ia64/xen-unstable

changeset 8341:269abc1e4fa5

A new ACM security tool providing support to aid in the
creation/generation of the XML security policy files for the Xen ACM
security architecture. It is a python- based, web-based tool named
xensec_gen that allows users to create or modify XML policy files
through a browser. The resulting XML policy files can then be copied
or moved to the appropriate location in the /etc/xen/acm-security
directory structure in order to be translated into binary and used
within the Xen system.

Signed-off-by: Tom Lendacky <toml@us.ibm.com>
author kaf24@firebug.cl.cam.ac.uk
date Tue Dec 13 17:12:59 2005 +0100 (2005-12-13)
parents b438b8cb38f8
children 3627c3c29b21
files tools/security/Makefile tools/security/example.txt tools/security/python/setup.py tools/security/python/xensec_gen/cgi-bin/policy.cgi tools/security/python/xensec_gen/cgi-bin/policylabel.cgi tools/security/python/xensec_gen/index.html tools/security/python/xensec_gen/main.py tools/security/xensec_gen.py
line diff
     1.1 --- a/tools/security/Makefile	Tue Dec 13 17:08:05 2005 +0100
     1.2 +++ b/tools/security/Makefile	Tue Dec 13 17:12:59 2005 +0100
     1.3 @@ -35,7 +35,7 @@ OBJS_XML2BIN := $(patsubst %.c,%.o,$(fil
     1.4  SRCS_GETD     = get_decision.c
     1.5  OBJS_GETD    := $(patsubst %.c,%.o,$(filter %.c,$(SRCS_GETD)))
     1.6  
     1.7 -ACM_INST_TOOLS    = xensec_tool xensec_xml2bin
     1.8 +ACM_INST_TOOLS    = xensec_tool xensec_xml2bin xensec_gen
     1.9  ACM_NOINST_TOOLS  = get_decision
    1.10  ACM_OBJS          = $(OBJS_TOOL) $(OBJS_XML2BIN) $(OBJS_GETD)
    1.11  ACM_SCRIPTS       = getlabel.sh setlabel.sh updategrub.sh labelfuncs.sh
    1.12 @@ -44,6 +44,12 @@ ACM_CONFIG_DIR    = /etc/xen/acm-securit
    1.13  ACM_POLICY_DIR    = $(ACM_CONFIG_DIR)/policies
    1.14  ACM_SCRIPT_DIR    = $(ACM_CONFIG_DIR)/scripts
    1.15  
    1.16 +ACM_INST_HTML     = python/xensec_gen/index.html
    1.17 +ACM_INST_CGI      = python/xensec_gen/cgi-bin/policy.cgi \
    1.18 +                    python/xensec_gen/cgi-bin/policylabel.cgi
    1.19 +ACM_SECGEN_HTMLDIR= /var/lib/xensec_gen
    1.20 +ACM_SECGEN_CGIDIR = $(ACM_SECGEN_HTMLDIR)/cgi-bin
    1.21 +
    1.22  ACM_SCHEMA        = security_policy.xsd
    1.23  ACM_EXAMPLES      = null chwall ste chwall_ste
    1.24  ACM_POLICY_SUFFIX = security_policy.xml
    1.25 @@ -65,6 +71,15 @@ install: all $(ACM_CONFIG_FILE)
    1.26  	done
    1.27  	$(INSTALL_DIR) -p $(DESTDIR)$(ACM_SCRIPT_DIR)
    1.28  	$(INSTALL_PROG) -p $(ACM_SCRIPTS) $(DESTDIR)$(ACM_SCRIPT_DIR)
    1.29 +	$(INSTALL_DIR) -p $(DESTDIR)$(ACM_SECGEN_HTMLDIR)
    1.30 +	$(INSTALL_DATA) -p $(ACM_INST_HTML) $(DESTDIR)$(ACM_SECGEN_HTMLDIR)
    1.31 +	$(INSTALL_DIR) -p $(DESTDIR)$(ACM_SECGEN_CGIDIR)
    1.32 +	$(INSTALL_PROG) -p $(ACM_INST_CGI) $(DESTDIR)$(ACM_SECGEN_CGIDIR)
    1.33 +ifndef XEN_PYTHON_NATIVE_INSTALL
    1.34 +	python python/setup.py install --home="$(DESTDIR)/usr"
    1.35 +else
    1.36 +	python python/setup.py install --root="$(DESTDIR)"
    1.37 +endif
    1.38  else
    1.39  all:
    1.40  
    1.41 @@ -72,22 +87,27 @@ install:
    1.42  endif
    1.43  
    1.44  build: mk-symlinks $(ACM_INST_TOOLS) $(ACM_NOINST_TOOLS)
    1.45 +	python python/setup.py build
    1.46  	chmod 700 $(ACM_SCRIPTS)
    1.47  
    1.48  xensec_tool: $(OBJS_TOOL)
    1.49 -	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
    1.50 +	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
    1.51  
    1.52  xensec_xml2bin: $(OBJS_XML2BIN)
    1.53 -	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
    1.54 +	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
    1.55  
    1.56  get_decision: $(OBJS_GETD)
    1.57 -	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
    1.58 +	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
    1.59 +
    1.60 +xensec_gen: xensec_gen.py
    1.61 +	cp -f $^ $@
    1.62  
    1.63  clean:
    1.64  	$(RM) $(ACM_INST_TOOLS) $(ACM_NOINST_TOOLS)
    1.65  	$(RM) $(ACM_OBJS)
    1.66  	$(RM) $(PROG_DEPS)
    1.67  	$(RM) -r xen
    1.68 +	$(RM) -r build
    1.69  
    1.70  mrproper: clean
    1.71  
     2.1 --- a/tools/security/example.txt	Tue Dec 13 17:08:05 2005 +0100
     2.2 +++ b/tools/security/example.txt	Tue Dec 13 17:12:59 2005 +0100
     2.3 @@ -271,3 +271,112 @@ xensec_xml2bin is written against this s
     2.4  
     2.5  If you keep to the security policy schema, then you can use all the
     2.6  tools described above. Refer to install.txt to install it.
     2.7 +
     2.8 +You can hand-edit the xml files to create your policy or you can use the
     2.9 +xensec_gen utility.
    2.10 +
    2.11 +
    2.12 +5. Generating policy files using xensec_gen:
    2.13 +============================================
    2.14 +
    2.15 +The xensec_gen utility starts a web-server that can be used to generate the
    2.16 +XML policy files needed to create a policy.
    2.17 +
    2.18 +By default, xensec_gen runs as a daemon and listens on port 7777 for HTTP
    2.19 +requests.  The xensec_gen command supports command line options to change the
    2.20 +listen port, run in the foreground, and a few others.  Type 'xensec_gen -h'
    2.21 +to see the full list of options available.
    2.22 +
    2.23 +Once the xensec_gen utility is running, point a browser at the host and port
    2.24 +on which the utility is running (e.g. http://localhost:7777/).  You will be
    2.25 +presented with a web page that allows you to create or modify the XML policy
    2.26 +files:
    2.27 +
    2.28 +  - The Security Policy section allows you to create or modify a policy
    2.29 +    definition file
    2.30 +
    2.31 +  - The Security Policy Labeling section allows you to create or modify a
    2.32 +    label template definition file
    2.33 +
    2.34 +  Security Policy:
    2.35 +  ----------------
    2.36 +  The Security Policy section allows you to modify an existing policy definition
    2.37 +  file or create a new policy definition file.  To modify an existing policy
    2.38 +  definition, enter the full path to the existing file (the "Browse" button can
    2.39 +  be used to aid in this) in the Policy File entry field.  To create a new
    2.40 +  policy definition file leave the Policy File entry field blank.  At this point
    2.41 +  click the "Create" button to begin modifying or creating your policy definition.
    2.42 +
    2.43 +  You will then be presented with a web page that will allow you to create either
    2.44 +  Simple Type Enforcement types or Chinese Wall types or both.
    2.45 +
    2.46 +  As an example:
    2.47 +    - To add a Simple Type Enforcement type:
    2.48 +      - Enter the name of a new type under the Simple Type Enforcement Types
    2.49 +        section in the entry field above the "New" button.
    2.50 +      - Click the "New" button and the type will be added to the list of defined
    2.51 +        Simple Type Enforcement types.
    2.52 +    - To remove a Simple Type Enforcement type:
    2.53 +      - Click on the type to be removed in the list of defined Simple Type
    2.54 +        Enforcement types.
    2.55 +      - Click the "Delete" button to remove the type.
    2.56 +
    2.57 +  Follow the same process to add Chinese Wall types.  If you define Chinese Wall
    2.58 +  types you need to define at least one Chinese Wall Conflict Set.  The Chinese
    2.59 +  Wall Conflict Set will allow you to add Chinese Wall types from the list of
    2.60 +  defined Chinese Wall types.
    2.61 +
    2.62 +  To create your policy definition file, click on the "Generate XML" button on
    2.63 +  the top of the page.  This will present you with a dialog box to save the
    2.64 +  generated XML file on your system.  The default name will be security_policy.xml
    2.65 +  which you should change to follow the policy file naming conventions based on
    2.66 +  the policy name that you choose to use.
    2.67 +
    2.68 +  To get a feel for the tool, you could use one of the example policy definition
    2.69 +  files from /etc/xen/acm-security/policies as input.
    2.70 +
    2.71 +
    2.72 +  Security Policy Labeling:
    2.73 +  -------------------------
    2.74 +  The Security Policy Labeling section allows you to modify an existing label
    2.75 +  template definition file or create a new label template definition file.  To
    2.76 +  modify an existing label template definition, enter the full path to the
    2.77 +  existing file (the "Browse" button can be used to aid in this) in the Policy
    2.78 +  Labeling File entry field.  Whether creating a new label template definition
    2.79 +  file or modifying an existing one, you will need to specify the policy
    2.80 +  definition file that is or will be associated with this label template
    2.81 +  definition file.  At this point click the "Create" button to begin modifying
    2.82 +  or creating your label template definition file.
    2.83 +
    2.84 +  You will then be presented with a web page that will allow you to create labels
    2.85 +  for classes of virtual machines.  The input policy definition file will provide
    2.86 +  the available types (Simple Type Enforcement and/or Chinese Wall) that can be
    2.87 +  assigned to a virtual machine class.
    2.88 +
    2.89 +  As an example:
    2.90 +    - To add a Virtual Machine class (the name entered will become the label
    2.91 +      that will be used to identify the class):
    2.92 +      - Enter the name of a new class under the Virtual Machine Classes section
    2.93 +        in the entry field above the "New" button.
    2.94 +      - Click the "New" button and the class will be added to the table of defined
    2.95 +        Virtual Machine classes.
    2.96 +    - To remove a Virtual Machine class:
    2.97 +      - Click the "Delete" link associated with the class in the table of Virtual
    2.98 +        Machine classes.
    2.99 +
   2.100 +  Once you have defined one or more Virtual Machine classes, you will be able to
   2.101 +  add any of the defined Simple Type Enforcement types or Chinese Wall types to a
   2.102 +  particular Virtual Machine.
   2.103 +
   2.104 +  You must also define which Virtual Machine class is to be associated with the
   2.105 +  bootstrap domain (or Dom0 domain).  By default, the first Virtual Machine class
   2.106 +  created will be associated as the bootstrap domain.
   2.107 +
   2.108 +  To create your label template definition file, click on the "Generate XML" button
   2.109 +  on the top of the page.  This will present you with a dialog box to save the
   2.110 +  generated XML file on your system.  The default name will be
   2.111 +  security_label_template.xml which you should change to follow the policy file
   2.112 +  naming conventions based on the policy name that you choose to use.
   2.113 +
   2.114 +  To get a feel for the tool, you could use one of the example policy definition
   2.115 +  and label template definition files from /etc/xen/acm-security/policies as input.
     3.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     3.2 +++ b/tools/security/python/setup.py	Tue Dec 13 17:12:59 2005 +0100
     3.3 @@ -0,0 +1,30 @@
     3.4 +#!/usr/bin/python
     3.5 +#
     3.6 +# This program is free software; you can redistribute it and/or modify
     3.7 +# it under the terms of the GNU General Public License as published by
     3.8 +# the Free Software Foundation; either version 2 of the License,
     3.9 +# or (at your option) any later version.
    3.10 +#
    3.11 +# This program is distributed in the hope that it will be useful,
    3.12 +# but WITHOUT ANY WARRANTY; without even the implied warranty of
    3.13 +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    3.14 +# GNU General Public License for more details.
    3.15 +#
    3.16 +# You should have received a copy of the GNU General Public License
    3.17 +# along with this program; if not, write to the Free Software
    3.18 +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
    3.19 +#
    3.20 +
    3.21 +from distutils.core import setup
    3.22 +import os
    3.23 +
    3.24 +# This setup script is invoked from the parent directory, so base
    3.25 +#   everything as if executing from there.
    3.26 +XEN_ROOT = "../.."
    3.27 +
    3.28 +setup(name            = 'xensec_gen',
    3.29 +      version         = '3.0',
    3.30 +      description     = 'Xen XML Security Policy Generator',
    3.31 +      package_dir     = { 'xen' : 'python' },
    3.32 +      packages        = ['xen.xensec_gen'],
    3.33 +      )
     4.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     4.2 +++ b/tools/security/python/xensec_gen/cgi-bin/policy.cgi	Tue Dec 13 17:12:59 2005 +0100
     4.3 @@ -0,0 +1,1325 @@
     4.4 +#!/usr/bin/python
     4.5 +#
     4.6 +# The Initial Developer of the Original Code is International
     4.7 +# Business Machines Corporation. Portions created by IBM
     4.8 +# Corporation are Copyright (C) 2005 International Business
     4.9 +# Machines Corporation. All Rights Reserved.
    4.10 +#
    4.11 +# This program is free software; you can redistribute it and/or modify
    4.12 +# it under the terms of the GNU General Public License as published by
    4.13 +# the Free Software Foundation; either version 2 of the License,
    4.14 +# or (at your option) any later version.
    4.15 +#
    4.16 +# This program is distributed in the hope that it will be useful,
    4.17 +# but WITHOUT ANY WARRANTY; without even the implied warranty of
    4.18 +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    4.19 +# GNU General Public License for more details.
    4.20 +#
    4.21 +# You should have received a copy of the GNU General Public License
    4.22 +# along with this program; if not, write to the Free Software
    4.23 +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
    4.24 +#
    4.25 +
    4.26 +import os
    4.27 +import cgi
    4.28 +import cgitb; cgitb.enable( )
    4.29 +import time
    4.30 +import xml.dom.minidom
    4.31 +import xml.sax
    4.32 +import xml.sax.handler
    4.33 +from StringIO import StringIO
    4.34 +from sets import Set
    4.35 +
    4.36 +def getSavedData( ):
    4.37 +	global formData, policyXml, formVariables, formCSNames
    4.38 +	global templateCSMTypes, templateCSMDel, templateCSMType, templateCSMAdd
    4.39 +	global allCSMTypes
    4.40 +
    4.41 +	# Process the XML upload policy file
    4.42 +	if formData.has_key( 'i_policy' ):
    4.43 +		dataList = formData.getlist( 'i_policy' )
    4.44 +		if len( dataList ) > 0:
    4.45 +			policyXml  = dataList[0]
    4.46 +
    4.47 +	# Process all the hidden input variables (if present)
    4.48 +	for formVar in formVariables:
    4.49 +		if formVar[2] == '':
    4.50 +			continue
    4.51 +
    4.52 +		if formData.has_key( formVar[2] ):
    4.53 +			dataList = formData.getlist( formVar[2] )
    4.54 +			if len( dataList ) > 0:
    4.55 +				if isinstance( formVar[1], list ):
    4.56 +					exec 'formVar[1] = ' + dataList[0]
    4.57 +				else:
    4.58 +					formVar[1] = dataList[0]
    4.59 +
    4.60 +	# The form can contain any number of "Conflict Sets"
    4.61 +	#   so update the list of form variables to include
    4.62 +	#   each conflict set (hidden input variable)
    4.63 +	for csName in formCSNames[1]:
    4.64 +		newCS( csName )
    4.65 +		if formData.has_key( allCSMTypes[csName][2] ):
    4.66 +			dataList = formData.getlist( allCSMTypes[csName][2] )
    4.67 +			if len( dataList ) > 0:
    4.68 +				exec 'allCSMTypes[csName][1] = ' + dataList[0]
    4.69 +
    4.70 +def getCurrentTime( ):
    4.71 +	return time.strftime( '%Y-%m-%d %H:%M:%S', time.localtime( ) )
    4.72 +
    4.73 +def getName( domNode ):
    4.74 +	nameNodes = domNode.getElementsByTagName( 'Name' )
    4.75 +	if len( nameNodes ) == 0:
    4.76 +		formatXmlError( '"<Name>" tag is missing' )
    4.77 +		return None
    4.78 +
    4.79 +	name = ''
    4.80 +	for childNode in nameNodes[0].childNodes:
    4.81 +		if childNode.nodeType == xml.dom.Node.TEXT_NODE:
    4.82 +			name = name + childNode.data
    4.83 +
    4.84 +	return name
    4.85 +
    4.86 +def getDate( domNode ):
    4.87 +	dateNodes = domNode.getElementsByTagName( 'Date' )
    4.88 +	if len( dateNodes ) == 0:
    4.89 +		formatXmlError( '"<Date>" tag is missing' )
    4.90 +		return None
    4.91 +
    4.92 +	date = ''
    4.93 +	for childNode in dateNodes[0].childNodes:
    4.94 +		if childNode.nodeType == xml.dom.Node.TEXT_NODE:
    4.95 +			date = date + childNode.data
    4.96 +
    4.97 +	return date
    4.98 +
    4.99 +def getSteTypes( domNode, missingIsError = 0 ):
   4.100 +	steNodes = domNode.getElementsByTagName( 'SimpleTypeEnforcementTypes' )
   4.101 +	if len( steNodes ) == 0:
   4.102 +		if missingIsError == 1:
   4.103 +			formatXmlError( '"<SimpleTypeEnforcementTypes>" tag is missing' )
   4.104 +			return None
   4.105 +		else:
   4.106 +			return []
   4.107 +
   4.108 +	return getTypes( steNodes[0] )
   4.109 +
   4.110 +def getChWTypes( domNode, missingIsError = 0 ):
   4.111 +	chwNodes = domNode.getElementsByTagName( 'ChineseWallTypes' )
   4.112 +	if len( chwNodes ) == 0:
   4.113 +		if missingIsError == 1:
   4.114 +			formatXmlError( '"<ChineseWallTypes>" tag is missing' )
   4.115 +			return None
   4.116 +		else:
   4.117 +			return []
   4.118 +
   4.119 +	return getTypes( chwNodes[0] )
   4.120 +
   4.121 +def getTypes( domNode ):
   4.122 +	types = []
   4.123 +
   4.124 +	domNodes = domNode.getElementsByTagName( 'Type' )
   4.125 +	if len( domNodes ) == 0:
   4.126 +		formatXmlError( '"<Type>" tag is missing' )
   4.127 +		return None
   4.128 +
   4.129 +	for domNode in domNodes:
   4.130 +		typeText = ''
   4.131 +		for childNode in domNode.childNodes:
   4.132 +			if childNode.nodeType == xml.dom.Node.TEXT_NODE:
   4.133 +				typeText = typeText + childNode.data
   4.134 +
   4.135 +		if typeText == '':
   4.136 +			formatXmlError( 'No text associated with the "<Type>" tag' )
   4.137 +			return None
   4.138 +
   4.139 +		types.append( typeText )
   4.140 +
   4.141 +	return types
   4.142 +
   4.143 +def formatXmlError( msg, xml = '', lineNum = -1, colNum = -1 ):
   4.144 +	global xmlMessages, xmlError
   4.145 +
   4.146 +	xmlError = 1
   4.147 +	addMsg = cgi.escape( msg )
   4.148 +
   4.149 +	if lineNum != -1:
   4.150 +		sio = StringIO( xml )
   4.151 +		for xmlLine in sio:
   4.152 +			lineNum = lineNum - 1
   4.153 +			if lineNum == 0:
   4.154 +				break;
   4.155 +
   4.156 +		addMsg += '<BR><PRE>' + cgi.escape( xmlLine.rstrip( ) )
   4.157 +
   4.158 +		if colNum != -1:
   4.159 +			errLine = ''
   4.160 +			for i in range( colNum ):
   4.161 +				errLine = errLine + '-'
   4.162 +
   4.163 +			addMsg += '\n' + errLine + '^'
   4.164 +
   4.165 +		addMsg += '</PRE>'
   4.166 +
   4.167 +	xmlMessages.append( addMsg )
   4.168 +
   4.169 +def formatXmlGenError( msg ):
   4.170 +	global xmlMessages, xmlIncomplete
   4.171 +
   4.172 +	xmlIncomplete = 1
   4.173 +	xmlMessages.append( cgi.escape( msg ) )
   4.174 +
   4.175 +def parseXml( xmlInput ):
   4.176 +	global xmlMessages, xmlError, xmlLine, xmlColumn
   4.177 +
   4.178 +	xmlParser  = xml.sax.make_parser( )
   4.179 +	try:
   4.180 +		domDoc = xml.dom.minidom.parseString( xmlInput, xmlParser )
   4.181 +
   4.182 +	except xml.sax.SAXParseException, xmlErr:
   4.183 +		msg = ''
   4.184 +		msg = msg + 'XML parsing error occurred at line '
   4.185 +		msg = msg + `xmlErr.getLineNumber( )`
   4.186 +		msg = msg + ', column '
   4.187 +		msg = msg + `xmlErr.getColumnNumber( )`
   4.188 +		msg = msg + ': reason = "'
   4.189 +		msg = msg + xmlErr.getMessage( )
   4.190 +		msg = msg + '"'
   4.191 +		formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), xmlErr.getColumnNumber( ) )
   4.192 +		return None
   4.193 +
   4.194 +	except xml.sax.SAXException, xmlErr:
   4.195 +		msg = ''
   4.196 +		msg = msg + 'XML Parsing error: ' + `xmlErr`
   4.197 +		formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), xmlErr.getColumnNumber( ) )
   4.198 +		return None
   4.199 +
   4.200 +	return domDoc
   4.201 +
   4.202 +def parsePolicyXml( ):
   4.203 +	global policyXml
   4.204 +	global formPolicyName, formPolicyDate, formPolicyOrder
   4.205 +	global formSteTypes, formChWallTypes
   4.206 +	global allCSMTypes
   4.207 +
   4.208 +	domDoc = parseXml( policyXml )
   4.209 +	if domDoc == None:
   4.210 +		return
   4.211 +
   4.212 +	domRoot    = domDoc.documentElement
   4.213 +	domHeaders = domRoot.getElementsByTagName( 'PolicyHeader' )
   4.214 +	if len( domHeaders ) == 0:
   4.215 +		msg = ''
   4.216 +		msg = msg + '"<PolicyHeader>" tag is missing.\n'
   4.217 +		msg = msg + 'Please validate the Policy file used.'
