Commit | Line | Data |
---|---|---|
dfb0d0d7 AC |
1 | <% val you = Init.getUserId (); |
2 | val yourname = Init.getUserName (); | |
3 | ||
4 | val uname = case $"uname" of | |
5 | "" => yourname | |
6 | | uname => uname; | |
7 | ||
8 | val socks = Sec.socketPerms uname; | |
9 | val tpe = Sec.isTpe uname; | |
e510b9bd | 10 | val cron = Sec.cronAllowed uname; |
f432bce2 | 11 | val ftp = Sec.ftpAllowed uname; |
dfb0d0d7 AC |
12 | |
13 | ref showNormal = true; | |
14 | ||
15 | @header [("title", ["Security settings"])]; | |
16 | ||
17 | if $"cmd" = "socks" then | |
18 | showNormal := false; | |
19 | val socks = $"socks"; | |
20 | %>Are you sure you want to request that socket permissions for <b><% Web.html uname %></b> be changed to <b><% Web.html socks %></b>?<br> | |
21 | <a href="sec?cmd=socks2&uname=<% Web.urlEncode uname %>&socks=<% Web.urlEncode socks %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% | |
22 | elseif $"cmd" = "socks2" then | |
23 | val id = Sec.Req.add (you, String.concat [uname, ": change socket permissions to ", $"socks"], $"msg"); | |
24 | if not (Sec.Req.notifyNew id) then | |
25 | %><h3><b>Error sending e-mail notification</b></h3><% | |
26 | end | |
27 | %><h3><b>Request added</b></h3><% | |
28 | ||
29 | elseif $"cmd" = "tpe" then | |
30 | showNormal := false; | |
31 | val tpe = iff $"tpe" = "yes" then "on" else "off"; | |
32 | %>Are you sure you want to request that trusted-path-executables-only for <b><% Web.html uname %></b> be turned <b><% tpe %></b>?<br> | |
33 | <a href="sec?cmd=tpe2&uname=<% Web.urlEncode uname %>&tpe=<% tpe %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% | |
34 | elseif $"cmd" = "tpe2" then | |
35 | val id = Sec.Req.add (you, String.concat [uname, ": turn tpe ", $"tpe"], $"msg"); | |
36 | if not (Sec.Req.notifyNew id) then | |
37 | %><h3><b>Error sending e-mail notification</b></h3><% | |
38 | end | |
39 | %><h3><b>Request added</b></h3><% | |
40 | ||
e510b9bd AC |
41 | elseif $"cmd" = "cron" then |
42 | showNormal := false; | |
43 | val cron = iff $"cron" = "yes" then "enabled" else "disabled"; | |
44 | %>Are you sure you want to request that <tt>cron</tt> permissions for <b><% Web.html uname %></b> be <b><% cron %></b>?<br> | |
45 | <a href="sec?cmd=cron2&uname=<% Web.urlEncode uname %>&cron=<% cron %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% | |
46 | elseif $"cmd" = "cron2" then | |
47 | val cron = iff $"cron" = "enabled" then "enable" else "disable"; | |
48 | val id = Sec.Req.add (you, String.concat [uname, ": ", cron, " cron access"], $"msg"); | |
49 | if not (Sec.Req.notifyNew id) then | |
50 | %><h3><b>Error sending e-mail notification</b></h3><% | |
51 | end | |
52 | %><h3><b>Request added</b></h3><% | |
53 | ||
f432bce2 AC |
54 | elseif $"cmd" = "ftp" then |
55 | showNormal := false; | |
56 | val ftp = iff $"ftp" = "yes" then "enabled" else "disabled"; | |
57 | %>Are you sure you want to request that FTP permissions for <b><% Web.html uname %></b> be <b><% ftp %></b>?<br> | |
58 | <a href="sec?cmd=ftp2&uname=<% Web.urlEncode uname %>&ftp=<% ftp %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% | |
59 | elseif $"cmd" = "ftp2" then | |
60 | val ftp = iff $"ftp" = "enabled" then "enable" else "disable"; | |
61 | val id = Sec.Req.add (you, String.concat [uname, ": ", ftp, " FTP access"], $"msg"); | |
62 | if not (Sec.Req.notifyNew id) then | |
63 | %><h3><b>Error sending e-mail notification</b></h3><% | |
64 | end | |
65 | %><h3><b>Request added</b></h3><% | |
66 | ||
e510b9bd AC |
67 | elseif $"cmd" = "rule" then |
68 | showNormal := false; | |
69 | val rule = $"rule"; | |
70 | %>Are you sure you want to request the firewall rule <b><% Web.html uname %> <% Web.html rule %></b>?<br> | |
71 | <a href="sec?cmd=rule2&uname=<% Web.urlEncode uname %>&rule=<% Web.urlEncode rule %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% | |
72 | elseif $"cmd" = "rule2" then | |
73 | val id = Sec.Req.add (you, String.concat ["Add firewall rule \"", uname, " ", $"rule", "\""], $"msg"); | |
