+		   "pwchange_failure - lcpasswd must be run as user 'www'",
+		   "pwchange_failure - lcpasswd got incorrect number of arguments",
+		   "pwchange_failure - lcpasswd did not get the right nubmer of input text lines",
+		   "pwchange_failure - lcpasswd too many simultaneous pwd changes in progress",
+		   "pwchange_failure - lcpasswd User does not exist.",
+		   "pwchange_failure - lcpasswd Incorrect current passwd",
+		   "pwchange_failure - lcpasswd Unable to su to root.",
+		   "pwchange_failure - lcpasswd Cannot set new passwd.",
+		   "pwchange_failure - lcpasswd Username has invalid characters",
+		   "pwchange_failure - lcpasswd Invalid characters in password",
+		   "pwchange_failure - lcpasswd User already exists", 
+                   "pwchange_failure - lcpasswd Something went wrong with user addition.",
+		   "pwchange_failure - lcpasswd Password mismatch",
+		   "pwchange_failure - lcpasswd Error filename is invalid");
 
 
 #  The array below are lcuseradd error strings.:
@@ -1363,18 +1364,17 @@ sub du_handler {
     #  etc.
     #
     if (-d $ududir) {
-	#  And as Shakespeare would say to make
-	#  assurance double sure, 
-	# use execute_command to ensure that the command is not executed in
-	# a shell that can screw us up.
-
-	my $duout = execute_command("du -ks $ududir");
-	$duout=~s/[^\d]//g; #preserve only the numbers
-	&Reply($client,"$duout\n","$cmd:$ududir");
+	my $total_size=0;
+	my $code=sub { 
+	    if ($_=~/\.\d+\./) { return;} 
+	    if ($_=~/\.meta$/) { return;}
+	    $total_size+=(stat($_))[7];
+	};
+	find($code,$ududir);
+	$total_size=int($total_size/1024);
+	&Reply($client,"$total_size\n","$cmd:$ududir");
     } else {
-
 	&Failure($client, "bad_directory:$ududir\n","$cmd:$ududir"); 
-
     }
     return 1;
 }
@@ -1413,7 +1413,8 @@ sub ls_handler {
 	if(-d $ulsdir) {
 	    if (opendir(LSDIR,$ulsdir)) {
 		while ($ulsfn=readdir(LSDIR)) {
-		    undef $obs, $rights; 
+		    undef($obs);
+		    undef($rights); 
 		    my @ulsstats=stat($ulsdir.'/'.$ulsfn);
 		    #We do some obsolete checking here
 		    if(-e $ulsdir.'/'.$ulsfn.".meta") { 
@@ -1480,7 +1481,8 @@ sub ls2_handler {
         if(-d $ulsdir) {
             if (opendir(LSDIR,$ulsdir)) {
                 while ($ulsfn=readdir(LSDIR)) {
-                    undef $obs, $rights; 
+                    undef($obs);
+		    undef($rights); 
                     my @ulsstats=stat($ulsdir.'/'.$ulsfn);
                     #We do some obsolete checking here
                     if(-e $ulsdir.'/'.$ulsfn.".meta") { 
@@ -1701,19 +1703,9 @@ sub change_password_handler {
 		&Failure( $client, "non_authorized\n",$userinput);
 	    }
 	} elsif ($howpwd eq 'unix') {
-	    # Unix means we have to access /etc/password
-	    &Debug("auth is unix");
-	    my $execdir=$perlvar{'lonDaemons'};
-	    &Debug("Opening lcpasswd pipeline");
-	    my $pf = IO::File->new("|$execdir/lcpasswd > "
-				   ."$perlvar{'lonDaemons'}"
-				   ."/logs/lcpasswd.log");
-	    print $pf "$uname\n$npass\n$npass\n";
-	    close $pf;
-	    my $err = $?;
-	    my $result = ($err>0 ? 'pwchange_failure' : 'ok');
+	    my $result = &change_unix_password($uname, $npass);
 	    &logthis("Result of password change for $uname: ".
-		     &lcpasswdstrerror($?));
+		     $result);
 	    &Reply($client, "$result\n", $userinput);
 	} else {
 	    # this just means that the current password mode is not
@@ -1812,6 +1804,9 @@ sub add_user_handler {
 # Implicit inputs:
 #    The authentication systems describe above have their own forms of implicit
 #    input into the authentication process that are described above.
+# NOTE:
+#   This is also used to change the authentication credential values (e.g. passwd).
+#   
 #
 sub change_authentication_handler {
 
