WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] [PATCH][ACM] New XML policy generation tool

To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] [PATCH][ACM] New XML policy generation tool
From: Tom Lendacky <toml@xxxxxxxxxx>
Date: Mon, 12 Dec 2005 13:16:04 -0600
Cc: stefanb@xxxxxxxxxx, sailer@xxxxxxxxxx
Delivery-date: Mon, 12 Dec 2005 19:20:34 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Organization: IBM Corporation
Reply-to: toml@xxxxxxxxxx
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
I am submitting a patch (both in-line and as an attachment) for a new
tool for inclusion in the Xen ACM security tools.  This new tool
provides support to aid in the creation/generation of the XML security
policy files for the Xen ACM security architecture.  It is a python-
based, web-based tool named xensec_gen that allows users to create or
modify XML policy files through a browser.  The resulting XML policy
files can then be copied or moved to the appropriate location in
the /etc/xen/acm-security directory structure in order to be translated
into binary and used within the Xen system.

Signed-off-by: Tom Lendacky <toml@xxxxxxxxxx>

Regards,
Tom



# HG changeset patch
# User toml@xxxxxxxxxxxxxxxxxxxxx
# Node ID db5feb4ccc139017454bab0200ebbda988ef033f
# Parent  bdcb115c667a12a5514517456639142c1273b0f1


Addition of the xensec_gen tool, a web-based tool to aid in the
creation/generation of security policy files for the Xen ACM
security architecture.

diff -r bdcb115c667a -r db5feb4ccc13 tools/security/Makefile
--- a/tools/security/Makefile   Sat Dec 10 23:20:08 2005
+++ b/tools/security/Makefile   Mon Dec 12 19:10:23 2005
@@ -35,7 +35,7 @@
 SRCS_GETD     = get_decision.c
 OBJS_GETD    := $(patsubst %.c,%.o,$(filter %.c,$(SRCS_GETD)))
 
-ACM_INST_TOOLS    = xensec_tool xensec_xml2bin
+ACM_INST_TOOLS    = xensec_tool xensec_xml2bin xensec_gen
 ACM_NOINST_TOOLS  = get_decision
 ACM_OBJS          = $(OBJS_TOOL) $(OBJS_XML2BIN) $(OBJS_GETD)
 ACM_SCRIPTS       = getlabel.sh setlabel.sh updategrub.sh labelfuncs.sh
@@ -43,6 +43,12 @@
 ACM_CONFIG_DIR    = /etc/xen/acm-security
 ACM_POLICY_DIR    = $(ACM_CONFIG_DIR)/policies
 ACM_SCRIPT_DIR    = $(ACM_CONFIG_DIR)/scripts
+
+ACM_INST_HTML     = python/xensec_gen/index.html
+ACM_INST_CGI      = python/xensec_gen/cgi-bin/policy.cgi \
+                    python/xensec_gen/cgi-bin/policylabel.cgi
+ACM_SECGEN_HTMLDIR= /var/lib/xensec_gen
+ACM_SECGEN_CGIDIR = $(ACM_SECGEN_HTMLDIR)/cgi-bin
 
 ACM_SCHEMA        = security_policy.xsd
 ACM_EXAMPLES      = null chwall ste chwall_ste
@@ -65,6 +71,15 @@
        done
        $(INSTALL_DIR) -p $(DESTDIR)$(ACM_SCRIPT_DIR)
        $(INSTALL_PROG) -p $(ACM_SCRIPTS) $(DESTDIR)$(ACM_SCRIPT_DIR)
+       $(INSTALL_DIR) -p $(DESTDIR)$(ACM_SECGEN_HTMLDIR)
+       $(INSTALL_DATA) -p $(ACM_INST_HTML) $(DESTDIR)$(ACM_SECGEN_HTMLDIR)
+       $(INSTALL_DIR) -p $(DESTDIR)$(ACM_SECGEN_CGIDIR)
+       $(INSTALL_PROG) -p $(ACM_INST_CGI) $(DESTDIR)$(ACM_SECGEN_CGIDIR)
+ifndef XEN_PYTHON_NATIVE_INSTALL
+       python python/setup.py install --home="$(DESTDIR)/usr"
+else
+       python python/setup.py install --root="$(DESTDIR)"
+endif
 else
 all:
 
@@ -72,22 +87,27 @@
 endif
 
 build: mk-symlinks $(ACM_INST_TOOLS) $(ACM_NOINST_TOOLS)
+       python python/setup.py build
        chmod 700 $(ACM_SCRIPTS)
 
 xensec_tool: $(OBJS_TOOL)
-       $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
+       $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
 
 xensec_xml2bin: $(OBJS_XML2BIN)
-       $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
+       $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
 
 get_decision: $(OBJS_GETD)
-       $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
+       $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
+
+xensec_gen: xensec_gen.py
+       cp -f $^ $@
 
 clean:
        $(RM) $(ACM_INST_TOOLS) $(ACM_NOINST_TOOLS)
        $(RM) $(ACM_OBJS)
        $(RM) $(PROG_DEPS)
        $(RM) -r xen
+       $(RM) -r build
 
 mrproper: clean
 
diff -r bdcb115c667a -r db5feb4ccc13 tools/security/example.txt
--- a/tools/security/example.txt        Sat Dec 10 23:20:08 2005
+++ b/tools/security/example.txt        Mon Dec 12 19:10:23 2005
@@ -271,3 +271,112 @@
 
