[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH][ACM] New XML policy generation tool



I am submitting a patch (both in-line and as an attachment) for a new
tool for inclusion in the Xen ACM security tools.  This new tool
provides support to aid in the creation/generation of the XML security
policy files for the Xen ACM security architecture.  It is a python-
based, web-based tool named xensec_gen that allows users to create or
modify XML policy files through a browser.  The resulting XML policy
files can then be copied or moved to the appropriate location in
the /etc/xen/acm-security directory structure in order to be translated
into binary and used within the Xen system.

Signed-off-by: Tom Lendacky <toml@xxxxxxxxxx>

Regards,
Tom



# HG changeset patch
# User toml@xxxxxxxxxxxxxxxxxxxxx
# Node ID db5feb4ccc139017454bab0200ebbda988ef033f
# Parent  bdcb115c667a12a5514517456639142c1273b0f1


Addition of the xensec_gen tool, a web-based tool to aid in the
creation/generation of security policy files for the Xen ACM
security architecture.

diff -r bdcb115c667a -r db5feb4ccc13 tools/security/Makefile
--- a/tools/security/Makefile   Sat Dec 10 23:20:08 2005
+++ b/tools/security/Makefile   Mon Dec 12 19:10:23 2005
@@ -35,7 +35,7 @@
 SRCS_GETD     = get_decision.c
 OBJS_GETD    := $(patsubst %.c,%.o,$(filter %.c,$(SRCS_GETD)))
 
-ACM_INST_TOOLS    = xensec_tool xensec_xml2bin
+ACM_INST_TOOLS    = xensec_tool xensec_xml2bin xensec_gen
 ACM_NOINST_TOOLS  = get_decision
 ACM_OBJS          = $(OBJS_TOOL) $(OBJS_XML2BIN) $(OBJS_GETD)
 ACM_SCRIPTS       = getlabel.sh setlabel.sh updategrub.sh labelfuncs.sh
@@ -43,6 +43,12 @@
 ACM_CONFIG_DIR    = /etc/xen/acm-security
 ACM_POLICY_DIR    = $(ACM_CONFIG_DIR)/policies
 ACM_SCRIPT_DIR    = $(ACM_CONFIG_DIR)/scripts
+
+ACM_INST_HTML     = python/xensec_gen/index.html
+ACM_INST_CGI      = python/xensec_gen/cgi-bin/policy.cgi \
+                    python/xensec_gen/cgi-bin/policylabel.cgi
+ACM_SECGEN_HTMLDIR= /var/lib/xensec_gen
+ACM_SECGEN_CGIDIR = $(ACM_SECGEN_HTMLDIR)/cgi-bin
 
 ACM_SCHEMA        = security_policy.xsd
 ACM_EXAMPLES      = null chwall ste chwall_ste
@@ -65,6 +71,15 @@
        done
        $(INSTALL_DIR) -p $(DESTDIR)$(ACM_SCRIPT_DIR)
        $(INSTALL_PROG) -p $(ACM_SCRIPTS) $(DESTDIR)$(ACM_SCRIPT_DIR)
+       $(INSTALL_DIR) -p $(DESTDIR)$(ACM_SECGEN_HTMLDIR)
+       $(INSTALL_DATA) -p $(ACM_INST_HTML) $(DESTDIR)$(ACM_SECGEN_HTMLDIR)
+       $(INSTALL_DIR) -p $(DESTDIR)$(ACM_SECGEN_CGIDIR)
+       $(INSTALL_PROG) -p $(ACM_INST_CGI) $(DESTDIR)$(ACM_SECGEN_CGIDIR)
+ifndef XEN_PYTHON_NATIVE_INSTALL
+       python python/setup.py install --home="$(DESTDIR)/usr"
+else
+       python python/setup.py install --root="$(DESTDIR)"
+endif
 else
 all:
 
@@ -72,22 +87,27 @@
 endif
 
 build: mk-symlinks $(ACM_INST_TOOLS) $(ACM_NOINST_TOOLS)
+       python python/setup.py build
        chmod 700 $(ACM_SCRIPTS)
 
 xensec_tool: $(OBJS_TOOL)
-       $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
+       $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
 
 xensec_xml2bin: $(OBJS_XML2BIN)
-       $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
+       $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
 
 get_decision: $(OBJS_GETD)
-       $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
+       $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
+
+xensec_gen: xensec_gen.py
+       cp -f $^ $@
 
 clean:
        $(RM) $(ACM_INST_TOOLS) $(ACM_NOINST_TOOLS)
        $(RM) $(ACM_OBJS)
        $(RM) $(PROG_DEPS)
        $(RM) -r xen
+       $(RM) -r build
 
 mrproper: clean
 
diff -r bdcb115c667a -r db5feb4ccc13 tools/security/example.txt
--- a/tools/security/example.txt        Sat Dec 10 23:20:08 2005
+++ b/tools/security/example.txt        Mon Dec 12 19:10:23 2005
@@ -271,3 +271,112 @@
 
