# HG changeset patch
# User emellor@xxxxxxxxxxxxxxxxxxxxxx
# Node ID 62d9ac63e7f509328815443d8604f849b64d0c9d
# Parent 8c5b7b6772ae154192263bcb8c836eb619ab3eb4
# Parent 89e0dfa3a089f14aa92f7ea04c94348185e5a634
Merged.
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 tools/ioemu/sdl.c
--- a/tools/ioemu/sdl.c Tue Dec 13 18:08:17 2005
+++ b/tools/ioemu/sdl.c Tue Dec 13 18:08:26 2005
@@ -592,7 +592,8 @@
sdl_resize(ds, 640, 400);
sdl_update_caption();
- SDL_EnableKeyRepeat(250, 50);
+ if(repeat_key)
+ SDL_EnableKeyRepeat(250, 50);
SDL_EnableUNICODE(1);
gui_grab = 0;
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 tools/ioemu/vl.c
--- a/tools/ioemu/vl.c Tue Dec 13 18:08:17 2005
+++ b/tools/ioemu/vl.c Tue Dec 13 18:08:26 2005
@@ -145,6 +145,7 @@
int graphic_height = 600;
int graphic_depth = 15;
int full_screen = 0;
+int repeat_key = 1;
TextConsole *vga_console;
CharDriverState *serial_hds[MAX_SERIAL_PORTS];
int xc_handle;
@@ -2250,6 +2251,7 @@
"-std-vga simulate a standard VGA card with VESA Bochs
Extensions\n"
" (default is CL-GD5446 PCI VGA)\n"
"-vgaacc [0|1] 1 to accelerate CL-GD5446 speed, default is 1\n"
+ "-no-repeatkey disable key repeat feature for SDL keyboard
simulation"
#endif
"-loadvm file start right away with a saved state (loadvm in
monitor)\n"
"\n"
@@ -2342,6 +2344,7 @@
QEMU_OPTION_loadvm,
QEMU_OPTION_full_screen,
QEMU_OPTION_vgaacc,
+ QEMU_OPTION_repeatkey,
};
typedef struct QEMUOption {
@@ -2421,6 +2424,7 @@
{ "nic-ne2000", 0, QEMU_OPTION_nic_ne2000 },
{ "cirrusvga", 0, QEMU_OPTION_cirrusvga },
{ "vgaacc", HAS_ARG, QEMU_OPTION_vgaacc },
+ { "no-repeatkey", 0, QEMU_OPTION_repeatkey },
{ NULL },
};
@@ -2975,6 +2979,9 @@
exit(1);
}
}
+ break;
+ case QEMU_OPTION_repeatkey:
+ repeat_key = 0;
break;
case QEMU_OPTION_std_vga:
cirrus_vga_enabled = 0;
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 tools/ioemu/vl.h
--- a/tools/ioemu/vl.h Tue Dec 13 18:08:17 2005
+++ b/tools/ioemu/vl.h Tue Dec 13 18:08:26 2005
@@ -612,6 +612,7 @@
void kbd_init(void);
extern const char* keyboard_layout;
+extern int repeat_key;
/* mc146818rtc.c */
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 tools/security/Makefile
--- a/tools/security/Makefile Tue Dec 13 18:08:17 2005
+++ b/tools/security/Makefile Tue Dec 13 18:08:26 2005
@@ -35,7 +35,7 @@
SRCS_GETD = get_decision.c
OBJS_GETD := $(patsubst %.c,%.o,$(filter %.c,$(SRCS_GETD)))
-ACM_INST_TOOLS = xensec_tool xensec_xml2bin
+ACM_INST_TOOLS = xensec_tool xensec_xml2bin xensec_gen
ACM_NOINST_TOOLS = get_decision
ACM_OBJS = $(OBJS_TOOL) $(OBJS_XML2BIN) $(OBJS_GETD)
ACM_SCRIPTS = getlabel.sh setlabel.sh updategrub.sh labelfuncs.sh
@@ -43,6 +43,12 @@
ACM_CONFIG_DIR = /etc/xen/acm-security
ACM_POLICY_DIR = $(ACM_CONFIG_DIR)/policies
ACM_SCRIPT_DIR = $(ACM_CONFIG_DIR)/scripts
+
+ACM_INST_HTML = python/xensec_gen/index.html
+ACM_INST_CGI = python/xensec_gen/cgi-bin/policy.cgi \
+ python/xensec_gen/cgi-bin/policylabel.cgi
+ACM_SECGEN_HTMLDIR= /var/lib/xensec_gen
+ACM_SECGEN_CGIDIR = $(ACM_SECGEN_HTMLDIR)/cgi-bin
ACM_SCHEMA = security_policy.xsd
ACM_EXAMPLES = null chwall ste chwall_ste
@@ -65,6 +71,15 @@
done
$(INSTALL_DIR) -p $(DESTDIR)$(ACM_SCRIPT_DIR)
$(INSTALL_PROG) -p $(ACM_SCRIPTS) $(DESTDIR)$(ACM_SCRIPT_DIR)
+ $(INSTALL_DIR) -p $(DESTDIR)$(ACM_SECGEN_HTMLDIR)
+ $(INSTALL_DATA) -p $(ACM_INST_HTML) $(DESTDIR)$(ACM_SECGEN_HTMLDIR)
+ $(INSTALL_DIR) -p $(DESTDIR)$(ACM_SECGEN_CGIDIR)
+ $(INSTALL_PROG) -p $(ACM_INST_CGI) $(DESTDIR)$(ACM_SECGEN_CGIDIR)
+ifndef XEN_PYTHON_NATIVE_INSTALL
+ python python/setup.py install --home="$(DESTDIR)/usr"
+else
+ python python/setup.py install --root="$(DESTDIR)"
+endif
else
all:
@@ -72,22 +87,27 @@
endif
build: mk-symlinks $(ACM_INST_TOOLS) $(ACM_NOINST_TOOLS)
+ python python/setup.py build
chmod 700 $(ACM_SCRIPTS)
xensec_tool: $(OBJS_TOOL)
- $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
xensec_xml2bin: $(OBJS_XML2BIN)
- $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
get_decision: $(OBJS_GETD)
- $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
+
+xensec_gen: xensec_gen.py
+ cp -f $^ $@
clean:
$(RM) $(ACM_INST_TOOLS) $(ACM_NOINST_TOOLS)
$(RM) $(ACM_OBJS)
$(RM) $(PROG_DEPS)
$(RM) -r xen
+ $(RM) -r build
mrproper: clean
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 tools/security/example.txt
--- a/tools/security/example.txt Tue Dec 13 18:08:17 2005
+++ b/tools/security/example.txt Tue Dec 13 18:08:26 2005
@@ -271,3 +271,112 @@
If you keep to the security policy schema, then you can use all the
tools described above. Refer to install.txt to install it.
+
+You can hand-edit the xml files to create your policy or you can use the
+xensec_gen utility.
+
+
+5. Generating policy files using xensec_gen:
+============================================
+
+The xensec_gen utility starts a web-server that can be used to generate the
+XML policy files needed to create a policy.
+
+By default, xensec_gen runs as a daemon and listens on port 7777 for HTTP
+requests. The xensec_gen command supports command line options to change the
+listen port, run in the foreground, and a few others. Type 'xensec_gen -h'
+to see the full list of options available.
+
+Once the xensec_gen utility is running, point a browser at the host and port
+on which the utility is running (e.g. http://localhost:7777/). You will be
+presented with a web page that allows you to create or modify the XML policy
+files:
+
+ - The Security Policy section allows you to create or modify a policy
+ definition file
+
+ - The Security Policy Labeling section allows you to create or modify a
+ label template definition file
+
+ Security Policy:
+ ----------------
+ The Security Policy section allows you to modify an existing policy
definition
+ file or create a new policy definition file. To modify an existing policy
+ definition, enter the full path to the existing file (the "Browse" button can
+ be used to aid in this) in the Policy File entry field. To create a new
+ policy definition file leave the Policy File entry field blank. At this
point
+ click the "Create" button to begin modifying or creating your policy
definition.
+
+ You will then be presented with a web page that will allow you to create
either
+ Simple Type Enforcement types or Chinese Wall types or both.
+
+ As an example:
+ - To add a Simple Type Enforcement type:
+ - Enter the name of a new type under the Simple Type Enforcement Types
+ section in the entry field above the "New" button.
+ - Click the "New" button and the type will be added to the list of
defined
+ Simple Type Enforcement types.
+ - To remove a Simple Type Enforcement type:
+ - Click on the type to be removed in the list of defined Simple Type
+ Enforcement types.
+ - Click the "Delete" button to remove the type.
+
+ Follow the same process to add Chinese Wall types. If you define Chinese
Wall
+ types you need to define at least one Chinese Wall Conflict Set. The Chinese
+ Wall Conflict Set will allow you to add Chinese Wall types from the list of
+ defined Chinese Wall types.
+
+ To create your policy definition file, click on the "Generate XML" button on
+ the top of the page. This will present you with a dialog box to save the
+ generated XML file on your system. The default name will be
security_policy.xml
+ which you should change to follow the policy file naming conventions based on
+ the policy name that you choose to use.
+
+ To get a feel for the tool, you could use one of the example policy
definition
+ files from /etc/xen/acm-security/policies as input.
+
+
+ Security Policy Labeling:
+ -------------------------
+ The Security Policy Labeling section allows you to modify an existing label
+ template definition file or create a new label template definition file. To
+ modify an existing label template definition, enter the full path to the
+ existing file (the "Browse" button can be used to aid in this) in the Policy
+ Labeling File entry field. Whether creating a new label template definition
+ file or modifying an existing one, you will need to specify the policy
+ definition file that is or will be associated with this label template
+ definition file. At this point click the "Create" button to begin modifying
+ or creating your label template definition file.
+
+ You will then be presented with a web page that will allow you to create
labels
+ for classes of virtual machines. The input policy definition file will
provide
+ the available types (Simple Type Enforcement and/or Chinese Wall) that can be
+ assigned to a virtual machine class.
+
+ As an example:
+ - To add a Virtual Machine class (the name entered will become the label
+ that will be used to identify the class):
+ - Enter the name of a new class under the Virtual Machine Classes section
+ in the entry field above the "New" button.
+ - Click the "New" button and the class will be added to the table of
defined
+ Virtual Machine classes.
+ - To remove a Virtual Machine class:
+ - Click the "Delete" link associated with the class in the table of
Virtual
+ Machine classes.
+
+ Once you have defined one or more Virtual Machine classes, you will be able
to
+ add any of the defined Simple Type Enforcement types or Chinese Wall types
to a
+ particular Virtual Machine.
+
+ You must also define which Virtual Machine class is to be associated with the
+ bootstrap domain (or Dom0 domain). By default, the first Virtual Machine
class
+ created will be associated as the bootstrap domain.
+
+ To create your label template definition file, click on the "Generate XML"
button
+ on the top of the page. This will present you with a dialog box to save the
+ generated XML file on your system. The default name will be
+ security_label_template.xml which you should change to follow the policy file
+ naming conventions based on the policy name that you choose to use.
+
+ To get a feel for the tool, you could use one of the example policy
definition
+ and label template definition files from /etc/xen/acm-security/policies as
input.
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 tools/xm-test/lib/XmTestLib/XenDomain.py
--- a/tools/xm-test/lib/XmTestLib/XenDomain.py Tue Dec 13 18:08:17 2005
+++ b/tools/xm-test/lib/XmTestLib/XenDomain.py Tue Dec 13 18:08:26 2005
@@ -30,18 +30,140 @@
BLOCK_ROOT_DEV = "hda"
-def XmTestDomain(name=None, extraOpts=None, config="/dev/null"):
- if ENABLE_VMX_SUPPORT:
- return XmTestVmxDomain(name, extraOpts, config)
+def getDeviceModel():
+ """Get the path to the device model based on
+ the architecture reported in uname"""
+ arch = os.uname()[4]
+ if re.search("64", arch):
+ return "/usr/lib64/xen/bin/qemu-dm"
else:
- return XmTestPvDomain(name, extraOpts, config)
+ return "/usr/lib/xen/bin/qemu-dm"
def getDefaultKernel():
+ """Get the path to the default DomU kernel"""
dom0Ver = commands.getoutput("uname -r");
domUVer = dom0Ver.replace("xen0", "xenU");
return "/boot/vmlinuz-" + domUVer;
+def getUniqueName():
+ """Get a uniqueish name for use in a domain"""
+ unixtime = int(time.time())
+ test_name = sys.argv[0]
+ test_name = re.sub("\.test", "", test_name)
+ test_name = re.sub("[\/\.]", "", test_name)
+ name = "%s-%i" % (test_name, unixtime)
+
+ return name
+
+def getRdPath():
+ rdpath = os.environ.get("RD_PATH")
+ if not rdpath:
+ rdpath = "../../ramdisk"
+ rdpath = os.path.abspath(rdpath)
+
+ return rdpath
+
+ParavirtDefaults = {"memory" : 64,
+ "vcpus" : 1,
+ "kernel" : getDefaultKernel(),
+ "root" : "/dev/ram0",
+ "ramdisk" : getRdPath() + "/initrd.img"
+ }
+VmxDefaults = {"memory" : 64,
+ "vcpus" : 1,
+ "nics" : 0,
+ "disk" : ["file:%s/disk.img,ioemu:%s,w" %
+ (getRdPath(), BLOCK_ROOT_DEV)],
+ "kernel" : "/usr/lib/xen/boot/vmxloader",
+ "builder" : "vmx",
+ "sdl" : 0,
+ "vnc" : 0,
+ "vncviewer" : 0,
+ "nographic" : 1,
+ "serial" : "pty",
+ "device_model" : getDeviceModel()
+ }
+
+if ENABLE_VMX_SUPPORT:
+ configDefaults = VmxDefaults
+else:
+ configDefaults = ParavirtDefaults
+
+class XenConfig:
+ """An object to help create a xen-compliant config file"""
+ def __init__(self):
+ self.defaultOpts = {}
+
+ # These options need to be lists
+ self.defaultOpts["disk"] = []
+ self.defaultOpts["vif"] = []
+
+ self.opts = self.defaultOpts
+
+ def toString(self):
+ """Convert this config to a string for writing out
+ to a file"""
+ string = "# Xen configuration generated by xm-test\n"
+ for k, v in self.opts.items():
+ if isinstance(v, int):
+ piece = "%s = %i" % (k, v)
+ elif isinstance(v, list) and v:
+ piece = "%s = %s" % (k, v)
+ elif isinstance(v, str) and v:
+ piece = "%s = \"%s\"" % (k, v)
+ else:
+ piece = None
+
+ if piece:
+ string += "%s\n" % piece
+
+ return string
+
+ def write(self, filename):
+ """Write this config out to filename"""
+ output = file(filename, "w")
+ output.write(self.toString())
+ output.close()
+
+ def __str__(self):
+ """When used as a string, we represent ourself by a config
+ filename, which points to a temporary config that we write
+ out ahead of time"""
+ filename = "/tmp/xm-test.conf"
+ self.write(filename)
+ return filename
+
+ def setOpt(self, name, value):
+ """Set an option in the config"""
+ if name in self.opts.keys() and isinstance(self.opts[name], list) and
not isinstance(value, list):
+ self.opts[name] = [value]
+ else:
+ self.opts[name] = value
+
+ def appOpt(self, name, value):
+ """Append a value to a list option"""
+ if name in self.opts.keys() and isinstance(self.opts[name], list):
+ self.opts[name].append(value)
+
+ def getOpt(self, name):
+ """Return the value of a config option"""
+ if name in self.opts.keys():
+ return self.opts[name]
+ else:
+ return None
+
+ def setOpts(self, opts):
+ """Batch-set options from a dictionary"""
+ for k, v in opts.items():
+ self.setOpt(k, v)
+
+ def clearOpts(self, name=None):
+ """Clear one or all config options"""
+ if name:
+ self.opts[name] = self.defaultOpts[name]
+ else:
+ self.opts = self.defaultOpts
class DomainError(Exception):
def __init__(self, msg, extra="", errorcode=0):
@@ -55,62 +177,24 @@
def __str__(self):
return str(self.msg)
+
class XenDomain:
- def __init__(self, opts={}, config="/dev/null"):
- """Create a domain object. Optionally take a
- dictionary of 'xm' options to use"""
-
- self.domID = None;
+ def __init__(self, name=None, config=None):
+ """Create a domain object.
