[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] Merged.



# HG changeset patch
# User emellor@xxxxxxxxxxxxxxxxxxxxxx
# Node ID 62d9ac63e7f509328815443d8604f849b64d0c9d
# Parent  8c5b7b6772ae154192263bcb8c836eb619ab3eb4
# Parent  89e0dfa3a089f14aa92f7ea04c94348185e5a634
Merged.

diff -r 8c5b7b6772ae -r 62d9ac63e7f5 tools/ioemu/sdl.c
--- a/tools/ioemu/sdl.c Tue Dec 13 18:08:17 2005
+++ b/tools/ioemu/sdl.c Tue Dec 13 18:08:26 2005
@@ -592,7 +592,8 @@
 
     sdl_resize(ds, 640, 400);
     sdl_update_caption();
-    SDL_EnableKeyRepeat(250, 50);
+    if(repeat_key)
+        SDL_EnableKeyRepeat(250, 50);
     SDL_EnableUNICODE(1);
     gui_grab = 0;
 
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 tools/ioemu/vl.c
--- a/tools/ioemu/vl.c  Tue Dec 13 18:08:17 2005
+++ b/tools/ioemu/vl.c  Tue Dec 13 18:08:26 2005
@@ -145,6 +145,7 @@
 int graphic_height = 600;
 int graphic_depth = 15;
 int full_screen = 0;
+int repeat_key = 1;
 TextConsole *vga_console;
 CharDriverState *serial_hds[MAX_SERIAL_PORTS];
 int xc_handle;
@@ -2250,6 +2251,7 @@
            "-std-vga        simulate a standard VGA card with VESA Bochs 
Extensions\n"
            "                (default is CL-GD5446 PCI VGA)\n"
            "-vgaacc [0|1]   1 to accelerate CL-GD5446 speed, default is 1\n"
+           "-no-repeatkey   disable key repeat feature for SDL keyboard 
simulation"
 #endif
            "-loadvm file    start right away with a saved state (loadvm in 
monitor)\n"
            "\n"
@@ -2342,6 +2344,7 @@
     QEMU_OPTION_loadvm,
     QEMU_OPTION_full_screen,
     QEMU_OPTION_vgaacc,
+    QEMU_OPTION_repeatkey,
 };
 
 typedef struct QEMUOption {
@@ -2421,6 +2424,7 @@
     { "nic-ne2000", 0, QEMU_OPTION_nic_ne2000 },
     { "cirrusvga", 0, QEMU_OPTION_cirrusvga },
     { "vgaacc", HAS_ARG, QEMU_OPTION_vgaacc },
+    { "no-repeatkey", 0, QEMU_OPTION_repeatkey },
     { NULL },
 };
 
@@ -2975,6 +2979,9 @@
                         exit(1);
                     }
                 }
+                break;
+            case QEMU_OPTION_repeatkey:
+                repeat_key = 0;
                 break;
             case QEMU_OPTION_std_vga:
                 cirrus_vga_enabled = 0;
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 tools/ioemu/vl.h
--- a/tools/ioemu/vl.h  Tue Dec 13 18:08:17 2005
+++ b/tools/ioemu/vl.h  Tue Dec 13 18:08:26 2005
@@ -612,6 +612,7 @@
 
 void kbd_init(void);
 extern const char* keyboard_layout;
+extern int repeat_key;
 
 /* mc146818rtc.c */
 
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 tools/security/Makefile
--- a/tools/security/Makefile   Tue Dec 13 18:08:17 2005
+++ b/tools/security/Makefile   Tue Dec 13 18:08:26 2005
@@ -35,7 +35,7 @@
 SRCS_GETD     = get_decision.c
 OBJS_GETD    := $(patsubst %.c,%.o,$(filter %.c,$(SRCS_GETD)))
 
-ACM_INST_TOOLS    = xensec_tool xensec_xml2bin
+ACM_INST_TOOLS    = xensec_tool xensec_xml2bin xensec_gen
 ACM_NOINST_TOOLS  = get_decision
 ACM_OBJS          = $(OBJS_TOOL) $(OBJS_XML2BIN) $(OBJS_GETD)
 ACM_SCRIPTS       = getlabel.sh setlabel.sh updategrub.sh labelfuncs.sh
@@ -43,6 +43,12 @@
 ACM_CONFIG_DIR    = /etc/xen/acm-security
 ACM_POLICY_DIR    = $(ACM_CONFIG_DIR)/policies
 ACM_SCRIPT_DIR    = $(ACM_CONFIG_DIR)/scripts
+
+ACM_INST_HTML     = python/xensec_gen/index.html
+ACM_INST_CGI      = python/xensec_gen/cgi-bin/policy.cgi \
+                    python/xensec_gen/cgi-bin/policylabel.cgi
+ACM_SECGEN_HTMLDIR= /var/lib/xensec_gen
+ACM_SECGEN_CGIDIR = $(ACM_SECGEN_HTMLDIR)/cgi-bin
 
 ACM_SCHEMA        = security_policy.xsd
 ACM_EXAMPLES      = null chwall ste chwall_ste
@@ -65,6 +71,15 @@
        done
        $(INSTALL_DIR) -p $(DESTDIR)$(ACM_SCRIPT_DIR)
        $(INSTALL_PROG) -p $(ACM_SCRIPTS) $(DESTDIR)$(ACM_SCRIPT_DIR)
+       $(INSTALL_DIR) -p $(DESTDIR)$(ACM_SECGEN_HTMLDIR)
+       $(INSTALL_DATA) -p $(ACM_INST_HTML) $(DESTDIR)$(ACM_SECGEN_HTMLDIR)
+       $(INSTALL_DIR) -p $(DESTDIR)$(ACM_SECGEN_CGIDIR)
+       $(INSTALL_PROG) -p $(ACM_INST_CGI) $(DESTDIR)$(ACM_SECGEN_CGIDIR)
+ifndef XEN_PYTHON_NATIVE_INSTALL
+       python python/setup.py install --home="$(DESTDIR)/usr"
+else
+       python python/setup.py install --root="$(DESTDIR)"
+endif
 else
 all:
 
@@ -72,22 +87,27 @@
 endif
 
 build: mk-symlinks $(ACM_INST_TOOLS) $(ACM_NOINST_TOOLS)
+       python python/setup.py build
        chmod 700 $(ACM_SCRIPTS)
 
 xensec_tool: $(OBJS_TOOL)
-       $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
+       $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
 
 xensec_xml2bin: $(OBJS_XML2BIN)
-       $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
+       $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
 
 get_decision: $(OBJS_GETD)
-       $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
+       $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
+
+xensec_gen: xensec_gen.py
+       cp -f $^ $@
 
 clean:
        $(RM) $(ACM_INST_TOOLS) $(ACM_NOINST_TOOLS)
        $(RM) $(ACM_OBJS)
        $(RM) $(PROG_DEPS)
        $(RM) -r xen
+       $(RM) -r build
 
 mrproper: clean
 
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 tools/security/example.txt
--- a/tools/security/example.txt        Tue Dec 13 18:08:17 2005
+++ b/tools/security/example.txt        Tue Dec 13 18:08:26 2005
@@ -271,3 +271,112 @@
 
 If you keep to the security policy schema, then you can use all the
 tools described above. Refer to install.txt to install it.
+
+You can hand-edit the xml files to create your policy or you can use the
+xensec_gen utility.
+
+
+5. Generating policy files using xensec_gen:
+============================================
+
+The xensec_gen utility starts a web-server that can be used to generate the
+XML policy files needed to create a policy.
+
+By default, xensec_gen runs as a daemon and listens on port 7777 for HTTP
+requests.  The xensec_gen command supports command line options to change the
+listen port, run in the foreground, and a few others.  Type 'xensec_gen -h'
+to see the full list of options available.
+
+Once the xensec_gen utility is running, point a browser at the host and port
+on which the utility is running (e.g. http://localhost:7777/).  You will be
+presented with a web page that allows you to create or modify the XML policy
+files:
+
+  - The Security Policy section allows you to create or modify a policy
+    definition file
+
+  - The Security Policy Labeling section allows you to create or modify a
+    label template definition file
+
+  Security Policy:
+  ----------------
+  The Security Policy section allows you to modify an existing policy 
definition
+  file or create a new policy definition file.  To modify an existing policy
+  definition, enter the full path to the existing file (the "Browse" button can
+  be used to aid in this) in the Policy File entry field.  To create a new
+  policy definition file leave the Policy File entry field blank.  At this 
point
+  click the "Create" button to begin modifying or creating your policy 
definition.
+
+  You will then be presented with a web page that will allow you to create 
either
+  Simple Type Enforcement types or Chinese Wall types or both.
+
+  As an example:
+    - To add a Simple Type Enforcement type:
+      - Enter the name of a new type under the Simple Type Enforcement Types
+        section in the entry field above the "New" button.
+      - Click the "New" button and the type will be added to the list of 
defined
+        Simple Type Enforcement types.
+    - To remove a Simple Type Enforcement type:
+      - Click on the type to be removed in the list of defined Simple Type
+        Enforcement types.
+      - Click the "Delete" button to remove the type.
+
+  Follow the same process to add Chinese Wall types.  If you define Chinese 
Wall
+  types you need to define at least one Chinese Wall Conflict Set.  The Chinese
+  Wall Conflict Set will allow you to add Chinese Wall types from the list of
+  defined Chinese Wall types.
+
+  To create your policy definition file, click on the "Generate XML" button on
+  the top of the page.  This will present you with a dialog box to save the
+  generated XML file on your system.  The default name will be 
security_policy.xml
+  which you should change to follow the policy file naming conventions based on
+  the policy name that you choose to use.
+
+  To get a feel for the tool, you could use one of the example policy 
definition
+  files from /etc/xen/acm-security/policies as input.
+
+
+  Security Policy Labeling:
+  -------------------------
+  The Security Policy Labeling section allows you to modify an existing label
+  template definition file or create a new label template definition file.  To
+  modify an existing label template definition, enter the full path to the
+  existing file (the "Browse" button can be used to aid in this) in the Policy
+  Labeling File entry field.  Whether creating a new label template definition
+  file or modifying an existing one, you will need to specify the policy
+  definition file that is or will be associated with this label template
+  definition file.  At this point click the "Create" button to begin modifying
+  or creating your label template definition file.
+
+  You will then be presented with a web page that will allow you to create 
labels
+  for classes of virtual machines.  The input policy definition file will 
provide
+  the available types (Simple Type Enforcement and/or Chinese Wall) that can be
+  assigned to a virtual machine class.
+
+  As an example:
+    - To add a Virtual Machine class (the name entered will become the label
+      that will be used to identify the class):
+      - Enter the name of a new class under the Virtual Machine Classes section
+        in the entry field above the "New" button.
+      - Click the "New" button and the class will be added to the table of 
defined
+        Virtual Machine classes.
+    - To remove a Virtual Machine class:
+      - Click the "Delete" link associated with the class in the table of 
Virtual
+        Machine classes.
+
+  Once you have defined one or more Virtual Machine classes, you will be able 
to
+  add any of the defined Simple Type Enforcement types or Chinese Wall types 
to a
+  particular Virtual Machine.
+
+  You must also define which Virtual Machine class is to be associated with the
+  bootstrap domain (or Dom0 domain).  By default, the first Virtual Machine 
class
+  created will be associated as the bootstrap domain.
+
+  To create your label template definition file, click on the "Generate XML" 
button
+  on the top of the page.  This will present you with a dialog box to save the
+  generated XML file on your system.  The default name will be
+  security_label_template.xml which you should change to follow the policy file
+  naming conventions based on the policy name that you choose to use.
+
+  To get a feel for the tool, you could use one of the example policy 
definition
+  and label template definition files from /etc/xen/acm-security/policies as 
input.
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 tools/xm-test/lib/XmTestLib/XenDomain.py
--- a/tools/xm-test/lib/XmTestLib/XenDomain.py  Tue Dec 13 18:08:17 2005
+++ b/tools/xm-test/lib/XmTestLib/XenDomain.py  Tue Dec 13 18:08:26 2005
@@ -30,18 +30,140 @@
 
 BLOCK_ROOT_DEV = "hda"
 
-def XmTestDomain(name=None, extraOpts=None, config="/dev/null"):
-    if ENABLE_VMX_SUPPORT:
-        return XmTestVmxDomain(name, extraOpts, config)
+def getDeviceModel():
+    """Get the path to the device model based on
+    the architecture reported in uname"""
+    arch = os.uname()[4]
+    if re.search("64", arch):
+        return "/usr/lib64/xen/bin/qemu-dm"
     else:
-        return XmTestPvDomain(name, extraOpts, config)
+        return "/usr/lib/xen/bin/qemu-dm"
 
 def getDefaultKernel():
+    """Get the path to the default DomU kernel"""
     dom0Ver = commands.getoutput("uname -r");
     domUVer = dom0Ver.replace("xen0", "xenU");
     
     return "/boot/vmlinuz-" + domUVer;
 
+def getUniqueName():
+    """Get a uniqueish name for use in a domain"""
+    unixtime = int(time.time())
+    test_name = sys.argv[0]
+    test_name = re.sub("\.test", "", test_name)
+    test_name = re.sub("[\/\.]", "", test_name)
+    name = "%s-%i" % (test_name, unixtime)
+    
+    return name
+
+def getRdPath():
+    rdpath = os.environ.get("RD_PATH")
+    if not rdpath:
+        rdpath = "../../ramdisk"
+    rdpath = os.path.abspath(rdpath)
+
+    return rdpath
+
+ParavirtDefaults = {"memory"       : 64,
+                    "vcpus"        : 1,
+                    "kernel"       : getDefaultKernel(),
+                    "root"         : "/dev/ram0",
+                    "ramdisk"      : getRdPath() + "/initrd.img"
+                    }
+VmxDefaults =      {"memory"       : 64,
+                    "vcpus"        : 1,
+                    "nics"         : 0,
+                    "disk"         : ["file:%s/disk.img,ioemu:%s,w" %
+                                   (getRdPath(), BLOCK_ROOT_DEV)],
+                    "kernel"       : "/usr/lib/xen/boot/vmxloader",
+                    "builder"      : "vmx",
+                    "sdl"          : 0,
+                    "vnc"          : 0,
+                    "vncviewer"    : 0,
+                    "nographic"    : 1,
+                    "serial"       : "pty",
+                    "device_model" : getDeviceModel()
+                    }
+
+if ENABLE_VMX_SUPPORT:
+    configDefaults = VmxDefaults
+else:
+    configDefaults = ParavirtDefaults
+
+class XenConfig:
+    """An object to help create a xen-compliant config file"""
+    def __init__(self):
+        self.defaultOpts = {}
+
+        # These options need to be lists
+        self.defaultOpts["disk"] = []
+        self.defaultOpts["vif"]  = []
+
+        self.opts = self.defaultOpts
+
+    def toString(self):
+        """Convert this config to a string for writing out
+        to a file"""
+        string = "# Xen configuration generated by xm-test\n"
+        for k, v in self.opts.items():
+            if isinstance(v, int):
+                piece = "%s = %i" % (k, v)
+            elif isinstance(v, list) and v:
+                piece = "%s = %s" % (k, v)
+            elif isinstance(v, str) and v:
+                piece = "%s = \"%s\"" % (k, v)
+            else:
+                piece = None
+
+            if piece:
+                string += "%s\n" % piece
+
+        return string
+
+    def write(self, filename):
+        """Write this config out to filename"""
+        output = file(filename, "w")
+        output.write(self.toString())
+        output.close()
+
+    def __str__(self):
+        """When used as a string, we represent ourself by a config
+        filename, which points to a temporary config that we write
+        out ahead of time"""
+        filename = "/tmp/xm-test.conf"
+        self.write(filename)
+        return filename
+
+    def setOpt(self, name, value):
+        """Set an option in the config"""
+        if name in self.opts.keys() and isinstance(self.opts[name], list) and 
not isinstance(value, list):
+                self.opts[name] = [value]
+        else:
+            self.opts[name] = value
+
+    def appOpt(self, name, value):
+        """Append a value to a list option"""
+        if name in self.opts.keys() and isinstance(self.opts[name], list):
+            self.opts[name].append(value)
+
+    def getOpt(self, name):
+        """Return the value of a config option"""
+        if name in self.opts.keys():
+            return self.opts[name]
+        else:
+            return None
+
+    def setOpts(self, opts):
+        """Batch-set options from a dictionary"""
+        for k, v in opts.items():
+            self.setOpt(k, v)
+
+    def clearOpts(self, name=None):
+        """Clear one or all config options"""
+        if name:
+            self.opts[name] = self.defaultOpts[name]
+        else:
+            self.opts = self.defaultOpts
 
 class DomainError(Exception):
     def __init__(self, msg, extra="", errorcode=0):
@@ -55,62 +177,24 @@
     def __str__(self):
         return str(self.msg)
 
+
 class XenDomain:
 
-    def __init__(self, opts={}, config="/dev/null"):
-        """Create a domain object.  Optionally take a 
-        dictionary of 'xm' options to use"""
-
-        self.domID = None;
+    def __init__(self, name=None, config=None):
+        """Create a domain object.
+        @param config: String filename of config file
+        """
+
+        if name:
+            self.name = name
+        else:
+            self.name = getUniqueName()
+
         self.config = config
 
-        if not opts.has_key("name"):
-            raise DomainError("Missing `name' option")
-        if not opts.has_key("memory"):
-            raise DomainError("Missing `memory' option")
-        if not opts.has_key("kernel"):
-            raise DomainError("Missing `kernel' option")
-
-        self.opts = opts
-
-        self.configVals = None
-
-    def __buildCmdLine(self):
-        c = "xm create %s" % self.config
-
-        for k in self.opts.keys():
-            c += " %s=%s" % (k, self.opts[k])
-        
-        return c
-
-    def getUniqueName(self):
-        #
-        # We avoid multiple duplicate names
-        # here because they stick around in xend
-        # too long
-        #
-        unixtime = int(time.time())
-        test_name = sys.argv[0]
-        test_name = re.sub("\.test", "", test_name)
-        test_name = re.sub("[\/\.]", "", test_name)
-        name = "%s-%i" % (test_name, unixtime)
-
-        return name
-
     def start(self):
 
-        if self.configVals:
-            self.__writeConfig("/tmp/xm-test.conf")
-            self.config = "/tmp/xm-test.conf"
-
-        commandLine = self.__buildCmdLine()
-
-        ret, output = traceCommand(commandLine);
-
-        try:
-            self.domID = self.getId()
-        except:
-            self.domID = -1;
+        ret, output = traceCommand("xm create %s" % self.config)
 
         if ret != 0:
             raise DomainError("Failed to create domain",
@@ -118,190 +202,79 @@
                               errorcode=ret)
 
     def stop(self):
-        prog = "xm";
-        cmd = " shutdown ";
-
-        ret, output = traceCommand(prog + cmd + self.opts["name"]);
-
-        return ret;
+        prog = "xm"
+        cmd = " shutdown "
+
+        ret, output = traceCommand(prog + cmd + self.config.getOpt("name"))
+
+        return ret
 
     def destroy(self):
-        prog = "xm";
-        cmd = " destroy ";
-
-        ret, output = traceCommand(prog + cmd + self.opts["name"]);
-
-        return ret;
+        prog = "xm"
+        cmd = " destroy "
+
+        ret, output = traceCommand(prog + cmd + self.config.getOpt("name"))
+
+        return ret
 
     def getName(self):
-        return self.opts["name"];
+        return self.name
 
     def getId(self):
         return domid(self.getName());
 
