policy.cgi

xen 3.2.2 源码

#!/usr/bin/python
#
# The Initial Developer of the Original Code is International
# Business Machines Corporation. Portions created by IBM
# Corporation are Copyright (C) 2005, 2006 International Business
# Machines Corporation. All Rights Reserved.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License,
# or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#

import os
import cgi
import cgitb; cgitb.enable( )
import time
import xml.dom.minidom
import xml.sax
import xml.sax.handler
from StringIO import StringIO
from sets import Set

def getSavedData( ):
	global formData, policyXml
	global formVariables, formCSNames, formVmNames, formResNames
	global allCSMTypes, allVmChWs, allVmStes, allResStes

	# Process the XML upload policy file
	if formData.has_key( 'i_policy' ):
		dataList = formData.getlist( 'i_policy' )
		if len( dataList ) > 0:
			policyXml  = dataList[0]

	# Process all the hidden input variables (if present)
	for formVar in formVariables:
		if formVar[2] == '':
			continue

		if formData.has_key( formVar[2] ):
			dataList = formData.getlist( formVar[2] )
			if len( dataList ) > 0:
				if isinstance( formVar[1], list ):
					exec 'formVar[1] = ' + dataList[0]
				else:
					formVar[1] = dataList[0]

	# The form can contain any number of "Conflict Sets"
	#   so update the list of form variables to include
	#   each conflict set (hidden input variable)
	for csName in formCSNames[1]:
		newCS( csName )
		if formData.has_key( allCSMTypes[csName][2] ):
			dataList = formData.getlist( allCSMTypes[csName][2] )
			if len( dataList ) > 0:
				exec 'allCSMTypes[csName][1] = ' + dataList[0]

	# The form can contain any number of "Virtual Machines"
	#   so update the list of form variables to include
	#   each virtual machine (hidden input variable)
	for vmName in formVmNames[1]:
		newVm( vmName )

		vmFormVar = allVmChWs[vmName]
		if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ):
			dataList = formData.getlist( vmFormVar[2] )
			if len( dataList ) > 0:
				if isinstance( vmFormVar[1], list ):
					exec 'vmFormVar[1] = ' + dataList[0]
				else:
					vmFormVar[1] = dataList[0]

		vmFormVar = allVmStes[vmName]
		if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ):
			dataList = formData.getlist( vmFormVar[2] )
			if len( dataList ) > 0:
				if isinstance( vmFormVar[1], list ):
					exec 'vmFormVar[1] = ' + dataList[0]
				else:
					vmFormVar[1] = dataList[0]

	# The form can contain any number of "Resources"
	#   so update the list of form variables to include
	#   each resource (hidden input variable)
	for resName in formResNames[1]:
		newRes( resName )

		resFormVar = allResStes[resName]
		if (resFormVar[2] != '') and formData.has_key( resFormVar[2] ):
			dataList = formData.getlist( resFormVar[2] )
			if len( dataList ) > 0:
				if isinstance( resFormVar[1], list ):
					exec 'resFormVar[1] = ' + dataList[0]
				else:
					resFormVar[1] = dataList[0]


def getCurrentTime( ):
	return time.strftime( '%Y-%m-%d %H:%M:%S', time.localtime( ) )

def getName( domNode ):
	nameNodes = domNode.getElementsByTagName( 'Name' )
	if len( nameNodes ) == 0:
		formatXmlError( '"<Name>" tag is missing' )
		return None

	name = ''
	for childNode in nameNodes[0].childNodes:
		if childNode.nodeType == xml.dom.Node.TEXT_NODE:
			name = name + childNode.data
	return name

def getPolicyName( domNode ):
	nameNodes = domNode.getElementsByTagName( 'PolicyName' )
	if len( nameNodes ) == 0:
		formatXmlError( '"<PolicyName>" tag is missing' )
		return None

	name = ''
	for childNode in nameNodes[0].childNodes:
		if childNode.nodeType == xml.dom.Node.TEXT_NODE:
			name = name + childNode.data

