3ad30cf6 |
1 | <% val you = Init.getUserId (); |
2 | val yourname = Init.getUserName (); |
3 | |
4 | val uname = case $"uname" of |
5 | "" => yourname |
6 | | uname => uname; |
7 | |
8 | val socks = Sec.socketPerms uname; |
9 | val tpe = Sec.isTpe uname; |
f971918d |
10 | val cron = Sec.cronAllowed uname; |
3ad30cf6 |
11 | |
12 | ref showNormal = true; |
13 | |
14 | @header [("title", ["Security settings"])]; |
15 | |
16 | if $"cmd" = "socks" then |
17 | showNormal := false; |
18 | val socks = $"socks"; |
19 | %>Are you sure you want to request that socket permissions for <b><% Web.html uname %></b> be changed to <b><% Web.html socks %></b>?<br> |
20 | <a href="sec?cmd=socks2&uname=<% Web.urlEncode uname %>&socks=<% Web.urlEncode socks %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% |
21 | elseif $"cmd" = "socks2" then |
22 | val id = Sec.Req.add (you, String.concat [uname, ": change socket permissions to ", $"socks"], $"msg"); |
23 | if not (Sec.Req.notifyNew id) then |
24 | %><h3><b>Error sending e-mail notification</b></h3><% |
25 | end |
26 | %><h3><b>Request added</b></h3><% |
27 | |
28 | elseif $"cmd" = "tpe" then |
29 | showNormal := false; |
30 | val tpe = iff $"tpe" = "yes" then "on" else "off"; |
31 | %>Are you sure you want to request that trusted-path-executables-only for <b><% Web.html uname %></b> be turned <b><% tpe %></b>?<br> |
32 | <a href="sec?cmd=tpe2&uname=<% Web.urlEncode uname %>&tpe=<% tpe %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% |
33 | elseif $"cmd" = "tpe2" then |
34 | val id = Sec.Req.add (you, String.concat [uname, ": turn tpe ", $"tpe"], $"msg"); |
35 | if not (Sec.Req.notifyNew id) then |
36 | %><h3><b>Error sending e-mail notification</b></h3><% |
37 | end |
38 | %><h3><b>Request added</b></h3><% |
39 | |
f971918d |
40 | elseif $"cmd" = "cron" then |
41 | showNormal := false; |
42 | val cron = iff $"cron" = "yes" then "enabled" else "disabled"; |
43 | %>Are you sure you want to request that <tt>cron</tt> permissions for <b><% Web.html uname %></b> be <b><% cron %></b>?<br> |
44 | <a href="sec?cmd=cron2&uname=<% Web.urlEncode uname %>&cron=<% cron %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% |
45 | elseif $"cmd" = "cron2" then |
46 | val cron = iff $"cron" = "enabled" then "enable" else "disable"; |
47 | val id = Sec.Req.add (you, String.concat [uname, ": ", cron, " cron access"], $"msg"); |
48 | if not (Sec.Req.notifyNew id) then |
49 | %><h3><b>Error sending e-mail notification</b></h3><% |
50 | end |
51 | %><h3><b>Request added</b></h3><% |
52 | |
53 | elseif $"cmd" = "rule" then |
54 | showNormal := false; |
55 | val rule = $"rule"; |
56 | %>Are you sure you want to request the firewall rule <b><% Web.html uname %> <% Web.html rule %></b>?<br> |
57 | <a href="sec?cmd=rule2&uname=<% Web.urlEncode uname %>&rule=<% Web.urlEncode rule %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% |
58 | elseif $"cmd" = "rule2" then |
59 | val id = Sec.Req.add (you, String.concat ["Add firewall rule \"", uname, " ", $"rule", "\""], $"msg"); |
60 | if not (Sec.Req.notifyNew id) then |
61 | %><h3><b>Error sending e-mail notification</b></h3><% |
62 | end |
63 | %><h3><b>Request added</b></h3><% |
64 | |
65 | elseif $"modRule" <> "" then |
66 | showNormal := false; |
67 | val oldRule = $"modRule"; |
68 | val rule = $"rule" |
69 | if oldRule = rule then |
70 | %>You didn't modify the textbox for this rule before clicking the button, so there is no request to be made.<% |
