1# Copyright 2014-2015, Tresys Technology, LLC 2# 3# This file is part of SETools. 4# 5# SETools is free software: you can redistribute it and/or modify 6# it under the terms of the GNU Lesser General Public License as 7# published by the Free Software Foundation, either version 2.1 of 8# the License, or (at your option) any later version. 9# 10# SETools is distributed in the hope that it will be useful, 11# but WITHOUT ANY WARRANTY; without even the implied warranty of 12# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13# GNU Lesser General Public License for more details. 14# 15# You should have received a copy of the GNU Lesser General Public 16# License along with SETools. If not, see 17# <http://www.gnu.org/licenses/>. 18# 19import logging 20 21from . import compquery 22from . import contextquery 23 24 25class InitialSIDQuery(compquery.ComponentQuery, contextquery.ContextQuery): 26 27 """ 28 Initial SID (Initial context) query. 29 30 Parameter: 31 policy The policy to query. 32 33 Keyword Parameters/Class attributes: 34 name The Initial SID name to match. 35 name_regex If true, regular expression matching 36 will be used on the Initial SID name. 37 user The criteria to match the context's user. 38 user_regex If true, regular expression matching 39 will be used on the user. 40 role The criteria to match the context's role. 41 role_regex If true, regular expression matching 42 will be used on the role. 43 type_ The criteria to match the context's type. 44 type_regex If true, regular expression matching 45 will be used on the type. 46 range_ The criteria to match the context's range. 47 range_subset If true, the criteria will match if it is a subset 48 of the context's range. 49 range_overlap If true, the criteria will match if it overlaps 50 any of the context's range. 51 range_superset If true, the criteria will match if it is a superset 52 of the context's range. 53 range_proper If true, use proper superset/subset operations. 54 No effect if not using set operations. 55 """ 56 57 def results(self): 58 """Generator which yields all matching initial SIDs.""" 59 self.log.info("Generating results from {0.policy}".format(self)) 60 self.log.debug("Name: {0.name!r}, regex: {0.name_regex}".format(self)) 61 self.log.debug("User: {0.user!r}, regex: {0.user_regex}".format(self)) 62 self.log.debug("Role: {0.role!r}, regex: {0.role_regex}".format(self)) 63 self.log.debug("Type: {0.type_!r}, regex: {0.type_regex}".format(self)) 64 self.log.debug("Range: {0.range_!r}, subset: {0.range_subset}, overlap: {0.range_overlap}, " 65 "superset: {0.range_superset}, proper: {0.range_proper}".format(self)) 66 67 for i in self.policy.initialsids(): 68 if not self._match_name(i): 69 continue 70 71 if not self._match_context(i.context): 72 continue 73 74 yield i 75