From 6d9d8e0a5f5052db52d116819cda040cdcfd68b4 Mon Sep 17 00:00:00 2001
From: Shibby <shibby@openlinksys.info>
Date: Thu, 12 Mar 2015 21:38:01 +0100
Subject: [PATCH] GUI: Checkbox to allow/deny login as "root" to GUI

---
 release/src/router/httpd/httpd.c        | 11 ++++++++---
 release/src/router/httpd/tomato.c       |  1 +
 release/src/router/nvram/defaults.c     |  1 +
 release/src/router/www/admin-access.asp |  7 +++++--
 4 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/release/src/router/httpd/httpd.c b/release/src/router/httpd/httpd.c
index dc2cf7f354..f60cfc17ce 100644
--- a/release/src/router/httpd/httpd.c
+++ b/release/src/router/httpd/httpd.c
@@ -249,9 +249,14 @@ static auth_t auth_check(const char *authorization)
 				*pass++ = 0;
 				if (((u = nvram_get("http_username")) == NULL) || (*u == 0)) u = "admin";
 				if ((strcmp(buf, "root") == 0) || (strcmp(buf, u) == 0)) {
-					if (((p = nvram_get("http_passwd")) == NULL) || (*p == 0)) p = "admin";
-					if (strcmp(pass, p) == 0) {
-						return AUTH_OK;
+
+					if ((nvram_match("http_root", "0")) && (strcmp(buf, "root") == 0)) {
+						return AUTH_BAD;
+					} else {
+						if (((p = nvram_get("http_passwd")) == NULL) || (*p == 0)) p = "admin";
+						if (strcmp(pass, p) == 0) {
+							return AUTH_OK;
+						}
 					}
 				}
 			}
diff --git a/release/src/router/httpd/tomato.c b/release/src/router/httpd/tomato.c
index f055e15ac1..578292decb 100644
--- a/release/src/router/httpd/tomato.c
+++ b/release/src/router/httpd/tomato.c
@@ -978,6 +978,7 @@ static const nvset_t nvset_list[] = {
 	{ "rmgt_sip",			V_LENGTH(0, 512)	},
 	{ "ne_shlimit",			V_TEXT(1, 50)		},
 	{ "http_username",		V_LENGTH(0, 32)		},
+	{ "http_root",			V_01				},
 
 // admin-bwm
 	{ "rstats_enable",		V_01				},
diff --git a/release/src/router/nvram/defaults.c b/release/src/router/nvram/defaults.c
index 6b783cd3cc..8eac7375ce 100644
--- a/release/src/router/nvram/defaults.c
+++ b/release/src/router/nvram/defaults.c
@@ -583,6 +583,7 @@ const defaults_t defaults[] = {
 	{ "https_crt_cn",		""				},
 	{ "https_crt_file",		""				},
 	{ "https_crt",			""				},
+	{ "http_root",			"1"				},	// 0 - deny, 1 - Allow
 	{ "web_wl_filter",		"0"				},	// Allow/Deny Wireless Access Web
 	{ "web_css",			"openlinksys"			},
 	{ "web_dir",			"default"			},  // jffs, opt, tmp or default (/www)
diff --git a/release/src/router/www/admin-access.asp b/release/src/router/www/admin-access.asp
index 0f798440f1..dba69eaa9f 100644
--- a/release/src/router/www/admin-access.asp
+++ b/release/src/router/www/admin-access.asp
@@ -29,7 +29,7 @@ textarea {
 
 <script type='text/javascript'>
 
-//	<% nvram("http_enable,https_enable,http_lanport,https_lanport,remote_management,remote_mgt_https,web_wl_filter,web_css,web_dir,ttb_css,sshd_eas,sshd_pass,sshd_remote,telnetd_eas,http_wanport,sshd_authkeys,sshd_port,sshd_rport,sshd_forwarding,telnetd_port,rmgt_sip,https_crt_cn,https_crt_save,lan_ipaddr,ne_shlimit,sshd_motd,http_username"); %>
+//	<% nvram("http_enable,https_enable,http_lanport,https_lanport,remote_management,remote_mgt_https,web_wl_filter,web_css,web_dir,ttb_css,sshd_eas,sshd_pass,sshd_remote,telnetd_eas,http_wanport,sshd_authkeys,sshd_port,sshd_rport,sshd_forwarding,telnetd_port,rmgt_sip,https_crt_cn,https_crt_save,lan_ipaddr,ne_shlimit,sshd_motd,http_username,http_root"); %>
 
 changed = 0;
 tdup = parseInt('<% psup("telnetd"); %>');
@@ -211,6 +211,7 @@ function save()
 */
 	fom.https_crt_gen.value = E('_f_https_crt_gen').checked ? 1 : 0;
 	fom.https_crt_save.value = E('_f_https_crt_save').checked ? 1 : 0;
+	fom.http_root.value = E('_f_http_root').checked ? 1 : 0;
 
 	fom.web_wl_filter.value = E('_f_http_wireless').checked ? 0 : 1;
 
@@ -264,6 +265,7 @@ function init()
 <input type='hidden' name='https_enable'>
 <input type='hidden' name='https_crt_save'>
 <input type='hidden' name='https_crt_gen'>
+<input type='hidden' name='http_root'>
 <input type='hidden' name='remote_management'>
 <input type='hidden' name='remote_mgt_https'>
 <input type='hidden' name='web_wl_filter'>
@@ -294,6 +296,7 @@ var m = [
 		value:  (nvram.remote_management == 1) ? ((nvram.remote_mgt_https == 1) ? 2 : 1) : 0 },
 	{ title: 'Port', indent: 2, name: 'http_wanport', type: 'text', maxlen: 5, size: 7, value:  fixPort(nvram.http_wanport, 8080) },
 	{ title: 'Allow Wireless Access', name: 'f_http_wireless', type: 'checkbox', value:  nvram.web_wl_filter == 0 },
+	{ title: 'Allow login as "root"', name: 'f_http_root', type: 'checkbox', value: nvram.http_root == 1 },
 	null,
 	{ title: 'Directory with GUI files', name: 'web_dir', type: 'select',
 		options: [['default','Default: /www'], ['jffs', 'Custom: /jffs/www (Experts Only!)'], ['opt', 'Custom: /opt/www (Experts Only!)'], ['tmp', 'Custom: /tmp/www (Experts Only!)']], value: nvram.web_dir, suffix: ' <small>Please be sure of your decision before change this settings!</small>' },
@@ -364,7 +367,7 @@ createFieldTable('', [
 <div class='section'>
 <script type='text/javascript'>
 createFieldTable('', [
-	{ title: 'Username', name: 'http_username', type: 'text', value: nvram.http_username },
+	{ title: 'Username', name: 'http_username', type: 'text', value: nvram.http_username, suffix: '&nbsp;<small>(empty field means "admin")</small>' },
 	null,
 	{ title: 'Password', name: 'set_password_1', type: 'password', value: '**********' },
 	{ title: '<i>(re-enter to confirm)</i>', indent: 2, name: 'set_password_2', type: 'password', value: '**********' }
-- 
2.11.4.GIT