1# Copyright 2014-2015, Tresys Technology, LLC
2#
3# This file is part of SETools.
4#
5# SETools is free software: you can redistribute it and/or modify
6# it under the terms of the GNU Lesser General Public License as
7# published by the Free Software Foundation, either version 2.1 of
8# the License, or (at your option) any later version.
9#
10# SETools is distributed in the hope that it will be useful,
11# but WITHOUT ANY WARRANTY; without even the implied warranty of
12# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13# GNU Lesser General Public License for more details.
14#
15# You should have received a copy of the GNU Lesser General Public
16# License along with SETools.  If not, see
17# <http://www.gnu.org/licenses/>.
18#
19import logging
20
21from .mixins import MatchContext, MatchName
22from .query import PolicyQuery
23
24
25class InitialSIDQuery(MatchName, MatchContext, PolicyQuery):
26
27    """
28    Initial SID (Initial context) query.
29
30    Parameter:
31    policy            The policy to query.
32
33    Keyword Parameters/Class attributes:
34    name            The Initial SID name to match.
35    name_regex      If true, regular expression matching
36                    will be used on the Initial SID name.
37    user            The criteria to match the context's user.
38    user_regex      If true, regular expression matching
39                    will be used on the user.
40    role            The criteria to match the context's role.
41    role_regex      If true, regular expression matching
42                    will be used on the role.
43    type_           The criteria to match the context's type.
44    type_regex      If true, regular expression matching
45                    will be used on the type.
46    range_          The criteria to match the context's range.
47    range_subset    If true, the criteria will match if it is a subset
48                    of the context's range.
49    range_overlap   If true, the criteria will match if it overlaps
50                    any of the context's range.
51    range_superset  If true, the criteria will match if it is a superset
52                    of the context's range.
53    range_proper    If true, use proper superset/subset operations.
54                    No effect if not using set operations.
55    """
56
57    def __init__(self, policy, **kwargs):
58        super(InitialSIDQuery, self).__init__(policy, **kwargs)
59        self.log = logging.getLogger(__name__)
60
61    def results(self):
62        """Generator which yields all matching initial SIDs."""
63        self.log.info("Generating initial SID results from {0.policy}".format(self))
64        self._match_name_debug(self.log)
65        self._match_context_debug(self.log)
66
67        for i in self.policy.initialsids():
68            if not self._match_name(i):
69                continue
70
71            if not self._match_context(i.context):
72                continue
73
74            yield i
75