[hcoop/portal.git] / secnormal.mlt

<%
val uname = $"uname";
val nodeNum = case $"nodeNum" of node => Web.stoi node;
val nodeName = Init.nodeName nodeNum;
val yourname = Init.getUserName ();
%>

<script src="//code.jquery.com/jquery-1.10.2.js"></script>
<script src="//code.jquery.com/ui/1.11.2/jquery-ui.js"></script>
<script>
$(function()
  {
      $("#secTabs").tabs();
      /* Hide elements included to allow non-js clients to have a readable page */
      $(".secTabGraceful").css("display", "none");
  });
</script>

<form action="sec" method="post">
<input type="hidden" name="node" value="<% nodeNum %>">
<table class="blanks">
<tr> <td>Your users:</td> <td><select name="uname">
<% foreach name in (yourname :: Sec.findSubusers yourname) do %>
	<option value="<% name %>"<% if uname = name then %> selected<% end %>><% name %></option>
<% end %></select></td>
<td><input type="submit" value="Switch"></td> </tr>
</table>
</form>

<style type="text/css">
@import url('//code.jquery.com/ui/1.11.2/themes/smoothness/jquery-ui.css');
</style>

<div id="secTabs" style="float: right;">
<h2 class="secTabGraceful">Machines</h2>
<ul>
<% foreach node in Init.listNodes () do %>
   <li><a href="#secTab-<% #id node %>"><% Web.html (#name node) %></a></li>
<% end %>
</ul>

<% foreach node in Init.listNodes () do
      val nodeNum = #id node;
      val socks = Sec.socketPerms {node = nodeNum, uname = uname};
      val tpe = Sec.isTpe {node = nodeNum, uname = uname};
      val cron = Sec.cronAllowed {node = nodeNum, uname = uname}; %>
<div id="secTab-<% #id node %>">
<h2 class="secTabGraceful"><% Web.html (#name node) %></h2>
<p><% Web.html (#descr node) %></p>
<!--h3>Request socket permissions change</h3>

<p>You need to request socket permissions before you are able to open any network connections. While you will be limited by firewall rules even then, any requests for firewall rules you enter in the "Reason" blank here <b>will be ignored</b>. Please use the separate form at the bottom of this page for that. There is no need to wait until a request for socket permissions has been granted before starting to request firewall rules.</p>

<p>Keep in mind that, if your request is granted, it will never apply to existing log-in sessions. Close them and re-connect to take advantage of your new privileges.</p>

<form action="sec" method="post">
<input type="hidden" name="node" value="<% nodeNum %>">
<input type="hidden" name="uname" value="<% uname %>">
<input type="hidden" name="cmd" value="socks">
<table class="blanks">
<tr> <td>New permissions:</td> <td><select name="socks">
	<option value="none"<% if socks = Sec.NADA then %> selected<% end %>>None</option>
	<option value="any"<% if socks = Sec.ANY then %> selected<% end %>>Any</option>
	<option value="client"<% if socks = Sec.CLIENT_ONLY then %> selected<% end %>>Client only</option>
	<option value="server"<% if socks = Sec.SERVER_ONLY then %> selected<% end %>>Server only</option>
</select></td> </tr>
<tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
<tr> <td><input type="submit" value="Request"></td> </tr>
</table>
</form>

<h3>Request change to your execute permissions</h3>

<form action="sec" method="post">
<input type="hidden" name="node" value="<% nodeNum %>">
<input type="hidden" name="uname" value="<% uname %>">
<input type="hidden" name="cmd" value="tpe">
<table class="blanks">
<tr> <td>Trusted path executables only?</td> <td><select name="tpe">
	<option value="no"<% if not tpe then %> selected<% end %>>No</option>
	<option value="yes"<% if tpe then %> selected<% end %>>Yes</option>
</select></td> </tr>
<tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
<tr> <td><input type="submit" value="Request"></td> </tr>
</table>
</form-->
<!--
<h3>Request change to your <tt>cron</tt> permissions</h3>

<form action="sec" method="post">
<input type="hidden" name="node" value="<% nodeNum %>">
<input type="hidden" name="uname" value="<% uname %>">
<input type="hidden" name="cmd" value="cron">
<table class="blanks">
<tr> <td>Allowed to use cron?</td> <td><select name="cron">
	<option value="no"<% if not cron then %> selected<% end %>>No</option>
	<option value="yes"<% if cron then %> selected<% end %>>Yes</option>
</select></td> </tr>
<tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
<tr> <td><input type="submit" value="Request"></td> </tr>
</table>
</form>
-->
<% val rules = Sec.findFirewallRules {node = nodeNum, uname = uname};
switch rules of
  _::_ => %>
<h3>Your firewall rules</h3>