 If you keep to the security policy schema, then you can use all the
 tools described above. Refer to install.txt to install it.
+
+You can hand-edit the xml files to create your policy or you can use the
+xensec_gen utility.
+
+
+5. Generating policy files using xensec_gen:
+============================================
+
+The xensec_gen utility starts a web-server that can be used to generate the
+XML policy files needed to create a policy.
+
+By default, xensec_gen runs as a daemon and listens on port 7777 for HTTP
+requests.  The xensec_gen command supports command line options to change the
+listen port, run in the foreground, and a few others.  Type 'xensec_gen -h'
+to see the full list of options available.
+
+Once the xensec_gen utility is running, point a browser at the host and port
+on which the utility is running (e.g. http://localhost:7777/).  You will be
+presented with a web page that allows you to create or modify the XML policy
+files:
+
+  - The Security Policy section allows you to create or modify a policy
+    definition file
+
+  - The Security Policy Labeling section allows you to create or modify a
+    label template definition file
+
+  Security Policy:
+  ----------------
+  The Security Policy section allows you to modify an existing policy 
definition
+  file or create a new policy definition file.  To modify an existing policy
+  definition, enter the full path to the existing file (the "Browse" button can
+  be used to aid in this) in the Policy File entry field.  To create a new
+  policy definition file leave the Policy File entry field blank.  At this 
point
+  click the "Create" button to begin modifying or creating your policy 
definition.
+
+  You will then be presented with a web page that will allow you to create 
either
+  Simple Type Enforcement types or Chinese Wall types or both.
+
+  As an example:
+    - To add a Simple Type Enforcement type:
+      - Enter the name of a new type under the Simple Type Enforcement Types
+        section in the entry field above the "New" button.
+      - Click the "New" button and the type will be added to the list of 
defined
+        Simple Type Enforcement types.
+    - To remove a Simple Type Enforcement type:
+      - Click on the type to be removed in the list of defined Simple Type
+        Enforcement types.
+      - Click the "Delete" button to remove the type.
+
+  Follow the same process to add Chinese Wall types.  If you define Chinese 
Wall
+  types you need to define at least one Chinese Wall Conflict Set.  The Chinese
+  Wall Conflict Set will allow you to add Chinese Wall types from the list of
+  defined Chinese Wall types.
+
+  To create your policy definition file, click on the "Generate XML" button on
+  the top of the page.  This will present you with a dialog box to save the
+  generated XML file on your system.  The default name will be 
security_policy.xml
+  which you should change to follow the policy file naming conventions based on
+  the policy name that you choose to use.
+
+  To get a feel for the tool, you could use one of the example policy 
definition
+  files from /etc/xen/acm-security/policies as input.
+
+
+  Security Policy Labeling:
+  -------------------------
+  The Security Policy Labeling section allows you to modify an existing label
+  template definition file or create a new label template definition file.  To
+  modify an existing label template definition, enter the full path to the
+  existing file (the "Browse" button can be used to aid in this) in the Policy
+  Labeling File entry field.  Whether creating a new label template definition
+  file or modifying an existing one, you will need to specify the policy
+  definition file that is or will be associated with this label template
+  definition file.  At this point click the "Create" button to begin modifying
+  or creating your label template definition file.
+
+  You will then be presented with a web page that will allow you to create 
labels
+  for classes of virtual machines.  The input policy definition file will 
provide
+  the available types (Simple Type Enforcement and/or Chinese Wall) that can be
+  assigned to a virtual machine class.
+
+  As an example:
+    - To add a Virtual Machine class (the name entered will become the label
+      that will be used to identify the class):
+      - Enter the name of a new class under the Virtual Machine Classes section
+        in the entry field above the "New" button.
+      - Click the "New" button and the class will be added to the table of 
defined
+        Virtual Machine classes.
+    - To remove a Virtual Machine class:
+      - Click the "Delete" link associated with the class in the table of 
Virtual
+        Machine classes.
+
+  Once you have defined one or more Virtual Machine classes, you will be able 
to
+  add any of the defined Simple Type Enforcement types or Chinese Wall types 
to a
+  particular Virtual Machine.
+
+  You must also define which Virtual Machine class is to be associated with the
+  bootstrap domain (or Dom0 domain).  By default, the first Virtual Machine 
class
+  created will be associated as the bootstrap domain.
+
+  To create your label template definition file, click on the "Generate XML" 
button
+  on the top of the page.  This will present you with a dialog box to save the
+  generated XML file on your system.  The default name will be
+  security_label_template.xml which you should change to follow the policy file
+  naming conventions based on the policy name that you choose to use.
+
+  To get a feel for the tool, you could use one of the example policy 
definition
+  and label template definition files from /etc/xen/acm-security/policies as 
input.
diff -r bdcb115c667a -r db5feb4ccc13 tools/security/python/setup.py
--- /dev/null   Sat Dec 10 23:20:08 2005
+++ b/tools/security/python/setup.py    Mon Dec 12 19:10:23 2005
@@ -0,0 +1,30 @@
+#!/usr/bin/python
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License,
+# or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+from distutils.core import setup
+import os
+
+# This setup script is invoked from the parent directory, so base
+#   everything as if executing from there.
+XEN_ROOT = "../.."
+
+setup(name            = 'xensec_gen',
+      version         = '3.0',
+      description     = 'Xen XML Security Policy Generator',
+      package_dir     = { 'xen' : 'python' },
+      packages        = ['xen.xensec_gen'],
+      )
diff -r bdcb115c667a -r db5feb4ccc13 
tools/security/python/xensec_gen/cgi-bin/policy.cgi
--- /dev/null   Sat Dec 10 23:20:08 2005
+++ b/tools/security/python/xensec_gen/cgi-bin/policy.cgi       Mon Dec 12 
19:10:23 2005
@@ -0,0 +1,1325 @@
+#!/usr/bin/python
+#
+# The Initial Developer of the Original Code is International
+# Business Machines Corporation. Portions created by IBM
+# Corporation are Copyright (C) 2005 International Business
+# Machines Corporation. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License,
+# or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import os
+import cgi
+import cgitb; cgitb.enable( )
+import time
+import xml.dom.minidom
+import xml.sax
+import xml.sax.handler
+from StringIO import StringIO
+from sets import Set
+
+def getSavedData( ):
+       global formData, policyXml, formVariables, formCSNames
+       global templateCSMTypes, templateCSMDel, templateCSMType, templateCSMAdd
+       global allCSMTypes
+
+       # Process the XML upload policy file
+       if formData.has_key( 'i_policy' ):
+               dataList = formData.getlist( 'i_policy' )
+               if len( dataList ) > 0:
+                       policyXml  = dataList[0]
+
+       # Process all the hidden input variables (if present)
+       for formVar in formVariables:
+               if formVar[2] == '':
+                       continue
+
+               if formData.has_key( formVar[2] ):
+                       dataList = formData.getlist( formVar[2] )
+                       if len( dataList ) > 0:
+                               if isinstance( formVar[1], list ):
+                                       exec 'formVar[1] = ' + dataList[0]
+                               else:
+                                       formVar[1] = dataList[0]
+
+       # The form can contain any number of "Conflict Sets"
+       #   so update the list of form variables to include
+       #   each conflict set (hidden input variable)
+       for csName in formCSNames[1]:
+               newCS( csName )
+               if formData.has_key( allCSMTypes[csName][2] ):
+                       dataList = formData.getlist( allCSMTypes[csName][2] )
+                       if len( dataList ) > 0:
+                               exec 'allCSMTypes[csName][1] = ' + dataList[0]
+
+def getCurrentTime( ):
+       return time.strftime( '%Y-%m-%d %H:%M:%S', time.localtime( ) )
+
+def getName( domNode ):
+       nameNodes = domNode.getElementsByTagName( 'Name' )
+       if len( nameNodes ) == 0:
+               formatXmlError( '"<Name>" tag is missing' )
+               return None
+
+       name = ''
+       for childNode in nameNodes[0].childNodes:
+               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                       name = name + childNode.data
+
+       return name
+
+def getDate( domNode ):
+       dateNodes = domNode.getElementsByTagName( 'Date' )
+       if len( dateNodes ) == 0:
+               formatXmlError( '"<Date>" tag is missing' )
+               return None
+
+       date = ''
+       for childNode in dateNodes[0].childNodes:
+               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                       date = date + childNode.data
+
+       return date
+
+def getSteTypes( domNode, missingIsError = 0 ):
+       steNodes = domNode.getElementsByTagName( 'SimpleTypeEnforcementTypes' )
+       if len( steNodes ) == 0:
+               if missingIsError == 1:
+                       formatXmlError( '"<SimpleTypeEnforcementTypes>" tag is 
missing' )
+                       return None
+               else:
+                       return []
+
+       return getTypes( steNodes[0] )
+
+def getChWTypes( domNode, missingIsError = 0 ):
+       chwNodes = domNode.getElementsByTagName( 'ChineseWallTypes' )
+       if len( chwNodes ) == 0:
+               if missingIsError == 1:
+                       formatXmlError( '"<ChineseWallTypes>" tag is missing' )
+                       return None
+               else:
+                       return []
+
+       return getTypes( chwNodes[0] )
+
+def getTypes( domNode ):
+       types = []
+
+       domNodes = domNode.getElementsByTagName( 'Type' )
+       if len( domNodes ) == 0:
+               formatXmlError( '"<Type>" tag is missing' )
+               return None
+
+       for domNode in domNodes:
+               typeText = ''
+               for childNode in domNode.childNodes:
+                       if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                               typeText = typeText + childNode.data
+
+               if typeText == '':
+                       formatXmlError( 'No text associated with the "<Type>" 
tag' )
+                       return None
+
+               types.append( typeText )
+
+       return types
+
+def formatXmlError( msg, xml = '', lineNum = -1, colNum = -1 ):
+       global xmlMessages, xmlError
+
+       xmlError = 1
+       addMsg = cgi.escape( msg )
+
+       if lineNum != -1:
+               sio = StringIO( xml )
+               for xmlLine in sio:
+                       lineNum = lineNum - 1
+                       if lineNum == 0:
+                               break;
+
+               addMsg += '<BR><PRE>' + cgi.escape( xmlLine.rstrip( ) )
+
+               if colNum != -1:
+                       errLine = ''
+                       for i in range( colNum ):
+                               errLine = errLine + '-'
+
+                       addMsg += '\n' + errLine + '^'
+
+               addMsg += '</PRE>'
+
+       xmlMessages.append( addMsg )
+
+def formatXmlGenError( msg ):
+       global xmlMessages, xmlIncomplete
+
+       xmlIncomplete = 1
+       xmlMessages.append( cgi.escape( msg ) )
+
+def parseXml( xmlInput ):
+       global xmlMessages, xmlError, xmlLine, xmlColumn
+
+       xmlParser  = xml.sax.make_parser( )
+       try:
+               domDoc = xml.dom.minidom.parseString( xmlInput, xmlParser )
+
+       except xml.sax.SAXParseException, xmlErr:
+               msg = ''
+               msg = msg + 'XML parsing error occurred at line '
+               msg = msg + `xmlErr.getLineNumber( )`
+               msg = msg + ', column '
+               msg = msg + `xmlErr.getColumnNumber( )`
+               msg = msg + ': reason = "'
+               msg = msg + xmlErr.getMessage( )
+               msg = msg + '"'
+               formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), 
xmlErr.getColumnNumber( ) )
+               return None
+
+       except xml.sax.SAXException, xmlErr:
+               msg = ''
+               msg = msg + 'XML Parsing error: ' + `xmlErr`
+               formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), 
xmlErr.getColumnNumber( ) )
+               return None
+
+       return domDoc
+
+def parsePolicyXml( ):
+       global policyXml
+       global formPolicyName, formPolicyDate, formPolicyOrder
+       global formSteTypes, formChWallTypes
+       global allCSMTypes
+
+       domDoc = parseXml( policyXml )
+       if domDoc == None:
+               return
+
+       domRoot    = domDoc.documentElement
+       domHeaders = domRoot.getElementsByTagName( 'PolicyHeader' )
+       if len( domHeaders ) == 0:
+               msg = ''
+               msg = msg + '"<PolicyHeader>" tag is missing.\n'
+               msg = msg + 'Please validate the Policy file used.'
+               formatXmlError( msg )
+               return
+
+       pName = getName( domHeaders[0] )
+       if pName == None:
+               msg = ''
+               msg = msg + 'Error processing the Policy header information.\n'
+               msg = msg + 'Please validate the Policy file used.'
+               formatXmlError( msg )
+               return
+
+       formPolicyName[1] = pName
+
+       pDate = getDate( domHeaders[0] )
+       if pDate == None:
+               msg = ''
+               msg = msg + 'Error processing the Policy header information.\n'
+               msg = msg + 'Please validate the Policy file used.'
+               formatXmlError( msg )
+               return
+
+       formPolicyDate[1] = pDate
+
+       pOrder = ''
+       domStes = domRoot.getElementsByTagName( 'SimpleTypeEnforcement' )
+       if len( domStes ) > 0:
+               if domStes[0].hasAttribute( 'priority' ):
+                       if domStes[0].getAttribute( 'priority' ) != 
'PrimaryPolicyComponent':
+                               msg = ''
+                               msg = msg + 'Error processing the 
"<SimpleTypeEnforcement>" tag.\n'
+                               msg = msg + 'The "priority" attribute value is 
not valid.\n'
+                               msg = msg + 'Please validate the Policy file 
used.'
+                               formatXmlError( msg )
+                               return
+
+                       pOrder = 'v_Ste'
+
+               steTypes = getSteTypes( domStes[0], 1 )
+               if steTypes == None:
+                       msg = ''
+                       msg = msg + 'Error processing the SimpleTypeEnforcement 
types.\n'
+                       msg = msg + 'Please validate the Policy file used.'
+                       formatXmlError( msg )
+                       return
+
+               formSteTypes[1] = steTypes
+
+       domChWalls = domRoot.getElementsByTagName( 'ChineseWall' )
+       if len( domChWalls ) > 0:
+               if domChWalls[0].hasAttribute( 'priority' ):
+                       if domChWalls[0].getAttribute( 'priority' ) != 
'PrimaryPolicyComponent':
+                               msg = ''
+                               msg = msg + 'Error processing the 
"<ChineseWall>" tag.\n'
+                               msg = msg + 'The "priority" attribute value is 
not valid.\n'
+                               msg = msg + 'Please validate the Policy file 
used.'
+                               formatXmlError( msg )
+                               return
+
+                       if pOrder != '':
+                               msg = ''
+                               msg = msg + 'Error processing the 
"<ChineseWall>" tag.\n'
+                               msg = msg + 'The "priority" attribute has been 
previously specified.\n'
+                               msg = msg + 'Please validate the Policy file 
used.'
+                               formatXmlError( msg )
