mirror of
https://github.com/rootzoll/raspiblitz.git
synced 2025-03-01 09:00:15 +01:00
9d23c63c38
* Integrate LNDg to Raspiblitz (#3313) * cl.hsmtool: fix password display * add clearnet fallback for tor keys * fix CLN wallet reset (#3296) * cln: unify and improve the resetWallet function previously the old config and channel database could have been left behind when using SEEDRESTORE and FILERESTORE * prompt to save the wallet password for backup * change default branch to v1.8 (#3306) * Adds install script for LNDg (https://github.com/cryptosharks131/lndg) Install script creates user lndg and installs LNDg in /home/lndg/lndg, uses systemd for the backend, and uses nginx and uwsgi for the gui. Install script will check for tor and enable tor if "run behind tor" is on. Updates menu settings for easy access to the script settings * Creates bonus.lndg.sh script for installing LNDg Adds LNDg to list of apps in "SERVICES" Adds LNDg to UPDATES when installed Adds LNDg to menu when installed Fixed typos/errors, tested and works! * LNDg menu install. Added ssl, ssl over tor, and standardized nginx files. Tests Good. * FAQ.cln: poncho, CLN cheatsheet, extract privkey * #3286 fix loca IP * fix #3312 * fix lnbits update options (#3307) * Integrates LNDg to Raspiblitz Fixes issues with python and python3 (see comments on PR). Adds option to keep or delete database on both uninstall and install with existing database. Fixes issues with python and python3 (see comments on PR). Adds option to keep or delete database on both uninstall and install with existing database. Update 00settingsMenuServices.sh Update info menu for LNDg Adds username and instructions on how to change username * Update bonus.lndg.sh * Install LNDg script Forces yes on install question * Update blitz.shutdown.sh * Update bonus.lndg.sh * Update bonus.lndg.sh * Update bonus.lndg.sh * Update bonus.lndg.sh Co-authored-by: openoms <oms@tuta.io> Co-authored-by: openoms <43343391+openoms@users.noreply.github.com> Co-authored-by: Dipun Mistry <dipunm@gmail.com> Co-authored-by: rootzoll <christian@geektank.de> * added documentation * #3230 change password B * #3230 fix to version 1.4.0 Co-authored-by: allyourbankarebelongtous <100060902+allyourbankarebelongtous@users.noreply.github.com> Co-authored-by: openoms <oms@tuta.io> Co-authored-by: openoms <43343391+openoms@users.noreply.github.com> Co-authored-by: Dipun Mistry <dipunm@gmail.com>
594 lines
20 KiB
Bash
Executable file
594 lines
20 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
# command info
|
|
if [ "$1" == "" ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
|
|
echo "small config script to set a passwords A,B,C & D"
|
|
echo "blitz.passwords.sh set a [?newpassword] "
|
|
echo "blitz.passwords.sh set b [?newpassword] "
|
|
echo "blitz.passwords.sh set c [?oldpassword] [?newpassword] " # will change lnd & core lightning if installed
|
|
echo "blitz.passwords.sh check [a|b|c] [passwordToCheck]"
|
|
echo "or just as a password enter dialog (result as file)"
|
|
echo "blitz.passworda.sh set [x] [text] [result-file] [?empty-allowed]"
|
|
exit 1
|
|
fi
|
|
|
|
# prepare hased password storage
|
|
hashedPasswordSalt=""
|
|
hashedPasswordStoragePath="/mnt/hdd/app-data/passwords"
|
|
if [ $(df | grep -c "/mnt/hdd") -gt 0 ]; then
|
|
# check if path & salt file exists
|
|
if [ $(sudo ls ${hashedPasswordStoragePath}/salt.txt | grep -c "salt.txt") -eq 0 ]; then
|
|
echo "# creating salt & hashedPasswordStoragePath ..."
