From 85ac021e56823a89559fd3602472e427dcd06088 Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Mon, 15 Jan 2018 11:08:33 +0100
Subject: [PATCH] rc: no, we need another mode for the full restore

---
 src/etc/rc.initial.password | 38 ++++++++++++++++++++++++++++++-------
 1 file changed, 31 insertions(+), 7 deletions(-)

diff --git a/src/etc/rc.initial.password b/src/etc/rc.initial.password
index a7e8d9f8e..4f9851b85 100755
--- a/src/etc/rc.initial.password
+++ b/src/etc/rc.initial.password
@@ -38,6 +38,30 @@ $fp = fopen('php://stdin', 'r');
  * user but we do not know what the future will bring...
  */
 if (isset($argv[2]) && isset($argv[3]) && $argv[2] === '-h' && $argv[3] === '0') {
+    $admin_user = &getUserEntryByUID(0);
+    if (!$admin_user) {
+        echo "user not found\n";
+        exit(1);
+    }
+
+    echo "new password for user {$admin_user['name']}:";
+    shell_exec('/bin/stty -echo');
+    $password = chop(fgets($fp));
+    shell_exec('/bin/stty echo');
+    echo "\n";
+
+    if (empty($password)) {
+        echo "empty password read\n";
+        exit(1);
+    }
+
+    local_user_set_password($admin_user, $password);
+    local_user_set($admin_user);
+
+    write_config('Root user reset from console');
+
+    exit(0);
+} elseif (isset($argv[2]) && isset($argv[3]) && $argv[2] === '-x' && $argv[3] === '0') {
     $admin_user = &getUserEntryByUID(0);
     if (!$admin_user) {
         $admin_user = array();
@@ -46,6 +70,13 @@ if (isset($argv[2]) && isset($argv[3]) && $argv[2] === '-h' && $argv[3] === '0')
         $a_users[] = $admin_user;
     }
 
+    $admin_user['scope'] = 'system';
+    $admin_user['name'] = 'root';
+
+    if (isset($admin_user['disabled'])) {
+        unset($admin_user['disabled']);
+    }
+
     echo "new password for user {$admin_user['name']}:";
     shell_exec('/bin/stty -echo');
     $password = chop(fgets($fp));
@@ -59,13 +90,6 @@ if (isset($argv[2]) && isset($argv[3]) && $argv[2] === '-h' && $argv[3] === '0')
 
     $config['system']['webgui']['authmode'] = 'Local Database';
 
-    $admin_user['scope'] = 'system';
-    $admin_user['name'] = 'root';
-
-    if (isset($admin_user['disabled'])) {
-        unset($admin_user['disabled']);
-    }
-
     local_user_set_password($admin_user, $password);
     local_user_set($admin_user);