WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-changelog

[Xen-changelog] Merged.

# HG changeset patch
# User emellor@xxxxxxxxxxxxxxxxxxxxxx
# Node ID 62d9ac63e7f509328815443d8604f849b64d0c9d
# Parent  8c5b7b6772ae154192263bcb8c836eb619ab3eb4
# Parent  89e0dfa3a089f14aa92f7ea04c94348185e5a634
Merged.

diff -r 8c5b7b6772ae -r 62d9ac63e7f5 tools/ioemu/sdl.c
--- a/tools/ioemu/sdl.c Tue Dec 13 18:08:17 2005
+++ b/tools/ioemu/sdl.c Tue Dec 13 18:08:26 2005
@@ -592,7 +592,8 @@
 
     sdl_resize(ds, 640, 400);
     sdl_update_caption();
-    SDL_EnableKeyRepeat(250, 50);
+    if(repeat_key)
+        SDL_EnableKeyRepeat(250, 50);
     SDL_EnableUNICODE(1);
     gui_grab = 0;
 
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 tools/ioemu/vl.c
--- a/tools/ioemu/vl.c  Tue Dec 13 18:08:17 2005
+++ b/tools/ioemu/vl.c  Tue Dec 13 18:08:26 2005
@@ -145,6 +145,7 @@
 int graphic_height = 600;
 int graphic_depth = 15;
 int full_screen = 0;
+int repeat_key = 1;
 TextConsole *vga_console;
 CharDriverState *serial_hds[MAX_SERIAL_PORTS];
 int xc_handle;
@@ -2250,6 +2251,7 @@
            "-std-vga        simulate a standard VGA card with VESA Bochs 
Extensions\n"
            "                (default is CL-GD5446 PCI VGA)\n"
            "-vgaacc [0|1]   1 to accelerate CL-GD5446 speed, default is 1\n"
+           "-no-repeatkey   disable key repeat feature for SDL keyboard 
simulation"
 #endif
            "-loadvm file    start right away with a saved state (loadvm in 
monitor)\n"
            "\n"
@@ -2342,6 +2344,7 @@
     QEMU_OPTION_loadvm,
     QEMU_OPTION_full_screen,
     QEMU_OPTION_vgaacc,
+    QEMU_OPTION_repeatkey,
 };
 
 typedef struct QEMUOption {
@@ -2421,6 +2424,7 @@
     { "nic-ne2000", 0, QEMU_OPTION_nic_ne2000 },
     { "cirrusvga", 0, QEMU_OPTION_cirrusvga },
     { "vgaacc", HAS_ARG, QEMU_OPTION_vgaacc },
+    { "no-repeatkey", 0, QEMU_OPTION_repeatkey },
     { NULL },
 };
 
@@ -2975,6 +2979,9 @@
                         exit(1);
                     }
                 }
+                break;
+            case QEMU_OPTION_repeatkey:
+                repeat_key = 0;
                 break;
             case QEMU_OPTION_std_vga:
                 cirrus_vga_enabled = 0;
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 tools/ioemu/vl.h
--- a/tools/ioemu/vl.h  Tue Dec 13 18:08:17 2005
+++ b/tools/ioemu/vl.h  Tue Dec 13 18:08:26 2005
@@ -612,6 +612,7 @@
 
 void kbd_init(void);
 extern const char* keyboard_layout;
+extern int repeat_key;
 
 /* mc146818rtc.c */
 
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 tools/security/Makefile
--- a/tools/security/Makefile   Tue Dec 13 18:08:17 2005
+++ b/tools/security/Makefile   Tue Dec 13 18:08:26 2005
@@ -35,7 +35,7 @@
 SRCS_GETD     = get_decision.c
 OBJS_GETD    := $(patsubst %.c,%.o,$(filter %.c,$(SRCS_GETD)))
 
-ACM_INST_TOOLS    = xensec_tool xensec_xml2bin
+ACM_INST_TOOLS    = xensec_tool xensec_xml2bin xensec_gen
 ACM_NOINST_TOOLS  = get_decision
 ACM_OBJS          = $(OBJS_TOOL) $(OBJS_XML2BIN) $(OBJS_GETD)
 ACM_SCRIPTS       = getlabel.sh setlabel.sh updategrub.sh labelfuncs.sh
@@ -43,6 +43,12 @@
 ACM_CONFIG_DIR    = /etc/xen/acm-security
 ACM_POLICY_DIR    = $(ACM_CONFIG_DIR)/policies
 ACM_SCRIPT_DIR    = $(ACM_CONFIG_DIR)/scripts
+
+ACM_INST_HTML     = python/xensec_gen/index.html
+ACM_INST_CGI      = python/xensec_gen/cgi-bin/policy.cgi \
+                    python/xensec_gen/cgi-bin/policylabel.cgi
+ACM_SECGEN_HTMLDIR= /var/lib/xensec_gen
+ACM_SECGEN_CGIDIR = $(ACM_SECGEN_HTMLDIR)/cgi-bin
 
 ACM_SCHEMA        = security_policy.xsd
 ACM_EXAMPLES      = null chwall ste chwall_ste
@@ -65,6 +71,15 @@
        done
        $(INSTALL_DIR) -p $(DESTDIR)$(ACM_SCRIPT_DIR)
        $(INSTALL_PROG) -p $(ACM_SCRIPTS) $(DESTDIR)$(ACM_SCRIPT_DIR)
+       $(INSTALL_DIR) -p $(DESTDIR)$(ACM_SECGEN_HTMLDIR)
+       $(INSTALL_DATA) -p $(ACM_INST_HTML) $(DESTDIR)$(ACM_SECGEN_HTMLDIR)
+       $(INSTALL_DIR) -p $(DESTDIR)$(ACM_SECGEN_CGIDIR)
+       $(INSTALL_PROG) -p $(ACM_INST_CGI) $(DESTDIR)$(ACM_SECGEN_CGIDIR)
+ifndef XEN_PYTHON_NATIVE_INSTALL
+       python python/setup.py install --home="$(DESTDIR)/usr"
+else
+       python python/setup.py install --root="$(DESTDIR)"
+endif
 else
 all:
 
@@ -72,22 +87,27 @@
 endif
 
 build: mk-symlinks $(ACM_INST_TOOLS) $(ACM_NOINST_TOOLS)
+       python python/setup.py build
        chmod 700 $(ACM_SCRIPTS)
 
 xensec_tool: $(OBJS_TOOL)
-       $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
+       $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
 
 xensec_xml2bin: $(OBJS_XML2BIN)
-       $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
+       $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
 
 get_decision: $(OBJS_GETD)
-       $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
+       $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
+
+xensec_gen: xensec_gen.py
+       cp -f $^ $@
 
 clean:
        $(RM) $(ACM_INST_TOOLS) $(ACM_NOINST_TOOLS)
        $(RM) $(ACM_OBJS)
        $(RM) $(PROG_DEPS)
        $(RM) -r xen
+       $(RM) -r build
 
 mrproper: clean
 
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 tools/security/example.txt
--- a/tools/security/example.txt        Tue Dec 13 18:08:17 2005
+++ b/tools/security/example.txt        Tue Dec 13 18:08:26 2005
@@ -271,3 +271,112 @@
 
 If you keep to the security policy schema, then you can use all the
 tools described above. Refer to install.txt to install it.
+
+You can hand-edit the xml files to create your policy or you can use the
+xensec_gen utility.
+
+
+5. Generating policy files using xensec_gen:
+============================================
+
+The xensec_gen utility starts a web-server that can be used to generate the
+XML policy files needed to create a policy.
+
+By default, xensec_gen runs as a daemon and listens on port 7777 for HTTP
+requests.  The xensec_gen command supports command line options to change the
+listen port, run in the foreground, and a few others.  Type 'xensec_gen -h'
+to see the full list of options available.
+
+Once the xensec_gen utility is running, point a browser at the host and port
+on which the utility is running (e.g. http://localhost:7777/).  You will be
+presented with a web page that allows you to create or modify the XML policy
+files:
+
+  - The Security Policy section allows you to create or modify a policy
+    definition file
+
+  - The Security Policy Labeling section allows you to create or modify a
+    label template definition file
+
+  Security Policy:
+  ----------------
+  The Security Policy section allows you to modify an existing policy 
definition
+  file or create a new policy definition file.  To modify an existing policy
+  definition, enter the full path to the existing file (the "Browse" button can
+  be used to aid in this) in the Policy File entry field.  To create a new
+  policy definition file leave the Policy File entry field blank.  At this 
point
+  click the "Create" button to begin modifying or creating your policy 
definition.
+
+  You will then be presented with a web page that will allow you to create 
either
+  Simple Type Enforcement types or Chinese Wall types or both.
+
+  As an example:
+    - To add a Simple Type Enforcement type:
+      - Enter the name of a new type under the Simple Type Enforcement Types
+        section in the entry field above the "New" button.
+      - Click the "New" button and the type will be added to the list of 
defined
+        Simple Type Enforcement types.
+    - To remove a Simple Type Enforcement type:
+      - Click on the type to be removed in the list of defined Simple Type
+        Enforcement types.
+      - Click the "Delete" button to remove the type.
+
+  Follow the same process to add Chinese Wall types.  If you define Chinese 
Wall
+  types you need to define at least one Chinese Wall Conflict Set.  The Chinese
+  Wall Conflict Set will allow you to add Chinese Wall types from the list of
+  defined Chinese Wall types.
+
+  To create your policy definition file, click on the "Generate XML" button on
+  the top of the page.  This will present you with a dialog box to save the
+  generated XML file on your system.  The default name will be 
security_policy.xml
+  which you should change to follow the policy file naming conventions based on
+  the policy name that you choose to use.
+
+  To get a feel for the tool, you could use one of the example policy 
definition
+  files from /etc/xen/acm-security/policies as input.
+
+
+  Security Policy Labeling:
+  -------------------------
+  The Security Policy Labeling section allows you to modify an existing label
+  template definition file or create a new label template definition file.  To
+  modify an existing label template definition, enter the full path to the
+  existing file (the "Browse" button can be used to aid in this) in the Policy
+  Labeling File entry field.  Whether creating a new label template definition
+  file or modifying an existing one, you will need to specify the policy
+  definition file that is or will be associated with this label template
+  definition file.  At this point click the "Create" button to begin modifying
+  or creating your label template definition file.
+
+  You will then be presented with a web page that will allow you to create 
labels
+  for classes of virtual machines.  The input policy definition file will 
provide
+  the available types (Simple Type Enforcement and/or Chinese Wall) that can be
+  assigned to a virtual machine class.
+
+  As an example:
+    - To add a Virtual Machine class (the name entered will become the label
+      that will be used to identify the class):
+      - Enter the name of a new class under the Virtual Machine Classes section
+        in the entry field above the "New" button.
+      - Click the "New" button and the class will be added to the table of 
defined
+        Virtual Machine classes.
+    - To remove a Virtual Machine class:
+      - Click the "Delete" link associated with the class in the table of 
Virtual
+        Machine classes.
+
+  Once you have defined one or more Virtual Machine classes, you will be able 
to
+  add any of the defined Simple Type Enforcement types or Chinese Wall types 
to a
+  particular Virtual Machine.
+
+  You must also define which Virtual Machine class is to be associated with the
+  bootstrap domain (or Dom0 domain).  By default, the first Virtual Machine 
class
+  created will be associated as the bootstrap domain.
+
+  To create your label template definition file, click on the "Generate XML" 
button
+  on the top of the page.  This will present you with a dialog box to save the
+  generated XML file on your system.  The default name will be
+  security_label_template.xml which you should change to follow the policy file
+  naming conventions based on the policy name that you choose to use.
+
+  To get a feel for the tool, you could use one of the example policy 
definition
+  and label template definition files from /etc/xen/acm-security/policies as 
input.
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 tools/xm-test/lib/XmTestLib/XenDomain.py
--- a/tools/xm-test/lib/XmTestLib/XenDomain.py  Tue Dec 13 18:08:17 2005
+++ b/tools/xm-test/lib/XmTestLib/XenDomain.py  Tue Dec 13 18:08:26 2005
@@ -30,18 +30,140 @@
 
 BLOCK_ROOT_DEV = "hda"
 
-def XmTestDomain(name=None, extraOpts=None, config="/dev/null"):
-    if ENABLE_VMX_SUPPORT:
-        return XmTestVmxDomain(name, extraOpts, config)
+def getDeviceModel():
+    """Get the path to the device model based on
+    the architecture reported in uname"""
+    arch = os.uname()[4]
+    if re.search("64", arch):
+        return "/usr/lib64/xen/bin/qemu-dm"
     else:
-        return XmTestPvDomain(name, extraOpts, config)
+        return "/usr/lib/xen/bin/qemu-dm"
 
 def getDefaultKernel():
+    """Get the path to the default DomU kernel"""
     dom0Ver = commands.getoutput("uname -r");
     domUVer = dom0Ver.replace("xen0", "xenU");
     
     return "/boot/vmlinuz-" + domUVer;
 
+def getUniqueName():
+    """Get a uniqueish name for use in a domain"""
+    unixtime = int(time.time())
+    test_name = sys.argv[0]
+    test_name = re.sub("\.test", "", test_name)
+    test_name = re.sub("[\/\.]", "", test_name)
+    name = "%s-%i" % (test_name, unixtime)
+    
+    return name
+
+def getRdPath():
+    rdpath = os.environ.get("RD_PATH")
+    if not rdpath:
+        rdpath = "../../ramdisk"
+    rdpath = os.path.abspath(rdpath)
+
+    return rdpath
+
+ParavirtDefaults = {"memory"       : 64,
+                    "vcpus"        : 1,
+                    "kernel"       : getDefaultKernel(),
+                    "root"         : "/dev/ram0",
+                    "ramdisk"      : getRdPath() + "/initrd.img"
+                    }
+VmxDefaults =      {"memory"       : 64,
+                    "vcpus"        : 1,
+                    "nics"         : 0,
+                    "disk"         : ["file:%s/disk.img,ioemu:%s,w" %
+                                   (getRdPath(), BLOCK_ROOT_DEV)],
+                    "kernel"       : "/usr/lib/xen/boot/vmxloader",
+                    "builder"      : "vmx",
+                    "sdl"          : 0,
+                    "vnc"          : 0,
+                    "vncviewer"    : 0,
+                    "nographic"    : 1,
+                    "serial"       : "pty",
+                    "device_model" : getDeviceModel()
+                    }
+
+if ENABLE_VMX_SUPPORT:
+    configDefaults = VmxDefaults
+else:
+    configDefaults = ParavirtDefaults
+
+class XenConfig:
+    """An object to help create a xen-compliant config file"""
+    def __init__(self):
+        self.defaultOpts = {}
+
+        # These options need to be lists
+        self.defaultOpts["disk"] = []
+        self.defaultOpts["vif"]  = []
+
+        self.opts = self.defaultOpts
+
+    def toString(self):
+        """Convert this config to a string for writing out
+        to a file"""
+        string = "# Xen configuration generated by xm-test\n"
+        for k, v in self.opts.items():
+            if isinstance(v, int):
+                piece = "%s = %i" % (k, v)
+            elif isinstance(v, list) and v:
+                piece = "%s = %s" % (k, v)
+            elif isinstance(v, str) and v:
+                piece = "%s = \"%s\"" % (k, v)
+            else:
+                piece = None
+
+            if piece:
+                string += "%s\n" % piece
+
+        return string
+
+    def write(self, filename):
+        """Write this config out to filename"""
+        output = file(filename, "w")
+        output.write(self.toString())
+        output.close()
+
+    def __str__(self):
+        """When used as a string, we represent ourself by a config
+        filename, which points to a temporary config that we write
+        out ahead of time"""
+        filename = "/tmp/xm-test.conf"
+        self.write(filename)
+        return filename
+
+    def setOpt(self, name, value):
+        """Set an option in the config"""
+        if name in self.opts.keys() and isinstance(self.opts[name], list) and 
not isinstance(value, list):
+                self.opts[name] = [value]
+        else:
+            self.opts[name] = value
+
+    def appOpt(self, name, value):
+        """Append a value to a list option"""
+        if name in self.opts.keys() and isinstance(self.opts[name], list):
+            self.opts[name].append(value)
+
+    def getOpt(self, name):
+        """Return the value of a config option"""
+        if name in self.opts.keys():
+            return self.opts[name]
+        else:
+            return None
+
+    def setOpts(self, opts):
+        """Batch-set options from a dictionary"""
+        for k, v in opts.items():
+            self.setOpt(k, v)
+
+    def clearOpts(self, name=None):
+        """Clear one or all config options"""
+        if name:
+            self.opts[name] = self.defaultOpts[name]
+        else:
+            self.opts = self.defaultOpts
 
 class DomainError(Exception):
     def __init__(self, msg, extra="", errorcode=0):
@@ -55,62 +177,24 @@
     def __str__(self):
         return str(self.msg)
 
+
 class XenDomain:
 
-    def __init__(self, opts={}, config="/dev/null"):
-        """Create a domain object.  Optionally take a 
-        dictionary of 'xm' options to use"""
-
-        self.domID = None;
+    def __init__(self, name=None, config=None):
+        """Create a domain object.
+        @param config: String filename of config file
+        """
+
+        if name:
+            self.name = name
+        else:
+            self.name = getUniqueName()
+
         self.config = config
 
-        if not opts.has_key("name"):
-            raise DomainError("Missing `name' option")
-        if not opts.has_key("memory"):
-            raise DomainError("Missing `memory' option")
-        if not opts.has_key("kernel"):
-            raise DomainError("Missing `kernel' option")
-
-        self.opts = opts
-
-        self.configVals = None
-
-    def __buildCmdLine(self):
-        c = "xm create %s" % self.config
-
-        for k in self.opts.keys():
-            c += " %s=%s" % (k, self.opts[k])
-        
-        return c
-
-    def getUniqueName(self):
-        #
-        # We avoid multiple duplicate names
-        # here because they stick around in xend
-        # too long
-        #
-        unixtime = int(time.time())
-        test_name = sys.argv[0]
-        test_name = re.sub("\.test", "", test_name)
-        test_name = re.sub("[\/\.]", "", test_name)
-        name = "%s-%i" % (test_name, unixtime)
-
-        return name
-
     def start(self):
 
-        if self.configVals:
-            self.__writeConfig("/tmp/xm-test.conf")
-            self.config = "/tmp/xm-test.conf"
-
-        commandLine = self.__buildCmdLine()
-
-        ret, output = traceCommand(commandLine);
-
-        try:
-            self.domID = self.getId()
-        except:
-            self.domID = -1;
+        ret, output = traceCommand("xm create %s" % self.config)
 
         if ret != 0:
             raise DomainError("Failed to create domain",
@@ -118,190 +202,79 @@
                               errorcode=ret)
 
     def stop(self):
-        prog = "xm";
-        cmd = " shutdown ";
-
-        ret, output = traceCommand(prog + cmd + self.opts["name"]);
-
-        return ret;
+        prog = "xm"
+        cmd = " shutdown "
+
+        ret, output = traceCommand(prog + cmd + self.config.getOpt("name"))
+
+        return ret
 
     def destroy(self):
-        prog = "xm";
-        cmd = " destroy ";
-
-        ret, output = traceCommand(prog + cmd + self.opts["name"]);
-
-        return ret;
+        prog = "xm"
+        cmd = " destroy "
+
+        ret, output = traceCommand(prog + cmd + self.config.getOpt("name"))
+
+        return ret
 
     def getName(self):
-        return self.opts["name"];
+        return self.name
 
     def getId(self):
         return domid(self.getName());
 
