2 posix1e - a python module exposing the posix acl functions
4 Copyright (C) 2002-2009, 2012, 2014, 2015 Iustin Pop <iustin@k1024.org>
6 This library is free software; you can redistribute it and/or
7 modify it under the terms of the GNU Lesser General Public
8 License as published by the Free Software Foundation; either
9 version 2.1 of the License, or (at your option) any later version.
11 This library is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public
17 License along with this library; if not, write to the Free Software
18 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
23 #define PY_SSIZE_T_CLEAN
26 #include <sys/types.h>
30 #include <acl/libacl.h>
31 #define get_perm acl_get_perm
33 #define get_perm acl_get_perm_np
36 /* Used for cpychecker: */
37 /* The checker automatically defines this preprocessor name when creating
38 the custom attribute: */
39 #if defined(WITH_CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF_ATTRIBUTE)
40 #define CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF(typename) \
41 __attribute__((cpychecker_type_object_for_typedef(typename)))
43 /* This handles the case where we're compiling with a "vanilla"
44 compiler that doesn't supply this attribute: */
45 #define CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF(typename)
48 /* The checker automatically defines this preprocessor name when creating
49 the custom attribute: */
50 #if defined(WITH_CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION_ATTRIBUTE)
51 #define CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION \
52 __attribute__((cpychecker_negative_result_sets_exception))
54 #define CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION
57 static PyTypeObject ACL_Type
58 CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF("ACL_Object");
59 static PyObject* ACL_applyto(PyObject* obj, PyObject* args);
60 static PyObject* ACL_valid(PyObject* obj, PyObject* args);
62 #ifdef HAVE_ACL_COPY_EXT
63 static PyObject* ACL_get_state(PyObject *obj, PyObject* args);
64 static PyObject* ACL_set_state(PyObject *obj, PyObject* args);
68 static PyTypeObject Entry_Type
69 CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF("Entry_Object");
70 static PyTypeObject Permset_Type
71 CPYCHECKER_TYPE_OBJECT_FOR_TYPEDEF("Permset_Object");
72 static PyObject* Permset_new(PyTypeObject* type, PyObject* args,
76 static acl_perm_t holder_ACL_EXECUTE = ACL_EXECUTE;
77 static acl_perm_t holder_ACL_READ = ACL_READ;
78 static acl_perm_t holder_ACL_WRITE = ACL_WRITE;
92 PyObject *parent_acl; /* The parent acl, so it won't run out on us */
98 PyObject *parent_entry; /* The parent entry, so it won't run out on us */
99 acl_permset_t permset;
104 /* Creation of a new ACL instance */
105 static PyObject* ACL_new(PyTypeObject* type, PyObject* args,
110 newacl = type->tp_alloc(type, 0);
115 acl = (ACL_Object*) newacl;
117 acl->acl = acl_init(0);
118 if (acl->acl == NULL) {
119 PyErr_SetFromErrno(PyExc_IOError);
124 acl->entry_id = ACL_FIRST_ENTRY;
130 /* Initialization of a new ACL instance */
131 static int ACL_init(PyObject* obj, PyObject* args, PyObject *keywds) {
132 ACL_Object* self = (ACL_Object*) obj;
133 static char *kwlist[] = { "file", "fd", "text", "acl", "filedef",
137 #ifdef HAVE_ACL_COPY_EXT
141 char *format = "|O&OsO!O&"
145 #ifdef HAVE_ACL_COPY_EXT
153 PyObject *file = NULL;
154 PyObject *filedef = NULL;
157 ACL_Object* thesrc = NULL;
158 #ifdef HAVE_ACL_COPY_EXT
159 const void *buf = NULL;
164 if(!PyTuple_Check(args) || PyTuple_Size(args) != 0 ||
165 (keywds != NULL && PyDict_Check(keywds) && PyDict_Size(keywds) > 1)) {
166 PyErr_SetString(PyExc_ValueError, "a max of one keyword argument"
170 if(!PyArg_ParseTupleAndKeywords(args, keywds, format, kwlist,
171 PyUnicode_FSConverter, &file,
172 &fd, &text, &ACL_Type, &thesrc,
173 PyUnicode_FSConverter, &filedef
177 #ifdef HAVE_ACL_COPY_EXT
184 char *path = PyBytes_AS_STRING(file);
185 new = acl_get_file(path, ACL_TYPE_ACCESS);
186 // Set custom exception on this failure path which includes
189 PyErr_SetFromErrnoWithFilename(PyExc_IOError, path);
193 } else if(text != NULL)
194 new = acl_from_text(text);
195 else if(fd != NULL) {
197 if ((fdval = PyObject_AsFileDescriptor(fd)) != -1) {
198 new = acl_get_fd(fdval);
200 } else if(thesrc != NULL)
201 new = acl_dup(thesrc->acl);
202 else if(filedef != NULL) {
203 char *path = PyBytes_AS_STRING(filedef);
204 new = acl_get_file(path, ACL_TYPE_DEFAULT);
205 // Set custom exception on this failure path which includes
208 PyErr_SetFromErrnoWithFilename(PyExc_IOError, path);
215 new = acl_from_mode(mode);
217 #ifdef HAVE_ACL_COPY_EXT
218 else if(buf != NULL) {
219 new = acl_copy_int(buf);
227 PyErr_SetFromErrno(PyExc_IOError);
232 /* Free the old acl_t without checking for error, we don't
234 if(self->acl != NULL)
242 /* Standard type functions */
243 static void ACL_dealloc(PyObject* obj) {
244 ACL_Object *self = (ACL_Object*) obj;
245 PyObject *err_type, *err_value, *err_traceback;
246 int have_error = PyErr_Occurred() ? 1 : 0;
249 PyErr_Fetch(&err_type, &err_value, &err_traceback);
250 if(self->acl != NULL && acl_free(self->acl) != 0)
251 PyErr_WriteUnraisable(obj);
253 PyErr_Restore(err_type, err_value, err_traceback);
257 /* Converts the acl to a text format */
258 static PyObject* ACL_str(PyObject *obj) {
260 ACL_Object *self = (ACL_Object*) obj;
263 text = acl_to_text(self->acl, NULL);
265 return PyErr_SetFromErrno(PyExc_IOError);
267 ret = PyUnicode_FromString(text);
268 if(acl_free(text) != 0) {
