--- loncom/lond	2013/04/04 14:56:36	1.499
+++ loncom/lond	2014/01/01 17:41:37	1.505
@@ -2,7 +2,7 @@
 # The LearningOnline Network
 # lond "LON Daemon" Server (port "LOND" 5663)
 #
-# $Id: lond,v 1.499 2013/04/04 14:56:36 raeburn Exp $
+# $Id: lond,v 1.505 2014/01/01 17:41:37 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -61,7 +61,7 @@ my $DEBUG = 0;		       # Non zero to ena
 my $status='';
 my $lastlog='';
 
-my $VERSION='$Revision: 1.499 $'; #' stupid emacs
+my $VERSION='$Revision: 1.505 $'; #' stupid emacs
 my $remoteVERSION;
 my $currenthostid="default";
 my $currentdomainid;
@@ -130,32 +130,13 @@ my @passwderrors = ("ok",
 		   "pwchange_failure - lcpasswd Error filename is invalid");
 
 
-#  The array below are lcuseradd error strings.:
-
-my $lastadderror = 13;
-my @adderrors    = ("ok",
-		    "User ID mismatch, lcuseradd must run as user www",
-		    "lcuseradd Incorrect number of command line parameters must be 3",
-		    "lcuseradd Incorrect number of stdinput lines, must be 3",
-		    "lcuseradd Too many other simultaneous pwd changes in progress",
-		    "lcuseradd User does not exist",
-		    "lcuseradd Unable to make www member of users's group",
-		    "lcuseradd Unable to su to root",
-		    "lcuseradd Unable to set password",
-		    "lcuseradd Username has invalid characters",
-		    "lcuseradd Password has an invalid character",
-		    "lcuseradd User already exists",
-		    "lcuseradd Could not add user.",
-		    "lcuseradd Password mismatch");
-
-
 # This array are the errors from lcinstallfile:
 
 my @installerrors = ("ok",
 		     "Initial user id of client not that of www",
 		     "Usage error, not enough command line arguments",
-		     "Source file name does not exist",
-		     "Destination file name does not exist",
+		     "Source filename does not exist",
+		     "Destination filename does not exist",
 		     "Some file operation failed",
 		     "Invalid table filename."
 		     );
@@ -1704,8 +1685,14 @@ sub read_lonnet_global {
 sub server_devalidatecache_handler {
     my ($cmd,$tail,$client) = @_;
     my $userinput = "$cmd:$tail";
-    my ($name,$id) = map { &unescape($_); } split(/:/,$tail);
-    &Apache::lonnet::devalidate_cache_new($name,$id);
+    my $items = &unescape($tail);
+    my @cached = split(/\&/,$items);
+    foreach my $key (@cached) {
+        if ($key =~ /:/) {
+            my ($name,$id) = map { &unescape($_); } split(/:/,$key);
+            &Apache::lonnet::devalidate_cache_new($name,$id);
+        }
+    }
     my $result = 'ok';
     &Reply($client,\$result,$userinput);
     return 1;
@@ -2131,10 +2118,9 @@ sub change_authentication_handler {
 	my $passfilename = &password_path($udom, $uname);
 	if ($passfilename) {	# Not allowed to create a new user!!
 	    # If just changing the unix passwd. need to arrange to run
-	    # passwd since otherwise make_passwd_file will run
-	    # lcuseradd which fails if an account already exists
-	    # (to prevent an unscrupulous LONCAPA admin from stealing
-	    # an existing account by overwriting it as a LonCAPA account).
+	    # passwd since otherwise make_passwd_file will fail as 
+	    # creation of unix authenticated users is no longer supported
+            # except from the command line, when running make_domain_coordinator.pl
 
 	    if(($oldauth =~/^unix/) && ($umode eq "unix")) {
 		my $result = &change_unix_password($uname, $npass);
@@ -2152,15 +2138,8 @@ sub change_authentication_handler {
 		#  re-run manage_permissions for that role in order to be able
 		#  to take ownership of the construction space back to www:www
 		#
-		
-		
-		if( (($oldauth =~ /^unix/) && ($umode eq "internal")) ||
-		    (($oldauth =~ /^internal/) && ($umode eq "unix")) ) { 
-		    if(&is_author($udom, $uname)) {
-			&Debug(" Need to manage author permissions...");
-			&manage_permissions("/$udom/_au", $udom, $uname, "$umode:");
-		    }
-		}
+
+
 		&Reply($client, \$result, $userinput);
 	    }
 	       
@@ -3858,7 +3837,9 @@ sub put_course_id_hash_handler {
 #                 creationcontext - include courses created in specified context 
 #
 #                 domcloner - flag to indicate if user can create CCs in course's domain.
-#                             If so, ability to clone course is automatic. 
+#                             If so, ability to clone course is automatic.
+#                 hasuniquecode - filter by courses for which a six character unique code has 
+#                                 been set.
 #
 #     $client  - The socket open on the client.
 # Returns:
@@ -3883,7 +3864,7 @@ sub dump_course_id_handler {
     my ($udom,$since,$description,$instcodefilter,$ownerfilter,$coursefilter,
         $typefilter,$regexp_ok,$rtn_as_hash,$selfenrollonly,$catfilter,$showhidden,
         $caller,$cloner,$cc_clone_list,$cloneonly,$createdbefore,$createdafter,
-        $creationcontext,$domcloner) =split(/:/,$tail);
+        $creationcontext,$domcloner,$hasuniquecode) =split(/:/,$tail);
     my $now = time;
     my ($cloneruname,$clonerudom,%cc_clone);
     if (defined($description)) {
@@ -3956,6 +3937,9 @@ sub dump_course_id_handler {
     } else {
         $creationcontext = '.';
     }
+    unless ($hasuniquecode) {
+        $hasuniquecode = '.';
+    }
     my $unpack = 1;
     if ($description eq '.' && $instcodefilter eq '.' && $ownerfilter eq '.' && 
         $typefilter eq '.') {
@@ -4044,6 +4028,9 @@ sub dump_course_id_handler {
                 $selfenroll_end = $items->{'selfenroll_end_date'};
                 $created = $items->{'created'};
                 $context = $items->{'context'};
+                if ($hasuniquecode ne '.') {
+                    next unless ($items->{'uniquecode'});
+                }
                 if ($selfenrollonly) {
                     next if (!$selfenroll_types);
                     if (($selfenroll_end > 0) && ($selfenroll_end <= $now)) {
@@ -4466,6 +4453,49 @@ sub get_id_handler {
 }
 &register_handler("idget", \&get_id_handler, 0, 1, 0);
 