|
|
mkdir -p ${hashedPasswordStoragePath}
|
|
echo "$RANDOM-$(date +%N)" | shasum -a 512 | cut -d " " -f1 | cut -c 1-16 > ${hashedPasswordStoragePath}/salt.txt
|
|
chmod 660 ${hashedPasswordStoragePath}/salt.txt
|
|
chown -R admin:admin ${hashedPasswordStoragePath}
|
|
else
|
|
echo "# salt file exists"
|
|
fi
|
|
hashedPasswordSalt=$(sudo cat ${hashedPasswordStoragePath}/salt.txt)
|
|
echo "# hashedPasswordSalt(${hashedPasswordSalt})"
|
|
else
|
|
echo "# hashedPasswordSalt - not available yet (no HDD yet)"
|
|
fi
|
|
|
|
############################
|
|
# CHECKING PASSWORDS
|
|
############################
|
|
|
|
if [ "$1" == "check" ]; then
|
|
|
|
# brute force protection (just effective to oustide callers)
|
|
# if there was another try within last minute add another 3 seconds delay protection
|
|
source <(/home/admin/_cache.sh meta system_password_bruteforceprotection)
|
|
/home/admin/_cache.sh set system_password_bruteforceprotection on 60
|
|
if [ "${value}" == "on" ] && [ "${stillvalid}" == "1" ]; then
|
|
echo "# multiple tries within last minute - respond slow"
|
|
sleep 5 # advanced brute force protection
|
|
else
|
|
echo "# first try within last minute - respond fast"
|
|
sleep 1 # basic brute force protection
|
|
fi
|
|
|
|
typeOfPassword=$2
|
|
if [ "${typeOfPassword}" != "a" ] && [ "${typeOfPassword}" != "b" ] && [ "${typeOfPassword}" != "c" ]; then
|
|
echo "error='unknown password to check'"
|
|
echo "correct=0"
|
|
exit 1
|
|
fi
|
|
|
|
passwordToCheck=$3
|
|
clearedPassword=$(echo "${passwordToCheck}" | tr -dc '[:alnum:]-.' | tr -d ' ')
|
|
if [ ${#clearedPassword} -lt ${#passwordToCheck} ]; then
|
|
echo "error='password to check contains unvalid chars'"
|
|
echo "correct=0"
|
|
exit 1
|
|
fi
|
|
|
|
passwordHashSystem=$(sudo cat ${hashedPasswordStoragePath}/${typeOfPassword}.hash 2>/dev/null)
|
|
passwordHashTest=$(mkpasswd -m sha-512 "${passwordToCheck}" -S "${hashedPasswordSalt:0:16}")
|
|
#echo "# passwordToCheck(${passwordToCheck})"
|
|
#echo "# passwordHashSystem(${passwordHashSystem})"
|
|
#echo "# hashedPasswordSalt(${hashedPasswordSalt})"
|
|
#echo "# passwordHashTest(${passwordHashTest})"
|
|
if [ ${#passwordHashSystem} -eq 0 ]; then
|
|
echo "error='password cannot be checked - no hash available'"
|
|
echo "correct=0"
|
|
exit 1
|
|
fi
|
|
|
|
if [ "${passwordHashSystem}" == "${passwordHashTest}" ]; then
|
|
echo "correct=1"
|
|
else
|
|
echo "correct=0"
|
|
fi
|
|
exit
|
|
|
|
fi
|
|
|
|
|
|
############################
|
|
# SETTING PASSWORDS
|
|
############################
|
|
|
|
# check if started with sudo
|
|
echo "runningUser='$EUID'"
|
|
if [ "$EUID" -ne 0 ]; then
|
|
echo "error='need user root'"
|
|
exit 1
|
|
fi
|
|
|
|
if [ "$1" != "set" ]; then
|
|
echo "error='unkown parameter'"
|
|
exit 1
|
|
fi
|
|
|