270 return PyErr_SetFromErrno(PyExc_IOError);
276 static char __to_any_text_doc__[] =
277 "to_any_text([prefix='', separator='n', options=0])\n"
278 "Convert the ACL to a custom text format.\n"
280 "This method encapsulates the ``acl_to_any_text()`` function.\n"
281 "It allows a customized text format to be generated for the ACL. See\n"
282 ":manpage:`acl_to_any_text(3)` for more details.\n"
284 ":param string prefix: if given, this string will be pre-pended to\n"
286 ":param string separator: a single character (defaults to '\\n'); this will"
287 " be used to separate the entries in the ACL\n"
288 ":param options: a bitwise combination of:\n\n"
289 " - :py:data:`TEXT_ABBREVIATE`: use 'u' instead of 'user', 'g' \n"
290 " instead of 'group', etc.\n"
291 " - :py:data:`TEXT_NUMERIC_IDS`: User and group IDs are included as\n"
292 " decimal numbers instead of names\n"
293 " - :py:data:`TEXT_SOME_EFFECTIVE`: Include comments denoting the\n"
294 " effective permissions when some are masked\n"
295 " - :py:data:`TEXT_ALL_EFFECTIVE`: Include comments after all ACL\n"
296 " entries affected by an ACL_MASK entry\n"
297 " - :py:data:`TEXT_SMART_INDENT`: Used in combination with the\n"
298 " _EFFECTIVE options, this will ensure that comments are aligned\n"
299 " to the fourth tab position (assuming one tab equals eight spaces)\n"
303 /* Converts the acl to a custom text format */
304 static PyObject* ACL_to_any_text(PyObject *obj, PyObject *args,
307 ACL_Object *self = (ACL_Object*) obj;
309 const char *arg_prefix = NULL;
310 char arg_separator = '\n';
312 static char *kwlist[] = {"prefix", "separator", "options", NULL};
314 if (!PyArg_ParseTupleAndKeywords(args, kwds, "|sci", kwlist, &arg_prefix,
315 &arg_separator, &arg_options))
318 text = acl_to_any_text(self->acl, arg_prefix, arg_separator, arg_options);
320 return PyErr_SetFromErrno(PyExc_IOError);
322 ret = PyBytes_FromString(text);
323 if(acl_free(text) != 0) {
325 return PyErr_SetFromErrno(PyExc_IOError);
330 static char __check_doc__[] =
331 "Check the ACL validity.\n"
333 "This is a non-portable, Linux specific extension that allow more\n"
334 "information to be retrieved in case an ACL is not valid than via the\n"
335 ":py:func:`valid` method.\n"
337 "This method will return either False (the ACL is valid), or a tuple\n"
338 "with two elements. The first element is one of the following\n"
340 " - :py:data:`ACL_MULTI_ERROR`: The ACL contains multiple entries that\n"
341 " have a tag type that may occur at most once\n"
342 " - :py:data:`ACL_DUPLICATE_ERROR`: The ACL contains multiple \n"
343 " :py:data:`ACL_USER` or :py:data:`ACL_GROUP` entries with the\n"
345 " - :py:data:`ACL_MISS_ERROR`: A required entry is missing\n"
346 " - :py:data:`ACL_ENTRY_ERROR`: The ACL contains an invalid entry\n"
349 "The second element of the tuple is the index of the entry that is\n"
350 "invalid (in the same order as by iterating over the ACL entry)\n"
353 /* The acl_check method */
354 static PyObject* ACL_check(PyObject* obj, PyObject* args) {
355 ACL_Object *self = (ACL_Object*) obj;
359 if((result = acl_check(self->acl, &eindex)) == -1)
360 return PyErr_SetFromErrno(PyExc_IOError);
364 return Py_BuildValue("(ii)", result, eindex);
367 /* Implementation of the rich compare for ACLs */
368 static PyObject* ACL_richcompare(PyObject* o1, PyObject* o2, int op) {
369 ACL_Object *acl1, *acl2;
373 if(!PyObject_IsInstance(o2, (PyObject*)&ACL_Type)) {
378 PyErr_SetString(PyExc_TypeError, "can only compare to an ACL");
382 acl1 = (ACL_Object*)o1;
383 acl2 = (ACL_Object*)o2;
384 if((n=acl_cmp(acl1->acl, acl2->acl))==-1)
385 return PyErr_SetFromErrno(PyExc_IOError);
388 ret = n == 0 ? Py_True : Py_False;
391 ret = n == 1 ? Py_True : Py_False;
394 PyErr_SetString(PyExc_TypeError, "ACLs are not orderable");
401 static char __equiv_mode_doc__[] =
402 "Return the octal mode the ACL is equivalent to.\n"
404 "This is a non-portable, Linux specific extension that checks\n"
405 "if the ACL is a basic ACL and returns the corresponding mode.\n"
408 ":raise IOError: An IOerror exception will be raised if the ACL is\n"
409 " an extended ACL.\n"
412 /* The acl_equiv_mode method */
413 static PyObject* ACL_equiv_mode(PyObject* obj, PyObject* args) {
414 ACL_Object *self = (ACL_Object*) obj;
417 if(acl_equiv_mode(self->acl, &mode) == -1)
418 return PyErr_SetFromErrno(PyExc_IOError);
419 return PyLong_FromLong(mode);
424 static char __applyto_doc__[] =
425 "applyto(item[, flag=ACL_TYPE_ACCESS])\n"
426 "Apply the ACL to a file or filehandle.\n"
428 ":param item: either a filename or a file-like object or an integer;\n"
429 " this represents the filesystem object on which to act\n"
430 ":param flag: optional flag representing the type of ACL to set, either\n"
431 " :py:data:`ACL_TYPE_ACCESS` (default) or :py:data:`ACL_TYPE_DEFAULT`\n"
434 /* Applies the ACL to a file */
435 static PyObject* ACL_applyto(PyObject* obj, PyObject* args) {
436 ACL_Object *self = (ACL_Object*) obj;
437 PyObject *target, *tmp;
438 acl_type_t type = ACL_TYPE_ACCESS;
442 if (!PyArg_ParseTuple(args, "O|I", &target, &type))
444 if ((fd = PyObject_AsFileDescriptor(target)) != -1) {
445 if((nret = acl_set_fd(fd, self->acl)) == -1) {
446 PyErr_SetFromErrno(PyExc_IOError);
449 // PyObject_AsFileDescriptor sets an error when failing, so clear
450 // it such that further code works; some method lookups fail if an
451 // error already occured when called, which breaks at least
452 // PyOS_FSPath (called by FSConverter).
