', headTitle, '

From 1f11fdecb12bf99154574c5a594426c31a302472 Mon Sep 17 00:00:00 2001 From: "smh22@firebug.cl.cam.ac.uk" Date: Mon, 24 Apr 2006 10:52:19 +0100 Subject: [PATCH] This patch adds support for managing and creating the simplified policies to the policy generation tools. Signed-off by: Thomas Lendacky Signed-off by: Reiner Sailer --- .../python/xensec_gen/cgi-bin/policy.cgi | 1342 ++++++++++++++-- .../python/xensec_gen/cgi-bin/policylabel.cgi | 1396 ----------------- tools/security/python/xensec_gen/index.html | 58 +- 3 files changed, 1198 insertions(+), 1598 deletions(-) delete mode 100644 tools/security/python/xensec_gen/cgi-bin/policylabel.cgi diff --git a/tools/security/python/xensec_gen/cgi-bin/policy.cgi b/tools/security/python/xensec_gen/cgi-bin/policy.cgi index 997dad39bc..fa655c76c7 100644 --- a/tools/security/python/xensec_gen/cgi-bin/policy.cgi +++ b/tools/security/python/xensec_gen/cgi-bin/policy.cgi @@ -2,7 +2,7 @@ # # The Initial Developer of the Original Code is International # Business Machines Corporation. Portions created by IBM -# Corporation are Copyright (C) 2005 International Business +# Corporation are Copyright (C) 2005, 2006 International Business # Machines Corporation. All Rights Reserved. # # This program is free software; you can redistribute it and/or modify @@ -31,9 +31,9 @@ from StringIO import StringIO from sets import Set def getSavedData( ): - global formData, policyXml, formVariables, formCSNames - global templateCSMTypes, templateCSMDel, templateCSMType, templateCSMAdd - global allCSMTypes + global formData, policyXml + global formVariables, formCSNames, formVmNames, formResNames + global allCSMTypes, allVmChWs, allVmStes, allResStes # Process the XML upload policy file if formData.has_key( 'i_policy' ): @@ -64,6 +64,46 @@ def getSavedData( ): if len( dataList ) > 0: exec 'allCSMTypes[csName][1] = ' + dataList[0] + # The form can contain any number of "Virtual Machines" + # so update the list of form variables to include + # each virtual machine (hidden input variable) + for vmName in formVmNames[1]: + newVm( vmName ) + + vmFormVar = allVmChWs[vmName] + if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ): + dataList = formData.getlist( vmFormVar[2] ) + if len( dataList ) > 0: + if isinstance( vmFormVar[1], list ): + exec 'vmFormVar[1] = ' + dataList[0] + else: + vmFormVar[1] = dataList[0] + + vmFormVar = allVmStes[vmName] + if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ): + dataList = formData.getlist( vmFormVar[2] ) + if len( dataList ) > 0: + if isinstance( vmFormVar[1], list ): + exec 'vmFormVar[1] = ' + dataList[0] + else: + vmFormVar[1] = dataList[0] + + # The form can contain any number of "Resources" + # so update the list of form variables to include + # each resource (hidden input variable) + for resName in formResNames[1]: + newRes( resName ) + + resFormVar = allResStes[resName] + if (resFormVar[2] != '') and formData.has_key( resFormVar[2] ): + dataList = formData.getlist( resFormVar[2] ) + if len( dataList ) > 0: + if isinstance( resFormVar[1], list ): + exec 'resFormVar[1] = ' + dataList[0] + else: + resFormVar[1] = dataList[0] + + def getCurrentTime( ): return time.strftime( '%Y-%m-%d %H:%M:%S', time.localtime( ) ) @@ -73,6 +113,18 @@ def getName( domNode ): formatXmlError( '"" tag is missing' ) return None + name = '' + for childNode in nameNodes[0].childNodes: + if childNode.nodeType == xml.dom.Node.TEXT_NODE: + name = name + childNode.data + return name + +def getPolicyName( domNode ): + nameNodes = domNode.getElementsByTagName( 'PolicyName' ) + if len( nameNodes ) == 0: + formatXmlError( '"" tag is missing' ) + return None + name = '' for childNode in nameNodes[0].childNodes: if childNode.nodeType == xml.dom.Node.TEXT_NODE: @@ -80,11 +132,34 @@ def getName( domNode ): return name +def getUrl( domNode ): + urlNodes = domNode.getElementsByTagName( 'PolicyUrl' ) + if len( urlNodes ) == 0: + return '' + + url = '' + for childNode in urlNodes[0].childNodes: + if childNode.nodeType == xml.dom.Node.TEXT_NODE: + url = url + childNode.data + + return url + +def getRef( domNode ): + refNodes = domNode.getElementsByTagName( 'Reference' ) + if len( refNodes ) == 0: + return '' + + ref = '' + for childNode in refNodes[0].childNodes: + if childNode.nodeType == xml.dom.Node.TEXT_NODE: + ref = ref + childNode.data + + return ref + def getDate( domNode ): dateNodes = domNode.getElementsByTagName( 