+                               return
+
+                       pOrder = 'v_ChWall'
+
+               chwTypes = getChWTypes( domChWalls[0], 1 )
+               if chwTypes == None:
+                       msg = ''
+                       msg = msg + 'Error processing the ChineseWall types.\n'
+                       msg = msg + 'Please validate the Policy file used.'
+                       formatXmlError( msg )
+                       return
+
+               formChWallTypes[1] = chwTypes
+
+               csNodes = domChWalls[0].getElementsByTagName( 'ConflictSets' )
+               if len( csNodes ) == 0:
+                       msg = ''
+                       msg = msg + 'Required "<ConflictSets>" tag missing.\n'
+                       msg = msg + 'Please validate the Policy file used.'
+                       formatXmlError( msg )
+                       return
+
+               cNodes = csNodes[0].getElementsByTagName( 'Conflict' )
+               if len( cNodes ) == 0:
+                       msg = ''
+                       msg = msg + 'Required "<Conflict>" tag missing.\n'
+                       msg = msg + 'Please validate the Policy file used.'
+                       formatXmlError( msg )
+                       return
+
+               for cNode in cNodes:
+                       csName = cNode.getAttribute( 'name' )
+                       newCS( csName, 1 )
+
+                       csMemberList = getTypes( cNode )
+                       if csMemberList == None:
+                               msg = ''
+                               msg = msg + 'Error processing the Conflict Set 
members.\n'
+                               msg = msg + 'Please validate the Policy file 
used.'
+                               formatXmlError( msg )
+                               return
+
+                       # Verify the conflict set members are valid types
+                       ctSet = Set( formChWallTypes[1] )
+                       csSet = Set( csMemberList )
+                       if not csSet.issubset( ctSet ):
+                               msg = ''
+                               msg = msg + 'Error processing Conflict Set "' + 
csName + '".\n'
+                               msg = msg + 'Members of the conflict set are 
not valid '
+                               msg = msg + 'Chinese Wall types.\n'
+                               msg = msg + 'Please validate the Policy file 
used.'
+                               formatXmlError( msg )
+
+                       allCSMTypes[csName][1] = csMemberList
+
+       if pOrder != '':
+               formPolicyOrder[1] = pOrder
+       else:
+               if (len( domStes ) > 0) or (len( domChWalls ) > 0):
+                       msg = ''
+                       msg = msg + 'The "priority" attribute has not been 
specified.\n'
+                       msg = msg + 'It must be specified on one of the access 
control types.\n'
+                       msg = msg + 'Please validate the Policy file used.'
+                       formatXmlError( msg )
+                       return
+
+def modFormTemplate( formTemplate, suffix ):
+       formVar = [x for x in formTemplate]
+
+       if formVar[2] != '':
+               formVar[2] = formVar[2] + suffix
+       if formVar[3] != '':
+               formVar[3] = formVar[3] + suffix
+       if (formVar[0] != 'button') and (formVar[4] != ''):
+               formVar[4] = formVar[4] + suffix
+
+       return formVar;
+
+def removeDups( curList ):
+       newList = []
+       curSet  = Set( curList )
+       for x in curSet:
+               newList.append( x )
+       newList.sort( )
+
+       return newList
+
+def newCS( csName, addToList = 0 ):
+       global formCSNames
+       global templateCSDel, allCSDel
+       global templateCSMTypes, templateCSMDel, templateCSMType, templateCSMAdd
+       global allCSMTypes, allCSMDel, allCSMType, allCSMAdd
+
+       csSuffix = '_' + csName
+
+       # Make sure we have an actual name and check one of the 'all'
+       # variables to be sure it hasn't been previously defined
+       if (len( csName ) > 0) and (not allCSMTypes.has_key( csName )):
+               allCSDel[csName]    = modFormTemplate( templateCSDel,    
csSuffix )
+               allCSMTypes[csName] = modFormTemplate( templateCSMTypes, 
csSuffix )
+               allCSMDel[csName]   = modFormTemplate( templateCSMDel,   
csSuffix )
+               allCSMType[csName]  = modFormTemplate( templateCSMType,  
csSuffix )
+               allCSMAdd[csName]   = modFormTemplate( templateCSMAdd,   
csSuffix )
+               if addToList == 1:
+                       formCSNames[1].append( csName )
+                       formCSNames[1] = removeDups( formCSNames[1] )
+
+def updateInfo( ):
+       global formData, formPolicyName, formPolicyDate, formPolicyOrder
+
+       if formData.has_key( formPolicyName[3] ):
+               formPolicyName[1] = formData[formPolicyName[3]].value
+       elif formData.has_key( formPolicyUpdate[3] ):
+               formPolicyName[1] = ''
+
+       if formData.has_key( formPolicyDate[3] ):
+               formPolicyDate[1] = formData[formPolicyDate[3]].value
+       elif formData.has_key( formPolicyUpdate[3] ):
+               formPolicyDate[1] = ''
+
+       if formData.has_key( formPolicyOrder[3] ):
+               formPolicyOrder[1] = formData[formPolicyOrder[3]].value
+
+def addSteType( ):
+       global formData, formSteType, formSteTypes
+
+       if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( 
formSteAdd[3] )):
+               if formData.has_key( formSteType[3] ):
+                       type = formData[formSteType[3]].value
+                       type = type.strip( )
+                       if len( type ) > 0:
+                               formSteTypes[1].append( type )
+                               formSteTypes[1] = removeDups( formSteTypes[1] )
+
+
+def delSteType( ):
+       global formData, formSteTypes
+
+       if formData.has_key( formSteTypes[3] ):
+               typeList = formData.getlist( formSteTypes[3] )
+               for type in typeList:
+                       type = type.strip( )
+                       formSteTypes[1].remove( type )
+
+def addChWallType( ):
+       global formData, formChWallType, formChWallTypes
+
+       if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( 
formChWallAdd[3] )):
+               if formData.has_key( formChWallType[3] ):
+                       type = formData[formChWallType[3]].value
+                       type = type.strip( )
+                       if len( type ) > 0:
+                               formChWallTypes[1].append( type )
+                               formChWallTypes[1] = removeDups( 
formChWallTypes[1] )
+
+def delChWallType( ):
+       global formData, formChWallTypes
+
+       if formData.has_key( formChWallTypes[3] ):
+               typeList = formData.getlist( formChWallTypes[3] )
+               for type in typeList:
+                       type = type.strip( )
+                       formChWallTypes[1].remove( type )
+
+def addCS( ):
+       global formData, formCSNames
+
+       if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( 
formCSAdd[3] )):
+               if formData.has_key( formCSName[3] ):
+                       csName = formData[formCSName[3]].value
+                       csName = csName.strip( )
+                       newCS( csName, 1 )
+
+def delCS( csName ):
+       global formData, formCSNames, allCSDel
+       global allCSMTypes, allCSMDel, allCSMType, allCSMAdd
+
+       csName = csName.strip( )
+       formCSNames[1].remove( csName )
+       del allCSDel[csName]
+       del allCSMTypes[csName]
+       del allCSMDel[csName]
+       del allCSMType[csName]
+       del allCSMAdd[csName]
+
+def addCSMember( csName ):
+       global formData, allCSMType, allCSMTypes
+
+       formVar = allCSMType[csName]
+       if formData.has_key( formVar[3] ):
+               csmList = formData.getlist( formVar[3] )
+               formVar = allCSMTypes[csName]
+               for csm in csmList:
+                       csm = csm.strip( )
+                       formVar[1].append( csm )
+                       formVar[1] = removeDups( formVar[1] )
+
+def delCSMember( csName ):
+       global formData, allCSMTypes
+
+       formVar = allCSMTypes[csName]
+       if formData.has_key( formVar[3] ):
+               csmList = formData.getlist( formVar[3] )
+               for csm in csmList:
+                       csm = csm.strip( )
+                       formVar[1].remove( csm )
+
+def processRequest( ):
+       global policyXml
+       global formData, formPolicyUpdate
+       global formSteAdd, formSteDel
+       global formChWallAdd, formChWallDel
+       global formCSAdd, allCSDel
+       global formCSNames, allCSMAdd, allCSMDel
+
+       if policyXml != '':
+               parsePolicyXml( )
+
+       # Allow the updating of the header information whenever
+       # an action is performed
+       updateInfo( )
+
+       # Allow the adding of types/sets if the user has hit the
+       # enter key when attempting to add a type/set
+       addSteType( )
+       addChWallType( )
+       addCS( )
+
+       if formData.has_key( formSteDel[3] ):
+               delSteType( )
+
+       elif formData.has_key( formChWallDel[3] ):
+               delChWallType( )
+
+       else:
+               for csName in formCSNames[1]:
+                       if formData.has_key( allCSDel[csName][3] ):
+                               delCS( csName )
+                               continue
+
+                       if formData.has_key( allCSMAdd[csName][3] ):
+                               addCSMember( csName )
+
+                       elif formData.has_key( allCSMDel[csName][3] ):
+                               delCSMember( csName )
+
+def makeName( name, suffix='' ):
+       rName = name
+       if suffix != '':
+               rName = rName + '_' + suffix
+
+       return rName
+
+def makeNameAttr( name, suffix='' ):
+       return 'name="' + makeName( name, suffix ) + '"'
+
+def makeValue( value, suffix='' ):
+       rValue = value
+
+       if isinstance( value, list ):
+               rValue = '['
+               for val in value:
+                       rValue = rValue + '\'' + val
+                       if suffix != '':
+                               rValue = rValue + '_' + suffix
+                       rValue = rValue + '\','
+               rValue = rValue + ']'
+
+       else:
+               if suffix != '':
+                       rValue = rValue + '_' + suffix
+
+       return rValue
+
+def makeValueAttr( value, suffix='' ):
+       return 'value="' + makeValue( value, suffix ) + '"'
+
+def sendHtmlFormVar( formVar, attrs='' ):
+       nameAttr  = ''
+       valueAttr = ''
+       htmlText  = ''
+
+       if formVar[0] == 'text':
+               if formVar[3] != '':
+                       nameAttr = makeNameAttr( formVar[3] )
+               valueAttr = makeValueAttr( formVar[1] )
+
+               print '<INPUT type="text"', nameAttr, valueAttr, attrs, '>'
+
+       elif formVar[0] == 'list':
+               if formVar[3] != '':
+                       nameAttr = makeNameAttr( formVar[3] )
+
+               print '<SELECT', nameAttr, attrs, '>'
+               for option in formVar[1]:
+                       print '<OPTION>' + option + '</OPTION>'
+               print '</SELECT>'
+
+       elif formVar[0] == 'button':
+               if formVar[3] != '':
+                       nameAttr = makeNameAttr( formVar[3] )
+               if formVar[4] != '':
+                       valueAttr = makeValueAttr( formVar[4] )
+
+               print '<INPUT type="submit"', nameAttr, valueAttr, attrs, '>'
+
+       elif formVar[0] == 'radiobutton':
+               if formVar[3] != '':
+                       nameAttr  = makeNameAttr( formVar[3] )
+                       valueAttr = makeValueAttr( formVar[4][rb_select] )
+                       htmlText  = formVar[5][rb_select]
+                       if formVar[4][rb_select] == formVar[1]:
+                               checked = 'checked'
+                       else:
+                               checked = ''
+
+                       print '<INPUT type="radio"', nameAttr, valueAttr, 
attrs, checked, '>', htmlText
+
+       elif formVar[0] == 'radiobutton-all':
+               if formVar[3] != '':
+                       nameAttr = makeNameAttr( formVar[3] )
+                       buttonVals  = formVar[4]
+                       buttonTexts = formVar[5]
+                       for i, buttonVal in enumerate( buttonVals ):
+                               htmlText = ''
+                               addAttrs = ''
+                               checked  = ''
+
+                               valueAttr = makeValueAttr( buttonVal )
+                               if formVar[5] != '':
+                                       htmlText = formVar[5][i]
+                               if attrs != '':
+                                       addAttrs = attrs[i]
+                               if buttonVal == formVar[1]:
+                                       checked = 'checked'
+
+                               print '<INPUT type="radio"', nameAttr, 
valueAttr, addAttrs, checked, '>', htmlText, '<BR>'
+
+       if formVar[2] != '':
+               nameAttr = makeNameAttr( formVar[2] )
+               valueAttr = makeValueAttr( formVar[1] )
+               print '<INPUT type="hidden"', nameAttr, valueAttr, '>'
+
+def sendHtmlHeaders( ):
+       # HTML headers
+       print 'Content-Type: text/html'
+       print
+
+def sendPolicyHtml( ):
+       global xmlError, xmlIncomplete, xmlMessages, formXmlGen
+
+       print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"'
+       print '  "http://www.w3.org/TR/html4/loose.dtd";>'
+
+       print '<HTML>'
+
+       sendHtmlHead( )
+
+       print '<BODY>'
+
+       # An input XML file was specified that had errors, output the
+       # error information
+       if xmlError == 1:
+               print '<P>'
+               print 'An error has been encountered while processing the input 
'
+               print 'XML file:'
+               print '<UL>'
+               for msg in xmlMessages:
+                       print '<LI>'
+                       print msg
+               print '</UL>'
+               print '</BODY>'
+               print '</HTML>'
+               return
+
+       # When attempting to generate the XML output, all required data was not
+       # present, output the error information
+       if xmlIncomplete == 1:
+               print '<P>'
+               print 'An error has been encountered while validating the data'
+               print 'required for the output XML file:'
+               print '<UL>'
+               for msg in xmlMessages:
+                       print '<LI>'
+                       print msg
+               print '</UL>'
+               print '</BODY>'
+               print '</HTML>'
+               return
+
+       print '<CENTER>'
+       print '<FORM action="' + os.environ['SCRIPT_NAME'] + '" method="post">'
+       print '<TABLE class="container">'
+       print '  <COLGROUP>'
+       print '    <COL width="100%">'
+       print '  </COLGROUP>'
+
+       print '  <TR>'
+       print '    <TD>'
+       print '      <TABLE>'
+       print '        <TR>'
+       print '          <TD>'
+       sendHtmlFormVar( formDefaultButton, 'class="hidden"' )
+       print '          </TD>'
+       print '        </TR>'
+       print '        <TR>'
+       print '          <TD>'
+       sendHtmlFormVar( formXmlGen )
+       print '          </TD>'
+       print '        </TR>'
+       print '      </TABLE>'
+       print '    </TD>'
+       print '  </TR>'
+
+       # Policy header
+       print '  <TR>'
+       print '    <TD>'
+       sendPHeaderHtml( )
+       print '    </TD>'
+       print '  </TR>'
+
+       # Separator
+       print '  <TR><TD><HR></TD></TR>'
+
+       # Policy (types)
+       print '  <TR>'
+       print '    <TD>'
+       print '      <TABLE class="full">'
+       print '        <TR>'
+       print '          <TD width="49%">'
+       sendPSteHtml( )
+       print '          </TD>'
+       print '          <TD width="2%">&nbsp;</TD>'
+       print '          <TD width="49%">'
+       sendPChWallHtml( )
+       print '          </TD>'
+       print '        </TR>'
+       print '      </TABLE>'
+       print '    </TD>'
+       print '  </TR>'
+
+       print '</TABLE>'
+       print '</FORM>'
+       print '</CENTER>'
+
+       print '</BODY>'
+
+       print '</HTML>'
+
+def sendHtmlHead( ):
+       global headTitle
+
+       print '<HEAD>'
+       print '<STYLE type="text/css">'
