Tom Lendacky
2005-Dec-12 19:16 UTC
[Xen-devel] [PATCH][ACM] New XML policy generation tool
I am submitting a patch (both in-line and as an attachment) for a new
tool for inclusion in the Xen ACM security tools. This new tool
provides support to aid in the creation/generation of the XML security
policy files for the Xen ACM security architecture. It is a python-
based, web-based tool named xensec_gen that allows users to create or
modify XML policy files through a browser. The resulting XML policy
files can then be copied or moved to the appropriate location in
the /etc/xen/acm-security directory structure in order to be translated
into binary and used within the Xen system.
Signed-off-by: Tom Lendacky <toml@us.ibm.com>
Regards,
Tom
# HG changeset patch
# User toml@tomlt2.austin.ibm.com
# Node ID db5feb4ccc139017454bab0200ebbda988ef033f
# Parent bdcb115c667a12a5514517456639142c1273b0f1
Addition of the xensec_gen tool, a web-based tool to aid in the
creation/generation of security policy files for the Xen ACM
security architecture.
diff -r bdcb115c667a -r db5feb4ccc13 tools/security/Makefile
--- a/tools/security/Makefile Sat Dec 10 23:20:08 2005
+++ b/tools/security/Makefile Mon Dec 12 19:10:23 2005
@@ -35,7 +35,7 @@
SRCS_GETD = get_decision.c
OBJS_GETD := $(patsubst %.c,%.o,$(filter %.c,$(SRCS_GETD)))
-ACM_INST_TOOLS = xensec_tool xensec_xml2bin
+ACM_INST_TOOLS = xensec_tool xensec_xml2bin xensec_gen
ACM_NOINST_TOOLS = get_decision
ACM_OBJS = $(OBJS_TOOL) $(OBJS_XML2BIN) $(OBJS_GETD)
ACM_SCRIPTS = getlabel.sh setlabel.sh updategrub.sh labelfuncs.sh
@@ -43,6 +43,12 @@
ACM_CONFIG_DIR = /etc/xen/acm-security
ACM_POLICY_DIR = $(ACM_CONFIG_DIR)/policies
ACM_SCRIPT_DIR = $(ACM_CONFIG_DIR)/scripts
+
+ACM_INST_HTML = python/xensec_gen/index.html
+ACM_INST_CGI = python/xensec_gen/cgi-bin/policy.cgi \
+ python/xensec_gen/cgi-bin/policylabel.cgi
+ACM_SECGEN_HTMLDIR= /var/lib/xensec_gen
+ACM_SECGEN_CGIDIR = $(ACM_SECGEN_HTMLDIR)/cgi-bin
ACM_SCHEMA = security_policy.xsd
ACM_EXAMPLES = null chwall ste chwall_ste
@@ -65,6 +71,15 @@
done
$(INSTALL_DIR) -p $(DESTDIR)$(ACM_SCRIPT_DIR)
$(INSTALL_PROG) -p $(ACM_SCRIPTS) $(DESTDIR)$(ACM_SCRIPT_DIR)
+ $(INSTALL_DIR) -p $(DESTDIR)$(ACM_SECGEN_HTMLDIR)
+ $(INSTALL_DATA) -p $(ACM_INST_HTML) $(DESTDIR)$(ACM_SECGEN_HTMLDIR)
+ $(INSTALL_DIR) -p $(DESTDIR)$(ACM_SECGEN_CGIDIR)
+ $(INSTALL_PROG) -p $(ACM_INST_CGI) $(DESTDIR)$(ACM_SECGEN_CGIDIR)
+ifndef XEN_PYTHON_NATIVE_INSTALL
+ python python/setup.py install --home="$(DESTDIR)/usr"
+else
+ python python/setup.py install --root="$(DESTDIR)"
+endif
else
all:
@@ -72,22 +87,27 @@
endif
build: mk-symlinks $(ACM_INST_TOOLS) $(ACM_NOINST_TOOLS)
+ python python/setup.py build
chmod 700 $(ACM_SCRIPTS)
xensec_tool: $(OBJS_TOOL)
- $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
xensec_xml2bin: $(OBJS_XML2BIN)
- $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
get_decision: $(OBJS_GETD)
- $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
+
+xensec_gen: xensec_gen.py
+ cp -f $^ $@
clean:
$(RM) $(ACM_INST_TOOLS) $(ACM_NOINST_TOOLS)
$(RM) $(ACM_OBJS)
$(RM) $(PROG_DEPS)
$(RM) -r xen
+ $(RM) -r build
mrproper: clean
diff -r bdcb115c667a -r db5feb4ccc13 tools/security/example.txt
--- a/tools/security/example.txt Sat Dec 10 23:20:08 2005
+++ b/tools/security/example.txt Mon Dec 12 19:10:23 2005
@@ -271,3 +271,112 @@
If you keep to the security policy schema, then you can use all the
tools described above. Refer to install.txt to install it.
+
+You can hand-edit the xml files to create your policy or you can use the
+xensec_gen utility.
+
+
+5. Generating policy files using xensec_gen:
+===========================================+
+The xensec_gen utility starts a web-server that can be used to generate the
+XML policy files needed to create a policy.
+
+By default, xensec_gen runs as a daemon and listens on port 7777 for HTTP
+requests. The xensec_gen command supports command line options to change the
+listen port, run in the foreground, and a few others. Type
''xensec_gen -h''
+to see the full list of options available.
+
+Once the xensec_gen utility is running, point a browser at the host and port
+on which the utility is running (e.g. http://localhost:7777/). You will be
+presented with a web page that allows you to create or modify the XML policy
+files:
+
+ - The Security Policy section allows you to create or modify a policy
+ definition file
+
+ - The Security Policy Labeling section allows you to create or modify a
+ label template definition file
+
+ Security Policy:
+ ----------------
+ The Security Policy section allows you to modify an existing policy
definition
+ file or create a new policy definition file. To modify an existing policy
+ definition, enter the full path to the existing file (the "Browse"
button can
+ be used to aid in this) in the Policy File entry field. To create a new
+ policy definition file leave the Policy File entry field blank. At this
point
+ click the "Create" button to begin modifying or creating your
policy definition.
+
+ You will then be presented with a web page that will allow you to create
either
+ Simple Type Enforcement types or Chinese Wall types or both.
+
+ As an example:
+ - To add a Simple Type Enforcement type:
+ - Enter the name of a new type under the Simple Type Enforcement Types
+ section in the entry field above the "New" button.
+ - Click the "New" button and the type will be added to the list
of defined
+ Simple Type Enforcement types.
+ - To remove a Simple Type Enforcement type:
+ - Click on the type to be removed in the list of defined Simple Type
+ Enforcement types.
+ - Click the "Delete" button to remove the type.
+
+ Follow the same process to add Chinese Wall types. If you define Chinese
Wall
+ types you need to define at least one Chinese Wall Conflict Set. The Chinese
+ Wall Conflict Set will allow you to add Chinese Wall types from the list of
+ defined Chinese Wall types.
+
+ To create your policy definition file, click on the "Generate XML"
button on
+ the top of the page. This will present you with a dialog box to save the
+ generated XML file on your system. The default name will be
security_policy.xml
+ which you should change to follow the policy file naming conventions based on
+ the policy name that you choose to use.
+
+ To get a feel for the tool, you could use one of the example policy
definition
+ files from /etc/xen/acm-security/policies as input.
+
+
+ Security Policy Labeling:
+ -------------------------
+ The Security Policy Labeling section allows you to modify an existing label
+ template definition file or create a new label template definition file. To
+ modify an existing label template definition, enter the full path to the
+ existing file (the "Browse" button can be used to aid in this) in
the Policy
+ Labeling File entry field. Whether creating a new label template definition
+ file or modifying an existing one, you will need to specify the policy
+ definition file that is or will be associated with this label template
+ definition file. At this point click the "Create" button to begin
modifying
+ or creating your label template definition file.
+
+ You will then be presented with a web page that will allow you to create
labels
+ for classes of virtual machines. The input policy definition file will
provide
+ the available types (Simple Type Enforcement and/or Chinese Wall) that can be
+ assigned to a virtual machine class.
+
+ As an example:
+ - To add a Virtual Machine class (the name entered will become the label
+ that will be used to identify the class):
+ - Enter the name of a new class under the Virtual Machine Classes section
+ in the entry field above the "New" button.
+ - Click the "New" button and the class will be added to the
table of defined
+ Virtual Machine classes.
+ - To remove a Virtual Machine class:
+ - Click the "Delete" link associated with the class in the
table of Virtual
+ Machine classes.
+
+ Once you have defined one or more Virtual Machine classes, you will be able
to
+ add any of the defined Simple Type Enforcement types or Chinese Wall types to
a
+ particular Virtual Machine.
+
+ You must also define which Virtual Machine class is to be associated with the
+ bootstrap domain (or Dom0 domain). By default, the first Virtual Machine
class
+ created will be associated as the bootstrap domain.
+
+ To create your label template definition file, click on the "Generate
XML" button
+ on the top of the page. This will present you with a dialog box to save the
+ generated XML file on your system. The default name will be
+ security_label_template.xml which you should change to follow the policy file
+ naming conventions based on the policy name that you choose to use.
+
+ To get a feel for the tool, you could use one of the example policy
definition
+ and label template definition files from /etc/xen/acm-security/policies as
input.
diff -r bdcb115c667a -r db5feb4ccc13 tools/security/python/setup.py
--- /dev/null Sat Dec 10 23:20:08 2005
+++ b/tools/security/python/setup.py Mon Dec 12 19:10:23 2005
@@ -0,0 +1,30 @@
+#!/usr/bin/python
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License,
+# or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+from distutils.core import setup
+import os
+
+# This setup script is invoked from the parent directory, so base
+# everything as if executing from there.
+XEN_ROOT = "../.."
+
+setup(name = ''xensec_gen'',
+ version = ''3.0'',
+ description = ''Xen XML Security Policy Generator'',
+ package_dir = { ''xen'' : ''python''
},
+ packages = [''xen.xensec_gen''],
+ )
diff -r bdcb115c667a -r db5feb4ccc13
tools/security/python/xensec_gen/cgi-bin/policy.cgi
--- /dev/null Sat Dec 10 23:20:08 2005
+++ b/tools/security/python/xensec_gen/cgi-bin/policy.cgi Mon Dec 12 19:10:23
2005
@@ -0,0 +1,1325 @@
+#!/usr/bin/python
+#
+# The Initial Developer of the Original Code is International
+# Business Machines Corporation. Portions created by IBM
+# Corporation are Copyright (C) 2005 International Business
+# Machines Corporation. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License,
+# or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import os
+import cgi
+import cgitb; cgitb.enable( )
+import time
+import xml.dom.minidom
+import xml.sax
+import xml.sax.handler
+from StringIO import StringIO
+from sets import Set
+
+def getSavedData( ):
+ global formData, policyXml, formVariables, formCSNames
+ global templateCSMTypes, templateCSMDel, templateCSMType, templateCSMAdd
+ global allCSMTypes
+
+ # Process the XML upload policy file
+ if formData.has_key( ''i_policy'' ):
+ dataList = formData.getlist( ''i_policy'' )
+ if len( dataList ) > 0:
+ policyXml = dataList[0]
+
+ # Process all the hidden input variables (if present)
+ for formVar in formVariables:
+ if formVar[2] == '''':
+ continue
+
+ if formData.has_key( formVar[2] ):
+ dataList = formData.getlist( formVar[2] )
+ if len( dataList ) > 0:
+ if isinstance( formVar[1], list ):
+ exec ''formVar[1] = '' + dataList[0]
+ else:
+ formVar[1] = dataList[0]
+
+ # The form can contain any number of "Conflict Sets"
+ # so update the list of form variables to include
+ # each conflict set (hidden input variable)
+ for csName in formCSNames[1]:
+ newCS( csName )
+ if formData.has_key( allCSMTypes[csName][2] ):
+ dataList = formData.getlist( allCSMTypes[csName][2] )
+ if len( dataList ) > 0:
+ exec ''allCSMTypes[csName][1] = '' + dataList[0]
+
+def getCurrentTime( ):
+ return time.strftime( ''%Y-%m-%d %H:%M:%S'', time.localtime( )
)
+
+def getName( domNode ):
+ nameNodes = domNode.getElementsByTagName( ''Name'' )
+ if len( nameNodes ) == 0:
+ formatXmlError( ''"<Name>" tag is missing'' )
+ return None
+
+ name = ''''
+ for childNode in nameNodes[0].childNodes:
+ if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+ name = name + childNode.data
+
+ return name
+
+def getDate( domNode ):
+ dateNodes = domNode.getElementsByTagName( ''Date'' )
+ if len( dateNodes ) == 0:
+ formatXmlError( ''"<Date>" tag is missing'' )
+ return None
+
+ date = ''''
+ for childNode in dateNodes[0].childNodes:
+ if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+ date = date + childNode.data
+
+ return date
+
+def getSteTypes( domNode, missingIsError = 0 ):
+ steNodes = domNode.getElementsByTagName(
''SimpleTypeEnforcementTypes'' )
+ if len( steNodes ) == 0:
+ if missingIsError == 1:
+ formatXmlError( ''"<SimpleTypeEnforcementTypes>" tag
is missing'' )
+ return None
+ else:
+ return []
+
+ return getTypes( steNodes[0] )
+
+def getChWTypes( domNode, missingIsError = 0 ):
+ chwNodes = domNode.getElementsByTagName( ''ChineseWallTypes''
)
+ if len( chwNodes ) == 0:
+ if missingIsError == 1:
+ formatXmlError( ''"<ChineseWallTypes>" tag is
missing'' )
+ return None
+ else:
+ return []
+
+ return getTypes( chwNodes[0] )
+
+def getTypes( domNode ):
+ types = []
+
+ domNodes = domNode.getElementsByTagName( ''Type'' )
+ if len( domNodes ) == 0:
+ formatXmlError( ''"<Type>" tag is missing'' )
+ return None
+
+ for domNode in domNodes:
+ typeText = ''''
+ for childNode in domNode.childNodes:
+ if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+ typeText = typeText + childNode.data
+
+ if typeText == '''':
+ formatXmlError( ''No text associated with the
"<Type>" tag'' )
+ return None
+
+ types.append( typeText )
+
+ return types
+
+def formatXmlError( msg, xml = '''', lineNum = -1, colNum = -1
):
+ global xmlMessages, xmlError
+
+ xmlError = 1
+ addMsg = cgi.escape( msg )
+
+ if lineNum != -1:
+ sio = StringIO( xml )
+ for xmlLine in sio:
+ lineNum = lineNum - 1
+ if lineNum == 0:
+ break;
+
+ addMsg += ''<BR><PRE>'' + cgi.escape(
xmlLine.rstrip( ) )
+
+ if colNum != -1:
+ errLine = ''''
+ for i in range( colNum ):
+ errLine = errLine + ''-''
+
+ addMsg += ''\n'' + errLine + ''^''
+
+ addMsg += ''</PRE>''
+
+ xmlMessages.append( addMsg )
+
+def formatXmlGenError( msg ):
+ global xmlMessages, xmlIncomplete
+
+ xmlIncomplete = 1
+ xmlMessages.append( cgi.escape( msg ) )
+
+def parseXml( xmlInput ):
+ global xmlMessages, xmlError, xmlLine, xmlColumn
+
+ xmlParser = xml.sax.make_parser( )
+ try:
+ domDoc = xml.dom.minidom.parseString( xmlInput, xmlParser )
+
+ except xml.sax.SAXParseException, xmlErr:
+ msg = ''''
+ msg = msg + ''XML parsing error occurred at line ''
+ msg = msg + `xmlErr.getLineNumber( )`
+ msg = msg + '', column ''
+ msg = msg + `xmlErr.getColumnNumber( )`
+ msg = msg + '': reason = "''
+ msg = msg + xmlErr.getMessage( )
+ msg = msg + ''"''
+ formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ),
xmlErr.getColumnNumber( ) )
+ return None
+
+ except xml.sax.SAXException, xmlErr:
+ msg = ''''
+ msg = msg + ''XML Parsing error: '' + `xmlErr`
+ formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ),
xmlErr.getColumnNumber( ) )
+ return None
+
+ return domDoc
+
+def parsePolicyXml( ):
+ global policyXml
+ global formPolicyName, formPolicyDate, formPolicyOrder
+ global formSteTypes, formChWallTypes
+ global allCSMTypes
+
+ domDoc = parseXml( policyXml )
+ if domDoc == None:
+ return
+
+ domRoot = domDoc.documentElement
+ domHeaders = domRoot.getElementsByTagName( ''PolicyHeader'' )
+ if len( domHeaders ) == 0:
+ msg = ''''
+ msg = msg + ''"<PolicyHeader>" tag is
missing.\n''
+ msg = msg + ''Please validate the Policy file used.''
