From 7bbfc263292eb3d4b4a9098b7eabd9bcde2fb6f5 Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Mon, 15 Jan 2018 10:56:43 +0100
Subject: [PATCH] rc: make password reset more consistent in `-h 0' mode

We want to be able to access the root account again after all.
---
 src/etc/rc.initial.password | 52 ++++++++++++++++++++++---------------
 1 file changed, 31 insertions(+), 21 deletions(-)

diff --git a/src/etc/rc.initial.password b/src/etc/rc.initial.password
index 184e95aab..68b55fa9f 100755
--- a/src/etc/rc.initial.password
+++ b/src/etc/rc.initial.password
@@ -2,8 +2,8 @@
 <?php
 
 /*
- * Copyright (C) 2017 Franco Fichtner <franco@opnsense.org>
- * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2017-2018 Franco Fichtner <franco@opnsense.org>
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -38,29 +38,38 @@ $fp = fopen('php://stdin', 'r');
  * user but we do not know what the future will bring...
  */
 if (isset($argv[2]) && isset($argv[3]) && $argv[2] === '-h' && $argv[3] === '0') {
-     $admin_user = &getUserEntryByUID(0);
-     if (!$admin_user) {
-         echo "user not found\n";
-         exit(1);
-     }
+    $admin_user = &getUserEntryByUID(0);
+    if (!$admin_user) {
+        echo "user not found\n";
+        exit(1);
+    }
 
-     echo "new password for user {$admin_user['name']}:";
-     shell_exec('/bin/stty -echo');
-     $password = chop(fgets($fp));
-     shell_exec('/bin/stty echo');
-     echo "\n";
+    echo "new password for user {$admin_user['name']}:";
+    shell_exec('/bin/stty -echo');
+    $password = chop(fgets($fp));
+    shell_exec('/bin/stty echo');
+    echo "\n";
 
-     if (empty($password)) {
-         echo "empty password read\n";
-         exit(1);
-     }
+    if (empty($password)) {
+        echo "empty password read\n";
+        exit(1);
+    }
 
-     local_user_set_password($admin_user, $password);
-     local_user_set($admin_user);
+    $config['system']['webgui']['authmode'] = 'Local Database';
 
-     write_config('Root user reset from console');
+    $admin_user['scope'] = 'system';
+    $admin_user['name'] = 'root';
 
-     exit(0);
+    if (isset($admin_user['disabled'])) {
+        unset($admin_user['disabled']);
+    }
+
+    local_user_set_password($admin_user, $password);
+    local_user_set($admin_user);
+
+    write_config('Root user reset from console');
+
+    exit(0);
 }
 
 echo "The root user login behaviour will be restored to its defaults.\n\nDo you want to proceed? [y/N]: ";
@@ -86,8 +95,9 @@ if (!$admin_user) {
     echo "\nRestored missing root user.\n";
 }
 
-$admin_user['name'] = 'root';
 $admin_user['scope'] = 'system';
+$admin_user['name'] = 'root';
+
 if (isset($admin_user['disabled'])) {
     unset($admin_user['disabled']);
 }