source: trunk/packages/xen-common/xen-common/tools/security/python/xensec_gen/main.py @ 34

Last change on this file since 34 was 34, checked in by hartmans, 17 years ago

Add xen and xen-common

  • Property svn:mime-type set to text/script
File size: 5.9 KB
Line 
1#!/usr/bin/python
2#
3# The Initial Developer of the Original Code is International
4# Business Machines Corporation. Portions created by IBM
5# Corporation are Copyright (C) 2005 International Business
6# Machines Corporation. All Rights Reserved.
7#
8# This program is free software; you can redistribute it and/or modify
9# it under the terms of the GNU General Public License as published by
10# the Free Software Foundation; either version 2 of the License,
11# or (at your option) any later version.
12#
13# This program is distributed in the hope that it will be useful,
14# but WITHOUT ANY WARRANTY; without even the implied warranty of
15# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16# GNU General Public License for more details.
17#
18# You should have received a copy of the GNU General Public License
19# along with this program; if not, write to the Free Software
20# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21#
22
23"""Xen security policy generation aid
24"""
25
26import os
27import pwd
28import grp
29import sys
30import getopt
31import BaseHTTPServer
32import CGIHTTPServer
33
34
35gHttpPort = 7777
36gHttpDir  = '/var/lib/xensec_gen'
37gLogFile  = '/var/log/xen/xensec_gen.log'
38gUser     = 'nobody'
39gGroup    = 'nobody'
40
41def usage( ):
42    print >>sys.stderr, 'Usage:  ' + sys.argv[0] + ' [OPTIONS]'
43    print >>sys.stderr, '  OPTIONS:'
44    print >>sys.stderr, '  -p, --httpport'
45    print >>sys.stderr, '     The port on which the http server is to listen'
46    print >>sys.stderr, '     (default: ' + str( gHttpPort ) + ')'
47    print >>sys.stderr, '  -d, --httpdir'
48    print >>sys.stderr, '     The directory where the http server is to serve pages from'
49    print >>sys.stderr, '     (default: ' + gHttpDir + ')'
50    print >>sys.stderr, '  -l, --logfile'
51    print >>sys.stderr, '     The file in which to log messages generated by this command'
52    print >>sys.stderr, '     (default: ' + gLogFile + ')'
53    print >>sys.stderr, '  -u, --user'
54    print >>sys.stderr, '     The user under which this command is to run.  This parameter'
55    print >>sys.stderr, '     is only used when invoked under the "root" user'
56    print >>sys.stderr, '     (default: ' + gUser + ')'
57    print >>sys.stderr, '  -g, --group'
58    print >>sys.stderr, '     The group under which this command is to run.  This parameter'
59    print >>sys.stderr, '     is only used when invoked under the "root" user'
60    print >>sys.stderr, '     (default: ' + gGroup + ')'
61    print >>sys.stderr, '  -f'
62    print >>sys.stderr, '     Run the command in the foreground.  The logfile option will be'
63    print >>sys.stderr, '     ignored and all output will be directed to stdout and stderr.'
64    print >>sys.stderr, '  -h, --help'
65    print >>sys.stderr, '     Display the command usage information'
66
67def runServer( aServerPort,
68               aServerClass  = BaseHTTPServer.HTTPServer,
69               aHandlerClass = CGIHTTPServer.CGIHTTPRequestHandler ):
70    serverAddress = ( '', aServerPort )
71    httpd = aServerClass( serverAddress, aHandlerClass )
72    httpd.serve_forever( )
73
74def daemonize( aHttpDir, aLogFile, aUser, aGroup, aFork = 'true' ):
75    # Do some pre-daemon activities
76    os.umask( 027 )
77    if os.getuid( ) == 0:
78        # If we are running as root, we will change that
79        uid = pwd.getpwnam( aUser )[2]
80        gid = grp.getgrnam( aGroup )[2]
81
82        if aFork == 'true':
83            # Change the owner of the log file to the user/group
84            #   under which the daemon is to run
85            flog = open( aLogFile, 'a' )
86            flog.close( )
87            os.chown( aLogFile, uid, gid )
88
89        # Change the uid/gid of the process
90        os.setgid( gid )
91        os.setuid( uid )
92
93    # Change to the HTTP directory
94    os.chdir( aHttpDir )
95
96    if aFork == 'true':
97        # Do first fork
98        try:
99            pid = os.fork( )
100            if pid:
101            # Parent process
102                return pid
103
104        except OSError, e:
105            raise Exception, e
106
107        # First child process, create a new session
108        os.setsid( )
109
110        # Do second fork
111        try:
112            pid = os.fork( )
113            if pid:
114                # Parent process
115                os._exit( 0 )
116
117        except OSError, e:
118            raise Exception, e
119
120        # Reset stdin/stdout/stderr
121        fin  = open( '/dev/null',  'r' )
122        flog = open( aLogFile, 'a' )
123        os.dup2( fin.fileno( ),  sys.stdin.fileno( ) )
124        os.dup2( flog.fileno( ), sys.stdout.fileno( ) )
125        os.dup2( flog.fileno( ), sys.stderr.fileno( ) )
126
127def main( ):
128    httpPort = gHttpPort
129    httpDir  = gHttpDir
130    logFile  = gLogFile
131    user     = gUser
132    group    = gGroup
133    doFork   = 'true'
134
135    shortOpts = 'd:p:l:u:g:fh'
136    longOpts  = [ 'httpdir=', 'httpport=', 'logfile=', 'user=', 'group=', 'help' ]
137    try:
138        opts, args = getopt.getopt( sys.argv[1:], shortOpts, longOpts )
139
140    except getopt.GetoptError, e:
141        print >>sys.stderr, e
142        usage( )
143        sys.exit( )
144
145    if len( args ) != 0:
146        print >>sys.stderr, 'Error: command arguments are not supported'
147        usage( )
148        sys.exit( )
149
150    for opt, opt_value in opts:
151        if opt in ( '-h', '--help' ):
152            usage( )
153            sys.exit( )
154
155        if opt in ( '-d', '--httpdir' ):
156            httpDir = opt_value
157
158        if opt in ( '-p', '--httpport' ):
159            try:
160                httpPort = int( opt_value )
161            except:
162                print >>sys.stderr, 'Error: HTTP port is not valid'
163                usage( )
164                sys.exit( )
165
166        if opt in ( '-l', '--logfile' ):
167            logFile = opt_value
168
169        if opt in ( '-u', '--user' ):
170            user = opt_value
171
172        if opt in ( '-g', '--group' ):
173            group = opt_value
174
175        if opt in ( '-f' ):
176            doFork = 'false'
177
178    pid = daemonize( httpDir, logFile, user, group, doFork )
179    if pid > 0:
180        sys.exit( )
181
182    runServer( httpPort )
183
184if __name__ == '__main__':
185    main( )
Note: See TracBrowser for help on using the repository browser.