'Date' ) if len( dateNodes ) == 0: - formatXmlError( '"" tag is missing' ) - return None + return '' date = '' for childNode in dateNodes[0].childNodes: @@ -93,6 +168,18 @@ def getDate( domNode ): return date +def getNSUrl( domNode ): + urlNodes = domNode.getElementsByTagName( 'NameSpaceUrl' ) + if len( urlNodes ) == 0: + return '' + + url = '' + for childNode in urlNodes[0].childNodes: + if childNode.nodeType == xml.dom.Node.TEXT_NODE: + url = url + childNode.data + + return url + def getSteTypes( domNode, missingIsError = 0 ): steNodes = domNode.getElementsByTagName( 'SimpleTypeEnforcementTypes' ) if len( steNodes ) == 0: @@ -170,9 +257,7 @@ def formatXmlGenError( msg ): xmlMessages.append( cgi.escape( msg ) ) def parseXml( xmlInput ): - global xmlMessages, xmlError, xmlLine, xmlColumn - - xmlParser = xml.sax.make_parser( ) + xmlParser = xml.sax.make_parser( ) try: domDoc = xml.dom.minidom.parseString( xmlInput, xmlParser ) @@ -198,14 +283,16 @@ def parseXml( xmlInput ): def parsePolicyXml( ): global policyXml - global formPolicyName, formPolicyDate, formPolicyOrder - global formSteTypes, formChWallTypes - global allCSMTypes + global formPolicyName, formPolicyUrl, formPolicyRef, formPolicyDate, formPolicyNSUrl + global formPolicyOrder + global formSteTypes, formChWallTypes, formVmNames, formVmNameDom0 + global allCSMTypes, allVmStes, allVmChWs domDoc = parseXml( policyXml ) if domDoc == None: return + # Process the PolicyHeader domRoot = domDoc.documentElement domHeaders = domRoot.getElementsByTagName( 'PolicyHeader' ) if len( domHeaders ) == 0: @@ -215,7 +302,7 @@ def parsePolicyXml( ): formatXmlError( msg ) return - pName = getName( domHeaders[0] ) + pName = getPolicyName( domHeaders[0] ) if pName == None: msg = '' msg = msg + 'Error processing the Policy header information.\n' @@ -223,18 +310,13 @@ def parsePolicyXml( ): formatXmlError( msg ) return - formPolicyName[1] = pName - - pDate = getDate( domHeaders[0] ) - if pDate == None: - msg = '' - msg = msg + 'Error processing the Policy header information.\n' - msg = msg + 'Please validate the Policy file used.' - formatXmlError( msg ) - return - - formPolicyDate[1] = pDate + formPolicyName[1] = pName + formPolicyUrl[1] = getUrl( domHeaders[0] ) + formPolicyRef[1] = getRef( domHeaders[0] ) + formPolicyDate[1] = getDate( domHeaders[0] ) + formPolicyNSUrl[1] = getNSUrl( domHeaders[0] ) + # Process the STEs pOrder = '' domStes = domRoot.getElementsByTagName( 'SimpleTypeEnforcement' ) if len( domStes ) > 0: @@ -259,6 +341,7 @@ def parsePolicyXml( ): formSteTypes[1] = steTypes + # Process the ChineseWalls and Conflict Sets domChWalls = domRoot.getElementsByTagName( 'ChineseWall' ) if len( domChWalls ) > 0: if domChWalls[0].hasAttribute( 'priority' ): @@ -291,56 +374,118 @@ def parsePolicyXml( ): formChWallTypes[1] = chwTypes csNodes = domChWalls[0].getElementsByTagName( 'ConflictSets' ) - if len( csNodes ) == 0: - msg = '' - msg = msg + 'Required "" tag missing.\n' - msg = msg + 'Please validate the Policy file used.' - formatXmlError( msg ) - return + if csNodes and (len( csNodes ) > 0): + cNodes = csNodes[0].getElementsByTagName( 'Conflict' ) + if not cNodes or len( cNodes ) == 0: + msg = '' + msg = msg + 'Required "" tag missing.\n' + msg = msg + 'Please validate the Policy file used.' + formatXmlError( msg ) + return - cNodes = csNodes[0].getElementsByTagName( 'Conflict' ) - if len( cNodes ) == 0: + for cNode in cNodes: + csName = cNode.getAttribute( 'name' ) + newCS( csName, 1 ) + + csMemberList = getTypes( cNode ) + if csMemberList == None: + msg = '' + msg = msg + 'Error processing the Conflict Set members.\n' + msg = msg + 'Please validate the Policy file used.' + formatXmlError( msg ) + return + + # Verify the conflict set members are valid types + ctSet = Set( formChWallTypes[1] ) + csSet = Set( csMemberList ) + if not csSet.issubset( ctSet ): + msg = '' + msg = msg + 'Error processing Conflict Set "' + csName + '".\n' + msg = msg + 'Members of the conflict set are not valid ' + msg = msg + 'Chinese Wall types.\n' + msg = msg + 'Please validate the Policy file used.' + formatXmlError( msg ) + + allCSMTypes[csName][1] = csMemberList + + if pOrder != '': + formPolicyOrder[1] = pOrder + else: + if (len( domStes ) > 0) or (len( domChWalls ) > 0): msg = '' - msg = msg + 'Required "" tag missing.\n' + msg = msg + 'The "priority" attribute has not been specified.\n' + msg = msg + 'It must be specified on one of the access control types.