-    def configSetVar(self, key, value):
-        if not self.configVals:
-            self.configVals = {}
-
-        self.configVals[key] = value
-
-    def configAddDisk(self, pdev, vdev, acc):
-        if not self.configVals:
-            self.configVals = {}
-
-        if not self.configVals.has_key("disk"):
-            self.configVals["disk"] = []
-
-        self.configVals["disk"].append("%s,%s,%s" % (pdev,vdev,acc))
-
-    def configAddVif(self, type, mac, bridge):
-        if not self.configVals:
-            self.configVals = {}
-
-        if not self.configVals.has_key("vif"):
-            self.configVals["vif"] = []
-
-        if mac:
-            self.configVals["vif"].append("%s,%s,%s" % (type,mac,bridge))
-        else:
-            self.configVals["vif"].append("%s,%s" % (type,bridge))
-
-    def __writeConfig(self, configFileName):
-
-        conf = file(configFileName, "w")
-
-        for k,v in self.configVals.items():
-            print >>conf, "%s = %s" % (k, v)
-
-        conf.close()
-
-class XmTestVmxDomain(XenDomain):
-
-    def __prepareBlockRoot(self, rdpath):
-        image = os.path.abspath(rdpath + "/disk.img")
-        self.configAddDisk("file:%s" % image, "ioemu:%s" % BLOCK_ROOT_DEV, "w")
-
-    def __prepareVif(self):
-        self.configAddVif("type=ioemu", None, "bridge=xenbr0")
-
-    def __prepareDeviceModel(self):
-        arch = os.uname()[4]
-        if re.search('64', arch):
-            self.configSetVar("device_model", "\"/usr/lib64/xen/bin/qemu-dm\"")
-        else:
-            self.configSetVar("device_model", "\"/usr/lib/xen/bin/qemu-dm\"")
-
-    def __init__(self, name=None, extraOpts=None, config="/dev/null"):
-
-        rdpath = os.environ.get("RD_PATH")
-        if not rdpath:
-            rdpath = "../../ramdisk"
-
-        self.opts = {}
-        self.configVals = {}
-
-        # Defaults
-        self.defaults = {"memory"    : 64,
-                         "vcpus"     : 1,
-                         "kernel"    : "/usr/lib/xen/boot/vmxloader",
-                         "builder"   : "\'vmx\'",
-                         "name"      : name or self.getUniqueName()
-                         }
-
-        self.domID = None;
-        self.config = config;
-
-        self.__prepareBlockRoot(rdpath)
-       #self.__prepareVif()
-        self.__prepareDeviceModel()
-        #self.configSetVar("boot","\'c\'")
-        self.configSetVar("sdl","0")
-        self.configSetVar("vnc","0")
-        self.configSetVar("vncviewer","0")
-        self.configSetVar("nographic","1")
-        self.configSetVar("serial","\'pty\'")
-
-        # Copy over defaults
-        for key in self.defaults.keys():
-            self.opts[key] = self.defaults[key]
-
-        # Merge in extra options
-        if extraOpts:
-            for key in extraOpts.keys():
-                self.opts[key] = extraOpts[key]
+
+class XmTestDomain(XenDomain):
+
+    def __init__(self, name=None, extraConfig=None, baseConfig=configDefaults):
+        """Create a new xm-test domain
+        @param name: The requested domain name
+        @param extraConfig: Additional configuration options
+        @param baseConfig: The initial configuration defaults to use
+        """
+        config = XenConfig()
+        config.setOpts(baseConfig)
+        if extraConfig:
+            config.setOpts(extraConfig)
+
+        if name:
+            config.setOpt("name", name)
+        elif not config.getOpt("name"):
+            config.setOpt("name", getUniqueName())
+
+        XenDomain.__init__(self, config.getOpt("name"), config=config)
 
     def start(self):
-        """We know how about how long everyone will need to wait
-        for our disk image to come up, so we do it here as a convenience"""
-
-#        for i in range(0,5):
-#            status, output = traceCommand("xm list")
-
         XenDomain.start(self)
-        waitForBoot()
+        if ENABLE_VMX_SUPPORT:
+            waitForBoot()
 
     def startNow(self):
         XenDomain.start(self)
 
-    def getMem(self):
-        return int(self.opts["memory"])
-
     def minSafeMem(self):
         return 16
 
-class XmTestPvDomain(XenDomain):
-
-    def __init__(self, name=None, extraOpts=None, config="/dev/null"):
-
-        rdpath = os.environ.get("RD_PATH")
-        if not rdpath:
-            rdpath = "../../ramdisk"
-
-        self.opts = {}
-        self.configVals = None
-
-        # Defaults
-        self.defaults = {"memory"  : 64,
-                         "vcpus"   : 1,
-                         "kernel"  : getDefaultKernel(),
-                         "root"    : "/dev/ram0",
-                         "name"    : name or self.getUniqueName(),
-                         "ramdisk" : rdpath + "/initrd.img"
-                         }
-
-        self.domID = None;
-        self.config = config;
-
-        # Copy over defaults
-        for key in self.defaults.keys():
-            self.opts[key] = self.defaults[key]
-
-        # Merge in extra options
-        if extraOpts:
-            for key in extraOpts.keys():
-                self.opts[key] = extraOpts[key]
-
-    def start(self):
-        """We know how about how long everyone will need to wait
-        for our ramdisk to come up, so we do it here as a convenience"""
-
-#        for i in range(0,5):
-#            status, output = traceCommand("xm list")
-
-        XenDomain.start(self)
-#        waitForBoot()
-
-    def startNow(self):
-        XenDomain.start(self)
-
-    def getMem(self):
-        return int(self.opts["memory"])
-
-    def minSafeMem(self):
-        return 16
-
 if __name__ == "__main__":
 
-    d = XmTestDomain();
-
-    d.start();
+    c = XenConfig()
+
+    c.setOpt("foo", "bar")
+    c.setOpt("foob", 1)
+    opts = {"opt1" : 19,
+            "opt2" : "blah"}
+    c.setOpts(opts)
+
+    c.setOpt("disk", "phy:/dev/ram0,hda1,w")
+    c.appOpt("disk", "phy:/dev/ram1,hdb1,w")
+
+    print str(c)
+
+    
+
+#    c.write("/tmp/foo.conf")
+
+#    d = XmTestDomain();
+#
+#    d.start();
+
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 tools/xm-test/lib/XmTestReport/Report.py
--- a/tools/xm-test/lib/XmTestReport/Report.py  Tue Dec 13 18:08:17 2005
+++ b/tools/xm-test/lib/XmTestReport/Report.py  Tue Dec 13 18:08:26 2005
@@ -31,10 +31,12 @@
 import xml.dom.minidom
 import httplib
 import urllib
+import re
 
 #REPORT_HOST = "xmtest-dev.dague.org"
 REPORT_HOST = "xmtest.dague.org"
 REPORT_URL  = "/cgi-bin/report-results";
+VIEW_URL = "cgi-bin/display?view=single&testid="
 
 class XmTestReport:
 
@@ -101,16 +103,21 @@
     conn.request("POST", REPORT_URL, body, headers)
     
     resp = conn.getresponse()
+    data = resp.read()
+
     if resp.status == 200:
         print >>sys.stderr, "Your results have been submitted successfully!"
+        match = re.match("^id=([0-9]+)$", data.split("\n")[1])
+        if match:
+            id = match.group(1)
+            print >>sys.stderr, "See your report at:"
+            print >>sys.stderr, "http://%s/%s%s"; % (REPORT_HOST, VIEW_URL, id)
     else:
         print >>sys.stderr, "Unable to submit results:"
         print >>sys.stderr, "[http://%s%s] said %i: %s" % (REPORT_HOST,
                                                            REPORT_URL,
                                                            resp.status,
                                                            resp.reason)
-
-        data = resp.read()
         print >>sys.stderr, data
 
 if __name__ == "__main__":
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/block-create/11_block_attach_shared_dom0.py
--- a/tools/xm-test/tests/block-create/11_block_attach_shared_dom0.py   Tue Dec 
13 18:08:17 2005
+++ b/tools/xm-test/tests/block-create/11_block_attach_shared_dom0.py   Tue Dec 
13 18:08:26 2005
@@ -21,8 +21,9 @@
 
 # Now try to start a DomU with write access to /dev/ram0
 
-domain = XmTestDomain();
-domain.configAddDisk("phy:/dev/ram0", "hda1", "w")
+config = {"disk":"phy:/dev/ram0,hda1,w"}
+
+domain = XmTestDomain(extraConfig=config);
 
 try:
     domain.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/block-create/12_block_attach_shared_domU.py
--- a/tools/xm-test/tests/block-create/12_block_attach_shared_domU.py   Tue Dec 
13 18:08:17 2005
+++ b/tools/xm-test/tests/block-create/12_block_attach_shared_domU.py   Tue Dec 
13 18:08:26 2005
@@ -5,11 +5,11 @@
 
 from XmTestLib import *
 
-dom1 = XmTestDomain()
-dom2 = XmTestDomain(dom1.getName() + "-2")
+config = {"disk":"phy:/dev/ram0,hda1,w"}
 
-dom1.configAddDisk("phy:/dev/ram0", "hda1", "w")
-dom2.configAddDisk("phy:/dev/ram0", "hda1", "w")
+dom1 = XmTestDomain(extraConfig=config)
+dom2 = XmTestDomain(dom1.getName() + "-2",
+                    extraConfig=config)
 
 try:
     dom1.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/block-destroy/01_block-destroy_btblock_pos.py
--- a/tools/xm-test/tests/block-destroy/01_block-destroy_btblock_pos.py Tue Dec 
13 18:08:17 2005
+++ b/tools/xm-test/tests/block-destroy/01_block-destroy_btblock_pos.py Tue Dec 
13 18:08:26 2005
@@ -5,9 +5,8 @@
 
 from XmTestLib import *
 
-domain = XmTestDomain()
-
-domain.configAddDisk("phy:/dev/ram0", "hda1", "w")
+config = {"disk":"phy:/dev/ram0,hda1,w"}
+domain = XmTestDomain(extraConfig=config)
 
 try:
     domain.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/block-destroy/05_block-destroy_byname_pos.py
--- a/tools/xm-test/tests/block-destroy/05_block-destroy_byname_pos.py  Tue Dec 
13 18:08:17 2005
+++ b/tools/xm-test/tests/block-destroy/05_block-destroy_byname_pos.py  Tue Dec 
13 18:08:26 2005
@@ -5,9 +5,8 @@
 
 from XmTestLib import *
 
-domain = XmTestDomain()
-
-domain.configAddDisk("phy:/dev/ram0", "hda1", "w")
+config = {"disk":"phy:/dev/ram0,hda1,w"}
+domain = XmTestDomain(extraConfig=config)
 
 try:
     domain.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/block-list/01_block-list_pos.py
--- a/tools/xm-test/tests/block-list/01_block-list_pos.py       Tue Dec 13 
18:08:17 2005
+++ b/tools/xm-test/tests/block-list/01_block-list_pos.py       Tue Dec 13 
18:08:26 2005
@@ -8,9 +8,8 @@
 
 from XmTestLib import *
 
-domain = XmTestDomain()
-
-domain.configAddDisk("phy:/dev/ram0", "hda1", "w")
+config = {"disk":"phy:/dev/ram0,hda1,w"}
+domain = XmTestDomain(extraConfig=config)
 
 try:
     domain.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/block-list/03_block-list_anotherbd_pos.py
--- a/tools/xm-test/tests/block-list/03_block-list_anotherbd_pos.py     Tue Dec 
13 18:08:17 2005
+++ b/tools/xm-test/tests/block-list/03_block-list_anotherbd_pos.py     Tue Dec 
13 18:08:26 2005
@@ -8,9 +8,8 @@
 
 from XmTestLib import *
 
-domain = XmTestDomain()
-
-domain.configAddDisk("phy:/dev/ram0", "hda1", "w")
+config = {"disk":"phy:/dev/ram0,hda1,w"}
+domain = XmTestDomain(extraConfig=config)
 
 try:
     domain.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/create/01_create_basic_pos.py
--- a/tools/xm-test/tests/create/01_create_basic_pos.py Tue Dec 13 18:08:17 2005
+++ b/tools/xm-test/tests/create/01_create_basic_pos.py Tue Dec 13 18:08:26 2005
@@ -12,9 +12,9 @@
 # Create a domain (default XmTestDomain, with our ramdisk)
 domain = XmTestDomain()
 
-if int(getInfo("free_memory")) < domain.getMem():
+if int(getInfo("free_memory")) < domain.config.getOpt("memory"):
     SKIP("This test needs %i MB of free memory (%i MB avail)" %
-         (domain.getMem(), int(getInfo("free_memory"))))
+         (domain.config.getOpt("memory"), int(getInfo("free_memory"))))
 
 # Start it
 try:
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/create/06_create_mem_neg.py
--- a/tools/xm-test/tests/create/06_create_mem_neg.py   Tue Dec 13 18:08:17 2005
+++ b/tools/xm-test/tests/create/06_create_mem_neg.py   Tue Dec 13 18:08:26 2005
@@ -19,15 +19,8 @@
        rdpath = "../ramdisk"
 
 # Test 1: create a domain with mem=0
-opts1 =  {
-            "name"    : "default",
-            "memory"  : 0,
-            "kernel"  : getDefaultKernel(),
-            "root"    : "/dev/ram0",
-            "ramdisk" : rdpath + "/initrd.img",
-            }
-
-domain1=XenDomain(opts1)
+config1 = {"memory": 0}
+domain1=XmTestDomain(extraConfig=config1)
 
 try:
     domain1.start()
@@ -43,17 +36,10 @@
 # Test 2: create a domain with mem>sys_mem
 
 mem = int(getInfo("total_memory"))
-extreme_mem = str(mem + 100)
+extreme_mem = mem + 100
 
-opts2=  {
-            "name"    : "default",
-            "memory"  : extreme_mem,
-            "kernel"  : getDefaultKernel(),
-            "root"    : "/dev/ram0",
-            "ramdisk" : rdpath + "/initrd.img",
-            }
-
-domain2=XenDomain(opts2)
+config2 = {"memory": extreme_mem}
+domain2=XmTestDomain(extraConfig=config2)
 
 try:
     domain2.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/create/07_create_mem64_pos.py
--- a/tools/xm-test/tests/create/07_create_mem64_pos.py Tue Dec 13 18:08:17 2005
+++ b/tools/xm-test/tests/create/07_create_mem64_pos.py Tue Dec 13 18:08:26 2005
@@ -23,15 +23,8 @@
        SKIP("This test needs 64 MB of free memory (%i MB avail)" % mem)
 
 #create a domain with mem=64
-opts =  {
-            "name"    : "MEM64",
-            "memory"  : 64,
-            "kernel"  : getDefaultKernel(),
-            "root"    : "/dev/ram0",
-            "ramdisk" : rdpath + "/initrd.img",
-            }
-
-domain_mem64=XenDomain(opts)
+config = {"memory": 64}
+domain_mem64=XmTestDomain(extraConfig=config)
 
 #start it
 try:
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/create/08_create_mem128_pos.py
--- a/tools/xm-test/tests/create/08_create_mem128_pos.py        Tue Dec 13 
18:08:17 2005
+++ b/tools/xm-test/tests/create/08_create_mem128_pos.py        Tue Dec 13 
18:08:26 2005
@@ -23,15 +23,8 @@
         SKIP("This test needs 128 MB of free memory (%i MB avail)" % mem)
 
 #create a domain with mem=128
-opts =  {
-            "name"    : "MEM128",
-            "memory"  : 128,
-            "kernel"  : getDefaultKernel(),
-            "root"    : "/dev/ram0",
-            "ramdisk" : rdpath + "/initrd.img",
-            }
-
-domain_mem128=XenDomain(opts)
+config={"memory": 128}
+domain_mem128=XmTestDomain(extraConfig=config)
 
 #start it
 try:
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/create/09_create_mem256_pos.py
--- a/tools/xm-test/tests/create/09_create_mem256_pos.py        Tue Dec 13 
18:08:17 2005
+++ b/tools/xm-test/tests/create/09_create_mem256_pos.py        Tue Dec 13 
18:08:26 2005
@@ -23,15 +23,8 @@
         SKIP("This test needs 256 MB of free memory (%i MB avail)" % mem)
 
 #create a domain with mem=256
-opts =  {
-            "name"    : "MEM256",
-            "memory"  : 256,
-            "kernel"  : getDefaultKernel(),
-            "root"    : "/dev/ram0",
-            "ramdisk" : rdpath + "/initrd.img",
-            }
-
-domain_mem256=XenDomain(opts)
+config = {"memory": 256}
+domain_mem256=XmTestDomain(extraConfig=config)
 
 #start it
 try:
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/create/11_create_concurrent_pos.py
--- a/tools/xm-test/tests/create/11_create_concurrent_pos.py    Tue Dec 13 
18:08:17 2005
+++ b/tools/xm-test/tests/create/11_create_concurrent_pos.py    Tue Dec 13 
18:08:26 2005
@@ -34,7 +34,7 @@
 
 for d in range(0, NUM_DOMS):
     dom = XmTestDomain(name="11_create_%i" % d,
-                       extraOpts={"memory":str(MEM_PER_DOM)})
+                       extraConfig={"memory":MEM_PER_DOM})
 
     try:
         dom.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/create/12_create_concurrent_stress_pos.py
--- a/tools/xm-test/tests/create/12_create_concurrent_stress_pos.py     Tue Dec 
13 18:08:17 2005
+++ b/tools/xm-test/tests/create/12_create_concurrent_stress_pos.py     Tue Dec 
13 18:08:26 2005
@@ -14,7 +14,7 @@
 domains = []
 
 for i in range(0,DOMS):
-    dom = XmTestDomain(extraOpts={"memory" : str(MEM)})
+    dom = XmTestDomain(extraConfig={"memory" : MEM})
 
     try:
         dom.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/create/13_create_multinic_pos.py
--- a/tools/xm-test/tests/create/13_create_multinic_pos.py      Tue Dec 13 
18:08:17 2005
+++ b/tools/xm-test/tests/create/13_create_multinic_pos.py      Tue Dec 13 
18:08:26 2005
@@ -6,8 +6,8 @@
 from XmTestLib import *
 
 for i in range(0,10):
-    domain = XmTestDomain()
-    domain.configSetVar('vif', str(['' for _ in range(0, i)]))
+    config = {"vif": ['' for _ in range(0, i)]}
+    domain = XmTestDomain(extraConfig=config)
 
     try:
         domain.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/create/14_create_blockroot_pos.py
--- a/tools/xm-test/tests/create/14_create_blockroot_pos.py     Tue Dec 13 
18:08:17 2005
+++ b/tools/xm-test/tests/create/14_create_blockroot_pos.py     Tue Dec 13 
18:08:26 2005
@@ -6,10 +6,9 @@
 from XmTestLib import *
 
 import os
+import time
 
-CONF_FILE = "/tmp/14_create_blockroot_pos.conf"
-
-rdpath = os.path.abspath(os.environ.get("RD_PATH"))
+rdpath = getRdPath()
 