+       print '<!--'
+       print 'BODY            {background-color: #EEEEFF;}'
+       print 'TABLE.container {width:  90%; border: 1px solid black; 
border-collapse: seperate;}'
+       print 'TABLE.fullbox   {width: 100%; border: 1px solid black; 
border-collapse: collapse;}'
+       print 'TABLE.full      {width: 100%; border: 0px solid black; 
border-collapse: collapse;}'
+       print 'THEAD           {font-weight: bold; font-size: larger;}'
+       print 'TD              {border: 0px solid black; vertical-align: top;}'
+       print 'TD.heading      {border: 0px solid black; vertical-align: top; 
font-weight: bold; font-size: larger;}'
+       print 'TD.subheading   {border: 0px solid black; vertical-align: top; 
font-size: smaller;}'
+       print 'TD.fullbox      {border: 1px solid black; vertical-align: top;}'
+       print 'SELECT.full     {width: 100%;}'
+       print 'INPUT.full      {width: 100%;}'
+       print 'INPUT.link      {cursor: pointer; background-color: #EEEEFF; 
border: 0px; text-decoration: underline; color: blue;}'
+       print 'INPUT.hidden    {visibility: hidden; width: 1px; height: 1px;}'
+       print ':link           {color: blue;}'
+       print ':visited        {color: red;}'
+       print '-->'
+       print '</STYLE>'
+       print '<TITLE>', headTitle, '</TITLE>'
+       print '</HEAD>'
+
+def sendPHeaderHtml( ):
+       global formPolicyName, formPolicyDate, formPolicyOrder, formPolicyUpdate
+
+       # Policy header definition
+       print '<TABLE class="full">'
+       print '  <COLGROUP>'
+       print '    <COL width="20%">'
+       print '    <COL width="80%">'
+       print '  </COLGROUP>'
+       print '  <TR>'
+       print '    <TD align="center" colspan="2" class="heading">Policy 
Information</TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="right">Name:</TD>'
+       print '    <TD align="left">'
+       sendHtmlFormVar( formPolicyName, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="right">Date:</TD>'
+       print '    <TD align="left">'
+       sendHtmlFormVar( formPolicyDate, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="right">Primary Policy:</TD>'
+       print '    <TD align="left">'
+       sendHtmlFormVar( formPolicyOrder )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="center" colspan="2">'
+       sendHtmlFormVar( formPolicyUpdate )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="center" colspan="2" class="subheading">'
+       print '      (The Policy Information is updated whenever an action is 
performed'
+       print '       or it can be updated separately using the "Update" 
button)'
+       print '    </TD>'
+       print '  </TR>'
+       print '</TABLE>'
+
+def sendPSteHtml( ):
+       global formSteTypes, formSteDel, formSteType, formSteAdd
+
+       # Simple Type Enforcement...
+       print '<TABLE class="full">'
+       print '  <COLGROUP>'
+       print '    <COL width="20%">'
+       print '    <COL width="80%">'
+       print '  </COLGROUP>'
+       print '  <TR>'
+       print '    <TD align="center" colspan="2" class="heading">Simple Type 
Enforcement Types</TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD colspan="2">'
+       sendHtmlFormVar( formSteTypes, 'class="full" size="4" multiple' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD>'
+       sendHtmlFormVar( formSteDel, 'class="full"' )
+       print '    </TD>'
+       print '    <TD>'
+       print '      Delete the type(s) selected above'
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD colspan="2">'
+       sendHtmlFormVar( formSteType, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD>'
+       sendHtmlFormVar( formSteAdd, 'class="full"' )
+       print '    </TD>'
+       print '    <TD>'
+       print '      Create a new type with the above name'
+       print '    </TD>'
+       print '  </TR>'
+       print '</TABLE>'
+
+def sendPChWallHtml( ):
+       global formChWallTypes, formChWallDel, formChWallType, formChWallAdd
+       global formCSNames, formCSName, formCSAdd, allCSDel
+       global allCSMTypes, allCSMDel, allCSMType, allCSMAdd
+
+       # Chinese Wall...
+       print '<TABLE class="full">'
+       print '  <COLGROUP>'
+       print '    <COL width="20%">'
+       print '    <COL width="80%">'
+       print '  </COLGROUP>'
+       print '  <TR>'
+       print '    <TD align="center" colspan="2" class="heading">Chinese Wall 
Types</TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD colspan="2">'
+       sendHtmlFormVar( formChWallTypes, 'class="full" size="4" multiple' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD>'
+       sendHtmlFormVar( formChWallDel, 'class="full"' )
+       print '    </TD>'
+       print '    <TD>'
+       print '      Delete the type(s) selected above'
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD colspan="2">'
+       sendHtmlFormVar( formChWallType, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD>'
+       sendHtmlFormVar( formChWallAdd, 'class="full"' )
+       print '    </TD>'
+       print '    <TD>'
+       print '      Create a new type with the above name'
+       print '    </TD>'
+       print '  </TR>'
+
+       # Chinese Wall Conflict Sets...
+       print '  <TR>'
+       print '    <TD colspan="2">'
+       print '      <TABLE class="full">'
+       print '        <COLGROUP>'
+       print '          <COL width="20%">'
+       print '          <COL width="30%">'
+       print '          <COL width="50%">'
+       print '        </COLGROUP>'
+       print '        <THEAD>'
+       print '          <TR>'
+       print '            <TD align="center" colspan="3"><HR></TD>'
+       print '          </TR>'
+       print '          <TR>'
+       print '            <TD align="center" colspan="3">Chinese Wall Conflict 
Sets</TD>'
+       print '          </TR>'
+       print '        </THEAD>'
+       print '        <TR>'
+       print '          <TD colspan="3">'
+       sendHtmlFormVar( formCSName, 'class="full"' )
+       sendHtmlFormVar( formCSNames )
+       print '          </TD>'
+       print '        </TR>'
+       print '        <TR>'
+       print '          <TD>'
+       sendHtmlFormVar( formCSAdd, 'class="full"' )
+       print '          </TD>'
+       print '          <TD colspan="2">'
+       print '            Create a new conflict set with the above name'
+       print '          </TD>'
+       print '        </TR>'
+       print '      </TABLE>'
+       print '    </TD>'
+       print '  </TR>'
+       if len( formCSNames[1] ) > 0:
+               print '  <TR>'
+               print '    <TD colspan="2">'
+               print '      &nbsp;'
+               print '    </TD>'
+               print '  </TR>'
+               print '  <TR>'
+               print '    <TD colspan="2">'
+               print '      <TABLE class="fullbox">'
+               print '        <COLGROUP>'
+               print '          <COL width="50%">'
+               print '          <COL width="50%">'
+               print '        </COLGROUP>'
+               print '        <THEAD>'
+               print '          <TR>'
+               print '            <TD class="fullbox">Name</TD>'
+               print '            <TD class="fullbox">Actions</TD>'
+               print '          </TR>'
+               print '        </THEAD>'
+               for i, csName in enumerate( formCSNames[1] ):
+                       print '        <TR>'
+                       print '          <TD class="fullbox">' + csName + 
'</TD>'
+                       print '          <TD class="fullbox">'
+                       print '            <A href="#' + csName + '">Edit</A>'
+                       formVar = allCSDel[csName]
+                       sendHtmlFormVar( formVar, 'class="link"' )
+                       print '          </TD>'
+               print '      </TABLE>'
+               print '    </TD>'
+               print '  </TR>'
+               for csName in formCSNames[1]:
+                       print '  <TR><TD colspan="2"><HR></TD></TR>'
+                       print '  <TR>'
+                       print '    <TD align="center" colspan="2" 
class="heading"><A name="' + csName + '">Conflict Set: ' + csName + '</A></TD>'
+                       print '  </TR>'
+                       print '  <TR>'
+                       print '    <TD colspan="2">'
+                       formVar = allCSMTypes[csName];
+                       sendHtmlFormVar( formVar, 'class="full" size="4" 
multiple"' )
+                       print '    </TD>'
+                       print '  </TR>'
+                       print '  <TR>'
+                       print '    <TD>'
+                       formVar = allCSMDel[csName]
+                       sendHtmlFormVar( formVar, 'class="full"' )
+                       print '    </TD>'
+                       print '    <TD>'
+                       print '      Delete the type(s) selected above'
+                       print '    </TD>'
+                       print '  </TR>'
+                       print '  <TR>'
+                       print '    <TD colspan="2">'
+                       ctSet = Set( formChWallTypes[1] )
+                       csSet = Set( allCSMTypes[csName][1] )
+                       formVar = allCSMType[csName]
+                       formVar[1] = []
+                       for chwallType in ctSet.difference( csSet ):
+                               formVar[1].append( chwallType )
+                       formVar[1].sort( )
+                       sendHtmlFormVar( formVar, 'class="full" size="2" 
multiple' )
+                       print '    </TD>'
+                       print '  </TR>'
+                       print '  <TR>'
+                       print '    <TD>'
+                       formVar = allCSMAdd[csName]
+                       sendHtmlFormVar( formVar, 'class="full"' )
+                       print '    </TD>'
+                       print '    <TD>'
+                       print '      Add the type(s) selected above'
+                       print '    </TD>'
+                       print '  </TR>'
+
+       print '</TABLE>'
+
+def checkXmlData( ):
+       global xmlIncomplete
+
+       # Validate the Policy Header requirements
+       if ( len( formPolicyName[1] ) > 0 ) or ( len( formPolicyDate[1] ) > 0 ):
+               if ( len( formPolicyName[1] ) == 0 ) or ( len( 
formPolicyDate[1] ) == 0 ):
+                       msg = ''
+                       msg = msg + 'The XML policy schema requires that the 
Policy '
+                       msg = msg + 'Information Name and Date fields both have 
values '
+                       msg = msg + 'or both not have values.'
+                       formatXmlGenError( msg )
+
+       if formPolicyOrder[1] == 'v_ChWall':
+               if len( formChWallTypes[1] ) == 0:
+                       msg = ''
+                       msg = msg + 'You have specified the primary policy to 
be '
+                       msg = msg + 'Chinese Wall but have not created any 
Chinese '
+                       msg = msg + 'Wall types.  Please create some Chinese 
Wall '
+                       msg = msg + 'types or change the primary policy.'
+                       formatXmlGenError( msg )
+
+       if formPolicyOrder[1] == 'v_Ste':
+               if len( formSteTypes[1] ) == 0:
+                       msg = ''
+                       msg = msg + 'You have specified the primary policy to 
be '
+                       msg = msg + 'Simple Type Enforcement but have not 
created '
+                       msg = msg + 'any Simple Type Enforcement types.  Please 
create '
+                       msg = msg + 'some Simple Type Enforcement types or 
change the '
+                       msg = msg + 'primary policy.'
+                       formatXmlGenError( msg )
+
+       # Validate the Chinese Wall required data
+       if len( formChWallTypes[1] ) > 0:
+               if len( formCSNames[1] ) == 0:
+                       msg = ''
+                       msg = msg + 'The XML policy schema for the Chinese Wall 
'
+                       msg = msg + 'requires at least one Conflict Set be 
defined.'
+                       formatXmlGenError( msg )
+
+def sendXmlHeaders( ):
+       # HTML headers
+       print 'Content-Type: text/xml'
+       print 'Content-Disposition: attachment; filename=security_policy.xml'
+       print
+
+def sendPolicyXml( ):
+       print '<?xml version="1.0"?>'
+
+       print '<SecurityPolicyDefinition xmlns="http://www.ibm.com";'
+       print '                          
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";'
+       print '                          xsi:schemaLocation="http://www.ibm.com 
security_policy.xsd">'
+
+       # Policy header
+       sendPHeaderXml( )
+
+       # Policy (types)
+       sendPSteXml( )
+       sendPChWallXml( )
+
+       print '</SecurityPolicyDefinition>'
+
+def sendPHeaderXml( ):
+       global formPolicyName, formPolicyDate
+
+       # Policy header definition
+       if ( len( formPolicyName[1] ) > 0 ) or ( len( formPolicyDate[1] ) > 0 ):
+               print '<PolicyHeader>'
+               print '  <Name>' + formPolicyName[1] + '</Name>'
+               print '  <Date>' + formPolicyDate[1] + '</Date>'
+               print '</PolicyHeader>'
+
+def sendPSteXml( ):
+       global formPolicyOrder, formSteTypes
+
+       # Simple Type Enforcement...
+       if len( formSteTypes[1] ) == 0:
+               return
+
+       if formPolicyOrder[1] == 'v_Ste':
+               print '<SimpleTypeEnforcement 
priority="PrimaryPolicyComponent">'
+       else:
+               print '<SimpleTypeEnforcement>'
+
+       print '  <SimpleTypeEnforcementTypes>'
+       for steType in formSteTypes[1]:
+               print '    <Type>' + steType + '</Type>'
+       print '  </SimpleTypeEnforcementTypes>'
+
+       print '</SimpleTypeEnforcement>'
+
+def sendPChWallXml( ):
+       global formPolicyOrder, formChWallTypes
+       global formCSNames, allCSMTypes
+
+       # Chinese Wall...
+       if len( formChWallTypes[1] ) == 0:
+               return
+
+       if formPolicyOrder[1] == 'v_ChWall':
+               print '<ChineseWall priority="PrimaryPolicyComponent">'
+       else:
+               print '<ChineseWall>'
+
+       print '  <ChineseWallTypes>'
+       for chWallType in formChWallTypes[1]:
+               print '    <Type>' + chWallType + '</Type>'
+       print '  </ChineseWallTypes>'
+
+       # Chinese Wall Conflict Sets...
+       print '  <ConflictSets>'
+       for cs in formCSNames[1]:
+               formVar = allCSMTypes[cs]
+               if len( formVar[1] ) == 0:
+                       continue
+               print '    <Conflict name="' + cs + '">'
+               for csm in formVar[1]:
+                       print '      <Type>' + csm + '</Type>'
+               print '    </Conflict>'
+       print '  </ConflictSets>'
+
+       print '</ChineseWall>'
+
+
+# Set up initial HTML variables
+headTitle = 'Xen Policy Generation'
+
+# Form variables
+#   The format of these variables is as follows:
+#   [ p0, p1, p2, p3, p4, p5 ]
+#     p0 = input type
+#     p1 = the current value of the variable
+#     p2 = the hidden input name attribute
+#     p3 = the name attribute
+#     p4 = the value attribute
+#     p5 = text to associate with the tag
+formPolicyName    = [ 'text',
+                       '',
+                       'h_policyName',
+                       'i_policyName',
+                       '',
+                       '',
+                   ]
+formPolicyDate    = [ 'text',
+                       getCurrentTime( ),
+                       'h_policyDate',
+                       'i_policyDate',
+                       '',
+                       '',
+                   ]
+formPolicyOrder   = [ 'radiobutton-all',
+                       'v_ChWall',
+                       'h_policyOrder',
+                       'i_policyOrder',
+                       [ 'v_Ste', 'v_ChWall' ],
+                       [ 'Simple Type Enforcement', 'Chinese Wall' ],
+                   ]
+formPolicyUpdate  = [ 'button',
+                       '',
+                       '',
+                       'i_PolicyUpdate',
+                       'Update',
+                       '',
+                   ]
+
+formSteTypes      = [ 'list',
+                       [],
+                       'h_steTypes',
+                       'i_steTypes',
+                       '',
+                       '',
+                   ]
+formSteDel        = [ 'button',
+                       '',
+                       '',
+                       'i_steDel',
+                       'Delete',
+                       '',
+                   ]
+formSteType       = [ 'text',
