1 | #============================================================================ |
---|
2 | # This library is free software; you can redistribute it and/or |
---|
3 | # modify it under the terms of version 2.1 of the GNU Lesser General Public |
---|
4 | # License as published by the Free Software Foundation. |
---|
5 | # |
---|
6 | # This library is distributed in the hope that it will be useful, |
---|
7 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
8 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
---|
9 | # Lesser General Public License for more details. |
---|
10 | # |
---|
11 | # You should have received a copy of the GNU Lesser General Public |
---|
12 | # License along with this library; if not, write to the Free Software |
---|
13 | # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
---|
14 | #============================================================================ |
---|
15 | # Copyright (C) 2006 International Business Machines Corp. |
---|
16 | # Author: Bryan D. Payne <bdpayne@us.ibm.com> |
---|
17 | #============================================================================ |
---|
18 | |
---|
19 | """Show the label for a domain or resoruce. |
---|
20 | """ |
---|
21 | import sys, os, re |
---|
22 | from xen.util import dictio |
---|
23 | from xen.util import security |
---|
24 | from xen.xm.opts import OptionError |
---|
25 | |
---|
26 | def help(): |
---|
27 | return """ |
---|
28 | Usage: xm getlabel dom <configfile> |
---|
29 | xm getlabel res <resource> |
---|
30 | |
---|
31 | This program shows the label for a domain or resource.""" |
---|
32 | |
---|
33 | def get_resource_label(resource): |
---|
34 | """Gets the resource label |
---|
35 | """ |
---|
36 | #build canonical resource name |
---|
37 | resource = security.unify_resname(resource) |
---|
38 | |
---|
39 | # read in the resource file |
---|
40 | file = security.res_label_filename |
---|
41 | try: |
---|
42 | access_control = dictio.dict_read("resources", file) |
---|
43 | except: |
---|
44 | raise OptionError("Resource label file not found") |
---|
45 | |
---|
46 | # get the entry and print label |
---|
47 | if access_control.has_key(resource): |
---|
48 | policy = access_control[resource][0] |
---|
49 | label = access_control[resource][1] |
---|
50 | print "policy="+policy+",label="+label |
---|
51 | else: |
---|
52 | raise security.ACMError("Resource not labeled") |
---|
53 | |
---|
54 | |
---|
55 | def get_domain_label(configfile): |
---|
56 | # open the domain config file |
---|
57 | fd = None |
---|
58 | if configfile[0] == '/': |
---|
59 | fd = open(configfile, "rb") |
---|
60 | else: |
---|
61 | for prefix in [".", "/etc/xen"]: |
---|
62 | abs_file = prefix + "/" + configfile |
---|
63 | if os.path.isfile(abs_file): |
---|
64 | fd = open(abs_file, "rb") |
---|
65 | break |
---|
66 | if not fd: |
---|
67 | raise OptionError("Configuration file '%s' not found." % configfile) |
---|
68 | |
---|
69 | # read in the domain config file, finding the label line |
---|
70 | ac_entry_re = re.compile("^access_control\s*=.*", re.IGNORECASE) |
---|
71 | ac_exit_re = re.compile(".*'\].*") |
---|
72 | acline = "" |
---|
73 | record = 0 |
---|
74 | for line in fd.readlines(): |
---|
75 | if ac_entry_re.match(line): |
---|
76 | record = 1 |
---|
77 | if record: |
---|
78 | acline = acline + line |
---|
79 | if record and ac_exit_re.match(line): |
---|
80 | record = 0 |
---|
81 | fd.close() |
---|
82 | |
---|
83 | # send error message if we didn't find anything |
---|
84 | if acline == "": |
---|
85 | raise security.ACMError("Domain not labeled") |
---|
86 | |
---|
87 | # print out the label |
---|
88 | (title, data) = acline.split("=", 1) |
---|
89 | data = data.strip() |
---|
90 | data = data.lstrip("[\'") |
---|
91 | data = data.rstrip("\']") |
---|
92 | print data |
---|
93 | |
---|
94 | |
---|
95 | def main(argv): |
---|
96 | if len(argv) != 3: |
---|
97 | raise OptionError('Requires 2 arguments') |
---|
98 | |
---|
99 | if argv[1].lower() == "dom": |
---|
100 | configfile = argv[2] |
---|
101 | get_domain_label(configfile) |
---|
102 | elif argv[1].lower() == "res": |
---|
103 | resource = argv[2] |
---|
104 | get_resource_label(resource) |
---|
105 | else: |
---|
106 | raise OptionError('First subcommand argument must be "dom" or "res"') |
---|
107 | |
---|
108 | if __name__ == '__main__': |
---|
109 | try: |
---|
110 | main(sys.argv) |
---|
111 | except Exception, e: |
---|
112 | sys.stderr.write('Error: %s\n' % str(e)) |
---|
113 | sys.exit(-1) |
---|
114 | |
---|
115 | |
---|
116 | |
---|