+ @param config: String filename of config file
+ """
+
+ if name:
+ self.name = name
+ else:
+ self.name = getUniqueName()
+
self.config = config
- if not opts.has_key("name"):
- raise DomainError("Missing `name' option")
- if not opts.has_key("memory"):
- raise DomainError("Missing `memory' option")
- if not opts.has_key("kernel"):
- raise DomainError("Missing `kernel' option")
-
- self.opts = opts
-
- self.configVals = None
-
- def __buildCmdLine(self):
- c = "xm create %s" % self.config
-
- for k in self.opts.keys():
- c += " %s=%s" % (k, self.opts[k])
-
- return c
-
- def getUniqueName(self):
- #
- # We avoid multiple duplicate names
- # here because they stick around in xend
- # too long
- #
- unixtime = int(time.time())
- test_name = sys.argv[0]
- test_name = re.sub("\.test", "", test_name)
- test_name = re.sub("[\/\.]", "", test_name)
- name = "%s-%i" % (test_name, unixtime)
-
- return name
-
def start(self):
- if self.configVals:
- self.__writeConfig("/tmp/xm-test.conf")
- self.config = "/tmp/xm-test.conf"
-
- commandLine = self.__buildCmdLine()
-
- ret, output = traceCommand(commandLine);
-
- try:
- self.domID = self.getId()
- except:
- self.domID = -1;
+ ret, output = traceCommand("xm create %s" % self.config)
if ret != 0:
raise DomainError("Failed to create domain",
@@ -118,190 +202,79 @@
errorcode=ret)
def stop(self):
- prog = "xm";
- cmd = " shutdown ";
-
- ret, output = traceCommand(prog + cmd + self.opts["name"]);
-
- return ret;
+ prog = "xm"
+ cmd = " shutdown "
+
+ ret, output = traceCommand(prog + cmd + self.config.getOpt("name"))
+
+ return ret
def destroy(self):
- prog = "xm";
- cmd = " destroy ";
-
- ret, output = traceCommand(prog + cmd + self.opts["name"]);
-
- return ret;
+ prog = "xm"
+ cmd = " destroy "
+
+ ret, output = traceCommand(prog + cmd + self.config.getOpt("name"))
+
+ return ret
def getName(self):
- return self.opts["name"];
+ return self.name
def getId(self):
return domid(self.getName());
- def configSetVar(self, key, value):
- if not self.configVals:
- self.configVals = {}
-
- self.configVals[key] = value
-
- def configAddDisk(self, pdev, vdev, acc):
- if not self.configVals:
- self.configVals = {}
-
- if not self.configVals.has_key("disk"):
- self.configVals["disk"] = []
-
- self.configVals["disk"].append("%s,%s,%s" % (pdev,vdev,acc))
-
- def configAddVif(self, type, mac, bridge):
- if not self.configVals:
- self.configVals = {}
-
- if not self.configVals.has_key("vif"):
- self.configVals["vif"] = []
-
- if mac:
- self.configVals["vif"].append("%s,%s,%s" % (type,mac,bridge))
- else:
- self.configVals["vif"].append("%s,%s" % (type,bridge))
-
- def __writeConfig(self, configFileName):
-
- conf = file(configFileName, "w")
-
- for k,v in self.configVals.items():
- print >>conf, "%s = %s" % (k, v)
-
- conf.close()
-
-class XmTestVmxDomain(XenDomain):
-
- def __prepareBlockRoot(self, rdpath):
- image = os.path.abspath(rdpath + "/disk.img")
- self.configAddDisk("file:%s" % image, "ioemu:%s" % BLOCK_ROOT_DEV, "w")
-
- def __prepareVif(self):
- self.configAddVif("type=ioemu", None, "bridge=xenbr0")
-
- def __prepareDeviceModel(self):
- arch = os.uname()[4]
- if re.search('64', arch):
- self.configSetVar("device_model", "\"/usr/lib64/xen/bin/qemu-dm\"")
- else:
- self.configSetVar("device_model", "\"/usr/lib/xen/bin/qemu-dm\"")
-
- def __init__(self, name=None, extraOpts=None, config="/dev/null"):
-
- rdpath = os.environ.get("RD_PATH")
- if not rdpath:
- rdpath = "../../ramdisk"
-
- self.opts = {}
- self.configVals = {}
-
- # Defaults
- self.defaults = {"memory" : 64,
- "vcpus" : 1,
- "kernel" : "/usr/lib/xen/boot/vmxloader",
- "builder" : "\'vmx\'",
- "name" : name or self.getUniqueName()
- }
-
- self.domID = None;
- self.config = config;
-
- self.__prepareBlockRoot(rdpath)
- #self.__prepareVif()
- self.__prepareDeviceModel()
- #self.configSetVar("boot","\'c\'")
- self.configSetVar("sdl","0")
- self.configSetVar("vnc","0")
- self.configSetVar("vncviewer","0")
- self.configSetVar("nographic","1")
- self.configSetVar("serial","\'pty\'")
-
- # Copy over defaults
- for key in self.defaults.keys():
- self.opts[key] = self.defaults[key]
-
- # Merge in extra options
- if extraOpts:
- for key in extraOpts.keys():
- self.opts[key] = extraOpts[key]
+
+class XmTestDomain(XenDomain):
+
+ def __init__(self, name=None, extraConfig=None, baseConfig=configDefaults):
+ """Create a new xm-test domain
+ @param name: The requested domain name
+ @param extraConfig: Additional configuration options
+ @param baseConfig: The initial configuration defaults to use
+ """
+ config = XenConfig()
+ config.setOpts(baseConfig)
+ if extraConfig:
+ config.setOpts(extraConfig)
+
+ if name:
+ config.setOpt("name", name)
+ elif not config.getOpt("name"):
+ config.setOpt("name", getUniqueName())
+
+ XenDomain.__init__(self, config.getOpt("name"), config=config)
def start(self):
- """We know how about how long everyone will need to wait
- for our disk image to come up, so we do it here as a convenience"""
-
-# for i in range(0,5):
-# status, output = traceCommand("xm list")
-
XenDomain.start(self)
- waitForBoot()
+ if ENABLE_VMX_SUPPORT:
+ waitForBoot()
def startNow(self):
XenDomain.start(self)
- def getMem(self):
- return int(self.opts["memory"])
-
def minSafeMem(self):
return 16
-class XmTestPvDomain(XenDomain):
-
- def __init__(self, name=None, extraOpts=None, config="/dev/null"):
-
- rdpath = os.environ.get("RD_PATH")
- if not rdpath:
- rdpath = "../../ramdisk"
-
- self.opts = {}
- self.configVals = None
-
- # Defaults
- self.defaults = {"memory" : 64,
- "vcpus" : 1,
- "kernel" : getDefaultKernel(),
- "root" : "/dev/ram0",
- "name" : name or self.getUniqueName(),
- "ramdisk" : rdpath + "/initrd.img"
- }
-
- self.domID = None;
- self.config = config;
-
- # Copy over defaults
- for key in self.defaults.keys():
- self.opts[key] = self.defaults[key]
-
- # Merge in extra options
- if extraOpts:
- for key in extraOpts.keys():
- self.opts[key] = extraOpts[key]
-
- def start(self):
- """We know how about how long everyone will need to wait
- for our ramdisk to come up, so we do it here as a convenience"""
-
-# for i in range(0,5):
-# status, output = traceCommand("xm list")
-
- XenDomain.start(self)
-# waitForBoot()
-
- def startNow(self):
- XenDomain.start(self)
-
- def getMem(self):
- return int(self.opts["memory"])
-
- def minSafeMem(self):
- return 16
-
if __name__ == "__main__":
- d = XmTestDomain();
-
- d.start();
+ c = XenConfig()
+
+ c.setOpt("foo", "bar")
+ c.setOpt("foob", 1)
+ opts = {"opt1" : 19,
+ "opt2" : "blah"}
+ c.setOpts(opts)
+
+ c.setOpt("disk", "phy:/dev/ram0,hda1,w")
+ c.appOpt("disk", "phy:/dev/ram1,hdb1,w")
+
+ print str(c)
+
+
+
+# c.write("/tmp/foo.conf")
+
+# d = XmTestDomain();
+#
+# d.start();
+
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 tools/xm-test/lib/XmTestReport/Report.py
--- a/tools/xm-test/lib/XmTestReport/Report.py Tue Dec 13 18:08:17 2005
+++ b/tools/xm-test/lib/XmTestReport/Report.py Tue Dec 13 18:08:26 2005
@@ -31,10 +31,12 @@
import xml.dom.minidom
import httplib
import urllib
+import re
#REPORT_HOST = "xmtest-dev.dague.org"
REPORT_HOST = "xmtest.dague.org"
REPORT_URL = "/cgi-bin/report-results";
+VIEW_URL = "cgi-bin/display?view=single&testid="
class XmTestReport:
@@ -101,16 +103,21 @@
conn.request("POST", REPORT_URL, body, headers)
resp = conn.getresponse()
+ data = resp.read()
+
if resp.status == 200:
print >>sys.stderr, "Your results have been submitted successfully!"
+ match = re.match("^id=([0-9]+)$", data.split("\n")[1])
+ if match:
+ id = match.group(1)
+ print >>sys.stderr, "See your report at:"
+ print >>sys.stderr, "http://%s/%s%s" % (REPORT_HOST, VIEW_URL, id)
else:
print >>sys.stderr, "Unable to submit results:"
print >>sys.stderr, "[http://%s%s] said %i: %s" % (REPORT_HOST,
REPORT_URL,
resp.status,
resp.reason)
-
- data = resp.read()
print >>sys.stderr, data
if __name__ == "__main__":
diff -r 8c5b7b6772ae -r 62d9ac63e7f5
tools/xm-test/tests/block-create/11_block_attach_shared_dom0.py
--- a/tools/xm-test/tests/block-create/11_block_attach_shared_dom0.py Tue Dec
13 18:08:17 2005
+++ b/tools/xm-test/tests/block-create/11_block_attach_shared_dom0.py Tue Dec
13 18:08:26 2005
@@ -21,8 +21,9 @@
# Now try to start a DomU with write access to /dev/ram0
-domain = XmTestDomain();
-domain.configAddDisk("phy:/dev/ram0", "hda1", "w")
+config = {"disk":"phy:/dev/ram0,hda1,w"}
+
+domain = XmTestDomain(extraConfig=config);
try:
domain.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5
tools/xm-test/tests/block-create/12_block_attach_shared_domU.py
--- a/tools/xm-test/tests/block-create/12_block_attach_shared_domU.py Tue Dec
13 18:08:17 2005
+++ b/tools/xm-test/tests/block-create/12_block_attach_shared_domU.py Tue Dec
13 18:08:26 2005
@@ -5,11 +5,11 @@
from XmTestLib import *
-dom1 = XmTestDomain()
-dom2 = XmTestDomain(dom1.getName() + "-2")
+config = {"disk":"phy:/dev/ram0,hda1,w"}
-dom1.configAddDisk("phy:/dev/ram0", "hda1", "w")
-dom2.configAddDisk("phy:/dev/ram0", "hda1", "w")
+dom1 = XmTestDomain(extraConfig=config)
+dom2 = XmTestDomain(dom1.getName() + "-2",
+ extraConfig=config)
try:
dom1.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5
tools/xm-test/tests/block-destroy/01_block-destroy_btblock_pos.py
--- a/tools/xm-test/tests/block-destroy/01_block-destroy_btblock_pos.py Tue Dec
13 18:08:17 2005
+++ b/tools/xm-test/tests/block-destroy/01_block-destroy_btblock_pos.py Tue Dec
13 18:08:26 2005
@@ -5,9 +5,8 @@
from XmTestLib import *
-domain = XmTestDomain()
-
-domain.configAddDisk("phy:/dev/ram0", "hda1", "w")
+config = {"disk":"phy:/dev/ram0,hda1,w"}
+domain = XmTestDomain(extraConfig=config)
try:
domain.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5
tools/xm-test/tests/block-destroy/05_block-destroy_byname_pos.py
--- a/tools/xm-test/tests/block-destroy/05_block-destroy_byname_pos.py Tue Dec
13 18:08:17 2005
+++ b/tools/xm-test/tests/block-destroy/05_block-destroy_byname_pos.py Tue Dec
13 18:08:26 2005
@@ -5,9 +5,8 @@
from XmTestLib import *
-domain = XmTestDomain()
-
-domain.configAddDisk("phy:/dev/ram0", "hda1", "w")
+config = {"disk":"phy:/dev/ram0,hda1,w"}
+domain = XmTestDomain(extraConfig=config)
try:
domain.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5
tools/xm-test/tests/block-list/01_block-list_pos.py
--- a/tools/xm-test/tests/block-list/01_block-list_pos.py Tue Dec 13
18:08:17 2005
+++ b/tools/xm-test/tests/block-list/01_block-list_pos.py Tue Dec 13
18:08:26 2005
@@ -8,9 +8,8 @@
from XmTestLib import *
-domain = XmTestDomain()
-
-domain.configAddDisk("phy:/dev/ram0", "hda1", "w")
+config = {"disk":"phy:/dev/ram0,hda1,w"}
+domain = XmTestDomain(extraConfig=config)
try:
domain.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5
tools/xm-test/tests/block-list/03_block-list_anotherbd_pos.py
--- a/tools/xm-test/tests/block-list/03_block-list_anotherbd_pos.py Tue Dec
13 18:08:17 2005
+++ b/tools/xm-test/tests/block-list/03_block-list_anotherbd_pos.py Tue Dec
13 18:08:26 2005
@@ -8,9 +8,8 @@
from XmTestLib import *
-domain = XmTestDomain()
-
-domain.configAddDisk("phy:/dev/ram0", "hda1", "w")
+config = {"disk":"phy:/dev/ram0,hda1,w"}
+domain = XmTestDomain(extraConfig=config)
try:
domain.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5
tools/xm-test/tests/create/01_create_basic_pos.py
--- a/tools/xm-test/tests/create/01_create_basic_pos.py Tue Dec 13 18:08:17 2005
+++ b/tools/xm-test/tests/create/01_create_basic_pos.py Tue Dec 13 18:08:26 2005
@@ -12,9 +12,9 @@
# Create a domain (default XmTestDomain, with our ramdisk)
domain = XmTestDomain()
-if int(getInfo("free_memory")) < domain.getMem():
+if int(getInfo("free_memory")) < domain.config.getOpt("memory"):
SKIP("This test needs %i MB of free memory (%i MB avail)" %
- (domain.getMem(), int(getInfo("free_memory"))))
+ (domain.config.getOpt("memory"), int(getInfo("free_memory"))))
# Start it
try:
diff -r 8c5b7b6772ae -r 62d9ac63e7f5
tools/xm-test/tests/create/06_create_mem_neg.py
--- a/tools/xm-test/tests/create/06_create_mem_neg.py Tue Dec 13 18:08:17 2005
+++ b/tools/xm-test/tests/create/06_create_mem_neg.py Tue Dec 13 18:08:26 2005
@@ -19,15 +19,8 @@
rdpath = "../ramdisk"
# Test 1: create a domain with mem=0
-opts1 = {
- "name" : "default",
- "memory" : 0,
- "kernel" : getDefaultKernel(),
- "root" : "/dev/ram0",
- "ramdisk" : rdpath + "/initrd.img",
- }
-
-domain1=XenDomain(opts1)
+config1 = {"memory": 0}
+domain1=XmTestDomain(extraConfig=config1)
try:
domain1.start()
@@ -43,17 +36,10 @@
# Test 2: create a domain with mem>sys_mem
mem = int(getInfo("total_memory"))
-extreme_mem = str(mem + 100)
+extreme_mem = mem + 100
-opts2= {
- "name" : "default",
- "memory" : extreme_mem,
- "kernel" : getDefaultKernel(),
- "root" : "/dev/ram0",
- "ramdisk" : rdpath + "/initrd.img",
- }
-
-domain2=XenDomain(opts2)
+config2 = {"memory": extreme_mem}
+domain2=XmTestDomain(extraConfig=config2)
try:
domain2.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5
tools/xm-test/tests/create/07_create_mem64_pos.py
--- a/tools/xm-test/tests/create/07_create_mem64_pos.py Tue Dec 13 18:08:17 2005
+++ b/tools/xm-test/tests/create/07_create_mem64_pos.py Tue Dec 13 18:08:26 2005
@@ -23,15 +23,8 @@
SKIP("This test needs 64 MB of free memory (%i MB avail)" % mem)
#create a domain with mem=64
-opts = {
- "name" : "MEM64",
- "memory" : 64,
- "kernel" : getDefaultKernel(),
- "root" : "/dev/ram0",
- "ramdisk" : rdpath + "/initrd.img",
- }
-
-domain_mem64=XenDomain(opts)
+config = {"memory": 64}
+domain_mem64=XmTestDomain(extraConfig=config)
#start it
try:
diff -r 8c5b7b6772ae -r 62d9ac63e7f5
tools/xm-test/tests/create/08_create_mem128_pos.py
--- a/tools/xm-test/tests/create/08_create_mem128_pos.py Tue Dec 13
18:08:17 2005
+++ b/tools/xm-test/tests/create/08_create_mem128_pos.py Tue Dec 13
18:08:26 2005
@@ -23,15 +23,8 @@
SKIP("This test needs 128 MB of free memory (%i MB avail)" % mem)
#create a domain with mem=128
-opts = {
- "name" : "MEM128",
- "memory" : 128,
- "kernel" : getDefaultKernel(),
- "root" : "/dev/ram0",
- "ramdisk" : rdpath + "/initrd.img",
- }
-
-domain_mem128=XenDomain(opts)
+config={"memory": 128}
+domain_mem128=XmTestDomain(extraConfig=config)
#start it
try:
diff -r 8c5b7b6772ae -r 62d9ac63e7f5
tools/xm-test/tests/create/09_create_mem256_pos.py
--- a/tools/xm-test/tests/create/09_create_mem256_pos.py Tue Dec 13
18:08:17 2005
+++ b/tools/xm-test/tests/create/09_create_mem256_pos.py Tue Dec 13
18:08:26 2005
@@ -23,15 +23,8 @@
SKIP("This test needs 256 MB of free memory (%i MB avail)" % mem)
#create a domain with mem=256
-opts = {
- "name" : "MEM256",
- "memory" : 256,
- "kernel" : getDefaultKernel(),
- "root" : "/dev/ram0",
- "ramdisk" : rdpath + "/initrd.img",
- }
-
-domain_mem256=XenDomain(opts)
+config = {"memory": 256}
+domain_mem256=XmTestDomain(extraConfig=config)
#start it
try:
diff -r 8c5b7b6772ae -r 62d9ac63e7f5
tools/xm-test/tests/create/11_create_concurrent_pos.py
--- a/tools/xm-test/tests/create/11_create_concurrent_pos.py Tue Dec 13
18:08:17 2005
+++ b/tools/xm-test/tests/create/11_create_concurrent_pos.py Tue Dec 13
18:08:26 2005
@@ -34,7 +34,7 @@
for d in range(0, NUM_DOMS):
dom = XmTestDomain(name="11_create_%i" % d,
- extraOpts={"memory":str(MEM_PER_DOM)})
+ extraConfig={"memory":MEM_PER_DOM})
try:
dom.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5
tools/xm-test/tests/create/12_create_concurrent_stress_pos.py
--- a/tools/xm-test/tests/create/12_create_concurrent_stress_pos.py Tue Dec
13 18:08:17 2005
+++ b/tools/xm-test/tests/create/12_create_concurrent_stress_pos.py Tue Dec
13 18:08:26 2005
@@ -14,7 +14,7 @@
domains = []
for i in range(0,DOMS):
- dom = XmTestDomain(extraOpts={"memory" : str(MEM)})
+ dom = XmTestDomain(extraConfig={"memory" : MEM})
try:
dom.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5
tools/xm-test/tests/create/13_create_multinic_pos.py
--- a/tools/xm-test/tests/create/13_create_multinic_pos.py Tue Dec 13
