Mailing List Archive: A new ACM security tool providing support to aid in the

# HG changeset patch
# User kaf24@firebug.cl.cam.ac.uk
# Node ID 269abc1e4fa5616806504f79585ab5c6b354d477
# Parent b438b8cb38f80bb8a4387c81c75c49b42c7d917f
A new ACM security tool providing support to aid in the
creation/generation of the XML security policy files for the Xen ACM
security architecture. It is a python- based, web-based tool named
xensec_gen that allows users to create or modify XML policy files
through a browser. The resulting XML policy files can then be copied
or moved to the appropriate location in the /etc/xen/acm-security
directory structure in order to be translated into binary and used
within the Xen system.

Signed-off-by: Tom Lendacky <toml@us.ibm.com>

diff -r b438b8cb38f8 -r 269abc1e4fa5 tools/security/Makefile
--- a/tools/security/Makefile Tue Dec 13 16:08:05 2005
+++ b/tools/security/Makefile Tue Dec 13 16:12:59 2005
@@ -35,7 +35,7 @@
SRCS_GETD = get_decision.c
OBJS_GETD := $(patsubst %.c,%.o,$(filter %.c,$(SRCS_GETD)))

-ACM_INST_TOOLS = xensec_tool xensec_xml2bin
+ACM_INST_TOOLS = xensec_tool xensec_xml2bin xensec_gen
ACM_NOINST_TOOLS = get_decision
ACM_OBJS = $(OBJS_TOOL) $(OBJS_XML2BIN) $(OBJS_GETD)
ACM_SCRIPTS = getlabel.sh setlabel.sh updategrub.sh labelfuncs.sh
@@ -43,6 +43,12 @@
ACM_CONFIG_DIR = /etc/xen/acm-security
ACM_POLICY_DIR = $(ACM_CONFIG_DIR)/policies
ACM_SCRIPT_DIR = $(ACM_CONFIG_DIR)/scripts
+
+ACM_INST_HTML = python/xensec_gen/index.html
+ACM_INST_CGI = python/xensec_gen/cgi-bin/policy.cgi \
+ python/xensec_gen/cgi-bin/policylabel.cgi
+ACM_SECGEN_HTMLDIR= /var/lib/xensec_gen
+ACM_SECGEN_CGIDIR = $(ACM_SECGEN_HTMLDIR)/cgi-bin

ACM_SCHEMA = security_policy.xsd
ACM_EXAMPLES = null chwall ste chwall_ste
@@ -65,6 +71,15 @@
done
$(INSTALL_DIR) -p $(DESTDIR)$(ACM_SCRIPT_DIR)
$(INSTALL_PROG) -p $(ACM_SCRIPTS) $(DESTDIR)$(ACM_SCRIPT_DIR)
+ $(INSTALL_DIR) -p $(DESTDIR)$(ACM_SECGEN_HTMLDIR)
+ $(INSTALL_DATA) -p $(ACM_INST_HTML) $(DESTDIR)$(ACM_SECGEN_HTMLDIR)
+ $(INSTALL_DIR) -p $(DESTDIR)$(ACM_SECGEN_CGIDIR)
+ $(INSTALL_PROG) -p $(ACM_INST_CGI) $(DESTDIR)$(ACM_SECGEN_CGIDIR)
+ifndef XEN_PYTHON_NATIVE_INSTALL
+ python python/setup.py install --home="$(DESTDIR)/usr"
+else
+ python python/setup.py install --root="$(DESTDIR)"
+endif
else
all:

@@ -72,22 +87,27 @@
endif

build: mk-symlinks $(ACM_INST_TOOLS) $(ACM_NOINST_TOOLS)
+ python python/setup.py build
chmod 700 $(ACM_SCRIPTS)

xensec_tool: $(OBJS_TOOL)
- $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^

xensec_xml2bin: $(OBJS_XML2BIN)
- $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^

get_decision: $(OBJS_GETD)
- $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
+
+xensec_gen: xensec_gen.py
+ cp -f $^ $@

clean:
$(RM) $(ACM_INST_TOOLS) $(ACM_NOINST_TOOLS)
$(RM) $(ACM_OBJS)
$(RM) $(PROG_DEPS)
$(RM) -r xen
+ $(RM) -r build

mrproper: clean

diff -r b438b8cb38f8 -r 269abc1e4fa5 tools/security/example.txt
--- a/tools/security/example.txt Tue Dec 13 16:08:05 2005
+++ b/tools/security/example.txt Tue Dec 13 16:12:59 2005
@@ -271,3 +271,112 @@