-    def configSetVar(self, key, value):
-        if not self.configVals:
-            self.configVals = {}
-
-        self.configVals[key] = value
-
-    def configAddDisk(self, pdev, vdev, acc):
-        if not self.configVals:
-            self.configVals = {}
-
-        if not self.configVals.has_key("disk"):
-            self.configVals["disk"] = []
-
-        self.configVals["disk"].append("%s,%s,%s" % (pdev,vdev,acc))
-
-    def configAddVif(self, type, mac, bridge):
-        if not self.configVals:
-            self.configVals = {}
-
-        if not self.configVals.has_key("vif"):
-            self.configVals["vif"] = []
-
-        if mac:
-            self.configVals["vif"].append("%s,%s,%s" % (type,mac,bridge))
-        else:
-            self.configVals["vif"].append("%s,%s" % (type,bridge))
-
-    def __writeConfig(self, configFileName):
-
-        conf = file(configFileName, "w")
-
-        for k,v in self.configVals.items():
-            print >>conf, "%s = %s" % (k, v)
-
-        conf.close()
-
-class XmTestVmxDomain(XenDomain):
-
-    def __prepareBlockRoot(self, rdpath):
-        image = os.path.abspath(rdpath + "/disk.img")
-        self.configAddDisk("file:%s" % image, "ioemu:%s" % BLOCK_ROOT_DEV, "w")
-
-    def __prepareVif(self):
-        self.configAddVif("type=ioemu", None, "bridge=xenbr0")
-
-    def __prepareDeviceModel(self):
-        arch = os.uname()[4]
-        if re.search('64', arch):
-            self.configSetVar("device_model", "\"/usr/lib64/xen/bin/qemu-dm\"")
-        else:
-            self.configSetVar("device_model", "\"/usr/lib/xen/bin/qemu-dm\"")
-
-    def __init__(self, name=None, extraOpts=None, config="/dev/null"):
-
-        rdpath = os.environ.get("RD_PATH")
-        if not rdpath:
-            rdpath = "../../ramdisk"
-
-        self.opts = {}
-        self.configVals = {}
-
-        # Defaults
-        self.defaults = {"memory"    : 64,
-                         "vcpus"     : 1,
-                         "kernel"    : "/usr/lib/xen/boot/vmxloader",
-                         "builder"   : "\'vmx\'",
-                         "name"      : name or self.getUniqueName()
-                         }
-
-        self.domID = None;
-        self.config = config;
-
-        self.__prepareBlockRoot(rdpath)
-       #self.__prepareVif()
-        self.__prepareDeviceModel()
-        #self.configSetVar("boot","\'c\'")
-        self.configSetVar("sdl","0")
-        self.configSetVar("vnc","0")
-        self.configSetVar("vncviewer","0")
-        self.configSetVar("nographic","1")
-        self.configSetVar("serial","\'pty\'")
-
-        # Copy over defaults
-        for key in self.defaults.keys():
-            self.opts[key] = self.defaults[key]
-
-        # Merge in extra options
-        if extraOpts:
-            for key in extraOpts.keys():
-                self.opts[key] = extraOpts[key]
+
+class XmTestDomain(XenDomain):
+
+    def __init__(self, name=None, extraConfig=None, baseConfig=configDefaults):
+        """Create a new xm-test domain
+        @param name: The requested domain name
+        @param extraConfig: Additional configuration options
+        @param baseConfig: The initial configuration defaults to use
+        """
+        config = XenConfig()
+        config.setOpts(baseConfig)
+        if extraConfig:
+            config.setOpts(extraConfig)
+
+        if name:
+            config.setOpt("name", name)
+        elif not config.getOpt("name"):
+            config.setOpt("name", getUniqueName())
+
+        XenDomain.__init__(self, config.getOpt("name"), config=config)
 
     def start(self):
-        """We know how about how long everyone will need to wait
-        for our disk image to come up, so we do it here as a convenience"""
-
-#        for i in range(0,5):
-#            status, output = traceCommand("xm list")
-
         XenDomain.start(self)
-        waitForBoot()
+        if ENABLE_VMX_SUPPORT:
+            waitForBoot()
 
     def startNow(self):
         XenDomain.start(self)
 
-    def getMem(self):
-        return int(self.opts["memory"])
-
     def minSafeMem(self):
         return 16
 
-class XmTestPvDomain(XenDomain):
-
-    def __init__(self, name=None, extraOpts=None, config="/dev/null"):
-
-        rdpath = os.environ.get("RD_PATH")
-        if not rdpath:
-            rdpath = "../../ramdisk"
-
-        self.opts = {}
-        self.configVals = None
-
-        # Defaults
-        self.defaults = {"memory"  : 64,
-                         "vcpus"   : 1,
-                         "kernel"  : getDefaultKernel(),
-                         "root"    : "/dev/ram0",
-                         "name"    : name or self.getUniqueName(),
-                         "ramdisk" : rdpath + "/initrd.img"
-                         }
-
-        self.domID = None;
-        self.config = config;
-
-        # Copy over defaults
-        for key in self.defaults.keys():
-            self.opts[key] = self.defaults[key]
-
-        # Merge in extra options
-        if extraOpts:
-            for key in extraOpts.keys():
-                self.opts[key] = extraOpts[key]
-
-    def start(self):
-        """We know how about how long everyone will need to wait
-        for our ramdisk to come up, so we do it here as a convenience"""
-
-#        for i in range(0,5):
-#            status, output = traceCommand("xm list")
-
-        XenDomain.start(self)
-#        waitForBoot()
-
-    def startNow(self):
-        XenDomain.start(self)
-
-    def getMem(self):
-        return int(self.opts["memory"])
-
-    def minSafeMem(self):
-        return 16
-
 if __name__ == "__main__":
 
-    d = XmTestDomain();
-
-    d.start();
+    c = XenConfig()
+
+    c.setOpt("foo", "bar")
+    c.setOpt("foob", 1)
+    opts = {"opt1" : 19,
+            "opt2" : "blah"}
+    c.setOpts(opts)
+
+    c.setOpt("disk", "phy:/dev/ram0,hda1,w")
+    c.appOpt("disk", "phy:/dev/ram1,hdb1,w")
+
+    print str(c)
+
+    
+
+#    c.write("/tmp/foo.conf")
+
+#    d = XmTestDomain();
+#
+#    d.start();
+
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 tools/xm-test/lib/XmTestReport/Report.py
--- a/tools/xm-test/lib/XmTestReport/Report.py  Tue Dec 13 18:08:17 2005
+++ b/tools/xm-test/lib/XmTestReport/Report.py  Tue Dec 13 18:08:26 2005
@@ -31,10 +31,12 @@
 import xml.dom.minidom
 import httplib
 import urllib
+import re
 
 #REPORT_HOST = "xmtest-dev.dague.org"
 REPORT_HOST = "xmtest.dague.org"
 REPORT_URL  = "/cgi-bin/report-results";
+VIEW_URL = "cgi-bin/display?view=single&testid="
 
 class XmTestReport:
 
@@ -101,16 +103,21 @@
     conn.request("POST", REPORT_URL, body, headers)
     
     resp = conn.getresponse()
+    data = resp.read()
+
     if resp.status == 200:
         print >>sys.stderr, "Your results have been submitted successfully!"
+        match = re.match("^id=([0-9]+)$", data.split("\n")[1])
+        if match:
+            id = match.group(1)
+            print >>sys.stderr, "See your report at:"
+            print >>sys.stderr, "http://%s/%s%s"; % (REPORT_HOST, VIEW_URL, id)
     else:
         print >>sys.stderr, "Unable to submit results:"
         print >>sys.stderr, "[http://%s%s] said %i: %s" % (REPORT_HOST,
                                                            REPORT_URL,
                                                            resp.status,
                                                            resp.reason)
-
-        data = resp.read()
         print >>sys.stderr, data
 
 if __name__ == "__main__":
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/block-create/11_block_attach_shared_dom0.py
--- a/tools/xm-test/tests/block-create/11_block_attach_shared_dom0.py   Tue Dec 
13 18:08:17 2005
+++ b/tools/xm-test/tests/block-create/11_block_attach_shared_dom0.py   Tue Dec 
13 18:08:26 2005
@@ -21,8 +21,9 @@
 
 # Now try to start a DomU with write access to /dev/ram0
 
-domain = XmTestDomain();
-domain.configAddDisk("phy:/dev/ram0", "hda1", "w")
+config = {"disk":"phy:/dev/ram0,hda1,w"}
+
+domain = XmTestDomain(extraConfig=config);
 
 try:
     domain.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/block-create/12_block_attach_shared_domU.py
--- a/tools/xm-test/tests/block-create/12_block_attach_shared_domU.py   Tue Dec 
13 18:08:17 2005
+++ b/tools/xm-test/tests/block-create/12_block_attach_shared_domU.py   Tue Dec 
13 18:08:26 2005
@@ -5,11 +5,11 @@
 
 from XmTestLib import *
 
-dom1 = XmTestDomain()
-dom2 = XmTestDomain(dom1.getName() + "-2")
+config = {"disk":"phy:/dev/ram0,hda1,w"}
 
-dom1.configAddDisk("phy:/dev/ram0", "hda1", "w")
-dom2.configAddDisk("phy:/dev/ram0", "hda1", "w")
+dom1 = XmTestDomain(extraConfig=config)
+dom2 = XmTestDomain(dom1.getName() + "-2",
+                    extraConfig=config)
 
 try:
     dom1.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/block-destroy/01_block-destroy_btblock_pos.py
--- a/tools/xm-test/tests/block-destroy/01_block-destroy_btblock_pos.py Tue Dec 
13 18:08:17 2005
+++ b/tools/xm-test/tests/block-destroy/01_block-destroy_btblock_pos.py Tue Dec 
13 18:08:26 2005
@@ -5,9 +5,8 @@
 
 from XmTestLib import *
 
-domain = XmTestDomain()
-
-domain.configAddDisk("phy:/dev/ram0", "hda1", "w")
+config = {"disk":"phy:/dev/ram0,hda1,w"}
+domain = XmTestDomain(extraConfig=config)
 
 try:
     domain.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/block-destroy/05_block-destroy_byname_pos.py
--- a/tools/xm-test/tests/block-destroy/05_block-destroy_byname_pos.py  Tue Dec 
13 18:08:17 2005
+++ b/tools/xm-test/tests/block-destroy/05_block-destroy_byname_pos.py  Tue Dec 
13 18:08:26 2005
@@ -5,9 +5,8 @@
 
 from XmTestLib import *
 
-domain = XmTestDomain()
-
-domain.configAddDisk("phy:/dev/ram0", "hda1", "w")
+config = {"disk":"phy:/dev/ram0,hda1,w"}
+domain = XmTestDomain(extraConfig=config)
 
 try:
     domain.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/block-list/01_block-list_pos.py
--- a/tools/xm-test/tests/block-list/01_block-list_pos.py       Tue Dec 13 
18:08:17 2005
+++ b/tools/xm-test/tests/block-list/01_block-list_pos.py       Tue Dec 13 
18:08:26 2005
@@ -8,9 +8,8 @@
 
 from XmTestLib import *
 
-domain = XmTestDomain()
-
-domain.configAddDisk("phy:/dev/ram0", "hda1", "w")
+config = {"disk":"phy:/dev/ram0,hda1,w"}
+domain = XmTestDomain(extraConfig=config)
 
 try:
     domain.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/block-list/03_block-list_anotherbd_pos.py
--- a/tools/xm-test/tests/block-list/03_block-list_anotherbd_pos.py     Tue Dec 
13 18:08:17 2005
+++ b/tools/xm-test/tests/block-list/03_block-list_anotherbd_pos.py     Tue Dec 
13 18:08:26 2005
@@ -8,9 +8,8 @@
 
 from XmTestLib import *
 
-domain = XmTestDomain()
-
-domain.configAddDisk("phy:/dev/ram0", "hda1", "w")
+config = {"disk":"phy:/dev/ram0,hda1,w"}
+domain = XmTestDomain(extraConfig=config)
 
 try:
     domain.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/create/01_create_basic_pos.py
--- a/tools/xm-test/tests/create/01_create_basic_pos.py Tue Dec 13 18:08:17 2005
+++ b/tools/xm-test/tests/create/01_create_basic_pos.py Tue Dec 13 18:08:26 2005
@@ -12,9 +12,9 @@
 # Create a domain (default XmTestDomain, with our ramdisk)
 domain = XmTestDomain()
 
-if int(getInfo("free_memory")) < domain.getMem():
+if int(getInfo("free_memory")) < domain.config.getOpt("memory"):
     SKIP("This test needs %i MB of free memory (%i MB avail)" %
-         (domain.getMem(), int(getInfo("free_memory"))))
+         (domain.config.getOpt("memory"), int(getInfo("free_memory"))))
 
 # Start it
 try:
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/create/06_create_mem_neg.py
--- a/tools/xm-test/tests/create/06_create_mem_neg.py   Tue Dec 13 18:08:17 2005
+++ b/tools/xm-test/tests/create/06_create_mem_neg.py   Tue Dec 13 18:08:26 2005
@@ -19,15 +19,8 @@
        rdpath = "../ramdisk"
 
 # Test 1: create a domain with mem=0
-opts1 =  {
-            "name"    : "default",
-            "memory"  : 0,
-            "kernel"  : getDefaultKernel(),
-            "root"    : "/dev/ram0",
-            "ramdisk" : rdpath + "/initrd.img",
-            }
-
-domain1=XenDomain(opts1)
+config1 = {"memory": 0}
+domain1=XmTestDomain(extraConfig=config1)
 
 try:
     domain1.start()
@@ -43,17 +36,10 @@
 # Test 2: create a domain with mem>sys_mem
 
 mem = int(getInfo("total_memory"))
-extreme_mem = str(mem + 100)
+extreme_mem = mem + 100
 
-opts2=  {
-            "name"    : "default",
-            "memory"  : extreme_mem,
-            "kernel"  : getDefaultKernel(),
-            "root"    : "/dev/ram0",
-            "ramdisk" : rdpath + "/initrd.img",
-            }
-
-domain2=XenDomain(opts2)
+config2 = {"memory": extreme_mem}
+domain2=XmTestDomain(extraConfig=config2)
 
 try:
     domain2.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/create/07_create_mem64_pos.py
--- a/tools/xm-test/tests/create/07_create_mem64_pos.py Tue Dec 13 18:08:17 2005
+++ b/tools/xm-test/tests/create/07_create_mem64_pos.py Tue Dec 13 18:08:26 2005
@@ -23,15 +23,8 @@
        SKIP("This test needs 64 MB of free memory (%i MB avail)" % mem)
 
 #create a domain with mem=64
-opts =  {
-            "name"    : "MEM64",
-            "memory"  : 64,
-            "kernel"  : getDefaultKernel(),
-            "root"    : "/dev/ram0",
-            "ramdisk" : rdpath + "/initrd.img",
-            }
-
-domain_mem64=XenDomain(opts)
+config = {"memory": 64}
+domain_mem64=XmTestDomain(extraConfig=config)
 
 #start it
 try:
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/create/08_create_mem128_pos.py
--- a/tools/xm-test/tests/create/08_create_mem128_pos.py        Tue Dec 13 
18:08:17 2005
+++ b/tools/xm-test/tests/create/08_create_mem128_pos.py        Tue Dec 13 
18:08:26 2005
@@ -23,15 +23,8 @@
         SKIP("This test needs 128 MB of free memory (%i MB avail)" % mem)
 
 #create a domain with mem=128
-opts =  {
-            "name"    : "MEM128",
-            "memory"  : 128,
-            "kernel"  : getDefaultKernel(),
-            "root"    : "/dev/ram0",
-            "ramdisk" : rdpath + "/initrd.img",
-            }
-
-domain_mem128=XenDomain(opts)
+config={"memory": 128}
+domain_mem128=XmTestDomain(extraConfig=config)
 
 #start it
 try:
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/create/09_create_mem256_pos.py
--- a/tools/xm-test/tests/create/09_create_mem256_pos.py        Tue Dec 13 
18:08:17 2005
+++ b/tools/xm-test/tests/create/09_create_mem256_pos.py        Tue Dec 13 
18:08:26 2005
@@ -23,15 +23,8 @@
         SKIP("This test needs 256 MB of free memory (%i MB avail)" % mem)
 
 #create a domain with mem=256
-opts =  {
-            "name"    : "MEM256",
-            "memory"  : 256,
-            "kernel"  : getDefaultKernel(),
-            "root"    : "/dev/ram0",
-            "ramdisk" : rdpath + "/initrd.img",
-            }
-
-domain_mem256=XenDomain(opts)
+config = {"memory": 256}
+domain_mem256=XmTestDomain(extraConfig=config)
 
 #start it
 try:
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/create/11_create_concurrent_pos.py
--- a/tools/xm-test/tests/create/11_create_concurrent_pos.py    Tue Dec 13 
18:08:17 2005
+++ b/tools/xm-test/tests/create/11_create_concurrent_pos.py    Tue Dec 13 
18:08:26 2005
@@ -34,7 +34,7 @@
 
 for d in range(0, NUM_DOMS):
     dom = XmTestDomain(name="11_create_%i" % d,
-                       extraOpts={"memory":str(MEM_PER_DOM)})
+                       extraConfig={"memory":MEM_PER_DOM})
 
     try:
         dom.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/create/12_create_concurrent_stress_pos.py
--- a/tools/xm-test/tests/create/12_create_concurrent_stress_pos.py     Tue Dec 
13 18:08:17 2005
+++ b/tools/xm-test/tests/create/12_create_concurrent_stress_pos.py     Tue Dec 
13 18:08:26 2005
@@ -14,7 +14,7 @@
 domains = []
 
 for i in range(0,DOMS):
-    dom = XmTestDomain(extraOpts={"memory" : str(MEM)})
+    dom = XmTestDomain(extraConfig={"memory" : MEM})
 
     try:
         dom.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/create/13_create_multinic_pos.py
--- a/tools/xm-test/tests/create/13_create_multinic_pos.py      Tue Dec 13 
18:08:17 2005
+++ b/tools/xm-test/tests/create/13_create_multinic_pos.py      Tue Dec 13 
18:08:26 2005
@@ -6,8 +6,8 @@
 from XmTestLib import *
 
 for i in range(0,10):
-    domain = XmTestDomain()
-    domain.configSetVar('vif', str(['' for _ in range(0, i)]))
+    config = {"vif": ['' for _ in range(0, i)]}
+    domain = XmTestDomain(extraConfig=config)
 
     try:
         domain.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/create/14_create_blockroot_pos.py
--- a/tools/xm-test/tests/create/14_create_blockroot_pos.py     Tue Dec 13 
18:08:17 2005
+++ b/tools/xm-test/tests/create/14_create_blockroot_pos.py     Tue Dec 13 
18:08:26 2005
@@ -6,10 +6,9 @@
 from XmTestLib import *
 
 import os
+import time
 
-CONF_FILE = "/tmp/14_create_blockroot_pos.conf"
-
-rdpath = os.path.abspath(os.environ.get("RD_PATH"))
+rdpath = getRdPath()
 
