access: allow root disable and prevent to disable own user

PR: https://forum.opnsense.org/index.php?topic=3684

access: allow root disable and prevent to disable own user
PR: https://forum.opnsense.org/index.php?topic=3684
d569a8e1 · Franco Fichtner · 2f5468ae · d569a8e1 · d569a8e1
Commit d569a8e1 authored Sep 19, 2016 by Franco Fichtner
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 2 deletions

auth.inc src/etc/inc/auth.inc +0 -1

system_usermanager.php src/www/system_usermanager.php +5 -1

No files found.
--- a/src/etc/inc/auth.inc
+++ b/src/etc/inc/auth.inc
@@ -429,7 +429,6 @@ function local_user_set(&$user)
    /* root user special handling */
    if ($user_uid == 0) {
        $user_shell = isset($user['shell']) ? $user['shell'] : '/usr/local/etc/rc.initial';
-        $lock_account = 'unlock';
        $user_group = 'wheel';
        $user_home = '/root';
    }

--- a/src/www/system_usermanager.php
+++ b/src/www/system_usermanager.php
@@ -236,6 +236,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
            $input_errors[] = gettext("The passwords do not match.");
        }

+        if (!empty($pconfig['disabled']) && $_SESSION['Username'] === $a_user[$id]['name']) {
+            $input_errors[] = gettext('You cannot disable yourself.');
+        }
+
        if (isset($id)) {
            $oldusername = $a_user[$id]['name'];
        } else {
@@ -262,7 +266,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
            }
        }

-        /*
+       /*
       * Check for a valid expirationdate if one is set at all (valid means,
       * DateTime puts out a time stamp so any DateTime compatible time
       * format may be used. to keep it simple for the enduser, we only