   4.218 +		formatXmlError( msg )
   4.219 +		return
   4.220 +
   4.221 +	pName = getName( domHeaders[0] )
   4.222 +	if pName == None:
   4.223 +		msg = ''
   4.224 +		msg = msg + 'Error processing the Policy header information.\n'
   4.225 +		msg = msg + 'Please validate the Policy file used.'
   4.226 +		formatXmlError( msg )
   4.227 +		return
   4.228 +
   4.229 +	formPolicyName[1] = pName
   4.230 +
   4.231 +	pDate = getDate( domHeaders[0] )
   4.232 +	if pDate == None:
   4.233 +		msg = ''
   4.234 +		msg = msg + 'Error processing the Policy header information.\n'
   4.235 +		msg = msg + 'Please validate the Policy file used.'
   4.236 +		formatXmlError( msg )
   4.237 +		return
   4.238 +
   4.239 +	formPolicyDate[1] = pDate
   4.240 +
   4.241 +	pOrder = ''
   4.242 +	domStes = domRoot.getElementsByTagName( 'SimpleTypeEnforcement' )
   4.243 +	if len( domStes ) > 0:
   4.244 +		if domStes[0].hasAttribute( 'priority' ):
   4.245 +			if domStes[0].getAttribute( 'priority' ) != 'PrimaryPolicyComponent':
   4.246 +				msg = ''
   4.247 +				msg = msg + 'Error processing the "<SimpleTypeEnforcement>" tag.\n'
   4.248 +				msg = msg + 'The "priority" attribute value is not valid.\n'
   4.249 +				msg = msg + 'Please validate the Policy file used.'
   4.250 +				formatXmlError( msg )
   4.251 +				return
   4.252 +
   4.253 +			pOrder = 'v_Ste'
   4.254 +
   4.255 +		steTypes = getSteTypes( domStes[0], 1 )
   4.256 +		if steTypes == None:
   4.257 +			msg = ''
   4.258 +			msg = msg + 'Error processing the SimpleTypeEnforcement types.\n'
   4.259 +			msg = msg + 'Please validate the Policy file used.'
   4.260 +			formatXmlError( msg )
   4.261 +			return
   4.262 +
   4.263 +		formSteTypes[1] = steTypes
   4.264 +
   4.265 +	domChWalls = domRoot.getElementsByTagName( 'ChineseWall' )
   4.266 +	if len( domChWalls ) > 0:
   4.267 +		if domChWalls[0].hasAttribute( 'priority' ):
   4.268 +			if domChWalls[0].getAttribute( 'priority' ) != 'PrimaryPolicyComponent':
   4.269 +				msg = ''
   4.270 +				msg = msg + 'Error processing the "<ChineseWall>" tag.\n'
   4.271 +				msg = msg + 'The "priority" attribute value is not valid.\n'
   4.272 +				msg = msg + 'Please validate the Policy file used.'
   4.273 +				formatXmlError( msg )
   4.274 +				return
   4.275 +
   4.276 +			if pOrder != '':
   4.277 +				msg = ''
   4.278 +				msg = msg + 'Error processing the "<ChineseWall>" tag.\n'
   4.279 +				msg = msg + 'The "priority" attribute has been previously specified.\n'
   4.280 +				msg = msg + 'Please validate the Policy file used.'
   4.281 +				formatXmlError( msg )
   4.282 +				return
   4.283 +
   4.284 +			pOrder = 'v_ChWall'
   4.285 +
   4.286 +		chwTypes = getChWTypes( domChWalls[0], 1 )
   4.287 +		if chwTypes == None:
   4.288 +			msg = ''
   4.289 +			msg = msg + 'Error processing the ChineseWall types.\n'
   4.290 +			msg = msg + 'Please validate the Policy file used.'
   4.291 +			formatXmlError( msg )
   4.292 +			return
   4.293 +
   4.294 +		formChWallTypes[1] = chwTypes
   4.295 +
   4.296 +		csNodes = domChWalls[0].getElementsByTagName( 'ConflictSets' )
   4.297 +		if len( csNodes ) == 0:
   4.298 +			msg = ''
   4.299 +			msg = msg + 'Required "<ConflictSets>" tag missing.\n'
   4.300 +			msg = msg + 'Please validate the Policy file used.'
   4.301 +			formatXmlError( msg )
   4.302 +			return
   4.303 +
   4.304 +		cNodes = csNodes[0].getElementsByTagName( 'Conflict' )
   4.305 +		if len( cNodes ) == 0:
   4.306 +			msg = ''
   4.307 +			msg = msg + 'Required "<Conflict>" tag missing.\n'
   4.308 +			msg = msg + 'Please validate the Policy file used.'
   4.309 +			formatXmlError( msg )
   4.310 +			return
   4.311 +
   4.312 +		for cNode in cNodes:
   4.313 +			csName = cNode.getAttribute( 'name' )
   4.314 +			newCS( csName, 1 )
   4.315 +
   4.316 +			csMemberList = getTypes( cNode )
   4.317 +			if csMemberList == None:
   4.318 +				msg = ''
   4.319 +				msg = msg + 'Error processing the Conflict Set members.\n'
   4.320 +				msg = msg + 'Please validate the Policy file used.'
   4.321 +				formatXmlError( msg )
   4.322 +				return
   4.323 +
   4.324 +			# Verify the conflict set members are valid types
   4.325 +			ctSet = Set( formChWallTypes[1] )
   4.326 +			csSet = Set( csMemberList )
   4.327 +			if not csSet.issubset( ctSet ):
   4.328 +				msg = ''
   4.329 +				msg = msg + 'Error processing Conflict Set "' + csName + '".\n'
   4.330 +				msg = msg + 'Members of the conflict set are not valid '
   4.331 +				msg = msg + 'Chinese Wall types.\n'
   4.332 +				msg = msg + 'Please validate the Policy file used.'
   4.333 +				formatXmlError( msg )
   4.334 +
   4.335 +			allCSMTypes[csName][1] = csMemberList
   4.336 +
   4.337 +	if pOrder != '':
   4.338 +		formPolicyOrder[1] = pOrder
   4.339 +	else:
   4.340 +		if (len( domStes ) > 0) or (len( domChWalls ) > 0):
   4.341 +			msg = ''
   4.342 +			msg = msg + 'The "priority" attribute has not been specified.\n'
   4.343 +			msg = msg + 'It must be specified on one of the access control types.\n'
   4.344 +			msg = msg + 'Please validate the Policy file used.'
   4.345 +			formatXmlError( msg )
   4.346 +			return
   4.347 +
   4.348 +def modFormTemplate( formTemplate, suffix ):
   4.349 +	formVar = [x for x in formTemplate]
   4.350 +
   4.351 +	if formVar[2] != '':
   4.352 +		formVar[2] = formVar[2] + suffix
   4.353 +	if formVar[3] != '':
   4.354 +		formVar[3] = formVar[3] + suffix
   4.355 +	if (formVar[0] != 'button') and (formVar[4] != ''):
   4.356 +		formVar[4] = formVar[4] + suffix
   4.357 +
   4.358 +	return formVar;
   4.359 +
   4.360 +def removeDups( curList ):
   4.361 +	newList = []
   4.362 +	curSet  = Set( curList )
   4.363 +	for x in curSet:
   4.364 +		newList.append( x )
   4.365 +	newList.sort( )
   4.366 +
   4.367 +	return newList
   4.368 +
   4.369 +def newCS( csName, addToList = 0 ):
   4.370 +	global formCSNames
   4.371 +	global templateCSDel, allCSDel
   4.372 +	global templateCSMTypes, templateCSMDel, templateCSMType, templateCSMAdd
   4.373 +	global allCSMTypes, allCSMDel, allCSMType, allCSMAdd
   4.374 +
   4.375 +	csSuffix = '_' + csName
   4.376 +
   4.377 +	# Make sure we have an actual name and check one of the 'all'
   4.378 +	# variables to be sure it hasn't been previously defined
   4.379 +	if (len( csName ) > 0) and (not allCSMTypes.has_key( csName )):
   4.380 +		allCSDel[csName]    = modFormTemplate( templateCSDel,    csSuffix )
   4.381 +		allCSMTypes[csName] = modFormTemplate( templateCSMTypes, csSuffix )
   4.382 +		allCSMDel[csName]   = modFormTemplate( templateCSMDel,   csSuffix )
   4.383 +		allCSMType[csName]  = modFormTemplate( templateCSMType,  csSuffix )
   4.384 +		allCSMAdd[csName]   = modFormTemplate( templateCSMAdd,   csSuffix )
   4.385 +		if addToList == 1:
   4.386 +			formCSNames[1].append( csName )
   4.387 +			formCSNames[1] = removeDups( formCSNames[1] )
   4.388 +
   4.389 +def updateInfo( ):
   4.390 +	global formData, formPolicyName, formPolicyDate, formPolicyOrder
   4.391 +
   4.392 +	if formData.has_key( formPolicyName[3] ):
   4.393 +		formPolicyName[1] = formData[formPolicyName[3]].value
   4.394 +	elif formData.has_key( formPolicyUpdate[3] ):
   4.395 +		formPolicyName[1] = ''
   4.396 +
   4.397 +	if formData.has_key( formPolicyDate[3] ):
   4.398 +		formPolicyDate[1] = formData[formPolicyDate[3]].value
   4.399 +	elif formData.has_key( formPolicyUpdate[3] ):
   4.400 +		formPolicyDate[1] = ''
   4.401 +
   4.402 +	if formData.has_key( formPolicyOrder[3] ):
   4.403 +		formPolicyOrder[1] = formData[formPolicyOrder[3]].value
   4.404 +
   4.405 +def addSteType( ):
   4.406 +	global formData, formSteType, formSteTypes
   4.407 +
   4.408 +	if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( formSteAdd[3] )):
   4.409 +		if formData.has_key( formSteType[3] ):
   4.410 +			type = formData[formSteType[3]].value
   4.411 +			type = type.strip( )
   4.412 +			if len( type ) > 0:
   4.413 +				formSteTypes[1].append( type )
   4.414 +				formSteTypes[1] = removeDups( formSteTypes[1] )
   4.415 +
   4.416 +
   4.417 +def delSteType( ):
   4.418 +	global formData, formSteTypes
   4.419 +
   4.420 +	if formData.has_key( formSteTypes[3] ):
   4.421 +		typeList = formData.getlist( formSteTypes[3] )
   4.422 +		for type in typeList:
   4.423 +			type = type.strip( )
   4.424 +			formSteTypes[1].remove( type )
   4.425 +
   4.426 +def addChWallType( ):
   4.427 +	global formData, formChWallType, formChWallTypes
   4.428 +
   4.429 +	if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( formChWallAdd[3] )):
   4.430 +		if formData.has_key( formChWallType[3] ):
   4.431 +			type = formData[formChWallType[3]].value
   4.432 +			type = type.strip( )
   4.433 +			if len( type ) > 0:
   4.434 +				formChWallTypes[1].append( type )
   4.435 +				formChWallTypes[1] = removeDups( formChWallTypes[1] )
   4.436 +
   4.437 +def delChWallType( ):
   4.438 +	global formData, formChWallTypes
   4.439 +
   4.440 +	if formData.has_key( formChWallTypes[3] ):
   4.441 +		typeList = formData.getlist( formChWallTypes[3] )
   4.442 +		for type in typeList:
   4.443 +			type = type.strip( )
   4.444 +			formChWallTypes[1].remove( type )
   4.445 +
   4.446 +def addCS( ):
   4.447 +	global formData, formCSNames
   4.448 +
   4.449 +	if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( formCSAdd[3] )):
   4.450 +		if formData.has_key( formCSName[3] ):
   4.451 +			csName = formData[formCSName[3]].value
   4.452 +			csName = csName.strip( )
   4.453 +			newCS( csName, 1 )
   4.454 +
   4.455 +def delCS( csName ):
   4.456 +	global formData, formCSNames, allCSDel
   4.457 +	global allCSMTypes, allCSMDel, allCSMType, allCSMAdd
   4.458 +
   4.459 +	csName = csName.strip( )
   4.460 +	formCSNames[1].remove( csName )
   4.461 +	del allCSDel[csName]
   4.462 +	del allCSMTypes[csName]
   4.463 +	del allCSMDel[csName]
   4.464 +	del allCSMType[csName]
   4.465 +	del allCSMAdd[csName]
   4.466 +
   4.467 +def addCSMember( csName ):
   4.468 +	global formData, allCSMType, allCSMTypes
   4.469 +
   4.470 +	formVar = allCSMType[csName]
   4.471 +	if formData.has_key( formVar[3] ):
   4.472 +		csmList = formData.getlist( formVar[3] )
   4.473 +		formVar = allCSMTypes[csName]
   4.474 +		for csm in csmList:
   4.475 +			csm = csm.strip( )
   4.476 +			formVar[1].append( csm )
   4.477 +			formVar[1] = removeDups( formVar[1] )
   4.478 +
   4.479 +def delCSMember( csName ):
   4.480 +	global formData, allCSMTypes
   4.481 +
   4.482 +	formVar = allCSMTypes[csName]
   4.483 +	if formData.has_key( formVar[3] ):
   4.484 +		csmList = formData.getlist( formVar[3] )
   4.485 +		for csm in csmList:
   4.486 +			csm = csm.strip( )
   4.487 +			formVar[1].remove( csm )
   4.488 +
   4.489 +def processRequest( ):
   4.490 +	global policyXml
   4.491 +	global formData, formPolicyUpdate
   4.492 +	global formSteAdd, formSteDel
   4.493 +	global formChWallAdd, formChWallDel
   4.494 +	global formCSAdd, allCSDel
   4.495 +	global formCSNames, allCSMAdd, allCSMDel
   4.496 +
   4.497 +	if policyXml != '':
   4.498 +		parsePolicyXml( )
   4.499 +
   4.500 +	# Allow the updating of the header information whenever
   4.501 +	# an action is performed
   4.502 +	updateInfo( )
   4.503 +
   4.504 +	# Allow the adding of types/sets if the user has hit the
   4.505 +	# enter key when attempting to add a type/set
   4.506 +	addSteType( )
   4.507 +	addChWallType( )
   4.508 +	addCS( )
   4.509 +
   4.510 +	if formData.has_key( formSteDel[3] ):
   4.511 +		delSteType( )
   4.512 +
   4.513 +	elif formData.has_key( formChWallDel[3] ):
   4.514 +		delChWallType( )
   4.515 +
   4.516 +	else:
   4.517 +		for csName in formCSNames[1]:
   4.518 +			if formData.has_key( allCSDel[csName][3] ):
   4.519 +				delCS( csName )
   4.520 +				continue
   4.521 +
   4.522 +			if formData.has_key( allCSMAdd[csName][3] ):
   4.523 +				addCSMember( csName )
   4.524 +
   4.525 +			elif formData.has_key( allCSMDel[csName][3] ):
   4.526 +				delCSMember( csName )
   4.527 +
   4.528 +def makeName( name, suffix='' ):
   4.529 +	rName = name
   4.530 +	if suffix != '':
   4.531 +		rName = rName + '_' + suffix
   4.532 +
   4.533 +	return rName
   4.534 +
   4.535 +def makeNameAttr( name, suffix='' ):
   4.536 +	return 'name="' + makeName( name, suffix ) + '"'
   4.537 +
   4.538 +def makeValue( value, suffix='' ):
   4.539 +	rValue = value
   4.540 +
   4.541 +	if isinstance( value, list ):
   4.542 +		rValue = '['
   4.543 +		for val in value:
   4.544 +			rValue = rValue + '\'' + val
   4.545 +			if suffix != '':
   4.546 +				rValue = rValue + '_' + suffix
   4.547 +			rValue = rValue + '\','
   4.548 +		rValue = rValue + ']'
   4.549 +
   4.550 +	else:
   4.551 +		if suffix != '':
   4.552 +			rValue = rValue + '_' + suffix
   4.553 +
   4.554 +	return rValue
   4.555 +
   4.556 +def makeValueAttr( value, suffix='' ):
   4.557 +	return 'value="' + makeValue( value, suffix ) + '"'
   4.558 +
   4.559 +def sendHtmlFormVar( formVar, attrs='' ):
   4.560 +	nameAttr  = ''
   4.561 +	valueAttr = ''
   4.562 +	htmlText  = ''
   4.563 +
   4.564 +	if formVar[0] == 'text':
   4.565 +		if formVar[3] != '':
   4.566 +			nameAttr = makeNameAttr( formVar[3] )
   4.567 +		valueAttr = makeValueAttr( formVar[1] )
   4.568 +
   4.569 +		print '<INPUT type="text"', nameAttr, valueAttr, attrs, '>'
   4.570 +
   4.571 +	elif formVar[0] == 'list':
   4.572 +		if formVar[3] != '':
   4.573 +			nameAttr = makeNameAttr( formVar[3] )
   4.574 +
   4.575 +		print '<SELECT', nameAttr, attrs, '>'
   4.576 +		for option in formVar[1]:
   4.577 +			print '<OPTION>' + option + '</OPTION>'
   4.578 +		print '</SELECT>'
   4.579 +
   4.580 +	elif formVar[0] == 'button':
   4.581 +		if formVar[3] != '':
   4.582 +			nameAttr = makeNameAttr( formVar[3] )
   4.583 +		if formVar[4] != '':
   4.584 +			valueAttr = makeValueAttr( formVar[4] )
   4.585 +
   4.586 +		print '<INPUT type="submit"', nameAttr, valueAttr, attrs, '>'
   4.587 +
   4.588 +	elif formVar[0] == 'radiobutton':
   4.589 +		if formVar[3] != '':
   4.590 +			nameAttr  = makeNameAttr( formVar[3] )
   4.591 +			valueAttr = makeValueAttr( formVar[4][rb_select] )
   4.592 +			htmlText  = formVar[5][rb_select]
   4.593 +			if formVar[4][rb_select] == formVar[1]:
   4.594 +				checked = 'checked'
   4.595 +			else:
   4.596 +				checked = ''
   4.597 +
   4.598 +			print '<INPUT type="radio"', nameAttr, valueAttr, attrs, checked, '>', htmlText
   4.599 +
   4.600 +	elif formVar[0] == 'radiobutton-all':
   4.601 +		if formVar[3] != '':
   4.602 +			nameAttr = makeNameAttr( formVar[3] )
   4.603 +			buttonVals  = formVar[4]
   4.604 +			buttonTexts = formVar[5]
   4.605 +			for i, buttonVal in enumerate( buttonVals ):
   4.606 +				htmlText = ''
   4.607 +				addAttrs = ''
   4.608 +				checked  = ''
   4.609 +
   4.610 +				valueAttr = makeValueAttr( buttonVal )
   4.611 +				if formVar[5] != '':
   4.612 +					htmlText = formVar[5][i]
   4.613 +				if attrs != '':
   4.614 +					addAttrs = attrs[i]
   4.615 +				if buttonVal == formVar[1]:
