HCoop / hcoop / portal.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Updated security settings to handle multiple machines
[hcoop/portal.git] / sec.mlt
CommitLineData
dfb0d0d7
AC		 1<% val you = Init.getUserId ();
2val yourname = Init.getUserName ();
3
3d2ed222
AC		 4val nodeNum = case $"node" of
5 "" => 2
6 | node => Web.stoi node;
7val nodeName = Init.nodeName nodeNum;
8
dfb0d0d7
AC		 9val uname = case $"uname" of
10 "" => yourname
11 | uname => uname;
12
3d2ed222
AC		 13val socks = Sec.socketPerms {node = nodeNum, uname = uname};
14val tpe = Sec.isTpe {node = nodeNum, uname = uname};
15val cron = Sec.cronAllowed {node = nodeNum, uname = uname};
16val ftp = Sec.ftpAllowed {node = nodeNum, uname = uname};
dfb0d0d7
AC		 17
18ref showNormal = true;
19
20@header [("title", ["Security settings"])];
21
22if $"cmd" = "socks" then
23 showNormal := false;
24 val socks = $"socks";
3d2ed222
AC		 25 %>Are you sure you want to request that socket permissions for <b><% Web.html uname %></b> on <b><% Web.html nodeName %></b> be changed to <b><% Web.html socks %></b>?<br>
26 <a href="sec?cmd=socks2&node=<% nodeNum %>&uname=<% Web.urlEncode uname %>&socks=<% Web.urlEncode socks %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
dfb0d0d7 27elseif $"cmd" = "socks2" then
3d2ed222 28 val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat [uname, ": change socket permissions to ", $"socks"], msg = $"msg"};
dfb0d0d7 29 if not (Sec.Req.notifyNew id) then
b6dd1aaf 30 %><h3>Error sending e-mail notification</h3><%
dfb0d0d7 31 end
b6dd1aaf 32 %><h3>Request added</h3><%
dfb0d0d7
AC		 33
34elseif $"cmd" = "tpe" then
35 showNormal := false;
36 val tpe = iff $"tpe" = "yes" then "on" else "off";
3d2ed222
AC		 37 %>Are you sure you want to request that trusted-path-executables-only for <b><% Web.html uname %></b> on <b><% Web.html nodeName %></b> be turned <b><% tpe %></b>?<br>
38 <a href="sec?cmd=tpe2&node=<% nodeNum %>&uname=<% Web.urlEncode uname %>&tpe=<% tpe %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
dfb0d0d7 39elseif $"cmd" = "tpe2" then
3d2ed222 40 val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat [uname, ": turn tpe ", $"tpe"], msg = $"msg"};
dfb0d0d7 41 if not (Sec.Req.notifyNew id) then
b6dd1aaf 42 %><h3>Error sending e-mail notification</h3><%
dfb0d0d7 43 end
b6dd1aaf 44 %><h3>Request added</h3><%
dfb0d0d7 45
e510b9bd
AC		 46elseif $"cmd" = "cron" then
47 showNormal := false;
48 val cron = iff $"cron" = "yes" then "enabled" else "disabled";
3d2ed222
AC		 49 %>Are you sure you want to request that <tt>cron</tt> permissions for <b><% Web.html uname %></b> on <b><% Web.html nodeName %></b> be <b><% cron %></b>?<br>
50 <a href="sec?cmd=cron2&node=<% nodeNum %>&uname=<% Web.urlEncode uname %>&cron=<% cron %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
e510b9bd
AC		 51elseif $"cmd" = "cron2" then
52 val cron = iff $"cron" = "enabled" then "enable" else "disable";
3d2ed222 53 val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat [uname, ": ", cron, " cron access"], msg = $"msg"};
e510b9bd 54 if not (Sec.Req.notifyNew id) then
b6dd1aaf 55 %><h3>Error sending e-mail notification</h3><%
e510b9bd 56 end
b6dd1aaf 57 %><h3>Request added</h3><%
e510b9bd 58
f432bce2
AC		 59elseif $"cmd" = "ftp" then
60 showNormal := false;
61 val ftp = iff $"ftp" = "yes" then "enabled" else "disabled";
3d2ed222
AC		 62 %>Are you sure you want to request that FTP permissions for <b><% Web.html uname %></b> on <b><% Web.html nodeName %></b> be <b><% ftp %></b>?<br>