	return name

def getUrl( domNode ):
	urlNodes = domNode.getElementsByTagName( 'PolicyUrl' )
	if len( urlNodes ) == 0:
		return ''

	url = ''
	for childNode in urlNodes[0].childNodes:
		if childNode.nodeType == xml.dom.Node.TEXT_NODE:
			url = url + childNode.data

	return url

def getRef( domNode ):
	refNodes = domNode.getElementsByTagName( 'Reference' )
	if len( refNodes ) == 0:
		return ''

	ref = ''
	for childNode in refNodes[0].childNodes:
		if childNode.nodeType == xml.dom.Node.TEXT_NODE:
			ref = ref + childNode.data

	return ref

def getDate( domNode ):
	dateNodes = domNode.getElementsByTagName( 'Date' )
	if len( dateNodes ) == 0:
		return ''

	date = ''
	for childNode in dateNodes[0].childNodes:
		if childNode.nodeType == xml.dom.Node.TEXT_NODE:
			date = date + childNode.data

	return date

def getNSUrl( domNode ):
	urlNodes = domNode.getElementsByTagName( 'NameSpaceUrl' )
	if len( urlNodes ) == 0:
		return ''

	url = ''
	for childNode in urlNodes[0].childNodes:
		if childNode.nodeType == xml.dom.Node.TEXT_NODE:
			url = url + childNode.data

	return url

def getSteTypes( domNode, missingIsError = 0 ):
	steNodes = domNode.getElementsByTagName( 'SimpleTypeEnforcementTypes' )
	if len( steNodes ) == 0:
		if missingIsError == 1:
			formatXmlError( '"<SimpleTypeEnforcementTypes>" tag is missing' )
			return None
		else:
			return []

	return getTypes( steNodes[0] )

def getChWTypes( domNode, missingIsError = 0 ):
	chwNodes = domNode.getElementsByTagName( 'ChineseWallTypes' )
	if len( chwNodes ) == 0:
		if missingIsError == 1:
			formatXmlError( '"<ChineseWallTypes>" tag is missing' )
			return None
		else:
			return []

	return getTypes( chwNodes[0] )

def getTypes( domNode ):
	types = []

	domNodes = domNode.getElementsByTagName( 'Type' )
	if len( domNodes ) == 0:
		formatXmlError( '"<Type>" tag is missing' )
		return None

	for domNode in domNodes:
		typeText = ''
		for childNode in domNode.childNodes:
			if childNode.nodeType == xml.dom.Node.TEXT_NODE:
				typeText = typeText + childNode.data

		if typeText == '':
			formatXmlError( 'No text associated with the "<Type>" tag' )
			return None

		types.append( typeText )

	return types

def formatXmlError( msg, xml = '', lineNum = -1, colNum = -1 ):
	global xmlMessages, xmlError

	xmlError = 1
	addMsg = cgi.escape( msg )

	if lineNum != -1:
		sio = StringIO( xml )
		for xmlLine in sio:
			lineNum = lineNum - 1
			if lineNum == 0:
				break;

		addMsg += '<BR><PRE>' + cgi.escape( xmlLine.rstrip( ) )

		if colNum != -1:
			errLine = ''
			for i in range( colNum ):
				errLine = errLine + '-'

			addMsg += '\n' + errLine + '^'

		addMsg += '</PRE>'

	xmlMessages.append( addMsg )

def formatXmlGenError( msg ):
	global xmlMessages, xmlIncomplete

	xmlIncomplete = 1
	xmlMessages.append( cgi.escape( msg ) )

def parseXml( xmlInput ):
	xmlParser = xml.sax.make_parser( )
	try:
		domDoc = xml.dom.minidom.parseString( xmlInput, xmlParser )