+ formatXmlError( msg )
+ return
+
+ pName = getName( domHeaders[0] )
+ if pName == None:
+ msg = ''''
+ msg = msg + ''Error processing the Policy header
information.\n''
+ msg = msg + ''Please validate the Policy file used.''
+ formatXmlError( msg )
+ return
+
+ formPolicyName[1] = pName
+
+ pDate = getDate( domHeaders[0] )
+ if pDate == None:
+ msg = ''''
+ msg = msg + ''Error processing the Policy header
information.\n''
+ msg = msg + ''Please validate the Policy file used.''
+ formatXmlError( msg )
+ return
+
+ formPolicyDate[1] = pDate
+
+ pOrder = ''''
+ domStes = domRoot.getElementsByTagName(
''SimpleTypeEnforcement'' )
+ if len( domStes ) > 0:
+ if domStes[0].hasAttribute( ''priority'' ):
+ if domStes[0].getAttribute( ''priority'' ) !=
''PrimaryPolicyComponent'':
+ msg = ''''
+ msg = msg + ''Error processing the
"<SimpleTypeEnforcement>" tag.\n''
+ msg = msg + ''The "priority" attribute value is not
valid.\n''
+ msg = msg + ''Please validate the Policy file used.''
+ formatXmlError( msg )
+ return
+
+ pOrder = ''v_Ste''
+
+ steTypes = getSteTypes( domStes[0], 1 )
+ if steTypes == None:
+ msg = ''''
+ msg = msg + ''Error processing the SimpleTypeEnforcement
types.\n''
+ msg = msg + ''Please validate the Policy file used.''
+ formatXmlError( msg )
+ return
+
+ formSteTypes[1] = steTypes
+
+ domChWalls = domRoot.getElementsByTagName( ''ChineseWall'' )
+ if len( domChWalls ) > 0:
+ if domChWalls[0].hasAttribute( ''priority'' ):
+ if domChWalls[0].getAttribute( ''priority'' ) !=
''PrimaryPolicyComponent'':
+ msg = ''''
+ msg = msg + ''Error processing the "<ChineseWall>"
tag.\n''
+ msg = msg + ''The "priority" attribute value is not
valid.\n''
+ msg = msg + ''Please validate the Policy file used.''
+ formatXmlError( msg )
+ return
+
+ if pOrder != '''':
+ msg = ''''
+ msg = msg + ''Error processing the "<ChineseWall>"
tag.\n''
+ msg = msg + ''The "priority" attribute has been
previously specified.\n''
+ msg = msg + ''Please validate the Policy file used.''
+ formatXmlError( msg )
+ return
+
+ pOrder = ''v_ChWall''
+
+ chwTypes = getChWTypes( domChWalls[0], 1 )
+ if chwTypes == None:
+ msg = ''''
+ msg = msg + ''Error processing the ChineseWall types.\n''
+ msg = msg + ''Please validate the Policy file used.''
+ formatXmlError( msg )
+ return
+
+ formChWallTypes[1] = chwTypes
+
+ csNodes = domChWalls[0].getElementsByTagName(
''ConflictSets'' )
+ if len( csNodes ) == 0:
+ msg = ''''
+ msg = msg + ''Required "<ConflictSets>" tag
missing.\n''
+ msg = msg + ''Please validate the Policy file used.''
+ formatXmlError( msg )
+ return
+
+ cNodes = csNodes[0].getElementsByTagName( ''Conflict'' )
+ if len( cNodes ) == 0:
+ msg = ''''
+ msg = msg + ''Required "<Conflict>" tag
missing.\n''
+ msg = msg + ''Please validate the Policy file used.''
+ formatXmlError( msg )
+ return
+
+ for cNode in cNodes:
+ csName = cNode.getAttribute( ''name'' )
+ newCS( csName, 1 )
+
+ csMemberList = getTypes( cNode )
+ if csMemberList == None:
+ msg = ''''
+ msg = msg + ''Error processing the Conflict Set
members.\n''
+ msg = msg + ''Please validate the Policy file used.''
+ formatXmlError( msg )
+ return
+
+ # Verify the conflict set members are valid types
+ ctSet = Set( formChWallTypes[1] )
+ csSet = Set( csMemberList )
+ if not csSet.issubset( ctSet ):
+ msg = ''''
+ msg = msg + ''Error processing Conflict Set "'' +
csName + ''".\n''
+ msg = msg + ''Members of the conflict set are not valid ''
+ msg = msg + ''Chinese Wall types.\n''
+ msg = msg + ''Please validate the Policy file used.''
+ formatXmlError( msg )
+
+ allCSMTypes[csName][1] = csMemberList
+
+ if pOrder != '''':
+ formPolicyOrder[1] = pOrder
+ else:
+ if (len( domStes ) > 0) or (len( domChWalls ) > 0):
+ msg = ''''
+ msg = msg + ''The "priority" attribute has not been
specified.\n''
+ msg = msg + ''It must be specified on one of the access control
types.\n''
+ msg = msg + ''Please validate the Policy file used.''
+ formatXmlError( msg )
+ return
+
+def modFormTemplate( formTemplate, suffix ):
+ formVar = [x for x in formTemplate]
+
+ if formVar[2] != '''':
+ formVar[2] = formVar[2] + suffix
+ if formVar[3] != '''':
+ formVar[3] = formVar[3] + suffix
+ if (formVar[0] != ''button'') and (formVar[4] !=
''''):
+ formVar[4] = formVar[4] + suffix
+
+ return formVar;
+
+def removeDups( curList ):
+ newList = []
+ curSet = Set( curList )
+ for x in curSet:
+ newList.append( x )
+ newList.sort( )
+
+ return newList
+
+def newCS( csName, addToList = 0 ):
+ global formCSNames
+ global templateCSDel, allCSDel
+ global templateCSMTypes, templateCSMDel, templateCSMType, templateCSMAdd
+ global allCSMTypes, allCSMDel, allCSMType, allCSMAdd
+
+ csSuffix = ''_'' + csName
+
+ # Make sure we have an actual name and check one of the
''all''
+ # variables to be sure it hasn''t been previously defined
+ if (len( csName ) > 0) and (not allCSMTypes.has_key( csName )):
+ allCSDel[csName] = modFormTemplate( templateCSDel, csSuffix )
+ allCSMTypes[csName] = modFormTemplate( templateCSMTypes, csSuffix )
+ allCSMDel[csName] = modFormTemplate( templateCSMDel, csSuffix )
+ allCSMType[csName] = modFormTemplate( templateCSMType, csSuffix )
+ allCSMAdd[csName] = modFormTemplate( templateCSMAdd, csSuffix )
+ if addToList == 1:
+ formCSNames[1].append( csName )
+ formCSNames[1] = removeDups( formCSNames[1] )
+
+def updateInfo( ):
+ global formData, formPolicyName, formPolicyDate, formPolicyOrder
+
+ if formData.has_key( formPolicyName[3] ):
+ formPolicyName[1] = formData[formPolicyName[3]].value
+ elif formData.has_key( formPolicyUpdate[3] ):
+ formPolicyName[1] = ''''
+
+ if formData.has_key( formPolicyDate[3] ):
+ formPolicyDate[1] = formData[formPolicyDate[3]].value
+ elif formData.has_key( formPolicyUpdate[3] ):
+ formPolicyDate[1] = ''''
+
+ if formData.has_key( formPolicyOrder[3] ):
+ formPolicyOrder[1] = formData[formPolicyOrder[3]].value
+
+def addSteType( ):
+ global formData, formSteType, formSteTypes
+
+ if (formData.has_key( formDefaultButton[3] )) or (formData.has_key(
formSteAdd[3] )):
+ if formData.has_key( formSteType[3] ):
+ type = formData[formSteType[3]].value
+ type = type.strip( )
+ if len( type ) > 0:
+ formSteTypes[1].append( type )
+ formSteTypes[1] = removeDups( formSteTypes[1] )
+
+
+def delSteType( ):
+ global formData, formSteTypes
+
+ if formData.has_key( formSteTypes[3] ):
+ typeList = formData.getlist( formSteTypes[3] )
+ for type in typeList:
+ type = type.strip( )
+ formSteTypes[1].remove( type )
+
+def addChWallType( ):
+ global formData, formChWallType, formChWallTypes
+
+ if (formData.has_key( formDefaultButton[3] )) or (formData.has_key(
formChWallAdd[3] )):
+ if formData.has_key( formChWallType[3] ):
+ type = formData[formChWallType[3]].value
+ type = type.strip( )
+ if len( type ) > 0:
+ formChWallTypes[1].append( type )
+ formChWallTypes[1] = removeDups( formChWallTypes[1] )
+
+def delChWallType( ):
+ global formData, formChWallTypes
+
+ if formData.has_key( formChWallTypes[3] ):
+ typeList = formData.getlist( formChWallTypes[3] )
+ for type in typeList:
+ type = type.strip( )
+ formChWallTypes[1].remove( type )
+
+def addCS( ):
+ global formData, formCSNames
+
+ if (formData.has_key( formDefaultButton[3] )) or (formData.has_key(
formCSAdd[3] )):
+ if formData.has_key( formCSName[3] ):
+ csName = formData[formCSName[3]].value
+ csName = csName.strip( )
+ newCS( csName, 1 )
+
+def delCS( csName ):
+ global formData, formCSNames, allCSDel
+ global allCSMTypes, allCSMDel, allCSMType, allCSMAdd
+
+ csName = csName.strip( )
+ formCSNames[1].remove( csName )
+ del allCSDel[csName]
+ del allCSMTypes[csName]
+ del allCSMDel[csName]
+ del allCSMType[csName]
+ del allCSMAdd[csName]
+
+def addCSMember( csName ):
+ global formData, allCSMType, allCSMTypes
+
+ formVar = allCSMType[csName]
+ if formData.has_key( formVar[3] ):
+ csmList = formData.getlist( formVar[3] )
+ formVar = allCSMTypes[csName]
+ for csm in csmList:
+ csm = csm.strip( )
+ formVar[1].append( csm )
+ formVar[1] = removeDups( formVar[1] )
+
+def delCSMember( csName ):
+ global formData, allCSMTypes
+
+ formVar = allCSMTypes[csName]
+ if formData.has_key( formVar[3] ):
+ csmList = formData.getlist( formVar[3] )
+ for csm in csmList:
+ csm = csm.strip( )
+ formVar[1].remove( csm )
+
+def processRequest( ):
+ global policyXml
+ global formData, formPolicyUpdate
+ global formSteAdd, formSteDel
+ global formChWallAdd, formChWallDel
+ global formCSAdd, allCSDel
+ global formCSNames, allCSMAdd, allCSMDel
+
+ if policyXml != '''':
+ parsePolicyXml( )
+
+ # Allow the updating of the header information whenever
+ # an action is performed
+ updateInfo( )
+
+ # Allow the adding of types/sets if the user has hit the
+ # enter key when attempting to add a type/set
+ addSteType( )
+ addChWallType( )
+ addCS( )
+
+ if formData.has_key( formSteDel[3] ):
+ delSteType( )
+
+ elif formData.has_key( formChWallDel[3] ):
+ delChWallType( )
+
+ else:
+ for csName in formCSNames[1]:
+ if formData.has_key( allCSDel[csName][3] ):
+ delCS( csName )
+ continue
+
+ if formData.has_key( allCSMAdd[csName][3] ):
+ addCSMember( csName )
+
+ elif formData.has_key( allCSMDel[csName][3] ):
+ delCSMember( csName )
+
+def makeName( name, suffix='''' ):
+ rName = name
+ if suffix != '''':
+ rName = rName + ''_'' + suffix
+
+ return rName
+
+def makeNameAttr( name, suffix='''' ):
+ return ''name="'' + makeName( name, suffix ) +
''"''
+
+def makeValue( value, suffix='''' ):
+ rValue = value
+
+ if isinstance( value, list ):
+ rValue = ''[''
+ for val in value:
+ rValue = rValue + ''\'''' + val
