3ad30cf6 |
1 | <% val you = Init.getUserId (); |
2 | val yourname = Init.getUserName (); |
3 | |
4 | val uname = case $"uname" of |
5 | "" => yourname |
6 | | uname => uname; |
7 | |
8 | val socks = Sec.socketPerms uname; |
9 | val tpe = Sec.isTpe uname; |
f971918d |
10 | val cron = Sec.cronAllowed uname; |
8c4dc06e |
11 | val ftp = Sec.ftpAllowed uname; |
3ad30cf6 |
12 | |
13 | ref showNormal = true; |
14 | |
15 | @header [("title", ["Security settings"])]; |
16 | |
17 | if $"cmd" = "socks" then |
18 | showNormal := false; |
19 | val socks = $"socks"; |
20 | %>Are you sure you want to request that socket permissions for <b><% Web.html uname %></b> be changed to <b><% Web.html socks %></b>?<br> |
21 | <a href="sec?cmd=socks2&uname=<% Web.urlEncode uname %>&socks=<% Web.urlEncode socks %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% |
22 | elseif $"cmd" = "socks2" then |
23 | val id = Sec.Req.add (you, String.concat [uname, ": change socket permissions to ", $"socks"], $"msg"); |
24 | if not (Sec.Req.notifyNew id) then |
1fe415e0 |
25 | %><h3>Error sending e-mail notification</h3><% |
3ad30cf6 |
26 | end |
1fe415e0 |
27 | %><h3>Request added</h3><% |
3ad30cf6 |
28 | |
29 | elseif $"cmd" = "tpe" then |
30 | showNormal := false; |
31 | val tpe = iff $"tpe" = "yes" then "on" else "off"; |
32 | %>Are you sure you want to request that trusted-path-executables-only for <b><% Web.html uname %></b> be turned <b><% tpe %></b>?<br> |
33 | <a href="sec?cmd=tpe2&uname=<% Web.urlEncode uname %>&tpe=<% tpe %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% |
34 | elseif $"cmd" = "tpe2" then |
35 | val id = Sec.Req.add (you, String.concat [uname, ": turn tpe ", $"tpe"], $"msg"); |
36 | if not (Sec.Req.notifyNew id) then |
1fe415e0 |
37 | %><h3>Error sending e-mail notification</h3><% |
3ad30cf6 |
38 | end |
1fe415e0 |
39 | %><h3>Request added</h3><% |
3ad30cf6 |
40 | |
f971918d |
41 | elseif $"cmd" = "cron" then |
42 | showNormal := false; |
43 | val cron = iff $"cron" = "yes" then "enabled" else "disabled"; |
44 | %>Are you sure you want to request that <tt>cron</tt> permissions for <b><% Web.html uname %></b> be <b><% cron %></b>?<br> |
45 | <a href="sec?cmd=cron2&uname=<% Web.urlEncode uname %>&cron=<% cron %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% |
46 | elseif $"cmd" = "cron2" then |
47 | val cron = iff $"cron" = "enabled" then "enable" else "disable"; |
48 | val id = Sec.Req.add (you, String.concat [uname, ": ", cron, " cron access"], $"msg"); |
49 | if not (Sec.Req.notifyNew id) then |
1fe415e0 |
50 | %><h3>Error sending e-mail notification</h3><% |
f971918d |
51 | end |
1fe415e0 |
52 | %><h3>Request added</h3><% |
f971918d |
53 | |
8c4dc06e |
54 | elseif $"cmd" = "ftp" then |
55 | showNormal := false; |
56 | val ftp = iff $"ftp" = "yes" then "enabled" else "disabled"; |
57 | %>Are you sure you want to request that FTP permissions for <b><% Web.html uname %></b> be <b><% ftp %></b>?<br> |
58 | <a href="sec?cmd=ftp2&uname=<% Web.urlEncode uname %>&ftp=<% ftp %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% |
59 | elseif $"cmd" = "ftp2" then |
60 | val ftp = iff $"ftp" = "enabled" then "enable" else "disable"; |
61 | val id = Sec.Req.add (you, String.concat [uname, ": ", ftp, " FTP access"], $"msg"); |
62 | if not (Sec.Req.notifyNew id) then |
1fe415e0 |
63 | %><h3>Error sending e-mail notification</h3><% |
8c4dc06e |
64 | end |
1fe415e0 |
65 | %><h3>Request added</h3><% |
8c4dc06e |
66 | |
f971918d |
67 | elseif $"cmd" = "rule" then |
68 | showNormal := false; |
69 | val rule = $"rule"; |
70 | %>Are you sure you want to request the firewall rule <b><% Web.html uname %> <% Web.html rule %></b>?<br> |
71 | <a href="sec?cmd=rule2&uname=<% Web.urlEncode uname %>&rule=<% Web.urlEncode rule %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% |
72 | elseif $"cmd" = "rule2" then |