+                       '',
+                       '',
+                       'i_steType',
+                       '',
+                       '',
+                   ]
+formSteAdd        = [ 'button',
+                       '',
+                       '',
+                       'i_steAdd',
+                       'New',
+                       '',
+                   ]
+
+formChWallTypes   = [ 'list',
+                       [],
+                       'h_chwallTypes',
+                       'i_chwallTypes',
+                       '',
+                       '',
+                   ]
+formChWallDel     = [ 'button',
+                       '',
+                       '',
+                       'i_chwallDel',
+                       'Delete',
+                       '',
+                   ]
+formChWallType    = [ 'text',
+                       '',
+                       '',
+                       'i_chwallType',
+                       '',
+                       '',
+                   ]
+formChWallAdd     = [ 'button',
+                       '',
+                       '',
+                       'i_chwallAdd',
+                       'New',
+                       '',
+                   ]
+
+formCSNames       = [ '',
+                       [],
+                       'h_csNames',
+                       '',
+                       '',
+                       '',
+                   ]
+formCSName        = [ 'text',
+                       '',
+                       '',
+                       'i_csName',
+                       '',
+                       '',
+                   ]
+formCSAdd         = [ 'button',
+                       '',
+                       '',
+                       'i_csAdd',
+                       'New',
+                       '',
+                   ]
+
+formXmlGen          = [ 'button',
+                       '',
+                       '',
+                       'i_xmlGen',
+                       'Generate XML',
+                       '',
+                   ]
+
+formDefaultButton = [ 'button',
+                       '',
+                       '',
+                       'i_defaultButton',
+                       '.',
+                       '',
+                   ]
+
+# This is a set of templates used for each conflict set
+#   Each conflict set is initially assigned these templates,
+#   then each form attribute value is changed to append
+#   "_conflict-set-name" for uniqueness
+templateCSDel     = [ 'button',
+                       '',
+                       '',
+                       'i_csDel',
+                       'Delete',
+                       '',
+                   ]
+allCSDel          = {};
+
+templateCSMTypes  = [ 'list',
+                       [],
+                       'h_csmTypes',
+                       'i_csmTypes',
+                       '',
+                       '',
+                   ]
+templateCSMDel    = [ 'button',
+                       '',
+                       '',
+                       'i_csmDel',
+                       'Delete',
+                       '',
+                   ]
+templateCSMType   = [ 'list',
+                       [],
+                       '',
+                       'i_csmType',
+                       '',
+                       '',
+                   ]
+templateCSMAdd    = [ 'button',
+                       '',
+                       '',
+                       'i_csmAdd',
+                       'Add',
+                       '',
+                   ]
+allCSMTypes       = {};
+allCSMDel         = {};
+allCSMType        = {};
+allCSMAdd         = {};
+
+# A list of all form variables used for saving info across requests
+formVariables     = [ formPolicyName,
+                       formPolicyDate,
+                       formPolicyOrder,
+                       formSteTypes,
+                       formChWallTypes,
+                       formCSNames,
+                   ]
+
+policyXml         = ''
+xmlError          = 0
+xmlIncomplete     = 0
+xmlMessages       = []
+
+
+# Extract any form data
+formData = cgi.FieldStorage( )
+
+# Process the form
+getSavedData( )
+processRequest( )
+
+if formData.has_key( formXmlGen[3] ):
+       # Generate and send the XML file
+       checkXmlData( )
+
+       if xmlIncomplete == 0:
+               sendXmlHeaders( )
+               sendPolicyXml( )
+
+if (not formData.has_key( formXmlGen[3] )) or (xmlIncomplete == 1 ):
+       # Send HTML to continue processing the form
+       sendHtmlHeaders( )
+       sendPolicyHtml( )
diff -r bdcb115c667a -r db5feb4ccc13 
tools/security/python/xensec_gen/cgi-bin/policylabel.cgi
--- /dev/null   Sat Dec 10 23:20:08 2005
+++ b/tools/security/python/xensec_gen/cgi-bin/policylabel.cgi  Mon Dec 12 
19:10:23 2005
@@ -0,0 +1,1396 @@
+#!/usr/bin/python
+#
+# The Initial Developer of the Original Code is International
+# Business Machines Corporation. Portions created by IBM
+# Corporation are Copyright (C) 2005 International Business
+# Machines Corporation. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License,
+# or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import os
+import cgi
+import cgitb; cgitb.enable( )
+import time
+import xml.dom.minidom
+import xml.sax
+import xml.sax.handler
+from StringIO import StringIO
+from sets import Set
+
+def getSavedData( ):
+       global formData, policyXml, policyLabelXml
+       global formVariables, formVmNames
+       global allVmChWs, allVmStes
+
+       # Process the XML upload policy file
+       if formData.has_key( 'i_policy' ):
+               dataList = formData.getlist( 'i_policy' )
+               if len( dataList ) > 0:
+                       policyXml = dataList[0].strip( )
+
+       # The XML upload policy file must be specified at the start
+       if formData.has_key( 'i_policyLabelCreate' ):
+               if policyXml == '':
+                       msg = ''
+                       msg = msg + 'A Policy file was not supplied.  A Policy 
file '
+                       msg = msg + 'must be supplied in order to successfully 
create '
+                       msg = msg + 'a Policy Labeling file.'
+                       formatXmlError( msg )
+
+       # Process the XML upload policy label file
+       if formData.has_key( 'i_policyLabel' ):
+               dataList = formData.getlist( 'i_policyLabel' )
+               if len( dataList ) > 0:
+                       policyLabelXml = dataList[0].strip( )
+
+       # Process all the hidden input variables (if present)
+       for formVar in formVariables:
+               if formVar[2] == '':
+                       continue
+
+               if formData.has_key( formVar[2] ):
+                       dataList = formData.getlist( formVar[2] )
+                       if len( dataList ) > 0:
+                               if isinstance( formVar[1], list ):
+                                       exec 'formVar[1] = ' + dataList[0]
+                               else:
+                                       formVar[1] = dataList[0]
+
+       # The form can contain any number of "Virtual Machines"
+       #   so update the list of form variables to include
+       #   each virtual machine (hidden input variable)
+       for vmName in formVmNames[1]:
+               newVm( vmName )
+
+               vmFormVar = allVmChWs[vmName]
+               if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ):
+                       dataList = formData.getlist( vmFormVar[2] )
+                       if len( dataList ) > 0:
+                               if isinstance( vmFormVar[1], list ):
+                                       exec 'vmFormVar[1] = ' + dataList[0]
+                               else:
+                                       vmFormVar[1] = dataList[0]
+
+               vmFormVar = allVmStes[vmName]
+               if (vmFormVar[2] != '') and formData.has_key( vmFormVar[2] ):
+                       dataList = formData.getlist( vmFormVar[2] )
+                       if len( dataList ) > 0:
+                               if isinstance( vmFormVar[1], list ):
+                                       exec 'vmFormVar[1] = ' + dataList[0]
+                               else:
+                                       vmFormVar[1] = dataList[0]
+
+def getCurrentTime( ):
+       return time.strftime( '%Y-%m-%d %H:%M:%S', time.localtime( ) )
+
+def getName( domNode ):
+       nameNodes = domNode.getElementsByTagName( 'Name' )
+       if len( nameNodes ) == 0:
+               formatXmlError( '"<Name>" tag is missing' )
+               return None
+
+       name = ''
+       for childNode in nameNodes[0].childNodes:
+               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                       name = name + childNode.data
+
+       return name
+
+def getDate( domNode ):
+       dateNodes = domNode.getElementsByTagName( 'Date' )
+       if len( dateNodes ) == 0:
+               formatXmlError( '"<Date>" tag is missing' )
+               return None
+
+       date = ''
+       for childNode in dateNodes[0].childNodes:
+               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                       date = date + childNode.data
+
+       return date
+
+def getDefUrl( domNode ):
+       domNodes = domNode.getElementsByTagName( 'PolicyName' )
+       if len( domNodes ) == 0:
+               formatXmlError( '"<PolicyName>" tag is missing' )
+               return None
+
+       urlNodes = domNode.getElementsByTagName( 'Url' )
+       if len( urlNodes ) == 0:
+               formatXmlError( '"<Url>" tag is missing' )
+               return None
+
+       url = ''
+       for childNode in urlNodes[0].childNodes:
+               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                       url = url + childNode.data
+
+       return url
+
+def getDefRef( domNode ):
+       domNodes = domNode.getElementsByTagName( 'PolicyName' )
+       if len( domNodes ) == 0:
+               formatXmlError( '"<PolicyName>" tag is missing' )
+               return None
+
+       refNodes = domNode.getElementsByTagName( 'Reference' )
+       if len( refNodes ) == 0:
+               formatXmlError( '"<Reference>" tag is missing' )
+               return None
+
+       ref = ''
+       for childNode in refNodes[0].childNodes:
+               if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                       ref = ref + childNode.data
+
+       return ref
+
+def getSteTypes( domNode, missingIsError = 0 ):
+       steNodes = domNode.getElementsByTagName( 'SimpleTypeEnforcementTypes' )
+       if len( steNodes ) == 0:
+               if missingIsError == 1:
+                       formatXmlError( '"<SimpleTypeEnforcementTypes>" tag is 
missing' )
+                       return None
+               else:
+                       return []
+
+       return getTypes( steNodes[0] )
+
+def getChWTypes( domNode, missingIsError = 0 ):
+       chwNodes = domNode.getElementsByTagName( 'ChineseWallTypes' )
+       if len( chwNodes ) == 0:
+               if missingIsError == 1:
+                       formatXmlError( '"<ChineseWallTypes>" tag is missing' )
+                       return None
+               else:
+                       return []
+
+       return getTypes( chwNodes[0] )
+
+def getTypes( domNode ):
+       types = []
+
+       domNodes = domNode.getElementsByTagName( 'Type' )
+       if len( domNodes ) == 0:
+               formatXmlError( '"<Type>" tag is missing' )
+               return None
+
+       for domNode in domNodes:
+               typeText = ''
+               for childNode in domNode.childNodes:
+                       if childNode.nodeType == xml.dom.Node.TEXT_NODE:
+                               typeText = typeText + childNode.data
+
+               if typeText == '':
+                       formatXmlError( 'No text associated with the "<Type>" 
tag' )
+                       return None
+
+               types.append( typeText )
+
+       return types
+
+def formatXmlError( msg, xml = '', lineNum = -1, colNum = -1 ):
+       global xmlMessages, xmlError
+
+       xmlError = 1
+       addMsg = cgi.escape( msg )
+
+       if lineNum != -1:
+               sio = StringIO( xml )
+               for xmlLine in sio:
+                       lineNum = lineNum - 1
+                       if lineNum == 0:
+                               break;
+
+               addMsg += '<BR><PRE>' + cgi.escape( xmlLine.rstrip( ) )
+
+               if colNum != -1:
+                       errLine = ''
+                       for i in range( colNum ):
+                               errLine = errLine + '-'
+
+                       addMsg += '\n' + errLine + '^'
+
+               addMsg += '</PRE>'
+
+       xmlMessages.append( addMsg )
+
+def formatXmlGenError( msg ):
+       global xmlMessages, xmlIncomplete
+
+       xmlIncomplete = 1
+       xmlMessages.append( cgi.escape( msg ) )
+
+def parseXml( xmlInput ):
+       global xmlMessages, xmlError, xmlLine, xmlColumn
+
+       xmlParser  = xml.sax.make_parser( )
+       try:
+               domDoc = xml.dom.minidom.parseString( xmlInput, xmlParser )
+
+       except xml.sax.SAXParseException, xmlErr:
+               msg = ''
+               msg = msg + 'XML parsing error occurred at line '
+               msg = msg + `xmlErr.getLineNumber( )`
+               msg = msg + ', column '
+               msg = msg + `xmlErr.getColumnNumber( )`
+               msg = msg + ': reason = "'
+               msg = msg + xmlErr.getMessage( )
+               msg = msg + '"'
+               formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), 
xmlErr.getColumnNumber( ) )
+               return None
+
+       except xml.sax.SAXException, xmlErr:
+               msg = ''
+               msg = msg + 'XML Parsing error: ' + `xmlErr`
+               formatXmlError( msg, xmlInput, xmlErr.getLineNumber( ), 
xmlErr.getColumnNumber( ) )
+               return None
+
+       return domDoc
+
+def parsePolicyXml( ):
+       global policyXml
+       global formSteTypes, formChWallTypes
+
+       domDoc = parseXml( policyXml )
+       if domDoc == None:
+               return
+
+       domRoot  = domDoc.documentElement
+       domNodes = domRoot.getElementsByTagName( 'SimpleTypeEnforcement' )
+       if len( domNodes ) > 0:
+               steTypes = getSteTypes( domNodes[0], 1 )
+               if steTypes == None:
+                       msg = ''
+                       msg = msg + 'Error processing the SimpleTypeEnforcement 
types.\n'
+                       msg = msg + 'Please validate the Policy Definition file 
used.'
+                       formatXmlError( msg )
+                       return
+
+               formSteTypes[1] = steTypes
+
+       domNodes = domRoot.getElementsByTagName( 'ChineseWall' )
+       if len( domNodes ) > 0:
+               chwTypes = getChWTypes( domNodes[0], 1 )
+               if chwTypes == None:
+                       msg = ''
+                       msg = msg + 'Error processing the ChineseWall types.\n'
+                       msg = msg + 'Please validate the Policy Definition file 
used.'
+                       formatXmlError( msg )
+                       return
+
+               formChWallTypes[1] = chwTypes
+
+def parsePolicyLabelXml( ):
+       global policyLabelXml
+
+       domDoc = parseXml( policyLabelXml )
+       if domDoc == None:
+               return
+
+       domRoot     = domDoc.documentElement
+       domHeaders = domRoot.getElementsByTagName( 'LabelHeader' )
+       if len( domHeaders ) == 0:
+               msg = ''
+               msg = msg + '"<LabelHeader>" tag is missing.\n'
+               msg = msg + 'Please validate the Policy Labeling file used.'
+               formatXmlError( msg )
+               return
+
+       pName = getName( domHeaders[0] )
+       if pName == None:
+               msg = ''
+               msg = msg + 'Error processing the Policy Labeling header 
information.\n'
+               msg = msg + 'Please validate the Policy Labeling file used.'
+               formatXmlError( msg )
+               return
+
+       formPolicyLabelName[1] = pName
+
+       pDate = getDate( domHeaders[0] )
+       if pDate == None:
+               msg = ''
+               msg = msg + 'Error processing the Policy Labeling header 
information.\n'
+               msg = msg + 'Please validate the Policy Labeling file used.'
+               formatXmlError( msg )
+               return
+
+       formPolicyLabelDate[1] = pDate
+
+       pUrl = getDefUrl( domHeaders[0] )
+       if pUrl == None:
+               msg = ''
+               msg = msg + 'Error processing the Policy Labeling header 
information.\n'
+               msg = msg + 'Please validate the Policy Labeling file used.'
