diff options
| author | smh22@firebug.cl.cam.ac.uk <smh22@firebug.cl.cam.ac.uk> | 2006-04-24 10:52:19 +0100 |
|---|---|---|
| committer | smh22@firebug.cl.cam.ac.uk <smh22@firebug.cl.cam.ac.uk> | 2006-04-24 10:52:19 +0100 |
| commit | 1f11fdecb12bf99154574c5a594426c31a302472 (patch) | |
| tree | ac7fc096757a8623651031939cfe990733e76799 /tools/security | |
| parent | 30476c8dba4b1b546bb6e5450d9560834e4d348d (diff) | |
| download | xen-1f11fdecb12bf99154574c5a594426c31a302472.tar.gz xen-1f11fdecb12bf99154574c5a594426c31a302472.tar.bz2 xen-1f11fdecb12bf99154574c5a594426c31a302472.zip | |
This patch adds support for managing and creating the simplified
policies to the policy generation tools.
Signed-off by: Thomas Lendacky <toml@us.ibm.com>
Signed-off by: Reiner Sailer <sailer@us.ibm.com>
Diffstat (limited to 'tools/security')
| -rw-r--r-- | tools/security/python/xensec_gen/cgi-bin/policy.cgi | 1250 | ||||
| -rw-r--r-- | tools/security/python/xensec_gen/cgi-bin/policylabel.cgi | 1396 | ||||
| -rw-r--r-- | tools/security/python/xensec_gen/index.html | 58 |
3 files changed, 1152 insertions, 1552 deletions
diff --git a/tools/security/python/xensec_gen/cgi-bin/policy.cgi b/tools/security/python/xensec_gen/cgi-bin/policy.cgi index 997dad39bc..fa655c76c7 100644 --- a/tools/security/python/xensec_gen/cgi-bin/policy.cgi +++ b/tools/security/python/xensec_gen/cgi-bin/policy.cgi @@ -2,7 +2,7 @@ # # The Initial Developer of the Original Code is International # Business Machines Corporation. Portions created by IBM -# Corporation are Copyright (C) 2005 International Business +# Corporation are Copyright (C) 2005, 2006 International Business # Machines Corporation. All Rights Reserved. # # This program is free software; you can redistribute it and/or modify @@ -31,9 +31,9 @@ from StringIO import StringIO from sets import Set def getSavedData( ): - global formData, policyXml, formVariables, formCSNames - global templateCSMTypes, templateCSMDel, templateCSMType, templateCSMAdd - global allCSMTypes + global formData, policyXml + global formVariables, formCSNames, formVmNames, formResNames + global allCSMTypes, allVmChWs, allVmStes, allResStes # Process the XML upload policy file if formData.has_key( 'i_policy' ): @@ -64,6 +64,46 @@ def getSavedData( ): if len( dataList ) > 0: exec 'allCSMTypes[csName][1] = ' + dataList[0] + # The form can contain any number of "Virtual Machines" + # so update the list of form variables to include + # each virtual machine (hidden input variable) + for vmName in formVmNames[1]: + newVm( vmName ) + + vmFormVar = allVmChWs[vmName] + if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ): + dataList = formData.getlist( vmFormVar[2] ) + if len( dataList ) > 0: + if isinstance( vmFormVar[1], list ): + exec 'vmFormVar[1] = ' + dataList[0] + else: + vmFormVar[1] = dataList[0] + + vmFormVar = allVmStes[vmName] + if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ): + dataList = formData.getlist( vmFormVar[2] ) + if len( dataList ) > 0: + if isinstance( vmFormVar[1], list ): + exec 'vmFormVar[1] = ' + dataList[0] + else: + vmFormVar[1] = dataList[0] + + # The form can contain any number of "Resources" + # so update the list of form variables to include + # each resource (hidden input variable) + for resName in formResNames[1]: + newRes( resName ) + + resFormVar = allResStes[resName] + if (resFormVar[2] != '') and formData.has_key( resFormVar[2] ): + dataList = formData.getlist( resFormVar[2] ) + if len( dataList ) > 0: + if isinstance( resFormVar[1], list ): + exec 'resFormVar[1] = ' + dataList[0] + else: + resFormVar[1] = dataList[0] + + def getCurrentTime( ): return time.strftime( '%Y-%m-%d %H:%M:%S', time.localtime( ) ) @@ -77,14 +117,49 @@ def getName( domNode ): for childNode in nameNodes[0].childNodes: if childNode.nodeType == xml.dom.Node.TEXT_NODE: name = name + childNode.data + return name + +def getPolicyName( domNode ): + nameNodes = domNode.getElementsByTagName( 'PolicyName' ) + if len( nameNodes ) == 0: + formatXmlError( '"<PolicyName>" tag is missing' ) + return None + + name = '' + for childNode in nameNodes[0].childNodes: + if childNode.nodeType == xml.dom.Node.TEXT_NODE: + name = name + childNode.data return name +def getUrl( domNode ): + urlNodes = domNode.getElementsByTagName( 'PolicyUrl' ) + if len( urlNodes ) == 0: + return '' + + url = '' + for childNode in urlNodes[0].childNodes: + if childNode.nodeType == xml.dom.Node.TEXT_NODE: + url = url + childNode.data + + return url + +def getRef( domNode ): + refNodes = domNode.getElementsByTagName( 'Reference' ) + if len( refNodes ) == 0: + return '' + + ref = '' + for childNode in refNodes[0].childNodes: + if childNode.nodeType == xml.dom.Node.TEXT_NODE: + ref = ref + childNode.data + + return ref + def getDate( domNode ): dateNodes = domNode.getElementsByTagName( 'Date' ) if len( dateNodes ) == 0: - formatXmlError( '"<Date>" tag is missing' ) - return None + return '' date = '' for childNode in dateNodes[0].childNodes: @@ -93,6 +168,18 @@ def getDate( domNode ): return date +def getNSUrl( domNode ): + urlNodes = domNode.getElementsByTagName( 'NameSpaceUrl' ) + if len( urlNodes ) == 0: + return '' + + url = '' + for childNode in urlNodes[0].childNodes: + if childNode.nodeType == xml.dom.Node.TEXT_NODE: + url = url + childNode.data + + return url + def getSteTypes( domNode, missingIsError = 0 ): steNodes = domNode.getElementsByTagName( 'SimpleTypeEnforcementTypes' ) if len( steNodes ) == 0: @@ -170,9 +257,7 @@ def formatXmlGenError( msg ): xmlMessages.append( cgi.escape( msg ) ) def parseXml( xmlInput ): - global xmlMessages, xmlError, xmlLine, xmlColumn - - xmlParser = xml.sax.make_parser( ) + xmlParser = xml.sax.make_parser( ) try: domDoc = xml.dom.minidom.parseString( xmlInput, xmlParser ) @@ -198,14 +283,16 @@ def parseXml( xmlInput ): def parsePolicyXml( ): global policyXml - global formPolicyName, formPolicyDate, formPolicyOrder - global formSteTypes, formChWallTypes - global allCSMTypes + global formPolicyName, formPolicyUrl, formPolicyRef, formPolicyDate, formPolicyNSUrl + global formPolicyOrder + global formSteTypes, formChWallTypes, formVmNames, formVmNameDom0 + global allCSMTypes, allVmStes, allVmChWs domDoc = parseXml( policyXml ) if domDoc == None: return + # Process the PolicyHeader domRoot = domDoc.documentElement domHeaders = domRoot.getElementsByTagName( 'PolicyHeader' ) if len( domHeaders ) == 0: @@ -215,7 +302,7 @@ def parsePolicyXml( ): formatXmlError( msg ) return - pName = getName( domHeaders[0] ) + pName = getPolicyName( domHeaders[0] ) if pName == None: msg = '' msg = msg + 'Error processing the Policy header information.\n' @@ -223,18 +310,13 @@ def parsePolicyXml( ): formatXmlError( msg ) return - formPolicyName[1] = pName - - pDate = getDate( domHeaders[0] ) - if pDate == None: - msg = '' - msg = msg + 'Error processing the Policy header information.\n' - msg = msg + 'Please validate the Policy file used.' - formatXmlError( msg ) - return - - formPolicyDate[1] = pDate + formPolicyName[1] = pName + formPolicyUrl[1] = getUrl( domHeaders[0] ) + formPolicyRef[1] = getRef( domHeaders[0] ) + formPolicyDate[1] = getDate( domHeaders[0] ) + formPolicyNSUrl[1] = getNSUrl( domHeaders[0] ) + # Process the STEs pOrder = '' domStes = domRoot.getElementsByTagName( 'SimpleTypeEnforcement' ) if len( domStes ) > 0: @@ -259,6 +341,7 @@ def parsePolicyXml( ): formSteTypes[1] = steTypes + # Process the ChineseWalls and Conflict Sets domChWalls = domRoot.getElementsByTagName( 'ChineseWall' ) if len( domChWalls ) > 0: if domChWalls[0].hasAttribute( 'priority' ): @@ -291,56 +374,118 @@ def parsePolicyXml( ): formChWallTypes[1] = chwTypes csNodes = domChWalls[0].getElementsByTagName( 'ConflictSets' ) - if len( csNodes ) == 0: - msg = '' - msg = msg + 'Required "<ConflictSets>" tag missing.\n' - msg = msg + 'Please validate the Policy file used.' - formatXmlError( msg ) - return + if csNodes and (len( csNodes ) > 0): + cNodes = csNodes[0].getElementsByTagName( 'Conflict' ) + if not cNodes or len( cNodes ) == 0: + msg = '' + msg = msg + 'Required "<Conflict>" tag missing.\n' + msg = msg + 'Please validate the Policy file used.' + formatXmlError( msg ) + return + + for cNode in cNodes: + csName = cNode.getAttribute( 'name' ) + newCS( csName, 1 ) + + csMemberList = getTypes( cNode ) + if csMemberList == None: + msg = '' + msg = msg + 'Error processing the Conflict Set members.\n' + msg = msg + 'Please validate the Policy file used.' + formatXmlError( msg ) + return + + # Verify the conflict set members are valid types + ctSet = Set( formChWallTypes[1] ) + csSet = Set( csMemberList ) + if not csSet.issubset( ctSet ): + msg = '' + msg = msg + 'Error processing Conflict Set "' + csName + '".\n' + msg = msg + 'Members of the conflict set are not valid ' + msg = msg + 'Chinese Wall types.\n' + msg = msg + 'Please validate the Policy file used.' + formatXmlError( msg ) + + allCSMTypes[csName][1] = csMemberList - cNodes = csNodes[0].getElementsByTagName( 'Conflict' ) - if len( cNodes ) == 0: + if pOrder != '': + formPolicyOrder[1] = pOrder + else: + if (len( domStes ) > 0) or (len( domChWalls ) > 0): msg = '' - msg = msg + 'Required "<Conflict>" tag missing.\n' + msg = msg + 'The "priority" attribute has not been specified.\n' + msg = msg + 'It must be specified on one of the access control types.\n' msg = msg + 'Please validate the Policy file used.' formatXmlError( msg ) return - for cNode in cNodes: - csName = cNode.getAttribute( 'name' ) - newCS( csName, 1 ) + # Process the Labels + domLabels = domRoot.getElementsByTagName( 'SecurityLabelTemplate' ) + if not domLabels or (len( domLabels ) == 0): + msg = '' + msg = msg + '<SecurityLabelTemplate> tag is missing.\n' + msg = msg + 'Please validate the Policy file used.' + formatXmlError( msg ) + return + - csMemberList = getTypes( cNode ) - if csMemberList == None: + # Process the VMs + domSubjects = domLabels[0].getElementsByTagName( 'SubjectLabels' ) + if len( domSubjects ) > 0: + formVmNameDom0[1] = domSubjects[0].getAttribute( 'bootstrap' ) + domNodes = domSubjects[0].getElementsByTagName( 'VirtualMachineLabel' ) + for domNode in domNodes: + vmName = getName( domNode ) + if vmName == None: msg = '' - msg = msg + 'Error processing the Conflict Set members.