Require the master key when performing certain operations (RIPD-666):

* When disabling the use of the master key; or
* When enabling 'no freeze'.

src/ripple/app/transactors/SetAccount.cpp

@@ -155,30 +155,42 @@ public:
 
         if ((uSetFlag == asfDisableMaster) && !(uFlagsIn & lsfDisableMaster))
         {
+            if (!mSigMaster)
+            {
+                m_journal.trace << "Can't use regular key to disable master key.";
+                return tecNEED_MASTER_KEY;
+            }
+
             if (!mTxnAccount->isFieldPresent (sfRegularKey))
                 return tecNO_REGULAR_KEY;
 
             m_journal.trace << "Set lsfDisableMaster.";
-            uFlagsOut   |= lsfDisableMaster;
+            uFlagsOut |= lsfDisableMaster;
         }
 
         if ((uClearFlag == asfDisableMaster) && (uFlagsIn & lsfDisableMaster))
         {
             m_journal.trace << "Clear lsfDisableMaster.";
-            uFlagsOut   &= ~lsfDisableMaster;
+            uFlagsOut &= ~lsfDisableMaster;
         }
 
         if (uSetFlag == asfNoFreeze)
         {
+            if (!mSigMaster && !(uFlagsIn & lsfDisableMaster))
+            {
+                m_journal.trace << "Can't use regular key to set NoFreeze.";
+                return tecNEED_MASTER_KEY;
+            }
+
             m_journal.trace << "Set NoFreeze flag";
-            uFlagsOut   |= lsfNoFreeze;
+            uFlagsOut |= lsfNoFreeze;
         }
 
         // Anyone may set global freeze
         if (uSetFlag == asfGlobalFreeze)
         {
             m_journal.trace << "Set GlobalFreeze flag";
-            uFlagsOut   |= lsfGlobalFreeze;
+            uFlagsOut |= lsfGlobalFreeze;
         }
 
         // If you have set NoFreeze, you may not clear GlobalFreeze
@@ -188,7 +200,7 @@ public:
             ((uFlagsOut & lsfNoFreeze) == 0))
         {
             m_journal.trace << "Clear GlobalFreeze flag";
-            uFlagsOut   &= ~lsfGlobalFreeze;
+            uFlagsOut &= ~lsfGlobalFreeze;
         }
 
         //

src/ripple/protocol/TER.h

@@ -192,6 +192,7 @@ enum TER    // aka TransactionEngineResult
     tecNO_PERMISSION            = 139,
     tecNO_ENTRY                 = 140,
     tecINSUFFICIENT_RESERVE     = 141,
+    tecNEED_MASTER_KEY          = 142,
 };
 
 inline bool isTelLocal(TER x)

src/ripple/protocol/impl/TER.cpp

@@ -65,6 +65,7 @@ bool transResultInfo (TER code, std::string& token, std::string& text)
         { tecNO_PERMISSION,         "tecNO_PERMISSION",         "No permission to perform requested operation."                 },
         { tecNO_ENTRY,              "tecNO_ENTRY",              "No matching entry found."                                      },
         { tecINSUFFICIENT_RESERVE,  "tecINSUFFICIENT_RESERVE",  "Insufficient reserve to complete requested operation."         },
+        { tecNEED_MASTER_KEY,       "tecNEED_MASTER_KEY",       "The operation requires the use of the Master Key."             },
 
         { tefALREADY,               "tefALREADY",               "The exact transaction was already in this ledger."             },
         { tefBAD_ADD_AUTH,          "tefBAD_ADD_AUTH",          "Not authorized to add account."                                },