access: allow root disable and prevent to disable own user

PR: https://forum.opnsense.org/index.php?topic=3684
opnsense · Sep 19, 2016 · d569a8e · d569a8e
1 parent 2f5468a
commit d569a8e
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/src/etc/inc/auth.inc b/src/etc/inc/auth.inc
@@ -429,7 +429,6 @@ function local_user_set(&$user)
     /* root user special handling */
     if ($user_uid == 0) {
         $user_shell = isset($user['shell']) ? $user['shell'] : '/usr/local/etc/rc.initial';
-        $lock_account = 'unlock';
         $user_group = 'wheel';
         $user_home = '/root';
     }

diff --git a/src/www/system_usermanager.php b/src/www/system_usermanager.php
@@ -236,6 +236,10 @@ function get_user_privdesc(& $user)
             $input_errors[] = gettext("The passwords do not match.");
         }
 
+        if (!empty($pconfig['disabled']) && $_SESSION['Username'] === $a_user[$id]['name']) {
+            $input_errors[] = gettext('You cannot disable yourself.');
+        }
+
         if (isset($id)) {
             $oldusername = $a_user[$id]['name'];
         } else {
@@ -262,7 +266,7 @@ function get_user_privdesc(& $user)
             }
         }
 
-        /*
+       /*
        * Check for a valid expirationdate if one is set at all (valid means,
        * DateTime puts out a time stamp so any DateTime compatible time
        * format may be used. to keep it simple for the enduser, we only