454 if(PyUnicode_FSConverter(target, &tmp)) {
455 char *filename = PyBytes_AS_STRING(tmp);
456 if ((nret = acl_set_file(filename, type, self->acl)) == -1) {
457 PyErr_SetFromErrnoWithFilename(PyExc_IOError, filename);
471 static char __valid_doc__[] =
472 "Test the ACL for validity.\n"
474 "This method tests the ACL to see if it is a valid ACL\n"
475 "in terms of the file-system. More precisely, it checks that:\n"
477 "The ACL contains exactly one entry with each of the\n"
478 ":py:data:`ACL_USER_OBJ`, :py:data:`ACL_GROUP_OBJ`, and \n"
479 ":py:data:`ACL_OTHER` tag types. Entries\n"
480 "with :py:data:`ACL_USER` and :py:data:`ACL_GROUP` tag types may\n"
481 "appear zero or more\n"
482 "times in an ACL. An ACL that contains entries of :py:data:`ACL_USER` or\n"
483 ":py:data:`ACL_GROUP` tag types must contain exactly one entry of the \n"
484 ":py:data:`ACL_MASK` tag type. If an ACL contains no entries of\n"
485 ":py:data:`ACL_USER` or :py:data:`ACL_GROUP` tag types, the\n"
486 ":py:data:`ACL_MASK` entry is optional.\n"
488 "All user ID qualifiers must be unique among all entries of\n"
489 "the :py:data:`ACL_USER` tag type, and all group IDs must be unique\n"
490 "among all entries of :py:data:`ACL_GROUP` tag type.\n"
492 "The method will return 1 for a valid ACL and 0 for an invalid one.\n"
493 "This has been chosen because the specification for\n"
494 ":manpage:`acl_valid(3)`\n"
495 "in the POSIX.1e standard documents only one possible value for errno\n"
496 "in case of an invalid ACL, so we can't differentiate between\n"
497 "classes of errors. Other suggestions are welcome.\n"
503 /* Checks the ACL for validity */
504 static PyObject* ACL_valid(PyObject* obj, PyObject* args) {
505 ACL_Object *self = (ACL_Object*) obj;
507 if(acl_valid(self->acl) == -1) {
514 #ifdef HAVE_ACL_COPY_EXT
515 static PyObject* ACL_get_state(PyObject *obj, PyObject* args) {
516 ACL_Object *self = (ACL_Object*) obj;
521 size = acl_size(self->acl);
523 return PyErr_SetFromErrno(PyExc_IOError);
525 if((ret = PyBytes_FromStringAndSize(NULL, size)) == NULL)
527 buf = PyBytes_AsString(ret);
529 if((nsize = acl_copy_ext(buf, self->acl, size)) == -1) {
531 return PyErr_SetFromErrno(PyExc_IOError);
537 static PyObject* ACL_set_state(PyObject *obj, PyObject* args) {
538 ACL_Object *self = (ACL_Object*) obj;
543 /* Parse the argument */
544 if (!PyArg_ParseTuple(args, "y#", &buf, &bufsize))
547 /* Try to import the external representation */
548 if((ptr = acl_copy_int(buf)) == NULL)
549 return PyErr_SetFromErrno(PyExc_IOError);
551 /* Free the old acl. Should we ignore errors here? */
552 if(self->acl != NULL) {
553 if(acl_free(self->acl) == -1)
554 return PyErr_SetFromErrno(PyExc_IOError);
565 /* tp_iter for the ACL type; since it can be iterated only
566 * destructively, the type is its iterator
568 static PyObject* ACL_iter(PyObject *obj) {
569 ACL_Object *self = (ACL_Object*)obj;
570 self->entry_id = ACL_FIRST_ENTRY;
575 /* the tp_iternext function for the ACL type */
576 static PyObject* ACL_iternext(PyObject *obj) {
577 ACL_Object *self = (ACL_Object*)obj;
578 acl_entry_t the_entry_t;
579 Entry_Object *the_entry_obj;
582 nerr = acl_get_entry(self->acl, self->entry_id, &the_entry_t);
583 self->entry_id = ACL_NEXT_ENTRY;
585 return PyErr_SetFromErrno(PyExc_IOError);
587 /* Docs says this is not needed */
588 /*PyErr_SetObject(PyExc_StopIteration, Py_None);*/
592 the_entry_obj = (Entry_Object*) PyType_GenericNew(&Entry_Type, NULL, NULL);
593 if(the_entry_obj == NULL)
596 the_entry_obj->entry = the_entry_t;
598 the_entry_obj->parent_acl = obj;
599 Py_INCREF(obj); /* For the reference we have in entry->parent */
601 return (PyObject*)the_entry_obj;
604 static char __ACL_delete_entry_doc__[] =
605 "delete_entry(entry)\n"
606 "Deletes an entry from the ACL.\n"
608 ".. note:: Only available with level 2.\n"
610 ":param entry: the Entry object which should be deleted; note that after\n"
611 " this function is called, that object is unusable any longer\n"
612 " and should be deleted\n"
615 /* Deletes an entry from the ACL */
616 static PyObject* ACL_delete_entry(PyObject *obj, PyObject *args) {
617 ACL_Object *self = (ACL_Object*)obj;
620 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &e))
623 if (e->parent_acl != obj) {
624 PyErr_SetString(PyExc_ValueError,
625 "Can't remove un-owned entry");
628 if(acl_delete_entry(self->acl, e->entry) == -1)
629 return PyErr_SetFromErrno(PyExc_IOError);
634 static char __ACL_calc_mask_doc__[] =
635 "Compute the file group class mask.\n"
637 "The calc_mask() method calculates and sets the permissions \n"
638 "associated with the :py:data:`ACL_MASK` Entry of the ACL.\n"
639 "The value of the new permissions is the union of the permissions \n"
640 "granted by all entries of tag type :py:data:`ACL_GROUP`, \n"
641 ":py:data:`ACL_GROUP_OBJ`, or \n"
642 ":py:data:`ACL_USER`. If the ACL already contains an :py:data:`ACL_MASK`\n"
644 "permissions are overwritten; if it does not contain an \n"
645 ":py:data:`ACL_MASK` Entry, one is added.\n"
647 "The order of existing entries in the ACL is undefined after this \n"
651 /* Updates the mask entry in the ACL */
652 static PyObject* ACL_calc_mask(PyObject *obj, PyObject *args) {
653 ACL_Object *self = (ACL_Object*)obj;
655 if(acl_calc_mask(&self->acl) == -1)
656 return PyErr_SetFromErrno(PyExc_IOError);
661 static char __ACL_append_doc__[] =
663 "Append a new Entry to the ACL and return it.\n"
665 "This is a convenience function to create a new Entry \n"
666 "and append it to the ACL.\n"
667 "If a parameter of type Entry instance is given, the \n"
668 "entry will be a copy of that one (as if copied with \n"
669 ":py:func:`Entry.copy`), otherwise, the new entry will be empty.\n"
671 ":rtype: :py:class:`Entry`\n"
672 ":returns: the newly created entry\n"
675 /* Convenience method to create a new Entry */
676 static PyObject* ACL_append(PyObject *obj, PyObject *args) {
677 Entry_Object* newentry;
678 Entry_Object* oldentry = NULL;
681 if (!PyArg_ParseTuple(args, "|O!", &Entry_Type, &oldentry)) {
685 PyObject *new_arglist = Py_BuildValue("(O)", obj);
686 if (new_arglist == NULL) {
689 newentry = (Entry_Object*) PyObject_CallObject((PyObject*)&Entry_Type, new_arglist);
690 Py_DECREF(new_arglist);
691 if(newentry == NULL) {
695 if(oldentry != NULL) {
696 nret = acl_copy_entry(newentry->entry, oldentry->entry);
699 return PyErr_SetFromErrno(PyExc_IOError);
703 return (PyObject*)newentry;
706 /***** Entry type *****/
716 /* Pre-declaring the function is more friendly to cpychecker, sigh. */
717 static int get_tag_qualifier(acl_entry_t entry, tag_qual *tq)
718 CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION;
720 /* Helper function to get the tag and qualifier of an Entry at the
721 same time. This is "needed" because the acl_get_qualifier function
722 returns a pointer to different types, based on the tag value, and
723 thus it's not straightforward to get the right type.
725 It sets a Python exception if an error occurs, and returns -1 in
726 this case. If successful, the tag is set to the tag type, the
727 qualifier (if any) to either the uid or the gid entry in the
728 tag_qual structure, and the return value is 0.