If you keep to the security policy schema, then you can use all the
tools described above. Refer to install.txt to install it.
+
+You can hand-edit the xml files to create your policy or you can use the
+xensec_gen utility.
+
+
+5. Generating policy files using xensec_gen:
+============================================
+
+The xensec_gen utility starts a web-server that can be used to generate the
+XML policy files needed to create a policy.
+
+By default, xensec_gen runs as a daemon and listens on port 7777 for HTTP
+requests. The xensec_gen command supports command line options to change the
+listen port, run in the foreground, and a few others. Type 'xensec_gen -h'
+to see the full list of options available.
+
+Once the xensec_gen utility is running, point a browser at the host and port
+on which the utility is running (e.g. http://localhost:7777/). You will be
+presented with a web page that allows you to create or modify the XML policy
+files:
+
+ - The Security Policy section allows you to create or modify a policy
+ definition file
+
+ - The Security Policy Labeling section allows you to create or modify a
+ label template definition file
+
+ Security Policy:
+ ----------------
+ The Security Policy section allows you to modify an existing policy definition
+ file or create a new policy definition file. To modify an existing policy
+ definition, enter the full path to the existing file (the "Browse" button can
+ be used to aid in this) in the Policy File entry field. To create a new
+ policy definition file leave the Policy File entry field blank. At this point
+ click the "Create" button to begin modifying or creating your policy definition.
+
+ You will then be presented with a web page that will allow you to create either
+ Simple Type Enforcement types or Chinese Wall types or both.
+
+ As an example:
+ - To add a Simple Type Enforcement type:
+ - Enter the name of a new type under the Simple Type Enforcement Types
+ section in the entry field above the "New" button.
+ - Click the "New" button and the type will be added to the list of defined
+ Simple Type Enforcement types.
+ - To remove a Simple Type Enforcement type:
+ - Click on the type to be removed in the list of defined Simple Type
+ Enforcement types.
+ - Click the "Delete" button to remove the type.
+
+ Follow the same process to add Chinese Wall types. If you define Chinese Wall
+ types you need to define at least one Chinese Wall Conflict Set. The Chinese
+ Wall Conflict Set will allow you to add Chinese Wall types from the list of
+ defined Chinese Wall types.
+
+ To create your policy definition file, click on the "Generate XML" button on
+ the top of the page. This will present you with a dialog box to save the
+ generated XML file on your system. The default name will be security_policy.xml
+ which you should change to follow the policy file naming conventions based on
+ the policy name that you choose to use.
+
+ To get a feel for the tool, you could use one of the example policy definition
+ files from /etc/xen/acm-security/policies as input.
+
+
+ Security Policy Labeling:
+ -------------------------
+ The Security Policy Labeling section allows you to modify an existing label
+ template definition file or create a new label template definition file. To
+ modify an existing label template definition, enter the full path to the
+ existing file (the "Browse" button can be used to aid in this) in the Policy
+ Labeling File entry field. Whether creating a new label template definition
+ file or modifying an existing one, you will need to specify the policy
+ definition file that is or will be associated with this label template
+ definition file. At this point click the "Create" button to begin modifying
+ or creating your label template definition file.
+
+ You will then be presented with a web page that will allow you to create labels
+ for classes of virtual machines. The input policy definition file will provide
+ the available types (Simple Type Enforcement and/or Chinese Wall) that can be
+ assigned to a virtual machine class.
+
+ As an example:
+ - To add a Virtual Machine class (the name entered will become the label
+ that will be used to identify the class):
+ - Enter the name of a new class under the Virtual Machine Classes section
+ in the entry field above the "New" button.
+ - Click the "New" button and the class will be added to the table of defined
+ Virtual Machine classes.
+ - To remove a Virtual Machine class:
+ - Click the "Delete" link associated with the class in the table of Virtual
+ Machine classes.
+
+ Once you have defined one or more Virtual Machine classes, you will be able to
+ add any of the defined Simple Type Enforcement types or Chinese Wall types to a
+ particular Virtual Machine.
+
+ You must also define which Virtual Machine class is to be associated with the
+ bootstrap domain (or Dom0 domain). By default, the first Virtual Machine class
+ created will be associated as the bootstrap domain.
+
+ To create your label template definition file, click on the "Generate XML" button
+ on the top of the page. This will present you with a dialog box to save the
+ generated XML file on your system. The default name will be
+ security_label_template.xml which you should change to follow the policy file
+ naming conventions based on the policy name that you choose to use.
+
+ To get a feel for the tool, you could use one of the example policy definition
+ and label template definition files from /etc/xen/acm-security/policies as input.
diff -r b438b8cb38f8 -r 269abc1e4fa5 tools/security/python/setup.py
--- /dev/null Tue Dec 13 16:08:05 2005
+++ b/tools/security/python/setup.py Tue Dec 13 16:12:59 2005
@@ -0,0 +1,30 @@
+#!/usr/bin/python
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License,
+# or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+from distutils.core import setup
+import os
+
+# This setup script is invoked from the parent directory, so base
+# everything as if executing from there.
+XEN_ROOT = "../.."
+
+setup(name = 'xensec_gen',
+ version = '3.0',
+ description = 'Xen XML Security Policy Generator',
+ package_dir = { 'xen' : 'python' },
+ packages = ['xen.xensec_gen'],
+ )
diff -r b438b8cb38f8 -r 269abc1e4fa5 tools/security/python/xensec_gen/cgi-bin/policy.cgi
--- /dev/null Tue Dec 13 16:08:05 2005
+++ b/tools/security/python/xensec_gen/cgi-bin/policy.cgi Tue Dec 13 16:12:59 2005
@@ -0,0 +1,1325 @@
+#!/usr/bin/python
+#
+# The Initial Developer of the Original Code is International
+# Business Machines Corporation. Portions created by IBM
+# Corporation are Copyright (C) 2005 International Business
+# Machines Corporation. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License,
+# or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import os
+import cgi
+import cgitb; cgitb.enable( )
+import time
+import xml.dom.minidom
+import xml.sax
+import xml.sax.handler
+from StringIO import StringIO
+from sets import Set
+
+def getSavedData( ):
+ global formData, policyXml, formVariables, formCSNames
+ global templateCSMTypes, templateCSMDel, templateCSMType, templateCSMAdd
+ global allCSMTypes
+
+ # Process the XML upload policy file
+ if formData.has_key( 'i_policy' ):
+ dataList = formData.getlist( 'i_policy' )
+ if len( dataList ) > 0:
+ policyXml = dataList[0]
+
+ # Process all the hidden input variables (if present)
+ for formVar in formVariables:
+ if formVar[2] == '':
+ continue
+
+ if formData.has_key( formVar[2] ):
+ dataList = formData.getlist( formVar[2] )
+ if len( dataList ) > 0:
+ if isinstance( formVar[1], list ):
+ exec 'formVar[1] = ' + dataList[0]
+ else:
+ formVar[1] = dataList[0]
+
+ # The form can contain any number of "Conflict Sets"
+ # so update the list of form variables to include
+ # each conflict set (hidden input variable)
+ for csName in formCSNames[1]:
+ newCS( csName )
+ if formData.has_key( allCSMTypes[csName][2] ):
+ dataList = formData.getlist( allCSMTypes[csName][2] )
+ if len( dataList ) > 0:
+ exec 'allCSMTypes[csName][1] = ' + dataList[0]
+
+def getCurrentTime( ):
+ return time.strftime( '%Y-%m-%d %H:%M:%S', time.localtime( ) )
+
+def getName( domNode ):
+ nameNodes = domNode.getElementsByTagName( 'Name' )
+ if len( nameNodes ) == 0:
+ formatXmlError( '"<Name>" tag is missing' )
+ return None
+
+ name = ''
+ for childNode in nameNodes[0].childNodes:
+ if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+ name = name + childNode.data
+
+ return name
+
+def getDate( domNode ):
+ dateNodes = domNode.getElementsByTagName( 'Date' )
+ if len( dateNodes ) == 0:
+ formatXmlError( '"<Date>" tag is missing' )
+ return None
+
+ date = ''
+ for childNode in dateNodes[0].childNodes:
+ if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+ date = date + childNode.data
+
+ return date
+
+def getSteTypes( domNode, missingIsError = 0 ):
+ steNodes = domNode.getElementsByTagName( 'SimpleTypeEnforcementTypes' )
+ if len( steNodes ) == 0:
+ if missingIsError == 1:
+ formatXmlError( '"<SimpleTypeEnforcementTypes>" tag is missing' )
+ return None
+ else:
+ return []
+
+ return getTypes( steNodes[0] )
+
+def getChWTypes( domNode, missingIsError = 0 ):
+ chwNodes = domNode.getElementsByTagName( 'ChineseWallTypes' )
+ if len( chwNodes ) == 0:
+ if missingIsError == 1:
+ formatXmlError( '"<ChineseWallTypes>" tag is missing' )
+ return None
+ else:
+ return []
+
+ return getTypes( chwNodes[0] )
+
+def getTypes( domNode ):
+ types = []
+
+ domNodes = domNode.getElementsByTagName( 'Type' )
+ if len( domNodes ) == 0:
+ formatXmlError( '"<Type>" tag is missing' )
+ return None
+
+ for domNode in domNodes:
+ typeText = ''
+ for childNode in domNode.childNodes:
+ if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+ typeText = typeText + childNode.data
+
+ if typeText == '':
+ formatXmlError( 'No text associated with the "<Type>" tag' )
+ return None
+
+ types.append( typeText )
+
+ return types
+
+def formatXmlError( msg, xml = '', lineNum = -1, colNum = -1 ):
+ global xmlMessages, xmlError
+
+ xmlError = 1
+ addMsg = cgi.escape( msg )
+
+ if lineNum != -1:
+ sio = StringIO( xml )
+ for xmlLine in sio:
+ lineNum = lineNum - 1
+ if lineNum == 0:
+ break;
+
+ addMsg += '<BR><PRE>' + cgi.escape( xmlLine.rstrip( ) )
+
+ if colNum != -1:
+ errLine = ''
+ for i in range( colNum ):
+ errLine = errLine + '-'
+
+ addMsg += '\n' + errLine + '^'
+
+ addMsg += '</PRE>'
+
+ xmlMessages.append( addMsg )
+
+def formatXmlGenError( msg ):
+ global xmlMessages, xmlIncomplete
+
+ xmlIncomplete = 1
+ xmlMessages.append( cgi.escape( msg ) )
+
+def parseXml( xmlInput ):
+ global xmlMessages, xmlError, xmlLine, xmlColumn
+
+ xmlParser = xml.sax.make_parser( )
+ try:
+ domDoc = xml.dom.minidom.parseString( xmlInput, xmlParser )
+
+ except xml.sax.SAXParseException, xmlErr:
+ msg = ''
+ msg = msg + 'XML parsing error occurred at line '
+ msg = msg + `xmlErr.getLineNumber( )`
+ msg = msg + ', column '
+ msg = msg + `xmlErr.getColumnNumber( )`
+ msg = msg + ': reason = "'
+ msg = msg + xmlErr.getMessage( )
+ msg = msg + '"'
+ formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), xmlErr.getColumnNumber( ) )
+ return None
+
+ except xml.sax.SAXException, xmlErr:
+ msg = ''
+ msg = msg + 'XML Parsing error: ' + `xmlErr`
+ formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), xmlErr.getColumnNumber( ) )
+ return None
+
+ return domDoc
+
+def parsePolicyXml( ):
+ global policyXml
+ global formPolicyName, formPolicyDate, formPolicyOrder
+ global formSteTypes, formChWallTypes
+ global allCSMTypes
+
+ domDoc = parseXml( policyXml )
+ if domDoc == None:
+ return
+
+ domRoot = domDoc.documentElement