 # status, output = traceCommand("losetup -f %s" % rdpath)
 # if status != 0:
@@ -17,22 +16,26 @@
 # 
 # if verbose:
 #     print "Using %s" % output
- 
-opts = {"memory" : "64",
-        "root"   : "/dev/hda1",
-        "name"   : "14_create_blockroot",
-        "kernel" : getDefaultKernel() }
 
-domain = XenDomain(opts=opts)
-
-domain.configAddDisk("file:%s/initrd.img" % rdpath, "hda1", "w")
+if ENABLE_VMX_SUPPORT:
+    domain = XmTestDomain(name="14_create_blockroot")
+else:
+    config = {"memory" : "64",
+              "root"   : "/dev/hda1",
+              "name"   : "14_create_blockroot",
+              "kernel" : getDefaultKernel(),
+              "disk"   : "file:%s/initrd.img,hda1,w" % rdpath
+              }
+    domConfig = XenConfig()
+    domConfig.setOpts(config)
+    domain = XenDomain(name=domConfig.getOpt("name"), config=domConfig)
 
 try:
     domain.start()
 except DomainError, e:
       FAIL(str(e))
 
-waitForBoot()
+#waitForBoot()
 
 try:
     console = XmConsole(domain.getName(), historySaveCmds=True)
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/create/15_create_smallmem_pos.py
--- a/tools/xm-test/tests/create/15_create_smallmem_pos.py      Tue Dec 13 
18:08:17 2005
+++ b/tools/xm-test/tests/create/15_create_smallmem_pos.py      Tue Dec 13 
18:08:26 2005
@@ -7,8 +7,8 @@
 
 MEM = 16
 
-domain = XmTestDomain(extraOpts={"memory":"%i" % MEM,
-                                 "extra" :"mem=%iM" % MEM})
+domain = XmTestDomain(extraConfig={"memory": MEM,
+                                   "extra" :"mem=%iM" % MEM})
 
 try:
     domain.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/memset/03_memset_random_pos.py
--- a/tools/xm-test/tests/memset/03_memset_random_pos.py        Tue Dec 13 
18:08:17 2005
+++ b/tools/xm-test/tests/memset/03_memset_random_pos.py        Tue Dec 13 
18:08:26 2005
@@ -20,8 +20,8 @@
     FAIL(str(e))
 
 times = random.randint(10,50)
-origmem = domain.getMem()
-currmem = domain.getMem()
+origmem = domain.config.getOpt("memory")
+currmem = domain.config.getOpt("memory")
 
 try:
     console = XmConsole(domain.getName())
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/network/02_network_local_ping_pos.py
--- a/tools/xm-test/tests/network/02_network_local_ping_pos.py  Tue Dec 13 
18:08:17 2005
+++ b/tools/xm-test/tests/network/02_network_local_ping_pos.py  Tue Dec 13 
18:08:26 2005
@@ -28,9 +28,9 @@
 mask = Net.mask("dom1", "eth0")
 
 # Fire up a guest domain w/1 nic
-domain = XmTestDomain()
+config = {"vif" : ['ip=%s' % ip]}
+domain = XmTestDomain(extraConfig=config)
 try:
-    domain.configSetVar('vif', " [ 'ip=" + ip + "' ]")
     domain.start()
 except DomainError, e:
     if verbose:
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/network/05_network_dom0_ping_pos.py
--- a/tools/xm-test/tests/network/05_network_dom0_ping_pos.py   Tue Dec 13 
18:08:17 2005
+++ b/tools/xm-test/tests/network/05_network_dom0_ping_pos.py   Tue Dec 13 
18:08:26 2005
@@ -31,9 +31,9 @@
         FAIL(str(e))
 
 # Fire up a guest domain w/1 nic
-domain = XmTestDomain()
+config = {"vif"  : ["ip=%s" % ip]}
+domain = XmTestDomain(extraConfig=config)
 try:
-    domain.configSetVar('vif', " [ 'ip=" + ip + "' ]")
     domain.start()
 except DomainError, e:
     if verbose:
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/network/11_network_domU_ping_pos.py
--- a/tools/xm-test/tests/network/11_network_domU_ping_pos.py   Tue Dec 13 
18:08:17 2005
+++ b/tools/xm-test/tests/network/11_network_domU_ping_pos.py   Tue Dec 13 
18:08:26 2005
@@ -15,15 +15,12 @@
 pingsizes = [ 1, 48, 64, 512, 1440, 1500, 1505, 4096, 4192, 
               32767, 65507 ]
 
-
-
 from XmTestLib import *
 
-
 def netDomain(ip):
-    dom = XmTestDomain()
+    config = {"vif"  : ["ip=%s" % ip]}
+    domain = XmTestDomain(extraConfig=config)
     try:
-        dom.configSetVar('vif', " [ 'ip=" + ip + "' ]")
         dom.start()
     except DomainError, e:
         if verbose:
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/restore/04_restore_withdevices_pos.py
--- a/tools/xm-test/tests/restore/04_restore_withdevices_pos.py Tue Dec 13 
18:08:17 2005
+++ b/tools/xm-test/tests/restore/04_restore_withdevices_pos.py Tue Dec 13 
18:08:26 2005
@@ -7,12 +7,9 @@
 
 import re
 
-domain = XmTestDomain()
-
-domain.configSetVar('vif', "[ '', '' ]")
-
-domain.configAddDisk("phy:/dev/ram0", "hda1", "w")
-domain.configAddDisk("phy:/dev/ram1", "hdb2", "w")
+config = {"disk": ["phy:/dev/ram0,hda1,w", "phy:/dev/ram1,hdb2,w"],
+          "vif":  ['', '']}
+domain = XmTestDomain(extraConfig=config)
 
 s, o = traceCommand("mke2fs -q /dev/ram0")
 if s != 0:
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/sedf/01_sedf_multi_pos.py
--- a/tools/xm-test/tests/sedf/01_sedf_multi_pos.py     Tue Dec 13 18:08:17 2005
+++ b/tools/xm-test/tests/sedf/01_sedf_multi_pos.py     Tue Dec 13 18:08:26 2005
@@ -7,7 +7,7 @@
 
 sedf_opts = "20000000 5000000 0 0 0"
 
-domain = XmTestDomain(extraOpts = {"sched":"sedf"})
+domain = XmTestDomain(extraConfig = {"sched":"sedf"})
 
 try:
     domain.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/xm-test/tests/vcpu-disable/01_vcpu-disable_basic_pos.py
--- a/tools/xm-test/tests/vcpu-disable/01_vcpu-disable_basic_pos.py     Tue Dec 
13 18:08:17 2005
+++ b/tools/xm-test/tests/vcpu-disable/01_vcpu-disable_basic_pos.py     Tue Dec 
13 18:08:26 2005
@@ -39,7 +39,7 @@
     SKIP("Host not capable of running test")
 
 # Start a XmTestDomain with 2 VCPUs
-domain = XmTestDomain(extraOpts = {"vcpus":"2"})
+domain = XmTestDomain(extraConfig={"vcpus":2})
 
 try:
     domain.start()
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 xen/arch/x86/Makefile
--- a/xen/arch/x86/Makefile     Tue Dec 13 18:08:17 2005
+++ b/xen/arch/x86/Makefile     Tue Dec 13 18:08:26 2005
@@ -62,6 +62,8 @@
 boot/mkelf32: boot/mkelf32.c
        $(HOSTCC) $(HOSTCFLAGS) -o $@ $<
 
+shadow_guest32.o: shadow.c
+
 clean:
        rm -f *.o *.s *~ core boot/*.o boot/*~ boot/core boot/mkelf32
        rm -f x86_32/*.o x86_32/*~ x86_32/core
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 xen/arch/x86/vmx.c
--- a/xen/arch/x86/vmx.c        Tue Dec 13 18:08:17 2005
+++ b/xen/arch/x86/vmx.c        Tue Dec 13 18:08:26 2005
@@ -1476,6 +1476,15 @@
                 (unsigned long)regs->ecx, (unsigned long)regs->eax,
                 (unsigned long)regs->edx);
     switch (regs->ecx) {
+    case MSR_IA32_TIME_STAMP_COUNTER:
+    {
+        struct vmx_virpit *vpit;
+
+        rdtscll(msr_content);
+        vpit = &(v->domain->arch.vmx_platform.vmx_pit);
+        msr_content += vpit->shift;
+        break;
+    }
     case MSR_IA32_SYSENTER_CS:
         __vmread(GUEST_SYSENTER_CS, (u32 *)&msr_content);
         break;
@@ -1516,6 +1525,23 @@
     msr_content = (regs->eax & 0xFFFFFFFF) | ((u64)regs->edx << 32);
 
     switch (regs->ecx) {
+    case MSR_IA32_TIME_STAMP_COUNTER:
+    {
+        struct vmx_virpit *vpit;
+        u64 host_tsc, drift;
+
+        rdtscll(host_tsc);
+        vpit = &(v->domain->arch.vmx_platform.vmx_pit);
+        drift = v->arch.arch_vmx.tsc_offset - vpit->shift;
+        vpit->shift = msr_content - host_tsc;
+        v->arch.arch_vmx.tsc_offset = vpit->shift + drift;
+        __vmwrite(TSC_OFFSET, vpit->shift);
+
+#if defined (__i386__)
+        __vmwrite(TSC_OFFSET_HIGH, ((vpit->shift)>>32));
+#endif
+        break;
+    }
     case MSR_IA32_SYSENTER_CS:
         __vmwrite(GUEST_SYSENTER_CS, msr_content);
         break;
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 xen/arch/x86/vmx_io.c
--- a/xen/arch/x86/vmx_io.c     Tue Dec 13 18:08:17 2005
+++ b/xen/arch/x86/vmx_io.c     Tue Dec 13 18:08:26 2005
@@ -801,11 +801,11 @@
         drift = vpit->period_cycles * vpit->pending_intr_nr;
     else 
         drift = 0;
-    drift = v->arch.arch_vmx.tsc_offset - drift;
-    __vmwrite(TSC_OFFSET, drift);
+    vpit->shift = v->arch.arch_vmx.tsc_offset - drift;
+    __vmwrite(TSC_OFFSET, vpit->shift);
 
 #if defined (__i386__)
-    __vmwrite(TSC_OFFSET_HIGH, (drift >> 32));
+    __vmwrite(TSC_OFFSET_HIGH, ((vpit->shift)>> 32));
 #endif
 }
 
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 xen/common/grant_table.c
--- a/xen/common/grant_table.c  Tue Dec 13 18:08:17 2005
+++ b/xen/common/grant_table.c  Tue Dec 13 18:08:26 2005
@@ -579,7 +579,7 @@
         (void)put_user(GNTST_okay, &uop->status);
         for ( i = 0; i < op.nr_frames; i++ )
             (void)put_user(gnttab_shared_mfn(d, d->grant_table, i),
-                           &uop->frame_list[i]);
+                           &op.frame_list[i]);
     }
 
     put_domain(d);
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 xen/include/asm-x86/msr.h
--- a/xen/include/asm-x86/msr.h Tue Dec 13 18:08:17 2005
+++ b/xen/include/asm-x86/msr.h Tue Dec 13 18:08:26 2005
@@ -88,6 +88,7 @@
 /* Intel defined MSRs. */
 #define MSR_IA32_P5_MC_ADDR            0
 #define MSR_IA32_P5_MC_TYPE            1
+#define MSR_IA32_TIME_STAMP_COUNTER    0x10
 #define MSR_IA32_PLATFORM_ID           0x17
 #define MSR_IA32_EBL_CR_POWERON                0x2a
 