 If you keep to the security policy schema, then you can use all the
 tools described above. Refer to install.txt to install it.
+
+You can hand-edit the xml files to create your policy or you can use the
+xensec_gen utility.
+
+
+5. Generating policy files using xensec_gen:
+============================================
+
+The xensec_gen utility starts a web-server that can be used to generate the
+XML policy files needed to create a policy.
+
+By default, xensec_gen runs as a daemon and listens on port 7777 for HTTP
+requests.  The xensec_gen command supports command line options to change the
+listen port, run in the foreground, and a few others.  Type 'xensec_gen -h'
+to see the full list of options available.
+
+Once the xensec_gen utility is running, point a browser at the host and port
+on which the utility is running (e.g. http://localhost:7777/).  You will be
+presented with a web page that allows you to create or modify the XML policy
+files:
+
+  - The Security Policy section allows you to create or modify a policy
+    definition file
+
+  - The Security Policy Labeling section allows you to create or modify a
+    label template definition file
+
+  Security Policy:
+  ----------------
+  The Security Policy section allows you to modify an existing policy 
definition
+  file or create a new policy definition file.  To modify an existing policy
+  definition, enter the full path to the existing file (the "Browse" button can
+  be used to aid in this) in the Policy File entry field.  To create a new
+  policy definition file leave the Policy File entry field blank.  At this 
point
+  click the "Create" button to begin modifying or creating your policy 
definition.
+
+  You will then be presented with a web page that will allow you to create 
either
+  Simple Type Enforcement types or Chinese Wall types or both.
+
+  As an example:
+    - To add a Simple Type Enforcement type:
+      - Enter the name of a new type under the Simple Type Enforcement Types
+        section in the entry field above the "New" button.
+      - Click the "New" button and the type will be added to the list of 
defined
+        Simple Type Enforcement types.
+    - To remove a Simple Type Enforcement type:
+      - Click on the type to be removed in the list of defined Simple Type
+        Enforcement types.
+      - Click the "Delete" button to remove the type.
+
+  Follow the same process to add Chinese Wall types.  If you define Chinese 
Wall
+  types you need to define at least one Chinese Wall Conflict Set.  The Chinese
+  Wall Conflict Set will allow you to add Chinese Wall types from the list of
+  defined Chinese Wall types.
+
+  To create your policy definition file, click on the "Generate XML" button on
+  the top of the page.  This will present you with a dialog box to save the
+  generated XML file on your system.  The default name will be 
security_policy.xml
+  which you should change to follow the policy file naming conventions based on
+  the policy name that you choose to use.
+
+  To get a feel for the tool, you could use one of the example policy 
definition
+  files from /etc/xen/acm-security/policies as input.
+
+
+  Security Policy Labeling:
+  -------------------------
+  The Security Policy Labeling section allows you to modify an existing label
+  template definition file or create a new label template definition file.  To
+  modify an existing label template definition, enter the full path to the
+  existing file (the "Browse" button can be used to aid in this) in the Policy
+  Labeling File entry field.  Whether creating a new label template definition
+  file or modifying an existing one, you will need to specify the policy
+  definition file that is or will be associated with this label template
+  definition file.  At this point click the "Create" button to begin modifying
+  or creating your label template definition file.
+
+  You will then be presented with a web page that will allow you to create 
labels
+  for classes of virtual machines.  The input policy definition file will 
provide
+  the available types (Simple Type Enforcement and/or Chinese Wall) that can be
+  assigned to a virtual machine class.
+
+  As an example:
+    - To add a Virtual Machine class (the name entered will become the label
+      that will be used to identify the class):
+      - Enter the name of a new class under the Virtual Machine Classes section
+        in the entry field above the "New" button.
+      - Click the "New" button and the class will be added to the table of 
defined
+        Virtual Machine classes.
+    - To remove a Virtual Machine class:
+      - Click the "Delete" link associated with the class in the table of 
Virtual
+        Machine classes.
+
+  Once you have defined one or more Virtual Machine classes, you will be able 
to
+  add any of the defined Simple Type Enforcement types or Chinese Wall types 
to a
+  particular Virtual Machine.
+
+  You must also define which Virtual Machine class is to be associated with the
+  bootstrap domain (or Dom0 domain).  By default, the first Virtual Machine 
class
+  created will be associated as the bootstrap domain.
+
+  To create your label template definition file, click on the "Generate XML" 
button
+  on the top of the page.  This will present you with a dialog box to save the
+  generated XML file on your system.  The default name will be
+  security_label_template.xml which you should change to follow the policy file
+  naming conventions based on the policy name that you choose to use.
+
+  To get a feel for the tool, you could use one of the example policy 
definition
+  and label template definition files from /etc/xen/acm-security/policies as 
input.
diff -r bdcb115c667a -r db5feb4ccc13 tools/security/python/setup.py
--- /dev/null   Sat Dec 10 23:20:08 2005
+++ b/tools/security/python/setup.py    Mon Dec 12 19:10:23 2005
@@ -0,0 +1,30 @@
+#!/usr/bin/python
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License,
+# or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+from distutils.core import setup
+import os
+
+# This setup script is invoked from the parent directory, so base
+#   everything as if executing from there.
+XEN_ROOT = "../.."
+
+setup(name            = 'xensec_gen',
+      version         = '3.0',
+      description     = 'Xen XML Security Policy Generator',
+      package_dir     = { 'xen' : 'python' },
+      packages        = ['xen.xensec_gen'],
+      )
diff -r bdcb115c667a -r db5feb4ccc13 
tools/security/python/xensec_gen/cgi-bin/policy.cgi
--- /dev/null   Sat Dec 10 23:20:08 2005
+++ b/tools/security/python/xensec_gen/cgi-bin/policy.cgi       Mon Dec 12 
19:10:23 2005
@@ -0,0 +1,1325 @@
+#!/usr/bin/python
+#
+# The Initial Developer of the Original Code is International
+# Business Machines Corporation. Portions created by IBM
+# Corporation are Copyright (C) 2005 International Business
+# Machines Corporation. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License,
+# or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import os
+import cgi
+import cgitb; cgitb.enable( )
+import time
+import xml.dom.minidom
+import xml.sax
+import xml.sax.handler
+from StringIO import StringIO
+from sets import Set
+
+def getSavedData( ):
+       global formData, policyXml, formVariables, formCSNames
+       global templateCSMTypes, templateCSMDel, templateCSMType, templateCSMAdd
+       global allCSMTypes
+
+       # Process the XML upload policy file
+       if formData.has_key( 'i_policy' ):
+               dataList = formData.getlist( 'i_policy' )
+               if len( dataList ) > 0:
+                       policyXml  = dataList[0]
+
+       # Process all the hidden input variables (if present)
+       for formVar in formVariables:
+               if formVar[2] == '':
+                       continue
+
+               if formData.has_key( formVar[2] ):
+                       dataList = formData.getlist( formVar[2] )
+                       if len( dataList ) > 0:
+                               if isinstance( formVar[1], list ):
+                                       exec 'formVar[1] = ' + dataList[0]
+                               else:
+                                       formVar[1] = dataList[0]
+
+       # The form can contain any number of "Conflict Sets"
+       #   so update the list of form variables to include
+       #   each conflict set (hidden input variable)
+       for csName in formCSNames[1]:
+               newCS( csName )
+               if formData.has_key( allCSMTypes[csName][2] ):
+                       dataList = formData.getlist( allCSMTypes[csName][2] )
+                       if len( dataList ) > 0:
+                               exec 'allCSMTypes[csName][1] = ' + dataList[0]
+
+def getCurrentTime( ):
+       return time.strftime( '%Y-%m-%d %H:%M:%S', time.localtime( ) )
+
+def getName( domNode ):
+       nameNodes = domNode.getElementsByTagName( 'Name' )
+       if len( nameNodes ) == 0:
+               formatXmlError( '"<Name>" tag is missing' )
+               return None
+
+       name = ''
+       for childNode in nameNodes[0].childNodes:
+               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                       name = name + childNode.data
+
+       return name
+
+def getDate( domNode ):
+       dateNodes = domNode.getElementsByTagName( 'Date' )
+       if len( dateNodes ) == 0:
+               formatXmlError( '"<Date>" tag is missing' )
+               return None
+
+       date = ''
+       for childNode in dateNodes[0].childNodes:
+               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                       date = date + childNode.data
+
+       return date
+
+def getSteTypes( domNode, missingIsError = 0 ):
+       steNodes = domNode.getElementsByTagName( 'SimpleTypeEnforcementTypes' )
+       if len( steNodes ) == 0:
+               if missingIsError == 1:
+                       formatXmlError( '"<SimpleTypeEnforcementTypes>" tag is 
missing' )
+                       return None
+               else:
+                       return []
+
+       return getTypes( steNodes[0] )
+
+def getChWTypes( domNode, missingIsError = 0 ):
+       chwNodes = domNode.getElementsByTagName( 'ChineseWallTypes' )
+       if len( chwNodes ) == 0:
+               if missingIsError == 1:
+                       formatXmlError( '"<ChineseWallTypes>" tag is missing' )
+                       return None
+               else:
+                       return []
+
+       return getTypes( chwNodes[0] )
+
+def getTypes( domNode ):
+       types = []
+
+       domNodes = domNode.getElementsByTagName( 'Type' )
+       if len( domNodes ) == 0:
+               formatXmlError( '"<Type>" tag is missing' )
+               return None
+
+       for domNode in domNodes:
+               typeText = ''
+               for childNode in domNode.childNodes:
+                       if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                               typeText = typeText + childNode.data
+
+               if typeText == '':
+                       formatXmlError( 'No text associated with the "<Type>" 
tag' )
+                       return None
+
+               types.append( typeText )
+
+       return types
+
+def formatXmlError( msg, xml = '', lineNum = -1, colNum = -1 ):
+       global xmlMessages, xmlError
+
+       xmlError = 1
+       addMsg = cgi.escape( msg )
+
+       if lineNum != -1:
+               sio = StringIO( xml )
+               for xmlLine in sio:
+                       lineNum = lineNum - 1
+                       if lineNum == 0:
+                               break;
+
+               addMsg += '<BR><PRE>' + cgi.escape( xmlLine.rstrip( ) )
+
+               if colNum != -1:
+                       errLine = ''
+                       for i in range( colNum ):
+                               errLine = errLine + '-'
+
+                       addMsg += '\n' + errLine + '^'
+
+               addMsg += '</PRE>'
+
+       xmlMessages.append( addMsg )
+
+def formatXmlGenError( msg ):
+       global xmlMessages, xmlIncomplete
+
+       xmlIncomplete = 1
+       xmlMessages.append( cgi.escape( msg ) )
+
+def parseXml( xmlInput ):
+       global xmlMessages, xmlError, xmlLine, xmlColumn
+
+       xmlParser  = xml.sax.make_parser( )
+       try:
+               domDoc = xml.dom.minidom.parseString( xmlInput, xmlParser )
+
+       except xml.sax.SAXParseException, xmlErr:
+               msg = ''
+               msg = msg + 'XML parsing error occurred at line '
+               msg = msg + `xmlErr.getLineNumber( )`
+               msg = msg + ', column '
+               msg = msg + `xmlErr.getColumnNumber( )`
+               msg = msg + ': reason = "'
+               msg = msg + xmlErr.getMessage( )
+               msg = msg + '"'
+               formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), 
xmlErr.getColumnNumber( ) )
+               return None
+
+       except xml.sax.SAXException, xmlErr:
+               msg = ''
+               msg = msg + 'XML Parsing error: ' + `xmlErr`
+               formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), 
xmlErr.getColumnNumber( ) )
+               return None
+
+       return domDoc
+
+def parsePolicyXml( ):
+       global policyXml
+       global formPolicyName, formPolicyDate, formPolicyOrder
+       global formSteTypes, formChWallTypes
+       global allCSMTypes
+
+       domDoc = parseXml( policyXml )
+       if domDoc == None:
+               return
+
+       domRoot    = domDoc.documentElement
+       domHeaders = domRoot.getElementsByTagName( 'PolicyHeader' )
+       if len( domHeaders ) == 0:
+               msg = ''
+               msg = msg + '"<PolicyHeader>" tag is missing.\n'
+               msg = msg + 'Please validate the Policy file used.'
+               formatXmlError( msg )
+               return
+
+       pName = getName( domHeaders[0] )
+       if pName == None:
+               msg = ''
+               msg = msg + 'Error processing the Policy header information.\n'
+               msg = msg + 'Please validate the Policy file used.'
+               formatXmlError( msg )
+               return
+
+       formPolicyName[1] = pName
+
+       pDate = getDate( domHeaders[0] )
+       if pDate == None:
+               msg = ''
+               msg = msg + 'Error processing the Policy header information.\n'
+               msg = msg + 'Please validate the Policy file used.'
+               formatXmlError( msg )
+               return
+
+       formPolicyDate[1] = pDate
+
+       pOrder = ''
+       domStes = domRoot.getElementsByTagName( 'SimpleTypeEnforcement' )
+       if len( domStes ) > 0:
+               if domStes[0].hasAttribute( 'priority' ):
+                       if domStes[0].getAttribute( 'priority' ) != 
'PrimaryPolicyComponent':
+                               msg = ''
+                               msg = msg + 'Error processing the 
"<SimpleTypeEnforcement>" tag.\n'
+                               msg = msg + 'The "priority" attribute value is 
not valid.\n'
+                               msg = msg + 'Please validate the Policy file 
used.'
+                               formatXmlError( msg )
+                               return
+
+                       pOrder = 'v_Ste'
+
+               steTypes = getSteTypes( domStes[0], 1 )
+               if steTypes == None:
+                       msg = ''
+                       msg = msg + 'Error processing the SimpleTypeEnforcement 
types.\n'
+                       msg = msg + 'Please validate the Policy file used.'
+                       formatXmlError( msg )
+                       return
+
+               formSteTypes[1] = steTypes
+
+       domChWalls = domRoot.getElementsByTagName( 'ChineseWall' )
+       if len( domChWalls ) > 0:
+               if domChWalls[0].hasAttribute( 'priority' ):
+                       if domChWalls[0].getAttribute( 'priority' ) != 
'PrimaryPolicyComponent':
+                               msg = ''
+                               msg = msg + 'Error processing the 
"<ChineseWall>" tag.\n'
+                               msg = msg + 'The "priority" attribute value is 
not valid.\n'
+                               msg = msg + 'Please validate the Policy file 
used.'
+                               formatXmlError( msg )
+                               return
+
+                       if pOrder != '':
+                               msg = ''
+                               msg = msg + 'Error processing the 
"<ChineseWall>" tag.\n'
+                               msg = msg + 'The "priority" attribute has been 
previously specified.\n'
+                               msg = msg + 'Please validate the Policy file 
used.'
