| 1 | <% val you = Init.getUserId (); |
| 2 | val yourname = Init.getUserName (); |
| 3 | |
| 4 | val uname = case $"uname" of |
| 5 | "" => yourname |
| 6 | | uname => uname; |
| 7 | |
| 8 | val socks = Sec.socketPerms uname; |
| 9 | val tpe = Sec.isTpe uname; |
| 10 | val cron = Sec.cronAllowed uname; |
| 11 | val ftp = Sec.ftpAllowed uname; |
| 12 | |
| 13 | ref showNormal = true; |
| 14 | |
| 15 | @header [("title", ["Security settings"])]; |
| 16 | |
| 17 | if $"cmd" = "socks" then |
| 18 | showNormal := false; |
| 19 | val socks = $"socks"; |
| 20 | %>Are you sure you want to request that socket permissions for <b><% Web.html uname %></b> be changed to <b><% Web.html socks %></b>?<br> |
| 21 | <a href="sec?cmd=socks2&uname=<% Web.urlEncode uname %>&socks=<% Web.urlEncode socks %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% |
| 22 | elseif $"cmd" = "socks2" then |
| 23 | val id = Sec.Req.add (you, String.concat [uname, ": change socket permissions to ", $"socks"], $"msg"); |
| 24 | if not (Sec.Req.notifyNew id) then |
| 25 | %><h3>Error sending e-mail notification</h3><% |
| 26 | end |
| 27 | %><h3>Request added</h3><% |
| 28 | |
| 29 | elseif $"cmd" = "tpe" then |
| 30 | showNormal := false; |
| 31 | val tpe = iff $"tpe" = "yes" then "on" else "off"; |
| 32 | %>Are you sure you want to request that trusted-path-executables-only for <b><% Web.html uname %></b> be turned <b><% tpe %></b>?<br> |
| 33 | <a href="sec?cmd=tpe2&uname=<% Web.urlEncode uname %>&tpe=<% tpe %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% |
| 34 | elseif $"cmd" = "tpe2" then |
| 35 | val id = Sec.Req.add (you, String.concat [uname, ": turn tpe ", $"tpe"], $"msg"); |
| 36 | if not (Sec.Req.notifyNew id) then |
| 37 | %><h3>Error sending e-mail notification</h3><% |
| 38 | end |
| 39 | %><h3>Request added</h3><% |
| 40 | |
| 41 | elseif $"cmd" = "cron" then |
| 42 | showNormal := false; |
| 43 | val cron = iff $"cron" = "yes" then "enabled" else "disabled"; |
| 44 | %>Are you sure you want to request that <tt>cron</tt> permissions for <b><% Web.html uname %></b> be <b><% cron %></b>?<br> |
| 45 | <a href="sec?cmd=cron2&uname=<% Web.urlEncode uname %>&cron=<% cron %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% |
| 46 | elseif $"cmd" = "cron2" then |
| 47 | val cron = iff $"cron" = "enabled" then "enable" else "disable"; |
| 48 | val id = Sec.Req.add (you, String.concat [uname, ": ", cron, " cron access"], $"msg"); |
| 49 | if not (Sec.Req.notifyNew id) then |
| 50 | %><h3>Error sending e-mail notification</h3><% |
| 51 | end |
| 52 | %><h3>Request added</h3><% |
| 53 | |
| 54 | elseif $"cmd" = "ftp" then |
| 55 | showNormal := false; |
| 56 | val ftp = iff $"ftp" = "yes" then "enabled" else "disabled"; |
| 57 | %>Are you sure you want to request that FTP permissions for <b><% Web.html uname %></b> be <b><% ftp %></b>?<br> |
| 58 | <a href="sec?cmd=ftp2&uname=<% Web.urlEncode uname %>&ftp=<% ftp %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% |
| 59 | elseif $"cmd" = "ftp2" then |
| 60 | val ftp = iff $"ftp" = "enabled" then "enable" else "disable"; |
| 61 | val id = Sec.Req.add (you, String.concat [uname, ": ", ftp, " FTP access"], $"msg"); |
| 62 | if not (Sec.Req.notifyNew id) then |
| 63 | %><h3>Error sending e-mail notification</h3><% |
| 64 | end |
| 65 | %><h3>Request added</h3><% |
| 66 | |
| 67 | elseif $"cmd" = "rule" then |
| 68 | showNormal := false; |
| 69 | val rule = $"rule"; |
| 70 | %>Are you sure you want to request the firewall rule <b><% Web.html uname %> <% Web.html rule %></b>?<br> |
| 71 | <a href="sec?cmd=rule2&uname=<% Web.urlEncode uname %>&rule=<% Web.urlEncode rule %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% |
| 72 | elseif $"cmd" = "rule2" then |