63 <a href="sec?cmd=ftp2&node=<% nodeNum %>&uname=<% Web.urlEncode uname %>&ftp=<% ftp %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
f432bce2
AC		 64elseif $"cmd" = "ftp2" then
65 val ftp = iff $"ftp" = "enabled" then "enable" else "disable";
3d2ed222 66 val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat [uname, ": ", ftp, " FTP access"], msg = $"msg"};
f432bce2 67 if not (Sec.Req.notifyNew id) then
b6dd1aaf 68 %><h3>Error sending e-mail notification</h3><%
f432bce2 69 end
b6dd1aaf 70 %><h3>Request added</h3><%
f432bce2 71
e510b9bd
AC		 72elseif $"cmd" = "rule" then
73 showNormal := false;
74 val rule = $"rule";
3d2ed222
AC		 75 %>Are you sure you want to request the firewall rule <b><% Web.html uname %>&nbsp;<% Web.html rule %></b> on <b><% Web.html nodeName %></b>?<br>
76 <a href="sec?cmd=rule2&node=<% nodeNum %>&uname=<% Web.urlEncode uname %>&rule=<% Web.urlEncode rule %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
e510b9bd 77elseif $"cmd" = "rule2" then
3d2ed222 78 val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat ["Add firewall rule \"", uname, " ", $"rule", "\""], msg = $"msg"};
e510b9bd 79 if not (Sec.Req.notifyNew id) then
b6dd1aaf 80 %><h3>Error sending e-mail notification</h3><%
e510b9bd 81 end
b6dd1aaf 82 %><h3>Request added</h3><%
e510b9bd
AC		 83
84elseif $"modRule" <> "" then
85 showNormal := false;
86 val oldRule = $"modRule";
87 val rule = $"rule"
88 if oldRule = rule then
89 %>You didn't modify the textbox for this rule before clicking the button, so there is no request to be made.<%
90 else
3d2ed222
AC		 91 %>Are you sure you want to request that firewall rule <b><% Web.html uname %>&nbsp;<% Web.html oldRule %></b> be replaced by <b><% Web.html uname %>&nbsp;<% Web.html rule %></b> on <b><% Web.html nodeName %></b>?<br>
92 <a href="sec?node=<% nodeNum %>&uname=<% Web.urlEncode uname %>&modRule2=<% Web.urlEncode oldRule %>&rule=<% Web.urlEncode rule %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
e510b9bd
AC		 93 end
94elseif $"modRule2" <> "" then
3d2ed222 95 val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat ["Change firewall rule \"", uname, " ", $"modRule2", "\" to \"", uname, " ", $"rule", "\""], msg = $"msg"};
e510b9bd 96 if not (Sec.Req.notifyNew id) then
b6dd1aaf 97 %><h3>Error sending e-mail notification</h3><%
e510b9bd 98 end
b6dd1aaf 99 %><h3>Request added</h3><%
e510b9bd
AC		 100
101elseif $"delRule" <> "" then
102 showNormal := false;
103 val oldRule = $"delRule";
3d2ed222
AC		 104 %>Are you sure you want to request that firewall rule <b><% Web.html uname %>&nbsp;<% Web.html oldRule %></b> on <b><% Web.html nodeName %></b> be <b>deleted</bD>?<br>
105 <a href="sec?node=<% nodeNum %>&uname=<% Web.urlEncode uname %>&delRule2=<% Web.urlEncode oldRule %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
e510b9bd 106elseif $"delRule2" <> "" then
3d2ed222 107 val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat ["Delete firewall rule \"", uname, " ", $"delRule2", "\""], msg = $"msg"};
e510b9bd 108 if not (Sec.Req.notifyNew id) then
b6dd1aaf 109 %><h3>Error sending e-mail notification</h3><%
e510b9bd 110 end
b6dd1aaf 111 %><h3>Request added</h3><%
e510b9bd 112
dfb0d0d7
AC		 113elseif $"cmd" = "open" then
114 showNormal := false;
115 Group.requireGroupName "server";
b6dd1aaf 116 %><h3>Open requests</h3>
dfb0d0d7
AC		 117 <a href="sec?cmd=list">List all requests</a><%
118
119 foreach (name, req) in Sec.Req.listOpen () do %>
120<br><hr><br>
b6dd1aaf
AC		 121<table class="blanks">
122<tr> <td>By:</td> <td><a href="user?id=<% #usr req %>"><% name %></a></td> </tr>