   4.616 +					checked = 'checked'
   4.617 +
   4.618 +				print '<INPUT type="radio"', nameAttr, valueAttr, addAttrs, checked, '>', htmlText, '<BR>'
   4.619 +
   4.620 +	if formVar[2] != '':
   4.621 +		nameAttr = makeNameAttr( formVar[2] )
   4.622 +		valueAttr = makeValueAttr( formVar[1] )
   4.623 +		print '<INPUT type="hidden"', nameAttr, valueAttr, '>'
   4.624 +
   4.625 +def sendHtmlHeaders( ):
   4.626 +	# HTML headers
   4.627 +	print 'Content-Type: text/html'
   4.628 +	print
   4.629 +
   4.630 +def sendPolicyHtml( ):
   4.631 +	global xmlError, xmlIncomplete, xmlMessages, formXmlGen
   4.632 +
   4.633 +	print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"'
   4.634 +	print '  "http://www.w3.org/TR/html4/loose.dtd">'
   4.635 +
   4.636 +	print '<HTML>'
   4.637 +
   4.638 +	sendHtmlHead( )
   4.639 +
   4.640 +	print '<BODY>'
   4.641 +
   4.642 +	# An input XML file was specified that had errors, output the
   4.643 +	# error information
   4.644 +	if xmlError == 1:
   4.645 +		print '<P>'
   4.646 +		print 'An error has been encountered while processing the input '
   4.647 +		print 'XML file:'
   4.648 +		print '<UL>'
   4.649 +		for msg in xmlMessages:
   4.650 +			print '<LI>'
   4.651 +			print msg
   4.652 +		print '</UL>'
   4.653 +		print '</BODY>'
   4.654 +		print '</HTML>'
   4.655 +		return
   4.656 +
   4.657 +	# When attempting to generate the XML output, all required data was not
   4.658 +	# present, output the error information
   4.659 +	if xmlIncomplete == 1:
   4.660 +		print '<P>'
   4.661 +		print 'An error has been encountered while validating the data'
   4.662 +		print 'required for the output XML file:'
   4.663 +		print '<UL>'
   4.664 +		for msg in xmlMessages:
   4.665 +			print '<LI>'
   4.666 +			print msg
   4.667 +		print '</UL>'
   4.668 +		print '</BODY>'
   4.669 +		print '</HTML>'
   4.670 +		return
   4.671 +
   4.672 +	print '<CENTER>'
   4.673 +	print '<FORM action="' + os.environ['SCRIPT_NAME'] + '" method="post">'
   4.674 +	print '<TABLE class="container">'
   4.675 +	print '  <COLGROUP>'
   4.676 +	print '    <COL width="100%">'
   4.677 +	print '  </COLGROUP>'
   4.678 +
   4.679 +	print '  <TR>'
   4.680 +	print '    <TD>'
   4.681 +	print '      <TABLE>'
   4.682 +	print '        <TR>'
   4.683 +	print '          <TD>'
   4.684 +	sendHtmlFormVar( formDefaultButton, 'class="hidden"' )
   4.685 +	print '          </TD>'
   4.686 +	print '        </TR>'
   4.687 +	print '        <TR>'
   4.688 +	print '          <TD>'
   4.689 +	sendHtmlFormVar( formXmlGen )
   4.690 +	print '          </TD>'
   4.691 +	print '        </TR>'
   4.692 +	print '      </TABLE>'
   4.693 +	print '    </TD>'
   4.694 +	print '  </TR>'
   4.695 +
   4.696 +	# Policy header
   4.697 +	print '  <TR>'
   4.698 +	print '    <TD>'
   4.699 +	sendPHeaderHtml( )
   4.700 +	print '    </TD>'
   4.701 +	print '  </TR>'
   4.702 +
   4.703 +	# Separator
   4.704 +	print '  <TR><TD><HR></TD></TR>'
   4.705 +
   4.706 +	# Policy (types)
   4.707 +	print '  <TR>'
   4.708 +	print '    <TD>'
   4.709 +	print '      <TABLE class="full">'
   4.710 +	print '        <TR>'
   4.711 +	print '          <TD width="49%">'
   4.712 +	sendPSteHtml( )
   4.713 +	print '          </TD>'
   4.714 +	print '          <TD width="2%">&nbsp;</TD>'
   4.715 +	print '          <TD width="49%">'
   4.716 +	sendPChWallHtml( )
   4.717 +	print '          </TD>'
   4.718 +	print '        </TR>'
   4.719 +	print '      </TABLE>'
   4.720 +	print '    </TD>'
   4.721 +	print '  </TR>'
   4.722 +
   4.723 +	print '</TABLE>'
   4.724 +	print '</FORM>'
   4.725 +	print '</CENTER>'
   4.726 +
   4.727 +	print '</BODY>'
   4.728 +
   4.729 +	print '</HTML>'
   4.730 +
   4.731 +def sendHtmlHead( ):
   4.732 +	global headTitle
   4.733 +
   4.734 +	print '<HEAD>'
   4.735 +	print '<STYLE type="text/css">'
   4.736 +	print '<!--'
   4.737 +	print 'BODY            {background-color: #EEEEFF;}'
   4.738 +	print 'TABLE.container {width:  90%; border: 1px solid black; border-collapse: seperate;}'
   4.739 +	print 'TABLE.fullbox   {width: 100%; border: 1px solid black; border-collapse: collapse;}'
   4.740 +	print 'TABLE.full      {width: 100%; border: 0px solid black; border-collapse: collapse;}'
   4.741 +	print 'THEAD           {font-weight: bold; font-size: larger;}'
   4.742 +	print 'TD              {border: 0px solid black; vertical-align: top;}'
   4.743 +	print 'TD.heading      {border: 0px solid black; vertical-align: top; font-weight: bold; font-size: larger;}'
   4.744 +	print 'TD.subheading   {border: 0px solid black; vertical-align: top; font-size: smaller;}'
   4.745 +	print 'TD.fullbox      {border: 1px solid black; vertical-align: top;}'
   4.746 +	print 'SELECT.full     {width: 100%;}'
   4.747 +	print 'INPUT.full      {width: 100%;}'
   4.748 +	print 'INPUT.link      {cursor: pointer; background-color: #EEEEFF; border: 0px; text-decoration: underline; color: blue;}'
   4.749 +	print 'INPUT.hidden    {visibility: hidden; width: 1px; height: 1px;}'
   4.750 +	print ':link           {color: blue;}'
   4.751 +	print ':visited        {color: red;}'
   4.752 +	print '-->'
   4.753 +	print '</STYLE>'
   4.754 +	print '<TITLE>', headTitle, '</TITLE>'
   4.755 +	print '</HEAD>'
   4.756 +
   4.757 +def sendPHeaderHtml( ):
   4.758 +	global formPolicyName, formPolicyDate, formPolicyOrder, formPolicyUpdate
   4.759 +
   4.760 +	# Policy header definition
   4.761 +	print '<TABLE class="full">'
   4.762 +	print '  <COLGROUP>'
   4.763 +	print '    <COL width="20%">'
   4.764 +	print '    <COL width="80%">'
   4.765 +	print '  </COLGROUP>'
   4.766 +	print '  <TR>'
   4.767 +	print '    <TD align="center" colspan="2" class="heading">Policy Information</TD>'
   4.768 +	print '  </TR>'
   4.769 +	print '  <TR>'
   4.770 +	print '    <TD align="right">Name:</TD>'
   4.771 +	print '    <TD align="left">'
   4.772 +	sendHtmlFormVar( formPolicyName, 'class="full"' )
   4.773 +	print '    </TD>'
   4.774 +	print '  </TR>'
   4.775 +	print '  <TR>'
   4.776 +	print '    <TD align="right">Date:</TD>'
   4.777 +	print '    <TD align="left">'
   4.778 +	sendHtmlFormVar( formPolicyDate, 'class="full"' )
   4.779 +	print '    </TD>'
   4.780 +	print '  </TR>'
   4.781 +	print '  <TR>'
   4.782 +	print '    <TD align="right">Primary Policy:</TD>'
   4.783 +	print '    <TD align="left">'
   4.784 +	sendHtmlFormVar( formPolicyOrder )
   4.785 +	print '    </TD>'
   4.786 +	print '  </TR>'
   4.787 +	print '  <TR>'
   4.788 +	print '    <TD align="center" colspan="2">'
   4.789 +	sendHtmlFormVar( formPolicyUpdate )
   4.790 +	print '    </TD>'
   4.791 +	print '  </TR>'
   4.792 +	print '  <TR>'
   4.793 +	print '    <TD align="center" colspan="2" class="subheading">'
   4.794 +	print '      (The Policy Information is updated whenever an action is performed'
   4.795 +	print '       or it can be updated separately using the "Update" button)'
   4.796 +	print '    </TD>'
   4.797 +	print '  </TR>'
   4.798 +	print '</TABLE>'
   4.799 +
   4.800 +def sendPSteHtml( ):
   4.801 +	global formSteTypes, formSteDel, formSteType, formSteAdd
   4.802 +
   4.803 +	# Simple Type Enforcement...
   4.804 +	print '<TABLE class="full">'
   4.805 +	print '  <COLGROUP>'
   4.806 +	print '    <COL width="20%">'
   4.807 +	print '    <COL width="80%">'
   4.808 +	print '  </COLGROUP>'
   4.809 +	print '  <TR>'
   4.810 +	print '    <TD align="center" colspan="2" class="heading">Simple Type Enforcement Types</TD>'
   4.811 +	print '  </TR>'
   4.812 +	print '  <TR>'
   4.813 +	print '    <TD colspan="2">'
   4.814 +	sendHtmlFormVar( formSteTypes, 'class="full" size="4" multiple' )
   4.815 +	print '    </TD>'
   4.816 +	print '  </TR>'
   4.817 +	print '  <TR>'
   4.818 +	print '    <TD>'
   4.819 +	sendHtmlFormVar( formSteDel, 'class="full"' )
   4.820 +	print '    </TD>'
   4.821 +	print '    <TD>'
   4.822 +	print '      Delete the type(s) selected above'
   4.823 +	print '    </TD>'
   4.824 +	print '  </TR>'
   4.825 +	print '  <TR>'
   4.826 +	print '    <TD colspan="2">'
   4.827 +	sendHtmlFormVar( formSteType, 'class="full"' )
   4.828 +	print '    </TD>'
   4.829 +	print '  </TR>'
   4.830 +	print '  <TR>'
   4.831 +	print '    <TD>'
   4.832 +	sendHtmlFormVar( formSteAdd, 'class="full"' )
   4.833 +	print '    </TD>'
   4.834 +	print '    <TD>'
   4.835 +	print '      Create a new type with the above name'
   4.836 +	print '    </TD>'
   4.837 +	print '  </TR>'
   4.838 +	print '</TABLE>'
   4.839 +
   4.840 +def sendPChWallHtml( ):
   4.841 +	global formChWallTypes, formChWallDel, formChWallType, formChWallAdd
   4.842 +	global formCSNames, formCSName, formCSAdd, allCSDel
   4.843 +	global allCSMTypes, allCSMDel, allCSMType, allCSMAdd
   4.844 +
   4.845 +	# Chinese Wall...
   4.846 +	print '<TABLE class="full">'
   4.847 +	print '  <COLGROUP>'
   4.848 +	print '    <COL width="20%">'
   4.849 +	print '    <COL width="80%">'
   4.850 +	print '  </COLGROUP>'
   4.851 +	print '  <TR>'
   4.852 +	print '    <TD align="center" colspan="2" class="heading">Chinese Wall Types</TD>'
   4.853 +	print '  </TR>'
   4.854 +	print '  <TR>'
   4.855 +	print '    <TD colspan="2">'
   4.856 +	sendHtmlFormVar( formChWallTypes, 'class="full" size="4" multiple' )
   4.857 +	print '    </TD>'
   4.858 +	print '  </TR>'
   4.859 +	print '  <TR>'
   4.860 +	print '    <TD>'
   4.861 +	sendHtmlFormVar( formChWallDel, 'class="full"' )
   4.862 +	print '    </TD>'
   4.863 +	print '    <TD>'
   4.864 +	print '      Delete the type(s) selected above'
   4.865 +	print '    </TD>'
   4.866 +	print '  </TR>'
   4.867 +	print '  <TR>'
   4.868 +	print '    <TD colspan="2">'
   4.869 +	sendHtmlFormVar( formChWallType, 'class="full"' )
   4.870 +	print '    </TD>'
   4.871 +	print '  </TR>'
   4.872 +	print '  <TR>'
   4.873 +	print '    <TD>'
   4.874 +	sendHtmlFormVar( formChWallAdd, 'class="full"' )
   4.875 +	print '    </TD>'
   4.876 +	print '    <TD>'
   4.877 +	print '      Create a new type with the above name'
   4.878 +	print '    </TD>'
   4.879 +	print '  </TR>'
   4.880 +
   4.881 +	# Chinese Wall Conflict Sets...
   4.882 +	print '  <TR>'
   4.883 +	print '    <TD colspan="2">'
   4.884 +	print '      <TABLE class="full">'
   4.885 +	print '        <COLGROUP>'
   4.886 +	print '          <COL width="20%">'
   4.887 +	print '          <COL width="30%">'
   4.888 +	print '          <COL width="50%">'
   4.889 +	print '        </COLGROUP>'
   4.890 +	print '        <THEAD>'
   4.891 +	print '          <TR>'
   4.892 +	print '            <TD align="center" colspan="3"><HR></TD>'
   4.893 +	print '          </TR>'
   4.894 +	print '          <TR>'
   4.895 +	print '            <TD align="center" colspan="3">Chinese Wall Conflict Sets</TD>'
   4.896 +	print '          </TR>'
   4.897 +	print '        </THEAD>'
   4.898 +	print '        <TR>'
   4.899 +	print '          <TD colspan="3">'
   4.900 +	sendHtmlFormVar( formCSName, 'class="full"' )
   4.901 +	sendHtmlFormVar( formCSNames )
   4.902 +	print '          </TD>'
   4.903 +	print '        </TR>'
   4.904 +	print '        <TR>'
   4.905 +	print '          <TD>'
   4.906 +	sendHtmlFormVar( formCSAdd, 'class="full"' )
   4.907 +	print '          </TD>'
   4.908 +	print '          <TD colspan="2">'
   4.909 +	print '            Create a new conflict set with the above name'
   4.910 +	print '          </TD>'
   4.911 +	print '        </TR>'
   4.912 +	print '      </TABLE>'
   4.913 +	print '    </TD>'
   4.914 +	print '  </TR>'
   4.915 +	if len( formCSNames[1] ) > 0:
   4.916 +		print '  <TR>'
   4.917 +		print '    <TD colspan="2">'
   4.918 +		print '      &nbsp;'
   4.919 +		print '    </TD>'
   4.920 +		print '  </TR>'
   4.921 +		print '  <TR>'
   4.922 +		print '    <TD colspan="2">'
   4.923 +		print '      <TABLE class="fullbox">'
   4.924 +		print '        <COLGROUP>'
   4.925 +		print '          <COL width="50%">'
   4.926 +		print '          <COL width="50%">'
   4.927 +		print '        </COLGROUP>'
   4.928 +		print '        <THEAD>'
   4.929 +		print '          <TR>'
   4.930 +		print '            <TD class="fullbox">Name</TD>'
   4.931 +		print '            <TD class="fullbox">Actions</TD>'
   4.932 +		print '          </TR>'
   4.933 +		print '        </THEAD>'
   4.934 +		for i, csName in enumerate( formCSNames[1] ):
   4.935 +			print '        <TR>'
   4.936 +			print '          <TD class="fullbox">' + csName + '</TD>'
   4.937 +			print '          <TD class="fullbox">'
   4.938 +			print '            <A href="#' + csName + '">Edit</A>'
   4.939 +			formVar = allCSDel[csName]
   4.940 +			sendHtmlFormVar( formVar, 'class="link"' )
   4.941 +			print '          </TD>'
   4.942 +		print '      </TABLE>'
   4.943 +		print '    </TD>'
   4.944 +		print '  </TR>'
   4.945 +		for csName in formCSNames[1]:
   4.946 +			print '  <TR><TD colspan="2"><HR></TD></TR>'
   4.947 +			print '  <TR>'
   4.948 +			print '    <TD align="center" colspan="2" class="heading"><A name="' + csName + '">Conflict Set: ' + csName + '</A></TD>'
   4.949 +			print '  </TR>'
   4.950 +			print '  <TR>'
   4.951 +			print '    <TD colspan="2">'
   4.952 +			formVar = allCSMTypes[csName];
   4.953 +			sendHtmlFormVar( formVar, 'class="full" size="4" multiple"' )
   4.954 +			print '    </TD>'
   4.955 +			print '  </TR>'
   4.956 +			print '  <TR>'
   4.957 +			print '    <TD>'
   4.958 +			formVar = allCSMDel[csName]
   4.959 +			sendHtmlFormVar( formVar, 'class="full"' )
   4.960 +			print '    </TD>'
   4.961 +			print '    <TD>'
   4.962 +			print '      Delete the type(s) selected above'
   4.963 +			print '    </TD>'
   4.964 +			print '  </TR>'
   4.965 +			print '  <TR>'
   4.966 +			print '    <TD colspan="2">'
   4.967 +			ctSet = Set( formChWallTypes[1] )
   4.968 +			csSet = Set( allCSMTypes[csName][1] )
   4.969 +			formVar = allCSMType[csName]
   4.970 +			formVar[1] = []
   4.971 +			for chwallType in ctSet.difference( csSet ):
   4.972 +				formVar[1].append( chwallType )
   4.973 +			formVar[1].sort( )
   4.974 +			sendHtmlFormVar( formVar, 'class="full" size="2" multiple' )
   4.975 +			print '    </TD>'
   4.976 +			print '  </TR>'
   4.977 +			print '  <TR>'
   4.978 +			print '    <TD>'
   4.979 +			formVar = allCSMAdd[csName]
   4.980 +			sendHtmlFormVar( formVar, 'class="full"' )
   4.981 +			print '    </TD>'
   4.982 +			print '    <TD>'
   4.983 +			print '      Add the type(s) selected above'
   4.984 +			print '    </TD>'
   4.985 +			print '  </TR>'
   4.986 +
   4.987 +	print '</TABLE>'
   4.988 +
   4.989 +def checkXmlData( ):
   4.990 +	global xmlIncomplete
   4.991 +
   4.992 +	# Validate the Policy Header requirements
   4.993 +	if ( len( formPolicyName[1] ) > 0 ) or ( len( formPolicyDate[1] ) > 0 ):
   4.994 +		if ( len( formPolicyName[1] ) == 0 ) or ( len( formPolicyDate[1] ) == 0 ):
   4.995 +			msg = ''
   4.996 +			msg = msg + 'The XML policy schema requires that the Policy '
   4.997 +			msg = msg + 'Information Name and Date fields both have values '
   4.998 +			msg = msg + 'or both not have values.'