+ if suffix != '''':
+ rValue = rValue + ''_'' + suffix
+ rValue = rValue + ''\'',''
+ rValue = rValue + '']''
+
+ else:
+ if suffix != '''':
+ rValue = rValue + ''_'' + suffix
+
+ return rValue
+
+def makeValueAttr( value, suffix='''' ):
+ return ''value="'' + makeValue( value, suffix ) +
''"''
+
+def sendHtmlFormVar( formVar, attrs='''' ):
+ nameAttr = ''''
+ valueAttr = ''''
+ htmlText = ''''
+
+ if formVar[0] == ''text'':
+ if formVar[3] != '''':
+ nameAttr = makeNameAttr( formVar[3] )
+ valueAttr = makeValueAttr( formVar[1] )
+
+ print ''<INPUT type="text"'', nameAttr,
valueAttr, attrs, ''>''
+
+ elif formVar[0] == ''list'':
+ if formVar[3] != '''':
+ nameAttr = makeNameAttr( formVar[3] )
+
+ print ''<SELECT'', nameAttr, attrs,
''>''
+ for option in formVar[1]:
+ print ''<OPTION>'' + option +
''</OPTION>''
+ print ''</SELECT>''
+
+ elif formVar[0] == ''button'':
+ if formVar[3] != '''':
+ nameAttr = makeNameAttr( formVar[3] )
+ if formVar[4] != '''':
+ valueAttr = makeValueAttr( formVar[4] )
+
+ print ''<INPUT type="submit"'', nameAttr,
valueAttr, attrs, ''>''
+
+ elif formVar[0] == ''radiobutton'':
+ if formVar[3] != '''':
+ nameAttr = makeNameAttr( formVar[3] )
+ valueAttr = makeValueAttr( formVar[4][rb_select] )
+ htmlText = formVar[5][rb_select]
+ if formVar[4][rb_select] == formVar[1]:
+ checked = ''checked''
+ else:
+ checked = ''''
+
+ print ''<INPUT type="radio"'', nameAttr,
valueAttr, attrs, checked, ''>'', htmlText
+
+ elif formVar[0] == ''radiobutton-all'':
+ if formVar[3] != '''':
+ nameAttr = makeNameAttr( formVar[3] )
+ buttonVals = formVar[4]
+ buttonTexts = formVar[5]
+ for i, buttonVal in enumerate( buttonVals ):
+ htmlText = ''''
+ addAttrs = ''''
+ checked = ''''
+
+ valueAttr = makeValueAttr( buttonVal )
+ if formVar[5] != '''':
+ htmlText = formVar[5][i]
+ if attrs != '''':
+ addAttrs = attrs[i]
+ if buttonVal == formVar[1]:
+ checked = ''checked''
+
+ print ''<INPUT type="radio"'', nameAttr,
valueAttr, addAttrs, checked, ''>'', htmlText,
''<BR>''
+
+ if formVar[2] != '''':
+ nameAttr = makeNameAttr( formVar[2] )
+ valueAttr = makeValueAttr( formVar[1] )
+ print ''<INPUT type="hidden"'', nameAttr,
valueAttr, ''>''
+
+def sendHtmlHeaders( ):
+ # HTML headers
+ print ''Content-Type: text/html''
+ print
+
+def sendPolicyHtml( ):
+ global xmlError, xmlIncomplete, xmlMessages, formXmlGen
+
+ print ''<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01
Transitional//EN"''
+ print ''
"http://www.w3.org/TR/html4/loose.dtd">''
+
+ print ''<HTML>''
+
+ sendHtmlHead( )
+
+ print ''<BODY>''
+
+ # An input XML file was specified that had errors, output the
+ # error information
+ if xmlError == 1:
+ print ''<P>''
+ print ''An error has been encountered while processing the input
''
+ print ''XML file:''
+ print ''<UL>''
+ for msg in xmlMessages:
+ print ''<LI>''
+ print msg
+ print ''</UL>''
+ print ''</BODY>''
+ print ''</HTML>''
+ return
+
+ # When attempting to generate the XML output, all required data was not
+ # present, output the error information
+ if xmlIncomplete == 1:
+ print ''<P>''
+ print ''An error has been encountered while validating the
data''
+ print ''required for the output XML file:''
+ print ''<UL>''
+ for msg in xmlMessages:
+ print ''<LI>''
+ print msg
+ print ''</UL>''
+ print ''</BODY>''
+ print ''</HTML>''
+ return
+
+ print ''<CENTER>''
+ print ''<FORM action="'' +
os.environ[''SCRIPT_NAME''] + ''"
method="post">''
+ print ''<TABLE class="container">''
+ print '' <COLGROUP>''
+ print '' <COL width="100%">''
+ print '' </COLGROUP>''
+
+ print '' <TR>''
+ print '' <TD>''
+ print '' <TABLE>''
+ print '' <TR>''
+ print '' <TD>''
+ sendHtmlFormVar( formDefaultButton,
''class="hidden"'' )
+ print '' </TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD>''
+ sendHtmlFormVar( formXmlGen )
+ print '' </TD>''
+ print '' </TR>''
+ print '' </TABLE>''
+ print '' </TD>''
+ print '' </TR>''
+
+ # Policy header
+ print '' <TR>''
+ print '' <TD>''
+ sendPHeaderHtml( )
+ print '' </TD>''
+ print '' </TR>''
+
+ # Separator
+ print ''
<TR><TD><HR></TD></TR>''
+
+ # Policy (types)
+ print '' <TR>''
+ print '' <TD>''
+ print '' <TABLE class="full">''
+ print '' <TR>''
+ print '' <TD width="49%">''
+ sendPSteHtml( )
+ print '' </TD>''
+ print '' <TD
width="2%"> </TD>''
+ print '' <TD width="49%">''
+ sendPChWallHtml( )
+ print '' </TD>''
+ print '' </TR>''
+ print '' </TABLE>''
+ print '' </TD>''
+ print '' </TR>''
+
+ print ''</TABLE>''
+ print ''</FORM>''
+ print ''</CENTER>''
+
+ print ''</BODY>''
+
+ print ''</HTML>''
+
+def sendHtmlHead( ):
+ global headTitle
+
+ print ''<HEAD>''
+ print ''<STYLE type="text/css">''
+ print ''<!--''
+ print ''BODY {background-color: #EEEEFF;}''
+ print ''TABLE.container {width: 90%; border: 1px solid black;
border-collapse: seperate;}''
+ print ''TABLE.fullbox {width: 100%; border: 1px solid black;
border-collapse: collapse;}''
+ print ''TABLE.full {width: 100%; border: 0px solid black;
border-collapse: collapse;}''
+ print ''THEAD {font-weight: bold; font-size:
larger;}''
+ print ''TD {border: 0px solid black; vertical-align:
top;}''
+ print ''TD.heading {border: 0px solid black; vertical-align: top;
font-weight: bold; font-size: larger;}''
+ print ''TD.subheading {border: 0px solid black; vertical-align: top;
font-size: smaller;}''
+ print ''TD.fullbox {border: 1px solid black; vertical-align:
top;}''
+ print ''SELECT.full {width: 100%;}''
+ print ''INPUT.full {width: 100%;}''
+ print ''INPUT.link {cursor: pointer; background-color: #EEEEFF;
border: 0px; text-decoration: underline; color: blue;}''
+ print ''INPUT.hidden {visibility: hidden; width: 1px; height:
1px;}''
+ print '':link {color: blue;}''
+ print '':visited {color: red;}''
+ print ''-->''
+ print ''</STYLE>''
+ print ''<TITLE>'', headTitle,
''</TITLE>''
+ print ''</HEAD>''
+
+def sendPHeaderHtml( ):
+ global formPolicyName, formPolicyDate, formPolicyOrder, formPolicyUpdate
+
+ # Policy header definition
+ print ''<TABLE class="full">''
+ print '' <COLGROUP>''
+ print '' <COL width="20%">''
+ print '' <COL width="80%">''
+ print '' </COLGROUP>''
+ print '' <TR>''
+ print '' <TD align="center" colspan="2"
class="heading">Policy Information</TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD
align="right">Name:</TD>''
+ print '' <TD align="left">''
+ sendHtmlFormVar( formPolicyName, ''class="full"'' )
+ print '' </TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD
align="right">Date:</TD>''
+ print '' <TD align="left">''
+ sendHtmlFormVar( formPolicyDate, ''class="full"'' )
+ print '' </TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD align="right">Primary
Policy:</TD>''
+ print '' <TD align="left">''
+ sendHtmlFormVar( formPolicyOrder )
+ print '' </TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD align="center"
colspan="2">''
+ sendHtmlFormVar( formPolicyUpdate )
+ print '' </TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD align="center" colspan="2"
class="subheading">''
+ print '' (The Policy Information is updated whenever an action is
performed''
+ print '' or it can be updated separately using the
"Update" button)''
+ print '' </TD>''
+ print '' </TR>''
+ print ''</TABLE>''
+
+def sendPSteHtml( ):
+ global formSteTypes, formSteDel, formSteType, formSteAdd
+
+ # Simple Type Enforcement...
+ print ''<TABLE class="full">''
+ print '' <COLGROUP>''
+ print '' <COL width="20%">''
+ print '' <COL width="80%">''
+ print '' </COLGROUP>''
+ print '' <TR>''
+ print '' <TD align="center" colspan="2"
class="heading">Simple Type Enforcement Types</TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD colspan="2">''
+ sendHtmlFormVar( formSteTypes, ''class="full"
size="4" multiple'' )
+ print '' </TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD>''
+ sendHtmlFormVar( formSteDel, ''class="full"'' )
+ print '' </TD>''
+ print '' <TD>''
+ print '' Delete the type(s) selected above''
+ print '' </TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD colspan="2">''
+ sendHtmlFormVar( formSteType, ''class="full"'' )
+ print '' </TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD>''
+ sendHtmlFormVar( formSteAdd, ''class="full"'' )
+ print '' </TD>''
+ print '' <TD>''
+ print '' Create a new type with the above name''
+ print '' </TD>''
+ print '' </TR>''
+ print ''</TABLE>''
+
+def sendPChWallHtml( ):
+ global formChWallTypes, formChWallDel, formChWallType, formChWallAdd
+ global formCSNames, formCSName, formCSAdd, allCSDel
+ global allCSMTypes, allCSMDel, allCSMType, allCSMAdd
+
+ # Chinese Wall...
+ print ''<TABLE class="full">''
+ print '' <COLGROUP>''
+ print '' <COL width="20%">''
+ print '' <COL width="80%">''
+ print '' </COLGROUP>''
+ print '' <TR>''
+ print '' <TD align="center" colspan="2"
class="heading">Chinese Wall Types</TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD colspan="2">''
+ sendHtmlFormVar( formChWallTypes, ''class="full"
size="4" multiple'' )
+ print '' </TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD>''
+ sendHtmlFormVar( formChWallDel, ''class="full"'' )
+ print '' </TD>''
+ print '' <TD>''
+ print '' Delete the type(s) selected above''
+ print '' </TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD colspan="2">''
+ sendHtmlFormVar( formChWallType, ''class="full"'' )
+ print '' </TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD>''
+ sendHtmlFormVar( formChWallAdd, ''class="full"'' )
+ print '' </TD>''
+ print '' <TD>''
+ print '' Create a new type with the above name''
+ print '' </TD>''
+ print '' </TR>''
+
+ # Chinese Wall Conflict Sets...