\n' + msg = msg + 'Error processing the VirtualMachineLabel name.\n' + msg = msg + 'Please validate the Policy file used.' + formatXmlError( msg ) + continue + + steTypes = getSteTypes( domNode ) + if steTypes == None: + msg = '' + msg = msg + 'Error processing the SimpleTypeEnforcement types.\n' msg = msg + 'Please validate the Policy file used.' formatXmlError( msg ) return - # Verify the conflict set members are valid types - ctSet = Set( formChWallTypes[1] ) - csSet = Set( csMemberList ) - if not csSet.issubset( ctSet ): + chwTypes = getChWTypes( domNode ) + if chwTypes == None: msg = '' - msg = msg + 'Error processing Conflict Set "' + csName + '".\n' - msg = msg + 'Members of the conflict set are not valid ' - msg = msg + 'Chinese Wall types.\n' + msg = msg + 'Error processing the ChineseWall types.\n' msg = msg + 'Please validate the Policy file used.' formatXmlError( msg ) + return - allCSMTypes[csName][1] = csMemberList + newVm( vmName, 1 ) + allVmStes[vmName][1] = steTypes + allVmChWs[vmName][1] = chwTypes + + # Process the Resources + domObjects = domLabels[0].getElementsByTagName( 'ObjectLabels' ) + if len( domObjects ) > 0: + domNodes = domObjects[0].getElementsByTagName( 'ResourceLabel' ) + for domNode in domNodes: + resName = getName( domNode ) + if resName == None: + msg = '' + msg = msg + 'Error processing the ResourceLabel name.\n' + msg = msg + 'Please validate the Policy file used.' + formatXmlError( msg ) + continue - if pOrder != '': - formPolicyOrder[1] = pOrder - else: - if (len( domStes ) > 0) or (len( domChWalls ) > 0): - msg = '' - msg = msg + 'The "priority" attribute has not been specified.\n' - msg = msg + 'It must be specified on one of the access control types.\n' - msg = msg + 'Please validate the Policy file used.' - formatXmlError( msg ) - return + steTypes = getSteTypes( domNode ) + if steTypes == None: + msg = '' + msg = msg + 'Error processing the SimpleTypeEnforcement types.\n' + msg = msg + 'Please validate the Policy file used.' + formatXmlError( msg ) + return + + newRes( resName, 1 ) + allResStes[resName][1] = steTypes def modFormTemplate( formTemplate, suffix ): formVar = [x for x in formTemplate] @@ -383,19 +528,80 @@ def newCS( csName, addToList = 0 ): formCSNames[1].append( csName ) formCSNames[1] = removeDups( formCSNames[1] ) +def newVm( vmName, addToList = 0 ): + global formVmNames + global templateVmDel, allVmDel, templateVmDom0, allVmDom0 + global templateVmChWs, templateVmChWDel, templateVmChW, templateVmChWAdd + global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd + global templateVmStes, templateVmSteDel, templateVmSte, templateVmSteAdd + global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd + + # Make sure we have an actual name and check one of the 'all' + # variables to be sure it hasn't been previously defined + if (len( vmName ) > 0) and (not allVmDom0.has_key( vmName )): + vmSuffix = '_' + vmName + allVmDom0[vmName] = modFormTemplate( templateVmDom0, vmSuffix ) + allVmDel[vmName] = modFormTemplate( templateVmDel, vmSuffix ) + allVmChWs[vmName] = modFormTemplate( templateVmChWs, vmSuffix ) + allVmChWDel[vmName] = modFormTemplate( templateVmChWDel, vmSuffix ) + allVmChW[vmName] = modFormTemplate( templateVmChW, vmSuffix ) + allVmChWAdd[vmName] = modFormTemplate( templateVmChWAdd, vmSuffix ) + allVmStes[vmName] = modFormTemplate( templateVmStes, vmSuffix ) + allVmSteDel[vmName] = modFormTemplate( templateVmSteDel, vmSuffix ) + allVmSte[vmName] = modFormTemplate( templateVmSte, vmSuffix ) + allVmSteAdd[vmName] = modFormTemplate( templateVmSteAdd, vmSuffix ) + if addToList == 1: + formVmNames[1].append( vmName ) + formVmNames[1] = removeDups( formVmNames[1] ) + +def newRes( resName, addToList = 0 ): + global formResNames + global templateResDel, allResDel + global templateResStes, templateResSteDel, templateResSte, templateResSteAdd + global allResStes, allResSteDel, allResSteType, allResSteAdd + + # Make sure we have an actual name and check one of the 'all' + # variables to be sure it hasn't been previously defined + if (len( resName ) > 0) and (not allResDel.has_key( resName )): + resSuffix = '_' + resName + allResDel[resName] = modFormTemplate( templateResDel, resSuffix ) + allResStes[resName] = modFormTemplate( templateResStes, resSuffix ) + allResSteDel[resName] = modFormTemplate( templateResSteDel, resSuffix ) + allResSte[resName] = modFormTemplate( templateResSte, resSuffix ) + allResSteAdd[resName] = modFormTemplate( templateResSteAdd, resSuffix ) + if addToList == 1: + formResNames[1].append( resName ) + formResNames[1] = removeDups( formResNames[1] ) + def updateInfo( ): - global formData, formPolicyName, formPolicyDate, formPolicyOrder + global formData, formPolicyName, formPolicyUrl, formPolicyRef, formPolicyDate, formPolicyNSUrl + global formPolicyOrder if formData.has_key( formPolicyName[3] ): formPolicyName[1] = formData[formPolicyName[3]].value elif formData.has_key( formPolicyUpdate[3] ): formPolicyName[1] = '' + if formData.has_key( formPolicyUrl[3] ): + formPolicyUrl[1] = formData[formPolicyUrl[3]].value + elif formData.has_key( formPolicyUpdate[3] ): + formPolicyUrl[1] = '' + + if formData.has_key( formPolicyRef[3] ): + formPolicyRef[1] = formData[formPolicyRef[3]].value + elif formData.has_key( formPolicyUpdate[3] ): + formPolicyRef[1] = '' + if formData.has_key( formPolicyDate[3] ): formPolicyDate[1] = formData[formPolicyDate[3]].value elif formData.has_key( formPolicyUpdate[3] ): formPolicyDate[1] = '' + if formData.has_key( formPolicyNSUrl[3] ): + formPolicyNSUrl[1] = formData[formPolicyNSUrl[3]].value + elif formData.has_key( formPolicyUpdate[3] ): + formPolicyNSUrl[1] = '' + if formData.has_key( formPolicyOrder[3] ): formPolicyOrder[1] = formData[formPolicyOrder[3]].value @@ -483,6 +689,136 @@ def delCSMember( csName ): csm = csm.strip( ) formVar[1].remove( csm ) +def addVm( ): + global formData, fromVmName, formVmNames, formVmNameDom0 + + if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( formVmAdd[3] )): + if formData.has_key( formVmName[3] ): + vmName = formData[formVmName[3]].value + vmName = vmName.strip( ) + newVm( vmName, 1 ) + if formVmNameDom0[1] == '': + formVmNameDom0[1] = vmName + +def delVm( vmName ): + global formVmNames, formVmNameDom0 + global allVmDel, allVmDom0 + global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd + global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd + + vmName = vmName.strip( ) + formVmNames[1].remove( vmName ) + del allVmDom0[vmName] + del allVmDel[vmName] + del allVmChWs[vmName] + del allVmChWDel[vmName] + del allVmChW[vmName] + del allVmChWAdd[vmName] + del allVmStes[vmName] + del allVmSteDel[vmName] + del allVmSte[vmName] + del allVmSteAdd[vmName] + + if formVmNameDom0[1] == vmName: + if len( formVmNames[1] ) > 0: + formVmNameDom0[1] = formVmNames[1][0] + else: + formVmNameDom0[1] = '' + +def makeVmDom0( vmName ): + global formVmNameDom0 + + vmName = vmName.strip( ) + formVmNameDom0[1] = vmName + +def addVmChW( vmName ): + global formData, allVmChW, allVmChWs + + formVar = allVmChW[vmName] + if formData.has_key( formVar[3] ): + chwList = formData.getlist( formVar[3] ) + formVar = allVmChWs[vmName] + for chw in chwList: + chw = chw.strip( ) + formVar[1].append( chw ) + formVar[1] = removeDups( formVar[1] ) + +def delVmChW( vmName ): + global formData, allVmChWs + + formVar = allVmChWs[vmName] + if formData.has_key( formVar[3] ): + chwList = formData.getlist( formVar[3] ) + for chw in chwList: + chw = chw.strip( ) + formVar[1].remove( chw ) + +def addVmSte( vmName ): + global formData, allVmSte, allVmStes + + formVar = allVmSte[vmName] + if formData.has_key( formVar[3] ): + steList = formData.getlist( formVar[3] ) + formVar = allVmStes[vmName] + for ste in steList: + ste = ste.strip( ) + formVar[1].append( ste ) + formVar[1] = removeDups( formVar[1] ) + +def delVmSte( vmName ): + global formData, allVmStes + + formVar = allVmStes[vmName] + if formData.has_key( formVar[3] ): + steList = formData.getlist( formVar[3] ) + for ste in steList: + ste = ste.strip( ) + formVar[1].remove( ste ) + +def addRes( ): + global formData, fromResName, formResNames + + if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( formResAdd[3] )): + if formData.has_key( formResName[3] ): + resName = formData[formResName[3]].value + resName = resName.strip( ) + newRes( resName, 1 ) + +def delRes( resName ): + global formResNames + global allResDel + global allResStes, allResSteDel, allResSteType, allResSteAdd + + resName = resName.strip( ) + formResNames[1].remove( resName ) + del allResDel[resName] + del allResStes[resName] + del allResSteDel[resName] + del allResSte[resName] + del allResSteAdd[resName] + +def addResSte( vmName ): + global formData, allResSte, allResStes + + formVar = allResSte[vmName] + if formData.has_key( formVar[3] ): + steList = formData.getlist( formVar[3] ) + formVar = allResStes[vmName] + for ste in steList: + ste = ste.strip( ) + formVar[1].append( ste ) + formVar[1] = removeDups( formVar[1] ) + +def delResSte( vmName ): + global formData, allResStes + + formVar = allResStes[vmName] + if formData.has_key( formVar[3] ): + steList = formData.getlist( formVar[3] ) + for ste in steList: + ste = ste.strip( ) + formVar[1].remove( ste ) + def processRequest( ): global policyXml global formData, formPolicyUpdate @@ -490,6 +826,12 @@ def processRequest( ): global formChWallAdd, formChWallDel global formCSAdd, allCSDel global formCSNames, allCSMAdd, allCSMDel + global formVmAdd + global formVmNames, allVmDel, allVmDom0 + global allVmChWAdd, allVmChWDel, allVmSteAdd, allVmSteDel + global formResAdd + global formResNames, allResDel + global allResSteAdd, allResSteDel if policyXml != '': parsePolicyXml( ) @@ -498,11 +840,13 @@ def processRequest( ): # an action is performed updateInfo( ) - # Allow the adding of types/sets if the user has hit the - # enter key when attempting to add a type/set + # Allow the adding of types/sets/vms if the user has hit the + # enter key when attempting to add a type/set/vm addSteType( ) addChWallType( ) addCS( ) + addVm( ) + addRes( ) if formData.has_key( formSteDel[3] ): delSteType( ) @@ -522,6 +866,37 @@ def processRequest( ): elif formData.has_key( allCSMDel[csName][3] ): delCSMember( csName ) + for vmName in formVmNames[1]: + if formData.has_key( allVmDel[vmName][3] ): + delVm( vmName ) + continue + + if formData.has_key( allVmDom0[vmName][3] ): + makeVmDom0( vmName ) + + if formData.has_key( allVmChWAdd[vmName][3] ): + addVmChW( vmName ) + + elif formData.has_key( allVmChWDel[vmName][3] ): + delVmChW( vmName ) + + elif formData.has_key( allVmSteAdd[vmName][3] ): + addVmSte( vmName ) + + elif formData.has_key( allVmSteDel[vmName][3] ): + delVmSte( vmName ) + + for resName in formResNames[1]: + if formData.has_key( allResDel[resName][3] ): + delRes( resName ) + continue + + if formData.has_key( allResSteAdd[resName][3] ): + addResSte( resName ) + + elif formData.has_key( allResSteDel[resName][3] ): + delResSte( resName ) + def makeName( name, suffix='' ): rName = name if suffix != '': @@ -553,7 +928,7 @@ def makeValue( value, suffix='' ): def makeValueAttr( value, suffix='' ): return 'value="' + makeValue( value, suffix ) + '"' -def sendHtmlFormVar( formVar, attrs='' ): +def sendHtmlFormVar( formVar, attrs='', rb_select=0 ): nameAttr = '' valueAttr = '' htmlText = '' @@ -614,7 +989,7 @@ def sendHtmlFormVar( formVar, attrs='' ): print '<INPUT type="radio"', nameAttr, valueAttr, addAttrs, checked, '>', htmlText, '<BR>' - if formVar[2] != '': + if ( formVar[2] != '' ) and ( rb_select == 0 ): nameAttr = makeNameAttr( formVar[2] ) valueAttr = makeValueAttr( formVar[1] ) print '<INPUT type="hidden"', nameAttr, valueAttr, '>' @@ -625,7 +1000,9 @@ def sendHtmlHeaders( ): print def sendPolicyHtml( ): - global xmlError, xmlIncomplete, xmlMessages, formXmlGen + global xmlError, xmlIncomplete, xmlMessages + global formDefaultButton, formXmlGen + global formVmNameDom0 print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"' print ' "http://www.w3.org/TR/html4/loose.dtd">' @@ -704,12 +1081,17 @@ def sendPolicyHtml( ): print ' <TR>' print ' <TD>' print ' <TABLE class="full">' + print ' <COLGROUP>' + print ' <COL width="49%">' + print ' <COL width="2%">' + print ' <COL width="49%">' + print ' </COLGROUP>' print ' <TR>' - print ' <TD width="49%">' + print ' <TD>' sendPSteHtml( ) print ' </TD>' - print ' <TD width="2%"> </TD>' - print ' <TD width="49%">' + print ' <TD> </TD>' + print ' <TD>' sendPChWallHtml( ) print ' </TD>' print ' </TR>' @@ -717,7 +1099,57 @@ def sendPolicyHtml( ): print ' </TD>' print ' </TR>' + # Separator + print ' <TR>' + print ' <TD>' + print ' <HR>' + print ' </TD>' + print ' </TR>' + + # Policy Labels (vms) + print ' <TR>' + print ' <TD>' + print ' <TABLE class="full">' + print ' <COLGROUP>' + print ' <COL width="100%">' + print ' </COLGROUP>' + print ' <TR>' + print ' <TD>' + sendPLSubHtml( ) + print ' </TD>' + print ' </TR>' + print ' </TABLE>' + print ' </TD>' + print ' </TR>' + + # Separator + print ' <TR>' + print ' <TD>' + print ' <HR>' + print ' </TD>' + print ' </TR>' + + # Policy Labels (resources) + print ' <TR>' + print ' <TD>' + print ' <TABLE class="full">' + print ' <COLGROUP>' + print ' <COL width="100%">' + print ' </COLGROUP>' + print ' <TR>' + print ' <TD>' + sendPLObjHtml( ) + print ' </TD>' + print ' </TR>' + print ' </TABLE>' + print ' </TD>' + print ' </TR>' + print '</TABLE>' + + # Send some data that needs to be available across sessions + sendHtmlFormVar( formVmNameDom0 ) + print '</FORM>' print '</CENTER>' @@ -733,8 +1165,8 @@ def sendHtmlHead( ): print '<!--' print 'BODY {background-color: #EEEEFF;}' print 'TABLE.container {width: 90%; border: 1px solid black; border-collapse: seperate;}' - print 'TABLE.fullbox {width: 100%; border: 1px solid black; border-collapse: collapse;}' - print 'TABLE.full {width: 100%; border: 0px solid black; border-collapse: collapse;}' + print 'TABLE.full {width: 100%; border: 0px solid black; border-collapse: collapse; border-spacing: 3px;}' + print 'TABLE.fullbox {width: 100%; border: 0px solid black; border-collapse: collapse; border-spacing: 3px;}' print 'THEAD {font-weight: bold; font-size: larger;}' print 'TD {border: 0px solid black; vertical-align: top;}' print 'TD.heading {border: 0px solid black; vertical-align: top; font-weight: bold; font-size: larger;}' @@ -752,7 +1184,8 @@ def sendHtmlHead( ): print '</HEAD>' def sendPHeaderHtml( ): - global formPolicyName, formPolicyDate, formPolicyOrder, formPolicyUpdate + global formPolicyName, formPolicyUrl, formPolicyRef, formPolicyDate, formPolicyNSUrl + global formPolicyOrder, formPolicyUpdate # Policy header definition print '<TABLE class="full">' @@ -770,12 +1203,30 @@ def sendPHeaderHtml( ): print ' </TD>' print ' </TR>' print ' <TR>' + print ' <TD align="right">Url:</TD>' + print ' <TD align="left">' + sendHtmlFormVar( formPolicyUrl, 'class="full"' ) + print ' </TD>' + print ' </TR>' + print ' <TR>' + print ' <TD align="right">Reference:</TD>' + print ' <TD align="left">' + sendHtmlFormVar( formPolicyRef, 'class="full"' ) + print ' </TD>' + print ' </TR>' + print ' <TR>' print ' <TD align="right">Date:</TD>' print ' <TD align="left">' sendHtmlFormVar( formPolicyDate, 'class="full"' ) print ' </TD>' print ' </TR>' print ' <TR>' + print ' <TD align="right">NameSpace URL:</TD>' + print ' <TD align="left">' + sendHtmlFormVar( formPolicyNSUrl, 'class="full"' ) + print ' </TD>' + print ' </TR>' + print ' <TR>' print ' <TD align="right">Primary Policy:</TD>' print ' <TD align="left">' sendHtmlFormVar( formPolicyOrder ) @@ -983,17 +1434,335 @@ def sendPChWallHtml( ): print '</TABLE>' +def sendPLSubHtml( ): + global formVmNames, formVmDel, formVmName, formVmAdd + global allVmDel, allVmDom0 + global allVmChWs, allVmChWDel, allVmChW, allVmChWAdd + global allVmStes, allVmSteDel, allVmSte, allVmSteAdd + global formSteTypes, formChWallTypes + + print '<TABLE class="full">' + print ' <COLGROUP>' + print ' <COL width="100%">' + print ' </COLGROUP>' + + # Virtual Machines... + print ' <TR>' + print ' <TD>' + print ' <TABLE class="full">' + print ' <COLGROUP>' + print ' <COL width="10%">' + print ' <COL width="40%">' + print ' <COL width="50%">' + print ' </COLGROUP>' + print ' <TR>' + print ' <TD class="heading" align="center" colspan="3">Virtual Machine Classes</TD>' + print ' </TR>' + print ' <TR>' + print ' <TD colspan="2">' + sendHtmlFormVar( formVmName, 'class="full"' ) + sendHtmlFormVar( formVmNames ) + print ' </TD>' + print ' <TD> </TD>' + print ' </TR>' + print ' <TR>' + print ' <TD>' + sendHtmlFormVar( formVmAdd, 'class="full"' ) + print ' </TD>' + print ' <TD colspan="2">' + print ' Create a new VM class with the above name' + print ' </TD>' + print ' </TR>' + print ' </TABLE>' + print ' </TD>' + print ' </TR>' + if len( formVmNames[1] ) > 0: + print ' <TR>' + print ' <TD colspan="1">' + print ' ' + print ' </TD>' + print ' </TR>' + print ' <TR>' + print ' <TD>' + print ' <TABLE class="fullbox">' + print ' <COLGROUP>' + print ' <COL width="10%">' + print ' <COL width="40%">' + print ' <COL width="50%">' + print ' </COLGROUP>' + print ' <THEAD>' + print ' <TR>' + print ' <TD class="fullbox">Dom 0?</TD>' + print ' <TD class="fullbox">Name</TD>' + print ' <TD class="fullbox">Actions</TD>' + print ' </TR>' + print ' </THEAD>' + for i, vmName in enumerate( formVmNames[1] ): + print ' <TR>' + print ' <TD class="fullbox">' + if formVmNameDom0[1] == vmName: + print 'Yes' + else: + print ' ' + print ' </TD>' + print ' <TD class="fullbox">' + vmName + '</TD>' + print ' <TD class="fullbox">' + print ' <A href="#' + vmName + '">Edit</A>' + formVar = allVmDel[vmName] + sendHtmlFormVar( formVar, 'class="link"' ) + formVar = allVmDom0[vmName] + sendHtmlFormVar( formVar, 'class="link"' ) + print ' </TD>' + print ' </TR>' + print ' </TABLE>' + print ' </TD>' + print ' </TR>' + for vmName in formVmNames[1]: + print ' <TR>' + print ' <TD>' + print ' <HR>' + print ' </TD>' + print ' </TR>' + print ' <TR>' + print ' <TD>' + print ' <TABLE class="full">' + print ' <COLGROUP>' + print ' <COL width="10%">' + print ' <COL width="39%">' + print ' <COL width="2%">' + print ' <COL width="10%">' + print ' <COL width="39%">' + print ' </COLGROUP>' + print ' <TR>' + print ' <TD colspan="5" align="center" class="heading">' + print ' <A name="' + vmName + '">Virtual Machine Class: ' + vmName + '</A>' + print ' </TD>' + print ' </TR>' + print ' <TR>' + print ' <TD colspan="2" align="center">Simple Type Enforcement Types</TD>' + print ' <TD> </TD>' + print ' <TD colspan="2" align="center">Chinese Wall Types</TD>' + print ' </TR>' + print ' <TR>' + print ' <TD colspan="2">' + formVar = allVmStes[vmName]; + sendHtmlFormVar( formVar, 'class="full" size="4" multiple"' ) + print ' </TD>' + print ' <TD> </TD>' + print ' <TD colspan="2">' + formVar = allVmChWs[vmName]; + sendHtmlFormVar( formVar, 'class="full" size="4" multiple"' ) + print ' </TD>' + print ' </TR>' + print ' <TR>' + print ' <TD>' + formVar = allVmSteDel[vmName]; + sendHtmlFormVar( formVar, 'class="full"' ) + print ' </TD>' + print ' <TD>' + print ' Delete the type(s) selected above' + print ' </TD>' + print ' <TD> </TD>' + print ' <TD>' + formVar = allVmChWDel[vmName]; + sendHtmlFormVar( formVar, 'class="full"' ) + print ' </TD>' + print ' <TD>' + print ' Delete the type(s) selected above' + print ' </TD>' + print ' </TR>' + print ' <TR>' + print ' <TD colspan="2">' + stSet = Set( formSteTypes[1] ) + vmSet = Set( allVmStes[vmName][1] ) + formVar = allVmSte[vmName] + formVar[1] = [] + for steType in stSet.difference( vmSet ): + formVar[1].append( steType ) + formVar[1].sort( ) + sendHtmlFormVar( formVar, 