X-Git-Url: https://git.hcoop.net/hcoop/portal.git/blobdiff_plain/b986395e3b620f2c33d38ec27949809751d3e8d1..2d53edb7809134ff8bc4098da9288864cdb60fc9:/sec.mlt diff --git a/sec.mlt b/sec.mlt index 1c5a008..020c0f9 100644 --- a/sec.mlt +++ b/sec.mlt @@ -2,7 +2,7 @@ val yourname = Init.getUserName (); val nodeNum = case $"node" of - "" => 2 + "" => 4 | node => Web.stoi node; val nodeName = Init.nodeName nodeNum; @@ -13,7 +13,6 @@ val uname = case $"uname" of val socks = Sec.socketPerms {node = nodeNum, uname = uname}; val tpe = Sec.isTpe {node = nodeNum, uname = uname}; val cron = Sec.cronAllowed {node = nodeNum, uname = uname}; -val ftp = Sec.ftpAllowed {node = nodeNum, uname = uname}; ref showNormal = true; @@ -55,20 +54,6 @@ elseif $"cmd" = "cron2" then %>

Error sending e-mail notification

<% end %>

Request added

<% - -elseif $"cmd" = "ftp" then - showNormal := false; - val ftp = iff $"ftp" = "yes" then "enabled" else "disabled"; - %>Are you sure you want to request that FTP permissions for <% Web.html uname %> on <% Web.html nodeName %> be <% ftp %>?
- ">Yes, place the request!<% -elseif $"cmd" = "ftp2" then - val ftp = iff $"ftp" = "enabled" then "enable" else "disable"; - val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat [uname, ": ", ftp, " FTP access"], msg = $"msg"}; - if not (Sec.Req.notifyNew id) then - %>

Error sending e-mail notification

<% - end - %>

Request added

<% - elseif $"cmd" = "rule" then showNormal := false; val rule = $"rule"; @@ -84,7 +69,7 @@ elseif $"cmd" = "rule2" then val rule = $"rule"; if Sec.validRule rule then - val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat ["Add firewall rule \"", uname, " ", rule, "\""], msg = $"msg"}; + val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat ["Add firewall rule \"", nodeName, " ", uname, " ", rule, "\""], msg = $"msg"}; if not (Sec.Req.notifyNew id) then %>

Error sending e-mail notification

<% end @@ -132,7 +117,7 @@ elseif $"cmd" = "open" then

- + @@ -153,7 +138,7 @@ elseif $"cmd" = "list" then

By: <% name %>
Time: <% #stamp req %>
Time: <% #stamp req %> (<% Util.diffFromNow (#stamp req) %> ago)
Node: <% Web.html (Init.nodeName (#node req)) %>
Request: <% #data req %>
Msg: <% Web.html (#msg req) %>
- + @@ -177,7 +162,7 @@ elseif $"mod" <> "" then
By: <% name %>
Time: <% #stamp req %>
Time: <% #stamp req %> (<% Util.diffFromNow (#stamp req) %> ago)
Node: <% Web.html (Init.nodeName (#node req)) %>
Request: <% #data req %>
Reason: <% Web.html (#msg req) %>
- + - +
Requestor: <% #name user %>
Time: <% #stamp req %>
Time: <% #stamp req %> (<% Util.diffFromNow (#stamp req) %> ago)
Status:
Node:
Request:
Request:
Message:
@@ -201,10 +186,8 @@ elseif $"mod" <> "" then val oldStatus = #status req; val newStatus = Sec.Req.statusFromInt (Web.stoi ($"status")); Sec.Req.modify {req with node = nodeNum, data = $"req", msg = $"msg", status = newStatus}; - if oldStatus <> newStatus then - if not (Sec.Req.notifyMod {old = oldStatus, new = newStatus, changer = Init.getUserName(), req = id}) then - %>

Error sending e-mail notification

<% - end + if not (Sec.Req.notifyMod {old = oldStatus, new = newStatus, changer = Init.getUserName(), req = id}) then + %>

Error sending e-mail notification

<% end %>

Request modified

Back to: open requests, all requests @@ -228,135 +211,9 @@ elseif $"mod" <> "" then <% end; -if showNormal then %> - - - - - - - - - - - - -
Machines:
Your users:
- -

Request socket permissions change

- -

You need to request socket permissions before you are able to open any network connections. While you will be limited by firewall rules even then, any requests for firewall rules you enter in the "Reason" blank here will be ignored. Please use the separate form at the bottom of this page for that. There is no need to wait until a request for socket permissions has been granted before starting to request firewall rules.

- -

Keep in mind that, if your request is granted, it will never apply to existing log-in sessions. Close them and re-connect to take advantage of your new privileges.

- -
- - - - - - - -
New permissions:
Reason:
-
- -

Request change to your execute permissions

- -
- - - - - - - -
Trusted path executables only?
Reason:
-
- -

Request change to your cron permissions

- -
- - - - - - - -
Allowed to use cron?
Reason:
-
- -

Request change to your FTP permissions

- -

Please read our wiki instructions on file transfer before requesting FTP access. Almost everyone should use alternative protocols to FTP that provide superior security benefits.

- -
- - - - - - - -
Allowed to use FTP?
Reason:
-
- -<% val rules = Sec.findFirewallRules {node = nodeNum, uname = uname}; -switch rules of - _::_ => %> -

Your firewall rules

- -<% foreach rule in rules do %> -
- - - - -[Request deletion] - -

-<% end -end%> - -

Request a new firewall rule

- -

You can find a description of rule formats on our wiki. Enter here the rule you want, without the initial user portion.

- -

Please note that your firewall rule will be useless if you don't first request the corresponding socket privileges at the top of this page. Also, common ports like 80 (HTTP) are open to everyone with socket permissions. Verify that you can't access a port after socket permissions have been granted before requesting a special rule here.

- -

We very rarely grant requests for Client rules that don't include remote host whitelists. For example, important security concerns make it a bad idea for us to give anybody blanket IRC permissions. Instead, request specific servers. We will refuse such requests that include networks that are popularly considered fronts for illegal activity.

- -
- - - - - - - -
Rule
Reason:
-
- -<% end %> +if showNormal then + @secnormal [("uname", [uname]), + ("nodeNum", [Int.toString nodeNum])]; +end %> <% @footer[] %> \ No newline at end of file