0
Answered

Script to change the admin password

Stefaan Neyts 4 years ago updated by E DD 3 years ago 3

Hi Ubooquity


We are using Ubooquity in our company since today. We have a policy to change passwords regularly.


Is it possible to provide a script to change the admin password from bash (Debian)?


Is webadmin.cred the hashed/encrypted value of the admin password ? What value needs to be stored in webadmin.cred ? What is the algorithm ?


Kind regards


Stefaan Neyts

Answered

The content of the webadmin.cred file is generated with:


hex_hmac_sha256(<PASSWORD>, SERVER_SALT)

where

  • <PASSWORD> is your password (UTF-8 encoded)
  • SERVER_SALT is the following string (UTF-8 encoded):
    d0809793df2c3be1a77a229781cfe1cdb1a2a    
  • hex_hmac_sha256 is a method provided by the this library

Basically, the HMAC of the password is calculated using the provided salt (using SHA256 as hash function), and the resulting byte array is converted to hexadecimal (hence the "hex_").


Theses are standard functions, which are widely used. Doing the same in a bash script should not be too difficult.



I'm trying to do this as well. I looked at the Stackoverflow thread, but it does not say anything about a salt, neither could I find anything about this elsewhere. I tried this:

echo -n "value" | openssl dgst -sha256 -hmac "key"

but it gives the wrong hash. How should I compute the hash in bash using the specified salt?

I found a way using node.js and the script you referred to:

SHA_256_JS=/path/to/script/sha256.js
if ! grep -q 'console.log' ${SHA_256_JS} ; then
  echo "console.log(hex_hmac_sha256(process.argv[2], process.argv[3]));" >> ${SHA_256_JS}
fi
node ${SHA_256_JS} ${MEDIA_PASSWD} d0809793df2c3be1a77a229781cfe1cdb1a2a > /opt/ubooquity/webadmin.cred
chown $UBOOQUITY_USER:$UBOOQUITY_USER /opt/ubooquity/webadmin.cred