'class="full" size="2" multiple"' ) + print ' </TD>' + print ' <TD> </TD>' + print ' <TD colspan="2">' + ctSet = Set( formChWallTypes[1] ) + vmSet = Set( allVmChWs[vmName][1] ) + formVar = allVmChW[vmName] + formVar[1] = [] + for chwallType in ctSet.difference( vmSet ): + formVar[1].append( chwallType ) + formVar[1].sort( ) + sendHtmlFormVar( formVar, 'class="full" size="2" multiple"' ) + print ' </TD>' + print ' </TR>' + print ' <TR>' + print ' <TD>' + formVar = allVmSteAdd[vmName]; + sendHtmlFormVar( formVar, 'class="full"' ) + print ' </TD>' + print ' <TD>' + print ' Add the type(s) selected above' + print ' </TD>' + print ' <TD> </TD>' + print ' <TD>' + formVar = allVmChWAdd[vmName]; + sendHtmlFormVar( formVar, 'class="full"' ) + print ' </TD>' + print ' <TD>' + print ' Add the type(s) selected above' + print ' </TD>' + print ' </TR>' + print ' </TABLE>' + print ' </TD>' + print ' </TR>' + + print '</TABLE>' + +def sendPLObjHtml( ): + global formResNames, formResDel, formResName, formResAdd + global allResDel + global allResStes, allResSteDel, allResSte, allResSteAdd + global formSteTypes, formChWallTypes + + print '<TABLE class="full">' + print ' <COLGROUP>' + print ' <COL width="100%">' + print ' </COLGROUP>' + + # Resources... + print ' <TR>' + print ' <TD>' + print ' <TABLE class="full">' + print ' <COLGROUP>' + print ' <COL width="10%">' + print ' <COL width="40%">' + print ' <COL width="50%">' + print ' </COLGROUP>' + print ' <TR>' + print ' <TD class="heading" align="center" colspan="3">Resource Classes</TD>' + print ' </TR>' + print ' <TR>' + print ' <TD colspan="2">' + sendHtmlFormVar( formResName, 'class="full"' ) + sendHtmlFormVar( formResNames ) + print ' </TD>' + print ' <TD> </TD>' + print ' </TR>' + print ' <TR>' + print ' <TD>' + sendHtmlFormVar( formResAdd, 'class="full"' ) + print ' </TD>' + print ' <TD colspan="2">' + print ' Create a new Resource class with the above name' + print ' </TD>' + print ' </TR>' + print ' </TABLE>' + print ' </TD>' + print ' </TR>' + if len( formResNames[1] ) > 0: + print ' <TR>' + print ' <TD colspan="1">' + print ' ' + print ' </TD>' + print ' </TR>' + print ' <TR>' + print ' <TD>' + print ' <TABLE class="fullbox">' + print ' <COLGROUP>' + print ' <COL width="50%">' + print ' <COL width="50%">' + print ' </COLGROUP>' + print ' <THEAD>' + print ' <TR>' + print ' <TD class="fullbox">Name</TD>' + print ' <TD class="fullbox">Actions</TD>' + print ' </TR>' + print ' </THEAD>' + for i, resName in enumerate( formResNames[1] ): + print ' <TR>' + print ' <TD class="fullbox">' + resName + '</TD>' + print ' <TD class="fullbox">' + print ' <A href="#' + resName + '">Edit</A>' + formVar = allResDel[resName] + sendHtmlFormVar( formVar, 'class="link"' ) + print ' </TD>' + print ' </TR>' + print ' </TABLE>' + print ' </TD>' + print ' </TR>' + for resName in formResNames[1]: + print ' <TR>' + print ' <TD>' + print ' <HR>' + print ' </TD>' + print ' </TR>' + print ' <TR>' + print ' <TD>' + print ' <TABLE class="full">' + print ' <COLGROUP>' + print ' <COL width="10%">' + print ' <COL width="90%">' + print ' </COLGROUP>' + print ' <TR>' + print ' <TD colspan="2" align="center" class="heading">' + print ' <A name="' + resName + '">Resource Class: ' + resName + '</A>' + print ' </TD>' + print ' </TR>' + print ' <TR>' + print ' <TD colspan="2" align="center">Simple Type Enforcement Types</TD>' + print ' </TR>' + print ' <TR>' + print ' <TD colspan="2">' + formVar = allResStes[resName]; + sendHtmlFormVar( formVar, 'class="full" size="4" multiple"' ) + print ' </TD>' + print ' </TR>' + print ' <TR>' + print ' <TD>' + formVar = allResSteDel[resName]; + sendHtmlFormVar( formVar, 'class="full"' ) + print ' </TD>' + print ' <TD>' + print ' Delete the type(s) selected above' + print ' </TD>' + print ' </TR>' + print ' <TR>' + print ' <TD colspan="2">' + stSet = Set( formSteTypes[1] ) + resSet = Set( allResStes[resName][1] ) + formVar = allResSte[resName] + formVar[1] = [] + for steType in stSet.difference( resSet ): + formVar[1].append( steType ) + formVar[1].sort( ) + sendHtmlFormVar( formVar, 'class="full" size="2" multiple"' ) + print ' </TD>' + print ' </TR>' + print ' <TR>' + print ' <TD>' + formVar = allResSteAdd[resName]; + sendHtmlFormVar( formVar, 'class="full"' ) + print ' </TD>' + print ' <TD>' + print ' Add the type(s) selected above' + print ' </TD>' + print ' </TR>' + print ' </TABLE>' + print ' </TD>' + print ' </TR>' + + print '</TABLE>' + def checkXmlData( ): global xmlIncomplete + global formPolicyName, formPolicyOrder + global formChWallTypes, formSteTypes, formCSNames # Validate the Policy Header requirements - if ( len( formPolicyName[1] ) > 0 ) or ( len( formPolicyDate[1] ) > 0 ): - if ( len( formPolicyName[1] ) == 0 ) or ( len( formPolicyDate[1] ) == 0 ): - msg = '' - msg = msg + 'The XML policy schema requires that the Policy ' - msg = msg + 'Information Name and Date fields both have values ' - msg = msg + 'or both not have values.' - formatXmlGenError( msg ) + if ( len( formPolicyName[1] ) == 0 ): + msg = '' + msg = msg + 'The XML policy schema requires that the Policy ' + msg = msg + 'Information Name field have a value.' + formatXmlGenError( msg ) if formPolicyOrder[1] == 'v_ChWall': if len( formChWallTypes[1] ) == 0: @@ -1014,14 +1783,6 @@ def checkXmlData( ): msg = msg + 'primary policy.' formatXmlGenError( msg ) - # Validate the Chinese Wall required data - if len( formChWallTypes[1] ) > 0: - if len( formCSNames[1] ) == 0: - msg = '' - msg = msg + 'The XML policy schema for the Chinese Wall ' - msg = msg + 'requires at least one Conflict Set be defined.' - formatXmlGenError( msg ) - def sendXmlHeaders( ): # HTML headers print 'Content-Type: text/xml' @@ -1042,17 +1803,28 @@ def sendPolicyXml( ): sendPSteXml( ) sendPChWallXml( ) + # Policy Labels (subjects and objects) + print '<SecurityLabelTemplate>' + sendPLSubXml( ) + sendPLObjXml( ) + print '</SecurityLabelTemplate>' print '</SecurityPolicyDefinition>' def sendPHeaderXml( ): - global formPolicyName, formPolicyDate + global formPolicyName, formPolicyUrl, formPolicyRef, formPolicyDate, formPolicyNSUrl # Policy header definition - if ( len( formPolicyName[1] ) > 0 ) or ( len( formPolicyDate[1] ) > 0 ): - print '<PolicyHeader>' - print ' <Name>' + formPolicyName[1] + '</Name>' + print '<PolicyHeader>' + print ' <PolicyName>' + formPolicyName[1] + '</PolicyName>' + if len( formPolicyUrl[1] ) > 0: + print ' <PolicyUrl>' + formPolicyUrl[1] + '</PolicyUrl>' + if len( formPolicyRef[1] ) > 0: + print ' <Reference>' + formPolicyRef[1] + '</Reference>' + if len( formPolicyDate[1] ) > 0: print ' <Date>' + formPolicyDate[1] + '</Date>' - print '</PolicyHeader>' + if len( formPolicyNSUrl[1] ) > 0: + print ' <NameSpaceUrl>' + formPolicyNSUrl[1] + '</NameSpaceUrl>' + print '</PolicyHeader>' def sendPSteXml( ): global formPolicyOrder, formSteTypes @@ -1091,20 +1863,72 @@ def sendPChWallXml( ): print ' <Type>' + chWallType + '</Type>' print ' </ChineseWallTypes>' - # Chinese Wall Conflict Sets... - print ' <ConflictSets>' - for cs in formCSNames[1]: - formVar = allCSMTypes[cs] - if len( formVar[1] ) == 0: - continue - print ' <Conflict name="' + cs + '">' - for csm in formVar[1]: - print ' <Type>' + csm + '</Type>' - print ' </Conflict>' - print ' </ConflictSets>' + # Chinese Wall Conflict Sets (if any) ... + if len( formCSNames[1] ) > 0: + print ' <ConflictSets>' + for cs in formCSNames[1]: + formVar = allCSMTypes[cs] + if len( formVar[1] ) == 0: + continue + print ' <Conflict name="' + cs + '">' + for csm in formVar[1]: + print ' <Type>' + csm + '</Type>' + print ' </Conflict>' + print ' </ConflictSets>' print '</ChineseWall>' +def sendPLSubXml( ): + global formVmNames, allVmChWs, allVmStes + + # Virtual machines... + if len( formVmNames[1] ) == 0: + return + + print ' <SubjectLabels bootstrap="' + formVmNameDom0[1] + '">' + for vmName in formVmNames[1]: + print ' <VirtualMachineLabel>' + print ' <Name>' + vmName + '</Name>' + formVar = allVmStes[vmName] + if len( formVar[1] ) > 0: + print ' <SimpleTypeEnforcementTypes>' + for ste in formVar[1]: + print ' <Type>' + ste + '</Type>' + print ' </SimpleTypeEnforcementTypes>' + + formVar = allVmChWs[vmName] + if len( formVar[1] ) > 0: + print ' <ChineseWallTypes>' + for chw in formVar[1]: + print ' <Type>' + chw + '</Type>' + print ' </ChineseWallTypes>' + + print ' </VirtualMachineLabel>' + + print ' </SubjectLabels>' + +def sendPLObjXml( ): + global formResNames, allResStes + + # Resources... + if len( formResNames[1] ) == 0: + return + + print ' <ObjectLabels>' + for resName in formResNames[1]: + print ' <ResourceLabel>' + print ' <Name>' + resName + '</Name>' + formVar = allResStes[resName] + if len( formVar[1] ) > 0: + print ' <SimpleTypeEnforcementTypes>' + for ste in formVar[1]: + print ' <Type>' + ste + '</Type>' + print ' </SimpleTypeEnforcementTypes>' + + print ' </ResourceLabel>' + + print ' </ObjectLabels>' + # Set up initial HTML variables headTitle = 'Xen Policy Generation' @@ -1125,6 +1949,20 @@ formPolicyName = [ 'text', '', '', ] +formPolicyUrl = [ 'text', + '', + 'h_policyUrl', + 'i_policyUrl', + '', + '', + ] +formPolicyRef = [ 'text', + '', + 'h_policyRef', + 'i_policyRef', + '', + '', + ] formPolicyDate = [ 'text', getCurrentTime( ), 'h_policyDate', @@ -1132,6 +1970,13 @@ formPolicyDate = [ 'text', '', '', ] +formPolicyNSUrl = [ 'text', + '', + 'h_policyNSUrl', + 'i_policyNSUrl', + '', + '', + ] formPolicyOrder = [ 'radiobutton-all', 'v_ChWall', 'h_policyOrder', @@ -1289,13 +2134,218 @@ allCSMDel = {}; allCSMType = {}; allCSMAdd = {}; +formVmNames = [ '', + [], + 'h_vmNames', + '', + '', + '', + ] +formVmDel = [ 'button', + '', + '', + 'i_vmDel', + 'Delete', + '', + ] +formVmName = [ 'text', + '', + '', + 'i_vmName', + '', + '', + ] +formVmAdd = [ 'button', + '', + '', + 'i_vmAdd', + 'New', + '', + ] + +formVmNameDom0 = [ '', + '', + 'h_vmDom0', + '', + '', + '', + ] + +# This is a set of templates used for each virtual machine +# Each virtual machine is