+ print '' <TR>''
+ print '' <TD colspan="2">''
+ print '' <TABLE class="full">''
+ print '' <COLGROUP>''
+ print '' <COL width="20%">''
+ print '' <COL width="30%">''
+ print '' <COL width="50%">''
+ print '' </COLGROUP>''
+ print '' <THEAD>''
+ print '' <TR>''
+ print '' <TD align="center"
colspan="3"><HR></TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD align="center"
colspan="3">Chinese Wall Conflict Sets</TD>''
+ print '' </TR>''
+ print '' </THEAD>''
+ print '' <TR>''
+ print '' <TD colspan="3">''
+ sendHtmlFormVar( formCSName, ''class="full"'' )
+ sendHtmlFormVar( formCSNames )
+ print '' </TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD>''
+ sendHtmlFormVar( formCSAdd, ''class="full"'' )
+ print '' </TD>''
+ print '' <TD colspan="2">''
+ print '' Create a new conflict set with the above
name''
+ print '' </TD>''
+ print '' </TR>''
+ print '' </TABLE>''
+ print '' </TD>''
+ print '' </TR>''
+ if len( formCSNames[1] ) > 0:
+ print '' <TR>''
+ print '' <TD colspan="2">''
+ print '' ''
+ print '' </TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD colspan="2">''
+ print '' <TABLE class="fullbox">''
+ print '' <COLGROUP>''
+ print '' <COL width="50%">''
+ print '' <COL width="50%">''
+ print '' </COLGROUP>''
+ print '' <THEAD>''
+ print '' <TR>''
+ print '' <TD
class="fullbox">Name</TD>''
+ print '' <TD
class="fullbox">Actions</TD>''
+ print '' </TR>''
+ print '' </THEAD>''
+ for i, csName in enumerate( formCSNames[1] ):
+ print '' <TR>''
+ print '' <TD class="fullbox">'' +
csName + ''</TD>''
+ print '' <TD class="fullbox">''
+ print '' <A href="#'' + csName +
''">Edit</A>''
+ formVar = allCSDel[csName]
+ sendHtmlFormVar( formVar, ''class="link"'' )
+ print '' </TD>''
+ print '' </TABLE>''
+ print '' </TD>''
+ print '' </TR>''
+ for csName in formCSNames[1]:
+ print '' <TR><TD
colspan="2"><HR></TD></TR>''
+ print '' <TR>''
+ print '' <TD align="center" colspan="2"
class="heading"><A name="'' + csName +
''">Conflict Set: '' + csName +
''</A></TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD colspan="2">''
+ formVar = allCSMTypes[csName];
+ sendHtmlFormVar( formVar, ''class="full"
size="4" multiple"'' )
+ print '' </TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD>''
+ formVar = allCSMDel[csName]
+ sendHtmlFormVar( formVar, ''class="full"'' )
+ print '' </TD>''
+ print '' <TD>''
+ print '' Delete the type(s) selected above''
+ print '' </TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD colspan="2">''
+ ctSet = Set( formChWallTypes[1] )
+ csSet = Set( allCSMTypes[csName][1] )
+ formVar = allCSMType[csName]
+ formVar[1] = []
+ for chwallType in ctSet.difference( csSet ):
+ formVar[1].append( chwallType )
+ formVar[1].sort( )
+ sendHtmlFormVar( formVar, ''class="full"
size="2" multiple'' )
+ print '' </TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD>''
+ formVar = allCSMAdd[csName]
+ sendHtmlFormVar( formVar, ''class="full"'' )
+ print '' </TD>''
+ print '' <TD>''
+ print '' Add the type(s) selected above''
+ print '' </TD>''
+ print '' </TR>''
+
+ print ''</TABLE>''
+
+def checkXmlData( ):
+ global xmlIncomplete
+
+ # Validate the Policy Header requirements
+ if ( len( formPolicyName[1] ) > 0 ) or ( len( formPolicyDate[1] ) > 0 ):
+ if ( len( formPolicyName[1] ) == 0 ) or ( len( formPolicyDate[1] ) == 0 ):
+ msg = ''''
+ msg = msg + ''The XML policy schema requires that the Policy
''
+ msg = msg + ''Information Name and Date fields both have values
''
+ msg = msg + ''or both not have values.''
+ formatXmlGenError( msg )
+
+ if formPolicyOrder[1] == ''v_ChWall'':
+ if len( formChWallTypes[1] ) == 0:
+ msg = ''''
+ msg = msg + ''You have specified the primary policy to be ''
+ msg = msg + ''Chinese Wall but have not created any Chinese
''
+ msg = msg + ''Wall types. Please create some Chinese Wall
''
+ msg = msg + ''types or change the primary policy.''
+ formatXmlGenError( msg )
+
+ if formPolicyOrder[1] == ''v_Ste'':
+ if len( formSteTypes[1] ) == 0:
+ msg = ''''
+ msg = msg + ''You have specified the primary policy to be ''
+ msg = msg + ''Simple Type Enforcement but have not created
''
+ msg = msg + ''any Simple Type Enforcement types. Please create
''
+ msg = msg + ''some Simple Type Enforcement types or change the
''
+ msg = msg + ''primary policy.''
+ formatXmlGenError( msg )
+
+ # Validate the Chinese Wall required data
+ if len( formChWallTypes[1] ) > 0:
+ if len( formCSNames[1] ) == 0:
+ msg = ''''
+ msg = msg + ''The XML policy schema for the Chinese Wall ''
+ msg = msg + ''requires at least one Conflict Set be
defined.''
+ formatXmlGenError( msg )
+
+def sendXmlHeaders( ):
+ # HTML headers
+ print ''Content-Type: text/xml''
+ print ''Content-Disposition: attachment;
filename=security_policy.xml''
+ print
+
+def sendPolicyXml( ):
+ print ''<?xml version="1.0"?>''
+
+ print ''<SecurityPolicyDefinition
xmlns="http://www.ibm.com"''
+ print ''
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"''
+ print ''
xsi:schemaLocation="http://www.ibm.com
security_policy.xsd">''
+
+ # Policy header
+ sendPHeaderXml( )
+
+ # Policy (types)
+ sendPSteXml( )
+ sendPChWallXml( )
+
+ print ''</SecurityPolicyDefinition>''
+
+def sendPHeaderXml( ):
+ global formPolicyName, formPolicyDate
+
+ # Policy header definition
+ if ( len( formPolicyName[1] ) > 0 ) or ( len( formPolicyDate[1] ) > 0 ):
+ print ''<PolicyHeader>''
+ print '' <Name>'' + formPolicyName[1] +
''</Name>''
+ print '' <Date>'' + formPolicyDate[1] +
''</Date>''
+ print ''</PolicyHeader>''
+
+def sendPSteXml( ):
+ global formPolicyOrder, formSteTypes
+
+ # Simple Type Enforcement...
+ if len( formSteTypes[1] ) == 0:
+ return
+
+ if formPolicyOrder[1] == ''v_Ste'':
+ print ''<SimpleTypeEnforcement
priority="PrimaryPolicyComponent">''
+ else:
+ print ''<SimpleTypeEnforcement>''
+
+ print '' <SimpleTypeEnforcementTypes>''
+ for steType in formSteTypes[1]:
+ print '' <Type>'' + steType +
''</Type>''
+ print '' </SimpleTypeEnforcementTypes>''
+
+ print ''</SimpleTypeEnforcement>''
+
+def sendPChWallXml( ):
+ global formPolicyOrder, formChWallTypes
+ global formCSNames, allCSMTypes
+
+ # Chinese Wall...
+ if len( formChWallTypes[1] ) == 0:
+ return
+
+ if formPolicyOrder[1] == ''v_ChWall'':
+ print ''<ChineseWall
priority="PrimaryPolicyComponent">''
+ else:
+ print ''<ChineseWall>''
+
+ print '' <ChineseWallTypes>''
+ for chWallType in formChWallTypes[1]:
+ print '' <Type>'' + chWallType +
''</Type>''
+ print '' </ChineseWallTypes>''
+
+ # Chinese Wall Conflict Sets...
+ print '' <ConflictSets>''
+ for cs in formCSNames[1]:
+ formVar = allCSMTypes[cs]
+ if len( formVar[1] ) == 0:
+ continue
+ print '' <Conflict name="'' + cs +
''">''
+ for csm in formVar[1]:
+ print '' <Type>'' + csm +
''</Type>''
+ print '' </Conflict>''
+ print '' </ConflictSets>''
+
+ print ''</ChineseWall>''
+
+
+# Set up initial HTML variables
+headTitle = ''Xen Policy Generation''
+
+# Form variables
+# The format of these variables is as follows:
+# [ p0, p1, p2, p3, p4, p5 ]
+# p0 = input type
+# p1 = the current value of the variable
+# p2 = the hidden input name attribute
+# p3 = the name attribute
+# p4 = the value attribute
+# p5 = text to associate with the tag
+formPolicyName = [ ''text'',
+ '''',
+ ''h_policyName'',
+ ''i_policyName'',
+ '''',
+ '''',
+ ]
+formPolicyDate = [ ''text'',
+ getCurrentTime( ),
+ ''h_policyDate'',
+ ''i_policyDate'',
+ '''',
+ '''',
+ ]
+formPolicyOrder = [ ''radiobutton-all'',
+ ''v_ChWall'',
+ ''h_policyOrder'',
+ ''i_policyOrder'',
+ [ ''v_Ste'', ''v_ChWall'' ],
+ [ ''Simple Type Enforcement'', ''Chinese
Wall'' ],
+ ]
+formPolicyUpdate = [ ''button'',
+ '''',
+ '''',
+ ''i_PolicyUpdate'',
+ ''Update'',
+ '''',
+ ]
+
+formSteTypes = [ ''list'',
+ [],
+ ''h_steTypes'',
+ ''i_steTypes'',
+ '''',
+ '''',
+ ]
+formSteDel = [ ''button'',
+ '''',
+ '''',
+ ''i_steDel'',
+ ''Delete'',
+ '''',
+ ]
+formSteType = [ ''text'',
+ '''',
+ '''',
+ ''i_steType'',
+ '''',
+ '''',
+ ]
+formSteAdd = [ ''button'',
+ '''',
+ '''',
+ ''i_steAdd'',
+ ''New'',
+ '''',
+ ]
+
+formChWallTypes = [ ''list'',
+ [],
+ ''h_chwallTypes'',
+ ''i_chwallTypes'',
+ '''',
+ '''',
+ ]
+formChWallDel = [ ''button'',
+ '''',
+ '''',
+ ''i_chwallDel'',
+ ''Delete'',
+ '''',
+ ]
+formChWallType = [ ''text'',
+ '''',
+ '''',
+ ''i_chwallType'',
+ '''',
+ '''',
+ ]
+formChWallAdd = [ ''button'',
+ '''',
+ '''',
+ ''i_chwallAdd'',
+ ''New'',
+ '''',
+ ]
+
+formCSNames = [ '''',
+ [],
+ ''h_csNames'',
+ '''',
+ '''',
+ '''',
+ ]
+formCSName = [ ''text'',
+ '''',
+ '''',
+ ''i_csName'',
+ '''',
+ '''',
+ ]
+formCSAdd = [ ''button'',
+ '''',
+ '''',
+ ''i_csAdd'',
+ ''New'',
+ '''',
+ ]
+
+formXmlGen = [ ''button'',
+ '''',
+ '''',
+ ''i_xmlGen'',
+ ''Generate XML'',
+ '''',
+ ]
+
+formDefaultButton = [ ''button'',
+ '''',
+ '''',
+ ''i_defaultButton'',
+ ''.'',
+ '''',
+ ]
+
+# This is a set of templates used for each conflict set
+# Each conflict set is initially assigned these templates,
+# then each form attribute value is changed to append
+# "_conflict-set-name" for uniqueness
+templateCSDel = [ ''button'',
+ '''',
+ '''',
+ ''i_csDel'',
+ ''Delete'',
+ '''',
+ ]
+allCSDel = {};
+
+templateCSMTypes = [ ''list'',
+ [],
+ ''h_csmTypes'',
+ ''i_csmTypes'',
+ '''',
+ '''',
+ ]
+templateCSMDel = [ ''button'',
+ '''',
+ '''',
+ ''i_csmDel'',
+ ''Delete'',
+ '''',
+ ]
+templateCSMType = [ ''list'',
+ [],
+ '''',
+ ''i_csmType'',
+ '''',
+ '''',
+ ]
+templateCSMAdd = [ ''button'',
+ '''',
+ '''',
+ ''i_csmAdd'',
+ ''Add'',
+ '''',
+ ]
+allCSMTypes = {};
+allCSMDel = {};
+allCSMType = {};
+allCSMAdd = {};
+
+# A list of all form variables used for saving info across requests
+formVariables = [ formPolicyName,
+ formPolicyDate,
+ formPolicyOrder,
+ formSteTypes,
+ formChWallTypes,
+ formCSNames,
+ ]
+
+policyXml = ''''
+xmlError = 0
+xmlIncomplete = 0
+xmlMessages = []
+
+
+# Extract any form data
+formData = cgi.FieldStorage( )
+
+# Process the form
+getSavedData( )
+processRequest( )
+
+if formData.has_key( formXmlGen[3] ):
+ # Generate and send the XML file
+ checkXmlData( )
+
+ if xmlIncomplete == 0:
+ sendXmlHeaders( )
+ sendPolicyXml( )
+
+if (not formData.has_key( formXmlGen[3] )) or (xmlIncomplete == 1 ):
+ # Send HTML to continue processing the form
+ sendHtmlHeaders( )
+ sendPolicyHtml( )
diff -r bdcb115c667a -r db5feb4ccc13
tools/security/python/xensec_gen/cgi-bin/policylabel.cgi
--- /dev/null Sat Dec 10 23:20:08 2005
+++ b/tools/security/python/xensec_gen/cgi-bin/policylabel.cgi Mon Dec 12
19:10:23 2005
@@ -0,0 +1,1396 @@
+#!/usr/bin/python
+#
+# The Initial Developer of the Original Code is International
+# Business Machines Corporation. Portions created by IBM
+# Corporation are Copyright (C) 2005 International Business
+# Machines Corporation. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License,
+# or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import os
+import cgi
+import cgitb; cgitb.enable( )
+import time
+import xml.dom.minidom
+import xml.sax
+import xml.sax.handler
+from StringIO import StringIO
+from sets import Set
+
+def getSavedData( ):
+ global formData, policyXml, policyLabelXml
+ global formVariables, formVmNames
+ global allVmChWs, allVmStes
+
+ # Process the XML upload policy file
+ if formData.has_key( ''i_policy'' ):
+ dataList = formData.getlist( ''i_policy'' )
+ if len( dataList ) > 0:
+ policyXml = dataList[0].strip( )
+
+ # The XML upload policy file must be specified at the start
+ if formData.has_key( ''i_policyLabelCreate'' ):
+ if policyXml == '''':
+ msg = ''''
+ msg = msg + ''A Policy file was not supplied. A Policy file
''
+ msg = msg + ''must be supplied in order to successfully create
''
+ msg = msg + ''a Policy Labeling file.''