|
# load raspiblitz config (if available)
|
|
source /home/admin/raspiblitz.info
|
|
source /mnt/hdd/raspiblitz.conf
|
|
if [ ${#network} -eq 0 ]; then
|
|
network="bitcoin"
|
|
fi
|
|
if [ ${#chain} -eq 0 ]; then
|
|
chain="main"
|
|
fi
|
|
|
|
# 1. parameter [?a|b|c]
|
|
abcd=$2
|
|
|
|
# run interactive if no further parameters
|
|
reboot=0;
|
|
OPTIONS=()
|
|
if [ ${#abcd} -eq 0 ]; then
|
|
reboot=1;
|
|
emptyAllowed=1
|
|
OPTIONS+=(A "Master Login Password")
|
|
OPTIONS+=(B "RPC/App Password")
|
|
if [ "${lightning}" == "lnd" ] || [ "${lnd}" == "on" ]; then
|
|
OPTIONS+=(C "LND Lightning Wallet Password")
|
|
fi
|
|
if [ "${cl}" == "on" ] && [ "${clEncryptedHSM}" == "on" ]; then
|
|
OPTIONS+=(CL "Core Lightning Wallet Password")
|
|
fi
|
|
CHOICE=$(dialog --clear \
|
|
--backtitle "RaspiBlitz" \
|
|
--title "Set Password" \
|
|
--menu "Which password to change?" \
|
|
11 50 7 \
|
|
"${OPTIONS[@]}" \
|
|
2>&1 >/dev/tty)
|
|
clear
|
|
case $CHOICE in
|
|
A)
|
|
abcd='a';
|
|
;;
|
|
B)
|
|
abcd='b';
|
|
;;
|
|
C)
|
|
abcd='c';
|
|
;;
|
|
D)
|
|
abcd='d';
|
|
;;
|
|
CL)
|
|
abcd='cl';
|
|
;;
|
|
*)
|
|
exit 0
|
|
;;
|
|
esac
|
|
fi
|
|
|
|
############################
|
|
# PASSWORD A
|
|
if [ "${abcd}" = "a" ]; then
|
|
|
|
if [ "${hashedPasswordSalt}" == "" ]; then
|
|
echo "error='hdd not mounted yet - cannot set/check blitz passwords yet'"
|
|
echo "correct=0"
|
|
exit 1
|
|
fi
|
|
|
|
newPassword=$3
|
|
|
|
# if no password given by parameter - ask by dialog
|
|
if [ ${#newPassword} -eq 0 ]; then
|
|
clear
|
|
|
|
# ask user for new password A (first time)
|
|
password1=$(whiptail --passwordbox "\nSet new Admin/SSH Password A:\n(min 8chars, 1word, chars+number, no specials)" 10 52 "" --title "Password A" --backtitle "RaspiBlitz - Setup" 3>&1 1>&2 2>&3)
|
|
if [ $? -eq 1 ]; then
|
|
if [ ${emptyAllowed} -eq 0 ]; then
|
|
echo "# CANCEL not possible"
|
|
sleep 2
|
|
else
|
|
exit 0
|
|
fi
|
|
fi
|
|
|
|
# ask user for new password A (second time)
|
|
password2=$(whiptail --passwordbox "\nRe-Enter Password A:\n(This is new password to login per SSH)" 10 52 "" --title "Password A" --backtitle "RaspiBlitz - Setup" 3>&1 1>&2 2>&3)
|
|
if [ $? -eq 1 ]; then
|
|
if [ ${emptyAllowed} -eq 0 ]; then
|
|
echo "# CANCEL not possible"
|
|
sleep 2
|
|
else
|
|
exit 0
|
|
fi
|
|
fi
|
|
|
|
# check if passwords match
|
|
if [ "${password1}" != "${password2}" ]; then
|
|
dialog --backtitle "RaspiBlitz - Setup" --msgbox "FAIL -> Passwords dont Match\nPlease try again ..." 6 52
|
|
# calling recursive repeat
|
|
/home/admin/config.scripts/blitz.passwords.sh set a
|
|
exit 0
|
|
fi
|
|
|
|
# password zero
|
|
if [ ${#password1} -eq 0 ]; then
|
|
dialog --backtitle "RaspiBlitz - Setup" --msgbox "FAIL -> Password cannot be empty\nPlease try again ..." 6 52
|
|