 # status, output = traceCommand("losetup -f %s" % rdpath)
 # if status != 0:
@@ -17,22 +16,26 @@
 # 
 # if verbose:
 #     print "Using %s" % output
- 
-opts = {"memory" : "64",
-        "root"   : "/dev/hda1",
-        "name"   : "14_create_blockroot",
-        "kernel" : getDefaultKernel() }
 
-domain = XenDomain(opts=opts)
-
-domain.configAddDisk("file:%s/initrd.img" % rdpath, "hda1", "w")
+if ENABLE_VMX_SUPPORT:
+    domain = XmTestDomain(name="14_create_blockroot")
+else:
+    config = {"memory" : "64",
+              "root"   : "/dev/hda1",
+              "name"   : "14_create_blockroot",
+              "kernel" : getDefaultKernel(),
+              "disk"   : "file:%s/initrd.img,hda1,w" % rdpath
+              }
+    domConfig = XenConfig()
+    domConfig.setOpts(config)
+    domain = XenDomain(name=domConfig.getOpt("name"), config=domConfig)
 
 try:
     domain.start()
 except DomainError, e:
       FAIL(str(e))
 
-waitForBoot()
+#waitForBoot()
 
 try:
     console = XmConsole(domain.getName(), historySaveCmds=True)
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/create/15_create_smallmem_pos.py
--- a/tools/xm-test/tests/create/15_create_smallmem_pos.py      Tue Dec 13 
18:08:17 2005
+++ b/tools/xm-test/tests/create/15_create_smallmem_pos.py      Tue Dec 13 
18:08:26 2005
@@ -7,8 +7,8 @@
 
 MEM = 16
 
-domain = XmTestDomain(extraOpts={"memory":"%i" % MEM,
-                                 "extra" :"mem=%iM" % MEM})
+domain = XmTestDomain(extraConfig={"memory": MEM,
+                                   "extra" :"mem=%iM" % MEM})
 
 try:
     domain.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/memset/03_memset_random_pos.py
--- a/tools/xm-test/tests/memset/03_memset_random_pos.py        Tue Dec 13 
18:08:17 2005
+++ b/tools/xm-test/tests/memset/03_memset_random_pos.py        Tue Dec 13 
18:08:26 2005
@@ -20,8 +20,8 @@
     FAIL(str(e))
 
 times = random.randint(10,50)
-origmem = domain.getMem()
-currmem = domain.getMem()
+origmem = domain.config.getOpt("memory")
+currmem = domain.config.getOpt("memory")
 
 try:
     console = XmConsole(domain.getName())
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/network/02_network_local_ping_pos.py
--- a/tools/xm-test/tests/network/02_network_local_ping_pos.py  Tue Dec 13 
18:08:17 2005
+++ b/tools/xm-test/tests/network/02_network_local_ping_pos.py  Tue Dec 13 
18:08:26 2005
@@ -28,9 +28,9 @@
 mask = Net.mask("dom1", "eth0")
 
 # Fire up a guest domain w/1 nic
-domain = XmTestDomain()
+config = {"vif" : ['ip=%s' % ip]}
+domain = XmTestDomain(extraConfig=config)
 try:
-    domain.configSetVar('vif', " [ 'ip=" + ip + "' ]")
     domain.start()
 except DomainError, e:
     if verbose:
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/network/05_network_dom0_ping_pos.py
--- a/tools/xm-test/tests/network/05_network_dom0_ping_pos.py   Tue Dec 13 
18:08:17 2005
+++ b/tools/xm-test/tests/network/05_network_dom0_ping_pos.py   Tue Dec 13 
18:08:26 2005
@@ -31,9 +31,9 @@
         FAIL(str(e))
 
 # Fire up a guest domain w/1 nic
-domain = XmTestDomain()
+config = {"vif"  : ["ip=%s" % ip]}
+domain = XmTestDomain(extraConfig=config)
 try:
-    domain.configSetVar('vif', " [ 'ip=" + ip + "' ]")
     domain.start()
 except DomainError, e:
     if verbose:
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/network/11_network_domU_ping_pos.py
--- a/tools/xm-test/tests/network/11_network_domU_ping_pos.py   Tue Dec 13 
18:08:17 2005
+++ b/tools/xm-test/tests/network/11_network_domU_ping_pos.py   Tue Dec 13 
18:08:26 2005
@@ -15,15 +15,12 @@
 pingsizes = [ 1, 48, 64, 512, 1440, 1500, 1505, 4096, 4192, 
               32767, 65507 ]
 
-
-
 from XmTestLib import *
 
-
 def netDomain(ip):
-    dom = XmTestDomain()
+    config = {"vif"  : ["ip=%s" % ip]}
+    domain = XmTestDomain(extraConfig=config)
     try:
-        dom.configSetVar('vif', " [ 'ip=" + ip + "' ]")
         dom.start()
     except DomainError, e:
         if verbose:
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/restore/04_restore_withdevices_pos.py
--- a/tools/xm-test/tests/restore/04_restore_withdevices_pos.py Tue Dec 13 
18:08:17 2005
+++ b/tools/xm-test/tests/restore/04_restore_withdevices_pos.py Tue Dec 13 
18:08:26 2005
@@ -7,12 +7,9 @@
 
 import re
 
-domain = XmTestDomain()
-
-domain.configSetVar('vif', "[ '', '' ]")
-
-domain.configAddDisk("phy:/dev/ram0", "hda1", "w")
-domain.configAddDisk("phy:/dev/ram1", "hdb2", "w")
+config = {"disk": ["phy:/dev/ram0,hda1,w", "phy:/dev/ram1,hdb2,w"],
+          "vif":  ['', '']}
+domain = XmTestDomain(extraConfig=config)
 
 s, o = traceCommand("mke2fs -q /dev/ram0")
 if s != 0:
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/sedf/01_sedf_multi_pos.py
--- a/tools/xm-test/tests/sedf/01_sedf_multi_pos.py     Tue Dec 13 18:08:17 2005
+++ b/tools/xm-test/tests/sedf/01_sedf_multi_pos.py     Tue Dec 13 18:08:26 2005
@@ -7,7 +7,7 @@
 
 sedf_opts = "20000000 5000000 0 0 0"
 
-domain = XmTestDomain(extraOpts = {"sched":"sedf"})
+domain = XmTestDomain(extraConfig = {"sched":"sedf"})
 
 try:
     domain.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/vcpu-disable/01_vcpu-disable_basic_pos.py
--- a/tools/xm-test/tests/vcpu-disable/01_vcpu-disable_basic_pos.py     Tue Dec 
13 18:08:17 2005
+++ b/tools/xm-test/tests/vcpu-disable/01_vcpu-disable_basic_pos.py     Tue Dec 
13 18:08:26 2005
@@ -39,7 +39,7 @@
     SKIP("Host not capable of running test")
 
 # Start a XmTestDomain with 2 VCPUs
-domain = XmTestDomain(extraOpts = {"vcpus":"2"})
+domain = XmTestDomain(extraConfig={"vcpus":2})
 
 try:
     domain.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 xen/arch/x86/Makefile
--- a/xen/arch/x86/Makefile     Tue Dec 13 18:08:17 2005
+++ b/xen/arch/x86/Makefile     Tue Dec 13 18:08:26 2005
@@ -62,6 +62,8 @@
 boot/mkelf32: boot/mkelf32.c
        $(HOSTCC) $(HOSTCFLAGS) -o $@ $<
 
+shadow_guest32.o: shadow.c
+
 clean:
        rm -f *.o *.s *~ core boot/*.o boot/*~ boot/core boot/mkelf32
        rm -f x86_32/*.o x86_32/*~ x86_32/core
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 xen/arch/x86/vmx.c
--- a/xen/arch/x86/vmx.c        Tue Dec 13 18:08:17 2005
+++ b/xen/arch/x86/vmx.c        Tue Dec 13 18:08:26 2005
@@ -1476,6 +1476,15 @@
                 (unsigned long)regs->ecx, (unsigned long)regs->eax,
                 (unsigned long)regs->edx);
     switch (regs->ecx) {
+    case MSR_IA32_TIME_STAMP_COUNTER:
+    {
+        struct vmx_virpit *vpit;
+
+        rdtscll(msr_content);
+        vpit = &(v->domain->arch.vmx_platform.vmx_pit);
+        msr_content += vpit->shift;
+        break;
+    }
     case MSR_IA32_SYSENTER_CS:
         __vmread(GUEST_SYSENTER_CS, (u32 *)&msr_content);
         break;
@@ -1516,6 +1525,23 @@
     msr_content = (regs->eax & 0xFFFFFFFF) | ((u64)regs->edx << 32);
 
     switch (regs->ecx) {
+    case MSR_IA32_TIME_STAMP_COUNTER:
+    {
+        struct vmx_virpit *vpit;
+        u64 host_tsc, drift;
+
+        rdtscll(host_tsc);
+        vpit = &(v->domain->arch.vmx_platform.vmx_pit);
+        drift = v->arch.arch_vmx.tsc_offset - vpit->shift;
+        vpit->shift = msr_content - host_tsc;
+        v->arch.arch_vmx.tsc_offset = vpit->shift + drift;
+        __vmwrite(TSC_OFFSET, vpit->shift);
+
+#if defined (__i386__)
+        __vmwrite(TSC_OFFSET_HIGH, ((vpit->shift)>>32));
+#endif
+        break;
+    }
     case MSR_IA32_SYSENTER_CS:
         __vmwrite(GUEST_SYSENTER_CS, msr_content);
         break;
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 xen/arch/x86/vmx_io.c
--- a/xen/arch/x86/vmx_io.c     Tue Dec 13 18:08:17 2005
+++ b/xen/arch/x86/vmx_io.c     Tue Dec 13 18:08:26 2005
@@ -801,11 +801,11 @@
         drift = vpit->period_cycles * vpit->pending_intr_nr;
     else 
         drift = 0;
-    drift = v->arch.arch_vmx.tsc_offset - drift;
-    __vmwrite(TSC_OFFSET, drift);
+    vpit->shift = v->arch.arch_vmx.tsc_offset - drift;
+    __vmwrite(TSC_OFFSET, vpit->shift);
 
 #if defined (__i386__)
-    __vmwrite(TSC_OFFSET_HIGH, (drift >> 32));
+    __vmwrite(TSC_OFFSET_HIGH, ((vpit->shift)>> 32));
 #endif
 }
 
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 xen/common/grant_table.c
--- a/xen/common/grant_table.c  Tue Dec 13 18:08:17 2005
+++ b/xen/common/grant_table.c  Tue Dec 13 18:08:26 2005
@@ -579,7 +579,7 @@
         (void)put_user(GNTST_okay, &uop->status);
         for ( i = 0; i < op.nr_frames; i++ )
             (void)put_user(gnttab_shared_mfn(d, d->grant_table, i),
-                           &uop->frame_list[i]);
+                           &op.frame_list[i]);
     }
 
     put_domain(d);
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 xen/include/asm-x86/msr.h
--- a/xen/include/asm-x86/msr.h Tue Dec 13 18:08:17 2005
+++ b/xen/include/asm-x86/msr.h Tue Dec 13 18:08:26 2005
@@ -88,6 +88,7 @@
 /* Intel defined MSRs. */
 #define MSR_IA32_P5_MC_ADDR            0
 #define MSR_IA32_P5_MC_TYPE            1
+#define MSR_IA32_TIME_STAMP_COUNTER    0x10
 #define MSR_IA32_PLATFORM_ID           0x17
 #define MSR_IA32_EBL_CR_POWERON                0x2a
 