+ formatXmlError( msg )
+
+ # Process the XML upload policy label file
+ if formData.has_key( ''i_policyLabel'' ):
+ dataList = formData.getlist( ''i_policyLabel'' )
+ if len( dataList ) > 0:
+ policyLabelXml = dataList[0].strip( )
+
+ # Process all the hidden input variables (if present)
+ for formVar in formVariables:
+ if formVar[2] == '''':
+ continue
+
+ if formData.has_key( formVar[2] ):
+ dataList = formData.getlist( formVar[2] )
+ if len( dataList ) > 0:
+ if isinstance( formVar[1], list ):
+ exec ''formVar[1] = '' + dataList[0]
+ else:
+ formVar[1] = dataList[0]
+
+ # The form can contain any number of "Virtual Machines"
+ # so update the list of form variables to include
+ # each virtual machine (hidden input variable)
+ for vmName in formVmNames[1]:
+ newVm( vmName )
+
+ vmFormVar = allVmChWs[vmName]
+ if (vmFormVar[2] != '''') and formData.has_key( vmFormVar[2]
):
+ dataList = formData.getlist( vmFormVar[2] )
+ if len( dataList ) > 0:
+ if isinstance( vmFormVar[1], list ):
+ exec ''vmFormVar[1] = '' + dataList[0]
+ else:
+ vmFormVar[1] = dataList[0]
+
+ vmFormVar = allVmStes[vmName]
+ if (vmFormVar[2] != '''') and formData.has_key( vmFormVar[2]
):
+ dataList = formData.getlist( vmFormVar[2] )
+ if len( dataList ) > 0:
+ if isinstance( vmFormVar[1], list ):
+ exec ''vmFormVar[1] = '' + dataList[0]
+ else:
+ vmFormVar[1] = dataList[0]
+
+def getCurrentTime( ):
+ return time.strftime( ''%Y-%m-%d %H:%M:%S'', time.localtime( )
)
+
+def getName( domNode ):
+ nameNodes = domNode.getElementsByTagName( ''Name'' )
+ if len( nameNodes ) == 0:
+ formatXmlError( ''"<Name>" tag is missing'' )
+ return None
+
+ name = ''''
+ for childNode in nameNodes[0].childNodes:
+ if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+ name = name + childNode.data
+
+ return name
+
+def getDate( domNode ):
+ dateNodes = domNode.getElementsByTagName( ''Date'' )
+ if len( dateNodes ) == 0:
+ formatXmlError( ''"<Date>" tag is missing'' )
+ return None
+
+ date = ''''
+ for childNode in dateNodes[0].childNodes:
+ if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+ date = date + childNode.data
+
+ return date
+
+def getDefUrl( domNode ):
+ domNodes = domNode.getElementsByTagName( ''PolicyName'' )
+ if len( domNodes ) == 0:
+ formatXmlError( ''"<PolicyName>" tag is
missing'' )
+ return None
+
+ urlNodes = domNode.getElementsByTagName( ''Url'' )
+ if len( urlNodes ) == 0:
+ formatXmlError( ''"<Url>" tag is missing'' )
+ return None
+
+ url = ''''
+ for childNode in urlNodes[0].childNodes:
+ if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+ url = url + childNode.data
+
+ return url
+
+def getDefRef( domNode ):
+ domNodes = domNode.getElementsByTagName( ''PolicyName'' )
+ if len( domNodes ) == 0:
+ formatXmlError( ''"<PolicyName>" tag is
missing'' )
+ return None
+
+ refNodes = domNode.getElementsByTagName( ''Reference'' )
+ if len( refNodes ) == 0:
+ formatXmlError( ''"<Reference>" tag is
missing'' )
+ return None
+
+ ref = ''''
+ for childNode in refNodes[0].childNodes:
+ if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+ ref = ref + childNode.data
+
+ return ref
+
+def getSteTypes( domNode, missingIsError = 0 ):
+ steNodes = domNode.getElementsByTagName(
''SimpleTypeEnforcementTypes'' )
+ if len( steNodes ) == 0:
+ if missingIsError == 1:
+ formatXmlError( ''"<SimpleTypeEnforcementTypes>" tag
is missing'' )
+ return None
+ else:
+ return []
+
+ return getTypes( steNodes[0] )
+
+def getChWTypes( domNode, missingIsError = 0 ):
+ chwNodes = domNode.getElementsByTagName( ''ChineseWallTypes''
)
+ if len( chwNodes ) == 0:
+ if missingIsError == 1:
+ formatXmlError( ''"<ChineseWallTypes>" tag is
missing'' )
+ return None
+ else:
+ return []
+
+ return getTypes( chwNodes[0] )
+
+def getTypes( domNode ):
+ types = []
+
+ domNodes = domNode.getElementsByTagName( ''Type'' )
+ if len( domNodes ) == 0:
+ formatXmlError( ''"<Type>" tag is missing'' )
+ return None
+
+ for domNode in domNodes:
+ typeText = ''''
+ for childNode in domNode.childNodes:
+ if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+ typeText = typeText + childNode.data
+
+ if typeText == '''':
+ formatXmlError( ''No text associated with the
"<Type>" tag'' )
+ return None
+
+ types.append( typeText )
+
+ return types
+
+def formatXmlError( msg, xml = '''', lineNum = -1, colNum = -1
):
+ global xmlMessages, xmlError
+
+ xmlError = 1
+ addMsg = cgi.escape( msg )
+
+ if lineNum != -1:
+ sio = StringIO( xml )
+ for xmlLine in sio:
+ lineNum = lineNum - 1
+ if lineNum == 0:
+ break;
+
+ addMsg += ''<BR><PRE>'' + cgi.escape(
xmlLine.rstrip( ) )
+
+ if colNum != -1:
+ errLine = ''''
+ for i in range( colNum ):
+ errLine = errLine + ''-''
+
+ addMsg += ''\n'' + errLine + ''^''
+
+ addMsg += ''</PRE>''
+
+ xmlMessages.append( addMsg )
+
+def formatXmlGenError( msg ):
+ global xmlMessages, xmlIncomplete
+
+ xmlIncomplete = 1
+ xmlMessages.append( cgi.escape( msg ) )
+
+def parseXml( xmlInput ):
+ global xmlMessages, xmlError, xmlLine, xmlColumn
+
+ xmlParser = xml.sax.make_parser( )
+ try:
+ domDoc = xml.dom.minidom.parseString( xmlInput, xmlParser )
+
+ except xml.sax.SAXParseException, xmlErr:
+ msg = ''''
+ msg = msg + ''XML parsing error occurred at line ''
+ msg = msg + `xmlErr.getLineNumber( )`
+ msg = msg + '', column ''
+ msg = msg + `xmlErr.getColumnNumber( )`
+ msg = msg + '': reason = "''
+ msg = msg + xmlErr.getMessage( )
+ msg = msg + ''"''
+ formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ),
xmlErr.getColumnNumber( ) )
+ return None
+
+ except xml.sax.SAXException, xmlErr:
+ msg = ''''
+ msg = msg + ''XML Parsing error: '' + `xmlErr`
+ formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ),
xmlErr.getColumnNumber( ) )
+ return None
+
+ return domDoc
+
+def parsePolicyXml( ):
+ global policyXml
+ global formSteTypes, formChWallTypes
+
+ domDoc = parseXml( policyXml )
+ if domDoc == None:
+ return
+
+ domRoot = domDoc.documentElement
+ domNodes = domRoot.getElementsByTagName(
''SimpleTypeEnforcement'' )
+ if len( domNodes ) > 0:
+ steTypes = getSteTypes( domNodes[0], 1 )
+ if steTypes == None:
+ msg = ''''
+ msg = msg + ''Error processing the SimpleTypeEnforcement
types.\n''
+ msg = msg + ''Please validate the Policy Definition file
used.''
+ formatXmlError( msg )
+ return
+
+ formSteTypes[1] = steTypes
+
+ domNodes = domRoot.getElementsByTagName( ''ChineseWall'' )
+ if len( domNodes ) > 0:
+ chwTypes = getChWTypes( domNodes[0], 1 )
+ if chwTypes == None:
+ msg = ''''
+ msg = msg + ''Error processing the ChineseWall types.\n''
+ msg = msg + ''Please validate the Policy Definition file
used.''
+ formatXmlError( msg )
+ return
+
+ formChWallTypes[1] = chwTypes
+
+def parsePolicyLabelXml( ):
+ global policyLabelXml
+
+ domDoc = parseXml( policyLabelXml )
+ if domDoc == None:
+ return
+
+ domRoot = domDoc.documentElement
+ domHeaders = domRoot.getElementsByTagName( ''LabelHeader'' )
+ if len( domHeaders ) == 0:
+ msg = ''''
+ msg = msg + ''"<LabelHeader>" tag is
missing.\n''
+ msg = msg + ''Please validate the Policy Labeling file
used.''
+ formatXmlError( msg )
+ return
+
+ pName = getName( domHeaders[0] )
+ if pName == None:
+ msg = ''''
+ msg = msg + ''Error processing the Policy Labeling header
information.\n''
+ msg = msg + ''Please validate the Policy Labeling file
used.''
+ formatXmlError( msg )
+ return
+
+ formPolicyLabelName[1] = pName
+
+ pDate = getDate( domHeaders[0] )
+ if pDate == None:
+ msg = ''''
+ msg = msg + ''Error processing the Policy Labeling header
information.\n''
+ msg = msg + ''Please validate the Policy Labeling file
used.''
+ formatXmlError( msg )
+ return
+
+ formPolicyLabelDate[1] = pDate
+
+ pUrl = getDefUrl( domHeaders[0] )
+ if pUrl == None:
+ msg = ''''
+ msg = msg + ''Error processing the Policy Labeling header
information.\n''
+ msg = msg + ''Please validate the Policy Labeling file
used.''
+ formatXmlError( msg )
+ return
+
+ formPolicyUrl[1] = pUrl
+
+ pRef = getDefRef( domHeaders[0] )
+ if pRef == None:
+ msg = ''''
+ msg = msg + ''Error processing the Policy Labeling header
information.\n''
+ msg = msg + ''Please validate the Policy Labeling file
used.''
+ formatXmlError( msg )
+ return
+
+ formPolicyRef[1] = pRef
+
+ domSubjects = domRoot.getElementsByTagName( ''SubjectLabels''
)
+ if len( domSubjects ) > 0:
+ formVmNameDom0[1] = domSubjects[0].getAttribute(
''bootstrap'' )
+ domNodes = domSubjects[0].getElementsByTagName(
''VirtualMachineLabel'' )
+ for domNode in domNodes:
+ vmName = getName( domNode )
+ if vmName == None:
+ msg = ''''
+ msg = msg + ''Error processing the VirtualMachineLabel
name.\n''
+ msg = msg + ''Please validate the Policy Labeling file
used.''
+ formatXmlError( msg )
+ continue
+
+ steTypes = getSteTypes( domNode )
+ if steTypes == None:
+ msg = ''''
+ msg = msg + ''Error processing the SimpleTypeEnforcement
types.\n''
+ msg = msg + ''Please validate the Policy Labeling file
used.''
+ formatXmlError( msg )
+ return
+
+ chwTypes = getChWTypes( domNode )
+ if chwTypes == None:
+ msg = ''''
+ msg = msg + ''Error processing the ChineseWall types.\n''
+ msg = msg + ''Please validate the Policy Labeling file
used.''