730 static int get_tag_qualifier(acl_entry_t entry, tag_qual *tq) {
733 if(acl_get_tag_type(entry, &tq->tag) == -1) {
734 PyErr_SetFromErrno(PyExc_IOError);
737 if (tq->tag == ACL_USER || tq->tag == ACL_GROUP) {
738 if((p = acl_get_qualifier(entry)) == NULL) {
739 PyErr_SetFromErrno(PyExc_IOError);
742 if (tq->tag == ACL_USER) {
743 tq->uid = *(uid_t*)p;
745 tq->gid = *(gid_t*)p;
752 #define ENTRY_SET_CHECK(self, attr, value) \
753 if (value == NULL) { \
754 PyErr_SetString(PyExc_TypeError, \
755 attr " deletion is not supported"); \
759 /* Creation of a new Entry instance */
760 static PyObject* Entry_new(PyTypeObject* type, PyObject* args,
764 ACL_Object* parent = NULL;
766 if (!PyArg_ParseTuple(args, "O!", &ACL_Type, &parent))
769 newentry = PyType_GenericNew(type, args, keywds);
771 if(newentry == NULL) {
775 entry = (Entry_Object*)newentry;
777 if(acl_create_entry(&parent->acl, &entry->entry) == -1) {
778 PyErr_SetFromErrno(PyExc_IOError);
783 entry->parent_acl = (PyObject*)parent;
787 /* Initialization of a new Entry instance */
788 static int Entry_init(PyObject* obj, PyObject* args, PyObject *keywds) {
789 Entry_Object* self = (Entry_Object*) obj;
790 ACL_Object* parent = NULL;
792 if (!PyArg_ParseTuple(args, "O!", &ACL_Type, &parent))
795 if ((PyObject*)parent != self->parent_acl) {
796 PyErr_SetString(PyExc_ValueError,
797 "Can't reinitialize with a different parent");
803 /* Free the Entry instance */
804 static void Entry_dealloc(PyObject* obj) {
805 Entry_Object *self = (Entry_Object*) obj;
806 PyObject *err_type, *err_value, *err_traceback;
807 int have_error = PyErr_Occurred() ? 1 : 0;
810 PyErr_Fetch(&err_type, &err_value, &err_traceback);
811 if(self->parent_acl != NULL) {
812 Py_DECREF(self->parent_acl);
813 self->parent_acl = NULL;
816 PyErr_Restore(err_type, err_value, err_traceback);
820 /* Converts the entry to a text format */
821 static PyObject* Entry_str(PyObject *obj) {
822 PyObject *format, *kind;
823 Entry_Object *self = (Entry_Object*) obj;
826 if(get_tag_qualifier(self->entry, &tq) < 0) {
830 format = PyUnicode_FromString("ACL entry for ");
834 case ACL_UNDEFINED_TAG:
835 kind = PyUnicode_FromString("undefined type");
838 kind = PyUnicode_FromString("the owner");
841 kind = PyUnicode_FromString("the group");
844 kind = PyUnicode_FromString("the others");
847 /* FIXME: here and in the group case, we're formatting with
848 unsigned, because there's no way to automatically determine
849 the signed-ness of the types; on Linux(glibc) they're
850 unsigned, so we'll go along with that */
851 kind = PyUnicode_FromFormat("user with uid %u", tq.uid);
854 kind = PyUnicode_FromFormat("group with gid %u", tq.gid);
857 kind = PyUnicode_FromString("the mask");
860 kind = PyUnicode_FromString("UNKNOWN_TAG_TYPE!");
867 PyObject *ret = PyUnicode_Concat(format, kind);
873 /* Sets the tag type of the entry */
874 static int Entry_set_tag_type(PyObject* obj, PyObject* value, void* arg) {
875 Entry_Object *self = (Entry_Object*) obj;
877 ENTRY_SET_CHECK(self, "tag type", value);
879 if(!PyLong_Check(value)) {
880 PyErr_SetString(PyExc_TypeError,
881 "tag type must be integer");
884 if(acl_set_tag_type(self->entry, (acl_tag_t)PyLong_AsLong(value)) == -1) {
885 PyErr_SetFromErrno(PyExc_IOError);
892 /* Returns the tag type of the entry */
893 static PyObject* Entry_get_tag_type(PyObject *obj, void* arg) {
894 Entry_Object *self = (Entry_Object*) obj;
897 if(acl_get_tag_type(self->entry, &value) == -1) {
898 PyErr_SetFromErrno(PyExc_IOError);
902 return PyLong_FromLong(value);
905 /* Sets the qualifier (either uid_t or gid_t) for the entry,
906 * usable only if the tag type if ACL_USER or ACL_GROUP
908 static int Entry_set_qualifier(PyObject* obj, PyObject* value, void* arg) {
909 Entry_Object *self = (Entry_Object*) obj;
910 unsigned long uidgid;
916 ENTRY_SET_CHECK(self, "qualifier", value);
918 if(!PyLong_Check(value)) {
919 PyErr_SetString(PyExc_TypeError,
920 "qualifier must be integer");
923 /* This is the negative value check, and larger than long
924 check. If uid_t/gid_t are long-sized, this is enough to check
925 for both over and underflow. */
926 if((uidgid = PyLong_AsUnsignedLong(value)) == (unsigned long) -1) {
927 if(PyErr_Occurred() != NULL) {
931 /* Due to how acl_set_qualifier takes its argument, we have to do
932 this ugly dance with two variables and a pointer that will
933 point to one of them. */
934 if(acl_get_tag_type(self->entry, &tag) == -1) {
935 PyErr_SetFromErrno(PyExc_IOError);
940 /* This is an extra overflow check, in case uid_t/gid_t are
941 int-sized (and int size smaller than long size). */
944 if((unsigned long)uid != uidgid) {
945 PyErr_SetString(PyExc_OverflowError, "Can't assign given qualifier");
952 if((unsigned long)gid != uidgid) {
953 PyErr_SetString(PyExc_OverflowError, "Can't assign given qualifier");
960 PyErr_SetString(PyExc_TypeError,
961 "Can only set qualifiers on ACL_USER or ACL_GROUP entries");
964 if(acl_set_qualifier(self->entry, p) == -1) {
965 PyErr_SetFromErrno(PyExc_IOError);
972 /* Returns the qualifier of the entry */
973 static PyObject* Entry_get_qualifier(PyObject *obj, void* arg) {
974 Entry_Object *self = (Entry_Object*) obj;
978 if(get_tag_qualifier(self->entry, &tq) < 0) {
981 if (tq.tag == ACL_USER) {
983 } else if (tq.tag == ACL_GROUP) {
986 PyErr_SetString(PyExc_TypeError,
987 "Given entry doesn't have an user or"
991 return PyLong_FromUnsignedLong(value);
994 /* Returns the parent ACL of the entry */
995 static PyObject* Entry_get_parent(PyObject *obj, void* arg) {
996 Entry_Object *self = (Entry_Object*) obj;
998 Py_INCREF(self->parent_acl);
999 return self->parent_acl;
1002 /* Returns the a new Permset representing the permset of the entry
1003 * FIXME: Should return a new reference to the same object, which
1004 * should be created at init time!