   4.999 +			formatXmlGenError( msg )
  4.1000 +
  4.1001 +	if formPolicyOrder[1] == 'v_ChWall':
  4.1002 +		if len( formChWallTypes[1] ) == 0:
  4.1003 +			msg = ''
  4.1004 +			msg = msg + 'You have specified the primary policy to be '
  4.1005 +			msg = msg + 'Chinese Wall but have not created any Chinese '
  4.1006 +			msg = msg + 'Wall types.  Please create some Chinese Wall '
  4.1007 +			msg = msg + 'types or change the primary policy.'
  4.1008 +			formatXmlGenError( msg )
  4.1009 +
  4.1010 +	if formPolicyOrder[1] == 'v_Ste':
  4.1011 +		if len( formSteTypes[1] ) == 0:
  4.1012 +			msg = ''
  4.1013 +			msg = msg + 'You have specified the primary policy to be '
  4.1014 +			msg = msg + 'Simple Type Enforcement but have not created '
  4.1015 +			msg = msg + 'any Simple Type Enforcement types.  Please create '
  4.1016 +			msg = msg + 'some Simple Type Enforcement types or change the '
  4.1017 +			msg = msg + 'primary policy.'
  4.1018 +			formatXmlGenError( msg )
  4.1019 +
  4.1020 +	# Validate the Chinese Wall required data
  4.1021 +	if len( formChWallTypes[1] ) > 0:
  4.1022 +		if len( formCSNames[1] ) == 0:
  4.1023 +			msg = ''
  4.1024 +			msg = msg + 'The XML policy schema for the Chinese Wall '
  4.1025 +			msg = msg + 'requires at least one Conflict Set be defined.'
  4.1026 +			formatXmlGenError( msg )
  4.1027 +
  4.1028 +def sendXmlHeaders( ):
  4.1029 +	# HTML headers
  4.1030 +	print 'Content-Type: text/xml'
  4.1031 +	print 'Content-Disposition: attachment; filename=security_policy.xml'
  4.1032 +	print
  4.1033 +
  4.1034 +def sendPolicyXml( ):
  4.1035 +	print '<?xml version="1.0"?>'
  4.1036 +
  4.1037 +	print '<SecurityPolicyDefinition xmlns="http://www.ibm.com"'
  4.1038 +	print '                          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"'
  4.1039 +	print '                          xsi:schemaLocation="http://www.ibm.com security_policy.xsd">'
  4.1040 +
  4.1041 +	# Policy header
  4.1042 +	sendPHeaderXml( )
  4.1043 +
  4.1044 +	# Policy (types)
  4.1045 +	sendPSteXml( )
  4.1046 +	sendPChWallXml( )
  4.1047 +
  4.1048 +	print '</SecurityPolicyDefinition>'
  4.1049 +
  4.1050 +def sendPHeaderXml( ):
  4.1051 +	global formPolicyName, formPolicyDate
  4.1052 +
  4.1053 +	# Policy header definition
  4.1054 +	if ( len( formPolicyName[1] ) > 0 ) or ( len( formPolicyDate[1] ) > 0 ):
  4.1055 +		print '<PolicyHeader>'
  4.1056 +		print '  <Name>' + formPolicyName[1] + '</Name>'
  4.1057 +		print '  <Date>' + formPolicyDate[1] + '</Date>'
  4.1058 +		print '</PolicyHeader>'
  4.1059 +
  4.1060 +def sendPSteXml( ):
  4.1061 +	global formPolicyOrder, formSteTypes
  4.1062 +
  4.1063 +	# Simple Type Enforcement...
  4.1064 +	if len( formSteTypes[1] ) == 0:
  4.1065 +		return
  4.1066 +
  4.1067 +	if formPolicyOrder[1] == 'v_Ste':
  4.1068 +		print '<SimpleTypeEnforcement priority="PrimaryPolicyComponent">'
  4.1069 +	else:
  4.1070 +		print '<SimpleTypeEnforcement>'
  4.1071 +
  4.1072 +	print '  <SimpleTypeEnforcementTypes>'
  4.1073 +	for steType in formSteTypes[1]:
  4.1074 +		print '    <Type>' + steType + '</Type>'
  4.1075 +	print '  </SimpleTypeEnforcementTypes>'
  4.1076 +
  4.1077 +	print '</SimpleTypeEnforcement>'
  4.1078 +
  4.1079 +def sendPChWallXml( ):
  4.1080 +	global formPolicyOrder, formChWallTypes
  4.1081 +	global formCSNames, allCSMTypes
  4.1082 +
  4.1083 +	# Chinese Wall...
  4.1084 +	if len( formChWallTypes[1] ) == 0:
  4.1085 +		return
  4.1086 +
  4.1087 +	if formPolicyOrder[1] == 'v_ChWall':
  4.1088 +		print '<ChineseWall priority="PrimaryPolicyComponent">'
  4.1089 +	else:
  4.1090 +		print '<ChineseWall>'
  4.1091 +
  4.1092 +	print '  <ChineseWallTypes>'
  4.1093 +	for chWallType in formChWallTypes[1]:
  4.1094 +		print '    <Type>' + chWallType + '</Type>'
  4.1095 +	print '  </ChineseWallTypes>'
  4.1096 +
  4.1097 +	# Chinese Wall Conflict Sets...
  4.1098 +	print '  <ConflictSets>'
  4.1099 +	for cs in formCSNames[1]:
  4.1100 +		formVar = allCSMTypes[cs]
  4.1101 +		if len( formVar[1] ) == 0:
  4.1102 +			continue
  4.1103 +		print '    <Conflict name="' + cs + '">'
  4.1104 +		for csm in formVar[1]:
  4.1105 +			print '      <Type>' + csm + '</Type>'
  4.1106 +		print '    </Conflict>'
  4.1107 +	print '  </ConflictSets>'
  4.1108 +
  4.1109 +	print '</ChineseWall>'
  4.1110 +
  4.1111 +
  4.1112 +# Set up initial HTML variables
  4.1113 +headTitle = 'Xen Policy Generation'
  4.1114 +
  4.1115 +# Form variables
  4.1116 +#   The format of these variables is as follows:
  4.1117 +#   [ p0, p1, p2, p3, p4, p5 ]
  4.1118 +#     p0 = input type
  4.1119 +#     p1 = the current value of the variable
  4.1120 +#     p2 = the hidden input name attribute
  4.1121 +#     p3 = the name attribute
  4.1122 +#     p4 = the value attribute
  4.1123 +#     p5 = text to associate with the tag
  4.1124 +formPolicyName    = [ 'text',
  4.1125 +			'',
  4.1126 +			'h_policyName',
  4.1127 +			'i_policyName',
  4.1128 +			'',
  4.1129 +			'',
  4.1130 +		    ]
  4.1131 +formPolicyDate    = [ 'text',
  4.1132 +			getCurrentTime( ),
  4.1133 +			'h_policyDate',
  4.1134 +			'i_policyDate',
  4.1135 +			'',
  4.1136 +			'',
  4.1137 +		    ]
  4.1138 +formPolicyOrder   = [ 'radiobutton-all',
  4.1139 +			'v_ChWall',
  4.1140 +			'h_policyOrder',
  4.1141 +			'i_policyOrder',
  4.1142 +			[ 'v_Ste', 'v_ChWall' ],
  4.1143 +			[ 'Simple Type Enforcement', 'Chinese Wall' ],
  4.1144 +		    ]
  4.1145 +formPolicyUpdate  = [ 'button',
  4.1146 +			'',
  4.1147 +			'',
  4.1148 +			'i_PolicyUpdate',
  4.1149 +			'Update',
  4.1150 +			'',
  4.1151 +		    ]
  4.1152 +
  4.1153 +formSteTypes      = [ 'list',
  4.1154 +			[],
  4.1155 +			'h_steTypes',
  4.1156 +			'i_steTypes',
  4.1157 +			'',
  4.1158 +			'',
  4.1159 +		    ]
  4.1160 +formSteDel        = [ 'button',
  4.1161 +			'',
  4.1162 +			'',
  4.1163 +			'i_steDel',
  4.1164 +			'Delete',
  4.1165 +			'',
  4.1166 +		    ]
  4.1167 +formSteType       = [ 'text',
  4.1168 +			'',
  4.1169 +			'',
  4.1170 +			'i_steType',
  4.1171 +			'',
  4.1172 +			'',
  4.1173 +		    ]
  4.1174 +formSteAdd        = [ 'button',
  4.1175 +			'',
  4.1176 +			'',
  4.1177 +			'i_steAdd',
  4.1178 +			'New',
  4.1179 +			'',
  4.1180 +		    ]
  4.1181 +
  4.1182 +formChWallTypes   = [ 'list',
  4.1183 +			[],
  4.1184 +			'h_chwallTypes',
  4.1185 +			'i_chwallTypes',
  4.1186 +			'',
  4.1187 +			'',
  4.1188 +		    ]
  4.1189 +formChWallDel     = [ 'button',
  4.1190 +			'',
  4.1191 +			'',
  4.1192 +			'i_chwallDel',
  4.1193 +			'Delete',
  4.1194 +			'',
  4.1195 +		    ]
  4.1196 +formChWallType    = [ 'text',
  4.1197 +			'',
  4.1198 +			'',
  4.1199 +			'i_chwallType',
  4.1200 +			'',
  4.1201 +			'',
  4.1202 +		    ]
  4.1203 +formChWallAdd     = [ 'button',
  4.1204 +			'',
  4.1205 +			'',
  4.1206 +			'i_chwallAdd',
  4.1207 +			'New',
  4.1208 +			'',
  4.1209 +		    ]
  4.1210 +
  4.1211 +formCSNames       = [ '',
  4.1212 +			[],
  4.1213 +			'h_csNames',
  4.1214 +			'',
  4.1215 +			'',
  4.1216 +			'',
  4.1217 +		    ]
  4.1218 +formCSName        = [ 'text',
  4.1219 +			'',
  4.1220 +			'',
  4.1221 +			'i_csName',
  4.1222 +			'',
  4.1223 +			'',
  4.1224 +		    ]
  4.1225 +formCSAdd         = [ 'button',
  4.1226 +			'',
  4.1227 +			'',
  4.1228 +			'i_csAdd',
  4.1229 +			'New',
  4.1230 +			'',
  4.1231 +		    ]
  4.1232 +
  4.1233 +formXmlGen          = [ 'button',
  4.1234 +			'',
  4.1235 +			'',
  4.1236 +			'i_xmlGen',
  4.1237 +			'Generate XML',
  4.1238 +			'',
  4.1239 +		    ]
  4.1240 +
  4.1241 +formDefaultButton = [ 'button',
  4.1242 +			'',
  4.1243 +			'',
  4.1244 +			'i_defaultButton',
  4.1245 +			'.',
  4.1246 +			'',
  4.1247 +		    ]
  4.1248 +
  4.1249 +# This is a set of templates used for each conflict set
  4.1250 +#   Each conflict set is initially assigned these templates,
  4.1251 +#   then each form attribute value is changed to append
  4.1252 +#   "_conflict-set-name" for uniqueness
  4.1253 +templateCSDel     = [ 'button',
  4.1254 +			'',
  4.1255 +			'',
  4.1256 +			'i_csDel',
  4.1257 +			'Delete',
  4.1258 +			'',
  4.1259 +		    ]
  4.1260 +allCSDel          = {};
  4.1261 +
  4.1262 +templateCSMTypes  = [ 'list',
  4.1263 +			[],
  4.1264 +			'h_csmTypes',
  4.1265 +			'i_csmTypes',
  4.1266 +			'',
  4.1267 +			'',
  4.1268 +		    ]
  4.1269 +templateCSMDel    = [ 'button',
  4.1270 +			'',
  4.1271 +			'',
  4.1272 +			'i_csmDel',
  4.1273 +			'Delete',
  4.1274 +			'',
  4.1275 +		    ]
  4.1276 +templateCSMType   = [ 'list',
  4.1277 +			[],
  4.1278 +			'',
  4.1279 +			'i_csmType',
  4.1280 +			'',
  4.1281 +			'',
  4.1282 +		    ]
  4.1283 +templateCSMAdd    = [ 'button',
  4.1284 +			'',
  4.1285 +			'',
  4.1286 +			'i_csmAdd',
  4.1287 +			'Add',
  4.1288 +			'',
  4.1289 +		    ]
  4.1290 +allCSMTypes       = {};
  4.1291 +allCSMDel         = {};
  4.1292 +allCSMType        = {};
  4.1293 +allCSMAdd         = {};
  4.1294 +
  4.1295 +# A list of all form variables used for saving info across requests
  4.1296 +formVariables     = [ formPolicyName,
  4.1297 +			formPolicyDate,
  4.1298 +			formPolicyOrder,
  4.1299 +			formSteTypes,
  4.1300 +			formChWallTypes,
  4.1301 +			formCSNames,
  4.1302 +		    ]
  4.1303 +
  4.1304 +policyXml         = ''
  4.1305 +xmlError          = 0
  4.1306 +xmlIncomplete     = 0
  4.1307 +xmlMessages       = []
  4.1308 +
  4.1309 +
  4.1310 +# Extract any form data
  4.1311 +formData = cgi.FieldStorage( )
  4.1312 +
  4.1313 +# Process the form
  4.1314 +getSavedData( )
  4.1315 +processRequest( )
  4.1316 +
  4.1317 +if formData.has_key( formXmlGen[3] ):
  4.1318 +	# Generate and send the XML file
  4.1319 +	checkXmlData( )
  4.1320 +
  4.1321 +	if xmlIncomplete == 0:
  4.1322 +		sendXmlHeaders( )
  4.1323 +		sendPolicyXml( )
  4.1324 +
  4.1325 +if (not formData.has_key( formXmlGen[3] )) or (xmlIncomplete == 1 ):
  4.1326 +	# Send HTML to continue processing the form
  4.1327 +	sendHtmlHeaders( )
  4.1328 +	sendPolicyHtml( )
     5.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     5.2 +++ b/tools/security/python/xensec_gen/cgi-bin/policylabel.cgi	Tue Dec 13 17:12:59 2005 +0100
     5.3 @@ -0,0 +1,1396 @@
     5.4 +#!/usr/bin/python
     5.5 +#
     5.6 +# The Initial Developer of the Original Code is International
     5.7 +# Business Machines Corporation. Portions created by IBM
     5.8 +# Corporation are Copyright (C) 2005 International Business
     5.9 +# Machines Corporation. All Rights Reserved.
    5.10 +#
    5.11 +# This program is free software; you can redistribute it and/or modify
    5.12 +# it under the terms of the GNU General Public License as published by
    5.13 +# the Free Software Foundation; either version 2 of the License,
    5.14 +# or (at your option) any later version.
    5.15 +#
    5.16 +# This program is distributed in the hope that it will be useful,
    5.17 +# but WITHOUT ANY WARRANTY; without even the implied warranty of
    5.18 +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    5.19 +# GNU General Public License for more details.
    5.20 +#
    5.21 +# You should have received a copy of the GNU General Public License
    5.22 +# along with this program; if not, write to the Free Software
    5.23 +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
    5.24 +#
    5.25 +
    5.26 +import os
    5.27 +import cgi
    5.28 +import cgitb; cgitb.enable( )
    5.29 +import time
    5.30 +import xml.dom.minidom
    5.31 +import xml.sax
    5.32 +import xml.sax.handler
    5.33 +from StringIO import StringIO
    5.34 +from sets import Set
    5.35 +
    5.36 +def getSavedData( ):
    5.37 +	global formData, policyXml, policyLabelXml
    5.38 +	global formVariables, formVmNames
    5.39 +	global allVmChWs, allVmStes
    5.40 +
    5.41 +	# Process the XML upload policy file
    5.42 +	if formData.has_key( 'i_policy' ):
    5.43 +		dataList = formData.getlist( 'i_policy' )
    5.44 +		if len( dataList ) > 0:
    5.45 +			policyXml = dataList[0].strip( )
    5.46 +
    5.47 +	# The XML upload policy file must be specified at the start
    5.48 +	if formData.has_key( 'i_policyLabelCreate' ):
    5.49 +		if policyXml == '':
    5.50 +			msg = ''
    5.51 +			msg = msg + 'A Policy file was not supplied.  A Policy file '
    5.52 +			msg = msg + 'must be supplied in order to successfully create '
    5.53 +			msg = msg + 'a Policy Labeling file.'