123<tr> <td>Time:</td> <td><% #stamp req %></td> </tr>
3d2ed222 124<tr> <td>Node:</td> <td><% Web.html (Init.nodeName (#node req)) %></td> </tr>
b6dd1aaf
AC		 125<tr> <td>Request:</td> <td><% #data req %></td> </tr>
126<tr> <td>Msg:</td> <td colspan="2"><% Web.html (#msg req) %></td> </tr>
dfb0d0d7
AC		 127</table>
128
129<br>
130<a href="sec?mod=<% #id req %>">[Modify]</a>
131<a href="sec?del=<% #id req %>">[Delete]</a><br>
132
133<% end
134
135elseif $"cmd" = "list" then
136 showNormal := false;
137 Group.requireGroupName "server"
b6dd1aaf 138 %><h3>All requests</h3><%
dfb0d0d7
AC		 139
140 foreach (name, req) in Sec.Req.list () do %>
141<br><hr><br>
b6dd1aaf
AC		 142<table class="blanks">
143<tr> <td>By:</td> <td colspan="2"><a href="user?id=<% #usr req %>"><% name %></a></td> </tr>
144<tr> <td>Time:</td> <td colspan="2"><% #stamp req %></td> </tr>
3d2ed222 145<tr> <td>Node:</td> <td><% Web.html (Init.nodeName (#node req)) %></td> </tr>
b6dd1aaf
AC		 146<tr> <td>Request:</td> <td><% #data req %></td> </tr>
147<tr> <td>Reason:</td> <td colspan="2"><% Web.html (#msg req) %></td> </tr>
dfb0d0d7
AC		 148</table>
149
150<br>
151<a href="sec?mod=<% #id req %>">[Modify]</a>
152<a href="sec?del=<% #id req %>">[Delete]</a>
153
154<% end
155
156elseif $"mod" <> "" then
157 showNormal := false;
158 Group.requireGroupName "server";
159 val id = Web.stoi ($"mod");
160 val req = Sec.Req.lookup id;
161 val user = Init.lookupUser (#usr req) %>
b6dd1aaf 162<h3>Handle request</h3>
dfb0d0d7
AC		 163
164<form action="sec" method="post">
165<input type="hidden" name="save" value="<% id %>">
b6dd1aaf
AC		 166<table class="blanks">
167<tr> <td>Requestor:</td> <td><a href="user?id=<% #usr req %>"><% #name user %></a></td> </tr>
168<tr> <td>Time:</td> <td><% #stamp req %></td> </tr>
169<tr> <td>Status:</td> <td><select name="status">
dfb0d0d7
AC		 170 <option value="0"<% if #status req = Sec.Req.NEW then %> selected<% end %>>New</option>
171 <option value="1"<% if #status req = Sec.Req.INSTALLED then %> selected<% end %>>Installed</option>
172 <option value="2"<% if #status req = Sec.Req.REJECTED then %> selected<% end %>>Rejected</option>
173</select></td> </tr>
3d2ed222
AC		 174<tr> <td>Node:</td> <td><select name="node">
175<% foreach node in Init.listNodes () do %>
176 <option value="<% #id node %>"<% if nodeNum = #node req then %> selected<% end %>><% Web.html (#name node) %> (<% Web.html (#descr node) %>)</option>
177<% end %></select></td> </tr>
b6dd1aaf
AC		 178<tr> <td>Request:</td> <td><input name="req" value="<% #data req %>"></td> </tr>
179<tr> <td>Message:</td> <td><textarea name="msg" rows="10" cols="80" wrap="soft"><% Web.html (#msg req) %></textarea></td> </tr>
dfb0d0d7
AC		 180<tr> <td><input type="submit" value="Save"></td> </tr>
181</table>
182</form>
183
184<% elseif $"save" <> "" then
185 showNormal := false;
186 Group.requireGroupName "server";
187 val id = Web.stoi ($"save");
188 val req = Sec.Req.lookup id;
189 val oldStatus = #status req;
190 val newStatus = Sec.Req.statusFromInt (Web.stoi ($"status"));
3d2ed222 191 Sec.Req.modify {req with node = nodeNum, data = $"req", msg = $"msg", status = newStatus};
dfb0d0d7 192 if oldStatus <> newStatus then
3d2ed222 193 if not (Sec.Req.notifyMod {old = oldStatus, new = newStatus, changer = Init.getUserName(), req = id}) then
b6dd1aaf 194 %><h3>Error sending e-mail notification</h3><%
dfb0d0d7
AC		 195 end
196 end
b6dd1aaf 197 %><h3>Request modified</h3>
dfb0d0d7
AC		 198 Back to: <a href="sec?cmd=open">open requests</a>, <a href="sec?cmd=list">all requests</a>