<% foreach rule in rules do %>
<form action="sec" method="post">
<input type="hidden" name="node" value="<% nodeNum %>">
<input type="hidden" name="uname" value="<% uname %>">
<input type="hidden" name="modRule" value="<% Web.html rule %>">
<label>Node: <% nodeName %> <input name="rule" value="<% Web.html rule %>"></label>
<a href="sec?delRule=<% Web.urlEncode rule %>">[Request deletion]</a>
<input type="submit" value="Request change">
</form><br>
<% end
end%>

<h3>Request a new firewall rule</h3>

<p>You can find a description of rule formats <a href="http://wiki.hcoop.net/FirewallRules">on our wiki</a>. Enter here the rule you want, without the initial <tt>user</tt> portion. We also <a href="http://wiki.hcoop.net/FirewallRules#Common_Rules">allow all members access to some services</a> if they are commonly requested.</p>

<p>When requesting a <tt>Server</tt> or <tt>ProxiedServer</tt> rule, use a port above <tt>50000</tt> (there is a list of <a href="http://wiki.hcoop.net/AllocatedFirewallPorts">allocated ports</a>). We may grant <tt>Server</tt> requests for ports under <tt>50000</tt> if it can be justified, but never for a <tt>ProxiedServer</tt>.</p>

<p>We very rarely grant requests for Client rules that don't include remote host whitelists. For example, important security concerns make it a bad idea for us to give anybody blanket IRC permissions. Instead, request specific servers. We will refuse such requests that include networks that are popularly considered fronts for illegal activity.</p>

