1 # Copyright 2014-2015, Tresys Technology, LLC 2 # 3 # This file is part of SETools. 4 # 5 # SETools is free software: you can redistribute it and/or modify 6 # it under the terms of the GNU Lesser General Public License as 7 # published by the Free Software Foundation, either version 2.1 of 8 # the License, or (at your option) any later version. 9 # 10 # SETools is distributed in the hope that it will be useful, 11 # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 # GNU Lesser General Public License for more details. 14 # 15 # You should have received a copy of the GNU Lesser General Public 16 # License along with SETools. If not, see 17 # <http://www.gnu.org/licenses/>. 18 # 19 import logging 20 import re 21 22 from .descriptors import CriteriaDescriptor, CriteriaSetDescriptor 23 from .mixins import MatchName 24 from .policyrep.exception import NoCommon 25 from .query import PolicyQuery 26 from .util import match_regex, match_regex_or_set 27 28 29 class ObjClassQuery(MatchName, PolicyQuery): 30 31 """ 32 Query object classes. 33 34 Parameter: 35 policy The policy to query. 36 37 Keyword Parameters/Class attributes: 38 name The name of the object set to match. 39 name_regex If true, regular expression matching will 40 be used for matching the name. 41 common The name of the inherited common to match. 42 common_regex If true, regular expression matching will 43 be used for matching the common name. 44 perms The permissions to match. 45 perms_equal If true, only commons with permission sets 46 that are equal to the criteria will 47 match. Otherwise, any intersection 48 will match. 49 perms_regex If true, regular expression matching 50 will be used on the permission names instead 51 of set logic. 52 comparison will not be used. 53 perms_indirect If false, permissions inherited from a common 54 permission set not will be evaluated. Default 55 is true. 56 """ 57 58 common = CriteriaDescriptor("common_regex", "lookup_common") 59 common_regex = False 60 perms = CriteriaSetDescriptor("perms_regex") 61 perms_equal = False 62 perms_indirect = True 63 perms_regex = False 64 65 def __init__(self, policy, **kwargs): 66 super(ObjClassQuery, self).__init__(policy, **kwargs) 67 self.log = logging.getLogger(__name__) 68 69 def results(self): 70 """Generator which yields all matching object classes.""" 71 self.log.info("Generating object class results from {0.policy}".format(self)) 72 self._match_name_debug(self.log) 73 self.log.debug("Common: {0.common!r}, regex: {0.common_regex}".format(self)) 74 self.log.debug("Perms: {0.perms}, regex: {0.perms_regex}, " 75 "eq: {0.perms_equal}, indirect: {0.perms_indirect}".format(self)) 76 77 for class_ in self.policy.classes(): 78 if not self._match_name(class_): 79 continue 80 81 if self.common: 82 try: 83 if not match_regex( 84 class_.common, 85 self.common, 86 self.common_regex): 87 continue 88 except NoCommon: 89 continue 90 91 if self.perms: 92 perms = class_.perms 93 94 if self.perms_indirect: 95 try: 96 perms |= class_.common.perms 97 except NoCommon: 98 pass 99 100 if not match_regex_or_set( 101 perms, 102 self.perms, 103 self.perms_equal, 104 self.perms_regex): 105 continue 106 107 yield class_ 108