--- loncom/lcnfson	2000/11/02 20:48:13	1.1
+++ loncom/lcnfson	2000/11/02 22:05:02	1.2
@@ -5,6 +5,11 @@
 
 use strict;
 
+# Usage within code
+#
+# $exitcode=system("/home/httpd/perl/lcuseradd","NAME","IPADDRESS")/256;
+# print "uh-oh" if $exitcode;
+
 # Security
 $ENV{'PATH'}=""; # Nullify path information.
 $ENV{'BASH_ENV'}=""; # Nullify shell environment information.
@@ -36,21 +41,21 @@ unless (&try_to_lock("/tmp/lock_lcnfs"))
     print "Error. Too many other simultaneous nfs change requests being made.\n" unless $noprint;
     exit 4;
 }
-# Gather input.  Should be 3 values (user name, password 1, password 2).
+# Gather input.  Should be 2 values (user name, numeric ip address).
 my @input;
 if (@ARGV==3) {
     @input=@ARGV;
 }
 elsif (@ARGV) {
-    print("Error. This program needs 3 command-line arguments (username, password 1, password 2).\n") unless $noprint;
-    unlink('/tmp/lock_lcpasswd');
+    print("Error. This program needs 2 command-line arguments (username, numeric ip address).\n") unless $noprint;
+    unlink('/tmp/lock_lcnfs');
     exit 2;
 }
 else {
     @input=<>;
-    if (@input!=3) {
-	print("Error. Three lines should be entered into standard input.\n") unless $noprint;
-	unlink('/tmp/lock_lcpasswd');
+    if (@input!=2) {
+	print("Error. Two lines should be entered into standard input.\n") unless $noprint;
+	unlink('/tmp/lock_lcnfs');
 	exit 3;
     }
     map {chop} @input;
@@ -61,7 +66,7 @@ $username=~/^(\w+)$/;
 my $safeusername=$1;
 if ($username ne $safeusername) {
     print "Error. The user name specified has invalid characters.\n";
-    unlink('/tmp/lock_nfs');
+    unlink('/tmp/lock_lcnfs');
     exit 9;
 }
 
@@ -81,7 +86,7 @@ $ipaddress=~/^([\w|\.]*)$/;
 my $safeipaddress=$1;
 if ($ipaddress ne $safeipaddress) {
     print "Error. The IP address must be numeric and of the form ##.##.##.##.\n";
-    unlink('/tmp/lock_nfs');
+    unlink('/tmp/lock_lcnfs');
     exit 8;
 }
 
@@ -94,13 +99,13 @@ if ($status=~/is stopped/) {
 
 # Add entry to /etc/exports
 my $exports=`/bin/cat /etc/exports`; $exports="\n$exports";
-my $entry="/home/$safeusername     $safeipaddress(rw,all_squash,anonuid=$uid,anongid=$gid\n";
+my $entry="/home/$safeusername     $safeipaddress(rw,all_squash,anonuid=$uid,anongid=$gid)\n";
 if ($exports=~/\n\/home\/$safeusername\s+$safeipaddress\(rw,all_squash,anonuid=$uid,anongid=$gid\)/) {
     print "Error. /etc/exports already has this entry enabled.\n";
-    unlink('/tmp/lock_nfs');
+    unlink('/tmp/lock_lcnfs');
     exit 7;
 }
-open (OUT,">>/etc/exports);
+open (OUT,">>/etc/exports");
 print OUT $entry;
 close OUT;
 
@@ -109,16 +114,20 @@ system('/usr/sbin/exportfs','-r');
 
 # Add entry /etc/hosts.allow
 my $hostsallow=`/bin/cat /etc/hosts.allow`;
-my $entry="# $safeusername\nportmap $safeipaddress\n";
-if ($hostsallow=~/\n\# $safeusername\s*\nportmap $safeipaddress\n/) {
+my $entry="# $safeusername\nportmap: $safeipaddress\n";
+if ($hostsallow=~/\n\# $safeusername\s*\nportmap: $safeipaddress\n/) {
     print "Error. /etc/hosts already has this entry enabled.\n";
-    unlink('/tmp/lock_nfs');
+    unlink('/tmp/lock_lcnfs');
     exit 6;
 }
 open (OUT,">>/etc/hosts.allow");
 print OUT $entry;
 close OUT;
 
+&disable_root_capability;
+unlink('/tmp/lock_lcnfs');
+exit 0;
+
 # ----------------------------------------------------------- have setuid script run as root
 sub enable_root_capability {
     if ($wwwid==$>) {
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to complete
your request.</p>
<p>Please contact the server administrator at 
 root@localhost to inform them of the time this error occurred,
 and the actions you performed just before this error.</p>
<p>More information about this error may be available
in the server error log.</p>
</body></html>