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 xen/include/asm-x86/vmx_vpit.h
--- a/xen/include/asm-x86/vmx_vpit.h    Tue Dec 13 18:08:17 2005
+++ b/xen/include/asm-x86/vmx_vpit.h    Tue Dec 13 18:08:26 2005
@@ -21,6 +21,7 @@
     /* for simulation of counter 0 in mode 2*/
     u64 period_cycles;                 /* pit frequency in cpu cycles */
     u64 inject_point; /* the time inject virt intr */
+    u64 shift;  /* save the value of offset - drift */
     s_time_t scheduled;                 /* scheduled timer interrupt */
     struct ac_timer pit_timer;  /* periodic timer for mode 2*/
     unsigned int channel;  /* the pit channel, counter 0~2 */
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 tools/security/python/setup.py
--- /dev/null   Tue Dec 13 18:08:17 2005
+++ b/tools/security/python/setup.py    Tue Dec 13 18:08:26 2005
@@ -0,0 +1,30 @@
+#!/usr/bin/python
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License,
+# or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+from distutils.core import setup
+import os
+
+# This setup script is invoked from the parent directory, so base
+#   everything as if executing from there.
+XEN_ROOT = "../.."
+
+setup(name            = 'xensec_gen',
+      version         = '3.0',
+      description     = 'Xen XML Security Policy Generator',
+      package_dir     = { 'xen' : 'python' },
+      packages        = ['xen.xensec_gen'],
+      )
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/security/python/xensec_gen/cgi-bin/policy.cgi
--- /dev/null   Tue Dec 13 18:08:17 2005
+++ b/tools/security/python/xensec_gen/cgi-bin/policy.cgi       Tue Dec 13 
18:08:26 2005
@@ -0,0 +1,1325 @@
+#!/usr/bin/python
+#
+# The Initial Developer of the Original Code is International
+# Business Machines Corporation. Portions created by IBM
+# Corporation are Copyright (C) 2005 International Business
+# Machines Corporation. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License,
+# or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import os
+import cgi
+import cgitb; cgitb.enable( )
+import time
+import xml.dom.minidom
+import xml.sax
+import xml.sax.handler
+from StringIO import StringIO
+from sets import Set
+
+def getSavedData( ):
+       global formData, policyXml, formVariables, formCSNames
+       global templateCSMTypes, templateCSMDel, templateCSMType, templateCSMAdd
+       global allCSMTypes
+
+       # Process the XML upload policy file
+       if formData.has_key( 'i_policy' ):
+               dataList = formData.getlist( 'i_policy' )
+               if len( dataList ) > 0:
+                       policyXml  = dataList[0]
+
+       # Process all the hidden input variables (if present)
+       for formVar in formVariables:
+               if formVar[2] == '':
+                       continue
+
+               if formData.has_key( formVar[2] ):
+                       dataList = formData.getlist( formVar[2] )
+                       if len( dataList ) > 0:
+                               if isinstance( formVar[1], list ):
+                                       exec 'formVar[1] = ' + dataList[0]
+                               else:
+                                       formVar[1] = dataList[0]
+
+       # The form can contain any number of "Conflict Sets"
+       #   so update the list of form variables to include
+       #   each conflict set (hidden input variable)
+       for csName in formCSNames[1]:
+               newCS( csName )
+               if formData.has_key( allCSMTypes[csName][2] ):
+                       dataList = formData.getlist( allCSMTypes[csName][2] )
+                       if len( dataList ) > 0:
+                               exec 'allCSMTypes[csName][1] = ' + dataList[0]
+
+def getCurrentTime( ):
+       return time.strftime( '%Y-%m-%d %H:%M:%S', time.localtime( ) )
+
+def getName( domNode ):
+       nameNodes = domNode.getElementsByTagName( 'Name' )
+       if len( nameNodes ) == 0:
+               formatXmlError( '"<Name>" tag is missing' )
+               return None
+
+       name = ''
+       for childNode in nameNodes[0].childNodes:
+               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                       name = name + childNode.data
+
+       return name
+
+def getDate( domNode ):
+       dateNodes = domNode.getElementsByTagName( 'Date' )
+       if len( dateNodes ) == 0:
+               formatXmlError( '"<Date>" tag is missing' )
+               return None
+
+       date = ''
+       for childNode in dateNodes[0].childNodes:
+               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                       date = date + childNode.data
+
+       return date
+
+def getSteTypes( domNode, missingIsError = 0 ):
+       steNodes = domNode.getElementsByTagName( 'SimpleTypeEnforcementTypes' )
+       if len( steNodes ) == 0:
+               if missingIsError == 1:
+                       formatXmlError( '"<SimpleTypeEnforcementTypes>" tag is 
missing' )
+                       return None
+               else:
+                       return []
+
+       return getTypes( steNodes[0] )
+
+def getChWTypes( domNode, missingIsError = 0 ):
+       chwNodes = domNode.getElementsByTagName( 'ChineseWallTypes' )
+       if len( chwNodes ) == 0:
+               if missingIsError == 1:
+                       formatXmlError( '"<ChineseWallTypes>" tag is missing' )
+                       return None
+               else:
+                       return []
+
+       return getTypes( chwNodes[0] )
+
+def getTypes( domNode ):
+       types = []
+
+       domNodes = domNode.getElementsByTagName( 'Type' )
+       if len( domNodes ) == 0:
+               formatXmlError( '"<Type>" tag is missing' )
+               return None
+
+       for domNode in domNodes:
+               typeText = ''
+               for childNode in domNode.childNodes:
+                       if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                               typeText = typeText + childNode.data
+
+               if typeText == '':
+                       formatXmlError( 'No text associated with the "<Type>" 
tag' )
+                       return None
+
+               types.append( typeText )
+
+       return types
+
+def formatXmlError( msg, xml = '', lineNum = -1, colNum = -1 ):
+       global xmlMessages, xmlError
+
+       xmlError = 1
+       addMsg = cgi.escape( msg )
+
+       if lineNum != -1:
+               sio = StringIO( xml )
+               for xmlLine in sio:
+                       lineNum = lineNum - 1
+                       if lineNum == 0:
+                               break;
+
+               addMsg += '<BR><PRE>' + cgi.escape( xmlLine.rstrip( ) )
+
+               if colNum != -1:
+                       errLine = ''
+                       for i in range( colNum ):
+                               errLine = errLine + '-'
+
+                       addMsg += '\n' + errLine + '^'
+
+               addMsg += '</PRE>'
+
+       xmlMessages.append( addMsg )
+
+def formatXmlGenError( msg ):
+       global xmlMessages, xmlIncomplete
+
+       xmlIncomplete = 1
+       xmlMessages.append( cgi.escape( msg ) )
+
+def parseXml( xmlInput ):
+       global xmlMessages, xmlError, xmlLine, xmlColumn
+
+       xmlParser  = xml.sax.make_parser( )
+       try:
+               domDoc = xml.dom.minidom.parseString( xmlInput, xmlParser )
+
+       except xml.sax.SAXParseException, xmlErr:
+               msg = ''
+               msg = msg + 'XML parsing error occurred at line '
+               msg = msg + `xmlErr.getLineNumber( )`
+               msg = msg + ', column '
+               msg = msg + `xmlErr.getColumnNumber( )`
+               msg = msg + ': reason = "'
+               msg = msg + xmlErr.getMessage( )
+               msg = msg + '"'
+               formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), 
xmlErr.getColumnNumber( ) )
+               return None
+
+       except xml.sax.SAXException, xmlErr:
+               msg = ''
+               msg = msg + 'XML Parsing error: ' + `xmlErr`
+               formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), 
xmlErr.getColumnNumber( ) )
+               return None
+
+       return domDoc
+
+def parsePolicyXml( ):
+       global policyXml
+       global formPolicyName, formPolicyDate, formPolicyOrder
+       global formSteTypes, formChWallTypes
+       global allCSMTypes
+
+       domDoc = parseXml( policyXml )
+       if domDoc == None:
+               return
+
+       domRoot    = domDoc.documentElement
+       domHeaders = domRoot.getElementsByTagName( 'PolicyHeader' )
+       if len( domHeaders ) == 0:
+               msg = ''
+               msg = msg + '"<PolicyHeader>" tag is missing.\n'
+               msg = msg + 'Please validate the Policy file used.'
+               formatXmlError( msg )
+               return
+
+       pName = getName( domHeaders[0] )
+       if pName == None:
+               msg = ''
+               msg = msg + 'Error processing the Policy header information.\n'
+               msg = msg + 'Please validate the Policy file used.'
+               formatXmlError( msg )
+               return
+
+       formPolicyName[1] = pName
+
+       pDate = getDate( domHeaders[0] )
+       if pDate == None:
+               msg = ''
+               msg = msg + 'Error processing the Policy header information.\n'
+               msg = msg + 'Please validate the Policy file used.'
+               formatXmlError( msg )
+               return
+
+       formPolicyDate[1] = pDate
+
+       pOrder = ''
+       domStes = domRoot.getElementsByTagName( 'SimpleTypeEnforcement' )
+       if len( domStes ) > 0:
+               if domStes[0].hasAttribute( 'priority' ):
+                       if domStes[0].getAttribute( 'priority' ) != 
'PrimaryPolicyComponent':
+                               msg = ''
+                               msg = msg + 'Error processing the 
"<SimpleTypeEnforcement>" tag.\n'
+                               msg = msg + 'The "priority" attribute value is 
not valid.\n'
+                               msg = msg + 'Please validate the Policy file 
used.'
+                               formatXmlError( msg )
+                               return
+
+                       pOrder = 'v_Ste'
+
+               steTypes = getSteTypes( domStes[0], 1 )
+               if steTypes == None:
+                       msg = ''
+                       msg = msg + 'Error processing the SimpleTypeEnforcement 
types.\n'
+                       msg = msg + 'Please validate the Policy file used.'
+                       formatXmlError( msg )
+                       return
+
+               formSteTypes[1] = steTypes
+
+       domChWalls = domRoot.getElementsByTagName( 'ChineseWall' )
+       if len( domChWalls ) > 0:
+               if domChWalls[0].hasAttribute( 'priority' ):
+                       if domChWalls[0].getAttribute( 'priority' ) != 
'PrimaryPolicyComponent':
+                               msg = ''
+                               msg = msg + 'Error processing the 
"<ChineseWall>" tag.\n'
+                               msg = msg + 'The "priority" attribute value is 
not valid.\n'
+                               msg = msg + 'Please validate the Policy file 
used.'
+                               formatXmlError( msg )
+                               return
+
+                       if pOrder != '':
+                               msg = ''
+                               msg = msg + 'Error processing the 
"<ChineseWall>" tag.\n'
+                               msg = msg + 'The "priority" attribute has been 
previously specified.\n'
+                               msg = msg + 'Please validate the Policy file 
used.'
+                               formatXmlError( msg )
+                               return
+
+                       pOrder = 'v_ChWall'
+
+               chwTypes = getChWTypes( domChWalls[0], 1 )
+               if chwTypes == None:
+                       msg = ''
+                       msg = msg + 'Error processing the ChineseWall types.\n'
+                       msg = msg + 'Please validate the Policy file used.'
+                       formatXmlError( msg )
+                       return
+
+               formChWallTypes[1] = chwTypes
+
+               csNodes = domChWalls[0].getElementsByTagName( 'ConflictSets' )
+               if len( csNodes ) == 0:
+                       msg = ''
+                       msg = msg + 'Required "<ConflictSets>" tag missing.\n'
+                       msg = msg + 'Please validate the Policy file used.'
+                       formatXmlError( msg )
+                       return
+
+               cNodes = csNodes[0].getElementsByTagName( 'Conflict' )
+               if len( cNodes ) == 0:
+                       msg = ''
+                       msg = msg + 'Required "<Conflict>" tag missing.\n'
+                       msg = msg + 'Please validate the Policy file used.'
+                       formatXmlError( msg )
+                       return
+
+               for cNode in cNodes:
+                       csName = cNode.getAttribute( 'name' )
+                       newCS( csName, 1 )
+
+                       csMemberList = getTypes( cNode )
+                       if csMemberList == None:
+                               msg = ''
+                               msg = msg + 'Error processing the Conflict Set 
members.\n'
+                               msg = msg + 'Please validate the Policy file 
used.'
+                               formatXmlError( msg )
+                               return
+
+                       # Verify the conflict set members are valid types
+                       ctSet = Set( formChWallTypes[1] )
+                       csSet = Set( csMemberList )
+                       if not csSet.issubset( ctSet ):
+                               msg = ''
+                               msg = msg + 'Error processing Conflict Set "' + 
csName + '".\n'
+                               msg = msg + 'Members of the conflict set are 
not valid '
+                               msg = msg + 'Chinese Wall types.\n'
+                               msg = msg + 'Please validate the Policy file 
used.'
+                               formatXmlError( msg )
+
+                       allCSMTypes[csName][1] = csMemberList
+
+       if pOrder != '':
+               formPolicyOrder[1] = pOrder
+       else:
+               if (len( domStes ) > 0) or (len( domChWalls ) > 0):
+                       msg = ''
+                       msg = msg + 'The "priority" attribute has not been 
specified.\n'
+                       msg = msg + 'It must be specified on one of the access 
control types.\n'
+                       msg = msg + 'Please validate the Policy file used.'
+                       formatXmlError( msg )
+                       return
+
+def modFormTemplate( formTemplate, suffix ):
+       formVar = [x for x in formTemplate]
+
+       if formVar[2] != '':
+               formVar[2] = formVar[2] + suffix
+       if formVar[3] != '':
+               formVar[3] = formVar[3] + suffix
+       if (formVar[0] != 'button') and (formVar[4] != ''):
+               formVar[4] = formVar[4] + suffix
+
+       return formVar;
+
+def removeDups( curList ):
+       newList = []
+       curSet  = Set( curList )
+       for x in curSet:
+               newList.append( x )
+       newList.sort( )
+
+       return newList
+
+def newCS( csName, addToList = 0 ):
+       global formCSNames
+       global templateCSDel, allCSDel
+       global templateCSMTypes, templateCSMDel, templateCSMType, templateCSMAdd
+       global allCSMTypes, allCSMDel, allCSMType, allCSMAdd
+
+       csSuffix = '_' + csName
+
+       # Make sure we have an actual name and check one of the 'all'
+       # variables to be sure it hasn't been previously defined
+       if (len( csName ) > 0) and (not allCSMTypes.has_key( csName )):
+               allCSDel[csName]    = modFormTemplate( templateCSDel,    
csSuffix )
+               allCSMTypes[csName] = modFormTemplate( templateCSMTypes, 
csSuffix )
+               allCSMDel[csName]   = modFormTemplate( templateCSMDel,   
csSuffix )
+               allCSMType[csName]  = modFormTemplate( templateCSMType,  
csSuffix )
+               allCSMAdd[csName]   = modFormTemplate( templateCSMAdd,   
csSuffix )
+               if addToList == 1:
+                       formCSNames[1].append( csName )
+                       formCSNames[1] = removeDups( formCSNames[1] )
+
+def updateInfo( ):
+       global formData, formPolicyName, formPolicyDate, formPolicyOrder
+
+       if formData.has_key( formPolicyName[3] ):
+               formPolicyName[1] = formData[formPolicyName[3]].value
+       elif formData.has_key( formPolicyUpdate[3] ):
+               formPolicyName[1] = ''
+
+       if formData.has_key( formPolicyDate[3] ):
+               formPolicyDate[1] = formData[formPolicyDate[3]].value
+       elif formData.has_key( formPolicyUpdate[3] ):
+               formPolicyDate[1] = ''
+
+       if formData.has_key( formPolicyOrder[3] ):
+               formPolicyOrder[1] = formData[formPolicyOrder[3]].value
+
+def addSteType( ):
+       global formData, formSteType, formSteTypes
+
+       if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( 
formSteAdd[3] )):
+               if formData.has_key( formSteType[3] ):
+                       type = formData[formSteType[3]].value
+                       type = type.strip( )
+                       if len( type ) > 0:
+                               formSteTypes[1].append( type )
+                               formSteTypes[1] = removeDups( formSteTypes[1] )
+
+
+def delSteType( ):
+       global formData, formSteTypes
+
+       if formData.has_key( formSteTypes[3] ):
+               typeList = formData.getlist( formSteTypes[3] )
+               for type in typeList:
+                       type = type.strip( )
+                       formSteTypes[1].remove( type )
+
+def addChWallType( ):
+       global formData, formChWallType, formChWallTypes
+
+       if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( 
formChWallAdd[3] )):
+               if formData.has_key( formChWallType[3] ):
+                       type = formData[formChWallType[3]].value
+                       type = type.strip( )
+                       if len( type ) > 0:
+                               formChWallTypes[1].append( type )
+                               formChWallTypes[1] = removeDups( 
formChWallTypes[1] )
+
+def delChWallType( ):
+       global formData, formChWallTypes
+
+       if formData.has_key( formChWallTypes[3] ):
+               typeList = formData.getlist( formChWallTypes[3] )
+               for type in typeList:
+                       type = type.strip( )
+                       formChWallTypes[1].remove( type )
+
+def addCS( ):
+       global formData, formCSNames
+
+       if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( 
formCSAdd[3] )):
+               if formData.has_key( formCSName[3] ):
+                       csName = formData[formCSName[3]].value
+                       csName = csName.strip( )
+                       newCS( csName, 1 )
+
+def delCS( csName ):
+       global formData, formCSNames, allCSDel
+       global allCSMTypes, allCSMDel, allCSMType, allCSMAdd
+
+       csName = csName.strip( )
+       formCSNames[1].remove( csName )
+       del allCSDel[csName]
+       del allCSMTypes[csName]
+       del allCSMDel[csName]
+       del allCSMType[csName]
+       del allCSMAdd[csName]
+
+def addCSMember( csName ):
+       global formData, allCSMType, allCSMTypes
+
+       formVar = allCSMType[csName]
+       if formData.has_key( formVar[3] ):
+               csmList = formData.getlist( formVar[3] )
+               formVar = allCSMTypes[csName]
+               for csm in csmList:
+                       csm = csm.strip( )
+                       formVar[1].append( csm )
+                       formVar[1] = removeDups( formVar[1] )
+
+def delCSMember( csName ):
+       global formData, allCSMTypes
+
+       formVar = allCSMTypes[csName]
+       if formData.has_key( formVar[3] ):
+               csmList = formData.getlist( formVar[3] )
+               for csm in csmList:
+                       csm = csm.strip( )
+                       formVar[1].remove( csm )
+
+def processRequest( ):
+       global policyXml
+       global formData, formPolicyUpdate
+       global formSteAdd, formSteDel
+       global formChWallAdd, formChWallDel
+       global formCSAdd, allCSDel
+       global formCSNames, allCSMAdd, allCSMDel
+
+       if policyXml != '':
+               parsePolicyXml( )
+
+       # Allow the updating of the header information whenever
+       # an action is performed
+       updateInfo( )
+
+       # Allow the adding of types/sets if the user has hit the
+       # enter key when attempting to add a type/set
+       addSteType( )
+       addChWallType( )
+       addCS( )
+
+       if formData.has_key( formSteDel[3] ):
+               delSteType( )
+
+       elif formData.has_key( formChWallDel[3] ):
+               delChWallType( )
+
+       else:
+               for csName in formCSNames[1]:
+                       if formData.has_key( allCSDel[csName][3] ):
+                               delCS( csName )
+                               continue
+
+                       if formData.has_key( allCSMAdd[csName][3] ):
+                               addCSMember( csName )
+
+                       elif formData.has_key( allCSMDel[csName][3] ):
+                               delCSMember( csName )
+
+def makeName( name, suffix='' ):
+       rName = name
+       if suffix != '':
+               rName = rName + '_' + suffix
+
+       return rName
+
+def makeNameAttr( name, suffix='' ):
+       return 'name="' + makeName( name, suffix ) + '"'
+
+def makeValue( value, suffix='' ):
+       rValue = value
+
+       if isinstance( value, list ):
+               rValue = '['
+               for val in value:
+                       rValue = rValue + '\'' + val
+                       if suffix != '':
+                               rValue = rValue + '_' + suffix
+                       rValue = rValue + '\','
+               rValue = rValue + ']'
+
+       else:
+               if suffix != '':
+                       rValue = rValue + '_' + suffix
+
+       return rValue
+
+def makeValueAttr( value, suffix='' ):
+       return 'value="' + makeValue( value, suffix ) + '"'