18:08:17 2005
+++ b/tools/xm-test/tests/create/13_create_multinic_pos.py Tue Dec 13
18:08:26 2005
@@ -6,8 +6,8 @@
from XmTestLib import *
for i in range(0,10):
- domain = XmTestDomain()
- domain.configSetVar('vif', str(['' for _ in range(0, i)]))
+ config = {"vif": ['' for _ in range(0, i)]}
+ domain = XmTestDomain(extraConfig=config)
try:
domain.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5
tools/xm-test/tests/create/14_create_blockroot_pos.py
--- a/tools/xm-test/tests/create/14_create_blockroot_pos.py Tue Dec 13
18:08:17 2005
+++ b/tools/xm-test/tests/create/14_create_blockroot_pos.py Tue Dec 13
18:08:26 2005
@@ -6,10 +6,9 @@
from XmTestLib import *
import os
+import time
-CONF_FILE = "/tmp/14_create_blockroot_pos.conf"
-
-rdpath = os.path.abspath(os.environ.get("RD_PATH"))
+rdpath = getRdPath()
# status, output = traceCommand("losetup -f %s" % rdpath)
# if status != 0:
@@ -17,22 +16,26 @@
#
# if verbose:
# print "Using %s" % output
-
-opts = {"memory" : "64",
- "root" : "/dev/hda1",
- "name" : "14_create_blockroot",
- "kernel" : getDefaultKernel() }
-domain = XenDomain(opts=opts)
-
-domain.configAddDisk("file:%s/initrd.img" % rdpath, "hda1", "w")
+if ENABLE_VMX_SUPPORT:
+ domain = XmTestDomain(name="14_create_blockroot")
+else:
+ config = {"memory" : "64",
+ "root" : "/dev/hda1",
+ "name" : "14_create_blockroot",
+ "kernel" : getDefaultKernel(),
+ "disk" : "file:%s/initrd.img,hda1,w" % rdpath
+ }
+ domConfig = XenConfig()
+ domConfig.setOpts(config)
+ domain = XenDomain(name=domConfig.getOpt("name"), config=domConfig)
try:
domain.start()
except DomainError, e:
FAIL(str(e))
-waitForBoot()
+#waitForBoot()
try:
console = XmConsole(domain.getName(), historySaveCmds=True)
diff -r 8c5b7b6772ae -r 62d9ac63e7f5
tools/xm-test/tests/create/15_create_smallmem_pos.py
--- a/tools/xm-test/tests/create/15_create_smallmem_pos.py Tue Dec 13
18:08:17 2005
+++ b/tools/xm-test/tests/create/15_create_smallmem_pos.py Tue Dec 13
18:08:26 2005
@@ -7,8 +7,8 @@
MEM = 16
-domain = XmTestDomain(extraOpts={"memory":"%i" % MEM,
- "extra" :"mem=%iM" % MEM})
+domain = XmTestDomain(extraConfig={"memory": MEM,
+ "extra" :"mem=%iM" % MEM})
try:
domain.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5
tools/xm-test/tests/memset/03_memset_random_pos.py
--- a/tools/xm-test/tests/memset/03_memset_random_pos.py Tue Dec 13
18:08:17 2005
+++ b/tools/xm-test/tests/memset/03_memset_random_pos.py Tue Dec 13
18:08:26 2005
@@ -20,8 +20,8 @@
FAIL(str(e))
times = random.randint(10,50)
-origmem = domain.getMem()
-currmem = domain.getMem()
+origmem = domain.config.getOpt("memory")
+currmem = domain.config.getOpt("memory")
try:
console = XmConsole(domain.getName())
diff -r 8c5b7b6772ae -r 62d9ac63e7f5
tools/xm-test/tests/network/02_network_local_ping_pos.py
--- a/tools/xm-test/tests/network/02_network_local_ping_pos.py Tue Dec 13
18:08:17 2005
+++ b/tools/xm-test/tests/network/02_network_local_ping_pos.py Tue Dec 13
18:08:26 2005
@@ -28,9 +28,9 @@
mask = Net.mask("dom1", "eth0")
# Fire up a guest domain w/1 nic
-domain = XmTestDomain()
+config = {"vif" : ['ip=%s' % ip]}
+domain = XmTestDomain(extraConfig=config)
try:
- domain.configSetVar('vif', " [ 'ip=" + ip + "' ]")
domain.start()
except DomainError, e:
if verbose:
diff -r 8c5b7b6772ae -r 62d9ac63e7f5
tools/xm-test/tests/network/05_network_dom0_ping_pos.py
--- a/tools/xm-test/tests/network/05_network_dom0_ping_pos.py Tue Dec 13
18:08:17 2005
+++ b/tools/xm-test/tests/network/05_network_dom0_ping_pos.py Tue Dec 13
18:08:26 2005
@@ -31,9 +31,9 @@
FAIL(str(e))
# Fire up a guest domain w/1 nic
-domain = XmTestDomain()
+config = {"vif" : ["ip=%s" % ip]}
+domain = XmTestDomain(extraConfig=config)
try:
- domain.configSetVar('vif', " [ 'ip=" + ip + "' ]")
domain.start()
except DomainError, e:
if verbose:
diff -r 8c5b7b6772ae -r 62d9ac63e7f5
tools/xm-test/tests/network/11_network_domU_ping_pos.py
--- a/tools/xm-test/tests/network/11_network_domU_ping_pos.py Tue Dec 13
18:08:17 2005
+++ b/tools/xm-test/tests/network/11_network_domU_ping_pos.py Tue Dec 13
18:08:26 2005
@@ -15,15 +15,12 @@
pingsizes = [ 1, 48, 64, 512, 1440, 1500, 1505, 4096, 4192,
32767, 65507 ]
-
-
from XmTestLib import *
-
def netDomain(ip):
- dom = XmTestDomain()
+ config = {"vif" : ["ip=%s" % ip]}
+ domain = XmTestDomain(extraConfig=config)
try:
- dom.configSetVar('vif', " [ 'ip=" + ip + "' ]")
dom.start()
except DomainError, e:
if verbose:
diff -r 8c5b7b6772ae -r 62d9ac63e7f5
tools/xm-test/tests/restore/04_restore_withdevices_pos.py
--- a/tools/xm-test/tests/restore/04_restore_withdevices_pos.py Tue Dec 13
18:08:17 2005
+++ b/tools/xm-test/tests/restore/04_restore_withdevices_pos.py Tue Dec 13
18:08:26 2005
@@ -7,12 +7,9 @@
import re
-domain = XmTestDomain()
-
-domain.configSetVar('vif', "[ '', '' ]")
-
-domain.configAddDisk("phy:/dev/ram0", "hda1", "w")
-domain.configAddDisk("phy:/dev/ram1", "hdb2", "w")
+config = {"disk": ["phy:/dev/ram0,hda1,w", "phy:/dev/ram1,hdb2,w"],
+ "vif": ['', '']}
+domain = XmTestDomain(extraConfig=config)
s, o = traceCommand("mke2fs -q /dev/ram0")
if s != 0:
diff -r 8c5b7b6772ae -r 62d9ac63e7f5
tools/xm-test/tests/sedf/01_sedf_multi_pos.py
--- a/tools/xm-test/tests/sedf/01_sedf_multi_pos.py Tue Dec 13 18:08:17 2005
+++ b/tools/xm-test/tests/sedf/01_sedf_multi_pos.py Tue Dec 13 18:08:26 2005
@@ -7,7 +7,7 @@
sedf_opts = "20000000 5000000 0 0 0"
-domain = XmTestDomain(extraOpts = {"sched":"sedf"})
+domain = XmTestDomain(extraConfig = {"sched":"sedf"})
try:
domain.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5
tools/xm-test/tests/vcpu-disable/01_vcpu-disable_basic_pos.py
--- a/tools/xm-test/tests/vcpu-disable/01_vcpu-disable_basic_pos.py Tue Dec
13 18:08:17 2005
+++ b/tools/xm-test/tests/vcpu-disable/01_vcpu-disable_basic_pos.py Tue Dec
13 18:08:26 2005
@@ -39,7 +39,7 @@
SKIP("Host not capable of running test")
# Start a XmTestDomain with 2 VCPUs
-domain = XmTestDomain(extraOpts = {"vcpus":"2"})
+domain = XmTestDomain(extraConfig={"vcpus":2})
try:
domain.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 xen/arch/x86/Makefile
--- a/xen/arch/x86/Makefile Tue Dec 13 18:08:17 2005
+++ b/xen/arch/x86/Makefile Tue Dec 13 18:08:26 2005
@@ -62,6 +62,8 @@
boot/mkelf32: boot/mkelf32.c
$(HOSTCC) $(HOSTCFLAGS) -o $@ $<
+shadow_guest32.o: shadow.c
+
clean:
rm -f *.o *.s *~ core boot/*.o boot/*~ boot/core boot/mkelf32
rm -f x86_32/*.o x86_32/*~ x86_32/core
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 xen/arch/x86/vmx.c
--- a/xen/arch/x86/vmx.c Tue Dec 13 18:08:17 2005
+++ b/xen/arch/x86/vmx.c Tue Dec 13 18:08:26 2005
@@ -1476,6 +1476,15 @@
(unsigned long)regs->ecx, (unsigned long)regs->eax,
(unsigned long)regs->edx);
switch (regs->ecx) {
+ case MSR_IA32_TIME_STAMP_COUNTER:
+ {
+ struct vmx_virpit *vpit;
+
+ rdtscll(msr_content);
+ vpit = &(v->domain->arch.vmx_platform.vmx_pit);
+ msr_content += vpit->shift;
+ break;
+ }
case MSR_IA32_SYSENTER_CS:
__vmread(GUEST_SYSENTER_CS, (u32 *)&msr_content);
break;
@@ -1516,6 +1525,23 @@
msr_content = (regs->eax & 0xFFFFFFFF) | ((u64)regs->edx << 32);
switch (regs->ecx) {
+ case MSR_IA32_TIME_STAMP_COUNTER:
+ {
+ struct vmx_virpit *vpit;
+ u64 host_tsc, drift;
+
+ rdtscll(host_tsc);
+ vpit = &(v->domain->arch.vmx_platform.vmx_pit);
+ drift = v->arch.arch_vmx.tsc_offset - vpit->shift;
+ vpit->shift = msr_content - host_tsc;
+ v->arch.arch_vmx.tsc_offset = vpit->shift + drift;
+ __vmwrite(TSC_OFFSET, vpit->shift);
+
+#if defined (__i386__)
+ __vmwrite(TSC_OFFSET_HIGH, ((vpit->shift)>>32));
+#endif
+ break;
+ }
case MSR_IA32_SYSENTER_CS:
__vmwrite(GUEST_SYSENTER_CS, msr_content);
break;
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 xen/arch/x86/vmx_io.c
--- a/xen/arch/x86/vmx_io.c Tue Dec 13 18:08:17 2005
+++ b/xen/arch/x86/vmx_io.c Tue Dec 13 18:08:26 2005
@@ -801,11 +801,11 @@
drift = vpit->period_cycles * vpit->pending_intr_nr;
else
drift = 0;
- drift = v->arch.arch_vmx.tsc_offset - drift;
- __vmwrite(TSC_OFFSET, drift);
+ vpit->shift = v->arch.arch_vmx.tsc_offset - drift;
+ __vmwrite(TSC_OFFSET, vpit->shift);
#if defined (__i386__)
- __vmwrite(TSC_OFFSET_HIGH, (drift >> 32));
+ __vmwrite(TSC_OFFSET_HIGH, ((vpit->shift)>> 32));
#endif
}
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 xen/common/grant_table.c
--- a/xen/common/grant_table.c Tue Dec 13 18:08:17 2005
+++ b/xen/common/grant_table.c Tue Dec 13 18:08:26 2005
@@ -579,7 +579,7 @@
(void)put_user(GNTST_okay, &uop->status);
for ( i = 0; i < op.nr_frames; i++ )
(void)put_user(gnttab_shared_mfn(d, d->grant_table, i),
- &uop->frame_list[i]);
+ &op.frame_list[i]);
}
put_domain(d);
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 xen/include/asm-x86/msr.h
--- a/xen/include/asm-x86/msr.h Tue Dec 13 18:08:17 2005
+++ b/xen/include/asm-x86/msr.h Tue Dec 13 18:08:26 2005
@@ -88,6 +88,7 @@
/* Intel defined MSRs. */
#define MSR_IA32_P5_MC_ADDR 0
#define MSR_IA32_P5_MC_TYPE 1
+#define MSR_IA32_TIME_STAMP_COUNTER 0x10
#define MSR_IA32_PLATFORM_ID 0x17
#define MSR_IA32_EBL_CR_POWERON 0x2a
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 xen/include/asm-x86/vmx_vpit.h
--- a/xen/include/asm-x86/vmx_vpit.h Tue Dec 13 18:08:17 2005
+++ b/xen/include/asm-x86/vmx_vpit.h Tue Dec 13 18:08:26 2005
@@ -21,6 +21,7 @@
/* for simulation of counter 0 in mode 2*/
u64 period_cycles; /* pit frequency in cpu cycles */
u64 inject_point; /* the time inject virt intr */
+ u64 shift; /* save the value of offset - drift */
s_time_t scheduled; /* scheduled timer interrupt */
struct ac_timer pit_timer; /* periodic timer for mode 2*/
unsigned int channel; /* the pit channel, counter 0~2 */
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 tools/security/python/setup.py
--- /dev/null Tue Dec 13 18:08:17 2005
+++ b/tools/security/python/setup.py Tue Dec 13 18:08:26 2005
@@ -0,0 +1,30 @@
+#!/usr/bin/python
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License,
+# or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+from distutils.core import setup
+import os
+
+# This setup script is invoked from the parent directory, so base
+# everything as if executing from there.
+XEN_ROOT = "../.."
+
+setup(name = 'xensec_gen',
+ version = '3.0',
+ description = 'Xen XML Security Policy Generator',
+ package_dir = { 'xen' : 'python' },
+ packages = ['xen.xensec_gen'],
+ )
diff -r 8c5b7b6772ae -r 62d9ac63e7f5
tools/security/python/xensec_gen/cgi-bin/policy.cgi
--- /dev/null Tue Dec 13 18:08:17 2005
+++ b/tools/security/python/xensec_gen/cgi-bin/policy.cgi Tue Dec 13
18:08:26 2005
@@ -0,0 +1,1325 @@
+#!/usr/bin/python
+#
+# The Initial Developer of the Original Code is International
+# Business Machines Corporation. Portions created by IBM
+# Corporation are Copyright (C) 2005 International Business
+# Machines Corporation. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License,
+# or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import os
+import cgi
+import cgitb; cgitb.enable( )
+import time
+import xml.dom.minidom
+import xml.sax
+import xml.sax.handler
+from StringIO import StringIO
+from sets import Set
+
+def getSavedData( ):
+ global formData, policyXml, formVariables, formCSNames
+ global templateCSMTypes, templateCSMDel, templateCSMType, templateCSMAdd
+ global allCSMTypes
+
+ # Process the XML upload policy file
+ if formData.has_key( 'i_policy' ):
+ dataList = formData.getlist( 'i_policy' )
+ if len( dataList ) > 0:
+ policyXml = dataList[0]
+
+ # Process all the hidden input variables (if present)
+ for formVar in formVariables:
+ if formVar[2] == '':
+ continue
+
+ if formData.has_key( formVar[2] ):
+ dataList = formData.getlist( formVar[2] )
+ if len( dataList ) > 0:
+ if isinstance( formVar[1], list ):
+ exec 'formVar[1] = ' + dataList[0]
+ else:
+ formVar[1] = dataList[0]
+
+ # The form can contain any number of "Conflict Sets"
+ # so update the list of form variables to include
+ # each conflict set (hidden input variable)
+ for csName in formCSNames[1]:
+ newCS( csName )
+ if formData.has_key( allCSMTypes[csName][2] ):
+ dataList = formData.getlist( allCSMTypes[csName][2] )
+ if len( dataList ) > 0:
+ exec 'allCSMTypes[csName][1] = ' + dataList[0]
+
+def getCurrentTime( ):
+ return time.strftime( '%Y-%m-%d %H:%M:%S', time.localtime( ) )
+
+def getName( domNode ):
+ nameNodes = domNode.getElementsByTagName( 'Name' )
+ if len( nameNodes ) == 0:
+ formatXmlError( '"<Name>" tag is missing' )
+ return None
+
+ name = ''
+ for childNode in nameNodes[0].childNodes:
+ if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+ name = name + childNode.data
+
+ return name
+
+def getDate( domNode ):
+ dateNodes = domNode.getElementsByTagName( 'Date' )
+ if len( dateNodes ) == 0:
+ formatXmlError( '"<Date>" tag is missing' )
+ return None
+
+ date = ''
+ for childNode in dateNodes[0].childNodes:
+ if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+ date = date + childNode.data
+
+ return date
+
+def getSteTypes( domNode, missingIsError = 0 ):
+ steNodes = domNode.getElementsByTagName( 'SimpleTypeEnforcementTypes' )
+ if len( steNodes ) == 0:
+ if missingIsError == 1:
+ formatXmlError( '"<SimpleTypeEnforcementTypes>" tag is
missing' )
+ return None
+ else:
+ return []
+
+ return getTypes( steNodes[0] )
+
+def getChWTypes( domNode, missingIsError = 0 ):
+ chwNodes = domNode.getElementsByTagName( 'ChineseWallTypes' )
+ if len( chwNodes ) == 0:
+ if missingIsError == 1:
+ formatXmlError( '"<ChineseWallTypes>" tag is missing' )
+ return None
+ else:
+ return []
+
+ return getTypes( chwNodes[0] )
+
+def getTypes( domNode ):
+ types = []
+
+ domNodes = domNode.getElementsByTagName( 'Type' )
+ if len( domNodes ) == 0:
+ formatXmlError( '"<Type>" tag is missing' )
+ return None
+
+ for domNode in domNodes:
+ typeText = ''
+ for childNode in domNode.childNodes:
+ if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+ typeText = typeText + childNode.data
+
+ if typeText == '':
+ formatXmlError( 'No text associated with the "<Type>"
tag' )
+ return None
+
+ types.append( typeText )
+
+ return types
+
+def formatXmlError( msg, xml = '', lineNum = -1, colNum = -1 ):
+ global xmlMessages, xmlError
+
+ xmlError = 1
+ addMsg = cgi.escape( msg )
+
+ if lineNum != -1:
+ sio = StringIO( xml )
+ for xmlLine in sio:
+ lineNum = lineNum - 1
+ if lineNum == 0:
+ break;
+
+ addMsg += '<BR><PRE>' + cgi.escape( xmlLine.rstrip( ) )
+
+ if colNum != -1:
+ errLine = ''
+ for i in range( colNum ):
+ errLine = errLine + '-'
+
+ addMsg += '\n' + errLine + '^'
+
+ addMsg += '</PRE>'
+
+ xmlMessages.append( addMsg )
+
+def formatXmlGenError( msg ):
+ global xmlMessages, xmlIncomplete
+
+ xmlIncomplete = 1
+ xmlMessages.append( cgi.escape( msg ) )
+
+def parseXml( xmlInput ):
+ global xmlMessages, xmlError, xmlLine, xmlColumn
+
+ xmlParser = xml.sax.make_parser( )
+ try:
+ domDoc = xml.dom.minidom.parseString( xmlInput, xmlParser )
+
+ except xml.sax.SAXParseException, xmlErr:
+ msg = ''
+ msg = msg + 'XML parsing error occurred at line '
+ msg = msg + `xmlErr.getLineNumber( )`
+ msg = msg + ', column '
+ msg = msg + `xmlErr.getColumnNumber( )`
+ msg = msg + ': reason = "'
+ msg = msg + xmlErr.getMessage( )
+ msg = msg + '"'
+ formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ),
xmlErr.getColumnNumber( ) )
+ return None
+
+ except xml.sax.SAXException, xmlErr:
+ msg = ''
+ msg = msg + 'XML Parsing error: ' + `xmlErr`
+ formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ),
xmlErr.getColumnNumber( ) )
+ return None
+
+ return domDoc
+
+def parsePolicyXml( ):
+ global policyXml
+ global formPolicyName, formPolicyDate, formPolicyOrder
+ global formSteTypes, formChWallTypes
+ global allCSMTypes
+
+ domDoc = parseXml( policyXml )
+ if domDoc == None:
+ return
+
+ domRoot = domDoc.documentElement
+ domHeaders = domRoot.getElementsByTagName( 'PolicyHeader' )
+ if len( domHeaders ) == 0:
+ msg = ''
+ msg = msg + '"<PolicyHeader>" tag is missing.\n'
+ msg = msg + 'Please validate the Policy file used.'
