sec.mlt

   1 <% val you = Init.getUserId ();
   2 val yourname = Init.getUserName ();
   3
   4 val nodeNum = case $"node" of
   5                   "" => 4
   6                 | node => Web.stoi node;
   7 val nodeName = Init.nodeName nodeNum;
   8
   9 val uname = case $"uname" of
  10           "" => yourname
  11         | uname => uname;
  12
  13 val socks = Sec.socketPerms {node = nodeNum, uname = uname};
  14 val tpe = Sec.isTpe {node = nodeNum, uname = uname};
  15 val cron = Sec.cronAllowed {node = nodeNum, uname = uname};
  16
  17 ref showNormal = true;
  18
  19 @header [("title", ["Security settings"])];
  20
  21 if $"cmd" = "socks" then
  22         showNormal := false;
  23         val socks = $"socks";
  24         %>Are you sure you want to request that socket permissions for <b><% Web.html uname %></b> on <b><% Web.html nodeName %></b> be changed to <b><% Web.html socks %></b>?<br>
  25         <a href="sec?cmd=socks2&node=<% nodeNum %>&uname=<% Web.urlEncode uname %>&socks=<% Web.urlEncode socks %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
  26 elseif $"cmd" = "socks2" then
  27         val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat [uname, ": change socket permissions to ", $"socks"], msg = $"msg"};
  28         if not (Sec.Req.notifyNew id) then
  29                 %><h3>Error sending e-mail notification</h3><%
  30         end
  31         %><h3>Request added</h3><%
  32
  33 elseif $"cmd" = "tpe" then
  34         showNormal := false;
  35         val tpe = iff $"tpe" = "yes" then "on" else "off";
  36         %>Are you sure you want to request that trusted-path-executables-only for <b><% Web.html uname %></b> on <b><% Web.html nodeName %></b> be turned <b><% tpe %></b>?<br>
  37         <a href="sec?cmd=tpe2&node=<% nodeNum %>&uname=<% Web.urlEncode uname %>&tpe=<% tpe %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
  38 elseif $"cmd" = "tpe2" then
  39         val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat [uname, ": turn tpe ", $"tpe"], msg = $"msg"};
  40         if not (Sec.Req.notifyNew id) then
  41                 %><h3>Error sending e-mail notification</h3><%
  42         end
  43         %><h3>Request added</h3><%
  44
  45 elseif $"cmd" = "cron" then
  46         showNormal := false;
  47         val cron = iff $"cron" = "yes" then "enabled" else "disabled";
  48         %>Are you sure you want to request that <tt>cron</tt> permissions for <b><% Web.html uname %></b> on <b><% Web.html nodeName %></b> be <b><% cron %></b>?<br>
  49         <a href="sec?cmd=cron2&node=<% nodeNum %>&uname=<% Web.urlEncode uname %>&cron=<% cron %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
  50 elseif $"cmd" = "cron2" then
  51         val cron = iff $"cron" = "enabled" then "enable" else "disable";
  52         val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat [uname, ": ", cron, " cron access"], msg = $"msg"};
  53         if not (Sec.Req.notifyNew id) then
  54                 %><h3>Error sending e-mail notification</h3><%
  55         end
  56         %><h3>Request added</h3><%
  57 elseif $"cmd" = "rule" then
  58         showNormal := false;
  59         val rule = $"rule";
  60
  61         if Sec.validRule rule then
  62                 %>Are you sure you want to request the firewall rule <b><% Web.html uname %>&nbsp;<% Web.html rule %></b> on <b><% Web.html nodeName %></b>?<br>
  63         <a href="sec?cmd=rule2&node=<% nodeNum %>&uname=<% Web.urlEncode uname %>&rule=<% Web.urlEncode rule %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
  64         else
  65                 %>"<% Web.html rule %>" is not a valid firewall rule! Please reread <a href="http://wiki.hcoop.net/wiki/FirewallRules">the instructions</a>, and remember to leave off the initial username portion.<%
  66         end
  67
  68 elseif $"cmd" = "rule2" then
