<% val you = Init.getUserId ();
val yourname = Init.getUserName ();
val nodeNum = case $"node" of
"" => 2
| node => Web.stoi node;
val nodeName = Init.nodeName nodeNum;
val uname = case $"uname" of
"" => yourname
| uname => uname;
val socks = Sec.socketPerms {node = nodeNum, uname = uname};
val tpe = Sec.isTpe {node = nodeNum, uname = uname};
val cron = Sec.cronAllowed {node = nodeNum, uname = uname};
val ftp = Sec.ftpAllowed {node = nodeNum, uname = uname};
ref showNormal = true;
@header [("title", ["Security settings"])];
if $"cmd" = "socks" then
showNormal := false;
val socks = $"socks";
%>Are you sure you want to request that socket permissions for <% Web.html uname %> on <% Web.html nodeName %> be changed to <% Web.html socks %>?
">Yes, place the request!<%
elseif $"cmd" = "socks2" then
val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat [uname, ": change socket permissions to ", $"socks"], msg = $"msg"};
if not (Sec.Req.notifyNew id) then
%>Error sending e-mail notification
<%
end
%>Request added
<%
elseif $"cmd" = "tpe" then
showNormal := false;
val tpe = iff $"tpe" = "yes" then "on" else "off";
%>Are you sure you want to request that trusted-path-executables-only for <% Web.html uname %> on <% Web.html nodeName %> be turned <% tpe %>?
">Yes, place the request!<%
elseif $"cmd" = "tpe2" then
val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat [uname, ": turn tpe ", $"tpe"], msg = $"msg"};
if not (Sec.Req.notifyNew id) then
%>Error sending e-mail notification
<%
end
%>Request added
<%
elseif $"cmd" = "cron" then
showNormal := false;
val cron = iff $"cron" = "yes" then "enabled" else "disabled";
%>Are you sure you want to request that cron permissions for <% Web.html uname %> on <% Web.html nodeName %> be <% cron %>?
">Yes, place the request!<%
elseif $"cmd" = "cron2" then
val cron = iff $"cron" = "enabled" then "enable" else "disable";
val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat [uname, ": ", cron, " cron access"], msg = $"msg"};
if not (Sec.Req.notifyNew id) then
%>Error sending e-mail notification
<%
end
%>Request added
<%
elseif $"cmd" = "ftp" then
showNormal := false;
val ftp = iff $"ftp" = "yes" then "enabled" else "disabled";
%>Are you sure you want to request that FTP permissions for <% Web.html uname %> on <% Web.html nodeName %> be <% ftp %>?
">Yes, place the request!<%
elseif $"cmd" = "ftp2" then
val ftp = iff $"ftp" = "enabled" then "enable" else "disable";
val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat [uname, ": ", ftp, " FTP access"], msg = $"msg"};
if not (Sec.Req.notifyNew id) then
%>Error sending e-mail notification
<%
end
%>Request added
<%
elseif $"cmd" = "rule" then
showNormal := false;
val rule = $"rule";
if Sec.validRule rule then
%>Are you sure you want to request the firewall rule <% Web.html uname %> <% Web.html rule %> on <% Web.html nodeName %>?
">Yes, place the request!<%
else
%>"<% Web.html rule %>" is not a valid firewall rule! Please reread the instructions, and remember to leave off the initial username portion.<%
end
elseif $"cmd" = "rule2" then
val rule = $"rule";
if Sec.validRule rule then
val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat ["Add firewall rule \"", uname, " ", rule, "\""], msg = $"msg"};
if not (Sec.Req.notifyNew id) then
%>Error sending e-mail notification
<%
end
%>Request added
<%
else
%>"<% Web.html rule %>" is not a valid firewall rule! Please reread the instructions, and remember to leave off the initial username portion.<%
end
elseif $"modRule" <> "" then
showNormal := false;
val oldRule = $"modRule";
val rule = $"rule"
if oldRule = rule then
%>You didn't modify the textbox for this rule before clicking the button, so there is no request to be made.<%
else
%>Are you sure you want to request that firewall rule <% Web.html uname %> <% Web.html oldRule %> be replaced by <% Web.html uname %> <% Web.html rule %> on <% Web.html nodeName %>?
">Yes, place the request!<%
end
elseif $"modRule2" <> "" then
val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat ["Change firewall rule \"", uname, " ", $"modRule2", "\" to \"", uname, " ", $"rule", "\""], msg = $"msg"};
if not (Sec.Req.notifyNew id) then
%>Error sending e-mail notification
<%
end
%>Request added
<%
elseif $"delRule" <> "" then
showNormal := false;
val oldRule = $"delRule";
%>Are you sure you want to request that firewall rule <% Web.html uname %> <% Web.html oldRule %> on <% Web.html nodeName %> be deleted?
">Yes, place the request!<%
elseif $"delRule2" <> "" then
val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat ["Delete firewall rule \"", uname, " ", $"delRule2", "\""], msg = $"msg"};
if not (Sec.Req.notifyNew id) then
%>Error sending e-mail notification
<%
end
%>Request added
<%
elseif $"cmd" = "open" then
showNormal := false;
Group.requireGroupName "server";
%>Open requests
List all requests<%
foreach (name, req) in Sec.Req.listOpen () do %>
| By: | <% name %> |
| Time: | <% #stamp req %> (<% Util.diffFromNow (#stamp req) %> ago) |
| Node: | <% Web.html (Init.nodeName (#node req)) %> |
| Request: | <% #data req %> |
| Msg: | <% Web.html (#msg req) %> |
[Modify]
[Delete]
<% end
elseif $"cmd" = "list" then
showNormal := false;
Group.requireGroupName "server"
%>All requests
<%
foreach (name, req) in Sec.Req.list () do %>
| By: | <% name %> |
| Time: | <% #stamp req %> (<% Util.diffFromNow (#stamp req) %> ago) |
| Node: | <% Web.html (Init.nodeName (#node req)) %> |
| Request: | <% #data req %> |
| Reason: | <% Web.html (#msg req) %> |
[Modify]
[Delete]
<% end
elseif $"mod" <> "" then
showNormal := false;
Group.requireGroupName "server";
val id = Web.stoi ($"mod");
val req = Sec.Req.lookup id;
val user = Init.lookupUser (#usr req) %>
Handle request
<% elseif $"save" <> "" then
showNormal := false;
Group.requireGroupName "server";
val id = Web.stoi ($"save");
val req = Sec.Req.lookup id;
val oldStatus = #status req;
val newStatus = Sec.Req.statusFromInt (Web.stoi ($"status"));
Sec.Req.modify {req with node = nodeNum, data = $"req", msg = $"msg", status = newStatus};
if not (Sec.Req.notifyMod {old = oldStatus, new = newStatus, changer = Init.getUserName(), req = id}) then
%>Error sending e-mail notification
<%
end
%>Request modified
Back to: open requests, all requests
<% elseif $"del" <> "" then
showNormal := false;
Group.requireGroupName "server";
val id = Web.stoi ($"del");
val req = Sec.Req.lookup id;
val user = Init.lookupUser (#usr req)
%>Are you sure you want to delete request by <% #name user %> for "<% #data req %>" on <% Web.html (Init.nodeName (#node req)) %>?
Yes, I'm sure!
<% elseif $"del2" <> "" then
showNormal := false;
Group.requireGroupName "server";
val id = Web.stoi ($"del2");
Sec.Req.delete id
%>Request deleted
Request change to your cron permissions
Request change to your FTP permissions
Please read our wiki instructions on file transfer before requesting FTP access. Almost everyone should use alternative protocols to FTP that provide superior security benefits.
<% val rules = Sec.findFirewallRules {node = nodeNum, uname = uname};
switch rules of
_::_ => %>
Your firewall rules
<% foreach rule in rules do %>
<% end
end%>
Request a new firewall rule
This form isn't needed yet to allow you to use any port. However, if you request a rule here, you can be sure it will be added when we first implement firewalls on our new servers. Otherwise, your custom services may stop working.
You can find a description of rule formats on our wiki. Enter here the rule you want, without the initial user portion.
Please note that your firewall rule will be useless if you don't first request the corresponding socket privileges at the top of this page. Also, common ports like 80 (HTTP) are open to everyone with socket permissions. Verify that you can't access a port after socket permissions have been granted before requesting a special rule here.
We very rarely grant requests for Client rules that don't include remote host whitelists. For example, important security concerns make it a bad idea for us to give anybody blanket IRC permissions. Instead, request specific servers. We will refuse such requests that include networks that are popularly considered fronts for illegal activity.
<% end %>
<% @footer[] %>