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 xen/include/asm-x86/vmx_vpit.h
--- a/xen/include/asm-x86/vmx_vpit.h    Tue Dec 13 18:08:17 2005
+++ b/xen/include/asm-x86/vmx_vpit.h    Tue Dec 13 18:08:26 2005
@@ -21,6 +21,7 @@
     /* for simulation of counter 0 in mode 2*/
     u64 period_cycles;                 /* pit frequency in cpu cycles */
     u64 inject_point; /* the time inject virt intr */
+    u64 shift;  /* save the value of offset - drift */
     s_time_t scheduled;                 /* scheduled timer interrupt */
     struct ac_timer pit_timer;  /* periodic timer for mode 2*/
     unsigned int channel;  /* the pit channel, counter 0~2 */
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 tools/security/python/setup.py
--- /dev/null   Tue Dec 13 18:08:17 2005
+++ b/tools/security/python/setup.py    Tue Dec 13 18:08:26 2005
@@ -0,0 +1,30 @@
+#!/usr/bin/python
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License,
+# or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+from distutils.core import setup
+import os
+
+# This setup script is invoked from the parent directory, so base
+#   everything as if executing from there.
+XEN_ROOT = "../.."
+
+setup(name            = 'xensec_gen',
+      version         = '3.0',
+      description     = 'Xen XML Security Policy Generator',
+      package_dir     = { 'xen' : 'python' },
+      packages        = ['xen.xensec_gen'],
+      )
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/security/python/xensec_gen/cgi-bin/policy.cgi
--- /dev/null   Tue Dec 13 18:08:17 2005
+++ b/tools/security/python/xensec_gen/cgi-bin/policy.cgi       Tue Dec 13 
18:08:26 2005
@@ -0,0 +1,1325 @@
+#!/usr/bin/python
+#
+# The Initial Developer of the Original Code is International
+# Business Machines Corporation. Portions created by IBM
+# Corporation are Copyright (C) 2005 International Business
+# Machines Corporation. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License,
+# or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import os
+import cgi
+import cgitb; cgitb.enable( )
+import time
+import xml.dom.minidom
+import xml.sax
+import xml.sax.handler
+from StringIO import StringIO
+from sets import Set
+
+def getSavedData( ):
+       global formData, policyXml, formVariables, formCSNames
+       global templateCSMTypes, templateCSMDel, templateCSMType, templateCSMAdd
+       global allCSMTypes
+
+       # Process the XML upload policy file
+       if formData.has_key( 'i_policy' ):
+               dataList = formData.getlist( 'i_policy' )
+               if len( dataList ) > 0:
+                       policyXml  = dataList[0]
+
+       # Process all the hidden input variables (if present)
+       for formVar in formVariables:
+               if formVar[2] == '':
+                       continue
+
+               if formData.has_key( formVar[2] ):
+                       dataList = formData.getlist( formVar[2] )
+                       if len( dataList ) > 0:
+                               if isinstance( formVar[1], list ):
+                                       exec 'formVar[1] = ' + dataList[0]
+                               else:
+                                       formVar[1] = dataList[0]
+
+       # The form can contain any number of "Conflict Sets"
+       #   so update the list of form variables to include
+       #   each conflict set (hidden input variable)
+       for csName in formCSNames[1]:
+               newCS( csName )
+               if formData.has_key( allCSMTypes[csName][2] ):
+                       dataList = formData.getlist( allCSMTypes[csName][2] )
+                       if len( dataList ) > 0:
+                               exec 'allCSMTypes[csName][1] = ' + dataList[0]
+
+def getCurrentTime( ):
+       return time.strftime( '%Y-%m-%d %H:%M:%S', time.localtime( ) )
+
+def getName( domNode ):
+       nameNodes = domNode.getElementsByTagName( 'Name' )
+       if len( nameNodes ) == 0:
+               formatXmlError( '"<Name>" tag is missing' )
+               return None
+
+       name = ''
+       for childNode in nameNodes[0].childNodes:
+               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                       name = name + childNode.data
+
+       return name
+
+def getDate( domNode ):
+       dateNodes = domNode.getElementsByTagName( 'Date' )
+       if len( dateNodes ) == 0:
+               formatXmlError( '"<Date>" tag is missing' )
+               return None
+
+       date = ''
+       for childNode in dateNodes[0].childNodes:
+               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                       date = date + childNode.data
+
+       return date
+
+def getSteTypes( domNode, missingIsError = 0 ):
+       steNodes = domNode.getElementsByTagName( 'SimpleTypeEnforcementTypes' )
+       if len( steNodes ) == 0:
+               if missingIsError == 1:
+                       formatXmlError( '"<SimpleTypeEnforcementTypes>" tag is 
missing' )
+                       return None
+               else:
+                       return []
+
+       return getTypes( steNodes[0] )
+
+def getChWTypes( domNode, missingIsError = 0 ):
+       chwNodes = domNode.getElementsByTagName( 'ChineseWallTypes' )
+       if len( chwNodes ) == 0:
+               if missingIsError == 1:
+                       formatXmlError( '"<ChineseWallTypes>" tag is missing' )
+                       return None
+               else:
+                       return []
+
+       return getTypes( chwNodes[0] )
+
+def getTypes( domNode ):
+       types = []
+
+       domNodes = domNode.getElementsByTagName( 'Type' )
+       if len( domNodes ) == 0:
+               formatXmlError( '"<Type>" tag is missing' )
+               return None
+
+       for domNode in domNodes:
+               typeText = ''
+               for childNode in domNode.childNodes:
+                       if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                               typeText = typeText + childNode.data
+
+               if typeText == '':
+                       formatXmlError( 'No text associated with the "<Type>" 
tag' )
+                       return None
+
+               types.append( typeText )
+
+       return types
+
+def formatXmlError( msg, xml = '', lineNum = -1, colNum = -1 ):
+       global xmlMessages, xmlError
+
+       xmlError = 1
+       addMsg = cgi.escape( msg )
+
+       if lineNum != -1:
+               sio = StringIO( xml )
+               for xmlLine in sio:
+                       lineNum = lineNum - 1
+                       if lineNum == 0:
+                               break;
+
+               addMsg += '<BR><PRE>' + cgi.escape( xmlLine.rstrip( ) )
+
+               if colNum != -1:
+                       errLine = ''
+                       for i in range( colNum ):
+                               errLine = errLine + '-'
+
+                       addMsg += '\n' + errLine + '^'
+
+               addMsg += '</PRE>'
+
+       xmlMessages.append( addMsg )
+
+def formatXmlGenError( msg ):
+       global xmlMessages, xmlIncomplete
+
+       xmlIncomplete = 1
+       xmlMessages.append( cgi.escape( msg ) )
+
+def parseXml( xmlInput ):
+       global xmlMessages, xmlError, xmlLine, xmlColumn
+
+       xmlParser  = xml.sax.make_parser( )
+       try:
+               domDoc = xml.dom.minidom.parseString( xmlInput, xmlParser )
+
+       except xml.sax.SAXParseException, xmlErr:
+               msg = ''
+               msg = msg + 'XML parsing error occurred at line '
+               msg = msg + `xmlErr.getLineNumber( )`
+               msg = msg + ', column '
+               msg = msg + `xmlErr.getColumnNumber( )`
+               msg = msg + ': reason = "'
+               msg = msg + xmlErr.getMessage( )
+               msg = msg + '"'
+               formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), 
xmlErr.getColumnNumber( ) )
+               return None
+
+       except xml.sax.SAXException, xmlErr:
+               msg = ''
+               msg = msg + 'XML Parsing error: ' + `xmlErr`
+               formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), 
xmlErr.getColumnNumber( ) )
+               return None
+
+       return domDoc
+
+def parsePolicyXml( ):
+       global policyXml
+       global formPolicyName, formPolicyDate, formPolicyOrder
+       global formSteTypes, formChWallTypes
+       global allCSMTypes
+
+       domDoc = parseXml( policyXml )
+       if domDoc == None:
+               return
+
+       domRoot    = domDoc.documentElement
+       domHeaders = domRoot.getElementsByTagName( 'PolicyHeader' )
+       if len( domHeaders ) == 0:
+               msg = ''
+               msg = msg + '"<PolicyHeader>" tag is missing.\n'
+               msg = msg + 'Please validate the Policy file used.'
+               formatXmlError( msg )
+               return
+
+       pName = getName( domHeaders[0] )
+       if pName == None:
+               msg = ''
+               msg = msg + 'Error processing the Policy header information.\n'
+               msg = msg + 'Please validate the Policy file used.'
+               formatXmlError( msg )
+               return
+
+       formPolicyName[1] = pName
+
+       pDate = getDate( domHeaders[0] )
+       if pDate == None:
+               msg = ''
+               msg = msg + 'Error processing the Policy header information.\n'
+               msg = msg + 'Please validate the Policy file used.'
+               formatXmlError( msg )
+               return
+
+       formPolicyDate[1] = pDate
+
+       pOrder = ''
+       domStes = domRoot.getElementsByTagName( 'SimpleTypeEnforcement' )
+       if len( domStes ) > 0:
+               if domStes[0].hasAttribute( 'priority' ):
+                       if domStes[0].getAttribute( 'priority' ) != 
'PrimaryPolicyComponent':
+                               msg = ''
+                               msg = msg + 'Error processing the 
"<SimpleTypeEnforcement>" tag.\n'
+                               msg = msg + 'The "priority" attribute value is 
not valid.\n'
+                               msg = msg + 'Please validate the Policy file 
used.'
+                               formatXmlError( msg )
+                               return
+
+                       pOrder = 'v_Ste'
+
+               steTypes = getSteTypes( domStes[0], 1 )
+               if steTypes == None:
+                       msg = ''
+                       msg = msg + 'Error processing the SimpleTypeEnforcement 
types.\n'
+                       msg = msg + 'Please validate the Policy file used.'
+                       formatXmlError( msg )
+                       return
+
+               formSteTypes[1] = steTypes
+
+       domChWalls = domRoot.getElementsByTagName( 'ChineseWall' )
+       if len( domChWalls ) > 0:
+               if domChWalls[0].hasAttribute( 'priority' ):
+                       if domChWalls[0].getAttribute( 'priority' ) != 
'PrimaryPolicyComponent':
+                               msg = ''
+                               msg = msg + 'Error processing the 
"<ChineseWall>" tag.\n'
+                               msg = msg + 'The "priority" attribute value is 
not valid.\n'
+                               msg = msg + 'Please validate the Policy file 
used.'
+                               formatXmlError( msg )
+                               return
+
+                       if pOrder != '':
+                               msg = ''
+                               msg = msg + 'Error processing the 
"<ChineseWall>" tag.\n'
+                               msg = msg + 'The "priority" attribute has been 
previously specified.\n'
+                               msg = msg + 'Please validate the Policy file 
used.'
+                               formatXmlError( msg )
+                               return
+
+                       pOrder = 'v_ChWall'
+
+               chwTypes = getChWTypes( domChWalls[0], 1 )
+               if chwTypes == None:
+                       msg = ''
+                       msg = msg + 'Error processing the ChineseWall types.\n'
+                       msg = msg + 'Please validate the Policy file used.'
+                       formatXmlError( msg )
+                       return
+
+               formChWallTypes[1] = chwTypes
+
+               csNodes = domChWalls[0].getElementsByTagName( 'ConflictSets' )
+               if len( csNodes ) == 0:
+                       msg = ''
+                       msg = msg + 'Required "<ConflictSets>" tag missing.\n'
+                       msg = msg + 'Please validate the Policy file used.'
+                       formatXmlError( msg )
+                       return
+
+               cNodes = csNodes[0].getElementsByTagName( 'Conflict' )
+               if len( cNodes ) == 0:
+                       msg = ''
+                       msg = msg + 'Required "<Conflict>" tag missing.\n'
+                       msg = msg + 'Please validate the Policy file used.'
+                       formatXmlError( msg )
+                       return
+
+               for cNode in cNodes:
+                       csName = cNode.getAttribute( 'name' )
+                       newCS( csName, 1 )
+
+                       csMemberList = getTypes( cNode )
+                       if csMemberList == None:
+                               msg = ''
+                               msg = msg + 'Error processing the Conflict Set 
members.\n'
+                               msg = msg + 'Please validate the Policy file 
used.'
+                               formatXmlError( msg )
+                               return
+
+                       # Verify the conflict set members are valid types
+                       ctSet = Set( formChWallTypes[1] )
+                       csSet = Set( csMemberList )
+                       if not csSet.issubset( ctSet ):
+                               msg = ''
+                               msg = msg + 'Error processing Conflict Set "' + 
csName + '".\n'
+                               msg = msg + 'Members of the conflict set are 
not valid '
+                               msg = msg + 'Chinese Wall types.\n'
+                               msg = msg + 'Please validate the Policy file 
used.'
+                               formatXmlError( msg )
+
+                       allCSMTypes[csName][1] = csMemberList
+
+       if pOrder != '':
+               formPolicyOrder[1] = pOrder
+       else:
+               if (len( domStes ) > 0) or (len( domChWalls ) > 0):
+                       msg = ''
+                       msg = msg + 'The "priority" attribute has not been 
specified.\n'
+                       msg = msg + 'It must be specified on one of the access 
control types.\n'
+                       msg = msg + 'Please validate the Policy file used.'
+                       formatXmlError( msg )
+                       return
+
+def modFormTemplate( formTemplate, suffix ):
+       formVar = [x for x in formTemplate]
+
+       if formVar[2] != '':
+               formVar[2] = formVar[2] + suffix
+       if formVar[3] != '':
+               formVar[3] = formVar[3] + suffix
+       if (formVar[0] != 'button') and (formVar[4] != ''):
+               formVar[4] = formVar[4] + suffix
+
+       return formVar;
+
+def removeDups( curList ):
+       newList = []
+       curSet  = Set( curList )
+       for x in curSet:
+               newList.append( x )
+       newList.sort( )
+
+       return newList
+
+def newCS( csName, addToList = 0 ):
+       global formCSNames
+       global templateCSDel, allCSDel
+       global templateCSMTypes, templateCSMDel, templateCSMType, templateCSMAdd
+       global allCSMTypes, allCSMDel, allCSMType, allCSMAdd
+
+       csSuffix = '_' + csName
+
+       # Make sure we have an actual name and check one of the 'all'
+       # variables to be sure it hasn't been previously defined
+       if (len( csName ) > 0) and (not allCSMTypes.has_key( csName )):
+               allCSDel[csName]    = modFormTemplate( templateCSDel,    
csSuffix )
+               allCSMTypes[csName] = modFormTemplate( templateCSMTypes, 
csSuffix )
+               allCSMDel[csName]   = modFormTemplate( templateCSMDel,   
csSuffix )
+               allCSMType[csName]  = modFormTemplate( templateCSMType,  
csSuffix )
+               allCSMAdd[csName]   = modFormTemplate( templateCSMAdd,   
csSuffix )
+               if addToList == 1:
+                       formCSNames[1].append( csName )
+                       formCSNames[1] = removeDups( formCSNames[1] )
+
+def updateInfo( ):
+       global formData, formPolicyName, formPolicyDate, formPolicyOrder
+
+       if formData.has_key( formPolicyName[3] ):
+               formPolicyName[1] = formData[formPolicyName[3]].value
+       elif formData.has_key( formPolicyUpdate[3] ):
+               formPolicyName[1] = ''
+
+       if formData.has_key( formPolicyDate[3] ):
+               formPolicyDate[1] = formData[formPolicyDate[3]].value
+       elif formData.has_key( formPolicyUpdate[3] ):
+               formPolicyDate[1] = ''
+
+       if formData.has_key( formPolicyOrder[3] ):
+               formPolicyOrder[1] = formData[formPolicyOrder[3]].value
+
+def addSteType( ):
+       global formData, formSteType, formSteTypes
+
+       if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( 
formSteAdd[3] )):
+               if formData.has_key( formSteType[3] ):
+                       type = formData[formSteType[3]].value
+                       type = type.strip( )
+                       if len( type ) > 0:
+                               formSteTypes[1].append( type )
+                               formSteTypes[1] = removeDups( formSteTypes[1] )
+
+
+def delSteType( ):
+       global formData, formSteTypes
+
+       if formData.has_key( formSteTypes[3] ):
+               typeList = formData.getlist( formSteTypes[3] )
+               for type in typeList:
+                       type = type.strip( )
+                       formSteTypes[1].remove( type )
+
+def addChWallType( ):
+       global formData, formChWallType, formChWallTypes
+
+       if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( 
formChWallAdd[3] )):
+               if formData.has_key( formChWallType[3] ):
+                       type = formData[formChWallType[3]].value
+                       type = type.strip( )
+                       if len( type ) > 0:
+                               formChWallTypes[1].append( type )
+                               formChWallTypes[1] = removeDups( 
formChWallTypes[1] )
+
+def delChWallType( ):
+       global formData, formChWallTypes
+
+       if formData.has_key( formChWallTypes[3] ):
+               typeList = formData.getlist( formChWallTypes[3] )
+               for type in typeList:
+                       type = type.strip( )
+                       formChWallTypes[1].remove( type )
+
+def addCS( ):
+       global formData, formCSNames
+
+       if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( 
formCSAdd[3] )):
+               if formData.has_key( formCSName[3] ):
+                       csName = formData[formCSName[3]].value
+                       csName = csName.strip( )
+                       newCS( csName, 1 )
+
+def delCS( csName ):
+       global formData, formCSNames, allCSDel
+       global allCSMTypes, allCSMDel, allCSMType, allCSMAdd
+
+       csName = csName.strip( )
+       formCSNames[1].remove( csName )
+       del allCSDel[csName]
+       del allCSMTypes[csName]
+       del allCSMDel[csName]
+       del allCSMType[csName]
+       del allCSMAdd[csName]
+
+def addCSMember( csName ):
+       global formData, allCSMType, allCSMTypes
+
+       formVar = allCSMType[csName]
+       if formData.has_key( formVar[3] ):
+               csmList = formData.getlist( formVar[3] )
+               formVar = allCSMTypes[csName]
+               for csm in csmList:
+                       csm = csm.strip( )
+                       formVar[1].append( csm )
+                       formVar[1] = removeDups( formVar[1] )
+
+def delCSMember( csName ):
+       global formData, allCSMTypes
+
+       formVar = allCSMTypes[csName]
+       if formData.has_key( formVar[3] ):
+               csmList = formData.getlist( formVar[3] )
+               for csm in csmList:
+                       csm = csm.strip( )
+                       formVar[1].remove( csm )
+
+def processRequest( ):
+       global policyXml
+       global formData, formPolicyUpdate
+       global formSteAdd, formSteDel
+       global formChWallAdd, formChWallDel
+       global formCSAdd, allCSDel
+       global formCSNames, allCSMAdd, allCSMDel
+
+       if policyXml != '':
+               parsePolicyXml( )
+
+       # Allow the updating of the header information whenever
+       # an action is performed
+       updateInfo( )
+
+       # Allow the adding of types/sets if the user has hit the
+       # enter key when attempting to add a type/set
+       addSteType( )
+       addChWallType( )
+       addCS( )
+
+       if formData.has_key( formSteDel[3] ):
+               delSteType( )
+
+       elif formData.has_key( formChWallDel[3] ):
+               delChWallType( )
+
+       else:
+               for csName in formCSNames[1]:
+                       if formData.has_key( allCSDel[csName][3] ):
+                               delCS( csName )
+                               continue
+
+                       if formData.has_key( allCSMAdd[csName][3] ):
+                               addCSMember( csName )
+
+                       elif formData.has_key( allCSMDel[csName][3] ):
+                               delCSMember( csName )
+
+def makeName( name, suffix='' ):
+       rName = name
+       if suffix != '':
+               rName = rName + '_' + suffix
+
+       return rName
+
+def makeNameAttr( name, suffix='' ):
+       return 'name="' + makeName( name, suffix ) + '"'
+
+def makeValue( value, suffix='' ):
+       rValue = value
+
+       if isinstance( value, list ):
+               rValue = '['
+               for val in value:
+                       rValue = rValue + '\'' + val
+                       if suffix != '':
+                               rValue = rValue + '_' + suffix
+                       rValue = rValue + '\','
+               rValue = rValue + ']'
+
+       else:
+               if suffix != '':
+                       rValue = rValue + '_' + suffix
+
+       return rValue
+
+def makeValueAttr( value, suffix='' ):