+                               formatXmlError( msg )
+                               return
+
+                       pOrder = 'v_ChWall'
+
+               chwTypes = getChWTypes( domChWalls[0], 1 )
+               if chwTypes == None:
+                       msg = ''
+                       msg = msg + 'Error processing the ChineseWall types.\n'
+                       msg = msg + 'Please validate the Policy file used.'
+                       formatXmlError( msg )
+                       return
+
+               formChWallTypes[1] = chwTypes
+
+               csNodes = domChWalls[0].getElementsByTagName( 'ConflictSets' )
+               if len( csNodes ) == 0:
+                       msg = ''
+                       msg = msg + 'Required "<ConflictSets>" tag missing.\n'
+                       msg = msg + 'Please validate the Policy file used.'
+                       formatXmlError( msg )
+                       return
+
+               cNodes = csNodes[0].getElementsByTagName( 'Conflict' )
+               if len( cNodes ) == 0:
+                       msg = ''
+                       msg = msg + 'Required "<Conflict>" tag missing.\n'
+                       msg = msg + 'Please validate the Policy file used.'
+                       formatXmlError( msg )
+                       return
+
+               for cNode in cNodes:
+                       csName = cNode.getAttribute( 'name' )
+                       newCS( csName, 1 )
+
+                       csMemberList = getTypes( cNode )
+                       if csMemberList == None:
+                               msg = ''
+                               msg = msg + 'Error processing the Conflict Set 
members.\n'
+                               msg = msg + 'Please validate the Policy file 
used.'
+                               formatXmlError( msg )
+                               return
+
+                       # Verify the conflict set members are valid types
+                       ctSet = Set( formChWallTypes[1] )
+                       csSet = Set( csMemberList )
+                       if not csSet.issubset( ctSet ):
+                               msg = ''
+                               msg = msg + 'Error processing Conflict Set "' + 
csName + '".\n'
+                               msg = msg + 'Members of the conflict set are 
not valid '
+                               msg = msg + 'Chinese Wall types.\n'
+                               msg = msg + 'Please validate the Policy file 
used.'
+                               formatXmlError( msg )
+
+                       allCSMTypes[csName][1] = csMemberList
+
+       if pOrder != '':
+               formPolicyOrder[1] = pOrder
+       else:
+               if (len( domStes ) > 0) or (len( domChWalls ) > 0):
+                       msg = ''
+                       msg = msg + 'The "priority" attribute has not been 
specified.\n'
+                       msg = msg + 'It must be specified on one of the access 
control types.\n'
+                       msg = msg + 'Please validate the Policy file used.'
+                       formatXmlError( msg )
+                       return
+
+def modFormTemplate( formTemplate, suffix ):
+       formVar = [x for x in formTemplate]
+
+       if formVar[2] != '':
+               formVar[2] = formVar[2] + suffix
+       if formVar[3] != '':
+               formVar[3] = formVar[3] + suffix
+       if (formVar[0] != 'button') and (formVar[4] != ''):
+               formVar[4] = formVar[4] + suffix
+
+       return formVar;
+
+def removeDups( curList ):
+       newList = []
+       curSet  = Set( curList )
+       for x in curSet:
+               newList.append( x )
+       newList.sort( )
+
+       return newList
+
+def newCS( csName, addToList = 0 ):
+       global formCSNames
+       global templateCSDel, allCSDel
+       global templateCSMTypes, templateCSMDel, templateCSMType, templateCSMAdd
+       global allCSMTypes, allCSMDel, allCSMType, allCSMAdd
+
+       csSuffix = '_' + csName
+
+       # Make sure we have an actual name and check one of the 'all'
+       # variables to be sure it hasn't been previously defined
+       if (len( csName ) > 0) and (not allCSMTypes.has_key( csName )):
+               allCSDel[csName]    = modFormTemplate( templateCSDel,    
csSuffix )
+               allCSMTypes[csName] = modFormTemplate( templateCSMTypes, 
csSuffix )
+               allCSMDel[csName]   = modFormTemplate( templateCSMDel,   
csSuffix )
+               allCSMType[csName]  = modFormTemplate( templateCSMType,  
csSuffix )
+               allCSMAdd[csName]   = modFormTemplate( templateCSMAdd,   
csSuffix )
+               if addToList == 1:
+                       formCSNames[1].append( csName )
+                       formCSNames[1] = removeDups( formCSNames[1] )
+
+def updateInfo( ):
+       global formData, formPolicyName, formPolicyDate, formPolicyOrder
+
+       if formData.has_key( formPolicyName[3] ):
+               formPolicyName[1] = formData[formPolicyName[3]].value
+       elif formData.has_key( formPolicyUpdate[3] ):
+               formPolicyName[1] = ''
+
+       if formData.has_key( formPolicyDate[3] ):
+               formPolicyDate[1] = formData[formPolicyDate[3]].value
+       elif formData.has_key( formPolicyUpdate[3] ):
+               formPolicyDate[1] = ''
+
+       if formData.has_key( formPolicyOrder[3] ):
+               formPolicyOrder[1] = formData[formPolicyOrder[3]].value
+
+def addSteType( ):
+       global formData, formSteType, formSteTypes
+
+       if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( 
formSteAdd[3] )):
+               if formData.has_key( formSteType[3] ):
+                       type = formData[formSteType[3]].value
+                       type = type.strip( )
+                       if len( type ) > 0:
+                               formSteTypes[1].append( type )
+                               formSteTypes[1] = removeDups( formSteTypes[1] )
+
+
+def delSteType( ):
+       global formData, formSteTypes
+
+       if formData.has_key( formSteTypes[3] ):
+               typeList = formData.getlist( formSteTypes[3] )
+               for type in typeList:
+                       type = type.strip( )
+                       formSteTypes[1].remove( type )
+
+def addChWallType( ):
+       global formData, formChWallType, formChWallTypes
+
+       if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( 
formChWallAdd[3] )):
+               if formData.has_key( formChWallType[3] ):
+                       type = formData[formChWallType[3]].value
+                       type = type.strip( )
+                       if len( type ) > 0:
+                               formChWallTypes[1].append( type )
+                               formChWallTypes[1] = removeDups( 
formChWallTypes[1] )
+
+def delChWallType( ):
+       global formData, formChWallTypes
+
+       if formData.has_key( formChWallTypes[3] ):
+               typeList = formData.getlist( formChWallTypes[3] )
+               for type in typeList:
+                       type = type.strip( )
+                       formChWallTypes[1].remove( type )
+
+def addCS( ):
+       global formData, formCSNames
+
+       if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( 
formCSAdd[3] )):
+               if formData.has_key( formCSName[3] ):
+                       csName = formData[formCSName[3]].value
+                       csName = csName.strip( )
+                       newCS( csName, 1 )
+
+def delCS( csName ):
+       global formData, formCSNames, allCSDel
+       global allCSMTypes, allCSMDel, allCSMType, allCSMAdd
+
+       csName = csName.strip( )
+       formCSNames[1].remove( csName )
+       del allCSDel[csName]
+       del allCSMTypes[csName]
+       del allCSMDel[csName]
+       del allCSMType[csName]
+       del allCSMAdd[csName]
+
+def addCSMember( csName ):
+       global formData, allCSMType, allCSMTypes
+
+       formVar = allCSMType[csName]
+       if formData.has_key( formVar[3] ):
+               csmList = formData.getlist( formVar[3] )
+               formVar = allCSMTypes[csName]
+               for csm in csmList:
+                       csm = csm.strip( )
+                       formVar[1].append( csm )
+                       formVar[1] = removeDups( formVar[1] )
+
+def delCSMember( csName ):
+       global formData, allCSMTypes
+
+       formVar = allCSMTypes[csName]
+       if formData.has_key( formVar[3] ):
+               csmList = formData.getlist( formVar[3] )
+               for csm in csmList:
+                       csm = csm.strip( )
+                       formVar[1].remove( csm )
+
+def processRequest( ):
+       global policyXml
+       global formData, formPolicyUpdate
+       global formSteAdd, formSteDel
+       global formChWallAdd, formChWallDel
+       global formCSAdd, allCSDel
+       global formCSNames, allCSMAdd, allCSMDel
+
+       if policyXml != '':
+               parsePolicyXml( )
+
+       # Allow the updating of the header information whenever
+       # an action is performed
+       updateInfo( )
+
+       # Allow the adding of types/sets if the user has hit the
+       # enter key when attempting to add a type/set
+       addSteType( )
+       addChWallType( )
+       addCS( )
+
+       if formData.has_key( formSteDel[3] ):
+               delSteType( )
+
+       elif formData.has_key( formChWallDel[3] ):
+               delChWallType( )
+
+       else:
+               for csName in formCSNames[1]:
+                       if formData.has_key( allCSDel[csName][3] ):
+                               delCS( csName )
+                               continue
+
+                       if formData.has_key( allCSMAdd[csName][3] ):
+                               addCSMember( csName )
+
+                       elif formData.has_key( allCSMDel[csName][3] ):
+                               delCSMember( csName )
+
+def makeName( name, suffix='' ):
+       rName = name
+       if suffix != '':
+               rName = rName + '_' + suffix
+
+       return rName
+
+def makeNameAttr( name, suffix='' ):
+       return 'name="' + makeName( name, suffix ) + '"'
+
+def makeValue( value, suffix='' ):
+       rValue = value
+
+       if isinstance( value, list ):
+               rValue = '['
+               for val in value:
+                       rValue = rValue + '\'' + val
+                       if suffix != '':
+                               rValue = rValue + '_' + suffix
+                       rValue = rValue + '\','
+               rValue = rValue + ']'
+
+       else:
+               if suffix != '':
+                       rValue = rValue + '_' + suffix
+
+       return rValue
+
+def makeValueAttr( value, suffix='' ):
+       return 'value="' + makeValue( value, suffix ) + '"'
+
+def sendHtmlFormVar( formVar, attrs='' ):
+       nameAttr  = ''
+       valueAttr = ''
+       htmlText  = ''
+
+       if formVar[0] == 'text':
+               if formVar[3] != '':
+                       nameAttr = makeNameAttr( formVar[3] )
+               valueAttr = makeValueAttr( formVar[1] )
+
+               print '<INPUT type="text"', nameAttr, valueAttr, attrs, '>'
+
+       elif formVar[0] == 'list':
+               if formVar[3] != '':
+                       nameAttr = makeNameAttr( formVar[3] )
+
+               print '<SELECT', nameAttr, attrs, '>'
+               for option in formVar[1]:
+                       print '<OPTION>' + option + '</OPTION>'
+               print '</SELECT>'
+
+       elif formVar[0] == 'button':
+               if formVar[3] != '':
+                       nameAttr = makeNameAttr( formVar[3] )
+               if formVar[4] != '':
+                       valueAttr = makeValueAttr( formVar[4] )
+
+               print '<INPUT type="submit"', nameAttr, valueAttr, attrs, '>'
+
+       elif formVar[0] == 'radiobutton':
+               if formVar[3] != '':
+                       nameAttr  = makeNameAttr( formVar[3] )
+                       valueAttr = makeValueAttr( formVar[4][rb_select] )
+                       htmlText  = formVar[5][rb_select]
+                       if formVar[4][rb_select] == formVar[1]:
+                               checked = 'checked'
+                       else:
+                               checked = ''
+
+                       print '<INPUT type="radio"', nameAttr, valueAttr, 
attrs, checked, '>', htmlText
+
+       elif formVar[0] == 'radiobutton-all':
+               if formVar[3] != '':
+                       nameAttr = makeNameAttr( formVar[3] )
+                       buttonVals  = formVar[4]
+                       buttonTexts = formVar[5]
+                       for i, buttonVal in enumerate( buttonVals ):
+                               htmlText = ''
+                               addAttrs = ''
+                               checked  = ''
+
+                               valueAttr = makeValueAttr( buttonVal )
+                               if formVar[5] != '':
+                                       htmlText = formVar[5][i]
+                               if attrs != '':
+                                       addAttrs = attrs[i]
+                               if buttonVal == formVar[1]:
+                                       checked = 'checked'
+
+                               print '<INPUT type="radio"', nameAttr, 
valueAttr, addAttrs, checked, '>', htmlText, '<BR>'
+
+       if formVar[2] != '':
+               nameAttr = makeNameAttr( formVar[2] )
+               valueAttr = makeValueAttr( formVar[1] )
+               print '<INPUT type="hidden"', nameAttr, valueAttr, '>'
+
+def sendHtmlHeaders( ):
+       # HTML headers
+       print 'Content-Type: text/html'
+       print
+
+def sendPolicyHtml( ):
+       global xmlError, xmlIncomplete, xmlMessages, formXmlGen
+
+       print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"'
+       print '  "http://www.w3.org/TR/html4/loose.dtd";>'
+
+       print '<HTML>'
+
+       sendHtmlHead( )
+
+       print '<BODY>'
+
+       # An input XML file was specified that had errors, output the
+       # error information
+       if xmlError == 1:
+               print '<P>'
+               print 'An error has been encountered while processing the input 
'
+               print 'XML file:'
+               print '<UL>'
+               for msg in xmlMessages:
+                       print '<LI>'
+                       print msg
+               print '</UL>'
+               print '</BODY>'
+               print '</HTML>'
+               return
+
+       # When attempting to generate the XML output, all required data was not
+       # present, output the error information
+       if xmlIncomplete == 1:
+               print '<P>'
+               print 'An error has been encountered while validating the data'
+               print 'required for the output XML file:'
+               print '<UL>'
+               for msg in xmlMessages:
+                       print '<LI>'
+                       print msg
+               print '</UL>'
+               print '</BODY>'
+               print '</HTML>'
+               return
+
+       print '<CENTER>'
+       print '<FORM action="' + os.environ['SCRIPT_NAME'] + '" method="post">'
+       print '<TABLE class="container">'
+       print '  <COLGROUP>'
+       print '    <COL width="100%">'
+       print '  </COLGROUP>'
+
+       print '  <TR>'
+       print '    <TD>'
+       print '      <TABLE>'
+       print '        <TR>'
+       print '          <TD>'
+       sendHtmlFormVar( formDefaultButton, 'class="hidden"' )
+       print '          </TD>'
+       print '        </TR>'
+       print '        <TR>'
+       print '          <TD>'
+       sendHtmlFormVar( formXmlGen )
+       print '          </TD>'
+       print '        </TR>'
+       print '      </TABLE>'
+       print '    </TD>'
+       print '  </TR>'
+
+       # Policy header
+       print '  <TR>'
+       print '    <TD>'
+       sendPHeaderHtml( )
+       print '    </TD>'
+       print '  </TR>'
+
+       # Separator
+       print '  <TR><TD><HR></TD></TR>'
+
+       # Policy (types)
+       print '  <TR>'
+       print '    <TD>'
+       print '      <TABLE class="full">'
+       print '        <TR>'
+       print '          <TD width="49%">'
+       sendPSteHtml( )
+       print '          </TD>'
+       print '          <TD width="2%">&nbsp;</TD>'
+       print '          <TD width="49%">'
+       sendPChWallHtml( )
+       print '          </TD>'
+       print '        </TR>'
+       print '      </TABLE>'
+       print '    </TD>'
+       print '  </TR>'
+
+       print '</TABLE>'
+       print '</FORM>'
+       print '</CENTER>'
+
+       print '</BODY>'
+
+       print '</HTML>'
+
+def sendHtmlHead( ):
+       global headTitle
+
+       print '<HEAD>'