71 | else |
72 | %>Are you sure you want to request that firewall rule <b><% Web.html uname %> <% Web.html oldRule %></b> be replaced by <b><% Web.html uname %> <% Web.html rule %></b>?<br> |
73 | <a href="sec?uname=<% Web.urlEncode uname %>&modRule2=<% Web.urlEncode oldRule %>&rule=<% Web.urlEncode rule %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% |
74 | end |
75 | elseif $"modRule2" <> "" then |
76 | val id = Sec.Req.add (you, String.concat ["Change firewall rule \"", uname, " ", $"modRule2", "\" to \"", uname, " ", $"rule", "\""], $"msg"); |
77 | if not (Sec.Req.notifyNew id) then |
78 | %><h3><b>Error sending e-mail notification</b></h3><% |
79 | end |
80 | %><h3><b>Request added</b></h3><% |
81 | |
82 | elseif $"delRule" <> "" then |
83 | showNormal := false; |
84 | val oldRule = $"delRule"; |
85 | %>Are you sure you want to request that firewall rule <b><% Web.html uname %> <% Web.html oldRule %></b> be <b>deleted</b>?<br> |
86 | <a href="sec?uname=<% Web.urlEncode uname %>&delRule2=<% Web.urlEncode oldRule %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% |
87 | elseif $"delRule2" <> "" then |
88 | val id = Sec.Req.add (you, String.concat ["Delete firewall rule \"", uname, " ", $"delRule2", "\""], $"msg"); |
89 | if not (Sec.Req.notifyNew id) then |
90 | %><h3><b>Error sending e-mail notification</b></h3><% |
91 | end |
92 | %><h3><b>Request added</b></h3><% |
93 | |
3ad30cf6 |
94 | elseif $"cmd" = "open" then |
95 | showNormal := false; |
96 | Group.requireGroupName "server"; |
97 | %><h3><b>Open requests</b></h3> |
98 | <a href="sec?cmd=list">List all requests</a><% |
99 | |
100 | foreach (name, req) in Sec.Req.listOpen () do %> |
101 | <br><hr><br> |
102 | <table> |
103 | <tr> <td align="right"><b>By</b>:</td> <td><a href="user?id=<% #usr req %>"><% name %></a></td> </tr> |
104 | <tr> <td align="right"><b>Time</b>:</td> <td><% #stamp req %></td> </tr> |
105 | <tr> <td align="right"><b>Request</b>:</td> <td><% #data req %></td> </tr> |
106 | <tr> <td align="right" valign="top"><b>Msg</b>:</td> <td colspan="2"><% Web.html (#msg req) %></td> </tr> |
107 | </table> |
108 | |
109 | <br> |
110 | <a href="sec?mod=<% #id req %>">[Modify]</a> |
111 | <a href="sec?del=<% #id req %>">[Delete]</a><br> |
112 | |
113 | <% end |
114 | |
115 | elseif $"cmd" = "list" then |
116 | showNormal := false; |
117 | Group.requireGroupName "server" |
118 | %><h3><b>All requests</b></h3><% |
119 | |
120 | foreach (name, req) in Sec.Req.list () do %> |
121 | <br><hr><br> |
122 | <table> |
123 | <tr> <td align="right"><b>By</b>:</td> <td colspan="2"><a href="user?id=<% #usr req %>"><% name %></a></td> </tr> |
124 | <tr> <td align="right"><b>Time</b>:</td> <td colspan="2"><% #stamp req %></td> </tr> |
125 | <tr> <td align="right"><b>Request</b>:</td> <td><% #data req %></td> </tr> |
126 | <tr> <td align="right" valign="top"><b>Reason</b>:</td> <td colspan="2"><% Web.html (#msg req) %></td> </tr> |
127 | </table> |
128 | |
129 | <br> |
130 | <a href="sec?mod=<% #id req %>">[Modify]</a> |
131 | <a href="sec?del=<% #id req %>">[Delete]</a> |
132 | |
133 | <% end |
134 | |
135 | elseif $"mod" <> "" then |
136 | showNormal := false; |
137 | Group.requireGroupName "server"; |
138 | val id = Web.stoi ($"mod"); |
139 | val req = Sec.Req.lookup id; |
140 | val user = Init.lookupUser (#usr req) %> |
141 | <h3><b>Handle request</b></h3> |
142 | |