+       return 'value="' + makeValue( value, suffix ) + '"'
+
+def sendHtmlFormVar( formVar, attrs='' ):
+       nameAttr  = ''
+       valueAttr = ''
+       htmlText  = ''
+
+       if formVar[0] == 'text':
+               if formVar[3] != '':
+                       nameAttr = makeNameAttr( formVar[3] )
+               valueAttr = makeValueAttr( formVar[1] )
+
+               print '<INPUT type="text"', nameAttr, valueAttr, attrs, '>'
+
+       elif formVar[0] == 'list':
+               if formVar[3] != '':
+                       nameAttr = makeNameAttr( formVar[3] )
+
+               print '<SELECT', nameAttr, attrs, '>'
+               for option in formVar[1]:
+                       print '<OPTION>' + option + '</OPTION>'
+               print '</SELECT>'
+
+       elif formVar[0] == 'button':
+               if formVar[3] != '':
+                       nameAttr = makeNameAttr( formVar[3] )
+               if formVar[4] != '':
+                       valueAttr = makeValueAttr( formVar[4] )
+
+               print '<INPUT type="submit"', nameAttr, valueAttr, attrs, '>'
+
+       elif formVar[0] == 'radiobutton':
+               if formVar[3] != '':
+                       nameAttr  = makeNameAttr( formVar[3] )
+                       valueAttr = makeValueAttr( formVar[4][rb_select] )
+                       htmlText  = formVar[5][rb_select]
+                       if formVar[4][rb_select] == formVar[1]:
+                               checked = 'checked'
+                       else:
+                               checked = ''
+
+                       print '<INPUT type="radio"', nameAttr, valueAttr, 
attrs, checked, '>', htmlText
+
+       elif formVar[0] == 'radiobutton-all':
+               if formVar[3] != '':
+                       nameAttr = makeNameAttr( formVar[3] )
+                       buttonVals  = formVar[4]
+                       buttonTexts = formVar[5]
+                       for i, buttonVal in enumerate( buttonVals ):
+                               htmlText = ''
+                               addAttrs = ''
+                               checked  = ''
+
+                               valueAttr = makeValueAttr( buttonVal )
+                               if formVar[5] != '':
+                                       htmlText = formVar[5][i]
+                               if attrs != '':
+                                       addAttrs = attrs[i]
+                               if buttonVal == formVar[1]:
+                                       checked = 'checked'
+
+                               print '<INPUT type="radio"', nameAttr, 
valueAttr, addAttrs, checked, '>', htmlText, '<BR>'
+
+       if formVar[2] != '':
+               nameAttr = makeNameAttr( formVar[2] )
+               valueAttr = makeValueAttr( formVar[1] )
+               print '<INPUT type="hidden"', nameAttr, valueAttr, '>'
+
+def sendHtmlHeaders( ):
+       # HTML headers
+       print 'Content-Type: text/html'
+       print
+
+def sendPolicyHtml( ):
+       global xmlError, xmlIncomplete, xmlMessages, formXmlGen
+
+       print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"'
+       print '  "http://www.w3.org/TR/html4/loose.dtd";>'
+
+       print '<HTML>'
+
+       sendHtmlHead( )
+
+       print '<BODY>'
+
+       # An input XML file was specified that had errors, output the
+       # error information
+       if xmlError == 1:
+               print '<P>'
+               print 'An error has been encountered while processing the input 
'
+               print 'XML file:'
+               print '<UL>'
+               for msg in xmlMessages:
+                       print '<LI>'
+                       print msg
+               print '</UL>'
+               print '</BODY>'
+               print '</HTML>'
+               return
+
+       # When attempting to generate the XML output, all required data was not
+       # present, output the error information
+       if xmlIncomplete == 1:
+               print '<P>'
+               print 'An error has been encountered while validating the data'
+               print 'required for the output XML file:'
+               print '<UL>'
+               for msg in xmlMessages:
+                       print '<LI>'
+                       print msg
+               print '</UL>'
+               print '</BODY>'
+               print '</HTML>'
+               return
+
+       print '<CENTER>'
+       print '<FORM action="' + os.environ['SCRIPT_NAME'] + '" method="post">'
+       print '<TABLE class="container">'
+       print '  <COLGROUP>'
+       print '    <COL width="100%">'
+       print '  </COLGROUP>'
+
+       print '  <TR>'
+       print '    <TD>'
+       print '      <TABLE>'
+       print '        <TR>'
+       print '          <TD>'
+       sendHtmlFormVar( formDefaultButton, 'class="hidden"' )
+       print '          </TD>'
+       print '        </TR>'
+       print '        <TR>'
+       print '          <TD>'
+       sendHtmlFormVar( formXmlGen )
+       print '          </TD>'
+       print '        </TR>'
+       print '      </TABLE>'
+       print '    </TD>'
+       print '  </TR>'
+
+       # Policy header
+       print '  <TR>'
+       print '    <TD>'
+       sendPHeaderHtml( )
+       print '    </TD>'
+       print '  </TR>'
+
+       # Separator
+       print '  <TR><TD><HR></TD></TR>'
+
+       # Policy (types)
+       print '  <TR>'
+       print '    <TD>'
+       print '      <TABLE class="full">'
+       print '        <TR>'
+       print '          <TD width="49%">'
+       sendPSteHtml( )
+       print '          </TD>'
+       print '          <TD width="2%">&nbsp;</TD>'
+       print '          <TD width="49%">'
+       sendPChWallHtml( )
+       print '          </TD>'
+       print '        </TR>'
+       print '      </TABLE>'
+       print '    </TD>'
+       print '  </TR>'
+
+       print '</TABLE>'
+       print '</FORM>'
+       print '</CENTER>'
+
+       print '</BODY>'
+
+       print '</HTML>'
+
+def sendHtmlHead( ):
+       global headTitle
+
+       print '<HEAD>'
+       print '<STYLE type="text/css">'
+       print '<!--'
+       print 'BODY            {background-color: #EEEEFF;}'
+       print 'TABLE.container {width:  90%; border: 1px solid black; 
border-collapse: seperate;}'
+       print 'TABLE.fullbox   {width: 100%; border: 1px solid black; 
border-collapse: collapse;}'
+       print 'TABLE.full      {width: 100%; border: 0px solid black; 
border-collapse: collapse;}'
+       print 'THEAD           {font-weight: bold; font-size: larger;}'
+       print 'TD              {border: 0px solid black; vertical-align: top;}'
+       print 'TD.heading      {border: 0px solid black; vertical-align: top; 
font-weight: bold; font-size: larger;}'
+       print 'TD.subheading   {border: 0px solid black; vertical-align: top; 
font-size: smaller;}'
+       print 'TD.fullbox      {border: 1px solid black; vertical-align: top;}'
+       print 'SELECT.full     {width: 100%;}'
+       print 'INPUT.full      {width: 100%;}'
+       print 'INPUT.link      {cursor: pointer; background-color: #EEEEFF; 
border: 0px; text-decoration: underline; color: blue;}'
+       print 'INPUT.hidden    {visibility: hidden; width: 1px; height: 1px;}'
+       print ':link           {color: blue;}'
+       print ':visited        {color: red;}'
+       print '-->'
+       print '</STYLE>'
+       print '<TITLE>', headTitle, '</TITLE>'
+       print '</HEAD>'
+
+def sendPHeaderHtml( ):
+       global formPolicyName, formPolicyDate, formPolicyOrder, formPolicyUpdate
+
+       # Policy header definition
+       print '<TABLE class="full">'
+       print '  <COLGROUP>'
+       print '    <COL width="20%">'
+       print '    <COL width="80%">'
+       print '  </COLGROUP>'
+       print '  <TR>'
+       print '    <TD align="center" colspan="2" class="heading">Policy 
Information</TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="right">Name:</TD>'
+       print '    <TD align="left">'
+       sendHtmlFormVar( formPolicyName, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="right">Date:</TD>'
+       print '    <TD align="left">'
+       sendHtmlFormVar( formPolicyDate, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="right">Primary Policy:</TD>'
+       print '    <TD align="left">'
+       sendHtmlFormVar( formPolicyOrder )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="center" colspan="2">'
+       sendHtmlFormVar( formPolicyUpdate )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="center" colspan="2" class="subheading">'
+       print '      (The Policy Information is updated whenever an action is 
performed'
+       print '       or it can be updated separately using the "Update" 
button)'
+       print '    </TD>'
+       print '  </TR>'
+       print '</TABLE>'
+
+def sendPSteHtml( ):
+       global formSteTypes, formSteDel, formSteType, formSteAdd
+
+       # Simple Type Enforcement...
+       print '<TABLE class="full">'
+       print '  <COLGROUP>'
+       print '    <COL width="20%">'
+       print '    <COL width="80%">'
+       print '  </COLGROUP>'
+       print '  <TR>'
+       print '    <TD align="center" colspan="2" class="heading">Simple Type 
Enforcement Types</TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD colspan="2">'
+       sendHtmlFormVar( formSteTypes, 'class="full" size="4" multiple' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD>'
+       sendHtmlFormVar( formSteDel, 'class="full"' )
+       print '    </TD>'
+       print '    <TD>'
+       print '      Delete the type(s) selected above'
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD colspan="2">'
+       sendHtmlFormVar( formSteType, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD>'
+       sendHtmlFormVar( formSteAdd, 'class="full"' )
+       print '    </TD>'
+       print '    <TD>'
+       print '      Create a new type with the above name'
+       print '    </TD>'
+       print '  </TR>'
+       print '</TABLE>'
+
+def sendPChWallHtml( ):
+       global formChWallTypes, formChWallDel, formChWallType, formChWallAdd
+       global formCSNames, formCSName, formCSAdd, allCSDel
+       global allCSMTypes, allCSMDel, allCSMType, allCSMAdd
+
+       # Chinese Wall...
+       print '<TABLE class="full">'
+       print '  <COLGROUP>'
+       print '    <COL width="20%">'
+       print '    <COL width="80%">'
+       print '  </COLGROUP>'
+       print '  <TR>'
+       print '    <TD align="center" colspan="2" class="heading">Chinese Wall 
Types</TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD colspan="2">'
+       sendHtmlFormVar( formChWallTypes, 'class="full" size="4" multiple' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD>'
+       sendHtmlFormVar( formChWallDel, 'class="full"' )
+       print '    </TD>'
+       print '    <TD>'
+       print '      Delete the type(s) selected above'
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD colspan="2">'
+       sendHtmlFormVar( formChWallType, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD>'
+       sendHtmlFormVar( formChWallAdd, 'class="full"' )
+       print '    </TD>'
+       print '    <TD>'
+       print '      Create a new type with the above name'
+       print '    </TD>'
+       print '  </TR>'
+
+       # Chinese Wall Conflict Sets...
+       print '  <TR>'
+       print '    <TD colspan="2">'
+       print '      <TABLE class="full">'
+       print '        <COLGROUP>'
+       print '          <COL width="20%">'
+       print '          <COL width="30%">'
+       print '          <COL width="50%">'
+       print '        </COLGROUP>'
+       print '        <THEAD>'
+       print '          <TR>'
+       print '            <TD align="center" colspan="3"><HR></TD>'
+       print '          </TR>'
+       print '          <TR>'
+       print '            <TD align="center" colspan="3">Chinese Wall Conflict 
Sets</TD>'
+       print '          </TR>'
+       print '        </THEAD>'
+       print '        <TR>'
+       print '          <TD colspan="3">'
+       sendHtmlFormVar( formCSName, 'class="full"' )
+       sendHtmlFormVar( formCSNames )
+       print '          </TD>'
+       print '        </TR>'
+       print '        <TR>'
+       print '          <TD>'
+       sendHtmlFormVar( formCSAdd, 'class="full"' )
+       print '          </TD>'
+       print '          <TD colspan="2">'
+       print '            Create a new conflict set with the above name'
+       print '          </TD>'
+       print '        </TR>'
+       print '      </TABLE>'
+       print '    </TD>'
+       print '  </TR>'
+       if len( formCSNames[1] ) > 0:
+               print '  <TR>'
+               print '    <TD colspan="2">'
+               print '      &nbsp;'
+               print '    </TD>'
+               print '  </TR>'
+               print '  <TR>'
+               print '    <TD colspan="2">'
+               print '      <TABLE class="fullbox">'
+               print '        <COLGROUP>'
+               print '          <COL width="50%">'
+               print '          <COL width="50%">'
+               print '        </COLGROUP>'
+               print '        <THEAD>'
+               print '          <TR>'
+               print '            <TD class="fullbox">Name</TD>'
+               print '            <TD class="fullbox">Actions</TD>'
+               print '          </TR>'
+               print '        </THEAD>'
+               for i, csName in enumerate( formCSNames[1] ):
+                       print '        <TR>'
+                       print '          <TD class="fullbox">' + csName + 
'</TD>'
+                       print '          <TD class="fullbox">'
+                       print '            <A href="#' + csName + '">Edit</A>'
+                       formVar = allCSDel[csName]
+                       sendHtmlFormVar( formVar, 'class="link"' )
+                       print '          </TD>'
+               print '      </TABLE>'
+               print '    </TD>'
+               print '  </TR>'
+               for csName in formCSNames[1]:
+                       print '  <TR><TD colspan="2"><HR></TD></TR>'
+                       print '  <TR>'
+                       print '    <TD align="center" colspan="2" 
class="heading"><A name="' + csName + '">Conflict Set: ' + csName + '</A></TD>'
+                       print '  </TR>'
+                       print '  <TR>'
+                       print '    <TD colspan="2">'
+                       formVar = allCSMTypes[csName];
+                       sendHtmlFormVar( formVar, 'class="full" size="4" 
multiple"' )
+                       print '    </TD>'
+                       print '  </TR>'
+                       print '  <TR>'
+                       print '    <TD>'
+                       formVar = allCSMDel[csName]
+                       sendHtmlFormVar( formVar, 'class="full"' )
+                       print '    </TD>'
+                       print '    <TD>'
+                       print '      Delete the type(s) selected above'
+                       print '    </TD>'
+                       print '  </TR>'
+                       print '  <TR>'
+                       print '    <TD colspan="2">'
+                       ctSet = Set( formChWallTypes[1] )
+                       csSet = Set( allCSMTypes[csName][1] )
+                       formVar = allCSMType[csName]
+                       formVar[1] = []
+                       for chwallType in ctSet.difference( csSet ):
+                               formVar[1].append( chwallType )
+                       formVar[1].sort( )
+                       sendHtmlFormVar( formVar, 'class="full" size="2" 
multiple' )
+                       print '    </TD>'
+                       print '  </TR>'
+                       print '  <TR>'
+                       print '    <TD>'
+                       formVar = allCSMAdd[csName]
+                       sendHtmlFormVar( formVar, 'class="full"' )
+                       print '    </TD>'
+                       print '    <TD>'
+                       print '      Add the type(s) selected above'
+                       print '    </TD>'
+                       print '  </TR>'
+
+       print '</TABLE>'
+
+def checkXmlData( ):
+       global xmlIncomplete
+
+       # Validate the Policy Header requirements
+       if ( len( formPolicyName[1] ) > 0 ) or ( len( formPolicyDate[1] ) > 0 ):
+               if ( len( formPolicyName[1] ) == 0 ) or ( len( 
formPolicyDate[1] ) == 0 ):
+                       msg = ''
+                       msg = msg + 'The XML policy schema requires that the 
Policy '
+                       msg = msg + 'Information Name and Date fields both have 
values '
+                       msg = msg + 'or both not have values.'
+                       formatXmlGenError( msg )
+
+       if formPolicyOrder[1] == 'v_ChWall':
+               if len( formChWallTypes[1] ) == 0:
+                       msg = ''
+                       msg = msg + 'You have specified the primary policy to 
be '
+                       msg = msg + 'Chinese Wall but have not created any 
Chinese '
+                       msg = msg + 'Wall types.  Please create some Chinese 
Wall '
+                       msg = msg + 'types or change the primary policy.'
+                       formatXmlGenError( msg )
+
+       if formPolicyOrder[1] == 'v_Ste':
+               if len( formSteTypes[1] ) == 0:
+                       msg = ''
+                       msg = msg + 'You have specified the primary policy to 
be '
+                       msg = msg + 'Simple Type Enforcement but have not 
created '
+                       msg = msg + 'any Simple Type Enforcement types.  Please 
create '
+                       msg = msg + 'some Simple Type Enforcement types or 
change the '
+                       msg = msg + 'primary policy.'
+                       formatXmlGenError( msg )
+
+       # Validate the Chinese Wall required data
+       if len( formChWallTypes[1] ) > 0:
+               if len( formCSNames[1] ) == 0:
+                       msg = ''
+                       msg = msg + 'The XML policy schema for the Chinese Wall 
'
+                       msg = msg + 'requires at least one Conflict Set be 
defined.'
+                       formatXmlGenError( msg )
+
+def sendXmlHeaders( ):
+       # HTML headers
+       print 'Content-Type: text/xml'
+       print 'Content-Disposition: attachment; filename=security_policy.xml'
+       print
+
+def sendPolicyXml( ):
+       print '<?xml version="1.0"?>'
+
+       print '<SecurityPolicyDefinition xmlns="http://www.ibm.com";'
+       print '                          
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";'
+       print '                          xsi:schemaLocation="http://www.ibm.com 
security_policy.xsd">'
+
+       # Policy header
+       sendPHeaderXml( )
+
+       # Policy (types)
+       sendPSteXml( )
+       sendPChWallXml( )
+
+       print '</SecurityPolicyDefinition>'
+
+def sendPHeaderXml( ):
+       global formPolicyName, formPolicyDate
+
+       # Policy header definition
+       if ( len( formPolicyName[1] ) > 0 ) or ( len( formPolicyDate[1] ) > 0 ):
+               print '<PolicyHeader>'
+               print '  <Name>' + formPolicyName[1] + '</Name>'
+               print '  <Date>' + formPolicyDate[1] + '</Date>'
+               print '</PolicyHeader>'
+
+def sendPSteXml( ):
+       global formPolicyOrder, formSteTypes
+
+       # Simple Type Enforcement...
+       if len( formSteTypes[1] ) == 0:
+               return
+
+       if formPolicyOrder[1] == 'v_Ste':
+               print '<SimpleTypeEnforcement 
priority="PrimaryPolicyComponent">'
+       else:
+               print '<SimpleTypeEnforcement>'
+
+       print '  <SimpleTypeEnforcementTypes>'
+       for steType in formSteTypes[1]:
+               print '    <Type>' + steType + '</Type>'
+       print '  </SimpleTypeEnforcementTypes>'
+
+       print '</SimpleTypeEnforcement>'
+
+def sendPChWallXml( ):
+       global formPolicyOrder, formChWallTypes
+       global formCSNames, allCSMTypes
+
+       # Chinese Wall...
+       if len( formChWallTypes[1] ) == 0:
+               return
+
+       if formPolicyOrder[1] == 'v_ChWall':
+               print '<ChineseWall priority="PrimaryPolicyComponent">'
+       else:
+               print '<ChineseWall>'
+
+       print '  <ChineseWallTypes>'
+       for chWallType in formChWallTypes[1]:
+               print '    <Type>' + chWallType + '</Type>'
+       print '  </ChineseWallTypes>'
+
+       # Chinese Wall Conflict Sets...
+       print '  <ConflictSets>'
+       for cs in formCSNames[1]:
+               formVar = allCSMTypes[cs]
+               if len( formVar[1] ) == 0:
+                       continue
+               print '    <Conflict name="' + cs + '">'
+               for csm in formVar[1]:
+                       print '      <Type>' + csm + '</Type>'
+               print '    </Conflict>'
+       print '  </ConflictSets>'
+
+       print '</ChineseWall>'
+
+
+# Set up initial HTML variables
+headTitle = 'Xen Policy Generation'
+
+# Form variables
+#   The format of these variables is as follows:
+#   [ p0, p1, p2, p3, p4, p5 ]
+#     p0 = input type
+#     p1 = the current value of the variable
+#     p2 = the hidden input name attribute
+#     p3 = the name attribute
+#     p4 = the value attribute
+#     p5 = text to associate with the tag
+formPolicyName    = [ 'text',
+                       '',
+                       'h_policyName',
+                       'i_policyName',
+                       '',
+                       '',
+                   ]
+formPolicyDate    = [ 'text',
+                       getCurrentTime( ),
+                       'h_policyDate',
+                       'i_policyDate',
+                       '',
+                       '',
+                   ]
+formPolicyOrder   = [ 'radiobutton-all',
+                       'v_ChWall',
+                       'h_policyOrder',
+                       'i_policyOrder',
+                       [ 'v_Ste', 'v_ChWall' ],
+                       [ 'Simple Type Enforcement', 'Chinese Wall' ],
+                   ]
+formPolicyUpdate  = [ 'button',
+                       '',
+                       '',
+                       'i_PolicyUpdate',
+                       'Update',
+                       '',
+                   ]
+
+formSteTypes      = [ 'list',