<form action="sec" method="post">
<input type="hidden" name="node" value="<% nodeNum %>">
<input type="hidden" name="uname" value="<% uname %>">
<input type="hidden" name="cmd" value="rule">
<table class="blanks">
<tr> <td>Rule</td> <td><input name="rule" size="80"></td> </tr>
<tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
<tr> <td><input type="submit" value="Request"></td> </tr>
</table>
</form>
</div>
<% end %>
</div>
Commit	Line	Data
22073500 CE	1	<%
	2	val uname = $"uname";
	3	val nodeNum = case $"nodeNum" of node => Web.stoi node;
	4	val nodeName = Init.nodeName nodeNum;
	5	val yourname = Init.getUserName ();
22073500	6	%>
b15c888f CE	7
	8	<script src="//code.jquery.com/jquery-1.10.2.js"></script>
	9	<script src="//code.jquery.com/ui/1.11.2/jquery-ui.js"></script>
	10	<script>
	11	$(function()
	12	{
	13	$("#secTabs").tabs();
	14	/* Hide elements included to allow non-js clients to have a readable page */
	15	$(".secTabGraceful").css("display", "none");
	16	});
	17	</script>
	18
22073500 CE	19	<form action="sec" method="post">
22073500 CE	20	<input type="hidden" name="node" value="<% nodeNum %>">
b15c888f	21	<table class="blanks">
22073500 CE	22	<tr> <td>Your users:</td> <td><select name="uname">
	23	<% foreach name in (yourname :: Sec.findSubusers yourname) do %>
	24	<option value="<% name %>"<% if uname = name then %> selected<% end %>><% name %></option>
	25	<% end %></select></td>
	26	<td><input type="submit" value="Switch"></td> </tr>
22073500	27	</table>
b15c888f	28	</form>
22073500	29
b15c888f CE	30	<style type="text/css">
	31	@import url('//code.jquery.com/ui/1.11.2/themes/smoothness/jquery-ui.css');
	32	</style>
	33
	34	<div id="secTabs" style="float: right;">
	35	<h2 class="secTabGraceful">Machines</h2>
	36	<ul>
	37	<% foreach node in Init.listNodes () do %>
	38	<li><a href="#secTab-<% #id node %>"><% Web.html (#name node) %></a></li>
	39	<% end %>
	40	</ul>
	41
	42	<% foreach node in Init.listNodes () do
	43	val nodeNum = #id node;
	44	val socks = Sec.socketPerms {node = nodeNum, uname = uname};
	45	val tpe = Sec.isTpe {node = nodeNum, uname = uname};
	46	val cron = Sec.cronAllowed {node = nodeNum, uname = uname}; %>
	47	<div id="secTab-<% #id node %>">
	48	<h2 class="secTabGraceful"><% Web.html (#name node) %></h2>
	49	<p><% Web.html (#descr node) %></p>
22073500 CE	50	<!--h3>Request socket permissions change</h3>
	51
	52	<p>You need to request socket permissions before you are able to open any network connections. While you will be limited by firewall rules even then, any requests for firewall rules you enter in the "Reason" blank here <b>will be ignored</b>. Please use the separate form at the bottom of this page for that. There is no need to wait until a request for socket permissions has been granted before starting to request firewall rules.</p>
	53
	54	<p>Keep in mind that, if your request is granted, it will never apply to existing log-in sessions. Close them and re-connect to take advantage of your new privileges.</p>
	55
	56	<form action="sec" method="post">
	57	<input type="hidden" name="node" value="<% nodeNum %>">
	58	<input type="hidden" name="uname" value="<% uname %>">
	59	<input type="hidden" name="cmd" value="socks">
	60	<table class="blanks">
	61	<tr> <td>New permissions:</td> <td><select name="socks">
	62	<option value="none"<% if socks = Sec.NADA then %> selected<% end %>>None</option>
	63	<option value="any"<% if socks = Sec.ANY then %> selected<% end %>>Any</option>
	64	<option value="client"<% if socks = Sec.CLIENT_ONLY then %> selected<% end %>>Client only</option>
	65	<option value="server"<% if socks = Sec.SERVER_ONLY then %> selected<% end %>>Server only</option>
	66	</select></td> </tr>
	67	<tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
	68	<tr> <td><input type="submit" value="Request"></td> </tr>
	69	</table>
	70	</form>
	71
	72	<h3>Request change to your execute permissions</h3>
	73
	74	<form action="sec" method="post">
	75	<input type="hidden" name="node" value="<% nodeNum %>">
	76	<input type="hidden" name="uname" value="<% uname %>">
	77	<input type="hidden" name="cmd" value="tpe">
	78	<table class="blanks">
	79	<tr> <td>Trusted path executables only?</td> <td><select name="tpe">
	80	<option value="no"<% if not tpe then %> selected<% end %>>No</option>
	81	<option value="yes"<% if tpe then %> selected<% end %>>Yes</option>
	82	</select></td> </tr>
	83	<tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
	84	<tr> <td><input type="submit" value="Request"></td> </tr>
	85	</table>
	86	</form-->
9d1638a1	87	<!--
22073500 CE	88	<h3>Request change to your <tt>cron</tt> permissions</h3>
	89
	90	<form action="sec" method="post">
	91	<input type="hidden" name="node" value="<% nodeNum %>">
	92	<input type="hidden" name="uname" value="<% uname %>">
	93	<input type="hidden" name="cmd" value="cron">
	94	<table class="blanks">
	95	<tr> <td>Allowed to use cron?</td> <td><select name="cron">
	96	<option value="no"<% if not cron then %> selected<% end %>>No</option>
	97	<option value="yes"<% if cron then %> selected<% end %>>Yes</option>
	98	</select></td> </tr>
	99	<tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
	100	<tr> <td><input type="submit" value="Request"></td> </tr>
	101	</table>
	102	</form>
9d1638a1	103	-->
22073500 CE	104	<% val rules = Sec.findFirewallRules {node = nodeNum, uname = uname};
	105	switch rules of
	106	_::_ => %>
	107	<h3>Your firewall rules</h3>
	108
	109	<% foreach rule in rules do %>
	110	<form action="sec" method="post">
	111	<input type="hidden" name="node" value="<% nodeNum %>">
	112	<input type="hidden" name="uname" value="<% uname %>">
	113	<input type="hidden" name="modRule" value="<% Web.html rule %>">
	114	<label>Node: <% nodeName %> <input name="rule" value="<% Web.html rule %>"></label>
	115	<a href="sec?delRule=<% Web.urlEncode rule %>">[Request deletion]</a>
	116	<input type="submit" value="Request change">
	117	</form><br>
	118	<% end
	119	end%>
	120
	121	<h3>Request a new firewall rule</h3>
	122
	123	<p>You can find a description of rule formats <a href="http://wiki.hcoop.net/FirewallRules">on our wiki</a>. Enter here the rule you want, without the initial <tt>user</tt> portion. We also <a href="http://wiki.hcoop.net/FirewallRules#Common_Rules">allow all members access to some services</a> if they are commonly requested.</p>
	124
	125	<p>When requesting a <tt>Server</tt> or <tt>ProxiedServer</tt> rule, use a port above <tt>50000</tt> (there is a list of <a href="http://wiki.hcoop.net/AllocatedFirewallPorts">allocated ports</a>). We may grant <tt>Server</tt> requests for ports under <tt>50000</tt> if it can be justified, but never for a <tt>ProxiedServer</tt>.</p>
	126
	127	<p>We very rarely grant requests for Client rules that don't include remote host whitelists. For example, important security concerns make it a bad idea for us to give anybody blanket IRC permissions. Instead, request specific servers. We will refuse such requests that include networks that are popularly considered fronts for illegal activity.</p>
	128
	129	<form action="sec" method="post">
	130	<input type="hidden" name="node" value="<% nodeNum %>">
	131	<input type="hidden" name="uname" value="<% uname %>">
	132	<input type="hidden" name="cmd" value="rule">
	133	<table class="blanks">
	134	<tr> <td>Rule</td> <td><input name="rule" size="80"></td> </tr>
	135	<tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
	136	<tr> <td><input type="submit" value="Request"></td> </tr>
	137	</table>
	138	</form>
b15c888f CE	139	</div>
	140	<% end %>
	141	</div>
	142
	143