+
+def sendHtmlFormVar( formVar, attrs='' ):
+       nameAttr  = ''
+       valueAttr = ''
+       htmlText  = ''
+
+       if formVar[0] == 'text':
+               if formVar[3] != '':
+                       nameAttr = makeNameAttr( formVar[3] )
+               valueAttr = makeValueAttr( formVar[1] )
+
+               print '<INPUT type="text"', nameAttr, valueAttr, attrs, '>'
+
+       elif formVar[0] == 'list':
+               if formVar[3] != '':
+                       nameAttr = makeNameAttr( formVar[3] )
+
+               print '<SELECT', nameAttr, attrs, '>'
+               for option in formVar[1]:
+                       print '<OPTION>' + option + '</OPTION>'
+               print '</SELECT>'
+
+       elif formVar[0] == 'button':
+               if formVar[3] != '':
+                       nameAttr = makeNameAttr( formVar[3] )
+               if formVar[4] != '':
+                       valueAttr = makeValueAttr( formVar[4] )
+
+               print '<INPUT type="submit"', nameAttr, valueAttr, attrs, '>'
+
+       elif formVar[0] == 'radiobutton':
+               if formVar[3] != '':
+                       nameAttr  = makeNameAttr( formVar[3] )
+                       valueAttr = makeValueAttr( formVar[4][rb_select] )
+                       htmlText  = formVar[5][rb_select]
+                       if formVar[4][rb_select] == formVar[1]:
+                               checked = 'checked'
+                       else:
+                               checked = ''
+
+                       print '<INPUT type="radio"', nameAttr, valueAttr, 
attrs, checked, '>', htmlText
+
+       elif formVar[0] == 'radiobutton-all':
+               if formVar[3] != '':
+                       nameAttr = makeNameAttr( formVar[3] )
+                       buttonVals  = formVar[4]
+                       buttonTexts = formVar[5]
+                       for i, buttonVal in enumerate( buttonVals ):
+                               htmlText = ''
+                               addAttrs = ''
+                               checked  = ''
+
+                               valueAttr = makeValueAttr( buttonVal )
+                               if formVar[5] != '':
+                                       htmlText = formVar[5][i]
+                               if attrs != '':
+                                       addAttrs = attrs[i]
+                               if buttonVal == formVar[1]:
+                                       checked = 'checked'
+
+                               print '<INPUT type="radio"', nameAttr, 
valueAttr, addAttrs, checked, '>', htmlText, '<BR>'
+
+       if formVar[2] != '':
+               nameAttr = makeNameAttr( formVar[2] )
+               valueAttr = makeValueAttr( formVar[1] )
+               print '<INPUT type="hidden"', nameAttr, valueAttr, '>'
+
+def sendHtmlHeaders( ):
+       # HTML headers
+       print 'Content-Type: text/html'
+       print
+
+def sendPolicyHtml( ):
+       global xmlError, xmlIncomplete, xmlMessages, formXmlGen
+
+       print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"'
+       print '  "http://www.w3.org/TR/html4/loose.dtd";>'
+
+       print '<HTML>'
+
+       sendHtmlHead( )
+
+       print '<BODY>'
+
+       # An input XML file was specified that had errors, output the
+       # error information
+       if xmlError == 1:
+               print '<P>'
+               print 'An error has been encountered while processing the input 
'
+               print 'XML file:'
+               print '<UL>'
+               for msg in xmlMessages:
+                       print '<LI>'
+                       print msg
+               print '</UL>'
+               print '</BODY>'
+               print '</HTML>'
+               return
+
+       # When attempting to generate the XML output, all required data was not
+       # present, output the error information
+       if xmlIncomplete == 1:
+               print '<P>'
+               print 'An error has been encountered while validating the data'
+               print 'required for the output XML file:'
+               print '<UL>'
+               for msg in xmlMessages:
+                       print '<LI>'
+                       print msg
+               print '</UL>'
+               print '</BODY>'
+               print '</HTML>'
+               return
+
+       print '<CENTER>'
+       print '<FORM action="' + os.environ['SCRIPT_NAME'] + '" method="post">'
+       print '<TABLE class="container">'
+       print '  <COLGROUP>'
+       print '    <COL width="100%">'
+       print '  </COLGROUP>'
+
+       print '  <TR>'
+       print '    <TD>'
+       print '      <TABLE>'
+       print '        <TR>'
+       print '          <TD>'
+       sendHtmlFormVar( formDefaultButton, 'class="hidden"' )
+       print '          </TD>'
+       print '        </TR>'
+       print '        <TR>'
+       print '          <TD>'
+       sendHtmlFormVar( formXmlGen )
+       print '          </TD>'
+       print '        </TR>'
+       print '      </TABLE>'
+       print '    </TD>'
+       print '  </TR>'
+
+       # Policy header
+       print '  <TR>'
+       print '    <TD>'
+       sendPHeaderHtml( )
+       print '    </TD>'
+       print '  </TR>'
+
+       # Separator
+       print '  <TR><TD><HR></TD></TR>'
+
+       # Policy (types)
+       print '  <TR>'
+       print '    <TD>'
+       print '      <TABLE class="full">'
+       print '        <TR>'
+       print '          <TD width="49%">'
+       sendPSteHtml( )
+       print '          </TD>'
+       print '          <TD width="2%">&nbsp;</TD>'
+       print '          <TD width="49%">'
+       sendPChWallHtml( )
+       print '          </TD>'
+       print '        </TR>'
+       print '      </TABLE>'
+       print '    </TD>'
+       print '  </TR>'
+
+       print '</TABLE>'
+       print '</FORM>'
+       print '</CENTER>'
+
+       print '</BODY>'
+
+       print '</HTML>'
+
+def sendHtmlHead( ):
+       global headTitle
+
+       print '<HEAD>'
+       print '<STYLE type="text/css">'
+       print '<!--'
+       print 'BODY            {background-color: #EEEEFF;}'
+       print 'TABLE.container {width:  90%; border: 1px solid black; 
border-collapse: seperate;}'
+       print 'TABLE.fullbox   {width: 100%; border: 1px solid black; 
border-collapse: collapse;}'
+       print 'TABLE.full      {width: 100%; border: 0px solid black; 
border-collapse: collapse;}'
+       print 'THEAD           {font-weight: bold; font-size: larger;}'
+       print 'TD              {border: 0px solid black; vertical-align: top;}'
+       print 'TD.heading      {border: 0px solid black; vertical-align: top; 
font-weight: bold; font-size: larger;}'
+       print 'TD.subheading   {border: 0px solid black; vertical-align: top; 
font-size: smaller;}'
+       print 'TD.fullbox      {border: 1px solid black; vertical-align: top;}'
+       print 'SELECT.full     {width: 100%;}'
+       print 'INPUT.full      {width: 100%;}'
+       print 'INPUT.link      {cursor: pointer; background-color: #EEEEFF; 
border: 0px; text-decoration: underline; color: blue;}'
+       print 'INPUT.hidden    {visibility: hidden; width: 1px; height: 1px;}'
+       print ':link           {color: blue;}'
+       print ':visited        {color: red;}'
+       print '-->'
+       print '</STYLE>'
+       print '<TITLE>', headTitle, '</TITLE>'
+       print '</HEAD>'
+
+def sendPHeaderHtml( ):
+       global formPolicyName, formPolicyDate, formPolicyOrder, formPolicyUpdate
+
+       # Policy header definition
+       print '<TABLE class="full">'
+       print '  <COLGROUP>'
+       print '    <COL width="20%">'
+       print '    <COL width="80%">'
+       print '  </COLGROUP>'
+       print '  <TR>'
+       print '    <TD align="center" colspan="2" class="heading">Policy 
Information</TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="right">Name:</TD>'
+       print '    <TD align="left">'
+       sendHtmlFormVar( formPolicyName, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="right">Date:</TD>'
+       print '    <TD align="left">'
+       sendHtmlFormVar( formPolicyDate, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="right">Primary Policy:</TD>'
+       print '    <TD align="left">'
+       sendHtmlFormVar( formPolicyOrder )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="center" colspan="2">'
+       sendHtmlFormVar( formPolicyUpdate )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="center" colspan="2" class="subheading">'
+       print '      (The Policy Information is updated whenever an action is 
performed'
+       print '       or it can be updated separately using the "Update" 
button)'
+       print '    </TD>'
+       print '  </TR>'
+       print '</TABLE>'
+
+def sendPSteHtml( ):
+       global formSteTypes, formSteDel, formSteType, formSteAdd
+
+       # Simple Type Enforcement...
+       print '<TABLE class="full">'
+       print '  <COLGROUP>'
+       print '    <COL width="20%">'
+       print '    <COL width="80%">'
+       print '  </COLGROUP>'
+       print '  <TR>'
+       print '    <TD align="center" colspan="2" class="heading">Simple Type 
Enforcement Types</TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD colspan="2">'
+       sendHtmlFormVar( formSteTypes, 'class="full" size="4" multiple' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD>'
+       sendHtmlFormVar( formSteDel, 'class="full"' )
+       print '    </TD>'
+       print '    <TD>'
+       print '      Delete the type(s) selected above'
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD colspan="2">'
+       sendHtmlFormVar( formSteType, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD>'
+       sendHtmlFormVar( formSteAdd, 'class="full"' )
+       print '    </TD>'
+       print '    <TD>'
+       print '      Create a new type with the above name'
+       print '    </TD>'
+       print '  </TR>'
+       print '</TABLE>'
+
+def sendPChWallHtml( ):
+       global formChWallTypes, formChWallDel, formChWallType, formChWallAdd
+       global formCSNames, formCSName, formCSAdd, allCSDel
+       global allCSMTypes, allCSMDel, allCSMType, allCSMAdd
+
+       # Chinese Wall...
+       print '<TABLE class="full">'
+       print '  <COLGROUP>'
+       print '    <COL width="20%">'
+       print '    <COL width="80%">'
+       print '  </COLGROUP>'
+       print '  <TR>'
+       print '    <TD align="center" colspan="2" class="heading">Chinese Wall 
Types</TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD colspan="2">'
+       sendHtmlFormVar( formChWallTypes, 'class="full" size="4" multiple' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD>'
+       sendHtmlFormVar( formChWallDel, 'class="full"' )
+       print '    </TD>'
+       print '    <TD>'
+       print '      Delete the type(s) selected above'
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD colspan="2">'
+       sendHtmlFormVar( formChWallType, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD>'
+       sendHtmlFormVar( formChWallAdd, 'class="full"' )
+       print '    </TD>'
+       print '    <TD>'
+       print '      Create a new type with the above name'
+       print '    </TD>'
+       print '  </TR>'
+
+       # Chinese Wall Conflict Sets...
+       print '  <TR>'
+       print '    <TD colspan="2">'
+       print '      <TABLE class="full">'
+       print '        <COLGROUP>'
+       print '          <COL width="20%">'
+       print '          <COL width="30%">'
+       print '          <COL width="50%">'
+       print '        </COLGROUP>'
+       print '        <THEAD>'
+       print '          <TR>'
+       print '            <TD align="center" colspan="3"><HR></TD>'
+       print '          </TR>'
+       print '          <TR>'
+       print '            <TD align="center" colspan="3">Chinese Wall Conflict 
Sets</TD>'
+       print '          </TR>'
+       print '        </THEAD>'
+       print '        <TR>'
+       print '          <TD colspan="3">'
+       sendHtmlFormVar( formCSName, 'class="full"' )
+       sendHtmlFormVar( formCSNames )
+       print '          </TD>'
+       print '        </TR>'
+       print '        <TR>'
+       print '          <TD>'
+       sendHtmlFormVar( formCSAdd, 'class="full"' )
+       print '          </TD>'
+       print '          <TD colspan="2">'
+       print '            Create a new conflict set with the above name'
+       print '          </TD>'
+       print '        </TR>'
+       print '      </TABLE>'
+       print '    </TD>'
+       print '  </TR>'
+       if len( formCSNames[1] ) > 0:
+               print '  <TR>'
+               print '    <TD colspan="2">'
+               print '      &nbsp;'
+               print '    </TD>'
+               print '  </TR>'
+               print '  <TR>'
+               print '    <TD colspan="2">'
+               print '      <TABLE class="fullbox">'
+               print '        <COLGROUP>'
+               print '          <COL width="50%">'
+               print '          <COL width="50%">'
+               print '        </COLGROUP>'
+               print '        <THEAD>'
+               print '          <TR>'
+               print '            <TD class="fullbox">Name</TD>'
+               print '            <TD class="fullbox">Actions</TD>'
+               print '          </TR>'
+               print '        </THEAD>'
+               for i, csName in enumerate( formCSNames[1] ):
+                       print '        <TR>'
+                       print '          <TD class="fullbox">' + csName + 
'</TD>'
+                       print '          <TD class="fullbox">'
+                       print '            <A href="#' + csName + '">Edit</A>'
+                       formVar = allCSDel[csName]
+                       sendHtmlFormVar( formVar, 'class="link"' )
+                       print '          </TD>'
+               print '      </TABLE>'
+               print '    </TD>'
+               print '  </TR>'
+               for csName in formCSNames[1]:
+                       print '  <TR><TD colspan="2"><HR></TD></TR>'
+                       print '  <TR>'
+                       print '    <TD align="center" colspan="2" 
class="heading"><A name="' + csName + '">Conflict Set: ' + csName + '</A></TD>'
+                       print '  </TR>'
+                       print '  <TR>'
+                       print '    <TD colspan="2">'
+                       formVar = allCSMTypes[csName];
+                       sendHtmlFormVar( formVar, 'class="full" size="4" 
multiple"' )
+                       print '    </TD>'
+                       print '  </TR>'
+                       print '  <TR>'
+                       print '    <TD>'
+                       formVar = allCSMDel[csName]
+                       sendHtmlFormVar( formVar, 'class="full"' )
+                       print '    </TD>'
+                       print '    <TD>'
+                       print '      Delete the type(s) selected above'
+                       print '    </TD>'
+                       print '  </TR>'
+                       print '  <TR>'
+                       print '    <TD colspan="2">'
+                       ctSet = Set( formChWallTypes[1] )
+                       csSet = Set( allCSMTypes[csName][1] )
+                       formVar = allCSMType[csName]
+                       formVar[1] = []
+                       for chwallType in ctSet.difference( csSet ):
+                               formVar[1].append( chwallType )
+                       formVar[1].sort( )
+                       sendHtmlFormVar( formVar, 'class="full" size="2" 
multiple' )
+                       print '    </TD>'
+                       print '  </TR>'
+                       print '  <TR>'
+                       print '    <TD>'
+                       formVar = allCSMAdd[csName]
+                       sendHtmlFormVar( formVar, 'class="full"' )
+                       print '    </TD>'
+                       print '    <TD>'
+                       print '      Add the type(s) selected above'
+                       print '    </TD>'
+                       print '  </TR>'
+
+       print '</TABLE>'
+
+def checkXmlData( ):
+       global xmlIncomplete
+
+       # Validate the Policy Header requirements
+       if ( len( formPolicyName[1] ) > 0 ) or ( len( formPolicyDate[1] ) > 0 ):
+               if ( len( formPolicyName[1] ) == 0 ) or ( len( 
formPolicyDate[1] ) == 0 ):
+                       msg = ''
+                       msg = msg + 'The XML policy schema requires that the 
Policy '
+                       msg = msg + 'Information Name and Date fields both have 
values '
+                       msg = msg + 'or both not have values.'
+                       formatXmlGenError( msg )
+
+       if formPolicyOrder[1] == 'v_ChWall':
+               if len( formChWallTypes[1] ) == 0:
+                       msg = ''
+                       msg = msg + 'You have specified the primary policy to 
be '
+                       msg = msg + 'Chinese Wall but have not created any 
Chinese '
+                       msg = msg + 'Wall types.  Please create some Chinese 
Wall '
+                       msg = msg + 'types or change the primary policy.'
+                       formatXmlGenError( msg )
+
+       if formPolicyOrder[1] == 'v_Ste':
+               if len( formSteTypes[1] ) == 0:
+                       msg = ''
+                       msg = msg + 'You have specified the primary policy to 
be '
+                       msg = msg + 'Simple Type Enforcement but have not 
created '
+                       msg = msg + 'any Simple Type Enforcement types.  Please 
create '
+                       msg = msg + 'some Simple Type Enforcement types or 
change the '
+                       msg = msg + 'primary policy.'
+                       formatXmlGenError( msg )
+
+       # Validate the Chinese Wall required data
+       if len( formChWallTypes[1] ) > 0:
+               if len( formCSNames[1] ) == 0:
+                       msg = ''
+                       msg = msg + 'The XML policy schema for the Chinese Wall 
'
+                       msg = msg + 'requires at least one Conflict Set be 
defined.'
+                       formatXmlGenError( msg )
+
+def sendXmlHeaders( ):
+       # HTML headers
+       print 'Content-Type: text/xml'
+       print 'Content-Disposition: attachment; filename=security_policy.xml'
+       print
+
+def sendPolicyXml( ):
+       print '<?xml version="1.0"?>'
+
+       print '<SecurityPolicyDefinition xmlns="http://www.ibm.com";'
+       print '                          
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";'
+       print '                          xsi:schemaLocation="http://www.ibm.com 
security_policy.xsd">'
+
+       # Policy header
+       sendPHeaderXml( )
+
+       # Policy (types)
+       sendPSteXml( )
+       sendPChWallXml( )
+
+       print '</SecurityPolicyDefinition>'
+
+def sendPHeaderXml( ):
+       global formPolicyName, formPolicyDate
+
+       # Policy header definition
+       if ( len( formPolicyName[1] ) > 0 ) or ( len( formPolicyDate[1] ) > 0 ):
+               print '<PolicyHeader>'
+               print '  <Name>' + formPolicyName[1] + '</Name>'
+               print '  <Date>' + formPolicyDate[1] + '</Date>'
+               print '</PolicyHeader>'
+
+def sendPSteXml( ):
+       global formPolicyOrder, formSteTypes
+
+       # Simple Type Enforcement...
+       if len( formSteTypes[1] ) == 0:
+               return
+
+       if formPolicyOrder[1] == 'v_Ste':
+               print '<SimpleTypeEnforcement 
priority="PrimaryPolicyComponent">'
+       else:
+               print '<SimpleTypeEnforcement>'
+
+       print '  <SimpleTypeEnforcementTypes>'
+       for steType in formSteTypes[1]:
+               print '    <Type>' + steType + '</Type>'
+       print '  </SimpleTypeEnforcementTypes>'
+
+       print '</SimpleTypeEnforcement>'
+
+def sendPChWallXml( ):
+       global formPolicyOrder, formChWallTypes
+       global formCSNames, allCSMTypes
+
+       # Chinese Wall...
+       if len( formChWallTypes[1] ) == 0:
+               return
+
+       if formPolicyOrder[1] == 'v_ChWall':
+               print '<ChineseWall priority="PrimaryPolicyComponent">'
+       else:
+               print '<ChineseWall>'
+
+       print '  <ChineseWallTypes>'
+       for chWallType in formChWallTypes[1]:
+               print '    <Type>' + chWallType + '</Type>'
+       print '  </ChineseWallTypes>'
+
+       # Chinese Wall Conflict Sets...
+       print '  <ConflictSets>'
+       for cs in formCSNames[1]:
+               formVar = allCSMTypes[cs]
+               if len( formVar[1] ) == 0:
+                       continue
+               print '    <Conflict name="' + cs + '">'
+               for csm in formVar[1]:
+                       print '      <Type>' + csm + '</Type>'
+               print '    </Conflict>'
+       print '  </ConflictSets>'
+
+       print '</ChineseWall>'
+
+
+# Set up initial HTML variables
+headTitle = 'Xen Policy Generation'
+
+# Form variables
+#   The format of these variables is as follows:
+#   [ p0, p1, p2, p3, p4, p5 ]
+#     p0 = input type
+#     p1 = the current value of the variable
+#     p2 = the hidden input name attribute
+#     p3 = the name attribute
+#     p4 = the value attribute
+#     p5 = text to associate with the tag
+formPolicyName    = [ 'text',
+                       '',
+                       'h_policyName',
+                       'i_policyName',
+                       '',
+                       '',
+                   ]
+formPolicyDate    = [ 'text',
+                       getCurrentTime( ),
+                       'h_policyDate',
+                       'i_policyDate',
+                       '',
+                       '',
+                   ]
+formPolicyOrder   = [ 'radiobutton-all',
+                       'v_ChWall',
+                       'h_policyOrder',
+                       'i_policyOrder',
+                       [ 'v_Ste', 'v_ChWall' ],
+                       [ 'Simple Type Enforcement', 'Chinese Wall' ],
+                   ]
+formPolicyUpdate  = [ 'button',
+                       '',
+                       '',
+                       'i_PolicyUpdate',
+                       'Update',
+                       '',
+                   ]
+
+formSteTypes      = [ 'list',
+                       [],