74 | if not (Sec.Req.notifyNew id) then | |
75 | %><h3><b>Error sending e-mail notification</b></h3><% | |
76 | end | |
77 | %><h3><b>Request added</b></h3><% | |
78 | ||
79 | elseif $"modRule" <> "" then | |
80 | showNormal := false; | |
81 | val oldRule = $"modRule"; | |
82 | val rule = $"rule" | |
83 | if oldRule = rule then | |
84 | %>You didn't modify the textbox for this rule before clicking the button, so there is no request to be made.<% | |
85 | else | |
86 | %>Are you sure you want to request that firewall rule <b><% Web.html uname %> <% Web.html oldRule %></b> be replaced by <b><% Web.html uname %> <% Web.html rule %></b>?<br> | |
87 | <a href="sec?uname=<% Web.urlEncode uname %>&modRule2=<% Web.urlEncode oldRule %>&rule=<% Web.urlEncode rule %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% | |
88 | end | |
89 | elseif $"modRule2" <> "" then | |
90 | val id = Sec.Req.add (you, String.concat ["Change firewall rule \"", uname, " ", $"modRule2", "\" to \"", uname, " ", $"rule", "\""], $"msg"); | |
91 | if not (Sec.Req.notifyNew id) then | |
92 | %><h3><b>Error sending e-mail notification</b></h3><% | |
93 | end | |
94 | %><h3><b>Request added</b></h3><% | |
95 | ||
96 | elseif $"delRule" <> "" then | |
97 | showNormal := false; | |
98 | val oldRule = $"delRule"; | |
99 | %>Are you sure you want to request that firewall rule <b><% Web.html uname %> <% Web.html oldRule %></b> be <b>deleted</b>?<br> | |
100 | <a href="sec?uname=<% Web.urlEncode uname %>&delRule2=<% Web.urlEncode oldRule %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% | |
101 | elseif $"delRule2" <> "" then | |
102 | val id = Sec.Req.add (you, String.concat ["Delete firewall rule \"", uname, " ", $"delRule2", "\""], $"msg"); | |
103 | if not (Sec.Req.notifyNew id) then | |
104 | %><h3><b>Error sending e-mail notification</b></h3><% | |
105 | end | |
106 | %><h3><b>Request added</b></h3><% | |
107 | ||
dfb0d0d7 AC |
108 | elseif $"cmd" = "open" then |
109 | showNormal := false; | |
110 | Group.requireGroupName "server"; | |
111 | %><h3><b>Open requests</b></h3> | |
112 | <a href="sec?cmd=list">List all requests</a><% | |
113 | ||
114 | foreach (name, req) in Sec.Req.listOpen () do %> | |
115 | <br><hr><br> | |
116 | <table> | |
117 | <tr> <td align="right"><b>By</b>:</td> <td><a href="user?id=<% #usr req %>"><% name %></a></td> </tr> | |
118 | <tr> <td align="right"><b>Time</b>:</td> <td><% #stamp req %></td> </tr> | |
119 | <tr> <td align="right"><b>Request</b>:</td> <td><% #data req %></td> </tr> | |
120 | <tr> <td align="right" valign="top"><b>Msg</b>:</td> <td colspan="2"><% Web.html (#msg req) %></td> </tr> | |
121 | </table> | |
122 | ||
123 | <br> | |
124 | <a href="sec?mod=<% #id req %>">[Modify]</a> | |
125 | <a href="sec?del=<% #id req %>">[Delete]</a><br> | |
126 | ||
127 | <% end | |
128 | ||
129 | elseif $"cmd" = "list" then | |
130 | showNormal := false; | |
131 | Group.requireGroupName "server" | |
132 | %><h3><b>All requests</b></h3><% | |
133 | ||
134 | foreach (name, req) in Sec.Req.list () do %> | |
135 | <br><hr><br> | |
136 | <table> | |
137 | <tr> <td align="right"><b>By</b>:</td> <td colspan="2"><a href="user?id=<% #usr req %>"><% name %></a></td> </tr> | |
138 | <tr> <td align="right"><b>Time</b>:</td> <td colspan="2"><% #stamp req %></td> </tr> | |
139 | <tr> <td align="right"><b>Request</b>:</td> <td><% #data req %></td> </tr> | |
140 | <tr> <td align="right" valign="top"><b>Reason</b>:</td> <td colspan="2"><% Web.html (#msg req) %></td> </tr> | |
141 | </table> | |
142 | ||
143 | <br> | |
144 | <a href="sec?mod=<% #id req %>">[Modify]</a> | |
145 | <a href="sec?del=<% #id req %>">[Delete]</a> | |
146 | ||
147 | <% end | |
148 | ||
149 | elseif $"mod" <> "" then | |
150 | showNormal := false; | |
151 | Group.requireGroupName "server"; | |
152 | val id = Web.stoi ($"mod"); | |
153 | val req = Sec.Req.lookup id; | |
154 | val user = Init.lookupUser (#usr req) %> | |