+ formatXmlError( msg )
+ return
+
+ pName = getName( domHeaders[0] )
+ if pName == None:
+ msg = ''
+ msg = msg + 'Error processing the Policy header information.\n'
+ msg = msg + 'Please validate the Policy file used.'
+ formatXmlError( msg )
+ return
+
+ formPolicyName[1] = pName
+
+ pDate = getDate( domHeaders[0] )
+ if pDate == None:
+ msg = ''
+ msg = msg + 'Error processing the Policy header information.\n'
+ msg = msg + 'Please validate the Policy file used.'
+ formatXmlError( msg )
+ return
+
+ formPolicyDate[1] = pDate
+
+ pOrder = ''
+ domStes = domRoot.getElementsByTagName( 'SimpleTypeEnforcement' )
+ if len( domStes ) > 0:
+ if domStes[0].hasAttribute( 'priority' ):
+ if domStes[0].getAttribute( 'priority' ) !=
'PrimaryPolicyComponent':
+ msg = ''
+ msg = msg + 'Error processing the
"<SimpleTypeEnforcement>" tag.\n'
+ msg = msg + 'The "priority" attribute value is
not valid.\n'
+ msg = msg + 'Please validate the Policy file
used.'
+ formatXmlError( msg )
+ return
+
+ pOrder = 'v_Ste'
+
+ steTypes = getSteTypes( domStes[0], 1 )
+ if steTypes == None:
+ msg = ''
+ msg = msg + 'Error processing the SimpleTypeEnforcement
types.\n'
+ msg = msg + 'Please validate the Policy file used.'
+ formatXmlError( msg )
+ return
+
+ formSteTypes[1] = steTypes
+
+ domChWalls = domRoot.getElementsByTagName( 'ChineseWall' )
+ if len( domChWalls ) > 0:
+ if domChWalls[0].hasAttribute( 'priority' ):
+ if domChWalls[0].getAttribute( 'priority' ) !=
'PrimaryPolicyComponent':
+ msg = ''
+ msg = msg + 'Error processing the
"<ChineseWall>" tag.\n'
+ msg = msg + 'The "priority" attribute value is
not valid.\n'
+ msg = msg + 'Please validate the Policy file
used.'
+ formatXmlError( msg )
+ return
+
+ if pOrder != '':
+ msg = ''
+ msg = msg + 'Error processing the
"<ChineseWall>" tag.\n'
+ msg = msg + 'The "priority" attribute has been
previously specified.\n'
+ msg = msg + 'Please validate the Policy file
used.'
+ formatXmlError( msg )
+ return
+
+ pOrder = 'v_ChWall'
+
+ chwTypes = getChWTypes( domChWalls[0], 1 )
+ if chwTypes == None:
+ msg = ''
+ msg = msg + 'Error processing the ChineseWall types.\n'
+ msg = msg + 'Please validate the Policy file used.'
+ formatXmlError( msg )
+ return
+
+ formChWallTypes[1] = chwTypes
+
+ csNodes = domChWalls[0].getElementsByTagName( 'ConflictSets' )
+ if len( csNodes ) == 0:
+ msg = ''
+ msg = msg + 'Required "<ConflictSets>" tag missing.\n'
+ msg = msg + 'Please validate the Policy file used.'
+ formatXmlError( msg )
+ return
+
+ cNodes = csNodes[0].getElementsByTagName( 'Conflict' )
+ if len( cNodes ) == 0:
+ msg = ''
+ msg = msg + 'Required "<Conflict>" tag missing.\n'
+ msg = msg + 'Please validate the Policy file used.'
+ formatXmlError( msg )
+ return
+
+ for cNode in cNodes:
+ csName = cNode.getAttribute( 'name' )
+ newCS( csName, 1 )
+
+ csMemberList = getTypes( cNode )
+ if csMemberList == None:
+ msg = ''
+ msg = msg + 'Error processing the Conflict Set
members.\n'
+ msg = msg + 'Please validate the Policy file
used.'
+ formatXmlError( msg )
+ return
+
+ # Verify the conflict set members are valid types
+ ctSet = Set( formChWallTypes[1] )
+ csSet = Set( csMemberList )
+ if not csSet.issubset( ctSet ):
+ msg = ''
+ msg = msg + 'Error processing Conflict Set "' +
csName + '".\n'
+ msg = msg + 'Members of the conflict set are
not valid '
+ msg = msg + 'Chinese Wall types.\n'
+ msg = msg + 'Please validate the Policy file
used.'
+ formatXmlError( msg )
+
+ allCSMTypes[csName][1] = csMemberList
+
+ if pOrder != '':
+ formPolicyOrder[1] = pOrder
+ else:
+ if (len( domStes ) > 0) or (len( domChWalls ) > 0):
+ msg = ''
+ msg = msg + 'The "priority" attribute has not been
specified.\n'
+ msg = msg + 'It must be specified on one of the access
control types.\n'
+ msg = msg + 'Please validate the Policy file used.'
+ formatXmlError( msg )
+ return
+
+def modFormTemplate( formTemplate, suffix ):
+ formVar = [x for x in formTemplate]
+
+ if formVar[2] != '':
+ formVar[2] = formVar[2] + suffix
+ if formVar[3] != '':
+ formVar[3] = formVar[3] + suffix
+ if (formVar[0] != 'button') and (formVar[4] != ''):
+ formVar[4] = formVar[4] + suffix
+
+ return formVar;
+
+def removeDups( curList ):
+ newList = []
+ curSet = Set( curList )
+ for x in curSet:
+ newList.append( x )
+ newList.sort( )
+
+ return newList
+
+def newCS( csName, addToList = 0 ):
+ global formCSNames
+ global templateCSDel, allCSDel
+ global templateCSMTypes, templateCSMDel, templateCSMType, templateCSMAdd
+ global allCSMTypes, allCSMDel, allCSMType, allCSMAdd
+
+ csSuffix = '_' + csName
+
+ # Make sure we have an actual name and check one of the 'all'
+ # variables to be sure it hasn't been previously defined
+ if (len( csName ) > 0) and (not allCSMTypes.has_key( csName )):
+ allCSDel[csName] = modFormTemplate( templateCSDel,
csSuffix )
+ allCSMTypes[csName] = modFormTemplate( templateCSMTypes,
csSuffix )
+ allCSMDel[csName] = modFormTemplate( templateCSMDel,
csSuffix )
+ allCSMType[csName] = modFormTemplate( templateCSMType,
csSuffix )
+ allCSMAdd[csName] = modFormTemplate( templateCSMAdd,
csSuffix )
+ if addToList == 1:
+ formCSNames[1].append( csName )
+ formCSNames[1] = removeDups( formCSNames[1] )
+
+def updateInfo( ):
+ global formData, formPolicyName, formPolicyDate, formPolicyOrder
+
+ if formData.has_key( formPolicyName[3] ):
+ formPolicyName[1] = formData[formPolicyName[3]].value
+ elif formData.has_key( formPolicyUpdate[3] ):
+ formPolicyName[1] = ''
+
+ if formData.has_key( formPolicyDate[3] ):
+ formPolicyDate[1] = formData[formPolicyDate[3]].value
+ elif formData.has_key( formPolicyUpdate[3] ):
+ formPolicyDate[1] = ''
+
+ if formData.has_key( formPolicyOrder[3] ):
+ formPolicyOrder[1] = formData[formPolicyOrder[3]].value
+
+def addSteType( ):
+ global formData, formSteType, formSteTypes
+
+ if (formData.has_key( formDefaultButton[3] )) or (formData.has_key(
formSteAdd[3] )):
+ if formData.has_key( formSteType[3] ):
+ type = formData[formSteType[3]].value
+ type = type.strip( )
+ if len( type ) > 0:
+ formSteTypes[1].append( type )
+ formSteTypes[1] = removeDups( formSteTypes[1] )
+
+
+def delSteType( ):
+ global formData, formSteTypes
+
+ if formData.has_key( formSteTypes[3] ):
+ typeList = formData.getlist( formSteTypes[3] )
+ for type in typeList:
+ type = type.strip( )
+ formSteTypes[1].remove( type )
+
+def addChWallType( ):
+ global formData, formChWallType, formChWallTypes
+
+ if (formData.has_key( formDefaultButton[3] )) or (formData.has_key(
formChWallAdd[3] )):
+ if formData.has_key( formChWallType[3] ):
+ type = formData[formChWallType[3]].value
+ type = type.strip( )
+ if len( type ) > 0:
+ formChWallTypes[1].append( type )
+ formChWallTypes[1] = removeDups(
formChWallTypes[1] )
+
+def delChWallType( ):
+ global formData, formChWallTypes
+
+ if formData.has_key( formChWallTypes[3] ):
+ typeList = formData.getlist( formChWallTypes[3] )
+ for type in typeList:
+ type = type.strip( )
+ formChWallTypes[1].remove( type )
+
+def addCS( ):
+ global formData, formCSNames
+
+ if (formData.has_key( formDefaultButton[3] )) or (formData.has_key(
formCSAdd[3] )):
+ if formData.has_key( formCSName[3] ):
+ csName = formData[formCSName[3]].value
+ csName = csName.strip( )
+ newCS( csName, 1 )
+
+def delCS( csName ):
+ global formData, formCSNames, allCSDel
+ global allCSMTypes, allCSMDel, allCSMType, allCSMAdd
+
+ csName = csName.strip( )
+ formCSNames[1].remove( csName )
+ del allCSDel[csName]
+ del allCSMTypes[csName]
+ del allCSMDel[csName]
+ del allCSMType[csName]
+ del allCSMAdd[csName]
+
+def addCSMember( csName ):
+ global formData, allCSMType, allCSMTypes
+
+ formVar = allCSMType[csName]
+ if formData.has_key( formVar[3] ):
+ csmList = formData.getlist( formVar[3] )
+ formVar = allCSMTypes[csName]
+ for csm in csmList:
+ csm = csm.strip( )
+ formVar[1].append( csm )
+ formVar[1] = removeDups( formVar[1] )
+
+def delCSMember( csName ):
+ global formData, allCSMTypes
+
+ formVar = allCSMTypes[csName]
+ if formData.has_key( formVar[3] ):
+ csmList = formData.getlist( formVar[3] )
+ for csm in csmList:
+ csm = csm.strip( )
+ formVar[1].remove( csm )
+
+def processRequest( ):
+ global policyXml
+ global formData, formPolicyUpdate
+ global formSteAdd, formSteDel
+ global formChWallAdd, formChWallDel
+ global formCSAdd, allCSDel
+ global formCSNames, allCSMAdd, allCSMDel
+
+ if policyXml != '':
+ parsePolicyXml( )
+
+ # Allow the updating of the header information whenever
+ # an action is performed
+ updateInfo( )
+
+ # Allow the adding of types/sets if the user has hit the
+ # enter key when attempting to add a type/set
+ addSteType( )
+ addChWallType( )
+ addCS( )
+
+ if formData.has_key( formSteDel[3] ):
+ delSteType( )
+
+ elif formData.has_key( formChWallDel[3] ):
+ delChWallType( )
+
+ else:
+ for csName in formCSNames[1]:
+ if formData.has_key( allCSDel[csName][3] ):
+ delCS( csName )
+ continue
+
+ if formData.has_key( allCSMAdd[csName][3] ):
+ addCSMember( csName )
+
+ elif formData.has_key( allCSMDel[csName][3] ):
+ delCSMember( csName )
+
+def makeName( name, suffix='' ):
+ rName = name
+ if suffix != '':
+ rName = rName + '_' + suffix
+
+ return rName
+
+def makeNameAttr( name, suffix='' ):
+ return 'name="' + makeName( name, suffix ) + '"'
+
+def makeValue( value, suffix='' ):
+ rValue = value
+
+ if isinstance( value, list ):
+ rValue = '['
+ for val in value:
+ rValue = rValue + '\'' + val
+ if suffix != '':
+ rValue = rValue + '_' + suffix
+ rValue = rValue + '\','
+ rValue = rValue + ']'
+
+ else:
+ if suffix != '':
+ rValue = rValue + '_' + suffix
+
+ return rValue
+
+def makeValueAttr( value, suffix='' ):
+ return 'value="' + makeValue( value, suffix ) + '"'
+
+def sendHtmlFormVar( formVar, attrs='' ):
+ nameAttr = ''
+ valueAttr = ''
+ htmlText = ''
+
+ if formVar[0] == 'text':
+ if formVar[3] != '':
+ nameAttr = makeNameAttr( formVar[3] )
+ valueAttr = makeValueAttr( formVar[1] )
+
+ print '<INPUT type="text"', nameAttr, valueAttr, attrs, '>'
+
+ elif formVar[0] == 'list':
+ if formVar[3] != '':
+ nameAttr = makeNameAttr( formVar[3] )
+
+ print '<SELECT', nameAttr, attrs, '>'
+ for option in formVar[1]:
+ print '<OPTION>' + option + '</OPTION>'
+ print '</SELECT>'
+
+ elif formVar[0] == 'button':
+ if formVar[3] != '':
+ nameAttr = makeNameAttr( formVar[3] )
+ if formVar[4] != '':
+ valueAttr = makeValueAttr( formVar[4] )
+
+ print '<INPUT type="submit"', nameAttr, valueAttr, attrs, '>'
+
+ elif formVar[0] == 'radiobutton':
+ if formVar[3] != '':
+ nameAttr = makeNameAttr( formVar[3] )
+ valueAttr = makeValueAttr( formVar[4][rb_select] )
+ htmlText = formVar[5][rb_select]
+ if formVar[4][rb_select] == formVar[1]:
+ checked = 'checked'
+ else:
+ checked = ''
+
+ print '<INPUT type="radio"', nameAttr, valueAttr,
attrs, checked, '>', htmlText
+
+ elif formVar[0] == 'radiobutton-all':
+ if formVar[3] != '':
+ nameAttr = makeNameAttr( formVar[3] )
+ buttonVals = formVar[4]
+ buttonTexts = formVar[5]
+ for i, buttonVal in enumerate( buttonVals ):
+ htmlText = ''
+ addAttrs = ''
+ checked = ''
+
+ valueAttr = makeValueAttr( buttonVal )
+ if formVar[5] != '':
+ htmlText = formVar[5][i]
+ if attrs != '':
+ addAttrs = attrs[i]
+ if buttonVal == formVar[1]:
+ checked = 'checked'
+
+ print '<INPUT type="radio"', nameAttr,
valueAttr, addAttrs, checked, '>', htmlText, '<BR>'
+
+ if formVar[2] != '':
+ nameAttr = makeNameAttr( formVar[2] )
+ valueAttr = makeValueAttr( formVar[1] )
+ print '<INPUT type="hidden"', nameAttr, valueAttr, '>'
+
+def sendHtmlHeaders( ):
+ # HTML headers
+ print 'Content-Type: text/html'
+ print
+
+def sendPolicyHtml( ):
+ global xmlError, xmlIncomplete, xmlMessages, formXmlGen
+
+ print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"'
+ print ' "http://www.w3.org/TR/html4/loose.dtd">'
+
+ print '<HTML>'
+
+ sendHtmlHead( )
+
+ print '<BODY>'
+
+ # An input XML file was specified that had errors, output the
+ # error information
+ if xmlError == 1:
+ print '<P>'
+ print 'An error has been encountered while processing the input
'
+ print 'XML file:'
+ print '<UL>'
+ for msg in xmlMessages:
+ print '<LI>'
+ print msg
+ print '</UL>'
+ print '</BODY>'
+ print '</HTML>'
+ return
+
+ # When attempting to generate the XML output, all required data was not
+ # present, output the error information
+ if xmlIncomplete == 1:
+ print '<P>'
+ print 'An error has been encountered while validating the data'
+ print 'required for the output XML file:'
+ print '<UL>'
+ for msg in xmlMessages:
+ print '<LI>'
+ print msg
+ print '</UL>'
+ print '</BODY>'
+ print '</HTML>'
+ return
+
+ print '<CENTER>'
+ print '<FORM action="' + os.environ['SCRIPT_NAME'] + '" method="post">'
+ print '<TABLE class="container">'
+ print ' <COLGROUP>'
+ print ' <COL width="100%">'
+ print ' </COLGROUP>'
+
+ print ' <TR>'
+ print ' <TD>'
+ print ' <TABLE>'
+ print ' <TR>'
+ print ' <TD>'
+ sendHtmlFormVar( formDefaultButton, 'class="hidden"' )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD>'
+ sendHtmlFormVar( formXmlGen )
+ print ' </TD>'
+ print ' </TR>'
+ print ' </TABLE>'
+ print ' </TD>'
+ print ' </TR>'
+
+ # Policy header
+ print ' <TR>'
+ print ' <TD>'
+ sendPHeaderHtml( )
+ print ' </TD>'
+ print ' </TR>'
+
+ # Separator
+ print ' <TR><TD><HR></TD></TR>'
+
+ # Policy (types)
+ print ' <TR>'
+ print ' <TD>'
+ print ' <TABLE class="full">'
+ print ' <TR>'
+ print ' <TD width="49%">'
+ sendPSteHtml( )
+ print ' </TD>'
+ print ' <TD width="2%"> </TD>'
+ print ' <TD width="49%">'
+ sendPChWallHtml( )
+ print ' </TD>'
+ print ' </TR>'
+ print ' </TABLE>'
+ print ' </TD>'
+ print ' </TR>'
+
+ print '</TABLE>'
+ print '</FORM>'
+ print '</CENTER>'
+
+ print '</BODY>'
+
+ print '</HTML>'
+
+def sendHtmlHead( ):
+ global headTitle
+
+ print '<HEAD>'
+ print '<STYLE type="text/css">'
+ print '<!--'
+ print 'BODY {background-color: #EEEEFF;}'
+ print 'TABLE.container {width: 90%; border: 1px solid black;
border-collapse: seperate;}'
+ print 'TABLE.fullbox {width: 100%; border: 1px solid black;
border-collapse: collapse;}'
+ print 'TABLE.full {width: 100%; border: 0px solid black;
border-collapse: collapse;}'
+ print 'THEAD {font-weight: bold; font-size: larger;}'
+ print 'TD {border: 0px solid black; vertical-align: top;}'
+ print 'TD.heading {border: 0px solid black; vertical-align: top;
font-weight: bold; font-size: larger;}'
+ print 'TD.subheading {border: 0px solid black; vertical-align: top;
font-size: smaller;}'
+ print 'TD.fullbox {border: 1px solid black; vertical-align: top;}'
+ print 'SELECT.full {width: 100%;}'
+ print 'INPUT.full {width: 100%;}'
+ print 'INPUT.link {cursor: pointer; background-color: #EEEEFF;
border: 0px; text-decoration: underline; color: blue;}'
+ print 'INPUT.hidden {visibility: hidden; width: 1px; height: 1px;}'
+ print ':link {color: blue;}'
+ print ':visited {color: red;}'
+ print '-->'
+ print '</STYLE>'
+ print '<TITLE>', headTitle, '</TITLE>'
+ print '</HEAD>'
+
+def sendPHeaderHtml( ):
+ global formPolicyName, formPolicyDate, formPolicyOrder, formPolicyUpdate
+
+ # Policy header definition
+ print '<TABLE class="full">'
+ print ' <COLGROUP>'
+ print ' <COL width="20%">'
+ print ' <COL width="80%">'
+ print ' </COLGROUP>'
+ print ' <TR>'
+ print ' <TD align="center" colspan="2" class="heading">Policy
Information</TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD align="right">Name:</TD>'
+ print ' <TD align="left">'
+ sendHtmlFormVar( formPolicyName, 'class="full"' )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD align="right">Date:</TD>'
+ print ' <TD align="left">'
+ sendHtmlFormVar( formPolicyDate, 'class="full"' )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD align="right">Primary Policy:</TD>'
+ print ' <TD align="left">'
+ sendHtmlFormVar( formPolicyOrder )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD align="center" colspan="2">'
+ sendHtmlFormVar( formPolicyUpdate )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD align="center" colspan="2" class="subheading">'
+ print ' (The Policy Information is updated whenever an action is
performed'
+ print ' or it can be updated separately using the "Update"
button)'
+ print ' </TD>'
+ print ' </TR>'
+ print '</TABLE>'
+
+def sendPSteHtml( ):
+ global formSteTypes, formSteDel, formSteType, formSteAdd
+
+ # Simple Type Enforcement...