+                       [],
+                       'h_steTypes',
+                       'i_steTypes',
+                       '',
+                       '',
+                   ]
+formSteDel        = [ 'button',
+                       '',
+                       '',
+                       'i_steDel',
+                       'Delete',
+                       '',
+                   ]
+formSteType       = [ 'text',
+                       '',
+                       '',
+                       'i_steType',
+                       '',
+                       '',
+                   ]
+formSteAdd        = [ 'button',
+                       '',
+                       '',
+                       'i_steAdd',
+                       'New',
+                       '',
+                   ]
+
+formChWallTypes   = [ 'list',
+                       [],
+                       'h_chwallTypes',
+                       'i_chwallTypes',
+                       '',
+                       '',
+                   ]
+formChWallDel     = [ 'button',
+                       '',
+                       '',
+                       'i_chwallDel',
+                       'Delete',
+                       '',
+                   ]
+formChWallType    = [ 'text',
+                       '',
+                       '',
+                       'i_chwallType',
+                       '',
+                       '',
+                   ]
+formChWallAdd     = [ 'button',
+                       '',
+                       '',
+                       'i_chwallAdd',
+                       'New',
+                       '',
+                   ]
+
+formCSNames       = [ '',
+                       [],
+                       'h_csNames',
+                       '',
+                       '',
+                       '',
+                   ]
+formCSName        = [ 'text',
+                       '',
+                       '',
+                       'i_csName',
+                       '',
+                       '',
+                   ]
+formCSAdd         = [ 'button',
+                       '',
+                       '',
+                       'i_csAdd',
+                       'New',
+                       '',
+                   ]
+
+formXmlGen          = [ 'button',
+                       '',
+                       '',
+                       'i_xmlGen',
+                       'Generate XML',
+                       '',
+                   ]
+
+formDefaultButton = [ 'button',
+                       '',
+                       '',
+                       'i_defaultButton',
+                       '.',
+                       '',
+                   ]
+
+# This is a set of templates used for each conflict set
+#   Each conflict set is initially assigned these templates,
+#   then each form attribute value is changed to append
+#   "_conflict-set-name" for uniqueness
+templateCSDel     = [ 'button',
+                       '',
+                       '',
+                       'i_csDel',
+                       'Delete',
+                       '',
+                   ]
+allCSDel          = {};
+
+templateCSMTypes  = [ 'list',
+                       [],
+                       'h_csmTypes',
+                       'i_csmTypes',
+                       '',
+                       '',
+                   ]
+templateCSMDel    = [ 'button',
+                       '',
+                       '',
+                       'i_csmDel',
+                       'Delete',
+                       '',
+                   ]
+templateCSMType   = [ 'list',
+                       [],
+                       '',
+                       'i_csmType',
+                       '',
+                       '',
+                   ]
+templateCSMAdd    = [ 'button',
+                       '',
+                       '',
+                       'i_csmAdd',
+                       'Add',
+                       '',
+                   ]
+allCSMTypes       = {};
+allCSMDel         = {};
+allCSMType        = {};
+allCSMAdd         = {};
+
+# A list of all form variables used for saving info across requests
+formVariables     = [ formPolicyName,
+                       formPolicyDate,
+                       formPolicyOrder,
+                       formSteTypes,
+                       formChWallTypes,
+                       formCSNames,
+                   ]
+
+policyXml         = ''
+xmlError          = 0
+xmlIncomplete     = 0
+xmlMessages       = []
+
+
+# Extract any form data
+formData = cgi.FieldStorage( )
+
+# Process the form
+getSavedData( )
+processRequest( )
+
+if formData.has_key( formXmlGen[3] ):
+       # Generate and send the XML file
+       checkXmlData( )
+
+       if xmlIncomplete == 0:
+               sendXmlHeaders( )
+               sendPolicyXml( )
+
+if (not formData.has_key( formXmlGen[3] )) or (xmlIncomplete == 1 ):
+       # Send HTML to continue processing the form
+       sendHtmlHeaders( )
+       sendPolicyHtml( )
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 
tools/security/python/xensec_gen/cgi-bin/policylabel.cgi
--- /dev/null   Tue Dec 13 18:08:17 2005
+++ b/tools/security/python/xensec_gen/cgi-bin/policylabel.cgi  Tue Dec 13 
18:08:26 2005
@@ -0,0 +1,1396 @@
+#!/usr/bin/python
+#
+# The Initial Developer of the Original Code is International
+# Business Machines Corporation. Portions created by IBM
+# Corporation are Copyright (C) 2005 International Business
+# Machines Corporation. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License,
+# or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import os
+import cgi
+import cgitb; cgitb.enable( )
+import time
+import xml.dom.minidom
+import xml.sax
+import xml.sax.handler
+from StringIO import StringIO
+from sets import Set
+
+def getSavedData( ):
+       global formData, policyXml, policyLabelXml
+       global formVariables, formVmNames
+       global allVmChWs, allVmStes
+
+       # Process the XML upload policy file
+       if formData.has_key( 'i_policy' ):
+               dataList = formData.getlist( 'i_policy' )
+               if len( dataList ) > 0:
+                       policyXml = dataList[0].strip( )
+
+       # The XML upload policy file must be specified at the start
+       if formData.has_key( 'i_policyLabelCreate' ):
+               if policyXml == '':
+                       msg = ''
+                       msg = msg + 'A Policy file was not supplied.  A Policy 
file '
+                       msg = msg + 'must be supplied in order to successfully 
create '
+                       msg = msg + 'a Policy Labeling file.'
+                       formatXmlError( msg )
+
+       # Process the XML upload policy label file
+       if formData.has_key( 'i_policyLabel' ):
+               dataList = formData.getlist( 'i_policyLabel' )
+               if len( dataList ) > 0:
+                       policyLabelXml = dataList[0].strip( )
+
+       # Process all the hidden input variables (if present)
+       for formVar in formVariables:
+               if formVar[2] == '':
+                       continue
+
+               if formData.has_key( formVar[2] ):
+                       dataList = formData.getlist( formVar[2] )
+                       if len( dataList ) > 0:
+                               if isinstance( formVar[1], list ):
+                                       exec 'formVar[1] = ' + dataList[0]
+                               else:
+                                       formVar[1] = dataList[0]
+
+       # The form can contain any number of "Virtual Machines"
+       #   so update the list of form variables to include
+       #   each virtual machine (hidden input variable)
+       for vmName in formVmNames[1]:
+               newVm( vmName )
+
+               vmFormVar = allVmChWs[vmName]
+               if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ):
+                       dataList = formData.getlist( vmFormVar[2] )
+                       if len( dataList ) > 0:
+                               if isinstance( vmFormVar[1], list ):
+                                       exec 'vmFormVar[1] = ' + dataList[0]
+                               else:
+                                       vmFormVar[1] = dataList[0]
+
+               vmFormVar = allVmStes[vmName]
+               if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ):
+                       dataList = formData.getlist( vmFormVar[2] )
+                       if len( dataList ) > 0:
+                               if isinstance( vmFormVar[1], list ):
+                                       exec 'vmFormVar[1] = ' + dataList[0]
+                               else:
+                                       vmFormVar[1] = dataList[0]
+
+def getCurrentTime( ):
+       return time.strftime( '%Y-%m-%d %H:%M:%S', time.localtime( ) )
+
+def getName( domNode ):
+       nameNodes = domNode.getElementsByTagName( 'Name' )
+       if len( nameNodes ) == 0:
+               formatXmlError( '"<Name>" tag is missing' )
+               return None
+
+       name = ''
+       for childNode in nameNodes[0].childNodes:
+               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                       name = name + childNode.data
+
+       return name
+
+def getDate( domNode ):
+       dateNodes = domNode.getElementsByTagName( 'Date' )
+       if len( dateNodes ) == 0:
+               formatXmlError( '"<Date>" tag is missing' )
+               return None
+
+       date = ''
+       for childNode in dateNodes[0].childNodes:
+               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                       date = date + childNode.data
+
+       return date
+
+def getDefUrl( domNode ):
+       domNodes = domNode.getElementsByTagName( 'PolicyName' )
+       if len( domNodes ) == 0:
+               formatXmlError( '"<PolicyName>" tag is missing' )
+               return None
+
+       urlNodes = domNode.getElementsByTagName( 'Url' )
+       if len( urlNodes ) == 0:
+               formatXmlError( '"<Url>" tag is missing' )
+               return None
+
+       url = ''
+       for childNode in urlNodes[0].childNodes:
+               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                       url = url + childNode.data
+
+       return url
+
+def getDefRef( domNode ):
+       domNodes = domNode.getElementsByTagName( 'PolicyName' )
+       if len( domNodes ) == 0:
+               formatXmlError( '"<PolicyName>" tag is missing' )
+               return None
+
+       refNodes = domNode.getElementsByTagName( 'Reference' )
+       if len( refNodes ) == 0:
+               formatXmlError( '"<Reference>" tag is missing' )
+               return None
+
+       ref = ''
+       for childNode in refNodes[0].childNodes:
+               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                       ref = ref + childNode.data
+
+       return ref
+
+def getSteTypes( domNode, missingIsError = 0 ):
+       steNodes = domNode.getElementsByTagName( 'SimpleTypeEnforcementTypes' )
+       if len( steNodes ) == 0:
+               if missingIsError == 1:
+                       formatXmlError( '"<SimpleTypeEnforcementTypes>" tag is 
missing' )
+                       return None
+               else:
+                       return []
+
+       return getTypes( steNodes[0] )
+
+def getChWTypes( domNode, missingIsError = 0 ):
+       chwNodes = domNode.getElementsByTagName( 'ChineseWallTypes' )
+       if len( chwNodes ) == 0:
+               if missingIsError == 1:
+                       formatXmlError( '"<ChineseWallTypes>" tag is missing' )
+                       return None
+               else:
+                       return []
+
+       return getTypes( chwNodes[0] )
+
+def getTypes( domNode ):
+       types = []
+
+       domNodes = domNode.getElementsByTagName( 'Type' )
+       if len( domNodes ) == 0:
+               formatXmlError( '"<Type>" tag is missing' )
+               return None
+
+       for domNode in domNodes:
+               typeText = ''
+               for childNode in domNode.childNodes:
+                       if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                               typeText = typeText + childNode.data
+
+               if typeText == '':
+                       formatXmlError( 'No text associated with the "<Type>" 
tag' )
+                       return None
+
+               types.append( typeText )
+
+       return types
+
+def formatXmlError( msg, xml = '', lineNum = -1, colNum = -1 ):
+       global xmlMessages, xmlError
+
+       xmlError = 1
+       addMsg = cgi.escape( msg )
+
+       if lineNum != -1:
+               sio = StringIO( xml )
+               for xmlLine in sio:
+                       lineNum = lineNum - 1
+                       if lineNum == 0:
+                               break;
+
+               addMsg += '<BR><PRE>' + cgi.escape( xmlLine.rstrip( ) )
+
+               if colNum != -1:
+                       errLine = ''
+                       for i in range( colNum ):
+                               errLine = errLine + '-'
+
+                       addMsg += '\n' + errLine + '^'
+
+               addMsg += '</PRE>'
+
+       xmlMessages.append( addMsg )
+
+def formatXmlGenError( msg ):
+       global xmlMessages, xmlIncomplete
+
+       xmlIncomplete = 1
+       xmlMessages.append( cgi.escape( msg ) )
+
+def parseXml( xmlInput ):
+       global xmlMessages, xmlError, xmlLine, xmlColumn
+
+       xmlParser  = xml.sax.make_parser( )
+       try:
+               domDoc = xml.dom.minidom.parseString( xmlInput, xmlParser )
+
+       except xml.sax.SAXParseException, xmlErr:
+               msg = ''
+               msg = msg + 'XML parsing error occurred at line '
+               msg = msg + `xmlErr.getLineNumber( )`
+               msg = msg + ', column '
+               msg = msg + `xmlErr.getColumnNumber( )`
+               msg = msg + ': reason = "'
+               msg = msg + xmlErr.getMessage( )
+               msg = msg + '"'
+               formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), 
xmlErr.getColumnNumber( ) )
+               return None
+
+       except xml.sax.SAXException, xmlErr:
+               msg = ''
+               msg = msg + 'XML Parsing error: ' + `xmlErr`
+               formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), 
xmlErr.getColumnNumber( ) )
+               return None
+
+       return domDoc
+
+def parsePolicyXml( ):
+       global policyXml
+       global formSteTypes, formChWallTypes
+
+       domDoc = parseXml( policyXml )
+       if domDoc == None:
+               return
+
+       domRoot  = domDoc.documentElement
+       domNodes = domRoot.getElementsByTagName( 'SimpleTypeEnforcement' )
+       if len( domNodes ) > 0:
+               steTypes = getSteTypes( domNodes[0], 1 )
+               if steTypes == None:
+                       msg = ''
+                       msg = msg + 'Error processing the SimpleTypeEnforcement 
types.\n'
+                       msg = msg + 'Please validate the Policy Definition file 
used.'
+                       formatXmlError( msg )
+                       return
+
+               formSteTypes[1] = steTypes
+
+       domNodes = domRoot.getElementsByTagName( 'ChineseWall' )
+       if len( domNodes ) > 0:
+               chwTypes = getChWTypes( domNodes[0], 1 )
+               if chwTypes == None:
+                       msg = ''
+                       msg = msg + 'Error processing the ChineseWall types.\n'
+                       msg = msg + 'Please validate the Policy Definition file 
used.'
+                       formatXmlError( msg )
+                       return
+
+               formChWallTypes[1] = chwTypes
+
+def parsePolicyLabelXml( ):
+       global policyLabelXml
+
+       domDoc = parseXml( policyLabelXml )
+       if domDoc == None:
+               return
+
+       domRoot     = domDoc.documentElement
+       domHeaders = domRoot.getElementsByTagName( 'LabelHeader' )
+       if len( domHeaders ) == 0:
+               msg = ''
+               msg = msg + '"<LabelHeader>" tag is missing.\n'
+               msg = msg + 'Please validate the Policy Labeling file used.'
+               formatXmlError( msg )
+               return
+
+       pName = getName( domHeaders[0] )
+       if pName == None:
+               msg = ''
+               msg = msg + 'Error processing the Policy Labeling header 
information.\n'
+               msg = msg + 'Please validate the Policy Labeling file used.'
+               formatXmlError( msg )
+               return
+
+       formPolicyLabelName[1] = pName
+
+       pDate = getDate( domHeaders[0] )
+       if pDate == None:
+               msg = ''
+               msg = msg + 'Error processing the Policy Labeling header 
information.\n'
+               msg = msg + 'Please validate the Policy Labeling file used.'
+               formatXmlError( msg )
+               return
+
+       formPolicyLabelDate[1] = pDate
+
+       pUrl = getDefUrl( domHeaders[0] )
+       if pUrl == None:
+               msg = ''
+               msg = msg + 'Error processing the Policy Labeling header 
information.\n'
+               msg = msg + 'Please validate the Policy Labeling file used.'
+               formatXmlError( msg )
+               return
+
+       formPolicyUrl[1] = pUrl
+
+       pRef = getDefRef( domHeaders[0] )
+       if pRef == None:
+               msg = ''
+               msg = msg + 'Error processing the Policy Labeling header 
information.\n'
+               msg = msg + 'Please validate the Policy Labeling file used.'
+               formatXmlError( msg )
+               return
+
+       formPolicyRef[1] = pRef
+
+       domSubjects = domRoot.getElementsByTagName( 'SubjectLabels' )
+       if len( domSubjects ) > 0:
+               formVmNameDom0[1] = domSubjects[0].getAttribute( 'bootstrap' )
+               domNodes = domSubjects[0].getElementsByTagName( 
'VirtualMachineLabel' )
+               for domNode in domNodes:
+                       vmName = getName( domNode )
+                       if vmName == None:
+                               msg = ''
+                               msg = msg + 'Error processing the 
VirtualMachineLabel name.\n'
+                               msg = msg + 'Please validate the Policy 
Labeling file used.'
+                               formatXmlError( msg )
+                               continue
+
+                       steTypes = getSteTypes( domNode )
+                       if steTypes == None:
+                               msg = ''
+                               msg = msg + 'Error processing the 
SimpleTypeEnforcement types.\n'
+                               msg = msg + 'Please validate the Policy 
Labeling file used.'
+                               formatXmlError( msg )
+                               return
+
+                       chwTypes = getChWTypes( domNode )
+                       if chwTypes == None:
+                               msg = ''
+                               msg = msg + 'Error processing the ChineseWall 
types.\n'
+                               msg = msg + 'Please validate the Policy 
Labeling file used.'
+                               formatXmlError( msg )
+                               return
+
+                       newVm( vmName, 1 )
+                       allVmStes[vmName][1] = steTypes
+                       allVmChWs[vmName][1] = chwTypes
+
+def removeDups( curList ):
+       newList = []
+       curSet  = Set( curList )
+       for x in curSet:
+               newList.append( x )
+       newList.sort( )
+
+       return newList
+
+def newVm( vmName, addToList = 0 ):
+       global formVmNames
+       global templateVmDel, allVmDel, templateVmDom0, allVmDom0
+       global templateVmChWs, templateVmChWDel, templateVmChW, templateVmChWAdd
+       global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd
+       global templateVmStes, templateVmSteDel, templateVmSte, templateVmSteAdd
+       global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd
+
+       # Make sure we have an actual name and check one of the 'all'
+       # variables to be sure it hasn't been previously defined
+       if (len( vmName ) > 0) and (not allVmDom0.has_key( vmName )):
+               vmSuffix = '_' + vmName
+               allVmDom0[vmName]   = modFormTemplate( templateVmDom0,   
vmSuffix )
+               allVmDel[vmName]    = modFormTemplate( templateVmDel,    
vmSuffix )
+               allVmChWs[vmName]   = modFormTemplate( templateVmChWs,   
vmSuffix )
+               allVmChWDel[vmName] = modFormTemplate( templateVmChWDel, 
vmSuffix )
+               allVmChW[vmName]    = modFormTemplate( templateVmChW,    
vmSuffix )
+               allVmChWAdd[vmName] = modFormTemplate( templateVmChWAdd, 
vmSuffix )
+               allVmStes[vmName]   = modFormTemplate( templateVmStes,   
vmSuffix )
+               allVmSteDel[vmName] = modFormTemplate( templateVmSteDel, 
vmSuffix )
+               allVmSte[vmName]    = modFormTemplate( templateVmSte,    
vmSuffix )
+               allVmSteAdd[vmName] = modFormTemplate( templateVmSteAdd, 
vmSuffix )
+               if addToList == 1:
+                       formVmNames[1].append( vmName )
+                       formVmNames[1] = removeDups( formVmNames[1] )
+
+def updateInfo( ):
+       global formData, formPolicyLabelName, formPolicyLabelDate
+       global formPolicyUrl, formPolicyRef
+
+       if formData.has_key( formPolicyLabelName[3] ):
+               formPolicyLabelName[1] = formData[formPolicyLabelName[3]].value
+       elif formData.has_key( formPolicyLabelUpdate[3] ):
+               formPolicyLabelName[1] = ''
+
+       if formData.has_key( formPolicyLabelDate[3] ):
+               formPolicyLabelDate[1] = formData[formPolicyLabelDate[3]].value
+       elif formData.has_key( formPolicyLabelUpdate[3] ):
+               formPolicyLabelDate[1] = ''
+
+       if formData.has_key( formPolicyUrl[3] ):
+               formPolicyUrl[1] = formData[formPolicyUrl[3]].value
+       elif formData.has_key( formPolicyLabelUpdate[3] ):
+               formPolicyUrl[1] = ''
+
+       if formData.has_key( formPolicyRef[3] ):
+               formPolicyRef[1] = formData[formPolicyRef[3]].value
+       elif formData.has_key( formPolicyLabelUpdate[3] ):
+               formPolicyRef[1] = ''
+
+def addVm( ):
+       global formData, fromVmName, formVmNames, formVmNameDom0
+