+               formatXmlError( msg )
+               return
+
+       formPolicyUrl[1] = pUrl
+
+       pRef = getDefRef( domHeaders[0] )
+       if pRef == None:
+               msg = ''
+               msg = msg + 'Error processing the Policy Labeling header 
information.\n'
+               msg = msg + 'Please validate the Policy Labeling file used.'
+               formatXmlError( msg )
+               return
+
+       formPolicyRef[1] = pRef
+
+       domSubjects = domRoot.getElementsByTagName( 'SubjectLabels' )
+       if len( domSubjects ) > 0:
+               formVmNameDom0[1] = domSubjects[0].getAttribute( 'bootstrap' )
+               domNodes = domSubjects[0].getElementsByTagName( 
'VirtualMachineLabel' )
+               for domNode in domNodes:
+                       vmName = getName( domNode )
+                       if vmName == None:
+                               msg = ''
+                               msg = msg + 'Error processing the 
VirtualMachineLabel name.\n'
+                               msg = msg + 'Please validate the Policy 
Labeling file used.'
+                               formatXmlError( msg )
+                               continue
+
+                       steTypes = getSteTypes( domNode )
+                       if steTypes == None:
+                               msg = ''
+                               msg = msg + 'Error processing the 
SimpleTypeEnforcement types.\n'
+                               msg = msg + 'Please validate the Policy 
Labeling file used.'
+                               formatXmlError( msg )
+                               return
+
+                       chwTypes = getChWTypes( domNode )
+                       if chwTypes == None:
+                               msg = ''
+                               msg = msg + 'Error processing the ChineseWall 
types.\n'
+                               msg = msg + 'Please validate the Policy 
Labeling file used.'
+                               formatXmlError( msg )
+                               return
+
+                       newVm( vmName, 1 )
+                       allVmStes[vmName][1] = steTypes
+                       allVmChWs[vmName][1] = chwTypes
+
+def removeDups( curList ):
+       newList = []
+       curSet  = Set( curList )
+       for x in curSet:
+               newList.append( x )
+       newList.sort( )
+
+       return newList
+
+def newVm( vmName, addToList = 0 ):
+       global formVmNames
+       global templateVmDel, allVmDel, templateVmDom0, allVmDom0
+       global templateVmChWs, templateVmChWDel, templateVmChW, templateVmChWAdd
+       global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd
+       global templateVmStes, templateVmSteDel, templateVmSte, templateVmSteAdd
+       global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd
+
+       # Make sure we have an actual name and check one of the 'all'
+       # variables to be sure it hasn't been previously defined
+       if (len( vmName ) > 0) and (not allVmDom0.has_key( vmName )):
+               vmSuffix = '_' + vmName
+               allVmDom0[vmName]   = modFormTemplate( templateVmDom0,   
vmSuffix )
+               allVmDel[vmName]    = modFormTemplate( templateVmDel,    
vmSuffix )
+               allVmChWs[vmName]   = modFormTemplate( templateVmChWs,   
vmSuffix )
+               allVmChWDel[vmName] = modFormTemplate( templateVmChWDel, 
vmSuffix )
+               allVmChW[vmName]    = modFormTemplate( templateVmChW,    
vmSuffix )
+               allVmChWAdd[vmName] = modFormTemplate( templateVmChWAdd, 
vmSuffix )
+               allVmStes[vmName]   = modFormTemplate( templateVmStes,   
vmSuffix )
+               allVmSteDel[vmName] = modFormTemplate( templateVmSteDel, 
vmSuffix )
+               allVmSte[vmName]    = modFormTemplate( templateVmSte,    
vmSuffix )
+               allVmSteAdd[vmName] = modFormTemplate( templateVmSteAdd, 
vmSuffix )
+               if addToList == 1:
+                       formVmNames[1].append( vmName )
+                       formVmNames[1] = removeDups( formVmNames[1] )
+
+def updateInfo( ):
+       global formData, formPolicyLabelName, formPolicyLabelDate
+       global formPolicyUrl, formPolicyRef
+
+       if formData.has_key( formPolicyLabelName[3] ):
+               formPolicyLabelName[1] = formData[formPolicyLabelName[3]].value
+       elif formData.has_key( formPolicyLabelUpdate[3] ):
+               formPolicyLabelName[1] = ''
+
+       if formData.has_key( formPolicyLabelDate[3] ):
+               formPolicyLabelDate[1] = formData[formPolicyLabelDate[3]].value
+       elif formData.has_key( formPolicyLabelUpdate[3] ):
+               formPolicyLabelDate[1] = ''
+
+       if formData.has_key( formPolicyUrl[3] ):
+               formPolicyUrl[1] = formData[formPolicyUrl[3]].value
+       elif formData.has_key( formPolicyLabelUpdate[3] ):
+               formPolicyUrl[1] = ''
+
+       if formData.has_key( formPolicyRef[3] ):
+               formPolicyRef[1] = formData[formPolicyRef[3]].value
+       elif formData.has_key( formPolicyLabelUpdate[3] ):
+               formPolicyRef[1] = ''
+
+def addVm( ):
+       global formData, fromVmName, formVmNames, formVmNameDom0
+
+       if (formData.has_key( formDefaultButton[3] )) or (formData.has_key( 
formVmAdd[3] )):
+               if formData.has_key( formVmName[3] ):
+                       vmName = formData[formVmName[3]].value
+                       vmName = vmName.strip( )
+                       newVm( vmName, 1 )
+                       if formVmNameDom0[1] == '':
+                               formVmNameDom0[1] = vmName
+
+def delVm( vmName ):
+       global formVmNames, formVmNameDom0
+       global allVmDel, allVmDom0
+       global allVmChWs, allVmChWDel, allVmChWType, allVmChWAdd
+       global allVmStes, allVmSteDel, allVmSteType, allVmSteAdd
+
+       vmName = vmName.strip( )
+       formVmNames[1].remove( vmName )
+       del allVmDom0[vmName]
+       del allVmDel[vmName]
+       del allVmChWs[vmName]
+       del allVmChWDel[vmName]
+       del allVmChW[vmName]
+       del allVmChWAdd[vmName]
+       del allVmStes[vmName]
+       del allVmSteDel[vmName]
+       del allVmSte[vmName]
+       del allVmSteAdd[vmName]
+
+       if formVmNameDom0[1] == vmName:
+               if len( formVmNames[1] ) > 0:
+                       formVmNameDom0[1] = formVmNames[1][0]
+               else:
+                       formVmNameDom0[1] = ''
+
+def makeVmDom0( vmName ):
+       global formVmNameDom0
+
+       vmName = vmName.strip( )
+       formVmNameDom0[1] = vmName
+
+def addVmChW( chwName ):
+       global formData, allVmChW, allVmChWs
+
+       formVar = allVmChW[chwName]
+       if formData.has_key( formVar[3] ):
+               chwList = formData.getlist( formVar[3] )
+               formVar = allVmChWs[chwName]
+               for chw in chwList:
+                       chw = chw.strip( )
+                       formVar[1].append( chw )
+                       formVar[1] = removeDups( formVar[1] )
+
+def delVmChW( chwName ):
+       global formData, allVmChWs
+
+       formVar = allVmChWs[chwName]
+       if formData.has_key( formVar[3] ):
+               chwList = formData.getlist( formVar[3] )
+               for chw in chwList:
+                       chw = chw.strip( )
+                       formVar[1].remove( chw )
+
+def addVmSte( steName ):
+       global formData, allVmSte, allVmStes
+
+       formVar = allVmSte[steName]
+       if formData.has_key( formVar[3] ):
+               steList = formData.getlist( formVar[3] )
+               formVar = allVmStes[steName]
+               for ste in steList:
+                       ste = ste.strip( )
+                       formVar[1].append( ste )
+                       formVar[1] = removeDups( formVar[1] )
+
+def delVmSte( steName ):
+       global formData, allVmStes
+
+       formVar = allVmStes[steName]
+       if formData.has_key( formVar[3] ):
+               steList = formData.getlist( formVar[3] )
+               for ste in steList:
+                       ste = ste.strip( )
+                       formVar[1].remove( ste )
+
+def processRequest( ):
+       global formData, policyXml, policyLabelXml, formPolicyLabelUpdate
+       global formVmAdd
+       global formVmNames, allVmDel, allVmDom0
+       global allVmChWAdd, allVmChWDel, allVmSteAdd, allVmSteDel
+
+       if policyXml != '':
+               parsePolicyXml( )
+
+       if policyLabelXml != '':
+               parsePolicyLabelXml( )
+
+       # Allow the updating of the header information whenever
+       # an action is performed
+       updateInfo( )
+
+       # Allow the adding of labels if the user has hit the
+       # enter key when attempting to add a type/set
+       addVm( )
+
+       for vmName in formVmNames[1]:
+               if formData.has_key( allVmDel[vmName][3] ):
+                       delVm( vmName )
+                       continue
+
+               if formData.has_key( allVmDom0[vmName][3] ):
+                       makeVmDom0( vmName )
+
+               if formData.has_key( allVmChWAdd[vmName][3] ):
+                       addVmChW( vmName )
+
+               elif formData.has_key( allVmChWDel[vmName][3] ):
+                       delVmChW( vmName )
+
+               elif formData.has_key( allVmSteAdd[vmName][3] ):
+                       addVmSte( vmName )
+
+               elif formData.has_key( allVmSteDel[vmName][3] ):
+                       delVmSte( vmName )
+
+def modFormTemplate( formTemplate, suffix ):
+       formVar = [x for x in formTemplate]
+
+       if formVar[2] != '':
+               formVar[2] = formVar[2] + suffix
+       if formVar[3] != '':
+               formVar[3] = formVar[3] + suffix
+       if (formVar[0] != 'button') and (formVar[4] != ''):
+               formVar[4] = formVar[4] + suffix
+
+       return formVar;
+
+def makeName( name, suffix='' ):
+       rName = name
+       if suffix != '':
+               rName = rName + '_' + suffix
+
+       return rName
+
+def makeNameAttr( name, suffix='' ):
+       return 'name="' + makeName( name, suffix ) + '"'
+
+def makeValue( value, suffix='' ):
+       rValue = value
+
+       if isinstance( value, list ):
+               rValue = '['
+               for val in value:
+                       rValue = rValue + '\'' + val
+                       if suffix != '':
+                               rValue = rValue + '_' + suffix
+                       rValue = rValue + '\','
+               rValue = rValue + ']'
+
+       else:
+               if suffix != '':
+                       rValue = rValue + '_' + suffix
+
+       return rValue
+
+def makeValueAttr( value, suffix='' ):
+       return 'value="' + makeValue( value, suffix ) + '"'
+
+def sendHtmlFormVar( formVar, attrs='', rb_select=0 ):
+       nameAttr  = ''
+       valueAttr = ''
+       htmlText  = ''
+
+       if formVar[0] == 'text':
+               if formVar[3] != '':
+                       nameAttr = makeNameAttr( formVar[3] )
+               valueAttr = makeValueAttr( formVar[1] )
+
+               print '<INPUT type="text"', nameAttr, valueAttr, attrs, '>'
+
+       elif formVar[0] == 'list':
+               if formVar[3] != '':
+                       nameAttr = makeNameAttr( formVar[3] )
+
+               print '<SELECT', nameAttr, attrs, '>'
+               for option in formVar[1]:
+                       print '<OPTION>' + option + '</OPTION>'
+               print '</SELECT>'
+
+       elif formVar[0] == 'button':
+               if formVar[3] != '':
+                       nameAttr = makeNameAttr( formVar[3] )
+               if formVar[4] != '':
+                       valueAttr = makeValueAttr( formVar[4] )
+
+               print '<INPUT type="submit"', nameAttr, valueAttr, attrs, '>'
+
+       elif formVar[0] == 'radiobutton':
+               if formVar[3] != '':
+                       nameAttr  = makeNameAttr( formVar[3] )
+                       valueAttr = makeValueAttr( formVar[4][rb_select] )
+                       htmlText  = formVar[5][rb_select]
+                       if formVar[4][rb_select] == formVar[1]:
+                               checked = 'checked'
+                       else:
+                               checked = ''
+
+                       print '<INPUT type="radio"', nameAttr, valueAttr, 
attrs, checked, '>', htmlText
+
+       elif formVar[0] == 'radiobutton-all':
+               if formVar[3] != '':
+                       nameAttr = makeNameAttr( formVar[3] )
+                       buttonVals  = formVar[4]
+                       for i, buttonVal in enumerate( buttonVals ):
+                               htmlText = ''
+                               addAttrs = ''
+                               checked  = ''
+
+                               valueAttr = makeValueAttr( buttonVal )
+                               if formVar[5] != '':
+                                       htmlText = formVar[5][i]
+                               if attrs != '':
+                                       addAttrs = attrs[i]
+                               if buttonVal == formVar[1]:
+                                       checked = 'checked'
+
+                               print '<INPUT type="radio"', nameAttr, 
valueAttr, addAttrs, checked, '>', htmlText
+
+       if ( formVar[2] != '' ) and ( rb_select == 0 ):
+               nameAttr = makeNameAttr( formVar[2] )
+               valueAttr = makeValueAttr( formVar[1] )
+               print '<INPUT type="hidden"', nameAttr, valueAttr, '>'
+
+def sendHtmlHeaders( ):
+       # HTML headers
+       print 'Content-Type: text/html'
+       print
+
+def sendPolicyLabelHtml( ):
+       global xmlError, xmlIncomplete, xmlMessages, formXmlGen
+       global formVmNameDom0, formSteTypes, formChWallTypes
+
+       print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"'
+       print '  "http://www.w3.org/TR/html4/loose.dtd";>'
+
+       print '<HTML>'
+
+       sendHtmlHead( )
+
+       print '<BODY>'
+
+       # An input XML file was specified that had errors, output the
+       # error information
+       if xmlError == 1:
+               print '<P>'
+               print 'An error has been encountered while processing the input'
+               print 'XML file:'
+               print '<UL>'
+               for msg in xmlMessages:
+                       print '<LI>'
+                       print msg
+               print '</UL>'
+               print '</BODY>'
+               print '</HTML>'
+               return
+
+       # When attempting to generate the XML output, all required data was not
+       # present, output the error information
+       if xmlIncomplete == 1:
+               print '<P>'
+               print 'An error has been encountered while validating the data'
+               print 'required for the output XML file:'
+               print '<UL>'
+               for msg in xmlMessages:
+                       print '<LI>'
+                       print msg
+               print '</UL>'
+               print '</BODY>'
+               print '</HTML>'
+               return
+
+       print '<CENTER>'
+       print '<FORM action="' + os.environ['SCRIPT_NAME'] + '" method="post">'
+       print '<TABLE class="container">'
+       print '  <COLGROUP>'
+       print '    <COL width="100%">'
+       print '  </COLGROUP>'
+
+       print '  <TR>'
+       print '    <TD>'
+       sendHtmlFormVar( formDefaultButton, 'class="hidden"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD>'
+       sendHtmlFormVar( formXmlGen )
+       print '    </TD>'
+       print '  </TR>'
+
+       # Policy Labeling header
+       print '  <TR>'
+       print '    <TD>'
+       sendPLHeaderHtml( )
+       print '    </TD>'
+       print '  </TR>'
+
+       # Separator
+       print '  <TR>'
+       print '    <TD>'
+       print '      <HR>'
+       print '    </TD>'
+       print '  </TR>'
+
+       # Policy Labels (vms)
+       print '  <TR>'
+       print '    <TD>'
+       print '      <TABLE class="full">'
+       print '        <TR>'
+       print '          <TD width="100%">'
+       sendPLSubHtml( )
+       print '          </TD>'
+       print '        </TR>'
+       print '      </TABLE>'
+       print '    </TD>'
+       print '  </TR>'
+
+       print '</TABLE>'
+
+       # Send some data that needs to be available across sessions
+       sendHtmlFormVar( formVmNameDom0 )
+       sendHtmlFormVar( formSteTypes )
+       sendHtmlFormVar( formChWallTypes )
+
+       print '</FORM>'
+       print '</CENTER>'
+
+       print '</BODY>'
+
+       print '</HTML>'
+
+def sendHtmlHead( ):
+       global headTitle
+
+       print '<HEAD>'
+       print '<STYLE type="text/css">'
+       print '<!--'