+ print '<TABLE class="full">'
+ print ' <COLGROUP>'
+ print ' <COL width="20%">'
+ print ' <COL width="80%">'
+ print ' </COLGROUP>'
+ print ' <TR>'
+ print ' <TD align="center" colspan="2" class="heading">Simple Type
Enforcement Types</TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD colspan="2">'
+ sendHtmlFormVar( formSteTypes, 'class="full" size="4" multiple' )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD>'
+ sendHtmlFormVar( formSteDel, 'class="full"' )
+ print ' </TD>'
+ print ' <TD>'
+ print ' Delete the type(s) selected above'
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD colspan="2">'
+ sendHtmlFormVar( formSteType, 'class="full"' )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD>'
+ sendHtmlFormVar( formSteAdd, 'class="full"' )
+ print ' </TD>'
+ print ' <TD>'
+ print ' Create a new type with the above name'
+ print ' </TD>'
+ print ' </TR>'
+ print '</TABLE>'
+
+def sendPChWallHtml( ):
+ global formChWallTypes, formChWallDel, formChWallType, formChWallAdd
+ global formCSNames, formCSName, formCSAdd, allCSDel
+ global allCSMTypes, allCSMDel, allCSMType, allCSMAdd
+
+ # Chinese Wall...
+ print '<TABLE class="full">'
+ print ' <COLGROUP>'
+ print ' <COL width="20%">'
+ print ' <COL width="80%">'
+ print ' </COLGROUP>'
+ print ' <TR>'
+ print ' <TD align="center" colspan="2" class="heading">Chinese Wall
Types</TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD colspan="2">'
+ sendHtmlFormVar( formChWallTypes, 'class="full" size="4" multiple' )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD>'
+ sendHtmlFormVar( formChWallDel, 'class="full"' )
+ print ' </TD>'
+ print ' <TD>'
+ print ' Delete the type(s) selected above'
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD colspan="2">'
+ sendHtmlFormVar( formChWallType, 'class="full"' )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD>'
+ sendHtmlFormVar( formChWallAdd, 'class="full"' )
+ print ' </TD>'
+ print ' <TD>'
+ print ' Create a new type with the above name'
+ print ' </TD>'
+ print ' </TR>'
+
+ # Chinese Wall Conflict Sets...
+ print ' <TR>'
+ print ' <TD colspan="2">'
+ print ' <TABLE class="full">'
+ print ' <COLGROUP>'
+ print ' <COL width="20%">'
+ print ' <COL width="30%">'
+ print ' <COL width="50%">'
+ print ' </COLGROUP>'
+ print ' <THEAD>'
+ print ' <TR>'
+ print ' <TD align="center" colspan="3"><HR></TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD align="center" colspan="3">Chinese Wall Conflict
Sets</TD>'
+ print ' </TR>'
+ print ' </THEAD>'
+ print ' <TR>'
+ print ' <TD colspan="3">'
+ sendHtmlFormVar( formCSName, 'class="full"' )
+ sendHtmlFormVar( formCSNames )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD>'
+ sendHtmlFormVar( formCSAdd, 'class="full"' )
+ print ' </TD>'
+ print ' <TD colspan="2">'
+ print ' Create a new conflict set with the above name'
+ print ' </TD>'
+ print ' </TR>'
+ print ' </TABLE>'
+ print ' </TD>'
+ print ' </TR>'
+ if len( formCSNames[1] ) > 0:
+ print ' <TR>'
+ print ' <TD colspan="2">'
+ print ' '
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD colspan="2">'
+ print ' <TABLE class="fullbox">'
+ print ' <COLGROUP>'
+ print ' <COL width="50%">'
+ print ' <COL width="50%">'
+ print ' </COLGROUP>'
+ print ' <THEAD>'
+ print ' <TR>'
+ print ' <TD class="fullbox">Name</TD>'
+ print ' <TD class="fullbox">Actions</TD>'
+ print ' </TR>'
+ print ' </THEAD>'
+ for i, csName in enumerate( formCSNames[1] ):
+ print ' <TR>'
+ print ' <TD class="fullbox">' + csName +
'</TD>'
+ print ' <TD class="fullbox">'
+ print ' <A href="#' + csName + '">Edit</A>'
+ formVar = allCSDel[csName]
+ sendHtmlFormVar( formVar, 'class="link"' )
+ print ' </TD>'
+ print ' </TABLE>'
+ print ' </TD>'
+ print ' </TR>'
+ for csName in formCSNames[1]:
+ print ' <TR><TD colspan="2"><HR></TD></TR>'
+ print ' <TR>'
+ print ' <TD align="center" colspan="2"
class="heading"><A name="' + csName + '">Conflict Set: ' + csName + '</A></TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD colspan="2">'
+ formVar = allCSMTypes[csName];
+ sendHtmlFormVar( formVar, 'class="full" size="4"
multiple"' )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD>'
+ formVar = allCSMDel[csName]
+ sendHtmlFormVar( formVar, 'class="full"' )
+ print ' </TD>'
+ print ' <TD>'
+ print ' Delete the type(s) selected above'
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD colspan="2">'
+ ctSet = Set( formChWallTypes[1] )
+ csSet = Set( allCSMTypes[csName][1] )
+ formVar = allCSMType[csName]
+ formVar[1] = []
+ for chwallType in ctSet.difference( csSet ):
+ formVar[1].append( chwallType )
+ formVar[1].sort( )
+ sendHtmlFormVar( formVar, 'class="full" size="2"
multiple' )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD>'
+ formVar = allCSMAdd[csName]
+ sendHtmlFormVar( formVar, 'class="full"' )
+ print ' </TD>'
+ print ' <TD>'
+ print ' Add the type(s) selected above'
+ print ' </TD>'
+ print ' </TR>'
+
+ print '</TABLE>'
+
+def checkXmlData( ):
+ global xmlIncomplete
+
+ # Validate the Policy Header requirements
+ if ( len( formPolicyName[1] ) > 0 ) or ( len( formPolicyDate[1] ) > 0 ):
+ if ( len( formPolicyName[1] ) == 0 ) or ( len(
formPolicyDate[1] ) == 0 ):
+ msg = ''
+ msg = msg + 'The XML policy schema requires that the
Policy '
+ msg = msg + 'Information Name and Date fields both have
values '
+ msg = msg + 'or both not have values.'
+ formatXmlGenError( msg )
+
+ if formPolicyOrder[1] == 'v_ChWall':
+ if len( formChWallTypes[1] ) == 0:
+ msg = ''
+ msg = msg + 'You have specified the primary policy to
be '
+ msg = msg + 'Chinese Wall but have not created any
Chinese '
+ msg = msg + 'Wall types. Please create some Chinese
Wall '
+ msg = msg + 'types or change the primary policy.'
+ formatXmlGenError( msg )
+
+ if formPolicyOrder[1] == 'v_Ste':
+ if len( formSteTypes[1] ) == 0:
+ msg = ''
+ msg = msg + 'You have specified the primary policy to
be '
+ msg = msg + 'Simple Type Enforcement but have not
created '
+ msg = msg + 'any Simple Type Enforcement types. Please
create '
+ msg = msg + 'some Simple Type Enforcement types or
change the '
+ msg = msg + 'primary policy.'
+ formatXmlGenError( msg )
+
+ # Validate the Chinese Wall required data
+ if len( formChWallTypes[1] ) > 0:
+ if len( formCSNames[1] ) == 0:
+ msg = ''
+ msg = msg + 'The XML policy schema for the Chinese Wall
'
+ msg = msg + 'requires at least one Conflict Set be
defined.'
+ formatXmlGenError( msg )
+
+def sendXmlHeaders( ):
+ # HTML headers
+ print 'Content-Type: text/xml'
+ print 'Content-Disposition: attachment; filename=security_policy.xml'
+ print
+
+def sendPolicyXml( ):
+ print '<?xml version="1.0"?>'
+
+ print '<SecurityPolicyDefinition xmlns="http://www.ibm.com"'
+ print '
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"'
+ print ' xsi:schemaLocation="http://www.ibm.com
security_policy.xsd">'
+
+ # Policy header
+ sendPHeaderXml( )
+
+ # Policy (types)
+ sendPSteXml( )
+ sendPChWallXml( )
+
+ print '</SecurityPolicyDefinition>'
+
+def sendPHeaderXml( ):
+ global formPolicyName, formPolicyDate
+
+ # Policy header definition
+ if ( len( formPolicyName[1] ) > 0 ) or ( len( formPolicyDate[1] ) > 0 ):
+ print '<PolicyHeader>'
+ print ' <Name>' + formPolicyName[1] + '</Name>'
+ print ' <Date>' + formPolicyDate[1] + '</Date>'
+ print '</PolicyHeader>'
+
+def sendPSteXml( ):
+ global formPolicyOrder, formSteTypes
+
+ # Simple Type Enforcement...
+ if len( formSteTypes[1] ) == 0:
+ return
+
+ if formPolicyOrder[1] == 'v_Ste':
+ print '<SimpleTypeEnforcement
priority="PrimaryPolicyComponent">'
+ else:
+ print '<SimpleTypeEnforcement>'
+
+ print ' <SimpleTypeEnforcementTypes>'
+ for steType in formSteTypes[1]:
+ print ' <Type>' + steType + '</Type>'
+ print ' </SimpleTypeEnforcementTypes>'
+
+ print '</SimpleTypeEnforcement>'
+
+def sendPChWallXml( ):
+ global formPolicyOrder, formChWallTypes
+ global formCSNames, allCSMTypes
+
+ # Chinese Wall...
+ if len( formChWallTypes[1] ) == 0:
+ return
+
+ if formPolicyOrder[1] == 'v_ChWall':
+ print '<ChineseWall priority="PrimaryPolicyComponent">'
+ else:
+ print '<ChineseWall>'
+
+ print ' <ChineseWallTypes>'
+ for chWallType in formChWallTypes[1]:
+ print ' <Type>' + chWallType + '</Type>'
+ print ' </ChineseWallTypes>'
+
+ # Chinese Wall Conflict Sets...
+ print ' <ConflictSets>'
+ for cs in formCSNames[1]:
+ formVar = allCSMTypes[cs]
+ if len( formVar[1] ) == 0:
+ continue
+ print ' <Conflict name="' + cs + '">'
+ for csm in formVar[1]:
+ print ' <Type>' + csm + '</Type>'
+ print ' </Conflict>'
+ print ' </ConflictSets>'
+
+ print '</ChineseWall>'
+
+
+# Set up initial HTML variables
+headTitle = 'Xen Policy Generation'
+
+# Form variables
+# The format of these variables is as follows:
+# [ p0, p1, p2, p3, p4, p5 ]
+# p0 = input type
+# p1 = the current value of the variable
+# p2 = the hidden input name attribute
+# p3 = the name attribute
+# p4 = the value attribute
+# p5 = text to associate with the tag
+formPolicyName = [ 'text',
+ '',
+ 'h_policyName',
+ 'i_policyName',
+ '',
+ '',
+ ]
+formPolicyDate = [ 'text',
+ getCurrentTime( ),
+ 'h_policyDate',
+ 'i_policyDate',
+ '',
+ '',
+ ]
+formPolicyOrder = [ 'radiobutton-all',
+ 'v_ChWall',
+ 'h_policyOrder',
+ 'i_policyOrder',
+ [ 'v_Ste', 'v_ChWall' ],
+ [ 'Simple Type Enforcement', 'Chinese Wall' ],
+ ]
+formPolicyUpdate = [ 'button',
+ '',
+ '',
+ 'i_PolicyUpdate',
+ 'Update',
+ '',
+ ]
+
+formSteTypes = [ 'list',
+ [],
+ 'h_steTypes',
+ 'i_steTypes',
+ '',
+ '',
+ ]
+formSteDel = [ 'button',
+ '',
+ '',
+ 'i_steDel',
+ 'Delete',
+ '',
+ ]
+formSteType = [ 'text',
+ '',
+ '',
+ 'i_steType',
+ '',
+ '',
+ ]
+formSteAdd = [ 'button',
+ '',
+ '',
+ 'i_steAdd',
+ 'New',
+ '',
+ ]
+
+formChWallTypes = [ 'list',
+ [],
+ 'h_chwallTypes',
+ 'i_chwallTypes',
+ '',
+ '',
+ ]
+formChWallDel = [ 'button',
+ '',
+ '',
+ 'i_chwallDel',
+ 'Delete',
+ '',
+ ]
+formChWallType = [ 'text',
+ '',
+ '',
+ 'i_chwallType',
+ '',
+ '',
+ ]
+formChWallAdd = [ 'button',
+ '',
+ '',
+ 'i_chwallAdd',
+ 'New',
+ '',
+ ]
+
+formCSNames = [ '',
+ [],
+ 'h_csNames',
+ '',
+ '',
+ '',
+ ]
+formCSName = [ 'text',
+ '',
+ '',
+ 'i_csName',
+ '',
+ '',
+ ]
+formCSAdd = [ 'button',
+ '',
+ '',
+ 'i_csAdd',
+ 'New',
+ '',
+ ]
+
+formXmlGen = [ 'button',
+ '',
+ '',
+ 'i_xmlGen',
+ 'Generate XML',
+ '',
+ ]
+
+formDefaultButton = [ 'button',
+ '',
+ '',
+ 'i_defaultButton',
+ '.',
+ '',
+ ]
+
+# This is a set of templates used for each conflict set
+# Each conflict set is initially assigned these templates,
+# then each form attribute value is changed to append
+# "_conflict-set-name" for uniqueness
+templateCSDel = [ 'button',
+ '',
+ '',
+ 'i_csDel',
+ 'Delete',
+ '',
+ ]
+allCSDel = {};
+
+templateCSMTypes = [ 'list',
+ [],
+ 'h_csmTypes',
+ 'i_csmTypes',
+ '',
+ '',
+ ]
+templateCSMDel = [ 'button',
+ '',
+ '',
+ 'i_csmDel',
+ 'Delete',
+ '',
+ ]
+templateCSMType = [ 'list',
+ [],
+ '',
+ 'i_csmType',
+ '',
+ '',
+ ]
+templateCSMAdd = [ 'button',
+ '',
+ '',
+ 'i_csmAdd',
+ 'Add',
+ '',
+ ]
+allCSMTypes = {};
+allCSMDel = {};
+allCSMType = {};
+allCSMAdd = {};
+
+# A list of all form variables used for saving info across requests
+formVariables = [ formPolicyName,
+ formPolicyDate,
+ formPolicyOrder,
+ formSteTypes,
+ formChWallTypes,
+ formCSNames,
+ ]
+
+policyXml = ''
+xmlError = 0
+xmlIncomplete = 0
+xmlMessages = []
+
+
+# Extract any form data
+formData = cgi.FieldStorage( )
+
+# Process the form
+getSavedData( )
+processRequest( )
+
+if formData.has_key( formXmlGen[3] ):
+ # Generate and send the XML file
+ checkXmlData( )
+
+ if xmlIncomplete == 0:
+ sendXmlHeaders( )
+ sendPolicyXml( )
+
+if (not formData.has_key( formXmlGen[3] )) or (xmlIncomplete == 1 ):
+ # Send HTML to continue processing the form
+ sendHtmlHeaders( )
+ sendPolicyHtml( )
diff -r 8c5b7b6772ae -r 62d9ac63e7f5
tools/security/python/xensec_gen/cgi-bin/policylabel.cgi
--- /dev/null Tue Dec 13 18:08:17 2005
+++ b/tools/security/python/xensec_gen/cgi-bin/policylabel.cgi Tue Dec 13
18:08:26 2005
@@ -0,0 +1,1396 @@
+#!/usr/bin/python
+#
+# The Initial Developer of the Original Code is International
+# Business Machines Corporation. Portions created by IBM
+# Corporation are Copyright (C) 2005 International Business
+# Machines Corporation. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License,
+# or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import os
+import cgi
+import cgitb; cgitb.enable( )
+import time
+import xml.dom.minidom
+import xml.sax
+import xml.sax.handler
+from StringIO import StringIO
+from sets import Set
+
+def getSavedData( ):
+ global formData, policyXml, policyLabelXml
+ global formVariables, formVmNames
+ global allVmChWs, allVmStes
+
+ # Process the XML upload policy file
+ if formData.has_key( 'i_policy' ):
+ dataList = formData.getlist( 'i_policy' )
+ if len( dataList ) > 0:
+ policyXml = dataList[0].strip( )
+
+ # The XML upload policy file must be specified at the start
+ if formData.has_key( 'i_policyLabelCreate' ):
+ if policyXml == '':
+ msg = ''
+ msg = msg + 'A Policy file was not supplied. A Policy
file '
+ msg = msg + 'must be supplied in order to successfully
create '
+ msg = msg + 'a Policy Labeling file.'