initially assigned these templates, +# then each form attribute value is changed to append +# "_virtual-machine-name" for uniqueness. +templateVmDel = [ 'button', + '', + '', + 'i_vmDel', + 'Delete', + '', + ] +templateVmDom0 = [ 'button', + '', + '', + 'i_vmDom0', + 'SetDom0', + '', + ] +allVmDel = {}; +allVmDom0 = {}; + +templateVmChWs = [ 'list', + [], + 'h_vmChWs', + 'i_vmChWs', + '', + '', + ] +templateVmChWDel = [ 'button', + '', + '', + 'i_vmChWDel', + 'Delete', + '', + ] +templateVmChW = [ 'list', + [], + '', + 'i_vmChW', + '', + '', + ] +templateVmChWAdd = [ 'button', + '', + '', + 'i_vmChWAdd', + 'Add', + '', + ] +allVmChWs = {}; +allVmChWDel = {}; +allVmChW = {}; +allVmChWAdd = {}; + +templateVmStes = [ 'list', + [], + 'h_vmStes', + 'i_vmStes', + '', + '', + ] +templateVmSteDel = [ 'button', + '', + '', + 'i_vmSteDel', + 'Delete', + '', + ] +templateVmSte = [ 'list', + [], + '', + 'i_vmSte', + '', + '', + ] +templateVmSteAdd = [ 'button', + '', + '', + 'i_vmSteAdd', + 'Add', + '', + ] +allVmStes = {}; +allVmSteDel = {}; +allVmSte = {}; +allVmSteAdd = {}; + +formResNames = [ '', + [], + 'h_resNames', + '', + '', + '', + ] +formResDel = [ 'button', + '', + '', + 'i_resDel', + 'Delete', + '', + ] +formResName = [ 'text', + '', + '', + 'i_resName', + '', + '', + ] +formResAdd = [ 'button', + '', + '', + 'i_resAdd', + 'New', + '', + ] + +# This is a set of templates used for each resource +# Each resource is initially assigned these templates, +# then each form attribute value is changed to append +# "_resource-name" for uniqueness. +templateResDel = [ 'button', + '', + '', + 'i_resDel', + 'Delete', + '', + ] +allResDel = {}; + +templateResStes = [ 'list', + [], + 'h_resStes', + 'i_resStes', + '', + '', + ] +templateResSteDel = [ 'button', + '', + '', + 'i_resSteDel', + 'Delete', + '', + ] +templateResSte = [ 'list', + [], + '', + 'i_resSte', + '', + '', + ] +templateResSteAdd = [ 'button', + '', + '', + 'i_resSteAdd', + 'Add', + '', + ] +allResStes = {}; +allResSteDel = {}; +allResSte = {}; +allResSteAdd = {}; + # A list of all form variables used for saving info across requests formVariables = [ formPolicyName, + formPolicyUrl, + formPolicyRef, formPolicyDate, + formPolicyNSUrl, formPolicyOrder, formSteTypes, formChWallTypes, formCSNames, + formVmNames, + formVmNameDom0, + formResNames, ] policyXml = '' diff --git a/tools/security/python/xensec_gen/cgi-bin/policylabel.cgi b/tools/security/python/xensec_gen/cgi-bin/policylabel.cgi deleted file mode 100644 index 3863d3e5aa..0000000000 --- a/tools/security/python/xensec_gen/cgi-bin/policylabel.cgi +++ /dev/null @@ -1,1396 +0,0 @@ -#!/usr/bin/python -# -# The Initial Developer of the Original Code is International -# Business Machines Corporation. Portions created by IBM -# Corporation are Copyright (C) 2005 International Business -# Machines Corporation. All Rights Reserved. -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, -# or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# - -import os -import cgi -import cgitb; cgitb.enable( ) -import time -import xml.dom.minidom -import xml.sax -import xml.sax.handler -from StringIO import StringIO -from sets import Set - -def getSavedData( ): - global formData, policyXml, policyLabelXml - global formVariables, formVmNames - global allVmChWs, allVmStes - - # Process the XML upload policy file - if formData.has_key( 'i_policy' ): - dataList = formData.getlist( 'i_policy' ) - if len( dataList ) > 0: - policyXml = dataList[0].strip( ) - - # The XML upload policy file must be specified at the start - if formData.has_key( 'i_policyLabelCreate' ): - if policyXml == '': - msg = '' - msg = msg + 'A Policy file was not supplied. A Policy file ' - msg = msg + 'must be supplied in order to successfully create ' - msg = msg + 'a Policy Labeling file.' - formatXmlError( msg ) - - # Process the XML upload policy label file - if formData.has_key( 'i_policyLabel' ): - dataList = formData.getlist( 'i_policyLabel' ) - if len( dataList ) > 0: - policyLabelXml = dataList[0].strip( ) - - # Process all the hidden input variables (if present) - for formVar in formVariables: - if formVar[2] == '': - continue - - if formData.has_key( formVar[2] ): - dataList = formData.getlist( formVar[2] ) - if len( dataList ) > 0: - if isinstance( formVar[1], list ): - exec 'formVar[1] = ' + dataList[0] - else: - formVar[1] = dataList[0] - - # The form can contain any number of "Virtual Machines" - # so update the list of form variables to include - # each virtual machine (hidden input variable) - for vmName in formVmNames[1]: - newVm( vmName ) - - vmFormVar = allVmChWs[vmName] - if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ): - dataList = formData.getlist( vmFormVar[2] ) - if len( dataList ) > 0: - if isinstance( vmFormVar[1], list ): - exec 'vmFormVar[1] = ' + dataList[0] - else: - vmFormVar[1] = dataList[0] - - vmFormVar = allVmStes[vmName] - if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ): - dataList = formData.getlist( vmFormVar[2] ) - if len( dataList ) > 0: - if isinstance( vmFormVar[1], list ): - exec 'vmFormVar[1] = ' + dataList[0] - else: - vmFormVar[1] = dataList[0] - -def getCurrentTime( ): - return time.strftime( '%Y-%m-%d %H:%M:%S', time.localtime( ) ) - -def getName( domNode ): - nameNodes = domNode.getElementsByTagName( 'Name' ) - if len( nameNodes ) == 0: - formatXmlError( '"<Name>" tag is missing' ) - return None - - name = '' - for childNode in nameNodes[0].childNodes: - if childNode.nodeType == xml.dom.Node.TEXT_NODE: - name = name + childNode.data - - return name - -def getDate( domNode ): - dateNodes = domNode.getElementsByTagName( 'Date' ) - if len( dateNodes ) == 0: - formatXmlError( '"<Date>" tag is missing' ) - return None - - date = '' - for childNode in dateNodes[0].childNodes: - if childNode.nodeType == xml.dom.Node.TEXT_NODE: - date = date + childNode.data - - return date - -def getDefUrl( domNode ): - domNodes = domNode.getElementsByTagName( 'PolicyName' ) - if len( domNodes ) == 0: - formatXmlError( '"<PolicyName>" tag is missing' ) - return None - - urlNodes = domNode.getElementsByTagName( 'Url' ) - if len( urlNodes ) == 0: - formatXmlError( '"<Url>" tag is missing' ) - return None - - url = '' - for childNode in urlNodes[0].childNodes: - if childNode.nodeType == xml.dom.Node.TEXT_NODE: - url = url + childNode.data - - return url - -def getDefRef( domNode ): - domNodes = domNode.getElementsByTagName( 'PolicyName' ) - if len( domNodes ) == 0: - formatXmlError( '"<PolicyName>" tag is missing' ) - return None - - refNodes = domNode.getElementsByTagName( 'Reference' ) - if len( refNodes ) == 0: - formatXmlError( '"<Reference>" tag is missing' ) - return None - - ref = '' - for childNode in refNodes[0].childNodes: - if childNode.nodeType == xml.dom.Node.TEXT_NODE: - ref = ref + childNode.data - - return ref - -def getSteTypes( domNode, missingIsError = 0 ): - steNodes = domNode.getElementsByTagName( 'SimpleTypeEnforcementTypes' ) - if len( steNodes ) == 0: - if missingIsError == 1: - formatXmlError( '"<SimpleTypeEnforcementTypes>" tag is missing' ) - return None - else: - return [] - - return getTypes( steNodes[0] ) - -def getChWTypes( domNode, missingIsError = 0 ): - chwNodes = domNode.getElementsByTagName( 'ChineseWallTypes' ) - if len( chwNodes ) == 0: - if missingIsError == 1: - formatXmlError( '"<ChineseWallTypes>" tag is missing' ) - return None - else: - return [] - - return getTypes( chwNodes[0] ) - -def getTypes( domNode ): - types = [] - - domNodes = domNode.getElementsByTagName( 'Type' ) - if len( domNodes ) == 0: - formatXmlError( '"<Type>" tag is missing' ) - return None - - for domNode in domNodes: - typeText = '' - for childNode in domNode.childNodes: - if childNode.nodeType == xml.dom.Node.TEXT_NODE: - typeText = typeText + childNode.data - - if typeText == '': - formatXmlError( 'No text associated with the "<Type>" tag' ) - return None - - types.append( typeText ) - - return types - -def formatXmlError( msg, xml = '', lineNum = -1, colNum = -1 ): - global xmlMessages, xmlError - - xmlError = 1 - addMsg = cgi.escape( msg ) - - if lineNum != -1: - sio = StringIO( xml ) - for xmlLine in sio: - lineNum = lineNum - 1 - if lineNum == 0: - break; - - addMsg += '<BR><PRE>' + cgi.escape( xmlLine.rstrip( ) ) - - if colNum != -1: - errLine = '' - for i in range( colNum ): - errLine = errLine + '-' - - addMsg += '\n' + errLine + '^' - - addMsg += '</PRE>' - - xmlMessages.append( addMsg ) - -def formatXmlGenError( msg ): - global xmlMessages, xmlIncomplete - - xmlIncomplete = 1 - xmlMessages.append( cgi.escape( msg ) ) - -def parseXml( xmlInput ): - global xmlMessages, xmlError, xmlLine, xmlColumn - - xmlParser = xml.sax.make_parser( ) - try: - domDoc = xml.dom.minidom.parseString( xmlInput, xmlParser ) - - except xml.sax.SAXParseException, xmlErr: - msg = '' - msg = msg + 'XML parsing error occurred at line ' - msg = msg + `xmlErr.getLineNumber( )` - msg = msg + ', column ' - msg = msg + `xmlErr.getColumnNumber( )` - msg = msg + ': reason = "' - msg = msg + xmlErr.getMessage( ) - msg = msg + '"' - formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), xmlErr.getColumnNumber( ) ) - return None - - except xml.sax.SAXException, xmlErr: - msg = '' - msg = msg + 'XML Parsing error: ' + `xmlErr` - formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), xmlErr.getColumnNumber( ) ) - return None - - return domDoc - -def parsePolicyXml( ): - global policyXml - global formSteTypes, formChWallTypes - - domDoc = parseXml( policyXml ) - if domDoc == None: - return - - domRoot = domDoc.documentElement - domNodes = domRoot.getElementsByTagName( 'SimpleTypeEnforcement' ) - if len( domNodes ) > 0: - steTypes = getSteTypes( domNodes[0], 1 ) - if steTypes == None: - msg = '' - msg = msg + 'Error processing the SimpleTypeEnforcement types.