Home | History | Annotate | Download | only in setools 
      1 # Copyright 2014-2015, Tresys Technology, LLC
      2 #
      3 # This file is part of SETools.
      4 #
      5 # SETools is free software: you can redistribute it and/or modify
      6 # it under the terms of the GNU Lesser General Public License as
      7 # published by the Free Software Foundation, either version 2.1 of
      8 # the License, or (at your option) any later version.
      9 #
     10 # SETools is distributed in the hope that it will be useful,
     11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
     12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     13 # GNU Lesser General Public License for more details.
     14 #
     15 # You should have received a copy of the GNU Lesser General Public
     16 # License along with SETools.  If not, see
     17 # <http://www.gnu.org/licenses/>.
     18 #
     19 import logging
     20 
     21 from .mixins import MatchContext, MatchName
     22 from .query import PolicyQuery
     23 
     24 
     25 class InitialSIDQuery(MatchName, MatchContext, PolicyQuery):
     26 
     27     """
     28     Initial SID (Initial context) query.
     29 
     30     Parameter:
     31     policy            The policy to query.
     32 
     33     Keyword Parameters/Class attributes:
     34     name            The Initial SID name to match.
     35     name_regex      If true, regular expression matching
     36                     will be used on the Initial SID name.
     37     user            The criteria to match the context's user.
     38     user_regex      If true, regular expression matching
     39                     will be used on the user.
     40     role            The criteria to match the context's role.
     41     role_regex      If true, regular expression matching
     42                     will be used on the role.
     43     type_           The criteria to match the context's type.
     44     type_regex      If true, regular expression matching
     45                     will be used on the type.
     46     range_          The criteria to match the context's range.
     47     range_subset    If true, the criteria will match if it is a subset
     48                     of the context's range.
     49     range_overlap   If true, the criteria will match if it overlaps
     50                     any of the context's range.
     51     range_superset  If true, the criteria will match if it is a superset
     52                     of the context's range.
     53     range_proper    If true, use proper superset/subset operations.
     54                     No effect if not using set operations.
     55     """
     56 
     57     def __init__(self, policy, **kwargs):
     58         super(InitialSIDQuery, self).__init__(policy, **kwargs)
     59         self.log = logging.getLogger(__name__)
     60 
     61     def results(self):
     62         """Generator which yields all matching initial SIDs."""
     63         self.log.info("Generating initial SID results from {0.policy}".format(self))
     64         self._match_name_debug(self.log)
     65         self._match_context_debug(self.log)
     66 
     67         for i in self.policy.initialsids():
     68             if not self._match_name(i):
     69                 continue
     70 
     71             if not self._match_context(i.context):
     72                 continue
     73 
     74             yield i
     75