    5.54 +			formatXmlError( msg )
    5.55 +
    5.56 +	# Process the XML upload policy label file
    5.57 +	if formData.has_key( 'i_policyLabel' ):
    5.58 +		dataList = formData.getlist( 'i_policyLabel' )
    5.59 +		if len( dataList ) > 0:
    5.60 +			policyLabelXml = dataList[0].strip( )
    5.61 +
    5.62 +	# Process all the hidden input variables (if present)
    5.63 +	for formVar in formVariables:
    5.64 +		if formVar[2] == '':
    5.65 +			continue
    5.66 +
    5.67 +		if formData.has_key( formVar[2] ):
    5.68 +			dataList = formData.getlist( formVar[2] )
    5.69 +			if len( dataList ) > 0:
    5.70 +				if isinstance( formVar[1], list ):
    5.71 +					exec 'formVar[1] = ' + dataList[0]
    5.72 +				else:
    5.73 +					formVar[1] = dataList[0]
    5.74 +
    5.75 +	# The form can contain any number of "Virtual Machines"
    5.76 +	#   so update the list of form variables to include
    5.77 +	#   each virtual machine (hidden input variable)
    5.78 +	for vmName in formVmNames[1]:
    5.79 +		newVm( vmName )
    5.80 +
    5.81 +		vmFormVar = allVmChWs[vmName]
    5.82 +		if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ):
    5.83 +			dataList = formData.getlist( vmFormVar[2] )
    5.84 +			if len( dataList ) > 0:
    5.85 +				if isinstance( vmFormVar[1], list ):
    5.86 +					exec 'vmFormVar[1] = ' + dataList[0]
    5.87 +				else:
    5.88 +					vmFormVar[1] = dataList[0]
    5.89 +
    5.90 +		vmFormVar = allVmStes[vmName]
    5.91 +		if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ):
    5.92 +			dataList = formData.getlist( vmFormVar[2] )
    5.93 +			if len( dataList ) > 0:
    5.94 +				if isinstance( vmFormVar[1], list ):
    5.95 +					exec 'vmFormVar[1] = ' + dataList[0]
    5.96 +				else:
    5.97 +					vmFormVar[1] = dataList[0]
    5.98 +
    5.99 +def getCurrentTime( ):
   5.100 +	return time.strftime( '%Y-%m-%d %H:%M:%S', time.localtime( ) )
   5.101 +
   5.102 +def getName( domNode ):
   5.103 +	nameNodes = domNode.getElementsByTagName( 'Name' )
   5.104 +	if len( nameNodes ) == 0:
   5.105 +		formatXmlError( '"<Name>" tag is missing' )
   5.106 +		return None
   5.107 +
   5.108 +	name = ''
   5.109 +	for childNode in nameNodes[0].childNodes:
   5.110 +		if childNode.nodeType == xml.dom.Node.TEXT_NODE:
   5.111 +			name = name + childNode.data
   5.112 +
   5.113 +	return name
   5.114 +
   5.115 +def getDate( domNode ):
   5.116 +	dateNodes = domNode.getElementsByTagName( 'Date' )
   5.117 +	if len( dateNodes ) == 0:
   5.118 +		formatXmlError( '"<Date>" tag is missing' )
   5.119 +		return None
   5.120 +
   5.121 +	date = ''
   5.122 +	for childNode in dateNodes[0].childNodes:
   5.123 +		if childNode.nodeType == xml.dom.Node.TEXT_NODE:
   5.124 +			date = date + childNode.data
   5.125 +
   5.126 +	return date
   5.127 +
   5.128 +def getDefUrl( domNode ):
   5.129 +	domNodes = domNode.getElementsByTagName( 'PolicyName' )
   5.130 +	if len( domNodes ) == 0:
   5.131 +		formatXmlError( '"<PolicyName>" tag is missing' )
   5.132 +		return None
   5.133 +
   5.134 +	urlNodes = domNode.getElementsByTagName( 'Url' )
   5.135 +	if len( urlNodes ) == 0:
   5.136 +		formatXmlError( '"<Url>" tag is missing' )
   5.137 +		return None
   5.138 +
   5.139 +	url = ''
   5.140 +	for childNode in urlNodes[0].childNodes:
   5.141 +		if childNode.nodeType == xml.dom.Node.TEXT_NODE:
   5.142 +			url = url + childNode.data
   5.143 +
   5.144 +	return url
   5.145 +
   5.146 +def getDefRef( domNode ):
   5.147 +	domNodes = domNode.getElementsByTagName( 'PolicyName' )
   5.148 +	if len( domNodes ) == 0:
   5.149 +		formatXmlError( '"<PolicyName>" tag is missing' )
   5.150 +		return None
   5.151 +
   5.152 +	refNodes = domNode.getElementsByTagName( 'Reference' )
   5.153 +	if len( refNodes ) == 0:
   5.154 +		formatXmlError( '"<Reference>" tag is missing' )
   5.155 +		return None
   5.156 +
   5.157 +	ref = ''
   5.158 +	for childNode in refNodes[0].childNodes:
   5.159 +		if childNode.nodeType == xml.dom.Node.TEXT_NODE:
   5.160 +			ref = ref + childNode.data
   5.161 +
   5.162 +	return ref
   5.163 +
   5.164 +def getSteTypes( domNode, missingIsError = 0 ):
   5.165 +	steNodes = domNode.getElementsByTagName( 'SimpleTypeEnforcementTypes' )
   5.166 +	if len( steNodes ) == 0:
   5.167 +		if missingIsError == 1:
   5.168 +			formatXmlError( '"<SimpleTypeEnforcementTypes>" tag is missing' )
   5.169 +			return None
   5.170 +		else:
   5.171 +			return []
   5.172 +
   5.173 +	return getTypes( steNodes[0] )
   5.174 +
   5.175 +def getChWTypes( domNode, missingIsError = 0 ):
   5.176 +	chwNodes = domNode.getElementsByTagName( 'ChineseWallTypes' )
   5.177 +	if len( chwNodes ) == 0:
   5.178 +		if missingIsError == 1:
   5.179 +			formatXmlError( '"<ChineseWallTypes>" tag is missing' )
   5.180 +			return None
   5.181 +		else:
   5.182 +			return []
   5.183 +
   5.184 +	return getTypes( chwNodes[0] )
   5.185 +
   5.186 +def getTypes( domNode ):
   5.187 +	types = []
   5.188 +
   5.189 +	domNodes = domNode.getElementsByTagName( 'Type' )
   5.190 +	if len( domNodes ) == 0:
   5.191 +		formatXmlError( '"<Type>" tag is missing' )
   5.192 +		return None
   5.193 +
   5.194 +	for domNode in domNodes:
   5.195 +		typeText = ''
   5.196 +		for childNode in domNode.childNodes:
   5.197 +			if childNode.nodeType == xml.dom.Node.TEXT_NODE:
   5.198 +				typeText = typeText + childNode.data
   5.199 +
   5.200 +		if typeText == '':
   5.201 +			formatXmlError( 'No text associated with the "<Type>" tag' )
   5.202 +			return None
   5.203 +
   5.204 +		types.append( typeText )
   5.205 +
   5.206 +	return types
   5.207 +
   5.208 +def formatXmlError( msg, xml = '', lineNum = -1, colNum = -1 ):
   5.209 +	global xmlMessages, xmlError
   5.210 +
   5.211 +	xmlError = 1
   5.212 +	addMsg = cgi.escape( msg )
   5.213 +
   5.214 +	if lineNum != -1:
   5.215 +		sio = StringIO( xml )
   5.216 +		for xmlLine in sio:
   5.217 +			lineNum = lineNum - 1
   5.218 +			if lineNum == 0:
   5.219 +				break;
   5.220 +
   5.221 +		addMsg += '<BR><PRE>' + cgi.escape( xmlLine.rstrip( ) )
   5.222 +
   5.223 +		if colNum != -1:
   5.224 +			errLine = ''
   5.225 +			for i in range( colNum ):
   5.226 +				errLine = errLine + '-'
   5.227 +
   5.228 +			addMsg += '\n' + errLine + '^'
   5.229 +
   5.230 +		addMsg += '</PRE>'
   5.231 +
   5.232 +	xmlMessages.append( addMsg )
   5.233 +
   5.234 +def formatXmlGenError( msg ):
   5.235 +	global xmlMessages, xmlIncomplete
   5.236 +
   5.237 +	xmlIncomplete = 1
   5.238 +	xmlMessages.append( cgi.escape( msg ) )
   5.239 +
   5.240 +def parseXml( xmlInput ):
   5.241 +	global xmlMessages, xmlError, xmlLine, xmlColumn
   5.242 +
   5.243 +	xmlParser  = xml.sax.make_parser( )
   5.244 +	try:
   5.245 +		domDoc = xml.dom.minidom.parseString( xmlInput, xmlParser )
   5.246 +
   5.247 +	except xml.sax.SAXParseException, xmlErr:
   5.248 +		msg = ''
   5.249 +		msg = msg + 'XML parsing error occurred at line '
   5.250 +		msg = msg + `xmlErr.getLineNumber( )`
   5.251 +		msg = msg + ', column '
   5.252 +		msg = msg + `xmlErr.getColumnNumber( )`
   5.253 +		msg = msg + ': reason = "'
   5.254 +		msg = msg + xmlErr.getMessage( )
   5.255 +		msg = msg + '"'
   5.256 +		formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), xmlErr.getColumnNumber( ) )
   5.257 +		return None
   5.258 +
   5.259 +	except xml.sax.SAXException, xmlErr:
   5.260 +		msg = ''
   5.261 +		msg = msg + 'XML Parsing error: ' + `xmlErr`
   5.262 +		formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), xmlErr.getColumnNumber( ) )
   5.263 +		return None
   5.264 +
   5.265 +	return domDoc
   5.266 +
   5.267 +def parsePolicyXml( ):
   5.268 +	global policyXml
   5.269 +	global formSteTypes, formChWallTypes
   5.270 +
   5.271 +	domDoc = parseXml( policyXml )
   5.272 +	if domDoc == None:
   5.273 +		return
   5.274 +
   5.275 +	domRoot  = domDoc.documentElement
   5.276 +	domNodes = domRoot.getElementsByTagName( 'SimpleTypeEnforcement' )
   5.277 +	if len( domNodes ) > 0:
   5.278 +		steTypes = getSteTypes( domNodes[0], 1 )
   5.279 +		if steTypes == None:
   5.280 +			msg = ''
   5.281 +			msg = msg + 'Error processing the SimpleTypeEnforcement types.\n'
   5.282 +			msg = msg + 'Please validate the Policy Definition file used.'
   5.283 +			formatXmlError( msg )
   5.284 +			return
   5.285 +
   5.286 +		formSteTypes[1] = steTypes
   5.287 +
   5.288 +	domNodes = domRoot.getElementsByTagName( 'ChineseWall' )
   5.289 +	if len( domNodes ) > 0:
   5.290 +		chwTypes = getChWTypes( domNodes[0], 1 )
   5.291 +		if chwTypes == None:
   5.292 +			msg = ''
   5.293 +			msg = msg + 'Error processing the ChineseWall types.\n'
   5.294 +			msg = msg + 'Please validate the Policy Definition file used.'
   5.295 +			formatXmlError( msg )
   5.296 +			return
   5.297 +
   5.298 +		formChWallTypes[1] = chwTypes
   5.299 +
   5.300 +def parsePolicyLabelXml( ):
   5.301 +	global policyLabelXml
   5.302 +
   5.303 +	domDoc = parseXml( policyLabelXml )
   5.304 +	if domDoc == None:
   5.305 +		return
   5.306 +
   5.307 +	domRoot     = domDoc.documentElement
   5.308 +	domHeaders = domRoot.getElementsByTagName( 'LabelHeader' )
   5.309 +	if len( domHeaders ) == 0:
   5.310 +		msg = ''
   5.311 +		msg = msg + '"<LabelHeader>" tag is missing.\n'
   5.312 +		msg = msg + 'Please validate the Policy Labeling file used.'
   5.313 +		formatXmlError( msg )
   5.314 +		return
   5.315 +
   5.316 +	pName = getName( domHeaders[0] )
   5.317 +	if pName == None:
   5.318 +		msg = ''
   5.319 +		msg = msg + 'Error processing the Policy Labeling header information.\n'
   5.320 +		msg = msg + 'Please validate the Policy Labeling file used.'
   5.321 +		formatXmlError( msg )
   5.322 +		return
   5.323 +
   5.324 +	formPolicyLabelName[1] = pName
   5.325 +
   5.326 +	pDate = getDate( domHeaders[0] )
   5.327 +	if pDate == None:
   5.328 +		msg = ''
   5.329 +		msg = msg + 'Error processing the Policy Labeling header information.\n'
   5.330 +		msg = msg + 'Please validate the Policy Labeling file used.'
   5.331 +		formatXmlError( msg )
   5.332 +		return
   5.333 +
   5.334 +	formPolicyLabelDate[1] = pDate
   5.335 +
   5.336 +	pUrl = getDefUrl( domHeaders[0] )
   5.337 +	if pUrl == None:
   5.338 +		msg = ''
   5.339 +		msg = msg + 'Error processing the Policy Labeling header information.\n'
   5.340 +		msg = msg + 'Please validate the Policy Labeling file used.'
   5.341 +		formatXmlError( msg )
   5.342 +		return
   5.343 +
   5.344 +	formPolicyUrl[1] = pUrl
   5.345 +
   5.346 +	pRef = getDefRef( domHeaders[0] )
   5.347 +	if pRef == None:
   5.348 +		msg = ''
   5.349 +		msg = msg + 'Error processing the Policy Labeling header information.\n'
   5.350 +		msg = msg + 'Please validate the Policy Labeling file used.'
   5.351 +		formatXmlError( msg )
   5.352 +		return
   5.353 +
   5.354 +	formPolicyRef[1] = pRef
   5.355 +
   5.356 +	domSubjects = domRoot.getElementsByTagName( 'SubjectLabels' )
   5.357 +	if len( domSubjects ) > 0:
   5.358 +		formVmNameDom0[1] = domSubjects[0].getAttribute( 'bootstrap' )
   5.359 +		domNodes = domSubjects[0].getElementsByTagName( 'VirtualMachineLabel' )
   5.360 +		for domNode in domNodes:
   5.361 +			vmName = getName( domNode )
   5.362 +			if vmName == None:
   5.363 +				msg = ''
   5.364 +				msg = msg + 'Error processing the VirtualMachineLabel name.\n'
   5.365 +				msg = msg + 'Please validate the Policy Labeling file used.'
   5.366 +				formatXmlError( msg )
   5.367 +				continue
   5.368 +
   5.369 +			steTypes = getSteTypes( domNode )
   5.370 +			if steTypes == None:
   5.371 +				msg = ''
   5.372 +				msg = msg + 'Error processing the SimpleTypeEnforcement types.\n'
   5.373 +				msg = msg + 'Please validate the Policy Labeling file used.'
   5.374 +				formatXmlError( msg )
   5.375 +				return
   5.376 +
   5.377 +			chwTypes = getChWTypes( domNode )
   5.378 +			if chwTypes == None:
   5.379 +				msg = ''
   5.380 +				msg = msg + 'Error processing the ChineseWall types.\n'
   5.381 +				msg = msg + 'Please validate the Policy Labeling file used.'