+       if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( 
formVmAdd[3] )):
+               if formData.has_key( formVmName[3] ):
+                       vmName = formData[formVmName[3]].value
+                       vmName = vmName.strip( )
+                       newVm( vmName, 1 )
+                       if formVmNameDom0[1] == '':
+                               formVmNameDom0[1] = vmName
+
+def delVm( vmName ):
+       global formVmNames, formVmNameDom0
+       global allVmDel, allVmDom0
+       global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd
+       global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd
+
+       vmName = vmName.strip( )
+       formVmNames[1].remove( vmName )
+       del allVmDom0[vmName]
+       del allVmDel[vmName]
+       del allVmChWs[vmName]
+       del allVmChWDel[vmName]
+       del allVmChW[vmName]
+       del allVmChWAdd[vmName]
+       del allVmStes[vmName]
+       del allVmSteDel[vmName]
+       del allVmSte[vmName]
+       del allVmSteAdd[vmName]
+
+       if formVmNameDom0[1] == vmName:
+               if len( formVmNames[1] ) > 0:
+                       formVmNameDom0[1] = formVmNames[1][0]
+               else:
+                       formVmNameDom0[1] = ''
+
+def makeVmDom0( vmName ):
+       global formVmNameDom0
+
+       vmName = vmName.strip( )
+       formVmNameDom0[1] = vmName
+
+def addVmChW( chwName ):
+       global formData, allVmChW, allVmChWs
+
+       formVar = allVmChW[chwName]
+       if formData.has_key( formVar[3] ):
+               chwList = formData.getlist( formVar[3] )
+               formVar = allVmChWs[chwName]
+               for chw in chwList:
+                       chw = chw.strip( )
+                       formVar[1].append( chw )
+                       formVar[1] = removeDups( formVar[1] )
+
+def delVmChW( chwName ):
+       global formData, allVmChWs
+
+       formVar = allVmChWs[chwName]
+       if formData.has_key( formVar[3] ):
+               chwList = formData.getlist( formVar[3] )
+               for chw in chwList:
+                       chw = chw.strip( )
+                       formVar[1].remove( chw )
+
+def addVmSte( steName ):
+       global formData, allVmSte, allVmStes
+
+       formVar = allVmSte[steName]
+       if formData.has_key( formVar[3] ):
+               steList = formData.getlist( formVar[3] )
+               formVar = allVmStes[steName]
+               for ste in steList:
+                       ste = ste.strip( )
+                       formVar[1].append( ste )
+                       formVar[1] = removeDups( formVar[1] )
+
+def delVmSte( steName ):
+       global formData, allVmStes
+
+       formVar = allVmStes[steName]
+       if formData.has_key( formVar[3] ):
+               steList = formData.getlist( formVar[3] )
+               for ste in steList:
+                       ste = ste.strip( )
+                       formVar[1].remove( ste )
+
+def processRequest( ):
+       global formData, policyXml, policyLabelXml, formPolicyLabelUpdate
+       global formVmAdd
+       global formVmNames, allVmDel, allVmDom0
+       global allVmChWAdd, allVmChWDel, allVmSteAdd, allVmSteDel
+
+       if policyXml != '':
+               parsePolicyXml( )
+
+       if policyLabelXml != '':
+               parsePolicyLabelXml( )
+
+       # Allow the updating of the header information whenever
+       # an action is performed
+       updateInfo( )
+
+       # Allow the adding of labels if the user has hit the
+       # enter key when attempting to add a type/set
+       addVm( )
+
+       for vmName in formVmNames[1]:
+               if formData.has_key( allVmDel[vmName][3] ):
+                       delVm( vmName )
+                       continue
+
+               if formData.has_key( allVmDom0[vmName][3] ):
+                       makeVmDom0( vmName )
+
+               if formData.has_key( allVmChWAdd[vmName][3] ):
+                       addVmChW( vmName )
+
+               elif formData.has_key( allVmChWDel[vmName][3] ):
+                       delVmChW( vmName )
+
+               elif formData.has_key( allVmSteAdd[vmName][3] ):
+                       addVmSte( vmName )
+
+               elif formData.has_key( allVmSteDel[vmName][3] ):
+                       delVmSte( vmName )
+
+def modFormTemplate( formTemplate, suffix ):
+       formVar = [x for x in formTemplate]
+
+       if formVar[2] != '':
+               formVar[2] = formVar[2] + suffix
+       if formVar[3] != '':
+               formVar[3] = formVar[3] + suffix
+       if (formVar[0] != 'button') and (formVar[4] != ''):
+               formVar[4] = formVar[4] + suffix
+
+       return formVar;
+
+def makeName( name, suffix='' ):
+       rName = name
+       if suffix != '':
+               rName = rName + '_' + suffix
+
+       return rName
+
+def makeNameAttr( name, suffix='' ):
+       return 'name="' + makeName( name, suffix ) + '"'
+
+def makeValue( value, suffix='' ):
+       rValue = value
+
+       if isinstance( value, list ):
+               rValue = '['
+               for val in value:
+                       rValue = rValue + '\'' + val
+                       if suffix != '':
+                               rValue = rValue + '_' + suffix
+                       rValue = rValue + '\','
+               rValue = rValue + ']'
+
+       else:
+               if suffix != '':
+                       rValue = rValue + '_' + suffix
+
+       return rValue
+
+def makeValueAttr( value, suffix='' ):
+       return 'value="' + makeValue( value, suffix ) + '"'
+
+def sendHtmlFormVar( formVar, attrs='', rb_select=0 ):
+       nameAttr  = ''
+       valueAttr = ''
+       htmlText  = ''
+
+       if formVar[0] == 'text':
+               if formVar[3] != '':
+                       nameAttr = makeNameAttr( formVar[3] )
+               valueAttr = makeValueAttr( formVar[1] )
+
+               print '<INPUT type="text"', nameAttr, valueAttr, attrs, '>'
+
+       elif formVar[0] == 'list':
+               if formVar[3] != '':
+                       nameAttr = makeNameAttr( formVar[3] )
+
+               print '<SELECT', nameAttr, attrs, '>'
+               for option in formVar[1]:
+                       print '<OPTION>' + option + '</OPTION>'
+               print '</SELECT>'
+
+       elif formVar[0] == 'button':
+               if formVar[3] != '':
+                       nameAttr = makeNameAttr( formVar[3] )
+               if formVar[4] != '':
+                       valueAttr = makeValueAttr( formVar[4] )
+
+               print '<INPUT type="submit"', nameAttr, valueAttr, attrs, '>'
+
+       elif formVar[0] == 'radiobutton':
+               if formVar[3] != '':
+                       nameAttr  = makeNameAttr( formVar[3] )
+                       valueAttr = makeValueAttr( formVar[4][rb_select] )
+                       htmlText  = formVar[5][rb_select]
+                       if formVar[4][rb_select] == formVar[1]:
+                               checked = 'checked'
+                       else:
+                               checked = ''
+
+                       print '<INPUT type="radio"', nameAttr, valueAttr, 
attrs, checked, '>', htmlText
+
+       elif formVar[0] == 'radiobutton-all':
+               if formVar[3] != '':
+                       nameAttr = makeNameAttr( formVar[3] )
+                       buttonVals  = formVar[4]
+                       for i, buttonVal in enumerate( buttonVals ):
+                               htmlText = ''
+                               addAttrs = ''
+                               checked  = ''
+
+                               valueAttr = makeValueAttr( buttonVal )
+                               if formVar[5] != '':
+                                       htmlText = formVar[5][i]
+                               if attrs != '':
+                                       addAttrs = attrs[i]
+                               if buttonVal == formVar[1]:
+                                       checked = 'checked'
+
+                               print '<INPUT type="radio"', nameAttr, 
valueAttr, addAttrs, checked, '>', htmlText
+
+       if ( formVar[2] != '' ) and ( rb_select == 0 ):
+               nameAttr = makeNameAttr( formVar[2] )
+               valueAttr = makeValueAttr( formVar[1] )
+               print '<INPUT type="hidden"', nameAttr, valueAttr, '>'
+
+def sendHtmlHeaders( ):
+       # HTML headers
+       print 'Content-Type: text/html'
+       print
+
+def sendPolicyLabelHtml( ):
+       global xmlError, xmlIncomplete, xmlMessages, formXmlGen
+       global formVmNameDom0, formSteTypes, formChWallTypes
+
+       print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"'
+       print '  "http://www.w3.org/TR/html4/loose.dtd";>'
+
+       print '<HTML>'
+
+       sendHtmlHead( )
+
+       print '<BODY>'
+
+       # An input XML file was specified that had errors, output the
+       # error information
+       if xmlError == 1:
+               print '<P>'
+               print 'An error has been encountered while processing the input'
+               print 'XML file:'
+               print '<UL>'
+               for msg in xmlMessages:
+                       print '<LI>'
+                       print msg
+               print '</UL>'
+               print '</BODY>'
+               print '</HTML>'
+               return
+
+       # When attempting to generate the XML output, all required data was not
+       # present, output the error information
+       if xmlIncomplete == 1:
+               print '<P>'
+               print 'An error has been encountered while validating the data'
+               print 'required for the output XML file:'
+               print '<UL>'
+               for msg in xmlMessages:
+                       print '<LI>'
+                       print msg
+               print '</UL>'
+               print '</BODY>'
+               print '</HTML>'
+               return
+
+       print '<CENTER>'
+       print '<FORM action="' + os.environ['SCRIPT_NAME'] + '" method="post">'
+       print '<TABLE class="container">'
+       print '  <COLGROUP>'
+       print '    <COL width="100%">'
+       print '  </COLGROUP>'
+
+       print '  <TR>'
+       print '    <TD>'
+       sendHtmlFormVar( formDefaultButton, 'class="hidden"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD>'
+       sendHtmlFormVar( formXmlGen )
+       print '    </TD>'
+       print '  </TR>'
+
+       # Policy Labeling header
+       print '  <TR>'
+       print '    <TD>'
+       sendPLHeaderHtml( )
+       print '    </TD>'
+       print '  </TR>'
+
+       # Separator
+       print '  <TR>'
+       print '    <TD>'
+       print '      <HR>'
+       print '    </TD>'
+       print '  </TR>'
+
+       # Policy Labels (vms)
+       print '  <TR>'
+       print '    <TD>'
+       print '      <TABLE class="full">'
+       print '        <TR>'
+       print '          <TD width="100%">'
+       sendPLSubHtml( )
+       print '          </TD>'
+       print '        </TR>'
+       print '      </TABLE>'
+       print '    </TD>'
+       print '  </TR>'
+
+       print '</TABLE>'
+
+       # Send some data that needs to be available across sessions
+       sendHtmlFormVar( formVmNameDom0 )
+       sendHtmlFormVar( formSteTypes )
+       sendHtmlFormVar( formChWallTypes )
+
+       print '</FORM>'
+       print '</CENTER>'
+
+       print '</BODY>'
+
+       print '</HTML>'
+
+def sendHtmlHead( ):
+       global headTitle
+
+       print '<HEAD>'
+       print '<STYLE type="text/css">'
+       print '<!--'
+       print 'BODY            {background-color: #EEEEFF;}'
+       print 'TABLE.container {width:  90%; border: 1px solid black; 
border-collapse: seperate;}'
+       print 'TABLE.full      {width: 100%; border: 0px solid black; 
border-collapse: collapse; border-spacing: 3px;}'
+       print 'TABLE.fullbox   {width: 100%; border: 0px solid black; 
border-collapse: collapse; border-spacing: 3px;}'
+       print 'THEAD           {font-weight: bold; font-size: larger;}'
+       print 'TD              {border: 0px solid black; vertical-align: top;}'
+       print 'TD.heading      {border: 0px solid black; vertical-align: top; 
font-weight: bold; font-size: larger;}'
+       print 'TD.subheading   {border: 0px solid black; vertical-align: top; 
font-size: smaller;}'
+       print 'TD.fullbox      {border: 1px solid black; vertical-align: top;}'
+       print 'SELECT.full     {width: 100%;}'
+       print 'INPUT.full      {width: 100%;}'
+       print 'INPUT.link      {cursor: pointer; background-color: #EEEEFF; 
border: 0px; text-decoration: underline; color: blue;}'
+       print 'INPUT.hidden    {visibility: hidden; width: 1px; height: 1px;}'
+       print ':link           {color: blue;}'
+       print ':visited        {color: red;}'
+       print '-->'
+       print '</STYLE>'
+       print '<TITLE>', headTitle, '</TITLE>'
+       print '</HEAD>'
+
+def sendPLHeaderHtml( ):
+       global formPolicyLabelName, formPolicyLabelDate
+       global formPolicyUrl, formPolicyRef
+       global formPolicyLabelUpdate
+
+       # Policy Labeling header definition
+       print '<TABLE class="full">'
+       print '  <COLGROUP>'
+       print '    <COL width="20%">'
+       print '    <COL width="80%">'
+       print '  </COLGROUP>'
+       print '  <TR>'
+       print '    <TD class="heading" align="center" colspan="2">Policy 
Labeling Information</TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="right">Name:</TD>'
+       print '    <TD align="left">'
+       sendHtmlFormVar( formPolicyLabelName, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="right">Date:</TD>'
+       print '    <TD align="left">'
+       sendHtmlFormVar( formPolicyLabelDate, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="right">Policy URL:</TD>'
+       print '    <TD align="left">'
+       sendHtmlFormVar( formPolicyUrl, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="right">Policy Reference:</TD>'
+       print '    <TD align="left">'
+       sendHtmlFormVar( formPolicyRef, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="center" colspan="2">'
+       sendHtmlFormVar( formPolicyLabelUpdate )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="center" colspan="2" class="subheading">'
+       print '      (The Policy Labeling Information is updated whenever an 
action is performed'
+       print '       or it can be updated separately using the "Update" 
button)'
+       print '    </TD>'
+       print '  </TR>'
+       print '</TABLE>'
+
+def sendPLSubHtml( ):
+       global formVmNames, formVmDel, formVmName, formVmAdd
+       global allVmDel, allVmDom0
+       global allVmChWs, allVmChWDel, allVmChW, allVmChWAdd
+       global allVmStes, allVmSteDel, allVmSte, allVmSteAdd
+       global formSteTypes, formChWallTypes
+
+       print '<TABLE class="full">'
+       print '  <COLGROUP>'
+       print '    <COL width="100%">'
+       print '  </COLGROUP>'
+
+       # Virtual Machines...
+       print '  <TR>'
+       print '    <TD>'
+       print '      <TABLE class="full">'
+       print '        <COLGROUP>'
+       print '          <COL width="10%">'
+       print '          <COL width="40%">'
+       print '          <COL width="50%">'
+       print '        </COLGROUP>'
+       print '        <TR>'
+       print '          <TD class="heading" align="center" colspan="3">Virtual 
Machine Classes</TD>'
+       print '        </TR>'
+       print '        <TR>'
+       print '          <TD colspan="2">'
+       sendHtmlFormVar( formVmName, 'class="full"' )
+       sendHtmlFormVar( formVmNames )
+       print '          </TD>'
+       print '          <TD>&nbsp;</TD>'
+       print '        </TR>'
+       print '        <TR>'
+       print '          <TD>'
+       sendHtmlFormVar( formVmAdd, 'class="full"' )
+       print '          </TD>'
+       print '          <TD colspan="2">'
+       print '            Create a new VM class with the above name'
+       print '          </TD>'
+       print '        </TR>'
+       print '      </TABLE>'
+       print '    </TD>'
+       print '  </TR>'
+       if len( formVmNames[1] ) > 0:
+               print '  <TR>'
+               print '    <TD colspan="1">'
+               print '      &nbsp;'
+               print '    </TD>'
+               print '  </TR>'
+               print '  <TR>'
+               print '    <TD>'
+               print '      <TABLE class="fullbox">'
+               print '        <COLGROUP>'
+               print '          <COL width="10%">'
+               print '          <COL width="40%">'
+               print '          <COL width="50%">'
+               print '        </COLGROUP>'
+               print '        <THEAD>'
+               print '          <TR>'
+               print '            <TD class="fullbox">Dom 0?</TD>'
+               print '            <TD class="fullbox">Name</TD>'
+               print '            <TD class="fullbox">Actions</TD>'
+               print '          </TR>'
+               print '        </THEAD>'
+               for i, vmName in enumerate( formVmNames[1] ):
+                       print '        <TR>'
+                       print '          <TD class="fullbox">'
+                       if formVmNameDom0[1] == vmName:
+                               print 'Yes'
+                       else:
+                               print '&nbsp;'
+                       print '          </TD>'
+                       print '          <TD class="fullbox">' + vmName + 
'</TD>'
+                       print '          <TD class="fullbox">'
+                       print '            <A href="#' + vmName + '">Edit</A>'
+                       formVar = allVmDel[vmName]
+                       sendHtmlFormVar( formVar, 'class="link"' )
+                       formVar = allVmDom0[vmName]
+                       sendHtmlFormVar( formVar, 'class="link"' )
+                       print '          </TD>'
+                       print '        </TR>'
+               print '      </TABLE>'
+               print '    </TD>'
+               print '  </TR>'
+               for vmName in formVmNames[1]:
+                       print '  <TR>'
+                       print '    <TD>'
+                       print '      <HR>'
+                       print '    </TD>'
+                       print '  </TR>'
+                       print '  <TR>'
+                       print '    <TD>'
+                       print '      <TABLE class="full">'
+                       print '        <COLGROUP>'
+                       print '          <COL width="10%">'
+                       print '          <COL width="39%">'
+                       print '          <COL width="2%">'
+                       print '          <COL width="10%">'
+                       print '          <COL width="39%">'
+                       print '        </COLGROUP>'
+                       print '        <TR>'
+                       print '          <TD colspan="5" align="center" 
class="heading">'
+                       print '            <A name="' + vmName + '">Virtual 
Machine Class: ' + vmName + '</A>'
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD colspan="2" align="center">Simple 
Type Enforcement Types</TD>'
+                       print '          <TD>&nbsp;</TD>'
+                       print '          <TD colspan="2" align="center">Chinese 
Wall Types</TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD colspan="2">'
+                       formVar = allVmStes[vmName];
+                       sendHtmlFormVar( formVar, 'class="full" size="4" 
multiple"' )
+                       print '          </TD>'
+                       print '          <TD>&nbsp;</TD>'
+                       print '          <TD colspan="2">'
+                       formVar = allVmChWs[vmName];
+                       sendHtmlFormVar( formVar, 'class="full" size="4" 
multiple"' )
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD>'
+                       formVar = allVmSteDel[vmName];
+                       sendHtmlFormVar( formVar, 'class="full"' )
+                       print '          </TD>'
+                       print '          <TD>'
+                       print '            Delete the type(s) selected above'
+                       print '          </TD>'
+                       print '          <TD>&nbsp;</TD>'
+                       print '          <TD>'
+                       formVar = allVmChWDel[vmName];
+                       sendHtmlFormVar( formVar, 'class="full"' )
+                       print '          </TD>'
+                       print '          <TD>'
+                       print '            Delete the type(s) selected above'
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD colspan="2">'
+                       stSet = Set( formSteTypes[1] )
+                       vmSet = Set( allVmStes[vmName][1] )
+                       formVar = allVmSte[vmName]
+                       formVar[1] = []
+                       for steType in stSet.difference( vmSet ):
+                               formVar[1].append( steType )
+                       formVar[1].sort( )
+                       sendHtmlFormVar( formVar, 'class="full" size="2" 
multiple"' )
+                       print '          </TD>'
+                       print '          <TD>&nbsp;</TD>'
+                       print '          <TD colspan="2">'
+                       ctSet = Set( formChWallTypes[1] )
+                       vmSet = Set( allVmChWs[vmName][1] )
+                       formVar = allVmChW[vmName]
+                       formVar[1] = []
+                       for chwallType in ctSet.difference( vmSet ):
+                               formVar[1].append( chwallType )
+                       formVar[1].sort( )
+                       sendHtmlFormVar( formVar, 'class="full" size="2" 
multiple"' )
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD>'
+                       formVar = allVmSteAdd[vmName];
+                       sendHtmlFormVar( formVar, 'class="full"' )
+                       print '          </TD>'
+                       print '          <TD>'
+                       print '            Add the type(s) selected above'
+                       print '          </TD>'
+                       print '          <TD>&nbsp;</TD>'
+                       print '          <TD>'
+                       formVar = allVmChWAdd[vmName];