73 | val id = Sec.Req.add (you, String.concat ["Add firewall rule \"", uname, " ", $"rule", "\""], $"msg"); |
74 | if not (Sec.Req.notifyNew id) then |
1fe415e0 |
75 | %><h3>Error sending e-mail notification</h3><% |
f971918d |
76 | end |
1fe415e0 |
77 | %><h3>Request added</h3><% |
f971918d |
78 | |
79 | elseif $"modRule" <> "" then |
80 | showNormal := false; |
81 | val oldRule = $"modRule"; |
82 | val rule = $"rule" |
83 | if oldRule = rule then |
84 | %>You didn't modify the textbox for this rule before clicking the button, so there is no request to be made.<% |
85 | else |
86 | %>Are you sure you want to request that firewall rule <b><% Web.html uname %> <% Web.html oldRule %></b> be replaced by <b><% Web.html uname %> <% Web.html rule %></b>?<br> |
87 | <a href="sec?uname=<% Web.urlEncode uname %>&modRule2=<% Web.urlEncode oldRule %>&rule=<% Web.urlEncode rule %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% |
88 | end |
89 | elseif $"modRule2" <> "" then |
90 | val id = Sec.Req.add (you, String.concat ["Change firewall rule \"", uname, " ", $"modRule2", "\" to \"", uname, " ", $"rule", "\""], $"msg"); |
91 | if not (Sec.Req.notifyNew id) then |
1fe415e0 |
92 | %><h3>Error sending e-mail notification</h3><% |
f971918d |
93 | end |
1fe415e0 |
94 | %><h3>Request added</h3><% |
f971918d |
95 | |
96 | elseif $"delRule" <> "" then |
97 | showNormal := false; |
98 | val oldRule = $"delRule"; |
99 | %>Are you sure you want to request that firewall rule <b><% Web.html uname %> <% Web.html oldRule %></b> be <b>deleted</b>?<br> |
100 | <a href="sec?uname=<% Web.urlEncode uname %>&delRule2=<% Web.urlEncode oldRule %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% |
101 | elseif $"delRule2" <> "" then |
102 | val id = Sec.Req.add (you, String.concat ["Delete firewall rule \"", uname, " ", $"delRule2", "\""], $"msg"); |
103 | if not (Sec.Req.notifyNew id) then |
1fe415e0 |
104 | %><h3>Error sending e-mail notification</h3><% |
f971918d |
105 | end |
1fe415e0 |
106 | %><h3>Request added</h3><% |
f971918d |
107 | |
3ad30cf6 |
108 | elseif $"cmd" = "open" then |
109 | showNormal := false; |
110 | Group.requireGroupName "server"; |
1fe415e0 |
111 | %><h3>Open requests</h3> |
3ad30cf6 |
112 | <a href="sec?cmd=list">List all requests</a><% |
113 | |
114 | foreach (name, req) in Sec.Req.listOpen () do %> |
115 | <br><hr><br> |
1fe415e0 |
116 | <table class="blanks"> |
117 | <tr> <td>By:</td> <td><a href="user?id=<% #usr req %>"><% name %></a></td> </tr> |
118 | <tr> <td>Time:</td> <td><% #stamp req %></td> </tr> |
119 | <tr> <td>Request:</td> <td><% #data req %></td> </tr> |
120 | <tr> <td>Msg:</td> <td colspan="2"><% Web.html (#msg req) %></td> </tr> |
3ad30cf6 |
121 | </table> |
122 | |
123 | <br> |
124 | <a href="sec?mod=<% #id req %>">[Modify]</a> |
125 | <a href="sec?del=<% #id req %>">[Delete]</a><br> |
126 | |
127 | <% end |
128 | |
129 | elseif $"cmd" = "list" then |
130 | showNormal := false; |
131 | Group.requireGroupName "server" |
1fe415e0 |
132 | %><h3>All requests</h3><% |
3ad30cf6 |
133 | |
134 | foreach (name, req) in Sec.Req.list () do %> |
135 | <br><hr><br> |
1fe415e0 |
136 | <table class="blanks"> |
137 | <tr> <td>By:</td> <td colspan="2"><a href="user?id=<% #usr req %>"><% name %></a></td> </tr> |
138 | <tr> <td>Time:</td> <td colspan="2"><% #stamp req %></td> </tr> |
139 | <tr> <td>Request:</td> <td><% #data req %></td> </tr> |
140 | <tr> <td>Reason:</td> <td colspan="2"><% Web.html (#msg req) %></td> </tr> |
3ad30cf6 |
141 | </table> |
142 | |
143 | <br> |
144 | <a href="sec?mod=<% #id req %>">[Modify]</a> |
145 | <a href="sec?del=<% #id req %>">[Delete]</a> |
146 | |
147 | <% end |
148 | |
149 | elseif $"mod" <> "" then |
150 | showNormal := false; |
151 | Group.requireGroupName "server"; |
152 | val id = Web.stoi ($"mod"); |
153 | val req = Sec.Req.lookup id; |