   5.382 +				formatXmlError( msg )
   5.383 +				return
   5.384 +
   5.385 +			newVm( vmName, 1 )
   5.386 +			allVmStes[vmName][1] = steTypes
   5.387 +			allVmChWs[vmName][1] = chwTypes
   5.388 +
   5.389 +def removeDups( curList ):
   5.390 +	newList = []
   5.391 +	curSet  = Set( curList )
   5.392 +	for x in curSet:
   5.393 +		newList.append( x )
   5.394 +	newList.sort( )
   5.395 +
   5.396 +	return newList
   5.397 +
   5.398 +def newVm( vmName, addToList = 0 ):
   5.399 +	global formVmNames
   5.400 +	global templateVmDel, allVmDel, templateVmDom0, allVmDom0
   5.401 +	global templateVmChWs, templateVmChWDel, templateVmChW, templateVmChWAdd
   5.402 +	global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd
   5.403 +	global templateVmStes, templateVmSteDel, templateVmSte, templateVmSteAdd
   5.404 +	global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd
   5.405 +
   5.406 +	# Make sure we have an actual name and check one of the 'all'
   5.407 +	# variables to be sure it hasn't been previously defined
   5.408 +	if (len( vmName ) > 0) and (not allVmDom0.has_key( vmName )):
   5.409 +		vmSuffix = '_' + vmName
   5.410 +		allVmDom0[vmName]   = modFormTemplate( templateVmDom0,   vmSuffix )
   5.411 +		allVmDel[vmName]    = modFormTemplate( templateVmDel,    vmSuffix )
   5.412 +		allVmChWs[vmName]   = modFormTemplate( templateVmChWs,   vmSuffix )
   5.413 +		allVmChWDel[vmName] = modFormTemplate( templateVmChWDel, vmSuffix )
   5.414 +		allVmChW[vmName]    = modFormTemplate( templateVmChW,    vmSuffix )
   5.415 +		allVmChWAdd[vmName] = modFormTemplate( templateVmChWAdd, vmSuffix )
   5.416 +		allVmStes[vmName]   = modFormTemplate( templateVmStes,   vmSuffix )
   5.417 +		allVmSteDel[vmName] = modFormTemplate( templateVmSteDel, vmSuffix )
   5.418 +		allVmSte[vmName]    = modFormTemplate( templateVmSte,    vmSuffix )
   5.419 +		allVmSteAdd[vmName] = modFormTemplate( templateVmSteAdd, vmSuffix )
   5.420 +		if addToList == 1:
   5.421 +			formVmNames[1].append( vmName )
   5.422 +			formVmNames[1] = removeDups( formVmNames[1] )
   5.423 +
   5.424 +def updateInfo( ):
   5.425 +	global formData, formPolicyLabelName, formPolicyLabelDate
   5.426 +	global formPolicyUrl, formPolicyRef
   5.427 +
   5.428 +	if formData.has_key( formPolicyLabelName[3] ):
   5.429 +		formPolicyLabelName[1] = formData[formPolicyLabelName[3]].value
   5.430 +	elif formData.has_key( formPolicyLabelUpdate[3] ):
   5.431 +		formPolicyLabelName[1] = ''
   5.432 +
   5.433 +	if formData.has_key( formPolicyLabelDate[3] ):
   5.434 +		formPolicyLabelDate[1] = formData[formPolicyLabelDate[3]].value
   5.435 +	elif formData.has_key( formPolicyLabelUpdate[3] ):
   5.436 +		formPolicyLabelDate[1] = ''
   5.437 +
   5.438 +	if formData.has_key( formPolicyUrl[3] ):
   5.439 +		formPolicyUrl[1] = formData[formPolicyUrl[3]].value
   5.440 +	elif formData.has_key( formPolicyLabelUpdate[3] ):
   5.441 +		formPolicyUrl[1] = ''
   5.442 +
   5.443 +	if formData.has_key( formPolicyRef[3] ):
   5.444 +		formPolicyRef[1] = formData[formPolicyRef[3]].value
   5.445 +	elif formData.has_key( formPolicyLabelUpdate[3] ):
   5.446 +		formPolicyRef[1] = ''
   5.447 +
   5.448 +def addVm( ):
   5.449 +	global formData, fromVmName, formVmNames, formVmNameDom0
   5.450 +
   5.451 +	if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( formVmAdd[3] )):
   5.452 +		if formData.has_key( formVmName[3] ):
   5.453 +			vmName = formData[formVmName[3]].value
   5.454 +			vmName = vmName.strip( )
   5.455 +			newVm( vmName, 1 )
   5.456 +			if formVmNameDom0[1] == '':
   5.457 +				formVmNameDom0[1] = vmName
   5.458 +
   5.459 +def delVm( vmName ):
   5.460 +	global formVmNames, formVmNameDom0
   5.461 +	global allVmDel, allVmDom0
   5.462 +	global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd
   5.463 +	global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd
   5.464 +
   5.465 +	vmName = vmName.strip( )
   5.466 +	formVmNames[1].remove( vmName )
   5.467 +	del allVmDom0[vmName]
   5.468 +	del allVmDel[vmName]
   5.469 +	del allVmChWs[vmName]
   5.470 +	del allVmChWDel[vmName]
   5.471 +	del allVmChW[vmName]
   5.472 +	del allVmChWAdd[vmName]
   5.473 +	del allVmStes[vmName]
   5.474 +	del allVmSteDel[vmName]
   5.475 +	del allVmSte[vmName]
   5.476 +	del allVmSteAdd[vmName]
   5.477 +
   5.478 +	if formVmNameDom0[1] == vmName:
   5.479 +		if len( formVmNames[1] ) > 0:
   5.480 +			formVmNameDom0[1] = formVmNames[1][0]
   5.481 +		else:
   5.482 +			formVmNameDom0[1] = ''
   5.483 +
   5.484 +def makeVmDom0( vmName ):
   5.485 +	global formVmNameDom0
   5.486 +
   5.487 +	vmName = vmName.strip( )
   5.488 +	formVmNameDom0[1] = vmName
   5.489 +
   5.490 +def addVmChW( chwName ):
   5.491 +	global formData, allVmChW, allVmChWs
   5.492 +
   5.493 +	formVar = allVmChW[chwName]
   5.494 +	if formData.has_key( formVar[3] ):
   5.495 +		chwList = formData.getlist( formVar[3] )
   5.496 +		formVar = allVmChWs[chwName]
   5.497 +		for chw in chwList:
   5.498 +			chw = chw.strip( )
   5.499 +			formVar[1].append( chw )
   5.500 +			formVar[1] = removeDups( formVar[1] )
   5.501 +
   5.502 +def delVmChW( chwName ):
   5.503 +	global formData, allVmChWs
   5.504 +
   5.505 +	formVar = allVmChWs[chwName]
   5.506 +	if formData.has_key( formVar[3] ):
   5.507 +		chwList = formData.getlist( formVar[3] )
   5.508 +		for chw in chwList:
   5.509 +			chw = chw.strip( )
   5.510 +			formVar[1].remove( chw )
   5.511 +
   5.512 +def addVmSte( steName ):
   5.513 +	global formData, allVmSte, allVmStes
   5.514 +
   5.515 +	formVar = allVmSte[steName]
   5.516 +	if formData.has_key( formVar[3] ):
   5.517 +		steList = formData.getlist( formVar[3] )
   5.518 +		formVar = allVmStes[steName]
   5.519 +		for ste in steList:
   5.520 +			ste = ste.strip( )
   5.521 +			formVar[1].append( ste )
   5.522 +			formVar[1] = removeDups( formVar[1] )
   5.523 +
   5.524 +def delVmSte( steName ):
   5.525 +	global formData, allVmStes
   5.526 +
   5.527 +	formVar = allVmStes[steName]
   5.528 +	if formData.has_key( formVar[3] ):
   5.529 +		steList = formData.getlist( formVar[3] )
   5.530 +		for ste in steList:
   5.531 +			ste = ste.strip( )
   5.532 +			formVar[1].remove( ste )
   5.533 +
   5.534 +def processRequest( ):
   5.535 +	global formData, policyXml, policyLabelXml, formPolicyLabelUpdate
   5.536 +	global formVmAdd
   5.537 +	global formVmNames, allVmDel, allVmDom0
   5.538 +	global allVmChWAdd, allVmChWDel, allVmSteAdd, allVmSteDel
   5.539 +
   5.540 +	if policyXml != '':
   5.541 +		parsePolicyXml( )
   5.542 +
   5.543 +	if policyLabelXml != '':
   5.544 +		parsePolicyLabelXml( )
   5.545 +
   5.546 +	# Allow the updating of the header information whenever
   5.547 +	# an action is performed
   5.548 +	updateInfo( )
   5.549 +
   5.550 +	# Allow the adding of labels if the user has hit the
   5.551 +	# enter key when attempting to add a type/set
   5.552 +	addVm( )
   5.553 +
   5.554 +	for vmName in formVmNames[1]:
   5.555 +		if formData.has_key( allVmDel[vmName][3] ):
   5.556 +			delVm( vmName )
   5.557 +			continue
   5.558 +
   5.559 +		if formData.has_key( allVmDom0[vmName][3] ):
   5.560 +			makeVmDom0( vmName )
   5.561 +
   5.562 +		if formData.has_key( allVmChWAdd[vmName][3] ):
   5.563 +			addVmChW( vmName )
   5.564 +
   5.565 +		elif formData.has_key( allVmChWDel[vmName][3] ):
   5.566 +			delVmChW( vmName )
   5.567 +
   5.568 +		elif formData.has_key( allVmSteAdd[vmName][3] ):
   5.569 +			addVmSte( vmName )
   5.570 +
   5.571 +		elif formData.has_key( allVmSteDel[vmName][3] ):
   5.572 +			delVmSte( vmName )
   5.573 +
   5.574 +def modFormTemplate( formTemplate, suffix ):
   5.575 +	formVar = [x for x in formTemplate]
   5.576 +
   5.577 +	if formVar[2] != '':
   5.578 +		formVar[2] = formVar[2] + suffix
   5.579 +	if formVar[3] != '':
   5.580 +		formVar[3] = formVar[3] + suffix
   5.581 +	if (formVar[0] != 'button') and (formVar[4] != ''):
   5.582 +		formVar[4] = formVar[4] + suffix
   5.583 +
   5.584 +	return formVar;
   5.585 +
   5.586 +def makeName( name, suffix='' ):
   5.587 +	rName = name
   5.588 +	if suffix != '':
   5.589 +		rName = rName + '_' + suffix
   5.590 +
   5.591 +	return rName
   5.592 +
   5.593 +def makeNameAttr( name, suffix='' ):
   5.594 +	return 'name="' + makeName( name, suffix ) + '"'
   5.595 +
   5.596 +def makeValue( value, suffix='' ):
   5.597 +	rValue = value
   5.598 +
   5.599 +	if isinstance( value, list ):
   5.600 +		rValue = '['
   5.601 +		for val in value:
   5.602 +			rValue = rValue + '\'' + val
   5.603 +			if suffix != '':
   5.604 +				rValue = rValue + '_' + suffix
   5.605 +			rValue = rValue + '\','
   5.606 +		rValue = rValue + ']'
   5.607 +
   5.608 +	else:
   5.609 +		if suffix != '':
   5.610 +			rValue = rValue + '_' + suffix
   5.611 +
   5.612 +	return rValue
   5.613 +
   5.614 +def makeValueAttr( value, suffix='' ):
   5.615 +	return 'value="' + makeValue( value, suffix ) + '"'
   5.616 +
   5.617 +def sendHtmlFormVar( formVar, attrs='', rb_select=0 ):
   5.618 +	nameAttr  = ''
   5.619 +	valueAttr = ''
   5.620 +	htmlText  = ''
   5.621 +
   5.622 +	if formVar[0] == 'text':
   5.623 +		if formVar[3] != '':
   5.624 +			nameAttr = makeNameAttr( formVar[3] )
   5.625 +		valueAttr = makeValueAttr( formVar[1] )
   5.626 +
   5.627 +		print '<INPUT type="text"', nameAttr, valueAttr, attrs, '>'
   5.628 +
   5.629 +	elif formVar[0] == 'list':
   5.630 +		if formVar[3] != '':
   5.631 +			nameAttr = makeNameAttr( formVar[3] )
   5.632 +
   5.633 +		print '<SELECT', nameAttr, attrs, '>'
   5.634 +		for option in formVar[1]:
   5.635 +			print '<OPTION>' + option + '</OPTION>'
   5.636 +		print '</SELECT>'
   5.637 +
   5.638 +	elif formVar[0] == 'button':
   5.639 +		if formVar[3] != '':
   5.640 +			nameAttr = makeNameAttr( formVar[3] )
   5.641 +		if formVar[4] != '':
   5.642 +			valueAttr = makeValueAttr( formVar[4] )
   5.643 +
   5.644 +		print '<INPUT type="submit"', nameAttr, valueAttr, attrs, '>'
   5.645 +
   5.646 +	elif formVar[0] == 'radiobutton':
   5.647 +		if formVar[3] != '':
   5.648 +			nameAttr  = makeNameAttr( formVar[3] )
   5.649 +			valueAttr = makeValueAttr( formVar[4][rb_select] )
   5.650 +			htmlText  = formVar[5][rb_select]
   5.651 +			if formVar[4][rb_select] == formVar[1]:
   5.652 +				checked = 'checked'
   5.653 +			else:
   5.654 +				checked = ''
   5.655 +
   5.656 +			print '<INPUT type="radio"', nameAttr, valueAttr, attrs, checked, '>', htmlText
   5.657 +
   5.658 +	elif formVar[0] == 'radiobutton-all':
   5.659 +		if formVar[3] != '':
   5.660 +			nameAttr = makeNameAttr( formVar[3] )
   5.661 +			buttonVals  = formVar[4]
   5.662 +			for i, buttonVal in enumerate( buttonVals ):
   5.663 +				htmlText = ''
   5.664 +				addAttrs = ''
   5.665 +				checked  = ''
   5.666 +
   5.667 +				valueAttr = makeValueAttr( buttonVal )
   5.668 +				if formVar[5] != '':
   5.669 +					htmlText = formVar[5][i]
   5.670 +				if attrs != '':
   5.671 +					addAttrs = attrs[i]
   5.672 +				if buttonVal == formVar[1]:
   5.673 +					checked = 'checked'
   5.674 +
   5.675 +				print '<INPUT type="radio"', nameAttr, valueAttr, addAttrs, checked, '>', htmlText
   5.676 +
   5.677 +	if ( formVar[2] != '' ) and ( rb_select == 0 ):
   5.678 +		nameAttr = makeNameAttr( formVar[2] )
   5.679 +		valueAttr = makeValueAttr( formVar[1] )
   5.680 +		print '<INPUT type="hidden"', nameAttr, valueAttr, '>'
   5.681 +
   5.682 +def sendHtmlHeaders( ):
   5.683 +	# HTML headers
   5.684 +	print 'Content-Type: text/html'
   5.685 +	print
   5.686 +
   5.687 +def sendPolicyLabelHtml( ):
   5.688 +	global xmlError, xmlIncomplete, xmlMessages, formXmlGen
   5.689 +	global formVmNameDom0, formSteTypes, formChWallTypes
   5.690 +
   5.691 +	print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"'
   5.692 +	print '  "http://www.w3.org/TR/html4/loose.dtd">'
   5.693 +
   5.694 +	print '<HTML>'
   5.695 +
   5.696 +	sendHtmlHead( )
   5.697 +
   5.698 +	print '<BODY>'
   5.699 +
   5.700 +	# An input XML file was specified that had errors, output the
   5.701 +	# error information
   5.702 +	if xmlError == 1:
   5.703 +		print '<P>'
   5.704 +		print 'An error has been encountered while processing the input'
   5.705 +		print 'XML file:'
   5.706 +		print '<UL>'
   5.707 +		for msg in xmlMessages:
   5.708 +			print '<LI>'
   5.709 +			print msg
   5.710 +		print '</UL>'
   5.711 +		print '</BODY>'
   5.712 +		print '</HTML>'
   5.713 +		return
   5.714 +
   5.715 +	# When attempting to generate the XML output, all required data was not
   5.716 +	# present, output the error information
   5.717 +	if xmlIncomplete == 1:
   5.718 +		print '<P>'
   5.719 +		print 'An error has been encountered while validating the data'
   5.720 +		print 'required for the output XML file:'
   5.721 +		print '<UL>'
   5.722 +		for msg in xmlMessages:
   5.723 +			print '<LI>'
   5.724 +			print msg
   5.725 +		print '</UL>'
   5.726 +		print '</BODY>'
   5.727 +		print '</HTML>'
   5.728 +		return
   5.729 +
   5.730 +	print '<CENTER>'
   5.731 +	print '<FORM action="' + os.environ['SCRIPT_NAME'] + '" method="post">'
   5.732 +	print '<TABLE class="container">'
   5.733 +	print '  <COLGROUP>'
   5.734 +	print '    <COL width="100%">'
   5.735 +	print '  </COLGROUP>'
   5.736 +
   5.737 +	print '  <TR>'
   5.738 +	print '    <TD>'
   5.739 +	sendHtmlFormVar( formDefaultButton, 'class="hidden"' )
   5.740 +	print '    </TD>'
   5.741 +	print '  </TR>'
   5.742 +	print '  <TR>'
   5.743 +	print '    <TD>'
   5.744 +	sendHtmlFormVar( formXmlGen )
   5.745 +	print '    </TD>'
   5.746 +	print '  </TR>'
   5.747 +
   5.748 +	# Policy Labeling header
   5.749 +	print '  <TR>'
   5.750 +	print '    <TD>'
   5.751 +	sendPLHeaderHtml( )
   5.752 +	print '    </TD>'
   5.753 +	print '  </TR>'
   5.754 +
   5.755 +	# Separator
   5.756 +	print '  <TR>'
   5.757 +	print '    <TD>'
   5.758 +	print '      <HR>'
   5.759 +	print '    </TD>'
   5.760 +	print '  </TR>'
   5.761 +
   5.762 +	# Policy Labels (vms)
   5.763 +	print '  <TR>'
   5.764 +	print '    <TD>'
   5.765 +	print '      <TABLE class="full">'
   5.766 +	print '        <TR>'
   5.767 +	print '          <TD width="100%">'
   5.768 +	sendPLSubHtml( )
   5.769 +	print '          </TD>'
   5.770 +	print '        </TR>'
   5.771 +	print '      </TABLE>'
   5.772 +	print '    </TD>'
   5.773 +	print '  </TR>'
   5.774 +
   5.775 +	print '</TABLE>'
   5.776 +
   5.777 +	# Send some data that needs to be available across sessions
   5.778 +	sendHtmlFormVar( formVmNameDom0 )
   5.779 +	sendHtmlFormVar( formSteTypes )
   5.780 +	sendHtmlFormVar( formChWallTypes )
   5.781 +
   5.782 +	print '</FORM>'
   5.783 +	print '</CENTER>'
   5.784 +
   5.785 +	print '</BODY>'
   5.786 +
   5.787 +	print '</HTML>'
   5.788 +
   5.789 +def sendHtmlHead( ):
   5.790 +	global headTitle
   5.791 +
   5.792 +	print '<HEAD>'
   5.793 +	print '<STYLE type="text/css">'
   5.794 +	print '<!--'
   5.795 +	print 'BODY            {background-color: #EEEEFF;}'
   5.796 +	print 'TABLE.container {width:  90%; border: 1px solid black; border-collapse: seperate;}'
   5.797 +	print 'TABLE.full      {width: 100%; border: 0px solid black; border-collapse: collapse; border-spacing: 3px;}'
   5.798 +	print 'TABLE.fullbox   {width: 100%; border: 0px solid black; border-collapse: collapse; border-spacing: 3px;}'
   5.799 +	print 'THEAD           {font-weight: bold; font-size: larger;}'
   5.800 +	print 'TD              {border: 0px solid black; vertical-align: top;}'
   5.801 +	print 'TD.heading      {border: 0px solid black; vertical-align: top; font-weight: bold; font-size: larger;}'
   5.802 +	print 'TD.subheading   {border: 0px solid black; vertical-align: top; font-size: smaller;}'
   5.803 +	print 'TD.fullbox      {border: 1px solid black; vertical-align: top;}'
   5.804 +	print 'SELECT.full     {width: 100%;}'
   5.805 +	print 'INPUT.full      {width: 100%;}'
   5.806 +	print 'INPUT.link      {cursor: pointer; background-color: #EEEEFF; border: 0px; text-decoration: underline; color: blue;}'
   5.807 +	print 'INPUT.hidden    {visibility: hidden; width: 1px; height: 1px;}'
   5.808 +	print ':link           {color: blue;}'
   5.809 +	print ':visited        {color: red;}'
   5.810 +	print '-->'
   5.811 +	print '</STYLE>'
   5.812 +	print '<TITLE>', headTitle, '</TITLE>'
   5.813 +	print '</HEAD>'
   5.814 +
   5.815 +def sendPLHeaderHtml( ):
   5.816 +	global formPolicyLabelName, formPolicyLabelDate
   5.817 +	global formPolicyUrl, formPolicyRef
   5.818 +	global formPolicyLabelUpdate
   5.819 +
   5.820 +	# Policy Labeling header definition
   5.821 +	print '<TABLE class="full">'
   5.822 +	print '  <COLGROUP>'
   5.823 +	print '    <COL width="20%">'
   5.824 +	print '    <COL width="80%">'
   5.825 +	print '  </COLGROUP>'
   5.826 +	print '  <TR>'
   5.827 +	print '    <TD class="heading" align="center" colspan="2">Policy Labeling Information</TD>'
   5.828 +	print '  </TR>'
   5.829 +	print '  <TR>'
   5.830 +	print '    <TD align="right">Name:</TD>'
   5.831 +	print '    <TD align="left">'
   5.832 +	sendHtmlFormVar( formPolicyLabelName, 'class="full"' )
   5.833 +	print '    </TD>'
   5.834 +	print '  </TR>'
   5.835 +	print '  <TR>'
   5.836 +	print '    <TD align="right">Date:</TD>'
   5.837 +	print '    <TD align="left">'
   5.838 +	sendHtmlFormVar( formPolicyLabelDate, 'class="full"' )
   5.839 +	print '    </TD>'
   5.840 +	print '  </TR>'
   5.841 +	print '  <TR>'
   5.842 +	print '    <TD align="right">Policy URL:</TD>'
   5.843 +	print '    <TD align="left">'
   5.844 +	sendHtmlFormVar( formPolicyUrl, 'class="full"' )
   5.845 +	print '    </TD>'
   5.846 +	print '  </TR>'
   5.847 +	print '  <TR>'
   5.848 +	print '    <TD align="right">Policy Reference:</TD>'
   5.849 +	print '    <TD align="left">'
   5.850 +	sendHtmlFormVar( formPolicyRef, 'class="full"' )
   5.851 +	print '    </TD>'
   5.852 +	print '  </TR>'
   5.853 +	print '  <TR>'
   5.854 +	print '    <TD align="center" colspan="2">'
   5.855 +	sendHtmlFormVar( formPolicyLabelUpdate )
   5.856 +	print '    </TD>'
   5.857 +	print '  </TR>'
   5.858 +	print '  <TR>'
   5.859 +	print '    <TD align="center" colspan="2" class="subheading">'
   5.860 +	print '      (The Policy Labeling Information is updated whenever an action is performed'
   5.861 +	print '       or it can be updated separately using the "Update" button)'
   5.862 +	print '    </TD>'
   5.863 +	print '  </TR>'
   5.864 +	print '</TABLE>'
   5.865 +
   5.866 +def sendPLSubHtml( ):
   5.867 +	global formVmNames, formVmDel, formVmName, formVmAdd
   5.868 +	global allVmDel, allVmDom0
   5.869 +	global allVmChWs, allVmChWDel, allVmChW, allVmChWAdd
   5.870 +	global allVmStes, allVmSteDel, allVmSte, allVmSteAdd
   5.871 +	global formSteTypes, formChWallTypes
   5.872 +
   5.873 +	print '<TABLE class="full">'
   5.874 +	print '  <COLGROUP>'
   5.875 +	print '    <COL width="100%">'
   5.876 +	print '  </COLGROUP>'
   5.877 +
   5.878 +	# Virtual Machines...