1006 static PyObject* Entry_get_permset(PyObject *obj, void* arg) {
1009 PyObject *perm_arglist = Py_BuildValue("(O)", obj);
1010 if (perm_arglist == NULL) {
1013 p = PyObject_CallObject((PyObject*)&Permset_Type, perm_arglist);
1014 Py_DECREF(perm_arglist);
1018 /* Sets the permset of the entry to the passed Permset */
1019 static int Entry_set_permset(PyObject* obj, PyObject* value, void* arg) {
1020 Entry_Object *self = (Entry_Object*)obj;
1023 ENTRY_SET_CHECK(self, "permset", value);
1025 if(!PyObject_IsInstance(value, (PyObject*)&Permset_Type)) {
1026 PyErr_SetString(PyExc_TypeError, "argument 1 must be posix1e.Permset");
1029 p = (Permset_Object*)value;
1030 if(acl_set_permset(self->entry, p->permset) == -1) {
1031 PyErr_SetFromErrno(PyExc_IOError);
1037 static char __Entry_copy_doc__[] =
1039 "Copies an ACL entry.\n"
1041 "This method sets all the parameters to those of another\n"
1042 "entry (either of the same ACL or belonging to another ACL).\n"
1044 ":param Entry src: instance of type Entry\n"
1047 /* Sets all the entry parameters to another entry */
1048 static PyObject* Entry_copy(PyObject *obj, PyObject *args) {
1049 Entry_Object *self = (Entry_Object*)obj;
1050 Entry_Object *other;
1052 if(!PyArg_ParseTuple(args, "O!", &Entry_Type, &other))
1055 if(acl_copy_entry(self->entry, other->entry) == -1)
1056 return PyErr_SetFromErrno(PyExc_IOError);
1061 /**** Permset type *****/
1063 /* Creation of a new Permset instance */
1064 static PyObject* Permset_new(PyTypeObject* type, PyObject* args,
1066 PyObject* newpermset;
1067 Permset_Object* permset;
1068 Entry_Object* parent = NULL;
1070 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &parent)) {
1074 newpermset = PyType_GenericNew(type, args, keywds);
1076 if(newpermset == NULL) {
1080 permset = (Permset_Object*)newpermset;
1082 if(acl_get_permset(parent->entry, &permset->permset) == -1) {
1083 PyErr_SetFromErrno(PyExc_IOError);
1084 Py_DECREF(newpermset);
1088 permset->parent_entry = (PyObject*)parent;
1094 /* Initialization of a new Permset instance */
1095 static int Permset_init(PyObject* obj, PyObject* args, PyObject *keywds) {
1096 Permset_Object* self = (Permset_Object*) obj;
1097 Entry_Object* parent = NULL;
1099 if (!PyArg_ParseTuple(args, "O!", &Entry_Type, &parent))
1102 if ((PyObject*)parent != self->parent_entry) {
1103 PyErr_SetString(PyExc_ValueError,
1104 "Can't reinitialize with a different parent");
1111 /* Free the Permset instance */
1112 static void Permset_dealloc(PyObject* obj) {
1113 Permset_Object *self = (Permset_Object*) obj;
1114 PyObject *err_type, *err_value, *err_traceback;
1115 int have_error = PyErr_Occurred() ? 1 : 0;
1118 PyErr_Fetch(&err_type, &err_value, &err_traceback);
1119 if(self->parent_entry != NULL) {
1120 Py_DECREF(self->parent_entry);
1121 self->parent_entry = NULL;
1124 PyErr_Restore(err_type, err_value, err_traceback);
1128 /* Permset string representation */
1129 static PyObject* Permset_str(PyObject *obj) {
1130 Permset_Object *self = (Permset_Object*) obj;
1133 pstr[0] = get_perm(self->permset, ACL_READ) ? 'r' : '-';
1134 pstr[1] = get_perm(self->permset, ACL_WRITE) ? 'w' : '-';
1135 pstr[2] = get_perm(self->permset, ACL_EXECUTE) ? 'x' : '-';
1136 return PyUnicode_FromStringAndSize(pstr, 3);
1139 static char __Permset_clear_doc__[] =
1140 "Clears all permissions from the permission set.\n"
1143 /* Clears all permissions from the permset */
1144 static PyObject* Permset_clear(PyObject* obj, PyObject* args) {
1145 Permset_Object *self = (Permset_Object*) obj;
1147 if(acl_clear_perms(self->permset) == -1)
1148 return PyErr_SetFromErrno(PyExc_IOError);
1153 static PyObject* Permset_get_right(PyObject *obj, void* arg) {
1154 Permset_Object *self = (Permset_Object*) obj;
1156 if(get_perm(self->permset, *(acl_perm_t*)arg)) {
1163 static int Permset_set_right(PyObject* obj, PyObject* value, void* arg) {
1164 Permset_Object *self = (Permset_Object*) obj;
1168 if(!PyLong_Check(value)) {
1169 PyErr_SetString(PyExc_ValueError, "invalid argument, an integer"
1173 on = PyLong_AsLong(value);
1175 nerr = acl_add_perm(self->permset, *(acl_perm_t*)arg);
1177 nerr = acl_delete_perm(self->permset, *(acl_perm_t*)arg);
1179 PyErr_SetFromErrno(PyExc_IOError);
1185 static char __Permset_add_doc__[] =
1187 "Add a permission to the permission set.\n"
1189 "This function adds the permission contained in \n"
1190 "the argument perm to the permission set. An attempt \n"
1191 "to add a permission that is already contained in the \n"
1192 "permission set is not considered an error.\n"
1194 ":param perm: a permission (:py:data:`ACL_WRITE`, :py:data:`ACL_READ`,\n"
1195 " :py:data:`ACL_EXECUTE`, ...)\n"
1196 ":raises IOError: in case the argument is not a valid descriptor\n"
1199 static PyObject* Permset_add(PyObject* obj, PyObject* args) {
1200 Permset_Object *self = (Permset_Object*) obj;
1203 if (!PyArg_ParseTuple(args, "i", &right))
1206 if(acl_add_perm(self->permset, (acl_perm_t) right) == -1)
1207 return PyErr_SetFromErrno(PyExc_IOError);
1212 static char __Permset_delete_doc__[] =
1214 "Delete a permission from the permission set.\n"
1216 "This function deletes the permission contained in \n"
1217 "the argument perm from the permission set. An attempt \n"
1218 "to delete a permission that is not contained in the \n"
1219 "permission set is not considered an error.\n"
1221 ":param perm: a permission (:py:data:`ACL_WRITE`, :py:data:`ACL_READ`,\n"
1222 " :py:data:`ACL_EXECUTE`, ...)\n"
1223 ":raises IOError: in case the argument is not a valid descriptor\n"
1226 static PyObject* Permset_delete(PyObject* obj, PyObject* args) {
1227 Permset_Object *self = (Permset_Object*) obj;
