1# Copyright 2014-2015, Tresys Technology, LLC
2#
3# This file is part of SETools.
4#
5# SETools is free software: you can redistribute it and/or modify
6# it under the terms of the GNU Lesser General Public License as
7# published by the Free Software Foundation, either version 2.1 of
8# the License, or (at your option) any later version.
9#
10# SETools is distributed in the hope that it will be useful,
11# but WITHOUT ANY WARRANTY; without even the implied warranty of
12# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13# GNU Lesser General Public License for more details.
14#
15# You should have received a copy of the GNU Lesser General Public
16# License along with SETools.  If not, see
17# <http://www.gnu.org/licenses/>.
18#
19import logging
20import re
21
22from .descriptors import CriteriaDescriptor, CriteriaSetDescriptor
23from .mixins import MatchName
24from .policyrep.exception import NoCommon
25from .query import PolicyQuery
26from .util import match_regex, match_regex_or_set
27
28
29class ObjClassQuery(MatchName, PolicyQuery):
30
31    """
32    Query object classes.
33
34    Parameter:
35    policy          The policy to query.
36
37    Keyword Parameters/Class attributes:
38    name            The name of the object set to match.
39    name_regex      If true, regular expression matching will
40                    be used for matching the name.
41    common          The name of the inherited common to match.
42    common_regex    If true, regular expression matching will
43                    be used for matching the common name.
44    perms           The permissions to match.
45    perms_equal     If true, only commons with permission sets
46                    that are equal to the criteria will
47                    match.  Otherwise, any intersection
48                    will match.
49    perms_regex     If true, regular expression matching
50                    will be used on the permission names instead
51                    of set logic.
52                    comparison will not be used.
53    perms_indirect  If false, permissions inherited from a common
54                    permission set not will be evaluated.  Default
55                    is true.
56    """
57
58    common = CriteriaDescriptor("common_regex", "lookup_common")
59    common_regex = False
60    perms = CriteriaSetDescriptor("perms_regex")
61    perms_equal = False
62    perms_indirect = True
63    perms_regex = False
64
65    def __init__(self, policy, **kwargs):
66        super(ObjClassQuery, self).__init__(policy, **kwargs)
67        self.log = logging.getLogger(__name__)
68
69    def results(self):
70        """Generator which yields all matching object classes."""
71        self.log.info("Generating object class results from {0.policy}".format(self))
72        self._match_name_debug(self.log)
73        self.log.debug("Common: {0.common!r}, regex: {0.common_regex}".format(self))
74        self.log.debug("Perms: {0.perms}, regex: {0.perms_regex}, "
75                       "eq: {0.perms_equal}, indirect: {0.perms_indirect}".format(self))
76
77        for class_ in self.policy.classes():
78            if not self._match_name(class_):
79                continue
80
81            if self.common:
82                try:
83                    if not match_regex(
84                            class_.common,
85                            self.common,
86                            self.common_regex):
87                        continue
88                except NoCommon:
89                    continue
90
91            if self.perms:
92                perms = class_.perms
93
94                if self.perms_indirect:
95                    try:
96                        perms |= class_.common.perms
97                    except NoCommon:
98                        pass
99
100                if not match_regex_or_set(
101                        perms,
102                        self.perms,
103                        self.perms_equal,
104                        self.perms_regex):
105                    continue
106
107            yield class_
108