From b150d01b7003c0d1cdca02caf2b1af740c6e1c5b Mon Sep 17 00:00:00 2001
From: Matthew Saunders Brown <matthewsaundersbrown@gmail.com>
Date: Thu, 30 Mar 2023 14:57:56 -0700
Subject: [PATCH] encrypt stored passwords

---
 bin/vhost-user-add.sh |  9 +++++----
 bin/vhost.sh          | 12 ++++++++++++
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/bin/vhost-user-add.sh b/bin/vhost-user-add.sh
index 4cfdb9f..fb6ce8c 100755
--- a/bin/vhost-user-add.sh
+++ b/bin/vhost-user-add.sh
@@ -79,10 +79,11 @@ if [[ ! -f "/home/$username/.profile" ]]; then
 fi
 
 if [[ -n $write ]]; then
+  vhost::set-opensslpass
+  encryptedpass=`echo -n "$password" | openssl aes-256-cbc -a -salt -pass pass:$opensslpass -pbkdf2`
+  userpasswdinfo="$username:$encryptedpass:$uid:$uid::/home/$username:/bin/bash"
   if [[ ! -f "/home/$username/.passwd" ]]; then
-    touch /home/$username/.passwd
-    chmod 640 /home/$username/.passwd
-    chown $username:$username /home/$username/.passwd
-    echo "$newusers" > /home/$username/.passwd
+    install -o $username -g $username -m 640 /dev/null /home/$username/.passwd
+    echo "$userpasswdinfo" > /home/$username/.passwd
   fi
 fi
diff --git a/bin/vhost.sh b/bin/vhost.sh
index 2edace6..e43347c 100755
--- a/bin/vhost.sh
+++ b/bin/vhost.sh
@@ -29,6 +29,18 @@ function vhost::set-phpVersion () {
 
 }
 
+function vhost::set-opensslpass () {
+
+  if [[ -f "/root/.vhost.ini" ]]; then
+    opensslpass=`grep -E '^opensslpass\s?=' /root/.vhost.ini | cut -d = -f 2 | tr -d ' '`
+  else
+    install --owner=root --group=root --mode=640 /dev/null /root/.vhost.ini
+    opensslpass=`/usr/bin/pwgen 16 1`
+    echo "opensslpass = $opensslpass" >> /root/.vhost.ini
+  fi
+
+}
+
 # crude but good enough domain name format validation
 function vhost::validate_domain () {
   local my_domain=$1