1230 if (!PyArg_ParseTuple(args, "i", &right))
1233 if(acl_delete_perm(self->permset, (acl_perm_t) right) == -1)
1234 return PyErr_SetFromErrno(PyExc_IOError);
1239 static char __Permset_test_doc__[] =
1241 "Test if a permission exists in the permission set.\n"
1243 "The test() function tests if the permission represented by\n"
1244 "the argument perm exists in the permission set.\n"
1246 ":param perm: a permission (:py:data:`ACL_WRITE`, :py:data:`ACL_READ`,\n"
1247 " :py:data:`ACL_EXECUTE`, ...)\n"
1249 ":raises IOError: in case the argument is not a valid descriptor\n"
1252 static PyObject* Permset_test(PyObject* obj, PyObject* args) {
1253 Permset_Object *self = (Permset_Object*) obj;
1257 if (!PyArg_ParseTuple(args, "i", &right))
1260 ret = get_perm(self->permset, (acl_perm_t) right);
1262 return PyErr_SetFromErrno(PyExc_IOError);
1273 static char __ACL_Type_doc__[] =
1274 "Type which represents a POSIX ACL\n"
1276 ".. note:: only one keyword parameter should be provided\n"
1278 ":param string/bytes/path-like file: creates an ACL representing\n"
1279 " the access ACL of the specified file or directory.\n"
1280 ":param string/bytes/path-like filedef: creates an ACL representing\n"
1281 " the default ACL of the given directory.\n"
1282 ":param int/iostream fd: creates an ACL representing\n"
1283 " the access ACL of the given file descriptor.\n"
1284 ":param string text: creates an ACL from a \n"
1285 " textual description; note the ACL must be valid, which\n"
1286 " means including a mask for extended ACLs, similar to\n"
1287 " ``setfacl --no-mask``\n"
1288 ":param ACL acl: creates a copy of an existing ACL instance.\n"
1289 ":param int mode: creates an ACL from a numeric mode\n"
1290 " (e.g. ``mode=0644``); this is valid only when the C library\n"
1291 " provides the ``acl_from_mode call``, and\n"
1292 " note that no validation is done on the given value.\n"
1293 ":param bytes data: creates an ACL from a serialised form,\n"
1294 " as provided by calling ``__getstate__()`` on an existing ACL\n"
1296 "If no parameters are passed, an empty ACL will be created; this\n"
1297 "makes sense only when your OS supports ACL modification\n"
1298 "(i.e. it implements full POSIX.1e support), otherwise the ACL won't\n"
1302 /* ACL type methods */
1303 static PyMethodDef ACL_methods[] = {
1304 {"applyto", ACL_applyto, METH_VARARGS, __applyto_doc__},
1305 {"valid", ACL_valid, METH_NOARGS, __valid_doc__},
1307 {"to_any_text", (PyCFunction)ACL_to_any_text, METH_VARARGS | METH_KEYWORDS,
1308 __to_any_text_doc__},
1309 {"check", ACL_check, METH_NOARGS, __check_doc__},
1310 {"equiv_mode", ACL_equiv_mode, METH_NOARGS, __equiv_mode_doc__},
1312 #ifdef HAVE_ACL_COPY_EXT
1313 {"__getstate__", ACL_get_state, METH_NOARGS,
1314 "Dumps the ACL to an external format."},
1315 {"__setstate__", ACL_set_state, METH_VARARGS,
1316 "Loads the ACL from an external format."},
1319 {"delete_entry", ACL_delete_entry, METH_VARARGS, __ACL_delete_entry_doc__},
1320 {"calc_mask", ACL_calc_mask, METH_NOARGS, __ACL_calc_mask_doc__},
1321 {"append", ACL_append, METH_VARARGS, __ACL_append_doc__},
1323 {NULL, NULL, 0, NULL}
1327 /* The definition of the ACL Type */
1328 static PyTypeObject ACL_Type = {
1329 PyVarObject_HEAD_INIT(NULL, 0)
1333 ACL_dealloc, /* tp_dealloc */
1337 0, /* formerly tp_compare, in 3.0 deprecated, in
1340 0, /* tp_as_number */
1341 0, /* tp_as_sequence */
1342 0, /* tp_as_mapping */
1345 ACL_str, /* tp_str */
1346 0, /* tp_getattro */
1347 0, /* tp_setattro */
1348 0, /* tp_as_buffer */
1349 Py_TPFLAGS_DEFAULT, /* tp_flags */
1350 __ACL_Type_doc__, /* tp_doc */
1351 0, /* tp_traverse */
1354 ACL_richcompare, /* tp_richcompare */
1356 0, /* tp_richcompare */
1358 0, /* tp_weaklistoffset */
1364 0, /* tp_iternext */
1366 ACL_methods, /* tp_methods */
1371 0, /* tp_descr_get */
1372 0, /* tp_descr_set */
1373 0, /* tp_dictoffset */
1374 ACL_init, /* tp_init */
1376 ACL_new, /* tp_new */
1381 /* Entry type methods */
1382 static PyMethodDef Entry_methods[] = {
1383 {"copy", Entry_copy, METH_VARARGS, __Entry_copy_doc__},
1384 {NULL, NULL, 0, NULL}
1387 static char __Entry_tagtype_doc__[] =
1388 "The tag type of the current entry\n"
1391 " - :py:data:`ACL_UNDEFINED_TAG`\n"
1392 " - :py:data:`ACL_USER_OBJ`\n"
1393 " - :py:data:`ACL_USER`\n"
1394 " - :py:data:`ACL_GROUP_OBJ`\n"
1395 " - :py:data:`ACL_GROUP`\n"
1396 " - :py:data:`ACL_MASK`\n"
1397 " - :py:data:`ACL_OTHER`\n"
1400 static char __Entry_qualifier_doc__[] =
1401 "The qualifier of the current entry\n"
1403 "If the tag type is :py:data:`ACL_USER`, this should be a user id.\n"
1404 "If the tag type if :py:data:`ACL_GROUP`, this should be a group id.\n"
1405 "Else it doesn't matter.\n"
1408 static char __Entry_parent_doc__[] =
1409 "The parent ACL of this entry\n"
1412 static char __Entry_permset_doc__[] =
1413 "The permission set of this ACL entry\n"
1417 static PyGetSetDef Entry_getsets[] = {
1418 {"tag_type", Entry_get_tag_type, Entry_set_tag_type,
1419 __Entry_tagtype_doc__},
1420 {"qualifier", Entry_get_qualifier, Entry_set_qualifier,
1421 __Entry_qualifier_doc__},
1422 {"parent", Entry_get_parent, NULL, __Entry_parent_doc__},
1423 {"permset", Entry_get_permset, Entry_set_permset, __Entry_permset_doc__},
1427 static char __Entry_Type_doc__[] =
1428 "Type which represents an entry in an ACL.\n"
1430 "The type exists only if the OS has full support for POSIX.1e\n"
1431 "Can be created either by:\n"
1433 " >>> e = posix1e.Entry(myACL) # this creates a new entry in the ACL\n"
1434 " >>> e = myACL.append() # another way for doing the same thing\n"
1438 " >>> for entry in myACL:\n"
1439 " ... print entry\n"
1441 "Note that the Entry keeps a reference to its ACL, so even if \n"