+ formatXmlError( msg )
+ return
+
+ newVm( vmName, 1 )
+ allVmStes[vmName][1] = steTypes
+ allVmChWs[vmName][1] = chwTypes
+
+def removeDups( curList ):
+ newList = []
+ curSet = Set( curList )
+ for x in curSet:
+ newList.append( x )
+ newList.sort( )
+
+ return newList
+
+def newVm( vmName, addToList = 0 ):
+ global formVmNames
+ global templateVmDel, allVmDel, templateVmDom0, allVmDom0
+ global templateVmChWs, templateVmChWDel, templateVmChW, templateVmChWAdd
+ global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd
+ global templateVmStes, templateVmSteDel, templateVmSte, templateVmSteAdd
+ global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd
+
+ # Make sure we have an actual name and check one of the
''all''
+ # variables to be sure it hasn''t been previously defined
+ if (len( vmName ) > 0) and (not allVmDom0.has_key( vmName )):
+ vmSuffix = ''_'' + vmName
+ allVmDom0[vmName] = modFormTemplate( templateVmDom0, vmSuffix )
+ allVmDel[vmName] = modFormTemplate( templateVmDel, vmSuffix )
+ allVmChWs[vmName] = modFormTemplate( templateVmChWs, vmSuffix )
+ allVmChWDel[vmName] = modFormTemplate( templateVmChWDel, vmSuffix )
+ allVmChW[vmName] = modFormTemplate( templateVmChW, vmSuffix )
+ allVmChWAdd[vmName] = modFormTemplate( templateVmChWAdd, vmSuffix )
+ allVmStes[vmName] = modFormTemplate( templateVmStes, vmSuffix )
+ allVmSteDel[vmName] = modFormTemplate( templateVmSteDel, vmSuffix )
+ allVmSte[vmName] = modFormTemplate( templateVmSte, vmSuffix )
+ allVmSteAdd[vmName] = modFormTemplate( templateVmSteAdd, vmSuffix )
+ if addToList == 1:
+ formVmNames[1].append( vmName )
+ formVmNames[1] = removeDups( formVmNames[1] )
+
+def updateInfo( ):
+ global formData, formPolicyLabelName, formPolicyLabelDate
+ global formPolicyUrl, formPolicyRef
+
+ if formData.has_key( formPolicyLabelName[3] ):
+ formPolicyLabelName[1] = formData[formPolicyLabelName[3]].value
+ elif formData.has_key( formPolicyLabelUpdate[3] ):
+ formPolicyLabelName[1] = ''''
+
+ if formData.has_key( formPolicyLabelDate[3] ):
+ formPolicyLabelDate[1] = formData[formPolicyLabelDate[3]].value
+ elif formData.has_key( formPolicyLabelUpdate[3] ):
+ formPolicyLabelDate[1] = ''''
+
+ if formData.has_key( formPolicyUrl[3] ):
+ formPolicyUrl[1] = formData[formPolicyUrl[3]].value
+ elif formData.has_key( formPolicyLabelUpdate[3] ):
+ formPolicyUrl[1] = ''''
+
+ if formData.has_key( formPolicyRef[3] ):
+ formPolicyRef[1] = formData[formPolicyRef[3]].value
+ elif formData.has_key( formPolicyLabelUpdate[3] ):
+ formPolicyRef[1] = ''''
+
+def addVm( ):
+ global formData, fromVmName, formVmNames, formVmNameDom0
+
+ if (formData.has_key( formDefaultButton[3] )) or (formData.has_key(
formVmAdd[3] )):
+ if formData.has_key( formVmName[3] ):
+ vmName = formData[formVmName[3]].value
+ vmName = vmName.strip( )
+ newVm( vmName, 1 )
+ if formVmNameDom0[1] == '''':
+ formVmNameDom0[1] = vmName
+
+def delVm( vmName ):
+ global formVmNames, formVmNameDom0
+ global allVmDel, allVmDom0
+ global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd
+ global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd
+
+ vmName = vmName.strip( )
+ formVmNames[1].remove( vmName )
+ del allVmDom0[vmName]
+ del allVmDel[vmName]
+ del allVmChWs[vmName]
+ del allVmChWDel[vmName]
+ del allVmChW[vmName]
+ del allVmChWAdd[vmName]
+ del allVmStes[vmName]
+ del allVmSteDel[vmName]
+ del allVmSte[vmName]
+ del allVmSteAdd[vmName]
+
+ if formVmNameDom0[1] == vmName:
+ if len( formVmNames[1] ) > 0:
+ formVmNameDom0[1] = formVmNames[1][0]
+ else:
+ formVmNameDom0[1] = ''''
+
+def makeVmDom0( vmName ):
+ global formVmNameDom0
+
+ vmName = vmName.strip( )
+ formVmNameDom0[1] = vmName
+
+def addVmChW( chwName ):
+ global formData, allVmChW, allVmChWs
+
+ formVar = allVmChW[chwName]
+ if formData.has_key( formVar[3] ):
+ chwList = formData.getlist( formVar[3] )
+ formVar = allVmChWs[chwName]
+ for chw in chwList:
+ chw = chw.strip( )
+ formVar[1].append( chw )
+ formVar[1] = removeDups( formVar[1] )
+
+def delVmChW( chwName ):
+ global formData, allVmChWs
+
+ formVar = allVmChWs[chwName]
+ if formData.has_key( formVar[3] ):
+ chwList = formData.getlist( formVar[3] )
+ for chw in chwList:
+ chw = chw.strip( )
+ formVar[1].remove( chw )
+
+def addVmSte( steName ):
+ global formData, allVmSte, allVmStes
+
+ formVar = allVmSte[steName]
+ if formData.has_key( formVar[3] ):
+ steList = formData.getlist( formVar[3] )
+ formVar = allVmStes[steName]
+ for ste in steList:
+ ste = ste.strip( )
+ formVar[1].append( ste )
+ formVar[1] = removeDups( formVar[1] )
+
+def delVmSte( steName ):
+ global formData, allVmStes
+
+ formVar = allVmStes[steName]
+ if formData.has_key( formVar[3] ):
+ steList = formData.getlist( formVar[3] )
+ for ste in steList:
+ ste = ste.strip( )
+ formVar[1].remove( ste )
+
+def processRequest( ):
+ global formData, policyXml, policyLabelXml, formPolicyLabelUpdate
+ global formVmAdd
+ global formVmNames, allVmDel, allVmDom0
+ global allVmChWAdd, allVmChWDel, allVmSteAdd, allVmSteDel
+
+ if policyXml != '''':
+ parsePolicyXml( )
+
+ if policyLabelXml != '''':
+ parsePolicyLabelXml( )
+
+ # Allow the updating of the header information whenever
+ # an action is performed
+ updateInfo( )
+
+ # Allow the adding of labels if the user has hit the
+ # enter key when attempting to add a type/set
+ addVm( )
+
+ for vmName in formVmNames[1]:
+ if formData.has_key( allVmDel[vmName][3] ):
+ delVm( vmName )
+ continue
+
+ if formData.has_key( allVmDom0[vmName][3] ):
+ makeVmDom0( vmName )
+
+ if formData.has_key( allVmChWAdd[vmName][3] ):
+ addVmChW( vmName )
+
+ elif formData.has_key( allVmChWDel[vmName][3] ):
+ delVmChW( vmName )
+
+ elif formData.has_key( allVmSteAdd[vmName][3] ):
+ addVmSte( vmName )
+
+ elif formData.has_key( allVmSteDel[vmName][3] ):
+ delVmSte( vmName )
+
+def modFormTemplate( formTemplate, suffix ):
+ formVar = [x for x in formTemplate]
+
+ if formVar[2] != '''':
+ formVar[2] = formVar[2] + suffix
+ if formVar[3] != '''':
+ formVar[3] = formVar[3] + suffix
+ if (formVar[0] != ''button'') and (formVar[4] !=
''''):
+ formVar[4] = formVar[4] + suffix
+
+ return formVar;
+
+def makeName( name, suffix='''' ):
+ rName = name
+ if suffix != '''':
+ rName = rName + ''_'' + suffix
+
+ return rName
+
+def makeNameAttr( name, suffix='''' ):
+ return ''name="'' + makeName( name, suffix ) +
''"''
+
+def makeValue( value, suffix='''' ):
+ rValue = value
+
+ if isinstance( value, list ):
+ rValue = ''[''
+ for val in value:
+ rValue = rValue + ''\'''' + val
+ if suffix != '''':
+ rValue = rValue + ''_'' + suffix
+ rValue = rValue + ''\'',''
+ rValue = rValue + '']''
+
+ else:
+ if suffix != '''':
+ rValue = rValue + ''_'' + suffix
+
+ return rValue
+
+def makeValueAttr( value, suffix='''' ):
+ return ''value="'' + makeValue( value, suffix ) +
''"''
+
+def sendHtmlFormVar( formVar, attrs='''', rb_select=0 ):
+ nameAttr = ''''
+ valueAttr = ''''
+ htmlText = ''''
+
+ if formVar[0] == ''text'':
+ if formVar[3] != '''':
+ nameAttr = makeNameAttr( formVar[3] )
+ valueAttr = makeValueAttr( formVar[1] )
+
+ print ''<INPUT type="text"'', nameAttr,
valueAttr, attrs, ''>''
+
+ elif formVar[0] == ''list'':
+ if formVar[3] != '''':
+ nameAttr = makeNameAttr( formVar[3] )
+
+ print ''<SELECT'', nameAttr, attrs,
''>''
+ for option in formVar[1]:
+ print ''<OPTION>'' + option +
''</OPTION>''
+ print ''</SELECT>''
+
+ elif formVar[0] == ''button'':
+ if formVar[3] != '''':
+ nameAttr = makeNameAttr( formVar[3] )
+ if formVar[4] != '''':
+ valueAttr = makeValueAttr( formVar[4] )
+
+ print ''<INPUT type="submit"'', nameAttr,
valueAttr, attrs, ''>''
+
+ elif formVar[0] == ''radiobutton'':
+ if formVar[3] != '''':
+ nameAttr = makeNameAttr( formVar[3] )
+ valueAttr = makeValueAttr( formVar[4][rb_select] )
+ htmlText = formVar[5][rb_select]
+ if formVar[4][rb_select] == formVar[1]:
+ checked = ''checked''
+ else:
+ checked = ''''
+
+ print ''<INPUT type="radio"'', nameAttr,
valueAttr, attrs, checked, ''>'', htmlText
+
+ elif formVar[0] == ''radiobutton-all'':
+ if formVar[3] != '''':
+ nameAttr = makeNameAttr( formVar[3] )
+ buttonVals = formVar[4]
+ for i, buttonVal in enumerate( buttonVals ):
+ htmlText = ''''
+ addAttrs = ''''
+ checked = ''''
+
+ valueAttr = makeValueAttr( buttonVal )
+ if formVar[5] != '''':
+ htmlText = formVar[5][i]
+ if attrs != '''':
+ addAttrs = attrs[i]
+ if buttonVal == formVar[1]:
+ checked = ''checked''
+
+ print ''<INPUT type="radio"'', nameAttr,
valueAttr, addAttrs, checked, ''>'', htmlText
+
+ if ( formVar[2] != '''' ) and ( rb_select == 0 ):
+ nameAttr = makeNameAttr( formVar[2] )
+ valueAttr = makeValueAttr( formVar[1] )
+ print ''<INPUT type="hidden"'', nameAttr,
valueAttr, ''>''
+
+def sendHtmlHeaders( ):
+ # HTML headers
+ print ''Content-Type: text/html''
+ print
+
+def sendPolicyLabelHtml( ):
+ global xmlError, xmlIncomplete, xmlMessages, formXmlGen
+ global formVmNameDom0, formSteTypes, formChWallTypes
+
+ print ''<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01
Transitional//EN"''
+ print ''
"http://www.w3.org/TR/html4/loose.dtd">''
+
+ print ''<HTML>''
+
+ sendHtmlHead( )
+
+ print ''<BODY>''
+
+ # An input XML file was specified that had errors, output the
+ # error information
+ if xmlError == 1:
+ print ''<P>''
+ print ''An error has been encountered while processing the
input''
+ print ''XML file:''
+ print ''<UL>''
+ for msg in xmlMessages:
+ print ''<LI>''
+ print msg
+ print ''</UL>''
+ print ''</BODY>''
+ print ''</HTML>''
+ return
+
+ # When attempting to generate the XML output, all required data was not
+ # present, output the error information
+ if xmlIncomplete == 1:
+ print ''<P>''
+ print ''An error has been encountered while validating the
data''
+ print ''required for the output XML file:''
+ print ''<UL>''
+ for msg in xmlMessages:
+ print ''<LI>''
+ print msg
+ print ''</UL>''
+ print ''</BODY>''
+ print ''</HTML>''
+ return
+
+ print ''<CENTER>''
+ print ''<FORM action="'' +
os.environ[''SCRIPT_NAME''] + ''"
method="post">''
+ print ''<TABLE class="container">''
+ print '' <COLGROUP>''
+ print '' <COL width="100%">''
+ print '' </COLGROUP>''
+
+ print '' <TR>''
+ print '' <TD>''
+ sendHtmlFormVar( formDefaultButton,
''class="hidden"'' )
+ print '' </TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD>''
+ sendHtmlFormVar( formXmlGen )
+ print '' </TD>''
+ print '' </TR>''
+
+ # Policy Labeling header
+ print '' <TR>''
+ print '' <TD>''
+ sendPLHeaderHtml( )
+ print '' </TD>''
+ print '' </TR>''
+
+ # Separator
+ print '' <TR>''
+ print '' <TD>''
+ print '' <HR>''
+ print '' </TD>''
+ print '' </TR>''
+
+ # Policy Labels (vms)
+ print '' <TR>''
+ print '' <TD>''
+ print '' <TABLE class="full">''
+ print '' <TR>''
+ print '' <TD width="100%">''
+ sendPLSubHtml( )
+ print '' </TD>''
+ print '' </TR>''
+ print '' </TABLE>''
+ print '' </TD>''
+ print '' </TR>''
+
+ print ''</TABLE>''
+
+ # Send some data that needs to be available across sessions
+ sendHtmlFormVar( formVmNameDom0 )
+ sendHtmlFormVar( formSteTypes )
+ sendHtmlFormVar( formChWallTypes )
+
+ print ''</FORM>''
+ print ''</CENTER>''
+
+ print ''</BODY>''
+
+ print ''</HTML>''
+
+def sendHtmlHead( ):
+ global headTitle
+
+ print ''<HEAD>''
+ print ''<STYLE type="text/css">''
+ print ''<!--''
+ print ''BODY {background-color: #EEEEFF;}''
+ print ''TABLE.container {width: 90%; border: 1px solid black;
border-collapse: seperate;}''
+ print ''TABLE.full {width: 100%; border: 0px solid black;
border-collapse: collapse; border-spacing: 3px;}''
+ print ''TABLE.fullbox {width: 100%; border: 0px solid black;
border-collapse: collapse; border-spacing: 3px;}''
+ print ''THEAD {font-weight: bold; font-size:
larger;}''
+ print ''TD {border: 0px solid black; vertical-align:
top;}''
+ print ''TD.heading {border: 0px solid black; vertical-align: top;
font-weight: bold; font-size: larger;}''
+ print ''TD.subheading {border: 0px solid black; vertical-align: top;
font-size: smaller;}''
+ print ''TD.fullbox {border: 1px solid black; vertical-align:
top;}''
+ print ''SELECT.full {width: 100%;}''
+ print ''INPUT.full {width: 100%;}''
+ print ''INPUT.link {cursor: pointer; background-color: #EEEEFF;
border: 0px; text-decoration: underline; color: blue;}''
+ print ''INPUT.hidden {visibility: hidden; width: 1px; height:
1px;}''
+ print '':link {color: blue;}''
+ print '':visited {color: red;}''
+ print ''-->''
+ print ''</STYLE>''
+ print ''<TITLE>'', headTitle,
''</TITLE>''
+ print ''</HEAD>''
+
+def sendPLHeaderHtml( ):
+ global formPolicyLabelName, formPolicyLabelDate
+ global formPolicyUrl, formPolicyRef
+ global formPolicyLabelUpdate
+
+ # Policy Labeling header definition
+ print ''<TABLE class="full">''
+ print '' <COLGROUP>''
+ print '' <COL width="20%">''
+ print '' <COL width="80%">''
+ print '' </COLGROUP>''
+ print '' <TR>''
+ print '' <TD class="heading" align="center"
colspan="2">Policy Labeling Information</TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD
align="right">Name:</TD>''
+ print '' <TD align="left">''
+ sendHtmlFormVar( formPolicyLabelName,
''class="full"'' )
+ print '' </TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD
align="right">Date:</TD>''
+ print '' <TD align="left">''
+ sendHtmlFormVar( formPolicyLabelDate,
''class="full"'' )
+ print '' </TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD align="right">Policy
URL:</TD>''
+ print '' <TD align="left">''
+ sendHtmlFormVar( formPolicyUrl, ''class="full"'' )
+ print '' </TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD align="right">Policy
Reference:</TD>''
+ print '' <TD align="left">''
+ sendHtmlFormVar( formPolicyRef, ''class="full"'' )
+ print '' </TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD align="center"
colspan="2">''
+ sendHtmlFormVar( formPolicyLabelUpdate )
+ print '' </TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD align="center" colspan="2"
class="subheading">''
+ print '' (The Policy Labeling Information is updated whenever an
action is performed''
+ print '' or it can be updated separately using the
"Update" button)''
+ print '' </TD>''
+ print '' </TR>''
+ print ''</TABLE>''
+
+def sendPLSubHtml( ):
+ global formVmNames, formVmDel, formVmName, formVmAdd
+ global allVmDel, allVmDom0
+ global allVmChWs, allVmChWDel, allVmChW, allVmChWAdd
+ global allVmStes, allVmSteDel, allVmSte, allVmSteAdd
+ global formSteTypes, formChWallTypes
+
+ print ''<TABLE class="full">''
+ print '' <COLGROUP>''
+ print '' <COL width="100%">''
+ print '' </COLGROUP>''
+
+ # Virtual Machines...
