From eef9b2529c3cab522dac4f4bcfa1a0075376514e Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 4 Oct 2016 22:40:03 +0100
Subject: [PATCH] setup: Store passwords in SHA format

htpasswd doesn't protect passwords very well. MD5 was used
before and now any newly created passwords will use the
SHA format.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/rootfiles/core/106/filelists/files | 1 +
 src/setup/passwords.c                     | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/config/rootfiles/core/106/filelists/files b/config/rootfiles/core/106/filelists/files
index 3468c58eec..77f73c88c3 100644
--- a/config/rootfiles/core/106/filelists/files
+++ b/config/rootfiles/core/106/filelists/files
@@ -19,3 +19,4 @@ srv/web/ipfire/cgi-bin/index.cgi
 srv/web/ipfire/cgi-bin/logs.cgi/log.dat
 srv/web/ipfire/cgi-bin/pppsetup.cgi
 srv/web/ipfire/cgi-bin/services.cgi
+usr/sbin/setup
diff --git a/src/setup/passwords.c b/src/setup/passwords.c
index e7b4b5231a..50ee38ed73 100644
--- a/src/setup/passwords.c
+++ b/src/setup/passwords.c
@@ -56,7 +56,7 @@ int handleadminpassword(void)
 		return 0;
 	
 	snprintf(commandstring, STRING_SIZE,
-		"/usr/sbin/htpasswd -c -m -b " CONFIG_ROOT "/auth/users admin '%s'", password);
+		"/usr/sbin/htpasswd -c -s -b " CONFIG_ROOT "/auth/users admin '%s'", password);
 	sprintf(message, _("Setting %s 'admin' user password..."), NAME);
 	if (runhiddencommandwithstatus(commandstring, _("Setting password"), message, NULL)) {
 		sprintf(message, _("Problem setting %s 'admin' user password."), NAME);
-- 
2.39.5