X-Git-Url: https://git.hcoop.net/bpt/portal.git/blobdiff_plain/b6dd1aafb4c9cddf89b06c2eeac1b5277046ad9f..090e5fb2a269a98e4a9a9d53d17c220d2a98b8f8:/sec.mlt
diff --git a/sec.mlt b/sec.mlt
index 386da98..1c5a008 100644
--- a/sec.mlt
+++ b/sec.mlt
@@ -1,14 +1,19 @@
<% val you = Init.getUserId ();
val yourname = Init.getUserName ();
+val nodeNum = case $"node" of
+ "" => 2
+ | node => Web.stoi node;
+val nodeName = Init.nodeName nodeNum;
+
val uname = case $"uname" of
"" => yourname
| uname => uname;
-val socks = Sec.socketPerms uname;
-val tpe = Sec.isTpe uname;
-val cron = Sec.cronAllowed uname;
-val ftp = Sec.ftpAllowed uname;
+val socks = Sec.socketPerms {node = nodeNum, uname = uname};
+val tpe = Sec.isTpe {node = nodeNum, uname = uname};
+val cron = Sec.cronAllowed {node = nodeNum, uname = uname};
+val ftp = Sec.ftpAllowed {node = nodeNum, uname = uname};
ref showNormal = true;
@@ -17,10 +22,10 @@ ref showNormal = true;
if $"cmd" = "socks" then
showNormal := false;
val socks = $"socks";
- %>Are you sure you want to request that socket permissions for <% Web.html uname %> be changed to <% Web.html socks %>?
- ">Yes, place the request!<%
+ %>Are you sure you want to request that socket permissions for <% Web.html uname %> on <% Web.html nodeName %> be changed to <% Web.html socks %>?
+ ">Yes, place the request!<%
elseif $"cmd" = "socks2" then
- val id = Sec.Req.add (you, String.concat [uname, ": change socket permissions to ", $"socks"], $"msg");
+ val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat [uname, ": change socket permissions to ", $"socks"], msg = $"msg"};
if not (Sec.Req.notifyNew id) then
%>
Error sending e-mail notification
<%
end
@@ -29,10 +34,10 @@ elseif $"cmd" = "socks2" then
elseif $"cmd" = "tpe" then
showNormal := false;
val tpe = iff $"tpe" = "yes" then "on" else "off";
- %>Are you sure you want to request that trusted-path-executables-only for <% Web.html uname %> be turned <% tpe %>?
- ">Yes, place the request!<%
+ %>Are you sure you want to request that trusted-path-executables-only for <% Web.html uname %> on <% Web.html nodeName %> be turned <% tpe %>?
+ ">Yes, place the request!<%
elseif $"cmd" = "tpe2" then
- val id = Sec.Req.add (you, String.concat [uname, ": turn tpe ", $"tpe"], $"msg");
+ val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat [uname, ": turn tpe ", $"tpe"], msg = $"msg"};
if not (Sec.Req.notifyNew id) then
%>
Error sending e-mail notification
<%
end
@@ -41,11 +46,11 @@ elseif $"cmd" = "tpe2" then
elseif $"cmd" = "cron" then
showNormal := false;
val cron = iff $"cron" = "yes" then "enabled" else "disabled";
- %>Are you sure you want to request that cron permissions for <% Web.html uname %> be <% cron %>?
- ">Yes, place the request!<%
+ %>Are you sure you want to request that cron permissions for <% Web.html uname %> on <% Web.html nodeName %> be <% cron %>?
+ ">Yes, place the request!<%
elseif $"cmd" = "cron2" then
val cron = iff $"cron" = "enabled" then "enable" else "disable";
- val id = Sec.Req.add (you, String.concat [uname, ": ", cron, " cron access"], $"msg");
+ val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat [uname, ": ", cron, " cron access"], msg = $"msg"};
if not (Sec.Req.notifyNew id) then
%>
Error sending e-mail notification
<%
end
@@ -54,11 +59,11 @@ elseif $"cmd" = "cron2" then
elseif $"cmd" = "ftp" then
showNormal := false;
val ftp = iff $"ftp" = "yes" then "enabled" else "disabled";
- %>Are you sure you want to request that FTP permissions for <% Web.html uname %> be <% ftp %>?
- ">Yes, place the request!<%
+ %>Are you sure you want to request that FTP permissions for <% Web.html uname %> on <% Web.html nodeName %> be <% ftp %>?
+ ">Yes, place the request!<%
elseif $"cmd" = "ftp2" then
val ftp = iff $"ftp" = "enabled" then "enable" else "disable";
- val id = Sec.Req.add (you, String.concat [uname, ": ", ftp, " FTP access"], $"msg");
+ val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat [uname, ": ", ftp, " FTP access"], msg = $"msg"};
if not (Sec.Req.notifyNew id) then
%>
Error sending e-mail notification
<%
end
@@ -67,14 +72,26 @@ elseif $"cmd" = "ftp2" then
elseif $"cmd" = "rule" then
showNormal := false;
val rule = $"rule";
- %>Are you sure you want to request the firewall rule <% Web.html uname %> <% Web.html rule %>?