+       print '<STYLE type="text/css">'
+       print '<!--'
+       print 'BODY            {background-color: #EEEEFF;}'
+       print 'TABLE.container {width:  90%; border: 1px solid black; 
border-collapse: seperate;}'
+       print 'TABLE.fullbox   {width: 100%; border: 1px solid black; 
border-collapse: collapse;}'
+       print 'TABLE.full      {width: 100%; border: 0px solid black; 
border-collapse: collapse;}'
+       print 'THEAD           {font-weight: bold; font-size: larger;}'
+       print 'TD              {border: 0px solid black; vertical-align: top;}'
+       print 'TD.heading      {border: 0px solid black; vertical-align: top; 
font-weight: bold; font-size: larger;}'
+       print 'TD.subheading   {border: 0px solid black; vertical-align: top; 
font-size: smaller;}'
+       print 'TD.fullbox      {border: 1px solid black; vertical-align: top;}'
+       print 'SELECT.full     {width: 100%;}'
+       print 'INPUT.full      {width: 100%;}'
+       print 'INPUT.link      {cursor: pointer; background-color: #EEEEFF; 
border: 0px; text-decoration: underline; color: blue;}'
+       print 'INPUT.hidden    {visibility: hidden; width: 1px; height: 1px;}'
+       print ':link           {color: blue;}'
+       print ':visited        {color: red;}'
+       print '-->'
+       print '</STYLE>'
+       print '<TITLE>', headTitle, '</TITLE>'
+       print '</HEAD>'
+
+def sendPHeaderHtml( ):
+       global formPolicyName, formPolicyDate, formPolicyOrder, formPolicyUpdate
+
+       # Policy header definition
+       print '<TABLE class="full">'
+       print '  <COLGROUP>'
+       print '    <COL width="20%">'
+       print '    <COL width="80%">'
+       print '  </COLGROUP>'
+       print '  <TR>'
+       print '    <TD align="center" colspan="2" class="heading">Policy 
Information</TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="right">Name:</TD>'
+       print '    <TD align="left">'
+       sendHtmlFormVar( formPolicyName, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="right">Date:</TD>'
+       print '    <TD align="left">'
+       sendHtmlFormVar( formPolicyDate, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="right">Primary Policy:</TD>'
+       print '    <TD align="left">'
+       sendHtmlFormVar( formPolicyOrder )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="center" colspan="2">'
+       sendHtmlFormVar( formPolicyUpdate )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="center" colspan="2" class="subheading">'
+       print '      (The Policy Information is updated whenever an action is 
performed'
+       print '       or it can be updated separately using the "Update" 
button)'
+       print '    </TD>'
+       print '  </TR>'
+       print '</TABLE>'
+
+def sendPSteHtml( ):
+       global formSteTypes, formSteDel, formSteType, formSteAdd
+
+       # Simple Type Enforcement...
+       print '<TABLE class="full">'
+       print '  <COLGROUP>'
+       print '    <COL width="20%">'
+       print '    <COL width="80%">'
+       print '  </COLGROUP>'
+       print '  <TR>'
+       print '    <TD align="center" colspan="2" class="heading">Simple Type 
Enforcement Types</TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD colspan="2">'
+       sendHtmlFormVar( formSteTypes, 'class="full" size="4" multiple' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD>'
+       sendHtmlFormVar( formSteDel, 'class="full"' )
+       print '    </TD>'
+       print '    <TD>'
+       print '      Delete the type(s) selected above'
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD colspan="2">'
+       sendHtmlFormVar( formSteType, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD>'
+       sendHtmlFormVar( formSteAdd, 'class="full"' )
+       print '    </TD>'
+       print '    <TD>'
+       print '      Create a new type with the above name'
+       print '    </TD>'
+       print '  </TR>'
+       print '</TABLE>'
+
+def sendPChWallHtml( ):
+       global formChWallTypes, formChWallDel, formChWallType, formChWallAdd
+       global formCSNames, formCSName, formCSAdd, allCSDel
+       global allCSMTypes, allCSMDel, allCSMType, allCSMAdd
+
+       # Chinese Wall...
+       print '<TABLE class="full">'
+       print '  <COLGROUP>'
+       print '    <COL width="20%">'
+       print '    <COL width="80%">'
+       print '  </COLGROUP>'
+       print '  <TR>'
+       print '    <TD align="center" colspan="2" class="heading">Chinese Wall 
Types</TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD colspan="2">'
+       sendHtmlFormVar( formChWallTypes, 'class="full" size="4" multiple' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD>'
+       sendHtmlFormVar( formChWallDel, 'class="full"' )
+       print '    </TD>'
+       print '    <TD>'
+       print '      Delete the type(s) selected above'
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD colspan="2">'
+       sendHtmlFormVar( formChWallType, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD>'
+       sendHtmlFormVar( formChWallAdd, 'class="full"' )
+       print '    </TD>'
+       print '    <TD>'
+       print '      Create a new type with the above name'
+       print '    </TD>'
+       print '  </TR>'
+
+       # Chinese Wall Conflict Sets...
+       print '  <TR>'
+       print '    <TD colspan="2">'
+       print '      <TABLE class="full">'
+       print '        <COLGROUP>'
+       print '          <COL width="20%">'
+       print '          <COL width="30%">'
+       print '          <COL width="50%">'
+       print '        </COLGROUP>'
+       print '        <THEAD>'
+       print '          <TR>'
+       print '            <TD align="center" colspan="3"><HR></TD>'
+       print '          </TR>'
+       print '          <TR>'
+       print '            <TD align="center" colspan="3">Chinese Wall Conflict 
Sets</TD>'
+       print '          </TR>'
+       print '        </THEAD>'
+       print '        <TR>'
+       print '          <TD colspan="3">'
+       sendHtmlFormVar( formCSName, 'class="full"' )
+       sendHtmlFormVar( formCSNames )
+       print '          </TD>'
+       print '        </TR>'
+       print '        <TR>'
+       print '          <TD>'
+       sendHtmlFormVar( formCSAdd, 'class="full"' )
+       print '          </TD>'
+       print '          <TD colspan="2">'
+       print '            Create a new conflict set with the above name'
+       print '          </TD>'
+       print '        </TR>'
+       print '      </TABLE>'
+       print '    </TD>'
+       print '  </TR>'
+       if len( formCSNames[1] ) > 0:
+               print '  <TR>'
+               print '    <TD colspan="2">'
+               print '      &nbsp;'
+               print '    </TD>'
+               print '  </TR>'
+               print '  <TR>'
+               print '    <TD colspan="2">'
+               print '      <TABLE class="fullbox">'
+               print '        <COLGROUP>'
+               print '          <COL width="50%">'
+               print '          <COL width="50%">'
+               print '        </COLGROUP>'
+               print '        <THEAD>'
+               print '          <TR>'
+               print '            <TD class="fullbox">Name</TD>'
+               print '            <TD class="fullbox">Actions</TD>'
+               print '          </TR>'
+               print '        </THEAD>'
+               for i, csName in enumerate( formCSNames[1] ):
+                       print '        <TR>'
+                       print '          <TD class="fullbox">' + csName + 
'</TD>'
+                       print '          <TD class="fullbox">'
+                       print '            <A href="#' + csName + '">Edit</A>'
+                       formVar = allCSDel[csName]
+                       sendHtmlFormVar( formVar, 'class="link"' )
+                       print '          </TD>'
+               print '      </TABLE>'
+               print '    </TD>'
+               print '  </TR>'
+               for csName in formCSNames[1]:
+                       print '  <TR><TD colspan="2"><HR></TD></TR>'
+                       print '  <TR>'
+                       print '    <TD align="center" colspan="2" 
class="heading"><A name="' + csName + '">Conflict Set: ' + csName + '</A></TD>'
+                       print '  </TR>'
+                       print '  <TR>'
+                       print '    <TD colspan="2">'
+                       formVar = allCSMTypes[csName];
+                       sendHtmlFormVar( formVar, 'class="full" size="4" 
multiple"' )
+                       print '    </TD>'
+                       print '  </TR>'
+                       print '  <TR>'
+                       print '    <TD>'
+                       formVar = allCSMDel[csName]
+                       sendHtmlFormVar( formVar, 'class="full"' )
+                       print '    </TD>'
+                       print '    <TD>'
+                       print '      Delete the type(s) selected above'
+                       print '    </TD>'
+                       print '  </TR>'
+                       print '  <TR>'
+                       print '    <TD colspan="2">'
+                       ctSet = Set( formChWallTypes[1] )
+                       csSet = Set( allCSMTypes[csName][1] )
+                       formVar = allCSMType[csName]
+                       formVar[1] = []
+                       for chwallType in ctSet.difference( csSet ):
+                               formVar[1].append( chwallType )
+                       formVar[1].sort( )
+                       sendHtmlFormVar( formVar, 'class="full" size="2" 
multiple' )
+                       print '    </TD>'
+                       print '  </TR>'
+                       print '  <TR>'
+                       print '    <TD>'
+                       formVar = allCSMAdd[csName]
+                       sendHtmlFormVar( formVar, 'class="full"' )
+                       print '    </TD>'
+                       print '    <TD>'
+                       print '      Add the type(s) selected above'
+                       print '    </TD>'
+                       print '  </TR>'
+
+       print '</TABLE>'
+
+def checkXmlData( ):
+       global xmlIncomplete
+
+       # Validate the Policy Header requirements
+       if ( len( formPolicyName[1] ) > 0 ) or ( len( formPolicyDate[1] ) > 0 ):
+               if ( len( formPolicyName[1] ) == 0 ) or ( len( 
formPolicyDate[1] ) == 0 ):
+                       msg = ''
+                       msg = msg + 'The XML policy schema requires that the 
Policy '
+                       msg = msg + 'Information Name and Date fields both have 
values '
+                       msg = msg + 'or both not have values.'
+                       formatXmlGenError( msg )
+
+       if formPolicyOrder[1] == 'v_ChWall':
+               if len( formChWallTypes[1] ) == 0:
+                       msg = ''
+                       msg = msg + 'You have specified the primary policy to 
be '
+                       msg = msg + 'Chinese Wall but have not created any 
Chinese '
+                       msg = msg + 'Wall types.  Please create some Chinese 
Wall '
+                       msg = msg + 'types or change the primary policy.'
+                       formatXmlGenError( msg )
+
+       if formPolicyOrder[1] == 'v_Ste':
+               if len( formSteTypes[1] ) == 0:
+                       msg = ''
+                       msg = msg + 'You have specified the primary policy to 
be '
+                       msg = msg + 'Simple Type Enforcement but have not 
created '
+                       msg = msg + 'any Simple Type Enforcement types.  Please 
create '
+                       msg = msg + 'some Simple Type Enforcement types or 
change the '
+                       msg = msg + 'primary policy.'
+                       formatXmlGenError( msg )
+
+       # Validate the Chinese Wall required data
+       if len( formChWallTypes[1] ) > 0:
+               if len( formCSNames[1] ) == 0:
+                       msg = ''
+                       msg = msg + 'The XML policy schema for the Chinese Wall 
'
+                       msg = msg + 'requires at least one Conflict Set be 
defined.'
+                       formatXmlGenError( msg )
+
+def sendXmlHeaders( ):
+       # HTML headers
+       print 'Content-Type: text/xml'
+       print 'Content-Disposition: attachment; filename=security_policy.xml'
+       print
+
+def sendPolicyXml( ):
+       print '<?xml version="1.0"?>'
+
+       print '<SecurityPolicyDefinition xmlns="http://www.ibm.com";'
+       print '                          
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";'
+       print '                          xsi:schemaLocation="http://www.ibm.com 
security_policy.xsd">'
+
+       # Policy header
+       sendPHeaderXml( )
+
+       # Policy (types)
+       sendPSteXml( )
+       sendPChWallXml( )
+
+       print '</SecurityPolicyDefinition>'
+
+def sendPHeaderXml( ):
+       global formPolicyName, formPolicyDate
+
+       # Policy header definition
+       if ( len( formPolicyName[1] ) > 0 ) or ( len( formPolicyDate[1] ) > 0 ):
+               print '<PolicyHeader>'
+               print '  <Name>' + formPolicyName[1] + '</Name>'
+               print '  <Date>' + formPolicyDate[1] + '</Date>'
+               print '</PolicyHeader>'
+
+def sendPSteXml( ):
+       global formPolicyOrder, formSteTypes
+
+       # Simple Type Enforcement...
+       if len( formSteTypes[1] ) == 0:
+               return
+
+       if formPolicyOrder[1] == 'v_Ste':
+               print '<SimpleTypeEnforcement 
priority="PrimaryPolicyComponent">'
+       else:
+               print '<SimpleTypeEnforcement>'
+
+       print '  <SimpleTypeEnforcementTypes>'
+       for steType in formSteTypes[1]:
+               print '    <Type>' + steType + '</Type>'
+       print '  </SimpleTypeEnforcementTypes>'
+
+       print '</SimpleTypeEnforcement>'
+
+def sendPChWallXml( ):
+       global formPolicyOrder, formChWallTypes
+       global formCSNames, allCSMTypes
+
+       # Chinese Wall...
+       if len( formChWallTypes[1] ) == 0:
+               return
+
+       if formPolicyOrder[1] == 'v_ChWall':
+               print '<ChineseWall priority="PrimaryPolicyComponent">'
+       else:
+               print '<ChineseWall>'
+
+       print '  <ChineseWallTypes>'
+       for chWallType in formChWallTypes[1]:
+               print '    <Type>' + chWallType + '</Type>'
+       print '  </ChineseWallTypes>'
+
+       # Chinese Wall Conflict Sets...
+       print '  <ConflictSets>'
+       for cs in formCSNames[1]:
+               formVar = allCSMTypes[cs]
+               if len( formVar[1] ) == 0:
+                       continue
+               print '    <Conflict name="' + cs + '">'
+               for csm in formVar[1]:
+                       print '      <Type>' + csm + '</Type>'
+               print '    </Conflict>'
+       print '  </ConflictSets>'
+
+       print '</ChineseWall>'
+
+
+# Set up initial HTML variables
+headTitle = 'Xen Policy Generation'
+
+# Form variables
+#   The format of these variables is as follows:
+#   [ p0, p1, p2, p3, p4, p5 ]
+#     p0 = input type
+#     p1 = the current value of the variable
+#     p2 = the hidden input name attribute
+#     p3 = the name attribute
+#     p4 = the value attribute
+#     p5 = text to associate with the tag
+formPolicyName    = [ 'text',
+                       '',
+                       'h_policyName',
+                       'i_policyName',
+                       '',
+                       '',
+                   ]
+formPolicyDate    = [ 'text',
+                       getCurrentTime( ),
+                       'h_policyDate',
+                       'i_policyDate',
+                       '',
+                       '',
+                   ]
+formPolicyOrder   = [ 'radiobutton-all',
+                       'v_ChWall',
+                       'h_policyOrder',
+                       'i_policyOrder',
+                       [ 'v_Ste', 'v_ChWall' ],
+                       [ 'Simple Type Enforcement', 'Chinese Wall' ],
+                   ]
+formPolicyUpdate  = [ 'button',
+                       '',
+                       '',
+                       'i_PolicyUpdate',
+                       'Update',
+                       '',
+                   ]
+
+formSteTypes      = [ 'list',
+                       [],
+                       'h_steTypes',
+                       'i_steTypes',
+                       '',
+                       '',
+                   ]
+formSteDel        = [ 'button',
+                       '',
+                       '',
+                       'i_steDel',
+                       'Delete',
+                       '',