+ print '' <TR>''
+ print '' <TD>''
+ print '' <TABLE class="full">''
+ print '' <COLGROUP>''
+ print '' <COL width="10%">''
+ print '' <COL width="40%">''
+ print '' <COL width="50%">''
+ print '' </COLGROUP>''
+ print '' <TR>''
+ print '' <TD class="heading"
align="center" colspan="3">Virtual Machine
Classes</TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD colspan="2">''
+ sendHtmlFormVar( formVmName, ''class="full"'' )
+ sendHtmlFormVar( formVmNames )
+ print '' </TD>''
+ print '' <TD> </TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD>''
+ sendHtmlFormVar( formVmAdd, ''class="full"'' )
+ print '' </TD>''
+ print '' <TD colspan="2">''
+ print '' Create a new VM class with the above
name''
+ print '' </TD>''
+ print '' </TR>''
+ print '' </TABLE>''
+ print '' </TD>''
+ print '' </TR>''
+ if len( formVmNames[1] ) > 0:
+ print '' <TR>''
+ print '' <TD colspan="1">''
+ print '' ''
+ print '' </TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD>''
+ print '' <TABLE class="fullbox">''
+ print '' <COLGROUP>''
+ print '' <COL width="10%">''
+ print '' <COL width="40%">''
+ print '' <COL width="50%">''
+ print '' </COLGROUP>''
+ print '' <THEAD>''
+ print '' <TR>''
+ print '' <TD class="fullbox">Dom
0?</TD>''
+ print '' <TD
class="fullbox">Name</TD>''
+ print '' <TD
class="fullbox">Actions</TD>''
+ print '' </TR>''
+ print '' </THEAD>''
+ for i, vmName in enumerate( formVmNames[1] ):
+ print '' <TR>''
+ print '' <TD class="fullbox">''
+ if formVmNameDom0[1] == vmName:
+ print ''Yes''
+ else:
+ print '' ''
+ print '' </TD>''
+ print '' <TD class="fullbox">'' +
vmName + ''</TD>''
+ print '' <TD class="fullbox">''
+ print '' <A href="#'' + vmName +
''">Edit</A>''
+ formVar = allVmDel[vmName]
+ sendHtmlFormVar( formVar, ''class="link"'' )
+ formVar = allVmDom0[vmName]
+ sendHtmlFormVar( formVar, ''class="link"'' )
+ print '' </TD>''
+ print '' </TR>''
+ print '' </TABLE>''
+ print '' </TD>''
+ print '' </TR>''
+ for vmName in formVmNames[1]:
+ print '' <TR>''
+ print '' <TD>''
+ print '' <HR>''
+ print '' </TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD>''
+ print '' <TABLE class="full">''
+ print '' <COLGROUP>''
+ print '' <COL width="10%">''
+ print '' <COL width="39%">''
+ print '' <COL width="2%">''
+ print '' <COL width="10%">''
+ print '' <COL width="39%">''
+ print '' </COLGROUP>''
+ print '' <TR>''
+ print '' <TD colspan="5"
align="center" class="heading">''
+ print '' <A name="'' + vmName +
''">Virtual Machine Class: '' + vmName +
''</A>''
+ print '' </TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD colspan="2"
align="center">Simple Type Enforcement Types</TD>''
+ print '' <TD> </TD>''
+ print '' <TD colspan="2"
align="center">Chinese Wall Types</TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD colspan="2">''
+ formVar = allVmStes[vmName];
+ sendHtmlFormVar( formVar, ''class="full"
size="4" multiple"'' )
+ print '' </TD>''
+ print '' <TD> </TD>''
+ print '' <TD colspan="2">''
+ formVar = allVmChWs[vmName];
+ sendHtmlFormVar( formVar, ''class="full"
size="4" multiple"'' )
+ print '' </TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD>''
+ formVar = allVmSteDel[vmName];
+ sendHtmlFormVar( formVar, ''class="full"'' )
+ print '' </TD>''
+ print '' <TD>''
+ print '' Delete the type(s) selected above''
+ print '' </TD>''
+ print '' <TD> </TD>''
+ print '' <TD>''
+ formVar = allVmChWDel[vmName];
+ sendHtmlFormVar( formVar, ''class="full"'' )
+ print '' </TD>''
+ print '' <TD>''
+ print '' Delete the type(s) selected above''
+ print '' </TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD colspan="2">''
+ stSet = Set( formSteTypes[1] )
+ vmSet = Set( allVmStes[vmName][1] )
+ formVar = allVmSte[vmName]
+ formVar[1] = []
+ for steType in stSet.difference( vmSet ):
+ formVar[1].append( steType )
+ formVar[1].sort( )
+ sendHtmlFormVar( formVar, ''class="full"
size="2" multiple"'' )
+ print '' </TD>''
+ print '' <TD> </TD>''
+ print '' <TD colspan="2">''
+ ctSet = Set( formChWallTypes[1] )
+ vmSet = Set( allVmChWs[vmName][1] )
+ formVar = allVmChW[vmName]
+ formVar[1] = []
+ for chwallType in ctSet.difference( vmSet ):
+ formVar[1].append( chwallType )
+ formVar[1].sort( )
+ sendHtmlFormVar( formVar, ''class="full"
size="2" multiple"'' )
+ print '' </TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD>''
+ formVar = allVmSteAdd[vmName];
+ sendHtmlFormVar( formVar, ''class="full"'' )
+ print '' </TD>''
+ print '' <TD>''
+ print '' Add the type(s) selected above''
+ print '' </TD>''
+ print '' <TD> </TD>''
+ print '' <TD>''
+ formVar = allVmChWAdd[vmName];
+ sendHtmlFormVar( formVar, ''class="full"'' )
+ print '' </TD>''
+ print '' <TD>''
+ print '' Add the type(s) selected above''
+ print '' </TD>''
+ print '' </TR>''
+ print '' </TABLE>''
+ print '' </TD>''
+ print '' </TR>''
+
+ print ''</TABLE>''
+
+def sendPLObjHtml( ):
+
+ # Resources...
+ print ''<TABLE class="full">''
+ print '' <COLGROUP>''
+ print '' <COL width="60%">''
+ print '' <COL width="20%">''
+ print '' <COL width="20%">''
+ print '' </COLGROUP>''
+
+ print '' <TR>''
+ print '' <TD align="center" colspan="3"
class="heading">Resources</TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD colspan="2">''
+ #sendHtmlFormVar( formVmNames, ''class="full"
size="4" multiple"'' )
+ print '' </TD>''
+ print '' <TD>''
+ #sendHtmlFormVar( formVmDel, ''class="full"'' )
+ print '' </TD>''
+ print '' </TR>''
+ print '' <TR>''
+ print '' <TD colspan="2">''
+ #sendHtmlFormVar( formVmName, ''class="full"'' )
+ print '' </TD>''
+ print '' <TD>''
+ #sendHtmlFormVar( formVmAdd, ''class="full"'' )
+ print '' </TD>''
+ print '' </TR>''
+ print ''</TABLE>''
+
+def checkXmlData( ):
+ global xmlIncomplete
+
+ # Validate the Policy Label Header requirements
+ if ( len( formPolicyLabelName[1] ) == 0 ) or \
+ ( len( formPolicyLabelDate[1] ) == 0 ) or \
+ ( len( formPolicyUrl[1] ) == 0 ) or \
+ ( len( formPolicyRef[1] ) == 0 ):
+ msg = ''''
+ msg = msg + ''The XML policy label schema requires that the Policy
''
+ msg = msg + ''Labeling Information Name, Date, Policy URL and
''
+ msg = msg + ''Policy Reference fields all have values.''
+ formatXmlGenError( msg )
+
+def sendXmlHeaders( ):
+ # HTML headers
+ print ''Content-Type: text/xml''
+ print ''Content-Disposition: attachment;
filename=security_label_template.xml''
+ print
+
+def sendPolicyLabelXml( ):
+ print ''<?xml version="1.0"?>''
+
+ print ''<SecurityLabelTemplate
xmlns="http://www.ibm.com"''
+ print ''
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"''
+ print ''
xsi:schemaLocation="http://www.ibm.com
security_policy.xsd">''
+
+ # Policy Labeling header
+ sendPLHeaderXml( )
+
+ # Policy Labels (subjects and objects)
+ sendPLSubXml( )
+ #sendPLObjXml( )
+
+ print ''</SecurityLabelTemplate>''
+
+def sendPLHeaderXml( ):
+ global formPolicyLabelName, formPolicyLabelDate
+ global formPolicyUrl, formPolicyRef
+
+ # Policy Labeling header definition
+ print ''<LabelHeader>''
+ print '' <Name>'' + formPolicyLabelName[1] +
''</Name>''
+ print '' <Date>'' + formPolicyLabelDate[1] +
''</Date>''
+ print '' <PolicyName>''
+ print '' <Url>'' + formPolicyUrl[1] +
''</Url>''
+ print '' <Reference>'' + formPolicyRef[1] +
''</Reference>''
+ print '' </PolicyName>''
+ print ''</LabelHeader>''
+
+def sendPLSubXml( ):
+ global formVmNames, allVmChWs, allVmStes
+
+ # Virtual machines...
+ if len( formVmNames[1] ) == 0:
+ return
+
+ print ''<SubjectLabels bootstrap="'' +
formVmNameDom0[1] + ''">''
+ for vmName in formVmNames[1]:
+ print '' <VirtualMachineLabel>''
+ print '' <Name>'' + vmName +
''</Name>''
+ formVar = allVmStes[vmName]
+ if len( formVar[1] ) > 0:
+ print '' <SimpleTypeEnforcementTypes>''
+ for ste in formVar[1]:
+ print '' <Type>'' + ste +
''</Type>''
+ print '' </SimpleTypeEnforcementTypes>''
+
+ formVar = allVmChWs[vmName]
+ if len( formVar[1] ) > 0:
+ print '' <ChineseWallTypes>''
+ for chw in formVar[1]:
+ print '' <Type>'' + chw +
''</Type>''
+ print '' </ChineseWallTypes>''
+
+ print '' </VirtualMachineLabel>''
+
+ print ''</SubjectLabels>''
+
+
+# Set up initial HTML variables
+headTitle = ''Xen Policy Labeling Generation''
+
+# Form variables
+# The format of these variables is as follows:
+# [ p0, p1, p2, p3, p4, p5 ]
+# p0 = input type
+# p1 = the current value of the variable
+# p2 = the hidden input name attribute
+# p3 = the name attribute
+# p4 = the value attribute
+# p5 = text to associate with the tag
+formPolicyLabelName = [ ''text'',
+ '''',
+ ''h_policyLabelName'',
+ ''i_policyLabelName'',
+ '''',
+ '''',
+ ]
+formPolicyLabelDate = [ ''text'',
+ getCurrentTime( ),
+ ''h_policyLabelDate'',
+ ''i_policyLabelDate'',
+ '''',
+ '''',
+ ]
+formPolicyUrl = [ ''text'',
+ '''',
+ ''h_policyUrl'',
+ ''i_policyUrl'',
+ '''',
+ '''',
+ ]
+formPolicyRef = [ ''text'',
+ '''',
+ ''h_policyRef'',
+ ''i_policyRef'',
+ '''',
+ '''',
+ ]
+formPolicyLabelUpdate = [ ''button'',
+ '''',
+ '''',
+ ''i_PolicyLabelUpdate'',
+ ''Update'',
+ '''',
+ ]
+
+formVmNames = [ '''',
+ [],
+ ''h_vmNames'',
+ '''',
+ '''',
+ '''',
+ ]
+formVmDel = [ ''button'',
+ '''',
+ '''',
+ ''i_vmDel'',
+ ''Delete'',
+ '''',
+ ]
+formVmName = [ ''text'',
+ '''',
+ '''',
+ ''i_vmName'',
+ '''',
+ '''',
+ ]
+formVmAdd = [ ''button'',
+ '''',
+ '''',
+ ''i_vmAdd'',
+ ''New'',
+ '''',
+ ]
+
+formVmNameDom0 = [ '''',
+ '''',
+ ''h_vmDom0'',
+ '''',
+ '''',
+ '''',
+ ]
+
+formXmlGen = [ ''button'',
+ '''',
+ '''',
+ ''i_xmlGen'',
+ ''Generate XML'',
+ '''',
+ ]
+
+formDefaultButton = [ ''button'',
+ '''',
+ '''',
+ ''i_defaultButton'',
+ ''.'',
+ '''',
+ ]
+
+formSteTypes = [ '''',
+ [],
+ ''h_steTypes'',
+ '''',
+ '''',
+ '''',
+ ]
+formChWallTypes = [ '''',
+ [],
+ ''h_chwallTypes'',
+ '''',
+ '''',
+ '''',
+ ]
+
+# This is a set of templates used for each virtual machine
+# Each virtual machine is initially assigned these templates,
+# then each form attribute value is changed to append
+# "_virtual-machine-name" for uniqueness.