- ">Yes, place the request!<%
+
+ if Sec.validRule rule then
+ %>Are you sure you want to request the firewall rule <% Web.html uname %> <% Web.html rule %> on <% Web.html nodeName %>?
+ ">Yes, place the request!<%
+ else
+ %>"<% Web.html rule %>" is not a valid firewall rule! Please reread the instructions, and remember to leave off the initial username portion.<%
+ end
+
elseif $"cmd" = "rule2" then
- val id = Sec.Req.add (you, String.concat ["Add firewall rule \"", uname, " ", $"rule", "\""], $"msg");
- if not (Sec.Req.notifyNew id) then
- %>
Error sending e-mail notification
<%
+ val rule = $"rule";
+
+ if Sec.validRule rule then
+ val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat ["Add firewall rule \"", uname, " ", rule, "\""], msg = $"msg"};
+ if not (Sec.Req.notifyNew id) then
+ %>
Error sending e-mail notification
<%
+ end
+ %>
Request added
<%
+ else
+ %>"<% Web.html rule %>" is not a valid firewall rule! Please reread the instructions, and remember to leave off the initial username portion.<%
end
- %>
Request added
<%
elseif $"modRule" <> "" then
showNormal := false;
@@ -83,11 +100,11 @@ elseif $"modRule" <> "" then
if oldRule = rule then
%>You didn't modify the textbox for this rule before clicking the button, so there is no request to be made.<%
else
- %>Are you sure you want to request that firewall rule <% Web.html uname %> <% Web.html oldRule %> be replaced by <% Web.html uname %> <% Web.html rule %>?
- ">Yes, place the request!<%
+ %>Are you sure you want to request that firewall rule <% Web.html uname %> <% Web.html oldRule %> be replaced by <% Web.html uname %> <% Web.html rule %> on <% Web.html nodeName %>?
+ ">Yes, place the request!<%
end
elseif $"modRule2" <> "" then
- val id = Sec.Req.add (you, String.concat ["Change firewall rule \"", uname, " ", $"modRule2", "\" to \"", uname, " ", $"rule", "\""], $"msg");
+ val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat ["Change firewall rule \"", uname, " ", $"modRule2", "\" to \"", uname, " ", $"rule", "\""], msg = $"msg"};
if not (Sec.Req.notifyNew id) then
%>
Error sending e-mail notification
<%
end
@@ -96,10 +113,10 @@ elseif $"modRule2" <> "" then
elseif $"delRule" <> "" then
showNormal := false;
val oldRule = $"delRule";
- %>Are you sure you want to request that firewall rule <% Web.html uname %> <% Web.html oldRule %> be deleted?
- ">Yes, place the request!<%
+ %>Are you sure you want to request that firewall rule <% Web.html uname %> <% Web.html oldRule %> on <% Web.html nodeName %> be deleted?
+ ">Yes, place the request!<%
elseif $"delRule2" <> "" then
- val id = Sec.Req.add (you, String.concat ["Delete firewall rule \"", uname, " ", $"delRule2", "\""], $"msg");
+ val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat ["Delete firewall rule \"", uname, " ", $"delRule2", "\""], msg = $"msg"};
if not (Sec.Req.notifyNew id) then
%>
Error sending e-mail notification
<%
end
@@ -116,6 +133,7 @@ elseif $"cmd" = "open" then
@@ -177,9 +200,9 @@ elseif $"mod" <> "" then
val req = Sec.Req.lookup id;
val oldStatus = #status req;
val newStatus = Sec.Req.statusFromInt (Web.stoi ($"status"));
- Sec.Req.modify {req with data = $"req", msg = $"msg", status = newStatus};
+ Sec.Req.modify {req with node = nodeNum, data = $"req", msg = $"msg", status = newStatus};
if oldStatus <> newStatus then
- if not (Sec.Req.notifyMod (oldStatus, newStatus, Init.getUserName(), id)) then
+ if not (Sec.Req.notifyMod {old = oldStatus, new = newStatus, changer = Init.getUserName(), req = id}) then
%>
Error sending e-mail notification
<%
end
end
@@ -192,7 +215,7 @@ elseif $"mod" <> "" then
val id = Web.stoi ($"del");
val req = Sec.Req.lookup id;
val user = Init.lookupUser (#usr req)
- %>
Are you sure you want to delete request by <% #name user %> for "<% #data req %>"?
+ %>
Are you sure you want to delete request by <% #name user %> for "<% #data req %>" on <% Web.html (Init.nodeName (#node req)) %>?
Yes, I'm sure!
<% elseif $"del2" <> "" then
@@ -207,15 +230,33 @@ elseif $"mod" <> "" then
if showNormal then %>
+
+
+
Request socket permissions change
+
You need to request socket permissions before you are able to open any network connections. While you will be limited by firewall rules even then, any requests for firewall rules you enter in the "Reason" blank here will be ignored. Please use the separate form at the bottom of this page for that. There is no need to wait until a request for socket permissions has been granted before starting to request firewall rules.
+
+
Keep in mind that, if your request is granted, it will never apply to existing log-in sessions. Close them and re-connect to take advantage of your new privileges.