+                       'h_steTypes',
+                       'i_steTypes',
+                       '',
+                       '',
+                   ]
+formSteDel        = [ 'button',
+                       '',
+                       '',
+                       'i_steDel',
+                       'Delete',
+                       '',
+                   ]
+formSteType       = [ 'text',
+                       '',
+                       '',
+                       'i_steType',
+                       '',
+                       '',
+                   ]
+formSteAdd        = [ 'button',
+                       '',
+                       '',
+                       'i_steAdd',
+                       'New',
+                       '',
+                   ]
+
+formChWallTypes   = [ 'list',
+                       [],
+                       'h_chwallTypes',
+                       'i_chwallTypes',
+                       '',
+                       '',
+                   ]
+formChWallDel     = [ 'button',
+                       '',
+                       '',
+                       'i_chwallDel',
+                       'Delete',
+                       '',
+                   ]
+formChWallType    = [ 'text',
+                       '',
+                       '',
+                       'i_chwallType',
+                       '',
+                       '',
+                   ]
+formChWallAdd     = [ 'button',
+                       '',
+                       '',
+                       'i_chwallAdd',
+                       'New',
+                       '',
+                   ]
+
+formCSNames       = [ '',
+                       [],
+                       'h_csNames',
+                       '',
+                       '',
+                       '',
+                   ]
+formCSName        = [ 'text',
+                       '',
+                       '',
+                       'i_csName',
+                       '',
+                       '',
+                   ]
+formCSAdd         = [ 'button',
+                       '',
+                       '',
+                       'i_csAdd',
+                       'New',
+                       '',
+                   ]
+
+formXmlGen          = [ 'button',
+                       '',
+                       '',
+                       'i_xmlGen',
+                       'Generate XML',
+                       '',
+                   ]
+
+formDefaultButton = [ 'button',
+                       '',
+                       '',
+                       'i_defaultButton',
+                       '.',
+                       '',
+                   ]
+
+# This is a set of templates used for each conflict set
+#   Each conflict set is initially assigned these templates,
+#   then each form attribute value is changed to append
+#   "_conflict-set-name" for uniqueness
+templateCSDel     = [ 'button',
+                       '',
+                       '',
+                       'i_csDel',
+                       'Delete',
+                       '',
+                   ]
+allCSDel          = {};
+
+templateCSMTypes  = [ 'list',
+                       [],
+                       'h_csmTypes',
+                       'i_csmTypes',
+                       '',
+                       '',
+                   ]
+templateCSMDel    = [ 'button',
+                       '',
+                       '',
+                       'i_csmDel',
+                       'Delete',
+                       '',
+                   ]
+templateCSMType   = [ 'list',
+                       [],
+                       '',
+                       'i_csmType',
+                       '',
+                       '',
+                   ]
+templateCSMAdd    = [ 'button',
+                       '',
+                       '',
+                       'i_csmAdd',
+                       'Add',
+                       '',
+                   ]
+allCSMTypes       = {};
+allCSMDel         = {};
+allCSMType        = {};
+allCSMAdd         = {};
+
+# A list of all form variables used for saving info across requests
+formVariables     = [ formPolicyName,
+                       formPolicyDate,
+                       formPolicyOrder,
+                       formSteTypes,
+                       formChWallTypes,
+                       formCSNames,
+                   ]
+
+policyXml         = ''
+xmlError          = 0
+xmlIncomplete     = 0
+xmlMessages       = []
+
+
+# Extract any form data
+formData = cgi.FieldStorage( )
+
+# Process the form
+getSavedData( )
+processRequest( )
+
+if formData.has_key( formXmlGen[3] ):
+       # Generate and send the XML file
+       checkXmlData( )
+
+       if xmlIncomplete == 0:
+               sendXmlHeaders( )
+               sendPolicyXml( )
+
+if (not formData.has_key( formXmlGen[3] )) or (xmlIncomplete == 1 ):
+       # Send HTML to continue processing the form
+       sendHtmlHeaders( )
+       sendPolicyHtml( )
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/security/python/xensec_gen/cgi-bin/policylabel.cgi
--- /dev/null   Tue Dec 13 18:08:17 2005
+++ b/tools/security/python/xensec_gen/cgi-bin/policylabel.cgi  Tue Dec 13 
18:08:26 2005
@@ -0,0 +1,1396 @@
+#!/usr/bin/python
+#
+# The Initial Developer of the Original Code is International
+# Business Machines Corporation. Portions created by IBM
+# Corporation are Copyright (C) 2005 International Business
+# Machines Corporation. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License,
+# or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import os
+import cgi
+import cgitb; cgitb.enable( )
+import time
+import xml.dom.minidom
+import xml.sax
+import xml.sax.handler
+from StringIO import StringIO
+from sets import Set
+
+def getSavedData( ):
+       global formData, policyXml, policyLabelXml
+       global formVariables, formVmNames
+       global allVmChWs, allVmStes
+
+       # Process the XML upload policy file
+       if formData.has_key( 'i_policy' ):
+               dataList = formData.getlist( 'i_policy' )
+               if len( dataList ) > 0:
+                       policyXml = dataList[0].strip( )
+
+       # The XML upload policy file must be specified at the start
+       if formData.has_key( 'i_policyLabelCreate' ):
+               if policyXml == '':
+                       msg = ''
+                       msg = msg + 'A Policy file was not supplied.  A Policy 
file '
+                       msg = msg + 'must be supplied in order to successfully 
create '
+                       msg = msg + 'a Policy Labeling file.'
+                       formatXmlError( msg )
+
+       # Process the XML upload policy label file
+       if formData.has_key( 'i_policyLabel' ):
+               dataList = formData.getlist( 'i_policyLabel' )
+               if len( dataList ) > 0:
+                       policyLabelXml = dataList[0].strip( )
+
+       # Process all the hidden input variables (if present)
+       for formVar in formVariables:
+               if formVar[2] == '':
+                       continue
+
+               if formData.has_key( formVar[2] ):
+                       dataList = formData.getlist( formVar[2] )
+                       if len( dataList ) > 0:
+                               if isinstance( formVar[1], list ):
+                                       exec 'formVar[1] = ' + dataList[0]
+                               else:
+                                       formVar[1] = dataList[0]
+
+       # The form can contain any number of "Virtual Machines"
+       #   so update the list of form variables to include
+       #   each virtual machine (hidden input variable)
+       for vmName in formVmNames[1]:
+               newVm( vmName )
+
+               vmFormVar = allVmChWs[vmName]
+               if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ):
+                       dataList = formData.getlist( vmFormVar[2] )
+                       if len( dataList ) > 0:
+                               if isinstance( vmFormVar[1], list ):
+                                       exec 'vmFormVar[1] = ' + dataList[0]
+                               else:
+                                       vmFormVar[1] = dataList[0]
+
+               vmFormVar = allVmStes[vmName]
+               if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ):
+                       dataList = formData.getlist( vmFormVar[2] )
+                       if len( dataList ) > 0:
+                               if isinstance( vmFormVar[1], list ):
+                                       exec 'vmFormVar[1] = ' + dataList[0]
+                               else:
+                                       vmFormVar[1] = dataList[0]
+
+def getCurrentTime( ):
+       return time.strftime( '%Y-%m-%d %H:%M:%S', time.localtime( ) )
+
+def getName( domNode ):
+       nameNodes = domNode.getElementsByTagName( 'Name' )
+       if len( nameNodes ) == 0:
+               formatXmlError( '"<Name>" tag is missing' )
+               return None
+
+       name = ''
+       for childNode in nameNodes[0].childNodes:
+               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                       name = name + childNode.data
+
+       return name
+
+def getDate( domNode ):
+       dateNodes = domNode.getElementsByTagName( 'Date' )
+       if len( dateNodes ) == 0:
+               formatXmlError( '"<Date>" tag is missing' )
+               return None
+
+       date = ''
+       for childNode in dateNodes[0].childNodes:
+               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                       date = date + childNode.data
+
+       return date
+
+def getDefUrl( domNode ):
+       domNodes = domNode.getElementsByTagName( 'PolicyName' )
+       if len( domNodes ) == 0:
+               formatXmlError( '"<PolicyName>" tag is missing' )
+               return None
+
+       urlNodes = domNode.getElementsByTagName( 'Url' )
+       if len( urlNodes ) == 0:
+               formatXmlError( '"<Url>" tag is missing' )
+               return None
+
+       url = ''
+       for childNode in urlNodes[0].childNodes:
+               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                       url = url + childNode.data
+
+       return url
+
+def getDefRef( domNode ):
+       domNodes = domNode.getElementsByTagName( 'PolicyName' )
+       if len( domNodes ) == 0:
+               formatXmlError( '"<PolicyName>" tag is missing' )
+               return None
+
+       refNodes = domNode.getElementsByTagName( 'Reference' )
+       if len( refNodes ) == 0:
+               formatXmlError( '"<Reference>" tag is missing' )
+               return None
+
+       ref = ''
+       for childNode in refNodes[0].childNodes:
+               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                       ref = ref + childNode.data
+
+       return ref
+
+def getSteTypes( domNode, missingIsError = 0 ):
+       steNodes = domNode.getElementsByTagName( 'SimpleTypeEnforcementTypes' )
+       if len( steNodes ) == 0:
+               if missingIsError == 1:
+                       formatXmlError( '"<SimpleTypeEnforcementTypes>" tag is 
missing' )
+                       return None
+               else:
+                       return []
+
+       return getTypes( steNodes[0] )
+
+def getChWTypes( domNode, missingIsError = 0 ):
+       chwNodes = domNode.getElementsByTagName( 'ChineseWallTypes' )
+       if len( chwNodes ) == 0:
+               if missingIsError == 1:
+                       formatXmlError( '"<ChineseWallTypes>" tag is missing' )
+                       return None
+               else:
+                       return []
+
+       return getTypes( chwNodes[0] )
+
+def getTypes( domNode ):
+       types = []
+
+       domNodes = domNode.getElementsByTagName( 'Type' )
+       if len( domNodes ) == 0:
+               formatXmlError( '"<Type>" tag is missing' )
+               return None
+
+       for domNode in domNodes:
+               typeText = ''
+               for childNode in domNode.childNodes:
+                       if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                               typeText = typeText + childNode.data
+
+               if typeText == '':
+                       formatXmlError( 'No text associated with the "<Type>" 
tag' )
+                       return None
+
+               types.append( typeText )
+
+       return types
+
+def formatXmlError( msg, xml = '', lineNum = -1, colNum = -1 ):
+       global xmlMessages, xmlError
+
+       xmlError = 1
+       addMsg = cgi.escape( msg )
+
+       if lineNum != -1:
+               sio = StringIO( xml )
+               for xmlLine in sio:
+                       lineNum = lineNum - 1
+                       if lineNum == 0:
+                               break;
+
+               addMsg += '<BR><PRE>' + cgi.escape( xmlLine.rstrip( ) )
+
+               if colNum != -1:
+                       errLine = ''
+                       for i in range( colNum ):
+                               errLine = errLine + '-'
+
+                       addMsg += '\n' + errLine + '^'
+
+               addMsg += '</PRE>'
+
+       xmlMessages.append( addMsg )
+
+def formatXmlGenError( msg ):
+       global xmlMessages, xmlIncomplete
+
+       xmlIncomplete = 1
+       xmlMessages.append( cgi.escape( msg ) )
+
+def parseXml( xmlInput ):
+       global xmlMessages, xmlError, xmlLine, xmlColumn
+
+       xmlParser  = xml.sax.make_parser( )
+       try:
+               domDoc = xml.dom.minidom.parseString( xmlInput, xmlParser )
+
+       except xml.sax.SAXParseException, xmlErr:
+               msg = ''
+               msg = msg + 'XML parsing error occurred at line '
+               msg = msg + `xmlErr.getLineNumber( )`
+               msg = msg + ', column '
+               msg = msg + `xmlErr.getColumnNumber( )`
+               msg = msg + ': reason = "'
+               msg = msg + xmlErr.getMessage( )
+               msg = msg + '"'
+               formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), 
xmlErr.getColumnNumber( ) )
+               return None
+
+       except xml.sax.SAXException, xmlErr:
+               msg = ''
+               msg = msg + 'XML Parsing error: ' + `xmlErr`
+               formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), 
xmlErr.getColumnNumber( ) )
+               return None
+
+       return domDoc
+
+def parsePolicyXml( ):
+       global policyXml
+       global formSteTypes, formChWallTypes
+
+       domDoc = parseXml( policyXml )
+       if domDoc == None:
+               return
+
+       domRoot  = domDoc.documentElement
+       domNodes = domRoot.getElementsByTagName( 'SimpleTypeEnforcement' )
+       if len( domNodes ) > 0:
+               steTypes = getSteTypes( domNodes[0], 1 )
+               if steTypes == None:
+                       msg = ''
+                       msg = msg + 'Error processing the SimpleTypeEnforcement 
types.\n'
+                       msg = msg + 'Please validate the Policy Definition file 
used.'
+                       formatXmlError( msg )
+                       return
+
+               formSteTypes[1] = steTypes
+
+       domNodes = domRoot.getElementsByTagName( 'ChineseWall' )
+       if len( domNodes ) > 0:
+               chwTypes = getChWTypes( domNodes[0], 1 )
+               if chwTypes == None:
+                       msg = ''
+                       msg = msg + 'Error processing the ChineseWall types.\n'
+                       msg = msg + 'Please validate the Policy Definition file 
used.'
+                       formatXmlError( msg )
+                       return
+
+               formChWallTypes[1] = chwTypes
+
+def parsePolicyLabelXml( ):
+       global policyLabelXml
+
+       domDoc = parseXml( policyLabelXml )
+       if domDoc == None:
+               return
+
+       domRoot     = domDoc.documentElement
+       domHeaders = domRoot.getElementsByTagName( 'LabelHeader' )
+       if len( domHeaders ) == 0:
+               msg = ''
+               msg = msg + '"<LabelHeader>" tag is missing.\n'
+               msg = msg + 'Please validate the Policy Labeling file used.'
+               formatXmlError( msg )
+               return
+
+       pName = getName( domHeaders[0] )
+       if pName == None:
+               msg = ''
+               msg = msg + 'Error processing the Policy Labeling header 
information.\n'
+               msg = msg + 'Please validate the Policy Labeling file used.'
+               formatXmlError( msg )
+               return
+
+       formPolicyLabelName[1] = pName
+
+       pDate = getDate( domHeaders[0] )
+       if pDate == None:
+               msg = ''
+               msg = msg + 'Error processing the Policy Labeling header 
information.\n'
+               msg = msg + 'Please validate the Policy Labeling file used.'
+               formatXmlError( msg )
+               return
+
+       formPolicyLabelDate[1] = pDate
+
+       pUrl = getDefUrl( domHeaders[0] )
+       if pUrl == None:
+               msg = ''
+               msg = msg + 'Error processing the Policy Labeling header 
information.\n'
+               msg = msg + 'Please validate the Policy Labeling file used.'
+               formatXmlError( msg )
+               return
+
+       formPolicyUrl[1] = pUrl
+
+       pRef = getDefRef( domHeaders[0] )
+       if pRef == None:
+               msg = ''
+               msg = msg + 'Error processing the Policy Labeling header 
information.\n'
+               msg = msg + 'Please validate the Policy Labeling file used.'
+               formatXmlError( msg )
+               return
+
+       formPolicyRef[1] = pRef
+
+       domSubjects = domRoot.getElementsByTagName( 'SubjectLabels' )
+       if len( domSubjects ) > 0:
+               formVmNameDom0[1] = domSubjects[0].getAttribute( 'bootstrap' )
+               domNodes = domSubjects[0].getElementsByTagName( 
'VirtualMachineLabel' )
+               for domNode in domNodes:
+                       vmName = getName( domNode )
+                       if vmName == None:
+                               msg = ''
+                               msg = msg + 'Error processing the 
VirtualMachineLabel name.\n'
+                               msg = msg + 'Please validate the Policy 
Labeling file used.'
+                               formatXmlError( msg )
+                               continue
+
+                       steTypes = getSteTypes( domNode )
+                       if steTypes == None:
+                               msg = ''
+                               msg = msg + 'Error processing the 
SimpleTypeEnforcement types.\n'
+                               msg = msg + 'Please validate the Policy 
Labeling file used.'
+                               formatXmlError( msg )
+                               return
+
+                       chwTypes = getChWTypes( domNode )
+                       if chwTypes == None:
+                               msg = ''
+                               msg = msg + 'Error processing the ChineseWall 
types.\n'
+                               msg = msg + 'Please validate the Policy 
Labeling file used.'
+                               formatXmlError( msg )
+                               return
+
+                       newVm( vmName, 1 )
+                       allVmStes[vmName][1] = steTypes
+                       allVmChWs[vmName][1] = chwTypes
+
+def removeDups( curList ):
+       newList = []
+       curSet  = Set( curList )
+       for x in curSet:
+               newList.append( x )
+       newList.sort( )
+
+       return newList
+
+def newVm( vmName, addToList = 0 ):
+       global formVmNames
+       global templateVmDel, allVmDel, templateVmDom0, allVmDom0
+       global templateVmChWs, templateVmChWDel, templateVmChW, templateVmChWAdd
+       global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd
+       global templateVmStes, templateVmSteDel, templateVmSte, templateVmSteAdd
+       global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd
+
+       # Make sure we have an actual name and check one of the 'all'
+       # variables to be sure it hasn't been previously defined
+       if (len( vmName ) > 0) and (not allVmDom0.has_key( vmName )):
+               vmSuffix = '_' + vmName
+               allVmDom0[vmName]   = modFormTemplate( templateVmDom0,   
vmSuffix )
+               allVmDel[vmName]    = modFormTemplate( templateVmDel,    
vmSuffix )
+               allVmChWs[vmName]   = modFormTemplate( templateVmChWs,   
vmSuffix )
+               allVmChWDel[vmName] = modFormTemplate( templateVmChWDel, 
vmSuffix )
+               allVmChW[vmName]    = modFormTemplate( templateVmChW,    
vmSuffix )
+               allVmChWAdd[vmName] = modFormTemplate( templateVmChWAdd, 
vmSuffix )
+               allVmStes[vmName]   = modFormTemplate( templateVmStes,   
vmSuffix )
+               allVmSteDel[vmName] = modFormTemplate( templateVmSteDel, 
vmSuffix )
+               allVmSte[vmName]    = modFormTemplate( templateVmSte,    
vmSuffix )
+               allVmSteAdd[vmName] = modFormTemplate( templateVmSteAdd, 
vmSuffix )
+               if addToList == 1:
+                       formVmNames[1].append( vmName )
+                       formVmNames[1] = removeDups( formVmNames[1] )
+
+def updateInfo( ):
+       global formData, formPolicyLabelName, formPolicyLabelDate
+       global formPolicyUrl, formPolicyRef
+
+       if formData.has_key( formPolicyLabelName[3] ):
+               formPolicyLabelName[1] = formData[formPolicyLabelName[3]].value
+       elif formData.has_key( formPolicyLabelUpdate[3] ):
+               formPolicyLabelName[1] = ''
+
+       if formData.has_key( formPolicyLabelDate[3] ):
+               formPolicyLabelDate[1] = formData[formPolicyLabelDate[3]].value
+       elif formData.has_key( formPolicyLabelUpdate[3] ):
+               formPolicyLabelDate[1] = ''
+
+       if formData.has_key( formPolicyUrl[3] ):
+               formPolicyUrl[1] = formData[formPolicyUrl[3]].value
+       elif formData.has_key( formPolicyLabelUpdate[3] ):
+               formPolicyUrl[1] = ''
+
+       if formData.has_key( formPolicyRef[3] ):
+               formPolicyRef[1] = formData[formPolicyRef[3]].value
+       elif formData.has_key( formPolicyLabelUpdate[3] ):
+               formPolicyRef[1] = ''
+
+def addVm( ):
+       global formData, fromVmName, formVmNames, formVmNameDom0
+
+       if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( 