| 73 | val id = Sec.Req.add (you, String.concat ["Add firewall rule \"", uname, " ", $"rule", "\""], $"msg"); |
| 74 | if not (Sec.Req.notifyNew id) then |
| 75 | %><h3>Error sending e-mail notification</h3><% |
| 76 | end |
| 77 | %><h3>Request added</h3><% |
| 78 | |
| 79 | elseif $"modRule" <> "" then |
| 80 | showNormal := false; |
| 81 | val oldRule = $"modRule"; |
| 82 | val rule = $"rule" |
| 83 | if oldRule = rule then |
| 84 | %>You didn't modify the textbox for this rule before clicking the button, so there is no request to be made.<% |
| 85 | else |
| 86 | %>Are you sure you want to request that firewall rule <b><% Web.html uname %> <% Web.html oldRule %></b> be replaced by <b><% Web.html uname %> <% Web.html rule %></b>?<br> |
| 87 | <a href="sec?uname=<% Web.urlEncode uname %>&modRule2=<% Web.urlEncode oldRule %>&rule=<% Web.urlEncode rule %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% |
| 88 | end |
| 89 | elseif $"modRule2" <> "" then |
| 90 | val id = Sec.Req.add (you, String.concat ["Change firewall rule \"", uname, " ", $"modRule2", "\" to \"", uname, " ", $"rule", "\""], $"msg"); |
| 91 | if not (Sec.Req.notifyNew id) then |
| 92 | %><h3>Error sending e-mail notification</h3><% |
| 93 | end |
| 94 | %><h3>Request added</h3><% |
| 95 | |
| 96 | elseif $"delRule" <> "" then |
| 97 | showNormal := false; |
| 98 | val oldRule = $"delRule"; |
| 99 | %>Are you sure you want to request that firewall rule <b><% Web.html uname %> <% Web.html oldRule %></b> be <b>deleted</b>?<br> |
| 100 | <a href="sec?uname=<% Web.urlEncode uname %>&delRule2=<% Web.urlEncode oldRule %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% |
| 101 | elseif $"delRule2" <> "" then |
| 102 | val id = Sec.Req.add (you, String.concat ["Delete firewall rule \"", uname, " ", $"delRule2", "\""], $"msg"); |
| 103 | if not (Sec.Req.notifyNew id) then |
| 104 | %><h3>Error sending e-mail notification</h3><% |
| 105 | end |
| 106 | %><h3>Request added</h3><% |
| 107 | |
| 108 | elseif $"cmd" = "open" then |
| 109 | showNormal := false; |
| 110 | Group.requireGroupName "server"; |
| 111 | %><h3>Open requests</h3> |
| 112 | <a href="sec?cmd=list">List all requests</a><% |
| 113 | |
| 114 | foreach (name, req) in Sec.Req.listOpen () do %> |
| 115 | <br><hr><br> |
| 116 | <table class="blanks"> |
| 117 | <tr> <td>By:</td> <td><a href="user?id=<% #usr req %>"><% name %></a></td> </tr> |
| 118 | <tr> <td>Time:</td> <td><% #stamp req %></td> </tr> |
| 119 | <tr> <td>Request:</td> <td><% #data req %></td> </tr> |
| 120 | <tr> <td>Msg:</td> <td colspan="2"><% Web.html (#msg req) %></td> </tr> |
| 121 | </table> |
| 122 | |
| 123 | <br> |
| 124 | <a href="sec?mod=<% #id req %>">[Modify]</a> |
| 125 | <a href="sec?del=<% #id req %>">[Delete]</a><br> |
| 126 | |
| 127 | <% end |
| 128 | |
| 129 | elseif $"cmd" = "list" then |
| 130 | showNormal := false; |
| 131 | Group.requireGroupName "server" |
| 132 | %><h3>All requests</h3><% |
| 133 | |
| 134 | foreach (name, req) in Sec.Req.list () do %> |
| 135 | <br><hr><br> |
| 136 | <table class="blanks"> |
| 137 | <tr> <td>By:</td> <td colspan="2"><a href="user?id=<% #usr req %>"><% name %></a></td> </tr> |
| 138 | <tr> <td>Time:</td> <td colspan="2"><% #stamp req %></td> </tr> |
| 139 | <tr> <td>Request:</td> <td><% #data req %></td> </tr> |
| 140 | <tr> <td>Reason:</td> <td colspan="2"><% Web.html (#msg req) %></td> </tr> |
| 141 | </table> |
| 142 | |
| 143 | <br> |
| 144 | <a href="sec?mod=<% #id req %>">[Modify]</a> |
| 145 | <a href="sec?del=<% #id req %>">[Delete]</a> |
| 146 | |
| 147 | <% end |
| 148 | |
| 149 | elseif $"mod" <> "" then |
| 150 | showNormal := false; |
| 151 | Group.requireGroupName "server"; |
| 152 | val id = Web.stoi ($"mod"); |
| 153 | val req = Sec.Req.lookup id; |