# calling recursive repeat
|
|
/home/admin/config.scripts/blitz.passwords.sh set a
|
|
exit 0
|
|
fi
|
|
|
|
# check that password does not contain bad characters
|
|
clearedResult=$(echo "${password1}" | tr -dc '[:alnum:]-.' | tr -d ' ')
|
|
if [ ${#clearedResult} != ${#password1} ] || [ ${#clearedResult} -eq 0 ]; then
|
|
dialog --backtitle "RaspiBlitz - Setup" --msgbox "FAIL -> Contains bad characters (spaces, special chars)\nPlease try again ..." 6 52
|
|
# calling recursive repeat
|
|
/home/admin/config.scripts/blitz.passwords.sh set a
|
|
exit 0
|
|
fi
|
|
|
|
# password longer than 8
|
|
if [ ${#password1} -lt 8 ]; then
|
|
dialog --backtitle "RaspiBlitz - Setup" --msgbox "FAIL -> Password length under 8\nPlease try again ..." 6 52
|
|
# calling recursive repeat
|
|
/home/admin/config.scripts/blitz.passwords.sh set a
|
|
exit 0
|
|
fi
|
|
|
|
# use entered password now as parameter
|
|
newPassword="${password1}"
|
|
|
|
fi
|
|
|
|
# store password hash
|
|
mkpasswd -m sha-512 "${newPassword}" -S "${hashedPasswordSalt:0:16}" > ${hashedPasswordStoragePath}/a.hash
|
|
chown admin:admin ${hashedPasswordStoragePath}/a.hash
|
|
chmod 660 ${hashedPasswordStoragePath}/a.hash
|
|
|
|
# change user passwords and then change hostname
|
|
echo "pi:$newPassword" | sudo chpasswd
|
|
echo "root:$newPassword" | sudo chpasswd
|
|
echo "bitcoin:$newPassword" | sudo chpasswd
|
|
echo "admin:$newPassword" | sudo chpasswd
|
|
sleep 1
|
|
|
|
echo "# OK - password A changed for user pi, root, admin & bitcoin"
|
|
echo "error=''"
|
|
|
|
############################
|
|
# PASSWORD B
|
|
elif [ "${abcd}" = "b" ]; then
|
|
|
|
if [ "${hashedPasswordSalt}" == "" ]; then
|
|
echo "error='hdd not mounted yet - cannot set/check blitz passwords yet'"
|
|
echo "correct=0"
|
|
exit 1
|
|
fi
|
|
|
|
newPassword=$3
|
|
|
|
# if no password given by parameter - ask by dialog
|
|
if [ ${#newPassword} -eq 0 ]; then
|
|
clear
|
|
|
|
# ask user for new password B (first time)
|
|
password1=$(whiptail --passwordbox "\nPlease enter your new Password B:\n(min 8chars, 1word, chars+number, no specials)" 10 52 "" --title "Password B" --backtitle "RaspiBlitz - Setup" 3>&1 1>&2 2>&3)
|
|
if [ $? -eq 1 ]; then
|
|
if [ "${emptyAllowed}" == "0" ]; then
|
|
echo "# CANCEL not possible"
|
|
sleep 2
|
|
else
|
|
exit 0
|
|
fi
|
|
fi
|
|
|
|
# ask user for new password B (second time)
|
|
password2=$(whiptail --passwordbox "\nRe-Enter Password B:\n" 10 52 "" --title "Password B" --backtitle "RaspiBlitz - Setup" 3>&1 1>&2 2>&3)
|
|
if [ $? -eq 1 ]; then
|
|
if [ "${emptyAllowed}" == "0" ]; then
|
|
echo "# CANCEL not possible"
|
|
sleep 2
|
|
else
|
|
exit 0
|
|
fi
|
|
fi
|
|
|
|
# check if passwords match
|
|
if [ "${password1}" != "${password2}" ]; then
|
|