154 | val user = Init.lookupUser (#usr req) %> |
1fe415e0 |
155 | <h3>Handle request</h3> |
3ad30cf6 |
156 | |
157 | <form action="sec" method="post"> |
158 | <input type="hidden" name="save" value="<% id %>"> |
1fe415e0 |
159 | <table class="blanks"> |
160 | <tr> <td>Requestor:</td> <td><a href="user?id=<% #usr req %>"><% #name user %></a></td> </tr> |
161 | <tr> <td>Time:</td> <td><% #stamp req %></td> </tr> |
162 | <tr> <td>Status:</td> <td><select name="status"> |
3ad30cf6 |
163 | <option value="0"<% if #status req = Sec.Req.NEW then %> selected<% end %>>New</option> |
164 | <option value="1"<% if #status req = Sec.Req.INSTALLED then %> selected<% end %>>Installed</option> |
165 | <option value="2"<% if #status req = Sec.Req.REJECTED then %> selected<% end %>>Rejected</option> |
166 | </select></td> </tr> |
1fe415e0 |
167 | <tr> <td>Request:</td> <td><input name="req" value="<% #data req %>"></td> </tr> |
168 | <tr> <td>Message:</td> <td><textarea name="msg" rows="10" cols="80" wrap="soft"><% Web.html (#msg req) %></textarea></td> </tr> |
3ad30cf6 |
169 | <tr> <td><input type="submit" value="Save"></td> </tr> |
170 | </table> |
171 | </form> |
172 | |
173 | <% elseif $"save" <> "" then |
174 | showNormal := false; |
175 | Group.requireGroupName "server"; |
176 | val id = Web.stoi ($"save"); |
177 | val req = Sec.Req.lookup id; |
178 | val oldStatus = #status req; |
179 | val newStatus = Sec.Req.statusFromInt (Web.stoi ($"status")); |
180 | Sec.Req.modify {req with data = $"req", msg = $"msg", status = newStatus}; |
181 | if oldStatus <> newStatus then |
182 | if not (Sec.Req.notifyMod (oldStatus, newStatus, Init.getUserName(), id)) then |
1fe415e0 |
183 | %><h3>Error sending e-mail notification</h3><% |
3ad30cf6 |
184 | end |
185 | end |
1fe415e0 |
186 | %><h3>Request modified</h3> |
3ad30cf6 |
187 | Back to: <a href="sec?cmd=open">open requests</a>, <a href="sec?cmd=list">all requests</a> |
188 | |
189 | <% elseif $"del" <> "" then |
190 | showNormal := false; |
191 | Group.requireGroupName "server"; |
192 | val id = Web.stoi ($"del"); |
193 | val req = Sec.Req.lookup id; |
194 | val user = Init.lookupUser (#usr req) |
1fe415e0 |
195 | %><h3>Are you sure you want to delete request by <% #name user %> for "<% #data req %>"?</h3> |
3ad30cf6 |
196 | <a href="sec?del2=<% id %>">Yes, I'm sure!</a> |
197 | |
198 | <% elseif $"del2" <> "" then |
199 | showNormal := false; |
200 | Group.requireGroupName "server"; |
201 | val id = Web.stoi ($"del2"); |
202 | Sec.Req.delete id |
1fe415e0 |
203 | %><h3>Request deleted</b><h3> |
3ad30cf6 |
204 | Back to: <a href="sec?cmd=open">open requests</a>, <a href="sec?cmd=list">all requests</a> |
205 | |
206 | <% end; |
207 | |
208 | if showNormal then %> |
209 | |
210 | <form action="sec" method="post"> |
211 | <b>Your users:</b> <select name="uname"> |
212 | <% foreach name in (yourname :: Sec.findSubusers yourname) do %> |
213 | <option value="<% name %>"<% if uname = name then %> selected<% end %>><% name %></option> |
214 | <% end %></select> <input type="submit" value="Switch"> </form> |
215 | |
1fe415e0 |
216 | <h3>Request socket permissions change</h3> |
3ad30cf6 |
217 | |
218 | <form action="sec" method="post"> |
219 | <input type="hidden" name="uname" value="<% uname %>"> |
220 | <input type="hidden" name="cmd" value="socks"> |
1fe415e0 |
221 | <table class="blanks"> |
222 | <tr> <td>New permissions:</td> <td><select name="socks"> |
3ad30cf6 |
223 | <option value="none"<% if socks = Sec.NADA then %> selected<% end %>>None</option> |
224 | <option value="any"<% if socks = Sec.ANY then %> selected<% end %>>Any</option> |
225 | <option value="client"<% if socks = Sec.CLIENT_ONLY then %> selected<% end %>>Client only</option> |
226 | <option value="server"<% if socks = Sec.SERVER_ONLY then %> selected<% end %>>Server only</option> |
227 | </select></td> </tr> |
1fe415e0 |
