1# Copyright 2014-2015, Tresys Technology, LLC
2#
3# This file is part of SETools.
4#
5# SETools is free software: you can redistribute it and/or modify
6# it under the terms of the GNU Lesser General Public License as
7# published by the Free Software Foundation, either version 2.1 of
8# the License, or (at your option) any later version.
9#
10# SETools is distributed in the hope that it will be useful,
11# but WITHOUT ANY WARRANTY; without even the implied warranty of
12# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13# GNU Lesser General Public License for more details.
14#
15# You should have received a copy of the GNU Lesser General Public
16# License along with SETools.  If not, see
17# <http://www.gnu.org/licenses/>.
18#
19import logging
20import re
21
22from . import compquery
23from .descriptors import CriteriaDescriptor, CriteriaSetDescriptor
24from .policyrep.exception import NoCommon
25
26
27class ObjClassQuery(compquery.ComponentQuery):
28
29    """
30    Query object classes.
31
32    Parameter:
33    policy          The policy to query.
34
35    Keyword Parameters/Class attributes:
36    name            The name of the object set to match.
37    name_regex      If true, regular expression matching will
38                    be used for matching the name.
39    common          The name of the inherited common to match.
40    common_regex    If true, regular expression matching will
41                    be used for matching the common name.
42    perms           The permissions to match.
43    perms_equal     If true, only commons with permission sets
44                    that are equal to the criteria will
45                    match.  Otherwise, any intersection
46                    will match.
47    perms_regex     If true, regular expression matching
48                    will be used on the permission names instead
49                    of set logic.
50                    comparison will not be used.
51    perms_indirect  If false, permissions inherited from a common
52                    permission set not will be evaluated.  Default
53                    is true.
54    """
55
56    common = CriteriaDescriptor("common_regex", "lookup_common")
57    common_regex = False
58    perms = CriteriaSetDescriptor("perms_regex")
59    perms_equal = False
60    perms_indirect = True
61    perms_regex = False
62
63    def results(self):
64        """Generator which yields all matching object classes."""
65        self.log.info("Generating results from {0.policy}".format(self))
66        self.log.debug("Name: {0.name!r}, regex: {0.name_regex}".format(self))
67        self.log.debug("Common: {0.common!r}, regex: {0.common_regex}".format(self))
68        self.log.debug("Perms: {0.perms}, regex: {0.perms_regex}, "
69                       "eq: {0.perms_equal}, indirect: {0.perms_indirect}".format(self))
70
71        for class_ in self.policy.classes():
72            if not self._match_name(class_):
73                continue
74
75            if self.common:
76                try:
77                    if not self._match_regex(
78                            class_.common,
79                            self.common,
80                            self.common_regex):
81                        continue
82                except NoCommon:
83                    continue
84
85            if self.perms:
86                perms = class_.perms
87
88                if self.perms_indirect:
89                    try:
90                        perms |= class_.common.perms
91                    except NoCommon:
92                        pass
93
94                if not self._match_regex_or_set(
95                        perms,
96                        self.perms,
97                        self.perms_equal,
98                        self.perms_regex):
99                    continue
100
101            yield class_
102