  69         val rule = $"rule";
  70
  71         if Sec.validRule rule then
  72                 val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat ["Add firewall rule \"", nodeName, " ", uname, " ", rule, "\""], msg = $"msg"};
  73                 if not (Sec.Req.notifyNew id) then
  74                         %><h3>Error sending e-mail notification</h3><%
  75                 end
  76                 %><h3>Request added</h3><%
  77         else
  78                 %>"<% Web.html rule %>" is not a valid firewall rule! Please reread <a href="http://wiki.hcoop.net/wiki/FirewallRules">the instructions</a>, and remember to leave off the initial username portion.<%
  79         end
  80
  81 elseif $"modRule" <> "" then
  82         showNormal := false;
  83         val oldRule = $"modRule";
  84         val rule = $"rule"
  85         if oldRule = rule then
  86                 %>You didn't modify the textbox for this rule before clicking the button, so there is no request to be made.<%
  87         else
  88                 %>Are you sure you want to request that firewall rule <b><% Web.html uname %>&nbsp;<% Web.html oldRule %></b> be replaced by <b><% Web.html uname %>&nbsp;<% Web.html rule %></b> on <b><% Web.html nodeName %></b>?<br>
  89                 <a href="sec?node=<% nodeNum %>&uname=<% Web.urlEncode uname %>&modRule2=<% Web.urlEncode oldRule %>&rule=<% Web.urlEncode rule %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
  90         end
  91 elseif $"modRule2" <> "" then
  92         val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat ["Change firewall rule \"", uname, " ", $"modRule2", "\" to \"", uname, " ", $"rule", "\""], msg = $"msg"};
  93         if not (Sec.Req.notifyNew id) then
  94                 %><h3>Error sending e-mail notification</h3><%
  95         end
  96         %><h3>Request added</h3><%
  97
  98 elseif $"delRule" <> "" then
  99         showNormal := false;
 100         val oldRule = $"delRule";
 101         %>Are you sure you want to request that firewall rule <b><% Web.html uname %>&nbsp;<% Web.html oldRule %></b> on <b><% Web.html nodeName %></b> be <b>deleted</bD>?<br>
 102         <a href="sec?node=<% nodeNum %>&uname=<% Web.urlEncode uname %>&delRule2=<% Web.urlEncode oldRule %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
 103 elseif $"delRule2" <> "" then
 104         val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat ["Delete firewall rule \"", uname, " ", $"delRule2", "\""], msg = $"msg"};
 105         if not (Sec.Req.notifyNew id) then
 106                 %><h3>Error sending e-mail notification</h3><%
 107         end
 108         %><h3>Request added</h3><%
 109
 110 elseif $"cmd" = "open" then
 111         showNormal := false;
 112         Group.requireGroupName "server";
 113         %><h3>Open requests</h3>
 114         <a href="sec?cmd=list">List all requests</a><%
 115
 116         foreach (name, req) in Sec.Req.listOpen () do %>
 117 <br><hr><br>
 118 <table class="blanks">
 119 <tr> <td>By:</td> <td><a href="user?id=<% #usr req %>"><% name %></a></td> </tr>
 120 <tr> <td>Time:</td> <td><% #stamp req %> (<% Util.diffFromNow (#stamp req) %> ago)</td></tr>
 121 <tr> <td>Node:</td> <td><% Web.html (Init.nodeName (#node req)) %></td> </tr>
 122 <tr> <td>Request:</td> <td><% #data req %></td> </tr>
 123 <tr> <td>Msg:</td> <td colspan="2"><% Web.html (#msg req) %></td> </tr>
 124 </table>
 125
 126 <br>
 127 <a href="sec?mod=<% #id req %>">[Modify]</a>
 128 <a href="sec?del=<% #id req %>">[Delete]</a><br>
 129
 130 <%      end
 131
 132 elseif $"cmd" = "list" then
 133         showNormal := false;
 134         Group.requireGroupName "server"
 135         %><h3>All requests</h3><%
 136
 137         foreach (name, req) in Sec.Req.list () do %>
 138 <br><hr><br>
 139 <table class="blanks">
 140 <tr> <td>By:</td> <td colspan="2"><a href="user?id=<% #usr req %>"><% name %></a></td> </tr>