| 154 | val user = Init.lookupUser (#usr req) %> |
| 155 | <h3>Handle request</h3> |
| 156 | |
| 157 | <form action="sec" method="post"> |
| 158 | <input type="hidden" name="save" value="<% id %>"> |
| 159 | <table class="blanks"> |
| 160 | <tr> <td>Requestor:</td> <td><a href="user?id=<% #usr req %>"><% #name user %></a></td> </tr> |
| 161 | <tr> <td>Time:</td> <td><% #stamp req %></td> </tr> |
| 162 | <tr> <td>Status:</td> <td><select name="status"> |
| 163 | <option value="0"<% if #status req = Sec.Req.NEW then %> selected<% end %>>New</option> |
| 164 | <option value="1"<% if #status req = Sec.Req.INSTALLED then %> selected<% end %>>Installed</option> |
| 165 | <option value="2"<% if #status req = Sec.Req.REJECTED then %> selected<% end %>>Rejected</option> |
| 166 | </select></td> </tr> |
| 167 | <tr> <td>Request:</td> <td><input name="req" value="<% #data req %>"></td> </tr> |
| 168 | <tr> <td>Message:</td> <td><textarea name="msg" rows="10" cols="80" wrap="soft"><% Web.html (#msg req) %></textarea></td> </tr> |
| 169 | <tr> <td><input type="submit" value="Save"></td> </tr> |
| 170 | </table> |
| 171 | </form> |
| 172 | |
| 173 | <% elseif $"save" <> "" then |
| 174 | showNormal := false; |
| 175 | Group.requireGroupName "server"; |
| 176 | val id = Web.stoi ($"save"); |
| 177 | val req = Sec.Req.lookup id; |
| 178 | val oldStatus = #status req; |
| 179 | val newStatus = Sec.Req.statusFromInt (Web.stoi ($"status")); |
| 180 | Sec.Req.modify {req with data = $"req", msg = $"msg", status = newStatus}; |
| 181 | if oldStatus <> newStatus then |
| 182 | if not (Sec.Req.notifyMod (oldStatus, newStatus, Init.getUserName(), id)) then |
| 183 | %><h3>Error sending e-mail notification</h3><% |
| 184 | end |
| 185 | end |
| 186 | %><h3>Request modified</h3> |
| 187 | Back to: <a href="sec?cmd=open">open requests</a>, <a href="sec?cmd=list">all requests</a> |
| 188 | |
| 189 | <% elseif $"del" <> "" then |
| 190 | showNormal := false; |
| 191 | Group.requireGroupName "server"; |
| 192 | val id = Web.stoi ($"del"); |
| 193 | val req = Sec.Req.lookup id; |
| 194 | val user = Init.lookupUser (#usr req) |
| 195 | %><h3>Are you sure you want to delete request by <% #name user %> for "<% #data req %>"?</h3> |
| 196 | <a href="sec?del2=<% id %>">Yes, I'm sure!</a> |
| 197 | |
| 198 | <% elseif $"del2" <> "" then |
| 199 | showNormal := false; |
| 200 | Group.requireGroupName "server"; |
| 201 | val id = Web.stoi ($"del2"); |
| 202 | Sec.Req.delete id |
| 203 | %><h3>Request deleted</b><h3> |
| 204 | Back to: <a href="sec?cmd=open">open requests</a>, <a href="sec?cmd=list">all requests</a> |
| 205 | |
| 206 | <% end; |
| 207 | |
| 208 | if showNormal then %> |
| 209 | |
| 210 | <form action="sec" method="post"> |
| 211 | <b>Your users:</b> <select name="uname"> |
| 212 | <% foreach name in (yourname :: Sec.findSubusers yourname) do %> |
| 213 | <option value="<% name %>"<% if uname = name then %> selected<% end %>><% name %></option> |
| 214 | <% end %></select> <input type="submit" value="Switch"> </form> |
| 215 | |
| 216 | <h3>Request socket permissions change</h3> |
| 217 | |
| 218 | <form action="sec" method="post"> |
| 219 | <input type="hidden" name="uname" value="<% uname %>"> |
| 220 | <input type="hidden" name="cmd" value="socks"> |
| 221 | <table class="blanks"> |
| 222 | <tr> <td>New permissions:</td> <td><select name="socks"> |
| 223 | <option value="none"<% if socks = Sec.NADA then %> selected<% end %>>None</option> |
| 224 | <option value="any"<% if socks = Sec.ANY then %> selected<% end %>>Any</option> |
| 225 | <option value="client"<% if socks = Sec.CLIENT_ONLY then %> selected<% end %>>Client only</option> |
| 226 | <option value="server"<% if socks = Sec.SERVER_ONLY then %> selected<% end %>>Server only</option> |
