| 1 | <% val you = Init.getUserId (); |
| 2 | val yourname = Init.getUserName (); |
| 3 | |
| 4 | val nodeNum = case $"node" of |
| 5 | "" => 6 |
| 6 | | node => Web.stoi node; |
| 7 | val nodeName = Init.nodeName nodeNum; |
| 8 | |
| 9 | val uname = case $"uname" of |
| 10 | "" => yourname |
| 11 | | uname => uname; |
| 12 | |
| 13 | val socks = Sec.socketPerms {node = nodeNum, uname = uname}; |
| 14 | val tpe = Sec.isTpe {node = nodeNum, uname = uname}; |
| 15 | val cron = Sec.cronAllowed {node = nodeNum, uname = uname}; |
| 16 | |
| 17 | ref showNormal = true; |
| 18 | |
| 19 | @header [("title", ["Security settings"])]; |
| 20 | |
| 21 | if $"cmd" = "socks" then |
| 22 | showNormal := false; |
| 23 | val socks = $"socks"; |
| 24 | %>Are you sure you want to request that socket permissions for <b><% Web.html uname %></b> on <b><% Web.html nodeName %></b> be changed to <b><% Web.html socks %></b>?<br> |
| 25 | <a href="sec?cmd=socks2&node=<% nodeNum %>&uname=<% Web.urlEncode uname %>&socks=<% Web.urlEncode socks %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% |
| 26 | elseif $"cmd" = "socks2" then |
| 27 | val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat [uname, ": change socket permissions to ", $"socks"], msg = $"msg"}; |
| 28 | if not (Sec.Req.notifyNew id) then |
| 29 | %><h3>Error sending e-mail notification</h3><% |
| 30 | end |
| 31 | %><h3>Request added</h3><% |
| 32 | |
| 33 | elseif $"cmd" = "tpe" then |
| 34 | showNormal := false; |
| 35 | val tpe = iff $"tpe" = "yes" then "on" else "off"; |
| 36 | %>Are you sure you want to request that trusted-path-executables-only for <b><% Web.html uname %></b> on <b><% Web.html nodeName %></b> be turned <b><% tpe %></b>?<br> |
| 37 | <a href="sec?cmd=tpe2&node=<% nodeNum %>&uname=<% Web.urlEncode uname %>&tpe=<% tpe %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% |
| 38 | elseif $"cmd" = "tpe2" then |
| 39 | val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat [uname, ": turn tpe ", $"tpe"], msg = $"msg"}; |
| 40 | if not (Sec.Req.notifyNew id) then |
| 41 | %><h3>Error sending e-mail notification</h3><% |
| 42 | end |
| 43 | %><h3>Request added</h3><% |
| 44 | |
| 45 | elseif $"cmd" = "cron" then |
| 46 | showNormal := false; |
| 47 | val cron = iff $"cron" = "yes" then "enabled" else "disabled"; |
| 48 | %>Are you sure you want to request that <tt>cron</tt> permissions for <b><% Web.html uname %></b> on <b><% Web.html nodeName %></b> be <b><% cron %></b>?<br> |
| 49 | <a href="sec?cmd=cron2&node=<% nodeNum %>&uname=<% Web.urlEncode uname %>&cron=<% cron %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% |
| 50 | elseif $"cmd" = "cron2" then |
| 51 | val cron = iff $"cron" = "enabled" then "enable" else "disable"; |
| 52 | val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat [uname, ": ", cron, " cron access"], msg = $"msg"}; |
| 53 | if not (Sec.Req.notifyNew id) then |
| 54 | %><h3>Error sending e-mail notification</h3><% |
| 55 | end |
| 56 | %><h3>Request added</h3><% |
| 57 | elseif $"cmd" = "rule" then |
| 58 | showNormal := false; |
| 59 | val rule = $"rule"; |
| 60 | |
| 61 | if Sec.validRule rule then |
| 62 | %>Are you sure you want to request the firewall rule <b><% Web.html uname %> <% Web.html rule %></b> on <b><% Web.html nodeName %></b>?<br> |
| 63 | <a href="sec?cmd=rule2&node=<% nodeNum %>&uname=<% Web.urlEncode uname %>&rule=<% Web.urlEncode rule %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% |
| 64 | else |
| 65 | %>"<% Web.html rule %>" is not a valid firewall rule! Please reread <a href="http://wiki.hcoop.net/wiki/FirewallRules">the instructions</a>, and remember to leave off the initial username portion.<% |
| 66 | end |
| 67 | |
| 68 | elseif $"cmd" = "rule2" then |
| 69 | val rule = $"rule"; |
| 70 | |
| 71 | if Sec.validRule rule then |
