debuggers.hg

view tools/security/python/xensec_gen/main.py @ 0:7d21f7218375

Exact replica of unstable on 051908 + README-this
author Mukesh Rathor
date Mon May 19 15:34:57 2008 -0700 (2008-05-19)
parents
children
line source
1 #!/usr/bin/python
2 #
3 # The Initial Developer of the Original Code is International
4 # Business Machines Corporation. Portions created by IBM
5 # Corporation are Copyright (C) 2005 International Business
6 # Machines Corporation. All Rights Reserved.
7 #
8 # This program is free software; you can redistribute it and/or modify
9 # it under the terms of the GNU General Public License as published by
10 # the Free Software Foundation; either version 2 of the License,
11 # or (at your option) any later version.
12 #
13 # This program is distributed in the hope that it will be useful,
14 # but WITHOUT ANY WARRANTY; without even the implied warranty of
15 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 # GNU General Public License for more details.
17 #
18 # You should have received a copy of the GNU General Public License
19 # along with this program; if not, write to the Free Software
20 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 #
23 """Xen security policy generation aid
24 """
26 import os
27 import pwd
28 import grp
29 import sys
30 import getopt
31 import BaseHTTPServer
32 import CGIHTTPServer
35 gHttpPort = 7777
36 gHttpDir = '/var/lib/xensec_gen'
37 gLogFile = '/var/log/xen/xensec_gen.log'
38 gUser = 'nobody'
39 gGroup = 'nobody'
41 def usage( ):
42 print >>sys.stderr, 'Usage: ' + sys.argv[0] + ' [OPTIONS]'
43 print >>sys.stderr, ' OPTIONS:'
44 print >>sys.stderr, ' -p, --httpport'
45 print >>sys.stderr, ' The port on which the http server is to listen'
46 print >>sys.stderr, ' (default: ' + str( gHttpPort ) + ')'
47 print >>sys.stderr, ' -d, --httpdir'
48 print >>sys.stderr, ' The directory where the http server is to serve pages from'
49 print >>sys.stderr, ' (default: ' + gHttpDir + ')'
50 print >>sys.stderr, ' -l, --logfile'
51 print >>sys.stderr, ' The file in which to log messages generated by this command'
52 print >>sys.stderr, ' (default: ' + gLogFile + ')'
53 print >>sys.stderr, ' -u, --user'
54 print >>sys.stderr, ' The user under which this command is to run. This parameter'
55 print >>sys.stderr, ' is only used when invoked under the "root" user'
56 print >>sys.stderr, ' (default: ' + gUser + ')'
57 print >>sys.stderr, ' -g, --group'
58 print >>sys.stderr, ' The group under which this command is to run. This parameter'
59 print >>sys.stderr, ' is only used when invoked under the "root" user'
60 print >>sys.stderr, ' (default: ' + gGroup + ')'
61 print >>sys.stderr, ' -f'
62 print >>sys.stderr, ' Run the command in the foreground. The logfile option will be'
63 print >>sys.stderr, ' ignored and all output will be directed to stdout and stderr.'
64 print >>sys.stderr, ' -h, --help'
65 print >>sys.stderr, ' Display the command usage information'
67 def runServer( aServerPort,
68 aServerClass = BaseHTTPServer.HTTPServer,
69 aHandlerClass = CGIHTTPServer.CGIHTTPRequestHandler ):
70 serverAddress = ( '', aServerPort )
71 httpd = aServerClass( serverAddress, aHandlerClass )
72 httpd.serve_forever( )
74 def daemonize( aHttpDir, aLogFile, aUser, aGroup, aFork = 'true' ):
75 # Do some pre-daemon activities
76 os.umask( 027 )
77 if os.getuid( ) == 0:
78 # If we are running as root, we will change that
79 uid = pwd.getpwnam( aUser )[2]
80 gid = grp.getgrnam( aGroup )[2]
82 if aFork == 'true':
83 # Change the owner of the log file to the user/group
84 # under which the daemon is to run
85 flog = open( aLogFile, 'a' )
86 flog.close( )
87 os.chown( aLogFile, uid, gid )
89 # Change the uid/gid of the process
90 os.setgid( gid )
91 os.setuid( uid )
93 # Change to the HTTP directory
94 os.chdir( aHttpDir )
96 if aFork == 'true':
97 # Do first fork
98 try:
99 pid = os.fork( )
100 if pid:
101 # Parent process
102 return pid
104 except OSError, e:
105 raise Exception, e
107 # First child process, create a new session
108 os.setsid( )
110 # Do second fork
111 try:
112 pid = os.fork( )
113 if pid:
114 # Parent process
115 os._exit( 0 )
117 except OSError, e:
118 raise Exception, e
120 # Reset stdin/stdout/stderr
121 fin = open( '/dev/null', 'r' )
122 flog = open( aLogFile, 'a' )
123 os.dup2( fin.fileno( ), sys.stdin.fileno( ) )
124 os.dup2( flog.fileno( ), sys.stdout.fileno( ) )
125 os.dup2( flog.fileno( ), sys.stderr.fileno( ) )
127 def main( ):
128 httpPort = gHttpPort
129 httpDir = gHttpDir
130 logFile = gLogFile
131 user = gUser
132 group = gGroup
133 doFork = 'true'
135 shortOpts = 'd:p:l:u:g:fh'
136 longOpts = [ 'httpdir=', 'httpport=', 'logfile=', 'user=', 'group=', 'help' ]
137 try:
138 opts, args = getopt.getopt( sys.argv[1:], shortOpts, longOpts )
140 except getopt.GetoptError, e:
141 print >>sys.stderr, e
142 usage( )
143 sys.exit( )
145 if len( args ) != 0:
146 print >>sys.stderr, 'Error: command arguments are not supported'
147 usage( )
148 sys.exit( )
150 for opt, opt_value in opts:
151 if opt in ( '-h', '--help' ):
152 usage( )
153 sys.exit( )
155 if opt in ( '-d', '--httpdir' ):
156 httpDir = opt_value
158 if opt in ( '-p', '--httpport' ):
159 try:
160 httpPort = int( opt_value )
161 except:
162 print >>sys.stderr, 'Error: HTTP port is not valid'
163 usage( )
164 sys.exit( )
166 if opt in ( '-l', '--logfile' ):
167 logFile = opt_value
169 if opt in ( '-u', '--user' ):
170 user = opt_value
172 if opt in ( '-g', '--group' ):
173 group = opt_value
175 if opt in ( '-f' ):
176 doFork = 'false'
178 pid = daemonize( httpDir, logFile, user, group, doFork )
179 if pid > 0:
180 sys.exit( )
182 runServer( httpPort )
184 if __name__ == '__main__':
185 main( )