\n' msg = msg + 'Please validate the Policy file used.' formatXmlError( msg ) return - for cNode in cNodes: - csName = cNode.getAttribute( 'name' ) - newCS( csName, 1 ) + # Process the Labels + domLabels = domRoot.getElementsByTagName( 'SecurityLabelTemplate' ) + if not domLabels or (len( domLabels ) == 0): + msg = '' + msg = msg + ' tag is missing.\n' + msg = msg + 'Please validate the Policy file used.' + formatXmlError( msg ) + return + + + # Process the VMs + domSubjects = domLabels[0].getElementsByTagName( 'SubjectLabels' ) + if len( domSubjects ) > 0: + formVmNameDom0[1] = domSubjects[0].getAttribute( 'bootstrap' ) + domNodes = domSubjects[0].getElementsByTagName( 'VirtualMachineLabel' ) + for domNode in domNodes: + vmName = getName( domNode ) + if vmName == None: + msg = '' + msg = msg + 'Error processing the VirtualMachineLabel name.\n' + msg = msg + 'Please validate the Policy file used.' + formatXmlError( msg ) + continue - csMemberList = getTypes( cNode ) - if csMemberList == None: + steTypes = getSteTypes( domNode ) + if steTypes == None: msg = '' - msg = msg + 'Error processing the Conflict Set members.\n' + msg = msg + 'Error processing the SimpleTypeEnforcement types.\n' msg = msg + 'Please validate the Policy file used.' formatXmlError( msg ) return - # Verify the conflict set members are valid types - ctSet = Set( formChWallTypes[1] ) - csSet = Set( csMemberList ) - if not csSet.issubset( ctSet ): + chwTypes = getChWTypes( domNode ) + if chwTypes == None: msg = '' - msg = msg + 'Error processing Conflict Set "' + csName + '".\n' - msg = msg + 'Members of the conflict set are not valid ' - msg = msg + 'Chinese Wall types.\n' + msg = msg + 'Error processing the ChineseWall types.\n' msg = msg + 'Please validate the Policy file used.' formatXmlError( msg ) + return - allCSMTypes[csName][1] = csMemberList + newVm( vmName, 1 ) + allVmStes[vmName][1] = steTypes + allVmChWs[vmName][1] = chwTypes + + # Process the Resources + domObjects = domLabels[0].getElementsByTagName( 'ObjectLabels' ) + if len( domObjects ) > 0: + domNodes = domObjects[0].getElementsByTagName( 'ResourceLabel' ) + for domNode in domNodes: + resName = getName( domNode ) + if resName == None: + msg = '' + msg = msg + 'Error processing the ResourceLabel name.\n' + msg = msg + 'Please validate the Policy file used.' + formatXmlError( msg ) + continue - if pOrder != '': - formPolicyOrder[1] = pOrder - else: - if (len( domStes ) > 0) or (len( domChWalls ) > 0): - msg = '' - msg = msg + 'The "priority" attribute has not been specified.\n' - msg = msg + 'It must be specified on one of the access control types.\n' - msg = msg + 'Please validate the Policy file used.' - formatXmlError( msg ) - return + steTypes = getSteTypes( domNode ) + if steTypes == None: + msg = '' + msg = msg + 'Error processing the SimpleTypeEnforcement types.\n' + msg = msg + 'Please validate the Policy file used.' + formatXmlError( msg ) + return + + newRes( resName, 1 ) + allResStes[resName][1] = steTypes def modFormTemplate( formTemplate, suffix ): formVar = [x for x in formTemplate] @@ -383,19 +528,80 @@ def newCS( csName, addToList = 0 ): formCSNames[1].append( csName ) formCSNames[1] = removeDups( formCSNames[1] ) +def newVm( vmName, addToList = 0 ): + global formVmNames + global templateVmDel, allVmDel, templateVmDom0, allVmDom0 + global templateVmChWs, templateVmChWDel, templateVmChW, templateVmChWAdd + global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd + global templateVmStes, templateVmSteDel, templateVmSte, templateVmSteAdd + global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd + + # Make sure we have an actual name and check one of the 'all' + # variables to be sure it hasn't been previously defined + if (len( vmName ) > 0) and (not allVmDom0.has_key( vmName )): + vmSuffix = '_' + vmName + allVmDom0[vmName] = modFormTemplate( templateVmDom0, vmSuffix ) + allVmDel[vmName] = modFormTemplate( templateVmDel, vmSuffix ) + allVmChWs[vmName] = modFormTemplate( templateVmChWs, vmSuffix ) + allVmChWDel[vmName] = modFormTemplate( templateVmChWDel, vmSuffix ) + allVmChW[vmName] = modFormTemplate( templateVmChW, vmSuffix ) + allVmChWAdd[vmName] = modFormTemplate( templateVmChWAdd, vmSuffix ) + allVmStes[vmName] = modFormTemplate( templateVmStes, vmSuffix ) + allVmSteDel[vmName] = modFormTemplate( templateVmSteDel, vmSuffix ) + allVmSte[vmName] = modFormTemplate( templateVmSte, vmSuffix ) + allVmSteAdd[vmName] = modFormTemplate( templateVmSteAdd, vmSuffix ) + if addToList == 1: + formVmNames[1].append( vmName ) + formVmNames[1] = removeDups( formVmNames[1] ) + +def newRes( resName, addToList = 0 ): + global formResNames + global templateResDel, allResDel + global templateResStes, templateResSteDel, templateResSte, templateResSteAdd + global allResStes, allResSteDel, allResSteType, allResSteAdd + + # Make sure we have an actual name and check one of the 'all' + # variables to be sure it hasn't been previously defined + if (len( resName ) > 0) and (not allResDel.has_key( resName )): + resSuffix = '_' + resName + allResDel[resName] = modFormTemplate( templateResDel, resSuffix ) + allResStes[resName] = modFormTemplate( templateResStes, resSuffix ) + allResSteDel[resName] = modFormTemplate( templateResSteDel, resSuffix ) + allResSte[resName] = modFormTemplate( templateResSte, resSuffix ) + allResSteAdd[resName] = modFormTemplate( templateResSteAdd, resSuffix ) + if addToList == 1: + formResNames[1].append( resName ) + formResNames[1] = removeDups( formResNames[1] ) + def updateInfo( ): - global formData, formPolicyName, formPolicyDate, formPolicyOrder + global formData, formPolicyName, formPolicyUrl, formPolicyRef, formPolicyDate, formPolicyNSUrl + global formPolicyOrder if formData.has_key( formPolicyName[3] ): formPolicyName[1] = formData[formPolicyName[3]].value elif formData.has_key( formPolicyUpdate[3] ): formPolicyName[1] = '' + if formData.has_key( formPolicyUrl[3] ): + formPolicyUrl[1] = formData[formPolicyUrl[3]].value + elif formData.has_key( formPolicyUpdate[3] ): + formPolicyUrl[1] = '' + + if formData.has_key( formPolicyRef[3] ): + formPolicyRef[1] = formData[formPolicyRef[3]].value + elif formData.has_key( formPolicyUpdate[3] ): + formPolicyRef[1] = '' + if formData.has_key( formPolicyDate[3] ): formPolicyDate[1] = formData[formPolicyDate[3]].value elif formData.has_key( formPolicyUpdate[3] ): formPolicyDate[1] = '' + if formData.has_key( formPolicyNSUrl[3] ): + formPolicyNSUrl[1] = formData[formPolicyNSUrl[3]].value + elif formData.has_key( formPolicyUpdate[3] ): + formPolicyNSUrl[1] = '' + if formData.has_key( formPolicyOrder[3] ): formPolicyOrder[1] = formData[formPolicyOrder[3]].value @@ -483,6 +689,136 @@ def delCSMember( csName ): csm = csm.strip( ) formVar[1].remove( csm ) +def addVm( ): + global formData, fromVmName, formVmNames, formVmNameDom0 + + if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( formVmAdd[3] )): + if formData.has_key( formVmName[3] ): + vmName = formData[formVmName[3]].value + vmName = vmName.strip( ) + newVm( vmName, 1 ) + if formVmNameDom0[1] == '': + formVmNameDom0[1] = vmName + +def delVm( vmName ): + global formVmNames, formVmNameDom0 + global allVmDel, allVmDom0 + global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd + global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd + + vmName = vmName.strip( ) + formVmNames[1].remove( vmName ) + del allVmDom0[vmName] + del allVmDel[vmName] + del allVmChWs[vmName] + del allVmChWDel[vmName] + del allVmChW[vmName] + del allVmChWAdd[vmName] + del allVmStes[vmName] + del allVmSteDel[vmName] + del allVmSte[vmName] + del allVmSteAdd[vmName] + + if formVmNameDom0[1] == vmName: + if len( formVmNames[1] ) > 0: + formVmNameDom0[1] = formVmNames[1][0] + else: + formVmNameDom0[1] = '' + +def makeVmDom0( vmName ): + global formVmNameDom0 + + vmName = vmName.strip( ) + formVmNameDom0[1] = vmName + +def addVmChW( vmName ): + global formData, allVmChW, allVmChWs + + formVar = allVmChW[vmName] + if formData.has_key( formVar[3] ): + chwList = formData.getlist( formVar[3] ) + formVar = allVmChWs[vmName] + for chw in chwList: + chw = chw.strip( ) + formVar[1].append( chw ) + formVar[1] = removeDups( formVar[1] ) + +def delVmChW( vmName ): + global formData, allVmChWs + + formVar = allVmChWs[vmName] + if formData.has_key( formVar[3] ): + chwList = formData.getlist( formVar[3] ) + for chw in chwList: + chw = chw.strip( ) + formVar[1].remove( chw ) + +def addVmSte( vmName ): + global formData, allVmSte, allVmStes + + formVar = allVmSte[vmName] + if formData.has_key( formVar[3] ): + steList = formData.getlist( formVar[3] ) + formVar = allVmStes[vmName] + for ste in steList: + ste = ste.strip( ) + formVar[1].append( ste ) + formVar[1] = removeDups( formVar[1] ) + +def delVmSte( vmName ): + global formData, allVmStes + + formVar = allVmStes[vmName] + if formData.has_key( formVar[3] ): + steList = formData.getlist( formVar[3] ) + for ste in steList: + ste = ste.strip( ) + formVar[1].remove( ste ) + +def addRes( ): + global formData, fromResName, formResNames + + if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( formResAdd[3] )): + if formData.has_key( formResName[3] ): + resName = formData[formResName[3]].value + resName = resName.strip( ) + newRes( resName, 1 ) + +def delRes( resName ): + global formResNames + global allResDel + global allResStes, allResSteDel, allResSteType, allResSteAdd + + resName = resName.strip( ) + formResNames[1].remove( resName ) + del allResDel[resName] + del allResStes[resName] + del allResSteDel[resName] + del allResSte[resName] + del allResSteAdd[resName] + +def addResSte( vmName ): + global formData, allResSte, allResStes + + formVar = allResSte[vmName] + if formData.has_key( formVar[3] ): + steList = formData.getlist( formVar[3] ) + formVar = allResStes[vmName] + for ste in steList: + ste = ste.strip( ) + formVar[1].append( ste ) + formVar[1] = removeDups( formVar[1] ) + +def delResSte( vmName ): + global formData, allResStes + + formVar = allResStes[vmName] + if formData.has_key( formVar[3] ): + steList = formData.getlist( formVar[3] ) + for ste in steList: + ste = ste.strip( ) + formVar[1].remove( ste ) + def processRequest( ): global policyXml global formData, formPolicyUpdate @@ -490,6 +826,12 @@ def processRequest( ): global formChWallAdd, formChWallDel global formCSAdd, allCSDel global formCSNames, allCSMAdd, allCSMDel + global formVmAdd + global formVmNames, allVmDel, allVmDom0 + global allVmChWAdd, allVmChWDel, allVmSteAdd, allVmSteDel + global formResAdd + global formResNames, allResDel + global allResSteAdd, allResSteDel if policyXml != '': parsePolicyXml( ) @@ -498,11 +840,13 @@ def processRequest( ): # an action is performed updateInfo( ) - # Allow the adding of types/sets if the user has hit the - # enter key when attempting to add a type/set + # Allow the adding of types/sets/vms if the user has hit the + # enter key when attempting to add a type/set/vm addSteType( ) addChWallType( ) addCS( ) + addVm( ) + addRes( ) if formData.has_key( formSteDel[3] ): delSteType( ) @@ -522,6 +866,37 @@ def processRequest( ): elif formData.has_key( allCSMDel[csName][3] ): delCSMember( csName ) + for vmName in formVmNames[1]: + if formData.has_key( allVmDel[vmName][3] ): + delVm( vmName ) + continue + + if formData.has_key( allVmDom0[vmName][3] ): + makeVmDom0( vmName ) + + if formData.has_key( allVmChWAdd[vmName][3] ): + addVmChW( vmName ) + + elif formData.has_key( allVmChWDel[vmName][3] ): + delVmChW( vmName ) + + elif formData.has_key( allVmSteAdd[vmName][3] ): + addVmSte( vmName ) + + elif formData.has_key( allVmSteDel[vmName][3] ): + delVmSte( vmName ) + + for resName in formResNames[1]: + if formData.has_key( allResDel[resName][3] ): + delRes( resName ) + continue + + if formData.has_key( allResSteAdd[resName][3] ): + addResSte( resName ) + + elif formData.has_key( allResSteDel[resName][3] ): + delResSte( resName ) + def makeName( name, suffix='' ): rName = name if suffix != '': @@ -553,7 +928,7 @@ def makeValue( value, suffix='' ): def makeValueAttr( value, suffix='' ): return 'value="' + makeValue( value, suffix ) + '"' -def sendHtmlFormVar( formVar, attrs='' ): +def sendHtmlFormVar( formVar, attrs='', rb_select=0 ): nameAttr = '' valueAttr = '' htmlText = '' @@ -614,7 +989,7 @@ def sendHtmlFormVar( formVar, attrs='' ): print '', htmlText, '
' - if formVar[2] != '': + if ( formVar[2] != '' ) and ( rb_select == 0 ): nameAttr = makeNameAttr( formVar[2] ) valueAttr = makeValueAttr( formVar[1] ) print '' @@ -625,7 +1000,9 @@ def sendHtmlHeaders( ): print def sendPolicyHtml( ): - global xmlError, xmlIncomplete, xmlMessages, formXmlGen + global xmlError, xmlIncomplete, xmlMessages + global formDefaultButton, formXmlGen + global formVmNameDom0 print '' @@ -704,12 +1081,17 @@ def sendPolicyHtml( ): print ' ' print ' ' print ' ' + print ' ' + print ' ' + print ' ' + print ' ' + print ' ' print ' ' - print ' ' - print ' ' - print ' ' + print ' ' print ' ' @@ -717,7 +1099,57 @@ def sendPolicyHtml( ): print ' ' print ' ' + # Separator + print ' ' + print ' ' + print ' ' + + # Policy Labels (vms) + print ' ' + print ' ' + print ' ' + + # Separator + print ' ' + print ' ' + print ' ' + + # Policy Labels (resources) + print ' ' + print ' ' + print ' ' + print '