199
200<% elseif $"del" <> "" then
201 showNormal := false;
202 Group.requireGroupName "server";
203 val id = Web.stoi ($"del");
204 val req = Sec.Req.lookup id;
205 val user = Init.lookupUser (#usr req)
3d2ed222 206 %><h3>Are you sure you want to delete request by <% #name user %> for "<% #data req %>" on <% Web.html (Init.nodeName (#node req)) %>?</h3>
dfb0d0d7
AC		 207 <a href="sec?del2=<% id %>">Yes, I'm sure!</a>
208
209<% elseif $"del2" <> "" then
210 showNormal := false;
211 Group.requireGroupName "server";
212 val id = Web.stoi ($"del2");
213 Sec.Req.delete id
b6dd1aaf 214 %><h3>Request deleted</b><h3>
dfb0d0d7
AC		 215 Back to: <a href="sec?cmd=open">open requests</a>, <a href="sec?cmd=list">all requests</a>
216
217<% end;
218
219if showNormal then %>
220
3d2ed222
AC		 221<table class="blanks">
222<form action="sec" method="post">
223<input type="hidden" name="uname" value="<% Web.html uname %>">
224<tr> <td>Machines:</td> <td><select name="node">
225<% foreach node in Init.listNodes () do %>
226 <option value="<% #id node %>"<% if nodeNum = #id node then %> selected<% end %>><% Web.html (#name node) %> (<% Web.html (#descr node) %>)</option>
227<% end %></select></td>
228<td><input type="submit" value="Switch"></td> </tr>
229</form>
dfb0d0d7 230<form action="sec" method="post">
3d2ed222
AC		 231<input type="hidden" name="node" value="<% nodeNum %>">
232<tr> <td>Your users:</td> <td><select name="uname">
dfb0d0d7
AC		 233<% foreach name in (yourname :: Sec.findSubusers yourname) do %>
234 <option value="<% name %>"<% if uname = name then %> selected<% end %>><% name %></option>
3d2ed222
AC		 235<% end %></select></td>
236<td><input type="submit" value="Switch"></td> </tr>
237</form>
238</table>
dfb0d0d7 239
b6dd1aaf 240<h3>Request socket permissions change</h3>
dfb0d0d7
AC		 241
242<form action="sec" method="post">
3d2ed222 243<input type="hidden" name="node" value="<% nodeNum %>">
dfb0d0d7
AC		 244<input type="hidden" name="uname" value="<% uname %>">
245<input type="hidden" name="cmd" value="socks">
b6dd1aaf
AC		 246<table class="blanks">
247<tr> <td>New permissions:</td> <td><select name="socks">
dfb0d0d7
AC		 248 <option value="none"<% if socks = Sec.NADA then %> selected<% end %>>None</option>
249 <option value="any"<% if socks = Sec.ANY then %> selected<% end %>>Any</option>
250 <option value="client"<% if socks = Sec.CLIENT_ONLY then %> selected<% end %>>Client only</option>
251 <option value="server"<% if socks = Sec.SERVER_ONLY then %> selected<% end %>>Server only</option>
252</select></td> </tr>
b6dd1aaf 253<tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
dfb0d0d7
AC		 254<tr> <td><input type="submit" value="Request"></td> </tr>
255</table>
256</form>
257
b6dd1aaf 258<h3>Request change to your execute permissions</h3>
dfb0d0d7
AC		 259
260<form action="sec" method="post">
3d2ed222 261<input type="hidden" name="node" value="<% nodeNum %>">
dfb0d0d7
AC		 262<input type="hidden" name="uname" value="<% uname %>">
263<input type="hidden" name="cmd" value="tpe">
b6dd1aaf
AC		 264<table class="blanks">
265<tr> <td>Trusted path executables only?</td> <td><select name="tpe">
dfb0d0d7
AC		 266 <option value="no"<% if not tpe then %> selected<% end %>>No</option>
267 <option value="yes"<% if tpe then %> selected<% end %>>Yes</option>
268</select></td> </tr>
b6dd1aaf 269<tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
dfb0d0d7
AC		 270<tr> <td><input type="submit" value="Request"></td> </tr>
271</table>
272</form>