\n' - msg = msg + 'Please validate the Policy Definition file used.' - formatXmlError( msg ) - return - - formSteTypes[1] = steTypes - - domNodes = domRoot.getElementsByTagName( 'ChineseWall' ) - if len( domNodes ) > 0: - chwTypes = getChWTypes( domNodes[0], 1 ) - if chwTypes == None: - msg = '' - msg = msg + 'Error processing the ChineseWall types.\n' - msg = msg + 'Please validate the Policy Definition file used.' - formatXmlError( msg ) - return - - formChWallTypes[1] = chwTypes - -def parsePolicyLabelXml( ): - global policyLabelXml - - domDoc = parseXml( policyLabelXml ) - if domDoc == None: - return - - domRoot = domDoc.documentElement - domHeaders = domRoot.getElementsByTagName( 'LabelHeader' ) - if len( domHeaders ) == 0: - msg = '' - msg = msg + '"<LabelHeader>" tag is missing.\n' - msg = msg + 'Please validate the Policy Labeling file used.' - formatXmlError( msg ) - return - - pName = getName( domHeaders[0] ) - if pName == None: - msg = '' - msg = msg + 'Error processing the Policy Labeling header information.\n' - msg = msg + 'Please validate the Policy Labeling file used.' - formatXmlError( msg ) - return - - formPolicyLabelName[1] = pName - - pDate = getDate( domHeaders[0] ) - if pDate == None: - msg = '' - msg = msg + 'Error processing the Policy Labeling header information.\n' - msg = msg + 'Please validate the Policy Labeling file used.' - formatXmlError( msg ) - return - - formPolicyLabelDate[1] = pDate - - pUrl = getDefUrl( domHeaders[0] ) - if pUrl == None: - msg = '' - msg = msg + 'Error processing the Policy Labeling header information.\n' - msg = msg + 'Please validate the Policy Labeling file used.' - formatXmlError( msg ) - return - - formPolicyUrl[1] = pUrl - - pRef = getDefRef( domHeaders[0] ) - if pRef == None: - msg = '' - msg = msg + 'Error processing the Policy Labeling header information.\n' - msg = msg + 'Please validate the Policy Labeling file used.' - formatXmlError( msg ) - return - - formPolicyRef[1] = pRef - - domSubjects = domRoot.getElementsByTagName( 'SubjectLabels' ) - if len( domSubjects ) > 0: - formVmNameDom0[1] = domSubjects[0].getAttribute( 'bootstrap' ) - domNodes = domSubjects[0].getElementsByTagName( 'VirtualMachineLabel' ) - for domNode in domNodes: - vmName = getName( domNode ) - if vmName == None: - msg = '' - msg = msg + 'Error processing the VirtualMachineLabel name.\n' - msg = msg + 'Please validate the Policy Labeling file used.' - formatXmlError( msg ) - continue - - steTypes = getSteTypes( domNode ) - if steTypes == None: - msg = '' - msg = msg + 'Error processing the SimpleTypeEnforcement types.\n' - msg = msg + 'Please validate the Policy Labeling file used.' - formatXmlError( msg ) - return - - chwTypes = getChWTypes( domNode ) - if chwTypes == None: - msg = '' - msg = msg + 'Error processing the ChineseWall types.\n' - msg = msg + 'Please validate the Policy Labeling file used.' - formatXmlError( msg ) - return - - newVm( vmName, 1 ) - allVmStes[vmName][1] = steTypes - allVmChWs[vmName][1] = chwTypes - -def removeDups( curList ): - newList = [] - curSet = Set( curList ) - for x in curSet: - newList.append( x ) - newList.sort( ) - - return newList - -def newVm( vmName, addToList = 0 ): - global formVmNames - global templateVmDel, allVmDel, templateVmDom0, allVmDom0 - global templateVmChWs, templateVmChWDel, templateVmChW, templateVmChWAdd - global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd - global templateVmStes, templateVmSteDel, templateVmSte, templateVmSteAdd - global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd - - # Make sure we have an actual name and check one of the 'all' - # variables to be sure it hasn't been previously defined - if (len( vmName ) > 0) and (not allVmDom0.has_key( vmName )): - vmSuffix = '_' + vmName - allVmDom0[vmName] = modFormTemplate( templateVmDom0, vmSuffix ) - allVmDel[vmName] = modFormTemplate( templateVmDel, vmSuffix ) - allVmChWs[vmName] = modFormTemplate( templateVmChWs, vmSuffix ) - allVmChWDel[vmName] = modFormTemplate( templateVmChWDel, vmSuffix ) - allVmChW[vmName] = modFormTemplate( templateVmChW, vmSuffix ) - allVmChWAdd[vmName] = modFormTemplate( templateVmChWAdd, vmSuffix ) - allVmStes[vmName] = modFormTemplate( templateVmStes, vmSuffix ) - allVmSteDel[vmName] = modFormTemplate( templateVmSteDel, vmSuffix ) - allVmSte[vmName] = modFormTemplate( templateVmSte, vmSuffix ) - allVmSteAdd[vmName] = modFormTemplate( templateVmSteAdd, vmSuffix ) - if addToList == 1: - formVmNames[1].append( vmName ) - formVmNames[1] = removeDups( formVmNames[1] ) - -def updateInfo( ): - global formData, formPolicyLabelName, formPolicyLabelDate - global formPolicyUrl, formPolicyRef - - if formData.has_key( formPolicyLabelName[3] ): - formPolicyLabelName[1] = formData[formPolicyLabelName[3]].value - elif formData.has_key( formPolicyLabelUpdate[3] ): - formPolicyLabelName[1] = '' - - if formData.has_key( formPolicyLabelDate[3] ): - formPolicyLabelDate[1] = formData[formPolicyLabelDate[3]].value - elif formData.has_key( formPolicyLabelUpdate[3] ): - formPolicyLabelDate[1] = '' - - if formData.has_key( formPolicyUrl[3] ): - formPolicyUrl[1] = formData[formPolicyUrl[3]].value - elif formData.has_key( formPolicyLabelUpdate[3] ): - formPolicyUrl[1] = '' - - if formData.has_key( formPolicyRef[3] ): - formPolicyRef[1] = formData[formPolicyRef[3]].value - elif formData.has_key( formPolicyLabelUpdate[3] ): - formPolicyRef[1] = '' - -def addVm( ): - global formData, fromVmName, formVmNames, formVmNameDom0 - - if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( formVmAdd[3] )): - if formData.has_key( formVmName[3] ): - vmName = formData[formVmName[3]].value - vmName = vmName.strip( ) - newVm( vmName, 1 ) - if formVmNameDom0[1] == '': - formVmNameDom0[1] = vmName - -def delVm( vmName ): - global formVmNames, formVmNameDom0 - global allVmDel, allVmDom0 - global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd - global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd - - vmName = vmName.strip( ) - formVmNames[1].remove( vmName ) - del allVmDom0[vmName] - del allVmDel[vmName] - del allVmChWs[vmName] - del allVmChWDel[vmName] - del allVmChW[vmName] - del allVmChWAdd[vmName] - del allVmStes[vmName] - del allVmSteDel[vmName] - del allVmSte[vmName] - del allVmSteAdd[vmName] - - if formVmNameDom0[1] == vmName: - if len( formVmNames[1] ) > 0: - formVmNameDom0[1] = formVmNames[1][0] - else: - formVmNameDom0[1] = '' - -def makeVmDom0( vmName ): - global formVmNameDom0 - - vmName = vmName.strip( ) - formVmNameDom0[1] = vmName - -def addVmChW( chwName ): - global formData, allVmChW, allVmChWs - - formVar = allVmChW[chwName] - if formData.has_key( formVar[3] ): - chwList = formData.getlist( formVar[3] ) - formVar = allVmChWs[chwName] - for chw in chwList: - chw = chw.strip( ) - formVar[1].append( chw ) - formVar[1] = removeDups( formVar[1] ) - -def delVmChW( chwName ): - global formData, allVmChWs - - formVar = allVmChWs[chwName] - if formData.has_key( formVar[3] ): - chwList = formData.getlist( formVar[3] ) - for chw in chwList: - chw = chw.strip( ) - formVar[1].remove( chw ) - -def addVmSte( steName ): - global formData, allVmSte, allVmStes - - formVar = allVmSte[steName] - if formData.has_key( formVar[3] ): - steList = formData.getlist( formVar[3] ) - formVar = allVmStes[steName] - for ste in steList: - ste = ste.strip( ) - formVar[1].append( ste ) - formVar[1] = removeDups( formVar[1] ) - -def delVmSte( steName ): - global formData, allVmStes - - formVar = allVmStes[steName] - if formData.has_key( formVar[3] ): - steList = formData.getlist( formVar[3] ) - for ste in steList: - ste = ste.strip( ) - formVar[1].remove( ste ) - -def processRequest( ): - global formData, policyXml, policyLabelXml, formPolicyLabelUpdate - global formVmAdd - global formVmNames, allVmDel, allVmDom0 - global allVmChWAdd, allVmChWDel, allVmSteAdd, allVmSteDel - - if policyXml != '': - parsePolicyXml( ) - - if policyLabelXml != '': - parsePolicyLabelXml( ) - - # Allow the updating of the header information whenever - # an action is performed - updateInfo( ) - - # Allow the adding of labels if the user has hit the - # enter key when attempting to add a type/set - addVm( ) - - for vmName in formVmNames[1]: - if formData.has_key( allVmDel[vmName][3] ): - delVm( vmName ) - continue - - if formData.has_key( allVmDom0[vmName][3] ): - makeVmDom0( vmName ) - - if formData.has_key( allVmChWAdd[vmName][3] ): - addVmChW( vmName ) - - elif formData.has_key( allVmChWDel[vmName][3] ): - delVmChW( vmName ) - - elif formData.has_key( allVmSteAdd[vmName][3] ): - addVmSte( vmName ) - - elif formData.has_key( allVmSteDel[vmName][3] ): - delVmSte( vmName ) - -def modFormTemplate( formTemplate, suffix ): - formVar = [x for x in formTemplate] - - if formVar[2] != '': - formVar[2] = formVar[2] + suffix - if formVar[3] != '': - formVar[3] = formVar[3] + suffix - if (formVar[0] != 'button') and (formVar[4] != ''): - formVar[4] = formVar[4] + suffix - - return formVar; - -def makeName( name, suffix='' ): - rName = name - if suffix != '': - rName = rName + '_' + suffix - - return rName - -def makeNameAttr( name, suffix='' ): - return 'name="' + makeName( name, suffix ) + '"' - -def makeValue( value, suffix='' ): - rValue = value - - if isinstance( value, list ): - rValue = '[' - for val in value: - rValue = rValue + '\'' + val - if suffix != '': - rValue = rValue + '_' + suffix - rValue = rValue + '\',' - rValue = rValue + ']' - - else: - if suffix != '': - rValue = rValue + '_' + suffix - - return rValue - -def makeValueAttr( value, suffix='' ): - return 'value="' + makeValue( value, suffix ) + '"' - -def sendHtmlFormVar( formVar, attrs='', rb_select=0 ): - nameAttr = '' - valueAttr = '' - htmlText = '' - - if formVar[0] == 'text': - if formVar[3] != '': - nameAttr = makeNameAttr( formVar[3] ) - valueAttr = makeValueAttr( formVar[1] ) - - print '<INPUT type="text"', nameAttr, valueAttr, attrs, '>' - - elif formVar[0] == 'list': - if formVar[3] != '': - nameAttr = makeNameAttr( formVar[3] ) - - print '<SELECT', nameAttr, attrs, '>' - for option in formVar[1]: - print '<OPTION>' + option + '</OPTION>' - print '</SELECT>' - - elif