@@ -1831,24 +1826,41 @@ sub change_authentication_handler {
 	my $oldauth = &get_auth_type($udom, $uname); # Get old auth info.
 	my $passfilename = &password_path($udom, $uname);
 	if ($passfilename) {	# Not allowed to create a new user!!
-	    my $result=&make_passwd_file($uname, $umode,$npass,$passfilename);
-	    #
-	    #  If the current auth mode is internal, and the old auth mode was
-	    #  unix, or krb*,  and the user is an author for this domain,
-	    #  re-run manage_permissions for that role in order to be able
-	    #  to take ownership of the construction space back to www:www
-	    #
-
-	    if( (($oldauth =~ /^unix/) && ($umode eq "internal")) ||
-		(($oldauth =~ /^internal/) && ($umode eq "unix")) ) { 
-		if(&is_author($udom, $uname)) {
-		    &Debug(" Need to manage author permissions...");
-		    &manage_permissions("/$udom/_au", $udom, $uname, "$umode:");
+	    # If just changing the unix passwd. need to arrange to run
+	    # passwd since otherwise make_passwd_file will run
+	    # lcuseradd which fails if an account already exists
+	    # (to prevent an unscrupulous LONCAPA admin from stealing
+	    # an existing account by overwriting it as a LonCAPA account).
+
+	    if(($oldauth =~/^unix/) && ($umode eq "unix")) {
+		my $result = &change_unix_password($uname, $npass);
+		&logthis("Result of password change for $uname: ".$result);
+		if ($result eq "ok") {
+		    &Reply($client, "$result\n")
+		} else {
+		    &Failure($client, "$result\n");
+		}
+	    } else {
+		my $result=&make_passwd_file($uname, $umode,$npass,$passfilename);
+		#
+		#  If the current auth mode is internal, and the old auth mode was
+		#  unix, or krb*,  and the user is an author for this domain,
+		#  re-run manage_permissions for that role in order to be able
+		#  to take ownership of the construction space back to www:www
+		#
+		
+		
+		if( (($oldauth =~ /^unix/) && ($umode eq "internal")) ||
+		    (($oldauth =~ /^internal/) && ($umode eq "unix")) ) { 
+		    if(&is_author($udom, $uname)) {
+			&Debug(" Need to manage author permissions...");
+			&manage_permissions("/$udom/_au", $udom, $uname, "$umode:");
+		    }
 		}
+		&Reply($client, $result, $userinput);
 	    }
 	       
 
-	    &Reply($client, $result, $userinput);
 	} else {	       
 	    &Failure($client, "non_authorized\n", $userinput); # Fail the user now.
 	}
@@ -5057,16 +5069,13 @@ sub is_author {
 #    user      - Name of the user for which the role is being put.
 #    authtype  - The authentication type associated with the user.
 #
-sub manage_permissions
-{
-
-
+sub manage_permissions {
     my ($request, $domain, $user, $authtype) = @_;
 
     &Debug("manage_permissions: $request $domain $user $authtype");
 
     # See if the request is of the form /$domain/_au
-    if($request =~ /^(\/$domain\/_au)$/) { # It's an author rolesput...
+    if($request =~ /^(\/\Q$domain\E\/_au)$/) { # It's an author rolesput...
 	my $execdir = $perlvar{'lonDaemons'};
 	my $userhome= "/home/$user" ;
 	&logthis("system $execdir/lchtmldir $userhome $user $authtype");
@@ -5503,6 +5512,35 @@ sub subscribe {
     }
     return $result;
 }
+#  Change the passwd of a unix user.  The caller must have
+#  first verified that the user is a loncapa user.
+#
+# Parameters:
+#    user      - Unix user name to change.
+#    pass      - New password for the user.
+# Returns:
+#    ok    - if success
+#    other - Some meaningfule error message string.
+# NOTE:
+#    invokes a setuid script to change the passwd.
+sub change_unix_password {
+    my ($user, $pass) = @_;
+
+    &Debug("change_unix_password");
+    my $execdir=$perlvar{'lonDaemons'};
+    &Debug("Opening lcpasswd pipeline");
+    my $pf = IO::File->new("|$execdir/lcpasswd > "
+			   ."$perlvar{'lonDaemons'}"
+			   ."/logs/lcpasswd.log");
+    print $pf "$user\n$pass\n$pass\n";
+    close $pf;
+    my $err = $?;
+    return ($err < @passwderrors) ? $passwderrors[$err] : 
+	"pwchange_falure - unknown error";
+
+    
+}
+
 
 sub make_passwd_file {
     my ($uname, $umode,$npass,$passfilename)=@_;