--- loncom/pwchange	2001/10/23 03:43:02	1.1
+++ loncom/pwchange	2009/07/17 02:20:59	1.10
@@ -1,30 +1,97 @@
 #!/usr/bin/perl
 
+# The Learning Online Network with CAPA
+#
+# pwchange - setuid script to change unix passwords
+#
+# YEAR=2001
+#
+# YEAR=2002
+# 02/19 Matthew Hall
+#
+# $Id: pwchange,v 1.10 2009/07/17 02:20:59 raeburn Exp $
+###
+
 use strict;
+my $noprint = 1;
+
+
 
+print "In pwchange\n" unless $noprint;
+print "Real uid = $< effective uid = $> \n" unless $noprint;
+# ------------------------------------------------------------------ Untainting
 $ENV{'PATH'}='/bin:/usr/bin'; # Nullify path information.
-$ENV{'BASH_ENV'}=''; # Nullify shell environment information.
+delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # nullify potential taints
 
+# ---------------------------- Make sure this process is running from user=root
+
+if (0 != $<) {
+    print "Username not root" unless $noprint;
+   exit 1;
+}
+# ----------------------------------------------- If not running setuid as root
 if ($>!=0) {
+    print "Not setuid to root" unless $noprint;
     exit 1;
 }
 
+# ----------------------------------------------- Make sure arguments are valid
 my $user=shift @ARGV;
 $user=~/^(\w+)$/;
 my $safe=$1;
+print "Save user = $safe" unless $noprint;
+
 my $pword=<>;
 chomp $pword;
 unless (length($safe) and ($user eq $safe) and ($safe=~/^[A-Za-z]/)) {
     exit 2;
 }
-
+print "Password = $pword" unless $noprint;
 my $pbad=0;
-map {if (($_<32)&&($_>126)){$pbad=1;}} (split(//,$pword));
+foreach (split(//,$pword)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}} 
 exit 3 if $pbad;
 
-open OUT,"|passwd --stdin $safe >/dev/null";
-print OUT $pword;
-print OUT "\n";
-close OUT;
+# --------------------------------------------------------- Call system command
+my $distro;
+if (open(PIPE,"perl distprobe|")) {
+    $distro = <PIPE>;
+    close(PIPE);
+}
+if ($distro =~ /^ubuntu|debian/) {
+    open(OUT,"|/usr/sbin/usermod -p `mkpasswd $pword` $safe");
+    close(OUT);
+} else {
+    open(OUT,"|passwd --stdin $safe >/dev/null");
+    print OUT $pword;
+    print OUT "\n";
+    close(OUT);
+}
 
+# --------------------------------------- exit with status of command execution
 exit $?/256;
+
+=head1 NAME
+
+pwchange - setuid script to change unix passwords
+
+=head1 DESCRIPTION
+
+Setuid script to change unix passwords.
+
+=head1 README
+
+Setuid script to change unix passwords.
+
+=head1 PREREQUISITES
+
+=head1 COREQUISITES
+
+=pod OSNAMES
+
+linux
+
+=pod SCRIPT CATEGORIES
+
+LONCAPA/Administrative
+
+=cut