+ formatXmlError( msg )
+
+ # Process the XML upload policy label file
+ if formData.has_key( 'i_policyLabel' ):
+ dataList = formData.getlist( 'i_policyLabel' )
+ if len( dataList ) > 0:
+ policyLabelXml = dataList[0].strip( )
+
+ # Process all the hidden input variables (if present)
+ for formVar in formVariables:
+ if formVar[2] == '':
+ continue
+
+ if formData.has_key( formVar[2] ):
+ dataList = formData.getlist( formVar[2] )
+ if len( dataList ) > 0:
+ if isinstance( formVar[1], list ):
+ exec 'formVar[1] = ' + dataList[0]
+ else:
+ formVar[1] = dataList[0]
+
+ # The form can contain any number of "Virtual Machines"
+ # so update the list of form variables to include
+ # each virtual machine (hidden input variable)
+ for vmName in formVmNames[1]:
+ newVm( vmName )
+
+ vmFormVar = allVmChWs[vmName]
+ if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ):
+ dataList = formData.getlist( vmFormVar[2] )
+ if len( dataList ) > 0:
+ if isinstance( vmFormVar[1], list ):
+ exec 'vmFormVar[1] = ' + dataList[0]
+ else:
+ vmFormVar[1] = dataList[0]
+
+ vmFormVar = allVmStes[vmName]
+ if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ):
+ dataList = formData.getlist( vmFormVar[2] )
+ if len( dataList ) > 0:
+ if isinstance( vmFormVar[1], list ):
+ exec 'vmFormVar[1] = ' + dataList[0]
+ else:
+ vmFormVar[1] = dataList[0]
+
+def getCurrentTime( ):
+ return time.strftime( '%Y-%m-%d %H:%M:%S', time.localtime( ) )
+
+def getName( domNode ):
+ nameNodes = domNode.getElementsByTagName( 'Name' )
+ if len( nameNodes ) == 0:
+ formatXmlError( '"<Name>" tag is missing' )
+ return None
+
+ name = ''
+ for childNode in nameNodes[0].childNodes:
+ if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+ name = name + childNode.data
+
+ return name
+
+def getDate( domNode ):
+ dateNodes = domNode.getElementsByTagName( 'Date' )
+ if len( dateNodes ) == 0:
+ formatXmlError( '"<Date>" tag is missing' )
+ return None
+
+ date = ''
+ for childNode in dateNodes[0].childNodes:
+ if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+ date = date + childNode.data
+
+ return date
+
+def getDefUrl( domNode ):
+ domNodes = domNode.getElementsByTagName( 'PolicyName' )
+ if len( domNodes ) == 0:
+ formatXmlError( '"<PolicyName>" tag is missing' )
+ return None
+
+ urlNodes = domNode.getElementsByTagName( 'Url' )
+ if len( urlNodes ) == 0:
+ formatXmlError( '"<Url>" tag is missing' )
+ return None
+
+ url = ''
+ for childNode in urlNodes[0].childNodes:
+ if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+ url = url + childNode.data
+
+ return url
+
+def getDefRef( domNode ):
+ domNodes = domNode.getElementsByTagName( 'PolicyName' )
+ if len( domNodes ) == 0:
+ formatXmlError( '"<PolicyName>" tag is missing' )
+ return None
+
+ refNodes = domNode.getElementsByTagName( 'Reference' )
+ if len( refNodes ) == 0:
+ formatXmlError( '"<Reference>" tag is missing' )
+ return None
+
+ ref = ''
+ for childNode in refNodes[0].childNodes:
+ if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+ ref = ref + childNode.data
+
+ return ref
+
+def getSteTypes( domNode, missingIsError = 0 ):
+ steNodes = domNode.getElementsByTagName( 'SimpleTypeEnforcementTypes' )
+ if len( steNodes ) == 0:
+ if missingIsError == 1:
+ formatXmlError( '"<SimpleTypeEnforcementTypes>" tag is
missing' )
+ return None
+ else:
+ return []
+
+ return getTypes( steNodes[0] )
+
+def getChWTypes( domNode, missingIsError = 0 ):
+ chwNodes = domNode.getElementsByTagName( 'ChineseWallTypes' )
+ if len( chwNodes ) == 0:
+ if missingIsError == 1:
+ formatXmlError( '"<ChineseWallTypes>" tag is missing' )
+ return None
+ else:
+ return []
+
+ return getTypes( chwNodes[0] )
+
+def getTypes( domNode ):
+ types = []
+
+ domNodes = domNode.getElementsByTagName( 'Type' )
+ if len( domNodes ) == 0:
+ formatXmlError( '"<Type>" tag is missing' )
+ return None
+
+ for domNode in domNodes:
+ typeText = ''
+ for childNode in domNode.childNodes:
+ if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+ typeText = typeText + childNode.data
+
+ if typeText == '':
+ formatXmlError( 'No text associated with the "<Type>"
tag' )
+ return None
+
+ types.append( typeText )
+
+ return types
+
+def formatXmlError( msg, xml = '', lineNum = -1, colNum = -1 ):
+ global xmlMessages, xmlError
+
+ xmlError = 1
+ addMsg = cgi.escape( msg )
+
+ if lineNum != -1:
+ sio = StringIO( xml )
+ for xmlLine in sio:
+ lineNum = lineNum - 1
+ if lineNum == 0:
+ break;
+
+ addMsg += '<BR><PRE>' + cgi.escape( xmlLine.rstrip( ) )
+
+ if colNum != -1:
+ errLine = ''
+ for i in range( colNum ):
+ errLine = errLine + '-'
+
+ addMsg += '\n' + errLine + '^'
+
+ addMsg += '</PRE>'
+
+ xmlMessages.append( addMsg )
+
+def formatXmlGenError( msg ):
+ global xmlMessages, xmlIncomplete
+
+ xmlIncomplete = 1
+ xmlMessages.append( cgi.escape( msg ) )
+
+def parseXml( xmlInput ):
+ global xmlMessages, xmlError, xmlLine, xmlColumn
+
+ xmlParser = xml.sax.make_parser( )
+ try:
+ domDoc = xml.dom.minidom.parseString( xmlInput, xmlParser )
+
+ except xml.sax.SAXParseException, xmlErr:
+ msg = ''
+ msg = msg + 'XML parsing error occurred at line '
+ msg = msg + `xmlErr.getLineNumber( )`
+ msg = msg + ', column '
+ msg = msg + `xmlErr.getColumnNumber( )`
+ msg = msg + ': reason = "'
+ msg = msg + xmlErr.getMessage( )
+ msg = msg + '"'
+ formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ),
xmlErr.getColumnNumber( ) )
+ return None
+
+ except xml.sax.SAXException, xmlErr:
+ msg = ''
+ msg = msg + 'XML Parsing error: ' + `xmlErr`
+ formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ),
xmlErr.getColumnNumber( ) )
+ return None
+
+ return domDoc
+
+def parsePolicyXml( ):
+ global policyXml
+ global formSteTypes, formChWallTypes
+
+ domDoc = parseXml( policyXml )
+ if domDoc == None:
+ return
+
+ domRoot = domDoc.documentElement
+ domNodes = domRoot.getElementsByTagName( 'SimpleTypeEnforcement' )
+ if len( domNodes ) > 0:
+ steTypes = getSteTypes( domNodes[0], 1 )
+ if steTypes == None:
+ msg = ''
+ msg = msg + 'Error processing the SimpleTypeEnforcement
types.\n'
+ msg = msg + 'Please validate the Policy Definition file
used.'
+ formatXmlError( msg )
+ return
+
+ formSteTypes[1] = steTypes
+
+ domNodes = domRoot.getElementsByTagName( 'ChineseWall' )
+ if len( domNodes ) > 0:
+ chwTypes = getChWTypes( domNodes[0], 1 )
+ if chwTypes == None:
+ msg = ''
+ msg = msg + 'Error processing the ChineseWall types.\n'
+ msg = msg + 'Please validate the Policy Definition file
used.'
+ formatXmlError( msg )
+ return
+
+ formChWallTypes[1] = chwTypes
+
+def parsePolicyLabelXml( ):
+ global policyLabelXml
+
+ domDoc = parseXml( policyLabelXml )
+ if domDoc == None:
+ return
+
+ domRoot = domDoc.documentElement
+ domHeaders = domRoot.getElementsByTagName( 'LabelHeader' )
+ if len( domHeaders ) == 0:
+ msg = ''
+ msg = msg + '"<LabelHeader>" tag is missing.\n'
+ msg = msg + 'Please validate the Policy Labeling file used.'
+ formatXmlError( msg )
+ return
+
+ pName = getName( domHeaders[0] )
+ if pName == None:
+ msg = ''
+ msg = msg + 'Error processing the Policy Labeling header
information.\n'
+ msg = msg + 'Please validate the Policy Labeling file used.'
+ formatXmlError( msg )
+ return
+
+ formPolicyLabelName[1] = pName
+
+ pDate = getDate( domHeaders[0] )
+ if pDate == None:
+ msg = ''
+ msg = msg + 'Error processing the Policy Labeling header
information.\n'
+ msg = msg + 'Please validate the Policy Labeling file used.'
+ formatXmlError( msg )
+ return
+
+ formPolicyLabelDate[1] = pDate
+
+ pUrl = getDefUrl( domHeaders[0] )
+ if pUrl == None:
+ msg = ''
+ msg = msg + 'Error processing the Policy Labeling header
information.\n'
+ msg = msg + 'Please validate the Policy Labeling file used.'
+ formatXmlError( msg )
+ return
+
+ formPolicyUrl[1] = pUrl
+
+ pRef = getDefRef( domHeaders[0] )
+ if pRef == None:
+ msg = ''
+ msg = msg + 'Error processing the Policy Labeling header
information.\n'
+ msg = msg + 'Please validate the Policy Labeling file used.'
+ formatXmlError( msg )
+ return
+
+ formPolicyRef[1] = pRef
+
+ domSubjects = domRoot.getElementsByTagName( 'SubjectLabels' )
+ if len( domSubjects ) > 0:
+ formVmNameDom0[1] = domSubjects[0].getAttribute( 'bootstrap' )
+ domNodes = domSubjects[0].getElementsByTagName(
'VirtualMachineLabel' )
+ for domNode in domNodes:
+ vmName = getName( domNode )
+ if vmName == None:
+ msg = ''
+ msg = msg + 'Error processing the
VirtualMachineLabel name.\n'
+ msg = msg + 'Please validate the Policy
Labeling file used.'
+ formatXmlError( msg )
+ continue
+
+ steTypes = getSteTypes( domNode )
+ if steTypes == None:
+ msg = ''
+ msg = msg + 'Error processing the
SimpleTypeEnforcement types.\n'
+ msg = msg + 'Please validate the Policy
Labeling file used.'
+ formatXmlError( msg )
+ return
+
+ chwTypes = getChWTypes( domNode )
+ if chwTypes == None:
+ msg = ''
+ msg = msg + 'Error processing the ChineseWall
types.\n'
+ msg = msg + 'Please validate the Policy
Labeling file used.'
+ formatXmlError( msg )
+ return
+
+ newVm( vmName, 1 )
+ allVmStes[vmName][1] = steTypes
+ allVmChWs[vmName][1] = chwTypes
+
+def removeDups( curList ):
+ newList = []
+ curSet = Set( curList )
+ for x in curSet:
+ newList.append( x )
+ newList.sort( )
+
+ return newList
+
+def newVm( vmName, addToList = 0 ):
+ global formVmNames
+ global templateVmDel, allVmDel, templateVmDom0, allVmDom0
+ global templateVmChWs, templateVmChWDel, templateVmChW, templateVmChWAdd
+ global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd
+ global templateVmStes, templateVmSteDel, templateVmSte, templateVmSteAdd
+ global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd
+
+ # Make sure we have an actual name and check one of the 'all'
+ # variables to be sure it hasn't been previously defined
+ if (len( vmName ) > 0) and (not allVmDom0.has_key( vmName )):
+ vmSuffix = '_' + vmName
+ allVmDom0[vmName] = modFormTemplate( templateVmDom0,
vmSuffix )
+ allVmDel[vmName] = modFormTemplate( templateVmDel,
vmSuffix )
+ allVmChWs[vmName] = modFormTemplate( templateVmChWs,
vmSuffix )
+ allVmChWDel[vmName] = modFormTemplate( templateVmChWDel,
vmSuffix )
+ allVmChW[vmName] = modFormTemplate( templateVmChW,
vmSuffix )
+ allVmChWAdd[vmName] = modFormTemplate( templateVmChWAdd,
vmSuffix )
+ allVmStes[vmName] = modFormTemplate( templateVmStes,
vmSuffix )
+ allVmSteDel[vmName] = modFormTemplate( templateVmSteDel,
vmSuffix )
+ allVmSte[vmName] = modFormTemplate( templateVmSte,
vmSuffix )
+ allVmSteAdd[vmName] = modFormTemplate( templateVmSteAdd,
vmSuffix )
+ if addToList == 1:
+ formVmNames[1].append( vmName )
+ formVmNames[1] = removeDups( formVmNames[1] )
+
+def updateInfo( ):
+ global formData, formPolicyLabelName, formPolicyLabelDate
+ global formPolicyUrl, formPolicyRef
+
+ if formData.has_key( formPolicyLabelName[3] ):
+ formPolicyLabelName[1] = formData[formPolicyLabelName[3]].value
+ elif formData.has_key( formPolicyLabelUpdate[3] ):
+ formPolicyLabelName[1] = ''
+
+ if formData.has_key( formPolicyLabelDate[3] ):
+ formPolicyLabelDate[1] = formData[formPolicyLabelDate[3]].value
+ elif formData.has_key( formPolicyLabelUpdate[3] ):
+ formPolicyLabelDate[1] = ''
+
+ if formData.has_key( formPolicyUrl[3] ):
+ formPolicyUrl[1] = formData[formPolicyUrl[3]].value
+ elif formData.has_key( formPolicyLabelUpdate[3] ):
+ formPolicyUrl[1] = ''
+
+ if formData.has_key( formPolicyRef[3] ):
+ formPolicyRef[1] = formData[formPolicyRef[3]].value
+ elif formData.has_key( formPolicyLabelUpdate[3] ):
+ formPolicyRef[1] = ''
+
+def addVm( ):
+ global formData, fromVmName, formVmNames, formVmNameDom0
+
+ if (formData.has_key( formDefaultButton[3] )) or (formData.has_key(
formVmAdd[3] )):
+ if formData.has_key( formVmName[3] ):
+ vmName = formData[formVmName[3]].value
+ vmName = vmName.strip( )
+ newVm( vmName, 1 )
+ if formVmNameDom0[1] == '':
+ formVmNameDom0[1] = vmName
+
+def delVm( vmName ):
+ global formVmNames, formVmNameDom0
+ global allVmDel, allVmDom0
+ global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd
+ global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd
+
+ vmName = vmName.strip( )
+ formVmNames[1].remove( vmName )
+ del allVmDom0[vmName]
+ del allVmDel[vmName]
+ del allVmChWs[vmName]
+ del allVmChWDel[vmName]
+ del allVmChW[vmName]
+ del allVmChWAdd[vmName]
+ del allVmStes[vmName]
+ del allVmSteDel[vmName]
+ del allVmSte[vmName]
+ del allVmSteAdd[vmName]
+
+ if formVmNameDom0[1] == vmName:
+ if len( formVmNames[1] ) > 0:
+ formVmNameDom0[1] = formVmNames[1][0]
+ else:
+ formVmNameDom0[1] = ''
+
+def makeVmDom0( vmName ):
+ global formVmNameDom0
+
+ vmName = vmName.strip( )
+ formVmNameDom0[1] = vmName
+
+def addVmChW( chwName ):
+ global formData, allVmChW, allVmChWs
+
+ formVar = allVmChW[chwName]
+ if formData.has_key( formVar[3] ):
+ chwList = formData.getlist( formVar[3] )
+ formVar = allVmChWs[chwName]
+ for chw in chwList:
+ chw = chw.strip( )
+ formVar[1].append( chw )
+ formVar[1] = removeDups( formVar[1] )
+
+def delVmChW( chwName ):
+ global formData, allVmChWs
+
+ formVar = allVmChWs[chwName]
+ if formData.has_key( formVar[3] ):
+ chwList = formData.getlist( formVar[3] )
+ for chw in chwList:
+ chw = chw.strip( )
+ formVar[1].remove( chw )
+
+def addVmSte( steName ):
+ global formData, allVmSte, allVmStes
+
+ formVar = allVmSte[steName]
+ if formData.has_key( formVar[3] ):
+ steList = formData.getlist( formVar[3] )
+ formVar = allVmStes[steName]
+ for ste in steList:
+ ste = ste.strip( )
+ formVar[1].append( ste )
+ formVar[1] = removeDups( formVar[1] )
+
+def delVmSte( steName ):
+ global formData, allVmStes
+
+ formVar = allVmStes[steName]
+ if formData.has_key( formVar[3] ):
+ steList = formData.getlist( formVar[3] )
+ for ste in steList:
+ ste = ste.strip( )
+ formVar[1].remove( ste )
+
+def processRequest( ):
+ global formData, policyXml, policyLabelXml, formPolicyLabelUpdate
+ global formVmAdd
+ global formVmNames, allVmDel, allVmDom0
+ global allVmChWAdd, allVmChWDel, allVmSteAdd, allVmSteDel
+
+ if policyXml != '':
+ parsePolicyXml( )
+
+ if policyLabelXml != '':
+ parsePolicyLabelXml( )
+
+ # Allow the updating of the header information whenever
+ # an action is performed
+ updateInfo( )
+
+ # Allow the adding of labels if the user has hit the
+ # enter key when attempting to add a type/set
+ addVm( )
+
+ for vmName in formVmNames[1]:
+ if formData.has_key( allVmDel[vmName][3] ):
+ delVm( vmName )
+ continue
+