+ domHeaders = domRoot.getElementsByTagName( 'PolicyHeader' )
+ if len( domHeaders ) == 0:
+ msg = ''
+ msg = msg + '"<PolicyHeader>" tag is missing.\n'
+ msg = msg + 'Please validate the Policy file used.'
+ formatXmlError( msg )
+ return
+
+ pName = getName( domHeaders[0] )
+ if pName == None:
+ msg = ''
+ msg = msg + 'Error processing the Policy header information.\n'
+ msg = msg + 'Please validate the Policy file used.'
+ formatXmlError( msg )
+ return
+
+ formPolicyName[1] = pName
+
+ pDate = getDate( domHeaders[0] )
+ if pDate == None:
+ msg = ''
+ msg = msg + 'Error processing the Policy header information.\n'
+ msg = msg + 'Please validate the Policy file used.'
+ formatXmlError( msg )
+ return
+
+ formPolicyDate[1] = pDate
+
+ pOrder = ''
+ domStes = domRoot.getElementsByTagName( 'SimpleTypeEnforcement' )
+ if len( domStes ) > 0:
+ if domStes[0].hasAttribute( 'priority' ):
+ if domStes[0].getAttribute( 'priority' ) != 'PrimaryPolicyComponent':
+ msg = ''
+ msg = msg + 'Error processing the "<SimpleTypeEnforcement>" tag.\n'
+ msg = msg + 'The "priority" attribute value is not valid.\n'
+ msg = msg + 'Please validate the Policy file used.'
+ formatXmlError( msg )
+ return
+
+ pOrder = 'v_Ste'
+
+ steTypes = getSteTypes( domStes[0], 1 )
+ if steTypes == None:
+ msg = ''
+ msg = msg + 'Error processing the SimpleTypeEnforcement types.\n'
+ msg = msg + 'Please validate the Policy file used.'
+ formatXmlError( msg )
+ return
+
+ formSteTypes[1] = steTypes
+
+ domChWalls = domRoot.getElementsByTagName( 'ChineseWall' )
+ if len( domChWalls ) > 0:
+ if domChWalls[0].hasAttribute( 'priority' ):
+ if domChWalls[0].getAttribute( 'priority' ) != 'PrimaryPolicyComponent':
+ msg = ''
+ msg = msg + 'Error processing the "<ChineseWall>" tag.\n'
+ msg = msg + 'The "priority" attribute value is not valid.\n'
+ msg = msg + 'Please validate the Policy file used.'
+ formatXmlError( msg )
+ return
+
+ if pOrder != '':
+ msg = ''
+ msg = msg + 'Error processing the "<ChineseWall>" tag.\n'
+ msg = msg + 'The "priority" attribute has been previously specified.\n'
+ msg = msg + 'Please validate the Policy file used.'
+ formatXmlError( msg )
+ return
+
+ pOrder = 'v_ChWall'
+
+ chwTypes = getChWTypes( domChWalls[0], 1 )
+ if chwTypes == None:
+ msg = ''
+ msg = msg + 'Error processing the ChineseWall types.\n'
+ msg = msg + 'Please validate the Policy file used.'
+ formatXmlError( msg )
+ return
+
+ formChWallTypes[1] = chwTypes
+
+ csNodes = domChWalls[0].getElementsByTagName( 'ConflictSets' )
+ if len( csNodes ) == 0:
+ msg = ''
+ msg = msg + 'Required "<ConflictSets>" tag missing.\n'
+ msg = msg + 'Please validate the Policy file used.'
+ formatXmlError( msg )
+ return
+
+ cNodes = csNodes[0].getElementsByTagName( 'Conflict' )
+ if len( cNodes ) == 0:
+ msg = ''
+ msg = msg + 'Required "<Conflict>" tag missing.\n'
+ msg = msg + 'Please validate the Policy file used.'
+ formatXmlError( msg )
+ return
+
+ for cNode in cNodes:
+ csName = cNode.getAttribute( 'name' )
+ newCS( csName, 1 )
+
+ csMemberList = getTypes( cNode )
+ if csMemberList == None:
+ msg = ''
+ msg = msg + 'Error processing the Conflict Set members.\n'
+ msg = msg + 'Please validate the Policy file used.'
+ formatXmlError( msg )
+ return
+
+ # Verify the conflict set members are valid types
+ ctSet = Set( formChWallTypes[1] )
+ csSet = Set( csMemberList )
+ if not csSet.issubset( ctSet ):
+ msg = ''
+ msg = msg + 'Error processing Conflict Set "' + csName + '".\n'
+ msg = msg + 'Members of the conflict set are not valid '
+ msg = msg + 'Chinese Wall types.\n'
+ msg = msg + 'Please validate the Policy file used.'
+ formatXmlError( msg )
+
+ allCSMTypes[csName][1] = csMemberList
+
+ if pOrder != '':
+ formPolicyOrder[1] = pOrder
+ else:
+ if (len( domStes ) > 0) or (len( domChWalls ) > 0):
+ msg = ''
+ msg = msg + 'The "priority" attribute has not been specified.\n'
+ msg = msg + 'It must be specified on one of the access control types.\n'
+ msg = msg + 'Please validate the Policy file used.'
+ formatXmlError( msg )
+ return
+
+def modFormTemplate( formTemplate, suffix ):
+ formVar = [x for x in formTemplate]
+
+ if formVar[2] != '':
+ formVar[2] = formVar[2] + suffix
+ if formVar[3] != '':
+ formVar[3] = formVar[3] + suffix
+ if (formVar[0] != 'button') and (formVar[4] != ''):
+ formVar[4] = formVar[4] + suffix
+
+ return formVar;
+
+def removeDups( curList ):
+ newList = []
+ curSet = Set( curList )
+ for x in curSet:
+ newList.append( x )
+ newList.sort( )
+
+ return newList
+
+def newCS( csName, addToList = 0 ):
+ global formCSNames
+ global templateCSDel, allCSDel
+ global templateCSMTypes, templateCSMDel, templateCSMType, templateCSMAdd
+ global allCSMTypes, allCSMDel, allCSMType, allCSMAdd
+
+ csSuffix = '_' + csName
+
+ # Make sure we have an actual name and check one of the 'all'
+ # variables to be sure it hasn't been previously defined
+ if (len( csName ) > 0) and (not allCSMTypes.has_key( csName )):
+ allCSDel[csName] = modFormTemplate( templateCSDel, csSuffix )
+ allCSMTypes[csName] = modFormTemplate( templateCSMTypes, csSuffix )
+ allCSMDel[csName] = modFormTemplate( templateCSMDel, csSuffix )
+ allCSMType[csName] = modFormTemplate( templateCSMType, csSuffix )
+ allCSMAdd[csName] = modFormTemplate( templateCSMAdd, csSuffix )
+ if addToList == 1:
+ formCSNames[1].append( csName )
+ formCSNames[1] = removeDups( formCSNames[1] )
+
+def updateInfo( ):
+ global formData, formPolicyName, formPolicyDate, formPolicyOrder
+
+ if formData.has_key( formPolicyName[3] ):
+ formPolicyName[1] = formData[formPolicyName[3]].value
+ elif formData.has_key( formPolicyUpdate[3] ):
+ formPolicyName[1] = ''
+
+ if formData.has_key( formPolicyDate[3] ):
+ formPolicyDate[1] = formData[formPolicyDate[3]].value
+ elif formData.has_key( formPolicyUpdate[3] ):
+ formPolicyDate[1] = ''
+
+ if formData.has_key( formPolicyOrder[3] ):
+ formPolicyOrder[1] = formData[formPolicyOrder[3]].value
+
+def addSteType( ):
+ global formData, formSteType, formSteTypes
+
+ if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( formSteAdd[3] )):
+ if formData.has_key( formSteType[3] ):
+ type = formData[formSteType[3]].value
+ type = type.strip( )
+ if len( type ) > 0:
+ formSteTypes[1].append( type )
+ formSteTypes[1] = removeDups( formSteTypes[1] )
+
+
+def delSteType( ):
+ global formData, formSteTypes
+
+ if formData.has_key( formSteTypes[3] ):
+ typeList = formData.getlist( formSteTypes[3] )
+ for type in typeList:
+ type = type.strip( )
+ formSteTypes[1].remove( type )
+
+def addChWallType( ):
+ global formData, formChWallType, formChWallTypes
+
+ if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( formChWallAdd[3] )):
+ if formData.has_key( formChWallType[3] ):
+ type = formData[formChWallType[3]].value
+ type = type.strip( )
+ if len( type ) > 0:
+ formChWallTypes[1].append( type )
+ formChWallTypes[1] = removeDups( formChWallTypes[1] )
+
+def delChWallType( ):
+ global formData, formChWallTypes
+
+ if formData.has_key( formChWallTypes[3] ):
+ typeList = formData.getlist( formChWallTypes[3] )
+ for type in typeList:
+ type = type.strip( )
+ formChWallTypes[1].remove( type )
+
+def addCS( ):
+ global formData, formCSNames
+
+ if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( formCSAdd[3] )):
+ if formData.has_key( formCSName[3] ):
+ csName = formData[formCSName[3]].value
+ csName = csName.strip( )
+ newCS( csName, 1 )
+
+def delCS( csName ):
+ global formData, formCSNames, allCSDel
+ global allCSMTypes, allCSMDel, allCSMType, allCSMAdd
+
+ csName = csName.strip( )
+ formCSNames[1].remove( csName )
+ del allCSDel[csName]
+ del allCSMTypes[csName]
+ del allCSMDel[csName]
+ del allCSMType[csName]
+ del allCSMAdd[csName]
+
+def addCSMember( csName ):
+ global formData, allCSMType, allCSMTypes
+
+ formVar = allCSMType[csName]
+ if formData.has_key( formVar[3] ):
+ csmList = formData.getlist( formVar[3] )
+ formVar = allCSMTypes[csName]
+ for csm in csmList:
+ csm = csm.strip( )
+ formVar[1].append( csm )
+ formVar[1] = removeDups( formVar[1] )
+
+def delCSMember( csName ):
+ global formData, allCSMTypes
+
+ formVar = allCSMTypes[csName]
+ if formData.has_key( formVar[3] ):
+ csmList = formData.getlist( formVar[3] )
+ for csm in csmList:
+ csm = csm.strip( )
+ formVar[1].remove( csm )
+
+def processRequest( ):
+ global policyXml
+ global formData, formPolicyUpdate
+ global formSteAdd, formSteDel
+ global formChWallAdd, formChWallDel
+ global formCSAdd, allCSDel
+ global formCSNames, allCSMAdd, allCSMDel
+
+ if policyXml != '':
+ parsePolicyXml( )
+
+ # Allow the updating of the header information whenever
+ # an action is performed
+ updateInfo( )
+
+ # Allow the adding of types/sets if the user has hit the
+ # enter key when attempting to add a type/set
+ addSteType( )
+ addChWallType( )
+ addCS( )
+
+ if formData.has_key( formSteDel[3] ):
+ delSteType( )
+
+ elif formData.has_key( formChWallDel[3] ):
+ delChWallType( )
+
+ else:
+ for csName in formCSNames[1]:
+ if formData.has_key( allCSDel[csName][3] ):
+ delCS( csName )
+ continue
+
+ if formData.has_key( allCSMAdd[csName][3] ):
+ addCSMember( csName )
+
+ elif formData.has_key( allCSMDel[csName][3] ):
+ delCSMember( csName )
+
+def makeName( name, suffix='' ):
+ rName = name
+ if suffix != '':
+ rName = rName + '_' + suffix
+
+ return rName
+
+def makeNameAttr( name, suffix='' ):
+ return 'name="' + makeName( name, suffix ) + '"'
+
+def makeValue( value, suffix='' ):
+ rValue = value
+
+ if isinstance( value, list ):
+ rValue = '[.'
+ for val in value:
+ rValue = rValue + '\'' + val
+ if suffix != '':
+ rValue = rValue + '_' + suffix
+ rValue = rValue + '\','
+ rValue = rValue + ']'
+
+ else:
+ if suffix != '':
+ rValue = rValue + '_' + suffix
+
+ return rValue
+
+def makeValueAttr( value, suffix='' ):
+ return 'value="' + makeValue( value, suffix ) + '"'
+
+def sendHtmlFormVar( formVar, attrs='' ):
+ nameAttr = ''
+ valueAttr = ''
+ htmlText = ''
+
+ if formVar[0] == 'text':
+ if formVar[3] != '':
+ nameAttr = makeNameAttr( formVar[3] )
+ valueAttr = makeValueAttr( formVar[1] )
+
+ print '<INPUT type="text"', nameAttr, valueAttr, attrs, '>'
+
+ elif formVar[0] == 'list':
+ if formVar[3] != '':
+ nameAttr = makeNameAttr( formVar[3] )
+
+ print '<SELECT', nameAttr, attrs, '>'
+ for option in formVar[1]:
+ print '<OPTION>' + option + '</OPTION>'
+ print '</SELECT>'
+
+ elif formVar[0] == 'button':
+ if formVar[3] != '':
+ nameAttr = makeNameAttr( formVar[3] )
+ if formVar[4] != '':
+ valueAttr = makeValueAttr( formVar[4] )
+
+ print '<INPUT type="submit"', nameAttr, valueAttr, attrs, '>'
+
+ elif formVar[0] == 'radiobutton':
+ if formVar[3] != '':
+ nameAttr = makeNameAttr( formVar[3] )
+ valueAttr = makeValueAttr( formVar[4][rb_select] )
+ htmlText = formVar[5][rb_select]
+ if formVar[4][rb_select] == formVar[1]:
+ checked = 'checked'
+ else:
+ checked = ''
+
+ print '<INPUT type="radio"', nameAttr, valueAttr, attrs, checked, '>', htmlText
+
+ elif formVar[0] == 'radiobutton-all':
+ if formVar[3] != '':
+ nameAttr = makeNameAttr( formVar[3] )
+ buttonVals = formVar[4]
+ buttonTexts = formVar[5]
+ for i, buttonVal in enumerate( buttonVals ):
+ htmlText = ''
+ addAttrs = ''
+ checked = ''
+
+ valueAttr = makeValueAttr( buttonVal )
+ if formVar[5] != '':
+ htmlText = formVar[5][i]
+ if attrs != '':
+ addAttrs = attrs[i]
+ if buttonVal == formVar[1]:
+ checked = 'checked'
+
+ print '<INPUT type="radio"', nameAttr, valueAttr, addAttrs, checked, '>', htmlText, '<BR>'
+
+ if formVar[2] != '':
+ nameAttr = makeNameAttr( formVar[2] )
+ valueAttr = makeValueAttr( formVar[1] )
+ print '<INPUT type="hidden"', nameAttr, valueAttr, '>'
+