+#   Deletes one or more ids in a domain's id database.
+#
+#   Parameters:
+#       $cmd                  - Command keyword (iddel).
+#       $tail                 - Command tail.  In this case a colon
+#                               separated list containing:
+#                               The domain for which we are deleting the id(s).
+#                               &-separated list of id(s) to delete.
+#       $client               - File open on client socket.
+# Returns:
+#     1   - Continue processing
+#     0   - Exit server.
+#     
+#
+
+sub del_id_handler {
+    my ($cmd,$tail,$client) = @_;
+
+    my $userinput = "$cmd:$tail";
+
+    my ($udom,$what)=split(/:/,$tail);
+    chomp($what);
+    my $hashref = &tie_domain_hash($udom, "ids", &GDBM_WRCREAT(),
+                                   "D", $what);
+    if ($hashref) {
+        my @keys=split(/\&/,$what);
+        foreach my $key (@keys) {
+            delete($hashref->{$key});
+        }
+        if (&untie_user_hash($hashref)) {
+            &Reply($client, "ok\n", $userinput);
+        } else {
+            &Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
+                    "while attempting iddel\n", $userinput);
+        }
+    } else {
+        &Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
+                 "while attempting iddel\n", $userinput);
+    }
+    return 1;
+}
+&register_handler("iddel", \&del_id_handler, 0, 1, 0);
+
 #
 # Puts broadcast e-mail sent by Domain Coordinator in nohist_dcmail database 
 #
@@ -5990,18 +6020,6 @@ sub lcpasswdstrerror {
     }
 }
 
-#
-# Convert an error return code from lcuseradd to a string value:
-#
-sub lcuseraddstrerror {
-    my $ErrorCode = shift;
-    if(($ErrorCode < 0) || ($ErrorCode > $lastadderror)) {
-	return "lcuseradd - Unrecognized error code: ".$ErrorCode;
-    } else {
-	return $adderrors[$ErrorCode];
-    }
-}
-
 # grabs exception and records it to log before exiting
 sub catchexception {
     my ($error)=@_;
@@ -6492,7 +6510,8 @@ sub make_new_child {
         &Authen::Krb5::init_context();
 	unless (($dist eq 'fedora5') || ($dist eq 'fedora4') ||  
 		($dist eq 'fedora6') || ($dist eq 'suse9.3') ||
-                ($dist eq 'suse12.2') || ($dist eq 'suse12.3')) {
+                ($dist eq 'suse12.2') || ($dist eq 'suse12.3') ||
+                ($dist eq 'suse13.1')) {
 	    &Authen::Krb5::init_ets();
 	}
 
@@ -7295,56 +7314,8 @@ sub make_passwd_file {
 	    }
 	}
     } elsif ($umode eq 'unix') {
-	{
-	    #
-	    #  Don't allow the creation of privileged accounts!!! that would
-	    #  be real bad!!!
-	    #
-	    my $uid = getpwnam($uname);
-	    if((defined $uid) && ($uid == 0)) {
-		&logthis(">>>Attempt to create privileged account blocked");
-		return "no_priv_account_error\n";
-	    }
-
-	    my $execpath       ="$perlvar{'lonDaemons'}/"."lcuseradd";
-
-	    my $lc_error_file  = $execdir."/tmp/lcuseradd".$$.".status";
-	    {
-		&Debug("Executing external: ".$execpath);
-		&Debug("user  = ".$uname.", Password =". $npass);
-		my $se = IO::File->new("|$execpath > $perlvar{'lonDaemons'}/logs/lcuseradd.log");
-		print $se "$uname\n";
-                print $se "$udom\n";
-		print $se "$npass\n";
-		print $se "$npass\n";
-		print $se "$lc_error_file\n"; # Status -> unique file.
-	    }
-	    if (-r $lc_error_file) {
-		&Debug("Opening error file: $lc_error_file");
-		my $error = IO::File->new("< $lc_error_file");
-		my $useraddok = <$error>;
-		$error->close;
-		unlink($lc_error_file);
-		
-		chomp $useraddok;
-	
-		if($useraddok > 0) {
-		    my $error_text = &lcuseraddstrerror($useraddok);
-		    &logthis("Failed lcuseradd: $error_text");
-		    $result = "lcuseradd_failed:$error_text";
-		}  else {
-		    my $pf = IO::File->new(">$passfilename");
-		    if($pf) {
-			print $pf "unix:\n";
-		    } else {
-			$result = "pass_file_failed_error";
-		    }
-		}
-	    }  else {
-		&Debug("Could not locate lcuseradd error: $lc_error_file");
-		$result="bug_lcuseradd_no_output_file";
-	    }
-	}
+	&logthis(">>>Attempt to create unix account blocked -- unix auth not available for new users.");
+	$result="no_new_unix_accounts";
     } elsif ($umode eq 'none') {
 	{
 	    my $pf = IO::File->new("> $passfilename");