encrypt stored passwords

2023-03-30 14:57:56 -07:00 · 2023-03-30 14:57:56 -07:00 · b150d01b70
commit b150d01b70
parent c463be70a2
2 changed files with 17 additions and 4 deletions
--- a/bin/vhost-user-add.sh
+++ b/bin/vhost-user-add.sh
@ -79,10 +79,11 @@ if [[ ! -f "/home/$username/.profile" ]]; then
 fi

 if [[ -n $write ]]; then
+  vhost::set-opensslpass
+  encryptedpass=`echo -n "$password" | openssl aes-256-cbc -a -salt -pass pass:$opensslpass -pbkdf2`
+  userpasswdinfo="$username:$encryptedpass:$uid:$uid::/home/$username:/bin/bash"
  if [[ ! -f "/home/$username/.passwd" ]]; then
-    touch /home/$username/.passwd
-    chmod 640 /home/$username/.passwd
-    chown $username:$username /home/$username/.passwd
-    echo "$newusers" > /home/$username/.passwd
+    install -o $username -g $username -m 640 /dev/null /home/$username/.passwd
+    echo "$userpasswdinfo" > /home/$username/.passwd
  fi
 fi
--- a/bin/vhost.sh
+++ b/bin/vhost.sh
@ -29,6 +29,18 @@ function vhost::set-phpVersion () {

 }

+function vhost::set-opensslpass () {
+
+  if [[ -f "/root/.vhost.ini" ]]; then
+    opensslpass=`grep -E '^opensslpass\s?=' /root/.vhost.ini | cut -d = -f 2 | tr -d ' '`
+  else
+    install --owner=root --group=root --mode=640 /dev/null /root/.vhost.ini
+    opensslpass=`/usr/bin/pwgen 16 1`
+    echo "opensslpass = $opensslpass" >> /root/.vhost.ini
+  fi
+
+}
+
 # crude but good enough domain name format validation
 function vhost::validate_domain () {
  local my_domain=$1