dialog --backtitle "RaspiBlitz - Setup" --msgbox "FAIL -> Passwords dont Match\nPlease try again ..." 6 52
|
|
# calling recursive repeat
|
|
/home/admin/config.scripts/blitz.passwords.sh set b
|
|
exit 0
|
|
fi
|
|
|
|
# password zero
|
|
if [ ${#password1} -eq 0 ]; then
|
|
dialog --backtitle "RaspiBlitz - Setup" --msgbox "FAIL -> Password cannot be empty\nPlease try again ..." 6 52
|
|
# calling recursive repeat
|
|
/home/admin/config.scripts/blitz.passwords.sh set b
|
|
exit 0
|
|
fi
|
|
|
|
# check that password does not contain bad characters
|
|
clearedResult=$(echo "${password1}" | tr -dc '[:alnum:]-.' | tr -d ' ')
|
|
if [ ${#clearedResult} != ${#password1} ] || [ ${#clearedResult} -eq 0 ]; then
|
|
dialog --backtitle "RaspiBlitz - Setup" --msgbox "FAIL -> Contains bad characters (spaces, special chars)\nPlease try again ..." 6 52
|
|
# calling recursive repeat
|
|
/home/admin/config.scripts/blitz.passwords.sh set b
|
|
exit 0
|
|
fi
|
|
|
|
# password longer than 8
|
|
if [ ${#password1} -lt 8 ]; then
|
|
dialog --backtitle "RaspiBlitz - Setup" --msgbox "FAIL -> Password length under 8\nPlease try again ..." 6 52
|
|
# calling recursive repeat
|
|
/home/admin/config.scripts/blitz.passwords.sh set b
|
|
exit 0
|
|
fi
|
|
|
|
# use entered password now as parameter
|
|
newPassword="${password1}"
|
|
fi
|
|
|
|
# store password hash
|
|
mkpasswd -m sha-512 "${newPassword}" -S "${hashedPasswordSalt:0:16}" > ${hashedPasswordStoragePath}/b.hash
|
|
chown admin:admin ${hashedPasswordStoragePath}/b.hash
|
|
chmod 660 ${hashedPasswordStoragePath}/b.hash
|
|
|
|
# change in assets (just in case this is used on setup)
|
|
sed -i "s/^rpcpassword=.*/rpcpassword=${newPassword}/g" /home/admin/assets/${network}.conf 2>/dev/null
|
|
|
|
# change in real configs
|
|
sed -i "s/^rpcpassword=.*/rpcpassword=${newPassword}/g" /mnt/hdd/${network}/${network}.conf 2>/dev/null
|
|
sed -i "s/^rpcpassword=.*/rpcpassword=${newPassword}/g" /home/admin/.${network}/${network}.conf 2>/dev/null
|
|
|
|
# NOTE: now other bonus apps configs that need passwordB need to be adapted manually
|
|
# bonus apps that use a "prestart" will adapt themselves on service restart after reboot
|
|
|
|
# blitzweb
|
|
if ! [ -f /etc/nginx/.htpasswd ]; then
|
|
echo "${newPassword}" | sudo htpasswd -ci /etc/nginx/.htpasswd admin
|
|
else
|
|
echo "${newPassword}" | sudo htpasswd -i /etc/nginx/.htpasswd admin
|
|
fi
|
|
|
|
# electrs
|
|
if [ "${ElectRS}" == "on" ]; then
|
|
echo "# changing the RPC password for ELECTRS"
|
|
RPC_USER=$(cat /mnt/hdd/bitcoin/bitcoin.conf | grep rpcuser | cut -c 9-)
|
|
sudo sed -i "s/^auth = \"$RPC_USER.*\"/auth = \"$RPC_USER:${newPassword}\"/g" /home/electrs/.electrs/config.toml
|
|
fi
|
|
|
|
# BTCPayServer
|
|
if [ "${BTCPayServer}" == "on" ]; then
|
|
echo "# changing the RPC password for BTCPAYSERVER"
|
|