' + print '

' sendPSteHtml( ) print '

' + print '

' sendPChWallHtml( ) print '

' + print '

' + print ' ' + print ' ' + print ' ' + print ' ' + print ' ' + print ' ' + print ' ' + print '

' + sendPLSubHtml( ) + print '

' + print '

' + print ' ' + print ' ' + print ' ' + print ' ' + print ' ' + print ' ' + print ' ' + print '

' + sendPLObjHtml( ) + print '

' + print '

' + + # Send some data that needs to be available across sessions + sendHtmlFormVar( formVmNameDom0 ) + print '' print '' @@ -733,8 +1165,8 @@ def sendHtmlHead( ): print '' - print '' - print '', headTitle, '' - print '' - -def sendPLHeaderHtml( ): - global formPolicyLabelName, formPolicyLabelDate - global formPolicyUrl, formPolicyRef - global formPolicyLabelUpdate - - # Policy Labeling header definition - print '' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print '

Policy Labeling Information
Name:	' - sendHtmlFormVar( formPolicyLabelName, 'class="full"' ) - print '
Date:	' - sendHtmlFormVar( formPolicyLabelDate, 'class="full"' ) - print '
Policy URL:	' - sendHtmlFormVar( formPolicyUrl, 'class="full"' ) - print '
Policy Reference:	' - sendHtmlFormVar( formPolicyRef, 'class="full"' ) - print '
' - sendHtmlFormVar( formPolicyLabelUpdate ) - print '
' - print ' (The Policy Labeling Information is updated whenever an action is performed' - print ' or it can be updated separately using the "Update" button)' - print '

' - -def sendPLSubHtml( ): - global formVmNames, formVmDel, formVmName, formVmAdd - global allVmDel, allVmDom0 - global allVmChWs, allVmChWDel, allVmChW, allVmChWAdd - global allVmStes, allVmSteDel, allVmSte, allVmSteAdd - global formSteTypes, formChWallTypes - - print '' - print ' ' - print ' ' - print ' ' - - # Virtual Machines... - print ' ' - print ' ' - print ' ' - if len( formVmNames[1] ) > 0: - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - for vmName in formVmNames[1]: - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - - print '

' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print '

Virtual Machine Classes
' - sendHtmlFormVar( formVmName, 'class="full"' ) - sendHtmlFormVar( formVmNames ) - print '
' - sendHtmlFormVar( formVmAdd, 'class="full"' ) - print '	' - print ' Create a new VM class with the above name' - print '

' - print '

' - print ' ' - print '

' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - for i, vmName in enumerate( formVmNames[1] ): - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print '

