diff --git a/src/etc/config.xml b/src/etc/config.xml
index 0db4e2f61..940aa4029 100644
--- a/src/etc/config.xml
+++ b/src/etc/config.xml
@@ -172,7 +172,7 @@
page-all
- admin
+ root
system
admins
diff --git a/src/etc/inc/auth.inc b/src/etc/inc/auth.inc
index 6b8a154a5..3d0904591 100644
--- a/src/etc/inc/auth.inc
+++ b/src/etc/inc/auth.inc
@@ -1,18 +1,11 @@
- All rights reserved.
-
Copyright (C) 2005-2006 Bill Marquette
- All rights reserved.
-
Copyright (C) 2006 Paul Taylor .
- All rights reserved.
-
Copyright (C) 2003-2006 Manuel Kasper .
All rights reserved.
@@ -36,10 +29,6 @@
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
-
- DISABLE_PHP_LINT_CHECKING
- pfSense_BUILDER_BINARIES: /usr/sbin/pw /bin/cp
- pfSense_MODULE: auth
*/
/*
@@ -311,25 +300,26 @@ function local_backed($username, $passwd) {
return false;
}
-function local_sync_accounts() {
- global $debug, $config;
+function local_sync_accounts()
+{
+ global $config;
+
conf_mount_rw();
/* remove local users to avoid uid conflicts */
- $fd = popen("/usr/sbin/pw usershow -a", "r");
+ $fd = popen('/usr/sbin/pw usershow -a', 'r');
if ($fd) {
while (!feof($fd)) {
- $line = explode(":",fgets($fd));
- if (((!strncmp($line[0], "_", 1)) || ($line[2] < 2000) || ($line[2] > 65000)) && ($line[0] != "admin"))
+ $line = explode(':',fgets($fd));
+ if (((!strncmp($line[0], '_', 1)) || ($line[2] < 2000) || ($line[2] > 65000))) {
continue;
+ }
/*
* If a crontab was created to user, pw userdel will be interactive and
* can cause issues. Just remove crontab before run it when necessary
*/
unlink_if_exists("/var/cron/tabs/{$line[0]}");
$cmd = "/usr/sbin/pw userdel -n '{$line[0]}'";
- if($debug)
- log_error(sprintf(gettext("Running: %s"), $cmd));
mwexec($cmd);
}
pclose($fd);
@@ -337,19 +327,20 @@ function local_sync_accounts() {
/* remove local groups to avoid gid conflicts */
$gids = array();
- $fd = popen("/usr/sbin/pw groupshow -a", "r");
+ $fd = popen('/usr/sbin/pw groupshow -a', 'r');
if ($fd) {
while (!feof($fd)) {
- $line = explode(":",fgets($fd));
- if (!strncmp($line[0], "_", 1))
+ $line = explode(':',fgets($fd));
+ if (!strncmp($line[0], '_', 1)) {
continue;
- if ($line[2] < 2000)
+ }
+ if ($line[2] < 2000) {
continue;
- if ($line[2] > 65000)
+ }
+ if ($line[2] > 65000) {
continue;
+ }
$cmd = "/usr/sbin/pw groupdel {$line[2]}";
- if($debug)
- log_error(sprintf(gettext("Running: %s"), $cmd));
mwexec($cmd);
}
pclose($fd);
@@ -410,7 +401,7 @@ function local_user_set(& $user) {
$lock_account = true;
}
- /* Lock out disabled or expired users, unless it's root/admin. */
+ /* Lock out disabled or expired users, unless it's root */
if ((is_account_disabled($user_name) || is_account_expired($user_name)) && ($user_uid != 0)) {
$user_shell = "/sbin/nologin";
$lock_account = true;
@@ -480,16 +471,11 @@ function local_user_set(& $user) {
conf_mount_ro();
}
-function local_user_del($user) {
- global $debug;
-
+function local_user_del($user)
+{
/* remove all memberships */
local_user_set_groups($user);
- /* Don't remove /root */
- if ($user['uid'] != 0)
- $rmhome = "-r";
-
/* read from pw db */
$fd = popen("/usr/sbin/pw usershow -n {$user['name']} 2>&1", "r");
$pwread = fgets($fd);
@@ -502,10 +488,8 @@ function local_user_del($user) {
}
/* delete from pw db */
- $cmd = "/usr/sbin/pw userdel -n {$user['name']} {$rmhome}";
+ $cmd = "/usr/sbin/pw userdel -n {$user['name']} -r";
- if($debug)
- log_error(sprintf(gettext("Running: %s"), $cmd));
mwexec($cmd);
/* Delete user from groups needs a call to write_config() */
