Pi-hole/pi-hole
Pi-hole/pi-hole
1
0
Fork 0
mirror of https://github.com/pi-hole/pi-hole.git synced 2025-05-05 23:44:12 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #1423 from pi-hole/promoLearnsToCode

Browse source 
Double hash the password directly in the install script
This commit is contained in:
Dan Schaper 2017-05-03 12:07:38 -07:00 committed by GitHub
commit 7c2046cce7
2 changed files with 10 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

11
advanced/Scripts/webpage.sh
View file

@ -67,6 +67,13 @@ SetTemperatureUnit(){
} }
HashPassword(){
# Compute password hash twice to avoid rainbow table vulnerability
return=$(echo -n ${1} | sha256sum | sed 's/\s.*$//')
return=$(echo -n ${return} | sha256sum | sed 's/\s.*$//')
echo ${return}
}
SetWebPassword(){ SetWebPassword(){
if [ "${SUDO_USER}" == "www-data" ]; then if [ "${SUDO_USER}" == "www-data" ]; then
@ -93,9 +100,7 @@ SetWebPassword(){
read -s -p "Confirm Password: " CONFIRM read -s -p "Confirm Password: " CONFIRM
echo "" echo ""
if [ "${PASSWORD}" == "${CONFIRM}" ] ; then if [ "${PASSWORD}" == "${CONFIRM}" ] ; then
# Compute password hash twice to avoid rainbow table vulnerability hash=$(HashPassword ${PASSWORD})
hash=$(echo -n ${PASSWORD} | sha256sum | sed 's/\s.*$//')
hash=$(echo -n ${hash} | sha256sum | sed 's/\s.*$//')
# Save hash to file # Save hash to file
change_setting "WEBPASSWORD" "${hash}" change_setting "WEBPASSWORD" "${hash}"
echo "New password set" echo "New password set"

3
automated install/basic-install.sh
View file

@ -1413,7 +1413,8 @@ main() {
pw="" pw=""
if [[ $(grep 'WEBPASSWORD' -c /etc/pihole/setupVars.conf) == 0 ]] ; then if [[ $(grep 'WEBPASSWORD' -c /etc/pihole/setupVars.conf) == 0 ]] ; then
pw=$(tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c 8) pw=$(tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c 8)
/usr/local/bin/pihole -a -p "${pw}" . /opt/pihole/webpage.sh
echo "WEBPASSWORD=$(HashPassword ${pw})" >> ${setupVars}
fi fi
fi fi