+                   ]
+formSteType       = [ 'text',
+                       '',
+                       '',
+                       'i_steType',
+                       '',
+                       '',
+                   ]
+formSteAdd        = [ 'button',
+                       '',
+                       '',
+                       'i_steAdd',
+                       'New',
+                       '',
+                   ]
+
+formChWallTypes   = [ 'list',
+                       [],
+                       'h_chwallTypes',
+                       'i_chwallTypes',
+                       '',
+                       '',
+                   ]
+formChWallDel     = [ 'button',
+                       '',
+                       '',
+                       'i_chwallDel',
+                       'Delete',
+                       '',
+                   ]
+formChWallType    = [ 'text',
+                       '',
+                       '',
+                       'i_chwallType',
+                       '',
+                       '',
+                   ]
+formChWallAdd     = [ 'button',
+                       '',
+                       '',
+                       'i_chwallAdd',
+                       'New',
+                       '',
+                   ]
+
+formCSNames       = [ '',
+                       [],
+                       'h_csNames',
+                       '',
+                       '',
+                       '',
+                   ]
+formCSName        = [ 'text',
+                       '',
+                       '',
+                       'i_csName',
+                       '',
+                       '',
+                   ]
+formCSAdd         = [ 'button',
+                       '',
+                       '',
+                       'i_csAdd',
+                       'New',
+                       '',
+                   ]
+
+formXmlGen          = [ 'button',
+                       '',
+                       '',
+                       'i_xmlGen',
+                       'Generate XML',
+                       '',
+                   ]
+
+formDefaultButton = [ 'button',
+                       '',
+                       '',
+                       'i_defaultButton',
+                       '.',
+                       '',
+                   ]
+
+# This is a set of templates used for each conflict set
+#   Each conflict set is initially assigned these templates,
+#   then each form attribute value is changed to append
+#   "_conflict-set-name" for uniqueness
+templateCSDel     = [ 'button',
+                       '',
+                       '',
+                       'i_csDel',
+                       'Delete',
+                       '',
+                   ]
+allCSDel          = {};
+
+templateCSMTypes  = [ 'list',
+                       [],
+                       'h_csmTypes',
+                       'i_csmTypes',
+                       '',
+                       '',
+                   ]
+templateCSMDel    = [ 'button',
+                       '',
+                       '',
+                       'i_csmDel',
+                       'Delete',
+                       '',
+                   ]
+templateCSMType   = [ 'list',
+                       [],
+                       '',
+                       'i_csmType',
+                       '',
+                       '',
+                   ]
+templateCSMAdd    = [ 'button',
+                       '',
+                       '',
+                       'i_csmAdd',
+                       'Add',
+                       '',
+                   ]
+allCSMTypes       = {};
+allCSMDel         = {};
+allCSMType        = {};
+allCSMAdd         = {};
+
+# A list of all form variables used for saving info across requests
+formVariables     = [ formPolicyName,
+                       formPolicyDate,
+                       formPolicyOrder,
+                       formSteTypes,
+                       formChWallTypes,
+                       formCSNames,
+                   ]
+
+policyXml         = ''
+xmlError          = 0
+xmlIncomplete     = 0
+xmlMessages       = []
+
+
+# Extract any form data
+formData = cgi.FieldStorage( )
+
+# Process the form
+getSavedData( )
+processRequest( )
+
+if formData.has_key( formXmlGen[3] ):
+       # Generate and send the XML file
+       checkXmlData( )
+
+       if xmlIncomplete == 0:
+               sendXmlHeaders( )
+               sendPolicyXml( )
+
+if (not formData.has_key( formXmlGen[3] )) or (xmlIncomplete == 1 ):
+       # Send HTML to continue processing the form
+       sendHtmlHeaders( )
+       sendPolicyHtml( )
diff -r bdcb115c667a -r db5feb4ccc13 
tools/security/python/xensec_gen/cgi-bin/policylabel.cgi
--- /dev/null   Sat Dec 10 23:20:08 2005
+++ b/tools/security/python/xensec_gen/cgi-bin/policylabel.cgi  Mon Dec 12 
19:10:23 2005
@@ -0,0 +1,1396 @@
+#!/usr/bin/python
+#
+# The Initial Developer of the Original Code is International
+# Business Machines Corporation. Portions created by IBM
+# Corporation are Copyright (C) 2005 International Business
+# Machines Corporation. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License,
+# or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import os
+import cgi
+import cgitb; cgitb.enable( )
+import time
+import xml.dom.minidom
+import xml.sax
+import xml.sax.handler
+from StringIO import StringIO
+from sets import Set
+
+def getSavedData( ):
+       global formData, policyXml, policyLabelXml
+       global formVariables, formVmNames
+       global allVmChWs, allVmStes
+
+       # Process the XML upload policy file
+       if formData.has_key( 'i_policy' ):
+               dataList = formData.getlist( 'i_policy' )
+               if len( dataList ) > 0:
+                       policyXml = dataList[0].strip( )
+
+       # The XML upload policy file must be specified at the start
+       if formData.has_key( 'i_policyLabelCreate' ):
+               if policyXml == '':
+                       msg = ''
+                       msg = msg + 'A Policy file was not supplied.  A Policy 
file '
+                       msg = msg + 'must be supplied in order to successfully 
create '
+                       msg = msg + 'a Policy Labeling file.'
+                       formatXmlError( msg )
+
+       # Process the XML upload policy label file
+       if formData.has_key( 'i_policyLabel' ):
+               dataList = formData.getlist( 'i_policyLabel' )
+               if len( dataList ) > 0:
+                       policyLabelXml = dataList[0].strip( )
+
+       # Process all the hidden input variables (if present)
+       for formVar in formVariables:
+               if formVar[2] == '':
+                       continue
+
+               if formData.has_key( formVar[2] ):
+                       dataList = formData.getlist( formVar[2] )
+                       if len( dataList ) > 0:
+                               if isinstance( formVar[1], list ):
+                                       exec 'formVar[1] = ' + dataList[0]
+                               else:
+                                       formVar[1] = dataList[0]
+
+       # The form can contain any number of "Virtual Machines"
+       #   so update the list of form variables to include
+       #   each virtual machine (hidden input variable)
+       for vmName in formVmNames[1]:
+               newVm( vmName )
+
+               vmFormVar = allVmChWs[vmName]
+               if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ):
+                       dataList = formData.getlist( vmFormVar[2] )
+                       if len( dataList ) > 0:
+                               if isinstance( vmFormVar[1], list ):
+                                       exec 'vmFormVar[1] = ' + dataList[0]
+                               else:
+                                       vmFormVar[1] = dataList[0]
+
+               vmFormVar = allVmStes[vmName]
+               if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ):
+                       dataList = formData.getlist( vmFormVar[2] )
+                       if len( dataList ) > 0:
+                               if isinstance( vmFormVar[1], list ):
+                                       exec 'vmFormVar[1] = ' + dataList[0]
+                               else:
+                                       vmFormVar[1] = dataList[0]
+
+def getCurrentTime( ):
+       return time.strftime( '%Y-%m-%d %H:%M:%S', time.localtime( ) )
+
+def getName( domNode ):
+       nameNodes = domNode.getElementsByTagName( 'Name' )
+       if len( nameNodes ) == 0:
+               formatXmlError( '"<Name>" tag is missing' )
+               return None
+
+       name = ''
+       for childNode in nameNodes[0].childNodes:
+               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                       name = name + childNode.data
+
+       return name
+
+def getDate( domNode ):
+       dateNodes = domNode.getElementsByTagName( 'Date' )
+       if len( dateNodes ) == 0:
+               formatXmlError( '"<Date>" tag is missing' )
+               return None
+
+       date = ''
+       for childNode in dateNodes[0].childNodes:
+               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                       date = date + childNode.data
+
+       return date
+
+def getDefUrl( domNode ):
+       domNodes = domNode.getElementsByTagName( 'PolicyName' )
+       if len( domNodes ) == 0:
+               formatXmlError( '"<PolicyName>" tag is missing' )
+               return None
+
+       urlNodes = domNode.getElementsByTagName( 'Url' )
+       if len( urlNodes ) == 0:
+               formatXmlError( '"<Url>" tag is missing' )
+               return None
+
+       url = ''
+       for childNode in urlNodes[0].childNodes:
+               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                       url = url + childNode.data
+
+       return url
+
+def getDefRef( domNode ):
+       domNodes = domNode.getElementsByTagName( 'PolicyName' )
+       if len( domNodes ) == 0:
+               formatXmlError( '"<PolicyName>" tag is missing' )
+               return None
+
+       refNodes = domNode.getElementsByTagName( 'Reference' )
+       if len( refNodes ) == 0:
+               formatXmlError( '"<Reference>" tag is missing' )
+               return None
+
+       ref = ''
+       for childNode in refNodes[0].childNodes:
+               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                       ref = ref + childNode.data
+
+       return ref
+
+def getSteTypes( domNode, missingIsError = 0 ):
+       steNodes = domNode.getElementsByTagName( 'SimpleTypeEnforcementTypes' )
+       if len( steNodes ) == 0:
+               if missingIsError == 1:
+                       formatXmlError( '"<SimpleTypeEnforcementTypes>" tag is 
missing' )
+                       return None
+               else:
+                       return []
+
+       return getTypes( steNodes[0] )
+
+def getChWTypes( domNode, missingIsError = 0 ):
+       chwNodes = domNode.getElementsByTagName( 'ChineseWallTypes' )
+       if len( chwNodes ) == 0:
+               if missingIsError == 1:
+                       formatXmlError( '"<ChineseWallTypes>" tag is missing' )
+                       return None
+               else:
+                       return []
+
+       return getTypes( chwNodes[0] )
+
+def getTypes( domNode ):
+       types = []
+
+       domNodes = domNode.getElementsByTagName( 'Type' )
+       if len( domNodes ) == 0:
+               formatXmlError( '"<Type>" tag is missing' )
+               return None
+
+       for domNode in domNodes:
+               typeText = ''
+               for childNode in domNode.childNodes:
+                       if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                               typeText = typeText + childNode.data
+
+               if typeText == '':
+                       formatXmlError( 'No text associated with the "<Type>" 
tag' )
+                       return None
+
+               types.append( typeText )
+
+       return types
+
+def formatXmlError( msg, xml = '', lineNum = -1, colNum = -1 ):
+       global xmlMessages, xmlError
+
+       xmlError = 1
+       addMsg = cgi.escape( msg )
+
+       if lineNum != -1:
+               sio = StringIO( xml )
+               for xmlLine in sio:
+                       lineNum = lineNum - 1
+                       if lineNum == 0:
+                               break;
+
+               addMsg += '<BR><PRE>' + cgi.escape( xmlLine.rstrip( ) )
+
+               if colNum != -1:
+                       errLine = ''
+                       for i in range( colNum ):
+                               errLine = errLine + '-'
+
+                       addMsg += '\n' + errLine + '^'
+
+               addMsg += '</PRE>'
+
+       xmlMessages.append( addMsg )
+
+def formatXmlGenError( msg ):
+       global xmlMessages, xmlIncomplete
+
+       xmlIncomplete = 1
+       xmlMessages.append( cgi.escape( msg ) )
+
+def parseXml( xmlInput ):
+       global xmlMessages, xmlError, xmlLine, xmlColumn
+
+       xmlParser  = xml.sax.make_parser( )
+       try:
+               domDoc = xml.dom.minidom.parseString( xmlInput, xmlParser )
+
+       except xml.sax.SAXParseException, xmlErr:
+               msg = ''
+               msg = msg + 'XML parsing error occurred at line '
+               msg = msg + `xmlErr.getLineNumber( )`
+               msg = msg + ', column '
+               msg = msg + `xmlErr.getColumnNumber( )`
+               msg = msg + ': reason = "'
+               msg = msg + xmlErr.getMessage( )
+               msg = msg + '"'
+               formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), 
xmlErr.getColumnNumber( ) )
+               return None
+
+       except xml.sax.SAXException, xmlErr:
+               msg = ''
+               msg = msg + 'XML Parsing error: ' + `xmlErr`
+               formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), 
xmlErr.getColumnNumber( ) )
+               return None
+
+       return domDoc
+
+def parsePolicyXml( ):
+       global policyXml
+       global formSteTypes, formChWallTypes
+
+       domDoc = parseXml( policyXml )
+       if domDoc == None:
+               return
+
+       domRoot  = domDoc.documentElement
+       domNodes = domRoot.getElementsByTagName( 'SimpleTypeEnforcement' )
+       if len( domNodes ) > 0:
+               steTypes = getSteTypes( domNodes[0], 1 )
+               if steTypes == None:
+                       msg = ''
+                       msg = msg + 'Error processing the SimpleTypeEnforcement 
types.\n'
+                       msg = msg + 'Please validate the Policy Definition file 
used.'
+                       formatXmlError( msg )
+                       return
+
+               formSteTypes[1] = steTypes
+
+       domNodes = domRoot.getElementsByTagName( 'ChineseWall' )
+       if len( domNodes ) > 0:
+               chwTypes = getChWTypes( domNodes[0], 1 )
+               if chwTypes == None:
+                       msg = ''
+                       msg = msg + 'Error processing the ChineseWall types.\n'
+                       msg = msg + 'Please validate the Policy Definition file 
used.'
+                       formatXmlError( msg )
+                       return
+
+               formChWallTypes[1] = chwTypes
+
+def parsePolicyLabelXml( ):
+       global policyLabelXml
+
+       domDoc = parseXml( policyLabelXml )
+       if domDoc == None:
+               return
+
+       domRoot     = domDoc.documentElement
+       domHeaders = domRoot.getElementsByTagName( 'LabelHeader' )
+       if len( domHeaders ) == 0:
+               msg = ''
+               msg = msg + '"<LabelHeader>" tag is missing.\n'
+               msg = msg + 'Please validate the Policy Labeling file used.'
+               formatXmlError( msg )
+               return
+
+       pName = getName( domHeaders[0] )
+       if pName == None:
+               msg = ''
+               msg = msg + 'Error processing the Policy Labeling header 
information.\n'
+               msg = msg + 'Please validate the Policy Labeling file used.'
+               formatXmlError( msg )
+               return
+
+       formPolicyLabelName[1] = pName
+
+       pDate = getDate( domHeaders[0] )
+       if pDate == None:
+               msg = ''
+               msg = msg + 'Error processing the Policy Labeling header 
information.\n'
+               msg = msg + 'Please validate the Policy Labeling file used.'
+               formatXmlError( msg )
+               return
+
+       formPolicyLabelDate[1] = pDate
+
+       pUrl = getDefUrl( domHeaders[0] )
+       if pUrl == None:
+               msg = ''
+               msg = msg + 'Error processing the Policy Labeling header 