Dom 0?	Name	Actions
' - if formVmNameDom0[1] == vmName: - print 'Yes' - else: - print ' ' - print '	' + vmName + '	' - print ' Edit' - formVar = allVmDel[vmName] - sendHtmlFormVar( formVar, 'class="link"' ) - formVar = allVmDom0[vmName] - sendHtmlFormVar( formVar, 'class="link"' ) - print '

' - print '

' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print '

' - print ' Virtual Machine Class: ' + vmName + '' - print '
Simple Type Enforcement Types		Chinese Wall Types
' - formVar = allVmStes[vmName]; - sendHtmlFormVar( formVar, 'class="full" size="4" multiple"' ) - print '		' - formVar = allVmChWs[vmName]; - sendHtmlFormVar( formVar, 'class="full" size="4" multiple"' ) - print '
' - formVar = allVmSteDel[vmName]; - sendHtmlFormVar( formVar, 'class="full"' ) - print '	' - print ' Delete the type(s) selected above' - print '	' - formVar = allVmChWDel[vmName]; - sendHtmlFormVar( formVar, 'class="full"' ) - print '	' - print ' Delete the type(s) selected above' - print '
' - stSet = Set( formSteTypes[1] ) - vmSet = Set( allVmStes[vmName][1] ) - formVar = allVmSte[vmName] - formVar[1] = [] - for steType in stSet.difference( vmSet ): - formVar[1].append( steType ) - formVar[1].sort( ) - sendHtmlFormVar( formVar, 'class="full" size="2" multiple"' ) - print '		' - ctSet = Set( formChWallTypes[1] ) - vmSet = Set( allVmChWs[vmName][1] ) - formVar = allVmChW[vmName] - formVar[1] = [] - for chwallType in ctSet.difference( vmSet ): - formVar[1].append( chwallType ) - formVar[1].sort( ) - sendHtmlFormVar( formVar, 'class="full" size="2" multiple"' ) - print '
' - formVar = allVmSteAdd[vmName]; - sendHtmlFormVar( formVar, 'class="full"' ) - print '	' - print ' Add the type(s) selected above' - print '	' - formVar = allVmChWAdd[vmName]; - sendHtmlFormVar( formVar, 'class="full"' ) - print '	' - print ' Add the type(s) selected above' - print '

' - print '

' - -def sendPLObjHtml( ): - - # Resources... - print '' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print ' ' - print '

Resources
' - #sendHtmlFormVar( formVmNames, 'class="full" size="4" multiple"' ) - print '		' - #sendHtmlFormVar( formVmDel, 'class="full"' ) - print '
' - #sendHtmlFormVar( formVmName, 'class="full"' ) - print '		' - #sendHtmlFormVar( formVmAdd, 'class="full"' ) - print '