155 | <h3><b>Handle request</b></h3> | |
156 | ||
157 | <form action="sec" method="post"> | |
158 | <input type="hidden" name="save" value="<% id %>"> | |
159 | <table> | |
160 | <tr> <td align="right"><b>Requestor</b>:</td> <td><a href="user?id=<% #usr req %>"><% #name user %></a></td> </tr> | |
161 | <tr> <td align="right"><b>Time</b>:</td> <td><% #stamp req %></td> </tr> | |
162 | <tr> <td align="right"><b>Status</b>:</td> <td><select name="status"> | |
163 | <option value="0"<% if #status req = Sec.Req.NEW then %> selected<% end %>>New</option> | |
164 | <option value="1"<% if #status req = Sec.Req.INSTALLED then %> selected<% end %>>Installed</option> | |
165 | <option value="2"<% if #status req = Sec.Req.REJECTED then %> selected<% end %>>Rejected</option> | |
166 | </select></td> </tr> | |
167 | <tr> <td align="right"><b>Request</b>:</td> <td><input name="req" value="<% #data req %>"></td> </tr> | |
168 | <tr> <td align="right" valign="top"><b>Message</b>:</td> <td><textarea name="msg" rows="10" cols="80" wrap="soft"><% Web.html (#msg req) %></textarea></td> </tr> | |
169 | <tr> <td><input type="submit" value="Save"></td> </tr> | |
170 | </table> | |
171 | </form> | |
172 | ||
173 | <% elseif $"save" <> "" then | |
174 | showNormal := false; | |
175 | Group.requireGroupName "server"; | |
176 | val id = Web.stoi ($"save"); | |
177 | val req = Sec.Req.lookup id; | |
178 | val oldStatus = #status req; | |
179 | val newStatus = Sec.Req.statusFromInt (Web.stoi ($"status")); | |
180 | Sec.Req.modify {req with data = $"req", msg = $"msg", status = newStatus}; | |
181 | if oldStatus <> newStatus then | |
182 | if not (Sec.Req.notifyMod (oldStatus, newStatus, Init.getUserName(), id)) then | |
183 | %><h3><b>Error sending e-mail notification</b></h3><% | |
184 | end | |
185 | end | |
186 | %><h3><b>Request modified</b></h3> | |
187 | Back to: <a href="sec?cmd=open">open requests</a>, <a href="sec?cmd=list">all requests</a> | |
188 | ||
189 | <% elseif $"del" <> "" then | |
190 | showNormal := false; | |
191 | Group.requireGroupName "server"; | |
192 | val id = Web.stoi ($"del"); | |
193 | val req = Sec.Req.lookup id; | |
194 | val user = Init.lookupUser (#usr req) | |
195 | %><h3><b>Are you sure you want to delete request by <% #name user %> for "<% #data req %>"?</b></h3> | |
196 | <a href="sec?del2=<% id %>">Yes, I'm sure!</a> | |
197 | ||
198 | <% elseif $"del2" <> "" then | |
199 | showNormal := false; | |
200 | Group.requireGroupName "server"; | |
201 | val id = Web.stoi ($"del2"); | |
202 | Sec.Req.delete id | |
203 | %><h3><b>Request deleted</b><h3> | |
204 | Back to: <a href="sec?cmd=open">open requests</a>, <a href="sec?cmd=list">all requests</a> | |
205 | ||
206 | <% end; | |
207 | ||
208 | if showNormal then %> | |
209 | ||
210 | <form action="sec" method="post"> | |
211 | <b>Your users:</b> <select name="uname"> | |
212 | <% foreach name in (yourname :: Sec.findSubusers yourname) do %> | |
213 | <option value="<% name %>"<% if uname = name then %> selected<% end %>><% name %></option> | |
214 | <% end %></select> <input type="submit" value="Switch"> </form> | |
215 | ||
216 | <h3><b>Request socket permissions change</b></h3> | |
217 | ||
218 | <form action="sec" method="post"> | |
219 | <input type="hidden" name="uname" value="<% uname %>"> | |
220 | <input type="hidden" name="cmd" value="socks"> | |
221 | <table> | |
222 | <tr> <td align="right"><b>New permissions:</b></td> <td><select name="socks"> | |
223 | <option value="none"<% if socks = Sec.NADA then %> selected<% end %>>None</option> | |
224 | <option value="any"<% if socks = Sec.ANY then %> selected<% end %>>Any</option> | |
225 | <option value="client"<% if socks = Sec.CLIENT_ONLY then %> selected<% end %>>Client only</option> | |
226 | <option value="server"<% if socks = Sec.SERVER_ONLY then %> selected<% end %>>Server only</option> | |
227 | </select></td> </tr> | |
228 | <tr> <td align="right" valign="top"><b>Reason:</b></td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr> | |