+def sendHtmlHeaders( ):
+ # HTML headers
+ print 'Content-Type: text/html'
+ print
+
+def sendPolicyHtml( ):
+ global xmlError, xmlIncomplete, xmlMessages, formXmlGen
+
+ print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"'
+ print ' "http://www.w3.org/TR/html4/loose.dtd">'
+
+ print '<HTML>'
+
+ sendHtmlHead( )
+
+ print '<BODY>'
+
+ # An input XML file was specified that had errors, output the
+ # error information
+ if xmlError == 1:
+ print '<P>'
+ print 'An error has been encountered while processing the input '
+ print 'XML file:'
+ print '<UL>'
+ for msg in xmlMessages:
+ print '<LI>'
+ print msg
+ print '</UL>'
+ print '</BODY>'
+ print '</HTML>'
+ return
+
+ # When attempting to generate the XML output, all required data was not
+ # present, output the error information
+ if xmlIncomplete == 1:
+ print '<P>'
+ print 'An error has been encountered while validating the data'
+ print 'required for the output XML file:'
+ print '<UL>'
+ for msg in xmlMessages:
+ print '<LI>'
+ print msg
+ print '</UL>'
+ print '</BODY>'
+ print '</HTML>'
+ return
+
+ print '<CENTER>'
+ print '<FORM action="' + os.environ['SCRIPT_NAME'] + '" method="post">'
+ print '<TABLE class="container">'
+ print ' <COLGROUP>'
+ print ' <COL width="100%">'
+ print ' </COLGROUP>'
+
+ print ' <TR>'
+ print ' <TD>'
+ print ' <TABLE>'
+ print ' <TR>'
+ print ' <TD>'
+ sendHtmlFormVar( formDefaultButton, 'class="hidden"' )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD>'
+ sendHtmlFormVar( formXmlGen )
+ print ' </TD>'
+ print ' </TR>'
+ print ' </TABLE>'
+ print ' </TD>'
+ print ' </TR>'
+
+ # Policy header
+ print ' <TR>'
+ print ' <TD>'
+ sendPHeaderHtml( )
+ print ' </TD>'
+ print ' </TR>'
+
+ # Separator
+ print ' <TR><TD><HR></TD></TR>'
+
+ # Policy (types)
+ print ' <TR>'
+ print ' <TD>'
+ print ' <TABLE class="full">'
+ print ' <TR>'
+ print ' <TD width="49%">'
+ sendPSteHtml( )
+ print ' </TD>'
+ print ' <TD width="2%"> </TD>'
+ print ' <TD width="49%">'
+ sendPChWallHtml( )
+ print ' </TD>'
+ print ' </TR>'
+ print ' </TABLE>'
+ print ' </TD>'
+ print ' </TR>'
+
+ print '</TABLE>'
+ print '</FORM>'
+ print '</CENTER>'
+
+ print '</BODY>'
+
+ print '</HTML>'
+
+def sendHtmlHead( ):
+ global headTitle
+
+ print '<HEAD>'
+ print '<STYLE type="text/css">'
+ print ''
+ print '</STYLE>'
+ print '<TITLE>', headTitle, '</TITLE>'
+ print '</HEAD>'
+
+def sendPHeaderHtml( ):
+ global formPolicyName, formPolicyDate, formPolicyOrder, formPolicyUpdate
+
+ # Policy header definition
+ print '<TABLE class="full">'
+ print ' <COLGROUP>'
+ print ' <COL width="20%">'
+ print ' <COL width="80%">'
+ print ' </COLGROUP>'
+ print ' <TR>'
+ print ' <TD align="center" colspan="2" class="heading">Policy Information</TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD align="right">Name:</TD>'
+ print ' <TD align="left">'
+ sendHtmlFormVar( formPolicyName, 'class="full"' )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD align="right">Date:</TD>'
+ print ' <TD align="left">'
+ sendHtmlFormVar( formPolicyDate, 'class="full"' )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD align="right">Primary Policy:</TD>'
+ print ' <TD align="left">'
+ sendHtmlFormVar( formPolicyOrder )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD align="center" colspan="2">'
+ sendHtmlFormVar( formPolicyUpdate )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD align="center" colspan="2" class="subheading">'
+ print ' (The Policy Information is updated whenever an action is performed'
+ print ' or it can be updated separately using the "Update" button)'
+ print ' </TD>'
+ print ' </TR>'
+ print '</TABLE>'
+
+def sendPSteHtml( ):
+ global formSteTypes, formSteDel, formSteType, formSteAdd
+
+ # Simple Type Enforcement...
+ print '<TABLE class="full">'
+ print ' <COLGROUP>'
+ print ' <COL width="20%">'
+ print ' <COL width="80%">'
+ print ' </COLGROUP>'
+ print ' <TR>'
+ print ' <TD align="center" colspan="2" class="heading">Simple Type Enforcement Types</TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD colspan="2">'
+ sendHtmlFormVar( formSteTypes, 'class="full" size="4" multiple' )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD>'
+ sendHtmlFormVar( formSteDel, 'class="full"' )
+ print ' </TD>'
+ print ' <TD>'
+ print ' Delete the type(s) selected above'
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD colspan="2">'
+ sendHtmlFormVar( formSteType, 'class="full"' )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD>'
+ sendHtmlFormVar( formSteAdd, 'class="full"' )
+ print ' </TD>'
+ print ' <TD>'
+ print ' Create a new type with the above name'
+ print ' </TD>'
+ print ' </TR>'
+ print '</TABLE>'
+
+def sendPChWallHtml( ):
+ global formChWallTypes, formChWallDel, formChWallType, formChWallAdd
+ global formCSNames, formCSName, formCSAdd, allCSDel
+ global allCSMTypes, allCSMDel, allCSMType, allCSMAdd
+
+ # Chinese Wall...
+ print '<TABLE class="full">'
+ print ' <COLGROUP>'
+ print ' <COL width="20%">'
+ print ' <COL width="80%">'
+ print ' </COLGROUP>'
+ print ' <TR>'
+ print ' <TD align="center" colspan="2" class="heading">Chinese Wall Types</TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD colspan="2">'
+ sendHtmlFormVar( formChWallTypes, 'class="full" size="4" multiple' )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD>'
+ sendHtmlFormVar( formChWallDel, 'class="full"' )
+ print ' </TD>'
+ print ' <TD>'
+ print ' Delete the type(s) selected above'
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD colspan="2">'
+ sendHtmlFormVar( formChWallType, 'class="full"' )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD>'
+ sendHtmlFormVar( formChWallAdd, 'class="full"' )
+ print ' </TD>'
+ print ' <TD>'
+ print ' Create a new type with the above name'
+ print ' </TD>'
+ print ' </TR>'
+
+ # Chinese Wall Conflict Sets...
+ print ' <TR>'
+ print ' <TD colspan="2">'
+ print ' <TABLE class="full">'
+ print ' <COLGROUP>'
+ print ' <COL width="20%">'
+ print ' <COL width="30%">'
+ print ' <COL width="50%">'
+ print ' </COLGROUP>'
+ print ' <THEAD>'
+ print ' <TR>'
+ print ' <TD align="center" colspan="3"><HR></TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD align="center" colspan="3">Chinese Wall Conflict Sets</TD>'
+ print ' </TR>'
+ print ' </THEAD>'
+ print ' <TR>'
+ print ' <TD colspan="3">'
+ sendHtmlFormVar( formCSName, 'class="full"' )
+ sendHtmlFormVar( formCSNames )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD>'
+ sendHtmlFormVar( formCSAdd, 'class="full"' )
+ print ' </TD>'
+ print ' <TD colspan="2">'
+ print ' Create a new conflict set with the above name'
+ print ' </TD>'
+ print ' </TR>'
+ print ' </TABLE>'
+ print ' </TD>'
+ print ' </TR>'
+ if len( formCSNames[1] ) > 0:
+ print ' <TR>'
+ print ' <TD colspan="2">'
+ print '  '
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD colspan="2">'
+ print ' <TABLE class="fullbox">'
+ print ' <COLGROUP>'
+ print ' <COL width="50%">'
+ print ' <COL width="50%">'
+ print ' </COLGROUP>'
+ print ' <THEAD>'
+ print ' <TR>'
+ print ' <TD class="fullbox">Name</TD>'
+ print ' <TD class="fullbox">Actions</TD>'
+ print ' </TR>'
+ print ' </THEAD>'
+ for i, csName in enumerate( formCSNames[1] ):
+ print ' <TR>'
+ print ' <TD class="fullbox">' + csName + '</TD>'
+ print ' <TD class="fullbox">'
+ print ' <A href="#' + csName + '">Edit</A>'
+ formVar = allCSDel[csName]
+ sendHtmlFormVar( formVar, 'class="link"' )
+ print ' </TD>'
+ print ' </TABLE>'
+ print ' </TD>'
+ print ' </TR>'
+ for csName in formCSNames[1]:
+ print ' <TR><TD colspan="2"><HR></TD></TR>'
+ print ' <TR>'
+ print ' <TD align="center" colspan="2" class="heading"><A name="' + csName + '">Conflict Set: ' + csName + '</A></TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD colspan="2">'
+ formVar = allCSMTypes[csName];
+ sendHtmlFormVar( formVar, 'class="full" size="4" multiple"' )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD>'
+ formVar = allCSMDel[csName]
+ sendHtmlFormVar( formVar, 'class="full"' )
+ print ' </TD>'
+ print ' <TD>'
+ print ' Delete the type(s) selected above'
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD colspan="2">'
+ ctSet = Set( formChWallTypes[1] )
+ csSet = Set( allCSMTypes[csName][1] )
+ formVar = allCSMType[csName]
+ formVar[1] = []
+ for chwallType in ctSet.difference( csSet ):
+ formVar[1].append( chwallType )
+ formVar[1].sort( )
+ sendHtmlFormVar( formVar, 'class="full" size="2" multiple' )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD>'
+ formVar = allCSMAdd[csName]
+ sendHtmlFormVar( formVar, 'class="full"' )
+ print ' </TD>'
+ print ' <TD>'
+ print ' Add the type(s) selected above'
+ print ' </TD>'
+ print ' </TR>'
+
+ print '</TABLE>'
+
+def checkXmlData( ):
+ global xmlIncomplete
+
+ # Validate the Policy Header requirements
+ if ( len( formPolicyName[1] ) > 0 ) or ( len( formPolicyDate[1] ) > 0 ):
+ if ( len( formPolicyName[1] ) == 0 ) or ( len( formPolicyDate[1] ) == 0 ):
+ msg = ''
+ msg = msg + 'The XML policy schema requires that the Policy '
+ msg = msg + 'Information Name and Date fields both have values '
+ msg = msg + 'or both not have values.'
+ formatXmlGenError( msg )
+
+ if formPolicyOrder[1] == 'v_ChWall':
+ if len( formChWallTypes[1] ) == 0:
+ msg = ''
+ msg = msg + 'You have specified the primary policy to be '
+ msg = msg + 'Chinese Wall but have not created any Chinese '
+ msg = msg + 'Wall types. Please create some Chinese Wall '
+ msg = msg + 'types or change the primary policy.'
+ formatXmlGenError( msg )
+
+ if formPolicyOrder[1] == 'v_Ste':
+ if len( formSteTypes[1] ) == 0:
+ msg = ''
+ msg = msg + 'You have specified the primary policy to be '
+ msg = msg + 'Simple Type Enforcement but have not created '
+ msg = msg + 'any Simple Type Enforcement types. Please create '
+ msg = msg + 'some Simple Type Enforcement types or change the '
+ msg = msg + 'primary policy.'
+ formatXmlGenError( msg )
+
+ # Validate the Chinese Wall required data
+ if len( formChWallTypes[1] ) > 0:
+ if len( formCSNames[1] ) == 0:
+ msg = ''
+ msg = msg + 'The XML policy schema for the Chinese Wall '
+ msg = msg + 'requires at least one Conflict Set be defined.'
+ formatXmlGenError( msg )
+
+def sendXmlHeaders( ):
+ # HTML headers
+ print 'Content-Type: text/xml'
+ print 'Content-Disposition: attachment; filename=security_policy.xml'
+ print
+
+def sendPolicyXml( ):
+ print '<?xml version="1.0"?>'
+
+ print '<SecurityPolicyDefinition xmlns="http://www.ibm.com"'
+ print ' xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"'
+ print ' xsi:schemaLocation="http://www.ibm.com security_policy.xsd">'
+
+ # Policy header
+ sendPHeaderXml( )
+
+ # Policy (types)
+ sendPSteXml( )
+ sendPChWallXml( )
+
+ print '</SecurityPolicyDefinition>'
+
+def sendPHeaderXml( ):
+ global formPolicyName, formPolicyDate
+
+ # Policy header definition
+ if ( len( formPolicyName[1] ) > 0 ) or ( len( formPolicyDate[1] ) > 0 ):
+ print '<PolicyHeader>'
+ print ' <Name>' + formPolicyName[1] + '</Name>'
+ print ' <Date>' + formPolicyDate[1] + '</Date>'
+ print '</PolicyHeader>'
+
+def sendPSteXml( ):
+ global formPolicyOrder, formSteTypes
+
+ # Simple Type Enforcement...
+ if len( formSteTypes[1] ) == 0:
+ return
+
+ if formPolicyOrder[1] == 'v_Ste':
+ print '<SimpleTypeEnforcement priority="PrimaryPolicyComponent">'
+ else:
+ print '<SimpleTypeEnforcement>'
+
+ print ' <SimpleTypeEnforcementTypes>'
+ for steType in formSteTypes[1]:
+ print ' <Type>' + steType + '</Type>'
+ print ' </SimpleTypeEnforcementTypes>'
+
+ print '</SimpleTypeEnforcement>'
+
+def sendPChWallXml( ):
+ global formPolicyOrder, formChWallTypes
+ global formCSNames, allCSMTypes
+
+ # Chinese Wall...