| 72 | val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat ["Add firewall rule \"", nodeName, " ", uname, " ", rule, "\""], msg = $"msg"}; |
| 73 | if not (Sec.Req.notifyNew id) then |
| 74 | %><h3>Error sending e-mail notification</h3><% |
| 75 | end |
| 76 | %><h3>Request added</h3><% |
| 77 | else |
| 78 | %>"<% Web.html rule %>" is not a valid firewall rule! Please reread <a href="http://wiki.hcoop.net/wiki/FirewallRules">the instructions</a>, and remember to leave off the initial username portion.<% |
| 79 | end |
| 80 | |
| 81 | elseif $"modRule" <> "" then |
| 82 | showNormal := false; |
| 83 | val oldRule = $"modRule"; |
| 84 | val rule = $"rule" |
| 85 | if oldRule = rule then |
| 86 | %>You didn't modify the textbox for this rule before clicking the button, so there is no request to be made.<% |
| 87 | else |
| 88 | %>Are you sure you want to request that firewall rule <b><% Web.html uname %> <% Web.html oldRule %></b> be replaced by <b><% Web.html uname %> <% Web.html rule %></b> on <b><% Web.html nodeName %></b>?<br> |
| 89 | <a href="sec?node=<% nodeNum %>&uname=<% Web.urlEncode uname %>&modRule2=<% Web.urlEncode oldRule %>&rule=<% Web.urlEncode rule %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% |
| 90 | end |
| 91 | elseif $"modRule2" <> "" then |
| 92 | val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat ["Change firewall rule \"", uname, " ", $"modRule2", "\" to \"", uname, " ", $"rule", "\""], msg = $"msg"}; |
| 93 | if not (Sec.Req.notifyNew id) then |
| 94 | %><h3>Error sending e-mail notification</h3><% |
| 95 | end |
| 96 | %><h3>Request added</h3><% |
| 97 | |
| 98 | elseif $"delRule" <> "" then |
| 99 | showNormal := false; |
| 100 | val oldRule = $"delRule"; |
| 101 | %>Are you sure you want to request that firewall rule <b><% Web.html uname %> <% Web.html oldRule %></b> on <b><% Web.html nodeName %></b> be <b>deleted</bD>?<br> |
| 102 | <a href="sec?node=<% nodeNum %>&uname=<% Web.urlEncode uname %>&delRule2=<% Web.urlEncode oldRule %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><% |
| 103 | elseif $"delRule2" <> "" then |
| 104 | val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat ["Delete firewall rule \"", uname, " ", $"delRule2", "\""], msg = $"msg"}; |
| 105 | if not (Sec.Req.notifyNew id) then |
| 106 | %><h3>Error sending e-mail notification</h3><% |
| 107 | end |
| 108 | %><h3>Request added</h3><% |
| 109 | |
| 110 | elseif $"cmd" = "open" then |
| 111 | showNormal := false; |
| 112 | Group.requireGroupName "server"; |
| 113 | %><h3>Open requests</h3> |
| 114 | <a href="sec?cmd=list">List all requests</a><% |
| 115 | |
| 116 | foreach (name, req) in Sec.Req.listOpen () do %> |
| 117 | <br><hr><br> |
| 118 | <table class="blanks"> |
| 119 | <tr> <td>By:</td> <td><a href="user?id=<% #usr req %>"><% name %></a></td> </tr> |
| 120 | <tr> <td>Time:</td> <td><% #stamp req %> (<% Util.diffFromNow (#stamp req) %> ago)</td></tr> |
| 121 | <tr> <td>Node:</td> <td><% Web.html (Init.nodeName (#node req)) %></td> </tr> |
| 122 | <tr> <td>Request:</td> <td><% #data req %></td> </tr> |
| 123 | <tr> <td>Msg:</td> <td colspan="2"><% Web.html (#msg req) %></td> </tr> |
| 124 | </table> |
| 125 | |
| 126 | <br> |
| 127 | <a href="sec?mod=<% #id req %>">[Modify]</a> |
| 128 | <a href="sec?del=<% #id req %>">[Delete]</a><br> |
| 129 | |
| 130 | <% end |
| 131 | |
| 132 | elseif $"cmd" = "list" then |
| 133 | showNormal := false; |
| 134 | Group.requireGroupName "server" |
| 135 | %><h3>All requests</h3><% |
| 136 | |
| 137 | foreach (name, req) in Sec.Req.list () do %> |
| 138 | <br><hr><br> |
| 139 | <table class="blanks"> |
| 140 | <tr> <td>By:</td> <td colspan="2"><a href="user?id=<% #usr req %>"><% name %></a></td> </tr> |
| 141 | <tr> <td>Time:</td> <td colspan="2"><% #stamp req %> (<% Util.diffFromNow (#stamp req) %> ago)</td></tr> |