+ if formData.has_key( allVmDom0[vmName][3] ):
+ makeVmDom0( vmName )
+
+ if formData.has_key( allVmChWAdd[vmName][3] ):
+ addVmChW( vmName )
+
+ elif formData.has_key( allVmChWDel[vmName][3] ):
+ delVmChW( vmName )
+
+ elif formData.has_key( allVmSteAdd[vmName][3] ):
+ addVmSte( vmName )
+
+ elif formData.has_key( allVmSteDel[vmName][3] ):
+ delVmSte( vmName )
+
+def modFormTemplate( formTemplate, suffix ):
+ formVar = [x for x in formTemplate]
+
+ if formVar[2] != '':
+ formVar[2] = formVar[2] + suffix
+ if formVar[3] != '':
+ formVar[3] = formVar[3] + suffix
+ if (formVar[0] != 'button') and (formVar[4] != ''):
+ formVar[4] = formVar[4] + suffix
+
+ return formVar;
+
+def makeName( name, suffix='' ):
+ rName = name
+ if suffix != '':
+ rName = rName + '_' + suffix
+
+ return rName
+
+def makeNameAttr( name, suffix='' ):
+ return 'name="' + makeName( name, suffix ) + '"'
+
+def makeValue( value, suffix='' ):
+ rValue = value
+
+ if isinstance( value, list ):
+ rValue = '['
+ for val in value:
+ rValue = rValue + '\'' + val
+ if suffix != '':
+ rValue = rValue + '_' + suffix
+ rValue = rValue + '\','
+ rValue = rValue + ']'
+
+ else:
+ if suffix != '':
+ rValue = rValue + '_' + suffix
+
+ return rValue
+
+def makeValueAttr( value, suffix='' ):
+ return 'value="' + makeValue( value, suffix ) + '"'
+
+def sendHtmlFormVar( formVar, attrs='', rb_select=0 ):
+ nameAttr = ''
+ valueAttr = ''
+ htmlText = ''
+
+ if formVar[0] == 'text':
+ if formVar[3] != '':
+ nameAttr = makeNameAttr( formVar[3] )
+ valueAttr = makeValueAttr( formVar[1] )
+
+ print '<INPUT type="text"', nameAttr, valueAttr, attrs, '>'
+
+ elif formVar[0] == 'list':
+ if formVar[3] != '':
+ nameAttr = makeNameAttr( formVar[3] )
+
+ print '<SELECT', nameAttr, attrs, '>'
+ for option in formVar[1]:
+ print '<OPTION>' + option + '</OPTION>'
+ print '</SELECT>'
+
+ elif formVar[0] == 'button':
+ if formVar[3] != '':
+ nameAttr = makeNameAttr( formVar[3] )
+ if formVar[4] != '':
+ valueAttr = makeValueAttr( formVar[4] )
+
+ print '<INPUT type="submit"', nameAttr, valueAttr, attrs, '>'
+
+ elif formVar[0] == 'radiobutton':
+ if formVar[3] != '':
+ nameAttr = makeNameAttr( formVar[3] )
+ valueAttr = makeValueAttr( formVar[4][rb_select] )
+ htmlText = formVar[5][rb_select]
+ if formVar[4][rb_select] == formVar[1]:
+ checked = 'checked'
+ else:
+ checked = ''
+
+ print '<INPUT type="radio"', nameAttr, valueAttr,
attrs, checked, '>', htmlText
+
+ elif formVar[0] == 'radiobutton-all':
+ if formVar[3] != '':
+ nameAttr = makeNameAttr( formVar[3] )
+ buttonVals = formVar[4]
+ for i, buttonVal in enumerate( buttonVals ):
+ htmlText = ''
+ addAttrs = ''
+ checked = ''
+
+ valueAttr = makeValueAttr( buttonVal )
+ if formVar[5] != '':
+ htmlText = formVar[5][i]
+ if attrs != '':
+ addAttrs = attrs[i]
+ if buttonVal == formVar[1]:
+ checked = 'checked'
+
+ print '<INPUT type="radio"', nameAttr,
valueAttr, addAttrs, checked, '>', htmlText
+
+ if ( formVar[2] != '' ) and ( rb_select == 0 ):
+ nameAttr = makeNameAttr( formVar[2] )
+ valueAttr = makeValueAttr( formVar[1] )
+ print '<INPUT type="hidden"', nameAttr, valueAttr, '>'
+
+def sendHtmlHeaders( ):
+ # HTML headers
+ print 'Content-Type: text/html'
+ print
+
+def sendPolicyLabelHtml( ):
+ global xmlError, xmlIncomplete, xmlMessages, formXmlGen
+ global formVmNameDom0, formSteTypes, formChWallTypes
+
+ print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"'
+ print ' "http://www.w3.org/TR/html4/loose.dtd">'
+
+ print '<HTML>'
+
+ sendHtmlHead( )
+
+ print '<BODY>'
+
+ # An input XML file was specified that had errors, output the
+ # error information
+ if xmlError == 1:
+ print '<P>'
+ print 'An error has been encountered while processing the input'
+ print 'XML file:'
+ print '<UL>'
+ for msg in xmlMessages:
+ print '<LI>'
+ print msg
+ print '</UL>'
+ print '</BODY>'
+ print '</HTML>'
+ return
+
+ # When attempting to generate the XML output, all required data was not
+ # present, output the error information
+ if xmlIncomplete == 1:
+ print '<P>'
+ print 'An error has been encountered while validating the data'
+ print 'required for the output XML file:'
+ print '<UL>'
+ for msg in xmlMessages:
+ print '<LI>'
+ print msg
+ print '</UL>'
+ print '</BODY>'
+ print '</HTML>'
+ return
+
+ print '<CENTER>'
+ print '<FORM action="' + os.environ['SCRIPT_NAME'] + '" method="post">'
+ print '<TABLE class="container">'
+ print ' <COLGROUP>'
+ print ' <COL width="100%">'
+ print ' </COLGROUP>'
+
+ print ' <TR>'
+ print ' <TD>'
+ sendHtmlFormVar( formDefaultButton, 'class="hidden"' )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD>'
+ sendHtmlFormVar( formXmlGen )
+ print ' </TD>'
+ print ' </TR>'
+
+ # Policy Labeling header
+ print ' <TR>'
+ print ' <TD>'
+ sendPLHeaderHtml( )
+ print ' </TD>'
+ print ' </TR>'
+
+ # Separator
+ print ' <TR>'
+ print ' <TD>'
+ print ' <HR>'
+ print ' </TD>'
+ print ' </TR>'
+
+ # Policy Labels (vms)
+ print ' <TR>'
+ print ' <TD>'
+ print ' <TABLE class="full">'
+ print ' <TR>'
+ print ' <TD width="100%">'
+ sendPLSubHtml( )
+ print ' </TD>'
+ print ' </TR>'
+ print ' </TABLE>'
+ print ' </TD>'
+ print ' </TR>'
+
+ print '</TABLE>'
+
+ # Send some data that needs to be available across sessions
+ sendHtmlFormVar( formVmNameDom0 )
+ sendHtmlFormVar( formSteTypes )
+ sendHtmlFormVar( formChWallTypes )
+
+ print '</FORM>'
+ print '</CENTER>'
+
+ print '</BODY>'
+
+ print '</HTML>'
+
+def sendHtmlHead( ):
+ global headTitle
+
+ print '<HEAD>'
+ print '<STYLE type="text/css">'
+ print '<!--'
+ print 'BODY {background-color: #EEEEFF;}'
+ print 'TABLE.container {width: 90%; border: 1px solid black;
border-collapse: seperate;}'
+ print 'TABLE.full {width: 100%; border: 0px solid black;
border-collapse: collapse; border-spacing: 3px;}'
+ print 'TABLE.fullbox {width: 100%; border: 0px solid black;
border-collapse: collapse; border-spacing: 3px;}'
+ print 'THEAD {font-weight: bold; font-size: larger;}'
+ print 'TD {border: 0px solid black; vertical-align: top;}'
+ print 'TD.heading {border: 0px solid black; vertical-align: top;
font-weight: bold; font-size: larger;}'
+ print 'TD.subheading {border: 0px solid black; vertical-align: top;
font-size: smaller;}'
+ print 'TD.fullbox {border: 1px solid black; vertical-align: top;}'
+ print 'SELECT.full {width: 100%;}'
+ print 'INPUT.full {width: 100%;}'
+ print 'INPUT.link {cursor: pointer; background-color: #EEEEFF;
border: 0px; text-decoration: underline; color: blue;}'
+ print 'INPUT.hidden {visibility: hidden; width: 1px; height: 1px;}'
+ print ':link {color: blue;}'
+ print ':visited {color: red;}'
+ print '-->'
+ print '</STYLE>'
+ print '<TITLE>', headTitle, '</TITLE>'
+ print '</HEAD>'
+
+def sendPLHeaderHtml( ):
+ global formPolicyLabelName, formPolicyLabelDate
+ global formPolicyUrl, formPolicyRef
+ global formPolicyLabelUpdate
+
+ # Policy Labeling header definition
+ print '<TABLE class="full">'
+ print ' <COLGROUP>'
+ print ' <COL width="20%">'
+ print ' <COL width="80%">'
+ print ' </COLGROUP>'
+ print ' <TR>'
+ print ' <TD class="heading" align="center" colspan="2">Policy
Labeling Information</TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD align="right">Name:</TD>'
+ print ' <TD align="left">'
+ sendHtmlFormVar( formPolicyLabelName, 'class="full"' )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD align="right">Date:</TD>'
+ print ' <TD align="left">'
+ sendHtmlFormVar( formPolicyLabelDate, 'class="full"' )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD align="right">Policy URL:</TD>'
+ print ' <TD align="left">'
+ sendHtmlFormVar( formPolicyUrl, 'class="full"' )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD align="right">Policy Reference:</TD>'
+ print ' <TD align="left">'
+ sendHtmlFormVar( formPolicyRef, 'class="full"' )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD align="center" colspan="2">'
+ sendHtmlFormVar( formPolicyLabelUpdate )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD align="center" colspan="2" class="subheading">'
+ print ' (The Policy Labeling Information is updated whenever an
action is performed'
+ print ' or it can be updated separately using the "Update"
button)'
+ print ' </TD>'
+ print ' </TR>'
+ print '</TABLE>'
+
+def sendPLSubHtml( ):
+ global formVmNames, formVmDel, formVmName, formVmAdd
+ global allVmDel, allVmDom0
+ global allVmChWs, allVmChWDel, allVmChW, allVmChWAdd
+ global allVmStes, allVmSteDel, allVmSte, allVmSteAdd
+ global formSteTypes, formChWallTypes
+
+ print '<TABLE class="full">'
+ print ' <COLGROUP>'
+ print ' <COL width="100%">'
+ print ' </COLGROUP>'
+
+ # Virtual Machines...
+ print ' <TR>'
+ print ' <TD>'
+ print ' <TABLE class="full">'
+ print ' <COLGROUP>'
+ print ' <COL width="10%">'
+ print ' <COL width="40%">'
+ print ' <COL width="50%">'
+ print ' </COLGROUP>'
+ print ' <TR>'
+ print ' <TD class="heading" align="center" colspan="3">Virtual
Machine Classes</TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD colspan="2">'
+ sendHtmlFormVar( formVmName, 'class="full"' )
+ sendHtmlFormVar( formVmNames )
+ print ' </TD>'
+ print ' <TD> </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD>'
+ sendHtmlFormVar( formVmAdd, 'class="full"' )
+ print ' </TD>'
+ print ' <TD colspan="2">'
+ print ' Create a new VM class with the above name'
+ print ' </TD>'
+ print ' </TR>'
+ print ' </TABLE>'
+ print ' </TD>'
+ print ' </TR>'
+ if len( formVmNames[1] ) > 0:
+ print ' <TR>'
+ print ' <TD colspan="1">'
+ print ' '
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD>'
+ print ' <TABLE class="fullbox">'
+ print ' <COLGROUP>'
+ print ' <COL width="10%">'
+ print ' <COL width="40%">'
+ print ' <COL width="50%">'
+ print ' </COLGROUP>'
+ print ' <THEAD>'
+ print ' <TR>'
+ print ' <TD class="fullbox">Dom 0?</TD>'
+ print ' <TD class="fullbox">Name</TD>'
+ print ' <TD class="fullbox">Actions</TD>'
+ print ' </TR>'
+ print ' </THEAD>'
+ for i, vmName in enumerate( formVmNames[1] ):
+ print ' <TR>'
+ print ' <TD class="fullbox">'
+ if formVmNameDom0[1] == vmName:
+ print 'Yes'
+ else:
+ print ' '
+ print ' </TD>'
+ print ' <TD class="fullbox">' + vmName +
'</TD>'
+ print ' <TD class="fullbox">'
+ print ' <A href="#' + vmName + '">Edit</A>'
+ formVar = allVmDel[vmName]
+ sendHtmlFormVar( formVar, 'class="link"' )
+ formVar = allVmDom0[vmName]
+ sendHtmlFormVar( formVar, 'class="link"' )
+ print ' </TD>'
+ print ' </TR>'
+ print ' </TABLE>'
+ print ' </TD>'
+ print ' </TR>'
+ for vmName in formVmNames[1]:
+ print ' <TR>'
+ print ' <TD>'
+ print ' <HR>'
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD>'
+ print ' <TABLE class="full">'
+ print ' <COLGROUP>'
+ print ' <COL width="10%">'
+ print ' <COL width="39%">'
+ print ' <COL width="2%">'
+ print ' <COL width="10%">'
+ print ' <COL width="39%">'
+ print ' </COLGROUP>'
+ print ' <TR>'
+ print ' <TD colspan="5" align="center"
class="heading">'
+ print ' <A name="' + vmName + '">Virtual
Machine Class: ' + vmName + '</A>'
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD colspan="2" align="center">Simple
Type Enforcement Types</TD>'
+ print ' <TD> </TD>'
+ print ' <TD colspan="2" align="center">Chinese
Wall Types</TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD colspan="2">'
+ formVar = allVmStes[vmName];
+ sendHtmlFormVar( formVar, 'class="full" size="4"
multiple"' )
+ print ' </TD>'
+ print ' <TD> </TD>'
+ print ' <TD colspan="2">'
+ formVar = allVmChWs[vmName];
+ sendHtmlFormVar( formVar, 'class="full" size="4"
multiple"' )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD>'
+ formVar = allVmSteDel[vmName];
+ sendHtmlFormVar( formVar, 'class="full"' )
+ print ' </TD>'
+ print ' <TD>'
+ print ' Delete the type(s) selected above'
+ print ' </TD>'
+ print ' <TD> </TD>'
+ print ' <TD>'
+ formVar = allVmChWDel[vmName];
+ sendHtmlFormVar( formVar, 'class="full"' )
+ print ' </TD>'
+ print ' <TD>'
+ print ' Delete the type(s) selected above'
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD colspan="2">'
+ stSet = Set( formSteTypes[1] )
+ vmSet = Set( allVmStes[vmName][1] )
+ formVar = allVmSte[vmName]
+ formVar[1] = []
+ for steType in stSet.difference( vmSet ):
+ formVar[1].append( steType )
+ formVar[1].sort( )
+ sendHtmlFormVar( formVar, 'class="full" size="2"
multiple"' )
+ print ' </TD>'
+ print ' <TD> </TD>'
+ print ' <TD colspan="2">'
+ ctSet = Set( formChWallTypes[1] )
+ vmSet = Set( allVmChWs[vmName][1] )
+ formVar = allVmChW[vmName]
+ formVar[1] = []
+ for chwallType in ctSet.difference( vmSet ):
+ formVar[1].append( chwallType )
+ formVar[1].sort( )
+ sendHtmlFormVar( formVar, 'class="full" size="2"
multiple"' )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD>'
+ formVar = allVmSteAdd[vmName];
+ sendHtmlFormVar( formVar, 'class="full"' )
+ print ' </TD>'
+ print ' <TD>'
+ print ' Add the type(s) selected above'
+ print ' </TD>'
+ print ' <TD> </TD>'
+ print ' <TD>'
+ formVar = allVmChWAdd[vmName];
+ sendHtmlFormVar( formVar, 'class="full"' )
+ print ' </TD>'
+ print ' <TD>'
+ print ' Add the type(s) selected above'
+ print ' </TD>'
+ print ' </TR>'
+ print ' </TABLE>'
+ print ' </TD>'
+ print ' </TR>'
+
+ print '</TABLE>'
+
+def sendPLObjHtml( ):
+
+ # Resources...
+ print '<TABLE class="full">'
+ print ' <COLGROUP>'
+ print ' <COL width="60%">'
+ print ' <COL width="20%">'
+ print ' <COL width="20%">'
+ print ' </COLGROUP>'
+
+ print ' <TR>'
+ print ' <TD align="center" colspan="3"
class="heading">Resources</TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD colspan="2">'
+ #sendHtmlFormVar( formVmNames, 'class="full" size="4" multiple"' )
+ print ' </TD>'
+ print ' <TD>'
+ #sendHtmlFormVar( formVmDel, 'class="full"' )
+ print ' </TD>'
+ print ' </TR>'
+ print ' <TR>'
+ print ' <TD colspan="2">'
+ #sendHtmlFormVar( formVmName, 'class="full"' )
+ print ' </TD>'
+ print ' <TD>'
+ #sendHtmlFormVar( formVmAdd, 'class="full"' )
+ print ' </TD>'
+ print ' </TR>'
+ print '</TABLE>'
+
+def checkXmlData( ):
+ global xmlIncomplete
+
+ # Validate the Policy Label Header requirements
+ if ( len( formPolicyLabelName[1] ) == 0 ) or \
+ ( len( formPolicyLabelDate[1] ) == 0 ) or \
+ ( len( formPolicyUrl[1] ) == 0 ) or \
+ ( len( formPolicyRef[1] ) == 0 ):
+ msg = ''
+ msg = msg + 'The XML policy label schema requires that
the Policy '
+ msg = msg + 'Labeling Information Name, Date, Policy
URL and '
+ msg = msg + 'Policy Reference fields all have values.'