+       print 'BODY            {background-color: #EEEEFF;}'
+       print 'TABLE.container {width:  90%; border: 1px solid black; 
border-collapse: seperate;}'
+       print 'TABLE.full      {width: 100%; border: 0px solid black; 
border-collapse: collapse; border-spacing: 3px;}'
+       print 'TABLE.fullbox   {width: 100%; border: 0px solid black; 
border-collapse: collapse; border-spacing: 3px;}'
+       print 'THEAD           {font-weight: bold; font-size: larger;}'
+       print 'TD              {border: 0px solid black; vertical-align: top;}'
+       print 'TD.heading      {border: 0px solid black; vertical-align: top; 
font-weight: bold; font-size: larger;}'
+       print 'TD.subheading   {border: 0px solid black; vertical-align: top; 
font-size: smaller;}'
+       print 'TD.fullbox      {border: 1px solid black; vertical-align: top;}'
+       print 'SELECT.full     {width: 100%;}'
+       print 'INPUT.full      {width: 100%;}'
+       print 'INPUT.link      {cursor: pointer; background-color: #EEEEFF; 
border: 0px; text-decoration: underline; color: blue;}'
+       print 'INPUT.hidden    {visibility: hidden; width: 1px; height: 1px;}'
+       print ':link           {color: blue;}'
+       print ':visited        {color: red;}'
+       print '-->'
+       print '</STYLE>'
+       print '<TITLE>', headTitle, '</TITLE>'
+       print '</HEAD>'
+
+def sendPLHeaderHtml( ):
+       global formPolicyLabelName, formPolicyLabelDate
+       global formPolicyUrl, formPolicyRef
+       global formPolicyLabelUpdate
+
+       # Policy Labeling header definition
+       print '<TABLE class="full">'
+       print '  <COLGROUP>'
+       print '    <COL width="20%">'
+       print '    <COL width="80%">'
+       print '  </COLGROUP>'
+       print '  <TR>'
+       print '    <TD class="heading" align="center" colspan="2">Policy 
Labeling Information</TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="right">Name:</TD>'
+       print '    <TD align="left">'
+       sendHtmlFormVar( formPolicyLabelName, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="right">Date:</TD>'
+       print '    <TD align="left">'
+       sendHtmlFormVar( formPolicyLabelDate, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="right">Policy URL:</TD>'
+       print '    <TD align="left">'
+       sendHtmlFormVar( formPolicyUrl, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="right">Policy Reference:</TD>'
+       print '    <TD align="left">'
+       sendHtmlFormVar( formPolicyRef, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="center" colspan="2">'
+       sendHtmlFormVar( formPolicyLabelUpdate )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD align="center" colspan="2" class="subheading">'
+       print '      (The Policy Labeling Information is updated whenever an 
action is performed'
+       print '       or it can be updated separately using the "Update" 
button)'
+       print '    </TD>'
+       print '  </TR>'
+       print '</TABLE>'
+
+def sendPLSubHtml( ):
+       global formVmNames, formVmDel, formVmName, formVmAdd
+       global allVmDel, allVmDom0
+       global allVmChWs, allVmChWDel, allVmChW, allVmChWAdd
+       global allVmStes, allVmSteDel, allVmSte, allVmSteAdd
+       global formSteTypes, formChWallTypes
+
+       print '<TABLE class="full">'
+       print '  <COLGROUP>'
+       print '    <COL width="100%">'
+       print '  </COLGROUP>'
+
+       # Virtual Machines...
+       print '  <TR>'
+       print '    <TD>'
+       print '      <TABLE class="full">'
+       print '        <COLGROUP>'
+       print '          <COL width="10%">'
+       print '          <COL width="40%">'
+       print '          <COL width="50%">'
+       print '        </COLGROUP>'
+       print '        <TR>'
+       print '          <TD class="heading" align="center" colspan="3">Virtual 
Machine Classes</TD>'
+       print '        </TR>'
+       print '        <TR>'
+       print '          <TD colspan="2">'
+       sendHtmlFormVar( formVmName, 'class="full"' )
+       sendHtmlFormVar( formVmNames )
+       print '          </TD>'
+       print '          <TD>&nbsp;</TD>'
+       print '        </TR>'
+       print '        <TR>'
+       print '          <TD>'
+       sendHtmlFormVar( formVmAdd, 'class="full"' )
+       print '          </TD>'
+       print '          <TD colspan="2">'
+       print '            Create a new VM class with the above name'
+       print '          </TD>'
+       print '        </TR>'
+       print '      </TABLE>'
+       print '    </TD>'
+       print '  </TR>'
+       if len( formVmNames[1] ) > 0:
+               print '  <TR>'
+               print '    <TD colspan="1">'
+               print '      &nbsp;'
+               print '    </TD>'
+               print '  </TR>'
+               print '  <TR>'
+               print '    <TD>'
+               print '      <TABLE class="fullbox">'
+               print '        <COLGROUP>'
+               print '          <COL width="10%">'
+               print '          <COL width="40%">'
+               print '          <COL width="50%">'
+               print '        </COLGROUP>'
+               print '        <THEAD>'
+               print '          <TR>'
+               print '            <TD class="fullbox">Dom 0?</TD>'
+               print '            <TD class="fullbox">Name</TD>'
+               print '            <TD class="fullbox">Actions</TD>'
+               print '          </TR>'
+               print '        </THEAD>'
+               for i, vmName in enumerate( formVmNames[1] ):
+                       print '        <TR>'
+                       print '          <TD class="fullbox">'
+                       if formVmNameDom0[1] == vmName:
+                               print 'Yes'
+                       else:
+                               print '&nbsp;'
+                       print '          </TD>'
+                       print '          <TD class="fullbox">' + vmName + 
'</TD>'
+                       print '          <TD class="fullbox">'
+                       print '            <A href="#' + vmName + '">Edit</A>'
+                       formVar = allVmDel[vmName]
+                       sendHtmlFormVar( formVar, 'class="link"' )
+                       formVar = allVmDom0[vmName]
+                       sendHtmlFormVar( formVar, 'class="link"' )
+                       print '          </TD>'
+                       print '        </TR>'
+               print '      </TABLE>'
+               print '    </TD>'
+               print '  </TR>'
+               for vmName in formVmNames[1]:
+                       print '  <TR>'
+                       print '    <TD>'
+                       print '      <HR>'
+                       print '    </TD>'
+                       print '  </TR>'
+                       print '  <TR>'
+                       print '    <TD>'
+                       print '      <TABLE class="full">'
+                       print '        <COLGROUP>'
+                       print '          <COL width="10%">'
+                       print '          <COL width="39%">'
+                       print '          <COL width="2%">'
+                       print '          <COL width="10%">'
+                       print '          <COL width="39%">'
+                       print '        </COLGROUP>'
+                       print '        <TR>'
+                       print '          <TD colspan="5" align="center" 
class="heading">'
+                       print '            <A name="' + vmName + '">Virtual 
Machine Class: ' + vmName + '</A>'
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD colspan="2" align="center">Simple 
Type Enforcement Types</TD>'
+                       print '          <TD>&nbsp;</TD>'
+                       print '          <TD colspan="2" align="center">Chinese 
Wall Types</TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD colspan="2">'
+                       formVar = allVmStes[vmName];
+                       sendHtmlFormVar( formVar, 'class="full" size="4" 
multiple"' )
+                       print '          </TD>'
+                       print '          <TD>&nbsp;</TD>'
+                       print '          <TD colspan="2">'
+                       formVar = allVmChWs[vmName];
+                       sendHtmlFormVar( formVar, 'class="full" size="4" 
multiple"' )
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD>'
+                       formVar = allVmSteDel[vmName];
+                       sendHtmlFormVar( formVar, 'class="full"' )
+                       print '          </TD>'
+                       print '          <TD>'
+                       print '            Delete the type(s) selected above'
+                       print '          </TD>'
+                       print '          <TD>&nbsp;</TD>'
+                       print '          <TD>'
+                       formVar = allVmChWDel[vmName];
+                       sendHtmlFormVar( formVar, 'class="full"' )
+                       print '          </TD>'
+                       print '          <TD>'
+                       print '            Delete the type(s) selected above'
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD colspan="2">'
+                       stSet = Set( formSteTypes[1] )
+                       vmSet = Set( allVmStes[vmName][1] )
+                       formVar = allVmSte[vmName]
+                       formVar[1] = []
+                       for steType in stSet.difference( vmSet ):
+                               formVar[1].append( steType )
+                       formVar[1].sort( )
+                       sendHtmlFormVar( formVar, 'class="full" size="2" 
multiple"' )
+                       print '          </TD>'
+                       print '          <TD>&nbsp;</TD>'
+                       print '          <TD colspan="2">'
+                       ctSet = Set( formChWallTypes[1] )
+                       vmSet = Set( allVmChWs[vmName][1] )
+                       formVar = allVmChW[vmName]
+                       formVar[1] = []
+                       for chwallType in ctSet.difference( vmSet ):
+                               formVar[1].append( chwallType )
+                       formVar[1].sort( )
+                       sendHtmlFormVar( formVar, 'class="full" size="2" 
multiple"' )
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '        <TR>'
+                       print '          <TD>'
+                       formVar = allVmSteAdd[vmName];
+                       sendHtmlFormVar( formVar, 'class="full"' )
+                       print '          </TD>'
+                       print '          <TD>'
+                       print '            Add the type(s) selected above'
+                       print '          </TD>'
+                       print '          <TD>&nbsp;</TD>'
+                       print '          <TD>'
+                       formVar = allVmChWAdd[vmName];
+                       sendHtmlFormVar( formVar, 'class="full"' )
+                       print '          </TD>'
+                       print '          <TD>'
+                       print '            Add the type(s) selected above'
+                       print '          </TD>'
+                       print '        </TR>'
+                       print '      </TABLE>'
+                       print '    </TD>'
+                       print '  </TR>'
+
+       print '</TABLE>'
+
+def sendPLObjHtml( ):
+
+       # Resources...
+       print '<TABLE class="full">'
+       print '  <COLGROUP>'
+       print '    <COL width="60%">'
+       print '    <COL width="20%">'
+       print '    <COL width="20%">'
+       print '  </COLGROUP>'
+
+       print '  <TR>'
+       print '    <TD align="center" colspan="3" 
class="heading">Resources</TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD colspan="2">'
+       #sendHtmlFormVar( formVmNames, 'class="full" size="4" multiple"' )
+       print '    </TD>'
+       print '    <TD>'
+       #sendHtmlFormVar( formVmDel, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '  <TR>'
+       print '    <TD colspan="2">'
+       #sendHtmlFormVar( formVmName, 'class="full"' )
+       print '    </TD>'
+       print '    <TD>'
+       #sendHtmlFormVar( formVmAdd, 'class="full"' )
+       print '    </TD>'
+       print '  </TR>'
+       print '</TABLE>'
+
+def checkXmlData( ):
+       global xmlIncomplete
+
+       # Validate the Policy Label Header requirements
+       if ( len( formPolicyLabelName[1] ) == 0 ) or \
+          ( len( formPolicyLabelDate[1] ) == 0 ) or \
+          ( len( formPolicyUrl[1] ) == 0 ) or \
+          ( len( formPolicyRef[1] ) == 0 ):
+                       msg = ''
+                       msg = msg + 'The XML policy label schema requires that 
the Policy '
+                       msg = msg + 'Labeling Information Name, Date, Policy 
URL and '
+                       msg = msg + 'Policy Reference fields all have values.'
+                       formatXmlGenError( msg )
+
+def sendXmlHeaders( ):
+       # HTML headers
+       print 'Content-Type: text/xml'
+       print 'Content-Disposition: attachment; 
filename=security_label_template.xml'
+       print
+
+def sendPolicyLabelXml( ):
+       print '<?xml version="1.0"?>'
+
+       print '<SecurityLabelTemplate xmlns="http://www.ibm.com";'
+       print '                       
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";'
+       print '                       xsi:schemaLocation="http://www.ibm.com 
security_policy.xsd">'
+
+       # Policy Labeling header
+       sendPLHeaderXml( )
+
+       # Policy Labels (subjects and objects)
+       sendPLSubXml( )
+       #sendPLObjXml( )
+
+       print '</SecurityLabelTemplate>'
+
+def sendPLHeaderXml( ):
+       global formPolicyLabelName, formPolicyLabelDate
+       global formPolicyUrl, formPolicyRef
+
+       # Policy Labeling header definition
+       print '<LabelHeader>'
+       print '  <Name>' + formPolicyLabelName[1] + '</Name>'
+       print '  <Date>' + formPolicyLabelDate[1] + '</Date>'
+       print '  <PolicyName>'
+       print '    <Url>' + formPolicyUrl[1] + '</Url>'
+       print '    <Reference>' + formPolicyRef[1] + '</Reference>'
+       print '  </PolicyName>'
+       print '</LabelHeader>'
+
+def sendPLSubXml( ):
+       global formVmNames, allVmChWs, allVmStes
+
+       # Virtual machines...
+       if len( formVmNames[1] ) == 0:
+               return
+
+       print '<SubjectLabels bootstrap="' + formVmNameDom0[1] + '">'
+       for vmName in formVmNames[1]:
+               print '  <VirtualMachineLabel>'
+               print '    <Name>' + vmName + '</Name>'
+               formVar = allVmStes[vmName]
+               if len( formVar[1] ) > 0:
+                       print '    <SimpleTypeEnforcementTypes>'
+                       for ste in formVar[1]:
+                               print '      <Type>' + ste + '</Type>'
+                       print '    </SimpleTypeEnforcementTypes>'
+
+               formVar = allVmChWs[vmName]
+               if len( formVar[1] ) > 0:
+                       print '    <ChineseWallTypes>'
+                       for chw in formVar[1]:
+                               print '      <Type>' + chw + '</Type>'
+                       print '    </ChineseWallTypes>'
+
+               print '  </VirtualMachineLabel>'
+
+       print '</SubjectLabels>'
+
+
+# Set up initial HTML variables
+headTitle = 'Xen Policy Labeling Generation'
+
+# Form variables
+#   The format of these variables is as follows:
+#   [ p0, p1, p2, p3, p4, p5 ]
+#     p0 = input type
+#     p1 = the current value of the variable
+#     p2 = the hidden input name attribute
+#     p3 = the name attribute
+#     p4 = the value attribute
+#     p5 = text to associate with the tag
+formPolicyLabelName   = [ 'text',
+                       '',
+                       'h_policyLabelName',
+                       'i_policyLabelName',
+                       '',
+                       '',
+                       ]
+formPolicyLabelDate   = [ 'text',
+                       getCurrentTime( ),
+                       'h_policyLabelDate',
+                       'i_policyLabelDate',
+                       '',
+                       '',
+                       ]
+formPolicyUrl         = [ 'text',
+                       '',
+                       'h_policyUrl',
+                       'i_policyUrl',
+                       '',
+                       '',
+                       ]
+formPolicyRef         = [ 'text',
+                       '',
+                       'h_policyRef',
+                       'i_policyRef',
+                       '',
+                       '',
+                       ]