229 | <tr> <td><input type="submit" value="Request"></td> </tr> | |
230 | </table> | |
231 | </form> | |
232 | ||
233 | <h3><b>Request change to your execute permissions</b></h3> | |
234 | ||
235 | <form action="sec" method="post"> | |
236 | <input type="hidden" name="uname" value="<% uname %>"> | |
237 | <input type="hidden" name="cmd" value="tpe"> | |
238 | <table> | |
239 | <tr> <td align="right"><b>Trusted path executables only?</b></td> <td><select name="tpe"> | |
240 | <option value="no"<% if not tpe then %> selected<% end %>>No</option> | |
241 | <option value="yes"<% if tpe then %> selected<% end %>>Yes</option> | |
242 | </select></td> </tr> | |
243 | <tr> <td align="right" valign="top"><b>Reason:</b></td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr> | |
244 | <tr> <td><input type="submit" value="Request"></td> </tr> | |
245 | </table> | |
246 | </form> | |
247 | ||
e510b9bd AC |
248 | <h3><b>Request change to your <tt>cron</tt> permissions</b></h3> |
249 | ||
250 | <form action="sec" method="post"> | |
251 | <input type="hidden" name="uname" value="<% uname %>"> | |
252 | <input type="hidden" name="cmd" value="cron"> | |
253 | <table> | |
254 | <tr> <td align="right"><b>Allowed to use cron?</b></td> <td><select name="cron"> | |
255 | <option value="no"<% if not cron then %> selected<% end %>>No</option> | |
256 | <option value="yes"<% if cron then %> selected<% end %>>Yes</option> | |
257 | </select></td> </tr> | |
258 | <tr> <td align="right" valign="top"><b>Reason:</b></td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr> | |
259 | <tr> <td><input type="submit" value="Request"></td> </tr> | |
260 | </table> | |
261 | </form> | |
262 | ||
f432bce2 AC |
263 | <h3><b>Request change to your FTP permissions</b></h3> |
264 | ||
265 | <form action="sec" method="post"> | |
266 | <input type="hidden" name="uname" value="<% uname %>"> | |
267 | <input type="hidden" name="cmd" value="ftp"> | |
268 | <table> | |
269 | <tr> <td align="right"><b>Allowed to use FTP?</b></td> <td><select name="ftp"> | |
270 | <option value="no"<% if not ftp then %> selected<% end %>>No</option> | |
271 | <option value="yes"<% if ftp then %> selected<% end %>>Yes</option> | |
272 | </select></td> </tr> | |
273 | <tr> <td align="right" valign="top"><b>Reason:</b></td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr> | |
274 | <tr> <td><input type="submit" value="Request"></td> </tr> | |
275 | </table> | |
276 | </form> | |
277 | ||
e510b9bd AC |
278 | <% val rules = Sec.findFirewallRules uname; |
279 | switch rules of | |
280 | _::_ => %> | |
281 | <h3><b>Your firewall rules</b></h3> | |
282 | ||
283 | <% foreach rule in rules do %> | |
284 | <form action="sec" method="post"> | |
285 | <input type="hidden" name="uname" value="<% uname %>"> | |
286 | <input type="hidden" name="modRule" value="<% Web.html rule %>"> | |
287 | <input name="rule" value="<% Web.html rule %>"> | |
288 | <a href="sec?delRule=<% Web.urlEncode rule %>">[Request deletion]</a> | |
289 | <input type="submit" value="Request change"> | |
290 | </form><br> | |
291 | <% end | |
292 | end%> | |
293 | ||
294 | <h3><b>Request a new firewall rule</b></h3> | |
295 | ||
296 | <p>You can find a description of rule formats <a href="http://wiki.hcoop.net/wiki/FirewallRules">on our wiki</a>. Enter here the rule you want, without the initial <tt>user</tt> portion.</p> | |
297 | ||
298 | <form action="sec" method="post"> | |
299 | <input type="hidden" name="uname" value="<% uname %>"> | |
300 | <input type="hidden" name="cmd" value="rule"> | |
301 | <table> | |
302 | <tr> <td align="right"><b>Rule</b></td> <td><input name="rule" size="80"></td> </tr> | |
303 | <tr> <td align="right" valign="top"><b>Reason:</b></td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr> | |
304 | <tr> <td><input type="submit" value="Request"></td> </tr> | |
305 | </table> | |
306 | </form> | |
307 | ||
dfb0d0d7 AC |
308 | <% end %> |
309 | ||
310 | <% @footer[] %> |