| 227 | </select></td> </tr> |
| 228 | <tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr> |
| 229 | <tr> <td><input type="submit" value="Request"></td> </tr> |
| 230 | </table> |
| 231 | </form> |
| 232 | |
| 233 | <h3>Request change to your execute permissions</h3> |
| 234 | |
| 235 | <form action="sec" method="post"> |
| 236 | <input type="hidden" name="uname" value="<% uname %>"> |
| 237 | <input type="hidden" name="cmd" value="tpe"> |
| 238 | <table class="blanks"> |
| 239 | <tr> <td>Trusted path executables only?</td> <td><select name="tpe"> |
| 240 | <option value="no"<% if not tpe then %> selected<% end %>>No</option> |
| 241 | <option value="yes"<% if tpe then %> selected<% end %>>Yes</option> |
| 242 | </select></td> </tr> |
| 243 | <tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr> |
| 244 | <tr> <td><input type="submit" value="Request"></td> </tr> |
| 245 | </table> |
| 246 | </form> |
| 247 | |
| 248 | <h3>Request change to your <tt>cron</tt> permissions</h3> |
| 249 | |
| 250 | <form action="sec" method="post"> |
| 251 | <input type="hidden" name="uname" value="<% uname %>"> |
| 252 | <input type="hidden" name="cmd" value="cron"> |
| 253 | <table class="blanks"> |
| 254 | <tr> <td>Allowed to use cron?</td> <td><select name="cron"> |
| 255 | option value="no"<% if not cron then %> selected<% end %>>No</option> |
| 256 | <option value="yes"<% if cron then %> selected<% end %>>Yes</option> |
| 257 | </select></td> </tr> |
| 258 | <tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr> |
| 259 | <tr> <td><input type="submit" value="Request"></td> </tr> |
| 260 | </table> |
| 261 | </form> |
| 262 | |
| 263 | <h3>Request change to your FTP permissions</h3> |
| 264 | |
| 265 | <form action="sec" method="post"> |
| 266 | <input type="hidden" name="uname" value="<% uname %>"> |
| 267 | <input type="hidden" name="cmd" value="ftp"> |
| 268 | <table class="blanks"> |
| 269 | <tr> <td>Allowed to use FTP?</td> <td><select name="ftp"> |
| 270 | <option value="no"<% if not ftp then %> selected<% end %>>No</option> |
| 271 | <option value="yes"<% if ftp then %> selected<% end %>>Yes</option> |
| 272 | </select></td> </tr> |
| 273 | <tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr> |
| 274 | <tr> <td><input type="submit" value="Request"></td> </tr> |
| 275 | </table> |
| 276 | </form> |
| 277 | |
| 278 | <% val rules = Sec.findFirewallRules uname; |
| 279 | switch rules of |
| 280 | _::_ => %> |
| 281 | <h3>Your firewall rules</h3> |
| 282 | |
| 283 | <% foreach rule in rules do %> |
| 284 | <form action="sec" method="post"> |
| 285 | <input type="hidden" name="uname" value="<% uname %>"> |
| 286 | <input type="hidden" name="modRule" value="<% Web.html rule %>"> |
| 287 | <input name="rule" value="<% Web.html rule %>"> |
| 288 | <a href="sec?delRule=<% Web.urlEncode rule %>">[Request deletion]</a> |
| 289 | <input type="submit" value="Request change"> |
| 290 | </form><br> |
| 291 | <% end |
| 292 | end%> |
| 293 | |
| 294 | <h3>Request a new firewall rule</h3> |
| 295 | |
| 296 | <p>You can find a description of rule formats <a href="http://wiki.hcoop.net/wiki/FirewallRules">on our wiki</a>. Enter here the rule you want, without the initial <tt>user</tt> portion.</p> |
| 297 | |
| 298 | <form action="sec" method="post"> |
| 299 | <input type="hidden" name="uname" value="<% uname %>"> |
| 300 | <input type="hidden" name="cmd" value="rule"> |
| 301 | <table class="blanks"> |
| 302 | <tr> <td>Rule</td> <td><input name="rule" size="80"></td> </tr> |
| 303 | <tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr> |
| 304 | <tr> <td><input type="submit" value="Request"></td> </tr> |
| 305 | </table> |
| 306 | </form> |
| 307 | |
| 308 | <% end %> |
| 309 | |
| 310 | <% @footer[] %> |