+ if len( formChWallTypes[1] ) == 0:
+ return
+
+ if formPolicyOrder[1] == 'v_ChWall':
+ print '<ChineseWall priority="PrimaryPolicyComponent">'
+ else:
+ print '<ChineseWall>'
+
+ print ' <ChineseWallTypes>'
+ for chWallType in formChWallTypes[1]:
+ print ' <Type>' + chWallType + '</Type>'
+ print ' </ChineseWallTypes>'
+
+ # Chinese Wall Conflict Sets...
+ print ' <ConflictSets>'
+ for cs in formCSNames[1]:
+ formVar = allCSMTypes[cs]
+ if len( formVar[1] ) == 0:
+ continue
+ print ' <Conflict name="' + cs + '">'
+ for csm in formVar[1]:
+ print ' <Type>' + csm + '</Type>'
+ print ' </Conflict>'
+ print ' </ConflictSets>'
+
+ print '</ChineseWall>'
+
+
+# Set up initial HTML variables
+headTitle = 'Xen Policy Generation'
+
+# Form variables
+# The format of these variables is as follows:
+# [ p0, p1, p2, p3, p4, p5 ]
+# p0 = input type
+# p1 = the current value of the variable
+# p2 = the hidden input name attribute
+# p3 = the name attribute
+# p4 = the value attribute
+# p5 = text to associate with the tag
+formPolicyName = [. 'text',
+ '',
+ 'h_policyName',
+ 'i_policyName',
+ '',
+ '',
+ ]
+formPolicyDate = [. 'text',
+ getCurrentTime( ),
+ 'h_policyDate',
+ 'i_policyDate',
+ '',
+ '',
+ ]
+formPolicyOrder = [. 'radiobutton-all',
+ 'v_ChWall',
+ 'h_policyOrder',
+ 'i_policyOrder',
+ [ 'v_Ste', 'v_ChWall' ],
+ [ 'Simple Type Enforcement', 'Chinese Wall' ],
+ ]
+formPolicyUpdate = [. 'button',
+ '',
+ '',
+ 'i_PolicyUpdate',
+ 'Update',
+ '',
+ ]
+
+formSteTypes = [ 'list',
+ [],
+ 'h_steTypes',
+ 'i_steTypes',
+ '',
+ '',
+ ]
+formSteDel = [. 'button',
+ '',
+ '',
+ 'i_steDel',
+ 'Delete',
+ '',
+ ]
+formSteType = [. 'text',
+ '',
+ '',
+ 'i_steType',
+ '',
+ '',
+ ]
+formSteAdd = [. 'button',
+ '',
+ '',
+ 'i_steAdd',
+ 'New',
+ '',
+ ]
+
+formChWallTypes = [ 'list',
+ [],
+ 'h_chwallTypes',
+ 'i_chwallTypes',
+ '',
+ '',
+ ]
+formChWallDel = [. 'button',
+ '',
+ '',
+ 'i_chwallDel',
+ 'Delete',
+ '',
+ ]
+formChWallType = [. 'text',
+ '',
+ '',
+ 'i_chwallType',
+ '',
+ '',
+ ]
+formChWallAdd = [. 'button',
+ '',
+ '',
+ 'i_chwallAdd',
+ 'New',
+ '',
+ ]
+
+formCSNames = [ '',
+ [],
+ 'h_csNames',
+ '',
+ '',
+ '',
+ ]
+formCSName = [. 'text',
+ '',
+ '',
+ 'i_csName',
+ '',
+ '',
+ ]
+formCSAdd = [. 'button',
+ '',
+ '',
+ 'i_csAdd',
+ 'New',
+ '',
+ ]
+
+formXmlGen = [. 'button',
+ '',
+ '',
+ 'i_xmlGen',
+ 'Generate XML',
+ '',
+ ]
+
+formDefaultButton = [. 'button',
+ '',
+ '',
+ 'i_defaultButton',
+ '.',
+ '',
+ ]
+
+# This is a set of templates used for each conflict set
+# Each conflict set is initially assigned these templates,
+# then each form attribute value is changed to append
+# "_conflict-set-name" for uniqueness
+templateCSDel = [. 'button',
+ '',
+ '',
+ 'i_csDel',
+ 'Delete',
+ '',
+ ]
+allCSDel = {};
+
+templateCSMTypes = [ 'list',
+ [],
+ 'h_csmTypes',
+ 'i_csmTypes',
+ '',
+ '',
+ ]
+templateCSMDel = [. 'button',
+ '',
+ '',
+ 'i_csmDel',
+ 'Delete',
+ '',
+ ]
+templateCSMType = [ 'list',
+ [],
+ '',
+ 'i_csmType',
+ '',
+ '',
+ ]
+templateCSMAdd = [. 'button',
+ '',
+ '',
+ 'i_csmAdd',
+ 'Add',
+ '',
+ ]
+allCSMTypes = {};
+allCSMDel = {};
+allCSMType = {};
+allCSMAdd = {};
+
+# A list of all form variables used for saving info across requests
+formVariables = [. formPolicyName,
+ formPolicyDate,
+ formPolicyOrder,
+ formSteTypes,
+ formChWallTypes,
+ formCSNames,
+ ]
+
+policyXml = ''
+xmlError = 0
+xmlIncomplete = 0
+xmlMessages = []
+
+
+# Extract any form data
+formData = cgi.FieldStorage( )
+
+# Process the form
+getSavedData( )
+processRequest( )
+
+if formData.has_key( formXmlGen[3] ):
+ # Generate and send the XML file
+ checkXmlData( )
+
+ if xmlIncomplete == 0:
+ sendXmlHeaders( )
+ sendPolicyXml( )
+
+if (not formData.has_key( formXmlGen[3] )) or (xmlIncomplete == 1 ):
+ # Send HTML to continue processing the form
+ sendHtmlHeaders( )
+ sendPolicyHtml( )
diff -r b438b8cb38f8 -r 269abc1e4fa5 tools/security/python/xensec_gen/cgi-bin/policylabel.cgi
--- /dev/null Tue Dec 13 16:08:05 2005
+++ b/tools/security/python/xensec_gen/cgi-bin/policylabel.cgi Tue Dec 13 16:12:59 2005
@@ -0,0 +1,1396 @@
+#!/usr/bin/python
+#
+# The Initial Developer of the Original Code is International
+# Business Machines Corporation. Portions created by IBM
+# Corporation are Copyright (C) 2005 International Business
+# Machines Corporation. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License,
+# or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import os
+import cgi
+import cgitb; cgitb.enable( )
+import time
+import xml.dom.minidom
+import xml.sax
+import xml.sax.handler
+from StringIO import StringIO
+from sets import Set
+
+def getSavedData( ):
+ global formData, policyXml, policyLabelXml
+ global formVariables, formVmNames
+ global allVmChWs, allVmStes
+
+ # Process the XML upload policy file
+ if formData.has_key( 'i_policy' ):
+ dataList = formData.getlist( 'i_policy' )
+ if len( dataList ) > 0:
+ policyXml = dataList[0].strip( )
+
+ # The XML upload policy file must be specified at the start
+ if formData.has_key( 'i_policyLabelCreate' ):
+ if policyXml == '':
+ msg = ''
+ msg = msg + 'A Policy file was not supplied. A Policy file '
+ msg = msg + 'must be supplied in order to successfully create '
+ msg = msg + 'a Policy Labeling file.'
+ formatXmlError( msg )
+
+ # Process the XML upload policy label file
+ if formData.has_key( 'i_policyLabel' ):
+ dataList = formData.getlist( 'i_policyLabel' )
+ if len( dataList ) > 0:
+ policyLabelXml = dataList[0].strip( )
+
+ # Process all the hidden input variables (if present)
+ for formVar in formVariables:
+ if formVar[2] == '':
+ continue
+
+ if formData.has_key( formVar[2] ):
+ dataList = formData.getlist( formVar[2] )
+ if len( dataList ) > 0:
+ if isinstance( formVar[1], list ):
+ exec 'formVar[1] = ' + dataList[0]
+ else:
+ formVar[1] = dataList[0]
+
+ # The form can contain any number of "Virtual Machines"
+ # so update the list of form variables to include
+ # each virtual machine (hidden input variable)
+ for vmName in formVmNames[1]:
+ newVm( vmName )
+
+ vmFormVar = allVmChWs[vmName]
+ if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ):
+ dataList = formData.getlist( vmFormVar[2] )
+ if len( dataList ) > 0:
+ if isinstance( vmFormVar[1], list ):
+ exec 'vmFormVar[1] = ' + dataList[0]
+ else:
+ vmFormVar[1] = dataList[0]
+
+ vmFormVar = allVmStes[vmName]
+ if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ):
+ dataList = formData.getlist( vmFormVar[2] )
+ if len( dataList ) > 0:
+ if isinstance( vmFormVar[1], list ):
+ exec 'vmFormVar[1] = ' + dataList[0]
+ else:
+ vmFormVar[1] = dataList[0]
+
+def getCurrentTime( ):
+ return time.strftime( '%Y-%m-%d %H:%M:%S', time.localtime( ) )
+
+def getName( domNode ):
+ nameNodes = domNode.getElementsByTagName( 'Name' )
+ if len( nameNodes ) == 0:
+ formatXmlError( '"<Name>" tag is missing' )
+ return None
+
+ name = ''
+ for childNode in nameNodes[0].childNodes:
+ if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+ name = name + childNode.data
+
+ return name
+
+def getDate( domNode ):
+ dateNodes = domNode.getElementsByTagName( 'Date' )
+ if len( dateNodes ) == 0:
+ formatXmlError( '"<Date>" tag is missing' )
+ return None
+
+ date = ''
+ for childNode in dateNodes[0].childNodes:
+ if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+ date = date + childNode.data
+
+ return date
+
+def getDefUrl( domNode ):
+ domNodes = domNode.getElementsByTagName( 'PolicyName' )
+ if len( domNodes ) == 0:
+ formatXmlError( '"<PolicyName>" tag is missing' )
+ return None
+
+ urlNodes = domNode.getElementsByTagName( 'Url' )
+ if len( urlNodes ) == 0:
+ formatXmlError( '"<Url>" tag is missing' )
+ return None
+
+ url = ''
+ for childNode in urlNodes[0].childNodes:
+ if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+ url = url + childNode.data
+
+ return url
+
+def getDefRef( domNode ):
+ domNodes = domNode.getElementsByTagName( 'PolicyName' )
+ if len( domNodes ) == 0:
+ formatXmlError( '"<PolicyName>" tag is missing' )
+ return None
+
+ refNodes = domNode.getElementsByTagName( 'Reference' )
+ if len( refNodes ) == 0:
+ formatXmlError( '"<Reference>" tag is missing' )
+ return None
+
+ ref = ''
+ for childNode in refNodes[0].childNodes:
+ if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+ ref = ref + childNode.data
+
+ return ref
+
+def getSteTypes( domNode, missingIsError = 0 ):
+ steNodes = domNode.getElementsByTagName( 'SimpleTypeEnforcementTypes' )
+ if len( steNodes ) == 0:
+ if missingIsError == 1:
+ formatXmlError( '"<SimpleTypeEnforcementTypes>" tag is missing' )
+ return None
+ else:
+ return []
+
+ return getTypes( steNodes[0] )
+
+def getChWTypes( domNode, missingIsError = 0 ):
+ chwNodes = domNode.getElementsByTagName( 'ChineseWallTypes' )
+ if len( chwNodes ) == 0:
+ if missingIsError == 1:
+ formatXmlError( '"<ChineseWallTypes>" tag is missing' )
+ return None
+ else:
+ return []
+
+ return getTypes( chwNodes[0] )
+
+def getTypes( domNode ):
+ types = []
+
+ domNodes = domNode.getElementsByTagName( 'Type' )
+ if len( domNodes ) == 0:
+ formatXmlError( '"<Type>" tag is missing' )
+ return None
+
+ for domNode in domNodes:
+ typeText = ''
+ for childNode in domNode.childNodes:
+ if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+ typeText = typeText + childNode.data
+
+ if typeText == '':
+ formatXmlError( 'No text associated with the "<Type>" tag' )
+ return None
+
+ types.append( typeText )
+
+ return types
+
+def formatXmlError( msg, xml = '', lineNum = -1, colNum = -1 ):
+ global xmlMessages, xmlError
+
+ xmlError = 1
+ addMsg = cgi.escape( msg )
+
+ if lineNum != -1:
+ sio = StringIO( xml )
+ for xmlLine in sio:
+ lineNum = lineNum - 1
+ if lineNum == 0:
+ break;
+
+ addMsg += '<BR><PRE>' + cgi.escape( xmlLine.rstrip( ) )
+
+ if colNum != -1:
+ errLine = ''
+ for i in range( colNum ):
+ errLine = errLine + '-'
+
+ addMsg += '\n' + errLine + '^'
+
+ addMsg += '</PRE>'
+
+ xmlMessages.append( addMsg )
+
+def formatXmlGenError( msg ):
+ global xmlMessages, xmlIncomplete
+
+ xmlIncomplete = 1
+ xmlMessages.append( cgi.escape( msg ) )
+
+def parseXml( xmlInput ):
+ global xmlMessages, xmlError, xmlLine, xmlColumn
+
+ xmlParser = xml.sax.make_parser( )
+ try:
+ domDoc = xml.dom.minidom.parseString( xmlInput, xmlParser )
+
+ except xml.sax.SAXParseException, xmlErr:
+ msg = ''
+ msg = msg + 'XML parsing error occurred at line '
+ msg = msg + `xmlErr.getLineNumber( )`
+ msg = msg + ', column '
+ msg = msg + `xmlErr.getColumnNumber( )`
+ msg = msg + ': reason = "'
+ msg = msg + xmlErr.getMessage( )
+ msg = msg + '"'
+ formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), xmlErr.getColumnNumber( ) )
+ return None
+
+ except xml.sax.SAXException, xmlErr:
+ msg = ''
+ msg = msg + 'XML Parsing error: ' + `xmlErr`
+ formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), xmlErr.getColumnNumber( ) )
+ return None
+
+ return domDoc
+
+def parsePolicyXml( ):
+ global policyXml
+ global formSteTypes, formChWallTypes
+
+ domDoc = parseXml( policyXml )
+ if domDoc == None:
+ return
+
+ domRoot = domDoc.documentElement
+ domNodes = domRoot.getElementsByTagName( 'SimpleTypeEnforcement' )
+ if len( domNodes ) > 0:
+ steTypes = getSteTypes( domNodes[0], 1 )
+ if steTypes == None:
+ msg = ''
+ msg = msg + 'Error processing the SimpleTypeEnforcement types.\n'
+ msg = msg + 'Please validate the Policy Definition file used.'
+ formatXmlError( msg )
+ return
+
+ formSteTypes[1] = steTypes
+
+ domNodes = domRoot.getElementsByTagName( 'ChineseWall' )
+ if len( domNodes ) > 0:
+ chwTypes = getChWTypes( domNodes[0], 1 )
+ if chwTypes == None:
+ msg = ''
