pfSense

#!/usr/local/bin/php-cgi -f

<?php

/*

 * rc.initial.password

 *

 * part of pfSense (https://www.pfsense.org)

 * Copyright (c) 2004-2013 BSD Perimeter

 * Copyright (c) 2013-2016 Electric Sheep Fencing

 * Copyright (c) 2014-2025 Rubicon Communications, LLC (Netgate)

 * All rights reserved.

 *

 * originally part of m0n0wall (http://m0n0.ch/wall)

 * Copyright (c) 2003-2004 Manuel Kasper <mk@neon1.net>.

 * All rights reserved.

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 * http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

/* parse the configuration and include all functions used below */

require_once("config.inc");

require_once("auth.inc");

require_once("functions.inc");

require_once("shaper.inc");

$fp = fopen('php://stdin', 'r');

echo "\n";

echo gettext('The authentication configuration and privileges for the "admin" account will be reset to the default.');

echo "\n";

echo gettext('Proceed?') . " (y|n): ";

if (strcasecmp(chop(fgets($fp)), "y") == 0) {

	/* Check authentication mode */

	$authmode = config_get_path('system/webgui/authmode', 'Local Database');

	if ($authmode != 'Local Database') {

		echo "\n";

		echo sprintf(gettext('The User manager authentication server is set to: %s.'), $authmode);

		echo "\n";

		echo gettext('Revert setting to Local Database [y|n]?') . " ";

		if (strcasecmp(chop(fgets($fp)), "y") == 0) {

			config_set_path('system/webgui/authmode', 'Local Database');

		}

	}

	/* Check for missing/deleted admin account */

	$user_item_config = getUserEntryByUID(0);

	$admin_user = &$user_item_config['item'];

	if (!$admin_user) {

		echo gettext('Cannot locate the "admin" account in the User Manager!');

		echo "\n";

		echo gettext('Attempting to restore the account.');

		echo "\n";

		$admin_user = ['uid' => 0];

		config_set_path('system/user/', $admin_user);

		$user_item_config = getUserEntryByUID(0);

		$admin_user = &$user_item_config['item'];

	}

	/* Reset admin account name, scope, and privileges */

	$admin_user['name'] = 'admin';

	$admin_user['scope'] = 'system';

	$admin_user['priv'] = ['user-shell-access'];

	/* Re-enable disabled admin account */

	if (isset($admin_user['disabled'])) {

		unset($admin_user['disabled']);

	}

	/* Remove account expiration */

	if (isset($admin_user['expires'])) {

		unset($admin_user['expires']);

	}

	/* Store settings. */

	if (isset($user_item_config['idx'])) {

		config_set_path("system/user/{$user_item_config['idx']}", $admin_user);

	}

	local_user_set($admin_user);

	write_config(gettext("Reset admin account from console"));

	echo "\n";

	echo gettext('The default administrator account in the User Manager ("admin") has been reset.');

	echo "\n";

	echo gettext("The password must now be set to a new value.");

	echo "\n";

	/* Close before password reset */

	fclose($fp);

	/* Include the password change script directly as it already handles this step. */

	include('/usr/local/bin/usermgrpasswd');

} else {

	fclose($fp);

}

echo "\n";

?>