1# Copyright 2014-2015, Tresys Technology, LLC
2#
3# This file is part of SETools.
4#
5# SETools is free software: you can redistribute it and/or modify
6# it under the terms of the GNU Lesser General Public License as
7# published by the Free Software Foundation, either version 2.1 of
8# the License, or (at your option) any later version.
9#
10# SETools is distributed in the hope that it will be useful,
11# but WITHOUT ANY WARRANTY; without even the implied warranty of
12# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13# GNU Lesser General Public License for more details.
14#
15# You should have received a copy of the GNU Lesser General Public
16# License along with SETools.  If not, see
17# <http://www.gnu.org/licenses/>.
18#
19import logging
20
21from . import compquery
22from . import contextquery
23
24
25class InitialSIDQuery(compquery.ComponentQuery, contextquery.ContextQuery):
26
27    """
28    Initial SID (Initial context) query.
29
30    Parameter:
31    policy            The policy to query.
32
33    Keyword Parameters/Class attributes:
34    name            The Initial SID name to match.
35    name_regex      If true, regular expression matching
36                    will be used on the Initial SID name.
37    user            The criteria to match the context's user.
38    user_regex      If true, regular expression matching
39                    will be used on the user.
40    role            The criteria to match the context's role.
41    role_regex      If true, regular expression matching
42                    will be used on the role.
43    type_           The criteria to match the context's type.
44    type_regex      If true, regular expression matching
45                    will be used on the type.
46    range_          The criteria to match the context's range.
47    range_subset    If true, the criteria will match if it is a subset
48                    of the context's range.
49    range_overlap   If true, the criteria will match if it overlaps
50                    any of the context's range.
51    range_superset  If true, the criteria will match if it is a superset
52                    of the context's range.
53    range_proper    If true, use proper superset/subset operations.
54                    No effect if not using set operations.
55    """
56
57    def results(self):
58        """Generator which yields all matching initial SIDs."""
59        self.log.info("Generating results from {0.policy}".format(self))
60        self.log.debug("Name: {0.name!r}, regex: {0.name_regex}".format(self))
61        self.log.debug("User: {0.user!r}, regex: {0.user_regex}".format(self))
62        self.log.debug("Role: {0.role!r}, regex: {0.role_regex}".format(self))
63        self.log.debug("Type: {0.type_!r}, regex: {0.type_regex}".format(self))
64        self.log.debug("Range: {0.range_!r}, subset: {0.range_subset}, overlap: {0.range_overlap}, "
65                       "superset: {0.range_superset}, proper: {0.range_proper}".format(self))
66
67        for i in self.policy.initialsids():
68            if not self._match_name(i):
69                continue
70
71            if not self._match_context(i.context):
72                continue
73
74            yield i
75