sudo sed -i "s/^btc.rpc.password=.*/btc.rpc.password=${newPassword}/g" /home/btcpay/.nbxplorer/Main/settings.config
|
|
fi
|
|
|
|
# JoinMarket
|
|
if [ "${joinmarket}" == "on" ]; then
|
|
echo "# changing the RPC password for JOINMARKET"
|
|
sudo sed -i "s/^rpc_password =.*/rpc_password = ${newPassword}/g" /home/joinmarket/.joinmarket/joinmarket.cfg
|
|
echo "# changing the password for the 'joinmarket' user"
|
|
echo "joinmarket:${newPassword}" | sudo chpasswd
|
|
fi
|
|
|
|
# ThunderHub
|
|
if [ "${thunderhub}" == "on" ]; then
|
|
echo "# changing the password for ThunderHub"
|
|
sudo sed -i "s/^masterPassword:.*/masterPassword: '${newPassword}'/g" /mnt/hdd/app-data/thunderhub/thubConfig.yaml
|
|
fi
|
|
|
|
# LIT
|
|
if [ "${lit}" == "on" ]; then
|
|
echo "# changing the password for LIT"
|
|
sudo sed -i "s/^uipassword=.*/uipassword=${newPassword}/g" /mnt/hdd/app-data/.lit/lit.conf
|
|
sudo sed -i "s/^faraday.bitcoin.password=.*/faraday.bitcoin.password=${newPassword}/g" /mnt/hdd/app-data/.lit/lit.conf
|
|
fi
|
|
|
|
# i2pd
|
|
if [ "${i2pd}" == "on" ]; then
|
|
echo "# changing the password for i2pd"
|
|
sudo sed -i "s/^pass = .*/pass = ${newPassword}/g" /etc/i2pd/i2pd.conf
|
|
fi
|
|
|
|
# LNDg
|
|
if [ "${lndg}" == "on" ]; then
|
|
echo "# changing the password for lndg"
|
|
sudo -u lndg /home/lndg/lndg/.venv/bin/python initialize.py -pw ${newPassword}
|
|
fi
|
|
|
|
echo "# OK -> RPC Password B changed"
|
|
echo "# Reboot is needed (will be triggered if interactive menu was called)"
|
|
echo "error=''"
|
|
sleep 3
|
|
|
|
############################
|
|
# PASSWORD C
|
|
# will change both (lnd & core lightning) if installed
|
|
elif [ "${abcd}" = "c" ]; then
|
|
|
|
if [ "${hashedPasswordSalt}" == "" ]; then
|
|
echo "error='hdd not mounted yet - cannot set/check blitz passwords yet'"
|
|
echo "correct=0"
|
|
exit 1
|
|
fi
|
|
|
|
oldPassword=$3
|
|
newPassword=$4
|
|
|
|
if [ "${oldPassword}" == "" ]; then
|
|
# ask user for old password c
|
|
clear
|
|
oldPassword=$(whiptail --passwordbox "\nEnter old Password C:\n" 10 52 "" --title "Old Password C" --backtitle "RaspiBlitz - Passwords" 3>&1 1>&2 2>&3)
|
|
if [ $? -eq 1 ] || [ "${oldPassword}" == "" ]; then
|
|
# calling recursive repeat
|
|
sudo /home/admin/config.scripts/blitz.passwords.sh set c
|
|
fi
|
|
echo "# OK ... processing"
|
|
fi
|
|
|
|
if [ "${newPassword}" == "" ]; then
|
|
clear
|
|
|
|
# ask user for new password c
|
|
newPassword=$(whiptail --passwordbox "\nEnter new Password C:\n" 10 52 "" --title "New Password C" --backtitle "RaspiBlitz - Passwords" 3>&1 1>&2 2>&3)
|
|
if [ $? -eq 1 ] || [ "${newPassword}" == "" ]; then
|
|
# calling recursive repeat
|
|
/home/admin/config.scripts/blitz.passwords.sh set c ${oldPassword}
|
|
exit 0
|
|
fi
|
|
# check new password does not contain bad characters
|