information.\n'
+               msg = msg + 'Please validate the Policy Labeling file used.'
+               formatXmlError( msg )
+               return
+
+       formPolicyUrl[1] = pUrl
+
+       pRef = getDefRef( domHeaders[0] )
+       if pRef == None:
+               msg = ''
+               msg = msg + 'Error processing the Policy Labeling header 
information.\n'
+               msg = msg + 'Please validate the Policy Labeling file used.'
+               formatXmlError( msg )
+               return
+
+       formPolicyRef[1] = pRef
+
+       domSubjects = domRoot.getElementsByTagName( 'SubjectLabels' )
+       if len( domSubjects ) > 0:
+               formVmNameDom0[1] = domSubjects[0].getAttribute( 'bootstrap' )
+               domNodes = domSubjects[0].getElementsByTagName( 
'VirtualMachineLabel' )
+               for domNode in domNodes:
+                       vmName = getName( domNode )
+                       if vmName == None:
+                               msg = ''
+                               msg = msg + 'Error processing the 
VirtualMachineLabel name.\n'
+                               msg = msg + 'Please validate the Policy 
Labeling file used.'
+                               formatXmlError( msg )
+                               continue
+
+                       steTypes = getSteTypes( domNode )
+                       if steTypes == None:
+                               msg = ''
+                               msg = msg + 'Error processing the 
SimpleTypeEnforcement types.\n'
+                               msg = msg + 'Please validate the Policy 
Labeling file used.'
+                               formatXmlError( msg )
+                               return
+
+                       chwTypes = getChWTypes( domNode )
+                       if chwTypes == None:
+                               msg = ''
+                               msg = msg + 'Error processing the ChineseWall 
types.\n'
+                               msg = msg + 'Please validate the Policy 
Labeling file used.'
+                               formatXmlError( msg )
+                               return
+
+                       newVm( vmName, 1 )
+                       allVmStes[vmName][1] = steTypes
+                       allVmChWs[vmName][1] = chwTypes
+
+def removeDups( curList ):
+       newList = []
+       curSet  = Set( curList )
+       for x in curSet:
+               newList.append( x )
+       newList.sort( )
+
+       return newList
+
+def newVm( vmName, addToList = 0 ):
+       global formVmNames
+       global templateVmDel, allVmDel, templateVmDom0, allVmDom0
+       global templateVmChWs, templateVmChWDel, templateVmChW, templateVmChWAdd
+       global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd
+       global templateVmStes, templateVmSteDel, templateVmSte, templateVmSteAdd
+       global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd
+
+       # Make sure we have an actual name and check one of the 'all'
+       # variables to be sure it hasn't been previously defined
+       if (len( vmName ) > 0) and (not allVmDom0.has_key( vmName )):
+               vmSuffix = '_' + vmName
+               allVmDom0[vmName]   = modFormTemplate( templateVmDom0,   
vmSuffix )
+               allVmDel[vmName]    = modFormTemplate( templateVmDel,    
vmSuffix )
+               allVmChWs[vmName]   = modFormTemplate( templateVmChWs,   
vmSuffix )
+               allVmChWDel[vmName] = modFormTemplate( templateVmChWDel, 
vmSuffix )
+               allVmChW[vmName]    = modFormTemplate( templateVmChW,    
vmSuffix )
+               allVmChWAdd[vmName] = modFormTemplate( templateVmChWAdd, 
vmSuffix )
+               allVmStes[vmName]   = modFormTemplate( templateVmStes,   
vmSuffix )
+               allVmSteDel[vmName] = modFormTemplate( templateVmSteDel, 
vmSuffix )
+               allVmSte[vmName]    = modFormTemplate( templateVmSte,    
vmSuffix )
+               allVmSteAdd[vmName] = modFormTemplate( templateVmSteAdd, 
vmSuffix )
+               if addToList == 1:
+                       formVmNames[1].append( vmName )
+                       formVmNames[1] = removeDups( formVmNames[1] )
+
+def updateInfo( ):
+       global formData, formPolicyLabelName, formPolicyLabelDate
+       global formPolicyUrl, formPolicyRef
+
+       if formData.has_key( formPolicyLabelName[3] ):
+               formPolicyLabelName[1] = formData[formPolicyLabelName[3]].value
+       elif formData.has_key( formPolicyLabelUpdate[3] ):
+               formPolicyLabelName[1] = ''
+
+       if formData.has_key( formPolicyLabelDate[3] ):
+               formPolicyLabelDate[1] = formData[formPolicyLabelDate[3]].value
+       elif formData.has_key( formPolicyLabelUpdate[3] ):
+               formPolicyLabelDate[1] = ''
+
+       if formData.has_key( formPolicyUrl[3] ):
+               formPolicyUrl[1] = formData[formPolicyUrl[3]].value
+       elif formData.has_key( formPolicyLabelUpdate[3] ):
+               formPolicyUrl[1] = ''
+
+       if formData.has_key( formPolicyRef[3] ):
+               formPolicyRef[1] = formData[formPolicyRef[3]].value
+       elif formData.has_key( formPolicyLabelUpdate[3] ):
+               formPolicyRef[1] = ''
+
+def addVm( ):
+       global formData, fromVmName, formVmNames, formVmNameDom0
+
+       if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( 
formVmAdd[3] )):
+               if formData.has_key( formVmName[3] ):
+                       vmName = formData[formVmName[3]].value
+                       vmName = vmName.strip( )
+                       newVm( vmName, 1 )
+                       if formVmNameDom0[1] == '':
+                               formVmNameDom0[1] = vmName
+
+def delVm( vmName ):
+       global formVmNames, formVmNameDom0
+       global allVmDel, allVmDom0
+       global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd
+       global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd
+
+       vmName = vmName.strip( )
+       formVmNames[1].remove( vmName )
+       del allVmDom0[vmName]
+       del allVmDel[vmName]
+       del allVmChWs[vmName]
+       del allVmChWDel[vmName]
+       del allVmChW[vmName]
+       del allVmChWAdd[vmName]
+       del allVmStes[vmName]
+       del allVmSteDel[vmName]
+       del allVmSte[vmName]
+       del allVmSteAdd[vmName]
+
+       if formVmNameDom0[1] == vmName:
+               if len( formVmNames[1] ) > 0:
+                       formVmNameDom0[1] = formVmNames[1][0]
+               else:
+                       formVmNameDom0[1] = ''
+
+def makeVmDom0( vmName ):
+       global formVmNameDom0
+
+       vmName = vmName.strip( )
+       formVmNameDom0[1] = vmName
+
+def addVmChW( chwName ):
+       global formData, allVmChW, allVmChWs
+
+       formVar = allVmChW[chwName]
+       if formData.has_key( formVar[3] ):
+               chwList = formData.getlist( formVar[3] )
+               formVar = allVmChWs[chwName]
+               for chw in chwList:
+                       chw = chw.strip( )
+                       formVar[1].append( chw )
+                       formVar[1] = removeDups( formVar[1] )
+
+def delVmChW( chwName ):
+       global formData, allVmChWs
+
+       formVar = allVmChWs[chwName]
+       if formData.has_key( formVar[3] ):
+               chwList = formData.getlist( formVar[3] )
+               for chw in chwList:
+                       chw = chw.strip( )
+                       formVar[1].remove( chw )
+
+def addVmSte( steName ):
+       global formData, allVmSte, allVmStes
+
+       formVar = allVmSte[steName]
+       if formData.has_key( formVar[3] ):
+               steList = formData.getlist( formVar[3] )
+               formVar = allVmStes[steName]
+               for ste in steList:
+                       ste = ste.strip( )
+                       formVar[1].append( ste )
+                       formVar[1] = removeDups( formVar[1] )
+
+def delVmSte( steName ):
+       global formData, allVmStes
+
+       formVar = allVmStes[steName]
+       if formData.has_key( formVar[3] ):
+               steList = formData.getlist( formVar[3] )
+               for ste in steList:
+                       ste = ste.strip( )
+                       formVar[1].remove( ste )
+
+def processRequest( ):
+       global formData, policyXml, policyLabelXml, formPolicyLabelUpdate
+       global formVmAdd
+       global formVmNames, allVmDel, allVmDom0
+       global allVmChWAdd, allVmChWDel, allVmSteAdd, allVmSteDel
+
+       if policyXml != '':
+               parsePolicyXml( )
+
+       if policyLabelXml != '':
+               parsePolicyLabelXml( )
+
+       # Allow the updating of the header information whenever
+       # an action is performed
+       updateInfo( )
+
+       # Allow the adding of labels if the user has hit the
+       # enter key when attempting to add a type/set
+       addVm( )
+
+       for vmName in formVmNames[1]:
+               if formData.has_key( allVmDel[vmName][3] ):
+                       delVm( vmName )
+                       continue
+
+               if formData.has_key( allVmDom0[vmName][3] ):
+                       makeVmDom0( vmName )
+
+               if formData.has_key( allVmChWAdd[vmName][3] ):
+                       addVmChW( vmName )
+
+               elif formData.has_key( allVmChWDel[vmName][3] ):
+                       delVmChW( vmName )
+
+               elif formData.has_key( allVmSteAdd[vmName][3] ):
+                       addVmSte( vmName )
+
+               elif formData.has_key( allVmSteDel[vmName][3] ):
+                       delVmSte( vmName )
+
+def modFormTemplate( formTemplate, suffix ):
+       formVar = [x for x in formTemplate]
+
+       if formVar[2] != '':
+               formVar[2] = formVar[2] + suffix
+       if formVar[3] != '':
+               formVar[3] = formVar[3] + suffix
+       if (formVar[0] != 'button') and (formVar[4] != ''):
+               formVar[4] = formVar[4] + suffix
+
+       return formVar;
+
+def makeName( name, suffix='' ):
+       rName = name
+       if suffix != '':
+               rName = rName + '_' + suffix
+
+       return rName
+
+def makeNameAttr( name, suffix='' ):
+       return 'name="' + makeName( name, suffix ) + '"'
+
+def makeValue( value, suffix='' ):
+       rValue = value
+
+       if isinstance( value, list ):
+               rValue = '['
+               for val in value:
+                       rValue = rValue + '\'' + val
+                       if suffix != '':
+                               rValue = rValue + '_' + suffix
+                       rValue = rValue + '\','
+               rValue = rValue + ']'
+
+       else:
+               if suffix != '':
+                       rValue = rValue + '_' + suffix
+
+       return rValue
+
+def makeValueAttr( value, suffix='' ):
+       return 'value="' + makeValue( value, suffix ) + '"'
+
+def sendHtmlFormVar( formVar, attrs='', rb_select=0 ):
+       nameAttr  = ''
+       valueAttr = ''
+       htmlText  = ''
+
+       if formVar[0] == 'text':
+               if formVar[3] != '':
+                       nameAttr = makeNameAttr( formVar[3] )
+               valueAttr = makeValueAttr( formVar[1] )
+
+               print '<INPUT type="text"', nameAttr, valueAttr, attrs, '>'
+
+       elif formVar[0] == 'list':
+               if formVar[3] != '':
+                       nameAttr = makeNameAttr( formVar[3] )
+
+               print '<SELECT', nameAttr, attrs, '>'
+               for option in formVar[1]:
+                       print '<OPTION>' + option + '</OPTION>'
+               print '</SELECT>'
+
+       elif formVar[0] == 'button':
+               if formVar[3] != '':
+                       nameAttr = makeNameAttr( formVar[3] )
+               if formVar[4] != '':
+                       valueAttr = makeValueAttr( formVar[4] )
+
+               print '<INPUT type="submit"', nameAttr, valueAttr, attrs, '>'
+
+       elif formVar[0] == 'radiobutton':
+               if formVar[3] != '':
+                       nameAttr  = makeNameAttr( formVar[3] )
+                       valueAttr = makeValueAttr( formVar[4][rb_select] )
+                       htmlText  = formVar[5][rb_select]
+                       if formVar[4][rb_select] == formVar[1]:
+                               checked = 'checked'
+                       else:
+                               checked = ''
+
+                       print '<INPUT type="radio"', nameAttr, valueAttr, 
attrs, checked, '>', htmlText
+
+       elif formVar[0] == 'radiobutton-all':
+               if formVar[3] != '':
+                       nameAttr = makeNameAttr( formVar[3] )
+                       buttonVals  = formVar[4]
+                       for i, buttonVal in enumerate( buttonVals ):
+                               htmlText = ''
+                               addAttrs = ''
+                               checked  = ''
+
+                               valueAttr = makeValueAttr( buttonVal )
+                               if formVar[5] != '':
+                                       htmlText = formVar[5][i]
+                               if attrs != '':
+                                       addAttrs = attrs[i]
+                               if buttonVal == formVar[1]:
+                                       checked = 'checked'
+
+                               print '<INPUT type="radio"', nameAttr, 
valueAttr, addAttrs, checked, '>', htmlText
+
+       if ( formVar[2] != '' ) and ( rb_select == 0 ):
+               nameAttr = makeNameAttr( formVar[2] )
+               valueAttr = makeValueAttr( formVar[1] )
+               print '<INPUT type="hidden"', nameAttr, valueAttr, '>'
+
+def sendHtmlHeaders( ):
+       # HTML headers
+       print 'Content-Type: text/html'
+       print
+
+def sendPolicyLabelHtml( ):
+       global xmlError, xmlIncomplete, xmlMessages, formXmlGen
+       global formVmNameDom0, formSteTypes, formChWallTypes
+
+       print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"'
+       print '  "http://www.w3.org/TR/html4/loose.dtd";>'
+
+       print '<HTML>'
+
+       sendHtmlHead( )
+
+       print '<BODY>'
+
+       # An input XML file was specified that had errors, output the
+       # error information
+       if xmlError == 1:
+               print '<P>'
+               print 'An error has been encountered while processing the input'
+               print 'XML file:'
+               print '<UL>'
+               for msg in xmlMessages:
+                       print '<LI>'
+                       print msg
+               print '</UL>'
+               print '</BODY>'
+               print '</HTML>'
+               return
+
+       # When attempting to generate the XML output, all required data was not
+       # present, output the error information
+       if xmlIncomplete == 1:
+               print '<P>'
+               print 'An error has been encountered while validating the data'
+               print 'required for the output XML file:'
+               print '<UL>'
+               for msg in xmlMessages:
+                       print '<LI>'
+                       print msg
+               print '</UL>'
+               print '</BODY>'
+               print '</HTML>'
+               return
+
+       print '<CENTER>'
+       print '<FORM action="' + os.environ['SCRIPT_NAME'] + '" method="post">'
+       print '<TABLE class="container">'
+       print '  <COLGROUP>'
+       print '    <COL width="100%">'
+       print '  </COLGROUP>'
+
+       print '  <TR>'
+       print '    <TD>'
+       sendHtmlFormVar( formDefaultButton, 'class="hidden"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD>'
+       sendHtmlFormVar( formXmlGen )
+       print '    </TD>'
+       print '  </TR>'
+
+       # Policy Labeling header
+       print '  <TR>'
+       print '    <TD>'
+       sendPLHeaderHtml( )
+       print '    </TD>'
+       print '  </TR>'
+
+       # Separator
+       print '  <TR>'
+       print '    <TD>'
+       print '      <HR>'
+       print '    </TD>'
+       print '  </TR>'
+
+       # Policy Labels (vms)
+       print '  <TR>'
+       print '    <TD>'
+       print '      <TABLE class="full">'
+       print '        <TR>'
+       print '          <TD width="100%">'
+       sendPLSubHtml( )
+       print '          </TD>'
+       print '        </TR>'
+       print '      </TABLE>'
+       print '    </TD>'
+       print '  </TR>'
+
+       print '</TABLE>'
+
+       # Send some data that needs to be available across sessions
+       sendHtmlFormVar( formVmNameDom0 )
+       sendHtmlFormVar( formSteTypes )
+       sendHtmlFormVar( formChWallTypes )
+
+       print '</FORM>'
+       print '</CENTER>'
+
+       print '</BODY>'
+
+       print '</HTML>'
+
+def sendHtmlHead( ):
+       global headTitle