+ formatXmlGenError( msg )
+
+def sendXmlHeaders( ):
+ # HTML headers
+ print 'Content-Type: text/xml'
+ print 'Content-Disposition: attachment;
filename=security_label_template.xml'
+ print
+
+def sendPolicyLabelXml( ):
+ print '<?xml version="1.0"?>'
+
+ print '<SecurityLabelTemplate xmlns="http://www.ibm.com"'
+ print '
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"'
+ print ' xsi:schemaLocation="http://www.ibm.com
security_policy.xsd">'
+
+ # Policy Labeling header
+ sendPLHeaderXml( )
+
+ # Policy Labels (subjects and objects)
+ sendPLSubXml( )
+ #sendPLObjXml( )
+
+ print '</SecurityLabelTemplate>'
+
+def sendPLHeaderXml( ):
+ global formPolicyLabelName, formPolicyLabelDate
+ global formPolicyUrl, formPolicyRef
+
+ # Policy Labeling header definition
+ print '<LabelHeader>'
+ print ' <Name>' + formPolicyLabelName[1] + '</Name>'
+ print ' <Date>' + formPolicyLabelDate[1] + '</Date>'
+ print ' <PolicyName>'
+ print ' <Url>' + formPolicyUrl[1] + '</Url>'
+ print ' <Reference>' + formPolicyRef[1] + '</Reference>'
+ print ' </PolicyName>'
+ print '</LabelHeader>'
+
+def sendPLSubXml( ):
+ global formVmNames, allVmChWs, allVmStes
+
+ # Virtual machines...
+ if len( formVmNames[1] ) == 0:
+ return
+
+ print '<SubjectLabels bootstrap="' + formVmNameDom0[1] + '">'
+ for vmName in formVmNames[1]:
+ print ' <VirtualMachineLabel>'
+ print ' <Name>' + vmName + '</Name>'
+ formVar = allVmStes[vmName]
+ if len( formVar[1] ) > 0:
+ print ' <SimpleTypeEnforcementTypes>'
+ for ste in formVar[1]:
+ print ' <Type>' + ste + '</Type>'
+ print ' </SimpleTypeEnforcementTypes>'
+
+ formVar = allVmChWs[vmName]
+ if len( formVar[1] ) > 0:
+ print ' <ChineseWallTypes>'
+ for chw in formVar[1]:
+ print ' <Type>' + chw + '</Type>'
+ print ' </ChineseWallTypes>'
+
+ print ' </VirtualMachineLabel>'
+
+ print '</SubjectLabels>'
+
+
+# Set up initial HTML variables
+headTitle = 'Xen Policy Labeling Generation'
+
+# Form variables
+# The format of these variables is as follows:
+# [ p0, p1, p2, p3, p4, p5 ]
+# p0 = input type
+# p1 = the current value of the variable
+# p2 = the hidden input name attribute
+# p3 = the name attribute
+# p4 = the value attribute
+# p5 = text to associate with the tag
+formPolicyLabelName = [ 'text',
+ '',
+ 'h_policyLabelName',
+ 'i_policyLabelName',
+ '',
+ '',
+ ]
+formPolicyLabelDate = [ 'text',
+ getCurrentTime( ),
+ 'h_policyLabelDate',
+ 'i_policyLabelDate',
+ '',
+ '',
+ ]
+formPolicyUrl = [ 'text',
+ '',
+ 'h_policyUrl',
+ 'i_policyUrl',
+ '',
+ '',
+ ]
+formPolicyRef = [ 'text',
+ '',
+ 'h_policyRef',
+ 'i_policyRef',
+ '',
+ '',
+ ]
+formPolicyLabelUpdate = [ 'button',
+ '',
+ '',
+ 'i_PolicyLabelUpdate',
+ 'Update',
+ '',
+ ]
+
+formVmNames = [ '',
+ [],
+ 'h_vmNames',
+ '',
+ '',
+ '',
+ ]
+formVmDel = [ 'button',
+ '',
+ '',
+ 'i_vmDel',
+ 'Delete',
+ '',
+ ]
+formVmName = [ 'text',
+ '',
+ '',
+ 'i_vmName',
+ '',
+ '',
+ ]
+formVmAdd = [ 'button',
+ '',
+ '',
+ 'i_vmAdd',
+ 'New',
+ '',
+ ]
+
+formVmNameDom0 = [ '',
+ '',
+ 'h_vmDom0',
+ '',
+ '',
+ '',
+ ]
+
+formXmlGen = [ 'button',
+ '',
+ '',
+ 'i_xmlGen',
+ 'Generate XML',
+ '',
+ ]
+
+formDefaultButton = [ 'button',
+ '',
+ '',
+ 'i_defaultButton',
+ '.',
+ '',
+ ]
+
+formSteTypes = [ '',
+ [],
+ 'h_steTypes',
+ '',
+ '',
+ '',
+ ]
+formChWallTypes = [ '',
+ [],
+ 'h_chwallTypes',
+ '',
+ '',
+ '',
+ ]
+
+# This is a set of templates used for each virtual machine
+# Each virtual machine is initially assigned these templates,
+# then each form attribute value is changed to append
+# "_virtual-machine-name" for uniqueness.
+templateVmDel = [ 'button',
+ '',
+ '',
+ 'i_vmDel',
+ 'Delete',
+ '',
+ ]
+templateVmDom0 = [ 'button',
+ '',
+ '',
+ 'i_vmDom0',
+ 'SetDom0',
+ '',
+ ]
+allVmDel = {};
+allVmDom0 = {};
+
+templateVmChWs = [ 'list',
+ [],
+ 'h_vmChWs',
+ 'i_vmChWs',
+ '',
+ '',
+ ]
+templateVmChWDel = [ 'button',
+ '',
+ '',
+ 'i_vmChWDel',
+ 'Delete',
+ '',
+ ]
+templateVmChW = [ 'list',
+ [],
+ '',
+ 'i_vmChW',
+ '',
+ '',
+ ]
+templateVmChWAdd = [ 'button',
+ '',
+ '',
+ 'i_vmChWAdd',
+ 'Add',
+ '',
+ ]
+allVmChWs = {};
+allVmChWDel = {};
+allVmChW = {};
+allVmChWAdd = {};
+
+templateVmStes = [ 'list',
+ [],
+ 'h_vmStes',
+ 'i_vmStes',
+ '',
+ '',
+ ]
+templateVmSteDel = [ 'button',
+ '',
+ '',
+ 'i_vmSteDel',
+ 'Delete',
+ '',
+ ]
+templateVmSte = [ 'list',
+ [],
+ '',
+ 'i_vmSte',
+ '',
+ '',
+ ]
+templateVmSteAdd = [ 'button',
+ '',
+ '',
+ 'i_vmSteAdd',
+ 'Add',
+ '',
+ ]
+allVmStes = {};
+allVmSteDel = {};
+allVmSte = {};
+allVmSteAdd = {};
+
+# A list of all form variables used for saving info across requests
+formVariables = [ formPolicyLabelName,
+ formPolicyLabelDate,
+ formPolicyUrl,
+ formPolicyRef,
+ formVmNames,
+ formVmNameDom0,
+ formSteTypes,
+ formChWallTypes,
+ ]
+
+policyXml = ''
+policyLabelXml = ''
+xmlError = 0
+xmlIncomplete = 0
+xmlMessages = []
+
+
+# Extract any form data
+formData = cgi.FieldStorage( )
+
+# Process the form
+getSavedData( )
+processRequest( )
+
+if formData.has_key( formXmlGen[3] ):
+ # Generate and send the XML file
+ checkXmlData( )
+
+ if xmlIncomplete == 0:
+ sendXmlHeaders( )
+ sendPolicyLabelXml( )
+
+if (not formData.has_key( formXmlGen[3] )) or (xmlIncomplete == 1 ):
+ # Send HTML to continue processing the form
+ sendHtmlHeaders( )
+ sendPolicyLabelHtml( )
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 tools/security/python/xensec_gen/index.html
--- /dev/null Tue Dec 13 18:08:17 2005
+++ b/tools/security/python/xensec_gen/index.html Tue Dec 13 18:08:26 2005
@@ -0,0 +1,126 @@
+<!--
+ The Initial Developer of the Original Code is International
+ Business Machines Corporation. Portions created by IBM
+ Corporation are Copyright (C) 2005 International Business
+ Machines Corporation. All Rights Reserved.
+ -->
+
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+ <HEAD>
+ <META name="author" content="Tom Lendacky">
+ <META name="copyright" content="Copyright (C) 2005 International Business
Machines Corporation. All rights reserved">
+
+ <STYLE type="text/css">
+ <!--
+ BODY {background-color: #EEEEFF;}
+ TABLE.xen {width: 100%; border: 0px solid black;}
+ TD {border: 0px solid black;}
+ TD.heading {border: 0px solid black; font-weight: bold; font-size:
larger;}
+ -->
+ </STYLE>
+ <TITLE>Xen Security Policy Tool</TITLE>
+ </HEAD>
+
+ <BODY>
+ <H1>Xen Security Policy Generation Tool</H1>
+
+ <CENTER>
+ <FORM action="/cgi-bin/policy.cgi" method="post"
enctype="multipart/form-data">
+ <TABLE class="xen">
+ <COLGROUP>
+ <COL width="25%">
+ <COL width="20%">
+ <COL width="55%">
+ </COLGROUP>
+
+ <TR>
+ <TD valign="top" class="heading">
+ Security Policy
+ </TD>
+ <TD valign="top" colspan="2">
+ To generate a new Xen Security Policy leave the
+ <B>"Policy File"</B> entry field
+ empty and click the "Create" button.<BR>
+ To modify an existing Xen Security Policy enter the
+ file name containing the policy in the
+ <B>"Policy File"</B> entry field
+ and click the "Create" button.<HR>
+ </TD>
+ </TR>
+ <TR>
+ <TD></TD>
+ <TD>
+ Policy File:
+ </TD>
+ <TD>
+ <INPUT type="file" size="50" name="i_policy">
+ </TD>
+ </TR>
+ <TR>
+ <TD></TD>
+ <TD valign="top">
+ <INPUT type="submit" name="i_policyCreate" value="Create">
+ </TD>
+ <TD></TD>
+ </TR>
+ </TABLE>
+ </FORM>
+
+ <FORM action="/cgi-bin/policylabel.cgi" method="post"
enctype="multipart/form-data">
+ <TABLE class="xen">
+ <COLGROUP>
+ <COL width="25%">
+ <COL width="20%">
+ <COL width="55%">
+ </COLGROUP>
+
+ <TR>
+ <TD valign="top" class="heading">
+ Security Policy Labeling
+ </TD>
+ <TD valign="top" colspan="2">
+ To generate or edit the Xen Security Policy Labeling you <B>must</B>
+ specify the name of
+ an existing Xen Security Policy file in the
+ <B>"Policy File"</B> entry field.<BR>
+ To generate new Xen Security Policy Labeling leave the
+ <B>"Policy Labeling File"</B> entry field
+ empty and click the "Create" button.<BR>
+ To modify existing Xen Security Policy Labeling enter the
+ file name containing the labeling in the
+ <B>"Policy Labeling File"</B> entry field
+ and click the "Create" button.<HR>
+ </TD>
+ </TR>
+ <TR>
+ <TD></TD>
+ <TD>
+ Policy File:
+ </TD>
+ <TD>
+ <INPUT type="file" size="50" name="i_policy">
+ </TD>
+ </TR>
+ <TR>
+ <TD></TD>
+ <TD>
+ Policy Labeling File:
+ </TD>
+ <TD>
+ <INPUT type="file" size="50" name="i_policyLabel">
+ </TD>
+ </TR>
+ <TR>
+ <TD></TD>
+ <TD valign="top">
+ <INPUT type="submit" name="i_policyLabelCreate" value="Create">
+ </TD>
+ <TD></TD>
+ </TR>
+ </TABLE>
+ </FORM>
+ </CENTER>
+ </BODY>
+</HTML>
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 tools/security/python/xensec_gen/main.py
--- /dev/null Tue Dec 13 18:08:17 2005
+++ b/tools/security/python/xensec_gen/main.py Tue Dec 13 18:08:26 2005
@@ -0,0 +1,185 @@
+#!/usr/bin/python
+#
+# The Initial Developer of the Original Code is International
+# Business Machines Corporation. Portions created by IBM
+# Corporation are Copyright (C) 2005 International Business
+# Machines Corporation. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License,
+# or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+"""Xen security policy generation aid
+"""
+
+import os
+import pwd
+import grp
+import sys
+import getopt
+import BaseHTTPServer
+import CGIHTTPServer
+
+
+gHttpPort = 7777
+gHttpDir = '/var/lib/xensec_gen'
+gLogFile = '/var/log/xensec_gen.log'
+gUser = 'nobody'
+gGroup = 'nobody'
+
+def usage( ):
+ print >>sys.stderr, 'Usage: ' + sys.argv[0] + ' [OPTIONS]'
+ print >>sys.stderr, ' OPTIONS:'
+ print >>sys.stderr, ' -p, --httpport'
+ print >>sys.stderr, ' The port on which the http server is to
listen'
+ print >>sys.stderr, ' (default: ' + str( gHttpPort ) + ')'
+ print >>sys.stderr, ' -d, --httpdir'
+ print >>sys.stderr, ' The directory where the http server is to
serve pages from'
+ print >>sys.stderr, ' (default: ' + gHttpDir + ')'
+ print >>sys.stderr, ' -l, --logfile'
+ print >>sys.stderr, ' The file in which to log messages generated
by this command'
+ print >>sys.stderr, ' (default: ' + gLogFile + ')'
+ print >>sys.stderr, ' -u, --user'
+ print >>sys.stderr, ' The user under which this command is to run.
This parameter'
+ print >>sys.stderr, ' is only used when invoked under the "root"
user'
+ print >>sys.stderr, ' (default: ' + gUser + ')'
+ print >>sys.stderr, ' -g, --group'
+ print >>sys.stderr, ' The group under which this command is to run.
This parameter'
+ print >>sys.stderr, ' is only used when invoked under the "root"
user'
+ print >>sys.stderr, ' (default: ' + gGroup + ')'
+ print >>sys.stderr, ' -f'
+ print >>sys.stderr, ' Run the command in the foreground. The
logfile option will be'
+ print >>sys.stderr, ' ignored and all output will be directed to
stdout and stderr.'
+ print >>sys.stderr, ' -h, --help'
+ print >>sys.stderr, ' Display the command usage information'
+
+def runServer( aServerPort,
+ aServerClass = BaseHTTPServer.HTTPServer,
+ aHandlerClass = CGIHTTPServer.CGIHTTPRequestHandler ):
+ serverAddress = ( '', aServerPort )
+ httpd = aServerClass( serverAddress, aHandlerClass )
+ httpd.serve_forever( )
+
+def daemonize( aHttpDir, aLogFile, aUser, aGroup, aFork = 'true' ):
+ # Do some pre-daemon activities
+ os.umask( 027 )
+ if os.getuid( ) == 0:
+ # If we are running as root, we will change that
+ uid = pwd.getpwnam( aUser )[2]
+ gid = grp.getgrnam( aGroup )[2]
+
+ if aFork == 'true':
+ # Change the owner of the log file to the user/group
+ # under which the daemon is to run
+ flog = open( aLogFile, 'a' )
+ flog.close( )
+ os.chown( aLogFile, uid, gid )
+
+ # Change the uid/gid of the process
+ os.setgid( gid )
+ os.setuid( uid )
+
+ # Change to the HTTP directory
+ os.chdir( aHttpDir )
+
+ if aFork == 'true':
+ # Do first fork
+ try:
+ pid = os.fork( )
+ if pid:
+ # Parent process
+ return pid
+
+ except OSError, e:
+ raise Exception, e
+
+ # First child process, create a new session
+ os.setsid( )
+
+ # Do second fork
+ try:
+ pid = os.fork( )
+ if pid:
+ # Parent process
+ os._exit( 0 )
+
+ except OSError, e:
+ raise Exception, e
+
+ # Reset stdin/stdout/stderr
+ fin = open( '/dev/null', 'r' )
+ flog = open( aLogFile, 'a' )
+ os.dup2( fin.fileno( ), sys.stdin.fileno( ) )
+ os.dup2( flog.fileno( ), sys.stdout.fileno( ) )
+ os.dup2( flog.fileno( ), sys.stderr.fileno( ) )
+
+def main( ):
+ httpPort = gHttpPort
+ httpDir = gHttpDir
+ logFile = gLogFile
+ user = gUser
+ group = gGroup
+ doFork = 'true'
+
+ shortOpts = 'd:p:l:u:g:fh'
+ longOpts = [ 'httpdir=', 'httpport=', 'logfile=', 'user=', 'group=',
'help' ]
+ try:
+ opts, args = getopt.getopt( sys.argv[1:], shortOpts, longOpts )
+
+ except getopt.GetoptError, e:
+ print >>sys.stderr, e
+ usage( )
+ sys.exit( )
+
+ if len( args ) != 0:
+ print >>sys.stderr, 'Error: command arguments are not supported'
+ usage( )
+ sys.exit( )
+
+ for opt, opt_value in opts:
+ if opt in ( '-h', '--help' ):
+ usage( )
+ sys.exit( )
+
+ if opt in ( '-d', '--httpdir' ):
+ httpDir = opt_value
+
+ if opt in ( '-p', '--httpport' ):
+ try:
+ httpPort = int( opt_value )
+ except:
+ print >>sys.stderr, 'Error: HTTP port is not
valid'
+ usage( )
+ sys.exit( )
+
+ if opt in ( '-l', '--logfile' ):
+ logFile = opt_value
+
+ if opt in ( '-u', '--user' ):
+ user = opt_value
+
+ if opt in ( '-g', '--group' ):
+ group = opt_value
+
+ if opt in ( '-f' ):
+ doFork = 'false'
+
+ pid = daemonize( httpDir, logFile, user, group, doFork )
+ if pid > 0:
+ sys.exit( )
+
+ runServer( httpPort )
+
+if __name__ == '__main__':
+ main( )
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 tools/security/xensec_gen.py
--- /dev/null Tue Dec 13 18:08:17 2005
+++ b/tools/security/xensec_gen.py Tue Dec 13 18:08:26 2005
@@ -0,0 +1,26 @@
+#!/usr/bin/python
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License,
+# or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import sys
+
+# Add fallback path for non-native python path installs if needed
+sys.path.append( '/usr/lib/python' )
+sys.path.append( '/usr/lib64/python' )
+
+from xen.xensec_gen import main
+
+main.main( )
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|