228 | <tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr> |
3ad30cf6 |
229 | <tr> <td><input type="submit" value="Request"></td> </tr> |
230 | </table> |
231 | </form> |
232 | |
1fe415e0 |
233 | <h3>Request change to your execute permissions</h3> |
3ad30cf6 |
234 | |
235 | <form action="sec" method="post"> |
236 | <input type="hidden" name="uname" value="<% uname %>"> |
237 | <input type="hidden" name="cmd" value="tpe"> |
1fe415e0 |
238 | <table class="blanks"> |
239 | <tr> <td>Trusted path executables only?</td> <td><select name="tpe"> |
3ad30cf6 |
240 | <option value="no"<% if not tpe then %> selected<% end %>>No</option> |
241 | <option value="yes"<% if tpe then %> selected<% end %>>Yes</option> |
242 | </select></td> </tr> |
1fe415e0 |
243 | <tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr> |
3ad30cf6 |
244 | <tr> <td><input type="submit" value="Request"></td> </tr> |
245 | </table> |
246 | </form> |
247 | |
1fe415e0 |
248 | <h3>Request change to your <tt>cron</tt> permissions</h3> |
f971918d |
249 | |
250 | <form action="sec" method="post"> |
251 | <input type="hidden" name="uname" value="<% uname %>"> |
252 | <input type="hidden" name="cmd" value="cron"> |
1fe415e0 |
253 | <table class="blanks"> |
254 | <tr> <td>Allowed to use cron?</td> <td><select name="cron"> |
255 | option value="no"<% if not cron then %> selected<% end %>>No</option> |
f971918d |
256 | <option value="yes"<% if cron then %> selected<% end %>>Yes</option> |
257 | </select></td> </tr> |
1fe415e0 |
258 | <tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr> |
f971918d |
259 | <tr> <td><input type="submit" value="Request"></td> </tr> |
260 | </table> |
261 | </form> |
262 | |
1fe415e0 |
263 | <h3>Request change to your FTP permissions</h3> |
8c4dc06e |
264 | |
265 | <form action="sec" method="post"> |
266 | <input type="hidden" name="uname" value="<% uname %>"> |
267 | <input type="hidden" name="cmd" value="ftp"> |
1fe415e0 |
268 | <table class="blanks"> |
269 | <tr> <td>Allowed to use FTP?</td> <td><select name="ftp"> |
8c4dc06e |
270 | <option value="no"<% if not ftp then %> selected<% end %>>No</option> |
271 | <option value="yes"<% if ftp then %> selected<% end %>>Yes</option> |
272 | </select></td> </tr> |
1fe415e0 |
273 | <tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr> |
8c4dc06e |
274 | <tr> <td><input type="submit" value="Request"></td> </tr> |
275 | </table> |
276 | </form> |
277 | |
f971918d |
278 | <% val rules = Sec.findFirewallRules uname; |
279 | switch rules of |
280 | _::_ => %> |
1fe415e0 |
281 | <h3>Your firewall rules</h3> |
f971918d |
282 | |
283 | <% foreach rule in rules do %> |
284 | <form action="sec" method="post"> |
285 | <input type="hidden" name="uname" value="<% uname %>"> |
286 | <input type="hidden" name="modRule" value="<% Web.html rule %>"> |
287 | <input name="rule" value="<% Web.html rule %>"> |
288 | <a href="sec?delRule=<% Web.urlEncode rule %>">[Request deletion]</a> |
289 | <input type="submit" value="Request change"> |
290 | </form><br> |
291 | <% end |
292 | end%> |
293 | |
1fe415e0 |
294 | <h3>Request a new firewall rule</h3> |
f971918d |
295 | |
296 | <p>You can find a description of rule formats <a href="http://wiki.hcoop.net/wiki/FirewallRules">on our wiki</a>. Enter here the rule you want, without the initial <tt>user</tt> portion.</p> |
297 | |
298 | <form action="sec" method="post"> |
299 | <input type="hidden" name="uname" value="<% uname %>"> |
300 | <input type="hidden" name="cmd" value="rule"> |
1fe415e0 |
301 | <table class="blanks"> |
302 | <tr> <td>Rule</td> <td><input name="rule" size="80"></td> </tr> |
303 | <tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr> |
f971918d |
304 | <tr> <td><input type="submit" value="Request"></td> </tr> |
305 | </table> |
306 | </form> |
307 | |
3ad30cf6 |
308 | <% end %> |
309 | |
310 | <% @footer[] %> |