diff --git a/src/etc/inc/config.lib.inc b/src/etc/inc/config.lib.inc
index acbe8f681..2def8a207 100644
--- a/src/etc/inc/config.lib.inc
+++ b/src/etc/inc/config.lib.inc
@@ -490,13 +490,15 @@ function safe_write_file($file, $content, $force_binary) {
* null
******/
/* save the system configuration */
-function write_config($desc="Unknown", $backup = true) {
+function write_config($desc = 'Unknown', $backup = true)
+{
global $config, $g;
if (!empty($_SERVER['REMOTE_ADDR'])) {
- if (!session_id())
+ if (!session_id()) {
@session_start();
- if (!empty($_SESSION['Username']) && ($_SESSION['Username'] != "admin")) {
+ }
+ if (!empty($_SESSION['Username']) && ($_SESSION['Username'] != 'root')) {
$user = getUserEntry($_SESSION['Username']);
if (is_array($user) && userHasPrivilege($user, "user-config-readonly")) {
session_commit();
@@ -505,11 +507,13 @@ function write_config($desc="Unknown", $backup = true) {
}
}
- if (!isset($argc))
+ if (!isset($argc)) {
session_commit();
+ }
- if($backup)
+ if ($backup) {
backup_config();
+ }
$config['revision'] = make_config_revision_entry($desc);
diff --git a/src/etc/inc/globals.inc b/src/etc/inc/globals.inc
index 28cc157f0..c03cfed24 100644
--- a/src/etc/inc/globals.inc
+++ b/src/etc/inc/globals.inc
@@ -35,7 +35,7 @@ register_shutdown_function('closelog');
$g = array(
"base_packages" => "siproxd",
"event_address" => "unix:///var/run/check_reload_status",
- "factory_shipped_username" => "admin",
+ "factory_shipped_username" => "root",
"factory_shipped_password" => "opnsense",
"upload_path" => "/root",
"dhcpd_chroot_path" => "/var/dhcpd",
diff --git a/src/etc/inc/priv.inc b/src/etc/inc/priv.inc
index 5f7a567ce..76171113b 100644
--- a/src/etc/inc/priv.inc
+++ b/src/etc/inc/priv.inc
@@ -179,42 +179,51 @@ function get_user_privdesc(& $user) {
return $privs;
}
-function isAllowed($username, $page) {
+function isAllowed($username, $page)
+{
global $_SESSION;
- if (!isset($username))
+ if (!isset($username)) {
return false;
+ }
- /* admin/root access check */
+ /* root access check */
$user = getUserEntry($username);
- if (isset($user))
- if (isset($user['uid']))
- if ($user['uid']==0)
+ if (isset($user)) {
+ if (isset($user['uid'])) {
+ if ($user['uid'] == 0) {
return true;
+ }
+ }
+ }
/* user privelege access check */
- if (cmp_page_matches($page, $_SESSION['page-match']))
+ if (cmp_page_matches($page, $_SESSION['page-match'])) {
return true;
+ }
return false;
}
-
-function isAllowedPage($page) {
+function isAllowedPage($page)
+{
global $_SESSION;
-
$username = $_SESSION['Username'];
- if (!isset($username))
+ if (!isset($username)) {
return false;
+ }
- /* admin/root access check */
+ /* root access check */
$user = getUserEntry($username);
- if (isset($user))
- if (isset($user['uid']))
- if ($user['uid']==0)
+ if (isset($user)) {
+ if (isset($user['uid'])) {
+ if ($user['uid'] == 0) {
return true;
+ }
+ }
+ }
/* user privelege access check */
return cmp_page_matches($page, $_SESSION['page-match']);
diff --git a/src/etc/rc.initial.password b/src/etc/rc.initial.password
index b96d1c23a..d1b619569 100755
--- a/src/etc/rc.initial.password
+++ b/src/etc/rc.initial.password
@@ -62,8 +62,8 @@ The User manager authentication server is set to "' . $config['system']['webgui'
}
$admin_user['name'] = $g['factory_shipped_username'];
- $admin_user['priv'] = array("user-shell-access");
- $admin_user['scope'] = "system";
+ $admin_user['priv'] = array('user-shell-access');
+ $admin_user['scope'] = 'system';
if (isset($admin_user['disabled'])) {
unset($admin_user['disabled']);