   5.879 +	print '  <TR>'
   5.880 +	print '    <TD>'
   5.881 +	print '      <TABLE class="full">'
   5.882 +	print '        <COLGROUP>'
   5.883 +	print '          <COL width="10%">'
   5.884 +	print '          <COL width="40%">'
   5.885 +	print '          <COL width="50%">'
   5.886 +	print '        </COLGROUP>'
   5.887 +	print '        <TR>'
   5.888 +	print '          <TD class="heading" align="center" colspan="3">Virtual Machine Classes</TD>'
   5.889 +	print '        </TR>'
   5.890 +	print '        <TR>'
   5.891 +	print '          <TD colspan="2">'
   5.892 +	sendHtmlFormVar( formVmName, 'class="full"' )
   5.893 +	sendHtmlFormVar( formVmNames )
   5.894 +	print '          </TD>'
   5.895 +	print '          <TD>&nbsp;</TD>'
   5.896 +	print '        </TR>'
   5.897 +	print '        <TR>'
   5.898 +	print '          <TD>'
   5.899 +	sendHtmlFormVar( formVmAdd, 'class="full"' )
   5.900 +	print '          </TD>'
   5.901 +	print '          <TD colspan="2">'
   5.902 +	print '            Create a new VM class with the above name'
   5.903 +	print '          </TD>'
   5.904 +	print '        </TR>'
   5.905 +	print '      </TABLE>'
   5.906 +	print '    </TD>'
   5.907 +	print '  </TR>'
   5.908 +	if len( formVmNames[1] ) > 0:
   5.909 +		print '  <TR>'
   5.910 +		print '    <TD colspan="1">'
   5.911 +		print '      &nbsp;'
   5.912 +		print '    </TD>'
   5.913 +		print '  </TR>'
   5.914 +		print '  <TR>'
   5.915 +		print '    <TD>'
   5.916 +		print '      <TABLE class="fullbox">'
   5.917 +		print '        <COLGROUP>'
   5.918 +		print '          <COL width="10%">'
   5.919 +		print '          <COL width="40%">'
   5.920 +		print '          <COL width="50%">'
   5.921 +		print '        </COLGROUP>'
   5.922 +		print '        <THEAD>'
   5.923 +		print '          <TR>'
   5.924 +		print '            <TD class="fullbox">Dom 0?</TD>'
   5.925 +		print '            <TD class="fullbox">Name</TD>'
   5.926 +		print '            <TD class="fullbox">Actions</TD>'
   5.927 +		print '          </TR>'
   5.928 +		print '        </THEAD>'
   5.929 +		for i, vmName in enumerate( formVmNames[1] ):
   5.930 +			print '        <TR>'
   5.931 +			print '          <TD class="fullbox">'
   5.932 +			if formVmNameDom0[1] == vmName:
   5.933 +				print 'Yes'
   5.934 +			else:
   5.935 +				print '&nbsp;'
   5.936 +			print '          </TD>'
   5.937 +			print '          <TD class="fullbox">' + vmName + '</TD>'
   5.938 +			print '          <TD class="fullbox">'
   5.939 +			print '            <A href="#' + vmName + '">Edit</A>'
   5.940 +			formVar = allVmDel[vmName]
   5.941 +			sendHtmlFormVar( formVar, 'class="link"' )
   5.942 +			formVar = allVmDom0[vmName]
   5.943 +			sendHtmlFormVar( formVar, 'class="link"' )
   5.944 +			print '          </TD>'
   5.945 +			print '        </TR>'
   5.946 +		print '      </TABLE>'
   5.947 +		print '    </TD>'
   5.948 +		print '  </TR>'
   5.949 +		for vmName in formVmNames[1]:
   5.950 +			print '  <TR>'
   5.951 +			print '    <TD>'
   5.952 +			print '      <HR>'
   5.953 +			print '    </TD>'
   5.954 +			print '  </TR>'
   5.955 +			print '  <TR>'
   5.956 +			print '    <TD>'
   5.957 +			print '      <TABLE class="full">'
   5.958 +			print '        <COLGROUP>'
   5.959 +			print '          <COL width="10%">'
   5.960 +			print '          <COL width="39%">'
   5.961 +			print '          <COL width="2%">'
   5.962 +			print '          <COL width="10%">'
   5.963 +			print '          <COL width="39%">'
   5.964 +			print '        </COLGROUP>'
   5.965 +			print '        <TR>'
   5.966 +			print '          <TD colspan="5" align="center" class="heading">'
   5.967 +			print '            <A name="' + vmName + '">Virtual Machine Class: ' + vmName + '</A>'
   5.968 +			print '          </TD>'
   5.969 +			print '        </TR>'
   5.970 +			print '        <TR>'
   5.971 +			print '          <TD colspan="2" align="center">Simple Type Enforcement Types</TD>'
   5.972 +			print '          <TD>&nbsp;</TD>'
   5.973 +			print '          <TD colspan="2" align="center">Chinese Wall Types</TD>'
   5.974 +			print '        </TR>'
   5.975 +			print '        <TR>'
   5.976 +			print '          <TD colspan="2">'
   5.977 +			formVar = allVmStes[vmName];
   5.978 +			sendHtmlFormVar( formVar, 'class="full" size="4" multiple"' )
   5.979 +			print '          </TD>'
   5.980 +			print '          <TD>&nbsp;</TD>'
   5.981 +			print '          <TD colspan="2">'
   5.982 +			formVar = allVmChWs[vmName];
   5.983 +			sendHtmlFormVar( formVar, 'class="full" size="4" multiple"' )
   5.984 +			print '          </TD>'
   5.985 +			print '        </TR>'
   5.986 +			print '        <TR>'
   5.987 +			print '          <TD>'
   5.988 +			formVar = allVmSteDel[vmName];
   5.989 +			sendHtmlFormVar( formVar, 'class="full"' )
   5.990 +			print '          </TD>'
   5.991 +			print '          <TD>'
   5.992 +			print '            Delete the type(s) selected above'
   5.993 +			print '          </TD>'
   5.994 +			print '          <TD>&nbsp;</TD>'
   5.995 +			print '          <TD>'
   5.996 +			formVar = allVmChWDel[vmName];
   5.997 +			sendHtmlFormVar( formVar, 'class="full"' )
   5.998 +			print '          </TD>'
   5.999 +			print '          <TD>'
  5.1000 +			print '            Delete the type(s) selected above'
  5.1001 +			print '          </TD>'
  5.1002 +			print '        </TR>'
  5.1003 +			print '        <TR>'
  5.1004 +			print '          <TD colspan="2">'
  5.1005 +			stSet = Set( formSteTypes[1] )
  5.1006 +			vmSet = Set( allVmStes[vmName][1] )
  5.1007 +			formVar = allVmSte[vmName]
  5.1008 +			formVar[1] = []
  5.1009 +			for steType in stSet.difference( vmSet ):
  5.1010 +				formVar[1].append( steType )
  5.1011 +			formVar[1].sort( )
  5.1012 +			sendHtmlFormVar( formVar, 'class="full" size="2" multiple"' )
  5.1013 +			print '          </TD>'
  5.1014 +			print '          <TD>&nbsp;</TD>'
  5.1015 +			print '          <TD colspan="2">'
  5.1016 +			ctSet = Set( formChWallTypes[1] )
  5.1017 +			vmSet = Set( allVmChWs[vmName][1] )
  5.1018 +			formVar = allVmChW[vmName]
  5.1019 +			formVar[1] = []
  5.1020 +			for chwallType in ctSet.difference( vmSet ):
  5.1021 +				formVar[1].append( chwallType )
  5.1022 +			formVar[1].sort( )
  5.1023 +			sendHtmlFormVar( formVar, 'class="full" size="2" multiple"' )
  5.1024 +			print '          </TD>'
  5.1025 +			print '        </TR>'
  5.1026 +			print '        <TR>'
  5.1027 +			print '          <TD>'
  5.1028 +			formVar = allVmSteAdd[vmName];
  5.1029 +			sendHtmlFormVar( formVar, 'class="full"' )
  5.1030 +			print '          </TD>'
  5.1031 +			print '          <TD>'
  5.1032 +			print '            Add the type(s) selected above'
  5.1033 +			print '          </TD>'
  5.1034 +			print '          <TD>&nbsp;</TD>'
  5.1035 +			print '          <TD>'
  5.1036 +			formVar = allVmChWAdd[vmName];
  5.1037 +			sendHtmlFormVar( formVar, 'class="full"' )
  5.1038 +			print '          </TD>'
  5.1039 +			print '          <TD>'
  5.1040 +			print '            Add the type(s) selected above'
  5.1041 +			print '          </TD>'
  5.1042 +			print '        </TR>'
  5.1043 +			print '      </TABLE>'
  5.1044 +			print '    </TD>'
  5.1045 +			print '  </TR>'
  5.1046 +
  5.1047 +	print '</TABLE>'
  5.1048 +
  5.1049 +def sendPLObjHtml( ):
  5.1050 +
  5.1051 +	# Resources...
  5.1052 +	print '<TABLE class="full">'
  5.1053 +	print '  <COLGROUP>'
  5.1054 +	print '    <COL width="60%">'
  5.1055 +	print '    <COL width="20%">'
  5.1056 +	print '    <COL width="20%">'
  5.1057 +	print '  </COLGROUP>'
  5.1058 +
  5.1059 +	print '  <TR>'
  5.1060 +	print '    <TD align="center" colspan="3" class="heading">Resources</TD>'
  5.1061 +	print '  </TR>'
  5.1062 +	print '  <TR>'
  5.1063 +	print '    <TD colspan="2">'
  5.1064 +	#sendHtmlFormVar( formVmNames, 'class="full" size="4" multiple"' )
  5.1065 +	print '    </TD>'
  5.1066 +	print '    <TD>'
  5.1067 +	#sendHtmlFormVar( formVmDel, 'class="full"' )
  5.1068 +	print '    </TD>'
  5.1069 +	print '  </TR>'
  5.1070 +	print '  <TR>'
  5.1071 +	print '    <TD colspan="2">'
  5.1072 +	#sendHtmlFormVar( formVmName, 'class="full"' )
  5.1073 +	print '    </TD>'
  5.1074 +	print '    <TD>'
  5.1075 +	#sendHtmlFormVar( formVmAdd, 'class="full"' )
  5.1076 +	print '    </TD>'
  5.1077 +	print '  </TR>'
  5.1078 +	print '</TABLE>'
  5.1079 +
  5.1080 +def checkXmlData( ):
  5.1081 +	global xmlIncomplete
  5.1082 +
  5.1083 +	# Validate the Policy Label Header requirements
  5.1084 +	if ( len( formPolicyLabelName[1] ) == 0 ) or \
  5.1085 +	   ( len( formPolicyLabelDate[1] ) == 0 ) or \
  5.1086 +	   ( len( formPolicyUrl[1] ) == 0 ) or \
  5.1087 +	   ( len( formPolicyRef[1] ) == 0 ):
  5.1088 +			msg = ''
  5.1089 +			msg = msg + 'The XML policy label schema requires that the Policy '
  5.1090 +			msg = msg + 'Labeling Information Name, Date, Policy URL and '
  5.1091 +			msg = msg + 'Policy Reference fields all have values.'
  5.1092 +			formatXmlGenError( msg )
  5.1093 +
  5.1094 +def sendXmlHeaders( ):
  5.1095 +	# HTML headers
  5.1096 +	print 'Content-Type: text/xml'
  5.1097 +	print 'Content-Disposition: attachment; filename=security_label_template.xml'
  5.1098 +	print
  5.1099 +
  5.1100 +def sendPolicyLabelXml( ):
  5.1101 +	print '<?xml version="1.0"?>'
  5.1102 +
  5.1103 +	print '<SecurityLabelTemplate xmlns="http://www.ibm.com"'
  5.1104 +	print '                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"'
  5.1105 +	print '                       xsi:schemaLocation="http://www.ibm.com security_policy.xsd">'
  5.1106 +
  5.1107 +	# Policy Labeling header
  5.1108 +	sendPLHeaderXml( )
  5.1109 +
  5.1110 +	# Policy Labels (subjects and objects)
  5.1111 +	sendPLSubXml( )
  5.1112 +	#sendPLObjXml( )
  5.1113 +
  5.1114 +	print '</SecurityLabelTemplate>'
  5.1115 +
  5.1116 +def sendPLHeaderXml( ):
  5.1117 +	global formPolicyLabelName, formPolicyLabelDate
  5.1118 +	global formPolicyUrl, formPolicyRef
  5.1119 +
  5.1120 +	# Policy Labeling header definition
  5.1121 +	print '<LabelHeader>'
  5.1122 +	print '  <Name>' + formPolicyLabelName[1] + '</Name>'
  5.1123 +	print '  <Date>' + formPolicyLabelDate[1] + '</Date>'
  5.1124 +	print '  <PolicyName>'
  5.1125 +	print '    <Url>' + formPolicyUrl[1] + '</Url>'
  5.1126 +	print '    <Reference>' + formPolicyRef[1] + '</Reference>'
  5.1127 +	print '  </PolicyName>'
  5.1128 +	print '</LabelHeader>'
  5.1129 +
  5.1130 +def sendPLSubXml( ):
  5.1131 +	global formVmNames, allVmChWs, allVmStes
  5.1132 +
  5.1133 +	# Virtual machines...
  5.1134 +	if len( formVmNames[1] ) == 0:
  5.1135 +		return
  5.1136 +
  5.1137 +	print '<SubjectLabels bootstrap="' + formVmNameDom0[1] + '">'
  5.1138 +	for vmName in formVmNames[1]:
  5.1139 +		print '  <VirtualMachineLabel>'
  5.1140 +		print '    <Name>' + vmName + '</Name>'
  5.1141 +		formVar = allVmStes[vmName]
  5.1142 +		if len( formVar[1] ) > 0:
  5.1143 +			print '    <SimpleTypeEnforcementTypes>'
  5.1144 +			for ste in formVar[1]:
  5.1145 +				print '      <Type>' + ste + '</Type>'
  5.1146 +			print '    </SimpleTypeEnforcementTypes>'
  5.1147 +
  5.1148 +		formVar = allVmChWs[vmName]
  5.1149 +		if len( formVar[1] ) > 0:
  5.1150 +			print '    <ChineseWallTypes>'
  5.1151 +			for chw in formVar[1]:
  5.1152 +				print '      <Type>' + chw + '</Type>'
  5.1153 +			print '    </ChineseWallTypes>'
  5.1154 +
  5.1155 +		print '  </VirtualMachineLabel>'
  5.1156 +
  5.1157 +	print '</SubjectLabels>'
  5.1158 +
  5.1159 +
  5.1160 +# Set up initial HTML variables
  5.1161 +headTitle = 'Xen Policy Labeling Generation'
  5.1162 +
  5.1163 +# Form variables
  5.1164 +#   The format of these variables is as follows:
  5.1165 +#   [ p0, p1, p2, p3, p4, p5 ]
  5.1166 +#     p0 = input type
  5.1167 +#     p1 = the current value of the variable
  5.1168 +#     p2 = the hidden input name attribute
  5.1169 +#     p3 = the name attribute
  5.1170 +#     p4 = the value attribute
  5.1171 +#     p5 = text to associate with the tag
  5.1172 +formPolicyLabelName   = [ 'text',
  5.1173 +			'',
  5.1174 +			'h_policyLabelName',
  5.1175 +			'i_policyLabelName',
  5.1176 +			'',
  5.1177 +			'',
  5.1178 +			]
  5.1179 +formPolicyLabelDate   = [ 'text',
  5.1180 +			getCurrentTime( ),
  5.1181 +			'h_policyLabelDate',
  5.1182 +			'i_policyLabelDate',
  5.1183 +			'',
  5.1184 +			'',
  5.1185 +			]
  5.1186 +formPolicyUrl         = [ 'text',
  5.1187 +			'',
  5.1188 +			'h_policyUrl',
  5.1189 +			'i_policyUrl',
  5.1190 +			'',
  5.1191 +			'',
  5.1192 +			]
  5.1193 +formPolicyRef         = [ 'text',
  5.1194 +			'',
  5.1195 +			'h_policyRef',
  5.1196 +			'i_policyRef',
  5.1197 +			'',
  5.1198 +			'',
  5.1199 +			]
  5.1200 +formPolicyLabelUpdate = [ 'button',
  5.1201 +			'',
  5.1202 +			'',
  5.1203 +			'i_PolicyLabelUpdate',
  5.1204 +			'Update',
  5.1205 +			'',
  5.1206 +		    ]
  5.1207 +
  5.1208 +formVmNames       = [ '',
  5.1209 +			[],
  5.1210 +			'h_vmNames',
  5.1211 +			'',
  5.1212 +			'',
  5.1213 +			'',
  5.1214 +		    ]
  5.1215 +formVmDel         = [ 'button',
  5.1216 +			'',
  5.1217 +			'',
  5.1218 +			'i_vmDel',
  5.1219 +			'Delete',
  5.1220 +			'',
  5.1221 +		    ]
  5.1222 +formVmName        = [ 'text',
  5.1223 +			'',
  5.1224 +			'',
  5.1225 +			'i_vmName',
  5.1226 +			'',
  5.1227 +			'',
  5.1228 +		    ]
  5.1229 +formVmAdd         = [ 'button',
  5.1230 +			'',
  5.1231 +			'',
  5.1232 +			'i_vmAdd',
  5.1233 +			'New',
  5.1234 +			'',
  5.1235 +		    ]
  5.1236 +
  5.1237 +formVmNameDom0    = [ '',
  5.1238 +			'',
  5.1239 +			'h_vmDom0',
  5.1240 +			'',
  5.1241 +			'',
  5.1242 +			'',
  5.1243 +		    ]
  5.1244 +
  5.1245 +formXmlGen        = [ 'button',
  5.1246 +			'',
  5.1247 +			'',
  5.1248 +			'i_xmlGen',
  5.1249 +			'Generate XML',
  5.1250 +			'',
  5.1251 +		    ]
  5.1252 +
  5.1253 +formDefaultButton = [ 'button',
  5.1254 +			'',
  5.1255 +			'',
  5.1256 +			'i_defaultButton',
  5.1257 +			'.',
  5.1258 +			'',
  5.1259 +		    ]
  5.1260 +
  5.1261 +formSteTypes      = [ '',
  5.1262 +                        [],
  5.1263 +			'h_steTypes',
  5.1264 +			'',
  5.1265 +			'',
  5.1266 +			'',
  5.1267 +		    ]
  5.1268 +formChWallTypes   = [ '',
  5.1269 +                        [],
  5.1270 +			'h_chwallTypes',
  5.1271 +			'',
  5.1272 +			'',
  5.1273 +			'',
  5.1274 +		    ]
  5.1275 +
  5.1276 +# This is a set of templates used for each virtual machine
  5.1277 +#   Each virtual machine is initially assigned these templates,
  5.1278 +#   then each form attribute value is changed to append
  5.1279 +#   "_virtual-machine-name" for uniqueness.