+
+       print '<HEAD>'
+       print '<STYLE type="text/css">'
+       print '<!--'
+       print 'BODY            {background-color: #EEEEFF;}'
+       print 'TABLE.container {width:  90%; border: 1px solid black; 
border-collapse: seperate;}'
+       print 'TABLE.full      {width: 100%; border: 0px solid black; 
border-collapse: collapse; border-spacing: 3px;}'
+       print 'TABLE.fullbox   {width: 100%; border: 0px solid black; 
border-collapse: collapse; border-spacing: 3px;}'
+       print 'THEAD           {font-weight: bold; font-size: larger;}'
+       print 'TD              {border: 0px solid black; vertical-align: top;}'
+       print 'TD.heading      {border: 0px solid black; vertical-align: top; 
font-weight: bold; font-size: larger;}'
+       print 'TD.subheading   {border: 0px solid black; vertical-align: top; 
font-size: smaller;}'
+       print 'TD.fullbox      {border: 1px solid black; vertical-align: top;}'
+       print 'SELECT.full     {width: 100%;}'
+       print 'INPUT.full      {width: 100%;}'
+       print 'INPUT.link      {cursor: pointer; background-color: #EEEEFF; 
border: 0px; text-decoration: underline; color: blue;}'
+       print 'INPUT.hidden    {visibility: hidden; width: 1px; height: 1px;}'
+       print ':link           {color: blue;}'
+       print ':visited        {color: red;}'
+       print '-->'
+       print '</STYLE>'
+       print '<TITLE>', headTitle, '</TITLE>'
+       print '</HEAD>'
+
+def sendPLHeaderHtml( ):
+       global formPolicyLabelName, formPolicyLabelDate
+       global formPolicyUrl, formPolicyRef
+       global formPolicyLabelUpdate
+
+       # Policy Labeling header definition
+       print '<TABLE class="full">'
+       print '  <COLGROUP>'
+       print '    <COL width="20%">'
+       print '    <COL width="80%">'
+       print '  </COLGROUP>'
+       print '  <TR>'
+       print '    <TD class="heading" align="center" colspan="2">Policy 
Labeling Information</TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="right">Name:</TD>'
+       print '    <TD align="left">'
+       sendHtmlFormVar( formPolicyLabelName, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="right">Date:</TD>'
+       print '    <TD align="left">'
+       sendHtmlFormVar( formPolicyLabelDate, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="right">Policy URL:</TD>'
+       print '    <TD align="left">'
+       sendHtmlFormVar( formPolicyUrl, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="right">Policy Reference:</TD>'
+       print '    <TD align="left">'
+       sendHtmlFormVar( formPolicyRef, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="center" colspan="2">'
+       sendHtmlFormVar( formPolicyLabelUpdate )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="center" colspan="2" class="subheading">'
+       print '      (The Policy Labeling Information is updated whenever an 
action is performed'
+       print '       or it can be updated separately using the "Update" 
button)'
+       print '    </TD>'
+       print '  </TR>'
+       print '</TABLE>'
+
+def sendPLSubHtml( ):
+       global formVmNames, formVmDel, formVmName, formVmAdd
+       global allVmDel, allVmDom0
+       global allVmChWs, allVmChWDel, allVmChW, allVmChWAdd
+       global allVmStes, allVmSteDel, allVmSte, allVmSteAdd
+       global formSteTypes, formChWallTypes
+
+       print '<TABLE class="full">'
+       print '  <COLGROUP>'
+       print '    <COL width="100%">'
+       print '  </COLGROUP>'
+
+       # Virtual Machines...
+       print '  <TR>'
+       print '    <TD>'
+       print '      <TABLE class="full">'
+       print '        <COLGROUP>'
+       print '          <COL width="10%">'
+       print '          <COL width="40%">'
+       print '          <COL width="50%">'
+       print '        </COLGROUP>'
+       print '        <TR>'
+       print '          <TD class="heading" align="center" colspan="3">Virtual 
Machine Classes</TD>'
+       print '        </TR>'
+       print '        <TR>'
+       print '          <TD colspan="2">'
+       sendHtmlFormVar( formVmName, 'class="full"' )
+       sendHtmlFormVar( formVmNames )
+       print '          </TD>'
+       print '          <TD>&nbsp;</TD>'
+       print '        </TR>'
+       print '        <TR>'
+       print '          <TD>'
+       sendHtmlFormVar( formVmAdd, 'class="full"' )
+       print '          </TD>'
+       print '          <TD colspan="2">'
+       print '            Create a new VM class with the above name'
+       print '          </TD>'
+       print '        </TR>'
+       print '      </TABLE>'
+       print '    </TD>'
+       print '  </TR>'
+       if len( formVmNames[1] ) > 0:
+               print '  <TR>'
+               print '    <TD colspan="1">'
+               print '      &nbsp;'
+               print '    </TD>'
+               print '  </TR>'
+               print '  <TR>'
+               print '    <TD>'
+               print '      <TABLE class="fullbox">'
+               print '        <COLGROUP>'
+               print '          <COL width="10%">'
+               print '          <COL width="40%">'
+               print '          <COL width="50%">'
+               print '        </COLGROUP>'
+               print '        <THEAD>'
+               print '          <TR>'
+               print '            <TD class="fullbox">Dom 0?</TD>'
+               print '            <TD class="fullbox">Name</TD>'
+               print '            <TD class="fullbox">Actions</TD>'
+               print '          </TR>'
+               print '        </THEAD>'
+               for i, vmName in enumerate( formVmNames[1] ):
+                       print '        <TR>'
+                       print '          <TD class="fullbox">'
+                       if formVmNameDom0[1] == vmName:
+                               print 'Yes'
+                       else:
+                               print '&nbsp;'
+                       print '          </TD>'
+                       print '          <TD class="fullbox">' + vmName + 
'</TD>'
+                       print '          <TD class="fullbox">'
+                       print '            <A href="#' + vmName + '">Edit</A>'
+                       formVar = allVmDel[vmName]
+                       sendHtmlFormVar( formVar, 'class="link"' )
+                       formVar = allVmDom0[vmName]
+                       sendHtmlFormVar( formVar, 'class="link"' )
+                       print '          </TD>'
+                       print '        </TR>'
+               print '      </TABLE>'
+               print '    </TD>'
+               print '  </TR>'
+               for vmName in formVmNames[1]:
+                       print '  <TR>'
+                       print '    <TD>'
+                       print '      <HR>'
+                       print '    </TD>'
+                       print '  </TR>'
+                       print '  <TR>'
+                       print '    <TD>'
+                       print '      <TABLE class="full">'
+                       print '        <COLGROUP>'
+                       print '          <COL width="10%">'
+                       print '          <COL width="39%">'
+                       print '          <COL width="2%">'
+                       print '          <COL width="10%">'
+                       print '          <COL width="39%">'
+                       print '        </COLGROUP>'
+                       print '        <TR>'
+                       print '          <TD colspan="5" align="center" 
class="heading">'
+                       print '            <A name="' + vmName + '">Virtual 
Machine Class: ' + vmName + '</A>'
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD colspan="2" align="center">Simple 
Type Enforcement Types</TD>'
+                       print '          <TD>&nbsp;</TD>'
+                       print '          <TD colspan="2" align="center">Chinese 
Wall Types</TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD colspan="2">'
+                       formVar = allVmStes[vmName];
+                       sendHtmlFormVar( formVar, 'class="full" size="4" 
multiple"' )
+                       print '          </TD>'
+                       print '          <TD>&nbsp;</TD>'
+                       print '          <TD colspan="2">'
+                       formVar = allVmChWs[vmName];
+                       sendHtmlFormVar( formVar, 'class="full" size="4" 
multiple"' )
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD>'
+                       formVar = allVmSteDel[vmName];
+                       sendHtmlFormVar( formVar, 'class="full"' )
+                       print '          </TD>'
+                       print '          <TD>'
+                       print '            Delete the type(s) selected above'
+                       print '          </TD>'
+                       print '          <TD>&nbsp;</TD>'
+                       print '          <TD>'
+                       formVar = allVmChWDel[vmName];
+                       sendHtmlFormVar( formVar, 'class="full"' )
+                       print '          </TD>'
+                       print '          <TD>'
+                       print '            Delete the type(s) selected above'
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD colspan="2">'
+                       stSet = Set( formSteTypes[1] )
+                       vmSet = Set( allVmStes[vmName][1] )
+                       formVar = allVmSte[vmName]
+                       formVar[1] = []
+                       for steType in stSet.difference( vmSet ):
+                               formVar[1].append( steType )
+                       formVar[1].sort( )
+                       sendHtmlFormVar( formVar, 'class="full" size="2" 
multiple"' )
+                       print '          </TD>'
+                       print '          <TD>&nbsp;</TD>'
+                       print '          <TD colspan="2">'
+                       ctSet = Set( formChWallTypes[1] )
+                       vmSet = Set( allVmChWs[vmName][1] )
+                       formVar = allVmChW[vmName]
+                       formVar[1] = []
+                       for chwallType in ctSet.difference( vmSet ):
+                               formVar[1].append( chwallType )
+                       formVar[1].sort( )
+                       sendHtmlFormVar( formVar, 'class="full" size="2" 
multiple"' )
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD>'
+                       formVar = allVmSteAdd[vmName];
+                       sendHtmlFormVar( formVar, 'class="full"' )
+                       print '          </TD>'
+                       print '          <TD>'
+                       print '            Add the type(s) selected above'
+                       print '          </TD>'
+                       print '          <TD>&nbsp;</TD>'
+                       print '          <TD>'
+                       formVar = allVmChWAdd[vmName];
+                       sendHtmlFormVar( formVar, 'class="full"' )
+                       print '          </TD>'
+                       print '          <TD>'
+                       print '            Add the type(s) selected above'
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '      </TABLE>'
+                       print '    </TD>'
+                       print '  </TR>'
+
+       print '</TABLE>'
+
+def sendPLObjHtml( ):
+
+       # Resources...
+       print '<TABLE class="full">'
+       print '  <COLGROUP>'
+       print '    <COL width="60%">'
+       print '    <COL width="20%">'
+       print '    <COL width="20%">'
+       print '  </COLGROUP>'
+
+       print '  <TR>'
+       print '    <TD align="center" colspan="3" 
class="heading">Resources</TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD colspan="2">'
+       #sendHtmlFormVar( formVmNames, 'class="full" size="4" multiple"' )
+       print '    </TD>'
+       print '    <TD>'
+       #sendHtmlFormVar( formVmDel, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD colspan="2">'
+       #sendHtmlFormVar( formVmName, 'class="full"' )
+       print '    </TD>'
+       print '    <TD>'
+       #sendHtmlFormVar( formVmAdd, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '</TABLE>'
+
+def checkXmlData( ):
+       global xmlIncomplete
+
+       # Validate the Policy Label Header requirements
+       if ( len( formPolicyLabelName[1] ) == 0 ) or \
+          ( len( formPolicyLabelDate[1] ) == 0 ) or \
+          ( len( formPolicyUrl[1] ) == 0 ) or \
+          ( len( formPolicyRef[1] ) == 0 ):
+                       msg = ''
+                       msg = msg + 'The XML policy label schema requires that 
the Policy '
+                       msg = msg + 'Labeling Information Name, Date, Policy 
URL and '
+                       msg = msg + 'Policy Reference fields all have values.'
+                       formatXmlGenError( msg )
+
+def sendXmlHeaders( ):
+       # HTML headers
+       print 'Content-Type: text/xml'
+       print 'Content-Disposition: attachment; 
filename=security_label_template.xml'
+       print
+
+def sendPolicyLabelXml( ):
+       print '<?xml version="1.0"?>'
+
+       print '<SecurityLabelTemplate xmlns="http://www.ibm.com";'
+       print '                       
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";'
+       print '                       xsi:schemaLocation="http://www.ibm.com 
security_policy.xsd">'
+
+       # Policy Labeling header
+       sendPLHeaderXml( )
+
+       # Policy Labels (subjects and objects)
+       sendPLSubXml( )
+       #sendPLObjXml( )
+
+       print '</SecurityLabelTemplate>'
+
+def sendPLHeaderXml( ):
+       global formPolicyLabelName, formPolicyLabelDate
+       global formPolicyUrl, formPolicyRef
+
+       # Policy Labeling header definition
+       print '<LabelHeader>'
+       print '  <Name>' + formPolicyLabelName[1] + '</Name>'
+       print '  <Date>' + formPolicyLabelDate[1] + '</Date>'
+       print '  <PolicyName>'
+       print '    <Url>' + formPolicyUrl[1] + '</Url>'
+       print '    <Reference>' + formPolicyRef[1] + '</Reference>'
+       print '  </PolicyName>'
+       print '</LabelHeader>'
+
+def sendPLSubXml( ):
+       global formVmNames, allVmChWs, allVmStes
+
+       # Virtual machines...
+       if len( formVmNames[1] ) == 0:
+               return
+
+       print '<SubjectLabels bootstrap="' + formVmNameDom0[1] + '">'
+       for vmName in formVmNames[1]:
+               print '  <VirtualMachineLabel>'
+               print '    <Name>' + vmName + '</Name>'
+               formVar = allVmStes[vmName]
+               if len( formVar[1] ) > 0:
+                       print '    <SimpleTypeEnforcementTypes>'
+                       for ste in formVar[1]:
+                               print '      <Type>' + ste + '</Type>'
+                       print '    </SimpleTypeEnforcementTypes>'
+
+               formVar = allVmChWs[vmName]
+               if len( formVar[1] ) > 0:
+                       print '    <ChineseWallTypes>'
+                       for chw in formVar[1]:
+                               print '      <Type>' + chw + '</Type>'
+                       print '    </ChineseWallTypes>'
+
+               print '  </VirtualMachineLabel>'
+
+       print '</SubjectLabels>'
+
+
+# Set up initial HTML variables
+headTitle = 'Xen Policy Labeling Generation'
+
+# Form variables
+#   The format of these variables is as follows:
+#   [ p0, p1, p2, p3, p4, p5 ]
+#     p0 = input type
+#     p1 = the current value of the variable
+#     p2 = the hidden input name attribute
+#     p3 = the name attribute
+#     p4 = the value attribute
+#     p5 = text to associate with the tag
+formPolicyLabelName   = [ 'text',
+                       '',
+                       'h_policyLabelName',
+                       'i_policyLabelName',
+                       '',
+                       '',
+                       ]
+formPolicyLabelDate   = [ 'text',
+                       getCurrentTime( ),
+                       'h_policyLabelDate',
+                       'i_policyLabelDate',
+                       '',
+                       '',
+                       ]
+formPolicyUrl         = [ 'text',
+                       '',
+                       'h_policyUrl',
+                       'i_policyUrl',
+                       '',
+                       '',
+                       ]
+formPolicyRef         = [ 'text',
+                       '',
+                       'h_policyRef',
+                       'i_policyRef',
+                       '',
+                       '',
+                       ]
+formPolicyLabelUpdate = [ 'button',
+                       '',
+                       '',
