def setpolicy(policytype, policy_name, flags, overwrite): if policytype.upper() == xsconstants.ACM_POLICY_ID: xs_type = xsconstants.XS_POLICY_ACM for prefix in ['./', install_policy_dir_prefix + "/"]: policy_file = prefix + "/".join(policy_name.split(".")) + \ "-security_policy.xml" if os.path.exists(policy_file): break try: f = open(policy_file, "r") xml = f.read() f.close() except: raise OptionError("Could not read policy file from current" " directory or '%s'." % install_policy_dir_prefix) if xm_main.serverType == xm_main.SERVER_XEN_API: if xs_type != int(server.xenapi.XSPolicy.get_xstype()): raise security.XSMError("ACM policy type not supported.") try: policystate = server.xenapi.XSPolicy.set_xspolicy( xs_type, xml, flags, overwrite) except Exception, e: raise security.XSMError("An error occurred setting the " "policy: %s" % str(e)) xserr = int(policystate['xserr']) if xserr != xsconstants.XSERR_SUCCESS: txt = "An error occurred trying to set the policy: %s." % \ xsconstants.xserr2string(abs(xserr)) errors = policystate['errors'] if len(errors) > 0: txt += " " + build_hv_error_message( base64.b64decode(errors)) raise security.XSMError(txt) else: print "Successfully set the new policy." getpolicy(False) else: # Non-Xen-API call. if xs_type != server.xend.security.get_xstype(): raise security.XSMError("ACM policy type not supported.") rc, errors = server.xend.security.set_policy( xs_type, xml, flags, overwrite) if rc != xsconstants.XSERR_SUCCESS: txt = "An error occurred trying to set the policy: %s." % \ xsconstants.xserr2string(abs(rc)) if len(errors) > 0: txt += " " + build_hv_error_message( base64.b64decode(errors)) raise security.XSMError(txt) else: print "Successfully set the new policy." getpolicy(False)
def __init__(self, error, message=None): XendAPIError.__init__(self) self.error = error if not message: self.message = xserr2string(-error) else: self.message = message
def setpolicy(policytype, policy_name, flags, overwrite): if policytype.upper() == xsconstants.ACM_POLICY_ID: xs_type = xsconstants.XS_POLICY_ACM for prefix in [ './', install_policy_dir_prefix+"/" ]: policy_file = prefix + "/".join(policy_name.split(".")) + \ "-security_policy.xml" if os.path.exists(policy_file): break elif policytype.upper() == xsconstants.FLASK_POLICY_ID: xs_type = xsconstants.XS_POLICY_FLASK policy_file = policy_name else: raise OptionError("Unsupported policytype '%s'." % policytype) try: f = open(policy_file,"r") policy = f.read() f.close() except: raise OptionError("Could not read policy file: %s" % policy_file) if xs_type == xsconstants.XS_POLICY_FLASK: policy = base64.b64encode(policy) if xm_main.serverType == xm_main.SERVER_XEN_API: if xs_type != int(server.xenapi.XSPolicy.get_xstype()): raise security.XSMError("Policy type not supported.") try: policystate = server.xenapi.XSPolicy.set_xspolicy(xs_type, policy, flags, overwrite) except Exception, e: raise security.XSMError("An error occurred setting the " "policy: %s" % str(e)) xserr = int(policystate['xserr']) if xserr != xsconstants.XSERR_SUCCESS: txt = "An error occurred trying to set the policy: %s." % \ xsconstants.xserr2string(abs(xserr)) errors = policystate['errors'] if len(errors) > 0: txt += " " + build_hv_error_message(base64.b64decode(errors)) raise security.XSMError(txt) else: print "Successfully set the new policy." if xs_type == xsconstants.XS_POLICY_ACM: getpolicy(False)