+ msg = msg + 'Error processing the ChineseWall types.\n'
+ msg = msg + 'Please validate the Policy Definition file used.'
+ formatXmlError( msg )
+ return
+
+ formChWallTypes[1] = chwTypes
+
+def parsePolicyLabelXml( ):
+ global policyLabelXml
+
+ domDoc = parseXml( policyLabelXml )
+ if domDoc == None:
+ return
+
+ domRoot = domDoc.documentElement
+ domHeaders = domRoot.getElementsByTagName( 'LabelHeader' )
+ if len( domHeaders ) == 0:
+ msg = ''
+ msg = msg + '"<LabelHeader>" tag is missing.\n'
+ msg = msg + 'Please validate the Policy Labeling file used.'
+ formatXmlError( msg )
+ return
+
+ pName = getName( domHeaders[0] )
+ if pName == None:
+ msg = ''
+ msg = msg + 'Error processing the Policy Labeling header information.\n'
+ msg = msg + 'Please validate the Policy Labeling file used.'
+ formatXmlError( msg )
+ return
+
+ formPolicyLabelName[1] = pName
+
+ pDate = getDate( domHeaders[0] )
+ if pDate == None:
+ msg = ''
+ msg = msg + 'Error processing the Policy Labeling header information.\n'
+ msg = msg + 'Please validate the Policy Labeling file used.'
+ formatXmlError( msg )
+ return
+
+ formPolicyLabelDate[1] = pDate
+
+ pUrl = getDefUrl( domHeaders[0] )
+ if pUrl == None:
+ msg = ''
+ msg = msg + 'Error processing the Policy Labeling header information.\n'
+ msg = msg + 'Please validate the Policy Labeling file used.'
+ formatXmlError( msg )
+ return
+
+ formPolicyUrl[1] = pUrl
+
+ pRef = getDefRef( domHeaders[0] )
+ if pRef == None:
+ msg = ''
+ msg = msg + 'Error processing the Policy Labeling header information.\n'
+ msg = msg + 'Please validate the Policy Labeling file used.'
+ formatXmlError( msg )
+ return
+
+ formPolicyRef[1] = pRef
+
+ domSubjects = domRoot.getElementsByTagName( 'SubjectLabels' )
+ if len( domSubjects ) > 0:
+ formVmNameDom0[1] = domSubjects[0].getAttribute( 'bootstrap' )
+ domNodes = domSubjects[0].getElementsByTagName( 'VirtualMachineLabel' )
+ for domNode in domNodes:
+ vmName = getName( domNode )
+ if vmName == None:
+ msg = ''
+ msg = msg + 'Error processing the VirtualMachineLabel name.\n'
+ msg = msg + 'Please validate the Policy Labeling file used.'
+ formatXmlError( msg )
+ continue
+
+ steTypes = getSteTypes( domNode )
+ if steTypes == None:
+ msg = ''
+ msg = msg + 'Error processing the SimpleTypeEnforcement types.\n'
+ msg = msg + 'Please validate the Policy Labeling file used.'
+ formatXmlError( msg )
+ return
+
+ chwTypes = getChWTypes( domNode )
+ if chwTypes == None:
+ msg = ''
+ msg = msg + 'Error processing the ChineseWall types.\n'
+ msg = msg + 'Please validate the Policy Labeling file used.'
+ formatXmlError( msg )
+ return
+
+ newVm( vmName, 1 )
+ allVmStes[vmName][1] = steTypes
+ allVmChWs[vmName][1] = chwTypes
+
+def removeDups( curList ):
+ newList = []
+ curSet = Set( curList )
+ for x in curSet:
+ newList.append( x )
+ newList.sort( )
+
+ return newList
+
+def newVm( vmName, addToList = 0 ):
+ global formVmNames
+ global templateVmDel, allVmDel, templateVmDom0, allVmDom0
+ global templateVmChWs, templateVmChWDel, templateVmChW, templateVmChWAdd
+ global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd
+ global templateVmStes, templateVmSteDel, templateVmSte, templateVmSteAdd
+ global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd
+
+ # Make sure we have an actual name and check one of the 'all'
+ # variables to be sure it hasn't been previously defined
+ if (len( vmName ) > 0) and (not allVmDom0.has_key( vmName )):
+ vmSuffix = '_' + vmName
+ allVmDom0[vmName] = modFormTemplate( templateVmDom0, vmSuffix )
+ allVmDel[vmName] = modFormTemplate( templateVmDel, vmSuffix )
+ allVmChWs[vmName] = modFormTemplate( templateVmChWs, vmSuffix )
+ allVmChWDel[vmName] = modFormTemplate( templateVmChWDel, vmSuffix )
+ allVmChW[vmName] = modFormTemplate( templateVmChW, vmSuffix )
+ allVmChWAdd[vmName] = modFormTemplate( templateVmChWAdd, vmSuffix )
+ allVmStes[vmName] = modFormTemplate( templateVmStes, vmSuffix )
+ allVmSteDel[vmName] = modFormTemplate( templateVmSteDel, vmSuffix )
+ allVmSte[vmName] = modFormTemplate( templateVmSte, vmSuffix )
+ allVmSteAdd[vmName] = modFormTemplate( templateVmSteAdd, vmSuffix )
+ if addToList == 1:
+ formVmNames[1].append( vmName )
+ formVmNames[1] = removeDups( formVmNames[1] )
+
+def updateInfo( ):
+ global formData, formPolicyLabelName, formPolicyLabelDate
+ global formPolicyUrl, formPolicyRef
+
+ if formData.has_key( formPolicyLabelName[3] ):
+ formPolicyLabelName[1] = formData[formPolicyLabelName[3]].value
+ elif formData.has_key( formPolicyLabelUpdate[3] ):
+ formPolicyLabelName[1] = ''
+
+ if formData.has_key( formPolicyLabelDate[3] ):
+ formPolicyLabelDate[1] = formData[formPolicyLabelDate[3]].value
+ elif formData.has_key( formPolicyLabelUpdate[3] ):
+ formPolicyLabelDate[1] = ''
+
+ if formData.has_key( formPolicyUrl[3] ):
+ formPolicyUrl[1] = formData[formPolicyUrl[3]].value
+ elif formData.has_key( formPolicyLabelUpdate[3] ):
+ formPolicyUrl[1] = ''
+
+ if formData.has_key( formPolicyRef[3] ):
+ formPolicyRef[1] = formData[formPolicyRef[3]].value
+ elif formData.has_key( formPolicyLabelUpdate[3] ):
+ formPolicyRef[1] = ''
+
+def addVm( ):
+ global formData, fromVmName, formVmNames, formVmNameDom0
+
+ if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( formVmAdd[3] )):
+ if formData.has_key( formVmName[3] ):
+ vmName = formData[formVmName[3]].value
+ vmName = vmName.strip( )
+ newVm( vmName, 1 )
+ if formVmNameDom0[1] == '':
+ formVmNameDom0[1] = vmName
+
+def delVm( vmName ):
+ global formVmNames, formVmNameDom0
+ global allVmDel, allVmDom0
+ global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd
+ global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd
+
+ vmName = vmName.strip( )
+ formVmNames[1].remove( vmName )
+ del allVmDom0[vmName]
+ del allVmDel[vmName]
+ del allVmChWs[vmName]
+ del allVmChWDel[vmName]
+ del allVmChW[vmName]
+ del allVmChWAdd[vmName]
+ del allVmStes[vmName]
+ del allVmSteDel[vmName]
+ del allVmSte[vmName]
+ del allVmSteAdd[vmName]
+
+ if formVmNameDom0[1] == vmName:
+ if len( formVmNames[1] ) > 0:
+ formVmNameDom0[1] = formVmNames[1][0]
+ else:
+ formVmNameDom0[1] = ''
+
+def makeVmDom0( vmName ):
+ global formVmNameDom0
+
+ vmName = vmName.strip( )
+ formVmNameDom0[1] = vmName
+
+def addVmChW( chwName ):
+ global formData, allVmChW, allVmChWs
+
+ formVar = allVmChW[chwName]
+ if formData.has_key( formVar[3] ):
+ chwList = formData.getlist( formVar[3] )
+ formVar = allVmChWs[chwName]
+ for chw in chwList:
+ chw = chw.strip( )
+ formVar[1].append( chw )
+ formVar[1] = removeDups( formVar[1] )
+
+def delVmChW( chwName ):
+ global formData, allVmChWs
+
+ formVar = allVmChWs[chwName]
+ if formData.has_key( formVar[3] ):
+ chwList = formData.getlist( formVar[3] )
+ for chw in chwList:
+ chw = chw.strip( )
+ formVar[1].remove( chw )
+
+def addVmSte( steName ):
+ global formData, allVmSte, allVmStes
+
+ formVar = allVmSte[steName]
+ if formData.has_key( formVar[3] ):
+ steList = formData.getlist( formVar[3] )
+ formVar = allVmStes[steName]
+ for ste in steList:
+ ste = ste.strip( )
+ formVar[1].append( ste )
+ formVar[1] = removeDups( formVar[1] )
+
+def delVmSte( steName ):
+ global formData, allVmStes
+
+ formVar = allVmStes[steName]
+ if formData.has_key( formVar[3] ):
+ steList = formData.getlist( formVar[3] )
+ for ste in steList:
+ ste = ste.strip( )
+ formVar[1].remove( ste )
+
+def processRequest( ):
+ global formData, policyXml, policyLabelXml, formPolicyLabelUpdate
+ global formVmAdd
+ global formVmNames, allVmDel, allVmDom0
+ global allVmChWAdd, allVmChWDel, allVmSteAdd, allVmSteDel
+
+ if policyXml != '':
+ parsePolicyXml( )
+
+ if policyLabelXml != '':
+ parsePolicyLabelXml( )
+
+ # Allow the updating of the header information whenever
+ # an action is performed
+ updateInfo( )
+
+ # Allow the adding of labels if the user has hit the
+ # enter key when attempting to add a type/set
+ addVm( )
+
+ for vmName in formVmNames[1]:
+ if formData.has_key( allVmDel[vmName][3] ):
+ delVm( vmName )
+ continue
+
+ if formData.has_key( allVmDom0[vmName][3] ):
+ makeVmDom0( vmName )
+
+ if formData.has_key( allVmChWAdd[vmName][3] ):
+ addVmChW( vmName )
+
+ elif formData.has_key( allVmChWDel[vmName][3] ):
+ delVmChW( vmName )
+
+ elif formData.has_key( allVmSteAdd[vmName][3] ):
+ addVmSte( vmName )
+
+ elif formData.has_key( allVmSteDel[vmName][3] ):
+ delVmSte( vmName )
+
+def modFormTemplate( formTemplate, suffix ):
+ formVar = [x for x in formTemplate]
+
+ if formVar[2] != '':
+ formVar[2] = formVar[2] + suffix
+ if formVar[3] != '':
+ formVar[3] = formVar[3] + suffix
+ if (formVar[0] != 'button') and (formVar[4] != ''):
+ formVar[4] = formVar[4] + suffix
+
+ return formVar;
+
+def makeName( name, suffix='' ):
+ rName = name
+ if suffix != '':
+ rName = rName + '_' + suffix
+
+ return rName
+
+def makeNameAttr( name, suffix='' ):
+ return 'name="' + makeName( name, suffix ) + '"'
+
+def makeValue( value, suffix='' ):
+ rValue = value
+
+ if isinstance( value, list ):
+ rValue = '[.'
+ for val in value:
+ rValue = rValue + '\'' + val
+ if suffix != '':
+ rValue = rValue + '_' + suffix
+ rValue = rValue + '\','
+ rValue = rValue + ']'
+
+ else:
+ if suffix != '':
+ rValue = rValue + '_' + suffix
+
+ return rValue
+
+def makeValueAttr( value, suffix='' ):
+ return 'value="' + makeValue( value, suffix ) + '"'
+
+def sendHtmlFormVar( formVar, attrs='', rb_select=0 ):
+ nameAttr = ''
+ valueAttr = ''
+ htmlText = ''
+
+ if formVar[0] == 'text':
+ if formVar[3] != '':
+ nameAttr = makeNameAttr( formVar[3] )
+ valueAttr = makeValueAttr( formVar[1] )
+
+ print '<INPUT type="text"', nameAttr, valueAttr, attrs, '>'
+
+ elif formVar[0] == 'list':
+ if formVar[3] != '':
+ nameAttr = makeNameAttr( formVar[3] )
+
+ print '<SELECT', nameAttr, attrs, '>'
+ for option in formVar[1]:
+ print '<OPTION>' + option + '</OPTION>'
+ print '</SELECT>'
+
+ elif formVar[0] == 'button':
+ if formVar[3] != '':
+ nameAttr = makeNameAttr( formVar[3] )
+ if formVar[4] != '':
+ valueAttr = makeValueAttr( formVar[4] )
+
+ print '<INPUT type="submit"', nameAttr, valueAttr, attrs, '>'
+
+ elif formVar[0] == 'radiobutton':
+ if formVar[3] != '':
+ nameAttr = makeNameAttr( formVar[3] )
+ valueAttr = makeValueAttr( formVar[4][rb_select] )
+ htmlText = formVar[5][rb_select]
+ if formVar[4][rb_select] == formVar[1]:
+ checked = 'checked'
+ else:
+ checked = ''
+
+ print '<INPUT type="radio"', nameAttr, valueAttr, attrs, checked, '>', htmlText
+
+ elif formVar[0] == 'radiobutton-all':
+ if formVar[3] != '':
+ nameAttr = makeNameAttr( formVar[3] )
+ buttonVals = formVar[4]
+ for i, buttonVal in enumerate( buttonVals ):
+ htmlText = ''
+ addAttrs = ''
+ checked = ''
+
+ valueAttr = makeValueAttr( buttonVal )
+ if formVar[5] != '':
+ htmlText = formVar[5][i]
+ if attrs != '':
+ addAttrs = attrs[i]
+ if buttonVal == formVar[1]:
+ checked = 'checked'
+
+ print '<INPUT type="radio"', nameAttr, valueAttr, addAttrs, checked, '>', htmlText
+
+ if ( formVar[2] != '' ) and ( rb_select == 0 ):
+ nameAttr = makeNameAttr( formVar[2] )
+ valueAttr = makeValueAttr( formVar[1] )
+ print '<INPUT type="hidden"', nameAttr, valueAttr, '>'
+
+def sendHtmlHeaders( ):
+ # HTML headers
+ print 'Content-Type: text/html'
+ print
+
+def sendPolicyLabelHtml( ):
+ global xmlError, xmlIncomplete, xmlMessages, formXmlGen
+ global formVmNameDom0, formSteTypes, formChWallTypes
+
+ print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"'
+ print ' "http://www.w3.org/TR/html4/loose.dtd">'
+
+ print '<HTML>'
+
+ sendHtmlHead( )
+
+ print '<BODY>'
+
+ # An input XML file was specified that had errors, output the
+ # error information
+ if xmlError == 1:
+ print '<P>'