+templateVmDel = [ ''button'',
+ '''',
+ '''',
+ ''i_vmDel'',
+ ''Delete'',
+ '''',
+ ]
+templateVmDom0 = [ ''button'',
+ '''',
+ '''',
+ ''i_vmDom0'',
+ ''SetDom0'',
+ '''',
+ ]
+allVmDel = {};
+allVmDom0 = {};
+
+templateVmChWs = [ ''list'',
+ [],
+ ''h_vmChWs'',
+ ''i_vmChWs'',
+ '''',
+ '''',
+ ]
+templateVmChWDel = [ ''button'',
+ '''',
+ '''',
+ ''i_vmChWDel'',
+ ''Delete'',
+ '''',
+ ]
+templateVmChW = [ ''list'',
+ [],
+ '''',
+ ''i_vmChW'',
+ '''',
+ '''',
+ ]
+templateVmChWAdd = [ ''button'',
+ '''',
+ '''',
+ ''i_vmChWAdd'',
+ ''Add'',
+ '''',
+ ]
+allVmChWs = {};
+allVmChWDel = {};
+allVmChW = {};
+allVmChWAdd = {};
+
+templateVmStes = [ ''list'',
+ [],
+ ''h_vmStes'',
+ ''i_vmStes'',
+ '''',
+ '''',
+ ]
+templateVmSteDel = [ ''button'',
+ '''',
+ '''',
+ ''i_vmSteDel'',
+ ''Delete'',
+ '''',
+ ]
+templateVmSte = [ ''list'',
+ [],
+ '''',
+ ''i_vmSte'',
+ '''',
+ '''',
+ ]
+templateVmSteAdd = [ ''button'',
+ '''',
+ '''',
+ ''i_vmSteAdd'',
+ ''Add'',
+ '''',
+ ]
+allVmStes = {};
+allVmSteDel = {};
+allVmSte = {};
+allVmSteAdd = {};
+
+# A list of all form variables used for saving info across requests
+formVariables = [ formPolicyLabelName,
+ formPolicyLabelDate,
+ formPolicyUrl,
+ formPolicyRef,
+ formVmNames,
+ formVmNameDom0,
+ formSteTypes,
+ formChWallTypes,
+ ]
+
+policyXml = ''''
+policyLabelXml = ''''
+xmlError = 0
+xmlIncomplete = 0
+xmlMessages = []
+
+
+# Extract any form data
+formData = cgi.FieldStorage( )
+
+# Process the form
+getSavedData( )
+processRequest( )
+
+if formData.has_key( formXmlGen[3] ):
+ # Generate and send the XML file
+ checkXmlData( )
+
+ if xmlIncomplete == 0:
+ sendXmlHeaders( )
+ sendPolicyLabelXml( )
+
+if (not formData.has_key( formXmlGen[3] )) or (xmlIncomplete == 1 ):
+ # Send HTML to continue processing the form
+ sendHtmlHeaders( )
+ sendPolicyLabelHtml( )
diff -r bdcb115c667a -r db5feb4ccc13 tools/security/python/xensec_gen/index.html
--- /dev/null Sat Dec 10 23:20:08 2005
+++ b/tools/security/python/xensec_gen/index.html Mon Dec 12 19:10:23 2005
@@ -0,0 +1,126 @@
+<!--
+ The Initial Developer of the Original Code is International
+ Business Machines Corporation. Portions created by IBM
+ Corporation are Copyright (C) 2005 International Business
+ Machines Corporation. All Rights Reserved.
+ -->
+
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+ <HEAD>
+ <META name="author" content="Tom Lendacky">
+ <META name="copyright" content="Copyright (C) 2005
International Business Machines Corporation. All rights reserved">
+
+ <STYLE type="text/css">
+ <!--
+ BODY {background-color: #EEEEFF;}
+ TABLE.xen {width: 100%; border: 0px solid black;}
+ TD {border: 0px solid black;}
+ TD.heading {border: 0px solid black; font-weight: bold; font-size:
larger;}
+ -->
+ </STYLE>
+ <TITLE>Xen Security Policy Tool</TITLE>
+ </HEAD>
+
+ <BODY>
+ <H1>Xen Security Policy Generation Tool</H1>
+
+ <CENTER>
+ <FORM action="/cgi-bin/policy.cgi" method="post"
enctype="multipart/form-data">
+ <TABLE class="xen">
+ <COLGROUP>
+ <COL width="25%">
+ <COL width="20%">
+ <COL width="55%">
+ </COLGROUP>
+
+ <TR>
+ <TD valign="top" class="heading">
+ Security Policy
+ </TD>
+ <TD valign="top" colspan="2">
+ To generate a new Xen Security Policy leave the
+ <B>"Policy File"</B> entry field
+ empty and click the "Create" button.<BR>
+ To modify an existing Xen Security Policy enter the
+ file name containing the policy in the
+ <B>"Policy File"</B> entry field
+ and click the "Create" button.<HR>
+ </TD>
+ </TR>
+ <TR>
+ <TD></TD>
+ <TD>
+ Policy File:
+ </TD>
+ <TD>
+ <INPUT type="file" size="50"
name="i_policy">
+ </TD>
+ </TR>
+ <TR>
+ <TD></TD>
+ <TD valign="top">
+ <INPUT type="submit" name="i_policyCreate"
value="Create">
+ </TD>
+ <TD></TD>
+ </TR>
+ </TABLE>
+ </FORM>
+
+ <FORM action="/cgi-bin/policylabel.cgi"
method="post" enctype="multipart/form-data">
+ <TABLE class="xen">
+ <COLGROUP>
+ <COL width="25%">
+ <COL width="20%">
+ <COL width="55%">
+ </COLGROUP>
+
+ <TR>
+ <TD valign="top" class="heading">
+ Security Policy Labeling
+ </TD>
+ <TD valign="top" colspan="2">
+ To generate or edit the Xen Security Policy Labeling you
<B>must</B>
+ specify the name of
+ an existing Xen Security Policy file in the
+ <B>"Policy File"</B> entry field.<BR>
+ To generate new Xen Security Policy Labeling leave the
+ <B>"Policy Labeling File"</B> entry field
+ empty and click the "Create" button.<BR>
+ To modify existing Xen Security Policy Labeling enter the
+ file name containing the labeling in the
+ <B>"Policy Labeling File"</B> entry field
+ and click the "Create" button.<HR>
+ </TD>
+ </TR>
+ <TR>
+ <TD></TD>
+ <TD>
+ Policy File:
+ </TD>
+ <TD>
+ <INPUT type="file" size="50"
name="i_policy">
+ </TD>
+ </TR>
+ <TR>
+ <TD></TD>
+ <TD>
+ Policy Labeling File:
+ </TD>
+ <TD>
+ <INPUT type="file" size="50"
name="i_policyLabel">
+ </TD>
+ </TR>
+ <TR>
+ <TD></TD>
+ <TD valign="top">
+ <INPUT type="submit"
name="i_policyLabelCreate" value="Create">
+ </TD>
+ <TD></TD>
+ </TR>
+ </TABLE>
+ </FORM>
+ </CENTER>
+ </BODY>
+</HTML>
diff -r bdcb115c667a -r db5feb4ccc13 tools/security/python/xensec_gen/main.py
--- /dev/null Sat Dec 10 23:20:08 2005
+++ b/tools/security/python/xensec_gen/main.py Mon Dec 12 19:10:23 2005
@@ -0,0 +1,185 @@
+#!/usr/bin/python
+#
+# The Initial Developer of the Original Code is International
+# Business Machines Corporation. Portions created by IBM
+# Corporation are Copyright (C) 2005 International Business
+# Machines Corporation. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License,
+# or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+"""Xen security policy generation aid
+"""
+
+import os
+import pwd
+import grp
+import sys
+import getopt
+import BaseHTTPServer
+import CGIHTTPServer
+
+
+gHttpPort = 7777
+gHttpDir = ''/var/lib/xensec_gen''
+gLogFile = ''/var/log/xensec_gen.log''
+gUser = ''nobody''
+gGroup = ''nobody''
+
+def usage( ):
+ print >>sys.stderr, ''Usage: '' + sys.argv[0] +
'' [OPTIONS]''
+ print >>sys.stderr, '' OPTIONS:''
+ print >>sys.stderr, '' -p, --httpport''
+ print >>sys.stderr, '' The port on which the http server is
to listen''
+ print >>sys.stderr, '' (default: '' + str( gHttpPort
) + '')''
+ print >>sys.stderr, '' -d, --httpdir''
+ print >>sys.stderr, '' The directory where the http server
is to serve pages from''
+ print >>sys.stderr, '' (default: '' + gHttpDir +
'')''
+ print >>sys.stderr, '' -l, --logfile''
+ print >>sys.stderr, '' The file in which to log messages
generated by this command''
+ print >>sys.stderr, '' (default: '' + gLogFile +
'')''
+ print >>sys.stderr, '' -u, --user''
+ print >>sys.stderr, '' The user under which this command is
to run. This parameter''
+ print >>sys.stderr, '' is only used when invoked under the
"root" user''
+ print >>sys.stderr, '' (default: '' + gUser +
'')''
+ print >>sys.stderr, '' -g, --group''
+ print >>sys.stderr, '' The group under which this command is
to run. This parameter''
+ print >>sys.stderr, '' is only used when invoked under the
"root" user''
+ print >>sys.stderr, '' (default: '' + gGroup +
'')''
+ print >>sys.stderr, '' -f''
+ print >>sys.stderr, '' Run the command in the foreground.
The logfile option will be''
+ print >>sys.stderr, '' ignored and all output will be
directed to stdout and stderr.''
+ print >>sys.stderr, '' -h, --help''
+ print >>sys.stderr, '' Display the command usage
information''
+
+def runServer( aServerPort,
+ aServerClass = BaseHTTPServer.HTTPServer,
+ aHandlerClass = CGIHTTPServer.CGIHTTPRequestHandler ):
+ serverAddress = ( '''', aServerPort )
+ httpd = aServerClass( serverAddress, aHandlerClass )
+ httpd.serve_forever( )
+
+def daemonize( aHttpDir, aLogFile, aUser, aGroup, aFork =
''true'' ):
+ # Do some pre-daemon activities
+ os.umask( 027 )
+ if os.getuid( ) == 0:
+ # If we are running as root, we will change that
+ uid = pwd.getpwnam( aUser )[2]
+ gid = grp.getgrnam( aGroup )[2]
+
+ if aFork == ''true'':
+ # Change the owner of the log file to the user/group
+ # under which the daemon is to run
+ flog = open( aLogFile, ''a'' )
+ flog.close( )
+ os.chown( aLogFile, uid, gid )
+
+ # Change the uid/gid of the process
+ os.setgid( gid )
+ os.setuid( uid )
+
+ # Change to the HTTP directory
+ os.chdir( aHttpDir )
+
+ if aFork == ''true'':
+ # Do first fork
+ try:
+ pid = os.fork( )
+ if pid:
+ # Parent process
+ return pid
+
+ except OSError, e:
+ raise Exception, e
+
+ # First child process, create a new session
+ os.setsid( )
+
+ # Do second fork
+ try:
+ pid = os.fork( )
+ if pid:
+ # Parent process
+ os._exit( 0 )
+
+ except OSError, e:
+ raise Exception, e
+
+ # Reset stdin/stdout/stderr
+ fin = open( ''/dev/null'', ''r'' )
+ flog = open( aLogFile, ''a'' )
+ os.dup2( fin.fileno( ), sys.stdin.fileno( ) )
+ os.dup2( flog.fileno( ), sys.stdout.fileno( ) )
+ os.dup2( flog.fileno( ), sys.stderr.fileno( ) )
+
+def main( ):
+ httpPort = gHttpPort
+ httpDir = gHttpDir
+ logFile = gLogFile
+ user = gUser
+ group = gGroup
+ doFork = ''true''
+
+ shortOpts = ''d:p:l:u:g:fh''
+ longOpts = [ ''httpdir='', ''httpport='',
''logfile='', ''user='',
''group='', ''help'' ]
+ try:
+ opts, args = getopt.getopt( sys.argv[1:], shortOpts, longOpts )
+
+ except getopt.GetoptError, e:
+ print >>sys.stderr, e
+ usage( )
+ sys.exit( )
+
+ if len( args ) != 0:
+ print >>sys.stderr, ''Error: command arguments are not
supported''
+ usage( )
+ sys.exit( )
+
+ for opt, opt_value in opts:
+ if opt in ( ''-h'', ''--help'' ):
+ usage( )
+ sys.exit( )
+
+ if opt in ( ''-d'', ''--httpdir'' ):
+ httpDir = opt_value
+
+ if opt in ( ''-p'', ''--httpport'' ):
+ try:
+ httpPort = int( opt_value )
+ except:
+ print >>sys.stderr, ''Error: HTTP port is not valid''
+ usage( )
+ sys.exit( )
+
+ if opt in ( ''-l'', ''--logfile'' ):
+ logFile = opt_value
+
+ if opt in ( ''-u'', ''--user'' ):
+ user = opt_value
+
+ if opt in ( ''-g'', ''--group'' ):
+ group = opt_value
+
+ if opt in ( ''-f'' ):
+ doFork = ''false''
+
+ pid = daemonize( httpDir, logFile, user, group, doFork )
+ if pid > 0:
+ sys.exit( )
+
+ runServer( httpPort )
+
+if __name__ == ''__main__'':
+ main( )
diff -r bdcb115c667a -r db5feb4ccc13 tools/security/xensec_gen.py
--- /dev/null Sat Dec 10 23:20:08 2005
+++ b/tools/security/xensec_gen.py Mon Dec 12 19:10:23 2005
@@ -0,0 +1,26 @@
+#!/usr/bin/python
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License,
+# or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import sys
+
+# Add fallback path for non-native python path installs if needed
+sys.path.append( ''/usr/lib/python'' )
+sys.path.append( ''/usr/lib64/python'' )
+
+from xen.xensec_gen import main
+
+main.main( )
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel