Commit | Line | Data |
---|---|---|
dfb0d0d7 AC |
1 | <% val you = Init.getUserId (); |
2 | val yourname = Init.getUserName (); | |
3 | ||
4 | val uname = case $"uname" of | |
5 | "" => yourname | |
6 | | uname => uname; | |
7 | ||
8 | val socks = Sec.socketPerms uname; | |
9 | val tpe = Sec.isTpe uname; | |
e510b9bd | 10 | val cron = Sec.cronAllowed uname; |
dfb0d0d7 AC |
11 | |
12 | ref showNormal = true; | |
13 | ||
14 | @header [("title", ["Security settings"])]; | |
15 | ||
16 | if $"cmd" = "socks" then | |
17 | showNormal := false; | |
18 | val socks = $"socks"; | |
19 | %>Are you sure you want to request that socket permissions for <b><% Web.html uname %></b> be changed to <b><% Web.html socks %></b>?<br> | |
20 | <a href="sec?cmd=socks2&uname=<% Web.urlEncode uname %>&socks=<% Web.urlEncode socks %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% | |
21 | elseif $"cmd" = "socks2" then | |
22 | val id = Sec.Req.add (you, String.concat [uname, ": change socket permissions to ", $"socks"], $"msg"); | |
23 | if not (Sec.Req.notifyNew id) then | |
24 | %><h3><b>Error sending e-mail notification</b></h3><% | |
25 | end | |
26 | %><h3><b>Request added</b></h3><% | |
27 | ||
28 | elseif $"cmd" = "tpe" then | |
29 | showNormal := false; | |
30 | val tpe = iff $"tpe" = "yes" then "on" else "off"; | |
31 | %>Are you sure you want to request that trusted-path-executables-only for <b><% Web.html uname %></b> be turned <b><% tpe %></b>?<br> | |
32 | <a href="sec?cmd=tpe2&uname=<% Web.urlEncode uname %>&tpe=<% tpe %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% | |
33 | elseif $"cmd" = "tpe2" then | |
34 | val id = Sec.Req.add (you, String.concat [uname, ": turn tpe ", $"tpe"], $"msg"); | |
35 | if not (Sec.Req.notifyNew id) then | |
36 | %><h3><b>Error sending e-mail notification</b></h3><% | |
37 | end | |
38 | %><h3><b>Request added</b></h3><% | |
39 | ||
e510b9bd AC |
40 | elseif $"cmd" = "cron" then |
41 | showNormal := false; | |
42 | val cron = iff $"cron" = "yes" then "enabled" else "disabled"; | |
43 | %>Are you sure you want to request that <tt>cron</tt> permissions for <b><% Web.html uname %></b> be <b><% cron %></b>?<br> | |
44 | <a href="sec?cmd=cron2&uname=<% Web.urlEncode uname %>&cron=<% cron %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% | |
45 | elseif $"cmd" = "cron2" then | |
46 | val cron = iff $"cron" = "enabled" then "enable" else "disable"; | |
47 | val id = Sec.Req.add (you, String.concat [uname, ": ", cron, " cron access"], $"msg"); | |
48 | if not (Sec.Req.notifyNew id) then | |
49 | %><h3><b>Error sending e-mail notification</b></h3><% | |
50 | end | |
51 | %><h3><b>Request added</b></h3><% | |
52 | ||
53 | elseif $"cmd" = "rule" then | |
54 | showNormal := false; | |
55 | val rule = $"rule"; | |
56 | %>Are you sure you want to request the firewall rule <b><% Web.html uname %> <% Web.html rule %></b>?<br> | |
57 | <a href="sec?cmd=rule2&uname=<% Web.urlEncode uname %>&rule=<% Web.urlEncode rule %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% | |
58 | elseif $"cmd" = "rule2" then | |
59 | val id = Sec.Req.add (you, String.concat ["Add firewall rule \"", uname, " ", $"rule", "\""], $"msg"); | |
60 | if not (Sec.Req.notifyNew id) then | |
61 | %><h3><b>Error sending e-mail notification</b></h3><% | |
62 | end | |
63 | %><h3><b>Request added</b></h3><% | |
64 | ||
65 | elseif $"modRule" <> "" then | |
66 | showNormal := false; | |
67 | val oldRule = $"modRule"; | |
68 | val rule = $"rule" | |
69 | if oldRule = rule then | |
70 | %>You didn't modify the textbox for this rule before clicking the button, so there is no request to be made.<% | |
71 | else | |
72 | %>Are you sure you want to request that firewall rule <b><% Web.html uname %> <% Web.html oldRule %></b> be replaced by <b><% Web.html uname %> <% Web.html rule %></b>?<br> | |
73 | <a href="sec?uname=<% Web.urlEncode uname %>&modRule2=<% Web.urlEncode oldRule %>&rule=<% Web.urlEncode rule %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% | |
74 | end | |
75 | elseif $"modRule2" <> "" then | |
76 | val id = Sec.Req.add (you, String.concat ["Change firewall rule \"", uname, " ", $"modRule2", "\" to \"", uname, " ", $"rule", "\""], $"msg"); | |
77 | if not (Sec.Req.notifyNew id) then | |
78 | %><h3><b>Error sending e-mail notification</b></h3><% | |
79 | end | |
80 | %><h3><b>Request added</b></h3><% | |
81 | ||
82 | elseif $"delRule" <> "" then | |
83 | showNormal := false; | |
84 | val oldRule = $"delRule"; | |
85 | %>Are you sure you want to request that firewall rule <b><% Web.html uname %> <% Web.html oldRule %></b> be <b>deleted</b>?<br> | |
86 | <a href="sec?uname=<% Web.urlEncode uname %>&delRule2=<% Web.urlEncode oldRule %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% | |
87 | elseif $"delRule2" <> "" then | |
88 | val id = Sec.Req.add (you, String.concat ["Delete firewall rule \"", uname, " ", $"delRule2", "\""], $"msg"); | |
89 | if not (Sec.Req.notifyNew id) then | |
90 | %><h3><b>Error sending e-mail notification</b></h3><% | |
91 | end | |
92 | %><h3><b>Request added</b></h3><% | |
93 | ||
dfb0d0d7 AC |
94 | elseif $"cmd" = "open" then |
95 | showNormal := false; | |
96 | Group.requireGroupName "server"; | |
97 | %><h3><b>Open requests</b></h3> | |
98 | <a href="sec?cmd=list">List all requests</a><% | |
99 | ||
100 | foreach (name, req) in Sec.Req.listOpen () do %> | |
101 | <br><hr><br> | |
102 | <table> | |
103 | <tr> <td align="right"><b>By</b>:</td> <td><a href="user?id=<% #usr req %>"><% name %></a></td> </tr> | |
104 | <tr> <td align="right"><b>Time</b>:</td> <td><% #stamp req %></td> </tr> | |
105 | <tr> <td align="right"><b>Request</b>:</td> <td><% #data req %></td> </tr> | |
106 | <tr> <td align="right" valign="top"><b>Msg</b>:</td> <td colspan="2"><% Web.html (#msg req) %></td> </tr> | |
107 | </table> | |
108 | ||
109 | <br> | |
110 | <a href="sec?mod=<% #id req %>">[Modify]</a> | |
111 | <a href="sec?del=<% #id req %>">[Delete]</a><br> | |
112 | ||
113 | <% end | |
114 | ||
115 | elseif $"cmd" = "list" then | |
116 | showNormal := false; | |
117 | Group.requireGroupName "server" | |
118 | %><h3><b>All requests</b></h3><% | |
119 | ||
120 | foreach (name, req) in Sec.Req.list () do %> | |
121 | <br><hr><br> | |
122 | <table> | |
123 | <tr> <td align="right"><b>By</b>:</td> <td colspan="2"><a href="user?id=<% #usr req %>"><% name %></a></td> </tr> | |
124 | <tr> <td align="right"><b>Time</b>:</td> <td colspan="2"><% #stamp req %></td> </tr> | |
125 | <tr> <td align="right"><b>Request</b>:</td> <td><% #data req %></td> </tr> | |
126 | <tr> <td align="right" valign="top"><b>Reason</b>:</td> <td colspan="2"><% Web.html (#msg req) %></td> </tr> | |
127 | </table> | |
128 | ||
129 | <br> | |
130 | <a href="sec?mod=<% #id req %>">[Modify]</a> | |
131 | <a href="sec?del=<% #id req %>">[Delete]</a> | |
132 | ||
133 | <% end | |
134 | ||
135 | elseif $"mod" <> "" then | |
136 | showNormal := false; | |
137 | Group.requireGroupName "server"; | |
138 | val id = Web.stoi ($"mod"); | |
139 | val req = Sec.Req.lookup id; | |
140 | val user = Init.lookupUser (#usr req) %> | |
141 | <h3><b>Handle request</b></h3> | |
142 | ||
143 | <form action="sec" method="post"> | |
144 | <input type="hidden" name="save" value="<% id %>"> | |
145 | <table> | |
146 | <tr> <td align="right"><b>Requestor</b>:</td> <td><a href="user?id=<% #usr req %>"><% #name user %></a></td> </tr> | |
147 | <tr> <td align="right"><b>Time</b>:</td> <td><% #stamp req %></td> </tr> | |
148 | <tr> <td align="right"><b>Status</b>:</td> <td><select name="status"> | |
149 | <option value="0"<% if #status req = Sec.Req.NEW then %> selected<% end %>>New</option> | |
150 | <option value="1"<% if #status req = Sec.Req.INSTALLED then %> selected<% end %>>Installed</option> | |
151 | <option value="2"<% if #status req = Sec.Req.REJECTED then %> selected<% end %>>Rejected</option> | |
152 | </select></td> </tr> | |
153 | <tr> <td align="right"><b>Request</b>:</td> <td><input name="req" value="<% #data req %>"></td> </tr> | |
154 | <tr> <td align="right" valign="top"><b>Message</b>:</td> <td><textarea name="msg" rows="10" cols="80" wrap="soft"><% Web.html (#msg req) %></textarea></td> </tr> | |
155 | <tr> <td><input type="submit" value="Save"></td> </tr> | |
156 | </table> | |
157 | </form> | |
158 | ||
159 | <% elseif $"save" <> "" then | |
160 | showNormal := false; | |
161 | Group.requireGroupName "server"; | |
162 | val id = Web.stoi ($"save"); | |
163 | val req = Sec.Req.lookup id; | |
164 | val oldStatus = #status req; | |
165 | val newStatus = Sec.Req.statusFromInt (Web.stoi ($"status")); | |
166 | Sec.Req.modify {req with data = $"req", msg = $"msg", status = newStatus}; | |
167 | if oldStatus <> newStatus then | |
168 | if not (Sec.Req.notifyMod (oldStatus, newStatus, Init.getUserName(), id)) then | |
169 | %><h3><b>Error sending e-mail notification</b></h3><% | |
170 | end | |
171 | end | |
172 | %><h3><b>Request modified</b></h3> | |
173 | Back to: <a href="sec?cmd=open">open requests</a>, <a href="sec?cmd=list">all requests</a> | |
174 | ||
175 | <% elseif $"del" <> "" then | |
176 | showNormal := false; | |
177 | Group.requireGroupName "server"; | |
178 | val id = Web.stoi ($"del"); | |
179 | val req = Sec.Req.lookup id; | |
180 | val user = Init.lookupUser (#usr req) | |
181 | %><h3><b>Are you sure you want to delete request by <% #name user %> for "<% #data req %>"?</b></h3> | |
182 | <a href="sec?del2=<% id %>">Yes, I'm sure!</a> | |
183 | ||
184 | <% elseif $"del2" <> "" then | |
185 | showNormal := false; | |
186 | Group.requireGroupName "server"; | |
187 | val id = Web.stoi ($"del2"); | |
188 | Sec.Req.delete id | |
189 | %><h3><b>Request deleted</b><h3> | |
190 | Back to: <a href="sec?cmd=open">open requests</a>, <a href="sec?cmd=list">all requests</a> | |
191 | ||
192 | <% end; | |
193 | ||
194 | if showNormal then %> | |
195 | ||
196 | <form action="sec" method="post"> | |
197 | <b>Your users:</b> <select name="uname"> | |
198 | <% foreach name in (yourname :: Sec.findSubusers yourname) do %> | |
199 | <option value="<% name %>"<% if uname = name then %> selected<% end %>><% name %></option> | |
200 | <% end %></select> <input type="submit" value="Switch"> </form> | |
201 | ||
202 | <h3><b>Request socket permissions change</b></h3> | |
203 | ||
204 | <form action="sec" method="post"> | |
205 | <input type="hidden" name="uname" value="<% uname %>"> | |
206 | <input type="hidden" name="cmd" value="socks"> | |
207 | <table> | |
208 | <tr> <td align="right"><b>New permissions:</b></td> <td><select name="socks"> | |
209 | <option value="none"<% if socks = Sec.NADA then %> selected<% end %>>None</option> | |
210 | <option value="any"<% if socks = Sec.ANY then %> selected<% end %>>Any</option> | |
211 | <option value="client"<% if socks = Sec.CLIENT_ONLY then %> selected<% end %>>Client only</option> | |
212 | <option value="server"<% if socks = Sec.SERVER_ONLY then %> selected<% end %>>Server only</option> | |
213 | </select></td> </tr> | |
214 | <tr> <td align="right" valign="top"><b>Reason:</b></td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr> | |
215 | <tr> <td><input type="submit" value="Request"></td> </tr> | |
216 | </table> | |
217 | </form> | |
218 | ||
219 | <h3><b>Request change to your execute permissions</b></h3> | |
220 | ||
221 | <form action="sec" method="post"> | |
222 | <input type="hidden" name="uname" value="<% uname %>"> | |
223 | <input type="hidden" name="cmd" value="tpe"> | |
224 | <table> | |
225 | <tr> <td align="right"><b>Trusted path executables only?</b></td> <td><select name="tpe"> | |
226 | <option value="no"<% if not tpe then %> selected<% end %>>No</option> | |
227 | <option value="yes"<% if tpe then %> selected<% end %>>Yes</option> | |
228 | </select></td> </tr> | |
229 | <tr> <td align="right" valign="top"><b>Reason:</b></td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr> | |
230 | <tr> <td><input type="submit" value="Request"></td> </tr> | |
231 | </table> | |
232 | </form> | |
233 | ||
e510b9bd AC |
234 | <h3><b>Request change to your <tt>cron</tt> permissions</b></h3> |
235 | ||
236 | <form action="sec" method="post"> | |
237 | <input type="hidden" name="uname" value="<% uname %>"> | |
238 | <input type="hidden" name="cmd" value="cron"> | |
239 | <table> | |
240 | <tr> <td align="right"><b>Allowed to use cron?</b></td> <td><select name="cron"> | |
241 | <option value="no"<% if not cron then %> selected<% end %>>No</option> | |
242 | <option value="yes"<% if cron then %> selected<% end %>>Yes</option> | |
243 | </select></td> </tr> | |
244 | <tr> <td align="right" valign="top"><b>Reason:</b></td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr> | |
245 | <tr> <td><input type="submit" value="Request"></td> </tr> | |
246 | </table> | |
247 | </form> | |
248 | ||
249 | <% val rules = Sec.findFirewallRules uname; | |
250 | switch rules of | |
251 | _::_ => %> | |
252 | <h3><b>Your firewall rules</b></h3> | |
253 | ||
254 | <% foreach rule in rules do %> | |
255 | <form action="sec" method="post"> | |
256 | <input type="hidden" name="uname" value="<% uname %>"> | |
257 | <input type="hidden" name="modRule" value="<% Web.html rule %>"> | |
258 | <input name="rule" value="<% Web.html rule %>"> | |
259 | <a href="sec?delRule=<% Web.urlEncode rule %>">[Request deletion]</a> | |
260 | <input type="submit" value="Request change"> | |
261 | </form><br> | |
262 | <% end | |
263 | end%> | |
264 | ||
265 | <h3><b>Request a new firewall rule</b></h3> | |
266 | ||
267 | <p>You can find a description of rule formats <a href="http://wiki.hcoop.net/wiki/FirewallRules">on our wiki</a>. Enter here the rule you want, without the initial <tt>user</tt> portion.</p> | |
268 | ||
269 | <form action="sec" method="post"> | |
270 | <input type="hidden" name="uname" value="<% uname %>"> | |
271 | <input type="hidden" name="cmd" value="rule"> | |
272 | <table> | |
273 | <tr> <td align="right"><b>Rule</b></td> <td><input name="rule" size="80"></td> </tr> | |
274 | <tr> <td align="right" valign="top"><b>Reason:</b></td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr> | |
275 | <tr> <td><input type="submit" value="Request"></td> </tr> | |
276 | </table> | |
277 | </form> | |
278 | ||
dfb0d0d7 AC |
279 | <% end %> |
280 | ||
281 | <% @footer[] %> |