143 | <form action="sec" method="post"> |
144 | <input type="hidden" name="save" value="<% id %>"> |
145 | <table> |
146 | <tr> <td align="right"><b>Requestor</b>:</td> <td><a href="user?id=<% #usr req %>"><% #name user %></a></td> </tr> |
147 | <tr> <td align="right"><b>Time</b>:</td> <td><% #stamp req %></td> </tr> |
148 | <tr> <td align="right"><b>Status</b>:</td> <td><select name="status"> |
149 | <option value="0"<% if #status req = Sec.Req.NEW then %> selected<% end %>>New</option> |
150 | <option value="1"<% if #status req = Sec.Req.INSTALLED then %> selected<% end %>>Installed</option> |
151 | <option value="2"<% if #status req = Sec.Req.REJECTED then %> selected<% end %>>Rejected</option> |
152 | </select></td> </tr> |
153 | <tr> <td align="right"><b>Request</b>:</td> <td><input name="req" value="<% #data req %>"></td> </tr> |
154 | <tr> <td align="right" valign="top"><b>Message</b>:</td> <td><textarea name="msg" rows="10" cols="80" wrap="soft"><% Web.html (#msg req) %></textarea></td> </tr> |
155 | <tr> <td><input type="submit" value="Save"></td> </tr> |
156 | </table> |
157 | </form> |
158 | |
159 | <% elseif $"save" <> "" then |
160 | showNormal := false; |
161 | Group.requireGroupName "server"; |
162 | val id = Web.stoi ($"save"); |
163 | val req = Sec.Req.lookup id; |
164 | val oldStatus = #status req; |
165 | val newStatus = Sec.Req.statusFromInt (Web.stoi ($"status")); |
166 | Sec.Req.modify {req with data = $"req", msg = $"msg", status = newStatus}; |
167 | if oldStatus <> newStatus then |
168 | if not (Sec.Req.notifyMod (oldStatus, newStatus, Init.getUserName(), id)) then |
169 | %><h3><b>Error sending e-mail notification</b></h3><% |
170 | end |
171 | end |
172 | %><h3><b>Request modified</b></h3> |
173 | Back to: <a href="sec?cmd=open">open requests</a>, <a href="sec?cmd=list">all requests</a> |
174 | |
175 | <% elseif $"del" <> "" then |
176 | showNormal := false; |
177 | Group.requireGroupName "server"; |
178 | val id = Web.stoi ($"del"); |
179 | val req = Sec.Req.lookup id; |
180 | val user = Init.lookupUser (#usr req) |
181 | %><h3><b>Are you sure you want to delete request by <% #name user %> for "<% #data req %>"?</b></h3> |
182 | <a href="sec?del2=<% id %>">Yes, I'm sure!</a> |
183 | |
184 | <% elseif $"del2" <> "" then |
185 | showNormal := false; |
186 | Group.requireGroupName "server"; |
187 | val id = Web.stoi ($"del2"); |
188 | Sec.Req.delete id |
189 | %><h3><b>Request deleted</b><h3> |
190 | Back to: <a href="sec?cmd=open">open requests</a>, <a href="sec?cmd=list">all requests</a> |
191 | |
192 | <% end; |
193 | |
194 | if showNormal then %> |
195 | |
196 | <form action="sec" method="post"> |
197 | <b>Your users:</b> <select name="uname"> |
198 | <% foreach name in (yourname :: Sec.findSubusers yourname) do %> |
199 | <option value="<% name %>"<% if uname = name then %> selected<% end %>><% name %></option> |
200 | <% end %></select> <input type="submit" value="Switch"> </form> |
201 | |
202 | <h3><b>Request socket permissions change</b></h3> |
203 | |
204 | <form action="sec" method="post"> |
205 | <input type="hidden" name="uname" value="<% uname %>"> |
206 | <input type="hidden" name="cmd" value="socks"> |
207 | <table> |
208 | <tr> <td align="right"><b>New permissions:</b></td> <td><select name="socks"> |
209 | <option value="none"<% if socks = Sec.NADA then %> selected<% end %>>None</option> |
210 | <option value="any"<% if socks = Sec.ANY then %> selected<% end %>>Any</option> |