def add_domain_label_xapi(label, domainname, policyref, policy_type): sec_lab = "%s:%s:%s" % (policy_type, policyref, label) if xm_main.serverType != xm_main.SERVER_XEN_API: old_seclab = server.xend.security.get_domain_label(domainname) if old_seclab[0] == '\'': old_seclab = old_seclab[1:] results = server.xend.security.set_domain_label(domainname, sec_lab, old_seclab) rc, ssidref = results if rc == xsconstants.XSERR_SUCCESS: if ssidref != 0: print "Successfully set the label of domain '%s' to '%s'.\n" \ % (domainname,label) else: print "Successfully set the label of the dormant domain " \ "'%s' to '%s'." % (domainname,label) else: msg = xsconstants.xserr2string(-rc) raise security.XSMError("An error occurred relabeling " "the domain: %s" % msg) else: uuids = server.xenapi.VM.get_by_name_label(domainname) if len(uuids) == 0: raise OptionError('A VM with that name does not exist.') if len(uuids) != 1: raise OptionError('There are multiple domains with the same name.') uuid = uuids[0] try: old_lab = server.xenapi.VM.get_security_label(uuid) rc = server.xenapi.VM.set_security_label(uuid, sec_lab, old_lab) except Exception, e: raise security.XSMError("Could not label the domain: %s" % e) if int(rc) < 0: raise OptionError('Could not label domain.') else: ssidref = int(rc) if ssidref != 0: print "Successfully set the label of domain '%s' to '%s'.\n" \ % (domainname,label) else: print "Successfully set the label of the dormant domain " \ "'%s' to '%s'." % (domainname,label)
def add_resource_label(label, resource, policyref, policy_type): """Adds a resource label to the global resource label file. """ if xm_main.serverType != xm_main.SERVER_XEN_API: old = server.xend.security.get_resource_label(resource) if len(old) == 0: try: rc = server.xend.security.set_resource_label( resource, policy_type, policyref, label) except Exception, e: raise if rc != xsconstants.XSERR_SUCCESS: security.err("An error occurred labeling the resource: %s" % \ xsconstants.xserr2string(-rc)) else: old = security.format_resource_label(old) security.err("'%s' is already labeled with '%s'." % \ (resource,old))
def add_domain_label_xapi(label, domainname, policyref, policy_type): sec_lab = "%s:%s:%s" % (policy_type, policyref, label) if xm_main.serverType != xm_main.SERVER_XEN_API: old_seclab = server.xend.security.get_domain_label(domainname) if old_seclab[0] == '\'': old_seclab = old_seclab[1:] results = server.xend.security.set_domain_label( domainname, sec_lab, old_seclab) rc, ssidref = results if rc == xsconstants.XSERR_SUCCESS: if ssidref != 0: print "Successfully set the label of domain '%s' to '%s'.\n" \ % (domainname,label) else: print "Successfully set the label of the dormant domain " \ "'%s' to '%s'." % (domainname,label) else: msg = xsconstants.xserr2string(-rc) raise security.XSMError("An error occurred relabeling " "the domain: %s" % msg) else: uuids = server.xenapi.VM.get_by_name_label(domainname) if len(uuids) == 0: raise OptionError('A VM with that name does not exist.') if len(uuids) != 1: raise OptionError('There are multiple domains with the same name.') uuid = uuids[0] try: old_lab = server.xenapi.VM.get_security_label(uuid) rc = server.xenapi.VM.set_security_label(uuid, sec_lab, old_lab) except Exception, e: raise security.XSMError("Could not label the domain: %s" % e) if int(rc) < 0: raise OptionError('Could not label domain.') else: ssidref = int(rc) if ssidref != 0: print "Successfully set the label of domain '%s' to '%s'.\n" \ % (domainname,label) else: print "Successfully set the label of the dormant domain " \ "'%s' to '%s'." % (domainname,label)
def add_resource_label(label, resource, policyref, policy_type): """Adds a resource label to the global resource label file. """ if xm_main.serverType != xm_main.SERVER_XEN_API: old = server.xend.security.get_resource_label(resource) if len(old) == 0: try: rc = server.xend.security.set_resource_label(resource, policy_type, policyref, label) except Exception, e: raise if rc != xsconstants.XSERR_SUCCESS: security.err("An error occurred labeling the resource: %s" % \ xsconstants.xserr2string(-rc)) else: old = security.format_resource_label(old) security.err("'%s' is already labeled with '%s'." % \ (resource,old))
