From 9c136a5579cbfd3a151a3068bfe1abb8ef578c09 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Tue, 2 May 2017 22:24:37 +0100 Subject: [PATCH] functionise Hashing --- advanced/Scripts/webpage.sh | 11 ++++++++--- automated install/basic-install.sh | 4 ++-- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index 7804fc8f..1169d6f0 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -67,6 +67,13 @@ SetTemperatureUnit(){ } +HashPassword(){ + # Compute password hash twice to avoid rainbow table vulnerability + return=$(echo -n ${1} | sha256sum | sed 's/\s.*$//') + return=$(echo -n ${return} | sha256sum | sed 's/\s.*$//') + echo ${return} +} + SetWebPassword(){ if [ "${SUDO_USER}" == "www-data" ]; then @@ -93,9 +100,7 @@ SetWebPassword(){ read -s -p "Confirm Password: " CONFIRM echo "" if [ "${PASSWORD}" == "${CONFIRM}" ] ; then - # Compute password hash twice to avoid rainbow table vulnerability - hash=$(echo -n ${PASSWORD} | sha256sum | sed 's/\s.*$//') - hash=$(echo -n ${hash} | sha256sum | sed 's/\s.*$//') + hash=$(HashPassword ${PASSWORD}) # Save hash to file change_setting "WEBPASSWORD" "${hash}" echo "New password set" diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index c9f4d659..e3f48536 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1413,9 +1413,9 @@ main() { pw="" if [[ $(grep 'WEBPASSWORD' -c /etc/pihole/setupVars.conf) == 0 ]] ; then pw=$(tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c 8) - hash=$(echo -n ${pw} | sha256sum | sed 's/\s.*$//') + hash=$(echo -n ${pw} | sha256sum | sed 's/\s.*$//' | sha256sum | sed 's/\s.*$//') hash=$(echo -n ${hash} | sha256sum | sed 's/\s.*$//') - echo "WEBPASSWORD=${hash}" >> ${setupVars} + echo "WEBPASSWORD=$(echo -n ${pw} | sha256sum | sed 's/\s.*$//' | sha256sum | sed 's/\s.*$//')" >> ${setupVars} fi fi