Set <password>from shell to image file</password>

  • Hello guys :)

    1. core team : Thank you for the job. I'm planning to make donations, really. Question of time.
          users : Make donations if you use it for your job ! :)

    2. poor english: that makes sense, i'm french, scuse me ( not to be french… :@) ) ( I've heard about some froggy ones lost here too, salut les mecs )

    3. My Problem :

    I'm in a study case, until more. Then you'll be rich.  8)

    I would like to set the password tag in config.xml ( <pfsense><system><password>) from the command line in a external location ( working on the embedded image file ). I know about mdconfig/mounting the conf, cat/sed and others stuff to process the write, but don't know how to change the password without launch pfsense.

    Is there a way to do it ?

    I'm working on this idea :

    /etc/inc/ is showing me the sync_webgui_passwords function:
    First it writes /var/run/htpasswd, then sync with the local user system.

    I think these commands ( from the code ) could be done via an external location :

    php  : crypt : What is the encryption system ? DES/MD5 ? i did not fully understand the manual page, may i don't have to know for my purpose, if so, no matters .

    sh : /usr/sbin/pwd_mkdb -d /etc -p /etc/master.passwd : Ok i just don't understand that, :-\ , but man says it could be done on other location ( -d ) .
    sh : /usr/sbin/pwd_mkdb -p /etc/master.passwd : Same.

    sh : /usr/sbin/pw usermod -n root -H 0 : Could be done with the -V flags in a external location.
    sh : /usr/sbin/pw usermod -n admin -H 0 : Same.

    What do you think of doing ( i'll do ), a bash script ( perhaps with php commands for the crypt function ) to change the root and admin password ? Am i on a wrong way ?

    Thank you for the read.</password></system></pfsense>

  • It's Ok.
    I will publish the answer in few minutes

    or hour, i've got trouble with " and ' with sed

  • In fact, there were no reason to change anything else than the hash in the config.xml …
    Comments are WELCOME. :)

    ./ pfSense-1.0.1-Embedded.img

    ** Changing pfSense-1.0.1-Embedded.img password !
    ** Default hash password : $1$dSJImFph$GvZ7.1UbuWu.Yb8etC0re.
    Enter new password :
    ** Hash of the new password : $1$UTy1VPBC$72d69mEhlGnPlYB2YMkgB.
    ** Creating the device entry ( /dev/md<> ) …
    ** Image file device: md0
    ** Change has been made. Congratulations ! :-)
    ** Removing temporary directory
    ** All done.

    Here is the code :


    This script has been made to change the root/admin password without launch pfsense

    usage : ./script

    then you will be asked for the password


    fonction_error_occurs() {
    cat << EOF

    Error : Default Hash Password ( pfsense ) Not found …

    You should :

    • Download the lastest image file from
    • gunzip
    • mdconfig -a -t vnode -f
    • mkdir tempdir
    • mount /dev/md <number>tempdir
    • Have a look to tempdir/conf/config.xml to retrieve default password
    • Write it into this script at line 5
    • Advertise other users ( pfsense forum or whatever you want )

    echo "** Now safely stoping ..."
    umount $WORKDIR/d
    rm -rf $WORKDIR/d
    mdconfig -d -u ${MD}
    echo "** Done"
    exit 1

    echo "** Changing $IMGFILE password !"
    echo "** Default hash password : $DEFAULT_HASH"
    echo "Enter new password :"
    read PWD
    HASH=$(php -r "echo(crypt('$PWD'));")

    echo "** Hash of the new password : $HASH"
    echo "** Creating the device entry ( /dev/md<> ) ..."
    MD=mdconfig -a -t vnode -f $WORKDIR/$IMGFILE
    echo "** Image file device: $MD"

    mkdir $WORKDIR/d
    mount /dev/${MD}d $WORKDIR/d

    grep $DEFAULT_HASH $WORKDIR/d/conf/config.xml ||  fonction_error_occurs
    cd $WORKDIR/d/conf/
    cat config.xml | sed s/'$DEFAULT_HASH'/'$HASH'/ > config.xml.2
    mv config.xml.2 config.xml
    chmod 640 config.xml
    echo "** Change has been made. Congratulations ! :-)  "

    echo "** Removing temporary directory"
    cd $WORKDIR
    umount $WORKDIR/d
    rm -rf $WORKDIR/d
    mdconfig -d -u ${MD}

    echo "** All done. "</number>

Log in to reply