1442 "you delete the ACL, it won't be cleaned up and will continue to \n"
1443 "exist until its Entry(ies) will be deleted.\n"
1445 /* The definition of the Entry Type */
1446 static PyTypeObject Entry_Type = {
1447 PyVarObject_HEAD_INIT(NULL, 0)
1449 sizeof(Entry_Object),
1451 Entry_dealloc, /* tp_dealloc */
1457 0, /* tp_as_number */
1458 0, /* tp_as_sequence */
1459 0, /* tp_as_mapping */
1462 Entry_str, /* tp_str */
1463 0, /* tp_getattro */
1464 0, /* tp_setattro */
1465 0, /* tp_as_buffer */
1466 Py_TPFLAGS_DEFAULT, /* tp_flags */
1467 __Entry_Type_doc__, /* tp_doc */
1468 0, /* tp_traverse */
1470 0, /* tp_richcompare */
1471 0, /* tp_weaklistoffset */
1473 0, /* tp_iternext */
1474 Entry_methods, /* tp_methods */
1476 Entry_getsets, /* tp_getset */
1479 0, /* tp_descr_get */
1480 0, /* tp_descr_set */
1481 0, /* tp_dictoffset */
1482 Entry_init, /* tp_init */
1484 Entry_new, /* tp_new */
1487 /* Permset type methods */
1488 static PyMethodDef Permset_methods[] = {
1489 {"clear", Permset_clear, METH_NOARGS, __Permset_clear_doc__, },
1490 {"add", Permset_add, METH_VARARGS, __Permset_add_doc__, },
1491 {"delete", Permset_delete, METH_VARARGS, __Permset_delete_doc__, },
1492 {"test", Permset_test, METH_VARARGS, __Permset_test_doc__, },
1493 {NULL, NULL, 0, NULL}
1496 static char __Permset_execute_doc__[] =
1497 "Execute permission property\n"
1499 "This is a convenience method of retrieving and setting the execute\n"
1500 "permission in the permission set; the \n"
1501 "same effect can be achieved using the functions\n"
1502 "add(), test(), delete(), and those can take any \n"
1503 "permission defined by your platform.\n"
1506 static char __Permset_read_doc__[] =
1507 "Read permission property\n"
1509 "This is a convenience method of retrieving and setting the read\n"
1510 "permission in the permission set; the \n"
1511 "same effect can be achieved using the functions\n"
1512 "add(), test(), delete(), and those can take any \n"
1513 "permission defined by your platform.\n"
1516 static char __Permset_write_doc__[] =
1517 "Write permission property\n"
1519 "This is a convenience method of retrieving and setting the write\n"
1520 "permission in the permission set; the \n"
1521 "same effect can be achieved using the functions\n"
1522 "add(), test(), delete(), and those can take any \n"
1523 "permission defined by your platform.\n"
1526 /* Permset getset */
1527 static PyGetSetDef Permset_getsets[] = {
1528 {"execute", Permset_get_right, Permset_set_right,
1529 __Permset_execute_doc__, &holder_ACL_EXECUTE},
1530 {"read", Permset_get_right, Permset_set_right,
1531 __Permset_read_doc__, &holder_ACL_READ},
1532 {"write", Permset_get_right, Permset_set_right,
1533 __Permset_write_doc__, &holder_ACL_WRITE},
1537 static char __Permset_Type_doc__[] =
1538 "Type which represents the permission set in an ACL entry\n"
1540 "The type exists only if the OS has full support for POSIX.1e\n"
1541 "Can be retrieved either by:\n\n"
1542 ">>> perms = myEntry.permset\n"
1545 ">>> perms = posix1e.Permset(myEntry)\n"
1547 "Note that the Permset keeps a reference to its Entry, so even if \n"
1548 "you delete the entry, it won't be cleaned up and will continue to \n"
1549 "exist until its Permset will be deleted.\n"
1552 /* The definition of the Permset Type */
1553 static PyTypeObject Permset_Type = {
1554 PyVarObject_HEAD_INIT(NULL, 0)
1556 sizeof(Permset_Object),
1558 Permset_dealloc, /* tp_dealloc */
1564 0, /* tp_as_number */
1565 0, /* tp_as_sequence */
1566 0, /* tp_as_mapping */
1569 Permset_str, /* tp_str */
1570 0, /* tp_getattro */
1571 0, /* tp_setattro */
1572 0, /* tp_as_buffer */
1573 Py_TPFLAGS_DEFAULT, /* tp_flags */
1574 __Permset_Type_doc__,/* tp_doc */
1575 0, /* tp_traverse */
1577 0, /* tp_richcompare */
1578 0, /* tp_weaklistoffset */
1580 0, /* tp_iternext */
1581 Permset_methods, /* tp_methods */
1583 Permset_getsets, /* tp_getset */
1586 0, /* tp_descr_get */
1587 0, /* tp_descr_set */
1588 0, /* tp_dictoffset */
1589 Permset_init, /* tp_init */
1591 Permset_new, /* tp_new */
1596 /* Module methods */
1598 static char __deletedef_doc__[] =
1599 "delete_default(path)\n"
1600 "Delete the default ACL from a directory.\n"
1602 "This function deletes the default ACL associated with\n"
1603 "a directory (the ACL which will be ANDed with the mode\n"
1604 "parameter to the open, creat functions).\n"
1606 ":param string path: the directory whose default ACL should be deleted\n"
1609 /* Deletes the default ACL from a directory */
1610 static PyObject* aclmodule_delete_default(PyObject* obj, PyObject* args) {
1613 /* Parse the arguments */
1614 if (!PyArg_ParseTuple(args, "et", NULL, &filename))
1617 if(acl_delete_def_file(filename) == -1) {
1618 return PyErr_SetFromErrnoWithFilename(PyExc_IOError, filename);
1625 static char __has_extended_doc__[] =
1626 "has_extended(item)\n"
1627 "Check if a file or file handle has an extended ACL.\n"
1629 ":param item: either a file name or a file-like object or an integer;\n"
1630 " it represents the file-system object on which to act\n"
1633 /* Check for extended ACL a file or fd */
1634 static PyObject* aclmodule_has_extended(PyObject* obj, PyObject* args) {
1635 PyObject *item, *tmp;
1639 if (!PyArg_ParseTuple(args, "O", &item))
1642 if((fd = PyObject_AsFileDescriptor(item)) != -1) {
1643 if((nret = acl_extended_fd(fd)) == -1) {
1644 PyErr_SetFromErrno(PyExc_IOError);
1647 // PyObject_AsFileDescriptor sets an error when failing, so clear
1648 // it such that further code works; some method lookups fail if an
1649 // error already occured when called, which breaks at least
1650 // PyOS_FSPath (called by FSConverter).