| 142 | <tr> <td>Node:</td> <td><% Web.html (Init.nodeName (#node req)) %></td> </tr> |
| 143 | <tr> <td>Request:</td> <td><% #data req %></td> </tr> |
| 144 | <tr> <td>Reason:</td> <td colspan="2"><% Web.html (#msg req) %></td> </tr> |
| 145 | </table> |
| 146 | |
| 147 | <br> |
| 148 | <a href="sec?mod=<% #id req %>">[Modify]</a> |
| 149 | <a href="sec?del=<% #id req %>">[Delete]</a> |
| 150 | |
| 151 | <% end |
| 152 | |
| 153 | elseif $"mod" <> "" then |
| 154 | showNormal := false; |
| 155 | Group.requireGroupName "server"; |
| 156 | val id = Web.stoi ($"mod"); |
| 157 | val req = Sec.Req.lookup id; |
| 158 | val user = Init.lookupUser (#usr req) %> |
| 159 | <h3>Handle request</h3> |
| 160 | |
| 161 | <form action="sec" method="post"> |
| 162 | <input type="hidden" name="save" value="<% id %>"> |
| 163 | <table class="blanks"> |
| 164 | <tr> <td>Requestor:</td> <td><a href="user?id=<% #usr req %>"><% #name user %></a></td> </tr> |
| 165 | <tr> <td>Time:</td> <td><% #stamp req %> (<% Util.diffFromNow (#stamp req) %> ago)</td></tr> |
| 166 | <tr> <td>Status:</td> <td><select name="status"> |
| 167 | <option value="0"<% if #status req = Sec.Req.NEW then %> selected<% end %>>New</option> |
| 168 | <option value="1"<% if #status req = Sec.Req.INSTALLED then %> selected<% end %>>Installed</option> |
| 169 | <option value="2"<% if #status req = Sec.Req.REJECTED then %> selected<% end %>>Rejected</option> |
| 170 | </select></td> </tr> |
| 171 | <tr> <td>Node:</td> <td><select name="node"> |
| 172 | <% foreach node in Init.listNodes () do %> |
| 173 | <option value="<% #id node %>"<% if #id node = #node req then %> selected<% end %>><% Web.html (#name node) %> (<% Web.html (#descr node) %>)</option> |
| 174 | <% end %></select></td> </tr> |
| 175 | <tr> <td>Request:</td> <td><input name="req" value="<% Web.html (#data req) %>"></td> </tr> |
| 176 | <tr> <td>Message:</td> <td><textarea name="msg" rows="10" cols="80" wrap="soft"><% Web.html (#msg req) %></textarea></td> </tr> |
| 177 | <tr> <td><input type="submit" value="Save"></td> </tr> |
| 178 | </table> |
| 179 | </form> |
| 180 | |
| 181 | <% elseif $"save" <> "" then |
| 182 | showNormal := false; |
| 183 | Group.requireGroupName "server"; |
| 184 | val id = Web.stoi ($"save"); |
| 185 | val req = Sec.Req.lookup id; |
| 186 | val oldStatus = #status req; |
| 187 | val newStatus = Sec.Req.statusFromInt (Web.stoi ($"status")); |
| 188 | Sec.Req.modify {req with node = nodeNum, data = $"req", msg = $"msg", status = newStatus}; |
| 189 | if not (Sec.Req.notifyMod {old = oldStatus, new = newStatus, changer = Init.getUserName(), req = id}) then |
| 190 | %><h3>Error sending e-mail notification</h3><% |
| 191 | end |
| 192 | %><h3>Request modified</h3> |
| 193 | Back to: <a href="sec?cmd=open">open requests</a>, <a href="sec?cmd=list">all requests</a> |
| 194 | |
| 195 | <% elseif $"del" <> "" then |
| 196 | showNormal := false; |
| 197 | Group.requireGroupName "server"; |
| 198 | val id = Web.stoi ($"del"); |
| 199 | val req = Sec.Req.lookup id; |
| 200 | val user = Init.lookupUser (#usr req) |
| 201 | %><h3>Are you sure you want to delete request by <% #name user %> for "<% #data req %>" on <% Web.html (Init.nodeName (#node req)) %>?</h3> |
| 202 | <a href="sec?del2=<% id %>">Yes, I'm sure!</a> |
| 203 | |
| 204 | <% elseif $"del2" <> "" then |
| 205 | showNormal := false; |
| 206 | Group.requireGroupName "server"; |
| 207 | val id = Web.stoi ($"del2"); |
| 208 | Sec.Req.delete id |
| 209 | %><h3>Request deleted</b><h3> |
| 210 | Back to: <a href="sec?cmd=open">open requests</a>, <a href="sec?cmd=list">all requests</a> |
| 211 | |
| 212 | <% end; |
| 213 | |
| 214 | if showNormal then |
| 215 | @secnormal [("uname", [uname]), |
| 216 | ("nodeNum", [Int.toString nodeNum])]; |
| 217 | end %> |
| 218 | |
| 219 | <% @footer[] %> |