if xm_main.serverType == xm_main.SERVER_XEN_API: try: oldlabel = server.xenapi.XSPolicy.get_resource_label(resource) if oldlabel != "": server.xenapi.XSPolicy.set_resource_label(resource, "", oldlabel) else: raise security.XSMError("Resource not labeled") except Exception, e: raise security.XSMError("Could not remove label " "from resource: %s" % e) return else: oldlabel = server.xend.security.get_resource_label(resource) if len(oldlabel) != 0: rc = server.xend.security.set_resource_label(resource, "", "", "") if rc != xsconstants.XSERR_SUCCESS: raise security.XSMError("An error occurred removing the " "label: %s" % xsconstants.xserr2string(-rc)) else: raise security.XSMError("Resource not labeled") def rm_domain_label(configfile): # open the domain config file fd = None fil = None if configfile[0] == "/": fil = configfile fd = open(fil, "rb") else: for prefix in [".", "/etc/xen"]: fil = prefix + "/" + configfile if os.path.isfile(fil):
server.xenapi.XSPolicy.set_resource_label( resource, "", oldlabel) else: raise security.XSMError("Resource not labeled") except Exception, e: raise security.XSMError("Could not remove label " "from resource: %s" % e) return else: oldlabel = server.xend.security.get_resource_label(resource) if len(oldlabel) != 0: rc = server.xend.security.set_resource_label(resource, "", "", "") if rc != xsconstants.XSERR_SUCCESS: raise security.XSMError("An error occurred removing the " "label: %s" % \ xsconstants.xserr2string(-rc)) else: raise security.XSMError("Resource not labeled") def rm_domain_label(configfile): # open the domain config file fd = None fil = None if configfile[0] == '/': fil = configfile fd = open(fil, "rb") else: for prefix in [".", auxbin.xen_configdir()]: fil = prefix + "/" + configfile if os.path.isfile(fil):
raise security.XSMError("Resource not labeled") except Exception, e: raise security.XSMError("Could not remove label " "from resource: %s" % e) return else: oldlabel = server.xend.security.get_resource_label(resource) if len(oldlabel) != 0: rc = server.xend.security.set_resource_label(resource, "", "", "") if rc != xsconstants.XSERR_SUCCESS: raise security.XSMError("An error occurred removing the " "label: %s" % \ xsconstants.xserr2string(-rc)) else: raise security.XSMError("Resource not labeled") def rm_domain_label(configfile): # open the domain config file fd = None fil = None if configfile[0] == '/': fil = configfile fd = open(fil, "rb") else: for prefix in [".", auxbin.xen_configdir() ]: fil = prefix + "/" + configfile if os.path.isfile(fil): fd = open(fil, "rb")
else: print "Successfully set the new policy." if xs_type == xsconstants.XS_POLICY_ACM: getpolicy(False) else: # Non-Xen-API call. if xs_type != server.xend.security.on(): raise security.XSMError("Policy type not supported.") rc, errors = server.xend.security.set_policy(xs_type, policy, flags, overwrite) if rc != xsconstants.XSERR_SUCCESS: txt = "An error occurred trying to set the policy: %s." % \ xsconstants.xserr2string(abs(rc)) if len(errors) > 0: txt += " " + build_hv_error_message( base64.b64decode(errors)) raise security.XSMError(txt) else: print "Successfully set the new policy." if xs_type == xsconstants.XS_POLICY_ACM: getpolicy(False) def main(argv): if len(argv) < 3: raise OptionError("Need at least 3 arguments.") if "-?" in argv: help()
txt += " " + build_hv_error_message(base64.b64decode(errors)) raise security.XSMError(txt) else: print "Successfully set the new policy." if xs_type == xsconstants.XS_POLICY_ACM: getpolicy(False) else: # Non-Xen-API call. if xs_type != server.xend.security.on(): raise security.XSMError("Policy type not supported.") rc, errors = server.xend.security.set_policy(xs_type, policy, flags, overwrite) if rc != xsconstants.XSERR_SUCCESS: txt = "An error occurred trying to set the policy: %s." % \ xsconstants.xserr2string(abs(rc)) if len(errors) > 0: txt += " " + build_hv_error_message(base64.b64decode(errors)) raise security.XSMError(txt) else: print "Successfully set the new policy." if xs_type == xsconstants.XS_POLICY_ACM: getpolicy(False) def main(argv): if len(argv) < 3: raise OptionError("Need at least 3 arguments.") if "-?" in argv: help()