211 | <option value="client"<% if socks = Sec.CLIENT_ONLY then %> selected<% end %>>Client only</option> |
212 | <option value="server"<% if socks = Sec.SERVER_ONLY then %> selected<% end %>>Server only</option> |
213 | </select></td> </tr> |
214 | <tr> <td align="right" valign="top"><b>Reason:</b></td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr> |
215 | <tr> <td><input type="submit" value="Request"></td> </tr> |
216 | </table> |
217 | </form> |
218 | |
219 | <h3><b>Request change to your execute permissions</b></h3> |
220 | |
221 | <form action="sec" method="post"> |
222 | <input type="hidden" name="uname" value="<% uname %>"> |
223 | <input type="hidden" name="cmd" value="tpe"> |
224 | <table> |
225 | <tr> <td align="right"><b>Trusted path executables only?</b></td> <td><select name="tpe"> |
226 | <option value="no"<% if not tpe then %> selected<% end %>>No</option> |
227 | <option value="yes"<% if tpe then %> selected<% end %>>Yes</option> |
228 | </select></td> </tr> |
229 | <tr> <td align="right" valign="top"><b>Reason:</b></td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr> |
230 | <tr> <td><input type="submit" value="Request"></td> </tr> |
231 | </table> |
232 | </form> |
233 | |
f971918d |
234 | <h3><b>Request change to your <tt>cron</tt> permissions</b></h3> |
235 | |
236 | <form action="sec" method="post"> |
237 | <input type="hidden" name="uname" value="<% uname %>"> |
238 | <input type="hidden" name="cmd" value="cron"> |
239 | <table> |
240 | <tr> <td align="right"><b>Allowed to use cron?</b></td> <td><select name="cron"> |
241 | <option value="no"<% if not cron then %> selected<% end %>>No</option> |
242 | <option value="yes"<% if cron then %> selected<% end %>>Yes</option> |
243 | </select></td> </tr> |
244 | <tr> <td align="right" valign="top"><b>Reason:</b></td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr> |
245 | <tr> <td><input type="submit" value="Request"></td> </tr> |
246 | </table> |
247 | </form> |
248 | |
249 | <% val rules = Sec.findFirewallRules uname; |
250 | switch rules of |
251 | _::_ => %> |
252 | <h3><b>Your firewall rules</b></h3> |
253 | |
254 | <% foreach rule in rules do %> |
255 | <form action="sec" method="post"> |
256 | <input type="hidden" name="uname" value="<% uname %>"> |
257 | <input type="hidden" name="modRule" value="<% Web.html rule %>"> |
258 | <input name="rule" value="<% Web.html rule %>"> |
259 | <a href="sec?delRule=<% Web.urlEncode rule %>">[Request deletion]</a> |
260 | <input type="submit" value="Request change"> |
261 | </form><br> |
262 | <% end |
263 | end%> |
264 | |
265 | <h3><b>Request a new firewall rule</b></h3> |
266 | |
267 | <p>You can find a description of rule formats <a href="http://wiki.hcoop.net/wiki/FirewallRules">on our wiki</a>. Enter here the rule you want, without the initial <tt>user</tt> portion.</p> |
268 | |
269 | <form action="sec" method="post"> |
270 | <input type="hidden" name="uname" value="<% uname %>"> |
271 | <input type="hidden" name="cmd" value="rule"> |
272 | <table> |
273 | <tr> <td align="right"><b>Rule</b></td> <td><input name="rule" size="80"></td> </tr> |
274 | <tr> <td align="right" valign="top"><b>Reason:</b></td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr> |
275 | <tr> <td><input type="submit" value="Request"></td> </tr> |
276 | </table> |
277 | </form> |
278 | |
3ad30cf6 |
279 | <% end %> |
280 | |
281 | <% @footer[] %> |