1652 if(PyUnicode_FSConverter(item, &tmp)) {
1653 char *filename = PyBytes_AS_STRING(tmp);
1654 if ((nret = acl_extended_file(filename)) == -1) {
1655 PyErr_SetFromErrnoWithFilename(PyExc_IOError, filename);
1666 return PyBool_FromLong(nret);
1671 /* The module methods */
1672 static PyMethodDef aclmodule_methods[] = {
1673 {"delete_default", aclmodule_delete_default, METH_VARARGS,
1676 {"has_extended", aclmodule_has_extended, METH_VARARGS,
1677 __has_extended_doc__},
1679 {NULL, NULL, 0, NULL}
1682 static char __posix1e_doc__[] =
1683 "POSIX.1e ACLs manipulation\n"
1684 "==========================\n"
1686 "This module provides support for manipulating POSIX.1e ACLS\n"
1688 "Depending on the operating system support for POSIX.1e, \n"
1689 "the ACL type will have more or less capabilities:\n\n"
1690 " - level 1, only basic support, you can create\n"
1691 " ACLs from files and text descriptions;\n"
1692 " once created, the type is immutable\n"
1693 " - level 2, complete support, you can alter\n"
1694 " the ACL once it is created\n"
1696 "Also, in level 2, more types are available, corresponding\n"
1697 "to acl_entry_t (the Entry type), acl_permset_t (the Permset type).\n"
1699 "The existence of level 2 support and other extensions can be\n"
1700 "checked by the constants:\n\n"
1701 " - :py:data:`HAS_ACL_ENTRY` for level 2 and the Entry/Permset classes\n"
1702 " - :py:data:`HAS_ACL_FROM_MODE` for ``ACL(mode=...)`` usage\n"
1703 " - :py:data:`HAS_ACL_CHECK` for the :py:func:`ACL.check` function\n"
1704 " - :py:data:`HAS_EXTENDED_CHECK` for the module-level\n"
1705 " :py:func:`has_extended` function\n"
1706 " - :py:data:`HAS_EQUIV_MODE` for the :py:func:`ACL.equiv_mode` method\n"
1707 " - :py:data:`HAS_COPY_EXT` for the :py:func:`ACL.__getstate__` and\n"
1708 " :py:func:`ACL.__setstate__` functions (pickle protocol)\n"
1712 ">>> import posix1e\n"
1713 ">>> acl1 = posix1e.ACL(file=\"file.txt\") \n"
1719 ">>> b = posix1e.ACL(text=\"u::rx,g::-,o::-\")\n"
1725 ">>> b.applyto(\"file.txt\")\n"
1726 ">>> print posix1e.ACL(file=\"file.txt\")\n"
1732 ".. py:data:: ACL_USER\n\n"
1733 " Denotes a specific user entry in an ACL.\n"
1735 ".. py:data:: ACL_USER_OBJ\n\n"
1736 " Denotes the user owner entry in an ACL.\n"
1738 ".. py:data:: ACL_GROUP\n\n"
1739 " Denotes the a group entry in an ACL.\n"
1741 ".. py:data:: ACL_GROUP_OBJ\n\n"
1742 " Denotes the group owner entry in an ACL.\n"
1744 ".. py:data:: ACL_OTHER\n\n"
1745 " Denotes the 'others' entry in an ACL.\n"
1747 ".. py:data:: ACL_MASK\n\n"
1748 " Denotes the mask entry in an ACL, representing the maximum\n"
1749 " access granted other users, the owner group and other groups.\n"
1751 ".. py:data:: ACL_UNDEFINED_TAG\n\n"
1752 " An undefined tag in an ACL.\n"
1754 ".. py:data:: ACL_READ\n\n"
1755 " Read permission in a permission set.\n"
1757 ".. py:data:: ACL_WRITE\n\n"
1758 " Write permission in a permission set.\n"
1760 ".. py:data:: ACL_EXECUTE\n\n"
1761 " Execute permission in a permission set.\n"
1763 ".. py:data:: HAS_ACL_ENTRY\n\n"
1764 " denotes support for level 2 and the Entry/Permset classes\n"
1766 ".. py:data:: HAS_ACL_FROM_MODE\n\n"
1767 " denotes support for building an ACL from an octal mode\n"
1769 ".. py:data:: HAS_ACL_CHECK\n\n"
1770 " denotes support for extended checks of an ACL's validity\n"
1772 ".. py:data:: HAS_EXTENDED_CHECK\n\n"
1773 " denotes support for checking whether an ACL is basic or extended\n"
1775 ".. py:data:: HAS_EQUIV_MODE\n\n"
1776 " denotes support for the equiv_mode function\n"
1778 ".. py:data:: HAS_COPY_EXT\n\n"
1779 " denotes support for __getstate__()/__setstate__() on an ACL\n"
1783 static struct PyModuleDef posix1emodule = {
1784 PyModuleDef_HEAD_INIT,
1792 PyInit_posix1e(void)
1796 if(PyType_Ready(&ACL_Type) < 0)
1800 if(PyType_Ready(&Entry_Type) < 0)
1803 if(PyType_Ready(&Permset_Type) < 0)
1807 m = PyModule_Create(&posix1emodule);
1811 d = PyModule_GetDict(m);
1815 Py_INCREF(&ACL_Type);
1816 if (PyDict_SetItemString(d, "ACL",
1817 (PyObject *) &ACL_Type) < 0)
1820 /* 23.3.6 acl_type_t values */
1821 PyModule_AddIntConstant(m, "ACL_TYPE_ACCESS", ACL_TYPE_ACCESS);
1822 PyModule_AddIntConstant(m, "ACL_TYPE_DEFAULT", ACL_TYPE_DEFAULT);
1826 Py_INCREF(&Entry_Type);
1827 if (PyDict_SetItemString(d, "Entry",
1828 (PyObject *) &Entry_Type) < 0)
1831 Py_INCREF(&Permset_Type);
1832 if (PyDict_SetItemString(d, "Permset",
1833 (PyObject *) &Permset_Type) < 0)
1836 /* 23.2.2 acl_perm_t values */
1837 PyModule_AddIntConstant(m, "ACL_READ", ACL_READ);
1838 PyModule_AddIntConstant(m, "ACL_WRITE", ACL_WRITE);
1839 PyModule_AddIntConstant(m, "ACL_EXECUTE", ACL_EXECUTE);
1841 /* 23.2.5 acl_tag_t values */
1842 PyModule_AddIntConstant(m, "ACL_UNDEFINED_TAG", ACL_UNDEFINED_TAG);
1843 PyModule_AddIntConstant(m, "ACL_USER_OBJ", ACL_USER_OBJ);
1844 PyModule_AddIntConstant(m, "ACL_USER", ACL_USER);
1845 PyModule_AddIntConstant(m, "ACL_GROUP_OBJ", ACL_GROUP_OBJ);
1846 PyModule_AddIntConstant(m, "ACL_GROUP", ACL_GROUP);
1847 PyModule_AddIntConstant(m, "ACL_MASK", ACL_MASK);
1848 PyModule_AddIntConstant(m, "ACL_OTHER", ACL_OTHER);
1850 /* Document extended functionality via easy-to-use constants */
1851 PyModule_AddIntConstant(m, "HAS_ACL_ENTRY", 1);
1853 PyModule_AddIntConstant(m, "HAS_ACL_ENTRY", 0);
1857 /* Linux libacl specific acl_to_any_text constants */
1858 PyModule_AddIntConstant(m, "TEXT_ABBREVIATE", TEXT_ABBREVIATE);
1859 PyModule_AddIntConstant(m, "TEXT_NUMERIC_IDS", TEXT_NUMERIC_IDS);
1860 PyModule_AddIntConstant(m, "TEXT_SOME_EFFECTIVE", TEXT_SOME_EFFECTIVE);
1861 PyModule_AddIntConstant(m, "TEXT_ALL_EFFECTIVE", TEXT_ALL_EFFECTIVE);
1862 PyModule_AddIntConstant(m, "TEXT_SMART_INDENT", TEXT_SMART_INDENT);
1864 /* Linux libacl specific acl_check constants */
1865 PyModule_AddIntConstant(m, "ACL_MULTI_ERROR", ACL_MULTI_ERROR);
1866 PyModule_AddIntConstant(m, "ACL_DUPLICATE_ERROR", ACL_DUPLICATE_ERROR);
1867 PyModule_AddIntConstant(m, "ACL_MISS_ERROR", ACL_MISS_ERROR);
1868 PyModule_AddIntConstant(m, "ACL_ENTRY_ERROR", ACL_ENTRY_ERROR);
1870 #define LINUX_EXT_VAL 1
1872 #define LINUX_EXT_VAL 0
1874 /* declare the Linux extensions */
1875 PyModule_AddIntConstant(m, "HAS_ACL_FROM_MODE", LINUX_EXT_VAL);
1876 PyModule_AddIntConstant(m, "HAS_ACL_CHECK", LINUX_EXT_VAL);
1877 PyModule_AddIntConstant(m, "HAS_EXTENDED_CHECK", LINUX_EXT_VAL);
1878 PyModule_AddIntConstant(m, "HAS_EQUIV_MODE", LINUX_EXT_VAL);
1880 PyModule_AddIntConstant(m, "HAS_COPY_EXT",
1881 #ifdef HAVE_ACL_COPY_EXT
projects / debian-pylibacl.git / blob