+                       'i_PolicyLabelUpdate',
+                       'Update',
+                       '',
+                   ]
+
+formVmNames       = [ '',
+                       [],
+                       'h_vmNames',
+                       '',
+                       '',
+                       '',
+                   ]
+formVmDel         = [ 'button',
+                       '',
+                       '',
+                       'i_vmDel',
+                       'Delete',
+                       '',
+                   ]
+formVmName        = [ 'text',
+                       '',
+                       '',
+                       'i_vmName',
+                       '',
+                       '',
+                   ]
+formVmAdd         = [ 'button',
+                       '',
+                       '',
+                       'i_vmAdd',
+                       'New',
+                       '',
+                   ]
+
+formVmNameDom0    = [ '',
+                       '',
+                       'h_vmDom0',
+                       '',
+                       '',
+                       '',
+                   ]
+
+formXmlGen        = [ 'button',
+                       '',
+                       '',
+                       'i_xmlGen',
+                       'Generate XML',
+                       '',
+                   ]
+
+formDefaultButton = [ 'button',
+                       '',
+                       '',
+                       'i_defaultButton',
+                       '.',
+                       '',
+                   ]
+
+formSteTypes      = [ '',
+                        [],
+                       'h_steTypes',
+                       '',
+                       '',
+                       '',
+                   ]
+formChWallTypes   = [ '',
+                        [],
+                       'h_chwallTypes',
+                       '',
+                       '',
+                       '',
+                   ]
+
+# This is a set of templates used for each virtual machine
+#   Each virtual machine is initially assigned these templates,
+#   then each form attribute value is changed to append
+#   "_virtual-machine-name" for uniqueness.
+templateVmDel     = [ 'button',
+                       '',
+                       '',
+                       'i_vmDel',
+                       'Delete',
+                       '',
+                   ]
+templateVmDom0    = [ 'button',
+                       '',
+                       '',
+                       'i_vmDom0',
+                       'SetDom0',
+                       '',
+                   ]
+allVmDel          = {};
+allVmDom0         = {};
+
+templateVmChWs    = [ 'list',
+                       [],
+                       'h_vmChWs',
+                       'i_vmChWs',
+                       '',
+                       '',
+                   ]
+templateVmChWDel  = [ 'button',
+                       '',
+                       '',
+                       'i_vmChWDel',
+                       'Delete',
+                       '',
+                   ]
+templateVmChW     = [ 'list',
+                       [],
+                       '',
+                       'i_vmChW',
+                       '',
+                       '',
+                   ]
+templateVmChWAdd  = [ 'button',
+                       '',
+                       '',
+                       'i_vmChWAdd',
+                       'Add',
+                       '',
+                   ]
+allVmChWs         = {};
+allVmChWDel       = {};
+allVmChW          = {};
+allVmChWAdd       = {};
+
+templateVmStes    = [ 'list',
+                       [],
+                       'h_vmStes',
+                       'i_vmStes',
+                       '',
+                       '',
+                   ]
+templateVmSteDel  = [ 'button',
+                       '',
+                       '',
+                       'i_vmSteDel',
+                       'Delete',
+                       '',
+                   ]
+templateVmSte     = [ 'list',
+                       [],
+                       '',
+                       'i_vmSte',
+                       '',
+                       '',
+                   ]
+templateVmSteAdd  = [ 'button',
+                       '',
+                       '',
+                       'i_vmSteAdd',
+                       'Add',
+                       '',
+                   ]
+allVmStes         = {};
+allVmSteDel       = {};
+allVmSte          = {};
+allVmSteAdd       = {};
+
+# A list of all form variables used for saving info across requests
+formVariables     = [ formPolicyLabelName,
+                       formPolicyLabelDate,
+                       formPolicyUrl,
+                       formPolicyRef,
+                       formVmNames,
+                       formVmNameDom0,
+                       formSteTypes,
+                       formChWallTypes,
+                   ]
+
+policyXml         = ''
+policyLabelXml    = ''
+xmlError          = 0
+xmlIncomplete     = 0
+xmlMessages       = []
+
+
+# Extract any form data
+formData = cgi.FieldStorage( )
+
+# Process the form
+getSavedData( )
+processRequest( )
+
+if formData.has_key( formXmlGen[3] ):
+       # Generate and send the XML file
+       checkXmlData( )
+
+       if xmlIncomplete == 0:
+               sendXmlHeaders( )
+               sendPolicyLabelXml( )
+
+if (not formData.has_key( formXmlGen[3] )) or (xmlIncomplete == 1 ):
+       # Send HTML to continue processing the form
+       sendHtmlHeaders( )
+       sendPolicyLabelHtml( )
diff -r bdcb115c667a -r db5feb4ccc13 tools/security/python/xensec_gen/index.html
--- /dev/null   Sat Dec 10 23:20:08 2005
+++ b/tools/security/python/xensec_gen/index.html       Mon Dec 12 19:10:23 2005
@@ -0,0 +1,126 @@
+<!--
+ The Initial Developer of the Original Code is International
+ Business Machines Corporation. Portions created by IBM
+ Corporation are Copyright (C) 2005 International Business
+ Machines Corporation. All Rights Reserved.
+ -->
+
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+  "http://www.w3.org/TR/html4/loose.dtd";>
+<HTML>
+  <HEAD>
+    <META name="author" content="Tom Lendacky">
+    <META name="copyright" content="Copyright (C) 2005 International Business 
Machines Corporation. All rights reserved">
+
+    <STYLE type="text/css">
+      <!--
+      BODY       {background-color: #EEEEFF;}
+      TABLE.xen  {width: 100%; border: 0px solid black;}
+      TD         {border: 0px solid black;}
+      TD.heading {border: 0px solid black; font-weight: bold; font-size: 
larger;}
+      -->
+    </STYLE>
+    <TITLE>Xen Security Policy Tool</TITLE>
+  </HEAD>
+
+  <BODY>
+    <H1>Xen Security Policy Generation Tool</H1>
+
+    <CENTER>
+    <FORM action="/cgi-bin/policy.cgi" method="post" 
enctype="multipart/form-data">
+    <TABLE class="xen">
+      <COLGROUP>
+        <COL width="25%">
+        <COL width="20%">
+        <COL width="55%">
+      </COLGROUP>
+
+      <TR>
+        <TD valign="top" class="heading">
+          Security Policy
+        </TD>
+        <TD valign="top" colspan="2">
+          To generate a new Xen Security Policy leave the
+          <B>"Policy File"</B> entry field
+          empty and click the "Create" button.<BR>
+          To modify an existing Xen Security Policy enter the
+          file name containing the policy in the
+          <B>"Policy File"</B> entry field
+          and click the "Create" button.<HR>
+        </TD>
+      </TR>
+      <TR>
+        <TD></TD>
+        <TD>
+          Policy File:
+        </TD>
+        <TD>
+          <INPUT type="file" size="50" name="i_policy">
+        </TD>
+      </TR>
+      <TR>
+        <TD></TD>
+        <TD valign="top">
+          <INPUT type="submit" name="i_policyCreate" value="Create">
+        </TD>
+        <TD></TD>
+      </TR>
+    </TABLE>
+    </FORM>
+
+    <FORM action="/cgi-bin/policylabel.cgi" method="post" 
enctype="multipart/form-data">
+    <TABLE class="xen">
+      <COLGROUP>
+        <COL width="25%">
+        <COL width="20%">
+        <COL width="55%">
+      </COLGROUP>
+
+      <TR>
+        <TD valign="top" class="heading">
+          Security Policy Labeling
+        </TD>
+        <TD valign="top" colspan="2">
+          To generate or edit the Xen Security Policy Labeling you <B>must</B>
+          specify the name of
+          an existing Xen Security Policy file in the
+          <B>"Policy File"</B> entry field.<BR>
+          To generate new Xen Security Policy Labeling leave the
+          <B>"Policy Labeling File"</B> entry field
+          empty and click the "Create" button.<BR>
+          To modify existing Xen Security Policy Labeling enter the
+          file name containing the labeling in the
+          <B>"Policy Labeling File"</B> entry field
+          and click the "Create" button.<HR>
+        </TD>
+      </TR>
+      <TR>
+        <TD></TD>
+        <TD>
+          Policy File:
+        </TD>
+        <TD>
+          <INPUT type="file" size="50" name="i_policy">
+        </TD>
+      </TR>
+      <TR>
+        <TD></TD>
+        <TD>
+          Policy Labeling File:
+        </TD>
+        <TD>
+          <INPUT type="file" size="50" name="i_policyLabel">
+        </TD>
+      </TR>
+      <TR>
+        <TD></TD>
+        <TD valign="top">
+          <INPUT type="submit" name="i_policyLabelCreate" value="Create">
+        </TD>
+        <TD></TD>
+      </TR>
+    </TABLE>
+    </FORM>
+  </CENTER>
+  </BODY>
+</HTML>
diff -r bdcb115c667a -r db5feb4ccc13 tools/security/python/xensec_gen/main.py
--- /dev/null   Sat Dec 10 23:20:08 2005
+++ b/tools/security/python/xensec_gen/main.py  Mon Dec 12 19:10:23 2005
@@ -0,0 +1,185 @@
+#!/usr/bin/python
+#
+# The Initial Developer of the Original Code is International
+# Business Machines Corporation. Portions created by IBM
+# Corporation are Copyright (C) 2005 International Business
+# Machines Corporation. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License,
+# or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+"""Xen security policy generation aid
+"""
+
+import os
+import pwd
+import grp
+import sys
+import getopt
+import BaseHTTPServer
+import CGIHTTPServer
+
+
+gHttpPort = 7777
+gHttpDir  = '/var/lib/xensec_gen'
+gLogFile  = '/var/log/xensec_gen.log'
+gUser     = 'nobody'
+gGroup    = 'nobody'
+
+def usage( ):
+       print >>sys.stderr, 'Usage:  ' + sys.argv[0] + ' [OPTIONS]'
+       print >>sys.stderr, '  OPTIONS:'
+       print >>sys.stderr, '  -p, --httpport'
+       print >>sys.stderr, '     The port on which the http server is to 
listen'
+       print >>sys.stderr, '     (default: ' + str( gHttpPort ) + ')'
+       print >>sys.stderr, '  -d, --httpdir'
+       print >>sys.stderr, '     The directory where the http server is to 
serve pages from'
+       print >>sys.stderr, '     (default: ' + gHttpDir + ')'
+       print >>sys.stderr, '  -l, --logfile'
+       print >>sys.stderr, '     The file in which to log messages generated 
by this command'
+       print >>sys.stderr, '     (default: ' + gLogFile + ')'
+       print >>sys.stderr, '  -u, --user'
+       print >>sys.stderr, '     The user under which this command is to run.  
This parameter'
+       print >>sys.stderr, '     is only used when invoked under the "root" 
user'
+       print >>sys.stderr, '     (default: ' + gUser + ')'
+       print >>sys.stderr, '  -g, --group'
+       print >>sys.stderr, '     The group under which this command is to run. 
 This parameter'
+       print >>sys.stderr, '     is only used when invoked under the "root" 
user'
+       print >>sys.stderr, '     (default: ' + gGroup + ')'
+       print >>sys.stderr, '  -f'
+       print >>sys.stderr, '     Run the command in the foreground.  The 
logfile option will be'
+       print >>sys.stderr, '     ignored and all output will be directed to 
stdout and stderr.'
+       print >>sys.stderr, '  -h, --help'
+       print >>sys.stderr, '     Display the command usage information'
+
+def runServer( aServerPort,
+               aServerClass  = BaseHTTPServer.HTTPServer,
+               aHandlerClass = CGIHTTPServer.CGIHTTPRequestHandler ):
+       serverAddress = ( '', aServerPort )
+       httpd = aServerClass( serverAddress, aHandlerClass )
+       httpd.serve_forever( )
+
+def daemonize( aHttpDir, aLogFile, aUser, aGroup, aFork = 'true' ):
+       # Do some pre-daemon activities
+       os.umask( 027 )
+       if os.getuid( ) == 0:
+               # If we are running as root, we will change that
+               uid = pwd.getpwnam( aUser )[2]
+               gid = grp.getgrnam( aGroup )[2]
+
+               if aFork == 'true':
+                       # Change the owner of the log file to the user/group
+                       #   under which the daemon is to run
+                       flog = open( aLogFile, 'a' )
+                       flog.close( )
+                       os.chown( aLogFile, uid, gid )
+
+               # Change the uid/gid of the process
+               os.setgid( gid )
+               os.setuid( uid )
+
+       # Change to the HTTP directory
+       os.chdir( aHttpDir )
+
+       if aFork == 'true':
+               # Do first fork
+               try:
+                       pid = os.fork( )
+                       if pid:
+                               # Parent process
+                               return pid
+
+               except OSError, e:
+                       raise Exception, e
+
+               # First child process, create a new session
+               os.setsid( )
+
+               # Do second fork
+               try:
+                       pid = os.fork( )
+                       if pid:
+                               # Parent process
+                               os._exit( 0 )
+
+               except OSError, e:
+                       raise Exception, e
+
+               # Reset stdin/stdout/stderr
+               fin  = open( '/dev/null',  'r' )
+               flog = open( aLogFile, 'a' )
+               os.dup2( fin.fileno( ),  sys.stdin.fileno( ) )
+               os.dup2( flog.fileno( ), sys.stdout.fileno( ) )
+               os.dup2( flog.fileno( ), sys.stderr.fileno( ) )
+
+def main( ):
+       httpPort = gHttpPort
+       httpDir  = gHttpDir
+       logFile  = gLogFile
+       user     = gUser
+       group    = gGroup
+       doFork   = 'true'
+
+       shortOpts = 'd:p:l:u:g:fh'
+       longOpts  = [ 'httpdir=', 'httpport=', 'logfile=', 'user=', 'group=', 
'help' ]
+       try:
+               opts, args = getopt.getopt( sys.argv[1:], shortOpts, longOpts )
+
+       except getopt.GetoptError, e:
+               print >>sys.stderr, e
+               usage( )
+               sys.exit( )
+
+       if len( args ) != 0:
+               print >>sys.stderr, 'Error: command arguments are not supported'
+               usage( )
+               sys.exit( )
+
+       for opt, opt_value in opts:
+               if opt in ( '-h', '--help' ):
+                       usage( )
+                       sys.exit( )
+
+               if opt in ( '-d', '--httpdir' ):
+                       httpDir = opt_value
+
+               if opt in ( '-p', '--httpport' ):
+                       try:
+                               httpPort = int( opt_value )
+                       except:
+                               print >>sys.stderr, 'Error: HTTP port is not 
valid'
+                               usage( )
+                               sys.exit( )
+
+               if opt in ( '-l', '--logfile' ):
+                       logFile = opt_value
+
+               if opt in ( '-u', '--user' ):
+                       user = opt_value
+
+               if opt in ( '-g', '--group' ):
+                       group = opt_value
+
+               if opt in ( '-f' ):
+                       doFork = 'false'
+
+       pid = daemonize( httpDir, logFile, user, group, doFork )
+       if pid > 0:
+               sys.exit( )
+
+       runServer( httpPort )
+
+if __name__ == '__main__':
+       main( )
diff -r bdcb115c667a -r db5feb4ccc13 tools/security/xensec_gen.py
--- /dev/null   Sat Dec 10 23:20:08 2005
+++ b/tools/security/xensec_gen.py      Mon Dec 12 19:10:23 2005
@@ -0,0 +1,26 @@
+#!/usr/bin/python
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License,
+# or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import sys
+
+# Add fallback path for non-native python path installs if needed
+sys.path.append( '/usr/lib/python' )
+sys.path.append( '/usr/lib64/python' )
+
+from xen.xensec_gen import main
+
+main.main( )

Attachment: xensec_gen.diff
Description: Text Data

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-devel] [PATCH][ACM] New XML policy generation tool, Tom Lendacky <=