+ print 'An error has been encountered while processing the input'
+ print 'XML file:'
+ print '<UL>'
+ for msg in xmlMessages:
+ print '<LI>'
+ print msg
+ print '</UL>'
+ print '</BODY>'
+ print '</HTML>'
+ return
+
+ # When attempting to generate the XML output, all required data was not
+ # present, output the error information
+ if xmlIncomplete == 1:
+ print '<P>'
+ print 'An error has been encountered while validating the data'
+ print 'required for the output XML file:'
+ print '<UL>'
+ for msg in xmlMessages:
+ print '<LI>'
+ print msg
+ print '</UL>'
+ print '</BODY>'
+ print '</HTML>'
+ return
+
+ print '<CENTER>'
+ print '<FORM action="' + os.environ['SCRIPT_NAME'] + '" method="post">'
+ print '<TABLE class="container">'
+ print ' <COLGROUP>'
+ print ' <COL width="100%">'
+ print ' </COLGROUP>'
+
+ print ' <TR>'
+ print ' <TD>'
+ sendHtmlFormVar( formDefaultButton, 'class="hidden"' )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD>'
+ sendHtmlFormVar( formXmlGen )
+ print ' </TD>'
+ print ' </TR>'
+
+ # Policy Labeling header
+ print ' <TR>'
+ print ' <TD>'
+ sendPLHeaderHtml( )
+ print ' </TD>'
+ print ' </TR>'
+
+ # Separator
+ print ' <TR>'
+ print ' <TD>'
+ print ' <HR>'
+ print ' </TD>'
+ print ' </TR>'
+
+ # Policy Labels (vms)
+ print ' <TR>'
+ print ' <TD>'
+ print ' <TABLE class="full">'
+ print ' <TR>'
+ print ' <TD width="100%">'
+ sendPLSubHtml( )
+ print ' </TD>'
+ print ' </TR>'
+ print ' </TABLE>'
+ print ' </TD>'
+ print ' </TR>'
+
+ print '</TABLE>'
+
+ # Send some data that needs to be available across sessions
+ sendHtmlFormVar( formVmNameDom0 )
+ sendHtmlFormVar( formSteTypes )
+ sendHtmlFormVar( formChWallTypes )
+
+ print '</FORM>'
+ print '</CENTER>'
+
+ print '</BODY>'
+
+ print '</HTML>'
+
+def sendHtmlHead( ):
+ global headTitle
+
+ print '<HEAD>'
+ print '<STYLE type="text/css">'
+ print ''
+ print '</STYLE>'
+ print '<TITLE>', headTitle, '</TITLE>'
+ print '</HEAD>'
+
+def sendPLHeaderHtml( ):
+ global formPolicyLabelName, formPolicyLabelDate
+ global formPolicyUrl, formPolicyRef
+ global formPolicyLabelUpdate
+
+ # Policy Labeling header definition
+ print '<TABLE class="full">'
+ print ' <COLGROUP>'
+ print ' <COL width="20%">'
+ print ' <COL width="80%">'
+ print ' </COLGROUP>'
+ print ' <TR>'
+ print ' <TD class="heading" align="center" colspan="2">Policy Labeling Information</TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD align="right">Name:</TD>'
+ print ' <TD align="left">'
+ sendHtmlFormVar( formPolicyLabelName, 'class="full"' )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD align="right">Date:</TD>'
+ print ' <TD align="left">'
+ sendHtmlFormVar( formPolicyLabelDate, 'class="full"' )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD align="right">Policy URL:</TD>'
+ print ' <TD align="left">'
+ sendHtmlFormVar( formPolicyUrl, 'class="full"' )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD align="right">Policy Reference:</TD>'
+ print ' <TD align="left">'
+ sendHtmlFormVar( formPolicyRef, 'class="full"' )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD align="center" colspan="2">'
+ sendHtmlFormVar( formPolicyLabelUpdate )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD align="center" colspan="2" class="subheading">'
+ print ' (The Policy Labeling Information is updated whenever an action is performed'
+ print ' or it can be updated separately using the "Update" button)'
+ print ' </TD>'
+ print ' </TR>'
+ print '</TABLE>'
+
+def sendPLSubHtml( ):
+ global formVmNames, formVmDel, formVmName, formVmAdd
+ global allVmDel, allVmDom0
+ global allVmChWs, allVmChWDel, allVmChW, allVmChWAdd
+ global allVmStes, allVmSteDel, allVmSte, allVmSteAdd
+ global formSteTypes, formChWallTypes
+
+ print '<TABLE class="full">'
+ print ' <COLGROUP>'
+ print ' <COL width="100%">'
+ print ' </COLGROUP>'
+
+ # Virtual Machines...
+ print ' <TR>'
+ print ' <TD>'
+ print ' <TABLE class="full">'
+ print ' <COLGROUP>'
+ print ' <COL width="10%">'
+ print ' <COL width="40%">'
+ print ' <COL width="50%">'
+ print ' </COLGROUP>'
+ print ' <TR>'
+ print ' <TD class="heading" align="center" colspan="3">Virtual Machine Classes</TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD colspan="2">'
+ sendHtmlFormVar( formVmName, 'class="full"' )
+ sendHtmlFormVar( formVmNames )
+ print ' </TD>'
+ print ' <TD> </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD>'
+ sendHtmlFormVar( formVmAdd, 'class="full"' )
+ print ' </TD>'
+ print ' <TD colspan="2">'
+ print ' Create a new VM class with the above name'
+ print ' </TD>'
+ print ' </TR>'
+ print ' </TABLE>'
+ print ' </TD>'
+ print ' </TR>'
+ if len( formVmNames[1] ) > 0:
+ print ' <TR>'
+ print ' <TD colspan="1">'
+ print '  '
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD>'
+ print ' <TABLE class="fullbox">'
+ print ' <COLGROUP>'
+ print ' <COL width="10%">'
+ print ' <COL width="40%">'
+ print ' <COL width="50%">'
+ print ' </COLGROUP>'
+ print ' <THEAD>'
+ print ' <TR>'
+ print ' <TD class="fullbox">Dom 0?</TD>'
+ print ' <TD class="fullbox">Name</TD>'
+ print ' <TD class="fullbox">Actions</TD>'
+ print ' </TR>'
+ print ' </THEAD>'
+ for i, vmName in enumerate( formVmNames[1] ):
+ print ' <TR>'
+ print ' <TD class="fullbox">'
+ if formVmNameDom0[1] == vmName:
+ print 'Yes'
+ else:
+ print ' '
+ print ' </TD>'
+ print ' <TD class="fullbox">' + vmName + '</TD>'
+ print ' <TD class="fullbox">'
+ print ' <A href="#' + vmName + '">Edit</A>'
+ formVar = allVmDel[vmName]
+ sendHtmlFormVar( formVar, 'class="link"' )
+ formVar = allVmDom0[vmName]
+ sendHtmlFormVar( formVar, 'class="link"' )
+ print ' </TD>'
+ print ' </TR>'
+ print ' </TABLE>'
+ print ' </TD>'
+ print ' </TR>'
+ for vmName in formVmNames[1]:
+ print ' <TR>'
+ print ' <TD>'
+ print ' <HR>'
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD>'
+ print ' <TABLE class="full">'
+ print ' <COLGROUP>'
+ print ' <COL width="10%">'
+ print ' <COL width="39%">'
+ print ' <COL width="2%">'
+ print ' <COL width="10%">'
+ print ' <COL width="39%">'
+ print ' </COLGROUP>'
+ print ' <TR>'
+ print ' <TD colspan="5" align="center" class="heading">'
+ print ' <A name="' + vmName + '">Virtual Machine Class: ' + vmName + '</A>'
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD colspan="2" align="center">Simple Type Enforcement Types</TD>'
+ print ' <TD> </TD>'
+ print ' <TD colspan="2" align="center">Chinese Wall Types</TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD colspan="2">'
+ formVar = allVmStes[vmName];
+ sendHtmlFormVar( formVar, 'class="full" size="4" multiple"' )
+ print ' </TD>'
+ print ' <TD> </TD>'
+ print ' <TD colspan="2">'
+ formVar = allVmChWs[vmName];
+ sendHtmlFormVar( formVar, 'class="full" size="4" multiple"' )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD>'
+ formVar = allVmSteDel[vmName];
+ sendHtmlFormVar( formVar, 'class="full"' )
+ print ' </TD>'
+ print ' <TD>'
+ print ' Delete the type(s) selected above'
+ print ' </TD>'
+ print ' <TD> </TD>'
+ print ' <TD>'
+ formVar = allVmChWDel[vmName];
+ sendHtmlFormVar( formVar, 'class="full"' )
+ print ' </TD>'
+ print ' <TD>'
+ print ' Delete the type(s) selected above'
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD colspan="2">'
+ stSet = Set( formSteTypes[1] )
+ vmSet = Set( allVmStes[vmName][1] )
+ formVar = allVmSte[vmName]
+ formVar[1] = []
+ for steType in stSet.difference( vmSet ):
+ formVar[1].append( steType )
+ formVar[1].sort( )
+ sendHtmlFormVar( formVar, 'class="full" size="2" multiple"' )
+ print ' </TD>'
+ print ' <TD> </TD>'
+ print ' <TD colspan="2">'
+ ctSet = Set( formChWallTypes[1] )
+ vmSet = Set( allVmChWs[vmName][1] )
+ formVar = allVmChW[vmName]
+ formVar[1] = []
+ for chwallType in ctSet.difference( vmSet ):
+ formVar[1].append( chwallType )
+ formVar[1].sort( )
+ sendHtmlFormVar( formVar, 'class="full" size="2" multiple"' )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD>'
+ formVar = allVmSteAdd[vmName];
+ sendHtmlFormVar( formVar, 'class="full"' )
+ print ' </TD>'
+ print ' <TD>'
+ print ' Add the type(s) selected above'
+ print ' </TD>'
+ print ' <TD> </TD>'
+ print ' <TD>'
+ formVar = allVmChWAdd[vmName];
+ sendHtmlFormVar( formVar, 'class="full"' )
+ print ' </TD>'
+ print ' <TD>'
+ print ' Add the type(s) selected above'
+ print ' </TD>'
+ print ' </TR>'
+ print ' </TABLE>'
+ print ' </TD>'
+ print ' </TR>'
+
+ print '</TABLE>'
+
+def sendPLObjHtml( ):
+
+ # Resources...
+ print '<TABLE class="full">'
+ print ' <COLGROUP>'
+ print ' <COL width="60%">'
+ print ' <COL width="20%">'
+ print ' <COL width="20%">'
+ print ' </COLGROUP>'
+
+ print ' <TR>'
+ print ' <TD align="center" colspan="3" class="heading">Resources</TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD colspan="2">'
+ #sendHtmlFormVar( formVmNames, 'class="full" size="4" multiple"' )
+ print ' </TD>'
+ print ' <TD>'
+ #sendHtmlFormVar( formVmDel, 'class="full"' )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD colspan="2">'
+ #sendHtmlFormVar( formVmName, 'class="full"' )
+ print ' </TD>'
+ print ' <TD>'
+ #sendHtmlFormVar( formVmAdd, 'class="full"' )
+ print ' </TD>'
+ print ' </TR>'
+ print '</TABLE>'
+
+def checkXmlData( ):
+ global xmlIncomplete
+
+ # Validate the Policy Label Header requirements
+ if ( len( formPolicyLabelName[1] ) == 0 ) or \
+ ( len( formPolicyLabelDate[1] ) == 0 ) or \
+ ( len( formPolicyUrl[1] ) == 0 ) or \
+ ( len( formPolicyRef[1] ) == 0 ):
+ msg = ''
+ msg = msg + 'The XML policy label schema requires that the Policy '
+ msg = msg + 'Labeling Information Name, Date, Policy URL and '
+ msg = msg + 'Policy Reference fields all have values.'
+ formatXmlGenError( msg )
+
+def sendXmlHeaders( ):
+ # HTML headers
+ print 'Content-Type: text/xml'
+ print 'Content-Disposition: attachment; filename=security_label_template.xml'
+ print
+
+def sendPolicyLabelXml( ):
+ print '<?xml version="1.0"?>'
+
+ print '<SecurityLabelTemplate xmlns="http://www.ibm.com"'
+ print ' xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"'
+ print ' xsi:schemaLocation="http://www.ibm.com security_policy.xsd">'
+
+ # Policy Labeling header
+ sendPLHeaderXml( )
+
+ # Policy Labels (subjects and objects)
+ sendPLSubXml( )
+ #sendPLObjXml( )
+
+ print '</SecurityLabelTemplate>'
+
+def sendPLHeaderXml( ):
+ global formPolicyLabelName, formPolicyLabelDate
+ global formPolicyUrl, formPolicyRef
+
+ # Policy Labeling header definition
+ print '<LabelHeader>'
+ print ' <Name>' + formPolicyLabelName[1] + '</Name>'
+ print ' <Date>' + formPolicyLabelDate[1] + '</Date>'
+ print ' <PolicyName>'
+ print ' <Url>' + formPolicyUrl[1] + '</Url>'
+ print ' <Reference>' + formPolicyRef[1] + '</Reference>'
+ print ' </PolicyName>'
+ print '</LabelHeader>'
+
+def sendPLSubXml( ):
+ global formVmNames, allVmChWs, allVmStes
+
+ # Virtual machines...
+ if len( formVmNames[1] ) == 0:
+ return
+
+ print '<SubjectLabels bootstrap="' + formVmNameDom0[1] + '">'
+ for vmName in formVmNames[1]:
+ print ' <VirtualMachineLabel>'
+ print ' <Name>' + vmName + '</Name>'
+ formVar = allVmStes[vmName]
+ if len( formVar[1] ) > 0:
+ print ' <SimpleTypeEnforcementTypes>'
+ for ste in formVar[1]:
+ print ' <Type>' + ste + '</Type>'
+ print ' </SimpleTypeEnforcementTypes>'
+
+ formVar = allVmChWs[vmName]
+ if len( formVar[1] ) > 0:
+ print ' <ChineseWallTypes>'
+ for chw in formVar[1]:
+ print ' <Type>' + chw + '</Type>'
+ print ' </ChineseWallTypes>'
+
+ print ' </VirtualMachineLabel>'
+
+ print '</SubjectLabels>'
+
+
+# Set up initial HTML variables
+headTitle = 'Xen Policy Labeling Generation'
+
+# Form variables
+# The format of these variables is as follows:
+# [ p0, p1, p2, p3, p4, p5 ]
