From 434ef5bbe1b78ab0dc318323febd9f0317673c3a Mon Sep 17 00:00:00 2001
From: Faiyaz Ahmed <faiyaza@cs.princeton.edu>
Date: Mon, 11 Feb 2008 21:59:36 +0000
Subject: [PATCH] Secure, and configure vsys scripts.

---
 vsys.py | 114 ++++++++++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 94 insertions(+), 20 deletions(-)

diff --git a/vsys.py b/vsys.py
index 6f6d14f..ddb75e3 100644
--- a/vsys.py
+++ b/vsys.py
@@ -5,25 +5,39 @@
 
 import logger
 import os
+from sets import Set
 
+VSYSCONF="/etc/vsys.conf"
+VSYSBKEND="/tmp/vsys"
 
 def start(options, config):
     pass
 
+
 def GetSlivers(data):
     """For each sliver with the vsys attribute, set the script ACL, create the vsys directory in the slice, and restart vsys."""
-    confedSlivers = parseConf("/etc/vsys.conf")
-    newSlivers = []
+    # Touch ACLs and create dict of available
+    scripts = dict.fromkeys(touchAcls(),[])
+    # slices that need to be written to the conf
+    slices = []
+    # Parse attributes and update dict of scripts
     for sliver in data['slivers']:
         for attribute in sliver['attributes']:
             if attribute['name'] == 'vsys':
+                # add to conf
+                slices.append(sliver['name'])
                 # As the name implies, when we find an attribute, we
-                createVsysDir(sliver)
-                if sliver['name'] not in confedSlivers: newSlivers.append(sliver['name'])
-
-    writeConf(confedSlivers + newSlivers, "/etc/vsys.conf")
-
-def secureScripts():
+                createVsysDir(sliver['name'])
+                # add it to our list of slivers that need vsys
+                if attribute['value'] in scripts.keys():
+                    scripts[attribute['value']].append(slice['name'])
+ 
+    # Write the conf
+    writeConf(slices, parseConf())
+    # Write out the ACLs
+    if writeAcls(scripts, parseAcls()): 
+        logger.log("vsys: restarting vsys service")
+        os.system("/etc/init.d/vsys restart")
 
 def createVsysDir(sliver):
     '''Create /vsys directory in slice.  Update vsys conf file.'''
@@ -31,20 +45,80 @@ def createVsysDir(sliver):
     except OSError: pass
 
 
-def parseConf(file):
-    '''Parse the vserver conf.  Return [slices] in conf.'''
-    slices = []
-    f = open(file)
+def touchAcls()
+    '''Creates empty acl files for scripts.  
+    To be ran in case of new scripts that appear in the backend.
+    Returns list of available scripts.'''
+    acls = []
+    scripts = []
+    for (root, dirs, files) in os.walk(VSYSBKEND):
+        for file in files:
+            if file.endswith(".acl"):
+                acls.append(file.rstrip(".acl")
+            else:
+                scripts.append(file)
+
+    for new in (Set(scripts) - Set(acls)):
+        logger.log("vsys:  Found new script %s.  Writing empty acl.")
+        f = open("%s/%s.acl" %(VSYSBKEND, new), "w")
+        f.write("\n")
+        f.close()
+    
+    return scripts
+
+
+def writeAcls(currentscripts, oldscripts):
+    '''Creates .acl files for script in the script repo.'''
+    # Check each oldscript entry to see if we need to modify
+    _restartvsys = False
+    for (acl, oldslivers) in oldscripts.iteritems():
+        if (len(oldslivers) != len(currentscripts[acl])) or \
+        (len(Set(oldslivers) - Set(currentscript[acl])) != 0:
+            _restartvsys = True
+            logger.log("vsys: Updating %s.acl w/ slices %s" % (acl, currentscripts[acl])
+            f = open("%s/%s.acl" % (VSYSBKEND, acl), "w")
+            for slice in currentscripts[acl]: f.write("%s\n" % slice)
+            f.close()
+    # Trigger a restart
+    return _restartvsys
+
+
+def parseAcls():
+    '''Parse the frontend script acls.  Return {script: [slices]} in conf.'''
+    # make a dict of what slices are in what acls.
+    for (root, dirs, files) in os.walk(VSYSBKEND):
+        for file in files:
+            if file.endswith(".acl"):
+                f = open(root+"/"+file,"r+")
+                scriptname = file.rstrip(".acl")
+                scriptacls[scriptname] = []
+                for slice in f.readlines():  
+                    scriptacls[scriptname].append(slice.rstrip())
+                f.close()
+    # return what scripts are configured for which slices.
+    return scriptacls
+
+
+def writeConf(slivers, oldslivers):
+    # Check if this is needed
+    if (len(slivers) != len(oldslivers)) or \
+    (len(Set(oldslivers) - Set(slivers)) ! = 0):
+        logger.log("vsys:  Updating %s" % VSYSCONF)
+        f = open(VSYSCONF,"w")
+        for sliver in slivers:
+            f.write("/vservers/%(name)s/vsys %(name)s\n" % {"name": sliver})
+        f.truncate()
+        f.close()
+
+def parseConf();
+    '''Parse the vsys conf and return list of slices in conf.'''
+    scriptacls = {}
+    slicesinconf = []
+    f = open(VSYSCONF)
     for line in f.readlines():
         (slice, path) = line.split()
-        slices.append(slice)
+        slicesinconf.append(slice)
     f.close()
-    return slices
+    return slicesinconf
 
 
-def writeConf(slivers, file):
-    f = open(file,"w")
-    for sliver in slivers:
-        f.write("/vservers/%(name)s/vsys %(name)s\n" % {"name": sliver})
-    f.truncate()
-    f.close()
-- 
2.43.0