formVmAdd[3] )):
+               if formData.has_key( formVmName[3] ):
+                       vmName = formData[formVmName[3]].value
+                       vmName = vmName.strip( )
+                       newVm( vmName, 1 )
+                       if formVmNameDom0[1] == '':
+                               formVmNameDom0[1] = vmName
+
+def delVm( vmName ):
+       global formVmNames, formVmNameDom0
+       global allVmDel, allVmDom0
+       global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd
+       global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd
+
+       vmName = vmName.strip( )
+       formVmNames[1].remove( vmName )
+       del allVmDom0[vmName]
+       del allVmDel[vmName]
+       del allVmChWs[vmName]
+       del allVmChWDel[vmName]
+       del allVmChW[vmName]
+       del allVmChWAdd[vmName]
+       del allVmStes[vmName]
+       del allVmSteDel[vmName]
+       del allVmSte[vmName]
+       del allVmSteAdd[vmName]
+
+       if formVmNameDom0[1] == vmName:
+               if len( formVmNames[1] ) > 0:
+                       formVmNameDom0[1] = formVmNames[1][0]
+               else:
+                       formVmNameDom0[1] = ''
+
+def makeVmDom0( vmName ):
+       global formVmNameDom0
+
+       vmName = vmName.strip( )
+       formVmNameDom0[1] = vmName
+
+def addVmChW( chwName ):
+       global formData, allVmChW, allVmChWs
+
+       formVar = allVmChW[chwName]
+       if formData.has_key( formVar[3] ):
+               chwList = formData.getlist( formVar[3] )
+               formVar = allVmChWs[chwName]
+               for chw in chwList:
+                       chw = chw.strip( )
+                       formVar[1].append( chw )
+                       formVar[1] = removeDups( formVar[1] )
+
+def delVmChW( chwName ):
+       global formData, allVmChWs
+
+       formVar = allVmChWs[chwName]
+       if formData.has_key( formVar[3] ):
+               chwList = formData.getlist( formVar[3] )
+               for chw in chwList:
+                       chw = chw.strip( )
+                       formVar[1].remove( chw )
+
+def addVmSte( steName ):
+       global formData, allVmSte, allVmStes
+
+       formVar = allVmSte[steName]
+       if formData.has_key( formVar[3] ):
+               steList = formData.getlist( formVar[3] )
+               formVar = allVmStes[steName]
+               for ste in steList:
+                       ste = ste.strip( )
+                       formVar[1].append( ste )
+                       formVar[1] = removeDups( formVar[1] )
+
+def delVmSte( steName ):
+       global formData, allVmStes
+
+       formVar = allVmStes[steName]
+       if formData.has_key( formVar[3] ):
+               steList = formData.getlist( formVar[3] )
+               for ste in steList:
+                       ste = ste.strip( )
+                       formVar[1].remove( ste )
+
+def processRequest( ):
+       global formData, policyXml, policyLabelXml, formPolicyLabelUpdate
+       global formVmAdd
+       global formVmNames, allVmDel, allVmDom0
+       global allVmChWAdd, allVmChWDel, allVmSteAdd, allVmSteDel
+
+       if policyXml != '':
+               parsePolicyXml( )
+
+       if policyLabelXml != '':
+               parsePolicyLabelXml( )
+
+       # Allow the updating of the header information whenever
+       # an action is performed
+       updateInfo( )
+
+       # Allow the adding of labels if the user has hit the
+       # enter key when attempting to add a type/set
+       addVm( )
+
+       for vmName in formVmNames[1]:
+               if formData.has_key( allVmDel[vmName][3] ):
+                       delVm( vmName )
+                       continue
+
+               if formData.has_key( allVmDom0[vmName][3] ):
+                       makeVmDom0( vmName )
+
+               if formData.has_key( allVmChWAdd[vmName][3] ):
+                       addVmChW( vmName )
+
+               elif formData.has_key( allVmChWDel[vmName][3] ):
+                       delVmChW( vmName )
+
+               elif formData.has_key( allVmSteAdd[vmName][3] ):
+                       addVmSte( vmName )
+
+               elif formData.has_key( allVmSteDel[vmName][3] ):
+                       delVmSte( vmName )
+
+def modFormTemplate( formTemplate, suffix ):
+       formVar = [x for x in formTemplate]
+
+       if formVar[2] != '':
+               formVar[2] = formVar[2] + suffix
+       if formVar[3] != '':
+               formVar[3] = formVar[3] + suffix
+       if (formVar[0] != 'button') and (formVar[4] != ''):
+               formVar[4] = formVar[4] + suffix
+
+       return formVar;
+
+def makeName( name, suffix='' ):
+       rName = name
+       if suffix != '':
+               rName = rName + '_' + suffix
+
+       return rName
+
+def makeNameAttr( name, suffix='' ):
+       return 'name="' + makeName( name, suffix ) + '"'
+
+def makeValue( value, suffix='' ):
+       rValue = value
+
+       if isinstance( value, list ):
+               rValue = '['
+               for val in value:
+                       rValue = rValue + '\'' + val
+                       if suffix != '':
+                               rValue = rValue + '_' + suffix
+                       rValue = rValue + '\','
+               rValue = rValue + ']'
+
+       else:
+               if suffix != '':
+                       rValue = rValue + '_' + suffix
+
+       return rValue
+
+def makeValueAttr( value, suffix='' ):
+       return 'value="' + makeValue( value, suffix ) + '"'
+
+def sendHtmlFormVar( formVar, attrs='', rb_select=0 ):
+       nameAttr  = ''
+       valueAttr = ''
+       htmlText  = ''
+
+       if formVar[0] == 'text':
+               if formVar[3] != '':
+                       nameAttr = makeNameAttr( formVar[3] )
+               valueAttr = makeValueAttr( formVar[1] )
+
+               print '<INPUT type="text"', nameAttr, valueAttr, attrs, '>'
+
+       elif formVar[0] == 'list':
+               if formVar[3] != '':
+                       nameAttr = makeNameAttr( formVar[3] )
+
+               print '<SELECT', nameAttr, attrs, '>'
+               for option in formVar[1]:
+                       print '<OPTION>' + option + '</OPTION>'
+               print '</SELECT>'
+
+       elif formVar[0] == 'button':
+               if formVar[3] != '':
+                       nameAttr = makeNameAttr( formVar[3] )
+               if formVar[4] != '':
+                       valueAttr = makeValueAttr( formVar[4] )
+
+               print '<INPUT type="submit"', nameAttr, valueAttr, attrs, '>'
+
+       elif formVar[0] == 'radiobutton':
+               if formVar[3] != '':
+                       nameAttr  = makeNameAttr( formVar[3] )
+                       valueAttr = makeValueAttr( formVar[4][rb_select] )
+                       htmlText  = formVar[5][rb_select]
+                       if formVar[4][rb_select] == formVar[1]:
+                               checked = 'checked'
+                       else:
+                               checked = ''
+
+                       print '<INPUT type="radio"', nameAttr, valueAttr, 
attrs, checked, '>', htmlText
+
+       elif formVar[0] == 'radiobutton-all':
+               if formVar[3] != '':
+                       nameAttr = makeNameAttr( formVar[3] )
+                       buttonVals  = formVar[4]
+                       for i, buttonVal in enumerate( buttonVals ):
+                               htmlText = ''
+                               addAttrs = ''
+                               checked  = ''
+
+                               valueAttr = makeValueAttr( buttonVal )
+                               if formVar[5] != '':
+                                       htmlText = formVar[5][i]
+                               if attrs != '':
+                                       addAttrs = attrs[i]
+                               if buttonVal == formVar[1]:
+                                       checked = 'checked'
+
+                               print '<INPUT type="radio"', nameAttr, 
valueAttr, addAttrs, checked, '>', htmlText
+
+       if ( formVar[2] != '' ) and ( rb_select == 0 ):
+               nameAttr = makeNameAttr( formVar[2] )
+               valueAttr = makeValueAttr( formVar[1] )
+               print '<INPUT type="hidden"', nameAttr, valueAttr, '>'
+
+def sendHtmlHeaders( ):
+       # HTML headers
+       print 'Content-Type: text/html'
+       print
+
+def sendPolicyLabelHtml( ):
+       global xmlError, xmlIncomplete, xmlMessages, formXmlGen
+       global formVmNameDom0, formSteTypes, formChWallTypes
+
+       print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"'
+       print '  "http://www.w3.org/TR/html4/loose.dtd";>'
+
+       print '<HTML>'
+
+       sendHtmlHead( )
+
+       print '<BODY>'
+
+       # An input XML file was specified that had errors, output the
+       # error information
+       if xmlError == 1:
+               print '<P>'
+               print 'An error has been encountered while processing the input'
+               print 'XML file:'
+               print '<UL>'
+               for msg in xmlMessages:
+                       print '<LI>'
+                       print msg
+               print '</UL>'
+               print '</BODY>'
+               print '</HTML>'
+               return
+
+       # When attempting to generate the XML output, all required data was not
+       # present, output the error information
+       if xmlIncomplete == 1:
+               print '<P>'
+               print 'An error has been encountered while validating the data'
+               print 'required for the output XML file:'
+               print '<UL>'
+               for msg in xmlMessages:
+                       print '<LI>'
+                       print msg
+               print '</UL>'
+               print '</BODY>'
+               print '</HTML>'
+               return
+
+       print '<CENTER>'
+       print '<FORM action="' + os.environ['SCRIPT_NAME'] + '" method="post">'
+       print '<TABLE class="container">'
+       print '  <COLGROUP>'
+       print '    <COL width="100%">'
+       print '  </COLGROUP>'
+
+       print '  <TR>'
+       print '    <TD>'
+       sendHtmlFormVar( formDefaultButton, 'class="hidden"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD>'
+       sendHtmlFormVar( formXmlGen )
+       print '    </TD>'
+       print '  </TR>'
+
+       # Policy Labeling header
+       print '  <TR>'
+       print '    <TD>'
+       sendPLHeaderHtml( )
+       print '    </TD>'
+       print '  </TR>'
+
+       # Separator
+       print '  <TR>'
+       print '    <TD>'
+       print '      <HR>'
+       print '    </TD>'
+       print '  </TR>'
+
+       # Policy Labels (vms)
+       print '  <TR>'
+       print '    <TD>'
+       print '      <TABLE class="full">'
+       print '        <TR>'
+       print '          <TD width="100%">'
+       sendPLSubHtml( )
+       print '          </TD>'
+       print '        </TR>'
+       print '      </TABLE>'
+       print '    </TD>'
+       print '  </TR>'
+
+       print '</TABLE>'
+
+       # Send some data that needs to be available across sessions
+       sendHtmlFormVar( formVmNameDom0 )
+       sendHtmlFormVar( formSteTypes )
+       sendHtmlFormVar( formChWallTypes )
+
+       print '</FORM>'
+       print '</CENTER>'
+
+       print '</BODY>'
+
+       print '</HTML>'
+
+def sendHtmlHead( ):
+       global headTitle
+
+       print '<HEAD>'
+       print '<STYLE type="text/css">'
+       print '<!--'
+       print 'BODY            {background-color: #EEEEFF;}'
+       print 'TABLE.container {width:  90%; border: 1px solid black; 
border-collapse: seperate;}'
+       print 'TABLE.full      {width: 100%; border: 0px solid black; 
border-collapse: collapse; border-spacing: 3px;}'
+       print 'TABLE.fullbox   {width: 100%; border: 0px solid black; 
border-collapse: collapse; border-spacing: 3px;}'
+       print 'THEAD           {font-weight: bold; font-size: larger;}'
+       print 'TD              {border: 0px solid black; vertical-align: top;}'
+       print 'TD.heading      {border: 0px solid black; vertical-align: top; 
font-weight: bold; font-size: larger;}'
+       print 'TD.subheading   {border: 0px solid black; vertical-align: top; 
font-size: smaller;}'
+       print 'TD.fullbox      {border: 1px solid black; vertical-align: top;}'
+       print 'SELECT.full     {width: 100%;}'
+       print 'INPUT.full      {width: 100%;}'
+       print 'INPUT.link      {cursor: pointer; background-color: #EEEEFF; 
border: 0px; text-decoration: underline; color: blue;}'
+       print 'INPUT.hidden    {visibility: hidden; width: 1px; height: 1px;}'
+       print ':link           {color: blue;}'
+       print ':visited        {color: red;}'
+       print '-->'
+       print '</STYLE>'
+       print '<TITLE>', headTitle, '</TITLE>'
+       print '</HEAD>'
+
+def sendPLHeaderHtml( ):
+       global formPolicyLabelName, formPolicyLabelDate
+       global formPolicyUrl, formPolicyRef
+       global formPolicyLabelUpdate
+
+       # Policy Labeling header definition
+       print '<TABLE class="full">'
+       print '  <COLGROUP>'
+       print '    <COL width="20%">'
+       print '    <COL width="80%">'
+       print '  </COLGROUP>'
+       print '  <TR>'
+       print '    <TD class="heading" align="center" colspan="2">Policy 
Labeling Information</TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="right">Name:</TD>'
+       print '    <TD align="left">'
+       sendHtmlFormVar( formPolicyLabelName, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="right">Date:</TD>'
+       print '    <TD align="left">'
+       sendHtmlFormVar( formPolicyLabelDate, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="right">Policy URL:</TD>'
+       print '    <TD align="left">'
+       sendHtmlFormVar( formPolicyUrl, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="right">Policy Reference:</TD>'
+       print '    <TD align="left">'
+       sendHtmlFormVar( formPolicyRef, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="center" colspan="2">'
+       sendHtmlFormVar( formPolicyLabelUpdate )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="center" colspan="2" class="subheading">'
+       print '      (The Policy Labeling Information is updated whenever an 
action is performed'
+       print '       or it can be updated separately using the "Update" 
button)'
+       print '    </TD>'
+       print '  </TR>'
+       print '</TABLE>'
+
+def sendPLSubHtml( ):
+       global formVmNames, formVmDel, formVmName, formVmAdd
+       global allVmDel, allVmDom0
+       global allVmChWs, allVmChWDel, allVmChW, allVmChWAdd
+       global allVmStes, allVmSteDel, allVmSte, allVmSteAdd
+       global formSteTypes, formChWallTypes
+
+       print '<TABLE class="full">'
+       print '  <COLGROUP>'
+       print '    <COL width="100%">'
+       print '  </COLGROUP>'
+
+       # Virtual Machines...
+       print '  <TR>'
+       print '    <TD>'
+       print '      <TABLE class="full">'
+       print '        <COLGROUP>'
+       print '          <COL width="10%">'
+       print '          <COL width="40%">'
+       print '          <COL width="50%">'
+       print '        </COLGROUP>'
+       print '        <TR>'
+       print '          <TD class="heading" align="center" colspan="3">Virtual 
Machine Classes</TD>'
+       print '        </TR>'
+       print '        <TR>'
+       print '          <TD colspan="2">'
+       sendHtmlFormVar( formVmName, 'class="full"' )
+       sendHtmlFormVar( formVmNames )
+       print '          </TD>'
+       print '          <TD>&nbsp;</TD>'
+       print '        </TR>'
+       print '        <TR>'
+       print '          <TD>'
+       sendHtmlFormVar( formVmAdd, 'class="full"' )
+       print '          </TD>'
+       print '          <TD colspan="2">'
+       print '            Create a new VM class with the above name'
+       print '          </TD>'
+       print '        </TR>'
+       print '      </TABLE>'
+       print '    </TD>'
+       print '  </TR>'
+       if len( formVmNames[1] ) > 0:
+               print '  <TR>'
+               print '    <TD colspan="1">'
+               print '      &nbsp;'
+               print '    </TD>'
+               print '  </TR>'
+               print '  <TR>'
+               print '    <TD>'
+               print '      <TABLE class="fullbox">'
+               print '        <COLGROUP>'
+               print '          <COL width="10%">'
+               print '          <COL width="40%">'
+               print '          <COL width="50%">'
+               print '        </COLGROUP>'
+               print '        <THEAD>'
+               print '          <TR>'
+               print '            <TD class="fullbox">Dom 0?</TD>'
+               print '            <TD class="fullbox">Name</TD>'
+               print '            <TD class="fullbox">Actions</TD>'
+               print '          </TR>'
+               print '        </THEAD>'
+               for i, vmName in enumerate( formVmNames[1] ):
+                       print '        <TR>'
+                       print '          <TD class="fullbox">'
+                       if formVmNameDom0[1] == vmName:
+                               print 'Yes'
+                       else:
+                               print '&nbsp;'
+                       print '          </TD>'
+                       print '          <TD class="fullbox">' + vmName + 
'</TD>'
+                       print '          <TD class="fullbox">'
+                       print '            <A href="#' + vmName + '">Edit</A>'
+                       formVar = allVmDel[vmName]
+                       sendHtmlFormVar( formVar, 'class="link"' )
+                       formVar = allVmDom0[vmName]
+                       sendHtmlFormVar( formVar, 'class="link"' )
+                       print '          </TD>'
+                       print '        </TR>'
+               print '      </TABLE>'
+               print '    </TD>'
+               print '  </TR>'
+               for vmName in formVmNames[1]:
+                       print '  <TR>'
+                       print '    <TD>'
+                       print '      <HR>'
+                       print '    </TD>'
+                       print '  </TR>'
+                       print '  <TR>'
+                       print '    <TD>'
+                       print '      <TABLE class="full">'
+                       print '        <COLGROUP>'
+                       print '          <COL width="10%">'
+                       print '          <COL width="39%">'
+                       print '          <COL width="2%">'
+                       print '          <COL width="10%">'
+                       print '          <COL width="39%">'
+                       print '        </COLGROUP>'
+                       print '        <TR>'
+                       print '          <TD colspan="5" align="center" 
class="heading">'
+                       print '            <A name="' + vmName + '">Virtual 
Machine Class: ' + vmName + '</A>'
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD colspan="2" align="center">Simple 
Type Enforcement Types</TD>'
+                       print '          <TD>&nbsp;</TD>'
+                       print '          <TD colspan="2" align="center">Chinese 
Wall Types</TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD colspan="2">'
+                       formVar = allVmStes[vmName];
+                       sendHtmlFormVar( formVar, 'class="full" size="4" 
multiple"' )
+                       print '          </TD>'
+                       print '          <TD>&nbsp;</TD>'
+                       print '          <TD colspan="2">'
+                       formVar = allVmChWs[vmName];
+                       sendHtmlFormVar( formVar, 'class="full" size="4" 
multiple"' )
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD>'
+                       formVar = allVmSteDel[vmName];
+                       sendHtmlFormVar( formVar, 'class="full"' )
+                       print '          </TD>'
+                       print '          <TD>'
+                       print '            Delete the type(s) selected above'
+                       print '          </TD>'
+                       print '          <TD>&nbsp;</TD>'
+                       print '          <TD>'
+                       formVar = allVmChWDel[vmName];
+                       sendHtmlFormVar( formVar, 'class="full"' )
+                       print '          </TD>'
+                       print '          <TD>'
+                       print '            Delete the type(s) selected above'
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD colspan="2">'
+                       stSet = Set( formSteTypes[1] )
+                       vmSet = Set( allVmStes[vmName][1] )
+                       formVar = allVmSte[vmName]
+                       formVar[1] = []
+                       for steType in stSet.difference( vmSet ):
+                               formVar[1].append( steType )
+                       formVar[1].sort( )
+                       sendHtmlFormVar( formVar, 'class="full" size="2" 
multiple"' )
+                       print '          </TD>'
+                       print '          <TD>&nbsp;</TD>'
+                       print '          <TD colspan="2">'
+                       ctSet = Set( formChWallTypes[1] )
+                       vmSet = Set( allVmChWs[vmName][1] )
+                       formVar = allVmChW[vmName]
+                       formVar[1] = []
+                       for chwallType in ctSet.difference( vmSet ):
+                               formVar[1].append( chwallType )
+                       formVar[1].sort( )
+                       sendHtmlFormVar( formVar, 'class="full" size="2" 
multiple"' )
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD>'
+                       formVar = allVmSteAdd[vmName];
+                       sendHtmlFormVar( formVar, 'class="full"' )
+                       print '          </TD>'
+                       print '          <TD>'
+                       print '            Add the type(s) selected above'
+                       print '          </TD>'
+                       print '          <TD>&nbsp;</TD>'
+                       print '          <TD>'
+                       formVar = allVmChWAdd[vmName];
+                       sendHtmlFormVar( formVar, 'class="full"' )
