From d569a8e18099aaef69d3bf75a5669af9dfec0fa7 Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Mon, 19 Sep 2016 07:49:35 +0200
Subject: [PATCH] access: allow root disable and prevent to disable own user

PR: https://forum.opnsense.org/index.php?topic=3684
---
 src/etc/inc/auth.inc           | 1 -
 src/www/system_usermanager.php | 6 +++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/etc/inc/auth.inc b/src/etc/inc/auth.inc
index 775269ff0..6d4dbcd55 100644
--- a/src/etc/inc/auth.inc
+++ b/src/etc/inc/auth.inc
@@ -429,7 +429,6 @@ function local_user_set(&$user)
     /* root user special handling */
     if ($user_uid == 0) {
         $user_shell = isset($user['shell']) ? $user['shell'] : '/usr/local/etc/rc.initial';
-        $lock_account = 'unlock';
         $user_group = 'wheel';
         $user_home = '/root';
     }
diff --git a/src/www/system_usermanager.php b/src/www/system_usermanager.php
index 989294473..ed9093045 100644
--- a/src/www/system_usermanager.php
+++ b/src/www/system_usermanager.php
@@ -236,6 +236,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
             $input_errors[] = gettext("The passwords do not match.");
         }
 
+        if (!empty($pconfig['disabled']) && $_SESSION['Username'] === $a_user[$id]['name']) {
+            $input_errors[] = gettext('You cannot disable yourself.');
+        }
+
         if (isset($id)) {
             $oldusername = $a_user[$id]['name'];
         } else {
@@ -262,7 +266,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
             }
         }
 
-        /*
+       /*
        * Check for a valid expirationdate if one is set at all (valid means,
        * DateTime puts out a time stamp so any DateTime compatible time
        * format may be used. to keep it simple for the enduser, we only