  5.1280 +templateVmDel     = [ 'button',
  5.1281 +			'',
  5.1282 +			'',
  5.1283 +			'i_vmDel',
  5.1284 +			'Delete',
  5.1285 +			'',
  5.1286 +		    ]
  5.1287 +templateVmDom0    = [ 'button',
  5.1288 +			'',
  5.1289 +			'',
  5.1290 +			'i_vmDom0',
  5.1291 +			'SetDom0',
  5.1292 +			'',
  5.1293 +		    ]
  5.1294 +allVmDel          = {};
  5.1295 +allVmDom0         = {};
  5.1296 +
  5.1297 +templateVmChWs    = [ 'list',
  5.1298 +			[],
  5.1299 +			'h_vmChWs',
  5.1300 +			'i_vmChWs',
  5.1301 +			'',
  5.1302 +			'',
  5.1303 +		    ]
  5.1304 +templateVmChWDel  = [ 'button',
  5.1305 +			'',
  5.1306 +			'',
  5.1307 +			'i_vmChWDel',
  5.1308 +			'Delete',
  5.1309 +			'',
  5.1310 +		    ]
  5.1311 +templateVmChW     = [ 'list',
  5.1312 +			[],
  5.1313 +			'',
  5.1314 +			'i_vmChW',
  5.1315 +			'',
  5.1316 +			'',
  5.1317 +		    ]
  5.1318 +templateVmChWAdd  = [ 'button',
  5.1319 +			'',
  5.1320 +			'',
  5.1321 +			'i_vmChWAdd',
  5.1322 +			'Add',
  5.1323 +			'',
  5.1324 +		    ]
  5.1325 +allVmChWs         = {};
  5.1326 +allVmChWDel       = {};
  5.1327 +allVmChW          = {};
  5.1328 +allVmChWAdd       = {};
  5.1329 +
  5.1330 +templateVmStes    = [ 'list',
  5.1331 +			[],
  5.1332 +			'h_vmStes',
  5.1333 +			'i_vmStes',
  5.1334 +			'',
  5.1335 +			'',
  5.1336 +		    ]
  5.1337 +templateVmSteDel  = [ 'button',
  5.1338 +			'',
  5.1339 +			'',
  5.1340 +			'i_vmSteDel',
  5.1341 +			'Delete',
  5.1342 +			'',
  5.1343 +		    ]
  5.1344 +templateVmSte     = [ 'list',
  5.1345 +			[],
  5.1346 +			'',
  5.1347 +			'i_vmSte',
  5.1348 +			'',
  5.1349 +			'',
  5.1350 +		    ]
  5.1351 +templateVmSteAdd  = [ 'button',
  5.1352 +			'',
  5.1353 +			'',
  5.1354 +			'i_vmSteAdd',
  5.1355 +			'Add',
  5.1356 +			'',
  5.1357 +		    ]
  5.1358 +allVmStes         = {};
  5.1359 +allVmSteDel       = {};
  5.1360 +allVmSte          = {};
  5.1361 +allVmSteAdd       = {};
  5.1362 +
  5.1363 +# A list of all form variables used for saving info across requests
  5.1364 +formVariables     = [ formPolicyLabelName,
  5.1365 +			formPolicyLabelDate,
  5.1366 +			formPolicyUrl,
  5.1367 +			formPolicyRef,
  5.1368 +			formVmNames,
  5.1369 +			formVmNameDom0,
  5.1370 +			formSteTypes,
  5.1371 +			formChWallTypes,
  5.1372 +		    ]
  5.1373 +
  5.1374 +policyXml         = ''
  5.1375 +policyLabelXml    = ''
  5.1376 +xmlError          = 0
  5.1377 +xmlIncomplete     = 0
  5.1378 +xmlMessages       = []
  5.1379 +
  5.1380 +
  5.1381 +# Extract any form data
  5.1382 +formData = cgi.FieldStorage( )
  5.1383 +
  5.1384 +# Process the form
  5.1385 +getSavedData( )
  5.1386 +processRequest( )
  5.1387 +
  5.1388 +if formData.has_key( formXmlGen[3] ):
  5.1389 +	# Generate and send the XML file
  5.1390 +	checkXmlData( )
  5.1391 +
  5.1392 +	if xmlIncomplete == 0:
  5.1393 +		sendXmlHeaders( )
  5.1394 +		sendPolicyLabelXml( )
  5.1395 +
  5.1396 +if (not formData.has_key( formXmlGen[3] )) or (xmlIncomplete == 1 ):
  5.1397 +	# Send HTML to continue processing the form
  5.1398 +	sendHtmlHeaders( )
  5.1399 +	sendPolicyLabelHtml( )
     6.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     6.2 +++ b/tools/security/python/xensec_gen/index.html	Tue Dec 13 17:12:59 2005 +0100
     6.3 @@ -0,0 +1,126 @@
     6.4 +<!--
     6.5 + The Initial Developer of the Original Code is International
     6.6 + Business Machines Corporation. Portions created by IBM
     6.7 + Corporation are Copyright (C) 2005 International Business
     6.8 + Machines Corporation. All Rights Reserved.
     6.9 + -->
    6.10 +
    6.11 +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
    6.12 +  "http://www.w3.org/TR/html4/loose.dtd">
    6.13 +<HTML>
    6.14 +  <HEAD>
    6.15 +    <META name="author" content="Tom Lendacky">
    6.16 +    <META name="copyright" content="Copyright (C) 2005 International Business Machines Corporation. All rights reserved">
    6.17 +
    6.18 +    <STYLE type="text/css">
    6.19 +      <!--
    6.20 +      BODY       {background-color: #EEEEFF;}
    6.21 +      TABLE.xen  {width: 100%; border: 0px solid black;}
    6.22 +      TD         {border: 0px solid black;}
    6.23 +      TD.heading {border: 0px solid black; font-weight: bold; font-size: larger;}
    6.24 +      -->
    6.25 +    </STYLE>
    6.26 +    <TITLE>Xen Security Policy Tool</TITLE>
    6.27 +  </HEAD>
    6.28 +
    6.29 +  <BODY>
    6.30 +    <H1>Xen Security Policy Generation Tool</H1>
    6.31 +
    6.32 +    <CENTER>
    6.33 +    <FORM action="/cgi-bin/policy.cgi" method="post" enctype="multipart/form-data">
    6.34 +    <TABLE class="xen">
    6.35 +      <COLGROUP>
    6.36 +        <COL width="25%">
    6.37 +        <COL width="20%">
    6.38 +        <COL width="55%">
    6.39 +      </COLGROUP>
    6.40 +
    6.41 +      <TR>
    6.42 +        <TD valign="top" class="heading">
    6.43 +          Security Policy
    6.44 +        </TD>
    6.45 +        <TD valign="top" colspan="2">
    6.46 +          To generate a new Xen Security Policy leave the
    6.47 +          <B>"Policy File"</B> entry field
    6.48 +          empty and click the "Create" button.<BR>
    6.49 +          To modify an existing Xen Security Policy enter the
    6.50 +          file name containing the policy in the
    6.51 +          <B>"Policy File"</B> entry field
    6.52 +          and click the "Create" button.<HR>
    6.53 +        </TD>
    6.54 +      </TR>
    6.55 +      <TR>
    6.56 +        <TD></TD>
    6.57 +        <TD>
    6.58 +          Policy File:
    6.59 +        </TD>
    6.60 +        <TD>
    6.61 +          <INPUT type="file" size="50" name="i_policy">
    6.62 +        </TD>
    6.63 +      </TR>
    6.64 +      <TR>
    6.65 +        <TD></TD>
    6.66 +        <TD valign="top">
    6.67 +          <INPUT type="submit" name="i_policyCreate" value="Create">
    6.68 +        </TD>
    6.69 +        <TD></TD>
    6.70 +      </TR>
    6.71 +    </TABLE>
    6.72 +    </FORM>
    6.73 +
    6.74 +    <FORM action="/cgi-bin/policylabel.cgi" method="post" enctype="multipart/form-data">
    6.75 +    <TABLE class="xen">
    6.76 +      <COLGROUP>
    6.77 +        <COL width="25%">
    6.78 +        <COL width="20%">
    6.79 +        <COL width="55%">
    6.80 +      </COLGROUP>
    6.81 +
    6.82 +      <TR>
    6.83 +        <TD valign="top" class="heading">
    6.84 +          Security Policy Labeling
    6.85 +        </TD>
    6.86 +        <TD valign="top" colspan="2">
    6.87 +          To generate or edit the Xen Security Policy Labeling you <B>must</B>
    6.88 +          specify the name of
    6.89 +          an existing Xen Security Policy file in the
    6.90 +          <B>"Policy File"</B> entry field.<BR>
    6.91 +          To generate new Xen Security Policy Labeling leave the
    6.92 +          <B>"Policy Labeling File"</B> entry field
    6.93 +          empty and click the "Create" button.<BR>
    6.94 +          To modify existing Xen Security Policy Labeling enter the
    6.95 +          file name containing the labeling in the
    6.96 +          <B>"Policy Labeling File"</B> entry field
    6.97 +          and click the "Create" button.<HR>
    6.98 +        </TD>
    6.99 +      </TR>
   6.100 +      <TR>
   6.101 +        <TD></TD>
   6.102 +        <TD>
   6.103 +          Policy File:
   6.104 +        </TD>
   6.105 +        <TD>
   6.106 +          <INPUT type="file" size="50" name="i_policy">
   6.107 +        </TD>
   6.108 +      </TR>
   6.109 +      <TR>
   6.110 +        <TD></TD>
   6.111 +        <TD>
   6.112 +          Policy Labeling File:
   6.113 +        </TD>
   6.114 +        <TD>
   6.115 +          <INPUT type="file" size="50" name="i_policyLabel">
   6.116 +        </TD>
   6.117 +      </TR>
   6.118 +      <TR>
   6.119 +        <TD></TD>
   6.120 +        <TD valign="top">
   6.121 +          <INPUT type="submit" name="i_policyLabelCreate" value="Create">
   6.122 +        </TD>
   6.123 +        <TD></TD>
   6.124 +      </TR>
   6.125 +    </TABLE>
   6.126 +    </FORM>
   6.127 +  </CENTER>
   6.128 +  </BODY>
   6.129 +</HTML>
     7.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     7.2 +++ b/tools/security/python/xensec_gen/main.py	Tue Dec 13 17:12:59 2005 +0100
     7.3 @@ -0,0 +1,185 @@
     7.4 +#!/usr/bin/python
     7.5 +#
     7.6 +# The Initial Developer of the Original Code is International
     7.7 +# Business Machines Corporation. Portions created by IBM
     7.8 +# Corporation are Copyright (C) 2005 International Business
     7.9 +# Machines Corporation. All Rights Reserved.
    7.10 +#
    7.11 +# This program is free software; you can redistribute it and/or modify
    7.12 +# it under the terms of the GNU General Public License as published by
    7.13 +# the Free Software Foundation; either version 2 of the License,
    7.14 +# or (at your option) any later version.
    7.15 +#
    7.16 +# This program is distributed in the hope that it will be useful,
    7.17 +# but WITHOUT ANY WARRANTY; without even the implied warranty of
    7.18 +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    7.19 +# GNU General Public License for more details.
    7.20 +#
    7.21 +# You should have received a copy of the GNU General Public License
    7.22 +# along with this program; if not, write to the Free Software
    7.23 +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
    7.24 +#
    7.25 +
    7.26 +"""Xen security policy generation aid
    7.27 +"""
    7.28 +
    7.29 +import os
    7.30 +import pwd
    7.31 +import grp
    7.32 +import sys
    7.33 +import getopt
    7.34 +import BaseHTTPServer
    7.35 +import CGIHTTPServer
    7.36 +
    7.37 +
    7.38 +gHttpPort = 7777
    7.39 +gHttpDir  = '/var/lib/xensec_gen'
    7.40 +gLogFile  = '/var/log/xensec_gen.log'
    7.41 +gUser     = 'nobody'
    7.42 +gGroup    = 'nobody'
    7.43 +
    7.44 +def usage( ):
    7.45 +	print >>sys.stderr, 'Usage:  ' + sys.argv[0] + ' [OPTIONS]'
    7.46 +	print >>sys.stderr, '  OPTIONS:'
    7.47 +	print >>sys.stderr, '  -p, --httpport'
    7.48 +	print >>sys.stderr, '     The port on which the http server is to listen'
    7.49 +	print >>sys.stderr, '     (default: ' + str( gHttpPort ) + ')'
    7.50 +	print >>sys.stderr, '  -d, --httpdir'
    7.51 +	print >>sys.stderr, '     The directory where the http server is to serve pages from'
    7.52 +	print >>sys.stderr, '     (default: ' + gHttpDir + ')'
    7.53 +	print >>sys.stderr, '  -l, --logfile'
    7.54 +	print >>sys.stderr, '     The file in which to log messages generated by this command'
    7.55 +	print >>sys.stderr, '     (default: ' + gLogFile + ')'
    7.56 +	print >>sys.stderr, '  -u, --user'
    7.57 +	print >>sys.stderr, '     The user under which this command is to run.  This parameter'
    7.58 +	print >>sys.stderr, '     is only used when invoked under the "root" user'
    7.59 +	print >>sys.stderr, '     (default: ' + gUser + ')'
    7.60 +	print >>sys.stderr, '  -g, --group'
    7.61 +	print >>sys.stderr, '     The group under which this command is to run.  This parameter'
    7.62 +	print >>sys.stderr, '     is only used when invoked under the "root" user'
    7.63 +	print >>sys.stderr, '     (default: ' + gGroup + ')'
    7.64 +	print >>sys.stderr, '  -f'
    7.65 +	print >>sys.stderr, '     Run the command in the foreground.  The logfile option will be'
    7.66 +	print >>sys.stderr, '     ignored and all output will be directed to stdout and stderr.'
    7.67 +	print >>sys.stderr, '  -h, --help'
    7.68 +	print >>sys.stderr, '     Display the command usage information'
    7.69 +
    7.70 +def runServer( aServerPort,
    7.71 +               aServerClass  = BaseHTTPServer.HTTPServer,
    7.72 +               aHandlerClass = CGIHTTPServer.CGIHTTPRequestHandler ):
    7.73 +	serverAddress = ( '', aServerPort )
    7.74 +	httpd = aServerClass( serverAddress, aHandlerClass )
    7.75 +	httpd.serve_forever( )
    7.76 +
    7.77 +def daemonize( aHttpDir, aLogFile, aUser, aGroup, aFork = 'true' ):
    7.78 +	# Do some pre-daemon activities
    7.79 +	os.umask( 027 )
    7.80 +	if os.getuid( ) == 0:
    7.81 +		# If we are running as root, we will change that
    7.82 +		uid = pwd.getpwnam( aUser )[2]
    7.83 +		gid = grp.getgrnam( aGroup )[2]
    7.84 +
    7.85 +		if aFork == 'true':
    7.86 +			# Change the owner of the log file to the user/group
    7.87 +			#   under which the daemon is to run
    7.88 +			flog = open( aLogFile, 'a' )
    7.89 +			flog.close( )
    7.90 +			os.chown( aLogFile, uid, gid )
    7.91 +
    7.92 +		# Change the uid/gid of the process
    7.93 +		os.setgid( gid )
    7.94 +		os.setuid( uid )
    7.95 +
    7.96 +	# Change to the HTTP directory
    7.97 +	os.chdir( aHttpDir )
    7.98 +
    7.99 +	if aFork == 'true':
   7.100 +		# Do first fork
   7.101 +		try:
   7.102 +			pid = os.fork( )
   7.103 +			if pid:
   7.104 +				# Parent process
   7.105 +				return pid
   7.106 +
   7.107 +		except OSError, e:
   7.108 +			raise Exception, e
   7.109 +
   7.110 +		# First child process, create a new session
   7.111 +		os.setsid( )
   7.112 +
   7.113 +		# Do second fork
   7.114 +		try:
   7.115 +			pid = os.fork( )
   7.116 +			if pid:
   7.117 +				# Parent process
   7.118 +				os._exit( 0 )
   7.119 +
   7.120 +		except OSError, e:
   7.121 +			raise Exception, e
   7.122 +
   7.123 +		# Reset stdin/stdout/stderr
   7.124 +		fin  = open( '/dev/null',  'r' )
   7.125 +		flog = open( aLogFile, 'a' )
   7.126 +		os.dup2( fin.fileno( ),  sys.stdin.fileno( ) )
   7.127 +		os.dup2( flog.fileno( ), sys.stdout.fileno( ) )
   7.128 +		os.dup2( flog.fileno( ), sys.stderr.fileno( ) )
   7.129 +
   7.130 +def main( ):
   7.131 +	httpPort = gHttpPort
   7.132 +	httpDir  = gHttpDir
   7.133 +	logFile  = gLogFile
   7.134 +	user     = gUser
   7.135 +	group    = gGroup
   7.136 +	doFork   = 'true'
   7.137 +
   7.138 +	shortOpts = 'd:p:l:u:g:fh'
   7.139 +	longOpts  = [ 'httpdir=', 'httpport=', 'logfile=', 'user=', 'group=', 'help' ]
   7.140 +	try:
   7.141 +		opts, args = getopt.getopt( sys.argv[1:], shortOpts, longOpts )
   7.142 +
   7.143 +	except getopt.GetoptError, e:
   7.144 +		print >>sys.stderr, e
   7.145 +		usage( )
   7.146 +		sys.exit( )
   7.147 +
   7.148 +	if len( args ) != 0:
   7.149 +		print >>sys.stderr, 'Error: command arguments are not supported'
   7.150 +		usage( )
   7.151 +		sys.exit( )
   7.152 +
   7.153 +	for opt, opt_value in opts:
   7.154 +		if opt in ( '-h', '--help' ):
   7.155 +			usage( )
   7.156 +			sys.exit( )
   7.157 +
   7.158 +		if opt in ( '-d', '--httpdir' ):
   7.159 +			httpDir = opt_value
   7.160 +
   7.161 +		if opt in ( '-p', '--httpport' ):
   7.162 +			try:
   7.163 +				httpPort = int( opt_value )
   7.164 +			except:
   7.165 +				print >>sys.stderr, 'Error: HTTP port is not valid'
   7.166 +				usage( )
   7.167 +				sys.exit( )
   7.168 +
   7.169 +		if opt in ( '-l', '--logfile' ):
   7.170 +			logFile = opt_value
   7.171 +
   7.172 +		if opt in ( '-u', '--user' ):
   7.173 +			user = opt_value
   7.174 +
   7.175 +		if opt in ( '-g', '--group' ):
   7.176 +			group = opt_value
   7.177 +
   7.178 +		if opt in ( '-f' ):
   7.179 +			doFork = 'false'
   7.180 +
   7.181 +	pid = daemonize( httpDir, logFile, user, group, doFork )
   7.182 +	if pid > 0:
   7.183 +		sys.exit( )
   7.184 +
   7.185 +	runServer( httpPort )
   7.186 +
   7.187 +if __name__ == '__main__':
   7.188 +	main( )
     8.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     8.2 +++ b/tools/security/xensec_gen.py	Tue Dec 13 17:12:59 2005 +0100
     8.3 @@ -0,0 +1,26 @@
     8.4 +#!/usr/bin/python
     8.5 +#
     8.6 +# This program is free software; you can redistribute it and/or modify
     8.7 +# it under the terms of the GNU General Public License as published by
     8.8 +# the Free Software Foundation; either version 2 of the License,
     8.9 +# or (at your option) any later version.
    8.10 +#
    8.11 +# This program is distributed in the hope that it will be useful,
    8.12 +# but WITHOUT ANY WARRANTY; without even the implied warranty of
    8.13 +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    8.14 +# GNU General Public License for more details.
    8.15 +#
    8.16 +# You should have received a copy of the GNU General Public License
    8.17 +# along with this program; if not, write to the Free Software
    8.18 +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
    8.19 +#
    8.20 +
    8.21 +import sys
    8.22 +
    8.23 +# Add fallback path for non-native python path installs if needed
    8.24 +sys.path.append( '/usr/lib/python' )
    8.25 +sys.path.append( '/usr/lib64/python' )
    8.26 +
    8.27 +from xen.xensec_gen import main
    8.28 +
    8.29 +main.main( )