debuggers.hg

view tools/python/xen/xm/getlabel.py @ 16559:5255eac35270

Implement legacy XML-RPC interface for ACM commands.

This patch implements a (non Xen-API) legacy XML-RPC interface for the
ACM commands and funnels the calls into code introduced by the Xen-API
support for ACM security management. Since some of the functionality
has changed, also the xm applications have changed. In particular the
following old commands have been removed along with some tools the
have become obsolete now:

- loadpolicy (included in: setpolicy)
- makepolicy (included in: setpolicy)
- cfgbootpolicy (included in: setpolicy)

and the following commands been introduced:

- setpolicy
- getpolicy
- resetpolicy

All tools have been adapted to work in Xen-API and legacy XML-RPC
mode. Both modes support the same functionality.

Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
author Keir Fraser <keir.fraser@citrix.com>
date Wed Dec 05 09:44:20 2007 +0000 (2007-12-05)
parents 993655d24b55
children 23f9857f642f
line source
1 #============================================================================
2 # This library is free software; you can redistribute it and/or
3 # modify it under the terms of version 2.1 of the GNU Lesser General Public
4 # License as published by the Free Software Foundation.
5 #
6 # This library is distributed in the hope that it will be useful,
7 # but WITHOUT ANY WARRANTY; without even the implied warranty of
8 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
9 # Lesser General Public License for more details.
10 #
11 # You should have received a copy of the GNU Lesser General Public
12 # License along with this library; if not, write to the Free Software
13 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
14 #============================================================================
15 # Copyright (C) 2006 International Business Machines Corp.
16 # Author: Bryan D. Payne <bdpayne@us.ibm.com>
17 #============================================================================
19 """Show the label for a domain or resoruce.
20 """
21 import sys, os, re
22 import xen.util.xsm.xsm as security
23 from xen.util import xsconstants
24 from xen.xm.opts import OptionError
25 from xen.xm import main as xm_main
26 from xen.xm.main import server
28 def help():
29 return """
30 Usage: xm getlabel dom <configfile>
31 xm getlabel mgt <domain name>
32 xm getlabel res <resource>
33 xm getlabel vif-<idx> <vmname>
35 This program shows the label for a domain from its configuration
36 file, the label of a Xend-managed domain, that of a resources or
37 the label of a virtual network interface of a managed domain
38 (requires xm to be used in Xen-API mode).
39 """
41 def get_resource_label(resource):
42 """Gets the resource label
43 """
44 if xm_main.serverType == xm_main.SERVER_XEN_API:
45 reslabel = server.xenapi.XSPolicy.get_resource_label(resource)
46 if reslabel == "":
47 raise security.XSMError("Resource not labeled")
48 print reslabel
49 else:
50 reslabel = server.xend.security.get_resource_label(resource)
51 if len(reslabel) == 0:
52 raise security.XSMError("Resource not labeled")
53 print ":".join(reslabel)
56 def get_domain_label(configfile):
57 # open the domain config file
58 fd = None
59 if configfile[0] == '/':
60 fd = open(configfile, "rb")
61 else:
62 for prefix in [".", "/etc/xen"]:
63 abs_file = prefix + "/" + configfile
64 if os.path.isfile(abs_file):
65 fd = open(abs_file, "rb")
66 break
67 if not fd:
68 raise OptionError("Configuration file '%s' not found." % configfile)
70 # read in the domain config file, finding the label line
71 ac_entry_re = re.compile("^access_control\s*=.*", re.IGNORECASE)
72 ac_exit_re = re.compile(".*'\].*")
73 acline = ""
74 record = 0
75 for line in fd.readlines():
76 if ac_entry_re.match(line):
77 record = 1
78 if record:
79 acline = acline + line
80 if record and ac_exit_re.match(line):
81 record = 0
82 fd.close()
84 # send error message if we didn't find anything
85 if acline == "":
86 raise security.XSMError("Domain not labeled")
88 # print out the label
89 (title, data) = acline.split("=", 1)
90 data = data.strip()
91 data = data.lstrip("[\'")
92 data = data.rstrip("\']")
93 print "policytype=%s," % xsconstants.ACM_POLICY_ID + data
95 def get_vif_label(vmname, idx):
96 if xm_main.serverType != xm_main.SERVER_XEN_API:
97 raise OptionError('xm needs to be configure to use the xen-api.')
98 vm_refs = server.xenapi.VM.get_by_name_label(vmname)
99 if len(vm_refs) == 0:
100 raise OptionError('A VM with the name %s does not exist.' %
101 vmname)
102 vif_refs = server.xenapi.VM.get_VIFs(vm_refs[0])
103 if len(vif_refs) <= idx:
104 raise OptionError("Bad VIF index.")
105 vif_ref = server.xenapi.VIF.get_by_uuid(vif_refs[idx])
106 if not vif_ref:
107 print "No VIF with this UUID."
108 sec_lab = server.xenapi.VIF.get_security_label(vif_ref)
109 print "%s" % sec_lab
111 def get_domain_label_xapi(domain):
112 if xm_main.serverType != xm_main.SERVER_XEN_API:
113 sec_lab = server.xend.security.get_domain_label(domain)
114 if len(sec_lab) > 0 and sec_lab[0] == '\'':
115 sec_lab = sec_lab[1:]
116 else:
117 uuids = server.xenapi.VM.get_by_name_label(domain)
118 if len(uuids) == 0:
119 raise OptionError('A VM with that name does not exist.')
120 if len(uuids) != 1:
121 raise OptionError('There are multiple domains with the same name.')
122 uuid = uuids[0]
123 sec_lab = server.xenapi.VM.get_security_label(uuid)
124 print "%s" %sec_lab
126 def main(argv):
127 if len(argv) != 3:
128 raise OptionError('Requires 2 arguments')
130 if argv[1].lower() == "dom":
131 configfile = argv[2]
132 get_domain_label(configfile)
133 elif argv[1].lower() == "mgt":
134 domainname = argv[2]
135 get_domain_label_xapi(domainname)
136 elif argv[1].lower() == "res":
137 resource = argv[2]
138 get_resource_label(resource)
139 elif argv[1].lower().startswith("vif-"):
140 try:
141 idx = int(argv[1][4:])
142 if idx < 0:
143 raise
144 except:
145 raise OptionError("Bad VIF device index.")
146 vmname = argv[2]
147 get_vif_label(vmname, idx)
148 else:
149 raise OptionError('First subcommand argument must be "dom"'
150 ', "mgt" or "res"')
152 if __name__ == '__main__':
153 try:
154 main(sys.argv)
155 except Exception, e:
156 sys.stderr.write('Error: %s\n' % str(e))
157 sys.exit(-1)