|
clearedResult=$(echo "${newPassword}" | tr -dc '[:alnum:]-.' | tr -d ' ')
|
|
if [ ${#clearedResult} != ${#newPassword} ] || [ ${#clearedResult} -eq 0 ]; then
|
|
dialog --backtitle "RaspiBlitz - Setup" --msgbox "FAIL -> Contains bad characters (spaces, special chars)" 6 52
|
|
# calling recursive repeat
|
|
/home/admin/config.scripts/blitz.password.sh set c ${oldPassword}
|
|
exit 0
|
|
fi
|
|
# check new password longer than 8
|
|
if [ ${#newPassword} -lt 8 ]; then
|
|
dialog --backtitle "RaspiBlitz - Setup" --msgbox "FAIL -> Password length under 8" 6 52
|
|
# calling recursive repeat
|
|
/home/admin/config.scripts/blitz.password.sh set c ${oldPassword}
|
|
exit 0
|
|
fi
|
|
|
|
# ask user to retype new password c
|
|
newPassword2=$(whiptail --passwordbox "\nEnter again new Password C:\n" 10 52 "" --title "New Password C (repeat)" --backtitle "RaspiBlitz - Passwords" 3>&1 1>&2 2>&3)
|
|
if [ $? -eq 1 ] || [ "${newPassword}" == "" ]; then
|
|
# calling recursive repeat
|
|
/home/admin/config.scripts/blitz.passwords.sh set c ${oldPassword}
|
|
exit 0
|
|
fi
|
|
echo "# OK ... processing"
|
|
# check if passwords match
|
|
if [ "${newPassword}" != "${newPassword2}" ]; then
|
|
dialog --backtitle "RaspiBlitz - Setup" --msgbox "FAIL -> Passwords dont Match" 6 52
|
|
# calling recursive repeat
|
|
/home/admin/config.scripts/blitz.passwords.sh set c ${oldPassword}
|
|
exit 0
|
|
fi
|
|
echo "# OK ... processing"
|
|
fi
|
|
|
|
# CHANGE LND WALLET PASSWORD
|
|
if [ "${lightning}" == "lnd" ] || [ "${lnd}" == "on" ]; then
|
|
|
|
echo "# CHANGE LND - PASSWORD C (only mainnet)"
|
|
|
|
echo "# Make sure Auto-Unlocks off"
|
|
sudo /home/admin/config.scripts/lnd.autounlock.sh off
|
|
|
|
echo "# LND needs to be restarted to lock wallet first .. (please wait)"
|
|
sudo systemctl restart lnd
|
|
sleep 2
|
|
|
|
err=""
|
|
if ! pip list | grep grpc; then
|
|
echo "# pip install grpc"
|
|
sudo -H python3 -m pip install grpcio==1.38.1 1>/dev/null 2>/dev/null
|
|
fi
|
|
source <(sudo /home/admin/config.scripts/lnd.initwallet.py change-password mainnet $oldPassword $newPassword)
|
|
if [ "${err}" != "" ]; then
|
|
echo "error='Was not able to change password'"
|
|
sleep 2
|
|
exit 0
|
|
fi
|
|
|
|
else
|
|
echo "# LND not installed/active"
|
|
fi
|
|
|
|
# CHANGE CORE LIGHTNING WALLET PASSWORD
|
|
if [ "${cl}" == "on" ] && [ "${clEncryptedHSM}" == "on" ]; then
|
|
|
|
echo "# CHANGE CORE LIGHTNING - PASSWORD C (only mainnet)"
|
|
|
|
sudo /home/admin/config.scripts/cl.hsmtool.sh change-password mainnet $oldPassword $newPassword
|
|
#TODO: test success
|
|
|
|
else
|
|
echo "# CORE LIGHTNING not installed/active/encrypted"
|
|
fi
|
|
|
|
# store password hash
|
|
mkpasswd -m sha-512 "${newPassword}" -S "${hashedPasswordSalt:0:16}" > ${hashedPasswordStoragePath}/c.hash