+formPolicyLabelUpdate = [ 'button',
+                       '',
+                       '',
+                       'i_PolicyLabelUpdate',
+                       'Update',
+                       '',
+                   ]
+
+formVmNames       = [ '',
+                       [],
+                       'h_vmNames',
+                       '',
+                       '',
+                       '',
+                   ]
+formVmDel         = [ 'button',
+                       '',
+                       '',
+                       'i_vmDel',
+                       'Delete',
+                       '',
+                   ]
+formVmName        = [ 'text',
+                       '',
+                       '',
+                       'i_vmName',
+                       '',
+                       '',
+                   ]
+formVmAdd         = [ 'button',
+                       '',
+                       '',
+                       'i_vmAdd',
+                       'New',
+                       '',
+                   ]
+
+formVmNameDom0    = [ '',
+                       '',
+                       'h_vmDom0',
+                       '',
+                       '',
+                       '',
+                   ]
+
+formXmlGen        = [ 'button',
+                       '',
+                       '',
+                       'i_xmlGen',
+                       'Generate XML',
+                       '',
+                   ]
+
+formDefaultButton = [ 'button',
+                       '',
+                       '',
+                       'i_defaultButton',
+                       '.',
+                       '',
+                   ]
+
+formSteTypes      = [ '',
+                        [],
+                       'h_steTypes',
+                       '',
+                       '',
+                       '',
+                   ]
+formChWallTypes   = [ '',
+                        [],
+                       'h_chwallTypes',
+                       '',
+                       '',
+                       '',
+                   ]
+
+# This is a set of templates used for each virtual machine
+#   Each virtual machine is initially assigned these templates,
+#   then each form attribute value is changed to append
+#   "_virtual-machine-name" for uniqueness.
+templateVmDel     = [ 'button',
+                       '',
+                       '',
+                       'i_vmDel',
+                       'Delete',
+                       '',
+                   ]
+templateVmDom0    = [ 'button',
+                       '',
+                       '',
+                       'i_vmDom0',
+                       'SetDom0',
+                       '',
+                   ]
+allVmDel          = {};
+allVmDom0         = {};
+
+templateVmChWs    = [ 'list',
+                       [],
+                       'h_vmChWs',
+                       'i_vmChWs',
+                       '',
+                       '',
+                   ]
+templateVmChWDel  = [ 'button',
+                       '',
+                       '',
+                       'i_vmChWDel',
+                       'Delete',
+                       '',
+                   ]
+templateVmChW     = [ 'list',
+                       [],
+                       '',
+                       'i_vmChW',
+                       '',
+                       '',
+                   ]
+templateVmChWAdd  = [ 'button',
+                       '',
+                       '',
+                       'i_vmChWAdd',
+                       'Add',
+                       '',
+                   ]
+allVmChWs         = {};
+allVmChWDel       = {};
+allVmChW          = {};
+allVmChWAdd       = {};
+
+templateVmStes    = [ 'list',
+                       [],
+                       'h_vmStes',
+                       'i_vmStes',
+                       '',
+                       '',
+                   ]
+templateVmSteDel  = [ 'button',
+                       '',
+                       '',
+                       'i_vmSteDel',
+                       'Delete',
+                       '',
+                   ]
+templateVmSte     = [ 'list',
+                       [],
+                       '',
+                       'i_vmSte',
+                       '',
+                       '',
+                   ]
+templateVmSteAdd  = [ 'button',
+                       '',
+                       '',
+                       'i_vmSteAdd',
+                       'Add',
+                       '',
+                   ]
+allVmStes         = {};
+allVmSteDel       = {};
+allVmSte          = {};
+allVmSteAdd       = {};
+
+# A list of all form variables used for saving info across requests
+formVariables     = [ formPolicyLabelName,
+                       formPolicyLabelDate,
+                       formPolicyUrl,
+                       formPolicyRef,
+                       formVmNames,
+                       formVmNameDom0,
+                       formSteTypes,
+                       formChWallTypes,
+                   ]
+
+policyXml         = ''
+policyLabelXml    = ''
+xmlError          = 0
+xmlIncomplete     = 0
+xmlMessages       = []
+
+
+# Extract any form data
+formData = cgi.FieldStorage( )
+
+# Process the form
+getSavedData( )
+processRequest( )
+
+if formData.has_key( formXmlGen[3] ):
+       # Generate and send the XML file
+       checkXmlData( )
+
+       if xmlIncomplete == 0:
+               sendXmlHeaders( )
+               sendPolicyLabelXml( )
+
+if (not formData.has_key( formXmlGen[3] )) or (xmlIncomplete == 1 ):
+       # Send HTML to continue processing the form
+       sendHtmlHeaders( )
+       sendPolicyLabelHtml( )
diff -r bdcb115c667a -r db5feb4ccc13 tools/security/python/xensec_gen/index.html
--- /dev/null   Sat Dec 10 23:20:08 2005
+++ b/tools/security/python/xensec_gen/index.html       Mon Dec 12 19:10:23 2005
@@ -0,0 +1,126 @@
+<!--
+ The Initial Developer of the Original Code is International
+ Business Machines Corporation. Portions created by IBM
+ Corporation are Copyright (C) 2005 International Business
+ Machines Corporation. All Rights Reserved.
+ -->
+
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+  "http://www.w3.org/TR/html4/loose.dtd";>
+<HTML>
+  <HEAD>
+    <META name="author" content="Tom Lendacky">
+    <META name="copyright" content="Copyright (C) 2005 International Business 
Machines Corporation. All rights reserved">
+
+    <STYLE type="text/css">
+      <!--
+      BODY       {background-color: #EEEEFF;}
+      TABLE.xen  {width: 100%; border: 0px solid black;}
+      TD         {border: 0px solid black;}
+      TD.heading {border: 0px solid black; font-weight: bold; font-size: 
larger;}
+      -->
+    </STYLE>
+    <TITLE>Xen Security Policy Tool</TITLE>
+  </HEAD>
+
+  <BODY>
+    <H1>Xen Security Policy Generation Tool</H1>
+
+    <CENTER>
+    <FORM action="/cgi-bin/policy.cgi" method="post" 
enctype="multipart/form-data">
+    <TABLE class="xen">
+      <COLGROUP>
+        <COL width="25%">
+        <COL width="20%">
+        <COL width="55%">
+      </COLGROUP>
+
+      <TR>
+        <TD valign="top" class="heading">
+          Security Policy
+        </TD>
+        <TD valign="top" colspan="2">
+          To generate a new Xen Security Policy leave the
+          <B>"Policy File"</B> entry field
+          empty and click the "Create" button.<BR>
+          To modify an existing Xen Security Policy enter the
+          file name containing the policy in the
+          <B>"Policy File"</B> entry field
+          and click the "Create" button.<HR>
+        </TD>
+      </TR>
+      <TR>
+        <TD></TD>
+        <TD>
+          Policy File:
+        </TD>
+        <TD>
+          <INPUT type="file" size="50" name="i_policy">
+        </TD>
+      </TR>
+      <TR>
+        <TD></TD>
+        <TD valign="top">
+          <INPUT type="submit" name="i_policyCreate" value="Create">
+        </TD>
+        <TD></TD>
+      </TR>
+    </TABLE>
+    </FORM>
+
+    <FORM action="/cgi-bin/policylabel.cgi" method="post" 
enctype="multipart/form-data">
+    <TABLE class="xen">
+      <COLGROUP>
+        <COL width="25%">
+        <COL width="20%">
+        <COL width="55%">
+      </COLGROUP>
+
+      <TR>
+        <TD valign="top" class="heading">
+          Security Policy Labeling
+        </TD>
+        <TD valign="top" colspan="2">
+          To generate or edit the Xen Security Policy Labeling you <B>must</B>
+          specify the name of
+          an existing Xen Security Policy file in the
+          <B>"Policy File"</B> entry field.<BR>
+          To generate new Xen Security Policy Labeling leave the
+          <B>"Policy Labeling File"</B> entry field
+          empty and click the "Create" button.<BR>
+          To modify existing Xen Security Policy Labeling enter the
+          file name containing the labeling in the
+          <B>"Policy Labeling File"</B> entry field
+          and click the "Create" button.<HR>
+        </TD>
+      </TR>
+      <TR>
+        <TD></TD>
+        <TD>
+          Policy File:
+        </TD>
+        <TD>
+          <INPUT type="file" size="50" name="i_policy">
+        </TD>
+      </TR>
+      <TR>
+        <TD></TD>
+        <TD>
+          Policy Labeling File:
+        </TD>
+        <TD>
+          <INPUT type="file" size="50" name="i_policyLabel">
+        </TD>
+      </TR>
+      <TR>
+        <TD></TD>
+        <TD valign="top">
+          <INPUT type="submit" name="i_policyLabelCreate" value="Create">
+        </TD>
+        <TD></TD>
+      </TR>
+    </TABLE>
+    </FORM>
+  </CENTER>
+  </BODY>
+</HTML>
diff -r bdcb115c667a -r db5feb4ccc13 tools/security/python/xensec_gen/main.py
--- /dev/null   Sat Dec 10 23:20:08 2005
+++ b/tools/security/python/xensec_gen/main.py  Mon Dec 12 19:10:23 2005
@@ -0,0 +1,185 @@
+#!/usr/bin/python
+#
+# The Initial Developer of the Original Code is International
+# Business Machines Corporation. Portions created by IBM
+# Corporation are Copyright (C) 2005 International Business
+# Machines Corporation. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License,
+# or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+"""Xen security policy generation aid
+"""
+
+import os
+import pwd
+import grp
+import sys
+import getopt
+import BaseHTTPServer
+import CGIHTTPServer
+
+
+gHttpPort = 7777
+gHttpDir  = '/var/lib/xensec_gen'
+gLogFile  = '/var/log/xensec_gen.log'
+gUser     = 'nobody'
+gGroup    = 'nobody'
+
+def usage( ):
+       print >>sys.stderr, 'Usage:  ' + sys.argv[0] + ' [OPTIONS]'
+       print >>sys.stderr, '  OPTIONS:'
+       print >>sys.stderr, '  -p, --httpport'
+       print >>sys.stderr, '     The port on which the http server is to 
listen'
+       print >>sys.stderr, '     (default: ' + str( gHttpPort ) + ')'
+       print >>sys.stderr, '  -d, --httpdir'
+       print >>sys.stderr, '     The directory where the http server is to 
serve pages from'
+       print >>sys.stderr, '     (default: ' + gHttpDir + ')'
+       print >>sys.stderr, '  -l, --logfile'
+       print >>sys.stderr, '     The file in which to log messages generated 
by this command'
+       print >>sys.stderr, '     (default: ' + gLogFile + ')'
+       print >>sys.stderr, '  -u, --user'
+       print >>sys.stderr, '     The user under which this command is to run.  
This parameter'
+       print >>sys.stderr, '     is only used when invoked under the "root" 
user'
+       print >>sys.stderr, '     (default: ' + gUser + ')'
+       print >>sys.stderr, '  -g, --group'
+       print >>sys.stderr, '     The group under which this command is to run. 
 This parameter'
+       print >>sys.stderr, '     is only used when invoked under the "root" 
user'
+       print >>sys.stderr, '     (default: ' + gGroup + ')'
+       print >>sys.stderr, '  -f'
+       print >>sys.stderr, '     Run the command in the foreground.  The 
logfile option will be'
+       print >>sys.stderr, '     ignored and all output will be directed to 
stdout and stderr.'
+       print >>sys.stderr, '  -h, --help'
+       print >>sys.stderr, '     Display the command usage information'
+
+def runServer( aServerPort,
+               aServerClass  = BaseHTTPServer.HTTPServer,
+               aHandlerClass = CGIHTTPServer.CGIHTTPRequestHandler ):
+       serverAddress = ( '', aServerPort )
+       httpd = aServerClass( serverAddress, aHandlerClass )
+       httpd.serve_forever( )
+
+def daemonize( aHttpDir, aLogFile, aUser, aGroup, aFork = 'true' ):
+       # Do some pre-daemon activities
+       os.umask( 027 )
+       if os.getuid( ) == 0:
+               # If we are running as root, we will change that
+               uid = pwd.getpwnam( aUser )[2]
+               gid = grp.getgrnam( aGroup )[2]
+
+               if aFork == 'true':
+                       # Change the owner of the log file to the user/group
+                       #   under which the daemon is to run
+                       flog = open( aLogFile, 'a' )
+                       flog.close( )
+                       os.chown( aLogFile, uid, gid )
+
+               # Change the uid/gid of the process
+               os.setgid( gid )
+               os.setuid( uid )
+
+       # Change to the HTTP directory
+       os.chdir( aHttpDir )
+
+       if aFork == 'true':
+               # Do first fork
+               try:
+                       pid = os.fork( )
+                       if pid:
+                               # Parent process
+                               return pid
+
+               except OSError, e:
+                       raise Exception, e
+
+               # First child process, create a new session
+               os.setsid( )
+
+               # Do second fork
+               try:
+                       pid = os.fork( )
+                       if pid:
+                               # Parent process
+                               os._exit( 0 )
+
+               except OSError, e:
+                       raise Exception, e
+
+               # Reset stdin/stdout/stderr
+               fin  = open( '/dev/null',  'r' )
+               flog = open( aLogFile, 'a' )
+               os.dup2( fin.fileno( ),  sys.stdin.fileno( ) )
+               os.dup2( flog.fileno( ), sys.stdout.fileno( ) )
+               os.dup2( flog.fileno( ), sys.stderr.fileno( ) )
+
+def main( ):
+       httpPort = gHttpPort
+       httpDir  = gHttpDir
+       logFile  = gLogFile
+       user     = gUser
+       group    = gGroup
+       doFork   = 'true'
+
+       shortOpts = 'd:p:l:u:g:fh'
+       longOpts  = [ 'httpdir=', 'httpport=', 'logfile=', 'user=', 'group=', 
'help' ]
+       try:
+               opts, args = getopt.getopt( sys.argv[1:], shortOpts, longOpts )
+
+       except getopt.GetoptError, e:
+               print >>sys.stderr, e
+               usage( )
+               sys.exit( )
+
+       if len( args ) != 0:
+               print >>sys.stderr, 'Error: command arguments are not supported'
+               usage( )
+               sys.exit( )
+
+       for opt, opt_value in opts:
+               if opt in ( '-h', '--help' ):
+                       usage( )
+                       sys.exit( )
+
+               if opt in ( '-d', '--httpdir' ):
+                       httpDir = opt_value
+
+               if opt in ( '-p', '--httpport' ):
+                       try:
+                               httpPort = int( opt_value )
+                       except:
+                               print >>sys.stderr, 'Error: HTTP port is not 
valid'
+                               usage( )
+                               sys.exit( )
+
+               if opt in ( '-l', '--logfile' ):
+                       logFile = opt_value
+
+               if opt in ( '-u', '--user' ):
+                       user = opt_value
+
+               if opt in ( '-g', '--group' ):
+                       group = opt_value
+
+               if opt in ( '-f' ):
+                       doFork = 'false'
+
+       pid = daemonize( httpDir, logFile, user, group, doFork )
+       if pid > 0:
+               sys.exit( )
+
+       runServer( httpPort )
+
+if __name__ == '__main__':
+       main( )
diff -r bdcb115c667a -r db5feb4ccc13 tools/security/xensec_gen.py
--- /dev/null   Sat Dec 10 23:20:08 2005
+++ b/tools/security/xensec_gen.py      Mon Dec 12 19:10:23 2005
@@ -0,0 +1,26 @@
+#!/usr/bin/python
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License,
+# or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import sys
+
+# Add fallback path for non-native python path installs if needed
+sys.path.append( '/usr/lib/python' )
+sys.path.append( '/usr/lib64/python' )
+
+from xen.xensec_gen import main
+
+main.main( )

Attachment: xensec_gen.diff
Description: Text Data

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.