	except xml.sax.SAXParseException, xmlErr:
		msg = ''
		msg = msg + 'XML parsing error occurred at line '
		msg = msg + `xmlErr.getLineNumber( )`
		msg = msg + ', column '
		msg = msg + `xmlErr.getColumnNumber( )`
		msg = msg + ': reason = "'
		msg = msg + xmlErr.getMessage( )
		msg = msg + '"'
		formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), xmlErr.getColumnNumber( ) )
		return None

	except xml.sax.SAXException, xmlErr:
		msg = ''
		msg = msg + 'XML Parsing error: ' + `xmlErr`
		formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), xmlErr.getColumnNumber( ) )
		return None

	return domDoc

def parsePolicyXml( ):
	global policyXml
	global formPolicyName, formPolicyUrl, formPolicyRef, formPolicyDate, formPolicyNSUrl
	global formPolicyOrder
	global formSteTypes, formChWallTypes, formVmNames, formVmNameDom0
	global allCSMTypes, allVmStes, allVmChWs

	domDoc = parseXml( policyXml )
	if domDoc == None:
		return

	# Process the PolicyHeader
	domRoot    = domDoc.documentElement
	domHeaders = domRoot.getElementsByTagName( 'PolicyHeader' )
	if len( domHeaders ) == 0:
		msg = ''
		msg = msg + '"<PolicyHeader>" tag is missing.\n'
		msg = msg + 'Please validate the Policy file used.'
		formatXmlError( msg )
		return

	pName = getPolicyName( domHeaders[0] )
	if pName == None:
		msg = ''
		msg = msg + 'Error processing the Policy header information.\n'
		msg = msg + 'Please validate the Policy file used.'
		formatXmlError( msg )
		return

	formPolicyName[1]  = pName
	formPolicyUrl[1]   = getUrl( domHeaders[0] )
	formPolicyRef[1]   = getRef( domHeaders[0] )
	formPolicyDate[1]  = getDate( domHeaders[0] )
	formPolicyNSUrl[1] = getNSUrl( domHeaders[0] )

	# Process the STEs
	pOrder = ''
	domStes = domRoot.getElementsByTagName( 'SimpleTypeEnforcement' )
	if len( domStes ) > 0:
		if domStes[0].hasAttribute( 'priority' ):
			if domStes[0].getAttribute( 'priority' ) != 'PrimaryPolicyComponent':
				msg = ''
				msg = msg + 'Error processing the "<SimpleTypeEnforcement>" tag.\n'
				msg = msg + 'The "priority" attribute value is not valid.\n'
				msg = msg + 'Please validate the Policy file used.'
				formatXmlError( msg )
				return

			pOrder = 'v_Ste'

		steTypes = getSteTypes( domStes[0], 1 )
		if steTypes == None:
			msg = ''
			msg = msg + 'Error processing the SimpleTypeEnforcement types.\n'
			msg = msg + 'Please validate the Policy file used.'
			formatXmlError( msg )
			return

		formSteTypes[1] = steTypes

	# Process the ChineseWalls and Conflict Sets
	domChWalls = domRoot.getElementsByTagName( 'ChineseWall' )
	if len( domChWalls ) > 0:
		if domChWalls[0].hasAttribute( 'priority' ):
			if domChWalls[0].getAttribute( 'priority' ) != 'PrimaryPolicyComponent':
				msg = ''
				msg = msg + 'Error processing the "<ChineseWall>" tag.\n'
				msg = msg + 'The "priority" attribute value is not valid.\n'
				msg = msg + 'Please validate the Policy file used.'
				formatXmlError( msg )
				return

			if pOrder != '':
				msg = ''
				msg = msg + 'Error processing the "<ChineseWall>" tag.\n'
				msg = msg + 'The "priority" attribute has been previously specified.\n'
				msg = msg + 'Please validate the Policy file used.'
				formatXmlError( msg )
				return

			pOrder = 'v_ChWall'

		chwTypes = getChWTypes( domChWalls[0], 1 )
		if chwTypes == None:
			msg = ''
			msg = msg + 'Error processing the ChineseWall types.\n'
			msg = msg + 'Please validate the Policy file used.'
			formatXmlError( msg )
			return