+                       sendHtmlFormVar( formVar, 'class="full"' )
+                       print '          </TD>'
+                       print '          <TD>'
+                       print '            Add the type(s) selected above'
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '      </TABLE>'
+                       print '    </TD>'
+                       print '  </TR>'
+
+       print '</TABLE>'
+
+def sendPLObjHtml( ):
+
+       # Resources...
+       print '<TABLE class="full">'
+       print '  <COLGROUP>'
+       print '    <COL width="60%">'
+       print '    <COL width="20%">'
+       print '    <COL width="20%">'
+       print '  </COLGROUP>'
+
+       print '  <TR>'
+       print '    <TD align="center" colspan="3" 
class="heading">Resources</TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD colspan="2">'
+       #sendHtmlFormVar( formVmNames, 'class="full" size="4" multiple"' )
+       print '    </TD>'
+       print '    <TD>'
+       #sendHtmlFormVar( formVmDel, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD colspan="2">'
+       #sendHtmlFormVar( formVmName, 'class="full"' )
+       print '    </TD>'
+       print '    <TD>'
+       #sendHtmlFormVar( formVmAdd, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '</TABLE>'
+
+def checkXmlData( ):
+       global xmlIncomplete
+
+       # Validate the Policy Label Header requirements
+       if ( len( formPolicyLabelName[1] ) == 0 ) or \
+          ( len( formPolicyLabelDate[1] ) == 0 ) or \
+          ( len( formPolicyUrl[1] ) == 0 ) or \
+          ( len( formPolicyRef[1] ) == 0 ):
+                       msg = ''
+                       msg = msg + 'The XML policy label schema requires that 
the Policy '
+                       msg = msg + 'Labeling Information Name, Date, Policy 
URL and '
+                       msg = msg + 'Policy Reference fields all have values.'
+                       formatXmlGenError( msg )
+
+def sendXmlHeaders( ):
+       # HTML headers
+       print 'Content-Type: text/xml'
+       print 'Content-Disposition: attachment; 
filename=security_label_template.xml'
+       print
+
+def sendPolicyLabelXml( ):
+       print '<?xml version="1.0"?>'
+
+       print '<SecurityLabelTemplate xmlns="http://www.ibm.com";'
+       print '                       
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";'
+       print '                       xsi:schemaLocation="http://www.ibm.com 
security_policy.xsd">'
+
+       # Policy Labeling header
+       sendPLHeaderXml( )
+
+       # Policy Labels (subjects and objects)
+       sendPLSubXml( )
+       #sendPLObjXml( )
+
+       print '</SecurityLabelTemplate>'
+
+def sendPLHeaderXml( ):
+       global formPolicyLabelName, formPolicyLabelDate
+       global formPolicyUrl, formPolicyRef
+
+       # Policy Labeling header definition
+       print '<LabelHeader>'
+       print '  <Name>' + formPolicyLabelName[1] + '</Name>'
+       print '  <Date>' + formPolicyLabelDate[1] + '</Date>'
+       print '  <PolicyName>'
+       print '    <Url>' + formPolicyUrl[1] + '</Url>'
+       print '    <Reference>' + formPolicyRef[1] + '</Reference>'
+       print '  </PolicyName>'
+       print '</LabelHeader>'
+
+def sendPLSubXml( ):
+       global formVmNames, allVmChWs, allVmStes
+
+       # Virtual machines...
+       if len( formVmNames[1] ) == 0:
+               return
+
+       print '<SubjectLabels bootstrap="' + formVmNameDom0[1] + '">'
+       for vmName in formVmNames[1]:
+               print '  <VirtualMachineLabel>'
+               print '    <Name>' + vmName + '</Name>'
+               formVar = allVmStes[vmName]
+               if len( formVar[1] ) > 0:
+                       print '    <SimpleTypeEnforcementTypes>'
+                       for ste in formVar[1]:
+                               print '      <Type>' + ste + '</Type>'
+                       print '    </SimpleTypeEnforcementTypes>'
+
+               formVar = allVmChWs[vmName]
+               if len( formVar[1] ) > 0:
+                       print '    <ChineseWallTypes>'
+                       for chw in formVar[1]:
+                               print '      <Type>' + chw + '</Type>'
+                       print '    </ChineseWallTypes>'
+
+               print '  </VirtualMachineLabel>'
+
+       print '</SubjectLabels>'
+
+
+# Set up initial HTML variables
+headTitle = 'Xen Policy Labeling Generation'
+
+# Form variables
+#   The format of these variables is as follows:
+#   [ p0, p1, p2, p3, p4, p5 ]
+#     p0 = input type
+#     p1 = the current value of the variable
+#     p2 = the hidden input name attribute
+#     p3 = the name attribute
+#     p4 = the value attribute
+#     p5 = text to associate with the tag
+formPolicyLabelName   = [ 'text',
+                       '',
+                       'h_policyLabelName',
+                       'i_policyLabelName',
+                       '',
+                       '',
+                       ]
+formPolicyLabelDate   = [ 'text',
+                       getCurrentTime( ),
+                       'h_policyLabelDate',
+                       'i_policyLabelDate',
+                       '',
+                       '',
+                       ]
+formPolicyUrl         = [ 'text',
+                       '',
+                       'h_policyUrl',
+                       'i_policyUrl',
+                       '',
+                       '',
+                       ]
+formPolicyRef         = [ 'text',
+                       '',
+                       'h_policyRef',
+                       'i_policyRef',
+                       '',
+                       '',
+                       ]
+formPolicyLabelUpdate = [ 'button',
+                       '',
+                       '',
+                       'i_PolicyLabelUpdate',
+                       'Update',
+                       '',
+                   ]
+
+formVmNames       = [ '',
+                       [],
+                       'h_vmNames',
+                       '',
+                       '',
+                       '',
+                   ]
+formVmDel         = [ 'button',
+                       '',
+                       '',
+                       'i_vmDel',
+                       'Delete',
+                       '',
+                   ]
+formVmName        = [ 'text',
+                       '',
+                       '',
+                       'i_vmName',
+                       '',
+                       '',
+                   ]
+formVmAdd         = [ 'button',
+                       '',
+                       '',
+                       'i_vmAdd',
+                       'New',
+                       '',
+                   ]
+
+formVmNameDom0    = [ '',
+                       '',
+                       'h_vmDom0',
+                       '',
+                       '',
+                       '',
+                   ]
+
+formXmlGen        = [ 'button',
+                       '',
+                       '',
+                       'i_xmlGen',
+                       'Generate XML',
+                       '',
+                   ]
+
+formDefaultButton = [ 'button',
+                       '',
+                       '',
+                       'i_defaultButton',
+                       '.',
+                       '',
+                   ]
+
+formSteTypes      = [ '',
+                        [],
+                       'h_steTypes',
+                       '',
+                       '',
+                       '',
+                   ]
+formChWallTypes   = [ '',
+                        [],
+                       'h_chwallTypes',
+                       '',
+                       '',
+                       '',
+                   ]
+
+# This is a set of templates used for each virtual machine
+#   Each virtual machine is initially assigned these templates,
+#   then each form attribute value is changed to append
+#   "_virtual-machine-name" for uniqueness.
+templateVmDel     = [ 'button',
+                       '',
+                       '',
+                       'i_vmDel',
+                       'Delete',
+                       '',
+                   ]
+templateVmDom0    = [ 'button',
+                       '',
+                       '',
+                       'i_vmDom0',
+                       'SetDom0',
+                       '',
+                   ]
+allVmDel          = {};
+allVmDom0         = {};
+
+templateVmChWs    = [ 'list',
+                       [],
+                       'h_vmChWs',
+                       'i_vmChWs',
+                       '',
+                       '',
+                   ]
+templateVmChWDel  = [ 'button',
+                       '',
+                       '',
+                       'i_vmChWDel',
+                       'Delete',
+                       '',
+                   ]
+templateVmChW     = [ 'list',
+                       [],
+                       '',
+                       'i_vmChW',
+                       '',
+                       '',
+                   ]
+templateVmChWAdd  = [ 'button',
+                       '',
+                       '',
+                       'i_vmChWAdd',
+                       'Add',
+                       '',
+                   ]
+allVmChWs         = {};
+allVmChWDel       = {};
+allVmChW          = {};
+allVmChWAdd       = {};
+
+templateVmStes    = [ 'list',
+                       [],
+                       'h_vmStes',
+                       'i_vmStes',
+                       '',
+                       '',
+                   ]
+templateVmSteDel  = [ 'button',
+                       '',
+                       '',
+                       'i_vmSteDel',
+                       'Delete',
+                       '',
+                   ]
+templateVmSte     = [ 'list',
+                       [],
+                       '',
+                       'i_vmSte',
+                       '',
+                       '',
+                   ]
+templateVmSteAdd  = [ 'button',
+                       '',
+                       '',
+                       'i_vmSteAdd',
+                       'Add',
+                       '',
+                   ]
+allVmStes         = {};
+allVmSteDel       = {};
+allVmSte          = {};
+allVmSteAdd       = {};
+
+# A list of all form variables used for saving info across requests
+formVariables     = [ formPolicyLabelName,
+                       formPolicyLabelDate,
+                       formPolicyUrl,
+                       formPolicyRef,
+                       formVmNames,
+                       formVmNameDom0,
+                       formSteTypes,
+                       formChWallTypes,
+                   ]
+
+policyXml         = ''
+policyLabelXml    = ''
+xmlError          = 0
+xmlIncomplete     = 0
+xmlMessages       = []
+
+
+# Extract any form data
+formData = cgi.FieldStorage( )
+
+# Process the form
+getSavedData( )
+processRequest( )
+
+if formData.has_key( formXmlGen[3] ):
+       # Generate and send the XML file
+       checkXmlData( )
+
+       if xmlIncomplete == 0:
+               sendXmlHeaders( )
+               sendPolicyLabelXml( )
+
+if (not formData.has_key( formXmlGen[3] )) or (xmlIncomplete == 1 ):
+       # Send HTML to continue processing the form
+       sendHtmlHeaders( )
+       sendPolicyLabelHtml( )
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 tools/security/python/xensec_gen/index.html
--- /dev/null   Tue Dec 13 18:08:17 2005
+++ b/tools/security/python/xensec_gen/index.html       Tue Dec 13 18:08:26 2005
@@ -0,0 +1,126 @@
+<!--
+ The Initial Developer of the Original Code is International
+ Business Machines Corporation. Portions created by IBM
+ Corporation are Copyright (C) 2005 International Business
+ Machines Corporation. All Rights Reserved.
+ -->
+
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+  "http://www.w3.org/TR/html4/loose.dtd";>
+<HTML>
+  <HEAD>
+    <META name="author" content="Tom Lendacky">
+    <META name="copyright" content="Copyright (C) 2005 International Business 
Machines Corporation. All rights reserved">
+
+    <STYLE type="text/css">
+      <!--
+      BODY       {background-color: #EEEEFF;}
+      TABLE.xen  {width: 100%; border: 0px solid black;}
+      TD         {border: 0px solid black;}
+      TD.heading {border: 0px solid black; font-weight: bold; font-size: 
larger;}
+      -->
+    </STYLE>
+    <TITLE>Xen Security Policy Tool</TITLE>
+  </HEAD>
+
+  <BODY>
+    <H1>Xen Security Policy Generation Tool</H1>
+
+    <CENTER>
+    <FORM action="/cgi-bin/policy.cgi" method="post" 
enctype="multipart/form-data">
+    <TABLE class="xen">
+      <COLGROUP>
+        <COL width="25%">
+        <COL width="20%">
+        <COL width="55%">
+      </COLGROUP>
+
+      <TR>
+        <TD valign="top" class="heading">
+          Security Policy
+        </TD>
+        <TD valign="top" colspan="2">
+          To generate a new Xen Security Policy leave the
+          <B>"Policy File"</B> entry field
+          empty and click the "Create" button.<BR>
+          To modify an existing Xen Security Policy enter the
+          file name containing the policy in the
+          <B>"Policy File"</B> entry field
+          and click the "Create" button.<HR>
+        </TD>
+      </TR>
+      <TR>
+        <TD></TD>
+        <TD>
+          Policy File:
+        </TD>
+        <TD>
+          <INPUT type="file" size="50" name="i_policy">
+        </TD>
+      </TR>
+      <TR>
+        <TD></TD>
+        <TD valign="top">
+          <INPUT type="submit" name="i_policyCreate" value="Create">
+        </TD>
+        <TD></TD>
+      </TR>
+    </TABLE>
+    </FORM>
+
+    <FORM action="/cgi-bin/policylabel.cgi" method="post" 
enctype="multipart/form-data">
+    <TABLE class="xen">
+      <COLGROUP>
+        <COL width="25%">
+        <COL width="20%">
+        <COL width="55%">
+      </COLGROUP>
+
+      <TR>
+        <TD valign="top" class="heading">
+          Security Policy Labeling
+        </TD>
+        <TD valign="top" colspan="2">
+          To generate or edit the Xen Security Policy Labeling you <B>must</B>
+          specify the name of
+          an existing Xen Security Policy file in the
+          <B>"Policy File"</B> entry field.<BR>
+          To generate new Xen Security Policy Labeling leave the
+          <B>"Policy Labeling File"</B> entry field
+          empty and click the "Create" button.<BR>
+          To modify existing Xen Security Policy Labeling enter the
+          file name containing the labeling in the
+          <B>"Policy Labeling File"</B> entry field
+          and click the "Create" button.<HR>
+        </TD>
+      </TR>
+      <TR>
+        <TD></TD>
+        <TD>
+          Policy File:
+        </TD>
+        <TD>
+          <INPUT type="file" size="50" name="i_policy">
+        </TD>
+      </TR>
+      <TR>
+        <TD></TD>
+        <TD>
+          Policy Labeling File:
+        </TD>
+        <TD>
+          <INPUT type="file" size="50" name="i_policyLabel">
+        </TD>
+      </TR>
+      <TR>
+        <TD></TD>
+        <TD valign="top">
+          <INPUT type="submit" name="i_policyLabelCreate" value="Create">
+        </TD>
+        <TD></TD>
+      </TR>
+    </TABLE>
+    </FORM>
+  </CENTER>
+  </BODY>
+</HTML>
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 tools/security/python/xensec_gen/main.py
--- /dev/null   Tue Dec 13 18:08:17 2005
+++ b/tools/security/python/xensec_gen/main.py  Tue Dec 13 18:08:26 2005
@@ -0,0 +1,185 @@
+#!/usr/bin/python
+#
+# The Initial Developer of the Original Code is International
+# Business Machines Corporation. Portions created by IBM
+# Corporation are Copyright (C) 2005 International Business
+# Machines Corporation. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License,
+# or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+"""Xen security policy generation aid
+"""
+
+import os
+import pwd
+import grp
+import sys
+import getopt
+import BaseHTTPServer
+import CGIHTTPServer
+
+
+gHttpPort = 7777
+gHttpDir  = '/var/lib/xensec_gen'
+gLogFile  = '/var/log/xensec_gen.log'
+gUser     = 'nobody'
+gGroup    = 'nobody'
+
+def usage( ):
+       print >>sys.stderr, 'Usage:  ' + sys.argv[0] + ' [OPTIONS]'
+       print >>sys.stderr, '  OPTIONS:'
+       print >>sys.stderr, '  -p, --httpport'
+       print >>sys.stderr, '     The port on which the http server is to 
listen'
+       print >>sys.stderr, '     (default: ' + str( gHttpPort ) + ')'
+       print >>sys.stderr, '  -d, --httpdir'
+       print >>sys.stderr, '     The directory where the http server is to 
serve pages from'
+       print >>sys.stderr, '     (default: ' + gHttpDir + ')'
+       print >>sys.stderr, '  -l, --logfile'
+       print >>sys.stderr, '     The file in which to log messages generated 
by this command'
+       print >>sys.stderr, '     (default: ' + gLogFile + ')'
+       print >>sys.stderr, '  -u, --user'
+       print >>sys.stderr, '     The user under which this command is to run.  
This parameter'
+       print >>sys.stderr, '     is only used when invoked under the "root" 
user'
+       print >>sys.stderr, '     (default: ' + gUser + ')'
+       print >>sys.stderr, '  -g, --group'
+       print >>sys.stderr, '     The group under which this command is to run. 
 This parameter'
+       print >>sys.stderr, '     is only used when invoked under the "root" 
user'
+       print >>sys.stderr, '     (default: ' + gGroup + ')'
+       print >>sys.stderr, '  -f'
+       print >>sys.stderr, '     Run the command in the foreground.  The 
logfile option will be'
+       print >>sys.stderr, '     ignored and all output will be directed to 
stdout and stderr.'
+       print >>sys.stderr, '  -h, --help'
+       print >>sys.stderr, '     Display the command usage information'
+
+def runServer( aServerPort,
+               aServerClass  = BaseHTTPServer.HTTPServer,
+               aHandlerClass = CGIHTTPServer.CGIHTTPRequestHandler ):
+       serverAddress = ( '', aServerPort )
+       httpd = aServerClass( serverAddress, aHandlerClass )
+       httpd.serve_forever( )
+
+def daemonize( aHttpDir, aLogFile, aUser, aGroup, aFork = 'true' ):
+       # Do some pre-daemon activities
+       os.umask( 027 )
+       if os.getuid( ) == 0:
+               # If we are running as root, we will change that
+               uid = pwd.getpwnam( aUser )[2]
+               gid = grp.getgrnam( aGroup )[2]
+
+               if aFork == 'true':
+                       # Change the owner of the log file to the user/group
+                       #   under which the daemon is to run
+                       flog = open( aLogFile, 'a' )
+                       flog.close( )
+                       os.chown( aLogFile, uid, gid )
+
+               # Change the uid/gid of the process
+               os.setgid( gid )
+               os.setuid( uid )
+
+       # Change to the HTTP directory
+       os.chdir( aHttpDir )
+
+       if aFork == 'true':
+               # Do first fork
+               try:
+                       pid = os.fork( )
+                       if pid:
+                               # Parent process
+                               return pid
+
+               except OSError, e:
+                       raise Exception, e
+
+               # First child process, create a new session
+               os.setsid( )
+
+               # Do second fork
+               try:
+                       pid = os.fork( )
+                       if pid:
+                               # Parent process
+                               os._exit( 0 )
+
+               except OSError, e:
+                       raise Exception, e
+
+               # Reset stdin/stdout/stderr
+               fin  = open( '/dev/null',  'r' )
+               flog = open( aLogFile, 'a' )
+               os.dup2( fin.fileno( ),  sys.stdin.fileno( ) )
+               os.dup2( flog.fileno( ), sys.stdout.fileno( ) )
+               os.dup2( flog.fileno( ), sys.stderr.fileno( ) )
+
+def main( ):
+       httpPort = gHttpPort
+       httpDir  = gHttpDir
+       logFile  = gLogFile
+       user     = gUser
+       group    = gGroup
+       doFork   = 'true'
+
+       shortOpts = 'd:p:l:u:g:fh'
+       longOpts  = [ 'httpdir=', 'httpport=', 'logfile=', 'user=', 'group=', 
'help' ]
+       try:
+               opts, args = getopt.getopt( sys.argv[1:], shortOpts, longOpts )
+
+       except getopt.GetoptError, e:
+               print >>sys.stderr, e
+               usage( )
+               sys.exit( )
+
+       if len( args ) != 0:
+               print >>sys.stderr, 'Error: command arguments are not supported'
+               usage( )
+               sys.exit( )
+
+       for opt, opt_value in opts:
+               if opt in ( '-h', '--help' ):
+                       usage( )
+                       sys.exit( )
+
+               if opt in ( '-d', '--httpdir' ):
+                       httpDir = opt_value
+
+               if opt in ( '-p', '--httpport' ):
+                       try:
+                               httpPort = int( opt_value )
+                       except:
+                               print >>sys.stderr, 'Error: HTTP port is not 
valid'
+                               usage( )
+                               sys.exit( )
+
+               if opt in ( '-l', '--logfile' ):
+                       logFile = opt_value
+
+               if opt in ( '-u', '--user' ):
+                       user = opt_value
+
+               if opt in ( '-g', '--group' ):
+                       group = opt_value
+
+               if opt in ( '-f' ):
+                       doFork = 'false'
+
+       pid = daemonize( httpDir, logFile, user, group, doFork )
+       if pid > 0:
+               sys.exit( )
+
+       runServer( httpPort )
+
+if __name__ == '__main__':
+       main( )
diff -r 8c5b7b6772ae -r 62d9ac63e7f5 tools/security/xensec_gen.py
--- /dev/null   Tue Dec 13 18:08:17 2005
+++ b/tools/security/xensec_gen.py      Tue Dec 13 18:08:26 2005
@@ -0,0 +1,26 @@
+#!/usr/bin/python
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License,
+# or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import sys
+
+# Add fallback path for non-native python path installs if needed
+sys.path.append( '/usr/lib/python' )
+sys.path.append( '/usr/lib64/python' )
+
+from xen.xensec_gen import main
+
+main.main( )

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.