formVar[0] == 'button': - if formVar[3] != '': - nameAttr = makeNameAttr( formVar[3] ) - if formVar[4] != '': - valueAttr = makeValueAttr( formVar[4] ) - - print '<INPUT type="submit"', nameAttr, valueAttr, attrs, '>' - - elif formVar[0] == 'radiobutton': - if formVar[3] != '': - nameAttr = makeNameAttr( formVar[3] ) - valueAttr = makeValueAttr( formVar[4][rb_select] ) - htmlText = formVar[5][rb_select] - if formVar[4][rb_select] == formVar[1]: - checked = 'checked' - else: - checked = '' - - print '<INPUT type="radio"', nameAttr, valueAttr, attrs, checked, '>', htmlText - - elif formVar[0] == 'radiobutton-all': - if formVar[3] != '': - nameAttr = makeNameAttr( formVar[3] ) - buttonVals = formVar[4] - for i, buttonVal in enumerate( buttonVals ): - htmlText = '' - addAttrs = '' - checked = '' - - valueAttr = makeValueAttr( buttonVal ) - if formVar[5] != '': - htmlText = formVar[5][i] - if attrs != '': - addAttrs = attrs[i] - if buttonVal == formVar[1]: - checked = 'checked' - - print '<INPUT type="radio"', nameAttr, valueAttr, addAttrs, checked, '>', htmlText - - if ( formVar[2] != '' ) and ( rb_select == 0 ): - nameAttr = makeNameAttr( formVar[2] ) - valueAttr = makeValueAttr( formVar[1] ) - print '<INPUT type="hidden"', nameAttr, valueAttr, '>' - -def sendHtmlHeaders( ): - # HTML headers - print 'Content-Type: text/html' - print - -def sendPolicyLabelHtml( ): - global xmlError, xmlIncomplete, xmlMessages, formXmlGen - global formVmNameDom0, formSteTypes, formChWallTypes - - print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"' - print ' "http://www.w3.org/TR/html4/loose.dtd">' - - print '<HTML>' - - sendHtmlHead( ) - - print '<BODY>' - - # An input XML file was specified that had errors, output the - # error information - if xmlError == 1: - print '<P>' - print 'An error has been encountered while processing the input' - print 'XML file:' - print '<UL>' - for msg in xmlMessages: - print '<LI>' - print msg - print '</UL>' - print '</BODY>' - print '</HTML>' - return - - # When attempting to generate the XML output, all required data was not - # present, output the error information - if xmlIncomplete == 1: - print '<P>' - print 'An error has been encountered while validating the data' - print 'required for the output XML file:' - print '<UL>' - for msg in xmlMessages: - print '<LI>' - print msg - print '</UL>' - print '</BODY>' - print '</HTML>' - return - - print '<CENTER>' - print '<FORM action="' + os.environ['SCRIPT_NAME'] + '" method="post">' - print '<TABLE class="container">' - print ' <COLGROUP>' - print ' <COL width="100%">' - print ' </COLGROUP>' - - print ' <TR>' - print ' <TD>' - sendHtmlFormVar( formDefaultButton, 'class="hidden"' ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD>' - sendHtmlFormVar( formXmlGen ) - print ' </TD>' - print ' </TR>' - - # Policy Labeling header - print ' <TR>' - print ' <TD>' - sendPLHeaderHtml( ) - print ' </TD>' - print ' </TR>' - - # Separator - print ' <TR>' - print ' <TD>' - print ' <HR>' - print ' </TD>' - print ' </TR>' - - # Policy Labels (vms) - print ' <TR>' - print ' <TD>' - print ' <TABLE class="full">' - print ' <TR>' - print ' <TD width="100%">' - sendPLSubHtml( ) - print ' </TD>' - print ' </TR>' - print ' </TABLE>' - print ' </TD>' - print ' </TR>' - - print '</TABLE>' - - # Send some data that needs to be available across sessions - sendHtmlFormVar( formVmNameDom0 ) - sendHtmlFormVar( formSteTypes ) - sendHtmlFormVar( formChWallTypes ) - - print '</FORM>' - print '</CENTER>' - - print '</BODY>' - - print '</HTML>' - -def sendHtmlHead( ): - global headTitle - - print '<HEAD>' - print '<STYLE type="text/css">' - print '<!--' - print 'BODY {background-color: #EEEEFF;}' - print 'TABLE.container {width: 90%; border: 1px solid black; border-collapse: seperate;}' - print 'TABLE.full {width: 100%; border: 0px solid black; border-collapse: collapse; border-spacing: 3px;}' - print 'TABLE.fullbox {width: 100%; border: 0px solid black; border-collapse: collapse; border-spacing: 3px;}' - print 'THEAD {font-weight: bold; font-size: larger;}' - print 'TD {border: 0px solid black; vertical-align: top;}' - print 'TD.heading {border: 0px solid black; vertical-align: top; font-weight: bold; font-size: larger;}' - print 'TD.subheading {border: 0px solid black; vertical-align: top; font-size: smaller;}' - print 'TD.fullbox {border: 1px solid black; vertical-align: top;}' - print 'SELECT.full {width: 100%;}' - print 'INPUT.full {width: 100%;}' - print 'INPUT.link {cursor: pointer; background-color: #EEEEFF; border: 0px; text-decoration: underline; color: blue;}' - print 'INPUT.hidden {visibility: hidden; width: 1px; height: 1px;}' - print ':link {color: blue;}' - print ':visited {color: red;}' - print '-->' - print '</STYLE>' - print '<TITLE>', headTitle, '</TITLE>' - print '</HEAD>' - -def sendPLHeaderHtml( ): - global formPolicyLabelName, formPolicyLabelDate - global formPolicyUrl, formPolicyRef - global formPolicyLabelUpdate - - # Policy Labeling header definition - print '<TABLE class="full">' - print ' <COLGROUP>' - print ' <COL width="20%">' - print ' <COL width="80%">' - print ' </COLGROUP>' - print ' <TR>' - print ' <TD class="heading" align="center" colspan="2">Policy Labeling Information</TD>' - print ' </TR>' - print ' <TR>' - print ' <TD align="right">Name:</TD>' - print ' <TD align="left">' - sendHtmlFormVar( formPolicyLabelName, 'class="full"' ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD align="right">Date:</TD>' - print ' <TD align="left">' - sendHtmlFormVar( formPolicyLabelDate, 'class="full"' ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD align="right">Policy URL:</TD>' - print ' <TD align="left">' - sendHtmlFormVar( formPolicyUrl, 'class="full"' ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD align="right">Policy Reference:</TD>' - print ' <TD align="left">' - sendHtmlFormVar( formPolicyRef, 'class="full"' ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD align="center" colspan="2">' - sendHtmlFormVar( formPolicyLabelUpdate ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD align="center" colspan="2" class="subheading">' - print ' (The Policy Labeling Information is updated whenever an action is performed' - print ' or it can be updated separately using the "Update" button)' - print ' </TD>' - print ' </TR>' - print '</TABLE>' - -def sendPLSubHtml( ): - global formVmNames, formVmDel, formVmName, formVmAdd - global allVmDel, allVmDom0 - global allVmChWs, allVmChWDel, allVmChW, allVmChWAdd - global allVmStes, allVmSteDel, allVmSte, allVmSteAdd - global formSteTypes, formChWallTypes - - print '<TABLE class="full">' - print ' <COLGROUP>' - print ' <COL width="100%">' - print ' </COLGROUP>' - - # Virtual Machines... - print ' <TR>' - print ' <TD>' - print ' <TABLE class="full">' - print ' <COLGROUP>' - print ' <COL width="10%">' - print ' <COL width="40%">' - print ' <COL width="50%">' - print ' </COLGROUP>' - print ' <TR>' - print ' <TD class="heading" align="center" colspan="3">Virtual Machine Classes</TD>' - print ' </TR>' - print ' <TR>' - print ' <TD colspan="2">' - sendHtmlFormVar( formVmName, 'class="full"' ) - sendHtmlFormVar( formVmNames ) - print ' </TD>' - print ' <TD> </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD>' - sendHtmlFormVar( formVmAdd, 'class="full"' ) - print ' </TD>' - print ' <TD colspan="2">' - print ' Create a new VM class with the above name' - print ' </TD>' - print ' </TR>' - print ' </TABLE>' - print ' </TD>' - print ' </TR>' - if len( formVmNames[1] ) > 0: - print ' <TR>' - print ' <TD colspan="1">' - print ' ' - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD>' - print ' <TABLE class="fullbox">' - print ' <COLGROUP>' - print ' <COL width="10%">' - print ' <COL width="40%">' - print ' <COL width="50%">' - print ' </COLGROUP>' - print ' <THEAD>' - print ' <TR>' - print ' <TD class="fullbox">Dom 0?</TD>' - print ' <TD class="fullbox">Name</TD>' - print ' <TD class="fullbox">Actions</TD>' - print ' </TR>' - print ' </THEAD>' - for i, vmName in enumerate( formVmNames[1] ): - print ' <TR>' - print ' <TD class="fullbox">' - if formVmNameDom0[1] == vmName: - print 'Yes' - else: - print ' ' - print ' </TD>' - print ' <TD class="fullbox">' + vmName + '</TD>' - print ' <TD class="fullbox">' - print ' <A href="#' + vmName + '">Edit</A>' - formVar = allVmDel[vmName] - sendHtmlFormVar( formVar, 'class="link"' ) - formVar = allVmDom0[vmName] - sendHtmlFormVar( formVar, 'class="link"' ) - print ' </TD>' - print ' </TR>' - print ' </TABLE>' - print ' </TD>' - print ' </TR>' - for vmName in formVmNames[1]: - print ' <TR>' - print ' <TD>' - print ' <HR>' - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD>' - print ' <TABLE class="full">' - print ' <COLGROUP>' - print ' <COL width="10%">' - print ' <COL width="39%">' - print ' <COL width="2%">' - print ' <COL width="10%">' - print ' <COL width="39%">' - print ' </COLGROUP>' - print ' <TR>' - print ' <TD colspan="5" align="center" class="heading">' - print ' <A name="' + vmName + '">Virtual Machine Class: ' + vmName + '</A>' - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD colspan="2" align="center">Simple Type Enforcement Types</TD>' - print ' <TD> </TD>' - print ' <TD colspan="2" align="center">Chinese Wall Types</TD>' - print ' </TR>' - print ' <TR>' - print ' <TD colspan="2">' - formVar = allVmStes[vmName]; - sendHtmlFormVar( formVar, 'class="full" size="4" multiple"' ) - print ' </TD>' - print ' <TD> </TD>' - print ' <TD colspan="2">' - formVar = allVmChWs[vmName]; - sendHtmlFormVar( formVar, 'class="full" size="4" multiple"' ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD>' - formVar = allVmSteDel[vmName]; - sendHtmlFormVar( formVar, 'class="full"' ) - print ' </TD>' - print ' <TD>' - print ' Delete the type(s) selected above' - print ' </TD>' - print ' <TD> </TD>' - print ' <TD>' - formVar = allVmChWDel[vmName]; - sendHtmlFormVar( formVar, 'class="full"' ) - print ' </TD>' - print ' <TD>' - print ' Delete the