+                       print '          </TD>'
+                       print '          <TD>'
+                       print '            Add the type(s) selected above'
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '      </TABLE>'
+                       print '    </TD>'
+                       print '  </TR>'
+
+       print '</TABLE>'
+
+def sendPLObjHtml( ):
+
+       # Resources...
+       print '<TABLE class="full">'
+       print '  <COLGROUP>'
+       print '    <COL width="60%">'
+       print '    <COL width="20%">'
+       print '    <COL width="20%">'
+       print '  </COLGROUP>'
+
+       print '  <TR>'
+       print '    <TD align="center" colspan="3" 
class="heading">Resources</TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD colspan="2">'
+       #sendHtmlFormVar( formVmNames, 'class="full" size="4" multiple"' )
+       print '    </TD>'
+       print '    <TD>'
+       #sendHtmlFormVar( formVmDel, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD colspan="2">'
+       #sendHtmlFormVar( formVmName, 'class="full"' )
+       print '    </TD>'
+       print '    <TD>'
+       #sendHtmlFormVar( formVmAdd, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '</TABLE>'
+
+def checkXmlData( ):
+       global xmlIncomplete
+
+       # Validate the Policy Label Header requirements
+       if ( len( formPolicyLabelName[1] ) == 0 ) or \
+          ( len( formPolicyLabelDate[1] ) == 0 ) or \
+          ( len( formPolicyUrl[1] ) == 0 ) or \
+          ( len( formPolicyRef[1] ) == 0 ):
+                       msg = ''
+                       msg = msg + 'The XML policy label schema requires that 
the Policy '
+                       msg = msg + 'Labeling Information Name, Date, Policy 
URL and '
+                       msg = msg + 'Policy Reference fields all have values.'
+                       formatXmlGenError( msg )
+
+def sendXmlHeaders( ):
+       # HTML headers
+       print 'Content-Type: text/xml'
+       print 'Content-Disposition: attachment; 
filename=security_label_template.xml'
+       print
+
+def sendPolicyLabelXml( ):
+       print '<?xml version="1.0"?>'
+
+       print '<SecurityLabelTemplate xmlns="http://www.ibm.com";'
+       print '                       
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";'
+       print '                       xsi:schemaLocation="http://www.ibm.com 
security_policy.xsd">'
+
+       # Policy Labeling header
+       sendPLHeaderXml( )
+
+       # Policy Labels (subjects and objects)
+       sendPLSubXml( )
+       #sendPLObjXml( )
+
+       print '</SecurityLabelTemplate>'
+
+def sendPLHeaderXml( ):
+       global formPolicyLabelName, formPolicyLabelDate
+       global formPolicyUrl, formPolicyRef
+
+       # Policy Labeling header definition
+       print '<LabelHeader>'
+       print '  <Name>' + formPolicyLabelName[1] + '</Name>'
+       print '  <Date>' + formPolicyLabelDate[1] + '</Date>'
+       print '  <PolicyName>'
+       print '    <Url>' + formPolicyUrl[1] + '</Url>'
+       print '    <Reference>' + formPolicyRef[1] + '</Reference>'
+       print '  </PolicyName>'
+       print '</LabelHeader>'
+
+def sendPLSubXml( ):
+       global formVmNames, allVmChWs, allVmStes
+
+       # Virtual machines...
+       if len( formVmNames[1] ) == 0:
+               return
+
+       print '<SubjectLabels bootstrap="' + formVmNameDom0[1] + '">'
+       for vmName in formVmNames[1]:
+               print '  <VirtualMachineLabel>'
+               print '    <Name>' + vmName + '</Name>'
+               formVar = allVmStes[vmName]
+               if len( formVar[1] ) > 0:
+                       print '    <SimpleTypeEnforcementTypes>'
+                       for ste in formVar[1]:
+                               print '      <Type>' + ste + '</Type>'
+                       print '    </SimpleTypeEnforcementTypes>'
+
+               formVar = allVmChWs[vmName]
+               if len( formVar[1] ) > 0:
+                       print '    <ChineseWallTypes>'
+                       for chw in formVar[1]:
+                               print '      <Type>' + chw + '</Type>'
+                       print '    </ChineseWallTypes>'
+
+               print '  </VirtualMachineLabel>'
+
+       print '</SubjectLabels>'
+
+
+# Set up initial HTML variables
+headTitle = 'Xen Policy Labeling Generation'
+
+# Form variables
+#   The format of these variables is as follows:
+#   [ p0, p1, p2, p3, p4, p5 ]
+#     p0 = input type
+#     p1 = the current value of the variable
+#     p2 = the hidden input name attribute
+#     p3 = the name attribute
+#     p4 = the value attribute
+#     p5 = text to associate with the tag
+formPolicyLabelName   = [ 'text',
+                       '',
+                       'h_policyLabelName',
+                       'i_policyLabelName',
+                       '',
+                       '',
+                       ]
+formPolicyLabelDate   = [ 'text',
+                       getCurrentTime( ),
+                       'h_policyLabelDate',
+                       'i_policyLabelDate',
+                       '',
+                       '',
+                       ]
+formPolicyUrl         = [ 'text',
+                       '',
+                       'h_policyUrl',
+                       'i_policyUrl',
+                       '',
+                       '',
+                       ]
+formPolicyRef         = [ 'text',
+                       '',
+                       'h_policyRef',
+                       'i_policyRef',
+                       '',
+                       '',
+                       ]
+formPolicyLabelUpdate = [ 'button',
+                       '',
+                       '',
+                       'i_PolicyLabelUpdate',
+                       'Update',
+                       '',
+                   ]
+
+formVmNames       = [ '',
+                       [],
+                       'h_vmNames',
+                       '',
+                       '',
+                       '',
+                   ]
+formVmDel         = [ 'button',
+                       '',
+                       '',
+                       'i_vmDel',
+                       'Delete',
+                       '',
+                   ]
+formVmName        = [ 'text',
+                       '',
+                       '',
+                       'i_vmName',
+                       '',
+                       '',
+                   ]
+formVmAdd         = [ 'button',
+                       '',
+                       '',
+                       'i_vmAdd',
+                       'New',
+                       '',
+                   ]
+
+formVmNameDom0    = [ '',
+                       '',
+                       'h_vmDom0',
+                       '',
+                       '',
+                       '',
+                   ]
+
+formXmlGen        = [ 'button',
+                       '',
+                       '',
+                       'i_xmlGen',
+                       'Generate XML',
+                       '',
+                   ]
+
+formDefaultButton = [ 'button',
+                       '',
+                       '',
+                       'i_defaultButton',
+                       '.',
+                       '',
+                   ]
+
+formSteTypes      = [ '',
+                        [],
+                       'h_steTypes',
+                       '',
+                       '',
+                       '',
+                   ]
+formChWallTypes   = [ '',
+                        [],
+                       'h_chwallTypes',
+                       '',
+                       '',
+                       '',
+                   ]
+
+# This is a set of templates used for each virtual machine
+#   Each virtual machine is initially assigned these templates,
+#   then each form attribute value is changed to append
+#   "_virtual-machine-name" for uniqueness.
+templateVmDel     = [ 'button',
+                       '',
+                       '',
+                       'i_vmDel',
+                       'Delete',
+                       '',
+                   ]
+templateVmDom0    = [ 'button',
+                       '',
+                       '',
+                       'i_vmDom0',
+                       'SetDom0',
+                       '',
+                   ]
+allVmDel          = {};
+allVmDom0         = {};
+
+templateVmChWs    = [ 'list',
+                       [],
+                       'h_vmChWs',
+                       'i_vmChWs',
+                       '',
+                       '',
+                   ]
+templateVmChWDel  = [ 'button',
+                       '',
+                       '',
+                       'i_vmChWDel',
+                       'Delete',
+                       '',
+                   ]
+templateVmChW     = [ 'list',
+                       [],
+                       '',
+                       'i_vmChW',
+                       '',
+                       '',
+                   ]
+templateVmChWAdd  = [ 'button',
+                       '',
+                       '',
+                       'i_vmChWAdd',
+                       'Add',
+                       '',
+                   ]
+allVmChWs         = {};
+allVmChWDel       = {};
+allVmChW          = {};
+allVmChWAdd       = {};
+
+templateVmStes    = [ 'list',
+                       [],
+                       'h_vmStes',
+                       'i_vmStes',
+                       '',
+                       '',
+                   ]
+templateVmSteDel  = [ 'button',
+                       '',
+                       '',
+                       'i_vmSteDel',
+                       'Delete',
+                       '',
+                   ]
+templateVmSte     = [ 'list',
+                       [],
+                       '',
+                       'i_vmSte',
+                       '',
+                       '',
+                   ]
+templateVmSteAdd  = [ 'button',
+                       '',
+                       '',
+                       'i_vmSteAdd',
+                       'Add',
+                       '',
+                   ]
+allVmStes         = {};
+allVmSteDel       = {};
+allVmSte          = {};
+allVmSteAdd       = {};
+
+# A list of all form variables used for saving info across requests
+formVariables     = [ formPolicyLabelName,
+                       formPolicyLabelDate,
+                       formPolicyUrl,
+                       formPolicyRef,
+                       formVmNames,
+                       formVmNameDom0,
+                       formSteTypes,
+                       formChWallTypes,
+                   ]
+
+policyXml         = ''
+policyLabelXml    = ''
+xmlError          = 0
+xmlIncomplete     = 0
+xmlMessages       = []
+
+
+# Extract any form data
+formData = cgi.FieldStorage( )
+
+# Process the form
+getSavedData( )
+processRequest( )
+
+if formData.has_key( formXmlGen[3] ):
+       # Generate and send the XML file
+       checkXmlData( )
+
+       if xmlIncomplete == 0:
+               sendXmlHeaders( )
+               sendPolicyLabelXml( )
+
+if (not formData.has_key( formXmlGen[3] )) or (xmlIncomplete == 1 ):
+       # Send HTML to continue processing the form
+       sendHtmlHeaders( )
+       sendPolicyLabelHtml( )
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 tools/security/python/xensec_gen/index.html
--- /dev/null   Tue Dec 13 18:08:17 2005
+++ b/tools/security/python/xensec_gen/index.html       Tue Dec 13 18:08:26 2005
@@ -0,0 +1,126 @@
+<!--
+ The Initial Developer of the Original Code is International
+ Business Machines Corporation. Portions created by IBM
+ Corporation are Copyright (C) 2005 International Business
+ Machines Corporation. All Rights Reserved.
+ -->
+
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+  "http://www.w3.org/TR/html4/loose.dtd";>
+<HTML>
+  <HEAD>
+    <META name="author" content="Tom Lendacky">
+    <META name="copyright" content="Copyright (C) 2005 International Business 
Machines Corporation. All rights reserved">
+
+    <STYLE type="text/css">
+      <!--
+      BODY       {background-color: #EEEEFF;}
+      TABLE.xen  {width: 100%; border: 0px solid black;}
+      TD         {border: 0px solid black;}
+      TD.heading {border: 0px solid black; font-weight: bold; font-size: 
larger;}
+      -->
+    </STYLE>
+    <TITLE>Xen Security Policy Tool</TITLE>
+  </HEAD>
+
+  <BODY>
+    <H1>Xen Security Policy Generation Tool</H1>
+
+    <CENTER>
+    <FORM action="/cgi-bin/policy.cgi" method="post" 
enctype="multipart/form-data">
+    <TABLE class="xen">
+      <COLGROUP>
+        <COL width="25%">
+        <COL width="20%">
+        <COL width="55%">
+      </COLGROUP>
+
+      <TR>
+        <TD valign="top" class="heading">
+          Security Policy
+        </TD>
+        <TD valign="top" colspan="2">
+          To generate a new Xen Security Policy leave the
+          <B>"Policy File"</B> entry field
+          empty and click the "Create" button.<BR>
+          To modify an existing Xen Security Policy enter the
+          file name containing the policy in the
+          <B>"Policy File"</B> entry field
+          and click the "Create" button.<HR>
+        </TD>
+      </TR>
+      <TR>
+        <TD></TD>
+        <TD>
+          Policy File:
+        </TD>
+        <TD>
+          <INPUT type="file" size="50" name="i_policy">
+        </TD>
+      </TR>
+      <TR>
+        <TD></TD>
+        <TD valign="top">
+          <INPUT type="submit" name="i_policyCreate" value="Create">
+        </TD>
+        <TD></TD>
+      </TR>
+    </TABLE>
+    </FORM>
+
+    <FORM action="/cgi-bin/policylabel.cgi" method="post" 
enctype="multipart/form-data">
+    <TABLE class="xen">
+      <COLGROUP>
+        <COL width="25%">
+        <COL width="20%">
+        <COL width="55%">
+      </COLGROUP>
+
+      <TR>
+        <TD valign="top" class="heading">
+          Security Policy Labeling
+        </TD>
+        <TD valign="top" colspan="2">
+          To generate or edit the Xen Security Policy Labeling you <B>must</B>
+          specify the name of
+          an existing Xen Security Policy file in the
+          <B>"Policy File"</B> entry field.<BR>
+          To generate new Xen Security Policy Labeling leave the
+          <B>"Policy Labeling File"</B> entry field
+          empty and click the "Create" button.<BR>
+          To modify existing Xen Security Policy Labeling enter the
+          file name containing the labeling in the
+          <B>"Policy Labeling File"</B> entry field
+          and click the "Create" button.<HR>
+        </TD>
+      </TR>
+      <TR>
+        <TD></TD>
+        <TD>
+          Policy File:
+        </TD>
+        <TD>
+          <INPUT type="file" size="50" name="i_policy">
+        </TD>
+      </TR>
+      <TR>
+        <TD></TD>
+        <TD>
+          Policy Labeling File:
+        </TD>
+        <TD>
+          <INPUT type="file" size="50" name="i_policyLabel">
+        </TD>
+      </TR>
+      <TR>
+        <TD></TD>
+        <TD valign="top">
+          <INPUT type="submit" name="i_policyLabelCreate" value="Create">
+        </TD>
+        <TD></TD>
+      </TR>
+    </TABLE>
+    </FORM>
+  </CENTER>
+  </BODY>
+</HTML>
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 tools/security/python/xensec_gen/main.py
--- /dev/null   Tue Dec 13 18:08:17 2005
+++ b/tools/security/python/xensec_gen/main.py  Tue Dec 13 18:08:26 2005
@@ -0,0 +1,185 @@
+#!/usr/bin/python
+#
+# The Initial Developer of the Original Code is International
+# Business Machines Corporation. Portions created by IBM
+# Corporation are Copyright (C) 2005 International Business
+# Machines Corporation. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License,
+# or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+"""Xen security policy generation aid
+"""
+
+import os
+import pwd
+import grp
+import sys
+import getopt
+import BaseHTTPServer
+import CGIHTTPServer
+
+
+gHttpPort = 7777
+gHttpDir  = '/var/lib/xensec_gen'
+gLogFile  = '/var/log/xensec_gen.log'
+gUser     = 'nobody'
+gGroup    = 'nobody'
+
+def usage( ):
+       print >>sys.stderr, 'Usage:  ' + sys.argv[0] + ' [OPTIONS]'
+       print >>sys.stderr, '  OPTIONS:'
+       print >>sys.stderr, '  -p, --httpport'
+       print >>sys.stderr, '     The port on which the http server is to 
listen'
+       print >>sys.stderr, '     (default: ' + str( gHttpPort ) + ')'
+       print >>sys.stderr, '  -d, --httpdir'
+       print >>sys.stderr, '     The directory where the http server is to 
serve pages from'
+       print >>sys.stderr, '     (default: ' + gHttpDir + ')'
+       print >>sys.stderr, '  -l, --logfile'
+       print >>sys.stderr, '     The file in which to log messages generated 
by this command'
+       print >>sys.stderr, '     (default: ' + gLogFile + ')'
+       print >>sys.stderr, '  -u, --user'
+       print >>sys.stderr, '     The user under which this command is to run.  
This parameter'
+       print >>sys.stderr, '     is only used when invoked under the "root" 
user'
+       print >>sys.stderr, '     (default: ' + gUser + ')'
+       print >>sys.stderr, '  -g, --group'
+       print >>sys.stderr, '     The group under which this command is to run. 
 This parameter'
+       print >>sys.stderr, '     is only used when invoked under the "root" 
user'
+       print >>sys.stderr, '     (default: ' + gGroup + ')'
+       print >>sys.stderr, '  -f'
+       print >>sys.stderr, '     Run the command in the foreground.  The 
logfile option will be'
+       print >>sys.stderr, '     ignored and all output will be directed to 
stdout and stderr.'
+       print >>sys.stderr, '  -h, --help'
+       print >>sys.stderr, '     Display the command usage information'
+
+def runServer( aServerPort,
+               aServerClass  = BaseHTTPServer.HTTPServer,
+               aHandlerClass = CGIHTTPServer.CGIHTTPRequestHandler ):
+       serverAddress = ( '', aServerPort )
+       httpd = aServerClass( serverAddress, aHandlerClass )
+       httpd.serve_forever( )
+
+def daemonize( aHttpDir, aLogFile, aUser, aGroup, aFork = 'true' ):
+       # Do some pre-daemon activities
+       os.umask( 027 )
+       if os.getuid( ) == 0:
+               # If we are running as root, we will change that
+               uid = pwd.getpwnam( aUser )[2]
+               gid = grp.getgrnam( aGroup )[2]
+
+               if aFork == 'true':
+                       # Change the owner of the log file to the user/group
+                       #   under which the daemon is to run
+                       flog = open( aLogFile, 'a' )
+                       flog.close( )
+                       os.chown( aLogFile, uid, gid )
+
+               # Change the uid/gid of the process
+               os.setgid( gid )
+               os.setuid( uid )
+
+       # Change to the HTTP directory
+       os.chdir( aHttpDir )
+
+       if aFork == 'true':
+               # Do first fork
+               try:
+                       pid = os.fork( )
+                       if pid:
+                               # Parent process
+                               return pid
+
+               except OSError, e:
+                       raise Exception, e
+
+               # First child process, create a new session
+               os.setsid( )
+
+               # Do second fork
+               try:
+                       pid = os.fork( )
+                       if pid:
+                               # Parent process
+                               os._exit( 0 )
+
+               except OSError, e:
+                       raise Exception, e
+
+               # Reset stdin/stdout/stderr
+               fin  = open( '/dev/null',  'r' )
+               flog = open( aLogFile, 'a' )
+               os.dup2( fin.fileno( ),  sys.stdin.fileno( ) )
+               os.dup2( flog.fileno( ), sys.stdout.fileno( ) )
+               os.dup2( flog.fileno( ), sys.stderr.fileno( ) )
+
+def main( ):
+       httpPort = gHttpPort
+       httpDir  = gHttpDir
+       logFile  = gLogFile
+       user     = gUser
+       group    = gGroup
+       doFork   = 'true'
+
+       shortOpts = 'd:p:l:u:g:fh'
+       longOpts  = [ 'httpdir=', 'httpport=', 'logfile=', 'user=', 'group=', 
'help' ]
+       try:
+               opts, args = getopt.getopt( sys.argv[1:], shortOpts, longOpts )
+
+       except getopt.GetoptError, e:
+               print >>sys.stderr, e
+               usage( )
+               sys.exit( )
+
+       if len( args ) != 0:
+               print >>sys.stderr, 'Error: command arguments are not supported'
+               usage( )
+               sys.exit( )
+
+       for opt, opt_value in opts:
+               if opt in ( '-h', '--help' ):
+                       usage( )
+                       sys.exit( )
+
+               if opt in ( '-d', '--httpdir' ):
+                       httpDir = opt_value
+
+               if opt in ( '-p', '--httpport' ):
+                       try:
+                               httpPort = int( opt_value )
+                       except:
+                               print >>sys.stderr, 'Error: HTTP port is not 
valid'
+                               usage( )
+                               sys.exit( )
+
+               if opt in ( '-l', '--logfile' ):
+                       logFile = opt_value
+
+               if opt in ( '-u', '--user' ):
+                       user = opt_value
+
+               if opt in ( '-g', '--group' ):
+                       group = opt_value
+
+               if opt in ( '-f' ):
+                       doFork = 'false'
+
+       pid = daemonize( httpDir, logFile, user, group, doFork )
+       if pid > 0:
+               sys.exit( )
+
+       runServer( httpPort )
+
+if __name__ == '__main__':
+       main( )
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 tools/security/xensec_gen.py
--- /dev/null   Tue Dec 13 18:08:17 2005
+++ b/tools/security/xensec_gen.py      Tue Dec 13 18:08:26 2005
@@ -0,0 +1,26 @@
+#!/usr/bin/python
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License,
+# or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import sys
+
+# Add fallback path for non-native python path installs if needed
+sys.path.append( '/usr/lib/python' )
+sys.path.append( '/usr/lib64/python' )
+
+from xen.xensec_gen import main
+
+main.main( )

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

<Prev in Thread] Current Thread [Next in Thread>