+# p0 = input type
+# p1 = the current value of the variable
+# p2 = the hidden input name attribute
+# p3 = the name attribute
+# p4 = the value attribute
+# p5 = text to associate with the tag
+formPolicyLabelName = [. 'text',
+ '',
+ 'h_policyLabelName',
+ 'i_policyLabelName',
+ '',
+ '',
+ ]
+formPolicyLabelDate = [. 'text',
+ getCurrentTime( ),
+ 'h_policyLabelDate',
+ 'i_policyLabelDate',
+ '',
+ '',
+ ]
+formPolicyUrl = [. 'text',
+ '',
+ 'h_policyUrl',
+ 'i_policyUrl',
+ '',
+ '',
+ ]
+formPolicyRef = [. 'text',
+ '',
+ 'h_policyRef',
+ 'i_policyRef',
+ '',
+ '',
+ ]
+formPolicyLabelUpdate = [. 'button',
+ '',
+ '',
+ 'i_PolicyLabelUpdate',
+ 'Update',
+ '',
+ ]
+
+formVmNames = [ '',
+ [],
+ 'h_vmNames',
+ '',
+ '',
+ '',
+ ]
+formVmDel = [. 'button',
+ '',
+ '',
+ 'i_vmDel',
+ 'Delete',
+ '',
+ ]
+formVmName = [. 'text',
+ '',
+ '',
+ 'i_vmName',
+ '',
+ '',
+ ]
+formVmAdd = [. 'button',
+ '',
+ '',
+ 'i_vmAdd',
+ 'New',
+ '',
+ ]
+
+formVmNameDom0 = [. '',
+ '',
+ 'h_vmDom0',
+ '',
+ '',
+ '',
+ ]
+
+formXmlGen = [. 'button',
+ '',
+ '',
+ 'i_xmlGen',
+ 'Generate XML',
+ '',
+ ]
+
+formDefaultButton = [. 'button',
+ '',
+ '',
+ 'i_defaultButton',
+ '.',
+ '',
+ ]
+
+formSteTypes = [ '',
+ [],
+ 'h_steTypes',
+ '',
+ '',
+ '',
+ ]
+formChWallTypes = [ '',
+ [],
+ 'h_chwallTypes',
+ '',
+ '',
+ '',
+ ]
+
+# This is a set of templates used for each virtual machine
+# Each virtual machine is initially assigned these templates,
+# then each form attribute value is changed to append
+# "_virtual-machine-name" for uniqueness.
+templateVmDel = [. 'button',
+ '',
+ '',
+ 'i_vmDel',
+ 'Delete',
+ '',
+ ]
+templateVmDom0 = [. 'button',
+ '',
+ '',
+ 'i_vmDom0',
+ 'SetDom0',
+ '',
+ ]
+allVmDel = {};
+allVmDom0 = {};
+
+templateVmChWs = [ 'list',
+ [],
+ 'h_vmChWs',
+ 'i_vmChWs',
+ '',
+ '',
+ ]
+templateVmChWDel = [. 'button',
+ '',
+ '',
+ 'i_vmChWDel',
+ 'Delete',
+ '',
+ ]
+templateVmChW = [ 'list',
+ [],
+ '',
+ 'i_vmChW',
+ '',
+ '',
+ ]
+templateVmChWAdd = [. 'button',
+ '',
+ '',
+ 'i_vmChWAdd',
+ 'Add',
+ '',
+ ]
+allVmChWs = {};
+allVmChWDel = {};
+allVmChW = {};
+allVmChWAdd = {};
+
+templateVmStes = [ 'list',
+ [],
+ 'h_vmStes',
+ 'i_vmStes',
+ '',
+ '',
+ ]
+templateVmSteDel = [. 'button',
+ '',
+ '',
+ 'i_vmSteDel',
+ 'Delete',
+ '',
+ ]
+templateVmSte = [ 'list',
+ [],
+ '',
+ 'i_vmSte',
+ '',
+ '',
+ ]
+templateVmSteAdd = [. 'button',
+ '',
+ '',
+ 'i_vmSteAdd',
+ 'Add',
+ '',
+ ]
+allVmStes = {};
+allVmSteDel = {};
+allVmSte = {};
+allVmSteAdd = {};
+
+# A list of all form variables used for saving info across requests
+formVariables = [. formPolicyLabelName,
+ formPolicyLabelDate,
+ formPolicyUrl,
+ formPolicyRef,
+ formVmNames,
+ formVmNameDom0,
+ formSteTypes,
+ formChWallTypes,
+ ]
+
+policyXml = ''
+policyLabelXml = ''
+xmlError = 0
+xmlIncomplete = 0
+xmlMessages = []
+
+
+# Extract any form data
+formData = cgi.FieldStorage( )
+
+# Process the form
+getSavedData( )
+processRequest( )
+
+if formData.has_key( formXmlGen[3] ):
+ # Generate and send the XML file
+ checkXmlData( )
+
+ if xmlIncomplete == 0:
+ sendXmlHeaders( )
+ sendPolicyLabelXml( )
+
+if (not formData.has_key( formXmlGen[3] )) or (xmlIncomplete == 1 ):
+ # Send HTML to continue processing the form
+ sendHtmlHeaders( )
+ sendPolicyLabelHtml( )
diff -r b438b8cb38f8 -r 269abc1e4fa5 tools/security/python/xensec_gen/index.html
--- /dev/null Tue Dec 13 16:08:05 2005
+++ b/tools/security/python/xensec_gen/index.html Tue Dec 13 16:12:59 2005
@@ -0,0 +1,126 @@
+
+
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+ <HEAD>
+ <META name="author" content="Tom Lendacky">
+ <META name="copyright" content="Copyright (C) 2005 International Business Machines Corporation. All rights reserved">
+
+ <STYLE type="text/css">
+ 
+ </STYLE>
+ <TITLE>Xen Security Policy Tool</TITLE>
+ </HEAD>
+
+ <BODY>
+ <H1>Xen Security Policy Generation Tool</H1>
+
+ <CENTER>
+ <FORM action="/cgi-bin/policy.cgi" method="post" enctype="multipart/form-data">
+ <TABLE class="xen">
+ <COLGROUP>
+ <COL width="25%">
+ <COL width="20%">
+ <COL width="55%">
+ </COLGROUP>
+
+ <TR>
+ <TD valign="top" class="heading">
+ Security Policy
+ </TD>
+ <TD valign="top" colspan="2">
+ To generate a new Xen Security Policy leave the
+ <B>"Policy File"</B> entry field
+ empty and click the "Create" button.<BR>
+ To modify an existing Xen Security Policy enter the
+ file name containing the policy in the
+ <B>"Policy File"</B> entry field
+ and click the "Create" button.<HR>
+ </TD>
+ </TR>
+ <TR>
+ <TD></TD>
+ <TD>
+ Policy File:
+ </TD>
+ <TD>
+ <INPUT type="file" size="50" name="i_policy">
+ </TD>
+ </TR>
+ <TR>
+ <TD></TD>
+ <TD valign="top">
+ <INPUT type="submit" name="i_policyCreate" value="Create">
+ </TD>
+ <TD></TD>
+ </TR>
+ </TABLE>
+ </FORM>
+
+ <FORM action="/cgi-bin/policylabel.cgi" method="post" enctype="multipart/form-data">
+ <TABLE class="xen">
+ <COLGROUP>
+ <COL width="25%">
+ <COL width="20%">
+ <COL width="55%">
+ </COLGROUP>
+
+ <TR>
+ <TD valign="top" class="heading">
+ Security Policy Labeling
+ </TD>
+ <TD valign="top" colspan="2">
+ To generate or edit the Xen Security Policy Labeling you <B>must</B>
+ specify the name of
+ an existing Xen Security Policy file in the
+ <B>"Policy File"</B> entry field.<BR>
+ To generate new Xen Security Policy Labeling leave the
+ <B>"Policy Labeling File"</B> entry field
+ empty and click the "Create" button.<BR>
+ To modify existing Xen Security Policy Labeling enter the
+ file name containing the labeling in the
+ <B>"Policy Labeling File"</B> entry field
+ and click the "Create" button.<HR>
+ </TD>
+ </TR>
+ <TR>
+ <TD></TD>
+ <TD>
+ Policy File:
+ </TD>
+ <TD>
+ <INPUT type="file" size="50" name="i_policy">
+ </TD>
+ </TR>
+ <TR>
+ <TD></TD>
+ <TD>
+ Policy Labeling File:
+ </TD>
+ <TD>
+ <INPUT type="file" size="50" name="i_policyLabel">
+ </TD>
+ </TR>
+ <TR>
+ <TD></TD>
+ <TD valign="top">
+ <INPUT type="submit" name="i_policyLabelCreate" value="Create">
+ </TD>
+ <TD></TD>
+ </TR>
+ </TABLE>
+ </FORM>
+ </CENTER>
+ </BODY>
+</HTML>
diff -r b438b8cb38f8 -r 269abc1e4fa5 tools/security/python/xensec_gen/main.py
--- /dev/null Tue Dec 13 16:08:05 2005
+++ b/tools/security/python/xensec_gen/main.py Tue Dec 13 16:12:59 2005
@@ -0,0 +1,185 @@
+#!/usr/bin/python
+#
+# The Initial Developer of the Original Code is International
+# Business Machines Corporation. Portions created by IBM
+# Corporation are Copyright (C) 2005 International Business
+# Machines Corporation. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License,
+# or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+"""Xen security policy generation aid
+"""
+
+import os
+import pwd
+import grp
+import sys
+import getopt
+import BaseHTTPServer
+import CGIHTTPServer
+
+
+gHttpPort = 7777
+gHttpDir = '/var/lib/xensec_gen'
+gLogFile = '/var/log/xensec_gen.log'
+gUser = 'nobody'
+gGroup = 'nobody'
+
+def usage( ):
+ print >>sys.stderr, 'Usage: ' + sys.argv[0] + ' [OPTIONS]'
+ print >>sys.stderr, ' OPTIONS:'
+ print >>sys.stderr, ' -p, --httpport'
+ print >>sys.stderr, ' The port on which the http server is to listen'
+ print >>sys.stderr, ' (default: ' + str( gHttpPort ) + ')'
+ print >>sys.stderr, ' -d, --httpdir'
+ print >>sys.stderr, ' The directory where the http server is to serve pages from'
+ print >>sys.stderr, ' (default: ' + gHttpDir + ')'
+ print >>sys.stderr, ' -l, --logfile'
+ print >>sys.stderr, ' The file in which to log messages generated by this command'
+ print >>sys.stderr, ' (default: ' + gLogFile + ')'
+ print >>sys.stderr, ' -u, --user'
+ print >>sys.stderr, ' The user under which this command is to run. This parameter'
+ print >>sys.stderr, ' is only used when invoked under the "root" user'
+ print >>sys.stderr, ' (default: ' + gUser + ')'
+ print >>sys.stderr, ' -g, --group'
+ print >>sys.stderr, ' The group under which this command is to run. This parameter'
+ print >>sys.stderr, ' is only used when invoked under the "root" user'
+ print >>sys.stderr, ' (default: ' + gGroup + ')'
+ print >>sys.stderr, ' -f'
+ print >>sys.stderr, ' Run the command in the foreground. The logfile option will be'
+ print >>sys.stderr, ' ignored and all output will be directed to stdout and stderr.'
+ print >>sys.stderr, ' -h, --help'
+ print >>sys.stderr, ' Display the command usage information'
+
+def runServer( aServerPort,
+ aServerClass = BaseHTTPServer.HTTPServer,
+ aHandlerClass = CGIHTTPServer.CGIHTTPRequestHandler ):
+ serverAddress = ( '', aServerPort )
+ httpd = aServerClass( serverAddress, aHandlerClass )
+ httpd.serve_forever( )
+
+def daemonize( aHttpDir, aLogFile, aUser, aGroup, aFork = 'true' ):
+ # Do some pre-daemon activities
+ os.umask( 027 )
+ if os.getuid( ) == 0:
+ # If we are running as root, we will change that
+ uid = pwd.getpwnam( aUser )[2]
+ gid = grp.getgrnam( aGroup )[2]
+
+ if aFork == 'true':
+ # Change the owner of the log file to the user/group
+ # under which the daemon is to run
+ flog = open( aLogFile, 'a' )
+ flog.close( )
+ os.chown( aLogFile, uid, gid )
+
+ # Change the uid/gid of the process
+ os.setgid( gid )
+ os.setuid( uid )
+
+ # Change to the HTTP directory
+ os.chdir( aHttpDir )
+
+ if aFork == 'true':
+ # Do first fork
+ try:
+ pid = os.fork( )
+ if pid:
+ # Parent process
+ return pid
+
+ except OSError, e:
+ raise Exception, e
+
+ # First child process, create a new session
+ os.setsid( )
+
+ # Do second fork
+ try:
+ pid = os.fork( )
+ if pid:
+ # Parent process
+ os._exit( 0 )
+
+ except OSError, e:
+ raise Exception, e
+
+ # Reset stdin/stdout/stderr
+ fin = open( '/dev/null', 'r' )
+ flog = open( aLogFile, 'a' )
+ os.dup2( fin.fileno( ), sys.stdin.fileno( ) )
+ os.dup2( flog.fileno( ), sys.stdout.fileno( ) )
+ os.dup2( flog.fileno( ), sys.stderr.fileno( ) )
+
+def main( ):
+ httpPort = gHttpPort
+ httpDir = gHttpDir
+ logFile = gLogFile
+ user = gUser
+ group = gGroup
+ doFork = 'true'
+
+ shortOpts = 'd:p:l:u:g:fh'
+ longOpts = [ 'httpdir=', 'httpport=', 'logfile=', 'user=', 'group=', 'help' ]
+ try:
+ opts, args = getopt.getopt( sys.argv[1:], shortOpts, longOpts )
+
+ except getopt.GetoptError, e:
+ print >>sys.stderr, e
+ usage( )
+ sys.exit( )
+
+ if len( args ) != 0:
+ print >>sys.stderr, 'Error: command arguments are not supported'
+ usage( )
+ sys.exit( )
+
+ for opt, opt_value in opts:
+ if opt in ( '-h', '--help' ):
+ usage( )
+ sys.exit( )
+
+ if opt in ( '-d', '--httpdir' ):
+ httpDir = opt_value
+
+ if opt in ( '-p', '--httpport' ):
+ try:
+ httpPort = int( opt_value )
+ except:
+ print >>sys.stderr, 'Error: HTTP port is not valid'
+ usage( )
+ sys.exit( )
+
+ if opt in ( '-l', '--logfile' ):
+ logFile = opt_value
+
+ if opt in ( '-u', '--user' ):
+ user = opt_value
+
+ if opt in ( '-g', '--group' ):
+ group = opt_value
+
+ if opt in ( '-f' ):
+ doFork = 'false'
+
+ pid = daemonize( httpDir, logFile, user, group, doFork )
+ if pid > 0:
+ sys.exit( )
+
+ runServer( httpPort )
+
+if __name__ == '__main__':
+ main( )
diff -r b438b8cb38f8 -r 269abc1e4fa5 tools/security/xensec_gen.py
--- /dev/null Tue Dec 13 16:08:05 2005
+++ b/tools/security/xensec_gen.py Tue Dec 13 16:12:59 2005
@@ -0,0 +1,26 @@
+#!/usr/bin/python
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License,
+# or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import sys
+
+# Add fallback path for non-native python path installs if needed
+sys.path.append( '/usr/lib/python' )
+sys.path.append( '/usr/lib64/python' )
+
+from xen.xensec_gen import main
+
+main.main( )

_______________________________________________
Xen-changelog mailing list
Xen-changelog@lists.xensource.com
http://lists.xensource.com/xen-changelog