type(s) selected above' - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD colspan="2">' - stSet = Set( formSteTypes[1] ) - vmSet = Set( allVmStes[vmName][1] ) - formVar = allVmSte[vmName] - formVar[1] = [] - for steType in stSet.difference( vmSet ): - formVar[1].append( steType ) - formVar[1].sort( ) - sendHtmlFormVar( formVar, 'class="full" size="2" multiple"' ) - print ' </TD>' - print ' <TD> </TD>' - print ' <TD colspan="2">' - ctSet = Set( formChWallTypes[1] ) - vmSet = Set( allVmChWs[vmName][1] ) - formVar = allVmChW[vmName] - formVar[1] = [] - for chwallType in ctSet.difference( vmSet ): - formVar[1].append( chwallType ) - formVar[1].sort( ) - sendHtmlFormVar( formVar, 'class="full" size="2" multiple"' ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD>' - formVar = allVmSteAdd[vmName]; - sendHtmlFormVar( formVar, 'class="full"' ) - print ' </TD>' - print ' <TD>' - print ' Add the type(s) selected above' - print ' </TD>' - print ' <TD> </TD>' - print ' <TD>' - formVar = allVmChWAdd[vmName]; - sendHtmlFormVar( formVar, 'class="full"' ) - print ' </TD>' - print ' <TD>' - print ' Add the type(s) selected above' - print ' </TD>' - print ' </TR>' - print ' </TABLE>' - print ' </TD>' - print ' </TR>' - - print '</TABLE>' - -def sendPLObjHtml( ): - - # Resources... - print '<TABLE class="full">' - print ' <COLGROUP>' - print ' <COL width="60%">' - print ' <COL width="20%">' - print ' <COL width="20%">' - print ' </COLGROUP>' - - print ' <TR>' - print ' <TD align="center" colspan="3" class="heading">Resources</TD>' - print ' </TR>' - print ' <TR>' - print ' <TD colspan="2">' - #sendHtmlFormVar( formVmNames, 'class="full" size="4" multiple"' ) - print ' </TD>' - print ' <TD>' - #sendHtmlFormVar( formVmDel, 'class="full"' ) - print ' </TD>' - print ' </TR>' - print ' <TR>' - print ' <TD colspan="2">' - #sendHtmlFormVar( formVmName, 'class="full"' ) - print ' </TD>' - print ' <TD>' - #sendHtmlFormVar( formVmAdd, 'class="full"' ) - print ' </TD>' - print ' </TR>' - print '</TABLE>' - -def checkXmlData( ): - global xmlIncomplete - - # Validate the Policy Label Header requirements - if ( len( formPolicyLabelName[1] ) == 0 ) or \ - ( len( formPolicyLabelDate[1] ) == 0 ) or \ - ( len( formPolicyUrl[1] ) == 0 ) or \ - ( len( formPolicyRef[1] ) == 0 ): - msg = '' - msg = msg + 'The XML policy label schema requires that the Policy ' - msg = msg + 'Labeling Information Name, Date, Policy URL and ' - msg = msg + 'Policy Reference fields all have values.' - formatXmlGenError( msg ) - -def sendXmlHeaders( ): - # HTML headers - print 'Content-Type: text/xml' - print 'Content-Disposition: attachment; filename=security_label_template.xml' - print - -def sendPolicyLabelXml( ): - print '<?xml version="1.0"?>' - - print '<SecurityLabelTemplate xmlns="http://www.ibm.com"' - print ' xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"' - print ' xsi:schemaLocation="http://www.ibm.com security_policy.xsd">' - - # Policy Labeling header - sendPLHeaderXml( ) - - # Policy Labels (subjects and objects) - sendPLSubXml( ) - #sendPLObjXml( ) - - print '</SecurityLabelTemplate>' - -def sendPLHeaderXml( ): - global formPolicyLabelName, formPolicyLabelDate - global formPolicyUrl, formPolicyRef - - # Policy Labeling header definition - print '<LabelHeader>' - print ' <Name>' + formPolicyLabelName[1] + '</Name>' - print ' <Date>' + formPolicyLabelDate[1] + '</Date>' - print ' <PolicyName>' - print ' <Url>' + formPolicyUrl[1] + '</Url>' - print ' <Reference>' + formPolicyRef[1] + '</Reference>' - print ' </PolicyName>' - print '</LabelHeader>' - -def sendPLSubXml( ): - global formVmNames, allVmChWs, allVmStes - - # Virtual machines... - if len( formVmNames[1] ) == 0: - return - - print '<SubjectLabels bootstrap="' + formVmNameDom0[1] + '">' - for vmName in formVmNames[1]: - print ' <VirtualMachineLabel>' - print ' <Name>' + vmName + '</Name>' - formVar = allVmStes[vmName] - if len( formVar[1] ) > 0: - print ' <SimpleTypeEnforcementTypes>' - for ste in formVar[1]: - print ' <Type>' + ste + '</Type>' - print ' </SimpleTypeEnforcementTypes>' - - formVar = allVmChWs[vmName] - if len( formVar[1] ) > 0: - print ' <ChineseWallTypes>' - for chw in formVar[1]: - print ' <Type>' + chw + '</Type>' - print ' </ChineseWallTypes>' - - print ' </VirtualMachineLabel>' - - print '</SubjectLabels>' - - -# Set up initial HTML variables -headTitle = 'Xen Policy Labeling Generation' - -# Form variables -# The format of these variables is as follows: -# [ p0, p1, p2, p3, p4, p5 ] -# p0 = input type -# p1 = the current value of the variable -# p2 = the hidden input name attribute -# p3 = the name attribute -# p4 = the value attribute -# p5 = text to associate with the tag -formPolicyLabelName = [ 'text', - '', - 'h_policyLabelName', - 'i_policyLabelName', - '', - '', - ] -formPolicyLabelDate = [ 'text', - getCurrentTime( ), - 'h_policyLabelDate', - 'i_policyLabelDate', - '', - '', - ] -formPolicyUrl = [ 'text', - '', - 'h_policyUrl', - 'i_policyUrl', - '', - '', - ] -formPolicyRef = [ 'text', - '', - 'h_policyRef', - 'i_policyRef', - '', - '', - ] -formPolicyLabelUpdate = [ 'button', - '', - '', - 'i_PolicyLabelUpdate', - 'Update', - '', - ] - -formVmNames = [ '', - [], - 'h_vmNames', - '', - '', - '', - ] -formVmDel = [ 'button', - '', - '', - 'i_vmDel', - 'Delete', - '', - ] -formVmName = [ 'text', - '', - '', - 'i_vmName', - '', - '', - ] -formVmAdd = [ 'button', - '', - '', - 'i_vmAdd', - 'New', - '', - ] - -formVmNameDom0 = [ '', - '', - 'h_vmDom0', - '', - '', - '', - ] - -formXmlGen = [ 'button', - '', - '', - 'i_xmlGen', - 'Generate XML', - '', - ] - -formDefaultButton = [ 'button', - '', - '', - 'i_defaultButton', - '.', - '', - ] - -formSteTypes = [ '', - [], - 'h_steTypes', - '', - '', - '', - ] -formChWallTypes = [ '', - [], - 'h_chwallTypes', - '', - '', - '', - ] - -# This is a set of templates used for each virtual machine -# Each virtual machine is initially assigned these templates, -# then each form attribute value is changed to append -# "_virtual-machine-name" for uniqueness. -templateVmDel = [ 'button', - '', - '', - 'i_vmDel', - 'Delete', - '', - ] -templateVmDom0 = [ 'button', - '', - '', - 'i_vmDom0', - 'SetDom0', - '', - ] -allVmDel = {}; -allVmDom0 = {}; - -templateVmChWs = [ 'list', - [], - 'h_vmChWs', - 'i_vmChWs', - '', - '', - ] -templateVmChWDel = [ 'button', - '', - '', - 'i_vmChWDel', - 'Delete', - '', - ] -templateVmChW = [ 'list', - [], - '', - 'i_vmChW', - '', - '', - ] -templateVmChWAdd = [ 'button', - '', - '', - 'i_vmChWAdd', - 'Add', - '', - ] -allVmChWs = {}; -allVmChWDel = {}; -allVmChW = {}; -allVmChWAdd = {}; - -templateVmStes = [ 'list', - [], - 'h_vmStes', - 'i_vmStes', - '', - '', - ] -templateVmSteDel = [ 'button', - '', - '', - 'i_vmSteDel', - 'Delete', - '', - ] -templateVmSte = [ 'list', - [], - '', - 'i_vmSte', - '', - '', - ] -templateVmSteAdd = [ 'button', - '', - '', - 'i_vmSteAdd', - 'Add', - '', - ] -allVmStes = {}; -allVmSteDel = {}; -allVmSte = {}; -allVmSteAdd = {}; - -# A list of all form variables used for saving info across requests -formVariables = [ formPolicyLabelName, - formPolicyLabelDate, - formPolicyUrl, - formPolicyRef, - formVmNames, - formVmNameDom0, - formSteTypes, - formChWallTypes, - ] - -policyXml = '' -policyLabelXml = '' -xmlError = 0 -xmlIncomplete = 0 -xmlMessages = [] - - -# Extract any form data -formData = cgi.FieldStorage( ) - -# Process the form -getSavedData( ) -processRequest( ) - -if formData.has_key( formXmlGen[3] ): - # Generate and send the XML file - checkXmlData( ) - - if xmlIncomplete == 0: - sendXmlHeaders( ) - sendPolicyLabelXml( ) - -if (not formData.has_key( formXmlGen[3] )) or (xmlIncomplete == 1 ): - # Send HTML to continue processing the form - sendHtmlHeaders( ) - sendPolicyLabelHtml( ) diff --git a/tools/security/python/xensec_gen/index.html b/tools/security/python/xensec_gen/index.html index a9fbd75163..8c541e1dd2 100644 --- a/tools/security/python/xensec_gen/index.html +++ b/tools/security/python/xensec_gen/index.html @@ -1,7 +1,7 @@ <!-- The Initial Developer of the Original Code is International Business Machines Corporation. Portions created by IBM - Corporation are Copyright (C) 2005 International Business + Corporation are Copyright (C) 2005, 2006 International Business Machines Corporation. All Rights Reserved. --> @@ -10,7 +10,7 @@ <HTML> <HEAD> <META name="author" content="Tom Lendacky"> - <META name="copyright" content="Copyright (C) 2005 International Business Machines Corporation. All rights reserved"> + <META name="copyright" content="Copyright (C) 2005, 2006 International Business Machines Corporation. All rights reserved"> <STYLE type="text/css"> <!-- @@ -67,60 +67,6 @@ </TR> </TABLE> </FORM> - - <FORM action="/cgi-bin/policylabel.cgi" method="post" enctype="multipart/form-data"> - <TABLE class="xen"> - <COLGROUP> - <COL width="25%"> - <COL width="20%"> - <COL width="55%"> - </COLGROUP> - - <TR> - <TD valign="top" class="heading"> - Security Policy Labeling - </TD> - <TD valign="top" colspan="2"> - To generate or edit the Xen Security Policy Labeling you <B>must</B> - specify the name of - an existing Xen Security Policy file in the - <B>"Policy File"</B> entry field.<BR> - To generate new Xen Security Policy Labeling leave the - <B>"Policy Labeling File"</B> entry field - empty and click the "Create" button.<BR> - To modify existing Xen Security Policy Labeling enter the - file name containing the labeling in the - <B>"Policy Labeling File"</B> entry field - and click the "Create" button.<HR> - </TD> - </TR> - <TR> - <TD></TD> - <TD> - Policy File: - </TD> - <TD> - <INPUT type="file" size="50" name="i_policy"> - </TD> - </TR> - <TR> - <TD></TD> - <TD> - Policy Labeling File: - </TD> - <TD> - <INPUT type="file" size="50" name="i_policyLabel"> - </TD> - </TR> - <TR> - <TD></TD> - <TD valign="top"> - <INPUT type="submit" name="i_policyLabelCreate" value="Create"> - </TD> - <TD></TD> - </TR> - </TABLE> - </FORM> </CENTER> </BODY> </HTML> |