' - -def checkXmlData( ): - global xmlIncomplete - - # Validate the Policy Label Header requirements - if ( len( formPolicyLabelName[1] ) == 0 ) or \ - ( len( formPolicyLabelDate[1] ) == 0 ) or \ - ( len( formPolicyUrl[1] ) == 0 ) or \ - ( len( formPolicyRef[1] ) == 0 ): - msg = '' - msg = msg + 'The XML policy label schema requires that the Policy ' - msg = msg + 'Labeling Information Name, Date, Policy URL and ' - msg = msg + 'Policy Reference fields all have values.' - formatXmlGenError( msg ) - -def sendXmlHeaders( ): - # HTML headers - print 'Content-Type: text/xml' - print 'Content-Disposition: attachment; filename=security_label_template.xml' - print - -def sendPolicyLabelXml( ): - print '' - - print '' - - # Policy Labeling header - sendPLHeaderXml( ) - - # Policy Labels (subjects and objects) - sendPLSubXml( ) - #sendPLObjXml( ) - - print '' - -def sendPLHeaderXml( ): - global formPolicyLabelName, formPolicyLabelDate - global formPolicyUrl, formPolicyRef - - # Policy Labeling header definition - print '' - print ' ' + formPolicyLabelName[1] + '' - print ' ' + formPolicyLabelDate[1] + '' - print ' ' - print ' ' + formPolicyUrl[1] + '' - print ' ' + formPolicyRef[1] + '' - print ' ' - print '' - -def sendPLSubXml( ): - global formVmNames, allVmChWs, allVmStes - - # Virtual machines... - if len( formVmNames[1] ) == 0: - return - - print '' - for vmName in formVmNames[1]: - print ' ' - print ' ' + vmName + '' - formVar = allVmStes[vmName] - if len( formVar[1] ) > 0: - print ' ' - for ste in formVar[1]: - print ' ' + ste + '' - print ' ' - - formVar = allVmChWs[vmName] - if len( formVar[1] ) > 0: - print ' ' - for chw in formVar[1]: - print ' ' + chw + '' - print ' ' - - print ' ' - - print '' - - -# Set up initial HTML variables -headTitle = 'Xen Policy Labeling Generation' - -# Form variables -# The format of these variables is as follows: -# [ p0, p1, p2, p3, p4, p5 ] -# p0 = input type -# p1 = the current value of the variable -# p2 = the hidden input name attribute -# p3 = the name attribute -# p4 = the value attribute -# p5 = text to associate with the tag -formPolicyLabelName = [ 'text', - '', - 'h_policyLabelName', - 'i_policyLabelName', - '', - '', - ] -formPolicyLabelDate = [ 'text', - getCurrentTime( ), - 'h_policyLabelDate', - 'i_policyLabelDate', - '', - '', - ] -formPolicyUrl = [ 'text', - '', - 'h_policyUrl', - 'i_policyUrl', - '', - '', - ] -formPolicyRef = [ 'text', - '', - 'h_policyRef', - 'i_policyRef', - '', - '', - ] -formPolicyLabelUpdate = [ 'button', - '', - '', - 'i_PolicyLabelUpdate', - 'Update', - '', - ] - -formVmNames = [ '', - [], - 'h_vmNames', - '', - '', - '', - ] -formVmDel = [ 'button', - '', - '', - 'i_vmDel', - 'Delete', - '', - ] -formVmName = [ 'text', - '', - '', - 'i_vmName', - '', - '', - ] -formVmAdd = [ 'button', - '', - '', - 'i_vmAdd', - 'New', - '', - ] - -formVmNameDom0 = [ '', - '', - 'h_vmDom0', - '', - '', - '', - ] - -formXmlGen = [ 'button', - '', - '', - 'i_xmlGen', - 'Generate XML', - '', - ] - -formDefaultButton = [ 'button', - '', - '', - 'i_defaultButton', - '.', - '', - ] - -formSteTypes = [ '', - [], - 'h_steTypes', - '', - '', - '', - ] -formChWallTypes = [ '', - [], - 'h_chwallTypes', - '', - '', - '', - ] - -# This is a set of templates used for each virtual machine -# Each virtual machine is initially assigned these templates, -# then each form attribute value is changed to append -# "_virtual-machine-name" for uniqueness. -templateVmDel = [ 'button', - '', - '', - 'i_vmDel', - 'Delete', - '', - ] -templateVmDom0 = [ 'button', - '', - '', - 'i_vmDom0', - 'SetDom0', - '', - ] -allVmDel = {}; -allVmDom0 = {}; - -templateVmChWs = [ 'list', - [], - 'h_vmChWs', - 'i_vmChWs', - '', - '', - ] -templateVmChWDel = [ 'button', - '', - '', - 'i_vmChWDel', - 'Delete', - '', - ] -templateVmChW = [ 'list', - [], - '', - 'i_vmChW', - '', - '', - ] -templateVmChWAdd = [ 'button', - '', - '', - 'i_vmChWAdd', - 'Add', - '', - ] -allVmChWs = {}; -allVmChWDel = {}; -allVmChW = {}; -allVmChWAdd = {}; - -templateVmStes = [ 'list', - [], - 'h_vmStes', - 'i_vmStes', - '', - '', - ] -templateVmSteDel = [ 'button', - '', - '', - 'i_vmSteDel', - 'Delete', - '', - ] -templateVmSte = [ 'list', - [], - '', - 'i_vmSte', - '', - '', - ] -templateVmSteAdd = [ 'button', - '', - '', - 'i_vmSteAdd', - 'Add', - '', - ] -allVmStes = {}; -allVmSteDel = {}; -allVmSte = {}; -allVmSteAdd = {}; - -# A list of all form variables used for saving info across requests -formVariables = [ formPolicyLabelName, - formPolicyLabelDate, - formPolicyUrl, - formPolicyRef, - formVmNames, - formVmNameDom0, - formSteTypes, - formChWallTypes, - ] - -policyXml = '' -policyLabelXml = '' -xmlError = 0 -xmlIncomplete = 0 -xmlMessages = [] - - -# Extract any form data -formData = cgi.FieldStorage( ) - -# Process the form -getSavedData( ) -processRequest( ) - -if formData.has_key( formXmlGen[3] ): - # Generate and send the XML file - checkXmlData( ) - - if xmlIncomplete == 0: - sendXmlHeaders( ) - sendPolicyLabelXml( ) - -if (not formData.has_key( formXmlGen[3] )) or (xmlIncomplete == 1 ): - # Send HTML to continue processing the form - sendHtmlHeaders( ) - sendPolicyLabelHtml( ) diff --git a/tools/security/python/xensec_gen/index.html b/tools/security/python/xensec_gen/index.html index a9fbd75163..8c541e1dd2 100644 --- a/tools/security/python/xensec_gen/index.html +++ b/tools/security/python/xensec_gen/index.html @@ -1,7 +1,7 @@ @@ -10,7 +10,7 @@ - +