secnormal.mlt

   1 <%
   2 val uname = $"uname";
   3 val nodeNum = case $"nodeNum" of node => Web.stoi node;
   4 val nodeName = Init.nodeName nodeNum;
   5 val yourname = Init.getUserName ();
   6 %>
   7
   8 <script src="//code.jquery.com/jquery-1.10.2.js"></script>
   9 <script src="//code.jquery.com/ui/1.11.2/jquery-ui.js"></script>
  10 <script>
  11 $(function()
  12   {
  13       $("#secTabs").tabs();
  14       /* Hide elements included to allow non-js clients to have a readable page */
  15       $(".secTabGraceful").css("display", "none");
  16   });
  17 </script>
  18
  19 <form action="sec" method="post">
  20 <input type="hidden" name="node" value="<% nodeNum %>">
  21 <table class="blanks">
  22 <tr> <td>Your users:</td> <td><select name="uname">
  23 <% foreach name in (yourname :: Sec.findSubusers yourname) do %>
  24         <option value="<% name %>"<% if uname = name then %> selected<% end %>><% name %></option>
  25 <% end %></select></td>
  26 <td><input type="submit" value="Switch"></td> </tr>
  27 </table>
  28 </form>
  29
  30 <style type="text/css">
  31 @import url('//code.jquery.com/ui/1.11.2/themes/smoothness/jquery-ui.css');
  32 </style>
  33
  34 <div id="secTabs" style="float: right;">
  35 <h2 class="secTabGraceful">Machines</h2>
  36 <ul>
  37 <% foreach node in Init.listNodes () do %>
  38    <li><a href="#secTab-<% #id node %>"><% Web.html (#name node) %></a></li>
  39 <% end %>
  40 </ul>
  41
  42 <% foreach node in Init.listNodes () do
  43       val nodeNum = #id node;
  44       val socks = Sec.socketPerms {node = nodeNum, uname = uname};
  45       val tpe = Sec.isTpe {node = nodeNum, uname = uname};
  46       val cron = Sec.cronAllowed {node = nodeNum, uname = uname}; %>
  47 <div id="secTab-<% #id node %>">
  48 <h2 class="secTabGraceful"><% Web.html (#name node) %></h2>
  49 <p><% Web.html (#descr node) %></p>
  50 <!--h3>Request socket permissions change</h3>
  51
  52 <p>You need to request socket permissions before you are able to open any network connections. While you will be limited by firewall rules even then, any requests for firewall rules you enter in the "Reason" blank here <b>will be ignored</b>. Please use the separate form at the bottom of this page for that. There is no need to wait until a request for socket permissions has been granted before starting to request firewall rules.</p>
  53
  54 <p>Keep in mind that, if your request is granted, it will never apply to existing log-in sessions. Close them and re-connect to take advantage of your new privileges.</p>
  55
  56 <form action="sec" method="post">
  57 <input type="hidden" name="node" value="<% nodeNum %>">
  58 <input type="hidden" name="uname" value="<% uname %>">
  59 <input type="hidden" name="cmd" value="socks">
  60 <table class="blanks">
  61 <tr> <td>New permissions:</td> <td><select name="socks">
  62         <option value="none"<% if socks = Sec.NADA then %> selected<% end %>>None</option>
  63         <option value="any"<% if socks = Sec.ANY then %> selected<% end %>>Any</option>
  64         <option value="client"<% if socks = Sec.CLIENT_ONLY then %> selected<% end %>>Client only</option>
  65         <option value="server"<% if socks = Sec.SERVER_ONLY then %> selected<% end %>>Server only</option>
  66 </select></td> </tr>
  67 <tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
  68 <tr> <td><input type="submit" value="Request"></td> </tr>
  69 </table>
  70 </form>
  71
  72 <h3>Request change to your execute permissions</h3>
  73
  74 <form action="sec" method="post">
  75 <input type="hidden" name="node" value="<% nodeNum %>">
  76 <input type="hidden" name="uname" value="<% uname %>">
  77 <input type="hidden" name="cmd" value="tpe">
  78 <table class="blanks">
  79 <tr> <td>Trusted path executables only?</td> <td><select name="tpe">
  80         <option value="no"<% if not tpe then %> selected<% end %>>No</option>
  81         <option value="yes"<% if tpe then %> selected<% end %>>Yes</option>
  82 </select></td> </tr>
  83 <tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
  84 <tr> <td><input type="submit" value="Request"></td> </tr>
  85 </table>
  86 </form-->
  87 <!--
  88 <h3>Request change to your <tt>cron</tt> permissions</h3>
  89
  90 <form action="sec" method="post">
  91 <input type="hidden" name="node" value="<% nodeNum %>">
  92 <input type="hidden" name="uname" value="<% uname %>">
  93 <input type="hidden" name="cmd" value="cron">
  94 <table class="blanks">
  95 <tr> <td>Allowed to use cron?</td> <td><select name="cron">
  96         <option value="no"<% if not cron then %> selected<% end %>>No</option>
  97         <option value="yes"<% if cron then %> selected<% end %>>Yes</option>
  98 </select></td> </tr>
  99 <tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
 100 <tr> <td><input type="submit" value="Request"></td> </tr>
 101 </table>
 102 </form>
 103 -->
 104 <% val rules = Sec.findFirewallRules {node = nodeNum, uname = uname};
 105 switch rules of
 106   _::_ => %>
 107 <h3>Your firewall rules</h3>
 108
 109 <% foreach rule in rules do %>
 110 <form action="sec" method="post">
 111 <input type="hidden" name="node" value="<% nodeNum %>">
 112 <input type="hidden" name="uname" value="<% uname %>">
 113 <input type="hidden" name="modRule" value="<% Web.html rule %>">
 114 <label>Node: <% nodeName %> <input name="rule" value="<% Web.html rule %>"></label>
 115 <a href="sec?delRule=<% Web.urlEncode rule %>">[Request deletion]</a>
 116 <input type="submit" value="Request change">
 117 </form><br>
 118 <% end
 119 end%>
 120
 121 <h3>Request a new firewall rule</h3>
 122
 123 <p>You can find a description of rule formats <a href="http://wiki.hcoop.net/FirewallRules">on our wiki</a>. Enter here the rule you want, without the initial <tt>user</tt> portion. We also <a href="http://wiki.hcoop.net/FirewallRules#Common_Rules">allow all members access to some services</a> if they are commonly requested.</p>
 124
 125 <p>When requesting a <tt>Server</tt> or <tt>ProxiedServer</tt> rule, use a port above <tt>50000</tt> (there is a list of <a href="http://wiki.hcoop.net/AllocatedFirewallPorts">allocated ports</a>). We may grant <tt>Server</tt> requests for ports under <tt>50000</tt> if it can be justified, but never for a <tt>ProxiedServer</tt>.</p>
 126
 127 <p>We very rarely grant requests for Client rules that don't include remote host whitelists. For example, important security concerns make it a bad idea for us to give anybody blanket IRC permissions. Instead, request specific servers. We will refuse such requests that include networks that are popularly considered fronts for illegal activity.</p>
 128
 129 <form action="sec" method="post">
 130 <input type="hidden" name="node" value="<% nodeNum %>">
 131 <input type="hidden" name="uname" value="<% uname %>">
 132 <input type="hidden" name="cmd" value="rule">
 133 <table class="blanks">
 134 <tr> <td>Rule</td> <td><input name="rule" size="80"></td> </tr>
 135 <tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
 136 <tr> <td><input type="submit" value="Request"></td> </tr>
 137 </table>
 138 </form>
 139 </div>
 140 <% end %>
 141 </div>
 142
 143