		formChWallTypes[1] = chwTypes

		csNodes = domChWalls[0].getElementsByTagName( 'ConflictSets' )
		if csNodes and (len( csNodes ) > 0):
			cNodes = csNodes[0].getElementsByTagName( 'Conflict' )
			if not cNodes or len( cNodes ) == 0:
				msg = ''
				msg = msg + 'Required "<Conflict>" tag missing.\n'
				msg = msg + 'Please validate the Policy file used.'
				formatXmlError( msg )
				return

			for cNode in cNodes:
				csName = cNode.getAttribute( 'name' )
				newCS( csName, 1 )

				csMemberList = getTypes( cNode )
				if csMemberList == None:
					msg = ''
					msg = msg + 'Error processing the Conflict Set members.\n'
					msg = msg + 'Please validate the Policy file used.'
					formatXmlError( msg )
					return

				# Verify the conflict set members are valid types
				ctSet = Set( formChWallTypes[1] )
				csSet = Set( csMemberList )
				if not csSet.issubset( ctSet ):
					msg = ''
					msg = msg + 'Error processing Conflict Set "' + csName + '".\n'
					msg = msg + 'Members of the conflict set are not valid '
					msg = msg + 'Chinese Wall types.\n'
					msg = msg + 'Please validate the Policy file used.'
					formatXmlError( msg )

				allCSMTypes[csName][1] = csMemberList

	if pOrder != '':
		formPolicyOrder[1] = pOrder
	else:
		if (len( domStes ) > 0) or (len( domChWalls ) > 0):
			msg = ''
			msg = msg + 'The "priority" attribute has not been specified.\n'
			msg = msg + 'It must be specified on one of the access control types.\n'
			msg = msg + 'Please validate the Policy file used.'
			formatXmlError( msg )
			return

	# Process the Labels
	domLabels = domRoot.getElementsByTagName( 'SecurityLabelTemplate' )
	if not domLabels or (len( domLabels ) == 0):
		msg = ''
		msg = msg + '<SecurityLabelTemplate> tag is missing.\n'
		msg = msg + 'Please validate the Policy file used.'
		formatXmlError( msg )
		return


	# Process the VMs
	domSubjects = domLabels[0].getElementsByTagName( 'SubjectLabels' )
	if len( domSubjects ) > 0:
		formVmNameDom0[1] = domSubjects[0].getAttribute( 'bootstrap' )
		domNodes = domSubjects[0].getElementsByTagName( 'VirtualMachineLabel' )
		for domNode in domNodes:
			vmName = getName( domNode )
			if vmName == None:
				msg = ''
				msg = msg + 'Error processing the VirtualMachineLabel name.\n'
				msg = msg + 'Please validate the Policy file used.'
				formatXmlError( msg )
				continue

			steTypes = getSteTypes( domNode )
			if steTypes == None:
				msg = ''
				msg = msg + 'Error processing the SimpleTypeEnforcement types.\n'
				msg = msg + 'Please validate the Policy file used.'
				formatXmlError( msg )
				return

			chwTypes = getChWTypes( domNode )
			if chwTypes == None:
				msg = ''
				msg = msg + 'Error processing the ChineseWall types.\n'
				msg = msg + 'Please validate the Policy file used.'
				formatXmlError( msg )
				return

			newVm( vmName, 1 )
			allVmStes[vmName][1] = steTypes
			allVmChWs[vmName][1] = chwTypes

	# Process the Resources
	domObjects = domLabels[0].getElementsByTagName( 'ObjectLabels' )
	if len( domObjects ) > 0:
		domNodes = domObjects[0].getElementsByTagName( 'ResourceLabel' )
		for domNode in domNodes:
			resName = getName( domNode )
			if resName == None:
				msg = ''
				msg = msg + 'Error processing the ResourceLabel name.\n'
				msg = msg + 'Please validate the Policy file used.'
				formatXmlError( msg )