 141 <tr> <td>Time:</td> <td colspan="2"><% #stamp req %> (<% Util.diffFromNow (#stamp req) %> ago)</td></tr>
 142 <tr> <td>Node:</td> <td><% Web.html (Init.nodeName (#node req)) %></td> </tr>
 143 <tr> <td>Request:</td> <td><% #data req %></td> </tr>
 144 <tr> <td>Reason:</td> <td colspan="2"><% Web.html (#msg req) %></td> </tr>
 145 </table>
 146
 147 <br>
 148 <a href="sec?mod=<% #id req %>">[Modify]</a>
 149 <a href="sec?del=<% #id req %>">[Delete]</a>
 150
 151 <%      end
 152
 153 elseif $"mod" <> "" then
 154         showNormal := false;
 155         Group.requireGroupName "server";
 156         val id = Web.stoi ($"mod");
 157         val req = Sec.Req.lookup id;
 158         val user = Init.lookupUser (#usr req) %>
 159 <h3>Handle request</h3>
 160
 161 <form action="sec" method="post">
 162 <input type="hidden" name="save" value="<% id %>">
 163 <table class="blanks">
 164 <tr> <td>Requestor:</td> <td><a href="user?id=<% #usr req %>"><% #name user %></a></td> </tr>
 165 <tr> <td>Time:</td> <td><% #stamp req %> (<% Util.diffFromNow (#stamp req) %> ago)</td></tr>
 166 <tr> <td>Status:</td> <td><select name="status">
 167         <option value="0"<% if #status req = Sec.Req.NEW then %> selected<% end %>>New</option>
 168         <option value="1"<% if #status req = Sec.Req.INSTALLED then %> selected<% end %>>Installed</option>
 169         <option value="2"<% if #status req = Sec.Req.REJECTED then %> selected<% end %>>Rejected</option>
 170 </select></td> </tr>
 171 <tr> <td>Node:</td> <td><select name="node">
 172 <% foreach node in Init.listNodes () do %>
 173         <option value="<% #id node %>"<% if #id node = #node req then %> selected<% end %>><% Web.html (#name node) %> (<% Web.html (#descr node) %>)</option>
 174 <% end %></select></td> </tr>
 175 <tr> <td>Request:</td> <td><input name="req" value="<% Web.html (#data req) %>"></td> </tr>
 176 <tr> <td>Message:</td> <td><textarea name="msg" rows="10" cols="80" wrap="soft"><% Web.html (#msg req) %></textarea></td> </tr>
 177 <tr> <td><input type="submit" value="Save"></td> </tr>
 178 </table>
 179 </form>
 180
 181 <% elseif $"save" <> "" then
 182         showNormal := false;
 183         Group.requireGroupName "server";
 184         val id = Web.stoi ($"save");
 185         val req = Sec.Req.lookup id;
 186         val oldStatus = #status req;
 187         val newStatus = Sec.Req.statusFromInt (Web.stoi ($"status"));
 188         Sec.Req.modify {req with node = nodeNum, data = $"req", msg = $"msg", status = newStatus};
 189         if not (Sec.Req.notifyMod {old = oldStatus, new = newStatus, changer = Init.getUserName(), req = id}) then
 190                 %><h3>Error sending e-mail notification</h3><%
 191         end
 192         %><h3>Request modified</h3>
 193         Back to: <a href="sec?cmd=open">open requests</a>, <a href="sec?cmd=list">all requests</a>
 194
 195 <% elseif $"del" <> "" then
 196         showNormal := false;
 197         Group.requireGroupName "server";
 198         val id = Web.stoi ($"del");
 199         val req = Sec.Req.lookup id;
 200         val user = Init.lookupUser (#usr req)
 201         %><h3>Are you sure you want to delete request by <% #name user %> for "<% #data req %>" on <% Web.html (Init.nodeName (#node req)) %>?</h3>
 202         <a href="sec?del2=<% id %>">Yes, I'm sure!</a>
 203
 204 <% elseif $"del2" <> "" then
 205         showNormal := false;
 206         Group.requireGroupName "server";
 207         val id = Web.stoi ($"del2");
 208         Sec.Req.delete id
 209         %><h3>Request deleted</b><h3>
 210         Back to: <a href="sec?cmd=open">open requests</a>, <a href="sec?cmd=list">all requests</a>
 211
 212 <% end;
 213
 214 if showNormal then
 215   @secnormal [("uname", [uname]),
 216               ("nodeNum", [Int.toString nodeNum])];
 217 end %>
 218
 219 <% @footer[] %>