273
b6dd1aaf 274<h3>Request change to your <tt>cron</tt> permissions</h3>
e510b9bd
AC		 275
276<form action="sec" method="post">
3d2ed222 277<input type="hidden" name="node" value="<% nodeNum %>">
e510b9bd
AC		 278<input type="hidden" name="uname" value="<% uname %>">
279<input type="hidden" name="cmd" value="cron">
b6dd1aaf
AC		 280<table class="blanks">
281<tr> <td>Allowed to use cron?</td> <td><select name="cron">
18eeb749 282 <option value="no"<% if not cron then %> selected<% end %>>No</option>
e510b9bd
AC		 283 <option value="yes"<% if cron then %> selected<% end %>>Yes</option>
284</select></td> </tr>
b6dd1aaf 285<tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
e510b9bd
AC		 286<tr> <td><input type="submit" value="Request"></td> </tr>
287</table>
288</form>
289
b6dd1aaf 290<h3>Request change to your FTP permissions</h3>
f432bce2 291
18eeb749
AC		 292<p>Please read <a href="http://wiki.hcoop.net/wiki/FileTransfer">our wiki instructions on file transfer</a> before requesting FTP access. Almost everyone should use alternative protocols to FTP that provide superior security benefits.</p>
293
f432bce2 294<form action="sec" method="post">
3d2ed222 295<input type="hidden" name="node" value="<% nodeNum %>">
f432bce2
AC		 296<input type="hidden" name="uname" value="<% uname %>">
297<input type="hidden" name="cmd" value="ftp">
b6dd1aaf
AC		 298<table class="blanks">
299<tr> <td>Allowed to use FTP?</td> <td><select name="ftp">
f432bce2
AC		 300 <option value="no"<% if not ftp then %> selected<% end %>>No</option>
301 <option value="yes"<% if ftp then %> selected<% end %>>Yes</option>
302</select></td> </tr>
b6dd1aaf 303<tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
f432bce2
AC		 304<tr> <td><input type="submit" value="Request"></td> </tr>
305</table>
306</form>
307
3d2ed222 308<% val rules = Sec.findFirewallRules {node = nodeNum, uname = uname};
e510b9bd
AC		 309switch rules of
310 _::_ => %>
b6dd1aaf 311<h3>Your firewall rules</h3>
e510b9bd
AC		 312
313<% foreach rule in rules do %>
314<form action="sec" method="post">
3d2ed222 315<input type="hidden" name="node" value="<% nodeNum %>">
e510b9bd
AC		 316<input type="hidden" name="uname" value="<% uname %>">
317<input type="hidden" name="modRule" value="<% Web.html rule %>">
318<input name="rule" value="<% Web.html rule %>">
319<a href="sec?delRule=<% Web.urlEncode rule %>">[Request deletion]</a>
320<input type="submit" value="Request change">
321</form><br>
322<% end
323end%>
324
b6dd1aaf 325<h3>Request a new firewall rule</h3>
e510b9bd
AC		 326
327<p>You can find a description of rule formats <a href="http://wiki.hcoop.net/wiki/FirewallRules">on our wiki</a>. Enter here the rule you want, without the initial <tt>user</tt> portion.</p>
328
18eeb749
AC		 329<p>Please note that <b>your firewall rule will be useless</b> if you don't first request the corresponding socket privileges at the top of this page.</p>
330
e510b9bd 331<form action="sec" method="post">
3d2ed222 332<input type="hidden" name="node" value="<% nodeNum %>">
e510b9bd
AC		 333<input type="hidden" name="uname" value="<% uname %>">
334<input type="hidden" name="cmd" value="rule">
b6dd1aaf
AC		 335<table class="blanks">
336<tr> <td>Rule</td> <td><input name="rule" size="80"></td> </tr>
337<tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
e510b9bd
AC		 338<tr> <td><input type="submit" value="Request"></td> </tr>
339</table>
340</form>
341
dfb0d0d7
AC		 342<% end %>
343
344<% @footer[] %>
Unnamed repository; edit this file 'description' to name the repository.