|
|
chown admin:admin ${hashedPasswordStoragePath}/c.hash
|
|
chmod 660 ${hashedPasswordStoragePath}/c.hash
|
|
|
|
# final user output
|
|
echo ""
|
|
echo "#OK"
|
|
echo "error=''"
|
|
|
|
############################
|
|
# PASSWORD X
|
|
elif [ "${abcd}" = "x" ]; then
|
|
|
|
emptyAllowed=0
|
|
if [ "$5" == "empty-allowed" ]; then
|
|
emptyAllowed=1
|
|
fi
|
|
|
|
# second parameter is the flexible text
|
|
text=$3
|
|
resultFile=$4
|
|
shred -u "$4" 2>/dev/null
|
|
|
|
# ask user for new password (first time)
|
|
password1=$(whiptail --passwordbox "\n${text}:\n(min 8chars, 1word, chars+number, no specials)" 10 52 "" --backtitle "RaspiBlitz" 3>&1 1>&2 2>&3)
|
|
|
|
# ask user for new password A (second time)
|
|
password2=""
|
|
if [ ${#password1} -gt 0 ]; then
|
|
password2=$(whiptail --passwordbox "\nRe-Enter the Password:\n(to test if typed in correctly)" 10 52 "" --backtitle "RaspiBlitz" 3>&1 1>&2 2>&3)
|
|
fi
|
|
|
|
# check if passwords match
|
|
if [ "${password1}" != "${password2}" ]; then
|
|
dialog --backtitle "RaspiBlitz" --msgbox "FAIL -> Passwords dont Match\nPlease try again ..." 6 52
|
|
# calling recursive repeat
|
|
/home/admin/config.scripts/blitz.passwords.sh set x "$3" "$4" "$5"
|
|
exit 0
|
|
fi
|
|
|
|
if [ ${emptyAllowed} -eq 0 ]; then
|
|
|
|
# password zero
|
|
if [ ${#password1} -eq 0 ]; then
|
|
dialog --backtitle "RaspiBlitz" --msgbox "FAIL -> Password cannot be empty\nPlease try again ..." 6 52
|
|
# calling recursive repeat
|
|
/home/admin/config.scripts/blitz.passwords.sh set x "$3" "$4" "$5"
|
|
exit 0
|
|
fi
|
|
|
|
# check that password does not contain bad characters
|
|
clearedResult=$(echo "${password1}" | tr -dc '[:alnum:]-.' | tr -d ' ')
|
|
if [ ${#clearedResult} != ${#password1} ] || [ ${#clearedResult} -eq 0 ]; then
|
|
dialog --backtitle "RaspiBlitz" --msgbox "FAIL -> Contains bad characters (spaces, special chars)\nPlease try again ..." 6 62
|
|
# calling recursive repeat
|
|
/home/admin/config.scripts/blitz.password.sh set x "$3" "$4" "$5"
|
|
exit 0
|
|
fi
|
|
|
|
# password longer than 8
|
|
if [ ${#password1} -lt 8 ]; then
|
|
dialog --backtitle "RaspiBlitz" --msgbox "FAIL -> Password length under 8\nPlease try again ..." 6 52
|
|
# calling recursive repeat
|
|
/home/admin/config.scripts/blitz.passwords.sh set x "$3" "$4" "$5"
|
|
exit 0
|
|
fi
|
|
|
|
fi
|
|
|
|
# store result is file
|
|
echo "${password1}" > "${resultFile}"
|
|
|
|
else
|
|
echo "# FAIL: there is no password '${abcd}' (reminder: use lower case)"
|
|
echo "error='no password ${abcd}'"
|
|
exit 0
|
|
fi
|
|
|
|
# when started with menu ... reboot when done
|
|
if [ "${reboot}" == "1" ]; then
|
|
echo "# Now rebooting to activate changes ..."
|
|
sudo /home/admin/config.scripts/blitz.shutdown.sh reboot
|
|
fi
|